Changes for page XWiki (Helm)
Last modified by Itzhak Daniel on 2024/04/29 16:35
From version 14.1
edited by Itzhak Daniel
on 2024/04/29 00:25
on 2024/04/29 00:25
Change comment:
Uploaded new attachment "values.yaml", version 1.1
To version 12.1
edited by Itzhak Daniel
on 2024/04/29 00:08
on 2024/04/29 00:08
Change comment:
Uploaded new attachment "pv_storage.yaml", version 1.1
Summary
-
Page properties (1 modified, 0 added, 0 removed)
-
Attachments (0 modified, 0 added, 1 removed)
Details
- Page properties
-
- Content
-
... ... @@ -86,7 +86,7 @@ 86 86 87 87 We're going to deploy XWiki as a [[statefulset>>https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/]] using [[Helm>>https://helm.sh/]], the Database (MySQL) and the App, each will have a volume to store their information. As I mentioned, in our case, we need to perform several additional steps. 88 88 89 -After the path/loop devices were created, create the PVs (only if your cluster doesn't know how to provision storage for itself):89 +After the path/loop devices were created, create the PVs: 90 90 91 91 {{code language="sh" layout="LINENUMBERS" title="# kubectl stdin"}} 92 92 kubectl create -f - <<EOF ... ... @@ -144,36 +144,9 @@ 144 144 145 145 This will create 2 PVs that we'll use later. Notice //nodeAffinity//, linking the deployment to a specific node (the pods can run only at that location, as the PV is defined only there). 146 146 147 - Nowwe caninstallXWiki's charts(repo)anddownload it's //values.yaml//file:147 +Download the Charts and Values file: 148 148 149 -{{code language="sh" layout="LINENUMBERS" title="# Charts and Values"}} 150 -helm repo add xwiki-helm https://xwiki-contrib.github.io/xwiki-helm 151 -helm repo update xwiki-helm 152 152 153 -curl -LO https://raw.githubusercontent.com/xwiki-contrib/xwiki-helm/master/charts/xwiki/values.yaml 154 -{{/code}} 155 - 156 -Modify the values.yaml file, our example has: 157 - 158 -* Using custom image (so it won't run as //root//). 159 -* Increased memory/core usage allowance. 160 -* Running as UID/GID 30001. 161 -* Dropping all capabilities. 162 -* Using MySQL. 163 -* Enabling persistence. 164 -* Ingress (Nginx). 165 -* TLS (Cert manager) 166 - 167 -You can download our example from the attachment area. 168 - 169 -Once you have your custom //values.yaml// file, deploy the app with Helm: 170 - 171 -{{code language="sh" layout="LINENUMBERS" title="# Helm install"}} 172 -helm install --namespace behemoth-wiki --create-namespace \ 173 - --values values.yaml \ 174 - behemoth-xwiki xwiki-helm/xwiki 175 -{{/code}} 176 - 177 177 178 178 ))) 179 179
- values.yaml
-
- Author
-
... ... @@ -1,1 +1,0 @@ 1 -XWiki.itzhak - Size
-
... ... @@ -1,1 +1,0 @@ 1 -4.1 KB - Content
-
... ... @@ -1,201 +1,0 @@ 1 -cluster: 2 - enabled: false 3 - 4 -image: 5 - name: xwiki 6 - pullPolicy: IfNotPresent 7 - name: "behemothil/xwiki-mysql-tomcat-nonroot" 8 - tag: "16.2.0-1" 9 -service: 10 - portName: node 11 - name: http 12 - type: ClusterIP 13 - externalPort: 80 14 - internalPort: 8080 15 - externalIPs: [] 16 - sessionAffinity: ClientIP 17 -resources: 18 - limits: 19 - cpu: 4500m 20 - memory: 6144Mi 21 - requests: 22 - cpu: 1000m 23 - memory: 1024Mi 24 - 25 -javaOpts: 26 - - -Xms1024m 27 - - -Xmx6000m 28 - 29 -workloadStateful: true 30 - 31 -securityContext: 32 - enabled: true 33 - runAsUser: 30001 34 - runAsGroup: 30001 35 - fsGroup: 30001 36 - 37 -containerSecurityContext: 38 - enabled: true 39 - runAsUser: 30001 40 - runAsGroup: 30001 41 - runAsNonRoot: true 42 - allowPrivilegeEscalation: false 43 - capabilities: 44 - drop: ["ALL"] 45 - seccompProfile: 46 - type: "RuntimeDefault" 47 - 48 -volumePermissions: 49 - containerSecurityContext: 50 - enabled: false 51 - runAsUser: 30001 52 - runAsGroup: 30001 53 - seccompProfile: 54 - type: "RuntimeDefault" 55 - enabled: true 56 - 57 -mysql: 58 - enabled: true 59 - image: 60 - tag: "8.0-debian-12" 61 - pullPolicy: "IfNotPresent" 62 - auth: 63 - rootPassword: "ROOT_PASSWORD_CHANGEME !!!" 64 - username: "USERNAME_CHANGEME !!!" 65 - password: "USER_PASSWORD_CHANGEME !!!" 66 - database: "DB_NAME_CHANGEME !!!" 67 - initdbScripts: 68 - 00-init.sql: | 69 - grant all privileges on *.* to xwiki@'%' 70 - primary: 71 - configuration: |- 72 - [mysqld] 73 - default_authentication_plugin=mysql_native_password 74 - skip-name-resolve 75 - explicit_defaults_for_timestamp 76 - basedir=/opt/bitnami/mysql 77 - plugin_dir=/opt/bitnami/mysql/lib/plugin 78 - port=3306 79 - socket=/opt/bitnami/mysql/tmp/mysql.sock 80 - datadir=/bitnami/mysql/data 81 - tmpdir=/opt/bitnami/mysql/tmp 82 - max_allowed_packet=16M 83 - bind-address=* 84 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid 85 - log-error=/opt/bitnami/mysql/logs/mysqld.log 86 - character-set-server=UTF8MB4 87 - collation-server=utf8mb4_0900_ai_ci 88 - slow_query_log=0 89 - slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log 90 - long_query_time=10.0 91 - 92 - [client] 93 - port=3306 94 - socket=/opt/bitnami/mysql/tmp/mysql.sock 95 - default-character-set=UTF8MB4 96 - plugin_dir=/opt/bitnami/mysql/lib/plugin 97 - 98 - [manager] 99 - port=3306 100 - socket=/opt/bitnami/mysql/tmp/mysql.sock 101 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid 102 - persistence: 103 - enabled: true 104 - storageClass: "behemoth-xwiki-db" 105 - accessModes: 106 - - ReadWriteOnce 107 - size: "5Gi" 108 - containerSecurityContext: 109 - enabled: true 110 - seLinuxOptions: {} 111 - runAsUser: 30001 112 - runAsGroup: 0 113 - fsGroup: 30001 114 - runAsNonRoot: false 115 - allowPrivilegeEscalation: false 116 - capabilities: 117 - drop: ["ALL"] 118 - seccompProfile: 119 - type: "RuntimeDefault" 120 - 121 -ingress: 122 - enabled: true 123 - className: nginx 124 - annotations: 125 - kubernetes.io/ingress.class: nginx 126 - cert-manager.io/cluster-issuer: letsencrypt-prod 127 - hosts: 128 - - host: wiki.behemoth.co.il 129 - paths: 130 - - path: / 131 - pathType: ImplementationSpecific 132 - tls: 133 - - secretName: wiki-behemoth-tls 134 - hosts: 135 - - wiki.behemoth.co.il 136 - 137 -persistence: 138 - enabled: true 139 - storageClass: "behemoth-xwiki-www" 140 - accessModes: 141 - - ReadWriteOnce 142 - size: "5Gi" 143 - 144 -probes: 145 - startup: 146 - enabled: true 147 - httpGet: 148 - enabled: false 149 - path: / 150 - initialDelaySeconds: 120 151 - timeoutSeconds: 60 152 - periodSeconds: 30 153 - failureThreshold: 5 154 - successThreshold: 1 155 - liveness: 156 - enabled: true 157 - httpGet: 158 - enabled: true 159 - path: /rest 160 - initialDelaySeconds: 30 161 - timeoutSeconds: 3 162 - periodSeconds: 30 163 - failureThreshold: 10 164 - successThreshold: 1 165 - readiness: 166 - enabled: true 167 - httpGet: 168 - enabled: true 169 - path: /rest/wikis/xwiki/spaces 170 - initialDelaySeconds: 30 171 - timeoutSeconds: 3 172 - periodSeconds: 30 173 - failureThreshold: 10 174 - successThreshold: 1 175 - 176 -prometheus: 177 - javaagent: 178 - # https://github.com/prometheus/jmx_exporter 179 - # Enable to download and use this agent 180 - enabled: true 181 - 182 -podDisruptionBudget: 183 - enabled: false 184 - 185 -solr: 186 - enabled: false 187 -istio: 188 - enabled: false 189 - 190 -glowroot: 191 - enabled: false 192 - 193 -logback: 194 - enabled: false 195 - 196 -autoscaling: 197 - enabled: false 198 - 199 -infinispan: 200 - enabled: false 201 -