feat(helm): allows setting the NODE_EXTRA_CA_CERTS variable (#6217)

---------

Co-authored-by: Radim Dostál <radim.dostal@tetanet.cz>
Co-authored-by: Nicolas Giard <github@ngpixel.com>
This commit is contained in:
Radim Dostál 2023-03-11 23:14:00 +01:00 committed by GitHub
parent 26b2839c6b
commit 12d777f18a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 43 additions and 0 deletions

View File

@ -115,6 +115,7 @@ The following table lists the configurable parameters of the Wiki.js chart and t
| `sideload.enabled` | Enable sideloading of locale files from git | `false` | | `sideload.enabled` | Enable sideloading of locale files from git | `false` |
| `sideload.repoURL` | Git repository URL containing locale files | `https://github.com/Requarks/wiki-localization` | | `sideload.repoURL` | Git repository URL containing locale files | `https://github.com/Requarks/wiki-localization` |
| `sideload.env` | Environment variables for sideload Container | `{}` | | `sideload.env` | Environment variables for sideload Container | `{}` |
| `nodeExtraCaCerts` | Trusted certificates path | `nil` |
| `postgresql.enabled` | Deploy postgres server (see below) | `true` | | `postgresql.enabled` | Deploy postgres server (see below) | `true` |
| `postgresql.postgresqlDatabase` | Postgres database name | `wiki` | | `postgresql.postgresqlDatabase` | Postgres database name | `wiki` |
| `postgresql.postgresqlUser` | Postgres username | `postgres` | | `postgresql.postgresqlUser` | Postgres username | `postgres` |
@ -175,3 +176,38 @@ See the [Configuration](#configuration) section to configure the PVC or to disab
## Ingress ## Ingress
This chart provides support for Ingress resource. If you have an available Ingress Controller such as Nginx or Traefik you maybe want to set `ingress.enabled` to true and add `ingress.hosts` for the URL. Then, you should be able to access the installation using that address. This chart provides support for Ingress resource. If you have an available Ingress Controller such as Nginx or Traefik you maybe want to set `ingress.enabled` to true and add `ingress.hosts` for the URL. Then, you should be able to access the installation using that address.
## Extra Trusted Certificates
To append extra CA Certificates:
1. Create a ConfigMap with CAs in PEM format, e.g.:
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: ca
namespace: your-wikijs-namespace
data:
certs.pem: |-
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
```
2. Mount your CAs from the ConfigMap to the Wiki.js pod and set `nodeExtraCaCerts` helm variable. Insert the following lines to your Wiki.js `values.yaml`, e.g.:
```yaml
volumeMounts:
- name: ca
mountPath: /cas.pem
subPath: certs.pem
volumes:
- name: ca
configMap:
name: ca
nodeExtraCaCerts: "/cas.pem"
```

View File

@ -39,6 +39,10 @@ spec:
image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}" image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
env: env:
{{- if .Values.nodeExtraCaCerts }}
- name: NODE_EXTRA_CA_CERTS
value: {{ .Values.nodeExtraCaCerts }}
{{- end }}
- name: DB_TYPE - name: DB_TYPE
value: postgres value: postgres
{{- if (.Values.externalPostgresql).databaseURL }} {{- if (.Values.externalPostgresql).databaseURL }}

View File

@ -113,6 +113,9 @@ sideload:
# - name: HTTPS_PROXY # - name: HTTPS_PROXY
# value: http://my.proxy.com:3128 # value: http://my.proxy.com:3128
## Append extra trusted certificates for node process from extra volume via NODE_EXTRA_CA_CERTS variable
# nodeExtraCaCerts: "/path/to/certs.pem"
## This will override the postgresql chart values ## This will override the postgresql chart values
# externalPostgresql: # externalPostgresql:
# # note: ?sslmode=require => ?ssl=true # # note: ?sslmode=require => ?ssl=true