From 1b39b9db29a7f212fd02c6a031b33290cb7e3a08 Mon Sep 17 00:00:00 2001
From: Paul <paul@zom.bi>
Date: Tue, 12 Jan 2021 13:00:01 +0100
Subject: [PATCH 01/11] Initial Mediawiki version
---
zombi/mediawiki/.helmignore | 23 ++++
zombi/mediawiki/Chart.yaml | 9 ++
zombi/mediawiki/templates/NOTES.txt | 22 ++++
zombi/mediawiki/templates/_helpers.tpl | 87 ++++++++++++++
zombi/mediawiki/templates/deployment.yaml | 111 ++++++++++++++++++
zombi/mediawiki/templates/ingress.yaml | 41 +++++++
zombi/mediawiki/templates/service.yaml | 15 +++
.../templates/tests/test-connection.yaml | 15 +++
zombi/mediawiki/values.yaml | 70 +++++++++++
9 files changed, 393 insertions(+)
create mode 100644 zombi/mediawiki/.helmignore
create mode 100644 zombi/mediawiki/Chart.yaml
create mode 100644 zombi/mediawiki/templates/NOTES.txt
create mode 100644 zombi/mediawiki/templates/_helpers.tpl
create mode 100644 zombi/mediawiki/templates/deployment.yaml
create mode 100644 zombi/mediawiki/templates/ingress.yaml
create mode 100644 zombi/mediawiki/templates/service.yaml
create mode 100644 zombi/mediawiki/templates/tests/test-connection.yaml
create mode 100644 zombi/mediawiki/values.yaml
diff --git a/zombi/mediawiki/.helmignore b/zombi/mediawiki/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/zombi/mediawiki/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/zombi/mediawiki/Chart.yaml b/zombi/mediawiki/Chart.yaml
new file mode 100644
index 0000000..4cd1510
--- /dev/null
+++ b/zombi/mediawiki/Chart.yaml
@@ -0,0 +1,9 @@
+apiVersion: v2
+name: mediawiki
+description: A wiki with semantic extensions
+
+type: application
+
+version: 0.0.0
+
+appVersion: 3.15.1
diff --git a/zombi/mediawiki/templates/NOTES.txt b/zombi/mediawiki/templates/NOTES.txt
new file mode 100644
index 0000000..da9085d
--- /dev/null
+++ b/zombi/mediawiki/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+ {{- range .paths }}
+ http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+ {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "mediawiki.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "mediawiki.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "mediawiki.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+ echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mediawiki.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/zombi/mediawiki/templates/_helpers.tpl b/zombi/mediawiki/templates/_helpers.tpl
new file mode 100644
index 0000000..a9c6dea
--- /dev/null
+++ b/zombi/mediawiki/templates/_helpers.tpl
@@ -0,0 +1,87 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mediawiki.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "mediawiki.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "mediawiki.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "mediawiki.labels" -}}
+helm.sh/chart: {{ include "mediawiki.chart" . }}
+{{ include "mediawiki.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "mediawiki.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "mediawiki.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Common environment values
+*/}}
+{{- define "mediawiki.env" -}}
+- name: WG_SERVER
+ value: {{ .Values.wiki.server | quote }}
+
+#WG_SITENAME="Test Wiki"
+#WG_SCRIPT_PATH=""
+#WG_SERVER="https://wiki.example.com"
+#SEMANTIC_URL="wiki.example.com"
+#WG_ENABLE_UPLOADS="false"
+#WG_ENABLE_EMAIL="false"
+#WG_UPLOAD_PATH="/uploads"
+#WG_META_NAMESPACE="Meta"
+#WG_LANGUAGE_CODE="en"
+#MEDIAWIKI_ADMIN_USER="admin"
+#MEDIAWIKI_ADMIN_PASS="password"
+#WG_DB_TYPE="sqlite"
+#WG_DB_SERVER=""
+#WG_DB_NAME="my_wiki"
+#WG_DB_PASSWORD="password"
+#WG_DB_PREFIX=""
+#WG_DB_MWSCHEMA=""
+#WG_DATABASE_DIR="/var/www/data"
+#WG_SECRET_KEY="0000000000000000000000000000000000000000000000000000000000000000"
+#WG_EMERGENCY_CONTACT="admin@example.com"
+#WG_PASSWORD_SENDER="wiki@example.com"
+#ALLOW_PUBLIC_REGISTRATION="false"
+#ALLOW_PUBLIC_EDIT="false"
+#ALLOW_PUBLIC_READ="true"
+#DISABLE_ICONS="false"
+#DEBUG="false"
+
+{{- end }}
diff --git a/zombi/mediawiki/templates/deployment.yaml b/zombi/mediawiki/templates/deployment.yaml
new file mode 100644
index 0000000..0d4e7a2
--- /dev/null
+++ b/zombi/mediawiki/templates/deployment.yaml
@@ -0,0 +1,111 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "mediawiki.fullname" . }}
+ labels:
+ {{- include "mediawiki.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "mediawiki.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "mediawiki.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ initContainers:
+ - name: setup
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command: ['db-setup.sh']
+ env:
+ {{- include "mediawiki.env" . | nindent 12 }}
+ volumeMounts:
+ - name: data-volume
+ mountPath: /var/www/data
+ - name: localstore-volume
+ mountPath: /var/www/localstore
+ containers:
+ - name: {{ .Chart.Name }}-web
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ {{- include "mediawiki.env" . | nindent 12 }}
+ ports:
+ - name: http
+ containerPort: 80
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /
+ port: http
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ volumeMounts:
+ - name: data-volume
+ mountPath: /var/www/data
+ - name: localstore-volume
+ mountPath: /var/www/localstore
+ {{- with .Values.extraVolumeMounts }}
+ {{- tpl . $ | nindent 12 }}
+ {{- end }}
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ - name: {{ .Chart.Name }}-cron
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command: ['crontab-foreground']
+ env:
+ {{- include "mediawiki.env" . | nindent 12 }}
+ volumeMounts:
+ - name: data-volume
+ mountPath: /var/www/data
+ - name: localstore-volume
+ mountPath: /var/www/localstore
+ {{- with .Values.extraVolumeMounts }}
+ {{- tpl . $ | nindent 12 }}
+ {{- end }}
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ volumes:
+ - name: localstore-volume
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ .Values.persistence.existingClaim | default (include "mediawiki.fullname" .) }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ - name: data-volume
+ emptyDir: {}
+ {{- with .Values.extraVolumes }}
+ {{- tpl . $ | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/zombi/mediawiki/templates/ingress.yaml b/zombi/mediawiki/templates/ingress.yaml
new file mode 100644
index 0000000..0241912
--- /dev/null
+++ b/zombi/mediawiki/templates/ingress.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "mediawiki.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+ name: {{ $fullName }}
+ labels:
+ {{- include "mediawiki.labels" . | nindent 4 }}
+ {{- with .Values.ingress.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if .Values.ingress.tls }}
+ tls:
+ {{- range .Values.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . | quote }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ {{- range .paths }}
+ - path: {{ . }}
+ backend:
+ serviceName: {{ $fullName }}
+ servicePort: {{ $svcPort }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
diff --git a/zombi/mediawiki/templates/service.yaml b/zombi/mediawiki/templates/service.yaml
new file mode 100644
index 0000000..9107f25
--- /dev/null
+++ b/zombi/mediawiki/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "mediawiki.fullname" . }}
+ labels:
+ {{- include "mediawiki.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ {{- include "mediawiki.selectorLabels" . | nindent 4 }}
diff --git a/zombi/mediawiki/templates/tests/test-connection.yaml b/zombi/mediawiki/templates/tests/test-connection.yaml
new file mode 100644
index 0000000..fad52a3
--- /dev/null
+++ b/zombi/mediawiki/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ include "mediawiki.fullname" . }}-test-connection"
+ labels:
+ {{- include "mediawiki.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": test
+spec:
+ containers:
+ - name: wget
+ image: busybox
+ command: ['wget']
+ args: ['{{ include "mediawiki.fullname" . }}:{{ .Values.service.port }}']
+ restartPolicy: Never
diff --git a/zombi/mediawiki/values.yaml b/zombi/mediawiki/values.yaml
new file mode 100644
index 0000000..3496f8e
--- /dev/null
+++ b/zombi/mediawiki/values.yaml
@@ -0,0 +1,70 @@
+# Default values for mediawiki.
+
+replicaCount: 1
+
+image:
+ repository: zombi/mediawiki
+ pullPolicy: IfNotPresent
+ tag: "latest"
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+wiki:
+ server: "https://wiki.example.org"
+
+persistence:
+ enabled: false
+ #existingClaim: pvc-name-mediawiki
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
+securityContext:
+ runAsNonRoot: true
+ runAsUser: 33
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ add:
+ - NET_BIND_SERVICE # For listening on port 80
+ # readOnlyRootFilesystem: true
+
+service:
+ type: ClusterIP
+ port: 80
+
+ingress:
+ enabled: false
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: chart-example.local
+ paths: []
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+extraVolumeMounts: {}
+
+extraVolumes: {}
+
+resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
From ccc9bbe0c88571f3bffbc31f0b6daef9a954d481 Mon Sep 17 00:00:00 2001
From: Paul <paul@zom.bi>
Date: Tue, 12 Jan 2021 13:10:25 +0100
Subject: [PATCH 02/11] Use securityContexts
---
zombi/mediawiki/values.yaml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/zombi/mediawiki/values.yaml b/zombi/mediawiki/values.yaml
index 3496f8e..b693cc8 100644
--- a/zombi/mediawiki/values.yaml
+++ b/zombi/mediawiki/values.yaml
@@ -20,12 +20,12 @@ persistence:
podAnnotations: {}
-podSecurityContext: {}
- # fsGroup: 2000
+podSecurityContext:
+ fsGroup: 33 # www-data
securityContext:
runAsNonRoot: true
- runAsUser: 33
+ runAsUser: 33 # www-data
allowPrivilegeEscalation: false
capabilities:
drop:
From 3c0b6d682af5f4715634f9cfebfc8335adb76ceb Mon Sep 17 00:00:00 2001
From: Paul <paul@zom.bi>
Date: Tue, 12 Jan 2021 13:17:51 +0100
Subject: [PATCH 03/11] Ingress always requires a path
---
zombi/mediawiki/values.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/zombi/mediawiki/values.yaml b/zombi/mediawiki/values.yaml
index b693cc8..d3bc650 100644
--- a/zombi/mediawiki/values.yaml
+++ b/zombi/mediawiki/values.yaml
@@ -45,7 +45,7 @@ ingress:
# kubernetes.io/tls-acme: "true"
hosts:
- host: chart-example.local
- paths: []
+ paths: ['/']
tls: []
# - secretName: chart-example-tls
# hosts:
From bfc6a915d78f2cd84c0260a9b08699ee5246f926 Mon Sep 17 00:00:00 2001
From: Paul <paul@zom.bi>
Date: Tue, 12 Jan 2021 13:26:52 +0100
Subject: [PATCH 04/11] Make helm chart runnable Setup script checks
haveibeenpwned for weak passwords, and does not let us continue the setup
process.
---
zombi/mediawiki/templates/_helpers.tpl | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/zombi/mediawiki/templates/_helpers.tpl b/zombi/mediawiki/templates/_helpers.tpl
index a9c6dea..071b314 100644
--- a/zombi/mediawiki/templates/_helpers.tpl
+++ b/zombi/mediawiki/templates/_helpers.tpl
@@ -57,6 +57,15 @@ Common environment values
- name: WG_SERVER
value: {{ .Values.wiki.server | quote }}
+- name: MEDIAWIKI_ADMIN_USER
+ value: "admin"
+
+- name: MEDIAWIKI_ADMIN_PASS
+ value: "hardcodedexamplepasswordthatwillbereplacedlater" # FIXME
+
+- name: ALLOW_PUBLIC_EDIT
+ value: "true" # FIXME
+
#WG_SITENAME="Test Wiki"
#WG_SCRIPT_PATH=""
#WG_SERVER="https://wiki.example.com"
From b14cad0db25c017d6d01e38e0d577417aaa992a4 Mon Sep 17 00:00:00 2001
From: Paul <paul@zom.bi>
Date: Tue, 12 Jan 2021 19:08:05 +0100
Subject: [PATCH 05/11] Make database configurable
---
zombi/mediawiki/templates/_helpers.tpl | 35 ++++++++++++++++++++++++++
zombi/mediawiki/values.yaml | 10 ++++++++
2 files changed, 45 insertions(+)
diff --git a/zombi/mediawiki/templates/_helpers.tpl b/zombi/mediawiki/templates/_helpers.tpl
index 071b314..cedabc2 100644
--- a/zombi/mediawiki/templates/_helpers.tpl
+++ b/zombi/mediawiki/templates/_helpers.tpl
@@ -66,6 +66,41 @@ Common environment values
- name: ALLOW_PUBLIC_EDIT
value: "true" # FIXME
+- name: WG_SECRET_KEY
+ value: {{ .Values.wiki.secretKey }}
+
+- name: WG_DB_TYPE
+ value: {{ .Values.database.type }}
+
+- name: WG_DB_SERVER
+ value: {{ .Values.database.server }}
+
+- name: WG_DB_PORT
+ value: {{ .Values.database.port | quote }}
+
+- name: WG_DB_NAME
+ value: {{ .Values.database.name }}
+
+- name: WG_DB_USER
+ {{- if .Values.database.secretName }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.database.secretName }}
+ key: username
+ {{- else }}
+ value: {{ .Values.database.username }}
+ {{- end }}
+
+- name: WG_DB_PASSWORD
+ {{- if .Values.database.secretName }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.database.secretName }}
+ key: password
+ {{- else }}
+ value: {{ .Values.database.password }}
+ {{- end }}
+
#WG_SITENAME="Test Wiki"
#WG_SCRIPT_PATH=""
#WG_SERVER="https://wiki.example.com"
diff --git a/zombi/mediawiki/values.yaml b/zombi/mediawiki/values.yaml
index d3bc650..0e9211a 100644
--- a/zombi/mediawiki/values.yaml
+++ b/zombi/mediawiki/values.yaml
@@ -13,6 +13,16 @@ fullnameOverride: ""
wiki:
server: "https://wiki.example.org"
+ secretKey: "1166f2af9b8c1e1401f38a11d95628629bef0b75b90d09b296390041d19c3b2c"
+
+database:
+ type: postgres
+ server: postgres.example.org
+ port: 5432
+ name: mediawiki
+ username: mediawiki # unused if secretName is set
+ password: mediawiki # unused if secretName is set
+ #secretName: database-secret
persistence:
enabled: false
From 44f8aee7e290ab65d3f0e7f5c036f9a11c62e988 Mon Sep 17 00:00:00 2001
From: Paul <paul@zom.bi>
Date: Tue, 12 Jan 2021 20:54:31 +0100
Subject: [PATCH 06/11] Move Install phase into Job
---
zombi/mediawiki/templates/deployment.yaml | 12 ------
zombi/mediawiki/templates/job.yaml | 46 +++++++++++++++++++++++
zombi/mediawiki/values.yaml | 22 ++++++-----
3 files changed, 58 insertions(+), 22 deletions(-)
create mode 100644 zombi/mediawiki/templates/job.yaml
diff --git a/zombi/mediawiki/templates/deployment.yaml b/zombi/mediawiki/templates/deployment.yaml
index 0d4e7a2..4e0e427 100644
--- a/zombi/mediawiki/templates/deployment.yaml
+++ b/zombi/mediawiki/templates/deployment.yaml
@@ -24,18 +24,6 @@ spec:
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
- initContainers:
- - name: setup
- image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
- imagePullPolicy: {{ .Values.image.pullPolicy }}
- command: ['db-setup.sh']
- env:
- {{- include "mediawiki.env" . | nindent 12 }}
- volumeMounts:
- - name: data-volume
- mountPath: /var/www/data
- - name: localstore-volume
- mountPath: /var/www/localstore
containers:
- name: {{ .Chart.Name }}-web
securityContext:
diff --git a/zombi/mediawiki/templates/job.yaml b/zombi/mediawiki/templates/job.yaml
new file mode 100644
index 0000000..8b2370c
--- /dev/null
+++ b/zombi/mediawiki/templates/job.yaml
@@ -0,0 +1,46 @@
+{{- if and .Values.wiki.install (ne "sqlite" .Values.database.type) }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "mediawiki.fullname" . }}
+ labels:
+ {{- include "mediawiki.labels" . | nindent 4 }}
+spec:
+ template:
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: setup
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command: ['db-setup.sh']
+ env:
+ {{- include "mediawiki.env" . | nindent 12 }}
+ volumeMounts:
+ - name: data-volume
+ mountPath: /var/www/data
+ - name: localstore-volume
+ mountPath: /var/www/localstore
+ volumes:
+ - name: localstore-volume
+ emptyDir: {}
+ - name: data-volume
+ emptyDir: {}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+{{ end }}
diff --git a/zombi/mediawiki/values.yaml b/zombi/mediawiki/values.yaml
index 0e9211a..e1e6286 100644
--- a/zombi/mediawiki/values.yaml
+++ b/zombi/mediawiki/values.yaml
@@ -12,6 +12,8 @@ nameOverride: ""
fullnameOverride: ""
wiki:
+ # Install decides if a job should be started to install the database schema once.
+ install: false
server: "https://wiki.example.org"
secretKey: "1166f2af9b8c1e1401f38a11d95628629bef0b75b90d09b296390041d19c3b2c"
@@ -33,16 +35,16 @@ podAnnotations: {}
podSecurityContext:
fsGroup: 33 # www-data
-securityContext:
- runAsNonRoot: true
- runAsUser: 33 # www-data
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- add:
- - NET_BIND_SERVICE # For listening on port 80
- # readOnlyRootFilesystem: true
+securityContext: {}
+# runAsNonRoot: true
+# runAsUser: 33 # www-data
+# allowPrivilegeEscalation: false
+# capabilities:
+# drop:
+# - all
+# add:
+# - NET_BIND_SERVICE # For listening on port 80
+# # readOnlyRootFilesystem: true
service:
type: ClusterIP
From 550a71b599c13f036e2d19bfce88b48e38079e29 Mon Sep 17 00:00:00 2001
From: Paul <paul@zom.bi>
Date: Tue, 12 Jan 2021 21:01:35 +0100
Subject: [PATCH 07/11] Add missing Job policy
---
zombi/mediawiki/templates/job.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/zombi/mediawiki/templates/job.yaml b/zombi/mediawiki/templates/job.yaml
index 8b2370c..cfd4bc3 100644
--- a/zombi/mediawiki/templates/job.yaml
+++ b/zombi/mediawiki/templates/job.yaml
@@ -12,6 +12,7 @@ spec:
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
+ restartPolicy: OnFailure
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
From cf233cacadc0ed0cf0a01786993a69d1d059e2d7 Mon Sep 17 00:00:00 2001
From: Paul <paul@zom.bi>
Date: Wed, 13 Jan 2021 07:38:54 +0100
Subject: [PATCH 08/11] Add persistence
---
zombi/mediawiki/templates/deployment.yaml | 2 +-
zombi/mediawiki/templates/job.yaml | 2 +-
zombi/mediawiki/templates/pvc.yaml | 22 ++++++++++++++++++++++
zombi/mediawiki/values.yaml | 7 +++++++
4 files changed, 31 insertions(+), 2 deletions(-)
create mode 100644 zombi/mediawiki/templates/pvc.yaml
diff --git a/zombi/mediawiki/templates/deployment.yaml b/zombi/mediawiki/templates/deployment.yaml
index 4e0e427..76b7615 100644
--- a/zombi/mediawiki/templates/deployment.yaml
+++ b/zombi/mediawiki/templates/deployment.yaml
@@ -76,7 +76,7 @@ spec:
- name: localstore-volume
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
- claimName: {{ .Values.persistence.existingClaim | default (include "mediawiki.fullname" .) }}
+ claimName: {{ default (include "mediawiki.fullname" .) .Values.persistence.existingClaim }}
{{- else }}
emptyDir: {}
{{- end }}
diff --git a/zombi/mediawiki/templates/job.yaml b/zombi/mediawiki/templates/job.yaml
index cfd4bc3..de3c539 100644
--- a/zombi/mediawiki/templates/job.yaml
+++ b/zombi/mediawiki/templates/job.yaml
@@ -2,7 +2,7 @@
apiVersion: batch/v1
kind: Job
metadata:
- name: {{ include "mediawiki.fullname" . }}
+ name: {{ include "mediawiki.fullname" . }}-setup
labels:
{{- include "mediawiki.labels" . | nindent 4 }}
spec:
diff --git a/zombi/mediawiki/templates/pvc.yaml b/zombi/mediawiki/templates/pvc.yaml
new file mode 100644
index 0000000..33a66ee
--- /dev/null
+++ b/zombi/mediawiki/templates/pvc.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ include "mediawiki.fullname" . }}
+ labels:
+ {{- include "mediawiki.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": "pre-install"
+ {{- if .Values.persistence.annotations }}
+ {{ toYaml .Values.persistence.annotations | indent 4 }}
+ {{- end }}
+spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClass }}
+ storageClassName: {{ .Values.persistence.storageClass | quote }}
+{{- end }}
+{{- end }}
diff --git a/zombi/mediawiki/values.yaml b/zombi/mediawiki/values.yaml
index e1e6286..37e62f7 100644
--- a/zombi/mediawiki/values.yaml
+++ b/zombi/mediawiki/values.yaml
@@ -17,6 +17,13 @@ wiki:
server: "https://wiki.example.org"
secretKey: "1166f2af9b8c1e1401f38a11d95628629bef0b75b90d09b296390041d19c3b2c"
+persistence:
+ enabled: false
+ accessMode: ReadWriteOnce
+ size: 5Gi
+ storageClass: ""
+ annotations: {}
+
database:
type: postgres
server: postgres.example.org
From f8e5b968866e425a18a1ad2733be2b64e8046696 Mon Sep 17 00:00:00 2001
From: Paul <paul@zom.bi>
Date: Wed, 13 Jan 2021 07:47:31 +0100
Subject: [PATCH 09/11] Mount volume in job too
---
zombi/mediawiki/templates/job.yaml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/zombi/mediawiki/templates/job.yaml b/zombi/mediawiki/templates/job.yaml
index de3c539..408fdc7 100644
--- a/zombi/mediawiki/templates/job.yaml
+++ b/zombi/mediawiki/templates/job.yaml
@@ -29,7 +29,12 @@ spec:
mountPath: /var/www/localstore
volumes:
- name: localstore-volume
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ default (include "mediawiki.fullname" .) .Values.persistence.existingClaim }}
+ {{- else }}
emptyDir: {}
+ {{- end }}
- name: data-volume
emptyDir: {}
{{- with .Values.nodeSelector }}
From cb83fa9c30396aee09b3b350d3a4c83376a42235 Mon Sep 17 00:00:00 2001
From: Paul <paul@zom.bi>
Date: Wed, 13 Jan 2021 10:24:02 +0100
Subject: [PATCH 10/11] Fix duplicate values section
---
zombi/mediawiki/values.yaml | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
diff --git a/zombi/mediawiki/values.yaml b/zombi/mediawiki/values.yaml
index 37e62f7..1101350 100644
--- a/zombi/mediawiki/values.yaml
+++ b/zombi/mediawiki/values.yaml
@@ -19,6 +19,7 @@ wiki:
persistence:
enabled: false
+ #existingClaim: ""
accessMode: ReadWriteOnce
size: 5Gi
storageClass: ""
@@ -33,10 +34,6 @@ database:
password: mediawiki # unused if secretName is set
#secretName: database-secret
-persistence:
- enabled: false
- #existingClaim: pvc-name-mediawiki
-
podAnnotations: {}
podSecurityContext:
From 2892c7afeac459b5f1cb234c9886f38fab8c7984 Mon Sep 17 00:00:00 2001
From: Paul <paul@zom.bi>
Date: Wed, 13 Jan 2021 10:25:59 +0100
Subject: [PATCH 11/11] Remove blocking helm annotation
---
zombi/mediawiki/templates/pvc.yaml | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/zombi/mediawiki/templates/pvc.yaml b/zombi/mediawiki/templates/pvc.yaml
index 33a66ee..5b78c8a 100644
--- a/zombi/mediawiki/templates/pvc.yaml
+++ b/zombi/mediawiki/templates/pvc.yaml
@@ -5,11 +5,10 @@ metadata:
name: {{ include "mediawiki.fullname" . }}
labels:
{{- include "mediawiki.labels" . | nindent 4 }}
+ {{- if .Values.persistence.annotations }}
annotations:
- "helm.sh/hook": "pre-install"
- {{- if .Values.persistence.annotations }}
{{ toYaml .Values.persistence.annotations | indent 4 }}
- {{- end }}
+ {{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}