From 7a52000400603171660b3d636fe7819b6477296f Mon Sep 17 00:00:00 2001 From: kireevdmitry Date: Mon, 21 Mar 2022 09:36:20 -0400 Subject: [PATCH] change templates --- charts/documentserver/templates/_helpers.tpl | 81 +++++++++++++++++++ .../templates/deployments/converter.yaml | 52 ++++++++++-- .../templates/deployments/docservice.yaml | 53 ++++++++++-- charts/documentserver/values.yaml | 68 ++++++++++++++-- 4 files changed, 230 insertions(+), 24 deletions(-) create mode 100644 charts/documentserver/templates/_helpers.tpl diff --git a/charts/documentserver/templates/_helpers.tpl b/charts/documentserver/templates/_helpers.tpl new file mode 100644 index 0000000..a98cbc5 --- /dev/null +++ b/charts/documentserver/templates/_helpers.tpl @@ -0,0 +1,81 @@ +{{/* +Get the PostgreSQL password secret +*/}} +{{- define "ds.postgresql.secretName" -}} +{{- if .Values.connections.dbPassword -}} + {{- printf "%s-postgresql" .Release.Name -}} +{{- else if .Values.connections.dbExistingSecret -}} + {{- printf "%s" (tpl .Values.connections.dbExistingSecret $) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for PostgreSQL +*/}} +{{- define "ds.postgresql.createSecret" -}} +{{- if or .Values.connections.dbPassword (not .Values.connections.dbExistingSecret) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL password +*/}} +{{- define "ds.postgresql.password" -}} +{{- if not (empty .Values.connections.dbPassword) }} + {{- .Values.connections.dbPassword }} +{{- else }} + {{- required "A PostgreSQL Password is required!" .Values.connections.dbPassword }} +{{- end }} +{{- end -}} + +{{/* +Get the RabbitMQ password secret +*/}} +{{- define "ds.rabbitmq.secretName" -}} +{{- if .Values.connections.amqpPassword -}} + {{- printf "%s-rabbitmq" .Release.Name -}} +{{- else if .Values.connections.amqpExistingSecret -}} + {{- printf "%s" (tpl .Values.connections.amqpExistingSecret $) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for RabbitMQ +*/}} +{{- define "ds.rabbitmq.createSecret" -}} +{{- if or .Values.connections.amqpPassword (not .Values.connections.amqpExistingSecret) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return RabbitMQ password +*/}} +{{- define "ds.rabbitmq.password" -}} +{{- if not (empty .Values.connections.amqpPassword) }} + {{- .Values.connections.amqpPassword }} +{{- else }} + {{- required "A RabbitMQ Password is required!" .Values.connections.amqpPassword }} +{{- end }} +{{- end -}} + +{{/* +Get the PVC name +*/}} +{{- define "ds.pvc.name" -}} +{{- if .Values.persistence.existingClaim -}} + {{- printf "%s" (tpl .Values.persistence.existingClaim $) -}} +{{- else }} + {{- printf "ds-files" -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a pvc object should be created +*/}} +{{- define "ds.pvc.create" -}} +{{- if empty .Values.persistence.existingClaim }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/charts/documentserver/templates/deployments/converter.yaml b/charts/documentserver/templates/deployments/converter.yaml index c7f1a00..f954a09 100644 --- a/charts/documentserver/templates/deployments/converter.yaml +++ b/charts/documentserver/templates/deployments/converter.yaml @@ -14,31 +14,62 @@ spec: labels: app: converter spec: -# securityContext: -# runAsUser: 101 -# runAsGroup: 101 + {{ if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.converter.runAsUser }} + runAsGroup: {{ .Values.securityContext.converter.runAsGroup }} + {{ end }} + affinity: + podAntiAffinity: + {{- if eq .Values.antiAffinity.type "soft" }} + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - converter + topologyKey: {{ .Values.antiAffinity.topologyKey }} + weight: {{ .Values.antiAffinity.weight }} + {{- else if eq .Values.antiAffinity.type "hard" }} + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - converter + topologyKey: {{ .Values.antiAffinity.topologyKey }} + {{- end }} volumes: - name: ds-files persistentVolumeClaim: - claimName: ds-files + claimName: {{ template "ds.pvc.name" . }} - name: ds-license secret: secretName: license + {{ if .Values.extraConf.configMap }} + - name: custom-file + configMap: + name: {{ .Values.extraConf.configMap }} + {{ end }} containers: - name: converter image: {{ .Values.converter.containerImage }} + imagePullPolicy: {{ .Values.converter.imagePullPolicy }} resources: {{- toYaml .Values.converter.resources | nindent 12 }} env: - name: DB_PWD valueFrom: secretKeyRef: - name: postgresql - key: postgresql-password + name: {{ template "ds.postgresql.secretName" . }} + key: {{ .Values.connections.dbSecretKeyName }} - name: AMQP_PWD valueFrom: secretKeyRef: - name: rabbitmq - key: rabbitmq-password + name: {{ template "ds.rabbitmq.secretName" . }} + key: {{ .Values.connections.amqpSecretKeyName }} envFrom: - secretRef: name: jwt @@ -50,3 +81,8 @@ spec: - name: ds-license mountPath: /var/www/{{ .Values.product.name }}/Data readOnly: true + {{ if .Values.extraConf.configMap }} + - name: custom-file + mountPath: /etc/{{ .Values.product.name }}/documentserver/{{ .Values.extraConf.filename }} + subPath: {{ .Values.extraConf.filename }} + {{ end }} diff --git a/charts/documentserver/templates/deployments/docservice.yaml b/charts/documentserver/templates/deployments/docservice.yaml index 3fd1bfe..059ad70 100644 --- a/charts/documentserver/templates/deployments/docservice.yaml +++ b/charts/documentserver/templates/deployments/docservice.yaml @@ -16,9 +16,11 @@ spec: labels: app: docservice spec: -# securityContext: -# runAsUser: 101 -# runAsGroup: 101 + {{ if .Values.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.securityContext.docservice.runAsUser }} + runAsGroup: {{ .Values.securityContext.docservice.runAsGroup }} + {{ end }} # topologySpreadConstraints: # - maxSkew: 1 # topologyKey: doks.digitalocean.com/node-pool @@ -26,16 +28,45 @@ spec: # labelSelector: # matchLabels: # app: docservice + affinity: + podAntiAffinity: + {{- if eq .Values.antiAffinity.type "soft" }} + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - docservice + topologyKey: {{ .Values.antiAffinity.topologyKey }} + weight: {{ .Values.antiAffinity.weight }} + {{- else if eq .Values.antiAffinity.type "hard" }} + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - docservice + topologyKey: {{ .Values.antiAffinity.topologyKey }} + {{- end }} volumes: - name: ds-files persistentVolumeClaim: - claimName: ds-files + claimName: {{ template "ds.pvc.name" . }} - name: ds-license secret: secretName: license + {{ if .Values.extraConf.configMap }} + - name: custom-file + configMap: + name: {{ .Values.extraConf.configMap }} + {{ end }} containers: - name: proxy image: {{ .Values.proxy.proxyContainerImage }} + imagePullPolicy: {{ .Values.proxy.imagePullPolicy }} ports: - containerPort: 8888 {{ if .Values.proxy.livenessProbeEnabled }} @@ -54,6 +85,7 @@ spec: - name: docservice image: {{ .Values.docservice.containerImage }} + imagePullPolicy: {{ .Values.docservice.imagePullPolicy }} ports: - containerPort: 8000 {{ if .Values.docservice.readinessProbeEnabled }} @@ -70,13 +102,13 @@ spec: - name: DB_PWD valueFrom: secretKeyRef: - name: postgresql - key: postgresql-password + name: {{ template "ds.postgresql.secretName" . }} + key: {{ .Values.connections.dbSecretKeyName }} - name: AMQP_PWD valueFrom: secretKeyRef: - name: rabbitmq - key: rabbitmq-password + name: {{ template "ds.rabbitmq.secretName" . }} + key: {{ .Values.connections.amqpSecretKeyName }} envFrom: - secretRef: name: jwt @@ -88,3 +120,8 @@ spec: - name: ds-license mountPath: /var/www/{{ .Values.product.name }}/Data readOnly: true + {{ if .Values.extraConf.configMap }} + - name: custom-file + mountPath: /etc/{{ .Values.product.name }}/documentserver/{{ .Values.extraConf.filename }} + subPath: {{ .Values.extraConf.filename }} + {{ end }} diff --git a/charts/documentserver/values.yaml b/charts/documentserver/values.yaml index 22920f7..e05e86a 100644 --- a/charts/documentserver/values.yaml +++ b/charts/documentserver/values.yaml @@ -1,29 +1,62 @@ product: name: onlyoffice - connections: dbHost: postgresql dbUser: postgres dbPort: "5432" + dbName: postgres + dbExistingSecret: postgresql + dbSecretKeyName: postgres-password + dbPassword: "" redisHost: redis-master amqpHost: rabbitmq amqpUser: user amqpProto: amqp + amqpExistingSecret: rabbitmq + amqpSecretKeyName: rabbitmq-password + amqpPassword: "" persistence: + existingClaim: "" storageClass: "nfs" size: 8Gi +log: + level: WARN + metrics: enabled: false + host: statsd-exporter-prometheus-statsd-exporter + port: "8125" + prefix: ds. example: - enabled: true - containerImage: onlyoffice/docs-example:6.4.2.6 + enabled: false + containerImage: onlyoffice/docs-example:7.0.1.37 + imagePullPolicy: IfNotPresent + resources: + ##Example: + ##requests: + ## memory: "128Mi" + ## cpu: "100m" + requests: {} + ##limits: + ## memory: "128Mi" + ## cpu: "250m" + limits: {} + +extraConf: + configMap: "" + filename: local.json + +antiAffinity: + type: "soft" + topologyKey: kubernetes.io/hostname + weight: "100" docservice: - replicas: 3 + replicas: 2 readinessProbeEnabled: true readinessProbe: failureThreshold: 2 @@ -49,7 +82,8 @@ docservice: port: 8000 failureThreshold: 30 periodSeconds: 10 - containerImage: onlyoffice/docs-docservice-de:6.4.2.6 + containerImage: onlyoffice/docs-docservice-de:7.0.1.37 + imagePullPolicy: IfNotPresent resources: ##Example: ##requests: @@ -62,6 +96,7 @@ docservice: limits: {} proxy: + gzipProxied: "off" livenessProbeEnabled: true livenessProbe: failureThreshold: 3 @@ -78,7 +113,8 @@ proxy: port: 8888 failureThreshold: 30 periodSeconds: 10 - proxyContainerImage: onlyoffice/docs-proxy-de:6.4.2.6 + proxyContainerImage: onlyoffice/docs-proxy-de:7.0.1.37 + imagePullPolicy: IfNotPresent resources: ##Example: ##requests: @@ -92,7 +128,8 @@ proxy: converter: replicas: 2 - containerImage: onlyoffice/docs-converter-de:6.4.2.6 + containerImage: onlyoffice/docs-converter-de:7.0.1.37 + imagePullPolicy: IfNotPresent resources: ##Example: ##requests: @@ -107,6 +144,8 @@ converter: jwt: enabled: true secret: MYSECRET + header: Authorization + inBody: false service: type: ClusterIP @@ -114,9 +153,22 @@ service: ingress: enabled: false + host: "" ssl: enabled: false - host: example.com secret: tls + grafana_ingress: enabled: false + +securityContext: + enabled: false + converter: + runAsUser: 101 + runAsGroup: 101 + docservice: + runAsUser: 101 + runAsGroup: 101 + example: + runAsUser: 1001 + runAsGroup: 1001