Changes for page XWiki (Helm)

Last modified by Itzhak Daniel on 2024/04/29 16:35

From version 12.1
edited by Itzhak Daniel
on 2024/04/29 00:08
Change comment: Uploaded new attachment "pv_storage.yaml", version 1.1
To version 22.1
edited by Itzhak Daniel
on 2024/04/29 16:35
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -12,7 +12,7 @@
12 12  
13 13  == Background ==
14 14  
15 -[[Behemoth LTD>>https://www.behemoth.co.il/]] was in a search for a 'knowledge base' software, a central place to collect and collaborate on documents which hold information, instructions, guide, etc. The requirement was simple, it required to be able to run on Kubernetes without too much customization, building, testing and other complex CI/CD prerequisite.
15 +[[Behemoth LTD>>https://www.behemoth.co.il/]] was in a search for a 'knowledge base' software, a central place to collect and collaborate on documents which hold information, instructions, guides, etc. The requirement was simple, can run on Kubernetes without too much customization, building, testing and other complex CI/CD prerequisite.
16 16  
17 17  Things may change in the future, as Kubernetes becomes the de-facto way to run Apps, so do some homework before continuing, [[Awesome Selfhosted>>https://github.com/awesome-selfhosted/awesome-selfhosted#wikis]].
18 18  
... ... @@ -41,7 +41,7 @@
41 41  
42 42  At the beginning we tried to avoid making any custom changes to the images in question (XWiki and Bitnami's MySQL). But XWiki running as root, didn't fly. So we had to create a custom image with minor changes to enable it to run as a unprivileged uid/gid: 30001.
43 43  
44 -=== Building and Publish ===
44 +=== Build and Publish ===
45 45  
46 46  You will need to perform the following actions:
47 47  
... ... @@ -49,7 +49,7 @@
49 49  git clone --depth 1 --branch master https://github.com/xwiki/xwiki-docker.git
50 50  {{/code}}
51 51  
52 -Once you have the repo locally, modify the //Dockerfile// as shown below:
52 +Once you have the repo locally, modify the [[//Dockerfile//>>attach:Dockerfile]] as shown below:
53 53  
54 54  {{code language="git" title="# Diff"}}
55 55  @@ -89,6 +89,11 @@ COPY xwiki/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
... ... @@ -71,15 +71,15 @@
71 71  
72 72  {{code language="sh" layout="LINENUMBERS" title="# Docker"}}
73 73  cd ./16/mysql-tomcat/
74 -docker build -t behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-2 .
74 +docker build -t behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-3 .
75 75  docker login
76 -docker push behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-2
76 +docker push behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-3
77 77  {{/code}}
78 78  
79 79  {{code language="sh" layout="LINENUMBERS" title="# Podman"}}
80 80  cd ./16/mysql-tomcat/
81 -buildah build -f Dockerfile -t behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-2
82 -docker push --creds=[Username:[Password]] behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-2
81 +buildah build -f Dockerfile -t behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-3
82 +podman push --creds=[Username:[Password]] behemothil/xwiki-mysql-tomcat-nonroot:16.2.0-3
83 83  {{/code}}
84 84  
85 85  === Deploy ===
... ... @@ -86,7 +86,7 @@
86 86  
87 87  We're going to deploy XWiki as a [[statefulset>>https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/]] using [[Helm>>https://helm.sh/]], the Database (MySQL) and the App, each will have a volume to store their information. As I mentioned, in our case, we need to perform several additional steps.
88 88  
89 -After the path/loop devices were created, create the PVs:
89 +After the path/loop devices were created, create the [[PVs>>attach:pv_storage.yaml]] (only if your cluster doesn't know how to provision storage for itself):
90 90  
91 91  {{code language="sh" layout="LINENUMBERS" title="# kubectl stdin"}}
92 92  kubectl create -f - <<EOF
... ... @@ -144,10 +144,70 @@
144 144  
145 145  This will create 2 PVs that we'll use later. Notice //nodeAffinity//, linking the deployment to a specific node (the pods can run only at that location, as the PV is defined only there).
146 146  
147 -Download the Charts and Values file:
147 +Now we can install XWiki's charts (repo) and download it's //values.yaml// file:
148 148  
149 +{{code language="sh" layout="LINENUMBERS" title="# Charts and Values"}}
150 +helm repo add xwiki-helm https://xwiki-contrib.github.io/xwiki-helm
151 +helm repo update xwiki-helm
149 149  
150 -
153 +curl -LO https://raw.githubusercontent.com/xwiki-contrib/xwiki-helm/master/charts/xwiki/values.yaml
154 +{{/code}}
155 +
156 +Modify the values.yaml file, our example has:
157 +
158 +* Using custom image (so it won't run as //root//).
159 +* Increased memory/core usage allowance.
160 +* Running as UID/GID 30001.
161 +* Dropping all capabilities.
162 +* Using MySQL.
163 +* Enabling persistence.
164 +* Ingress (Nginx).
165 +* TLS (Cert manager)
166 +
167 +You can download our example from the attachment area.
168 +
169 +Once you have your custom [[//values.yaml//>>attach:values.yaml]] file, deploy the app with Helm:
170 +
171 +{{code language="sh" layout="LINENUMBERS" title="# Helm install"}}
172 +helm install --namespace behemoth-wiki --create-namespace \
173 + --values values.yaml \
174 + behemoth-xwiki xwiki-helm/xwiki
175 +{{/code}}
176 +
177 +=== Upgrade ===
178 +
179 +To upgrade XWiki, you should read the content in [[XWiki official Helm pages regarding upgrades>>https://extensions.xwiki.org/xwiki/bin/view/Extension/XWikiHelm/#HUpgrading]].
180 +
181 +Theoretically, if there aren't any breaking changes or prerequisites, you can run:
182 +
183 +{{code language="sh" layout="LINENUMBERS" title="# Helm upgrade"}}
184 +helm repo update xwiki-helm
185 +helm upgrade --namespace behemoth-wiki \
186 + --values values.yaml \
187 + behemoth-xwiki xwiki-helm/xwiki
188 +{{/code}}
189 +
190 +=== Uninstall ===
191 +
192 +To fully remove XWiki from your cluster, use the following commands:
193 +
194 +{{code language="sh" layout="LINENUMBERS" title="# Uninstalling"}}
195 +helm uninstall --namespace behemoth-wiki behemoth-xwiki
196 +kubectl -n behemoth-wiki delete pvc/data-behemoth-xwiki-mysql-0
197 +kubectl -n behemoth-wiki delete pvc/xwiki-data-behemoth-xwiki-0
198 +kubectl delete -f pv_storage.yaml
199 +kubectl delete namespace behemoth-wiki
200 +{{/code}}
201 +
202 +This will uninstall the chart, delete the PVCs, delete the PVs and lastly, delete the namespace.
203 +
204 +== Links ==
205 +
206 +1. [[XWiki - Extensions - Helm>>https://extensions.xwiki.org/xwiki/bin/view/Extension/XWikiHelm/]]
207 +1. [[Github - XWiki Contrib - Helm Charts>>https://github.com/xwiki-contrib/xwiki-helm]]
208 +1. [[Github - XWiki - Docker>>https://github.com/xwiki/xwiki-docker/]]
209 +1. [[Docker Hub - XWiki - Official>>https://hub.docker.com/_/xwiki]]
210 +1. [[Docker Hub - Behemoth LTD - Custom XWiki Non-root Image>>https://hub.docker.com/r/behemothil/xwiki-mysql-tomcat-nonroot]]
151 151  )))
152 152  
153 153  (% class="col-xs-12 col-sm-4" %)
Dockerfile
Size
... ... @@ -1,1 +1,1 @@
1 -6730
1 +6722
Content
... ... @@ -91,7 +91,7 @@
91 91  
92 92  # Added by Behemoth LTD - Apr 28th, 2024
93 93  # Fixing permissions error when using non-root user/group (30001:30001) to start the app
94 -RUN chown -R 30001:30001 /usr/local/tomcat/webapps
94 +RUN chown -R 30001:30001 /usr/local/tomcat
95 95  USER 30001:30001
96 96  
97 97  # At this point the image is done and what remains below are the runtime configuration used by the user to configure
values.yaml
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.itzhak
Size
... ... @@ -1,0 +1,1 @@
1 +5.5 KB
Content
... ... @@ -1,0 +1,242 @@
1 +# Default values for node.
2 +# This is a YAML-formatted file.
3 +# Declare variables to be passed into your templates.
4 +cluster:
5 + enabled: false
6 +
7 +image:
8 + name: xwiki
9 + pullPolicy: IfNotPresent
10 +## Image Tag useful when externalDB is been used
11 +## https://hub.docker.com/_/xwiki
12 + name: "behemothil/xwiki-mysql-tomcat-nonroot"
13 + tag: "16.2.0-2"
14 +# tag: '16.2.0-mysql-tomcat'
15 +service:
16 + portName: node
17 + name: http
18 + type: ClusterIP
19 + externalPort: 80
20 + internalPort: 8080
21 + # Set an array of externalIPs for the service
22 + externalIPs: []
23 + # - 10.20.30.40
24 + # - 10.20.30.41
25 + # Reference: https://kubernetes.io/docs/reference/networking/virtual-ips/#session-affinity
26 + sessionAffinity: ClientIP
27 +resources:
28 + limits:
29 + cpu: 4500m
30 + memory: 6144Mi
31 + requests:
32 + cpu: 1000m
33 + memory: 1024Mi
34 +
35 +javaOpts:
36 + - -Xms1024m
37 + - -Xmx6000m
38 +
39 +# Enable to choose witch kind of workload will be used: (true) StatefulSet or (false) for Deployment
40 +workloadStateful: true
41 +
42 +securityContext:
43 + enabled: true
44 + runAsUser: 30001
45 + runAsGroup: 30001
46 + fsGroup: 30001
47 +
48 +containerSecurityContext:
49 + enabled: true
50 + runAsUser: 30001
51 + runAsGroup: 30001
52 + runAsNonRoot: true
53 + allowPrivilegeEscalation: false
54 + capabilities:
55 + drop: ["ALL"]
56 + seccompProfile:
57 + type: "RuntimeDefault"
58 +
59 +volumePermissions:
60 + containerSecurityContext:
61 + enabled: false
62 + runAsUser: 30001
63 + runAsGroup: 30001
64 + seccompProfile:
65 + type: "RuntimeDefault"
66 + enabled: true
67 +
68 +##
69 +## MySql chart configuration
70 +##
71 +## https://github.com/bitnami/charts/tree/main/bitnami/mysql
72 +##
73 +mysql:
74 + ## Whether to deploy a mysql server. Set false for a different database.
75 + enabled: true
76 + image:
77 + tag: "8.0-debian-12"
78 + pullPolicy: "IfNotPresent"
79 + auth:
80 + rootPassword: "Wxv11dZmzw4YIozxj1"
81 + username: "xwiki"
82 + password: "3N5NBYnb5VQfDA2gde"
83 + database: "xwiki"
84 + initdbScripts:
85 + 00-init.sql: |
86 + grant all privileges on *.* to xwiki@'%'
87 + primary:
88 + # initContainers:
89 + # - name: "fix-non-root-permissions"
90 + # image: "busybox"
91 + # imagePullPolicy: "IfNotPresent"
92 + # command: [ "chown", "-R", "30001:30001", "/opt/bitnami" ]
93 + # volumeMounts:
94 + # - name: conf
95 + # mountPath: /opt/bitnami
96 + # Changed to use UTF8mb4, check future versions if this was already changed.
97 + # TODO: review explicit_defaults_for_timestamp
98 + configuration: |-
99 + [mysqld]
100 + default_authentication_plugin=mysql_native_password
101 + skip-name-resolve
102 + explicit_defaults_for_timestamp
103 + basedir=/opt/bitnami/mysql
104 + plugin_dir=/opt/bitnami/mysql/lib/plugin
105 + port=3306
106 + socket=/opt/bitnami/mysql/tmp/mysql.sock
107 + datadir=/bitnami/mysql/data
108 + tmpdir=/opt/bitnami/mysql/tmp
109 + max_allowed_packet=16M
110 + bind-address=*
111 + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
112 + log-error=/opt/bitnami/mysql/logs/mysqld.log
113 + character-set-server=UTF8MB4
114 + collation-server=utf8mb4_0900_ai_ci
115 + slow_query_log=0
116 + slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log
117 + long_query_time=10.0
118 +
119 + [client]
120 + port=3306
121 + socket=/opt/bitnami/mysql/tmp/mysql.sock
122 + default-character-set=UTF8MB4
123 + plugin_dir=/opt/bitnami/mysql/lib/plugin
124 +
125 + [manager]
126 + port=3306
127 + socket=/opt/bitnami/mysql/tmp/mysql.sock
128 + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
129 + persistence:
130 + enabled: true
131 + storageClass: "behemoth-xwiki-db"
132 + accessModes:
133 + - ReadWriteOnce
134 + size: "5Gi"
135 + containerSecurityContext:
136 + enabled: true
137 + seLinuxOptions: {}
138 + runAsUser: 30001
139 + runAsGroup: 0
140 + fsGroup: 30001
141 + runAsNonRoot: false
142 + allowPrivilegeEscalation: false
143 + capabilities:
144 + drop: ["ALL"]
145 + seccompProfile:
146 + type: "RuntimeDefault"
147 +
148 +mariadb:
149 + enabled: false
150 +
151 +postgresql:
152 + enabled: false
153 +
154 +solr:
155 + enabled: false
156 +
157 +# To use ingress for routing set ingress.enabled value to true and istio.enabled value to false
158 +ingress:
159 + enabled: true
160 + className: nginx
161 + annotations:
162 + kubernetes.io/ingress.class: nginx
163 +# nginx.ingress.kubernetes.io/whitelist-source-range: "152.67.64.124/32, 178.255.149.139/32"
164 + cert-manager.io/cluster-issuer: letsencrypt-prod
165 + # kubernetes.io/tls-acme: "true"
166 + # ingress.kubernetes.io/rewrite-target: /
167 + hosts:
168 + - host: wiki.behemoth.co.il
169 + paths:
170 + - path: /
171 + pathType: ImplementationSpecific
172 + tls:
173 + - secretName: wiki-behemoth-tls
174 + hosts:
175 + - wiki.behemoth.co.il
176 +
177 +istio:
178 + enabled: false
179 +
180 +persistence:
181 + enabled: true
182 + storageClass: "behemoth-xwiki-www"
183 + accessModes:
184 + - ReadWriteOnce
185 + size: "5Gi"
186 +
187 +podDisruptionBudget:
188 + enabled: false
189 +
190 +glowroot:
191 + enabled: false
192 +
193 +logback:
194 + enabled: false
195 +
196 +autoscaling:
197 + enabled: false
198 +
199 +# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
200 +probes:
201 + startup:
202 + enabled: true
203 + httpGet:
204 + enabled: false
205 + path: /
206 + initialDelaySeconds: 120
207 + timeoutSeconds: 60
208 + periodSeconds: 30
209 + failureThreshold: 5
210 + successThreshold: 1
211 + liveness:
212 + enabled: true
213 + httpGet:
214 + enabled: true
215 + path: /rest
216 + initialDelaySeconds: 30
217 + timeoutSeconds: 3
218 + periodSeconds: 30
219 + # 5 minutes
220 + failureThreshold: 10
221 + successThreshold: 1
222 + readiness:
223 + enabled: true
224 + httpGet:
225 + enabled: true
226 + path: /rest/wikis/xwiki/spaces
227 + initialDelaySeconds: 30
228 + timeoutSeconds: 3
229 + periodSeconds: 30
230 + # 5 minutes
231 + failureThreshold: 10
232 + successThreshold: 1
233 +
234 +infinispan:
235 + enabled: false
236 +
237 +prometheus:
238 + javaagent:
239 + # https://github.com/prometheus/jmx_exporter
240 + # Enable to download and use this agent
241 + enabled: true
242 +