feat(helm): allows setting the NODE_EXTRA_CA_CERTS variable (#6217)
--------- Co-authored-by: Radim Dostál <radim.dostal@tetanet.cz> Co-authored-by: Nicolas Giard <github@ngpixel.com>
This commit is contained in:
parent
26b2839c6b
commit
12d777f18a
@ -115,6 +115,7 @@ The following table lists the configurable parameters of the Wiki.js chart and t
|
|||||||
| `sideload.enabled` | Enable sideloading of locale files from git | `false` |
|
| `sideload.enabled` | Enable sideloading of locale files from git | `false` |
|
||||||
| `sideload.repoURL` | Git repository URL containing locale files | `https://github.com/Requarks/wiki-localization` |
|
| `sideload.repoURL` | Git repository URL containing locale files | `https://github.com/Requarks/wiki-localization` |
|
||||||
| `sideload.env` | Environment variables for sideload Container | `{}` |
|
| `sideload.env` | Environment variables for sideload Container | `{}` |
|
||||||
|
| `nodeExtraCaCerts` | Trusted certificates path | `nil` |
|
||||||
| `postgresql.enabled` | Deploy postgres server (see below) | `true` |
|
| `postgresql.enabled` | Deploy postgres server (see below) | `true` |
|
||||||
| `postgresql.postgresqlDatabase` | Postgres database name | `wiki` |
|
| `postgresql.postgresqlDatabase` | Postgres database name | `wiki` |
|
||||||
| `postgresql.postgresqlUser` | Postgres username | `postgres` |
|
| `postgresql.postgresqlUser` | Postgres username | `postgres` |
|
||||||
@ -175,3 +176,38 @@ See the [Configuration](#configuration) section to configure the PVC or to disab
|
|||||||
## Ingress
|
## Ingress
|
||||||
|
|
||||||
This chart provides support for Ingress resource. If you have an available Ingress Controller such as Nginx or Traefik you maybe want to set `ingress.enabled` to true and add `ingress.hosts` for the URL. Then, you should be able to access the installation using that address.
|
This chart provides support for Ingress resource. If you have an available Ingress Controller such as Nginx or Traefik you maybe want to set `ingress.enabled` to true and add `ingress.hosts` for the URL. Then, you should be able to access the installation using that address.
|
||||||
|
|
||||||
|
## Extra Trusted Certificates
|
||||||
|
|
||||||
|
To append extra CA Certificates:
|
||||||
|
|
||||||
|
1. Create a ConfigMap with CAs in PEM format, e.g.:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: ca
|
||||||
|
namespace: your-wikijs-namespace
|
||||||
|
data:
|
||||||
|
certs.pem: |-
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Mount your CAs from the ConfigMap to the Wiki.js pod and set `nodeExtraCaCerts` helm variable. Insert the following lines to your Wiki.js `values.yaml`, e.g.:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
volumeMounts:
|
||||||
|
- name: ca
|
||||||
|
mountPath: /cas.pem
|
||||||
|
subPath: certs.pem
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
- name: ca
|
||||||
|
configMap:
|
||||||
|
name: ca
|
||||||
|
|
||||||
|
nodeExtraCaCerts: "/cas.pem"
|
||||||
|
```
|
||||||
|
@ -39,6 +39,10 @@ spec:
|
|||||||
image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
|
image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
|
||||||
imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
|
imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
|
||||||
env:
|
env:
|
||||||
|
{{- if .Values.nodeExtraCaCerts }}
|
||||||
|
- name: NODE_EXTRA_CA_CERTS
|
||||||
|
value: {{ .Values.nodeExtraCaCerts }}
|
||||||
|
{{- end }}
|
||||||
- name: DB_TYPE
|
- name: DB_TYPE
|
||||||
value: postgres
|
value: postgres
|
||||||
{{- if (.Values.externalPostgresql).databaseURL }}
|
{{- if (.Values.externalPostgresql).databaseURL }}
|
||||||
|
@ -113,6 +113,9 @@ sideload:
|
|||||||
# - name: HTTPS_PROXY
|
# - name: HTTPS_PROXY
|
||||||
# value: http://my.proxy.com:3128
|
# value: http://my.proxy.com:3128
|
||||||
|
|
||||||
|
## Append extra trusted certificates for node process from extra volume via NODE_EXTRA_CA_CERTS variable
|
||||||
|
# nodeExtraCaCerts: "/path/to/certs.pem"
|
||||||
|
|
||||||
## This will override the postgresql chart values
|
## This will override the postgresql chart values
|
||||||
# externalPostgresql:
|
# externalPostgresql:
|
||||||
# # note: ?sslmode=require => ?ssl=true
|
# # note: ?sslmode=require => ?ssl=true
|
||||||
|
Loading…
Reference in New Issue
Block a user