Skip to content

initial checkin of extra volumes, volumeMounts, environment variables…#6

Open
lknite wants to merge 2 commits intonemonik:masterfrom
lknite:add-support-for-cachain-import
Open

initial checkin of extra volumes, volumeMounts, environment variables…#6
lknite wants to merge 2 commits intonemonik:masterfrom
lknite:add-support-for-cachain-import

Conversation

@lknite
Copy link

@lknite lknite commented Jan 9, 2022
edited
Loading

These changes work for me to setup a mount with an onprem ca certificate chain in a configmap and then import that using a postStart command. The ability to set an environment variable on the front and back stateful sets was also necessary to setup the environment variables needed by the https://github.com/robrotheram/taiga-contrib-openid-auth extension/plugin.

Notes:

  1. The code was copy/pasted from nextcloud (and had the nindent values adjusted) and uses its naming method of 'extraVolumes', 'extraVolumeMounts', and 'extraEnv', however with the way you have things separated out I could have just used 'volumes', 'volumeMounts', and 'env' underneath taigaBack and taigaFront, let me know if you would prefer this.
  2. Something is up with the publicRegisterEnabled variable in the taigaBack stateful set. When I set this at the top level it does not work for the back statefulset. I had to hardcode it using a capital T as seen below.
  3. I had to add PUBLIC_REGISTER_ENABLED as a variable in the front statefulset, I can see it is in the template but it doesn't get added unless I specify it.

My values.yaml file:

env:
  publicRegisterEnabled: "true"

taigaFront:
  image:
    repository: robrotheram/taiga-front-openid
    pullPolicy: IfNotPresent
    #pullPolicy: Always
    tag: 6.4.2
    #tag: latest
  extraEnv:
  - name: ENABLE_OPENID
    value: "true"
  - name: PUBLIC_REGISTER_ENABLED
    value: "true"
  - name: OPENID_URL
    value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/auth"
  - name: OPENID_CLIENT_ID
    value: "taiga.k-dev.harmony.net"
  - name: OPENID_NAME
    value: "keycloak"
  - name: OPENID_SCOPE
    value: "openid email"

taigaBack:
  image:
    repository: robrotheram/taiga-back-openid
    pullPolicy: IfNotPresent
    #pullPolicy: Always
    tag: 6.4.2
    #tag: latest
  extraEnv:
  - name: ENABLE_OPENID
    value: "True"
  #- name: PUBLIC_REGISTER_ENABLED
  #  value: "True"
  - name: OPENID_USER_URL
    value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/userinfo"
  - name: OPENID_TOKEN_URL
    value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/token"
  - name: OPENID_CLIENT_ID
    value: "taiga.k-dev.harmony.net"
  - name: OPENID_CLIENT_SECRET
    value: "<hidden>"
  - name: OPENID_SCOPE
    value: "openid email"
  extraVolumeMounts:
  - mountPath: /tmp/ca
    name: certs
  extraVolumes:
  - name: certs
    configMap:
      name: ca-certs
      items:
      - key: "ca.crt"
        path: "ca.crt"
  lifecycle:
    postStartCommand:
    - /bin/sh
    - -c
    - "cat /tmp/ca/ca.crt >> /opt/venv/lib/python3.7/site-packages/certifi/cacert.pem"


taigaAsync:
  image:
    tag: 6.4.2
#taigaFront:
#  image:
#    tag: 6.4.2
#taigaBack:
#  image:
#    tag: 6.4.2
taigaProtected:
  image:
    tag: 6.4.0
  name: taiga

env: 
  taigaURL: "https://taiga.k-dev.harmony.net"
  postgresHost: "taiga-db"

persistence:
  media:
    ## Volume used to store the Taiga Gateway's data. Default is boolean `false`.
    ##
    enabled: true
    size: '100Mi'
    ## Sets persistent volume claim's storageClassName. Defaults to `default`.
    ##
    storageClassName: longhorn-slow
    accessMode: 'ReadWriteMany'
  static:
    ## Volume used to store the Taiga Gateway's data. Default is boolean `false`.
    ##
    enabled: true
    size: '100Mi'
    ## Sets persistent volume claim's storageClassName. Defaults to `default`.
    ##
    storageClassName: longhorn-slow
    accessMode: 'ReadWriteMany'

lknite added 2 commits January 8, 2022 16:45
@lknite
initial checkin of extra volumes, volumeMounts, environment variables…
5075561 
…, and a postStart/postEnd command around front and back statefulsets
@lknite
additional comment in values in the taigaFront section about extra en…
a47dad6 
…vironment variables and adjustment to the taigaBack PUBLIC_REGISTRY_ENABLE section, thought it wasn't working but i just had my variable set incorrectly
@lknite
Copy link
Author

lknite commented Jan 9, 2022
edited
Loading

I had two env sections, when merged my env sections publicRegisterEnabled began to work as expected. Still I added a check for true and used True with a capital T as this seems to be required in taigaBack. Also added a comment in the values file that extra env variables can also be added to front.

Updated values.yaml:

taigaFront:
  image:
    repository: robrotheram/taiga-front-openid
    pullPolicy: IfNotPresent
    #pullPolicy: Always
    tag: 6.4.2
    #tag: latest
  extraEnv:
  - name: ENABLE_OPENID
    value: "true"
  #- name: PUBLIC_REGISTER_ENABLED
  #  value: "true"
  - name: OPENID_URL
    value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/auth"
  - name: OPENID_CLIENT_ID
    value: "taiga.k-dev.harmony.net"
  - name: OPENID_NAME
    value: "keycloak"
  - name: OPENID_SCOPE
    value: "openid email"

taigaBack:
  image:
    repository: robrotheram/taiga-back-openid
    pullPolicy: IfNotPresent
    #pullPolicy: Always
    tag: 6.4.2
    #tag: latest
  extraEnv:
  - name: ENABLE_OPENID
    value: "True"
  #- name: PUBLIC_REGISTER_ENABLED
  #  value: "True"
  - name: OPENID_USER_URL
    value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/userinfo"
  - name: OPENID_TOKEN_URL
    value: "https://keycloak.k-prod.harmony.net/auth/realms/harmony/protocol/openid-connect/token"
  - name: OPENID_CLIENT_ID
    value: "taiga.k-dev.harmony.net"
  - name: OPENID_CLIENT_SECRET
    value: "<hidden>"
  - name: OPENID_SCOPE
    value: "openid email"
  extraVolumeMounts:
  - mountPath: /tmp/ca
    name: certs
  extraVolumes:
  - name: certs
    configMap:
      name: ca-certs
      items:
      - key: "ca.crt"
        path: "ca.crt"
  lifecycle:
    postStartCommand:
    - /bin/sh
    - -c
    - "cat /tmp/ca/ca.crt >> /opt/venv/lib/python3.7/site-packages/certifi/cacert.pem"


taigaAsync:
  image:
    tag: 6.4.2
#taigaFront:
#  image:
#    tag: 6.4.2
#taigaBack:
#  image:
#    tag: 6.4.2
taigaProtected:
  image:
    tag: 6.4.0
  name: taiga

env: 
  taigaURL: "https://taiga.k-dev.harmony.net"
  postgresHost: "taiga-db"
  publicRegisterEnabled: "true"

persistence:
  media:
    ## Volume used to store the Taiga Gateway's data. Default is boolean `false`.
    ##
    enabled: true
    size: '100Mi'
    ## Sets persistent volume claim's storageClassName. Defaults to `default`.
    ##
    storageClassName: longhorn-slow
    accessMode: 'ReadWriteMany'
  static:
    ## Volume used to store the Taiga Gateway's data. Default is boolean `false`.
    ##
    enabled: true
    size: '100Mi'
    ## Sets persistent volume claim's storageClassName. Defaults to `default`.
    ##
    storageClassName: longhorn-slow
    accessMode: 'ReadWriteMany'

@lknite lknite mentioned this pull request Jan 9, 2022
Open
@lknite
Copy link
Author

lknite commented Feb 5, 2022

Noticed another project, the bitnami helm chart to install argo-cd also uses these fields, so they might be something fairly standard at this point. Here's a comment of someone doing something similar: argoproj/argo-cd#4344 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lknite