Changes for page XWiki (Helm)
Last modified by Itzhak Daniel on 2024/04/29 16:35
From version 11.1
edited by Itzhak Daniel
on 2024/04/29 00:08
on 2024/04/29 00:08
Change comment:
There is no comment for this version
To version 20.1
edited by Itzhak Daniel
on 2024/04/29 01:50
on 2024/04/29 01:50
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
-
Attachments (1 modified, 2 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -12,7 +12,7 @@ 12 12 13 13 == Background == 14 14 15 -[[Behemoth LTD>>https://www.behemoth.co.il/]] was in a search for a 'knowledge base' software, a central place to collect and collaborate on documents which hold information, instructions, guide, etc. The requirement was simple, it required to beabletorun on Kubernetes without too much customization, building, testing and other complex CI/CD prerequisite.15 +[[Behemoth LTD>>https://www.behemoth.co.il/]] was in a search for a 'knowledge base' software, a central place to collect and collaborate on documents which hold information, instructions, guides, etc. The requirement was simple, can run on Kubernetes without too much customization, building, testing and other complex CI/CD prerequisite. 16 16 17 17 Things may change in the future, as Kubernetes becomes the de-facto way to run Apps, so do some homework before continuing, [[Awesome Selfhosted>>https://github.com/awesome-selfhosted/awesome-selfhosted#wikis]]. 18 18 ... ... @@ -41,7 +41,7 @@ 41 41 42 42 At the beginning we tried to avoid making any custom changes to the images in question (XWiki and Bitnami's MySQL). But XWiki running as root, didn't fly. So we had to create a custom image with minor changes to enable it to run as a unprivileged uid/gid: 30001. 43 43 44 -=== Build ingand Publish ===44 +=== Build and Publish === 45 45 46 46 You will need to perform the following actions: 47 47 ... ... @@ -49,7 +49,7 @@ 49 49 git clone --depth 1 --branch master https://github.com/xwiki/xwiki-docker.git 50 50 {{/code}} 51 51 52 -Once you have the repo locally, modify the //Dockerfile// as shown below: 52 +Once you have the repo locally, modify the [[//Dockerfile//>>attach:Dockerfile]] as shown below: 53 53 54 54 {{code language="git" title="# Diff"}} 55 55 @@ -89,6 +89,11 @@ COPY xwiki/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh ... ... @@ -71,15 +71,15 @@ 71 71 72 72 {{code language="sh" layout="LINENUMBERS" title="# Docker"}} 73 73 cd ./16/mysql-tomcat/ 74 -docker build -t behemothil/xwiki-mysql-tomcat-nonroot:16.2.0- 2.74 +docker build -t behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-3 . 75 75 docker login 76 -docker push behemothil/xwiki-mysql-tomcat-nonroot:16.2.0- 276 +docker push behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-3 77 77 {{/code}} 78 78 79 79 {{code language="sh" layout="LINENUMBERS" title="# Podman"}} 80 80 cd ./16/mysql-tomcat/ 81 -buildah build -f Dockerfile -t behemothil/xwiki-mysql-tomcat-nonroot:16.2.0- 282 - dockerpush --creds=[Username:[Password]] behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-281 +buildah build -f Dockerfile -t behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-3 82 +podman push --creds=[Username:[Password]] behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-3 83 83 {{/code}} 84 84 85 85 === Deploy === ... ... @@ -86,7 +86,7 @@ 86 86 87 87 We're going to deploy XWiki as a [[statefulset>>https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/]] using [[Helm>>https://helm.sh/]], the Database (MySQL) and the App, each will have a volume to store their information. As I mentioned, in our case, we need to perform several additional steps. 88 88 89 -After the path/loop devices were created, create the PVs: 89 +After the path/loop devices were created, create the [[PVs>>attach:pv_storage.yaml]] (only if your cluster doesn't know how to provision storage for itself): 90 90 91 91 {{code language="sh" layout="LINENUMBERS" title="# kubectl stdin"}} 92 92 kubectl create -f - <<EOF ... ... @@ -144,10 +144,70 @@ 144 144 145 145 This will create 2 PVs that we'll use later. Notice //nodeAffinity//, linking the deployment to a specific node (the pods can run only at that location, as the PV is defined only there). 146 146 147 - DownloadtheCharts andValues file:147 +Now we can install XWiki's charts (repo) and download it's //values.yaml// file: 148 148 149 +{{code language="sh" layout="LINENUMBERS" title="# Charts and Values"}} 150 +helm repo add xwiki-helm https://xwiki-contrib.github.io/xwiki-helm 151 +helm repo update xwiki-helm 149 149 150 - 153 +curl -LO https://raw.githubusercontent.com/xwiki-contrib/xwiki-helm/master/charts/xwiki/values.yaml 154 +{{/code}} 155 + 156 +Modify the values.yaml file, our example has: 157 + 158 +* Using custom image (so it won't run as //root//). 159 +* Increased memory/core usage allowance. 160 +* Running as UID/GID 30001. 161 +* Dropping all capabilities. 162 +* Using MySQL. 163 +* Enabling persistence. 164 +* Ingress (Nginx). 165 +* TLS (Cert manager) 166 + 167 +You can download our example from the attachment area. 168 + 169 +Once you have your custom [[//values.yaml//>>attach:values.yaml]] file, deploy the app with Helm: 170 + 171 +{{code language="sh" layout="LINENUMBERS" title="# Helm install"}} 172 +helm install --namespace behemoth-wiki --create-namespace \ 173 + --values values.yaml \ 174 + behemoth-xwiki xwiki-helm/xwiki 175 +{{/code}} 176 + 177 +=== Upgrade === 178 + 179 +To upgrade XWiki, you should read the content in [[XWiki official Helm pages regarding upgrades>>https://extensions.xwiki.org/xwiki/bin/view/Extension/XWikiHelm/#HUpgrading]]. 180 + 181 +Theoretically, if there aren't any breaking changes or prerequisites, you can run: 182 + 183 +{{code language="sh" layout="LINENUMBERS" title="# Helm upgrade"}} 184 +helm upgrade --namespace behemoth-wiki \ 185 + --values values.yaml \ 186 + behemoth-xwiki xwiki-helm/xwiki 187 + 188 +{{/code}} 189 + 190 +=== Uninstall === 191 + 192 +To fully remove XWiki, use the following commands: 193 + 194 +{{code language="sh" layout="LINENUMBERS" title="# Uninstalling"}} 195 +helm uninstall --namespace behemoth-wiki behemoth-xwiki 196 +kubectl -n behemoth-wiki delete pvc/data-behemoth-xwiki-mysql-0 197 +kubectl -n behemoth-wiki delete pvc/xwiki-data-behemoth-xwiki-0 198 +kubectl delete -f pv_storage.yaml 199 +kubectl delete namespace behemoth-wiki 200 +{{/code}} 201 + 202 +This will uninstall the chart, delete the PVCs, delete the PVs and lastly, delete the namespace. 203 + 204 +== Links == 205 + 206 +1. [[XWiki - Extensions - Helm>>https://extensions.xwiki.org/xwiki/bin/view/Extension/XWikiHelm/]] 207 +1. [[Github - XWiki Contrib - Helm Charts>>https://github.com/xwiki-contrib/xwiki-helm]] 208 +1. [[Github - XWiki - Docker>>https://github.com/xwiki/xwiki-docker/]] 209 +1. [[Docker Hub - XWiki - Official>>https://hub.docker.com/_/xwiki]] 210 +1. [[Docker Hub - Behemoth LTD - Custom XWiki Non-root Image>>https://hub.docker.com/r/behemothil/xwiki-mysql-tomcat-nonroot]] 151 151 ))) 152 152 153 153 (% class="col-xs-12 col-sm-4" %)
- Dockerfile
-
- Size
-
... ... @@ -1,1 +1,1 @@ 1 -67 301 +6722 - Content
-
... ... @@ -91,7 +91,7 @@ 91 91 92 92 # Added by Behemoth LTD - Apr 28th, 2024 93 93 # Fixing permissions error when using non-root user/group (30001:30001) to start the app 94 -RUN chown -R 30001:30001 /usr/local/tomcat /webapps94 +RUN chown -R 30001:30001 /usr/local/tomcat 95 95 USER 30001:30001 96 96 97 97 # At this point the image is done and what remains below are the runtime configuration used by the user to configure
- pv_storage.yaml
-
- Author
-
... ... @@ -1,0 +1,1 @@ 1 +XWiki.itzhak - Size
-
... ... @@ -1,0 +1,1 @@ 1 +999 bytes - Content
-
... ... @@ -1,0 +1,50 @@ 1 +--- 2 +kind: PersistentVolume 3 +apiVersion: v1 4 +metadata: 5 + name: behemoth-xwiki-db 6 + namespace: behemoth-wiki 7 + labels: 8 + type: behemoth-xwiki-db 9 +spec: 10 + storageClassName: behemoth-xwiki-db 11 + capacity: 12 + storage: 5Gi 13 + accessModes: 14 + - ReadWriteOnce 15 + hostPath: 16 + path: "/mnt/kubenernetes/behemoth-xwiki/db" 17 + nodeAffinity: 18 + required: 19 + nodeSelectorTerms: 20 + - matchExpressions: 21 + - key: kubernetes.io/hostname 22 + operator: In 23 + values: 24 + - k8s-2 25 + 26 +--- 27 +kind: PersistentVolume 28 +apiVersion: v1 29 +metadata: 30 + name: behemoth-xwiki-www 31 + namespace: behemoth-wiki 32 + labels: 33 + type: behemoth-xwiki-www 34 +spec: 35 + storageClassName: behemoth-xwiki-www 36 + capacity: 37 + storage: 5Gi 38 + accessModes: 39 + - ReadWriteOnce 40 + hostPath: 41 + path: "/mnt/kubenernetes/behemoth-xwiki/www" 42 + nodeAffinity: 43 + required: 44 + nodeSelectorTerms: 45 + - matchExpressions: 46 + - key: kubernetes.io/hostname 47 + operator: In 48 + values: 49 + - k8s-2 50 +
- values.yaml
-
- Author
-
... ... @@ -1,0 +1,1 @@ 1 +XWiki.itzhak - Size
-
... ... @@ -1,0 +1,1 @@ 1 +4.1 KB - Content
-
... ... @@ -1,0 +1,201 @@ 1 +cluster: 2 + enabled: false 3 + 4 +image: 5 + name: xwiki 6 + pullPolicy: IfNotPresent 7 + name: "behemothil/xwiki-mysql-tomcat-nonroot" 8 + tag: "16.2.0-1" 9 +service: 10 + portName: node 11 + name: http 12 + type: ClusterIP 13 + externalPort: 80 14 + internalPort: 8080 15 + externalIPs: [] 16 + sessionAffinity: ClientIP 17 +resources: 18 + limits: 19 + cpu: 4500m 20 + memory: 6144Mi 21 + requests: 22 + cpu: 1000m 23 + memory: 1024Mi 24 + 25 +javaOpts: 26 + - -Xms1024m 27 + - -Xmx6000m 28 + 29 +workloadStateful: true 30 + 31 +securityContext: 32 + enabled: true 33 + runAsUser: 30001 34 + runAsGroup: 30001 35 + fsGroup: 30001 36 + 37 +containerSecurityContext: 38 + enabled: true 39 + runAsUser: 30001 40 + runAsGroup: 30001 41 + runAsNonRoot: true 42 + allowPrivilegeEscalation: false 43 + capabilities: 44 + drop: ["ALL"] 45 + seccompProfile: 46 + type: "RuntimeDefault" 47 + 48 +volumePermissions: 49 + containerSecurityContext: 50 + enabled: false 51 + runAsUser: 30001 52 + runAsGroup: 30001 53 + seccompProfile: 54 + type: "RuntimeDefault" 55 + enabled: true 56 + 57 +mysql: 58 + enabled: true 59 + image: 60 + tag: "8.0-debian-12" 61 + pullPolicy: "IfNotPresent" 62 + auth: 63 + rootPassword: "ROOT_PASSWORD_CHANGEME !!!" 64 + username: "USERNAME_CHANGEME !!!" 65 + password: "USER_PASSWORD_CHANGEME !!!" 66 + database: "DB_NAME_CHANGEME !!!" 67 + initdbScripts: 68 + 00-init.sql: | 69 + grant all privileges on *.* to xwiki@'%' 70 + primary: 71 + configuration: |- 72 + [mysqld] 73 + default_authentication_plugin=mysql_native_password 74 + skip-name-resolve 75 + explicit_defaults_for_timestamp 76 + basedir=/opt/bitnami/mysql 77 + plugin_dir=/opt/bitnami/mysql/lib/plugin 78 + port=3306 79 + socket=/opt/bitnami/mysql/tmp/mysql.sock 80 + datadir=/bitnami/mysql/data 81 + tmpdir=/opt/bitnami/mysql/tmp 82 + max_allowed_packet=16M 83 + bind-address=* 84 + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid 85 + log-error=/opt/bitnami/mysql/logs/mysqld.log 86 + character-set-server=UTF8MB4 87 + collation-server=utf8mb4_0900_ai_ci 88 + slow_query_log=0 89 + slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log 90 + long_query_time=10.0 91 + 92 + [client] 93 + port=3306 94 + socket=/opt/bitnami/mysql/tmp/mysql.sock 95 + default-character-set=UTF8MB4 96 + plugin_dir=/opt/bitnami/mysql/lib/plugin 97 + 98 + [manager] 99 + port=3306 100 + socket=/opt/bitnami/mysql/tmp/mysql.sock 101 + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid 102 + persistence: 103 + enabled: true 104 + storageClass: "behemoth-xwiki-db" 105 + accessModes: 106 + - ReadWriteOnce 107 + size: "5Gi" 108 + containerSecurityContext: 109 + enabled: true 110 + seLinuxOptions: {} 111 + runAsUser: 30001 112 + runAsGroup: 0 113 + fsGroup: 30001 114 + runAsNonRoot: false 115 + allowPrivilegeEscalation: false 116 + capabilities: 117 + drop: ["ALL"] 118 + seccompProfile: 119 + type: "RuntimeDefault" 120 + 121 +ingress: 122 + enabled: true 123 + className: nginx 124 + annotations: 125 + kubernetes.io/ingress.class: nginx 126 + cert-manager.io/cluster-issuer: letsencrypt-prod 127 + hosts: 128 + - host: wiki.behemoth.co.il 129 + paths: 130 + - path: / 131 + pathType: ImplementationSpecific 132 + tls: 133 + - secretName: wiki-behemoth-tls 134 + hosts: 135 + - wiki.behemoth.co.il 136 + 137 +persistence: 138 + enabled: true 139 + storageClass: "behemoth-xwiki-www" 140 + accessModes: 141 + - ReadWriteOnce 142 + size: "5Gi" 143 + 144 +probes: 145 + startup: 146 + enabled: true 147 + httpGet: 148 + enabled: false 149 + path: / 150 + initialDelaySeconds: 120 151 + timeoutSeconds: 60 152 + periodSeconds: 30 153 + failureThreshold: 5 154 + successThreshold: 1 155 + liveness: 156 + enabled: true 157 + httpGet: 158 + enabled: true 159 + path: /rest 160 + initialDelaySeconds: 30 161 + timeoutSeconds: 3 162 + periodSeconds: 30 163 + failureThreshold: 10 164 + successThreshold: 1 165 + readiness: 166 + enabled: true 167 + httpGet: 168 + enabled: true 169 + path: /rest/wikis/xwiki/spaces 170 + initialDelaySeconds: 30 171 + timeoutSeconds: 3 172 + periodSeconds: 30 173 + failureThreshold: 10 174 + successThreshold: 1 175 + 176 +prometheus: 177 + javaagent: 178 + # https://github.com/prometheus/jmx_exporter 179 + # Enable to download and use this agent 180 + enabled: true 181 + 182 +podDisruptionBudget: 183 + enabled: false 184 + 185 +solr: 186 + enabled: false 187 +istio: 188 + enabled: false 189 + 190 +glowroot: 191 + enabled: false 192 + 193 +logback: 194 + enabled: false 195 + 196 +autoscaling: 197 + enabled: false 198 + 199 +infinispan: 200 + enabled: false 201 +