From 87384c8b635d1b031d236d9bd980fb18bbd861ab Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Thu, 29 Jun 2023 22:04:37 +0200 Subject: [PATCH 01/45] Added local disk --- .gitlab-ci.yml | 2 +- Chart/templates/deployment.yaml | 24 ++++++++++++++++++---- Chart/templates/persistentvolume.yaml | 16 ++++++++++++++- Chart/templates/persistentvolumeclaim.yaml | 18 +++++++++++++++- Chart/values.yaml | 2 +- 5 files changed, 54 insertions(+), 8 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 227188c..f7d6643 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "0.6.12" + HELM_CHART_VERSION: "99.6.12" stages: - deploy diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index ee1584f..626ee1a 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -29,12 +29,28 @@ spec: - name: cloud persistentVolumeClaim: claimName: pvc-{{ include "..fullname" . }} + - name: cloud-local + persistentVolumeClaim: + claimName: pvc-{{ include "..fullname" . }}-local - name: serverconfig configMap: name: {{ include "..fullname" . }}-cfg imagePullSecrets: - name: pull-secret initContainers: + - name: init-storage + securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 + image: cloudyne/ubuntu-ci:latest + command: ["storage-clone"] + args: ["/full-cloud", "/full-cloud-local"] + imagePullPolicy: Always + volumeMounts: + - name: cloud + mountPath: /full-cloud + - name: cloud-local + mountPath: /full-cloud-local - name: deploy securityContext: allowPrivilegeEscalation: false @@ -49,14 +65,14 @@ spec: subPath: init.json {{- if .Values.storage.wpContent }} {{- range $v := .Values.storage.wpContent }} - - name: cloud + - name: cloud-local mountPath: "/app/web/app/{{ $v }}" subPath: "{{ $v }}" {{- end }} {{- end }} {{- if .Values.storage.additionalMounts }} {{- range $v := .Values.storage.additionalMounts }} - - name: cloud + - name: cloud-local mountPath: {{ $v.localPath }} subPath: {{ $v.cloudPath }} {{- end }} @@ -81,14 +97,14 @@ spec: subPath: unit.json {{- if .Values.storage.wpContent }} {{- range $v := .Values.storage.wpContent }} - - name: cloud + - name: cloud-local mountPath: "/app/web/app/{{ $v }}" subPath: "{{ $v }}" {{- end }} {{- end }} {{- if .Values.storage.additionalMounts }} {{- range $v := .Values.storage.additionalMounts }} - - name: cloud + - name: cloud-local mountPath: {{ $v.localPath }} subPath: {{ $v.cloudPath }} {{- end }} diff --git a/Chart/templates/persistentvolume.yaml b/Chart/templates/persistentvolume.yaml index bc86d81..35332ac 100644 --- a/Chart/templates/persistentvolume.yaml +++ b/Chart/templates/persistentvolume.yaml @@ -35,4 +35,18 @@ spec: persistentVolumeReclaimPolicy: Retain storageClassName: {{ .Values.storage.class | default "premium01" }}-retain volumeMode: Filesystem ---- \ No newline at end of file +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-{{ include "..fullname" }}-local + labels: + {{- include "..labels" . | nindent 8 }} +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: {{ .Values.site.resources.disk | default "5Gi" }} + persistentVolumeReclaimPolicy: Retain + storageClassName: "longhorn" + volumeMode: Filesystem \ No newline at end of file diff --git a/Chart/templates/persistentvolumeclaim.yaml b/Chart/templates/persistentvolumeclaim.yaml index f30c488..27446ed 100644 --- a/Chart/templates/persistentvolumeclaim.yaml +++ b/Chart/templates/persistentvolumeclaim.yaml @@ -19,4 +19,20 @@ spec: {{- if and .Values.storage .Values.storage.class }} storageClassName: {{ .Values.storage.class | default "premium01" }}-retain -{{- end }} \ No newline at end of file +{{- end }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + {{- include "..labels" . | nindent 8 }} + name: pvc-{{ include "..fullname" . }}-local +spec: + volumeMode: Filesystem + volumeName: pv-{{ include "..fullname" }}-local + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.site.resources.disk | default "5Gi" }} + storageClassName: "longhorn" \ No newline at end of file diff --git a/Chart/values.yaml b/Chart/values.yaml index 2a8ea83..edea658 100644 --- a/Chart/values.yaml +++ b/Chart/values.yaml @@ -37,7 +37,7 @@ database: # Storage Settings storage: - # The storage class to use for the site + # The storage class used for the cloud part of the storage # Default: premium01 class: "premium01" From 47168eb6dc1fe0a8701ca6d0bbb19416b2e9c467 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Thu, 29 Jun 2023 22:07:54 +0200 Subject: [PATCH 02/45] Fixed include --- Chart/templates/persistentvolume.yaml | 2 +- Chart/templates/persistentvolumeclaim.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart/templates/persistentvolume.yaml b/Chart/templates/persistentvolume.yaml index 35332ac..6606e60 100644 --- a/Chart/templates/persistentvolume.yaml +++ b/Chart/templates/persistentvolume.yaml @@ -39,7 +39,7 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: pv-{{ include "..fullname" }}-local + name: pv-{{ include "..fullname" . }}-local labels: {{- include "..labels" . | nindent 8 }} spec: diff --git a/Chart/templates/persistentvolumeclaim.yaml b/Chart/templates/persistentvolumeclaim.yaml index 27446ed..c0dca8b 100644 --- a/Chart/templates/persistentvolumeclaim.yaml +++ b/Chart/templates/persistentvolumeclaim.yaml @@ -29,7 +29,7 @@ metadata: name: pvc-{{ include "..fullname" . }}-local spec: volumeMode: Filesystem - volumeName: pv-{{ include "..fullname" }}-local + volumeName: pv-{{ include "..fullname" . }}-local accessModes: - ReadWriteOnce resources: From 1f86724ba5b734ffdc262d0dea886904b3808987 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Thu, 29 Jun 2023 22:09:40 +0200 Subject: [PATCH 03/45] Bump version --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f7d6643..d8b8193 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.12" + HELM_CHART_VERSION: "99.6.13" stages: - deploy From 3fd277dd880d87cf2c17bc70f02ffe49652a8e2e Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Thu, 29 Jun 2023 22:17:44 +0200 Subject: [PATCH 04/45] Updated persistent volume --- .gitlab-ci.yml | 2 +- Chart/templates/persistentvolume.yaml | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d8b8193..8dd94a4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.13" + HELM_CHART_VERSION: "99.6.14" stages: - deploy diff --git a/Chart/templates/persistentvolume.yaml b/Chart/templates/persistentvolume.yaml index 6606e60..06d625a 100644 --- a/Chart/templates/persistentvolume.yaml +++ b/Chart/templates/persistentvolume.yaml @@ -49,4 +49,8 @@ spec: storage: {{ .Values.site.resources.disk | default "5Gi" }} persistentVolumeReclaimPolicy: Retain storageClassName: "longhorn" - volumeMode: Filesystem \ No newline at end of file + volumeMode: Filesystem + csi: + driver: driver.longhorn.io + fsType: ext4 + volumeHandle: pvc-{{ include "..fullname" . }}-local From d9524764206ec213c592e761a33ea45343417deb Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Thu, 29 Jun 2023 22:23:33 +0200 Subject: [PATCH 05/45] Dynamic provisioning for PVC --- .gitlab-ci.yml | 2 +- Chart/templates/persistentvolume.yaml | 36 +++++++++++----------- Chart/templates/persistentvolumeclaim.yaml | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8dd94a4..a581a63 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.14" + HELM_CHART_VERSION: "99.6.15" stages: - deploy diff --git a/Chart/templates/persistentvolume.yaml b/Chart/templates/persistentvolume.yaml index 06d625a..31a0465 100644 --- a/Chart/templates/persistentvolume.yaml +++ b/Chart/templates/persistentvolume.yaml @@ -36,21 +36,21 @@ spec: storageClassName: {{ .Values.storage.class | default "premium01" }}-retain volumeMode: Filesystem --- -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-{{ include "..fullname" . }}-local - labels: - {{- include "..labels" . | nindent 8 }} -spec: - accessModes: - - ReadWriteOnce - capacity: - storage: {{ .Values.site.resources.disk | default "5Gi" }} - persistentVolumeReclaimPolicy: Retain - storageClassName: "longhorn" - volumeMode: Filesystem - csi: - driver: driver.longhorn.io - fsType: ext4 - volumeHandle: pvc-{{ include "..fullname" . }}-local +# apiVersion: v1 +# kind: PersistentVolume +# metadata: +# name: pv-{{ include "..fullname" . }}-local +# labels: +# {{- include "..labels" . | nindent 8 }} +# spec: +# accessModes: +# - ReadWriteOnce +# capacity: +# storage: {{ .Values.site.resources.disk | default "5Gi" }} +# persistentVolumeReclaimPolicy: Retain +# storageClassName: "longhorn" +# volumeMode: Filesystem +# csi: +# driver: driver.longhorn.io +# fsType: ext4 +# volumeHandle: pvc-{{ include "..fullname" . }}-local diff --git a/Chart/templates/persistentvolumeclaim.yaml b/Chart/templates/persistentvolumeclaim.yaml index c0dca8b..152c8fe 100644 --- a/Chart/templates/persistentvolumeclaim.yaml +++ b/Chart/templates/persistentvolumeclaim.yaml @@ -29,7 +29,7 @@ metadata: name: pvc-{{ include "..fullname" . }}-local spec: volumeMode: Filesystem - volumeName: pv-{{ include "..fullname" . }}-local +# volumeName: pv-{{ include "..fullname" . }}-local accessModes: - ReadWriteOnce resources: From 57f012a639e9b6fc30a7dcb9dea1817e034285a7 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Thu, 29 Jun 2023 22:24:42 +0200 Subject: [PATCH 06/45] Fixed bug --- .gitlab-ci.yml | 2 +- Chart/templates/persistentvolume.yaml | 19 ------------------- Chart/templates/persistentvolumeclaim.yaml | 1 - 3 files changed, 1 insertion(+), 21 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a581a63..1f6a303 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.15" + HELM_CHART_VERSION: "99.6.16" stages: - deploy diff --git a/Chart/templates/persistentvolume.yaml b/Chart/templates/persistentvolume.yaml index 31a0465..b457ce8 100644 --- a/Chart/templates/persistentvolume.yaml +++ b/Chart/templates/persistentvolume.yaml @@ -35,22 +35,3 @@ spec: persistentVolumeReclaimPolicy: Retain storageClassName: {{ .Values.storage.class | default "premium01" }}-retain volumeMode: Filesystem ---- -# apiVersion: v1 -# kind: PersistentVolume -# metadata: -# name: pv-{{ include "..fullname" . }}-local -# labels: -# {{- include "..labels" . | nindent 8 }} -# spec: -# accessModes: -# - ReadWriteOnce -# capacity: -# storage: {{ .Values.site.resources.disk | default "5Gi" }} -# persistentVolumeReclaimPolicy: Retain -# storageClassName: "longhorn" -# volumeMode: Filesystem -# csi: -# driver: driver.longhorn.io -# fsType: ext4 -# volumeHandle: pvc-{{ include "..fullname" . }}-local diff --git a/Chart/templates/persistentvolumeclaim.yaml b/Chart/templates/persistentvolumeclaim.yaml index 152c8fe..f617e57 100644 --- a/Chart/templates/persistentvolumeclaim.yaml +++ b/Chart/templates/persistentvolumeclaim.yaml @@ -29,7 +29,6 @@ metadata: name: pvc-{{ include "..fullname" . }}-local spec: volumeMode: Filesystem -# volumeName: pv-{{ include "..fullname" . }}-local accessModes: - ReadWriteOnce resources: From 04b19920024705a77b49d447f7458c51faeaf1d0 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Thu, 29 Jun 2023 22:28:15 +0200 Subject: [PATCH 07/45] Bugfix --- .gitlab-ci.yml | 2 +- Chart/templates/deployment.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1f6a303..8438334 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.16" + HELM_CHART_VERSION: "99.6.17" stages: - deploy diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index 626ee1a..17076ef 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -43,8 +43,8 @@ spec: allowPrivilegeEscalation: false runAsUser: 0 image: cloudyne/ubuntu-ci:latest - command: ["storage-clone"] - args: ["/full-cloud", "/full-cloud-local"] + command: ["python3"] + args: ["/usr/local/bin/storage-clone", "/full-cloud", "/full-cloud-local"] imagePullPolicy: Always volumeMounts: - name: cloud From d252b09a5d3fdd4ef7acfcd3a63081d69a13e6e6 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Mon, 10 Jul 2023 18:46:33 +0200 Subject: [PATCH 08/45] Added conditional for init container command --- .gitlab-ci.yml | 2 +- Chart/templates/deployment.yaml | 7 +++++++ Chart/values.yaml | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8438334..09a16f8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.17" + HELM_CHART_VERSION: "99.6.18" stages: - deploy diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index 17076ef..8c2354f 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -84,7 +84,14 @@ spec: name: {{ include "..fullname" . }}-db-auth - secretRef: name: global-secrets + {{- if (.Values.site.container_base | default "debian" ) == "debian" }} command: [ "/init-go/init-go" ] + {{- else }} + command: + - /bin/sh + - -c + - /init-go/init-go + {{- end }} containers: - name: wordpress securityContext: diff --git a/Chart/values.yaml b/Chart/values.yaml index edea658..20b4f6e 100644 --- a/Chart/values.yaml +++ b/Chart/values.yaml @@ -63,6 +63,7 @@ storage: # localPath: /app/web/app/uploads site: + # container_base: debian # The name of the repository/composerpackage/dockerimage # Default: domain.replace('.', '-') # name: "customer-tld" From c23ff885f2ef3f39876d2340b15990a67c81e109 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Mon, 10 Jul 2023 18:48:17 +0200 Subject: [PATCH 09/45] == to eq --- .gitlab-ci.yml | 2 +- Chart/templates/deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 09a16f8..fa493ba 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.18" + HELM_CHART_VERSION: "99.6.19" stages: - deploy diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index 8c2354f..aa8ee5a 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -84,7 +84,7 @@ spec: name: {{ include "..fullname" . }}-db-auth - secretRef: name: global-secrets - {{- if (.Values.site.container_base | default "debian" ) == "debian" }} + {{- if eq (.Values.site.container_base | default "debian" ) "debian" }} command: [ "/init-go/init-go" ] {{- else }} command: From fa6f0ff85adb73941d4f1e033f16ff6b3b88dba9 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Mon, 10 Jul 2023 18:56:09 +0200 Subject: [PATCH 10/45] Changed to command + args --- .gitlab-ci.yml | 2 +- Chart/templates/deployment.yaml | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index fa493ba..a6bafb0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.19" + HELM_CHART_VERSION: "99.6.20" stages: - deploy diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index aa8ee5a..06a2da4 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -87,10 +87,8 @@ spec: {{- if eq (.Values.site.container_base | default "debian" ) "debian" }} command: [ "/init-go/init-go" ] {{- else }} - command: - - /bin/sh - - -c - - /init-go/init-go + command: ["sh"] + args: ["-c", "/init-go/init-go"] {{- end }} containers: - name: wordpress From 8cda255fae584ebd14bdeac8db610e409fc4782e Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Mon, 17 Jul 2023 23:33:32 +0200 Subject: [PATCH 11/45] Added choice for SMTP server --- .gitlab-ci.yml | 2 +- Chart/templates/externalsecret.yaml | 12 ++++++++++++ Chart/values.yaml | 2 ++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a6bafb0..71d7cfe 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.20" + HELM_CHART_VERSION: "99.6.21" stages: - deploy diff --git a/Chart/templates/externalsecret.yaml b/Chart/templates/externalsecret.yaml index 6dc53cb..73acfa4 100644 --- a/Chart/templates/externalsecret.yaml +++ b/Chart/templates/externalsecret.yaml @@ -20,6 +20,7 @@ spec: - secretKey: COMPOSER_AUTH remoteRef: key: secret/GITLAB-COMPOSER-AUTH + {{- if eq (.Values.email.smtpServer | default "smtp2go" ) "smtp2go" }} - secretKey: SMTP_USER remoteRef: key: secret/SMTP-USER @@ -29,6 +30,17 @@ spec: - secretKey: SMTP_HOST remoteRef: key: secret/SMTP-HOST + {{- else }} + - secretKey: SMTP_USER + remoteRef: + key: secret/AWS-SMTP-USER + - secretKey: SMTP_PASS + remoteRef: + key: secret/AWS-SMTP-PASSWORD + - secretRef: SMTP_HOST + remoteRef: + key: secret/AWS-SMTP-HOST + {{- end }} - secretKey: WPC_REGISTRATION_SECRET remoteRef: key: secret/WPC-REGISTRATION-SECRET diff --git a/Chart/values.yaml b/Chart/values.yaml index 20b4f6e..0922a0d 100644 --- a/Chart/values.yaml +++ b/Chart/values.yaml @@ -24,6 +24,8 @@ email: # - customer.tld # emails: # - mail@customer.tld + # Set the SMTP server to use for the site + smtpServer: smtp2go # Database configuration database: From a7c67e138c07397a777dd592a0d031e7496302cb Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Mon, 17 Jul 2023 23:45:03 +0200 Subject: [PATCH 12/45] Fixed wrong name for field --- .gitlab-ci.yml | 2 +- Chart/templates/externalsecret.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 71d7cfe..b3d87d3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.21" + HELM_CHART_VERSION: "99.6.22" stages: - deploy diff --git a/Chart/templates/externalsecret.yaml b/Chart/templates/externalsecret.yaml index 73acfa4..a3a8da3 100644 --- a/Chart/templates/externalsecret.yaml +++ b/Chart/templates/externalsecret.yaml @@ -37,7 +37,7 @@ spec: - secretKey: SMTP_PASS remoteRef: key: secret/AWS-SMTP-PASSWORD - - secretRef: SMTP_HOST + - secretKey: SMTP_HOST remoteRef: key: secret/AWS-SMTP-HOST {{- end }} From 8d8630b0c5fb7a8777f7df2b395b4f86a587ae96 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Tue, 18 Jul 2023 23:27:15 +0200 Subject: [PATCH 13/45] Added redirect for login page --- .gitlab-ci.yml | 2 +- Chart/templates/configmap.yaml | 14 +++++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b3d87d3..6c79949 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.22" + HELM_CHART_VERSION: "99.6.23" stages: - deploy diff --git a/Chart/templates/configmap.yaml b/Chart/templates/configmap.yaml index 3b2bc8b..7aab475 100644 --- a/Chart/templates/configmap.yaml +++ b/Chart/templates/configmap.yaml @@ -112,7 +112,19 @@ data: "match": { "uri": [ "/wp-admin", - "/wp-admin/*" + "/wp-admin/*", + ] + } + }, + { + "action": { + "return": 302, + "location": "/wp/wp-login.php" + }, + "match": { + "uri": [ + "/wp-login.php", + "/wp-login.php*" ] } }, From 81a2fb2c7f91ea828ecce7a24622e16a2446af29 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Tue, 18 Jul 2023 23:29:52 +0200 Subject: [PATCH 14/45] Moved 302 section before wildcard section --- .gitlab-ci.yml | 2 +- Chart/templates/configmap.yaml | 46 +++++++++++++++++----------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6c79949..242d0fc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.23" + HELM_CHART_VERSION: "99.6.24" stages: - deploy diff --git a/Chart/templates/configmap.yaml b/Chart/templates/configmap.yaml index 7aab475..4551a3b 100644 --- a/Chart/templates/configmap.yaml +++ b/Chart/templates/configmap.yaml @@ -81,29 +81,6 @@ data: ] } }, - { - "action": { - "return": 404 - }, - "match": { - "uri": [ - "/app/uploads/*.php", - "/app/uploads/*.php/*" - ] - } - }, - { - "action": { - "pass": "applications/php/direct" - }, - "match": { - "uri": [ - "*.php", - "*.php/*", - "/wp/wp-admin/" - ] - } - }, { "action": { "return": 302, @@ -128,6 +105,29 @@ data: ] } }, + { + "action": { + "return": 404 + }, + "match": { + "uri": [ + "/app/uploads/*.php", + "/app/uploads/*.php/*" + ] + } + }, + { + "action": { + "pass": "applications/php/direct" + }, + "match": { + "uri": [ + "*.php", + "*.php/*", + "/wp/wp-admin/" + ] + } + }, {{- if eq .Values.site.enableWebpRoute "true" }} { "match": { From 63f651d622ad3be7b74cdbcfc0691077e2c6d2ef Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Tue, 18 Jul 2023 23:39:38 +0200 Subject: [PATCH 15/45] Add processes to unit --- .gitlab-ci.yml | 2 +- Chart/templates/configmap.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 242d0fc..6043323 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.24" + HELM_CHART_VERSION: "99.6.25" stages: - deploy diff --git a/Chart/templates/configmap.yaml b/Chart/templates/configmap.yaml index 4551a3b..7056cdd 100644 --- a/Chart/templates/configmap.yaml +++ b/Chart/templates/configmap.yaml @@ -163,6 +163,11 @@ data: "applications": { "php": { "type": "php", + "processes": { + "max": 10, + "spare": 1, + "idle_timeout": 20 + }, "options": { "user": { "display_errors": "{{ .Values.site.displayErrors | default "0" }}", From c735392ee5ce0aef081bf90057e78ec0c618b86d Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Tue, 18 Jul 2023 23:51:56 +0200 Subject: [PATCH 16/45] Updated email port for amazon SES --- .gitlab-ci.yml | 2 +- Chart/templates/configmap.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6043323..cf52786 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.25" + HELM_CHART_VERSION: "99.6.26" stages: - deploy diff --git a/Chart/templates/configmap.yaml b/Chart/templates/configmap.yaml index 7056cdd..72049c1 100644 --- a/Chart/templates/configmap.yaml +++ b/Chart/templates/configmap.yaml @@ -5,7 +5,11 @@ metadata: labels: {{- include "..labels" . | nindent 8 }} data: + {{- if eq (.Values.email.smtpServer | default "smtp2go" ) "smtp2go" }} SMTP_PORT: '2525' + {{- else }} + SMTP_PORT: '25' + {{- end }} SMTP_AUTH: 'true' SMTP_FROM: 'customer-noreply@v3.nu' {{- if .Values.email }} From ea197d2006ddb2ef7e3562731e638bae222e9278 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Wed, 19 Jul 2023 00:29:37 +0200 Subject: [PATCH 17/45] Fixed port, added starttls --- .gitlab-ci.yml | 2 +- Chart/templates/configmap.yaml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index cf52786..d6cb173 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.26" + HELM_CHART_VERSION: "99.6.27" stages: - deploy diff --git a/Chart/templates/configmap.yaml b/Chart/templates/configmap.yaml index 72049c1..4b2255c 100644 --- a/Chart/templates/configmap.yaml +++ b/Chart/templates/configmap.yaml @@ -8,7 +8,8 @@ data: {{- if eq (.Values.email.smtpServer | default "smtp2go" ) "smtp2go" }} SMTP_PORT: '2525' {{- else }} - SMTP_PORT: '25' + SMTP_PORT: '587' + SMTP_STARTTLS: 'True' {{- end }} SMTP_AUTH: 'true' SMTP_FROM: 'customer-noreply@v3.nu' From 9abb6ce3cb9864bf4cc34bab6e47295c8ff38d06 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Wed, 19 Jul 2023 09:17:49 +0200 Subject: [PATCH 18/45] Remove autoregister by default --- .gitlab-ci.yml | 2 +- Chart/templates/job.yaml | 4 ++-- Chart/values.yaml | 6 ++---- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d6cb173..3a8f7cd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.27" + HELM_CHART_VERSION: "99.6.28" stages: - deploy diff --git a/Chart/templates/job.yaml b/Chart/templates/job.yaml index db7cb2f..a383ac7 100644 --- a/Chart/templates/job.yaml +++ b/Chart/templates/job.yaml @@ -1,5 +1,4 @@ -{{- if .Values.site.skipWPCRegistration | default false }} -{{- else }} +{{- if .Values.site.autoRegisterEnabled | default false }} apiVersion: batch/v1 kind: Job metadata: @@ -21,4 +20,5 @@ spec: imagePullSecrets: - name: pull-secret backoffLimit: 4 +{{- else }} {{- end }} \ No newline at end of file diff --git a/Chart/values.yaml b/Chart/values.yaml index 0922a0d..ad6cfc4 100644 --- a/Chart/values.yaml +++ b/Chart/values.yaml @@ -51,10 +51,6 @@ storage: # Default: - # container: "company-tld" - # Skip WPC Auto-registration - # Default: false - # skipWPCRegistration: false - # WP Content Folders wpContent: - uploads @@ -131,6 +127,8 @@ site: # Display Errors displayErrors: "0" + # Auto Registration + autoRegisterEnabled: "false" # advanced: # php: # displayErrors: "0" From 10c0b703591a78b2466c001cebfa9d4d891811c7 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Tue, 5 Sep 2023 17:27:11 +0200 Subject: [PATCH 19/45] Deactivated WPCReg Job --- .gitlab-ci.yml | 2 +- Chart/Chart.yaml | 2 +- Chart/{templates => templates-disabled}/job.yaml | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename Chart/{templates => templates-disabled}/job.yaml (100%) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3a8f7cd..6c7ea28 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.28" + HELM_CHART_VERSION: "99.6.29" stages: - deploy diff --git a/Chart/Chart.yaml b/Chart/Chart.yaml index f336cf3..c082d4a 100644 --- a/Chart/Chart.yaml +++ b/Chart/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: wordyne description: Helm chart for deploying pre-built website containers to kubernetes clusters type: application -version: "0.6.9" +version: "99.6.29" appVersion: "6.2.2" diff --git a/Chart/templates/job.yaml b/Chart/templates-disabled/job.yaml similarity index 100% rename from Chart/templates/job.yaml rename to Chart/templates-disabled/job.yaml From 2604afabb579985c9fba0ff222d8efcf473708fe Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Fri, 8 Sep 2023 09:34:28 +0200 Subject: [PATCH 20/45] Added /var/cloud as default mount --- .gitlab-ci.yml | 2 +- Chart/templates/deployment.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6c7ea28..a0500cd 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.29" + HELM_CHART_VERSION: "99.6.30" stages: - deploy diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index 06a2da4..e57c998 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -100,6 +100,8 @@ spec: - name: serverconfig mountPath: /docker-entrypoint.d/unit.json subPath: unit.json + - name: cloud + mountPath: /var/cloud {{- if .Values.storage.wpContent }} {{- range $v := .Values.storage.wpContent }} - name: cloud-local From 0c992a6d4632af54687e3ec96eec2174b0655cec Mon Sep 17 00:00:00 2001 From: Lars Date: Tue, 12 Sep 2023 15:45:08 +0200 Subject: [PATCH 21/45] Release version 1.0.0 --- .gitignore | 3 +- .gitlab-ci.yml | 2 +- Chart/templates/_helpers.tpl | 17 +- Chart/templates/certificate.yaml | 11 +- Chart/templates/configmap.yaml | 129 +++++++----- Chart/templates/database.yaml | 2 +- Chart/templates/deployment.yaml | 173 ++++++++++------ Chart/templates/externalsecret.yaml | 80 ++------ Chart/templates/ingress.yaml | 74 +------ Chart/templates/persistentvolume.yaml | 68 +++--- Chart/templates/persistentvolumeclaim.yaml | 55 +++-- Chart/templates/secret.yaml | 17 ++ Chart/templates/service.yaml | 4 +- Chart/values.yaml | 228 +++++++++++---------- 14 files changed, 445 insertions(+), 418 deletions(-) create mode 100644 Chart/templates/secret.yaml diff --git a/.gitignore b/.gitignore index ded49e4..dceaf33 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ example.yaml -example*.yaml \ No newline at end of file +example*.yaml +example*.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a0500cd..a0e0433 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "99.6.30" + HELM_CHART_VERSION: "1.0.0" stages: - deploy diff --git a/Chart/templates/_helpers.tpl b/Chart/templates/_helpers.tpl index 9a76373..a000fd3 100644 --- a/Chart/templates/_helpers.tpl +++ b/Chart/templates/_helpers.tpl @@ -3,13 +3,17 @@ Define the application name and fullname */}} {{- define "..name" -}} -{{- .Values.site.domain | trunc 63 | replace "." "-" | trimSuffix "-" }} +{{- .Values.site.name | trunc 63 }} {{- end }} {{- define "..fullname" -}} {{ include "..name" . }} {{- end }} +{{- define "..domains" }} +{{- if .Values.site.additionalDomains }}{{ .Values.site.additionalDomains | toYaml }}{{- end }} +- {{ .Values.site.domain | replace "www." "" }} +{{- end }} {{- define "..resourcelimits" -}} resources: @@ -38,7 +42,12 @@ app.kubernetes.io/name: {{ include "..name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/managed-by: {{ .Release.Service }} -cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | trunc 63 | trimSuffix "-" }} -cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }} -cloudyne.systems/site: {{ .Values.site.domain }} +cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | replace "," "" | trunc 63 | trimSuffix "-" | quote }} +cloudyne.systems/customer-legal-id: '{{ .Values.customer.legalId }}' +cloudyne.systems/site: {{ .Values.site.domain | quote }} +{{- end }} +{{- define "..selector-labels" -}} +cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | replace "," "" | trunc 63 | trimSuffix "-" | quote }} +cloudyne.systems/customer-legal-id: '{{ .Values.customer.legalId }}' +cloudyne.systems/site: {{ .Values.site.domain | quote }} {{- end }} diff --git a/Chart/templates/certificate.yaml b/Chart/templates/certificate.yaml index cc87c76..e404c6f 100644 --- a/Chart/templates/certificate.yaml +++ b/Chart/templates/certificate.yaml @@ -10,13 +10,4 @@ spec: kind: ClusterIssuer secretName: {{ include "..fullname" . }}-cert-secret commonName: {{ .Values.site.url }} - dnsNames: - - {{ .Values.site.domain | replace "www." "" }} - - www.{{ .Values.site.domain | replace "www." "" }} - - {{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - - www.{{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net -{{- if .Values.site.additionalIngressDomains }} - {{- range .Values.site.additionalIngressDomains }} - - {{ . }} - {{- end }} -{{- end }} + dnsNames: {{ include "..domains" . | nindent 8 }} \ No newline at end of file diff --git a/Chart/templates/configmap.yaml b/Chart/templates/configmap.yaml index 4b2255c..6014b60 100644 --- a/Chart/templates/configmap.yaml +++ b/Chart/templates/configmap.yaml @@ -5,35 +5,46 @@ metadata: labels: {{- include "..labels" . | nindent 8 }} data: - {{- if eq (.Values.email.smtpServer | default "smtp2go" ) "smtp2go" }} - SMTP_PORT: '2525' - {{- else }} - SMTP_PORT: '587' +{{- if .Values.email.smtpHost }} + SMTP_HOST: {{ .Values.email.smtpHost }} +{{- end }} +{{- if .Values.email.smtpPort }} + SMTP_PORT: {{ .Values.email.smtpPort | quote }} +{{- end }} +{{- if .Values.email.smtpAuth }} + SMTP_AUTH: 'True' + {{- if .Values.email.smtpUser }} + SMTP_USER: {{ .Values.email.smtpUser }} + {{- end }} + {{- if .Values.email.smtpPassword }} + SMTP_PASSWORD: {{ .Values.email.smtpPassword }} + {{- end }} +{{- end }} +{{- if .Values.email.smtpStarttls }} SMTP_STARTTLS: 'True' - {{- end }} - SMTP_AUTH: 'true' - SMTP_FROM: 'customer-noreply@v3.nu' - {{- if .Values.email }} - {{- if .Values.email.forceFromEmail }} - SMTP_FORCE_FROM: {{ .Values.email.forceFromEmail }} - {{- end }} - {{- if .Values.email.domains }} +{{- end }} +{{- if .Values.email.defaultSender }} + SMTP_FROM: {{ .Values.email.defaultSender }} +{{- end }} +{{- if .Values.email.defaultSenderName }} + SMTP_FROM_NAME: {{ .Values.email.defaultSenderName }} +{{- end }} +{{- if .Values.email.forceSender }} + SMTP_FORCE_FROM: {{ .Values.email.forceSender }} +{{- end }} +{{- if .Values.email.domains }} SMTP_ALLOWONLY_DOMAINS: {{ .Values.email.domains | join "," }} - {{- end }} - {{- if .Values.email.allowedEmails }} +{{- end }} +{{- if .Values.email.allowedEmails }} SMTP_ALLOWONLY_EMAILS: {{ .Values.email.allowedEmails | join "," }} - {{- end }} - {{- else }} - SMTP_FORCE_FROM: "customer-noreply@v3.nu" - SMTP_FROM_NAME: "V3 Customer Mailer" - {{- end }} - WP_ENV: "{{ .Values.site.environment | default "production" }}" - WP_HOME: "https://{{ ( .Values.site.redirectDomain | default ( .Values.site.domain )) | replace "https://" "" | replace "http://" "" }}" - {{- if .Values.site.additionalEnv }} - {{- range $k, $v := .Values.site.additionalEnv }} +{{- end }} + WP_HOME: "https://{{ .Values.site.domain | replace "http://" "" | replace "https://" "" }}" + +{{- if .Values.site.additionalEnv }} + {{- range $k, $v := .Values.site.additionalEnv }} {{ $k }}: {{ $v }} - {{- end }} - {{- end }} + {{- end }} +{{- end }} --- kind: ConfigMap apiVersion: v1 @@ -49,13 +60,17 @@ data: "webserverGroup": "unit", "applicationDir": "/app", "permissions": "0770", - "updatePermissions": true, - "importDatabase": {{ .Values.database.import | default false }}, - "databasePath": "{{ .Values.database.importPath | default "" }}", - "overwriteDatabase": {{ .Values.database.overwrite | default false }}, + "updatePermissions": {{ .Values.init.wp.updatePermissions | default false }}, + "importDatabase": {{ .Values.init.db.active | default false }}, + "databasePath": "{{ .Values.init.db.path | default "" }}", + "databaseUrl": "{{ .Values.init.db.url | default "" }}", + "importContent": {{ .Values.init.content.active | default false }}, + "contentPath": "{{ .Values.init.content.path | default "" }}", + "contentUrl": "{{ .Values.init.content.url | default "" }}", + "overwriteDatabase": {{ .Values.init.db.overwrite | default false }}, "generateSalts": true, - "activateTheme": "{{ .Values.site.theme | default .Values.site.name }}", - "convertUploadsToWebp": {{ .Values.site.enableWebpConversion | default false }}, + "activateTheme": "{{ .Values.init.wp.theme | default .Values.site.name }}", + "convertUploadsToWebp": {{ .Values.init.content.webpConverter | default false }}, "convertMissingOnly": true } @@ -133,7 +148,7 @@ data: ] } }, - {{- if eq .Values.site.enableWebpRoute "true" }} + {{- if (.Values.site.webpRoute | default "true") }} { "match": { "uri": [ @@ -175,25 +190,30 @@ data: }, "options": { "user": { - "display_errors": "{{ .Values.site.displayErrors | default "0" }}", - "log_errors": "{{ .Values.site.logErrors | default "1" }}" + {{- if and .Values.php .Values.php.additionalValues }} + {{- range $k, $v := .Values.php.additionalValues }} + "{{ $k }}": "{{ $v }}", + {{- end }} + {{- end }} + "display_errors": "{{ .Values.php.displayErrors | default "Off" }}", + "log_errors": "{{ .Values.php.logErrors | default "On" }}" }, "admin": { "expose_php": "Off", "short_open_tag": "Off", "disable_functions": "exec,passthru,shell_exec,system,proc_open,popen,show_source", - "log_errors": "On", - {{- if and .Values.advanced .Values.advanced.php .Values.advanced.php.additionalAdminValues }} - {{- range $k, $v := .Values.advanced.php.additionalAdminValues }} - "{{ $k }}": "{{ $v }}", - {{- end }} - {{- else }} - "memory_limit": "{{ .Values.site.resources.php.memory | default "512M" }}", - "upload_max_filesize": "{{ .Values.site.resources.php.upload | default "512M" }}", - "post_max_size": "{{ .Values.site.resources.php.post | default "512M" }}", - "max_execution_time": "{{ .Values.site.resources.php.executionTime | default "300" }}", - "max_input_time": "{{ .Values.site.resources.php.inputTime | default "300" }}", - {{- end }} + "log_errors": "{{ .Values.php.logErrors | default "On" }}", + {{- if and .Values.php .Values.php.additionalAdminValues }} + {{- range $k, $v := .Values.php.additionalAdminValues }} + "{{ $k }}": "{{ $v }}", + {{- end }} + {{- else }} + "memory_limit": "{{ .Values.site.resources.php.memory | default "512M" }}", + "upload_max_filesize": "{{ .Values.site.resources.php.upload | default "512M" }}", + "post_max_size": "{{ .Values.site.resources.php.post | default "512M" }}", + "max_execution_time": "{{ .Values.site.resources.php.executionTime | default "300" }}", + "max_input_time": "{{ .Values.site.resources.php.inputTime | default "300" }}", + {{- end }} "date.timezone": "{{ .Values.customer.timezone | default "Europe/Stockholm" }}" } }, @@ -209,3 +229,20 @@ data: } } } +{{- if .Values.storage.configMap }} + {{- range .Values.storage.configMap }} + {{- if eq .type "configmap" }} +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "..fullname" $ }}-cm-{{ .name }} + labels: + {{- include "..labels" $ | nindent 8 }} +data: + {{- range $k, $v := .files }} + {{ $v.name }}: {{ $v.content | toYaml | indent 4}} + {{- end }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/Chart/templates/database.yaml b/Chart/templates/database.yaml index eca8fb5..7a6facf 100644 --- a/Chart/templates/database.yaml +++ b/Chart/templates/database.yaml @@ -6,7 +6,7 @@ metadata: {{- include "..labels" . | nindent 8 }} spec: secretName: {{ include "..fullname" . }}-db-auth - instance: {{ .Values.database.server | default "kincaid" }} + instance: {{ .Values.site.dbInstance | default "kincaid" }} deletionProtected: yes backup: enable: No diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index e57c998..e298c02 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -13,119 +13,170 @@ spec: {{- end }} selector: matchLabels: - cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | lower | trunc 63 }} - cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }} - cloudyne.systems/site: {{ .Values.site.domain }} + {{- include "..selector-labels" . | nindent 6 }} template: metadata: labels: - cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | lower | trunc 63 }} - cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }} - cloudyne.systems/site: {{ .Values.site.domain }} + {{- include "..selector-labels" . | nindent 8 }} spec: securityContext: fsGroup: 101 volumes: - - name: cloud - persistentVolumeClaim: - claimName: pvc-{{ include "..fullname" . }} - - name: cloud-local - persistentVolumeClaim: - claimName: pvc-{{ include "..fullname" . }}-local - name: serverconfig configMap: name: {{ include "..fullname" . }}-cfg + {{- if and .Values.secrets .Values.secrets.external }} + {{- range .Values.secrets.external }} + {{- if eq .type "file" }} + - name: {{ .name }} + secret: + secretName: {{- include "..fullname" $ }}-exts-{{ .name }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.storage.kubernetes }} + {{- range .Values.storage.kubernetes }} + - name: {{ .name }} + {{- if eq .type "secret" }} + secret: + secretName: "{{- include "..fullname" $ }}-sec-{{ .name }}" + {{- end }} + {{- if eq .type "configmap" }} + configMap: + name: "{{- include "..fullname" $ }}-sec-{{ .name }}" + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.storage.cloud.active }} + - name: cloud + persistentVolumeClaim: + claimName: pvc-{{- include "..name" . }}-cloud + {{- end }} + {{- if .Values.storage.local.active }} + - name: local + persistentVolumeClaim: + claimName: pvc-{{- include "..name" . }}-local + {{- end }} + {{- if and .Values.secrets .Values.secrets.external }} + {{- range .Values.secrets.external }} + {{- if eq .type "docker" }} imagePullSecrets: - - name: pull-secret + - name: "{{- include "..fullname" $ }}-exts-{{ .name }}" + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.storage.kubernetes }} + {{- range .Values.storage.kubernetes }} + {{- if eq .type "docker" }} + imagePullSecrets: + - name: "{{- include "..fullname" $ }}-sec-{{ .name }}" + {{- end }} + {{- end }} + {{- end }} initContainers: - - name: init-storage + {{- if and .Values.storage.cloud.active .Values.storage.local.active }} + - name: init-local-storage securityContext: allowPrivilegeEscalation: false runAsUser: 0 image: cloudyne/ubuntu-ci:latest command: ["python3"] - args: ["/usr/local/bin/storage-clone", "/full-cloud", "/full-cloud-local"] + args: ["/usr/local/bin/storage-clone", "/mnt/cloud", "/mnt/local"] imagePullPolicy: Always volumeMounts: - name: cloud - mountPath: /full-cloud - - name: cloud-local - mountPath: /full-cloud-local - - name: deploy + mountPath: /mnt/cloud + - name: local + mountPath: /mnt/local + {{- end }} + - name: init-site securityContext: allowPrivilegeEscalation: false runAsUser: 0 - image: "cloudyne.azurecr.io/buildahome/{{ .Values.site.name | default ( .Values.site.domain | replace "." "-" ) }}:{{ .Values.site.imageTag | default "latest" }}" + image: "{{ .Values.site.image }}" imagePullPolicy: Always volumeMounts: - - name: cloud - mountPath: /full-cloud - name: serverconfig mountPath: /init-go/config.json subPath: init.json - {{- if .Values.storage.wpContent }} - {{- range $v := .Values.storage.wpContent }} - - name: cloud-local - mountPath: "/app/web/app/{{ $v }}" - subPath: "{{ $v }}" + {{- if .Values.storage.local.active }} + {{- range .Values.storage.folders }} + - name: local + mountPath: "/app/web/app/{{ . }}" + subPath: "{{ . }}" {{- end }} - {{- end }} - {{- if .Values.storage.additionalMounts }} - {{- range $v := .Values.storage.additionalMounts }} - - name: cloud-local - mountPath: {{ $v.localPath }} - subPath: {{ $v.cloudPath }} + {{- if .Values.storage.cloud.active }} + - name: cloud + mountPath: "/mnt/cloud" + {{- end }} + {{- else }} + {{- if .Values.storage.cloud.active }} + {{- range .Values.storage.folders }} + - name: cloud + mountPath: "/app/web/app/{{ . }}" + subPath: "{{ . }}" + {{- end }} + {{- end }} {{- end }} - {{- end }} envFrom: - configMapRef: name: {{ include "..fullname" . }}-env + {{- if and .Values.secrets .Values.secrets.external }} + {{- range .Values.secrets.external }} + {{- if eq .type "env" }} + - secretRef: + name: "{{- include "..fullname" $ }}-exts-{{ .name }}" + {{- end }} + {{- end }} + {{- end }} - secretRef: name: {{ include "..fullname" . }}-db-auth - - secretRef: - name: global-secrets - {{- if eq (.Values.site.container_base | default "debian" ) "debian" }} - command: [ "/init-go/init-go" ] - {{- else }} command: ["sh"] args: ["-c", "/init-go/init-go"] - {{- end }} containers: - name: wordpress securityContext: runAsUser: 101 - image: "cloudyne.azurecr.io/buildahome/{{ .Values.site.name | default ( .Values.site.domain | replace "." "-" ) }}:{{ .Values.site.imageTag | default "latest" }}" + image: "{{ .Values.site.image }}" imagePullPolicy: Always volumeMounts: - name: serverconfig - mountPath: /docker-entrypoint.d/unit.json - subPath: unit.json + mountPath: /init-go/config.json + subPath: init.json + {{- if .Values.storage.local.active }} + {{- range .Values.storage.folders }} + - name: local + mountPath: "/app/web/app/{{ . }}" + subPath: "{{ . }}" + {{- end }} + {{- if .Values.storage.cloud.active }} - name: cloud - mountPath: /var/cloud - {{- if .Values.storage.wpContent }} - {{- range $v := .Values.storage.wpContent }} - - name: cloud-local - mountPath: "/app/web/app/{{ $v }}" - subPath: "{{ $v }}" + mountPath: "/mnt/cloud" {{- end }} - {{- end }} - {{- if .Values.storage.additionalMounts }} - {{- range $v := .Values.storage.additionalMounts }} - - name: cloud-local - mountPath: {{ $v.localPath }} - subPath: {{ $v.cloudPath }} + {{- else }} + {{- if .Values.storage.cloud.active }} + {{- range .Values.storage.folders }} + - name: cloud + mountPath: "/app/web/app/{{ . }}" + subPath: "{{ . }}" + {{- end }} + {{- end }} {{- end }} - {{- end }} + {{- include "..resourcelimits" . | nindent 10 }} envFrom: - configMapRef: name: {{ include "..fullname" . }}-env + {{- if and .Values.secrets .Values.secrets.external }} + {{- range .Values.secrets.external }} + {{- if eq .type "env" }} + - secretRef: + name: "{{- include "..fullname" $ }}-exts-{{ .name }}" + {{- end }} + {{- end }} + {{- end }} - secretRef: name: {{ include "..fullname" . }}-db-auth - - secretRef: - name: global-secrets - {{- include "..resourcelimits" . | nindent 10 }} ports: - containerPort: 8080 name: http - protocol: TCP - + protocol: TCP \ No newline at end of file diff --git a/Chart/templates/externalsecret.yaml b/Chart/templates/externalsecret.yaml index a3a8da3..04b8c76 100644 --- a/Chart/templates/externalsecret.yaml +++ b/Chart/templates/externalsecret.yaml @@ -1,72 +1,34 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: {{ include "..fullname" . }}-ex-gl-secret - labels: - {{- include "..labels" . | nindent 8 }} -spec: - refreshInterval: 4h - secretStoreRef: - kind: ClusterSecretStore - name: az-cluster-store - target: - name: global-secrets - creationPolicy: Orphan - template: - metadata: - labels: - app.kubernetes.io/managed-by: External-Secrets - data: - - secretKey: COMPOSER_AUTH - remoteRef: - key: secret/GITLAB-COMPOSER-AUTH - {{- if eq (.Values.email.smtpServer | default "smtp2go" ) "smtp2go" }} - - secretKey: SMTP_USER - remoteRef: - key: secret/SMTP-USER - - secretKey: SMTP_PASS - remoteRef: - key: secret/SMTP-PASSWORD - - secretKey: SMTP_HOST - remoteRef: - key: secret/SMTP-HOST - {{- else }} - - secretKey: SMTP_USER - remoteRef: - key: secret/AWS-SMTP-USER - - secretKey: SMTP_PASS - remoteRef: - key: secret/AWS-SMTP-PASSWORD - - secretKey: SMTP_HOST - remoteRef: - key: secret/AWS-SMTP-HOST - {{- end }} - - secretKey: WPC_REGISTRATION_SECRET - remoteRef: - key: secret/WPC-REGISTRATION-SECRET +{{- if and .Values.secrets .Values.secrets.external }} + {{- range .Values.secrets.external }} --- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: {{ include "..fullname" . }}-ex-pull-secret + name: {{ include "..fullname" $ }}-ext-{{ .name }} labels: - {{- include "..labels" . | nindent 8 }} + {{- include "..labels" $ | nindent 8 }} spec: - refreshInterval: 4h + refreshInterval: {{ .refreshInterval | default "10h" }} secretStoreRef: + {{- if .ref.clusterSecretStore }} kind: ClusterSecretStore - name: az-cluster-store + name: {{ .ref.clusterSecretStore }} + {{- else }} + kind: SecretStore + name: {{ .ref.secretStore }} + namespace: {{ .ref.secretStoreNamespace }} + {{- end }} target: - name: pull-secret + name: {{ include "..fullname" $ }}-exts-{{ .name }} template: metadata: labels: app.kubernetes.io/managed-by: External-Secrets - type: kubernetes.io/dockerconfigjson - data: - .dockerconfigjson: "{{`{{ .dockerconfig | toString }}`}}" - creationPolicy: Orphan - data: - - secretKey: dockerconfig - remoteRef: - key: secret/CLDY-CR-PULL-TOKEN + data: + {{- range $v := .items }} + - secretKey: {{ $v.target }} + remoteRef: + key: {{ $v.source }} + {{- end }} + {{- end }} +{{- end }} diff --git a/Chart/templates/ingress.yaml b/Chart/templates/ingress.yaml index c45e744..7e4d800 100644 --- a/Chart/templates/ingress.yaml +++ b/Chart/templates/ingress.yaml @@ -11,70 +11,18 @@ spec: ingressClassName: nginx tls: - secretName: {{ include "..fullname" . }}-cert-secret - hosts: - - {{ .Values.site.domain | replace "www." "" }} - - www.{{ .Values.site.domain | replace "www." "" }} - - {{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - - www.{{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net -{{- if .Values.site.additionalIngressDomains }} - {{- range .Values.site.additionalIngressDomains }} - - {{ . }} - {{- end }} -{{- end }} - + hosts: {{ include "..domains" . | nindent 8 }} + rules: - - host: {{ .Values.site.domain | replace "www." "" }} + {{- range include "..domains" . | split "\n" }} + - host: {{ . | replace "- " ""}} http: paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "..fullname" . }} - port: - number: 80 - - host: www.{{ .Values.site.domain | replace "www." "" }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "..fullname" . }} - port: - number: 80 - - host: {{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "..fullname" . }} - port: - number: 80 - - - host: www.{{ .Values.site.domain | replace "www." "" | replace "." "-" }}.eu.cust.azurecd.net - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "..fullname" . }} - port: - number: 80 - {{- if .Values.site.additionalIngressDomains }} - {{- range .Values.site.additionalIngressDomains }} - - host: {{ . }} - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: {{ include "..fullname" $ }} - port: - number: 80 - {{- end }} + - path: / + pathType: Prefix + backend: + service: + name: {{ include "..fullname" $ }} + port: + number: 80 {{- end }} \ No newline at end of file diff --git a/Chart/templates/persistentvolume.yaml b/Chart/templates/persistentvolume.yaml index b457ce8..8d93727 100644 --- a/Chart/templates/persistentvolume.yaml +++ b/Chart/templates/persistentvolume.yaml @@ -1,37 +1,39 @@ +{{ if .Values.storage.cloud.active }} apiVersion: v1 kind: PersistentVolume metadata: - name: pv-{{ include "..fullname" . }} - labels: - {{- include "..labels" . | nindent 8 }} + name: pv-{{ include "..name" . }}-cloud + labels: + {{- include "..labels" . | nindent 4 }} spec: - accessModes: - - ReadWriteOnce - capacity: - storage: {{ .Values.site.resources.disk | default "5Gi" }} - csi: - driver: blob.csi.azure.com - nodeStageSecretRef: - name: cloudyne{{ .Values.storage.class | default "premium01" }}-credentials - namespace: blob-csi - volumeAttributes: - containername: {{ .Values.storage.container | default ( .Values.site.domain | replace "." "-") }} - csi.storage.k8s.io/pv/name: pv-{{ include "..fullname" . }} - csi.storage.k8s.io/pvc/namespace: {{ include "..fullname" . }} - secretnamespace: {{ include "..fullname" . }} - skuName: {{ .Values.storage.type | default "Premium_LRS" }} - volumeHandle: {{ .Values.storage.class | default "premium01" }}-retain_{{ include "..fullname" . }} - mountOptions: - - -o allow_other - - --file-cache-timeout-in-seconds=120 - - --use-attr-cache=true - - --cancel-list-on-mount-seconds=10 - - -o attr_timeout=120 - - -o entry_timeout=120 - - -o negative_timeout=120 - - --log-level=LOG_WARNING - - --cache-size-mb=3500 - - -o uid=101 - persistentVolumeReclaimPolicy: Retain - storageClassName: {{ .Values.storage.class | default "premium01" }}-retain - volumeMode: Filesystem + accessModes: + - ReadWriteOnce + capacity: + storage: {{ .Values.site.resources.disk }} + csi: + driver: {{ .Values.storage.cloud.driver | default "blob.csi.azure.com" }} + nodeStageSecretRef: + name: {{ .Values.storage.cloud.account }}-credentials + namespace: blob-csi + volumeAttributes: + containername: {{ .Values.storage.cloud.container }} + csi.storage.k8s.io/pv/name: pv-{{ include "..name" . }}-cloud + csi.storage.k8s.io/pvc/namespace: {{ .Release.Namespace }} + secretnamespace: {{ .Release.Namespace }} + skuName: {{ .Values.storage.cloud.sku | default "Premium_LRS" }} + volumeHandle: {{ .Values.storage.cloud.class }}_{{ include "..fullname" . }} + mountOptions: + - -o allow_other + - --file-cache-timeout-in-seconds=120 + - --use-attr-cache=true + - --cancel-list-on-mount-seconds=10 + - -o attr_timeout=120 + - -o entry_timeout=120 + - -o negative_timeout=120 + - --log-level=LOG_WARNING + - --cache-size-mb=3500 + - -o uid=101 + persistentVolumeReclaimPolicy: Retain + storageClassName: {{ .Values.storage.cloud.class }} + volumeMode: Filesystem +{{- end }} diff --git a/Chart/templates/persistentvolumeclaim.yaml b/Chart/templates/persistentvolumeclaim.yaml index f617e57..2c05168 100644 --- a/Chart/templates/persistentvolumeclaim.yaml +++ b/Chart/templates/persistentvolumeclaim.yaml @@ -1,37 +1,36 @@ ---- +{{- if .Values.storage.cloud.active }} apiVersion: v1 kind: PersistentVolumeClaim metadata: - annotations: - volume.beta.kubernetes.io/storage-provisioner: blob.csi.azure.com - volume.kubernetes.io/storage-provisioner: blob.csi.azure.com - labels: - {{- include "..labels" . | nindent 8 }} - name: pvc-{{ include "..fullname" . }} + name: pvc-{{ include "..name" . }}-cloud + labels: + {{- include "..labels" . | nindent 4 }} + annotations: + volume.beta.kubernetes.io/storage-class: {{ .Values.storage.cloud.driver }} + volume.kubernetes.io/storage-class: {{ .Values.storage.cloud.driver }} spec: - volumeMode: Filesystem - volumeName: pv-{{ include "..fullname" . }} - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.site.resources.disk | default "5Gi" }} - -{{- if and .Values.storage .Values.storage.class }} - storageClassName: {{ .Values.storage.class | default "premium01" }}-retain + volumeMode: Filesystem + volumeName: pv-{{ include "..name" . }}-cloud + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.site.resources.disk }} + storageClassName: {{ .Values.storage.cloud.class }} {{- end }} ---- +{{- if .Values.storage.local.active }} apiVersion: v1 kind: PersistentVolumeClaim metadata: - labels: - {{- include "..labels" . | nindent 8 }} - name: pvc-{{ include "..fullname" . }}-local + name: pvc-{{ include "..name" . }}-local + labels: + {{- include "..labels" . | nindent 4 }} spec: - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.site.resources.disk | default "5Gi" }} - storageClassName: "longhorn" \ No newline at end of file + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.site.resources.disk }} + storageClassName: {{ .Values.storage.local.class }} +{{- end }} \ No newline at end of file diff --git a/Chart/templates/secret.yaml b/Chart/templates/secret.yaml new file mode 100644 index 0000000..bf48703 --- /dev/null +++ b/Chart/templates/secret.yaml @@ -0,0 +1,17 @@ +{{- if .Values.storage.kubernetes }} + {{- range .Values.storage.kubernetes }} + {{- if eq .type "secret" }} +--- +kind: Secret +apiVersion: v1 +metadata: + name: {{ include "..fullname" $ }}-sec-{{ .name }} + labels: + {{- include "..labels" $ | nindent 8 }} +stringData: + {{- range $k, $v := .files }} + {{ $v.name }}: {{ $v.content | toYaml | indent 4}} + {{- end }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/Chart/templates/service.yaml b/Chart/templates/service.yaml index ecc4fa4..6b6191c 100644 --- a/Chart/templates/service.yaml +++ b/Chart/templates/service.yaml @@ -10,7 +10,5 @@ spec: port: 80 targetPort: 8080 selector: - cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | lower | trunc 63 }} - cloudyne.systems/customer-legal-id: {{ .Values.customer.legalId }} - cloudyne.systems/site: {{ .Values.site.domain }} + {{- include "..selector-labels" . | nindent 4 }} type: ClusterIP diff --git a/Chart/values.yaml b/Chart/values.yaml index ad6cfc4..4c59eea 100644 --- a/Chart/values.yaml +++ b/Chart/values.yaml @@ -1,110 +1,30 @@ customer: - # The (dns-compliant) customer name (Required) - # name: dns-compliant-customer-name + # The customer name (DNS-Compliant) + name: customerdomain-tld - # The legal name of the customer (Required) - # legalName: Customer Name Ltd + # The customer legal name + legalName: Customer Name Ltd. - # The legal ID of the customer (Required) - # legalId: 112233-4455 + # The customer legal ID + legalId: 112233-4455 - # The timezone for the customer + # The customer timezone timezone: "Europe/Stockholm" -email: - # Force a given sender email - # forceSender: "example@email.com" - - # Set a default sender/display name - # defaultSender: "customer-noreply@v3.nu" - # defaultSenderName: "Customer Name" - - # Specify allowed domains/emails to use as senders - # domains: - # - customer.tld - # emails: - # - mail@customer.tld - # Set the SMTP server to use for the site - smtpServer: smtp2go - -# Database configuration -database: - # Database server to use - server: kincaid - - # Import database from file if not already imported - import: false - importPath: "/full-cloud/import.sql" - overwriteExisting: false - -# Storage Settings -storage: - # The storage class used for the cloud part of the storage - # Default: premium01 - class: "premium01" - - # The storage type to use for the site - # Default: Premium_LRS - type: "Premium_LRS" - - # The storage container to use for the site (REQUIRED) - # Default: - - # container: "company-tld" - - # WP Content Folders - wpContent: - - uploads - - languages - - additionalMounts: {} - # - cloudPath: uploads - # localPath: /app/web/app/uploads - site: - # container_base: debian - # The name of the repository/composerpackage/dockerimage - # Default: domain.replace('.', '-') - # name: "customer-tld" + name: "customerdomain-tld" + domain: &mainDomain "customerdomain.tld" + additionalDomains: + - www.*mainDomain - # Tag of the container to deploy - # imageTag: "latest" - - # The primary domain/TLD where the site will be available - # domain: customer.tld + image: "ghcr.io/cloudynes/php-bedrock:8.0-alpine" - # The main url (subdomain) for the site - # Only needed if it differs from the domain - # ex. - # redirectDomain: tempdomain.customer.tld + env: + WP_ENV: "production" + + webpRoute: true + dbInstance: "" - # Additional ingress domains that should all - # point to the same site - # Defaults are: - # - . - # - www.. - # - -.eu.cust.azurecd.net - # - www--.eu.cust.azurecd.net - additionalIngressDomains: [] - - # PHP Version - phpVersion: "8.0" - - # Set environment (production/test/staging) - # Default: production - environment: production - - # Additional env vars - # additionalEnv: - # MY_ENV_VAR: "value" - additionalEnv: {} - - # Enable the route for trying .webp files before images - enableWebpRoute: "true" - - # Enable the automatic conversion of WebP images - enableWebpConversion: "true" - - # The resource limits for the site resources: replicas: 1 php: @@ -120,18 +40,110 @@ site: avg: 256Mi peak: 512Mi disk: 5Gi + +secrets: + external: [] + # - name: "ex-gl-secret" + # type: "env" + # ref: + # secretStore: "" + # clusterSecretStore: "az-cluster-store" + # target: "global-secrets" + # items: + # - source: secret/SMTP-USER + # target: SMTP_USER + # - source: secret/SMTP-PASSWORD + # target: SMTP_PASS + # - source: secret/SMTP-HOST + # target: SMTP_HOST + # - name: "ex-pull-secret" + # type: "docker" + # ref: + # secretStore: "" + # secretStoreNamespace: "" + # clusterSecretStore: "az-cluster-store" + # target: "pull-secret" + # items: + # - source: secret/PULL-TOKEN + # target: dockerconfig + + +storage: + kubernetes: + - name: "pull-secret" + type: "secret" + files: + - name: .dockerconfigjson + content: | + {"auths":{"ghcr.io":{"username":"ghcr.io","password":"ghcr.io","auth":"ghcr.io"}}} + # - name: "secret01" + # type: "secret" + # files: + # - name: x + # mount: /x.txt + # content: | + # Hello World + # - name: "config01" + # type: configmap + # files: + # - name: x + # mount: /x.txt + # content: | + # test: + # data: + # - x + # - y + # - z + cloud: + active: false + driver: "blob.csi.azure.com" + account: "azstorage11" + sku: "Premium_LRS" + class: "azstorage11class-retain" + container: "customerdomain-tld" + + local: + active: true + class: "longhorn" + + folders: + - uploads + - languages - # Log Errors - logErrors: "1" +init: + wp: + theme: "abctheme" + updatePermissions: true + db: + active: false + overwrite: false + # path: "/full-cloud/init.sql" + # url: "https://url.to/init.sql" + content: + active: false + overwrite: false + webpConverter: false + # path: "/full-cloud/content.zip" + # url: "https://url.to/content.zip" - # Display Errors - displayErrors: "0" +email: + smtpHost: "" + smtpPort: "" + smtpAuth: false + smtpUser: "" + smtpPassword: "" + smtpStarttls: false - # Auto Registration - autoRegisterEnabled: "false" -# advanced: - # php: - # displayErrors: "0" - # logErrors: "1" - # additionalAdminValues: {} + forceSender: "" + defaultSender: "" + defaultSenderName: "" + domains: + - domain + emails: + - email +php: + logErrors: "On" + displayErrors: "Off" + additionalValues: {} + additionalAdminValues: {} From cb2b3a2c3af3e43ba77350f6067a833f9d47bfc5 Mon Sep 17 00:00:00 2001 From: Lars Date: Tue, 12 Sep 2023 16:17:14 +0200 Subject: [PATCH 22/45] Fixed cert choices --- .gitlab-ci.yml | 2 +- Chart/templates/certificate.yaml | 22 ++++++++++++++++++---- Chart/templates/ingress.yaml | 11 ++++++++--- Chart/values.yaml | 12 ++++++++++++ 4 files changed, 39 insertions(+), 8 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a0e0433..90ec7ac 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.0" + HELM_CHART_VERSION: "1.0.2" stages: - deploy diff --git a/Chart/templates/certificate.yaml b/Chart/templates/certificate.yaml index e404c6f..e05ff71 100644 --- a/Chart/templates/certificate.yaml +++ b/Chart/templates/certificate.yaml @@ -1,3 +1,4 @@ +{{- if and .Values.site.certificate .Values.site.certificate.certManager }} apiVersion: cert-manager.io/v1 kind: Certificate metadata: @@ -6,8 +7,21 @@ metadata: {{- include "..labels" . | nindent 8 }} spec: issuerRef: - name: cloudyne-internal-root-v2 - kind: ClusterIssuer + name: {{ .Values.site.certificate.issuerRef }} + kind: {{ .Values.site.certificate.issuerkind }} secretName: {{ include "..fullname" . }}-cert-secret - commonName: {{ .Values.site.url }} - dnsNames: {{ include "..domains" . | nindent 8 }} \ No newline at end of file + commonName: {{ .Values.site.domain }} + dnsNames: {{ include "..domains" . | nindent 8 }} +{{- else if and .Values.site.certificate .Values.site.certificate.custom .Values.site.certificate.custom.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "..fullname" . }}-cert-secret + labels: + {{- include "..labels" . | nindent 8 }} +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.site.certificate.custom.cert | b64enc }} + tls.key: {{ .Values.site.certificate.custom.key | b64enc }} +{{- else }} +{{- end }} \ No newline at end of file diff --git a/Chart/templates/ingress.yaml b/Chart/templates/ingress.yaml index 7e4d800..32ae29f 100644 --- a/Chart/templates/ingress.yaml +++ b/Chart/templates/ingress.yaml @@ -9,10 +9,15 @@ metadata: {{- include "..labels" . | nindent 4 }} spec: ingressClassName: nginx - tls: +{{- if and .Values.site.certificate.certManager .Values.site.certificate.importCert }} + tls: - secretName: {{ include "..fullname" . }}-cert-secret - hosts: {{ include "..domains" . | nindent 8 }} - + hosts: {{ include "..domains" . | nindent 6 }} +{{- else if .Values.site.certificate.existingCert }} + tls: + - secretName: {{ .Values.site.certificate.existingCertName }} + hosts: {{ include "..domains" . | nindent 6 }} +{{- end }} rules: {{- range include "..domains" . | split "\n" }} - host: {{ . | replace "- " ""}} diff --git a/Chart/values.yaml b/Chart/values.yaml index 4c59eea..ed37c4f 100644 --- a/Chart/values.yaml +++ b/Chart/values.yaml @@ -25,6 +25,18 @@ site: webpRoute: true dbInstance: "" + certificate: + certManager: false + # issuerRef: "" + # issuerKind: "" + existingCert: false + # existingCertName: "" + importCert: false + # importCertValue: | + # .... + # importKeyValue: | + # .... + resources: replicas: 1 php: From 900cfed378c430fba9608a78fb53443a74a11602 Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 09:50:00 +0200 Subject: [PATCH 23/45] Moved data for externalsecret to correct indentation --- .gitlab-ci.yml | 2 +- Chart/templates/externalsecret.yaml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 90ec7ac..bdef4d6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.2" + HELM_CHART_VERSION: "1.0.3" stages: - deploy diff --git a/Chart/templates/externalsecret.yaml b/Chart/templates/externalsecret.yaml index 04b8c76..7b27a51 100644 --- a/Chart/templates/externalsecret.yaml +++ b/Chart/templates/externalsecret.yaml @@ -24,11 +24,11 @@ spec: metadata: labels: app.kubernetes.io/managed-by: External-Secrets - data: - {{- range $v := .items }} - - secretKey: {{ $v.target }} - remoteRef: - key: {{ $v.source }} - {{- end }} + data: + {{- range $v := .items }} + - secretKey: {{ $v.target }} + remoteRef: + key: {{ $v.source }} + {{- end }} {{- end }} {{- end }} From a062df8654d5316ab588d869d2e4315fbf03d191 Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 09:59:23 +0200 Subject: [PATCH 24/45] Fixed issuerRef/kind for cert Fixed default for additional domains --- .gitlab-ci.yml | 2 +- Chart/templates/certificate.yaml | 2 +- Chart/values.yaml | 5 ++--- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index bdef4d6..c5679af 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.3" + HELM_CHART_VERSION: "1.0.4" stages: - deploy diff --git a/Chart/templates/certificate.yaml b/Chart/templates/certificate.yaml index e05ff71..4046b8b 100644 --- a/Chart/templates/certificate.yaml +++ b/Chart/templates/certificate.yaml @@ -8,7 +8,7 @@ metadata: spec: issuerRef: name: {{ .Values.site.certificate.issuerRef }} - kind: {{ .Values.site.certificate.issuerkind }} + kind: {{ .Values.site.certificate.issuerKind }} secretName: {{ include "..fullname" . }}-cert-secret commonName: {{ .Values.site.domain }} dnsNames: {{ include "..domains" . | nindent 8 }} diff --git a/Chart/values.yaml b/Chart/values.yaml index ed37c4f..62582c1 100644 --- a/Chart/values.yaml +++ b/Chart/values.yaml @@ -13,9 +13,8 @@ customer: site: name: "customerdomain-tld" - domain: &mainDomain "customerdomain.tld" - additionalDomains: - - www.*mainDomain + domain: "customerdomain.tld" + additionalDomains: [] image: "ghcr.io/cloudynes/php-bedrock:8.0-alpine" From d84ebe57518324104259e687c8b1052fa921f199 Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 10:04:13 +0200 Subject: [PATCH 25/45] Added unit json file to mounts --- .gitlab-ci.yml | 2 +- Chart/templates/deployment.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c5679af..afd720c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.4" + HELM_CHART_VERSION: "1.0.5" stages: - deploy diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index e298c02..8e03023 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -143,6 +143,9 @@ spec: - name: serverconfig mountPath: /init-go/config.json subPath: init.json + - name: serverconfig + mountPath: /docker-entrypoint.d/unit.json + subPath: unit.json {{- if .Values.storage.local.active }} {{- range .Values.storage.folders }} - name: local From fbbeb2e40767ce220747a1835cbe2bda61c13ef7 Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 10:09:51 +0200 Subject: [PATCH 26/45] Fixed inconsistent pvc names --- .gitlab-ci.yml | 2 +- Chart/templates/persistentvolume.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index afd720c..497806b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.5" + HELM_CHART_VERSION: "1.0.6" stages: - deploy diff --git a/Chart/templates/persistentvolume.yaml b/Chart/templates/persistentvolume.yaml index 8d93727..24aedc4 100644 --- a/Chart/templates/persistentvolume.yaml +++ b/Chart/templates/persistentvolume.yaml @@ -17,11 +17,11 @@ spec: namespace: blob-csi volumeAttributes: containername: {{ .Values.storage.cloud.container }} - csi.storage.k8s.io/pv/name: pv-{{ include "..name" . }}-cloud + csi.storage.k8s.io/pv/name: pv-{{ .Values.storage.cloud.container }}-cloud csi.storage.k8s.io/pvc/namespace: {{ .Release.Namespace }} secretnamespace: {{ .Release.Namespace }} skuName: {{ .Values.storage.cloud.sku | default "Premium_LRS" }} - volumeHandle: {{ .Values.storage.cloud.class }}_{{ include "..fullname" . }} + volumeHandle: {{ .Values.storage.cloud.class }}_{{ .Values.storage.cloud.container }} mountOptions: - -o allow_other - --file-cache-timeout-in-seconds=120 From 8748fa515b5b04b69bc30129af6d356f36a43a9b Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 10:10:44 +0200 Subject: [PATCH 27/45] Correction to PVC --- .gitlab-ci.yml | 2 +- Chart/templates/persistentvolume.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 497806b..c1d9c3d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.6" + HELM_CHART_VERSION: "1.0.7" stages: - deploy diff --git a/Chart/templates/persistentvolume.yaml b/Chart/templates/persistentvolume.yaml index 24aedc4..dd91279 100644 --- a/Chart/templates/persistentvolume.yaml +++ b/Chart/templates/persistentvolume.yaml @@ -17,7 +17,7 @@ spec: namespace: blob-csi volumeAttributes: containername: {{ .Values.storage.cloud.container }} - csi.storage.k8s.io/pv/name: pv-{{ .Values.storage.cloud.container }}-cloud + csi.storage.k8s.io/pv/name: pv-{{ include "..name" . }}-cloud csi.storage.k8s.io/pvc/namespace: {{ .Release.Namespace }} secretnamespace: {{ .Release.Namespace }} skuName: {{ .Values.storage.cloud.sku | default "Premium_LRS" }} From 5f6e0e9e3564ce8b7297ee81d5a719a796ea5a0b Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 10:16:39 +0200 Subject: [PATCH 28/45] Added missing separator to pvc yaml --- .gitlab-ci.yml | 2 +- Chart/templates/persistentvolumeclaim.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c1d9c3d..deec798 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.7" + HELM_CHART_VERSION: "1.0.8" stages: - deploy diff --git a/Chart/templates/persistentvolumeclaim.yaml b/Chart/templates/persistentvolumeclaim.yaml index 2c05168..72be4e7 100644 --- a/Chart/templates/persistentvolumeclaim.yaml +++ b/Chart/templates/persistentvolumeclaim.yaml @@ -19,6 +19,7 @@ spec: storageClassName: {{ .Values.storage.cloud.class }} {{- end }} {{- if .Values.storage.local.active }} +--- apiVersion: v1 kind: PersistentVolumeClaim metadata: From 06b03555684a7d92d1282b051bd22c38b13f6574 Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 10:19:53 +0200 Subject: [PATCH 29/45] Fixed storage provisioner annot --- .gitlab-ci.yml | 2 +- Chart/templates/persistentvolumeclaim.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index deec798..b898634 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.8" + HELM_CHART_VERSION: "1.0.9" stages: - deploy diff --git a/Chart/templates/persistentvolumeclaim.yaml b/Chart/templates/persistentvolumeclaim.yaml index 72be4e7..3989e0f 100644 --- a/Chart/templates/persistentvolumeclaim.yaml +++ b/Chart/templates/persistentvolumeclaim.yaml @@ -6,8 +6,8 @@ metadata: labels: {{- include "..labels" . | nindent 4 }} annotations: - volume.beta.kubernetes.io/storage-class: {{ .Values.storage.cloud.driver }} - volume.kubernetes.io/storage-class: {{ .Values.storage.cloud.driver }} + volume.beta.kubernetes.io/storage-provisioner: {{ .Values.storage.cloud.driver }} + volume.kubernetes.io/storage-provisioner: {{ .Values.storage.cloud.driver }} spec: volumeMode: Filesystem volumeName: pv-{{ include "..name" . }}-cloud From 7bc8d7f0848d27e22624351044696801f893e685 Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 10:33:11 +0200 Subject: [PATCH 30/45] Update secret type for docker --- .gitlab-ci.yml | 2 +- Chart/templates/externalsecret.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b898634..d40a67d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.9" + HELM_CHART_VERSION: "1.0.10" stages: - deploy diff --git a/Chart/templates/externalsecret.yaml b/Chart/templates/externalsecret.yaml index 7b27a51..d5dad97 100644 --- a/Chart/templates/externalsecret.yaml +++ b/Chart/templates/externalsecret.yaml @@ -21,6 +21,9 @@ spec: target: name: {{ include "..fullname" $ }}-exts-{{ .name }} template: + {{- if eq .type "docker"}} + type: kubernetes.io/dockerconfigjson + {{- end }} metadata: labels: app.kubernetes.io/managed-by: External-Secrets From e3d4952df6cd196704311a3d0af4c226e83cf9a6 Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 10:41:57 +0200 Subject: [PATCH 31/45] fixed pointer to addt env --- .gitlab-ci.yml | 2 +- Chart/templates/configmap.yaml | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d40a67d..363f8c6 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.10" + HELM_CHART_VERSION: "1.0.11" stages: - deploy diff --git a/Chart/templates/configmap.yaml b/Chart/templates/configmap.yaml index 6014b60..e5f15ec 100644 --- a/Chart/templates/configmap.yaml +++ b/Chart/templates/configmap.yaml @@ -39,9 +39,8 @@ data: SMTP_ALLOWONLY_EMAILS: {{ .Values.email.allowedEmails | join "," }} {{- end }} WP_HOME: "https://{{ .Values.site.domain | replace "http://" "" | replace "https://" "" }}" - -{{- if .Values.site.additionalEnv }} - {{- range $k, $v := .Values.site.additionalEnv }} +{{- if .Values.site.env }} + {{- range $k, $v := .Values.site.env }} {{ $k }}: {{ $v }} {{- end }} {{- end }} From e6b0bb2db2f5690306cb408df76328535d0302bc Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 10:54:07 +0200 Subject: [PATCH 32/45] Updated pull policy for main container since init container pulls image --- .gitlab-ci.yml | 2 +- Chart/templates/deployment.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 363f8c6..7c87209 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.11" + HELM_CHART_VERSION: "1.0.12" stages: - deploy diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index 8e03023..02565a0 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -82,7 +82,7 @@ spec: image: cloudyne/ubuntu-ci:latest command: ["python3"] args: ["/usr/local/bin/storage-clone", "/mnt/cloud", "/mnt/local"] - imagePullPolicy: Always + imagePullPolicy: IfNotExists volumeMounts: - name: cloud mountPath: /mnt/cloud @@ -138,7 +138,7 @@ spec: securityContext: runAsUser: 101 image: "{{ .Values.site.image }}" - imagePullPolicy: Always + imagePullPolicy: IfNotExists volumeMounts: - name: serverconfig mountPath: /init-go/config.json From a5d7592dc7fa5644239b61ea9462bf6f8c998181 Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 10:56:52 +0200 Subject: [PATCH 33/45] IfNotExists => IfNotPResent --- .gitlab-ci.yml | 2 +- Chart/templates/deployment.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7c87209..ae0ee42 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.12" + HELM_CHART_VERSION: "1.0.13" stages: - deploy diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index 02565a0..e80b9b7 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -82,7 +82,7 @@ spec: image: cloudyne/ubuntu-ci:latest command: ["python3"] args: ["/usr/local/bin/storage-clone", "/mnt/cloud", "/mnt/local"] - imagePullPolicy: IfNotExists + imagePullPolicy: IfNotPresent volumeMounts: - name: cloud mountPath: /mnt/cloud @@ -138,7 +138,7 @@ spec: securityContext: runAsUser: 101 image: "{{ .Values.site.image }}" - imagePullPolicy: IfNotExists + imagePullPolicy: IfNotPresent volumeMounts: - name: serverconfig mountPath: /init-go/config.json From 9793780639612c9c4c21a73de7ef28bb6a1b52a1 Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 13:43:29 +0200 Subject: [PATCH 34/45] Fix ing, deployment --- .gitlab-ci.yml | 2 +- Chart/templates/deployment.yaml | 5 +---- Chart/templates/ingress.yaml | 4 +++- Chart/values.yaml | 6 ++++++ 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ae0ee42..6ec84d4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.13" + HELM_CHART_VERSION: "1.0.14" stages: - deploy diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index e80b9b7..caf644a 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -74,7 +74,7 @@ spec: {{- end }} {{- end }} initContainers: - {{- if and .Values.storage.cloud.active .Values.storage.local.active }} + {{- if and .Values.storage.cloud.active .Values.storage.local.active .Values.storage.local.cloneCloud }} - name: init-local-storage securityContext: allowPrivilegeEscalation: false @@ -140,9 +140,6 @@ spec: image: "{{ .Values.site.image }}" imagePullPolicy: IfNotPresent volumeMounts: - - name: serverconfig - mountPath: /init-go/config.json - subPath: init.json - name: serverconfig mountPath: /docker-entrypoint.d/unit.json subPath: unit.json diff --git a/Chart/templates/ingress.yaml b/Chart/templates/ingress.yaml index 32ae29f..5f6f3c5 100644 --- a/Chart/templates/ingress.yaml +++ b/Chart/templates/ingress.yaml @@ -9,7 +9,7 @@ metadata: {{- include "..labels" . | nindent 4 }} spec: ingressClassName: nginx -{{- if and .Values.site.certificate.certManager .Values.site.certificate.importCert }} +{{- if or .Values.site.certificate.certManager .Values.site.certificate.importCert }} tls: - secretName: {{ include "..fullname" . }}-cert-secret hosts: {{ include "..domains" . | nindent 6 }} @@ -20,6 +20,7 @@ spec: {{- end }} rules: {{- range include "..domains" . | split "\n" }} + {{- if ne . "" }} - host: {{ . | replace "- " ""}} http: paths: @@ -30,4 +31,5 @@ spec: name: {{ include "..fullname" $ }} port: number: 80 + {{- end }} {{- end }} \ No newline at end of file diff --git a/Chart/values.yaml b/Chart/values.yaml index 62582c1..6ab6254 100644 --- a/Chart/values.yaml +++ b/Chart/values.yaml @@ -115,6 +115,7 @@ storage: local: active: true + cloneCloud: False class: "longhorn" folders: @@ -153,6 +154,11 @@ email: emails: - email +unit: + maxProc: 5 + spareProc: 2 + spareProcTimeout: 30 + php: logErrors: "On" displayErrors: "Off" From 041946b8045ecf5dbf5d96f6153d8450259f8ec1 Mon Sep 17 00:00:00 2001 From: Lars Date: Wed, 13 Sep 2023 14:05:07 +0200 Subject: [PATCH 35/45] Add customization for proc values --- .gitlab-ci.yml | 2 +- Chart/templates/configmap.yaml | 8 ++++---- Chart/values.yaml | 6 ++---- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6ec84d4..5ba8581 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.14" + HELM_CHART_VERSION: "1.0.15" stages: - deploy diff --git a/Chart/templates/configmap.yaml b/Chart/templates/configmap.yaml index e5f15ec..afd1224 100644 --- a/Chart/templates/configmap.yaml +++ b/Chart/templates/configmap.yaml @@ -108,7 +108,7 @@ data: "match": { "uri": [ "/wp-admin", - "/wp-admin/*", + "/wp-admin/*" ] } }, @@ -183,9 +183,9 @@ data: "php": { "type": "php", "processes": { - "max": 10, - "spare": 1, - "idle_timeout": 20 + "max": {{ .Values.php.maxProc | default 5 }}, + "spare": {{ .Values.php.spareProc | default 1 }}, + "idle_timeout": {{ .Values.php.procIdleTimeout | default 65 }} }, "options": { "user": { diff --git a/Chart/values.yaml b/Chart/values.yaml index 6ab6254..6cc7707 100644 --- a/Chart/values.yaml +++ b/Chart/values.yaml @@ -154,12 +154,10 @@ email: emails: - email -unit: +php: maxProc: 5 spareProc: 2 - spareProcTimeout: 30 - -php: + procIdleTimeout: 65 logErrors: "On" displayErrors: "Off" additionalValues: {} From cbb973550c7444bbc190c6ae25430445a9651649 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Sat, 23 Sep 2023 12:49:56 +0000 Subject: [PATCH 36/45] Added option to run init as a job instead of initContainers --- .gitignore | 1 + .gitlab-ci.yml | 2 +- Chart/templates/_helpers.tpl | 19 +++++ Chart/templates/deployment.yaml | 11 +-- Chart/templates/job.yaml | 129 ++++++++++++++++++++++++++++++++ Chart/values.yaml | 1 + 6 files changed, 157 insertions(+), 6 deletions(-) create mode 100644 Chart/templates/job.yaml diff --git a/.gitignore b/.gitignore index dceaf33..39b97df 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ example.yaml example*.yaml example*.yml +test-*.yaml \ No newline at end of file diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5ba8581..1e12f6a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.15" + HELM_CHART_VERSION: "1.0.16" stages: - deploy diff --git a/Chart/templates/_helpers.tpl b/Chart/templates/_helpers.tpl index a000fd3..7dc7aa3 100644 --- a/Chart/templates/_helpers.tpl +++ b/Chart/templates/_helpers.tpl @@ -51,3 +51,22 @@ cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | rep cloudyne.systems/customer-legal-id: '{{ .Values.customer.legalId }}' cloudyne.systems/site: {{ .Values.site.domain | quote }} {{- end }} +{{- define "..affinity-labels" -}} +podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: cloudyne.systems/customer + operator: In + values: + - {{ .Values.customer.legalName | replace " " "-" | replace "," "" | trunc 63 | trimSuffix "-" | quote }} + - key: cloudyne.systems/site + operator: In + values: + - cloudyne.systems/site: {{ .Values.site.domain | quote }} + - key: cloudyne.systems/component + operator: In + values: + - "site" + topologyKey: kubernetes.io/hostname +{{- end }} diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index caf644a..45ff337 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -12,12 +12,10 @@ spec: replicas: 1 {{- end }} selector: - matchLabels: - {{- include "..selector-labels" . | nindent 6 }} + matchLabels: {{- include "..selector-labels" . | nindent 6 }} template: metadata: - labels: - {{- include "..selector-labels" . | nindent 8 }} + labels: {{- include "..selector-labels" . | nindent 8 }} spec: securityContext: fsGroup: 101 @@ -73,6 +71,7 @@ spec: {{- end }} {{- end }} {{- end }} + {{- if not .Values.init.asJob }} initContainers: {{- if and .Values.storage.cloud.active .Values.storage.local.active .Values.storage.local.cloneCloud }} - name: init-local-storage @@ -82,7 +81,7 @@ spec: image: cloudyne/ubuntu-ci:latest command: ["python3"] args: ["/usr/local/bin/storage-clone", "/mnt/cloud", "/mnt/local"] - imagePullPolicy: IfNotPresent + imagePullPolicy: Always volumeMounts: - name: cloud mountPath: /mnt/cloud @@ -118,6 +117,7 @@ spec: {{- end }} {{- end }} {{- end }} + envFrom: - configMapRef: name: {{ include "..fullname" . }}-env @@ -133,6 +133,7 @@ spec: name: {{ include "..fullname" . }}-db-auth command: ["sh"] args: ["-c", "/init-go/init-go"] + {{- end }} containers: - name: wordpress securityContext: diff --git a/Chart/templates/job.yaml b/Chart/templates/job.yaml new file mode 100644 index 0000000..6be1de1 --- /dev/null +++ b/Chart/templates/job.yaml @@ -0,0 +1,129 @@ +{{- if .Values.init.asJob }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "..fullname" . }}-wpc-reg + labels: + {{- include "..labels" . | nindent 4 }} + cloudyne.systems/component: site-init +spec: + template: + spec: + affinity: {{ include "..affinity-labels" . | nindent 8 }} + securityContext: + fsGroup: 101 + volumes: + - name: serverconfig + configMap: + name: {{ include "..fullname" . }}-cfg + {{- if and .Values.secrets .Values.secrets.external }} + {{- range .Values.secrets.external }} + {{- if eq .type "file" }} + - name: {{ .name }} + secret: + secretName: {{- include "..fullname" $ }}-exts-{{ .name }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.storage.kubernetes }} + {{- range .Values.storage.kubernetes }} + - name: {{ .name }} + {{- if eq .type "secret" }} + secret: + secretName: "{{- include "..fullname" $ }}-sec-{{ .name }}" + {{- end }} + {{- if eq .type "configmap" }} + configMap: + name: "{{- include "..fullname" $ }}-sec-{{ .name }}" + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.storage.cloud.active }} + - name: cloud + persistentVolumeClaim: + claimName: pvc-{{- include "..name" . }}-cloud + {{- end }} + {{- if .Values.storage.local.active }} + - name: local + persistentVolumeClaim: + claimName: pvc-{{- include "..name" . }}-local + {{- end }} + {{- if and .Values.secrets .Values.secrets.external }} + {{- range .Values.secrets.external }} + {{- if eq .type "docker" }} + imagePullSecrets: + - name: "{{- include "..fullname" $ }}-exts-{{ .name }}" + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.storage.kubernetes }} + {{- range .Values.storage.kubernetes }} + {{- if eq .type "docker" }} + imagePullSecrets: + - name: "{{- include "..fullname" $ }}-sec-{{ .name }}" + {{- end }} + {{- end }} + {{- end }} + {{- if and .Values.storage.cloud.active .Values.storage.local.active .Values.storage.local.cloneCloud }} + initContainers: + - name: init-local-storage + securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 + image: cloudyne/ubuntu-ci:latest + command: ["python3"] + args: ["/usr/local/bin/storage-clone", "/mnt/cloud", "/mnt/local"] + imagePullPolicy: IfNotPresent + volumeMounts: + - name: cloud + mountPath: /mnt/cloud + - name: local + mountPath: /mnt/local + {{- end }} + containers: + - name: init-site + securityContext: + allowPrivilegeEscalation: false + runAsUser: 0 + image: "{{ .Values.site.image }}" + imagePullPolicy: Always + volumeMounts: + - name: serverconfig + mountPath: /init-go/config.json + subPath: init.json + {{- if .Values.storage.local.active }} + {{- range .Values.storage.folders }} + - name: local + mountPath: "/app/web/app/{{ . }}" + subPath: "{{ . }}" + {{- end }} + {{- if .Values.storage.cloud.active }} + - name: cloud + mountPath: "/mnt/cloud" + {{- end }} + {{- else }} + {{- if .Values.storage.cloud.active }} + {{- range .Values.storage.folders }} + - name: cloud + mountPath: "/app/web/app/{{ . }}" + subPath: "{{ . }}" + {{- end }} + {{- end }} + {{- end }} + + envFrom: + - configMapRef: + name: {{ include "..fullname" . }}-env + {{- if and .Values.secrets .Values.secrets.external }} + {{- range .Values.secrets.external }} + {{- if eq .type "env" }} + - secretRef: + name: "{{- include "..fullname" $ }}-exts-{{ .name }}" + {{- end }} + {{- end }} + {{- end }} + - secretRef: + name: {{ include "..fullname" . }}-db-auth + command: ["sh"] + args: ["-c", "/init-go/init-go"] +{{- end }} \ No newline at end of file diff --git a/Chart/values.yaml b/Chart/values.yaml index 6cc7707..d4ae2f9 100644 --- a/Chart/values.yaml +++ b/Chart/values.yaml @@ -123,6 +123,7 @@ storage: - languages init: + asJob: false wp: theme: "abctheme" updatePermissions: true From b7e034847e9ba79f703f3293368858e989d7a723 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Sat, 23 Sep 2023 13:23:44 +0000 Subject: [PATCH 37/45] Fixed topology selector --- .gitlab-ci.yml | 2 +- Chart/templates/_helpers.tpl | 26 +++++++++++++------------- Chart/templates/job.yaml | 2 +- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1e12f6a..ed1059d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.16" + HELM_CHART_VERSION: "1.0.17" stages: - deploy diff --git a/Chart/templates/_helpers.tpl b/Chart/templates/_helpers.tpl index 7dc7aa3..607019d 100644 --- a/Chart/templates/_helpers.tpl +++ b/Chart/templates/_helpers.tpl @@ -54,19 +54,19 @@ cloudyne.systems/site: {{ .Values.site.domain | quote }} {{- define "..affinity-labels" -}} podAffinity: requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: - labelSelector: matchExpressions: - - key: cloudyne.systems/customer - operator: In - values: - - {{ .Values.customer.legalName | replace " " "-" | replace "," "" | trunc 63 | trimSuffix "-" | quote }} - - key: cloudyne.systems/site - operator: In - values: - - cloudyne.systems/site: {{ .Values.site.domain | quote }} - - key: cloudyne.systems/component - operator: In - values: - - "site" - topologyKey: kubernetes.io/hostname + - key: cloudyne.systems/customer + operator: In + values: + - {{ .Values.customer.legalName | replace " " "-" | replace "," "" | trunc 63 | trimSuffix "-" | quote }} + - key: cloudyne.systems/site + operator: In + values: + - {{ .Values.site.domain | quote }} + - key: cloudyne.systems/component + operator: In + values: + - "site" {{- end }} diff --git a/Chart/templates/job.yaml b/Chart/templates/job.yaml index 6be1de1..c604b54 100644 --- a/Chart/templates/job.yaml +++ b/Chart/templates/job.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "..fullname" . }}-wpc-reg + name: {{ include "..fullname" . }}-initializer labels: {{- include "..labels" . | nindent 4 }} cloudyne.systems/component: site-init From d884c6cb2b028f5774e1d7f43fa5d5085c9bc1f1 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Sat, 23 Sep 2023 13:25:04 +0000 Subject: [PATCH 38/45] Fixed selector --- .gitlab-ci.yml | 2 +- Chart/templates/_helpers.tpl | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ed1059d..e4ac0d2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.17" + HELM_CHART_VERSION: "1.0.18" stages: - deploy diff --git a/Chart/templates/_helpers.tpl b/Chart/templates/_helpers.tpl index 607019d..1d332ee 100644 --- a/Chart/templates/_helpers.tpl +++ b/Chart/templates/_helpers.tpl @@ -54,7 +54,6 @@ cloudyne.systems/site: {{ .Values.site.domain | quote }} {{- define "..affinity-labels" -}} podAffinity: requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - labelSelector: matchExpressions: - key: cloudyne.systems/customer From 6287a199b86b630982add24a1e4d0b745261d543 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Sat, 23 Sep 2023 13:26:34 +0000 Subject: [PATCH 39/45] Added topology key --- .gitlab-ci.yml | 2 +- Chart/templates/_helpers.tpl | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e4ac0d2..595be9b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.18" + HELM_CHART_VERSION: "1.0.19" stages: - deploy diff --git a/Chart/templates/_helpers.tpl b/Chart/templates/_helpers.tpl index 1d332ee..5b28433 100644 --- a/Chart/templates/_helpers.tpl +++ b/Chart/templates/_helpers.tpl @@ -68,4 +68,5 @@ podAffinity: operator: In values: - "site" + topologyKey: kubernetes.io/hostname {{- end }} From c514a76b5e117731b03b647762a38023754079db Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Sat, 23 Sep 2023 13:28:50 +0000 Subject: [PATCH 40/45] Added restart policy to job --- .gitlab-ci.yml | 2 +- Chart/templates/job.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 595be9b..7adb467 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.19" + HELM_CHART_VERSION: "1.0.20" stages: - deploy diff --git a/Chart/templates/job.yaml b/Chart/templates/job.yaml index c604b54..aa436e5 100644 --- a/Chart/templates/job.yaml +++ b/Chart/templates/job.yaml @@ -7,8 +7,10 @@ metadata: {{- include "..labels" . | nindent 4 }} cloudyne.systems/component: site-init spec: + backoffLimit: 2 template: spec: + restartPolicy: "OnFailure" affinity: {{ include "..affinity-labels" . | nindent 8 }} securityContext: fsGroup: 101 From d6292ca4b0ba2c5051840bc76489b2dfe609f62a Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Sat, 23 Sep 2023 13:41:10 +0000 Subject: [PATCH 41/45] Fixed labels --- .gitlab-ci.yml | 2 +- Chart/templates/_helpers.tpl | 2 +- Chart/templates/deployment.yaml | 7 ++++--- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7adb467..30e3864 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.20" + HELM_CHART_VERSION: "1.0.21" stages: - deploy diff --git a/Chart/templates/_helpers.tpl b/Chart/templates/_helpers.tpl index 5b28433..212bf95 100644 --- a/Chart/templates/_helpers.tpl +++ b/Chart/templates/_helpers.tpl @@ -48,8 +48,8 @@ cloudyne.systems/site: {{ .Values.site.domain | quote }} {{- end }} {{- define "..selector-labels" -}} cloudyne.systems/customer: {{ .Values.customer.legalName | replace " " "-" | replace "," "" | trunc 63 | trimSuffix "-" | quote }} -cloudyne.systems/customer-legal-id: '{{ .Values.customer.legalId }}' cloudyne.systems/site: {{ .Values.site.domain | quote }} +cloudyne.systems/component: site {{- end }} {{- define "..affinity-labels" -}} podAffinity: diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index 45ff337..7aae0e6 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -4,7 +4,6 @@ metadata: name: {{ include "..fullname" . }} labels: {{- include "..labels" . | nindent 4 }} - cloudyne.systems/component: site spec: {{- if .Values.site.resources }} replicas: {{ .Values.site.resources.replicas | default 1 }} @@ -12,10 +11,12 @@ spec: replicas: 1 {{- end }} selector: - matchLabels: {{- include "..selector-labels" . | nindent 6 }} + matchLabels: + {{- include "..selector-labels" . | nindent 6 }} template: metadata: - labels: {{- include "..selector-labels" . | nindent 8 }} + labels: + {{- include "..selector-labels" . | nindent 8 }} spec: securityContext: fsGroup: 101 From f70afe5523606a042678d26a63fcf2184de071d7 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Sat, 23 Sep 2023 18:26:16 +0000 Subject: [PATCH 42/45] Restore webp conversion for init running as job --- .gitlab-ci.yml | 2 +- Chart/templates/configmap.yaml | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 30e3864..5b0c69a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.21" + HELM_CHART_VERSION: "1.0.22" stages: - deploy diff --git a/Chart/templates/configmap.yaml b/Chart/templates/configmap.yaml index afd1224..506789f 100644 --- a/Chart/templates/configmap.yaml +++ b/Chart/templates/configmap.yaml @@ -69,7 +69,16 @@ data: "overwriteDatabase": {{ .Values.init.db.overwrite | default false }}, "generateSalts": true, "activateTheme": "{{ .Values.init.wp.theme | default .Values.site.name }}", + {{- if .Values.init.asJob }} + "convertUploadsToWebp": true, + {{- else }} "convertUploadsToWebp": {{ .Values.init.content.webpConverter | default false }}, + {{- end }} + {{- if and .Values.storage.cloud.active .Values.storage.local.active }} + "backupToCloud": true, + {{- else }} + "backupToCloud": false, + {{- end }} "convertMissingOnly": true } From 5129be3fc8d6f0e32f21e40fb616fc3bbe58009a Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Thu, 5 Oct 2023 18:27:07 +0200 Subject: [PATCH 43/45] Swap imagepullpolicy to always --- .gitlab-ci.yml | 2 +- Chart/templates/deployment.yaml | 2 +- Chart/templates/job.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5b0c69a..9d7ce07 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.22" + HELM_CHART_VERSION: "1.0.23" stages: - deploy diff --git a/Chart/templates/deployment.yaml b/Chart/templates/deployment.yaml index 7aae0e6..e4a3474 100644 --- a/Chart/templates/deployment.yaml +++ b/Chart/templates/deployment.yaml @@ -140,7 +140,7 @@ spec: securityContext: runAsUser: 101 image: "{{ .Values.site.image }}" - imagePullPolicy: IfNotPresent + imagePullPolicy: Always volumeMounts: - name: serverconfig mountPath: /docker-entrypoint.d/unit.json diff --git a/Chart/templates/job.yaml b/Chart/templates/job.yaml index aa436e5..693adf4 100644 --- a/Chart/templates/job.yaml +++ b/Chart/templates/job.yaml @@ -88,7 +88,7 @@ spec: allowPrivilegeEscalation: false runAsUser: 0 image: "{{ .Values.site.image }}" - imagePullPolicy: Always + imagePullPolicy: IfNotPresent volumeMounts: - name: serverconfig mountPath: /init-go/config.json From 0ada9155ebaa19fd17be48c9718224a5c5865702 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Mon, 30 Oct 2023 23:44:39 +0100 Subject: [PATCH 44/45] Parameterize webp conversion --- .gitlab-ci.yml | 2 +- Chart/Chart.yaml | 2 +- Chart/templates/configmap.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9d7ce07..30ea8be 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ variables: - HELM_CHART_VERSION: "1.0.23" + HELM_CHART_VERSION: "1.0.24" stages: - deploy diff --git a/Chart/Chart.yaml b/Chart/Chart.yaml index c082d4a..8f5b296 100644 --- a/Chart/Chart.yaml +++ b/Chart/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: wordyne description: Helm chart for deploying pre-built website containers to kubernetes clusters type: application -version: "99.6.29" +version: "1.0.24" appVersion: "6.2.2" diff --git a/Chart/templates/configmap.yaml b/Chart/templates/configmap.yaml index 506789f..214292c 100644 --- a/Chart/templates/configmap.yaml +++ b/Chart/templates/configmap.yaml @@ -70,7 +70,7 @@ data: "generateSalts": true, "activateTheme": "{{ .Values.init.wp.theme | default .Values.site.name }}", {{- if .Values.init.asJob }} - "convertUploadsToWebp": true, + "convertUploadsToWebp": {{ .Values.init.content.webpConverter | default true }}, {{- else }} "convertUploadsToWebp": {{ .Values.init.content.webpConverter | default false }}, {{- end }} From 721dc409adbd7a3a4df3d4d98a107a0ee6dc8a84 Mon Sep 17 00:00:00 2001 From: Lars Scheibling Date: Mon, 30 Oct 2023 23:47:38 +0100 Subject: [PATCH 45/45] Update .gitlab-ci.yml --- .gitlab-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 30ea8be..d711b79 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -9,9 +9,7 @@ default: name: cloudyne/kubectl-helm:latest entrypoint: [""] tags: - - build01 - - helm - - chartbuild + - shell deploy: stage: deploy