yonote
/
onprem-deploy
19
0
Fork 0
Code Pull Requests Releases Activity

Compare commits

merge into: yonote:mono
Branches Tags
yonote:main
yonote:mono
yonote:hotfix-websocket-minio
...
pull from: yonote:main
Branches Tags
yonote:main
yonote:mono
yonote:hotfix-websocket-minio

1 Commits
mono ... main

Author SHA1 Message Date
artem.drozdov f3f0c36b6b remove mono 2024-10-07 13:56:01 +03:00
11 changed files with 1 additions and 828 deletions
Show Stats Expand all files Collapse all files

2
README.md
View File

@ -4,7 +4,7 @@
Этот Helm chart позволяет развернуть **Yonote** в Kubernetes. Он предоставляет быстрый и простой способ установки, настройки и управления приложением с помощью Helm.
В нашем проекте используются два подхода для управления сервисами с помощью Helm chart'ов: "mono" и "service". В варианте "mono" все сервисы запускаются в одном pod'е, что позволяет снизить использование ресурсов. В подходе "service" каждый сервис запускается в отдельном pod'е, что улучшает отказоустойчивость и стабильность системы, но требует больше ресурсов.
Мы запускаем сервисы Yonote в отдельных подах, что улучшает отказоустойчивость и стабильность системы. Такой подход позволяет каждому сервису иметь свою собственную среду выполнения и управлять ресурсами более эффективно.
## Требования

18
yonote-chart-mono/Chart.lock
View File

@ -1,18 +0,0 @@
dependencies:
- name: app
repository: https://dysnix.github.io/charts
version: 0.3.15
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.6.6
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 16.12.1
- name: minio
repository: https://charts.bitnami.com/bitnami
version: 12.7.0
- name: keycloak
repository: https://charts.bitnami.com/bitnami
version: 14.0.0
digest: sha256:b12099844193a7a06a5d15b80774592b1cf73af191b654154a9c7a6e8d51a2e0
generated: "2024-08-25T04:02:50.20628049+03:00"

40
yonote-chart-mono/Chart.yaml
View File

@ -1,40 +0,0 @@
apiVersion: v2
name: yonote-chart
version: 1.2.0
description:
Generic application Helm chart.
This chart includes multiple dependencies. The base of this chart is derived from the Dynix app chart.
maintainers:
- name: Dysnix
email: support@dysnix.com
url: https://github.com/dysnix/charts/tree/main/dysnix/app
dependencies:
- name: app
version: "0.3.15"
repository: https://dysnix.github.io/charts
alias: yonote-web
- name: postgresql
version: "11.6.6"
repository: https://charts.bitnami.com/bitnami
condition: yonoteDatabase.enabled
alias: yonoteDatabase
- name: redis
version: "16.12.1"
repository: https://charts.bitnami.com/bitnami
condition: yonote-redis.enabled
alias: yonote-redis
- name: minio
version: "12.7.0"
repository: https://charts.bitnami.com/bitnami
condition: minio.enabled
alias: minio
- name: keycloak
version: "14.0.0"
repository: https://charts.bitnami.com/bitnami
condition: keycloak.enabled
alias: keycloak

45
yonote-chart-mono/secret-values.yaml
View File

@ -1,45 +0,0 @@
global:
yonote:
config:
secret:
stringData:
DATABASE_URL: 'postgres://{{ .Values.yonoteDatabase.global.postgresql.auth.username }}:{{ .Values.yonoteDatabase.global.postgresql.auth.password }}@yonote-database:5432/{{ .Values.yonoteDatabase.global.postgresql.auth.database }}'
POSTGRES_PASSWORD: "{{ .Values.yonoteDatabase.global.postgresql.auth.password }}"
AWS_ACCESS_KEY_ID: "{{ .Values.minio.auth.rootUser }}" # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу
AWS_SECRET_ACCESS_KEY: "{{ .Values.minio.auth.rootPassword }}" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу
OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC).
SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения.
SMTP_PASSWORD: "1234"
UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это.
TELEGRAM_BOT_TOKEN: "1234"
UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE"
LICENSE_KEY: "qwerty-123456-zxcvb" # Обратитесь в отдел продаж для получения
SERVICE_WORKER_PUBLIC_KEY: "1234"
SERVICE_WORKER_PRIVATE_KEY: "1234"
# Генерация ключей (web-push) Service Worker
# 1) Установить Node.js и npm
# 2) Выполнить команду для генерации ключей
# npx web-push generate-vapid-keys
# 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY)
yonoteDatabase:
global:
postgresql:
auth:
password: "wsGZ6kXhr5"
postgresPassword: "QQYw4UjOU"
# yonote-redis: # Если используете пароль для redis
# auth:
# password: "12345678"
minio:
auth:
rootPassword: "12345678"
keycloak:
auth:
adminPassword: "root"
postgresql:
auth:
password: "tT9BqYdNyd"

10
yonote-chart-mono/templates/configmap.yaml
View File

@ -1,10 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: yonote-configs
labels:
{{- include "common.labels.standard" $ | nindent 4 }}
{{- with .Values.global.yonote.config.plain.data }}
data:
{{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 2 }}
{{- end }}

69
yonote-chart-mono/templates/cronjob.yaml
View File

@ -1,69 +0,0 @@
{{- if eq ($.Values.global.yonote_cron_calendar_events.cron_enabled | toString) "true" }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: cron-calendar-events
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: cron-calendar-events
image: curlimages/curl
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: yonote-secrets
command:
- /bin/sh
- -c
- >-
date;
curl
-X POST
{{ .Values.global.yonote_cron_calendar_events.url }}
-H "Content-Type: application/json"
-d '
{
"token": "$(UTILS_SECRET)"
}
'
restartPolicy: OnFailure
{{- end }}
---
{{- if eq ($.Values.global.yonote_cron_task_scheduler.cron_enabled | toString) "true" }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: cron-task-scheduler
spec:
schedule: "0 */1 * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: cron-task-scheduler
image: curlimages/curl
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
name: yonote-secrets
command:
- /bin/sh
- -c
- >-
date;
curl
-X POST
{{ .Values.global.yonote_cron_task_scheduler.url }}
-H "Content-Type: application/json"
-d '
{
"token":"$(UTILS_SECRET)", "limit":"200"
}
'
restartPolicy: OnFailure
{{- end }}

34
yonote-chart-mono/templates/ingress.yaml
View File

@ -1,34 +0,0 @@
{{- if .Values.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.ingress.name }}
namespace: {{ .Values.ingress.namespace }}
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: "{{ $value }}"
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.ingressClassName }}
tls:
- secretName: "{{ .Values.ingress.tls.secretName }}"
hosts:
{{- range .Values.ingress.tls.hosts }}
- "{{ . }}"
{{- end }}
rules:
{{- range .Values.ingress.rules }}
- host: "{{ .host }}"
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
service:
name: {{ .service.name }}
port:
number: {{ .service.port | int }}
{{- end }}
{{- end }}
{{- end }}

39
yonote-chart-mono/templates/mcJob.yaml
View File

@ -1,39 +0,0 @@
{{- if .Values.mcJob.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
name: yonote-minio-mc-job
labels:
app: yonote-minio
spec:
template:
metadata:
labels:
app: yonote-minio
spec:
containers:
- name: mc-client
image: "docker.io/bitnami/minio-client:2024.8.13-debian-12-r0"
command: ["/bin/sh", "-c"]
args:
- |
until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.auth.rootUser }} {{ .Values.minio.auth.rootPassword }}; do
echo "Waiting for MinIO to be ready..."
sleep 5
done
if ! mc ls myminio/yonote-bucket; then
mc mb myminio/yonote-bucket
else
echo "Bucket yonote-bucket already exists."
fi
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
restartPolicy: OnFailure
backoffLimit: 5
ttlSecondsAfterFinished: 100
{{- end }}

169
yonote-chart-mono/templates/realm-configmap.yaml
View File

@ -1,169 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: realm-export
data:
realm-export.json: |
{
"realm": "yonote",
"enabled": true,
"notBefore": 1647809856,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"oauth2DeviceCodeLifespan": 600,
"oauth2DevicePollingInterval": 5,
"sslRequired": "external",
"registrationAllowed": true,
"registrationEmailAsUsername": true,
"rememberMe": true,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": true,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"clients": [
{
"clientId": "{{ .Values.global.yonote.config.plain.data.OIDC_CLIENT_ID }}",
"secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}",
"redirectUris": [
"https://*.{{ .Values.global.yonote.baseListenAddress }}/*",
"http://*.{{ .Values.global.yonote.baseListenAddress }}/*",
"http://app.{{ .Values.global.yonote.baseListenAddress }}/*",
"https://app.{{ .Values.global.yonote.baseListenAddress }}/*",
"https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*"
],
"baseUrl": "https://app.{{ .Values.global.yonote.baseListenAddress }}",
"enabled": true,
"publicClient": false,
"protocol": "openid-connect",
"attributes": {
"client.secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}",
"display.on.consent.screen": "true"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"protocolMappers": [
{
"name": "oidc-display-name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": ["openid", "email"]
}
],
"identityProviders": [],
"internationalizationEnabled": true,
"clientScopes": [
{
"name": "openid",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}"
},
"protocolMappers": []
},
{
"name": "email",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "56fe6d23-690a-465c-bc36-99bff8fef6eb",
"name": "email verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "emailVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email_verified",
"jsonType.label": "boolean"
}
},
{
"id": "2c6acd0e-b776-48f5-9c3b-7bfdbbe712dc",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
}
]
}
],
"browserSecurityHeaders": {
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';"
},
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": ["ES256"],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyAcceptableAaguids": [],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"],
"webAuthnPolicyPasswordlessRpId": "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
"smtpServer": {}
}

14
yonote-chart-mono/templates/secret.yaml
View File

@ -1,14 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: yonote-secrets
labels:
{{- include "common.labels.standard" $ | nindent 4 }}
type: Opaque
{{- with .Values.global.yonote.config.secret.data }}
data:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- with .Values.global.yonote.config.secret.stringData }}
stringData: {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 2 }}
{{- end }}

389
yonote-chart-mono/values.yaml
View File

@ -1,389 +0,0 @@
global:
name: yonote-app
yonote:
dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production`
baseListenAddress: example.com # Доменный адрес для yonote
config:
plain:
data:
NODE_ENV: production
FORCE_HTTPS: "false"
PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL
WEB_CONCURRENCY: "1"
BIND_HOST: 0.0.0.0 # Хост по умолчанию
PORT: "3000" # Порт по умолчанию
REDIS_URL: redis://yonote-redis-master:6379
DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию
ENABLE_UPDATES: "false"
AI_URL: "1234"
AI_API_KEY: "1234"
URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
OIDC_DISPLAY_NAME: email
OIDC_SCOPES: openid email
OIDC_CLIENT_ID: yonote
OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему.
OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода.
OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены
OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена.
AWS_S3_ACL: private
AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища
AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища
AWS_REGION: "ru_RU"
AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища
AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3
S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean
S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах.
SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд
BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста
NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены
TELEGRAM_API_URL: https://api.telegram.org
UNSPLASH_API_BASENAME: https://api.unsplash.com
RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4
SMTP_HOST: ""
SMTP_USERNAME: ""
SMTP_FROM_EMAIL: ""
SMTP_REPLY_EMAIL: ""
SMTP_PORT: ""
SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/
SMTP_REQUIRE_TLS: ""
yonote_cron_calendar_events:
cron_enabled: "true"
url: http://yonote-web/api/cron.calendar_events
yonote_cron_task_scheduler:
cron_enabled: "true"
url: http://yonote-web/api/cron.schedule
yonote-web:
fullnameOverride: yonote-web
nameOverride: yonote-web
name: web
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.5
pullPolicy: IfNotPresent
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 250m
memory: 256Mi
ingress:
enabled: true
name: yonote-ingress
namespace: yonote-onprem
ingressClassName: nginx
tls:
- secretName: "you_tls_secret"
hosts:
- "app.example.com"
- "team.example.com"
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/server-snippets: |
location /realtime {
proxy_set_header Upgrade $http_upgrade;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header Connection "upgrade";
proxy_cache_bypass $http_upgrade;
}
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Host $http_host";
more_set_headers "X-Real-IP $remote_addr";
more_set_headers "X-Forwarded-Proto $scheme";
more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
cert-manager.io/cluster-issuer: ""
rules:
- host: "app.example.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: yonote-web
port:
number: 80
- path: /realtime
pathType: Prefix
backend:
service:
name: yonote-websockets
port:
number: 80
- path: /whiteboard
pathType: Prefix
backend:
service:
name: yonote-whiteboard
port:
number: 80
- path: /collaboration
pathType: Prefix
backend:
service:
name: yonote-collaboration
port:
number: 80
- host: "team.example.com"
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: yonote-web
port:
number: 80
- path: /realtime
pathType: Prefix
backend:
service:
name: yonote-websockets
port:
number: 80
- path: /whiteboard
pathType: Prefix
backend:
service:
name: yonote-whiteboard
port:
number: 80
- path: /collaboration
pathType: Prefix
backend:
service:
name: yonote-collaboration
port:
number: 80
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonoteDatabase:
enabled: true
global:
postgresql:
auth:
database: "yonote"
username: "yonote"
name: yonote-database
fullnameOverride: yonote-database
nameOverride: yonote-database
primary:
persistence:
size: 500Mi
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 50m
memory: 256Mi
yonote-redis:
enabled: true
fullnameOverride: yonote-redis
nameOverride: redis
architecture: standalone
auth:
enabled: false
master:
persistence:
size: 200Mi
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
minio:
enabled: true
name: minio
fullnameOverride: yonote-minio
nameOverride: yonote-minio
auth:
rootUser: admin
persistence:
enabled: true
size: 500Mi
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Host $http_host";
more_set_headers "X-Real-IP $remote_addr";
more_set_headers "X-Forwarded-Proto $scheme";
more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
hosts:
- host: s3.example.com
paths:
- path: /
pathType: ImplementationSpecific
resources:
requests:
memory: 512Mi
cpu: 250m
limits:
memory: 1Gi
cpu: 500m
buckets:
- name: yonote-bucket
policy: none
mcJob:
enabled: true
keycloak:
auth:
adminUser: root
fullnameOverride: yonote-keycloak
nameOverride: yonote-keycloak
command:
- /bin/bash
- -c
- |
/opt/bitnami/keycloak/bin/kc.sh import --file=/opt/bitnami/keycloak/data/import/realm-export.json && \
/opt/bitnami/keycloak/bin/kc.sh start-dev
extraEnvVars:
- name: KC_DB_PASSWORD
value: "tT9BqYdNyd"
- name: KEYCLOAK_PRODUCTION
value: "true"
- name: KC_HOSTNAME_URL
value: "https://auth.example.com"
- name: KC_HOSTNAME_ADMIN_URL
value: "https://auth.example.com"
extraVolumes:
- name: realm-export
configMap:
name: realm-export
extraVolumeMounts:
- name: realm-export
mountPath: /opt/bitnami/keycloak/data/import/realm-export.json
subPath: realm-export.json
ingress:
enabled: true
hostname: auth.example.com
ingressClassName: traefik
tls: true
annotations:
kubernetes.io/ingress.class: traefik
# cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
extraTls:
- hosts:
- "auth.example.com"
secretName: "you_tls_secret"
rules:
- host: "auth.example.com"
paths:
- path: /
pathType: Prefix
service:
name: yonote-keycloak
port: http
- path: /admin
pathType: Prefix
service:
name: yonote-keycloak
port: http
proxy: "edge"
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 150m
memory: 128Mi
postgresql:
enabled: true
auth:
database: keycloak
username: keycloak
name: keycloak-database
fullnameOverride: keycloak-database
nameOverride: keycloak-database
primary:
persistence:
size: 512Mi