add support for pg ssl settings to helm

briefercloud · Dec 3, 2024 · f52f42d · f52f42d
1 parent e9da750
commit f52f42d
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 5 deletions.
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: briefer
 description: The helm chart for Briefer's open-source version.
 type: application
-version: 0.1.4
-appVersion: '0.1.4'
+version: 0.1.5
+appVersion: '0.1.5'
diff --git a/chart/templates/api-deployment.yaml b/chart/templates/api-deployment.yaml
@@ -48,6 +48,12 @@ spec:
               value: '{{ .Values.api.env.postgresPort }}'
             - name: POSTGRES_DATABASE
               value: '{{ .Values.api.env.postgresDatabase }}'
+            - name: POSTGRES_SSL_DISABLED
+              value: '{{ .Values.api.env.postgresSslDisabled | default "false" }}'
+            - name: POSTGRES_SSL_REJECT_UNAUTHORIZED
+              value: '{{ .Values.api.env.postgresSslRejectUnauthorized }}'
+            - name: POSTGRES_SSL_CA
+              value: '{{ .Values.api.env.postgresSslCa }}'
           resources:
             requests:
               cpu: 100m
@@ -117,6 +123,12 @@ spec:
               value: '{{ .Values.api.env.postgresConnectionLimit | default "30" }}'
             - name: POSTGRES_POOL_TIMEOUT
               value: '{{ .Values.api.env.postgresPoolTimeout | default "10" }}'
+            - name: POSTGRES_SSL_DISABLED
+              value: '{{ .Values.api.env.postgresSslDisabled | default "false" }}'
+            - name: POSTGRES_SSL_REJECT_UNAUTHORIZED
+              value: '{{ .Values.api.env.postgresSslRejectUnauthorized }}'
+            - name: POSTGRES_SSL_CA
+              value: '{{ .Values.api.env.postgresSslCa }}'
 
             - name: LOGIN_LINK_EXPIRATION
               value: '{{ .Values.api.env.loginLinkExpiration | default "24h" }}'

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -8,7 +8,7 @@ ai:
   image:
     repository: docker.io
     name: briefercloud/briefer-ai
-    tag: v0.0.66
+    tag: v0.0.74
     pullPolicy: Always
 
   resources:
@@ -47,7 +47,7 @@ web:
   image:
     repository: docker.io
     name: briefercloud/briefer-web
-    tag: v0.0.66
+    tag: v0.0.74
     pullPolicy: Always
 
   # optional
@@ -81,7 +81,7 @@ api:
   image:
     repository: docker.io
     name: briefercloud/briefer-api
-    tag: v0.0.66
+    tag: v0.0.74
     pullPolicy: Always
 
   resources:
@@ -106,6 +106,9 @@ api:
     postgresDatabase: briefer
     aiApiUrl: http://ai:8080
     allowHttp: 'false'
+    postgresSslDisabled: false
+    postgresSslRejectUnauthorized: false
+    postgresSslCa: ''
 
   secrets:
     postgresUsername: postgres

diff --git a/docs/deployment/troubleshooting.mdx b/docs/deployment/troubleshooting.mdx
@@ -138,6 +138,10 @@ Briefer accepts the following environment variables to configure the SSL connect
 - `POSTGRES_SSL_REJECT_UNAUTHORIZED` (optional): Set this to `true` to reject unauthorized (self-signed) SSL certificates.
 - `POSTGRES_SSL_CA`: (optional): The path to the CA certificate file to validate the server certificate.
 
+<Note>
+If you're deploying Briefer using our Helm chart, you can set these values in the `values.yaml` file as `api.env.postgresSslDisabled`, `api.env.postgresSslRejectUnauthorized`, and `api.env.postgresSslCa`, respectively.
+</Note>
+
 If you're having issues with your Postgres SSL settings, make sure that you've set these environment variables correctly.
 
 By default, Briefer's connection will have the same SSL settings as using `sslmode=prefer` in a Postgres connection string.