diff --git a/CHANGELOG.md b/CHANGELOG.md index af919366b..d521af9ea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,18 @@ # Change log +## 4.4.0 + +### New Features + +* Added the ability to connect to Redis Sentinel nodes with a password +* Added the ability to set additional custom env variables for containers +* Added the ability to add additional custom volumes for containers +* Added the ability to set up Nginx log format in the Proxy container + +### Changes + +* Released ONLYOFFICE Docs [v8.2.1](https://github.com/ONLYOFFICE/DocumentServer/blob/master/CHANGELOG.md#821) + ## 4.3.0 ### New Features diff --git a/Chart.yaml b/Chart.yaml index e51e40a2e..1415404f8 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -4,6 +4,6 @@ description: Helm chart for installing ONLYOFFICE Docs in Kubernetes type: application -version: 4.3.0 +version: 4.4.0 -appVersion: 8.2.0 +appVersion: 8.2.1 diff --git a/README.md b/README.md index 12c93aa0f..fb0458094 100644 --- a/README.md +++ b/README.md @@ -388,11 +388,15 @@ The `helm delete` command removes all the Kubernetes components associated with | `connections.redisUser` | The Redis [user](https://redis.io/docs/management/security/acl/) name. The value in this parameter overrides the value set in the `options` object in `local.json` if you add custom configuration file | `default` | | `connections.redisDBNum` | Number of the redis logical database to be [selected](https://redis.io/commands/select/). The value in this parameter overrides the value set in the `options` object in `local.json` if you add custom configuration file | `0` | | `connections.redisClusterNodes` | List of nodes in the Redis cluster. There is no need to specify every node in the cluster, 3 should be enough. You can specify multiple values. It must be specified in the `host:port` format | `[]` | -| `connections.redisSentinelGroupName` | Name of a group of Redis instances composed of a master and one or more slaves. Used if `connections.redisConnectorName` is set to `ioredis` | `mymaster` | | `connections.redisPassword` | The password set for the Redis account. If set to, it takes priority over the `connections.redisExistingSecret`. The value in this parameter overrides the value set in the `options` object in `local.json` if you add custom configuration file | `""` | | `connections.redisSecretKeyName` | The name of the key that contains the Redis user password | `redis-password` | | `connections.redisExistingSecret` | Name of existing secret to use for Redis passwords. Must contain the key specified in `connections.redisSecretKeyName`. The password from this secret overrides password set in the `options` object in `local.json` | `redis` | | `connections.redisNoPass` | Defines whether to use a Redis auth without a password. If the connection to Redis server does not require a password, set the value to `true` | `false` | +| `connections.redisSentinelGroupName` | Name of a group of Redis instances composed of a master and one or more slaves. Used if `connections.redisConnectorName` is set to `ioredis` | `mymaster` | +| `connections.redisSentinelExistingSecret` | Name of existing secret to use for Redis Sentinel password. Must contain the key specified in `connections.redisSentinelSecretKeyName`. The password from this secret overrides the value for the password set in the `iooptions` object in `local.json` | "" | +| `connections.redisSentinelSecretKeyName` | The name of the key that contains the Redis Sentinel user password. If you set a password in `redisSentinelPassword`, a secret will be automatically created, the key name of which will be the value set here | `sentinel-password` | +| `connections.redisSentinelPassword` | The password set for the Redis Sentinel account. If set to, it takes priority over the `connections.redisSentinelExistingSecret`. The value in this parameter overrides the value set in the `iooptions` object in `local.json` | `""` | +| `connections.redisSentinelNoPass` | Defines whether to use a Redis Sentinel auth without a password. If the connection to Redis Sentinel does not require a password, set the value to `true` | `true` | | `connections.amqpType` | Defines the AMQP server type. Possible values are `rabbitmq` or `activemq` | `rabbitmq` | | `connections.amqpHost` | The IP address or the name of the AMQP server | `rabbitmq` | | `connections.amqpPort` | The port for the connection to AMQP server | `5672` | @@ -450,12 +454,15 @@ The `helm delete` command removes all the Kubernetes components associated with | `docservice.terminationGracePeriodSeconds` | The time to terminate gracefully during which the Docservice Pod will have the `Terminating` status | `30` | | `docservice.initContainers` | Defines containers that run before docservice and proxy containers in the Docservice deployment pod. For example, a container that changes the owner of the PersistentVolume | `[]` | | `docservice.image.repository` | Docservice container image repository* | `onlyoffice/docs-docservice-de` | -| `docservice.image.tag` | Docservice container image tag | `8.2.0-1` | +| `docservice.image.tag` | Docservice container image tag | `8.2.1-1` | | `docservice.image.pullPolicy` | Docservice container image pull policy | `IfNotPresent` | | `docservice.containerSecurityContext.enabled` | Enable security context for the Docservice container | `false` | | `docservice.lifecycleHooks` | Defines the Docservice [container lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks). It is used to trigger events to run at certain points in a container's lifecycle | `{}` | | `docservice.resources.requests` | The requested resources for the Docservice container | `{}` | | `docservice.resources.limits` | The resources limits for the Docservice container | `{}` | +| `docservice.extraEnvVars` | An array with extra env variables for the Docservice container | `[]` | +| `docservice.extraVolumes` | An array with extra volumes for the Docservice Pod | `[]` | +| `docservice.extraVolumeMounts` | An array with extra volume mounts for the Docservice container | `[]` | | `docservice.readinessProbe.enabled` | Enable readinessProbe for Docservice container | `true` | | `docservice.livenessProbe.enabled` | Enable livenessProbe for Docservice container | `true` | | `docservice.startupProbe.enabled` | Enable startupProbe for Docservice container | `true` | @@ -470,6 +477,7 @@ The `helm delete` command removes all the Kubernetes components associated with | `docservice.autoscaling.customMetricsType` | Custom, additional or external autoscaling metrics for the Docservice deployment | `[]` | | `docservice.autoscaling.behavior` | Configuring Docservice deployment scaling behavior policies for the `scaleDown` and `scaleUp` fields | `{}` | | `proxy.accessLog` | Defines the nginx config [access_log](https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) format directive | `off` | +| `proxy.logFormat` | Defines the [format](https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format) of log entries using text and various variables | `'$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'` | | `proxy.gzipProxied` | Defines the nginx config [gzip_proxied](https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_proxied) directive | `off` | | `proxy.clientMaxBodySize` | Defines the nginx config [client_max_body_size](https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size) directive | `100m` | | `proxy.workerConnections` | Defines the nginx config [worker_connections](https://nginx.org/en/docs/ngx_core_module.html#worker_connections) directive | `4096` | @@ -481,12 +489,14 @@ The `helm delete` command removes all the Kubernetes components associated with | `proxy.infoAllowedExistingSecret` | Name of existing secret to use for info auth password. Used if `proxy.infoAllowedUser` is set. Must contain the key specified in `proxy.infoAllowedSecretKeyName`. If set to, it takes priority over the `proxy.infoAllowedPassword` | `""` | | `proxy.welcomePage.enabled` | Defines whether the welcome page will be displayed | `true` | | `proxy.image.repository` | Docservice Proxy container image repository* | `onlyoffice/docs-proxy-de` | -| `proxy.image.tag` | Docservice Proxy container image tag | `8.2.0-1` | +| `proxy.image.tag` | Docservice Proxy container image tag | `8.2.1-1` | | `proxy.image.pullPolicy` | Docservice Proxy container image pull policy | `IfNotPresent` | | `proxy.containerSecurityContext.enabled` | Enable security context for the Proxy container | `false` | | `proxy.lifecycleHooks` | Defines the Proxy [container lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks). It is used to trigger events to run at certain points in a container's lifecycle | `{}` | | `proxy.resources.requests` | The requested resources for the Proxy container | `{}` | | `proxy.resources.limits` | The resources limits for the Proxy container | `{}` | +| `proxy.extraEnvVars` | An array with extra env variables for the Proxy container | `[]` | +| `proxy.extraVolumeMounts` | An array with extra volume mounts for the Proxy container | `[]` | | `proxy.readinessProbe.enabled` | Enable readinessProbe for Proxy container | `true` | | `proxy.livenessProbe.enabled` | Enable livenessProbe for Proxy container | `true` | | `proxy.startupProbe.enabled` | Enable startupProbe for Proxy container | `true` | @@ -502,12 +512,15 @@ The `helm delete` command removes all the Kubernetes components associated with | `converter.terminationGracePeriodSeconds` | The time to terminate gracefully during which the Converter Pod will have the `Terminating` status | `30` | | `converter.initContainers` | Defines containers that run before docservice and proxy containers in the Docservice deployment pod. For example, a container that changes the owner of the PersistentVolume | `[]` | | `converter.image.repository` | Converter container image repository* | `onlyoffice/docs-converter-de` | -| `converter.image.tag` | Converter container image tag | `8.2.0-1` | +| `converter.image.tag` | Converter container image tag | `8.2.1-1` | | `converter.image.pullPolicy` | Converter container image pull policy | `IfNotPresent` | | `converter.containerSecurityContext.enabled` | Enable security context for the Converter container | `false` | | `converter.lifecycleHooks` | Defines the Converter [container lifecycle hooks](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks). It is used to trigger events to run at certain points in a container's lifecycle | `{}` | | `converter.resources.requests` | The requested resources for the Converter container | `{}` | | `converter.resources.limits` | The resources limits for the Converter container | `{}` | +| `converter.extraEnvVars` | An array with extra env variables for the Converter container | `[]` | +| `converter.extraVolumes` | An array with extra volumes for the Converter Pod | `[]` | +| `converter.extraVolumeMounts` | An array with extra volume mounts for the Converter container | `[]` | | `converter.autoscaling.enabled` | Enable Converter deployment autoscaling | `false` | | `converter.autoscaling.annotations` | Defines annotations that will be additionally added to Converter deployment HPA. If set to, it takes priority over the `commonAnnotations` | `{}` | | `converter.autoscaling.minReplicas` | Converter deployment autoscaling minimum number of replicas | `2` | @@ -529,14 +542,17 @@ The `helm delete` command removes all the Kubernetes components associated with | `example.tolerations` | Tolerations for Example Pods assignment. If set to, it takes priority over the `tolerations` | `[]` | | `example.terminationGracePeriodSeconds` | The time to terminate gracefully during which the Example Pod will have the `Terminating` status | `30` | | `example.image.repository` | Example container image name | `onlyoffice/docs-example` | -| `example.image.tag` | Example container image tag | `8.2.0-1` | +| `example.image.tag` | Example container image tag | `8.2.1-1` | | `example.image.pullPolicy` | Example container image pull policy | `IfNotPresent` | | `example.containerSecurityContext.enabled` | Enable security context for the Example container | `false` | | `example.dsUrl` | ONLYOFFICE Docs external address. It should be changed only if it is necessary to check the operation of the conversion in Example (e.g. http://\/) | `/` | | `example.resources.requests` | The requested resources for the Example container | `{}` | | `example.resources.limits` | The resources limits for the Example container | `{}` | +| `example.extraEnvVars` | An array with extra env variables for the Example container | `[]` | | `example.extraConf.configMap` | The name of the ConfigMap containing the json file that override the default values. See an example of creation [here](https://github.com/ONLYOFFICE/Kubernetes-Docs?tab=readme-ov-file#71-create-a-configmap-containing-a-json-file) | `""` | | `example.extraConf.filename` | The name of the json file that contains custom values. Must be the same as the `key` name in `example.extraConf.ConfigMap` | `local.json` | +| `example.extraVolumes` | An array with extra volumes for the Example Pod | `[]` | +| `example.extraVolumeMounts` | An array with extra volume mounts for the Example container | `[]` | | `jwt.enabled` | Specifies the enabling the JSON Web Token validation by the ONLYOFFICE Docs. Common for inbox and outbox requests | `true` | | `jwt.secret` | Defines the secret key to validate the JSON Web Token in the request to the ONLYOFFICE Docs. Common for inbox and outbox requests | `MYSECRET` | | `jwt.header` | Defines the http header that will be used to send the JSON Web Token. Common for inbox and outbox requests | `Authorization` | @@ -582,7 +598,7 @@ The `helm delete` command removes all the Kubernetes components associated with | `upgrade.job.nodeSelector` | Node labels for pre-upgrade Job Pod assignment. If set to, it takes priority over the `nodeSelector` | `{}` | | `upgrade.job.tolerations` | Tolerations for pre-upgrade Job Pod assignment. If set to, it takes priority over the `tolerations` | `[]` | | `upgrade.job.image.repository` | Job by upgrade image repository | `onlyoffice/docs-utils` | -| `upgrade.job.image.tag` | Job by upgrade image tag | `8.2.0-1` | +| `upgrade.job.image.tag` | Job by upgrade image tag | `8.2.1-1` | | `upgrade.job.image.pullPolicy` | Job by upgrade image pull policy | `IfNotPresent` | | `upgrade.job.containerSecurityContext.enabled` | Enable security context for the pre-upgrade container | `false` | | `upgrade.job.resources.requests` | The requested resources for the job pre-upgrade container | `{}` | @@ -601,7 +617,7 @@ The `helm delete` command removes all the Kubernetes components associated with | `rollback.job.nodeSelector` | Node labels for pre-rollback Job Pod assignment. If set to, it takes priority over the `nodeSelector` | `{}` | | `rollback.job.tolerations` | Tolerations for pre-rollback Job Pod assignment. If set to, it takes priority over the `tolerations` | `[]` | | `rollback.job.image.repository` | Job by rollback image repository | `onlyoffice/docs-utils` | -| `rollback.job.image.tag` | Job by rollback image tag | `8.2.0-1` | +| `rollback.job.image.tag` | Job by rollback image tag | `8.2.1-1` | | `rollback.job.image.pullPolicy` | Job by rollback image pull policy | `IfNotPresent` | | `rollback.job.containerSecurityContext.enabled` | Enable security context for the pre-rollback container | `false` | | `rollback.job.resources.requests` | The requested resources for the job rollback container | `{}` | @@ -620,7 +636,7 @@ The `helm delete` command removes all the Kubernetes components associated with | `delete.job.nodeSelector` | Node labels for pre-delete Job Pod assignment. If set to, it takes priority over the `nodeSelector` | `{}` | | `delete.job.tolerations` | Tolerations for pre-delete Job Pod assignment. If set to, it takes priority over the `tolerations` | `[]` | | `delete.job.image.repository` | Job by delete image repository | `onlyoffice/docs-utils` | -| `delete.job.image.tag` | Job by delete image tag | `8.2.0-1` | +| `delete.job.image.tag` | Job by delete image tag | `8.2.1-1` | | `delete.job.image.pullPolicy` | Job by delete image pull policy | `IfNotPresent` | | `delete.job.containerSecurityContext.enabled` | Enable security context for the pre-delete container | `false` | | `delete.job.resources.requests` | The requested resources for the job delete container | `{}` | @@ -637,7 +653,7 @@ The `helm delete` command removes all the Kubernetes components associated with | `install.job.nodeSelector` | Node labels for pre-install Job Pod assignment. If set to, it takes priority over the `nodeSelector` | `{}` | | `install.job.tolerations` | Tolerations for pre-install Job Pod assignment. If set to, it takes priority over the `tolerations` | `[]` | | `install.job.image.repository` | Job by pre-install ONLYOFFICE Docs image repository | `onlyoffice/docs-utils` | -| `install.job.image.tag` | Job by pre-install ONLYOFFICE Docs image tag | `8.2.0-1` | +| `install.job.image.tag` | Job by pre-install ONLYOFFICE Docs image tag | `8.2.1-1` | | `install.job.image.pullPolicy` | Job by pre-install ONLYOFFICE Docs image pull policy | `IfNotPresent` | | `install.job.containerSecurityContext.enabled` | Enable security context for the pre-install container | `false` | | `install.job.resources.requests` | The requested resources for the job pre-install container | `{}` | @@ -654,7 +670,7 @@ The `helm delete` command removes all the Kubernetes components associated with | `clearCache.job.nodeSelector` | Node labels for Clear Cache Job Pod assignment. If set to, it takes priority over the `nodeSelector` | `{}` | | `clearCache.job.tolerations` | Tolerations for Clear Cache Job Pod assignment. If set to, it takes priority over the `tolerations` | `[]` | | `clearCache.job.image.repository` | Job by Clear Cache ONLYOFFICE Docs image repository | `onlyoffice/docs-utils` | -| `clearCache.job.image.tag` | Job by Clear Cache ONLYOFFICE Docs image tag | `8.2.0-1` | +| `clearCache.job.image.tag` | Job by Clear Cache ONLYOFFICE Docs image tag | `8.2.1-1` | | `clearCache.job.image.pullPolicy` | Job by Clear Cache ONLYOFFICE Docs image pull policy | `IfNotPresent` | | `clearCache.job.containerSecurityContext.enabled` | Enable security context for the Clear Cache container | `false` | | `clearCache.job.resources.requests` | The requested resources for the job Clear Cache container | `{}` | @@ -669,7 +685,7 @@ The `helm delete` command removes all the Kubernetes components associated with | `grafanaDashboard.job.nodeSelector` | Node labels for Grafana Dashboard Job Pod assignment. If set to, it takes priority over the `nodeSelector` | `{}` | | `grafanaDashboard.job.tolerations` | Tolerations for Grafana Dashboard Job Pod assignment. If set to, it takes priority over the `tolerations` | `[]` | | `grafanaDashboard.job.image.repository` | Job by Grafana Dashboard ONLYOFFICE Docs image repository | `onlyoffice/docs-utils` | -| `grafanaDashboard.job.image.tag` | Job by Grafana Dashboard ONLYOFFICE Docs image tag | `8.2.0-1` | +| `grafanaDashboard.job.image.tag` | Job by Grafana Dashboard ONLYOFFICE Docs image tag | `8.2.1-1` | | `grafanaDashboard.job.image.pullPolicy` | Job by Grafana Dashboard ONLYOFFICE Docs image pull policy | `IfNotPresent` | | `grafanaDashboard.job.containerSecurityContext.enabled` | Enable security context for the Grafana Dashboard container | `false` | | `grafanaDashboard.job.resources.requests` | The requested resources for the job Grafana Dashboard container | `{}` | @@ -682,7 +698,7 @@ The `helm delete` command removes all the Kubernetes components associated with | `tests.nodeSelector` | Node labels for Test Pod assignment. If set to, it takes priority over the `nodeSelector` | `{}` | | `tests.tolerations` | Tolerations for Test Pod assignment. If set to, it takes priority over the `tolerations` | `[]` | | `tests.image.repository` | Test container image name | `onlyoffice/docs-utils` | -| `tests.image.tag` | Test container image tag | `8.2.0-1` | +| `tests.image.tag` | Test container image tag | `8.2.1-1` | | `tests.image.pullPolicy` | Test container image pull policy | `IfNotPresent` | | `tests.containerSecurityContext.enabled` | Enable security context for the Test container | `false` | | `tests.resources.requests` | The requested resources for the test container | `{}` | diff --git a/sources/scripts/test_ds.py b/sources/scripts/test_ds.py index 7e0e2d8d3..b6d9b2690 100755 --- a/sources/scripts/test_ds.py +++ b/sources/scripts/test_ds.py @@ -11,6 +11,7 @@ redisPort = os.environ.get('REDIS_SERVER_PORT') redisUser = os.environ.get('REDIS_SERVER_USER') redisPassword = os.environ.get('REDIS_SERVER_PWD') +redisSentinelPassword = os.environ.get('REDIS_SENTINEL_PWD') redisDBNum = os.environ.get('REDIS_SERVER_DB_NUM') redisConnectTimeout = 15 if os.environ.get('REDIS_CLUSTER_NODES'): @@ -102,7 +103,7 @@ def get_redis_sentinel_status(): from redis import Sentinel global rc try: - sentinel = Sentinel([(redisHost, redisPort)], socket_timeout=redisConnectTimeout) + sentinel = Sentinel([(redisHost, redisPort)], socket_timeout=redisConnectTimeout, sentinel_kwargs={'password': redisSentinelPassword}) master_host, master_port = sentinel.discover_master(redisSentinelGroupName) rc = redis.Redis( host=master_host, diff --git a/sources/shutdown-ds.yaml b/sources/shutdown-ds.yaml index 2b48ac188..c736bf716 100644 --- a/sources/shutdown-ds.yaml +++ b/sources/shutdown-ds.yaml @@ -13,7 +13,7 @@ spec: defaultMode: 0755 containers: - name: shutdown-ds - image: onlyoffice/docs-utils:8.2.0-1 + image: onlyoffice/docs-utils:8.2.1-1 command: ["/bin/sh", "-c"] args: ["/scripts/stop.sh"] volumeMounts: diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index c27d95720..6cc04c839 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -106,6 +106,39 @@ Return Redis password {{- end }} {{- end -}} +{{/* +Get the Redis Sentinel password secret +*/}} +{{- define "ds.redis.sentinel.secretName" -}} +{{- if or .Values.connections.redisSentinelPassword .Values.connections.redisSentinelNoPass -}} + {{- printf "%s-redis-sentinel" .Release.Name -}} +{{- else if .Values.connections.redisSentinelExistingSecret -}} + {{- printf "%s" (tpl .Values.connections.redisSentinelExistingSecret $) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for Redis Sentinel +*/}} +{{- define "ds.redis.sentinel.createSecret" -}} +{{- if or .Values.connections.redisSentinelPassword .Values.connections.redisSentinelNoPass (not .Values.connections.redisSentinelExistingSecret) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return Redis Sentinel password +*/}} +{{- define "ds.redis.sentinel.password" -}} +{{- if not (empty .Values.connections.redisSentinelPassword) }} + {{- .Values.connections.redisSentinelPassword }} +{{- else if .Values.connections.redisSentinelNoPass }} + {{- printf "" }} +{{- else }} + {{- required "A Redis Sentinel Password is required!" .Values.connections.redisSentinelPassword }} +{{- end }} +{{- end -}} + {{/* Get the info auth password secret */}} diff --git a/templates/deployments/converter.yaml b/templates/deployments/converter.yaml index 2b1a27594..d44cf3d20 100644 --- a/templates/deployments/converter.yaml +++ b/templates/deployments/converter.yaml @@ -111,6 +111,9 @@ spec: configMap: name: {{ .Values.extraThemes.configMap }} {{- end }} + {{- with .Values.converter.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} terminationGracePeriodSeconds: {{ .Values.converter.terminationGracePeriodSeconds }} {{- with .Values.converter.initContainers }} initContainers: @@ -143,6 +146,16 @@ spec: secretKeyRef: name: {{ template "ds.redis.secretName" . }} key: {{ .Values.connections.redisSecretKeyName }} + {{- if eq .Values.connections.redisConnectorName "ioredis" }} + - name: REDIS_SENTINEL_PWD + valueFrom: + secretKeyRef: + name: {{ template "ds.redis.sentinel.secretName" . }} + key: {{ .Values.connections.redisSentinelSecretKeyName }} + {{- end }} + {{- with .Values.converter.extraEnvVars }} + {{- toYaml . | nindent 10 }} + {{- end }} envFrom: - secretRef: name: {{ template "ds.jwt.secretName" . }} @@ -168,3 +181,6 @@ spec: mountPath: /var/www/{{ .Values.product.name }}/documentserver/web-apps/apps/common/main/resources/themes/{{ .Values.extraThemes.filename }} subPath: {{ .Values.extraThemes.filename }} {{- end }} + {{- with .Values.converter.extraVolumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} diff --git a/templates/deployments/docservice.yaml b/templates/deployments/docservice.yaml index ba8121a0d..933cd982d 100644 --- a/templates/deployments/docservice.yaml +++ b/templates/deployments/docservice.yaml @@ -123,6 +123,9 @@ spec: configMap: name: ds-welcome-page {{- end }} + {{- with .Values.docservice.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} terminationGracePeriodSeconds: {{ .Values.docservice.terminationGracePeriodSeconds }} {{- with .Values.docservice.initContainers }} initContainers: @@ -150,8 +153,12 @@ spec: livenessProbe: {{- omit .Values.proxy.livenessProbe "enabled" | toYaml | nindent 12 }} {{- end }} resources: {{ toYaml .Values.proxy.resources | nindent 12 }} - {{- if or .Values.proxy.infoAllowedIP .Values.proxy.infoAllowedUser }} + {{- if or .Values.proxy.infoAllowedIP .Values.proxy.infoAllowedUser .Values.proxy.extraEnvVars .Values.proxy.logFormat }} env: + {{- if .Values.proxy.logFormat }} + - name: NGINX_LOG_FORMAT + value: {{ join "' '" .Values.proxy.logFormat }} + {{- end }} {{- if .Values.proxy.infoAllowedIP }} - name: INFO_ALLOWED_IP value: {{ join " " .Values.proxy.infoAllowedIP }} @@ -165,6 +172,9 @@ spec: name: {{ template "ds.info.secretName" . }} key: {{ .Values.proxy.infoAllowedSecretKeyName }} {{- end }} + {{- with .Values.proxy.extraEnvVars }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- end }} envFrom: - configMapRef: @@ -184,6 +194,9 @@ spec: mountPath: /etc/nginx/includes/ds-example.conf subPath: ds-example.conf {{- end }} + {{- with .Values.proxy.extraVolumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} - name: docservice image: {{ .Values.docservice.image.repository }}:{{ .Values.docservice.image.tag }} @@ -222,6 +235,16 @@ spec: secretKeyRef: name: {{ template "ds.redis.secretName" . }} key: {{ .Values.connections.redisSecretKeyName }} + {{- if eq .Values.connections.redisConnectorName "ioredis" }} + - name: REDIS_SENTINEL_PWD + valueFrom: + secretKeyRef: + name: {{ template "ds.redis.sentinel.secretName" . }} + key: {{ .Values.connections.redisSentinelSecretKeyName }} + {{- end }} + {{- with .Values.docservice.extraEnvVars }} + {{- toYaml . | nindent 10 }} + {{- end }} envFrom: - secretRef: name: {{ template "ds.jwt.secretName" . }} @@ -247,3 +270,6 @@ spec: mountPath: /var/www/{{ .Values.product.name }}/documentserver/web-apps/apps/common/main/resources/themes/{{ .Values.extraThemes.filename }} subPath: {{ .Values.extraThemes.filename }} {{- end }} + {{- with .Values.docservice.extraVolumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} diff --git a/templates/secrets/redis-sentinel-password.yaml b/templates/secrets/redis-sentinel-password.yaml new file mode 100644 index 000000000..f4a59d9ae --- /dev/null +++ b/templates/secrets/redis-sentinel-password.yaml @@ -0,0 +1,17 @@ +{{- if and (eq (include "ds.redis.sentinel.createSecret" .) "true") (eq .Values.connections.redisConnectorName "ioredis") }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-redis-sentinel + namespace: {{ include "ds.namespace" . | quote }} + {{- if .Values.commonLabels }} + labels: + {{- include "ds.labels.commonLabels" . | trim | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "ds.annotations.commonAnnotations" ( dict "keyName" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +stringData: + {{ .Values.connections.redisSentinelSecretKeyName }}: {{ include "ds.redis.sentinel.password" . | quote }} +{{- end }} diff --git a/templates/statefulset/example.yaml b/templates/statefulset/example.yaml index faf0fdef4..d26edc430 100644 --- a/templates/statefulset/example.yaml +++ b/templates/statefulset/example.yaml @@ -84,21 +84,37 @@ spec: - containerPort: {{ .Values.example.containerPorts.http }} name: http resources: {{ toYaml .Values.example.resources | nindent 10 }} + {{- if .Values.example.extraEnvVars }} + env: + {{- with .Values.example.extraEnvVars }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} envFrom: - secretRef: name: {{ template "ds.jwt.secretName" . }} - configMapRef: name: example - {{- if .Values.example.extraConf.configMap }} + {{- if or .Values.example.extraConf.configMap .Values.example.extraVolumeMounts }} volumeMounts: + {{- if .Values.example.extraConf.configMap }} - name: example-custom-file mountPath: /etc/{{ .Values.product.name }}/documentserver-example/{{ .Values.example.extraConf.filename }} subPath: {{ .Values.example.extraConf.filename }} + {{- end }} + {{- with .Values.example.extraVolumeMounts }} + {{- toYaml . | nindent 10 }} + {{- end }} {{- end }} - {{- if .Values.example.extraConf.configMap }} + {{- if or .Values.example.extraConf.configMap .Values.example.extraVolumes }} volumes: + {{- if .Values.example.extraConf.configMap }} - name: example-custom-file configMap: name: {{ .Values.example.extraConf.configMap }} + {{- end }} + {{- with .Values.example.extraVolumes }} + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- end }} diff --git a/templates/tests/test-ds-pod.yaml b/templates/tests/test-ds-pod.yaml index c0f266f06..3fddca3f7 100644 --- a/templates/tests/test-ds-pod.yaml +++ b/templates/tests/test-ds-pod.yaml @@ -71,6 +71,13 @@ spec: secretKeyRef: name: {{ template "ds.redis.secretName" . }} key: {{ .Values.connections.redisSecretKeyName }} + {{- if eq .Values.connections.redisConnectorName "ioredis" }} + - name: REDIS_SENTINEL_PWD + valueFrom: + secretKeyRef: + name: {{ template "ds.redis.sentinel.secretName" . }} + key: {{ .Values.connections.redisSentinelSecretKeyName }} + {{- end }} - name: STORAGE_S3 value: {{ .Values.persistence.storageS3 | quote }} envFrom: @@ -84,11 +91,7 @@ spec: - name: test-ds mountPath: /scripts/test_ds.py subPath: test_ds.py - {{- if .Values.webProxy.enabled }} - command: ['http_proxy={{ .Values.webProxy.http }}', 'https_proxy={{ .Values.webProxy.https }}', 'no_proxy={{ .Values.webProxy.noProxy }}', 'python', '/scripts/test_ds.py'] - {{- else }} command: ['python', '/scripts/test_ds.py'] - {{- end }} volumes: {{- if not .Values.persistence.storageS3 }} - name: ds-files diff --git a/values.yaml b/values.yaml index 1b3e2e0ea..76112a5b3 100644 --- a/values.yaml +++ b/values.yaml @@ -58,10 +58,7 @@ connections: ## - 10.244.0.79:6379 ## - 192.168.1.25:6379 redisClusterNodes: [] - ## connections.redisSentinelGroupName Name of a group of Redis instances composed of a master and one or more slaves - ## Used if `connections.redisConnectorName` is set to `ioredis` - redisSentinelGroupName: mymaster - ## connections.redisExistingSecret Name of existing secret to use for Redis passwords + ## connections.redisExistingSecret Name of existing secret to use for Redis password ## Must contain the key specified in `connections.redisSecretKeyName` ## The password from this secret overrides the value for the password set in the `options` object in `local.json` if you add custom configuration file redisExistingSecret: redis @@ -75,6 +72,23 @@ connections: ## connections.redisNoPass Defines whether to use a Redis auth without a password ## If the connection to Redis server does not require a password, set the value to `true` redisNoPass: false + ## connections.redisSentinelGroupName Name of a group of Redis instances composed of a master and one or more slaves + ## Used if `connections.redisConnectorName` is set to `ioredis` + redisSentinelGroupName: mymaster + ## connections.redisSentinelExistingSecret Name of existing secret to use for Redis Sentinel password + ## Must contain the key specified in `connections.redisSentinelSecretKeyName` + ## The password from this secret overrides the value for the password set in the `iooptions` object in `local.json` if you add custom configuration file + redisSentinelExistingSecret: "" + ## connections.redisSentinelSecretKeyName The name of the key that contains the Redis Sentinel user password + ## If you set a password in `redisSentinelPassword`, a secret will be automatically created, the key name of which will be the value set here + redisSentinelSecretKeyName: sentinel-password + ## connections.redisSentinelPassword The password set for the Redis Sentinel account + ## If set to, it takes priority over the `connections.redisSentinelExistingSecret` + ## The value in this parameter overrides the value set in the `iooptions` object in `local.json` if you add custom configuration file + redisSentinelPassword: "" + ## connections.redisSentinelNoPass Defines whether to use a Redis Sentinel auth without a password + ## If the connection to Redis Sentinel does not require a password, set the value to `true` + redisSentinelNoPass: true ## connections.amqpType Defines the AMQP server type ## Possible values are `rabbitmq` or `activemq` amqpType: rabbitmq @@ -482,6 +496,13 @@ docservice: ## - name: ds-files ## mountPath: /var/lib/onlyoffice/documentserver/App_Data/cache/files initContainers: [] + ## docservice.extraVolumes An array with extra volumes for the docservice Pod + ## Example: + ## extraVolumes: + ## - name: my-volume + ## configMap: + ## name: my-cm + extraVolumes: [] ## Parameters of the docservice container of the Docservice deployment ## image: @@ -490,7 +511,7 @@ docservice: ## https://github.com/ONLYOFFICE/Kubernetes-Docs#4-parameters repository: onlyoffice/docs-docservice-de ## docservice.image.tag docservice container image tag - tag: 8.2.0-1 + tag: 8.2.1-1 ## docservice.image.pullPolicy docservice container image pull policy pullPolicy: IfNotPresent ## Configure a Security Context for the Docservice container @@ -587,6 +608,19 @@ docservice: ## memory: "2Gi" ## cpu: "1000m" limits: {} + ## docservice.extraEnvVars An array with extra env variables for the Docservice container + ## Example: + ## extraEnvVars: + ## - name: my_env + ## value: "my_value" + extraEnvVars: [] + ## docservice.extraVolumeMounts An array with extra volume mounts for the Docservice container + ## Example: + ## extraVolumeMounts: + ## - name: my-volume + ## mountPath: /my_dir/my_cm.txt + ## subPath: my_cm.txt + extraVolumeMounts: [] ## Parameters of the proxy container of the Docservice deployment ## proxy: @@ -595,6 +629,14 @@ proxy: ## Example: ## accessLog: "main" accessLog: "off" + ## proxy.logFormat Defines the format of log entries using text and various variables + ## ref: https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format + ## Example: + ## logFormat: + ## - '$remote_addr - $remote_user [$time_local] "$request" ' + ## - '$status $body_bytes_sent "$http_referer" ' + ## - '"$http_user_agent" "$http_x_forwarded_for" $request_time' + logFormat: [] ## proxy.gzipProxied Defines the nginx config gzip_proxied directive ## ref: https://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_proxied gzipProxied: "off" @@ -639,7 +681,7 @@ proxy: ## https://github.com/ONLYOFFICE/Kubernetes-Docs#4-parameters repository: onlyoffice/docs-proxy-de ## proxy.image.tag proxy container image tag - tag: 8.2.0-1 + tag: 8.2.1-1 ## proxy.image.pullPolicy proxy container image pull policy pullPolicy: IfNotPresent ## Configure a Security Context for the Proxy container @@ -736,6 +778,19 @@ proxy: ## memory: "2Gi" ## cpu: "1000m" limits: {} + ## proxy.extraEnvVars An array with extra env variables for the Proxy container + ## Example: + ## extraEnvVars: + ## - name: my_env + ## value: "my_value" + extraEnvVars: [] + ## proxy.extraVolumeMounts An array with extra volume mounts for the Proxy container + ## Example: + ## extraVolumeMounts: + ## - name: my-volume + ## mountPath: /my_dir/my_cm.txt + ## subPath: my_cm.txt + extraVolumeMounts: [] ## Onlyoffice Docs Converter Deployment parameters ## This block defines the parameters common to all the Pods of this deployment @@ -876,6 +931,13 @@ converter: ## - name: ds-files ## mountPath: /var/lib/onlyoffice/documentserver/App_Data/cache/files initContainers: [] + ## converter.extraVolumes An array with extra volumes for the Converter Pod + ## Example: + ## extraVolumes: + ## - name: my-volume + ## configMap: + ## name: my-cm + extraVolumes: [] ## Converter container image parameters image: ## converter.image.repository converter container image repository @@ -883,7 +945,7 @@ converter: ## https://github.com/ONLYOFFICE/Kubernetes-Docs#4-parameters repository: onlyoffice/docs-converter-de ## converter.image.tag converter container image tag - tag: 8.2.0-1 + tag: 8.2.1-1 ## converter.image.pullPolicy converter container image pull policy pullPolicy: IfNotPresent ## Configure a Security Context for the Converter container @@ -928,6 +990,19 @@ converter: ## memory: "2Gi" ## cpu: "1000m" limits: {} + ## converter.extraEnvVars An array with extra env variables for the Converter container + ## Example: + ## extraEnvVars: + ## - name: my_env + ## value: "my_value" + extraEnvVars: [] + ## converter.extraVolumeMounts An array with extra volume mounts for the Converter container + ## Example: + ## extraVolumeMounts: + ## - name: my-volume + ## mountPath: /my_dir/my_cm.txt + ## subPath: my_cm.txt + extraVolumeMounts: [] ## Onlyoffice Docs Example StatefulSet parameters ## @@ -1017,12 +1092,19 @@ example: tolerations: [] ## example.terminationGracePeriodSeconds The time to terminate gracefully during which the Example Pod will have the `Terminating` status terminationGracePeriodSeconds: 30 + ## example.extraVolumes An array with extra volumes for the Example Pod + ## Example: + ## extraVolumes: + ## - name: my-volume + ## configMap: + ## name: my-cm + extraVolumes: [] ## Example container image parameters image: ## example.image.repository example container image name repository: onlyoffice/docs-example ## example.image.tag example container image tag - tag: 8.2.0-2 + tag: 8.2.1-1 ## example.image.pullPolicy example container image pull policy pullPolicy: IfNotPresent ## Configure a Security Context for the Example container @@ -1070,6 +1152,12 @@ example: ## memory: "128Mi" ## cpu: "250m" limits: {} + ## example.extraEnvVars An array with extra env variables for the Example container + ## Example: + ## extraEnvVars: + ## - name: my_env + ## value: "my_value" + extraEnvVars: [] ## Example config for overriding default values extraConf: ## example.extraConf.configMap The name of the ConfigMap containing the json file that override the default values @@ -1077,6 +1165,13 @@ example: ## example.extraConf.filename The name of the json file that contains custom values ## Must be the same as the `key` name in `example.extraConf.ConfigMap` filename: local.json + ## example.extraVolumeMounts An array with extra volume mounts for the Example container + ## Example: + ## extraVolumeMounts: + ## - name: my-volume + ## mountPath: /my_dir/my_cm.txt + ## subPath: my_cm.txt + extraVolumeMounts: [] ## Onlyoffice Docs ingress parameters ## @@ -1162,7 +1257,7 @@ install: ## install.job.image.repository Job by pre-install ONLYOFFICE Docs image repository repository: onlyoffice/docs-utils ## install.job.image.tag Job by pre-install ONLYOFFICE Docs image tag - tag: 8.2.0-1 + tag: 8.2.1-1 ## install.job.image.pullPolicy Job by pre-install ONLYOFFICE Docs image pull policy pullPolicy: IfNotPresent ## Configure a Security Context for the pre-install container @@ -1243,7 +1338,7 @@ upgrade: ## upgrade.job.image.repository Job by upgrade image repository repository: onlyoffice/docs-utils ## upgrade.job.image.tag Job by upgrade image tag - tag: 8.2.0-1 + tag: 8.2.1-1 ## upgrade.job.image.pullPolicy Job by upgrade image pull policy pullPolicy: IfNotPresent ## Configure a Security Context for the pre-upgrade container @@ -1332,7 +1427,7 @@ rollback: ## rollback.job.image.repository Job by rollback image repository repository: onlyoffice/docs-utils ## rollback.job.image.tag Job by rollback image tag - tag: 8.2.0-1 + tag: 8.2.1-1 ## rollback.job.image.pullPolicy Job by rollback image pull policy pullPolicy: IfNotPresent ## Configure a Security Context for the pre-rollback container @@ -1421,7 +1516,7 @@ delete: ## delete.job.image.repository Job by delete image repository repository: onlyoffice/docs-utils ## delete.job.image.tag Job by delete image tag - tag: 8.2.0-1 + tag: 8.2.1-1 ## delete.job.image.pullPolicy Job by delete image pull policy pullPolicy: IfNotPresent ## Configure a Security Context for the pre-delete container @@ -1502,7 +1597,7 @@ clearCache: ## clearCache.job.image.repository Job by Clear Cache ONLYOFFICE Docs image repository repository: onlyoffice/docs-utils ## clearCache.job.image.tag Job by Clear Cache ONLYOFFICE Docs image tag - tag: 8.2.0-1 + tag: 8.2.1-1 ## clearCache.job.image.pullPolicy Job by Clear Cache ONLYOFFICE Docs image pull policy pullPolicy: IfNotPresent ## Configure a Security Context for the Clear Cache container @@ -1576,7 +1671,7 @@ grafanaDashboard: ## grafanaDashboard.job.image.repository Job by Grafana Dashboard ONLYOFFICE Docs image repository repository: onlyoffice/docs-utils ## grafanaDashboard.job.image.tag Job by Grafana Dashboard ONLYOFFICE Docs image tag - tag: 8.2.0-1 + tag: 8.2.1-1 ## grafanaDashboard.job.image.pullPolicy Job by Grafana Dashboard ONLYOFFICE Docs image pull policy pullPolicy: IfNotPresent ## Configure a Security Context for the Grafana Dashboard container @@ -1642,7 +1737,7 @@ tests: ## tests.image.repository test container image name repository: onlyoffice/docs-utils ## tests.image.tag test container image tag - tag: 8.2.0-1 + tag: 8.2.1-1 ## tests.image.pullPolicy test container image pull policy pullPolicy: IfNotPresent ## Configure a Security Context for the Test container