Merge Helm Chart release/v3.5.0 into master

.github/workflows/helm-test.yaml

@@ -76,7 +76,7 @@ jobs:
           memory: 6200
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.1
 
       - name: Start deploy
         run: | 

CHANGELOG.md

@@ -1,5 +1,11 @@
 # Change log
 
+## 3.5.0
+
+### New Features
+
+* Added the ability to restrict access to the info page
+
 ## 3.4.1
 
 ### Changes

Chart.yaml

@@ -4,6 +4,6 @@ description: Helm chart for installing ONLYOFFICE Docs in Kubernetes
 
 type: application
 
-version: 3.4.1
+version: 3.5.0
 
 appVersion: 7.5.1

sources/shutdown-ds.yaml

@@ -13,7 +13,7 @@ spec:
           defaultMode: 0755
       containers:
         - name: shutdown-ds
-          image: onlyoffice/docs-utils:7.5.1-1
+          image: onlyoffice/docs-utils:7.5.1-2
           command: ["/bin/sh", "-c"]
           args: ["/scripts/stop.sh"]
           volumeMounts:

templates/_helpers.tpl

@@ -106,6 +106,37 @@ Return Redis password
 {{- end }}
 {{- end -}}
 
+{{/*
+Get the info auth password secret
+*/}}
+{{- define "ds.info.secretName" -}}
+{{- if .Values.proxy.infoAllowedExistingSecret -}}
+    {{- printf "%s" (tpl .Values.proxy.infoAllowedExistingSecret $) -}}
+{{- else if .Values.proxy.infoAllowedPassword -}}
+    {{- printf "%s-info-auth" .Release.Name -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return true if a secret object should be created for info auth
+*/}}
+{{- define "ds.info.createSecret" -}}
+{{- if and .Values.proxy.infoAllowedUser (not .Values.proxy.infoAllowedExistingSecret) -}}
+    {{- true -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return info auth password
+*/}}
+{{- define "ds.info.password" -}}
+{{- if not (empty .Values.proxy.infoAllowedPassword) }}
+    {{- .Values.proxy.infoAllowedPassword }}
+{{- else }}
+    {{- required "A info auth Password is required!" .Values.proxy.infoAllowedPassword }}
+{{- end }}
+{{- end -}}
+
 {{/*
 Get the PVC name
 */}}

templates/deployments/docservice.yaml

@@ -134,11 +134,22 @@ spec:
           livenessProbe: {{- omit .Values.proxy.livenessProbe "enabled" | toYaml | nindent 12 }}
           {{- end }}
           resources: {{ toYaml .Values.proxy.resources | nindent 12 }}
-          {{- if .Values.proxy.infoAllowedIP }}
+          {{- if or .Values.proxy.infoAllowedIP .Values.proxy.infoAllowedUser }}
           env:
+          {{- if .Values.proxy.infoAllowedIP }}
           - name: INFO_ALLOWED_IP
             value: {{ join " " .Values.proxy.infoAllowedIP }}
           {{- end }}
+          {{- if .Values.proxy.infoAllowedUser }}
+          - name: INFO_ALLOWED_USER
+            value: {{ .Values.proxy.infoAllowedUser }}
+          - name: INFO_ALLOWED_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ template "ds.info.secretName" . }}
+                key: {{ .Values.proxy.infoAllowedSecretKeyName }}
+          {{- end }}
+          {{- end }}
           envFrom:
           - configMapRef:
               name: documentserver

templates/jobs/dashboard.yaml

@@ -28,7 +28,7 @@ spec:
           defaultMode: 0755
       containers:
       - name: grafana-dashboard
-        image: onlyoffice/docs-utils:7.5.1-1
+        image: onlyoffice/docs-utils:7.5.1-2
         command: ["/bin/sh", "-c"]
         {{- if .Values.webProxy.enabled }}
         args: ["http_proxy={{ .Values.webProxy.http }} https_proxy={{ .Values.webProxy.https }} no_proxy={{ .Values.webProxy.noProxy }} /scripts/get_dashboard.sh"]

templates/secrets/info-auth.yaml

@@ -0,0 +1,14 @@
+{{- if eq (include "ds.info.createSecret" .) "true" }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}-info-auth
+  namespace: {{ include "ds.namespace" . | quote }}
+  {{- if .Values.commonLabels }}
+  labels:
+    {{- include "ds.labels.commonLabels" . | trim | nindent 4 }}
+  {{- end }}
+type: Opaque
+stringData:
+  {{ .Values.proxy.infoAllowedSecretKeyName }}: {{ include "ds.info.password" . | quote }}
+{{- end }}

values.yaml

@@ -87,7 +87,7 @@ connections:
   amqpPassword: ""
 ## Web Proxy parameters
 ## Used if your network has a web proxy
-## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#10-run-jobs-in-a-private-k8s-cluster-optional
+## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#11-run-jobs-in-a-private-k8s-cluster-optional
 webProxy:
   ## webProxy.enabled Specify whether a Web proxy is used in your network to access the Pods of k8s cluster to the Internet
   enabled: false
@@ -98,7 +98,7 @@ webProxy:
   ## webProxy.noProxy Patterns for IP addresses or k8s services name or domain names that shouldn’t use the Web Proxy
   noProxy: "localhost,127.0.0.1,docservice"
 ## privateCluster Specify whether the k8s cluster is used in a private network without internet access
-## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#10-run-jobs-in-a-private-k8s-cluster-optional
+## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#11-run-jobs-in-a-private-k8s-cluster-optional
 privateCluster: false
 ## namespaceOverride The name of the namespace in which Onlyoffice Docs will be deployed
 ## If not set, the name will be taken from .Release.Namespace
@@ -440,7 +440,7 @@ docservice:
     ## https://github.com/ONLYOFFICE/Kubernetes-Docs#4-parameters
     repository: onlyoffice/docs-docservice-de
     ## docservice.image.tag docservice container image tag
-    tag: 7.5.1-1
+    tag: 7.5.1-2
     ## docservice.image.pullPolicy docservice container image pull policy
     pullPolicy: IfNotPresent
   ## docservice.containerPorts.http docservice container port
@@ -532,6 +532,23 @@ proxy:
   ## - 10.244.0.79
   ## - 192.168.1.0/24
   infoAllowedIP: []
+  ## proxy.infoAllowedUser Defines user name for accessing the info page
+  ## If not set to, Nginx Basic Authentication will not be applied to access the info page
+  ## ref: https://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
+  ## For more details, see here:
+  ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#12-access-to-the-info-page-optional
+  infoAllowedUser: ""
+  ## proxy.infoAllowedSecretKeyName The name of the key that contains the info auth user password
+  ## Used if `proxy.infoAllowedUser` is set
+  infoAllowedSecretKeyName: info-auth-password
+  ## proxy.infoAllowedExistingSecret Name of existing secret to use for info auth password
+  ## Used if `proxy.infoAllowedUser` is set
+  ## Must contain the key specified in `proxy.infoAllowedSecretKeyName`
+  ## If set to, it takes priority over the `proxy.infoAllowedPassword`
+  infoAllowedExistingSecret: ""
+  ## proxy.infoAllowedPassword Defines user password for accessing the info page
+  ## Used if `proxy.infoAllowedUser` is set
+  infoAllowedPassword: "password"
   ## proxy.welcomePage.enabled Defines whether the welcome page will be displayed
   welcomePage:
     enabled: true
@@ -541,7 +558,7 @@ proxy:
     ## https://github.com/ONLYOFFICE/Kubernetes-Docs#4-parameters
     repository: onlyoffice/docs-proxy-de
     ## proxy.image.tag proxy container image tag
-    tag: 7.5.1-1
+    tag: 7.5.1-2
     ## proxy.image.pullPolicy proxy container image pull policy
     pullPolicy: IfNotPresent
   ## proxy.containerPorts.http proxy container port
@@ -737,7 +754,7 @@ converter:
     ## https://github.com/ONLYOFFICE/Kubernetes-Docs#4-parameters
     repository: onlyoffice/docs-converter-de
     ## converter.image.tag converter container image tag
-    tag: 7.5.1-1
+    tag: 7.5.1-2
     ## converter.image.pullPolicy converter container image pull policy
     pullPolicy: IfNotPresent
   ## converter container resource requests and limits
@@ -826,7 +843,7 @@ example:
     ## example.image.repository example container image name
     repository: onlyoffice/docs-example
     ## example.image.tag example container image tag
-    tag: 7.5.1-1
+    tag: 7.5.1-2
     ## example.image.pullPolicy example container image pull policy
     pullPolicy: IfNotPresent
   ## example.containerPorts.http example container port
@@ -902,7 +919,7 @@ install:
       ## install.job.image.repository Job by pre-install ONLYOFFICE Docs image repository
       repository: onlyoffice/docs-utils
       ## install.job.image.tag Job by pre-install ONLYOFFICE Docs image tag
-      tag: 7.5.1-1
+      tag: 7.5.1-2
       ## install.job.image.pullPolicy Job by pre-install ONLYOFFICE Docs image pull policy
       pullPolicy: IfNotPresent
     ## Job pre-install container resource requests and limits
@@ -923,7 +940,7 @@ install:
     tblCreate:
       ## install.existingConfigmap.tblCreate.name The name of the existing ConfigMap that contains the sql file for craeting tables from the database
       ## Used if `privateCluster` is set to `true`
-      ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#10-run-jobs-in-a-private-k8s-cluster-optional
+      ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#11-run-jobs-in-a-private-k8s-cluster-optional
       name: init-db-scripts
       ## install.existingConfigmap.tblCreate.keyName The name of the sql file containing instructions for creating tables from the database
       ## Must be the same as the `key` name in `install.existingConfigmap.tblCreate.name`
@@ -943,7 +960,7 @@ upgrade:
       ## upgrade.job.image.repository Job by upgrade image repository
       repository: onlyoffice/docs-utils
       ## upgrade.job.image.tag Job by upgrade image tag
-      tag: 7.5.1-1
+      tag: 7.5.1-2
       ## upgrade.job.image.pullPolicy Job by upgrade image pull policy
       pullPolicy: IfNotPresent
     ## Job pre-upgrade container resource requests and limits
@@ -964,15 +981,15 @@ upgrade:
     tblRemove:
       ## upgrade.existingConfigmap.tblRemove.name The name of the existing ConfigMap that contains the sql file for deleting tables from the database
       ## Used if `privateCluster` is set to `true`
-      ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#10-run-jobs-in-a-private-k8s-cluster-optional
+      ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#11-run-jobs-in-a-private-k8s-cluster-optional
       name: remove-db-scripts
       ## upgrade.existingConfigmap.tblRemove.keyName The name of the sql file containing instructions for deleting tables from the database
       ## Must be the same as the `key` name in `upgrade.existingConfigmap.tblRemove.name`
       keyName: removetbl.sql
     tblCreate:
       ## upgrade.existingConfigmap.tblCreate.name The name of the existing ConfigMap that contains the sql file for craeting tables from the database
       ## Used if `privateCluster` is set to `true`
-      ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#10-run-jobs-in-a-private-k8s-cluster-optional
+      ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#11-run-jobs-in-a-private-k8s-cluster-optional
       name: init-db-scripts
       ## upgrade.existingConfigmap.tblCreate.keyName The name of the sql file containing instructions for creating tables from the database
       ## Must be the same as the `key` name in `upgrade.existingConfigmap.tblCreate.name`
@@ -992,7 +1009,7 @@ rollback:
       ## rollback.job.image.repository Job by rollback image repository
       repository: onlyoffice/docs-utils
       ## rollback.job.image.tag Job by rollback image tag
-      tag: 7.5.1-1
+      tag: 7.5.1-2
       ## rollback.job.image.pullPolicy Job by rollback image pull policy
       pullPolicy: IfNotPresent
     ## Job pre-rollback container resource requests and limits
@@ -1013,15 +1030,15 @@ rollback:
     tblRemove:
       ## rollback.existingConfigmap.tblRemove.name The name of the existing ConfigMap that contains the sql file for deleting tables from the database
       ## Used if `privateCluster` is set to `true`
-      ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#10-run-jobs-in-a-private-k8s-cluster-optional
+      ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#11-run-jobs-in-a-private-k8s-cluster-optional
       name: remove-db-scripts
       ## rollback.existingConfigmap.tblRemove.keyName The name of the sql file containing instructions for deleting tables from the database
       ## Must be the same as the `key` name in `rollback.existingConfigmap.tblRemove.name`
       keyName: removetbl.sql
     tblCreate:
       ## rollback.existingConfigmap.tblCreate.name The name of the existing ConfigMap that contains the sql file for craeting tables from the database
       ## Used if `privateCluster` is set to `true`
-      ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#10-run-jobs-in-a-private-k8s-cluster-optional
+      ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#11-run-jobs-in-a-private-k8s-cluster-optional
       name: init-db-scripts
       ## rollback.existingConfigmap.tblCreate.keyName The name of the sql file containing instructions for creating tables from the database
       ## Must be the same as the `key` name in `rollback.existingConfigmap.tblCreate.name`
@@ -1041,7 +1058,7 @@ delete:
       ## delete.job.image.repository Job by delete image repository
       repository: onlyoffice/docs-utils
       ## delete.job.image.tag Job by delete image tag
-      tag: 7.5.1-1
+      tag: 7.5.1-2
       ## delete.job.image.pullPolicy Job by delete image pull policy
       pullPolicy: IfNotPresent
     ## Job pre-delete container resource requests and limits
@@ -1062,7 +1079,7 @@ delete:
     tblRemove:
       ## delete.existingConfigmap.tblRemove.name The name of the existing ConfigMap that contains the sql file for deleting tables from the database
       ## Used if `privateCluster` is set to `true`
-      ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#10-run-jobs-in-a-private-k8s-cluster-optional
+      ## ref: https://github.com/ONLYOFFICE/Kubernetes-Docs#11-run-jobs-in-a-private-k8s-cluster-optional
       name: remove-db-scripts
       ## delete.existingConfigmap.tblRemove.keyName The name of the sql file containing instructions for deleting tables from the database
       ## Must be the same as the `key` name in `delete.existingConfigmap.tblRemove.name`