search

nemonik / taiga-helm

A helm chart for Taiga
BSD 3-Clause "New" or "Revised" License
18 stars 20 forks source link

initial checkin of extra volumes, volumeMounts, environment variables… #6

Open lknite opened 2 years ago

lknite commented 2 years ago

These changes work for me to setup a mount with an onprem ca certificate chain in a configmap and then import that using a postStart command. The ability to set an environment variable on the front and back stateful sets was also necessary to setup the environment variables needed by the https://github.com/robrotheram/taiga-contrib-openid-auth extension/plugin.

Notes:

  1. The code was copy/pasted from nextcloud (and had the nindent values adjusted) and uses its naming method of 'extraVolumes', 'extraVolumeMounts', and 'extraEnv', however with the way you have things separated out I could have just used 'volumes', 'volumeMounts', and 'env' underneath taigaBack and taigaFront, let me know if you would prefer this.
  2. Something is up with the publicRegisterEnabled variable in the taigaBack stateful set. When I set this at the top level it does not work for the back statefulset. I had to hardcode it using a capital T as seen below.
  3. I had to add PUBLIC_REGISTER_ENABLED as a variable in the front statefulset, I can see it is in the template but it doesn't get added unless I specify it.

My values.yaml file:

env:
  publicRegisterEnabled: "true"

taigaFront:
  image:
    repository: robrotheram/taiga-front-openid
    pullPolicy: IfNotPresent
    #pullPolicy: Always
    tag: 6.4.2
    #tag: latest
  extraEnv:
  - name: ENABLE_OPENID
    value: "true"
  - name: PUBLIC_REGISTER_ENABLED
    value: "true"
  - name: OPENID_URL
    value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/auth"
  - name: OPENID_CLIENT_ID
    value: "taiga.k-dev.harmony.net"
  - name: OPENID_NAME
    value: "keycloak"
  - name: OPENID_SCOPE
    value: "openid email"

taigaBack:
  image:
    repository: robrotheram/taiga-back-openid
    pullPolicy: IfNotPresent
    #pullPolicy: Always
    tag: 6.4.2
    #tag: latest
  extraEnv:
  - name: ENABLE_OPENID
    value: "True"
  #- name: PUBLIC_REGISTER_ENABLED
  #  value: "True"
  - name: OPENID_USER_URL
    value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/userinfo"
  - name: OPENID_TOKEN_URL
    value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/token"
  - name: OPENID_CLIENT_ID
    value: "taiga.k-dev.harmony.net"
  - name: OPENID_CLIENT_SECRET
    value: "<hidden>"
  - name: OPENID_SCOPE
    value: "openid email"
  extraVolumeMounts:
  - mountPath: /tmp/ca
    name: certs
  extraVolumes:
  - name: certs
    configMap:
      name: ca-certs
      items:
      - key: "ca.crt"
        path: "ca.crt"
  lifecycle:
    postStartCommand:
    - /bin/sh
    - -c
    - "cat /tmp/ca/ca.crt >> /opt/venv/lib/python3.7/site-packages/certifi/cacert.pem"

taigaAsync:
  image:
    tag: 6.4.2
#taigaFront:
#  image:
#    tag: 6.4.2
#taigaBack:
#  image:
#    tag: 6.4.2
taigaProtected:
  image:
    tag: 6.4.0
  name: taiga

env: 
  taigaURL: "https://taiga.k-dev.harmony.net"
  postgresHost: "taiga-db"

persistence:
  media:
    ## Volume used to store the Taiga Gateway's data. Default is boolean `false`.
    ##
    enabled: true
    size: '100Mi'
    ## Sets persistent volume claim's storageClassName. Defaults to `default`.
    ##
    storageClassName: longhorn-slow
    accessMode: 'ReadWriteMany'
  static:
    ## Volume used to store the Taiga Gateway's data. Default is boolean `false`.
    ##
    enabled: true
    size: '100Mi'
    ## Sets persistent volume claim's storageClassName. Defaults to `default`.
    ##
    storageClassName: longhorn-slow
    accessMode: 'ReadWriteMany'
lknite commented 2 years ago

I had two env sections, when merged my env sections publicRegisterEnabled began to work as expected. Still I added a check for true and used True with a capital T as this seems to be required in taigaBack. Also added a comment in the values file that extra env variables can also be added to front.

Updated values.yaml:

taigaFront:
  image:
    repository: robrotheram/taiga-front-openid
    pullPolicy: IfNotPresent
    #pullPolicy: Always
    tag: 6.4.2
    #tag: latest
  extraEnv:
  - name: ENABLE_OPENID
    value: "true"
  #- name: PUBLIC_REGISTER_ENABLED
  #  value: "true"
  - name: OPENID_URL
    value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/auth"
  - name: OPENID_CLIENT_ID
    value: "taiga.k-dev.harmony.net"
  - name: OPENID_NAME
    value: "keycloak"
  - name: OPENID_SCOPE
    value: "openid email"

taigaBack:
  image:
    repository: robrotheram/taiga-back-openid
    pullPolicy: IfNotPresent
    #pullPolicy: Always
    tag: 6.4.2
    #tag: latest
  extraEnv:
  - name: ENABLE_OPENID
    value: "True"
  #- name: PUBLIC_REGISTER_ENABLED
  #  value: "True"
  - name: OPENID_USER_URL
    value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/userinfo"
  - name: OPENID_TOKEN_URL
    value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/token"
  - name: OPENID_CLIENT_ID
    value: "taiga.k-dev.harmony.net"
  - name: OPENID_CLIENT_SECRET
    value: "<hidden>"
  - name: OPENID_SCOPE
    value: "openid email"
  extraVolumeMounts:
  - mountPath: /tmp/ca
    name: certs
  extraVolumes:
  - name: certs
    configMap:
      name: ca-certs
      items:
      - key: "ca.crt"
        path: "ca.crt"
  lifecycle:
    postStartCommand:
    - /bin/sh
    - -c
    - "cat /tmp/ca/ca.crt >> /opt/venv/lib/python3.7/site-packages/certifi/cacert.pem"

taigaAsync:
  image:
    tag: 6.4.2
#taigaFront:
#  image:
#    tag: 6.4.2
#taigaBack:
#  image:
#    tag: 6.4.2
taigaProtected:
  image:
    tag: 6.4.0
  name: taiga

env: 
  taigaURL: "https://taiga.k-dev.harmony.net"
  postgresHost: "taiga-db"
  publicRegisterEnabled: "true"

persistence:
  media:
    ## Volume used to store the Taiga Gateway's data. Default is boolean `false`.
    ##
    enabled: true
    size: '100Mi'
    ## Sets persistent volume claim's storageClassName. Defaults to `default`.
    ##
    storageClassName: longhorn-slow
    accessMode: 'ReadWriteMany'
  static:
    ## Volume used to store the Taiga Gateway's data. Default is boolean `false`.
    ##
    enabled: true
    size: '100Mi'
    ## Sets persistent volume claim's storageClassName. Defaults to `default`.
    ##
    storageClassName: longhorn-slow
    accessMode: 'ReadWriteMany'
lknite commented 2 years ago

Noticed another project, the bitnami helm chart to install argo-cd also uses these fields, so they might be something fairly standard at this point. Here's a comment of someone doing something similar: https://github.com/argoproj/argo-cd/issues/4344#issuecomment-890382825