Open
Conversation
…lling services and improved the flow based on cert-manager and calling services requirement
…ory, how to verify, download artifact, and documentation around cert-manager and calling components
…o kernel requirements
|
arthurwolf
reviewed
Apr 13, 2026
| ENV=$1 | ||
| TYPE=$2 | ||
| charts=(fake-aws smtp rabbitmq databases-ephemeral reaper wire-server webapp account-pages team-settings ingress-nginx-controller nginx-ingress-services coturn sftd cert-manager) | ||
| charts=(fake-aws demo-smtp rabbitmq databases-ephemeral reaper wire-server webapp account-pages team-settings ingress-nginx-controller) |
Contributor
There was a problem hiding this comment.
I do not know if this is bad or not, but I want to remark that here in process_values() we change from smtp to demo-smtp, but the deploy_charts() in main() still references smtp and not demo-smtp.
Not sure what the impact is, or even if this is an actual problem, but I thought I'd point out the potential inconsistency.
arthurwolf
reviewed
Apr 13, 2026
| fi | ||
|
|
||
| # Setting coturn node IP values | ||
| yq eval -i ".coturnTurnListenIP = \"$CALLING_NODE_IP\"" "$BASE_DIR/values/coturn/values.yaml" |
Contributor
There was a problem hiding this comment.
This is a problem that predates the PR, but I thought I'd still mention: almost all value modifications use a temporary file pattern, like:
yq eval -i '.tls.issuerRef.name = "letsencrypt-http01"' "$TEMP_DIR/sftd-values.yaml"just above...
But these edit the files "directly" without going through a temp file, which means no "Updating..." log messages like other edits have, no idempotency check, more risk etc.
Minor but thought I'd point it out.
arthurwolf
reviewed
Apr 13, 2026
| - `CERT_MASTER_EMAIL`: email used by cert-manager for ACME registration. | ||
| - `HOST_IP`: public IP that matches your DNS A record (auto-detected if empty). | ||
| - `TARGET_SYSTEM`: your domain (e.g., `wire.example.com` or `example.dev`) using which you have created subdomains, check more at [How to set up DNS records](https://docs.wire.com/latest/how-to/install/demo-wiab.html#dns-requirements). | ||
| - `CERT_MASTER_EMAIL`: email used by cert-manager for ACME registration (dy default=TRUE). |
Contributor
There was a problem hiding this comment.
Suggested change
| - `CERT_MASTER_EMAIL`: email used by cert-manager for ACME registration (dy default=TRUE). | |
| - `CERT_MASTER_EMAIL`: email used by cert-manager for ACME registration (by default=TRUE). |
typo
arthurwolf
reviewed
Apr 13, 2026
| *Note: The `bin/helm-operations.sh` script above deploys these charts; you do not need to run the Helm commands manually unless you want to customize or debug.* | ||
|
|
||
| **Manually removing non-required helm charts**: | ||
| - If some helm charts are not required in your environment like `demo-smtp` for email relayomg then use the following command to uninstall them: |
Contributor
There was a problem hiding this comment.
Suggested change
| - If some helm charts are not required in your environment like `demo-smtp` for email relayomg then use the following command to uninstall them: | |
| - If some helm charts are not required in your environment like `demo-smtp` for email relaying then use the following command to uninstall them: |
arthurwolf
reviewed
Apr 13, 2026
|
|
||
| - If the VMs are reachable with a private key, set `ansible_ssh_private_key_file` in the inventory and run Ansible normally. | ||
| - If you rely on an SSH agent, keep `ansible_ssh_private_key_file` commented out and ensure the agent on the `adminhost` can reach all VMs. | ||
| - If you do not use a private key entry in the inventory and password authentication is enabled on the VMs, add `--ask-pass` when runing ansible-playbooks manually and `--ask-become-pass` for sudo access. |
Contributor
There was a problem hiding this comment.
Suggested change
| - If you do not use a private key entry in the inventory and password authentication is enabled on the VMs, add `--ask-pass` when runing ansible-playbooks manually and `--ask-become-pass` for sudo access. | |
| - If you do not use a private key entry in the inventory and password authentication is enabled on the VMs, add `--ask-pass` when running ansible-playbooks manually and `--ask-become-pass` for sudo access. |
small typo
arthurwolf
reviewed
Apr 13, 2026
| # verify if all kube-system pods are running well | ||
| sudo docker run --network=host -v $PWD:/wire-server-deploy $WSD_CONTAINER sh -c 'kubectl -n kube-system get pods' | ||
|
|
||
| sudo docker run --network=host -v $PWD:/wire-server-deploy $WSD_CONTAINER sh -c 'TARGET_SYSTEM="example.dev" CERT_MASTER_EMAIL="certmaster@example.dev" DEPLOY_CERT_MANAGER=TRUE DUMP_LOGS_ON_FAIL=TRUE ./bin/helm-operations.sh' |
Contributor
There was a problem hiding this comment.
Suggested change
| sudo docker run --network=host -v $PWD:/wire-server-deploy $WSD_CONTAINER sh -c 'TARGET_SYSTEM="example.dev" CERT_MASTER_EMAIL="certmaster@example.dev" DEPLOY_CERT_MANAGER=TRUE DUMP_LOGS_ON_FAIL=TRUE ./bin/helm-operations.sh' | |
| sudo docker run --network=host -v $PWD:/wire-server-deploy $WSD_CONTAINER sh -c 'TARGET_SYSTEM="example.dev" CERT_MASTER_EMAIL="certmaster@example.dev" DEPLOY_CERT_MANAGER=TRUE DUMP_LOGS_ON_FAIL=TRUE DEPLOY_CALLING_SERVICES=TRUE ./bin/helm-operations.sh' |
So, DEPLOY_CALLING_SERVICES defaults to TRUE if not specified (I think), so behavior is preserved no matter what here, but shouldn't we make it explicit with DEPLOY_CALLING_SERVICES=TRUE here?
Otherwise somebody looking at this line / copy-pasting it has no idea that DEPLOY_CALLING_SERVICES is a thing?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Change type
Basic information
Testing
Offline Build CI (label-based)
Add one or more labels to trigger offline builds:
build-default- Full production build (ansible, terraform, all packages)build-dev- WIAB/dev buildbuild-wiab-staging- WIAB-staging buildbuild-min- Minimal build (fastest, essential charts only)build-all- Run all three buildsNote: No builds run by default. Add a label to trigger CI.
Tracking
changelog.dKnowledge Transfer
Motivation
Objective
Reason
Use case