Skip to content
Snippets Groups Projects
Select Git revision
  • renovate/valkey-3.x
  • master default protected
  • renovate/postgresql-16.x
  • revert-2ebaa23f
  • 10-celery-pods-are-listed-as-service-endpoint
  • 11-empty-replicasets-are-persisting
  • support-ceph-s3
  • 2-enable-celery
  • 0.4.4
  • 0.4.3
  • 0.4.2
  • 0.4.1
  • 0.4.0
  • 0.3.1
  • 0.1.1
15 results
Blame Permalink
README.rst 10.99 KiB

☸ Helm chart for deploying AlekSIS on Kubernetes

This Helm chart helps deploying AlekSIS on Kubernetes clusters.

Kubernetes is a container-based deployment solution, that allows coordinating containerised applications; and Helm is a utility that helps generating and applying such deployments.

Chart features

  • Deploy any variant of AlekSIS
    • Core only
    • Any pre-built app container based on Core
    • Default distrbution
    • Custom distributions
  • Deploy PostgreSQL as database service
  • Deploy Redis as caching and message broker service
  • Scaling and coordination of app and celery workers
  • Configuring Ingress to AlekSIS, including TLS

Requirements

  • Kubernetes 1.20+
    • Persistent volumes and CSI (Container Storage Interface)
    • An Ingresss controller, preferrably NGINX
    • cert-manager

Configuration

The following values are exposed and can (or should) be set:

Value Description Default
repli caCount.app Number of replicas of app container 1
replicaC ount.celery Number of Celery workers 1
image .repository Image to install registry.edugit. org/aleksis/official/aleksis
image.tag Tag of image to install (from Chart appVersion)
ingr ess.enabled Enable the Ingress true
ingres s.className Class of Ingress on cluster nginx
ing ress.domain Base domain of ingreee example.com
i ngress.host Hostname of ingress (unset; will use release name)
ingress.tls Enable TLS for ingress true
aleksis .storage .src Storage source for (volume or s3) volume
aleksis .storage .media.size Size of volume for uplaoded media 10Gi
aleksis .storage .backup .size Size of volume for backups 10Gi
aleksis. oidcSecret Name of secret containing rsa_key.pem for OIDC  
aleksi s.config.* Verbatim AlekSIS configuration  
aleksi s.secret.* Verbatim AlekSIS configuration stored as secret  
aleksis. additional Configs List of additional configmaps to mount []
aleksis. additional Secrets List of additional secrets to mount []
postgresql. enabled Enable/disable the postgresql dependency true
po stgresql.* Values for the PostgreSQL chart  
redis. enabled Enable/disable the redis dependency true
redis.* Values for the Redi s chart  
k8s-linkup enabled Enable/disable the k8s-linkup dependency false
k8s-
linkup.*
 Values for the k8s-linkup chart  
resources. app.* Resource requests/ limits for app  
resources. celery.* Resource requests/ limits for celery  

Installation

In the following examples, we will manage an AlekSIS deployment for the Christoph Biemann Elementary School, with domain c-b-e-s.de. They want AlekSIS available at https://sis.c-b-e-s.de.

In order to install the chart (from a Git clone), the following examples will work:

Sane default config

helm install sis ./ \
    --set ingress.domain=c-b-e-s.de

Install core only

helm install sis ./ \
    --set ingress.domain=c-b-e-s.de \
    --set image.repository=repository.edugit.org/aleksis/official/aleksis

Extra large media storage

helm install sis ./ \
    --set ingress.domain=c-b-e-s.de \
    --set aleksis.media.size=1000Gi

Enable two-factor authentication

This requires passing configuration to AlekSIS itself.

helm install sis ./ \
    --set ingress.domain=c-b-e-s.de \
    --set aleksis.config.2fa.enabled=true \
    --set aleksis.config.2fa.yubikey.enabled=true

Upgrade an existing deployment

In order to upgrade an existing deployment, care has to be taken to pass all passwords and secrets as values. To do that, use the same helm command as for installation, replacing install with upgrade, and add the following values:

adminPassword=$(kubectl get secret sis-aleksis -o jsonpath='{.data.admin-password}' | base64 -d)
postgresPassword=$(kubectl get secret sis-postgresql -o jsonpath='{.data.postgresql-postgres-password}' | base64 -d)
postgresqlPassword=$(kubectl get secret sis-postgresql -o jsonpath='{.data.postgresql-password}' | base64 -d)
redisPassword=$(kubectl get secret sis-redis -o jsonpath='{.data.redis-password}' | base64 -d)
secretKey=$(kubectl get secret sis-aleksis -o jsonpath='{.data.secret-key}' | base64 -d)

helm upgrade sis ./ \
    # Original values
    --set aleksis.adminPassword= \
    --set aleksis.secretKey= \
    --set postgresql.postgresqlPassword= \
    --set postgresql.postgresqlPostgresPassword= \
    --set redis.password=

License

Copyright 2021 Dominik George <dominik.george@teckids.org>
Copyright 2021 Tom Teichler <tom.teichler@teckids.org>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Alternatively, you are free to use this chart under the terms of the EUPL 1.2 or newer.