From 9dbe4546b8500c24ea0a15d5883f117ea141c540 Mon Sep 17 00:00:00 2001 From: Christopher Date: Fri, 26 Jan 2024 16:26:55 -0600 Subject: [PATCH] feat(tt-rss) reimplement with upstream container images (#17293) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit **Description** It appears that the k8s-at-home project which this app was based on is unmaintained, and the container has stopped running successfully for myself and others. This pull request moves the tt-rss app back to dev train, and includes an initial attempt at migrating from k8s-at-home to the tt-rss author's docker images. ⚒️ Approaches fix for #8647 // EDIT: Stavros Closes #8647 **⚙️ Type of change** - [ ] ⚙️ Feature/App addition - [x] 🪛 Bugfix - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] 🔃 Refactor of current code **🧪 How Has This Been Tested?** Tested with helm+kubernetes on local Docker Desktop instance. Deploys successfully with a local.yaml file which sets LoadBalancer and the Self URL variable: ``` $ cat local.yaml service: main: type: LoadBalancer workload: main: podSpec: containers: main: env: TTRSS_SELF_URL_PATH: "http://localhost:10104/tt-rss/" ``` **📃 Notes:** I have not tried implementing updated TrueNAS questions yet, or made updates to the app documentation. The app does not provide semantic versioning that I have found, versions arbitrarily bumped. **✔️ Checklist:** - [x] ⚖️ My code follows the style guidelines of this project - [x] 👀 I have performed a self-review of my own code - [ ] #️⃣ I have commented my code, particularly in hard-to-understand areas - [ ] 📄 I have made corresponding changes to the documentation - [ ] ⚠️ My changes generate no new warnings - [ ] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [ ] ⬆️ I increased versions for any altered app according to semantic versioning **➕ App addition** If this PR is an app addition please make sure you have done the following. - [x] 🪞 I have opened a PR on [truecharts/containers](https://github.com/truecharts/containers) adding the container to TrueCharts mirror repo. - [x] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._ --------- Signed-off-by: Christopher Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> --- charts/stable/tt-rss/Chart.yaml | 8 +- charts/stable/tt-rss/docs/credentials.md | 6 - .../stable/tt-rss/docs/installation_notes.md | 34 ++- charts/stable/tt-rss/questions.yaml | 18 +- charts/stable/tt-rss/values.yaml | 221 ++++++++++++++++-- 5 files changed, 253 insertions(+), 34 deletions(-) delete mode 100644 charts/stable/tt-rss/docs/credentials.md diff --git a/charts/stable/tt-rss/Chart.yaml b/charts/stable/tt-rss/Chart.yaml index 6db54d27950..eac0265aae9 100644 --- a/charts/stable/tt-rss/Chart.yaml +++ b/charts/stable/tt-rss/Chart.yaml @@ -5,9 +5,9 @@ annotations: truecharts.org/category: rss truecharts.org/max_helm_version: "3.14" truecharts.org/min_helm_version: "3.12" - truecharts.org/train: stable + truecharts.org/train: incubator apiVersion: v2 -appVersion: 2.0.9113 +appVersion: 3.0.0 dependencies: - name: common version: 17.2.29 @@ -32,6 +32,6 @@ name: tt-rss sources: - https://git.tt-rss.org/fox/tt-rss - https://github.com/truecharts/charts/tree/master/charts/stable/tt-rss - - https://ghcr.io/k8s-at-home/tt-rss + - https://hub.docker.com/r/cthulhoo/ttrss-fpm-pgsql-static/tags type: application -version: 14.1.10 +version: 15.0.0 diff --git a/charts/stable/tt-rss/docs/credentials.md b/charts/stable/tt-rss/docs/credentials.md deleted file mode 100644 index 932b2175260..00000000000 --- a/charts/stable/tt-rss/docs/credentials.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Default Username/Password ---- - -- **Username**: `admin` -- **Password**: `password` diff --git a/charts/stable/tt-rss/docs/installation_notes.md b/charts/stable/tt-rss/docs/installation_notes.md index 874f230c739..3910c054dc9 100644 --- a/charts/stable/tt-rss/docs/installation_notes.md +++ b/charts/stable/tt-rss/docs/installation_notes.md @@ -1,8 +1,34 @@ --- -title: Installation Notes +title: TT-RSS Installation Notes --- -- Set `TTRSS Self URL Path` to `http://scale_ip:APP_PORT/` and then login using the default [credentials](./credentials.md). -- If you plan to use ingress and a domain you need to: - - Set `TTRSS Self URL Path` to `https://app.mydomain.tld/` +## Credentials + +TT-RSS will create a user (named `admin`) on first run. If no password is given in the *TTRSS Admin User Pass* field, then a password is automatically generated and printed to the app's logs. Otherwise the password entered in that field will be used. + +Be warned that if the app restarts before collecting the automatically generated password, it may be rotated out of the logs and the app will require re-installing to set and print a new password. + +To reach the automatically generated password, select the tt-rss app in TrueNAS's Applications list. Under Workloads click the View Logs icon beside the tt-rss container. In the dialog that pops up, there will be several containers, look for the one without `-cnpg`, `-nginx`, or `-updater` in the name. The password log section will look like this: + +``` +***************************************************************************** +* Setting initial built-in admin user password to '$RANDOM_PASS' * +* If you want to set it manually, use ADMIN_USER_PASS environment variable. * +***************************************************************************** +``` + +## Configuring path and URL + +TT-RSS has defaults which expect it to be installed and reachable at a url ending in `/tt-rss/` (e.g. https://rss.me.com/tt-rss/). This SCALE app comes with adjusted defaults that eliminate this ending portion (e.g. https://rss.me.com/). + +If an advanced user wishes to alter the app path, use the *App Web Root Path* and *App Base Path* fields to do so. Read more here: https://tt-rss.org/wiki/InstallationNotes#how-do-i-make-it-run-without-tt-rss-in-the-url-i.e.-at-website-root + +### Install to subdomain with traefik + ingress + +- Set `TTRSS Self URL Path` to `https://subdomain.scale_domain.tld/`. - Configure ingress on the app + +### Install to IP address + +- Set `TTRSS Self URL Path` to `http://SCALE_IP:APP_PORT/`. + - Ensure the app's port is set to LoadBalancer to allow external browsers to reach it. diff --git a/charts/stable/tt-rss/questions.yaml b/charts/stable/tt-rss/questions.yaml index 184ece2c431..d78a912dd01 100644 --- a/charts/stable/tt-rss/questions.yaml +++ b/charts/stable/tt-rss/questions.yaml @@ -18,9 +18,17 @@ questions: attrs: - variable: TTRSS_SELF_URL_PATH label: TTRSS Self URL Path - description: Sets the URL for the app. + description: You will likely need to set this to the correct value - it should point to external tt-rss URL as seen in your browser. e.g. https://rss.example.com schema: type: string + required: true + default: "" + - variable: ADMIN_USER_PASS + label: TTRSS Admin User Password + description: Leave blank and tt-rss will generate a random password to use with admin account on first run. Check container logs for password. + schema: + type: string + private: true default: "" # Include{containerBasic} # Include{containerAdvanced} @@ -53,6 +61,14 @@ questions: # Include{serviceExpert} # Include{serviceList} # Include{persistenceRoot} + - variable: html + label: App HTML Storage + description: Stores the Application files. + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} - variable: config label: App Config Storage description: Stores the Application Configuration. diff --git a/charts/stable/tt-rss/values.yaml b/charts/stable/tt-rss/values.yaml index a24bd707c9c..ee7da76db64 100644 --- a/charts/stable/tt-rss/values.yaml +++ b/charts/stable/tt-rss/values.yaml @@ -1,23 +1,59 @@ image: - repository: ghcr.io/k8s-at-home/tt-rss + repository: cthulhoo/ttrss-fpm-pgsql-static pullPolicy: IfNotPresent - tag: v2.0.9113@sha256:217951fc8f013623923850c865d87509172914fc01f9227559e3d6e6096c15b3 -service: - main: - ports: - main: - port: 10104 - targetPort: 8080 + tag: latest@sha256:7eff9bb881d680906a9026c4414b2d85b4a0f892be235dbebfff6dc052b2ba6a +nginxImage: + repository: cthulhoo/ttrss-web-nginx + pullPolicy: IfNotPresent + tag: latest@sha256:662d1914a75071526e03a58c09b90d87decd8a563a2da9da9b654d3606747c6b +updaterImage: + repository: cthulhoo/ttrss-fpm-pgsql-static + pullPolicy: IfNotPresent + tag: latest@sha256:7eff9bb881d680906a9026c4414b2d85b4a0f892be235dbebfff6dc052b2ba6a +securityContext: + container: + readOnlyRootFilesystem: false + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 persistence: + html: + enabled: true + targetSelector: + main: + main: + mountPath: /var/www/html + nginx: + nginx: + mountPath: /var/www/html + readOnly: true + updater: + updater: + mountPath: /var/www/html config: enabled: true - mountPath: /config + targetSelector: + main: + main: + mountPath: /opt/tt-rss/config.d + updater: + updater: + mountPath: /opt/tt-rss/config.d + nginx-conf: + enabled: true + type: configmap + objectName: config + targetSelector: + nginx: + nginx: + mountPath: /etc/nginx/templates/nginx.conf.template + subPath: nginx.conf.template plugins: enabled: true - mountPath: /app/plugins.local + mountPath: /var/www/html/tt-rss/plugins.local themes: enabled: true - mountPath: /app/themes.local + mountPath: /var/www/html/tt-rss/themes.local cnpg: main: enabled: true @@ -26,12 +62,6 @@ cnpg: portal: open: enabled: true -securityContext: - container: - readOnlyRootFilesystem: false - runAsNonRoot: false - runAsUser: 0 - runAsGroup: 0 workload: main: podSpec: @@ -39,11 +69,92 @@ workload: main: probes: liveness: - type: tcp + type: exec + command: + - /bin/sh + - -c + - netstat -npl | grep :9000 readiness: - type: tcp + type: exec + command: + - /bin/sh + - -c + - ls /var/www/html/tt-rss/.app_is_ready startup: type: tcp + port: "{{ .Values.service.app.ports.app.port }}" + env: + TTRSS_SELF_URL_PATH: "" + # tt-rss tests with "-z" so an empty string should still allow the randomly generated password to be made. + ADMIN_USER_PASS: "" + TTRSS_DB_NAME: "{{ .Values.cnpg.main.database }}" + TTRSS_DB_USER: "{{ .Values.cnpg.main.user }}" + TTRSS_DB_PORT: "5432" + TTRSS_DB_PASS: + secretKeyRef: + name: cnpg-main-user + key: password + TTRSS_DB_HOST: + secretKeyRef: + name: cnpg-main-urls + key: host + nginx: + enabled: true + type: Deployment + podSpec: + containers: + nginx: + enabled: true + primary: true + imageSelector: nginxImage + probes: + readiness: + enabled: true + type: http + path: "/public.php?op=healthcheck" + port: "{{ .Values.service.main.ports.main.port }}" + liveness: + enabled: true + type: http + path: "/public.php?op=healthcheck" + port: "{{ .Values.service.main.ports.main.port }}" + startup: + enabled: true + type: tcp + port: "{{ .Values.service.main.ports.main.port }}" + env: + APP_UPSTREAM: '{{ printf "%s-app" (include "tc.v1.common.lib.chart.names.fullname" .) }}' + APP_WEB_ROOT: /var/www/html/tt-rss + APP_BASE: "" + updater: + enabled: true + type: Deployment + podSpec: + containers: + updater: + enabled: true + primary: true + imageSelector: updaterImage + args: /opt/tt-rss/updater.sh + probes: + liveness: + type: exec + command: + - /usr/bin/test + - -f + - "/var/www/html/tt-rss/lock/update_daemon.lock" + readiness: + type: exec + command: + - /usr/bin/test + - -f + - "/var/www/html/tt-rss/lock/update_daemon.lock" + startup: + type: exec + command: + - /usr/bin/test + - -f + - "/var/www/html/tt-rss/lock/update_daemon.lock" env: TTRSS_SELF_URL_PATH: "" TTRSS_DB_NAME: "{{ .Values.cnpg.main.database }}" @@ -57,3 +168,75 @@ workload: secretKeyRef: name: cnpg-main-urls key: host +service: + # Main service links to ingress easier (according to nextcloud's values.yaml) + # That's why the nginx is swapped with app + main: + targetSelector: nginx + ports: + main: + targetSelector: nginx + port: 10104 + app: + enabled: true + targetSelector: main + ports: + app: + enabled: true + targetSelector: main + port: 9000 + targetPort: 9000 +configmap: + config: + enabled: true + data: + nginx.conf.template: |- + worker_processes auto; + pid /var/run/nginx.pid; + events { + worker_connections 1024; + } + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + access_log /dev/stdout; + error_log /dev/stderr warn; + sendfile on; + index index.php; + # Removed during app integration to Truecharts. + # See: https://github.com/truecharts/charts/pull/17293#discussion_r1461102952 + #resolver ${RESOLVER} valid=5s; + server { + listen {{ .Values.service.main.ports.main.port }}; + root ${APP_WEB_ROOT}; + location ${APP_BASE}/cache { + aio threads; + internal; + } + location ${APP_BASE}/backups { + internal; + } + rewrite ${APP_BASE}/healthz ${APP_BASE}/public.php?op=healthcheck; + location ~ \.php$ { + # regex to split $uri to $fastcgi_script_name and $fastcgi_path + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + # Check that the PHP script exists before passing it + try_files $fastcgi_script_name =404; + # Bypass the fact that try_files resets $fastcgi_path_info + # see: http://trac.nginx.org/nginx/ticket/321 + set $path_info $fastcgi_path_info; + fastcgi_param PATH_INFO $path_info; + fastcgi_index index.php; + include fastcgi.conf; + # See note for `resolver` line above + #set $backend "${APP_UPSTREAM}:9000"; + # See note for `resolver` line above + #fastcgi_pass $backend; + fastcgi_pass ${APP_UPSTREAM}:9000; + } + location / { + try_files $uri $uri/ =404; + } + + } + }