schwarzit / node-red-chart Goto Github PK

Is your feature request related to a problem? Please describe.

Many times, people want to use custom nodes in nodered, but there isn't an obvious way to install them using the configuration. Basically, just looking for a way to do npm i pkgA from values.yaml.

Describe the solution you'd like

Some options:

1. simplest - working example using an init container/sidecar (commented out) in values.yaml.
2. allow package.json from config map - requires the user to populate the rest of the package.json and could have other implications (? or benefits?)
3. Add startupCommands: ["npm i pkgA"] or installPackages: ["pkgA"] to values.yaml

Describe alternatives you've considered

I'm working on getting the right init container/sidecar setup but need to figure out the right base image, volume mounts, and other config necessary. I'm not sure I understand the difference between /data/package.json and /usr/src/node-red/package.json tho

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

What happened?

When enabling the sidecar the following error pops up:

{"time": "2023-07-13T12:28:52.447411+00:00", "msg": "ApiException when calling kubernetes: (403)\nReason: Forbidden\nHTTP response headers: HTTPHeaderDict({'Audit-Id': 'b8b09bba-edfb-4081-a343-0f1003723b7e', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Content-Type-Options': 'nosniff', 'X-Kubernetes-Pf-Flowschema-Uid': '8ab875b2-2eb8-4d39-b8f5-c4145d183385', 'X-Kubernetes-Pf-Prioritylevel-Uid': '7a39ee85-6835-4c03-9685-aa3a3ede8014', 'Date': 'Thu, 13 Jul 2023 12:28:52 GMT', 'Content-Length': '304'})\nHTTP response body: b'{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"configmaps is forbidden: User \\\\\"system:serviceaccount:node-red:node-red\\\\\" cannot watch resource \\\\\"configmaps\\\\\" in API group \\\\\"\\\\\" in the namespace \\\\\"node-red\\\\\"\",\"reason\":\"Forbidden\",\"details\":{\"kind\":\"configmaps\"},\"code\":403}\\n'\n\n", "level": "ERROR"}

How can we reproduce this?

Below is an example of my values.yaml:

settings:
  name: settings-config
  configMapName: settings-config

sidecar:
  enabled: true
  env:
    username: ***
    password: ***
  extraNodeModules:
    - node-red-contrib-microsoft-teams-tasks
    - node-red-contrib-json

Helm Chart version

0.24.2

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

What happened?

I expected to be able to define various aspects of the PVC manifest.

It turns out that the docs and values.yaml are out-of-date/incorrect, as only the persitence.enabled and an undocumented subPath value are being respected.

How can we reproduce this?

https://github.com/search?q=repo%3ASchwarzIT%2Fnode-red-chart%20persistence&type=code

Helm Chart version

$ helm -n nodered list
NAME   	NAMESPACE	REVISION	UPDATED                                	STATUS  	CHART          	APP VERSION
nodered	nodered  	4       	2024-03-01 09:03:22.916041598 +0000 UTC	deployed	node-red-0.28.1	3.0.2      

### Search

- [X] I did search for other open and closed issues before opening this.

### Code of Conduct

- [X] I agree to follow this project's Code of Conduct

### Additional context

As a workaround I've simply disabled persistence in the chart and created the PVC separately.

What happened?

When the Projects are enabled and a pod is replaced with another one, the init container added in PR#28 changes the access of all the files in /data to 777, which also changes the ssh keys which should be 600, losing access to the repositories.

A workaround is to re-create the ssh keys within the GUI but that's not ideal.

How can we reproduce this?

• Create a new deployment using this chart and specifying to use "projects":

projects: {
    /** To enable the Projects feature, set this value to true */
    enabled: true,
    workflow: {
        mode: "manual"
    }
},

• Enable persistence by using an existing claim.
• Log into node-red.
• Configure user account and ssh keys.
• Create a new project by creating/cloning a repository.
• Work and push the changes to the repository.
• Terminate the pod.
• Try to sync.

Helm Chart version

$ helm list --namespace staging | grep nodered
nodered                                 	staging  	1       	2022-04-12 09:12:36.887073322 -0700 -0700	deployed	node-red-0.15.4 	2.2.2

### Search

- [X] I did search for other open and closed issues before opening this.

### Code of Conduct

- [X] I agree to follow this project's Code of Conduct

### Additional context

_No response_

Is your feature request related to a problem? Please describe.

No permission to create role/rolebinding in namespace

Describe the solution you'd like

Please make it possible to disable creating role/rolebinding

Describe alternatives you've considered

n/a

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

Is your feature request related to a problem? Please describe.

NodeRed has a really nice feature for version controlling your flows called Projects (which lets you commit flow changes via the UI).

I'm considering managing nodered through a Dev/Production GitOps-style pipeline where:

• the dev version has the Projects feature enabled and you make changes and commit to a git repo.
• And then the production version (treated as a read-only nodered, could be headless) uses the sidecar to update changes from configmaps created from the git repo (possibly using git-sync).

I'm curious to know how the flow_refresh.py sidecar would interplay with the files generated by the Projects feature.

I ask because I noticed extra-node-modules.json which seems different to how nodered projects seems to manage things (through package.json) and I was wondering if you've considered these two features together.

Describe the solution you'd like

1. someone can make changes to a flow, add modules, etc. using the projects feature of the dev nodered instance and commit the changes via the UI.
2. I can have an automated workflow to pull the changes into the production nodered instance and automatically deploy flows and install node modules, etc so that the new version can be deployed automatically (without any interaction with the UI)

Describe alternatives you've considered

It looks like the flow_refresh.py file pretty much does this, but I am just curious about any potential pitfalls around combining these two tools.

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

update node-red version to 2.0.6-12

Changing stuff in the helm-chart sucks, as you need currently to fix the README.md by hand

We should rebuild it to support https://github.com/norwoodj/helm-docs and auto generate it.

What happened?

I'm running this on AKS using Azure Files for persistence, which doesn't support hard links. If I enable persistence on /data, I start getting errors when I try to run npm install (either through the manage palette page or running npm i manually).

Error log

2023-01-03T21:46:21.478Z npm install --no-audit --no-update-notifier --no-fund --save --save-prefix=~ --production --engine-strict [email protected]
2023-01-03T21:46:22.189Z [err] npm
2023-01-03T21:46:22.189Z [err]  WARN
2023-01-03T21:46:22.189Z [err]  config production Use `--omit=dev` instead.
2023-01-03T21:46:22.644Z [err] npm
2023-01-03T21:46:22.644Z [err]  ERR! code ENOTSUP
2023-01-03T21:46:22.644Z [err] npm
2023-01-03T21:46:22.644Z [err]  ERR!
2023-01-03T21:46:22.644Z [err]  syscall link
2023-01-03T21:46:22.644Z [err] npm ERR!
2023-01-03T21:46:22.644Z [err]  
2023-01-03T21:46:22.645Z [err] path /data/.npm/_cacache/tmp/78da15c8
2023-01-03T21:46:22.645Z [err] npm ERR! dest /data/.npm/_cacache/content-v2/sha512/71/6f/d7852a119e0ba4879feb7f584dc48ed54bd579c78f809b3af2188d89a3fc5fd14a421e419c3fa720905d8b7b5f2f42c76816907b0a160a50c78c3d57825b
2023-01-03T21:46:22.645Z [err] npm ERR! errno ENOTSUP
2023-01-03T21:46:22.647Z [err] npm ERR! Invalid response body while trying to fetch https://registry.npmjs.org/node-red-contrib-postgresql: ENOTSUP: operation not supported on socket, link '/data/.npm/_cacache/tmp/78da15c8' -> '/data/.npm/_cacache/content-v2/sha512/71/6f/d7852a119e0ba4879feb7f584dc48ed54bd579c78f809b3af2188d89a3fc5fd14a421e419c3fa720905d8b7b5f2f42c76816907b0a160a50c78c3d57825b'
2023-01-03T21:46:22.648Z [err] 
2023-01-03T21:46:22.648Z [err] npm ERR!
2023-01-03T21:46:22.648Z [err]  A complete log of this run can be found in:
2023-01-03T21:46:22.648Z [err] npm ERR!     /data/.npm/_logs/2023-01-03T21_46_22_092Z-debug-0.log
2023-01-03T21:46:22.674Z rc=1

How can we reproduce this?

Here's my configuration

aks storage class (terraform config) and helm chart

resource "kubernetes_storage_class" "nodered" {
  metadata {
    name = "nodered"
  }
  storage_provisioner = "file.csi.azure.com"
  reclaim_policy      = "Retain"
  parameters = {
    skuName = "Standard_LRS"
  }

  mount_options = ["dir_mode=0777", "file_mode=0777", "uid=10003", "gid=10003", "serverino", "mfsymlinks"]
}


resource "helm_release" "nodered" {
  chart      = "node-red"
  name       = "nodered"
  repository = "https://schwarzit.github.io/node-red-chart/"
  namespace  = var.namespace

  values = [
    replace(templatefile("${path.module}/values/nodered.values.yml", {
      domain             = "${var.nodered_subdomain}.${var.domain}"
      settings_config    = kubernetes_config_map.nodered_settings.metadata[0].name
      storage_class_name = kubernetes_storage_class.nodered.metadata[0].name
    }), "/^\\s*#.*\\n?/", "") # removes comment lines :)
  ]
}

values.yaml

metrics:
  enabled: true
persistence:
  enabled: true
  storageClass: "${storage_class_name}"
ingress:
  enabled: true
  annotations: # {}
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure,web
  hosts:
    - host: ${domain}
      paths:
        - path: /
          pathType: ImplementationSpecific
settings:
  name: nodered-settings-config
  configMapName: ${settings_config}

Helm Chart version

0.21.3

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

Solution

I was able to solve it by:

1. allowing the user to write to /usr/src/node-red

securityContext:
  readOnlyRootFilesystem: false
  runAsGroup: 1000
  runAsUser: 1000

2. writing this to /usr/src/node-red/.npmrc

cache="/usr/src/node-red/.cache"

But it would be great if your npmrc: config field accepted a free-text field (e.g. npmrc.contents) to insert values like this from the values.yaml file.

Is your feature request related to a problem? Please describe.

With the 3.0 release of node-red out, we should now update the chart to reflect this

Here the link to the release notes: https://nodered.org/blog/2022/07/14/version-3-0-released

Describe the solution you'd like

Update 😄

Describe alternatives you've considered

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

What happened?

There is no version 2.3.0 of the official node-red docker image! The chart version 0.8 needs to be removed from the index.yaml and checked that artifact hub rolls back to version 0.7

How can we reproduce this?

Try to helm install the 0.8 version

Helm Chart version

0.8.0

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

FYI @ka

Build a cool static web page on github pages

What happened?

When enabling certificate an error happens while rendering the templates:

Error: INSTALLATION FAILED: template: node-red/templates/certificates.yaml:8:24: executing "node-red/templates/certificates.yaml" at <.Release.Namespace>: nil pointer evaluating interface {}.Namespace

How can we reproduce this?

ingress:
  enabled: true
  tls: 
    - secretName: node-red
      hosts:
      - node-red.com
      certificate:
        enabled: true
        issuerRef:
          kind: ClusterIssuer
          name: letsencrypt

Helm Chart version

0.28.0

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

None

What happened?

When enabling the sidecar helmfile is unable to render the chart:

STDERR:
  Error: Failed to render chart: exit status 1: Error: unable to build kubernetes objects from release manifest: unable to decode "": json: cannot unmarshal number into Go struct field ObjectMeta.metadata.labels of type string
  Error: plugin "diff" exited with error

It looks like the default values won't work:

sidecar:
  enabled: true
  env:
    label: node-red-settings
    label_value: "1"

When changing the values to for example:

sidecar:
  enabled: true
  env:
    label: node-red-settings
    label_value: node-red-settings

This makes it work. So it seems like the quotes are not rendered correctly.

How can we reproduce this?

Use the following helmfile.yaml:

repositories:
  - name: node-red
    url: https://schwarzit.github.io/node-red-chart/

releases:
  - name: node-red
    namespace: node-red
    chart: node-red/node-red
    version: 0.24.2
    installed: true
    values:
      - values.yaml

And the following values.yaml:

settings:
  name: settings-config
  configMapName: settings-config

sidecar:
  enabled: true
  extraNodeModules:
    - node-red-contrib-microsoft-teams-tasks
    - node-red-contrib-json

When running helmfile apply this error will occur.

Helm Chart version

0.24.2

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

What happened?

Don't think this is a bug, but I am not familiar with Node.js/NodeRED to fully understand how to enable the prometheus metrics.

I just realized that the metrics from NodeRED are not available for Prometheus, so I checked what is the problem. I only enabled the metrics via the chart values:

metrics:
  enabled: true
  serviceMonitor:
    enabled: true

But today I read that I also need to install the node-red-contrib-prometheus-exporter like described in the chart README: README > Monitoring.

I tried to do so by enabling the sidecar container and added node-red-contrib-prometheus-exporter to sidecar.extraNodeModules.

After deploying this to my K8s, there now is the sidecar container for the node-red pod, but the node module is still not installed 🤔

Requesting :1880/metrics gives me Cannot GET /metrics 🤷‍♂️

How can we reproduce this?

sidecar:
  enabled: true
  extraNodeModules:
    - node-red-contrib-prometheus-exporter

metrics:
  enabled: true
  serviceMonitor:
    enabled: true

Helm Chart version

0.29.0

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

What happened?

Let's consider a scenario where a Node-RED instance is configured with enabled https for some specific reason. In this case, the hard-enabled readiness check does not receive a 200 response because the scheme is set to http. As a result, the pod will not transition to the ready state.

How can we reproduce this?

To enhance the functionality, please consider the following revisions:

• Enable HTTPS with self-signed certificates. In my opinion, liveness and readiness should not be enabled by default. The user of the chart should have the ability to enable or disable them or further configure.
  Furthermore, it would be beneficial to take into account the following aspects:
• Make the mount point data configurable.
• Allow for configurability of the SecurityContext. Currently, modifying any item requires modification of all items, unless the default settings are acceptable.
• The original Node-RED image is configured with a default user ID of 1000. What is the reasoning behind changing it to 10003?
• When ingress is enabled with TLS, a certificate object is automatically created. However, what should be done if a self-signed certificate is required for internal usage?

It appears that this chart has been designed for a specific use case and may no longer serve a general purpose.### Helm Chart version

0.24.1

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

Is your feature request related to a problem? Please describe.

we want to have the ability to add more labels

Describe the solution you'd like

add here option to add more labels : https://github.com/SchwarzIT/node-red-chart/blob/main/charts/node-red/templates/deployment.yaml#L27

fo example:
spec:
metadata:
labels:
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}

Describe alternatives you've considered

don't have

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

What happened?

I try to import a flow from Config File via the Sidecar Container but the flow_refresh.sh script is failing. The flow will not imported via the API Refresh.

Actually I am using pv/pvc and install flows and nodes manually via web interface. Thought I would be a good way to use a sidecar like kubernetes microservice style.

k logs node-red-.... node-red-sidecar 
{"time": "2023-04-26T12:17:07.098556+00:00", "msg": "Starting collector", "level": "INFO"}
{"time": "2023-04-26T12:17:07.100418+00:00", "msg": "No folder annotation was provided, defaulting to k8s-sidecar-target-directory", "level": "WARNING"}
{"time": "2023-04-26T12:17:07.100861+00:00", "msg": "Loading incluster config ...", "level": "INFO"}
{"time": "2023-04-26T12:17:07.101686+00:00", "msg": "Config for cluster api at 'https://10.200.0.1:443' loaded...", "level": "INFO"}
{"time": "2023-04-26T12:17:07.102336+00:00", "msg": "Unique filenames will not be enforced.", "level": "INFO"}
{"time": "2023-04-26T12:17:07.102516+00:00", "msg": "5xx response content will not be enabled.", "level": "INFO"}
{"time": "2023-04-26T12:17:17.129633+00:00", "msg": "Script failed with error: Command '['sh', '/app/flow_refresh.sh']' returned non-zero exit status 127.", "level": "ERROR"}

How can we reproduce this?

Connecting to the sidecar shell and checking the flow_refresh script:

k exec  node-red-..... -it -c node-red-sidecar -- sh
/app $ sh flow_refresh.sh 
node-red flow refresh api
flow_refresh.sh: line 4: curl: not found
flow_refresh.sh: line 4: jq: not found
flow_refresh.sh: line 5: curl: not found

The k8s-sidecar container is missing curl and jq binary!
Is this the common behaviour?

Helm Chart version

0.23.1

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

Is your feature request related to a problem? Please describe.

Thank you for maintaining the nodered chart.

I want to reuse an existing pvc in case I have to reinstall the chart and do not want to lose my existing flows and data.
Actually a "helm uninstall nodered" will delete the pvc resource and can not be reused by the existing claim key/value.

Helm Values Sample
#STORAGE
persistence:
  # -- Use persistent volume to store data
  enabled: true
  ## node-red data Persistent Volume Storage Class
  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provik sioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  # -- Type of persistent volume claim
  storageClass: "sp-test"
  ##
  ## If you want to reuse an existing claim, you can pass the name of the PVC using
  ## the existingClaim variable
  # -- Use an existing PVC to persist data
  existingClaim: pvc-3c33e0d7-d3d4-42ea-9dd1-9ec36b9faf45
  # -- Persistence access mode
  accessMode: ReadWriteOnce
  # -- Size of persistent volume claim
  size: 5Gi

Describe the solution you'd like

Do not delete PVC resources when performing helm uninstall when key "persistences.keep=enabled" is set.

Describe alternatives you've considered

Alternatives to this would be a general way to import flows as also install nodes from configmap. I case of an reinstall, pod crash etc. the flows and nodes would be reloaded.
#198

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

Is your feature request related to a problem? Please describe.

I am not familiar to where the nodered stores information but i see a "replicaCount" attribute for this chart, so i wonder:

• is high-availability possible with this chart?
• how can applications/flows be deduplicated if replicaCount is > 1 ? is there a way to let them run only once?
• is possible to achieve HA saving information in an external HA-database cluster?

regards

Describe the solution you'd like

HA

Describe alternatives you've considered

Serverless frameworks

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

In the values.yaml we should add a key initcontainer to define a whole initcontainer. In the template we can reference on it with toYaml

What happened?

flow_refresh.sh uses curl, however curl does not exist in sidecar image.

How can we reproduce this?

Enable sidecar in the values.yaml and provide nodered username and password.

Helm Chart version

0.20.0

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

No response

Is your feature request related to a problem? Please describe.

In order to deploy this chart to my cluster successfully I need to add annotations to the service created

Describe the solution you'd like

Implement .Values.service.annotations in a fully backwards-compatible way

Describe alternatives you've considered

Search

• I did search for other open and closed issues before opening this.

Code of Conduct

• I agree to follow this project's Code of Conduct

Additional context

Happy to submit the PR for this if wanted