Merge branch 'master' into 28-update-nextcloud-dependency-charts-to-work-with-k8s-1-16

5f5532e6 · Maarten de Waard · 951d0b74 · b5f54e09 · 5f5532e6 · 5f5532e6
Verified Commit 5f5532e6 authored 5 years ago by Maarten de Waard
--- a/templates/_nextcloud-specs.tpl
+++ b/templates/_nextcloud-specs.tpl
@@ -22,7 +22,7 @@ runAsGroup: 33
 - name: nextcloud-data
  mountPath: /var/www/html/themes
  subPath: themes
- name: onlyoffice-config
+- name: nextcloud-config
  mountPath: /var/local
 {{- end }}
 {{/* Set environment variables that are needed for the nextcloud setup */}}
@@ -83,7 +83,7 @@ runAsGroup: 33
 {{- else }}
  emptyDir: {}
 {{- end }}
- name: onlyoffice-config
+- name: nextcloud-config
  configMap:
-    name: {{ .Release.Name }}-onlyoffice-config
+    name: {{ .Release.Name }}-nextcloud-config
 {{- end}}
--- a/templates/onlyoffice-config.yaml
+++ b/templates/onlyoffice-config.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: "{{ .Release.Name }}-onlyoffice-config"
+  name: "{{ .Release.Name }}-nextcloud-config"
  labels:
    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
    app.kubernetes.io/instance: {{ .Release.Name | quote }}
@@ -25,12 +25,23 @@ data:
        }
      }
    }
+  social-login-config.json: |
+    {
+      "apps": {
+        "sociallogin": {
+          "auto_create_groups": "1",
+           "custom_oidc_providers": "[{\"name\":\"oas\",\"title\":\"OpenAppStack\",\"authorizeUrl\":\"https:\\\/\\\/{{ .Values.sociallogin.server_name }}\\\/oauth2\\\/auth\",\"tokenUrl\":\"https:\\\/\\\/{{ .Values.sociallogin.server_name}}\\\/oauth2\\\/token\",\"userInfoUrl\":\"https:\\\/\\\/{{ .Values.sociallogin.server_name }}\\\/userinfo\",\"logoutUrl\":\"\",\"clientId\":\"{{ .Values.sociallogin.client_id }}\",\"clientSecret\":\"{{ .Values.sociallogin.client_secret | default "" }}\",\"scope\":\"openid profile email openappstack_roles\",\"groupsClaim\":\"{{ .Values.sociallogin.groups_claim }}\",\"style\":\"\",\"defaultGroup\":\"\",\"groupMapping\":{\"admin\":\"admin\"}}]",
+           "update_profile_on_login": "1"
+        }
+      }
+    }
  setup-apps.sh: |
    #!/bin/bash

    set -ev
    # Debug: place the json file in a persistent location for reuse
    cp /var/local/onlyoffice-config.json /var/www/html/
+    cp /var/local/social-login-config.json /var/www/html/
    {{- range .Values.apps }}
    # -- Begin {{ .name }}
    # Only install {{ .name }} if it's not installed already
@@ -45,6 +56,7 @@ data:

    # Config settings from the configmap above
    php occ config:import /var/local/onlyoffice-config.json
+    php occ config:import /var/local/social-login-config.json
  #
  # All values in config.json are applied by the nextcloud occ command
  #   config:import.

--- a/templates/onlyoffice-deployment.yaml
+++ b/templates/onlyoffice-deployment.yaml
@@ -73,10 +73,15 @@ spec:
              value: "{{ .Values.postgresql.service.port }}"
            - name: POSTGRESQL_SERVER_DB_NAME
              value: "{{ .Values.postgresql.postgresqlDatabase }}"
+            - name: SKIP_FONTS_GENERATION
+              value: "{{ .Values.onlyoffice.skipFontsGeneration }}"
          ports:
            - name: http
              containerPort: {{ .Values.onlyoffice.containerPort }}
              protocol: TCP
+            - name: spellchecker
+              containerPort: 8080
+              protocol: TCP
          resources:
            {{- toYaml .Values.onlyoffice.resources | nindent 12 }}
          securityContext:

--- a/templates/onlyoffice-ingress.yaml
+++ b/templates/onlyoffice-ingress.yaml
@@ -30,11 +30,13 @@ spec:
    - host: {{ . | quote }}
      http:
        paths:
-  {{- range $ingressPaths }}
-          - path: {{ . }}
+          - path: "/"
            backend:
              serviceName: {{ $fullName }}
              servicePort: http
-  {{- end }}
+          - path: "/spellchecker"
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: spellchecker
  {{- end }}
 {{- end }}
--- a/templates/onlyoffice-service.yaml
+++ b/templates/onlyoffice-service.yaml
@@ -14,6 +14,10 @@ spec:
      targetPort: http
      protocol: TCP
      name: http
+    - port: 8080
+      targetPort: spellchecker
+      protocol: TCP
+      name: spellchecker
  selector:
    app.kubernetes.io/name: {{ include "onlyoffice-documentserver.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
--- a/values-local.yaml.example
+++ b/values-local.yaml.example
@@ -31,8 +31,6 @@ onlyoffice:
  jwtSecret: Set any random secret for JWT here
  ingress:
    enabled: true
-    paths:
-      - "/"
    hosts:
      - "office.your.domain"

@@ -42,3 +40,33 @@ postgresql:
 rabbitmq:
  rabbitmq:
    password: Set a password for rabbitmq here
+
+# apps controls which apps will be installed and enabled in nextcloud
+apps:
+  - name: sociallogin
+    # apps[0].enabled needs to be set to true if you want to enable login via an external
+    # oauth server. In that case you need to configure all the values in `sociallogin`
+    enabled: false
+  - name: onlyoffice
+    enabled: true
+
+# sociallogin enables login via oAuth/Open-ID Connect
+sociallogin:
+  # sociallogin.server_name is the FQDN of you oAuth server. The oAuth server needs to
+  # provide the endpoints `/userinfo`, `/oauth2/token` and `/oauth2/auth` and according
+  # to the oauth2 standard it needs to be accessible via https with valid certificates
+  server_name: sso.oas.example.net
+  # sociallogin.client_id is the client name nextcloud will use to communicate with the
+  # oAuth server
+  client_id: nextcloud
+
+  ## sociallogin.client_secret is the password that nextcloud uses when communicating with
+  ## the oauth server
+  # client_secret: "YouReallyNeedToChangeThis"
+
+  # sociallogin.groups_claim is the name of a claim that the nextcloud server can retrieve
+  # by querying the `/userinfo` enfpoint of the openID Connect server. For every value in
+  # the groups_claim a corresponding group with a `oas_` prefix will be created if they don't
+  # exist yet. The user will then be added to those groups.
+  # If the claim contains the value `admin` the user will be added granted admin privileges.
+  groups_claim: "openappstack_roles"
--- a/values.yaml
+++ b/values.yaml
@@ -25,7 +25,7 @@ nextcloud:
 apps:
  # OIDC consumer
  - name: sociallogin
-    enabled: false
+    enabled: true
  # List of applications that are installed *and enabled*
  - name: onlyoffice
    enabled: true
@@ -48,6 +48,13 @@ onlyoffice:

  jwtSecret: "secret"

+  # Disable font generation during startup.
+  # This takes a long time and is not needed if you don't provide custom
+  # fonts.
+  # See https://0xacab.org/infrared/platform_wg/docker-onlyoffice-documentserver/issues/10
+  # for context.
+  skipFontsGeneration: true
+
  # Port of onlyoffice server inside docker container.
  containerPort: 8000

@@ -56,7 +63,7 @@ onlyoffice:

  image:
    repository: infrarednetwork/onlyoffice-documentserver
-    tag: 5.4.0-2-1
+    tag: 5.4.1-2
    pullPolicy: Always

  strategy: Recreate
@@ -126,3 +133,9 @@ postgresql:
 rabbitmq:
  rabbitmq:
    password: password
+
+sociallogin:
+  server_name: sso.oas.example.net
+  client_id: nextcloud
+  groups_claim: "openappstack_roles"
+  # client_secret: "YouReallyNeedToChangeThis"