haraldwolff
/
collabora-online
mirror of https://github.com/CollaboraOnline/online.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

improve HelmChart 

Change-Id: 2995f983d09241299ccb7947a2df281aec8977a1

Signed-off-by: Klaus Erber <k.erber@erber-freelance.de>
Signed-off-by: Martin Müller <martin.mueller@dataport.de>
Signed-off-by: genofire <geno+dev@fireorbit.de>
pull/5370/head
genofire 2022-09-07 09:46:20 +02:00 committed by Andras Timar
parent 686edeac1a
commit 3e131a9e0f
20 changed files with 5647 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
kubernetes/helm/collabora-online/Chart.yaml
View File

@ -1,4 +1,32 @@
apiVersion: v1
description: Collabora Online helm chart
apiVersion: v2
type: "application"
name: collabora-online
version: 0.0.1
description: Collabora Online helm chart
version: 1.0.0
appVersion: "22.05.6.3.1"
home: "https://www.collaboraoffice.com/code/"
icon: "https://avatars0.githubusercontent.com/u/22418908?s=200&v=4"
sources:
- "https://github.com/CollaboraOnline/online"
- "https://github.com/CollaboraOnline/online/tree/master/docker"
- "https://github.com/CollaboraOnline/online/tree/master/kubernetes/helm/collabora-online"
keywords:
- "collabora-online"
- "collabora"
- "code"
- "nextcloud"
- "office"
maintainers:
- name: "Klaus Erber"
email: "k.erber@erber-freelance.de"
url: "https://www.erber-freelance.de/"
- name: "Martin Müller"
email: "martin.mueller@dataport.de"
url: "https://dphoenixsuite.de"
- name: "Geno"
email: "geno+dev@fireorbit.de"
url: "https://fireorbit.de"

2902
kubernetes/helm/collabora-online/grafana_dashboards/ha-allocation.json 100644
View File

File diff suppressed because it is too large Load Diff

1698
kubernetes/helm/collabora-online/grafana_dashboards/overview.json 100644
View File

File diff suppressed because it is too large Load Diff

65
kubernetes/helm/collabora-online/templates/_helpers.tpl
View File

@ -1,11 +1,62 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "name" -}}
{{- default .Values.global.app.name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "collabora-online.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "chartname" -}}
{{- printf "%s-%s" .Chart.Name (.Chart.Version | replace "+" "_") -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "collabora-online.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "collabora-online.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "collabora-online.labels" -}}
helm.sh/chart: {{ include "collabora-online.chart" . }}
{{ include "collabora-online.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "collabora-online.selectorLabels" -}}
app.kubernetes.io/name: {{ include "collabora-online.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "collabora-online.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "collabora-online.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

21
kubernetes/helm/collabora-online/templates/configmap.yaml
View File

@ -1,7 +1,22 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.global.configmap.name }}
namespace: {{ .Values.namespace.collabora }}
name: {{ include "collabora-online.fullname" . }}
annotations:
confighash: config-{{ .Values.collabora | toYaml | sha256sum | trunc 32 }}
labels:
{{- include "collabora-online.labels" . | nindent 4 }}
data:
timeout-tunnel: 3600s
{{- if .Values.collabora.extra_params }}
extra_params: {{ .Values.collabora.extra_params }}
{{- end }}
server_name: {{ .Values.collabora.server_name }}
{{- range $k,$v := .Values.collabora.aliasgroups }}
{{- $alias := $v.domain }}
{{- if $v.aliases }}
{{- $alias := printf "%s|https://%s:443" $alias (join ":443|https://" $v.aliases ) }}
aliasgroup{{ add $k 1 }}: {{ $alias }}
{{- else }}
aliasgroup{{ add $k 1 }}: {{ $alias }}
{{- end }}
{{- end }}

14
kubernetes/helm/collabora-online/templates/configmap_grafana_dashboards.yaml 100644
View File

@ -0,0 +1,14 @@
{{- if .Values.grafana.dashboards.enabled }}
{{- range $path, $bytes := .Files.Glob "grafana_dashboards/*" }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "collabora-online.fullname" $ }}-grafana-dashboards-{{ base $path }}
labels:
{{- include "collabora-online.labels" $ | nindent 4 }}
{{- toYaml $.Values.grafana.dashboards.labels | nindent 4 }}
data:
{{- ($.Files.Glob $path ).AsConfig | nindent 2 }}
{{- end }}
{{- end }}

132
kubernetes/helm/collabora-online/templates/deployment.yaml
View File

@ -1,20 +1,16 @@
{{- if eq .Values.deployment.kind "Deployment" -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ default .Values.global.app.name .Values.deployment.name }}
namespace: {{ .Values.namespace.collabora }}
name: {{ include "collabora-online.fullname" . }}
labels:
app: {{ template "name" . }}
chart: {{ template "chartname" . }}
release: {{ .Release.Name }}
version: "{{ .Values.global.app.version }}"
{{- include "collabora-online.labels" . | nindent 4 }}
spec:
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
minReadySeconds: {{ .Values.deployment.minReadySeconds }}
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ template "name" . }}
release: {{ .Release.Name }}
{{- end }}
strategy:
type: {{ .Values.deployment.type }}
{{- if eq .Values.deployment.type "RollingUpdate"}}
@ -22,64 +18,118 @@ spec:
maxSurge: {{ .Values.deployment.maxSurge }}
maxUnavailable: {{ .Values.deployment.maxUnavailable }}
{{- end}}
selector:
matchLabels:
{{- include "collabora-online.selectorLabels" . | nindent 6 }}
type: main
template:
metadata:
labels:
app: {{ template "name" . }}
release: {{ .Release.Name }}
version: "{{ .Values.global.app.version }}"
annotations:
{{- if .Values.global.app.monitoring.activate }}
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.global.app.monitoring.port }}"
prometheus.io/path: "{{ .Values.global.app.monitoring.path }}"
{{- end }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
confighash: config-{{ .Values.collabora | toYaml | sha256sum | trunc 32 }}
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
labels:
{{- include "collabora-online.selectorLabels" . | nindent 8 }}
type: main
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "collabora-online.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Values.global.app.name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- containerPort: {{ .Values.global.app.service.internalPort }}
securityContext:
readOnlyRootFilesystem: false
{{- if .Values.probes.liveness.activate }}
- name: http
containerPort: {{ .Values.deployment.containerPort }}
protocol: TCP
{{- if .Values.probes.startup.enabled }}
startupProbe:
httpGet:
path: /
port: {{ .Values.deployment.containerPort }}
scheme: HTTP
failureThreshold: {{ .Values.probes.startup.failureThreshold }}
periodSeconds: {{ .Values.probes.startup.periodSeconds }}
{{- end }}
{{- if .Values.probes.liveness.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.probes.liveness.path }}
port: {{ .Values.probes.port }}
scheme: {{ .Values.probes.urlScheme }}
path: /
port: {{ .Values.deployment.containerPort }}
scheme: HTTP
initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
successThreshold: {{ .Values.probes.liveness.successThreshold }}
failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
{{- end }}
{{- if .Values.probes.readiness.activate }}
{{- if .Values.probes.readiness.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.probes.readiness.path }}
port: {{ .Values.probes.port }}
scheme: {{ .Values.probes.urlScheme }}
path: /
port: {{ .Values.deployment.containerPort }}
scheme: HTTP
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
successThreshold: {{ .Values.probes.readiness.successThreshold }}
failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
{{- end }}
{{- if .Values.environmentVariablesCool }}
envFrom:
- configMapRef:
name: {{ include "collabora-online.fullname" . }}
env:
{{ toYaml .Values.environmentVariablesCool | indent 12 }}
{{- end }}
- name: username
valueFrom:
secretKeyRef:
{{- if (.Values.collabora.existingSecret).enabled }}
name: {{ .Values.collabora.existingSecret.secretName | quote }}
key: {{ .Values.collabora.existingSecret.usernameKey | quote }}
{{- else }}
name: {{ include "collabora-online.fullname" . }}
key: username
{{- end }}
- name: password
valueFrom:
secretKeyRef:
{{- if (.Values.collabora.existingSecret).enabled }}
name: {{ .Values.collabora.existingSecret.secretName | quote }}
key: {{ .Values.collabora.existingSecret.passwordKey | quote }}
{{- else }}
name: {{ include "collabora-online.fullname" . }}
key: password
{{- end }}
{{- with .Values.collabora.env }}
{{ toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: tmp
mountPath: /tmp
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- if .Values.nodeSelector }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: tmp
emptyDir: {}
emptyDir: {}
{{- end }}

12
kubernetes/helm/collabora-online/templates/dynamicConfig_configmap.yaml 100644
View File

@ -0,0 +1,12 @@
{{- if and .Values.dynamicConfig.enabled (not .Values.dynamicConfig.existingConfigMap.enabled) -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "collabora-online.fullname" . }}-dynconfig
labels:
{{- include "collabora-online.labels" . | nindent 4 }}
data:
config.json: |
{{- .Values.dynamicConfig.configuration | nindent 4 }}
{{- end}}

103
kubernetes/helm/collabora-online/templates/dynamicConfig_deployment.yaml 100644
View File

@ -0,0 +1,103 @@
{{- if .Values.dynamicConfig.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "collabora-online.fullname" . }}-dynconfig
labels:
{{- include "collabora-online.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.dynamicConfig.replicaCount }}
selector:
matchLabels:
{{- include "collabora-online.selectorLabels" . | nindent 6 }}
type: dynconfig
template:
metadata:
{{- with .Values.dynamicConfig.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "collabora-online.selectorLabels" . | nindent 8 }}
type: dynconfig
# confighash: config-{{ .Values | toYaml | sha256sum | trunc 32 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "collabora-online.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.dynamicConfig.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}-dynconfig
securityContext:
{{- toYaml .Values.dynamicConfig.securityContext | nindent 12 }}
image: "{{ .Values.dynamicConfig.image.repository }}:{{ .Values.dynamicConfig.image.tag }}"
imagePullPolicy: {{ .Values.dynamicConfig.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.dynamicConfig.containerPort }}
protocol: TCP
{{- if .Values.probes.startup.enabled }}
startupProbe:
httpGet:
path: /
port: {{ .Values.dynamicConfig.containerPort }}
scheme: HTTP
failureThreshold: {{ .Values.dynamicConfig.probes.startup.failureThreshold }}
periodSeconds: {{ .Values.dynamicConfig.probes.startup.periodSeconds }}
{{- end }}
{{- if .Values.dynamicConfig.probes.liveness.enabled }}
livenessProbe:
httpGet:
path: /
port: {{ .Values.dynamicConfig.containerPort }}
scheme: HTTP
initialDelaySeconds: {{ .Values.dynamicConfig.probes.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.dynamicConfig.probes.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.dynamicConfig.probes.liveness.timeoutSeconds }}
successThreshold: {{ .Values.dynamicConfig.probes.liveness.successThreshold }}
failureThreshold: {{ .Values.dynamicConfig.probes.liveness.failureThreshold }}
{{- end }}
{{- if .Values.dynamicConfig.probes.readiness.enabled }}
readinessProbe:
httpGet:
path: /
port: {{ .Values.dynamicConfig.containerPort }}
scheme: HTTP
initialDelaySeconds: {{ .Values.dynamicConfig.probes.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.dynamicConfig.probes.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.dynamicConfig.probes.readiness.timeoutSeconds }}
successThreshold: {{ .Values.dynamicConfig.probes.readiness.successThreshold }}
failureThreshold: {{ .Values.dynamicConfig.probes.readiness.failureThreshold }}
{{- end }}
{{- with .Values.dynamicConfig.env }}
{{ toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.dynamicConfig.resources | nindent 12 }}
volumeMounts:
- name: config
mountPath: /usr/share/nginx/html/config
{{- with .Values.dynamicConfig.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.dynamicConfig.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.dynamicConfig.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: config
configMap:
{{- if .Values.dynamicConfig.existingConfigMap.enabled }}
name: {{- .Values.dynamicConfig.existingConfigMap.name }}
{{- else }}
name: {{ include "collabora-online.fullname" . }}-dynconfig
{{- end }}
{{- end }}

43
kubernetes/helm/collabora-online/templates/dynamicConfig_ingress.yaml 100644
View File

@ -0,0 +1,43 @@
{{- if and .Values.dynamicConfig.enabled .Values.dynamicConfig.ingress.enabled -}}
{{- $fullName := include "collabora-online.fullname" . -}}
{{- $svcPort := .Values.dynamicConfig.service.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}-dynconfig
labels:
{{- include "collabora-online.labels" . | nindent 4 }}
{{- with .Values.dynamicConfig.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.dynamicConfig.ingress.className }}
ingressClassName: {{ .Values.dynamicConfig.ingress.className }}
{{- end }}
{{- if .Values.dynamicConfig.ingress.tls }}
tls:
{{- range .Values.dynamicConfig.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.dynamicConfig.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
service:
name: {{ $fullName }}-dynconfig
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

19
kubernetes/helm/collabora-online/templates/dynamicConfig_service.yaml 100644
View File

@ -0,0 +1,19 @@
{{- if .Values.dynamicConfig.enabled -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "collabora-online.fullname" . }}-dynconfig
labels:
{{- include "collabora-online.labels" . | nindent 4 }}
type: dynconfig
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.dynamicConfig.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "collabora-online.selectorLabels" . | nindent 4 }}
type: dynconfig
{{- end }}

51
kubernetes/helm/collabora-online/templates/hpa.yaml
View File

@ -1,37 +1,32 @@
{{- if .Values.global.app.scaling.enabled }}
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ .Values.hpa.name }}
namespace: {{ .Values.namespace.collabora }}
name: {{ include "collabora-online.fullname" . }}
labels:
app: {{ template "name" . }}
chart: {{ template "chartname" . }}
release: {{ .Release.Name }}
{{- include "collabora-online.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ default .Values.global.app.name .Values.deployment.name }}
{{- if gt .Values.global.app.scaling.min 1.0 }}
minReplicas: {{ .Values.global.app.scaling.min }}
{{- end }}
maxReplicas: {{ .Values.global.app.scaling.max }}
kind: {{ .Values.deployment.kind }}
name: {{ include "collabora-online.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if gt .Values.global.app.scaling.target.memory 1.0 }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.global.app.scaling.target.memory }}
{{- end }}
{{- if gt .Values.global.app.scaling.target.cpu 1.0 }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.global.app.scaling.target.cpu }}
{{- end }}
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}

59
kubernetes/helm/collabora-online/templates/ingress.yaml
View File

@ -1,28 +1,43 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "collabora-online.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ .Values.global.ingress.name }}
namespace: {{ .Values.namespace.collabora }}
name: {{ $fullName }}
labels:
{{- include "collabora-online.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"
haproxy.org/timeout-tunnel: "3600s"
haproxy.org/backend-config-snippet: |
mode http
balance leastconn
stick-table type string len 2048 size 1k store conn_cur
http-request set-var(txn.wopisrcconns) url_param(WOPISrc),table_conn_cur()
http-request track-sc1 url_param(WOPISrc)
stick match url_param(WOPISrc) if { var(txn.wopisrcconns) -m int gt 0 }
stick store-request url_param(WOPISrc)
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.className }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
- host: {{ .Values.hosts.host }}
http:
paths:
- path: "/"
pathType: Prefix
backend:
service:
name: {{ .Values.global.app.service.name }}
port:
number: 9980
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

173
kubernetes/helm/collabora-online/templates/prometheus-rules.yaml 100644
View File

@ -0,0 +1,173 @@
{{- if and ( .Values.prometheus.rules.enabled ) ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) }}
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: {{ include "collabora-online.fullname" . }}
{{- with .Values.prometheus.rules.namespace }}
namespace: {{ . | quote }}
{{- end }}
labels:
{{- include "collabora-online.labels" . | nindent 4 }}
{{- toYaml .Values.prometheus.rules.additionalLabels | nindent 4 }}
spec:
groups:
{{- if .Values.prometheus.rules.defaults.enabled }}
- name: {{ template "collabora-online.name" . }}-Defaults
rules:
- alert: "Collabora NoProcess"
expr: 'coolwsd_count < 1'
for: "1m"
labels:
severity: "critical"
{{`
annotations:
summary: "no coolwsd process running: in namespace {{ $labels.namespace }}"
description: "no coolwsd process running: of pod {{ $labels.pod }}"
`}}
{{- range $key, $value := .Values.prometheus.rules.defaults.docs.pod }}
- alert: "Collabora Open Docs by Pod"
expr: 'kit_assigned_count > {{ $value }}'
for: "1m"
labels:
severity: "{{ $key }}"
{{`
annotations:
summary: "Too many Docs are open on a pod in namespace: {{ $labels.namespace }}"
description: "Too many Docs ({{ $value }}) are open on pod: {{ $labels.pod }}"
`}}
{{- end }}
{{- range $key, $value := .Values.prometheus.rules.defaults.docs.sum }}
- alert: "Collabora Open Docs by Namespace"
expr: 'sum(kit_assigned_count) without (instance, pod) > {{ $value }}'
for: "1m"
labels:
severity: "{{ $key }}"
{{`
annotations:
summary: "Too many Docs are open on namespace"
description: "Too many Docs ({{ $value }}) are open on namespace: {{ $labels.namespace }}"
`}}
{{- end }}
{{- range $key, $value := .Values.prometheus.rules.defaults.viewers.pod }}
- alert: "Collabora Viewers by Pod"
expr: 'document_active_views_active_count_total > {{ $value }}'
for: "1m"
labels:
severity: "{{ $key }}"
{{`
annotations:
summary: "Too many Viewers on a pod in namespace: {{ $labels.namespace }}"
description: "Too many Viewers ({{ $value }}) on pod: {{ $labels.pod }}"
`}}
{{- end }}
{{- range $key, $value := .Values.prometheus.rules.defaults.viewers.doc }}
- alert: "Collabora Viewers by Document"
expr: 'doc_views_active > {{ $value }}'
for: "1m"
labels:
severity: "{{ $key }}"
{{`
annotations:
summary: "Too many Viewers on a document in namespace: {{ $labels.namespace }}"
description: "Too many Viewers ({{ $value }}) on document: {{ $labels.key }}"
`}}
{{- end }}
{{- range $key, $value := .Values.prometheus.rules.defaults.viewers.sum }}
- alert: "Collabora Viewers by Namespace"
expr: 'sum(document_active_views_active_count_total) without (instance, pod) > {{ $value }}'
for: "1m"
labels:
severity: "{{ $key }}"
{{`
annotations:
summary: "Too many Viewers on namespace"
description: "Too many Viewers ({{ $value }}) on namespace: {{ $labels.namespace }}"
`}}
{{- end }}
- alert: "Collabora same Document open Multiple time"
expr: 'count(doc_pid) by (key) > 1'
labels:
severity: "warning"
{{`
annotations:
summary: "a key/document is open multiple times in namespace: {{ $labels.namespace }}"
description: "the document {{ $labels.key }} was open multiple times in {{ $labels.namespace }}, so not all viewers could see each other"
`}}
- alert: "Collabora same Document open Multiple time"
expr: 'count(count(doc_pid)by(key)>1) > {{ .Values.prometheus.rules.defaults.docs.duplicated }}'
labels:
severity: "critical"
{{`
annotations:
summary: "too many document are open multiple times in namespace: {{ $labels.namespace }}"
description: "there are {{ $value }} document open multiple times in {{ $labels.namespace }}, so not all viewers could see each other"
`}}
- alert: "Collabora Error StorageSpaceLow"
expr: 'increase(error_storage_space_low[1m]) > 0'
labels:
severity: "warning"
{{`
annotations:
summary: "local storage space too low to operate in namespace: {{ $labels.namespace }}"
description: "local storage space too low to operate on: {{ $labels.pod }}"
`}}
- alert: "Collabora Error StorageConnection"
expr: 'increase(error_storage_connection[1m]) > 0'
labels:
severity: "warning"
{{`
annotations:
summary: "unable to connect to storage in namespace: {{ $labels.namespace }}"
description: "unable to connect to storage on: {{ $labels.pod }}"
`}}
- alert: "Collabora Error BadRequest"
expr: 'increase(error_bad_request[1m]) > 0'
labels:
severity: "warning"
{{`
annotations:
summary: "we returned an HTTP bad request to a caller in namespace: {{ $labels.namespace }}"
description: "we returned an HTTP bad request to a caller on: {{ $labels.pod }}"
`}}
- alert: "Collabora Error BadArgument"
expr: 'increase(error_bad_argument[1m]) > 0'
labels:
severity: "warning"
{{`
annotations:
summary: "we returned an HTTP bad argument to a caller in namespace: {{ $labels.namespace }}"
description: "we returned an HTTP bad argument to a caller on: {{ $labels.pod }}"
`}}
- alert: "Collabora Error UnauthorizedRequest"
expr: 'increase(error_unauthorized_request[1m]) > 0'
labels:
severity: "warning"
{{`
annotations:
summary: "an authorization exception usually on CheckFileInfo in namespace: {{ $labels.namespace }}"
description: "an authorization exception usually on CheckFileInfo on: {{ $labels.pod }}"
`}}
- alert: "Collabora Error ServiceUnavailable"
expr: 'increase(error_service_unavailable[1m]) > 0'
labels:
severity: "warning"
{{`
annotations:
summary: "internal error, service is unavailable in namespace: {{ $labels.namespace }}"
description: "internal error, service is unavailable on: {{ $labels.pod }}"
`}}
- alert: "Collabora Error ParseError"
expr: 'increase(error_parse_error[1m]) > 0'
labels:
severity: "warning"
{{`
annotations:
summary: "badly formed data provided for us to parse in namespace: {{ $labels.namespace }}"
description: "badly formed data provided for us to parse on: {{ $labels.pod }}"
`}}
{{- end }}
{{- if .Values.prometheus.rules.additionalRules }}
- name: {{ template "collabora-online.name" . }}-Additional
rules: {{- toYaml .Values.prometheus.rules.additionalRules | nindent 4 }}
{{- end }}
{{- end }}

12
kubernetes/helm/collabora-online/templates/secret.yaml 100644
View File

@ -0,0 +1,12 @@
{{- if not (.Values.collabora.existingSecret).enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "collabora-online.fullname" . }}
labels:
{{- include "collabora-online.labels" . | nindent 4 }}
data:
username: {{ .Values.collabora.username | b64enc }}
password: {{ .Values.collabora.password | b64enc }}
{{- end }}

24
kubernetes/helm/collabora-online/templates/service.yaml
View File

@ -1,19 +1,21 @@
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.global.app.service.name }}
namespace: {{ .Values.namespace.collabora }}
name: {{ include "collabora-online.fullname" . }}
labels:
app: {{ template "name" . }}
chart: {{ template "chartname" . }}
release: {{ .Release.Name }}
{{- include "collabora-online.labels" . | nindent 4 }}
type: main
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.global.app.service.type }}
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.global.app.service.externalPort }}
targetPort: {{ .Values.global.app.service.internalPort }}
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: {{ .Values.global.app.service.name }}
name: http
selector:
app: {{ template "name" . }}
release: {{ .Release.Name }}
{{- include "collabora-online.selectorLabels" . | nindent 4 }}
type: main

12
kubernetes/helm/collabora-online/templates/serviceaccount.yaml 100644
View File

@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "collabora-online.serviceAccountName" . }}
labels:
{{- include "collabora-online.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

34
kubernetes/helm/collabora-online/templates/servicemonitor.yaml 100644
View File

@ -0,0 +1,34 @@
{{- if .Values.prometheus.servicemonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "collabora-online.fullname" . }}
labels:
{{- include "collabora-online.labels" . | nindent 4 }}
{{- toYaml .Values.prometheus.servicemonitor.labels | nindent 4 }}
spec:
endpoints:
- port: http
path: "/cool/getMetrics"
basicAuth:
username:
{{- if (.Values.collabora.existingSecret).enabled }}
name: {{ .Values.collabora.existingSecret.secretName | quote }}
key: {{ .Values.collabora.existingSecret.usernameKey | quote }}
{{- else }}
name: {{ include "collabora-online.fullname" . }}
key: username
{{- end }}
password:
{{- if (.Values.collabora.existingSecret).enabled }}
name: {{ .Values.collabora.existingSecret.secretName | quote }}
key: {{ .Values.collabora.existingSecret.passwordKey | quote }}
{{- else }}
name: {{ include "collabora-online.fullname" . }}
key: password
{{- end }}
selector:
matchLabels:
{{- include "collabora-online.selectorLabels" . | nindent 6 }}
type: main
{{- end }}

129
kubernetes/helm/collabora-online/templates/statefulset.yaml 100644
View File

@ -0,0 +1,129 @@
{{- if eq .Values.deployment.kind "StatefulSet" -}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "collabora-online.fullname" . }}
labels:
{{- include "collabora-online.labels" . | nindent 4 }}
spec:
serviceName: "collabora"
minReadySeconds: {{ .Values.deployment.minReadySeconds }}
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "collabora-online.selectorLabels" . | nindent 6 }}
type: main
template:
metadata:
annotations:
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
confighash: config-{{ .Values.collabora | toYaml | sha256sum | trunc 32 }}
cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
labels:
{{- include "collabora-online.selectorLabels" . | nindent 8 }}
type: main
spec:
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "collabora-online.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.deployment.containerPort }}
protocol: TCP
{{- if .Values.probes.startup.enabled }}
startupProbe:
httpGet:
path: /
port: {{ .Values.deployment.containerPort }}
scheme: HTTP
failureThreshold: {{ .Values.probes.startup.failureThreshold }}
periodSeconds: {{ .Values.probes.startup.periodSeconds }}
{{- end }}
{{- if .Values.probes.liveness.enabled }}
livenessProbe:
httpGet:
path: /
port: {{ .Values.deployment.containerPort }}
scheme: HTTP
initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
successThreshold: {{ .Values.probes.liveness.successThreshold }}
failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
{{- end }}
{{- if .Values.probes.readiness.enabled }}
readinessProbe:
httpGet:
path: /
port: {{ .Values.deployment.containerPort }}
scheme: HTTP
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
successThreshold: {{ .Values.probes.readiness.successThreshold }}
failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
{{- end }}
envFrom:
- configMapRef:
name: {{ include "collabora-online.fullname" . }}
env:
- name: username
valueFrom:
secretKeyRef:
{{- if (.Values.collabora.existingSecret).enabled }}
name: {{ .Values.collabora.existingSecret.secretName | quote }}
key: {{ .Values.collabora.existingSecret.usernameKey | quote }}
{{- else }}
name: {{ include "collabora-online.fullname" . }}
key: username
{{- end }}
- name: password
valueFrom:
secretKeyRef:
{{- if (.Values.collabora.existingSecret).enabled }}
name: {{ .Values.collabora.existingSecret.secretName | quote }}
key: {{ .Values.collabora.existingSecret.passwordKey | quote }}
{{- else }}
name: {{ include "collabora-online.fullname" . }}
key: password
{{- end }}
{{- with .Values.collabora.env }}
{{ toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: tmp
mountPath: /tmp
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: tmp
emptyDir: {}
{{- end }}

298
kubernetes/helm/collabora-online/values.yaml
View File

@ -1,88 +1,156 @@
# Default values for collabora-online.
# Default values for newchart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
app:
name: collabora-online
urlScheme: HTTP # either HTTP or HTTPS
scaling:
enabled: true
min: 1
max: 10
target:
cpu: 70
memory: 70
monitoring:
activate: false
port: 9980
path: "/cool/getMetrics"
service:
name: collabora-online
type: ClusterIP
externalPort: 9980
internalPort: 9980
ingress:
name: collabora-online
configmap:
name: collabora-online
replicaCount: 3 # This is the amount of how many instances of coolwsd will run
image:
pullPolicy: Always
repository: collabora/code
tag: latest
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
probes:
urlScheme: HTTP # either HTTP or HTTPS
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
terminationGracePeriodSeconds: 60
serviceAccount:
# Specifies whether a service account should be created
create: false
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
collabora:
aliasgroups: []
extra_params: --o:ssl.termination=true --o:ssl.enable=false
server_name: "localhost"
existingSecret:
enabled: false
secretName: ""
usernameKey: "username"
passwordKey: "password"
password: examplepass
username: admin
env: []
prometheus:
servicemonitor:
enabled: false
labels: {}
rules:
enabled: false
additionalLabels: {}
defaults:
enabled: true
docs:
duplicated: 50
pod:
critical: 10
warning: 8
info: 5
sum:
critical: 500
warning: 200
info: 50
viewers:
pod:
critical: 100
warning: 80
info: 60
doc:
critical: 50
warning: 40
info: 30
sum:
critical: 15000
warning: 12000
info: 5000
additionalRules: []
grafana:
dashboards:
enabled: false
labels:
grafana_dashboard: "1"
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# readOnlyRootFilesystem: false
# privileged: true
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 9980
readiness:
activate: true
path: /
initialDelaySeconds: 180
periodSeconds: 10
timeoutSeconds: 30
successThreshold: 1
failureThreshold: 3
liveness:
activate: true
path: /
initialDelaySeconds: 180
periodSeconds: 10
timeoutSeconds: 30
successThreshold: 1
failureThreshold: 3
annotations: {}
deployment:
name: collabora-online
# Use StatefulSet or Deployment
kind: StatefulSet
containerPort: 9980
type: RollingUpdate
minReadySeconds: 0
maxUnavailable: 0
maxSurge: 1
environmentVariablesCool:
- name: extra_params
value: --o:ssl.enable=false
- name: aliasgroup1
value: http://.*:80
- name: username
value:
- name: password
value:
- name: domain
value: collabora
probes:
startup:
enabled: true
failureThreshold: 30
periodSeconds: 3
service:
name: collabora-online
readiness:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 30
successThreshold: 1
failureThreshold: 2
liveness:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 30
successThreshold: 1
failureThreshold: 4
hpa:
name: collabora-online
hosts:
host: coolwsd.public.example.com
namespace:
collabora: collabora
ingress:
enabled: false
className: ""
annotations: {}
# # nginx
# nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"
# # HAProxy
# haproxy.org/timeout-tunnel: "3600s"
# haproxy.org/backend-config-snippet: |
# mode http
# balance leastconn
# stick-table type string len 2048 size 1k store conn_cur
# http-request set-var(txn.wopisrcconns) url_param(WOPISrc),table_conn_cur()
# http-request track-sc1 url_param(WOPISrc)
# stick match url_param(WOPISrc) if { var(txn.wopisrcconns) -m int gt 0 }
# stick store-request url_param(WOPISrc)
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
@ -90,8 +158,92 @@ resources: {}
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 2000m
# memory: 256Mi
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# cpu: 100m
# memory: 128Mi
replicaCount: 1
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 100
targetCPUUtilizationPercentage: 70
targetMemoryUtilizationPercentage: 50
dynamicConfig:
enabled: false
replicaCount: 2
podAnnotations: []
podSecurityContext: {}
securityContext: {}
existingConfigMap:
enabled: false
name: ""
image:
repository: nginx
tag: 1.23
pullPolicy: IfNotPresent
containerPort: 80
probes:
startup:
enabled: true
failureThreshold: 30
periodSeconds: 2
readiness:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 30
successThreshold: 1
failureThreshold: 2
liveness:
enabled: true
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 30
successThreshold: 1
failureThreshold: 4
env: []
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}
service:
port: 8080
ingress:
enabled: false
className: ""
annotations: {}
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
configuration: |
{}
trusted_certs_install:
enabled: false
trusted_certs: []
nodeSelector: {}
tolerations: []
affinity: {}