From 4630d8dd020d3f6c021a88d535944b97c9930585 Mon Sep 17 00:00:00 2001 From: "artem.drozdov" Date: Thu, 8 Aug 2024 13:48:31 +0300 Subject: [PATCH 1/4] update --- yonote-chart/values.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/yonote-chart/values.yaml b/yonote-chart/values.yaml index a183892..4ea3593 100644 --- a/yonote-chart/values.yaml +++ b/yonote-chart/values.yaml @@ -89,7 +89,7 @@ yonote-web: pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] - args: ['yarn start:selfhosted --services=web'] + args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=web'] initContainers: - name: yonote-migration @@ -184,7 +184,7 @@ yonote-websocket: pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] - args: ['yarn start:selfhosted --services=websockets'] + args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=websockets'] resources: limits: @@ -264,7 +264,7 @@ yonote-whiteboard: pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] - args: ['yarn start:selfhosted --services=whiteboard'] + args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=whiteboard'] resources: limits: @@ -344,7 +344,7 @@ yonote-worker: pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] - args: ['yarn start:selfhosted --services=worker'] + args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=worker'] resources: limits: @@ -413,7 +413,7 @@ yonote-collaboration: pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] - args: ['yarn start:selfhosted --services=collaboration'] + args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=collaboration'] checksums: null -- 2.40.1 From 2b16b7af4aff397651f67640c3fc3824587998ee Mon Sep 17 00:00:00 2001 From: "artem.drozdov" Date: Fri, 9 Aug 2024 13:47:23 +0300 Subject: [PATCH 2/4] update --- yonote-chart/secret-values.yaml | 4 +- yonote-chart/templates/ingress.yaml | 30 +++ ...fic-http-to-https-redirect-middleware.yaml | 2 +- .../traefik-wss-headers-middleware.yaml | 2 +- yonote-chart/values.yaml | 218 +++++++++++++----- 5 files changed, 192 insertions(+), 64 deletions(-) create mode 100644 yonote-chart/templates/ingress.yaml rename traefic-http-to-https-redirect-middleware.yaml => yonote-chart/traefic-http-to-https-redirect-middleware.yaml (81%) rename traefik-wss-headers-middleware.yaml => yonote-chart/traefik-wss-headers-middleware.yaml (82%) diff --git a/yonote-chart/secret-values.yaml b/yonote-chart/secret-values.yaml index c21f90f..4d73ce3 100644 --- a/yonote-chart/secret-values.yaml +++ b/yonote-chart/secret-values.yaml @@ -7,13 +7,13 @@ global: POSTGRES_PASSWORD: wsGZ6kXhr5 AWS_ACCESS_KEY_ID: "" # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу AWS_SECRET_ACCESS_KEY: "minioadmin" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу - OIDC_CLIENT_SECRET: "minioadminsecret" + OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения. SMTP_PASSWORD: "1234" UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. TELEGRAM_BOT_TOKEN: "1234" UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" - LICENSE_KEY: "" # Обратитесь в отдел продаж для получения + LICENSE_KEY: "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJkdW1teSI6ImRhdGEiLCJkYXRhIjoiZHVtbXkiLCJpYXQiOjE2NjQ4OTUyNjUsImV4cCI6MTgyMjY4MzI2NX0.Qudc2d-MKc4DT-UBAVydgowiYQnzzWolvbJTjPB5dwEI32Wb64sgkXOfXKsRf9_wP3UK0-65QYVkMHM76ImhM9HCHv9LWJBQeD0q2rF243cMkMUNfKXAX8-SmLu9kMZzm0fL02IBnv5TCHIF7u6GgGRk3US6WbVhzqHGxrdJ2b3HwD_cI3mcLKCtTfO_GDiUfAv7u5Ddi-6tCfFRvH633BLPKIMO5cePh_AdHykO_2p7z_ypUfsVgqxHkq8KwNuuaI6CpwE48P-7mXuM9xEWu3-prSZpaI4rIZA6JFpGMWyiGs4GDvjRFssq4GUPvYJnkZ2w_W_liSMdC5hg0PFxcw" # Обратитесь в отдел продаж для получения SERVICE_WORKER_PUBLIC_KEY: "1234" SERVICE_WORKER_PRIVATE_KEY: "1234" # Генерация ключей (web-push) Service Worker diff --git a/yonote-chart/templates/ingress.yaml b/yonote-chart/templates/ingress.yaml new file mode 100644 index 0000000..74ee4aa --- /dev/null +++ b/yonote-chart/templates/ingress.yaml @@ -0,0 +1,30 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Values.ingress.name }} + namespace: {{ .Values.ingress.namespace }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: "{{ $value }}" + {{- end }} +spec: + ingressClassName: {{ .Values.ingress.ingressClassName }} + tls: + - secretName: "{{ .Values.ingress.tls.secretName }}" + hosts: + {{- range .Values.ingress.tls.hosts }} + - "{{ . }}" + {{- end }} + rules: + - host: "{{ .Values.ingress.hostname }}" + http: + paths: + {{- range .Values.ingress.rules.paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ .service.name }} + port: + number: {{ .service.port | int }} + {{- end }} \ No newline at end of file diff --git a/traefic-http-to-https-redirect-middleware.yaml b/yonote-chart/traefic-http-to-https-redirect-middleware.yaml similarity index 81% rename from traefic-http-to-https-redirect-middleware.yaml rename to yonote-chart/traefic-http-to-https-redirect-middleware.yaml index 93c470f..f1129b1 100644 --- a/traefic-http-to-https-redirect-middleware.yaml +++ b/yonote-chart/traefic-http-to-https-redirect-middleware.yaml @@ -2,7 +2,7 @@ apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: - name: redirect-https + name: yonote-onprem-redirect-https spec: redirectScheme: scheme: https diff --git a/traefik-wss-headers-middleware.yaml b/yonote-chart/traefik-wss-headers-middleware.yaml similarity index 82% rename from traefik-wss-headers-middleware.yaml rename to yonote-chart/traefik-wss-headers-middleware.yaml index c8fc1bd..e70cfc2 100644 --- a/traefik-wss-headers-middleware.yaml +++ b/yonote-chart/traefik-wss-headers-middleware.yaml @@ -2,7 +2,7 @@ apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: - name: wss-headers + name: yonote-onprem-wss-headers spec: headers: customRequestHeaders: diff --git a/yonote-chart/values.yaml b/yonote-chart/values.yaml index 4ea3593..dbf92b2 100644 --- a/yonote-chart/values.yaml +++ b/yonote-chart/values.yaml @@ -6,12 +6,12 @@ global: username: yonote yonote: - ingress: - ingressClassName: nginx + # ingress: + # ingressClassName: traefik dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` - baseListenAddress: example.com + baseListenAddress: onprem-test.stands.wilix.dev config: plain: @@ -30,17 +30,18 @@ global: AI_URL: "1234" AI_API_KEY: "1234" + WEB_CONCURRENCY: "1" - URL: 'http://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения + URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать OIDC_DISPLAY_NAME: email OIDC_SCOPES: openid email - OIDC_CLIENT_ID: yonote - OIDC_AUTH_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/auth' - OIDC_LOGOUT_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/logout' - OIDC_TOKEN_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/token' - OIDC_USERINFO_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/userinfo' + OIDC_CLIENT_ID: yonote-local + OIDC_AUTH_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/auth' + OIDC_LOGOUT_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/logout' + OIDC_TOKEN_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/token' + OIDC_USERINFO_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/userinfo' AWS_S3_ACL: private AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища @@ -77,6 +78,61 @@ global: cron_enabled: "true" url: http://yonote-web/api/cron.schedule + # ingress: + # enabled: true + # hostname: 'app.onprem-test.stands.wilix.dev' + # ingressClassName: traefik + # path: '/' + # pathType: Prefix + # annotations: + # cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev + # traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd' + # # nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + # # nginx.ingress.kubernetes.io/configuration-snippet: | + # # more_set_headers "Host $http_host"; + # # more_set_headers "X-Real-IP $remote_addr"; + # # more_set_headers "X-Forwarded-Proto $scheme"; + # # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + # extraTls: + # - hosts: + # - "app.onprem-test.stands.wilix.dev" + # secretName: "app.onprem-test.stands.wilix.dev" +ingress: + enabled: true + name: yonote-ingress + namespace: yonote-onprem + ingressClassName: traefik + hostname: 'app.onprem-test.stands.wilix.dev' + tls: + secretName: "app.onprem-test.stands.wilix.dev" + hosts: + - "app.onprem-test.stands.wilix.dev" + rules: + paths: + - path: / + pathType: Prefix + service: + name: yonote-web + port: 80 + - path: /realtime + pathType: Prefix + service: + name: yonote-websockets + port: 80 + - path: /whiteboard + pathType: Prefix + service: + name: yonote-whiteboard + port: 80 + - path: /collaboration + pathType: Prefix + service: + name: yonote-collaboration + port: 80 + annotations: + cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev + traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd' + yonote-web: fullnameOverride: yonote-web nameOverride: yonote-web @@ -110,8 +166,8 @@ yonote-web: resources: limits: - cpu: 350m - memory: 512Mi + cpu: 1 + memory: 1Gi requests: cpu: 200m memory: 128Mi @@ -132,16 +188,25 @@ yonote-web: - secretRef: name: yonote-secrets - ingress: - hostname: '"*.example.com"' - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Host $http_host"; - more_set_headers "X-Real-IP $remote_addr"; - more_set_headers "X-Forwarded-Proto $scheme"; - more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + # ingress: + # enabled: true + # hostname: 'app.onprem-test.stands.wilix.dev' + # ingressClassName: traefik + # path: '/' + # pathType: Prefix + # annotations: + # cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev + # traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd' + # # nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + # # nginx.ingress.kubernetes.io/configuration-snippet: | + # # more_set_headers "Host $http_host"; + # # more_set_headers "X-Real-IP $remote_addr"; + # # more_set_headers "X-Forwarded-Proto $scheme"; + # # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + # extraTls: + # - hosts: + # - "app.onprem-test.stands.wilix.dev" + # secretName: "app.onprem-test.stands.wilix.dev" podLabels: redis-client: 'true' @@ -212,16 +277,25 @@ yonote-websocket: port: 80 targetPort: app - ingress: - hostname: '"*.example.com"' - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Host $http_host"; - more_set_headers "X-Real-IP $remote_addr"; - more_set_headers "X-Forwarded-Proto $scheme"; - more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + # ingress: + # enabled: true + # hostname: 'app.onprem-test.stands.wilix.dev' + # ingressClassName: traefik + # path: '/realtime' + # pathType: Prefix + # annotations: + # cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev + # traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd' + # # nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + # # nginx.ingress.kubernetes.io/configuration-snippet: | + # # more_set_headers "Host $http_host"; + # # more_set_headers "X-Real-IP $remote_addr"; + # # more_set_headers "X-Forwarded-Proto $scheme"; + # # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + # extraTls: + # - hosts: + # - "app.onprem-test.stands.wilix.dev" + # secretName: "app.onprem-test.stands.wilix.dev" podLabels: redis-client: 'true' @@ -292,16 +366,26 @@ yonote-whiteboard: port: 80 targetPort: app - ingress: - hostname: '"*.example.com"' - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Host $http_host"; - more_set_headers "X-Real-IP $remote_addr"; - more_set_headers "X-Forwarded-Proto $scheme"; - more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + # ingress: + # enabled: true + # hostname: 'app.onprem-test.stands.wilix.dev' + # ingressClassName: traefik + # path: '/whiteboard' + # pathType: Prefix + # annotations: + # cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev + # traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd' + # # nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + # # nginx.ingress.kubernetes.io/configuration-snippet: | + # # more_set_headers "Host $http_host"; + # # more_set_headers "X-Real-IP $remote_addr"; + # # more_set_headers "X-Forwarded-Proto $scheme"; + # # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + # extraTls: + # - hosts: + # - "app.onprem-test.stands.wilix.dev" + # secretName: "app.onprem-test.stands.wilix.dev" + podLabels: redis-client: 'true' @@ -348,11 +432,11 @@ yonote-worker: resources: limits: - cpu: 500m + cpu: 1 memory: 1Gi requests: - cpu: 250m - memory: 256Mi + cpu: 50m + memory: 128Mi checksums: null @@ -427,16 +511,25 @@ yonote-collaboration: port: 80 targetPort: app - ingress: - hostname: '"*.example.com"' - ingressClassName: nginx - annotations: - nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_set_headers "Host $http_host"; - more_set_headers "X-Real-IP $remote_addr"; - more_set_headers "X-Forwarded-Proto $scheme"; - more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + # ingress: + # enabled: true + # hostname: 'app.onprem-test.stands.wilix.dev' + # ingressClassName: traefik + # path: '/collaboration' + # pathType: Prefix + # annotations: + # cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev + # traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd' + # # nginx.ingress.kubernetes.io/force-ssl-redirect: "false" + # # nginx.ingress.kubernetes.io/configuration-snippet: | + # # more_set_headers "Host $http_host"; + # # more_set_headers "X-Real-IP $remote_addr"; + # # more_set_headers "X-Forwarded-Proto $scheme"; + # # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; + # extraTls: + # - hosts: + # - "app.onprem-test.stands.wilix.dev" + # secretName: "app.onprem-test.stands.wilix.dev" envFrom: - configMapRef: @@ -523,13 +616,18 @@ minio: ingress: enabled: true + hostname: 's3.onprem-test.stands.wilix.dev' + ingressClassName: traefik + path: '/' + pathType: ImplementationSpecific annotations: - kubernetes.io/ingress.class: nginx - hosts: - - host: s3.example.com - paths: - - path: / - pathType: ImplementationSpecific + kubernetes.io/ingress.class: traefik + cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev + extraTls: + - hosts: + - "s3.onprem-test.stands.wilix.dev" + secretName: "s3.onprem-test.stands.wilix.dev" + resources: requests: memory: 512Mi -- 2.40.1 From 681b9324a857bc287cc350463ad412bac96d4167 Mon Sep 17 00:00:00 2001 From: "artem.drozdov" Date: Tue, 13 Aug 2024 10:04:44 +0300 Subject: [PATCH 3/4] update --- yonote-chart/templates/ingress.yaml | 10 ++-- yonote-chart/values.yaml | 82 +++++++++++++++++++++-------- 2 files changed, 68 insertions(+), 24 deletions(-) diff --git a/yonote-chart/templates/ingress.yaml b/yonote-chart/templates/ingress.yaml index 74ee4aa..04bc8a6 100644 --- a/yonote-chart/templates/ingress.yaml +++ b/yonote-chart/templates/ingress.yaml @@ -1,3 +1,4 @@ +{{- if .Values.ingress.enabled }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -16,10 +17,11 @@ spec: - "{{ . }}" {{- end }} rules: - - host: "{{ .Values.ingress.hostname }}" + {{- range .Values.ingress.rules }} + - host: "{{ .host }}" http: paths: - {{- range .Values.ingress.rules.paths }} + {{- range .paths }} - path: {{ .path }} pathType: {{ .pathType }} backend: @@ -27,4 +29,6 @@ spec: name: {{ .service.name }} port: number: {{ .service.port | int }} - {{- end }} \ No newline at end of file + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/yonote-chart/values.yaml b/yonote-chart/values.yaml index dbf92b2..b3bd94d 100644 --- a/yonote-chart/values.yaml +++ b/yonote-chart/values.yaml @@ -6,16 +6,13 @@ global: username: yonote yonote: - # ingress: - # ingressClassName: traefik - dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` - baseListenAddress: onprem-test.stands.wilix.dev config: plain: data: + DEPLOYMENT: hosted NODE_ENV: production FORCE_HTTPS: "false" PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL @@ -86,28 +83,27 @@ global: # pathType: Prefix # annotations: # cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev - # traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd' # # nginx.ingress.kubernetes.io/force-ssl-redirect: "false" # # nginx.ingress.kubernetes.io/configuration-snippet: | # # more_set_headers "Host $http_host"; # # more_set_headers "X-Real-IP $remote_addr"; # # more_set_headers "X-Forwarded-Proto $scheme"; # # more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; - # extraTls: - # - hosts: - # - "app.onprem-test.stands.wilix.dev" - # secretName: "app.onprem-test.stands.wilix.dev" + ingress: enabled: true name: yonote-ingress namespace: yonote-onprem ingressClassName: traefik - hostname: 'app.onprem-test.stands.wilix.dev' + # hostname: "*.onprem-test.stands.wilix.dev" tls: - secretName: "app.onprem-test.stands.wilix.dev" - hosts: - - "app.onprem-test.stands.wilix.dev" + secretName: "wildcard.onprem-test.stands.wilix.dev" + hosts: + - "*.onprem-test.stands.wilix.dev" + # - "tete.onprem-test.stands.wilix.dev" + # - "dada.onprem-test.stands.wilix.dev" rules: + - host: "*.onprem-test.stands.wilix.dev" paths: - path: / pathType: Prefix @@ -129,10 +125,54 @@ ingress: service: name: yonote-collaboration port: 80 + # - host: "tete.onprem-test.stands.wilix.dev" + # paths: + # - path: / + # pathType: Prefix + # service: + # name: yonote-web + # port: 80 + # - path: /realtime + # pathType: Prefix + # service: + # name: yonote-websockets + # port: 80 + # - path: /whiteboard + # pathType: Prefix + # service: + # name: yonote-whiteboard + # port: 80 + # - path: /collaboration + # pathType: Prefix + # service: + # name: yonote-collaboration + # port: 80 + # - host: "dada.onprem-test.stands.wilix.dev" + # paths: + # - path: / + # pathType: Prefix + # service: + # name: yonote-web + # port: 80 + # - path: /realtime + # pathType: Prefix + # service: + # name: yonote-websockets + # port: 80 + # - path: /whiteboard + # pathType: Prefix + # service: + # name: yonote-whiteboard + # port: 80 + # - path: /collaboration + # pathType: Prefix + # service: + # name: yonote-collaboration + # port: 80 + annotations: cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev - traefik.ingress.kubernetes.io/router.middlewares: '{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{.Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd' - + yonote-web: fullnameOverride: yonote-web nameOverride: yonote-web @@ -141,7 +181,7 @@ yonote-web: image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.5 + tag: 1.19.8 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] @@ -149,7 +189,7 @@ yonote-web: initContainers: - name: yonote-migration - image: images.updates.yonote.ru/yonote:1.19.5 + image: images.updates.yonote.ru/yonote:1.19.8 imagePullPolicy: IfNotPresent command: - /bin/sh @@ -245,7 +285,7 @@ yonote-websocket: image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.5 + tag: 1.19.8 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] @@ -334,7 +374,7 @@ yonote-whiteboard: image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.5 + tag: 1.19.8 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] @@ -424,7 +464,7 @@ yonote-worker: image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.5 + tag: 1.19.8 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] @@ -493,7 +533,7 @@ yonote-collaboration: image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.5 + tag: 1.19.8 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] -- 2.40.1 From 68d8eb92fdea78ee7ede35ce5ad91a642e8ea0fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D0=B5=D0=BC=20=D0=94=D1=80=D0=BE=D0=B7?= =?UTF-8?q?=D0=B4=D0=BE=D0=B2?= Date: Tue, 13 Aug 2024 09:32:08 +0000 Subject: [PATCH 4/4] =?UTF-8?q?=D0=9E=D0=B1=D0=BD=D0=BE=D0=B2=D0=B8=D1=82?= =?UTF-8?q?=D1=8C=20yonote-chart/secret-values.yaml?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- yonote-chart/secret-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yonote-chart/secret-values.yaml b/yonote-chart/secret-values.yaml index 4d73ce3..862eeb2 100644 --- a/yonote-chart/secret-values.yaml +++ b/yonote-chart/secret-values.yaml @@ -13,7 +13,7 @@ global: UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. TELEGRAM_BOT_TOKEN: "1234" UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" - LICENSE_KEY: "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJkdW1teSI6ImRhdGEiLCJkYXRhIjoiZHVtbXkiLCJpYXQiOjE2NjQ4OTUyNjUsImV4cCI6MTgyMjY4MzI2NX0.Qudc2d-MKc4DT-UBAVydgowiYQnzzWolvbJTjPB5dwEI32Wb64sgkXOfXKsRf9_wP3UK0-65QYVkMHM76ImhM9HCHv9LWJBQeD0q2rF243cMkMUNfKXAX8-SmLu9kMZzm0fL02IBnv5TCHIF7u6GgGRk3US6WbVhzqHGxrdJ2b3HwD_cI3mcLKCtTfO_GDiUfAv7u5Ddi-6tCfFRvH633BLPKIMO5cePh_AdHykO_2p7z_ypUfsVgqxHkq8KwNuuaI6CpwE48P-7mXuM9xEWu3-prSZpaI4rIZA6JFpGMWyiGs4GDvjRFssq4GUPvYJnkZ2w_W_liSMdC5hg0PFxcw" # Обратитесь в отдел продаж для получения + LICENSE_KEY: "" # Обратитесь в отдел продаж для получения SERVICE_WORKER_PUBLIC_KEY: "1234" SERVICE_WORKER_PRIVATE_KEY: "1234" # Генерация ключей (web-push) Service Worker -- 2.40.1