diff --git a/kubernetes/helm/docspell/.gitignore b/kubernetes/helm/docspell/.gitignore new file mode 100644 index 00000000..711a39c5 --- /dev/null +++ b/kubernetes/helm/docspell/.gitignore @@ -0,0 +1 @@ +charts/ \ No newline at end of file diff --git a/kubernetes/helm/docspell/.helmignore b/kubernetes/helm/docspell/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/kubernetes/helm/docspell/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kubernetes/helm/docspell/Chart.lock b/kubernetes/helm/docspell/Chart.lock new file mode 100644 index 00000000..a41fde5f --- /dev/null +++ b/kubernetes/helm/docspell/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 14.0.5 +digest: sha256:9a9fa6721983b212cf90cfaff02c7c001423c19d339a1a77ca59f157b1ce3ff5 +generated: "2024-02-16T12:52:41.783414782+01:00" diff --git a/kubernetes/helm/docspell/Chart.yaml b/kubernetes/helm/docspell/Chart.yaml new file mode 100644 index 00000000..961f5a0a --- /dev/null +++ b/kubernetes/helm/docspell/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +name: docspell +description: Chart for eikek's Docspell document management system +icon: https://raw.githubusercontent.com/eikek/docspell/master/artwork/logo-only.svg + +version: 0.0.1 +appVersion: v0.41.0 + +sources: + - "https://github.com/eikek/docspell/" + +maintainers: + - name: TheAnachronism + +dependencies: + - name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 14.0.5 + condition: postgresql.enabled \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/_configs.tpl b/kubernetes/helm/docspell/templates/_configs.tpl new file mode 100644 index 00000000..ccfcf1cb --- /dev/null +++ b/kubernetes/helm/docspell/templates/_configs.tpl @@ -0,0 +1,28 @@ +{{/*JDBC Connection*/}} +{{- define "docspell.secrets.JDBC" -}} +{{- if .context.Values.postgresql.enabled -}} +{{- $envPrefix := "DOCSPELL_SERVER_BACKEND_JDBC" -}} +{{- if eq .type "joex" -}} +{{- $envPrefix = "DOCSPELL_JOEX_JDBC" -}} +{{- end }} +{{ $envPrefix }}_USER: {{ .context.Values.postgresql.global.postgresql.auth.username }} +{{ $envPrefix }}_PASSWORD: {{ .context.Values.postgresql.global.postgresql.auth.password }} +{{ $envPrefix }}_URL: {{ include "postgresql.jdbcUrl" .context }} +{{- end -}} +{{- end -}} + +{{/*Full Text Search ettings*/}} +{{- define "docspell.config.fullTextSearch" -}} +{{- if .context.Values.docspell.fullTextSearch.enabled -}} +{{- $envPrefix := "DOCSPELL_SERVER_FULL__TEXT__SEARCH" -}} +{{- if eq .type "joex" -}} +{{- $envPrefix = "DOCSPELL_JOEX_FULL__TEXT__SEARCH" -}} +{{- end -}} +{{ printf "%s_ENABLED: %s" $envPrefix ( .context.Values.docspell.fullTextSearch.enabled | quote) }} +{{ printf "%s_SOLR_URL: http://%s-solr:%s/solr/docspell" $envPrefix (include "docspell.fullname" .context) ( .context.Values.solr.service.port | toString )}} +{{ printf "%s_SOLR_COMMIT__WITHIN: %s" $envPrefix ( .context.Values.docspell.fullTextSearch.solr.commitWithin | quote) }} +{{ printf "%s_SOLR_LOG__VERBOSE: %s" $envPrefix ( .context.Values.docspell.fullTextSearch.solr.logVerbose | quote ) }} +{{ printf "%s_SOLR_DEF__TYPE: %s" $envPrefix ( .context.Values.docspell.fullTextSearch.solr.defType | quote) }} +{{ printf "%s_SOLR_Q_OP: %s" $envPrefix ( .context.Values.docspell.fullTextSearch.solr.qOp | quote) }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/_helpers.tpl b/kubernetes/helm/docspell/templates/_helpers.tpl new file mode 100644 index 00000000..611aef1b --- /dev/null +++ b/kubernetes/helm/docspell/templates/_helpers.tpl @@ -0,0 +1,84 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "docspell.name" -}} +{{- .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "docspell.fullname" -}} +{{- $name := .Chart.Name }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "docspell.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Docker Image Registry Secret Names evaluating values as templates +*/}} +{{- define "docspell.images.pullSecrets" -}} +{{- $pullSecrets := .Values.global.imagePullSecrets -}} +{{- range .Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (dict "name" .) -}} +{{- end -}} +{{- if (not (empty $pullSecrets)) -}} +imagePullSecrets: +{{ toYaml $pullSecrets }} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "docspell.labels" -}} +helm.sh/chart: {{ include "docspell.chart" . }} +{{ include "docspell.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "docspell.selectorLabels" -}} +app.kubernetes.io/name: {{ include "docspell.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Postgres Access +*/}} + +{{- define "postgresql.jdbcUrl" -}} +{{- if (index .Values "postgresql").enabled -}} +{{- $port := .Values.postgresql.global.postgresql.service.postgresql | toString -}} +{{- $database := .Values.postgresql.global.postgresql.auth.database -}} +{{- printf "jdbc:postgresql://%s-postgresql:%s/%s" .Release.Name $port $database -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "docspell.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "docspell.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/helm/docspell/templates/db-secret.yaml b/kubernetes/helm/docspell/templates/db-secret.yaml new file mode 100644 index 00000000..6305edeb --- /dev/null +++ b/kubernetes/helm/docspell/templates/db-secret.yaml @@ -0,0 +1,10 @@ +kind: Secret +apiVersion: v1 +metadata: + name: {{ include "docspell.fullname" . }}-db-secret + labels: + {{- include "docspell.labels" . | nindent 4 }} +stringData: + postgres-database: {{ .Values.postgresql.global.postgresql.auth.database }} + postgres-username: {{ .Values.postgresql.global.postgresql.auth.username }} + postgres-password: {{ .Values.postgresql.global.postgresql.auth.password }} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/ingress.yaml b/kubernetes/helm/docspell/templates/ingress.yaml new file mode 100644 index 00000000..62bda985 --- /dev/null +++ b/kubernetes/helm/docspell/templates/ingress.yaml @@ -0,0 +1,43 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullname := include "docspell.fullname" . -}} +{{- $context := . -}} +apiVersion: {{ default "networking.k8s.io/v1" .Values.ingress.apiVersion }} +kind: Ingress +metadata: + name: {{ $fullname }} + labels: + {{- include "docspell.labels" . | nindent 4 }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: +{{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} +{{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - host: + {{- range .hosts }} + - {{ tpl . $ | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ tpl .host $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ include "docspell.fullname" $context }}-restserver + port: + name: http + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/joex/_configs.tpl b/kubernetes/helm/docspell/templates/joex/_configs.tpl new file mode 100644 index 00000000..6e678884 --- /dev/null +++ b/kubernetes/helm/docspell/templates/joex/_configs.tpl @@ -0,0 +1,125 @@ +{{/*App ID*/}} +{{- define "docspell.joex.config.appId" -}} +{{- $appId := .Values.docspell.joex.appId | default (printf "%s-joex" (include "docspell.fullname" .)) -}} +{{- print $appId -}} +{{- end -}} + +{{/* +Base URL +*/}} +{{- define "docspell.joex.config.baseUrl" -}} +{{- $service := printf "%s-joex" (include "docspell.fullname" .) -}} +{{- $port := .Values.joex.service.port | toString -}} +{{- printf "http://%s:%s" $service $port -}} +{{- end -}} + +{{/*Bind Config*/}} +{{- define "docspell.joex.config.bind" -}} +{{- if not (eq .Values.joex.service.port .Values.docspell.joex.bind.port) -}} +{{- fail "Joex and it's service don't have to use the same port, no connection will be possible." -}} +{{- end -}} +{{- $envPrefix := "DOCSPELL_JOEX_BIND" -}} +{{ $envPrefix }}_ADDRESS: {{ .Values.docspell.joex.bind.address | quote }} +{{ $envPrefix }}_PORT: {{ .Values.docspell.joex.bind.port | quote }} +{{- end -}} + +{{/*Logging Config*/}} +{{- define "docspell.joex.config.logging" -}} +{{- $envPrefix := "DOCSPELL_JOEX_LOGGING" -}} +{{ $envPrefix }}_FORMAT: {{ .Values.docspell.joex.logging.format }} +{{ $envPrefix }}_MINIMUM__LEVEL: {{ .Values.docspell.joex.logging.minimumLevel }} +{{- end -}} + +{{/*JDBC Connection*/}} +{{- define "docspell.joex.config.JDBC" -}} +{{- $envPrefix := "DOCSPELL_JOEX_JDBC" -}} +{{ $envPrefix }}_USER: {{ .Values.postgresql.global.postgresql.auth.username }} +{{ $envPrefix }}_PASSWORD: {{ .Values.postgresql.global.postgresql.auth.password }} +{{ $envPrefix }}_URL: {{ include "postgresql.jdbcUrl" . }} +{{- end -}} + +{{/*Database Schema Settings*/}} +{{- define "docspell.joex.config.databaseSchema" -}} +{{- $envPrefix := "DOCSPELL_JOEX_DATABASE__SCHEMA" -}} +{{ $envPrefix }}_RUN__MAIN__MIGRATIONS: {{ .Values.docspell.joex.databaseSchema.runMainMigrations | quote }} +{{ $envPrefix }}_RUN__FIXUP__MIGRATIONS: {{ .Values.docspell.joex.databaseSchema.runFixupMigrations | quote }} +{{ $envPrefix }}_REPAIR__SCHEMA: {{ .Values.docspell.joex.databaseSchema.repairSchema | quote }} +{{- end -}} + +{{/*Scheduler Settings*/}} +{{- define "docspell.joex.config.scheduler" -}} +{{- $envPrefix := "DOCSPELL_JOEX_SCHEDULER" -}} +{{ $envPrefix }}_NAME: {{ default (include "docspell.joex.config.appId" .) .Values.docspell.joex.scheduler.name }} +{{ $envPrefix }}_POOL__SIZE: {{ .Values.docspell.joex.scheduler.poolSize | quote }} +{{ $envPrefix }}_COUNTING__SCHEME: {{ .Values.docspell.joex.scheduler.countingScheme | quote }} +{{ $envPrefix }}_RETRIES: {{ .Values.docspell.joex.scheduler.retries | quote }} +{{ $envPrefix }}_RETRY__DELAY: {{ .Values.docspell.joex.scheduler.retryDelay | quote }} +{{ $envPrefix }}_LOG__BUFFER__SIZE: {{ .Values.docspell.joex.scheduler.logBufferSize | quote }} +{{ $envPrefix }}_WAKEUP__PERIOD: {{ .Values.docspell.joex.scheduler.wakeupPeriod | quote }} +{{- end -}} + +{{/*PeriodScheduler Settings*/}} +{{- define "docspell.joex.config.periodicScheduler" -}} +{{- $envPrefix := "DOCSPELL_JOEX_PERIODIC__SCHEDULER" -}} +{{ $envPrefix }}_NAME: {{ default (include "docspell.joex.config.appId" .) .Values.docspell.joex.periodicScheduler.name }} +{{ $envPrefix }}_WAKEUP__PERIOD: {{ .Values.docspell.joex.periodicScheduler.wakeupPeriod | quote }} +{{- end -}} + +{{/*User Tasks Settings*/}} +{{- define "docspell.joex.config.userTasks" -}} +{{- $envPrefix := "DOCSPELL_JOEX_USER__TASKS_SCAN__MAILBOX" -}} +{{ $envPrefix }}_MAX__FOLDERS: {{ .Values.docspell.joex.userTasks.scanMailbox.maxFolders | quote }} +{{ $envPrefix }}_MAIL__CHUNK__SIZE: {{ .Values.docspell.joex.userTasks.scanMailbox.mailChunkSize | quote }} +{{ $envPrefix }}_MAX__MAILS: {{ .Values.docspell.joex.userTasks.scanMailbox.maxMails | quote }} +{{- end -}} + +{{/*House Keeping Settings*/}} +{{- define "docspell.joex.config.houseKeeping" -}} +{{- $envPrefix := "DOCSPELL_JOEX_HOUSE__KEEPING" -}} +{{ $envPrefix }}_SCHEDULE: {{ .Values.docspell.joex.houseKeeping.schedule | quote }} +{{ $envPrefix }}_CLEANUP__INVITES_ENABLED: {{ .Values.docspell.joex.houseKeeping.cleanupInvites.enabled | quote }} +{{ $envPrefix }}_CLEANUP__INVITES_OLDER__THAN: {{ .Values.docspell.joex.houseKeeping.cleanupInvites.olderThan | quote }} +{{ $envPrefix }}_CLEANUP__REMEMBER__ME_ENABLED: {{ .Values.docspell.joex.houseKeeping.cleanupRememberMe.enabled | quote }} +{{ $envPrefix }}_CLEANUP__REMEMBER__ME_OLDER__THAN: {{ .Values.docspell.joex.houseKeeping.cleanupRememberMe.olderThan | quote }} +{{ $envPrefix }}_CLEANUP__JOBS_ENABLED: {{ .Values.docspell.joex.houseKeeping.cleanupJobs.enabled | quote }} +{{ $envPrefix }}_CLEANUP__JOBS_OLDER__THAN: {{ .Values.docspell.joex.houseKeeping.cleanupJobs.olderThan | quote }} +{{ $envPrefix }}_CLEANUP__JOBS_DELETE__BATCH: {{ .Values.docspell.joex.houseKeeping.cleanupJobs.deleteBatch | quote }} +{{ $envPrefix }}_CLEANUP__DOWNLOADS_ENABLED: {{ .Values.docspell.joex.houseKeeping.cleanupDownloads.enabled | quote }} +{{ $envPrefix }}_CLEANUP__DOWNLOADS_OLDER__THAN: {{ .Values.docspell.joex.houseKeeping.cleanupDownloads.olderThan | quote }} +{{ $envPrefix }}_CLEANUP__NODES_ENABLED: {{ .Values.docspell.joex.houseKeeping.cleanupNodes.enabled | quote }} +{{ $envPrefix }}_CLEANUP__NODES_MIN__NOT__FOUND: {{ .Values.docspell.joex.houseKeeping.cleanupNodes.minNotFound |quote }} +{{ $envPrefix }}_INTEGRITY__CHECK_ENABLED: {{ .Values.docspell.joex.houseKeeping.integrityCheck.enabled | quote }} +{{- end -}} + +{{/*Update Check Settings*/}} +{{- define "docspell.joex.config.updateCheck" -}} +{{- if and .Values.docspell.joex.updateCheck.enabled (not .Values.docspell.joex.updateCheck.recipients) -}} +{{- fail "Update check recipients have to be set when enabling update check" -}} +{{- end -}} +{{- $envPrefix := "DOCSPELL_JOEX_UPDATE__CHECK" -}} +{{ $envPrefix }}_ENABLED: {{ .Values.docspell.joex.updateCheck.enabled | quote }} +{{ $envPrefix }}_TEST__RUN: {{ .Values.docspell.joex.updateCheck.testRun | quote }} +{{ $envPrefix }}_SCHEDULE: {{ .Values.docspell.joex.updateCheck.schedule | quote }} +{{- if .Values.docspell.joex.updateCheck.senderAccount }} +{{ $envPrefix }}_SENDER__ACOUNT: {{ .Values.docspell.joex.updateCheck.senderAccount }} +{{ $envPrefix }}_SMTP__ID: {{ .Values.docspell.joex.updateCheck.smtpId }} +{{- end }} +{{- range $index, $recipient := .Values.docspell.joex.updateCheck.recipients }} +{{ $envPrefix }}_RECIPIENTS_{{ $index }}: {{ $recipient }} +{{- end }} +{{ $envPrefix }}_SUBJECT: {{ .Values.docspell.joex.updateCheck.subject }} +{{ $envPrefix }}_BODY: | {{ .Values.docspell.joex.updateCheck.body | nindent 4 }} +{{- end -}} + +{{/*Convert Settings*/}} +{{- define "docspell.joex.config.convert" -}} +{{- $envPrefix := "DOCSPELL_JOEX_CONVERT" -}} +{{ $envPrefix }}_HTML__CONVERTER: {{ .Values.docspell.joex.convert.htmlConverter }} +{{- end -}} + +{{/*Full Text Search Settings*/}} +{{- define "docspell.joex.config.fullTextSearch" -}} +{{- if .Values.docspell.fullTextSearch.enabled -}} +DOCSPELL_JOEX_FULL__TEXT__SEARCH_MIGRATION_INDEX__ALL__CHUNK: {{ .Values.docspell.joex.fullTextSearch.migration.indexAllChink | quote }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/joex/_helpers.tpl b/kubernetes/helm/docspell/templates/joex/_helpers.tpl new file mode 100644 index 00000000..637ae330 --- /dev/null +++ b/kubernetes/helm/docspell/templates/joex/_helpers.tpl @@ -0,0 +1,35 @@ +{{/* +Common labels +*/}} +{{- define "joex.labels" -}} +helm.sh/chart: {{ include "docspell.chart" . }} +app: {{ include "docspell.name" . }}-joex +{{ include "joex.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.joex.image.tag | default .Chart.AppVersion | quote }} +version: {{ .Values.joex.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "joex.selectorLabels" -}} +app.kubernetes.io/name: {{ include "docspell.name" . }}-joex +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create joex image name and tag used by the deployment +*/}} +{{- define "joex.image" -}} +{{- $registry := .Values.global.imageRegistry | default .Values.joex.image.registry -}} +{{- $repository := .Values.joex.image.repository -}} +{{- $separator := ":" -}} +{{- $tag := .Values.joex.image.tag | default .Chart.AppVersion -}} +{{- if $registry -}} + {{- printf "%s/%s%s%s" $registry $repository $separator $tag -}} +{{- else -}} + {{- printf "%s%s%s" $repository $separator $tag -}} +{{- end -}} +{{- end -}} + diff --git a/kubernetes/helm/docspell/templates/joex/config.yaml b/kubernetes/helm/docspell/templates/joex/config.yaml new file mode 100644 index 00000000..3fbbad5a --- /dev/null +++ b/kubernetes/helm/docspell/templates/joex/config.yaml @@ -0,0 +1,23 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "docspell.fullname" . }}-joex + labels: + {{- include "joex.labels" . | nindent 4 }} +data: + DOCSPELL_JOEX_APP__ID: {{ include "docspell.joex.config.appId" . }} + DOCSPELL_JOEX_BASE__URL: {{ include "docspell.joex.config.baseUrl" . }} + {{- include "docspell.joex.config.bind" . | nindent 4 }} + {{- include "docspell.joex.config.logging" . | nindent 4 }} + DOCSPELL_JOEX_MAIL__DEBUG: {{ .Values.docspell.joex.mailDebug | quote }} + {{- include "docspell.joex.config.databaseSchema" . | nindent 4 }} + {{- include "docspell.joex.config.scheduler" . | nindent 4 }} + {{- include "docspell.joex.config.periodicScheduler" . | nindent 4 }} + {{- include "docspell.joex.config.userTasks" . | nindent 4 }} + {{- include "docspell.joex.config.houseKeeping" . | nindent 4 }} + {{- include "docspell.joex.config.updateCheck" . | nindent 4 }} + {{- include "docspell.joex.config.convert" . | nindent 4 }} + {{- if .Values.docspell.fullTextSearch.enabled -}} + {{- include "docspell.config.fullTextSearch" (dict "context" . "type" "joex") | nindent 4 }} + {{- include "docspell.joex.config.fullTextSearch" . | nindent 4}} + {{- end }} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/joex/deployment.yaml b/kubernetes/helm/docspell/templates/joex/deployment.yaml new file mode 100644 index 00000000..2d5f20f7 --- /dev/null +++ b/kubernetes/helm/docspell/templates/joex/deployment.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "docspell.fullname" . }}-joex + annotations: + {{- if .Values.joex.deployment.annotations }} + {{- toYaml .Values.joex.deployment.annotations | nindent 4 }} + {{- end }} + labels: + {{- include "joex.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.joex.replicaCount }} + strategy: + type: {{ .Values.joex.strategy.type }} + {{- if eq .Values.joex.strategy.type "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.joex.strategy.rollingUpdate.maxUnavailable }} + maxSurge: {{ .Values.joex.strategy.rollingUpdate.maxSurge }} + {{- end }} + selector: + matchLabels: + {{- include "joex.selectorLabels" . | nindent 6 }} + {{- if .Values.joex.deployment.labels }} + {{- toYaml .Values.joex.deployment.labels | nindent 6 }} + {{- end }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/joex/config.yaml") . | sha256sum }} + {{- with .Values.joex.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "joex.labels" . | nindent 8 }} + {{- if .Values.joex.deployment.labels }} + {{- toYaml .Values.joex.deployment.labels | nindent 8 }} + {{- end }} + spec: + {{- if or .Values.serviceAccount.create .Values.serviceAccount.name }} + serviceAccountName: {{ include "docspell.serviceAccountName" . }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.joex.deployment.terminationGracePeriodSeconds }} + containers: + - name: joex + image: "{{ include "joex.image" . }}" + imagePullPolicy: {{ .Values.joex.image.pullPolicy }} + {{- with .Values.joex.additionalArgs }} + args: + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: {{ .Values.joex.service.port }} + name: http + envFrom: + - configMapRef: + name: {{ include "docspell.fullname" . }}-joex + - secretRef: + name: {{ include "docspell.fullname" . }}-joex-secret + resources: + {{- toYaml .Values.joex.resources | nindent 12 }} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/joex/secret.yaml b/kubernetes/helm/docspell/templates/joex/secret.yaml new file mode 100644 index 00000000..12a7d51c --- /dev/null +++ b/kubernetes/helm/docspell/templates/joex/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "docspell.fullname" . }}-joex-secret + labels: + {{- include "joex.labels" . | nindent 4}} +type: Opaque +stringData: + {{- include "docspell.secrets.JDBC" (dict "context" . "type" "joex") | nindent 4 -}} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/joex/service.yaml b/kubernetes/helm/docspell/templates/joex/service.yaml new file mode 100644 index 00000000..8feb3976 --- /dev/null +++ b/kubernetes/helm/docspell/templates/joex/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "docspell.fullname" . }}-joex + labels: + {{- include "joex.labels" . | nindent 4 }} + {{- if .Values.joex.service.labels }} + {{- toYaml .Values.joex.serivce.labels | nindent 4 }} + {{- end }} + annotations: + {{- toYaml .Values.joex.service.annotations | nindent 4 }} +spec: + type: {{ .Values.joex.service.type }} + ports: + - port: {{ .Values.joex.service.port }} + targetPort: {{ .Values.joex.service.targetPort | default .Values.joex.service.port }} + protocol: TCP + name: http + selector: + {{- include "joex.selectorLabels" . | nindent 6 -}} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/restserver/_configs.tpl b/kubernetes/helm/docspell/templates/restserver/_configs.tpl new file mode 100644 index 00000000..61743c81 --- /dev/null +++ b/kubernetes/helm/docspell/templates/restserver/_configs.tpl @@ -0,0 +1,147 @@ +{{/*App ID*/}} +{{- define "docspell.server.config.appId" -}} +{{- $appId := .Values.docspell.server.appId | default (printf "%s-restserver" (include "docspell.fullname" .)) -}} +{{- print $appId -}} +{{- end -}} + +{{/*Logging Config*/}} +{{- define "docspell.server.config.logging" -}} +{{- $envPrefix := "DOCSPELL_SERVER_LOGGING" -}} +{{ $envPrefix }}_FORMAT: {{ .Values.docspell.server.logging.format }} +{{ $envPrefix }}_MINIMUM__LEVEL: {{ .Values.docspell.server.logging.minimumLevel }} +{{- end -}} + +{{/*Bind Config*/}} +{{- define "docspell.server.config.bind" -}} +{{- if not (eq .Values.restserver.service.port .Values.docspell.server.bind.port) -}} +{{- fail "The restserver and it's service don't have to use the same port, no connection will be possible." -}} +{{- end -}} +{{- $envPrefix := "DOCSPELL_SERVER_BIND" -}} +{{ $envPrefix }}_ADDRESS: {{ .Values.docspell.server.bind.address | quote }} +{{ $envPrefix }}_PORT: {{ .Values.docspell.server.bind.port | quote }} +{{- end -}} + +{{/*Auth Config*/}} +{{- define "docspell.server.config.auth" -}} +{{- $envPrefix := "DOCSPELL_SERVER_AUTH" -}} +{{ $envPrefix }}_SESSION__VALID: {{ .Values.docspell.server.auth.sessionValid | quote }} +{{ $envPrefix }}_REMEMBER__ME_ENABLED: {{ .Values.docspell.server.auth.rememberMe.enabled | quote }} +{{ $envPrefix }}_REMEMBER__ME_VALID: {{ .Values.docspell.server.auth.rememberMe.valid | quote }} +{{ $envPrefix }}_ON__ACCOUNT__SOURCE__CONFLICT: {{ .Values.docspell.server.auth.onAccountSourceConflict }} +{{- end -}} + +{{/*Auth Secrets*/}} +{{- define "docspell.server.secrets.auth" -}} +{{- with .Values.docspell.server.auth.serverSecret }} +DOCSPELL_SERVER_AUTH_SERVER__SECRET: {{ . }} +{{- end }} +{{- end -}} + +{{/*Download Config*/}} +{{- define "docspell.server.config.donwload" -}} +{{- $envPrefix := "DOCSPELL_SERVER_DOWNLOAD__ALL" -}} +{{ $envPrefix }}_MAX__FILES: {{ .Values.docspell.server.donwloadAll.maxFiles | quote }} +{{ $envPrefix }}_MAX__SIZE: {{ .Values.docspell.server.donwloadAll.maxSize }} +{{- end -}} + +{{/*OpenID Config*/}} +{{- define "docspell.server.config.openid" -}} +{{- $envPrefix := "DOCSPELL_SERVER_OPENID" -}} +{{- range $index, $entry := .Values.docspell.server.openid -}} +{{- if $entry.enabled -}} +{{ $envPrefix }}_{{ $index }}_DISPLAY: {{ $entry.display }} +{{ $envPrefix }}_{{ $index }}_ENABLED: {{ $entry.enabled | quote }} +{{ $envPrefix }}_{{ $index }}_COLLECTIVE__KEY: {{ $entry.collectiveKey }} +{{ $envPrefix }}_{{ $index }}_USER__KEY: {{ $entry.userKey }} +{{- $envPrefix = printf "%s_%s_PROVIDER" $envPrefix ($index | toString) }} +{{ $envPrefix }}_PROVIDER__ID: {{ $entry.provider.providerId }} +{{ $envPrefix }}_SCOPE: {{ $entry.provider.scope }} +{{ $envPrefix }}_AUTHORIZE__URL: {{ $entry.provider.authorizeUrl }} +{{ $envPrefix }}_TOKEN__URL: {{ $entry.provider.tokenUrl }} +{{- with $entry.provider.userUrl }} +{{ $envPrefix }}_USER__URL: {{ . }} +{{- end }} +{{ $envPrefix }}_LOGOUT__URL: {{ $entry.provider.logoutUrl }} +{{ $envPrefix }}_SIG__ALGO: {{ $entry.provider.sigAlgo }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/*OpenID Secrets*/}} +{{- define "docspell.server.secrets.openid" -}} +{{- $envPrefix := "DOCSPELL_SERVER_OPENID" -}} +{{- range $index, $entry := .Values.docspell.server.openid -}} +{{- if $entry.enabled -}} +{{- $envPrefix = printf "%s_%s_PROVIDER" $envPrefix ($index | toString) }} +{{ $envPrefix }}_CLIENT__ID: {{ $entry.provider.clientId }} +{{ $envPrefix }}_CLIENT__SECRET: {{ $entry.provider.clientSecret }} +{{ $envPrefix }}_SIGN__KEY: {{ $entry.provider.signKey }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/*Database Schema Settings*/}} +{{- define "docspell.server.config.databaseSchema" -}} +{{- $envPrefix := "DOCSPELL_SERVER_BACKEND_DATABASE__SCHEMA" -}} +{{ $envPrefix }}_RUN__MAIN__MIGRATIONS: {{ .Values.docspell.server.backend.databaseSchema.runMainMigrations | quote }} +{{ $envPrefix }}_RUN__FIXUP__MIGRATIONS: {{ .Values.docspell.server.backend.databaseSchema.runFixupMigrations | quote }} +{{ $envPrefix }}_REPAIR__SCHEMA: {{ .Values.docspell.server.backend.databaseSchema.repairSchema | quote }} +{{- end -}} + +{{/*Integration Endpoint Settings*/}} +{{- define "docspell.server.config.integrationEndpoint" -}} +{{- $envPrefix := "DOCSPELL_SERVER_INTEGRATION__ENDPOINT" -}} +{{ $envPrefix }}_ENABLED: {{ .Values.docspell.server.integrationEndpoint.enabled | quote }} +{{ $envPrefix }}_PRIORITY: {{ .Values.docspell.server.integrationEndpoint.priority }} +{{ $envPrefix }}_SOURCE__NAME: {{ .Values.docspell.server.integrationEndpoint.sourceName }} +{{- if .Values.docspell.server.integrationEndpoint.allowedIps.enabed }} +{{ $envPrefix }}_ALLOWED__IPS_ENABLED: {{ .Values.docspell.server.integrationEndpoint.allowedIps.enabed }} +{{- range $index, $ip := .Values.docspell.server.integrationEndpoint.allowedIps.ips }} +{{ $envPrefix }}_ALLOWED__IPS_IPS_{{ $index}}: {{ $ip }} +{{- end }} +{{- end }} +{{- if .Values.docspell.server.integrationEndpoint.httpBasic.enabled | quote }} +{{ $envPrefix }}_HTTP__BASIC_ENABLED: {{ .Values.docspell.server.integrationEndpoint.httpBasic.enabled | quote }} +{{- end }} +{{- if .Values.docspell.server.integrationEndpoint.httpHeader.enabled | quote }} +{{ $envPrefix }}_HTTP__HEADER_ENABLED: {{ .Values.docspell.server.integrationEndpoint.httpHeader.enabled | quote }} +{{- end }} +{{- end }} + +{{/*Integration Endpoint Secrets*/}} +{{- define "docspell.server.secrets.integrationEndpoint" -}} +{{- if .Values.docspell.server.integrationEndpoint.httpBasic.enabled | quote -}} +{{- $envPrefix := "DOCSPELL_SERVER_INTEGRATION__ENDPOINT__HTTP__BASIC" -}} +{{ $envPrefix}}_REALM: {{ .Values.docspell.server.integrationEndpoint.httpBasic.realm }} +{{ $envPrefix}}_USER: {{ .Values.docspell.server.integrationEndpoint.httpBasic.user }} +{{ $envPrefix}}_PASSWORD: {{ .Values.docspell.server.integrationEndpoint.httpBasic.password }} +{{- end }} +{{- if .Values.docspell.server.integrationEndpoint.httpHeader.enabled | quote -}} +{{ $envPrefix := "DOCSPELL_SERVER_INTEGRATION__ENDPOINT__HTTP__HEADER" }} +{{ $envPrefix }}_HEADER__NAME: {{ .Values.docspell.server.integrationEndpoint.httpHeader.headerName }} +{{ $envPrefix }}_HEADER__VALUE: {{ .Values.docspell.server.integrationEndpoint.httpHeader.headerValue }} +{{- end }} +{{- end -}} + +{{/*Admin Endpoint Secrets*/}} +{{- define "docspell.server.secrets.adminEndpoint" -}} +{{- with .Values.docspell.server.adminEndpoint.secret }} +DOCSPELL_SERVER_ADMIN__ENDPOINT_SECRET: {{ . }} +{{- end }} +{{- end -}} + +{{/*Signup Settings*/}} +{{- define "docspell.server.config.signup" -}} +{{- $envPrefix := "DOCSPELL_SERVER_BACKEND_SIGNUP" -}} +{{ $envPrefix }}_MODE: {{ .Values.docspell.server.backend.signup.mode }} +{{- if eq .Values.docspell.server.backend.signup.mode "invite" }} +{{ $envPrefix }}_INVITE__TIME: {{ .Values.docspell.server.backend.signup.inviteTime }} +{{- end -}} +{{- end -}} + +{{/*Signup Secrets*/}} +{{- define "docspell.server.secrets.signup" -}} +{{- if eq .Values.docspell.server.backend.signup.mode "invite" }} +DOCSPELL_SERVER_BACKEND_SIGNUP_NEW__INVITE__PASSWORD: {{ .Values.docspell.server.backend.signup.newInvitePassword }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/restserver/_helpers.tpl b/kubernetes/helm/docspell/templates/restserver/_helpers.tpl new file mode 100644 index 00000000..b94b0c18 --- /dev/null +++ b/kubernetes/helm/docspell/templates/restserver/_helpers.tpl @@ -0,0 +1,34 @@ +{{/* +Common labels +*/}} +{{- define "restserver.labels" -}} +helm.sh/chart: {{ include "docspell.chart" . }} +app: {{ include "docspell.name" . }}-restserver +{{ include "restserver.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.restserver.image.tag | default .Chart.AppVersion | quote }} +version: {{ .Values.restserver.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "restserver.selectorLabels" -}} +app.kubernetes.io/name: {{ include "docspell.name" . }}-restserver +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create restserver image name and tag used by the deployment +*/}} +{{- define "restserver.image" -}} +{{- $registry := .Values.global.imageRegistry | default .Values.restserver.image.registry -}} +{{- $repository := .Values.restserver.image.repository -}} +{{- $separator := ":" -}} +{{- $tag := .Values.restserver.image.tag | default .Chart.AppVersion -}} +{{- if $registry -}} + {{- printf "%s/%s%s%s" $registry $repository $separator $tag -}} +{{- else -}} + {{- printf "%s%s%s" $repository $separator $tag -}} +{{- end -}} +{{- end -}} diff --git a/kubernetes/helm/docspell/templates/restserver/config.yaml b/kubernetes/helm/docspell/templates/restserver/config.yaml new file mode 100644 index 00000000..ba2f3762 --- /dev/null +++ b/kubernetes/helm/docspell/templates/restserver/config.yaml @@ -0,0 +1,27 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ include "docspell.fullname" . }}-restserver + labels: + {{- include "restserver.labels" . | nindent 4 }} +data: + DOCSPELL_SERVER_APP__NAME: {{ .Values.docspell.server.appName }} + DOCSPELL_SERVER_APP__ID: {{ include "docspell.server.config.appId" . }} + DOCSPELL_SERVER_INTERNAL__URL: http://{{ include "docspell.fullname" . }}-restserver:{{ .Values.restserver.service.port }} + {{- include "docspell.server.config.logging" . | nindent 4 }} + {{- include "docspell.server.config.bind" . |nindent 4 }} + DOCSPELL_SERVER_MAX__ITEM__PAGE__SIZE: {{ .Values.docspell.server.maxItemPageSize | quote }} + DOCSPELL_SERVER_MAX__NOTE_LENGTH: {{ .Values.docspell.server.maxNoteLength | quote }} + DOCSPELL_SERVER_SHOW__CLASSIFICATION__SETTINGS: {{ .Values.docspell.server.showClassificationSettings | quote }} + {{- include "docspell.server.config.auth" . | nindent 4 }} + {{- include "docspell.server.config.donwload" . | nindent 4 }} + {{- include "docspell.server.config.openid" . | nindent 4 }} + {{- if .Values.docspell.server.integrationEndpoint.enabled -}} + {{- include "docspell.server.config.integrationEndpoint" . | nindent 4 }} + {{- end }} + {{- if .Values.docspell.fullTextSearch.enabled -}} + {{ include "docspell.config.fullTextSearch" (dict "context" . "type" "server") | nindent 4 }} + {{- end }} + DOCSPELL_SERVER_BACKEND_MAIL__DEBUG: {{ .Values.docspell.server.backend.mailDebug | quote }} + {{- include "docspell.server.config.databaseSchema" . | nindent 4 }} + {{- include "docspell.server.config.signup" . | nindent 4 }} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/restserver/deployment.yaml b/kubernetes/helm/docspell/templates/restserver/deployment.yaml new file mode 100644 index 00000000..f37fdb4f --- /dev/null +++ b/kubernetes/helm/docspell/templates/restserver/deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "docspell.fullname" . }}-restserver + annotations: + {{- if .Values.restserver.deployment.annotations }} + {{- toYaml .Values.restserver.deployment.annotations | nindent 4 }} + {{- end }} + labels: + {{- include "restserver.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.restserver.replicaCount }} + strategy: + type: {{ .Values.restserver.strategy.type }} + {{- if eq .Values.restserver.strategy.type "RollingUpdate" }} + rollingUpdate: + maxUnavailable: {{ .Values.restserver.strategy.rollingUpdate.maxUnavailable }} + maxSurge: {{ .Values.restserver.strategy.rollingUpdate.maxSurge }} + {{- end }} + selector: + matchLabels: + {{- include "restserver.selectorLabels" . | nindent 6 }} + {{- if .Values.restserver.deployment.labels }} + {{- toYaml .Values.restserver.deployment.labels | nindent 6 }} + {{- end }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/restserver/config.yaml") . | sha256sum }} + {{- with .Values.restserver.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "restserver.labels" . | nindent 8 }} + {{- if .Values.restserver.deployment.labels }} + {{- toYaml .Values.restserver.deployment.labels | nindent 8 }} + {{- end }} + spec: + {{- if (or .Values.serviceAccount.create .Values.serviceAccount.name) }} + serviceAccountName: {{ include "docspell.serviceAccountName" . }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.restserver.deployment.terminationGracePeriodSeconds }} + containers: + - name: restserver + image: "{{ include "restserver.image" . }}" + imagePullPolicy: {{ .Values.restserver.image.pullPolicy }} + ports: + - containerPort: {{ .Values.restserver.service.port }} + name: http + envFrom: + - configMapRef: + name: {{ include "docspell.fullname" . }}-restserver + - secretRef: + name: {{ include "docspell.fullname" . }}-restserver-secret + resources: + {{- toYaml .Values.restserver.resources | nindent 12 }} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/restserver/secret.yaml b/kubernetes/helm/docspell/templates/restserver/secret.yaml new file mode 100644 index 00000000..69a498d6 --- /dev/null +++ b/kubernetes/helm/docspell/templates/restserver/secret.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "docspell.fullname" . }}-restserver-secret + labels: + {{- include "restserver.labels" . | nindent 4 }} +type: Opaque +stringData: + assertions: + {{- if and (gt .Values.restserver.replicaCount 1.0) (not .Values.docspell.server.auth.serverSecret) -}} + {{- fail "If multiple replicas are running of the rest server, the server secret has to be fixed." -}} + {{- end -}} + {{- if and (eq .Values.docspell.server.backend.signup.mode "invite") (not .Values.docspell.server.backend.signup.newInvitePassword) -}} + {{- fail "Invite password has to be set, when using signup mode 'invite'" -}} + {{- end -}} + {{- include "docspell.server.secrets.auth" . | nindent 4 }} + {{- include "docspell.server.secrets.openid" . | nindent 4 }} + {{- include "docspell.server.secrets.integrationEndpoint" . | nindent 4 }} + {{- include "docspell.server.secrets.adminEndpoint" . | nindent 4 }} + {{- include "docspell.secrets.JDBC" (dict "context" . "type" "server") | nindent 4 -}} + {{- include "docspell.server.secrets.signup" . | nindent 4 -}} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/restserver/service.yaml b/kubernetes/helm/docspell/templates/restserver/service.yaml new file mode 100644 index 00000000..93776720 --- /dev/null +++ b/kubernetes/helm/docspell/templates/restserver/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "docspell.fullname" . }}-restserver + labels: + {{- include "restserver.labels" . | nindent 4 }} + {{- if .Values.restserver.service.labels }} + {{- toYaml .Values.restserver.serivce.labels | nindent 4 }} + {{- end }} + annotations: + {{- toYaml .Values.restserver.service.annotations | nindent 4 }} +spec: + type: {{ .Values.restserver.service.type }} + ports: + - port: {{ .Values.restserver.service.port }} + targetPort: {{ .Values.restserver.service.targetPort | default .Values.restserver.service.port }} + protocol: TCP + name: http + selector: + {{- include "restserver.selectorLabels" . | nindent 6 -}} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/serviceaccount.yaml b/kubernetes/helm/docspell/templates/serviceaccount.yaml new file mode 100644 index 00000000..c8daadd2 --- /dev/null +++ b/kubernetes/helm/docspell/templates/serviceaccount.yaml @@ -0,0 +1,20 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "docspell.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "docspell.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.labels }} + {{- . | toYaml | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + {{- . | toYaml | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- with .Values.serviceAccount.imagePullSecrets }} +imagePullSecrets: + {{- . | toYaml | nindent 2 }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/solr/_helpers.tpl b/kubernetes/helm/docspell/templates/solr/_helpers.tpl new file mode 100644 index 00000000..5196d57d --- /dev/null +++ b/kubernetes/helm/docspell/templates/solr/_helpers.tpl @@ -0,0 +1,53 @@ +{{/* +Common labels +*/}} +{{- define "solr.labels" -}} +helm.sh/chart: {{ include "docspell.chart" . }} +app: {{ include "docspell.name" . }}-solr +{{ include "solr.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.solr.image.tag | quote }} +version: {{ .Values.solr.image.tag | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "solr.selectorLabels" -}} +app.kubernetes.io/name: {{ include "docspell.name" . }}-solr +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create solr image name and tag used by the deployment +*/}} +{{- define "solr.image" -}} +{{- $registry := .Values.global.imageRegistry | default .Values.solr.image.registry -}} +{{- $repository := .Values.solr.image.repository -}} +{{- $separator := ":" -}} +{{- $tag := .Values.solr.image.tag | default .Chart.AppVersion -}} +{{- if $registry -}} + {{- printf "%s/%s%s%s" $registry $repository $separator $tag -}} +{{- else -}} + {{- printf "%s%s%s" $repository $separator $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Connection URL +*/}} +{{- define "solr.url" -}} +{{- $port := .Values.solr.service.port | toString -}} +{{- $service := printf "%s-solr" (include "docspell.fullname" .) -}} +{{- printf "http://%s:%s/solr/docspell" $service $port -}} +{{- end }} + +{{/* +Storage Class +*/}} +{{- define "solr.persistence.storageClass" -}} +{{- $storageClass := .Values.solr.persistence.storageClass | default .Values.global.storageClass -}} +{{- if $storageClass -}} +storageClassName: {{ $storageClass | quote }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/solr/pvc.yaml b/kubernetes/helm/docspell/templates/solr/pvc.yaml new file mode 100644 index 00000000..8fba066a --- /dev/null +++ b/kubernetes/helm/docspell/templates/solr/pvc.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.solr.enabled .Values.solr.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.solr.persistence.claimName }} + namespace: {{ $.Release.Namespace }} + annotations: +{{ .Values.solr.persistence.annotations | toYaml | indent 4}} +spec: + accessModes: + {{- .Values.solr.persistence.accessModes | toYaml | nindent 4 }} + volumeMode: Filesystem + {{- include "solr.persistence.storageClass" . | nindent 2 }} + {{- with .Values.solr.persistence.volumeName }} + volumeName: {{ . }} + {{- end }} + resources: + requests: + storage: {{ .Values.solr.persistence.size }} +{{- end }} + diff --git a/kubernetes/helm/docspell/templates/solr/service.yaml b/kubernetes/helm/docspell/templates/solr/service.yaml new file mode 100644 index 00000000..2a01b375 --- /dev/null +++ b/kubernetes/helm/docspell/templates/solr/service.yaml @@ -0,0 +1,22 @@ +{{- if .Values.solr.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "docspell.fullname" . }}-solr + labels: + {{- include "solr.labels" . | nindent 4 }} + {{- if .Values.solr.service.labels }} + {{- toYaml .Values.solr.serivce.labels | nindent 4 }} + {{- end }} + annotations: + {{- toYaml .Values.solr.service.annotations | nindent 4 }} +spec: + type: {{ .Values.solr.service.type }} + ports: + - port: {{ .Values.solr.service.port }} + targetPort: {{ .Values.solr.service.targetPort | default .Values.solr.service.port }} + protocol: TCP + name: solr + selector: + {{- include "solr.selectorLabels" . | nindent 4 }} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/helm/docspell/templates/solr/statefulset.yaml b/kubernetes/helm/docspell/templates/solr/statefulset.yaml new file mode 100644 index 00000000..bee36355 --- /dev/null +++ b/kubernetes/helm/docspell/templates/solr/statefulset.yaml @@ -0,0 +1,98 @@ +{{- if .Values.solr.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "docspell.fullname" . }}-solr + annotations: + {{- if .Values.solr.statefulSet.annotations }} + {{- toYaml .Values.solr.statefulSet.annotations | nindent 4 }} + {{- end }} + labels: + {{- include "solr.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "solr.selectorLabels" . | nindent 6 }} + {{- if .Values.solr.statefulSet.labels }} + {{- toYaml .Values.solr.statefulSet.labels | nindent 6 }} + {{- end }} + serviceName: {{ include "docspell.fullname" . }}-solr + template: + metadata: + annotations: + {{- with .Values.solr.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "solr.labels" . | nindent 8 }} + {{- if .Values.solr.statefulSet.labels }} + {{- toYaml .Values.solr.statefulSet.labels | nindent 8 }} + {{- end }} + app: solr + spec: + {{- if (or .Values.serviceAccount.create .Values.serviceAccount.name) }} + serviceAccontName: {{ include "docspell.serviceAccountName" . }} + {{- end }} + initContainers: + - name: solr-fix-permissions + image: busybox + command: + - sh + - -c + - chown -R 8983:8983 /var/solr + volumeMounts: + - name: solr-data + mountPath: /var/solr + resources: + {{- toYaml .Values.solr.initContainers.resources | nindent 12 }} + terminationGracePeriodSeconds: {{ .Values.solr.statefulSet.terminationGracePeriodSeconds }} + containers: + - name: solr + image: "{{ include "solr.image" . }}" + imagePullPolicy: {{ .Values.solr.image.pullPolicy }} + env: + - name: SOLR_OPTS + value: -Dsolr.modules=analysis-extras + command: + - docker-entrypoint.sh + - solr-precreate + - docspell + ports: + - containerPort: {{ .Values.solr.service.port }} + name: solr + {{- if .Values.solr.livenessProbe.enabled }} + livenessProbe: + {{- toYaml (omit .Values.solr.livenessProbe "enabled") | nindent 10 }} + {{- end }} + {{- if .Values.solr.readinessProbe.enabled }} + readinessProbe: + {{- toYaml (omit .Values.solr.readinessProbe "enabled") | nindent 10 }} + {{- end }} + resources: + {{- toYaml .Values.solr.resources | nindent 10 }} + volumeMounts: + - name: solr-data + mountPath: /var/solr + {{- with .Values.global.hostAliases }} + hostAliases: + {{- toYaml . | nindent 6 }} + {{- with .Values.solr.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.solr.affinity }} + affinity: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + volumes: + {{- if .Values.solr.persistence.enabled }} + - name: solr-data + persistentVolumeClaim: + claimName: {{ .Values.solr.persistence.claimName }} + {{- else if not .Values.solr.persistence.enabled }} + - name: solr-data + emptyDir: {} + {{- end }} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/helm/docspell/values.yaml b/kubernetes/helm/docspell/values.yaml new file mode 100644 index 00000000..00dcee6a --- /dev/null +++ b/kubernetes/helm/docspell/values.yaml @@ -0,0 +1,561 @@ +# Default values for docspell. +# This is a YAML-formatted file. +# Declare variables to be passed to your templates. + +## @section Global +# +## @param global.imageRegistry global image registry override +## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets` +## @param global.storageClass global storage class override +## @param global.hostAliases global hostAliases which will be added to the pod's hosts files +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + hostAliases: [] + # - ip: 192.168.137.2 + # hostnames: + # - example.com + +## @section Docspell + +docspell: + ## @param docspell.fullTextSearch.enabled The full-text search feature can be disabled and can be re-enabled at any time + ## @param docspell.fullTextSearch.backend Which backend to use, either solr or postgresql + ## @param docspell.fullTextSearch.solr.commitWithin Used to tell solr when to commit the data + ## @param docspell.fullTextSearch.solr.logVerbose If true, logs request and response bodies + ## @param docspell.fullTextSearch.solr.defType The defType parameter to lucene that defines the parses to use. (https://solr.apache.org/guide/8_4/query-syntax-and-parsing.html#query-syntax-and-parsing) + ## @param docspell.fullTextSearch.solr.qOp The default combiner for tokens (AND / OR) + fullTextSearch: + enabled: true + solr: + commitWithin: 1000 + logVerbose: false + defType: lucene + qOp: OR + ## @param docspell.server.appName Name of the application shown in the top right corner of the web application + ## @param docspell.server.appId Id of the node + ## @param docspell.server.maxItemPageSize Hard limit of batch returned items for search + ## @param docspell.server.maxNoteLength Number of characters to return for each item notes when searching + ## @param docspell.server.showClassificationSettings Whether the classification form in the collective settings is displayed or not + server: + appName: Docspell + appId: + maxItemPageSize: 200 + maxNoteLength: 180 + showClassificationSettings: true + + ## @param docspell.server.logging.format Format of log messages. Can be json,. Logfmt, Fancy or Plain + ## @param docspell.server.logging.minimumLevel Minimum level of the log. From lowest to highest: Trace, Debug, Info, Warn, Error + logging: + format: "fancy" + minimumLevel: "Warn" + + ## @param docspell.server.bind.address The address the server binds to. Should be set to `0.0.0.0` as otherwise it'll reject connections from the ingress + ## @param docspell.server.bind.port The port the server binds to. Make sure to use the same as in the port for the service and ingress + bind: + address: 0.0.0.0 + port: 7880 + ## @param docspell.server.auth.serverSecret Secret to sign the authenticator tokens. If empty, one will be generated + ## @param docspell.server.auth.sessionValid How long an authentication token is valid + ## @param docspell.server.auth.onAccountSourceConflict Fail if a duplicate account from an external source should fail the login. Can be: fail, convert + ## @param docspell.server.auth.rememberMe.enabled Enable/disable the remember me function + ## @param docspell.server.auth.rememberMe.valid How long the remember me cookie/token is valid + auth: + serverSecret: b64:YRx77QujCGkHSvll0TVEmtTaw3Z5eXr+nWMsEJowgKg= + sessionValid: "5 minutes" + onAccountSourceConflict: fail + rememberMe: + enabled: true + valid: "30 days" + ## @param docspell.server.downloadAll.maxFiles How many files to allow in "download as zip" + ## @param docspell.server.downloadAll.maxSize The maximum (uncompressed) size of the zip file contents. + donwloadAll: + maxFiles: 500 + maxSize: 1400M + ## @param docspell.server.openid OpenID Connect (oidc) or OAuth2 authentication providers. Only the "Authorization Code Flow" is supported + openid: + - display: Keycloak + enabled: false + provider: + providerId: keycloak + clientId: docspell + clientSecret: example-secret-439e-bf06-911e4cdd56a6 + scope: profile + authorizeUrl: http://localhost:8080/auth/realms/home/protocol/openid-connect/auth + tokenUrl: http://localhost:8080/auth/realms/home/protocol/openid-connect/token + # User URL is not used when signature key is set + # userUrl: http://localhost:8080/auth/realms/home/protocol/openid-connect/userinfo + logoutUrl: http://localhost:8080/auth/realms/home/protocol/openid-connect/logout + signKey: b64:anVzdC1hLXRlc3Q= + sigAlgo: RS512 + # The collective of the user is given in the access token as property `docspell_collective` + collectiveKey: "lookup:docspell_collective" + # The username to use for the docspell account + userKey: preferred_username + ## @param docspell.server.oidcAutoRedirect When exactly one OIDC/OAuth provider is configured, then the webapp automatically redirects to its authentication page skipping the docspell login page + oidcAutoRedirect: true + ## @param docspell.server.integrationEndpoint.enabled Enable endpoint to upload files to any collective + ## @param docspell.server.integrationEndpoint.priorty Priority to use when submitting files through this endpoint + ## @param docspell.server.integrationEndpoint.sourceName The name used for the item "source" property when uploaded through this endpoint + ## @param docspell.server.integrationEndpoint.allowedIps.enabled Enable ip-allow-access-list + ## @param docspell.server.integrationEndpoint.allowedIps.ips List of ips which should be added to the access list + ## @param docspell.server.integrationEndpoint.httpBasic.enabled Whether integration endpoint requests are expected to use http basic auth when uploading files + ## @param doscpell.server.integrationEndpoint.httpHeader.enabled Whether integration endpoint requests are expected to supply some specific header when uploading files + integrationEndpoint: + enabled: true + priority: low + sourceName: integration + allowedIps: + enabed: false + ips: + # IP addresses may be specific as simple globs: a part marked as '*' matches any octet, like in `192.168.*.*` + - 127.0.0.1 + httpBasic: + enabled: false + realm: "Docspell Integration" + user: "docspell-int" + password: "docspell-int" + httpHeader: + enabled: true + headerName: "Docspell-Integration" + headerValue: "SomeSecret" + ## @param docspell.server.adminEndpoint.secret Special administration endpoint. If a secret isn't supplied, the endpont is disabled + adminEndpoint: + secret: + + ## @param docspell.server.backend.mailDebug Enable or disabling debugging for e-mail related functionality + backend: + mailDebug: false + ## @param docspell.server.backend.databaseSchema.runMainMigrations Whether to run mian database migrations + ## @param docspell.server.backend.databaseSchema.runFixupMigrations Whether to run the fixup migrations + ## @param docspell.server.backend.databaseSchema.repairSchema Use with care. This repairs all migrations in the datbase by updating their checksums and removing failed migrations + databaseSchema: + runMainMigrations: true + runFixupMigrations: true + repairSchema: false + ## @param docspell.server.backend.signup.mode The mode defines if new users can signup or not (open, invite, closed) + ## @param docspell.server.backend.signup.newInvitePassword If mode is 'invite', a password must be provided to generate invitation keys + ## @param docspell.server.backend.signup.inviteTime If mode is 'invite', this is the period an invitation token is considered valid + signup: + mode: open + newInvitePassword: + inviteTime: "3 days" + ## @param docspell.joex.appId Id of the node + ## @param docspell.joex.mailDebug Enable or disabling debugging for e-mail related functionality + joex: + appId: + mailDebug: false + ## @param docspell.joex.bind.address The address joex binds to. Should be set to `0.0.0.0`, as otherwise it'll refuse connections + ## @param docspell.joex.bind.port The port joex binds to. Make sure to set the same port for the service + bind: + address: 0.0.0.0 + port: 7878 + ## @param docspell.joex.logging.format Format of log messages. Can be json,. Logfmt, Fancy or Plain + ## @param docspell.joex.logging.minimumLevel Minimum level of the log. From lowest to highest: Trace, Debug, Info, Warn, Error + logging: + format: "fancy" + minimumLevel: "Warn" + ## @param docspell.joex.databaseSchema.runMainMigrations Whether to run mian database migrations + ## @param docspell.joex.databaseSchema.runFixupMigrations Whether to run the fixup migrations + ## @param docspell.joex.databaseSchema.repairSchema Use with care. This repairs all migrations in the datbase by updating their checksums and removing failed migrations + databaseSchema: + runMainMigrations: true + runFixupMigrations: true + repairSchema: false + ## @param doscpell.joex.scheduler.name Each scheduler needs a unique name. This defaults to the node name + ## @param docspell.joex.scheduler.poolSize Number of processing allowed in parallel + ## @param docspell.joex.scheduler.countingScheme A counting s cheme determines the ratio of how high- and low-prio jobs are run + ## @param docspell.joex.scheduler.retries How often a failed job should be retried until it enters faield state + ## @param docspell.joex.scheduler.retryDelay The delay until the next try is performed for a failed job + ## @param docspell.joex.scheduler.logBufferSize The queue size of log statements from a job + ## @param docspell.joex.scheduler.wakeupPeriod If no job is left un the queue, the scheduler will wait until a notify is requested + scheduler: + name: + poolSize: 1 + countingScheme: "4,1" + retries: 2 + retryDelay: "1 minute" + logBufferSize: 500 + wakeupPeriod: "30 minutes" + ## @param docspell.joex.periodicScheduler.name Each scheduler needs a unique name. This defaults to the node name + ## @param docspell.joex.periodicScheduler.wakeupPeriod A fallback to start looking for due periodic tasks regularly + periodicScheduler: + name: + wakeupPeriod: "10 minutes" + ## @param docspell.joex.userTasks.scanMailbox.maxFolders A limit of how many folders to scan through. If a user configures more than this, only upto this limit folders are scanned and a warning is logged + ## @param docspell.joex.userTasks.scanMailbox.mailChunkSize How many mails (headers only) to retreieve in one chunk + ## @param docspell.joex.userTasks.scanMailbox.maxMails A limit on how many mails to process in one job run. This is meant to avoid too heavy resource allocation to one user/collective + userTasks: + scanMailbox: + maxFolders: 50 + mailChunkSize: 50 + maxMails: 500 + ## @param docspell.joex.houseKeeping.schedule When the house keeping tasks execute. Default is to run every week + ## @param docspell.joex.houseKeeping.cleanupInvites.enabled Whether to remove invation keys that have been created but not used + ## @param docspell.joex.houseKeeping.cleanupInvites.olderThan The minimum age of invites to be deleted + ## @param docspell.joex.houseKeeping.cleanupRememberMe.enabled Whether to remove expired remember-me tokens + ## @param docspell.joex.houseKeeping.cleanupRememberMe.olderThan The minimum age of tokens to be deleted + ## @param docspell.joex.houseKeeping.cleanupJobs.enabled Whether to delete old job log files. Logs are already stored in the database + ## @param docspell.joex.houseKeeping.cleanupJobs.olderThan The minimum age of jobs to delete + ## @param docspell.joex.houseKeeping.cleanupJobs.deleteBatch how many jobs are deleted in one transaction + ## @param docspell.joex.houseKeeping.cleanupDownloads.enabled Whether to delete cached zip files for past downloads + ## @param docspell.joex.houseKeeping.cleanupDownloads.olderThan The minimum age of a download file to be deleted + ## @param docspell.joex.houseKeeping.cleanupNodes.enabled Whether to delete node entries that are not reachable anymore + ## @param docspell.joex.houseKeeping.cleanupNodes.minNotFound How often the node must be unreachable, before it's removed + ## @param docspell.joex.houseKeeping.integrityCheck.enabled Whether to check all files against their checksum + houseKeeping: + schedule: "Sun *-*-* 00:00:00 UTC" + cleanupInvites: + enabled: true + olderThan: "30 days" + cleanupRememberMe: + enabled: true + olderThan: "30 days" + cleanupJobs: + enabled: true + olderThan: "30 days" + deleteBatch: 100 + cleanupDownloads: + enabled: true + olderThan: "14 days" + cleanupNodes: + enabled: true + minNotFound: 2 + integrityCheck: + enabled: true + ## @param docspell.joex.updateCheck.enabled Whether to periodically check for new releases of docspell + ## @param docspell.joex.updateCheck.testRun Sends the mail without checking the latest release + ## @param docspell.joex.updateCheck.schedule When the update check should execute. Default is to run every week + ## @param docspell.joex.updateCheck.senderAccount An account id in the form of `collective/user` This user account must have at least one valid SMTP settings which are used to send the mail + ## @param docspell.joex.updateCheck.smtpId The SMTP conenction id that should be used for sending the mail + ## @param docspell.joex.updateCheck.recipients A list of recipient e-mail addresses + ## @param docspell.joex.updateCheck.subject The subject of the mail. If supports the same variables as the body + ## @param docspell.joex.updateCheck.body The body of the mail. Subject and body can contain these variables which are replaced: latestVersion, currentVersion, releasedAt. The body is processed as markdown after the variables have been replaced + updateCheck: + enabled: false + testRun: false + schedule: "Sun *-*-* 00:00:00 UTC" + senderAccount: + smtpId: + recipients: [] + # - john.doe@gmail.com + subject: "Docspell {{ latestVersion }} is available" + body: |- + Hello, + + You are currently running Docspell {{ currentVersion }}. Version *{{ latestVersion }}* + is now available, which was released on {{ releasedAt }}. Check the release page at: + + + + Have a nice day! + + Docpell Update Check + ## @param docspell.joex.convert.htmlConverter Which HTML->PDF converter command to use. (wkhtmlpdf, weasyprint) + convert: + htmlConverter: wkhtmlpdf + ## @param docspell.joex.fullTextSearch.migration.indexAllChunk Chink size to use when indexing data from the database. This many attachments are loaded into memory and pushed to the full-text index + fullTextSearch: + migration: + indexAllChink: 10 + +## @section Ingress +# +## @param ingress.enabled Enable ingress +## @param ingress.className Ingress class name +## @param ingress.annotations Ingress annotations +## @param ingress.hosts[0].host Default Ingress host +## @parem ingress.hosts[0].paths[0].path Default Ingress path +## @param ingress.hosts[0].paths[0].pathType Ingress path type +## @param ingress.tls Ingress tls settings +## @extra ingress.apiVersion specify APIVersion of ingress object. Mostly would only be used for argocd +ingress: + enabled: true + className: + annotations: + # Set a proper upload size, so that large documents can be uploaded as well. + nginx.ingress.kubernetes.io/proxy-body-size: 10G + # This is needed for the webcocket connections to work. + nginx.ingress.kubernetes.io/configuration-snippet: | + proxy_set_header Upgrade "websocket"; + proxy_set_header Connection "Upgrade"; + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: docspell.example.com + paths: + - path: / + pathType: Prefix + tls: [] + # - secretName: chart-exmaple-tls + # hosts: + # - docspell.example.com + # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar + # If helm doesn't correctly detect your ingress API version you can set it here. + # apiVersion: networking.k8s.io/v1 + +## @section ServiceAccount +# +## @param serviceAccount.create Enable the creation of a ServiceAccount for docspell +## @param serviceAccount.name Name of the created ServieAccount, defauts to release name. +## @param serviceAccount.automountServiceAccountToken Enable/disable auto mounting of the service account token +## @param serviceAccount.imagePullSecrets Image pull secrets, available to the ServiceAccount +## @param serviceAccount.annotations Custom annotations for the ServiceAccount +## @param serviceAccount.labels Custom labels for the ServiceAccount +serviceAccount: + create: false + name: "" + automountServiceAccountToken: false + imagePullSecrets: [] + # - name: private-registry-access + annotations: {} + labels: {} + +## @section Restserver +# +## @param restserver.replicaCount Number of replicas for the restserver deployment +## @param restserver.podAnnotations Annotations for the solr pod +restserver: + replicaCount: 1 + podAnnotations: {} + ## @param restserver.image.registry Image registry, e.g. gcr.io,docker.io + ## @param restserver.image.repository Image to start for this pod + ## @param restserver.image.tag Visit [Image tag](https://hub.docker.com/r/docspell/restserver/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. + ## @param restserver.image.pullPolicy Image pull policy + image: + registry: "" + repository: docspell/restserver + tag: "" + pullPolicy: IfNotPresent + + ## @param restserver.service.type Kubernetes service type for solr traffic + ## @param restserver.service.port Port number for solr traffic + ## @param restserver.service.annotations Solr service annotations + ## @param restserver.service.labels Solr service additional labels + service: + type: ClusterIP + port: 7880 + annotations: {} + labels: {} + + ## @param restserver.deployment.labels Labels for the restserver deployment + ## @param restserver.deployment.annotations Annotations for the restserver deployment to be created + ## @param restserver.deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the restserver pod + ## @param restserver.deployment.env Additional environment variables to pass to the restserver container + deployment: + labels: {} + annotations: {} + terminationGracePeriodSeconds: 60 + env: [] + + ## @param restserver.strategy.type Strategy type + ## @param restserver.strategy.rollingUpdate.maxSurge maxSurge + ## @param restserver.strategy.rollingUpdate.maxUnavailable maxUnavailable + strategy: + type: "RollingUpdate" + rollingUpdate: + maxSurge: "100%" + maxUnavailable: 0 + ## @param restserver.resources.limits.cpu CPU limit for the restserver pod + ## @param restserver.resources.limits.memory Memory limit for the restserver pod + ## @param restserver.resources.requests.cpu Requested cpu for the restserver pod + ## @param restserver.resources.requests.memory Requested memory for the restserver pod + resources: + limits: + cpu: 1 + memory: 1Gi + requests: + cpu: 0.5 + memory: 512Mi + +## @section Joex +# +## @param joex.replicaCount Number of replicas for the joex deployment +## @param joex.podAnnotations Annotations for the solr pod +## @param joex.args Additional arguments that should be passed to the pod +joex: + replicaCount: 1 + podAnnotations: {} + additionalArgs: + - -J-Xmx3G + ## @param joex.image.registry Image registry, e.g. gcr.io,docker.io + ## @param joex.image.repository Image to start for this pod + ## @param joex.image.tag Visit [Image tag](https://hub.docker.com/r/docspell/joex/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. + ## @param joex.image.pullPolicy Image pull policy + image: + registry: "" + repository: docspell/joex + tag: "" + pullPolicy: IfNotPresent + + ## @param joex.service.type Kubernetes service type for solr traffic + ## @param joex.service.port Port number for solr traffic + ## @param joex.service.annotations Solr service annotations + ## @param joex.service.labels Solr service additional labels + service: + type: ClusterIP + port: 7878 + annotations: {} + labels: {} + + ## @param joex.deployment.labels Labels for the restserver deployment + ## @param joex.deployment.annotations Annotations for the restserver deployment to be created + ## @param joex.deployment.terminationGracePeriodSeconds How long to wait until forcefully kill the restserver pod + ## @param joex.deployment.env Additional environment variables to pass to the restserver container + deployment: + labels: {} + annotations: {} + terminationGracePeriodSeconds: 60 + env: [] + + ## @param joex.strategy.type Strategy type + ## @param joex.strategy.rollingUpdate.maxSurge maxSurge + ## @param joex.strategy.rollingUpdate.maxUnavailable maxUnavailable + strategy: + type: "RollingUpdate" + rollingUpdate: + maxSurge: "100%" + maxUnavailable: 0 + ## @param joex.resources.limits.cpu CPU limit for the joex pod + ## @param joex.resources.limits.memory Memory limit for the joex pod. Make sure to change the `-J-Xmx` argument to reflect the max-memory setting + ## @param joex.resources.requests.cpu Requested cpu for the joex pod + ## @param joex.resources.requests.memory Requested memory for the joex pod + resources: + limits: + cpu: 1 + memory: 3Gi + requests: + cpu: 0.5 + memory: 1.5Gi +## @section solr +# +## @param solr.enabled Enable Apache Solr for full-text-search +## @param solr.podAnnotations Annotations for the solr pod +## @param solr.nodeSelector NodeSelector for the solr statefulset +## @param solr.affinity Affinity for the solr statefulset + +## @param solr.livenessProbe + +solr: + enabled: true + podAnnotations: {} + nodeSelector: {} + affinity: {} + ## @param solr.image.registry Image registry, e.g. gcr.io,docker.io + ## @param solr.image.repository Image to start for this pod + ## @param solr.image.tag Visit [Image tag](https://hub.docker.com/_/solr/tags?page=1&ordering=last_updated). Default is `9`. + ## @param solr.image.pullPolicy Image pull policy + image: + registry: "" + repository: solr + tag: "9" + pullPolicy: IfNotPresent + ## @param solr.service.type Kubernetes service type for solr traffic + ## @param solr.service.port Port number for solr traffic + ## @param solr.service.annotations Solr service annotations + ## @param solr.service.labels Solr service additional labels + service: + type: ClusterIP + port: 8983 + annotations: {} + labels: {} + ## @param solr.livenessProbe.enabled Enable liveness probe + ## @param solr.livenessProbe.httpGet.port Port for the http get request + ## @param solr.livenessProbe.httpGet.path URL path for the http get request + ## @param solr.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated + ## @param solr.livenessProbe.periodSeconds Period for liveness probe + ## @param solr.livenessProbe.timoutSeconds Timeout for liveness probe + livenessProbe: + enabled: true + httpGet: + port: 8983 + path: /solr/admin/info/system + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + ## @param solr.readinessProbe.enabled Enable readiness probe + ## @param solr.readinessProbe.httpGet.port Port for the http get request + ## @param solr.readinessProbe.httpGet.path URL path for the http get request + ## @param solr.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated + ## @param solr.readinessProbe.periodSeconds Period for readiness probe + ## @param solr.readinessProbe.timoutSeconds Timeout for readiness probe + readinessProbe: + enabled: true + httpGet: + path: /solr/admin/info/system + port: 8983 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 1 + + ## @param solr.resources Kubernetes resouces for solr + resources: + {} + + ## @param solr.initContainers.resources.limits Kubernetes limits for solr init containers + ## @param solr.initContainers.resources.requests.cpu cpu resource limits for solr init containers + ## @param solr.initContainers.resources.requests.memory memory limits for solr init containers + initContainers: + resources: + limits: {} + requests: + cpu: 100m + memory: 128Mi + + ## @param solr.statefulSet.labels Labels for the solr statefulset + ## @param solr.statefulSet.annotations Annotations for the solr statefulset to be created + ## @param solr.statefulSet.terminationGracePeriodSeconds How long to wait until forcefully kill the solr pod + ## @param solr.statefulSet.env Additional environment variables to pass to the solr container + statefulSet: + labels: {} + annotations: {} + terminationGracePeriodSeconds: 60 + env: [] + # - name: VARIABLE + # value: my-value + + ## @param solr.persistence.enabled Enable persistence storage for solr + ## @param solr.persistence.claimName Use an existing claim to store solr index + ## @param solr.persistence.size Size for persistence to store solr index + ## @param solr.persistence.accessModes ACcessMode for persistence + ## @param solr.persistence.storageClass Name of the storage class to use + ## @param solr.persistence.volumeName Name of persistent volume in PVC + ## @param solr.persistence.annotations.helm/sh/resource-policy Resource policy for the persistence volume claim + persistence: + enabled: true + claimName: solr-data + size: 5Gi + accessModes: ["ReadWriteOnce"] + storageClass: + volumeName: "" + annotations: + helm.sh/resource-policy: keep + +## @section PostgreSQL +# +## @param postgresql.enabled Enable PostgreSQL +## @param postgresql.global.postgresql.auth.password Password for the `dbname` user (overrides `auth.password`) +## @param postgresql.global.postgresql.auth.database Name for a custom database to create (overrides `auth.database`) +## @param postgresql.global.postgresql.auth.username Name for a custom user to create (overrides `auth.username`) +## @param postgresql.global.postgresql.service.ports.postgresql PostgreSQL service port (overrides `service.ports.postgresql`) +## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume +postgresql: + enabled: true + global: + postgresql: + auth: + database: dbname + username: dbuser + password: dbpass + service: + postgresql: 5432 + primary: + persistence: + size: 10Gi + annotations: + helm.sh/resource-policy: keep