From ce2e8543cf8a0deab884e0fe7fd8d4ae09adf9b4 Mon Sep 17 00:00:00 2001 From: sarmstrong Date: Thu, 16 Oct 2025 16:26:38 +0300 Subject: [PATCH 01/11] Replace Bitnami Charts and images. --- yonote-chart-service/Chart.yaml | 26 ++--- yonote-chart-service/secret-values.yaml | 30 +++--- yonote-chart-service/templates/mcJob.yaml | 14 +-- yonote-chart-service/values.yaml | 123 ++++++++++------------ 4 files changed, 91 insertions(+), 102 deletions(-) diff --git a/yonote-chart-service/Chart.yaml b/yonote-chart-service/Chart.yaml index a70fa48..6256ecc 100644 --- a/yonote-chart-service/Chart.yaml +++ b/yonote-chart-service/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 name: yonote-chart -version: 1.2.0 +version: 1.3.0 description: Generic application Helm chart. - This chart includes multiple dependencies. The base of this chart is derived from the Dynix app chart. + This chart includes multiple dependencies. The base of this chart is derived from the Dysnix app chart. maintainers: - name: Dysnix email: support@dysnix.com @@ -29,32 +29,32 @@ dependencies: version: "0.3.15" repository: https://dysnix.github.io/charts alias: yonote-worker - + - name: app version: "0.3.15" repository: https://dysnix.github.io/charts alias: yonote-collaboration - - name: postgresql - version: "11.6.6" - repository: https://charts.bitnami.com/bitnami + - name: postgres + version: "0.3.9" + repository: https://groundhog2k.github.io/helm-charts/ condition: yonoteDatabase.enabled alias: yonoteDatabase - name: redis - version: "16.12.1" - repository: https://charts.bitnami.com/bitnami + version: "0.7.0" + repository: https://groundhog2k.github.io/helm-charts/ condition: yonote-redis.enabled alias: yonote-redis - name: minio version: "12.7.0" - repository: https://charts.bitnami.com/bitnami + repository: https://charts.min.io/ condition: minio.enabled alias: minio - - name: keycloak - version: "14.0.0" - repository: https://charts.bitnami.com/bitnami + - name: keycloakx + version: "1.3.2" + repository: https://codecentric.github.io/helm-charts condition: keycloak.enabled - alias: keycloak \ No newline at end of file + alias: keycloak diff --git a/yonote-chart-service/secret-values.yaml b/yonote-chart-service/secret-values.yaml index f53e7ee..a3e9229 100644 --- a/yonote-chart-service/secret-values.yaml +++ b/yonote-chart-service/secret-values.yaml @@ -3,8 +3,8 @@ global: config: secret: stringData: - DATABASE_URL: 'postgres://{{ .Values.yonoteDatabase.global.postgresql.auth.username }}:{{ .Values.yonoteDatabase.global.postgresql.auth.password }}@yonote-database:5432/{{ .Values.yonoteDatabase.global.postgresql.auth.database }}' - POSTGRES_PASSWORD: "{{ .Values.yonoteDatabase.global.postgresql.auth.password }}" + DATABASE_URL: 'postgres://{{ .Values.yonoteDatabase.settings.userDatabase.user }}:{{ .Values.yonoteDatabase.settings.userDatabase.password }}@yonote-database:5432/{{ .Values.yonoteDatabase.settings.userDatabase.database }}' + POSTGRES_PASSWORD: "{{ .Values.yonoteDatabase.settings.superuserPassword.password }}" AWS_ACCESS_KEY_ID: "{{ .Values.minio.customUser }}" # Ваш идентификатор ключа доступа к AWS. AWS_SECRET_ACCESS_KEY: "{{ .Values.minio.customAccessKey }}" # Ваш секретный ключ доступа AWS. OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC). @@ -21,23 +21,21 @@ global: # 2) Выполнить команду для генерации ключей # npx web-push generate-vapid-keys # 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY) - -yonoteDatabase: - global: - postgresql: - auth: - password: "wsGZ6kXhr5" - postgresPassword: "QQYw4UjOU" -# yonote-redis: # Если используете auth для redis -# auth: -# password: "12345678" +yonoteDatabase: + settings: + superuserPassword: "QQYw4UjOU" + userDatabase: + password: "wsGZ6kXhr5" + +yonote-redis: + args: + - "--user redis:redis" minio: - customAccessKey: "qwer-12314q-qwersa" - auth: - rootPassword: "qwettaas" + #customAccessKey: "qwer-12314q-qwersa" + rootPassword: "qwettaas" keycloak: auth: - adminPassword: "root" \ No newline at end of file + adminPassword: "root" diff --git a/yonote-chart-service/templates/mcJob.yaml b/yonote-chart-service/templates/mcJob.yaml index 787d6e6..4421c2b 100644 --- a/yonote-chart-service/templates/mcJob.yaml +++ b/yonote-chart-service/templates/mcJob.yaml @@ -13,22 +13,22 @@ spec: spec: containers: - name: mc-client - image: "docker.io/bitnami/minio-client:2024.8.13-debian-12-r0" + image: "quay.io/minio/mc:RELEASE.2024-12-18T13-15-44Z" command: ["/bin/sh", "-c"] args: - | - until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.auth.rootUser }} {{ .Values.minio.auth.rootPassword }}; do + until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.rootUser }} {{ .Values.minio.rootPassword }}; do echo "Waiting for MinIO to be ready..." sleep 5 done echo "MinIO is ready and alias is set." # Создание пользователя - if ! mc admin user add myminio {{ .Values.minio.customUser }} {{ .Values.minio.customAccessKey }}; then - echo "User {{ .Values.minio.customUser }} already exists or failed to create." - else - echo "User {{ .Values.minio.customUser }} created successfully." - fi + #if ! mc admin user add myminio {{ .Values.minio.customUser }} {{ .Values.minio.customAccessKey }}; then + # echo "User {{ .Values.minio.customUser }} already exists or failed to create." + #else + # echo "User {{ .Values.minio.customUser }} created successfully." + #fi # Назначение политики для нового пользователя cat < /tmp/minio-user-policy.json diff --git a/yonote-chart-service/values.yaml b/yonote-chart-service/values.yaml index 70f1645..289d5cd 100644 --- a/yonote-chart-service/values.yaml +++ b/yonote-chart-service/values.yaml @@ -476,7 +476,7 @@ yonote-collaboration: httpGet: path: /_health port: app - + livenessProbe: enabled: true failureThreshold: 6 @@ -490,103 +490,94 @@ yonote-collaboration: yonoteDatabase: enabled: true - global: - postgresql: - auth: - database: "yonote" - username: "yonote" + settings: + # Default postgres + # superuser: + + userDatabase: + name: yonote + user: yonote + name: yonote-database fullnameOverride: yonote-database nameOverride: yonote-database - - primary: - persistence: - size: 5Gi - resources: - limits: - cpu: 2 - memory: 8Gi - requests: - cpu: 500m - memory: 512Mi - extraVolumes: - - name: init-scripts - configMap: - name: postgres-init-scripts + storage: + requestedSize: 5Gi + #className: "" - extraVolumeMounts: - - name: init-scripts - mountPath: /docker-entrypoint-initdb.d - readOnly: true + resources: + limits: + cpu: 2 + memory: 8Gi + requests: + cpu: 500m + memory: 512Mi + + extraScripts: + - name: postgres-init-scripts yonote-redis: enabled: true fullnameOverride: yonote-redis nameOverride: redis - architecture: standalone - image: - tag: 7.2.0-debian-11-r0 - - auth: - enabled: false - - master: - persistence: - size: 5Gi - resources: - limits: - cpu: 1 - memory: 4Gi - requests: - cpu: 500m - memory: 512Mi - + + storage: + requestedSize: 5Gi + #className: "" + resources: + limits: + cpu: 1 + memory: 4Gi + requests: + cpu: 500m + memory: 512Mi + minio: enabled: true name: minio fullnameOverride: yonote-minio - customUser: yonote + #customUser: yonote nameOverride: yonote-minio - auth: - rootUser: admin + mode: standalone + rootUser: admin - image: - tag: 2024.8.3-debian-12-r1 + users: + - accessKey: console + secretKey: console123 + policy: readwrite persistence: enabled: true size: 5Gi - + #storageClass: "" + ingress: enabled: true - hostname: 's3.example.com' + hosts: 's3.example.com' ingressClassName: traefik path: '/' - pathType: ImplementationSpecific annotations: kubernetes.io/ingress.class: traefik # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете - extraTls: - - hosts: - - "s3.example.com" - secretName: "you_tls_secret" + tls: + - hosts: + - "s3.example.com" + secretName: "you_tls_secret" - apiIngress: + consoleIngress: enabled: true - hostname: 'api-s3.example.com' + hosts: 'api-s3.example.com' ingressClassName: traefik path: '/' - pathType: ImplementationSpecific - servicePort: minio-api annotations: kubernetes.io/ingress.class: traefik # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете - extraTls: - - hosts: - - "api-s3.example.com" - secretName: "api-s3.example.com" - + tls: + - hosts: + - "api-s3.example.com" + secretName: "api-s3.example.com" + resources: requests: memory: 512Mi @@ -601,7 +592,7 @@ mcJob: keycloak: fullnameOverride: yonote-keycloak nameOverride: yonote-keycloak - + auth: adminUser: root @@ -662,7 +653,7 @@ keycloak: requests: cpu: 250m memory: 256Mi - + postgresql: enabled: false -- 2.47.2 From 23ad2174abc1e252a519ff321a224191b29607a7 Mon Sep 17 00:00:00 2001 From: sarmstrong Date: Tue, 25 Nov 2025 11:29:04 +0300 Subject: [PATCH 02/11] work in progress --- yonote-chart-service/Chart.lock | 24 +- yonote-chart-service/Chart.yaml | 10 +- yonote-chart-service/secret-values.yaml | 30 +- .../templates/configmap-initdb.yaml | 11 +- yonote-chart-service/templates/cronjob.yaml | 34 -- yonote-chart-service/templates/mcJob.yaml | 2 +- .../templates/realm-configmap.yaml | 8 +- yonote-chart-service/values.yaml | 379 ++++++++++-------- 8 files changed, 270 insertions(+), 228 deletions(-) diff --git a/yonote-chart-service/Chart.lock b/yonote-chart-service/Chart.lock index a59078e..fe552e9 100644 --- a/yonote-chart-service/Chart.lock +++ b/yonote-chart-service/Chart.lock @@ -14,17 +14,17 @@ dependencies: - name: app repository: https://dysnix.github.io/charts version: 0.3.15 -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 11.6.6 +- name: postgres + repository: https://groundhog2k.github.io/helm-charts/ + version: 0.3.9 - name: redis - repository: https://charts.bitnami.com/bitnami - version: 16.12.1 + repository: https://groundhog2k.github.io/helm-charts/ + version: 0.7.0 - name: minio - repository: https://charts.bitnami.com/bitnami - version: 12.7.0 -- name: keycloak - repository: https://charts.bitnami.com/bitnami - version: 14.0.0 -digest: sha256:928723e189de54fafe19316743b8f9d08d7c74f9728b0c4afb1f5cd3ee1e83dc -generated: "2024-08-25T00:46:01.648512702+03:00" + repository: https://charts.min.io/ + version: 5.4.0 +- name: keycloakx + repository: https://codecentric.github.io/helm-charts + version: 1.3.2 +digest: sha256:ad0128ad6d526a8946d659481ec5dc19d1faf785919efbcc689a37ae80bc820e +generated: "2025-10-30T14:17:59.001901626+03:00" diff --git a/yonote-chart-service/Chart.yaml b/yonote-chart-service/Chart.yaml index 6256ecc..d8344f2 100644 --- a/yonote-chart-service/Chart.yaml +++ b/yonote-chart-service/Chart.yaml @@ -39,7 +39,7 @@ dependencies: version: "0.3.9" repository: https://groundhog2k.github.io/helm-charts/ condition: yonoteDatabase.enabled - alias: yonoteDatabase + alias: yonote-database - name: redis version: "0.7.0" @@ -48,11 +48,17 @@ dependencies: alias: yonote-redis - name: minio - version: "12.7.0" + version: "5.4.0" repository: https://charts.min.io/ condition: minio.enabled alias: minio +# - name: app +# version: "0.3.15" +# repository: https://artifacts.wilix.dev/repository/helm-dysnix +# condition: keycloak.enabled +# alias: keycloak + - name: keycloakx version: "1.3.2" repository: https://codecentric.github.io/helm-charts diff --git a/yonote-chart-service/secret-values.yaml b/yonote-chart-service/secret-values.yaml index a3e9229..20dbeac 100644 --- a/yonote-chart-service/secret-values.yaml +++ b/yonote-chart-service/secret-values.yaml @@ -3,26 +3,26 @@ global: config: secret: stringData: - DATABASE_URL: 'postgres://{{ .Values.yonoteDatabase.settings.userDatabase.user }}:{{ .Values.yonoteDatabase.settings.userDatabase.password }}@yonote-database:5432/{{ .Values.yonoteDatabase.settings.userDatabase.database }}' - POSTGRES_PASSWORD: "{{ .Values.yonoteDatabase.settings.superuserPassword.password }}" - AWS_ACCESS_KEY_ID: "{{ .Values.minio.customUser }}" # Ваш идентификатор ключа доступа к AWS. - AWS_SECRET_ACCESS_KEY: "{{ .Values.minio.customAccessKey }}" # Ваш секретный ключ доступа AWS. - OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC). + DATABASE_URL: 'postgres://yonote:wsGZ6kXhr5@cnpg-yonote-pg-rw:5432/yonote' + POSTGRES_PASSWORD: "QQYw4UjOU" + AWS_ACCESS_KEY_ID: "console" # Ваш идентификатор ключа доступа к AWS. + AWS_SECRET_ACCESS_KEY: "qwer-12314q-qwersa" # Ваш секретный ключ доступа AWS. + OIDC_CLIENT_SECRET: "iS3jOA3Z7zXBwSN8EzJm36ybz57JNgpR" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC). SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения. SMTP_PASSWORD: "1234" UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. TELEGRAM_BOT_TOKEN: "1234" - UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" - LICENSE_KEY: "qwerty-123456-zxcvb" # Обратитесь в отдел продаж для получения - SERVICE_WORKER_PUBLIC_KEY: "1234" + UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" + LICENSE_KEY: "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3NjAzNDA0NTYsImV4cCI6MTc2MzA2NzU5OX0.Umhd1az0qC8EXEiC8xvVuqrxG2oEePGGWa_RAYWgzSKavXy7qnaIn_pjK8J56UfP8nDLVC6rxgjPhs0g8bZfrDslYrzMuiWstUt5TDwFDfjZbqHvxzShkBZ5FUSM-qFD3qdGnfBucKdt046CY40_S0hlN3Rjl7WasnOZHnyTlHpbVeaFTwc8fsWL0IxBOxCF73F7hI4S7FC15ANwUD4WwKQDCGxYJ5ZTn5uYZII9WZ2wjWC-__xGEehZ7cHmwRAPcm471zEwkUY9sXRoMjITtTbtFkCChpp8BPC1zBUdWVPgtMqFnFbtjhtmDiCiQeebVqz9tjE_wgU6gBhNpJhXaA" # Обратитесь в отдел продаж для получения + SERVICE_WORKER_PUBLIC_KEY: "1234" SERVICE_WORKER_PRIVATE_KEY: "1234" # Генерация ключей (web-push) Service Worker - # 1) Установить Node.js и npm + # 1) Установить Node.js и npm # 2) Выполнить команду для генерации ключей # npx web-push generate-vapid-keys # 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY) -yonoteDatabase: +yonote-database: settings: superuserPassword: "QQYw4UjOU" userDatabase: @@ -33,9 +33,13 @@ yonote-redis: - "--user redis:redis" minio: - #customAccessKey: "qwer-12314q-qwersa" rootPassword: "qwettaas" keycloak: - auth: - adminPassword: "root" + database: + password: password1 + #secrets: + # secrets: + # stringData: + # KEYCLOAK_ADMIN_PASSWORD: secret + # KC_DB_PASSWORD: "password1" diff --git a/yonote-chart-service/templates/configmap-initdb.yaml b/yonote-chart-service/templates/configmap-initdb.yaml index 65c5c4a..05049e9 100644 --- a/yonote-chart-service/templates/configmap-initdb.yaml +++ b/yonote-chart-service/templates/configmap-initdb.yaml @@ -3,5 +3,12 @@ kind: ConfigMap metadata: name: postgres-init-scripts data: - init.sql: | - CREATE DATABASE "{{ .Values.keycloak.externalDatabase.database }}"; \ No newline at end of file + init-keycloak-db.sh: | + !/bin/bash + set -e + + psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL + CREATE DATABASE keycloak; + CREATE USER keycloaku WITH PASSWORD 'password1'; + GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloaku; + EOSQL diff --git a/yonote-chart-service/templates/cronjob.yaml b/yonote-chart-service/templates/cronjob.yaml index 60a2763..e0ca3e6 100644 --- a/yonote-chart-service/templates/cronjob.yaml +++ b/yonote-chart-service/templates/cronjob.yaml @@ -1,37 +1,3 @@ -{{- if eq ($.Values.global.yonote_cron_calendar_events.cron_enabled | toString) "true" }} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: cron-calendar-events -spec: - schedule: "*/1 * * * *" - jobTemplate: - spec: - template: - spec: - containers: - - name: cron-calendar-events - image: curlimages/curl - imagePullPolicy: IfNotPresent - envFrom: - - secretRef: - name: yonote-secrets - command: - - /bin/sh - - -c - - >- - date; - curl - -X POST - {{ .Values.global.yonote_cron_calendar_events.url }} - -H "Content-Type: application/json" - -d ' - { - "token": "$(UTILS_SECRET)" - } - ' - restartPolicy: OnFailure -{{- end }} --- {{- if eq ($.Values.global.yonote_cron_task_scheduler.cron_enabled | toString) "true" }} apiVersion: batch/v1 diff --git a/yonote-chart-service/templates/mcJob.yaml b/yonote-chart-service/templates/mcJob.yaml index 4421c2b..b079ab3 100644 --- a/yonote-chart-service/templates/mcJob.yaml +++ b/yonote-chart-service/templates/mcJob.yaml @@ -13,7 +13,7 @@ spec: spec: containers: - name: mc-client - image: "quay.io/minio/mc:RELEASE.2024-12-18T13-15-44Z" + image: "minio/mc:RELEASE.2025-01-17T23-25-50Z" command: ["/bin/sh", "-c"] args: - | diff --git a/yonote-chart-service/templates/realm-configmap.yaml b/yonote-chart-service/templates/realm-configmap.yaml index 11d7483..7b15b13 100644 --- a/yonote-chart-service/templates/realm-configmap.yaml +++ b/yonote-chart-service/templates/realm-configmap.yaml @@ -55,11 +55,11 @@ data: "redirectUris": [ "https://*.{{ .Values.global.yonote.baseListenAddress }}/*", "http://*.{{ .Values.global.yonote.baseListenAddress }}/*", - "http://app.{{ .Values.global.yonote.baseListenAddress }}/*", - "https://app.{{ .Values.global.yonote.baseListenAddress }}/*", - "https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*" + "http://team.{{ .Values.global.yonote.baseListenAddress }}/*", + "https://team.{{ .Values.global.yonote.baseListenAddress }}/*", + "https://team.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*" ], - "baseUrl": "https://app.{{ .Values.global.yonote.baseListenAddress }}", + "baseUrl": "https://team.{{ .Values.global.yonote.baseListenAddress }}", "enabled": true, "publicClient": false, "protocol": "openid-connect", diff --git a/yonote-chart-service/values.yaml b/yonote-chart-service/values.yaml index 289d5cd..932924e 100644 --- a/yonote-chart-service/values.yaml +++ b/yonote-chart-service/values.yaml @@ -2,40 +2,43 @@ global: name: yonote-app yonote: dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` - baseListenAddress: example.com # Доменный адрес для yonote + baseListenAddress: modo.lap # Доменный адрес для yonote config: plain: data: + DEBUG: http NODE_ENV: production FORCE_HTTPS: "false" PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL WEB_CONCURRENCY: "1" - + BIND_HOST: 0.0.0.0 # Хост по умолчанию PORT: "3000" # Порт по умолчанию - REDIS_URL: redis://yonote-redis-master:6379 + REDIS_URL: redis://yonote-redis:6379 DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию ENABLE_UPDATES: "false" - + AI_URL: "1234" AI_API_KEY: "1234" - URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения - COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать - + URL: 'https://{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения + COLLABORATION_URL: 'wss://{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать + + #DEPLOYMENT: 'hosted' + OIDC_DISPLAY_NAME: email OIDC_SCOPES: openid email OIDC_CLIENT_ID: yonote - OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему. - OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода. - OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены - OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена. + OIDC_AUTH_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему. + OIDC_LOGOUT_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода. + OIDC_TOKEN_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены + OIDC_USERINFO_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена. AWS_S3_ACL: private - AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.example.com' # Адрес API S3 хранилища + AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.modo.lap' # Адрес API S3 хранилища AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища AWS_REGION: "RU" AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища @@ -43,7 +46,7 @@ global: S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах. - SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд + SUBDOMAINS_ENABLED: "false" # Поддержка поддоменов для команд BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены @@ -53,20 +56,20 @@ global: RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4 - SMTP_HOST: "" + SMTP_HOST: "smtp.wilix.dev" SMTP_USERNAME: "" SMTP_FROM_EMAIL: "" SMTP_REPLY_EMAIL: "" - SMTP_PORT: "" + SMTP_PORT: "456" SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/ SMTP_REQUIRE_TLS: "" yonote_cron_calendar_events: - cron_enabled: "true" + cron_enabled: "false" url: http://yonote-web/api/cron.calendar_events yonote_cron_task_scheduler: - cron_enabled: "true" + cron_enabled: "false" url: http://yonote-web/api/cron.schedule ingress: @@ -75,59 +78,59 @@ ingress: namespace: yonote-onprem ingressClassName: traefik tls: - secretName: "you_tls_secret" - hosts: - - "app.example.com" - - "team.example.com" + secretName: "your-tls-secret" + hosts: + - "app.modo.lap" + - "modo.lap" rules: - - host: "app.example.com" - paths: - - path: / - pathType: Prefix - service: - name: yonote-web - port: 80 - - path: /realtime - pathType: Prefix - service: - name: yonote-websockets - port: 80 - - path: /whiteboard - pathType: Prefix - service: - name: yonote-whiteboard - port: 80 - - path: /collaboration - pathType: Prefix - service: - name: yonote-collaboration - port: 80 - - host: "team.example.com" - paths: - - path: / - pathType: Prefix - service: - name: yonote-web - port: 80 - - path: /realtime - pathType: Prefix - service: - name: yonote-websockets - port: 80 - - path: /whiteboard - pathType: Prefix - service: - name: yonote-whiteboard - port: 80 - - path: /collaboration - pathType: Prefix - service: - name: yonote-collaboration - port: 80 + - host: "app.modo.lap" + paths: + - path: / + pathType: Prefix + service: + name: yonote-web + port: 80 + - path: /realtime + pathType: Prefix + service: + name: yonote-websockets + port: 80 + - path: /whiteboard + pathType: Prefix + service: + name: yonote-whiteboard + port: 80 + - path: /collaboration + pathType: Prefix + service: + name: yonote-collaboration + port: 80 + - host: "modo.lap" + paths: + - path: / + pathType: Prefix + service: + name: yonote-web + port: 80 + - path: /realtime + pathType: Prefix + service: + name: yonote-websockets + port: 80 + - path: /whiteboard + pathType: Prefix + service: + name: yonote-whiteboard + port: 80 + - path: /collaboration + pathType: Prefix + service: + name: yonote-collaboration + port: 80 annotations: - # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете - + cert-manager.io/cluster-issuer: selfsigned-issuer # Если используете + yonote-web: fullnameOverride: yonote-web nameOverride: yonote-web @@ -136,7 +139,7 @@ yonote-web: image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.8 + tag: 1.22.11 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] @@ -166,17 +169,17 @@ yonote-web: requests: cpu: 200m memory: 256Mi - + containerPorts: - containerPort: 3000 name: app protocol: TCP - + service: type: ClusterIP port: 80 targetPort: app - + envFrom: - configMapRef: name: yonote-configs @@ -185,11 +188,11 @@ yonote-web: podLabels: redis-client: 'true' - + podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - + readinessProbe: enabled: true failureThreshold: 6 @@ -200,7 +203,7 @@ yonote-web: httpGet: path: /_health port: app - + livenessProbe: enabled: true failureThreshold: 6 @@ -216,13 +219,13 @@ yonote-websocket: fullnameOverride: yonote-websockets nameOverride: yonote-websockets name: websockets - + image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.8 + tag: 1.22.11 pullPolicy: IfNotPresent - + command: ["/bin/sh", "-c"] args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=websockets'] @@ -233,32 +236,32 @@ yonote-websocket: requests: cpu: 150m memory: 128Mi - + checksums: null - + envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets - + containerPorts: - containerPort: 3000 name: app protocol: TCP - + service: type: ClusterIP port: 80 targetPort: app - + podLabels: redis-client: 'true' - + podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - + readinessProbe: enabled: true failureThreshold: 6 @@ -269,7 +272,7 @@ yonote-websocket: httpGet: path: /_health port: app - + livenessProbe: enabled: true failureThreshold: 6 @@ -285,11 +288,11 @@ yonote-whiteboard: fullnameOverride: yonote-whiteboard nameOverride: yonote-whiteboard name: whiteboard - + image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.8 + tag: 1.22.11 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] @@ -327,7 +330,7 @@ yonote-whiteboard: podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - + readinessProbe: enabled: true failureThreshold: 6 @@ -338,7 +341,7 @@ yonote-whiteboard: httpGet: path: /_health port: app - + livenessProbe: enabled: true failureThreshold: 6 @@ -358,7 +361,7 @@ yonote-worker: image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.8 + tag: 1.22.11 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] @@ -396,7 +399,7 @@ yonote-worker: podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - + readinessProbe: enabled: true failureThreshold: 6 @@ -407,7 +410,7 @@ yonote-worker: httpGet: path: /_health port: app - + livenessProbe: enabled: true failureThreshold: 6 @@ -427,7 +430,7 @@ yonote-collaboration: image: registry: images.updates.yonote.ru repository: yonote - tag: 1.19.8 + tag: 1.22.11 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] @@ -452,20 +455,20 @@ yonote-collaboration: type: ClusterIP port: 80 targetPort: app - + envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets - + podLabels: redis-client: 'true' - + podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" - + readinessProbe: enabled: true failureThreshold: 6 @@ -488,9 +491,9 @@ yonote-collaboration: path: /_health port: app -yonoteDatabase: +yonote-database: enabled: true - settings: + #settings: # Default postgres # superuser: @@ -498,24 +501,22 @@ yonoteDatabase: name: yonote user: yonote - name: yonote-database fullnameOverride: yonote-database nameOverride: yonote-database storage: requestedSize: 5Gi - #className: "" + className: "microk8s-hostpath" resources: limits: cpu: 2 - memory: 8Gi + memory: 5Gi requests: cpu: 500m memory: 512Mi - extraScripts: - - name: postgres-init-scripts + extraScripts: postgres-init-scripts yonote-redis: enabled: true @@ -523,8 +524,8 @@ yonote-redis: nameOverride: redis storage: - requestedSize: 5Gi - #className: "" + requestedSize: 1Gi + className: "microk8s-hostpath" resources: limits: cpu: 1 @@ -544,39 +545,41 @@ minio: users: - accessKey: console - secretKey: console123 + secretKey: qwer-12314q-qwersa policy: readwrite persistence: enabled: true - size: 5Gi - #storageClass: "" + size: 1Gi + storageClass: "microk8s-hostpath" ingress: enabled: true - hosts: 's3.example.com' + hosts: + - s3.modo.lap ingressClassName: traefik path: '/' annotations: kubernetes.io/ingress.class: traefik - # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете - tls: - - hosts: - - "s3.example.com" - secretName: "you_tls_secret" + # cert-manager.io/cluster-issuer: letsencrypt.modo.lap # Если используете + #tls: + # - hosts: + # - "s3.modo.lap" + # secretName: "s3.modo.lap-tls" consoleIngress: enabled: true - hosts: 'api-s3.example.com' + hosts: + - api-s3.modo.lap ingressClassName: traefik path: '/' annotations: kubernetes.io/ingress.class: traefik - # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете - tls: - - hosts: - - "api-s3.example.com" - secretName: "api-s3.example.com" + # cert-manager.io/cluster-issuer: letsencrypt.modo.lap # Если используете + #tls: + # - hosts: + # - "api-s3.modo.lap" + # secretName: "api-s3.modo.lap" resources: requests: @@ -590,58 +593,106 @@ mcJob: enabled: true keycloak: + enabled: true fullnameOverride: yonote-keycloak nameOverride: yonote-keycloak - auth: - adminUser: root + image: + repository: quay.io/keycloak/keycloak #images.updates.yonote.ru/yonote-keycloak + tag: 19.0.3 - proxy: "edge" + args: + - start-dev #--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm - command: - - /bin/bash - - -c - - | - /opt/bitnami/keycloak/bin/kc.sh start --import-realm --hostname={{ .Values.ingress.hostname }} --hostname-strict=true --hostname-strict-backchannel=true --https-protocols=TLSv1.2 --proxy=edge --db postgres --db-url-host yonote-database --db-username postgres --db-password="$(DB_PASSWORD)" + cache: + stack: custom - extraEnvVars: - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: yonote-database - key: postgres-password + proxy: + enabled: "false" - extraVolumes: - - name: realm-export - configMap: - name: realm-export + extraEnv: | + #- name: KC_LOG_LEVEL + # value: DEBUG + - name: KEYCLOAK_ADMIN + value: root + #valueFrom: + # secretKeyRef: + # name: {{ include "keycloak.fullname" . }}-admin-creds + # key: user + - name: KEYCLOAK_ADMIN_PASSWORD + value: keycloakadmin + #valueFrom: + # secretKeyRef: + # name: {{ include "keycloak.fullname" . }}-admin-creds + # key: password + - name: BASENAME_FOR_SUBDOMAIN + value: modo.lap + - name: KC_HOSTNAME_STRICT + value: "false" + #- name: KC_HOSTNAME_ADMIN + # value: auth.modo.lap/admin + - name: KC_HOSTNAME + value: auth.modo.lap + - name: KC_HOSTNAME_STRICT_HTTPS + value: "false" + - name: KC_HOSTNAME_PATH + value: "/" + #- name: KC_DB_URL + # value: jdbc:postgresql://yonote-database:5432/keycloak + - name: KC_HTTP_ENABLED + value: "true" + #- name: KC_PROXY + # value: edge + #- name: JAVA_OPTS_APPEND + # value: -Djgroups.dns.query=keycloak-headless + #- name: KC_PROXY_HEADERS + # value: "xforwarded" + - name: PROXY_ADDRESS_FORWARDING + value: "true" - extraVolumeMounts: - - name: realm-export - mountPath: /opt/bitnami/keycloak/data/import/realm-export.json - subPath: realm-export.json +# extraVolumes: | +# - name: realm-export +# configMap: +# name: realm-export + +# extraVolumeMounts: | +# - name: realm-export +# mountPath: /opt/keycloak/data/import +# readOnly: true + + http: + relativePath: "/" ingress: enabled: true - hostname: auth.example.com + hostname: auth.modo.lap ingressClassName: traefik - tls: + tls: - hosts: - - "auth.example.com" - secretName: "auth.example.com-tls" + - "auth.modo.lap" + secretName: "auth.modo.lap-tls" annotations: kubernetes.io/ingress.class: traefik - # cert-manager.io/cluster-issuer: letsencrypt.example.com #Если используете + cert-manager.io/cluster-issuer: selfsigned-issuer #Если используете + #nginx.ingress.kubernetes.io/proxy-buffer-size: "256k" + #nginx.ingress.kubernetes.io/proxy-buffers: "8 256k" + #nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k" + #nginx.ingress.kubernetes.io/large-client-header-buffers: "8 256k" + #nginx.ingress.kubernetes.io/proxy-set-headers: | + # X-Forwarded-For: $proxy_protocol_addr + # X-Forwarded-Proto: $scheme + # Host: $host + #nginx.ingress.kubernetes.io/use-forwarded-headers: "true" rules: - - host: "auth.example.com" - paths: + - host: "auth.modo.lap" + paths: - path: / - pathType: Prefix + pathType: ImplementationSpecific service: name: yonote-keycloak port: http - path: /admin - pathType: Prefix + pathType: ImplementationSpecific service: name: yonote-keycloak port: http @@ -654,19 +705,27 @@ keycloak: cpu: 250m memory: 256Mi - postgresql: - enabled: false + dbchecker: + enabled: "true" - externalDatabase: - host: jdbc:postgresql://yonote-database + database: + vendor: postgres + hostname: yonote-database port: 5432 - user: postgres database: keycloak + username: keycloaku - livenessProbe: + livenessProbe: | + httpGet: + path: '{{ trimSuffix "/" .Values.http.relativePath}}/' + port: http initialDelaySeconds: 240 timeoutSeconds: 5 - readinessProbe: + # Readiness probe configuration + readinessProbe: | + httpGet: + path: '{{ trimSuffix "/" .Values.http.relativePath}}/realms/master' + port: http initialDelaySeconds: 120 - timeoutSeconds: 5 + timeoutSeconds: 1 -- 2.47.2 From 0a7499c37375661d53d479e60435829a21b21997 Mon Sep 17 00:00:00 2001 From: sarmstrong Date: Tue, 2 Dec 2025 08:29:58 +0300 Subject: [PATCH 03/11] . --- yonote-chart-service/secret-values.yaml | 2 +- yonote-chart-service/values.yaml | 78 ++++++++++++------------- 2 files changed, 40 insertions(+), 40 deletions(-) diff --git a/yonote-chart-service/secret-values.yaml b/yonote-chart-service/secret-values.yaml index 20dbeac..6ba5ca9 100644 --- a/yonote-chart-service/secret-values.yaml +++ b/yonote-chart-service/secret-values.yaml @@ -3,7 +3,7 @@ global: config: secret: stringData: - DATABASE_URL: 'postgres://yonote:wsGZ6kXhr5@cnpg-yonote-pg-rw:5432/yonote' + DATABASE_URL: 'postgres://yonote:wsGZ6kXhr5@yonote-database:5432/yonote' POSTGRES_PASSWORD: "QQYw4UjOU" AWS_ACCESS_KEY_ID: "console" # Ваш идентификатор ключа доступа к AWS. AWS_SECRET_ACCESS_KEY: "qwer-12314q-qwersa" # Ваш секретный ключ доступа AWS. diff --git a/yonote-chart-service/values.yaml b/yonote-chart-service/values.yaml index 932924e..bdf3a8e 100644 --- a/yonote-chart-service/values.yaml +++ b/yonote-chart-service/values.yaml @@ -2,7 +2,7 @@ global: name: yonote-app yonote: dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` - baseListenAddress: modo.lap # Доменный адрес для yonote + baseListenAddress: onprem-test.stands.wilix.dev # Доменный адрес для yonote config: plain: @@ -24,21 +24,21 @@ global: AI_URL: "1234" AI_API_KEY: "1234" - URL: 'https://{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения - COLLABORATION_URL: 'wss://{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать + URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения + COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать #DEPLOYMENT: 'hosted' OIDC_DISPLAY_NAME: email OIDC_SCOPES: openid email OIDC_CLIENT_ID: yonote - OIDC_AUTH_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему. - OIDC_LOGOUT_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода. - OIDC_TOKEN_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены - OIDC_USERINFO_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена. + OIDC_AUTH_URI: 'https://auth.onprem-test.stands.wilix.dev/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему. + OIDC_LOGOUT_URI: 'https://auth.onprem-test.stands.wilix.dev/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода. + OIDC_TOKEN_URI: 'https://auth.onprem-test.stands.wilix.dev/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены + OIDC_USERINFO_URI: 'https://auth.onprem-test.stands.wilix.dev/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена. AWS_S3_ACL: private - AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.modo.lap' # Адрес API S3 хранилища + AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.onprem-test.stands.wilix.dev' # Адрес API S3 хранилища AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища AWS_REGION: "RU" AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища @@ -46,7 +46,7 @@ global: S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах. - SUBDOMAINS_ENABLED: "false" # Поддержка поддоменов для команд + SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены @@ -78,12 +78,12 @@ ingress: namespace: yonote-onprem ingressClassName: traefik tls: - secretName: "your-tls-secret" + secretName: "app.onprem-test.stands.wilix.dev-tls" hosts: - - "app.modo.lap" - - "modo.lap" + - "app.onprem-test.stands.wilix.dev" + - "team.onprem-test.stands.wilix.dev" rules: - - host: "app.modo.lap" + - host: "app.onprem-test.stands.wilix.dev" paths: - path: / pathType: Prefix @@ -105,7 +105,7 @@ ingress: service: name: yonote-collaboration port: 80 - - host: "modo.lap" + - host: "team.onprem-test.stands.wilix.dev" paths: - path: / pathType: Prefix @@ -129,7 +129,7 @@ ingress: port: 80 annotations: - cert-manager.io/cluster-issuer: selfsigned-issuer # Если используете + cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете yonote-web: fullnameOverride: yonote-web @@ -506,7 +506,7 @@ yonote-database: storage: requestedSize: 5Gi - className: "microk8s-hostpath" + className: "longhorn" resources: limits: @@ -525,7 +525,7 @@ yonote-redis: storage: requestedSize: 1Gi - className: "microk8s-hostpath" + className: "longhorn" resources: limits: cpu: 1 @@ -551,35 +551,35 @@ minio: persistence: enabled: true size: 1Gi - storageClass: "microk8s-hostpath" + storageClass: "longhorn" ingress: enabled: true hosts: - - s3.modo.lap + - s3.onprem-test.stands.wilix.dev ingressClassName: traefik path: '/' annotations: kubernetes.io/ingress.class: traefik - # cert-manager.io/cluster-issuer: letsencrypt.modo.lap # Если используете - #tls: - # - hosts: - # - "s3.modo.lap" - # secretName: "s3.modo.lap-tls" + cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете + tls: + - hosts: + - "s3.onprem-test.stands.wilix.dev" + secretName: "s3.onprem-test.stands.wilix.dev-tls" consoleIngress: enabled: true hosts: - - api-s3.modo.lap + - api-s3.onprem-test.stands.wilix.dev ingressClassName: traefik path: '/' annotations: kubernetes.io/ingress.class: traefik - # cert-manager.io/cluster-issuer: letsencrypt.modo.lap # Если используете - #tls: - # - hosts: - # - "api-s3.modo.lap" - # secretName: "api-s3.modo.lap" + cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете + tls: + - hosts: + - "api-s3.onprem-test.stands.wilix.dev" + secretName: "api-s3.onprem-test.stands.wilix.dev" resources: requests: @@ -620,19 +620,19 @@ keycloak: # name: {{ include "keycloak.fullname" . }}-admin-creds # key: user - name: KEYCLOAK_ADMIN_PASSWORD - value: keycloakadmin + value: ropoMBhQB1jwfr5y37u0GzaYmOwmXdDeFfjGC2 #valueFrom: # secretKeyRef: # name: {{ include "keycloak.fullname" . }}-admin-creds # key: password - name: BASENAME_FOR_SUBDOMAIN - value: modo.lap + value: onprem-test.stands.wilix.dev - name: KC_HOSTNAME_STRICT value: "false" #- name: KC_HOSTNAME_ADMIN - # value: auth.modo.lap/admin + # value: auth.onprem-test.stands.wilix.dev/admin - name: KC_HOSTNAME - value: auth.modo.lap + value: auth.onprem-test.stands.wilix.dev - name: KC_HOSTNAME_STRICT_HTTPS value: "false" - name: KC_HOSTNAME_PATH @@ -665,15 +665,15 @@ keycloak: ingress: enabled: true - hostname: auth.modo.lap + hostname: auth.onprem-test.stands.wilix.dev ingressClassName: traefik tls: - hosts: - - "auth.modo.lap" - secretName: "auth.modo.lap-tls" + - "auth.onprem-test.stands.wilix.dev" + secretName: "auth.onprem-test.stands.wilix.dev-tls" annotations: kubernetes.io/ingress.class: traefik - cert-manager.io/cluster-issuer: selfsigned-issuer #Если используете + cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev #Если используете #nginx.ingress.kubernetes.io/proxy-buffer-size: "256k" #nginx.ingress.kubernetes.io/proxy-buffers: "8 256k" #nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k" @@ -684,7 +684,7 @@ keycloak: # Host: $host #nginx.ingress.kubernetes.io/use-forwarded-headers: "true" rules: - - host: "auth.modo.lap" + - host: "auth.onprem-test.stands.wilix.dev" paths: - path: / pathType: ImplementationSpecific -- 2.47.2 From 214f94f8b5ca0b2f400245c3bfbcd23e8aae5d76 Mon Sep 17 00:00:00 2001 From: sarmstrong Date: Wed, 3 Dec 2025 13:14:37 +0300 Subject: [PATCH 04/11] Chart version 2.0.0 - no Bitnami --- yonote-chart-service/Chart.yaml | 8 +- yonote-chart-service/secret-values.yaml | 13 +- .../templates/realm-configmap.yaml | 169 ------------------ yonote-chart-service/values.yaml | 123 +++++-------- 4 files changed, 54 insertions(+), 259 deletions(-) delete mode 100644 yonote-chart-service/templates/realm-configmap.yaml diff --git a/yonote-chart-service/Chart.yaml b/yonote-chart-service/Chart.yaml index d8344f2..1d43c99 100644 --- a/yonote-chart-service/Chart.yaml +++ b/yonote-chart-service/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: yonote-chart -version: 1.3.0 +version: 2.0.0 description: Generic application Helm chart. This chart includes multiple dependencies. The base of this chart is derived from the Dysnix app chart. @@ -53,12 +53,6 @@ dependencies: condition: minio.enabled alias: minio -# - name: app -# version: "0.3.15" -# repository: https://artifacts.wilix.dev/repository/helm-dysnix -# condition: keycloak.enabled -# alias: keycloak - - name: keycloakx version: "1.3.2" repository: https://codecentric.github.io/helm-charts diff --git a/yonote-chart-service/secret-values.yaml b/yonote-chart-service/secret-values.yaml index 6ba5ca9..388175c 100644 --- a/yonote-chart-service/secret-values.yaml +++ b/yonote-chart-service/secret-values.yaml @@ -13,7 +13,7 @@ global: UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. TELEGRAM_BOT_TOKEN: "1234" UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" - LICENSE_KEY: "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3NjAzNDA0NTYsImV4cCI6MTc2MzA2NzU5OX0.Umhd1az0qC8EXEiC8xvVuqrxG2oEePGGWa_RAYWgzSKavXy7qnaIn_pjK8J56UfP8nDLVC6rxgjPhs0g8bZfrDslYrzMuiWstUt5TDwFDfjZbqHvxzShkBZ5FUSM-qFD3qdGnfBucKdt046CY40_S0hlN3Rjl7WasnOZHnyTlHpbVeaFTwc8fsWL0IxBOxCF73F7hI4S7FC15ANwUD4WwKQDCGxYJ5ZTn5uYZII9WZ2wjWC-__xGEehZ7cHmwRAPcm471zEwkUY9sXRoMjITtTbtFkCChpp8BPC1zBUdWVPgtMqFnFbtjhtmDiCiQeebVqz9tjE_wgU6gBhNpJhXaA" # Обратитесь в отдел продаж для получения + LICENSE_KEY: "" # Обратитесь в отдел продаж для получения SERVICE_WORKER_PUBLIC_KEY: "1234" SERVICE_WORKER_PRIVATE_KEY: "1234" # Генерация ключей (web-push) Service Worker @@ -38,8 +38,9 @@ minio: keycloak: database: password: password1 - #secrets: - # secrets: - # stringData: - # KEYCLOAK_ADMIN_PASSWORD: secret - # KC_DB_PASSWORD: "password1" + secrets: + secrets: + stringData: + KEYCLOAK_ADMIN_PASSWORD: secret + KC_DB_PASSWORD: "password1" + OIDC_CLIENT_SECRET: "iS3jOA3Z7zXBwSN8EzJm36ybz57JNgpR" diff --git a/yonote-chart-service/templates/realm-configmap.yaml b/yonote-chart-service/templates/realm-configmap.yaml deleted file mode 100644 index 7b15b13..0000000 --- a/yonote-chart-service/templates/realm-configmap.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: realm-export -data: - realm-export.json: | - { - "realm": "yonote", - "enabled": true, - "notBefore": 1647809856, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "sslRequired": "external", - "registrationAllowed": true, - "registrationEmailAsUsername": true, - "rememberMe": true, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "clients": [ - { - "clientId": "{{ .Values.global.yonote.config.plain.data.OIDC_CLIENT_ID }}", - "secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}", - "redirectUris": [ - "https://*.{{ .Values.global.yonote.baseListenAddress }}/*", - "http://*.{{ .Values.global.yonote.baseListenAddress }}/*", - "http://team.{{ .Values.global.yonote.baseListenAddress }}/*", - "https://team.{{ .Values.global.yonote.baseListenAddress }}/*", - "https://team.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*" - ], - "baseUrl": "https://team.{{ .Values.global.yonote.baseListenAddress }}", - "enabled": true, - "publicClient": false, - "protocol": "openid-connect", - "attributes": { - "client.secret": "{{ .Values.global.yonote.config.secret.stringData.OIDC_CLIENT_SECRET }}", - "display.on.consent.screen": "true" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "protocolMappers": [ - { - "name": "oidc-display-name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": ["openid", "email"] - } - ], - "identityProviders": [], - "internationalizationEnabled": true, - "clientScopes": [ - { - "name": "openid", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "{{ .Values.global.yonote.config.plain.data.OIDC_DISPLAY_NAME }}" - }, - "protocolMappers": [] - }, - { - "name": "email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "56fe6d23-690a-465c-bc36-99bff8fef6eb", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "2c6acd0e-b776-48f5-9c3b-7bfdbbe712dc", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - } - ], - "browserSecurityHeaders": { - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';" - }, - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": ["ES256"], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "smtpServer": {} - } \ No newline at end of file diff --git a/yonote-chart-service/values.yaml b/yonote-chart-service/values.yaml index bdf3a8e..ad7486d 100644 --- a/yonote-chart-service/values.yaml +++ b/yonote-chart-service/values.yaml @@ -2,7 +2,7 @@ global: name: yonote-app yonote: dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` - baseListenAddress: onprem-test.stands.wilix.dev # Доменный адрес для yonote + baseListenAddress: example.com # Доменный адрес для yonote config: plain: @@ -32,13 +32,13 @@ global: OIDC_DISPLAY_NAME: email OIDC_SCOPES: openid email OIDC_CLIENT_ID: yonote - OIDC_AUTH_URI: 'https://auth.onprem-test.stands.wilix.dev/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему. - OIDC_LOGOUT_URI: 'https://auth.onprem-test.stands.wilix.dev/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода. - OIDC_TOKEN_URI: 'https://auth.onprem-test.stands.wilix.dev/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены - OIDC_USERINFO_URI: 'https://auth.onprem-test.stands.wilix.dev/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена. + OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему. + OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода. + OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены + OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена. AWS_S3_ACL: private - AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.onprem-test.stands.wilix.dev' # Адрес API S3 хранилища + AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.example.com' # Адрес API S3 хранилища AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища AWS_REGION: "RU" AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища @@ -78,12 +78,12 @@ ingress: namespace: yonote-onprem ingressClassName: traefik tls: - secretName: "app.onprem-test.stands.wilix.dev-tls" + secretName: "example.com-tls" hosts: - - "app.onprem-test.stands.wilix.dev" - - "team.onprem-test.stands.wilix.dev" + - "app.example.com" + - "team.example.com" rules: - - host: "app.onprem-test.stands.wilix.dev" + - host: "app.example.com" paths: - path: / pathType: Prefix @@ -105,7 +105,7 @@ ingress: service: name: yonote-collaboration port: 80 - - host: "team.onprem-test.stands.wilix.dev" + - host: "team.example.com" paths: - path: / pathType: Prefix @@ -128,8 +128,8 @@ ingress: name: yonote-collaboration port: 80 - annotations: - cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете + #annotations: + # cert-manager.io/cluster-issuer: # Если используете yonote-web: fullnameOverride: yonote-web @@ -147,7 +147,7 @@ yonote-web: initContainers: - name: yonote-migration - image: images.updates.yonote.ru/yonote:1.19.8 + image: images.updates.yonote.ru/yonote:1.22.11 imagePullPolicy: IfNotPresent command: - /bin/sh @@ -506,7 +506,7 @@ yonote-database: storage: requestedSize: 5Gi - className: "longhorn" + className: "" resources: limits: @@ -525,7 +525,7 @@ yonote-redis: storage: requestedSize: 1Gi - className: "longhorn" + className: "" resources: limits: cpu: 1 @@ -538,7 +538,6 @@ minio: enabled: true name: minio fullnameOverride: yonote-minio - #customUser: yonote nameOverride: yonote-minio mode: standalone rootUser: admin @@ -550,36 +549,38 @@ minio: persistence: enabled: true + annotations: + helm.sh/resource-policy: keep size: 1Gi - storageClass: "longhorn" + storageClass: "" ingress: enabled: true hosts: - - s3.onprem-test.stands.wilix.dev + - s3.example.com ingressClassName: traefik path: '/' annotations: kubernetes.io/ingress.class: traefik - cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете + #cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете tls: - hosts: - - "s3.onprem-test.stands.wilix.dev" - secretName: "s3.onprem-test.stands.wilix.dev-tls" + - "s3.example.com" + secretName: "example.com-tls" consoleIngress: enabled: true hosts: - - api-s3.onprem-test.stands.wilix.dev + - api-s3.example.com ingressClassName: traefik path: '/' annotations: kubernetes.io/ingress.class: traefik - cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете + #cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете tls: - hosts: - - "api-s3.onprem-test.stands.wilix.dev" - secretName: "api-s3.onprem-test.stands.wilix.dev" + - "api-s3.example.com" + secretName: "example.com-tls" resources: requests: @@ -598,11 +599,11 @@ keycloak: nameOverride: yonote-keycloak image: - repository: quay.io/keycloak/keycloak #images.updates.yonote.ru/yonote-keycloak - tag: 19.0.3 + repository: images.updates.yonote.ru/yonote-keycloak + tag: latest args: - - start-dev #--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm + - start-dev --spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm cache: stack: custom @@ -611,80 +612,48 @@ keycloak: enabled: "false" extraEnv: | - #- name: KC_LOG_LEVEL - # value: DEBUG - name: KEYCLOAK_ADMIN - value: root - #valueFrom: - # secretKeyRef: - # name: {{ include "keycloak.fullname" . }}-admin-creds - # key: user + valueFrom: + secretKeyRef: + name: {{ include "keycloak.fullname" . }}-admin-creds + key: user - name: KEYCLOAK_ADMIN_PASSWORD - value: ropoMBhQB1jwfr5y37u0GzaYmOwmXdDeFfjGC2 - #valueFrom: - # secretKeyRef: - # name: {{ include "keycloak.fullname" . }}-admin-creds - # key: password + valueFrom: + secretKeyRef: + name: {{ include "keycloak.fullname" . }}-admin-creds + key: password - name: BASENAME_FOR_SUBDOMAIN - value: onprem-test.stands.wilix.dev + value: example.com - name: KC_HOSTNAME_STRICT value: "false" - #- name: KC_HOSTNAME_ADMIN - # value: auth.onprem-test.stands.wilix.dev/admin - name: KC_HOSTNAME - value: auth.onprem-test.stands.wilix.dev + value: auth.example.com - name: KC_HOSTNAME_STRICT_HTTPS value: "false" - name: KC_HOSTNAME_PATH value: "/" - #- name: KC_DB_URL - # value: jdbc:postgresql://yonote-database:5432/keycloak - name: KC_HTTP_ENABLED value: "true" - #- name: KC_PROXY - # value: edge - #- name: JAVA_OPTS_APPEND - # value: -Djgroups.dns.query=keycloak-headless - #- name: KC_PROXY_HEADERS - # value: "xforwarded" - name: PROXY_ADDRESS_FORWARDING value: "true" -# extraVolumes: | -# - name: realm-export -# configMap: -# name: realm-export - -# extraVolumeMounts: | -# - name: realm-export -# mountPath: /opt/keycloak/data/import -# readOnly: true - http: relativePath: "/" ingress: enabled: true - hostname: auth.onprem-test.stands.wilix.dev + hostname: auth.example.com ingressClassName: traefik tls: - hosts: - - "auth.onprem-test.stands.wilix.dev" - secretName: "auth.onprem-test.stands.wilix.dev-tls" + - "auth.example.com" + secretName: "example.com-tls" annotations: kubernetes.io/ingress.class: traefik - cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev #Если используете - #nginx.ingress.kubernetes.io/proxy-buffer-size: "256k" - #nginx.ingress.kubernetes.io/proxy-buffers: "8 256k" - #nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k" - #nginx.ingress.kubernetes.io/large-client-header-buffers: "8 256k" - #nginx.ingress.kubernetes.io/proxy-set-headers: | - # X-Forwarded-For: $proxy_protocol_addr - # X-Forwarded-Proto: $scheme - # Host: $host - #nginx.ingress.kubernetes.io/use-forwarded-headers: "true" + #cert-manager.io/cluster-issuer: #Если используете + rules: - - host: "auth.onprem-test.stands.wilix.dev" + - host: "auth.example.com" paths: - path: / pathType: ImplementationSpecific -- 2.47.2 From 854ed6da5fd402aa7f4d5cdcc5bf54c6252f12e2 Mon Sep 17 00:00:00 2001 From: sarmstrong Date: Thu, 4 Dec 2025 11:43:13 +0300 Subject: [PATCH 05/11] Bitnami removed. --- yonote-chart-service/secret-values.yaml | 1 - yonote-chart-service/values.yaml | 14 ++++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/yonote-chart-service/secret-values.yaml b/yonote-chart-service/secret-values.yaml index 388175c..ca3aed9 100644 --- a/yonote-chart-service/secret-values.yaml +++ b/yonote-chart-service/secret-values.yaml @@ -42,5 +42,4 @@ keycloak: secrets: stringData: KEYCLOAK_ADMIN_PASSWORD: secret - KC_DB_PASSWORD: "password1" OIDC_CLIENT_SECRET: "iS3jOA3Z7zXBwSN8EzJm36ybz57JNgpR" diff --git a/yonote-chart-service/values.yaml b/yonote-chart-service/values.yaml index ad7486d..8ac887f 100644 --- a/yonote-chart-service/values.yaml +++ b/yonote-chart-service/values.yaml @@ -613,15 +613,17 @@ keycloak: extraEnv: | - name: KEYCLOAK_ADMIN - valueFrom: - secretKeyRef: - name: {{ include "keycloak.fullname" . }}-admin-creds - key: user + value: root - name: KEYCLOAK_ADMIN_PASSWORD valueFrom: secretKeyRef: - name: {{ include "keycloak.fullname" . }}-admin-creds - key: password + name: {{ include "keycloak.fullname" . }}-secrets + key: KEYCLOAK_ADMIN_PASSWORD + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ include "keycloak.fullname" . }}-secrets + key: OIDC_CLIENT_SECRET - name: BASENAME_FOR_SUBDOMAIN value: example.com - name: KC_HOSTNAME_STRICT -- 2.47.2 From a9f9703eaa97286141587b52df7b47a2c61d66c5 Mon Sep 17 00:00:00 2001 From: sarmstrong Date: Fri, 5 Dec 2025 09:55:47 +0300 Subject: [PATCH 06/11] Minio bucket and user policy fixes. --- README.md | 8 ++++++++ yonote-chart-service/Chart.yaml | 2 +- yonote-chart-service/secret-values.yaml | 8 ++++---- yonote-chart-service/values.yaml | 16 ++++++++++++++-- 4 files changed, 27 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index c7b3338..297e304 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,14 @@ helm install app -f values.yaml -f secret-values.yaml -n yonote-onprem . ``` После выполнения команды начнётся установка приложения и всех дополнительных сервисов к нему. Остаётся только подождать, пока все сервисы запустятся. +### 5. Keycloak + +"http://app.{{ .Values.global.yonote.baseListenAddress }}/*", +"https://app.{{ .Values.global.yonote.baseListenAddress }}/*", +"https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*" + + + ### Обратная связь Если у вас есть вопросы или вам нужна помощь, пишите на email: hello@yonote.ru \ No newline at end of file diff --git a/yonote-chart-service/Chart.yaml b/yonote-chart-service/Chart.yaml index 1d43c99..e9185b4 100644 --- a/yonote-chart-service/Chart.yaml +++ b/yonote-chart-service/Chart.yaml @@ -38,7 +38,7 @@ dependencies: - name: postgres version: "0.3.9" repository: https://groundhog2k.github.io/helm-charts/ - condition: yonoteDatabase.enabled + condition: yonote-database.enabled alias: yonote-database - name: redis diff --git a/yonote-chart-service/secret-values.yaml b/yonote-chart-service/secret-values.yaml index ca3aed9..e822f30 100644 --- a/yonote-chart-service/secret-values.yaml +++ b/yonote-chart-service/secret-values.yaml @@ -3,9 +3,9 @@ global: config: secret: stringData: - DATABASE_URL: 'postgres://yonote:wsGZ6kXhr5@yonote-database:5432/yonote' - POSTGRES_PASSWORD: "QQYw4UjOU" - AWS_ACCESS_KEY_ID: "console" # Ваш идентификатор ключа доступа к AWS. + DATABASE_URL: 'postgres://yonote:yonotedbpassword@yonote-database:5432/yonote' + POSTGRES_PASSWORD: "yonotedbpassword" + AWS_ACCESS_KEY_ID: "qwer-12314q" # Ваш идентификатор ключа доступа к AWS. AWS_SECRET_ACCESS_KEY: "qwer-12314q-qwersa" # Ваш секретный ключ доступа AWS. OIDC_CLIENT_SECRET: "iS3jOA3Z7zXBwSN8EzJm36ybz57JNgpR" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC). SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения. @@ -37,7 +37,7 @@ minio: keycloak: database: - password: password1 + password: keycloakdbpassword secrets: secrets: stringData: diff --git a/yonote-chart-service/values.yaml b/yonote-chart-service/values.yaml index 8ac887f..105e429 100644 --- a/yonote-chart-service/values.yaml +++ b/yonote-chart-service/values.yaml @@ -542,10 +542,20 @@ minio: mode: standalone rootUser: admin + policies: + - name: yonote_user_policy + statements: + - resources: + - 'arn:aws:s3:::yonote-bucket/*' + actions: + - "s3:GetObject" + - "s3:PutObject" + - "s3:DeleteObject" + users: - accessKey: console secretKey: qwer-12314q-qwersa - policy: readwrite + policy: yonote_user_policy persistence: enabled: true @@ -592,6 +602,8 @@ minio: mcJob: enabled: true + # If the AWS_S3_UPLOAD_BUCKET_NAME, under global.yonote.config is changed, then it is reuqired to change the templates/mcjob.yaml. + # Replace yonote-bucket with the new AWS_S3_UPLOAD_BUCKET_NAME value. keycloak: enabled: true @@ -684,7 +696,7 @@ keycloak: hostname: yonote-database port: 5432 database: keycloak - username: keycloaku + username: keycloak livenessProbe: | httpGet: -- 2.47.2 From 5adbdbdceeabd8e90572e61489e9e769c978dbeb Mon Sep 17 00:00:00 2001 From: sarmstrong Date: Fri, 5 Dec 2025 09:56:49 +0300 Subject: [PATCH 07/11] . --- .../templates/configmap-initdb.yaml | 6 ++-- yonote-chart-service/templates/mcJob.yaml | 35 ------------------- 2 files changed, 3 insertions(+), 38 deletions(-) diff --git a/yonote-chart-service/templates/configmap-initdb.yaml b/yonote-chart-service/templates/configmap-initdb.yaml index 05049e9..071fc8a 100644 --- a/yonote-chart-service/templates/configmap-initdb.yaml +++ b/yonote-chart-service/templates/configmap-initdb.yaml @@ -8,7 +8,7 @@ data: set -e psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL - CREATE DATABASE keycloak; - CREATE USER keycloaku WITH PASSWORD 'password1'; - GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloaku; + CREATE DATABASE {{ .Values.keycloak.database.database }}; + CREATE USER {{ .Values.keycloak.database.username }} WITH PASSWORD '{{ .Values.keycloak.database.password }}'; + GRANT ALL PRIVILEGES ON DATABASE keycloak TO {{ .Values.keycloak.database.username }}; EOSQL diff --git a/yonote-chart-service/templates/mcJob.yaml b/yonote-chart-service/templates/mcJob.yaml index b079ab3..7f5fbf4 100644 --- a/yonote-chart-service/templates/mcJob.yaml +++ b/yonote-chart-service/templates/mcJob.yaml @@ -23,38 +23,6 @@ spec: done echo "MinIO is ready and alias is set." - # Создание пользователя - #if ! mc admin user add myminio {{ .Values.minio.customUser }} {{ .Values.minio.customAccessKey }}; then - # echo "User {{ .Values.minio.customUser }} already exists or failed to create." - #else - # echo "User {{ .Values.minio.customUser }} created successfully." - #fi - - # Назначение политики для нового пользователя - cat < /tmp/minio-user-policy.json - { - "Version": "2012-10-17", - "Statement": [ - { - "Sid": "VisualEditor", - "Effect": "Allow", - "Action": [ - "s3:DeleteObject", - "s3:GetObject", - "s3:PutObject" - ], - "Resource": [ - "arn:aws:s3:::yonote-bucket/*" - ] - } - ] - } - EOF - echo "User policy JSON file created." - - mc admin policy create myminio yonote-policy /tmp/minio-user-policy.json - echo "User policy created and applied." - # Создание бакета if ! mc ls myminio/yonote-bucket; then mc mb myminio/yonote-bucket @@ -104,9 +72,6 @@ spec: mc anonymous set-json /tmp/minio-bucket-policy.json myminio/yonote-bucket echo "Bucket policy applied." - mc admin policy attach myminio yonote-policy --user={{ .Values.minio.customUser }} - echo "Policy attached to user {{ .Values.minio.customUser }}." - resources: requests: memory: "128Mi" -- 2.47.2 From 03d9b1156d5abbf4e554b47589102c5085ce80a1 Mon Sep 17 00:00:00 2001 From: sarmstrong Date: Fri, 5 Dec 2025 16:03:34 +0300 Subject: [PATCH 08/11] Refactor the chart for ease of use. --- yonote-chart-service/Chart.yaml | 8 ++++---- yonote-chart-service/secret-values.yaml | 14 +++++++------- yonote-chart-service/templates/mcJob.yaml | 14 +++++++------- yonote-chart-service/values.yaml | 16 +++++++--------- 4 files changed, 25 insertions(+), 27 deletions(-) diff --git a/yonote-chart-service/Chart.yaml b/yonote-chart-service/Chart.yaml index e9185b4..f454093 100644 --- a/yonote-chart-service/Chart.yaml +++ b/yonote-chart-service/Chart.yaml @@ -38,14 +38,14 @@ dependencies: - name: postgres version: "0.3.9" repository: https://groundhog2k.github.io/helm-charts/ - condition: yonote-database.enabled - alias: yonote-database + condition: postgres.enabled + alias: postgres - name: redis version: "0.7.0" repository: https://groundhog2k.github.io/helm-charts/ - condition: yonote-redis.enabled - alias: yonote-redis + condition: redis.enabled + alias: redis - name: minio version: "5.4.0" diff --git a/yonote-chart-service/secret-values.yaml b/yonote-chart-service/secret-values.yaml index e822f30..6c1b8ae 100644 --- a/yonote-chart-service/secret-values.yaml +++ b/yonote-chart-service/secret-values.yaml @@ -3,17 +3,17 @@ global: config: secret: stringData: - DATABASE_URL: 'postgres://yonote:yonotedbpassword@yonote-database:5432/yonote' - POSTGRES_PASSWORD: "yonotedbpassword" - AWS_ACCESS_KEY_ID: "qwer-12314q" # Ваш идентификатор ключа доступа к AWS. + DATABASE_URL: 'postgres://{{ .Values.postgres.userDatabase.user }}:{{ .Values.postgres.userDatabase.password }}@yonote-database:5432/{{ .Values.postgres.userDatabase.name }}' + POSTGRES_PASSWORD: "{{ .Values.postgres.userDatabase.password }}" + AWS_ACCESS_KEY_ID: "qwer12314q" # Ваш идентификатор ключа доступа к AWS. AWS_SECRET_ACCESS_KEY: "qwer-12314q-qwersa" # Ваш секретный ключ доступа AWS. - OIDC_CLIENT_SECRET: "iS3jOA3Z7zXBwSN8EzJm36ybz57JNgpR" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC). + OIDC_CLIENT_SECRET: "{{ .Values.keycloak.secrets.secrets.stringData.OIDC_CLIENT_SECRET }}" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC). SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения. SMTP_PASSWORD: "1234" UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. TELEGRAM_BOT_TOKEN: "1234" UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" - LICENSE_KEY: "" # Обратитесь в отдел продаж для получения + LICENSE_KEY: "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3NjMzNzcyMzEsImV4cCI6MTc2NjAwNTE5OX0.ScoKz_92655mNni1yxJb8hZ8aa4apeJpNQHC-ncs7tnytSi7rFkoMc4W6YGjVYSxCaoCEiGOx1VOfdzJ2JZFgh15v2N0vRzohYmw09j08Rgb2QKXrT_lYcYez3DAG0pn-KkGW42hamqI0i3fJcqcIgSgMueCkdFXvzh51A8LQ2rk1gKsgZT7INnnT29Wi1hRVtuOxpgtD8xz6Xt8Nf68nY3-uut8cqJPGa1isrh7qmmmJfUJoWaGEawPLejkbX4fdLSRUuy-rSUBttbGlyPGiOjoXvtCJ8Z9oaqhEbPBwve-kaOQE5Si1P5bonHm7yAE9XAFhYPa0lvx8deuyYaYrA" # Обратитесь в отдел продаж для получения SERVICE_WORKER_PUBLIC_KEY: "1234" SERVICE_WORKER_PRIVATE_KEY: "1234" # Генерация ключей (web-push) Service Worker @@ -22,13 +22,13 @@ global: # npx web-push generate-vapid-keys # 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY) -yonote-database: +postgres: settings: superuserPassword: "QQYw4UjOU" userDatabase: password: "wsGZ6kXhr5" -yonote-redis: +redis: args: - "--user redis:redis" diff --git a/yonote-chart-service/templates/mcJob.yaml b/yonote-chart-service/templates/mcJob.yaml index 7f5fbf4..e8f0e73 100644 --- a/yonote-chart-service/templates/mcJob.yaml +++ b/yonote-chart-service/templates/mcJob.yaml @@ -24,11 +24,11 @@ spec: echo "MinIO is ready and alias is set." # Создание бакета - if ! mc ls myminio/yonote-bucket; then - mc mb myminio/yonote-bucket - echo "Bucket yonote-bucket created successfully." + if ! mc ls myminio/{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}; then + mc mb myminio/{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }} + echo "Bucket {{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }} created successfully." else - echo "Bucket yonote-bucket already exists." + echo "Bucket {{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }} already exists." fi # Установка политик для бакета @@ -47,7 +47,7 @@ spec: "s3:GetBucketLocation" ], "Resource": [ - "arn:aws:s3:::yonote-bucket" + "arn:aws:s3:::{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}" ] }, { @@ -61,7 +61,7 @@ spec: "s3:GetObject" ], "Resource": [ - "arn:aws:s3:::yonote-bucket/*" + "arn:aws:s3:::{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }}/*" ] } ] @@ -69,7 +69,7 @@ spec: EOF echo "Bucket policy JSON file created." - mc anonymous set-json /tmp/minio-bucket-policy.json myminio/yonote-bucket + mc anonymous set-json /tmp/minio-bucket-policy.json myminio/{{ .Values.global.yonote.config.plain.data.AWS_S3_UPLOAD_BUCKET_NAME }} echo "Bucket policy applied." resources: diff --git a/yonote-chart-service/values.yaml b/yonote-chart-service/values.yaml index 105e429..7d90f30 100644 --- a/yonote-chart-service/values.yaml +++ b/yonote-chart-service/values.yaml @@ -7,7 +7,7 @@ global: config: plain: data: - DEBUG: http + DEBUG: debug NODE_ENV: production FORCE_HTTPS: "false" PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL @@ -38,7 +38,7 @@ global: OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена. AWS_S3_ACL: private - AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.example.com' # Адрес API S3 хранилища + AWS_S3_UPLOAD_BUCKET_URL: 'https://s3.example.com' # Адрес API S3 хранилища AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища AWS_REGION: "RU" AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища @@ -491,7 +491,7 @@ yonote-collaboration: path: /_health port: app -yonote-database: +postgres: enabled: true #settings: # Default postgres @@ -518,7 +518,7 @@ yonote-database: extraScripts: postgres-init-scripts -yonote-redis: +redis: enabled: true fullnameOverride: yonote-redis nameOverride: redis @@ -553,7 +553,7 @@ minio: - "s3:DeleteObject" users: - - accessKey: console + - accessKey: qwer12314q secretKey: qwer-12314q-qwersa policy: yonote_user_policy @@ -581,7 +581,7 @@ minio: consoleIngress: enabled: true hosts: - - api-s3.example.com + - s3-console.example.com ingressClassName: traefik path: '/' annotations: @@ -589,7 +589,7 @@ minio: #cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev # Если используете tls: - hosts: - - "api-s3.example.com" + - "s3-console.example.com" secretName: "example.com-tls" resources: @@ -602,8 +602,6 @@ minio: mcJob: enabled: true - # If the AWS_S3_UPLOAD_BUCKET_NAME, under global.yonote.config is changed, then it is reuqired to change the templates/mcjob.yaml. - # Replace yonote-bucket with the new AWS_S3_UPLOAD_BUCKET_NAME value. keycloak: enabled: true -- 2.47.2 From 6ee15ba226d8c0d75b819f6933288198f97a4374 Mon Sep 17 00:00:00 2001 From: sarmstrong Date: Mon, 8 Dec 2025 09:19:18 +0300 Subject: [PATCH 09/11] Update the README --- README.md | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 297e304..268a7ef 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,14 @@ # Yonote Helm Chart +**Критическое изменение** + +Данный чарт предназначен только для новых развертываний! + +Версия 2.x.x не совместима с предыдущими версиями 1.x.x данного чарта. Если вы попытаетесь использовать этот чарт для обновления существующего развертывания Yonote, это приведет к потере данных. + +Руководство по миграции будет предоставлено в ближайшее время. + + ## Обзор Этот Helm chart позволяет развернуть **Yonote** в Kubernetes. Он предоставляет быстрый и простой способ установки, настройки и управления приложением с помощью Helm. @@ -50,11 +59,23 @@ helm install app -f values.yaml -f secret-values.yaml -n yonote-onprem . ### 5. Keycloak -"http://app.{{ .Values.global.yonote.baseListenAddress }}/*", -"https://app.{{ .Values.global.yonote.baseListenAddress }}/*", -"https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*" +Перед первым входом в Yonote необходимо обновить поле **Valid redirect URIs** клиента yonote в области (realm) Yonote в системе Keycloak. +Уже существуют две записи, поэтому достаточно просто скопировать их и отредактировать. +Например: + +Существующие записи: +* http://example.com/* +* https://example.com/* + +Добавить следующие: +* http://app.example.com/* +* https://app.example.com/* +* https://app.example.com/auth/oidc.callback/* +* https://team.example.com/* + +Примечание: символы * в URL-адресах являются подстановочными знаками и обозначают любые дополнительные пути после указанного базового URL. ### Обратная связь -- 2.47.2 From 61be0e0405d51f2ab6628abfe312ed74c9ba2b35 Mon Sep 17 00:00:00 2001 From: sarmstrong Date: Mon, 8 Dec 2025 14:10:03 +0300 Subject: [PATCH 10/11] Enable cronjobs. --- yonote-chart-service/templates/cronjob.yaml | 34 +++++++++++++++++++++ yonote-chart-service/values.yaml | 4 +-- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/yonote-chart-service/templates/cronjob.yaml b/yonote-chart-service/templates/cronjob.yaml index e0ca3e6..60a2763 100644 --- a/yonote-chart-service/templates/cronjob.yaml +++ b/yonote-chart-service/templates/cronjob.yaml @@ -1,3 +1,37 @@ +{{- if eq ($.Values.global.yonote_cron_calendar_events.cron_enabled | toString) "true" }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: cron-calendar-events +spec: + schedule: "*/1 * * * *" + jobTemplate: + spec: + template: + spec: + containers: + - name: cron-calendar-events + image: curlimages/curl + imagePullPolicy: IfNotPresent + envFrom: + - secretRef: + name: yonote-secrets + command: + - /bin/sh + - -c + - >- + date; + curl + -X POST + {{ .Values.global.yonote_cron_calendar_events.url }} + -H "Content-Type: application/json" + -d ' + { + "token": "$(UTILS_SECRET)" + } + ' + restartPolicy: OnFailure +{{- end }} --- {{- if eq ($.Values.global.yonote_cron_task_scheduler.cron_enabled | toString) "true" }} apiVersion: batch/v1 diff --git a/yonote-chart-service/values.yaml b/yonote-chart-service/values.yaml index 7d90f30..0bbbc83 100644 --- a/yonote-chart-service/values.yaml +++ b/yonote-chart-service/values.yaml @@ -65,11 +65,11 @@ global: SMTP_REQUIRE_TLS: "" yonote_cron_calendar_events: - cron_enabled: "false" + cron_enabled: "true" url: http://yonote-web/api/cron.calendar_events yonote_cron_task_scheduler: - cron_enabled: "false" + cron_enabled: "true" url: http://yonote-web/api/cron.schedule ingress: -- 2.47.2 From 35a52529ffe748e4d34b414039b73a2cffeb0609 Mon Sep 17 00:00:00 2001 From: sarmstrong Date: Mon, 8 Dec 2025 14:13:26 +0300 Subject: [PATCH 11/11] Clean up secret-values. --- yonote-chart-service/secret-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/yonote-chart-service/secret-values.yaml b/yonote-chart-service/secret-values.yaml index 6c1b8ae..8e7022f 100644 --- a/yonote-chart-service/secret-values.yaml +++ b/yonote-chart-service/secret-values.yaml @@ -13,7 +13,7 @@ global: UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это. TELEGRAM_BOT_TOKEN: "1234" UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" - LICENSE_KEY: "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3NjMzNzcyMzEsImV4cCI6MTc2NjAwNTE5OX0.ScoKz_92655mNni1yxJb8hZ8aa4apeJpNQHC-ncs7tnytSi7rFkoMc4W6YGjVYSxCaoCEiGOx1VOfdzJ2JZFgh15v2N0vRzohYmw09j08Rgb2QKXrT_lYcYez3DAG0pn-KkGW42hamqI0i3fJcqcIgSgMueCkdFXvzh51A8LQ2rk1gKsgZT7INnnT29Wi1hRVtuOxpgtD8xz6Xt8Nf68nY3-uut8cqJPGa1isrh7qmmmJfUJoWaGEawPLejkbX4fdLSRUuy-rSUBttbGlyPGiOjoXvtCJ8Z9oaqhEbPBwve-kaOQE5Si1P5bonHm7yAE9XAFhYPa0lvx8deuyYaYrA" # Обратитесь в отдел продаж для получения + LICENSE_KEY: "" # Обратитесь в отдел продаж для получения SERVICE_WORKER_PUBLIC_KEY: "1234" SERVICE_WORKER_PRIVATE_KEY: "1234" # Генерация ключей (web-push) Service Worker -- 2.47.2