onprem-deploy/yonote-chart-mono/values.yaml

global:
  name: yonote-app
  yonote:
    dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production`
    baseListenAddress: example.com # Доменный адрес для yonote

    config:
      plain:
        data:
          NODE_ENV: production
          FORCE_HTTPS: "false"
          PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL
          WEB_CONCURRENCY: "1"

          BIND_HOST: 0.0.0.0 # Хост по умолчанию
          PORT: "3000" # Порт по умолчанию

          REDIS_URL: redis://yonote-redis-master:6379

          DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию 
          ENABLE_UPDATES: "false"
          
          AI_URL: "1234"
          AI_API_KEY: "1234"

          URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
          COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
          
          OIDC_DISPLAY_NAME: email
          OIDC_SCOPES: openid email
          OIDC_CLIENT_ID: yonote
          OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему.
          OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода.
          OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены
          OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена.
          
          AWS_S3_ACL: private
          AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища
          AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища 
          AWS_REGION: "ru_RU"
          AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища
          AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3
          S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean
          S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах.

          SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд
          BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста
          NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены

          TELEGRAM_API_URL: https://api.telegram.org

          UNSPLASH_API_BASENAME: https://api.unsplash.com

          RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4

          SMTP_HOST: ""
          SMTP_USERNAME: ""
          SMTP_FROM_EMAIL: ""
          SMTP_REPLY_EMAIL: ""
          SMTP_PORT: ""
          SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/
          SMTP_REQUIRE_TLS: ""

  yonote_cron_calendar_events:
    cron_enabled: "true"
    url: http://yonote-web/api/cron.calendar_events

  yonote_cron_task_scheduler:
    cron_enabled: "true"
    url: http://yonote-web/api/cron.schedule

yonote-web:
  fullnameOverride: yonote-web
  nameOverride: yonote-web
  name: web
  image:
    registry: images.updates.yonote.ru
    repository: yonote
    tag: 1.19.5
    pullPolicy: IfNotPresent
  resources:
    limits:
      cpu: "1"
      memory: 1Gi
    requests:
      cpu: 250m
      memory: 256Mi
  
ingress:
  enabled: true
  name: yonote-ingress
  namespace: yonote-onprem
  ingressClassName: nginx
  tls:
    - secretName: "you_tls_secret"
      hosts: 
        - "app.example.com"
        - "team.example.com"
  annotations:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/server-snippets: |
      location /realtime {
        proxy_set_header Upgrade $http_upgrade;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header Connection "upgrade";
        proxy_cache_bypass $http_upgrade;
      }      
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_headers "Host              $http_host";
      more_set_headers "X-Real-IP         $remote_addr";
      more_set_headers "X-Forwarded-Proto $scheme";
      more_set_headers "X-Forwarded-For   $proxy_add_x_forwarded_for";              
    cert-manager.io/cluster-issuer: ""

  rules:
  - host: "app.example.com"
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: yonote-web
              port:
                number: 80
        - path: /realtime
          pathType: Prefix
          backend:
            service:
              name: yonote-websockets
              port:
                number: 80
        - path: /whiteboard
          pathType: Prefix
          backend:
            service:
              name: yonote-whiteboard
              port:
                number: 80
        - path: /collaboration
          pathType: Prefix
          backend:
            service:
              name: yonote-collaboration
              port:
                number: 80

  - host: "team.example.com"
    http:
      paths:
        - path: /
          pathType: Prefix
          backend:
            service:
              name: yonote-web
              port:
                number: 80
        - path: /realtime
          pathType: Prefix
          backend:
            service:
              name: yonote-websockets
              port:
                number: 80
        - path: /whiteboard
          pathType: Prefix
          backend:
            service:
              name: yonote-whiteboard
              port:
                number: 80
        - path: /collaboration
          pathType: Prefix
          backend:
            service:
              name: yonote-collaboration
              port:
                number: 80

  containerPorts:
    - containerPort: 3000
      name: app
      protocol: TCP
  service:
    type: ClusterIP
    port: 80
    targetPort: app
  envFrom:
    - configMapRef:
        name: yonote-configs
    - secretRef:
        name: yonote-secrets

  podLabels:
    redis-client: 'true'
  podAnnotations:
    checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
    checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
  readinessProbe:
    enabled: true
    failureThreshold: 6
    initialDelaySeconds: 60
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 5
    httpGet:
      path: /_health
      port: app
  livenessProbe:
    enabled: true
    failureThreshold: 6
    initialDelaySeconds: 60
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 5
    httpGet:
      path: /_health
      port: app

yonoteDatabase:
  enabled: true
  global:
    postgresql:
      auth:
        database: "yonote"
        username: "yonote"
  name: yonote-database
  fullnameOverride: yonote-database
  nameOverride: yonote-database
  
  primary:
    persistence:
      size: 500Mi
    resources:
      limits:
        cpu: 250m
        memory: 512Mi
      requests:
        cpu: 50m
        memory: 256Mi

yonote-redis:
  enabled: true
  fullnameOverride: yonote-redis
  nameOverride: redis
  architecture: standalone
  
  auth:
    enabled: false
  
  master:
    persistence:
      size: 200Mi
    resources:
      limits:
        cpu: 250m
        memory: 256Mi
      requests:
        cpu: 50m
        memory: 128Mi
   
minio:
  enabled: true
  name: minio
  fullnameOverride: yonote-minio
  nameOverride: yonote-minio
  auth:
    rootUser: admin
  
  persistence:
    enabled: true
    size: 500Mi

  ingress:
    enabled: true
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/configuration-snippet: |
        more_set_headers "Host              $http_host";
        more_set_headers "X-Real-IP         $remote_addr";
        more_set_headers "X-Forwarded-Proto $scheme";
        more_set_headers "X-Forwarded-For   $proxy_add_x_forwarded_for";        
    hosts:
      - host: s3.example.com
        paths:
          - path: /
            pathType: ImplementationSpecific

    resources:
      requests:
        memory: 512Mi
        cpu: 250m
      limits:
        memory: 1Gi
        cpu: 500m
    
    buckets:
      - name: yonote-bucket
        policy: none

mcJob:
  enabled: true

keycloak:
  auth:
    adminUser: root

  fullnameOverride: yonote-keycloak
  nameOverride: yonote-keycloak

  command:
    - /bin/bash
    - -c
    - |
      /opt/bitnami/keycloak/bin/kc.sh import --file=/opt/bitnami/keycloak/data/import/realm-export.json && \
      /opt/bitnami/keycloak/bin/kc.sh start-dev      

  extraEnvVars:
    - name: KC_DB_PASSWORD
      value: "tT9BqYdNyd"
    - name: KEYCLOAK_PRODUCTION
      value: "true"
    - name: KC_HOSTNAME_URL
      value: "https://auth.example.com"
    - name: KC_HOSTNAME_ADMIN_URL
      value: "https://auth.example.com"

  extraVolumes:
    - name: realm-export
      configMap:
        name: realm-export

  extraVolumeMounts:
    - name: realm-export
      mountPath: /opt/bitnami/keycloak/data/import/realm-export.json
      subPath: realm-export.json

  ingress:
    enabled: true
    hostname: auth.example.com
    ingressClassName: traefik
    tls: true
    annotations:
      kubernetes.io/ingress.class: traefik
      # cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
    extraTls:
      - hosts:
          - "auth.example.com"
        secretName: "you_tls_secret"
    rules:
      - host: "auth.example.com"
        paths: 
          - path: /
            pathType: Prefix
            service:
              name: yonote-keycloak
              port: http
          - path: /admin
            pathType: Prefix
            service:
              name: yonote-keycloak
              port: http

  proxy: "edge"

  resources:
    limits:
      cpu: 500m
      memory: 512Mi
    requests:
      cpu: 150m
      memory: 128Mi
  
  postgresql:
    enabled: true
    auth:
      database: keycloak
      username: keycloak
    name: keycloak-database
    fullnameOverride: keycloak-database
    nameOverride: keycloak-database
    primary:
      persistence:
        size: 512Mi