yonote-chart-service/Chart.lock

@@ -14,17 +14,17 @@ dependencies:
 - name: app
   repository: https://dysnix.github.io/charts
   version: 0.3.15
-- name: postgresql
+- name: postgres
-  repository: https://charts.bitnami.com/bitnami
+  repository: https://groundhog2k.github.io/helm-charts/
-  version: 11.6.6
+  version: 0.3.9
 - name: redis
-  repository: https://charts.bitnami.com/bitnami
+  repository: https://groundhog2k.github.io/helm-charts/
-  version: 16.12.1
+  version: 0.7.0
 - name: minio
-  repository: https://charts.bitnami.com/bitnami
+  repository: https://charts.min.io/
-  version: 12.7.0
+  version: 5.4.0
-- name: keycloak
+- name: keycloakx
-  repository: https://charts.bitnami.com/bitnami
+  repository: https://codecentric.github.io/helm-charts
-  version: 14.0.0
+  version: 1.3.2
-digest: sha256:928723e189de54fafe19316743b8f9d08d7c74f9728b0c4afb1f5cd3ee1e83dc
+digest: sha256:ad0128ad6d526a8946d659481ec5dc19d1faf785919efbcc689a37ae80bc820e
-generated: "2024-08-25T00:46:01.648512702+03:00"
+generated: "2025-10-30T14:17:59.001901626+03:00"

yonote-chart-service/Chart.yaml

@@ -39,7 +39,7 @@ dependencies:
     version: "0.3.9"
     repository: https://groundhog2k.github.io/helm-charts/
     condition: yonoteDatabase.enabled
-    alias: yonoteDatabase
+    alias: yonote-database
 
   - name: redis
     version: "0.7.0"
@@ -48,11 +48,17 @@ dependencies:
     alias: yonote-redis
 
   - name: minio
-    version: "12.7.0"
+    version: "5.4.0"
     repository: https://charts.min.io/
     condition: minio.enabled
     alias: minio
 
+#  - name: app
+#    version: "0.3.15"
+#    repository: https://artifacts.wilix.dev/repository/helm-dysnix
+#    condition: keycloak.enabled
+#    alias: keycloak
+
   - name: keycloakx
     version: "1.3.2"
     repository: https://codecentric.github.io/helm-charts

yonote-chart-service/secret-values.yaml

@@ -3,26 +3,26 @@ global:
     config:
       secret:
         stringData:
-          DATABASE_URL: 'postgres://{{ .Values.yonoteDatabase.settings.userDatabase.user }}:{{ .Values.yonoteDatabase.settings.userDatabase.password }}@yonote-database:5432/{{ .Values.yonoteDatabase.settings.userDatabase.database }}'
+          DATABASE_URL: 'postgres://yonote:wsGZ6kXhr5@cnpg-yonote-pg-rw:5432/yonote'
-          POSTGRES_PASSWORD: "{{ .Values.yonoteDatabase.settings.superuserPassword.password }}"
+          POSTGRES_PASSWORD: "QQYw4UjOU"
-          AWS_ACCESS_KEY_ID: "{{ .Values.minio.customUser }}"  # Ваш идентификатор ключа доступа к AWS. 
+          AWS_ACCESS_KEY_ID: "console"  # Ваш идентификатор ключа доступа к AWS.
-          AWS_SECRET_ACCESS_KEY: "{{ .Values.minio.customAccessKey }}" # Ваш секретный ключ доступа AWS. 
+          AWS_SECRET_ACCESS_KEY: "qwer-12314q-qwersa" # Ваш секретный ключ доступа AWS.
-          OIDC_CLIENT_SECRET: "Kdq8rk5Pv5RW1c5kHXpnyfrmMRzI9xSD" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC).
+          OIDC_CLIENT_SECRET: "iS3jOA3Z7zXBwSN8EzJm36ybz57JNgpR" # Секретный ключ клиента для аутентификации по OpenID Connect (OIDC).
           SECRET_KEY: "659a8881b186198c3146e316f6dab67df25496534d1fa156d624b037260df688" # Сгенерируйте 32-байтовый случайный ключ в шестнадцатеричном коде. Вам следует использовать `openssl rand -hex 32` в вашем терминале для генерации случайного значения.
           SMTP_PASSWORD: "1234"
           UTILS_SECRET: "7bd5e9ac4415dd0dbf6b7721e2a21e9427b268cd0140c7516d13dece5024d479" # Сгенерируйте уникальный случайный ключ. Формат не важен, но вы все равно можете использовать`openssl rand -hex 32` в вашем терминале, чтобы создать это.
           TELEGRAM_BOT_TOKEN: "1234"
-          UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE" 
+          UNSPLASH_API_ACCESS_KEY: "a-yGo6HpRP6jNfravx4Bz-oiPrRnH_5-24Xa9ZPlePE"
-          LICENSE_KEY: "qwerty-123456-zxcvb" # Обратитесь в отдел продаж для получения
+          LICENSE_KEY: "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE3NjAzNDA0NTYsImV4cCI6MTc2MzA2NzU5OX0.Umhd1az0qC8EXEiC8xvVuqrxG2oEePGGWa_RAYWgzSKavXy7qnaIn_pjK8J56UfP8nDLVC6rxgjPhs0g8bZfrDslYrzMuiWstUt5TDwFDfjZbqHvxzShkBZ5FUSM-qFD3qdGnfBucKdt046CY40_S0hlN3Rjl7WasnOZHnyTlHpbVeaFTwc8fsWL0IxBOxCF73F7hI4S7FC15ANwUD4WwKQDCGxYJ5ZTn5uYZII9WZ2wjWC-__xGEehZ7cHmwRAPcm471zEwkUY9sXRoMjITtTbtFkCChpp8BPC1zBUdWVPgtMqFnFbtjhtmDiCiQeebVqz9tjE_wgU6gBhNpJhXaA" # Обратитесь в отдел продаж для получения
-          SERVICE_WORKER_PUBLIC_KEY: "1234" 
+          SERVICE_WORKER_PUBLIC_KEY: "1234"
           SERVICE_WORKER_PRIVATE_KEY: "1234"
         # Генерация ключей (web-push) Service Worker
-        # 1) Установить Node.js и npm 
+        # 1) Установить Node.js и npm
         # 2) Выполнить команду для генерации ключей
         # npx web-push generate-vapid-keys
         # 3) Полученные значения ввести в .env файл (SERVICE_WORKER_PUBLIC_KEY, SERVICE_WORKER_PRIVATE_KEY)
 
-yonoteDatabase:
+yonote-database:
   settings:
     superuserPassword: "QQYw4UjOU"
   userDatabase:
@@ -33,9 +33,13 @@ yonote-redis:
     - "--user redis:redis"
 
 minio:
-  #customAccessKey: "qwer-12314q-qwersa"
   rootPassword: "qwettaas"
 
 keycloak:
-  auth:
+  database:
-    adminPassword: "root"
+    password: password1
+  #secrets:
+  #  secrets:
+  #    stringData:
+  #      KEYCLOAK_ADMIN_PASSWORD: secret
+  #      KC_DB_PASSWORD: "password1"

yonote-chart-service/templates/configmap-initdb.yaml

@@ -3,5 +3,12 @@ kind: ConfigMap
 metadata:
   name: postgres-init-scripts
 data:
-  init.sql: |
+  init-keycloak-db.sh: |
-    CREATE DATABASE "{{ .Values.keycloak.externalDatabase.database }}";
+    !/bin/bash
+    set -e
+
+    psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+    CREATE DATABASE keycloak;
+    CREATE USER keycloaku WITH PASSWORD 'password1';
+    GRANT ALL PRIVILEGES ON DATABASE keycloak TO keycloaku;
+    EOSQL

yonote-chart-service/templates/cronjob.yaml

@@ -1,37 +1,3 @@
-{{- if eq ($.Values.global.yonote_cron_calendar_events.cron_enabled  | toString) "true" }}
-apiVersion: batch/v1
-kind: CronJob
-metadata:
-  name: cron-calendar-events
-spec:
-  schedule: "*/1 * * * *"
-  jobTemplate:
-    spec:
-      template:
-        spec:
-          containers:
-          - name: cron-calendar-events
-            image: curlimages/curl
-            imagePullPolicy: IfNotPresent
-            envFrom:
-            - secretRef:
-                name: yonote-secrets
-            command:
-              - /bin/sh
-              - -c
-              - >-
-                date;
-                curl
-                -X POST
-                {{ .Values.global.yonote_cron_calendar_events.url }}
-                -H "Content-Type: application/json"
-                -d '
-                {
-                "token": "$(UTILS_SECRET)"
-                }
-                '                                
-          restartPolicy: OnFailure
-{{- end }}
 ---
 {{- if eq ($.Values.global.yonote_cron_task_scheduler.cron_enabled  | toString) "true" }}
 apiVersion: batch/v1

yonote-chart-service/templates/mcJob.yaml

@@ -13,7 +13,7 @@ spec:
     spec:
       containers:
         - name: mc-client
-          image: "quay.io/minio/mc:RELEASE.2024-12-18T13-15-44Z"
+          image: "minio/mc:RELEASE.2025-01-17T23-25-50Z"
           command: ["/bin/sh", "-c"]
           args:
             - |

yonote-chart-service/templates/realm-configmap.yaml

@@ -55,11 +55,11 @@ data:
         "redirectUris": [
             "https://*.{{ .Values.global.yonote.baseListenAddress }}/*",
             "http://*.{{ .Values.global.yonote.baseListenAddress }}/*",
-            "http://app.{{ .Values.global.yonote.baseListenAddress }}/*",
+            "http://team.{{ .Values.global.yonote.baseListenAddress }}/*",
-            "https://app.{{ .Values.global.yonote.baseListenAddress }}/*",
+            "https://team.{{ .Values.global.yonote.baseListenAddress }}/*",
-            "https://app.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*"
+            "https://team.{{ .Values.global.yonote.baseListenAddress }}/auth/oidc.callback/*"
         ],
-        "baseUrl": "https://app.{{ .Values.global.yonote.baseListenAddress }}",
+        "baseUrl": "https://team.{{ .Values.global.yonote.baseListenAddress }}",
         "enabled": true,
         "publicClient": false,
         "protocol": "openid-connect",

yonote-chart-service/values.yaml

@@ -2,40 +2,43 @@ global:
   name: yonote-app
   yonote:
     dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production`
-    baseListenAddress: example.com # Доменный адрес для yonote
+    baseListenAddress: modo.lap # Доменный адрес для yonote
 
     config:
       plain:
         data:
+          DEBUG: http
           NODE_ENV: production
           FORCE_HTTPS: "false"
           PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL
           WEB_CONCURRENCY: "1"
-          
+
           BIND_HOST: 0.0.0.0 # Хост по умолчанию
           PORT: "3000" # Порт по умолчанию
 
-          REDIS_URL: redis://yonote-redis-master:6379
+          REDIS_URL: redis://yonote-redis:6379
 
           DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию 
           ENABLE_UPDATES: "false"
-          
+
           AI_URL: "1234"
           AI_API_KEY: "1234"
 
-          URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
+          URL: 'https://{{ .Values.global.yonote.baseListenAddress }}'  # Базовый url приложения
-          COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
+          COLLABORATION_URL: 'wss://{{ .Values.global.yonote.baseListenAddress }}'  # Cервер, для нормальной работы это не нужно устанавливать
-          
+
+          #DEPLOYMENT: 'hosted'
+
           OIDC_DISPLAY_NAME: email
           OIDC_SCOPES: openid email
           OIDC_CLIENT_ID: yonote
-          OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему.
+          OIDC_AUTH_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему.
-          OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода.
+          OIDC_LOGOUT_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода.
-          OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены
+          OIDC_TOKEN_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены
-          OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена.
+          OIDC_USERINFO_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена.
 
           AWS_S3_ACL: private
-          AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.example.com' # Адрес API S3 хранилища
+          AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.modo.lap' # Адрес API S3 хранилища
           AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища 
           AWS_REGION: "RU"
           AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища
@@ -43,7 +46,7 @@ global:
           S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean
           S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах.
 
-          SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд
+          SUBDOMAINS_ENABLED: "false" # Поддержка поддоменов для команд
           BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста
           NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены
 
@@ -53,20 +56,20 @@ global:
 
           RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4
 
-          SMTP_HOST: ""
+          SMTP_HOST: "smtp.wilix.dev"
           SMTP_USERNAME: ""
           SMTP_FROM_EMAIL: ""
           SMTP_REPLY_EMAIL: ""
-          SMTP_PORT: ""
+          SMTP_PORT: "456"
           SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/
           SMTP_REQUIRE_TLS: ""
 
   yonote_cron_calendar_events:
-    cron_enabled: "true"
+    cron_enabled: "false"
     url: http://yonote-web/api/cron.calendar_events
 
   yonote_cron_task_scheduler:
-    cron_enabled: "true"
+    cron_enabled: "false"
     url: http://yonote-web/api/cron.schedule
 
 ingress:
@@ -75,59 +78,59 @@ ingress:
   namespace: yonote-onprem
   ingressClassName: traefik
   tls:
-    secretName: "you_tls_secret"
+    secretName: "your-tls-secret"
-    hosts: 
+    hosts:
-      - "app.example.com" 
+      - "app.modo.lap"
-      - "team.example.com"
+      - "modo.lap"
   rules:
-  - host: "app.example.com"
+    - host: "app.modo.lap"
-    paths: 
+      paths:
-      - path: /
+        - path: /
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-web
+            name: yonote-web
-          port: 80
+            port: 80
-      - path: /realtime
+        - path: /realtime
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-websockets
+            name: yonote-websockets
-          port: 80
+            port: 80
-      - path: /whiteboard
+        - path: /whiteboard
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-whiteboard
+            name: yonote-whiteboard
-          port: 80
+            port: 80
-      - path: /collaboration
+        - path: /collaboration
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-collaboration
+            name: yonote-collaboration
-          port: 80
+            port: 80
-  - host: "team.example.com"
+    - host: "modo.lap"
-    paths: 
+      paths:
-      - path: /
+        - path: /
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-web
+            name: yonote-web
-          port: 80
+            port: 80
-      - path: /realtime
+        - path: /realtime
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-websockets
+            name: yonote-websockets
-          port: 80
+            port: 80
-      - path: /whiteboard
+        - path: /whiteboard
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-whiteboard
+            name: yonote-whiteboard
-          port: 80
+            port: 80
-      - path: /collaboration
+        - path: /collaboration
-        pathType: Prefix
+          pathType: Prefix
-        service:
+          service:
-          name: yonote-collaboration
+            name: yonote-collaboration
-          port: 80
+            port: 80
 
   annotations:
-      # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
+    cert-manager.io/cluster-issuer: selfsigned-issuer # Если используете
-    
+
 yonote-web:
   fullnameOverride: yonote-web
   nameOverride: yonote-web
@@ -136,7 +139,7 @@ yonote-web:
   image:
     registry: images.updates.yonote.ru
     repository: yonote
-    tag: 1.19.8
+    tag: 1.22.11
     pullPolicy: IfNotPresent
 
   command: ["/bin/sh", "-c"]
@@ -166,17 +169,17 @@ yonote-web:
     requests:
       cpu: 200m
       memory: 256Mi
- 
+
   containerPorts:
     - containerPort: 3000
       name: app
       protocol: TCP
-  
+
   service:
     type: ClusterIP
     port: 80
     targetPort: app
-  
+
   envFrom:
     - configMapRef:
         name: yonote-configs
@@ -185,11 +188,11 @@ yonote-web:
 
   podLabels:
     redis-client: 'true'
-  
+
   podAnnotations:
     checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
     checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
-  
+
   readinessProbe:
     enabled: true
     failureThreshold: 6
@@ -200,7 +203,7 @@ yonote-web:
     httpGet:
       path: /_health
       port: app
-  
+
   livenessProbe:
     enabled: true
     failureThreshold: 6
@@ -216,13 +219,13 @@ yonote-websocket:
   fullnameOverride: yonote-websockets
   nameOverride: yonote-websockets
   name: websockets
-  
+
   image:
     registry: images.updates.yonote.ru
     repository: yonote
-    tag: 1.19.8
+    tag: 1.22.11
     pullPolicy: IfNotPresent
- 
+
   command: ["/bin/sh", "-c"]
   args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=websockets']
 
@@ -233,32 +236,32 @@ yonote-websocket:
     requests:
       cpu: 150m
       memory: 128Mi
-  
+
   checksums: null
-  
+
   envFrom:
     - configMapRef:
         name: yonote-configs
     - secretRef:
         name: yonote-secrets
-  
+
   containerPorts:
     - containerPort: 3000
       name: app
       protocol: TCP
-  
+
   service:
     type: ClusterIP
     port: 80
     targetPort: app
-  
+
   podLabels:
     redis-client: 'true'
-  
+
   podAnnotations:
     checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
     checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
-  
+
   readinessProbe:
     enabled: true
     failureThreshold: 6
@@ -269,7 +272,7 @@ yonote-websocket:
     httpGet:
       path: /_health
       port: app
-  
+
   livenessProbe:
     enabled: true
     failureThreshold: 6
@@ -285,11 +288,11 @@ yonote-whiteboard:
   fullnameOverride: yonote-whiteboard
   nameOverride: yonote-whiteboard
   name: whiteboard
-  
+
   image:
     registry: images.updates.yonote.ru
     repository: yonote
-    tag: 1.19.8
+    tag: 1.22.11
     pullPolicy: IfNotPresent
 
   command: ["/bin/sh", "-c"]
@@ -327,7 +330,7 @@ yonote-whiteboard:
   podAnnotations:
     checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
     checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
-  
+
   readinessProbe:
     enabled: true
     failureThreshold: 6
@@ -338,7 +341,7 @@ yonote-whiteboard:
     httpGet:
       path: /_health
       port: app
-  
+
   livenessProbe:
     enabled: true
     failureThreshold: 6
@@ -358,7 +361,7 @@ yonote-worker:
   image:
     registry: images.updates.yonote.ru
     repository: yonote
-    tag: 1.19.8
+    tag: 1.22.11
     pullPolicy: IfNotPresent
 
   command: ["/bin/sh", "-c"]
@@ -396,7 +399,7 @@ yonote-worker:
   podAnnotations:
     checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
     checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
-  
+
   readinessProbe:
     enabled: true
     failureThreshold: 6
@@ -407,7 +410,7 @@ yonote-worker:
     httpGet:
       path: /_health
       port: app
-  
+
   livenessProbe:
     enabled: true
     failureThreshold: 6
@@ -427,7 +430,7 @@ yonote-collaboration:
   image:
     registry: images.updates.yonote.ru
     repository: yonote
-    tag: 1.19.8
+    tag: 1.22.11
     pullPolicy: IfNotPresent
 
   command: ["/bin/sh", "-c"]
@@ -452,20 +455,20 @@ yonote-collaboration:
     type: ClusterIP
     port: 80
     targetPort: app
- 
+
   envFrom:
     - configMapRef:
         name: yonote-configs
     - secretRef:
         name: yonote-secrets
- 
+
   podLabels:
     redis-client: 'true'
-  
+
   podAnnotations:
     checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
     checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
-  
+
   readinessProbe:
     enabled: true
     failureThreshold: 6
@@ -488,9 +491,9 @@ yonote-collaboration:
       path: /_health
       port: app
 
-yonoteDatabase:
+yonote-database:
   enabled: true
-  settings:
+  #settings:
   # Default postgres
   #  superuser:
 
@@ -498,24 +501,22 @@ yonoteDatabase:
     name: yonote
     user: yonote
 
-  name: yonote-database
   fullnameOverride: yonote-database
   nameOverride: yonote-database
 
   storage:
     requestedSize: 5Gi
-    #className: ""
+    className: "microk8s-hostpath"
 
   resources:
     limits:
       cpu: 2
-      memory: 8Gi
+      memory: 5Gi
     requests:
       cpu: 500m
       memory: 512Mi
 
-  extraScripts:
+  extraScripts: postgres-init-scripts
-    - name: postgres-init-scripts
 
 yonote-redis:
   enabled: true
@@ -523,8 +524,8 @@ yonote-redis:
   nameOverride: redis
 
   storage:
-    requestedSize: 5Gi
+    requestedSize: 1Gi
-    #className: ""
+    className: "microk8s-hostpath"
   resources:
     limits:
       cpu: 1
@@ -544,39 +545,41 @@ minio:
 
   users:
     - accessKey: console
-      secretKey: console123
+      secretKey: qwer-12314q-qwersa
       policy: readwrite
 
   persistence:
     enabled: true
-    size: 5Gi
+    size: 1Gi
-    #storageClass: ""
+    storageClass: "microk8s-hostpath"
 
   ingress:
     enabled: true
-    hosts: 's3.example.com'
+    hosts:
+      - s3.modo.lap
     ingressClassName: traefik
     path: '/'
     annotations:
       kubernetes.io/ingress.class: traefik
-      # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
+      # cert-manager.io/cluster-issuer: letsencrypt.modo.lap # Если используете
-    tls:
+    #tls:
-      - hosts:
+    #  - hosts:
-          - "s3.example.com"
+    #      - "s3.modo.lap"
-        secretName: "you_tls_secret"
+    #    secretName: "s3.modo.lap-tls"
 
   consoleIngress:
     enabled: true
-    hosts: 'api-s3.example.com'
+    hosts:
+      - api-s3.modo.lap
     ingressClassName: traefik
     path: '/'
     annotations:
       kubernetes.io/ingress.class: traefik
-      # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
+      # cert-manager.io/cluster-issuer: letsencrypt.modo.lap # Если используете
-    tls:
+    #tls:
-      - hosts:
+    #  - hosts:
-          - "api-s3.example.com"
+    #      - "api-s3.modo.lap"
-        secretName: "api-s3.example.com"
+    #    secretName: "api-s3.modo.lap"
 
   resources:
     requests:
@@ -590,58 +593,106 @@ mcJob:
   enabled: true
 
 keycloak:
+  enabled: true
   fullnameOverride: yonote-keycloak
   nameOverride: yonote-keycloak
 
-  auth:
+  image:
-    adminUser: root
+    repository: quay.io/keycloak/keycloak #images.updates.yonote.ru/yonote-keycloak
+    tag: 19.0.3
 
-  proxy: "edge"
+  args:
+    - start-dev #--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm
 
-  command:
+  cache:
-    - /bin/bash
+    stack: custom
-    - -c
-    - |
-       /opt/bitnami/keycloak/bin/kc.sh start --import-realm --hostname={{ .Values.ingress.hostname }} --hostname-strict=true --hostname-strict-backchannel=true --https-protocols=TLSv1.2 --proxy=edge --db postgres --db-url-host yonote-database  --db-username postgres --db-password="$(DB_PASSWORD)"
 
-  extraEnvVars:
+  proxy:
-    - name: DB_PASSWORD
+    enabled: "false"
-      valueFrom:
-        secretKeyRef:
-          name: yonote-database
-          key: postgres-password
 
-  extraVolumes:
+  extraEnv: |
-    - name: realm-export
+    #- name: KC_LOG_LEVEL
-      configMap:
+    #  value: DEBUG
-        name: realm-export
+    - name: KEYCLOAK_ADMIN
+      value: root
+      #valueFrom:
+      #  secretKeyRef:
+      #    name: {{ include "keycloak.fullname" . }}-admin-creds
+      #    key: user
+    - name: KEYCLOAK_ADMIN_PASSWORD
+      value: keycloakadmin
+      #valueFrom:
+      #  secretKeyRef:
+      #    name: {{ include "keycloak.fullname" . }}-admin-creds
+      #    key: password
+    - name: BASENAME_FOR_SUBDOMAIN
+      value: modo.lap
+    - name: KC_HOSTNAME_STRICT
+      value: "false"
+    #- name: KC_HOSTNAME_ADMIN
+    #  value: auth.modo.lap/admin
+    - name: KC_HOSTNAME
+      value: auth.modo.lap
+    - name: KC_HOSTNAME_STRICT_HTTPS
+      value: "false"
+    - name: KC_HOSTNAME_PATH
+      value: "/"
+    #- name: KC_DB_URL
+    #  value: jdbc:postgresql://yonote-database:5432/keycloak
+    - name: KC_HTTP_ENABLED
+      value: "true"
+    #- name: KC_PROXY
+    #  value: edge
+    #- name: JAVA_OPTS_APPEND
+    #  value: -Djgroups.dns.query=keycloak-headless
+    #- name: KC_PROXY_HEADERS
+    #  value: "xforwarded"
+    - name: PROXY_ADDRESS_FORWARDING
+      value: "true"
 
-  extraVolumeMounts:
+#  extraVolumes: |
-    - name: realm-export
+#    - name: realm-export
-      mountPath: /opt/bitnami/keycloak/data/import/realm-export.json
+#      configMap:
-      subPath: realm-export.json
+#        name: realm-export
+
+#  extraVolumeMounts: |
+#    - name: realm-export
+#      mountPath: /opt/keycloak/data/import
+#      readOnly: true
+
+  http:
+    relativePath: "/"
 
   ingress:
     enabled: true
-    hostname: auth.example.com
+    hostname: auth.modo.lap
     ingressClassName: traefik
-    tls: 
+    tls:
       - hosts:
-          - "auth.example.com"
+          - "auth.modo.lap"
-        secretName: "auth.example.com-tls"
+        secretName: "auth.modo.lap-tls"
     annotations:
       kubernetes.io/ingress.class: traefik
-      # cert-manager.io/cluster-issuer: letsencrypt.example.com #Если используете
+      cert-manager.io/cluster-issuer: selfsigned-issuer #Если используете
+      #nginx.ingress.kubernetes.io/proxy-buffer-size: "256k"
+      #nginx.ingress.kubernetes.io/proxy-buffers: "8 256k"
+      #nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k"
+      #nginx.ingress.kubernetes.io/large-client-header-buffers: "8 256k"
+      #nginx.ingress.kubernetes.io/proxy-set-headers: |
+      #  X-Forwarded-For: $proxy_protocol_addr
+      #  X-Forwarded-Proto: $scheme
+      #  Host: $host
+      #nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
     rules:
-      - host: "auth.example.com"
+      - host: "auth.modo.lap"
-        paths: 
+        paths:
           - path: /
-            pathType: Prefix
+            pathType: ImplementationSpecific
             service:
               name: yonote-keycloak
               port: http
           - path: /admin
-            pathType: Prefix
+            pathType: ImplementationSpecific
             service:
               name: yonote-keycloak
               port: http
@@ -654,19 +705,27 @@ keycloak:
       cpu: 250m
       memory: 256Mi
 
-  postgresql:
+  dbchecker:
-    enabled: false
+    enabled: "true"
 
-  externalDatabase:
+  database:
-    host: jdbc:postgresql://yonote-database
+    vendor: postgres
+    hostname: yonote-database
     port: 5432
-    user: postgres
     database: keycloak
+    username: keycloaku
 
-  livenessProbe:
+  livenessProbe: |
+    httpGet:
+      path: '{{ trimSuffix "/" .Values.http.relativePath}}/'
+      port: http
     initialDelaySeconds: 240
     timeoutSeconds: 5
 
-  readinessProbe:
+  # Readiness probe configuration
+  readinessProbe: |
+    httpGet:
+      path: '{{ trimSuffix "/" .Values.http.relativePath}}/realms/master'
+      port: http
     initialDelaySeconds: 120
-    timeoutSeconds: 5
+    timeoutSeconds: 1