helm/cloudypress
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: helm:main
Branches Tags
helm:main helm:unit helm:testing
helm:0.7.3 helm:0.7.2 helm:0.7.1
..
compare: helm:unit
Branches Tags
helm:main helm:unit helm:testing
helm:0.7.3 helm:0.7.2 helm:0.7.1

15 Commits
main ... unit

Author SHA1 Message Date
Lars Scheibling
e120bf4a37 Fixed namespace issue for ext-secret 2023-06-02 20:17:42 +02:00
Lars Scheibling
fa3bec2064 Added section for try webp 2023-06-01 17:22:50 +02:00
Lars Scheibling
2c7d959b16 Fixed typo in cm 2023-05-12 17:05:58 +02:00
Lars Scheibling
10555efb04 Added override for environment 2023-05-12 17:00:07 +02:00
Lars Scheibling
13ea14a28c Update values.yaml 2023-04-26 10:54:33 +02:00
Lars Scheibling
ab4af9a75b Update Chart/templates/configmap.yaml, Chart/Chart.yaml, .gitlab-ci.yml 2023-04-26 10:37:08 +02:00
Lars Scheibling
9f414dde5d Fixed bug with FORCE_THEME_NAME 2023-04-18 15:32:45 +00:00
Lars Scheibling
ac4583339e Added redirect from wp-admin to wp/wp-admin 2023-04-17 21:46:01 +00:00
Lars Scheibling
a3bd5334f1 Added option to force theme name 2023-04-17 19:51:28 +00:00
Lars Scheibling
6f8f678288 Fixed duplicate setting field issue 2023-04-15 21:18:51 +00:00
Lars Scheibling
fc1e7a71b2 Added unit config file to container 2023-04-15 21:09:06 +00:00
Lars Scheibling
54fdb529f8 Fixed fsGroup and user ID for Unit 2023-04-15 20:03:29 +00:00
Lars Scheibling
269d9f5550 Typo in image tag reference in deployment 2023-04-15 19:54:07 +00:00
Lars Scheibling
266cbc4afb Switched to Nhinx Unit 2023-04-15 19:32:48 +00:00
Lars Scheibling
d4592ecd65 Created new chart for nginx unit deployments 2023-04-06 15:54:10 +00:00
7 changed files with 172 additions and 264 deletions
Expand all files Collapse all files

25
.gitea/workflows/upload-helm.yml
View File

@@ -1,25 +0,0 @@
name: Upload Helm Chart
run-name: Uploading helm chart
on:
push:
tags: ['*']
jobs:
Explore-Gitea-Actions:
runs-on: shell
env:
HELM_CHART_VERSION: "${{ github.ref_name }}"
steps:
- uses: actions/checkout@v2
- name: Set up Helm
uses: azure/setup-helm@v1
with:
version: 'v3.0.0'
- run: 'sed -i "s/version:.*/version: \"${HELM_CHART_VERSION}\"/" ./Chart/Chart.yaml'
- run: helm package ./Chart
- name: Upload Helm Chart
run: |
curl --request POST \
--user ${{ secrets.HELM_PKG_UPLOAD_USER }}:${{ secrets.HELM_PKG_UPLOAD_PASS }} \
--form "chart=@cloudypress-${HELM_CHART_VERSION}.tgz" \
https://git.cloudyne.io/api/packages/helm/helm/api/charts

2
.gitlab-ci.yml
View File

@@ -1,5 +1,5 @@
variables:
HELM_CHART_VERSION: "0.7.1"
HELM_CHART_VERSION: "0.8.12"
stages:
- deploy

6
Chart/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
name: cloudypress
description: A helm chart for deploying Wordpress on Cloudyne Hosting
description: Helm chart to deploy Wordpress backed by PHP-CLI and Nginx Unit
type: application
version: "0.7.0"
appVersion: "6.1.1"
version: "0.8.12"
appVersion: "6.2.2"

357
Chart/templates/configmap.yaml
View File

@@ -28,7 +28,12 @@ data:
SMTP_FROM_NAME: "V3 Customer Mailer"
{{- end }}
{{- if and .Values.site .Values.site.overrideEnvironment }}
WP_ENV: "{{ .Values.site.overrideEnvironment }}"
{{- else }}
WP_ENV: "production"
{{- end }}
{{- if .Values.site.overrideMainUrl }}
WP_HOME: "https://{{ .Values.site.overrideMainUrl }}"
{{- else }}
@@ -39,6 +44,9 @@ data:
RUN_COMPOSER: 'true'
INSTALL_SITE: {{ .Values.site.init.composerPackage }}
SET_THEME: {{ .Values.site.init.themeName | default "" }}
{{- if .Values.site.forceThemeName }}
FORCE_THEME_NAME: {{ .Values.site.forceThemeName }}
{{- end }}
{{- end }}
{{- if and .Values.site.init .Values.site.init.content .Values.site.init.content.import }}
@@ -64,226 +72,143 @@ metadata:
labels:
{{- include "..labels" . | nindent 8 }}
data:
www.conf: |-
[www]
unit.json: |-
{
"settings": {
"http": {
"header_read_timeout": 60,
"body_read_timeout": 60,
"idle_timeout": 60,
"max_body_size": 512111110
}
},
"listeners": {
"*:8080": {
"pass": "routes"
}
},
"routes": [
{
"action": {
"return": 200
},
"match": {
"uri": [
"/unit-ping",
"/fpm-ping"
]
}
},
{
"action": {
"return": 404
},
"match": {
"uri": [
"/app/uploads/*.php",
"/app/uploads/*.php/*"
]
}
},
{
"action": {
"pass": "applications/php/direct"
},
"match": {
"uri": [
"*.php",
"*.php/*",
"/wp/wp-admin/"
]
}
},
{
"action": {
"return": 302,
"location": "/wp/wp-admin"
},
"match": {
"uri": [
"/wp-admin",
"/wp-admin/*"
]
}
},
{{- if eq .Values.site.enableWebpRoute "true" }}
{
"match": {
"uri": [
"*.jpg",
"*.jpeg",
"*.gif",
"*.png"
]
},
"action": {
"share": [
"/app/web$uri.webp",
"/app/web$uri"
],
"fallback": {
"pass": "applications/php/index"
}
{{- if and .Values.global .Values.global.php }}
listen = {{ .Values.global.php.listenAddress | default "127.0.0.1:8123" }}
listen.backlog = {{ .Values.global.php.listenBacklog | default "511" }}
pm = {{ .Values.global.php.pmMode | default "ondemand" }}
pm.max_children = {{ .Values.global.php.pmMaxChildren | default "100" }}
pm.process_idle_timeout = {{ .Values.global.php.pmProcessIdle | default "30s" }}
pm.max_requests = {{ .Values.global.php.pmMaxRequests | default "1000" }}
security.limit_extensions = {{ .Values.global.php.limitExtensions | default ".php" }}
php_admin_value[expose_php] = {{ .Values.global.php.exposePHP | default "Off" }}
php_admin_value[short_open_tag] = {{ .Values.global.php.shortOpenTag | default "Off" }}
php_admin_value[disable_functions] = {{ .Values.global.php.disableFunctions | default "exec,passthru,shell_exec,system,proc_open,popen" }}
php_value[log_errors] = {{ .Values.global.php.logErrors | default "On" }}
php_admin_value[date.timezone] = {{ .Values.customer.timezone | default "Europe/Stockholm" }}
{{- else }}
listen = 127.0.0.1:8123
listen.backlog = 511
pm = ondemand
pm.max_children = 100
pm.process_idle_timeout = 30s
pm.max_requests = 1000
security.limit_extensions = .php
php_admin_value[expose_php] = Off
php_admin_value[short_open_tag] = Off
php_admin_value[disable_functions] = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source
php_value[log_errors] = On
{{- end }}
ping.path = /fpm-ping
listen.allowed_clients = 127.0.0.1
catch_workers_output = yes
php_value[error_log] = /dev/stderr
{{- if .Values.global.php.adminValues }}
{{- range $k, $v := .Values.global.php.adminValues }}
php_admin_value[{{ $k }}] = {{ $v }}
{{- end }}
{{- end }}
nginx.conf: |
worker_processes auto;
error_log stderr warn;
pid /run/nginx/nginx.pid;
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.globalAdditions | default "" }}
{{- end }}
events {
{{- if and .Values.global .Values.global.nginx }}
worker_connections {{ .Values.global.nginx.workerConnections | default "1024" }};
{{ .Values.global.nginx.eventsAdditions | default "" }}
{{- else }}
worker_connections 1024;
{{- end }}
}
http {
include mime.types;
default_type application/octet-stream;
disable_symlinks off;
log_format main_timed '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time $pipe $upstream_cache_status';
access_log /dev/stdout main_timed;
error_log /dev/stderr notice;
{{- if and .Values.global .Values.global.nginx }}
keepalive_timeout {{ .Values.global.nginx.keepaliveTimeout | default "61" }};
{{- else }}
keepalive_timeout 61;
{{- end }}
client_max_body_size 512m;
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
server {
listen [::]:8080 default_server;
listen 8080 default_server;
server_name _;
{{- if and .Values.global .Values.global.nginx }}
sendfile {{ .Values.global.nginx.sendfile | default "off" }};
tcp_nodelay {{ .Values.global.nginx.tcpNodelay | default "on" }};
absolute_redirect {{ .Values.global.nginx.absoluteRedirects | default "off" }};
{{- else }}
sendfile off;
tcp_nodelay on;
absolute_redirect off;
}
},
{{- end }}
{{- if and .Values.site .Values.site.webroot }}
root {{ .Values.site.webroot.path | default "/app/web" }};
index {{ .Values.site.webroot.indexes | default "index.php index.html index.htm" }};
{{- else }}
root /app/web;
index index.php index.html;
{{- end }}
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.rootLocationAdditions | default "" }}
{{- end }}
{
"action": {
"share": "/app/web$uri",
"fallback": {
"pass": "applications/php/index"
}
}
}
],
location ~* /app/web/app/uploads/.*.php$ {
deny all;
"applications": {
"php": {
"type": "php",
"options": {
"user": {
"display_errors": "0",
"log_errors": "1",
},
"admin": {
{{- if and .Values.global .Values.global.php }}
"expose_php": "{{ .Values.global.php.exposePHP | default "Off" }}",
"short_open_tag": "{{ .Values.global.php.shortOpenTag | default "Off" }}",
"disable_functions": "{{ .Values.global.php.disableFunctions | default "exec,passthru,shell_exec,system,proc_open,popen,show_source" }}",
"log_errors": "{{ .Values.global.php.logErrors | default "On" }}",
"date.timezone": "{{ .Values.customer.timezone | default "Europe/Stockholm" }}",
{{- else }}
"expose_php": "Off",
"short_open_tag": "Off",
"disable_functions": "exec,passthru,shell_exec,system,proc_open,popen,show_source",
"log_errors": "On",
{{- end }}
{{- if .Values.global.php.adminValues }}
{{- range $k, $v := .Values.global.php.adminValues }}
"{{ $k }}": "{{ $v }}",
{{- end }}
{{- else }}
"memory_limit": "512M",
"upload_max_filesize": "512M",
"post_max_size": "512M",
"max_execution_time": "300",
"max_input_time": "300"
{{- end }}
}
},
"targets": {
"direct": {
"root": "/app/web"
},
"index": {
"root": "/app/web",
"script": "index.php"
}
}
}
location ~* /wp-content/uploads/.*.php$ {
deny all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
location ~ \.php$ {
{{- if and .Values.global .Values.global.nginx }}
fastcgi_buffer_size {{ .Values.global.nginx.fcgiBufferSize | default "128k" }};
fastcgi_buffers {{ .Values.global.nginx.fcgiBuffers | default "4 256k" }};
fastcgi_busy_buffers_size {{ .Values.global.nginx.fcgiBusyBufferSize | default "256k" }};
fastcgi_read_timeout {{ .Values.global.nginx.fcgiReadTimeout | default "300" }};
{{- else }}
fastcgi_buffer_size 128k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_read_timeout 300;
{{- end }}
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:8123;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.phpLocationAdditions | default "" }}
{{- end }}
}
location ~* \.(jpg|jpeg|webp|gif|png|css|svg|js|ico|xml)$ {
expires 5d;
}
gzip_comp_level 5;
gzip_min_length 256;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-font-opentype
application/x-font-truetype
application/x-javascript
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/eot
font/opentype
font/otf
image/svg+xml
image/x-icon
image/vnd.microsoft.icon
text/css
text/plain
text/javascript
text/x-component;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
location ~ /\. {
log_not_found off;
deny all;
}
location ~ ^/(fpm-status|fpm-ping)$ {
access_log off;
allow 127.0.0.1;
deny all;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_pass 127.0.0.1:8123;
}
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.serverAdditions | default "" }}
{{- end }}
}
proxy_hide_header X-Powered-By;
fastcgi_hide_header X-Powered-By;
server_tokens off;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
{{- if and .Values.global .Values.global.nginx }}
{{ .Values.global.nginx.httpAdditions }}
{{- end }}
include /etc/nginx/modules/*.conf;
}

19
Chart/templates/deployment.yaml
View File

@@ -22,7 +22,7 @@ spec:
cloudyne.systems/site: {{ .Values.site.url }}
spec:
securityContext:
fsGroup: 65534
fsGroup: 101
volumes:
- name: cloud
persistentVolumeClaim:
@@ -38,9 +38,9 @@ spec:
allowPrivilegeEscalation: false
runAsUser: 0
{{- if .Values.global }}
image: {{ .Values.global.initImage | default "ghcr.io/cloudynes/php-init" }}:{{ .Values.global.imagetag | default "latest" }}
image: {{ .Values.global.initImage | default "ghcr.io/cloudynes/php-cd" }}:{{ .Values.global.imageTag | default "latest" }}
{{- else }}
image: ghcr.io/cloudynes/php-init:latest
image: ghcr.io/cloudynes/php-cd:latest
{{- end }}
imagePullPolicy: Always
volumeMounts:
@@ -65,22 +65,19 @@ spec:
containers:
- name: wordpress
securityContext:
runAsUser: 65534
runAsUser: 101
{{- if .Values.global }}
image: {{ .Values.global.serverImage | default "ghcr.io/cloudynes/php-nginx" }}:{{ .Values.global.imagetag | default "latest" }}
image: {{ .Values.global.serverImage | default "ghcr.io/cloudynes/php-unit" }}:{{ .Values.global.imageTag | default "latest" }}
{{- else }}
image: ghcr.io/cloudynes/php-nginx:latest
image: ghcr.io/cloudynes/php-unit:latest
{{- end }}
imagePullPolicy: Always
volumeMounts:
- name: local
mountPath: /app
- name: serverconfig
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: serverconfig
mountPath: /usr/local/etc/php-fpm.d/www.conf
subPath: www.conf
mountPath: /docker-entrypoint.d/unit.json
subPath: unit.json
{{- if and .Values.site .Values.site.storage .Values.site.storage.cloud .Values.site.storage.cloud.folders }}
{{- range $v := .Values.site.storage.cloud.folders }}
- name: cloud

1
Chart/templates/externalsecret.yaml
View File

@@ -2,7 +2,6 @@ apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: global-secrets-ext
namespace: {{ include "..fullname" . }}
labels:
{{- include "..labels" . | nindent 8 }}
spec:

24
Chart/values.yaml
View File

@@ -44,6 +44,12 @@ site:
additional_env: {}
# MY_ENV_VAR: "value"
# Whether to enable the webp route
# enableWebpRoute: "false"
# Override the environment. Valid values are production, staging and development
# overrideEnvironment: "staging"
# Create sites with another main domain for WP,
# but the rest of the components named according to site-tld
# overrideMainUrl: ""
@@ -75,6 +81,9 @@ site:
# The name of the theme which the composer package refers to
themeName: "mycustomer-app-theme"
# If needed, force a change of the theme folder name to conform with site requirements
# forceThemeName: ""
# Optional: Import content to wp-content directory from zip file
content: {}
@@ -107,13 +116,13 @@ site:
# Global configuration
global:
# Which image to use for the web server
serverImage: ghcr.io/cloudynes/php-nginx
serverImage: ghcr.io/cloudynes/php-unit
# Which image to use for the initialization
initImage: ghcr.io/cloudynes/php-init
initImage: ghcr.io/cloudynes/php-cd
# The tag to use for the above images
imageTag: fpm8.0-alpine3.16
imageTag: "8.0"
# The database instance where the database will be provisioned
dbInstance: "kincaid"
@@ -130,12 +139,15 @@ global:
limitExtensions: ".php"
exposePHP: "Off"
shortOpenTag": "Off"
disableFunctions: "exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,show_source"
disableFunctions: "exec,passthru,shell_exec,system,proc_open,popen,show_source"
logErrors: "On"
adminValues:
upload_max_filesize: "256M"
post_max_size: "256M"
memory_limit: "512M"
upload_max_filesize: "512M"
post_max_size: "512M"
max_execution_time: "300"
max_input_time: "300"
nginx:
workerConnections: "1024"