fix(linkace): Overhaul setup (#1890)
* fix(linkace): Overhaul setup * also remove logs from gui, as the app is very picky with perms * update image * its sha256
This commit is contained in:
parent
dc51294bfb
commit
11e6d87362
|
@ -27,7 +27,7 @@ sources:
|
|||
- https://www.linkace.org/docs/
|
||||
- https://github.com/linkace/linkace
|
||||
- https://hub.docker.com/r/linkace/linkace
|
||||
version: 0.0.1
|
||||
version: 0.0.2
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
|
|
|
@ -310,92 +310,6 @@ questions:
|
|||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: app
|
||||
label: "App Storage"
|
||||
description: "Stores the Application."
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: type
|
||||
label: "Type of Storage"
|
||||
description: "Sets the persistence type, Anything other than PVC could break rollback!"
|
||||
schema:
|
||||
type: string
|
||||
default: "simplePVC"
|
||||
enum:
|
||||
- value: "simplePVC"
|
||||
description: "PVC (simple)"
|
||||
- value: "simpleHP"
|
||||
description: "HostPath (simple)"
|
||||
- value: "emptyDir"
|
||||
description: "emptyDir"
|
||||
- value: "pvc"
|
||||
description: "pvc"
|
||||
- value: "hostPath"
|
||||
description: "hostPath"
|
||||
# Include{persistenceBasic}
|
||||
- variable: hostPath
|
||||
label: "hostPath"
|
||||
description: "Path inside the container the storage is mounted"
|
||||
schema:
|
||||
show_if: [["type", "=", "hostPath"]]
|
||||
type: hostpath
|
||||
- variable: medium
|
||||
label: "EmptyDir Medium"
|
||||
schema:
|
||||
show_if: [["type", "=", "emptyDir"]]
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "Memory"
|
||||
description: "Memory"
|
||||
# Include{persistenceAdvanced}
|
||||
- variable: logs
|
||||
label: "App Log Storage"
|
||||
description: "Stores the Application Logs."
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: type
|
||||
label: "Type of Storage"
|
||||
description: "Sets the persistence type, Anything other than PVC could break rollback!"
|
||||
schema:
|
||||
type: string
|
||||
default: "simplePVC"
|
||||
enum:
|
||||
- value: "simplePVC"
|
||||
description: "PVC (simple)"
|
||||
- value: "simpleHP"
|
||||
description: "HostPath (simple)"
|
||||
- value: "emptyDir"
|
||||
description: "emptyDir"
|
||||
- value: "pvc"
|
||||
description: "pvc"
|
||||
- value: "hostPath"
|
||||
description: "hostPath"
|
||||
# Include{persistenceBasic}
|
||||
- variable: hostPath
|
||||
label: "hostPath"
|
||||
description: "Path inside the container the storage is mounted"
|
||||
schema:
|
||||
show_if: [["type", "=", "hostPath"]]
|
||||
type: hostpath
|
||||
- variable: medium
|
||||
label: "EmptyDir Medium"
|
||||
schema:
|
||||
show_if: [["type", "=", "emptyDir"]]
|
||||
type: string
|
||||
default: ""
|
||||
enum:
|
||||
- value: ""
|
||||
description: "Default"
|
||||
- value: "Memory"
|
||||
description: "Memory"
|
||||
# Include{persistenceAdvanced}
|
||||
- variable: backups
|
||||
label: "App Backup Storage"
|
||||
description: "Stores the Application Backup."
|
||||
|
@ -488,7 +402,7 @@ questions:
|
|||
label: "ReadOnly Root Filesystem"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
default: false
|
||||
- variable: allowPrivilegeEscalation
|
||||
label: "Allow Privilege Escalation"
|
||||
schema:
|
||||
|
|
|
@ -1,23 +1,9 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{ include "common.setup" . }}
|
||||
|
||||
{{/* Append the general configMap volume to the volumes */}}
|
||||
{{- define "linkace.harcodedValues" -}}
|
||||
persistence:
|
||||
linkace-config:
|
||||
enabled: "true"
|
||||
mountPath: "/etc/nginx/conf.d/linkace.conf"
|
||||
subPath: "nginx-config"
|
||||
type: "custom"
|
||||
volumeSpec:
|
||||
configMap:
|
||||
name: {{ printf "%v-config" (include "common.names.fullname" .) }}
|
||||
{{- end -}}
|
||||
{{- $_ := mergeOverwrite .Values (include "linkace.harcodedValues" . | fromYaml) -}}
|
||||
{{ include "linkace.cronjob" . }}
|
||||
|
||||
{{- include "linkace.cronjob" . }}
|
||||
|
||||
{{- include "linkace.secrets" . }}
|
||||
{{ include "linkace.secrets" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "common.postSetup" . }}
|
||||
|
|
|
@ -1,65 +0,0 @@
|
|||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "common.names.fullname" . }}-config
|
||||
labels:
|
||||
{{- include "common.labels" . | nindent 4 }}
|
||||
data:
|
||||
nginx-config: |-
|
||||
server {
|
||||
root /app/public;
|
||||
server_name _;
|
||||
index index.php;
|
||||
charset utf-8;
|
||||
client_max_body_size 20M;
|
||||
port_in_redirect off;
|
||||
|
||||
# Choose the connection method
|
||||
listen 0.0.0.0:8080;
|
||||
|
||||
# Content security headers for Laravel
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
|
||||
# Gzip
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 8;
|
||||
gzip_min_length 256;
|
||||
gzip_proxied expired no-cache no-store private auth;
|
||||
gzip_types application/javascript application/x-javascript application/xhtml+xml font/woff font/woff2 image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;
|
||||
|
||||
# Location configs
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
}
|
||||
|
||||
# Assets and media files
|
||||
location ~* \.(?:css|js|map|scss|jpg|jpeg|png|gif|mp4|woff|woff2|ico|svg|webmanifest)$ {
|
||||
expires max;
|
||||
access_log off;
|
||||
add_header Cache-Control "public";
|
||||
try_files $uri =404;
|
||||
}
|
||||
|
||||
location = /favicon.ico { access_log off; log_not_found off; }
|
||||
location = /robots.txt { access_log off; log_not_found off; }
|
||||
|
||||
# Error pages
|
||||
error_page 404 /index.php;
|
||||
error_page 403 /index.php;
|
||||
|
||||
# PHP handling
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass localhost:9000;
|
||||
|
||||
try_files $uri /index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_keep_conn on;
|
||||
fastcgi_intercept_errors on;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_read_timeout 300;
|
||||
}
|
||||
}
|
|
@ -1,13 +1,10 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/linkace
|
||||
tag: v1.9.1@sha256:d56fa76113e3e5ab0889a13bdfb463d12b71b3e2ec839a8ff6fa99ec036be862
|
||||
tag: v1.9.1@sha256:88923f556900b0c6b79ea978e3692c690c0a6f9c28d048f2067a803095de1ef1
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
nginxImage:
|
||||
repository: tccr.io/truecharts/nginx
|
||||
tag: v1.21.6@sha256:80d87a1d4d67749d2caaa64ee061a66a946b81942ac56f4780e36f8356cee371
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
|
@ -57,26 +54,22 @@ envValueFrom:
|
|||
name: linkace-secrets
|
||||
key: APP_KEY
|
||||
|
||||
additionalContainers:
|
||||
nginx:
|
||||
name: nginx
|
||||
image: "{{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}"
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: main
|
||||
volumeMounts:
|
||||
- name: linkace-config
|
||||
mountPath: "/etc/nginx/conf.d/linkace.conf"
|
||||
subPath: nginx-config
|
||||
readOnly: true
|
||||
- name: app
|
||||
mountPath: "/app"
|
||||
|
||||
initContainers:
|
||||
# Copy app to a temp folder as we gonna need it, so we can create the ".env" file in there.
|
||||
1-copy-app:
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
volumeMounts:
|
||||
- name: app
|
||||
mountPath: "/tmp"
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- >
|
||||
echo "Copying app...";
|
||||
cp -R /app/* /tmp/;
|
||||
# App checks ".env" for "SETUP_COMPELTED" status, to determine if it needs to run initial setup or not.
|
||||
# We create this file and set it to false if it doesn't exists.
|
||||
# If it exists, we let the app decide it's value (true|false) and how to proceed.
|
||||
1-create-env-file:
|
||||
2-create-env-file:
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
volumeMounts:
|
||||
- name: app
|
||||
|
@ -88,12 +81,33 @@ initContainers:
|
|||
then
|
||||
echo "Preparing for initial installation";
|
||||
echo "SETUP_COMPLETED=false" > /app/.env;
|
||||
echo "File .env created.";
|
||||
else
|
||||
echo "Initial installation has already completed.";
|
||||
fi;
|
||||
# App does not like 775 perms on dirs.. So we have to set 777
|
||||
3-chmod:
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
volumeMounts:
|
||||
- name: app
|
||||
mountPath: "/app"
|
||||
- name: logs
|
||||
mountPath: "/app/storage/logs"
|
||||
- name: backups
|
||||
mountPath: "/app/storage/app/backups"
|
||||
command: ["/bin/sh", "-c"]
|
||||
args:
|
||||
- >
|
||||
echo "CHMOD-ing files...";
|
||||
chmod -R 777 /app;
|
||||
chmod -R 777 /app/storage/logs;
|
||||
chmod -R 777 /app/storage/app/backups;
|
||||
echo "CHMOD Complete";
|
||||
|
||||
# Set cron every 15 min, official docs says every minute, but seems excesive.
|
||||
# It just checks for dead links and sends a request to WayBack Machine to archive.
|
||||
cronjob:
|
||||
schedule: "* * * * *"
|
||||
schedule: "*/15 * * * *"
|
||||
annotations: {}
|
||||
failedJobsHistoryLimit: 5
|
||||
successfulJobsHistoryLimit: 2
|
||||
|
|
Loading…
Reference in New Issue