From 3b5493d78dc027cd1f3206b26cf347dc6ce6e265 Mon Sep 17 00:00:00 2001 From: Robin Rush Date: Tue, 28 Nov 2023 13:51:20 +0100 Subject: [PATCH] fix(helmfile): Add configurable objectstore --- docs/external-services.md | 18 ++++++++++++++++++ helmfile/apps/openproject/values.gotmpl | 13 ++++++++++--- helmfile/apps/openproject/values.yaml | 3 --- .../environments/default/objectstore.gotmpl | 16 ++++++++++++++++ 4 files changed, 44 insertions(+), 6 deletions(-) create mode 100644 helmfile/environments/default/objectstore.gotmpl diff --git a/docs/external-services.md b/docs/external-services.md index 655eb59a..3e26a740 100644 --- a/docs/external-services.md +++ b/docs/external-services.md @@ -9,6 +9,7 @@ This document will cover the additional configuration to use external services l * [Database](#database) + * [Objectstore](#objectstore) * [Cache](#cache) @@ -65,6 +66,23 @@ service. | | | | Username | `databases.xwiki.username` | `xwiki_user` | | | | | Password | `databases.xwiki.password` | | +## Objectstore + +When deploying this suite to production, you need to configure the applications to use your production grade objectstore +service. + +| Component | Name | Parameter | Key | Default | +|-------------|-------------|-----------------|------------------------------------------|--------------------| +| OpenProject | OpenProject | | | | +| | | Backend | `objectstores.openproject.backend` | `minio` | +| | | Bucket | `objectstores.openproject.bucket` | `openproject` | +| | | Endpoint | `objectstores.openproject.endpoint` | | +| | | Provider | `objectstores.openproject.provider` | `AWS` | +| | | Region | `objectstores.openproject.region` | | +| | | Secret | `objectstores.openproject.secret` | | +| | | Username | `objectstores.openproject.username` | `openproject_user` | +| | | Use IAM profile | `objectstores.openproject.useIAMProfile` | | + ## Cache When deploying this suite to production, you need to configure the applications to use your production grade cache diff --git a/helmfile/apps/openproject/values.gotmpl b/helmfile/apps/openproject/values.gotmpl index f58db868..5c96f8f8 100644 --- a/helmfile/apps/openproject/values.gotmpl +++ b/helmfile/apps/openproject/values.gotmpl @@ -77,9 +77,16 @@ environment: OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}" # Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject | quote }} - OPENPROJECT_FOG_CREDENTIALS_HOST: "{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}" - OPENPROJECT_FOG_CREDENTIALS_ENDPOINT: "https://{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}" - OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: {{ .Values.secrets.minio.openprojectUser | quote }} + {{ if ne .Values.objectstores.openproject.backend "aws" }} + OPENPROJECT_FOG_CREDENTIALS_ENDPOINT: {{ .Values.objectstores.openproject.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} + OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "true" + {{ end }} + OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: {{ .Values.objectstores.openproject.username | quote }} + OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: {{ .Values.objectstores.openproject.secret | default .Values.secrets.minio.openprojectUser | quote }} + OPENPROJECT_FOG_CREDENTIALS_PROVIDER: {{ .Values.objectstores.openproject.provider | default "AWS" | quote }} + OPENPROJECT_FOG_CREDENTIALS_REGION: {{ .Values.objectstores.openproject.region | quote }} + OPENPROJECT_FOG_DIRECTORY: {{ .Values.objectstores.openproject.bucket | quote }} + OPENPROJECT_FOG_CREDENTIALS_USE__IAM__PROFILE : {{ .Values.objectstores.openproject.useIAMProfile | default "false" | quote }} replicaCount: {{ .Values.replicas.openproject }} diff --git a/helmfile/apps/openproject/values.yaml b/helmfile/apps/openproject/values.yaml index 81496cc5..0d7b8327 100644 --- a/helmfile/apps/openproject/values.yaml +++ b/helmfile/apps/openproject/values.yaml @@ -75,10 +75,7 @@ environment: OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_GROUP__ATTRIBUTE: "cn" # Details: https://www.openproject.org/docs/installation-and-operations/configuration/#attachments-storage OPENPROJECT_ATTACHMENTS__STORAGE: "fog" - OPENPROJECT_FOG_DIRECTORY: "openproject" - OPENPROJECT_FOG_CREDENTIALS_PROVIDER: "AWS" OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "true" - OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: "openproject_user" # Define an admin mapping from the claim # The attribute mapping cannot currently be defined in the value OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_ADMIN: "openproject_admin" diff --git a/helmfile/environments/default/objectstore.gotmpl b/helmfile/environments/default/objectstore.gotmpl new file mode 100644 index 00000000..43ea4808 --- /dev/null +++ b/helmfile/environments/default/objectstore.gotmpl @@ -0,0 +1,16 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +objectstores: + openproject: + backend: "minio" + bucket: "openproject" + endpoint: "" + provider: "AWS" + region: "" + secret: "" + username: "openproject_user" + useIAMProfile: "" +...