mirror of
https://github.com/plankanban/planka.git
synced 2026-07-16 05:53:57 +03:00
feat: Extra volume mounts in Helm (#1382)
This commit is contained in:
@@ -15,7 +15,7 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 1.0.5
|
||||
version: 1.1.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
|
||||
@@ -109,3 +109,122 @@ If you want to host PLANKA for more than just playing around with, you might wan
|
||||
- Specify a password for `postgresql.auth.password` as there have been issues with the postgresql chart generating new passwords locking you out of the data you've already stored. (see [this issue](https://github.com/bitnami/charts/issues/2061))
|
||||
|
||||
Any questions or concerns, [raise an issue](https://github.com/Chris-Greaves/planka-helm-chart/issues/new).
|
||||
|
||||
## Advanced Configuration
|
||||
|
||||
### Extra Volume Mounts
|
||||
|
||||
The Helm chart supports mounting arbitrary ConfigMaps, Secrets, and Volumes to the Planka deployment using the `extraMounts` configuration. This is especially useful for scenarios like:
|
||||
|
||||
- Mounting custom CA certificates for OIDC with self-hosted identity providers
|
||||
- Adding custom configuration files
|
||||
- Mounting TLS certificates from existing secrets
|
||||
- Adding temporary or persistent storage volumes
|
||||
|
||||
**Note**: ConfigMaps and Secrets must be created separately before referencing them in `extraMounts`.
|
||||
|
||||
#### Basic Usage
|
||||
|
||||
Use the `extraMounts` section to mount any type of volume:
|
||||
|
||||
```yaml
|
||||
extraMounts:
|
||||
# Mount CA certificate from existing ConfigMap
|
||||
- name: ca-certs
|
||||
mountPath: /etc/ssl/certs/custom-ca.crt
|
||||
subPath: ca.crt
|
||||
readOnly: true
|
||||
configMap:
|
||||
name: ca-certificates # Must exist
|
||||
|
||||
# Mount TLS certificates from existing Secret
|
||||
- name: tls-certs
|
||||
mountPath: /etc/ssl/private
|
||||
readOnly: true
|
||||
secret:
|
||||
secretName: planka-tls-secret # Must exist
|
||||
items:
|
||||
- key: tls.crt
|
||||
path: server.crt
|
||||
- key: tls.key
|
||||
path: server.key
|
||||
|
||||
# Temporary storage
|
||||
- name: temp-storage
|
||||
mountPath: /tmp/planka-temp
|
||||
readOnly: false
|
||||
emptyDir:
|
||||
sizeLimit: 1Gi
|
||||
|
||||
# Host path mount
|
||||
- name: backup-storage
|
||||
mountPath: /var/lib/planka-backups
|
||||
readOnly: false
|
||||
hostPath:
|
||||
path: /var/lib/planka-backups
|
||||
type: DirectoryOrCreate
|
||||
|
||||
# NFS mount
|
||||
- name: nfs-storage
|
||||
mountPath: /shared/data
|
||||
readOnly: false
|
||||
nfs:
|
||||
server: nfs.example.com
|
||||
path: /exports/planka
|
||||
```
|
||||
|
||||
### OIDC with Self-Hosted Keycloak
|
||||
|
||||
A common use case is configuring OIDC with a self-hosted Keycloak instance that uses custom CA certificates.
|
||||
|
||||
First, create the CA certificate ConfigMap:
|
||||
```bash
|
||||
kubectl create configmap ca-certificates --from-file=ca.crt=/path/to/your/ca.crt
|
||||
```
|
||||
|
||||
Then configure the chart:
|
||||
```yaml
|
||||
# Mount custom CA certificate from existing ConfigMap
|
||||
extraMounts:
|
||||
- name: keycloak-ca
|
||||
mountPath: /etc/ssl/certs/keycloak-ca.crt
|
||||
subPath: ca.crt
|
||||
readOnly: true
|
||||
configMap:
|
||||
name: ca-certificates
|
||||
|
||||
# Configure Node.js to trust the custom CA
|
||||
extraEnv:
|
||||
- name: NODE_EXTRA_CA_CERTS
|
||||
value: "/etc/ssl/certs/keycloak-ca.crt"
|
||||
|
||||
# Enable OIDC
|
||||
oidc:
|
||||
enabled: true
|
||||
clientId: "planka-client"
|
||||
clientSecret: "your-client-secret"
|
||||
issuerUrl: "https://keycloak.example.com/realms/master"
|
||||
admin:
|
||||
roles:
|
||||
- "planka-admin"
|
||||
```
|
||||
|
||||
### Environment Variables from Secrets
|
||||
|
||||
You can reference values from existing secrets in environment variables:
|
||||
|
||||
```yaml
|
||||
extraEnv:
|
||||
- name: SMTP_PASSWORD
|
||||
valueFrom:
|
||||
secretName: smtp-credentials
|
||||
key: password
|
||||
- name: CUSTOM_API_KEY
|
||||
valueFrom:
|
||||
secretName: api-credentials
|
||||
key: api-key
|
||||
```
|
||||
|
||||
### Complete Example
|
||||
|
||||
See `values-example.yaml` for a comprehensive example that demonstrates all the advanced features including OIDC configuration with custom CA certificates.
|
||||
|
||||
@@ -71,6 +71,19 @@ spec:
|
||||
subPath: app-logs
|
||||
name: emptydir
|
||||
{{- end }}
|
||||
{{- /* Extra volume mounts */}}
|
||||
{{- range .Values.extraMounts }}
|
||||
- name: {{ .name }}
|
||||
mountPath: {{ .mountPath }}
|
||||
{{- if .subPath }}
|
||||
subPath: {{ .subPath }}
|
||||
{{- end }}
|
||||
{{- if hasKey . "readOnly" }}
|
||||
readOnly: {{ .readOnly }}
|
||||
{{- else }}
|
||||
readOnly: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
env:
|
||||
@@ -200,4 +213,31 @@ spec:
|
||||
{{- if .Values.securityContext.readOnlyRootFilesystem }}
|
||||
- name: emptydir
|
||||
emptyDir: {}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- /* Extra volumes */}}
|
||||
{{- range .Values.extraMounts }}
|
||||
- name: {{ .name }}
|
||||
{{- if .configMap }}
|
||||
configMap:
|
||||
{{- toYaml .configMap | nindent 12 }}
|
||||
{{- else if .secret }}
|
||||
secret:
|
||||
{{- toYaml .secret | nindent 12 }}
|
||||
{{- else if .emptyDir }}
|
||||
emptyDir:
|
||||
{{- toYaml .emptyDir | nindent 12 }}
|
||||
{{- else if .hostPath }}
|
||||
hostPath:
|
||||
{{- toYaml .hostPath | nindent 12 }}
|
||||
{{- else if .persistentVolumeClaim }}
|
||||
persistentVolumeClaim:
|
||||
{{- toYaml .persistentVolumeClaim | nindent 12 }}
|
||||
{{- else if .nfs }}
|
||||
nfs:
|
||||
{{- toYaml .nfs | nindent 12 }}
|
||||
{{- else }}
|
||||
{{- /* Support any other volume type by removing known mount-specific keys */}}
|
||||
{{- $volume := omit . "name" "mountPath" "subPath" "readOnly" }}
|
||||
{{- toYaml $volume | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
@@ -238,3 +238,46 @@ extraEnv: []
|
||||
## value: "your_password"
|
||||
## - name: SMTP_FROM
|
||||
## value: "your_email@example.com"
|
||||
|
||||
## Extra volume mounts configuration
|
||||
## Mount ConfigMaps, Secrets, and arbitrary volumes to the Planka container
|
||||
## This allows mounting any pre-existing ConfigMaps, Secrets, or other volume types
|
||||
##
|
||||
extraMounts: []
|
||||
## Example extraMounts:
|
||||
## extraMounts:
|
||||
## - name: ca-certs
|
||||
## mountPath: /etc/ssl/certs/ca-certificates.crt
|
||||
## subPath: ca-bundle.crt
|
||||
## readOnly: true
|
||||
## configMap:
|
||||
## name: ca-certificates
|
||||
## - name: tls-certs
|
||||
## mountPath: /etc/ssl/private
|
||||
## readOnly: true
|
||||
## secret:
|
||||
## secretName: planka-tls
|
||||
## items:
|
||||
## - key: tls.crt
|
||||
## path: server.crt
|
||||
## - key: tls.key
|
||||
## path: server.key
|
||||
## - name: temp-storage
|
||||
## mountPath: /tmp/planka-temp
|
||||
## readOnly: false
|
||||
## emptyDir:
|
||||
## sizeLimit: 1Gi
|
||||
|
||||
## Example configuration for OIDC with self-hosted Keycloak using custom CA
|
||||
## (Requires pre-existing ConfigMap "ca-certificates")
|
||||
## extraMounts:
|
||||
## - name: keycloak-ca
|
||||
## mountPath: /etc/ssl/certs/keycloak-ca.crt
|
||||
## subPath: ca.crt
|
||||
## readOnly: true
|
||||
## configMap:
|
||||
## name: ca-certificates
|
||||
##
|
||||
## extraEnv:
|
||||
## - name: NODE_EXTRA_CA_CERTS
|
||||
## value: "/etc/ssl/certs/keycloak-ca.crt"
|
||||
|
||||
Reference in New Issue
Block a user