From 12c5ca37eabc14633b1e6f9c3a4a87457b712832 Mon Sep 17 00:00:00 2001 From: perf3ct Date: Mon, 16 Jun 2025 15:02:37 +0000 Subject: [PATCH] feat(helm): create the basics of the helm chart --- charts/readur/Chart.yaml | 50 ++++------ charts/readur/templates/checks.yaml | 20 +++- charts/readur/templates/config.yaml | 43 ++------- charts/readur/templates/release.yaml | 90 +++++++++--------- charts/readur/values.yaml | 135 +++++++++++++++++++++------ 5 files changed, 196 insertions(+), 142 deletions(-) diff --git a/charts/readur/Chart.yaml b/charts/readur/Chart.yaml index 3303f6a..0c78f3b 100644 --- a/charts/readur/Chart.yaml +++ b/charts/readur/Chart.yaml @@ -1,46 +1,36 @@ apiVersion: v2 type: application name: readur -home: https://github.com/readur/helm-charts -icon: https://github.com/readur/helm-charts/commit/icon.png +home: https://github.com/readur/readur +icon: https://github.com/readur/readur/blob/main/assets/icon.png deprecated: false description: |- - Build your personal knowledge base with readur Notes. A hierarchical note taking application with focus on building large personal knowledge bases. + Readur is a document management and OCR processing service that automatically processes uploaded documents, extracts text using OCR, and makes content searchable. annotations: - category: Notes -version: 1.3.0 -appVersion: 0.92.4 + category: Document Management +version: 0.1.0 +appVersion: latest kubeVersion: ">= 1.19" dependencies: - name: common repository: https://bjw-s.github.io/helm-charts version: 3.3.2 + - name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 15.5.38 + condition: postgresql.enabled keywords: - - electron - - wiki - - notebook - - notes + - document-management + - ocr + - text-extraction + - file-processing + - rust - self-hosted - - knowledge-graph - - electron-app - - note-taking - - self-hosting - - knowledge-base - - personal-knowledge-base - - knowledge-management - - personal-wiki - - notes-app - - scriptable - - knowledge-management-graph - - note-managment - - note-taker - - local-first + - document-search + - pdf + - tesseract maintainers: - name: readur - url: https://github.com/perfectra1n/readur - - name: perfectra1n - email: jon@jonfuller.io - url: https://perf3ct.tech + url: https://github.com/readur/readur sources: - - https://github.com/readur/helm-charts - - hhttps://github.com/perfectra1n/readur + - https://github.com/readur/readur diff --git a/charts/readur/templates/checks.yaml b/charts/readur/templates/checks.yaml index 354be04..5b2cd1d 100644 --- a/charts/readur/templates/checks.yaml +++ b/charts/readur/templates/checks.yaml @@ -1 +1,19 @@ -{{- $name := .Values.persistence.data.existingClaim | required "You need to specify an existing PVC in your values, at the path persistence.data.existingClaim" -}} \ No newline at end of file +{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.enabled) -}} + {{- fail "Either postgresql.enabled or externalDatabase.enabled must be set to true" -}} +{{- end -}} + +{{- if and .Values.postgresql.enabled .Values.externalDatabase.enabled -}} + {{- fail "Only one of postgresql.enabled or externalDatabase.enabled can be set to true" -}} +{{- end -}} + +{{- if .Values.persistence.uploads.enabled -}} + {{- if and (eq .Values.persistence.uploads.type "persistentVolumeClaim") (not .Values.persistence.uploads.existingClaim) -}} + {{- $name := .Values.persistence.uploads.existingClaim | required "You need to specify an existing PVC for uploads storage at persistence.uploads.existingClaim or let the chart create one" -}} + {{- end -}} +{{- end -}} + +{{- if .Values.persistence.watch.enabled -}} + {{- if and (eq .Values.persistence.watch.type "persistentVolumeClaim") (not .Values.persistence.watch.existingClaim) -}} + {{- $name := .Values.persistence.watch.existingClaim | required "You need to specify an existing PVC for watch folder at persistence.watch.existingClaim or let the chart create one" -}} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/readur/templates/config.yaml b/charts/readur/templates/config.yaml index c472afb..51f6456 100644 --- a/charts/readur/templates/config.yaml +++ b/charts/readur/templates/config.yaml @@ -1,42 +1,17 @@ apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: - name: {{ .Release.Name }}-config + name: readur-db-secret labels: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/name: {{ .Chart.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion }} helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} -data: - config.ini: | - [General] - # Instance name can be used to distinguish between different instances using backend api.getInstanceName() - instanceName={{ .Values.configini.general.instanceName }} - - # set to true to allow using readur without authentication (makes sense for server build only, desktop build doesn't need password) - noAuthentication={{ .Values.configini.general.noAuthentication }} - - # set to true to disable backups (e.g. because of limited space on server) - noBackup={{ .Values.configini.general.noBackup }} - - # Disable automatically generating desktop icon - # noDesktopIcon=true - - [Network] - # host setting is relevant only for web deployments - set the host on which the server will listen - host={{ .Values.configini.network.host }} - # port setting is relevant only for web deployments, desktop builds run on a fixed port (changeable with readur_PORT environment variable) - port={{ .Values.configini.network.port }} - # true for TLS/SSL/HTTPS (secure), false for HTTP (unsecure). - https={{ .Values.configini.network.https }} - # path to certificate (run "bash bin/generate-cert.sh" to generate self-signed certificate). Relevant only if https=true - certPath={{ .Values.configini.network.certPath }} - keyPath={{ .Values.configini.network.keyPath }} - # setting to give trust to reverse proxies, a comma-separated list of trusted rev. proxy IPs can be specified (CIDR notation is permitted), - # alternatively 'true' will make use of the leftmost IP in X-Forwarded-For, ultimately an integer can be used to tell about the number of hops between - # readur (which is hop 0) and the first trusted rev. proxy. - # once set, expressjs will use the X-Forwarded-For header set by the rev. proxy to determinate the real IPs of clients. - # expressjs shortcuts are supported: loopback(127.0.0.1/8, ::1/128), linklocal(169.254.0.0/16, fe80::/10), uniquelocal(10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, fc00::/7) - trustedReverseProxy={{ .Values.configini.network.trustedReverseProxy }} - +type: Opaque +stringData: + {{- if .Values.postgresql.enabled }} + database-url: "postgresql://{{ .Values.postgresql.auth.username }}:{{ .Values.postgresql.auth.password }}@{{ .Release.Name }}-postgresql:5432/{{ .Values.postgresql.auth.database }}" + {{- else if .Values.externalDatabase.enabled }} + database-url: "postgresql://{{ .Values.externalDatabase.username }}:{{ .Values.externalDatabase.password }}@{{ .Values.externalDatabase.host }}:{{ .Values.externalDatabase.port }}/{{ .Values.externalDatabase.database }}" + {{- end }} \ No newline at end of file diff --git a/charts/readur/templates/release.yaml b/charts/readur/templates/release.yaml index 719ccb0..4b282df 100644 --- a/charts/readur/templates/release.yaml +++ b/charts/readur/templates/release.yaml @@ -1,72 +1,74 @@ {{- define "readur.hardcodedValues" -}} controllers: main: - initContainers: - fixperms: - image: - repository: busybox - tag: latest - args: ["sh", "-c", "chown -R 1000:1000 /home/node/readur-data"] - securityContext: - runAsUser: 0 - runAsGroup: 0 containers: readur: image: - repository: perfectra1n/readur - tag: v0.90.8 + repository: readur/readur + tag: latest pullPolicy: IfNotPresent + + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL probes: startup: enabled: true custom: true - type: TCP + type: HTTP spec: - initialDelaySeconds: 45 # Time to wait before starting the probe - periodSeconds: 10 # How often to perform the probe - timeoutSeconds: 5 # Number of seconds after which the probe times out - failureThreshold: 10 # Number of times to try the probe before giving up + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 30 httpGet: &probesPath - path: /login - port: 8080 + path: /api/health + port: 8000 readiness: &probes enabled: true custom: true spec: - initialDelaySeconds: 5 # Time to wait before starting the probe after startup probe succeeds - periodSeconds: 10 # How often to perform the probe - timeoutSeconds: 10 # Number of seconds after which the probe times out - failureThreshold: 3 # Number of times to try the probe before considering the container not ready + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 10 + failureThreshold: 3 httpGet: *probesPath - liveness: *probes - + resources: + limits: + memory: 1Gi + requests: + cpu: 100m + memory: 512Mi persistence: - data: + uploads: enabled: true type: persistentVolumeClaim - size: 20Gi + size: 10Gi retain: true - # Since it's SQLite, the PVC should only be RWO accessMode: ReadWriteOnce globalMounts: - - path: /home/node/readur-data + - path: /app/uploads readOnly: false - config: + + watch: enabled: true - type: configMap - name: {{ .Release.Name }}-config - readOnly: true - advancedMounts: - main: - readur: - - path: /home/node/readur-data/config.ini - subPath: config.ini - - + type: persistentVolumeClaim + size: 5Gi + retain: true + accessMode: ReadWriteOnce + globalMounts: + - path: /app/watch + readOnly: false service: main: @@ -74,17 +76,13 @@ service: enabled: true ports: http: - # What port the cluster is listening on - port: 8080 - # What port the container is listening on - targetPort: 8080 + port: 8000 + targetPort: 8000 {{ end }} - - {{- $ctx := deepCopy . -}} # Merge with ALL the values in `values.yaml` {{- $_ := mergeOverwrite .Values $ctx.Values -}} {{- $_ = include "readur.hardcodedValues" . | fromYaml | merge $ctx.Values -}} -{{- include "bjw-s.common.loader.all" $ctx }} +{{- include "bjw-s.common.loader.all" $ctx }} \ No newline at end of file diff --git a/charts/readur/values.yaml b/charts/readur/values.yaml index a2d70e2..89ad019 100644 --- a/charts/readur/values.yaml +++ b/charts/readur/values.yaml @@ -8,42 +8,115 @@ controllers: containers: readur: image: - repository: perfectra1n/readur - tag: v0.92.4 + repository: readur/readur + tag: latest pullPolicy: IfNotPresent env: - key: "value" + # Server Configuration + SERVER_HOST: "0.0.0.0" + SERVER_PORT: "8000" + + # Security + JWT_SECRET: "changeme-in-production" + + # File Management + UPLOAD_PATH: "/app/uploads" + WATCH_FOLDER: "/app/watch" + ALLOWED_FILE_TYPES: "pdf,txt,doc,docx,png,jpg,jpeg" + MAX_FILE_SIZE_MB: "50" + MAX_FILE_AGE_HOURS: "24" + + # OCR Settings + OCR_LANGUAGE: "eng" + CONCURRENT_OCR_JOBS: "4" + OCR_TIMEOUT_SECONDS: "300" + + # Performance + MEMORY_LIMIT_MB: "512" + CPU_PRIORITY: "normal" + + # File Watching + WATCH_INTERVAL_SECONDS: "30" + FILE_STABILITY_CHECK_MS: "1000" + + # Database URL will be set automatically when PostgreSQL is enabled + DATABASE_URL: + valueFrom: + secretKeyRef: + name: readur-db-secret + key: database-url persistence: - data: + uploads: enabled: true type: persistentVolumeClaim - existingClaim: + storageClass: + accessMode: ReadWriteOnce + size: 10Gi + globalMounts: + - path: /app/uploads + + watch: + enabled: true + type: persistentVolumeClaim + storageClass: + accessMode: ReadWriteOnce + size: 5Gi + globalMounts: + - path: /app/watch -# This is used to modify the config.ini of the readur instance -configini: - general: - instanceName: "" - # Disable authentication to readur? (if you're running it on a private network, or have authentication handled by another component) - noAuthentication: false - # Disable backups of the database? - noBackup: false - network: - host: "0.0.0.0" - port: 8080 - https: false - certPath: "" - keyPath: "" - trustedReverseProxy: true -#ingress: -# main: -# enabled: true -# annotations: -# # proxy-body-size is set to 0 to remove the body limit on file uploads -# nginx.ingress.kubernetes.io/proxy-body-size: "0" -# hosts: -# - host: readur.local -# paths: -# - path: "/api/v1" -# tls: [] +service: + main: + controller: main + enabled: true + ports: + http: + port: 8000 + targetPort: 8000 +ingress: + main: + enabled: false + className: nginx + annotations: + # proxy-body-size is set to 100m to match Nginx config + nginx.ingress.kubernetes.io/proxy-body-size: "100m" + hosts: + - host: readur.local + paths: + - path: / + pathType: Prefix + service: + identifier: main + port: http + tls: [] + +# PostgreSQL subchart configuration +postgresql: + enabled: true + auth: + username: readur + password: readur + database: readur + primary: + persistence: + enabled: true + size: 10Gi + resources: + limits: + memory: 256Mi + requests: + cpu: 250m + memory: 256Mi + +# Optional: External PostgreSQL configuration +# Use this if you want to connect to an existing PostgreSQL instance +externalDatabase: + enabled: false + host: "" + port: 5432 + username: readur + password: "" + database: readur + # existingSecret: "" + # existingSecretPasswordKey: "" \ No newline at end of file