Changes for page XWiki (Helm)

Last modified by Itzhak Daniel on 2024/04/29 16:35
From version 14.1
edited by Itzhak Daniel
on 2024/04/29 00:25
Change comment: Uploaded new attachment "values.yaml", version 1.1
To version 9.1
edited by Itzhak Daniel
on 2024/04/28 21:16
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -30,7 +30,7 @@
30 30  
31 31  === Note about Storage ===
32 32  
33 -Behemoth LTD is running an on-prem Kubernetes solution, we (currently) don't have any shared storage solution ([[ceph>>https://docs.ceph.com/]], [[nfs>>https://github.com/kubernetes-csi/csi-driver-nfs]], [[...>>https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner]]) , which require two things from us:
33 +Behemoth LTD is running an on-prem Kubernetes solution, we (currently?) don't have any shared storage solution ([[ceph>>https://docs.ceph.com/]], [[nfs>>https://github.com/kubernetes-csi/csi-driver-nfs]], [[...>>https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner]]) , which require two things:
34 34  
35 35  1. Creating the path/loop device prior of creating PV.
36 36  1. The PV is manually created.
... ... @@ -84,97 +84,7 @@
84 84  
85 85  === Deploy ===
86 86  
87 -We're going to deploy XWiki as a [[statefulset>>https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/]] using [[Helm>>https://helm.sh/]], the Database (MySQL) and the App, each will have a volume to store their information. As I mentioned, in our case, we need to perform several additional steps.
88 -
89 -After the path/loop devices were created, create the PVs (only if your cluster doesn't know how to provision storage for itself):
90 -
91 -{{code language="sh" layout="LINENUMBERS" title="# kubectl stdin"}}
92 -kubectl create -f - <<EOF
93 ----
94 -kind: PersistentVolume
95 -apiVersion: v1
96 -metadata:
97 - name: behemoth-xwiki-db
98 - namespace: behemoth-wiki
99 - labels:
100 - type: behemoth-xwiki-db
101 -spec:
102 - storageClassName: behemoth-xwiki-db
103 - capacity:
104 - storage: 5Gi
105 - accessModes:
106 - - ReadWriteOnce
107 - hostPath:
108 - path: "/mnt/kubenernetes/behemoth-xwiki/db"
109 - nodeAffinity:
110 - required:
111 - nodeSelectorTerms:
112 - - matchExpressions:
113 - - key: kubernetes.io/hostname
114 - operator: In
115 - values:
116 - - k8s-uk-2
117 -
118 ----
119 -kind: PersistentVolume
120 -apiVersion: v1
121 -metadata:
122 - name: behemoth-xwiki-www
123 - namespace: behemoth-wiki
124 - labels:
125 - type: behemoth-xwiki-www
126 -spec:
127 - storageClassName: behemoth-xwiki-www
128 - capacity:
129 - storage: 5Gi
130 - accessModes:
131 - - ReadWriteOnce
132 - hostPath:
133 - path: "/mnt/kubenernetes/behemoth-xwiki/www"
134 - nodeAffinity:
135 - required:
136 - nodeSelectorTerms:
137 - - matchExpressions:
138 - - key: kubernetes.io/hostname
139 - operator: In
140 - values:
141 - - k8s-uk-2
142 -EOF
143 -{{/code}}
144 -
145 -This will create 2 PVs that we'll use later. Notice //nodeAffinity//, linking the deployment to a specific node (the pods can run only at that location, as the PV is defined only there).
146 -
147 -Now we can install XWiki's charts (repo) and download it's //values.yaml// file:
148 -
149 -{{code language="sh" layout="LINENUMBERS" title="# Charts and Values"}}
150 -helm repo add xwiki-helm https://xwiki-contrib.github.io/xwiki-helm
151 -helm repo update xwiki-helm
152 -
153 -curl -LO https://raw.githubusercontent.com/xwiki-contrib/xwiki-helm/master/charts/xwiki/values.yaml
154 -{{/code}}
155 -
156 -Modify the values.yaml file, our example has:
157 -
158 -* Using custom image (so it won't run as //root//).
159 -* Increased memory/core usage allowance.
160 -* Running as UID/GID 30001.
161 -* Dropping all capabilities.
162 -* Using MySQL.
163 -* Enabling persistence.
164 -* Ingress (Nginx).
165 -* TLS (Cert manager)
166 -
167 -You can download our example from the attachment area.
168 -
169 -Once you have your custom //values.yaml// file, deploy the app with Helm:
170 -
171 -{{code language="sh" layout="LINENUMBERS" title="# Helm install"}}
172 -helm install --namespace behemoth-wiki --create-namespace \
173 - --values values.yaml \
174 - behemoth-xwiki xwiki-helm/xwiki
175 -{{/code}}
176 -
177 -
87 +We're going to deploy XWiki as a [[statefulset>>https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/]], the Database (MySQL) and the App, each will have a volume to store their content.
178 178  )))
179 179  
180 180  (% class="col-xs-12 col-sm-4" %)
Dockerfile
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.itzhak
Size
... ... @@ -1,1 +1,0 @@
1 -6.6 KB
Content
... ... @@ -1,122 +1,0 @@
1 -# ---------------------------------------------------------------------------
2 -# See the NOTICE file distributed with this work for additional
3 -# information regarding copyright ownership.
4 -#
5 -# This is free software; you can redistribute it and/or modify it
6 -# under the terms of the GNU Lesser General Public License as
7 -# published by the Free Software Foundation; either version 2.1 of
8 -# the License, or (at your option) any later version.
9 -#
10 -# This software is distributed in the hope that it will be useful,
11 -# but WITHOUT ANY WARRANTY; without even the implied warranty of
12 -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 -# Lesser General Public License for more details.
14 -#
15 -# You should have received a copy of the GNU Lesser General Public
16 -# License along with this software; if not, write to the Free
17 -# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18 -# 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19 -# ---------------------------------------------------------------------------
20 -FROM tomcat:9-jre17
21 -
22 -# ____ ____ ____ ____ _ __ _
23 -# |_ _||_ _||_ _| |_ _|(_) [ | _ (_)
24 -# \ \ / / \ \ /\ / / __ | | / ] __
25 -# > `' < \ \/ \/ / [ | | '' < [ |
26 -# _/ /'`\ \_ \ /\ / | | | |`\ \ | |
27 -# |____||____| \/ \/ [___][__| \_][___]
28 -
29 -LABEL org.opencontainers.image.authors='XWiki Development Team <committers@xwiki.org>'
30 -LABEL org.opencontainers.image.url='https://hub.docker.com/_/xwiki'
31 -LABEL org.opencontainers.image.documentation='https://hub.docker.com/_/xwiki'
32 -LABEL org.opencontainers.image.source='https://github.com/xwiki/xwiki-docker.git'
33 -LABEL org.opencontainers.image.vendor='xwiki.org'
34 -LABEL org.opencontainers.image.licenses='LGPL-2.1'
35 -
36 -# Note: when using docker-compose, the ENV values below are overridden from the .env file.
37 -
38 -# Install LibreOffice + other tools
39 -# Note that procps is required to get ps which is used by JODConverter to start LibreOffice
40 -RUN apt-get update && \
41 - apt-get --no-install-recommends -y install \
42 - curl \
43 - libreoffice \
44 - unzip \
45 - procps && \
46 - rm -rf /var/lib/apt/lists/*
47 -
48 -# Install XWiki as the ROOT webapp context in Tomcat
49 -# Create the Tomcat temporary directory
50 -# Configure the XWiki permanent directory
51 -ENV XWIKI_VERSION="16.2.0"
52 -ENV XWIKI_URL_PREFIX "https://maven.xwiki.org/releases/org/xwiki/platform/xwiki-platform-distribution-war/${XWIKI_VERSION}"
53 -ENV XWIKI_DOWNLOAD_SHA256 7d355ae1c88691b19af9658e3f042083d57c08d5e52e1ade25536536ad72fb3f
54 -RUN rm -rf /usr/local/tomcat/webapps/* && \
55 - mkdir -p /usr/local/tomcat/temp && \
56 - mkdir -p /usr/local/xwiki/data && \
57 - curl -fSL "${XWIKI_URL_PREFIX}/xwiki-platform-distribution-war-${XWIKI_VERSION}.war" -o xwiki.war && \
58 - echo "$XWIKI_DOWNLOAD_SHA256 xwiki.war" | sha256sum -c - && \
59 - unzip -d /usr/local/tomcat/webapps/ROOT xwiki.war && \
60 - rm -f xwiki.war
61 -
62 -# Copy the JDBC driver in the XWiki webapp
63 -# We take the database driver version from the Maven Central repository since we want to control the version
64 -# used and have it being consistent with what is tested in the CI.
65 -ENV MYSQL_JDBC_VERSION="8.3.0"
66 -ENV MYSQL_JDBC_SHA256="94e7fa815370cdcefed915db7f53f88445fac110f8c3818392b992ec9ee6d295"
67 -ENV MYSQL_JDBC_PREFIX="https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/${MYSQL_JDBC_VERSION}"
68 -ENV MYSQL_JDBC_ARTIFACT="mysql-connector-j-${MYSQL_JDBC_VERSION}.jar"
69 -ENV MYSQL_JDBC_TARGET="/usr/local/tomcat/webapps/ROOT/WEB-INF/lib/${MYSQL_JDBC_ARTIFACT}"
70 -RUN curl -fSL "${MYSQL_JDBC_PREFIX}/${MYSQL_JDBC_ARTIFACT}" -o $MYSQL_JDBC_TARGET && \
71 - echo "$MYSQL_JDBC_SHA256 $MYSQL_JDBC_TARGET" | sha256sum -c -
72 -
73 -# Configure Tomcat. For example set the memory for the Tomcat JVM since the default value is too small for XWiki
74 -COPY tomcat/setenv.sh /usr/local/tomcat/bin/
75 -
76 -# Setup the XWiki Hibernate configuration
77 -COPY xwiki/hibernate.cfg.xml /usr/local/tomcat/webapps/ROOT/WEB-INF/hibernate.cfg.xml
78 -
79 -# Set a specific distribution id in XWiki for this docker packaging.
80 -RUN sed -i 's/<id>org.xwiki.platform:xwiki-platform-distribution-war/<id>org.xwiki.platform:xwiki-platform-distribution-docker/' \
81 - /usr/local/tomcat/webapps/ROOT/META-INF/extension.xed
82 -
83 -# Add scripts required to make changes to XWiki configuration files at execution time
84 -# Note: we don't run CHMOD since 1) it's not required since the executabe bit is already set in git and 2) running
85 -# CHMOD after a COPY will sometimes fail, depending on different host-specific factors (especially on AUFS).
86 -COPY xwiki/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
87 -
88 -# Make the XWiki directory (the permanent directory is included in it) persist on the host (so that it's not recreated
89 -# across runs)
90 -VOLUME /usr/local/xwiki
91 -
92 -# Added by Behemoth LTD - Apr 28th, 2024
93 -# Fixing permissions error when using non-root user/group (30001:30001) to start the app
94 -RUN chown -R 30001:30001 /usr/local/tomcat/webapps
95 -USER 30001:30001
96 -
97 -# At this point the image is done and what remains below are the runtime configuration used by the user to configure
98 -# the container that will be created out of the image. Namely the user can override some environment variables with
99 -# docker run -e "var1=val1" -e "var2=val2" ...
100 -# The supported environment variables that can be overridden are:
101 -# - DB_USER: the name of the user configured for XWiki in the DB. Default is "xwiki". This is used to configure
102 -# xwiki's hibernate.cfg.xml file.
103 -# - DB_PASSWORD: the password for the user configured for XWiki in the DB. Default is "xwiki". This is used to
104 -# configure xwiki's hibernate.cfg.xml file.
105 -# - DB_DATABASE: the name of the database to use. Default is "xwiki". This is used to configure xwiki's
106 -# hibernate.cfg.xml file.
107 -# - DB_HOST: The name of the host (or docker container) containing the database. Default is "db". This is used to
108 -# configure xwiki's hibernate.cfg.xml file.
109 -# - CONTEXT_PATH: The name of the context path under which XWiki will be deployed in Tomcat. If not specified then it'll
110 -# be deployed as ROOT.
111 -# - JDBC_PARAMS: Replaces the default JDBC parameters with the passed ones.
112 -
113 -# Example:
114 -# docker run -it -e "DB_USER=xwiki" -e "DB_PASSWORD=xwiki" <imagename>
115 -
116 -# Starts XWiki by starting Tomcat. All options passed to "docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]"
117 -# are also passed to docker-entrypoint.sh. If "xwiki" is passed then XWiki will be configured the first time the
118 -# container executes and Tomcat will be started. If some other parameter is passed then it'll be executed to comply
119 -# with best practices defined at https://github.com/docker-library/official-images#consistency.
120 -ENTRYPOINT ["docker-entrypoint.sh"]
121 -CMD ["xwiki"]
122 -
pv_storage.yaml
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.itzhak
Size
... ... @@ -1,1 +1,0 @@
1 -999 bytes
Content
... ... @@ -1,50 +1,0 @@
1 ----
2 -kind: PersistentVolume
3 -apiVersion: v1
4 -metadata:
5 - name: behemoth-xwiki-db
6 - namespace: behemoth-wiki
7 - labels:
8 - type: behemoth-xwiki-db
9 -spec:
10 - storageClassName: behemoth-xwiki-db
11 - capacity:
12 - storage: 5Gi
13 - accessModes:
14 - - ReadWriteOnce
15 - hostPath:
16 - path: "/mnt/kubenernetes/behemoth-xwiki/db"
17 - nodeAffinity:
18 - required:
19 - nodeSelectorTerms:
20 - - matchExpressions:
21 - - key: kubernetes.io/hostname
22 - operator: In
23 - values:
24 - - k8s-2
25 -
26 ----
27 -kind: PersistentVolume
28 -apiVersion: v1
29 -metadata:
30 - name: behemoth-xwiki-www
31 - namespace: behemoth-wiki
32 - labels:
33 - type: behemoth-xwiki-www
34 -spec:
35 - storageClassName: behemoth-xwiki-www
36 - capacity:
37 - storage: 5Gi
38 - accessModes:
39 - - ReadWriteOnce
40 - hostPath:
41 - path: "/mnt/kubenernetes/behemoth-xwiki/www"
42 - nodeAffinity:
43 - required:
44 - nodeSelectorTerms:
45 - - matchExpressions:
46 - - key: kubernetes.io/hostname
47 - operator: In
48 - values:
49 - - k8s-2
50 -
values.yaml
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.itzhak
Size
... ... @@ -1,1 +1,0 @@
1 -4.1 KB
Content
... ... @@ -1,201 +1,0 @@
1 -cluster:
2 - enabled: false
3 -
4 -image:
5 - name: xwiki
6 - pullPolicy: IfNotPresent
7 - name: "behemothil/xwiki-mysql-tomcat-nonroot"
8 - tag: "16.2.0-1"
9 -service:
10 - portName: node
11 - name: http
12 - type: ClusterIP
13 - externalPort: 80
14 - internalPort: 8080
15 - externalIPs: []
16 - sessionAffinity: ClientIP
17 -resources:
18 - limits:
19 - cpu: 4500m
20 - memory: 6144Mi
21 - requests:
22 - cpu: 1000m
23 - memory: 1024Mi
24 -
25 -javaOpts:
26 - - -Xms1024m
27 - - -Xmx6000m
28 -
29 -workloadStateful: true
30 -
31 -securityContext:
32 - enabled: true
33 - runAsUser: 30001
34 - runAsGroup: 30001
35 - fsGroup: 30001
36 -
37 -containerSecurityContext:
38 - enabled: true
39 - runAsUser: 30001
40 - runAsGroup: 30001
41 - runAsNonRoot: true
42 - allowPrivilegeEscalation: false
43 - capabilities:
44 - drop: ["ALL"]
45 - seccompProfile:
46 - type: "RuntimeDefault"
47 -
48 -volumePermissions:
49 - containerSecurityContext:
50 - enabled: false
51 - runAsUser: 30001
52 - runAsGroup: 30001
53 - seccompProfile:
54 - type: "RuntimeDefault"
55 - enabled: true
56 -
57 -mysql:
58 - enabled: true
59 - image:
60 - tag: "8.0-debian-12"
61 - pullPolicy: "IfNotPresent"
62 - auth:
63 - rootPassword: "ROOT_PASSWORD_CHANGEME !!!"
64 - username: "USERNAME_CHANGEME !!!"
65 - password: "USER_PASSWORD_CHANGEME !!!"
66 - database: "DB_NAME_CHANGEME !!!"
67 - initdbScripts:
68 - 00-init.sql: |
69 - grant all privileges on *.* to xwiki@'%'
70 - primary:
71 - configuration: |-
72 - [mysqld]
73 - default_authentication_plugin=mysql_native_password
74 - skip-name-resolve
75 - explicit_defaults_for_timestamp
76 - basedir=/opt/bitnami/mysql
77 - plugin_dir=/opt/bitnami/mysql/lib/plugin
78 - port=3306
79 - socket=/opt/bitnami/mysql/tmp/mysql.sock
80 - datadir=/bitnami/mysql/data
81 - tmpdir=/opt/bitnami/mysql/tmp
82 - max_allowed_packet=16M
83 - bind-address=*
84 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
85 - log-error=/opt/bitnami/mysql/logs/mysqld.log
86 - character-set-server=UTF8MB4
87 - collation-server=utf8mb4_0900_ai_ci
88 - slow_query_log=0
89 - slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log
90 - long_query_time=10.0
91 -
92 - [client]
93 - port=3306
94 - socket=/opt/bitnami/mysql/tmp/mysql.sock
95 - default-character-set=UTF8MB4
96 - plugin_dir=/opt/bitnami/mysql/lib/plugin
97 -
98 - [manager]
99 - port=3306
100 - socket=/opt/bitnami/mysql/tmp/mysql.sock
101 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
102 - persistence:
103 - enabled: true
104 - storageClass: "behemoth-xwiki-db"
105 - accessModes:
106 - - ReadWriteOnce
107 - size: "5Gi"
108 - containerSecurityContext:
109 - enabled: true
110 - seLinuxOptions: {}
111 - runAsUser: 30001
112 - runAsGroup: 0
113 - fsGroup: 30001
114 - runAsNonRoot: false
115 - allowPrivilegeEscalation: false
116 - capabilities:
117 - drop: ["ALL"]
118 - seccompProfile:
119 - type: "RuntimeDefault"
120 -
121 -ingress:
122 - enabled: true
123 - className: nginx
124 - annotations:
125 - kubernetes.io/ingress.class: nginx
126 - cert-manager.io/cluster-issuer: letsencrypt-prod
127 - hosts:
128 - - host: wiki.behemoth.co.il
129 - paths:
130 - - path: /
131 - pathType: ImplementationSpecific
132 - tls:
133 - - secretName: wiki-behemoth-tls
134 - hosts:
135 - - wiki.behemoth.co.il
136 -
137 -persistence:
138 - enabled: true
139 - storageClass: "behemoth-xwiki-www"
140 - accessModes:
141 - - ReadWriteOnce
142 - size: "5Gi"
143 -
144 -probes:
145 - startup:
146 - enabled: true
147 - httpGet:
148 - enabled: false
149 - path: /
150 - initialDelaySeconds: 120
151 - timeoutSeconds: 60
152 - periodSeconds: 30
153 - failureThreshold: 5
154 - successThreshold: 1
155 - liveness:
156 - enabled: true
157 - httpGet:
158 - enabled: true
159 - path: /rest
160 - initialDelaySeconds: 30
161 - timeoutSeconds: 3
162 - periodSeconds: 30
163 - failureThreshold: 10
164 - successThreshold: 1
165 - readiness:
166 - enabled: true
167 - httpGet:
168 - enabled: true
169 - path: /rest/wikis/xwiki/spaces
170 - initialDelaySeconds: 30
171 - timeoutSeconds: 3
172 - periodSeconds: 30
173 - failureThreshold: 10
174 - successThreshold: 1
175 -
176 -prometheus:
177 - javaagent:
178 - # https://github.com/prometheus/jmx_exporter
179 - # Enable to download and use this agent
180 - enabled: true
181 -
182 -podDisruptionBudget:
183 - enabled: false
184 -
185 -solr:
186 - enabled: false
187 -istio:
188 - enabled: false
189 -
190 -glowroot:
191 - enabled: false
192 -
193 -logback:
194 - enabled: false
195 -
196 -autoscaling:
197 - enabled: false
198 -
199 -infinispan:
200 - enabled: false
201 -