GHP publish

roles/wikijs/defaults/main.yaml

@@ -0,0 +1,55 @@
+wikijs_enabled: true
+wikijs_publish: false
+wikijs_use_external_db: true
+wikijs_default_values:
+  fullnameOverride: "wikijs"
+  ingress:
+    enabled: true
+    annotations: 
+      cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      cert-manager.io/acme-dns01-provider: "rfc2136"
+      cert-manager.io/acme-challenge-type: "dns01"
+      kubernetes.io/ingress.class: "{{ external_ingress_class if wikijs_publish else internal_ingress_class }}"
+    hosts:
+      - host: wikijs.{{ domain }}
+        paths: ["/"]
+    tls:
+      - secretName: wikijs.{{ domain }}-tls
+        hosts:
+          - wikijs.{{ domain }}
+  postgresql:
+    enabled: false
+    ssl: false
+    postgresqlHost: "{{ postgres_db_team | default(namespace) }}-postgres.{{ postgres_db_namespace | default(namespace) }}.svc.cluster.local"
+    postgresqlUser: "{{ wikijs_db_username | default(omit) }}"
+    postgresqlPassword: "{{ wikijs_db_password | default(omit) }}"
+    postgresqlDatabase: wikijs
+
+wikijs_readonly_ingress_definition: |
+  apiVersion: extensions/v1beta1
+  kind: Ingress
+  metadata:
+    annotations:
+      cert-manager.io/acme-challenge-type: dns01
+      cert-manager.io/acme-dns01-provider: rfc2136
+      cert-manager.io/cluster-issuer: letsencrypt-prod
+      kubernetes.io/ingress.class: "{{ external_ingress_class }}"
+      nginx.ingress.kubernetes.io/proxy-body-size: "0"
+      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+    name: wikijs-public
+    namespace: "{{ wikijs_namespace | default(namespace) }}"
+  spec:
+    rules:
+    - host: "{{ wikijs_readonly_ingress }}"
+      http:
+        paths:
+        - backend:
+            serviceName: wikijs
+            servicePort: 80
+          path: /
+    tls:
+    - hosts:
+      - "{{ wikijs_readonly_ingress }}"
+      secretName: "{{ wikijs_readonly_ingress }}-tls"
+

roles/wikijs/tasks/main.yaml

@@ -0,0 +1,25 @@
+- name: Import secret.yaml to obtain secrets
+  include_tasks: secrets.yaml
+  when: 
+    - wikijs_use_external_db
+    - postgres_enable
+
+- set_fact:
+    wikijs_combined_values: "{{ wikijs_default_values | combine(wikijs_values, recursive=true) }}"
+
+- name: Deploy WikiJS
+  community.kubernetes.helm:
+    create_namespace: true
+    release_namespace: "{{ wikijs_namespace | default(namespace) }}"
+    release_name: "{{ wikijs_name | default('wikijs') }}"
+    chart_ref: "{{ wikijs_chart | default('ghp/wikijs') }}"
+    chart_version: "{{ wikijs_version | default(omit) }}"
+    release_values: "{{ wikijs_combined_values | from_yaml }}"
+    wait: true
+
+- name: Deploy readonly public ingress for WikiJS
+  when: wikijs_readonly_ingress is defined
+  k8s:
+    state: present
+    definition:
+      "{{ wikijs_readonly_ingress_definition }}"

roles/wikijs/tasks/secrets.yaml

@@ -0,0 +1,24 @@
+- block:
+  - name: Set DB namespace for secret lookup
+    set_fact:
+      db_namespace: "{{ wikijs_db_namespace | default(postgres_db_namespace) | default(postgres_namespace) | default(postgres_operator_namespace) | default(namespace) }}"
+
+  - name: Set DB secret name for lookup
+    set_fact:
+      db_secret_name: "bitwarden.{{ postgres_db_team | default(namespace) }}-postgres.credentials.postgresql.acid.zalan.do"
+
+  - name: Lookup WikiJS secret
+    set_fact:
+      wikijs_db_secret: "{{ lookup('k8s', kind='Secret', namespace=db_namespace, resource_name=db_secret_name) }}"
+
+  - debug:
+      msg: "{{ wikijs_db_secret }}"
+      verbosity: 2
+
+  - name: Set WikiJS username
+    set_fact:
+      wikijs_db_username: "{{ wikijs_db_secret.data.username | b64decode }}"
+
+  - name: Set WikiJS password
+    set_fact:
+      wikijs_db_password: "{{ wikijs_db_secret.data.password | b64decode }}"