diff --git a/dev/helm/Chart.yaml b/dev/helm/Chart.yaml index 0b8d593a..458defa3 100644 --- a/dev/helm/Chart.yaml +++ b/dev/helm/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: wiki # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 2.2.0 +version: 2.3.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. AppVersion: latest diff --git a/dev/helm/README.md b/dev/helm/README.md index 87404d76..3c0a2075 100644 --- a/dev/helm/README.md +++ b/dev/helm/README.md @@ -115,6 +115,9 @@ The following table lists the configurable parameters of the Wiki.js chart and t | `sideload.enabled` | Enable sideloading of locale files from git | `false` | | `sideload.repoURL` | Git repository URL containing locale files | `https://github.com/Requarks/wiki-localization` | | `sideload.env` | Environment variables for sideload Container | `{}` | +| `sideload.securityContext` | security context for sideload Container | `nil` | +| `sideload.resources.limits` | resource limits for sideload Container | `nil` | +| `sideload.resources.requests` | resource requests for sideload Container | `nil` | | `nodeExtraCaCerts` | Trusted certificates path | `nil` | | `postgresql.enabled` | Deploy postgres server (see below) | `true` | | `postgresql.postgresqlDatabase` | Postgres database name | `wiki` | diff --git a/dev/helm/templates/deployment.yaml b/dev/helm/templates/deployment.yaml index 21db6a82..e6dc786b 100644 --- a/dev/helm/templates/deployment.yaml +++ b/dev/helm/templates/deployment.yaml @@ -27,12 +27,16 @@ spec: {{- if .Values.sideload.enabled }} initContainers: - name: {{ .Chart.Name }}-sideload + securityContext: + {{- toYaml .Values.sideload.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}" imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} env: {{- toYaml .Values.sideload.env | nindent 12 }} command: [ "sh", "-c" ] args: [ "mkdir -p /wiki/data/sideload && git clone --depth=1 {{ .Values.sideload.repoURL }} /wiki/data/sideload/" ] + resources: + {{- toYaml .Values.sideload.resources | nindent 12 }} {{- end }} containers: - name: {{ .Chart.Name }} diff --git a/dev/helm/values.yaml b/dev/helm/values.yaml index 099a694c..8e5e3667 100644 --- a/dev/helm/values.yaml +++ b/dev/helm/values.yaml @@ -115,6 +115,26 @@ sideload: # - name: HTTPS_PROXY # value: http://my.proxy.com:3128 + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + ## Append extra trusted certificates for node process from extra volume via NODE_EXTRA_CA_CERTS variable # nodeExtraCaCerts: "/path/to/certs.pem"