From a9621dbcbfe1a5ce20c87d54882ffbea85098729 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 24 Apr 2023 17:36:10 +0200
Subject: [PATCH] fix(hedgedoc): Add support for upstream TLS
This patch allows to deploy TLS support for the database backend.
---
apps/base/hedgedoc/release.yaml | 10 +++-----
charts/hedgedoc/Chart.yaml | 2 +-
charts/hedgedoc/README.md | 9 ++++----
.../hedgedoc/templates/configmap-config.yaml | 23 +++++++++++++++++++
charts/hedgedoc/templates/deployment.yaml | 15 ++++++++++++
charts/hedgedoc/values.yaml | 8 ++++---
6 files changed, 52 insertions(+), 15 deletions(-)
create mode 100644 charts/hedgedoc/templates/configmap-config.yaml
diff --git a/apps/base/hedgedoc/release.yaml b/apps/base/hedgedoc/release.yaml
index 092e8885d..aa495c653 100644
--- a/apps/base/hedgedoc/release.yaml
+++ b/apps/base/hedgedoc/release.yaml
@@ -46,25 +46,19 @@ spec:
group: apps
version: v1
kind: Deployment
- name: mastodon-streaming
+ name: hedgedoc
patch:
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: NODE_EXTRA_CA_CERTS
value: /ca/ca.crt
- - op: add
- path: /spec/template/spec/containers/0/volumeMounts
- value: []
- op: add
path: /spec/template/spec/containers/0/volumeMounts/-
value:
name: namespace-ca-cert
mountPath: "/ca/"
readOnly: true
- - op: add
- path: /spec/template/spec/volumes
- value: []
- op: add
path: /spec/template/spec/volumes/-
value:
@@ -85,6 +79,8 @@ data:
postgresqlHostname: hedgedoc-postgres.hedgedoc.svc.cluster.local
auth:
database: hedgedoc
+ tls:
+ enabled: true
resources:
limits:
cpu: "1"
diff --git a/charts/hedgedoc/Chart.yaml b/charts/hedgedoc/Chart.yaml
index fa1ad45a9..6d8346155 100644
--- a/charts/hedgedoc/Chart.yaml
+++ b/charts/hedgedoc/Chart.yaml
@@ -11,7 +11,7 @@ keywords:
sources:
- https://github.com/hedgedoc/hedgedoc/tree/master
- https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/tree/main/charts/hedgedoc
-version: 0.1.5
+version: 0.2.0
# renovate: image=quay.io/hedgedoc/hedgedoc
appVersion: 1.9.7
maintainers:
diff --git a/charts/hedgedoc/README.md b/charts/hedgedoc/README.md
index c5b2892ec..45928477e 100644
--- a/charts/hedgedoc/README.md
+++ b/charts/hedgedoc/README.md
@@ -1,6 +1,6 @@
# hedgedoc
-  
+  
A platform to write and share markdown.
@@ -76,13 +76,14 @@ A platform to write and share markdown.
| postgresql.auth.password | string | `""` | |
| postgresql.auth.username | string | `"hedgedoc"` | |
| postgresql.enabled | bool | `true` | |
+| postgresql.tls.enabled | bool | `false` | |
| resources | object | `{}` | |
| securityContext | object | `{}` | |
| service.port | int | `80` | |
| service.type | string | `"ClusterIP"` | |
-| serviceAccount.annotations | object | `{}` | |
-| serviceAccount.create | bool | `true` | |
-| serviceAccount.name | string | `""` | |
+| serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
| tolerations | list | `[]` | |
----------------------------------------------
diff --git a/charts/hedgedoc/templates/configmap-config.yaml b/charts/hedgedoc/templates/configmap-config.yaml
new file mode 100644
index 000000000..49295f2ac
--- /dev/null
+++ b/charts/hedgedoc/templates/configmap-config.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.postgresql.tls.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "hedgedoc.fullname" . }}-config
+ labels:
+ {{- include "hedgedoc.labels" . | nindent 4 }}
+data:
+ config.json: |
+ {
+ "production": {
+ "db": {
+ "dialect": "postgres",
+ "protocol": "postgres",
+ "dialectOptions": {
+ "ssl": {
+ "require": true
+ }
+ }
+ }
+ }
+ }
+{{- end }}
\ No newline at end of file
diff --git a/charts/hedgedoc/templates/deployment.yaml b/charts/hedgedoc/templates/deployment.yaml
index 1f8563663..85734b29c 100644
--- a/charts/hedgedoc/templates/deployment.yaml
+++ b/charts/hedgedoc/templates/deployment.yaml
@@ -58,6 +58,11 @@ spec:
httpGet:
path: /_health
port: http
+ {{- if .Values.postgresql.tls.enabled }}
+ volumeMounts:
+ - name: config
+ mountPath: /files/
+ {{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
@@ -72,3 +77,13 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
+ {{- if .Values.postgresql.tls.enabled }}
+ volumes:
+ - name: config
+ configMap:
+ name: {{ include "hedgedoc.fullname" . }}-config
+ items:
+ - key: config.json
+ path: config.json
+ defaultMode: 420
+ {{- end }}
diff --git a/charts/hedgedoc/values.yaml b/charts/hedgedoc/values.yaml
index 32a9bb98c..510e8e714 100644
--- a/charts/hedgedoc/values.yaml
+++ b/charts/hedgedoc/values.yaml
@@ -11,11 +11,11 @@ nameOverride: ""
fullnameOverride: ""
serviceAccount:
- # Specifies whether a service account should be created
+ # -- Specifies whether a service account should be created
create: true
- # Annotations to add to the service account
+ # -- Annotations to add to the service account
annotations: {}
- # The name of the service account to use.
+ # -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
@@ -60,6 +60,8 @@ postgresql:
username: hedgedoc
password: ""
existingSecret: ""
+ tls:
+ enabled: false
podAnnotations: {}
--
GitLab