paulmataruso/docker-zulip
1
0
Fork 0
mirror of https://github.com/zulip/docker-zulip.git synced 2025-10-23 16:13:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add helm chart

Browse Source 
A helm chart is added for the installation of Zulip into Kubernetes
clusters. The chart is based on a version of PR #287, but contains
significant changes.

The chart depends on Bitnami helm charts for the installation of
Memcached, Postgresql, Rabbitmq and Redis.

The chart includes the possibility to add `postSetup` scripts which
are mounted to `/data/post-setup.d` and executed by the docker-zulip
Docker container.

More information can be found in the chart's README in
kubernetes/chart/zulip/README.md
This commit is contained in:
Gergo Torcsvari
2020-12-30 18:50:28 +01:00
committed by Alex Vandiver
parent 461360d332
commit 26c0b812e8
20 changed files with 943 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.gitignore vendored
View File

@@ -1,2 +1,13 @@
# OS
.DS_Store
# Various IDEs
.project
.idea/
*.tmproj
# dev files
docker-compose-dev.yml
kubernetes/*-dev.yml
kubernetes/chart/zulip/values-local.yaml
kubernetes/chart/zulip/charts/

14
README.md
View File

@@ -329,17 +329,11 @@ signing up for a cloud service is to install
### Helm charts
We are aware of two efforts at building Helm Charts for Zulip:
* [A PR to the main Helm repo](https://github.com/kubernetes/charts/pull/5168/files),
which is further along.
* [The zulip-helm project](https://github.com/armooo/zulip-helm),
which might be a helpful reference for work on this.
Read the [Helm Chart README](kubernetes/chart/zulip/README.md) to learn more
about installing Zulip on a Kubernetes cluster with Helm.
Contributions to finish either of those and get them integrated are
very welcome! If you're interested in helping with this, post on
[this thread][helm-chart-thread].
[helm-chart-thread]: https://chat.zulip.org/#narrow/stream/21-provision-help/subject/K8.20and.20Helm/near/589098
Feedback is welcome in the [helm-chart-thread]:
https://chat.zulip.org/#narrow/stream/21-provision-help/subject/K8.20and.20Helm/near/589098
### Scaling out and high availability

23
kubernetes/chart/zulip/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

28
kubernetes/chart/zulip/CHANGELOG.md Normal file
View File

@@ -0,0 +1,28 @@
## [0.3.0] - 2022-04-21
* Update dependencies:
* Helm charts:
| Repository | Name | Version |
|------------|------|---------|
| https://charts.bitnami.com/bitnami | memcached | 6.0.16 |
| https://charts.bitnami.com/bitnami | postgresql | 11.1.22 |
| https://charts.bitnami.com/bitnami | rabbitmq | 8.32.0 |
| https://charts.bitnami.com/bitnami | redis | 16.8.7 |
* Update postgres 10 to postgres 14
* Update Zulip 4.7 to 5.2
* Remove autoscaling code
* Remove readiness probe because its function is the same as the liveness probe
## [0.2.0] - 2021-11-22
* Use dependency charts from the Bitnami repository for Memcached, Rabbitmq,
Redis and PostgreSQL
* Use a StatefulSet instead of a Deployment
* Add the possibility to run postSetup scripts
## [0.1.0] - 2020-12-30
* First version of helm chart created

15
kubernetes/chart/zulip/Chart.lock Normal file
View File

@@ -0,0 +1,15 @@
dependencies:
- name: memcached
repository: https://charts.bitnami.com/bitnami
version: 6.0.16
- name: rabbitmq
repository: https://charts.bitnami.com/bitnami
version: 8.32.0
- name: redis
repository: https://charts.bitnami.com/bitnami
version: 16.8.7
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.1.22
digest: sha256:376a93b6d6df79610d9ba283727a95560378644bb006f4ffc2c19571453a5cad
generated: "2022-04-21T11:44:41.427111348+02:00"

42
kubernetes/chart/zulip/Chart.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: v2
description: Zulip is an open source threaded team chat that helps teams stay productive and focused.
name: zulip
type: application
icon: https://raw.githubusercontent.com/zulip/zulip/main/static/images/logo/zulip-icon-square.svg
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.3.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "5.2-0"
dependencies:
- name: memcached
repository: https://charts.bitnami.com/bitnami
tags:
- memcached
version: 6.0.16
- name: rabbitmq
repository: https://charts.bitnami.com/bitnami
tags:
- rabbitmq
version: 8.32.0
- name: redis
repository: https://charts.bitnami.com/bitnami
tags:
- redis
version: 16.8.7
- name: postgresql
repository: https://charts.bitnami.com/bitnami
tags:
- postgresql
# Note: values.yaml overwrites posgresql image to zulip/zulip-postgresql:14
version: 11.1.22
sources:
- https://github.com/zulip/zulip
- https://github.com/zulip/docker-zulip
- https://hub.docker.com/r/zulip/docker-zulip

146
kubernetes/chart/zulip/README.md Normal file
View File

@@ -0,0 +1,146 @@
# Zulip
![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.2-0](https://img.shields.io/badge/AppVersion-5.2--0-informational?style=flat-square)
[Zulip](https://zulip.com/) is an open source threaded team chat that helps teams stay productive and focused.
Helm chart based on https://github.com/zulip/docker-zulip
## Installation
Copy `values-local.yaml.example`, modify it as instructed in the comments, then
install with the following commands:
```
helm dependency update # Get helm dependency charts
helm install -f ./values-local.yaml zulip . # Install Zulip
```
This will show a message on how to reach your Zulip installation and how to
create your first realm. Wait for all your pods to be ready before you continue.
You can run `kubectl get pods` to their current state. Once all pods are ready,
you can run the commands to create a Realm, and you can reach Zulip following
the instructions as well.
### Installing on Minikube
You need to do a few things to make
[minikube](https://minikube.sigs.k8s.io/docs/) serve Zulip with a TLS
certificate. Without it, Zulip will not work.
If you haven't already, you need to set up `cert-manager` inside your minikube.
First, enable the "ingress" minikube addon ([more info available
here](https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/#enable-the-ingress-controller))
```
minikube addons enable ingress
```
Second, [install cert-manager into your minikube
cluster](https://cert-manager.io/docs/installation/#default-static-install):
```
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml
```
Now you'll need to add an issuer that issues self-signed certificates. Copy this
into a file, `self-signed-issuer.yaml`
```
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned
namespace: cert-manager
spec:
selfSigned: {}
```
Now apply the issuer: `kubectl apply -f self-signed-issuer.yaml`
We'll host Zulip on `zulip.local`. Add that to your `/etc/hosts` file and
point it to the IP address you get with the command `minikube ip`.
Now you're ready to follow [the installation instructions above](#installation).
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | Affinity for pod assignment. Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity |
| fullnameOverride | string | `""` | Fully override common.names.fullname template. |
| image.pullPolicy | string | `"IfNotPresent"` | Pull policy for Zulip docker image. Ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images |
| image.repository | string | `"zulip/docker-zulip"` | Defaults to hub.docker.com/zulip/docker-zulip, but can be overwritten with a full HTTPS address. |
| image.tag | string | `"5.2-0"` | Zulip image tag (immutable tags are recommended) |
| imagePullSecrets | list | `[]` | Global Docker registry secret names as an array. |
| ingress.annotations | object | `{}` | Can be used to add custom Ingress annotations. |
| ingress.enabled | bool | `false` | Enable this to use an Ingress to reach the Zulip service. |
| ingress.hosts[0] | object | `{"host":"zulip.example.com","paths":[{"path":"/"}]}` | Host for the Ingress. Should be the same as `zulip.environment.SETTING_EXTERNAL_HOST`. |
| ingress.hosts[0].paths | list | `[{"path":"/"}]` | Serves Zulip root of the chosen host domain. |
| ingress.tls | list | `[]` | Set a specific secret to read the TLS certificate from. If you use cert-manager, it will save the TLS secret here. If you do not, you need to manually create a secret with your TLS certificate. |
| livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Liveness probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes |
| memcached | object | `{"memcachedUsername":"zulip@localhost"}` | Memcached settings, see [Requirements](#Requirements). |
| nameOverride | string | `""` | Partially override common.names.fullname template (will maintain the release name). |
| nodeSelector | object | `{}` | Optionally add a nodeSelector to the Zulip pod, so it runs on a specific node. Ref: https://kubernetes.io/docs/user-guide/node-selection/ |
| podAnnotations | object | `{}` | Custom annotations to add to the Zulip Pod. |
| podLabels | object | `{}` | Custom labels to add to the Zulip Pod. |
| podSecurityContext | object | `{}` | Can be used to override the default PodSecurityContext (fsGroup, runAsUser and runAsGroup) of the Zulip _Pod_. |
| postSetup.scripts | object | `{}` | The Docker entrypoint script runs commands from `/data/post-setup.d` after the Zulip application's Setup phase has completed. Scripts can be added here as `script_filename: <script contents>` and they will be mounted in `/data/post-setup.d/script_filename`. |
| postgresql | object | `{"auth":{"database":"zulip","username":"zulip"},"image":{"repository":"zulip/zulip-postgresql","tag":14},"primary":{"containerSecurityContext":{"runAsUser":0}}}` | PostgreSQL settings, see [Requirements](#Requirements). |
| rabbitmq | object | `{"auth":{"username":"zulip"},"persistence":{"enabled":false}}` | Rabbitmq settings, see [Requirements](#Requirements). |
| redis | object | `{"architecture":"standalone","master":{"persistence":{"enabled":false}}}` | Redis settings, see [Requirements](#Requirements). |
| resources | object | `{}` | |
| securityContext | object | `{}` | Can be used to override the default SecurityContext of the Zulip _container_. |
| service | object | `{"port":80,"type":"ClusterIP"}` | Service type and port for the Kubernetes service that connects to Zulip. Default: ClusterIP, needs an Ingress to be used. |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account. |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created. |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| startupProbe | object | `{"enabled":true,"failureThreshold":30,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Startup probe values. Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes |
| statefulSetAnnotations | object | `{}` | Custom annotations to add to the Zulip StatefulSet. |
| statefulSetLabels | object | `{}` | Custom labels to add to the Zulip StatefulSet. |
| tolerations | list | `[]` | Tolerations for pod assignment. Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ |
| zulip.environment.DISABLE_HTTPS | bool | `true` | Disables HTTPS if set to "true". HTTPS and certificates are managed by the Kubernetes cluster, so by default it's disabled inside the container |
| zulip.environment.SECRETS_email_password | string | `"123456789"` | SMTP email password. |
| zulip.environment.SETTING_EMAIL_HOST | string | `""` | |
| zulip.environment.SETTING_EMAIL_HOST_USER | string | `"noreply@example.com"` | |
| zulip.environment.SETTING_EMAIL_PORT | string | `"587"` | |
| zulip.environment.SETTING_EMAIL_USE_SSL | string | `"False"` | |
| zulip.environment.SETTING_EMAIL_USE_TLS | string | `"True"` | |
| zulip.environment.SETTING_EXTERNAL_HOST | string | `"zulip.example.com"` | Domain Zulip is hosted on. |
| zulip.environment.SETTING_ZULIP_ADMINISTRATOR | string | `"admin@example.com"` | |
| zulip.environment.SSL_CERTIFICATE_GENERATION | string | `"self-signed"` | Set SSL certificate generation to self-signed because Kubernetes manages the client-facing SSL certs. |
| zulip.environment.ZULIP_AUTH_BACKENDS | string | `"EmailAuthBackend"` | |
| zulip.persistence | object | `{"accessMode":"ReadWriteOnce","enabled":true,"size":"10Gi"}` | If `persistence.existingClaim` is not set, a PVC is generated with these specifications. |
## About this helm chart
This helm chart sets up a StatefulSet that runs a Zulip pod, that in turn runs
the [docker-zulip](https://hub.docker.com/r/zulip/docker-zulip/) Dockerized
Zulip version. Configuration of Zulip happens through environment variables that
are defined in the `values.yaml` under `zulip.environment`. These environment
variables are forwarded to the Docker container, you can read more about
configuring Zulip through environment variables
[here](https://github.com/zulip/docker-zulip/#configuration).
### Dependencies
The chart uses Memcached, RabbitMQ and Redis helm charts defined in
the Bitnami Helm repository. Most of these are configured following their
default settings, but you can check
https://github.com/bitnami/charts/tree/master/bitnami/ for more configuration
options of the subcharts.
For PostgreSQL the chart also uses the Bitnami chart to install it on the
Kubernetes cluster. However, in this case we use Zulip's
[zulip-postgresql](https://hub.docker.com/r/zulip/zulip-postgresql) docker
image, because it contains the Postgresql plugins that are needed to run Zulip.
## Requirements
| Repository | Name | Version |
|------------|------|---------|
| https://charts.bitnami.com/bitnami | memcached | 6.0.16 |
| https://charts.bitnami.com/bitnami | postgresql | 11.1.22 |
| https://charts.bitnami.com/bitnami | rabbitmq | 8.32.0 |
| https://charts.bitnami.com/bitnami | redis | 16.8.7 |

92
kubernetes/chart/zulip/README.md.gotmpl Normal file
View File

@@ -0,0 +1,92 @@
# Zulip
{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
[Zulip](https://zulip.com/) is an open source threaded team chat that helps teams stay productive and focused.
Helm chart based on https://github.com/zulip/docker-zulip
## Installation
Copy `values-local.yaml.example`, modify it as instructed in the comments, then
install with the following commands:
```
helm dependency update # Get helm dependency charts
helm install -f ./values-local.yaml zulip . # Install Zulip
```
This will show a message on how to reach your Zulip installation and how to
create your first realm. Wait for all your pods to be ready before you continue.
You can run `kubectl get pods` to their current state. Once all pods are ready,
you can run the commands to create a Realm, and you can reach Zulip following
the instructions as well.
### Installing on Minikube
You need to do a few things to make
[minikube](https://minikube.sigs.k8s.io/docs/) serve Zulip with a TLS
certificate. Without it, Zulip will not work.
If you haven't already, you need to set up `cert-manager` inside your minikube.
First, enable the "ingress" minikube addon ([more info available
here](https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/#enable-the-ingress-controller))
```
minikube addons enable ingress
```
Second, [install cert-manager into your minikube
cluster](https://cert-manager.io/docs/installation/#default-static-install):
```
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml
```
Now you'll need to add an issuer that issues self-signed certificates. Copy this
into a file, `self-signed-issuer.yaml`
```
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned
namespace: cert-manager
spec:
selfSigned: {}
```
Now apply the issuer: `kubectl apply -f self-signed-issuer.yaml`
We'll host Zulip on `zulip.local`. Add that to your `/etc/hosts` file and
point it to the IP address you get with the command `minikube ip`.
Now you're ready to follow [the installation instructions above](#installation).
{{ template "chart.valuesSection" . }}
## About this helm chart
This helm chart sets up a StatefulSet that runs a Zulip pod, that in turn runs
the [docker-zulip](https://hub.docker.com/r/zulip/docker-zulip/) Dockerized
Zulip version. Configuration of Zulip happens through environment variables that
are defined in the `values.yaml` under `zulip.environment`. These environment
variables are forwarded to the Docker container, you can read more about
configuring Zulip through environment variables
[here](https://github.com/zulip/docker-zulip/#configuration).
### Dependencies
The chart uses Memcached, RabbitMQ and Redis helm charts defined in
the Bitnami Helm repository. Most of these are configured following their
default settings, but you can check
https://github.com/bitnami/charts/tree/master/bitnami/ for more configuration
options of the subcharts.
For PostgreSQL the chart also uses the Bitnami chart to install it on the
Kubernetes cluster. However, in this case we use Zulip's
[zulip-postgresql](https://hub.docker.com/r/zulip/zulip-postgresql) docker
image, because it contains the Postgresql plugins that are needed to run Zulip.
{{ template "chart.requirementsSection" . }}

8
kubernetes/chart/zulip/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,8 @@
1. To create a realm so you can sign in:
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ template "zulip.name" . }}" -o jsonpath="{.items[0].metadata.name}")
kubectl -n {{ .Release.Namespace }} exec -it "$POD_NAME" -c zulip -- sudo -u zulip /home/zulip/deployments/current/manage.py generate_realm_creation_link
2. Zulip will be available on:
https://{{ .host }}

94
kubernetes/chart/zulip/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,94 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "zulip.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "zulip.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "zulip.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "zulip.labels" -}}
helm.sh/chart: {{ include "zulip.chart" . }}
{{ include "zulip.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "zulip.selectorLabels" -}}
app.kubernetes.io/name: {{ include "zulip.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "zulip.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "zulip.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
include all env variables for Zulip pods
*/}}
{{- define "zulip.env" -}}
- name: DB_HOST
value: "{{ template "postgresql.primary.fullname" .Subcharts.postgresql }}"
- name: DB_HOST_PORT
value: "{{ template "postgresql.service.port" .Subcharts.postgresql }}"
- name: DB_USER
value: "postgres"
- name: SETTING_MEMCACHED_LOCATION
value: "{{ template "common.names.fullname" .Subcharts.memcached }}:11211"
- name: SETTING_RABBITMQ_HOST
value: "{{ template "rabbitmq.fullname" .Subcharts.rabbitmq }}"
- name: SETTING_REDIS_HOST
value: "{{ template "common.names.fullname" .Subcharts.redis }}-headless"
- name: SECRETS_rabbitmq_password
value: "{{ .Values.rabbitmq.auth.password }}"
- name: SECRETS_postgres_password
value: "{{ .Values.postgresql.auth.password }}"
- name: SECRETS_memcached_password
value: "{{ .Values.memcached.memcachedPassword }}"
- name: SECRETS_redis_password
value: "{{ .Values.redis.auth.password }}"
- name: SECRETS_secret_key
value: "{{ .Values.zulip.password }}"
{{- range $key, $value := .Values.zulip.environment }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- end }}

12
kubernetes/chart/zulip/templates/cm-post-setup-scripts.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ .Release.Name }}-post-setup-scripts"
labels:
{{- include "zulip.labels" . | nindent 4 }}
data:
{{- range $scriptName, $scriptContents := .Values.postSetup.scripts }}
{{ $scriptName }}: |
{{- $scriptContents | nindent 4 }}
{{- end }}

40
kubernetes/chart/zulip/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "zulip.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "zulip.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: ImplementationSpecific
backend:
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

27
kubernetes/chart/zulip/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,27 @@
{{- if .Values.zulip.persistence.enabled -}}
{{- if not .Values.zulip.persistence.existingClaim -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "zulip.fullname" . }}-data
labels:
{{- include "zulip.labels" . | nindent 4 }}
{{- if .Values.zulip.persistence.annotations }}
annotations:
{{ toYaml .Values.zulip.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.zulip.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.zulip.persistence.size | quote }}
{{- if .Values.zulip.persistence.storageClass }}
{{- if (eq "-" .Values.zulip.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.zulip.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end -}}
{{- end -}}

15
kubernetes/chart/zulip/templates/service.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "zulip.fullname" . }}
labels:
{{- include "zulip.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "zulip.selectorLabels" . | nindent 4 }}

12
kubernetes/chart/zulip/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "zulip.serviceAccountName" . }}
labels:
{{- include "zulip.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

104
kubernetes/chart/zulip/templates/statefulset.yaml Normal file
View File

@@ -0,0 +1,104 @@
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "zulip.fullname" . }}
labels:
{{- include "zulip.labels" . | nindent 4 }}
{{- if .Values.statefulSetLabels }}
{{- toYaml .Values.statefulSetLabels | nindent 4 }}
{{- end }}
{{- if .Values.statefulSetAnnotations }}
annotations:
{{- toYaml .Values.statefulSetAnnotations | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
{{- include "zulip.selectorLabels" . | nindent 6 }}
serviceName: {{ include "zulip.fullname" . }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "zulip.selectorLabels" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "zulip.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
volumeMounts:
- name: {{ include "zulip.fullname" . }}-persistent-storage
mountPath: /data
- name: {{ include "zulip.fullname" . }}-post-setup-scripts
mountPath: /data/post-setup.d
env:
{{ include "zulip.env" . | nindent 12 }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /
port: http
httpHeaders:
- name: Host
value: {{ .Values.zulip.environment.SETTING_EXTERNAL_HOST | quote }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
successThreshold: {{ .Values.livenessProbe.successThreshold }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
{{- end }}
{{- if .Values.startupProbe.enabled }}
startupProbe:
httpGet:
path: /
port: http
httpHeaders:
- name: Host
value: {{ .Values.zulip.environment.SETTING_EXTERNAL_HOST | quote }}
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.startupProbe.successThreshold }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
{{- end }}
volumes:
- name: {{ include "zulip.fullname" . }}-persistent-storage
persistentVolumeClaim:
claimName: {{ if .Values.zulip.persistence.existingClaim }}{{ .Values.zulip.persistence.existingClaim }}{{- else }}{{ template "zulip.fullname" . }}-data{{- end }}
- name: {{ include "zulip.fullname" . }}-post-setup-scripts
configMap:
name: {{ include "zulip.fullname" . }}-post-setup-scripts
defaultMode: 0750
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

60
kubernetes/chart/zulip/values-local.yaml.example Normal file
View File

@@ -0,0 +1,60 @@
# Replace each occurrence of "set-secure-password" with a different random
# password and uncomment it.
# Replace each occurrence of "zulip.example.com" with the domain you want Zulip
# to be reached on.
zulip:
# password: set-secure-password
# Add any other environment variables you want to configure here.
# based on; https://github.com/zulip/docker-zulip/blob/master/docker-compose.yml#L63
# these values will be merged with db secrets and hosts/ports
environment:
# Domain
SETTING_EXTERNAL_HOST: zulip.example.com
ZULIP_AUTH_BACKENDS: 'EmailAuthBackend'
# SMTP settings
SECRETS_email_password: '123456789'
SETTING_ZULIP_ADMINISTRATOR: 'admin@example.com'
SETTING_EMAIL_HOST: '' # e.g. smtp.example.com
SETTING_EMAIL_HOST_USER: 'noreply@example.com'
SETTING_EMAIL_PORT: '587'
SETTING_EMAIL_USE_SSL: 'False'
SETTING_EMAIL_USE_TLS: 'True'
ingress:
enabled: true
annotations:
# Get certificates with cert-manager
kubernetes.io/tls-acme: "true"
# Uncomment this to use the cert-manager you added to Minikube
# cert-manager.io/cluster-issuer: selfsigned
hosts:
- host: zulip.example.com
paths:
- path: /
tls:
- secretName: zulip-tls-secret
hosts:
- zulip.example.com
memcached:
# memcachedPassword: set-secure-password
rabbitmq:
auth:
# password: set-secure-password
# erlangCookie: set-secure-password
redis:
auth:
# password: set-secure-password
postgresql:
auth:
# # postgres admin user password
# postgresqlPassword: set-secure-password
# # postgres zulip user password
# password: set-secure-password

210
kubernetes/chart/zulip/values.yaml Normal file
View File

@@ -0,0 +1,210 @@
# Default values for zulip.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# If you make any changes to the documentation here, regenerate the README.md
# with:
#
# ```
# docker run --rm --volume "$(pwd):/helm-docs" -u $(id -u) jnorwood/helm-docs:latest
# ```
image:
# -- Defaults to hub.docker.com/zulip/docker-zulip, but can be overwritten with a full HTTPS address.
repository: zulip/docker-zulip
# -- Pull policy for Zulip docker image.
# Ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
pullPolicy: IfNotPresent
# -- Zulip image tag (immutable tags are recommended)
tag: "5.2-0"
# -- Global Docker registry secret names as an array.
imagePullSecrets: []
# -- Partially override common.names.fullname template (will maintain the release name).
nameOverride: ""
# -- Fully override common.names.fullname template.
fullnameOverride: ""
serviceAccount:
# -- Specifies whether a service account should be created.
create: true
# -- Annotations to add to the service account.
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# -- Custom labels to add to the Zulip StatefulSet.
statefulSetLabels: {}
# -- Custom annotations to add to the Zulip StatefulSet.
statefulSetAnnotations: {}
# -- Custom labels to add to the Zulip Pod.
podLabels: {}
# -- Custom annotations to add to the Zulip Pod.
podAnnotations: {}
# -- Can be used to override the default PodSecurityContext (fsGroup, runAsUser
# and runAsGroup) of the Zulip _Pod_.
podSecurityContext:
{}
# fsGroup: 1000
# runAsUser: 1000
# runAsGroup: 1000
# -- Can be used to override the default SecurityContext of the Zulip _container_.
securityContext:
{}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
# -- Service type and port for the Kubernetes service that connects to Zulip.
# Default: ClusterIP, needs an Ingress to be used.
service:
type: ClusterIP
port: 80
ingress:
# -- Enable this to use an Ingress to reach the Zulip service.
enabled: false
# -- Can be used to add custom Ingress annotations.
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
# -- Host for the Ingress. Should be the same as
# `zulip.environment.SETTING_EXTERNAL_HOST`.
- host: zulip.example.com
# -- Serves Zulip root of the chosen host domain.
paths:
- path: /
# -- Set a specific secret to read the TLS certificate from. If you use
# cert-manager, it will save the TLS secret here. If you do not, you need to
# manually create a secret with your TLS certificate.
tls: []
# - secretName: chart-example-tls
# hosts:
# - zulip.example.com
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# -- Optionally add a nodeSelector to the Zulip pod, so it runs on a specific
# node.
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}
# -- Tolerations for pod assignment.
# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# -- Affinity for pod assignment.
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
zulip:
# Environment variables based on https://github.com/zulip/docker-zulip/blob/master/docker-compose.yml#L63
environment:
# -- Disables HTTPS if set to "true".
# HTTPS and certificates are managed by the Kubernetes cluster, so
# by default it's disabled inside the container
DISABLE_HTTPS: true
# -- Set SSL certificate generation to self-signed because Kubernetes
# manages the client-facing SSL certs.
SSL_CERTIFICATE_GENERATION: self-signed
# -- Domain Zulip is hosted on.
SETTING_EXTERNAL_HOST: zulip.example.com
# -- SMTP email password.
SECRETS_email_password: "123456789"
SETTING_ZULIP_ADMINISTRATOR: "admin@example.com"
SETTING_EMAIL_HOST: "" # e.g. smtp.example.com
SETTING_EMAIL_HOST_USER: "noreply@example.com"
SETTING_EMAIL_PORT: "587"
SETTING_EMAIL_USE_SSL: "False"
SETTING_EMAIL_USE_TLS: "True"
ZULIP_AUTH_BACKENDS: "EmailAuthBackend"
# -- If `persistence.existingClaim` is not set, a PVC is generated with these
# specifications.
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 10Gi
# existingClaim: "" # Use an already existing PVC
# -- Liveness probe values.
# Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
livenessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
# -- Startup probe values.
# Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
startupProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 30
successThreshold: 1
postSetup:
# -- The Docker entrypoint script runs commands from `/data/post-setup.d` after
# the Zulip application's Setup phase has completed. Scripts can be added here
# as `script_filename: <script contents>` and they will be mounted in
# `/data/post-setup.d/script_filename`.
scripts:
{}
# scriptName.sh: |
# #!/bin/bash
# echo "This is a script that gets executed in the Zulip container after installation, once migrations are complete"
# -- PostgreSQL settings, see [Requirements](#Requirements).
postgresql:
primary:
containerSecurityContext:
runAsUser: 0
# We need to override the Postgresql image to get all the plugins Zulip needs
image:
repository: zulip/zulip-postgresql
tag: 14
auth:
username: zulip
database: zulip
# -- Rabbitmq settings, see [Requirements](#Requirements).
rabbitmq:
auth:
username: zulip
# Set this to true if you need the rabbitmq to be persistent
persistence:
enabled: false
# -- Memcached settings, see [Requirements](#Requirements).
memcached:
memcachedUsername: "zulip@localhost"
# -- Redis settings, see [Requirements](#Requirements).
redis:
architecture: standalone
master:
persistence:
enabled: false

0
kubernetes/zulip-rc.yml → kubernetes/manual/zulip-rc.yml
View File

0
kubernetes/zulip-svc.yml → kubernetes/manual/zulip-svc.yml
View File