Merge pull request opencloud-eu#2 from suse-coder/main

Initial Release

Author: butonic

Chart.yaml

@@ -0,0 +1,20 @@
+apiVersion: v2
+name: opencloud
+description: OpenCloud Helm community chart
+keywords:
+  - opencloud
+  - owncloud
+  - ocis
+maintainers:
+  - name: OpenCloud EU
+    email: [email protected]
+    url: https://opencloud.eu
+type: application
+version: 0.1.0
+# renovate: datasource=docker depName=opencloudeu/opencloud-rolling
+appVersion: latest
+kubeVersion: ""
+sources:
+  - https://github.com/opencloud-eu/opencloud
+  - https://github.com/owncloud/ocis
+  - https://github.com/cs3org/reva

README.md

@@ -0,0 +1,92 @@
+Thank you for installing {{ .Chart.Name }}.
+
+Your release is named {{ .Release.Name }}.
+
+To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get all {{ .Release.Name }}
+
+IMPORTANT: This is a development deployment. For production use, you MUST change the following default credentials:
+
+1. Keycloak Admin: adminUser: admin, adminPassword: admin
+2. OpenCloud Admin: adminPassword: admin
+3. PostgreSQL: user: keycloak, password: keycloak
+4. MinIO: rootUser: opencloud, rootPassword: opencloud-secret-key
+5. OnlyOffice Database: sql.dbUser: onlyoffice, sql.dbPass: onlyoffice
+6. OnlyOffice Secret Keys: secret.inbox/outbox/session.string: B8LjkNqGxn6gf8bkuBUiMwyuCFwFddnu
+7. RabbitMQ: url: amqp://guest:guest@localhost
+
+Using default credentials in production environments poses significant security risks.
+
+The following services have been deployed:
+
+1. OpenCloud (Main Application):
+   - Service: {{ include "opencloud.opencloud.fullname" . }}
+   - Port: 9200
+   - Storage Driver: decomposeds3
+   - System Storage Driver: decomposed
+   - S3 Storage: {{ if .Values.opencloud.storage.s3.external.enabled }}{{ .Values.opencloud.storage.s3.external.endpoint }}{{ else if .Values.opencloud.storage.s3.internal.enabled }}MinIO ({{ include "opencloud.minio.fullname" . }}){{ else }}Not configured{{ end }}
+   - S3 Bucket: {{ if .Values.opencloud.storage.s3.external.enabled }}{{ .Values.opencloud.storage.s3.external.bucket }}{{ else if .Values.opencloud.storage.s3.internal.enabled }}{{ .Values.opencloud.storage.s3.internal.bucketName }}{{ else }}Not configured{{ end }}
+
+{{- if .Values.keycloak.enabled }}
+2. Keycloak (Authentication):
+   - Service: {{ include "opencloud.keycloak.fullname" . }}
+   - Port: 8080
+   - Username: {{ .Values.keycloak.adminUser }}
+   - Password: {{ .Values.keycloak.adminPassword }}
+{{- end }}
+
+{{- if .Values.opencloud.storage.s3.internal.enabled }}
+3. MinIO (Object Storage):
+   - Service: {{ include "opencloud.minio.fullname" . }}
+   - API Port: 9000
+   - Console Port: 9001
+   - Username: {{ .Values.opencloud.storage.s3.internal.rootUser }}
+   - Password: {{ .Values.opencloud.storage.s3.internal.rootPassword }}
+{{- end }}
+
+{{- if and .Values.onlyoffice.collaboration.enabled .Values.onlyoffice.enabled }}
+4. OnlyOffice Collaboration Service:
+   - Service: {{ include "opencloud.fullname" . }}-collaboration
+   - HTTP Port: 9300
+   - gRPC Port: 9301
+{{- end }}
+
+
+{{- if .Values.cilium.httproute.enabled }}
+IMPORTANT: This chart includes Cilium HTTPRoute resources that route traffic to the OpenCloud, Keycloak, and MinIO services.
+All HTTPRoutes are configured to use the Gateway named "{{ .Values.cilium.httproute.gateway.name }}" in the
+{{ if .Values.cilium.httproute.gateway.namespace }}{{ .Values.cilium.httproute.gateway.namespace }}{{ else }}{{ .Values.namespace }}{{ end }} namespace.
+
+Make sure the Gateway exists and is properly configured to accept traffic for the following domains:
+- OpenCloud: {{ include "opencloud.domain" . }} (Service: {{ include "opencloud.opencloud.fullname" . }}, Port: 9200)
+{{- if .Values.keycloak.enabled }}
+- Keycloak: {{ include "opencloud.keycloak.domain" . }} (Service: {{ include "opencloud.keycloak.fullname" . }}, Port: 8080)
+{{- end }}
+{{- if .Values.opencloud.storage.s3.internal.enabled }}
+- MinIO Console: {{ include "opencloud.minio.domain" . }} (Service: {{ include "opencloud.minio.fullname" . }}, Port: 9001)
+{{- end }}
+{{- if and .Values.onlyoffice.collaboration.enabled .Values.onlyoffice.enabled }}
+- OnlyOffice Collaboration: {{ .Values.global.domain.wopi }} (Service: {{ include "opencloud.fullname" . }}-collaboration, Port: 9300)
+{{- end }}
+
+{{- else }}
+IMPORTANT: The Cilium HTTPRoutes are disabled. You need to configure your own ingress controller
+to expose these services externally.
+
+Example domains for your ingress configuration:
+- OpenCloud: {{ include "opencloud.domain" . }} (Service: {{ include "opencloud.opencloud.fullname" . }}, Port: 9200)
+{{- if .Values.keycloak.enabled }}
+- Keycloak: {{ include "opencloud.keycloak.domain" . }} (Service: {{ include "opencloud.keycloak.fullname" . }}, Port: 8080)
+{{- end }}
+{{- if .Values.opencloud.storage.s3.internal.enabled }}
+- MinIO Console: {{ include "opencloud.minio.domain" . }} (Service: {{ include "opencloud.minio.fullname" . }}, Port: 9001)
+{{- end }}
+{{- if and .Values.onlyoffice.collaboration.enabled .Values.onlyoffice.enabled }}
+- OnlyOffice Collaboration: {{ .Values.global.domain.wopi }} (Service: {{ include "opencloud.fullname" . }}-collaboration, Port: 9300)
+{{- end }}
+{{- end }}
+
+For more information, please refer to the OpenCloud documentation:
+  https://docs.opencloud.eu/

templates/NOTES.txt

@@ -0,0 +1,162 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "opencloud.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "opencloud.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "opencloud.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "opencloud.labels" -}}
+helm.sh/chart: {{ include "opencloud.chart" . }}
+{{ include "opencloud.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "opencloud.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "opencloud.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "opencloud.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "opencloud.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create a fully qualified OpenCloud name.
+*/}}
+{{- define "opencloud.opencloud.fullname" -}}
+{{- printf "%s-opencloud" (include "opencloud.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a fully qualified Keycloak name.
+*/}}
+{{- define "opencloud.keycloak.fullname" -}}
+{{- printf "%s-keycloak" (include "opencloud.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a fully qualified PostgreSQL name.
+*/}}
+{{- define "opencloud.postgres.fullname" -}}
+{{- printf "%s-postgres" (include "opencloud.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a fully qualified MinIO name.
+*/}}
+{{- define "opencloud.minio.fullname" -}}
+{{- printf "%s-minio" (include "opencloud.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Return the OpenCloud domain
+*/}}
+{{- define "opencloud.domain" -}}
+{{- .Values.global.domain.opencloud }}
+{{- end }}
+
+{{/*
+Return the Keycloak domain
+*/}}
+{{- define "opencloud.keycloak.domain" -}}
+{{- .Values.global.domain.keycloak }}
+{{- end }}
+
+{{/*
+Return the MinIO domain
+*/}}
+{{- define "opencloud.minio.domain" -}}
+{{- .Values.global.domain.minio }}
+{{- end }}
+
+
+{{/*
+Return the OnlyOffice domain
+*/}}
+{{- define "opencloud.onlyoffice.domain" -}}
+{{- .Values.global.domain.onlyoffice }}
+{{- end }}
+
+{{/*
+Return the Companion domain
+*/}}
+{{- define "opencloud.companion.domain" -}}
+{{- .Values.global.domain.companion }}
+{{- end }}
+
+{{/*
+Return the WOPI domain
+*/}}
+{{- define "opencloud.wopi.domain" -}}
+{{- .Values.global.domain.wopi }}
+{{- end }}
+
+{{/*
+Create a fully qualified Tika name.
+*/}}
+{{- define "opencloud.tika.fullname" -}}
+{{- printf "%s-tika" (include "opencloud.fullname" .) | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Return the namespace to use
+*/}}
+{{- define "opencloud.namespace" -}}
+{{- if .Values.namespace -}}
+{{- .Values.namespace -}}
+{{- else -}}
+{{- .Release.Namespace -}}
+{{- end -}}
+{{- end }}
+
+{{/*
+Return the appropriate apiVersion for ingress
+*/}}
+{{- define "opencloud.ingress.apiVersion" -}}
+{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}}
+{{- print "networking.k8s.io/v1" -}}
+{{- else -}}
+{{- print "networking.k8s.io/v1beta1" -}}
+{{- end -}}
+{{- end -}}

templates/_helpers/tpl.yaml

@@ -0,0 +1,114 @@
+{{- if and .Values.onlyoffice.collaboration.enabled .Values.onlyoffice.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "opencloud.fullname" . }}-collaboration
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- include "opencloud.labels" . | nindent 4 }}
+    app.kubernetes.io/component: collaboration
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "opencloud.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: collaboration
+  template:
+    metadata:
+      labels:
+        {{- include "opencloud.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: collaboration
+    spec:
+      securityContext:
+        fsGroup: 1000
+      initContainers:
+        # Wait for OpenCloud to be ready
+        - name: wait-for-opencloud
+          image: busybox
+          command: ['sh', '-c', 'until wget -q -O- http://{{ include "opencloud.opencloud.fullname" . }}:9200/health; do echo waiting for opencloud; sleep 5; done;']
+        
+        {{- if not .Values.opencloud.persistence.enabled }}
+        # Copy config from OpenCloud API if persistence is disabled
+        - name: copy-config
+          image: busybox
+          command: ['sh', '-c', 'mkdir -p /etc/opencloud && wget -q -O /etc/opencloud/config.json http://{{ include "opencloud.opencloud.fullname" . }}:9200/api/v1/config/secrets || echo "Failed to get config from OpenCloud"']
+          volumeMounts:
+            - name: etc-opencloud
+              mountPath: /etc/opencloud
+        {{- end }}
+        
+        # Wait for OnlyOffice to be ready
+        - name: wait-for-onlyoffice
+          image: busybox
+          command: ['sh', '-c', 'until wget -q -O- http://{{ include "opencloud.fullname" . }}-onlyoffice:80/hosting/discovery; do echo waiting for onlyoffice; sleep 2; done;']
+      containers:
+        - name: collaboration
+          image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command: ["/bin/sh"]
+          args: ["-c", "opencloud collaboration server"]
+          env:
+            - name: COLLABORATION_GRPC_ADDR
+              value: "0.0.0.0:9301"
+            - name: COLLABORATION_HTTP_ADDR
+              value: "0.0.0.0:9300"
+            - name: MICRO_REGISTRY
+              value: "nats-js-kv"
+            - name: MICRO_REGISTRY_ADDRESS
+              value: "{{ include "opencloud.opencloud.fullname" . }}.{{ include "opencloud.namespace" . }}.svc.cluster.local:9233"
+            - name: COLLABORATION_WOPI_SRC
+              value: "https://{{ include "opencloud.wopi.domain" . }}"
+            - name: COLLABORATION_APP_NAME
+              value: "OnlyOffice"
+            - name: COLLABORATION_APP_PRODUCT
+              value: "OnlyOffice"
+            - name: COLLABORATION_APP_ADDR
+              value: "https://{{ include "opencloud.onlyoffice.domain" . }}"
+            - name: COLLABORATION_APP_ICON
+              value: "https://{{ include "opencloud.onlyoffice.domain" . }}/web-apps/apps/documenteditor/main/resources/img/favicon.ico"
+            - name: COLLABORATION_APP_PROOF_DISABLE
+              value: "true"
+            - name: COLLABORATION_APP_INSECURE
+              value: "{{ .Values.opencloud.insecure }}"
+            - name: COLLABORATION_CS3API_DATAGATEWAY_INSECURE
+              value: "{{ .Values.opencloud.insecure }}"
+            - name: COLLABORATION_LOG_LEVEL
+              value: "{{ .Values.opencloud.logLevel }}"
+            - name: OC_URL
+              value: "https://{{ include "opencloud.domain" . }}"
+          ports:
+            - name: http
+              containerPort: 9300
+              protocol: TCP
+            - name: grpc
+              containerPort: 9301
+              protocol: TCP
+          volumeMounts:
+            - name: etc-opencloud
+              mountPath: /etc/opencloud
+          livenessProbe:
+            exec:
+              command:
+              - /bin/sh
+              - -c
+              - curl --silent --fail http://opencloud-opencloud:9200/app/list | grep '"name":"OnlyOffice"'
+            timeoutSeconds: 10
+            initialDelaySeconds: 200
+            periodSeconds: 5
+            failureThreshold: 1
+          volumeMounts:
+            - name: etc-opencloud
+              mountPath: /etc/opencloud
+          resources:
+            {{- toYaml .Values.onlyoffice.collaboration.resources | nindent 12 }}
+      volumes:
+        - name: etc-opencloud
+          {{- if .Values.opencloud.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ include "opencloud.opencloud.fullname" . }}-config
+            readOnly: true
+          {{- else }}
+          # If persistence is disabled, use an init container to copy the config
+          emptyDir: {}
+          {{- end }}
+{{- end }}