global: yonote: dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production` baseListenAddress: onprem-test.stands.wilix.dev config: plain: data: DEPLOYMENT: hosted NODE_ENV: production FORCE_HTTPS: "false" PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL BIND_HOST: 0.0.0.0 # Хост по умолчанию PORT: "3000" # Порт по умолчанию REDIS_URL: redis://yonote-redis-master:6379 DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию ENABLE_UPDATES: "false" AI_URL: "1234" AI_API_KEY: "1234" WEB_CONCURRENCY: "1" URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать OIDC_DISPLAY_NAME: email OIDC_SCOPES: openid email OIDC_CLIENT_ID: yonote-local OIDC_AUTH_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/auth' OIDC_LOGOUT_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/logout' OIDC_TOKEN_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/token' OIDC_USERINFO_URI: 'https://auth.yonote.ru/realms/yonote-test/protocol/openid-connect/userinfo' AWS_S3_ACL: private AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища AWS_REGION: "" AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3 S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах. SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены TELEGRAM_API_URL: https://api.telegram.org UNSPLASH_API_BASENAME: https://api.unsplash.com RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4 SMTP_HOST: "" SMTP_USERNAME: "" SMTP_FROM_EMAIL: "" SMTP_REPLY_EMAIL: "" SMTP_PORT: "" SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/ SMTP_REQUIRE_TLS: "" yonote_cron_calendar_events: cron_enabled: "true" url: http://yonote-web/api/cron.calendar_events yonote_cron_task_scheduler: cron_enabled: "true" url: http://yonote-web/api/cron.schedule ingress: enabled: true name: yonote-ingress namespace: yonote-onprem ingressClassName: traefik # hostname: "*.onprem-test.stands.wilix.dev" tls: secretName: "wildcard.onprem-test.stands.wilix.dev" hosts: - "*.onprem-test.stands.wilix.dev" # - "tete.onprem-test.stands.wilix.dev" # - "dada.onprem-test.stands.wilix.dev" rules: - host: "*.onprem-test.stands.wilix.dev" paths: - path: / pathType: Prefix service: name: yonote-web port: 80 - path: /realtime pathType: Prefix service: name: yonote-websockets port: 80 - path: /whiteboard pathType: Prefix service: name: yonote-whiteboard port: 80 - path: /collaboration pathType: Prefix service: name: yonote-collaboration port: 80 # - host: "tete.onprem-test.stands.wilix.dev" # paths: # - path: / # pathType: Prefix # service: # name: yonote-web # port: 80 # - path: /realtime # pathType: Prefix # service: # name: yonote-websockets # port: 80 # - path: /whiteboard # pathType: Prefix # service: # name: yonote-whiteboard # port: 80 # - path: /collaboration # pathType: Prefix # service: # name: yonote-collaboration # port: 80 # - host: "dada.onprem-test.stands.wilix.dev" # paths: # - path: / # pathType: Prefix # service: # name: yonote-web # port: 80 # - path: /realtime # pathType: Prefix # service: # name: yonote-websockets # port: 80 # - path: /whiteboard # pathType: Prefix # service: # name: yonote-whiteboard # port: 80 # - path: /collaboration # pathType: Prefix # service: # name: yonote-collaboration # port: 80 annotations: cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev yonote-web: fullnameOverride: yonote-web nameOverride: yonote-web name: web image: registry: images.updates.yonote.ru repository: yonote tag: 1.19.8 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=web'] initContainers: - name: yonote-migration image: images.updates.yonote.ru/yonote:1.19.8 imagePullPolicy: IfNotPresent command: - /bin/sh - '-c' - npx sequelize db:migrate env: - name: NODE_ENV value: '{{ .Values.global.yonote.dbMigrationEnv }}' # В настройках для sequelize прописан такой env для запуска миграций без ssl envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets resources: limits: cpu: 1 memory: 1Gi requests: cpu: 200m memory: 128Mi containerPorts: - containerPort: 3000 name: app protocol: TCP service: type: ClusterIP port: 80 targetPort: app envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets podLabels: redis-client: 'true' podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app yonote-websocket: fullnameOverride: yonote-websockets nameOverride: yonote-websockets name: websockets image: registry: images.updates.yonote.ru repository: yonote tag: 1.19.8 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=websockets'] resources: limits: cpu: 250m memory: 512Mi requests: cpu: 50m memory: 128Mi checksums: null envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets containerPorts: - containerPort: 3000 name: app protocol: TCP service: type: ClusterIP port: 80 targetPort: app podLabels: redis-client: 'true' podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app yonote-whiteboard: fullnameOverride: yonote-whiteboard nameOverride: yonote-whiteboard name: whiteboard image: registry: images.updates.yonote.ru repository: yonote tag: 1.19.8 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=whiteboard'] resources: limits: cpu: 250m memory: 512Mi requests: cpu: 50m memory: 128Mi checksums: null envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets containerPorts: - containerPort: 3000 name: app protocol: TCP service: type: ClusterIP port: 80 targetPort: app podLabels: redis-client: 'true' podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app yonote-worker: fullnameOverride: yonote-worker nameOverride: yonote-worker name: worker image: registry: images.updates.yonote.ru repository: yonote tag: 1.19.8 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=worker'] resources: limits: cpu: 1 memory: 1Gi requests: cpu: 50m memory: 128Mi checksums: null containerPorts: - containerPort: 3000 name: app protocol: TCP service: type: ClusterIP port: 80 targetPort: app envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets podLabels: redis-client: 'true' podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app yonote-collaboration: fullnameOverride: yonote-collaboration nameOverride: yonote-collaboration name: collaboration image: registry: images.updates.yonote.ru repository: yonote tag: 1.19.8 pullPolicy: IfNotPresent command: ["/bin/sh", "-c"] args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=collaboration'] checksums: null containerPorts: - containerPort: 3000 name: app protocol: TCP service: type: ClusterIP port: 80 targetPort: app envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets podLabels: redis-client: 'true' podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app yonote-database: enabled: true global: postgresql: auth: database: "yonote" username: "yonote" fullnameOverride: yonote-db nameOverride: db primary: persistence: size: 500Mi resources: limits: cpu: 250m memory: 512Mi requests: cpu: 50m memory: 256Mi yonote-redis: enabled: true fullnameOverride: yonote-redis nameOverride: redis architecture: standalone auth: enabled: false master: persistence: size: 200Mi resources: limits: cpu: 250m memory: 256Mi requests: cpu: 50m memory: 128Mi keycloak-database: enabled: true global: postgresql: auth: database: keycloak username: keycloak name: keycloak-database fullnameOverride: yonote-keycloak-db nameOverride: db primary: persistence: size: 512Mi keycloak: enabled: true name: yonote-keycloak fullnameOverride: yonote-keycloak image: registry: images.updates.yonote.ru repository: yonote-keycloak tag: 19-0.1.1 command: - /bin/sh - -c - /opt/keycloak/bin/kc.sh import --file=/opt/keycloak/data/import/realm-export.json --debug - /opt/keycloak/bin/kc.sh start configMaps: configs: data: KEYCLOAK_ADMIN: root KC_PROXY: edge KC_HOSTNAME_STRICT: "false" KC_HOSTNAME_ADMIN: auth.onprem-test.stands.wilix.dev KC_HOSTNAME: auth.onprem-test.stands.wilix.dev KC_DB: postgres KC_DB_URL: jdbc:postgresql://yonote-keycloak-db:5432/keycloak KC_DB_USERNAME: keycloak KC_HOSTNAME_STRICT_HTTPS: "false" KC_HOSTNAME_PATH: "/" envFrom: - configMapRef: name: '{{ template "app.fullname" . }}-configs' - secretRef: name: '{{ template "app.fullname" . }}-secrets' checksums: - secrets.yaml - configmaps.yaml containerPorts: - containerPort: 8080 name: app protocol: TCP resources: limits: cpu: 500m memory: 512Mi requests: cpu: 150m memory: 128Mi service: type: ClusterIP port: 8080 targetPort: 8080 ingress: enabled: true hostname: 'auth.onprem-test.stands.wilix.dev' ingressClassName: traefik path: '/' pathType: Prefix annotations: kubernetes.io/ingress.class: traefik cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev extraTls: - hosts: - "auth.onprem-test.stands.wilix.dev" secretName: "auth.onprem-test.stands.wilix.dev" # livenessProbe: # enabled: true # failureThreshold: 6 # initialDelaySeconds: 60 # periodSeconds: 15 # successThreshold: 1 # timeoutSeconds: 5 # httpGet: # path: / # port: app # readinessProbe: # enabled: true # failureThreshold: 6 # initialDelaySeconds: 60 # periodSeconds: 15 # successThreshold: 1 # timeoutSeconds: 5 # httpGet: # path: / # port: app minio: enabled: true name: minio fullnameOverride: yonote-minio nameOverride: minio accessKey: "minioadmin" secretKey: "minioadminsecret" persistence: enabled: true size: 500Mi ingress: enabled: true hostname: 's3.onprem-test.stands.wilix.dev' ingressClassName: traefik path: '/' pathType: Prefix annotations: kubernetes.io/ingress.class: traefik cert-manager.io/cluster-issuer: letsencrypt.rancher.wilix.dev extraTls: - hosts: - "s3.onprem-test.stands.wilix.dev" secretName: "s3.onprem-test.stands.wilix.dev" resources: requests: memory: 512Mi cpu: 250m limits: memory: 1Gi cpu: 500m buckets: - name: yonote-bucket policy: none