PSPDFKit Helm Charts

Author: PSPDFKit

.github/workflows/static.yml

@@ -0,0 +1,42 @@
+# Simple workflow for deploying static content to GitHub Pages
+name: Deploy static content to Pages
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: ["master"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  # Single deploy job since we're just deploying
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Setup Pages
+        uses: actions/configure-pages@v3
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v2
+        with:
+          path: 'repository/'
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v2

README.md

@@ -0,0 +1,28 @@
+# PSPDFKit Helm Charts
+
+## Using this repository
+
+```
+helm repo add pspdfkit https://pspdfkit.github.io/helm-charts
+helm repo update
+```
+
+## Installing PDPDFKit tools
+
+### Processor
+
+```
+helm upgrade --install --debug --dry-run \
+     processor pspdfkit/processor \
+     -n pspdfkit-services \
+     -f ./processor-values.yaml 
+```
+
+### Server
+
+```
+helm upgrade --install --debug --dry-run 
+    server pspdfkit/server \
+    -n pspdfkit-services \
+    -f ./server-values.yaml
+```

charts/document-engine/.gitignore

@@ -0,0 +1 @@
+!templates/*

charts/document-engine/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/document-engine/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 13.3.0
+digest: sha256:bb80f788b7315e53c5b8a8ee726a03a25445a0ca4d5a826588f6fda5bd16a4d4
+generated: "2024-01-18T19:35:06.348569+01:00"

charts/document-engine/Chart.yaml

@@ -0,0 +1,13 @@
+apiVersion: v2
+name: document-engine
+description: PSPDFKit Document Engine
+icon: data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTAwMCIgaGVpZ2h0PSIxMDAwIiB2aWV3Qm94PSIwIDAgMTAwMCAxMDAwIiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8cGF0aCBkPSJNMzQyLjU2NyA2NTguNjEyTDMyOS40OTYgNjY1LjkxNUwzMzguNzk5IDY1NC4yODZDMzk5LjMxIDU3OS44NDIgNDMzLjAyNiA0ODcuMjExIDQzNC41MjggMzkxLjI4OEw0MzQuNzYgMzc2LjMxTDQ0MC4xMSAzOTAuMjY1QzQ3NC40MDUgNDc5LjkzMiA1MzcuODc4IDU1NS40NDggNjIwLjMxIDYwNC42NTRMNjMzLjE0OCA2MTIuMzI5TDYxOC4zNTYgNjA5Ljk1N0M1MjMuNTcxIDU5NC43NTYgNDI2LjQyOCA2MTEuODk0IDM0Mi41NjcgNjU4LjYxMloiIGZpbGw9IiMxOTBEOTQiLz4KPHBhdGggZD0iTTU1NC41MTkgNTU2LjM2N0M0NzMuMzk2IDQ0Mi4wMzMgNDg3LjMwNCAzNzYuODY1IDUwOS44NjQgMjg5Ljc4OEM1MzYuNjExIDE4Ni41MjQgNDczLjM1IDg0LjA1MDUgMzYyLjU5NyAxMTQuNDI1QzMxMy41MjMgMTI3LjkxNCAyOTYuMTczIDE2MS4zMTIgMjkwLjAzMyAxODQuNzU2QzI1OS45ODQgMjk3Ljc4OSA0MzguMjMxIDQ2Ni4xNzQgNTU0LjUxOSA1NTYuMzY3WiIgZmlsbD0iIzVFNUNFQiIvPgo8cGF0aCBkPSJNMjE3LjEwMyA2NDQuMTg2QzExNC4zMDQgNjcyLjY1NCA1Ny4xODM1IDc3OC43NTUgMTM4Ljg2NSA4NTkuNDEzQzE3NS4wNTMgODk1LjEzNyAyMTIuNjM4IDg5My40NjIgMjM2LjAzNSA4ODcuMzIyQzM0OC45MjggODU2Ljc2MiA0MDUuNjMgNjE4LjE4NCA0MjUuNjMyIDQ3Mi40MDVDMzY3LjE2MiA1OTkuNjI1IDMwMy45OTQgNjIwLjE4NCAyMTcuMTAzIDY0NC4xODZaIiBmaWxsPSIjNUU1Q0VCIi8+CjxwYXRoIGQ9Ik04NzEuNDggNTgyLjY1MUM3ODguNTQzIDUwMC4xNzkgNTUzLjU5NCA1NzAuMzI0IDQxNy4zNSA2MjUuOTFDNTU2Ljg5NiA2MTIuODM5IDYwNi4zODkgNjU3LjQ0OCA2NzAuNTMzIDcyMC41MjJDNzQ2LjU4NiA3OTUuMzE5IDg2Ni45NjggNzkxLjczNyA4OTYuMDQgNjgwLjY1OUM5MDguNjkyIDYzMS40NDUgODg4LjQ1OCA1OTkuNzIyIDg3MS40OCA1ODIuNjUxWiIgZmlsbD0iIzVFNUNFQiIvPgo8L3N2Zz4K
+type: application
+version: 0.1.4
+appVersion: "0.1.0"
+
+dependencies:
+  - name: postgresql
+    version: 13.3.0
+    repository: https://charts.bitnami.com/bitnami
+    condition: postgresql.enabled

charts/document-engine/charts/postgresql-13.3.0.tgz

@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "document-engine.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "document-engine.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "document-engine.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "document-engine.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

charts/document-engine/templates/NOTES.txt

@@ -0,0 +1,152 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "document-engine.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "document-engine.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "document-engine.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "document-engine.labels" -}}
+helm.sh/chart: {{ include "document-engine.chart" . }}
+{{ include "document-engine.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "document-engine.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "document-engine.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "document-engine.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "document-engine.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+License secret name
+*/}}
+{{- define "document-engine.license.secret.name" -}}
+  {{- if not .Values.pspdfkit.license.externalSecret.name -}}
+    {{- printf "%s-license" (include "document-engine.fullname" .) -}}
+  {{- else -}}
+    {{- .Values.pspdfkit.license.externalSecret.name -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "document-engine.license.secret.key" -}}
+  {{- if not .Values.pspdfkit.license.externalSecret.name -}}
+    ACTIVATION_KEY
+  {{- else -}}
+    {{- .Values.pspdfkit.license.externalSecret.key -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+API and dashboard secrets
+*/}}
+{{- define "document-engine.api.secret.name" -}}
+  {{- if (eq .Values.pspdfkit.auth.api.createSecret true) -}}
+    {{- printf "%s-api-auth" (include "document-engine.fullname" .) -}}
+  {{- else -}}
+    {{- .Values.pspdfkit.auth.api.externalSecretName -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "document-engine.dashboard.secret.name" -}}
+  {{- if (eq .Values.pspdfkit.auth.dashboard.createSecret true) -}}
+    {{- printf "%s-dashboard-auth" (include "document-engine.fullname" .) -}}
+  {{- else -}}
+    {{- .Values.pspdfkit.auth.dashboard.externalSecretName -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Database secrets
+*/}}
+{{- define "document-engine.storage.postgres.secret.name" -}}
+  {{- if (eq .Values.pspdfkit.storage.postgres.auth.createSecret true) -}}
+    {{- printf "%s-db-postgres" (include "document-engine.fullname" .) -}}
+  {{- else -}}
+    {{- .Values.pspdfkit.storage.postgres.auth.externalSecretName -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "document-engine.storage.postgres.adminSecret.name" -}}
+  {{- if (eq .Values.pspdfkit.storage.postgres.auth.createSecret true) -}}
+    {{- printf "%s-db-postgres-admin" (include "document-engine.fullname" .) -}}
+  {{- else -}}
+    {{- .Values.pspdfkit.storage.postgres.auth.externalAdminSecretName -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Object storage parameters
+*/}}
+{{- define "document-engine.s3.enabled" -}}
+  {{- if .Values.pspdfkit.storage.assetStorageBackend -}}
+    {{- with .Values.pspdfkit.storage.assetStorageBackend -}}
+      {{- if eq . "s3" -}}
+        {{- true -}}
+      {{- else -}}
+        {{- false -}}
+      {{- end -}}
+    {{- end -}}
+  {{- else -}}
+    {{- false -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "document-engine.s3.createSecret" -}}
+  {{- if and (eq (include "document-engine.s3.enabled" .) "true") (not .Values.pspdfkit.storage.s3.auth.externalSecretName) -}}
+    {{- true -}}
+  {{- else -}}
+    {{- false -}}
+  {{- end -}}
+{{- end -}}
+
+{{- define "document-engine.s3.secretName" -}}
+  {{- if (eq (include "document-engine.s3.createSecret" .) "true") -}}
+    {{- printf "%s-s3" (include "document-engine.fullname" .) -}}
+  {{- else -}}
+    {{- .Values.pspdfkit.storage.s3.auth.externalSecretName -}}
+  {{- end -}}
+{{- end -}}

charts/document-engine/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "document-engine.fullname" . }}-config
+  labels:
+    {{- include "document-engine.labels" . | nindent 4 }}
+data:
+  LOG_LEVEL: {{ .Values.pspdfkit.log.level | quote }}
+  PDF_GENERATION_TIMEOUT: {{ mul 1000 .Values.pspdfkit.generationTimeoutSeconds | quote }}
+  SERVER_REQUEST_TIMEOUT: {{ mul 1000 .Values.pspdfkit.requestTimeoutSeconds | quote }}
+  REMOTE_URL_FETCH_TIMEOUT: {{ mul 1000 .Values.pspdfkit.urlFetchTimeoutSeconds | quote }}
+  READ_ANNOTATION_BATCH_TIMEOUT: {{ mul 1000 .Values.pspdfkit.readAnnotationBatchTimeoutSeconds | quote }}
+  PSPDFKIT_WORKER_POOL_SIZE: {{ .Values.pspdfkit.workerPoolSize | quote }}
+  ALLOW_DOCUMENT_UPLOADS: {{ .Values.pspdfkit.allowDocumentUploads | quote }}
+  ALLOW_REMOTE_DOCUMENTS: {{ .Values.pspdfkit.allowRemoteDocuments | quote }}
+  ALLOW_DOCUMENT_GENERATION: {{ .Values.pspdfkit.allowDocumentGeneration | quote }}
+  ALLOW_REMOTE_ASSETS_IN_GENERATION: {{ .Values.pspdfkit.allowRemoteAssetsInGeneration | quote }}
+  IGNORE_INVALID_ANNOTATIONS: {{ .Values.pspdfkit.ignoreInvalidAnnotations | quote }}
+  ASSET_STORAGE_CACHE_SIZE: {{ mul 1048576 .Values.pspdfkit.assetStorageCacheSizeMegaBytes | quote }}
+  AUTOMATIC_LINK_EXTRACTION: {{ .Values.pspdfkit.automaticLinkExtraction | quote }}
+  USE_REDIS_CACHE: "false"
+{{- if .Values.pspdfkit.storage.enableMigrationJobs }}
+  ENABLE_DATABASE_MIGRATIONS: "false"
+  EXIT_AFTER_DATABASE_MIGRATIONS: "false"
+{{- else }}
+  ENABLE_DATABASE_MIGRATIONS: "true"
+  EXIT_AFTER_DATABASE_MIGRATIONS: "false"
+{{- end }}
+{{- with .Values.pspdfkit.storage }}
+  ASSET_STORAGE_BACKEND: {{ default "built-in" .assetStorageBackend | quote }}
+{{-   if eq .assetStorageBackend "s3" }}
+  ASSET_STORAGE_S3_BUCKET: {{ default "none" .s3.bucket | quote }}
+  ASSET_STORAGE_S3_REGION: {{ default "none" .s3.region | quote }}
+{{-     if .s3.host }}
+  ASSET_STORAGE_S3_HOST: {{ .s3.host | quote }}
+  ASSET_STORAGE_S3_PORT: {{ default "443" .s3.port | quote }}
+  ASSET_STORAGE_S3_SCHEME: {{ default "https://" .s3.scheme | quote }}
+{{-     end }}
+{{-   end }}
+  ENABLE_ASSET_STORAGE_FALLBACK: {{ default "false" .enableAssetStorageFallback | quote }}
+{{- end }}
+{{- with .Values.pspdfkit.signingService }}
+{{-   if .enabled }}
+  SIGNING_SERVICE_URL: {{ default "none" .url | quote }}
+  SIGNING_SERVICE_TIMEOUT:  {{ mul 1000 .timeoutSeconds | quote }}
+  DEFAULT_SIGNER_NAME: {{ default "none" .defaultSignerName | quote }}
+  DEFAULT_SIGNATURE_REASON: {{ default "none" .defaultSignatureReason | quote }}
+  DEFAULT_SIGNATURE_LOCATION: {{ default "none" .defaultSignatureLocation | quote }}
+  DIGITAL_SIGNATURE_HASH_ALGORITHM: {{ default "sha512" .digitalSignatureHashAlgorithm | quote }}
+  DIGITAL_SIGNATURE_CERTIFICATE_CHECK_TIME: {{ default "current_time" .digitalSignatureCertificateCheckTime | quote }}
+{{-   end }}
+{{- end }}
+{{- with .Values.pspdfkit.trustedProxies }}
+  TRUSTED_PROXIES: {{ . | quote }}
+{{- end }}
+{{- if .Values.prometheusExporter.enabled }}
+  STATSD_HOST: localhost
+  STATSD_PORT: {{ .Values.prometheusExporter.statsdPort | quote }}
+  STATSD_CUSTOM_TAGS: "namespace={{ .Release.Namespace }},app={{ include "document-engine.fullname" . }}"
+{{- end }}
+# Can be used for hash updating
+  VERSION: {{ include "document-engine.chart" . | quote }}

charts/document-engine/templates/config.ConfigMap.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "document-engine.fullname" . }}
+  labels:
+    {{- include "document-engine.labels" . | nindent 4 }}
+data:
+  {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace ( include "document-engine.fullname" . ) ) | default dict }}
+  {{- $secretData := (get $secretObj "data") | default dict }}
+  {{- $secretKeyBase := (get $secretData "SECRET_KEY_BASE") | default ( default (randAlphaNum 256) .Values.pspdfkit.secretKeyBase | b64enc) }}
+  SECRET_KEY_BASE: {{ $secretKeyBase | quote }}

charts/document-engine/templates/config.Secret.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.pspdfkit.auth.api.createSecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "document-engine.fullname" . }}-api-auth
+  labels:
+    {{- include "document-engine.labels" . | nindent 4 }}
+data:
+  API_AUTH_TOKEN: {{ default (randAlphaNum 64) .Values.pspdfkit.auth.api.apiToken | b64enc | quote }}
+{{-   if .Values.pspdfkit.auth.api.jwt.enabled }}
+  JWT_PUBLIC_KEY: {{ default "none" .Values.pspdfkit.auth.api.jwt.publicKey | b64enc | quote }}
+  JWT_ALGORITHM: {{ default "none" .Values.pspdfkit.auth.api.jwt.algorithm | b64enc | quote }}
+{{-   end }}
+{{- end }}