From 05aad5b9c6ac42494ff0d3b2273a2db4f20e3686 Mon Sep 17 00:00:00 2001 From: Matt Date: Tue, 23 Mar 2021 13:47:57 -0500 Subject: [PATCH] docs: added DB_SSL and DB_SSL_CA to helm chart (#2492) ***NO_CI*** * Update deployment.yaml added DB_SSL option for postgres * Update README.md added note about `postgresql.ssl` * added DB_SSL_CA * added postgressql.ca note * Update values.yaml added more PostgresSQL details to values.yml * Update values.yaml * Update values.yaml removed whitespace * Update README.md added ssl and ca notes * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * docs: update README Co-authored-by: Nicolas Giard --- dev/helm/README.md | 4 ++++ dev/helm/templates/deployment.yaml | 4 ++++ dev/helm/values.yaml | 16 ++++++++++++++++ 3 files changed, 24 insertions(+) diff --git a/dev/helm/README.md b/dev/helm/README.md index 21cc9c44..7d45fba1 100644 --- a/dev/helm/README.md +++ b/dev/helm/README.md @@ -108,6 +108,8 @@ The following table lists the configurable parameters of the Wiki.js chart and t | `postgresql.postgresqlHost` | External postgres host | `nil` | | `postgresql.postgresqlPassword` | External postgres password | `nil` | | `postgresql.postgresqlPort` | External postgres port | `5432` | +| `postgresql.ssl` | Enable external postgres SSL connection | `false` | +| `postgresql.ca` | Certificate of Authority path for postgres | `nil` | | `postgresql.persistence.enabled` | Enable postgres persistence using PVC | `true` | | `postgresql.persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` for postgres | `nil` | | `postgresql.persistence.storageClass` | Postgres PVC Storage Class (example: `nfs`) | `nil` | @@ -137,6 +139,8 @@ By default, PostgreSQL is installed as part of the chart. To use an external PostgreSQL server, set `postgresql.enabled` to `false` and then set `postgresql.postgresqlHost` and `postgresql.postgresqlPassword`. The other options (`postgresql.postgresqlDatabase`, `postgresql.postgresqlUser` and `postgresql.postgresqlPort`) may also want changing from their default values. +To use an SSL connection you can set `postgresql.ssl` to `true` and if needed the path to a Certificate of Authority can be set using `postgresql.ca` to `/path/to/ca`. Default `postgresql.ssl` value is `false`. + You also need to add the follow Helm template to your deployment: ```yaml diff --git a/dev/helm/templates/deployment.yaml b/dev/helm/templates/deployment.yaml index 41b8805e..0c728770 100644 --- a/dev/helm/templates/deployment.yaml +++ b/dev/helm/templates/deployment.yaml @@ -38,6 +38,10 @@ spec: value: {{ default "wiki" .Values.postgresql.postgresqlDatabase }} - name: DB_USER value: {{ default "wiki" .Values.postgresql.postgresqlUser }} + - name: DB_SSL + value: "{{ default "false" .Values.postgresql.ssl }}" + - name: DB_SSL_CA + value: "{{ default "" .Values.postgresql.ca }}" - name: DB_PASS valueFrom: secretKeyRef: diff --git a/dev/helm/values.yaml b/dev/helm/values.yaml index 2d0859c0..87701fb2 100644 --- a/dev/helm/values.yaml +++ b/dev/helm/values.yaml @@ -80,6 +80,22 @@ postgresql: ## Set to false if bringing your own PostgreSQL, and set secret value postgresql-uri. ## enabled: true + ## ssl enforce SSL communication with PostgresSQL + ## Default to false + ## + # ssl: false + ## ca Certificate of Authority + ## Default to empty, point to location of CA + ## + # ca: "path to ca" + ## postgresqlHost override postgres database host + ## Default to postgres + ## + # postgresqlHost: postgres + ## postgresqlPort port for postgres + ## Default to 5432 + ## + # postgresqlPort: 5432 ## PostgreSQL fullname Override ## Default to wiki-postgresql unless fullname override is set for Chart ##