feat(grist): BREAKING CHANGE - rework, adds postgres and more options (#4106)
* feat(grist): rework, adds postgres and more options * update UI * fix configmap * nousername * add few more opts
This commit is contained in:
parent
176f4b59de
commit
4a96288952
|
@ -4,6 +4,10 @@ dependencies:
|
||||||
- name: common
|
- name: common
|
||||||
repository: https://library-charts.truecharts.org
|
repository: https://library-charts.truecharts.org
|
||||||
version: 10.7.0
|
version: 10.7.0
|
||||||
|
- condition: postgresql.enabled
|
||||||
|
name: postgresql
|
||||||
|
repository: https://charts.truecharts.org/
|
||||||
|
version: 8.0.97
|
||||||
- condition: redis.enabled
|
- condition: redis.enabled
|
||||||
name: redis
|
name: redis
|
||||||
repository: https://charts.truecharts.org
|
repository: https://charts.truecharts.org
|
||||||
|
@ -26,7 +30,7 @@ sources:
|
||||||
- https://hub.docker.com/r/gristlabs/grist
|
- https://hub.docker.com/r/gristlabs/grist
|
||||||
- https://github.com/gristlabs/grist-core
|
- https://github.com/gristlabs/grist-core
|
||||||
- https://support.getgrist.com/
|
- https://support.getgrist.com/
|
||||||
version: 3.0.44
|
version: 4.0.0
|
||||||
annotations:
|
annotations:
|
||||||
truecharts.org/catagories: |
|
truecharts.org/catagories: |
|
||||||
- productivity
|
- productivity
|
||||||
|
|
|
@ -12,135 +12,218 @@ questions:
|
||||||
# Include{recreate}
|
# Include{recreate}
|
||||||
# Include{controllerExpert}
|
# Include{controllerExpert}
|
||||||
# Include{controllerExpertExtraArgs}
|
# Include{controllerExpertExtraArgs}
|
||||||
- variable: env
|
- variable: grist
|
||||||
group: "Container Configuration"
|
group: Container Configuration
|
||||||
label: "Image Environment"
|
label: Grist Configuration
|
||||||
schema:
|
schema:
|
||||||
additional_attrs: true
|
additional_attrs: true
|
||||||
type: dict
|
type: dict
|
||||||
attrs:
|
attrs:
|
||||||
- variable: GRIST_DEFAULT_EMAIL
|
- variable: domain
|
||||||
label: "GRIST_DEFAULT_EMAIL"
|
label: Domain
|
||||||
description: "If set, login as this user if no other credentials presented"
|
description: In hosted Grist, Grist is served from subdomains of this domain
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: single_org
|
||||||
|
label: Single Org
|
||||||
|
description: Set to an org "domain" to pin client to that org
|
||||||
schema:
|
schema:
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
- variable: GRIST_DOMAIN
|
- variable: home_url
|
||||||
label: "GRIST_DOMAIN"
|
label: Home URL
|
||||||
description: "In hosted Grist, Grist is served from subdomains of this domain"
|
description: URL prefix for home API
|
||||||
schema:
|
schema:
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
- variable: GRIST_SUPPORT_ANON
|
- variable: default_email
|
||||||
label: "GRIST_SUPPORT_ANON"
|
label: Default Email
|
||||||
description: "If set to true, show UI for anonymous access."
|
description: If set, login as this user if no other credentials presented
|
||||||
schema:
|
schema:
|
||||||
type: boolean
|
type: string
|
||||||
default: false
|
default: ""
|
||||||
- variable: GRIST_THROTTLE_CPU
|
- variable: default_product
|
||||||
label: "GRIST_THROTTLE_CPU"
|
label: Default Product
|
||||||
description: "If set, CPU throttling is enabled"
|
description: If set, this controls enabled features and limits of new sites.
|
||||||
schema:
|
schema:
|
||||||
type: boolean
|
type: string
|
||||||
default: false
|
default: ""
|
||||||
- variable: GRIST_BACKUP_DELAY_SECS
|
- variable: default_locale
|
||||||
label: "GRIST_BACKUP_DELAY_SECS"
|
label: Default Locale
|
||||||
description: "Wait this long after a doc change before making a backup"
|
description: Locale to use as fallback when Grist cannot honour the browser locale.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: allowed_webhook_domains
|
||||||
|
label: Allowed Webhook Domains
|
||||||
|
description: Permitted domains to use in webhooks
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: webhook_domain
|
||||||
|
label: Allowed Webhook Domain
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: allowed_hosts
|
||||||
|
label: Allowed Hosts
|
||||||
|
description: Permitted domains origin for requests
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: webhook_host
|
||||||
|
label: Allowed Webhook Host
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: hide_ui_elements
|
||||||
|
label: Hide UI Elements
|
||||||
|
description: Parts of the UI to hide
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: ui_element
|
||||||
|
label: UI Element to Hide
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
enum:
|
||||||
|
- value: helpCenter
|
||||||
|
description: helpCenter
|
||||||
|
- value: billing
|
||||||
|
description: billing
|
||||||
|
- value: templates
|
||||||
|
description: templates
|
||||||
|
- value: multiSite
|
||||||
|
description: multiSite
|
||||||
|
- value: multiAccounts
|
||||||
|
description: multiAccounts
|
||||||
|
- variable: default_locale
|
||||||
|
label: Default Locale
|
||||||
|
description: Locale to use as fallback when Grist cannot honour the browser locale.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: max_upload_import_mb
|
||||||
|
label: Max Upload Import in MB
|
||||||
|
description: Max allowed size for imports (except .grist files) (0 for unlimited).
|
||||||
schema:
|
schema:
|
||||||
type: int
|
type: int
|
||||||
default: 15
|
default: 0
|
||||||
- variable: ALLOWED_WEBHOOK_DOMAINS
|
- variable: max_upload_attachment_mb
|
||||||
label: "ALLOWED_WEBHOOK_DOMAINS"
|
label: Max Upload Attachment in MB
|
||||||
description: "Comma-separated list of permitted domains to use in webhooks"
|
description: Max allowed size for attachments (except .grist files) (0 for unlimited).
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 0
|
||||||
|
- variable: title_suffix
|
||||||
|
label: Title Suffix
|
||||||
|
description: A string to append to the end of the <title> in HTML documents.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: " - Grist"
|
||||||
|
- variable: proxy_auth_header
|
||||||
|
label: Proxy Auth Header
|
||||||
|
description: Header which will be set by a (reverse) proxy web server with an authorized users email.
|
||||||
schema:
|
schema:
|
||||||
type: string
|
type: string
|
||||||
default: ""
|
default: ""
|
||||||
- variable: enabledsandbox
|
- variable: cookie_max_age
|
||||||
label: "Sandbox"
|
label: Cookie Max Age
|
||||||
|
description: Session cookie max age
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
default: 90
|
||||||
|
- variable: force_login
|
||||||
|
label: Force Login
|
||||||
|
description: When set to true disables anonymous access
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
- variable: ignore_session
|
||||||
|
label: Ignore Session
|
||||||
|
description: If set, Grist will not use a session for authentication.
|
||||||
schema:
|
schema:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
show_subquestions_if: true
|
- variable: support_anon
|
||||||
subquestions:
|
label: Support Anon
|
||||||
- variable: GRIST_SANDBOX_FLAVOR
|
description: When set to true, show UI for anonymous access
|
||||||
label: "GRIST_SANDBOX_FLAVOR"
|
|
||||||
description: "If set, forces Grist to use the specified kind of sandbox."
|
|
||||||
schema:
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
enum:
|
|
||||||
- value: ""
|
|
||||||
description: "Default"
|
|
||||||
- value: "pynbox"
|
|
||||||
description: "pynbox"
|
|
||||||
- value: "unsandboxed"
|
|
||||||
description: "unsandboxed"
|
|
||||||
- value: "docker"
|
|
||||||
description: "docker"
|
|
||||||
- value: "macSandboxExec"
|
|
||||||
description: "macSandboxExec"
|
|
||||||
- variable: GRIST_SANDBOX
|
|
||||||
label: "GRIST_SANDBOX"
|
|
||||||
description: "A program or image name to run as the sandbox. See NSandbox.ts for nerdy details."
|
|
||||||
schema:
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
- variable: PYTHON_VERSION
|
|
||||||
label: "PYTHON_VERSION"
|
|
||||||
description: "If set, documents without an engine setting are assumed to use the specified version of python. Not all sandboxes support all versions."
|
|
||||||
schema:
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
enum:
|
|
||||||
- value: ""
|
|
||||||
description: "Default"
|
|
||||||
- value: "2"
|
|
||||||
description: "2"
|
|
||||||
- value: "3"
|
|
||||||
description: "3"
|
|
||||||
- variable: PYTHON_VERSION_ON_CREATION
|
|
||||||
label: "PYTHON_VERSION_ON_CREATION"
|
|
||||||
description: "If set, newly created documents have an engine setting set to python2 or python3. Not all sandboxes support all versions."
|
|
||||||
schema:
|
|
||||||
type: string
|
|
||||||
default: ""
|
|
||||||
enum:
|
|
||||||
- value: ""
|
|
||||||
description: "Default"
|
|
||||||
- value: "2"
|
|
||||||
description: "2"
|
|
||||||
- value: "3"
|
|
||||||
description: "3"
|
|
||||||
- variable: enabledgdrive
|
|
||||||
label: "Google Drive Integration"
|
|
||||||
schema:
|
schema:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
show_subquestions_if: true
|
- variable: throttle_cpu
|
||||||
subquestions:
|
label: Throttle CPU
|
||||||
- variable: GOOGLE_CLIENT_ID
|
description: When set to true, CPU throttling is enabled
|
||||||
label: "GOOGLE_CLIENT_ID"
|
schema:
|
||||||
description: "Set to the Google Client Id to be used with Google API client"
|
type: boolean
|
||||||
schema:
|
default: false
|
||||||
type: string
|
- variable: include_custom_css
|
||||||
default: ""
|
label: Include Custom CSS
|
||||||
- variable: GOOGLE_CLIENT_SECRET
|
description: Set to true to include custom.css in static pages
|
||||||
label: "GOOGLE_CLIENT_SECRET"
|
schema:
|
||||||
description: "Set to the Google Client Secret to be used with Google API client"
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: google
|
||||||
|
label: Google Configuration
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: client_id
|
||||||
|
label: Client ID
|
||||||
|
description: Set to the Google Client Id to be used with Google API client
|
||||||
schema:
|
schema:
|
||||||
type: string
|
type: string
|
||||||
private: true
|
private: true
|
||||||
default: ""
|
default: ""
|
||||||
- variable: GOOGLE_API_KEY
|
- variable: client_secret
|
||||||
label: "GOOGLE_API_KEY"
|
label: Client Secret
|
||||||
description: "Set to the Google API Key to be used with Google API client (accessing public files)"
|
description: Set to the Google Client Secret to be used with Google API client
|
||||||
schema:
|
schema:
|
||||||
type: string
|
type: string
|
||||||
private: true
|
private: true
|
||||||
default: ""
|
default: ""
|
||||||
- variable: GOOGLE_DRIVE_SCOPE
|
- variable: api_key
|
||||||
label: "GOOGLE_DRIVE_SCOPE"
|
label: API Key
|
||||||
description: "Set to the scope requested for Google Drive integration (defaults to drive.file)"
|
description: Set to the Google API Key to be used with Google API client (accessing public files)
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
default: ""
|
||||||
|
- variable: drive_scope
|
||||||
|
label: Drive Scope
|
||||||
|
description: Set to the scope requested for Google Drive integration
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: drive.file
|
||||||
|
- variable: forward_auth
|
||||||
|
label: Forward Auth
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: header
|
||||||
|
label: Header
|
||||||
|
description: If set, trust the specified header (e.g. "x-forwarded-user") to contain authorized user emails, and enable "forward auth" logins.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: login_path
|
||||||
|
label: Login Path
|
||||||
|
description: If Header is set, Grist will listen at this path for logins.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
default: /auth/login
|
||||||
|
- variable: logout_path
|
||||||
|
label: Logout Path
|
||||||
|
description: If Header is set, Grist will forward to this path when user logs out.
|
||||||
schema:
|
schema:
|
||||||
type: string
|
type: string
|
||||||
private: true
|
private: true
|
||||||
|
@ -148,8 +231,8 @@ questions:
|
||||||
# Include{containerConfig}
|
# Include{containerConfig}
|
||||||
# Include{serviceRoot}
|
# Include{serviceRoot}
|
||||||
- variable: main
|
- variable: main
|
||||||
label: "Main Service"
|
label: Main Service
|
||||||
description: "The Primary service on which the healthcheck runs, often the webUI"
|
description: The Primary service on which the healthcheck runs, often the webUI
|
||||||
schema:
|
schema:
|
||||||
additional_attrs: true
|
additional_attrs: true
|
||||||
type: dict
|
type: dict
|
||||||
|
@ -157,28 +240,28 @@ questions:
|
||||||
# Include{serviceSelectorLoadBalancer}
|
# Include{serviceSelectorLoadBalancer}
|
||||||
# Include{serviceSelectorExtras}
|
# Include{serviceSelectorExtras}
|
||||||
- variable: main
|
- variable: main
|
||||||
label: "Main Service Port Configuration"
|
label: Main Service Port Configuration
|
||||||
schema:
|
schema:
|
||||||
additional_attrs: true
|
additional_attrs: true
|
||||||
type: dict
|
type: dict
|
||||||
attrs:
|
attrs:
|
||||||
- variable: port
|
- variable: port
|
||||||
label: "Port"
|
label: Port
|
||||||
description: "This port exposes the container port on the service"
|
description: This port exposes the container port on the service
|
||||||
schema:
|
schema:
|
||||||
type: int
|
type: int
|
||||||
default: 10163
|
default: 10163
|
||||||
required: true
|
required: true
|
||||||
# Include{advancedPortHTTP}
|
# Include{advancedPortHTTP}
|
||||||
- variable: targetPort
|
- variable: targetPort
|
||||||
label: "Target Port"
|
label: Target Port
|
||||||
description: "The internal(!) port on the container the Application runs on"
|
description: The internal(!) port on the container the Application runs on
|
||||||
schema:
|
schema:
|
||||||
type: int
|
type: int
|
||||||
default: 10163
|
default: 10163
|
||||||
- variable: api
|
- variable: api
|
||||||
label: "API Service"
|
label: API Service
|
||||||
description: "API service"
|
description: API service
|
||||||
schema:
|
schema:
|
||||||
additional_attrs: true
|
additional_attrs: true
|
||||||
type: dict
|
type: dict
|
||||||
|
@ -186,22 +269,22 @@ questions:
|
||||||
# Include{serviceSelectorLoadBalancer}
|
# Include{serviceSelectorLoadBalancer}
|
||||||
# Include{serviceSelectorExtras}
|
# Include{serviceSelectorExtras}
|
||||||
- variable: api
|
- variable: api
|
||||||
label: "API Service Port Configuration"
|
label: API Service Port Configuration
|
||||||
schema:
|
schema:
|
||||||
additional_attrs: true
|
additional_attrs: true
|
||||||
type: dict
|
type: dict
|
||||||
attrs:
|
attrs:
|
||||||
- variable: port
|
- variable: port
|
||||||
label: "Port"
|
label: Port
|
||||||
description: "This port exposes the container port on the service"
|
description: This port exposes the container port on the service
|
||||||
schema:
|
schema:
|
||||||
type: int
|
type: int
|
||||||
default: 10164
|
default: 10164
|
||||||
required: true
|
required: true
|
||||||
# Include{advancedPortHTTP}
|
# Include{advancedPortHTTP}
|
||||||
- variable: targetPort
|
- variable: targetPort
|
||||||
label: "Target Port"
|
label: Target Port
|
||||||
description: "The internal(!) port on the container the Application runs on"
|
description: The internal(!) port on the container the Application runs on
|
||||||
schema:
|
schema:
|
||||||
type: int
|
type: int
|
||||||
default: 10164
|
default: 10164
|
||||||
|
@ -211,8 +294,8 @@ questions:
|
||||||
# Include{serviceList}
|
# Include{serviceList}
|
||||||
# Include{persistenceRoot}
|
# Include{persistenceRoot}
|
||||||
- variable: persist
|
- variable: persist
|
||||||
label: "App Persist Storage"
|
label: App Persist Storage
|
||||||
description: "Stores the Application Persist."
|
description: Stores the Application Persist.
|
||||||
schema:
|
schema:
|
||||||
additional_attrs: true
|
additional_attrs: true
|
||||||
type: dict
|
type: dict
|
||||||
|
@ -222,7 +305,7 @@ questions:
|
||||||
# Include{persistenceList}
|
# Include{persistenceList}
|
||||||
# Include{ingressRoot}
|
# Include{ingressRoot}
|
||||||
- variable: main
|
- variable: main
|
||||||
label: "Main Ingress"
|
label: Main Ingress
|
||||||
schema:
|
schema:
|
||||||
additional_attrs: true
|
additional_attrs: true
|
||||||
type: dict
|
type: dict
|
||||||
|
@ -235,42 +318,42 @@ questions:
|
||||||
# Include{security}
|
# Include{security}
|
||||||
# Include{securityContextAdvancedRoot}
|
# Include{securityContextAdvancedRoot}
|
||||||
- variable: privileged
|
- variable: privileged
|
||||||
label: "Privileged mode"
|
label: Privileged mode
|
||||||
schema:
|
schema:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
- variable: readOnlyRootFilesystem
|
- variable: readOnlyRootFilesystem
|
||||||
label: "ReadOnly Root Filesystem"
|
label: ReadOnly Root Filesystem
|
||||||
schema:
|
schema:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
- variable: allowPrivilegeEscalation
|
- variable: allowPrivilegeEscalation
|
||||||
label: "Allow Privilege Escalation"
|
label: Allow Privilege Escalation
|
||||||
schema:
|
schema:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
- variable: runAsNonRoot
|
- variable: runAsNonRoot
|
||||||
label: "runAsNonRoot"
|
label: runAsNonRoot
|
||||||
schema:
|
schema:
|
||||||
type: boolean
|
type: boolean
|
||||||
default: false
|
default: false
|
||||||
# Include{securityContextAdvanced}
|
# Include{securityContextAdvanced}
|
||||||
# Include{podSecurityContextRoot}
|
# Include{podSecurityContextRoot}
|
||||||
- variable: runAsUser
|
- variable: runAsUser
|
||||||
label: "runAsUser"
|
label: runAsUser
|
||||||
description: "The UserID of the user running the application"
|
description: The UserID of the user running the application
|
||||||
schema:
|
schema:
|
||||||
type: int
|
type: int
|
||||||
default: 0
|
default: 0
|
||||||
- variable: runAsGroup
|
- variable: runAsGroup
|
||||||
label: "runAsGroup"
|
label: runAsGroup
|
||||||
description: "The groupID this App of the user running the application"
|
description: The groupID this App of the user running the application
|
||||||
schema:
|
schema:
|
||||||
type: int
|
type: int
|
||||||
default: 0
|
default: 0
|
||||||
- variable: fsGroup
|
- variable: fsGroup
|
||||||
label: "fsGroup"
|
label: fsGroup
|
||||||
description: "The group that should own ALL storage."
|
description: The group that should own ALL storage.
|
||||||
schema:
|
schema:
|
||||||
type: int
|
type: int
|
||||||
default: 568
|
default: 568
|
||||||
|
|
|
@ -0,0 +1,85 @@
|
||||||
|
{{/* Define the configmap */}}
|
||||||
|
{{- define "grist.config" -}}
|
||||||
|
|
||||||
|
{{- $configName := printf "%s-grist-config" (include "tc.common.names.fullname" .) }}
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: {{ $configName }}
|
||||||
|
labels:
|
||||||
|
{{- include "tc.common.labels" . | nindent 4 }}
|
||||||
|
data:
|
||||||
|
{{/* Dependencies */}}
|
||||||
|
TYPEORM_TYPE: postgres
|
||||||
|
TYPEORM_PORT: "5432"
|
||||||
|
TYPEORM_HOST: {{ printf "%v-%v" .Release.Name "postgresql" }}
|
||||||
|
TYPEORM_DATABASE: {{ .Values.postgresql.postgresqlDatabase }}
|
||||||
|
TYPEORM_USERNAME: {{ .Values.postgresql.postgresqlUsername }}
|
||||||
|
{{/* Ports */}}
|
||||||
|
PORT: {{ .Values.service.main.ports.main.port | quote }}
|
||||||
|
HOME_PORT: {{ .Values.service.api.ports.api.port | quote }}
|
||||||
|
{{/* Google */}}
|
||||||
|
{{- with .Values.grist.google.drive_scope }}
|
||||||
|
GOOGLE_DRIVE_SCOPE: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{/* Forward Auth */}}
|
||||||
|
{{- with .Values.grist.forward_auth.header }}
|
||||||
|
GRIST_FORWARD_AUTH_HEADER: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.forward_auth.login_path }}
|
||||||
|
GRIST_FORWARD_AUTH_LOGIN_PATH: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.forward_auth.logout_path }}
|
||||||
|
GRIST_FORWARD_AUTH_LOGOUT_PATH: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{/* APP */}}
|
||||||
|
{{- with .Values.grist.home_url }}
|
||||||
|
APP_HOME_URL:
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.allowed_webhook_domains }}
|
||||||
|
ALLOWED_WEBHOOK_DOMAINS: {{ join "," . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.allowed_hosts }}
|
||||||
|
GRIST_ALLOWED_HOSTS: {{ join "," . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.backup_delay_secs }}
|
||||||
|
GRIST_BACKUP_DELAY_SECS: {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.default_email }}
|
||||||
|
GRIST_DEFAULT_EMAIL: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.default_product }}
|
||||||
|
GRIST_DEFAULT_PRODUCT: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.default_locale }}
|
||||||
|
GRIST_DEFAULT_LOCALE:
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.domain }}
|
||||||
|
GRIST_DOMAIN: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.hide_ui_elements }}
|
||||||
|
GRIST_HIDE_UI_ELEMENTS: {{ join "," . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.title_suffix }}
|
||||||
|
GRIST_PAGE_TITLE_SUFFIX: {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.proxy_auth_header }}
|
||||||
|
GRIST_PROXY_AUTH_HEADER: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.cookie_max_age }}
|
||||||
|
COOKIE_MAX_AGE: {{ . | quote }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.single_org }}
|
||||||
|
GRIST_SINGLE_ORG: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
GRIST_IGNORE_SESSION: {{ .Values.grist.ignore_session | quote }}
|
||||||
|
GRIST_FORCE_LOGIN: {{ .Values.grist.force_login | quote }}
|
||||||
|
GRIST_SUPPORT_ANON: {{ .Values.grist.support_anon | quote }}
|
||||||
|
GRIST_THROTTLE_CPU: {{ .Values.grist.throttle_cpu | quote }}
|
||||||
|
APP_STATIC_INCLUDE_CUSTOM_CSS: {{ .Values.grist.include_custom_css | quote }}
|
||||||
|
GRIST_MAX_UPLOAD_ATTACHMENT_MB: {{ .Values.grist.max_upload_attachment_mb | quote }}
|
||||||
|
GRIST_MAX_UPLOAD_IMPORT_MB: {{ .Values.grist.max_upload_import_mb | quote }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,35 @@
|
||||||
|
{{/* Define the secret */}}
|
||||||
|
{{- define "grist.secret" -}}
|
||||||
|
|
||||||
|
{{- $secretName := printf "%s-grist-secret" (include "tc.common.names.fullname" .) }}
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
type: Opaque
|
||||||
|
metadata:
|
||||||
|
name: {{ $secretName }}
|
||||||
|
labels:
|
||||||
|
{{- include "tc.common.labels" . | nindent 4 }}
|
||||||
|
data:
|
||||||
|
{{/* Secret Key */}}
|
||||||
|
{{- with (lookup "v1" "Secret" .Release.Namespace $secretName) }}
|
||||||
|
GRIST_SESSION_SECRET: {{ index .data "GRIST_SESSION_SECRET" }}
|
||||||
|
{{- else }}
|
||||||
|
GRIST_SESSION_SECRET: {{ randAlphaNum 32 | b64enc }}
|
||||||
|
{{- end }}
|
||||||
|
{{/* Dependencies */}}
|
||||||
|
TYPEORM_PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" | b64enc }}
|
||||||
|
REDIS_URL: {{ printf "redis://:%v@%v-redis:6379/%v" ( .Values.redis.redisPassword | trimAll "\"" ) .Release.Name "0" | b64enc }}
|
||||||
|
{{/* Google */}}
|
||||||
|
{{- with .Values.grist.google.client_id }}
|
||||||
|
GOOGLE_CLIENT_ID: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.google.client_secret }}
|
||||||
|
GOOGLE_CLIENT_SECRET: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .Values.grist.google.api_key }}
|
||||||
|
GOOGLE_API_KEY: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
|
@ -1 +1,11 @@
|
||||||
{{ include "tc.common.loader.all" . }}
|
{{/* Make sure all variables are set properly */}}
|
||||||
|
{{- include "tc.common.loader.init" . }}
|
||||||
|
|
||||||
|
{{/* Render secret */}}
|
||||||
|
{{- include "grist.secret" . }}
|
||||||
|
|
||||||
|
{{/* Render config */}}
|
||||||
|
{{- include "grist.config" . }}
|
||||||
|
|
||||||
|
{{/* Render the templates */}}
|
||||||
|
{{ include "tc.common.loader.apply" . }}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
image:
|
image:
|
||||||
repository: tccr.io/truecharts/grist
|
repository: tccr.io/truecharts/grist
|
||||||
tag: v0.7.9@sha256:277902644b6444f90cf81cdb04b4749377585e3e2b4cefd17f1469d5f440349a
|
tag: v1.0.3@sha256:d924a73ae31e0818331ca5d744a4103caa1ddf902dbd0c7a0e74e20cf9b953cc
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
|
|
||||||
securityContext:
|
securityContext:
|
||||||
|
@ -11,50 +11,69 @@ podSecurityContext:
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
runAsGroup: 0
|
runAsGroup: 0
|
||||||
|
|
||||||
env:
|
grist:
|
||||||
PORT: "{{ .Values.service.main.ports.main.port }}"
|
domain: ""
|
||||||
HOME_PORT: "{{ .Values.service.api.ports.api.port }}"
|
single_org: ""
|
||||||
GRIST_DEFAULT_EMAIL: "user@mydomain.com"
|
home_url: ""
|
||||||
GRIST_DOMAIN: ""
|
default_email: user@mydomain.com
|
||||||
GRIST_SUPPORT_ANON: false
|
default_product: ""
|
||||||
GRIST_THROTTLE_CPU: false
|
default_locale: ""
|
||||||
GRIST_BACKUP_DELAY_SECS: 15
|
allowed_webhook_domains: []
|
||||||
ALLOWED_WEBHOOK_DOMAINS: ""
|
allowed_hosts: []
|
||||||
GRIST_SANDBOX_FLAVOR: ""
|
hide_ui_elements: []
|
||||||
GRIST_SANDBOX: ""
|
backup_delay_secs: 15
|
||||||
PYTHON_VERSION: ""
|
max_upload_import_mb: 0
|
||||||
PYTHON_VERSION_ON_CREATION: ""
|
max_upload_attachment_mb: 0
|
||||||
GOOGLE_CLIENT_ID: ""
|
title_suffix: " - Grist"
|
||||||
GOOGLE_CLIENT_SECRET: ""
|
proxy_auth_header: ""
|
||||||
GOOGLE_API_KEY: ""
|
cookie_max_age: 90
|
||||||
GOOGLE_DRIVE_SCOPE: ""
|
force_login: true
|
||||||
REDIS_URL:
|
ignore_session: false
|
||||||
secretKeyRef:
|
support_anon: false
|
||||||
name: rediscreds
|
throttle_cpu: false
|
||||||
key: url
|
include_custom_css: false
|
||||||
|
google:
|
||||||
|
client_id: ""
|
||||||
|
client_secret: ""
|
||||||
|
api_key: ""
|
||||||
|
drive_scope: drive.file
|
||||||
|
forward_auth:
|
||||||
|
header: ""
|
||||||
|
login_path: /auth/login
|
||||||
|
logout_path: ""
|
||||||
|
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: '{{ include "tc.common.names.fullname" . }}-grist-secret'
|
||||||
|
- configMapRef:
|
||||||
|
name: '{{ include "tc.common.names.fullname" . }}-grist-config'
|
||||||
|
|
||||||
service:
|
service:
|
||||||
main:
|
main:
|
||||||
ports:
|
ports:
|
||||||
main:
|
main:
|
||||||
port: 10163
|
port: 10163
|
||||||
targetPort: 10163
|
|
||||||
api:
|
api:
|
||||||
enabled: true
|
enabled: true
|
||||||
ports:
|
ports:
|
||||||
api:
|
api:
|
||||||
enabled: true
|
enabled: true
|
||||||
port: 10164
|
port: 10164
|
||||||
targetPort: 10164
|
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
persist:
|
persist:
|
||||||
enabled: true
|
enabled: true
|
||||||
mountPath: "/persist"
|
mountPath: "/persist"
|
||||||
|
|
||||||
|
postgresql:
|
||||||
|
enabled: true
|
||||||
|
existingSecret: dbcreds
|
||||||
|
postgresqlUsername: grist
|
||||||
|
postgresqlDatabase: grist
|
||||||
|
|
||||||
redis:
|
redis:
|
||||||
enabled: true
|
enabled: true
|
||||||
existingSecret: "rediscreds"
|
existingSecret: rediscreds
|
||||||
|
|
||||||
portal:
|
portal:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
Loading…
Reference in New Issue