sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-08 00:11:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(services): Support application based connection limits and password updates for PostgreSQL and MariaDB.

Browse Source
This commit is contained in:
Thorsten Roßner
2024-08-15 15:32:44 +02:00
parent fbe4909a8e
commit c03566dd63
5 changed files with 76 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
helmfile/apps/services/values-mariadb.yaml.gotmpl
View File

@@ -3,6 +3,7 @@
--- ---
cleanup: cleanup:
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
containerSecurityContext: containerSecurityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
@@ -35,19 +36,32 @@ job:
retries: 10 retries: 10
wait: 30 wait: 30
users: users:
- username: "xwiki_user" - username: {{ .Values.databases.nextcloud.username | quote }}
password: {{ .Values.secrets.mariadb.xwikiUser | quote }}
- username: "openxchange_user"
password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
- username: "nextcloud_user"
password: {{ .Values.secrets.mariadb.nextcloudUser | quote}} password: {{ .Values.secrets.mariadb.nextcloudUser | quote}}
connectionLimit: {{ .Values.databases.nextcloud.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
# OX and XWiki are using the db's `root` users (see `database.yaml`). So we are statically referencing their dedicated
# users for the moment.
- username: "openxchange_user"
# - username: {{ .Values.databases.xwiki.username | quote }}
password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
connectionLimit: {{ .Values.databases.oxAppsuite.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
- username: "xwiki_user"
# - username: {{ .Values.databases.oxAppsuite.username | quote }}
password: {{ .Values.secrets.mariadb.xwikiUser | quote }}
connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
databases: databases:
- name: "xwiki" - name: {{ .Values.databases.nextcloud.name | quote }}
user: "xwiki_user" user: {{ .Values.databases.nextcloud.username | quote }}
- name: "nextcloud" # OX and XWiki are using the db's `root` users (see `database.yaml`). So we are statically referencing their dedicated
user: "nextcloud_user" # users for the moment.
- name: "openxchange" - name: "openxchange"
user: "openxchange_user" user: "openxchange_user"
# - name: {{ .Values.databases.oxAppsuite.name | quote }}
# user: {{ .Values.databases.oxAppsuite.username | quote }}
- name: "xwiki"
user: "xwiki_user"
# - name: {{ .Values.databases.xwiki.name | quote }}
# user: {{ .Values.databases.xwiki.username | quote }}
mariadb: mariadb:
rootPassword: {{ .Values.secrets.mariadb.rootPassword | quote }} rootPassword: {{ .Values.secrets.mariadb.rootPassword | quote }}

3
helmfile/apps/services/values-minio.yaml.gotmpl
View File

@@ -85,7 +85,8 @@ persistence:
provisioning: provisioning:
enabled: true enabled: true
cleanupAfterFinished: cleanupAfterFinished:
enabled: true enabled: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
seconds: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
extraCommands: extraCommands:
- "mc anonymous set download provisioning/ums/portal-assets" - "mc anonymous set download provisioning/ums/portal-assets"
buckets: buckets:

55
helmfile/apps/services/values-postgresql.yaml.gotmpl
View File

@@ -1,6 +1,10 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
cleanup:
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
containerSecurityContext: containerSecurityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
@@ -17,8 +21,6 @@ containerSecurityContext:
seLinuxOptions: seLinuxOptions:
{{ .Values.seLinuxOptions.postgresql | toYaml | nindent 4 }} {{ .Values.seLinuxOptions.postgresql | toYaml | nindent 4 }}
job:
podSecurityContext: podSecurityContext:
enabled: true enabled: true
fsGroup: 1001 fsGroup: 1001
@@ -43,36 +45,43 @@ image:
job: job:
users: users:
- username: "keycloak_user" - username: {{ .Values.databases.keycloak.username | quote }}
password: {{ .Values.secrets.postgresql.keycloakUser | quote }} password: {{ .Values.secrets.postgresql.keycloakUser | quote }}
- username: "openproject_user" connectionLimit: {{ .Values.databases.keycloak.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
- username: {{ .Values.databases.openproject.username | quote }}
password: {{ .Values.secrets.postgresql.openprojectUser | quote }} password: {{ .Values.secrets.postgresql.openprojectUser | quote }}
- username: "keycloak_extensions_user" connectionLimit: {{ .Values.databases.openproject.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
- username: {{ .Values.databases.keycloakExtension.username | quote }}
password: {{ .Values.secrets.postgresql.keycloakExtensionUser | quote }} password: {{ .Values.secrets.postgresql.keycloakExtensionUser | quote }}
- username: "matrix_user" connectionLimit: {{ .Values.databases.keycloakExtension.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
- username: {{ .Values.databases.synapse.username | quote }}
password: {{ .Values.secrets.postgresql.matrixUser | quote }} password: {{ .Values.secrets.postgresql.matrixUser | quote }}
- username: "notificationsapi_user" connectionLimit: {{ .Values.databases.synapse.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
- username: {{ .Values.databases.umsNotificationsApi.username | quote }}
password: {{ .Values.secrets.postgresql.umsNotificationsApiUser | quote }} password: {{ .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
- username: "guardianmanagementapi_user" connectionLimit: {{ .Values.databases.umsNotificationsApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
- username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
password: {{ .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }} password: {{ .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }}
- username: "selfservice_user" connectionLimit: {{ .Values.databases.umsGuardianManagementApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
- username: {{ .Values.databases.umsSelfservice.username | quote }}
password: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }} password: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }}
connectionLimit: {{ .Values.databases.umsSelfservice.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
databases: databases:
- name: "keycloak" - name: {{ .Values.databases.keycloak.name | quote }}
user: "keycloak_user" user: {{ .Values.databases.keycloak.username | quote }}
- name: "keycloak_extensions" - name: {{ .Values.databases.keycloakExtension.name | quote }}
user: "keycloak_extensions_user" user: {{ .Values.databases.keycloakExtension.username | quote }}
- name: "openproject" - name: {{ .Values.databases.openproject.name | quote }}
user: "openproject_user" user: {{ .Values.databases.openproject.username | quote }}
- name: "matrix" - name: {{ .Values.databases.synapse.name | quote }}
user: "matrix_user" user: {{ .Values.databases.synapse.username | quote }}
additionalParams: "ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0" additionalParams: "ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0"
- name: "guardianmanagementapi" - name: {{ .Values.databases.umsGuardianManagementApi.name | quote }}
user: "guardianmanagementapi_user" user: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
- name: "notificationsapi" - name: {{ .Values.databases.umsNotificationsApi.name | quote }}
user: "notificationsapi_user" user: {{ .Values.databases.umsNotificationsApi.username | quote }}
- name: "selfservice" - name: {{ .Values.databases.umsSelfservice.name | quote }}
user: "selfservice_user" user: {{ .Values.databases.umsSelfservice.username | quote }}
persistence: persistence:
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}

4
helmfile/environments/default/charts.yaml
View File

@@ -142,7 +142,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-mariadb" repository: "bmi/opendesk/components/platform-development/charts/opendesk-mariadb"
name: "mariadb" name: "mariadb"
version: "2.2.1" version: "2.3.1"
verify: true verify: true
matrixNeoboardWidget: matrixNeoboardWidget:
# providerCategory: "Platform" # providerCategory: "Platform"
@@ -360,7 +360,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-postgresql" repository: "bmi/opendesk/components/platform-development/charts/opendesk-postgresql"
name: "postgresql" name: "postgresql"
version: "2.0.5" version: "2.1.1"
verify: true verify: true
redis: redis:
# providerCategory: "Community" # providerCategory: "Community"

20
helmfile/environments/default/database.yaml
View File

@@ -2,62 +2,76 @@
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
--- ---
databases: databases:
defaults:
userConnectionLimit: 100
keycloak: keycloak:
name: "keycloak" name: "keycloak"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
username: "keycloak_user" username: "keycloak_user"
password: "" password: ""
connectionLimit: ~
keycloakExtension: keycloakExtension:
name: "keycloak_extensions" name: "keycloak_extensions"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
username: "keycloak_extensions_user" username: "keycloak_extensions_user"
password: "" password: ""
connectionLimit: ~
nextcloud: nextcloud:
name: "nextcloud" name: "nextcloud"
host: "mariadb" host: "mariadb"
port: 3306 port: 3306
username: "nextcloud_user" username: "nextcloud_user"
password: "" password: ""
connectionLimit: ~
openproject: openproject:
name: "openproject" name: "openproject"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
username: "openproject_user" username: "openproject_user"
password: "" password: ""
connectionLimit: ~
oxAppsuite: oxAppsuite:
host: "mariadb"
name: "configdb" name: "configdb"
host: "mariadb"
port: 3306
username: "root" username: "root"
password: "" password: ""
connectionLimit: ~
synapse: synapse:
host: "postgresql"
name: "matrix" name: "matrix"
host: "postgresql"
port: 5432
username: "matrix_user" username: "matrix_user"
password: "" password: ""
port: 5432 connectionLimit: ~
umsGuardianManagementApi: umsGuardianManagementApi:
name: "guardianmanagementapi" name: "guardianmanagementapi"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
username: "guardianmanagementapi_user" username: "guardianmanagementapi_user"
password: "" password: ""
connectionLimit: ~
umsNotificationsApi: umsNotificationsApi:
name: "notificationsapi" name: "notificationsapi"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
username: "notificationsapi_user" username: "notificationsapi_user"
password: "" password: ""
connectionLimit: ~
umsSelfservice: umsSelfservice:
name: "selfservice" name: "selfservice"
host: "postgresql" host: "postgresql"
port: 5432 port: 5432
username: "selfservice_user" username: "selfservice_user"
password: "" password: ""
connectionLimit: 10
xwiki: xwiki:
name: "xwiki" name: "xwiki"
host: "mariadb" host: "mariadb"
port: 3306
username: "root" username: "root"
password: "" password: ""
connectionLimit: ~
... ...