diff --git a/charts/incubator/outline/Chart.yaml b/charts/incubator/outline/Chart.yaml new file mode 100644 index 00000000000..d203459f331 --- /dev/null +++ b/charts/incubator/outline/Chart.yaml @@ -0,0 +1,36 @@ +apiVersion: v2 +appVersion: "5.6.13" +dependencies: +- name: common + repository: https://truecharts.org + version: 9.1.8 +- condition: postgresql.enabled + name: postgresql + repository: https://truecharts.org/ + version: 7.0.6 +- condition: redis.enabled + name: redis + repository: https://truecharts.org + version: 2.0.5 +deprecated: false +description: A fast, collaborative, knowledge base for your team built using React and Node.js. +home: https://github.com/truecharts/apps/tree/master/charts/stable/outline +icon: https://truecharts.org/_static/img/appicons/outline.png +keywords: +- outline +- knowledge +kubeVersion: '>=1.16.0-0' +maintainers: +- email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: outline +sources: +- https://github.com/outline/outline +type: application +version: 0.0.1 +annotations: + truecharts.org/catagories: | + - productivity + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/charts/incubator/outline/questions.yaml b/charts/incubator/outline/questions.yaml new file mode 100644 index 00000000000..12dff52188e --- /dev/null +++ b/charts/incubator/outline/questions.yaml @@ -0,0 +1,504 @@ +# Include{groups} +portals: + open: + protocols: + - "$kubernetes-resource_configmap_portal_protocol" + host: + - "$kubernetes-resource_configmap_portal_host" + ports: + - "$kubernetes-resource_configmap_portal_port" +questions: + - variable: portal + group: "Container Image" + label: "Configure Portal Button" + schema: + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enable" + description: "enable the portal button" + schema: + hidden: true + editable: false + type: boolean + default: true +# Include{global} + - variable: controller + group: "Controller" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: "Show Advanced Controller Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: "Please specify type of workload to deploy" + label: "(Advanced) Controller Type" + schema: + type: string + default: "deployment" + required: true + enum: + - value: "deployment" + description: "Deployment" + - value: "statefulset" + description: "Statefulset" + - value: "daemonset" + description: "Daemonset" + - variable: replicas + description: "Number of desired pod replicas" + label: "Desired Replicas" + schema: + type: int + default: 1 + required: true + - variable: strategy + description: "Please specify type of workload to deploy" + label: "(Advanced) Update Strategy" + schema: + type: string + default: "Recreate" + required: true + enum: + - value: "Recreate" + description: "Recreate: Kill existing pods before creating new ones" + - value: "RollingUpdate" + description: "RollingUpdate: Create new pods and then kill old ones" + - value: "OnDelete" + description: "(Legacy) OnDelete: ignore .spec.template changes" +# Include{controllerExpert} + + - variable: env + group: "Container Configuration" + label: "Image Environment" + schema: + additional_attrs: true + type: dict + attrs: + - variable: URL + label: "URL" + description: "URL should point to the fully qualified, publicly accessible URL." + schema: + type: string + default: "http://localhost:10194" + - variable: COLLABORATION_URL + label: "COLLABORATION_URL" + description: "URL for external collaboration server" + schema: + type: string + default: "" + - variable: ALLOWED_DOMAINS + label: "ALLOWED_DOMAINS" + description: "Comma separated list of domains to be allowed to signin to the wiki. If not set, all domains are allowed by default when using Google OAuth to signin" + schema: + type: string + default: "" + - variable: SLACK_MESSAGE_ACTIONS + label: "SLACK_MESSAGE_ACTIONS" + schema: + type: boolean + default: true + - variable: ENABLE_UPDATES + label: "ENABLE_UPDATES" + schema: + type: boolean + default: true + - variable: WEB_CONCURRENCY + label: "WEB_CONCURRENCY" + description: "How many processes should be spawned. As a reasonable rule divide your servers available memory by 512 for a rough estimate" + schema: + type: int + default: 1 + - variable: DEFAULT_LANGUAGE + label: "DEFAULT_LANGUAGE" + description: "The default interface language. See translate.getoutline.com for a list of available language codes and their rough percentage translated." + schema: + type: string + default: "en_US" + - variable: TEAM_LOGO + label: "TEAM_LOGO URL" + description: "Custom logo that displays on the authentication screen, scaled to height: 60px (Insert URL here)" + schema: + type: string + default: "" + - variable: MAXIMUM_IMPORT_SIZE + label: "MAXIMUM_IMPORT_SIZE" + description: "Override the maxium size of document imports, could be required if you have especially large Word documents with embedded imagery" + schema: + type: int + default: 5120000 + - variable: SENTRY_DSN + label: "SENTRY_DSN" + schema: + type: string + default: "" + - variable: slackenabled + label: "Enable Slack Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: SLACK_KEY + label: "SLACK_KEY" + schema: + type: string + default: "" + private: true + - variable: SLACK_SECRET + label: "SLACK_SECRET" + schema: + type: string + default: "" + private: true + - variable: SLACK_VERIFICATION_TOKEN + label: "SLACK_VERIFICATION_TOKEN" + schema: + type: string + default: "" + private: true + - variable: SLACK_APP_ID + label: "SLACK_APP_ID" + schema: + type: string + default: "" + private: true + - variable: googlenabled + label: "Enable Google Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: GOOGLE_CLIENT_ID + label: "GOOGLE_CLIENT_ID" + schema: + type: string + default: "" + private: true + - variable: GOOGLE_CLIENT_SECRET + label: "GOOGLE_CLIENT_SECRET" + schema: + type: string + default: "" + private: true + - variable: GOOGLE_ANALYTICS_ID + label: "GOOGLE_ANALYTICS_ID" + schema: + type: string + default: "" + private: true + - variable: azureenabled + label: "Enable Azure Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: AZURE_CLIENT_ID + label: "AZURE_CLIENT_ID" + schema: + type: string + default: "" + private: true + - variable: AZURE_CLIENT_SECRET + label: "AZURE_CLIENT_SECRET" + schema: + type: string + default: "" + private: true + - variable: AZURE_RESOURCE_APP_ID + label: "AZURE_RESOURCE_APP_ID" + schema: + type: string + default: "" + private: true + - variable: oidcenabled + label: "Enable OIDC Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: OIDC_CLIENT_ID + label: "OIDC_CLIENT_ID" + schema: + type: string + default: "" + private: true + - variable: OIDC_CLIENT_SECRET + label: "OIDC_CLIENT_SECRET" + schema: + type: string + default: "" + private: true + - variable: OIDC_AUTH_URI + label: "OIDC_AUTH_URI" + schema: + type: string + default: "" + - variable: OIDC_TOKEN_URI + label: "OIDC_TOKEN_URI" + schema: + type: string + default: "" + - variable: OIDC_USERINFO_URI + label: "OIDC_USERINFO_URI" + schema: + type: string + default: "" + - variable: OIDC_USERNAME_CLAIM + label: "OIDC_USERNAME_CLAIM" + schema: + type: string + default: "preferred_username" + - variable: OIDC_DISPLAY_NAME + label: "OIDC_DISPLAY_NAME" + schema: + type: string + default: "OpenID" + - variable: OIDC_SCOPES + label: "OIDC_SCOPES" + schema: + type: string + default: "openid profile email" + - variable: sthreenabled + label: "Enable AWS / Minio (S3) Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: AWS_ACCESS_KEY_ID + label: "AWS_ACCESS_KEY_ID" + schema: + type: string + default: "" + private: true + - variable: AWS_SECRET_ACCESS_KEY + label: "AWS_SECRET_ACCESS_KEY" + schema: + type: string + default: "" + private: true + - variable: AWS_REGION + label: "AWS_REGION" + schema: + type: string + default: "" + - variable: AWS_S3_ACCELERATE_URL + label: "AWS_S3_ACCELERATE_URL" + schema: + type: string + default: "" + - variable: AWS_S3_UPLOAD_BUCKET_URL + label: "AWS_S3_UPLOAD_BUCKET_URL" + schema: + type: string + default: "" + - variable: AWS_S3_UPLOAD_BUCKET_NAME + label: "AWS_S3_UPLOAD_BUCKET_NAME" + schema: + type: string + default: "" + - variable: AWS_S3_UPLOAD_MAX_SIZE + label: "AWS_S3_UPLOAD_MAX_SIZE" + schema: + type: int + default: 26214400 + - variable: AWS_S3_FORCE_PATH_STYLE + label: "AWS_S3_FORCE_PATH_STYLE" + schema: + type: boolean + default: true + - variable: AWS_S3_ACL + label: "AWS_S3_ACL" + schema: + type: string + default: "private" +# Include{containerConfig} + + - variable: service + group: "Networking and Services" + label: "Configure Service(s)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: +# Include{serviceSelector} + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10196 + required: true + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 10196 + + - variable: serviceexpert + group: "Networking and Services" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: "Networking and Services" + label: "Host-Networking (Complicated)" + schema: + type: boolean + default: false + +# Include{serviceExpert} + +# Include{serviceList} + +# Include{persistenceList} + + - variable: ingress + label: "" + group: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: +# Include{ingressDefault} + +# Include{ingressTLS} + +# Include{ingressTraefik} + +# Include{ingressExpert} + +# Include{ingressList} + +# Include{security} + + - variable: advancedSecurity + label: "Show Advanced Security Settings" + group: "Security and Permissions" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: "Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: false + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: false +# Include{securityContextAdvanced} + + - variable: podSecurityContext + group: "Security and Permissions" + label: "Pod Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 0 + - variable: runAsGroup + label: "runAsGroup" + description: The groupID this App of the user running the application" + schema: + type: int + default: 0 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 +# Include{podSecurityContextAdvanced} + +# Include{resources} + +# Include{advanced} + +# Include{addons} diff --git a/charts/incubator/outline/templates/_secrets.tpl b/charts/incubator/outline/templates/_secrets.tpl new file mode 100644 index 00000000000..0337d613fe0 --- /dev/null +++ b/charts/incubator/outline/templates/_secrets.tpl @@ -0,0 +1,24 @@ +{{/* Define the secrets */}} +{{- define "outline.secrets" -}} +--- + +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: outline-secrets +{{- $outlineprevious := lookup "v1" "Secret" .Release.Namespace "outline-secrets" }} +{{- $secret_key := "" }} +{{- $utils_secret := "" }} +data: + {{- if $outlineprevious}} + SECRET_KEY: {{ index $outlineprevious.data "SECRET_KEY" }} + UTILS_SECRET: {{ index $outlineprevious.data "UTILS_SECRET" }} + {{- else }} + {{- $secret_key := randAlphaNum 32 }} + {{- $utils_secret := randAlphaNum 32 }} + SECRET_KEY: {{ $secret_key | b64enc }} + UTILS_SECRET: {{ $utils_secret | b64enc }} + {{- end }} + +{{- end -}} diff --git a/charts/incubator/outline/templates/common.yaml b/charts/incubator/outline/templates/common.yaml new file mode 100644 index 00000000000..a62fd1cae85 --- /dev/null +++ b/charts/incubator/outline/templates/common.yaml @@ -0,0 +1,8 @@ +{{/* Make sure all variables are set properly */}} +{{- include "common.setup" . }} + +{{/* Render secrets for fireflyiii */}} +{{- include "outline.secrets" . }} + +{{/* Render the templates */}} +{{ include "common.postSetup" . }} diff --git a/charts/incubator/outline/values.yaml b/charts/incubator/outline/values.yaml new file mode 100644 index 00000000000..58542fc4886 --- /dev/null +++ b/charts/incubator/outline/values.yaml @@ -0,0 +1,148 @@ +image: + repository: tccr.io/truecharts/outline + pullPolicy: IfNotPresent + tag: v0.62.0@sha256:9350ace6f88ae314620ab32e9990481d0e89895409b171fa0545b8ef9f7ede65 + +minioImage: + repository: tccr.io/truecharts/minio + tag: latest@sha256:bd004ba41b2456f115c7f1360d7c49f4478f5d9ce20ad042c8ce2cf5aff46d24 + +# # Needs check +# securityContext: +# readOnlyRootFilesystem: false +# runAsNonRoot: false +# # Needs check +# podSecurityContext: +# runAsUser: 0 +# runAsGroup: 0 + +env: + FORCE_HTTPS: false + PGSSLMODE: "disable" + PORT: "{{ .Values.service.main.ports.main.port }}" + # User defined + SLACK_MESSAGE_ACTIONS: true + ENABLE_UPDATES: true + WEB_CONCURRENCY: 1 + DEFAULT_LANGUAGE: "en_US" + TEAM_LOGO: "" + MAXIMUM_IMPORT_SIZE: 5120000 + ALLOWED_DOMAINS: "" + URL: "http://localhost:{{ .Values.service.main.ports.main.port }}" + COLLABORATION_URL: "" + SLACK_KEY: "" + SLACK_SECRET: "" + SLACK_VERIFICATION_TOKEN: "" + SLACK_APP_ID: "" + GOOGLE_CLIENT_ID: "" + GOOGLE_CLIENT_SECRET: "" + GOOGLE_ANALYTICS_ID: "" + AZURE_CLIENT_ID: "" + AZURE_CLIENT_SECRET: "" + AZURE_RESOURCE_APP_ID: "" + OIDC_CLIENT_ID: "" + OIDC_CLIENT_SECRET: "" + OIDC_AUTH_URI: "" + OIDC_TOKEN_URI: "" + OIDC_USERINFO_URI: "" + OIDC_USERNAME_CLAIM: "" + OIDC_DISPLAY_NAME: "" + OIDC_SCOPES: "" + SENTRY_DSN: "" + AWS_ACCESS_KEY_ID: "" + AWS_SECRET_ACCESS_KEY: "" + AWS_REGION: "" + AWS_S3_ACCELERATE_URL: "" + AWS_S3_UPLOAD_BUCKET_URL: "" + AWS_S3_UPLOAD_BUCKET_NAME: "" + AWS_S3_UPLOAD_MAX_SIZE: 26214400 + AWS_S3_FORCE_PATH_STYLE: true + AWS_S3_ACL: "" + +envValueFrom: + DATABASE_URL: + secretKeyRef: + name: dbcreds + key: url-noql + REDIS_URL: + secretKeyRef: + name: rediscreds + key: url + SECRET_KEY: + secretKeyRef: + name: outline-secrets + key: SECRET_KEY + UTILS_SECRET: + secretKeyRef: + name: outline-secrets + key: UTILS_SECRET + +service: + main: + ports: + main: + port: 10196 + +# Enabled redis +redis: + enabled: true + existingSecret: "rediscreds" + +# Enabled postgres +postgresql: + enabled: true + existingSecret: "dbcreds" + postgresqlUsername: outline + postgresqlDatabase: outline + +installContainers: + initdb: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: dbcreds + key: url-noql + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: rediscreds + key: url + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: outline-secrets + key: SECRET_KEY + - name: UTILS_SECRET + valueFrom: + secretKeyRef: + name: outline-secrets + key: UTILS_SECRET + command: ["sh", "-c", "yarn sequelize db:migrate --env=production-ssl-disabled"] + +upgradeContainers: + upgradedb: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: dbcreds + key: url-noql + - name: REDIS_URL + valueFrom: + secretKeyRef: + name: rediscreds + key: url + - name: SECRET_KEY + valueFrom: + secretKeyRef: + name: outline-secrets + key: SECRET_KEY + - name: UTILS_SECRET + valueFrom: + secretKeyRef: + name: outline-secrets + key: UTILS_SECRET + command: ["sh", "-c", "yarn sequelize db:migrate --env=production-ssl-disabled"] diff --git a/docs/_static/img/appicons/outline.png b/docs/_static/img/appicons/outline.png new file mode 100644 index 00000000000..edca70b0440 Binary files /dev/null and b/docs/_static/img/appicons/outline.png differ diff --git a/docs/manual/default-ports.md b/docs/manual/default-ports.md index 4a68fa92aab..56e586f60da 100644 --- a/docs/manual/default-ports.md +++ b/docs/manual/default-ports.md @@ -352,6 +352,7 @@ These defaults can of course be changed, but as we guarantee "sane, working defa | verysync | main | main | 10193 | HTTP | | | browserless | main | main | 10194 | TCP | | | kutt | main | main | 10195 | TCP | | +| outline | main | main | 10196 | TCP | | | storj-node | main | main | 14002 | TCP | | | satisfactory | beacon | beacon | 15000 | UDP | | | satisfactory | query | query | 15777 | UDP | |