global: postgresql: auth: database: yonote username: yonote password: example_pass postgresPassword: example_pass_postgres yonote: ingress: ingressClassName: traefik dbMigrationEnv: production-ssl-disabled keycloak: hostName: auth.example.com realmName: yonote baseListenAddress: example.com config: plain: data: DEPLOYMENT: undefined #Режим приложения FORCE_HTTPS: "false" PGSSLMODE: disable BIND_HOST: 0.0.0.0 #Хост по умолчанию PORT: "3000" #Порт по умолчанию REDIS_URL: redis://yonote-redis-master:6379 DEFAULT_LANGUAGE: ru_RU #Язык по умолчанию ENABLE_UPDATES: "false" AI_URL: http://engate.wilix.dev:5001 URL: 'http://app.{{ .Values.global.yonote.baseListenAddress }}' #Базовый url приложения COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' #сервер, для нормальной работы это не нужно устанавливать OIDC_DISPLAY_NAME: email OIDC_SCOPES: openid email OIDC_CLIENT_ID: yonote OIDC_AUTH_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/auth' OIDC_LOGOUT_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/logout' OIDC_TOKEN_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/token' OIDC_USERINFO_URI: 'http://{{ .Values.global.yonote.keycloak.hostName }}/realms/{{ .Values.global.yonote.keycloak.realmName }}/protocol/openid-connect/userinfo' AWS_S3_ACL: private AWS_S3_UPLOAD_BUCKET_URL: example-url-s3 #Адрес S3 хранилища AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket #Имя хранилища - полный URL = http://127.0.0.1:9000/yonote-bucket AWS_REGION: "" AWS_S3_UPLOAD_MAX_SIZE: "226214400" #Максимальный размер хранилища AWS_S3_FORCE_PATH_STYLE: "false" #Следует ли принудительно использовать URL-адреса стиля пути для объектов S3 SUBDOMAINS_ENABLED: "true" #Поддержка поддоменов для команд BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' #Имя хоста NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates #запрещенные поддомены TELEGRAM_API_URL: https://api.telegram.org UNSPLASH_API_BASENAME: https://api.unsplash.com RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4 SMTP_HOST: "" SMTP_USERNAME: "" SMTP_FROM_EMAIL: "" SMTP_REPLY_EMAIL: "" SMTP_PORT: "" SMTP_SECURE: "" #connection will be upgraded: https://nodemailer.com/smtp/ SMTP_REQUIRE_TLS: "" secret: stringData: DATABASE_URL: 'postgres://{{ .Values.global.postgresql.auth.username }}:{{ .Values.global.postgresql.auth.password }}@yonote-db/{{ .Values.global.postgresql.auth.database }}' POSTGRES_PASSWORD: AI_API_KEY: "" AWS_ACCESS_KEY_ID: "" #Ваш идентификатор ключа доступа к AWS. Поведение в SelfHosted: устанавливает логин сервис аккаунта для доступа приложения к Minio S3 хранилищу AWS_SECRET_ACCESS_KEY: "" #Ваш секретный ключ доступа AWS. Поведение в SelfHosted: устанавливает пароль сервис аккаунта для доступа приложения к Minio S3 хранилищу OIDC_CLIENT_SECRET: "" SECRET_KEY: "" SMTP_PASSWORD: "" UTILS_SECRET: "" YANDEX_METRIKA_ID: "" TELEGRAM_BOT_TOKEN: "" UNSPLASH_API_ACCESS_KEY: "" REDIS_URL: "" #redis://username:password>@:6379 LICENSE_KEY: "" SERVICE_WORKER_PUBLIC_KEY: "" SERVICE_WORKER_PRIVATE_KEY: "" QUOTA_TOKEN: "" yonote_cron_calendar_events: cron_enabled: "true" url: http://yonote-web/api/cron.calendar_events yonote_cron_task_scheduler: cron_enabled: "true" url: http://yonote-web/api/cron.schedule name: yonote yonote-web: fullnameOverride: yonote-web nameOverride: yonote-web name: web image: registry: images.updates.yonote.ru repository: yonote tag: 1.19.5 pullPolicy: IfNotPresent args: #- ./build/server/index.js #- '--services=web' initContainers: - name: yonote-migration image: images.updates.yonote.ru/yonote:1.19.5 imagePullPolicy: IfNotPresent command: - /bin/sh - '-c' - npx sequelize db:migrate env: - name: NODE_ENV value: '{{ .Values.global.yonote.dbMigrationEnv }}' # В настройках для sequelize прописан такой env для запуска миграций без ssl envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets resources: limits: cpu: 350m memory: 512Mi requests: cpu: 200m memory: 128Mi containerPorts: - containerPort: 3000 name: app protocol: TCP service: type: ClusterIP port: 80 targetPort: app envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets ingress: enabled: true hostname: '"*.yonote.example.com"' ingressClassName: "" path: '/' pathType: Prefix tls: false podLabels: redis-client: 'true' podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app yonote-websocket: fullnameOverride: yonote-websockets nameOverride: yonote-websockets name: websockets image: registry: images.updates.yonote.ru repository: yonote tag: 1.19.5 pullPolicy: IfNotPresent args: #- ./build/server/index.js #- '--services=websockets' resources: limits: cpu: 250m memory: 512Mi requests: cpu: 50m memory: 128Mi checksums: null envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets containerPorts: - containerPort: 3000 name: app protocol: TCP service: type: ClusterIP port: 80 targetPort: app ingress: enabled: true hostname: '"*.yonote.example.com"' ingressClassName: "" path: '/realtime' pathType: Prefix tls: false podLabels: redis-client: 'true' podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app yonote-whiteboard: fullnameOverride: yonote-whiteboard nameOverride: yonote-whiteboard name: whiteboard image: registry: images.updates.yonote.ru repository: yonote tag: 1.19.5 pullPolicy: IfNotPresent args: #- ./build/server/index.js #- '--services=whiteboard' resources: limits: cpu: 250m memory: 512Mi requests: cpu: 50m memory: 128Mi checksums: null envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets containerPorts: - containerPort: 3000 name: app protocol: TCP service: type: ClusterIP port: 80 targetPort: app ingress: enabled: true hostname: '"*.yonote.example.com"' ingressClassName: "" path: '/whiteboard' pathType: Prefix tls: false podLabels: redis-client: 'true' podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app yonote-worker: fullnameOverride: yonote-worker nameOverride: yonote-worker name: worker image: registry: images.updates.yonote.ru repository: yonote tag: 1.19.5 pullPolicy: IfNotPresent args: #- ./build/server/index.js #- '--services=worker' resources: limits: cpu: 500m memory: 1Gi requests: cpu: 250m memory: 256Mi checksums: null containerPorts: - containerPort: 3000 name: app protocol: TCP service: type: ClusterIP port: 80 targetPort: app envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets podLabels: redis-client: 'true' podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app yonote-collaboration: fullnameOverride: yonote-collaboration nameOverride: yonote-collaboration name: collaboration image: registry: images.updates.yonote.ru repository: yonote tag: 1.19.5 pullPolicy: IfNotPresent args: #- ./build/server/index.js #- '--services=collaboration' checksums: null containerPorts: - containerPort: 3000 name: app protocol: TCP service: type: ClusterIP port: 80 targetPort: app ingress: enabled: true hostname: '"*.yonote.example.com"' ingressClassName: "" path: '/collaboration' pathType: Prefix tls: false envFrom: - configMapRef: name: yonote-configs - secretRef: name: yonote-secrets podLabels: redis-client: 'true' podAnnotations: checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}" checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}" readinessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app livenessProbe: enabled: true failureThreshold: 6 initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 httpGet: path: /_health port: app yonote-database: enabled: true fullnameOverride: yonote-db nameOverride: db primary: persistence: size: 500Mi resources: limits: cpu: 250m memory: 512Mi requests: cpu: 50m memory: 256Mi yonote-redis: enabled: true fullnameOverride: yonote-redis nameOverride: redis architecture: standalone auth: enabled: false master: persistence: size: 200Mi resources: limits: cpu: 250m memory: 256Mi requests: cpu: 50m memory: 128Mi keycloak: enabled: true fullnameOverride: yonote-keycloak nameOverride: keycloak hostName: auth.example.com realmName: yonote auth: adminUser: admin adminPassword: "12345" ingress: enabled: true annotations: kubernetes.io/ingress.class: traefik hosts: - host: keycloak.example.com paths: - path: / pathType: ImplementationSpecific tls: - secretName: keycloak-tls hosts: - keycloak.example.com postgresql: name: postgresql enabled: true postgresqlUsername: keycloak postgresqlPassword: keycloak postgresqlDatabase: keycloak persistence: size: 500Mi # externalDatabase: #Если используете не встроенную БД # host: # port: 5432 # database: keycloak # user: keycloak # password: # existingSecret: app-postgresql # existingSecretKey: postgresql-password extraEnv: | - name: KC_SPI_ADMIN_REALM value: 'yonote' service: type: ClusterIP port: 8080 minio: enabled: true fullnameOverride: yonote-minio nameOverride: minio accessKey: "minioadmin" secretKey: "minioadminsecret" persistence: enabled: true size: 500Mi ingress: enabled: true annotations: kubernetes.io/ingress.class: traefik hosts: - host: minio.example.com paths: - path: / pathType: ImplementationSpecific tls: - secretName: minio-tls hosts: - minio.example.com resources: requests: memory: 512Mi cpu: 250m limits: memory: 1Gi cpu: 500m buckets: - name: mybucket policy: none - name: anotherbucket policy: none