Changes for page XWiki (Helm)

Last modified by Itzhak Daniel on 2024/04/29 16:35
From version 17.1
edited by Itzhak Daniel
on 2024/04/29 00:51
Change comment: There is no comment for this version
To version 10.1
edited by Itzhak Daniel
on 2024/04/28 21:18
Change comment: Uploaded new attachment "Dockerfile", version 1.1

Summary

Details

Page properties
Content
... ... @@ -30,7 +30,7 @@
30 30  
31 31  === Note about Storage ===
32 32  
33 -Behemoth LTD is running an on-prem Kubernetes solution, we (currently) don't have any shared storage solution ([[ceph>>https://docs.ceph.com/]], [[nfs>>https://github.com/kubernetes-csi/csi-driver-nfs]], [[...>>https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner]]) , which require two things from us:
33 +Behemoth LTD is running an on-prem Kubernetes solution, we (currently?) don't have any shared storage solution ([[ceph>>https://docs.ceph.com/]], [[nfs>>https://github.com/kubernetes-csi/csi-driver-nfs]], [[...>>https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner]]) , which require two things:
34 34  
35 35  1. Creating the path/loop device prior of creating PV.
36 36  1. The PV is manually created.
... ... @@ -41,7 +41,7 @@
41 41  
42 42  At the beginning we tried to avoid making any custom changes to the images in question (XWiki and Bitnami's MySQL). But XWiki running as root, didn't fly. So we had to create a custom image with minor changes to enable it to run as a unprivileged uid/gid: 30001.
43 43  
44 -=== Build and Publish ===
44 +=== Building and Publish ===
45 45  
46 46  You will need to perform the following actions:
47 47  
... ... @@ -84,130 +84,7 @@
84 84  
85 85  === Deploy ===
86 86  
87 -We're going to deploy XWiki as a [[statefulset>>https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/]] using [[Helm>>https://helm.sh/]], the Database (MySQL) and the App, each will have a volume to store their information. As I mentioned, in our case, we need to perform several additional steps.
88 -
89 -After the path/loop devices were created, create the PVs (only if your cluster doesn't know how to provision storage for itself):
90 -
91 -{{code language="sh" layout="LINENUMBERS" title="# kubectl stdin"}}
92 -kubectl create -f - <<EOF
93 ----
94 -kind: PersistentVolume
95 -apiVersion: v1
96 -metadata:
97 - name: behemoth-xwiki-db
98 - namespace: behemoth-wiki
99 - labels:
100 - type: behemoth-xwiki-db
101 -spec:
102 - storageClassName: behemoth-xwiki-db
103 - capacity:
104 - storage: 5Gi
105 - accessModes:
106 - - ReadWriteOnce
107 - hostPath:
108 - path: "/mnt/kubenernetes/behemoth-xwiki/db"
109 - nodeAffinity:
110 - required:
111 - nodeSelectorTerms:
112 - - matchExpressions:
113 - - key: kubernetes.io/hostname
114 - operator: In
115 - values:
116 - - k8s-uk-2
117 -
118 ----
119 -kind: PersistentVolume
120 -apiVersion: v1
121 -metadata:
122 - name: behemoth-xwiki-www
123 - namespace: behemoth-wiki
124 - labels:
125 - type: behemoth-xwiki-www
126 -spec:
127 - storageClassName: behemoth-xwiki-www
128 - capacity:
129 - storage: 5Gi
130 - accessModes:
131 - - ReadWriteOnce
132 - hostPath:
133 - path: "/mnt/kubenernetes/behemoth-xwiki/www"
134 - nodeAffinity:
135 - required:
136 - nodeSelectorTerms:
137 - - matchExpressions:
138 - - key: kubernetes.io/hostname
139 - operator: In
140 - values:
141 - - k8s-uk-2
142 -EOF
143 -{{/code}}
144 -
145 -This will create 2 PVs that we'll use later. Notice //nodeAffinity//, linking the deployment to a specific node (the pods can run only at that location, as the PV is defined only there).
146 -
147 -Now we can install XWiki's charts (repo) and download it's //values.yaml// file:
148 -
149 -{{code language="sh" layout="LINENUMBERS" title="# Charts and Values"}}
150 -helm repo add xwiki-helm https://xwiki-contrib.github.io/xwiki-helm
151 -helm repo update xwiki-helm
152 -
153 -curl -LO https://raw.githubusercontent.com/xwiki-contrib/xwiki-helm/master/charts/xwiki/values.yaml
154 -{{/code}}
155 -
156 -Modify the values.yaml file, our example has:
157 -
158 -* Using custom image (so it won't run as //root//).
159 -* Increased memory/core usage allowance.
160 -* Running as UID/GID 30001.
161 -* Dropping all capabilities.
162 -* Using MySQL.
163 -* Enabling persistence.
164 -* Ingress (Nginx).
165 -* TLS (Cert manager)
166 -
167 -You can download our example from the attachment area.
168 -
169 -Once you have your custom [[//values.yaml//>>attach:values.yaml]] file, deploy the app with Helm:
170 -
171 -{{code language="sh" layout="LINENUMBERS" title="# Helm install"}}
172 -helm install --namespace behemoth-wiki --create-namespace \
173 - --values values.yaml \
174 - behemoth-xwiki xwiki-helm/xwiki
175 -{{/code}}
176 -
177 -=== Upgrade ===
178 -
179 -To upgrade XWiki, you should read the content in [[XWiki official Helm pages regarding upgrades>>https://extensions.xwiki.org/xwiki/bin/view/Extension/XWikiHelm/#HUpgrading]].
180 -
181 -Theoretically, if there aren't any breaking changes or prerequisites, you can run:
182 -
183 -{{code language="sh" layout="LINENUMBERS" title="# Helm upgrade"}}
184 -helm upgrade --namespace behemoth-wiki \
185 - --values values.yaml \
186 - behemoth-xwiki xwiki-helm/xwiki
187 -
188 -{{/code}}
189 -
190 -=== Uninstall ===
191 -
192 -To fully remove XWiki, use the following commands:
193 -
194 -{{code language="sh" layout="LINENUMBERS" title="# Uninstalling"}}
195 -helm uninstall --namespace behemoth-wiki behemoth-xwiki
196 -kubectl -n behemoth-wiki delete pvc/data-behemoth-xwiki-mysql-0
197 -kubectl -n behemoth-wiki delete pvc/xwiki-data-behemoth-xwiki-0
198 -kubectl delete -f pv_storage.yaml
199 -kubectl delete namespace behemoth-wiki
200 -{{/code}}
201 -
202 -This will uninstall the chart, delete the PVCs, delete the PVs and lastly, delete the namespace.
203 -
204 -== Links ==
205 -
206 -1. [[XWiki - Extensions - Helm>>https://extensions.xwiki.org/xwiki/bin/view/Extension/XWikiHelm/]]
207 -1. [[Github - XWiki Contrib - Helm Charts>>https://github.com/xwiki-contrib/xwiki-helm]]
208 -1. [[Github - XWiki - Docker>>https://github.com/xwiki/xwiki-docker/]]
209 -1. [[Docker Hub - XWiki - Official>>https://hub.docker.com/_/xwiki]]
210 -1. [[Docker Hub - Behemoth LTD - Custom XWiki Non-root Image>>https://hub.docker.com/r/behemothil/xwiki-mysql-tomcat-nonroot]]
87 +We're going to deploy XWiki as a [[statefulset>>https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/]], the Database (MySQL) and the App, each will have a volume to store their content.
211 211  )))
212 212  
213 213  (% class="col-xs-12 col-sm-4" %)
pv_storage.yaml
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.itzhak
Size
... ... @@ -1,1 +1,0 @@
1 -999 bytes
Content
... ... @@ -1,50 +1,0 @@
1 ----
2 -kind: PersistentVolume
3 -apiVersion: v1
4 -metadata:
5 - name: behemoth-xwiki-db
6 - namespace: behemoth-wiki
7 - labels:
8 - type: behemoth-xwiki-db
9 -spec:
10 - storageClassName: behemoth-xwiki-db
11 - capacity:
12 - storage: 5Gi
13 - accessModes:
14 - - ReadWriteOnce
15 - hostPath:
16 - path: "/mnt/kubenernetes/behemoth-xwiki/db"
17 - nodeAffinity:
18 - required:
19 - nodeSelectorTerms:
20 - - matchExpressions:
21 - - key: kubernetes.io/hostname
22 - operator: In
23 - values:
24 - - k8s-2
25 -
26 ----
27 -kind: PersistentVolume
28 -apiVersion: v1
29 -metadata:
30 - name: behemoth-xwiki-www
31 - namespace: behemoth-wiki
32 - labels:
33 - type: behemoth-xwiki-www
34 -spec:
35 - storageClassName: behemoth-xwiki-www
36 - capacity:
37 - storage: 5Gi
38 - accessModes:
39 - - ReadWriteOnce
40 - hostPath:
41 - path: "/mnt/kubenernetes/behemoth-xwiki/www"
42 - nodeAffinity:
43 - required:
44 - nodeSelectorTerms:
45 - - matchExpressions:
46 - - key: kubernetes.io/hostname
47 - operator: In
48 - values:
49 - - k8s-2
50 -
values.yaml
Author
... ... @@ -1,1 +1,0 @@
1 -XWiki.itzhak
Size
... ... @@ -1,1 +1,0 @@
1 -4.1 KB
Content
... ... @@ -1,201 +1,0 @@
1 -cluster:
2 - enabled: false
3 -
4 -image:
5 - name: xwiki
6 - pullPolicy: IfNotPresent
7 - name: "behemothil/xwiki-mysql-tomcat-nonroot"
8 - tag: "16.2.0-1"
9 -service:
10 - portName: node
11 - name: http
12 - type: ClusterIP
13 - externalPort: 80
14 - internalPort: 8080
15 - externalIPs: []
16 - sessionAffinity: ClientIP
17 -resources:
18 - limits:
19 - cpu: 4500m
20 - memory: 6144Mi
21 - requests:
22 - cpu: 1000m
23 - memory: 1024Mi
24 -
25 -javaOpts:
26 - - -Xms1024m
27 - - -Xmx6000m
28 -
29 -workloadStateful: true
30 -
31 -securityContext:
32 - enabled: true
33 - runAsUser: 30001
34 - runAsGroup: 30001
35 - fsGroup: 30001
36 -
37 -containerSecurityContext:
38 - enabled: true
39 - runAsUser: 30001
40 - runAsGroup: 30001
41 - runAsNonRoot: true
42 - allowPrivilegeEscalation: false
43 - capabilities:
44 - drop: ["ALL"]
45 - seccompProfile:
46 - type: "RuntimeDefault"
47 -
48 -volumePermissions:
49 - containerSecurityContext:
50 - enabled: false
51 - runAsUser: 30001
52 - runAsGroup: 30001
53 - seccompProfile:
54 - type: "RuntimeDefault"
55 - enabled: true
56 -
57 -mysql:
58 - enabled: true
59 - image:
60 - tag: "8.0-debian-12"
61 - pullPolicy: "IfNotPresent"
62 - auth:
63 - rootPassword: "ROOT_PASSWORD_CHANGEME !!!"
64 - username: "USERNAME_CHANGEME !!!"
65 - password: "USER_PASSWORD_CHANGEME !!!"
66 - database: "DB_NAME_CHANGEME !!!"
67 - initdbScripts:
68 - 00-init.sql: |
69 - grant all privileges on *.* to xwiki@'%'
70 - primary:
71 - configuration: |-
72 - [mysqld]
73 - default_authentication_plugin=mysql_native_password
74 - skip-name-resolve
75 - explicit_defaults_for_timestamp
76 - basedir=/opt/bitnami/mysql
77 - plugin_dir=/opt/bitnami/mysql/lib/plugin
78 - port=3306
79 - socket=/opt/bitnami/mysql/tmp/mysql.sock
80 - datadir=/bitnami/mysql/data
81 - tmpdir=/opt/bitnami/mysql/tmp
82 - max_allowed_packet=16M
83 - bind-address=*
84 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
85 - log-error=/opt/bitnami/mysql/logs/mysqld.log
86 - character-set-server=UTF8MB4
87 - collation-server=utf8mb4_0900_ai_ci
88 - slow_query_log=0
89 - slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log
90 - long_query_time=10.0
91 -
92 - [client]
93 - port=3306
94 - socket=/opt/bitnami/mysql/tmp/mysql.sock
95 - default-character-set=UTF8MB4
96 - plugin_dir=/opt/bitnami/mysql/lib/plugin
97 -
98 - [manager]
99 - port=3306
100 - socket=/opt/bitnami/mysql/tmp/mysql.sock
101 - pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
102 - persistence:
103 - enabled: true
104 - storageClass: "behemoth-xwiki-db"
105 - accessModes:
106 - - ReadWriteOnce
107 - size: "5Gi"
108 - containerSecurityContext:
109 - enabled: true
110 - seLinuxOptions: {}
111 - runAsUser: 30001
112 - runAsGroup: 0
113 - fsGroup: 30001
114 - runAsNonRoot: false
115 - allowPrivilegeEscalation: false
116 - capabilities:
117 - drop: ["ALL"]
118 - seccompProfile:
119 - type: "RuntimeDefault"
120 -
121 -ingress:
122 - enabled: true
123 - className: nginx
124 - annotations:
125 - kubernetes.io/ingress.class: nginx
126 - cert-manager.io/cluster-issuer: letsencrypt-prod
127 - hosts:
128 - - host: wiki.behemoth.co.il
129 - paths:
130 - - path: /
131 - pathType: ImplementationSpecific
132 - tls:
133 - - secretName: wiki-behemoth-tls
134 - hosts:
135 - - wiki.behemoth.co.il
136 -
137 -persistence:
138 - enabled: true
139 - storageClass: "behemoth-xwiki-www"
140 - accessModes:
141 - - ReadWriteOnce
142 - size: "5Gi"
143 -
144 -probes:
145 - startup:
146 - enabled: true
147 - httpGet:
148 - enabled: false
149 - path: /
150 - initialDelaySeconds: 120
151 - timeoutSeconds: 60
152 - periodSeconds: 30
153 - failureThreshold: 5
154 - successThreshold: 1
155 - liveness:
156 - enabled: true
157 - httpGet:
158 - enabled: true
159 - path: /rest
160 - initialDelaySeconds: 30
161 - timeoutSeconds: 3
162 - periodSeconds: 30
163 - failureThreshold: 10
164 - successThreshold: 1
165 - readiness:
166 - enabled: true
167 - httpGet:
168 - enabled: true
169 - path: /rest/wikis/xwiki/spaces
170 - initialDelaySeconds: 30
171 - timeoutSeconds: 3
172 - periodSeconds: 30
173 - failureThreshold: 10
174 - successThreshold: 1
175 -
176 -prometheus:
177 - javaagent:
178 - # https://github.com/prometheus/jmx_exporter
179 - # Enable to download and use this agent
180 - enabled: true
181 -
182 -podDisruptionBudget:
183 - enabled: false
184 -
185 -solr:
186 - enabled: false
187 -istio:
188 - enabled: false
189 -
190 -glowroot:
191 - enabled: false
192 -
193 -logback:
194 - enabled: false
195 -
196 -autoscaling:
197 - enabled: false
198 -
199 -infinispan:
200 - enabled: false
201 -