fix(meshcentral): BREAKING CHANGE - rewrite config generation (#2526)

* fix(meshcentral): fix

* escape

* escape more

* more

* fix

* rename vars

* update configmap and fix metadata

* cleanup configmap from ingored values

* add domain

* change persistence name

* change moutn

* try basic config

* close config file

* syntax

* whoops

* spaces?

* preview

* test install

* use a more "popular" image

* change paths

* squotes

* preview

* preview and run

* add schema

* expand var

* actually expand variables...

* cleanup

* dont cat config file
This commit is contained in:
Stavros Kois 2022-04-21 13:09:07 +03:00 committed by GitHub
parent f16ed218c7
commit b1559f76f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 38 additions and 180 deletions

View File

@ -1,7 +1,7 @@
apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: meshcentral
version: 0.1.11
version: 1.0.0
appVersion: "latest"
description: MeshCentral is a full computer management web site
type: application

View File

@ -74,67 +74,7 @@ questions:
- value: "OnDelete"
description: "(Legacy) OnDelete: ignore .spec.template changes"
# Include{controllerExpert}
- variable: env
group: "Container Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: HOSTNAME
label: "HOSTNAME"
description: "your hostname"
schema:
type: string
default: "my.domain.com"
- variable: REVERSE_PROXY
label: "REVERSE_PROXY"
description: "Set to your reverse proxy domain if you want to put meshcentral behind a reverse proxy"
schema:
type: string
default: ""
- variable: REVERSE_PROXY_TLS_PORT
label: "REVERSE_PROXY_TLS_PORT"
description: "Set to your reverse proxy port if you want to put meshcentral behind a reverse proxy"
schema:
type: string
default: ""
- variable: IFRAME
label: "IFRAME"
description: "Set to true if you wish to enable iframe support"
schema:
type: boolean
default: false
- variable: ALLOW_NEW_ACCOUNTS
label: "ALLOW_NEW_ACCOUNTS"
description: "Set to false if you want disable self-service creation of new accounts besides the first (admin)"
schema:
type: boolean
default: true
- variable: WEBRTC
label: "WEBRTC"
description: "Set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution"
schema:
type: boolean
default: false
- variable: ALLOWPLUGINS
label: "ALLOWPLUGINS"
description: "Set to true to allow plugins"
schema:
type: boolean
default: false
- variable: LOCALSESSIONRECORDING
label: "LOCALSESSIONRECORDING"
description: "Set to true to allow session recording"
schema:
type: boolean
default: false
- variable: MINIFY
label: "MINIFY"
description: "Set to enable or disable minification of json, reduces traffic"
schema:
type: boolean
default: true
# Include{containerConfig}
- variable: service
@ -198,7 +138,7 @@ questions:
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 443
default: 10205
- variable: serviceexpert
group: "Networking and Services"
@ -270,9 +210,9 @@ questions:
- value: "Memory"
description: "Memory"
# Include{persistenceAdvanced}
- variable: user
label: "user Storage"
description: "Stores uploading for users live"
- variable: files
label: "Files Storage"
description: "Stores the Files"
schema:
additional_attrs: true
type: dict

View File

@ -1,66 +0,0 @@
{{/* Define the configmap */}}
{{- define "meshcentral.configmap" -}}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: meshcentral-init
data:
init.sh: |-
#!/bin/sh
if test -f "/opt/meshcentral/meshcentral-data/config.json"; then
echo "config.json exists."
else
cp /init/meshcentral/config.json.template /opt/meshcentral/meshcentral-data/config.json
sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" /opt/meshcentral/meshcentral-data/config.json
sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" /opt/meshcentral/meshcentral-data/config.json
sed -i "s/\"enabled\": false/\"enabled\": \"$ALLOWPLUGINS\"/" /opt/meshcentral/meshcentral-data/config.json
sed -i "s/\"localSessionRecording\": false/\"localSessionRecording\": \"$LOCALSESSIONRECORDING\"/" /opt/meshcentral/meshcentral-data/config.json
sed -i "s/\"minify\": true/\"minify\": \"$MINIFY\"/" /opt/meshcentral/meshcentral-data/config.json
sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" /opt/meshcentral/meshcentral-data/config.json
sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" /opt/meshcentral/meshcentral-data/config.json
if [ "$REVERSE_PROXY" != "false" ]; then
sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" /opt/meshcentral/meshcentral-data/config.json
fi
fi
config.json.template: |-
{
"$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",
"settings": {
"plugins":{"enabled": false},
"cert": "myserver.mydomain.com",
"_WANonly": true,
"_LANonly": true,
"_sessionKey": "MyReallySecretPassword1",
"port": 443,
"_aliasPort": 443,
"redirPort": 80,
"_redirAliasPort": 80,
"AgentPong": 300,
"TLSOffload": false,
"SelfUpdate": false,
"AllowFraming": false,
"WebRTC": false,
"mongodb": {{ ( printf "%s?client_encoding=utf8" ( .Values.mongodb.url.complete | trimAll "\"" ) ) | quote }},
"mongodbcol": "meshcentral"
},
"domains": {
"": {
"_title": "MyServer",
"_title2": "Servername",
"minify": true,
"NewAccounts": true,
"localSessionRecording": false,
"_userNameIsEmail": true,
"_certUrl": "my.reverse.proxy"
}
},
"_letsencrypt": {
"__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before>",
"_email": "myemail@mydomain.com",
"_names": "myserver.mydomain.com",
"production": false
}
}
{{- end -}}

View File

@ -1,10 +1 @@
{{/* Make sure all variables are set properly */}}
{{- include "common.setup" . }}
{{/* Render configmap for meshcentral */}}
{{- include "meshcentral.configmap" . }}
{{/* Render the templates */}}
{{ include "common.postSetup" . }}
{{- include "common.all" . }}

View File

@ -1,7 +1,7 @@
image:
repository: tccr.io/truecharts/meshcentral
repository: uldiseihenbergs/meshcentral
pullPolicy: IfNotPresent
tag: latest@sha256:1c28727b9d2e1d4288c05bfc50a3b789dd293e2b83f44068a504b36e3b0de558
tag: 1.0.1@sha256:c630bace032988cdab8b660ed120be7a32539afcab2045f9b0d384cf094a692f
securityContext:
readOnlyRootFilesystem: false
@ -11,40 +11,43 @@ podSecurityContext:
runAsUser: 0
runAsGroup: 0
env:
# your hostname
HOSTNAME: "my.domain.com"
# set to your reverse proxy IP if you want to put meshcentral behind a reverse proxy
REVERSE_PROXY: false
REVERSE_PROXY_TLS_PORT: ""
# set to true if you wish to enable iframe support
IFRAME: false
# set to false if you want disable self-service creation of new accounts besides the first (admin)
ALLOW_NEW_ACCOUNTS: true
# set to true to enable WebRTC - per documentation it is not officially released with meshcentral, but is solid enough to work with. Use with caution
WEBRTC: false
# set to true to allow plugins
ALLOWPLUGINS: false
# set to true to allow session recording
LOCALSESSIONRECORDING: false
# set to enable or disable minification of json, reduces traffic
MINIFY: true
service:
main:
ports:
main:
protocol: "HTTPS"
targetPort: 443
port: 10205
initContainers:
init:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
command: ["/init/meshcentral/init.sh"]
volumeMounts:
- name: init
mountPath: "/init/meshcentral"
- name: data
mountPath: "/home/node/meshcentral/meshcentral-data"
env:
- name: svcPort
value: "{{ .Values.service.main.ports.main.port }}"
- name: "mongodbURL"
valueFrom:
secretKeyRef:
name: mongodbcreds
key: url
command: ["/bin/sh", "-c"]
args:
- >
export configfile='/home/node/meshcentral/meshcentral-data/config.json';
if [ -f $configfile ]; then
echo 'Config File exists, skipping...';
else
echo 'Creating basic config to $configfile...';
echo '{' >> $configfile;
echo ' "$schema": "http://info.meshcentral.com/downloads/meshcentral-config-schema.json",' >> $configfile
echo ' "settings": {' >> $configfile;
echo ' "port": '$svcPort',' >> $configfile;
echo ' "mongoDb": "'$mongodbURL'"' >> $configfile;
echo ' }' >> $configfile;
echo '}' >> $configfile;
fi;
mongodb:
enabled: true
@ -55,17 +58,7 @@ mongodb:
persistence:
data:
enabled: true
mountPath: "/opt/meshcentral/meshcentral-data"
user:
mountPath: "/home/node/meshcentral/meshcentral-data"
files:
enabled: true
mountPath: "/opt/meshcentral/meshcentral-files"
init:
enabled: "true"
mountPath: "/init/meshcentral"
noMount: true
readOnly: true
type: "custom"
volumeSpec:
configMap:
name: meshcentral-init
defaultMode: 0777
mountPath: "/home/node/meshcentral/meshcentral-files"