From 0146ba39a7f9dda764c4a03b7160b45d2ef1e475 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Wed, 8 Sep 2021 13:20:37 +0500 Subject: [PATCH 01/23] Add initial collabora app --- test/collabora/1.0.0/.helmignore | 23 +++ test/collabora/1.0.0/Chart.yaml | 18 ++ test/collabora/1.0.0/README.md | 8 + test/collabora/1.0.0/app-readme.md | 4 + .../1.0.0/charts/common-2105.0.0.tgz | Bin 0 -> 4288 bytes test/collabora/1.0.0/ix_values.yaml | 5 + test/collabora/1.0.0/questions.yaml | 155 ++++++++++++++++++ test/collabora/1.0.0/requirements.lock | 6 + .../collabora/1.0.0/templates/deployment.yaml | 40 +++++ test/collabora/1.0.0/test_values.yaml | 13 ++ test/collabora/item.yaml | 5 + test/collabora/upgrade_info.json | 1 + test/collabora/upgrade_strategy | 25 +++ 13 files changed, 303 insertions(+) create mode 100644 test/collabora/1.0.0/.helmignore create mode 100644 test/collabora/1.0.0/Chart.yaml create mode 100755 test/collabora/1.0.0/README.md create mode 100644 test/collabora/1.0.0/app-readme.md create mode 100644 test/collabora/1.0.0/charts/common-2105.0.0.tgz create mode 100644 test/collabora/1.0.0/ix_values.yaml create mode 100644 test/collabora/1.0.0/questions.yaml create mode 100644 test/collabora/1.0.0/requirements.lock create mode 100644 test/collabora/1.0.0/templates/deployment.yaml create mode 100644 test/collabora/1.0.0/test_values.yaml create mode 100644 test/collabora/item.yaml create mode 100644 test/collabora/upgrade_info.json create mode 100755 test/collabora/upgrade_strategy diff --git a/test/collabora/1.0.0/.helmignore b/test/collabora/1.0.0/.helmignore new file mode 100644 index 0000000000..a9fe727881 --- /dev/null +++ b/test/collabora/1.0.0/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# OWNERS file for Kubernetes +OWNERS \ No newline at end of file diff --git a/test/collabora/1.0.0/Chart.yaml b/test/collabora/1.0.0/Chart.yaml new file mode 100644 index 0000000000..6a30daa2c3 --- /dev/null +++ b/test/collabora/1.0.0/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +appVersion: 6.4.10.10 +dependencies: +- name: common + repository: file://../../../library/common/2105.0.0 + version: 2105.0.0 +description: Global, Versioned, peer-to-peer filesystem. +home: https://www.chia.net/ +icon: https://www.chia.net/img/chia_logo.svg +keywords: +- office +- documents +- productivity +name: collabora +sources: +- https://github.com/CollaboraOnline/online.git +- https://hub.docker.com/r/collabora/code +version: 1.0.0 diff --git a/test/collabora/1.0.0/README.md b/test/collabora/1.0.0/README.md new file mode 100755 index 0000000000..d93ffcf19f --- /dev/null +++ b/test/collabora/1.0.0/README.md @@ -0,0 +1,8 @@ +Chia Network +===== + +[CHIA](https://www.chia.net/) is a new blockchain and smart transaction platform that is easier to use, more efficient, and secure. +Introduction +------------ + +This chart bootstraps CHIA deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. diff --git a/test/collabora/1.0.0/app-readme.md b/test/collabora/1.0.0/app-readme.md new file mode 100644 index 0000000000..18679e8cdf --- /dev/null +++ b/test/collabora/1.0.0/app-readme.md @@ -0,0 +1,4 @@ +Collabora +===== + +[CHIA](https://www.chia.net/) is a new blockchain and smart transaction platform that is easier to use, more efficient, and secure. diff --git a/test/collabora/1.0.0/charts/common-2105.0.0.tgz b/test/collabora/1.0.0/charts/common-2105.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ef6f820efb63f7b71b04a313be6b82dee84585b7 GIT binary patch literal 4288 zcmV;x5I^r9iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$Z`-(*{j6VcR_)-%-HH5&lPm%Zu-PPcCTJ%Onr!bKEEWMR z(KZ{IR7uLIx0C(t7ko*SEI-mTZaXzUv=&7k9+Ky!a}Jr9O(u-CPsWJLXoe=~voBvd zolfVV-`D?lI-UCeonEK&tlRJGclrm1{ocW|PPf-T=stta6W}seav>3a)_L?;^~rrF z1!d$N=7KPK1k+xCvaEdU1_>51Cz;gG$B>c%M|=jcq81o34&_J%1CC9 z7745Pzkk@R@&7@;zvcgpluw`9FM|_J1Yma_?A8Y_+xPdur%$_(;31(HLPIQ3l|n+; zy}u7Ca-=l}iQmj5?WH2+_Zi2z3eS`1(TNC1LC zn&XTUYP3B{Q^(W52Jdk!1;{ayfH;PjVq&+%M&cEo6{Ccz$yGial8*)jfVm-l zfgQabLkNGG?*23ltFJAnsD#wA0~UhAfSktHvrJ>`x+qHt{!~kY@>D{&TCO$=)CxYn z>^A$&vAS&1|tnt%i7ECHbz zTjW{BxWow%>R4KT0fdV-w?=htS5AF3>q z|JHT#=m5Yf`M! ztotxBCgJ)%yV7+ZnT(a=B3}WtvpkD#^8w}*ODrP7+C{>F`V5}y(qNc2LYW|nMmX6W z%&M_Q=Lo6xH*)sMBLApWom+z4M*LO;Q(fevu`i)QA{sC2&&_l%N-(Nv5k86D+3*Se zC^@>SVQgAkZ;YFc_V}1?QA01=sR*=)Blt;#W%uY7&%7t?9)dE;Qv0>_Vk{}k46g+76();!Z1(M8GOi5N`^#fge=pm9tHovW_r54RFhOYAYg!FlnV@kO)$JF zq_^3tA;D>40(B{w5Q!6z4CI&y*cr_9KAv7&skVfUKx8;>MZx(HtWY;VVn!t*RM^Zu zT}LF`ku-$?hFmB-1t5*Q#dbMalo9vOAq}PA?fyGJ1r69H3*RrHkwPEXaA<`J*CxUe z$70zGkV+0x6~3BtG+nBS$r$Z?jU7(@8)A%r*KTGZxG=@d)MCkmxnww>i>#v$>% z7##es{uR?|N}6lnsQG4#cxy?^2XdLW#1`mokv_Pyj@8+E;M&)n3Kd64eJgxfXp*6{ zgU2!sKug=)2_TGW!-fd~+Ian@wRtUgmTuE(u4CanpIIc6Kr=f(9vG z?DQ>YB=Y*bv)w$|hUwJR>d*dClGVh%h{t$>)Ym*oki@U>tV|LsGQxalVLZn1t!uTNP>PcQLMlzjHRZ!ZFA4NpTT+2qWq3!z(;<*zI~5n?8otg7Z?>3!F`oTLI}U z9-10h0IEcw3Q(0>JX_R3>6W@@%;|)uS}Wb|GnZz*p>YT;2s<~0L>7|&;`sM+`WMYP z%#T|`r|;*NuMq=}4XpdE#){4eXzINX(^Y(58Klgy>@2s)R_=r10yx1_40^L6W^_nKIoH`;+9gpC#5%H913A$!HY;yA&X^#Q@mUC=M57SGEKk!* zmXf%zyEJx35PBys%6@Qvf8@Q8Xax87q3Ls3fT|qZC`b4%^V?SPKgWXQ{88rsSMmSe z{z3iwuY0)V|BaL?|NnaV-*Dn{|2q6W%JNE|rA+S|J@t-?fgHK%JboR}u!nYQC(Y*i z&K>8edzHT%mfUD*IH#g*we^#^T6u!mg1a(;S&NF2NUDLz`qGt9N2EKY%eiIiDCV95=M-jgBG`G`aSnj(_wunwU>KAx0s z7e~noN{SS)8ymrS0=Hn)cr#J70PAN)-Q-WuhT{O|6~-T%11 z_5W<9m^@p>_d3LmK=VBt!Y!Veta2-}mC#2z7m+ZE_-yg*kWI2?xwIPUyxyI9UZa&v zt@$^lpz@^Aga|?CNL4HNdLp$12*>fRyN?3?P#?$LNfSW}j8beI>lc{hLLO(CV(7}7 zXer-2G357f_49y+O<>0!K)n+c z8juY1dg)ohKoJC+k_0EqlWe~>VQMEk6jV>WkH#KZQ}8wprQGx;gx; zNm|_fIZ@bMA~`lM6s)4kT>w^~Bl1C6Zy(BjmAB3D)kU=pXD>7jjhQf*=!@mtiZ1?~ zTuf_X!?d-)jwvoIT|j1aTJqB{7m!~QMU@1#aN|u+#!d4{CTFLF!;9jlT{hF$RUW~o z%9Ww!7>L`Y;-*zYFOjQ1GsqOz;yJ3}_(M)OP9QAynKB6i%dpblzm~4JsI>Vu&qrnm zk&ljA>|Q=<95ihjBS8`goA+HC<;9exrwYc=FJNH#jrE#%6+XHJkrY)0;9|Mw=3tqH zThGI9cDet~*@XPlfC)>S8t(>Ne4c)d16IFcsqd7WT8!5VhdH!Snl^Fw7m?}~qvp)o zr9viJJD;|;2!#Z<%b_H*q@S@Ug*L6orl(jRQ}NJ6YS8-YFWT2Ohkm%S-2NvYEvG!` z{g3sToB|Kz#feUO2O$ zn%}1kB~SY~X_p9h^S{DyLFdxasQPmq z#!CL*+pququfxvv{+ErE=WvOn#GGnJpP>M_8)FKCoTLe%BgjyEi$+*P!E?}ufyqT9bo4WDoFYl4*vOHx9?>Lt4it|JKksB556MTIn7{P!Z>5!;wXqtuWqg+<2ZN@_O`NjCs&XVE`n%8WLy7h&<~=)|M9l|*Hw&1ZS{|P z6jRzR0S!=mn`ba2`nX>t?y}%zG(fk(%ScYtZ^p?ec=`Xqb9je1VYz_w(=!o78E5Zt zEQ5$77`07v&fW*nRKzU7?Qfj*b+P>a_U!od_p@k{JjEC*<3F7_{_kwh|7@l_hu8Lx z`kgHMqkgJRHwc24FaL4;_Tv2F*CV+8?feQ(emj194d+*I@#Y$SKRdp-hU+)*UuSTB zadmzC`t{iLeK?c#2b&0mXL?tz3tj^ajmsNy{k& iFxMjT=zEZJ+p;a&vMt+EE&mDt0RR8cdYzpBdH?`mlXJfS literal 0 HcmV?d00001 diff --git a/test/collabora/1.0.0/ix_values.yaml b/test/collabora/1.0.0/ix_values.yaml new file mode 100644 index 0000000000..5120e01acf --- /dev/null +++ b/test/collabora/1.0.0/ix_values.yaml @@ -0,0 +1,5 @@ +image: + pullPolicy: IfNotPresent + repository: collabora/code + tag: 6.4.10.10 +updateStrategy: Recreate diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml new file mode 100644 index 0000000000..d2e2e71a7b --- /dev/null +++ b/test/collabora/1.0.0/questions.yaml @@ -0,0 +1,155 @@ +groups: + - name: "Storage" + description: "Configure Storage for Chia" + - name: "Farmr.net Configuration" + description: "Configure farmr.net support" + - name: "Chia Environment Variables" + description: "Set the environment that will be visible to the container" + +portals: + web_portal: + protocols: + - "https" + host: + - "www.truepool.io" + ports: + - "443" + path: "/kb/truepool-docker-image/" + +questions: + - variable: farmr_env + label: "Enable 'farmr.net' support" + group: "Farmr.net Configuration" + description: "Configure 'farmr.net' support for chia" + schema: + type: string + default: "off" + enum: + - value: "off" + description: "OFF" + - value: "farmer" + description: "FARMER" + - value: "harvester" + description: "HARVESTER" + - variable: appVolumeMounts + label: "Chia Storage" + group: "Storage" + schema: + type: dict + attrs: + - variable: config + label: "Configuration Volume" + schema: + type: dict + attrs: + - variable: datasetName + label: "Configuration Volume Dataset Name" + schema: + type: string + hidden: true + $ref: + - "normalize/ixVolume" + show_if: [["hostPathEnabled", "=", false]] + default: "config" + editable: false + - variable: mountPath + label: "Configuration Mount Path" + description: "Path where the volume will be mounted inside the pod" + schema: + type: path + hidden: true + editable: true + default: "/data" + - variable: hostPathEnabled + label: "Enable Custom Host Path for Chia Configuration Volume" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostPath + label: "Host Path for Chia Configuration Volume" + schema: + type: hostpath + required: true + - variable: plots + label: "Plot Volume" + schema: + type: dict + attrs: + - variable: datasetName + label: "Plots Volume Name" + schema: + type: string + hidden: true + $ref: + - "normalize/ixVolume" + show_if: [["hostPathEnabled", "=", false]] + default: "plots" + editable: false + - variable: mountPath + label: "Plots Mount Path" + description: "Path where the volume will be mounted inside the pod" + schema: + type: path + hidden: true + editable: false + default: "/plots" + - variable: hostPathEnabled + label: "Enable Custom Host Path for Chia Plots Volume" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostPath + label: "Host Path for Chia Plots Volume" + schema: + type: hostpath + required: true + + - variable: extraAppVolumeMounts + label: "Chia Extra Host Path Volumes" + group: "Storage" + schema: + type: list + items: + - variable: extraAppVolume + label: "Chia Host Path Volume" + description: "Add an extra host path volume for chia application" + schema: + type: dict + attrs: + - variable: mountPath + label: "Mount Path in Pod" + description: "Path where the volume will be mounted inside the pod" + schema: + type: path + required: true + - variable: hostPath + label: "Host Path" + description: "Host path" + schema: + type: hostpath + required: true + + - variable: environmentVariables + label: "Environment Variables for Chia" + group: "Chia Environment Variables" + schema: + type: list + default: [] + items: + - variable: environmentVariable + label: "Environment Variable" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string diff --git a/test/collabora/1.0.0/requirements.lock b/test/collabora/1.0.0/requirements.lock new file mode 100644 index 0000000000..eba13d88bf --- /dev/null +++ b/test/collabora/1.0.0/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../library/common/2105.0.0 + version: 2105.0.0 +digest: sha256:11522ab36487826700d7ad0f86f713a4bb5d35248014bcef690fe94acbc09ef6 +generated: "2021-05-17T18:26:46.201544+05:00" diff --git a/test/collabora/1.0.0/templates/deployment.yaml b/test/collabora/1.0.0/templates/deployment.yaml new file mode 100644 index 0000000000..83eb2a02c6 --- /dev/null +++ b/test/collabora/1.0.0/templates/deployment.yaml @@ -0,0 +1,40 @@ +apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "common.names.fullname" . }} + labels: {{ include "common.labels" . | nindent 4 }} +spec: + strategy: + type: {{ .Values.updateStrategy }} + selector: + matchLabels: {{ include "common.labels.selectorLabels" . | nindent 6 }} + template: + metadata: + name: {{ template "common.names.fullname" . }} + labels: {{ include "common.labels.selectorLabels" . | nindent 8 }} + spec: + # FIXME: Let's please remove hostnetwork when upstream hostport issue is sorted out with kube-router + hostNetwork: true + containers: + - name: {{ .Chart.Name }} + {{ include "common.containers.imageConfig" .Values.image | nindent 10 }} + volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }} + {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} + - name: extrappvolume-{{ $index }} + mountPath: {{ $hostPathConfiguration.mountPath }} + {{ end }} + ports: + - name: chia-network + protocol: TCP + containerPort: 8444 + hostPort: 8444 + {{ $envList := (default list .Values.environmentVariables) }} + {{ $envList = mustAppend $envList (dict "name" "keys" "value" "/plots/keyfile") }} + {{ $envList = mustAppend $envList (dict "name" "farmr" "value" $.Values.farmr_env) }} + {{ include "common.containers.allEnvironmentVariables" (dict "environmentVariables" $envList) | nindent 10 }} + volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} + {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} + - name: extrappvolume-{{ $index }} + hostPath: + path: {{ $hostPathConfiguration.hostPath }} + {{ end }} diff --git a/test/collabora/1.0.0/test_values.yaml b/test/collabora/1.0.0/test_values.yaml new file mode 100644 index 0000000000..f31037979d --- /dev/null +++ b/test/collabora/1.0.0/test_values.yaml @@ -0,0 +1,13 @@ +appVolumeMounts: + data: + emptyDir: true + mountPath: /data + staging: + emptyDir: true + mountPath: /plots +image: + pullPolicy: IfNotPresent + repository: collabora/code + tag: 6.4.10.10 +updateStrategy: Recreate + diff --git a/test/collabora/item.yaml b/test/collabora/item.yaml new file mode 100644 index 0000000000..1e6ded9124 --- /dev/null +++ b/test/collabora/item.yaml @@ -0,0 +1,5 @@ +categories: + - office + - documents + - productivity +icon_url: https://avatars.githubusercontent.com/u/22418908?s=200&v=4 diff --git a/test/collabora/upgrade_info.json b/test/collabora/upgrade_info.json new file mode 100644 index 0000000000..f22ddd1aee --- /dev/null +++ b/test/collabora/upgrade_info.json @@ -0,0 +1 @@ +{"filename": "ix_values.yaml", "keys": ["image"], "test_filename": "test_values.yaml"} diff --git a/test/collabora/upgrade_strategy b/test/collabora/upgrade_strategy new file mode 100755 index 0000000000..6b95867d8d --- /dev/null +++ b/test/collabora/upgrade_strategy @@ -0,0 +1,25 @@ +#!/usr/bin/python3 +import json +import sys + +from catalog_update.upgrade_strategy import semantic_versioning + + +def newer_mapping(image_tags): + key = list(image_tags.keys())[0] + tags = {t.strip('v').replace('_', '.'): t for t in image_tags[key]} + version = semantic_versioning(image_tags[key]) + if not version: + return {} + + return { + 'tags': {key: tags[version]}, + 'app_version': tags[version], + } + + +if __name__ == '__main__': + if len(sys.argv) != 2: + exit(1) + + print(json.dumps(newer_mapping(json.loads(sys.argv[1])))) From b5fc3c19fc85757b9d624c378efda7693caab23e Mon Sep 17 00:00:00 2001 From: sonicaj Date: Wed, 8 Sep 2021 13:22:40 +0500 Subject: [PATCH 02/23] Update app readme for collabora --- test/collabora/1.0.0/README.md | 6 +++--- test/collabora/1.0.0/app-readme.md | 9 +++++++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/test/collabora/1.0.0/README.md b/test/collabora/1.0.0/README.md index d93ffcf19f..a6ad088691 100755 --- a/test/collabora/1.0.0/README.md +++ b/test/collabora/1.0.0/README.md @@ -1,8 +1,8 @@ -Chia Network +Collabora Online Development Edition ===== -[CHIA](https://www.chia.net/) is a new blockchain and smart transaction platform that is easier to use, more efficient, and secure. +Collabora Online Development Edition - An awesome, Online Office suite image suitable for home use! Introduction ------------ -This chart bootstraps CHIA deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. +This chart bootstraps Collabora deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. diff --git a/test/collabora/1.0.0/app-readme.md b/test/collabora/1.0.0/app-readme.md index 18679e8cdf..2f0776c3c1 100644 --- a/test/collabora/1.0.0/app-readme.md +++ b/test/collabora/1.0.0/app-readme.md @@ -1,4 +1,9 @@ -Collabora +Collabora Online Development Edition ===== -[CHIA](https://www.chia.net/) is a new blockchain and smart transaction platform that is easier to use, more efficient, and secure. +An awesome, Online Office suite image suitable for home use. +With the Collabora Online Development Edition (CODE) Docker Image you can host +your own online Office Suite at home! This Docker image is aimed at home users +and contains the latest and greatest developments. Simply integrate it in your +preferred File Sync and Share (FSS), to easily get your own online Office +Suite up and running! From b3a2ea30f8804980e2ad4843f6816d4e724ca552 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Fri, 10 Sep 2021 18:54:53 +0500 Subject: [PATCH 03/23] Allow configuring extra storage mounts for collabora --- test/collabora/1.0.0/questions.yaml | 2 +- test/collabora/1.0.0/templates/deployment.yaml | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml index d2e2e71a7b..9e118e0e7a 100644 --- a/test/collabora/1.0.0/questions.yaml +++ b/test/collabora/1.0.0/questions.yaml @@ -13,7 +13,7 @@ portals: host: - "www.truepool.io" ports: - - "443" + - "9980" path: "/kb/truepool-docker-image/" questions: diff --git a/test/collabora/1.0.0/templates/deployment.yaml b/test/collabora/1.0.0/templates/deployment.yaml index 83eb2a02c6..afd80414f2 100644 --- a/test/collabora/1.0.0/templates/deployment.yaml +++ b/test/collabora/1.0.0/templates/deployment.yaml @@ -13,28 +13,29 @@ spec: name: {{ template "common.names.fullname" . }} labels: {{ include "common.labels.selectorLabels" . | nindent 8 }} spec: - # FIXME: Let's please remove hostnetwork when upstream hostport issue is sorted out with kube-router - hostNetwork: true containers: - name: {{ .Chart.Name }} {{ include "common.containers.imageConfig" .Values.image | nindent 10 }} - volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }} + {{ if .Values.extraAppVolumeMounts }} + volumeMounts: {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} - name: extrappvolume-{{ $index }} mountPath: {{ $hostPathConfiguration.mountPath }} {{ end }} + {{ end }} ports: - name: chia-network protocol: TCP - containerPort: 8444 - hostPort: 8444 + containerPort: 9980 {{ $envList := (default list .Values.environmentVariables) }} {{ $envList = mustAppend $envList (dict "name" "keys" "value" "/plots/keyfile") }} {{ $envList = mustAppend $envList (dict "name" "farmr" "value" $.Values.farmr_env) }} {{ include "common.containers.allEnvironmentVariables" (dict "environmentVariables" $envList) | nindent 10 }} - volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} + {{ if .Values.extraAppVolumeMounts }} + volumes: {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} - name: extrappvolume-{{ $index }} hostPath: path: {{ $hostPathConfiguration.hostPath }} {{ end }} + {{ end }} From 9a884604e0ca1925c99f411cabd4ae0f989fa2e9 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Fri, 10 Sep 2021 18:58:42 +0500 Subject: [PATCH 04/23] Clean questions.yaml allowing configuring env variables/storage for collabora --- test/collabora/1.0.0/questions.yaml | 113 ++---------------- .../collabora/1.0.0/templates/deployment.yaml | 2 +- 2 files changed, 11 insertions(+), 104 deletions(-) diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml index 9e118e0e7a..ee37b82e23 100644 --- a/test/collabora/1.0.0/questions.yaml +++ b/test/collabora/1.0.0/questions.yaml @@ -1,122 +1,29 @@ groups: - name: "Storage" - description: "Configure Storage for Chia" - - name: "Farmr.net Configuration" - description: "Configure farmr.net support" - - name: "Chia Environment Variables" + description: "Configure Storage for Collabora" + - name: "Collabora Environment Variables" description: "Set the environment that will be visible to the container" portals: web_portal: protocols: - - "https" + - "http" host: - - "www.truepool.io" + - "$node_ip" ports: - "9980" - path: "/kb/truepool-docker-image/" + path: "/loleaflet/dist/admin/admin.html" questions: - - variable: farmr_env - label: "Enable 'farmr.net' support" - group: "Farmr.net Configuration" - description: "Configure 'farmr.net' support for chia" - schema: - type: string - default: "off" - enum: - - value: "off" - description: "OFF" - - value: "farmer" - description: "FARMER" - - value: "harvester" - description: "HARVESTER" - - variable: appVolumeMounts - label: "Chia Storage" - group: "Storage" - schema: - type: dict - attrs: - - variable: config - label: "Configuration Volume" - schema: - type: dict - attrs: - - variable: datasetName - label: "Configuration Volume Dataset Name" - schema: - type: string - hidden: true - $ref: - - "normalize/ixVolume" - show_if: [["hostPathEnabled", "=", false]] - default: "config" - editable: false - - variable: mountPath - label: "Configuration Mount Path" - description: "Path where the volume will be mounted inside the pod" - schema: - type: path - hidden: true - editable: true - default: "/data" - - variable: hostPathEnabled - label: "Enable Custom Host Path for Chia Configuration Volume" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: hostPath - label: "Host Path for Chia Configuration Volume" - schema: - type: hostpath - required: true - - variable: plots - label: "Plot Volume" - schema: - type: dict - attrs: - - variable: datasetName - label: "Plots Volume Name" - schema: - type: string - hidden: true - $ref: - - "normalize/ixVolume" - show_if: [["hostPathEnabled", "=", false]] - default: "plots" - editable: false - - variable: mountPath - label: "Plots Mount Path" - description: "Path where the volume will be mounted inside the pod" - schema: - type: path - hidden: true - editable: false - default: "/plots" - - variable: hostPathEnabled - label: "Enable Custom Host Path for Chia Plots Volume" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: hostPath - label: "Host Path for Chia Plots Volume" - schema: - type: hostpath - required: true - - variable: extraAppVolumeMounts - label: "Chia Extra Host Path Volumes" + label: "Collabora Extra Host Path Volumes" group: "Storage" schema: type: list items: - variable: extraAppVolume - label: "Chia Host Path Volume" - description: "Add an extra host path volume for chia application" + label: "Collabora Host Path Volume" + description: "Add an extra host path volume for Collabora application" schema: type: dict attrs: @@ -134,8 +41,8 @@ questions: required: true - variable: environmentVariables - label: "Environment Variables for Chia" - group: "Chia Environment Variables" + label: "Environment Variables for Collabora" + group: "Collabora Environment Variables" schema: type: list default: [] diff --git a/test/collabora/1.0.0/templates/deployment.yaml b/test/collabora/1.0.0/templates/deployment.yaml index afd80414f2..76aba05b07 100644 --- a/test/collabora/1.0.0/templates/deployment.yaml +++ b/test/collabora/1.0.0/templates/deployment.yaml @@ -24,7 +24,7 @@ spec: {{ end }} {{ end }} ports: - - name: chia-network + - name: collabora protocol: TCP containerPort: 9980 {{ $envList := (default list .Values.environmentVariables) }} From a10c6e92fd76a314586bdbd9ceb540436f1dc34d Mon Sep 17 00:00:00 2001 From: sonicaj Date: Sun, 12 Sep 2021 18:01:22 +0500 Subject: [PATCH 05/23] Add ability to configure collabora container specifically --- test/collabora/1.0.0/questions.yaml | 69 ++++++++++++++++++- .../collabora/1.0.0/templates/deployment.yaml | 11 ++- test/collabora/1.0.0/test_values.yaml | 16 +++-- 3 files changed, 86 insertions(+), 10 deletions(-) diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml index ee37b82e23..d5d6a87efd 100644 --- a/test/collabora/1.0.0/questions.yaml +++ b/test/collabora/1.0.0/questions.yaml @@ -1,4 +1,6 @@ groups: + - name: "Collabora Configuration" + description: "Configure Collabora" - name: "Storage" description: "Configure Storage for Collabora" - name: "Collabora Environment Variables" @@ -15,6 +17,71 @@ portals: path: "/loleaflet/dist/admin/admin.html" questions: + - variable: config + label: "Container Configuration" + group: "Collabora Configuration" + schema: + type: dict + attrs: + - variable: timezone + label: "Timezone" + group: "Collabora Configuration" + schema: + type: string + $ref: + - "definitions/timezone" + - variable: domain + label: "Domain(s) using collabora" + description: 'Use backslash "\" before dots ".". Use pipe "|" to separate multiple domains' + schema: + type: string + default: 'nextcloud\.domain\.tld|othernextcloud\.domain\.tld' + valid_chars: '^([a-z]{1,}\\{1}\.{1}[a-z]{1,}\\{1}\.{1}[a-z]{1,}\|{0,1})*$' + required: true + - variable: username + label: "Username for WebUI" + schema: + type: string + default: "admin" + required: true + - variable: password + label: "Password for WebUI" + schema: + type: string + private: true + default: "" + valid_chars: "[a-zA-Z0-9!@#$%^&*?]{8,}" + required: true + - variable: dictionaries + label: "Dictionaries to use, leave empty to use all" + schema: + type: string + default: "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" + - variable: extra_params + label: "Extra Parameters to add" + description: 'e.g. "--o:welcome.enable=false", See more on /etc/loolwsd/loowsd.xml. Separate params with space' + schema: + type: string + default: "--o:welcome.enable=false --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false" + - variable: DONT_GEN_SSL_CERT + label: "DONT_GEN_SSL_CERT" + description: "When set to true it does NOT generate an SSL cert, you have to use your own" + schema: + type: string + default: "true" + enum: + - value: "true" + description: "true" + - value: "" + description: "false" + - variable: server_name + label: "Server Name" + description: "When this environment variable is set (is not “”), then its value will be used as server name in /etc/loolwsd/loolwsd.xml. Without this, CODE is not delivering a correct host for the websocket connection in case of a proxy in front of it." + schema: + type: string + default: '' + valid_chars: '^[a-z]{1,}\\{1}\.{1}[a-z]{1,}\\{1}\.{1}[a-z]{1,}$' + - variable: extraAppVolumeMounts label: "Collabora Extra Host Path Volumes" group: "Storage" @@ -41,7 +108,7 @@ questions: required: true - variable: environmentVariables - label: "Environment Variables for Collabora" + label: "Environment Variables" group: "Collabora Environment Variables" schema: type: list diff --git a/test/collabora/1.0.0/templates/deployment.yaml b/test/collabora/1.0.0/templates/deployment.yaml index 76aba05b07..20ed92ecd6 100644 --- a/test/collabora/1.0.0/templates/deployment.yaml +++ b/test/collabora/1.0.0/templates/deployment.yaml @@ -28,8 +28,15 @@ spec: protocol: TCP containerPort: 9980 {{ $envList := (default list .Values.environmentVariables) }} - {{ $envList = mustAppend $envList (dict "name" "keys" "value" "/plots/keyfile") }} - {{ $envList = mustAppend $envList (dict "name" "farmr" "value" $.Values.farmr_env) }} + {{ $envConfig := .Values.config }} + {{ $envList = mustAppend $envList (dict "name" "timezone" "value" $envConfig.timezone) }} + {{ $envList = mustAppend $envList (dict "name" "domain" "value" $envConfig.domain) }} + {{ $envList = mustAppend $envList (dict "name" "username" "value" $envConfig.username) }} + {{ $envList = mustAppend $envList (dict "name" "password" "value" $envConfig.password) }} + {{ $envList = mustAppend $envList (dict "name" "dictionaries" "value" $envConfig.dictionaries) }} + {{ $envList = mustAppend $envList (dict "name" "extra_params" "value" $envConfig.extra_params) }} + {{ $envList = mustAppend $envList (dict "name" "DONT_GEN_SSL_CERT" "value" $envConfig.DONT_GEN_SSL_CERT) }} + {{ $envList = mustAppend $envList (dict "name" "server_name" "value" $envConfig.server_name) }} {{ include "common.containers.allEnvironmentVariables" (dict "environmentVariables" $envList) | nindent 10 }} {{ if .Values.extraAppVolumeMounts }} volumes: diff --git a/test/collabora/1.0.0/test_values.yaml b/test/collabora/1.0.0/test_values.yaml index f31037979d..99815d7405 100644 --- a/test/collabora/1.0.0/test_values.yaml +++ b/test/collabora/1.0.0/test_values.yaml @@ -1,13 +1,15 @@ -appVolumeMounts: - data: - emptyDir: true - mountPath: /data - staging: - emptyDir: true - mountPath: /plots image: pullPolicy: IfNotPresent repository: collabora/code tag: 6.4.10.10 updateStrategy: Recreate +config: + timezone: "America/Los_Angeles" + domain: "somedomain" + username: "admin" + password: "changeme" + dictionaries: "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" + extra_params: "--o:welcome.enable=false --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false" + DONT_GEN_SSL_CERT: "true" + server_name: "collabora" From 23970aec44cf834f6f2d8b8bf35e9a9a17dae03b Mon Sep 17 00:00:00 2001 From: sonicaj Date: Sun, 12 Sep 2021 18:08:59 +0500 Subject: [PATCH 06/23] Allow configuring node port for collabora --- test/collabora/1.0.0/questions.yaml | 17 ++++++++++++++--- test/collabora/1.0.0/templates/service.yaml | 6 ++++++ test/collabora/1.0.0/test_values.yaml | 2 +- 3 files changed, 21 insertions(+), 4 deletions(-) create mode 100644 test/collabora/1.0.0/templates/service.yaml diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml index d5d6a87efd..92c915d84f 100644 --- a/test/collabora/1.0.0/questions.yaml +++ b/test/collabora/1.0.0/questions.yaml @@ -1,10 +1,12 @@ groups: - name: "Collabora Configuration" description: "Configure Collabora" - - name: "Storage" - description: "Configure Storage for Collabora" - name: "Collabora Environment Variables" description: "Set the environment that will be visible to the container" + - name: "Networking" + description: "Configure Networking for Collabora" + - name: "Storage" + description: "Configure Storage for Collabora" portals: web_portal: @@ -13,7 +15,7 @@ portals: host: - "$node_ip" ports: - - "9980" + - "$variable-nodePort" path: "/loleaflet/dist/admin/admin.html" questions: @@ -127,3 +129,12 @@ questions: label: "Value" schema: type: string + + - variable: nodePort + label: "Node Port to use for Collabora" + group: "Networking" + schema: + type: int + default: 9980 + min: 9000 + max: 65535 diff --git a/test/collabora/1.0.0/templates/service.yaml b/test/collabora/1.0.0/templates/service.yaml new file mode 100644 index 0000000000..80bfc92928 --- /dev/null +++ b/test/collabora/1.0.0/templates/service.yaml @@ -0,0 +1,6 @@ +{{ $port := .Values.nodePort }} +{{ $ports := list }} +{{ $ports = mustAppend $ports (dict "name" "collabora" "port" $port "nodePort" $port "targetPort" "collabora") }} +{{ $params := . }} +{{ $_ := set $params "commonService" (dict "ports" $ports "type" "NodePort" ) }} +{{ include "common.classes.service" $params }} diff --git a/test/collabora/1.0.0/test_values.yaml b/test/collabora/1.0.0/test_values.yaml index 99815d7405..b1b1393572 100644 --- a/test/collabora/1.0.0/test_values.yaml +++ b/test/collabora/1.0.0/test_values.yaml @@ -12,4 +12,4 @@ config: extra_params: "--o:welcome.enable=false --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false" DONT_GEN_SSL_CERT: "true" server_name: "collabora" - +nodePort: 32980 From 45013d524d95c842c234f47dddad7e57d9a1a36f Mon Sep 17 00:00:00 2001 From: sonicaj Date: Sun, 12 Sep 2021 18:39:46 +0500 Subject: [PATCH 07/23] Use secret for username/password of collabora --- test/collabora/1.0.0/questions.yaml | 2 +- test/collabora/1.0.0/templates/_helpers.tpl | 6 ++++++ test/collabora/1.0.0/templates/deployment.yaml | 5 +++-- test/collabora/1.0.0/templates/secrets.yaml | 9 +++++++++ 4 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 test/collabora/1.0.0/templates/_helpers.tpl create mode 100644 test/collabora/1.0.0/templates/secrets.yaml diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml index 92c915d84f..a03f09ce8d 100644 --- a/test/collabora/1.0.0/questions.yaml +++ b/test/collabora/1.0.0/questions.yaml @@ -51,7 +51,7 @@ questions: schema: type: string private: true - default: "" + default: "changeme" valid_chars: "[a-zA-Z0-9!@#$%^&*?]{8,}" required: true - variable: dictionaries diff --git a/test/collabora/1.0.0/templates/_helpers.tpl b/test/collabora/1.0.0/templates/_helpers.tpl new file mode 100644 index 0000000000..08b7d95f3d --- /dev/null +++ b/test/collabora/1.0.0/templates/_helpers.tpl @@ -0,0 +1,6 @@ +{{/* +Retrieve secret name for secure credentials +*/}} +{{- define "secretName" -}} +{{- print "credentials" -}} +{{- end -}} diff --git a/test/collabora/1.0.0/templates/deployment.yaml b/test/collabora/1.0.0/templates/deployment.yaml index 20ed92ecd6..5dd8c350a3 100644 --- a/test/collabora/1.0.0/templates/deployment.yaml +++ b/test/collabora/1.0.0/templates/deployment.yaml @@ -28,15 +28,16 @@ spec: protocol: TCP containerPort: 9980 {{ $envList := (default list .Values.environmentVariables) }} + {{ $secretName := (include "secretName" .) }} {{ $envConfig := .Values.config }} {{ $envList = mustAppend $envList (dict "name" "timezone" "value" $envConfig.timezone) }} {{ $envList = mustAppend $envList (dict "name" "domain" "value" $envConfig.domain) }} - {{ $envList = mustAppend $envList (dict "name" "username" "value" $envConfig.username) }} - {{ $envList = mustAppend $envList (dict "name" "password" "value" $envConfig.password) }} {{ $envList = mustAppend $envList (dict "name" "dictionaries" "value" $envConfig.dictionaries) }} {{ $envList = mustAppend $envList (dict "name" "extra_params" "value" $envConfig.extra_params) }} {{ $envList = mustAppend $envList (dict "name" "DONT_GEN_SSL_CERT" "value" $envConfig.DONT_GEN_SSL_CERT) }} {{ $envList = mustAppend $envList (dict "name" "server_name" "value" $envConfig.server_name) }} + {{ $envList = mustAppend $envList (dict "name" "username" "valueFromSecret" true "secretName" $secretName "secretKey" "username") }} + {{ $envList = mustAppend $envList (dict "name" "password" "valueFromSecret" true "secretName" $secretName "secretKey" "password") }} {{ include "common.containers.allEnvironmentVariables" (dict "environmentVariables" $envList) | nindent 10 }} {{ if .Values.extraAppVolumeMounts }} volumes: diff --git a/test/collabora/1.0.0/templates/secrets.yaml b/test/collabora/1.0.0/templates/secrets.yaml new file mode 100644 index 0000000000..e979fba4c0 --- /dev/null +++ b/test/collabora/1.0.0/templates/secrets.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "secretName" . }} + labels: {{ include "common.labels" . | nindent 4 }} +type: Opaque +data: + username: {{ .Values.config.username | b64enc | quote }} + password: {{ .Values.config.password | b64enc | quote }} From d5ad44ff22be82dc46d19e3f9e2082bd78574417 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Sun, 12 Sep 2021 19:08:24 +0500 Subject: [PATCH 08/23] Update collabora chart configuration --- test/collabora/1.0.0/Chart.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/collabora/1.0.0/Chart.yaml b/test/collabora/1.0.0/Chart.yaml index 6a30daa2c3..f6fa2c3265 100644 --- a/test/collabora/1.0.0/Chart.yaml +++ b/test/collabora/1.0.0/Chart.yaml @@ -4,9 +4,9 @@ dependencies: - name: common repository: file://../../../library/common/2105.0.0 version: 2105.0.0 -description: Global, Versioned, peer-to-peer filesystem. -home: https://www.chia.net/ -icon: https://www.chia.net/img/chia_logo.svg +description: "Collabora Online Development Edition \u2013 an awesome, Online Office \ suite image suitable for home use." +home: https://github.com/CollaboraOnline/online +icon: https://avatars.githubusercontent.com/u/22418908?s=200&v=4 keywords: - office - documents From c94dde22d6c1855ca64e2ec7ede290b1711531e9 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Mon, 13 Sep 2021 17:06:51 +0500 Subject: [PATCH 09/23] Bug fixes for domain/cert_domain env variables --- test/collabora/1.0.0/questions.yaml | 28 +++++++++---------- .../collabora/1.0.0/templates/deployment.yaml | 1 + 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml index a03f09ce8d..7d7519fcc5 100644 --- a/test/collabora/1.0.0/questions.yaml +++ b/test/collabora/1.0.0/questions.yaml @@ -26,20 +26,20 @@ questions: type: dict attrs: - variable: timezone - label: "Timezone" - group: "Collabora Configuration" - schema: - type: string - $ref: - - "definitions/timezone" + label: "Timezone" + group: "Collabora Configuration" + schema: + type: string + $ref: + - "definitions/timezone" - variable: domain - label: "Domain(s) using collabora" - description: 'Use backslash "\" before dots ".". Use pipe "|" to separate multiple domains' - schema: - type: string - default: 'nextcloud\.domain\.tld|othernextcloud\.domain\.tld' - valid_chars: '^([a-z]{1,}\\{1}\.{1}[a-z]{1,}\\{1}\.{1}[a-z]{1,}\|{0,1})*$' - required: true + label: "Domain(s) using collabora" + description: 'Use backslash "\" before dots ".". Use pipe "|" to separate multiple domains' + schema: + type: string + default: 'nextcloud\.domain\.tld|othernextcloud\.domain\.tld' + # valid_chars: '^$|^([a-z]{1,}\\{1}\.{1}[a-z]{1,}\\{1}\.{1}[a-z]{1,}\|{0,1})*$' + required: false - variable: username label: "Username for WebUI" schema: @@ -82,7 +82,7 @@ questions: schema: type: string default: '' - valid_chars: '^[a-z]{1,}\\{1}\.{1}[a-z]{1,}\\{1}\.{1}[a-z]{1,}$' + valid_chars: '^$|^[a-z]{1,}\\{1}\.{1}[a-z]{1,}\\{1}\.{1}[a-z]{1,}$' - variable: extraAppVolumeMounts label: "Collabora Extra Host Path Volumes" diff --git a/test/collabora/1.0.0/templates/deployment.yaml b/test/collabora/1.0.0/templates/deployment.yaml index 5dd8c350a3..197ec76fbe 100644 --- a/test/collabora/1.0.0/templates/deployment.yaml +++ b/test/collabora/1.0.0/templates/deployment.yaml @@ -33,6 +33,7 @@ spec: {{ $envList = mustAppend $envList (dict "name" "timezone" "value" $envConfig.timezone) }} {{ $envList = mustAppend $envList (dict "name" "domain" "value" $envConfig.domain) }} {{ $envList = mustAppend $envList (dict "name" "dictionaries" "value" $envConfig.dictionaries) }} + {{ $envList = mustAppend $envList (dict "name" "cert_domain" "value" "192.168.0.3") }} {{ $envList = mustAppend $envList (dict "name" "extra_params" "value" $envConfig.extra_params) }} {{ $envList = mustAppend $envList (dict "name" "DONT_GEN_SSL_CERT" "value" $envConfig.DONT_GEN_SSL_CERT) }} {{ $envList = mustAppend $envList (dict "name" "server_name" "value" $envConfig.server_name) }} From 419f092d0ef40a8ecb2c49d04bb5014af9abef46 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 14 Sep 2021 12:41:06 +0500 Subject: [PATCH 10/23] Add nginx configuration --- test/collabora/1.0.0/ix_values.yaml | 5 + .../collabora/1.0.0/templates/nginx-conf.yaml | 136 ++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100644 test/collabora/1.0.0/templates/nginx-conf.yaml diff --git a/test/collabora/1.0.0/ix_values.yaml b/test/collabora/1.0.0/ix_values.yaml index 5120e01acf..4e07fa58fc 100644 --- a/test/collabora/1.0.0/ix_values.yaml +++ b/test/collabora/1.0.0/ix_values.yaml @@ -2,4 +2,9 @@ image: pullPolicy: IfNotPresent repository: collabora/code tag: 6.4.10.10 +nginx: + image: + pullPolicy: IfNotPresent + repository: nginx + tag: 1.21.3 updateStrategy: Recreate diff --git a/test/collabora/1.0.0/templates/nginx-conf.yaml b/test/collabora/1.0.0/templates/nginx-conf.yaml new file mode 100644 index 0000000000..d57c885386 --- /dev/null +++ b/test/collabora/1.0.0/templates/nginx-conf.yaml @@ -0,0 +1,136 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "nginx-config" + annotations: + rollme: {{ randAlphaNum 5 | quote }} +data: + config: |- + load_module modules/ngx_http_uploadprogress_module.so; + user www-data www-data; + worker_processes 1; + + events { + worker_connections 1024; + } + + http { + include mime.types; + default_type application/octet-stream; + + # Types to enable gzip compression on + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/rss+xml + image/svg+xml; + + # reserve 1MB under the name 'proxied' to track uploads + upload_progress proxied 1m; + + sendfile on; + #tcp_nopush on; + client_max_body_size 1000m; + + #keepalive_timeout 0; + keepalive_timeout 65; + + # Disable tokens for security (#23684) + server_tokens off; + + gzip on; + #upload_store /var/tmp/firmware; + client_body_temp_path /var/tmp/firmware; + + error_log syslog:server=unix:/var/run/log,nohostname; + access_log syslog:server=unix:/var/run/log,nohostname; + + server { + server_name localhost; + listen 0.0.0.0:443 default_server ssl http2; + listen [::]:443 default_server ssl http2; + + ssl_certificate "/nginx.crt"; + ssl_certificate_key "/nginx.key"; + + ssl_session_timeout 120m; + ssl_session_cache shared:ssl:16m; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384; + add_header Strict-Transport-Security max-age=31536000; + + # Security Headers + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1"; + + location = /robots.txt { + add_header Content-Type text/plain; + return 200 "User-agent: *\nDisallow: /loleaflet/*\n"; + } + + # static files + location ^~ /loleaflet { + set $upstream_collabora collabora; + proxy_pass http://$upstream_collabora:9980; + proxy_set_header Host $http_host; + } + + # WOPI discovery URL + location ^~ /hosting/discovery { + set $upstream_collabora collabora; + proxy_pass http://$upstream_collabora:9980; + proxy_set_header Host $http_host; + } + + # Capabilities + location ^~ /hosting/capabilities { + set $upstream_collabora collabora; + proxy_pass http://$upstream_collabora:9980; + proxy_set_header Host $http_host; + } + + # main websocket + location ~ ^/lool/(.*)/ws$ { + set $upstream_collabora collabora; + proxy_pass http://$upstream_collabora:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } + + # download, presentation and image upload + location ~ ^/lool { + set $upstream_collabora collabora; + proxy_pass http://$upstream_collabora:9980; + proxy_set_header Host $http_host; + } + + # Admin Console websocket + location ^~ /lool/adminws { + set $upstream_collabora collabora; + proxy_pass http://$upstream_collabora:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $http_host; + proxy_read_timeout 36000s; + } + + } + server { + listen 0.0.0.0:80; + listen [::]:80; + server_name localhost; + return 307 https://$host:443$request_uri; + } + + } From 0b615db4e232b3defe9fc0f02975f368142798d6 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 14 Sep 2021 12:45:44 +0500 Subject: [PATCH 11/23] Set Referer header in nginx configuration --- test/collabora/1.0.0/templates/nginx-conf.yaml | 7 +++++++ test/collabora/1.0.0/templates/nginx-deployment | 17 +++++++++++++++++ 2 files changed, 24 insertions(+) create mode 100644 test/collabora/1.0.0/templates/nginx-deployment diff --git a/test/collabora/1.0.0/templates/nginx-conf.yaml b/test/collabora/1.0.0/templates/nginx-conf.yaml index d57c885386..0bee6e13d1 100644 --- a/test/collabora/1.0.0/templates/nginx-conf.yaml +++ b/test/collabora/1.0.0/templates/nginx-conf.yaml @@ -74,6 +74,7 @@ data: location = /robots.txt { add_header Content-Type text/plain; + proxy_set_header Referer "http://nginx"; return 200 "User-agent: *\nDisallow: /loleaflet/*\n"; } @@ -82,6 +83,7 @@ data: set $upstream_collabora collabora; proxy_pass http://$upstream_collabora:9980; proxy_set_header Host $http_host; + proxy_set_header Referer "http://nginx"; } # WOPI discovery URL @@ -89,6 +91,7 @@ data: set $upstream_collabora collabora; proxy_pass http://$upstream_collabora:9980; proxy_set_header Host $http_host; + proxy_set_header Referer "http://nginx"; } # Capabilities @@ -96,6 +99,7 @@ data: set $upstream_collabora collabora; proxy_pass http://$upstream_collabora:9980; proxy_set_header Host $http_host; + proxy_set_header Referer "http://nginx"; } # main websocket @@ -105,6 +109,7 @@ data: proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; + proxy_set_header Referer "http://nginx"; proxy_read_timeout 36000s; } @@ -113,6 +118,7 @@ data: set $upstream_collabora collabora; proxy_pass http://$upstream_collabora:9980; proxy_set_header Host $http_host; + proxy_set_header Referer "http://nginx"; } # Admin Console websocket @@ -122,6 +128,7 @@ data: proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Host $http_host; + proxy_set_header Referer "http://nginx"; proxy_read_timeout 36000s; } diff --git a/test/collabora/1.0.0/templates/nginx-deployment b/test/collabora/1.0.0/templates/nginx-deployment new file mode 100644 index 0000000000..ace90af7b6 --- /dev/null +++ b/test/collabora/1.0.0/templates/nginx-deployment @@ -0,0 +1,17 @@ +{{ $values := (. | mustDeepCopy) }} +{{ $_ := set $values "common" (dict "nameSuffix" "nginx") }} +{{ include "common.deployment.common_config" $values | nindent 0 }} +spec: {{ include "common.deployment.common_spec" $values | nindent 2 }} + template: {{ include "common.deployment.pod.metadata" $values | nindent 4 }} + spec: + containers: + - name: {{ .Chart.Name }}-nginx + image: {{ printf "%s:%s" .Values.nginx.image.repository .Values.nginx.image.tag }} + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP From 25796dfdcd01810efba1d68719f57647debaa691 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 14 Sep 2021 17:27:06 +0500 Subject: [PATCH 12/23] Mount custom nginx configuration for nginx deployment --- .../{nginx-deployment => nginx-deployment.yaml} | 10 ++++++++++ 1 file changed, 10 insertions(+) rename test/collabora/1.0.0/templates/{nginx-deployment => nginx-deployment.yaml} (71%) diff --git a/test/collabora/1.0.0/templates/nginx-deployment b/test/collabora/1.0.0/templates/nginx-deployment.yaml similarity index 71% rename from test/collabora/1.0.0/templates/nginx-deployment rename to test/collabora/1.0.0/templates/nginx-deployment.yaml index ace90af7b6..086da069f4 100644 --- a/test/collabora/1.0.0/templates/nginx-deployment +++ b/test/collabora/1.0.0/templates/nginx-deployment.yaml @@ -8,6 +8,11 @@ spec: {{ include "common.deployment.common_spec" $values | nindent 2 }} - name: {{ .Chart.Name }}-nginx image: {{ printf "%s:%s" .Values.nginx.image.repository .Values.nginx.image.tag }} imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + volumeMounts: + - name: configuration + mountPath: /etc/nginx/nginx.conf + readOnly: true + subPath: config ports: - name: http containerPort: 80 @@ -15,3 +20,8 @@ spec: {{ include "common.deployment.common_spec" $values | nindent 2 }} - name: https containerPort: 443 protocol: TCP + volumes: + - name: configuration + configMap: + defaultMode: 0700 + name: "nginx-config" From f4639626d57e78f7651c229c5f0c23952b981835 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 14 Sep 2021 17:35:16 +0500 Subject: [PATCH 13/23] Add service for nginx --- test/collabora/1.0.0/templates/nginx-service.yaml | 6 ++++++ test/collabora/1.0.0/templates/service.yaml | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 test/collabora/1.0.0/templates/nginx-service.yaml diff --git a/test/collabora/1.0.0/templates/nginx-service.yaml b/test/collabora/1.0.0/templates/nginx-service.yaml new file mode 100644 index 0000000000..6c613a9171 --- /dev/null +++ b/test/collabora/1.0.0/templates/nginx-service.yaml @@ -0,0 +1,6 @@ +{{ $port := .Values.nodePort }} +{{ $ports := list }} +{{ $ports = mustAppend $ports (dict "name" "https" "port" $port "nodePort" $port "targetPort" "collabora") }} +{{ $params := (. | mustDeepCopy) }} +{{ $_ := set $params "common" (dict "nameSuffix" "nginx") "commonService" (dict "ports" $ports "type" "NodePort" ) }} +{{ include "common.classes.service" $params }} diff --git a/test/collabora/1.0.0/templates/service.yaml b/test/collabora/1.0.0/templates/service.yaml index 80bfc92928..7929c93a62 100644 --- a/test/collabora/1.0.0/templates/service.yaml +++ b/test/collabora/1.0.0/templates/service.yaml @@ -2,5 +2,5 @@ {{ $ports := list }} {{ $ports = mustAppend $ports (dict "name" "collabora" "port" $port "nodePort" $port "targetPort" "collabora") }} {{ $params := . }} -{{ $_ := set $params "commonService" (dict "ports" $ports "type" "NodePort" ) }} +{{ $_ := set $params "commonService" (dict "ports" $ports "type" "ClusterIP" ) }} {{ include "common.classes.service" $params }} From 270e996be397d1fd4fada4fc74e3581991254781 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 14 Sep 2021 20:20:09 +0500 Subject: [PATCH 14/23] Properly configure certificate to be used with collabora application --- test/collabora/1.0.0/questions.yaml | 11 +++- test/collabora/1.0.0/templates/_helpers.tpl | 34 ++++++++++++ .../collabora/1.0.0/templates/nginx-conf.yaml | 52 ++++++------------- .../1.0.0/templates/nginx-deployment.yaml | 16 ++++-- .../1.0.0/templates/nginx-service.yaml | 5 +- test/collabora/1.0.0/templates/secrets.yaml | 6 +++ test/collabora/1.0.0/templates/service.yaml | 2 +- 7 files changed, 82 insertions(+), 44 deletions(-) diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml index 7d7519fcc5..5fcf46624d 100644 --- a/test/collabora/1.0.0/questions.yaml +++ b/test/collabora/1.0.0/questions.yaml @@ -64,7 +64,7 @@ questions: description: 'e.g. "--o:welcome.enable=false", See more on /etc/loolwsd/loowsd.xml. Separate params with space' schema: type: string - default: "--o:welcome.enable=false --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false" + default: "--o:welcome.enable=false --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false --o:net.proto=IPv4" - variable: DONT_GEN_SSL_CERT label: "DONT_GEN_SSL_CERT" description: "When set to true it does NOT generate an SSL cert, you have to use your own" @@ -84,6 +84,15 @@ questions: default: '' valid_chars: '^$|^[a-z]{1,}\\{1}\.{1}[a-z]{1,}\\{1}\.{1}[a-z]{1,}$' + - variable: certificate + description: "Collabora Certificate" + label: "Certificate" + group: "Collabora Configuration" + schema: + type: int + $ref: + - "definitions/certificate" + - variable: extraAppVolumeMounts label: "Collabora Extra Host Path Volumes" group: "Storage" diff --git a/test/collabora/1.0.0/templates/_helpers.tpl b/test/collabora/1.0.0/templates/_helpers.tpl index 08b7d95f3d..82b2687b17 100644 --- a/test/collabora/1.0.0/templates/_helpers.tpl +++ b/test/collabora/1.0.0/templates/_helpers.tpl @@ -4,3 +4,37 @@ Retrieve secret name for secure credentials {{- define "secretName" -}} {{- print "credentials" -}} {{- end -}} + + +{{/* +Retrieve true/false if certificate is configured +*/}} +{{- define "certAvailable" -}} +{{- if .Values.certificate -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}} +{{- template "common.resources.cert_present" $values -}} +{{- else -}} +{{- false -}} +{{- end -}} +{{- end -}} + + +{{/* +Retrieve public key of certificate +*/}} +{{- define "cert.publicKey" -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}} +{{ include "common.resources.cert" $values }} +{{- end -}} + + +{{/* +Retrieve private key of certificate +*/}} +{{- define "cert.privateKey" -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}} +{{ include "common.resources.cert" $values }} +{{- end -}} diff --git a/test/collabora/1.0.0/templates/nginx-conf.yaml b/test/collabora/1.0.0/templates/nginx-conf.yaml index 0bee6e13d1..d54d24b005 100644 --- a/test/collabora/1.0.0/templates/nginx-conf.yaml +++ b/test/collabora/1.0.0/templates/nginx-conf.yaml @@ -6,10 +6,6 @@ metadata: rollme: {{ randAlphaNum 5 | quote }} data: config: |- - load_module modules/ngx_http_uploadprogress_module.so; - user www-data www-data; - worker_processes 1; - events { worker_connections 1024; } @@ -32,33 +28,24 @@ data: application/rss+xml image/svg+xml; - # reserve 1MB under the name 'proxied' to track uploads - upload_progress proxied 1m; - sendfile on; - #tcp_nopush on; client_max_body_size 1000m; - #keepalive_timeout 0; keepalive_timeout 65; # Disable tokens for security (#23684) server_tokens off; gzip on; - #upload_store /var/tmp/firmware; client_body_temp_path /var/tmp/firmware; - error_log syslog:server=unix:/var/run/log,nohostname; - access_log syslog:server=unix:/var/run/log,nohostname; - server { - server_name localhost; + server_name nginx; listen 0.0.0.0:443 default_server ssl http2; listen [::]:443 default_server ssl http2; - ssl_certificate "/nginx.crt"; - ssl_certificate_key "/nginx.key"; + ssl_certificate "/etc/nginx/server.crt"; + ssl_certificate_key "/etc/nginx/server.key"; ssl_session_timeout 120m; ssl_session_cache shared:ssl:16m; @@ -68,10 +55,6 @@ data: ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384; add_header Strict-Transport-Security max-age=31536000; - # Security Headers - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1"; - location = /robots.txt { add_header Content-Type text/plain; proxy_set_header Referer "http://nginx"; @@ -80,9 +63,8 @@ data: # static files location ^~ /loleaflet { - set $upstream_collabora collabora; - proxy_pass http://$upstream_collabora:9980; - proxy_set_header Host $http_host; + proxy_pass http://collabora:9980; + proxy_set_header Host $host; proxy_set_header Referer "http://nginx"; } @@ -96,38 +78,34 @@ data: # Capabilities location ^~ /hosting/capabilities { - set $upstream_collabora collabora; - proxy_pass http://$upstream_collabora:9980; - proxy_set_header Host $http_host; + proxy_pass http://collabora:9980; + proxy_set_header Host $host; proxy_set_header Referer "http://nginx"; } # main websocket location ~ ^/lool/(.*)/ws$ { - set $upstream_collabora collabora; - proxy_pass http://$upstream_collabora:9980; + proxy_pass http://collabora:9980; + proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; - proxy_set_header Host $http_host; proxy_set_header Referer "http://nginx"; proxy_read_timeout 36000s; } # download, presentation and image upload location ~ ^/lool { - set $upstream_collabora collabora; - proxy_pass http://$upstream_collabora:9980; - proxy_set_header Host $http_host; + proxy_pass http://collabora:9980; + proxy_set_header Host $host; proxy_set_header Referer "http://nginx"; } # Admin Console websocket location ^~ /lool/adminws { - set $upstream_collabora collabora; - proxy_pass http://$upstream_collabora:9980; + proxy_pass http://collabora:9980; + proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; - proxy_set_header Host $http_host; proxy_set_header Referer "http://nginx"; proxy_read_timeout 36000s; } @@ -136,8 +114,8 @@ data: server { listen 0.0.0.0:80; listen [::]:80; - server_name localhost; - return 307 https://$host:443$request_uri; + server_name nginx; + return 307 https://$host:{{ .Values.nodePort }}}$request_uri; } } diff --git a/test/collabora/1.0.0/templates/nginx-deployment.yaml b/test/collabora/1.0.0/templates/nginx-deployment.yaml index 086da069f4..e50d23c086 100644 --- a/test/collabora/1.0.0/templates/nginx-deployment.yaml +++ b/test/collabora/1.0.0/templates/nginx-deployment.yaml @@ -13,6 +13,13 @@ spec: {{ include "common.deployment.common_spec" $values | nindent 2 }} mountPath: /etc/nginx/nginx.conf readOnly: true subPath: config + - name: certs + mountPath: /etc/nginx/server.crt + subPath: certPublicKey + - name: certs + mountPath: /etc/nginx/server.key + subPath: certPrivateKey + ports: - name: http containerPort: 80 @@ -22,6 +29,9 @@ spec: {{ include "common.deployment.common_spec" $values | nindent 2 }} protocol: TCP volumes: - name: configuration - configMap: - defaultMode: 0700 - name: "nginx-config" + configMap: + defaultMode: 0700 + name: "nginx-config" + - name: certs + secret: + secretName: {{ include "secretName" . }} diff --git a/test/collabora/1.0.0/templates/nginx-service.yaml b/test/collabora/1.0.0/templates/nginx-service.yaml index 6c613a9171..f3b7cd7449 100644 --- a/test/collabora/1.0.0/templates/nginx-service.yaml +++ b/test/collabora/1.0.0/templates/nginx-service.yaml @@ -1,6 +1,7 @@ {{ $port := .Values.nodePort }} {{ $ports := list }} -{{ $ports = mustAppend $ports (dict "name" "https" "port" $port "nodePort" $port "targetPort" "collabora") }} +{{ $ports = mustAppend $ports (dict "name" "https" "port" $port "nodePort" $port "targetPort" "https") }} {{ $params := (. | mustDeepCopy) }} -{{ $_ := set $params "common" (dict "nameSuffix" "nginx") "commonService" (dict "ports" $ports "type" "NodePort" ) }} +{{ $_ := set $params "common" (dict "nameSuffix" "nginx") }} +{{ $_2 := set $params "commonService" (dict "ports" $ports "type" "NodePort" ) }} {{ include "common.classes.service" $params }} diff --git a/test/collabora/1.0.0/templates/secrets.yaml b/test/collabora/1.0.0/templates/secrets.yaml index e979fba4c0..4538aa5e8a 100644 --- a/test/collabora/1.0.0/templates/secrets.yaml +++ b/test/collabora/1.0.0/templates/secrets.yaml @@ -7,3 +7,9 @@ type: Opaque data: username: {{ .Values.config.username | b64enc | quote }} password: {{ .Values.config.password | b64enc | quote }} + {{ if eq (include "certAvailable" .) "true" }} + certPublicKey: {{ (include "cert.publicKey" .) | toString | b64enc | quote }} + certPrivateKey: {{ (include "cert.privateKey" .) | toString | b64enc | quote }} + {{ else }} + {{ fail "No certificate configured for Collabora" }} + {{ end }} diff --git a/test/collabora/1.0.0/templates/service.yaml b/test/collabora/1.0.0/templates/service.yaml index 7929c93a62..d14319a377 100644 --- a/test/collabora/1.0.0/templates/service.yaml +++ b/test/collabora/1.0.0/templates/service.yaml @@ -1,6 +1,6 @@ {{ $port := .Values.nodePort }} {{ $ports := list }} -{{ $ports = mustAppend $ports (dict "name" "collabora" "port" $port "nodePort" $port "targetPort" "collabora") }} +{{ $ports = mustAppend $ports (dict "name" "collabora" "port" 9980 "targetPort" "collabora") }} {{ $params := . }} {{ $_ := set $params "commonService" (dict "ports" $ports "type" "ClusterIP" ) }} {{ include "common.classes.service" $params }} From b8a102dd5a8e2cb682e16d934bb7c4d1cf799509 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 14 Sep 2021 23:23:14 +0500 Subject: [PATCH 15/23] Temporarily skip overriding referer for collabora --- test/collabora/1.0.0/templates/nginx-conf.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/collabora/1.0.0/templates/nginx-conf.yaml b/test/collabora/1.0.0/templates/nginx-conf.yaml index d54d24b005..bf651f7450 100644 --- a/test/collabora/1.0.0/templates/nginx-conf.yaml +++ b/test/collabora/1.0.0/templates/nginx-conf.yaml @@ -65,7 +65,7 @@ data: location ^~ /loleaflet { proxy_pass http://collabora:9980; proxy_set_header Host $host; - proxy_set_header Referer "http://nginx"; + # proxy_set_header Referer "http://nginx"; } # WOPI discovery URL @@ -73,14 +73,14 @@ data: set $upstream_collabora collabora; proxy_pass http://$upstream_collabora:9980; proxy_set_header Host $http_host; - proxy_set_header Referer "http://nginx"; + # proxy_set_header Referer "http://nginx"; } # Capabilities location ^~ /hosting/capabilities { proxy_pass http://collabora:9980; proxy_set_header Host $host; - proxy_set_header Referer "http://nginx"; + # proxy_set_header Referer "http://nginx"; } # main websocket @@ -89,7 +89,7 @@ data: proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; - proxy_set_header Referer "http://nginx"; + # proxy_set_header Referer "http://nginx"; proxy_read_timeout 36000s; } @@ -106,7 +106,7 @@ data: proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; - proxy_set_header Referer "http://nginx"; + # proxy_set_header Referer "http://nginx"; proxy_read_timeout 36000s; } From ca44e0c385984b6fbc4feaa2cf63cfe43fa65690 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 19 Oct 2021 20:13:52 +0500 Subject: [PATCH 16/23] Update service name usages in nginx configuration --- test/collabora/1.0.0/questions.yaml | 4 ++-- test/collabora/1.0.0/templates/nginx-conf.yaml | 16 ++++++++++------ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml index 5fcf46624d..96bbaaaec3 100644 --- a/test/collabora/1.0.0/questions.yaml +++ b/test/collabora/1.0.0/questions.yaml @@ -64,7 +64,7 @@ questions: description: 'e.g. "--o:welcome.enable=false", See more on /etc/loolwsd/loowsd.xml. Separate params with space' schema: type: string - default: "--o:welcome.enable=false --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false --o:net.proto=IPv4" + default: "--o:welcome.enable=false --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false --o:net.proto=IPv4 --o:net.post_allow.host[0]=.+ --o:storage.wopi.host[0]=.+" - variable: DONT_GEN_SSL_CERT label: "DONT_GEN_SSL_CERT" description: "When set to true it does NOT generate an SSL cert, you have to use your own" @@ -82,7 +82,6 @@ questions: schema: type: string default: '' - valid_chars: '^$|^[a-z]{1,}\\{1}\.{1}[a-z]{1,}\\{1}\.{1}[a-z]{1,}$' - variable: certificate description: "Collabora Certificate" @@ -92,6 +91,7 @@ questions: type: int $ref: - "definitions/certificate" + null: false - variable: extraAppVolumeMounts label: "Collabora Extra Host Path Volumes" diff --git a/test/collabora/1.0.0/templates/nginx-conf.yaml b/test/collabora/1.0.0/templates/nginx-conf.yaml index bf651f7450..c5e3fe889c 100644 --- a/test/collabora/1.0.0/templates/nginx-conf.yaml +++ b/test/collabora/1.0.0/templates/nginx-conf.yaml @@ -1,3 +1,7 @@ +{{- $serviceName := include "common.names.fullname" . -}} + {{- if hasKey .Values "nameSuffix" -}} + {{- $serviceName = (printf "%v-%v" $serviceName .Values.nameSuffix) -}} +{{- end -}} apiVersion: v1 kind: ConfigMap metadata: @@ -63,14 +67,14 @@ data: # static files location ^~ /loleaflet { - proxy_pass http://collabora:9980; + proxy_pass http://{{ $serviceName }}:9980; proxy_set_header Host $host; # proxy_set_header Referer "http://nginx"; } # WOPI discovery URL location ^~ /hosting/discovery { - set $upstream_collabora collabora; + set $upstream_collabora {{ $serviceName }}; proxy_pass http://$upstream_collabora:9980; proxy_set_header Host $http_host; # proxy_set_header Referer "http://nginx"; @@ -78,14 +82,14 @@ data: # Capabilities location ^~ /hosting/capabilities { - proxy_pass http://collabora:9980; + proxy_pass http://{{ $serviceName }}:9980; proxy_set_header Host $host; # proxy_set_header Referer "http://nginx"; } # main websocket location ~ ^/lool/(.*)/ws$ { - proxy_pass http://collabora:9980; + proxy_pass http://{{ $serviceName }}:9980; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; @@ -95,14 +99,14 @@ data: # download, presentation and image upload location ~ ^/lool { - proxy_pass http://collabora:9980; + proxy_pass http://{{ $serviceName }}:9980; proxy_set_header Host $host; proxy_set_header Referer "http://nginx"; } # Admin Console websocket location ^~ /lool/adminws { - proxy_pass http://collabora:9980; + proxy_pass http://{{ $serviceName }}:9980; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; From 2fe782dd815068191d995183f344950631d40390 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 19 Oct 2021 20:17:05 +0500 Subject: [PATCH 17/23] Make https a requirement for collabora --- test/collabora/1.0.0/questions.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml index 96bbaaaec3..e624a3d3ca 100644 --- a/test/collabora/1.0.0/questions.yaml +++ b/test/collabora/1.0.0/questions.yaml @@ -11,9 +11,9 @@ groups: portals: web_portal: protocols: - - "http" + - "https" host: - - "$node_ip" + - "$variable-server_name" ports: - "$variable-nodePort" path: "/loleaflet/dist/admin/admin.html" From fb2ec52cc7504187b55df09b0e5e558c46f1cf15 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 19 Oct 2021 20:20:00 +0500 Subject: [PATCH 18/23] Update test values for collabora --- test/collabora/1.0.0/questions.yaml | 2 +- test/collabora/1.0.0/test_values.yaml | 238 ++++++++++++++++++++++++-- 2 files changed, 228 insertions(+), 12 deletions(-) diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml index e624a3d3ca..f02245d95a 100644 --- a/test/collabora/1.0.0/questions.yaml +++ b/test/collabora/1.0.0/questions.yaml @@ -91,7 +91,7 @@ questions: type: int $ref: - "definitions/certificate" - null: false + "null": false - variable: extraAppVolumeMounts label: "Collabora Extra Host Path Volumes" diff --git a/test/collabora/1.0.0/test_values.yaml b/test/collabora/1.0.0/test_values.yaml index b1b1393572..93506171df 100644 --- a/test/collabora/1.0.0/test_values.yaml +++ b/test/collabora/1.0.0/test_values.yaml @@ -1,15 +1,231 @@ +certificate: 55 +config: + DONT_GEN_SSL_CERT: "true" + dictionaries: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru + domain: nextcloud\.domain\.tld|othernextcloud\.domain\.tld + extra_params: --o:welcome.enable=false --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false --o:net.proto=IPv4 --o:net.post_allow.host[0]=.+ --o:storage.wopi.host[0]=.+ + password: changeme + server_name: ssh.sonicaj.com:49980 + timezone: Asia/Karachi + username: admin +environmentVariables: [] +extraAppVolumeMounts: [] image: pullPolicy: IfNotPresent repository: collabora/code tag: 6.4.10.10 -updateStrategy: Recreate -config: - timezone: "America/Los_Angeles" - domain: "somedomain" - username: "admin" - password: "changeme" - dictionaries: "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" - extra_params: "--o:welcome.enable=false --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false" - DONT_GEN_SSL_CERT: "true" - server_name: "collabora" -nodePort: 32980 +ixCertificateAuthorities: {} +ixCertificates: + "55": + CA_type_existing: false + CA_type_intermediate: false + CA_type_internal: false + CSR: null + DN: /CN=ad/C=US/ST=asdf/L=asdf/O=adsf/OU=asdf/emailAddress=a@a.com/subjectAltName=IP Address:192.168.0.3, IP Address:192.168.0.5, IP Address:192.168.0.182, IP Address:192.168.0.129, IP Address:192.168.0.146 + can_be_revoked: false + cert_type: CERTIFICATE + cert_type_CSR: false + cert_type_existing: true + cert_type_internal: false + certificate: |- + -----BEGIN CERTIFICATE----- + MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL + MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV + BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX + Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1 + P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW + 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H + PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t + AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3 + AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB + hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E + AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww + CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH + DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB + FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/ + BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD + KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR + h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx + fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj + x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz + MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB + -----END CERTIFICATE----- + + -----BEGIN CERTIFICATE----- + MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx + CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE + CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt + 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf + iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd + M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL + Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H + VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID + AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE + wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T + AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw + pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL + MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG + SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr + zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql + PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX + TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d + 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/ + +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w + M7Y3vwxshpo= + -----END CERTIFICATE----- + certificate_path: /etc/certificates/slog3.crt + chain: true + chain_list: + - |- + -----BEGIN CERTIFICATE----- + MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL + MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV + BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX + Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1 + P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW + 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H + PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t + AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3 + AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB + hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E + AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww + CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH + DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB + FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/ + BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD + KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR + h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx + fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj + x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz + MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB + -----END CERTIFICATE----- + - |- + -----BEGIN CERTIFICATE----- + MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx + CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE + CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt + 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf + iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd + M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL + Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H + VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID + AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE + wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T + AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw + pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL + MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG + SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr + zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql + PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX + TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d + 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/ + +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w + M7Y3vwxshpo= + -----END CERTIFICATE----- + city: asdf + common: ad + country: US + csr_path: /etc/certificates/slog3.csr + digest_algorithm: SHA256 + email: a@a.com + extensions: + AuthorityKeyIdentifier: | + keyid:B9:58:7F:D2:FD:F6:7C:49:0D:CA:42:33:F2:D3:DD:5E:61:43:F6:B7 + DirName:/CN=asd/C=US/ST=asdf/L=af/O=asdf/OU=asd/emailAddress=a@a.com + serial:60:53:17 + BasicConstraints: CA:FALSE + ExtendedKeyUsage: TLS Web Server Authentication + KeyUsage: Digital Signature, Key Encipherment + SubjectAltName: IP Address:192.168.0.3, IP Address:192.168.0.5, IP Address:192.168.0.182, IP Address:192.168.0.129, IP Address:192.168.0.146 + SubjectKeyIdentifier: 38:1B:67:DF:E2:D8:19:97:8B:E6:A3:8C:42:7E:A9:89:85:DA:92:87 + fingerprint: 59:7A:49:6D:04:CE:70:E5:AF:9A:FB:75:3C:26:58:7D:B7:8E:A6:9D + from: Tue Aug 31 04:23:54 2021 + id: 55 + internal: "NO" + issuer: external + key_length: 2048 + key_type: RSA + lifetime: 825 + name: slog3 + organization: adsf + organizational_unit: asdf + parsed: true + privatekey: |- + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT + HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk + H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI + 4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d + NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB + +Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7 + A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu + eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5 + N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe + EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL + PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR + 0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA + 6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z + FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo + L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL + d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA + 0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu + MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2 + wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd + DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7 + wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc + nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S + dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P + //L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY + qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc + 3G15AKCXo7jjOUtHY01DCQ== + -----END PRIVATE KEY----- + privatekey_path: /etc/certificates/slog3.key + revoked: false + revoked_date: null + root_path: /etc/certificates + san: + - IP Address:192.168.0.3 + - IP Address:192.168.0.5 + - IP Address:192.168.0.182 + - IP Address:192.168.0.129 + - IP Address:192.168.0.146 + serial: 6312728 + signedby: null + state: asdf + subject_name_hash: 1673640987 + type: 8 + until: Mon Dec 4 04:23:54 2023 +ixChartContext: + isInstall: false + isUpdate: true + isUpgrade: false + operation: UPDATE + storageClassName: ix-storage-class-col + upgradeMetadata: {} +ixExternalInterfacesConfiguration: [] +ixExternalInterfacesConfigurationNames: [] +ixVolumes: [] +nginx: + image: + pullPolicy: IfNotPresent + repository: nginx + tag: 1.21.3 +nodePort: 31980 From a6a0ad54b2721eba88c8369becdaf703e34316e9 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 19 Oct 2021 20:24:13 +0500 Subject: [PATCH 19/23] Remove upgrade strategy temporarily --- test/collabora/upgrade_info.json | 1 - test/collabora/upgrade_strategy | 25 ------------------------- 2 files changed, 26 deletions(-) delete mode 100644 test/collabora/upgrade_info.json delete mode 100755 test/collabora/upgrade_strategy diff --git a/test/collabora/upgrade_info.json b/test/collabora/upgrade_info.json deleted file mode 100644 index f22ddd1aee..0000000000 --- a/test/collabora/upgrade_info.json +++ /dev/null @@ -1 +0,0 @@ -{"filename": "ix_values.yaml", "keys": ["image"], "test_filename": "test_values.yaml"} diff --git a/test/collabora/upgrade_strategy b/test/collabora/upgrade_strategy deleted file mode 100755 index 6b95867d8d..0000000000 --- a/test/collabora/upgrade_strategy +++ /dev/null @@ -1,25 +0,0 @@ -#!/usr/bin/python3 -import json -import sys - -from catalog_update.upgrade_strategy import semantic_versioning - - -def newer_mapping(image_tags): - key = list(image_tags.keys())[0] - tags = {t.strip('v').replace('_', '.'): t for t in image_tags[key]} - version = semantic_versioning(image_tags[key]) - if not version: - return {} - - return { - 'tags': {key: tags[version]}, - 'app_version': tags[version], - } - - -if __name__ == '__main__': - if len(sys.argv) != 2: - exit(1) - - print(json.dumps(newer_mapping(json.loads(sys.argv[1])))) From fbb2fe07a42ff9c64722b8eef9b1cc971848ee52 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 19 Oct 2021 21:42:02 +0500 Subject: [PATCH 20/23] Have nginx as a sidecar instead of a separate deployment --- .../collabora/1.0.0/templates/deployment.yaml | 30 ++++++++++++++- .../collabora/1.0.0/templates/nginx-conf.yaml | 5 +-- .../1.0.0/templates/nginx-deployment.yaml | 37 ------------------- .../1.0.0/templates/nginx-service.yaml | 5 +-- test/collabora/1.0.0/templates/service.yaml | 6 --- 5 files changed, 31 insertions(+), 52 deletions(-) delete mode 100644 test/collabora/1.0.0/templates/nginx-deployment.yaml delete mode 100644 test/collabora/1.0.0/templates/service.yaml diff --git a/test/collabora/1.0.0/templates/deployment.yaml b/test/collabora/1.0.0/templates/deployment.yaml index 197ec76fbe..9bddbb8311 100644 --- a/test/collabora/1.0.0/templates/deployment.yaml +++ b/test/collabora/1.0.0/templates/deployment.yaml @@ -14,6 +14,27 @@ spec: labels: {{ include "common.labels.selectorLabels" . | nindent 8 }} spec: containers: + - name: {{ .Chart.Name }}-nginx + image: {{ printf "%s:%s" .Values.nginx.image.repository .Values.nginx.image.tag }} + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + volumeMounts: + - name: configuration + mountPath: /etc/nginx/nginx.conf + readOnly: true + subPath: config + - name: certs + mountPath: /etc/nginx/server.crt + subPath: certPublicKey + - name: certs + mountPath: /etc/nginx/server.key + subPath: certPrivateKey + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP - name: {{ .Chart.Name }} {{ include "common.containers.imageConfig" .Values.image | nindent 10 }} {{ if .Values.extraAppVolumeMounts }} @@ -40,11 +61,16 @@ spec: {{ $envList = mustAppend $envList (dict "name" "username" "valueFromSecret" true "secretName" $secretName "secretKey" "username") }} {{ $envList = mustAppend $envList (dict "name" "password" "valueFromSecret" true "secretName" $secretName "secretKey" "password") }} {{ include "common.containers.allEnvironmentVariables" (dict "environmentVariables" $envList) | nindent 10 }} - {{ if .Values.extraAppVolumeMounts }} volumes: + - name: configuration + configMap: + defaultMode: 0700 + name: "nginx-config" + - name: certs + secret: + secretName: {{ include "secretName" . }} {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} - name: extrappvolume-{{ $index }} hostPath: path: {{ $hostPathConfiguration.hostPath }} {{ end }} - {{ end }} diff --git a/test/collabora/1.0.0/templates/nginx-conf.yaml b/test/collabora/1.0.0/templates/nginx-conf.yaml index c5e3fe889c..ec616892eb 100644 --- a/test/collabora/1.0.0/templates/nginx-conf.yaml +++ b/test/collabora/1.0.0/templates/nginx-conf.yaml @@ -1,7 +1,4 @@ -{{- $serviceName := include "common.names.fullname" . -}} - {{- if hasKey .Values "nameSuffix" -}} - {{- $serviceName = (printf "%v-%v" $serviceName .Values.nameSuffix) -}} -{{- end -}} +{{- $serviceName := "localhost" -}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/test/collabora/1.0.0/templates/nginx-deployment.yaml b/test/collabora/1.0.0/templates/nginx-deployment.yaml deleted file mode 100644 index e50d23c086..0000000000 --- a/test/collabora/1.0.0/templates/nginx-deployment.yaml +++ /dev/null @@ -1,37 +0,0 @@ -{{ $values := (. | mustDeepCopy) }} -{{ $_ := set $values "common" (dict "nameSuffix" "nginx") }} -{{ include "common.deployment.common_config" $values | nindent 0 }} -spec: {{ include "common.deployment.common_spec" $values | nindent 2 }} - template: {{ include "common.deployment.pod.metadata" $values | nindent 4 }} - spec: - containers: - - name: {{ .Chart.Name }}-nginx - image: {{ printf "%s:%s" .Values.nginx.image.repository .Values.nginx.image.tag }} - imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} - volumeMounts: - - name: configuration - mountPath: /etc/nginx/nginx.conf - readOnly: true - subPath: config - - name: certs - mountPath: /etc/nginx/server.crt - subPath: certPublicKey - - name: certs - mountPath: /etc/nginx/server.key - subPath: certPrivateKey - - ports: - - name: http - containerPort: 80 - protocol: TCP - - name: https - containerPort: 443 - protocol: TCP - volumes: - - name: configuration - configMap: - defaultMode: 0700 - name: "nginx-config" - - name: certs - secret: - secretName: {{ include "secretName" . }} diff --git a/test/collabora/1.0.0/templates/nginx-service.yaml b/test/collabora/1.0.0/templates/nginx-service.yaml index f3b7cd7449..644ed5b3ad 100644 --- a/test/collabora/1.0.0/templates/nginx-service.yaml +++ b/test/collabora/1.0.0/templates/nginx-service.yaml @@ -1,7 +1,6 @@ {{ $port := .Values.nodePort }} {{ $ports := list }} -{{ $ports = mustAppend $ports (dict "name" "https" "port" $port "nodePort" $port "targetPort" "https") }} +{{ $ports = mustAppend $ports (dict "name" "https" "nodePort" $port "targetPort" 443 "port" 443) }} {{ $params := (. | mustDeepCopy) }} -{{ $_ := set $params "common" (dict "nameSuffix" "nginx") }} -{{ $_2 := set $params "commonService" (dict "ports" $ports "type" "NodePort" ) }} +{{ $_ := set $params "commonService" (dict "ports" $ports "type" "NodePort" ) }} {{ include "common.classes.service" $params }} diff --git a/test/collabora/1.0.0/templates/service.yaml b/test/collabora/1.0.0/templates/service.yaml deleted file mode 100644 index d14319a377..0000000000 --- a/test/collabora/1.0.0/templates/service.yaml +++ /dev/null @@ -1,6 +0,0 @@ -{{ $port := .Values.nodePort }} -{{ $ports := list }} -{{ $ports = mustAppend $ports (dict "name" "collabora" "port" 9980 "targetPort" "collabora") }} -{{ $params := . }} -{{ $_ := set $params "commonService" (dict "ports" $ports "type" "ClusterIP" ) }} -{{ include "common.classes.service" $params }} From ef767c024f795951b11ebfc121eb3dd7a54cd95e Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 19 Oct 2021 21:54:34 +0500 Subject: [PATCH 21/23] Correctly set server_name so that it doesn't include the node port --- test/collabora/1.0.0/questions.yaml | 2 +- test/collabora/1.0.0/templates/deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml index f02245d95a..6ce12c1e20 100644 --- a/test/collabora/1.0.0/questions.yaml +++ b/test/collabora/1.0.0/questions.yaml @@ -13,7 +13,7 @@ portals: protocols: - "https" host: - - "$variable-server_name" + - "$variable-config.server_name" ports: - "$variable-nodePort" path: "/loleaflet/dist/admin/admin.html" diff --git a/test/collabora/1.0.0/templates/deployment.yaml b/test/collabora/1.0.0/templates/deployment.yaml index 9bddbb8311..7afe9d74df 100644 --- a/test/collabora/1.0.0/templates/deployment.yaml +++ b/test/collabora/1.0.0/templates/deployment.yaml @@ -57,7 +57,7 @@ spec: {{ $envList = mustAppend $envList (dict "name" "cert_domain" "value" "192.168.0.3") }} {{ $envList = mustAppend $envList (dict "name" "extra_params" "value" $envConfig.extra_params) }} {{ $envList = mustAppend $envList (dict "name" "DONT_GEN_SSL_CERT" "value" $envConfig.DONT_GEN_SSL_CERT) }} - {{ $envList = mustAppend $envList (dict "name" "server_name" "value" $envConfig.server_name) }} + {{ $envList = mustAppend $envList (dict "name" "server_name" "value" (printf "%v:%v" $envConfig.server_name .Values.nodePort)) }} {{ $envList = mustAppend $envList (dict "name" "username" "valueFromSecret" true "secretName" $secretName "secretKey" "username") }} {{ $envList = mustAppend $envList (dict "name" "password" "valueFromSecret" true "secretName" $secretName "secretKey" "password") }} {{ include "common.containers.allEnvironmentVariables" (dict "environmentVariables" $envList) | nindent 10 }} From 85bc4ca8ada83b5a0c9dd89bc42f96b5595cc4c2 Mon Sep 17 00:00:00 2001 From: sonicaj Date: Tue, 19 Oct 2021 21:59:41 +0500 Subject: [PATCH 22/23] Cleanup unnecessary ssl configuration knobs for collabora --- test/collabora/1.0.0/questions.yaml | 22 ++----------------- .../collabora/1.0.0/templates/deployment.yaml | 3 +-- 2 files changed, 3 insertions(+), 22 deletions(-) diff --git a/test/collabora/1.0.0/questions.yaml b/test/collabora/1.0.0/questions.yaml index 6ce12c1e20..1d39680319 100644 --- a/test/collabora/1.0.0/questions.yaml +++ b/test/collabora/1.0.0/questions.yaml @@ -32,14 +32,6 @@ questions: type: string $ref: - "definitions/timezone" - - variable: domain - label: "Domain(s) using collabora" - description: 'Use backslash "\" before dots ".". Use pipe "|" to separate multiple domains' - schema: - type: string - default: 'nextcloud\.domain\.tld|othernextcloud\.domain\.tld' - # valid_chars: '^$|^([a-z]{1,}\\{1}\.{1}[a-z]{1,}\\{1}\.{1}[a-z]{1,}\|{0,1})*$' - required: false - variable: username label: "Username for WebUI" schema: @@ -65,23 +57,13 @@ questions: schema: type: string default: "--o:welcome.enable=false --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false --o:net.proto=IPv4 --o:net.post_allow.host[0]=.+ --o:storage.wopi.host[0]=.+" - - variable: DONT_GEN_SSL_CERT - label: "DONT_GEN_SSL_CERT" - description: "When set to true it does NOT generate an SSL cert, you have to use your own" - schema: - type: string - default: "true" - enum: - - value: "true" - description: "true" - - value: "" - description: "false" - variable: server_name label: "Server Name" description: "When this environment variable is set (is not “”), then its value will be used as server name in /etc/loolwsd/loolwsd.xml. Without this, CODE is not delivering a correct host for the websocket connection in case of a proxy in front of it." schema: type: string - default: '' + $ref: + - "definitions/nodeIP" - variable: certificate description: "Collabora Certificate" diff --git a/test/collabora/1.0.0/templates/deployment.yaml b/test/collabora/1.0.0/templates/deployment.yaml index 7afe9d74df..604687d2ee 100644 --- a/test/collabora/1.0.0/templates/deployment.yaml +++ b/test/collabora/1.0.0/templates/deployment.yaml @@ -54,9 +54,8 @@ spec: {{ $envList = mustAppend $envList (dict "name" "timezone" "value" $envConfig.timezone) }} {{ $envList = mustAppend $envList (dict "name" "domain" "value" $envConfig.domain) }} {{ $envList = mustAppend $envList (dict "name" "dictionaries" "value" $envConfig.dictionaries) }} - {{ $envList = mustAppend $envList (dict "name" "cert_domain" "value" "192.168.0.3") }} {{ $envList = mustAppend $envList (dict "name" "extra_params" "value" $envConfig.extra_params) }} - {{ $envList = mustAppend $envList (dict "name" "DONT_GEN_SSL_CERT" "value" $envConfig.DONT_GEN_SSL_CERT) }} + {{ $envList = mustAppend $envList (dict "name" "DONT_GEN_SSL_CERT" "value" "true") }} {{ $envList = mustAppend $envList (dict "name" "server_name" "value" (printf "%v:%v" $envConfig.server_name .Values.nodePort)) }} {{ $envList = mustAppend $envList (dict "name" "username" "valueFromSecret" true "secretName" $secretName "secretKey" "username") }} {{ $envList = mustAppend $envList (dict "name" "password" "valueFromSecret" true "secretName" $secretName "secretKey" "password") }} From b2dec75feb7eb0aad1841a36b041932e3c16160c Mon Sep 17 00:00:00 2001 From: sonicaj Date: Wed, 20 Oct 2021 03:05:25 +0500 Subject: [PATCH 23/23] Update stable train from test train --- charts/collabora/1.0.0/.helmignore | 23 ++ charts/collabora/1.0.0/Chart.yaml | 18 ++ charts/collabora/1.0.0/README.md | 8 + charts/collabora/1.0.0/app-readme.md | 9 + .../1.0.0/charts/common-2105.0.0.tgz | Bin 0 -> 4288 bytes charts/collabora/1.0.0/ix_values.yaml | 10 + charts/collabora/1.0.0/questions.yaml | 131 ++++++++++ charts/collabora/1.0.0/requirements.lock | 6 + charts/collabora/1.0.0/templates/_helpers.tpl | 40 +++ .../collabora/1.0.0/templates/deployment.yaml | 75 ++++++ .../collabora/1.0.0/templates/nginx-conf.yaml | 122 +++++++++ .../1.0.0/templates/nginx-service.yaml | 6 + charts/collabora/1.0.0/templates/secrets.yaml | 15 ++ charts/collabora/1.0.0/test_values.yaml | 231 ++++++++++++++++++ charts/collabora/item.yaml | 5 + 15 files changed, 699 insertions(+) create mode 100644 charts/collabora/1.0.0/.helmignore create mode 100644 charts/collabora/1.0.0/Chart.yaml create mode 100755 charts/collabora/1.0.0/README.md create mode 100644 charts/collabora/1.0.0/app-readme.md create mode 100644 charts/collabora/1.0.0/charts/common-2105.0.0.tgz create mode 100644 charts/collabora/1.0.0/ix_values.yaml create mode 100644 charts/collabora/1.0.0/questions.yaml create mode 100644 charts/collabora/1.0.0/requirements.lock create mode 100644 charts/collabora/1.0.0/templates/_helpers.tpl create mode 100644 charts/collabora/1.0.0/templates/deployment.yaml create mode 100644 charts/collabora/1.0.0/templates/nginx-conf.yaml create mode 100644 charts/collabora/1.0.0/templates/nginx-service.yaml create mode 100644 charts/collabora/1.0.0/templates/secrets.yaml create mode 100644 charts/collabora/1.0.0/test_values.yaml create mode 100644 charts/collabora/item.yaml diff --git a/charts/collabora/1.0.0/.helmignore b/charts/collabora/1.0.0/.helmignore new file mode 100644 index 0000000000..a9fe727881 --- /dev/null +++ b/charts/collabora/1.0.0/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# OWNERS file for Kubernetes +OWNERS \ No newline at end of file diff --git a/charts/collabora/1.0.0/Chart.yaml b/charts/collabora/1.0.0/Chart.yaml new file mode 100644 index 0000000000..f6fa2c3265 --- /dev/null +++ b/charts/collabora/1.0.0/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +appVersion: 6.4.10.10 +dependencies: +- name: common + repository: file://../../../library/common/2105.0.0 + version: 2105.0.0 +description: "Collabora Online Development Edition \u2013 an awesome, Online Office \ suite image suitable for home use." +home: https://github.com/CollaboraOnline/online +icon: https://avatars.githubusercontent.com/u/22418908?s=200&v=4 +keywords: +- office +- documents +- productivity +name: collabora +sources: +- https://github.com/CollaboraOnline/online.git +- https://hub.docker.com/r/collabora/code +version: 1.0.0 diff --git a/charts/collabora/1.0.0/README.md b/charts/collabora/1.0.0/README.md new file mode 100755 index 0000000000..a6ad088691 --- /dev/null +++ b/charts/collabora/1.0.0/README.md @@ -0,0 +1,8 @@ +Collabora Online Development Edition +===== + +Collabora Online Development Edition - An awesome, Online Office suite image suitable for home use! +Introduction +------------ + +This chart bootstraps Collabora deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. diff --git a/charts/collabora/1.0.0/app-readme.md b/charts/collabora/1.0.0/app-readme.md new file mode 100644 index 0000000000..2f0776c3c1 --- /dev/null +++ b/charts/collabora/1.0.0/app-readme.md @@ -0,0 +1,9 @@ +Collabora Online Development Edition +===== + +An awesome, Online Office suite image suitable for home use. +With the Collabora Online Development Edition (CODE) Docker Image you can host +your own online Office Suite at home! This Docker image is aimed at home users +and contains the latest and greatest developments. Simply integrate it in your +preferred File Sync and Share (FSS), to easily get your own online Office +Suite up and running! diff --git a/charts/collabora/1.0.0/charts/common-2105.0.0.tgz b/charts/collabora/1.0.0/charts/common-2105.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ef6f820efb63f7b71b04a313be6b82dee84585b7 GIT binary patch literal 4288 zcmV;x5I^r9iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$Z`-(*{j6VcR_)-%-HH5&lPm%Zu-PPcCTJ%Onr!bKEEWMR z(KZ{IR7uLIx0C(t7ko*SEI-mTZaXzUv=&7k9+Ky!a}Jr9O(u-CPsWJLXoe=~voBvd zolfVV-`D?lI-UCeonEK&tlRJGclrm1{ocW|PPf-T=stta6W}seav>3a)_L?;^~rrF z1!d$N=7KPK1k+xCvaEdU1_>51Cz;gG$B>c%M|=jcq81o34&_J%1CC9 z7745Pzkk@R@&7@;zvcgpluw`9FM|_J1Yma_?A8Y_+xPdur%$_(;31(HLPIQ3l|n+; zy}u7Ca-=l}iQmj5?WH2+_Zi2z3eS`1(TNC1LC zn&XTUYP3B{Q^(W52Jdk!1;{ayfH;PjVq&+%M&cEo6{Ccz$yGial8*)jfVm-l zfgQabLkNGG?*23ltFJAnsD#wA0~UhAfSktHvrJ>`x+qHt{!~kY@>D{&TCO$=)CxYn z>^A$&vAS&1|tnt%i7ECHbz zTjW{BxWow%>R4KT0fdV-w?=htS5AF3>q z|JHT#=m5Yf`M! ztotxBCgJ)%yV7+ZnT(a=B3}WtvpkD#^8w}*ODrP7+C{>F`V5}y(qNc2LYW|nMmX6W z%&M_Q=Lo6xH*)sMBLApWom+z4M*LO;Q(fevu`i)QA{sC2&&_l%N-(Nv5k86D+3*Se zC^@>SVQgAkZ;YFc_V}1?QA01=sR*=)Blt;#W%uY7&%7t?9)dE;Qv0>_Vk{}k46g+76();!Z1(M8GOi5N`^#fge=pm9tHovW_r54RFhOYAYg!FlnV@kO)$JF zq_^3tA;D>40(B{w5Q!6z4CI&y*cr_9KAv7&skVfUKx8;>MZx(HtWY;VVn!t*RM^Zu zT}LF`ku-$?hFmB-1t5*Q#dbMalo9vOAq}PA?fyGJ1r69H3*RrHkwPEXaA<`J*CxUe z$70zGkV+0x6~3BtG+nBS$r$Z?jU7(@8)A%r*KTGZxG=@d)MCkmxnww>i>#v$>% z7##es{uR?|N}6lnsQG4#cxy?^2XdLW#1`mokv_Pyj@8+E;M&)n3Kd64eJgxfXp*6{ zgU2!sKug=)2_TGW!-fd~+Ian@wRtUgmTuE(u4CanpIIc6Kr=f(9vG z?DQ>YB=Y*bv)w$|hUwJR>d*dClGVh%h{t$>)Ym*oki@U>tV|LsGQxalVLZn1t!uTNP>PcQLMlzjHRZ!ZFA4NpTT+2qWq3!z(;<*zI~5n?8otg7Z?>3!F`oTLI}U z9-10h0IEcw3Q(0>JX_R3>6W@@%;|)uS}Wb|GnZz*p>YT;2s<~0L>7|&;`sM+`WMYP z%#T|`r|;*NuMq=}4XpdE#){4eXzINX(^Y(58Klgy>@2s)R_=r10yx1_40^L6W^_nKIoH`;+9gpC#5%H913A$!HY;yA&X^#Q@mUC=M57SGEKk!* zmXf%zyEJx35PBys%6@Qvf8@Q8Xax87q3Ls3fT|qZC`b4%^V?SPKgWXQ{88rsSMmSe z{z3iwuY0)V|BaL?|NnaV-*Dn{|2q6W%JNE|rA+S|J@t-?fgHK%JboR}u!nYQC(Y*i z&K>8edzHT%mfUD*IH#g*we^#^T6u!mg1a(;S&NF2NUDLz`qGt9N2EKY%eiIiDCV95=M-jgBG`G`aSnj(_wunwU>KAx0s z7e~noN{SS)8ymrS0=Hn)cr#J70PAN)-Q-WuhT{O|6~-T%11 z_5W<9m^@p>_d3LmK=VBt!Y!Veta2-}mC#2z7m+ZE_-yg*kWI2?xwIPUyxyI9UZa&v zt@$^lpz@^Aga|?CNL4HNdLp$12*>fRyN?3?P#?$LNfSW}j8beI>lc{hLLO(CV(7}7 zXer-2G357f_49y+O<>0!K)n+c z8juY1dg)ohKoJC+k_0EqlWe~>VQMEk6jV>WkH#KZQ}8wprQGx;gx; zNm|_fIZ@bMA~`lM6s)4kT>w^~Bl1C6Zy(BjmAB3D)kU=pXD>7jjhQf*=!@mtiZ1?~ zTuf_X!?d-)jwvoIT|j1aTJqB{7m!~QMU@1#aN|u+#!d4{CTFLF!;9jlT{hF$RUW~o z%9Ww!7>L`Y;-*zYFOjQ1GsqOz;yJ3}_(M)OP9QAynKB6i%dpblzm~4JsI>Vu&qrnm zk&ljA>|Q=<95ihjBS8`goA+HC<;9exrwYc=FJNH#jrE#%6+XHJkrY)0;9|Mw=3tqH zThGI9cDet~*@XPlfC)>S8t(>Ne4c)d16IFcsqd7WT8!5VhdH!Snl^Fw7m?}~qvp)o zr9viJJD;|;2!#Z<%b_H*q@S@Ug*L6orl(jRQ}NJ6YS8-YFWT2Ohkm%S-2NvYEvG!` z{g3sToB|Kz#feUO2O$ zn%}1kB~SY~X_p9h^S{DyLFdxasQPmq z#!CL*+pququfxvv{+ErE=WvOn#GGnJpP>M_8)FKCoTLe%BgjyEi$+*P!E?}ufyqT9bo4WDoFYl4*vOHx9?>Lt4it|JKksB556MTIn7{P!Z>5!;wXqtuWqg+<2ZN@_O`NjCs&XVE`n%8WLy7h&<~=)|M9l|*Hw&1ZS{|P z6jRzR0S!=mn`ba2`nX>t?y}%zG(fk(%ScYtZ^p?ec=`Xqb9je1VYz_w(=!o78E5Zt zEQ5$77`07v&fW*nRKzU7?Qfj*b+P>a_U!od_p@k{JjEC*<3F7_{_kwh|7@l_hu8Lx z`kgHMqkgJRHwc24FaL4;_Tv2F*CV+8?feQ(emj194d+*I@#Y$SKRdp-hU+)*UuSTB zadmzC`t{iLeK?c#2b&0mXL?tz3tj^ajmsNy{k& iFxMjT=zEZJ+p;a&vMt+EE&mDt0RR8cdYzpBdH?`mlXJfS literal 0 HcmV?d00001 diff --git a/charts/collabora/1.0.0/ix_values.yaml b/charts/collabora/1.0.0/ix_values.yaml new file mode 100644 index 0000000000..4e07fa58fc --- /dev/null +++ b/charts/collabora/1.0.0/ix_values.yaml @@ -0,0 +1,10 @@ +image: + pullPolicy: IfNotPresent + repository: collabora/code + tag: 6.4.10.10 +nginx: + image: + pullPolicy: IfNotPresent + repository: nginx + tag: 1.21.3 +updateStrategy: Recreate diff --git a/charts/collabora/1.0.0/questions.yaml b/charts/collabora/1.0.0/questions.yaml new file mode 100644 index 0000000000..1d39680319 --- /dev/null +++ b/charts/collabora/1.0.0/questions.yaml @@ -0,0 +1,131 @@ +groups: + - name: "Collabora Configuration" + description: "Configure Collabora" + - name: "Collabora Environment Variables" + description: "Set the environment that will be visible to the container" + - name: "Networking" + description: "Configure Networking for Collabora" + - name: "Storage" + description: "Configure Storage for Collabora" + +portals: + web_portal: + protocols: + - "https" + host: + - "$variable-config.server_name" + ports: + - "$variable-nodePort" + path: "/loleaflet/dist/admin/admin.html" + +questions: + - variable: config + label: "Container Configuration" + group: "Collabora Configuration" + schema: + type: dict + attrs: + - variable: timezone + label: "Timezone" + group: "Collabora Configuration" + schema: + type: string + $ref: + - "definitions/timezone" + - variable: username + label: "Username for WebUI" + schema: + type: string + default: "admin" + required: true + - variable: password + label: "Password for WebUI" + schema: + type: string + private: true + default: "changeme" + valid_chars: "[a-zA-Z0-9!@#$%^&*?]{8,}" + required: true + - variable: dictionaries + label: "Dictionaries to use, leave empty to use all" + schema: + type: string + default: "de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru" + - variable: extra_params + label: "Extra Parameters to add" + description: 'e.g. "--o:welcome.enable=false", See more on /etc/loolwsd/loowsd.xml. Separate params with space' + schema: + type: string + default: "--o:welcome.enable=false --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false --o:net.proto=IPv4 --o:net.post_allow.host[0]=.+ --o:storage.wopi.host[0]=.+" + - variable: server_name + label: "Server Name" + description: "When this environment variable is set (is not “”), then its value will be used as server name in /etc/loolwsd/loolwsd.xml. Without this, CODE is not delivering a correct host for the websocket connection in case of a proxy in front of it." + schema: + type: string + $ref: + - "definitions/nodeIP" + + - variable: certificate + description: "Collabora Certificate" + label: "Certificate" + group: "Collabora Configuration" + schema: + type: int + $ref: + - "definitions/certificate" + "null": false + + - variable: extraAppVolumeMounts + label: "Collabora Extra Host Path Volumes" + group: "Storage" + schema: + type: list + items: + - variable: extraAppVolume + label: "Collabora Host Path Volume" + description: "Add an extra host path volume for Collabora application" + schema: + type: dict + attrs: + - variable: mountPath + label: "Mount Path in Pod" + description: "Path where the volume will be mounted inside the pod" + schema: + type: path + required: true + - variable: hostPath + label: "Host Path" + description: "Host path" + schema: + type: hostpath + required: true + + - variable: environmentVariables + label: "Environment Variables" + group: "Collabora Environment Variables" + schema: + type: list + default: [] + items: + - variable: environmentVariable + label: "Environment Variable" + schema: + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + - variable: value + label: "Value" + schema: + type: string + + - variable: nodePort + label: "Node Port to use for Collabora" + group: "Networking" + schema: + type: int + default: 9980 + min: 9000 + max: 65535 diff --git a/charts/collabora/1.0.0/requirements.lock b/charts/collabora/1.0.0/requirements.lock new file mode 100644 index 0000000000..eba13d88bf --- /dev/null +++ b/charts/collabora/1.0.0/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../library/common/2105.0.0 + version: 2105.0.0 +digest: sha256:11522ab36487826700d7ad0f86f713a4bb5d35248014bcef690fe94acbc09ef6 +generated: "2021-05-17T18:26:46.201544+05:00" diff --git a/charts/collabora/1.0.0/templates/_helpers.tpl b/charts/collabora/1.0.0/templates/_helpers.tpl new file mode 100644 index 0000000000..82b2687b17 --- /dev/null +++ b/charts/collabora/1.0.0/templates/_helpers.tpl @@ -0,0 +1,40 @@ +{{/* +Retrieve secret name for secure credentials +*/}} +{{- define "secretName" -}} +{{- print "credentials" -}} +{{- end -}} + + +{{/* +Retrieve true/false if certificate is configured +*/}} +{{- define "certAvailable" -}} +{{- if .Values.certificate -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}} +{{- template "common.resources.cert_present" $values -}} +{{- else -}} +{{- false -}} +{{- end -}} +{{- end -}} + + +{{/* +Retrieve public key of certificate +*/}} +{{- define "cert.publicKey" -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate "publicKey" true) -}} +{{ include "common.resources.cert" $values }} +{{- end -}} + + +{{/* +Retrieve private key of certificate +*/}} +{{- define "cert.privateKey" -}} +{{- $values := (. | mustDeepCopy) -}} +{{- $_ := set $values "commonCertOptions" (dict "certKeyName" $values.Values.certificate) -}} +{{ include "common.resources.cert" $values }} +{{- end -}} diff --git a/charts/collabora/1.0.0/templates/deployment.yaml b/charts/collabora/1.0.0/templates/deployment.yaml new file mode 100644 index 0000000000..604687d2ee --- /dev/null +++ b/charts/collabora/1.0.0/templates/deployment.yaml @@ -0,0 +1,75 @@ +apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "common.names.fullname" . }} + labels: {{ include "common.labels" . | nindent 4 }} +spec: + strategy: + type: {{ .Values.updateStrategy }} + selector: + matchLabels: {{ include "common.labels.selectorLabels" . | nindent 6 }} + template: + metadata: + name: {{ template "common.names.fullname" . }} + labels: {{ include "common.labels.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: {{ .Chart.Name }}-nginx + image: {{ printf "%s:%s" .Values.nginx.image.repository .Values.nginx.image.tag }} + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + volumeMounts: + - name: configuration + mountPath: /etc/nginx/nginx.conf + readOnly: true + subPath: config + - name: certs + mountPath: /etc/nginx/server.crt + subPath: certPublicKey + - name: certs + mountPath: /etc/nginx/server.key + subPath: certPrivateKey + ports: + - name: http + containerPort: 80 + protocol: TCP + - name: https + containerPort: 443 + protocol: TCP + - name: {{ .Chart.Name }} + {{ include "common.containers.imageConfig" .Values.image | nindent 10 }} + {{ if .Values.extraAppVolumeMounts }} + volumeMounts: + {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} + - name: extrappvolume-{{ $index }} + mountPath: {{ $hostPathConfiguration.mountPath }} + {{ end }} + {{ end }} + ports: + - name: collabora + protocol: TCP + containerPort: 9980 + {{ $envList := (default list .Values.environmentVariables) }} + {{ $secretName := (include "secretName" .) }} + {{ $envConfig := .Values.config }} + {{ $envList = mustAppend $envList (dict "name" "timezone" "value" $envConfig.timezone) }} + {{ $envList = mustAppend $envList (dict "name" "domain" "value" $envConfig.domain) }} + {{ $envList = mustAppend $envList (dict "name" "dictionaries" "value" $envConfig.dictionaries) }} + {{ $envList = mustAppend $envList (dict "name" "extra_params" "value" $envConfig.extra_params) }} + {{ $envList = mustAppend $envList (dict "name" "DONT_GEN_SSL_CERT" "value" "true") }} + {{ $envList = mustAppend $envList (dict "name" "server_name" "value" (printf "%v:%v" $envConfig.server_name .Values.nodePort)) }} + {{ $envList = mustAppend $envList (dict "name" "username" "valueFromSecret" true "secretName" $secretName "secretKey" "username") }} + {{ $envList = mustAppend $envList (dict "name" "password" "valueFromSecret" true "secretName" $secretName "secretKey" "password") }} + {{ include "common.containers.allEnvironmentVariables" (dict "environmentVariables" $envList) | nindent 10 }} + volumes: + - name: configuration + configMap: + defaultMode: 0700 + name: "nginx-config" + - name: certs + secret: + secretName: {{ include "secretName" . }} + {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} + - name: extrappvolume-{{ $index }} + hostPath: + path: {{ $hostPathConfiguration.hostPath }} + {{ end }} diff --git a/charts/collabora/1.0.0/templates/nginx-conf.yaml b/charts/collabora/1.0.0/templates/nginx-conf.yaml new file mode 100644 index 0000000000..ec616892eb --- /dev/null +++ b/charts/collabora/1.0.0/templates/nginx-conf.yaml @@ -0,0 +1,122 @@ +{{- $serviceName := "localhost" -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "nginx-config" + annotations: + rollme: {{ randAlphaNum 5 | quote }} +data: + config: |- + events { + worker_connections 1024; + } + + http { + include mime.types; + default_type application/octet-stream; + + # Types to enable gzip compression on + gzip_types + text/plain + text/css + text/js + text/xml + text/javascript + application/javascript + application/x-javascript + application/json + application/xml + application/rss+xml + image/svg+xml; + + sendfile on; + client_max_body_size 1000m; + + keepalive_timeout 65; + + # Disable tokens for security (#23684) + server_tokens off; + + gzip on; + client_body_temp_path /var/tmp/firmware; + + server { + server_name nginx; + listen 0.0.0.0:443 default_server ssl http2; + listen [::]:443 default_server ssl http2; + + ssl_certificate "/etc/nginx/server.crt"; + ssl_certificate_key "/etc/nginx/server.key"; + + ssl_session_timeout 120m; + ssl_session_cache shared:ssl:16m; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA:EDH+aRSA:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!SHA1:!SHA256:!SHA384; + add_header Strict-Transport-Security max-age=31536000; + + location = /robots.txt { + add_header Content-Type text/plain; + proxy_set_header Referer "http://nginx"; + return 200 "User-agent: *\nDisallow: /loleaflet/*\n"; + } + + # static files + location ^~ /loleaflet { + proxy_pass http://{{ $serviceName }}:9980; + proxy_set_header Host $host; + # proxy_set_header Referer "http://nginx"; + } + + # WOPI discovery URL + location ^~ /hosting/discovery { + set $upstream_collabora {{ $serviceName }}; + proxy_pass http://$upstream_collabora:9980; + proxy_set_header Host $http_host; + # proxy_set_header Referer "http://nginx"; + } + + # Capabilities + location ^~ /hosting/capabilities { + proxy_pass http://{{ $serviceName }}:9980; + proxy_set_header Host $host; + # proxy_set_header Referer "http://nginx"; + } + + # main websocket + location ~ ^/lool/(.*)/ws$ { + proxy_pass http://{{ $serviceName }}:9980; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + # proxy_set_header Referer "http://nginx"; + proxy_read_timeout 36000s; + } + + # download, presentation and image upload + location ~ ^/lool { + proxy_pass http://{{ $serviceName }}:9980; + proxy_set_header Host $host; + proxy_set_header Referer "http://nginx"; + } + + # Admin Console websocket + location ^~ /lool/adminws { + proxy_pass http://{{ $serviceName }}:9980; + proxy_set_header Host $host; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + # proxy_set_header Referer "http://nginx"; + proxy_read_timeout 36000s; + } + + } + server { + listen 0.0.0.0:80; + listen [::]:80; + server_name nginx; + return 307 https://$host:{{ .Values.nodePort }}}$request_uri; + } + + } diff --git a/charts/collabora/1.0.0/templates/nginx-service.yaml b/charts/collabora/1.0.0/templates/nginx-service.yaml new file mode 100644 index 0000000000..644ed5b3ad --- /dev/null +++ b/charts/collabora/1.0.0/templates/nginx-service.yaml @@ -0,0 +1,6 @@ +{{ $port := .Values.nodePort }} +{{ $ports := list }} +{{ $ports = mustAppend $ports (dict "name" "https" "nodePort" $port "targetPort" 443 "port" 443) }} +{{ $params := (. | mustDeepCopy) }} +{{ $_ := set $params "commonService" (dict "ports" $ports "type" "NodePort" ) }} +{{ include "common.classes.service" $params }} diff --git a/charts/collabora/1.0.0/templates/secrets.yaml b/charts/collabora/1.0.0/templates/secrets.yaml new file mode 100644 index 0000000000..4538aa5e8a --- /dev/null +++ b/charts/collabora/1.0.0/templates/secrets.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "secretName" . }} + labels: {{ include "common.labels" . | nindent 4 }} +type: Opaque +data: + username: {{ .Values.config.username | b64enc | quote }} + password: {{ .Values.config.password | b64enc | quote }} + {{ if eq (include "certAvailable" .) "true" }} + certPublicKey: {{ (include "cert.publicKey" .) | toString | b64enc | quote }} + certPrivateKey: {{ (include "cert.privateKey" .) | toString | b64enc | quote }} + {{ else }} + {{ fail "No certificate configured for Collabora" }} + {{ end }} diff --git a/charts/collabora/1.0.0/test_values.yaml b/charts/collabora/1.0.0/test_values.yaml new file mode 100644 index 0000000000..93506171df --- /dev/null +++ b/charts/collabora/1.0.0/test_values.yaml @@ -0,0 +1,231 @@ +certificate: 55 +config: + DONT_GEN_SSL_CERT: "true" + dictionaries: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru + domain: nextcloud\.domain\.tld|othernextcloud\.domain\.tld + extra_params: --o:welcome.enable=false --o:user_interface.mode=notebookbar --o:ssl.termination=true --o:ssl.enable=false --o:net.proto=IPv4 --o:net.post_allow.host[0]=.+ --o:storage.wopi.host[0]=.+ + password: changeme + server_name: ssh.sonicaj.com:49980 + timezone: Asia/Karachi + username: admin +environmentVariables: [] +extraAppVolumeMounts: [] +image: + pullPolicy: IfNotPresent + repository: collabora/code + tag: 6.4.10.10 +ixCertificateAuthorities: {} +ixCertificates: + "55": + CA_type_existing: false + CA_type_intermediate: false + CA_type_internal: false + CSR: null + DN: /CN=ad/C=US/ST=asdf/L=asdf/O=adsf/OU=asdf/emailAddress=a@a.com/subjectAltName=IP Address:192.168.0.3, IP Address:192.168.0.5, IP Address:192.168.0.182, IP Address:192.168.0.129, IP Address:192.168.0.146 + can_be_revoked: false + cert_type: CERTIFICATE + cert_type_CSR: false + cert_type_existing: true + cert_type_internal: false + certificate: |- + -----BEGIN CERTIFICATE----- + MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL + MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV + BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX + Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1 + P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW + 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H + PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t + AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3 + AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB + hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E + AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww + CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH + DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB + FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/ + BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD + KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR + h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx + fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj + x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz + MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB + -----END CERTIFICATE----- + + -----BEGIN CERTIFICATE----- + MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx + CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE + CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt + 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf + iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd + M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL + Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H + VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID + AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE + wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T + AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw + pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL + MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG + SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr + zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql + PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX + TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d + 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/ + +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w + M7Y3vwxshpo= + -----END CERTIFICATE----- + certificate_path: /etc/certificates/slog3.crt + chain: true + chain_list: + - |- + -----BEGIN CERTIFICATE----- + MIIEdjCCA16gAwIBAgIDYFMYMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMzU0WhcNMjMxMjAzMjMyMzU0WjBuMQswCQYDVQQDDAJhZDEL + MAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxDTALBgNVBAcMBGFzZGYxDTALBgNV + BAoMBGFkc2YxDTALBgNVBAsMBGFzZGYxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+1xOHRQyOnQTHFcrdasX + Zl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/AbkH7oVFWC1 + P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI4vQCdYgW + 2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2dNgsxKU0H + PGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB+Zie331t + AzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7A/FuDVg3 + AgMBAAGjggEdMIIBGTAnBgNVHREEIDAehwTAqAADhwTAqAAFhwTAqAC2hwTAqACB + hwTAqACSMB0GA1UdDgQWBBQ4G2ff4tgZl4vmo4xCfqmJhdqShzAMBgNVHRMBAf8E + AjAAMIGYBgNVHSMEgZAwgY2AFLlYf9L99nxJDcpCM/LT3V5hQ/a3oXCkbjBsMQww + CgYDVQQDDANhc2QxCzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQH + DAJhZjENMAsGA1UECgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkB + FgdhQGEuY29tggNgUxcwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDgYDVR0PAQH/ + BAQDAgWgMA0GCSqGSIb3DQEBCwUAA4IBAQA6FpOInEHB5iVk3FP67GybJ29vHZTD + KQHbQgmg8s4L7qIsA1HQ+DMCbdylpA11x+t/eL/n48BvGw2FNXpN6uykhLHJjbKR + h8yITa2KeD3LjLYhScwIigXmTVYSP3km6s8jRL6UKT9zttnIHyXVpBDya6Q4WTMx + fmfC6O7t1PjQ5ZyVtzizIUP8ah9n4TKdXU4A3QIM6WsJXpHb+vqp1WDWJ7mKFtgj + x5TKv3wcPnktx0zMPfLb5BTSE9rc9djcBG0eIAsPT4FgiatCUChe7VhuMnqskxEz + MymJLoq8+mzucRwFkOkR2EIt1x+Irl2mJVMeBow63rVZfUQBD8h++LqB + -----END CERTIFICATE----- + - |- + -----BEGIN CERTIFICATE----- + MIIEhDCCA2ygAwIBAgIDYFMXMA0GCSqGSIb3DQEBCwUAMGwxDDAKBgNVBAMMA2Fz + ZDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBGFzZGYxCzAJBgNVBAcMAmFmMQ0wCwYD + VQQKDARhc2RmMQwwCgYDVQQLDANhc2QxFjAUBgkqhkiG9w0BCQEWB2FAYS5jb20w + HhcNMjEwODMwMjMyMDQ1WhcNMzEwODI4MjMyMDQ1WjBsMQwwCgYDVQQDDANhc2Qx + CzAJBgNVBAYTAlVTMQ0wCwYDVQQIDARhc2RmMQswCQYDVQQHDAJhZjENMAsGA1UE + CgwEYXNkZjEMMAoGA1UECwwDYXNkMRYwFAYJKoZIhvcNAQkBFgdhQGEuY29tMIIB + IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq//c0hEEr83CS1pMgsHX50jt + 2MqIbcf63UUNJTiYpUUvUQSFJFc7m/dr+RTZvu97eDCnD5K2qkHHvTPaPZwY+Djf + iy7N641Sz6u/y3Yo3xxs1Aermsfedh48vusJpjbkT2XS44VjbkrpKcWDNVpp3Evd + M7oJotXeUsZ+imiyVCfr4YhoY5gbGh/r+KN9Wf9YKoUyfLLZGwdZkhtX2zIbidsL + Thqi9YTaUHttGinjiBBum234u/CfvKXsfG3yP2gvBGnlvZnM9ktv+lVffYNqlf7H + VmB1bKKk84HtzuW5X76SGAgOG8eHX4x5ZLI1WQUuoQOVRl1I0UCjBtbz8XhwvQID + AQABo4IBLTCCASkwLQYDVR0RBCYwJIcEwKgABYcEwKgAA4cEwKgAkocEwKgAtYcE + wKgAgYcEwKgAtjAdBgNVHQ4EFgQUuVh/0v32fEkNykIz8tPdXmFD9rcwDwYDVR0T + AQH/BAUwAwEB/zCBmAYDVR0jBIGQMIGNgBS5WH/S/fZ8SQ3KQjPy091eYUP2t6Fw + pG4wbDEMMAoGA1UEAwwDYXNkMQswCQYDVQQGEwJVUzENMAsGA1UECAwEYXNkZjEL + MAkGA1UEBwwCYWYxDTALBgNVBAoMBGFzZGYxDDAKBgNVBAsMA2FzZDEWMBQGCSqG + SIb3DQEJARYHYUBhLmNvbYIDYFMXMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF + BQcDAjAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAKEocOmVuWlr + zegtKYMe8NhHIkFY9oVn5ym6RHNOJpPH4QF8XYC3Z5+iC5yGh4P/jVe/4I4SF6Ql + PtofU0jNq5vzapt/y+m008eXqPQFmoUOvu+JavoRVcRx2LIP5AgBA1mF56CSREsX + TkuJAA9IUQ8EjnmAoAeKINuPaKxGDuU8BGCMqr/qd564MKNf9XYL+Fb2rlkA0O2d + 2No34DQLgqSmST/LAvPM7Cbp6knYgnKmGr1nETCXasg1cueHLnWWTvps2HiPp2D/ + +Fq0uqcZLu4Mdo0CPs4e5sHRyldEnRSKh0DVLprq9zr/GMipmPLJUsT5Jed3sj0w + M7Y3vwxshpo= + -----END CERTIFICATE----- + city: asdf + common: ad + country: US + csr_path: /etc/certificates/slog3.csr + digest_algorithm: SHA256 + email: a@a.com + extensions: + AuthorityKeyIdentifier: | + keyid:B9:58:7F:D2:FD:F6:7C:49:0D:CA:42:33:F2:D3:DD:5E:61:43:F6:B7 + DirName:/CN=asd/C=US/ST=asdf/L=af/O=asdf/OU=asd/emailAddress=a@a.com + serial:60:53:17 + BasicConstraints: CA:FALSE + ExtendedKeyUsage: TLS Web Server Authentication + KeyUsage: Digital Signature, Key Encipherment + SubjectAltName: IP Address:192.168.0.3, IP Address:192.168.0.5, IP Address:192.168.0.182, IP Address:192.168.0.129, IP Address:192.168.0.146 + SubjectKeyIdentifier: 38:1B:67:DF:E2:D8:19:97:8B:E6:A3:8C:42:7E:A9:89:85:DA:92:87 + fingerprint: 59:7A:49:6D:04:CE:70:E5:AF:9A:FB:75:3C:26:58:7D:B7:8E:A6:9D + from: Tue Aug 31 04:23:54 2021 + id: 55 + internal: "NO" + issuer: external + key_length: 2048 + key_type: RSA + lifetime: 825 + name: slog3 + organization: adsf + organizational_unit: asdf + parsed: true + privatekey: |- + -----BEGIN PRIVATE KEY----- + MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC7+1xOHRQyOnQT + HFcrdasXZl0gzutVlA890a1wiQpdD5dOtCLo7+eqVYjqVKo9W8RUIArXWmBu/Abk + H7oVFWC1P973W1+ArF5sA70f7BZgqRKJTIisuIFIlRETgfnP2pfQmHRZtGaIJRZI + 4vQCdYgW2g0KOvvNcZJCVq1OrhKiNiY1bWCp66DGg0ic6OEkZFHTm745zUNQaf2d + NgsxKU0HPGjVLJI//yrRFAOSBUqgD4c50krnMF7fU/Fqh+UyOu8t6Y/HsySh3urB + +Zie331tAzV6QV39KKxRflNx/yuWrtIEslGTm+xHKoCYJEk/nZ3mX8Y5hG6wWAb7 + A/FuDVg3AgMBAAECggEAapt30rj9DitGTtxAt13pJMEhyYxvvD3WkvmJwguF/Bbu + eW0Ba1c668fMeRCA54FWi1sMqusPS4HUqqUvk+tmyAOsAF4qgD/A4MMSC7uJSVI5 + N/JWhJWyhCY94/FPakiO1nbPbVw41bcqtzU2qvparpME2CtxSCbDiqm7aaag3Kqe + EF0fGSUdZ+TYl9JM05+eIyiX+UY19Fg0OjTHMn8nGpxcNTfDBdQ68TKvdo/dtIKL + PLKzJUNNdM8odC4CvQtfGMqaslwZwXkiOl5VJcW21ncj/Y0ngEMKeD/i65ZoqGdR + 0FKCQYEAGtM2FvJcZQ92Wsw7yj2bK2MSegVUyLK32QKBgQDe8syVCepPzRsfjfxA + 6TZlWcGuTZLhwIx97Ktw3VcQ1f4rLoEYlv0xC2VWBORpzIsJo4I/OLmgp8a+Ga8z + FkVRnq90dV3t4NP9uJlHgcODHnOardC2UUka4olBSCG6zmK4Jxi34lOxhGRkshOo + L4IBeOIB5g+ZrEEXkzfYJHESRQKBgQDX2YhFhGIrT8BAnC5BbXbhm8h6Bhjz8DYL + d+qhVJjef7L/aJxViU0hX9Ba2O8CLK3FZeREFE3hJPiJ4TZSlN4evxs5p+bbNDcA + 0mhRI/o3X4ac6IxdRebyYnCOB/Cu94/MzppcZcotlCekKNike7eorCcX4Qavm7Pu + MUuQ+ifmSwKBgEnchoqZzlbBzMqXb4rRuIO7SL9GU/MWp3TQg7vQmJerTZlgvsQ2 + wYsOC3SECmhCq4117iCj2luvOdihCboTFsQDnn0mpQe6BIF6Ns3J38wAuqv0CcFd + DKsrge1uyD3rQilgSoAhKzkUc24o0PpXQurZ8YZPgbuXpbj5vPaOnCdBAoGACYc7 + wb3XS4wos3FxhUfcwJbM4b4VKeeHqzfu7pI6cU/3ydiHVitKcVe2bdw3qMPqI9Wc + nvi6e17Tbdq4OCsEJx1OiVwFD9YdO3cOTc6lw/3+hjypvZBRYo+/4jUthbu96E+S + dtOzehGZMmDvN0uSzupSi3ZOgkAAUFpyuIKickMCgYAId0PCRjonO2thn/R0rZ7P + //L852uyzYhXKw5/fjFGhQ6LbaLgIRFaCZ0L2809u0HFnNvJjHv4AKP6j+vFQYYY + qQ+66XnfsA9G/bu4MDS9AX83iahD9IdLXQAy8I19prAbpVumKegPbMnNYNB/TYEc + 3G15AKCXo7jjOUtHY01DCQ== + -----END PRIVATE KEY----- + privatekey_path: /etc/certificates/slog3.key + revoked: false + revoked_date: null + root_path: /etc/certificates + san: + - IP Address:192.168.0.3 + - IP Address:192.168.0.5 + - IP Address:192.168.0.182 + - IP Address:192.168.0.129 + - IP Address:192.168.0.146 + serial: 6312728 + signedby: null + state: asdf + subject_name_hash: 1673640987 + type: 8 + until: Mon Dec 4 04:23:54 2023 +ixChartContext: + isInstall: false + isUpdate: true + isUpgrade: false + operation: UPDATE + storageClassName: ix-storage-class-col + upgradeMetadata: {} +ixExternalInterfacesConfiguration: [] +ixExternalInterfacesConfigurationNames: [] +ixVolumes: [] +nginx: + image: + pullPolicy: IfNotPresent + repository: nginx + tag: 1.21.3 +nodePort: 31980 diff --git a/charts/collabora/item.yaml b/charts/collabora/item.yaml new file mode 100644 index 0000000000..1e6ded9124 --- /dev/null +++ b/charts/collabora/item.yaml @@ -0,0 +1,5 @@ +categories: + - office + - documents + - productivity +icon_url: https://avatars.githubusercontent.com/u/22418908?s=200&v=4