diff --git a/Dockerfile b/Dockerfile index 89ee616c..23f26b70 100644 --- a/Dockerfile +++ b/Dockerfile @@ -87,10 +87,6 @@ RUN wget https://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types # Copy entrypoint COPY ./docker/files/usr/local/bin/entrypoint /usr/local/bin/entrypoint -# Copy configuration -VOLUME [ "/configuration" ] -COPY ./configuration /configuration - # Give the "root" group the same permissions as the "root" user on /etc/passwd # to allow a user belonging to the root group to add new users; typically the # docker user (see entrypoint). diff --git a/configuration/theme/default.json b/src/helm/env.d/dev/configuration/theme/demo.json similarity index 100% rename from configuration/theme/default.json rename to src/helm/env.d/dev/configuration/theme/demo.json diff --git a/src/helm/env.d/dev/values.impress.yaml.gotmpl b/src/helm/env.d/dev/values.impress.yaml.gotmpl index 28686782..1136ac43 100644 --- a/src/helm/env.d/dev/values.impress.yaml.gotmpl +++ b/src/helm/env.d/dev/values.impress.yaml.gotmpl @@ -87,6 +87,10 @@ backend: python manage.py createsuperuser --email admin@example.com --password admin restartPolicy: Never + themeCustomization: + enabled: true + file_content: {{ readFile "./configuration/theme/demo.json" }} + # Extra volume mounts to manage our local custom CA and avoid to set ssl_verify: false extraVolumeMounts: - name: certs @@ -101,7 +105,6 @@ backend: items: - key: cacert.pem path: cacert.pem - frontend: envVars: PORT: 8080 diff --git a/src/helm/impress/README.md b/src/helm/impress/README.md index 4b72802a..18a1f23c 100644 --- a/src/helm/impress/README.md +++ b/src/helm/impress/README.md @@ -4,78 +4,78 @@ ### General configuration -| Name | Description | Value | -| -------------------------------------------------------------------------------------- | ---------------------------------------------------- | -------------------------------------------------------------------- | -| `image.repository` | Repository to use to pull impress's container image | `lasuite/impress-backend` | -| `image.tag` | impress's container tag | `latest` | -| `image.pullPolicy` | Container image pull policy | `IfNotPresent` | -| `image.credentials.username` | Username for container registry authentication | | -| `image.credentials.password` | Password for container registry authentication | | -| `image.credentials.registry` | Registry url for which the credentials are specified | | -| `image.credentials.name` | Name of the generated secret for imagePullSecrets | | -| `nameOverride` | Override the chart name | `""` | -| `fullnameOverride` | Override the full application name | `""` | -| `ingress.enabled` | whether to enable the Ingress or not | `false` | -| `ingress.className` | IngressClass to use for the Ingress | `nil` | -| `ingress.host` | Host for the Ingress | `impress.example.com` | -| `ingress.path` | Path to use for the Ingress | `/` | -| `ingress.hosts` | Additional host to configure for the Ingress | `[]` | -| `ingress.tls.enabled` | Weather to enable TLS for the Ingress | `true` | -| `ingress.tls.secretName` | Secret name for TLS config | `nil` | -| `ingress.tls.additional[].secretName` | Secret name for additional TLS config | | -| `ingress.tls.additional[].hosts[]` | Hosts for additional TLS config | | -| `ingress.customBackends` | Add custom backends to ingress | `[]` | -| `ingressCollaborationWS.enabled` | whether to enable the Ingress or not | `false` | -| `ingressCollaborationWS.className` | IngressClass to use for the Ingress | `nil` | -| `ingressCollaborationWS.host` | Host for the Ingress | `impress.example.com` | -| `ingressCollaborationWS.path` | Path to use for the Ingress | `/collaboration/ws/` | -| `ingressCollaborationWS.hosts` | Additional host to configure for the Ingress | `[]` | -| `ingressCollaborationWS.tls.enabled` | Weather to enable TLS for the Ingress | `true` | -| `ingressCollaborationWS.tls.secretName` | Secret name for TLS config | `nil` | -| `ingressCollaborationWS.tls.additional[].secretName` | Secret name for additional TLS config | | -| `ingressCollaborationWS.tls.additional[].hosts[]` | Hosts for additional TLS config | | -| `ingressCollaborationWS.customBackends` | Add custom backends to ingress | `[]` | -| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/auth-response-headers` | | `Authorization, X-Can-Edit, X-User-Id` | -| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/auth-url` | | `https://impress.example.com/api/v1.0/documents/collaboration-auth/` | -| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/enable-websocket` | | `true` | -| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/proxy-read-timeout` | | `86400` | -| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/proxy-send-timeout` | | `86400` | -| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/upstream-hash-by` | | `$arg_room` | -| `ingressCollaborationApi.enabled` | whether to enable the Ingress or not | `false` | -| `ingressCollaborationApi.className` | IngressClass to use for the Ingress | `nil` | -| `ingressCollaborationApi.host` | Host for the Ingress | `impress.example.com` | -| `ingressCollaborationApi.path` | Path to use for the Ingress | `/collaboration/api/` | -| `ingressCollaborationApi.hosts` | Additional host to configure for the Ingress | `[]` | -| `ingressCollaborationApi.tls.enabled` | Weather to enable TLS for the Ingress | `true` | -| `ingressCollaborationApi.tls.secretName` | Secret name for TLS config | `nil` | -| `ingressCollaborationApi.tls.additional[].secretName` | Secret name for additional TLS config | | -| `ingressCollaborationApi.tls.additional[].hosts[]` | Hosts for additional TLS config | | -| `ingressCollaborationApi.customBackends` | Add custom backends to ingress | `[]` | -| `ingressCollaborationApi.annotations.nginx.ingress.kubernetes.io/upstream-hash-by` | | `$arg_room` | -| `ingressAdmin.enabled` | whether to enable the Ingress or not | `false` | -| `ingressAdmin.className` | IngressClass to use for the Ingress | `nil` | -| `ingressAdmin.host` | Host for the Ingress | `impress.example.com` | -| `ingressAdmin.path` | Path to use for the Ingress | `/admin` | -| `ingressAdmin.hosts` | Additional host to configure for the Ingress | `[]` | -| `ingressAdmin.tls.enabled` | Weather to enable TLS for the Ingress | `true` | -| `ingressAdmin.tls.secretName` | Secret name for TLS config | `nil` | -| `ingressAdmin.tls.additional[].secretName` | Secret name for additional TLS config | | -| `ingressAdmin.tls.additional[].hosts[]` | Hosts for additional TLS config | | -| `ingressMedia.enabled` | whether to enable the Ingress or not | `false` | -| `ingressMedia.className` | IngressClass to use for the Ingress | `nil` | -| `ingressMedia.host` | Host for the Ingress | `impress.example.com` | -| `ingressMedia.path` | Path to use for the Ingress | `/media/(.*)` | -| `ingressMedia.hosts` | Additional host to configure for the Ingress | `[]` | -| `ingressMedia.tls.enabled` | Weather to enable TLS for the Ingress | `true` | -| `ingressMedia.tls.secretName` | Secret name for TLS config | `nil` | -| `ingressMedia.tls.additional[].secretName` | Secret name for additional TLS config | | -| `ingressMedia.tls.additional[].hosts[]` | Hosts for additional TLS config | | -| `ingressMedia.annotations.nginx.ingress.kubernetes.io/auth-url` | | `https://impress.example.com/api/v1.0/documents/media-auth/` | -| `ingressMedia.annotations.nginx.ingress.kubernetes.io/auth-response-headers` | | `Authorization, X-Amz-Date, X-Amz-Content-SHA256` | -| `ingressMedia.annotations.nginx.ingress.kubernetes.io/upstream-vhost` | | `minio.impress.svc.cluster.local:9000` | -| `serviceMedia.host` | | `minio.impress.svc.cluster.local` | -| `serviceMedia.port` | | `9000` | -| `serviceMedia.annotations` | | `{}` | +| Name | Description | Value | +| ----------------------------------------------------------------------------------- | ---------------------------------------------------- | ------------------------------------------------------------------ | +| `image.repository` | Repository to use to pull impress's container image | `lasuite/impress-backend` | +| `image.tag` | impress's container tag | `latest` | +| `image.pullPolicy` | Container image pull policy | `IfNotPresent` | +| `image.credentials.username` | Username for container registry authentication | | +| `image.credentials.password` | Password for container registry authentication | | +| `image.credentials.registry` | Registry url for which the credentials are specified | | +| `image.credentials.name` | Name of the generated secret for imagePullSecrets | | +| `nameOverride` | Override the chart name | `""` | +| `fullnameOverride` | Override the full application name | `""` | +| `ingress.enabled` | whether to enable the Ingress or not | `false` | +| `ingress.className` | IngressClass to use for the Ingress | `nil` | +| `ingress.host` | Host for the Ingress | `impress.example.com` | +| `ingress.path` | Path to use for the Ingress | `/` | +| `ingress.hosts` | Additional host to configure for the Ingress | `[]` | +| `ingress.tls.enabled` | Weather to enable TLS for the Ingress | `true` | +| `ingress.tls.secretName` | Secret name for TLS config | `nil` | +| `ingress.tls.additional[].secretName` | Secret name for additional TLS config | | +| `ingress.tls.additional[].hosts[]` | Hosts for additional TLS config | | +| `ingress.customBackends` | Add custom backends to ingress | `[]` | +| `ingressCollaborationWS.enabled` | whether to enable the Ingress or not | `false` | +| `ingressCollaborationWS.className` | IngressClass to use for the Ingress | `nil` | +| `ingressCollaborationWS.host` | Host for the Ingress | `impress.example.com` | +| `ingressCollaborationWS.path` | Path to use for the Ingress | `/collaboration/ws/` | +| `ingressCollaborationWS.hosts` | Additional host to configure for the Ingress | `[]` | +| `ingressCollaborationWS.tls.enabled` | Weather to enable TLS for the Ingress | `true` | +| `ingressCollaborationWS.tls.secretName` | Secret name for TLS config | `nil` | +| `ingressCollaborationWS.tls.additional[].secretName` | Secret name for additional TLS config | | +| `ingressCollaborationWS.tls.additional[].hosts[]` | Hosts for additional TLS config | | +| `ingressCollaborationWS.customBackends` | Add custom backends to ingress | `[]` | +| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/enable-websocket` | | `true` | +| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/proxy-read-timeout` | | `86400` | +| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/proxy-send-timeout` | | `86400` | +| `ingressCollaborationWS.annotations.nginx.ingress.kubernetes.io/upstream-hash-by` | | `$arg_room` | +| `ingressCollaborationApi.enabled` | whether to enable the Ingress or not | `false` | +| `ingressCollaborationApi.className` | IngressClass to use for the Ingress | `nil` | +| `ingressCollaborationApi.host` | Host for the Ingress | `impress.example.com` | +| `ingressCollaborationApi.path` | Path to use for the Ingress | `/collaboration/api/` | +| `ingressCollaborationApi.hosts` | Additional host to configure for the Ingress | `[]` | +| `ingressCollaborationApi.tls.enabled` | Weather to enable TLS for the Ingress | `true` | +| `ingressCollaborationApi.tls.secretName` | Secret name for TLS config | `nil` | +| `ingressCollaborationApi.tls.additional[].secretName` | Secret name for additional TLS config | | +| `ingressCollaborationApi.tls.additional[].hosts[]` | Hosts for additional TLS config | | +| `ingressCollaborationApi.customBackends` | Add custom backends to ingress | `[]` | +| `ingressCollaborationApi.annotations.nginx.ingress.kubernetes.io/upstream-hash-by` | | `$arg_room` | +| `ingressAdmin.enabled` | whether to enable the Ingress or not | `false` | +| `ingressAdmin.className` | IngressClass to use for the Ingress | `nil` | +| `ingressAdmin.host` | Host for the Ingress | `impress.example.com` | +| `ingressAdmin.path` | Path to use for the Ingress | `/admin` | +| `ingressAdmin.hosts` | Additional host to configure for the Ingress | `[]` | +| `ingressAdmin.tls.enabled` | Weather to enable TLS for the Ingress | `true` | +| `ingressAdmin.tls.secretName` | Secret name for TLS config | `nil` | +| `ingressAdmin.tls.additional[].secretName` | Secret name for additional TLS config | | +| `ingressAdmin.tls.additional[].hosts[]` | Hosts for additional TLS config | | +| `ingressMedia.enabled` | whether to enable the Ingress or not | `false` | +| `ingressMedia.className` | IngressClass to use for the Ingress | `nil` | +| `ingressMedia.host` | Host for the Ingress | `impress.example.com` | +| `ingressMedia.path` | Path to use for the Ingress | `/media/(.*)` | +| `ingressMedia.hosts` | Additional host to configure for the Ingress | `[]` | +| `ingressMedia.tls.enabled` | Weather to enable TLS for the Ingress | `true` | +| `ingressMedia.tls.secretName` | Secret name for TLS config | `nil` | +| `ingressMedia.tls.additional[].secretName` | Secret name for additional TLS config | | +| `ingressMedia.tls.additional[].hosts[]` | Hosts for additional TLS config | | +| `ingressMedia.annotations.nginx.ingress.kubernetes.io/auth-url` | | `https://impress.example.com/api/v1.0/documents/media-auth/` | +| `ingressMedia.annotations.nginx.ingress.kubernetes.io/auth-response-headers` | | `Authorization, X-Amz-Date, X-Amz-Content-SHA256` | +| `ingressMedia.annotations.nginx.ingress.kubernetes.io/upstream-vhost` | | `minio.impress.svc.cluster.local:9000` | +| `ingressMedia.annotations.nginx.ingress.kubernetes.io/configuration-snippet` | | `add_header Content-Security-Policy "default-src 'none'" always; +` | +| `serviceMedia.host` | | `minio.impress.svc.cluster.local` | +| `serviceMedia.port` | | `9000` | +| `serviceMedia.annotations` | | `{}` | ### backend @@ -132,6 +132,8 @@ | `backend.extraVolumeMounts` | Additional volumes to mount on the backend. | `[]` | | `backend.extraVolumes` | Additional volumes to mount on the backend. | `[]` | | `backend.pdb.enabled` | Enable pdb on backend | `true` | +| `backend.themeCustomization.enabled` | Enable theme customization | `false` | +| `backend.themeCustomization.file_content` | Content of the theme customization file. Must be a json object. | `""` | ### frontend diff --git a/src/helm/impress/templates/backend_deployment.yaml b/src/helm/impress/templates/backend_deployment.yaml index 192f7a08..bb2ff68d 100644 --- a/src/helm/impress/templates/backend_deployment.yaml +++ b/src/helm/impress/templates/backend_deployment.yaml @@ -90,6 +90,11 @@ spec: subPath: {{ .subPath | default "" }} readOnly: {{ .readOnly }} {{- end }} + {{- if .Values.backend.themeCustomization.enabled }} + - name: theme-customization + mountPath: {{ .Values.backend.themeCustomization.mount_path }} + readOnly: true + {{- end }} {{- with .Values.backend.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -117,6 +122,11 @@ spec: claimName: "{{ $fullName }}-{{ $name }}" {{- end }} {{- end }} + {{- if .Values.backend.themeCustomization.enabled }} + - name: theme-customization + configMap: + name: docs-theme-customization + {{- end }} {{- range .Values.backend.extraVolumes }} - name: {{ .name }} {{- if .existingClaim }} diff --git a/src/helm/impress/templates/theme_customization_file_cm.yaml b/src/helm/impress/templates/theme_customization_file_cm.yaml new file mode 100644 index 00000000..77869638 --- /dev/null +++ b/src/helm/impress/templates/theme_customization_file_cm.yaml @@ -0,0 +1,10 @@ +{{- if .Values.backend.themeCustomization.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: docs-theme-customization + namespace: {{ .Release.Namespace }} +data: + default.json: | + {{ .Values.backend.themeCustomization.file_content | toJson | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/src/helm/impress/values.yaml b/src/helm/impress/values.yaml index eeb06224..9d6a16d3 100644 --- a/src/helm/impress/values.yaml +++ b/src/helm/impress/values.yaml @@ -162,6 +162,7 @@ ingressMedia: ## @param ingressMedia.annotations.nginx.ingress.kubernetes.io/auth-url ## @param ingressMedia.annotations.nginx.ingress.kubernetes.io/auth-response-headers ## @param ingressMedia.annotations.nginx.ingress.kubernetes.io/upstream-vhost + ## @param ingressMedia.annotations.nginx.ingress.kubernetes.io/configuration-snippet annotations: nginx.ingress.kubernetes.io/auth-url: https://impress.example.com/api/v1.0/documents/media-auth/ nginx.ingress.kubernetes.io/auth-response-headers: "Authorization, X-Amz-Date, X-Amz-Content-SHA256" @@ -310,6 +311,16 @@ backend: pdb: enabled: true + ## @param backend.themeCustomization.enabled Enable theme customization + ## @param backend.themeCustomization.file_content Content of the theme customization file. Must be a json object. + ## @param backend.themeCustomization.mount_path Path where the customization file will be mounted in the backend deployment. + themeCustomization: + enabled: false + file_content: "" + mount_path: /app/configuration/theme/ + + + ## @section frontend frontend: