Update docs: Migrated Helm charts (#3931) (#4058)

wireapp · May 22, 2024 · 5af4c29 · 5af4c29
1 parent b279582
commit 5af4c29
Show file tree

Hide file tree

Showing 7 changed files with 51 additions and 89 deletions.
diff --git a/changelog.d/4-docs/WPB-7036 b/changelog.d/4-docs/WPB-7036
@@ -0,0 +1 @@
+Adjust documentation for migrated helm charts
diff --git a/charts/wire-server/values.yaml b/charts/wire-server/values.yaml
@@ -6,11 +6,8 @@
 #   services: true
 
 tags:
-  team-settings: false
-  account-pages: false
   legalhold: false
   federation: false # see also galley.config.enableFederation and brig.config.enableFederation
-  sftd: false
   backoffice: false
   mlsstats: false
   integration: false
diff --git a/docs/src/how-to/install/infrastructure-configuration.md b/docs/src/how-to/install/infrastructure-configuration.md
@@ -581,19 +581,15 @@ In case of a demo install, replace `prod` with `demo`.
 First set the option under the `team-settings` section, `envVars` sub-section:
 
 ```yaml
-# NOTE: Only relevant if you want team-settings
-team-settings:
-  envVars:
-    IS_SELF_HOSTED: "true"
+envVars:
+  IS_SELF_HOSTED: "true"
 ```
 
-Second, also set the option under the `account-pages` section:
+Second, also set the option for `account-pages` helm chart:
 
 ```yaml
-# NOTE: Only relevant if you want account-pages
-account-pages:
-  envVars:
-    IS_SELF_HOSTED: "true"
+envVars:
+  IS_SELF_HOSTED: "true"
 ```
 
 (auth-cookie-config)=

diff --git a/docs/src/how-to/install/sft.md b/docs/src/how-to/install/sft.md
@@ -8,28 +8,23 @@ Please refer to the following {ref}`section to better understand SFT and how it
 
 ### As part of the wire-server umbrella chart
 
-`` sftd` `` will be installed as part of the `wire-server` umbrella chart if you set `tags.sftd: true`
+The `sftd` is packaged as its own Helm chart.
 
-In your `./values/wire-server/values.yaml` file you should set the following settings:
+In your `./values/sftd/values.yaml` file you should set the following settings:
 
 ```yaml
-tags:
-  sftd: true
-
-sftd:
-  host: sftd.example.com # Replace example.com with your domain
-  allowOrigin: https://webapp.example.com # Should be the address you used for the webapp deployment (Note: you must include the uri scheme "https://")
+host: sftd.example.com # Replace example.com with your domain
+allowOrigin: https://webapp.example.com # Should be the address you used for the webapp deployment (Note: you must include the uri scheme "https://")
 ```
 
 In your `secrets.yaml` you should set the TLS keys for sftd domain:
 
 ```yaml
-sftd:
-  tls:
-    crt: |
-      <TLS CRT HERE>
-    key: |
-      <TLS KEY HERE>
+tls:
+  crt: |
+    <TLS CRT HERE>
+  key: |
+    <TLS KEY HERE>
 ```
 
 You should also make sure that you configure brig to know about the SFT server in your `./values/wire-server/values.yaml`  file:
@@ -46,23 +41,6 @@ Now you can deploy as usual:
 helm upgrade wire-server wire/wire-server --values ./values/wire-server/values.yaml
 ```
 
-### Standalone
-
-The SFT component is also shipped as a separate helm chart. Installation is similar to installing
-the charts as in {ref}`helm-prod`.
-
-Some people might want to run SFT separately, because the deployment lifecycle for the SFT is a bit more intricate. For example,
-if you want to avoid dropping calls during an upgrade, you'd set the `terminationGracePeriodSeconds` of the SFT to a high number, to wait
-for calls to drain before updating to the new version (See  [technical documentation](https://github.com/wireapp/wire-server/blob/develop/charts/sftd/README.md)).  that would cause your otherwise snappy upgrade of the `wire-server` chart to now take a long time, as it waits for all
-the SFT servers to drain. If this is a concern for you, we advice installing `sftd` as a separate chart.
-
-It is important that you disable `sftd` in the `wire-server` umbrella chart, by setting this in your `./values/wire-server/values.yaml`  file
-
-```yaml
-tags:
-  sftd: false
-```
-
 By default `sftd` doesn't need to set that many options, so we define them inline. However, you could of course also set these values in a `values.yaml` file.
 
 SFT will deploy a Kubernetes Ingress on `$SFTD_HOST`.  Make sure that the domain name `$SFTD_HOST` points to your ingress IP as set up in {ref}`helm-prod`.  The SFT also needs to be made aware of the domain name of the webapp that you set up in {ref}`helm-prod` for setting up the appropriate CSP headers.
@@ -75,8 +53,7 @@ export WEBAPP_HOST=webapp.example.com
 Now you can install the chart:
 
 ```shell
-helm upgrade --install sftd wire/sftd --set
-helm install sftd wire/sftd  \
+helm install sftd sftd  \
   --set host=$SFTD_HOST \
   --set allowOrigin=https://$WEBAPP_HOST \
   --set-file tls.crt=/path/to/tls.crt \

diff --git a/docs/src/how-to/install/troubleshooting.md b/docs/src/how-to/install/troubleshooting.md
@@ -7,22 +7,21 @@ If you have installed wire-server, but the web application page in your browser
 In the file that you use as override when running `helm install/update -f <override values.yaml>` (using the webapp as an example):
 
 ```yaml
-webapp:
-   # ... other settings...
-   envVars:
-     # ... other environment variables ...
-     CSP_EXTRA_CONNECT_SRC: "https://*.example.com, wss://*.example.com"
-     CSP_EXTRA_IMG_SRC: "https://*.example.com"
-     CSP_EXTRA_SCRIPT_SRC: "https://*.example.com"
-     CSP_EXTRA_DEFAULT_SRC: "https://*.example.com"
-     CSP_EXTRA_FONT_SRC: "https://*.example.com"
-     CSP_EXTRA_FRAME_SRC: "https://*.example.com"
-     CSP_EXTRA_MANIFEST_SRC: "https://*.example.com"
-     CSP_EXTRA_OBJECT_SRC: "https://*.example.com"
-     CSP_EXTRA_MEDIA_SRC: "https://*.example.com"
-     CSP_EXTRA_PREFETCH_SRC: "https://*.example.com"
-     CSP_EXTRA_STYLE_SRC: "https://*.example.com"
-     CSP_EXTRA_WORKER_SRC: "https://*.example.com"
+# ... other settings...
+envVars:
+  # ... other environment variables ...
+  CSP_EXTRA_CONNECT_SRC: "https://*.example.com, wss://*.example.com"
+  CSP_EXTRA_IMG_SRC: "https://*.example.com"
+  CSP_EXTRA_SCRIPT_SRC: "https://*.example.com"
+  CSP_EXTRA_DEFAULT_SRC: "https://*.example.com"
+  CSP_EXTRA_FONT_SRC: "https://*.example.com"
+  CSP_EXTRA_FRAME_SRC: "https://*.example.com"
+  CSP_EXTRA_MANIFEST_SRC: "https://*.example.com"
+  CSP_EXTRA_OBJECT_SRC: "https://*.example.com"
+  CSP_EXTRA_MEDIA_SRC: "https://*.example.com"
+  CSP_EXTRA_PREFETCH_SRC: "https://*.example.com"
+  CSP_EXTRA_STYLE_SRC: "https://*.example.com"
+  CSP_EXTRA_WORKER_SRC: "https://*.example.com"
 ```
 
 For more info, you can have a look at respective charts values files, i.e.:

diff --git a/docs/src/how-to/install/web-app-settings.md b/docs/src/how-to/install/web-app-settings.md
@@ -6,14 +6,13 @@ Wire desktop app is based on Electron and renders Wire web app in a chromium-bas
 
 When this flag is set to true it will prevent the web app from running in a standard browser and require the Wire desktop app for running Wire web app.
 
-To enforce desktop application only add the following to your Helm overrides in `values/wire-server/values.yaml`:
+To enforce desktop application only add the following to your configuration of the `webapp` chart:
 
 ```yaml
-webapp:
+# ...
+envVars:
   # ...
-  envVars:
-    # ...
-    FEATURE_ENABLE_ENFORCE_DESKTOP_APPLICATION_ONLY: "true"
+  FEATURE_ENABLE_ENFORCE_DESKTOP_APPLICATION_ONLY: "true"
 ```
 
 ## Enforce constant bit rate
@@ -22,40 +21,36 @@ By default Wire users can choose, whether to use constant bit rate (CBR) or vari
 Since there is a theoretical risk of information leakage through packet size analysis when using Opus with variable bitrate encoding during audio calls, CBR can be fully enforced for 1:1 calls in the web app, too.
 
 
-To enforce CBR add the following to your Helm overrides in `values/wire-server/values.yaml`:
+To enforce CBR add the following to your config:
 
 ```yaml
-webapp:
+envVars:
   # ...
-  envVars:
-    # ...
-    FEATURE_ENFORCE_CONSTANT_BITRATE: "true"
+  FEATURE_ENFORCE_CONSTANT_BITRATE: "true"
 ```
 
 ## Disable media plugins
 
 Wire is built for media plugins to be active in the chat windows so that users don't have to click the link and leave the app. In some cases it may be desired that these plugins get disabled by default. With this setting all media plugins, including but not limited to YouTube, Spotify, Soundcloud, and Vimeo can be disabled.
 
-To disable media plugins add the following to your Helm overrides in `values/wire-server/values.yaml`:
+To disable media plugins add the following to your configuration:
 
 ```yaml
-webapp:
+# ...
+envVars:
   # ...
-  envVars:
-    # ...
-    FEATURE_ENABLE_MEDIA_EMBEDS: "false"
+  FEATURE_ENABLE_MEDIA_EMBEDS: "false"
 ```
 
 ## Enable extra entropy (only on Windows)
 
 The Wire desktop application uses system-dependent source of random bits as an internal entropy source when generating cryptographic keys. In certain cases it may be desired to enable externally generated entropy derived from mouse movement. This option only affects Windows users.
 
-To enable additional entropy during client creation add the following to your Helm overrides in `values/wire-server/values.yaml`:
+To enable additional entropy during client creation add the following to your configuration:
 
 ```yaml
-webapp:
+# ...
+envVars:
   # ...
-  envVars:
-    # ...
-    FEATURE_ENABLE_EXTRA_CLIENT_ENTROPY: "true"
+  FEATURE_ENABLE_EXTRA_CLIENT_ENTROPY: "true"
 ```
diff --git a/docs/src/understand/mls.md b/docs/src/understand/mls.md
@@ -49,22 +49,19 @@ brig:
       setEnableMLS: true
 ```
 
-Finally, the web applications need to be made aware of *MLS*. This is done by
+Finally, the webapp needs to enable made aware of *MLS*. This is done by
 setting the following environment variable for the web application:
 
 ```yaml
-webapp:
-  envVars:
-    FEATURE_ENABLE_MLS: "true"
+envVars:
+  FEATURE_ENABLE_MLS: "true"
 ```
 
 and for the team settings web application:
 
 ```yaml
-# NOTE: Only relevant if you want team-settings
-team-settings:
-  envVars:
-    FEATURE_ENABLE_MLS: "true"
+envVars:
+  FEATURE_ENABLE_MLS: "true"
 ```
 
 As long as *MLS* is still an opt-in feature, please remember that in order to be able