fix(helmfile): Add configurable objectstore

2025-12-06 07:21:36 +01:00 · 2023-11-28 13:51:20 +01:00
parent 6711791009
commit 3b5493d78d
4 changed files with 44 additions and 6 deletions
--- a/docs/external-services.md
+++ b/docs/external-services.md
@@ -9,6 +9,7 @@ This document will cover the additional configuration to use external services l

 <!-- TOC -->
  * [Database](#database)
+  * [Objectstore](#objectstore)
  * [Cache](#cache)
 <!-- TOC -->

@@ -65,6 +66,23 @@ service.
 |             |                    |            | Username  | `databases.xwiki.username`             | `xwiki_user`               |
 |             |                    |            | Password  | `databases.xwiki.password`             |                            |

+## Objectstore
+
+When deploying this suite to production, you need to configure the applications to use your production grade objectstore
+service.
+
+| Component   | Name        | Parameter       | Key                                      | Default            |
+|-------------|-------------|-----------------|------------------------------------------|--------------------|
+| OpenProject | OpenProject |                 |                                          |                    |
+|             |             | Backend         | `objectstores.openproject.backend`       | `minio`            |
+|             |             | Bucket          | `objectstores.openproject.bucket`        | `openproject`      |
+|             |             | Endpoint        | `objectstores.openproject.endpoint`      |                    |
+|             |             | Provider        | `objectstores.openproject.provider`      | `AWS`              |
+|             |             | Region          | `objectstores.openproject.region`        |                    |
+|             |             | Secret          | `objectstores.openproject.secret`        |                    |
+|             |             | Username        | `objectstores.openproject.username`      | `openproject_user` |
+|             |             | Use IAM profile | `objectstores.openproject.useIAMProfile` |                    |
+
 ## Cache

 When deploying this suite to production, you need to configure the applications to use your production grade cache
--- a/helmfile/apps/openproject/values.gotmpl
+++ b/helmfile/apps/openproject/values.gotmpl
@@ -77,9 +77,16 @@ environment:
  OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}"
  # Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
  OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject | quote }}
-  OPENPROJECT_FOG_CREDENTIALS_HOST: "{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}"
-  OPENPROJECT_FOG_CREDENTIALS_ENDPOINT: "https://{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}"
-  OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: {{ .Values.secrets.minio.openprojectUser | quote }}
+  {{ if ne .Values.objectstores.openproject.backend "aws" }}
+  OPENPROJECT_FOG_CREDENTIALS_ENDPOINT: {{ .Values.objectstores.openproject.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
+  OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "true"
+  {{ end }}
+  OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: {{ .Values.objectstores.openproject.username | quote }}
+  OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: {{ .Values.objectstores.openproject.secret | default .Values.secrets.minio.openprojectUser | quote }}
+  OPENPROJECT_FOG_CREDENTIALS_PROVIDER: {{ .Values.objectstores.openproject.provider | default "AWS" | quote }}
+  OPENPROJECT_FOG_CREDENTIALS_REGION: {{ .Values.objectstores.openproject.region | quote }}
+  OPENPROJECT_FOG_DIRECTORY: {{ .Values.objectstores.openproject.bucket | quote }}
+  OPENPROJECT_FOG_CREDENTIALS_USE__IAM__PROFILE : {{ .Values.objectstores.openproject.useIAMProfile | default "false" | quote }}

 replicaCount: {{ .Values.replicas.openproject }}

--- a/helmfile/apps/openproject/values.yaml
+++ b/helmfile/apps/openproject/values.yaml
@@ -75,10 +75,7 @@ environment:
  OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_GROUP__ATTRIBUTE: "cn"
  # Details: https://www.openproject.org/docs/installation-and-operations/configuration/#attachments-storage
  OPENPROJECT_ATTACHMENTS__STORAGE: "fog"
-  OPENPROJECT_FOG_DIRECTORY: "openproject"
-  OPENPROJECT_FOG_CREDENTIALS_PROVIDER: "AWS"
  OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "true"
-  OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: "openproject_user"
  # Define an admin mapping from the claim
  # The attribute mapping cannot currently be defined in the value
  OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_ADMIN: "openproject_admin"
--- a/helmfile/environments/default/objectstore.gotmpl
+++ b/helmfile/environments/default/objectstore.gotmpl
@@ -0,0 +1,16 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+objectstores:
+  openproject:
+    backend: "minio"
+    bucket: "openproject"
+    endpoint: ""
+    provider: "AWS"
+    region: ""
+    secret: ""
+    username: "openproject_user"
+    useIAMProfile: ""
+...