diff --git a/ix-dev/stable/collabora/app.yaml b/ix-dev/stable/collabora/app.yaml index b9c0c4af2c..b97d172456 100644 --- a/ix-dev/stable/collabora/app.yaml +++ b/ix-dev/stable/collabora/app.yaml @@ -1,3 +1,5 @@ +annotations: + min_scale_version: '25.04' app_version: 24.04.12.2.1 capabilities: - description: Collabora and Nginx are able to chown files. @@ -53,4 +55,4 @@ sources: - https://hub.docker.com/r/collabora/code title: Collabora train: stable -version: 1.2.13 +version: 1.3.0 diff --git a/ix-dev/stable/collabora/migrations.yaml b/ix-dev/stable/collabora/migrations.yaml new file mode 100644 index 0000000000..7240b558c5 --- /dev/null +++ b/ix-dev/stable/collabora/migrations.yaml @@ -0,0 +1,4 @@ +migrations: + - file: ip_port_migration + target: + min_version: 1.3.0 diff --git a/ix-dev/stable/collabora/migrations/ip_port_migration b/ix-dev/stable/collabora/migrations/ip_port_migration new file mode 100755 index 0000000000..381ef3d30d --- /dev/null +++ b/ix-dev/stable/collabora/migrations/ip_port_migration @@ -0,0 +1,23 @@ +#!/usr/bin/python3 + +import os +import sys +import yaml + + +def migrate(values): + values["network"]["web_port"] = { + "port_number": values["network"]["web_port"], + "bind_mode": "published", + "host_ips": [], + } + return values + + +if __name__ == "__main__": + if len(sys.argv) != 2: + exit(1) + + if os.path.exists(sys.argv[1]): + with open(sys.argv[1], "r") as f: + print(yaml.dump(migrate(yaml.safe_load(f.read())))) diff --git a/ix-dev/stable/collabora/questions.yaml b/ix-dev/stable/collabora/questions.yaml index 58d1743290..3819e6dcbc 100644 --- a/ix-dev/stable/collabora/questions.yaml +++ b/ix-dev/stable/collabora/questions.yaml @@ -152,13 +152,51 @@ questions: attrs: - variable: web_port label: WebUI Port - description: The port for Collabora WebUI schema: - type: int - default: 9980 - required: true - $ref: - - definitions/port + type: dict + attrs: + - variable: bind_mode + label: Port Bind Mode + description: | + The port bind mode.
+ - Publish: The port will be published on the host for external access.
+ - Expose: The port will be exposed for inter-container communication.
+ - None: The port will not be exposed or published.
+ Note: If the Dockerfile defines an EXPOSE directive, + the port will still be exposed for inter-container communication regardless of this setting. + schema: + type: string + default: "published" + enum: + - value: "published" + description: Publish port on the host for external access + - value: "exposed" + description: Expose port for inter-container communication + - value: "" + description: None + - variable: port_number + label: Port Number + schema: + type: int + show_if: [["bind_mode", "=", "published"]] + default: 9980 + required: true + $ref: + - definitions/port + - variable: host_ips + label: Host IPs + description: IPs on the host to bind this port + schema: + type: list + default: [] + items: + - variable: host_ip + label: Host IP + schema: + type: string + required: true + $ref: + - definitions/node_bind_ip - variable: certificate_id label: Certificate ID description: The certificate ID to use for Elastic Search. diff --git a/ix-dev/stable/collabora/templates/docker-compose.yaml b/ix-dev/stable/collabora/templates/docker-compose.yaml index 12c26dabf1..e233aec733 100644 --- a/ix-dev/stable/collabora/templates/docker-compose.yaml +++ b/ix-dev/stable/collabora/templates/docker-compose.yaml @@ -8,8 +8,8 @@ {% set nginx.x = tpl.add_container(values.consts.nginx_container_name, "nginx_image") %} {% do nginx.x.depends.add_dependency(values.consts.collabora_container_name, "service_healthy") %} {% do nginx.x.add_caps(["CHOWN", "FOWNER", "DAC_OVERRIDE", "SETGID", "SETUID"]) %} - {% do nginx.x.healthcheck.set_test("curl", {"port": values.network.web_port, "path": "/robots.txt", "scheme": "https"}) %} - {% do nginx.x.ports.add_port(values.network.web_port, values.network.web_port) %} + {% do nginx.x.healthcheck.set_test("curl", {"port": values.network.web_port.port_number, "path": "/robots.txt", "scheme": "https"}) %} + {% do nginx.x.add_port(values.network.web_port) %} {% set cert = values.ix_certificates[values.network.certificate_id] %} {% do nginx.x.configs.add("private", cert.privatekey, values.consts.nginx_ssl_key_path) %} @@ -20,7 +20,7 @@ {% do nginx.x.add_storage("/var/cache/nginx", {"type": "anonymous"}) %} {% do nginx.x.add_storage("/var/run", {"type": "anonymous"}) %} {% else %} - {% do c1.ports.add_port(values.network.web_port, values.consts.internal_collabora_web_port) %} + {% do c1.add_port(values.network.web_port, {"container_port": values.consts.internal_collabora_web_port}) %} {% endif %} {% do c1.remove_security_opt("no-new-privileges") %} @@ -32,7 +32,7 @@ {% do c1.environment.add_env("dictionaries", values.collabora.dictionaries|join(" ")) %} {% do c1.environment.add_env("extra_params", values.collabora.extra_params|join(" ")) %} {% do c1.environment.add_env("DONT_GEN_SSL_CERT", true) %} -{% do c1.environment.add_env("server_name", values.collabora.server_name if ":" in values.collabora.server_name else "%s:%d"|format(values.collabora.server_name, values.network.web_port)) %} +{% do c1.environment.add_env("server_name", values.collabora.server_name if ":" in values.collabora.server_name else "%s:%d"|format(values.collabora.server_name, values.network.web_port.port_number)) %} {% if values.collabora.enable_webui %} {% do c1.environment.add_env("username", values.collabora.username) %} {% do c1.environment.add_env("password", values.collabora.password) %} @@ -46,6 +46,6 @@ {% set proto = "https" if values.network.certificate_id else "http" %} {% set path = "/browser/dist/admin/admin.html" if values.collabora.enable_webui else "/" %} -{% do tpl.portals.add_portal({"port": values.network.web_port, "scheme": proto, "path": path}) %} +{% do tpl.portals.add_portal({"port": values.network.web_port.port_number, "scheme": proto, "path": path}) %} {{ tpl.render() | tojson }} diff --git a/ix-dev/stable/collabora/templates/macros/nginx.conf.jinja b/ix-dev/stable/collabora/templates/macros/nginx.conf.jinja index c54a005375..1678188487 100644 --- a/ix-dev/stable/collabora/templates/macros/nginx.conf.jinja +++ b/ix-dev/stable/collabora/templates/macros/nginx.conf.jinja @@ -1,5 +1,5 @@ {% macro nginx_conf(values) -%} -{%- set nginx_host = "%s:%d" | format(values.consts.nginx_container_name, values.network.web_port) %} +{%- set nginx_host = "%s:%d" | format(values.consts.nginx_container_name, values.network.web_port.port_number) %} {%- set nginx_url = "https://%s" | format(nginx_host) %} events { worker_connections 1024; @@ -23,7 +23,7 @@ http { client_body_temp_path /var/tmp/firmware; server { server_name "{{ nginx_host }}"; - listen 0.0.0.0:{{ values.network.web_port }} default_server ssl http2; + listen 0.0.0.0:{{ values.network.web_port.port_number }} default_server ssl http2; ssl_certificate "{{ values.consts.nginx_ssl_cert_path }}"; ssl_certificate_key "{{ values.consts.nginx_ssl_key_path }}"; ssl_session_timeout 120m; diff --git a/ix-dev/stable/collabora/templates/test_values/basic-values.yaml b/ix-dev/stable/collabora/templates/test_values/basic-values.yaml index 39b458e6d0..fe40f84d76 100644 --- a/ix-dev/stable/collabora/templates/test_values/basic-values.yaml +++ b/ix-dev/stable/collabora/templates/test_values/basic-values.yaml @@ -24,7 +24,9 @@ collabora: additional_envs: [] network: certificate_id: - web_port: 8080 + web_port: + bind_mode: published + port_number: 9980 storage: additional_storage: [] diff --git a/ix-dev/stable/collabora/templates/test_values/https-values.yaml b/ix-dev/stable/collabora/templates/test_values/https-values.yaml index f8dfcf78b0..845404e620 100644 --- a/ix-dev/stable/collabora/templates/test_values/https-values.yaml +++ b/ix-dev/stable/collabora/templates/test_values/https-values.yaml @@ -24,7 +24,9 @@ collabora: additional_envs: [] network: certificate_id: "2" - web_port: 8080 + web_port: + bind_mode: published + port_number: 9980 storage: additional_storage: []