Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add OCM support #701

Merged
merged 34 commits into from
Nov 8, 2024
Merged

Add OCM support #701

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
dc67dde
- added first version of OCM support
d7oc Aug 29, 2024
2024966
- added docs
d7oc Aug 29, 2024
c3826d6
- removed scalability as this is not supported by OCM
d7oc Sep 5, 2024
5fb861d
- updated documentation
d7oc Sep 12, 2024
57c04d7
- added insecure switch
d7oc Sep 12, 2024
8165604
- added OCM_GRPC_ADDR
d7oc Sep 13, 2024
ccd30a8
- added OCIS_URL
d7oc Oct 1, 2024
bafc443
- added doc
d7oc Oct 9, 2024
470a949
- removed ingress and leave it to default
d7oc Oct 14, 2024
c423a8b
- removed outdated comment line
d7oc Oct 14, 2024
fcd104d
- changed multi-line string config for providers to configRef
d7oc Oct 14, 2024
a821774
- removed `podDisruptionBudget` and `autoscaling` from ocm
d7oc Oct 14, 2024
2e25e17
- updated docs
d7oc Oct 14, 2024
463ebf8
- add `$ocmInsecure` to `or`
d7oc Oct 14, 2024
6fe1c59
- added ocm persistence check for NOTES.txt
d7oc Oct 14, 2024
f5cf3cd
- added grpc post to deployment and service
d7oc Oct 14, 2024
cb8ef6a
comment OCIS_URL usage in ocm service
wkloucek Oct 18, 2024
0cb0649
expose more ocm settings
wkloucek Oct 18, 2024
26f1ef2
Merge branch 'main' into ocm_support
wkloucek Oct 18, 2024
0f01221
add option for ocm hostname validation
wkloucek Oct 18, 2024
19593f8
hardcode OCM rollout strategy to Recreate
wkloucek Oct 21, 2024
7fc7b2e
fix deployment example configuration
wkloucek Oct 21, 2024
d565c1e
deduplicate ocm providers
wkloucek Oct 21, 2024
99be13e
deduplicate deployment example configuration even more
wkloucek Oct 21, 2024
7f2ba60
add inbucket mail catcher to ocm deploymente example to be able to lo…
wkloucek Oct 21, 2024
fb4b91b
add ocm persistence in deployment example
wkloucek Oct 21, 2024
48308b3
increase ocm volume size and remove reference to scaling OCM to multi…
wkloucek Oct 21, 2024
47cbe8b
actually show warning if ocm is unpersisted
wkloucek Oct 21, 2024
fc98eb1
don't render ocm pvc when ocm is not enabled
wkloucek Oct 21, 2024
af3a3e9
add ocm and other missing service to linting and ci deployment values
wkloucek Oct 21, 2024
60d5389
removed OCM_OCM_PROVIDER_AUTHORIZER_VERIFY_REQUEST_HOSTNAME and confi…
wkloucek Oct 31, 2024
6889021
Merge branch 'main' into ocm_support
wkloucek Oct 31, 2024
462b9c9
fix ocm dataserver url
wkloucek Oct 31, 2024
c0de691
enable admin settings in ocm deployment example
wkloucek Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
156 changes: 156 additions & 0 deletions charts/ocis/docs/values-desc-table.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -756,6 +756,18 @@ a| [subs=-attributes]
a| [subs=-attributes]
`"en"`
| The default language. If not defined, English will be used as default. See the documentation for more details.
| features.ocm.enabled
a| [subs=-attributes]
+bool+
a| [subs=-attributes]
`false`
| Enables OCM service
| features.ocm.providers
a| [subs=-attributes]
+string+
a| [subs=-attributes]
`"[\n {\n \"name\": \"oCIS Test\",\n \"full_name\": \"oCIS Test provider\",\n \"organization\": \"oCIS\",\n \"domain\": \"cloud.ocis.test\",\n \"homepage\": \"https://ocis.test\",\n \"description\": \"oCIS Example cloud storage\",\n \"services\": [\n {\n \"endpoint\": {\n \"type\": {\n \"name\": \"OCM\",\n \"description\": \"cloud.ocis.test Open Cloud Mesh API\"\n },\n \"name\": \"cloud.ocis.test - OCM API\",\n \"path\": \"https://cloud.ocis.test/ocm/\",\n \"is_monitored\": true\n },\n \"api_version\": \"0.0.1\",\n \"host\": \"http://cloud.ocis.test\"\n },\n {\n \"endpoint\": {\n \"type\": {\n \"name\": \"Webdav\",\n \"description\": \"cloud.ocis.test Webdav API\"\n },\n \"name\": \"cloud.ocis.test Example - Webdav API\",\n \"path\": \"https://cloud.ocis.test/dav/\",\n \"is_monitored\": true\n },\n \"api_version\": \"0.0.1\",\n \"host\": \"https://cloud.ocis.test/\"\n }\n ]\n },\n {\n \"name\": \"ownCloud Test\",\n \"full_name\": \"ownCloud Test provider\",\n \"organization\": \"ownCloud\",\n \"domain\": \"cloud.owncloud.test\",\n \"homepage\": \"https://owncloud.test\",\n \"description\": \"ownCloud Example cloud storage\",\n \"services\": [\n {\n \"endpoint\": {\n \"type\": {\n \"name\": \"OCM\",\n \"description\": \"cloud.owncloud.test Open Cloud Mesh API\"\n },\n \"name\": \"cloud.owncloud.test - OCM API\",\n \"path\": \"https://cloud.owncloud.test/ocm/\",\n \"is_monitored\": true\n },\n \"api_version\": \"0.0.1\",\n \"host\": \"http://cloud.owncloud.test\"\n },\n {\n \"endpoint\": {\n \"type\": {\n \"name\": \"Webdav\",\n \"description\": \"cloud.owncloud.test Webdav API\"\n },\n \"name\": \"cloud.owncloud.test Example - Webdav API\",\n \"path\": \"https://cloud.owncloud.test/dav/\",\n \"is_monitored\": true\n },\n \"api_version\": \"0.0.1\",\n \"host\": \"https://cloud.owncloud.test/\"\n }\n ]\n }\n]"`
|
| features.policies.enabled
a| [subs=-attributes]
+bool+
Expand Down Expand Up @@ -1086,6 +1098,12 @@ a| [subs=-attributes]
a| [subs=-attributes]
`false`
| Disables SSL certificate checking for connections to the oCIS http apis. Not recommended for production installations.
| insecure.ocmInsecure
wkloucek marked this conversation as resolved.
Show resolved Hide resolved
a| [subs=-attributes]
+bool+
a| [subs=-attributes]
`false`
| Disables SSL certificate checking for connections to all OCM instances Not recommended for production installations.
| insecure.oidcIdpInsecure
a| [subs=-attributes]
+bool+
Expand Down Expand Up @@ -2778,6 +2796,144 @@ a| [subs=-attributes]
a| [subs=-attributes]
`{}`
| Per-service resources configuration. Overrides the default setting from `resources` if set.
| services.ocm
a| [subs=-attributes]
+object+
a| [subs=-attributes]
see detailed service configuration options below
| OCM service.
| services.ocm.affinity
a| [subs=-attributes]
+object+
a| [subs=-attributes]
`{}`
| Affinity settings for the ocs service. See the documentation of this setting in approvider for examples.
| services.ocm.autoscaling
a| [subs=-attributes]
+object+
a| [subs=-attributes]
`{}`
| Per-service autoscaling. Overrides the default setting from `autoscaling` if set.
| services.ocm.extraLabels
a| [subs=-attributes]
+object+
a| [subs=-attributes]
`{}`
| Per-service custom labels
| services.ocm.image.pullPolicy
a| [subs=-attributes]
+string+
a| [subs=-attributes]
`nil`
| Image pull policy
| services.ocm.image.repository
a| [subs=-attributes]
+string+
a| [subs=-attributes]
`""`
| Image repository
| services.ocm.image.sha
a| [subs=-attributes]
+string+
a| [subs=-attributes]
`""`
| Image sha / digest (optional).
| services.ocm.image.tag
a| [subs=-attributes]
+string+
a| [subs=-attributes]
`""`
| Image tag.
| services.ocm.nodeSelector
a| [subs=-attributes]
+object+
a| [subs=-attributes]
`{}`
| Per-service nodeSelector configuration. Overrides the default setting from `nodeSelector` if set.
| services.ocm.persistence
a| [subs=-attributes]
+object+
a| [subs=-attributes]
see detailed persistence configuration options below
| Persistence settings.
| services.ocm.persistence.accessModes
a| [subs=-attributes]
+list+
a| [subs=-attributes]
`["ReadWriteOnce"]`
| Persistent volume access modes. Needs to be `["ReadWriteMany"]` when having more than one replica for this service.
| services.ocm.persistence.annotations
a| [subs=-attributes]
+object+
a| [subs=-attributes]
`{}`
| Persistent volume annotations.
| services.ocm.persistence.chownInitContainer
a| [subs=-attributes]
+bool+
a| [subs=-attributes]
`false`
| Enables an initContainer to chown the volume. The initContainer is run as root. This is not needed if the driver applies the fsGroup from the securityContext. The image specified in `initContainerImage` will be used for this container.
| services.ocm.persistence.claimName
a| [subs=-attributes]
+string+
a| [subs=-attributes]
`""`
| Use a custom name for the PVC instead of the default one.
| services.ocm.persistence.enabled
a| [subs=-attributes]
+bool+
a| [subs=-attributes]
`false`
| Enables persistence. Needs to be enabled on production installations. If not enabled, pod restarts will lead to data loss. Also scaling this service to more than one replica is not possible if the pods don't share the same volume.
| services.ocm.persistence.existingClaim
a| [subs=-attributes]
+string+
a| [subs=-attributes]
`nil`
| Use an existing PersistentVolumeClaim for persistence.
| services.ocm.persistence.finalizers
a| [subs=-attributes]
+list+
a| [subs=-attributes]
`["kubernetes.io/pvc-protection"]`
| Persistent volume finalizers.
| services.ocm.persistence.selectorLabels
a| [subs=-attributes]
+object+
a| [subs=-attributes]
`{}`
| Persistent volume selector labels.
| services.ocm.persistence.size
a| [subs=-attributes]
+string+
a| [subs=-attributes]
`"100Mi"`
| Size of the persistent volume.
| services.ocm.persistence.storageClassName
a| [subs=-attributes]
+string+
a| [subs=-attributes]
`nil`
| Storage class to use. Uses the default storage class if not set.
| services.ocm.podDisruptionBudget
a| [subs=-attributes]
+object+
a| [subs=-attributes]
`{}`
| Per-service PodDisruptionBudget. Overrides the default setting from `podDisruptionBudget` if set.
| services.ocm.priorityClassName
a| [subs=-attributes]
+string+
a| [subs=-attributes]
`""`
| Per-service priorityClassName configuration. Overrides the default setting from `priorityClassName` if set.
| services.ocm.resources
a| [subs=-attributes]
+object+
a| [subs=-attributes]
`{}`
| Per-service resources configuration. Overrides the default setting from `resources` if set.
| services.ocs
a| [subs=-attributes]
+object+
Expand Down
142 changes: 142 additions & 0 deletions charts/ocis/docs/values.adoc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,6 +132,9 @@ insecure:
# -- Disables SSL certificate checking for connections to the oCIS http apis.
# Not recommended for production installations.
ocisHttpApiInsecure: false
# -- Disables SSL certificate checking for connections to all OCM instances
# Not recommended for production installations.
ocmInsecure: false

cache:
# -- Type of the cache to use.
Expand Down Expand Up @@ -630,6 +633,85 @@ features:
maxSize: 1073741824
# -- Max number of files that can be packed into an archive.
maxNumFiles: 10000
# OCM settings
ocm:
# -- Enables OCM service
enabled: false
providers: |-
[
{
"name": "oCIS Test",
"full_name": "oCIS Test provider",
"organization": "oCIS",
"domain": "cloud.ocis.test",
"homepage": "https://ocis.test",
"description": "oCIS Example cloud storage",
"services": [
{
"endpoint": {
"type": {
"name": "OCM",
"description": "cloud.ocis.test Open Cloud Mesh API"
},
"name": "cloud.ocis.test - OCM API",
"path": "https://cloud.ocis.test/ocm/",
"is_monitored": true
},
"api_version": "0.0.1",
"host": "http://cloud.ocis.test"
},
{
"endpoint": {
"type": {
"name": "Webdav",
"description": "cloud.ocis.test Webdav API"
},
"name": "cloud.ocis.test Example - Webdav API",
"path": "https://cloud.ocis.test/dav/",
"is_monitored": true
},
"api_version": "0.0.1",
"host": "https://cloud.ocis.test/"
}
]
},
{
"name": "ownCloud Test",
"full_name": "ownCloud Test provider",
"organization": "ownCloud",
"domain": "cloud.owncloud.test",
"homepage": "https://owncloud.test",
"description": "ownCloud Example cloud storage",
"services": [
{
"endpoint": {
"type": {
"name": "OCM",
"description": "cloud.owncloud.test Open Cloud Mesh API"
},
"name": "cloud.owncloud.test - OCM API",
"path": "https://cloud.owncloud.test/ocm/",
"is_monitored": true
},
"api_version": "0.0.1",
"host": "http://cloud.owncloud.test"
},
{
"endpoint": {
"type": {
"name": "Webdav",
"description": "cloud.owncloud.test Webdav API"
},
"name": "cloud.owncloud.test Example - Webdav API",
"path": "https://cloud.owncloud.test/dav/",
"is_monitored": true
},
"api_version": "0.0.1",
"host": "https://cloud.owncloud.test/"
}
]
}
]
# Ingress for oCIS.
ingress:
# -- Enables the Ingress.
Expand Down Expand Up @@ -1462,6 +1544,66 @@ services:
# -- Image pull policy
pullPolicy:

# -- OCM service.
# @default -- see detailed service configuration options below
ocm:
# -- Per-service resources configuration. Overrides the default setting from `resources` if set.
resources: {}
# -- Per-service nodeSelector configuration. Overrides the default setting from `nodeSelector` if set.
nodeSelector: {}
# -- Per-service priorityClassName configuration. Overrides the default setting from `priorityClassName` if set.
priorityClassName: ""
# -- Per-service PodDisruptionBudget. Overrides the default setting from `podDisruptionBudget` if set.
podDisruptionBudget: {}
# -- Per-service autoscaling. Overrides the default setting from `autoscaling` if set.
autoscaling: {}
# -- Affinity settings for the ocs service. See the documentation of this setting in approvider for examples.
affinity: {}
# -- Per-service custom labels
extraLabels: {}
# Per-service image configuration. Overrides the default setting from `image` if set.
image:
# -- Image repository
repository: ""
# -- Image tag.
tag: ""
# -- Image sha / digest (optional).
sha: ""
# -- Image pull policy
pullPolicy:
# -- Persistence settings.
# @default -- see detailed persistence configuration options below
persistence:
# -- Enables persistence.
# Needs to be enabled on production installations.
# If not enabled, pod restarts will lead to data loss.
# Also scaling this service to more than one replica is not possible if the pods don't share the same volume.
enabled: false
# -- Enables an initContainer to chown the volume.
# The initContainer is run as root.
# This is not needed if the driver applies the fsGroup from the securityContext.
# The image specified in `initContainerImage` will be used for this container.
chownInitContainer: false
# -- Storage class to use.
# Uses the default storage class if not set.
storageClassName:
# -- Persistent volume access modes. Needs to be `["ReadWriteMany"]` when having more than one replica for this service.
accessModes:
- ReadWriteOnce
# -- Size of the persistent volume.
size: 100Mi
# -- Persistent volume annotations.
annotations: {}
# -- Persistent volume finalizers.
finalizers:
- kubernetes.io/pvc-protection
# -- Persistent volume selector labels.
selectorLabels: {}
# -- Use a custom name for the PVC instead of the default one.
claimName: ""
# -- Use an existing PersistentVolumeClaim for persistence.
existingClaim:

# -- OCS service.
# @default -- see detailed service configuration options below
ocs:
Expand Down
4 changes: 4 additions & 0 deletions charts/ocis/templates/NOTES.txt
View file
Open in desktop
d7oc marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ kubectl -n {{ .Release.Namespace }} get secrets/admin-user --template='{{"{{"}}.
{{- $demoUsers := .Values.features.demoUsers -}}
{{- $oidcIdpInsecure := .Values.insecure.oidcIdpInsecure -}}
{{- $ocisHttpApiInsecure := .Values.insecure.ocisHttpApiInsecure -}}
{{- $ocmInsecure := .Values.insecure.ocmInsecure -}}
d7oc marked this conversation as resolved.
Show resolved Hide resolved
{{- $externalLDAPinsecure := and .Values.features.externalUserManagement.enabled .Values.features.externalUserManagement.ldap.insecure -}}
{{- $noSMTPencryption := and .Values.features.emailNotifications.enabled (eq .Values.features.emailNotifications.smtp.encryption "none") -}}

Expand All @@ -41,6 +42,9 @@ kubectl -n {{ .Release.Namespace }} get secrets/admin-user --template='{{"{{"}}.
{{- if $oidcIdpInsecure}}
###### - `insecure.oidcIdpInsecure` should be set to `false` #####
{{- end }}
{{- if $ocmInsecure}}
###### - `insecure.ocmInsecure` should be set to `false` #####
{{- end }}
{{- if $ocisHttpApiInsecure}}
###### - `insecure.ocisHttpApiInsecure` should be set to `false` #####
{{- end }}
Expand Down
1 change: 1 addition & 0 deletions charts/ocis/templates/_common/_tplvalues.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ Adds the app names to the scope and set the name of the app based on the input p
{{- $_ := set .scope "appNameNats" "nats" -}}
{{- $_ := set .scope "appNameNotifications" "notifications" -}}
{{- $_ := set .scope "appNameOcdav" "ocdav" -}}
{{- $_ := set .scope "appNameOcm" "ocm" -}}
{{- $_ := set .scope "appNameOcs" "ocs" -}}
{{- $_ := set .scope "appNamePolicies" "policies" -}}
{{- $_ := set .scope "appNamePostprocessing" "postprocessing" -}}
Expand Down
3 changes: 3 additions & 0 deletions charts/ocis/templates/frontend/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,9 @@ spec:
- name: FRONTEND_PASSWORD_POLICY_BANNED_PASSWORDS_LIST
value: /etc/ocis/sharing-banned-passwords.txt

- name: OCIS_ENABLE_OCM
value: {{ .Values.features.ocm.enabled | quote }}

{{- include "ocis.livenessProbe" . | nindent 10 }}

resources: {{ toYaml .resources | nindent 12 }}
Expand Down
3 changes: 3 additions & 0 deletions charts/ocis/templates/graph/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,9 @@ spec:
name: {{ include "secrets.serviceAccountSecret" . }}
key: service-account-secret

- name: OCIS_ENABLE_OCM
value: {{ .Values.features.ocm.enabled | quote }}

{{- include "ocis.livenessProbe" . | nindent 10 }}

resources: {{ toYaml .resources | nindent 12 }}
Expand Down
Loading