* feat(models): allow number of models retrieved per page to be configurable by environment variable
* Default to 100, as this was the existing value, but allow override via helm chart
* fix(helm chart): fileimport service maximum object size should match server
- allow maximum object size to be configurable and to match the server value
* Explicitly provide the environment variable to docker-compose
- this indicates to operators of clusters that this environment variable exists and can be configured
* fix(email): from address should be an example to be configured by operator
* fix(environment variable): should be 'EMAIL_FROM'
- also uses docker_image_tag of '2', which should be latest in '2' tags
* No sensible defaults, instead validate that it is configured
* fix(healthcheck): Add a 2 second timeout to the healthcheck http request
* Ensure all error types are caught and the non-zero failure exit code is always 1
* fix(helm): update documentation to match helm chart
* fix(helm): update documentation should not update README in helm repository
* fix(helm): should ensure output schema conforms to prettier requirements
* feat(pre-commit): update helm documentation as part of pre-commit
* feat(circleci): update Helm README when publishing new Helm chart
* fix(pre-commit): need to npm install before using readme generator
* feat(server): add speckle automate as a configurable default app
* feat(server): add default automate url, and helm values
* fix default app tests reporting the old number
* Revert "fix(ratelimit): reduce /graphql limit based on incident (#1505)"
This reverts commit 2a35fe6178.
* Revert helm chart defaults to value in code
- fix typo
* fix(helm): network policy should allow egress to analytics.speckle.systems
- previously only allowed DNS lookup
* matchName not matchPattern on analytics.speckle.systems
* fix(helm): fix logic in networkpolicies to check for existence of object
- object must exist before we can query its parameters
- if the 'mp' object is set and it is explicitly set to 'false' then the endpoint is blocked, otherwise it is allowed.
* fix(helm chart): accessing an unset object in the second part of an and statement breaks helm
* fix(helm): cilium network policy updated to put mp within monitoring object
- object must exist before we can query its parameters
- if the 'mp' object is set and it is explicitly set to 'false' then the endpoint is blocked, otherwise it is allowed.
* feat: register flag passed to fe
* feat: mixpanel tracking for all sign ups
* feat: utm first touch & last touch tracking
* feat(helm): Allows Environment Variable for MP to be configured
- default is enabled
- renames environment variable to ENABLE_MP
* feat(helm network policy): allowlist analytics.speckle.systems
---------
Co-authored-by: Iain Sproat <68657+iainsproat@users.noreply.github.com>
* docs(helm): schematic diagram in mermaid format
* Clarifies that dependencies can be external or internal to cluster
* Explicitly show namespace containing secrets
* feat(server): add switchable admin authz override
* fix(server): make sure tests work with the new admin override
* feat(server authz): make sure to add all requested roles to server admins in admin override mode
* chore(frontend): use bitnami/openresty as base image for frontend Dockerfile
openresty/openresty was not being patched as frequently as we would like, resulting in numerous
vulnerabilities without resolution. bitnami/openresty is being patched more frequently.
Some additional changes were necessary when porting our frontend between these distributions:
- html files are in /app
- nginx.conf is in /opt/bitnami/openresty/nginx/conf/nginx.conf
- envsubst is not available by default in bitnami/openresty and needs to be copied in
- Nginx.conf - we wrap the server block in http block and overwrite root nginx.conf
- using the existing bitnami/openresty nginx.conf as a server block alone causes issues with bitnami/openresty, as bitnami/openresty provides a root nginx.conf which conflicts with directives in Speckle's server block
- we copy the directives from openresty/openresty (which are known to work with Speckle's server block), and apply them alongside Speckle's server block. This creates a new root nginx.conf which we can overwrite the default on the image.
- nginx should use a port available to non sudo/root user, we have selected 8080 instead of previous 80
- need to explicitly output nginx logs to stderr / stdout
Created a readonly root file system on Kubernetes. This requires the following changes:
- emptyDir volumes are mounted in kubernetes to allow bitnami/openresty to write to specific locations
- explicitly include and copy mime.types file to nginx configuration directory
Due to the change to non-privileged port number (8080), the following subsequent changes were required:
- Update 1-click deployment script to match frontend at port 8080
- Updates docker-compose-speckle.yaml file
Co-authored-by: Gergő Jedlicska <gergo@jedlicska.com>
* style(server): fix formatting
* fix(preview-service): fix chromium deps in Dockerfile
* feat(helm chart): expose file uploads disable flag in the helm chart
* fix(helm chart): value name fix
* fix(helm): its values
Gergő Jedlicska