bitnami/ghost add database SSL support (#9286)

* add ssl support Signed-off-by: José Abraham <abrahamjoc@gmail.com> * json schema ssl Signed-off-by: José Abraham <abrahamjoc@gmail.com> * readme-generator Signed-off-by: José Abraham <abrahamjoc@gmail.com> * bump chart version Signed-off-by: José Abraham <abrahamjoc@gmail.com> * add GHOST_DATABASE_SSL_CA_FILE Signed-off-by: José Abraham <abrahamjoc@gmail.com>
2026-02-19 19:47:22 +08:00 · 2022-03-04 06:52:41 -03:00
parent 253f5d8f4a
commit 502fc965f6
5 changed files with 53 additions and 3 deletions
--- a/bitnami/ghost/Chart.yaml
+++ b/bitnami/ghost/Chart.yaml
@@ -33,4 +33,4 @@ name: ghost
 sources:
  - https://github.com/bitnami/bitnami-docker-ghost
  - https://www.ghost.org/
-version: 16.0.14
+version: 16.1.0
--- a/bitnami/ghost/README.md
+++ b/bitnami/ghost/README.md
@@ -82,7 +82,7 @@ The command removes all the Kubernetes components associated with the chart and
 | ------------------- | ------------------------------------------------ | --------------------- |
 | `image.registry`    | Ghost image registry                             | `docker.io`           |
 | `image.repository`  | Ghost image repository                           | `bitnami/ghost`       |
-| `image.tag`         | Ghost image tag (immutable tags are recommended) | `4.32.3-debian-10-r0` |
+| `image.tag`         | Ghost image tag (immutable tags are recommended) | `4.37.0-debian-10-r3` |
 | `image.pullPolicy`  | Ghost image pull policy                          | `IfNotPresent`        |
 | `image.pullSecrets` | Ghost image pull secrets                         | `[]`                  |
 | `image.debug`       | Enable image debug mode                          | `false`               |
@@ -216,7 +216,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `volumePermissions.enabled`                   | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false`                 |
 | `volumePermissions.image.registry`            | Bitnami Shell image registry                                                                    | `docker.io`             |
 | `volumePermissions.image.repository`          | Bitnami Shell image repository                                                                  | `bitnami/bitnami-shell` |
-| `volumePermissions.image.tag`                 | Bitnami Shell image tag (immutable tags are recommended)                                        | `10-debian-10-r308`     |
+| `volumePermissions.image.tag`                 | Bitnami Shell image tag (immutable tags are recommended)                                        | `10-debian-10-r351`     |
 | `volumePermissions.image.pullPolicy`          | Bitnami Shell image pull policy                                                                 | `IfNotPresent`          |
 | `volumePermissions.image.pullSecrets`         | Bitnami Shell image pull secrets                                                                | `[]`                    |
 | `volumePermissions.resources.limits`          | The resources limits for the init container                                                     | `{}`                    |
@@ -245,6 +245,8 @@ The command removes all the Kubernetes components associated with the chart and
 | `externalDatabase.password`                | External Database user password                                           | `""`            |
 | `externalDatabase.database`                | External Database database name                                           | `bitnami_ghost` |
 | `externalDatabase.existingSecret`          | The name of an existing secret with database credentials                  | `""`            |
+| `externalDatabase.ssl`                     | External Database ssl                                                     | `false`         |
+| `externalDatabase.sslCaFile`               | External Database ssl CA filepath                                         | `""`            |


 ### NetworkPolicy parameters
@@ -263,6 +265,7 @@ The command removes all the Kubernetes components associated with the chart and
 | `networkPolicy.ingressRules.customRules`                      | Custom network policy ingress rule                                                                                        | `{}`    |
 | `networkPolicy.egressRules.denyConnectionsToExternal`         | Enable egress rule that denies outgoing traffic outside the cluster, except for DNS (port 53).                            | `false` |
 | `networkPolicy.egressRules.customRules`                       | Custom network policy rule                                                                                                | `{}`    |
+| `serviceAccount.name`                                         | Service Account Name                                                                                                      | `""`    |


 The above parameters map to the env variables defined in [bitnami/ghost](https://github.com/bitnami/bitnami-docker-ghost). For more information please refer to the [bitnami/ghost](https://github.com/bitnami/bitnami-docker-ghost) image documentation.
--- a/bitnami/ghost/templates/deployment.yaml
+++ b/bitnami/ghost/templates/deployment.yaml
@@ -53,6 +53,9 @@ spec:
      {{- if .Values.priorityClassName }}
      priorityClassName: {{ .Values.priorityClassName | quote }}
      {{- end }}
+      {{- if .Values.serviceAccount.name }}
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+      {{- end }}
      {{- if .Values.schedulerName }}
      schedulerName: {{ .Values.schedulerName }}
      {{- end }}
@@ -125,6 +128,14 @@ spec:
                secretKeyRef:
                  name: {{ include "ghost.databaseSecretName" . }}
                  key: mariadb-password
+            {{- if (and (not .Values.mariadb.enabled) .Values.externalDatabase.ssl) }}
+            - name: GHOST_DATABASE_ENABLE_SSL
+              value: {{ .Values.externalDatabase.ssl | quote }}
+            - name: MYSQL_CLIENT_ENABLE_SSL
+              value: {{ ternary "yes" "no" .Values.externalDatabase.ssl | quote }}
+            - name: GHOST_DATABASE_SSL_CA_FILE
+              value: {{ .Values.externalDatabase.sslCaFile | quote }}
+            {{- end }}
            - name: GHOST_HOST
              value: {{ include "ghost.host" . | quote }}
            - name: GHOST_PORT_NUMBER
--- a/bitnami/ghost/values.schema.json
+++ b/bitnami/ghost/values.schema.json
@@ -114,6 +114,18 @@
          "form": true,
          "title": "Database Port",
          "hidden": "mariadb/enabled"
+        },
+        "ssl": {
+          "type": "boolean",
+          "form": true,
+          "title": "Database SSL",
+          "hidden": "mariadb/enabled"
+        },
+        "sslCaFile": {
+          "type": "string",
+          "form": true,
+          "title": "Database SSL CA filepath",
+          "hidden": "mariadb/enabled"
        }
      }
    },
@@ -158,6 +170,17 @@
          "form": true
        }
      }
+    },
+    "serviceAccount": {
+      "type": "object",
+      "properties": {
+        "name": {
+          "type": "string",
+          "title": "Service Account Name",
+          "description": "Service Account Name to use",
+          "form": true
+        }
+      }
    }
  }
 }
--- a/bitnami/ghost/values.yaml
+++ b/bitnami/ghost/values.yaml
@@ -641,6 +641,12 @@ externalDatabase:
  ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored
  ##
  existingSecret: ""
+  ## @param externalDatabase.ssl External Database ssl
+  ##
+  ssl: false
+  ## @param externalDatabase.sslCaFile External Database ssl CA filepath
+  ##
+  sslCaFile: ""

 ## @section NetworkPolicy parameters

@@ -718,3 +724,10 @@ networkPolicy:
    ##             label: example
    ##
    customRules: {}
+
+## Service Account
+##
+serviceAccount:
+  ## @param serviceAccount.name Service Account Name
+  ##
+  name: ""