diff --git a/charts/stable/tt-rss/Chart.yaml b/charts/stable/tt-rss/Chart.yaml index 6db54d27950..eac0265aae9 100644 --- a/charts/stable/tt-rss/Chart.yaml +++ b/charts/stable/tt-rss/Chart.yaml @@ -5,9 +5,9 @@ annotations: truecharts.org/category: rss truecharts.org/max_helm_version: "3.14" truecharts.org/min_helm_version: "3.12" - truecharts.org/train: stable + truecharts.org/train: incubator apiVersion: v2 -appVersion: 2.0.9113 +appVersion: 3.0.0 dependencies: - name: common version: 17.2.29 @@ -32,6 +32,6 @@ name: tt-rss sources: - https://git.tt-rss.org/fox/tt-rss - https://github.com/truecharts/charts/tree/master/charts/stable/tt-rss - - https://ghcr.io/k8s-at-home/tt-rss + - https://hub.docker.com/r/cthulhoo/ttrss-fpm-pgsql-static/tags type: application -version: 14.1.10 +version: 15.0.0 diff --git a/charts/stable/tt-rss/docs/credentials.md b/charts/stable/tt-rss/docs/credentials.md deleted file mode 100644 index 932b2175260..00000000000 --- a/charts/stable/tt-rss/docs/credentials.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Default Username/Password ---- - -- **Username**: `admin` -- **Password**: `password` diff --git a/charts/stable/tt-rss/docs/installation_notes.md b/charts/stable/tt-rss/docs/installation_notes.md index 874f230c739..3910c054dc9 100644 --- a/charts/stable/tt-rss/docs/installation_notes.md +++ b/charts/stable/tt-rss/docs/installation_notes.md @@ -1,8 +1,34 @@ --- -title: Installation Notes +title: TT-RSS Installation Notes --- -- Set `TTRSS Self URL Path` to `http://scale_ip:APP_PORT/` and then login using the default [credentials](./credentials.md). -- If you plan to use ingress and a domain you need to: - - Set `TTRSS Self URL Path` to `https://app.mydomain.tld/` +## Credentials + +TT-RSS will create a user (named `admin`) on first run. If no password is given in the *TTRSS Admin User Pass* field, then a password is automatically generated and printed to the app's logs. Otherwise the password entered in that field will be used. + +Be warned that if the app restarts before collecting the automatically generated password, it may be rotated out of the logs and the app will require re-installing to set and print a new password. + +To reach the automatically generated password, select the tt-rss app in TrueNAS's Applications list. Under Workloads click the View Logs icon beside the tt-rss container. In the dialog that pops up, there will be several containers, look for the one without `-cnpg`, `-nginx`, or `-updater` in the name. The password log section will look like this: + +``` +***************************************************************************** +* Setting initial built-in admin user password to '$RANDOM_PASS' * +* If you want to set it manually, use ADMIN_USER_PASS environment variable. * +***************************************************************************** +``` + +## Configuring path and URL + +TT-RSS has defaults which expect it to be installed and reachable at a url ending in `/tt-rss/` (e.g. https://rss.me.com/tt-rss/). This SCALE app comes with adjusted defaults that eliminate this ending portion (e.g. https://rss.me.com/). + +If an advanced user wishes to alter the app path, use the *App Web Root Path* and *App Base Path* fields to do so. Read more here: https://tt-rss.org/wiki/InstallationNotes#how-do-i-make-it-run-without-tt-rss-in-the-url-i.e.-at-website-root + +### Install to subdomain with traefik + ingress + +- Set `TTRSS Self URL Path` to `https://subdomain.scale_domain.tld/`. - Configure ingress on the app + +### Install to IP address + +- Set `TTRSS Self URL Path` to `http://SCALE_IP:APP_PORT/`. + - Ensure the app's port is set to LoadBalancer to allow external browsers to reach it. diff --git a/charts/stable/tt-rss/questions.yaml b/charts/stable/tt-rss/questions.yaml index 184ece2c431..d78a912dd01 100644 --- a/charts/stable/tt-rss/questions.yaml +++ b/charts/stable/tt-rss/questions.yaml @@ -18,9 +18,17 @@ questions: attrs: - variable: TTRSS_SELF_URL_PATH label: TTRSS Self URL Path - description: Sets the URL for the app. + description: You will likely need to set this to the correct value - it should point to external tt-rss URL as seen in your browser. e.g. https://rss.example.com schema: type: string + required: true + default: "" + - variable: ADMIN_USER_PASS + label: TTRSS Admin User Password + description: Leave blank and tt-rss will generate a random password to use with admin account on first run. Check container logs for password. + schema: + type: string + private: true default: "" # Include{containerBasic} # Include{containerAdvanced} @@ -53,6 +61,14 @@ questions: # Include{serviceExpert} # Include{serviceList} # Include{persistenceRoot} + - variable: html + label: App HTML Storage + description: Stores the Application files. + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} - variable: config label: App Config Storage description: Stores the Application Configuration. diff --git a/charts/stable/tt-rss/values.yaml b/charts/stable/tt-rss/values.yaml index a24bd707c9c..ee7da76db64 100644 --- a/charts/stable/tt-rss/values.yaml +++ b/charts/stable/tt-rss/values.yaml @@ -1,23 +1,59 @@ image: - repository: ghcr.io/k8s-at-home/tt-rss + repository: cthulhoo/ttrss-fpm-pgsql-static pullPolicy: IfNotPresent - tag: v2.0.9113@sha256:217951fc8f013623923850c865d87509172914fc01f9227559e3d6e6096c15b3 -service: - main: - ports: - main: - port: 10104 - targetPort: 8080 + tag: latest@sha256:7eff9bb881d680906a9026c4414b2d85b4a0f892be235dbebfff6dc052b2ba6a +nginxImage: + repository: cthulhoo/ttrss-web-nginx + pullPolicy: IfNotPresent + tag: latest@sha256:662d1914a75071526e03a58c09b90d87decd8a563a2da9da9b654d3606747c6b +updaterImage: + repository: cthulhoo/ttrss-fpm-pgsql-static + pullPolicy: IfNotPresent + tag: latest@sha256:7eff9bb881d680906a9026c4414b2d85b4a0f892be235dbebfff6dc052b2ba6a +securityContext: + container: + readOnlyRootFilesystem: false + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 persistence: + html: + enabled: true + targetSelector: + main: + main: + mountPath: /var/www/html + nginx: + nginx: + mountPath: /var/www/html + readOnly: true + updater: + updater: + mountPath: /var/www/html config: enabled: true - mountPath: /config + targetSelector: + main: + main: + mountPath: /opt/tt-rss/config.d + updater: + updater: + mountPath: /opt/tt-rss/config.d + nginx-conf: + enabled: true + type: configmap + objectName: config + targetSelector: + nginx: + nginx: + mountPath: /etc/nginx/templates/nginx.conf.template + subPath: nginx.conf.template plugins: enabled: true - mountPath: /app/plugins.local + mountPath: /var/www/html/tt-rss/plugins.local themes: enabled: true - mountPath: /app/themes.local + mountPath: /var/www/html/tt-rss/themes.local cnpg: main: enabled: true @@ -26,12 +62,6 @@ cnpg: portal: open: enabled: true -securityContext: - container: - readOnlyRootFilesystem: false - runAsNonRoot: false - runAsUser: 0 - runAsGroup: 0 workload: main: podSpec: @@ -39,11 +69,92 @@ workload: main: probes: liveness: - type: tcp + type: exec + command: + - /bin/sh + - -c + - netstat -npl | grep :9000 readiness: - type: tcp + type: exec + command: + - /bin/sh + - -c + - ls /var/www/html/tt-rss/.app_is_ready startup: type: tcp + port: "{{ .Values.service.app.ports.app.port }}" + env: + TTRSS_SELF_URL_PATH: "" + # tt-rss tests with "-z" so an empty string should still allow the randomly generated password to be made. + ADMIN_USER_PASS: "" + TTRSS_DB_NAME: "{{ .Values.cnpg.main.database }}" + TTRSS_DB_USER: "{{ .Values.cnpg.main.user }}" + TTRSS_DB_PORT: "5432" + TTRSS_DB_PASS: + secretKeyRef: + name: cnpg-main-user + key: password + TTRSS_DB_HOST: + secretKeyRef: + name: cnpg-main-urls + key: host + nginx: + enabled: true + type: Deployment + podSpec: + containers: + nginx: + enabled: true + primary: true + imageSelector: nginxImage + probes: + readiness: + enabled: true + type: http + path: "/public.php?op=healthcheck" + port: "{{ .Values.service.main.ports.main.port }}" + liveness: + enabled: true + type: http + path: "/public.php?op=healthcheck" + port: "{{ .Values.service.main.ports.main.port }}" + startup: + enabled: true + type: tcp + port: "{{ .Values.service.main.ports.main.port }}" + env: + APP_UPSTREAM: '{{ printf "%s-app" (include "tc.v1.common.lib.chart.names.fullname" .) }}' + APP_WEB_ROOT: /var/www/html/tt-rss + APP_BASE: "" + updater: + enabled: true + type: Deployment + podSpec: + containers: + updater: + enabled: true + primary: true + imageSelector: updaterImage + args: /opt/tt-rss/updater.sh + probes: + liveness: + type: exec + command: + - /usr/bin/test + - -f + - "/var/www/html/tt-rss/lock/update_daemon.lock" + readiness: + type: exec + command: + - /usr/bin/test + - -f + - "/var/www/html/tt-rss/lock/update_daemon.lock" + startup: + type: exec + command: + - /usr/bin/test + - -f + - "/var/www/html/tt-rss/lock/update_daemon.lock" env: TTRSS_SELF_URL_PATH: "" TTRSS_DB_NAME: "{{ .Values.cnpg.main.database }}" @@ -57,3 +168,75 @@ workload: secretKeyRef: name: cnpg-main-urls key: host +service: + # Main service links to ingress easier (according to nextcloud's values.yaml) + # That's why the nginx is swapped with app + main: + targetSelector: nginx + ports: + main: + targetSelector: nginx + port: 10104 + app: + enabled: true + targetSelector: main + ports: + app: + enabled: true + targetSelector: main + port: 9000 + targetPort: 9000 +configmap: + config: + enabled: true + data: + nginx.conf.template: |- + worker_processes auto; + pid /var/run/nginx.pid; + events { + worker_connections 1024; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + access_log /dev/stdout; + error_log /dev/stderr warn; + sendfile on; + index index.php; + # Removed during app integration to Truecharts. + # See: https://github.com/truecharts/charts/pull/17293#discussion_r1461102952 + #resolver ${RESOLVER} valid=5s; + server { + listen {{ .Values.service.main.ports.main.port }}; + root ${APP_WEB_ROOT}; + location ${APP_BASE}/cache { + aio threads; + internal; + } + location ${APP_BASE}/backups { + internal; + } + rewrite ${APP_BASE}/healthz ${APP_BASE}/public.php?op=healthcheck; + location ~ \.php$ { + # regex to split $uri to $fastcgi_script_name and $fastcgi_path + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + # Check that the PHP script exists before passing it + try_files $fastcgi_script_name =404; + # Bypass the fact that try_files resets $fastcgi_path_info + # see: http://trac.nginx.org/nginx/ticket/321 + set $path_info $fastcgi_path_info; + fastcgi_param PATH_INFO $path_info; + fastcgi_index index.php; + include fastcgi.conf; + # See note for `resolver` line above + #set $backend "${APP_UPSTREAM}:9000"; + # See note for `resolver` line above + #fastcgi_pass $backend; + fastcgi_pass ${APP_UPSTREAM}:9000; + } + location / { + try_files $uri $uri/ =404; + } + + } + }