fix(linkace): Overhaul setup (#1890)

* fix(linkace): Overhaul setup

* also remove logs from gui, as the app is very picky with perms

* update image

* its sha256
This commit is contained in:
Stavros Kois 2022-02-14 00:02:37 +02:00 committed by GitHub
parent dc51294bfb
commit 11e6d87362
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 40 additions and 191 deletions

View File

@ -27,7 +27,7 @@ sources:
- https://www.linkace.org/docs/
- https://github.com/linkace/linkace
- https://hub.docker.com/r/linkace/linkace
version: 0.0.1
version: 0.0.2
annotations:
truecharts.org/catagories: |
- media

View File

@ -310,92 +310,6 @@ questions:
additional_attrs: true
type: dict
attrs:
- variable: app
label: "App Storage"
description: "Stores the Application."
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "simpleHP"
description: "HostPath (simple)"
- value: "emptyDir"
description: "emptyDir"
- value: "pvc"
description: "pvc"
- value: "hostPath"
description: "hostPath"
# Include{persistenceBasic}
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
# Include{persistenceAdvanced}
- variable: logs
label: "App Log Storage"
description: "Stores the Application Logs."
schema:
additional_attrs: true
type: dict
attrs:
- variable: type
label: "Type of Storage"
description: "Sets the persistence type, Anything other than PVC could break rollback!"
schema:
type: string
default: "simplePVC"
enum:
- value: "simplePVC"
description: "PVC (simple)"
- value: "simpleHP"
description: "HostPath (simple)"
- value: "emptyDir"
description: "emptyDir"
- value: "pvc"
description: "pvc"
- value: "hostPath"
description: "hostPath"
# Include{persistenceBasic}
- variable: hostPath
label: "hostPath"
description: "Path inside the container the storage is mounted"
schema:
show_if: [["type", "=", "hostPath"]]
type: hostpath
- variable: medium
label: "EmptyDir Medium"
schema:
show_if: [["type", "=", "emptyDir"]]
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "Memory"
description: "Memory"
# Include{persistenceAdvanced}
- variable: backups
label: "App Backup Storage"
description: "Stores the Application Backup."
@ -488,7 +402,7 @@ questions:
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: true
default: false
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:

View File

@ -1,23 +1,9 @@
{{/* Make sure all variables are set properly */}}
{{ include "common.setup" . }}
{{/* Append the general configMap volume to the volumes */}}
{{- define "linkace.harcodedValues" -}}
persistence:
linkace-config:
enabled: "true"
mountPath: "/etc/nginx/conf.d/linkace.conf"
subPath: "nginx-config"
type: "custom"
volumeSpec:
configMap:
name: {{ printf "%v-config" (include "common.names.fullname" .) }}
{{- end -}}
{{- $_ := mergeOverwrite .Values (include "linkace.harcodedValues" . | fromYaml) -}}
{{ include "linkace.cronjob" . }}
{{- include "linkace.cronjob" . }}
{{- include "linkace.secrets" . }}
{{ include "linkace.secrets" . }}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}

View File

@ -1,65 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}-config
labels:
{{- include "common.labels" . | nindent 4 }}
data:
nginx-config: |-
server {
root /app/public;
server_name _;
index index.php;
charset utf-8;
client_max_body_size 20M;
port_in_redirect off;
# Choose the connection method
listen 0.0.0.0:8080;
# Content security headers for Laravel
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# Gzip
gzip on;
gzip_vary on;
gzip_comp_level 8;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private auth;
gzip_types application/javascript application/x-javascript application/xhtml+xml font/woff font/woff2 image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;
# Location configs
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# Assets and media files
location ~* \.(?:css|js|map|scss|jpg|jpeg|png|gif|mp4|woff|woff2|ico|svg|webmanifest)$ {
expires max;
access_log off;
add_header Cache-Control "public";
try_files $uri =404;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
# Error pages
error_page 404 /index.php;
error_page 403 /index.php;
# PHP handling
location ~ \.php$ {
fastcgi_pass localhost:9000;
try_files $uri /index.php;
include fastcgi_params;
fastcgi_keep_conn on;
fastcgi_intercept_errors on;
fastcgi_index index.php;
fastcgi_read_timeout 300;
}
}

View File

@ -1,13 +1,10 @@
image:
repository: tccr.io/truecharts/linkace
tag: v1.9.1@sha256:d56fa76113e3e5ab0889a13bdfb463d12b71b3e2ec839a8ff6fa99ec036be862
tag: v1.9.1@sha256:88923f556900b0c6b79ea978e3692c690c0a6f9c28d048f2067a803095de1ef1
pullPolicy: IfNotPresent
nginxImage:
repository: tccr.io/truecharts/nginx
tag: v1.21.6@sha256:80d87a1d4d67749d2caaa64ee061a66a946b81942ac56f4780e36f8356cee371
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
podSecurityContext:
@ -57,26 +54,22 @@ envValueFrom:
name: linkace-secrets
key: APP_KEY
additionalContainers:
nginx:
name: nginx
image: "{{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}"
ports:
- containerPort: 80
name: main
volumeMounts:
- name: linkace-config
mountPath: "/etc/nginx/conf.d/linkace.conf"
subPath: nginx-config
readOnly: true
- name: app
mountPath: "/app"
initContainers:
# Copy app to a temp folder as we gonna need it, so we can create the ".env" file in there.
1-copy-app:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
volumeMounts:
- name: app
mountPath: "/tmp"
command: ["/bin/sh", "-c"]
args:
- >
echo "Copying app...";
cp -R /app/* /tmp/;
# App checks ".env" for "SETUP_COMPELTED" status, to determine if it needs to run initial setup or not.
# We create this file and set it to false if it doesn't exists.
# If it exists, we let the app decide it's value (true|false) and how to proceed.
1-create-env-file:
2-create-env-file:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
volumeMounts:
- name: app
@ -88,12 +81,33 @@ initContainers:
then
echo "Preparing for initial installation";
echo "SETUP_COMPLETED=false" > /app/.env;
echo "File .env created.";
else
echo "Initial installation has already completed.";
fi;
# App does not like 775 perms on dirs.. So we have to set 777
3-chmod:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
volumeMounts:
- name: app
mountPath: "/app"
- name: logs
mountPath: "/app/storage/logs"
- name: backups
mountPath: "/app/storage/app/backups"
command: ["/bin/sh", "-c"]
args:
- >
echo "CHMOD-ing files...";
chmod -R 777 /app;
chmod -R 777 /app/storage/logs;
chmod -R 777 /app/storage/app/backups;
echo "CHMOD Complete";
# Set cron every 15 min, official docs says every minute, but seems excesive.
# It just checks for dead links and sends a request to WayBack Machine to archive.
cronjob:
schedule: "* * * * *"
schedule: "*/15 * * * *"
annotations: {}
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 2