2
0
Эх сурвалжийг харах

fix(helm): allow self-signed ssl (#5446)

Don Kendall 3 жил өмнө
parent
commit
dffffd3a2b

+ 5 - 1
dev/helm/templates/deployment.yaml

@@ -41,9 +41,11 @@ spec:
           env:
             - name: DB_TYPE
               value: postgres
-            {{- if .Values.externalPostgresql.databaseURL }}
+            {{- if (.Values.externalPostgresql).databaseURL }}
             - name: DATABASE_URL
               value: {{ .Values.externalPostgresql.databaseURL }}
+            - name: NODE_TLS_REJECT_UNAUTHORIZED
+              value: {{ default "1" .Values.externalPostgresql.NODE_TLS_REJECT_UNAUTHORIZED | quote }}
             {{- else }}
             - name: DB_HOST
               value: {{ template "wiki.postgresql.host" . }}
@@ -81,6 +83,8 @@ spec:
             {{- toYaml .Values.livenessProbe | nindent 12 }}
           readinessProbe:
             {{- toYaml .Values.readinessProbe | nindent 12 }}
+          startupProbe:
+            {{- toYaml .Values.startupProbe | nindent 12 }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       {{- with .Values.nodeSelector }}

+ 14 - 1
dev/helm/values.yaml

@@ -32,6 +32,16 @@ readinessProbe:
     path: /healthz
     port: http
 
+startupProbe:
+  initialDelaySeconds: 15
+  periodSeconds: 5
+  timeoutSeconds: 5
+  successThreshold: 1
+  failureThreshold: 60
+  httpGet:
+    path: /healthz
+    port: http
+
 podSecurityContext: {}
   # fsGroup: 2000
 
@@ -104,7 +114,10 @@ sideload:
 
 ## This will override the postgresql chart values
 # externalPostgresql:
-#   databaseURL: postgresql://postgres:postgres@postgres:5432/wiki?sslmode=require
+#   # note: ?sslmode=require => ?ssl=true
+#   databaseURL: postgresql://postgres:postgres@postgres:5432/wiki?ssl=true
+#   # For self signed CAs, like DigitalOcean
+#   NODE_TLS_REJECT_UNAUTHORIZED: "0"
 
 ## Configuration values for the postgresql dependency.
 ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md