diff --git a/apps/base/hedgedoc/release.yaml b/apps/base/hedgedoc/release.yaml
index 092e8885d9787a06ba545908efdd2465d4799bdb..aa495c653faf49abd1e0fb3f720c02c07c60398d 100644
--- a/apps/base/hedgedoc/release.yaml
+++ b/apps/base/hedgedoc/release.yaml
@@ -46,25 +46,19 @@ spec:
group: apps
version: v1
kind: Deployment
- name: mastodon-streaming
+ name: hedgedoc
patch:
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: NODE_EXTRA_CA_CERTS
value: /ca/ca.crt
- - op: add
- path: /spec/template/spec/containers/0/volumeMounts
- value: []
- op: add
path: /spec/template/spec/containers/0/volumeMounts/-
value:
name: namespace-ca-cert
mountPath: "/ca/"
readOnly: true
- - op: add
- path: /spec/template/spec/volumes
- value: []
- op: add
path: /spec/template/spec/volumes/-
value:
@@ -85,6 +79,8 @@ data:
postgresqlHostname: hedgedoc-postgres.hedgedoc.svc.cluster.local
auth:
database: hedgedoc
+ tls:
+ enabled: true
resources:
limits:
cpu: "1"
diff --git a/charts/hedgedoc/Chart.yaml b/charts/hedgedoc/Chart.yaml
index fa1ad45a9c4c95d59a2642e3c08ef40b1c1ed7ab..6d83461557b4757e8bef7604ee3837d03a175fb5 100644
--- a/charts/hedgedoc/Chart.yaml
+++ b/charts/hedgedoc/Chart.yaml
@@ -11,7 +11,7 @@ keywords:
sources:
- https://github.com/hedgedoc/hedgedoc/tree/master
- https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/tree/main/charts/hedgedoc
-version: 0.1.5
+version: 0.2.0
# renovate: image=quay.io/hedgedoc/hedgedoc
appVersion: 1.9.7
maintainers:
diff --git a/charts/hedgedoc/README.md b/charts/hedgedoc/README.md
index c5b2892ecee8cb92d9a2a4912e311abbaf408231..45928477e54dabf382438c432fc6e6377dd87a4a 100644
--- a/charts/hedgedoc/README.md
+++ b/charts/hedgedoc/README.md
@@ -1,6 +1,6 @@
# hedgedoc
-  
+  
A platform to write and share markdown.
@@ -76,13 +76,14 @@ A platform to write and share markdown.
| postgresql.auth.password | string | `""` | |
| postgresql.auth.username | string | `"hedgedoc"` | |
| postgresql.enabled | bool | `true` | |
+| postgresql.tls.enabled | bool | `false` | |
| resources | object | `{}` | |
| securityContext | object | `{}` | |
| service.port | int | `80` | |
| service.type | string | `"ClusterIP"` | |
-| serviceAccount.annotations | object | `{}` | |
-| serviceAccount.create | bool | `true` | |
-| serviceAccount.name | string | `""` | |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| tolerations | list | `[]` | |
----------------------------------------------
diff --git a/charts/hedgedoc/templates/configmap-config.yaml b/charts/hedgedoc/templates/configmap-config.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..49295f2ac7d49b9b6e46d177f22a8df032359bed
--- /dev/null
+++ b/charts/hedgedoc/templates/configmap-config.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.postgresql.tls.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "hedgedoc.fullname" . }}-config
+ labels:
+ {{- include "hedgedoc.labels" . | nindent 4 }}
+data:
+ config.json: |
+ {
+ "production": {
+ "db": {
+ "dialect": "postgres",
+ "protocol": "postgres",
+ "dialectOptions": {
+ "ssl": {
+ "require": true
+ }
+ }
+ }
+ }
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/hedgedoc/templates/deployment.yaml b/charts/hedgedoc/templates/deployment.yaml
index 1f8563663f893d4038e7a8d9473d9adecb8ccbd9..85734b29c6d287405aae370a060df848d0968a63 100644
--- a/charts/hedgedoc/templates/deployment.yaml
+++ b/charts/hedgedoc/templates/deployment.yaml
@@ -58,6 +58,11 @@ spec:
httpGet:
path: /_health
port: http
+ {{- if .Values.postgresql.tls.enabled }}
+ volumeMounts:
+ - name: config
+ mountPath: /files/
+ {{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -72,3 +77,13 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- if .Values.postgresql.tls.enabled }}
+ volumes:
+ - name: config
+ configMap:
+ name: {{ include "hedgedoc.fullname" . }}-config
+ items:
+ - key: config.json
+ path: config.json
+ defaultMode: 420
+ {{- end }}
diff --git a/charts/hedgedoc/values.yaml b/charts/hedgedoc/values.yaml
index 32a9bb98c36a39d38d7eaa47a08a739e92ca391d..510e8e71465f131bea1552e07654a1b14e426f27 100644
--- a/charts/hedgedoc/values.yaml
+++ b/charts/hedgedoc/values.yaml
@@ -11,11 +11,11 @@ nameOverride: ""
fullnameOverride: ""
serviceAccount:
- # Specifies whether a service account should be created
+ # -- Specifies whether a service account should be created
create: true
- # Annotations to add to the service account
+ # -- Annotations to add to the service account
annotations: {}
- # The name of the service account to use.
+ # -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
@@ -60,6 +60,8 @@ postgresql:
username: hedgedoc
password: ""
existingSecret: ""
+ tls:
+ enabled: false
podAnnotations: {}