feat(grist): BREAKING CHANGE - rework, adds postgres and more options (#4106)

* feat(grist): rework, adds postgres and more options

* update UI

* fix configmap

* nousername

* add few more opts
This commit is contained in:
Stavros Kois 2022-10-16 01:26:51 +03:00 committed by GitHub
parent 176f4b59de
commit 4a96288952
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 388 additions and 152 deletions

View File

@ -4,6 +4,10 @@ dependencies:
- name: common - name: common
repository: https://library-charts.truecharts.org repository: https://library-charts.truecharts.org
version: 10.7.0 version: 10.7.0
- condition: postgresql.enabled
name: postgresql
repository: https://charts.truecharts.org/
version: 8.0.97
- condition: redis.enabled - condition: redis.enabled
name: redis name: redis
repository: https://charts.truecharts.org repository: https://charts.truecharts.org
@ -26,7 +30,7 @@ sources:
- https://hub.docker.com/r/gristlabs/grist - https://hub.docker.com/r/gristlabs/grist
- https://github.com/gristlabs/grist-core - https://github.com/gristlabs/grist-core
- https://support.getgrist.com/ - https://support.getgrist.com/
version: 3.0.44 version: 4.0.0
annotations: annotations:
truecharts.org/catagories: | truecharts.org/catagories: |
- productivity - productivity

View File

@ -12,135 +12,218 @@ questions:
# Include{recreate} # Include{recreate}
# Include{controllerExpert} # Include{controllerExpert}
# Include{controllerExpertExtraArgs} # Include{controllerExpertExtraArgs}
- variable: env - variable: grist
group: "Container Configuration" group: Container Configuration
label: "Image Environment" label: Grist Configuration
schema: schema:
additional_attrs: true additional_attrs: true
type: dict type: dict
attrs: attrs:
- variable: GRIST_DEFAULT_EMAIL - variable: domain
label: "GRIST_DEFAULT_EMAIL" label: Domain
description: "If set, login as this user if no other credentials presented" description: In hosted Grist, Grist is served from subdomains of this domain
schema:
type: string
required: true
default: ""
- variable: single_org
label: Single Org
description: Set to an org "domain" to pin client to that org
schema: schema:
type: string type: string
default: "" default: ""
- variable: GRIST_DOMAIN - variable: home_url
label: "GRIST_DOMAIN" label: Home URL
description: "In hosted Grist, Grist is served from subdomains of this domain" description: URL prefix for home API
schema: schema:
type: string type: string
default: "" default: ""
- variable: GRIST_SUPPORT_ANON - variable: default_email
label: "GRIST_SUPPORT_ANON" label: Default Email
description: "If set to true, show UI for anonymous access." description: If set, login as this user if no other credentials presented
schema: schema:
type: boolean type: string
default: false default: ""
- variable: GRIST_THROTTLE_CPU - variable: default_product
label: "GRIST_THROTTLE_CPU" label: Default Product
description: "If set, CPU throttling is enabled" description: If set, this controls enabled features and limits of new sites.
schema: schema:
type: boolean type: string
default: false default: ""
- variable: GRIST_BACKUP_DELAY_SECS - variable: default_locale
label: "GRIST_BACKUP_DELAY_SECS" label: Default Locale
description: "Wait this long after a doc change before making a backup" description: Locale to use as fallback when Grist cannot honour the browser locale.
schema:
type: string
default: ""
- variable: allowed_webhook_domains
label: Allowed Webhook Domains
description: Permitted domains to use in webhooks
schema:
type: list
default: []
items:
- variable: webhook_domain
label: Allowed Webhook Domain
schema:
type: string
default: ""
- variable: allowed_hosts
label: Allowed Hosts
description: Permitted domains origin for requests
schema:
type: list
default: []
items:
- variable: webhook_host
label: Allowed Webhook Host
schema:
type: string
default: ""
- variable: hide_ui_elements
label: Hide UI Elements
description: Parts of the UI to hide
schema:
type: list
default: []
items:
- variable: ui_element
label: UI Element to Hide
schema:
type: string
default: ""
enum:
- value: helpCenter
description: helpCenter
- value: billing
description: billing
- value: templates
description: templates
- value: multiSite
description: multiSite
- value: multiAccounts
description: multiAccounts
- variable: default_locale
label: Default Locale
description: Locale to use as fallback when Grist cannot honour the browser locale.
schema:
type: string
default: ""
- variable: max_upload_import_mb
label: Max Upload Import in MB
description: Max allowed size for imports (except .grist files) (0 for unlimited).
schema: schema:
type: int type: int
default: 15 default: 0
- variable: ALLOWED_WEBHOOK_DOMAINS - variable: max_upload_attachment_mb
label: "ALLOWED_WEBHOOK_DOMAINS" label: Max Upload Attachment in MB
description: "Comma-separated list of permitted domains to use in webhooks" description: Max allowed size for attachments (except .grist files) (0 for unlimited).
schema:
type: int
default: 0
- variable: title_suffix
label: Title Suffix
description: A string to append to the end of the <title> in HTML documents.
schema:
type: string
default: " - Grist"
- variable: proxy_auth_header
label: Proxy Auth Header
description: Header which will be set by a (reverse) proxy web server with an authorized users email.
schema: schema:
type: string type: string
default: "" default: ""
- variable: enabledsandbox - variable: cookie_max_age
label: "Sandbox" label: Cookie Max Age
description: Session cookie max age
schema:
type: int
default: 90
- variable: force_login
label: Force Login
description: When set to true disables anonymous access
schema:
type: boolean
default: true
- variable: ignore_session
label: Ignore Session
description: If set, Grist will not use a session for authentication.
schema: schema:
type: boolean type: boolean
default: false default: false
show_subquestions_if: true - variable: support_anon
subquestions: label: Support Anon
- variable: GRIST_SANDBOX_FLAVOR description: When set to true, show UI for anonymous access
label: "GRIST_SANDBOX_FLAVOR"
description: "If set, forces Grist to use the specified kind of sandbox."
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "pynbox"
description: "pynbox"
- value: "unsandboxed"
description: "unsandboxed"
- value: "docker"
description: "docker"
- value: "macSandboxExec"
description: "macSandboxExec"
- variable: GRIST_SANDBOX
label: "GRIST_SANDBOX"
description: "A program or image name to run as the sandbox. See NSandbox.ts for nerdy details."
schema:
type: string
default: ""
- variable: PYTHON_VERSION
label: "PYTHON_VERSION"
description: "If set, documents without an engine setting are assumed to use the specified version of python. Not all sandboxes support all versions."
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "2"
description: "2"
- value: "3"
description: "3"
- variable: PYTHON_VERSION_ON_CREATION
label: "PYTHON_VERSION_ON_CREATION"
description: "If set, newly created documents have an engine setting set to python2 or python3. Not all sandboxes support all versions."
schema:
type: string
default: ""
enum:
- value: ""
description: "Default"
- value: "2"
description: "2"
- value: "3"
description: "3"
- variable: enabledgdrive
label: "Google Drive Integration"
schema: schema:
type: boolean type: boolean
default: false default: false
show_subquestions_if: true - variable: throttle_cpu
subquestions: label: Throttle CPU
- variable: GOOGLE_CLIENT_ID description: When set to true, CPU throttling is enabled
label: "GOOGLE_CLIENT_ID"
description: "Set to the Google Client Id to be used with Google API client"
schema: schema:
type: string type: boolean
default: "" default: false
- variable: GOOGLE_CLIENT_SECRET - variable: include_custom_css
label: "GOOGLE_CLIENT_SECRET" label: Include Custom CSS
description: "Set to the Google Client Secret to be used with Google API client" description: Set to true to include custom.css in static pages
schema:
type: boolean
default: false
- variable: google
label: Google Configuration
schema:
additional_attrs: true
type: dict
attrs:
- variable: client_id
label: Client ID
description: Set to the Google Client Id to be used with Google API client
schema: schema:
type: string type: string
private: true private: true
default: "" default: ""
- variable: GOOGLE_API_KEY - variable: client_secret
label: "GOOGLE_API_KEY" label: Client Secret
description: "Set to the Google API Key to be used with Google API client (accessing public files)" description: Set to the Google Client Secret to be used with Google API client
schema: schema:
type: string type: string
private: true private: true
default: "" default: ""
- variable: GOOGLE_DRIVE_SCOPE - variable: api_key
label: "GOOGLE_DRIVE_SCOPE" label: API Key
description: "Set to the scope requested for Google Drive integration (defaults to drive.file)" description: Set to the Google API Key to be used with Google API client (accessing public files)
schema:
type: string
private: true
default: ""
- variable: drive_scope
label: Drive Scope
description: Set to the scope requested for Google Drive integration
schema:
type: string
default: drive.file
- variable: forward_auth
label: Forward Auth
schema:
additional_attrs: true
type: dict
attrs:
- variable: header
label: Header
description: If set, trust the specified header (e.g. "x-forwarded-user") to contain authorized user emails, and enable "forward auth" logins.
schema:
type: string
default: ""
- variable: login_path
label: Login Path
description: If Header is set, Grist will listen at this path for logins.
schema:
type: string
private: true
default: /auth/login
- variable: logout_path
label: Logout Path
description: If Header is set, Grist will forward to this path when user logs out.
schema: schema:
type: string type: string
private: true private: true
@ -148,8 +231,8 @@ questions:
# Include{containerConfig} # Include{containerConfig}
# Include{serviceRoot} # Include{serviceRoot}
- variable: main - variable: main
label: "Main Service" label: Main Service
description: "The Primary service on which the healthcheck runs, often the webUI" description: The Primary service on which the healthcheck runs, often the webUI
schema: schema:
additional_attrs: true additional_attrs: true
type: dict type: dict
@ -157,28 +240,28 @@ questions:
# Include{serviceSelectorLoadBalancer} # Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras} # Include{serviceSelectorExtras}
- variable: main - variable: main
label: "Main Service Port Configuration" label: Main Service Port Configuration
schema: schema:
additional_attrs: true additional_attrs: true
type: dict type: dict
attrs: attrs:
- variable: port - variable: port
label: "Port" label: Port
description: "This port exposes the container port on the service" description: This port exposes the container port on the service
schema: schema:
type: int type: int
default: 10163 default: 10163
required: true required: true
# Include{advancedPortHTTP} # Include{advancedPortHTTP}
- variable: targetPort - variable: targetPort
label: "Target Port" label: Target Port
description: "The internal(!) port on the container the Application runs on" description: The internal(!) port on the container the Application runs on
schema: schema:
type: int type: int
default: 10163 default: 10163
- variable: api - variable: api
label: "API Service" label: API Service
description: "API service" description: API service
schema: schema:
additional_attrs: true additional_attrs: true
type: dict type: dict
@ -186,22 +269,22 @@ questions:
# Include{serviceSelectorLoadBalancer} # Include{serviceSelectorLoadBalancer}
# Include{serviceSelectorExtras} # Include{serviceSelectorExtras}
- variable: api - variable: api
label: "API Service Port Configuration" label: API Service Port Configuration
schema: schema:
additional_attrs: true additional_attrs: true
type: dict type: dict
attrs: attrs:
- variable: port - variable: port
label: "Port" label: Port
description: "This port exposes the container port on the service" description: This port exposes the container port on the service
schema: schema:
type: int type: int
default: 10164 default: 10164
required: true required: true
# Include{advancedPortHTTP} # Include{advancedPortHTTP}
- variable: targetPort - variable: targetPort
label: "Target Port" label: Target Port
description: "The internal(!) port on the container the Application runs on" description: The internal(!) port on the container the Application runs on
schema: schema:
type: int type: int
default: 10164 default: 10164
@ -211,8 +294,8 @@ questions:
# Include{serviceList} # Include{serviceList}
# Include{persistenceRoot} # Include{persistenceRoot}
- variable: persist - variable: persist
label: "App Persist Storage" label: App Persist Storage
description: "Stores the Application Persist." description: Stores the Application Persist.
schema: schema:
additional_attrs: true additional_attrs: true
type: dict type: dict
@ -222,7 +305,7 @@ questions:
# Include{persistenceList} # Include{persistenceList}
# Include{ingressRoot} # Include{ingressRoot}
- variable: main - variable: main
label: "Main Ingress" label: Main Ingress
schema: schema:
additional_attrs: true additional_attrs: true
type: dict type: dict
@ -235,42 +318,42 @@ questions:
# Include{security} # Include{security}
# Include{securityContextAdvancedRoot} # Include{securityContextAdvancedRoot}
- variable: privileged - variable: privileged
label: "Privileged mode" label: Privileged mode
schema: schema:
type: boolean type: boolean
default: false default: false
- variable: readOnlyRootFilesystem - variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem" label: ReadOnly Root Filesystem
schema: schema:
type: boolean type: boolean
default: false default: false
- variable: allowPrivilegeEscalation - variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation" label: Allow Privilege Escalation
schema: schema:
type: boolean type: boolean
default: false default: false
- variable: runAsNonRoot - variable: runAsNonRoot
label: "runAsNonRoot" label: runAsNonRoot
schema: schema:
type: boolean type: boolean
default: false default: false
# Include{securityContextAdvanced} # Include{securityContextAdvanced}
# Include{podSecurityContextRoot} # Include{podSecurityContextRoot}
- variable: runAsUser - variable: runAsUser
label: "runAsUser" label: runAsUser
description: "The UserID of the user running the application" description: The UserID of the user running the application
schema: schema:
type: int type: int
default: 0 default: 0
- variable: runAsGroup - variable: runAsGroup
label: "runAsGroup" label: runAsGroup
description: "The groupID this App of the user running the application" description: The groupID this App of the user running the application
schema: schema:
type: int type: int
default: 0 default: 0
- variable: fsGroup - variable: fsGroup
label: "fsGroup" label: fsGroup
description: "The group that should own ALL storage." description: The group that should own ALL storage.
schema: schema:
type: int type: int
default: 568 default: 568

View File

@ -0,0 +1,85 @@
{{/* Define the configmap */}}
{{- define "grist.config" -}}
{{- $configName := printf "%s-grist-config" (include "tc.common.names.fullname" .) }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ $configName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
data:
{{/* Dependencies */}}
TYPEORM_TYPE: postgres
TYPEORM_PORT: "5432"
TYPEORM_HOST: {{ printf "%v-%v" .Release.Name "postgresql" }}
TYPEORM_DATABASE: {{ .Values.postgresql.postgresqlDatabase }}
TYPEORM_USERNAME: {{ .Values.postgresql.postgresqlUsername }}
{{/* Ports */}}
PORT: {{ .Values.service.main.ports.main.port | quote }}
HOME_PORT: {{ .Values.service.api.ports.api.port | quote }}
{{/* Google */}}
{{- with .Values.grist.google.drive_scope }}
GOOGLE_DRIVE_SCOPE: {{ . }}
{{- end }}
{{/* Forward Auth */}}
{{- with .Values.grist.forward_auth.header }}
GRIST_FORWARD_AUTH_HEADER: {{ . }}
{{- end }}
{{- with .Values.grist.forward_auth.login_path }}
GRIST_FORWARD_AUTH_LOGIN_PATH: {{ . }}
{{- end }}
{{- with .Values.grist.forward_auth.logout_path }}
GRIST_FORWARD_AUTH_LOGOUT_PATH: {{ . }}
{{- end }}
{{/* APP */}}
{{- with .Values.grist.home_url }}
APP_HOME_URL:
{{- end }}
{{- with .Values.grist.allowed_webhook_domains }}
ALLOWED_WEBHOOK_DOMAINS: {{ join "," . }}
{{- end }}
{{- with .Values.grist.allowed_hosts }}
GRIST_ALLOWED_HOSTS: {{ join "," . }}
{{- end }}
{{- with .Values.grist.backup_delay_secs }}
GRIST_BACKUP_DELAY_SECS: {{ . | quote }}
{{- end }}
{{- with .Values.grist.default_email }}
GRIST_DEFAULT_EMAIL: {{ . }}
{{- end }}
{{- with .Values.grist.default_product }}
GRIST_DEFAULT_PRODUCT: {{ . }}
{{- end }}
{{- with .Values.grist.default_locale }}
GRIST_DEFAULT_LOCALE:
{{- end }}
{{- with .Values.grist.domain }}
GRIST_DOMAIN: {{ . }}
{{- end }}
{{- with .Values.grist.hide_ui_elements }}
GRIST_HIDE_UI_ELEMENTS: {{ join "," . }}
{{- end }}
{{- with .Values.grist.title_suffix }}
GRIST_PAGE_TITLE_SUFFIX: {{ . | quote }}
{{- end }}
{{- with .Values.grist.proxy_auth_header }}
GRIST_PROXY_AUTH_HEADER: {{ . }}
{{- end }}
{{- with .Values.grist.cookie_max_age }}
COOKIE_MAX_AGE: {{ . | quote }}
{{- end }}
{{- with .Values.grist.single_org }}
GRIST_SINGLE_ORG: {{ . }}
{{- end }}
GRIST_IGNORE_SESSION: {{ .Values.grist.ignore_session | quote }}
GRIST_FORCE_LOGIN: {{ .Values.grist.force_login | quote }}
GRIST_SUPPORT_ANON: {{ .Values.grist.support_anon | quote }}
GRIST_THROTTLE_CPU: {{ .Values.grist.throttle_cpu | quote }}
APP_STATIC_INCLUDE_CUSTOM_CSS: {{ .Values.grist.include_custom_css | quote }}
GRIST_MAX_UPLOAD_ATTACHMENT_MB: {{ .Values.grist.max_upload_attachment_mb | quote }}
GRIST_MAX_UPLOAD_IMPORT_MB: {{ .Values.grist.max_upload_import_mb | quote }}
{{- end -}}

View File

@ -0,0 +1,35 @@
{{/* Define the secret */}}
{{- define "grist.secret" -}}
{{- $secretName := printf "%s-grist-secret" (include "tc.common.names.fullname" .) }}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ $secretName }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
data:
{{/* Secret Key */}}
{{- with (lookup "v1" "Secret" .Release.Namespace $secretName) }}
GRIST_SESSION_SECRET: {{ index .data "GRIST_SESSION_SECRET" }}
{{- else }}
GRIST_SESSION_SECRET: {{ randAlphaNum 32 | b64enc }}
{{- end }}
{{/* Dependencies */}}
TYPEORM_PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" | b64enc }}
REDIS_URL: {{ printf "redis://:%v@%v-redis:6379/%v" ( .Values.redis.redisPassword | trimAll "\"" ) .Release.Name "0" | b64enc }}
{{/* Google */}}
{{- with .Values.grist.google.client_id }}
GOOGLE_CLIENT_ID: {{ . }}
{{- end }}
{{- with .Values.grist.google.client_secret }}
GOOGLE_CLIENT_SECRET: {{ . }}
{{- end }}
{{- with .Values.grist.google.api_key }}
GOOGLE_API_KEY: {{ . }}
{{- end }}
{{- end }}

View File

@ -1 +1,11 @@
{{ include "tc.common.loader.all" . }} {{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{/* Render secret */}}
{{- include "grist.secret" . }}
{{/* Render config */}}
{{- include "grist.config" . }}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}

View File

@ -1,6 +1,6 @@
image: image:
repository: tccr.io/truecharts/grist repository: tccr.io/truecharts/grist
tag: v0.7.9@sha256:277902644b6444f90cf81cdb04b4749377585e3e2b4cefd17f1469d5f440349a tag: v1.0.3@sha256:d924a73ae31e0818331ca5d744a4103caa1ddf902dbd0c7a0e74e20cf9b953cc
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
securityContext: securityContext:
@ -11,50 +11,69 @@ podSecurityContext:
runAsUser: 0 runAsUser: 0
runAsGroup: 0 runAsGroup: 0
env: grist:
PORT: "{{ .Values.service.main.ports.main.port }}" domain: ""
HOME_PORT: "{{ .Values.service.api.ports.api.port }}" single_org: ""
GRIST_DEFAULT_EMAIL: "user@mydomain.com" home_url: ""
GRIST_DOMAIN: "" default_email: user@mydomain.com
GRIST_SUPPORT_ANON: false default_product: ""
GRIST_THROTTLE_CPU: false default_locale: ""
GRIST_BACKUP_DELAY_SECS: 15 allowed_webhook_domains: []
ALLOWED_WEBHOOK_DOMAINS: "" allowed_hosts: []
GRIST_SANDBOX_FLAVOR: "" hide_ui_elements: []
GRIST_SANDBOX: "" backup_delay_secs: 15
PYTHON_VERSION: "" max_upload_import_mb: 0
PYTHON_VERSION_ON_CREATION: "" max_upload_attachment_mb: 0
GOOGLE_CLIENT_ID: "" title_suffix: " - Grist"
GOOGLE_CLIENT_SECRET: "" proxy_auth_header: ""
GOOGLE_API_KEY: "" cookie_max_age: 90
GOOGLE_DRIVE_SCOPE: "" force_login: true
REDIS_URL: ignore_session: false
secretKeyRef: support_anon: false
name: rediscreds throttle_cpu: false
key: url include_custom_css: false
google:
client_id: ""
client_secret: ""
api_key: ""
drive_scope: drive.file
forward_auth:
header: ""
login_path: /auth/login
logout_path: ""
envFrom:
- secretRef:
name: '{{ include "tc.common.names.fullname" . }}-grist-secret'
- configMapRef:
name: '{{ include "tc.common.names.fullname" . }}-grist-config'
service: service:
main: main:
ports: ports:
main: main:
port: 10163 port: 10163
targetPort: 10163
api: api:
enabled: true enabled: true
ports: ports:
api: api:
enabled: true enabled: true
port: 10164 port: 10164
targetPort: 10164
persistence: persistence:
persist: persist:
enabled: true enabled: true
mountPath: "/persist" mountPath: "/persist"
postgresql:
enabled: true
existingSecret: dbcreds
postgresqlUsername: grist
postgresqlDatabase: grist
redis: redis:
enabled: true enabled: true
existingSecret: "rediscreds" existingSecret: rediscreds
portal: portal:
enabled: true enabled: true