Skip to content
Snippets Groups Projects
Select Git revision
  • 0b0ca13a5164bc04ecbbd4f1eb697b321a5532b6
  • master default protected
  • renovate/valkey-3.x
  • renovate/postgresql-16.x
  • revert-2ebaa23f
  • 10-celery-pods-are-listed-as-service-endpoint
  • 11-empty-replicasets-are-persisting
  • support-ceph-s3
  • 2-enable-celery
  • 0.4.4
  • 0.4.3
  • 0.4.2
  • 0.4.1
  • 0.4.0
  • 0.3.1
  • 0.1.1
16 results

README.rst

Blame
    • magicfelix's avatar
    Fix typo
    magicfelix authored
    8e917534
    History
    magicfelix's avatar 8e917534
    History
    README.rst 10.99 KiB

    ☸ Helm chart for deploying AlekSIS on Kubernetes

    This Helm chart helps deploying AlekSIS on Kubernetes clusters.

    Kubernetes is a container-based deployment solution, that allows coordinating containerised applications; and Helm is a utility that helps generating and applying such deployments.

    Chart features

    • Deploy any variant of AlekSIS
      • Core only
      • Any pre-built app container based on Core
      • Default distrbution
      • Custom distributions
    • Deploy PostgreSQL as database service
    • Deploy Redis as caching and message broker service
    • Scaling and coordination of app and celery workers
    • Configuring Ingress to AlekSIS, including TLS

    Requirements

    • Kubernetes 1.20+
      • Persistent volumes and CSI (Container Storage Interface)
      • An Ingresss controller, preferrably NGINX
      • cert-manager

    Configuration

    The following values are exposed and can (or should) be set:

    Value Description Default
    repli caCount.app Number of replicas of app container 1
    replicaC ount.celery Number of Celery workers 1
    image .repository Image to install registry.edugit. org/aleksis/official/aleksis
    image.tag Tag of image to install (from Chart appVersion)
    ingr ess.enabled Enable the Ingress true
    ingres s.className Class of Ingress on cluster nginx
    ing ress.domain Base domain of ingreee example.com
    i ngress.host Hostname of ingress (unset; will use release name)
    ingress.tls Enable TLS for ingress true
    aleksis .storage .src Storage source for (volume or s3) volume
    aleksis .storage .media.size Size of volume for uplaoded media 10Gi
    aleksis .storage .backup .size Size of volume for backups 10Gi
    aleksis. oidcSecret Name of secret containing rsa_key.pem for OIDC  
    aleksi s.config.* Verbatim AlekSIS configuration  
    aleksi s.secret.* Verbatim AlekSIS configuration stored as secret  
    aleksis. additional Configs List of additional configmaps to mount []
    aleksis. additional Secrets List of additional secrets to mount []
    postgresql. enabled Enable/disable the postgresql dependency true
    po stgresql.* Values for the PostgreSQL chart  
    redis. enabled Enable/disable the redis dependency true
    redis.* Values for the Redi s chart  
    k8s-linkup enabled Enable/disable the k8s-linkup dependency false
    k8s-
    linkup.*
    		 Values for the k8s-linkup chart  
    resources. app.* Resource requests/ limits for app  
    resources. celery.* Resource requests/ limits for celery  

    Installation

    In the following examples, we will manage an AlekSIS deployment for the Christoph Biemann Elementary School, with domain c-b-e-s.de. They want AlekSIS available at https://sis.c-b-e-s.de.

    In order to install the chart (from a Git clone), the following examples will work:

    Sane default config

    helm install sis ./ \
    --set ingress.domain=c-b-e-s.de

    Install core only

    helm install sis ./ \
    --set ingress.domain=c-b-e-s.de \
    --set image.repository=repository.edugit.org/aleksis/official/aleksis

    Extra large media storage

    helm install sis ./ \
    --set ingress.domain=c-b-e-s.de \
    --set aleksis.media.size=1000Gi

    Enable two-factor authentication

    This requires passing configuration to AlekSIS itself.

    helm install sis ./ \
    --set ingress.domain=c-b-e-s.de \
    --set aleksis.config.2fa.enabled=true \
    --set aleksis.config.2fa.yubikey.enabled=true

    Upgrade an existing deployment

    In order to upgrade an existing deployment, care has to be taken to pass all passwords and secrets as values. To do that, use the same helm command as for installation, replacing install with upgrade, and add the following values:

    adminPassword=$(kubectl get secret sis-aleksis -o jsonpath='{.data.admin-password}' | base64 -d)
postgresPassword=$(kubectl get secret sis-postgresql -o jsonpath='{.data.postgresql-postgres-password}' | base64 -d)
postgresqlPassword=$(kubectl get secret sis-postgresql -o jsonpath='{.data.postgresql-password}' | base64 -d)
redisPassword=$(kubectl get secret sis-redis -o jsonpath='{.data.redis-password}' | base64 -d)
secretKey=$(kubectl get secret sis-aleksis -o jsonpath='{.data.secret-key}' | base64 -d)

helm upgrade sis ./ \
    # Original values
    --set aleksis.adminPassword= \
    --set aleksis.secretKey= \
    --set postgresql.postgresqlPassword= \
    --set postgresql.postgresqlPostgresPassword= \
    --set redis.password=

    License

    Copyright 2021 Dominik George <dominik.george@teckids.org>
Copyright 2021 Tom Teichler <tom.teichler@teckids.org>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

    Alternatively, you are free to use this chart under the terms of the EUPL 1.2 or newer.