diff --git a/dev/helm/Chart.lock b/dev/helm/Chart.lock deleted file mode 100644 index d383d6e4..00000000 --- a/dev/helm/Chart.lock +++ /dev/null @@ -1,6 +0,0 @@ -dependencies: -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 8.10.14 -digest: sha256:db7c1e0bc9ec0ed45520521bd76bb390d04711fd0f04affaadafa1dc498ce68b -generated: "2020-07-21T20:34:41.41180748-04:00" diff --git a/dev/helm/Chart.yaml b/dev/helm/Chart.yaml index 458defa3..efb6baee 100644 --- a/dev/helm/Chart.yaml +++ b/dev/helm/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: wiki # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 2.3.0 +version: 2.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. AppVersion: latest @@ -23,11 +23,7 @@ keywords: # a dependency of application charts to inject those utilities and functions into the rendering # pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application -dependencies: - - name: postgresql - version: 8.10.14 - repository: https://charts.bitnami.com/bitnami - condition: postgresql.enabled + home: https://wiki.js.org icon: https://cdn.js.wiki/images/wikijs-butterfly.svg sources: diff --git a/dev/helm/README.md b/dev/helm/README.md index c1b73e22..08ea8f5e 100644 --- a/dev/helm/README.md +++ b/dev/helm/README.md @@ -43,7 +43,7 @@ Wiki.js is an open source project that has been made possible due to the generou This chart bootstraps a Wiki.js deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -It also optionally packages the [PostgreSQL](https://github.com/kubernetes/charts/tree/master/stable/postgresql) as the database but you are free to bring your own. +It also optionally deploys PostgreSQL as the database using the official PostgreSQL image from Docker Hub, but you are free to bring your own database. ## Prerequisites @@ -126,13 +126,26 @@ The following table lists the configurable parameters of the Wiki.js chart and t | `postgresql.postgresqlPassword` | External postgres password | `nil` | | `postgresql.existingSecret` | Provide an existing `Secret` for postgres | `nil` | | `postgresql.existingSecretKey` | The postgres password key in the existing `Secret` | `postgresql-password` | +| `postgresql.existingSecretUserKey` | The postgres username key in the existing `Secret` | `postgresql-username` | +| `postgresql.existingSecretDatabaseKey` | The postgres database name key in the existing `Secret` | `postgresql-database` | | `postgresql.postgresqlPort` | External postgres port | `5432` | | `postgresql.ssl` | Enable external postgres SSL connection | `false` | | `postgresql.ca` | Certificate of Authority content for postgres | `nil` | | `postgresql.persistence.enabled` | Enable postgres persistence using PVC | `true` | | `postgresql.persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` for postgres | `nil` | | `postgresql.persistence.storageClass` | Postgres PVC Storage Class (example: `nfs`) | `nil` | -| `postgresql.persistence.size` | Postgers PVC Storage Request | `8Gi` | +| `postgresql.persistence.size` | Postgres PVC Storage Request | `8Gi` | +| `postgresql.persistence.accessMode` | Postgres Persistent Volume Access Mode | `ReadWriteOnce` | +| `postgresql.image.repository` | PostgreSQL image repository | `postgres` | +| `postgresql.image.tag` | PostgreSQL image tag | `17.4` | +| `postgresql.image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | +| `postgresql.resources` | PostgreSQL resource requests/limits | `{}` | +| `postgresql.nodeSelector` | PostgreSQL node selector labels | `{}` | +| `postgresql.tolerations` | PostgreSQL toleration labels | `[]` | +| `postgresql.affinity` | PostgreSQL affinity settings | `{}` | +| `postgresql.service.type` | PostgreSQL service type | `ClusterIP` | +| `postgresql.service.port` | PostgreSQL service port | `5432` | +| `postgresql.service.annotations` | PostgreSQL service annotations | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -150,9 +163,9 @@ $ helm install --name my-release -f values.yaml requarks/wiki > **Tip**: You can use the default [values.yaml](values.yaml) -## PostgresSQL +## PostgreSQL -By default, PostgreSQL is installed as part of the chart. +By default, PostgreSQL is installed as part of the chart using the official PostgreSQL image from Docker Hub (version 17.4). ### Using an external PostgreSQL server @@ -171,6 +184,29 @@ data: {{ template "wiki.postgresql.secretKey" . }}: "{{ .Values.postgresql.postgresqlPassword | b64enc }}" ``` +### Using an existing PostgreSQL secret with built-in PostgreSQL + +When using the built-in PostgreSQL (default behavior with `postgresql.enabled: true`), you can still use an existing Kubernetes secret for the database credentials by setting: + +- `postgresql.existingSecret`: Name of the existing secret containing the credentials +- `postgresql.existingSecretKey`: Key in the secret containing the password (defaults to `postgresql-password`) +- `postgresql.existingSecretUserKey`: Key in the secret containing the username (defaults to `postgresql-username`) +- `postgresql.existingSecretDatabaseKey`: Key in the secret containing the database name (defaults to `postgresql-database`) + +Example usage: +```bash +# Create your existing secret +kubectl create secret generic my-postgres-secret \ + --from-literal=postgresql-username=postgres \ + --from-literal=postgresql-password=yourpassword \ + --from-literal=postgresql-database=wiki + +# Deploy with existing secret +helm install my-release requarks/wiki \ + --set postgresql.enabled=true \ + --set postgresql.existingSecret=my-postgres-secret +``` + ## Persistence Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. diff --git a/dev/helm/charts/postgresql-6.5.0.tgz b/dev/helm/charts/postgresql-6.5.0.tgz deleted file mode 100644 index acc79962..00000000 Binary files a/dev/helm/charts/postgresql-6.5.0.tgz and /dev/null differ diff --git a/dev/helm/templates/NOTES.txt b/dev/helm/templates/NOTES.txt index 93c0d356..a28c6964 100644 --- a/dev/helm/templates/NOTES.txt +++ b/dev/helm/templates/NOTES.txt @@ -19,3 +19,16 @@ echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 {{- end }} + +{{- if .Values.postgresql.enabled }} +2. PostgreSQL database has been deployed as part of this release: + - Database: {{ .Values.postgresql.postgresqlDatabase }} + - User: {{ .Values.postgresql.postgresqlUser }} + - Service: {{ include "wiki.postgresql.fullname" . }} + - Version: {{ .Values.postgresql.image.tag }} + - Persistence: {{ .Values.postgresql.persistence.enabled | ternary "Enabled" "Disabled" }} +{{- end }} + +{{- if not .Values.postgresql.enabled }} +2. External PostgreSQL setup detected. Ensure your database is accessible at the configured host. +{{- end }} diff --git a/dev/helm/templates/_helpers.tpl b/dev/helm/templates/_helpers.tpl index 193ceab7..1684409a 100644 --- a/dev/helm/templates/_helpers.tpl +++ b/dev/helm/templates/_helpers.tpl @@ -63,15 +63,18 @@ Create the name of the service account to use {{- end -}} {{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +PostgreSQL fullname */}} {{- define "wiki.postgresql.fullname" -}} -{{- if .Values.postgresql.fullnameOverride -}} -{{- .Values.postgresql.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{ printf "%s-%s" .Release.Name "postgresql"}} +{{- printf "%s-%s" (include "wiki.fullname" .) "postgresql" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +PostgreSQL selector labels +*/}} +{{- define "wiki.postgresql.selectorLabels" -}} +app.kubernetes.io/name: {{ include "wiki.name" . }}-postgresql +app.kubernetes.io/instance: {{ .Release.Name }} {{- end -}} {{/* @@ -79,9 +82,9 @@ Set postgres host */}} {{- define "wiki.postgresql.host" -}} {{- if .Values.postgresql.enabled -}} -{{- template "wiki.postgresql.fullname" . -}} +{{- include "wiki.postgresql.fullname" . -}} {{- else -}} -{{- .Values.postgresql.postgresqlHost | quote -}} +{{- .Values.postgresql.postgresqlHost | default "localhost" | quote -}} {{- end -}} {{- end -}} @@ -89,10 +92,25 @@ Set postgres host Set postgres secret */}} {{- define "wiki.postgresql.secret" -}} -{{- if .Values.postgresql.enabled -}} -{{- template "wiki.postgresql.fullname" . -}} +{{- if and .Values.postgresql.enabled .Values.postgresql.existingSecret -}} + {{- .Values.postgresql.existingSecret -}} +{{- else if .Values.postgresql.enabled -}} + {{- include "wiki.postgresql.fullname" . -}} {{- else -}} -{{- template "wiki.fullname" . -}} + {{- template "wiki.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Set postgres secretUserKey +*/}} +{{- define "wiki.postgresql.secretUserKey" -}} +{{- if and .Values.postgresql.enabled .Values.postgresql.existingSecret -}} + {{- default "postgresql-username" .Values.postgresql.existingSecretUserKey | quote -}} +{{- else if .Values.postgresql.enabled -}} + "postgresql-username" +{{- else -}} + {{- default "postgresql-username" .Values.postgresql.existingSecretUserKey | quote -}} {{- end -}} {{- end -}} @@ -100,9 +118,24 @@ Set postgres secret Set postgres secretKey */}} {{- define "wiki.postgresql.secretKey" -}} -{{- if .Values.postgresql.enabled -}} -"postgresql-password" +{{- if and .Values.postgresql.enabled .Values.postgresql.existingSecret -}} + {{- default "postgresql-password" .Values.postgresql.existingSecretKey | quote -}} +{{- else if .Values.postgresql.enabled -}} + "postgresql-password" +{{- else -}} + {{- default "postgresql-password" .Values.postgresql.existingSecretKey | quote -}} +{{- end -}} +{{- end -}} + +{{/* +Set postgres secretDatabaseKey +*/}} +{{- define "wiki.postgresql.secretDatabaseKey" -}} +{{- if and .Values.postgresql.enabled .Values.postgresql.existingSecret -}} + {{- default "postgresql-database" .Values.postgresql.existingSecretDatabaseKey | quote -}} +{{- else if .Values.postgresql.enabled -}} + "postgresql-database" {{- else -}} -{{- default "postgresql-password" .Values.postgresql.existingSecretKey | quote -}} + {{- default "postgresql-database" .Values.postgresql.existingSecretDatabaseKey | quote -}} {{- end -}} {{- end -}} diff --git a/dev/helm/templates/deployment.yaml b/dev/helm/templates/deployment.yaml index e4d1d197..49b83afc 100644 --- a/dev/helm/templates/deployment.yaml +++ b/dev/helm/templates/deployment.yaml @@ -56,15 +56,29 @@ spec: value: {{ .Values.externalPostgresql.databaseURL }} - name: NODE_TLS_REJECT_UNAUTHORIZED value: {{ default "1" .Values.externalPostgresql.NODE_TLS_REJECT_UNAUTHORIZED | quote }} - {{- else }} + {{- else if .Values.postgresql.enabled }} - name: DB_HOST value: {{ template "wiki.postgresql.host" . }} - name: DB_PORT value: "{{ default "5432" .Values.postgresql.postgresqlPort }}" - name: DB_NAME + {{- if .Values.postgresql.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.existingSecret }} + key: {{ template "wiki.postgresql.secretDatabaseKey" . }} + {{- else }} value: {{ default "wiki" .Values.postgresql.postgresqlDatabase }} + {{- end }} - name: DB_USER - value: {{ default "wiki" .Values.postgresql.postgresqlUser }} + {{- if .Values.postgresql.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.existingSecret }} + key: {{ template "wiki.postgresql.secretUserKey" . }} + {{- else }} + value: {{ default "postgres" .Values.postgresql.postgresqlUser }} + {{- end }} - name: DB_SSL value: "{{ default "false" .Values.postgresql.ssl }}" - name: DB_SSL_CA @@ -72,12 +86,23 @@ spec: - name: DB_PASS valueFrom: secretKeyRef: - {{- if .Values.postgresql.existingSecret }} - name: {{ .Values.postgresql.existingSecret }} - {{- else }} name: {{ template "wiki.postgresql.secret" . }} - {{- end }} key: {{ template "wiki.postgresql.secretKey" . }} + {{- else if .Values.externalPostgresql }} + # External PostgreSQL configuration + - name: DB_HOST + value: {{ required "External PostgreSQL host is required when postgresql.enabled is false" .Values.externalPostgresql.host | quote }} + - name: DB_PORT + value: {{ required "External PostgreSQL port is required when postgresql.enabled is false" .Values.externalPostgresql.port | quote }} + - name: DB_NAME + value: {{ required "External PostgreSQL database name is required when postgresql.enabled is false" .Values.externalPostgresql.database | quote }} + - name: DB_USER + value: {{ required "External PostgreSQL user is required when postgresql.enabled is false" .Values.externalPostgresql.username | quote }} + - name: DB_PASS + valueFrom: + secretKeyRef: + name: {{ required "External PostgreSQL secret name is required when postgresql.enabled is false" .Values.externalPostgresql.existingSecret | quote }} + key: {{ required "External PostgreSQL secret key is required when postgresql.enabled is false" .Values.externalPostgresql.existingSecretKey | quote }} {{- end }} - name: HA_ACTIVE value: {{ .Values.replicaCount | int | le 2 | quote }} diff --git a/dev/helm/templates/postgresql-pvc.yaml b/dev/helm/templates/postgresql-pvc.yaml new file mode 100644 index 00000000..fb3bd185 --- /dev/null +++ b/dev/helm/templates/postgresql-pvc.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.postgresql.enabled .Values.postgresql.persistence.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "wiki.postgresql.fullname" . }} + labels: + {{- include "wiki.labels" . | nindent 4 }} +spec: + accessModes: + - {{ .Values.postgresql.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.postgresql.persistence.size | quote }} + {{- if .Values.postgresql.persistence.storageClass }} + {{- if (eq "-" .Values.postgresql.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: {{ .Values.postgresql.persistence.storageClass | quote }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/dev/helm/templates/postgresql-secret.yaml b/dev/helm/templates/postgresql-secret.yaml new file mode 100644 index 00000000..fb4c47c7 --- /dev/null +++ b/dev/helm/templates/postgresql-secret.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.postgresql.enabled (not .Values.postgresql.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "wiki.postgresql.fullname" . }} + labels: + {{- include "wiki.labels" . | nindent 4 }} +type: Opaque +data: + postgresql-password: {{ .Values.postgresql.postgresqlPassword | b64enc | quote }} + postgresql-username: {{ .Values.postgresql.postgresqlUser | b64enc | quote }} + postgresql-database: {{ .Values.postgresql.postgresqlDatabase | b64enc | quote }} +{{- end }} diff --git a/dev/helm/templates/postgresql-service.yaml b/dev/helm/templates/postgresql-service.yaml new file mode 100644 index 00000000..4e87c33b --- /dev/null +++ b/dev/helm/templates/postgresql-service.yaml @@ -0,0 +1,21 @@ +{{- if .Values.postgresql.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "wiki.postgresql.fullname" . }} + labels: + {{- include "wiki.labels" . | nindent 4 }} + {{- with .Values.postgresql.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.postgresql.service.type }} + ports: + - port: {{ .Values.postgresql.service.port }} + targetPort: 5432 + protocol: TCP + name: postgresql + selector: + {{- include "wiki.postgresql.selectorLabels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/dev/helm/templates/postgresql-statefulset.yaml b/dev/helm/templates/postgresql-statefulset.yaml new file mode 100644 index 00000000..5e656df5 --- /dev/null +++ b/dev/helm/templates/postgresql-statefulset.yaml @@ -0,0 +1,111 @@ +{{- if .Values.postgresql.enabled -}} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "wiki.postgresql.fullname" . }} + labels: + {{- include "wiki.labels" . | nindent 4 }} +spec: + serviceName: {{ include "wiki.postgresql.fullname" . }} + replicas: 1 + selector: + matchLabels: + {{- include "wiki.postgresql.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "wiki.postgresql.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.postgresql.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.postgresql.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.postgresql.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - name: postgresql + image: {{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} + imagePullPolicy: {{ .Values.postgresql.image.pullPolicy }} + ports: + - containerPort: 5432 + name: postgresql + env: + - name: POSTGRES_DB + {{- if .Values.postgresql.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.existingSecret }} + key: {{ default "postgresql-database" .Values.postgresql.existingSecretDatabaseKey | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ include "wiki.postgresql.fullname" . }} + key: postgresql-database + {{- end }} + - name: POSTGRES_USER + {{- if .Values.postgresql.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.existingSecret }} + key: {{ default "postgresql-username" .Values.postgresql.existingSecretUserKey | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ include "wiki.postgresql.fullname" . }} + key: postgresql-username + {{- end }} + - name: POSTGRES_PASSWORD + {{- if .Values.postgresql.existingSecret }} + valueFrom: + secretKeyRef: + name: {{ .Values.postgresql.existingSecret }} + key: {{ default "postgresql-password" .Values.postgresql.existingSecretKey | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ include "wiki.postgresql.fullname" . }} + key: postgresql-password + {{- end }} + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + livenessProbe: + exec: + command: + - sh + - -c + - exec pg_isready -U {{ .Values.postgresql.postgresqlUser }} -d {{ .Values.postgresql.postgresqlDatabase }} + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + readinessProbe: + exec: + command: + - sh + - -c + - exec pg_isready -U {{ .Values.postgresql.postgresqlUser }} -d {{ .Values.postgresql.postgresqlDatabase }} + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 6 + resources: + {{- toYaml .Values.postgresql.resources | nindent 12 }} + volumeMounts: + - name: postgresql-data + mountPath: /var/lib/postgresql/data + subPath: postgresql + volumes: + - name: postgresql-data + {{- if .Values.postgresql.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ include "wiki.postgresql.fullname" . }} + {{- else }} + emptyDir: {} + {{- end }} +{{- end }} diff --git a/dev/helm/values.yaml b/dev/helm/values.yaml index db5496c0..7372e99c 100644 --- a/dev/helm/values.yaml +++ b/dev/helm/values.yaml @@ -156,47 +156,56 @@ extraEnvVars: [] # # For self signed CAs, like DigitalOcean # NODE_TLS_REJECT_UNAUTHORIZED: "0" -## Configuration values for the postgresql dependency. -## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md +## Configuration for the custom PostgreSQL 17.4 deployment ## postgresql: - ## Use the PostgreSQL chart dependency. - ## Set to false if bringing your own PostgreSQL, and set secret value postgresql-uri. - ## enabled: true ## ssl enforce SSL communication with PostgresSQL ## Default to false ## - # ssl: false + ssl: false ## ca Certificate of Authority ## Default to empty, point to location of CA ## # ca: "path to ca" ## postgresqlHost override postgres database host - ## Default to postgres + ## Default to the service name of the custom PostgreSQL deployment ## - # postgresqlHost: postgres + postgresqlHost: "{{ include \"wiki.postgresql.fullname\" . }}" ## postgresqlPort port for postgres ## Default to 5432 ## - # postgresqlPort: 5432 - ## PostgreSQL fullname Override - ## Default to wiki-postgresql unless fullname override is set for Chart - ## - fullnameOverride: "" + postgresqlPort: 5432 ## PostgreSQL User to create. ## postgresqlUser: postgres ## PostgreSQL Database to create. ## postgresqlDatabase: wiki + ## PostgreSQL password (will be stored in a secret) + ## + postgresqlPassword: "postgres" + + ## Use existing secret for PostgreSQL credentials + ## If set, the chart will not create a new secret and will use the existing one + ## + # existingSecret: "my-existing-postgres-secret" + + ## Key in the existing secret containing the password + ## + # existingSecretKey: "postgresql-password" + + ## Key in the existing secret containing the username (defaults to "postgresql-username") + ## + # existingSecretUserKey: "postgresql-username" + + ## Key in the existing secret containing the database name (defaults to "postgresql-database") + ## + # existingSecretDatabaseKey: "postgresql-database" + ## Persistent Volume Storage configuration. ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes ## - replication: - ## Enable PostgreSQL replication (primary/secondary) - ## - enabled: false persistence: ## Enable PostgreSQL persistence using Persistent Volume Claims. ## @@ -215,3 +224,34 @@ postgresql: ## Persistent Volume Storage Size. ## size: 8Gi + + ## PostgreSQL Image Configuration + image: + repository: postgres + tag: "17.4" + pullPolicy: IfNotPresent + + ## PostgreSQL Resources Configuration + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + ## PostgreSQL Node Selector, Tolerations and Affinity + nodeSelector: {} + tolerations: [] + affinity: {} + + ## PostgreSQL Service Configuration + service: + type: ClusterIP + port: 5432 + # Additional service annotations + annotations: {}