Skip to content

Commit

Permalink
Merge pull request #317 from ONLYOFFICE/release/v4.2.0
Browse files Browse the repository at this point in the history
Merge Helm Chart release/v4.2.0 into master
  • Loading branch information
agolybev authored Jun 25, 2024
2 parents 9d6ed5b + 7a7ffd4 commit 21d844c
Show file tree
Hide file tree
Showing 22 changed files with 956 additions and 150 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/4testing_repo.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v4
- name: Set chart version
run: |
wget https://download.onlyoffice.com/charts/4testing/index.yaml -P /tmp
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/helm-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
images-present: ${{ steps.selective-check.outputs.images-present }}
steps:
- name: Checkout chart
uses: actions/checkout@v3
uses: actions/checkout@v4
- name: selective-check
id: selective-check
run: |
Expand Down
16 changes: 16 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,21 @@
# Change log

## 4.2.0

### New Features

* Added the ability set up the `containerSecurityContext`
* Added the ability to set up its own `nodeSelector` and `tolerations` for each service or define them globally
* Added the ability to separate a subdirectory for storing cache (data) and service (errors and forgotten) files
* Actions to clean the directory ".../cache/files/" are placed in a separate Job with a `post-upgrade` hook
* Added the ability to set up container `lifecycle` hooks

### Changes

* Changed the default values for `podSecurityContext`
* In `pre-upgrade` Job, the actions for cleaning the directory ".../cache/files/" have been removed
* Released ONLYOFFICE Docs [v8.1.0](https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#810)

## 4.1.0

### New Features
Expand Down
4 changes: 2 additions & 2 deletions Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@ description: Helm chart for installing ONLYOFFICE Docs in Kubernetes

type: application

version: 4.1.0
version: 4.2.0

appVersion: 8.0.1
appVersion: 8.1.0
119 changes: 94 additions & 25 deletions README.md

Large diffs are not rendered by default.

2 changes: 2 additions & 0 deletions sources/scc/docs-components.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,5 @@ supplementalGroups:
type: MustRunAs
users: []
groups: []
seccompProfiles:
- runtime/default
2 changes: 1 addition & 1 deletion sources/shutdown-ds.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ spec:
defaultMode: 0755
containers:
- name: shutdown-ds
image: onlyoffice/docs-utils:8.0.1-1
image: onlyoffice/docs-utils:8.1.0-1
command: ["/bin/sh", "-c"]
args: ["/scripts/stop.sh"]
volumeMounts:
Expand Down
20 changes: 20 additions & 0 deletions templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -377,6 +377,26 @@ Return the configmap name of creating tables for install ds
{{- end }}
{{- end -}}

{{/*
Get the configmap name containing the ds clearCache script
*/}}
{{- define "ds.clearCache.configMapName" -}}
{{- if .Values.clearCache.existingConfigmap.name -}}
{{- printf "%s" (tpl .Values.clearCache.existingConfigmap.name $) -}}
{{- else }}
{{- printf "clear-cache" -}}
{{- end -}}
{{- end -}}

{{/*
Return true if a configmap object containing the ds clearCache script should be created
*/}}
{{- define "ds.clearCache.createConfigMap" -}}
{{- if empty .Values.clearCache.existingConfigmap.name }}
{{- true -}}
{{- end -}}
{{- end -}}

{{/*
Get the ds labels
*/}}
Expand Down
41 changes: 41 additions & 0 deletions templates/configmaps/clear-cache.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
{{- if and (eq (include "ds.clearCache.createConfigMap" .) "true") .Values.clearCache.job.enabled (not .Values.persistence.storageS3) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: clear-cache
namespace: {{ include "ds.namespace" . | quote }}
{{- if .Values.commonLabels }}
labels:
{{- include "ds.labels.commonLabels" . | trim | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- if .Values.commonAnnotations }}
{{- include "ds.annotations.commonAnnotations" ( dict "keyName" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
clearCache.sh: |-
#!/bin/bash
FILES_DIR=/var/lib/{{ .Values.product.name }}/documentserver/App_Data/cache/files/
ls $FILES_DIR > /dev/null
if [ $? -ne 0 ]; then
echo -e "\e[0;31m Error accessing the $FILES_DIR directory \e[0m"
exit 1
fi
for ENTRY in `ls $FILES_DIR`; do
case $ENTRY in
errors)
;;
forgotten)
;;
{{ .Values.docservice.image.tag }})
;;
*)
rm -rfv $FILES_DIR$ENTRY
;;
esac
done
echo -e "\e[0;32m Clearing the cache folder is finished \e[0m"
{{- end }}
1 change: 1 addition & 0 deletions templates/configmaps/documentserver.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,4 @@ data:
{{- if .Values.requestFilteringAgent.denyIPAddressList }}
DENY_IP_ADDRESS_LIST: {{ toJson .Values.requestFilteringAgent.denyIPAddressList | squote }}
{{- end }}
STORAGE_SUBDIRECTORY_NAME: {{ .Values.docservice.image.tag }}
19 changes: 0 additions & 19 deletions templates/configmaps/pre-upgrade.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,25 +39,6 @@ data:
echo -e "\e[0;31m DB is not available \e[0m"
exit 1
fi
{{- if not .Values.persistence.storageS3 }}
FILES_DIR=/var/lib/{{ .Values.product.name }}/documentserver/App_Data/cache/files/
ls $FILES_DIR > /dev/null
if [ $? -ne 0 ]; then
echo -e "\e[0;31m Error accessing the $FILES_DIR directory \e[0m"
exit 1
fi
for ENTRY in `ls $FILES_DIR`; do
case $ENTRY in
errors)
;;
forgotten)
;;
*)
rm -rfv $FILES_DIR$ENTRY
;;
esac
done
{{- end }}
if [[ "$PRIVATE_CLUSTER" != "true" ]]; then
wget -O /scripts/{{ .Values.upgrade.existingConfigmap.tblRemove.keyName }} \
{{- if eq .Values.connections.dbType "postgres" }}
Expand Down
14 changes: 10 additions & 4 deletions templates/deployments/converter.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -77,11 +77,11 @@ spec:
nodeAffinity:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- if or .Values.nodeSelector .Values.converter.nodeSelector }}
nodeSelector: {{ toYaml (default .Values.nodeSelector .Values.converter.nodeSelector) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
{{- if or .Values.tolerations .Values.converter.tolerations }}
tolerations: {{ toYaml (default .Values.tolerations .Values.converter.tolerations) | nindent 8 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
Expand Down Expand Up @@ -119,6 +119,12 @@ spec:
- name: converter
image: {{ .Values.converter.image.repository }}:{{ .Values.converter.image.tag }}
imagePullPolicy: {{ .Values.converter.image.pullPolicy }}
{{- if .Values.converter.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.converter.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.converter.lifecycleHooks }}
lifecycle: {{- toYaml .Values.converter.lifecycleHooks | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.converter.resources | nindent 12 }}
env:
- name: DB_PWD
Expand Down
20 changes: 16 additions & 4 deletions templates/deployments/docservice.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -84,11 +84,11 @@ spec:
nodeAffinity:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }}
{{- if or .Values.nodeSelector .Values.docservice.nodeSelector }}
nodeSelector: {{ toYaml (default .Values.nodeSelector .Values.docservice.nodeSelector) | nindent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations: {{ toYaml .Values.tolerations | nindent 8 }}
{{- if or .Values.tolerations .Values.docservice.tolerations }}
tolerations: {{ toYaml (default .Values.tolerations .Values.docservice.tolerations) | nindent 8 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
Expand Down Expand Up @@ -131,6 +131,12 @@ spec:
- name: proxy
image: {{ .Values.proxy.image.repository }}:{{ .Values.proxy.image.tag }}
imagePullPolicy: {{ .Values.proxy.image.pullPolicy }}
{{- if .Values.proxy.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.proxy.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.proxy.lifecycleHooks }}
lifecycle: {{- toYaml .Values.proxy.lifecycleHooks | nindent 12 }}
{{- end }}
ports:
- containerPort: {{ .Values.proxy.containerPorts.http }}
{{- if .Values.proxy.startupProbe.enabled }}
Expand Down Expand Up @@ -181,6 +187,12 @@ spec:
- name: docservice
image: {{ .Values.docservice.image.repository }}:{{ .Values.docservice.image.tag }}
imagePullPolicy: {{ .Values.docservice.image.pullPolicy }}
{{- if .Values.docservice.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.docservice.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.docservice.lifecycleHooks }}
lifecycle: {{- toYaml .Values.docservice.lifecycleHooks | nindent 12 }}
{{- end }}
ports:
- containerPort: {{ .Values.docservice.containerPorts.http }}
{{- if .Values.docservice.startupProbe.enabled }}
Expand Down
91 changes: 91 additions & 0 deletions templates/jobs/clear-cache.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
{{- if and .Values.clearCache.job.enabled (not .Values.persistence.storageS3) }}
apiVersion: batch/v1
kind: Job
metadata:
name: clear-cache
namespace: {{ include "ds.namespace" . | quote }}
labels:
app.kubernetes.io/component: clear-cache
{{- if .Values.commonLabels }}
{{- include "ds.labels.commonLabels" . | trim | nindent 4 }}
{{- end }}
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "2"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- if or .Values.commonAnnotations .Values.clearCache.job.annotations }}
{{- $dictValue := default .Values.commonAnnotations .Values.clearCache.job.annotations }}
{{- include "ds.annotations.commonAnnotations" ( dict "keyName" $dictValue "context" $ ) | nindent 4 }}
{{- end }}
spec:
backoffLimit: 2
template:
metadata:
labels:
app.kubernetes.io/component: clear-cache
{{- if .Values.commonLabels }}
{{- include "ds.labels.commonLabels" . | trim | nindent 8 }}
{{- end }}
{{- if .Values.clearCache.job.podAnnotations }}
annotations: {{- include "ds.annotations.commonAnnotations" ( dict "keyName" .Values.clearCache.job.podAnnotations "context" $ ) | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "ds.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- toYaml .Values.podSecurityContext.jobs | nindent 8 }}
{{- end }}
{{- if or .Values.clearCache.job.customPodAntiAffinity .Values.clearCache.job.podAffinity .Values.clearCache.job.nodeAffinity }}
affinity:
{{- with .Values.clearCache.job.customPodAntiAffinity }}
podAntiAffinity:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.clearCache.job.podAffinity }}
podAffinity:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.clearCache.job.nodeAffinity }}
nodeAffinity:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- if or .Values.nodeSelector .Values.clearCache.job.nodeSelector }}
nodeSelector: {{ toYaml (default .Values.nodeSelector .Values.clearCache.job.nodeSelector) | nindent 8 }}
{{- end }}
{{- if or .Values.tolerations .Values.clearCache.job.tolerations }}
tolerations: {{ toYaml (default .Values.tolerations .Values.clearCache.job.tolerations) | nindent 8 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
- name: {{ .Values.imagePullSecrets }}
{{- end }}
volumes:
- name: ds-files
persistentVolumeClaim:
claimName: {{ template "ds.pvc.name" . }}
- name: clear-cache-scripts
configMap:
name: {{ template "ds.clearCache.configMapName" . }}
defaultMode: 0755
containers:
- name: clear-cache
image: {{ .Values.clearCache.job.image.repository }}:{{ .Values.clearCache.job.image.tag }}
imagePullPolicy: {{ .Values.clearCache.job.image.pullPolicy }}
{{- if .Values.clearCache.job.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.clearCache.job.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
resources: {{- toYaml .Values.clearCache.job.resources | nindent 12 }}
volumeMounts:
- name: ds-files
mountPath: /var/lib/{{ .Values.product.name }}/documentserver/App_Data/cache/files
- name: clear-cache-scripts
mountPath: /scripts/{{ .Values.clearCache.existingConfigmap.keyName }}
subPath: {{ .Values.clearCache.existingConfigmap.keyName }}
command: ["/bin/sh", "-c"]
{{- if .Values.webProxy.enabled }}
args: ["http_proxy={{ .Values.webProxy.http }} https_proxy={{ .Values.webProxy.https }} no_proxy={{ .Values.webProxy.noProxy }} /scripts/{{ .Values.clearCache.existingConfigmap.keyName }}"]
{{- else }}
args: ["/scripts/{{ .Values.clearCache.existingConfigmap.keyName }}"]
{{- end }}
restartPolicy: Never
{{- end }}
Loading

0 comments on commit 21d844c

Please sign in to comment.