fix: use internal address in exporter and minor doc improvements

README.md

@@ -38,7 +38,9 @@ pre-commit install --install-hooks -f
   helm install penpot ./charts/penpot -f devel/penpot.values.yaml
   ```
 
-- Access to http://localhost/
+- Access to [http://penpot.example.com/](http://penpot.example.com/) (
+  > :exclamation: You need to add `127.0.1.1  penpot.example.com` to `/etc/hosts`_
+
   > :bulb: if you disable ingress, you can exposing the app in the port 8888 with:
   > ```shell
   > kubectl port-forward service/penpot 8888:80

charts/penpot/README.md

@@ -60,7 +60,7 @@ $ helm install my-release penpot/penpot
 | config.assets.s3.secretKeys.endpointURIKey | string | `""` | The S3 endpoint URI to use from an existing secret. |
 | config.assets.s3.secretKeys.secretAccessKey | string | `""` | The S3 secret access key to use from an existing secret. |
 | config.assets.storageBackend | string | `"assets-fs"` | The storage backend for assets to use. Use `assets-fs` for filesystem, and `assets-s3` for S3. |
-| config.flags | string | `"enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"` | The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. |
+| config.flags | string | `"enable-registration enable-login-with-password disable-email-verification enable-smtp"` | The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info. |
 | config.postgresql.database | string | `"penpot"` | The PostgreSQL database to use. |
 | config.postgresql.existingSecret | string | `""` | The name of an existing secret. |
 | config.postgresql.host | string | `""` | The PostgreSQL host to connect to. Empty to use dependencies. |
@@ -114,7 +114,7 @@ $ helm install my-release penpot/penpot
 | config.providers.secretKeys.googleClientSecretKey | string | `""` | The Google client secret key to use from an existing secret. |
 | config.providers.secretKeys.oidcClientIDKey | string | `""` | The OpenID Connect client ID key to use from an existing secret. |
 | config.providers.secretKeys.oidcClientSecretKey | string | `""` | The OpenID Connect client secret key to use from an existing secret. |
-| config.publicUri | string | `"http://penpot.example.com"` | The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. |
+| config.publicUri | string | `"http://penpot.example.com"` | The public domain to serve Penpot on. **IMPORTANT:** Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain. |
 | config.redis.database | string | `"0"` | The Redis database to connect to. |
 | config.redis.host | string | `""` | The Redis host to connect to. Empty to use dependencies |
 | config.redis.port | int | `6379` | The Redis host port to use. |

charts/penpot/templates/backend-deployment.yml

@@ -52,7 +52,7 @@ spec:
             {{- omit .Values.backend.containerSecurityContext "enabled" | toYaml | nindent 12 }}
         {{- end }}
           env:
-          {{/* General settings  */}}
+            # General settings
             - name: PENPOT_PUBLIC_URI
               value: {{ .Values.config.publicUri | quote }}
             - name: PENPOT_FLAGS
@@ -65,7 +65,7 @@ spec:
           {{- end }}
             - name: PENPOT_TELEMETRY_ENABLED
               value: {{ .Values.config.telemetryEnabled | quote }}
-          {{/* PosgreSQL connection settings  */}}
+            # PosgreSQL connection settings
             - name: PENPOT_DATABASE_URI
           {{- if .Values.config.postgresql.host }}
               value: "postgresql://{{ .Values.config.postgresql.host }}:{{ .Values.config.postgresql.port }}/{{ .Values.config.postgresql.database }}"
@@ -90,14 +90,14 @@ spec:
                   name: {{ .Values.config.postgresql.existingSecret }}
                   key: {{ .Values.config.postgresql.secretKeys.passwordKey }}
           {{- end }}
-          {{/* Redis connection settings  */}}
+            # Redis connection settings
             - name: PENPOT_REDIS_URI
           {{- if .Values.config.redis.host }}
               value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"
           {{- else }}
               value: {{ print "redis://" (include "penpot.fullname" .) "-redis-master:" .Values.config.redis.port "/" .Values.config.redis.database }}
           {{- end }}
-          {{/* Assets storage settings  */}}
+            # Assets storage settings
             - name: PENPOT_ASSETS_STORAGE_BACKEND
               value: {{ .Values.config.assets.storageBackend | quote }}
           {{- if eq .Values.config.assets.storageBackend "assets-fs" }}
@@ -136,7 +136,7 @@ spec:
                   key: {{ .Values.config.assets.s3.secretKeys.endpointURIKey }}
             {{- end }}
           {{- end }}
-          {{/* SMTP settings  */}}
+            # SMTP settings
           {{- if .Values.config.smtp.enabled }}
             {{- if .Values.config.smtp.defaultFrom }}
             - name: PENPOT_SMTP_DEFAULT_FROM
@@ -183,7 +183,7 @@ spec:
               value: {{ .Values.config.smtp.ssl | quote }}
             {{- end }}
           {{- end }}
-          {{/* Google Auth provider settings  */}}
+            # Google Auth provider settings
           {{- if .Values.config.providers.google.enabled }}
             {{- if not .Values.config.providers.secretKeys.googleClientIDKey }}
             - name: PENPOT_GOOGLE_CLIENT_ID
@@ -206,7 +206,7 @@ spec:
                   key: {{ .Values.config.providers.secretKeys.googleClientSecretKey }}
             {{- end }}
           {{- end }}
-          {{/* Github Auth provider settings  */}}
+            # Github Auth provider settings
           {{- if .Values.config.providers.github.enabled }}
             {{- if not .Values.config.providers.secretKeys.githubClientIDKey }}
             - name: PENPOT_GITHUB_CLIENT_ID
@@ -229,7 +229,7 @@ spec:
                   key: {{ .Values.config.providers.secretKeys.githubClientSecretKey }}
             {{- end }}
           {{- end }}
-          {{/* Gitlab Auth provider settings  */}}
+            # Gitlab Auth provider settings
           {{- if .Values.config.providers.gitlab.enabled }}
             {{- if .Values.config.providers.gitlab.baseURI }}
             - name: PENPOT_GITLAB_BASE_URI
@@ -256,7 +256,7 @@ spec:
                   key: {{ .Values.config.providers.secretKeys.gitlabClientSecretKey }}
             {{- end }}
           {{- end }}
-          {{/* OIDC provider settings  */}}
+            # OIDC provider settings
           {{- if .Values.config.providers.oidc.enabled }}
             {{- if .Values.config.providers.oidc.baseURI }}
             - name: PENPOT_OIDC_BASE_URI
@@ -319,7 +319,7 @@ spec:
               value: {{ .Values.config.providers.oidc.userInfoSource | quote }}
             {{- end }}
           {{- end }}
-          {{/* LDAP provider settings  */}}
+            # LDAP provider settings
           {{- if .Values.config.providers.ldap.enabled }}
             {{- if .Values.config.providers.ldap.host }}
             - name: PENPOT_LDAP_HOST

charts/penpot/templates/exporter-deployment.yml

@@ -29,7 +29,7 @@ spec:
         {{- toYaml . | nindent 8 }}
     {{- end }}
       serviceAccountName: {{ include "penpot.serviceAccountName" . }}
-    {{ if .Values.exporter.podSecurityContext.enabled }}
+    {{- if .Values.exporter.podSecurityContext.enabled }}
       securityContext:
         {{- omit .Values.exporter.podSecurityContext "enabled" | toYaml | nindent 8 }}
     {{- end }}
@@ -37,13 +37,13 @@ spec:
         - name: {{ .Chart.Name }}-exporter
           image: "{{ .Values.exporter.image.repository }}:{{ .Values.exporter.image.tag }}"
           imagePullPolicy: {{ .Values.exporter.image.imagePullPolicy }}
-        {{ if .Values.exporter.containerSecurityContext.enabled }}
+        {{- if .Values.exporter.containerSecurityContext.enabled }}
           securityContext:
             {{- omit .Values.exporter.containerSecurityContext "enabled" | toYaml | nindent 12 }}
         {{- end }}
           env:
             - name: PENPOT_PUBLIC_URI
-              value: {{ .Values.config.publicURI | quote }}
+              value: {{ print "http://" (include "penpot.fullname" .) ":" .Values.frontend.service.port }}
             - name: PENPOT_REDIS_URI
           {{- if .Values.config.redis.host }}
               value: "redis://{{ .Values.config.redis.host }}:{{ .Values.config.redis.port }}/{{ .Values.config.redis.database }}"

charts/penpot/values.yaml

@@ -32,12 +32,13 @@ serviceAccount:
   name: "penpot"
 
 config:
-  # -- The public domain to serve Penpot on. Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
+  # -- The public domain to serve Penpot on.
+  # **IMPORTANT:** Set `disable-secure-session-cookies` in the flags if you plan on serving it on a non HTTPS domain.
   # @section -- Configuration parameters
   publicUri: "http://penpot.example.com"
   # -- The feature flags to enable. Check [the official docs](https://help.penpot.app/technical-guide/configuration/) for more info.
   # @section -- Configuration parameters
-  flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server"
+  flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp"
   # -- A random secret key needed for persistent user sessions. Generate with `python3 -c "import secrets; print(secrets.token_urlsafe(64))"` for example.
   # @section -- Configuration parameters
   apiSecretKey: "kmZ96pAxhTgk3HZvvBkPeVTspGBneKVLEpO_3ecORs_gwACENZ77z05zCe7skvPsQ3jI3QgkULQOWCuLjmjQsg"

devel/penpot.values.yaml

@@ -4,25 +4,30 @@ global:
   redisEnabled: true
 
 config:
-  publicUri: "http://localhost"
+  publicUri: "http://penpot.example.com"
   apiSecretKey: "my-secret-key"
+  flags: "enable-registration enable-login-with-password disable-email-verification enable-smtp disable-secure-session-cookies"
 
 #backend:
 #  replicaCount: 2
 
 #frontend:
 #  replicaCount: 2
-
+#
 #exporter:
 #  replicaCount: 2
+#  podSecurityContext:
+#    enabled: false
+#  containerSecurityContext:
+#    enabled: false
 
 persistence:
   assets:
     enabled: true
-  exporter:
+#  exporter:
-    enabled: true
+#    enabled: true
 
 ingress:
   enabled: true
   hosts:
-    - "localhost"
+    - "penpot.example.com"