From ee8e03eedeea0eb73f019c0f916ec5f147e4631b Mon Sep 17 00:00:00 2001 From: vincent Date: Sun, 27 Feb 2022 18:34:31 +0100 Subject: [PATCH] add secret to wiki js --- wiki.js/templates/secret.yaml | 18 ++ wiki.js/values.yml | 306 +++++++++++++++++----------------- 2 files changed, 171 insertions(+), 153 deletions(-) create mode 100644 wiki.js/templates/secret.yaml diff --git a/wiki.js/templates/secret.yaml b/wiki.js/templates/secret.yaml new file mode 100644 index 0000000..baa4c95 --- /dev/null +++ b/wiki.js/templates/secret.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1alpha1 +kind: ExternalSecret +metadata: + name: {{ .Values.wiki.postgresql.existingSecret }} +# namespace: external-secrets + namespace: {{ .Release.Namespace }} + metadata: +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + target: + name: {{ .Values.wiki.postgresql.existingSecret }} + data: + - secretKey: postgresql-password + remoteRef: + key: secret/infotech + property: DB_PASSWORD diff --git a/wiki.js/values.yml b/wiki.js/values.yml index 9d5ed21..2aaf0f3 100644 --- a/wiki.js/values.yml +++ b/wiki.js/values.yml @@ -1,166 +1,166 @@ # Default values for wiki. # This is a YAML-formatted file. # Declare variables to be passed into your templates. +wiki: + replicaCount: 1 -replicaCount: 1 + image: + repository: requarks/wiki + imagePullPolicy: IfNotPresent -image: - repository: requarks/wiki - imagePullPolicy: IfNotPresent - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -livenessProbe: - httpGet: - path: /healthz - port: http - -readinessProbe: - httpGet: - path: /healthz - port: http - -podSecurityContext: - {} - # fsGroup: 2000 - -securityContext: - {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -service: - type: ClusterIP - port: 80 - # Annotations applied for services such as externalDNS or - # service type LoadBalancer - # type: LoadBalancer - # httpsPort: 443 - # annotations: {} - -ingress: - enabled: true - annotations: - {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: infotech.kube.local - paths: - - path: "/" - pathType: Prefix - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} - -volumeMounts: [] - -volumes: [] - -# This will allow us to install locales even without internet access using a initContainer & wikjs "sideloading" -sideload: - enabled: false - # Git-Repo containing all locales.json-files you need: - repoURL: https://github.com/Requarks/wiki-localization - - ## This can be helpfull if you have internet access over a http proxy: - env: [] - # - name: HTTPS_PROXY - # value: http://my.proxy.com:3128 - -## Configuration values for the postgresql dependency. -## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md -## -postgresql: - ## Use the PostgreSQL chart dependency. - ## Set to false if bringing your own PostgreSQL, and set secret value postgresql-uri. - ## - enabled: true - ## ssl enforce SSL communication with PostgresSQL - ## Default to false - ## - # ssl: false - ## ca Certificate of Authority - ## Default to empty, point to location of CA - ## - # ca: "path to ca" - ## postgresqlHost override postgres database host - ## Default to postgres - ## - # postgresqlHost: postgres - ## postgresqlPort port for postgres - ## Default to 5432 - ## - # postgresqlPort: 5432 - ## PostgreSQL fullname Override - ## Default to wiki-postgresql unless fullname override is set for Chart - ## + imagePullSecrets: [] + nameOverride: "" fullnameOverride: "" - ## PostgreSQL User to create. - ## - postgresqlUser: postgres - ## PostgreSQL Database to create. - ## - postgresqlDatabase: wiki - ## Persistent Volume Storage configuration. - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes - ## - replication: - ## Enable PostgreSQL replication (primary/secondary) - ## + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + + livenessProbe: + httpGet: + path: /healthz + port: http + + readinessProbe: + httpGet: + path: /healthz + port: http + + podSecurityContext: + {} + # fsGroup: 2000 + + securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + + service: + type: ClusterIP + port: 80 + # Annotations applied for services such as externalDNS or + # service type LoadBalancer + # type: LoadBalancer + # httpsPort: 443 + # annotations: {} + + ingress: + enabled: true + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: "infotech.kube.local" + paths: + - path: "/" + pathType: Prefix + + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + + resources: + {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + volumeMounts: [] + + volumes: [] + + # This will allow us to install locales even without internet access using a initContainer & wikjs "sideloading" + sideload: enabled: false - persistence: - ## Enable PostgreSQL persistence using Persistent Volume Claims. + # Git-Repo containing all locales.json-files you need: + repoURL: https://github.com/Requarks/wiki-localization + + ## This can be helpfull if you have internet access over a http proxy: + env: [] + # - name: HTTPS_PROXY + # value: http://my.proxy.com:3128 + + ## Configuration values for the postgresql dependency. + ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md + ## + postgresql: + ## Use the PostgreSQL chart dependency. + ## Set to false if bringing your own PostgreSQL, and set secret value postgresql-uri. ## enabled: true - ## concourse data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) + ## ssl enforce SSL communication with PostgresSQL + ## Default to false ## - # storageClass: "-" - ## Persistent Volume Access Mode. + # ssl: false + ## ca Certificate of Authority + ## Default to empty, point to location of CA ## - accessMode: ReadWriteOce - ## Persistent Volume Storage Size. + # ca: "path to ca" + ## postgresqlHost override postgres database host + ## Default to postgres ## - size: 8Gi + # postgresqlHost: postgres + ## postgresqlPort port for postgres + ## Default to 5432 + ## + # postgresqlPort: 5432 + ## PostgreSQL fullname Override + ## Default to wiki-postgresql unless fullname override is set for Chart + ## + fullnameOverride: "" + ## PostgreSQL User to create. + ## + postgresqlUser: postgres + ## PostgreSQL Database to create. + ## + postgresqlDatabase: wiki + ## Persistent Volume Storage configuration. + ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes + ## + existingSecret: postgresql-password + replication: + ## Enable PostgreSQL replication (primary/secondary) + ## + enabled: false + persistence: + ## Enable PostgreSQL persistence using Persistent Volume Claims. + ## + enabled: true + ## concourse data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Access Mode. + ## + accessMode: ReadWriteOce + ## Persistent Volume Storage Size. + ## + size: 8Gi