yonote
/
onprem-deploy
17
0
Fork 0
Code Pull Requests Releases Activity

onprem-yonote-v2 #2

Merged
artem.drozdov merged 18 commits from onprem-yonote-v2 into main 2024-07-19 06:07:57 +00:00
Conversation 0 Commits 18 Files Changed 9 +271 -734
18 changed files with 271 additions and 734 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit b7feec3bde - Show all commits

23
yonote-chart/.helmignore
View File

@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

16
yonote-chart/Chart.lock
View File

@ -1,16 +1,4 @@
dependencies: dependencies:
- name: app
repository: https://dysnix.github.io/charts
version: 0.3.15
- name: app
repository: https://dysnix.github.io/charts
version: 0.3.15
- name: app
repository: https://dysnix.github.io/charts
version: 0.3.15
- name: app
repository: https://dysnix.github.io/charts
version: 0.3.15
- name: app - name: app
repository: https://dysnix.github.io/charts repository: https://dysnix.github.io/charts
version: 0.3.15 version: 0.3.15
@ -23,5 +11,5 @@ dependencies:
- name: minio - name: minio
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 14.6.20 version: 14.6.20
digest: sha256:ac298eab717f006b97255703008f8d675b5e0603afa5b755673455012d6d3693 digest: sha256:dfaa7914dc55b5c305826ec1ed880af5c50904131aca19fe758d779719d35e99
generated: "2024-07-16T12:06:23.7878103+03:00" generated: "2024-07-17T16:05:55.571392551+03:00"

22
yonote-chart/Chart.yaml
View File

@ -1,6 +1,6 @@
apiVersion: v2 apiVersion: v2
name: yonote-chart name: yonote-chart
version: 1.2.0 version: 1.2.1
description: description:
Generic application Helm chart. Generic application Helm chart.
This chart includes multiple dependencies. The base of this chart is derived from the Dynix app chart. This chart includes multiple dependencies. The base of this chart is derived from the Dynix app chart.
@ -15,26 +15,6 @@ dependencies:
repository: https://dysnix.github.io/charts repository: https://dysnix.github.io/charts
alias: yonote-web alias: yonote-web
- name: app
version: "0.3.15"
repository: https://dysnix.github.io/charts
alias: yonote-websocket
- name: app
version: "0.3.15"
repository: https://dysnix.github.io/charts
alias: yonote-whiteboard
- name: app
version: "0.3.15"
repository: https://dysnix.github.io/charts
alias: yonote-worker
- name: app
version: "0.3.15"
repository: https://dysnix.github.io/charts
alias: yonote-collaboration
- name: postgresql - name: postgresql
version: "11.6.6" version: "11.6.6"
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami

BIN
yonote-chart/charts/app-0.3.15.tgz
View File

Binary file not shown.

BIN
yonote-chart/charts/minio-14.6.20.tgz
View File

Binary file not shown.

BIN
yonote-chart/charts/postgresql-11.6.6.tgz
View File

Binary file not shown.

BIN
yonote-chart/charts/redis-16.12.1.tgz
View File

Binary file not shown.

6
yonote-chart/secret-values.yaml
View File

@ -5,9 +5,9 @@ global:
stringData: stringData:
DATABASE_URL: 'postgres://{{ .Values.global.postgresql.auth.username }}:{{ .Values.global.postgresql.auth.password }}@yonote-db:5432/{{ .Values.global.postgresql.auth.database }}' DATABASE_URL: 'postgres://{{ .Values.global.postgresql.auth.username }}:{{ .Values.global.postgresql.auth.password }}@yonote-db:5432/{{ .Values.global.postgresql.auth.database }}'
POSTGRES_PASSWORD: wsGZ6kXhr5 POSTGRES_PASSWORD: wsGZ6kXhr5
AWS_ACCESS_KEY_ID: "" # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу AWS_ACCESS_KEY_ID: "minioadmin" # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу
AWS_SECRET_ACCESS_KEY: "minioadmin" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу AWS_SECRET_ACCESS_KEY: "minioadminsecret" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу
OIDC_CLIENT_SECRET: "minioadminsecret" OIDC_CLIENT_SECRET: ""
SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения. SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения.
SMTP_PASSWORD: "1234" SMTP_PASSWORD: "1234"
UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это.

0
traefic-http-to-https-redirect-middleware.yaml → yonote-chart/templates/traefic-http-to-https-redirect-middleware.yaml
View File

0
traefik-wss-headers-middleware.yaml → yonote-chart/templates/traefik-wss-headers-middleware.yaml
View File

264
yonote-chart/values-test.yaml Normal file
View File

@ -0,0 +1,264 @@
global:
name: yonote-app
postgresql:
auth:
database: yonote
username: yonote
yonote:
ingress:
ingressClassName: traefik
dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production`
baseListenAddress: example.com
config:
plain:
data:
NODE_ENV: production
FORCE_HTTPS: "false"
PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL
BIND_HOST: 0.0.0.0 # Хост по умолчанию
PORT: "3000" # Порт по умолчанию
REDIS_URL: redis://yonote-redis-master:6379
DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию
ENABLE_UPDATES: "false"
AI_URL: "1234"
AI_API_KEY: "1234"
URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
OIDC_DISPLAY_NAME: email
OIDC_SCOPES: openid email
OIDC_CLIENT_ID: yonote
OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth'
OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote-test/protocol/openid-connect/logout'
OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote-test/protocol/openid-connect/token'
OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote-test/protocol/openid-connect/userinfo'
AWS_S3_ACL: private
AWS_S3_UPLOAD_BUCKET_URL: http://s3.example.com # Адрес S3 хранилища
AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища
AWS_REGION: "ru_RU"
AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища
AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3
S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean
S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах.
SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд
BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста
NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены
TELEGRAM_API_URL: https://api.telegram.org
UNSPLASH_API_BASENAME: https://api.unsplash.com
RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4
SMTP_HOST: ""
SMTP_USERNAME: ""
SMTP_FROM_EMAIL: ""
SMTP_REPLY_EMAIL: ""
SMTP_PORT: ""
SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/
SMTP_REQUIRE_TLS: ""
yonote_cron_calendar_events:
cron_enabled: "true"
url: http://yonote-web/api/cron.calendar_events
yonote_cron_task_scheduler:
cron_enabled: "true"
url: http://yonote-web/api/cron.schedule
yonote-web:
fullnameOverride: yonote-web
nameOverride: yonote-web
name: web
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.5
pullPolicy: IfNotPresent
resources:
limits:
cpu: "1"
memory: 1Gi
requests:
cpu: 250m
memory: 256Mi
ingress:
enabled: true
ingressClassName: traefik
hosts: "'*.example.com'"
annotations:
cert-manager.io/cluster-issuer: ""
traefik.ingress.kubernetes.io/router.middlewares: "{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{ .Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd"
extraTls:
- hosts:
- "'*.example.com'"
secretName: "'*.example.com'"
# enabled: true
# hostname: "'*.example.com'"
# ingressClassName: nginx
# path: '/'
# pathType: Prefix
# annotations:
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/server-snippets: |
# location /realtime {
# proxy_set_header Upgrade $http_upgrade;
# proxy_http_version 1.1;
# proxy_set_header X-Forwarded-Host $http_host;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-For $remote_addr;
# proxy_set_header Host $host;
# proxy_set_header Connection "upgrade";
# proxy_cache_bypass $http_upgrade;
# }
# nginx.ingress.kubernetes.io/configuration-snippet: |
# more_set_headers "Host $http_host";
# more_set_headers "X-Real-IP $remote_addr";
# more_set_headers "X-Forwarded-Proto $scheme";
# more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
# cert-manager.io/cluster-issuer: ""
# extraTls:
# - hosts:
# - "'*.example.com'"
# secretName: "'*.example.com'"
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-database:
enabled: true
fullnameOverride: yonote-db
nameOverride: db
primary:
persistence:
size: 500Mi
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 50m
memory: 256Mi
yonote-redis:
enabled: true
fullnameOverride: yonote-redis
nameOverride: redis
architecture: standalone
auth:
enabled: false
master:
persistence:
size: 200Mi
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
minio:
enabled: true
name: minio
fullnameOverride: yonote-minio
nameOverride: minio
accessKey: "minioadmin"
secretKey: "minioadminsecret"
persistence:
enabled: true
size: 500Mi
ingress:
enabled: true
hostname: '"s3.example.com"'
annotations:
cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
traefik.ingress.kubernetes.io/router.middlewares: "{{ .Release.Namespace }}-redirect-https@kubernetescrd,{{ .Release.Namespace }}-wss-headers@kubernetescrd,kube-system-wilix-office-ipwhitelist@kubernetescrd"
extraTls:
- hosts:
- s3.example.com
secretName: s3.example.com
# ingress:
# enabled: true
# ingressClassName: nginx
# annotations:
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/configuration-snippet: |
# more_set_headers "Host $http_host";
# more_set_headers "X-Real-IP $remote_addr";
# more_set_headers "X-Forwarded-Proto $scheme";
# more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
# hosts:
# - host: s3.onprem-test.stands.wilix.dev
# paths:
# - path: /
# pathType: ImplementationSpecific
resources:
requests:
memory: 512Mi
cpu: 250m
limits:
memory: 1Gi
cpu: 500m
buckets:
- name: yonote-bucket
policy: none

543
yonote-chart/values.yaml
View File

@ -1,543 +0,0 @@
global:
name: yonote-app
postgresql:
auth:
database: yonote
username: yonote
yonote:
ingress:
ingressClassName: nginx
dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production`
baseListenAddress: example.com
config:
plain:
data:
NODE_ENV: production
FORCE_HTTPS: "false"
PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL
BIND_HOST: 0.0.0.0 # Хост по умолчанию
PORT: "3000" # Порт по умолчанию
REDIS_URL: redis://yonote-redis-master:6379
DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию
ENABLE_UPDATES: "false"
AI_URL: "1234"
AI_API_KEY: "1234"
URL: 'http://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
OIDC_DISPLAY_NAME: email
OIDC_SCOPES: openid email
OIDC_CLIENT_ID: yonote
OIDC_AUTH_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/auth'
OIDC_LOGOUT_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/logout'
OIDC_TOKEN_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/token'
OIDC_USERINFO_URI: 'yonote-keycloak:8080/realms/yonote/protocol/openid-connect/userinfo'
AWS_S3_ACL: private
AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища
AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища
AWS_REGION: ""
AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища
AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3
S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean
S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах.
SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд
BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста
NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены
TELEGRAM_API_URL: https://api.telegram.org
UNSPLASH_API_BASENAME: https://api.unsplash.com
RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4
SMTP_HOST: ""
SMTP_USERNAME: ""
SMTP_FROM_EMAIL: ""
SMTP_REPLY_EMAIL: ""
SMTP_PORT: ""
SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/
SMTP_REQUIRE_TLS: ""
yonote_cron_calendar_events:
cron_enabled: "true"
url: http://yonote-web/api/cron.calendar_events
yonote_cron_task_scheduler:
cron_enabled: "true"
url: http://yonote-web/api/cron.schedule
yonote-web:
fullnameOverride: yonote-web
nameOverride: yonote-web
name: web
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.5
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['yarn start:selfhosted --services=web']
initContainers:
- name: yonote-migration
image: images.updates.yonote.ru/yonote:1.19.5
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- '-c'
- npx sequelize db:migrate
env:
- name: NODE_ENV
value: '{{ .Values.global.yonote.dbMigrationEnv }}' # В настройках для sequelize прописан такой env для запуска миграций без ssl
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
resources:
limits:
cpu: 350m
memory: 512Mi
requests:
cpu: 200m
memory: 128Mi
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
ingress:
hostname: '"*.example.com"'
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Host $http_host";
more_set_headers "X-Real-IP $remote_addr";
more_set_headers "X-Forwarded-Proto $scheme";
more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-websocket:
fullnameOverride: yonote-websockets
nameOverride: yonote-websockets
name: websockets
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.5
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['yarn start:selfhosted --services=websockets']
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
checksums: null
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
ingress:
hostname: '"*.example.com"'
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Host $http_host";
more_set_headers "X-Real-IP $remote_addr";
more_set_headers "X-Forwarded-Proto $scheme";
more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-whiteboard:
fullnameOverride: yonote-whiteboard
nameOverride: yonote-whiteboard
name: whiteboard
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.5
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['yarn start:selfhosted --services=whiteboard']
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
checksums: null
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
ingress:
hostname: '"*.example.com"'
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Host $http_host";
more_set_headers "X-Real-IP $remote_addr";
more_set_headers "X-Forwarded-Proto $scheme";
more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-worker:
fullnameOverride: yonote-worker
nameOverride: yonote-worker
name: worker
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.5
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['yarn start:selfhosted --services=worker']
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 256Mi
checksums: null
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-collaboration:
fullnameOverride: yonote-collaboration
nameOverride: yonote-collaboration
name: collaboration
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.5
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['yarn start:selfhosted --services=collaboration']
checksums: null
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
ingress:
hostname: '"*.example.com"'
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_headers "Host $http_host";
more_set_headers "X-Real-IP $remote_addr";
more_set_headers "X-Forwarded-Proto $scheme";
more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for";
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-database:
enabled: true
fullnameOverride: yonote-db
nameOverride: db
primary:
persistence:
size: 500Mi
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 50m
memory: 256Mi
yonote-redis:
enabled: true
fullnameOverride: yonote-redis
nameOverride: redis
architecture: standalone
auth:
enabled: false
master:
persistence:
size: 200Mi
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
minio:
enabled: true
name: minio
fullnameOverride: yonote-minio
nameOverride: minio
accessKey: "minioadmin"
secretKey: "minioadminsecret"
persistence:
enabled: true
size: 500Mi
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
hosts:
- host: s3.example.com
paths:
- path: /
pathType: ImplementationSpecific
resources:
requests:
memory: 512Mi
cpu: 250m
limits:
memory: 1Gi
cpu: 500m
buckets:
- name: yonote-bucket
policy: none

9
yonote-keycloak-chart/Chart.lock
View File

@ -1,9 +0,0 @@
dependencies:
- name: app
repository: https://dysnix.github.io/charts
version: 0.3.15
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.6.2
digest: sha256:4ff512f4cf7c217961e59af3e2cb656f4d6fc8441f17ce3da96ca1a03f58bf58
generated: "2024-07-16T12:04:39.863844193+03:00"

13
yonote-keycloak-chart/Chart.yaml
View File

@ -1,13 +0,0 @@
apiVersion: v2
name: yonote-keycloak-chart
version: 1.0.0
dependencies:
- name: app
version: "0.3.15"
repository: https://dysnix.github.io/charts
alias: keycloak
- name: postgresql
version: "11.6.2"
repository: https://charts.bitnami.com/bitnami
condition: keycloak-database.enabled
alias: keycloak-database

BIN
yonote-keycloak-chart/charts/app-0.3.15.tgz
View File

Binary file not shown.

BIN
yonote-keycloak-chart/charts/postgresql-11.6.2.tgz
View File

Binary file not shown.

6
yonote-keycloak-chart/secret-values.yaml
View File

@ -1,6 +0,0 @@
keycloak:
secrets:
secrets:
stringData:
KEYCLOAK_ADMIN_PASSWORD: "12345"
KC_DB_PASSWORD: "3fWAxP6ZYp"

101
yonote-keycloak-chart/values.yaml
View File

@ -1,101 +0,0 @@
global:
postgresql:
auth:
database: keycloak
username: keycloak
keycloak-database:
enabled: true
fullnameOverride: yonote-keycloak-db
nameOverride: db
primary:
persistence:
size: 512Mi
keycloak:
name: yonote-keycloak
fullnameOverride: yonote-keycloak
image:
registry: images.updates.yonote.ru
repository: yonote-keycloak
tag: latest
command:
- /bin/sh
- -c
- |
"/opt/keycloak/bin/kc.sh" "start"
configMaps:
configs:
data:
KEYCLOAK_ADMIN: root
KC_PROXY: edge
KC_HOSTNAME_STRICT: "false"
KC_HOSTNAME_ADMIN: auth.example.com/admin
KC_HOSTNAME: auth.example.com
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak
KC_DB_URL_DATABASE: keycloak
KC_DB_USERNAME: keycloak
KC_HOSTNAME_STRICT_HTTPS: "false"
KC_HOSTNAME_PATH: "/"
envFrom:
- configMapRef:
name: '{{ template "app.fullname" . }}-configs'
- secretRef:
name: '{{ template "app.fullname" . }}-secrets'
checksums:
- secrets.yaml
- configmaps.yaml
containerPorts:
- containerPort: 8080
name: app
protocol: TCP
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 150m
memory: 128Mi
service:
service:
type: ClusterIP
port: 8080
targetPort: 8080
ingress:
enabled: true
ingressClassName: nginx
pathType: ImplementationSpecific
hostname: auth.example.com
path: /
tls: false
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /
port: app
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 15
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /
port: app