msb-public
/
wiki
mirror of https://github.com/requarks/wiki
1
0
Code Issues Projects Releases Wiki Activity

feature: added a option to use an existing secret for postresql installation

Browse Source
pull/7831/head
acidsugarx 3 months ago
parent a7dc23a1a8
commit 231a4603e4
5 changed files with 114 additions and 7 deletions
Show Stats Download Patch File Download Diff File

25
dev/helm/README.md
Unescape View File

@ -126,6 +126,8 @@ The following table lists the configurable parameters of the Wiki.js chart and t
| `postgresql.postgresqlPassword` | External postgres password | `nil` |
| `postgresql.existingSecret` | Provide an existing `Secret` for postgres | `nil` |
| `postgresql.existingSecretKey` | The postgres password key in the existing `Secret` | `postgresql-password` |
| `postgresql.existingSecretUserKey` | The postgres username key in the existing `Secret` | `postgresql-username` |
| `postgresql.existingSecretDatabaseKey` | The postgres database name key in the existing `Secret` | `postgresql-database` |
| `postgresql.postgresqlPort` | External postgres port | `5432` |
| `postgresql.ssl` | Enable external postgres SSL connection | `false` |
| `postgresql.ca` | Certificate of Authority content for postgres | `nil` |
@ -182,6 +184,29 @@ data:
{{ template "wiki.postgresql.secretKey" . }}: "{{ .Values.postgresql.postgresqlPassword | b64enc }}"
```
### Using an existing PostgreSQL secret with built-in PostgreSQL
When using the built-in PostgreSQL (default behavior with `postgresql.enabled: true`), you can still use an existing Kubernetes secret for the database credentials by setting:
- `postgresql.existingSecret`: Name of the existing secret containing the credentials
- `postgresql.existingSecretKey`: Key in the secret containing the password (defaults to `postgresql-password`)
- `postgresql.existingSecretUserKey`: Key in the secret containing the username (defaults to `postgresql-username`)
- `postgresql.existingSecretDatabaseKey`: Key in the secret containing the database name (defaults to `postgresql-database`)
Example usage:
```bash
# Create your existing secret
kubectl create secret generic my-postgres-secret \
--from-literal=postgresql-username=postgres \
--from-literal=postgresql-password=yourpassword \
--from-literal=postgresql-database=wiki
# Deploy with existing secret
helm install my-release requarks/wiki \
--set postgresql.enabled=true \
--set postgresql.existingSecret=my-postgres-secret
```
## Persistence
Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube.

42
dev/helm/templates/_helpers.tpl
Unescape View File

@ -92,10 +92,25 @@ Set postgres host
Set postgres secret
*/}}
{{- define "wiki.postgresql.secret" -}}
{{- if .Values.postgresql.enabled -}}
{{- include "wiki.postgresql.fullname" . -}}
{{- if and .Values.postgresql.enabled .Values.postgresql.existingSecret -}}
{{- .Values.postgresql.existingSecret -}}
{{- else if .Values.postgresql.enabled -}}
{{- include "wiki.postgresql.fullname" . -}}
{{- else -}}
{{- template "wiki.fullname" . -}}
{{- end -}}
{{- end -}}
{{/*
Set postgres secretUserKey
*/}}
{{- define "wiki.postgresql.secretUserKey" -}}
{{- if and .Values.postgresql.enabled .Values.postgresql.existingSecret -}}
{{- default "postgresql-username" .Values.postgresql.existingSecretUserKey | quote -}}
{{- else if .Values.postgresql.enabled -}}
"postgresql-username"
{{- else -}}
{{- template "wiki.fullname" . -}}
{{- default "postgresql-username" .Values.postgresql.existingSecretUserKey | quote -}}
{{- end -}}
{{- end -}}
@ -103,9 +118,24 @@ Set postgres secret
Set postgres secretKey
*/}}
{{- define "wiki.postgresql.secretKey" -}}
{{- if .Values.postgresql.enabled -}}
"postgresql-password"
{{- if and .Values.postgresql.enabled .Values.postgresql.existingSecret -}}
{{- default "postgresql-password" .Values.postgresql.existingSecretKey | quote -}}
{{- else if .Values.postgresql.enabled -}}
"postgresql-password"
{{- else -}}
{{- default "postgresql-password" .Values.postgresql.existingSecretKey | quote -}}
{{- end -}}
{{- end -}}
{{/*
Set postgres secretDatabaseKey
*/}}
{{- define "wiki.postgresql.secretDatabaseKey" -}}
{{- if and .Values.postgresql.enabled .Values.postgresql.existingSecret -}}
{{- default "postgresql-database" .Values.postgresql.existingSecretDatabaseKey | quote -}}
{{- else if .Values.postgresql.enabled -}}
"postgresql-database"
{{- else -}}
{{- default "postgresql-password" .Values.postgresql.existingSecretKey | quote -}}
{{- default "postgresql-database" .Values.postgresql.existingSecretDatabaseKey | quote -}}
{{- end -}}
{{- end -}}

14
dev/helm/templates/deployment.yaml
Unescape View File

@ -62,9 +62,23 @@ spec:
- name: DB_PORT
value: "{{ default "5432" .Values.postgresql.postgresqlPort }}"
- name: DB_NAME
{{- if .Values.postgresql.existingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.existingSecret }}
key: {{ template "wiki.postgresql.secretDatabaseKey" . }}
{{- else }}
value: {{ default "wiki" .Values.postgresql.postgresqlDatabase }}
{{- end }}
- name: DB_USER
{{- if .Values.postgresql.existingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.existingSecret }}
key: {{ template "wiki.postgresql.secretUserKey" . }}
{{- else }}
value: {{ default "postgres" .Values.postgresql.postgresqlUser }}
{{- end }}
- name: DB_SSL
value: "{{ default "false" .Values.postgresql.ssl }}"
- name: DB_SSL_CA

23
dev/helm/templates/postgresql-statefulset.yaml
Unescape View File

@ -37,20 +37,41 @@ spec:
name: postgresql
env:
- name: POSTGRES_DB
{{- if .Values.postgresql.existingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.existingSecret }}
key: {{ default "postgresql-database" .Values.postgresql.existingSecretDatabaseKey | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ include "wiki.postgresql.fullname" . }}
key: postgresql-database
{{- end }}
- name: POSTGRES_USER
{{- if .Values.postgresql.existingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.existingSecret }}
key: {{ default "postgresql-username" .Values.postgresql.existingSecretUserKey | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ include "wiki.postgresql.fullname" . }}
key: postgresql-username
{{- end }}
- name: POSTGRES_PASSWORD
{{- if .Values.postgresql.existingSecret }}
valueFrom:
secretKeyRef:
name: {{ .Values.postgresql.existingSecret }}
key: {{ default "postgresql-password" .Values.postgresql.existingSecretKey | quote }}
{{- else }}
valueFrom:
secretKeyRef:
name: {{ include "wiki.postgresql.fullname" . }}
key: postgresql-password
{{- end }}
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
livenessProbe:
@ -87,4 +108,4 @@ spec:
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- end }}

17
dev/helm/values.yaml
Unescape View File

@ -186,6 +186,23 @@ postgresql:
##
postgresqlPassword: "postgres"
## Use existing secret for PostgreSQL credentials
## If set, the chart will not create a new secret and will use the existing one
##
# existingSecret: "my-existing-postgres-secret"
## Key in the existing secret containing the password
##
# existingSecretKey: "postgresql-password"
## Key in the existing secret containing the username (defaults to "postgresql-username")
##
# existingSecretUserKey: "postgresql-username"
## Key in the existing secret containing the database name (defaults to "postgresql-database")
##
# existingSecretDatabaseKey: "postgresql-database"
## Persistent Volume Storage configuration.
## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
##

Write Preview
Loading…
Cancel
Save