Skip to content

Commit

Permalink
Merge pull request #285 from owncloud/ainmosni/feature/default-install
Browse files Browse the repository at this point in the history 
Add development install example.
  • Loading branch information
Daniel Swärd authored May 23, 2023
2 parents 0dd149c + de6217e commit c37e17f
Show file tree
Hide file tree
Showing 2 changed files with 243 additions and 0 deletions.
54 changes: 54 additions & 0 deletions deployments/development-install/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# oCIS development deployment example

## Introduction

This example will deploy a mostly default oCIS setup to kubernetes. The intent is that this will
work "out of the box" after a `helmfile sync`.

***Note***: This example is not intended for production use. It is intended to get a working oCIS
development running in kubernetes as quickly as possible. It is not hardened in any way.

## Getting started

### Prerequisites

This example requires the following things to be installed:

- [Kubernetes](https://kubernetes.io/) cluster, with an ingress controller installed.
- [Helm](https://helm.sh/) v3
- [Helmfile](https://github.com/helmfile/helmfile)

### End result

After following the steps in this guide, you should be able to access the following endpoint, you
may want to add these to your `/etc/hosts` file pointing to your ingress controller IP:

- https://ocis.kube.owncloud.test

Note that if you want to use your own hostname and domain, you will have to change the `externalDomain` value.

### Deploying

In this directory, run the following commands:

```bash
$ helmfile sync
```

This will deploy all the needed steps.

### Logging in

You can get the admin password with the following command:

```bash
$ kubectl -n ocis get secret admin-user -o go-template --template="{{.data.password | base64decode }}"
```

You can use this password to login with the user `admin`.

### Limitations

As this is deployed with a `ReadWriteOnce` storage access mode, the deployments persistence will be limited to
a single pod. If you want to scale the pods, you will need to change the storage access mode to `ReadWriteMany`.
If you do this, please check if your storage provider supports this access mode.
189 changes: 189 additions & 0 deletions deployments/development-install/helmfile.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,189 @@
releases:
- name: ocis
chart: ../../charts/ocis
namespace: ocis
values:
- externalDomain: ocis.kube.owncloud.test
- ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
tls:
- secretName: ocis-dev-tls
hosts:
- ocis.kube.owncloud.test

- logging:
level: debug

- insecure:
oidcIdpInsecure: true
ocisHttpApiInsecure: true

- services:
idm:
persistence:
enabled: true
chownInitContainer: true
accessModes:
- ReadWriteOnce

nats:
persistence:
enabled: true
chownInitContainer: true
accessModes:
- ReadWriteOnce

search:
persistence:
enabled: true
chownInitContainer: true
accessModes:
- ReadWriteOnce

storagesystem:
persistence:
enabled: true
chownInitContainer: true
accessModes:
- ReadWriteOnce

storageusers:
persistence:
enabled: true
chownInitContainer: true
accessModes:
- ReadWriteOnce

store:
persistence:
enabled: true
chownInitContainer: true
accessModes:
- ReadWriteOnce

thumbnails:
persistence:
enabled: true
chownInitContainer: true
accessModes:
- ReadWriteOnce

- extraResources:
- |
apiVersion: v1
kind: Secret
metadata:
name: jwt-secret
type: Opaque
data:
jwt-secret: {{ randAlphaNum 30 | b64enc | quote }}
- |
apiVersion: v1
kind: Secret
metadata:
name: machine-auth-api-key
type: Opaque
data:
machine-auth-api-key: {{ randAlphaNum 30 | b64enc | quote }}
- |
apiVersion: v1
kind: Secret
metadata:
name: storage-system-jwt-secret
type: Opaque
data:
storage-system-jwt-secret: {{ randAlphaNum 30 | b64enc | quote }}
- |
apiVersion: v1
kind: Secret
metadata:
name: storage-system
type: Opaque
data:
api-key: {{ randAlphaNum 30 | b64enc | quote }}
user-id: {{ uuidv4 | b64enc | quote }}
- |
apiVersion: v1
kind: Secret
metadata:
name: transfer-secret
type: Opaque
data:
transfer-secret: {{ randAlphaNum 30 | b64enc | quote }}
- |
apiVersion: v1
kind: Secret
metadata:
name: thumbnails-transfer-secret
type: Opaque
data:
thumbnails-transfer-secret: {{ randAlphaNum 30 | b64enc | quote }}
- |
apiVersion: v1
kind: Secret
metadata:
name: ldap-bind-secrets
type: Opaque
data:
reva-ldap-bind-password: {{ randAlphaNum 30 | b64enc | quote }}
idp-ldap-bind-password: {{ randAlphaNum 30 | b64enc | quote }}
graph-ldap-bind-password: {{ randAlphaNum 30 | b64enc | quote }}
- |
apiVersion: v1
kind: Secret
metadata:
name: ldap-ca
type: Opaque
{{ $ca := genCA "ldap-ca" 365 -}}
data:
ldap-ca.crt: {{ $ca.Cert | b64enc | quote }}
- |
apiVersion: v1
kind: Secret
metadata:
name: ldap-cert
type: Opaque
{{ $lcapCert := genSignedCert "idm" nil (list "idm") 365 $ca -}}
data:
ldap.key: {{ $lcapCert.Key | b64enc | quote }}
ldap.crt: {{ $lcapCert.Cert | b64enc | quote }}
- |
apiVersion: v1
kind: Secret
metadata:
name: admin-user
type: Opaque
data:
user-id: {{ uuidv4 | b64enc | quote }}
password: {{ randAlphaNum 10 | b64enc | quote }}
- |
apiVersion: v1
kind: Secret
metadata:
name: idp-secrets
type: Opaque
data:
encryption.key: {{ randAscii 32 | b64enc | quote }}
private-key.pem: {{ genPrivateKey "rsa" | b64enc | quote }}
- |
apiVersion: v1
kind: ConfigMap
metadata:
name: storage-users
data:
storage-uuid: {{ uuidv4 | quote }}
- |
apiVersion: v1
kind: ConfigMap
metadata:
name: graph
data:
application-id: {{ uuidv4 | quote }}

0 comments on commit c37e17f

Please sign in to comment.