Skip to content

Commit

Permalink
Merge branch 'main' into discourse-gatekeeper/migrate
Browse files Browse the repository at this point in the history
  • Loading branch information
alithethird authored Nov 26, 2024
2 parents b21fb95 + f182a5d commit b55ab0e
Show file tree
Hide file tree
Showing 5 changed files with 118 additions and 57 deletions.
30 changes: 30 additions & 0 deletions .trivyignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# wee_alloc is Unmaintained https://github.com/advisories/GHSA-rc23-xxgq-x27g
GHSA-rc23-xxgq-x27g

Check notice on line 2 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-discourse-b59a4d82d70a03c93f39a2c7e70ed079d058823d-_1.0_amd64.tar)

GHSA-rc23-xxgq-x27g not present anymore, can be safely removed.
# pebble
CVE-2024-34156

Check notice on line 4 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-discourse-b59a4d82d70a03c93f39a2c7e70ed079d058823d-_1.0_amd64.tar)

CVE-2024-34156 not present anymore, can be safely removed.
# shlex from ruby test
GHSA-r7qv-8r2h-pg27

Check notice on line 6 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-discourse-b59a4d82d70a03c93f39a2c7e70ed079d058823d-_1.0_amd64.tar)

GHSA-r7qv-8r2h-pg27 not present anymore, can be safely removed.
# squoosh npm package
CVE-2021-32810

Check notice on line 8 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-discourse-b59a4d82d70a03c93f39a2c7e70ed079d058823d-_1.0_amd64.tar)

CVE-2021-32810 not present anymore, can be safely removed.
CVE-2022-23639

Check notice on line 9 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-discourse-b59a4d82d70a03c93f39a2c7e70ed079d058823d-_1.0_amd64.tar)

CVE-2022-23639 not present anymore, can be safely removed.
# Ruby Gems
CVE-2024-7254

Check notice on line 11 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-discourse-b59a4d82d70a03c93f39a2c7e70ed079d058823d-_1.0_amd64.tar)

CVE-2024-7254 not present anymore, can be safely removed.
CVE-2015-9284

Check notice on line 12 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-discourse-b59a4d82d70a03c93f39a2c7e70ed079d058823d-_1.0_amd64.tar)

CVE-2015-9284 not present anymore, can be safely removed.
CVE-2017-11430

Check notice on line 13 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-discourse-b59a4d82d70a03c93f39a2c7e70ed079d058823d-_1.0_amd64.tar)

CVE-2017-11430 not present anymore, can be safely removed.
CVE-2024-45409

Check notice on line 14 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-discourse-b59a4d82d70a03c93f39a2c7e70ed079d058823d-_1.0_amd64.tar)

CVE-2024-45409 not present anymore, can be safely removed.
GHSA-cvp8-5r8g-fhvq

Check notice on line 15 in .trivyignore

View workflow job for this annotation

GitHub Actions / integration-tests / Scan Image (ghcr.io-canonical-discourse-b59a4d82d70a03c93f39a2c7e70ed079d058823d-_1.0_amd64.tar)

GHSA-cvp8-5r8g-fhvq not present anymore, can be safely removed.
CVE-2024-49761
CVE-2024-45409
CVE-2024-47220
# Python setuptools
CVE-2024-6345
# Nodejs
CVE-2021-23424 # ansi-html
CVE-2024-39338 # axios
CVE-2024-45590 # body-parser
CVE-2024-4068 # braces
CVE-2024-21538 # cross-spawn
CVE-2024-29415 # ip
CVE-2024-45296 # path-to-regexp
CVE-2024-37890 # ws
private-key
15 changes: 3 additions & 12 deletions discourse_rock/rockcraft.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ name: discourse
summary: Discourse rock
description: Discourse OCI image for the Discourse charm
base: [email protected]
# renovate: base: ubuntu:22.04@sha256:58b87898e82351c6cf9cf5b9f3c20257bb9e2dcf33af051e12ce532d7f94e3fe
# renovate: base: ubuntu:22.04@sha256:0e5e4a57c2499249aafc3b40fcd541e9a456aab7296681a3994d631587203f97
run-user: _daemon_ # UID/GID 584792
license: Apache-2.0
version: "1.0"
Expand Down Expand Up @@ -42,8 +42,8 @@ parts:
- ARCH: "x64"
- NODE_VERSION: "18.18.2"
- RAILS_ENV: "production"
- RUBY_INSTALL_VERSION: "0.9.2"
- RUBY_VERSION: "3.2.2"
- RUBY_INSTALL_VERSION: "0.9.3"
- RUBY_VERSION: "3.2.6"
- YARN_VERSION: "1.22.19"
override-build: |
node_uri="https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${ARCH}.tar.gz"
Expand Down Expand Up @@ -86,14 +86,6 @@ parts:
source: bundler
organize:
"*": srv/discourse/app/.bundle/
discourse-rad-plugin:
plugin: dump
after: [discourse, bundler-config]
source: https://github.com/canonical/discourse-rad-plugin.git
source-commit: 7fe719abd459ab2d2736d6ad2ca7810b045dd154
source-depth: 1
organize:
"*": srv/discourse/app/plugins/discourse-rad-plugin/
discourse-solved:
plugin: dump
after: [discourse, bundler-config]
Expand Down Expand Up @@ -219,7 +211,6 @@ parts:
- discourse-markdown-note
- discourse-mermaid-theme-component
- discourse-prometheus
- discourse-rad-plugin
- discourse-saml
- discourse-solved
- discourse-templates
Expand Down
27 changes: 17 additions & 10 deletions docs/index.md
Original file line number Diff line number Diff line change
@@ -1,11 +1,17 @@
This charm simplifies initial deployment and "day N" operations of Discourse
on Kubernetes, such as scaling the number of instances, integration with SSO,
access to S3 for redundant file storage and more. It allows for deployment on
many different Kubernetes platforms, from [MicroK8s](https://microk8s.io) or
[Charmed Kubernetes](https://ubuntu.com/kubernetes) to public cloud Kubernetes
offerings.
# Discourse Operator
A [Juju](https://juju.is/) [charm](https://juju.is/docs/olm/charmed-operators) deploying and managing Discourse on Kubernetes.

Discourse is an open-source software application used to create customer-friendly and community-friendly discussion platforms, forums, and mailing lists. It's designed to work as a discussion platform for various topics and is widely used by numerous organizations and individuals to build communities, provide customer support, and facilitate conversations. The platform is built with a focus on simplicity, user-friendliness, and responsiveness, making it accessible from both desktops and mobile devices. Discourse provides various moderation and administration tools, enabling community managers to maintain a healthy and constructive environment.
Discourse is an open-source software application used to create customer-friendly and community-friendly discussion platforms,
forums, and mailing lists. It's designed to work as a discussion platform for various topics and is widely used by numerous
organizations and individuals to build communities, provide customer support, and facilitate conversations. The platform is
built with a focus on simplicity, user-friendliness, and responsiveness, making it accessible from both desktops and mobile
devices. Discourse provides various moderation and administration tools, enabling community managers to maintain a healthy and
constructive environment.

This charm simplifies operations of Discourse on Kubernetes, such as scaling the number of instances, integration
with SSO, access to S3 for redundant file storage and more. It allows for deployment on many different Kubernetes
platforms, from [MicroK8s](https://microk8s.io) or [Charmed Kubernetes](https://ubuntu.com/kubernetes) to public cloud
Kubernetes offerings.

## In this documentation

Expand Down Expand Up @@ -33,8 +39,7 @@ fixes and constructive feedback.

# Contents

1. [Explanation](explanation)
1. [Charm architecture](explanation/charm-architecture.md)
1. [Tutorial](tutorial.md)
1. [How To](how-to)
1. [Access the Rails console](how-to/access--the-rails-console.md)
1. [Backup and restore](how-to/backup-and-restore.md)
Expand All @@ -51,4 +56,6 @@ fixes and constructive feedback.
1. [External Access](reference/external-access.md)
1. [Integrations](reference/integrations.md)
1. [Plugins](reference/plugins.md)
1. [Getting started](tutorial.md)
1. [External Access](reference/external-access.md)
1. [Explanation](explanation)
1. [Charm architecture](explanation/charm-architecture.md)
101 changes: 67 additions & 34 deletions docs/tutorial.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,31 @@
In this tutorial, we'll go through each step of the process to get a basic Discourse deployment.

## Requirements
- A working station, e.g., a laptop, with amd64 architecture.
- Juju 3 installed and bootstrapped to a MicroK8s controller. You can accomplish this process by using a Multipass VM as outlined in this guide: [Set up / Tear down your test environment](https://juju.is/docs/juju/set-up--tear-down-your-test-environment)
- NGINX Ingress Controller. If you're using [MicroK8s](https://microk8s.io/), this can be done by running the command `microk8s enable ingress`. For more details, see [Addon: Ingress](https://microk8s.io/docs/addon-ingress).

* A laptop or desktop running Ubuntu (or you can use a VM).
* Juju and [Microk8s](https://juju.is/docs/olm/microk8s) installed. We’ll also want to make sure the ingress add-on is enabled, which we can do by running `microk8s enable ingress`.
For more information about how to install Juju, see [Get started with Juju](https://juju.is/docs/olm/get-started-with-juju).

:warning: When using a Multipass VM, make sure to replace `127.0.0.1` IP addresses with the
VM IP in steps that assume you're running locally. To get the IP address of the
Multipass instance run ```multipass info my-juju-vm```.
## Steps

### Set up environment
### Shell into the Multipass VM
> NOTE: If you're working locally, you don't need to do this step.
To easily clean up the resources and separate your workload from the contents of this tutorial, set up a new Juju model named `discourse`:
To be able to work inside the Multipass VM first you need to log in with the following command:
```
multipass shell my-juju-vm
```

### Add a Juju model for the tutorial

To easily clean up the resources and separate your workload from the contents of this tutorial, set up a new Juju model named `discourse-tutorial`:

```
juju add-model discourse
juju add-model discourse-tutorial
```

### Deploy the charms
Expand All @@ -38,11 +51,10 @@ juju deploy discourse-k8s

Enable the required PostgreSQL extensions:
```
juju config postgresql-k8s plugin_hstore_enable=True
juju config postgresql-k8s plugin_pg_trgm_enable=True
juju config postgresql-k8s plugin_hstore_enable=True plugin_pg_trgm_enable=True
```

### Integrate the charms
### Integrate with the Redis k8s charm the PostgreSQL k8s charm

Integrate `redis-k8s` and `postgresql-k8s` to `discourse-k8s`:
```
Expand All @@ -52,48 +64,62 @@ juju integrate discourse-k8s postgresql-k8s

By running `juju status --relations` the current state of the deployment can be queried:
```
Model Controller Cloud/Region Version SLA Timestamp
discourse microk8s microk8s/localhost 3.1.7 unsupported 12:48:02+02:00
Model Controller Cloud/Region Version SLA Timestamp
discourse-tutorial microk8s microk8s/localhost 3.5.4 unsupported 14:07:18+03:00
App Version Status Scale Charm Channel Rev Address Exposed Message
discourse-k8s 3.2.0 active 1 discourse-k8s stable 95 10.152.183.175 no
postgresql-k8s 14.10 active 1 postgresql-k8s 14/stable 193 10.152.183.59 no
redis-k8s 7.0.4 active 1 redis-k8s latest/edge 27 10.152.183.46 no
App Version Status Scale Charm Channel Rev Address Exposed Message
discourse-k8s 3.3.0 active 1 discourse-k8s latest/stable 173 10.152.183.231 no
postgresql-k8s 14.12 active 1 postgresql-k8s 14/stable 381 10.152.183.143 no
redis-k8s 7.2.5 active 1 redis-k8s latest/edge 36 10.152.183.188 no
Unit Workload Agent Address Ports Message
discourse-k8s/0* active idle 10.1.44.214
postgresql-k8s/0* active idle 10.1.44.219
redis-k8s/0* active idle 10.1.44.227
discourse-k8s/0* active idle 10.1.32.182
postgresql-k8s/0* active idle 10.1.32.184 Primary
redis-k8s/0* active idle 10.1.32.181
Integration provider Requirer Interface Type Message
discourse-k8s:restart discourse-k8s:restart rolling_op peer
postgresql-k8s:database discourse-k8s:database postgresql_client regular
postgresql-k8s:database-peers postgresql-k8s:database-peers postgresql_peers peer
postgresql-k8s:restart postgresql-k8s:restart rolling_op peer
postgresql-k8s:upgrade postgresql-k8s:upgrade upgrade peer
redis-k8s:redis discourse-k8s:redis redis regular
redis-k8s:redis-peers redis-k8s:redis-peers redis-peers peer
discourse-k8s:restart discourse-k8s:restart rolling_op peer
postgresql-k8s:database discourse-k8s:database postgresql_client regular
postgresql-k8s:database-peers postgresql-k8s:database-peers postgresql_peers peer
postgresql-k8s:restart postgresql-k8s:restart rolling_op peer
postgresql-k8s:upgrade postgresql-k8s:upgrade upgrade peer
redis-k8s:redis discourse-k8s:redis redis regular
redis-k8s:redis-peers redis-k8s:redis-peers redis-peers peer
```
The deployment finishes when all the charms show `Active` states.

Run `kubectl get pods -n discourse` to see the pods that are being created by the charms:
Run `kubectl get pods -n discourse-tutorial` to see the pods that are being created by the charms:
```
NAME READY STATUS RESTARTS AGE
modeloperator-64c58d675d-csj47 1/1 Running 0 5m30s
modeloperator-c584f6f9f-qf9gr 1/1 Running 0 5m30s
redis-k8s-0 3/3 Running 0 5m22s
discourse-k8s-0 2/2 Running 0 5m1s
postgresql-k8s-0 2/2 Running 0 5m9s
```

### Provide ingress capabilities
### Provide ingress capabilities

In order to expose the charm, the Nginx Ingress Integrator needs to be deployed and integrated with Discourse:

```
juju deploy nginx-ingress-integrator
# If your cluster has RBAC enabled you'll be prompted to run the following:
juju trust nginx-ingress-integrator --scope=cluster
```
To check if RBAC is enabled run the following command:
```
microk8s status | grep rbac
```
If it is enabled, then the output should be like the following:
```
rbac # (core) Role-Based Access Control for authorisation
```
If the output is empty then RBAC is not enabled.

If your cluster has RBAC enabled, you'll be prompted to run the following command:
```
juju trust nginx-ingress-integrator --scope=cluster
```
Then you need to integrate the charm with Nginx Ingress Integrator:
```
juju integrate discourse-k8s nginx-ingress-integrator
```

Expand All @@ -103,19 +129,26 @@ To create an admin user, use the `create-user` action:
```
juju run discourse-k8s/0 create-user admin=true [email protected]
```
The command will return the password of the created user. Discourse will be deployed with `discourse-k8s` as default hostname. In order to reach it, modify your `/etc/hosts` file so that it points to `127.0.0.1`:
The command will return the password of the created user. Discourse will be deployed with `discourse-k8s` as default hostname.

If you are following the tutorial in your local machine, modify your `/etc/hosts` file so that it points to `127.0.0.1`:

```
echo 127.0.0.1 discourse-k8s >> /etc/hosts
```

After that, visit `http://discourse-k8s` to reach Discourse, using the credentials returned from the `create-user` action to login.

### Clean up the environment
### Clean up the environment

Congratulations! You have successfully finished the Discourse tutorial. You can now remove the
Congratulations! You have successfully finished the Discourse tutorial. You can now remove the
model environment that you've created using the following command:

```
juju destroy-model discourse --destroy-storage
```
juju destroy-model discourse-tutorial --destroy-storage
```
If you used Multipass, to remove the Multipass instance you created for this tutorial, use the following command.
```
multipass delete --purge my-juju-vm
```
Finally, remove the `127.0.0.1 discourse-k8s` line from the `/etc/hosts` file.
2 changes: 1 addition & 1 deletion requirements.txt
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
ops==2.16.1
ops==2.17.0
pydantic==2.9.2

0 comments on commit b55ab0e

Please sign in to comment.