yonote
/
onprem-deploy
19
0
Fork 0
Code Pull Requests Releases Activity

clear-onprem #5

Closed
artem.drozdov wants to merge 14 commits from clear-onprem into main
pull from: clear-onprem
merge into: yonote:main
Conversation 0 Commits 14 Files Changed 20 +618 -142
20 changed files with 618 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
yonote-chart/templates/secret.yaml → secret.yaml
View File

15
yonote-chart/Chart.lock
View File

@ -18,7 +18,16 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
version: 11.6.6
- name: redis
repository: https://artifacts.wilix.dev/repository/helm-bitnami
repository: https://charts.bitnami.com/bitnami
version: 16.12.1
digest: sha256:b235eee18e9704d2eccffe52ea8a37d5431039378ae03ef2e2b738661f2a5711
generated: "2024-07-11T17:41:36.715623176+03:00"
- name: app
repository: https://dysnix.github.io/charts
version: 0.3.15
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.6.2
- name: minio
repository: https://charts.bitnami.com/bitnami
version: 14.0.0
digest: sha256:d885d7c44dc28f36c26f218ca8c5ae318aced1b312b31403d00aec70d1be1d78
generated: "2024-08-16T13:31:48.832508252+03:00"

25
yonote-chart/Chart.yaml
View File

@ -1,6 +1,13 @@
apiVersion: v2
name: yonote-chart
version: 1.2.0
description:
Generic application Helm chart.
This chart includes multiple dependencies. The base of this chart is derived from the Dynix app chart.
maintainers:
- name: Dysnix
email: support@dysnix.com
url: https://github.com/dysnix/charts/tree/main/dysnix/app
dependencies:
- name: app
@ -39,3 +46,21 @@ dependencies:
repository: https://charts.bitnami.com/bitnami
condition: yonote-redis.enabled
alias: yonote-redis
- name: app
version: "0.3.15"
repository: https://dysnix.github.io/charts
condition: keycloak.enabled
alias: keycloak
- name: postgresql
version: "11.6.2"
repository: https://charts.bitnami.com/bitnami
condition: keycloak.keycloak-database.enabled
alias: keycloak-database
- name: minio
version: "14.0.0"
repository: https://charts.bitnami.com/bitnami
condition: minio.enabled
alias: minio

BIN
yonote-chart/charts/app-0.3.15.tgz Normal file
View File

Binary file not shown.

BIN
yonote-chart/charts/minio-14.0.0.tgz Normal file
View File

Binary file not shown.

BIN
yonote-chart/charts/postgresql-11.6.2.tgz Normal file
View File

Binary file not shown.

BIN
yonote-chart/charts/postgresql-11.6.6.tgz Normal file
View File

Binary file not shown.

BIN
yonote-chart/charts/redis-16.12.1.tgz Normal file
View File

Binary file not shown.

57
yonote-chart/secret-values.yaml
View File

@ -1,21 +1,44 @@
global:
global:
yonote:
config:
secret:
stringData:
AI_API_KEY:
AWS_ACCESS_KEY_ID:
AWS_SECRET_ACCESS_KEY:
OIDC_CLIENT_SECRET:
SECRET_KEY:
SMTP_PASSWORD:
UTILS_SECRET:
YANDEX_METRIKA_ID:
TELEGRAM_BOT_TOKEN:
UNSPLASH_API_ACCESS_KEY:
DATABASE_URL: "" #postgres://<username:password>@<postgresql>:5432/yonote
REDIS_URL: "" #redis://username:password>@<redis>:6379
LICENSE_KEY: ""
SERVICE_WORKER_PUBLIC_KEY: ""
SERVICE_WORKER_PRIVATE_KEY: ""
QUOTA_TOKEN:
# DATABASE_URL: "postgres://{{ .Values.global.postgresql.auth.username }}:{{ .Values.global.postgresql.auth.password }}@yonote-db:5432/{{ .Values.global.postgresql.auth.database }}"
# POSTGRES_PASSWORD: "{{ .Values.global.postgresql.auth.password }}"
AWS_ACCESS_KEY_ID: "" # Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу
AWS_SECRET_ACCESS_KEY: "minioadmin" # Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу
OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD"
SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения.
SMTP_PASSWORD: "1234"
UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это.
TELEGRAM_BOT_TOKEN: "1234"
UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE"
LICENSE_KEY: "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJkdW1teSI6ImRhdGEiLCJkYXRhIjoiZHVtbXkiLCJpYXQiOjE2NjQ4OTUyNjUsImV4cCI6MTgyMjY4MzI2NX0.Qudc2d-MKc4DT-UBAVydgowiYQnzzWolvbJTjPB5dwEI32Wb64sgkXOfXKsRf9_wP3UK0-65QYVkMHM76ImhM9HCHv9LWJBQeD0q2rF243cMkMUNfKXAX8-SmLu9kMZzm0fL02IBnv5TCHIF7u6GgGRk3US6WbVhzqHGxrdJ2b3HwD_cI3mcLKCtTfO_GDiUfAv7u5Ddi-6tCfFRvH633BLPKIMO5cePh_AdHykO_2p7z_ypUfsVgqxHkq8KwNuuaI6CpwE48P-7mXuM9xEWu3-prSZpaI4rIZA6JFpGMWyiGs4GDvjRFssq4GUPvYJnkZ2w_W_liSMdC5hg0PFxcw" # Обратитесь в отдел продаж для получения
SERVICE_WORKER_PUBLIC_KEY: "1234"
SERVICE_WORKER_PRIVATE_KEY: "1234"
# Генерация ключей (web-push) Service Worker
# 1) Установить Node.js и npm
# 2) Выполнить команду для генерации ключей
# npx web-push generate-vapid-keys
# 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY)
yonote-database:
global:
postgresql:
auth:
password: "wsGZ6kXhr5"
postgresPassword: "QQYw4UjOU"
keycloak-database:
global:
postgresql:
auth:
password: "tT9BqYdNyd1"
keycloak:
secrets:
secrets:
stringData:
KEYCLOAK_ADMIN_PASSWORD: "12345"
KC_DB_PASSWORD: "tT9BqYdNyd1"

34
yonote-chart/templates/ingress.yaml Normal file
View File

@ -0,0 +1,34 @@
{{- if .Values.ingress.enabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.ingress.name }}
namespace: {{ .Values.ingress.namespace }}
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: "{{ $value }}"
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.ingressClassName }}
tls:
- secretName: "{{ .Values.ingress.tls.secretName }}"
hosts:
{{- range .Values.ingress.tls.hosts }}
- "{{ . }}"
{{- end }}
rules:
{{- range .Values.ingress.rules }}
- host: "{{ .host }}"
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
service:
name: {{ .service.name }}
port:
number: {{ .service.port | int }}
{{- end }}
{{- end }}
{{- end }}

10
yonote-chart/templates/traefic-http-to-https-redirect-middleware.yaml
View File

@ -1,10 +0,0 @@
{{- if eq $.Values.global.yonote.ingress.ingressClassName "traefik" }}
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirect-https
spec:
redirectScheme:
scheme: https
permanent: true
{{- end }}

10
yonote-chart/templates/traefik-wss-headers-middleware.yaml
View File

@ -1,10 +0,0 @@
{{- if eq $.Values.global.yonote.ingress.ingressClassName "traefik" }}
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: wss-headers
spec:
headers:
customRequestHeaders:
X-Forwarded-Proto: https
{{- end }}

380
yonote-chart/values.yaml
View File

@ -1,59 +1,51 @@
global:
postgresql:
auth:
database: yonote
username: yonote
yonote:
ingress:
ingressClassName: traefik
dbMigrationEnv: production-ssl-disabled
keycloak:
hostName: auth.example.com
realmName: yonote
baseListenAddress: example.com
dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production`
baseListenAddress: onprem-test.stands.wilix.dev
config:
plain:
data:
DEPLOYMENT: hosted
NODE_ENV: production
FORCE_HTTPS: "false"
PGSSLMODE: disable
PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL
BIND_HOST: 0.0.0.0
PORT: "3000"
BIND_HOST: 0.0.0.0 # Хост по умолчанию
PORT: "3000" # Порт по умолчанию
REDIS_URL: redis://yonote-redis-master:6379
DEFAULT_LANGUAGE: ru_RU
DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию
ENABLE_UPDATES: "false"
AI_URL: http://engate.wilix.dev:5001
AI_URL: "1234"
AI_API_KEY: "1234"
WEB_CONCURRENCY: "1"
URL: 'http://app.{{ .Values.global.yonote.baseListenAddress }}'
COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}'
URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
OIDC_DISPLAY_NAME: email
OIDC_SCOPES: openid email
OIDC_CLIENT_ID: yonote
OIDC_AUTH_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/auth'
OIDC_LOGOUT_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/logout'
OIDC_TOKEN_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/token'
OIDC_USERINFO_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/userinfo'
OIDC_CLIENT_ID: yonote-local
OIDC_AUTH_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/auth'
OIDC_LOGOUT_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/logout'
OIDC_TOKEN_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/token'
OIDC_USERINFO_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/userinfo'
AWS_S3_ACL: private
AWS_S3_UPLOAD_BUCKET_URL: example-url-s3
AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket
AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища
AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища
AWS_REGION: ""
AWS_S3_UPLOAD_MAX_SIZE: "226214400"
AWS_S3_FORCE_PATH_STYLE: "false"
AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища
AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3
S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean
S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах.
SUBDOMAINS_ENABLED: "true"
BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}'
NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates
SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд
BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста
NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены
TELEGRAM_API_URL: https://api.telegram.org
@ -66,13 +58,9 @@ global:
SMTP_FROM_EMAIL: ""
SMTP_REPLY_EMAIL: ""
SMTP_PORT: ""
SMTP_SECURE: "" #connection will be upgraded: https://nodemailer.com/smtp/
SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/
SMTP_REQUIRE_TLS: ""
secret:
stringData:
DATABASE_URL: 'postgres://{{ .Values.global.postgresql.auth.username }}:{{ .Values.global.postgresql.auth.password }}@yonote-db/{{ .Values.global.postgresql.auth.database }}'
yonote_cron_calendar_events:
cron_enabled: "true"
url: http://yonote-web/api/cron.calendar_events
@ -81,8 +69,89 @@ global:
cron_enabled: "true"
url: http://yonote-web/api/cron.schedule
name: yonote
ingress:
enabled: true
name: yonote-ingress
namespace: yonote-onprem
ingressClassName: traefik
# hostname: "*.onprem-test.stands.wilix.dev"
tls:
secretName: "wildcard.onprem-test.stands.wilix.dev"
hosts:
- "*.onprem-test.stands.wilix.dev"
# - "tete.onprem-test.stands.wilix.dev"
# - "dada.onprem-test.stands.wilix.dev"
rules:
- host: "*.onprem-test.stands.wilix.dev"
paths:
- path: /
pathType: Prefix
service:
name: yonote-web
port: 80
- path: /realtime
pathType: Prefix
service:
name: yonote-websockets
port: 80
- path: /whiteboard
pathType: Prefix
service:
name: yonote-whiteboard
port: 80
- path: /collaboration
pathType: Prefix
service:
name: yonote-collaboration
port: 80
# - host: "tete.onprem-test.stands.wilix.dev"
# paths:
# - path: /
# pathType: Prefix
# service:
# name: yonote-web
# port: 80
# - path: /realtime
# pathType: Prefix
# service:
# name: yonote-websockets
# port: 80
# - path: /whiteboard
# pathType: Prefix
# service:
# name: yonote-whiteboard
# port: 80
# - path: /collaboration
# pathType: Prefix
# service:
# name: yonote-collaboration
# port: 80
# - host: "dada.onprem-test.stands.wilix.dev"
# paths:
# - path: /
# pathType: Prefix
# service:
# name: yonote-web
# port: 80
# - path: /realtime
# pathType: Prefix
# service:
# name: yonote-websockets
# port: 80
# - path: /whiteboard
# pathType: Prefix
# service:
# name: yonote-whiteboard
# port: 80
# - path: /collaboration
# pathType: Prefix
# service:
# name: yonote-collaboration
# port: 80
annotations:
cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
yonote-web:
fullnameOverride: yonote-web
nameOverride: yonote-web
@ -91,16 +160,15 @@ yonote-web:
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.5
tag: 1.19.8
pullPolicy: IfNotPresent
args:
- ./build/server/index.js
- '--services=web'
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=web']
initContainers:
- name: yonote-migration
image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}'
image: images.updates.yonote.ru/yonote:1.19.8
imagePullPolicy: IfNotPresent
command:
- /bin/sh
@ -117,8 +185,8 @@ yonote-web:
resources:
limits:
cpu: 350m
memory: 512Mi
cpu: 1
memory: 1Gi
requests:
cpu: 200m
memory: 128Mi
@ -138,14 +206,6 @@ yonote-web:
name: yonote-configs
- secretRef:
name: yonote-secrets
ingress:
enabled: true
hostname: '"*.yonote.example.com"'
ingressClassName: ""
path: '/'
pathType: Prefix
tls: false
podLabels:
redis-client: 'true'
@ -184,12 +244,11 @@ yonote-websocket:
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.5
tag: 1.19.8
pullPolicy: IfNotPresent
args:
- ./build/server/index.js
- '--services=websockets'
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=websockets']
resources:
limits:
@ -217,13 +276,6 @@ yonote-websocket:
port: 80
targetPort: app
ingress:
enabled: true
hostname: '"*.yonote.example.com"'
ingressClassName: ""
path: '/realtime'
pathType: Prefix
tls: false
podLabels:
redis-client: 'true'
@ -262,12 +314,11 @@ yonote-whiteboard:
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.5
tag: 1.19.8
pullPolicy: IfNotPresent
args:
- ./build/server/index.js
- '--services=whiteboard'
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=whiteboard']
resources:
limits:
@ -295,14 +346,6 @@ yonote-whiteboard:
port: 80
targetPort: app
ingress:
enabled: true
hostname: '"*.yonote.example.com"'
ingressClassName: ""
path: '/whiteboard'
pathType: Prefix
tls: false
podLabels:
redis-client: 'true'
@ -340,20 +383,19 @@ yonote-worker:
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.5
tag: 1.19.8
pullPolicy: IfNotPresent
args:
- ./build/server/index.js
- '--services=worker'
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=worker']
resources:
limits:
cpu: 500m
cpu: 1
memory: 1Gi
requests:
cpu: 250m
memory: 256Mi
cpu: 50m
memory: 128Mi
checksums: null
@ -410,12 +452,11 @@ yonote-collaboration:
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.5
tag: 1.19.8
pullPolicy: IfNotPresent
args:
- ./build/server/index.js
- '--services=collaboration'
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=collaboration']
checksums: null
@ -428,14 +469,6 @@ yonote-collaboration:
type: ClusterIP
port: 80
targetPort: app
ingress:
enabled: true
hostname: '"*.yonote.example.com"'
ingressClassName: ""
path: '/collaboration'
pathType: Prefix
tls: false
envFrom:
- configMapRef:
@ -472,13 +505,19 @@ yonote-collaboration:
path: /_health
port: app
yonote-database:
enabled: true
yonote-database:
enabled: true
global:
postgresql:
auth:
database: "yonote"
username: "yonote"
fullnameOverride: yonote-db
nameOverride: db
primary:
persistence:
size: 10Gi
size: 500Mi
resources:
limits:
cpu: 250m
@ -492,15 +531,152 @@ yonote-redis:
fullnameOverride: yonote-redis
nameOverride: redis
architecture: standalone
auth:
enabled: false
master:
persistence:
size: 5Gi
size: 200Mi
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
memory: 128Mi
keycloak-database:
enabled: true
global:
postgresql:
auth:
database: keycloak
username: keycloak
name: keycloak-database
fullnameOverride: yonote-keycloak-db
nameOverride: db
primary:
persistence:
size: 512Mi
keycloak:
enabled: true
name: yonote-keycloak
fullnameOverride: yonote-keycloak
image:
registry: images.updates.yonote.ru
repository: yonote-keycloak
tag: 19-0.1.1
command:
- /bin/sh
- -c
- /opt/keycloak/bin/kc.sh import --file=/opt/keycloak/data/import/realm-export.json --debug
- /opt/keycloak/bin/kc.sh start
configMaps:
configs:
data:
KEYCLOAK_ADMIN: root
KC_PROXY: edge
KC_HOSTNAME_STRICT: "false"
KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev
KC_HOSTNAME: auth.onprem-test.stands.wilix.dev
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak
KC_DB_USERNAME: keycloak
KC_HOSTNAME_STRICT_HTTPS: "false"
KC_HOSTNAME_PATH: "/"
envFrom:
- configMapRef:
name: '{{ template "app.fullname" . }}-configs'
- secretRef:
name: '{{ template "app.fullname" . }}-secrets'
checksums:
- secrets.yaml
- configmaps.yaml
containerPorts:
- containerPort: 8080
name: app
protocol: TCP
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 150m
memory: 128Mi
service:
type: ClusterIP
port: 8080
targetPort: 8080
ingress:
enabled: true
hostname: 'auth.onprem-test.stands.wilix.dev'
ingressClassName: traefik
path: '/'
pathType: Prefix
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
extraTls:
- hosts:
- "auth.onprem-test.stands.wilix.dev"
secretName: "auth.onprem-test.stands.wilix.dev"
# livenessProbe:
# enabled: true
# failureThreshold: 6
# initialDelaySeconds: 60
# periodSeconds: 15
# successThreshold: 1
# timeoutSeconds: 5
# httpGet:
# path: /
# port: app
# readinessProbe:
# enabled: true
# failureThreshold: 6
# initialDelaySeconds: 60
# periodSeconds: 15
# successThreshold: 1
# timeoutSeconds: 5
# httpGet:
# path: /
# port: app
minio:
enabled: true
name: minio
fullnameOverride: yonote-minio
nameOverride: minio
accessKey: "minioadmin"
secretKey: "minioadminsecret"
persistence:
enabled: true
size: 500Mi
ingress:
enabled: true
hostname: 's3.onprem-test.stands.wilix.dev'
ingressClassName: traefik
path: '/'
pathType: Prefix
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
extraTls:
- hosts:
- "s3.onprem-test.stands.wilix.dev"
secretName: "s3.onprem-test.stands.wilix.dev"
resources:
requests:
memory: 512Mi
cpu: 250m
limits:
memory: 1Gi
cpu: 500m
buckets:
- name: yonote-bucket
policy: none

9
yonote-keycloak-chart/Chart.lock Normal file
View File

@ -0,0 +1,9 @@
dependencies:
- name: app
repository: https://dysnix.github.io/charts
version: 0.3.15
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.6.2
digest: sha256:4ff512f4cf7c217961e59af3e2cb656f4d6fc8441f17ce3da96ca1a03f58bf58
generated: "2024-08-13T16:19:44.489332745+03:00"

13
yonote-keycloak-chart/Chart.yaml Normal file
View File

@ -0,0 +1,13 @@
apiVersion: v2
name: yonote-keycloak-chart
version: 1.0.0
dependencies:
- name: app
version: "0.3.15"
repository: https://dysnix.github.io/charts
alias: keycloak
- name: postgresql
version: "11.6.2"
repository: https://charts.bitnami.com/bitnami
condition: keycloak-database.enabled
alias: keycloak-database

BIN
yonote-keycloak-chart/charts/app-0.3.15.tgz Normal file
View File

Binary file not shown.

BIN
yonote-keycloak-chart/charts/postgresql-11.6.2.tgz Normal file
View File

Binary file not shown.

12
yonote-keycloak-chart/secret-values.yaml Normal file
View File

@ -0,0 +1,12 @@
global:
postgresql:
auth:
password: "tT9BqYdNyd1"
keycloak:
secrets:
secrets:
stringData:
KEYCLOAK_ADMIN_PASSWORD: "12345"
KC_DB_PASSWORD: "tT9BqYdNyd1"

89
yonote-keycloak-chart/traefik-forward-auth.yaml Normal file
View File

@ -0,0 +1,89 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik-forward-auth
namespace: yonote-onprem
labels:
app: traefik-forward-auth
spec:
replicas: 1
selector:
matchLabels:
app: traefik-forward-auth
strategy:
type: Recreate
revisionHistoryLimit: 10
progressDeadlineSeconds: 600
template:
metadata:
labels:
app: traefik-forward-auth
spec:
containers:
- name: traefik-forward-auth
image: thomseddon/traefik-forward-auth:2
ports:
- containerPort: 4181
protocol: TCP
env:
- name: DOMAIN
value: "wilix.org,wilix.dev"
- name: AUTH_HOST
value: "auth.yonote.develop.wilix.dev"
- name: INSECURE_COOKIE
value: "false"
- name: DEFAULT_PROVIDER
value: "oidc"
- name: PROVIDERS_OIDC_ISSUER_URL
value: "https://auth.onprem-test.stands.wilix.dev/realms/yonote"
- name: PROVIDERS_OIDC_CLIENT_ID
value: "admin"
- name: PROVIDERS_OIDC_CLIENT_SECRET
value: "12345"
- name: SECRET
value: "0987654321"
- name: LOG_LEVEL
value: "debug"
imagePullPolicy: IfNotPresent
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
restartPolicy: Always
terminationGracePeriodSeconds: 60
dnsPolicy: ClusterFirst
securityContext: {}
schedulerName: default-scheduler
---
apiVersion: v1
kind: Service
metadata:
name: traefik-forward-auth
namespace: yonote-onprem
labels:
app: traefik-forward-auth
spec:
ports:
- name: auth-http
protocol: TCP
port: 4181
targetPort: 4181
selector:
app: traefik-forward-auth
type: ClusterIP
sessionAffinity: None
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: traefik-forward-auth
spec:
forwardAuth:
address: https://auth.onprem-test.stands.wilix.dev:4181
authResponseHeaders:
- X-Forwarded-User

106
yonote-keycloak-chart/values.yaml Normal file
View File

@ -0,0 +1,106 @@
global:
postgresql:
auth:
database: keycloak
username: keycloak
keycloak-database:
enabled: true
fullnameOverride: yonote-keycloak-db
nameOverride: db
primary:
persistence:
size: 512Mi
keycloak:
name: yonote-keycloak
fullnameOverride: yonote-keycloak
image:
registry: images.updates.yonote.ru
repository: yonote-keycloak
tag: 19-0.1.1
command:
- /bin/sh
- -c
- /opt/keycloak/bin/kc.sh import --file=/opt/keycloak/data/import/realm-export.json --debug
- /opt/keycloak/bin/kc.sh start
configMaps:
configs:
data:
KEYCLOAK_ADMIN: root
KC_PROXY: edge
KC_HOSTNAME_STRICT: "false"
KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev
KC_HOSTNAME: auth.onprem-test.stands.wilix.dev
KC_DB: postgres
KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak
# KC_DB_URL_DATABASE: keycloak
KC_DB_USERNAME: keycloak
KC_HOSTNAME_STRICT_HTTPS: "false"
KC_HOSTNAME_PATH: "/"
envFrom:
- configMapRef:
name: '{{ template "app.fullname" . }}-configs'
- secretRef:
name: '{{ template "app.fullname" . }}-secrets'
checksums:
- secrets.yaml
- configmaps.yaml
containerPorts:
- containerPort: 8080
name: app
protocol: TCP
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 150m
memory: 128Mi
service:
type: ClusterIP
port: 8080
targetPort: 8080
ingress:
enabled: true
hostname: 'auth.onprem-test.stands.wilix.dev'
ingressClassName: traefik
path: '/'
pathType: Prefix
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev
extraTls:
- hosts:
- "auth.onprem-test.stands.wilix.dev"
secretName: "auth.onprem-test.stands.wilix.dev"
# livenessProbe:
# enabled: true
# failureThreshold: 6
# initialDelaySeconds: 60
# periodSeconds: 15
# successThreshold: 1
# timeoutSeconds: 5
# httpGet:
# path: /
# port: app
# readinessProbe:
# enabled: true
# failureThreshold: 6
# initialDelaySeconds: 60
# periodSeconds: 15
# successThreshold: 1
# timeoutSeconds: 5
# httpGet:
# path: /
# port: app