diff --git a/README.md b/README.md index 6c4c7de..4f0b180 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,9 @@ pre-commit install --install-hooks -f helm install penpot ./charts/penpot -f devel/penpot.values.yaml ``` -- Access to http://localhost/ +- Access to [http://penpot.example.com/](http://penpot.example.com/) ( + > :exclamation: You need to add `127.0.1.1 penpot.example.com` to `/etc/hosts`_ + > :bulb: if you disable ingress, you can exposing the app in the port 8888 with: > ```shell > kubectl port-forward service/penpot 8888:80 diff --git a/charts/penpot/README.md b/charts/penpot/README.md index 1e5df5d..8bc0ed6 100644 --- a/charts/penpot/README.md +++ b/charts/penpot/README.md @@ -60,7 +60,7 @@ $ helm install my-release penpot/penpot | config.assets.s3.secretKeys.endpointURIKey | string | `""` | The S3 endpoint URI to use from an existing secret. | | config.assets.s3.secretKeys.secretAccessKey | string | `""` | The S3 secret access key to use from an existing secret. | | config.assets.storageBackend | string | `"assets-fs"` | The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3. | -| config.flags | string | `"enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"` | The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. | +| config.flags | string | `"enable-registration enable-login-with-password disable-email-verification enable-smtp"` | The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. | | config.postgresql.database | string | `"penpot"` | The PostgreSQL database to use. | | config.postgresql.existingSecret | string | `""` | The name of an existing secret. | | config.postgresql.host | string | `""` | The PostgreSQL host to connect to. Empty to use dependencies. | @@ -114,7 +114,7 @@ $ helm install my-release penpot/penpot | config.providers.secretKeys.googleClientSecretKey | string | `""` | The Google client secret key to use from an existing secret. | | config.providers.secretKeys.oidcClientIDKey | string | `""` | The OpenID Connect client ID key to use from an existing secret. | | config.providers.secretKeys.oidcClientSecretKey | string | `""` | The OpenID Connect client secret key to use from an existing secret. | -| config.publicUri | string | `"http://penpot.example.com"` | The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. | +| config.publicUri | string | `"http://penpot.example.com"` | The public domain to serve Penpot on. **IMPORTANT:** Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. | | config.redis.database | string | `"0"` | The Redis database to connect to. | | config.redis.host | string | `""` | The Redis host to connect to. Empty to use dependencies | | config.redis.port | int | `6379` | The Redis host port to use. | diff --git a/charts/penpot/templates/backend-deployment.yml b/charts/penpot/templates/backend-deployment.yml index 10662ad..5ac8939 100644 --- a/charts/penpot/templates/backend-deployment.yml +++ b/charts/penpot/templates/backend-deployment.yml @@ -52,7 +52,7 @@ spec: {{- omit .Values.backend.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} env: - {{/* General settings */}} + # General settings - name: PENPOT_PUBLIC_URI value: {{ .Values.config.publicUri | quote }} - name: PENPOT_FLAGS @@ -65,7 +65,7 @@ spec: {{- end }} - name: PENPOT_TELEMETRY_ENABLED value: {{ .Values.config.telemetryEnabled | quote }} - {{/* PosgreSQL connection settings */}} + # PosgreSQL connection settings - name: PENPOT_DATABASE_URI {{- if .Values.config.postgresql.host }} value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}" @@ -90,14 +90,14 @@ spec: name: {{ .Values.config.postgresql.existingSecret }} key: {{ .Values.config.postgresql.secretKeys.passwordKey }} {{- end }} - {{/* Redis connection settings */}} + # Redis connection settings - name: PENPOT_REDIS_URI {{- if .Values.config.redis.host }} value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}" {{- else }} value: {{ print "redis://" (include "penpot.fullname" .) "-redis-master:" .Values.config.redis.port "/" .Values.config.redis.database }} {{- end }} - {{/* Assets storage settings */}} + # Assets storage settings - name: PENPOT_ASSETS_STORAGE_BACKEND value: {{ .Values.config.assets.storageBackend | quote }} {{- if eq .Values.config.assets.storageBackend "assets-fs" }} @@ -136,7 +136,7 @@ spec: key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }} {{- end }} {{- end }} - {{/* SMTP settings */}} + # SMTP settings {{- if .Values.config.smtp.enabled }} {{- if .Values.config.smtp.defaultFrom }} - name: PENPOT_SMTP_DEFAULT_FROM @@ -183,7 +183,7 @@ spec: value: {{ .Values.config.smtp.ssl | quote }} {{- end }} {{- end }} - {{/* Google Auth provider settings */}} + # Google Auth provider settings {{- if .Values.config.providers.google.enabled }} {{- if not .Values.config.providers.secretKeys.googleClientIDKey }} - name: PENPOT_GOOGLE_CLIENT_ID @@ -206,7 +206,7 @@ spec: key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }} {{- end }} {{- end }} - {{/* Github Auth provider settings */}} + # Github Auth provider settings {{- if .Values.config.providers.github.enabled }} {{- if not .Values.config.providers.secretKeys.githubClientIDKey }} - name: PENPOT_GITHUB_CLIENT_ID @@ -229,7 +229,7 @@ spec: key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }} {{- end }} {{- end }} - {{/* Gitlab Auth provider settings */}} + # Gitlab Auth provider settings {{- if .Values.config.providers.gitlab.enabled }} {{- if .Values.config.providers.gitlab.baseURI }} - name: PENPOT_GITLAB_BASE_URI @@ -256,7 +256,7 @@ spec: key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }} {{- end }} {{- end }} - {{/* OIDC provider settings */}} + # OIDC provider settings {{- if .Values.config.providers.oidc.enabled }} {{- if .Values.config.providers.oidc.baseURI }} - name: PENPOT_OIDC_BASE_URI @@ -319,7 +319,7 @@ spec: value: {{ .Values.config.providers.oidc.userInfoSource | quote }} {{- end }} {{- end }} - {{/* LDAP provider settings */}} + # LDAP provider settings {{- if .Values.config.providers.ldap.enabled }} {{- if .Values.config.providers.ldap.host }} - name: PENPOT_LDAP_HOST diff --git a/charts/penpot/templates/exporter-deployment.yml b/charts/penpot/templates/exporter-deployment.yml index ee89326..3575715 100644 --- a/charts/penpot/templates/exporter-deployment.yml +++ b/charts/penpot/templates/exporter-deployment.yml @@ -29,7 +29,7 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "penpot.serviceAccountName" . }} - {{ if .Values.exporter.podSecurityContext.enabled }} + {{- if .Values.exporter.podSecurityContext.enabled }} securityContext: {{- omit .Values.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} @@ -37,13 +37,13 @@ spec: - name: {{ .Chart.Name }}-exporter image: "{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}" imagePullPolicy: {{ .Values.exporter.image.imagePullPolicy }} - {{ if .Values.exporter.containerSecurityContext.enabled }} + {{- if .Values.exporter.containerSecurityContext.enabled }} securityContext: {{- omit .Values.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} env: - name: PENPOT_PUBLIC_URI - value: {{ .Values.config.publicURI | quote }} + value: {{ print "http://" (include "penpot.fullname" .) ":" .Values.frontend.service.port }} - name: PENPOT_REDIS_URI {{- if .Values.config.redis.host }} value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}" diff --git a/charts/penpot/values.yaml b/charts/penpot/values.yaml index f3275b3..836471f 100644 --- a/charts/penpot/values.yaml +++ b/charts/penpot/values.yaml @@ -32,12 +32,13 @@ serviceAccount: name: "penpot" config: - # -- The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. + # -- The public domain to serve Penpot on. + # **IMPORTANT:** Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. # @section -- Configuration parameters publicUri: "http://penpot.example.com" # -- The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. # @section -- Configuration parameters - flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server" + flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp" # -- A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example. # @section -- Configuration parameters apiSecretKey: "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg" diff --git a/devel/penpot.values.yaml b/devel/penpot.values.yaml index 5b5fea9..31253a6 100644 --- a/devel/penpot.values.yaml +++ b/devel/penpot.values.yaml @@ -4,25 +4,30 @@ global: redisEnabled: true config: - publicUri: "http://localhost" + publicUri: "http://penpot.example.com" apiSecretKey: "my-secret-key" + flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp disable-secure-session-cookies" #backend: # replicaCount: 2 #frontend: # replicaCount: 2 - +# #exporter: # replicaCount: 2 +# podSecurityContext: +# enabled: false +# containerSecurityContext: +# enabled: false persistence: assets: enabled: true - exporter: - enabled: true +# exporter: +# enabled: true ingress: enabled: true hosts: - - "localhost" + - "penpot.example.com"