diff --git a/charts/incubator/linkace/Chart.yaml b/charts/incubator/linkace/Chart.yaml index d5d410d67d5..c668b342593 100644 --- a/charts/incubator/linkace/Chart.yaml +++ b/charts/incubator/linkace/Chart.yaml @@ -27,7 +27,7 @@ sources: - https://www.linkace.org/docs/ - https://github.com/linkace/linkace - https://hub.docker.com/r/linkace/linkace -version: 0.0.1 +version: 0.0.2 annotations: truecharts.org/catagories: | - media diff --git a/charts/incubator/linkace/questions.yaml b/charts/incubator/linkace/questions.yaml index 1dcb3cb55a9..e148aa27d4e 100644 --- a/charts/incubator/linkace/questions.yaml +++ b/charts/incubator/linkace/questions.yaml @@ -310,92 +310,6 @@ questions: additional_attrs: true type: dict attrs: - - variable: app - label: "App Storage" - description: "Stores the Application." - schema: - additional_attrs: true - type: dict - attrs: - - variable: type - label: "Type of Storage" - description: "Sets the persistence type, Anything other than PVC could break rollback!" - schema: - type: string - default: "simplePVC" - enum: - - value: "simplePVC" - description: "PVC (simple)" - - value: "simpleHP" - description: "HostPath (simple)" - - value: "emptyDir" - description: "emptyDir" - - value: "pvc" - description: "pvc" - - value: "hostPath" - description: "hostPath" -# Include{persistenceBasic} - - variable: hostPath - label: "hostPath" - description: "Path inside the container the storage is mounted" - schema: - show_if: [["type", "=", "hostPath"]] - type: hostpath - - variable: medium - label: "EmptyDir Medium" - schema: - show_if: [["type", "=", "emptyDir"]] - type: string - default: "" - enum: - - value: "" - description: "Default" - - value: "Memory" - description: "Memory" -# Include{persistenceAdvanced} - - variable: logs - label: "App Log Storage" - description: "Stores the Application Logs." - schema: - additional_attrs: true - type: dict - attrs: - - variable: type - label: "Type of Storage" - description: "Sets the persistence type, Anything other than PVC could break rollback!" - schema: - type: string - default: "simplePVC" - enum: - - value: "simplePVC" - description: "PVC (simple)" - - value: "simpleHP" - description: "HostPath (simple)" - - value: "emptyDir" - description: "emptyDir" - - value: "pvc" - description: "pvc" - - value: "hostPath" - description: "hostPath" -# Include{persistenceBasic} - - variable: hostPath - label: "hostPath" - description: "Path inside the container the storage is mounted" - schema: - show_if: [["type", "=", "hostPath"]] - type: hostpath - - variable: medium - label: "EmptyDir Medium" - schema: - show_if: [["type", "=", "emptyDir"]] - type: string - default: "" - enum: - - value: "" - description: "Default" - - value: "Memory" - description: "Memory" -# Include{persistenceAdvanced} - variable: backups label: "App Backup Storage" description: "Stores the Application Backup." @@ -488,7 +402,7 @@ questions: label: "ReadOnly Root Filesystem" schema: type: boolean - default: true + default: false - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: diff --git a/charts/incubator/linkace/templates/common.yaml b/charts/incubator/linkace/templates/common.yaml index bc265dfb097..27ee87e65d0 100644 --- a/charts/incubator/linkace/templates/common.yaml +++ b/charts/incubator/linkace/templates/common.yaml @@ -1,23 +1,9 @@ {{/* Make sure all variables are set properly */}} {{ include "common.setup" . }} -{{/* Append the general configMap volume to the volumes */}} -{{- define "linkace.harcodedValues" -}} -persistence: - linkace-config: - enabled: "true" - mountPath: "/etc/nginx/conf.d/linkace.conf" - subPath: "nginx-config" - type: "custom" - volumeSpec: - configMap: - name: {{ printf "%v-config" (include "common.names.fullname" .) }} -{{- end -}} -{{- $_ := mergeOverwrite .Values (include "linkace.harcodedValues" . | fromYaml) -}} +{{ include "linkace.cronjob" . }} -{{- include "linkace.cronjob" . }} - -{{- include "linkace.secrets" . }} +{{ include "linkace.secrets" . }} {{/* Render the templates */}} {{ include "common.postSetup" . }} diff --git a/charts/incubator/linkace/templates/configmap.yaml b/charts/incubator/linkace/templates/configmap.yaml deleted file mode 100644 index 7a84cf9ab31..00000000000 --- a/charts/incubator/linkace/templates/configmap.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "common.names.fullname" . }}-config - labels: - {{- include "common.labels" . | nindent 4 }} -data: - nginx-config: |- - server { - root /app/public; - server_name _; - index index.php; - charset utf-8; - client_max_body_size 20M; - port_in_redirect off; - - # Choose the connection method - listen 0.0.0.0:8080; - - # Content security headers for Laravel - add_header X-Frame-Options "SAMEORIGIN"; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Content-Type-Options "nosniff"; - - # Gzip - gzip on; - gzip_vary on; - gzip_comp_level 8; - gzip_min_length 256; - gzip_proxied expired no-cache no-store private auth; - gzip_types application/javascript application/x-javascript application/xhtml+xml font/woff font/woff2 image/svg+xml image/x-icon text/css text/javascript text/plain text/xml; - - # Location configs - location / { - try_files $uri $uri/ /index.php?$query_string; - } - - # Assets and media files - location ~* \.(?:css|js|map|scss|jpg|jpeg|png|gif|mp4|woff|woff2|ico|svg|webmanifest)$ { - expires max; - access_log off; - add_header Cache-Control "public"; - try_files $uri =404; - } - - location = /favicon.ico { access_log off; log_not_found off; } - location = /robots.txt { access_log off; log_not_found off; } - - # Error pages - error_page 404 /index.php; - error_page 403 /index.php; - - # PHP handling - location ~ \.php$ { - fastcgi_pass localhost:9000; - - try_files $uri /index.php; - include fastcgi_params; - fastcgi_keep_conn on; - fastcgi_intercept_errors on; - fastcgi_index index.php; - fastcgi_read_timeout 300; - } - } diff --git a/charts/incubator/linkace/values.yaml b/charts/incubator/linkace/values.yaml index ffe6c9420a2..2d9f0e08ffb 100644 --- a/charts/incubator/linkace/values.yaml +++ b/charts/incubator/linkace/values.yaml @@ -1,13 +1,10 @@ image: repository: tccr.io/truecharts/linkace - tag: v1.9.1@sha256:d56fa76113e3e5ab0889a13bdfb463d12b71b3e2ec839a8ff6fa99ec036be862 + tag: v1.9.1@sha256:88923f556900b0c6b79ea978e3692c690c0a6f9c28d048f2067a803095de1ef1 pullPolicy: IfNotPresent -nginxImage: - repository: tccr.io/truecharts/nginx - tag: v1.21.6@sha256:80d87a1d4d67749d2caaa64ee061a66a946b81942ac56f4780e36f8356cee371 - securityContext: + readOnlyRootFilesystem: false runAsNonRoot: false podSecurityContext: @@ -57,26 +54,22 @@ envValueFrom: name: linkace-secrets key: APP_KEY -additionalContainers: - nginx: - name: nginx - image: "{{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}" - ports: - - containerPort: 80 - name: main - volumeMounts: - - name: linkace-config - mountPath: "/etc/nginx/conf.d/linkace.conf" - subPath: nginx-config - readOnly: true - - name: app - mountPath: "/app" - initContainers: +# Copy app to a temp folder as we gonna need it, so we can create the ".env" file in there. + 1-copy-app: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + volumeMounts: + - name: app + mountPath: "/tmp" + command: ["/bin/sh", "-c"] + args: + - > + echo "Copying app..."; + cp -R /app/* /tmp/; # App checks ".env" for "SETUP_COMPELTED" status, to determine if it needs to run initial setup or not. # We create this file and set it to false if it doesn't exists. # If it exists, we let the app decide it's value (true|false) and how to proceed. - 1-create-env-file: + 2-create-env-file: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" volumeMounts: - name: app @@ -88,12 +81,33 @@ initContainers: then echo "Preparing for initial installation"; echo "SETUP_COMPLETED=false" > /app/.env; + echo "File .env created."; else echo "Initial installation has already completed."; fi; +# App does not like 775 perms on dirs.. So we have to set 777 + 3-chmod: + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + volumeMounts: + - name: app + mountPath: "/app" + - name: logs + mountPath: "/app/storage/logs" + - name: backups + mountPath: "/app/storage/app/backups" + command: ["/bin/sh", "-c"] + args: + - > + echo "CHMOD-ing files..."; + chmod -R 777 /app; + chmod -R 777 /app/storage/logs; + chmod -R 777 /app/storage/app/backups; + echo "CHMOD Complete"; +# Set cron every 15 min, official docs says every minute, but seems excesive. +# It just checks for dead links and sends a request to WayBack Machine to archive. cronjob: - schedule: "* * * * *" + schedule: "*/15 * * * *" annotations: {} failedJobsHistoryLimit: 5 successfulJobsHistoryLimit: 2