diff --git a/dev/helm/Chart.yaml b/dev/helm/Chart.yaml index 0b8d593a..458defa3 100644 --- a/dev/helm/Chart.yaml +++ b/dev/helm/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: wiki # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 2.2.0 +version: 2.3.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. AppVersion: latest diff --git a/dev/helm/README.md b/dev/helm/README.md index 87404d76..c1b73e22 100644 --- a/dev/helm/README.md +++ b/dev/helm/README.md @@ -97,16 +97,16 @@ The following table lists the configurable parameters of the Wiki.js chart and t | `image.repository` | Wiki.js image | `requarks/wiki` | | `image.tag` | Wiki.js image tag | `latest` | | `imagePullPolicy` | Image pull policy | `IfNotPresent` | -| `replicacount` | Amount of wiki.js service pods to run | `1` | -| `revisionHistoryLimit` | Total amount of revision history points | `10` | -| `resources.limits` | wiki.js service resource limits | `nil` | -| `resources.requests` | wiki.js service resource requests | `nil` | -| `nodeSelector` | Node labels for wiki.js pod assignment | `{}` | -| `affinity` | Affinity settings for wiki.js pod assignment | `{}` | -| `schedulerName` | Name of an alternate scheduler for wiki.js pod | `nil` | -| `tolerations` | Toleration labels for wiki.jsk pod assignment | `[]` | -| `volumeMounts` | Volume mounts for Wiki.js container | `[]` | -| `volumes` | Volumes for Wiki.js Pod | `[]` | +| `replicacount` | Number of Wiki.js pods to run | `1` | +| `revisionHistoryLimit` | Total number of revision history points | `10` | +| `resources.limits` | Wiki.js service resource limits | `nil` | +| `resources.requests` | Wiki.js service resource requests | `nil` | +| `nodeSelector` | Node labels for the Wiki.js pod assignment | `{}` | +| `affinity` | Affinity settings for the Wiki.js pod assignment | `{}` | +| `schedulerName` | Name of an alternate scheduler for the Wiki.js pod | `nil` | +| `tolerations` | Toleration labels for the Wiki.js pod assignment | `[]` | +| `volumeMounts` | Volume mounts for the Wiki.js container | `[]` | +| `volumes` | Volumes for the Wiki.js pod | `[]` | | `ingress.enabled` | Enable ingress controller resource | `false` | | `ingress.className` | Ingress class name | `""` | | `ingress.annotations` | Ingress annotations | `{}` | @@ -114,7 +114,10 @@ The following table lists the configurable parameters of the Wiki.js chart and t | `ingress.tls` | Ingress TLS configuration | `[]` | | `sideload.enabled` | Enable sideloading of locale files from git | `false` | | `sideload.repoURL` | Git repository URL containing locale files | `https://github.com/Requarks/wiki-localization` | -| `sideload.env` | Environment variables for sideload Container | `{}` | +| `sideload.env` | Environment variables for the sideload container | `{}` | +| `sideload.securityContext` | Security context for the sideload container | `nil` | +| `sideload.resources.limits` | Resource limits for the sideload container | `nil` | +| `sideload.resources.requests` | Resource requests for the sideload container | `nil` | | `nodeExtraCaCerts` | Trusted certificates path | `nil` | | `postgresql.enabled` | Deploy postgres server (see below) | `true` | | `postgresql.postgresqlDatabase` | Postgres database name | `wiki` | @@ -122,7 +125,7 @@ The following table lists the configurable parameters of the Wiki.js chart and t | `postgresql.postgresqlHost` | External postgres host | `nil` | | `postgresql.postgresqlPassword` | External postgres password | `nil` | | `postgresql.existingSecret` | Provide an existing `Secret` for postgres | `nil` | -| `postgresql.existingSecretKey` | The postgres password key in the existing `Secret` | `postgresql-password` | +| `postgresql.existingSecretKey` | The postgres password key in the existing `Secret` | `postgresql-password` | | `postgresql.postgresqlPort` | External postgres port | `5432` | | `postgresql.ssl` | Enable external postgres SSL connection | `false` | | `postgresql.ca` | Certificate of Authority content for postgres | `nil` | diff --git a/dev/helm/templates/deployment.yaml b/dev/helm/templates/deployment.yaml index 21db6a82..e6dc786b 100644 --- a/dev/helm/templates/deployment.yaml +++ b/dev/helm/templates/deployment.yaml @@ -27,12 +27,16 @@ spec: {{- if .Values.sideload.enabled }} initContainers: - name: {{ .Chart.Name }}-sideload + securityContext: + {{- toYaml .Values.sideload.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}" imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }} env: {{- toYaml .Values.sideload.env | nindent 12 }} command: [ "sh", "-c" ] args: [ "mkdir -p /wiki/data/sideload && git clone --depth=1 {{ .Values.sideload.repoURL }} /wiki/data/sideload/" ] + resources: + {{- toYaml .Values.sideload.resources | nindent 12 }} {{- end }} containers: - name: {{ .Chart.Name }} diff --git a/dev/helm/values.yaml b/dev/helm/values.yaml index 099a694c..8e5e3667 100644 --- a/dev/helm/values.yaml +++ b/dev/helm/values.yaml @@ -115,6 +115,26 @@ sideload: # - name: HTTPS_PROXY # value: http://my.proxy.com:3128 + securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + ## Append extra trusted certificates for node process from extra volume via NODE_EXTRA_CA_CERTS variable # nodeExtraCaCerts: "/path/to/certs.pem"