sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-07 07:51:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(docs): Update replicas.yaml and docs/scaling.md.

Browse Source
This commit is contained in:
Thorsten Roßner
2024-08-09 13:50:21 +02:00
parent 3ad81e6b92
commit 45715a2059
6 changed files with 137 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/debugging.md
View File

@@ -52,7 +52,7 @@ Below you will find some wrap-up notes when it comes to debugging openDesk by ad
You can add a container by editing and updating an existing deployment, which is quite comfortable with tools like [Lens](https://k8slens.dev/). You can add a container by editing and updating an existing deployment, which is quite comfortable with tools like [Lens](https://k8slens.dev/).
- Select the container you want to make use of as debugging container, in the example below it's `registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:latest`. - Select the container you want to make use of as debugging container, in the example below it is `registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:latest`.
- Ensure the `shareProcessNamespace` option is enabled for the Pod. - Ensure the `shareProcessNamespace` option is enabled for the Pod.
- Reference the selected container within the `containers` array of the deployment. - Reference the selected container within the `containers` array of the deployment.
- In case you want to access another containers filesystem, ensure the user/group settings of both containers match. - In case you want to access another containers filesystem, ensure the user/group settings of both containers match.
@@ -121,7 +121,7 @@ Now you can add the ephemeral container with:
``` ```
kubectl -n ${NAMESPACE} debug -it --attach=false -c ${EPH_CONTAINER_NAME} --image={DEBUG_IMAGE} ${POD_NAME} kubectl -n ${NAMESPACE} debug -it --attach=false -c ${EPH_CONTAINER_NAME} --image={DEBUG_IMAGE} ${POD_NAME}
``` ```
and open it's interactive terminal with and open its interactive terminal with
``` ```
kubectl -n ${NAMESPACE} attach -it -c ${EPH_CONTAINER_NAME} ${POD_NAME} kubectl -n ${NAMESPACE} attach -it -c ${EPH_CONTAINER_NAME} ${POD_NAME}
``` ```

2
docs/enhanced-configuration/separate-mail-matrix-domain.md
View File

@@ -77,7 +77,7 @@ The following changes apply to the standard DNS:
#### Content Security Policy #### Content Security Policy
The webserver of `my_organization.tld` should add `*.opendesk.domain.tld` to it's CSP header. The webserver of `my_organization.tld` should add `*.opendesk.domain.tld` to its CSP header.
#### .well-known #### .well-known

2
docs/requirements.md
View File

@@ -39,6 +39,8 @@ The following minimal requirements are thought for initial evaluation deployment
| RAM | 32 GB, more recommended | | RAM | 32 GB, more recommended |
| Disk | HDD or SSD, >10 GB | | Disk | HDD or SSD, >10 GB |
Check [`scaling.md`](./scaling.md) for more details on resource requirements and scalability.
# Kubernetes # Kubernetes
Any self-hosted or managed K8s cluster >= 1.24 listed in Any self-hosted or managed K8s cluster >= 1.24 listed in

56
docs/scaling.md
View File

@@ -7,55 +7,17 @@ SPDX-License-Identifier: Apache-2.0
This document should cover the abilities to scale apps. This document should cover the abilities to scale apps.
<!-- TOC --> # Horizontal scalability
* [Replicas](#replicas)
<!-- TOC -->
# Replicas We are working on generating this document automatically based on the file
[`replicas.yaml`](../helmfile/environments/default/replicas.yaml) that contains necessary annotations.
In the meantime this file can be used to check the components scaling support / capabilities.
The Replicas can be increased of almost any component, but is only effective for high-availability or load-balancing for # Upstream information
apps with a check-mark in `Scaling (effective)` column.
Verified positive effects are marked with a check-mark in `Scaling (verified)` column, apps which are not yet tested are While scaling services horizontally is the ideal solution, information about vertical scaling is helpful
marked with a gear. when it comes to defining the applications resources, see [`resources.yaml`](../helmfile/environments/default/resources.yaml) for references.
Please find below links to the application's upstream resources about scaling:
| Component | Name | Scaling (effective) | Scaling (verified) | - [OpenProject system requirements](https://www.openproject.org/docs/installation-and-operations/system-requirements/)
|-----------------------------|------------------------------------------|:-------------------:|:------------------:|
| ClamAV | `replicas.clamav` | :white_check_mark: | :white_check_mark: |
| | `replicas.clamd` | :white_check_mark: | :white_check_mark: |
| | `replicas.freshclam` | :x: | :x: |
| | `replicas.icap` | :white_check_mark: | :white_check_mark: |
| | `replicas.milter` | :white_check_mark: | :white_check_mark: |
| Collabora | `replicas.collabora` | :white_check_mark: | :gear: |
| CryptPad | `replicas.cryptpad` | :white_check_mark: | :gear: |
| Dovecot | `replicas.dovecot` | :x: | :gear: |
| Element | `replicas.element` | :white_check_mark: | :white_check_mark: |
| | `replicas.matrixNeoBoardWidget` | :white_check_mark: | :gear: |
| | `replicas.matrixNeoChoiceWidget` | :white_check_mark: | :gear: |
| | `replicas.matrixNeoDateFixBot` | :white_check_mark: | :gear: |
| | `replicas.matrixNeoDateFixWidget` | :white_check_mark: | :gear: |
| | `replicas.matrixUserVerificationService` | :white_check_mark: | :gear: |
| | `replicas.synapse` | :x: | :gear: |
| | `replicas.synapseWeb` | :white_check_mark: | :white_check_mark: |
| | `replicas.wellKnown` | :white_check_mark: | :white_check_mark: |
| Intercom Service | `replicas.intercomService` | :white_check_mark: | :white_check_mark: |
| Jitsi | `replicas.jibri` | :white_check_mark: | :gear: |
| | `replicas.jicofo` | :white_check_mark: | :gear: |
| | `replicas.jitsi ` | :white_check_mark: | :gear: |
| | `replicas.jitsiKeycloakAdapter` | :white_check_mark: | :gear: |
| | `replicas.jvb ` | :x: | :x: |
| Keycloak | `replicas.keycloak` | :white_check_mark: | :white_check_mark: |
| Memcached | `replicas.memcached` | :gear: | :gear: |
| Minio | `replicas.minioDistributed` | :white_check_mark: | :white_check_mark: |
| Nextcloud | `replicas.nextcloudApache2` | :white_check_mark: | :white_check_mark: |
| | `replicas.nextcloudExporter` | :white_check_mark: | :white_check_mark: |
| | `replicas.nextcloudPHP` | :white_check_mark: | :white_check_mark: |
| OpenProject | `replicas.openproject` | :white_check_mark: | :white_check_mark: |
| Postfix | `replicas.postfix` | :x: | :gear: |
| Redis | `replicas.redis` | :gear: | :gear: |
| Univention Management Stack | | :gear: | :gear: |
| | `replicas.umsPortalFrontend` | :white_check_mark: | :white_check_mark: |
| | `replicas.umsPortalServer` | :white_check_mark: | :white_check_mark: |
| | `replicas.umsUdmRestApi` | :white_check_mark: | :white_check_mark: |
| XWiki | `replicas.xwiki` | :x: | :gear: |

170
helmfile/environments/default/replicas.yaml
View File

@@ -1,62 +1,138 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
# Before increasing the replicas of components, please consult the scaling documentation at "docs/scaling.md" to ensure # This file contains annotations to (later) generate parts of "docs/scaling.md".
# that scaling of the respective component is possible and has the desired effect. # When adding new components in here, do not forget to add them as well to
# `../test/values.yaml.gotmpl` to ensure their linting coverage.
replicas: replicas:
# clamav-simple # -- component: Antivirus (ClamAV)
# -- scalable: true
# -- comment: clamav-simple - supports `ReadWriteOnce` PVCs.
clamav: 1 clamav: 1
# clamav-distributed # -- scalable: true
# -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
clamd: 1 clamd: 1
collabora: 1 # -- scalable: true
cryptpad: 1 # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files centrally an should be a singleton.
dovecot: 1
element: 1
# clamav-distributed
freshclam: 1 freshclam: 1
# clamav-distributed # -- scalable: true
# -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
icap: 1 icap: 1
intercomService: 1 # -- scalable: true
jibri: 1 # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
jicofo: 1
jitsi: 1
jitsiKeycloakAdapter: 1
jvb: 1
keycloak: 1
mariadb: 1
matrixNeoBoardWidget: 1
matrixNeoChoiceWidget: 1
matrixNeoDateFixBot: 1
matrixNeoDateFixWidget: 1
matrixUserVerificationService: 1
memcached: 1
# clamav-distributed
milter: 1 milter: 1
minio: 1
nextcloudApache2: 1 # -- component: Weboffice (Collabora)
nextcloudExporter: 1 # -- scalable: true
nextcloudPHP: 1 collabora: 1
openprojectWeb: 1
openprojectWorker: 1 # -- component: Pad (CryptPad)
oxConnector: 1 # -- scalable: false
cryptpad: 1
# -- component: Groupware (OX AppSuite, OX Dovecot etc.)
# -- scalable: false
# -- comment: Scalable in openDesk Enterprise only
dovecot: 1
# -- scalable: false
postfix: 1 postfix: 1
postgres: 1
redis: 1 # -- component: Chat (Element, Synapse)
# -- scalable: true
element: 1
# -- scalable: tbd
matrixNeoBoardWidget: 1
# -- scalable: tbd
matrixNeoChoiceWidget: 1
# -- scalable: tbd
matrixNeoDateFixBot: 1
# -- scalable: tbd
matrixNeoDateFixWidget: 1
# -- scalable: tbd
matrixUserVerificationService: 1
# -- scalable: tbd
synapse: 1 synapse: 1
# -- scalable: true
synapseWeb: 1 synapseWeb: 1
umsKeycloakExtensionsHandler: 1 # -- scalable: true
umsKeycloakExtensionsProxy: 1
umsLdapNotifier: 1
umsLdapServer: 1
umsNotificationsApi: 1
umsPortalFrontend: 1
umsPortalListener: 1
umsPortalServer: 1
umsSelfserviceListener: 1
umsStackGateway: 1
umsUdmRestApi: 1
umsUmcGateway: 1
umsUmcServer: 1
wellKnown: 1 wellKnown: 1
# -- component: IAM (Nubus)
# -- scalable: true
intercomService: 1
# -- scalable: true
keycloak: 1
# -- scalable: false
# -- comment: Will be removed soon.
oxConnector: 1
# -- scalable: false
# -- comment: Should not be scaled, is an async process.
umsKeycloakExtensionsHandler: 1
# -- scalable: true
umsKeycloakExtensionsProxy: 1
# -- scalable: tbd
umsLdapNotifier: 1
# -- scalable: tbd
umsLdapServer: 1
# -- scalable: tbd
umsNotificationsApi: 1
# -- scalable: true
umsPortalFrontend: 1
# -- scalable: tbd
umsPortalListener: 1
# -- scalable: true
umsPortalServer: 1
# -- scalable: tbd
umsSelfserviceListener: 1
# -- scalable: tbd
umsStackGateway: 1
# -- scalable: true
umsUdmRestApi: 1
# -- scalable: tbd
umsUmcGateway: 1
# -- scalable: tbd
umsUmcServer: 1
# -- component: Video conference (Jitsi)
# -- scalable: tbd
jibri: 1
# -- scalable: tbd
jicofo: 1
# -- scalable: tbd
jitsi: 1
# -- scalable: tbd
jitsiKeycloakAdapter: 1
# -- scalable: tbd
jvb: 1
# -- component: Persistence Layer
# -- scalable: false
mariadb: 1
# -- scalable: false
memcached: 1
# -- scalable: true
minio: 1
# -- scalable: false
postgres: 1
# -- scalable: tbd
redis: 1
# -- component: Filestore (Nextcloud)
# -- scalable: true
nextcloudApache2: 1
# -- scalable: true
nextcloudExporter: 1
# -- scalable: true
nextcloudPHP: 1
# -- component: Project management (OpenProject)
# -- scalable: true
openprojectWeb: 1
# -- scalable: tdb
# -- comment: Async process that usually has no need for scaling
openprojectWorker: 1
# -- component: Knowledge management (XWiki)
# -- scalable: false
xwiki: 1 xwiki: 1
... ...

5
helmfile/environments/test/values.yaml.gotmpl
View File

@@ -35,17 +35,13 @@ ingress:
enabled: true enabled: true
secretName: "kyverno-tls" secretName: "kyverno-tls"
replicas: replicas:
# clamav-simple
clamav: 42 clamav: 42
# clamav-distributed
clamd: 42 clamd: 42
collabora: 42 collabora: 42
cryptpad: 42 cryptpad: 42
dovecot: 42 dovecot: 42
element: 42 element: 42
# clamav-distributed
freshclam: 42 freshclam: 42
# clamav-distributed
icap: 42 icap: 42
intercomService: 42 intercomService: 42
jibri: 42 jibri: 42
@@ -61,7 +57,6 @@ replicas:
matrixNeoDateFixWidget: 42 matrixNeoDateFixWidget: 42
matrixUserVerificationService: 42 matrixUserVerificationService: 42
memcached: 42 memcached: 42
# clamav-distributed
milter: 42 milter: 42
minio: 42 minio: 42
nextcloudApache2: 42 nextcloudApache2: 42