add secret to wiki js

wiki.js/templates/secret.yaml

@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: ExternalSecret
+metadata:
+  name: {{ .Values.wiki.postgresql.existingSecret }}
+#  namespace: external-secrets
+  namespace: {{ .Release.Namespace }}
+  metadata:
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  target:
+    name: {{ .Values.wiki.postgresql.existingSecret }}
+  data:
+    - secretKey: postgresql-password
+      remoteRef:
+        key: secret/infotech
+        property: DB_PASSWORD

wiki.js/values.yml

@@ -1,166 +1,166 @@
 # Default values for wiki.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
+wiki:
+  replicaCount: 1
 
-replicaCount: 1
+  image:
+    repository: requarks/wiki
+    imagePullPolicy: IfNotPresent
 
-image:
+  imagePullSecrets: []
-  repository: requarks/wiki
+  nameOverride: ""
-  imagePullPolicy: IfNotPresent
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name:
-
-livenessProbe:
-  httpGet:
-    path: /healthz
-    port: http
-
-readinessProbe:
-  httpGet:
-    path: /healthz
-    port: http
-
-podSecurityContext:
-  {}
-  # fsGroup: 2000
-
-securityContext:
-  {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-service:
-  type: ClusterIP
-  port: 80
-  # Annotations applied for services such as externalDNS or
-  # service type LoadBalancer
-  # type: LoadBalancer
-  # httpsPort: 443
-  # annotations: {}
-
-ingress:
-  enabled: true
-  annotations:
-    {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: infotech.kube.local
-      paths:
-        - path: "/"
-          pathType: Prefix
-
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources:
-  {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-volumeMounts: []
-
-volumes: []
-
-# This will allow us to install locales even without internet access using a initContainer & wikjs "sideloading"
-sideload:
-  enabled: false
-  # Git-Repo containing all locales.json-files you need:
-  repoURL: https://github.com/Requarks/wiki-localization
-
-  ## This can be helpfull if you have internet access over a http proxy:
-  env: []
-  #  - name: HTTPS_PROXY
-  #    value: http://my.proxy.com:3128
-
-## Configuration values for the postgresql dependency.
-## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
-##
-postgresql:
-  ## Use the PostgreSQL chart dependency.
-  ## Set to false if bringing your own PostgreSQL, and set secret value postgresql-uri.
-  ##
-  enabled: true
-  ## ssl enforce SSL communication with PostgresSQL
-  ## Default to false
-  ##
-  # ssl: false
-  ## ca Certificate of Authority
-  ## Default to empty, point to location of CA
-  ##
-  # ca: "path to ca"
-  ## postgresqlHost override postgres database host
-  ## Default to postgres
-  ##
-  # postgresqlHost: postgres
-  ## postgresqlPort port for postgres
-  ## Default to 5432
-  ##
-  # postgresqlPort: 5432
-  ## PostgreSQL fullname Override
-  ## Default to wiki-postgresql unless fullname override is set for Chart
-  ##
   fullnameOverride: ""
-  ## PostgreSQL User to create.
-  ##
-  postgresqlUser: postgres
-  ## PostgreSQL Database to create.
-  ##
-  postgresqlDatabase: wiki
-  ## Persistent Volume Storage configuration.
-  ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
-  ##
 
-  replication:
+  serviceAccount:
-    ## Enable PostgreSQL replication (primary/secondary)
+    # Specifies whether a service account should be created
-    ##
+    create: true
+    # Annotations to add to the service account
+    annotations: {}
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name:
+
+  livenessProbe:
+    httpGet:
+      path: /healthz
+      port: http
+
+  readinessProbe:
+    httpGet:
+      path: /healthz
+      port: http
+
+  podSecurityContext:
+    {}
+    # fsGroup: 2000
+
+  securityContext:
+    {}
+    # capabilities:
+    #   drop:
+    #   - ALL
+    # readOnlyRootFilesystem: true
+    # runAsNonRoot: true
+    # runAsUser: 1000
+
+  service:
+    type: ClusterIP
+    port: 80
+    # Annotations applied for services such as externalDNS or
+    # service type LoadBalancer
+    # type: LoadBalancer
+    # httpsPort: 443
+    # annotations: {}
+
+  ingress:
+    enabled: true
+    annotations:
+      {}
+      # kubernetes.io/ingress.class: nginx
+      # kubernetes.io/tls-acme: "true"
+    hosts:
+      - host: "infotech.kube.local"
+        paths:
+          - path: "/"
+            pathType: Prefix
+
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+
+  resources:
+    {}
+    # We usually recommend not to specify default resources and to leave this as a conscious
+    # choice for the user. This also increases chances charts run on environments with little
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+    #   memory: 128Mi
+
+  nodeSelector: {}
+
+  tolerations: []
+
+  affinity: {}
+
+  volumeMounts: []
+
+  volumes: []
+
+  # This will allow us to install locales even without internet access using a initContainer & wikjs "sideloading"
+  sideload:
     enabled: false
-  persistence:
+    # Git-Repo containing all locales.json-files you need:
-    ## Enable PostgreSQL persistence using Persistent Volume Claims.
+    repoURL: https://github.com/Requarks/wiki-localization
+
+    ## This can be helpfull if you have internet access over a http proxy:
+    env: []
+    #  - name: HTTPS_PROXY
+    #    value: http://my.proxy.com:3128
+
+  ## Configuration values for the postgresql dependency.
+  ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
+  ##
+  postgresql:
+    ## Use the PostgreSQL chart dependency.
+    ## Set to false if bringing your own PostgreSQL, and set secret value postgresql-uri.
     ##
     enabled: true
-    ## concourse data Persistent Volume Storage Class
+    ## ssl enforce SSL communication with PostgresSQL
-    ## If defined, storageClassName: <storageClass>
+    ## Default to false
-    ## If set to "-", storageClassName: "", which disables dynamic provisioning
-    ## If undefined (the default) or set to null, no storageClassName spec is
-    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-    ##   GKE, AWS & OpenStack)
     ##
-    # storageClass: "-"
+    # ssl: false
-    ## Persistent Volume Access Mode.
+    ## ca Certificate of Authority
+    ## Default to empty, point to location of CA
     ##
-    accessMode: ReadWriteOce
+    # ca: "path to ca"
-    ## Persistent Volume Storage Size.
+    ## postgresqlHost override postgres database host
+    ## Default to postgres
     ##
-    size: 8Gi
+    # postgresqlHost: postgres
+    ## postgresqlPort port for postgres
+    ## Default to 5432
+    ##
+    # postgresqlPort: 5432
+    ## PostgreSQL fullname Override
+    ## Default to wiki-postgresql unless fullname override is set for Chart
+    ##
+    fullnameOverride: ""
+    ## PostgreSQL User to create.
+    ##
+    postgresqlUser: postgres
+    ## PostgreSQL Database to create.
+    ##
+    postgresqlDatabase: wiki
+    ## Persistent Volume Storage configuration.
+    ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
+    ##
+    existingSecret: postgresql-password
+    replication:
+      ## Enable PostgreSQL replication (primary/secondary)
+      ##
+      enabled: false
+    persistence:
+      ## Enable PostgreSQL persistence using Persistent Volume Claims.
+      ##
+      enabled: true
+      ## concourse data Persistent Volume Storage Class
+      ## If defined, storageClassName: <storageClass>
+      ## If set to "-", storageClassName: "", which disables dynamic provisioning
+      ## If undefined (the default) or set to null, no storageClassName spec is
+      ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+      ##   GKE, AWS & OpenStack)
+      ##
+      # storageClass: "-"
+      ## Persistent Volume Access Mode.
+      ##
+      accessMode: ReadWriteOce
+      ## Persistent Volume Storage Size.
+      ##
+      size: 8Gi