diff --git a/charts/incubator/wger/Chart.yaml b/charts/incubator/wger/Chart.yaml index e14e6ec903f..83310f46cd8 100644 --- a/charts/incubator/wger/Chart.yaml +++ b/charts/incubator/wger/Chart.yaml @@ -27,7 +27,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/incubator/wger - https://github.com/wger-project/wger - https://github.com/wger-project/docker -version: 0.0.55 +version: 1.0.0 annotations: truecharts.org/catagories: | - life diff --git a/charts/incubator/wger/questions.yaml b/charts/incubator/wger/questions.yaml index 36d3e233a1c..1328ffa1560 100644 --- a/charts/incubator/wger/questions.yaml +++ b/charts/incubator/wger/questions.yaml @@ -19,116 +19,138 @@ questions: additional_attrs: true type: dict attrs: - - variable: sync_exercises_on_startup - label: "SYNC_EXERCISES_ON_STARTUP (Slow Startup)" - description: "Enabling that can greatly impact the startup of this app" + - variable: general + label: "General Configuration" schema: - type: boolean - default: false - - variable: download_exercise_images_on_startup - label: "DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP (Slow Startup)" - description: "Enabling that can greatly impact the startup of this app" - schema: - type: boolean - default: false - - variable: allow_registration - label: "ALLOW_REGISTRATION" - schema: - type: boolean - default: true - - variable: allow_guest_users - label: "ALLOW_GUEST_USERS" - schema: - type: boolean - default: true - - variable: allow_upload_videos - label: "ALLOW_UPLOAD_VIDEOS" - schema: - type: boolean - default: true - - variable: exercise_cache_ttl - label: "EXERCISE_CACHE_TTL" - schema: - type: string - required: true - default: "3600" - - variable: django_perform_migrations - label: "DJANGO_PERFORM_MIGRATIONS" - schema: - type: boolean - default: true - - variable: django_debug - label: "DJANGO_DEBUG" - schema: - type: boolean - default: false - - variable: enable_email - label: "Email Settings" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: from_email - label: "FROM_EMAIL" - schema: - type: string - default: "" - - variable: email_host - label: "EMAIL_HOST" - schema: - type: string - default: "" - - variable: email_port - label: "EMAIL_PORT" - schema: - type: string - required: true - default: "587" - - variable: email_host_user - label: "EMAIL_HOST_USER" - schema: - type: string - default: "" - - variable: email_host_password - label: "EMAIL_HOST_PASSWORD" - schema: - type: string - private: true - default: "" - - variable: email_use_tls - label: "EMAIL_USE_TLS" + additional_attrs: true + type: dict + attrs: + - variable: sync_exercises_on_startup + label: "SYNC_EXERCISES_ON_STARTUP (Slow Startup)" + description: "Enabling that can greatly impact the startup of this app" schema: type: boolean default: false - - variable: email_use_ssl - label: "EMAIL_USE_SSL" + - variable: download_exercise_images_on_startup + label: "DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP (Slow Startup)" + description: "Enabling that can greatly impact the startup of this app" schema: type: boolean default: false - - variable: captchasettings - label: "Captcha Settings" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: recaptha_public_key - label: "RECAPTCHA_PUBLIC_KEY" - schema: - type: string - default: "" - - variable: recaptha_private_key - label: "RECAPTCHA_PRIVATE_KEY" - schema: - type: string - private: true - default: "" - - variable: nocaptcha - label: "NOCAPTCHA" + - variable: allow_registration + label: "ALLOW_REGISTRATION" schema: type: boolean default: true + - variable: allow_guest_users + label: "ALLOW_GUEST_USERS" + schema: + type: boolean + default: true + - variable: allow_upload_videos + label: "ALLOW_UPLOAD_VIDEOS" + schema: + type: boolean + default: true + - variable: exercise_cache_ttl + label: "EXERCISE_CACHE_TTL" + schema: + type: string + required: true + default: "3600" + - variable: django_perform_migrations + label: "DJANGO_PERFORM_MIGRATIONS" + schema: + type: boolean + default: true + - variable: django_debug + label: "DJANGO_DEBUG" + schema: + type: boolean + default: false + - variable: mail + label: "Mail Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enable_email + label: "Email Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: from_email + label: "FROM_EMAIL" + schema: + type: string + required: true + default: "" + - variable: email_host + label: "EMAIL_HOST" + schema: + type: string + required: true + default: "" + - variable: email_port + label: "EMAIL_PORT" + schema: + type: int + required: true + default: 587 + - variable: email_host_user + label: "EMAIL_HOST_USER" + schema: + type: string + required: true + default: "" + - variable: email_host_password + label: "EMAIL_HOST_PASSWORD" + schema: + type: string + required: true + private: true + default: "" + - variable: email_use_tls + label: "EMAIL_USE_TLS" + schema: + type: boolean + default: false + - variable: email_use_ssl + label: "EMAIL_USE_SSL" + schema: + type: boolean + default: false + - variable: captca + label: "Captca Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: captchasettings + label: "Captcha Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: recaptha_public_key + label: "RECAPTCHA_PUBLIC_KEY" + schema: + type: string + default: "" + - variable: recaptha_private_key + label: "RECAPTCHA_PRIVATE_KEY" + schema: + type: string + private: true + default: "" + - variable: nocaptcha + label: "NOCAPTCHA" + schema: + type: boolean + default: true # Include{containerConfig} # Include{serviceRoot} - variable: main @@ -158,7 +180,7 @@ questions: description: "The internal(!) port on the container the Application runs on" schema: type: int - default: 80 + default: 10249 # Include{serviceExpertRoot} default: false # Include{serviceExpert} diff --git a/charts/incubator/wger/templates/_configmap.tpl b/charts/incubator/wger/templates/_configmap.tpl new file mode 100644 index 00000000000..de7dd55f0d5 --- /dev/null +++ b/charts/incubator/wger/templates/_configmap.tpl @@ -0,0 +1,84 @@ +{{/* Define the configmap */}} +{{- define "wger.configmap" -}} + +{{- $configName := printf "%s-wger-configmap" (include "tc.common.names.fullname" .) }} +{{- $nginxConfigName := printf "%s-wger-nginx-config" (include "tc.common.names.fullname" .) }} + +--- +{{/* This configmap are loaded on both main authentik container and worker */}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $configName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +data: + {{/* Dependencies */}} + DJANGO_DB_ENGINE: "django.db.backends.postgresql" + DJANGO_DB_DATABASE: {{ .Values.postgresql.postgresqlDatabase }} + DJANGO_DB_USER: {{ .Values.postgresql.postgresqlUsername }} + DJANGO_DB_PORT: "5432" + DJANGO_DB_HOST: {{ printf "%v-%v" .Release.Name "postgresql" }} + DJANGO_CACHE_BACKEND: "django_redis.cache.RedisCache" + DJANGO_CACHE_CLIENT_CLASS: "django_redis.client.DefaultClient" + DJANGO_CACHE_TIMEOUT: "1296000" + TIME_ZONE: {{ .Values.TZ | quote }} + {{/* True, not true */}} + WGER_USE_GUNICORN: "True" + {{/* User Defined */}} + {{/* General */}} + {{- with .Values.wger.general.site_url }} + SITE_URL: {{ . | quote }} + {{- end }} + {{- with .Values.wger.general.exercise_cache_ttl }} + EXERCISE_CACHE_TTL: {{ . | quote }} + {{- end }} + ALLOW_REGISTRATION: {{ ternary "True" "False" .Values.wger.general.allow_registration | squote }} + ALLOW_GUEST_USERS: {{ ternary "True" "False" .Values.wger.general.allow_guest_users | squote }} + ALLOW_UPLOAD_VIDEOS: {{ ternary "True" "False" .Values.wger.general.allow_upload_videos | squote }} + SYNC_EXERCISES_ON_STARTUP: {{ ternary "True" "False" .Values.wger.general.sync_exercises_on_startup | squote }} + DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP: {{ ternary "True" "False" .Values.wger.general.download_exercise_images_on_startup | squote }} + DJANGO_PERFORM_MIGRATIONS: {{ ternary "True" "False" .Values.wger.general.django_perform_migrations | squote }} + DJANGO_DEBUG: {{ ternary "True" "False" .Values.wger.general.django_debug | squote }} + {{/* Captcha */}} + NOCAPTCHA: {{ ternary "True" "False" .Values.wger.captcha.nocaptcha | squote }} + {{/* Mail */}} + {{- if .Values.wger.mail.enable_email }} + {{/* Any value is considered true */}} + ENABLE_EMAIL: "True" + {{- end }} + FROM_EMAIL: {{ .Values.wger.mail.from_email | quote }} + EMAIL_HOST: {{ .Values.wger.mail.email_host | quote }} + EMAIL_PORT: {{ .Values.wger.mail.email_port | quote }} + EMAIL_USE_TLS: {{ ternary "True" "False" .Values.wger.mail.email_use_tls | squote }} + EMAIL_USE_SSL: {{ ternary "True" "False" .Values.wger.mail.email_use_ssl | squote }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $nginxConfigName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +data: + nginx.conf: |- + upstream wger { + server localhost:8000; + } + server { + listen {{ .Values.service.main.ports.main.port }}; + location / { + proxy_pass http://localhost:8000; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_redirect off; + } + location /static/ { + alias /static/; + } + location /media/ { + alias /media/; + } + # Increase max body size to allow for video uploads + client_max_body_size 100M; + } +{{- end }} diff --git a/charts/incubator/wger/templates/_nginx.tpl b/charts/incubator/wger/templates/_nginx.tpl new file mode 100644 index 00000000000..6f0a1c83300 --- /dev/null +++ b/charts/incubator/wger/templates/_nginx.tpl @@ -0,0 +1,22 @@ +{{/* Define the nginx container */}} +{{- define "wger.nginx" -}} +image: {{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }} +imagePullPolicy: {{ .Values.nginxImage.pullPolicy }} +ports: + - containerPort: {{ .Values.service.main.ports.main.port }} + name: main +securityContext: + runAsUser: 0 + runAsGroup: 1000 + readOnlyRootFilesystem: false + runAsNonRoot: false +volumeMounts: + - name: wger-config + mountPath: "/etc/nginx/conf.d/default.conf" + subPath: default.conf + readOnly: true + - name: media + mountPath: "/media" + - name: static + mountPath: "/static" +{{- end -}} diff --git a/charts/incubator/wger/templates/_secrets.tpl b/charts/incubator/wger/templates/_secrets.tpl index 701c43d1733..42ab8b57110 100644 --- a/charts/incubator/wger/templates/_secrets.tpl +++ b/charts/incubator/wger/templates/_secrets.tpl @@ -1,20 +1,31 @@ {{/* Define the secrets */}} {{- define "wger.secrets" -}} + +{{- $secretName := printf "%s-wger-secret" (include "tc.common.names.fullname" .) }} + --- apiVersion: v1 kind: Secret type: Opaque metadata: - name: wger-secrets -{{- $wgerprevious := lookup "v1" "Secret" .Release.Namespace "wger-secrets" }} -{{- $secret_key := "" }} + name: {{ $secretName }} data: - {{- if $wgerprevious}} - SECRET_KEY: {{ index $wgerprevious.data "SECRET_KEY" }} + {{- with (lookup "v1" "Secret" .Release.Namespace $secretName) }} + SECRET_KEY: {{ index .data "SECRET_KEY" }} {{- else }} - {{- $secret_key := randAlphaNum 32 }} - SECRET_KEY: {{ $secret_key | b64enc }} + SECRET_KEY: {{ randAlphaNum 32 | b64enc }} + {{- end }} + {{- $redisPass := .Values.redis.redisPassword | trimAll "\"" }} + DJANGO_CACHE_LOCATION: {{ printf "redis://%v:%v@%v-redis/%v" .Values.redis.redisUsername $redisPass .Release.Name .Values.redis.redisDatabase | b64enc }} + DJANGO_DB_PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" | b64enc }} + EMAIL_HOST_USER: {{ .Values.wger.mail.email_host_user | b64enc }} + EMAIL_HOST_PASSWORD: {{ .Values.wger.mail.email_host_password | b64enc }} + {{- with .Values.wger.captcha.recaptha_public_key }} + RECAPTCHA_PUBLIC_KEY: {{ . | b64enc }} + {{- end }} + {{- with .Values.wger.captcha.recaptha_private_key }} + RECAPTCHA_PRIVATE_KEY: {{ . | b64enc }} {{- end }} {{- end -}} diff --git a/charts/incubator/wger/templates/common.yaml b/charts/incubator/wger/templates/common.yaml index d1a6f6a4650..b554f3ce02a 100644 --- a/charts/incubator/wger/templates/common.yaml +++ b/charts/incubator/wger/templates/common.yaml @@ -3,5 +3,10 @@ {{/* Render secrets for wger */}} {{- include "wger.secrets" . }} +{{/* Render configmap for wger */}} +{{- include "wger.configmap" . }} + +{{- $_ := set .Values.additionalContainers "nginx" (include "wger.nginx" . | fromYaml) -}} + {{/* Render the templates */}} {{ include "tc.common.loader.apply" . }} diff --git a/charts/incubator/wger/values.yaml b/charts/incubator/wger/values.yaml index c30fd46fec5..f9a544412a4 100644 --- a/charts/incubator/wger/values.yaml +++ b/charts/incubator/wger/values.yaml @@ -6,6 +6,7 @@ image: nginxImage: repository: tccr.io/truecharts/nginx tag: v1.23.1@sha256:1620254cd011e2b81361f1f4682fd6cceadf13b07f8e37f322b60407d6d5a766 + pullPolicy: IfNotPresent securityContext: runAsNonRoot: false @@ -16,139 +17,43 @@ podSecurityContext: runAsGroup: 1000 fsGroup: 1000 -env: - DJANGO_DB_ENGINE: "django.db.backends.postgresql" - DJANGO_DB_DATABASE: "{{ .Values.postgresql.postgresqlDatabase }}" - DJANGO_DB_USER: "{{ .Values.postgresql.postgresqlUsername }}" - DJANGO_DB_PORT: "5432" - DJANGO_DB_HOST: - secretKeyRef: - name: dbcreds - key: plainhost - DJANGO_DB_PASSWORD: - secretKeyRef: - name: dbcreds - key: postgresql-password - DJANGO_CACHE_BACKEND: "django_redis.cache.RedisCache" - DJANGO_CACHE_CLIENT_CLASS: "django_redis.client.DefaultClient" - DJANGO_CACHE_TIMEOUT: "1296000" - DJANGO_CACHE_LOCATION: - secretKeyRef: - name: rediscreds - key: url - SECRET_KEY: - secretKeyRef: - name: wger-secrets - key: SECRET_KEY - TIME_ZONE: "{{ .Values.TZ }}" - # True, not true - WGER_USE_GUNICORN: "True" - SITE_URL: "{{ .Values.wger.site_url }}" - # User Defined - FROM_EMAIL: "{{ .Values.wger.from_email }}" - EXERCISE_CACHE_TTL: "{{ .Values.wger.exercise_cache_ttl }}" - EMAIL_HOST: "{{ .Values.wger.email_host }}" - EMAIL_PORT: "{{ .Values.wger.email_port }}" - EMAIL_HOST_USER: "{{ .Values.wger.email_host_user }}" - EMAIL_HOST_PASSWORD: "{{ .Values.wger.email_host_password }}" - RECAPTCHA_PUBLIC_KEY: "{{ .Values.wger.recaptha_public_key }}" - RECAPTCHA_PRIVATE_KEY: "{{ .Values.wger.recaptha_private_key }}" - envFrom: + - secretRef: + name: '{{ include "tc.common.names.fullname" . }}-wger-secret' - configMapRef: - name: '{{ include "tc.common.names.fullname" . }}-wger' + name: '{{ include "tc.common.names.fullname" . }}-wger-configmap' wger: - # Where the backend will listen. Leave this as is, unless nginx is removed - site_url: "http://localhost:8000" - sync_exercises_on_startup: false - download_exercise_images_on_startup: false - allow_registration: true - allow_guest_users: true - allow_upload_videos: true - exercise_cache_ttl: "3600" - django_perform_migrations: true - django_debug: false - enable_email: false - from_email: "" - email_host: "" - email_port: "587" - email_host_user: "" - email_host_password: "" - email_use_tls: true - email_use_ssl: true - recaptha_public_key: "" - recaptha_private_key: "" - nocaptcha: true - -configmap: - wger: - enabled: true - data: - SYNC_EXERCISES_ON_STARTUP: '{{ ternary "True" "False" .Values.wger.sync_exercises_on_startup }}' - DOWNLOAD_EXERCISE_IMAGES_ON_STARTUP: '{{ ternary "True" "False" .Values.wger.download_exercise_images_on_startup }}' - ALLOW_REGISTRATION: '{{ ternary "True" "False" .Values.wger.allow_registration }}' - ALLOW_GUEST_USERS: '{{ ternary "True" "False" .Values.wger.allow_guest_users }}' - ALLOW_UPLOAD_VIDEOS: '{{ ternary "True" "False" .Values.wger.allow_upload_videos }}' - DJANGO_PERFORM_MIGRATIONS: '{{ ternary "True" "False" .Values.wger.django_perform_migrations }}' - DJANGO_DEBUG: '{{ ternary "True" "False" .Values.wger.django_debug }}' - ENABLE_EMAIL: '{{ ternary "True" "False" .Values.wger.enable_email }}' - EMAIL_USE_TLS: '{{ ternary "True" "False" .Values.wger.email_use_tls }}' - EMAIL_USE_SSL: '{{ ternary "True" "False" .Values.wger.email_use_ssl }}' - NOCAPTCHA: '{{ ternary "True" "False" .Values.wger.nocaptcha }}' - config: - enabled: true - data: - nginx-config: |- - upstream wger { - server localhost:8000; - } - server { - listen 80; - location / { - proxy_pass http://localhost:8000; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $host; - proxy_redirect off; - } - location /static/ { - alias /static/; - } - location /media/ { - alias /media/; - } - # Increase max body size to allow for video uploads - client_max_body_size 100M; - } + general: + # Where the backend will listen. Leave this as is, unless nginx is removed + site_url: "http://localhost:8000" + sync_exercises_on_startup: false + download_exercise_images_on_startup: false + allow_registration: true + allow_guest_users: true + allow_upload_videos: true + exercise_cache_ttl: "3600" + django_perform_migrations: true + django_debug: false + mail: + enable_email: false + from_email: "" + email_host: "" + email_port: 587 + email_host_user: "username" + email_host_password: "password" + email_use_tls: false + email_use_ssl: false + captcha: + recaptha_public_key: "" + recaptha_private_key: "" + nocaptcha: true service: main: ports: main: port: 10249 - targetPort: 80 - -additionalContainers: - nginx: - name: nginx - image: "{{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}" - ports: - - containerPort: 80 - name: main - securityContext: - runAsUser: 0 - runAsGroup: 1000 - readOnlyRootFilesystem: false - runAsNonRoot: false - volumeMounts: - - name: wger-config - mountPath: "/etc/nginx/conf.d/default.conf" - subPath: nginx-config - readOnly: true - - name: media - mountPath: "/media" - - name: static - mountPath: "/static" persistence: media: @@ -160,12 +65,15 @@ persistence: mountPath: "/home/wger/static" wger-config: enabled: "true" - mountPath: "/etc/nginx/conf.d/default.conf" - subPath: "default.conf" + noMount: true + readOnly: true type: "custom" volumeSpec: configMap: - name: '{{ printf "%v-config" (include "tc.common.names.fullname" .) }}' + name: '{{ include "tc.common.names.fullname" . }}-wger-nginx-config' + items: + - key: nginx.conf + path: default.conf postgresql: enabled: true @@ -177,6 +85,7 @@ redis: enabled: true existingSecret: "rediscreds" redisUsername: "default" + redisDatabase: "0" portal: enabled: true diff --git a/cspell.config.yaml b/cspell.config.yaml index 24179e640a5..2a3a9f19ac7 100644 --- a/cspell.config.yaml +++ b/cspell.config.yaml @@ -94,6 +94,7 @@ words: - networkv - nextcloud - nobind + - nocaptcha - nodeport - nodeports - notebookbar @@ -120,8 +121,10 @@ words: - ramdisk - rcon - rcontcp + - recaptha - RECORDTYPES - Recyclarr + - rediscreds - registeringats - reneg - replacementurlhere @@ -174,5 +177,6 @@ words: - webpanel - websecure - weejewel + - wger - xsystems - zwavejs