Content-Length: 52780 | pFad | http://github.com/lowcoder-org/lowcoder/pull/1657.patch

thub.com From 6e2c0f893767027691a6b6e5079a40b31312a23c Mon Sep 17 00:00:00 2001 From: Ludo Mikula Date: Sat, 5 Apr 2025 14:24:59 +0200 Subject: [PATCH 1/4] new: workflow update - automatically create latest image tag on release --- .github/workflows/docker-images.yml | 52 ++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 8 deletions(-) diff --git a/.github/workflows/docker-images.yml b/.github/workflows/docker-images.yml index 7eaeb16a8f..594408f57a 100644 --- a/.github/workflows/docker-images.yml +++ b/.github/workflows/docker-images.yml @@ -41,24 +41,60 @@ jobs: build: runs-on: ubuntu-latest steps: + - name: 'Setup jq' + uses: dcarbone/install-jq-action@v3 + with: + version: '1.7' + - name: Set environment variables shell: bash run: | # Get the short SHA of last commit echo "SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)" >> "${GITHUB_ENV}" - + # Get branch name - we don't use github.ref_head_name since we don't build on PRs echo "BRANCH_NAME=${{ github.ref_name }}" >> "${GITHUB_ENV}" - + # Set docker image tag - echo "IMAGE_TAG=${{ inputs.imageTag || github.ref_name }}" >> "${GITHUB_ENV}" - + IMAGE_TAG=${{ inputs.imageTag || github.ref_name }} + + # Check whether it's a release + LATEST_TAG=$( + curl -s -L \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ github.token }}" \ + https://api.github.com/repos/${{ github.repository }}/releases/latest \ + | jq -r '.tag_name' + ) + IS_LATEST="false" + if [[ "${LATEST_TAG}" == "${{ github.event.release.tag_name }}" ]]; then + IS_LATEST="true" + fi; + # Control which images to build echo "BUILD_ALLINONE=${{ inputs.build_allinone || true }}" >> "${GITHUB_ENV}" echo "BUILD_FRONTEND=${{ inputs.build_frontend || true }}" >> "${GITHUB_ENV}" echo "BUILD_NODESERVICE=${{ inputs.build_nodeservice || true }}" >> "${GITHUB_ENV}" echo "BUILD_APISERVICE=${{ inputs.build_apiservice || true }}" >> "${GITHUB_ENV}" + # Image names + ALLINONE_IMAGE_NAMES=lowcoderorg/lowcoder-ce:${IMAGE_TAG} + FRONTEND_IMAGE_NAMES=lowcoderorg/lowcoder-ce-frontend:${IMAGE_TAG} + APISERVICE_IMAGE_NAMES=lowcoderorg/lowcoder-ce-api-service:${IMAGE_TAG} + NODESERVICE_IMAGE_NAMES=lowcoderorg/lowcoder-ce-node-service:${IMAGE_TAG} + + if [[ "${IS_LATEST}" == "true" ]]; then + ALLINONE_IMAGE_NAMES="lowcoderorg/lowcoder-ce:latest,${ALLINONE_IMAGE_NAMES}" + FRONTEND_IMAGE_NAMES="lowcoderorg/lowcoder-ce-frontend:latest,${FRONTEND_IMAGE_NAMES}" + APISERVICE_IMAGE_NAMES="lowcoderorg/lowcoder-ce-api-service:latest,${APISERVICE_IMAGE_NAMES}" + NODESERVICE_IMAGE_NAMES="lowcoderorg/lowcoder-ce-node-service:latest,${NODESERVICE_IMAGE_NAMES}" + fi; + + echo "ALLINONE_IMAGE_NAMES=${ALLINONE_IMAGE_NAMES}" >> "${GITHUB_ENV}" + echo "FRONTEND_IMAGE_NAMES=${FRONTEND_IMAGE_NAMES}" >> "${GITHUB_ENV}" + echo "APISERVICE_IMAGE_NAMES=${APISERVICE_IMAGE_NAMES}" >> "${GITHUB_ENV}" + echo "NODESERVICE_IMAGE_NAMES=${NODESERVICE_IMAGE_NAMES}" >> "${GITHUB_ENV}" + - name: Checkout lowcoder source uses: actions/checkout@v4 with: @@ -91,7 +127,7 @@ jobs: linux/amd64 linux/arm64 push: true - tags: lowcoderorg/lowcoder-ce:${{ env.IMAGE_TAG }} + tags: ${{ env.ALLINONE_IMAGE_NAMES }} - name: Build and push the frontend image if: ${{ env.BUILD_FRONTEND == 'true' }} @@ -108,7 +144,7 @@ jobs: linux/amd64 linux/arm64 push: true - tags: lowcoderorg/lowcoder-ce-frontend:${{ env.IMAGE_TAG }} + tags: ${{ env.FRONTEND_IMAGE_NAMES }} - name: Build and push the node service image if: ${{ env.BUILD_NODESERVICE == 'true' }} @@ -120,7 +156,7 @@ jobs: linux/amd64 linux/arm64 push: true - tags: lowcoderorg/lowcoder-ce-node-service:${{ env.IMAGE_TAG }} + tags: ${{ env.NODESERVICE_IMAGE_NAMES }} - name: Build and push the API service image if: ${{ env.BUILD_APISERVICE == 'true' }} @@ -132,5 +168,5 @@ jobs: linux/amd64 linux/arm64 push: true - tags: lowcoderorg/lowcoder-ce-api-service:${{ env.IMAGE_TAG }} + tags: ${{ env.APISERVICE_IMAGE_NAMES }} From d17b3382d0aa5384dd14db945bd0ea93c1cbf4fe Mon Sep 17 00:00:00 2001 From: Ludo Mikula Date: Sat, 5 Apr 2025 17:30:24 +0200 Subject: [PATCH 2/4] new: add missing environment variables and externalize them to .env files --- deploy/docker/README.md | 17 ++- deploy/docker/default-multi.env | 21 ++++ deploy/docker/default.env | 152 ++++++++++++++++++++++++ deploy/docker/docker-compose-multi.yaml | 83 ++++--------- deploy/docker/docker-compose.yaml | 86 +++----------- deploy/docker/override.env | 9 ++ 6 files changed, 232 insertions(+), 136 deletions(-) create mode 100644 deploy/docker/default-multi.env create mode 100644 deploy/docker/default.env create mode 100644 deploy/docker/override.env diff --git a/deploy/docker/README.md b/deploy/docker/README.md index dd42643ce9..df46e2b208 100644 --- a/deploy/docker/README.md +++ b/deploy/docker/README.md @@ -4,6 +4,7 @@ Included Dockerfile can be used to build an **all-in-one** image with all requir For examples on running the all-in-one image or the multi image deployment see **deploy/docker/docker-compose.yaml** and **deploy/docker/docker-compose-multi.yaml** +Environment variables used to configure various aspects of the services are stored in **default.env**, **default-multi.env** and **override.env**. Look into the **default** files to see which variables can be set and what are the default values. To change the defaults, use **override.env**. You don't have to use **--env-file** parameter with **doker compose** because the files are loaded from within `docker-compose.yaml` and `docker-compose-multi.yaml`. ## all-in-one image @@ -50,14 +51,18 @@ Image can be configured by setting environment variables. | `LOWCODER_MAX_DEVELOPERS` | Default maximum developers | `100` | | `LOWCODER_WORKSPACE_MODE` | SAAS to activate, ENTERPRISE to switch off - Workspaces | `SAAS` | | `LOWCODER_EMAIL_SIGNUP_ENABLED` | Control if users create their own Workspace automatic when Sign Up | `true` | +| `LOWCODER_EMAIL_AUTH_ENABLED` | Controls whether authentication via email is enabled | `true` | | `LOWCODER_CREATE_WORKSPACE_ON_SIGNUP` | IF LOWCODER_WORKSPACE_MODE = SAAS, controls if a own workspace is created for the user after sign up | `true` | | `LOWCODER_MARKETPLACE_PRIVATE_MODE` | Control if not to show Apps on the local Marketplace to anonymous users | `true` | | `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost` | | `LOWCODER_SUPERUSER_PASSWORD` | Password of the Super-User, if not present or empty, it will be generated | `generated and printed into log file | - +| `LOWCODER_PLUGINS_DIR` | Directory holding lowcoder plugins | `/lowcoder-stacks/plugins` | +| `LOWCODER_COOKIE_NAME` | Name of the lowcoder application cookie | `LOWCODER_CE_SELFHOST_TOKEN` | +| `LOWCODER_COOKIE_MAX_AGE` | Lowcoder application cookie max age in hours | `24` | +| `LOWCODER_APP_SNAPSHOT_RETENTIONTIME` | Application snapshots retention time in days | `30` | Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on) -On linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256 +On linux/mac, generate one eg. with: `head /dev/urandom | head -c 30 | shasum -a 256` | Environment variable | Description | Default-Value | |-------------------------------------| ----------------------------------------------------------------------- | ----------------------------------------------------- | @@ -76,7 +81,7 @@ To enable secure Password Reset flow for the users, you need to configure your o | `LOWCODER_ADMIN_SMTP_SSL_ENABLED` | Enable SSL encryption | `false` | | `LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED` | Enable STARTTLS encryption | `true` | | `LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED` | Require STARTTLS encryption | `true` | -| `LOWCODER_LOST_PASSWORD_EMAIL_SENDER` | "from" Email address of the password Reset Email Sender | `service@lowcoder.cloud` | +| `LOWCODER_EMAIL_NOTIFICATIONS_SENDER` | "from" Email address of the password Reset Email Sender | `info@localhost` | ## Building api-service image @@ -119,6 +124,10 @@ Image can be configured by setting environment variables. | `LOWCODER_MARKETPLACE_PRIVATE_MODE` | Control if not to show Apps on the local Marketplace to anonymous users | `true` | | `LOWCODER_SUPERUSER_USERNAME` | Username of the Super-User of an Lowcoder Installation | `admin@localhost` | | `LOWCODER_SUPERUSER_PASSWORD` | Password of the Super-User, if not present or empty, it will be generated | `generated and printed into log file | +| `LOWCODER_PLUGINS_DIR` | Directory holding lowcoder plugins | `/lowcoder-stacks/plugins` | +| `LOWCODER_COOKIE_NAME` | Name of the lowcoder application cookie | `LOWCODER_CE_SELFHOST_TOKEN` | +| `LOWCODER_COOKIE_MAX_AGE` | Lowcoder application cookie max age in hours | `24` | +| `LOWCODER_APP_SNAPSHOT_RETENTIONTIME` | Application snapshots retention time in days | `30` | Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on) On linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256 @@ -140,7 +149,7 @@ To enable secure Password Reset flow for the users, you need to configure your o | `LOWCODER_ADMIN_SMTP_SSL_ENABLED` | Enable SSL encryption | `false` | | `LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED` | Enable STARTTLS encryption | `true` | | `LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED` | Require STARTTLS encryption | `true` | -| `LOWCODER_LOST_PASSWORD_EMAIL_SENDER` | "from" Email address of the password Reset Email Sender | `service@lowcoder.cloud` | +| `LOWCODER_EMAIL_NOTIFICATIONS_SENDER` | "from" Email address of the password Reset Email Sender | `info@localhost` | ## Building node-service image diff --git a/deploy/docker/default-multi.env b/deploy/docker/default-multi.env new file mode 100644 index 0000000000..7daba8e66e --- /dev/null +++ b/deploy/docker/default-multi.env @@ -0,0 +1,21 @@ +##################################################################### +## ## +## Lowcoder environment variables override for multi image ## +## installation. ## +## ## +## !!! PLEASE DO NOT CHANGE THIS FILE !!! ## +## ## +## To change the variables use file: override.env ## +## ## +## It will be loaded automatically and will override the defaults ## +## You don't have to copy the whole default.env, only the changed ## +## environment variables. ## +## ## +##################################################################### + +# Update individual service URLs to match the multi setup +LOWCODER_MONGODB_URL="mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin" +LOWCODER_REDIS_URL="redis://redis:6379" +LOWCODER_NODE_SERVICE_URL="http://lowcoder-node-service:6060" +LOWCODER_API_SERVICE_URL="http://lowcoder-api-service:8080" + diff --git a/deploy/docker/default.env b/deploy/docker/default.env new file mode 100644 index 0000000000..203bfc68be --- /dev/null +++ b/deploy/docker/default.env @@ -0,0 +1,152 @@ +##################################################################### +## ## +## Default lowcoder environment variables. ## +## ## +## !!! PLEASE DO NOT CHANGE THIS FILE !!! ## +## ## +## To change the variables use file: override.env ## +## ## +## It will be loaded automatically and will override the defaults ## +## You don't have to copy the whole default.env, only the changed ## +## environment variables. ## +## ## +##################################################################### + + +## +## Enable services (applies to all-in-one deployment) ## +## - you can disable them in favor of external services +# +# If true redis server is started in the container +LOWCODER_REDIS_ENABLED="true" +# If true mongo database is started in the container +LOWCODER_MONGODB_ENABLED="true" +# If true lowcoder api-service is started in the container +LOWCODER_API_SERVICE_ENABLED="true" +# If true lowcoder node-service is started in the container +LOWCODER_NODE_SERVICE_ENABLED="true" +# If true lowcoder web frontend is started in the container +LOWCODER_FRONTEND_ENABLED="true" +# +# Set LOWCODER_MONGODB_EXPOSED to "true" and uncomment mongodb port +# to make internal mongo database accessible from host +# (applies to all-in-one deployment) +# +LOWCODER_MONGODB_EXPOSED="false" + +## +## Generic parameters +## +# +# URL of the public User Interface +LOWCODER_PUBLIC_URL="http://localhost:3000/" + +# ID of user running services. It will own all created logs and data. +LOWCODER_PUID="1000" +# ID of group of the user running services +LOWCODER_PGID="1000" + +## +## api-service parameters +## +# Name of the lowcoder application cookie +LOWCODER_COOKIE_NAME=LOWCODER_CE_SELFHOST_TOKEN +# Lowcoder application cookie max age in hours +LOWCODER_COOKIE_MAX_AGE=24 +# Default maximum organizations per user +LOWCODER_MAX_ORGS_PER_USER=100 +# Default maximum members per organization +LOWCODER_MAX_MEMBERS_PER_ORG=1000 +# Default maximum groups per organization +LOWCODER_MAX_GROUPS_PER_ORG=100 +# Default maximum applications per organization +LOWCODER_MAX_APPS_PER_ORG=1000 +# Default maximum developers +LOWCODER_MAX_DEVELOPERS=50 +# Mongo database connection string (use the later one in case of multi-image compose) +LOWCODER_MONGODB_URL="mongodb://localhost:27017/lowcoder?authSource=admin" +#LOWCODER_MONGODB_URL="mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin" +# Redis server URL +LOWCODER_REDIS_URL="redis://localhost:6379" +# Control if users create their own Workspace automatic when Sign Up +LOWCODER_EMAIL_SIGNUP_ENABLED="true" +# Controls whether authentication via email is enabled +LOWCODER_EMAIL_AUTH_ENABLED="true" +# IF LOWCODER_WORKSPACE_MODE = SAAS, controls if own workspace is created for the user after sign up +LOWCODER_CREATE_WORKSPACE_ON_SIGNUP="true" +# Application snapshots retention time in days +LOWCODER_APP_SNAPSHOT_RETENTIONTIME=30 +# +# ! PLEASE CHANGE THESE TO SOMETHING UNIQUE ! +# +# LOWCODER_DB_ENCRYPTION_PASSWORD and LOWCODER_DB_ENCRYPTION_SALT is used +# to encrypt sensitive data in mongo database so it is important to change the defaults +# +LOWCODER_DB_ENCRYPTION_PASSWORD="lowcoder.org" +LOWCODER_DB_ENCRYPTION_SALT="lowcoder.org" + +# CORS allowed domains +LOWCODER_CORS_DOMAINS="*" +# +# API-KEY secret - should be a string of at least 32 random characters +# - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256 +# +LOWCODER_API_KEY_SECRET="5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b" + +## +## api and node service parameters +## +# Directory holding lowcoder plugins +LOWCODER_PLUGINS_DIR="../plugins" +# Number of max Request per Second - set to 0 to disable rate limiting +LOWCODER_API_RATE_LIMIT=100 +# Lowcoder API service URL +LOWCODER_API_SERVICE_URL="http://localhost:8080" +# Lowcoder Node service URL +LOWCODER_NODE_SERVICE_URL="http://localhost:6060" + +## +## Frontend parameters +## +# Lowcoder max request size +LOWCODER_MAX_REQUEST_SIZE=20m +# Lowcoder max query timeout (in seconds) +LOWCODER_MAX_QUERY_TIMEOUT=120 +# Default lowcoder query timeout +LOWCODER_DEFAULT_QUERY_TIMEOUT=10 +# SAAS to activate, ENTERPRISE to switch off - Workspaces +LOWCODER_WORKSPACE_MODE=SAAS +# Controls whether to show Apps on the local Marketplace to anonymous users +# - if true, apps are not shown to anonymous users +LOWCODER_MARKETPLACE_PRIVATE_MODE="true" + +## +## Lowcoder notification emails setup +## +# Mail server host +LOWCODER_ADMIN_SMTP_HOST=localhost +# Mail server port +LOWCODER_ADMIN_SMTP_PORT=587 +# Use authentication when sending email +LOWCODER_ADMIN_SMTP_AUTH="true" +# Username (email) used for authentication +LOWCODER_ADMIN_SMTP_USERNAME= +# Password used for authentication +LOWCODER_ADMIN_SMTP_PASSWORD= +# Enable SSL for connetion to the mail server +LOWCODER_ADMIN_SMTP_SSL_ENABLED="false" +# Enable STARTTLS +LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED="true" +# Require STARTTLS +LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED="true" + +# Email used in notifications from lowcoder +LOWCODER_EMAIL_NOTIFICATIONS_SENDER=info@localhost + +# Lowcoder superuser username +LOWCODER_SUPERUSER_USERNAME=admin@localhost +# Lowcoder superuser password +# If left blank, a password will be generated and written into log (lowcoder-stacks/logs/api-service/api-service.log) +LOWCODER_SUPERUSER_PASSWORD= + + diff --git a/deploy/docker/docker-compose-multi.yaml b/deploy/docker/docker-compose-multi.yaml index 63bbf421dc..08f2987dd9 100644 --- a/deploy/docker/docker-compose-multi.yaml +++ b/deploy/docker/docker-compose-multi.yaml @@ -48,56 +48,13 @@ services: # Enabled ports to be able to access backend from host # ports: # - "8080:8080" - environment: - LOWCODER_PUBLIC_URL: "http://localhost:3000/" - LOWCODER_PUID: "9001" - LOWCODER_PGID: "9001" - LOWCODER_MONGODB_URL: "mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin" - LOWCODER_REDIS_URL: "redis://redis:6379" - LOWCODER_NODE_SERVICE_URL: "http://lowcoder-node-service:6060" - LOWCODER_MAX_QUERY_TIMEOUT: 120 - LOWCODER_MAX_REQUEST_SIZE: 20m - LOWCODER_EMAIL_AUTH_ENABLED: "true" - LOWCODER_EMAIL_SIGNUP_ENABLED: "true" - LOWCODER_CREATE_WORKSPACE_ON_SIGNUP: "true" - # - # ! PLEASE CHANGE THESE TO SOMETHING UNIQUE ! - # - # LOWCODER_DB_ENCRYPTION_PASSWORD and LOWCODER_DB_ENCRYPTION_SALT is used - # to encrypt sensitive data in database so it is important to change the defaults - # - LOWCODER_DB_ENCRYPTION_PASSWORD: "lowcoder.org" - LOWCODER_DB_ENCRYPTION_SALT: "lowcoder.org" - LOWCODER_CORS_DOMAINS: "*" - LOWCODER_MAX_ORGS_PER_USER: 100 - LOWCODER_MAX_MEMBERS_PER_ORG: 1000 - LOWCODER_MAX_GROUPS_PER_ORG: 100 - LOWCODER_MAX_APPS_PER_ORG: 1000 - LOWCODER_MAX_DEVELOPERS: 50 - # - # API-KEY secret - should be a string of at least 32 random characters - # - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256 - # - LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b" - LOWCODER_PLUGINS_DIR: "../plugins" - LOWCODER_API_RATE_LIMIT: 50 - LOWCODER_WORKSPACE_MODE: SAAS - LOWCODER_MARKETPLACE_PRIVATE_MODE: "true" - # Lowcoder notification emails setup - LOWCODER_ADMIN_SMTP_HOST: smtp.gmail.com - LOWCODER_ADMIN_SMTP_PORT: 587 - LOWCODER_ADMIN_SMTP_USERNAME: - LOWCODER_ADMIN_SMTP_PASSWORD: - LOWCODER_ADMIN_SMTP_AUTH: "true" - LOWCODER_ADMIN_SMTP_SSL_ENABLED: "false" - LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: "true" - LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: "true" - # Email used as sender in lost password email - LOWCODER_EMAIL_NOTIFICATIONS_SENDER: info@localhost - # Lowcoder superuser details - LOWCODER_SUPERUSER_USERNAME: admin@localhost - # If left blank, a password will be generated and written into api-service log - LOWCODER_SUPERUSER_PASSWORD: + env_file: + - path: ./default.env + required: true + - path: ./default-multi.env + required: true + - path: ./override.env + required: false restart: unless-stopped depends_on: mongodb: @@ -122,10 +79,13 @@ services: # Enabled ports to be able to access backend from host # ports: # - "6060:6060" - environment: - LOWCODER_PUID: "9001" - LOWCODER_PGID: "9001" - LOWCODER_API_SERVICE_URL: "http://lowcoder-api-service:8080" + env_file: + - path: ./default.env + required: true + - path: ./default-multi.env + required: true + - path: ./override.env + required: false restart: unless-stopped depends_on: lowcoder-api-service: @@ -145,13 +105,13 @@ services: container_name: lowcoder-frontend ports: - "3000:3000" - environment: - LOWCODER_PUID: "9001" - LOWCODER_PGID: "9001" - LOWCODER_MAX_REQUEST_SIZE: 20m - LOWCODER_MAX_QUERY_TIMEOUT: 120 - LOWCODER_API_SERVICE_URL: "http://lowcoder-api-service:8080" - LOWCODER_NODE_SERVICE_URL: "http://lowcoder-node-service:6060" + env_file: + - path: ./default.env + required: true + - path: ./default-multi.env + required: true + - path: ./override.env + required: false restart: unless-stopped depends_on: lowcoder-node-service: @@ -162,6 +122,7 @@ services: restart: true volumes: - ./lowcoder-stacks/assets:/lowcoder/assets + - ./lowcoder-stacks/ssl:/lowcoder-stacks/ssl healthcheck: test: curl --fail http://lowcoder-frontend:3000 || exit 1 interval: 5s diff --git a/deploy/docker/docker-compose.yaml b/deploy/docker/docker-compose.yaml index 0ca4306556..6f0b2a8e00 100644 --- a/deploy/docker/docker-compose.yaml +++ b/deploy/docker/docker-compose.yaml @@ -1,85 +1,29 @@ -version: "3" +##################################################################### +## ## +## Lowcoder all-in-one compose file. ## +## ## +## To run: ## +## docker compose up -d ## +## ## +##################################################################### + services: ## ## Start Lowcoder (all-in-one) ## - lowcoder-api-service: + lowcoder-all-in-one: image: lowcoderorg/lowcoder-ce:latest container_name: lowcoder + env_file: + - path: ./default.env + required: true + - path: ./override.env + required: false ports: - "3000:3000" - "3443:3443" # - "27017:27017" - environment: - # Public base url - LOWCODER_PUBLIC_URL: "http://localhost:3000/" - # enable services - LOWCODER_REDIS_ENABLED: "true" - LOWCODER_MONGODB_ENABLED: "true" - # - # Set LOWCODER_MONGODB_EXPOSED to "true" and uncomment mongodb port - # to make internal mongo database accessible from host - # - LOWCODER_MONGODB_EXPOSED: "false" - LOWCODER_API_SERVICE_ENABLED: "true" - LOWCODER_NODE_SERVICE_ENABLED: "true" - LOWCODER_FRONTEND_ENABLED: "true" - # generic parameters - # Effective user and group IDs - LOWCODER_PUID: "1000" - LOWCODER_PGID: "1000" - # api-service parameters - LOWCODER_MAX_ORGS_PER_USER: 100 - LOWCODER_MAX_MEMBERS_PER_ORG: 1000 - LOWCODER_MAX_GROUPS_PER_ORG: 100 - LOWCODER_MAX_APPS_PER_ORG: 1000 - LOWCODER_MAX_DEVELOPERS: 50 - #LOWCODER_MONGODB_URL: "mongodb://lowcoder:secret123@mongodb/lowcoder?authSource=admin" - LOWCODER_MONGODB_URL: "mongodb://localhost:27017/lowcoder?authSource=admin" - LOWCODER_REDIS_URL: "redis://localhost:6379" - LOWCODER_EMAIL_SIGNUP_ENABLED: "true" - LOWCODER_EMAIL_AUTH_ENABLED: "true" - LOWCODER_CREATE_WORKSPACE_ON_SIGNUP: "true" - # - # ! PLEASE CHANGE THESE TO SOMETHING UNIQUE ! - # - # LOWCODER_DB_ENCRYPTION_PASSWORD and LOWCODER_DB_ENCRYPTION_SALT is used - # to encrypt sensitive data in database so it is important to change the defaults - # - LOWCODER_DB_ENCRYPTION_PASSWORD: "lowcoder.org" - LOWCODER_DB_ENCRYPTION_SALT: "lowcoder.org" - LOWCODER_CORS_DOMAINS: "*" - # - # API-KEY secret - should be a string of at least 32 random characters - # - on linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256 - # - LOWCODER_API_KEY_SECRET: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b" - # api and node service parameters - LOWCODER_PLUGINS_DIR: "../plugins" - LOWCODER_API_RATE_LIMIT: 50 - LOWCODER_API_SERVICE_URL: "http://localhost:8080" - LOWCODER_NODE_SERVICE_URL: "http://localhost:6060" - # frontend parameters - LOWCODER_MAX_REQUEST_SIZE: 20m - LOWCODER_MAX_QUERY_TIMEOUT: 120 - LOWCODER_WORKSPACE_MODE: SAAS - LOWCODER_MARKETPLACE_PRIVATE_MODE: "true" - # Lowcoder notification emails setup - LOWCODER_ADMIN_SMTP_HOST: localhost - LOWCODER_ADMIN_SMTP_PORT: 587 - LOWCODER_ADMIN_SMTP_USERNAME: - LOWCODER_ADMIN_SMTP_PASSWORD: - LOWCODER_ADMIN_SMTP_AUTH: "true" - LOWCODER_ADMIN_SMTP_SSL_ENABLED: "false" - LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: "true" - LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: "true" - # Email used as sender in lost password email - LOWCODER_EMAIL_NOTIFICATIONS_SENDER: info@localhost - # Lowcoder superuser details - LOWCODER_SUPERUSER_USERNAME: admin@localhost - # If left blank, a password will be generated and written into log (lowcoder-stacks/logs/api-service/api-service.log) - LOWCODER_SUPERUSER_PASSWORD: volumes: - ./lowcoder-stacks:/lowcoder-stacks - ./lowcoder-stacks/assets:/lowcoder/assets diff --git a/deploy/docker/override.env b/deploy/docker/override.env new file mode 100644 index 0000000000..8785627b8c --- /dev/null +++ b/deploy/docker/override.env @@ -0,0 +1,9 @@ +##################################################################### +## ## +## Use this file to override environment variables for compose ## +## files. ## +## Add only variables you want to override. ## +## ## +##################################################################### + + From 200f7d41e22a15578ea12341628ac09e5cd41a56 Mon Sep 17 00:00:00 2001 From: Ludo Mikula Date: Sat, 5 Apr 2025 18:56:44 +0200 Subject: [PATCH 3/4] new: update helm chart, added missing configuration options --- deploy/helm/Chart.yaml | 4 +-- deploy/helm/README.md | 23 ++++++++++++++++- .../helm/templates/api-service/configMap.yaml | 18 +++++++++++++ .../helm/templates/api-service/secrets.yaml | 2 ++ deploy/helm/values.yaml | 25 +++++++++++++++++-- 5 files changed, 67 insertions(+), 5 deletions(-) diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index a99cee36ee..1921e2fc64 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -4,10 +4,10 @@ description: A Helm chart for Kubernetes for installing lowcoder type: application # Chart version (change every time you make changes to the chart) -version: 1.0.0 +version: 2.6.6 # Lowcoder version -appVersion: "latest" +appVersion: "2.6.6" # Dependencies needed for Lowcoder deployment dependencies: diff --git a/deploy/helm/README.md b/deploy/helm/README.md index b7dd8555b2..f937bf8abb 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -42,23 +42,44 @@ $ helm delete -n lowcoder my-lowcoder | Name | Description | Value | | --------------------------------------- | --------------------------------------------------------------------------------- | -------------- | +| `global.config.publicUrl` | URL of the public User Interface (used eg. in invitation links) | `https://somedomain.com/` | +| `global.config.createWorkspaceOnSignup` | If workspaceMode = SAAS, controls if own workspace is created for the user after sign up | `true` | | `global.config.workspaceMode` | Sets the workspace mode. Possible types are: SAAS, ENTERPRISE | `SAAS` | | `global.config.userId` | User ID of user running Lowcoder server application in container | `9001` | | `global.config.groupId` | Group ID of user running Lowcoder server application in container | `9001` | | `global.config.corsAllowedDomains` | CORS allowed domains | `*` | | `global.config.enableUserSignUp` | Enable users signing up to lowcoder via login page | `true` | +| `global.config.enableEmailAuth` | Controls whether authentication via email is enabled | `true` | +| `global.config.emailNotificationSender` | Email used in notifications from lowcoder | `info@localhost` | | `global.config.encryption.password` | Encryption password - CHANGE IT! | `lowcoder.org` | | `global.config.encryption.salt` | Encryption salt - CHANGE IT! | `lowcoder.org` | -| `global.config.apiKeySecret` | API-KEY secret, should be a string of at least 32 random characters - CHANGE IT | `5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b` | +| `global.config.superuser.username` | Lowcoder superadmin username | `admin@localhost` | +| `global.config.superuser.password` | Lowcoder superadmin password - if not supplied, it will be generated | | +| `global.config.apiKeySecret` | API-KEY secret, should be a string of at least 32 random characters - CHANGE IT | `5a41b0905...` | | `global.config.maxQueryTimeout` | Maximum query timeout in seconds | `120` | | `global.config.maxRequestSize` | Maximum request size | `20m` | +| `global.config.snapshotRetentionTime` | Lowcoder application snapshot retention time (in days) | `30` | +| `global.config.marketplacePrivateMode` | Controls whether to show Apps on the local Marketplace to anonymous users | `true` | | `global.config.nodeServiceUrl` | URL to node-service server if using external one (disabled by default) | | | `global.config.apiServiceUrl` | URL to api-service server if using external one (disabled by default) | | +| `global.cookie.name` | Name of the lowcoder application cookie | `LOWCODER_CE_SELFHOST_TOKEN` | +| `global.cookie.maxAge` | Lowcoder application cookie max age in hours | `24` | | `global.defaults.maxOrgsPerUser` | Maximum allowed organizations per user | `100` | | `global.defaults.maxMembersPerOrg` | Maximum allowed members per organization | `1000` | | `global.defaults.maxGroupsPerOrg` | Maximum groups allowed per organization | `100` | | `global.defaults.maxAppsPerOrg` | Maximum allowed applications per organization | `1000` | | `global.defaults.maxDevelopers` | Maximum allowed developer accounts | `100` | +| `global.defaults.apiRateLimit` | Number of max Request per Second - set to 0 to disable rate limiting | `100` | +| `global.defaults.queryTimeout` | Default lowcoder query timeout | `10` | +| `global.mailServer.host` | Mail server host (used for sending lowcoder emails) | `localhost` | +| `global.mailServer.port` | Mail server port | `578` | +| `global.mailServer.smtpAuth` | Use SMPT authentication when sending mails | `false` | +| `global.mailServer.authUsername` | Username (email) used for SMTP authentication | | +| `global.mailServer.authPassword` | Password used for authentication | | +| `global.mailServer.useSSL` | Enable SSL for connetion to the mail server | `false` | +| `global.mailServer.useStartTLS` | Enable STARTTLS | `true` | +| `global.mailServer.requireStartTLS` | Require STARTTLS | `true` | +| `global.plugins.folder` | Folder from which to load lowcoder plugins | `/plugins` | ### Redis diff --git a/deploy/helm/templates/api-service/configMap.yaml b/deploy/helm/templates/api-service/configMap.yaml index 103a78ad0e..4371982a08 100644 --- a/deploy/helm/templates/api-service/configMap.yaml +++ b/deploy/helm/templates/api-service/configMap.yaml @@ -38,11 +38,29 @@ data: LOWCODER_CORS_DOMAINS: {{ .Values.global.config.corsAllowedDomains | default "*" | quote }} LOWCODER_EMAIL_AUTH_ENABLED: {{ .Values.global.config.enableEmailAuth | default "true" | quote }} LOWCODER_EMAIL_SIGNUP_ENABLED: {{ .Values.global.config.enableUserSignUp | default "true" | quote }} + LOWCODER_EMAIL_NOTIFICATIONS_SENDER: {{ .Values.global.config.emailNotificationSender | default "info@localhost" | quote }} LOWCODER_MAX_QUERY_TIMEOUT: {{ .Values.global.config.maxQueryTimeout | default "120" | quote }} + LOWCODER_MAX_REQUEST_SIZE: {{ .Values.global.config.maxRequestSize | default "20m" | quote }} LOWCODER_MAX_ORGS_PER_USER: {{ .Values.global.defaults.maxOrgsPerUser | default "100" | quote }} LOWCODER_MAX_MEMBERS_PER_ORG: {{ .Values.global.defaults.maxMembersPerOrg | default "1000" | quote }} LOWCODER_MAX_GROUPS_PER_ORG: {{ .Values.global.defaults.maxGroupsPerOrg | default "100" | quote }} LOWCODER_MAX_APPS_PER_ORG: {{ .Values.global.defaults.maxAppsPerOrg | default "1000" | quote }} LOWCODER_MAX_DEVELOPERS: {{ .Values.global.defaults.maxDevelopers | default "50" | quote }} + LOWCODER_DEFAULT_QUERY_TIMEOUT: {{ .Values.global.defaults.queryTimeout | default "10" | quote }} LOWCODER_WORKSPACE_MODE: {{ .Values.global.config.workspaceMode | default "SAAS" | quote }} LOWCODER_CREATE_WORKSPACE_ON_SIGNUP: {{ .Values.global.config.createWorkspaceOnSignup | default "true" | quote }} + LOWCODER_ADMIN_SMTP_HOST: {{ .Values.global.mailServer.host | default "localhost" | quote }} + LOWCODER_ADMIN_SMTP_PORT: {{ .Values.global.mailServer.port | default "578" | quote }} + LOWCODER_ADMIN_SMTP_AUTH: {{ .Values.global.mailServer.smtpAuth | default "false" | quote }} + LOWCODER_ADMIN_SMTP_USERNAME: {{ .Values.global.mailServer.authUsername | default "" | quote }} + LOWCODER_ADMIN_SMTP_PASSWORD: {{ .Values.global.mailServer.authPassword | default "" | quote }} + LOWCODER_ADMIN_SMTP_SSL_ENABLED: {{ .Values.global.mailServer.useSSL | default "false" | quote }} + LOWCODER_ADMIN_SMTP_STARTTLS_ENABLED: {{ .Values.global.mailServer.useStartTLS | default "true" | quote }} + LOWCODER_ADMIN_SMTP_STARTTLS_REQUIRED: {{ .Values.global.mailServer.requireStartTLS | default "true" | quote }} + LOWCODER_API_RATE_LIMIT: {{ .Values.global.defaults.apiRateLimit | default "100" | quote }} + LOWCODER_APP_SNAPSHOT_RETENTIONTIME: {{ .Values.global.config.snapshotRetentionTime | default "30" | quote }} + LOWCODER_COOKIE_NAME: {{ .Values.global.cookie.name | default "LOWCODER_CE_SELFHOST_TOKEN" | quote }} + LOWCODER_COOKIE_MAX_AGE: {{ .Values.global.cookie.maxAge | default "24" | quote }} + LOWCODER_MARKETPLACE_PRIVATE_MODE: {{ .Values.global.config.marketplacePrivateMode | default "true" | quote }} + LOWCODER_PLUGINS_DIR: {{ .Values.global.plugins.folder | default "/plugins" | quote }} + LOWCODER_PUBLIC_URL: {{ .Values.global.config.publicUrl | default "https://somedomain.com/" | quote }} diff --git a/deploy/helm/templates/api-service/secrets.yaml b/deploy/helm/templates/api-service/secrets.yaml index eecbe91bae..bd59f9290b 100644 --- a/deploy/helm/templates/api-service/secrets.yaml +++ b/deploy/helm/templates/api-service/secrets.yaml @@ -29,3 +29,5 @@ stringData: LOWCODER_DB_ENCRYPTION_PASSWORD: {{ .Values.global.config.encryption.password | default "lowcoder.org" | quote }} LOWCODER_DB_ENCRYPTION_SALT: {{ .Values.global.config.encryption.salt | default "lowcoder.org" | quote }} LOWCODER_API_KEY_SECRET: "{{ .Values.global.config.apiKeySecret }}" + LOWCODER_SUPERUSER_USERNAME: {{ .Values.global.config.superuser.username | default "admin@localhost" | quote }} + LOWCODER_SUPERUSER_PASSWORD: {{ .Values.global.config.superuser.password | default "" | quote }} diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index 52375f00f1..df1cbca69c 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -11,6 +11,7 @@ fullnameOverride: "" # global: config: + publicUrl: "https://somedomain.com/" # This setting sets workspace mode. Possible values: SAAS, ENTERPRISE workspaceMode: SAAS createWorkspaceOnSignup: true @@ -20,20 +21,42 @@ global: corsAllowedDomains: "*" enableEmailAuth: true enableUserSignUp: true + emailNotificationSender: info@localhost encryption: password: "lowcoder.org" salt: "lowcoder.org" + superuser: + username: admin@localhost + password: #nodeServiceUrl: #apiServiceUrl: apiKeySecret: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b" maxQueryTimeout: 120 maxRequestSize: "20m" + snapshotRetentionTime: 30 + marketplacePrivateMode: true + cookie: + name: LOWCODER_CE_SELFHOST_TOKEN + maxAge: 24 defaults: maxOrgsPerUser: 100 maxMembersPerOrg: 1000 maxGroupsPerOrg: 100 maxAppsPerOrg: 1000 maxDevelopers: 50 + apiRateLimit: 100 + queryTimeout: 10 + mailServer: + host: localhost + port: 578 + smtpAuth: false + authUsername: + authPassword: + useSSL: false + useStartTLS: true + requireStartTLS: true + plugins: + folder: /plugins # # Redis @@ -92,7 +115,6 @@ apiService: # Overrides the image tag whose default is the chart appVersion. #tag: "latest" - service: type: ClusterIP port: 80 @@ -117,7 +139,6 @@ nodeService: # Overrides the image tag whose default is the chart appVersion. #tag: "latest" - service: type: ClusterIP port: 80 From 2037ca28f913f407f0e79af02ee089ed602d0642 Mon Sep 17 00:00:00 2001 From: Ludo Mikula Date: Sat, 24 May 2025 11:55:45 +0200 Subject: [PATCH 4/4] new: add configuration of node service communication encryption --- .github/workflows/docker-images.yml | 2 +- deploy/docker/README.md | 6 ++++++ deploy/docker/default.env | 8 ++++++++ deploy/helm/Chart.yaml | 4 ++-- deploy/helm/README.md | 2 ++ deploy/helm/templates/api-service/secrets.yaml | 3 +++ .../helm/templates/node-service/deployment.yaml | 2 ++ deploy/helm/templates/node-service/secrets.yaml | 15 +++++++++++++++ deploy/helm/values.yaml | 2 ++ 9 files changed, 41 insertions(+), 3 deletions(-) create mode 100644 deploy/helm/templates/node-service/secrets.yaml diff --git a/.github/workflows/docker-images.yml b/.github/workflows/docker-images.yml index 594408f57a..d075f1fdce 100644 --- a/.github/workflows/docker-images.yml +++ b/.github/workflows/docker-images.yml @@ -10,8 +10,8 @@ on: default: 'latest' options: - latest + - stable - test - - 2.4.6 build_allinone: type: boolean description: 'Build the All-In-One image' diff --git a/deploy/docker/README.md b/deploy/docker/README.md index df46e2b208..94eca974ae 100644 --- a/deploy/docker/README.md +++ b/deploy/docker/README.md @@ -44,6 +44,8 @@ Image can be configured by setting environment variables. | `LOWCODER_API_RATE_LIMIT` | Number of max Request per Second | `100` | | `LOWCODER_API_SERVICE_URL` | Lowcoder API service URL | `http://localhost:8080` | | `LOWCODER_NODE_SERVICE_URL` | Lowcoder Node service (js executor) URL | `http://localhost:6060` | +| `LOWCODER_NODE_SERVICE_SECRET` | Secret used for encrypting communication between API service and Node service - CHANGE IT! | | +| `LOWCODER_NODE_SERVICE_SALT` | Salt used for encrypting communication between API service and Node service - CHANGE IT! | | | `LOWCODER_MAX_ORGS_PER_USER` | Default maximum organizations per user | `100` | | `LOWCODER_MAX_MEMBERS_PER_ORG` | Default maximum members per organization | `1000` | | `LOWCODER_MAX_GROUPS_PER_ORG` | Default maximum groups per organization | `100` | @@ -128,6 +130,8 @@ Image can be configured by setting environment variables. | `LOWCODER_COOKIE_NAME` | Name of the lowcoder application cookie | `LOWCODER_CE_SELFHOST_TOKEN` | | `LOWCODER_COOKIE_MAX_AGE` | Lowcoder application cookie max age in hours | `24` | | `LOWCODER_APP_SNAPSHOT_RETENTIONTIME` | Application snapshots retention time in days | `30` | +| `LOWCODER_NODE_SERVICE_SECRET` | Secret used for encrypting communication between API service and Node service - CHANGE IT! | | +| `LOWCODER_NODE_SERVICE_SALT` | Salt used for encrypting communication between API service and Node service - CHANGE IT! | | Also you should set the API-KEY secret, whcih should be a string of at least 32 random characters. (from Lowcoder v2.3.x on) On linux/mac, generate one eg. with: head /dev/urandom | head -c 30 | shasum -a 256 @@ -172,6 +176,8 @@ Image can be configured by setting environment variables. | `LOWCODER_PUID` | ID of user running services. It will own all created logs and data. | `9001` | | `LOWCODER_PGID` | ID of group of the user running services. | `9001` | | `LOWCODER_API_SERVICE_URL` | Lowcoder API service URL | `http://localhost:8080` | +| `LOWCODER_NODE_SERVICE_SECRET` | Secret used for encrypting communication between API service and Node service - CHANGE IT! | | +| `LOWCODER_NODE_SERVICE_SALT` | Salt used for encrypting communication between API service and Node service - CHANGE IT! | | ## Building web frontend image diff --git a/deploy/docker/default.env b/deploy/docker/default.env index 203bfc68be..8b4445a3d4 100644 --- a/deploy/docker/default.env +++ b/deploy/docker/default.env @@ -105,6 +105,14 @@ LOWCODER_API_SERVICE_URL="http://localhost:8080" # Lowcoder Node service URL LOWCODER_NODE_SERVICE_URL="http://localhost:6060" +# +# ! PLEASE CHANGE THESE TO SOMETHING UNIQUE ! +# +# Secret and salt used for encrypting comunication between API service and NODE service +# +LOWCODER_NODE_SERVICE_SECRET="62e348319ab9f5c43c3b5a380b4d82525cdb68740f21140e767989b509ab0aa2" +LOWCODER_NODE_SERVICE_SECRET_SALT="lowcoder.org" + ## ## Frontend parameters ## diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index 1921e2fc64..7b3bf927d0 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -4,10 +4,10 @@ description: A Helm chart for Kubernetes for installing lowcoder type: application # Chart version (change every time you make changes to the chart) -version: 2.6.6 +version: 2.7.0 # Lowcoder version -appVersion: "2.6.6" +appVersion: "2.7.0" # Dependencies needed for Lowcoder deployment dependencies: diff --git a/deploy/helm/README.md b/deploy/helm/README.md index f937bf8abb..098aaf6bd0 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -61,6 +61,8 @@ $ helm delete -n lowcoder my-lowcoder | `global.config.snapshotRetentionTime` | Lowcoder application snapshot retention time (in days) | `30` | | `global.config.marketplacePrivateMode` | Controls whether to show Apps on the local Marketplace to anonymous users | `true` | | `global.config.nodeServiceUrl` | URL to node-service server if using external one (disabled by default) | | +| `global.config.nodeServiceSecret` | Secret used for encrypting traffic between API service and Node service - CHANGE IT! | | +| `global.config.nodeServiceSalt` | Salt used for encrypting traffic between API service and Node service - CHANGE IT! | | | `global.config.apiServiceUrl` | URL to api-service server if using external one (disabled by default) | | | `global.cookie.name` | Name of the lowcoder application cookie | `LOWCODER_CE_SELFHOST_TOKEN` | | `global.cookie.maxAge` | Lowcoder application cookie max age in hours | `24` | diff --git a/deploy/helm/templates/api-service/secrets.yaml b/deploy/helm/templates/api-service/secrets.yaml index bd59f9290b..c1e45ced8e 100644 --- a/deploy/helm/templates/api-service/secrets.yaml +++ b/deploy/helm/templates/api-service/secrets.yaml @@ -31,3 +31,6 @@ stringData: LOWCODER_API_KEY_SECRET: "{{ .Values.global.config.apiKeySecret }}" LOWCODER_SUPERUSER_USERNAME: {{ .Values.global.config.superuser.username | default "admin@localhost" | quote }} LOWCODER_SUPERUSER_PASSWORD: {{ .Values.global.config.superuser.password | default "" | quote }} + LOWCODER_NODE_SERVICE_SECRET: {{ .values.global.config.nodeServiceSecret | default "62e348319ab9f5c43c3b5a380b4d82525cdb68740f21140e767989b509ab0aa2" | quote }} + LOWCODER_NODE_SERVICE_SECRET_SALT: {{ .values.global.config.nodeServiceSalt | default "lowcoder.org" | quote }} + diff --git a/deploy/helm/templates/node-service/deployment.yaml b/deploy/helm/templates/node-service/deployment.yaml index 0bc4035a63..4ec381aa12 100644 --- a/deploy/helm/templates/node-service/deployment.yaml +++ b/deploy/helm/templates/node-service/deployment.yaml @@ -36,6 +36,8 @@ spec: envFrom: - configMapRef: name: {{ include "lowcoder.fullname" . }}-node-service + - secretRef: + name: {{ include "lowcoder.fullname" . }}-node-service ports: - name: lowcoder-node containerPort: 6060 diff --git a/deploy/helm/templates/node-service/secrets.yaml b/deploy/helm/templates/node-service/secrets.yaml new file mode 100644 index 0000000000..2af6cfa30b --- /dev/null +++ b/deploy/helm/templates/node-service/secrets.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ include "lowcoder.fullname" . }}-node-service + labels: + {{- include "lowcoder.labels" . | nindent 4 }} + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +stringData: + LOWCODER_NODE_SERVICE_SECRET: {{ .values.global.config.nodeServiceSecret | default "62e348319ab9f5c43c3b5a380b4d82525cdb68740f21140e767989b509ab0aa2" | quote }} + LOWCODER_NODE_SERVICE_SECRET_SALT: {{ .values.global.config.nodeServiceSalt | default "lowcoder.org" | quote }} + diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index df1cbca69c..3723fec4b4 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -31,6 +31,8 @@ global: #nodeServiceUrl: #apiServiceUrl: apiKeySecret: "5a41b090758b39b226603177ef48d73ae9839dd458ccb7e66f7e7cc028d5a50b" + nodeServiceSecret: "62e348319ab9f5c43c3b5a380b4d82525cdb68740f21140e767989b509ab0aa2" + nodeServiceSalt: "lowcoder.org" maxQueryTimeout: 120 maxRequestSize: "20m" snapshotRetentionTime: 30

pFad - (p)hone/(F)rame/(a)nonymizer/(d)eclutterfier! Saves Data!