Changes for page XWiki (Helm)

Last modified by Itzhak Daniel on 2024/04/29 16:35
From version 9.1
edited by Itzhak Daniel
on 2024/04/28 21:16
Change comment: There is no comment for this version
To version 15.1
edited by Itzhak Daniel
on 2024/04/29 00:38
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -30,7 +30,7 @@
30 30  
31 31  === Note about Storage ===
32 32  
33 -Behemoth LTD is running an on-prem Kubernetes solution, we (currently?) don't have any shared storage solution ([[ceph>>https://docs.ceph.com/]], [[nfs>>https://github.com/kubernetes-csi/csi-driver-nfs]], [[...>>https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner]]) , which require two things:
33 +Behemoth LTD is running an on-prem Kubernetes solution, we (currently) don't have any shared storage solution ([[ceph>>https://docs.ceph.com/]], [[nfs>>https://github.com/kubernetes-csi/csi-driver-nfs]], [[...>>https://kubernetes.io/docs/concepts/storage/storage-classes/#provisioner]]) , which require two things from us:
34 34  
35 35  1. Creating the path/loop device prior of creating PV.
36 36  1. The PV is manually created.
... ... @@ -84,7 +84,129 @@
84 84  
85 85  === Deploy ===
86 86  
87 -We're going to deploy XWiki as a [[statefulset>>https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/]], the Database (MySQL) and the App, each will have a volume to store their content.
87 +We're going to deploy XWiki as a [[statefulset>>https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/]] using [[Helm>>https://helm.sh/]], the Database (MySQL) and the App, each will have a volume to store their information. As I mentioned, in our case, we need to perform several additional steps.
88 +
89 +After the path/loop devices were created, create the PVs (only if your cluster doesn't know how to provision storage for itself):
90 +
91 +{{code language="sh" layout="LINENUMBERS" title="# kubectl stdin"}}
92 +kubectl create -f - <<EOF
93 +---
94 +kind: PersistentVolume
95 +apiVersion: v1
96 +metadata:
97 + name: behemoth-xwiki-db
98 + namespace: behemoth-wiki
99 + labels:
100 + type: behemoth-xwiki-db
101 +spec:
102 + storageClassName: behemoth-xwiki-db
103 + capacity:
104 + storage: 5Gi
105 + accessModes:
106 + - ReadWriteOnce
107 + hostPath:
108 + path: "/mnt/kubenernetes/behemoth-xwiki/db"
109 + nodeAffinity:
110 + required:
111 + nodeSelectorTerms:
112 + - matchExpressions:
113 + - key: kubernetes.io/hostname
114 + operator: In
115 + values:
116 + - k8s-uk-2
117 +
118 +---
119 +kind: PersistentVolume
120 +apiVersion: v1
121 +metadata:
122 + name: behemoth-xwiki-www
123 + namespace: behemoth-wiki
124 + labels:
125 + type: behemoth-xwiki-www
126 +spec:
127 + storageClassName: behemoth-xwiki-www
128 + capacity:
129 + storage: 5Gi
130 + accessModes:
131 + - ReadWriteOnce
132 + hostPath:
133 + path: "/mnt/kubenernetes/behemoth-xwiki/www"
134 + nodeAffinity:
135 + required:
136 + nodeSelectorTerms:
137 + - matchExpressions:
138 + - key: kubernetes.io/hostname
139 + operator: In
140 + values:
141 + - k8s-uk-2
142 +EOF
143 +{{/code}}
144 +
145 +This will create 2 PVs that we'll use later. Notice //nodeAffinity//, linking the deployment to a specific node (the pods can run only at that location, as the PV is defined only there).
146 +
147 +Now we can install XWiki's charts (repo) and download it's //values.yaml// file:
148 +
149 +{{code language="sh" layout="LINENUMBERS" title="# Charts and Values"}}
150 +helm repo add xwiki-helm https://xwiki-contrib.github.io/xwiki-helm
151 +helm repo update xwiki-helm
152 +
153 +curl -LO https://raw.githubusercontent.com/xwiki-contrib/xwiki-helm/master/charts/xwiki/values.yaml
154 +{{/code}}
155 +
156 +Modify the values.yaml file, our example has:
157 +
158 +* Using custom image (so it won't run as //root//).
159 +* Increased memory/core usage allowance.
160 +* Running as UID/GID 30001.
161 +* Dropping all capabilities.
162 +* Using MySQL.
163 +* Enabling persistence.
164 +* Ingress (Nginx).
165 +* TLS (Cert manager)
166 +
167 +You can download our example from the attachment area.
168 +
169 +Once you have your custom [[//values.yaml//>>attach:values.yaml]] file, deploy the app with Helm:
170 +
171 +{{code language="sh" layout="LINENUMBERS" title="# Helm install"}}
172 +helm install --namespace behemoth-wiki --create-namespace \
173 + --values values.yaml \
174 + behemoth-xwiki xwiki-helm/xwiki
175 +{{/code}}
176 +
177 +=== Upgrading ===
178 +
179 +To upgrade XWiki, you should read the content in [[XWiki official Helm pages regarding upgrades>>https://extensions.xwiki.org/xwiki/bin/view/Extension/XWikiHelm/#HUpgrading]].
180 +
181 +Theoretically, if there aren't any breaking changes or prerequisites, you can run:
182 +
183 +{{code language="sh" layout="LINENUMBERS" title="# Helm upgrade"}}
184 +helm upgrade --namespace behemoth-wiki \
185 + --values values.yaml \
186 + behemoth-xwiki xwiki-helm/xwiki
187 +
188 +{{/code}}
189 +
190 +=== Uninstalling ===
191 +
192 +To fully remove XWiki, use the following commands:
193 +
194 +{{code language="sh" layout="LINENUMBERS" title="# Uninstalling"}}
195 +helm uninstall --namespace behemoth-wiki behemoth-xwiki
196 +kubectl -n behemoth-wiki delete pvc/data-behemoth-xwiki-mysql-0
197 +kubectl -n behemoth-wiki delete pvc/xwiki-data-behemoth-xwiki-0
198 +kubectl delete -f pv_storage.yaml
199 +kubectl delete namespace behemoth-wiki
200 +{{/code}}
201 +
202 +This will uninstall the chart, delete the PVCs, delete the PVs and lastly, delete the namespace.
203 +
204 +== Links ==
205 +
206 +1. [[Github - XWiki - Docker>>https://github.com/xwiki/xwiki-docker/]]
207 +1. [[Docker Hub - XWiki - Official>>https://hub.docker.com/_/xwiki]]
208 +1. [[Docker Hub - Behemoth LTD - Custom XWiki Non-root Image>>https://hub.docker.com/repository/docker/behemothil/xwiki-mysql-tomcat-nonroot/general]]
209 +1.
88 88  )))
89 89  
90 90  (% class="col-xs-12 col-sm-4" %)
Dockerfile
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.itzhak
Size
... ... @@ -1,0 +1,1 @@
1 +6.6 KB
Content
... ... @@ -1,0 +1,122 @@
1 +# ---------------------------------------------------------------------------
2 +# See the NOTICE file distributed with this work for additional
3 +# information regarding copyright ownership.
4 +#
5 +# This is free software; you can redistribute it and/or modify it
6 +# under the terms of the GNU Lesser General Public License as
7 +# published by the Free Software Foundation; either version 2.1 of
8 +# the License, or (at your option) any later version.
9 +#
10 +# This software is distributed in the hope that it will be useful,
11 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
12 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 +# Lesser General Public License for more details.
14 +#
15 +# You should have received a copy of the GNU Lesser General Public
16 +# License along with this software; if not, write to the Free
17 +# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18 +# 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19 +# ---------------------------------------------------------------------------
20 +FROM tomcat:9-jre17
21 +
22 +# ____ ____ ____ ____ _ __ _
23 +# |_ _||_ _||_ _| |_ _|(_) [ | _ (_)
24 +# \ \ / / \ \ /\ / / __ | | / ] __
25 +# > `' < \ \/ \/ / [ | | '' < [ |
26 +# _/ /'`\ \_ \ /\ / | | | |`\ \ | |
27 +# |____||____| \/ \/ [___][__| \_][___]
28 +
29 +LABEL org.opencontainers.image.authors='XWiki Development Team <committers@xwiki.org>'
30 +LABEL org.opencontainers.image.url='https://hub.docker.com/_/xwiki'
31 +LABEL org.opencontainers.image.documentation='https://hub.docker.com/_/xwiki'
32 +LABEL org.opencontainers.image.source='https://github.com/xwiki/xwiki-docker.git'
33 +LABEL org.opencontainers.image.vendor='xwiki.org'
34 +LABEL org.opencontainers.image.licenses='LGPL-2.1'
35 +
36 +# Note: when using docker-compose, the ENV values below are overridden from the .env file.
37 +
38 +# Install LibreOffice + other tools
39 +# Note that procps is required to get ps which is used by JODConverter to start LibreOffice
40 +RUN apt-get update && \
41 + apt-get --no-install-recommends -y install \
42 + curl \
43 + libreoffice \
44 + unzip \
45 + procps && \
46 + rm -rf /var/lib/apt/lists/*
47 +
48 +# Install XWiki as the ROOT webapp context in Tomcat
49 +# Create the Tomcat temporary directory
50 +# Configure the XWiki permanent directory
51 +ENV XWIKI_VERSION="16.2.0"
52 +ENV XWIKI_URL_PREFIX "https://maven.xwiki.org/releases/org/xwiki/platform/xwiki-platform-distribution-war/${XWIKI_VERSION}"
53 +ENV XWIKI_DOWNLOAD_SHA256 7d355ae1c88691b19af9658e3f042083d57c08d5e52e1ade25536536ad72fb3f
54 +RUN rm -rf /usr/local/tomcat/webapps/* && \
55 + mkdir -p /usr/local/tomcat/temp && \
56 + mkdir -p /usr/local/xwiki/data && \
57 + curl -fSL "${XWIKI_URL_PREFIX}/xwiki-platform-distribution-war-${XWIKI_VERSION}.war" -o xwiki.war && \
58 + echo "$XWIKI_DOWNLOAD_SHA256 xwiki.war" | sha256sum -c - && \
59 + unzip -d /usr/local/tomcat/webapps/ROOT xwiki.war && \
60 + rm -f xwiki.war
61 +
62 +# Copy the JDBC driver in the XWiki webapp
63 +# We take the database driver version from the Maven Central repository since we want to control the version
64 +# used and have it being consistent with what is tested in the CI.
65 +ENV MYSQL_JDBC_VERSION="8.3.0"
66 +ENV MYSQL_JDBC_SHA256="94e7fa815370cdcefed915db7f53f88445fac110f8c3818392b992ec9ee6d295"
67 +ENV MYSQL_JDBC_PREFIX="https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/${MYSQL_JDBC_VERSION}"
68 +ENV MYSQL_JDBC_ARTIFACT="mysql-connector-j-${MYSQL_JDBC_VERSION}.jar"
69 +ENV MYSQL_JDBC_TARGET="/usr/local/tomcat/webapps/ROOT/WEB-INF/lib/${MYSQL_JDBC_ARTIFACT}"
70 +RUN curl -fSL "${MYSQL_JDBC_PREFIX}/${MYSQL_JDBC_ARTIFACT}" -o $MYSQL_JDBC_TARGET && \
71 + echo "$MYSQL_JDBC_SHA256 $MYSQL_JDBC_TARGET" | sha256sum -c -
72 +
73 +# Configure Tomcat. For example set the memory for the Tomcat JVM since the default value is too small for XWiki
74 +COPY tomcat/setenv.sh /usr/local/tomcat/bin/
75 +
76 +# Setup the XWiki Hibernate configuration
77 +COPY xwiki/hibernate.cfg.xml /usr/local/tomcat/webapps/ROOT/WEB-INF/hibernate.cfg.xml
78 +
79 +# Set a specific distribution id in XWiki for this docker packaging.
80 +RUN sed -i 's/<id>org.xwiki.platform:xwiki-platform-distribution-war/<id>org.xwiki.platform:xwiki-platform-distribution-docker/' \
81 + /usr/local/tomcat/webapps/ROOT/META-INF/extension.xed
82 +
83 +# Add scripts required to make changes to XWiki configuration files at execution time
84 +# Note: we don't run CHMOD since 1) it's not required since the executabe bit is already set in git and 2) running
85 +# CHMOD after a COPY will sometimes fail, depending on different host-specific factors (especially on AUFS).
86 +COPY xwiki/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
87 +
88 +# Make the XWiki directory (the permanent directory is included in it) persist on the host (so that it's not recreated
89 +# across runs)
90 +VOLUME /usr/local/xwiki
91 +
92 +# Added by Behemoth LTD - Apr 28th, 2024
93 +# Fixing permissions error when using non-root user/group (30001:30001) to start the app
94 +RUN chown -R 30001:30001 /usr/local/tomcat/webapps
95 +USER 30001:30001
96 +
97 +# At this point the image is done and what remains below are the runtime configuration used by the user to configure
98 +# the container that will be created out of the image. Namely the user can override some environment variables with
99 +# docker run -e "var1=val1" -e "var2=val2" ...
100 +# The supported environment variables that can be overridden are:
101 +# - DB_USER: the name of the user configured for XWiki in the DB. Default is "xwiki". This is used to configure
102 +# xwiki's hibernate.cfg.xml file.
103 +# - DB_PASSWORD: the password for the user configured for XWiki in the DB. Default is "xwiki". This is used to
104 +# configure xwiki's hibernate.cfg.xml file.
105 +# - DB_DATABASE: the name of the database to use. Default is "xwiki". This is used to configure xwiki's
106 +# hibernate.cfg.xml file.
107 +# - DB_HOST: The name of the host (or docker container) containing the database. Default is "db". This is used to
108 +# configure xwiki's hibernate.cfg.xml file.
109 +# - CONTEXT_PATH: The name of the context path under which XWiki will be deployed in Tomcat. If not specified then it'll
110 +# be deployed as ROOT.
111 +# - JDBC_PARAMS: Replaces the default JDBC parameters with the passed ones.
112 +
113 +# Example:
114 +# docker run -it -e "DB_USER=xwiki" -e "DB_PASSWORD=xwiki" <imagename>
115 +
116 +# Starts XWiki by starting Tomcat. All options passed to "docker run [OPTIONS] IMAGE[:TAG|@DIGEST] [COMMAND] [ARG...]"
117 +# are also passed to docker-entrypoint.sh. If "xwiki" is passed then XWiki will be configured the first time the
118 +# container executes and Tomcat will be started. If some other parameter is passed then it'll be executed to comply
119 +# with best practices defined at https://github.com/docker-library/official-images#consistency.
120 +ENTRYPOINT ["docker-entrypoint.sh"]
121 +CMD ["xwiki"]
122 +
pv_storage.yaml
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.itzhak
Size
... ... @@ -1,0 +1,1 @@
1 +999 bytes
Content
... ... @@ -1,0 +1,50 @@
1 +---
2 +kind: PersistentVolume
3 +apiVersion: v1
4 +metadata:
5 + name: behemoth-xwiki-db
6 + namespace: behemoth-wiki
7 + labels:
8 + type: behemoth-xwiki-db
9 +spec:
10 + storageClassName: behemoth-xwiki-db
11 + capacity:
12 + storage: 5Gi
13 + accessModes:
14 + - ReadWriteOnce
15 + hostPath:
16 + path: "/mnt/kubenernetes/behemoth-xwiki/db"
17 + nodeAffinity:
18 + required:
19 + nodeSelectorTerms:
20 + - matchExpressions:
21 + - key: kubernetes.io/hostname
22 + operator: In
23 + values:
24 + - k8s-2
25 +
26 +---
27 +kind: PersistentVolume
28 +apiVersion: v1
29 +metadata:
30 + name: behemoth-xwiki-www
31 + namespace: behemoth-wiki
32 + labels:
33 + type: behemoth-xwiki-www
34 +spec:
35 + storageClassName: behemoth-xwiki-www
36 + capacity:
37 + storage: 5Gi
38 + accessModes:
39 + - ReadWriteOnce
40 + hostPath:
41 + path: "/mnt/kubenernetes/behemoth-xwiki/www"
42 + nodeAffinity:
43 + required:
44 + nodeSelectorTerms:
45 + - matchExpressions:
46 + - key: kubernetes.io/hostname
47 + operator: In
48 + values:
49 + - k8s-2
50 +
values.yaml
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.itzhak
Size
... ... @@ -1,0 +1,1 @@
1 +4.1 KB
Content
... ... @@ -1,0 +1,201 @@
1 +cluster:
2 + enabled: false
3 +
4 +image:
5 + name: xwiki
6 + pullPolicy: IfNotPresent
7 + name: "behemothil/xwiki-mysql-tomcat-nonroot"
8 + tag: "16.2.0-1"
9 +service:
10 + portName: node
11 + name: http
12 + type: ClusterIP
13 + externalPort: 80
14 + internalPort: 8080
15 + externalIPs: []
16 + sessionAffinity: ClientIP
17 +resources:
18 + limits:
19 + cpu: 4500m
20 + memory: 6144Mi
21 + requests:
22 + cpu: 1000m
23 + memory: 1024Mi
24 +
25 +javaOpts:
26 + - -Xms1024m
27 + - -Xmx6000m
28 +
29 +workloadStateful: true
30 +
31 +securityContext:
32 + enabled: true
33 + runAsUser: 30001
34 + runAsGroup: 30001
35 + fsGroup: 30001
36 +
37 +containerSecurityContext:
38 + enabled: true
39 + runAsUser: 30001
40 + runAsGroup: 30001
41 + runAsNonRoot: true
42 + allowPrivilegeEscalation: false
43 + capabilities:
44 + drop: ["ALL"]
45 + seccompProfile:
46 + type: "RuntimeDefault"
47 +
48 +volumePermissions:
49 + containerSecurityContext:
50 + enabled: false
51 + runAsUser: 30001
52 + runAsGroup: 30001
53 + seccompProfile:
54 + type: "RuntimeDefault"
55 + enabled: true
56 +
57 +mysql:
58 + enabled: true
59 + image:
60 + tag: "8.0-debian-12"
61 + pullPolicy: "IfNotPresent"
62 + auth:
63 + rootPassword: "ROOT_PASSWORD_CHANGEME !!!"
64 + username: "USERNAME_CHANGEME !!!"
65 + password: "USER_PASSWORD_CHANGEME !!!"
66 + database: "DB_NAME_CHANGEME !!!"
67 + initdbScripts:
68 + 00-init.sql: |
69 + grant all privileges on *.* to xwiki@'%'
70 + primary:
71 + configuration: |-
72 + [mysqld]
73 + default_authentication_plugin=mysql_native_password
74 + skip-name-resolve
75 + explicit_defaults_for_timestamp
76 + basedir=/opt/bitnami/mysql
77 + plugin_dir=/opt/bitnami/mysql/lib/plugin
78 + port=3306
79 + socket=/opt/bitnami/mysql/tmp/mysql.sock
80 + datadir=/bitnami/mysql/data
81 + tmpdir=/opt/bitnami/mysql/tmp
82 + max_allowed_packet=16M
83 + bind-address=*
84 + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
85 + log-error=/opt/bitnami/mysql/logs/mysqld.log
86 + character-set-server=UTF8MB4
87 + collation-server=utf8mb4_0900_ai_ci
88 + slow_query_log=0
89 + slow_query_log_file=/opt/bitnami/mysql/logs/mysqld.log
90 + long_query_time=10.0
91 +
92 + [client]
93 + port=3306
94 + socket=/opt/bitnami/mysql/tmp/mysql.sock
95 + default-character-set=UTF8MB4
96 + plugin_dir=/opt/bitnami/mysql/lib/plugin
97 +
98 + [manager]
99 + port=3306
100 + socket=/opt/bitnami/mysql/tmp/mysql.sock
101 + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid
102 + persistence:
103 + enabled: true
104 + storageClass: "behemoth-xwiki-db"
105 + accessModes:
106 + - ReadWriteOnce
107 + size: "5Gi"
108 + containerSecurityContext:
109 + enabled: true
110 + seLinuxOptions: {}
111 + runAsUser: 30001
112 + runAsGroup: 0
113 + fsGroup: 30001
114 + runAsNonRoot: false
115 + allowPrivilegeEscalation: false
116 + capabilities:
117 + drop: ["ALL"]
118 + seccompProfile:
119 + type: "RuntimeDefault"
120 +
121 +ingress:
122 + enabled: true
123 + className: nginx
124 + annotations:
125 + kubernetes.io/ingress.class: nginx
126 + cert-manager.io/cluster-issuer: letsencrypt-prod
127 + hosts:
128 + - host: wiki.behemoth.co.il
129 + paths:
130 + - path: /
131 + pathType: ImplementationSpecific
132 + tls:
133 + - secretName: wiki-behemoth-tls
134 + hosts:
135 + - wiki.behemoth.co.il
136 +
137 +persistence:
138 + enabled: true
139 + storageClass: "behemoth-xwiki-www"
140 + accessModes:
141 + - ReadWriteOnce
142 + size: "5Gi"
143 +
144 +probes:
145 + startup:
146 + enabled: true
147 + httpGet:
148 + enabled: false
149 + path: /
150 + initialDelaySeconds: 120
151 + timeoutSeconds: 60
152 + periodSeconds: 30
153 + failureThreshold: 5
154 + successThreshold: 1
155 + liveness:
156 + enabled: true
157 + httpGet:
158 + enabled: true
159 + path: /rest
160 + initialDelaySeconds: 30
161 + timeoutSeconds: 3
162 + periodSeconds: 30
163 + failureThreshold: 10
164 + successThreshold: 1
165 + readiness:
166 + enabled: true
167 + httpGet:
168 + enabled: true
169 + path: /rest/wikis/xwiki/spaces
170 + initialDelaySeconds: 30
171 + timeoutSeconds: 3
172 + periodSeconds: 30
173 + failureThreshold: 10
174 + successThreshold: 1
175 +
176 +prometheus:
177 + javaagent:
178 + # https://github.com/prometheus/jmx_exporter
179 + # Enable to download and use this agent
180 + enabled: true
181 +
182 +podDisruptionBudget:
183 + enabled: false
184 +
185 +solr:
186 + enabled: false
187 +istio:
188 + enabled: false
189 +
190 +glowroot:
191 + enabled: false
192 +
193 +logback:
194 + enabled: false
195 +
196 +autoscaling:
197 + enabled: false
198 +
199 +infinispan:
200 + enabled: false
201 +