global: yonote: ingress: ingressClassName: nginx keycloak: hostName: auth.example.com realmName: yonote ### Forbidden_Subdomains: app,localhost,yonote baseListenAddress: example.com config: plain: data: FORCE_HTTPS: "false" BIND_HOST: 0.0.0.0 PORT: "3000" URL: 'http://{{ .Values.global.yonote.baseListenAddress }}' COLLABORATION_URL: 'wss://{{ .Values.global.yonote.baseListenAddress }}' OIDC_CLIENT_ID: yonote OIDC_AUTH_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/auth' OIDC_LOGOUT_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/logout' OIDC_TOKEN_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/token' OIDC_USERINFO_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/userinfo' AWS_S3_UPLOAD_BUCKET_URL: "" AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket AWS_REGION: "" AWS_S3_UPLOAD_MAX_SIZE: "226214400" TELEGRAM_API_URL: https://api.telegram.org OIDC_DISPLAY_NAME: email OIDC_SCOPES: openid email PGSSLMODE: disable USE_LEGACY_LOGOUT: "true" AWS_S3_FORCE_PATH_STYLE: "true" AWS_S3_ACL: private SMTP_HOST: "" SMTP_USERNAME: "" SMTP_FROM_EMAIL: "" SMTP_REPLY_EMAIL: "" SMTP_PORT: "" SMTP_SECURE: "" #connection will be upgraded: https://nodemailer.com/smtp/ SMTP_REQUIRE_TLS: "" name: yonote yonote-web: fullnameOverride: yonote-web nameOverride: yonote-web name: web image: registry: images.updates.yonote.ru repository: yonote tag: 1.15.1 pullPolicy: IfNotPresent resources: limits: cpu: "1" memory: 1Gi requests: cpu: 250m memory: 256Mi ingress: enabled: true hostname: '"example.com"' ingressClassName: nginx path: '/' pathType: Prefix annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/server-snippets: | location /realtime { proxy_set_header Upgrade $http_upgrade; proxy_http_version 1.1; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_set_header Connection "upgrade"; proxy_cache_bypass $http_upgrade; } nginx.ingress.kubernetes.io/configuration-snippet: | more_set_headers "Host $http_host"; more_set_headers "X-Real-IP $remote_addr"; more_set_headers "X-Forwarded-Proto $scheme"; more_set_headers "X-Forwarded-For $proxy_add_x_forwarded_for"; cert-manager.io/cluster-issuer: "" extraTls: - hosts: - "example.com" secretName: example-tls containerPorts: - containerPort: 3000 name: app protocol: TCP service: type: ClusterIP port: 80 targetPort: app envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets podLabels: redis-client: 'true' podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app