wilix-infra/loop-onprem-charts
5
0
Fork 0
Code Pull Requests Releases Activity

add loop helm chart

Browse Source
This commit is contained in:
Артем Дроздов 2025-07-22 09:25:50 +03:00
parent c00d31ebc4
commit 82b4aee59d
18 changed files with 1909 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
loop-enterprise-edition/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

18
loop-enterprise-edition/Chart.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v2
appVersion: 9.11.1
description: LOOP Enterprise server with high availability.
home: https://loop.ru
icon: https://artifacts.wilix.dev/repository/loop-files/assets/loop-icon.png
keywords:
- loop
- communication
- messaging
- team colaboration
maintainers:
- email: dmitry.aloyan@wilix.org
name: dmitry.aloyan
- email: stuart.armstrong@wilix.org
name: stuart.armstrong
name: loop-enterprise-edition
type: application
version: 1.0.1

472
loop-enterprise-edition/README.md Normal file
View File

@ -0,0 +1,472 @@
---
## ⚠️ **This chart is not compatible with the previous loop chart and should not be used to upgrade the previous chart. All data can be lost**
## ⚠️ **Этот chart несовместим с предыдущим loop chart, и не должн использоваться для обновления предыдущей версии loop chart. Все данные могут быть потеряны
---
Loop Enterprise Edition Helm Chart
====================================================
This is the Helm chart for the Loop Enterprise Edition. It is subject to changes. To learn more about Helm charts, [see the Helm docs](https://helm.sh/docs/).
# 1. Prerequisites
## 1.1 Kubernetes Cluster
You need a running Kubernetes cluster v1.8+. If you do not have one, find options and installation instructions here:
https://kubernetes.io/docs/setup/pick-right-solution/
## 1.2 Helm
See: https://docs.helm.sh/using_helm/#quickstart
We recommend installing Helm v2.13.1 or later.
Once Helm is installed and initialized, run the following:
```bash
helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
helm repo add incubator https://charts.helm.sh/incubator
```
## 1.3 Ingress
To expose the application outside of your network, configure an ingress if your Kubernetes cluster doesn't already have one.
We suggest using [nginx-ingress](https://github.com/kubernetes/ingress-nginx), which we use internally at Loop.
To install nginx-ingress in your Kubernetes cluster, follow [the official installation documentation](https://kubernetes.github.io/ingress-nginx/deploy/). You may also use the [helm charts](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx) directly.
To get the nginx cache to work, adjust the ConfigMap and Deployment from the above instructions.
## 1.4 Certificate Manager
If you do not want to manually add SSL/TLS certificates, install [cert-manager](https://github.com/jetstack/cert-manager). You can follow [this documentation](https://cert-manager.io/docs/) or install the [helm charts](https://artifacthub.io/packages/helm/cert-manager/cert-manager).
To run with HTTPS you will need to add a Kubernetes secret for your SSL/TLS certificate, whether you use cert-manager or not.
## 1.5 Database
A Postgresql server and database is required for this chart. The loop-enterpise-stack chart provides and all-in-one solution.
## 1.6 Object Storage
A Minio server or ay S3 compatible object storage is required for this chart. The loop-enterpise-stack chart provides and all-in-one solution.
# 2. Configuration
## 2.1 Required Settings
At minimum the following settings must be updated:
* `global.siteURL` - set this to the URL your users will use to access Loop, e.g. `https://loop.example.com`
* `global.loopLicense` - set this to the contents of your license file or provide an existing secret. `global.existingLicenseSecret.name` `global.existingLicenseSecret.key`
* 2.4.1 Database Configuration
* 2.6.1 Object Storage Configuration
Without these settings, Loop will not run correctly.
## 2.2 Application Version
To set the Loop application version, update:
* `loopApp.image.tag` - set this to the Loop server version you wish to install (e.g. `7.10.2`)
## 2.3 Ingress
If you are using nginx-ingress, set the following under `loopApp`:
```yaml
ingress:
enabled: true
hosts:
- loop.example.com
```
where `loop.example.com` is your domain name and matches `global.siteURL`.
### 2.3.1 HTTPS
To run with HTTPS, add an SSL/TLS certificate as a secret to your Kubernetes cluster, either manually or [using cert-manager](#14-certificate-manager).
Set the following under `loopApp` to enable HTTPS:
```yaml
ingress:
enabled: true
hosts:
- loop.example.com
tls:
- secretName: your-tls-secret-name
hosts:
- loop.example.com
```
### 2.3.2 DNS
To route users from your domain name to your Loop installation, point your domain name at the external IP or domain that your ingress exposes.
Depending on the DNS service and Ingress you're using, the steps can vary. If you are using nginx-ingress, you would do something like this:
1. Run `kubectl describe svc your-nginx-ingress-controller`
* Replace `your-nginx-ingress-controller` with the name of your ingress controller service
2. Copy the domain name beside `LoadBalancer Ingress:`
3. On your DNS service, create a CNAME record pointing from the domain you'd like to use to the domain name you just copied
4. Save, and wait 10-15 minutes for the DNS change to propagate
## 2.4 Database
For database configuration, use an external database not managed by the Loop Helm chart.
### 2.4.1 Database Configuration
* Set `global.features.database.external.driver` to `postgres`
* Set `global.features.database.external.dataSource` to your master DB connection string
* (Optional) Set `global.features.database.external.dataSourceReplicas` to an array of read replica connection strings
* (Optional) use an external provided secret. `global.features.database.external.existingDatabaseSecret.name` `global.features.database.external.existingDatabaseSecret.key`.
## 2.5 Push Notifications
By default push notifications are enabled using HPNS.
### 2.5.1
#### Settings for pushproxy
## 2.6 Object Storage
S3 or any S3 compatible object storage like minio.
### 2.6.1 Object Storage Configuration
* - name: MM_FILESETTINGS_AMAZONS3ACCESSKEYID
value: "" # Access key для S3
* - name: MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY
value: "" # Secret key для S3
* - name: MM_FILESETTINGS_AMAZONS3BUCKET
value: "" # Название бакета S3
* - name: MM_FILESETTINGS_AMAZONS3ENDPOINT
value: "" # Endpoint для доступа к S3
# 3. Install
After adding the Loop repo (see section 1.2) you can install a version of the preferred chart by running:
```bash
$ helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
$ helm install <name> loop/loop-enterprise-edition --version <version_number>
```
For example:
```bash
$ helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
$ helm install <name> loop/loop-enterprise-edition --version v0.8.2
```
If no Helm Chart version is specified the latest version will be installed.
To run with your custom `config.yaml`, install using:
```bash
$ helm install -f config.yaml loop/loop-enterprise-edition
```
To upgrade an existing release, modify the `config.yaml` with your desired changes and then use:
```bash
$ helm upgrade -f config.yaml <your-release-name> loop/loop-enterprise-edition
```
## 3.1 Uninstalling Loop Enterprise Helm Chart
If you are done with your deployment and want to delete it, use `helm delete <your-release-name>`. If you don't know the name of your release, use `helm ls` to find it.
# 4. Upgrading to Loop Chart Version 1.0.0
This chart version uses the configuration in the database and environment variables for non-changing configuration.
To upgrade from a previous chart version to 1.0.0 you need to follow theses steps before applying the new chart:
- Get the existing configuration from your Loop instance. For that you can use the CLI command. You need to connect to the running pod and run the Loop CLI to get the existing config
```bash
$ kubectl exec -it -n <YOUR_loop_NAMESPACE> <loop_APP_POD> -- /bin/sh
in the pod:
$ ./bin/loop config show --json
```
- Save this config in your local file system
- Perform the Helm Chart upgrade
- Copy the config you saved before to the new pod
- Perform the config migration
```bash
$ ./bin/loop config migrate <CONFIG_THAT_YOU_COPY_TO_THE_POD.json> $MM_CONFIG
...
{"level":"info","msg":"Successfully migrated config."}
```
- Kill the pods to apply the configs
---
**[RU Русская версия]**
---
Helm-чарт Loop Enterprise Edition
====================================================
Это Helm-чарт для Loop Enterprise Edition. Структура чарта может изменяться. Подробнее о Helm-чартах см. в [официальной документации Helm](https://helm.sh/docs/).
# 1. Предварительные требования
## 1.1 Кластер Kubernetes
Требуется работающий кластер Kubernetes версии **1.8 или выше**. Если кластер отсутствует, варианты развёртывания и инструкции доступны здесь:
https://kubernetes.io/ru/docs/setup/production-environment/
## 1.2 Установка Helm
Официальная инструкция: [Quickstart Guide](https://helm.sh/docs/intro/quickstart/)
**Рекомендуемая версия Helm**: **v3.8.0 или новее** (актуально на момент написания).
После установки выполните:
```bash
helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
helm repo add incubator https://charts.helm.sh/incubator
```
## 1.3 Настройка Ingress
Для внешнего доступа к приложению требуется контроллер Ingress.
**Рекомендуемое решение**: [ingress-nginx](https://github.com/kubernetes/ingress-nginx).
**Установка через Helm**:
```bash
helm upgrade --install ingress-nginx ingress-nginx \
--repo https://kubernetes.github.io/ingress-nginx \
--namespace ingress-nginx --create-namespace
```
**Важно**:
- Для активации кеширования NGINX отредактируйте `ConfigMap` и `Deployment` контроллера.
- Полная инструкция: [Официальный гайд](https://kubernetes.github.io/ingress-nginx/deploy/).
## 1.4 Управление TLS-сертификатами
**Автоматизация**: Используйте [cert-manager](https://cert-manager.io/) для автоматической выдачи сертификатов (Let's Encrypt).
**Установка через Helm**:
```bash
helm upgrade --install cert-manager cert-manager \
--repo https://charts.jetstack.io \
--namespace cert-manager --create-namespace \
--set installCRDs=true
```
**Ручная настройка**: Если cert-manager не используется, создайте Kubernetes Secret с вашим TLS-сертификатом:
```bash
kubectl create secret tls your-tls-secret --cert=path/to/cert.crt --key=path/to/cert.key
```
## 1.5 База данных
Для работы этого Helm-чарта требуется сервер и база данных **PostgreSQL**.
Чарт `loop-enterprise-stack` предоставляет **комплексное решение**, включая базу данных.
## 1.6 Объектное хранилище
Для работы этого Helm-чарта требуется сервер **MinIO** или любое другое **S3-совместимое объектное хранилище**.
Чарт `loop-enterprise-stack` также предоставляет объектное хранилище.
# 2. Конфигурация
## 2.1 Обязательные параметры
**Минимально необходимые настройки:**
- `global.siteURL` — установите в адрес, по которому пользователи будут получать доступ к Loop, например:
`https://loop.example.com`
- `global.loopLicense` — укажите содержимое лицензионного файла **или** задайте существующий Kubernetes-секрет с ключом:
`global.existingLicenseSecret.name` и `global.existingLicenseSecret.key`
- **Конфигурация базы данных (раздел 2.4.1)** — необходимо настроить подключение к PostgreSQL.
Это может быть внешний сервер или встроенный через Helm-чарт.
- **Конфигурация объектного хранилища (раздел 2.6.1)** — нужно подключить MinIO или другое совместимое S3-хранилище.
Без этих параметров Loop **не будет работать корректно** — сервис не сможет ни загрузить данные, ни сохранить файлы.
## 2.2 Версия приложения
Укажите тег образа Loop:
```yaml
loopApp:
image:
tag: "7.10.2" # Например, 7.10.2
```
## 2.3 Настройка Ingress
### **2.3.1 Ingress с nginx ingress controller**
Если вы используете `nginx-ingress-controller`, добавьте следующее в секцию `loopApp`:
```yaml
ingress:
enabled: true
hosts:
- loop.example.com
```
Здесь `loop.example.com` — это ваш домен, и он **должен совпадать с `global.siteURL`** (например, `https://loop.example.com`).
### **2.3.2 HTTPS (SSL/TLS)**
Чтобы использовать HTTPS:
1. Создайте TLS-секрет в Kubernetes **вручную** или с помощью **cert-manager**.
2. Укажите его в `values.yaml` Helm-чарта:
```yaml
ingress:
enabled: true
hosts:
- loop.example.com
tls:
- secretName: your-tls-secret-name
hosts:
- loop.example.com
```
`secretName` — это имя созданного TLS-секрета с ключом и сертификатом (например, от Let's Encrypt или корпоративного CA).
### **2.3.3 DNS**
Чтобы пользователи с вашего доменного имени могли получить доступ к Loop, сделайте запись в вашем DNS-сервисе на внешний IP-адрес или домен, который предоставляет ваш ingress.
В зависимости от используемого DNS-сервиса и Ingress-контроллера шаги могут отличаться. Если вы используете nginx-ingress, выполните следующее:
* Выполните команду `kubectl describe svc your-nginx-ingress-controller`
* Замените `your-nginx-ingress-controller` на имя сервиса вашего ingress-контроллера
* Скопируйте доменное имя, указанное рядом с LoadBalancer Ingress
* В вашем DNS-сервисе создайте CNAME-запись, указывающую с нужного доменного имени на только что скопированное доменное имя
* Сохраните изменения и подождите 1015 минут, чтобы изменения DNS вступили в силу
## 2.4 Внешняя база данных
### **2.4.1 Конфигурация базы данных**
> **Используйте внешнюю базу данных**
#### Обязательные параметры:
* `global.features.database.external.driver`**установите в** `"postgres"`
Это означает, что будет использоваться PostgreSQL как драйвер СУБД.
* `global.features.database.external.dataSource` → **укажите строку подключения к мастер-базе**
Пример строки подключения:
```
postgres://username:password@hostname:5432/database_name?sslmode=require
```
#### Необязательные параметры:
* `global.features.database.external.dataSourceReplicas`
Список строк подключения к **репликам** БД (если они используются для масштабирования чтения).
* `global.features.database.external.existingDatabaseSecret.name`
`global.features.database.external.existingDatabaseSecret.key`
Если вы не хотите **хранить логины/пароли в открытом виде**, можно использовать Kubernetes Secret, где будут зашиты данные подключения.
## 2.5 Push-уведомления
**По умолчанию**: Используется встроенная служба HPNS (High-Performance Notification Service).
## 2.6 Объектное хранилище
S3 или любое другое хранилище объектов, совместимое с S3, например minio.
### 2.6.1 Конфигурация объектного хранилища
- name: MM_FILESETTINGS_AMAZONS3ACCESSKEYID
value: "" # Access key для S3
- name: MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY
value: "" # Secret key для S3
- name: MM_FILESETTINGS_AMAZONS3BUCKET
value: "" # Название бакета S3
- name: MM_FILESETTINGS_AMAZONS3ENDPOINT
value: "" # Endpoint для доступа к S3
# 3. Установка и управление
**Установка последней версии**:
```bash
helm upgrade --install loop-ee loop/loop-enterprise-edition \
--namespace loop --create-namespace
```
**Установка конкретной версии**:
```bash
helm upgrade --install loop-ee loop/loop-enterprise-edition \
--version 0.8.2 \
--namespace loop --create-namespace
```
**Применение конфигурации из файла**:
```bash
helm upgrade --install loop-ee loop/loop-enterprise-edition \
--namespace loop -f config.yaml
```
**Обновление релиза**:
```bash
helm upgrade loop-ee loop/loop-enterprise-edition \
--namespace loop -f updated-config.yaml
```
**Удаление**:
```bash
helm uninstall loop-ee --namespace loop
```
# 4. Миграция на версию чарта 1.0.0+
**Критические изменения**:
- Конфигурация теперь хранится в базе данных.
- Настройки через переменные окружения устарели.
**Шаги миграции**:
1. **Экспорт текущей конфигурации**:
```bash
kubectl exec -n loop loop-app-pod -- ./bin/loop config export --json > loop-config.json
```
2. **Обновление чарта**:
```bash
helm upgrade loop-ee loop/loop-enterprise-edition --version 1.0.0
```
3. **Импорт конфигурации**:
```bash
kubectl cp loop-config.json loop/loop-app-pod:/tmp/config.json
kubectl exec -n loop loop-app-pod -- ./bin/loop config migrate /tmp/config.json $MM_CONFIG
```
4. **Рестарт пода**:
```bash
kubectl rollout restart deployment/loop-app -n loop
```
---
**Примечания**:
- Все команды предполагают, что namespace для Loop — `loop`. Замените при необходимости.
- Для production-среды используйте отдельные секреты (не храните пароли в `values.yaml`).

19
loop-enterprise-edition/templates/NOTES.txt Normal file
View File

@ -0,0 +1,19 @@
1. Get the application URL by running these commands:
{{- if .Values.loopApp.ingress.enabled }}
{{- range $host := .Values.loopApp.ingress.hosts }}
http://{{ $host }}
{{- end}}
{{- else if contains "NodePort" .Values.loopApp.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.loopApp.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ include "fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.loopApp.service.externalPort }}
{{- else if contains "ClusterIP" .Values.loopApp.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "loop-enterprise-edition.name" . }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:{{ .Values.loopApp.service.externalPort }}
{{- end }}

61
loop-enterprise-edition/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,61 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "loop-enterprise-edition.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "loop-enterprise-edition.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "loop-enterprise-edition.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a fully qualified jobserver name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "loop-enterprise-edition.jobserver.fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.global.features.jobserver.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress. Based on
1) Helm Version (.Capabilities has been changed in v3)
2) Kubernetes Version
*/}}
{{- define "loop-enterprise-edition.ingress.apiVersion" -}}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" -}}
"networking.k8s.io/v1"
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}}
"networking.k8s.io/v1beta1"
{{- else -}}
"extensions/v1beta1"
{{- end -}}
{{- end -}}
{{- define "loop-enterprise-edition.deployment.apiVersion" -}}
"apps/v1"
{{- end -}}

157
loop-enterprise-edition/templates/deployment-loop-app.yaml Normal file
View File

@ -0,0 +1,157 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "loop-enterprise-edition.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: server
helm.sh/chart: {{ include "loop-enterprise-edition.chart" . }}
spec:
{{- if not .Values.loopApp.autoscaling.enabled }}
replicas: {{ .Values.loopApp.replicaCount }}
{{- end }}
{{- with .Values.loopApp.strategy }}
strategy:
{{- . | toYaml | nindent 4 }}
{{- end }}
revisionHistoryLimit: {{ .Values.loopApp.revisionHistoryLimit }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: server
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: server
helm.sh/chart: {{ include "loop-enterprise-edition.chart" . }}
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "{{ .Values.loopApp.service.metricsPort }}"
prometheus.io/path: "/metrics"
{{- if .Values.loopApp.extraPodAnnotations }}
{{- .Values.loopApp.extraPodAnnotations | toYaml | nindent 8 }}
{{- end }}
spec:
{{- if .Values.loopApp.nodeSelector }}
nodeSelector:
{{- toYaml .Values.loopApp.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.loopApp.affinity }}
affinity:
{{- toYaml .Values.loopApp.affinity | nindent 8 }}
{{- end }}
{{- if .Values.loopApp.tolerations }}
tolerations:
{{- toYaml .Values.loopApp.tolerations | nindent 6 }}
{{- end }}
{{- if .Values.loopApp.securityContext }}
securityContext:
{{- toYaml .Values.loopApp.securityContext | nindent 8 }}
{{- end }}
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ .Values.serviceAccount.name }}
{{- end }}
initContainers:
{{- if .Values.loopApp.extraInitContainers }}
{{- .Values.loopApp.extraInitContainers | toYaml | nindent 6 }}
{{- end }}
containers:
- name: {{ include "loop-enterprise-edition.name" . }}
image: "{{ .Values.loopApp.image.repository }}:{{ .Values.loopApp.image.tag }}"
imagePullPolicy: {{ .Values.loopApp.image.pullPolicy }}
ports:
- containerPort: {{ .Values.loopApp.service.internalPort }}
name: api
- containerPort: {{ .Values.loopApp.service.metricsPort }}
name: metrics
- containerPort: {{ .Values.loopApp.service.clusterPort }}
name: cluster
- containerPort: {{ .Values.loopApp.service.gossipPort }}
name: gossip
env:
- name: MM_CONFIG
valueFrom:
secretKeyRef:
{{- if .Values.global.features.database.existingDatabaseSecret }}
name: {{ .Values.global.features.database.existingDatabaseSecret.name }}
key: {{ .Values.global.features.database.existingDatabaseSecret.key }}
{{- else }}
name: {{ include "loop-enterprise-edition.fullname" . }}-loop-dbsecret
key: loop.dbsecret
{{- end }}
- name: MM_SERVICESETTINGS_LICENSEFILELOCATION
value: {{ printf "/mattermost/%s" (.Values.global.existingLicenseSecret | default "loop.loop-license") | squote }}
- name: MM_SERVICESETTINGS_SITEURL
value: "{{ .Values.global.siteUrl }}"
- name: MM_SERVICESETTINGS_LISTENADDRESS
value: ":{{ .Values.loopApp.service.internalPort }}"
- name: MM_SERVICESETTINGS_ENABLELINKPREVIEWS
value: "{{ .Values.global.enableLinkPreviews }}"
- name: MM_SERVICESETTINGS_ENABLECUSTOMEMOJI
value: "{{ .Values.global.enableCustomEmoji }}"
{{- if .Values.global.features.jobserver.enabled }}
- name: MM_JOBSETTINGS_RUNJOBS
value: "false"
- name: MM_JOBSETTINGS_RUNSCHEDULER
value: "false"
{{- end }}
{{- with .Values.loopApp.extraEnv }}
{{ toYaml . | indent 8 }}
{{- end }}
livenessProbe:
initialDelaySeconds: 90
timeoutSeconds: 5
periodSeconds: 15
httpGet:
path: /api/v4/system/ping
port: {{ .Values.loopApp.service.internalPort }}
readinessProbe:
initialDelaySeconds: 15
timeoutSeconds: 5
periodSeconds: 15
httpGet:
path: /api/v4/system/ping
port: {{ .Values.loopApp.service.internalPort }}
volumeMounts:
{{- if .Values.global.existingLicenseSecret.name }}
- mountPath: /mattermost/{{.Values.global.existingLicenseSecret.key }}
name: loop-license
subPath: {{.Values.global.existingLicenseSecret.key }}
{{- else }}
- mountPath: /mattermost/loop.loop-license
name: loop-license
subPath: loop.loop-license
{{- end }}
- mountPath: /mattermost/plugins/
name: loop-plugins
- mountPath: /mattermost/client/plugins/
name: loop-plugins-client
{{- if .Values.loopApp.extraVolumeMounts }}
{{ toYaml .Values.loopApp.extraVolumeMounts | indent 8 }}
{{- end }}
resources:
{{ toYaml .Values.loopApp.resources | indent 10 }}
volumes:
- name: loop-plugins
emptyDir: {}
- name: loop-plugins-client
emptyDir: {}
- name: loop-config
emptyDir: {}
- name: loop-license
secret:
{{- if .Values.global.existingLicenseSecret.name }}
secretName: {{ .Values.global.existingLicenseSecret.name }}
{{- else }}
secretName: {{ include "loop-enterprise-edition.fullname" . }}-loop-license
{{- end }}
{{- if .Values.loopApp.extraVolumes }}
{{ toYaml .Values.loopApp.extraVolumes | indent 6 }}
{{- end }}

31
loop-enterprise-edition/templates/deployment-loop-hpa.yaml Normal file
View File

@ -0,0 +1,31 @@
{{- if .Values.loopApp.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
labels:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "loop-enterprise-edition.chart" . }}
name: {{ include "loop-enterprise-edition.fullname" . }}
spec:
scaleTargetRef:
apiVersion: {{ template "loop-enterprise-edition.deployment.apiVersion" . }}
kind: Deployment
name: {{ include "loop-enterprise-edition.fullname" . }}
minReplicas: {{ .Values.loopApp.autoscaling.minReplicas }}
maxReplicas: {{ .Values.loopApp.autoscaling.maxReplicas }}
metrics:
{{- with .Values.loopApp.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ . }}
{{- end }}
{{- with .Values.loopApp.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ . }}
{{- end }}
{{- end }}

101
loop-enterprise-edition/templates/deployment-loop-jobserver.yaml Normal file
View File

@ -0,0 +1,101 @@
{{- if .Values.global.features.jobserver.enabled -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "loop-enterprise-edition.jobserver.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: {{ .Values.global.features.jobserver.name }}
helm.sh/chart: {{ include "loop-enterprise-edition.chart" . }}
spec:
replicas: {{ .Values.global.features.jobserver.replicaCount }}
{{- with .Values.global.features.jobserver.strategy }}
strategy:
{{- . | toYaml | nindent 4 }}
{{- end }}
revisionHistoryLimit: {{ .Values.global.features.jobserver.revisionHistoryLimit }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: {{ .Values.global.features.jobserver.name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: {{ .Values.global.features.jobserver.name }}
helm.sh/chart: {{ include "loop-enterprise-edition.chart" . }}
annotations:
{{- if .Values.loopApp.extraPodAnnotations }}
{{- .Values.loopApp.extraPodAnnotations | toYaml | nindent 8 }}
{{- end }}
spec:
{{- if .Values.global.features.jobserver.nodeSelector }}
nodeSelector:
{{- toYaml .Values.global.features.jobserver.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.global.features.jobserver.affinity }}
affinity:
{{- toYaml .Values.global.features.jobserver.affinity | nindent 8 }}
{{- end }}
{{- if .Values.global.features.jobserver.tolerations }}
tolerations:
{{- toYaml .Values.global.features.jobserver.tolerations | nindent 6 }}
{{- end }}
{{- if .Values.loopApp.securityContext }}
securityContext:
{{- toYaml .Values.loopApp.securityContext | nindent 8 }}
{{- end }}
initContainers:
- name: "init-loop-app"
image: "{{ .Values.initContainerImage.repository }}:{{ .Values.initContainerImage.tag }}"
imagePullPolicy: {{ .Values.initContainerImage.imagePullPolicy }}
command: [
"sh",
"-c",
"until curl --max-time 5 http://{{ include "loop-enterprise-edition.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.loopApp.service.internalPort }}/api/v4/system/ping ; do echo waiting for LOOP App come up; sleep 5; done; echo init-loop-app finished"
]
containers:
- name: {{ include "loop-enterprise-edition.name" . }}-jobserver
image: "{{ .Values.loopApp.image.repository }}:{{ .Values.loopApp.image.tag }}"
imagePullPolicy: {{ .Values.loopApp.image.pullPolicy }}
command: ["mattermost", "jobserver"]
env:
- name: MM_CONFIG
valueFrom:
secretKeyRef:
{{- if .Values.global.features.database.existingDatabaseSecret }}
name: {{ .Values.global.features.database.existingDatabaseSecret.name }}
key: {{ .Values.global.features.database.existingDatabaseSecret.key }}
{{- else }}
name: {{ include "loop-enterprise-edition.fullname" . }}-loop-dbsecret
key: loop.dbsecret
{{- end }}
{{- with .Values.global.features.jobserver.extraEnv }}
{{- toYaml . | nindent 8 }}
{{- end }}
volumeMounts:
{{- if .Values.global.existingLicenseSecret.name }}
- mountPath: /mattermost/{{.Values.global.existingLicenseSecret.key }}
name: loop-license
subPath: {{.Values.global.existingLicenseSecret.key }}
{{- else }}
- mountPath: /mattermost/loop.loop-license
name: loop-license
subPath: loop.loop-license
{{- end }}
volumes:
- name: loop-license
secret:
{{- if .Values.global.existingLicenseSecret.name }}
secretName: {{ .Values.global.existingLicenseSecret.name }}
{{- else }}
secretName: {{ include "loop-enterprise-edition.fullname" . }}-loop-license
{{- end }}
{{- end -}}

50
loop-enterprise-edition/templates/ingress-loop-app.yaml Normal file
View File

@ -0,0 +1,50 @@
{{- if .Values.loopApp.ingress.enabled -}}
{{- $serviceName := include "loop-enterprise-edition.fullname" . -}}
{{- $servicePort := .Values.loopApp.service.externalPort -}}
apiVersion: {{ include "loop-enterprise-edition.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ include "loop-enterprise-edition.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "loop-enterprise-edition.chart" . }}
annotations:
{{- if .Values.loopApp.ingress.annotations }}
{{ toYaml .Values.loopApp.ingress.annotations | indent 4 }}
{{- end }}
{{- if .Values.loopApp.ingress.tls }}
kubernetes.io/tls-acme: 'true'
nginx.ingress.kubernetes.io/ssl-redirect: "true"
{{- else }}
nginx.ingress.kubernetes.io/ssl-redirect: "false"
{{- end }}
spec:
{{- if .Values.loopApp.ingress.ingressClassName }}
ingressClassName: {{ .Values.loopApp.ingress.ingressClassName }}
{{- end }}
rules:
{{- range $host := .Values.loopApp.ingress.hosts }}
- host: {{ $host }}
http:
paths:
- path: /
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1" }}
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $servicePort }}
pathType: Prefix
{{- else }}
backend:
serviceName: {{ $serviceName }}
servicePort: {{ $servicePort }}
{{- end }}
{{- end -}}
{{- if .Values.loopApp.ingress.tls }}
tls:
{{ toYaml .Values.loopApp.ingress.tls | indent 4 }}
{{- end -}}
{{- end -}}

14
loop-enterprise-edition/templates/secret-loop-dbsecret.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if not .Values.global.features.database.existingDatabaseSecret.name }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "loop-enterprise-edition.fullname" . }}-loop-dbsecret
labels:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "loop-enterprise-edition.chart" . }}
type: Opaque
data:
loop.dbsecret: {{ tpl "{{ .Values.global.features.database.external.driver }}://{{ .Values.global.features.database.external.dataSource }}" . | b64enc }}
{{- end }}

14
loop-enterprise-edition/templates/secret-loop-license.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if not .Values.global.existingLicenseSecret.name }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "loop-enterprise-edition.fullname" . }}-loop-license
labels:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "loop-enterprise-edition.chart" . }}
type: Opaque
data:
loop.loop-license: {{ .Values.global.loopLicense | b64enc | quote }}
{{- end -}}

17
loop-enterprise-edition/templates/service-account.yaml Normal file
View File

@ -0,0 +1,17 @@
{{ if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
{{- if .Values.serviceAccount.annotations }}
annotations:
{{ tpl (toYaml .Values.serviceAccount.annotations) . | indent 4 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: server
helm.sh/chart: {{ include "loop-enterprise-edition.chart" . }}
{{ end }}

25
loop-enterprise-edition/templates/service-loop-app.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "loop-enterprise-edition.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "loop-enterprise-edition.chart" . }}
spec:
selector:
app.kubernetes.io/name: {{ include "loop-enterprise-edition.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: server
type: {{ .Values.loopApp.service.type }}
ports:
- port: {{ .Values.loopApp.service.externalPort }}
targetPort: {{ .Values.loopApp.service.internalPort }}
protocol: TCP
name: {{ .Values.loopApp.service.name }}
- port: {{ .Values.loopApp.service.metricsPort }}
targetPort: {{ .Values.loopApp.service.metricsPort }}
protocol: TCP
name: {{ .Values.loopApp.service.metricsName }}

248
loop-enterprise-edition/values.yaml Normal file
View File

@ -0,0 +1,248 @@
global:
siteUrl: "" # ОБЯЗАТЕЛЬНЫЙ ПАРАМЕТР, НЕОБХОДИМО УКАЗАТЬ: например, "https://loop.example.com"
# Использовать уже существующий секрет для лицензии (см. secret-loop-license.yaml для необходимых полей)
existingLicenseSecret: {}
# name: ""
# key: ""
# ОБЯЗАТЕЛЬНЫЙ ПАРАМЕТР, если не указан существующий секрет.
loopLicense: ""
# Настройки конфигурации LOOP
# Подробнее: https://docs.loop.ru/administration/config-settings
siteName: ""
enableTeamCreation: true # Разрешить создание команд
enableUserCreation: true # Разрешить создание пользователей
enableOpenServer: true # Открытый доступ к серверу
enableLinkPreviews: true # Предпросмотр ссылок
enableCustomEmoji: true # Поддержка пользовательских эмодзи
# Настройки email-уведомлений
sendEmailNotifications: false # Включить email-уведомления
requireEmailVerification: false # Требовать подтверждение email
feedbackName: "" # Имя отправителя отзывов
feedbackEmail: "" # Email для отзывов
feedbackOrganization: "" # Организация
smtpUsername: "" # SMTP логин
smtpPassword: "" # SMTP пароль
smtpServer: "" # SMTP сервер
smtpPort: "" # SMTP порт
connectionSecurity: "" # тип подключения: пусто, TLS или STARTTLS
features:
database:
external:
driver: "postgresql"
dataSource: "" # <username>:<password>@<postgresql-server>:5432/<dbname>?connect_timeout=10&sslmode=disable
dataSourceReplicas: ""
existingDatabaseSecret: {}
# name: ""
# key: ""
jobserver:
name: jobserver
enabled: true
replicaCount: 1
strategy:
type: Recreate
rollingUpdate: null
revisionHistoryLimit: 2
service:
name: loop-app-jobserver
type: ClusterIP
nodeSelector: {}
affinity: {}
tolerations: []
extraEnv: {}
notifications:
push:
enabled: true
# Хостинговый сервис push-уведомлений. Требует корпоративную лицензию.
# Подробнее: https://docs.loop.ru/mobile/mobile-hpns
useHPNS: true
initContainerImage:
repository: appropriate/curl
tag: latest
imagePullPolicy: IfNotPresent
# Секция деплоя LOOP
# Используется для настройки развертывания серверов LOOP
loopApp:
replicaCount: 1
image:
repository: registry.loop.ru/loop/server
tag: "2025-03-03-1"
pullPolicy: IfNotPresent
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
revisionHistoryLimit: 2
service:
name: loop-app
type: ClusterIP
externalPort: 8065
internalPort: 8065
metricsPort: 8067
clusterPort: 8075
gossipPort: 8074
metricsName: loop-app-metrics
ingress:
# Используется для создания записи Ingress (работает с service.type: ClusterIP).
enabled: false
hosts: []
tls:
# Секреты должны быть созданы вручную в пространстве имён.
# - secretName: chart-example-tls
# hosts:
# - loop.example.com
annotations: {}
# kubernetes.io/ingress.class: nginx
# nginx.ingress.kubernetes.io/proxy-buffering: "on"
# nginx.ingress.kubernetes.io/proxy-body-size: 50m
# nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
# nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
# nginx.ingress.kubernetes.io/configuration-snippet: |
# proxy_cache loop_cache;
# proxy_cache_revalidate on;
# proxy_cache_min_uses 2;
# proxy_cache_use_stale timeout;
# proxy_cache_lock on;
ingressClassName: nginx
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 1
targetMemoryUtilizationPercentage: 50
targetCPUUtilizationPercentage: 50
nodeSelector: {}
affinity: {}
tolerations: []
securityContext:
fsGroup: 2000
resources: {}
# limits:
# cpu: 100m
# memory: 300Mi
# requests:
# cpu: 100m
# memory: 300Mi
extraInitContainers: []
# Дополнительный контейнер для загрузки и установки плагинов
# - name: init-plugins-config
# image: busybox
# imagePullPolicy: IfNotPresent
# command:
# - sh
# - "-c"
# - |
# PLUGINS_TAR="hovercardexample.tar.gz"
# PLUGINS_TAR="${PLUGINS_TAR} https://<ПУТЬ_К_ПЛАГИНАМ_1>"
# PLUGINS_TAR="${PLUGINS_TAR} https://<ПУТЬ_К_ПЛАГИНАМ_2>"
# PLUGINS_TAR="${PLUGINS_TAR} https://<ПУТЬ_К_ПЛАГИНАМ_N>"
# for plugin_tar in ${PLUGINS_TAR};
# do
# wget ${plugin_tar} -P /loop/plugins
# cd /loop/plugins
# tar -xzvf ${plugin_tar##*/} # распаковка
# rm -f ${plugin_tar##*/} # удаление архива
# done
# volumeMounts:
# # Должны соответствовать volume'ам для плагинов
# - name: loop-plugins
# mountPath: loop/plugins/
# - name: loop-plugins-client
# mountPath: /loop/client/plugins/
# Добавление дополнительных томов и точек монтирования — например, для SAML ключей или других файлов
extraVolumes: []
# - hostPath:
# path: /var/log
# name: varlog
extraVolumeMounts: []
# - name: varlog
# mountPath: /host/var/log
# readOnly: true
## Дополнительные переменные окружения для LOOP
extraEnv:
- name: MM_ELASTICSEARCHSETTINGS_USERNAME
value: "" # Username Elasticsearch
- name: MM_ELASTICSEARCHSETTINGS_PASSWORD
value: "" # Password Elasticsearch
- name: MM_ELASTICSEARCHSETTINGS_CONNECTIONURL
value: "" # URL к Elasticsearch
- name: MM_ELASTICSEARCHSETTINGS_ENABLEINDEXING
value: "false" # Использовать Elasticsearch для индексации
- name: MM_ELASTICSEARCHSETTINGS_ENABLESEARCHING
value: "false" # Использовать Elasticsearch для поиска
- name: MM_FILESETTINGS_AMAZONS3SSE
value: "false" # Использовать шифрование SSE для S3
- name: MM_FILESETTINGS_AMAZONS3SSL
value: "false" # Использовать SSL-подключение к S3
- name: MM_FILESETTINGS_DRIVERNAME
value: "amazons3" # Драйвер для файлового хранилища
- name: MM_FILESETTINGS_AMAZONS3ACCESSKEYID
value: "" # Access key для S3
- name: MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY
value: "" # Secret key для S3
- name: MM_FILESETTINGS_AMAZONS3BUCKET
value: "" # Название бакета S3
- name: MM_FILESETTINGS_AMAZONS3ENDPOINT
value: "" # Endpoint для доступа к S3
- name: MM_FILESETTINGS_MAXFILESIZE
value: "1048576000" # Максимальный размер файла в байтах
- name: MM_LOGSETTINGS_CONSOLEJSON
value: "false" # Вывод логов в JSON-формате в консоль
- name: MM_LOGSETTINGS_CONSOLELEVEL
value: "DEBUG" # Уровень логирования в консоли
- name: MM_LOGSETTINGS_FILELEVEL
value: "DEBUG" # Уровень логирования в файл
- name: MM_PLUGINSETTINGS_AUTOMATICPREPACKAGEDPLUGINS
value: "true" # Автоматическая загрузка встроенных плагинов
- name: MM_PLUGINSETTINGS_ENABLEUPLOADS
value: "true" # Разрешить загрузку плагинов
- name: MM_SERVICEENVIRONMENT
value: "production" # Среда окружения, например "production"
- name: MM_SERVICESETTINGS_ENABLEBOTACCOUNTCREATION
value: "true" # Разрешить создание бот-аккаунтов
- name: MM_SERVICESETTINGS_ENABLEOAUTHSERVICEPROVIDER
value: "true" # Разрешить использование внешних OAuth-провайдеров
- name: MM_SERVICESETTINGS_ENABLETESTING
value: "true" # Разрешить тестирование
- name: MM_SERVICESETTINGS_ENABLEUSERACCESSTOKENS
value: "true" # Разрешить создание access токенов для пользователей
- name: MM_SERVICESETTINGS_GIPHYSDKKEY
value: "" # Ключ SDK Giphy для интеграции с Giphy
## Следующие переменные требуются для запуска в кластерном режиме:
# - name: MM_CLUSTERSETTINGS_ENABLE
# value: "true"
# - name: MM_CLUSTERSETTINGS_CLUSTERNAME
# value: "loop-example-cluster"
# - name: MM_CLUSTERSETTINGS_ENABLEEXPERIMENTALGOSSIPENCRYPTION
# value: "true"
# - name: MM_CLUSTERSETTINGS_ENABLEGOSSIPCOMPRESSION
# value: "false"
# - name: MM_CLUSTERSETTINGS_READONLYCONFIG
# value: "false"
## Дополнительные аннотации для Pod'а
extraPodAnnotations: {}
serviceAccount:
create: false
name:
annotations: {}

21
loop-enterprise-stack/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

32
loop-enterprise-stack/Chart.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: v2
appVersion: 9.11.1
dependencies:
- name: loop-enterprise-edition
repository: https://artifacts.wilix.dev/repository/helm-loop
version: 1.0.0
alias: loop-enterprise-edition
- condition: postgresql.enabled
name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 12.12.10
- condition: minio.enabled
name: minio
repository: oci://registry-1.docker.io/bitnamicharts
version: 12.8.9
alias: loop-minio
description: LOOP Enterprise server with high availability.
home: https://loop.ru
icon: https://artifacts.wilix.dev/repository/loop-files/assets/loop-icon.png
keywords:
- loop
- communication
- messaging
- team colaboration
maintainers:
- email: dmitry.aloyan@wilix.org
name: dmitry.aloyan
- email: stuart.armstrong@wilix.org
name: stuart.armstrong
name: loop-enterprise-stack
type: application
version: 1.0.1

343
loop-enterprise-stack/README.md Normal file
View File

@ -0,0 +1,343 @@
Loop Enterprise Stack
====================================================
---
## ⚠️ **This chart is not compatible with the previous loop chart and should not be used to upgrade the previous chart. All data can be lost**
## ⚠️ **The default values for minio and postgres are specified in the chart, they must be changed by you.
## ⚠️ **Этот chart несовместим с предыдущим loop chart, и не должн использоваться для обновления предыдущей версии loop chart. Все данные могут быть потеряны
## ⚠️ **В chart указаны значения для minio и postgres по умолчанию, они должны быть изменены вами
---
This chart deploys Loop Enterprise Edition, Postgresql and Minio. It is subject to changes. To use external Postgresql and S3 resources deploy the Loop Enterprise Edition chart.
# 1. Prerequisites
## 1.1 Kubernetes Cluster
You need a running Kubernetes cluster v1.8+. If you do not have one, find options and installation instructions here:
https://kubernetes.io/docs/setup/pick-right-solution/
## 1.2 Helm
See: https://docs.helm.sh/using_helm/#quickstart
We recommend installing Helm v2.13.1 or later.
Once Helm is installed and initialized, run the following:
```bash
helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
```
## 1.3 Ingress
To expose the application outside of your network, configure an ingress if your Kubernetes cluster doesn't already have one.
We suggest using [nginx-ingress](https://github.com/kubernetes/ingress-nginx), which we use internally at Loop.
To install nginx-ingress in your Kubernetes cluster, follow [the official installation documentation](https://kubernetes.github.io/ingress-nginx/deploy/). You may also use the [helm charts](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx) directly.
To get the nginx cache to work, adjust the ConfigMap and Deployment from the above instructions.
## 1.4 Certificate Manager
If you do not want to manually add SSL/TLS certificates, install [cert-manager](https://github.com/jetstack/cert-manager). You can follow [this documentation](https://cert-manager.io/docs/) or install the [helm charts](https://artifacthub.io/packages/helm/cert-manager/cert-manager).
To run with HTTPS you will need to add a Kubernetes secret for your SSL/TLS certificate, whether you use cert-manager or not.
# 2. Configuration
## 2.1 Required Settings
At minimum the following settings must be updated:
* `global.siteURL` - set this to the URL your users will use to access Loop, e.g. `https://loop.example.com`
* `global.loopLicense` - set this to the contents of your license file or provide an existing secret. `global.existingLicenseSecret.name` `global.existingLicenseSecret.key`
* Database Configuration
* Object Storage Configuration
Without these settings, Loop will not run correctly.
## 2.2 Application Version
To set the Loop application version, update:
* `loopApp.image.tag` - set this to the Loop server version you wish to install (e.g. `7.10.2`)
## 2.3 Ingress
If you are using nginx-ingress, set the following under `loopApp`:
```yaml
ingress:
enabled: true
hosts:
- loop.example.com
```
where `loop.example.com` is your domain name and matches `global.siteURL`.
### 2.3.1 HTTPS
To run with HTTPS, add an SSL/TLS certificate as a secret to your Kubernetes cluster, either manually or [using cert-manager](#14-certificate-manager).
Set the following under `loopApp` to enable HTTPS:
```yaml
ingress:
enabled: true
hosts:
- loop.example.com
tls:
- secretName: your-tls-secret-name
hosts:
- loop.example.com
```
### 2.3.2 DNS
To route users from your domain name to your Loop installation, point your domain name at the external IP or domain that your ingress exposes.
Depending on the DNS service and Ingress you're using, the steps can vary. If you are using nginx-ingress, you would do something like this:
1. Run `kubectl describe svc your-nginx-ingress-controller`
* Replace `your-nginx-ingress-controller` with the name of your ingress controller service
2. Copy the domain name beside `LoadBalancer Ingress:`
3. On your DNS service, create a CNAME record pointing from the domain you'd like to use to the domain name you just copied
4. Save, and wait 10-15 minutes for the DNS change to propagate
## 2.4 Database and Object Storage
### 2.4.1 Database
We use the Bitnami Postgresql chart.
We recommend updating the following settings:
* `postgresql.global.postgresql.auth.password`
* `postgresql.global.postgresql.auth.user`
* `postgresql.global.postgresql.auth.database`
### 2.4.2 Storage
We use Minio for file storage.
We recommend updating the following settings:
* `loop-minio.accessKey`
* `loop-minio.secretKey`
* `loop-minio.defaultBuckets`
* `loop-minio.provisioning.users`
## 2.5 Push Notifications
By default push notifications are enabled using HPNS.
### 2.5.1
#### Settings for pushproxy
# 3. Install
After adding the Loop repo (see section 1.2) you can install a version of the preferred chart by running:
```bash
$ helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
$ helm install <name> loop/loop-enterprise-stack --version <version_number>
```
For example:
```bash
$ helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
$ helm install <name> loop/loop-enterprise-stack --version v0.8.2
```
If no Helm Chart version is specified the latest version will be installed.
To run with your custom `config.yaml`, install using:
```bash
$ helm install -f config.yaml loop/loop-enterprise-stack
```
To upgrade an existing release, modify the `config.yaml` with your desired changes and then use:
```bash
$ helm upgrade -f config.yaml <your-release-name> loop/loop-enterprise-stack
```
## 3.1 Uninstalling Loop Enterprise Helm Chart
If you are done with your deployment and want to delete it, use `helm delete <your-release-name>`. If you don't know the name of your release, use `helm ls` to find it.
---
**[RU Русская версия]**
---
# Loop Enterprise Stack
Данный чарт разворачивает Loop Enterprise Edition, Postgresql и Minio.
# 1. Предварительные требования
## 1.1 Кластер Kubernetes
Необходим работающий кластер Kubernetes версии v1.8+. Если у вас его нет, ознакомьтесь с доступными вариантами и инструкцией по установке здесь:
[https://kubernetes.io/docs/setup/pick-right-solution/](https://kubernetes.io/docs/setup/pick-right-solution/)
## 1.2 Helm
См.: [https://docs.helm.sh/using\_helm/#quickstart](https://docs.helm.sh/using_helm/#quickstart)
Рекомендуется установить Helm версии v2.13.1 или новее.
После установки и инициализации Helm выполните следующую команду:
```bash
helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
```
## 1.3 Ingress
Чтобы опубликовать приложение вне вашей локальной сети, настройте ingress, если в вашем кластере Kubernetes он ещё не настроен.
Рекомендуем использовать [nginx-ingress](https://github.com/kubernetes/ingress-nginx), который мы используем внутри Loop.
Чтобы установить nginx-ingress в кластер Kubernetes, следуйте [официальной документации по установке](https://kubernetes.github.io/ingress-nginx/deploy/). Также можно использовать [чарты Helm](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx).
Чтобы nginx-кеш работал корректно, отредактируйте ConfigMap и Deployment согласно вышеуказанной инструкции.
## 1.4 Менеджер сертификатов
Если вы не хотите вручную добавлять SSL/TLS сертификаты, установите [cert-manager](https://github.com/jetstack/cert-manager). Вы можете следовать [этой документации](https://cert-manager.io/docs/) или установить [чарты Helm](https://artifacthub.io/packages/helm/cert-manager/cert-manager).
Для запуска через HTTPS потребуется добавить Kubernetes-секрет с SSL/TLS сертификатом, независимо от того, используете ли вы cert-manager или нет.
# 2. Конфигурация
## 2.1 Обязательные настройки
- `global.siteURL` — установите в адрес, по которому пользователи будут получать доступ к Loop, например:
`https://loop.example.com`
- `global.loopLicense` — укажите содержимое лицензионного файла **или** задайте существующий Kubernetes-секрет с ключом:
`global.existingLicenseSecret.name` и `global.existingLicenseSecret.key`
- **Конфигурация базы данных** — необходимо настроить подключение к PostgreSQL.
- **Конфигурация объектного хранилища** — нужно подключить MinIO или другое совместимое S3-хранилище.
Без этих параметров Loop **не будет работать корректно**
## 2.2 Версия приложения
Чтобы указать версию Loop, установите:
* `loopApp.image.tag` — укажите версию Loop-сервера, которую хотите установить (например: `7.10.2`)
## 2.3 Ingress
Если вы используете nginx-ingress, настройте следующее внутри `loopApp`:
```yaml
ingress:
enabled: true
hosts:
- loop.example.com
```
где `loop.example.com` — это ваше доменное имя, совпадающее с `global.siteURL`.
### 2.3.1 HTTPS
Для работы по HTTPS добавьте SSL/TLS сертификат в виде секрета в кластер Kubernetes вручную или [с помощью cert-manager](#14-certificate-manager).
Чтобы включить HTTPS, укажите следующее в `loopApp`:
```yaml
ingress:
enabled: true
hosts:
- loop.example.com
tls:
- secretName: your-tls-secret-name
hosts:
- loop.example.com
```
### 2.3.2 DNS
Чтобы направить пользователей с вашего домена на установку Loop, укажите домен на внешний IP или имя хоста, которое предоставляет ваш ingress.
В зависимости от используемого DNS-сервиса и Ingress-контроллера шаги могут отличаться. Если вы используете nginx-ingress, выполните следующее:
1. Выполните `kubectl describe svc your-nginx-ingress-controller`
* Замените `your-nginx-ingress-controller` на имя сервиса вашего ingress-контроллера
2. Скопируйте имя хоста, указанное рядом с `LoadBalancer Ingress:`
3. В DNS-сервисе создайте CNAME-запись, указывающую с вашего домена на скопированное имя хоста
4. Сохраните изменения и подождите 1015 минут, пока DNS-изменения вступят в силу
## 2.4 База данных и хранилище объектов
### 2.4.1 База данных
Мы используем чарт Bitnami Postgresql.
Рекомендуется обновить следующие параметры:
* `postgresql.global.postgresql.auth.password`
* `postgresql.global.postgresql.auth.user`
* `postgresql.global.postgresql.auth.database`
### 2.4.2 Хранилище
Для хранения файлов используется Minio.
Рекомендуется обновить следующие параметры:
* `loop-minio.accessKey`
* `loop-minio.secretKey`
* `loop-minio.defaultBuckets`
* `loop-minio.provisioning.users`
## 2.5 Push-уведомления
По умолчанию push-уведомления включены и используют HPNS.
# 3. Установка
После добавления репозитория Loop (см. раздел 1.2), установите нужную версию чарта с помощью команды:
```bash
$ helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
$ helm install <name> loop/loop-enterprise-stack --version <version_number>
```
Пример:
```bash
$ helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
$ helm install <name> loop/loop-enterprise-stack --version v0.8.2
```
Если версия чарта не указана, будет установлена последняя доступная.
Чтобы установить с пользовательским `config.yaml`, выполните:
```bash
$ helm install -f config.yaml loop/loop-enterprise-stack
```
Для обновления существующего релиза измените `config.yaml` и выполните:
```bash
$ helm upgrade -f config.yaml <your-release-name> loop/loop-enterprise-stack
```
## 3.1 Удаление Helm-чарта Loop Enterprise
Если вы завершили работу с loop и хотите удалить инстанс, выполните `helm delete <your-release-name>`. Если вы не знаете имя релиза, используйте `helm ls` для его поиска.

265
loop-enterprise-stack/values.yaml Normal file
View File

@ -0,0 +1,265 @@
global:
siteUrl: "loop.example.com" # REQUIRED SETTING, PLEASE UPDATE: "https://loop.example.com"
# Use an existing secret for License credential (see secret-loop-license.yaml for required fields)
existingLicenseSecret: {}
# name: ""
# key: ""
# REQUIRED SETTING, if no existing secret is provided.
loopLicense: ""
# Settings for configuration of LOOP
# For more details: https://docs.loop.ru/administration/config-settings
siteName: ""
enableTeamCreation: true
enableUserCreation: true
enableOpenServer: true
enableLinkPreviews: true
enableCustomEmoji: true
# Settings to enable email notifications
sendEmailNotifications: false
requireEmailVerification: false
feedbackName: ""
feedbackEmail: ""
feedbackOrganization: ""
smtpUsername: ""
smtpPassword: ""
smtpServer: ""
smtpPort: ""
connectionSecurity: "" # empty, TLS, or STARTTLS
features:
database:
external:
driver: "postgres"
dataSource: "loopuser:loop-password@loop-database:5432/loop-db?sslmode=disable" # <username>:<password>@@loop-database.<namespace>.svc.cluster.local:5432/<dbname>?connect_timeout=10&sslmode=disable
dataSourceReplicas: ""
existingDatabaseSecret: {}
jobserver:
name: jobserver
enabled: true
replicaCount: 1
strategy:
type: Recreate
rollingUpdate: null
revisionHistoryLimit: 2
service:
name: loop-app-jobserver
type: ClusterIP
nodeSelector: {}
affinity: {}
tolerations: []
extraEnv: {}
notifications:
# Push proxy must be configured or useHPNS must be true for push noticiations to work.
push:
enabled: true
# Hosted push notification service. Requires an enterprise license.
# More details at https://docs.loop.ru/mobile/mobile-hpns.
useHPNS: true
initContainerImage:
repository: appropriate/curl
tag: latest
imagePullPolicy: IfNotPresent
# LOOP deployment section.
# Use to configure the deploymento the LOOP servers.
loop-enterprise-edition:
loopApp:
replicaCount: 1
image:
repository: registry.loop.ru/loop/server
tag: 2025-03-03-1
pullPolicy: IfNotPresent
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
revisionHistoryLimit: 2
service:
name: loop-app
type: ClusterIP
externalPort: 8065
internalPort: 8065
metricsPort: 8067
clusterPort: 8075
gossipPort: 8074
metricsName: loop-app-metrics
ingress:
# Used to create Ingress record (should be used with service.type: ClusterIP).
enabled: true
hosts:
- loop.example.com
tls:
# Secrets must be manually created in the namespace.
# - secretName: chart-example-tls
# hosts:
# - loop.example.com
annotations: {}
ingressClassName: nginx
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 1
targetMemoryUtilizationPercentage: 50
targetCPUUtilizationPercentage: 50
nodeSelector: {}
affinity: {}
tolerations: []
resources: {}
# limits:
# cpu: 100m
# memory: 300Mi
# requests:
# cpu: 100m
# memory: 300Mi
extraInitContainers: []
# Add additional volumes and mounts, for example to add SAML keys in the app or other files the app server may need to access
extraVolumes: []
# - hostPath:
# path: /var/log
# name: varlog
extraVolumeMounts: []
# - name: varlog
# mountPath: /host/var/log
# readOnly: true
## Allows the specification of additional environment variables for LOOP
extraEnv:
- name: MM_ELASTICSEARCHSETTINGS_USERNAME
value: "" # Username Elasticsearch
- name: MM_ELASTICSEARCHSETTINGS_PASSWORD
value: "" # Password Elasticsearch
- name: MM_ELASTICSEARCHSETTINGS_CONNECTIONURL
value: "" # Elasticsearch URL
- name: MM_ELASTICSEARCHSETTINGS_ENABLEINDEXING
value: "false" # Use Elasticsearch indexing
- name: MM_ELASTICSEARCHSETTINGS_ENABLESEARCHING
value: "false" # Use Elasticsearch for searching
- name: MM_FILESETTINGS_AMAZONS3SSE
value: "false" #Env indicates whether SSL (Server-Side Encryption) is enabled for S3
- name: MM_FILESETTINGS_AMAZONS3SSL
value: "false" #Env indicates whether the connection to Amazon S3 should take place over SSL
- name: MM_FILESETTINGS_DRIVERNAME
value: "amazons3" #The name of the driver for working with files
- name: MM_FILESETTINGS_AMAZONS3ACCESSKEYID
value: "accesskey-minio" # S3 access key
- name: MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY
value: "secretkey-minio" # S3 secretaccess key
- name: MM_FILESETTINGS_AMAZONS3BUCKET
value: "loop-bucket" # S3 bucket name
- name: MM_FILESETTINGS_AMAZONS3ENDPOINT
value: "loop-minio:9000" # S3 endpoint url
- name: MM_FILESETTINGS_MAXFILESIZE
value: "1048576000" #The maximum file size to download, specified in bytes.
- name: MM_LOGSETTINGS_CONSOLEJSON
value: "false" #The flag indicates whether the output to the console should be in JSON format
- name: MM_LOGSETTINGS_CONSOLELEVEL
value: "DEBUG" #Logging level for console output
- name: MM_LOGSETTINGS_FILELEVEL
value: "DEBUG" #The logging level for writing to a file
- name: MM_PLUGINSETTINGS_AUTOMATICPREPACKAGEDPLUGINS
value: "true" #The flag indicates whether automatic loading of pre-packaged plugins is allowed
- name: MM_PLUGINSETTINGS_ENABLEUPLOADS
value: "true" #The flag indicates whether plugin downloads are allowed
- name: MM_SERVICEENVIRONMENT
value: "production" #The environment in which the application is running (for example, "production")
- name: MM_SERVICESETTINGS_ENABLEBOTACCOUNTCREATION
value: "true" #The flag indicates whether the creation of bot accounts is allowed
- name: MM_SERVICESETTINGS_ENABLEOAUTHSERVICEPROVIDER
value: "true" #It is used to determine whether the use of third-party OAuth service providers is allowed
- name: MM_SERVICESETTINGS_ENABLETESTING
value: "true" #The flag indicates whether testing is allowed
- name: MM_SERVICESETTINGS_ENABLEUSERACCESSTOKENS
value: "true" #The flag indicates whether user access tokens are allowed
- name: MM_SERVICESETTINGS_GIPHYSDKKEY
value: "" #Giphy SDK key for integration with Giphy
## The following environment variables are required to run loop in clustered mode.
# - name: MM_CLUSTERSETTINGS_ENABLE
# value: "true"
# - name: MM_CLUSTERSETTINGS_CLUSTERNAME
# value: "loop-example-cluster"
# - name: MM_CLUSTERSETTINGS_ENABLEEXPERIMENTALGOSSIPENCRYPTION
# value: "true"
# - name: MM_CLUSTERSETTINGS_ENABLEGOSSIPCOMPRESSION
# value: "false"
# - name: MM_CLUSTERSETTINGS_READONLYCONFIG
# value: "false"
## Additional pod annotations
extraPodAnnotations: {}
# Postgresql Section. Use this to configure postgresql.
# If you want to use an external database, disable this.
postgresql:
enabled: true
global:
postgresql:
auth:
database: "loop-db"
username: "loopuser"
password: "loop-password"
name: loop-database
fullnameOverride: loop-database
nameOverride: loop-database
primary:
persistence:
size: 500Mi
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 256Mi
# Minio Section. Use this to configure Minio storage.
# If you want to use external storage, disable this.
loop-minio:
enabled: true
accessKey: "accesskey-minio"
secretKey: "secretkey-minio"
name: loop-minio
fullnameOverride: loop-minio
nameOverride: loop-minio
persistence:
enabled: true
storageClass: ""
accessMode: ReadWriteOnce
size: 10Gi
resources:
requests:
memory: 256Mi
cpu: 250m
defaultBuckets: "loop-bucket"
provisioning:
enabled: true
users:
- username: accesskey-minio
password: secretkey-minio
disabled: false
policies:
- readwrite
serviceAccount:
create: false
name:
annotations: {}