From 45715a20594dafe833041d5843c857bc0e23dcbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= Date: Fri, 9 Aug 2024 13:50:21 +0200 Subject: [PATCH] fix(docs): Update `replicas.yaml` and `docs/scaling.md`. --- docs/debugging.md | 4 +- .../separate-mail-matrix-domain.md | 2 +- docs/requirements.md | 2 + docs/scaling.md | 56 +----- helmfile/environments/default/replicas.yaml | 170 +++++++++++++----- helmfile/environments/test/values.yaml.gotmpl | 5 - 6 files changed, 137 insertions(+), 102 deletions(-) diff --git a/docs/debugging.md b/docs/debugging.md index ba728309..f39b5fb6 100644 --- a/docs/debugging.md +++ b/docs/debugging.md @@ -52,7 +52,7 @@ Below you will find some wrap-up notes when it comes to debugging openDesk by ad You can add a container by editing and updating an existing deployment, which is quite comfortable with tools like [Lens](https://k8slens.dev/). -- Select the container you want to make use of as debugging container, in the example below it's `registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:latest`. +- Select the container you want to make use of as debugging container, in the example below it is `registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:latest`. - Ensure the `shareProcessNamespace` option is enabled for the Pod. - Reference the selected container within the `containers` array of the deployment. - In case you want to access another containers filesystem, ensure the user/group settings of both containers match. @@ -121,7 +121,7 @@ Now you can add the ephemeral container with: ``` kubectl -n ${NAMESPACE} debug -it --attach=false -c ${EPH_CONTAINER_NAME} --image={DEBUG_IMAGE} ${POD_NAME} ``` -and open it's interactive terminal with +and open its interactive terminal with ``` kubectl -n ${NAMESPACE} attach -it -c ${EPH_CONTAINER_NAME} ${POD_NAME} ``` diff --git a/docs/enhanced-configuration/separate-mail-matrix-domain.md b/docs/enhanced-configuration/separate-mail-matrix-domain.md index 01e0bca7..d9e27086 100644 --- a/docs/enhanced-configuration/separate-mail-matrix-domain.md +++ b/docs/enhanced-configuration/separate-mail-matrix-domain.md @@ -77,7 +77,7 @@ The following changes apply to the standard DNS: #### Content Security Policy -The webserver of `my_organization.tld` should add `*.opendesk.domain.tld` to it's CSP header. +The webserver of `my_organization.tld` should add `*.opendesk.domain.tld` to its CSP header. #### .well-known diff --git a/docs/requirements.md b/docs/requirements.md index b5166147..2d95d376 100644 --- a/docs/requirements.md +++ b/docs/requirements.md @@ -39,6 +39,8 @@ The following minimal requirements are thought for initial evaluation deployment | RAM | 32 GB, more recommended | | Disk | HDD or SSD, >10 GB | +Check [`scaling.md`](./scaling.md) for more details on resource requirements and scalability. + # Kubernetes Any self-hosted or managed K8s cluster >= 1.24 listed in diff --git a/docs/scaling.md b/docs/scaling.md index 0ed7f193..c44fb377 100644 --- a/docs/scaling.md +++ b/docs/scaling.md @@ -7,55 +7,17 @@ SPDX-License-Identifier: Apache-2.0 This document should cover the abilities to scale apps. - -* [Replicas](#replicas) - +# Horizontal scalability -# Replicas +We are working on generating this document automatically based on the file +[`replicas.yaml`](../helmfile/environments/default/replicas.yaml) that contains necessary annotations. +In the meantime this file can be used to check the components scaling support / capabilities. -The Replicas can be increased of almost any component, but is only effective for high-availability or load-balancing for -apps with a check-mark in `Scaling (effective)` column. +# Upstream information -Verified positive effects are marked with a check-mark in `Scaling (verified)` column, apps which are not yet tested are -marked with a gear. +While scaling services horizontally is the ideal solution, information about vertical scaling is helpful +when it comes to defining the applications resources, see [`resources.yaml`](../helmfile/environments/default/resources.yaml) for references. +Please find below links to the application's upstream resources about scaling: -| Component | Name | Scaling (effective) | Scaling (verified) | -|-----------------------------|------------------------------------------|:-------------------:|:------------------:| -| ClamAV | `replicas.clamav` | :white_check_mark: | :white_check_mark: | -| | `replicas.clamd` | :white_check_mark: | :white_check_mark: | -| | `replicas.freshclam` | :x: | :x: | -| | `replicas.icap` | :white_check_mark: | :white_check_mark: | -| | `replicas.milter` | :white_check_mark: | :white_check_mark: | -| Collabora | `replicas.collabora` | :white_check_mark: | :gear: | -| CryptPad | `replicas.cryptpad` | :white_check_mark: | :gear: | -| Dovecot | `replicas.dovecot` | :x: | :gear: | -| Element | `replicas.element` | :white_check_mark: | :white_check_mark: | -| | `replicas.matrixNeoBoardWidget` | :white_check_mark: | :gear: | -| | `replicas.matrixNeoChoiceWidget` | :white_check_mark: | :gear: | -| | `replicas.matrixNeoDateFixBot` | :white_check_mark: | :gear: | -| | `replicas.matrixNeoDateFixWidget` | :white_check_mark: | :gear: | -| | `replicas.matrixUserVerificationService` | :white_check_mark: | :gear: | -| | `replicas.synapse` | :x: | :gear: | -| | `replicas.synapseWeb` | :white_check_mark: | :white_check_mark: | -| | `replicas.wellKnown` | :white_check_mark: | :white_check_mark: | -| Intercom Service | `replicas.intercomService` | :white_check_mark: | :white_check_mark: | -| Jitsi | `replicas.jibri` | :white_check_mark: | :gear: | -| | `replicas.jicofo` | :white_check_mark: | :gear: | -| | `replicas.jitsi ` | :white_check_mark: | :gear: | -| | `replicas.jitsiKeycloakAdapter` | :white_check_mark: | :gear: | -| | `replicas.jvb ` | :x: | :x: | -| Keycloak | `replicas.keycloak` | :white_check_mark: | :white_check_mark: | -| Memcached | `replicas.memcached` | :gear: | :gear: | -| Minio | `replicas.minioDistributed` | :white_check_mark: | :white_check_mark: | -| Nextcloud | `replicas.nextcloudApache2` | :white_check_mark: | :white_check_mark: | -| | `replicas.nextcloudExporter` | :white_check_mark: | :white_check_mark: | -| | `replicas.nextcloudPHP` | :white_check_mark: | :white_check_mark: | -| OpenProject | `replicas.openproject` | :white_check_mark: | :white_check_mark: | -| Postfix | `replicas.postfix` | :x: | :gear: | -| Redis | `replicas.redis` | :gear: | :gear: | -| Univention Management Stack | | :gear: | :gear: | -| | `replicas.umsPortalFrontend` | :white_check_mark: | :white_check_mark: | -| | `replicas.umsPortalServer` | :white_check_mark: | :white_check_mark: | -| | `replicas.umsUdmRestApi` | :white_check_mark: | :white_check_mark: | -| XWiki | `replicas.xwiki` | :x: | :gear: | +- [OpenProject system requirements](https://www.openproject.org/docs/installation-and-operations/system-requirements/) diff --git a/helmfile/environments/default/replicas.yaml b/helmfile/environments/default/replicas.yaml index ad6b1a8e..5b29fd23 100644 --- a/helmfile/environments/default/replicas.yaml +++ b/helmfile/environments/default/replicas.yaml @@ -1,62 +1,138 @@ # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- -# Before increasing the replicas of components, please consult the scaling documentation at "docs/scaling.md" to ensure -# that scaling of the respective component is possible and has the desired effect. +# This file contains annotations to (later) generate parts of "docs/scaling.md". +# When adding new components in here, do not forget to add them as well to +# `../test/values.yaml.gotmpl` to ensure their linting coverage. replicas: - # clamav-simple + # -- component: Antivirus (ClamAV) + # -- scalable: true + # -- comment: clamav-simple - supports `ReadWriteOnce` PVCs. clamav: 1 - # clamav-distributed + # -- scalable: true + # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs. clamd: 1 - collabora: 1 - cryptpad: 1 - dovecot: 1 - element: 1 - # clamav-distributed + # -- scalable: true + # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files centrally an should be a singleton. freshclam: 1 - # clamav-distributed + # -- scalable: true + # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs. icap: 1 - intercomService: 1 - jibri: 1 - jicofo: 1 - jitsi: 1 - jitsiKeycloakAdapter: 1 - jvb: 1 - keycloak: 1 - mariadb: 1 - matrixNeoBoardWidget: 1 - matrixNeoChoiceWidget: 1 - matrixNeoDateFixBot: 1 - matrixNeoDateFixWidget: 1 - matrixUserVerificationService: 1 - memcached: 1 - # clamav-distributed + # -- scalable: true + # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs. milter: 1 - minio: 1 - nextcloudApache2: 1 - nextcloudExporter: 1 - nextcloudPHP: 1 - openprojectWeb: 1 - openprojectWorker: 1 - oxConnector: 1 + + # -- component: Weboffice (Collabora) + # -- scalable: true + collabora: 1 + + # -- component: Pad (CryptPad) + # -- scalable: false + cryptpad: 1 + + # -- component: Groupware (OX AppSuite, OX Dovecot etc.) + # -- scalable: false + # -- comment: Scalable in openDesk Enterprise only + dovecot: 1 + # -- scalable: false postfix: 1 - postgres: 1 - redis: 1 + + # -- component: Chat (Element, Synapse) + # -- scalable: true + element: 1 + # -- scalable: tbd + matrixNeoBoardWidget: 1 + # -- scalable: tbd + matrixNeoChoiceWidget: 1 + # -- scalable: tbd + matrixNeoDateFixBot: 1 + # -- scalable: tbd + matrixNeoDateFixWidget: 1 + # -- scalable: tbd + matrixUserVerificationService: 1 + # -- scalable: tbd synapse: 1 + # -- scalable: true synapseWeb: 1 - umsKeycloakExtensionsHandler: 1 - umsKeycloakExtensionsProxy: 1 - umsLdapNotifier: 1 - umsLdapServer: 1 - umsNotificationsApi: 1 - umsPortalFrontend: 1 - umsPortalListener: 1 - umsPortalServer: 1 - umsSelfserviceListener: 1 - umsStackGateway: 1 - umsUdmRestApi: 1 - umsUmcGateway: 1 - umsUmcServer: 1 + # -- scalable: true wellKnown: 1 + + # -- component: IAM (Nubus) + # -- scalable: true + intercomService: 1 + # -- scalable: true + keycloak: 1 + # -- scalable: false + # -- comment: Will be removed soon. + oxConnector: 1 + # -- scalable: false + # -- comment: Should not be scaled, is an async process. + umsKeycloakExtensionsHandler: 1 + # -- scalable: true + umsKeycloakExtensionsProxy: 1 + # -- scalable: tbd + umsLdapNotifier: 1 + # -- scalable: tbd + umsLdapServer: 1 + # -- scalable: tbd + umsNotificationsApi: 1 + # -- scalable: true + umsPortalFrontend: 1 + # -- scalable: tbd + umsPortalListener: 1 + # -- scalable: true + umsPortalServer: 1 + # -- scalable: tbd + umsSelfserviceListener: 1 + # -- scalable: tbd + umsStackGateway: 1 + # -- scalable: true + umsUdmRestApi: 1 + # -- scalable: tbd + umsUmcGateway: 1 + # -- scalable: tbd + umsUmcServer: 1 + + # -- component: Video conference (Jitsi) + # -- scalable: tbd + jibri: 1 + # -- scalable: tbd + jicofo: 1 + # -- scalable: tbd + jitsi: 1 + # -- scalable: tbd + jitsiKeycloakAdapter: 1 + # -- scalable: tbd + jvb: 1 + + # -- component: Persistence Layer + # -- scalable: false + mariadb: 1 + # -- scalable: false + memcached: 1 + # -- scalable: true + minio: 1 + # -- scalable: false + postgres: 1 + # -- scalable: tbd + redis: 1 + + # -- component: Filestore (Nextcloud) + # -- scalable: true + nextcloudApache2: 1 + # -- scalable: true + nextcloudExporter: 1 + # -- scalable: true + nextcloudPHP: 1 + + # -- component: Project management (OpenProject) + # -- scalable: true + openprojectWeb: 1 + # -- scalable: tdb + # -- comment: Async process that usually has no need for scaling + openprojectWorker: 1 + + # -- component: Knowledge management (XWiki) + # -- scalable: false xwiki: 1 ... diff --git a/helmfile/environments/test/values.yaml.gotmpl b/helmfile/environments/test/values.yaml.gotmpl index 0c2bec83..3e77aba5 100644 --- a/helmfile/environments/test/values.yaml.gotmpl +++ b/helmfile/environments/test/values.yaml.gotmpl @@ -35,17 +35,13 @@ ingress: enabled: true secretName: "kyverno-tls" replicas: - # clamav-simple clamav: 42 - # clamav-distributed clamd: 42 collabora: 42 cryptpad: 42 dovecot: 42 element: 42 - # clamav-distributed freshclam: 42 - # clamav-distributed icap: 42 intercomService: 42 jibri: 42 @@ -61,7 +57,6 @@ replicas: matrixNeoDateFixWidget: 42 matrixUserVerificationService: 42 memcached: 42 - # clamav-distributed milter: 42 minio: 42 nextcloudApache2: 42