wilix-infra/loop-onprem-charts
5
0
Fork 0
Code Pull Requests 1 Releases Activity

add loop helm chart

Browse Source
This commit is contained in:
Артем Дроздов
2025-07-22 09:25:50 +03:00
parent c00d31ebc4
commit 82b4aee59d
18 changed files with 1909 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
loop-enterprise-stack/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

32
loop-enterprise-stack/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
appVersion: 9.11.1
dependencies:
- name: loop-enterprise-edition
repository: https://artifacts.wilix.dev/repository/helm-loop
version: 1.0.0
alias: loop-enterprise-edition
- condition: postgresql.enabled
name: postgresql
repository: oci://registry-1.docker.io/bitnamicharts
version: 12.12.10
- condition: minio.enabled
name: minio
repository: oci://registry-1.docker.io/bitnamicharts
version: 12.8.9
alias: loop-minio
description: LOOP Enterprise server with high availability.
home: https://loop.ru
icon: https://artifacts.wilix.dev/repository/loop-files/assets/loop-icon.png
keywords:
- loop
- communication
- messaging
- team colaboration
maintainers:
- email: dmitry.aloyan@wilix.org
name: dmitry.aloyan
- email: stuart.armstrong@wilix.org
name: stuart.armstrong
name: loop-enterprise-stack
type: application
version: 1.0.1

343
loop-enterprise-stack/README.md Normal file
View File

@@ -0,0 +1,343 @@
Loop Enterprise Stack
====================================================
---
## ⚠️ **This chart is not compatible with the previous loop chart and should not be used to upgrade the previous chart. All data can be lost**
## ⚠️ **The default values for minio and postgres are specified in the chart, they must be changed by you.
## ⚠️ **Этот chart несовместим с предыдущим loop chart, и не должн использоваться для обновления предыдущей версии loop chart. Все данные могут быть потеряны
## ⚠️ **В chart указаны значения для minio и postgres по умолчанию, они должны быть изменены вами
---
This chart deploys Loop Enterprise Edition, Postgresql and Minio. It is subject to changes. To use external Postgresql and S3 resources deploy the Loop Enterprise Edition chart.
# 1. Prerequisites
## 1.1 Kubernetes Cluster
You need a running Kubernetes cluster v1.8+. If you do not have one, find options and installation instructions here:
https://kubernetes.io/docs/setup/pick-right-solution/
## 1.2 Helm
See: https://docs.helm.sh/using_helm/#quickstart
We recommend installing Helm v2.13.1 or later.
Once Helm is installed and initialized, run the following:
```bash
helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
```
## 1.3 Ingress
To expose the application outside of your network, configure an ingress if your Kubernetes cluster doesn't already have one.
We suggest using [nginx-ingress](https://github.com/kubernetes/ingress-nginx), which we use internally at Loop.
To install nginx-ingress in your Kubernetes cluster, follow [the official installation documentation](https://kubernetes.github.io/ingress-nginx/deploy/). You may also use the [helm charts](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx) directly.
To get the nginx cache to work, adjust the ConfigMap and Deployment from the above instructions.
## 1.4 Certificate Manager
If you do not want to manually add SSL/TLS certificates, install [cert-manager](https://github.com/jetstack/cert-manager). You can follow [this documentation](https://cert-manager.io/docs/) or install the [helm charts](https://artifacthub.io/packages/helm/cert-manager/cert-manager).
To run with HTTPS you will need to add a Kubernetes secret for your SSL/TLS certificate, whether you use cert-manager or not.
# 2. Configuration
## 2.1 Required Settings
At minimum the following settings must be updated:
* `global.siteURL` - set this to the URL your users will use to access Loop, e.g. `https://loop.example.com`
* `global.loopLicense` - set this to the contents of your license file or provide an existing secret. `global.existingLicenseSecret.name` `global.existingLicenseSecret.key`
* Database Configuration
* Object Storage Configuration
Without these settings, Loop will not run correctly.
## 2.2 Application Version
To set the Loop application version, update:
* `loopApp.image.tag` - set this to the Loop server version you wish to install (e.g. `7.10.2`)
## 2.3 Ingress
If you are using nginx-ingress, set the following under `loopApp`:
```yaml
ingress:
enabled: true
hosts:
- loop.example.com
```
where `loop.example.com` is your domain name and matches `global.siteURL`.
### 2.3.1 HTTPS
To run with HTTPS, add an SSL/TLS certificate as a secret to your Kubernetes cluster, either manually or [using cert-manager](#14-certificate-manager).
Set the following under `loopApp` to enable HTTPS:
```yaml
ingress:
enabled: true
hosts:
- loop.example.com
tls:
- secretName: your-tls-secret-name
hosts:
- loop.example.com
```
### 2.3.2 DNS
To route users from your domain name to your Loop installation, point your domain name at the external IP or domain that your ingress exposes.
Depending on the DNS service and Ingress you're using, the steps can vary. If you are using nginx-ingress, you would do something like this:
1. Run `kubectl describe svc your-nginx-ingress-controller`
* Replace `your-nginx-ingress-controller` with the name of your ingress controller service
2. Copy the domain name beside `LoadBalancer Ingress:`
3. On your DNS service, create a CNAME record pointing from the domain you'd like to use to the domain name you just copied
4. Save, and wait 10-15 minutes for the DNS change to propagate
## 2.4 Database and Object Storage
### 2.4.1 Database
We use the Bitnami Postgresql chart.
We recommend updating the following settings:
* `postgresql.global.postgresql.auth.password`
* `postgresql.global.postgresql.auth.user`
* `postgresql.global.postgresql.auth.database`
### 2.4.2 Storage
We use Minio for file storage.
We recommend updating the following settings:
* `loop-minio.accessKey`
* `loop-minio.secretKey`
* `loop-minio.defaultBuckets`
* `loop-minio.provisioning.users`
## 2.5 Push Notifications
By default push notifications are enabled using HPNS.
### 2.5.1
#### Settings for pushproxy
# 3. Install
After adding the Loop repo (see section 1.2) you can install a version of the preferred chart by running:
```bash
$ helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
$ helm install <name> loop/loop-enterprise-stack --version <version_number>
```
For example:
```bash
$ helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
$ helm install <name> loop/loop-enterprise-stack --version v0.8.2
```
If no Helm Chart version is specified the latest version will be installed.
To run with your custom `config.yaml`, install using:
```bash
$ helm install -f config.yaml loop/loop-enterprise-stack
```
To upgrade an existing release, modify the `config.yaml` with your desired changes and then use:
```bash
$ helm upgrade -f config.yaml <your-release-name> loop/loop-enterprise-stack
```
## 3.1 Uninstalling Loop Enterprise Helm Chart
If you are done with your deployment and want to delete it, use `helm delete <your-release-name>`. If you don't know the name of your release, use `helm ls` to find it.
---
**[RU Русская версия]**
---
# Loop Enterprise Stack
Данный чарт разворачивает Loop Enterprise Edition, Postgresql и Minio.
# 1. Предварительные требования
## 1.1 Кластер Kubernetes
Необходим работающий кластер Kubernetes версии v1.8+. Если у вас его нет, ознакомьтесь с доступными вариантами и инструкцией по установке здесь:
[https://kubernetes.io/docs/setup/pick-right-solution/](https://kubernetes.io/docs/setup/pick-right-solution/)
## 1.2 Helm
См.: [https://docs.helm.sh/using\_helm/#quickstart](https://docs.helm.sh/using_helm/#quickstart)
Рекомендуется установить Helm версии v2.13.1 или новее.
После установки и инициализации Helm выполните следующую команду:
```bash
helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
```
## 1.3 Ingress
Чтобы опубликовать приложение вне вашей локальной сети, настройте ingress, если в вашем кластере Kubernetes он ещё не настроен.
Рекомендуем использовать [nginx-ingress](https://github.com/kubernetes/ingress-nginx), который мы используем внутри Loop.
Чтобы установить nginx-ingress в кластер Kubernetes, следуйте [официальной документации по установке](https://kubernetes.github.io/ingress-nginx/deploy/). Также можно использовать [чарты Helm](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx).
Чтобы nginx-кеш работал корректно, отредактируйте ConfigMap и Deployment согласно вышеуказанной инструкции.
## 1.4 Менеджер сертификатов
Если вы не хотите вручную добавлять SSL/TLS сертификаты, установите [cert-manager](https://github.com/jetstack/cert-manager). Вы можете следовать [этой документации](https://cert-manager.io/docs/) или установить [чарты Helm](https://artifacthub.io/packages/helm/cert-manager/cert-manager).
Для запуска через HTTPS потребуется добавить Kubernetes-секрет с SSL/TLS сертификатом, независимо от того, используете ли вы cert-manager или нет.
# 2. Конфигурация
## 2.1 Обязательные настройки
- `global.siteURL` — установите в адрес, по которому пользователи будут получать доступ к Loop, например:
`https://loop.example.com`
- `global.loopLicense` — укажите содержимое лицензионного файла **или** задайте существующий Kubernetes-секрет с ключом:
`global.existingLicenseSecret.name` и `global.existingLicenseSecret.key`
- **Конфигурация базы данных** — необходимо настроить подключение к PostgreSQL.
- **Конфигурация объектного хранилища** — нужно подключить MinIO или другое совместимое S3-хранилище.
Без этих параметров Loop **не будет работать корректно**
## 2.2 Версия приложения
Чтобы указать версию Loop, установите:
* `loopApp.image.tag` — укажите версию Loop-сервера, которую хотите установить (например: `7.10.2`)
## 2.3 Ingress
Если вы используете nginx-ingress, настройте следующее внутри `loopApp`:
```yaml
ingress:
enabled: true
hosts:
- loop.example.com
```
где `loop.example.com` — это ваше доменное имя, совпадающее с `global.siteURL`.
### 2.3.1 HTTPS
Для работы по HTTPS добавьте SSL/TLS сертификат в виде секрета в кластер Kubernetes вручную или [с помощью cert-manager](#14-certificate-manager).
Чтобы включить HTTPS, укажите следующее в `loopApp`:
```yaml
ingress:
enabled: true
hosts:
- loop.example.com
tls:
- secretName: your-tls-secret-name
hosts:
- loop.example.com
```
### 2.3.2 DNS
Чтобы направить пользователей с вашего домена на установку Loop, укажите домен на внешний IP или имя хоста, которое предоставляет ваш ingress.
В зависимости от используемого DNS-сервиса и Ingress-контроллера шаги могут отличаться. Если вы используете nginx-ingress, выполните следующее:
1. Выполните `kubectl describe svc your-nginx-ingress-controller`
* Замените `your-nginx-ingress-controller` на имя сервиса вашего ingress-контроллера
2. Скопируйте имя хоста, указанное рядом с `LoadBalancer Ingress:`
3. В DNS-сервисе создайте CNAME-запись, указывающую с вашего домена на скопированное имя хоста
4. Сохраните изменения и подождите 1015 минут, пока DNS-изменения вступят в силу
## 2.4 База данных и хранилище объектов
### 2.4.1 База данных
Мы используем чарт Bitnami Postgresql.
Рекомендуется обновить следующие параметры:
* `postgresql.global.postgresql.auth.password`
* `postgresql.global.postgresql.auth.user`
* `postgresql.global.postgresql.auth.database`
### 2.4.2 Хранилище
Для хранения файлов используется Minio.
Рекомендуется обновить следующие параметры:
* `loop-minio.accessKey`
* `loop-minio.secretKey`
* `loop-minio.defaultBuckets`
* `loop-minio.provisioning.users`
## 2.5 Push-уведомления
По умолчанию push-уведомления включены и используют HPNS.
# 3. Установка
После добавления репозитория Loop (см. раздел 1.2), установите нужную версию чарта с помощью команды:
```bash
$ helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
$ helm install <name> loop/loop-enterprise-stack --version <version_number>
```
Пример:
```bash
$ helm repo add loop https://artifacts.wilix.dev/repository/helm-loop
$ helm install <name> loop/loop-enterprise-stack --version v0.8.2
```
Если версия чарта не указана, будет установлена последняя доступная.
Чтобы установить с пользовательским `config.yaml`, выполните:
```bash
$ helm install -f config.yaml loop/loop-enterprise-stack
```
Для обновления существующего релиза измените `config.yaml` и выполните:
```bash
$ helm upgrade -f config.yaml <your-release-name> loop/loop-enterprise-stack
```
## 3.1 Удаление Helm-чарта Loop Enterprise
Если вы завершили работу с loop и хотите удалить инстанс, выполните `helm delete <your-release-name>`. Если вы не знаете имя релиза, используйте `helm ls` для его поиска.

265
loop-enterprise-stack/values.yaml Normal file
View File

@@ -0,0 +1,265 @@
global:
siteUrl: "loop.example.com" # REQUIRED SETTING, PLEASE UPDATE: "https://loop.example.com"
# Use an existing secret for License credential (see secret-loop-license.yaml for required fields)
existingLicenseSecret: {}
# name: ""
# key: ""
# REQUIRED SETTING, if no existing secret is provided.
loopLicense: ""
# Settings for configuration of LOOP
# For more details: https://docs.loop.ru/administration/config-settings
siteName: ""
enableTeamCreation: true
enableUserCreation: true
enableOpenServer: true
enableLinkPreviews: true
enableCustomEmoji: true
# Settings to enable email notifications
sendEmailNotifications: false
requireEmailVerification: false
feedbackName: ""
feedbackEmail: ""
feedbackOrganization: ""
smtpUsername: ""
smtpPassword: ""
smtpServer: ""
smtpPort: ""
connectionSecurity: "" # empty, TLS, or STARTTLS
features:
database:
external:
driver: "postgres"
dataSource: "loopuser:loop-password@loop-database:5432/loop-db?sslmode=disable" # <username>:<password>@@loop-database.<namespace>.svc.cluster.local:5432/<dbname>?connect_timeout=10&sslmode=disable
dataSourceReplicas: ""
existingDatabaseSecret: {}
jobserver:
name: jobserver
enabled: true
replicaCount: 1
strategy:
type: Recreate
rollingUpdate: null
revisionHistoryLimit: 2
service:
name: loop-app-jobserver
type: ClusterIP
nodeSelector: {}
affinity: {}
tolerations: []
extraEnv: {}
notifications:
# Push proxy must be configured or useHPNS must be true for push noticiations to work.
push:
enabled: true
# Hosted push notification service. Requires an enterprise license.
# More details at https://docs.loop.ru/mobile/mobile-hpns.
useHPNS: true
initContainerImage:
repository: appropriate/curl
tag: latest
imagePullPolicy: IfNotPresent
# LOOP deployment section.
# Use to configure the deploymento the LOOP servers.
loop-enterprise-edition:
loopApp:
replicaCount: 1
image:
repository: registry.loop.ru/loop/server
tag: 2025-03-03-1
pullPolicy: IfNotPresent
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
revisionHistoryLimit: 2
service:
name: loop-app
type: ClusterIP
externalPort: 8065
internalPort: 8065
metricsPort: 8067
clusterPort: 8075
gossipPort: 8074
metricsName: loop-app-metrics
ingress:
# Used to create Ingress record (should be used with service.type: ClusterIP).
enabled: true
hosts:
- loop.example.com
tls:
# Secrets must be manually created in the namespace.
# - secretName: chart-example-tls
# hosts:
# - loop.example.com
annotations: {}
ingressClassName: nginx
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 1
targetMemoryUtilizationPercentage: 50
targetCPUUtilizationPercentage: 50
nodeSelector: {}
affinity: {}
tolerations: []
resources: {}
# limits:
# cpu: 100m
# memory: 300Mi
# requests:
# cpu: 100m
# memory: 300Mi
extraInitContainers: []
# Add additional volumes and mounts, for example to add SAML keys in the app or other files the app server may need to access
extraVolumes: []
# - hostPath:
# path: /var/log
# name: varlog
extraVolumeMounts: []
# - name: varlog
# mountPath: /host/var/log
# readOnly: true
## Allows the specification of additional environment variables for LOOP
extraEnv:
- name: MM_ELASTICSEARCHSETTINGS_USERNAME
value: "" # Username Elasticsearch
- name: MM_ELASTICSEARCHSETTINGS_PASSWORD
value: "" # Password Elasticsearch
- name: MM_ELASTICSEARCHSETTINGS_CONNECTIONURL
value: "" # Elasticsearch URL
- name: MM_ELASTICSEARCHSETTINGS_ENABLEINDEXING
value: "false" # Use Elasticsearch indexing
- name: MM_ELASTICSEARCHSETTINGS_ENABLESEARCHING
value: "false" # Use Elasticsearch for searching
- name: MM_FILESETTINGS_AMAZONS3SSE
value: "false" #Env indicates whether SSL (Server-Side Encryption) is enabled for S3
- name: MM_FILESETTINGS_AMAZONS3SSL
value: "false" #Env indicates whether the connection to Amazon S3 should take place over SSL
- name: MM_FILESETTINGS_DRIVERNAME
value: "amazons3" #The name of the driver for working with files
- name: MM_FILESETTINGS_AMAZONS3ACCESSKEYID
value: "accesskey-minio" # S3 access key
- name: MM_FILESETTINGS_AMAZONS3SECRETACCESSKEY
value: "secretkey-minio" # S3 secretaccess key
- name: MM_FILESETTINGS_AMAZONS3BUCKET
value: "loop-bucket" # S3 bucket name
- name: MM_FILESETTINGS_AMAZONS3ENDPOINT
value: "loop-minio:9000" # S3 endpoint url
- name: MM_FILESETTINGS_MAXFILESIZE
value: "1048576000" #The maximum file size to download, specified in bytes.
- name: MM_LOGSETTINGS_CONSOLEJSON
value: "false" #The flag indicates whether the output to the console should be in JSON format
- name: MM_LOGSETTINGS_CONSOLELEVEL
value: "DEBUG" #Logging level for console output
- name: MM_LOGSETTINGS_FILELEVEL
value: "DEBUG" #The logging level for writing to a file
- name: MM_PLUGINSETTINGS_AUTOMATICPREPACKAGEDPLUGINS
value: "true" #The flag indicates whether automatic loading of pre-packaged plugins is allowed
- name: MM_PLUGINSETTINGS_ENABLEUPLOADS
value: "true" #The flag indicates whether plugin downloads are allowed
- name: MM_SERVICEENVIRONMENT
value: "production" #The environment in which the application is running (for example, "production")
- name: MM_SERVICESETTINGS_ENABLEBOTACCOUNTCREATION
value: "true" #The flag indicates whether the creation of bot accounts is allowed
- name: MM_SERVICESETTINGS_ENABLEOAUTHSERVICEPROVIDER
value: "true" #It is used to determine whether the use of third-party OAuth service providers is allowed
- name: MM_SERVICESETTINGS_ENABLETESTING
value: "true" #The flag indicates whether testing is allowed
- name: MM_SERVICESETTINGS_ENABLEUSERACCESSTOKENS
value: "true" #The flag indicates whether user access tokens are allowed
- name: MM_SERVICESETTINGS_GIPHYSDKKEY
value: "" #Giphy SDK key for integration with Giphy
## The following environment variables are required to run loop in clustered mode.
# - name: MM_CLUSTERSETTINGS_ENABLE
# value: "true"
# - name: MM_CLUSTERSETTINGS_CLUSTERNAME
# value: "loop-example-cluster"
# - name: MM_CLUSTERSETTINGS_ENABLEEXPERIMENTALGOSSIPENCRYPTION
# value: "true"
# - name: MM_CLUSTERSETTINGS_ENABLEGOSSIPCOMPRESSION
# value: "false"
# - name: MM_CLUSTERSETTINGS_READONLYCONFIG
# value: "false"
## Additional pod annotations
extraPodAnnotations: {}
# Postgresql Section. Use this to configure postgresql.
# If you want to use an external database, disable this.
postgresql:
enabled: true
global:
postgresql:
auth:
database: "loop-db"
username: "loopuser"
password: "loop-password"
name: loop-database
fullnameOverride: loop-database
nameOverride: loop-database
primary:
persistence:
size: 500Mi
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 250m
memory: 256Mi
# Minio Section. Use this to configure Minio storage.
# If you want to use external storage, disable this.
loop-minio:
enabled: true
accessKey: "accesskey-minio"
secretKey: "secretkey-minio"
name: loop-minio
fullnameOverride: loop-minio
nameOverride: loop-minio
persistence:
enabled: true
storageClass: ""
accessMode: ReadWriteOnce
size: 10Gi
resources:
requests:
memory: 256Mi
cpu: 250m
defaultBuckets: "loop-bucket"
provisioning:
enabled: true
users:
- username: accesskey-minio
password: secretkey-minio
disabled: false
policies:
- readwrite
serviceAccount:
create: false
name:
annotations: {}