Merge remote-tracking branch 'upstream/main' into full-chart

Author: Your Name

charts/opencloud/Chart.yaml

@@ -10,7 +10,7 @@ maintainers:
     email: [email protected]
     url: https://opencloud.eu
 type: application
-version: 0.2.0
+version: 0.2.2
 # renovate: datasource=docker depName=opencloudeu/opencloud-rolling
 appVersion: latest
 kubeVersion: ""

charts/opencloud/README.md

@@ -15,23 +15,9 @@
         "outbox": {
           "header": "Authorization"
         }
-      },
-      "secret": {
-        "inbox": {
-          "string": "{{ .Values.onlyoffice.config.coAuthoring.secret.inbox.string }}"
-        },
-        "outbox": {
-          "string": "{{ .Values.onlyoffice.config.coAuthoring.secret.outbox.string }}"
-        },
-        "session": {
-          "string": "{{ .Values.onlyoffice.config.coAuthoring.secret.session.string }}"
-        }
       }
     }
   },
-  "rabbitmq": {
-    "url": "{{ .Values.onlyoffice.config.rabbitmq.url }}"
-  },
   "FileConverter": {
     "converter": {
       "inputLimits": [

charts/opencloud/files/onlyoffice/local.json.gotmpl

@@ -1,92 +1,91 @@
-Thank you for installing {{ .Chart.Name }}.
-
-Your release is named {{ .Release.Name }}.
-
-To learn more about the release, try:
-
-  $ helm status {{ .Release.Name }}
-  $ helm get all {{ .Release.Name }}
-
-IMPORTANT: This is a development deployment. For production use, you MUST change the following default credentials:
-
-1. Keycloak Admin: adminUser: admin, adminPassword: admin
-2. OpenCloud Admin: adminPassword: admin
-3. PostgreSQL: user: keycloak, password: keycloak
-4. MinIO: rootUser: opencloud, rootPassword: opencloud-secret-key
-5. OnlyOffice Database: sql.dbUser: onlyoffice, sql.dbPass: onlyoffice
-6. OnlyOffice Secret Keys: secret.inbox/outbox/session.string: B8LjkNqGxn6gf8bkuBUiMwyuCFwFddnu
-7. RabbitMQ: url: amqp://guest:guest@localhost
-
-Using default credentials in production environments poses significant security risks.
-
-The following services have been deployed:
-
-1. OpenCloud (Main Application):
-   - Service: {{ include "opencloud.opencloud.fullname" . }}
-   - Port: 9200
-   - Storage Driver: decomposeds3
-   - System Storage Driver: decomposed
-   - S3 Storage: {{ if .Values.opencloud.storage.s3.external.enabled }}{{ .Values.opencloud.storage.s3.external.endpoint }}{{ else if .Values.opencloud.storage.s3.internal.enabled }}MinIO ({{ include "opencloud.minio.fullname" . }}){{ else }}Not configured{{ end }}
-   - S3 Bucket: {{ if .Values.opencloud.storage.s3.external.enabled }}{{ .Values.opencloud.storage.s3.external.bucket }}{{ else if .Values.opencloud.storage.s3.internal.enabled }}{{ .Values.opencloud.storage.s3.internal.bucketName }}{{ else }}Not configured{{ end }}
-
-{{- if .Values.keycloak.enabled }}
-2. Keycloak (Authentication):
-   - Service: {{ include "opencloud.keycloak.fullname" . }}
-   - Port: 8080
-   - Username: {{ .Values.keycloak.adminUser }}
-   - Password: {{ .Values.keycloak.adminPassword }}
-{{- end }}
-
-{{- if .Values.opencloud.storage.s3.internal.enabled }}
-3. MinIO (Object Storage):
-   - Service: {{ include "opencloud.minio.fullname" . }}
-   - API Port: 9000
-   - Console Port: 9001
-   - Username: {{ .Values.opencloud.storage.s3.internal.rootUser }}
-   - Password: {{ .Values.opencloud.storage.s3.internal.rootPassword }}
-{{- end }}
-
-{{- if and .Values.onlyoffice.collaboration.enabled .Values.onlyoffice.enabled }}
-4. OnlyOffice Collaboration Service:
-   - Service: {{ include "opencloud.fullname" . }}-collaboration
-   - HTTP Port: 9300
-   - gRPC Port: 9301
-{{- end }}
-
-
-{{- if .Values.httpRoute.enabled }}
-IMPORTANT: This chart includes HTTPRoute resources that route traffic to the OpenCloud, Keycloak, and MinIO services.
-All HTTPRoutes are configured to use the Gateway named "{{ .Values.httpRoute.gateway.name }}" in the
-{{ .Values.httpRoute.gateway.namespace | default .Release.Namespace }} namespace.
-
-Make sure the Gateway exists and is properly configured to accept traffic for the following domains:
-- OpenCloud: {{ include "opencloud.domain" . }} (Service: {{ include "opencloud.opencloud.fullname" . }}, Port: 9200)
-{{- if .Values.keycloak.enabled }}
-- Keycloak: {{ include "opencloud.keycloak.domain" . }} (Service: {{ include "opencloud.keycloak.fullname" . }}, Port: 8080)
-{{- end }}
-{{- if .Values.opencloud.storage.s3.internal.enabled }}
-- MinIO Console: {{ include "opencloud.minio.domain" . }} (Service: {{ include "opencloud.minio.fullname" . }}, Port: 9001)
-{{- end }}
-{{- if and .Values.onlyoffice.collaboration.enabled .Values.onlyoffice.enabled }}
-- OnlyOffice Collaboration: {{ .Values.global.domain.wopi }} (Service: {{ include "opencloud.fullname" . }}-collaboration, Port: 9300)
-{{- end }}
-
-{{- else }}
-IMPORTANT: The HTTPRoutes are disabled. You need to configure your own ingress controller
-to expose these services externally.
-
-Example domains for your ingress configuration:
-- OpenCloud: {{ include "opencloud.domain" . }} (Service: {{ include "opencloud.opencloud.fullname" . }}, Port: 9200)
-{{- if .Values.keycloak.enabled }}
-- Keycloak: {{ include "opencloud.keycloak.domain" . }} (Service: {{ include "opencloud.keycloak.fullname" . }}, Port: 8080)
-{{- end }}
-{{- if .Values.opencloud.storage.s3.internal.enabled }}
-- MinIO Console: {{ include "opencloud.minio.domain" . }} (Service: {{ include "opencloud.minio.fullname" . }}, Port: 9001)
-{{- end }}
-{{- if and .Values.onlyoffice.collaboration.enabled .Values.onlyoffice.enabled }}
-- OnlyOffice Collaboration: {{ .Values.global.domain.wopi }} (Service: {{ include "opencloud.fullname" . }}-collaboration, Port: 9300)
-{{- end }}
-{{- end }}
-
-For more information, please refer to the OpenCloud documentation:
-  https://docs.opencloud.eu/
+Thank you for installing {{ .Chart.Name }}.
+
+Your release is named {{ .Release.Name }}.
+
+To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get all {{ .Release.Name }}
+
+IMPORTANT: This is a development deployment. For production use, you MUST change the following default credentials:
+
+1. Keycloak Admin: adminUser: admin, adminPassword: admin
+2. OpenCloud Admin: adminPassword: admin
+3. PostgreSQL: user: keycloak, password: keycloak
+4. MinIO: rootUser: opencloud, rootPassword: opencloud-secret-key
+5. OnlyOffice Database: sql.dbUser: onlyoffice, sql.dbPass: onlyoffice
+6. RabbitMQ: url: amqp://guest:guest@localhost
+
+Using default credentials in production environments poses significant security risks.
+
+The following services have been deployed:
+
+1. OpenCloud (Main Application):
+   - Service: {{ include "opencloud.opencloud.fullname" . }}
+   - Port: 9200
+   - Storage Driver: decomposeds3
+   - System Storage Driver: decomposed
+   - S3 Storage: {{ if .Values.opencloud.storage.s3.external.enabled }}{{ .Values.opencloud.storage.s3.external.endpoint }}{{ else if .Values.opencloud.storage.s3.internal.enabled }}MinIO ({{ include "opencloud.minio.fullname" . }}){{ else }}Not configured{{ end }}
+   - S3 Bucket: {{ if .Values.opencloud.storage.s3.external.enabled }}{{ .Values.opencloud.storage.s3.external.bucket }}{{ else if .Values.opencloud.storage.s3.internal.enabled }}{{ .Values.opencloud.storage.s3.internal.bucketName }}{{ else }}Not configured{{ end }}
+
+{{- if .Values.keycloak.internal.enabled }}
+2. Keycloak (Authentication):
+   - Service: {{ include "opencloud.keycloak.fullname" . }}
+   - Port: 8080
+   - Username: {{ .Values.keycloak.internal.adminUser }}
+   - Password: {{ .Values.keycloak.internal.adminPassword }}
+{{- end }}
+
+{{- if .Values.opencloud.storage.s3.internal.enabled }}
+3. MinIO (Object Storage):
+   - Service: {{ include "opencloud.minio.fullname" . }}
+   - API Port: 9000
+   - Console Port: 9001
+   - Username: {{ .Values.opencloud.storage.s3.internal.rootUser }}
+   - Password: {{ .Values.opencloud.storage.s3.internal.rootPassword }}
+{{- end }}
+
+{{- if and .Values.onlyoffice.collaboration.enabled .Values.onlyoffice.enabled }}
+4. OnlyOffice Collaboration Service:
+   - Service: {{ include "opencloud.fullname" . }}-collaboration
+   - HTTP Port: 9300
+   - gRPC Port: 9301
+{{- end }}
+
+
+{{- if .Values.httpRoute.enabled }}
+IMPORTANT: This chart includes HTTPRoute resources that route traffic to the OpenCloud, Keycloak, and MinIO services.
+All HTTPRoutes are configured to use the Gateway named "{{ .Values.httpRoute.gateway.name }}" in the
+{{ .Values.httpRoute.gateway.namespace | default .Release.Namespace }} namespace.
+
+Make sure the Gateway exists and is properly configured to accept traffic for the following domains:
+- OpenCloud: {{ include "opencloud.domain" . }} (Service: {{ include "opencloud.opencloud.fullname" . }}, Port: 9200)
+{{- if .Values.keycloak.internal.enabled }}
+- Keycloak: {{ include "opencloud.keycloak.domain" . }} (Service: {{ include "opencloud.keycloak.fullname" . }}, Port: 8080)
+{{- end }}
+{{- if .Values.opencloud.storage.s3.internal.enabled }}
+- MinIO Console: {{ include "opencloud.minio.domain" . }} (Service: {{ include "opencloud.minio.fullname" . }}, Port: 9001)
+{{- end }}
+{{- if and .Values.onlyoffice.collaboration.enabled .Values.onlyoffice.enabled }}
+- OnlyOffice Collaboration: {{ .Values.global.domain.wopi }} (Service: {{ include "opencloud.fullname" . }}-collaboration, Port: 9300)
+{{- end }}
+
+{{- else }}
+IMPORTANT: The HTTPRoutes are disabled. You need to configure your own ingress controller
+to expose these services externally.
+
+Example domains for your ingress configuration:
+- OpenCloud: {{ include "opencloud.domain" . }} (Service: {{ include "opencloud.opencloud.fullname" . }}, Port: 9200)
+{{- if .Values.keycloak.internal.enabled }}
+- Keycloak: {{ include "opencloud.keycloak.domain" . }} (Service: {{ include "opencloud.keycloak.fullname" . }}, Port: 8080)
+{{- end }}
+{{- if .Values.opencloud.storage.s3.internal.enabled }}
+- MinIO Console: {{ include "opencloud.minio.domain" . }} (Service: {{ include "opencloud.minio.fullname" . }}, Port: 9001)
+{{- end }}
+{{- if and .Values.onlyoffice.collaboration.enabled .Values.onlyoffice.enabled }}
+- OnlyOffice Collaboration: {{ .Values.global.domain.wopi }} (Service: {{ include "opencloud.fullname" . }}-collaboration, Port: 9300)
+{{- end }}
+{{- end }}
+
+For more information, please refer to the OpenCloud documentation:
+  https://docs.opencloud.eu/

charts/opencloud/templates/NOTES.txt

@@ -38,9 +38,23 @@ spec:
                 --o:welcome.enable=false \
                 --o:net.frame_ancestors={{ include "opencloud.domain" . }}
             - name: username
-              value: "{{ .Values.collabora.admin.user | default "admin" }}"
+              valueFrom:
+                secretKeyRef:
+                  name: {{- if .Values.collabora.existingSecret }}
+                          {{ .Values.collabora.existingSecret }}
+                        {{- else }}
+                          {{ include "opencloud.fullname" . }}-collabora
+                        {{- end }}
+                  key: username
             - name: password
-              value: "{{ .Values.collabora.admin.password | default "admin" }}"
+              valueFrom:
+                secretKeyRef:
+                  name: {{- if .Values.collabora.existingSecret }}
+                          {{ .Values.collabora.existingSecret }}
+                        {{- else }}
+                          {{ include "opencloud.fullname" . }}-collabora
+                        {{- end }}
+                  key: password
           ports:
             - containerPort: 9980
               name: http

charts/opencloud/templates/collabora/deployment.yaml

@@ -0,0 +1,10 @@
+{{- if and (not .Values.collabora.existingSecret) .Values.collabora.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "opencloud.fullname" . }}-collabora
+type: Opaque
+stringData:
+  username: {{ .Values.collabora.username }}
+  password: {{ .Values.collabora.password }}
+{{- end }}

charts/opencloud/templates/collabora/secrets.yaml

@@ -68,8 +68,15 @@ spec:
               value: "0.0.0.0:9300"
             - name: MICRO_REGISTRY
               value: "nats-js-kv"
+            {{- if .Values.opencloud.nats.external.enabled }}
+            - name: OC_PERSISTENT_STORE_NODES
+              value: {{ .Values.opencloud.nats.external.endpoint | quote }}
+            - name: MICRO_REGISTRY_ADDRESS
+              value: {{ .Values.opencloud.nats.external.endpoint | quote }}
+            {{- else }}
             - name: MICRO_REGISTRY_ADDRESS
               value: "{{ include "opencloud.opencloud.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:9233"
+            {{- end }}
             {{- if .Values.onlyoffice.enabled }}
             - name: COLLABORATION_WOPI_SRC
               # onlyoffice has to connect to the wopi server from the web

charts/opencloud/templates/collaboration/deployment.yaml

@@ -42,7 +42,7 @@ spec:
           selector:
             matchLabels:
               kubernetes.io/metadata.name: {{ .Values.httpRoute.gateway.namespace | default .Release.Namespace }}
-    {{- if .Values.keycloak.enabled }}
+    {{- if .Values.keycloak.internal.enabled }}
     {{- if .Values.global.tls.enabled }}
     - name: keycloak-https
     {{- else }}

charts/opencloud/templates/gateway/gateway.yaml

@@ -52,15 +52,43 @@ spec:
             - name: KC_DB_URL
               value: jdbc:postgresql://{{ include "opencloud.postgres.fullname" . }}:5432/{{ .Values.postgres.database }}
             - name: KC_DB_USERNAME
-              value: {{ .Values.postgres.user }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{- if .Values.postgres.existingSecret }}
+                          {{ .Values.postgres.existingSecret }}
+                        {{- else }}
+                          {{ include "opencloud.postgres.fullname" . }}
+                        {{- end }}
+                  key: username
             - name: KC_DB_PASSWORD
-              value: {{ .Values.postgres.password }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{- if .Values.postgres.existingSecret }}
+                          {{ .Values.postgres.existingSecret }}
+                        {{- else }}
+                          {{ include "opencloud.postgres.fullname" . }}
+                        {{- end }}
+                  key: password
             - name: KC_FEATURES
               value: impersonation
             - name: KEYCLOAK_ADMIN
-              value: {{ .Values.keycloak.internal.adminUser }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{- if .Values.keycloak.internal.existingSecret }}
+                          {{ .Values.keycloak.internal.existingSecret }}
+                        {{- else }}
+                          {{ include "opencloud.keycloak.fullname" . }}
+                        {{- end }}
+                  key: adminUser
             - name: KEYCLOAK_ADMIN_PASSWORD
-              value: {{ .Values.keycloak.internal.adminPassword }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{- if .Values.keycloak.internal.existingSecret }}
+                          {{ .Values.keycloak.internal.existingSecret }}
+                        {{- else }}
+                          {{ include "opencloud.keycloak.fullname" . }}
+                        {{- end }}
+                  key: adminPassword
             {{- if .Values.keycloak.internal.cors.enabled }}
             - name: KC_SPI_CORS_ENABLED
               value: "true"

charts/opencloud/templates/keycloak/deployment.yaml

@@ -0,0 +1,10 @@
+{{- if and (not .Values.keycloak.internal.existingSecret) .Values.keycloak.internal.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "opencloud.keycloak.fullname" . }}
+type: Opaque
+stringData:
+  adminUser: {{ .Values.keycloak.internal.adminUser }}
+  adminPassword: {{ .Values.keycloak.internal.adminPassword }}
+{{- end }}