docs: added DB_SSL and DB_SSL_CA to helm chart (#2492)

***NO_CI*** * Update deployment.yaml added DB_SSL option for postgres * Update README.md added note about `postgresql.ssl` * added DB_SSL_CA * added postgressql.ca note * Update values.yaml added more PostgresSQL details to values.yml * Update values.yaml * Update values.yaml removed whitespace * Update README.md added ssl and ca notes * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * docs: update README Co-authored-by: Nicolas Giard <github@ngpixel.com>
2021-03-23 13:47:57 -05:00 · 2021-03-23 13:47:57 -05:00 · 05aad5b9c6
commit 05aad5b9c6
parent 033b8e6b21
3 changed files with 24 additions and 0 deletions
--- a/dev/helm/README.md
+++ b/dev/helm/README.md
@ -108,6 +108,8 @@ The following table lists the configurable parameters of the Wiki.js chart and t
 | `postgresql.postgresqlHost`            | External postgres host                      | `nil`                                                      |
 | `postgresql.postgresqlPassword`        | External postgres password                  | `nil`                                                      |
 | `postgresql.postgresqlPort`            | External postgres port                      | `5432`                                                     |
+| `postgresql.ssl`                       | Enable external postgres SSL connection     | `false`                                                   |
+| `postgresql.ca`                        | Certificate of Authority path for postgres  | `nil`                                                     |
 | `postgresql.persistence.enabled`                | Enable postgres persistence using PVC                | `true`                                                     |
 | `postgresql.persistence.existingClaim`          | Provide an existing `PersistentVolumeClaim` for postgres | `nil`                                                      |
 | `postgresql.persistence.storageClass`           | Postgres PVC Storage Class (example: `nfs`)                           | `nil`                 |
@ -137,6 +139,8 @@ By default, PostgreSQL is installed as part of the chart.

 To use an external PostgreSQL server, set `postgresql.enabled` to `false` and then set `postgresql.postgresqlHost` and `postgresql.postgresqlPassword`. The other options (`postgresql.postgresqlDatabase`, `postgresql.postgresqlUser` and `postgresql.postgresqlPort`) may also want changing from their default values.

+To use an SSL connection you can set `postgresql.ssl` to `true` and if needed the path to a Certificate of Authority can be set using `postgresql.ca` to `/path/to/ca`. Default `postgresql.ssl` value is `false`.
+
 You also need to add the follow Helm template to your deployment:

 ```yaml
--- a/dev/helm/templates/deployment.yaml
+++ b/dev/helm/templates/deployment.yaml
@ -38,6 +38,10 @@ spec:
              value: {{ default "wiki" .Values.postgresql.postgresqlDatabase }}
            - name: DB_USER
              value: {{ default "wiki" .Values.postgresql.postgresqlUser }}
+            - name: DB_SSL
+              value: "{{ default "false" .Values.postgresql.ssl }}"    
+            - name: DB_SSL_CA
+              value: "{{ default "" .Values.postgresql.ca }}"   
            - name: DB_PASS
              valueFrom:
                secretKeyRef:
--- a/dev/helm/values.yaml
+++ b/dev/helm/values.yaml
@ -80,6 +80,22 @@ postgresql:
  ## Set to false if bringing your own PostgreSQL, and set secret value postgresql-uri.
  ##
  enabled: true
+  ## ssl enforce SSL communication with PostgresSQL
+  ## Default to false
+  ##  
+  # ssl: false
+  ## ca Certificate of Authority
+  ## Default to empty, point to location of CA
+  ##
+  # ca: "path to ca"
+  ## postgresqlHost override postgres database host
+  ## Default to postgres
+  ##
+  # postgresqlHost: postgres
+  ## postgresqlPort port for postgres 
+  ## Default to 5432
+  ##
+  # postgresqlPort: 5432
  ## PostgreSQL fullname Override
  ## Default to wiki-postgresql unless fullname override is set for Chart
  ##