From bacf51efb1b042b80f13f5cf3f50557006f32374 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= Date: Thu, 16 Jan 2025 16:20:38 +0100 Subject: [PATCH] fix(helmfile): Support component specific storageClassNames. **Note:** Please check the migration.md if you upgrade a deployment that has set custom PVC sizes using `persistence.size` settings. --- .kyverno/policies/template-storage.yaml | 2 +- README.md | 2 +- docs/migrations.md | 48 ++++++++++++++ .../values-matrix-neodatefix-bot.yaml.gotmpl | 4 +- .../apps/element/values-synapse.yaml.gotmpl | 4 +- helmfile/apps/jitsi/values-jitsi.yaml.gotmpl | 4 +- helmfile/apps/nubus/values-nubus.yaml.gotmpl | 11 ++-- .../open-xchange/values-dovecot.yaml.gotmpl | 6 +- .../values-oxconnector.yaml.gotmpl | 3 +- .../values-clamav-distributed.yaml.gotmpl | 4 +- .../values-clamav-simple.yaml.gotmpl | 4 +- .../values-mariadb.yaml.gotmpl | 4 +- .../values-minio.yaml.gotmpl | 4 +- .../values-postfix.yaml.gotmpl | 4 +- .../values-postgresql.yaml.gotmpl | 4 +- .../values-redis.yaml.gotmpl | 4 +- helmfile/apps/xwiki/values.yaml.gotmpl | 4 +- .../default/persistence.yaml.gotmpl | 65 ++++++++++++++----- 18 files changed, 131 insertions(+), 50 deletions(-) diff --git a/.kyverno/policies/template-storage.yaml b/.kyverno/policies/template-storage.yaml index 71a0cce4..f8cc48ba 100644 --- a/.kyverno/policies/template-storage.yaml +++ b/.kyverno/policies/template-storage.yaml @@ -10,7 +10,7 @@ metadata: policies.kyverno.io/subject: "Pod" policies.kyverno.io/description: >- This policy validates if `.Values.persistence.storageClassNames` variables are used in templates and if the size - of volumes can be customized by `.Values.persistence.size` variable. + of volumes can be customized by `.Values.persistence.storages..size` variable. spec: background: true rules: diff --git a/README.md b/README.md index bbe2053d..0e3eecfe 100644 --- a/README.md +++ b/README.md @@ -36,7 +36,7 @@ openDesk currently features the following functional main components: | File management | Nextcloud | [29.0.8](https://nextcloud.com/de/changelog/#29-0-8) | [Nextcloud 29](https://docs.nextcloud.com/) | | Groupware | OX App Suite | [8.30](https://documentation.open-xchange.com/appsuite/releases/8.30/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) | | Knowledge management | XWiki | [16.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.4/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) | -| Portal & IAM | Nubus | [1.4.0](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) | +| Portal & IAM | Nubus | [1.5.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) | | Project management | OpenProject | [15.1.1](https://www.openproject.org/docs/release-notes/15-1-1/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) | | Videoconferencing | Jitsi | [2.0.9823](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9823) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) | | Weboffice | Collabora | [24.04.9.2](https://www.collaboraoffice.com/code-24-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) | diff --git a/docs/migrations.md b/docs/migrations.md index 95bf87a7..dae9a8e8 100644 --- a/docs/migrations.md +++ b/docs/migrations.md @@ -11,6 +11,7 @@ SPDX-License-Identifier: Apache-2.0 * [Manual update steps](#manual-update-steps) * [From v1.1.0: Manual checks/steps](#from-v110-manual-checkssteps) * [Pre-upgrade](#pre-upgrade) + * [Helmfile Feature: Component specific `storageClassName`](#helmfile-feature-component-specific-storageclassname) * [Helmfile new secret: `secrets.nubus.masterpassword`](#helmfile-new-secret-secretsnubusmasterpassword) * [From v1.0.0: Manual checks/steps](#from-v100-manual-checkssteps) * [Pre-upgrade](#pre-upgrade-1) @@ -87,6 +88,53 @@ Be sure you check all the sections for the releases your are going to update you ### Pre-upgrade +#### Helmfile Feature: Component specific `storageClassName` + +With openDesk 1.1.1 we support component specific `storageClassName` definitions beside the global ones, but we had to adapt the structure that can be found in `persistence.yaml.gotmpl` to achieve this in a clean manner. + +If you have set custom `persistence.size.*`-values for your deployment, please continue reading as you need to adapt your `persistence` settings to the new structure. + +When comparing the [old 1.1.0 structure](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/v1.1.0/helmfile/environments/default/persistence.yaml.gotmpl) with the [new one](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/v1.1.1/helmfile/environments/default/persistence.yaml.gotmpl) you can spot the changes: + +- We replaced `persistence.size` with `persistence.storages`. +- Below each component you can define now the `size` and the optional component specific `storageClassName`. +- We streamlined all components to be on the same level, as Nubus had an additional level of nesting before. + +So a setting of: + +```yaml +persistence: + size: + synapse: "1Gi" +``` + +needs to be changed to: + +```yaml +persistence: + storages: + synapse: + size: "1Gi" +``` + +or for the Nubus related entries, the following: + +```yaml +persistence: + size: + nubus: + ldapServerData: "1Gi" +``` + +needs to be changed to: + +```yaml +persistence: + storages: + nubusLdapServerData: + size: "1Gi" +``` + #### Helmfile new secret: `secrets.nubus.masterpassword` A not yet templated secret was discovered in the Nubus deployment that is now defined in [`secrets.yaml.gotmpl`](../helmfile/environments/default/theme.yaml.gotmpl) with the key `secrets.nubus.masterpassword`. If you define your own secrets, please be sure this new secret is set to the value of the `MASTER_PASSWORD` environment variable used in your deployment. diff --git a/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl b/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl index 41d82338..19fd3eb5 100644 --- a/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl +++ b/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl @@ -81,8 +81,8 @@ liveness sample: enabled: true persistence: - size: {{ .Values.persistence.size.matrixNeoDateFixBot | quote }} - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} + size: {{ .Values.persistence.storages.matrixNeoDateFixBot.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.matrixNeoDateFixBot.storageClassName .Values.persistence.storageClassNames.RWO | quote }} podAnnotations: {} diff --git a/helmfile/apps/element/values-synapse.yaml.gotmpl b/helmfile/apps/element/values-synapse.yaml.gotmpl index 1cc09a21..1e23e013 100644 --- a/helmfile/apps/element/values-synapse.yaml.gotmpl +++ b/helmfile/apps/element/values-synapse.yaml.gotmpl @@ -176,8 +176,8 @@ image: tag: {{ .Values.images.synapse.tag | quote }} persistence: - size: {{ .Values.persistence.size.synapse | quote }} - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} + size: {{ .Values.persistence.storages.synapse.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.synapse.storageClassName .Values.persistence.storageClassNames.RWO | quote }} podAnnotations: {} diff --git a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl index 06dc812a..17e3bb62 100644 --- a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl +++ b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl @@ -138,8 +138,8 @@ jitsi: resources: {{ .Values.resources.prosody | toYaml | nindent 6 }} persistence: - size: {{ .Values.persistence.size.prosody | quote }} - storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }} + size: {{ .Values.persistence.storages.prosody.size | quote }} + storageClassName: {{ coalesce .Values.persistence.storages.prosody.storageClassName .Values.persistence.storageClassNames.RWO | quote }} securityContext: allowPrivilegeEscalation: false capabilities: {} diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl index e5f10be4..c08e7172 100644 --- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl +++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl @@ -581,8 +581,8 @@ nubusPortalConsumer: accessKey: {{ .Values.objectstores.nubus.username | quote }} secretKey: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }} persistence: - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} - size: {{ .Values.persistence.size.nubus.portalConsumer | quote }} + size: {{ .Values.persistence.storages.nubusPortalConsumer.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.nubusPortalConsumer.storageClassName .Values.persistence.storageClassNames.RWO | quote }} podAnnotations: intents.otterize.com/service-name: "ums-portal-consumer" provisioningApi: @@ -811,8 +811,8 @@ nubusLdapServer: tag: {{ .Values.images.nubusLdapServerLeaderElector.tag }} pullPolicy: {{ .Values.global.imagePullPolicy | quote }} persistence: - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} - size: {{ .Values.persistence.size.nubus.ldapServerData | quote }} + size: {{ .Values.persistence.storages.nubusLdapServerData.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.nubusLdapServerData.storageClassName .Values.persistence.storageClassNames.RWO | quote }} replicaCountPrimary: {{ .Values.replicas.umsLdapServerPrimary }} replicaCountSecondary: {{ .Values.replicas.umsLdapServerSecondary }} replicaCountProxy: {{ .Values.replicas.umsLdapServerProxy }} @@ -914,7 +914,8 @@ nubusProvisioning: tag: {{ .Values.images.nubusNatsBox.tag }} imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} persistence: - size: {{ .Values.persistence.size.nubus.provisioningNats }} + size: {{ .Values.persistence.storages.nubusProvisioningNats.size }} + storageClass: {{ coalesce .Values.persistence.storages.nubusProvisioningNats.storageClassName .Values.persistence.storageClassNames.RWO | quote }} reloader: image: registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.nubusNatsReloader.registry | quote }} diff --git a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl index 69119646..ae6390ab 100644 --- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl @@ -92,15 +92,15 @@ podSecurityContext: persistence: {{- if .Values.cluster.persistence.readWriteMany.enabled }} - storageClassName: {{ .Values.persistence.storageClassNames.RWX | quote }} + storageClassName: {{ coalesce .Values.persistence.storages.dovecot.storageClassName .Values.persistence.storageClassNames.RWX | quote }} accessModes: - "ReadWriteMany" {{- else }} - storageClassName: {{ .Values.persistence.storageClassNames.RWO | quote }} + storageClassName: {{ coalesce .Values.persistence.storages.dovecot.storageClassName .Values.persistence.storageClassNames.RWO | quote }} accessModes: - "ReadWriteOnce" {{- end }} - size: {{ .Values.persistence.size.dovecot | quote }} + size: {{ .Values.persistence.storages.dovecot.size | quote }} resources: {{ .Values.resources.dovecot | toYaml | nindent 2 }} diff --git a/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl b/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl index 39e54dda..74b7b66f 100644 --- a/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl @@ -66,7 +66,8 @@ resourcesWaitForDependency: {{ .Values.resources.oxConnector | toYaml | nindent 2 }} persistence: - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} + size: {{ .Values.persistence.storages.oxConnector.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.oxConnector.storageClassName .Values.persistence.storageClassNames.RWO | quote }} podAnnotations: {} diff --git a/helmfile/apps/services-external/values-clamav-distributed.yaml.gotmpl b/helmfile/apps/services-external/values-clamav-distributed.yaml.gotmpl index ed09d02d..c603a24c 100644 --- a/helmfile/apps/services-external/values-clamav-distributed.yaml.gotmpl +++ b/helmfile/apps/services-external/values-clamav-distributed.yaml.gotmpl @@ -152,6 +152,6 @@ milter: {{ .Values.resources.milter | toYaml | nindent 4 }} persistence: - storageClass: {{ .Values.persistence.storageClassNames.RWX | quote }} - size: {{ .Values.persistence.size.clamav | quote }} + size: {{ .Values.persistence.storages.clamav.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.clamav.storageClassName .Values.persistence.storageClassNames.RWX | quote }} ... diff --git a/helmfile/apps/services-external/values-clamav-simple.yaml.gotmpl b/helmfile/apps/services-external/values-clamav-simple.yaml.gotmpl index 294b243e..30ad3d1d 100644 --- a/helmfile/apps/services-external/values-clamav-simple.yaml.gotmpl +++ b/helmfile/apps/services-external/values-clamav-simple.yaml.gotmpl @@ -37,8 +37,8 @@ image: imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} persistence: - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} - size: {{ .Values.persistence.size.clamav | quote }} + size: {{ .Values.persistence.storages.clamav.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.clamav.storageClassName .Values.persistence.storageClassNames.RWO | quote }} podAnnotations: {} diff --git a/helmfile/apps/services-external/values-mariadb.yaml.gotmpl b/helmfile/apps/services-external/values-mariadb.yaml.gotmpl index 8abd9fda..58e41949 100644 --- a/helmfile/apps/services-external/values-mariadb.yaml.gotmpl +++ b/helmfile/apps/services-external/values-mariadb.yaml.gotmpl @@ -71,8 +71,8 @@ mariadb: value: {{ .Values.secrets.mariadb.rootPassword | quote }} persistence: - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} - size: {{ .Values.persistence.size.mariadb | quote }} + size: {{ .Values.persistence.storages.mariadb.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.mariadb.storageClassName .Values.persistence.storageClassNames.RWO | quote }} podAnnotations: argocd.argoproj.io/hook: "PostSync" diff --git a/helmfile/apps/services-external/values-minio.yaml.gotmpl b/helmfile/apps/services-external/values-minio.yaml.gotmpl index dc466f54..e3e22b09 100644 --- a/helmfile/apps/services-external/values-minio.yaml.gotmpl +++ b/helmfile/apps/services-external/values-minio.yaml.gotmpl @@ -90,8 +90,8 @@ podSecurityContext: fsGroup: 1001 persistence: - storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" - size: "{{ .Values.persistence.size.minio }}" + size: {{ .Values.persistence.storages.minio.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.minio.storageClassName .Values.persistence.storageClassNames.RWO | quote }} provisioning: enabled: true diff --git a/helmfile/apps/services-external/values-postfix.yaml.gotmpl b/helmfile/apps/services-external/values-postfix.yaml.gotmpl index 53b0281f..c6957d8a 100644 --- a/helmfile/apps/services-external/values-postfix.yaml.gotmpl +++ b/helmfile/apps/services-external/values-postfix.yaml.gotmpl @@ -34,8 +34,8 @@ image: imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} persistence: - size: {{ .Values.persistence.size.postfix | quote }} - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} + size: {{ .Values.persistence.storages.postfix.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.postfix.storageClassName .Values.persistence.storageClassNames.RWO | quote }} podSecurityContext: enabled: true diff --git a/helmfile/apps/services-external/values-postgresql.yaml.gotmpl b/helmfile/apps/services-external/values-postgresql.yaml.gotmpl index 8a26fd9a..68da62fe 100644 --- a/helmfile/apps/services-external/values-postgresql.yaml.gotmpl +++ b/helmfile/apps/services-external/values-postgresql.yaml.gotmpl @@ -89,8 +89,8 @@ job: user: {{ .Values.databases.umsSelfservice.username | quote }} persistence: - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} - size: {{ .Values.persistence.size.postgresql | quote }} + size: {{ .Values.persistence.storages.postgresql.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.postgresql.storageClassName .Values.persistence.storageClassNames.RWO | quote }} podAnnotations: argocd.argoproj.io/hook: "PostSync" diff --git a/helmfile/apps/services-external/values-redis.yaml.gotmpl b/helmfile/apps/services-external/values-redis.yaml.gotmpl index 383799a5..fb16cdd2 100644 --- a/helmfile/apps/services-external/values-redis.yaml.gotmpl +++ b/helmfile/apps/services-external/values-redis.yaml.gotmpl @@ -12,7 +12,7 @@ auth: global: imagePullSecrets: {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} + storageClass: {{ coalesce .Values.persistence.storages.redis.storageClassName .Values.persistence.storageClassNames.RWO | quote }} image: registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.redis.registry | quote }} @@ -37,7 +37,7 @@ master: {{ .Values.seLinuxOptions.redis | toYaml | nindent 6 }} count: {{ .Values.replicas.redis }} persistence: - size: {{ .Values.persistence.size.redis | quote }} + size: {{ .Values.persistence.storages.redis.size | quote }} podAnnotations: {} resources: {{ .Values.resources.redis | toYaml | nindent 4 }} diff --git a/helmfile/apps/xwiki/values.yaml.gotmpl b/helmfile/apps/xwiki/values.yaml.gotmpl index f1bd004d..50fd5a34 100644 --- a/helmfile/apps/xwiki/values.yaml.gotmpl +++ b/helmfile/apps/xwiki/values.yaml.gotmpl @@ -133,8 +133,8 @@ mysql: enabled: false persistence: - size: {{ .Values.persistence.size.xwiki | quote }} - storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} + size: {{ .Values.persistence.storages.xwiki.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.xwiki.storageClassName .Values.persistence.storageClassNames.RWO | quote }} postgresql: enabled: false diff --git a/helmfile/environments/default/persistence.yaml.gotmpl b/helmfile/environments/default/persistence.yaml.gotmpl index 746523fc..af3dba59 100644 --- a/helmfile/environments/default/persistence.yaml.gotmpl +++ b/helmfile/environments/default/persistence.yaml.gotmpl @@ -2,24 +2,55 @@ # SPDX-License-Identifier: Apache-2.0 --- persistence: + # Will be used as default if not otherwise define on the component level storageClassNames: RWX: "" RWO: "" - size: - clamav: "1Gi" - dovecot: "1Gi" - mariadb: "1Gi" - matrixNeoDateFixBot: "1Gi" - minio: "10Gi" - postfix: "1Gi" - postgresql: "1Gi" - prosody: "1Gi" - redis: "1Gi" - synapse: "1Gi" - nubus: - ldapServerData: "1Gi" - ldapServerShared: "1Gi" - portalConsumer: "1Gi" - provisioningNats: "1Gi" - xwiki: "1Gi" + + storages: + clamav: + size: "1Gi" + storageClassName: ~ + dovecot: + size: "1Gi" + storageClassName: ~ + mariadb: + size: "1Gi" + storageClassName: ~ + matrixNeoDateFixBot: + size: "1Gi" + storageClassName: ~ + minio: + size: "10Gi" + storageClassName: ~ + nubusLdapServerData: + size: "1Gi" + storageClassName: ~ + nubusPortalConsumer: + size: "1Gi" + storageClassName: ~ + nubusProvisioningNats: + size: "1Gi" + storageClassName: ~ + oxConnector: + size: "1Gi" + storageClassName: ~ + postfix: + size: "1Gi" + storageClassName: ~ + postgresql: + size: "1Gi" + storageClassName: ~ + prosody: + size: "1Gi" + storageClassName: ~ + redis: + size: "1Gi" + storageClassName: ~ + synapse: + size: "1Gi" + storageClassName: ~ + xwiki: + size: "1Gi" + storageClassName: ~ ...