Browse Source

chore(helm): add support for securityContext and resources in sideload container (#7350)

---------

Co-authored-by: Mohamed Amine Arous <“maarous-prestataire@ina.fr”>
Co-authored-by: Nicolas Giard <github@ngpixel.com>
main
maarous 1 day ago
committed by GitHub
parent
commit
94d253bf59
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
4 changed files with 40 additions and 13 deletions
  1. 2
      dev/helm/Chart.yaml
  2. 27
      dev/helm/README.md
  3. 4
      dev/helm/templates/deployment.yaml
  4. 20
      dev/helm/values.yaml

2
dev/helm/Chart.yaml

@ -2,7 +2,7 @@ apiVersion: v2
name: wiki
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: 2.2.0
version: 2.3.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
AppVersion: latest

27
dev/helm/README.md

@ -97,16 +97,16 @@ The following table lists the configurable parameters of the Wiki.js chart and t
| `image.repository` | Wiki.js image | `requarks/wiki` |
| `image.tag` | Wiki.js image tag | `latest` |
| `imagePullPolicy` | Image pull policy | `IfNotPresent` |
| `replicacount` | Amount of wiki.js service pods to run | `1` |
| `revisionHistoryLimit` | Total amount of revision history points | `10` |
| `resources.limits` | wiki.js service resource limits | `nil` |
| `resources.requests` | wiki.js service resource requests | `nil` |
| `nodeSelector` | Node labels for wiki.js pod assignment | `{}` |
| `affinity` | Affinity settings for wiki.js pod assignment | `{}` |
| `schedulerName` | Name of an alternate scheduler for wiki.js pod | `nil` |
| `tolerations` | Toleration labels for wiki.jsk pod assignment | `[]` |
| `volumeMounts` | Volume mounts for Wiki.js container | `[]` |
| `volumes` | Volumes for Wiki.js Pod | `[]` |
| `replicacount` | Number of Wiki.js pods to run | `1` |
| `revisionHistoryLimit` | Total number of revision history points | `10` |
| `resources.limits` | Wiki.js service resource limits | `nil` |
| `resources.requests` | Wiki.js service resource requests | `nil` |
| `nodeSelector` | Node labels for the Wiki.js pod assignment | `{}` |
| `affinity` | Affinity settings for the Wiki.js pod assignment | `{}` |
| `schedulerName` | Name of an alternate scheduler for the Wiki.js pod | `nil` |
| `tolerations` | Toleration labels for the Wiki.js pod assignment | `[]` |
| `volumeMounts` | Volume mounts for the Wiki.js container | `[]` |
| `volumes` | Volumes for the Wiki.js pod | `[]` |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.className` | Ingress class name | `""` |
| `ingress.annotations` | Ingress annotations | `{}` |
@ -114,7 +114,10 @@ The following table lists the configurable parameters of the Wiki.js chart and t
| `ingress.tls` | Ingress TLS configuration | `[]` |
| `sideload.enabled` | Enable sideloading of locale files from git | `false` |
| `sideload.repoURL` | Git repository URL containing locale files | `https://github.com/Requarks/wiki-localization` |
| `sideload.env` | Environment variables for sideload Container | `{}` |
| `sideload.env` | Environment variables for the sideload container | `{}` |
| `sideload.securityContext` | Security context for the sideload container | `nil` |
| `sideload.resources.limits` | Resource limits for the sideload container | `nil` |
| `sideload.resources.requests` | Resource requests for the sideload container | `nil` |
| `nodeExtraCaCerts` | Trusted certificates path | `nil` |
| `postgresql.enabled` | Deploy postgres server (see below) | `true` |
| `postgresql.postgresqlDatabase` | Postgres database name | `wiki` |
@ -122,7 +125,7 @@ The following table lists the configurable parameters of the Wiki.js chart and t
| `postgresql.postgresqlHost` | External postgres host | `nil` |
| `postgresql.postgresqlPassword` | External postgres password | `nil` |
| `postgresql.existingSecret` | Provide an existing `Secret` for postgres | `nil` |
| `postgresql.existingSecretKey` | The postgres password key in the existing `Secret` | `postgresql-password` |
| `postgresql.existingSecretKey` | The postgres password key in the existing `Secret` | `postgresql-password` |
| `postgresql.postgresqlPort` | External postgres port | `5432` |
| `postgresql.ssl` | Enable external postgres SSL connection | `false` |
| `postgresql.ca` | Certificate of Authority content for postgres | `nil` |

4
dev/helm/templates/deployment.yaml

@ -27,12 +27,16 @@ spec:
{{- if .Values.sideload.enabled }}
initContainers:
- name: {{ .Chart.Name }}-sideload
securityContext:
{{- toYaml .Values.sideload.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
env:
{{- toYaml .Values.sideload.env | nindent 12 }}
command: [ "sh", "-c" ]
args: [ "mkdir -p /wiki/data/sideload && git clone --depth=1 {{ .Values.sideload.repoURL }} /wiki/data/sideload/" ]
resources:
{{- toYaml .Values.sideload.resources | nindent 12 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}

20
dev/helm/values.yaml

@ -115,6 +115,26 @@ sideload:
# - name: HTTPS_PROXY
# value: http://my.proxy.com:3128
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## Append extra trusted certificates for node process from extra volume via NODE_EXTRA_CA_CERTS variable
# nodeExtraCaCerts: "/path/to/certs.pem"

Loading…
Cancel
Save