From 12d777f18aa09ffdd7fdb1ccbb7c8743d06f12c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Radim=20Dost=C3=A1l?= Date: Sat, 11 Mar 2023 23:14:00 +0100 Subject: [PATCH] feat(helm): allows setting the NODE_EXTRA_CA_CERTS variable (#6217) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --------- Co-authored-by: Radim Dostál Co-authored-by: Nicolas Giard --- dev/helm/README.md | 36 ++++++++++++++++++++++++++++++ dev/helm/templates/deployment.yaml | 4 ++++ dev/helm/values.yaml | 3 +++ 3 files changed, 43 insertions(+) diff --git a/dev/helm/README.md b/dev/helm/README.md index ae95ab45..87404d76 100644 --- a/dev/helm/README.md +++ b/dev/helm/README.md @@ -115,6 +115,7 @@ The following table lists the configurable parameters of the Wiki.js chart and t | `sideload.enabled` | Enable sideloading of locale files from git | `false` | | `sideload.repoURL` | Git repository URL containing locale files | `https://github.com/Requarks/wiki-localization` | | `sideload.env` | Environment variables for sideload Container | `{}` | +| `nodeExtraCaCerts` | Trusted certificates path | `nil` | | `postgresql.enabled` | Deploy postgres server (see below) | `true` | | `postgresql.postgresqlDatabase` | Postgres database name | `wiki` | | `postgresql.postgresqlUser` | Postgres username | `postgres` | @@ -175,3 +176,38 @@ See the [Configuration](#configuration) section to configure the PVC or to disab ## Ingress This chart provides support for Ingress resource. If you have an available Ingress Controller such as Nginx or Traefik you maybe want to set `ingress.enabled` to true and add `ingress.hosts` for the URL. Then, you should be able to access the installation using that address. + +## Extra Trusted Certificates + +To append extra CA Certificates: + +1. Create a ConfigMap with CAs in PEM format, e.g.: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: ca + namespace: your-wikijs-namespace +data: + certs.pem: |- + -----BEGIN CERTIFICATE----- + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + -----END CERTIFICATE----- +``` + +2. Mount your CAs from the ConfigMap to the Wiki.js pod and set `nodeExtraCaCerts` helm variable. Insert the following lines to your Wiki.js `values.yaml`, e.g.: + +```yaml +volumeMounts: + - name: ca + mountPath: /cas.pem + subPath: certs.pem + +volumes: + - name: ca + configMap: + name: ca + +nodeExtraCaCerts: "/cas.pem" +``` diff --git a/dev/helm/templates/deployment.yaml b/dev/helm/templates/deployment.yaml index 62f02bc7..feebbe30 100644 --- a/dev/helm/templates/deployment.yaml +++ b/dev/helm/templates/deployment.yaml @@ -39,6 +39,10 @@ spec: image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}" imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} env: + {{- if .Values.nodeExtraCaCerts }} + - name: NODE_EXTRA_CA_CERTS + value: {{ .Values.nodeExtraCaCerts }} + {{- end }} - name: DB_TYPE value: postgres {{- if (.Values.externalPostgresql).databaseURL }} diff --git a/dev/helm/values.yaml b/dev/helm/values.yaml index a61d53e0..718c44d5 100644 --- a/dev/helm/values.yaml +++ b/dev/helm/values.yaml @@ -113,6 +113,9 @@ sideload: # - name: HTTPS_PROXY # value: http://my.proxy.com:3128 +## Append extra trusted certificates for node process from extra volume via NODE_EXTRA_CA_CERTS variable +# nodeExtraCaCerts: "/path/to/certs.pem" + ## This will override the postgresql chart values # externalPostgresql: # # note: ?sslmode=require => ?ssl=true