akshay
/
collabora-online
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
helm collabora kubernetes
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
64 KiB
Tree: 8d08ae8902
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8d08ae8902'
${ noResults }
collabora-online/README.md

330 lines
10 KiB
Raw Normal View History

Collabora online kubernetes
6 months ago
Initial commit
6 months ago
Collabora online kubernetes
6 months ago
 
  1. # Collabora Online for Kubernetes

  2. 

  3. In order for Collaborative Editing and copy/paste to function correctly on kubernetes, it is vital to ensure that all users editing the same document and all the clipboard request end up being served by the same pod. Using the WOPI protocol, the https URL includes a unique identifier (WOPISrc) for use with this document. Thus load balancing can be done by using WOPISrc -- ensuring that all URLs that contain the same WOPISrc are sent to the same pod.
  4. 

  5. ## Deploying Collabora Online in Kubernetes

  6. 

  7. 1. Install [helm](https://helm.sh/docs/intro/install/)
  8. 

  9. 2. Setting up Kubernetes Ingress Controller
  10. 

  11.    A.  Nginx:
  12. 

  13.    Install [Nginx Ingress
  14.    Controller](https://kubernetes.github.io/ingress-nginx/deploy/)
  15. 

  16.    B.  HAProxy:
  17. 

  18.    Install [HAProxy Ingress
  19.    Controller](https://www.haproxy.com/documentation/kubernetes-ingress/)
  20. 

  21.    ---
  22. 

  23.    **Note:**
  24. 

  25.    **Openshift** uses minimized version of HAproxy called
  26.    [Router](https://docs.openshift.com/container-platform/3.11/install_config/router) that doesn\'t support all functionality of HAProxy but for COOL we need advance annotations Therefore it is recommended deploy [HAproxy Kubernetes Ingress](https://artifacthub.io/packages/helm/haproxytech/kubernetes-ingress) in `collabora` namespace
  27. 

  28.    ---
  29. 

  30. 3. Create an `my_values.yaml` (if your setup differs e.g. take an look in then `values.yaml ./collabora-online/values.yaml`) of the
  31.    helmchart
  32. 

  33.    A.  HAproxy:
  34. 

  35.    ``` yaml
  36.    replicaCount: 3
  37. 

  38.    ingress:
  39.       enabled: true
  40.       className: "haproxy"
  41.       annotations:
  42.          haproxy.org/timeout-tunnel: "3600s"
  43.          haproxy.org/backend-config-snippet: |
  44.             balance url_param WOPISrc check_post
  45.             hash-type consistent
  46.       hosts:
  47.          - host: chart-example.local
  48.             paths:
  49.             - path: /
  50.             pathType: ImplementationSpecific
  51. 

  52.    image:
  53.       tag: "latest"
  54. 

  55.    autoscaling:
  56.       enabled: false
  57. 

  58.    collabora:
  59.       aliasgroups:
  60.          - host: "https://example.integrator.com:443"
  61.       extra_params: --o:ssl.enable=false --o:ssl.termination=true
  62. 

  63.    resources:
  64.       limits:
  65.          cpu: "1800m"
  66.          memory: "2000Mi"
  67.       requests:
  68.          cpu: "1800m"
  69.          memory: "2000Mi"
  70.    ```
  71. 

  72.    B. Nginx:
  73. 

  74.    ``` yaml
  75.    replicaCount: 3
  76. 

  77.    ingress:
  78.       enabled: true
  79.       className: "nginx"
  80.       annotations:
  81.          nginx.ingress.kubernetes.io/upstream-hash-by: "$arg_WOPISrc"
  82.          nginx.ingress.kubernetes.io/proxy-body-size: "0"
  83.          nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
  84.          nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
  85.       hosts:
  86.          - host: chart-example.local
  87.             paths:
  88.             - path: /
  89.             pathType: ImplementationSpecific
  90. 

  91.    image:
  92.       tag: "latest"
  93. 

  94.    autoscaling:
  95.       enabled: false
  96. 

  97.    collabora:
  98.       aliasgroups:
  99.          - host: "https://example.integrator.com:443"
  100.       extra_params: --o:ssl.enable=false --o:ssl.termination=true
  101. 

  102.    resources:
  103.       limits:
  104.          cpu: "1800m"
  105.          memory: "2000Mi"
  106.       requests:
  107.          cpu: "1800m"
  108.          memory: "2000Mi"
  109.    ```
  110. 

  111.    ---
  112. 

  113.    **Note:**
  114. 

  115.    - **Horizontal Pod Autoscaling(HPA) is disabled for now. Because after scaling it breaks the collaborative editing and copy/paste
  116.       Therefore please set replicaCount as per your needs**
  117.    -  If you have multiple host and aliases setup set aliasgroups in `my_values.yaml`:
  118. 

  119.       ``` yaml
  120.       collabora:
  121.          - host: "<protocol>://<host-name>:<port>"
  122.             # if there are no aliases you can ignore the below line
  123.             aliases: ["<protocol>://<its-first-alias>:<port>, <protocol>://<its-second-alias>:<port>"]
  124.          # more host and aliases list is possible
  125.       ```
  126. 

  127.    - Specify `server_name` when the hostname is not reachable directly for example behind reverse-proxy
  128. 

  129.       ``` yaml
  130.       collabora:
  131.          server_name: <hostname>:<port>
  132.       ```
  133. 

  134.    - In **Openshift** , it is recommended to use HAproxy deployment instead of default router. And add `className` in ingress block
  135.      so that Openshift uses HAProxy Ingress Controller instead of `Router`:
  136. 

  137.       ``` yaml
  138.       ingress:
  139.          className: "haproxy"
  140.       ```
  141.    ---
  142. 

  143. 4. Install helm-chart using below command, it should deploy the collabora-online
  144. 

  145.    ``` bash
  146.    helm repo add collabora https://collaboraonline.github.io/online/
  147.    helm install --create-namespace --namespace collabora collabora-online collabora/collabora-online -f my_values.yaml
  148.    ```
  149. 

  150. 5. Follow only if you are using `NodePort` service type in HAProxy and/or using minikube to setup, otherwise skip
  151. 

  152.    A. HAProxy service is deployed as NodePort so we can access it with node's ip address. To get node ip
  153.    ```bash
  154.    minikube ip
  155.    ```
  156.    Example output:
  157.    ```
  158.    192.168.0.106
  159.    ```
  160.    B. Each container port is mapped to a `NodePort` port via the `Service` object. To find those ports
  161.    ```
  162.    kubectl get svc --namespace=haproxy-controller
  163.    ```
  164.    Example output:
  165. 

  166.    ```
  167.    |----------------|---------|--------------|------------|------------------------------------------|
  168.    |NAME            |TYPE     |CLUSTER-IP    |EXTERNAL-IP |PORT(S)                                   |
  169.    |----------------|---------|--------------|------------|------------------------------------------|
  170.    |haproxy-ingress |NodePort |10.108.214.98 |<none>      |80:30536/TCP,443:31821/TCP,1024:30480/TCP |
  171.    |----------------|---------|--------------|------------|------------------------------------------|
  172.    ```
  173.    In this instance, the following ports were mapped:
  174.       - Container port 80 to NodePort 30536
  175.       - Container port 443 to NodePort 31821
  176.       - Container port 1024 to NodePort 30480
  177. 

  178. 6. Additional step if deploying on minikube for testing:
  179. 

  180.    1. Get minikube ip:
  181. 

  182.       ``` bash
  183.       minikube ip
  184.       ```
  185. 

  186.       Example output:
  187. 

  188.       ``` bash
  189.       192.168.0.106
  190.       ```
  191. 

  192.    2. Add hostname to `/etc/hosts`
  193. 

  194.       ``` bash
  195.       192.168.0.106   chart-example.local
  196.       ```
  197. 

  198.    3. To check if everything is setup correctly you can run:
  199. 

  200.       ``` bash
  201.       curl -I -H 'Host: chart-example.local' 'http://192.168.0.106:30536/'
  202.       ```
  203. 

  204.       It should return a similar output as below:
  205. 

  206.       ``` bash
  207.       HTTP/1.1 200 OK
  208.       last-modified: Tue, 18 May 2021 10:46:29
  209.       user-agent: COOLWSD WOPI Agent 6.4.8
  210.       content-length: 2
  211.       content-type: text/plain
  212.       ```
  213. 

  214. ## Kubernetes cluster monitoring

  215. 

  216. 1. Install [kube-prometheus-stack](https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack), a collection of  [Grafana](http://grafana.com/) dashboards, and [Prometheus rules](https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/) combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with
  217. [Prometheus](https://prometheus.io/) using the [Prometheus Operator](https://prometheus-operator.dev/).
  218. 

  219. 2. Enable prometheus service monitor, rules and grafana in your
  220. 

  221.    `my_values.yaml`
  222. 

  223.    ``` yaml
  224.    prometheus:
  225.       servicemonitor:
  226.          enabled: true
  227.          labels:
  228.             release: "kube-prometheus-stack"
  229.       rules:
  230.          enabled: true # will deploy alert rules
  231.          additionalLabels:
  232.             release: "kube-prometheus-stack"
  233.    grafana:
  234.       dashboards:
  235.          enabled: true # will deploy default dashboards
  236.    ```
  237.    ---
  238.    **Note:**
  239. 

  240.    Use `kube-prometheus-stack` as release name when installing [kube-prometheus-stack](https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack) helm chart because we have passed `release=kube-prometheus-stack` label in our `my_values.yaml`. For Grafana Dashboards you may need to enable scan in correct namespaces (or ALL), enabled by `sidecar.dashboards.searchNamespace` in [Helmchart of grafana](https://artifacthub.io/packages/helm/grafana/grafana) (which is part of PrometheusOperator, so `grafana.sidecar.dashboards.searchNamespace`)
  241. 

  242.    ---
  243. 

  244. ## Dynamic/Remote configuration in kubernetes

  245. 

  246. For big setups, you may not want to restart every pod to modify WOPI
  247. hosts, therefore it is possible to setup an additional webserver to
  248. serve a ConfigMap for using [Remote/Dynamic
  249. Configuration](https://sdk.collaboraonline.com/docs/installation/Configuration.html#remote-dynamic-configuration)
  250. 

  251. ``` yaml
  252. collabora:
  253.    env:
  254.       - name: remoteconfigurl
  255.          value: https://dynconfig.public.example.com/config/config.json
  256. 

  257. dynamicConfig:
  258.    enabled: true
  259. 

  260.    ingress:
  261.       enabled: true
  262.       annotations:
  263.       "cert-manager.io/issuer": letsencrypt-zprod
  264.       hosts:
  265.       - host: "dynconfig.public.example.com"
  266.       tls:
  267.       - secretName: "collabora-online-dynconfig-tls"
  268.          hosts:
  269.             - "dynconfig.public.example.com"
  270. 

  271.    configuration:
  272.       kind: "configuration"
  273.       storage:
  274.          wopi:
  275.          alias_groups:
  276.             groups:
  277.             - host: "https://domain1\\.xyz\\.abc\\.com/"
  278.                allow: true
  279.             - host: "https://domain2\\.pqr\\.def\\.com/"
  280.                allow: true
  281.                aliases:
  282.                   - "https://domain2\\.ghi\\.leno\\.de/"
  283. ```
  284. ---
  285. 

  286. **Note:**
  287. 

  288. In current state of COOL remoteconfigurl for [Remote/DynamicConfiguration](https://sdk.collaboraonline.com/docs/installation/Configuration.html#remote-dynamic-configuration) only uses HTTPS. see [here in wsd/COOLWSD.cpp](https://github.com/CollaboraOnline/online/blob/8591d323c6db99e592ac8ac8ebef0e3a95f2e6ba/wsd/COOLWSD.cpp#L1069-L1096)
  289. 

  290. ---
  291. 

  292. ## Useful commands to check what is happening

  293. 

  294. Where is this pods, are they ready?
  295. 

  296. ``` bash
  297. kubectl -n collabora get pod
  298. ```
  299. 

  300. example output :
  301. 

  302. ``` bash
  303. NAME                                READY   STATUS    RESTARTS   AGE
  304. collabora-online-5fb4869564-dnzmk   1/1     Running   0          28h
  305. collabora-online-5fb4869564-fb4cf   1/1     Running   0          28h
  306. collabora-online-5fb4869564-wbrv2   1/1     Running   0          28h
  307. ```
  308. 

  309. What is the outside host that multiple coolwsd servers actually
  310. answering?
  311. 

  312. ``` bash
  313. kubectl get ingress -n collabora
  314. ```
  315. 

  316. example output :
  317. 

  318. ``` bash
  319. |-----------|------------------|--------------------------|------------------------|-------|
  320. | NAMESPACE |       NAME       |           HOSTS          |         ADDRESS        | PORTS |
  321. |-----------|------------------|--------------------------|------------------------|-------|
  322. | collabora | collabora-online |chart-example.local       |                        |  80   |
  323. |-----------|------------------|--------------------------|------------------------|-------|
  324. ```
  325. 

  326. To uninstall the helm chart
  327. 

  328. ``` bash
  329. helm uninstall collabora-online -n collabora
  330. ```