Changes for page XWiki (Helm)

Last modified by Itzhak Daniel on 2024/04/29 16:35
From version 15.1
edited by Itzhak Daniel
on 2024/04/29 00:38
Change comment: There is no comment for this version
To version 10.1
edited by Itzhak Daniel
on 2024/04/28 21:18
Change comment: Uploaded new attachment "Dockerfile", version 1.1

Summary

Details

Page properties
Content
... ... @@ -30,7 +30,7 @@
30 30  
31 31  === Note about Storage ===
32 32  
33 -Behemoth LTD is running an on-prem Kubernetes solution, we (currently) don't have any shared storage solution ([[ceph>>https://docs.ceph.com/]], [[nfs>>https://github.com/kubernetes-csi/csi-driver-nfs]], [[...>>https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner]]) , which require two things from us:
33 +Behemoth LTD is running an on-prem Kubernetes solution, we (currently?) don't have any shared storage solution ([[ceph>>https://docs.ceph.com/]], [[nfs>>https://github.com/kubernetes-csi/csi-driver-nfs]], [[...>>https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner]]) , which require two things:
34 34  
35 35  1. Creating the path/loop device prior of creating PV.
36 36  1. The PV is manually created.
... ... @@ -84,129 +84,7 @@
84 84  
85 85  === Deploy ===
86 86  
87 -We're going to deploy XWiki as a [[statefulset>>https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/]] using [[Helm>>https://helm.sh/]], the Database (MySQL) and the App, each will have a volume to store their information. As I mentioned, in our case, we need to perform several additional steps.
88 -
89 -After the path/loop devices were created, create the PVs (only if your cluster doesn't know how to provision storage for itself):
90 -
91 -{{code language="sh" layout="LINENUMBERS" title="# kubectl stdin"}}
92 -kubectl create -f - <<EOF
93 ----
94 -kind: PersistentVolume
95 -apiVersion: v1
96 -metadata:
97 - name: behemoth-xwiki-db
98 - namespace: behemoth-wiki
99 - labels:
100 - type: behemoth-xwiki-db
101 -spec:
102 - storageClassName: behemoth-xwiki-db
103 - capacity:
104 - storage: 5Gi
105 - accessModes:
106 - - ReadWriteOnce
107 - hostPath:
108 - path: "/mnt/kubenernetes/behemoth-xwiki/db"
109 - nodeAffinity:
110 - required:
111 - nodeSelectorTerms:
112 - - matchExpressions:
113 - - key: kubernetes.io/hostname
114 - operator: In
115 - values:
116 - - k8s-uk-2
117 -
118 ----
119 -kind: PersistentVolume
120 -apiVersion: v1
121 -metadata:
122 - name: behemoth-xwiki-www
123 - namespace: behemoth-wiki
124 - labels:
125 - type: behemoth-xwiki-www
126 -spec:
127 - storageClassName: behemoth-xwiki-www
128 - capacity:
129 - storage: 5Gi
130 - accessModes:
131 - - ReadWriteOnce
132 - hostPath:
133 - path: "/mnt/kubenernetes/behemoth-xwiki/www"
134 - nodeAffinity:
135 - required:
136 - nodeSelectorTerms:
137 - - matchExpressions:
138 - - key: kubernetes.io/hostname
139 - operator: In
140 - values:
141 - - k8s-uk-2
142 -EOF
143 -{{/code}}
144 -
145 -This will create 2 PVs that we'll use later. Notice //nodeAffinity//, linking the deployment to a specific node (the pods can run only at that location, as the PV is defined only there).
146 -
147 -Now we can install XWiki's charts (repo) and download it's //values.yaml// file:
148 -
149 -{{code language="sh" layout="LINENUMBERS" title="# Charts and Values"}}
150 -helm repo add xwiki-helm https://xwiki-contrib.github.io/xwiki-helm
151 -helm repo update xwiki-helm
152 -
153 -curl -LO https://raw.githubusercontent.com/xwiki-contrib/xwiki-helm/master/charts/xwiki/values.yaml
154 -{{/code}}
155 -
156 -Modify the values.yaml file, our example has:
157 -
158 -* Using custom image (so it won't run as //root//).
159 -* Increased memory/core usage allowance.
160 -* Running as UID/GID 30001.
161 -* Dropping all capabilities.
162 -* Using MySQL.
163 -* Enabling persistence.
164 -* Ingress (Nginx).
165 -* TLS (Cert manager)
166 -
167 -You can download our example from the attachment area.
168 -
169 -Once you have your custom [[//values.yaml//>>attach:values.yaml]] file, deploy the app with Helm:
170 -
171 -{{code language="sh" layout="LINENUMBERS" title="# Helm install"}}
172 -helm install --namespace behemoth-wiki --create-namespace \
173 - --values values.yaml \
174 - behemoth-xwiki xwiki-helm/xwiki
175 -{{/code}}
176 -
177 -=== Upgrading ===
178 -
179 -To upgrade XWiki, you should read the content in [[XWiki official Helm pages regarding upgrades>>https://extensions.xwiki.org/xwiki/bin/view/Extension/XWikiHelm/#HUpgrading]].
180 -
181 -Theoretically, if there aren't any breaking changes or prerequisites, you can run:
182 -
183 -{{code language="sh" layout="LINENUMBERS" title="# Helm upgrade"}}
184 -helm upgrade --namespace behemoth-wiki \
185 - --values values.yaml \
186 - behemoth-xwiki xwiki-helm/xwiki
187 -
188 -{{/code}}
189 -
190 -=== Uninstalling ===
191 -
192 -To fully remove XWiki, use the following commands:
193 -
194 -{{code language="sh" layout="LINENUMBERS" title="# Uninstalling"}}
195 -helm uninstall --namespace behemoth-wiki behemoth-xwiki
196 -kubectl -n behemoth-wiki delete pvc/data-behemoth-xwiki-mysql-0
197 -kubectl -n behemoth-wiki delete pvc/xwiki-data-behemoth-xwiki-0
198 -kubectl delete -f pv_storage.yaml
199 -kubectl delete namespace behemoth-wiki
200 -{{/code}}
201 -
202 -This will uninstall the chart, delete the PVCs, delete the PVs and lastly, delete the namespace.
203 -
204 -== Links ==
205 -
206 -1. [[Github - XWiki - Docker>>https://github.com/xwiki/xwiki-docker/]]
207 -1. [[Docker Hub - XWiki - Official>>https://hub.docker.com/_/xwiki]]
208 -1. [[Docker Hub - Behemoth LTD - Custom XWiki Non-root Image>>https://hub.docker.com/repository/docker/behemothil/xwiki-mysql-tomcat-nonroot/general]]
209 -1.
87 +We're going to deploy XWiki as a [[statefulset>>https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/]], the Database (MySQL) and the App, each will have a volume to store their content.
210 210  )))
211 211  
212 212  (% class="col-xs-12 col-sm-4" %)
pv_storage.yaml
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.itzhak
Size
... ... @@ -1,1 +1,0 @@
1 -999 bytes
Content
... ... @@ -1,50 +1,0 @@
1 ----
2 -kind: PersistentVolume
3 -apiVersion: v1
4 -metadata:
5 - name: behemoth-xwiki-db
6 - namespace: behemoth-wiki
7 - labels:
8 - type: behemoth-xwiki-db
9 -spec:
10 - storageClassName: behemoth-xwiki-db
11 - capacity:
12 - storage: 5Gi
13 - accessModes:
14 - - ReadWriteOnce
15 - hostPath:
16 - path: "/mnt/kubenernetes/behemoth-xwiki/db"
17 - nodeAffinity:
18 - required:
19 - nodeSelectorTerms:
20 - - matchExpressions:
21 - - key: kubernetes.io/hostname
22 - operator: In
23 - values:
24 - - k8s-2
25 -
26 ----
27 -kind: PersistentVolume
28 -apiVersion: v1
29 -metadata:
30 - name: behemoth-xwiki-www
31 - namespace: behemoth-wiki
32 - labels:
33 - type: behemoth-xwiki-www
34 -spec:
35 - storageClassName: behemoth-xwiki-www
36 - capacity:
37 - storage: 5Gi
38 - accessModes:
39 - - ReadWriteOnce
40 - hostPath:
41 - path: "/mnt/kubenernetes/behemoth-xwiki/www"
42 - nodeAffinity:
43 - required:
44 - nodeSelectorTerms:
45 - - matchExpressions:
46 - - key: kubernetes.io/hostname
47 - operator: In
48 - values:
49 - - k8s-2
50 -
values.yaml
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.itzhak
Size
... ... @@ -1,1 +1,0 @@
1 -4.1 KB
Content
... ... @@ -1,201 +1,0 @@
1 -cluster:
2 - enabled: false
3 -
4 -image:
5 - name: xwiki
6 - pullPolicy: IfNotPresent
7 - name: "behemothil/xwiki-mysql-tomcat-nonroot"
8 - tag: "16.2.0-1"
9 -service:
10 - portName: node
11 - name: http
12 - type: ClusterIP
13 - externalPort: 80
14 - internalPort: 8080
15 - externalIPs: []
16 - sessionAffinity: ClientIP
17 -resources:
18 - limits:
19 - cpu: 4500m
20 - memory: 6144Mi
21 - requests:
22 - cpu: 1000m
23 - memory: 1024Mi
24 -
25 -javaOpts:
26 - - -Xms1024m
27 - - -Xmx6000m
28 -
29 -workloadStateful: true
30 -
31 -securityContext:
32 - enabled: true
33 - runAsUser: 30001
34 - runAsGroup: 30001
35 - fsGroup: 30001
36 -
37 -containerSecurityContext:
38 - enabled: true
39 - runAsUser: 30001
40 - runAsGroup: 30001
41 - runAsNonRoot: true
42 - allowPrivilegeEscalation: false
43 - capabilities:
44 - drop: ["ALL"]
45 - seccompProfile:
46 - type: "RuntimeDefault"
47 -
48 -volumePermissions:
49 - containerSecurityContext:
50 - enabled: false
51 - runAsUser: 30001
52 - runAsGroup: 30001
53 - seccompProfile:
54 - type: "RuntimeDefault"
55 - enabled: true
56 -
57 -mysql:
58 - enabled: true
59 - image:
60 - tag: "8.0-debian-12"
61 - pullPolicy: "IfNotPresent"
62 - auth:
63 - rootPassword: "ROOT_PASSWORD_CHANGEME !!!"
64 - username: "USERNAME_CHANGEME !!!"
65 - password: "USER_PASSWORD_CHANGEME !!!"
66 - database: "DB_NAME_CHANGEME !!!"
67 - initdbScripts:
68 - 00-init.sql: |
69 - grant all privileges on *.* to xwiki@'%'
70 - primary:
71 - configuration: |-
72 - [mysqld]
73 - default_authentication_plugin=mysql_native_password
74 - skip-name-resolve
75 - explicit_defaults_for_timestamp
76 - basedir=/opt/bitnami/mysql
77 - plugin_dir=/opt/bitnami/mysql/lib/plugin
78 - port=3306
79 - socket=/opt/bitnami/mysql/tmp/mysql.sock
80 - datadir=/bitnami/mysql/data
81 - tmpdir=/opt/bitnami/mysql/tmp
82 - max_allowed_packet=16M
83 - bind-address=*
84 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
85 - log-error=/opt/bitnami/mysql/logs/mysqld.log
86 - character-set-server=UTF8MB4
87 - collation-server=utf8mb4_0900_ai_ci
88 - slow_query_log=0
89 - slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log
90 - long_query_time=10.0
91 -
92 - [client]
93 - port=3306
94 - socket=/opt/bitnami/mysql/tmp/mysql.sock
95 - default-character-set=UTF8MB4
96 - plugin_dir=/opt/bitnami/mysql/lib/plugin
97 -
98 - [manager]
99 - port=3306
100 - socket=/opt/bitnami/mysql/tmp/mysql.sock
101 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
102 - persistence:
103 - enabled: true
104 - storageClass: "behemoth-xwiki-db"
105 - accessModes:
106 - - ReadWriteOnce
107 - size: "5Gi"
108 - containerSecurityContext:
109 - enabled: true
110 - seLinuxOptions: {}
111 - runAsUser: 30001
112 - runAsGroup: 0
113 - fsGroup: 30001
114 - runAsNonRoot: false
115 - allowPrivilegeEscalation: false
116 - capabilities:
117 - drop: ["ALL"]
118 - seccompProfile:
119 - type: "RuntimeDefault"
120 -
121 -ingress:
122 - enabled: true
123 - className: nginx
124 - annotations:
125 - kubernetes.io/ingress.class: nginx
126 - cert-manager.io/cluster-issuer: letsencrypt-prod
127 - hosts:
128 - - host: wiki.behemoth.co.il
129 - paths:
130 - - path: /
131 - pathType: ImplementationSpecific
132 - tls:
133 - - secretName: wiki-behemoth-tls
134 - hosts:
135 - - wiki.behemoth.co.il
136 -
137 -persistence:
138 - enabled: true
139 - storageClass: "behemoth-xwiki-www"
140 - accessModes:
141 - - ReadWriteOnce
142 - size: "5Gi"
143 -
144 -probes:
145 - startup:
146 - enabled: true
147 - httpGet:
148 - enabled: false
149 - path: /
150 - initialDelaySeconds: 120
151 - timeoutSeconds: 60
152 - periodSeconds: 30
153 - failureThreshold: 5
154 - successThreshold: 1
155 - liveness:
156 - enabled: true
157 - httpGet:
158 - enabled: true
159 - path: /rest
160 - initialDelaySeconds: 30
161 - timeoutSeconds: 3
162 - periodSeconds: 30
163 - failureThreshold: 10
164 - successThreshold: 1
165 - readiness:
166 - enabled: true
167 - httpGet:
168 - enabled: true
169 - path: /rest/wikis/xwiki/spaces
170 - initialDelaySeconds: 30
171 - timeoutSeconds: 3
172 - periodSeconds: 30
173 - failureThreshold: 10
174 - successThreshold: 1
175 -
176 -prometheus:
177 - javaagent:
178 - # https://github.com/prometheus/jmx_exporter
179 - # Enable to download and use this agent
180 - enabled: true
181 -
182 -podDisruptionBudget:
183 - enabled: false
184 -
185 -solr:
186 - enabled: false
187 -istio:
188 - enabled: false
189 -
190 -glowroot:
191 - enabled: false
192 -
193 -logback:
194 - enabled: false
195 -
196 -autoscaling:
197 - enabled: false
198 -
199 -infinispan:
200 - enabled: false
201 -