From 63f8394e044670a89a642e933600b68ff740a102 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= Date: Tue, 16 Jul 2024 18:04:19 +0200 Subject: [PATCH] fix(nextcloud): Update to 28.0.7 including the apps, fix admin panel warnings (#94). Updated `cluster.networking.cidr` potentially requires manual migration, see `docs/migrations.md` for details. --- docs/getting-started.md | 3 ++- docs/migrations.md | 8 +++++++- docs/requirements.md | 10 +++++----- .../apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl | 3 +++ helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl | 3 +++ helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl | 2 +- helmfile/apps/services/values-postfix.yaml.gotmpl | 2 +- helmfile/environments/default/charts.yaml | 4 ++-- helmfile/environments/default/cluster.yaml | 5 +++-- helmfile/environments/default/images.yaml | 6 +++--- 10 files changed, 30 insertions(+), 16 deletions(-) diff --git a/docs/getting-started.md b/docs/getting-started.md index 1b213a77..9822fcb9 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -195,7 +195,8 @@ If your cluster has not the default `10.0.0.0/8` CIDR configured, you need to pr ```yaml cluster: networking: - cidr: "127.0.0.0/8" + cidr: + - "127.0.0.0/8" ``` ### Ingress diff --git a/docs/migrations.md b/docs/migrations.md index 5c947268..484a23a8 100644 --- a/docs/migrations.md +++ b/docs/migrations.md @@ -3,10 +3,11 @@ SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlic SPDX-License-Identifier: Apache-2.0 --> -

Migrations

+

Upgrade migrations

* [Disclaimer](#disclaimer) * [From v0.8.1](#from-v081) + * [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr) * [Updated customizable template attributes](#updated-customizable-template-attributes) * [`migrations` S3 bucket](#migrations-s3-bucket) @@ -18,6 +19,11 @@ Though we try to ease the pain when it comes to 0.x upgrades. That is what this # From v0.8.1 +## Updated `cluster.networking.cidr` + +- Action: `cluster.networking.cidr` is now an array (was a string until 0.8.1), please update your setup accordingly if you explicitly set this value. +- Reference:[cluster.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/cluster.yaml) + ## Updated customizable template attributes - Action: Please ensure you update you custom deployment values according with the updated default value structure. diff --git a/docs/requirements.md b/docs/requirements.md index de9f74fe..b5166147 100644 --- a/docs/requirements.md +++ b/docs/requirements.md @@ -33,11 +33,11 @@ openDesk is a Kubernetes only solution and requires an existing Kubernetes (K8s) The following minimal requirements are thought for initial evaluation deployment: -| Spec | Value | -|------|------------------------------------------------------| -| CPU | 8 Cores of x64 or x86 CPU (ARM is not supported yet) | -| RAM | 16 GB, recommended 32 GB | -| Disk | HDD or SSD, >10 GB | +| Spec | Value | +| ---- | ----------------------------------------------------- | +| CPU | 12 Cores of x64 or x86 CPU (ARM is not supported yet) | +| RAM | 32 GB, more recommended | +| Disk | HDD or SSD, >10 GB | # Kubernetes diff --git a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl index 380fde9f..3cd53369 100644 --- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl +++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl @@ -35,6 +35,9 @@ configuration: value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }} host: {{ .Values.cache.nextcloud.host | quote }} port: {{ .Values.cache.nextcloud.port | quote }} + collabora: + # internalWopiUrl: "" + wopiAllowlist: {{ join " " .Values.cluster.networking.cidr | quote }} database: host: {{ .Values.databases.nextcloud.host | quote }} port: {{ .Values.databases.nextcloud.port | quote }} diff --git a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl index 587b7513..47313490 100644 --- a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl +++ b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl @@ -66,6 +66,7 @@ php: value: "nextcloud_user" password: value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }} + trustedProxies: {{ join " " .Values.cluster.networking.cidr | quote }} containerSecurityContext: allowPrivilegeEscalation: false capabilities: @@ -107,6 +108,7 @@ apache2: configuration: php: host: "opendesk-nextcloud-php.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}" + trustedProxies: {{ join " " .Values.cluster.networking.cidr | quote }} containerSecurityContext: allowPrivilegeEscalation: false capabilities: @@ -143,4 +145,5 @@ apache2: replicaCount: {{ .Values.replicas.nextcloudApache2 }} resources: {{ .Values.resources.nextcloudApache2 | toYaml | nindent 4 }} + ... diff --git a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl index 1e4df0e5..ab3cca41 100644 --- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl @@ -31,7 +31,7 @@ dovecot: introspectionHost: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }} introspectionPath: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token/introspect" usernameAttribute: "opendesk_username" - loginTrustedNetworks: {{ .Values.cluster.networking.cidr | quote }} + loginTrustedNetworks: {{ join " " .Values.cluster.networking.cidr | quote }} submission: enabled: true diff --git a/helmfile/apps/services/values-postfix.yaml.gotmpl b/helmfile/apps/services/values-postfix.yaml.gotmpl index f515845d..9528e429 100644 --- a/helmfile/apps/services/values-postfix.yaml.gotmpl +++ b/helmfile/apps/services/values-postfix.yaml.gotmpl @@ -51,7 +51,7 @@ postfix: - {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }} rspamdHost: "" relayHost: {{ if .Values.smtp.host }}{{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}{{ else }}""{{ end }} - relayNets: {{ .Values.cluster.networking.cidr | quote}} + relayNets: {{ join " " .Values.cluster.networking.cidr | quote }} smtpSASLAuthEnable: "yes" smtpSASLPasswordMaps: "lmdb:/etc/postfix/sasl_passwd.map" smtpUseTLS: "yes" diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index 003d553d..e29f9c8c 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -220,7 +220,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud" name: "opendesk-nextcloud" - version: "2.1.0" + version: "3.0.0" verify: true nextcloudManagement: # providerCategory: "Platform" @@ -230,7 +230,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud" name: "opendesk-nextcloud-management" - version: "2.1.0" + version: "3.0.0" verify: true nginx: # providerCategory: "Community" diff --git a/helmfile/environments/default/cluster.yaml b/helmfile/environments/default/cluster.yaml index 8e0fcae7..ab31b3cc 100644 --- a/helmfile/environments/default/cluster.yaml +++ b/helmfile/environments/default/cluster.yaml @@ -15,8 +15,9 @@ cluster: networking: # Kubernetes internal cluster domain. domain: "cluster.local" - # Kubernetes cluster network CIDR. - cidr: "10.0.0.0/8" + # Kubernetes cluster network CIDRs. + cidr: + - "10.0.0.0/8" # Ingress-gateway IP - only relevant for "NodePort" cluster services. # When ingress and egress gateway use different ips, which results that pods can't self-discover their incoming ip, # you need to provide the public (load-balanced) ingress gateways ip address. diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index 00fa51c8..88e9e5bb 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -229,7 +229,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2" - tag: "1.1.22@sha256:8bfa92fcfdcb2fee1b3560a623ffb319fcfcc7e5fbcc20d631df747427e88f84" + tag: "1.1.24@sha256:c9222da8be7af12c9076b41d1a14e019725afc075e1aaa2b727be21c1bf45f10" nextcloudExporter: # providerCategory: "Platform" # providerResponsible: "openDesk" @@ -245,7 +245,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management" - tag: "1.4.2@sha256:a4c12a624c76b44c8305a768ced33e2b9af9497ff9cfa639045df846d89fbda4" + tag: "1.4.4@sha256:b70c159d6a1827748ca1f8fe0b9fd5b011eaed8719172105e1e9c8b8d776cf97" nextcloudPHP: # providerCategory: "Platform" # providerResponsible: "openDesk" @@ -253,7 +253,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php" - tag: "1.10.1@sha256:8eb5ac95eaea69e0928e48aa5a121cbf10f359be4679040da8464810e9d799ff" + tag: "1.10.3@sha256:e659ab95d0d3a33d4937354449c12fa46fe2669a866bbf432a9d729bed6d54f7" opendeskKeycloakBootstrap: # providerCategory: "Platform" # providerResponsible: "openDesk"