diff --git a/charts/incubator/ferdi-server/Chart.yaml b/charts/incubator/ferdi-server/Chart.yaml new file mode 100644 index 00000000000..9a5ae10b36c --- /dev/null +++ b/charts/incubator/ferdi-server/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +appVersion: "10.6.2" +dependencies: +- name: common + repository: https://library-charts.truecharts.org + version: 9.2.6 +- condition: postgresql.enabled + name: postgresql + repository: https://charts.truecharts.org/ + version: 7.0.27 +description: Server for Ferdi that you can re-use to run your own +home: https://github.com/truecharts/apps/tree/master/charts/stable/ferdi-server +icon: https://truecharts.org/_static/img/appicons/ferdi-server.png +keywords: +- ferdi +kubeVersion: '>=1.16.0-0' +maintainers: +- email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: ferdi-server +sources: +- https://github.com/getferdi/server +version: 0.0.1 +annotations: + truecharts.org/catagories: | + - media + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/charts/incubator/ferdi-server/questions.yaml b/charts/incubator/ferdi-server/questions.yaml new file mode 100644 index 00000000000..3ebaa65cd52 --- /dev/null +++ b/charts/incubator/ferdi-server/questions.yaml @@ -0,0 +1,460 @@ +# Include{groups} +portals: + open: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" +questions: + - variable: portal + group: "Container Image" + label: "Configure Portal Button" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enable" + description: "enable the portal button" + schema: + hidden: true + editable: false + type: boolean + default: true +# Include{global} + - variable: controller + group: "Controller" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: "Show Advanced Controller Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: "Please specify type of workload to deploy" + label: "(Advanced) Controller Type" + schema: + type: string + default: "deployment" + required: true + enum: + - value: "deployment" + description: "Deployment" + - value: "statefulset" + description: "Statefulset" + - value: "daemonset" + description: "Daemonset" + - variable: replicas + description: "Number of desired pod replicas" + label: "Desired Replicas" + schema: + type: int + default: 1 + required: true + - variable: strategy + description: "Please specify type of workload to deploy" + label: "(Advanced) Update Strategy" + schema: + type: string + default: "Recreate" + required: true + enum: + - value: "Recreate" + description: "Recreate: Kill existing pods before creating new ones" + - value: "RollingUpdate" + description: "RollingUpdate: Create new pods and then kill old ones" + - value: "OnDelete" + description: "(Legacy) OnDelete: ignore .spec.template changes" +# Include{controllerExpert} + - variable: env + group: "Container Configuration" + label: "Image Environment" + schema: + additional_attrs: true + type: dict + attrs: + - variable: APP_URL + label: "APP_URL" + description: "Specify the URL of the Ferdi-server, including http:// or https:// as relevant." + schema: + type: string + required: true + - variable: IS_CREATION_ENABLED + label: "IS_CREATION_ENABLED" + description: "Specify whether to enable the creation of custom recipes." + schema: + type: boolean + - variable: IS_DASHBOARD_ENABLED + label: "IS_DASHBOARD_ENABLED" + description: "Specify whether to enable the Ferdi-server dashboard." + schema: + type: boolean + - variable: IS_REGISTRATION_ENABLED + label: "IS_REGISTRATION_ENABLED" + description: "Specify whether to allow user registration." + schema: + type: boolean + - variable: CONNECT_WITH_FRANZ + label: "CONNECT_WITH_FRANZ" + description: "Specify whether to enable connections to the Franz server." + schema: + type: boolean + - variable: mailsettings + label: "Mail Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: MAIL_CONNECTION + label: "MAIL_CONNECTION" + description: "Specify the mail sender to be used." + schema: + type: string + default: "smtp" + - variable: SMTP_HOST + label: "SMTP_HOST" + description: "Specify the mail host to be used" + schema: + type: string + default: "" + - variable: SMTP_PORT + label: "SMTP_PORT" + description: "Specify the mail port to be used." + schema: + type: int + default: 587 + - variable: MAIL_SSL + label: "MAIL_SSL" + description: "Specify SMTP mail security." + schema: + type: boolean + default: true + - variable: MAIL_USERNAME + label: "MAIL_USERNAME" + description: "Specify your mail username to be used." + schema: + type: string + default: "" + - variable: MAIL_PASSWORD + label: "MAIL_PASSWORD" + description: "Specify your mail password to be used." + schema: + type: string + private: true + default: "" + - variable: MAIL_SENDER + label: "MAIL_SENDER" + description: "Specify the mail sender address to be used." + schema: + type: string + default: "" + - variable: SPARKPOST_API_KEY + label: "SPARKPOST_API_KEY" + description: "Specify SparkPost API Key to be used." + schema: + type: string + private: true + default: "" + - variable: MAILGUN_DOMAIN + label: "MAILGUN_DOMAIN" + description: "Specify Mailgun domain to be used." + schema: + type: string + default: "" + - variable: MAILGUN_API_REGION + label: "MAILGUN_API_REGION" + description: "Specify Mailgun API Region to be used." + schema: + type: string + default: "" + - variable: MAILGUN_API_KEY + label: "MAILGUN_API_KEY" + description: "Specify Mailgun API Key to be used." + schema: + type: string + private: true + default: "" + +# Include{containerConfig} + + - variable: service + group: "Networking and Services" + label: "Configure Service(s)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: +# Include{serviceSelector} + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10206 + required: true + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 3333 + + - variable: serviceexpert + group: "Networking and Services" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: "Networking and Services" + label: "Host-Networking (Complicated)" + schema: + type: boolean + default: false + +# Include{serviceExpert} + +# Include{serviceList} + + - variable: persistence + label: "Integrated Persistent Storage" + description: "Integrated Persistent Storage" + group: "Storage and Persistence" + schema: + additional_attrs: true + type: dict + attrs: + - variable: data + label: "App Data Storage" + description: "Stores the Application Data." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" +# Include{persistenceBasic} + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" +# Include{persistenceAdvanced} + - variable: recipes + label: "App Recipes Storage" + description: "Stores the Application Recipes." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: "Type of Storage" + description: "Sets the persistence type, Anything other than PVC could break rollback!" + schema: + type: string + default: "simplePVC" + enum: + - value: "simplePVC" + description: "PVC (simple)" + - value: "simpleHP" + description: "HostPath (simple)" + - value: "emptyDir" + description: "emptyDir" + - value: "pvc" + description: "pvc" + - value: "hostPath" + description: "hostPath" +# Include{persistenceBasic} + - variable: hostPath + label: "hostPath" + description: "Path inside the container the storage is mounted" + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: "EmptyDir Medium" + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: "Default" + - value: "Memory" + description: "Memory" +# Include{persistenceAdvanced} + +# Include{persistenceList} + + - variable: ingress + label: "" + group: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: +# Include{ingressDefault} + +# Include{ingressTLS} + +# Include{ingressTraefik} + +# Include{ingressExpert} + +# Include{ingressList} + +# Include{security} + + - variable: advancedSecurity + label: "Show Advanced Security Settings" + group: "Security and Permissions" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: "Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: false + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: false +# Include{securityContextAdvanced} + + - variable: podSecurityContext + group: "Security and Permissions" + label: "Pod Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 0 + - variable: runAsGroup + label: "runAsGroup" + description: The groupID this App of the user running the application" + schema: + type: int + default: 0 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 +# Include{podSecurityContextAdvanced} + +# Include{resources} + +# Include{advanced} + +# Include{addons} diff --git a/charts/incubator/ferdi-server/templates/_secrets.tpl b/charts/incubator/ferdi-server/templates/_secrets.tpl new file mode 100644 index 00000000000..3f1a1cae7cb --- /dev/null +++ b/charts/incubator/ferdi-server/templates/_secrets.tpl @@ -0,0 +1,20 @@ +{{/* Define the secrets */}} +{{- define "ferdi-server.secrets" -}} +--- + +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: ferdi-server-secrets +{{- $ferdiprevious := lookup "v1" "Secret" .Release.Namespace "ferdi-server-secrets" }} +{{- $app_key := "" }} +data: + {{- if $ferdiprevious}} + APP_KEY: {{ index $ferdiprevious.data "APP_KEY" }} + {{- else }} + {{- $app_key := randAlphaNum 32 }} + APP_KEY: {{ $app_key | b64enc }} + {{- end }} + +{{- end -}} diff --git a/charts/incubator/ferdi-server/templates/common.yaml b/charts/incubator/ferdi-server/templates/common.yaml new file mode 100644 index 00000000000..743f821766b --- /dev/null +++ b/charts/incubator/ferdi-server/templates/common.yaml @@ -0,0 +1,8 @@ +{{/* Make sure all variables are set properly */}} +{{- include "common.setup" . }} + +{{/* Render secrets for ferdi-server */}} +{{- include "ferdi-server.secrets" . }} + +{{/* Render the templates */}} +{{ include "common.postSetup" . }} diff --git a/charts/incubator/ferdi-server/values.yaml b/charts/incubator/ferdi-server/values.yaml new file mode 100644 index 00000000000..6be8a620f5c --- /dev/null +++ b/charts/incubator/ferdi-server/values.yaml @@ -0,0 +1,110 @@ +image: + repository: getferdi/ferdi-server + tag: 1.3.2@sha256:b94315a20480e8c47f960590279766c8636c53f9deaaa7697499a51028e33dec + pullPolicy: IfNotPresent + +securityContext: + readOnlyRootFilesystem: false + runAsNonRoot: false + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + +env: + NODE_ENV: "production" + DATA_DIR: "/app/data" + DB_CONNECTION: "pg" + DB_PORT: "5432" + DB_SSL: false + DB_USER: "{{ .Values.postgresql.postgresqlUsername }}" + DB_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}" + # User Defined + APP_URL: "http://localhost:3333" + IS_CREATION_ENABLED: true + IS_DASHBOARD_ENABLED: true + IS_REGISTRATION_ENABLED: true + CONNECT_WITH_FRANZ: true + # MAIL_CONNECTION: "smtp" + # SMTP_HOST: "localhost" + # SMTP_PORT: 587 + # MAIL_SSL: true + # MAIL_USERNAME: "username@example.com" + # MAIL_PASSWORD: "password" + # MAIL_SENDER: "noreply@example.com" + # SPARKPOST_API_KEY: "" + # MAILGUN_DOMAIN: "" + # MAILGUN_API_REGION: "" + # MAILGUN_API_KEY: "" + +envValueFrom: + DB_HOST: + secretKeyRef: + name: dbcreds + key: plainhost + DB_PASSWORD: + secretKeyRef: + name: dbcreds + key: postgresql-password + +probes: + liveness: + path: "/health" + + readiness: + path: "/health" + + startup: + path: "/health" + +service: + main: + ports: + main: + port: 10206 + targetPort: 3333 + +persistence: + data: + enabled: true + mountPath: "/app/data" + recipes: + enabled: true + mountPath: "/app/recipes" + +postgresql: + enabled: true + existingSecret: "dbcreds" + postgresqlUsername: ferdi-server + postgresqlDatabase: ferdi-server + +installContainers: + 1-create-key-file: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + volumeMounts: + - name: data + mountPath: "/app/data" + env: + - name: APP_KEY + valueFrom: + secretKeyRef: + name: ferdi-server-secrets + key: APP_KEY + command: ["sh", "-c"] + args: + - > + keyfile="/app/data/FERDI_APP_KEY.txt"; + if [ ! -f ${keyfile} ]; + then + echo "No APP_KEY File..."; + echo "Creating APP_KEY file..."; + echo "${APP_KEY}" > ${keyfile}; + if [ -f ${keyfile} ]; + then + echo "Success!"; + else + echo "Failed."; + fi; + else + echo "APP_KEY File exists. Skipping..."; + fi; diff --git a/docs/_static/img/appicons/ferdi-server.png b/docs/_static/img/appicons/ferdi-server.png new file mode 100644 index 00000000000..587e0b86eab Binary files /dev/null and b/docs/_static/img/appicons/ferdi-server.png differ diff --git a/docs/manual/default-ports.md b/docs/manual/default-ports.md index e1b6abb675c..933cff058ca 100644 --- a/docs/manual/default-ports.md +++ b/docs/manual/default-ports.md @@ -369,6 +369,7 @@ These defaults can of course be changed, but as we guarantee "sane, working defa | technitium | dns-https | dns-https | 10203 | TCP | | | technitium | dns-https-proxy | dns-https-proxy | 10204 | TCP | | | meshcentral | main | main | 10205 | TCP | | +| ferdi | main | main | 10206 | TCP | | | storj-node | main | main | 14002 | TCP | | | satisfactory | beacon | beacon | 15000 | UDP | | | satisfactory | query | query | 15777 | UDP | |