App Suite Releases
  • 8.35
  • 7.10.6
Imprint
  • 8.35
  • 7.10.6
Imprint
  • Release 8.40
    • Noteworthy Changes
      • Important Changes
      • App Suite CacheService
      • App Suite Middleware
    • Changelogs
      • App Suite UI
      • App Suite Middleware
      • Additional Components
        • AI Service
        • Switchboard
    • Helm Charts
      • App Suite Stack Chart
      • Helm Chart core-cacheservice
      • Document Converter
      • Image Converter
      • App Suite Middleware Core
      • SpellCheck
      • Switchboard
  • Release 8.39
  • Release 8.38
  • Release 8.37
  • Release 8.36
  • Release 8.35

Helm Chart core-cacheservice

This Helm Chart deploys Cache service core in a kubernetes cluster.

Introduction

This Chart includes the following components:

  • Cache service application container to deploy in a kubernetes cluster.

Requirements

Requires Kubernetes v1.19+

Dependencies

This section will provide details about specific requirements in addition to this Helm Chart.

Pushing to registry

From wihtin ${PROJECT_DIR}/helm/core-cacheservice directory:

helm repo add ox-documents-registry https://registry.open-xchange.com/chartrepo/documents
helm repo update
helm push . ox-documents-registry

Test installation

Run a test against a cluster deployment:

helm repo add ox-documents-registry https://registry.open-xchange.com/chartrepo/documents
helm repo update
helm install --dry-run --debug --generate-name --version [VERSION] ox-documents-registry/core-cacheservice

Installing the chart

Install the Chart with the release name 'alice':

helm repo add ox-documents-registry https://registry.open-xchange.com/chartrepo/documents
helm repo update
helm install alice --version [VERSION] ox-documents-registry/core-cacheservice [-f path/to/values_with_credentials.yaml]

Configuration

ParameterDescriptionDefault
defaultRegistryThe image registryregistry.open-xchange.com
image.repositoryThe image repositorycore-cacheservice
image.tagThe image tag``
image.pullPolicyThe imagePullPolicy for the deploymentIfNotPresent
imagePullSecretsList of references to secrets for image registries[]
ingress.enabledMake ImageConverter service reachable from outside of clusterfalse
ingress.controllerThe type of controller to use, possible values are nginx and traefiknginx
ingress.hostsThe list of hosts the service can be reached from. Set to empty to allow from everywhere.[]
ingress.hosts.hostThe host the service can be reached fromchart-example.local
existingPropertiesSecretThe name of an already existing secret within the deployment namespace, containing lean config values (e.g. user names and passwords for BasicAuth as well as database, S3 access etc.)``
basicAuthLoginThe user name for BasicAuth login, required for protected HTTP API calls``
basicAuthPasswordThe password for BasicAuth login, required for protected HTTP API calls``
cacheService.cacheDefaults.maxEntriesThe maximum number of cache key entries. Use -1 for unlimited.1000000
cacheService.cacheDefaults.maxSizeMegaBytesThe maximum size of all cache key entries combined. Use -1 for unlimited.-1
cacheService.cacheDefaults.maxLifetimeSecondsThe maximum age in seconds of a cache key entry before it gets removed. Use -1 for unlimited.2592000
cacheService.cacheDefaults.cleanupPeriodSecondsThe period in seconds after which the next cache cleanup will be performed300
cacheService.mysql.hostThe CacheService database connection host``
cacheService.mysql.portThe CacheService database connection port3306
cacheService.mysql.databaseThe CacheService database connection schemacacheservicedb
cacheService.mysql.auth.userThe CacheService database connection user``
cacheService.mysql.auth.passwordThe CacheService database connection password``
cacheService.mysql.auth.rootPasswordThe CacheService database connection root password to create e.g. a new database``
cacheService.mysql.propertiesThe optional CacheService database connection properties to pass to the database drivers.[]
cacheService.s3ObjectStoresThe list of S3 object stores to use[]
cacheService.s3ObjectStores.idThe numeric id of the current S3 based object store that shouldn't be changed once assigned``
cacheService.s3ObjectStores.endpointThe endpoint URL of the current S3 object store``
cacheService.s3ObjectStores.regionThe region of the current S3 object storeeu-central-1
cacheService.s3ObjectStores.bucketNameThe bucket name of the current S3 object storecacheservice
cacheService.s3ObjectStores.accessKeyThe access key of the current S3 object store``
cacheService.s3ObjectStores.secretKeyThe secret key of the current S3 object store``
cacheService.sproxydObjectStoresThe list of SproxyD object stores to use[]
cacheService.sproxydObjectStores.idThe numeric id of the current SproxyD based object store that shouldn't be changed once assigned``
cacheService.sproxydObjectStores.endpointThe endpoint URL of the current SproxyD based object store``
cacheService.sproxydObjectStores.pathThe path where to store objects in the current SproxyD based object storeproxyd/cacheservice
persistence.enabledSpecifies if cluster volumes are mounted by container. Using emptyDir Volumes when false.false
logging.*Specifies logging configuration values.
All file size related values are specified either in Bytes (no Postfix), KiloBytes (KB postfix), MegaBytes (MB postfix) or GigaBytes (GB postfix).
``
envConfiguration properties passed to the service via environment variables[]

Configuration of service properties via existing secret

In most cases, like with this service, the Helm stack chart provided values for a service are transformed into a ConfigMap properties file created during the Helm stackchart update/install step for a deployment. These config values are then used by the service container/pod during startup. Although this approach covers all relevant config properties for the service, it is often desirable for the admin to specify all or just some of the service config properties via a kubernetes secret for e.g. security reasons.

To provide a way to use service config values from an existing secret within the current deployment namespace, the service Helm chart contains a property to specify the name of an existing secret within the deployment namespace: .Values.existingPropertiesSecret. Service properties (key/value pairs) set within this secret always have precedence over service properties contained within the Helm chart created ConfigMap property values.

Documentation for the service-specific configuration values can be found at this configuration values location.

Since authorization data is most prone to security attacks, the following example will concentrate on these properties only, although all other service properties can be set via a deployed secret this way as well:

  • HTTP API BasicAuth properties (com.openexchange.cacheservice.basicAuth.user, com.openexchange.cacheservice.basicAuth.password)
  • DB authorization properties (com.openexchange.cacheservice.database.user, com.openexchange.cacheservice.database.password, com.openexchange.cacheservice.database.rootPassword)
  • S3 authorization properties (com.openexchange.cacheservice.objectstore.s3.1.accessKey, com.openexchange.cacheservice.objectstore.s3.1.secretKey)

Example steps to provide a service config properties/values secret to be used by the deployed service

Step 1

First of all, a secret containing all required service config property keys and values needs to be created (current filename is ./myCacheServiceSecret.yaml) Please note that all config values need to be set as Base64 encoded values. All my* names and values need to be adjusted according to the admins' requirements.

apiVersion: v1
kind: Secret
metadata:
  name: my-cacheservice-secret
type: Opaque
data:
  com.openexchange.cacheservice.basicAuth.user: bXlCYXNpY0F1dGhVc2VyCg==  # Base64 encoded value of `myBasicAuthUser`
  com.openexchange.cacheservice.basicAuth.password: bXlCYXNpY0F1dGhQYXNzd29yZAo=  # Base64 encoded value of `myBasicAuthPassword`
  com.openexchange.cacheservice.database.user: bXlEQlVzZXIK  # Base64 encoded value of `myDBUser`
  com.openexchange.cacheservice.database.password: bXlEQlBhc3N3b3JkCg==  # Base64 encoded value of `myDBPassword`
  com.openexchange.cacheservice.database.rootPassword: bXlEQlJvb3RQYXNzd29yZAo=  # Base64 encoded value of `myDBRootPassword`
  com.openexchange.cacheservice.objectstore.s3.1.accessKey: bXlTM0FjY2Vzc0tleQo=  # Base64 encoded value of `myS3AccessKey`
  com.openexchange.cacheservice.objectstore.s3.1.secretKey: bXlTM1NlY3JldEtleQo=  # Base64 encoded value of `myS3SecretKey`

Step 2

After preparing all config values within the secret definition, the secret itself needs to be deployed or updated to the deployment namespace.

kubectl replace --force=true --namespace=myNamespace --filename=./myCacheServiceSecret.yaml

Step 3

After the property secret has been deployed to the cluster namespace the admin needs to adjust the service .Values.existingPropertiesSecret stackchart value for the service.

core-cacheservice:
  existingPropertiesSecret: my-cacheservice-secret

Step 4

The stackchart with the set Helm chart service value .Values.existingPropertiesSecret name needs to be installed or updated via usual deployment mechanisms. After the deployment has been finished, the service itself preferably uses the service key/value properties from the secret. If a secret has already been deployed and secret values need changes, the secret itself needs to be redeployed to be effective. Afterward the service itself needs to be restarted as well to acknowledge the new secret properties key/value pairs.

App Suite Stack Chart
Document Converter