Skip to content

Commit

Permalink
feat(helm): allows setting the NODE_EXTRA_CA_CERTS variable (#6217)
Browse files Browse the repository at this point in the history
---------

Co-authored-by: Radim Dostál <radim.dostal@tetanet.cz>
Co-authored-by: Nicolas Giard <github@ngpixel.com>
  • Loading branch information
3 people committed Mar 11, 2023
1 parent 26b2839 commit 12d777f
Show file tree
Hide file tree
Showing 3 changed files with 43 additions and 0 deletions.
36 changes: 36 additions & 0 deletions dev/helm/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ The following table lists the configurable parameters of the Wiki.js chart and t
| `sideload.enabled` | Enable sideloading of locale files from git | `false` |
| `sideload.repoURL` | Git repository URL containing locale files | `https://github.com/Requarks/wiki-localization` |
| `sideload.env` | Environment variables for sideload Container | `{}` |
| `nodeExtraCaCerts` | Trusted certificates path | `nil` |
| `postgresql.enabled` | Deploy postgres server (see below) | `true` |
| `postgresql.postgresqlDatabase` | Postgres database name | `wiki` |
| `postgresql.postgresqlUser` | Postgres username | `postgres` |
Expand Down Expand Up @@ -175,3 +176,38 @@ See the [Configuration](#configuration) section to configure the PVC or to disab
## Ingress

This chart provides support for Ingress resource. If you have an available Ingress Controller such as Nginx or Traefik you maybe want to set `ingress.enabled` to true and add `ingress.hosts` for the URL. Then, you should be able to access the installation using that address.

## Extra Trusted Certificates

To append extra CA Certificates:

1. Create a ConfigMap with CAs in PEM format, e.g.:

```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: ca
namespace: your-wikijs-namespace
data:
certs.pem: |-
-----BEGIN CERTIFICATE-----
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-----END CERTIFICATE-----
```
2. Mount your CAs from the ConfigMap to the Wiki.js pod and set `nodeExtraCaCerts` helm variable. Insert the following lines to your Wiki.js `values.yaml`, e.g.:

```yaml
volumeMounts:
- name: ca
mountPath: /cas.pem
subPath: certs.pem
volumes:
- name: ca
configMap:
name: ca
nodeExtraCaCerts: "/cas.pem"
```
4 changes: 4 additions & 0 deletions dev/helm/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,10 @@ spec:
image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
env:
{{- if .Values.nodeExtraCaCerts }}
- name: NODE_EXTRA_CA_CERTS
value: {{ .Values.nodeExtraCaCerts }}
{{- end }}
- name: DB_TYPE
value: postgres
{{- if (.Values.externalPostgresql).databaseURL }}
Expand Down
3 changes: 3 additions & 0 deletions dev/helm/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,9 @@ sideload:
# - name: HTTPS_PROXY
# value: http://my.proxy.com:3128

## Append extra trusted certificates for node process from extra volume via NODE_EXTRA_CA_CERTS variable
# nodeExtraCaCerts: "/path/to/certs.pem"

## This will override the postgresql chart values
# externalPostgresql:
# # note: ?sslmode=require => ?ssl=true
Expand Down

0 comments on commit 12d777f

Please sign in to comment.