feat(helm): allows setting the NODE_EXTRA_CA_CERTS variable (#6217)

--------- Co-authored-by: Radim Dostál <radim.dostal@tetanet.cz> Co-authored-by: Nicolas Giard <github@ngpixel.com>
2023-03-11 23:14:00 +01:00 · 2023-03-11 23:14:00 +01:00 · 12d777f18a
commit 12d777f18a
parent 26b2839c6b
3 changed files with 43 additions and 0 deletions
--- a/dev/helm/README.md
+++ b/dev/helm/README.md
@ -115,6 +115,7 @@ The following table lists the configurable parameters of the Wiki.js chart and t
 | `sideload.enabled`                   | Enable sideloading of locale files from git | `false`                                                    |
 | `sideload.repoURL`                   | Git repository URL containing locale files  | `https://github.com/Requarks/wiki-localization`            |
 | `sideload.env`                       | Environment variables for sideload Container | `{}`                                                      |
 | `nodeExtraCaCerts`                   | Trusted certificates path                   | `nil`                                                      |
 | `postgresql.enabled`                 | Deploy postgres server (see below)          | `true`                                                     |
 | `postgresql.postgresqlDatabase`        | Postgres database name                      | `wiki`                                                   |
 | `postgresql.postgresqlUser`            | Postgres username                           | `postgres`                                                   |
@ -175,3 +176,38 @@ See the [Configuration](#configuration) section to configure the PVC or to disab
 ## Ingress
 This chart provides support for Ingress resource. If you have an available Ingress Controller such as Nginx or Traefik you maybe want to set `ingress.enabled` to true and add `ingress.hosts` for the URL. Then, you should be able to access the installation using that address.
 ## Extra Trusted Certificates
 To append extra CA Certificates:
 1. Create a ConfigMap with CAs in PEM format, e.g.:
 ```yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: ca
  namespace: your-wikijs-namespace
 data:
  certs.pem: |-
    -----BEGIN CERTIFICATE-----
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
    -----END CERTIFICATE-----
 ```
 2. Mount your CAs from the ConfigMap to the Wiki.js pod and set `nodeExtraCaCerts` helm variable. Insert the following lines to your Wiki.js `values.yaml`, e.g.:
 ```yaml
 volumeMounts:
  - name: ca
    mountPath: /cas.pem
    subPath: certs.pem
 volumes:
  - name: ca
    configMap:
      name: ca
 nodeExtraCaCerts: "/cas.pem"
 ```
--- a/dev/helm/templates/deployment.yaml
+++ b/dev/helm/templates/deployment.yaml
@ -39,6 +39,10 @@ spec:
          image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
          imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
          env:
            {{- if .Values.nodeExtraCaCerts }}
            - name: NODE_EXTRA_CA_CERTS
              value: {{ .Values.nodeExtraCaCerts }}
            {{- end }}
            - name: DB_TYPE
              value: postgres
            {{- if (.Values.externalPostgresql).databaseURL }}
--- a/dev/helm/values.yaml
+++ b/dev/helm/values.yaml
@ -113,6 +113,9 @@ sideload:
  #  - name: HTTPS_PROXY
  #    value: http://my.proxy.com:3128
 ## Append extra trusted certificates for node process from extra volume via NODE_EXTRA_CA_CERTS variable
 # nodeExtraCaCerts: "/path/to/certs.pem"
 ## This will override the postgresql chart values
 # externalPostgresql:
 #   # note: ?sslmode=require => ?ssl=true