diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml new file mode 100644 index 0000000..1eee775 --- /dev/null +++ b/.github/workflows/docs.yml @@ -0,0 +1,27 @@ +name: Generate Helm documentation + +on: + push: + branches: + - main + paths: + - '.github/**' + - 'charts/**' + +permissions: + contents: write + +jobs: + update-chart-metadata: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: gabe565/setup-helm-docs-action@v1 + - run: helm-docs + - name: Commit documentation + run: | + git config --global user.name '$GITHUB_ACTOR' + git config --global user.email '$GITHUB_ACTOR@users.noreply.github.com' + git add . + git commit -sm "docs: generate chart documentation" + git push \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 57fefd9..1326e3b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,6 +8,7 @@ on: - '.github/**' - 'charts/**' - '!**.md' + - '!**.md.gotmpl' jobs: diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..21775f0 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,2 @@ +Contributions are welcome, and they are greatly appreciated! Every little bit helps, and credit will always be given. +If you want to contribute, please fork the repository and make changes as you'd like. Pull requests are warmly welcome. \ No newline at end of file diff --git a/README.md b/README.md index 3e173c5..f20fdd5 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,106 @@ -# CryptPad Helm Chart +
-This is the [CryptPad](https://cryptpad.org) [Helm Chart](https://helm.sh/) for easy deployment on Kubernetes. + logo +

CryptPad Helm Chart

+ + + +

+ + contributors + + + last update + + + forks + + + stars + + + open issues + + + license + +

+ +

+ Documentation + · + Report Bug + · + Request Feature +

+
-## Requirements +
-* Kubernetes 1.23+ + +# :notebook_with_decorative_cover: Table of Contents -## Usage +- [:notebook\_with\_decorative\_cover: Table of Contents](#notebook_with_decorative_cover-table-of-contents) + - [:star2: About the Project](#star2-about-the-project) + - [:toolbox: Getting Started](#toolbox-getting-started) + - [:bangbang: Prerequisites](#bangbang-prerequisites) + - [:books: Documentation](#books-documentation) + - [:fast\_forward: TL;DR;](#fast\_forward-tldr) + - [:test\_tube: Running Tests](#test_tube-running-tests) + - [:wave: Contributing](#wave-contributing) + - [:warning: License](#warning-license) + + +## :star2: About the Project + +This is the [Helm Chart](https://helm.sh/) for easy deployment of [CryptPad](https://cryptpad.org) on Kubernetes. + + +## :toolbox: Getting Started + + +### :bangbang: Prerequisites + +This project requires [Kubernetes 1.23+](https://kubernetes.io/) and [Helm](https://helm.sh/docs/intro/install/) installed on your system + +### :books: Documentation + +* Check documentation on [README.md](charts/cryptpad/README.md) on charts/cryptpad. + +### :fast_forward: TL;DR; + +Install the Helm Chart using: ```bash helm repo add cryptpad-github https://cryptpad.github.io/helm helm install cryptpad cryptpad-github/cryptpad ``` -Check [values.yaml](charts/cryptpad/values.yaml) for custom values/settings. + +### :test_tube: Running Tests + +To run tests, run the following command + +```bash + for FILE in charts/*; do + helm unittest $FILE + done +``` + + +## :wave: Contributing + + + + + + +Contributions are always welcome! + +See `CONTRIBUTING.md` for ways to get started. -# License + +## :warning: License ![AGPL logo](https://www.gnu.org/graphics/agplv3-155x51.png "GNU Affero General Public License") diff --git a/assets/logo.png b/assets/logo.png new file mode 100644 index 0000000..0e5fac2 Binary files /dev/null and b/assets/logo.png differ diff --git a/charts/cryptpad/Chart.yaml b/charts/cryptpad/Chart.yaml index d3b48b2..14de6e2 100644 --- a/charts/cryptpad/Chart.yaml +++ b/charts/cryptpad/Chart.yaml @@ -5,7 +5,7 @@ keywords: - open office - storage - end2end -description: CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. +description: CryptPad is a collaboration office suite that is end-to-end-encrypted and open-source. home: https://cryptpad.org icon: https://cryptpad.org/images/CryptPad_logo_text.svg # A chart can be either an 'application' or a 'library' chart. @@ -21,7 +21,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.8 +version: 0.0.9 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/cryptpad/README.md b/charts/cryptpad/README.md new file mode 100644 index 0000000..e83549f --- /dev/null +++ b/charts/cryptpad/README.md @@ -0,0 +1,169 @@ +# cryptpad + +CryptPad is a collaboration office suite that is end-to-end-encrypted and open-source. + +![Version: 0.0.9](https://img.shields.io/badge/Version-0.0.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +## Installing the Chart + +Install the Helm Chart using: + +```console +helm repo add cryptpad-github https://cryptpad.github.io/helm +helm install cryptpad cryptpad-github/cryptpad +``` + +### Configure and Customization + +Values example of how customize your intance: + +```yaml +# https://docs.cryptpad.org/en/admin_guide/installation.html#configure-cryptpad +config: + adminKeys: [ + "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]", + ] + +# https://docs.cryptpad.org/en/admin_guide/customization.html#application-config +application_config: + availableLanguages: [ 'en', 'de', 'fr', 'pt-br' ] + availablePadTypes: [ 'drive', 'teams', 'sheet', 'doc', 'presentation', 'pad', 'kanban', 'code', 'form', 'poll', 'whiteboard', + 'file', 'contacts', 'slide', 'convert', 'diagram' ] + privacy: | + { + "default": 'https://example.com/privacy.html', + "en": 'https://example.com/privacy.en.html', // in case English is not your default language + "de": 'https://example.com/privacy.de.html', // you get the idea? + } +``` + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | common | 2.9.1 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | Values for the Affinity | +| application_config | string | `nil` | Configuration of the [application](https://docs.cryptpad.org/en/admin_guide/customization.html#application-config) | +| autoscaling.enabled | bool | `false` | Enable the Autoscaling | +| autoscaling.maxReplicas | int | `100` | Maximum numbers of replicas | +| autoscaling.minReplicas | int | `1` | Minimal numbers of replicas | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | Percentage of the targeted CPU Utilization | +| autoscaling.targetMemoryUtilizationPercentage | int | `80` | Percentage of the targeted Memory Utilization | +| config.adminKeys | list | `[]` | Public signing key of users to give admin panel access | +| config.archivePath | string | `"./data/archive"` | Directory to archive data for a configurable period before deleting it. | +| config.blobPath | string | `"./blob"` | Directory to store encrypted files that was uploaded. | +| config.blobStagingPath | string | `"./data/blobstage"` | Directory to store incomplete blobs in a 'staging' area until they are fully uploaded. | +| config.blockPath | string | `"./block"` | Directory to store authenticated blocks. | +| config.decreePath | string | `"./data/decrees"` | TODO | +| config.filePath | string | `"./datastore/"` | Directory where files/documents should be stored. | +| config.httpAddress | string | `"0.0.0.0"` | httpAddress specifies the address on which the nodejs server should be accessible. | +| config.installMethod | string | `"helm-docker"` | | +| config.logFeedback | bool | `false` | Enable feedback log, but requires feedback on log level to work. | +| config.logLevel | string | `"info"` | Change log level from this list below by order of importance: (silly, verbose, debug, feedback, info, warn, error). | +| config.logPath | string | `"./data/logs"` | Directory to store logging events. | +| config.logToStdout | bool | `false` | Log activity to stdout, this may be useful for debugging | +| config.pinPath | string | `"./data/pins"` | Directory to store documents that was pinned to to be stored by the server indefinitely. | +| config.taskPath | string | `"./data/tasks"` | Directory to store a list of scheduled tasks. | +| config.verbose | bool | `false` | Enable verbose logging | +| cpadConfig | string | `"/cryptpad/config/config.js"` | File to mount for the CPAD Configuration (`CPAD_CONF`) | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"cryptpad/cryptpad"` | | +| image.tag | string | `"version-5.4.0"` | | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.className | string | `""` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"localhost"` | | +| ingress.hosts[0].paths[0].path | string | `"/"` | | +| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| ingress.tls | list | `[]` | | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | Values for the Node Selector | +| persistence.cryptpad.blob.accessModes[0] | string | `"ReadWriteOnce"` | | +| persistence.cryptpad.blob.annotations | object | `{}` | | +| persistence.cryptpad.blob.dataSource | object | `{}` | | +| persistence.cryptpad.blob.existingClaim | string | `""` | | +| persistence.cryptpad.blob.labels | object | `{}` | | +| persistence.cryptpad.blob.selector | object | `{}` | | +| persistence.cryptpad.blob.size | string | `"100Mi"` | | +| persistence.cryptpad.blob.storageClass | string | `""` | | +| persistence.cryptpad.block.accessModes[0] | string | `"ReadWriteOnce"` | | +| persistence.cryptpad.block.annotations | object | `{}` | | +| persistence.cryptpad.block.dataSource | object | `{}` | | +| persistence.cryptpad.block.existingClaim | string | `""` | | +| persistence.cryptpad.block.labels | object | `{}` | | +| persistence.cryptpad.block.selector | object | `{}` | | +| persistence.cryptpad.block.size | string | `"100Mi"` | | +| persistence.cryptpad.block.storageClass | string | `""` | | +| persistence.cryptpad.data.accessModes[0] | string | `"ReadWriteOnce"` | | +| persistence.cryptpad.data.annotations | object | `{}` | | +| persistence.cryptpad.data.dataSource | object | `{}` | | +| persistence.cryptpad.data.existingClaim | string | `""` | | +| persistence.cryptpad.data.labels | object | `{}` | | +| persistence.cryptpad.data.selector | object | `{}` | | +| persistence.cryptpad.data.size | string | `"100Mi"` | | +| persistence.cryptpad.data.storageClass | string | `""` | | +| persistence.cryptpad.datastore.accessModes[0] | string | `"ReadWriteOnce"` | | +| persistence.cryptpad.datastore.annotations | object | `{}` | | +| persistence.cryptpad.datastore.dataSource | object | `{}` | | +| persistence.cryptpad.datastore.existingClaim | string | `""` | | +| persistence.cryptpad.datastore.labels | object | `{}` | | +| persistence.cryptpad.datastore.selector | object | `{}` | | +| persistence.cryptpad.datastore.size | string | `"100Mi"` | | +| persistence.cryptpad.datastore.storageClass | string | `""` | | +| persistence.enabled | bool | `true` | Enable the persistence | +| podAnnotations | object | `{}` | Annotations for the Pod | +| podSecurityContext | object | `{"fsGroup":4001}` | Security context for the Pod | +| replicaCount | int | `1` | Number of replicas | +| resources | object | `{}` | Specify default resources. We usually recommend not to specify default resources and to leave this as a conscious choice for the user. This also increases chances charts run on environments with little resources, such as Minikube. | +| securityContext | object | `{}` | Security context | +| service.externalIPs | list | `[]` | | +| service.externalPort | int | `80` | | +| service.internalPort | string | `"http"` | | +| service.name | string | `"http"` | | +| service.portName | string | `"node"` | | +| service.sessionAffinity | string | `"ClientIP"` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| tolerations | list | `[]` | Values for the Tolerations | +| workloadStateful | bool | `true` | Enable to choose witch kind of workload will be used: (true) StatefulSet or (false) for Deployment | + +## Backup + +Important volumes or paths (in case different solution like empty/sidecar backup tools) to be considered: + +* **cryptpad-blob** volume, or **/cryptpad/blob** +* **cryptpad-block** volume, or **/cryptpad/block** +* **cryptpad-data** volume, or **/cryptpad/data** +* **cryptpad-datastore** volume, or **/cryptpad/datastore** + +And configuration file or command line with preferences used to install Helm release. + +There are some tools that can manage the backups on k8s workloads. We can suggest [Velero](https://velero.io/), as we already used on some internal clusters. + +There is specific product documentation on: https://docs.cryptpad.org/en/admin_guide/maintenance.html#backup-and-migration + +## Logging + +Current logging resources are standard [Kubernetes logging](https://kubernetes.io/docs/concepts/cluster-administration/logging/). + +Example of how change log levels from instance: + +```yaml +config: + verbose: false + logToStdout: false + logLevel: 'info' + logFeedback: false +``` + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) \ No newline at end of file diff --git a/charts/cryptpad/README.md.gotmpl b/charts/cryptpad/README.md.gotmpl new file mode 100644 index 0000000..be296e8 --- /dev/null +++ b/charts/cryptpad/README.md.gotmpl @@ -0,0 +1,72 @@ +{{ template "chart.header" . }} +{{ template "chart.description" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +## Installing the Chart + +Install the Helm Chart using: + +```console +helm repo add cryptpad-github https://cryptpad.github.io/helm +helm install cryptpad cryptpad-github/cryptpad +``` + +### Configure and Customization + +Values example of how customize your intance: + +```yaml +# https://docs.cryptpad.org/en/admin_guide/installation.html#configure-cryptpad +config: + adminKeys: [ + "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]", + ] + +# https://docs.cryptpad.org/en/admin_guide/customization.html#application-config +application_config: + availableLanguages: [ 'en', 'de', 'fr', 'pt-br' ] + availablePadTypes: [ 'drive', 'teams', 'sheet', 'doc', 'presentation', 'pad', 'kanban', 'code', 'form', 'poll', 'whiteboard', + 'file', 'contacts', 'slide', 'convert', 'diagram' ] + privacy: | + { + "default": 'https://example.com/privacy.html', + "en": 'https://example.com/privacy.en.html', // in case English is not your default language + "de": 'https://example.com/privacy.de.html', // you get the idea? + } +``` + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +## Backup + +Important volumes or paths (in case different solution like empty/sidecar backup tools) to be considered: + +* **cryptpad-blob** volume, or **/cryptpad/blob** +* **cryptpad-block** volume, or **/cryptpad/block** +* **cryptpad-data** volume, or **/cryptpad/data** +* **cryptpad-datastore** volume, or **/cryptpad/datastore** + +And configuration file or command line with preferences used to install Helm release. + +There are some tools that can manage the backups on k8s workloads. We can suggest [Velero](https://velero.io/), as we already used on some internal clusters. + +There is specific product documentation on: https://docs.cryptpad.org/en/admin_guide/maintenance.html#backup-and-migration + +## Logging + +Current logging resources are standard [Kubernetes logging](https://kubernetes.io/docs/concepts/cluster-administration/logging/). + +Example of how change log levels from instance: + +```yaml +config: + verbose: false + logToStdout: false + logLevel: 'info' + logFeedback: false +``` + +{{ template "helm-docs.versionFooter" . }} \ No newline at end of file diff --git a/charts/cryptpad/values.yaml b/charts/cryptpad/values.yaml index ad204b5..98290b7 100644 --- a/charts/cryptpad/values.yaml +++ b/charts/cryptpad/values.yaml @@ -2,11 +2,13 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# -- Number of replicas replicaCount: 1 -# Enable to choose witch kind of workload will be used: (true) StatefulSet or (false) for Deployment +# -- Enable to choose witch kind of workload will be used: (true) StatefulSet or (false) for Deployment workloadStateful: true +# Parameters for the Cryptpad image used image: pullPolicy: IfNotPresent repository: cryptpad/cryptpad @@ -14,7 +16,7 @@ image: # repository: git.xwikisas.com:5050/xwiki-cloud-infrastructure/docker-images/cryptpad # tag: "latest" -# https://docs.cryptpad.org/en/admin_guide/customization.html#application-config +# -- Configuration of the [application](https://docs.cryptpad.org/en/admin_guide/customization.html#application-config) application_config: # Check all the configurable values: https://github.com/xwiki-labs/cryptpad/blob/main/www/common/application_config_internal.js # availableLanguages: [ 'en', 'fr', 'de' ] @@ -26,34 +28,50 @@ application_config: # "de": 'https://example.com/privacy.de.html', // you get the idea? # } +# -- File to mount for the CPAD Configuration (`CPAD_CONF`) cpadConfig: "/cryptpad/config/config.js" # https://docs.cryptpad.org/en/admin_guide/installation.html#admin-cryptpad-config +# [Configuration of Cryptpad](https://docs.cryptpad.org/en/admin_guide/installation.html#admin-cryptpad-config) config: ######################### # NETWORK CONFIGURATION # ######################### + # -- httpAddress specifies the address on which the nodejs server should be accessible. httpAddress: '0.0.0.0' #################### # Database Volumes # #################### + # -- Directory where files/documents should be stored. filePath: './datastore/' + # -- Directory to archive data for a configurable period before deleting it. archivePath: './data/archive' + # -- Directory to store documents that was pinned to to be stored by the server indefinitely. pinPath: './data/pins' + # -- Directory to store a list of scheduled tasks. taskPath: './data/tasks' + # -- Directory to store authenticated blocks. blockPath: './block' + # -- Directory to store encrypted files that was uploaded. blobPath: './blob' + # -- Directory to store incomplete blobs in a 'staging' area until they are fully uploaded. blobStagingPath: './data/blobstage' + # -- TODO decreePath: './data/decrees' + # -- Directory to store logging events. logPath: './data/logs' ############# # Debugging # ############# + # -- Enable verbose logging verbose: false + # -- Log activity to stdout, this may be useful for debugging logToStdout: false + # -- Change log level from this list below by order of importance: (silly, verbose, debug, feedback, info, warn, error). logLevel: 'info' + # -- Enable feedback log, but requires feedback on log level to work. logFeedback: false # Surplus information @@ -61,21 +79,41 @@ config: # Administrator keys # https://docs.cryptpad.org/en/admin_guide/installation.html#configure-administrators + # -- Public signing key of users to give admin panel access adminKeys: [] # adminKeys: [ # "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]", # ] +# TODO: remove # Check values on https://github.com/xwiki-labs/cryptpad-docker#environment-variables # For CPAD_MAIN_DOMAIN and CPAD_SANDBOX_DOMAIN values httpUnsafeOrigin and httpSafeOrigin will be used. +# CryptPad API subdomain FQDN +# @ignore apiDomain: "" +# CryptPad files subdomain FQDN +# @ignore filesDomain: "" +# Trusted proxy address or CIDR +# @ignore trustedProxy: "" +# Header to get client IP from (`X-Real-IP` or `X-Forwarded-For`) +# @ignore realIpHeader: "" +# Instruct Nginx to perform a recursive search to find client's real IP (`on`/`off`) (see [ngx_http_realip_module](https://nginx.org/en/docs/http/ngx_http_realip_module.html)) +# @ignore realIpRecursive: "" +# Path to TLS certificate file +# @ignore tlsCert: "" +# Path to TLS private key file +# @ignore tlsKey: "" +# Path to Diffie-Hellman parameters file +# @ignore tlsDhParam: "" +# Disable HTTP2 +# @ignore http2Disable: "" imagePullSecrets: [] @@ -83,19 +121,22 @@ nameOverride: "" fullnameOverride: "" serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" +# -- Annotations for the Pod podAnnotations: {} +# -- Security context for the Pod podSecurityContext: fsGroup: 4001 +# -- Security context securityContext: {} # capabilities: # drop: @@ -104,6 +145,7 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 +# Values for the service service: portName: node name: http @@ -117,7 +159,9 @@ service: # Reference: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity sessionAffinity: ClientIP +# Values for the ingress ingress: + # Enable the ingress enabled: false className: "" annotations: {} @@ -131,10 +175,12 @@ ingress: tls: [] # - secretName: secret-tls +# -- Specify default resources. +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following + # If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. # limits: # cpu: 100m @@ -144,19 +190,28 @@ resources: {} # memory: 128Mi autoscaling: + # -- Enable the Autoscaling enabled: false + # -- Minimal numbers of replicas minReplicas: 1 + # -- Maximum numbers of replicas maxReplicas: 100 + # -- Percentage of the targeted CPU Utilization targetCPUUtilizationPercentage: 80 + # -- Percentage of the targeted Memory Utilization targetMemoryUtilizationPercentage: 80 +# -- Values for the Node Selector nodeSelector: {} +# -- Values for the Tolerations tolerations: [] +# -- Values for the Affinity affinity: {} persistence: + # -- Enable the persistence enabled: true cryptpad: blob: