yonote/onprem-deploy
17
0
Fork 0
Code Pull Requests Releases Activity
onprem-deploy/yonote-chart-service/values.yaml
sarmstrong 23ad2174ab work in progress
2025-11-25 11:29:04 +03:00

732 lines
19 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

global:
name: yonote-app
yonote:
dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production`
baseListenAddress: modo.lap # Доменный адрес для yonote
config:
plain:
data:
DEBUG: http
NODE_ENV: production
FORCE_HTTPS: "false"
PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL
WEB_CONCURRENCY: "1"
BIND_HOST: 0.0.0.0 # Хост по умолчанию
PORT: "3000" # Порт по умолчанию
REDIS_URL: redis://yonote-redis:6379
DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию
ENABLE_UPDATES: "false"
AI_URL: "1234"
AI_API_KEY: "1234"
URL: 'https://{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
COLLABORATION_URL: 'wss://{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
#DEPLOYMENT: 'hosted'
OIDC_DISPLAY_NAME: email
OIDC_SCOPES: openid email
OIDC_CLIENT_ID: yonote
OIDC_AUTH_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/auth' # URL для авторизации пользователей через OpenID Connect (OIDC). Пользователь перенаправляется на этот адрес для входа в систему.
OIDC_LOGOUT_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/logout' # URL для выхода из системы через OIDC. Пользователь перенаправляется на этот адрес для завершения сессии и выхода.
OIDC_TOKEN_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/token' # URL для получения токенов доступа и обновления. Этот адрес используется для обмена авторизационным кодом на токены
OIDC_USERINFO_URI: 'https://auth.modo.lap/realms/yonote/protocol/openid-connect/userinfo' # URL для получения информации о пользователе. Используется для получения данных профиля пользователя на основе его токена.
AWS_S3_ACL: private
AWS_S3_UPLOAD_BUCKET_URL: 'https://api-s3.modo.lap' # Адрес API S3 хранилища
AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища
AWS_REGION: "RU"
AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища
AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3
S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean
S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах.
SUBDOMAINS_ENABLED: "false" # Поддержка поддоменов для команд
BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста
NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены
TELEGRAM_API_URL: https://api.telegram.org
UNSPLASH_API_BASENAME: https://api.unsplash.com
RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4
SMTP_HOST: "smtp.wilix.dev"
SMTP_USERNAME: ""
SMTP_FROM_EMAIL: ""
SMTP_REPLY_EMAIL: ""
SMTP_PORT: "456"
SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/
SMTP_REQUIRE_TLS: ""
yonote_cron_calendar_events:
cron_enabled: "false"
url: http://yonote-web/api/cron.calendar_events
yonote_cron_task_scheduler:
cron_enabled: "false"
url: http://yonote-web/api/cron.schedule
ingress:
enabled: true
name: yonote-ingress
namespace: yonote-onprem
ingressClassName: traefik
tls:
secretName: "your-tls-secret"
hosts:
- "app.modo.lap"
- "modo.lap"
rules:
- host: "app.modo.lap"
paths:
- path: /
pathType: Prefix
service:
name: yonote-web
port: 80
- path: /realtime
pathType: Prefix
service:
name: yonote-websockets
port: 80
- path: /whiteboard
pathType: Prefix
service:
name: yonote-whiteboard
port: 80
- path: /collaboration
pathType: Prefix
service:
name: yonote-collaboration
port: 80
- host: "modo.lap"
paths:
- path: /
pathType: Prefix
service:
name: yonote-web
port: 80
- path: /realtime
pathType: Prefix
service:
name: yonote-websockets
port: 80
- path: /whiteboard
pathType: Prefix
service:
name: yonote-whiteboard
port: 80
- path: /collaboration
pathType: Prefix
service:
name: yonote-collaboration
port: 80
annotations:
cert-manager.io/cluster-issuer: selfsigned-issuer # Если используете
yonote-web:
fullnameOverride: yonote-web
nameOverride: yonote-web
name: web
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.22.11
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=web']
initContainers:
- name: yonote-migration
image: images.updates.yonote.ru/yonote:1.19.8
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- npx sequelize db:migrate
env:
- name: NODE_ENV
value: '{{ .Values.global.yonote.dbMigrationEnv }}' # В настройках для sequelize прописан такой env для запуска миграций без ssl
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 200m
memory: 256Mi
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-websocket:
fullnameOverride: yonote-websockets
nameOverride: yonote-websockets
name: websockets
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.22.11
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=websockets']
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 150m
memory: 128Mi
checksums: null
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-whiteboard:
fullnameOverride: yonote-whiteboard
nameOverride: yonote-whiteboard
name: whiteboard
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.22.11
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=whiteboard']
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 150m
memory: 128Mi
checksums: null
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-worker:
fullnameOverride: yonote-worker
nameOverride: yonote-worker
name: worker
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.22.11
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=worker']
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 250m
memory: 256Mi
checksums: null
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-collaboration:
fullnameOverride: yonote-collaboration
nameOverride: yonote-collaboration
name: collaboration
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.22.11
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=collaboration']
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 150m
memory: 128Mi
checksums: null
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-database:
enabled: true
#settings:
# Default postgres
# superuser:
userDatabase:
name: yonote
user: yonote
fullnameOverride: yonote-database
nameOverride: yonote-database
storage:
requestedSize: 5Gi
className: "microk8s-hostpath"
resources:
limits:
cpu: 2
memory: 5Gi
requests:
cpu: 500m
memory: 512Mi
extraScripts: postgres-init-scripts
yonote-redis:
enabled: true
fullnameOverride: yonote-redis
nameOverride: redis
storage:
requestedSize: 1Gi
className: "microk8s-hostpath"
resources:
limits:
cpu: 1
memory: 4Gi
requests:
cpu: 500m
memory: 512Mi
minio:
enabled: true
name: minio
fullnameOverride: yonote-minio
#customUser: yonote
nameOverride: yonote-minio
mode: standalone
rootUser: admin
users:
- accessKey: console
secretKey: qwer-12314q-qwersa
policy: readwrite
persistence:
enabled: true
size: 1Gi
storageClass: "microk8s-hostpath"
ingress:
enabled: true
hosts:
- s3.modo.lap
ingressClassName: traefik
path: '/'
annotations:
kubernetes.io/ingress.class: traefik
# cert-manager.io/cluster-issuer: letsencrypt.modo.lap # Если используете
#tls:
# - hosts:
# - "s3.modo.lap"
# secretName: "s3.modo.lap-tls"
consoleIngress:
enabled: true
hosts:
- api-s3.modo.lap
ingressClassName: traefik
path: '/'
annotations:
kubernetes.io/ingress.class: traefik
# cert-manager.io/cluster-issuer: letsencrypt.modo.lap # Если используете
#tls:
# - hosts:
# - "api-s3.modo.lap"
# secretName: "api-s3.modo.lap"
resources:
requests:
memory: 512Mi
cpu: 250m
limits:
memory: 2Gi
cpu: 1
mcJob:
enabled: true
keycloak:
enabled: true
fullnameOverride: yonote-keycloak
nameOverride: yonote-keycloak
image:
repository: quay.io/keycloak/keycloak #images.updates.yonote.ru/yonote-keycloak
tag: 19.0.3
args:
- start-dev #--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true --import-realm
cache:
stack: custom
proxy:
enabled: "false"
extraEnv: |
#- name: KC_LOG_LEVEL
# value: DEBUG
- name: KEYCLOAK_ADMIN
value: root
#valueFrom:
# secretKeyRef:
# name: {{ include "keycloak.fullname" . }}-admin-creds
# key: user
- name: KEYCLOAK_ADMIN_PASSWORD
value: keycloakadmin
#valueFrom:
# secretKeyRef:
# name: {{ include "keycloak.fullname" . }}-admin-creds
# key: password
- name: BASENAME_FOR_SUBDOMAIN
value: modo.lap
- name: KC_HOSTNAME_STRICT
value: "false"
#- name: KC_HOSTNAME_ADMIN
# value: auth.modo.lap/admin
- name: KC_HOSTNAME
value: auth.modo.lap
- name: KC_HOSTNAME_STRICT_HTTPS
value: "false"
- name: KC_HOSTNAME_PATH
value: "/"
#- name: KC_DB_URL
# value: jdbc:postgresql://yonote-database:5432/keycloak
- name: KC_HTTP_ENABLED
value: "true"
#- name: KC_PROXY
# value: edge
#- name: JAVA_OPTS_APPEND
# value: -Djgroups.dns.query=keycloak-headless
#- name: KC_PROXY_HEADERS
# value: "xforwarded"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
# extraVolumes: |
# - name: realm-export
# configMap:
# name: realm-export
# extraVolumeMounts: |
# - name: realm-export
# mountPath: /opt/keycloak/data/import
# readOnly: true
http:
relativePath: "/"
ingress:
enabled: true
hostname: auth.modo.lap
ingressClassName: traefik
tls:
- hosts:
- "auth.modo.lap"
secretName: "auth.modo.lap-tls"
annotations:
kubernetes.io/ingress.class: traefik
cert-manager.io/cluster-issuer: selfsigned-issuer #Если используете
#nginx.ingress.kubernetes.io/proxy-buffer-size: "256k"
#nginx.ingress.kubernetes.io/proxy-buffers: "8 256k"
#nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k"
#nginx.ingress.kubernetes.io/large-client-header-buffers: "8 256k"
#nginx.ingress.kubernetes.io/proxy-set-headers: |
# X-Forwarded-For: $proxy_protocol_addr
# X-Forwarded-Proto: $scheme
# Host: $host
#nginx.ingress.kubernetes.io/use-forwarded-headers: "true"
rules:
- host: "auth.modo.lap"
paths:
- path: /
pathType: ImplementationSpecific
service:
name: yonote-keycloak
port: http
- path: /admin
pathType: ImplementationSpecific
service:
name: yonote-keycloak
port: http
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 250m
memory: 256Mi
dbchecker:
enabled: "true"
database:
vendor: postgres
hostname: yonote-database
port: 5432
database: keycloak
username: keycloaku
livenessProbe: |
httpGet:
path: '{{ trimSuffix "/" .Values.http.relativePath}}/'
port: http
initialDelaySeconds: 240
timeoutSeconds: 5
# Readiness probe configuration
readinessProbe: |
httpGet:
path: '{{ trimSuffix "/" .Values.http.relativePath}}/realms/master'
port: http
initialDelaySeconds: 120
timeoutSeconds: 1
View Git Blame Copy Permalink