From 5c854bc2ac38ee2326039f96576ae5b050d3ce16 Mon Sep 17 00:00:00 2001 From: DanielY <55952458+case0sh@users.noreply.github.com> Date: Mon, 18 Sep 2023 15:26:50 +0200 Subject: [PATCH] add webfinger (#396) * add webfinger --- charts/ocis/docs/values-desc-table.adoc | 48 +++++++++++++ charts/ocis/docs/values.adoc.yaml | 20 +++++- charts/ocis/templates/_common/_tplvalues.tpl | 1 + .../ocis/templates/webfinger/deployment.yaml | 72 +++++++++++++++++++ charts/ocis/templates/webfinger/hpa.yaml | 3 + charts/ocis/templates/webfinger/pdb.yaml | 2 + charts/ocis/templates/webfinger/service.yaml | 20 ++++++ charts/ocis/values.yaml | 20 +++++- 8 files changed, 184 insertions(+), 2 deletions(-) create mode 100644 charts/ocis/templates/webfinger/deployment.yaml create mode 100644 charts/ocis/templates/webfinger/hpa.yaml create mode 100644 charts/ocis/templates/webfinger/pdb.yaml create mode 100644 charts/ocis/templates/webfinger/service.yaml diff --git a/charts/ocis/docs/values-desc-table.adoc b/charts/ocis/docs/values-desc-table.adoc index 49b04bdd0..9765c6a9b 100644 --- a/charts/ocis/docs/values-desc-table.adoc +++ b/charts/ocis/docs/values-desc-table.adoc @@ -3462,6 +3462,54 @@ a| [subs=-attributes] a| [subs=-attributes] `{}` | Per-service resources configuration. Overrides the default setting from `resources` if set. +| services.webfinger +a| [subs=-attributes] ++object+ +a| [subs=-attributes] +see detailed service configuration options below +| WEBFINGER service. +| services.webfinger.affinity +a| [subs=-attributes] ++object+ +a| [subs=-attributes] +`{}` +| Affinity settings for the webfinger service. See the documentation of this setting in approvider for examples. +| services.webfinger.autoscaling +a| [subs=-attributes] ++object+ +a| [subs=-attributes] +`{}` +| Per-service autoscaling. Overrides the default setting from `autoscaling` if set. +| services.webfinger.extraLabels +a| [subs=-attributes] ++object+ +a| [subs=-attributes] +`{}` +| Per-service custom labels +| services.webfinger.nodeSelector +a| [subs=-attributes] ++object+ +a| [subs=-attributes] +`{}` +| Per-service nodeSelector configuration. Overrides the default setting from `nodeSelector` if set. +| services.webfinger.podDisruptionBudget +a| [subs=-attributes] ++object+ +a| [subs=-attributes] +`{}` +| Per-service PodDisruptionBudget. Overrides the default setting from `podDisruptionBudget` if set. +| services.webfinger.priorityClassName +a| [subs=-attributes] ++string+ +a| [subs=-attributes] +`""` +| Per-service priorityClassName configuration. Overrides the default setting from `priorityClassName` if set. +| services.webfinger.resources +a| [subs=-attributes] ++object+ +a| [subs=-attributes] +`{}` +| Per-service resources configuration. Overrides the default setting from `resources` if set. | store.nodes a| [subs=-attributes] +list+ diff --git a/charts/ocis/docs/values.adoc.yaml b/charts/ocis/docs/values.adoc.yaml index 6b19aefbf..8f9dc9ae8 100644 --- a/charts/ocis/docs/values.adoc.yaml +++ b/charts/ocis/docs/values.adoc.yaml @@ -137,7 +137,7 @@ messagingSystem: # -- For self signed certificates, consider to put the CA cert of the messaging system secure server into the secret referenced by "messagingSystemCaRef" # Not recommended for production installations. insecure: false - + # provide custom hostnames to every oCIS pods hostAliases: [] # - ip: "192.168.49.2" @@ -1783,6 +1783,24 @@ services: # -- Per-service custom labels extraLabels: {} + # -- WEBFINGER service. + # @default -- see detailed service configuration options below + webfinger: + # -- Per-service resources configuration. Overrides the default setting from `resources` if set. + resources: {} + # -- Per-service nodeSelector configuration. Overrides the default setting from `nodeSelector` if set. + nodeSelector: {} + # -- Per-service priorityClassName configuration. Overrides the default setting from `priorityClassName` if set. + priorityClassName: "" + # -- Per-service PodDisruptionBudget. Overrides the default setting from `podDisruptionBudget` if set. + podDisruptionBudget: {} + # -- Per-service autoscaling. Overrides the default setting from `autoscaling` if set. + autoscaling: {} + # -- Affinity settings for the webfinger service. See the documentation of this setting in approvider for examples. + affinity: {} + # -- Per-service custom labels + extraLabels: {} + # -- Service monitoring configuration. Requires the monitoring.coreos.com/v1 CRDs to be installed. monitoring: # -- Enable service monitoring. diff --git a/charts/ocis/templates/_common/_tplvalues.tpl b/charts/ocis/templates/_common/_tplvalues.tpl index b9ace31c0..08b8665a0 100644 --- a/charts/ocis/templates/_common/_tplvalues.tpl +++ b/charts/ocis/templates/_common/_tplvalues.tpl @@ -66,6 +66,7 @@ Adds the app names to the scope and set the name of the app based on the input p {{- $_ := set .scope "appNameUsers" "users" -}} {{- $_ := set .scope "appNameWeb" "web" -}} {{- $_ := set .scope "appNameWebdav" "webdav" -}} + {{- $_ := set .scope "appNameWebfinger" "webfinger" -}} {{- if .appNameSuffix -}} {{- $_ := set .scope "appName" (print (index .scope .appName) "-" .appNameSuffix) -}} diff --git a/charts/ocis/templates/webfinger/deployment.yaml b/charts/ocis/templates/webfinger/deployment.yaml new file mode 100644 index 000000000..545ce670a --- /dev/null +++ b/charts/ocis/templates/webfinger/deployment.yaml @@ -0,0 +1,72 @@ +{{- include "ocis.basicServiceTemplates" (dict "scope" . "appName" "appNameWebfinger" "appNameSuffix" "") -}} +apiVersion: apps/v1 +kind: Deployment +{{ include "ocis.metadata" . }} +spec: + {{- include "ocis.selector" . | nindent 2 }} + {{- if and (not .Values.autoscaling.enabled) (.Values.replicas) }} + replicas: {{ .Values.replicas }} + {{- end }} + {{- include "ocis.deploymentStrategy" . | nindent 2 }} + template: + {{- include "ocis.templateMetadata" (dict "scope" $ "configCheck" false) | nindent 4 }} + spec: + {{- include "ocis.serviceAccount" . | nindent 6 }} + {{- include "ocis.affinity" .Values.services.webfinger | nindent 6 }} + {{- include "ocis.securityContextAndtopologySpreadConstraints" . | nindent 6 }} + {{- include "ocis.priorityClassName" $.priorityClassName | nindent 6 }} + {{- include "ocis.hostAliases" $ | nindent 6 }} + nodeSelector: {{ toYaml $.nodeSelector | nindent 8 }} + containers: + - name: {{ .appName }} + {{- include "ocis.image" $ | nindent 10 }} + command: ["ocis"] + args: ["webfinger", "server"] + {{- include "ocis.containerSecurityContext" . | nindent 10 }} + env: + {{- include "ocis.serviceRegistry" . | nindent 12 }} + + - name: WEBFINGER_LOG_COLOR + value: {{ .Values.logging.color | quote }} + - name: WEBFINGER_LOG_LEVEL + value: {{ .Values.logging.level | quote }} + - name: WEBFINGER_LOG_PRETTY + value: {{ .Values.logging.pretty | quote }} + - name: WEBFINGER_TRACING_ENABLED + value: "{{ .Values.tracing.enabled }}" + - name: WEBFINGER_TRACING_TYPE + value: {{ .Values.tracing.type | quote }} + - name: WEBFINGER_TRACING_ENDPOINT + value: {{ .Values.tracing.endpoint | quote }} + - name: WEBFINGER_TRACING_COLLECTOR + value: {{ .Values.tracing.collector | quote }} + - name: WEBFINGER_DEBUG_PPROF + value: "{{ .Values.debug.enabled }}" + - name: WEBFINGER_DEBUG_ZPAGES + value: "{{ .Values.debug.enabled }}" + - name: WEBFINGER_HTTP_ADDR + value: 0.0.0.0:8080 + - name: WEBFINGER_DEBUG_ADDR + value: 0.0.0.0:8081 + {{- include "ocis.cors" . |nindent 12 }} + - name: WEBFINGER_OIDC_ISSUER + {{- if not .Values.features.externalUserManagement.enabled }} + value: "https://{{ .Values.externalDomain }}" + {{- else }} + value: {{ .Values.features.externalUserManagement.oidc.issuerURI | quote }} + {{- end }} + - name: WEBFINGER_OWNCLOUD_SERVER_INSTANCE_URL + value: "https://{{ .Values.externalDomain }}" + - name: WEBFINGER_INSECURE + value: "{{ .Values.insecure.oidcIdpInsecure }}" + + {{- include "ocis.livenessProbe" . | nindent 10 }} + + resources: {{ toYaml .resources | nindent 12 }} + + ports: + - name: http + containerPort: 8080 + - name: metrics-debug + containerPort: 8081 + {{- include "ocis.imagePullSecrets" $ | nindent 6 }} diff --git a/charts/ocis/templates/webfinger/hpa.yaml b/charts/ocis/templates/webfinger/hpa.yaml new file mode 100644 index 000000000..9c056fcf5 --- /dev/null +++ b/charts/ocis/templates/webfinger/hpa.yaml @@ -0,0 +1,3 @@ +{{- include "ocis.basicServiceTemplates" (dict "scope" . "appName" "appNameWebfinger" "appNameSuffix" "") -}} +{{- $_ := set . "autoscaling" (default (default (dict) .Values.autoscaling) .Values.services.gateway.autoscaling) -}} +{{ include "ocis.hpa" . }} diff --git a/charts/ocis/templates/webfinger/pdb.yaml b/charts/ocis/templates/webfinger/pdb.yaml new file mode 100644 index 000000000..a4fff0023 --- /dev/null +++ b/charts/ocis/templates/webfinger/pdb.yaml @@ -0,0 +1,2 @@ +{{- include "ocis.basicServiceTemplates" (dict "scope" . "appName" "appNameWebfinger" "appNameSuffix" "") -}} +{{ include "ocis.pdb" . }} diff --git a/charts/ocis/templates/webfinger/service.yaml b/charts/ocis/templates/webfinger/service.yaml new file mode 100644 index 000000000..3725b3b6f --- /dev/null +++ b/charts/ocis/templates/webfinger/service.yaml @@ -0,0 +1,20 @@ +{{- include "ocis.basicServiceTemplates" (dict "scope" . "appName" "appNameWebfinger" "appNameSuffix" "") -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ .appName }} + namespace: {{ template "ocis.namespace" . }} + labels: + app: {{ .appName }} + ocis-metrics: enabled + {{- include "ocis.labels" . | nindent 4 }} +spec: + selector: + app: {{ .appName }} + ports: + - name: http + port: 8080 + protocol: TCP + - name: metrics-debug + port: 8081 + protocol: TCP diff --git a/charts/ocis/values.yaml b/charts/ocis/values.yaml index 12d93c9f2..537f1b518 100644 --- a/charts/ocis/values.yaml +++ b/charts/ocis/values.yaml @@ -136,7 +136,7 @@ messagingSystem: # -- For self signed certificates, consider to put the CA cert of the messaging system secure server into the secret referenced by "messagingSystemCaRef" # Not recommended for production installations. insecure: false - + # provide custom hostnames to every oCIS pods hostAliases: [] # - ip: "192.168.49.2" @@ -1782,6 +1782,24 @@ services: # -- Per-service custom labels extraLabels: {} + # -- WEBFINGER service. + # @default -- see detailed service configuration options below + webfinger: + # -- Per-service resources configuration. Overrides the default setting from `resources` if set. + resources: {} + # -- Per-service nodeSelector configuration. Overrides the default setting from `nodeSelector` if set. + nodeSelector: {} + # -- Per-service priorityClassName configuration. Overrides the default setting from `priorityClassName` if set. + priorityClassName: "" + # -- Per-service PodDisruptionBudget. Overrides the default setting from `podDisruptionBudget` if set. + podDisruptionBudget: {} + # -- Per-service autoscaling. Overrides the default setting from `autoscaling` if set. + autoscaling: {} + # -- Affinity settings for the webfinger service. See the documentation of this setting in approvider for examples. + affinity: {} + # -- Per-service custom labels + extraLabels: {} + # -- Service monitoring configuration. Requires the monitoring.coreos.com/v1 CRDs to be installed. monitoring: # -- Enable service monitoring.