feat(wger): BREAKING-CHANGE big cleanup - move to configmap (#3652)

* feat(wger): big cleanup

* empty spaace

* update targetPort in questions

* update nginx conf mounting

* quote url also

* whoops

* whoops

* set mail user/pass only when mail is enabled

* always define mail envs

* move some things around

* hmm

* try this as well

* print env

* always define from_mail

* typo

* always set emial_host

* see env

* whoops

* run

* set port aswell

* port int

* whoops

* wtf

* set defaults to all mail vars

* mhmm

* false mail

* ffs

* whoops

* try now

* so many things required...

* no message

* fix enable

* Update charts/incubator/wger/Chart.yaml
This commit is contained in:
Stavros Kois
2022-09-01 23:45:49 +03:00
committed by GitHub
parent fea4775515
commit 769e318fdc
8 changed files with 292 additions and 235 deletions

View File

@@ -27,7 +27,7 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/incubator/wger
- https://github.com/wger-project/wger
- https://github.com/wger-project/docker
version: 0.0.55
version: 1.0.0
annotations:
truecharts.org/catagories: |
- life

View File

@@ -19,116 +19,138 @@ questions:
additional_attrs: true
type: dict
attrs:
- variable: sync_exercises_on_startup
label: "SYNC_EXERCISES_ON_STARTUP (Slow Startup)"
description: "Enabling that can greatly impact the startup of this app"
- variable: general
label: "General Configuration"
schema:
type: boolean
default: false
- variable: download_exercise_images_on_startup
label: "DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP (Slow Startup)"
description: "Enabling that can greatly impact the startup of this app"
schema:
type: boolean
default: false
- variable: allow_registration
label: "ALLOW_REGISTRATION"
schema:
type: boolean
default: true
- variable: allow_guest_users
label: "ALLOW_GUEST_USERS"
schema:
type: boolean
default: true
- variable: allow_upload_videos
label: "ALLOW_UPLOAD_VIDEOS"
schema:
type: boolean
default: true
- variable: exercise_cache_ttl
label: "EXERCISE_CACHE_TTL"
schema:
type: string
required: true
default: "3600"
- variable: django_perform_migrations
label: "DJANGO_PERFORM_MIGRATIONS"
schema:
type: boolean
default: true
- variable: django_debug
label: "DJANGO_DEBUG"
schema:
type: boolean
default: false
- variable: enable_email
label: "Email Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: from_email
label: "FROM_EMAIL"
schema:
type: string
default: ""
- variable: email_host
label: "EMAIL_HOST"
schema:
type: string
default: ""
- variable: email_port
label: "EMAIL_PORT"
schema:
type: string
required: true
default: "587"
- variable: email_host_user
label: "EMAIL_HOST_USER"
schema:
type: string
default: ""
- variable: email_host_password
label: "EMAIL_HOST_PASSWORD"
schema:
type: string
private: true
default: ""
- variable: email_use_tls
label: "EMAIL_USE_TLS"
additional_attrs: true
type: dict
attrs:
- variable: sync_exercises_on_startup
label: "SYNC_EXERCISES_ON_STARTUP (Slow Startup)"
description: "Enabling that can greatly impact the startup of this app"
schema:
type: boolean
default: false
- variable: email_use_ssl
label: "EMAIL_USE_SSL"
- variable: download_exercise_images_on_startup
label: "DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP (Slow Startup)"
description: "Enabling that can greatly impact the startup of this app"
schema:
type: boolean
default: false
- variable: captchasettings
label: "Captcha Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: recaptha_public_key
label: "RECAPTCHA_PUBLIC_KEY"
schema:
type: string
default: ""
- variable: recaptha_private_key
label: "RECAPTCHA_PRIVATE_KEY"
schema:
type: string
private: true
default: ""
- variable: nocaptcha
label: "NOCAPTCHA"
- variable: allow_registration
label: "ALLOW_REGISTRATION"
schema:
type: boolean
default: true
- variable: allow_guest_users
label: "ALLOW_GUEST_USERS"
schema:
type: boolean
default: true
- variable: allow_upload_videos
label: "ALLOW_UPLOAD_VIDEOS"
schema:
type: boolean
default: true
- variable: exercise_cache_ttl
label: "EXERCISE_CACHE_TTL"
schema:
type: string
required: true
default: "3600"
- variable: django_perform_migrations
label: "DJANGO_PERFORM_MIGRATIONS"
schema:
type: boolean
default: true
- variable: django_debug
label: "DJANGO_DEBUG"
schema:
type: boolean
default: false
- variable: mail
label: "Mail Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: enable_email
label: "Email Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: from_email
label: "FROM_EMAIL"
schema:
type: string
required: true
default: ""
- variable: email_host
label: "EMAIL_HOST"
schema:
type: string
required: true
default: ""
- variable: email_port
label: "EMAIL_PORT"
schema:
type: int
required: true
default: 587
- variable: email_host_user
label: "EMAIL_HOST_USER"
schema:
type: string
required: true
default: ""
- variable: email_host_password
label: "EMAIL_HOST_PASSWORD"
schema:
type: string
required: true
private: true
default: ""
- variable: email_use_tls
label: "EMAIL_USE_TLS"
schema:
type: boolean
default: false
- variable: email_use_ssl
label: "EMAIL_USE_SSL"
schema:
type: boolean
default: false
- variable: captca
label: "Captca Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: captchasettings
label: "Captcha Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: recaptha_public_key
label: "RECAPTCHA_PUBLIC_KEY"
schema:
type: string
default: ""
- variable: recaptha_private_key
label: "RECAPTCHA_PRIVATE_KEY"
schema:
type: string
private: true
default: ""
- variable: nocaptcha
label: "NOCAPTCHA"
schema:
type: boolean
default: true
# Include{containerConfig}
# Include{serviceRoot}
- variable: main
@@ -158,7 +180,7 @@ questions:
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 80
default: 10249
# Include{serviceExpertRoot}
default: false
# Include{serviceExpert}

View File

@@ -0,0 +1,84 @@
{{/* Define the configmap */}}
{{- define "wger.configmap" -}}
{{- $configName := printf "%s-wger-configmap" (include "tc.common.names.fullname" .) }}
{{- $nginxConfigName := printf "%s-wger-nginx-config" (include "tc.common.names.fullname" .) }}
---
{{/* This configmap are loaded on both main authentik container and worker */}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $configName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
data:
{{/* Dependencies */}}
DJANGO_DB_ENGINE: "django.db.backends.postgresql"
DJANGO_DB_DATABASE: {{ .Values.postgresql.postgresqlDatabase }}
DJANGO_DB_USER: {{ .Values.postgresql.postgresqlUsername }}
DJANGO_DB_PORT: "5432"
DJANGO_DB_HOST: {{ printf "%v-%v" .Release.Name "postgresql" }}
DJANGO_CACHE_BACKEND: "django_redis.cache.RedisCache"
DJANGO_CACHE_CLIENT_CLASS: "django_redis.client.DefaultClient"
DJANGO_CACHE_TIMEOUT: "1296000"
TIME_ZONE: {{ .Values.TZ | quote }}
{{/* True, not true */}}
WGER_USE_GUNICORN: "True"
{{/* User Defined */}}
{{/* General */}}
{{- with .Values.wger.general.site_url }}
SITE_URL: {{ . | quote }}
{{- end }}
{{- with .Values.wger.general.exercise_cache_ttl }}
EXERCISE_CACHE_TTL: {{ . | quote }}
{{- end }}
ALLOW_REGISTRATION: {{ ternary "True" "False" .Values.wger.general.allow_registration | squote }}
ALLOW_GUEST_USERS: {{ ternary "True" "False" .Values.wger.general.allow_guest_users | squote }}
ALLOW_UPLOAD_VIDEOS: {{ ternary "True" "False" .Values.wger.general.allow_upload_videos | squote }}
SYNC_EXERCISES_ON_STARTUP: {{ ternary "True" "False" .Values.wger.general.sync_exercises_on_startup | squote }}
DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP: {{ ternary "True" "False" .Values.wger.general.download_exercise_images_on_startup | squote }}
DJANGO_PERFORM_MIGRATIONS: {{ ternary "True" "False" .Values.wger.general.django_perform_migrations | squote }}
DJANGO_DEBUG: {{ ternary "True" "False" .Values.wger.general.django_debug | squote }}
{{/* Captcha */}}
NOCAPTCHA: {{ ternary "True" "False" .Values.wger.captcha.nocaptcha | squote }}
{{/* Mail */}}
{{- if .Values.wger.mail.enable_email }}
{{/* Any value is considered true */}}
ENABLE_EMAIL: "True"
{{- end }}
FROM_EMAIL: {{ .Values.wger.mail.from_email | quote }}
EMAIL_HOST: {{ .Values.wger.mail.email_host | quote }}
EMAIL_PORT: {{ .Values.wger.mail.email_port | quote }}
EMAIL_USE_TLS: {{ ternary "True" "False" .Values.wger.mail.email_use_tls | squote }}
EMAIL_USE_SSL: {{ ternary "True" "False" .Values.wger.mail.email_use_ssl | squote }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $nginxConfigName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
data:
nginx.conf: |-
upstream wger {
server localhost:8000;
}
server {
listen {{ .Values.service.main.ports.main.port }};
location / {
proxy_pass http://localhost:8000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /static/ {
alias /static/;
}
location /media/ {
alias /media/;
}
# Increase max body size to allow for video uploads
client_max_body_size 100M;
}
{{- end }}

View File

@@ -0,0 +1,22 @@
{{/* Define the nginx container */}}
{{- define "wger.nginx" -}}
image: {{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}
imagePullPolicy: {{ .Values.nginxImage.pullPolicy }}
ports:
- containerPort: {{ .Values.service.main.ports.main.port }}
name: main
securityContext:
runAsUser: 0
runAsGroup: 1000
readOnlyRootFilesystem: false
runAsNonRoot: false
volumeMounts:
- name: wger-config
mountPath: "/etc/nginx/conf.d/default.conf"
subPath: default.conf
readOnly: true
- name: media
mountPath: "/media"
- name: static
mountPath: "/static"
{{- end -}}

View File

@@ -1,20 +1,31 @@
{{/* Define the secrets */}}
{{- define "wger.secrets" -}}
{{- $secretName := printf "%s-wger-secret" (include "tc.common.names.fullname" .) }}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: wger-secrets
{{- $wgerprevious := lookup "v1" "Secret" .Release.Namespace "wger-secrets" }}
{{- $secret_key := "" }}
name: {{ $secretName }}
data:
{{- if $wgerprevious}}
SECRET_KEY: {{ index $wgerprevious.data "SECRET_KEY" }}
{{- with (lookup "v1" "Secret" .Release.Namespace $secretName) }}
SECRET_KEY: {{ index .data "SECRET_KEY" }}
{{- else }}
{{- $secret_key := randAlphaNum 32 }}
SECRET_KEY: {{ $secret_key | b64enc }}
SECRET_KEY: {{ randAlphaNum 32 | b64enc }}
{{- end }}
{{- $redisPass := .Values.redis.redisPassword | trimAll "\"" }}
DJANGO_CACHE_LOCATION: {{ printf "redis://%v:%v@%v-redis/%v" .Values.redis.redisUsername $redisPass .Release.Name .Values.redis.redisDatabase | b64enc }}
DJANGO_DB_PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" | b64enc }}
EMAIL_HOST_USER: {{ .Values.wger.mail.email_host_user | b64enc }}
EMAIL_HOST_PASSWORD: {{ .Values.wger.mail.email_host_password | b64enc }}
{{- with .Values.wger.captcha.recaptha_public_key }}
RECAPTCHA_PUBLIC_KEY: {{ . | b64enc }}
{{- end }}
{{- with .Values.wger.captcha.recaptha_private_key }}
RECAPTCHA_PRIVATE_KEY: {{ . | b64enc }}
{{- end }}
{{- end -}}

View File

@@ -3,5 +3,10 @@
{{/* Render secrets for wger */}}
{{- include "wger.secrets" . }}
{{/* Render configmap for wger */}}
{{- include "wger.configmap" . }}
{{- $_ := set .Values.additionalContainers "nginx" (include "wger.nginx" . | fromYaml) -}}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}

View File

@@ -6,6 +6,7 @@ image:
nginxImage:
repository: tccr.io/truecharts/nginx
tag: v1.23.1@sha256:1620254cd011e2b81361f1f4682fd6cceadf13b07f8e37f322b60407d6d5a766
pullPolicy: IfNotPresent
securityContext:
runAsNonRoot: false
@@ -16,139 +17,43 @@ podSecurityContext:
runAsGroup: 1000
fsGroup: 1000
env:
DJANGO_DB_ENGINE: "django.db.backends.postgresql"
DJANGO_DB_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}"
DJANGO_DB_USER: "{{ .Values.postgresql.postgresqlUsername }}"
DJANGO_DB_PORT: "5432"
DJANGO_DB_HOST:
secretKeyRef:
name: dbcreds
key: plainhost
DJANGO_DB_PASSWORD:
secretKeyRef:
name: dbcreds
key: postgresql-password
DJANGO_CACHE_BACKEND: "django_redis.cache.RedisCache"
DJANGO_CACHE_CLIENT_CLASS: "django_redis.client.DefaultClient"
DJANGO_CACHE_TIMEOUT: "1296000"
DJANGO_CACHE_LOCATION:
secretKeyRef:
name: rediscreds
key: url
SECRET_KEY:
secretKeyRef:
name: wger-secrets
key: SECRET_KEY
TIME_ZONE: "{{ .Values.TZ }}"
# True, not true
WGER_USE_GUNICORN: "True"
SITE_URL: "{{ .Values.wger.site_url }}"
# User Defined
FROM_EMAIL: "{{ .Values.wger.from_email }}"
EXERCISE_CACHE_TTL: "{{ .Values.wger.exercise_cache_ttl }}"
EMAIL_HOST: "{{ .Values.wger.email_host }}"
EMAIL_PORT: "{{ .Values.wger.email_port }}"
EMAIL_HOST_USER: "{{ .Values.wger.email_host_user }}"
EMAIL_HOST_PASSWORD: "{{ .Values.wger.email_host_password }}"
RECAPTCHA_PUBLIC_KEY: "{{ .Values.wger.recaptha_public_key }}"
RECAPTCHA_PRIVATE_KEY: "{{ .Values.wger.recaptha_private_key }}"
envFrom:
- secretRef:
name: '{{ include "tc.common.names.fullname" . }}-wger-secret'
- configMapRef:
name: '{{ include "tc.common.names.fullname" . }}-wger'
name: '{{ include "tc.common.names.fullname" . }}-wger-configmap'
wger:
# Where the backend will listen. Leave this as is, unless nginx is removed
site_url: "http://localhost:8000"
sync_exercises_on_startup: false
download_exercise_images_on_startup: false
allow_registration: true
allow_guest_users: true
allow_upload_videos: true
exercise_cache_ttl: "3600"
django_perform_migrations: true
django_debug: false
enable_email: false
from_email: ""
email_host: ""
email_port: "587"
email_host_user: ""
email_host_password: ""
email_use_tls: true
email_use_ssl: true
recaptha_public_key: ""
recaptha_private_key: ""
nocaptcha: true
configmap:
wger:
enabled: true
data:
SYNC_EXERCISES_ON_STARTUP: '{{ ternary "True" "False" .Values.wger.sync_exercises_on_startup }}'
DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP: '{{ ternary "True" "False" .Values.wger.download_exercise_images_on_startup }}'
ALLOW_REGISTRATION: '{{ ternary "True" "False" .Values.wger.allow_registration }}'
ALLOW_GUEST_USERS: '{{ ternary "True" "False" .Values.wger.allow_guest_users }}'
ALLOW_UPLOAD_VIDEOS: '{{ ternary "True" "False" .Values.wger.allow_upload_videos }}'
DJANGO_PERFORM_MIGRATIONS: '{{ ternary "True" "False" .Values.wger.django_perform_migrations }}'
DJANGO_DEBUG: '{{ ternary "True" "False" .Values.wger.django_debug }}'
ENABLE_EMAIL: '{{ ternary "True" "False" .Values.wger.enable_email }}'
EMAIL_USE_TLS: '{{ ternary "True" "False" .Values.wger.email_use_tls }}'
EMAIL_USE_SSL: '{{ ternary "True" "False" .Values.wger.email_use_ssl }}'
NOCAPTCHA: '{{ ternary "True" "False" .Values.wger.nocaptcha }}'
config:
enabled: true
data:
nginx-config: |-
upstream wger {
server localhost:8000;
}
server {
listen 80;
location / {
proxy_pass http://localhost:8000;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
location /static/ {
alias /static/;
}
location /media/ {
alias /media/;
}
# Increase max body size to allow for video uploads
client_max_body_size 100M;
}
general:
# Where the backend will listen. Leave this as is, unless nginx is removed
site_url: "http://localhost:8000"
sync_exercises_on_startup: false
download_exercise_images_on_startup: false
allow_registration: true
allow_guest_users: true
allow_upload_videos: true
exercise_cache_ttl: "3600"
django_perform_migrations: true
django_debug: false
mail:
enable_email: false
from_email: ""
email_host: ""
email_port: 587
email_host_user: "username"
email_host_password: "password"
email_use_tls: false
email_use_ssl: false
captcha:
recaptha_public_key: ""
recaptha_private_key: ""
nocaptcha: true
service:
main:
ports:
main:
port: 10249
targetPort: 80
additionalContainers:
nginx:
name: nginx
image: "{{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}"
ports:
- containerPort: 80
name: main
securityContext:
runAsUser: 0
runAsGroup: 1000
readOnlyRootFilesystem: false
runAsNonRoot: false
volumeMounts:
- name: wger-config
mountPath: "/etc/nginx/conf.d/default.conf"
subPath: nginx-config
readOnly: true
- name: media
mountPath: "/media"
- name: static
mountPath: "/static"
persistence:
media:
@@ -160,12 +65,15 @@ persistence:
mountPath: "/home/wger/static"
wger-config:
enabled: "true"
mountPath: "/etc/nginx/conf.d/default.conf"
subPath: "default.conf"
noMount: true
readOnly: true
type: "custom"
volumeSpec:
configMap:
name: '{{ printf "%v-config" (include "tc.common.names.fullname" .) }}'
name: '{{ include "tc.common.names.fullname" . }}-wger-nginx-config'
items:
- key: nginx.conf
path: default.conf
postgresql:
enabled: true
@@ -177,6 +85,7 @@ redis:
enabled: true
existingSecret: "rediscreds"
redisUsername: "default"
redisDatabase: "0"
portal:
enabled: true

View File

@@ -94,6 +94,7 @@ words:
- networkv
- nextcloud
- nobind
- nocaptcha
- nodeport
- nodeports
- notebookbar
@@ -120,8 +121,10 @@ words:
- ramdisk
- rcon
- rcontcp
- recaptha
- RECORDTYPES
- Recyclarr
- rediscreds
- registeringats
- reneg
- replacementurlhere
@@ -174,5 +177,6 @@ words:
- webpanel
- websecure
- weejewel
- wger
- xsystems
- zwavejs