onprem-deploy/yonote-chart-service/values.yaml

652 lines
17 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

global:
name: yonote-app
yonote:
dbMigrationEnv: production-ssl-disabled # Режим подключения к базе данных при выполнении миграций. При использовании SSL подключения, установите значение `production`
baseListenAddress: example.com # Доменный адрес для yonote
config:
plain:
data:
DEPLOYMENT: hosted
NODE_ENV: production
FORCE_HTTPS: "false"
PGSSLMODE: disable # Отключает SSL подключение к базе данных. Уберите эту строку, если вы используете SSL подключение к PostgreSQL
BIND_HOST: 0.0.0.0 # Хост по умолчанию
PORT: "3000" # Порт по умолчанию
REDIS_URL: redis://yonote-redis-master:6379
DEFAULT_LANGUAGE: ru_RU # Язык по умолчанию
ENABLE_UPDATES: "false"
AI_URL: "1234"
AI_API_KEY: "1234"
WEB_CONCURRENCY: "1"
URL: 'https://app.{{ .Values.global.yonote.baseListenAddress }}' # Базовый url приложения
COLLABORATION_URL: 'wss://app.{{ .Values.global.yonote.baseListenAddress }}' # Cервер, для нормальной работы это не нужно устанавливать
OIDC_DISPLAY_NAME: email
OIDC_SCOPES: openid email
OIDC_CLIENT_ID: yonote
OIDC_AUTH_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/auth'
# OIDC_AUTH_URI: URL для авторизации пользователей через OpenID Connect (OIDC).
# Пользователь перенаправляется на этот адрес для входа в систему.
OIDC_LOGOUT_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/logout'
# OIDC_LOGOUT_URI: URL для выхода из системы через OIDC.
# Пользователь перенаправляется на этот адрес для завершения сессии и выхода.
OIDC_TOKEN_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/token'
# OIDC_TOKEN_URI: URL для получения токенов доступа и обновления.
# Этот адрес используется для обмена авторизационным кодом на токены
OIDC_USERINFO_URI: 'https://auth.example.com/realms/yonote/protocol/openid-connect/userinfo'
# OIDC_USERINFO_URI: URL для получения информации о пользователе.
# Используется для получения данных профиля пользователя на основе его токена.
AWS_S3_ACL: private
AWS_S3_UPLOAD_BUCKET_URL: yonote-minio:9000 # Адрес S3 хранилища
AWS_S3_UPLOAD_BUCKET_NAME: yonote-bucket # Имя хранилища
AWS_REGION: "RU"
AWS_S3_UPLOAD_MAX_SIZE: "226214400" # Максимальный размер хранилища
AWS_S3_FORCE_PATH_STYLE: "false" # Следует ли принудительно использовать URL-адреса стиля пути для объектов S3
S3_PROXY_ENABLED: "false" # Включает или выключает проксирование загрузки/выгрузки файлов на S3 через бэкенд, принимает boolean
S3_MULTIPART_PART_SIZE: "1000" # Настройка размера частей для multipart загрузки на S3 хранилище, принимает число, по умолчанию 1000 (1GB), значение в мегабайтах.
SUBDOMAINS_ENABLED: "true" # Поддержка поддоменов для команд
BASENAME_FOR_SUBDOMAIN: '{{ .Values.global.yonote.baseListenAddress }}' # Имя хоста
NOT_ALLOWED_SUBDOMAINS: app,collaboration,auth,api,dev,docs,doc,admin,test,quota,billing,i,storage,host,updates # Запрещенные поддомены
TELEGRAM_API_URL: https://api.telegram.org
UNSPLASH_API_BASENAME: https://api.unsplash.com
RESERVED_SUBDOMAINS: about,account,admin,advertising,api,app,assets,archive,beta,billing,blog,cache,cdn,code,community,dashboard,developer,developers,forum,help,home,http,https,imap,localhost,mail,marketing,mobile,multiplayer,new,news,newsletter,ns1,ns2,ns3,ns4,password,profile,realtime,sandbox,script,scripts,setup,signin,signup,site,smtp,support,status,static,stats,test,update,updates,ws,wss,web,websockets,www,www1,www2,www3,www4
SMTP_HOST: ""
SMTP_USERNAME: ""
SMTP_FROM_EMAIL: ""
SMTP_REPLY_EMAIL: ""
SMTP_PORT: ""
SMTP_SECURE: "" # connection will be upgraded: https://nodemailer.com/smtp/
SMTP_REQUIRE_TLS: ""
yonote_cron_calendar_events:
cron_enabled: "true"
url: http://yonote-web/api/cron.calendar_events
yonote_cron_task_scheduler:
cron_enabled: "true"
url: http://yonote-web/api/cron.schedule
ingress:
enabled: true
name: yonote-ingress
namespace: yonote-onprem
ingressClassName: traefik
tls:
secretName: "you_tls_secret"
hosts:
- "app.example.com"
- "team.example.com"
rules:
- host: "app.example.com"
paths:
- path: /
pathType: Prefix
service:
name: yonote-web
port: 80
- path: /realtime
pathType: Prefix
service:
name: yonote-websockets
port: 80
- path: /whiteboard
pathType: Prefix
service:
name: yonote-whiteboard
port: 80
- path: /collaboration
pathType: Prefix
service:
name: yonote-collaboration
port: 80
- host: "team.example.com"
paths:
- path: /
pathType: Prefix
service:
name: yonote-web
port: 80
- path: /realtime
pathType: Prefix
service:
name: yonote-websockets
port: 80
- path: /whiteboard
pathType: Prefix
service:
name: yonote-whiteboard
port: 80
- path: /collaboration
pathType: Prefix
service:
name: yonote-collaboration
port: 80
annotations:
# cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
yonote-web:
fullnameOverride: yonote-web
nameOverride: yonote-web
name: web
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.8
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=web']
initContainers:
- name: yonote-migration
image: images.updates.yonote.ru/yonote:1.19.8
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- '-c'
- npx sequelize db:migrate
env:
- name: NODE_ENV
value: '{{ .Values.global.yonote.dbMigrationEnv }}' # В настройках для sequelize прописан такой env для запуска миграций без ssl
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 200m
memory: 128Mi
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-websocket:
fullnameOverride: yonote-websockets
nameOverride: yonote-websockets
name: websockets
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.8
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=websockets']
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
checksums: null
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-whiteboard:
fullnameOverride: yonote-whiteboard
nameOverride: yonote-whiteboard
name: whiteboard
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.8
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=whiteboard']
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 50m
memory: 128Mi
checksums: null
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-worker:
fullnameOverride: yonote-worker
nameOverride: yonote-worker
name: worker
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.8
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=worker']
resources:
limits:
cpu: 1
memory: 1Gi
requests:
cpu: 50m
memory: 128Mi
checksums: null
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonote-collaboration:
fullnameOverride: yonote-collaboration
nameOverride: yonote-collaboration
name: collaboration
image:
registry: images.updates.yonote.ru
repository: yonote
tag: 1.19.8
pullPolicy: IfNotPresent
command: ["/bin/sh", "-c"]
args: ['IS_COMPILED=true yarn bytenode ./build/server/main.jsc --services=collaboration']
checksums: null
containerPorts:
- containerPort: 3000
name: app
protocol: TCP
service:
type: ClusterIP
port: 80
targetPort: app
envFrom:
- configMapRef:
name: yonote-configs
- secretRef:
name: yonote-secrets
podLabels:
redis-client: 'true'
podAnnotations:
checksum/configmap: "{{ toJson .Values.global.yonote.config.plain | sha256sum }}"
checksum/secret: "{{ toJson .Values.global.yonote.config.secret | sha256sum }}"
readinessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
livenessProbe:
enabled: true
failureThreshold: 6
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
httpGet:
path: /_health
port: app
yonoteDatabase:
enabled: true
global:
postgresql:
auth:
database: "yonote"
username: "yonote"
name: yonote-database
fullnameOverride: yonote-database
nameOverride: yonote-database
primary:
persistence:
size: 500Mi
resources:
limits:
cpu: 250m
memory: 512Mi
requests:
cpu: 50m
memory: 256Mi
yonote-redis:
enabled: true
fullnameOverride: yonote-redis
nameOverride: redis
architecture: standalone
auth:
enabled: false
master:
persistence:
size: 200Mi
resources:
limits:
cpu: 250m
memory: 256Mi
requests:
cpu: 50m
memory: 128Mi
minio:
enabled: true
name: minio
fullnameOverride: yonote-minio
nameOverride: yonote-minio
auth:
rootUser: admin
persistence:
enabled: true
size: 500Mi
ingress:
enabled: true
hostname: 's3.example.com'
ingressClassName: traefik
path: '/'
pathType: ImplementationSpecific
annotations:
kubernetes.io/ingress.class: traefik
# cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
extraTls:
- hosts:
- "s3.example.com"
secretName: "you_tls_secret"
resources:
requests:
memory: 512Mi
cpu: 250m
limits:
memory: 1Gi
cpu: 500m
mcJob:
enabled: true
keycloak:
auth:
adminUser: root
fullnameOverride: yonote-keycloak
nameOverride: yonote-keycloak
command:
- /bin/bash
- -c
- |
/opt/bitnami/keycloak/bin/kc.sh import --file=/opt/bitnami/keycloak/data/import/realm-export.json && \
/opt/bitnami/keycloak/bin/kc.sh start-dev
extraEnvVars:
- name: KC_DB_PASSWORD
value: "tT9BqYdNyd"
- name: KEYCLOAK_PRODUCTION
value: "true"
- name: KC_HOSTNAME_URL
value: "https://auth.example.com"
- name: KC_HOSTNAME_ADMIN_URL
value: "https://auth.example.com"
extraVolumes:
- name: realm-export
configMap:
name: realm-export
extraVolumeMounts:
- name: realm-export
mountPath: /opt/bitnami/keycloak/data/import/realm-export.json
subPath: realm-export.json
ingress:
enabled: true
hostname: auth.example.com
ingressClassName: traefik
tls: true
annotations:
kubernetes.io/ingress.class: traefik
# cert-manager.io/cluster-issuer: letsencrypt.example.com # Если используете
extraTls:
- hosts:
- "auth.example.com"
secretName: "you_tls_secret"
rules:
- host: "auth.example.com"
paths:
- path: /
pathType: Prefix
service:
name: yonote-keycloak
port: http
- path: /admin
pathType: Prefix
service:
name: yonote-keycloak
port: http
proxy: "edge"
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 150m
memory: 128Mi
postgresql:
enabled: true
auth:
database: keycloak
username: keycloak
name: keycloak-database
fullnameOverride: keycloak-database
nameOverride: keycloak-database
primary:
persistence:
size: 512Mi