diff --git a/dependency/clickhouse/7.0.24/app-changelog.md b/dependency/clickhouse/7.0.24/app-changelog.md deleted file mode 100644 index 1d68acdf52..0000000000 --- a/dependency/clickhouse/7.0.24/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [clickhouse-7.0.24](https://github.com/truecharts/charts/compare/clickhouse-7.0.23...clickhouse-7.0.24) (2023-11-08) - -### Fix - -- emergency portalhook hotpatch - - \ No newline at end of file diff --git a/dependency/clickhouse/7.0.24/charts/common-14.3.4.tgz b/dependency/clickhouse/7.0.24/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/dependency/clickhouse/7.0.24/charts/common-14.3.4.tgz and /dev/null differ diff --git a/dependency/clickhouse/7.0.24/CHANGELOG.md b/dependency/clickhouse/7.0.25/CHANGELOG.md similarity index 95% rename from dependency/clickhouse/7.0.24/CHANGELOG.md rename to dependency/clickhouse/7.0.25/CHANGELOG.md index 3a4c7ba5e9..605fb72e41 100644 --- a/dependency/clickhouse/7.0.24/CHANGELOG.md +++ b/dependency/clickhouse/7.0.25/CHANGELOG.md @@ -4,6 +4,11 @@ +## [clickhouse-7.0.25](https://github.com/truecharts/charts/compare/clickhouse-7.0.24...clickhouse-7.0.25) (2023-11-08) + + + + ## [clickhouse-7.0.24](https://github.com/truecharts/charts/compare/clickhouse-7.0.23...clickhouse-7.0.24) (2023-11-08) ### Fix @@ -92,8 +97,3 @@ - update helm chart common to 14.1.1 ([#14053](https://github.com/truecharts/charts/issues/14053)) - - -## [clickhouse-7.0.14](https://github.com/truecharts/charts/compare/clickhouse-7.0.13...clickhouse-7.0.14) (2023-10-28) - -### Chore diff --git a/dependency/clickhouse/7.0.24/Chart.yaml b/dependency/clickhouse/7.0.25/Chart.yaml similarity index 95% rename from dependency/clickhouse/7.0.24/Chart.yaml rename to dependency/clickhouse/7.0.25/Chart.yaml index be7fe3c5fb..8d10e7ead9 100644 --- a/dependency/clickhouse/7.0.24/Chart.yaml +++ b/dependency/clickhouse/7.0.25/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "23.10.2.13" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 deprecated: false description: ClickHouse is a column-oriented database management system (DBMS) for online analytical processing of queries (OLAP). home: https://truecharts.org/charts/dependency/clickhouse @@ -22,7 +22,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/dependency/clickhouse - https://clickhouse.com/ type: application -version: 7.0.24 +version: 7.0.25 annotations: truecharts.org/category: database truecharts.org/SCALE-support: "true" diff --git a/dependency/clickhouse/7.0.24/README.md b/dependency/clickhouse/7.0.25/README.md similarity index 100% rename from dependency/clickhouse/7.0.24/README.md rename to dependency/clickhouse/7.0.25/README.md diff --git a/dependency/clickhouse/7.0.25/app-changelog.md b/dependency/clickhouse/7.0.25/app-changelog.md new file mode 100644 index 0000000000..3d368ab81e --- /dev/null +++ b/dependency/clickhouse/7.0.25/app-changelog.md @@ -0,0 +1,4 @@ + + +## [clickhouse-7.0.25](https://github.com/truecharts/charts/compare/clickhouse-7.0.24...clickhouse-7.0.25) (2023-11-08) + diff --git a/dependency/clickhouse/7.0.24/app-readme.md b/dependency/clickhouse/7.0.25/app-readme.md similarity index 100% rename from dependency/clickhouse/7.0.24/app-readme.md rename to dependency/clickhouse/7.0.25/app-readme.md diff --git a/dependency/clickhouse/7.0.25/charts/common-14.3.5.tgz b/dependency/clickhouse/7.0.25/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/dependency/clickhouse/7.0.25/charts/common-14.3.5.tgz differ diff --git a/dependency/clickhouse/7.0.24/ix_values.yaml b/dependency/clickhouse/7.0.25/ix_values.yaml similarity index 100% rename from dependency/clickhouse/7.0.24/ix_values.yaml rename to dependency/clickhouse/7.0.25/ix_values.yaml diff --git a/dependency/clickhouse/7.0.24/questions.yaml b/dependency/clickhouse/7.0.25/questions.yaml similarity index 100% rename from dependency/clickhouse/7.0.24/questions.yaml rename to dependency/clickhouse/7.0.25/questions.yaml diff --git a/dependency/clickhouse/7.0.24/templates/NOTES.txt b/dependency/clickhouse/7.0.25/templates/NOTES.txt similarity index 100% rename from dependency/clickhouse/7.0.24/templates/NOTES.txt rename to dependency/clickhouse/7.0.25/templates/NOTES.txt diff --git a/dependency/clickhouse/7.0.24/templates/common.yaml b/dependency/clickhouse/7.0.25/templates/common.yaml similarity index 100% rename from dependency/clickhouse/7.0.24/templates/common.yaml rename to dependency/clickhouse/7.0.25/templates/common.yaml diff --git a/dependency/clickhouse/7.0.24/values.yaml b/dependency/clickhouse/7.0.25/values.yaml similarity index 100% rename from dependency/clickhouse/7.0.24/values.yaml rename to dependency/clickhouse/7.0.25/values.yaml diff --git a/dependency/kube-state-metrics/3.0.36/app-changelog.md b/dependency/kube-state-metrics/3.0.36/app-changelog.md deleted file mode 100644 index fddf2b08db..0000000000 --- a/dependency/kube-state-metrics/3.0.36/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [kube-state-metrics-3.0.36](https://github.com/truecharts/charts/compare/kube-state-metrics-3.0.35...kube-state-metrics-3.0.36) (2023-11-08) - -### Fix - -- emergency portalhook hotpatch - - \ No newline at end of file diff --git a/dependency/kube-state-metrics/3.0.36/charts/common-14.3.4.tgz b/dependency/kube-state-metrics/3.0.36/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/dependency/kube-state-metrics/3.0.36/charts/common-14.3.4.tgz and /dev/null differ diff --git a/dependency/kube-state-metrics/3.0.36/CHANGELOG.md b/dependency/kube-state-metrics/3.0.37/CHANGELOG.md similarity index 94% rename from dependency/kube-state-metrics/3.0.36/CHANGELOG.md rename to dependency/kube-state-metrics/3.0.37/CHANGELOG.md index 77f239bdd2..366fc80cd4 100644 --- a/dependency/kube-state-metrics/3.0.36/CHANGELOG.md +++ b/dependency/kube-state-metrics/3.0.37/CHANGELOG.md @@ -4,6 +4,11 @@ +## [kube-state-metrics-3.0.37](https://github.com/truecharts/charts/compare/kube-state-metrics-3.0.36...kube-state-metrics-3.0.37) (2023-11-08) + + + + ## [kube-state-metrics-3.0.36](https://github.com/truecharts/charts/compare/kube-state-metrics-3.0.35...kube-state-metrics-3.0.36) (2023-11-08) ### Fix @@ -92,8 +97,3 @@ - update helm chart common to 14.0.14 ([#13628](https://github.com/truecharts/charts/issues/13628)) - - - -## [kube-state-metrics-3.0.26](https://github.com/truecharts/charts/compare/kube-state-metrics-3.0.25...kube-state-metrics-3.0.26) (2023-10-11) - diff --git a/dependency/kube-state-metrics/3.0.36/Chart.yaml b/dependency/kube-state-metrics/3.0.37/Chart.yaml similarity index 96% rename from dependency/kube-state-metrics/3.0.36/Chart.yaml rename to dependency/kube-state-metrics/3.0.37/Chart.yaml index 52f9a7f23e..37428b0f8f 100644 --- a/dependency/kube-state-metrics/3.0.36/Chart.yaml +++ b/dependency/kube-state-metrics/3.0.37/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "2.10.0" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 deprecated: false description: kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects. home: https://truecharts.org/charts/dependency/kube-state-metrics @@ -21,7 +21,7 @@ name: kube-state-metrics sources: - https://github.com/truecharts/charts/tree/master/charts/dependency/kube-state-metrics type: application -version: 3.0.36 +version: 3.0.37 annotations: truecharts.org/category: metrics truecharts.org/SCALE-support: "true" diff --git a/dependency/kube-state-metrics/3.0.36/LICENSE b/dependency/kube-state-metrics/3.0.37/LICENSE similarity index 100% rename from dependency/kube-state-metrics/3.0.36/LICENSE rename to dependency/kube-state-metrics/3.0.37/LICENSE diff --git a/dependency/kube-state-metrics/3.0.36/README.md b/dependency/kube-state-metrics/3.0.37/README.md similarity index 100% rename from dependency/kube-state-metrics/3.0.36/README.md rename to dependency/kube-state-metrics/3.0.37/README.md diff --git a/dependency/kube-state-metrics/3.0.37/app-changelog.md b/dependency/kube-state-metrics/3.0.37/app-changelog.md new file mode 100644 index 0000000000..1a99891270 --- /dev/null +++ b/dependency/kube-state-metrics/3.0.37/app-changelog.md @@ -0,0 +1,4 @@ + + +## [kube-state-metrics-3.0.37](https://github.com/truecharts/charts/compare/kube-state-metrics-3.0.36...kube-state-metrics-3.0.37) (2023-11-08) + diff --git a/dependency/kube-state-metrics/3.0.36/app-readme.md b/dependency/kube-state-metrics/3.0.37/app-readme.md similarity index 100% rename from dependency/kube-state-metrics/3.0.36/app-readme.md rename to dependency/kube-state-metrics/3.0.37/app-readme.md diff --git a/dependency/kube-state-metrics/3.0.37/charts/common-14.3.5.tgz b/dependency/kube-state-metrics/3.0.37/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/dependency/kube-state-metrics/3.0.37/charts/common-14.3.5.tgz differ diff --git a/dependency/kube-state-metrics/3.0.36/ix_values.yaml b/dependency/kube-state-metrics/3.0.37/ix_values.yaml similarity index 100% rename from dependency/kube-state-metrics/3.0.36/ix_values.yaml rename to dependency/kube-state-metrics/3.0.37/ix_values.yaml diff --git a/dependency/kube-state-metrics/3.0.36/questions.yaml b/dependency/kube-state-metrics/3.0.37/questions.yaml similarity index 100% rename from dependency/kube-state-metrics/3.0.36/questions.yaml rename to dependency/kube-state-metrics/3.0.37/questions.yaml diff --git a/dependency/kube-state-metrics/3.0.36/templates/NOTES.txt b/dependency/kube-state-metrics/3.0.37/templates/NOTES.txt similarity index 100% rename from dependency/kube-state-metrics/3.0.36/templates/NOTES.txt rename to dependency/kube-state-metrics/3.0.37/templates/NOTES.txt diff --git a/dependency/kube-state-metrics/3.0.36/templates/common.yaml b/dependency/kube-state-metrics/3.0.37/templates/common.yaml similarity index 100% rename from dependency/kube-state-metrics/3.0.36/templates/common.yaml rename to dependency/kube-state-metrics/3.0.37/templates/common.yaml diff --git a/dependency/kube-state-metrics/3.0.36/values.yaml b/dependency/kube-state-metrics/3.0.37/values.yaml similarity index 100% rename from dependency/kube-state-metrics/3.0.36/values.yaml rename to dependency/kube-state-metrics/3.0.37/values.yaml diff --git a/dependency/mariadb/9.0.39/app-changelog.md b/dependency/mariadb/9.0.39/app-changelog.md deleted file mode 100644 index e2b2a24fd0..0000000000 --- a/dependency/mariadb/9.0.39/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [mariadb-9.0.39](https://github.com/truecharts/charts/compare/mariadb-9.0.38...mariadb-9.0.39) (2023-11-08) - -### Fix - -- emergency portalhook hotpatch - - \ No newline at end of file diff --git a/dependency/mariadb/9.0.39/charts/common-14.3.4.tgz b/dependency/mariadb/9.0.39/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/dependency/mariadb/9.0.39/charts/common-14.3.4.tgz and /dev/null differ diff --git a/dependency/mariadb/9.0.39/CHANGELOG.md b/dependency/mariadb/9.0.40/CHANGELOG.md similarity index 95% rename from dependency/mariadb/9.0.39/CHANGELOG.md rename to dependency/mariadb/9.0.40/CHANGELOG.md index dd78eef938..ab2e3721ae 100644 --- a/dependency/mariadb/9.0.39/CHANGELOG.md +++ b/dependency/mariadb/9.0.40/CHANGELOG.md @@ -4,6 +4,11 @@ +## [mariadb-9.0.40](https://github.com/truecharts/charts/compare/mariadb-9.0.39...mariadb-9.0.40) (2023-11-08) + + + + ## [mariadb-9.0.39](https://github.com/truecharts/charts/compare/mariadb-9.0.38...mariadb-9.0.39) (2023-11-08) ### Fix @@ -92,8 +97,3 @@ - update helm chart common to 14.0.14 ([#13628](https://github.com/truecharts/charts/issues/13628)) - - - -## [mariadb-9.0.29](https://github.com/truecharts/charts/compare/mariadb-9.0.28...mariadb-9.0.29) (2023-10-09) - diff --git a/dependency/mariadb/9.0.39/Chart.yaml b/dependency/mariadb/9.0.40/Chart.yaml similarity index 96% rename from dependency/mariadb/9.0.39/Chart.yaml rename to dependency/mariadb/9.0.40/Chart.yaml index 6068832c78..ae1a0d479e 100644 --- a/dependency/mariadb/9.0.39/Chart.yaml +++ b/dependency/mariadb/9.0.40/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "11.1.2" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 deprecated: false description: Fast, reliable, scalable, and easy to use open-source relational database system. home: https://truecharts.org/charts/dependency/mariadb @@ -25,7 +25,7 @@ sources: - https://github.com/prometheus/mysqld_exporter - https://mariadb.org type: application -version: 9.0.39 +version: 9.0.40 annotations: truecharts.org/category: database truecharts.org/SCALE-support: "true" diff --git a/dependency/mariadb/9.0.39/README.md b/dependency/mariadb/9.0.40/README.md similarity index 100% rename from dependency/mariadb/9.0.39/README.md rename to dependency/mariadb/9.0.40/README.md diff --git a/dependency/mariadb/9.0.40/app-changelog.md b/dependency/mariadb/9.0.40/app-changelog.md new file mode 100644 index 0000000000..8f18620958 --- /dev/null +++ b/dependency/mariadb/9.0.40/app-changelog.md @@ -0,0 +1,4 @@ + + +## [mariadb-9.0.40](https://github.com/truecharts/charts/compare/mariadb-9.0.39...mariadb-9.0.40) (2023-11-08) + diff --git a/dependency/mariadb/9.0.39/app-readme.md b/dependency/mariadb/9.0.40/app-readme.md similarity index 100% rename from dependency/mariadb/9.0.39/app-readme.md rename to dependency/mariadb/9.0.40/app-readme.md diff --git a/dependency/mariadb/9.0.40/charts/common-14.3.5.tgz b/dependency/mariadb/9.0.40/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/dependency/mariadb/9.0.40/charts/common-14.3.5.tgz differ diff --git a/dependency/mariadb/9.0.39/ix_values.yaml b/dependency/mariadb/9.0.40/ix_values.yaml similarity index 100% rename from dependency/mariadb/9.0.39/ix_values.yaml rename to dependency/mariadb/9.0.40/ix_values.yaml diff --git a/dependency/mariadb/9.0.39/questions.yaml b/dependency/mariadb/9.0.40/questions.yaml similarity index 100% rename from dependency/mariadb/9.0.39/questions.yaml rename to dependency/mariadb/9.0.40/questions.yaml diff --git a/dependency/mariadb/9.0.39/templates/NOTES.txt b/dependency/mariadb/9.0.40/templates/NOTES.txt similarity index 100% rename from dependency/mariadb/9.0.39/templates/NOTES.txt rename to dependency/mariadb/9.0.40/templates/NOTES.txt diff --git a/dependency/mariadb/9.0.39/templates/common.yaml b/dependency/mariadb/9.0.40/templates/common.yaml similarity index 100% rename from dependency/mariadb/9.0.39/templates/common.yaml rename to dependency/mariadb/9.0.40/templates/common.yaml diff --git a/dependency/mariadb/9.0.39/values.yaml b/dependency/mariadb/9.0.40/values.yaml similarity index 100% rename from dependency/mariadb/9.0.39/values.yaml rename to dependency/mariadb/9.0.40/values.yaml diff --git a/dependency/memcached/8.0.40/app-changelog.md b/dependency/memcached/8.0.40/app-changelog.md deleted file mode 100644 index 7bc6c3e091..0000000000 --- a/dependency/memcached/8.0.40/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [memcached-8.0.40](https://github.com/truecharts/charts/compare/memcached-8.0.39...memcached-8.0.40) (2023-11-08) - -### Fix - -- emergency portalhook hotpatch - - \ No newline at end of file diff --git a/dependency/memcached/8.0.40/charts/common-14.3.4.tgz b/dependency/memcached/8.0.40/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/dependency/memcached/8.0.40/charts/common-14.3.4.tgz and /dev/null differ diff --git a/dependency/memcached/8.0.40/CHANGELOG.md b/dependency/memcached/8.0.41/CHANGELOG.md similarity index 95% rename from dependency/memcached/8.0.40/CHANGELOG.md rename to dependency/memcached/8.0.41/CHANGELOG.md index a3023b5838..7d9f786c13 100644 --- a/dependency/memcached/8.0.40/CHANGELOG.md +++ b/dependency/memcached/8.0.41/CHANGELOG.md @@ -4,6 +4,11 @@ +## [memcached-8.0.41](https://github.com/truecharts/charts/compare/memcached-8.0.40...memcached-8.0.41) (2023-11-08) + + + + ## [memcached-8.0.40](https://github.com/truecharts/charts/compare/memcached-8.0.39...memcached-8.0.40) (2023-11-08) ### Fix @@ -92,8 +97,3 @@ - update helm chart common to 14.0.14 ([#13628](https://github.com/truecharts/charts/issues/13628)) - - - -## [memcached-8.0.30](https://github.com/truecharts/charts/compare/memcached-8.0.29...memcached-8.0.30) (2023-10-09) - diff --git a/dependency/memcached/8.0.40/Chart.yaml b/dependency/memcached/8.0.41/Chart.yaml similarity index 95% rename from dependency/memcached/8.0.40/Chart.yaml rename to dependency/memcached/8.0.41/Chart.yaml index 8cda59a234..1812117d35 100644 --- a/dependency/memcached/8.0.40/Chart.yaml +++ b/dependency/memcached/8.0.41/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "1.6.22" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 deprecated: false description: Memcached is a memory-backed database caching solution home: https://truecharts.org/charts/dependency/memcached @@ -23,7 +23,7 @@ sources: - https://github.com/bitnami/bitnami-docker-memcached - http://memcached.org/ type: application -version: 8.0.40 +version: 8.0.41 annotations: truecharts.org/category: database truecharts.org/SCALE-support: "true" diff --git a/dependency/memcached/8.0.40/README.md b/dependency/memcached/8.0.41/README.md similarity index 100% rename from dependency/memcached/8.0.40/README.md rename to dependency/memcached/8.0.41/README.md diff --git a/dependency/memcached/8.0.41/app-changelog.md b/dependency/memcached/8.0.41/app-changelog.md new file mode 100644 index 0000000000..b07528116a --- /dev/null +++ b/dependency/memcached/8.0.41/app-changelog.md @@ -0,0 +1,4 @@ + + +## [memcached-8.0.41](https://github.com/truecharts/charts/compare/memcached-8.0.40...memcached-8.0.41) (2023-11-08) + diff --git a/dependency/memcached/8.0.40/app-readme.md b/dependency/memcached/8.0.41/app-readme.md similarity index 100% rename from dependency/memcached/8.0.40/app-readme.md rename to dependency/memcached/8.0.41/app-readme.md diff --git a/dependency/memcached/8.0.41/charts/common-14.3.5.tgz b/dependency/memcached/8.0.41/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/dependency/memcached/8.0.41/charts/common-14.3.5.tgz differ diff --git a/dependency/memcached/8.0.40/ix_values.yaml b/dependency/memcached/8.0.41/ix_values.yaml similarity index 100% rename from dependency/memcached/8.0.40/ix_values.yaml rename to dependency/memcached/8.0.41/ix_values.yaml diff --git a/dependency/memcached/8.0.40/questions.yaml b/dependency/memcached/8.0.41/questions.yaml similarity index 100% rename from dependency/memcached/8.0.40/questions.yaml rename to dependency/memcached/8.0.41/questions.yaml diff --git a/dependency/memcached/8.0.40/templates/NOTES.txt b/dependency/memcached/8.0.41/templates/NOTES.txt similarity index 100% rename from dependency/memcached/8.0.40/templates/NOTES.txt rename to dependency/memcached/8.0.41/templates/NOTES.txt diff --git a/dependency/memcached/8.0.40/templates/common.yaml b/dependency/memcached/8.0.41/templates/common.yaml similarity index 100% rename from dependency/memcached/8.0.40/templates/common.yaml rename to dependency/memcached/8.0.41/templates/common.yaml diff --git a/dependency/memcached/8.0.40/values.yaml b/dependency/memcached/8.0.41/values.yaml similarity index 100% rename from dependency/memcached/8.0.40/values.yaml rename to dependency/memcached/8.0.41/values.yaml diff --git a/dependency/mongodb/8.0.37/app-changelog.md b/dependency/mongodb/8.0.37/app-changelog.md deleted file mode 100644 index a2ed3deea7..0000000000 --- a/dependency/mongodb/8.0.37/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [mongodb-8.0.37](https://github.com/truecharts/charts/compare/mongodb-8.0.36...mongodb-8.0.37) (2023-11-08) - -### Fix - -- emergency portalhook hotpatch - - \ No newline at end of file diff --git a/dependency/mongodb/8.0.37/charts/common-14.3.4.tgz b/dependency/mongodb/8.0.37/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/dependency/mongodb/8.0.37/charts/common-14.3.4.tgz and /dev/null differ diff --git a/dependency/mongodb/8.0.37/CHANGELOG.md b/dependency/mongodb/8.0.38/CHANGELOG.md similarity index 95% rename from dependency/mongodb/8.0.37/CHANGELOG.md rename to dependency/mongodb/8.0.38/CHANGELOG.md index 8c2fc0c0ef..937e47f3a6 100644 --- a/dependency/mongodb/8.0.37/CHANGELOG.md +++ b/dependency/mongodb/8.0.38/CHANGELOG.md @@ -4,6 +4,11 @@ +## [mongodb-8.0.38](https://github.com/truecharts/charts/compare/mongodb-8.0.37...mongodb-8.0.38) (2023-11-08) + + + + ## [mongodb-8.0.37](https://github.com/truecharts/charts/compare/mongodb-8.0.36...mongodb-8.0.37) (2023-11-08) ### Fix @@ -92,8 +97,3 @@ - update helm chart common to 14.0.14 ([#13628](https://github.com/truecharts/charts/issues/13628)) - - - -## [mongodb-8.0.27](https://github.com/truecharts/charts/compare/mongodb-8.0.26...mongodb-8.0.27) (2023-10-12) - diff --git a/dependency/mongodb/8.0.37/Chart.yaml b/dependency/mongodb/8.0.38/Chart.yaml similarity index 95% rename from dependency/mongodb/8.0.37/Chart.yaml rename to dependency/mongodb/8.0.38/Chart.yaml index d204a60276..eba1510b5c 100644 --- a/dependency/mongodb/8.0.37/Chart.yaml +++ b/dependency/mongodb/8.0.38/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "7.0.2" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 deprecated: false description: Fast, reliable, scalable, and easy to use open-source no-sql database system. home: https://truecharts.org/charts/dependency/mongodb @@ -23,7 +23,7 @@ sources: - https://github.com/bitnami/bitnami-docker-mongodb - https://www.mongodb.com type: application -version: 8.0.37 +version: 8.0.38 annotations: truecharts.org/category: database truecharts.org/SCALE-support: "true" diff --git a/dependency/mongodb/8.0.37/README.md b/dependency/mongodb/8.0.38/README.md similarity index 100% rename from dependency/mongodb/8.0.37/README.md rename to dependency/mongodb/8.0.38/README.md diff --git a/dependency/mongodb/8.0.38/app-changelog.md b/dependency/mongodb/8.0.38/app-changelog.md new file mode 100644 index 0000000000..fa531b1938 --- /dev/null +++ b/dependency/mongodb/8.0.38/app-changelog.md @@ -0,0 +1,4 @@ + + +## [mongodb-8.0.38](https://github.com/truecharts/charts/compare/mongodb-8.0.37...mongodb-8.0.38) (2023-11-08) + diff --git a/dependency/mongodb/8.0.37/app-readme.md b/dependency/mongodb/8.0.38/app-readme.md similarity index 100% rename from dependency/mongodb/8.0.37/app-readme.md rename to dependency/mongodb/8.0.38/app-readme.md diff --git a/dependency/mongodb/8.0.38/charts/common-14.3.5.tgz b/dependency/mongodb/8.0.38/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/dependency/mongodb/8.0.38/charts/common-14.3.5.tgz differ diff --git a/dependency/mongodb/8.0.37/ix_values.yaml b/dependency/mongodb/8.0.38/ix_values.yaml similarity index 100% rename from dependency/mongodb/8.0.37/ix_values.yaml rename to dependency/mongodb/8.0.38/ix_values.yaml diff --git a/dependency/mongodb/8.0.37/questions.yaml b/dependency/mongodb/8.0.38/questions.yaml similarity index 100% rename from dependency/mongodb/8.0.37/questions.yaml rename to dependency/mongodb/8.0.38/questions.yaml diff --git a/dependency/mongodb/8.0.37/templates/NOTES.txt b/dependency/mongodb/8.0.38/templates/NOTES.txt similarity index 100% rename from dependency/mongodb/8.0.37/templates/NOTES.txt rename to dependency/mongodb/8.0.38/templates/NOTES.txt diff --git a/dependency/mongodb/8.0.37/templates/common.yaml b/dependency/mongodb/8.0.38/templates/common.yaml similarity index 100% rename from dependency/mongodb/8.0.37/templates/common.yaml rename to dependency/mongodb/8.0.38/templates/common.yaml diff --git a/dependency/mongodb/8.0.37/values.yaml b/dependency/mongodb/8.0.38/values.yaml similarity index 100% rename from dependency/mongodb/8.0.37/values.yaml rename to dependency/mongodb/8.0.38/values.yaml diff --git a/dependency/node-exporter/3.0.38/app-changelog.md b/dependency/node-exporter/3.0.38/app-changelog.md deleted file mode 100644 index 7a8de6105f..0000000000 --- a/dependency/node-exporter/3.0.38/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [node-exporter-3.0.38](https://github.com/truecharts/charts/compare/node-exporter-3.0.37...node-exporter-3.0.38) (2023-11-08) - -### Fix - -- emergency portalhook hotpatch - - \ No newline at end of file diff --git a/dependency/node-exporter/3.0.38/charts/common-14.3.4.tgz b/dependency/node-exporter/3.0.38/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/dependency/node-exporter/3.0.38/charts/common-14.3.4.tgz and /dev/null differ diff --git a/dependency/node-exporter/3.0.38/CHANGELOG.md b/dependency/node-exporter/3.0.39/CHANGELOG.md similarity index 95% rename from dependency/node-exporter/3.0.38/CHANGELOG.md rename to dependency/node-exporter/3.0.39/CHANGELOG.md index 62c7a0b191..71a0a3b407 100644 --- a/dependency/node-exporter/3.0.38/CHANGELOG.md +++ b/dependency/node-exporter/3.0.39/CHANGELOG.md @@ -4,6 +4,11 @@ +## [node-exporter-3.0.39](https://github.com/truecharts/charts/compare/node-exporter-3.0.38...node-exporter-3.0.39) (2023-11-08) + + + + ## [node-exporter-3.0.38](https://github.com/truecharts/charts/compare/node-exporter-3.0.37...node-exporter-3.0.38) (2023-11-08) ### Fix @@ -92,8 +97,3 @@ - update container image tccr.io/truecharts/node-exporter to v1.6.1 ([#13501](https://github.com/truecharts/charts/issues/13501)) - - - -## [node-exporter-3.0.28](https://github.com/truecharts/charts/compare/node-exporter-3.0.27...node-exporter-3.0.28) (2023-10-09) - diff --git a/dependency/node-exporter/3.0.38/Chart.yaml b/dependency/node-exporter/3.0.39/Chart.yaml similarity index 95% rename from dependency/node-exporter/3.0.38/Chart.yaml rename to dependency/node-exporter/3.0.39/Chart.yaml index 4fb8655946..035327fa69 100644 --- a/dependency/node-exporter/3.0.38/Chart.yaml +++ b/dependency/node-exporter/3.0.39/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "1.6.1" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 deprecated: false description: Prometheus exporter for hardware and OS metrics exposed by UNIX kernels, with pluggable metric collectors. home: https://truecharts.org/charts/dependency/node-exporter @@ -21,7 +21,7 @@ name: node-exporter sources: - https://github.com/truecharts/charts/tree/master/charts/dependency/node-exporter type: application -version: 3.0.38 +version: 3.0.39 annotations: truecharts.org/category: metrics truecharts.org/SCALE-support: "true" diff --git a/dependency/node-exporter/3.0.38/LICENSE b/dependency/node-exporter/3.0.39/LICENSE similarity index 100% rename from dependency/node-exporter/3.0.38/LICENSE rename to dependency/node-exporter/3.0.39/LICENSE diff --git a/dependency/node-exporter/3.0.38/README.md b/dependency/node-exporter/3.0.39/README.md similarity index 100% rename from dependency/node-exporter/3.0.38/README.md rename to dependency/node-exporter/3.0.39/README.md diff --git a/dependency/node-exporter/3.0.39/app-changelog.md b/dependency/node-exporter/3.0.39/app-changelog.md new file mode 100644 index 0000000000..faf1b24e6a --- /dev/null +++ b/dependency/node-exporter/3.0.39/app-changelog.md @@ -0,0 +1,4 @@ + + +## [node-exporter-3.0.39](https://github.com/truecharts/charts/compare/node-exporter-3.0.38...node-exporter-3.0.39) (2023-11-08) + diff --git a/dependency/node-exporter/3.0.38/app-readme.md b/dependency/node-exporter/3.0.39/app-readme.md similarity index 100% rename from dependency/node-exporter/3.0.38/app-readme.md rename to dependency/node-exporter/3.0.39/app-readme.md diff --git a/dependency/node-exporter/3.0.39/charts/common-14.3.5.tgz b/dependency/node-exporter/3.0.39/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/dependency/node-exporter/3.0.39/charts/common-14.3.5.tgz differ diff --git a/dependency/node-exporter/3.0.38/ix_values.yaml b/dependency/node-exporter/3.0.39/ix_values.yaml similarity index 100% rename from dependency/node-exporter/3.0.38/ix_values.yaml rename to dependency/node-exporter/3.0.39/ix_values.yaml diff --git a/dependency/node-exporter/3.0.38/questions.yaml b/dependency/node-exporter/3.0.39/questions.yaml similarity index 100% rename from dependency/node-exporter/3.0.38/questions.yaml rename to dependency/node-exporter/3.0.39/questions.yaml diff --git a/dependency/node-exporter/3.0.38/templates/NOTES.txt b/dependency/node-exporter/3.0.39/templates/NOTES.txt similarity index 100% rename from dependency/node-exporter/3.0.38/templates/NOTES.txt rename to dependency/node-exporter/3.0.39/templates/NOTES.txt diff --git a/dependency/node-exporter/3.0.38/templates/common.yaml b/dependency/node-exporter/3.0.39/templates/common.yaml similarity index 100% rename from dependency/node-exporter/3.0.38/templates/common.yaml rename to dependency/node-exporter/3.0.39/templates/common.yaml diff --git a/dependency/node-exporter/3.0.38/values.yaml b/dependency/node-exporter/3.0.39/values.yaml similarity index 100% rename from dependency/node-exporter/3.0.38/values.yaml rename to dependency/node-exporter/3.0.39/values.yaml diff --git a/dependency/redis/8.0.43/app-changelog.md b/dependency/redis/8.0.43/app-changelog.md deleted file mode 100644 index bc50471429..0000000000 --- a/dependency/redis/8.0.43/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [redis-8.0.43](https://github.com/truecharts/charts/compare/redis-8.0.42...redis-8.0.43) (2023-11-08) - -### Fix - -- emergency portalhook hotpatch - - \ No newline at end of file diff --git a/dependency/redis/8.0.43/charts/common-14.3.4.tgz b/dependency/redis/8.0.43/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/dependency/redis/8.0.43/charts/common-14.3.4.tgz and /dev/null differ diff --git a/dependency/redis/8.0.43/CHANGELOG.md b/dependency/redis/8.0.44/CHANGELOG.md similarity index 95% rename from dependency/redis/8.0.43/CHANGELOG.md rename to dependency/redis/8.0.44/CHANGELOG.md index fa0fec9298..62ff867192 100644 --- a/dependency/redis/8.0.43/CHANGELOG.md +++ b/dependency/redis/8.0.44/CHANGELOG.md @@ -4,6 +4,11 @@ +## [redis-8.0.44](https://github.com/truecharts/charts/compare/redis-8.0.43...redis-8.0.44) (2023-11-08) + + + + ## [redis-8.0.43](https://github.com/truecharts/charts/compare/redis-8.0.42...redis-8.0.43) (2023-11-08) ### Fix @@ -92,8 +97,3 @@ - update container image tccr.io/truecharts/redis to v7.2.2 ([#13740](https://github.com/truecharts/charts/issues/13740)) - - - -## [redis-8.0.33](https://github.com/truecharts/charts/compare/redis-8.0.32...redis-8.0.33) (2023-10-15) - diff --git a/dependency/redis/8.0.43/Chart.yaml b/dependency/redis/8.0.44/Chart.yaml similarity index 95% rename from dependency/redis/8.0.43/Chart.yaml rename to dependency/redis/8.0.44/Chart.yaml index 49c4121fd3..44d77784a8 100644 --- a/dependency/redis/8.0.43/Chart.yaml +++ b/dependency/redis/8.0.44/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "7.2.3" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 deprecated: false description: Open source, advanced key-value store. home: https://truecharts.org/charts/dependency/redis @@ -23,7 +23,7 @@ sources: - https://github.com/bitnami/bitnami-docker-redis - http://redis.io/ type: application -version: 8.0.43 +version: 8.0.44 annotations: truecharts.org/category: database truecharts.org/SCALE-support: "true" diff --git a/dependency/redis/8.0.43/README.md b/dependency/redis/8.0.44/README.md similarity index 100% rename from dependency/redis/8.0.43/README.md rename to dependency/redis/8.0.44/README.md diff --git a/dependency/redis/8.0.44/app-changelog.md b/dependency/redis/8.0.44/app-changelog.md new file mode 100644 index 0000000000..920e01e989 --- /dev/null +++ b/dependency/redis/8.0.44/app-changelog.md @@ -0,0 +1,4 @@ + + +## [redis-8.0.44](https://github.com/truecharts/charts/compare/redis-8.0.43...redis-8.0.44) (2023-11-08) + diff --git a/dependency/redis/8.0.43/app-readme.md b/dependency/redis/8.0.44/app-readme.md similarity index 100% rename from dependency/redis/8.0.43/app-readme.md rename to dependency/redis/8.0.44/app-readme.md diff --git a/dependency/redis/8.0.44/charts/common-14.3.5.tgz b/dependency/redis/8.0.44/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/dependency/redis/8.0.44/charts/common-14.3.5.tgz differ diff --git a/dependency/redis/8.0.43/ix_values.yaml b/dependency/redis/8.0.44/ix_values.yaml similarity index 100% rename from dependency/redis/8.0.43/ix_values.yaml rename to dependency/redis/8.0.44/ix_values.yaml diff --git a/dependency/redis/8.0.43/questions.yaml b/dependency/redis/8.0.44/questions.yaml similarity index 100% rename from dependency/redis/8.0.43/questions.yaml rename to dependency/redis/8.0.44/questions.yaml diff --git a/dependency/redis/8.0.43/templates/NOTES.txt b/dependency/redis/8.0.44/templates/NOTES.txt similarity index 100% rename from dependency/redis/8.0.43/templates/NOTES.txt rename to dependency/redis/8.0.44/templates/NOTES.txt diff --git a/dependency/redis/8.0.43/templates/common.yaml b/dependency/redis/8.0.44/templates/common.yaml similarity index 100% rename from dependency/redis/8.0.43/templates/common.yaml rename to dependency/redis/8.0.44/templates/common.yaml diff --git a/dependency/redis/8.0.43/values.yaml b/dependency/redis/8.0.44/values.yaml similarity index 100% rename from dependency/redis/8.0.43/values.yaml rename to dependency/redis/8.0.44/values.yaml diff --git a/dependency/solr/6.0.40/app-changelog.md b/dependency/solr/6.0.40/app-changelog.md deleted file mode 100644 index b5d4fd5c05..0000000000 --- a/dependency/solr/6.0.40/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [solr-6.0.40](https://github.com/truecharts/charts/compare/solr-6.0.39...solr-6.0.40) (2023-11-08) - -### Fix - -- emergency portalhook hotpatch - - \ No newline at end of file diff --git a/dependency/solr/6.0.40/charts/common-14.3.4.tgz b/dependency/solr/6.0.40/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/dependency/solr/6.0.40/charts/common-14.3.4.tgz and /dev/null differ diff --git a/dependency/solr/6.0.40/CHANGELOG.md b/dependency/solr/6.0.41/CHANGELOG.md similarity index 95% rename from dependency/solr/6.0.40/CHANGELOG.md rename to dependency/solr/6.0.41/CHANGELOG.md index bfe112ec52..663fbc9a28 100644 --- a/dependency/solr/6.0.40/CHANGELOG.md +++ b/dependency/solr/6.0.41/CHANGELOG.md @@ -4,6 +4,11 @@ +## [solr-6.0.41](https://github.com/truecharts/charts/compare/solr-6.0.40...solr-6.0.41) (2023-11-08) + + + + ## [solr-6.0.40](https://github.com/truecharts/charts/compare/solr-6.0.39...solr-6.0.40) (2023-11-08) ### Fix @@ -92,8 +97,3 @@ - update helm chart common to 14.0.14 ([#13628](https://github.com/truecharts/charts/issues/13628)) - - - -## [solr-6.0.30](https://github.com/truecharts/charts/compare/solr-6.0.29...solr-6.0.30) (2023-10-12) - diff --git a/dependency/solr/6.0.40/Chart.yaml b/dependency/solr/6.0.41/Chart.yaml similarity index 95% rename from dependency/solr/6.0.40/Chart.yaml rename to dependency/solr/6.0.41/Chart.yaml index 076c19f47a..edb2a98445 100644 --- a/dependency/solr/6.0.40/Chart.yaml +++ b/dependency/solr/6.0.41/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "9.4.0" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 deprecated: false description: Apache Solr home: https://truecharts.org/charts/dependency/solr @@ -22,7 +22,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/dependency/solr - https://github.com/apache/solr type: application -version: 6.0.40 +version: 6.0.41 annotations: truecharts.org/category: search truecharts.org/SCALE-support: "true" diff --git a/dependency/solr/6.0.40/README.md b/dependency/solr/6.0.41/README.md similarity index 100% rename from dependency/solr/6.0.40/README.md rename to dependency/solr/6.0.41/README.md diff --git a/dependency/solr/6.0.41/app-changelog.md b/dependency/solr/6.0.41/app-changelog.md new file mode 100644 index 0000000000..763f7389ca --- /dev/null +++ b/dependency/solr/6.0.41/app-changelog.md @@ -0,0 +1,4 @@ + + +## [solr-6.0.41](https://github.com/truecharts/charts/compare/solr-6.0.40...solr-6.0.41) (2023-11-08) + diff --git a/dependency/solr/6.0.40/app-readme.md b/dependency/solr/6.0.41/app-readme.md similarity index 100% rename from dependency/solr/6.0.40/app-readme.md rename to dependency/solr/6.0.41/app-readme.md diff --git a/dependency/solr/6.0.41/charts/common-14.3.5.tgz b/dependency/solr/6.0.41/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/dependency/solr/6.0.41/charts/common-14.3.5.tgz differ diff --git a/dependency/solr/6.0.40/ix_values.yaml b/dependency/solr/6.0.41/ix_values.yaml similarity index 100% rename from dependency/solr/6.0.40/ix_values.yaml rename to dependency/solr/6.0.41/ix_values.yaml diff --git a/dependency/solr/6.0.40/questions.yaml b/dependency/solr/6.0.41/questions.yaml similarity index 100% rename from dependency/solr/6.0.40/questions.yaml rename to dependency/solr/6.0.41/questions.yaml diff --git a/dependency/solr/6.0.40/templates/NOTES.txt b/dependency/solr/6.0.41/templates/NOTES.txt similarity index 100% rename from dependency/solr/6.0.40/templates/NOTES.txt rename to dependency/solr/6.0.41/templates/NOTES.txt diff --git a/dependency/solr/6.0.40/templates/common.yaml b/dependency/solr/6.0.41/templates/common.yaml similarity index 100% rename from dependency/solr/6.0.40/templates/common.yaml rename to dependency/solr/6.0.41/templates/common.yaml diff --git a/dependency/solr/6.0.40/values.yaml b/dependency/solr/6.0.41/values.yaml similarity index 100% rename from dependency/solr/6.0.40/values.yaml rename to dependency/solr/6.0.41/values.yaml diff --git a/enterprise/authelia/19.0.9/CHANGELOG.md b/enterprise/authelia/19.0.9/CHANGELOG.md new file mode 100644 index 0000000000..b0a7d2b944 --- /dev/null +++ b/enterprise/authelia/19.0.9/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [authelia-19.0.9](https://github.com/truecharts/charts/compare/authelia-19.0.8...authelia-19.0.9) (2023-11-08) + + + + +## [authelia-19.0.8](https://github.com/truecharts/charts/compare/authelia-19.0.7...authelia-19.0.8) (2023-11-08) + + + + +## [authelia-19.0.7](https://github.com/truecharts/charts/compare/authelia-19.0.6...authelia-19.0.7) (2023-11-08) + +### Chore + +- update helm general non-major ([#14454](https://github.com/truecharts/charts/issues/14454)) + + ### Fix + +- fix doc mistakes breaking rendering on docusaurus 3.0 + + + + +## [authelia-19.0.6](https://github.com/truecharts/charts/compare/authelia-19.0.5...authelia-19.0.6) (2023-11-05) + +### Chore + +- update helm general non-major ([#14365](https://github.com/truecharts/charts/issues/14365)) + + + + +## [authelia-19.0.5](https://github.com/truecharts/charts/compare/authelia-19.0.4...authelia-19.0.5) (2023-11-03) + +### Chore + +- update helm general non-major ([#14287](https://github.com/truecharts/charts/issues/14287)) + + + + +## [authelia-19.0.4](https://github.com/truecharts/charts/compare/authelia-19.0.3...authelia-19.0.4) (2023-10-29) + +### Chore + +- Fix typo in categories and make them singular ([#13693](https://github.com/truecharts/charts/issues/13693)) + - update helm general non-major ([#14094](https://github.com/truecharts/charts/issues/14094)) + + + + +## [authelia-19.0.3](https://github.com/truecharts/charts/compare/authelia-19.0.2...authelia-19.0.3) (2023-10-08) + +### Chore + +- dont quote bools + + + + +## [authelia-19.0.2](https://github.com/truecharts/charts/compare/authelia-19.0.1...authelia-19.0.2) (2023-10-08) + +### Chore + +- run precocmit ([#13387](https://github.com/truecharts/charts/issues/13387)) + + ### Fix + +- handle input that might be transalted into objects/arrays ([#13319](https://github.com/truecharts/charts/issues/13319)) + + + + +## [authelia-19.0.1](https://github.com/truecharts/charts/compare/authelia-19.0.0...authelia-19.0.1) (2023-10-07) + +### Chore + +- update helm general non-major ([#13386](https://github.com/truecharts/charts/issues/13386)) + + + + +## [authelia-19.0.0](https://github.com/truecharts/charts/compare/authelia-18.1.0...authelia-19.0.0) (2023-10-07) + +### Chore + +- update helm general major (major) ([#11104](https://github.com/truecharts/charts/issues/11104)) + + + + +## [authelia-18.1.0](https://github.com/truecharts/charts/compare/authelia-18.0.0...authelia-18.1.0) (2023-08-16) + diff --git a/enterprise/authelia/19.0.9/Chart.yaml b/enterprise/authelia/19.0.9/Chart.yaml new file mode 100644 index 0000000000..9fc9af82e7 --- /dev/null +++ b/enterprise/authelia/19.0.9/Chart.yaml @@ -0,0 +1,42 @@ +apiVersion: v2 +appVersion: "4.37.5" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 14.3.5 + - condition: redis.enabled + name: redis + repository: https://deps.truecharts.org + version: 8.0.42 +deprecated: false +description: Authelia is a Single Sign-On Multi-Factor portal for web apps +home: https://truecharts.org/charts/enterprise/authelia +icon: https://truecharts.org/img/hotlink-ok/chart-icons/authelia.png +keywords: + - authelia + - authentication + - login + - SSO + - Authentication + - Security + - Two-Factor + - U2F + - YubiKey + - Push Notifications + - LDAP +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: authelia +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/authelia + - https://github.com/authelia/chartrepo + - https://github.com/authelia/authelia +type: application +version: 19.0.9 +annotations: + truecharts.org/category: security + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/clusterissuer/4.2.8/LICENSE b/enterprise/authelia/19.0.9/LICENSE similarity index 100% rename from enterprise/clusterissuer/4.2.8/LICENSE rename to enterprise/authelia/19.0.9/LICENSE diff --git a/enterprise/blocky/9.0.6/README.md b/enterprise/authelia/19.0.9/README.md similarity index 100% rename from enterprise/blocky/9.0.6/README.md rename to enterprise/authelia/19.0.9/README.md diff --git a/enterprise/authelia/19.0.9/app-changelog.md b/enterprise/authelia/19.0.9/app-changelog.md new file mode 100644 index 0000000000..f2fddd2a11 --- /dev/null +++ b/enterprise/authelia/19.0.9/app-changelog.md @@ -0,0 +1,4 @@ + + +## [authelia-19.0.9](https://github.com/truecharts/charts/compare/authelia-19.0.8...authelia-19.0.9) (2023-11-08) + diff --git a/enterprise/authelia/19.0.9/app-readme.md b/enterprise/authelia/19.0.9/app-readme.md new file mode 100644 index 0000000000..9417c0c13d --- /dev/null +++ b/enterprise/authelia/19.0.9/app-readme.md @@ -0,0 +1,8 @@ +Authelia is a Single Sign-On Multi-Factor portal for web apps + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/authelia](https://truecharts.org/charts/enterprise/authelia) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/authelia/19.0.9/charts/common-14.3.5.tgz b/enterprise/authelia/19.0.9/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/enterprise/authelia/19.0.9/charts/common-14.3.5.tgz differ diff --git a/enterprise/blocky/9.0.6/charts/redis-8.0.42.tgz b/enterprise/authelia/19.0.9/charts/redis-8.0.42.tgz similarity index 100% rename from enterprise/blocky/9.0.6/charts/redis-8.0.42.tgz rename to enterprise/authelia/19.0.9/charts/redis-8.0.42.tgz diff --git a/enterprise/authelia/19.0.9/ix_values.yaml b/enterprise/authelia/19.0.9/ix_values.yaml new file mode 100644 index 0000000000..e27c2e05ed --- /dev/null +++ b/enterprise/authelia/19.0.9/ix_values.yaml @@ -0,0 +1,652 @@ +image: + repository: tccr.io/truecharts/authelia + pullPolicy: IfNotPresent + tag: 4.37.5@sha256:76a4617539534cec140fd98a12f721b878524f2df3a3653f3df8ff2b7eaab586 +manifestManager: + enabled: true +workload: + main: + replicas: 2 + strategy: RollingUpdate + podSpec: + containers: + main: + command: + - authelia + args: + - --config=/configuration.yaml + envFrom: + - configMapRef: + name: authelia-paths + probes: + liveness: + type: http + path: "/api/health" + + readiness: + type: http + path: "/api/health" + + startup: + type: http + path: "/api/health" + +service: + main: + ports: + main: + port: 9091 + targetPort: 9091 + +persistence: + config: + enabled: true + mountPath: "/config" + +cnpg: + main: + enabled: true + user: authelia + database: authelia + +# Enabled redis +# ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis +redis: + enabled: true + +domain: example.com + +## +## Server Configuration +## +server: + ## + ## Port sets the configured port for the daemon, service, and the probes. + ## Default is 9091 and should not need to be changed. + ## + port: 9091 + + ## Buffers usually should be configured to be the same value. + ## Explanation at https://www.authelia.com/docs/configuration/server.html + ## Read buffer size adjusts the server's max incoming request size in bytes. + ## Write buffer size does the same for outgoing responses. + read_buffer_size: 4096 + write_buffer_size: 4096 + ## Set the single level path Authelia listens on. + ## Must be alphanumeric chars and should not contain any slashes. + path: "" + +log: + ## Level of verbosity for logs: info, debug, trace. + level: trace + + ## Format the logs are written as: json, text. + format: text + + ## TODO: Statefulness check should check if this is set, and the configMap should enable it. + ## File path where the logs will be written. If not set logs are written to stdout. + # file_path: /config/authelia.log + +## Default redirection URL +## +## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end +## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use +## in such a case. +## +## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication. +## Default is https://www. (value at the top of the values.yaml). +default_redirection_url: "" +# default_redirection_url: https://example.com + +theme: light + +## +## TOTP Configuration +## +## Parameters used for TOTP generation +totp: + ## The issuer name displayed in the Authenticator application of your choice + ## See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names + ## Defaults to . + issuer: "" + ## The period in seconds a one-time password is current for. Changing this will require all users to register + ## their TOTP applications again. Warning: before changing period read the docs link below. + period: 30 + ## The skew controls number of one-time passwords either side of the current one that are valid. + ## Warning: before changing skew read the docs link below. + ## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation. + skew: 1 + +## +## Password Policy Config +## +## Parameters used for Password Policies +password_policy: + ## See: https://www.authelia.com/configuration/security/password-policy/ + standard: + enabled: false + min_length: 8 + max_length: 0 + require_uppercase: false + require_lowercase: false + require_number: false + require_special: false + zxcvbn: + ## See https://www.authelia.com/configuration/security/password-policy/#zxcvbn for more info + enabled: false + min_score: 3 + +## +## Duo Push API Configuration +## +## Parameters used to contact the Duo API. Those are generated when you protect an application of type +## "Partner Auth API" in the management panel. +duo_api: + enabled: false + hostname: api-123456789.example.com + integration_key: ABCDEF + plain_api_key: "" + +## NTP settings + +ntp: + address: "time.cloudflare.com:123" + version: 4 + max_desync: 3s + disable_startup_check: false + disable_failure: true + +## +## Authentication Backend Provider Configuration +## +## Used for verifying user passwords and retrieve information such as email address and groups users belong to. +## +## The available providers are: `file`, `ldap`. You must use one and only one of these providers. +authentication_backend: + ## Disable both the HTML element and the API for reset password functionality + disable_reset_password: false + + ## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation. + ## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will + ## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP. + ## To force update on every request you can set this to '0' or 'always', this will increase processor demand. + ## See the below documentation for more information. + ## Duration Notation docs: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + ## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval + refresh_interval: 5m + + ## LDAP backend configuration. + ## + ## This backend allows Authelia to be scaled to more + ## than one instance and therefore is recommended for + ## production. + ldap: + ## Enable LDAP Backend. + enabled: false + + ## The LDAP implementation, this affects elements like the attribute utilised for resetting a password. + ## Acceptable options are as follows: + ## - 'activedirectory' - For Microsoft Active Directory. + ## - 'custom' - For custom specifications of attributes and filters. + ## This currently defaults to 'custom' to maintain existing behaviour. + ## + ## Depending on the option here certain other values in this section have a default value, notably all of the + ## attribute mappings have a default value that this config overrides, you can read more about these default values + ## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults + implementation: activedirectory + + ## The url to the ldap server. Format: ://
[:]. + ## Scheme can be ldap or ldaps in the format (port optional). + url: ldap://openldap.default.svc.cluster.local + + ## Connection Timeout. + timeout: 5s + + ## Use StartTLS with the LDAP connection. + start_tls: false + + tls: + ## Server Name for certificate validation (in case it's not set correctly in the URL). + server_name: "" + + ## Skip verifying the server certificate (to allow a self-signed certificate). + ## In preference to setting this we strongly recommend you add the public portion of the certificate to the + ## certificates directory which is defined by the `certificates_directory` option at the top of the config. + skip_verify: false + + ## Minimum TLS version for either Secure LDAP or LDAP StartTLS. + minimum_version: TLS1.2 + + ## The base dn for every LDAP query. + base_dn: DC=example,DC=com + + ## The attribute holding the username of the user. This attribute is used to populate the username in the session + ## information. It was introduced due to #561 to handle case insensitive search queries. For you information, + ## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this + ## attribute holds the unique identifiers for the users binding the user and the configuration stored in database. + ## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user + ## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also + ## be used but we don't recommend using them, we instead advise to use the attributes mentioned above + ## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt. + username_attribute: "" + + ## An additional dn to define the scope to all users. + additional_users_dn: OU=Users + + ## The users filter used in search queries to find the user profile based on input filled in login form. + ## Various placeholders are available in the user filter: + ## - {input} is a placeholder replaced by what the user inputs in the login form. + ## - {username_attribute} is a mandatory placeholder replaced by what is configured in `username_attribute`. + ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`. + ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later + ## versions, so please don't use it. + ## + ## Recommended settings are as follows: + ## - Microsoft Active Directory: (&({username_attribute}={input})(objectCategory=person)(objectClass=user)) + ## - OpenLDAP: + ## - (&({username_attribute}={input})(objectClass=person)) + ## - (&({username_attribute}={input})(objectClass=inetOrgPerson)) + ## + ## To allow sign in both with username and email, one can use a filter like + ## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)) + users_filter: "" + + ## An additional dn to define the scope of groups. + additional_groups_dn: OU=Groups + + ## The groups filter used in search queries to find the groups of the user. + ## - {input} is a placeholder replaced by what the user inputs in the login form. + ## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`). + ## - {dn} is a matcher replaced by the user distinguished name, aka, user DN. + ## - {username_attribute} is a placeholder replaced by what is configured in `username_attribute`. + ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`. + ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later + ## versions, so please don't use it. + ## - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in + ## later version, so please don't use it. + ## + ## If your groups use the `groupOfUniqueNames` structure use this instead: + ## (&(uniquemember={dn})(objectclass=groupOfUniqueNames)) + groups_filter: "" + + ## The attribute holding the name of the group + group_name_attribute: "" + + ## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the + ## first one returned by the LDAP server is used. + mail_attribute: "" + + ## The attribute holding the display name of the user. This will be used to greet an authenticated user. + display_name_attribute: "" + + ## The username of the admin user. + user: CN=Authelia,DC=example,DC=com + plain_password: "" + + ## + ## File (Authentication Provider) + ## + ## With this backend, the users database is stored in a file which is updated when users reset their passwords. + ## Therefore, this backend is meant to be used in a dev environment and not in production since it prevents Authelia + ## to be scaled to more than one instance. The options under 'password' have sane defaults, and as it has security + ## implications it is highly recommended you leave the default values. Before considering changing these settings + ## please read the docs page below: + ## https://www.authelia.com/docs/configuration/authentication/file.html#password-hash-algorithm-tuning + ## + ## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html + ## + file: + enabled: true + path: /config/users_database.yml + password: + algorithm: argon2id + iterations: 1 + key_length: 32 + salt_length: 16 + memory: 1024 + parallelism: 8 + +## +## Access Control Configuration +## +## Access control is a list of rules defining the authorizations applied for one resource to users or group of users. +## +## If 'access_control' is not defined, ACL rules are disabled and the 'bypass' rule is applied, i.e., access is allowed +## to anyone. Otherwise restrictions follow the rules defined. +## +## Note: One can use the wildcard * to match any subdomain. +## It must stand at the beginning of the pattern. (example: *.mydomain.com) +## +## Note: You must put patterns containing wildcards between simple quotes for the YAML to be syntactically correct. +## +## Definition: A 'rule' is an object with the following keys: 'domain', 'subject', 'policy' and 'resources'. +## +## - 'domain' defines which domain or set of domains the rule applies to. +## +## - 'subject' defines the subject to apply authorizations to. This parameter is optional and matching any user if not +## provided. If provided, the parameter represents either a user or a group. It should be of the form +## 'user:' or 'group:'. +## +## - 'policy' is the policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'. +## +## - 'resources' is a list of regular expressions that matches a set of resources to apply the policy to. This parameter +## is optional and matches any resource if not provided. +## +## Note: the order of the rules is important. The first policy matching (domain, resource, subject) applies. +access_control: + ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any + ## resource if there is no policy to be applied to the user. + default_policy: deny + + networks: [] + # networks: + # - name: private + # networks: + # - 10.0.0.0/8 + # - 172.16.0.0/12 + # - 192.168.0.0/16 + # - name: vpn + # networks: + # - 10.9.0.0/16 + + rules: [] + # rules: + # - domain: public.example.com + # policy: bypass + # - domain: "*.example.com" + # policy: bypass + # methods: + # - OPTIONS + # - domain: secure.example.com + # policy: one_factor + # networks: + # - private + # - vpn + # - 192.168.1.0/24 + # - 10.0.0.1 + # - domain: + # - secure.example.com + # - private.example.com + # policy: two_factor + # - domain: singlefactor.example.com + # policy: one_factor + # - domain: "mx2.mail.example.com" + # subject: "group:admins" + # policy: deny + # - domain: "*.example.com" + # subject: + # - "group:admins" + # - "group:moderators" + # policy: two_factor + # - domain: dev.example.com + # resources: + # - "^/groups/dev/.*$" + # subject: "group:dev" + # policy: two_factor + # - domain: dev.example.com + # resources: + # - "^/users/john/.*$" + # subject: + # - ["group:dev", "user:john"] + # - "group:admins" + # policy: two_factor + # - domain: "{user}.example.com" + # policy: bypass + +## +## Session Provider Configuration +## +## The session cookies identify the user once logged in. +## The available providers are: `memory`, `redis`. Memory is the provider unless redis is defined. +session: + ## The name of the session cookie. (default: authelia_session). + name: authelia_session + + ## Sets the Cookie SameSite value. Possible options are none, lax, or strict. + ## Please read https://www.authelia.com/docs/configuration/session.html#same_site + same_site: lax + + ## The time in seconds before the cookie expires and session is reset. + expiration: 1h + + ## The inactivity time in seconds before the session is reset. + inactivity: 5m + + ## The remember me duration. + ## Value is in seconds, or duration notation. Value of 0 disables remember me. + ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + ## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to + ## spy or attack. Currently the default is 1M or 1 month. + remember_me_duration: 1M + +## +## Redis Provider +## +## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html +## +## The redis connection details +redisProvider: + port: 6379 + + ## Optional username to be used with authentication. + # username: authelia + username: "" + + ## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc). + database_index: 0 + + ## The maximum number of concurrent active connections to Redis. + maximum_active_connections: 8 + + ## The target number of idle connections to have open ready for work. Useful when opening connections is slow. + minimum_idle_connections: 0 + + ## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s). + tls: + enabled: false + + ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option). + server_name: "" + + ## Skip verifying the server certificate (to allow a self-signed certificate). + ## In preference to setting this we strongly recommend you add the public portion of the certificate to the + ## certificates directory which is defined by the `certificates_directory` option at the top of the config. + skip_verify: false + + ## Minimum TLS version for the connection. + minimum_version: TLS1.2 + + ## The Redis HA configuration options. + ## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name). + high_availability: + enabled: false + enabledSecret: false + ## Sentinel Name / Master Name + sentinel_name: mysentinel + + ## The additional nodes to pre-seed the redis provider with (for sentinel). + ## If the host in the above section is defined, it will be combined with this list to connect to sentinel. + ## For high availability to be used you must have either defined; the host above or at least one node below. + nodes: [] + # nodes: + # - host: sentinel-0.databases.svc.cluster.local + # port: 26379 + # - host: sentinel-1.databases.svc.cluster.local + # port: 26379 + + ## Choose the host with the lowest latency. + route_by_latency: false + + ## Choose the host randomly. + route_randomly: false + +## +## Regulation Configuration +## +## This mechanism prevents attackers from brute forcing the first factor. It bans the user if too many attempts are done +## in a short period of time. +regulation: + ## The number of failed login attempts before user is banned. Set it to 0 to disable regulation. + max_retries: 3 + + ## The time range during which the user can attempt login before being banned. The user is banned if the + ## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation. + ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + find_time: 2m + + ## The length of time before a banned user can login again. Ban Time accepts duration notation. + ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + ban_time: 5m + +## +## Storage Provider Configuration +## +## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers. +storage: + ## + ## PostgreSQL (Storage Provider) + ## + postgres: + port: 5432 + database: authelia + username: authelia + sslmode: disable + timeout: 5s + +## +## Notification Provider +## +## +## Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration. +## The available providers are: filesystem, smtp. You must use one and only one of these providers. +notifier: + ## You can disable the notifier startup check by setting this to true. + disable_startup_check: false + + ## + ## File System (Notification Provider) + ## + ## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html + ## + filesystem: + enabled: true + filename: /config/notification.txt + + ## + ## SMTP (Notification Provider) + ## + ## Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate. + ## [Security] By default Authelia will: + ## - force all SMTP connections over TLS including unauthenticated connections + ## - use the disable_require_tls boolean value to disable this requirement + ## (only works for unauthenticated connections) + ## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates + ## (configure in tls section) + smtp: + enabled: false + enabledSecret: false + host: smtp.mail.svc.cluster.local + port: 25 + timeout: 5s + username: test + plain_password: test + sender: admin@example.com + ## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost. + identifier: localhost + ## Subject configuration of the emails sent. + ## {title} is replaced by the text from the notifier + subject: "[Authelia] {title}" + ## This address is used during the startup check to verify the email configuration is correct. + ## It's not important what it is except if your email server only allows local delivery. + startup_check_address: test@authelia.com + disable_require_tls: false + disable_html_emails: false + + tls: + ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option). + server_name: "" + + ## Skip verifying the server certificate (to allow a self-signed certificate). + ## In preference to setting this we strongly recommend you add the public portion of the certificate to the + ## certificates directory which is defined by the `certificates_directory` option at the top of the config. + skip_verify: false + + ## Minimum TLS version for either StartTLS or SMTPS. + minimum_version: TLS1.2 + +identity_providers: + oidc: + ## Enables this in the config map. Currently in beta stage. + ## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap + enabled: false + + access_token_lifespan: 1h + authorize_code_lifespan: 1m + id_token_lifespan: 1h + refresh_token_lifespan: 90m + + enable_client_debug_messages: false + + ## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for + ## security reasons. + minimum_parameter_entropy: 8 + + clients: [] + # clients: + # - + ## The ID is the OpenID Connect ClientID which is used to link an application to a configuration. + # id: myapp + + ## The description to show to users when they end up on the consent screen. Defaults to the ID above. + # description: My Application + + ## The client secret is a shared secret between Authelia and the consumer of this client. + # secret: apple123 + + ## Sets the client to public. This should typically not be set, please see the documentation for usage. + # public: false + + ## The policy to require for this client; one_factor or two_factor. + # authorization_policy: two_factor + + ## Configures the consent mode; auto, explicit or implicit + # consent_mode: auto + + ## Audience this client is allowed to request. + # audience: [] + + ## Scopes this client is allowed to request. + # scopes: + # - openid + # - profile + # - email + # - groups + + ## Redirect URI's specifies a list of valid case-sensitive callbacks for this client. + # redirect_uris: + # - https://oidc.example.com/oauth2/callback + + ## Grant Types configures which grants this client can obtain. + ## It's not recommended to configure this unless you know what you're doing. + # grant_types: + # - refresh_token + # - authorization_code + + ## Response Types configures which responses this client can be sent. + ## It's not recommended to configure this unless you know what you're doing. + # response_types: + # - code + + ## Response Modes configures which response modes this client supports. + ## It's not recommended to configure this unless you know what you're doing. + # response_modes: + # - form_post + # - query + # - fragment + + ## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256. + # userinfo_signing_algorithm: none + +portal: + open: + enabled: true diff --git a/enterprise/authelia/19.0.9/questions.yaml b/enterprise/authelia/19.0.9/questions.yaml new file mode 100644 index 0000000000..007b87672f --- /dev/null +++ b/enterprise/authelia/19.0.9/questions.yaml @@ -0,0 +1,3084 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 2 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + - variable: domain + group: "App Configuration" + label: "Domain" + description: "The highest domain level possible, for example: domain.com when using app.domain.com" + schema: + type: string + default: "" + required: true + - variable: default_redirection_url + group: "App Configuration" + label: "Default Redirection URL" + description: "If user tries to authenticate without any referrer, this is used" + schema: + type: string + default: "" + valid_chars: '^https?:\/\/(.*)' + - variable: theme + group: "App Configuration" + label: "Theme" + schema: + type: string + default: "auto" + enum: + - value: "auto" + description: "auto" + - value: "light" + description: "light" + - value: "grey" + description: "grey" + - value: "dark" + description: "dark" + - variable: log + group: "App Configuration" + label: "Log Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log Level" + schema: + type: string + default: "info" + enum: + - value: "info" + description: "info" + - value: "debug" + description: "debug" + - value: "trace" + description: "trace" + - variable: format + label: "Log Format" + schema: + type: string + default: "text" + enum: + - value: "json" + description: "json" + - value: "text" + description: "text" + - variable: totp + group: "App Configuration" + label: "TOTP Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: issuer + label: "Issuer" + description: "The issuer name displayed in the Authenticator application of your choice" + schema: + type: string + default: "" + - variable: period + label: "Period" + description: "The period in seconds a one-time password is current for" + schema: + type: int + default: 30 + - variable: skew + label: "skew" + description: "Controls number of one-time passwords either side of the current one that are valid." + schema: + type: int + default: 1 + - variable: password_policy + group: "App Configuration" + label: "Password Policy Configuration" + description: "Authelia allows administrators to configure an enforced password policy." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: standard + label: Standard + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + - variable: min_length + label: "Minimum Password Length" + description: "Minimum Password Length" + schema: + type: int + required: true + show_if: [["enabled", "=", true]] + default: 8 + - variable: max_length + label: "Max Passsword Length" + description: "Max Password Length" + schema: + type: int + required: true + show_if: [["enabled", "=", true]] + default: 0 + - variable: require_uppercase + label: "Require Upppercase" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + required: true + - variable: require_lowercase + label: "Require Lowercase" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + required: true + - variable: require_number + label: "Require Numbers" + description: "Require Numbers in the password" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + required: true + - variable: require_special + label: "Require Special Characters" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: zxcvbn + label: zxcvbn + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + required: true + - variable: min_score + label: "Min Score" + schema: + type: int + required: true + show_if: [["enabled", "=", true]] + default: 3 + - variable: duo_api + group: "App Configuration" + label: "DUO API Configuration" + description: "Parameters used to contact the Duo API." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostname + label: "Hostname" + schema: + type: string + required: true + default: "" + - variable: integration_key + label: "integration_key" + schema: + type: string + default: "" + required: true + - variable: plain_api_key + label: "plain_api_key" + schema: + type: string + default: "" + required: true + - variable: session + group: "App Configuration" + label: "Session Provider" + description: "The session cookies identify the user once logged in." + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Cookie Name" + description: "The name of the session cookie." + schema: + type: string + required: true + default: "authelia_session" + - variable: same_site + label: "SameSite Value" + description: "Sets the Cookie SameSite value" + schema: + type: string + default: "lax" + enum: + - value: "lax" + description: "lax" + - value: "strict" + description: "strict" + - variable: expiration + label: "Expiration Time" + description: "The time in seconds before the cookie expires and session is reset." + schema: + type: string + default: "1h" + required: true + - variable: inactivity + label: "Inactivity Time" + description: "The inactivity time in seconds before the session is reset." + schema: + type: string + default: "5m" + required: true + - variable: remember_me_duration + label: "Remember-Me duration" + description: "The remember me duration" + schema: + type: string + default: "5M" + required: true + - variable: regulation + group: "App Configuration" + label: "Regulation Configuration" + description: "This mechanism prevents attackers from brute forcing the first factor." + schema: + additional_attrs: true + type: dict + attrs: + - variable: max_retries + label: "Maximum Retries" + description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation." + schema: + type: int + default: 3 + - variable: find_time + label: "Find Time" + description: "The time range during which the user can attempt login before being banned." + schema: + type: string + default: "2m" + required: true + - variable: ban_time + label: "Ban Duration" + description: "The length of time before a banned user can login again" + schema: + type: string + default: "5m" + required: true + - variable: authentication_backend + group: "App Configuration" + label: "Authentication Backend Provider" + description: "sed for verifying user passwords and retrieve information such as email address and groups users belong to." + schema: + additional_attrs: true + type: dict + attrs: + - variable: disable_reset_password + label: "Disable Reset Password" + description: "Disable both the HTML element and the API for reset password functionality" + schema: + type: boolean + default: false + - variable: refresh_interval + label: "Reset Interval" + description: "The amount of time to wait before we refresh data from the authentication backend" + schema: + type: string + default: "5m" + required: true + - variable: ldap + label: "LDAP backend configuration" + description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: implementation + label: "Implementation" + description: "The LDAP implementation, this affects elements like the attribute utilized for resetting a password" + schema: + type: string + default: "custom" + enum: + - value: "activedirectory" + description: "Active Directory" + - value: "custom" + description: "Custom" + - variable: url + label: "URL" + description: "The url to the ldap server. Format: ://
[:]" + schema: + type: string + default: "ldap://openldap.default.svc.cluster.local" + required: true + - variable: timeout + label: "Connection Timeout" + schema: + type: string + default: "5s" + required: true + - variable: start_tls + label: "Start TLS" + description: "Use StartTLS with the LDAP connection" + schema: + type: boolean + default: false + - variable: tls + label: "TLS Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: server_name + label: "Server Name" + description: "Server Name for certificate validation (in case it's not set correctly in the URL)." + schema: + type: string + default: "" + - variable: skip_verify + label: "Skip Certificate Verification" + description: "Skip verifying the server certificate (to allow a self-signed certificate)" + schema: + type: boolean + default: false + - variable: minimum_version + label: "Minimum TLS version" + description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS." + schema: + type: string + default: "TLS1.2" + enum: + - value: "TLS1.0" + description: "TLS1.0" + - value: "TLS1.1" + description: "TLS1.1" + - value: "TLS1.2" + description: "TLS1.2" + - value: "TLS1.3" + description: "TLS1.3" + - variable: base_dn + label: "Base DN" + description: "The base dn for every LDAP query." + schema: + type: string + default: "DC=example,DC=com" + required: true + - variable: username_attribute + label: "Username Attribute" + description: "The attribute holding the username of the user" + schema: + type: string + default: "" + required: true + - variable: additional_users_dn + label: "Additional Users DN" + description: "An additional dn to define the scope to all users." + schema: + type: string + default: "OU=Users" + required: true + - variable: users_filter + label: "Users Filter" + description: "The groups filter used in search queries to find the groups of the user." + schema: + type: string + default: "" + required: true + - variable: additional_groups_dn + label: "Additional Groups DN" + description: "An additional dn to define the scope of groups." + schema: + type: string + default: "OU=Groups" + required: true + - variable: groups_filter + label: "Groups Filter" + description: "The groups filter used in search queries to find the groups of the user." + schema: + type: string + default: "" + required: true + - variable: group_name_attribute + label: "Group name Attribute" + description: "The attribute holding the name of the group" + schema: + type: string + default: "" + required: true + - variable: mail_attribute + label: "Mail Attribute" + description: "The attribute holding the primary mail address of the user" + schema: + type: string + default: "" + required: true + - variable: display_name_attribute + label: "Display Name Attribute" + description: "he attribute holding the display name of the user. This will be used to greet an authenticated user." + schema: + type: string + default: "" + - variable: user + label: "Admin User" + description: "The username of the admin user used to connect to LDAP." + schema: + type: string + default: "CN=Authelia,DC=example,DC=com" + required: true + - variable: plain_password + label: "Password" + schema: + type: string + default: "" + required: true + - variable: file + label: "File backend configuration" + description: "With this backend, the users database is stored in a file which is updated when users reset their passwords." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: path + label: "Path" + schema: + type: string + default: "/config/users_database.yml" + required: true + - variable: password + label: "Password Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: algorithm + label: "Algorithm" + schema: + type: string + default: "argon2id" + enum: + - value: "argon2id" + description: "argon2id" + - value: "sha512" + description: "sha512" + - variable: iterations + label: "Iterations" + schema: + type: int + default: 1 + required: true + - variable: key_length + label: "Key Length" + schema: + type: int + default: 32 + required: true + - variable: salt_length + label: "Salt Length" + schema: + type: int + default: 16 + required: true + - variable: memory + label: "Memory" + schema: + type: int + default: 1024 + required: true + - variable: parallelism + label: "Parallelism" + schema: + type: int + default: 8 + required: true + - variable: notifier + group: "App Configuration" + label: "Notifier Configuration" + description: "Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: disable_startup_check + label: "Disable Startup Check" + schema: + type: boolean + default: false + - variable: filesystem + label: "Filesystem Provider" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filename + label: "File Path" + schema: + type: string + default: "/config/notification.txt" + required: true + - variable: smtp + label: "SMTP Provider" + description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: host + label: "Host" + schema: + type: string + default: "smtp.mail.svc.cluster.local" + required: true + - variable: port + label: "Port" + schema: + type: int + default: 25 + required: true + - variable: timeout + label: "Timeout" + schema: + type: string + default: "5s" + required: true + - variable: username + label: "Username" + schema: + type: string + default: "" + - variable: plain_password + label: "Password" + schema: + type: string + default: "" + - variable: sender + label: "Sender" + schema: + type: string + default: "" + required: true + - variable: identifier + label: "Identifier" + description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost." + schema: + type: string + default: "localhost" + required: true + - variable: subject + label: "Subject" + description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier" + schema: + type: string + default: "[Authelia] {title}" + required: true + - variable: startup_check_address + label: "Startup Check Address" + description: "This address is used during the startup check to verify the email configuration is correct." + schema: + type: string + default: "test@authelia.com" + required: true + - variable: disable_require_tls + label: "Disable Require TLS" + schema: + type: boolean + default: false + - variable: disable_html_emails + label: "Disable HTML emails" + schema: + type: boolean + default: false + - variable: tls + label: "TLS Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: server_name + label: "Server Name" + description: "Server Name for certificate validation (in case it's not set correctly in the URL)." + schema: + type: string + default: "" + - variable: skip_verify + label: "Skip Certificate Verification" + description: "Skip verifying the server certificate (to allow a self-signed certificate)" + schema: + type: boolean + default: false + - variable: minimum_version + label: "Minimum TLS version" + description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS." + schema: + type: string + default: "TLS1.2" + enum: + - value: "TLS1.0" + description: "TLS1.0" + - value: "TLS1.1" + description: "TLS1.1" + - value: "TLS1.2" + description: "TLS1.2" + - value: "TLS1.3" + description: "TLS1.3" + - variable: access_control + group: "App Configuration" + label: "Access Control Configuration" + description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users." + schema: + additional_attrs: true + type: dict + attrs: + - variable: default_policy + label: "Default Policy" + description: "Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'." + schema: + type: string + default: "two_factor" + enum: + - value: "bypass" + description: "bypass" + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - value: "deny" + description: "deny" + - variable: networks + label: "Networks" + schema: + type: list + default: [] + items: + - variable: networkItem + label: "Network Item" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + - variable: networks + label: "Networks" + schema: + type: list + default: [] + items: + - variable: network + label: "network" + schema: + type: string + default: "" + required: true + - variable: rules + label: "Rules" + schema: + type: list + default: [] + items: + - variable: rulesItem + label: "Rule" + schema: + additional_attrs: true + type: dict + attrs: + - variable: domain + label: "Domains" + description: "defines which domain or set of domains the rule applies to." + schema: + type: list + default: [] + items: + - variable: domainEntry + label: "Domain" + schema: + type: string + default: "" + required: true + - variable: policy + label: "Policy" + description: "The policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'." + schema: + type: string + default: "two_factor" + enum: + - value: "bypass" + description: "bypass" + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - value: "deny" + description: "deny" + - variable: subject + label: "Subject" + description: "defines the subject to apply authorizations to. This parameter is optional and matching any user if not provided" + schema: + type: list + default: [] + items: + - variable: subjectitem + label: "Subject" + schema: + type: string + default: "" + required: true + - variable: networks + label: "Networks" + schema: + type: list + default: [] + items: + - variable: network + label: "Network" + schema: + type: string + default: "" + required: true + - variable: resources + label: "Resources" + description: "is a list of regular expressions that matches a set of resources to apply the policy to" + schema: + type: list + default: [] + items: + - variable: resource + label: "Resource" + schema: + type: string + default: "" + required: true + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 9091 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: config + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + show_if: [["advanced", "=", true]] + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + show_if: [["advanced", "=", true]] + default: false + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: certificateIssuer + label: certificateIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: identity_providers + group: "Advanced" + label: "Authelia Identity Providers (BETA)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: oidc + label: "OpenID Connect(BETA)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: access_token_lifespan + label: "Access Token Lifespan" + schema: + type: string + default: "1h" + required: true + - variable: authorize_code_lifespan + label: "Authorize Code Lifespan" + schema: + type: string + default: "1m" + required: true + - variable: id_token_lifespan + label: "ID Token Lifespan" + schema: + type: string + default: "1h" + required: true + - variable: refresh_token_lifespan + label: "Refresh Token Lifespan" + schema: + type: string + default: "90m" + required: true + - variable: enable_client_debug_messages + label: "Enable Client Debug Messages" + schema: + type: boolean + default: false + - variable: clients + label: "Clients" + schema: + type: list + default: [] + items: + - variable: clientEntry + label: "Client" + schema: + additional_attrs: true + type: dict + attrs: + - variable: id + label: "ID/Name" + description: "The ID is the OpenID Connect ClientID which is used to link an application to a configuration." + schema: + type: string + default: "myapp" + required: true + - variable: description + label: "Description" + description: "The description to show to users when they end up on the consent screen. Defaults to the ID above." + schema: + type: string + default: "My Application" + required: true + - variable: secret + label: "Secret" + description: "The client secret is a shared secret between Authelia and the consumer of this client." + schema: + type: string + default: "" + required: true + - variable: public + label: "public" + description: "Sets the client to public. This should typically not be set, please see the documentation for usage." + schema: + type: boolean + default: false + - variable: authorization_policy + label: "Authorization Policy" + description: "The policy to require for this client; one_factor or two_factor." + schema: + type: string + default: "two_factor" + enum: + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - variable: consent_mode + label: "Consent Mode" + description: "Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.)" + schema: + type: string + default: "auto" + enum: + - value: "auto" + description: "auto" + - value: "explicit" + description: "explicit" + - value: "implicit" + description: "implicit" + - variable: userinfo_signing_algorithm + label: "Userinfo Signing Algorithm" + description: "The algorithm used to sign userinfo endpoint responses for this client, either none or RS256." + schema: + type: string + default: "none" + enum: + - value: "none" + description: "none" + - value: "RS256" + description: "RS256" + - variable: audience + label: "Audience" + description: "Audience this client is allowed to request." + schema: + type: list + default: [] + items: + - variable: audienceEntry + label: "" + schema: + type: string + default: "" + required: true + - variable: scopes + label: "Scopes" + description: "Scopes this client is allowed to request." + schema: + type: list + default: [] + items: + - variable: ScopeEntry + label: "Scope" + schema: + type: string + default: "openid" + required: true + - variable: redirect_uris + label: "redirect_uris" + description: "Redirect URI's specifies a list of valid case-sensitive callbacks for this client." + schema: + type: list + default: [] + items: + - variable: uriEntry + label: "Url" + schema: + type: string + default: "https://oidc.example.com/oauth2/callback" + required: true + - variable: grant_types + description: "Grant Types configures which grants this client can obtain." + label: "grant_types" + schema: + type: list + default: [] + items: + - variable: grantEntry + label: "Grant" + schema: + type: string + default: "refresh_token" + required: true + - variable: response_types + description: "Response Types configures which responses this client can be sent." + label: "response_types" + schema: + type: list + default: [] + items: + - variable: responseEntry + label: "type" + schema: + type: string + default: "code" + required: true + - variable: response_modes + description: "Response Modes configures which response modes this client supports." + label: "response_modes" + schema: + type: list + default: [] + items: + - variable: modeEntry + label: "Mode" + schema: + type: string + default: "form_post" + required: true + - variable: cnpg + group: Postgresql + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Postgresql Database" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 2 + - variable: hibernate + label: Hibernate + description: "enable to safely hibernate and shutdown the postgresql cluster" + schema: + type: boolean + default: false + - variable: storage + label: "Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: walsize + label: Walsize + schema: + type: string + default: "256Gi" + - variable: pooler + label: "Pooler" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 2 + - variable: Monitoring + label: "Metrics" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enablePodMonitor + label: "enablePodMonitor" + schema: + type: boolean + default: true + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/blocky/9.0.6/templates/NOTES.txt b/enterprise/authelia/19.0.9/templates/NOTES.txt similarity index 100% rename from enterprise/blocky/9.0.6/templates/NOTES.txt rename to enterprise/authelia/19.0.9/templates/NOTES.txt diff --git a/enterprise/authelia/19.0.9/templates/_configmap.tpl b/enterprise/authelia/19.0.9/templates/_configmap.tpl new file mode 100644 index 0000000000..92fcd45a4a --- /dev/null +++ b/enterprise/authelia/19.0.9/templates/_configmap.tpl @@ -0,0 +1,363 @@ +{{/* Define the configmap */}} +{{- define "authelia.configmap.paths" -}} +enabled: true +data: + AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true" + AUTHELIA_JWT_SECRET_FILE: "/secrets/JWT_TOKEN" + AUTHELIA_SESSION_SECRET_FILE: "/secrets/SESSION_ENCRYPTION_KEY" + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: "/secrets/ENCRYPTION_KEY" + AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: "/secrets/STORAGE_PASSWORD" + {{- if .Values.authentication_backend.ldap.enabled }} + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE: "/secrets/LDAP_PASSWORD" + {{- end }} + {{- if .Values.notifier.smtp.enabled }} + AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: "/secrets/SMTP_PASSWORD" + {{- end }} + AUTHELIA_SESSION_REDIS_PASSWORD_FILE: "/secrets/REDIS_PASSWORD" + {{- if .Values.redisProvider.high_availability.enabled }} + AUTHELIA_SESSION_REDIS_HIGH_AVAILABILITY_SENTINEL_PASSWORD_FILE: "/secrets/REDIS_SENTINEL_PASSWORD" + {{- end }} + {{- if .Values.duo_api.enabled }} + AUTHELIA_DUO_API_SECRET_KEY_FILE: "/secrets/DUO_API_KEY" + {{- end }} + {{- if .Values.identity_providers.oidc.enabled }} + AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: "/secrets/OIDC_HMAC_SECRET" + AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: "/secrets/OIDC_PRIVATE_KEY" + {{- end }} + +{{- end -}} + +{{- define "authelia.configmap.configfile" -}} +enabled: true +data: + configuration.yaml: | + --- + theme: {{ .Values.theme | default "light" }} + default_redirection_url: {{ default (printf "https://www.%s" .Values.domain) .Values.default_redirection_url }} + ntp: + address: {{ .Values.ntp.address | default "time.cloudflare.com:123" }} + version: {{ .Values.ntp.version | default 4 }} + max_desync: {{ .Values.ntp.max_desync | default "3s" }} + disable_startup_check: {{ .Values.ntp.disable_startup_check | default false }} + disable_failure: {{ .Values.ntp.disable_failure | default true }} + server: + host: 0.0.0.0 + port: {{ .Values.server.port | default 9091 }} + {{- if ne "" (.Values.server.path | default "") }} + path: {{ .Values.server.path }} + {{- end }} + buffers: + write: {{ .Values.server.write_buffer_size | default 4096 }} + read: {{ .Values.server.read_buffer_size | default 4096 }} + enable_pprof: {{ .Values.server.enable_pprof | default false }} + enable_expvars: {{ .Values.server.enable_expvars | default false }} + log: + level: {{ .Values.log.level | default "info" }} + format: {{ .Values.log.format | default "text" }} + {{- if ne "" (.Values.log.file_path | default "") }} + file_path: {{ .Values.log.file_path }} + keep_stdout: true + {{- end }} + totp: + issuer: {{ .Values.totp.issuer | default .Values.domain }} + period: {{ .Values.totp.period | default 30 }} + skew: {{ .Values.totp.skew | default 1 }} + {{- if .Values.password_policy.enabled }} + password_policy: + standard: + enabled: {{ .Values.password_policy.standard.enabled | default false }} + min_length: {{ .Values.password_policy.standard.min_length | default 8 }} + max_length: {{ .Values.password_policy.standard.max_length | default 0 }} + require_uppercase: {{ .Values.password_policy.standard.require_uppercase | default false }} + require_lowercase: {{ .Values.password_policy.standard.require_lowercase | default false }} + require_number: {{ .Values.password_policy.standard.require_number | default false }} + require_special: {{ .Values.password_policy.standard.require_special | default false }} + zxcvbn: + enabled: {{ .Values.password_policy.zxcvbn.enabled | default false }} + min_score: {{ .Values.password_policy.zxcvbn.min_score | default 3 }} + {{- end -}} + {{- if .Values.duo_api.enabled }} + duo_api: + hostname: {{ .Values.duo_api.hostname }} + integration_key: {{ .Values.duo_api.integration_key }} + {{- end -}} + {{- with $auth := .Values.authentication_backend }} + authentication_backend: + password_reset: + disable: {{ $auth.disable_reset_password }} + {{- if $auth.file.enabled }} + file: + path: {{ $auth.file.path }} + password: + {{- $p := $auth.file.password -}} + {{- if $p.algorithm }} + algorithm: {{ $p.algorithm }} + {{- end -}} + {{- if $p.iterations }} + iterations: {{ $p.iterations }} + {{- end -}} + {{- if $p.key_length }} + key_length: {{ $p.key_length }} + {{- end -}} + {{- if $p.salt_length }} + salt_length: {{ $p.salt_length }} + {{- end -}} + {{- if $p.memory }} + memory: {{ $p.memory }} + {{- end -}} + {{- if $p.parallelism }} + parallelism: {{ $p.parallelism }} + {{- end -}} + {{- end -}} + {{- if $auth.ldap.enabled }} + ldap: + implementation: {{ $auth.ldap.implementation | default "custom" }} + url: {{ $auth.ldap.url }} + timeout: {{ $auth.ldap.timeout | default "5s" }} + start_tls: {{ $auth.ldap.start_tls }} + tls: + {{- if hasKey $auth.ldap.tls "server_name" }} + server_name: {{ $auth.ldap.tls.server_name | default $auth.ldap.host }} + {{- end }} + minimum_version: {{ $auth.ldap.tls.minimum_version | default "TLS1.2" }} + skip_verify: {{ $auth.ldap.tls.skip_verify | default false }} + {{- if $auth.ldap.base_dn }} + base_dn: {{ $auth.ldap.base_dn }} + {{- end -}} + {{- if $auth.ldap.username_attribute }} + username_attribute: {{ $auth.ldap.username_attribute }} + {{- end -}} + {{- if $auth.ldap.additional_users_dn }} + additional_users_dn: {{ $auth.ldap.additional_users_dn }} + {{- end -}} + {{- if $auth.ldap.users_filter }} + users_filter: {{ $auth.ldap.users_filter }} + {{- end -}} + {{- if $auth.ldap.additional_groups_dn }} + additional_groups_dn: {{ $auth.ldap.additional_groups_dn }} + {{- end -}} + {{- if $auth.ldap.groups_filter }} + groups_filter: {{ $auth.ldap.groups_filter }} + {{- end -}} + {{- if $auth.ldap.group_name_attribute }} + group_name_attribute: {{ $auth.ldap.group_name_attribute }} + {{- end -}} + {{- if $auth.ldap.mail_attribute }} + mail_attribute: {{ $auth.ldap.mail_attribute }} + {{- end -}} + {{- if $auth.ldap.display_name_attribute }} + display_name_attribute: {{ $auth.ldap.display_name_attribute }} + {{- end }} + user: {{ $auth.ldap.user }} + {{- end -}} + {{- end -}} + {{- with $session := .Values.session }} + session: + name: {{ $session.name | default "authelia_session" }} + domain: {{ required "A valid .Values.domain entry required!" $.Values.domain }} + same_site: {{ $session.same_site | default "lax" }} + expiration: {{ $session.expiration | default "1M" }} + inactivity: {{ $session.inactivity | default "5m" }} + remember_me_duration: {{ $session.remember_me_duration | default "1M" }} + {{- end }} + redis: + host: {{ .Values.redis.creds.plain }} + {{- with $redis := .Values.redisProvider }} + port: {{ $redis.port | default 6379 }} + {{- if not (eq $redis.username "") }} + username: {{ $redis.username }} + {{- end }} + maximum_active_connections: {{ $redis.maximum_active_connections | default 8 }} + minimum_idle_connections: {{ $redis.minimum_idle_connections | default 0 }} + {{- if $redis.tls.enabled }} + tls: + server_name: {{ $redis.tls.server_name }} + minimum_version: {{ $redis.tls.minimum_version | default "TLS1.2" }} + skip_verify: {{ $redis.tls.skip_verify }} + {{- end }} + {{- if $redis.high_availability.enabled }} + high_availability: + sentinel_name: {{ $redis.high_availability.sentinel_name }} + {{- if $redis.high_availability.nodes }} + nodes: + {{- range $node := $redis.high_availability.nodes }} + - host: {{ $node.host }} + port: {{ $node.port | default 26379 }} + {{- end -}} + {{- end }} + route_by_latency: {{ $redis.high_availability.route_by_latency }} + route_randomly: {{ $redis.high_availability.route_randomly }} + {{- end }} + {{- end }} + regulation: + max_retries: {{ .Values.regulation.max_retries | default 3 }} + find_time: {{ .Values.regulation.find_time | default "1m" }} + ban_time: {{ .Values.regulation.ban_time | default "5m" }} + storage: + postgres: + host: {{ $.Values.cnpg.main.creds.host }} + {{- with $storage := .Values.storage }} + port: {{ $storage.postgres.port | default 5432 }} + database: {{ $storage.postgres.database | default "authelia" }} + username: {{ $storage.postgres.username | default "authelia" }} + timeout: {{ $storage.postgres.timeout | default "5s" }} + ssl: + mode: {{ $storage.postgres.sslmode | default "disable" }} + {{- end }} + {{- with $notifier := .Values.notifier }} + notifier: + disable_startup_check: {{ $.Values.notifier.disable_startup_check }} + {{- if $notifier.filesystem.enabled }} + filesystem: + filename: {{ $notifier.filesystem.filename }} + {{- end }} + {{- if $notifier.smtp.enabled }} + smtp: + host: {{ $notifier.smtp.host }} + port: {{ $notifier.smtp.port | default 25 }} + timeout: {{ $notifier.smtp.timeout | default "5s" }} + {{- with $notifier.smtp.username }} + username: {{ . }} + {{- end }} + sender: {{ $notifier.smtp.sender | quote }} + identifier: {{ $notifier.smtp.identifier | quote }} + subject: {{ $notifier.smtp.subject | quote }} + startup_check_address: {{ $notifier.smtp.startup_check_address | quote }} + disable_require_tls: {{ $notifier.smtp.disable_require_tls }} + disable_html_emails: {{ $notifier.smtp.disable_html_emails }} + tls: + server_name: {{ $notifier.smtp.tls.server_name | default $notifier.smtp.host }} + minimum_version: {{ $notifier.smtp.tls.minimum_version | default "TLS1.2" }} + skip_verify: {{ $notifier.smtp.tls.skip_verify | default false }} + {{- end }} + {{- end }} + {{- if .Values.identity_providers.oidc.enabled }} + identity_providers: + oidc: + access_token_lifespan: {{ .Values.identity_providers.oidc.access_token_lifespan | default "1h" }} + authorize_code_lifespan: {{ .Values.identity_providers.oidc.authorize_code_lifespan | default "1m" }} + id_token_lifespan: {{ .Values.identity_providers.oidc.id_token_lifespan | default "1h" }} + refresh_token_lifespan: {{ .Values.identity_providers.oidc.refresh_token_lifespan | default "90m" }} + enable_client_debug_messages: {{ .Values.identity_providers.oidc.enable_client_debug_messages | default false }} + minimum_parameter_entropy: {{ .Values.identity_providers.oidc.minimum_parameter_entropy | default 8 }} + {{- if .Values.identity_providers.oidc.clients }} + clients: + {{- range $client := .Values.identity_providers.oidc.clients }} + - id: {{ $client.id }} + description: {{ $client.description | default $client.id }} + secret: {{ $client.secret | default (randAlphaNum 128) }} + {{- if $client.public }} + public: {{ $client.public }} + {{- end }} + authorization_policy: {{ $client.authorization_policy | default "two_factor" }} + consent_mode: {{ $client.consent_mode | default "auto" }} + redirect_uris: + {{- range $client.redirect_uris }} + - {{ . }} + {{- end }} + {{- if $client.audience }} + audience: + {{- range $client.audience }} + - {{ . }} + {{- end }} + {{- end }} + scopes: + {{- range ($client.scopes | default (list "openid" "profile" "email" "groups")) }} + - {{ . }} + {{- end }} + grant_types: + {{- range ($client.grant_types | default (list "refresh_token" "authorization_code")) }} + - {{ . }} + {{- end }} + response_types: + {{- range ($client.response_types | default (list "code")) }} + - {{ . }} + {{- end }} + {{- if $client.response_modes }} + response_modes: + {{- range $client.response_modes }} + - {{ . }} + {{- end }} + {{- end }} + userinfo_signing_algorithm: {{ $client.userinfo_signing_algorithm | default "none" }} + {{- end }} + {{- end }} + {{- end }} + access_control: + {{- if not .Values.access_control.rules }} + {{- if (eq .Values.access_control.default_policy "bypass") }} + default_policy: one_factor + {{- else if (eq .Values.access_control.default_policy "deny") }} + default_policy: two_factor + {{- else }} + default_policy: {{ .Values.access_control.default_policy }} + {{- end }} + {{- else }} + default_policy: {{ .Values.access_control.default_policy }} + {{- end }} + + {{- if not .Values.access_control.networks }} + networks: [] + {{- else }} + networks: + {{- range $net := .Values.access_control.networks }} + - name: {{ $net.name }} + networks: + {{- range $net.networks }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + + {{- if not .Values.access_control.rules }} + rules: [] + {{- else }} + rules: + {{- range $rule := .Values.access_control.rules }} + {{- if $rule.domain }} + - domain: + {{- if kindIs "string" $rule.domain }} + - {{ $rule.domain | squote }} + {{- else -}} + {{- range $rule.domain }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end -}} + {{- with $rule.policy }} + policy: {{ . }} + {{- end -}} + {{- if $rule.networks }} + networks: + {{- if kindIs "string" $rule.networks }} + - {{ $rule.networks | squote }} + {{- else -}} + {{- range $rule.networks }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- if $rule.subject }} + subject: + {{- if kindIs "string" $rule.subject }} + - {{ $rule.subject | squote }} + {{- else -}} + {{- range $rule.subject }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- if $rule.resources }} + resources: + {{- if kindIs "string" $rule.resources }} + - {{ $rule.resources | squote }} + {{- else -}} + {{- range $rule.resources }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + ... +{{- end -}} diff --git a/enterprise/authelia/19.0.9/templates/_secrets.tpl b/enterprise/authelia/19.0.9/templates/_secrets.tpl new file mode 100644 index 0000000000..14ed88d973 --- /dev/null +++ b/enterprise/authelia/19.0.9/templates/_secrets.tpl @@ -0,0 +1,53 @@ +{{/* Define the secrets */}} +{{- define "authelia.secrets" -}} +{{- $basename := include "tc.v1.common.lib.chart.names.fullname" $ -}} +{{- $fetchname := printf "%s-authelia-secrets" $basename -}} + +{{/* Initialize all keys */}} +{{- $oidckey := genPrivateKey "rsa" }} +{{- $oidcsecret := randAlphaNum 32 }} +{{- $jwtsecret := randAlphaNum 50 }} +{{- $sessionsecret := randAlphaNum 50 }} +{{- $encryptionkey := randAlphaNum 100 }} + +enabled: true +data: + {{ with (lookup "v1" "Secret" .Release.Namespace $fetchname) }} + {{/* Get previous values and decode */}} + {{ $sessionsecret = (index .data "SESSION_ENCRYPTION_KEY") | b64dec }} + {{ $jwtsecret = (index .data "JWT_TOKEN") | b64dec }} + {{ $encryptionkey = (index .data "ENCRYPTION_KEY") | b64dec }} + + {{/* Check if those keys ever existed. as OIDC is optional */}} + {{ if and (hasKey .data "OIDC_PRIVATE_KEY") (hasKey .data "OIDC_HMAC_SECRET") }} + {{ $oidckey = (index .data "OIDC_PRIVATE_KEY") | b64dec }} + {{ $oidcsecret = (index .data "OIDC_HMAC_SECRET") | b64dec }} + {{ end }} + {{ end }} + SESSION_ENCRYPTION_KEY: {{ $sessionsecret }} + JWT_TOKEN: {{ $jwtsecret }} + ENCRYPTION_KEY: {{ $encryptionkey }} + + {{- if .Values.authentication_backend.ldap.enabled }} + LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password }} + {{- end }} + + {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }} + SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password }} + {{- end }} + + {{- if .Values.duo_api.enabled }} + DUO_API_KEY: {{ .Values.duo_api.plain_api_key }} + {{- end }} + + STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }} + + REDIS_PASSWORD: {{ .Values.redis.creds.redisPassword | trimAll "\"" }} + {{- if .Values.redisProvider.high_availability.enabled }} + REDIS_SENTINEL_PASSWORD: {{ .Values.redis.sentinelPassword | trimAll "\"" }} + {{- end }} + + OIDC_PRIVATE_KEY: | + {{- $oidckey | nindent 4 }} + OIDC_HMAC_SECRET: {{ $oidcsecret }} +{{- end -}} diff --git a/enterprise/authelia/19.0.9/templates/common.yaml b/enterprise/authelia/19.0.9/templates/common.yaml new file mode 100644 index 0000000000..54e288e852 --- /dev/null +++ b/enterprise/authelia/19.0.9/templates/common.yaml @@ -0,0 +1,77 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render configmap for authelia */}} +{{- $configmapPaths := include "authelia.configmap.paths" . | fromYaml -}} +{{- if $configmapPaths -}} + {{- $_ := set .Values.configmap "authelia-paths" $configmapPaths -}} +{{- end -}} + +{{- $configmapFile := include "authelia.configmap.configfile" . | fromYaml -}} +{{- if $configmapFile -}} + {{- $_ := set .Values.configmap "authelia-configfile" $configmapFile -}} +{{- end -}} + +{{/* Render secrets for authelia */}} +{{- $secret := include "authelia.secrets" . | fromYaml -}} +{{- if $secret -}} + {{- $_ := set .Values.secret "authelia-secrets" $secret -}} +{{- end -}} + +{{/* Append the general configMap volume to the volumes */}} +{{- define "authelia.configmapVolume" -}} +enabled: true +mountPath: /configuration.yaml +subPath: configuration.yaml +readOnly: true +type: "configmap" +objectName: authelia-configfile +{{- end -}} + +{{/* Append the general secret volumes to the volumes */}} +{{- define "authelia.secretVolumes" -}} +enabled: true +mountPath: "/secrets" +readOnly: true +type: "secret" +objectName: authelia-secrets +items: + - key: "JWT_TOKEN" + path: JWT_TOKEN + - key: "SESSION_ENCRYPTION_KEY" + path: SESSION_ENCRYPTION_KEY + - key: "ENCRYPTION_KEY" + path: ENCRYPTION_KEY + - key: "STORAGE_PASSWORD" + path: STORAGE_PASSWORD + {{- if .Values.authentication_backend.ldap.enabled }} + - key: "LDAP_PASSWORD" + path: LDAP_PASSWORD + {{- end }} + {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }} + - key: "SMTP_PASSWORD" + path: SMTP_PASSWORD + {{- end }} + - key: "REDIS_PASSWORD" + path: REDIS_PASSWORD + {{- if .Values.redisProvider.high_availability.enabled}} + - key: "REDIS_SENTINEL_PASSWORD" + path: REDIS_SENTINEL_PASSWORD + {{- end }} + {{- if .Values.duo_api.enabled }} + - key: "DUO_API_KEY" + path: DUO_API_KEY + {{- end }} + {{- if .Values.identity_providers.oidc.enabled }} + - key: "OIDC_PRIVATE_KEY" + path: OIDC_PRIVATE_KEY + - key: "OIDC_HMAC_SECRET" + path: OIDC_HMAC_SECRET + {{- end }} +{{- end -}} + +{{- $_ := set .Values.persistence "authelia-configfile" (include "authelia.configmapVolume" . | fromYaml) -}} +{{- $_ := set .Values.persistence "authelia-secrets" (include "authelia.secretVolumes" . | fromYaml) -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/enterprise/blocky/9.0.6/values.yaml b/enterprise/authelia/19.0.9/values.yaml similarity index 100% rename from enterprise/blocky/9.0.6/values.yaml rename to enterprise/authelia/19.0.9/values.yaml diff --git a/enterprise/blocky/9.0.6/app-changelog.md b/enterprise/blocky/9.0.6/app-changelog.md deleted file mode 100644 index e31364cd30..0000000000 --- a/enterprise/blocky/9.0.6/app-changelog.md +++ /dev/null @@ -1,4 +0,0 @@ - - -## [blocky-9.0.6](https://github.com/truecharts/charts/compare/blocky-9.0.5...blocky-9.0.6) (2023-11-08) - diff --git a/enterprise/blocky/9.0.6/charts/common-14.3.4.tgz b/enterprise/blocky/9.0.6/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/enterprise/blocky/9.0.6/charts/common-14.3.4.tgz and /dev/null differ diff --git a/enterprise/blocky/9.0.6/CHANGELOG.md b/enterprise/blocky/9.0.7/CHANGELOG.md similarity index 95% rename from enterprise/blocky/9.0.6/CHANGELOG.md rename to enterprise/blocky/9.0.7/CHANGELOG.md index e812820755..826ee0fed5 100644 --- a/enterprise/blocky/9.0.6/CHANGELOG.md +++ b/enterprise/blocky/9.0.7/CHANGELOG.md @@ -4,6 +4,11 @@ +## [blocky-9.0.7](https://github.com/truecharts/charts/compare/blocky-9.0.6...blocky-9.0.7) (2023-11-08) + + + + ## [blocky-9.0.6](https://github.com/truecharts/charts/compare/blocky-9.0.5...blocky-9.0.6) (2023-11-08) @@ -92,8 +97,3 @@ - -## [blocky-7.0.1](https://github.com/truecharts/charts/compare/blocky-7.0.0...blocky-7.0.1) (2023-07-29) - -### Chore - diff --git a/enterprise/blocky/9.0.6/Chart.yaml b/enterprise/blocky/9.0.7/Chart.yaml similarity index 96% rename from enterprise/blocky/9.0.6/Chart.yaml rename to enterprise/blocky/9.0.7/Chart.yaml index 61f5629436..a6893bb94d 100644 --- a/enterprise/blocky/9.0.6/Chart.yaml +++ b/enterprise/blocky/9.0.7/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "0.22.0" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 - condition: redis.enabled name: redis repository: https://deps.truecharts.org @@ -25,7 +25,7 @@ sources: - https://0xerr0r.github.io/blocky/ - https://github.com/0xERR0R/blocky - https://github.com/Mozart409/blocky-frontend -version: 9.0.6 +version: 9.0.7 annotations: truecharts.org/category: network truecharts.org/SCALE-support: "true" diff --git a/enterprise/blocky/9.0.6/LICENSE b/enterprise/blocky/9.0.7/LICENSE similarity index 100% rename from enterprise/blocky/9.0.6/LICENSE rename to enterprise/blocky/9.0.7/LICENSE diff --git a/enterprise/clusterissuer/4.2.8/README.md b/enterprise/blocky/9.0.7/README.md similarity index 100% rename from enterprise/clusterissuer/4.2.8/README.md rename to enterprise/blocky/9.0.7/README.md diff --git a/enterprise/blocky/9.0.7/app-changelog.md b/enterprise/blocky/9.0.7/app-changelog.md new file mode 100644 index 0000000000..9c0fbc44d9 --- /dev/null +++ b/enterprise/blocky/9.0.7/app-changelog.md @@ -0,0 +1,4 @@ + + +## [blocky-9.0.7](https://github.com/truecharts/charts/compare/blocky-9.0.6...blocky-9.0.7) (2023-11-08) + diff --git a/enterprise/blocky/9.0.6/app-readme.md b/enterprise/blocky/9.0.7/app-readme.md similarity index 100% rename from enterprise/blocky/9.0.6/app-readme.md rename to enterprise/blocky/9.0.7/app-readme.md diff --git a/enterprise/blocky/9.0.7/charts/common-14.3.5.tgz b/enterprise/blocky/9.0.7/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/enterprise/blocky/9.0.7/charts/common-14.3.5.tgz differ diff --git a/enterprise/blocky/9.0.7/charts/redis-8.0.42.tgz b/enterprise/blocky/9.0.7/charts/redis-8.0.42.tgz new file mode 100644 index 0000000000..9307f74622 Binary files /dev/null and b/enterprise/blocky/9.0.7/charts/redis-8.0.42.tgz differ diff --git a/enterprise/blocky/9.0.6/ix_values.yaml b/enterprise/blocky/9.0.7/ix_values.yaml similarity index 100% rename from enterprise/blocky/9.0.6/ix_values.yaml rename to enterprise/blocky/9.0.7/ix_values.yaml diff --git a/enterprise/blocky/9.0.6/questions.yaml b/enterprise/blocky/9.0.7/questions.yaml similarity index 100% rename from enterprise/blocky/9.0.6/questions.yaml rename to enterprise/blocky/9.0.7/questions.yaml diff --git a/enterprise/clusterissuer/4.2.8/templates/NOTES.txt b/enterprise/blocky/9.0.7/templates/NOTES.txt similarity index 100% rename from enterprise/clusterissuer/4.2.8/templates/NOTES.txt rename to enterprise/blocky/9.0.7/templates/NOTES.txt diff --git a/enterprise/blocky/9.0.6/templates/_blockyConfig.tpl b/enterprise/blocky/9.0.7/templates/_blockyConfig.tpl similarity index 100% rename from enterprise/blocky/9.0.6/templates/_blockyConfig.tpl rename to enterprise/blocky/9.0.7/templates/_blockyConfig.tpl diff --git a/enterprise/blocky/9.0.6/templates/_k8sgateway.tpl b/enterprise/blocky/9.0.7/templates/_k8sgateway.tpl similarity index 100% rename from enterprise/blocky/9.0.6/templates/_k8sgateway.tpl rename to enterprise/blocky/9.0.7/templates/_k8sgateway.tpl diff --git a/enterprise/blocky/9.0.6/templates/common.yaml b/enterprise/blocky/9.0.7/templates/common.yaml similarity index 100% rename from enterprise/blocky/9.0.6/templates/common.yaml rename to enterprise/blocky/9.0.7/templates/common.yaml diff --git a/enterprise/clusterissuer/4.2.8/values.yaml b/enterprise/blocky/9.0.7/values.yaml similarity index 100% rename from enterprise/clusterissuer/4.2.8/values.yaml rename to enterprise/blocky/9.0.7/values.yaml diff --git a/enterprise/clusterissuer/4.2.8/app-changelog.md b/enterprise/clusterissuer/4.2.8/app-changelog.md deleted file mode 100644 index 05939f4c06..0000000000 --- a/enterprise/clusterissuer/4.2.8/app-changelog.md +++ /dev/null @@ -1,4 +0,0 @@ - - -## [clusterissuer-4.2.8](https://github.com/truecharts/charts/compare/clusterissuer-4.2.7...clusterissuer-4.2.8) (2023-11-08) - diff --git a/enterprise/clusterissuer/4.2.8/charts/common-14.3.4.tgz b/enterprise/clusterissuer/4.2.8/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/enterprise/clusterissuer/4.2.8/charts/common-14.3.4.tgz and /dev/null differ diff --git a/enterprise/clusterissuer/4.2.8/CHANGELOG.md b/enterprise/clusterissuer/4.2.9/CHANGELOG.md similarity index 95% rename from enterprise/clusterissuer/4.2.8/CHANGELOG.md rename to enterprise/clusterissuer/4.2.9/CHANGELOG.md index 230d956865..cec1f9bf05 100644 --- a/enterprise/clusterissuer/4.2.8/CHANGELOG.md +++ b/enterprise/clusterissuer/4.2.9/CHANGELOG.md @@ -4,6 +4,11 @@ +## [clusterissuer-4.2.9](https://github.com/truecharts/charts/compare/clusterissuer-4.2.8...clusterissuer-4.2.9) (2023-11-08) + + + + ## [clusterissuer-4.2.8](https://github.com/truecharts/charts/compare/clusterissuer-4.2.7...clusterissuer-4.2.8) (2023-11-08) @@ -92,8 +97,3 @@ ## [clusterissuer-4.1.4](https://github.com/truecharts/charts/compare/clusterissuer-4.1.3...clusterissuer-4.1.4) (2023-10-27) ### Fix - -- fix malformed yaml output ([#14028](https://github.com/truecharts/charts/issues/14028)) - - - diff --git a/enterprise/clusterissuer/4.2.8/Chart.yaml b/enterprise/clusterissuer/4.2.9/Chart.yaml similarity index 95% rename from enterprise/clusterissuer/4.2.8/Chart.yaml rename to enterprise/clusterissuer/4.2.9/Chart.yaml index 602462389e..591e011c04 100644 --- a/enterprise/clusterissuer/4.2.8/Chart.yaml +++ b/enterprise/clusterissuer/4.2.9/Chart.yaml @@ -10,7 +10,7 @@ keywords: dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 kubeVersion: ">=1.16.0-0" maintainers: - email: info@truecharts.org @@ -21,7 +21,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/enterprise/clusterissuer - https://cert-manager.io/ type: application -version: 4.2.8 +version: 4.2.9 annotations: truecharts.org/category: core truecharts.org/SCALE-support: "true" diff --git a/enterprise/clusterissuer/4.2.9/LICENSE b/enterprise/clusterissuer/4.2.9/LICENSE new file mode 100644 index 0000000000..80e4ab93f9 --- /dev/null +++ b/enterprise/clusterissuer/4.2.9/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Cert-Manager" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/external-dns/1.0.2/README.md b/enterprise/clusterissuer/4.2.9/README.md similarity index 100% rename from enterprise/external-dns/1.0.2/README.md rename to enterprise/clusterissuer/4.2.9/README.md diff --git a/enterprise/clusterissuer/4.2.9/app-changelog.md b/enterprise/clusterissuer/4.2.9/app-changelog.md new file mode 100644 index 0000000000..39e1164474 --- /dev/null +++ b/enterprise/clusterissuer/4.2.9/app-changelog.md @@ -0,0 +1,4 @@ + + +## [clusterissuer-4.2.9](https://github.com/truecharts/charts/compare/clusterissuer-4.2.8...clusterissuer-4.2.9) (2023-11-08) + diff --git a/enterprise/clusterissuer/4.2.8/app-readme.md b/enterprise/clusterissuer/4.2.9/app-readme.md similarity index 100% rename from enterprise/clusterissuer/4.2.8/app-readme.md rename to enterprise/clusterissuer/4.2.9/app-readme.md diff --git a/enterprise/clusterissuer/4.2.9/charts/common-14.3.5.tgz b/enterprise/clusterissuer/4.2.9/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/enterprise/clusterissuer/4.2.9/charts/common-14.3.5.tgz differ diff --git a/enterprise/clusterissuer/4.2.8/ix_values.yaml b/enterprise/clusterissuer/4.2.9/ix_values.yaml similarity index 100% rename from enterprise/clusterissuer/4.2.8/ix_values.yaml rename to enterprise/clusterissuer/4.2.9/ix_values.yaml diff --git a/enterprise/clusterissuer/4.2.8/questions.yaml b/enterprise/clusterissuer/4.2.9/questions.yaml similarity index 100% rename from enterprise/clusterissuer/4.2.8/questions.yaml rename to enterprise/clusterissuer/4.2.9/questions.yaml diff --git a/enterprise/external-dns/1.0.2/templates/NOTES.txt b/enterprise/clusterissuer/4.2.9/templates/NOTES.txt similarity index 100% rename from enterprise/external-dns/1.0.2/templates/NOTES.txt rename to enterprise/clusterissuer/4.2.9/templates/NOTES.txt diff --git a/enterprise/clusterissuer/4.2.8/templates/clusterissuer/_ACME.tpl b/enterprise/clusterissuer/4.2.9/templates/clusterissuer/_ACME.tpl similarity index 100% rename from enterprise/clusterissuer/4.2.8/templates/clusterissuer/_ACME.tpl rename to enterprise/clusterissuer/4.2.9/templates/clusterissuer/_ACME.tpl diff --git a/enterprise/clusterissuer/4.2.8/templates/clusterissuer/_CA.tpl b/enterprise/clusterissuer/4.2.9/templates/clusterissuer/_CA.tpl similarity index 100% rename from enterprise/clusterissuer/4.2.8/templates/clusterissuer/_CA.tpl rename to enterprise/clusterissuer/4.2.9/templates/clusterissuer/_CA.tpl diff --git a/enterprise/clusterissuer/4.2.8/templates/clusterissuer/_clusterCertificates.tpl b/enterprise/clusterissuer/4.2.9/templates/clusterissuer/_clusterCertificates.tpl similarity index 100% rename from enterprise/clusterissuer/4.2.8/templates/clusterissuer/_clusterCertificates.tpl rename to enterprise/clusterissuer/4.2.9/templates/clusterissuer/_clusterCertificates.tpl diff --git a/enterprise/clusterissuer/4.2.8/templates/clusterissuer/_selfSigned.tpl b/enterprise/clusterissuer/4.2.9/templates/clusterissuer/_selfSigned.tpl similarity index 100% rename from enterprise/clusterissuer/4.2.8/templates/clusterissuer/_selfSigned.tpl rename to enterprise/clusterissuer/4.2.9/templates/clusterissuer/_selfSigned.tpl diff --git a/enterprise/clusterissuer/4.2.8/templates/common.yaml b/enterprise/clusterissuer/4.2.9/templates/common.yaml similarity index 100% rename from enterprise/clusterissuer/4.2.8/templates/common.yaml rename to enterprise/clusterissuer/4.2.9/templates/common.yaml diff --git a/enterprise/external-dns/1.0.2/values.yaml b/enterprise/clusterissuer/4.2.9/values.yaml similarity index 100% rename from enterprise/external-dns/1.0.2/values.yaml rename to enterprise/clusterissuer/4.2.9/values.yaml diff --git a/enterprise/external-dns/1.0.2/app-changelog.md b/enterprise/external-dns/1.0.2/app-changelog.md deleted file mode 100644 index f6ba25c5e3..0000000000 --- a/enterprise/external-dns/1.0.2/app-changelog.md +++ /dev/null @@ -1,4 +0,0 @@ - - -## [external-dns-1.0.2](https://github.com/truecharts/charts/compare/external-dns-1.0.1...external-dns-1.0.2) (2023-11-08) - diff --git a/enterprise/external-dns/1.0.2/charts/common-14.3.4.tgz b/enterprise/external-dns/1.0.2/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/enterprise/external-dns/1.0.2/charts/common-14.3.4.tgz and /dev/null differ diff --git a/enterprise/external-dns/1.0.2/CHANGELOG.md b/enterprise/external-dns/1.0.3/CHANGELOG.md similarity index 84% rename from enterprise/external-dns/1.0.2/CHANGELOG.md rename to enterprise/external-dns/1.0.3/CHANGELOG.md index 44c79ea9ea..09fc650d83 100644 --- a/enterprise/external-dns/1.0.2/CHANGELOG.md +++ b/enterprise/external-dns/1.0.3/CHANGELOG.md @@ -4,6 +4,11 @@ +## [external-dns-1.0.3](https://github.com/truecharts/charts/compare/external-dns-1.0.2...external-dns-1.0.3) (2023-11-08) + + + + ## [external-dns-1.0.2](https://github.com/truecharts/charts/compare/external-dns-1.0.1...external-dns-1.0.2) (2023-11-08) diff --git a/enterprise/external-dns/1.0.2/Chart.yaml b/enterprise/external-dns/1.0.3/Chart.yaml similarity index 95% rename from enterprise/external-dns/1.0.2/Chart.yaml rename to enterprise/external-dns/1.0.3/Chart.yaml index 2005825ad1..a9354bea0e 100644 --- a/enterprise/external-dns/1.0.2/Chart.yaml +++ b/enterprise/external-dns/1.0.3/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "0.13.6" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 deprecated: false description: ExternalDNS synchronizes exposed Kubernetes Services and Ingresses with DNS providers. home: https://truecharts.org/charts/enterprise/external-dns @@ -22,7 +22,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/enterprise/external-dns - https://github.com/kubernetes-sigs/external-dns type: application -version: 1.0.2 +version: 1.0.3 annotations: truecharts.org/category: networking truecharts.org/SCALE-support: "true" diff --git a/enterprise/grafana/9.0.37/README.md b/enterprise/external-dns/1.0.3/README.md similarity index 100% rename from enterprise/grafana/9.0.37/README.md rename to enterprise/external-dns/1.0.3/README.md diff --git a/enterprise/external-dns/1.0.3/app-changelog.md b/enterprise/external-dns/1.0.3/app-changelog.md new file mode 100644 index 0000000000..f9d27c44e4 --- /dev/null +++ b/enterprise/external-dns/1.0.3/app-changelog.md @@ -0,0 +1,4 @@ + + +## [external-dns-1.0.3](https://github.com/truecharts/charts/compare/external-dns-1.0.2...external-dns-1.0.3) (2023-11-08) + diff --git a/enterprise/external-dns/1.0.2/app-readme.md b/enterprise/external-dns/1.0.3/app-readme.md similarity index 100% rename from enterprise/external-dns/1.0.2/app-readme.md rename to enterprise/external-dns/1.0.3/app-readme.md diff --git a/enterprise/external-dns/1.0.3/charts/common-14.3.5.tgz b/enterprise/external-dns/1.0.3/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/enterprise/external-dns/1.0.3/charts/common-14.3.5.tgz differ diff --git a/enterprise/external-dns/1.0.2/ix_values.yaml b/enterprise/external-dns/1.0.3/ix_values.yaml similarity index 100% rename from enterprise/external-dns/1.0.2/ix_values.yaml rename to enterprise/external-dns/1.0.3/ix_values.yaml diff --git a/enterprise/external-dns/1.0.2/questions.yaml b/enterprise/external-dns/1.0.3/questions.yaml similarity index 100% rename from enterprise/external-dns/1.0.2/questions.yaml rename to enterprise/external-dns/1.0.3/questions.yaml diff --git a/enterprise/grafana/9.0.37/templates/NOTES.txt b/enterprise/external-dns/1.0.3/templates/NOTES.txt similarity index 100% rename from enterprise/grafana/9.0.37/templates/NOTES.txt rename to enterprise/external-dns/1.0.3/templates/NOTES.txt diff --git a/enterprise/external-dns/1.0.2/templates/_args.tpl b/enterprise/external-dns/1.0.3/templates/_args.tpl similarity index 100% rename from enterprise/external-dns/1.0.2/templates/_args.tpl rename to enterprise/external-dns/1.0.3/templates/_args.tpl diff --git a/enterprise/external-dns/1.0.2/templates/common.yaml b/enterprise/external-dns/1.0.3/templates/common.yaml similarity index 100% rename from enterprise/external-dns/1.0.2/templates/common.yaml rename to enterprise/external-dns/1.0.3/templates/common.yaml diff --git a/enterprise/grafana/9.0.37/values.yaml b/enterprise/external-dns/1.0.3/values.yaml similarity index 100% rename from enterprise/grafana/9.0.37/values.yaml rename to enterprise/external-dns/1.0.3/values.yaml diff --git a/enterprise/grafana/9.0.37/app-changelog.md b/enterprise/grafana/9.0.37/app-changelog.md deleted file mode 100644 index c0f2a53d48..0000000000 --- a/enterprise/grafana/9.0.37/app-changelog.md +++ /dev/null @@ -1,4 +0,0 @@ - - -## [grafana-9.0.37](https://github.com/truecharts/charts/compare/grafana-9.0.36...grafana-9.0.37) (2023-11-08) - diff --git a/enterprise/grafana/9.0.37/charts/common-14.3.4.tgz b/enterprise/grafana/9.0.37/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/enterprise/grafana/9.0.37/charts/common-14.3.4.tgz and /dev/null differ diff --git a/enterprise/grafana/9.0.37/CHANGELOG.md b/enterprise/grafana/9.0.38/CHANGELOG.md similarity index 94% rename from enterprise/grafana/9.0.37/CHANGELOG.md rename to enterprise/grafana/9.0.38/CHANGELOG.md index b53429d20c..f96fcfcb27 100644 --- a/enterprise/grafana/9.0.37/CHANGELOG.md +++ b/enterprise/grafana/9.0.38/CHANGELOG.md @@ -4,6 +4,11 @@ +## [grafana-9.0.38](https://github.com/truecharts/charts/compare/grafana-9.0.37...grafana-9.0.38) (2023-11-08) + + + + ## [grafana-9.0.37](https://github.com/truecharts/charts/compare/grafana-9.0.36...grafana-9.0.37) (2023-11-08) @@ -92,8 +97,3 @@ ## [grafana-9.0.27](https://github.com/truecharts/charts/compare/grafana-9.0.26...grafana-9.0.27) (2023-10-12) - -### Chore - -- update container image tccr.io/truecharts/grafana to v10.1.4 ([#13551](https://github.com/truecharts/charts/issues/13551)) - diff --git a/enterprise/grafana/9.0.37/Chart.yaml b/enterprise/grafana/9.0.38/Chart.yaml similarity index 96% rename from enterprise/grafana/9.0.37/Chart.yaml rename to enterprise/grafana/9.0.38/Chart.yaml index 580412fdcf..88595909ed 100644 --- a/enterprise/grafana/9.0.37/Chart.yaml +++ b/enterprise/grafana/9.0.38/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "10.2.0" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 deprecated: false description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB. home: https://truecharts.org/charts/enterprise/grafana @@ -24,7 +24,7 @@ sources: - https://github.com/bitnami/bitnami-docker-grafana - https://grafana.com/ type: application -version: 9.0.37 +version: 9.0.38 annotations: truecharts.org/category: metrics truecharts.org/SCALE-support: "true" diff --git a/enterprise/grafana/9.0.37/LICENSE b/enterprise/grafana/9.0.38/LICENSE similarity index 100% rename from enterprise/grafana/9.0.37/LICENSE rename to enterprise/grafana/9.0.38/LICENSE diff --git a/enterprise/kubernetes-reflector/1.0.4/README.md b/enterprise/grafana/9.0.38/README.md similarity index 100% rename from enterprise/kubernetes-reflector/1.0.4/README.md rename to enterprise/grafana/9.0.38/README.md diff --git a/enterprise/grafana/9.0.38/app-changelog.md b/enterprise/grafana/9.0.38/app-changelog.md new file mode 100644 index 0000000000..72c2df3cbf --- /dev/null +++ b/enterprise/grafana/9.0.38/app-changelog.md @@ -0,0 +1,4 @@ + + +## [grafana-9.0.38](https://github.com/truecharts/charts/compare/grafana-9.0.37...grafana-9.0.38) (2023-11-08) + diff --git a/enterprise/grafana/9.0.37/app-readme.md b/enterprise/grafana/9.0.38/app-readme.md similarity index 100% rename from enterprise/grafana/9.0.37/app-readme.md rename to enterprise/grafana/9.0.38/app-readme.md diff --git a/enterprise/grafana/9.0.38/charts/common-14.3.5.tgz b/enterprise/grafana/9.0.38/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/enterprise/grafana/9.0.38/charts/common-14.3.5.tgz differ diff --git a/enterprise/grafana/9.0.37/ix_values.yaml b/enterprise/grafana/9.0.38/ix_values.yaml similarity index 100% rename from enterprise/grafana/9.0.37/ix_values.yaml rename to enterprise/grafana/9.0.38/ix_values.yaml diff --git a/enterprise/grafana/9.0.37/questions.yaml b/enterprise/grafana/9.0.38/questions.yaml similarity index 100% rename from enterprise/grafana/9.0.37/questions.yaml rename to enterprise/grafana/9.0.38/questions.yaml diff --git a/enterprise/metallb-config/3.0.9/templates/NOTES.txt b/enterprise/grafana/9.0.38/templates/NOTES.txt similarity index 100% rename from enterprise/metallb-config/3.0.9/templates/NOTES.txt rename to enterprise/grafana/9.0.38/templates/NOTES.txt diff --git a/enterprise/grafana/9.0.37/templates/common.yaml b/enterprise/grafana/9.0.38/templates/common.yaml similarity index 100% rename from enterprise/grafana/9.0.37/templates/common.yaml rename to enterprise/grafana/9.0.38/templates/common.yaml diff --git a/enterprise/kubernetes-reflector/1.0.4/values.yaml b/enterprise/grafana/9.0.38/values.yaml similarity index 100% rename from enterprise/kubernetes-reflector/1.0.4/values.yaml rename to enterprise/grafana/9.0.38/values.yaml diff --git a/enterprise/kubernetes-reflector/1.0.4/app-changelog.md b/enterprise/kubernetes-reflector/1.0.4/app-changelog.md deleted file mode 100644 index 14daffcab8..0000000000 --- a/enterprise/kubernetes-reflector/1.0.4/app-changelog.md +++ /dev/null @@ -1,4 +0,0 @@ - - -## [kubernetes-reflector-1.0.4](https://github.com/truecharts/charts/compare/kubernetes-reflector-1.0.3...kubernetes-reflector-1.0.4) (2023-11-08) - diff --git a/enterprise/kubernetes-reflector/1.0.4/charts/common-14.3.4.tgz b/enterprise/kubernetes-reflector/1.0.4/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/enterprise/kubernetes-reflector/1.0.4/charts/common-14.3.4.tgz and /dev/null differ diff --git a/enterprise/kubernetes-reflector/1.0.4/CHANGELOG.md b/enterprise/kubernetes-reflector/1.0.5/CHANGELOG.md similarity index 89% rename from enterprise/kubernetes-reflector/1.0.4/CHANGELOG.md rename to enterprise/kubernetes-reflector/1.0.5/CHANGELOG.md index 19b93bb44f..0e23296179 100644 --- a/enterprise/kubernetes-reflector/1.0.4/CHANGELOG.md +++ b/enterprise/kubernetes-reflector/1.0.5/CHANGELOG.md @@ -4,6 +4,11 @@ +## [kubernetes-reflector-1.0.5](https://github.com/truecharts/charts/compare/kubernetes-reflector-1.0.4...kubernetes-reflector-1.0.5) (2023-11-08) + + + + ## [kubernetes-reflector-1.0.4](https://github.com/truecharts/charts/compare/kubernetes-reflector-1.0.3...kubernetes-reflector-1.0.4) (2023-11-08) diff --git a/enterprise/kubernetes-reflector/1.0.4/Chart.yaml b/enterprise/kubernetes-reflector/1.0.5/Chart.yaml similarity index 96% rename from enterprise/kubernetes-reflector/1.0.4/Chart.yaml rename to enterprise/kubernetes-reflector/1.0.5/Chart.yaml index 10d5ff5f3f..4662949932 100644 --- a/enterprise/kubernetes-reflector/1.0.4/Chart.yaml +++ b/enterprise/kubernetes-reflector/1.0.5/Chart.yaml @@ -13,7 +13,7 @@ keywords: dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 kubeVersion: ">=1.16.0-0" maintainers: - email: info@truecharts.org @@ -24,7 +24,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/enterprise/kubernetes-reflector - https://github.com/emberstack/kubernetes-reflector type: application -version: 1.0.4 +version: 1.0.5 annotations: truecharts.org/category: operators truecharts.org/SCALE-support: "true" diff --git a/enterprise/metallb-config/3.0.9/README.md b/enterprise/kubernetes-reflector/1.0.5/README.md similarity index 100% rename from enterprise/metallb-config/3.0.9/README.md rename to enterprise/kubernetes-reflector/1.0.5/README.md diff --git a/enterprise/kubernetes-reflector/1.0.5/app-changelog.md b/enterprise/kubernetes-reflector/1.0.5/app-changelog.md new file mode 100644 index 0000000000..77c00e300d --- /dev/null +++ b/enterprise/kubernetes-reflector/1.0.5/app-changelog.md @@ -0,0 +1,4 @@ + + +## [kubernetes-reflector-1.0.5](https://github.com/truecharts/charts/compare/kubernetes-reflector-1.0.4...kubernetes-reflector-1.0.5) (2023-11-08) + diff --git a/enterprise/kubernetes-reflector/1.0.4/app-readme.md b/enterprise/kubernetes-reflector/1.0.5/app-readme.md similarity index 100% rename from enterprise/kubernetes-reflector/1.0.4/app-readme.md rename to enterprise/kubernetes-reflector/1.0.5/app-readme.md diff --git a/enterprise/kubernetes-reflector/1.0.5/charts/common-14.3.5.tgz b/enterprise/kubernetes-reflector/1.0.5/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/enterprise/kubernetes-reflector/1.0.5/charts/common-14.3.5.tgz differ diff --git a/enterprise/kubernetes-reflector/1.0.4/ix_values.yaml b/enterprise/kubernetes-reflector/1.0.5/ix_values.yaml similarity index 100% rename from enterprise/kubernetes-reflector/1.0.4/ix_values.yaml rename to enterprise/kubernetes-reflector/1.0.5/ix_values.yaml diff --git a/enterprise/kubernetes-reflector/1.0.4/questions.yaml b/enterprise/kubernetes-reflector/1.0.5/questions.yaml similarity index 100% rename from enterprise/kubernetes-reflector/1.0.4/questions.yaml rename to enterprise/kubernetes-reflector/1.0.5/questions.yaml diff --git a/enterprise/kubernetes-reflector/1.0.4/templates/common.yaml b/enterprise/kubernetes-reflector/1.0.5/templates/common.yaml similarity index 100% rename from enterprise/kubernetes-reflector/1.0.4/templates/common.yaml rename to enterprise/kubernetes-reflector/1.0.5/templates/common.yaml diff --git a/enterprise/metallb-config/3.0.9/values.yaml b/enterprise/kubernetes-reflector/1.0.5/values.yaml similarity index 100% rename from enterprise/metallb-config/3.0.9/values.yaml rename to enterprise/kubernetes-reflector/1.0.5/values.yaml diff --git a/enterprise/metallb-config/3.0.9/CHANGELOG.md b/enterprise/metallb-config/3.0.10/CHANGELOG.md similarity index 95% rename from enterprise/metallb-config/3.0.9/CHANGELOG.md rename to enterprise/metallb-config/3.0.10/CHANGELOG.md index 3839fa26b4..69a4c0f0e6 100644 --- a/enterprise/metallb-config/3.0.9/CHANGELOG.md +++ b/enterprise/metallb-config/3.0.10/CHANGELOG.md @@ -4,6 +4,11 @@ +## [metallb-config-3.0.10](https://github.com/truecharts/charts/compare/metallb-config-3.0.9...metallb-config-3.0.10) (2023-11-08) + + + + ## [metallb-config-3.0.9](https://github.com/truecharts/charts/compare/metallb-config-3.0.8...metallb-config-3.0.9) (2023-11-08) @@ -92,8 +97,3 @@ ## [metallb-config-2.0.2](https://github.com/truecharts/charts/compare/metallb-config-2.0.1...metallb-config-2.0.2) (2023-07-30) ### Chore - -- update helm general non-major ([#11034](https://github.com/truecharts/charts/issues/11034)) - - - diff --git a/enterprise/metallb-config/3.0.9/Chart.yaml b/enterprise/metallb-config/3.0.10/Chart.yaml similarity index 95% rename from enterprise/metallb-config/3.0.9/Chart.yaml rename to enterprise/metallb-config/3.0.10/Chart.yaml index 7fd6a70e45..8c80d2774a 100644 --- a/enterprise/metallb-config/3.0.9/Chart.yaml +++ b/enterprise/metallb-config/3.0.10/Chart.yaml @@ -10,7 +10,7 @@ keywords: dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 kubeVersion: ">=1.16.0-0" maintainers: - email: info@truecharts.org @@ -22,7 +22,7 @@ sources: - https://github.com/metallb/metallb - https://metallb.universe.tf type: application -version: 3.0.9 +version: 3.0.10 annotations: truecharts.org/category: core truecharts.org/SCALE-support: "true" diff --git a/enterprise/metallb-config/3.0.9/LICENSE b/enterprise/metallb-config/3.0.10/LICENSE similarity index 100% rename from enterprise/metallb-config/3.0.9/LICENSE rename to enterprise/metallb-config/3.0.10/LICENSE diff --git a/enterprise/metallb-config/3.0.10/README.md b/enterprise/metallb-config/3.0.10/README.md new file mode 100644 index 0000000000..f8a41e479f --- /dev/null +++ b/enterprise/metallb-config/3.0.10/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/metallb-config/3.0.10/app-changelog.md b/enterprise/metallb-config/3.0.10/app-changelog.md new file mode 100644 index 0000000000..4f63576e24 --- /dev/null +++ b/enterprise/metallb-config/3.0.10/app-changelog.md @@ -0,0 +1,4 @@ + + +## [metallb-config-3.0.10](https://github.com/truecharts/charts/compare/metallb-config-3.0.9...metallb-config-3.0.10) (2023-11-08) + diff --git a/enterprise/metallb-config/3.0.9/app-readme.md b/enterprise/metallb-config/3.0.10/app-readme.md similarity index 100% rename from enterprise/metallb-config/3.0.9/app-readme.md rename to enterprise/metallb-config/3.0.10/app-readme.md diff --git a/enterprise/metallb-config/3.0.10/charts/common-14.3.5.tgz b/enterprise/metallb-config/3.0.10/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/enterprise/metallb-config/3.0.10/charts/common-14.3.5.tgz differ diff --git a/enterprise/metallb-config/3.0.9/ix_values.yaml b/enterprise/metallb-config/3.0.10/ix_values.yaml similarity index 100% rename from enterprise/metallb-config/3.0.9/ix_values.yaml rename to enterprise/metallb-config/3.0.10/ix_values.yaml diff --git a/enterprise/metallb-config/3.0.9/questions.yaml b/enterprise/metallb-config/3.0.10/questions.yaml similarity index 100% rename from enterprise/metallb-config/3.0.9/questions.yaml rename to enterprise/metallb-config/3.0.10/questions.yaml diff --git a/operators/cert-manager/1.1.6/templates/NOTES.txt b/enterprise/metallb-config/3.0.10/templates/NOTES.txt similarity index 100% rename from operators/cert-manager/1.1.6/templates/NOTES.txt rename to enterprise/metallb-config/3.0.10/templates/NOTES.txt diff --git a/enterprise/metallb-config/3.0.9/templates/_bgpadvertisement.tpl b/enterprise/metallb-config/3.0.10/templates/_bgpadvertisement.tpl similarity index 100% rename from enterprise/metallb-config/3.0.9/templates/_bgpadvertisement.tpl rename to enterprise/metallb-config/3.0.10/templates/_bgpadvertisement.tpl diff --git a/enterprise/metallb-config/3.0.9/templates/_community.tpl b/enterprise/metallb-config/3.0.10/templates/_community.tpl similarity index 100% rename from enterprise/metallb-config/3.0.9/templates/_community.tpl rename to enterprise/metallb-config/3.0.10/templates/_community.tpl diff --git a/enterprise/metallb-config/3.0.9/templates/_ipaddresspool.tpl b/enterprise/metallb-config/3.0.10/templates/_ipaddresspool.tpl similarity index 100% rename from enterprise/metallb-config/3.0.9/templates/_ipaddresspool.tpl rename to enterprise/metallb-config/3.0.10/templates/_ipaddresspool.tpl diff --git a/enterprise/metallb-config/3.0.9/templates/_l2advertisement.tpl b/enterprise/metallb-config/3.0.10/templates/_l2advertisement.tpl similarity index 100% rename from enterprise/metallb-config/3.0.9/templates/_l2advertisement.tpl rename to enterprise/metallb-config/3.0.10/templates/_l2advertisement.tpl diff --git a/enterprise/metallb-config/3.0.9/templates/_peers.tpl b/enterprise/metallb-config/3.0.10/templates/_peers.tpl similarity index 100% rename from enterprise/metallb-config/3.0.9/templates/_peers.tpl rename to enterprise/metallb-config/3.0.10/templates/_peers.tpl diff --git a/enterprise/metallb-config/3.0.9/templates/common.yaml b/enterprise/metallb-config/3.0.10/templates/common.yaml similarity index 100% rename from enterprise/metallb-config/3.0.9/templates/common.yaml rename to enterprise/metallb-config/3.0.10/templates/common.yaml diff --git a/operators/cert-manager/1.1.6/values.yaml b/enterprise/metallb-config/3.0.10/values.yaml similarity index 100% rename from operators/cert-manager/1.1.6/values.yaml rename to enterprise/metallb-config/3.0.10/values.yaml diff --git a/enterprise/metallb-config/3.0.9/app-changelog.md b/enterprise/metallb-config/3.0.9/app-changelog.md deleted file mode 100644 index 99148828db..0000000000 --- a/enterprise/metallb-config/3.0.9/app-changelog.md +++ /dev/null @@ -1,4 +0,0 @@ - - -## [metallb-config-3.0.9](https://github.com/truecharts/charts/compare/metallb-config-3.0.8...metallb-config-3.0.9) (2023-11-08) - diff --git a/enterprise/metallb-config/3.0.9/charts/common-14.3.4.tgz b/enterprise/metallb-config/3.0.9/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/enterprise/metallb-config/3.0.9/charts/common-14.3.4.tgz and /dev/null differ diff --git a/enterprise/prometheus/13.0.16/CHANGELOG.md b/enterprise/prometheus/13.0.16/CHANGELOG.md new file mode 100644 index 0000000000..1c358cc02a --- /dev/null +++ b/enterprise/prometheus/13.0.16/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [prometheus-13.0.16](https://github.com/truecharts/charts/compare/prometheus-13.0.15...prometheus-13.0.16) (2023-11-08) + + + + +## [prometheus-13.0.15](https://github.com/truecharts/charts/compare/prometheus-13.0.14...prometheus-13.0.15) (2023-11-08) + + + + +## [prometheus-13.0.14](https://github.com/truecharts/charts/compare/prometheus-13.0.13...prometheus-13.0.14) (2023-11-08) + +### Chore + +- update container image tccr.io/truecharts/alertmanager to v0.26.0 ([#14452](https://github.com/truecharts/charts/issues/14452)) + + + + +## [prometheus-13.0.13](https://github.com/truecharts/charts/compare/prometheus-13.0.12...prometheus-13.0.13) (2023-11-08) + +### Chore + +- update helm general non-major ([#14454](https://github.com/truecharts/charts/issues/14454)) + + + + +## [prometheus-13.0.12](https://github.com/truecharts/charts/compare/prometheus-13.0.11...prometheus-13.0.12) (2023-11-05) + +### Chore + +- update helm general non-major ([#14365](https://github.com/truecharts/charts/issues/14365)) + + + + +## [prometheus-13.0.11](https://github.com/truecharts/charts/compare/prometheus-13.0.10...prometheus-13.0.11) (2023-11-03) + +### Chore + +- update helm general non-major ([#14287](https://github.com/truecharts/charts/issues/14287)) + + + + +## [prometheus-13.0.10](https://github.com/truecharts/charts/compare/prometheus-13.0.9...prometheus-13.0.10) (2023-10-29) + +### Chore + +- Fix typo in categories and make them singular ([#13693](https://github.com/truecharts/charts/issues/13693)) + - update helm general non-major ([#14094](https://github.com/truecharts/charts/issues/14094)) + + + + +## [prometheus-13.0.9](https://github.com/truecharts/charts/compare/prometheus-13.0.8...prometheus-13.0.9) (2023-10-24) + +### Chore + +- update container image tccr.io/truecharts/thanos to v0.32.5 ([#13785](https://github.com/truecharts/charts/issues/13785)) + + + + +## [prometheus-13.0.8](https://github.com/truecharts/charts/compare/prometheus-13.0.7...prometheus-13.0.8) (2023-10-15) + +### Chore + +- update container image tccr.io/truecharts/prometheus to v2.47.2 ([#13632](https://github.com/truecharts/charts/issues/13632)) + + + + +## [prometheus-13.0.7](https://github.com/truecharts/charts/compare/prometheus-13.0.6...prometheus-13.0.7) (2023-10-11) + +### Chore + +- update container image tccr.io/truecharts/prometheus to v2.47.1 ([#13503](https://github.com/truecharts/charts/issues/13503)) + + + + +## [prometheus-13.0.6](https://github.com/truecharts/charts/compare/prometheus-13.0.5...prometheus-13.0.6) (2023-10-11) + +### Chore + +- update container image tccr.io/truecharts/alertmanager to v0.26.0 ([#13489](https://github.com/truecharts/charts/issues/13489)) + + + + +## [prometheus-13.0.5](https://github.com/truecharts/charts/compare/prometheus-13.0.4...prometheus-13.0.5) (2023-10-09) diff --git a/enterprise/prometheus/13.0.16/Chart.yaml b/enterprise/prometheus/13.0.16/Chart.yaml new file mode 100644 index 0000000000..c1594a41d8 --- /dev/null +++ b/enterprise/prometheus/13.0.16/Chart.yaml @@ -0,0 +1,36 @@ +apiVersion: v2 +appVersion: "2.47.2" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 14.3.5 + - condition: exporters.enabled,exporters.node-exporter.enabled + name: node-exporter + repository: https://deps.truecharts.org + version: 3.0.37 + - condition: exporters.enabled,exporters.kube-state-metrics.enabled + name: kube-state-metrics + repository: https://deps.truecharts.org + version: 3.0.35 +deprecated: false +description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. +icon: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png +home: https://truecharts.org/charts/enterprise/prometheus +keywords: + - metrics +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: prometheus +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/prometheus + - https://github.com/prometheus-community/helm-charts + - https://github.com/prometheus-operator/kube-prometheus +type: application +version: 13.0.16 +annotations: + truecharts.org/category: metrics + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/prometheus/13.0.16/LICENSE b/enterprise/prometheus/13.0.16/LICENSE new file mode 100644 index 0000000000..c30fceb4a5 --- /dev/null +++ b/enterprise/prometheus/13.0.16/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Prometheus" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/prometheus/13.0.16/README.md b/enterprise/prometheus/13.0.16/README.md new file mode 100644 index 0000000000..f8a41e479f --- /dev/null +++ b/enterprise/prometheus/13.0.16/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/prometheus/13.0.16/app-changelog.md b/enterprise/prometheus/13.0.16/app-changelog.md new file mode 100644 index 0000000000..31ac3614cf --- /dev/null +++ b/enterprise/prometheus/13.0.16/app-changelog.md @@ -0,0 +1,4 @@ + + +## [prometheus-13.0.16](https://github.com/truecharts/charts/compare/prometheus-13.0.15...prometheus-13.0.16) (2023-11-08) + diff --git a/enterprise/prometheus/13.0.16/app-readme.md b/enterprise/prometheus/13.0.16/app-readme.md new file mode 100644 index 0000000000..93f59634ea --- /dev/null +++ b/enterprise/prometheus/13.0.16/app-readme.md @@ -0,0 +1,8 @@ +kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/prometheus](https://truecharts.org/charts/enterprise/prometheus) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/prometheus/13.0.16/charts/common-14.3.5.tgz b/enterprise/prometheus/13.0.16/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/enterprise/prometheus/13.0.16/charts/common-14.3.5.tgz differ diff --git a/enterprise/prometheus/13.0.16/charts/kube-state-metrics-3.0.35.tgz b/enterprise/prometheus/13.0.16/charts/kube-state-metrics-3.0.35.tgz new file mode 100644 index 0000000000..5375688ac9 Binary files /dev/null and b/enterprise/prometheus/13.0.16/charts/kube-state-metrics-3.0.35.tgz differ diff --git a/enterprise/prometheus/13.0.16/charts/node-exporter-3.0.37.tgz b/enterprise/prometheus/13.0.16/charts/node-exporter-3.0.37.tgz new file mode 100644 index 0000000000..b254a6468b Binary files /dev/null and b/enterprise/prometheus/13.0.16/charts/node-exporter-3.0.37.tgz differ diff --git a/enterprise/prometheus/13.0.16/ix_values.yaml b/enterprise/prometheus/13.0.16/ix_values.yaml new file mode 100644 index 0000000000..cfb7f7d95d --- /dev/null +++ b/enterprise/prometheus/13.0.16/ix_values.yaml @@ -0,0 +1,1367 @@ +image: + repository: tccr.io/truecharts/prometheus + tag: v2.47.2@sha256:609ae6b1d62ee388d8dd552430985bbb332984b6aaa5df5dc62605dfe1f2e035 + +thanosImage: + repository: tccr.io/truecharts/thanos + tag: v0.32.5@sha256:4cea5ca36f1567993344c3375b9a80d8073dbc8d530656644d36c90683f96464 + +alertmanagerImage: + repository: tccr.io/truecharts/alertmanager + tag: v0.26.0@sha256:f0bbf30d4901be33855b0fb4b71e3d7410b872a33b9d08cd2d7ed576505e40a8 + +global: + labels: {} +workload: + main: + enabled: false + podSpec: + containers: + main: + enabled: false + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + +service: + main: + selectorLabels: + app.kubernetes.io/name: prometheus + prometheus: '{{ template "kube-prometheus.prometheus.fullname" . }}' + ports: + main: + port: 10086 + targetPort: 9090 + protocol: http + alertmanager: + enabled: true + selectorLabels: + app.kubernetes.io/name: alertmanager + alertmanager: '{{ template "kube-prometheus.alertmanager.fullname" . }}' + ports: + alertmanager: + enabled: true + port: 10087 + targetPort: 9093 + protocol: http + thanos: + enabled: true + selectorLabels: + app.kubernetes.io/name: prometheus + prometheus: '{{ template "kube-prometheus.prometheus.fullname" . }}' + ports: + thanos: + enabled: true + port: 10901 + targetPort: 10901 + protocol: http + +ingress: + main: + enabled: false + alertmanager: + enabled: false + thanos: + enabled: false + +#### +## Operator Config +#### + +env: + PROMETHEUS_CONFIG_RELOADER: + configMapKeyRef: + name: prometheus-operator-config + key: prometheus-config-reloader + +podOptions: + automountServiceAccountToken: true + +rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - alertmanagers.monitoring.coreos.com + - podmonitors.monitoring.coreos.com + - prometheuses.monitoring.coreos.com + - prometheusrules.monitoring.coreos.com + - servicemonitors.monitoring.coreos.com + - thanosrulers.monitoring.coreos.com + - probes.monitoring.coreos.com + resources: + - customresourcedefinitions + verbs: + - get + - update + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - alertmanagers/finalizers + - alertmanagerconfigs + - prometheuses + - prometheuses/finalizers + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - probes + - prometheusrules + verbs: + - "*" + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - "*" + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - "*" + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - delete + - apiGroups: + - "" + resources: + - services + - services/finalizers + - endpoints + verbs: + - get + - create + - update + - delete + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch + +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + enabled: true + primary: true + +securityContext: + readOnlyRootFilesystem: false + +probes: + # -- Liveness probe configuration + # @default -- See below + liveness: + custom: true + spec: + httpGet: + path: "/metrics" + port: promop + scheme: HTTP + + # -- Redainess probe configuration + # @default -- See below + readiness: + custom: true + spec: + httpGet: + path: "/metrics" + port: promop + scheme: HTTP + + # -- Startup probe configuration + # @default -- See below + startup: + custom: true + spec: + httpGet: + path: "/metrics" + port: promop + scheme: HTTP + +operator: + ## Create a servicemonitor for the operator + ## + serviceMonitor: + ## @param operator.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus Operator + ## + enabled: false + ## @param operator.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param operator.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param operator.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + + ## Prometheus Configmap-reload image to use for reloading configmaps + ## defaults to Bitnami Prometheus Operator (ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus-operator/tags/) + ## + prometheusConfigReloader: + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 20 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +#### +## Prometheus Config (Spawned by Operator) +#### + +## Deploy a Prometheus instance +## +prometheus: + ## @param prometheus.enabled Deploy Prometheus to the cluster + ## + enabled: true + ## Bitnami Prometheus image version + ## ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus/tags/ + ## @param prometheus.image.registry Prometheus image registry + ## @param prometheus.image.repository Prometheus image repository + ## @param prometheus.image.tag Prometheus Image tag (immutable tags are recommended) + ## @param prometheus.image.pullSecrets Specify docker-registry secret names as an array + ## + ## Service account for Prometheus to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param prometheus.serviceAccount.create Specify whether to create a ServiceAccount for Prometheus + ## + create: true + ## @param prometheus.serviceAccount.name The name of the ServiceAccount to create + ## If not set and create is true, a name is generated using the kube-prometheus.prometheus.fullname template + name: "" + ## @param prometheus.serviceAccount.annotations Additional annotations for created Prometheus ServiceAccount + ## annotations: + ## eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT:role/prometheus + ## + annotations: {} + ## Prometheus pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param prometheus.podSecurityContext.enabled Enable security context + ## @param prometheus.podSecurityContext.runAsUser User ID for the container + ## @param prometheus.podSecurityContext.fsGroup Group ID for the container filesystem + ## + podSecurityContext: + enabled: true + runAsUser: 1001 + fsGroup: 1001 + ## Prometheus containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param prometheus.containerSecurityContext.enabled Enable container security context + ## @param prometheus.containerSecurityContext.readOnlyRootFilesystem Mount / (root) as a readonly filesystem + ## @param prometheus.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off + ## @param prometheus.containerSecurityContext.runAsNonRoot Force the container to run as a non root user + ## @param prometheus.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped + ## + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + + serviceMonitor: + ## @param prometheus.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus itself + ## + enabled: true + ## @param prometheus.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param prometheus.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param prometheus.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + ## @param prometheus.externalUrl External URL used to access Prometheus + ## If not creating an ingress but still exposing the service some other way (like a proxy) + ## let Prometheus know what its external URL is so that it can properly create links + ## externalUrl: https://prometheus.example.com + ## + externalUrl: "" + ## @param prometheus.resources CPU/Memory resource requests/limits for node + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param prometheus.podAffinityPreset Prometheus Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param prometheus.podAntiAffinityPreset Prometheus Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param prometheus.nodeAffinityPreset.type Prometheus Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param prometheus.nodeAffinityPreset.key Prometheus Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param prometheus.nodeAffinityPreset.values Prometheus Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param prometheus.affinity Prometheus Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: prometheus.podAffinityPreset, prometheus.podAntiAffinityPreset, and prometheus.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param prometheus.nodeSelector Prometheus Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param prometheus.tolerations Prometheus Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param prometheus.scrapeInterval Interval between consecutive scrapes + ## + scrapeInterval: "15s" + ## @param prometheus.evaluationInterval Interval between consecutive evaluations + ## + evaluationInterval: "30s" + ## @param prometheus.listenLocal ListenLocal makes the Prometheus server listen on loopback + ## + listenLocal: false + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.livenessProbe.enabled Turn on and off liveness probe + ## @param prometheus.livenessProbe.path Path of the HTTP service for checking the healthy state + ## @param prometheus.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param prometheus.livenessProbe.periodSeconds How often to perform the probe + ## @param prometheus.livenessProbe.timeoutSeconds When the probe times out + ## @param prometheus.livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + path: /-/healthy + initialDelaySeconds: 0 + failureThreshold: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.readinessProbe.enabled Turn on and off readiness probe + ## @param prometheus.readinessProbe.path Path of the HTTP service for checking the ready state + ## @param prometheus.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param prometheus.readinessProbe.periodSeconds How often to perform the probe + ## @param prometheus.readinessProbe.timeoutSeconds When the probe times out + ## @param prometheus.readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + path: /-/ready + initialDelaySeconds: 0 + failureThreshold: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + ## @param prometheus.enableAdminAPI Enable Prometheus adminitrative API + ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis + ## + enableAdminAPI: false + ## @param prometheus.enableFeatures Enable access to Prometheus disabled features. + ## ref: https://prometheus.io/docs/prometheus/latest/disabled_features/ + ## + enableFeatures: [] + ## @param prometheus.alertingEndpoints Alertmanagers to which alerts will be sent + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints + ## + alertingEndpoints: [] + ## @param prometheus.externalLabels External labels to add to any time series or alerts when communicating with external systems + ## + externalLabels: {} + ## @param prometheus.replicaExternalLabelName Name of the external label used to denote replica name + ## + replicaExternalLabelName: "" + ## @param prometheus.replicaExternalLabelNameClear Clear external label used to denote replica name + ## + replicaExternalLabelNameClear: false + ## @param prometheus.routePrefix Prefix used to register routes, overriding externalUrl route + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / + ## @param prometheus.prometheusExternalLabelName Name of the external label used to denote Prometheus instance name + ## + prometheusExternalLabelName: "" + ## @param prometheus.prometheusExternalLabelNameClear Clear external label used to denote Prometheus instance name + ## + prometheusExternalLabelNameClear: false + ## @param prometheus.secrets Secrets that should be mounted into the Prometheus Pods + ## + secrets: [] + ## @param prometheus.configMaps ConfigMaps that should be mounted into the Prometheus Pods + ## + configMaps: [] + ## @param prometheus.querySpec The query command line flags when starting Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#queryspec + ## + querySpec: {} + ## @param prometheus.ruleNamespaceSelector Namespaces to be selected for PrometheusRules discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + ruleNamespaceSelector: {} + ## @param prometheus.ruleSelector PrometheusRules to be selected for target discovery + ## If {}, select all ServiceMonitors + ## + ruleSelector: {} + ## @param prometheus.serviceMonitorSelector ServiceMonitors to be selected for target discovery + ## If {}, select all ServiceMonitors + ## + serviceMonitorSelector: {} + ## @param prometheus.matchLabels Matchlabels + ## + matchLabels: {} + ## @param prometheus.serviceMonitorNamespaceSelector Namespaces to be selected for ServiceMonitor discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + serviceMonitorNamespaceSelector: {} + ## @param prometheus.podMonitorSelector PodMonitors to be selected for target discovery. + ## If {}, select all PodMonitors + ## + podMonitorSelector: {} + ## @param prometheus.podMonitorNamespaceSelector Namespaces to be selected for PodMonitor discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + podMonitorNamespaceSelector: {} + ## @param prometheus.probeSelector Probes to be selected for target discovery. + ## If {}, select all Probes + ## + probeSelector: {} + ## @param prometheus.probeNamespaceSelector Namespaces to be selected for Probe discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + probeNamespaceSelector: {} + ## @param prometheus.scrapeConfigSelector The scrapeConfigs to be selected for target discovery. + ## If {}, select all scrapeConfigs + ## + scrapeConfigSelector: {} + ## @param prometheus.scrapeConfigNamespaceSelector Namespaces to be selected for scrapeConfig discovery. + ## If {}, select all namespaces. + ## If nil, select own namespace. + scrapeConfigNamespaceSelector: {} + ## @param prometheus.retention Metrics retention days + ## + retention: 31d + ## @param prometheus.retentionSize Maximum size of metrics + ## + retentionSize: "" + ## @param prometheus.disableCompaction Disable the compaction of the Prometheus TSDB + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## ref: https://prometheus.io/docs/prometheus/latest/storage/#compaction + ## + disableCompaction: false + ## @param prometheus.walCompression Enable compression of the write-ahead log using Snappy + ## + walCompression: false + ## @param prometheus.paused If true, the Operator won't process any Prometheus configuration changes + ## + paused: false + ## @param prometheus.replicaCount Number of Prometheus replicas desired + ## + replicaCount: 1 + ## @param prometheus.logLevel Log level for Prometheus + ## + logLevel: info + ## @param prometheus.logFormat Log format for Prometheus + ## + logFormat: logfmt + ## @param prometheus.podMetadata [object] Standard object's metadata + ## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## + podMetadata: + ## labels: + ## app: prometheus + ## k8s-app: prometheus + ## + labels: {} + annotations: {} + ## @param prometheus.remoteRead The remote_read spec configuration for Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec + ## remoteRead: + ## - url: http://remote1/read + ## + remoteRead: [] + ## @param prometheus.remoteWrite The remote_write spec configuration for Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec + ## remoteWrite: + ## - url: http://remote1/push + ## + remoteWrite: [] + ## @param prometheus.storageSpec Prometheus StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Prometheus persistence parameters + ## + persistence: + ## @param prometheus.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect. + ## + enabled: true + ## @param prometheus.persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param prometheus.persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param prometheus.persistence.size Persistent Volume Size + ## + size: 999Gi + ## @param prometheus.priorityClassName Priority class assigned to the Pods + ## + priorityClassName: "" + ## @param prometheus.containers Containers allows injecting additional containers + ## + containers: [] + ## @param prometheus.volumes Volumes allows configuration of additional volumes + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + volumes: [] + ## @param prometheus.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + volumeMounts: [] + ## @param prometheus.additionalPrometheusRules PrometheusRule defines recording and alerting rules for a Prometheus instance. + additionalPrometheusRules: [] + ## - name: custom-recording-rules + ## groups: + ## - name: sum_node_by_job + ## rules: + ## - record: job:kube_node_labels:sum + ## expr: sum(kube_node_labels) by (job) + ## - name: sum_prometheus_config_reload_by_pod + ## rules: + ## - record: job:prometheus_config_last_reload_successful:sum + ## expr: sum(prometheus_config_last_reload_successful) by (pod) + ## - name: custom-alerting-rules + ## groups: + ## - name: prometheus-config + ## rules: + ## - alert: PrometheusConfigurationReload + ## expr: prometheus_config_last_reload_successful > 0 + ## for: 1m + ## labels: + ## severity: error + ## annotations: + ## summary: "Prometheus configuration reload (instance {{ $labels.instance }})" + ## description: "Prometheus configuration reload error\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" + ## - name: custom-node-exporter-alerting-rules + ## rules: + ## - alert: PhysicalComponentTooHot + ## expr: node_hwmon_temp_celsius > 75 + ## for: 5m + ## labels: + ## severity: warning + ## annotations: + ## summary: "Physical component too hot (instance {{ $labels.instance }})" + ## description: "Physical hardware component too hot\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" + ## - alert: NodeOvertemperatureAlarm + ## expr: node_hwmon_temp_alarm == 1 + ## for: 5m + ## labels: + ## severity: critical + ## annotations: + ## summary: "Node overtemperature alarm (instance {{ $labels.instance }})" + ## description: "Physical node temperature alarm triggered\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" + ## + ## Note that the prometheus will fail to provision if the correct secret does not exist. + ## @param prometheus.additionalScrapeConfigs.enabled Enable additional scrape configs + ## @param prometheus.additionalScrapeConfigs.type Indicates if the cart should use external additional scrape configs or internal configs + ## @param prometheus.additionalScrapeConfigs.external.name Name of the secret that Prometheus should use for the additional external scrape configuration + ## @param prometheus.additionalScrapeConfigs.external.key Name of the key inside the secret to be used for the additional external scrape configuration + ## @param prometheus.additionalScrapeConfigs.internal.jobList A list of Prometheus scrape jobs + ## + additionalScrapeConfigs: + enabled: false + type: external + external: + ## Name of the secret that Prometheus should use for the additional scrape configuration + ## + name: "" + ## Name of the key inside the secret to be used for the additional scrape configuration. + ## + key: "" + internal: + jobList: [] + ## @param prometheus.additionalScrapeConfigsExternal.enabled Deprecated: Enable additional scrape configs that are managed externally to this chart + ## @param prometheus.additionalScrapeConfigsExternal.name Deprecated: Name of the secret that Prometheus should use for the additional scrape configuration + ## @param prometheus.additionalScrapeConfigsExternal.key Deprecated: Name of the key inside the secret to be used for the additional scrape configuration + ## + additionalScrapeConfigsExternal: + enabled: false + name: "" + key: "" + ## Enable additional Prometheus alert relabel configs that are managed externally to this chart + ## Note that the prometheus will fail to provision if the correct secret does not exist. + ## @param prometheus.additionalAlertRelabelConfigsExternal.enabled Enable additional Prometheus alert relabel configs that are managed externally to this chart + ## @param prometheus.additionalAlertRelabelConfigsExternal.name Name of the secret that Prometheus should use for the additional Prometheus alert relabel configuration + ## @param prometheus.additionalAlertRelabelConfigsExternal.key Name of the key inside the secret to be used for the additional Prometheus alert relabel configuration + ## + additionalAlertRelabelConfigsExternal: + enabled: false + name: "" + key: "" + ## Thanos sidecar container configuration + ## + thanos: + ## @param prometheus.thanos.create Create a Thanos sidecar container + ## + create: false + ## Bitnami Thanos image + ## ref: https://hub.docker.com/r/tccr.io/truecharts/thanos/tags/ + ## @param prometheus.thanos.image.registry Thanos image registry + ## @param prometheus.thanos.image.repository Thanos image name + ## @param prometheus.thanos.image.tag Thanos image tag + ## @param prometheus.thanos.image.pullPolicy Thanos image pull policy + ## @param prometheus.thanos.image.pullSecrets Specify docker-registry secret names as an array + ## + ## Thanos Sidecar container's securityContext + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param prometheus.thanos.containerSecurityContext.enabled Enable container security context + ## @param prometheus.thanos.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem + ## @param prometheus.thanos.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off + ## @param prometheus.thanos.containerSecurityContext.runAsNonRoot Force the container to run as a non root user + ## @param prometheus.thanos.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped + ## + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + ## @param prometheus.thanos.prometheusUrl Override default prometheus url "http://localhost:9090" + ## + prometheusUrl: "" + ## @param prometheus.thanos.extraArgs Additional arguments passed to the thanos sidecar container + ## extraArgs: + ## - --log.level=debug + ## - --tsdb.path=/data/ + ## + extraArgs: [] + ## @param prometheus.thanos.objectStorageConfig Support mounting a Secret for the objectStorageConfig of the sideCar container. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/thanos.md + ## objectStorageConfig: + ## secretName: thanos-objstore-config + ## secretKey: thanos.yaml + ## + objectStorageConfig: {} + ## ref: https://github.com/thanos-io/thanos/blob/main/docs/components/sidecar.md + ## @param prometheus.thanos.extraVolumeMounts Additional volumeMounts from `prometheus.volumes` for thanos sidecar container + ## extraVolumeMounts: + ## - name: my-secret-volume + ## mountPath: /etc/thanos/secrets/my-secret + ## + extraVolumeMounts: [] + ## Thanos sidecar container resource requests and limits. + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param prometheus.thanos.resources.limits The resources limits for the Thanos sidecar container + ## @param prometheus.thanos.resources.requests The resources requests for the Thanos sidecar container + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + requests: {} + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.thanos.livenessProbe.enabled Turn on and off liveness probe + ## @param prometheus.thanos.livenessProbe.path Path of the HTTP service for checking the healthy state + ## @param prometheus.thanos.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param prometheus.thanos.livenessProbe.periodSeconds How often to perform the probe + ## @param prometheus.thanos.livenessProbe.timeoutSeconds When the probe times out + ## @param prometheus.thanos.livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.thanos.livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + path: /-/healthy + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.thanos.readinessProbe.enabled Turn on and off readiness probe + ## @param prometheus.thanos.readinessProbe.path Path of the HTTP service for checking the ready state + ## @param prometheus.thanos.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param prometheus.thanos.readinessProbe.periodSeconds How often to perform the probe + ## @param prometheus.thanos.readinessProbe.timeoutSeconds When the probe times out + ## @param prometheus.thanos.readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.thanos.readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + path: /-/ready + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## Thanos Sidecar Service + ## + service: + ## @param prometheus.thanos.service.type Kubernetes service type + ## + type: ClusterIP + ## @param prometheus.thanos.service.port Thanos service port + ## + port: 10901 + ## @param prometheus.thanos.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` to create headless service by default. + ## Use a "headless" service by default so it returns every pod's IP instead of loadbalancing requests. + ## + clusterIP: None + ## @param prometheus.thanos.service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## e.g: + ## nodePort: 30901 + ## + nodePort: "" + ## @param prometheus.thanos.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param prometheus.thanos.service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer` + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param prometheus.thanos.service.annotations Additional annotations for Prometheus service + ## + annotations: {} + ## @param prometheus.thanos.service.extraPorts Additional ports to expose from the Thanos sidecar container + ## extraPorts: + ## - name: http + ## port: 10902 + ## targetPort: http + ## protocol: tcp + ## + extraPorts: [] + ## @param prometheus.portName Port name used for the pods and governing service. This defaults to web + ## + portName: main + +#### +## Alert Manager Config +#### + +## @section Alertmanager Parameters + +## Configuration for alertmanager +## ref: https://prometheus.io/docs/alerting/alertmanager/ +## +alertmanager: + ## @param alertmanager.enabled Deploy Alertmanager to the cluster + ## + enabled: true + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param alertmanager.serviceAccount.create Specify whether to create a ServiceAccount for Alertmanager + ## + create: true + ## @param alertmanager.serviceAccount.name The name of the ServiceAccount to create + ## If not set and create is true, a name is generated using the kube-prometheus.alertmanager.fullname template + name: "" + ## Prometheus Alertmanager pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param alertmanager.podSecurityContext.enabled Enable security context + ## @param alertmanager.podSecurityContext.runAsUser User ID for the container + ## @param alertmanager.podSecurityContext.fsGroup Group ID for the container filesystem + ## + podSecurityContext: + enabled: true + runAsUser: 1001 + fsGroup: 1001 + ## Prometheus Alertmanager container's securityContext + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param alertmanager.containerSecurityContext.enabled Enable container security context + ## @param alertmanager.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem + ## @param alertmanager.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off + ## @param alertmanager.containerSecurityContext.runAsNonRoot Force the container to run as a non root user + ## @param alertmanager.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped + ## + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + ## Configure pod disruption budgets for Alertmanager + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## @param alertmanager.podDisruptionBudget.enabled Create a pod disruption budget for Alertmanager + ## @param alertmanager.podDisruptionBudget.minAvailable Minimum number / percentage of pods that should remain scheduled + ## @param alertmanager.podDisruptionBudget.maxUnavailable Maximum number / percentage of pods that may be made unavailable + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + ## If true, create a serviceMonitor for alertmanager + ## + serviceMonitor: + ## @param alertmanager.serviceMonitor.enabled Creates a ServiceMonitor to monitor Alertmanager + ## + enabled: true + ## @param alertmanager.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param alertmanager.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param alertmanager.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + ## @param alertmanager.externalUrl External URL used to access Alertmanager + ## e.g: + ## externalUrl: https://alertmanager.example.com + ## + externalUrl: "" + ## @param alertmanager.resources CPU/Memory resource requests/limits for node + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param alertmanager.podAffinityPreset Alertmanager Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param alertmanager.podAntiAffinityPreset Alertmanager Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param alertmanager.nodeAffinityPreset.type Alertmanager Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param alertmanager.nodeAffinityPreset.key Alertmanager Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param alertmanager.nodeAffinityPreset.values Alertmanager Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param alertmanager.affinity Alertmanager Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: alertmanager.podAffinityPreset, alertmanager.podAntiAffinityPreset, and alertmanager.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param alertmanager.nodeSelector Alertmanager Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param alertmanager.tolerations Alertmanager Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Alertmanager configuration + ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file + ## @param alertmanager.config [object] Alertmanager configuration directive + ## @skip alertmanager.config.route.group_by + ## @skip alertmanager.config.route.routes + ## @skip alertmanager.config.receivers + ## + config: + global: + resolve_timeout: 5m + route: + group_by: + - job + group_wait: 30s + group_interval: 5m + repeat_interval: 12h + receiver: "null" + routes: + - match: + alertname: Watchdog + receiver: "null" + receivers: + - name: "null" + ## @param alertmanager.externalConfig Alertmanager configuration is created externally. If true, `alertmanager.config` is ignored, and a secret will not be created. + ## Alertmanager requires a secret named `alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }}` + ## It must contain: + ## alertmanager.yaml: + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/alerting.md#alerting + ## + externalConfig: false + ## @param alertmanager.replicaCount Number of Alertmanager replicas desired + ## + replicaCount: 1 + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param alertmanager.livenessProbe.enabled Turn on and off liveness probe + ## @param alertmanager.livenessProbe.path Path of the HTTP service for checking the healthy state + ## @param alertmanager.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param alertmanager.livenessProbe.periodSeconds How often to perform the probe + ## @param alertmanager.livenessProbe.timeoutSeconds When the probe times out + ## @param alertmanager.livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param alertmanager.livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + path: /-/healthy + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param alertmanager.readinessProbe.enabled Turn on and off readiness probe + ## @param alertmanager.readinessProbe.path Path of the HTTP service for checking the ready state + ## @param alertmanager.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param alertmanager.readinessProbe.periodSeconds How often to perform the probe + ## @param alertmanager.readinessProbe.timeoutSeconds When the probe times out + ## @param alertmanager.readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param alertmanager.readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + path: /-/ready + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## @param alertmanager.logLevel Log level for Alertmanager + ## + logLevel: info + ## @param alertmanager.logFormat Log format for Alertmanager + ## + logFormat: logfmt + ## @param alertmanager.podMetadata [object] Standard object's metadata. + ## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## + podMetadata: + labels: {} + annotations: {} + ## @param alertmanager.secrets Secrets that should be mounted into the Alertmanager Pods + ## + secrets: [] + ## @param alertmanager.configMaps ConfigMaps that should be mounted into the Alertmanager Pods + ## + configMaps: [] + ## @param alertmanager.retention Metrics retention days + ## + retention: 240h + ## @param alertmanager.storageSpec Alertmanager StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Alertmanager persistence parameters + ## + persistence: + ## @param alertmanager.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect. + ## If you want to use this configuration make sure the storageSpec is not provided. + ## + enabled: true + ## @param alertmanager.persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param alertmanager.persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param alertmanager.persistence.size Persistent Volume Size + ## + size: 999Gi + ## @param alertmanager.paused If true, the Operator won't process any Alertmanager configuration changes + ## + paused: false + ## @param alertmanager.listenLocal ListenLocal makes the Alertmanager server listen on loopback + ## + listenLocal: false + ## @param alertmanager.containers Containers allows injecting additional containers + ## + containers: [] + ## @param alertmanager.volumes Volumes allows configuration of additional volumes. Evaluated as a template + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec + ## + volumes: [] + ## @param alertmanager.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/pi.md#alertmanagerspec + ## + volumeMounts: [] + ## @param alertmanager.priorityClassName Priority class assigned to the Pods + ## + priorityClassName: "" + ## @param alertmanager.additionalPeers AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster + ## + additionalPeers: [] + ## @param alertmanager.routePrefix Prefix used to register routes, overriding externalUrl route + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / + ## @param alertmanager.portName Port name used for the pods and governing service. This defaults to web + ## + portName: alertmanager + ## @param alertmanager.configNamespaceSelector AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. This defaults to {} + ## + configNamespaceSelector: {} + ## @param alertmanager.configSelector Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. This defaults to {} + ## + configSelector: {} + +#### +## Exporters +#### + +## @section Exporters + +## Exporters +## +exporters: + node-exporter: + ## @param exporters.node-exporter.enabled Enable node-exporter + ## + enabled: true + kube-state-metrics: + ## @param exporters.kube-state-metrics.enabled Enable kube-state-metrics + ## + enabled: true + +## @param kube-state-metrics [object] Node Exporter deployment configuration +## +kube-state-metrics: + serviceMonitor: + enabled: true + honorLabels: true + +## Component scraping for kubelet and kubelet hosted cAdvisor +## +kubelet: + ## @param kubelet.enabled Create a ServiceMonitor to scrape kubelet service + ## + enabled: true + ## @param kubelet.namespace Namespace where kubelet service is deployed. Related configuration `operator.kubeletService.namespace` + ## + namespace: kube-system + serviceMonitor: + ## @param kubelet.serviceMonitor.https Enable scraping of the kubelet over HTTPS + ## + https: true + ## @param kubelet.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param kubelet.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param kubelet.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + ## @param kubelet.serviceMonitor.cAdvisorMetricRelabelings Metric relabeling for scraping cAdvisor + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + cAdvisorMetricRelabelings: [] + ## @param kubelet.serviceMonitor.cAdvisorRelabelings Relabel configs for scraping cAdvisor + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + cAdvisorRelabelings: [] +## Component scraping the kube-apiserver +## +kubeApiServer: + ## @param kubeApiServer.enabled Create a ServiceMonitor to scrape kube-apiserver service + ## + enabled: true + serviceMonitor: + ## @param kubeApiServer.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param kubeApiServer.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param kubeApiServer.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] +## Component scraping the kube-controller-manager +## +kubeControllerManager: + ## @param kubeControllerManager.enabled Create a ServiceMonitor to scrape kube-controller-manager service + ## + enabled: false + ## @param kubeControllerManager.endpoints If your kube controller manager is not deployed as a pod, specify IPs it can be found on + ## endpoints: + ## - 10.141.4.22 + ## - 10.141.4.23 + ## - 10.141.4.24 + ## + endpoints: [] + ## @param kubeControllerManager.namespace Namespace where kube-controller-manager service is deployed. + ## + namespace: kube-system + ## Service ports and selector information + ## @param kubeControllerManager.service.enabled Whether or not to create a Service object for kube-controller-manager + ## @param kubeControllerManager.service.port Listening port of the kube-controller-manager Service object + ## @param kubeControllerManager.service.targetPort Port to target on the kube-controller-manager Pods. This should be the port that kube-controller-manager is exposing metrics on + ## @param kubeControllerManager.service.selector Optional PODs Label selector for the service + ## + service: + enabled: true + port: 10252 + targetPort: 10252 + ## selector: + ## component: kube-controller-manager + ## + selector: {} + serviceMonitor: + ## @param kubeControllerManager.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param kubeControllerManager.serviceMonitor.https Enable scraping kube-controller-manager over https + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + ## @param kubeControllerManager.serviceMonitor.insecureSkipVerify Skip TLS certificate validation when scraping + ## + insecureSkipVerify: "" + ## @param kubeControllerManager.serviceMonitor.serverName Name of the server to use when validating TLS certificate + serverName: "" + ## @param kubeControllerManager.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param kubeControllerManager.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] +## Component scraping kube scheduler +## +kubeScheduler: + ## @param kubeScheduler.enabled Create a ServiceMonitor to scrape kube-scheduler service + ## + enabled: false + ## @param kubeScheduler.endpoints If your kube scheduler is not deployed as a pod, specify IPs it can be found on + ## endpoints: + ## - 10.141.4.22 + ## - 10.141.4.23 + ## - 10.141.4.24 + ## + endpoints: [] + ## @param kubeScheduler.namespace Namespace where kube-scheduler service is deployed. + ## + namespace: kube-system + ## If using kubeScheduler.endpoints only the port and targetPort are used + ## @param kubeScheduler.service.enabled Whether or not to create a Service object for kube-scheduler + ## @param kubeScheduler.service.port Listening port of the kube scheduler Service object + ## @param kubeScheduler.service.targetPort Port to target on the kube scheduler Pods. This should be the port that kube scheduler is exposing metrics on + ## @param kubeScheduler.service.selector Optional PODs Label selector for the service + ## + service: + enabled: true + port: 10251 + targetPort: 10251 + ## selector: + ## component: kube-scheduler + ## + selector: {} + serviceMonitor: + ## @param kubeScheduler.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## + interval: "" + ## @param kubeScheduler.serviceMonitor.https Enable scraping kube-scheduler over https + ## Requires proper certs (not self-signed) and delegated authentication/authorization checks + ## + https: false + ## @param kubeScheduler.serviceMonitor.insecureSkipVerify Skip TLS certificate validation when scraping + ## + insecureSkipVerify: "" + ## @param kubeScheduler.serviceMonitor.serverName Name of the server to use when validating TLS certificate + ## + serverName: "" + ## @param kubeScheduler.serviceMonitor.metricRelabelings Metric relabeling + ## metricRelabelings: + ## - action: keep + ## regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + ## sourceLabels: [__name__] + ## + metricRelabelings: [] + ## @param kubeScheduler.serviceMonitor.relabelings Relabel configs + ## relabelings: + ## - sourceLabels: [__meta_kubernetes_pod_node_name] + ## separator: ; + ## regex: ^(.*)$ + ## targetLabel: nodename + ## replacement: $1 + ## action: replace + ## + relabelings: [] +## Component scraping coreDns +## +coreDns: + ## @param coreDns.enabled Create a ServiceMonitor to scrape coredns service + ## + enabled: true + ## @param coreDns.namespace Namespace where core dns service is deployed. + ## + namespace: kube-system + ## Create a ServiceMonitor to scrape coredns service + ## @param coreDns.service.enabled Whether or not to create a Service object for coredns + ## @param coreDns.service.port Listening port of the coredns Service object + ## @param coreDns.service.targetPort Port to target on the coredns Pods. This should be the port that coredns is exposing metrics on + ## @param coreDns.service.selector Optional PODs Label selector for the service + ## + service: + enabled: true + port: 9153 + targetPort: 9153 + ## selector: + ## component: kube-dns + ## + selector: {} + serviceMonitor: + ## @param coreDns.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. + ## + interval: "" + ## @param coreDns.serviceMonitor.metricRelabelings Metric relabel configs to apply to samples before ingestion. + ## metricRelabelings: + ## - action: keep + ## regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+' + ## sourceLabels: [__name__] + ## + metricRelabelings: [] + ## @param coreDns.serviceMonitor.relabelings Relabel configs to apply to samples before ingestion. + ## relabelings: + ## - sourceLabels: [__meta_kubernetes_pod_node_name] + ## separator: ; + ## regex: ^(.*)$ + ## targetLabel: nodename + ## replacement: $1 + ## action: replace + ## + relabelings: [] +## Component scraping the kube-proxy +## +kubeProxy: + ## @param kubeProxy.enabled Create a ServiceMonitor to scrape the kube-proxy Service + ## + enabled: false + +portal: + open: + enabled: true diff --git a/enterprise/prometheus/13.0.16/questions.yaml b/enterprise/prometheus/13.0.16/questions.yaml new file mode 100644 index 0000000000..255dbc88be --- /dev/null +++ b/enterprise/prometheus/13.0.16/questions.yaml @@ -0,0 +1,1418 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" +questions: + - variable: operator + group: "App Configuration" + label: "Operator Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: logLevel + label: "Log Level" + description: "Log level for Operator" + schema: + type: string + default: "info" + + - variable: prometheus + group: "App Configuration" + label: "Prometheus Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: logLevel + label: "Log Level" + description: "Log level for Prometheus" + schema: + type: string + default: "info" + - variable: retention + label: "Retention" + description: "Metrics retention days" + schema: + type: string + default: "31d" + - variable: retentionSize + label: "Max Retention Size" + description: "Maximum size of metrics" + schema: + type: string + default: "" + - variable: scrapeInterval + label: "Scrape interval" + description: "Interval between consecutive scrapes" + schema: + type: string + default: "15s" + - variable: evaluationInterval + label: "Evaluation interval" + description: "Interval between consecutive evaluations" + schema: + type: string + default: "30s" + - variable: disableCompaction + label: "Disable Compaction" + description: "Disable the compaction of the Prometheus TSDB" + schema: + type: boolean + default: false + - variable: walCompression + label: "WAL Compression" + description: "Enable compression of the write-ahead log using Snappy" + schema: + type: boolean + default: false + - variable: remoteWrite + label: "Remote Write" + schema: + type: list + default: [] + items: + - variable: remoteWriteEntry + label: Remote Write Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: url + label: URL + description: Remote write destination URL + schema: + type: string + required: true + default: "" + - variable: basicAuth + label: Basic Auth + description: Basic authentication for remote write + schema: + type: dict + attrs: + - variable: username + label: Username + description: Basic auth username + schema: + type: string + required: true + default: "" + - variable: password + label: Password + description: Basic auth password + schema: + type: string + required: false + default: "" + + - variable: exporters + group: "App Configuration" + label: "Exporter Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: node-exporter + label: "node-exporter" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + - variable: kube-state-metrics + label: "Kube-State-Metrics" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + + - variable: alertmanager + group: "App Configuration" + label: "Alertmanager Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: logLevel + label: "Log Level" + description: "Log level for Alertmanager" + schema: + type: string + default: "info" + - variable: retention + label: "Retention" + description: "Metrics retention days" + schema: + type: string + default: "240h" + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The serving the Prometheus WebUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10086 + required: true + - variable: alertmanager + label: "alertmanager Service" + description: "alertmanager service " + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: alertmanager + label: "alertmanager Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10087 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + show_if: [["advanced", "=", true]] + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + show_if: [["advanced", "=", true]] + default: false + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: certificateIssuer + label: certificateIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP diff --git a/operators/cloudnative-pg/2.0.11/templates/NOTES.txt b/enterprise/prometheus/13.0.16/templates/NOTES.txt similarity index 100% rename from operators/cloudnative-pg/2.0.11/templates/NOTES.txt rename to enterprise/prometheus/13.0.16/templates/NOTES.txt diff --git a/enterprise/prometheus/13.0.16/templates/_helpers.tpl b/enterprise/prometheus/13.0.16/templates/_helpers.tpl new file mode 100644 index 0000000000..1f44049ac4 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/_helpers.tpl @@ -0,0 +1,210 @@ +{{/* Name suffixed with operator */}} +{{- define "kube-prometheus.fullname" -}} +{{- printf "%s" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with operator */}} +{{- define "kube-prometheus.name" -}} +{{- printf "%s" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with operator */}} +{{- define "kube-prometheus.operator.name" -}} +{{- printf "%s-operator" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with prometheus */}} +{{- define "kube-prometheus.prometheus.name" -}} +{{- printf "%s-prometheus" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with alertmanager */}} +{{- define "kube-prometheus.alertmanager.name" -}} +{{- printf "%s-alertmanager" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with thanos */}} +{{- define "kube-prometheus.thanos.name" -}} +{{- printf "%s-thanos" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with operator */}} +{{- define "kube-prometheus.operator.fullname" -}} +{{- printf "%s-operator" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with prometheus */}} +{{- define "kube-prometheus.prometheus.fullname" -}} +{{- printf "%s-prometheus" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with alertmanager */}} +{{- define "kube-prometheus.alertmanager.fullname" -}} +{{- printf "%s-alertmanager" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with thanos */}} +{{- define "kube-prometheus.thanos.fullname" -}} +{{- printf "%s-thanos" (include "kube-prometheus.prometheus.fullname" .) -}} +{{- end }} + +{{- define "kube-prometheus.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common Labels +*/}} +{{- define "kube-prometheus.labels" -}} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 0 }} + {{- end }} +{{- if .Values.global.labels }} +{{ toYaml .Values.global.labels }} +{{- end }} +{{- end -}} + +{{/* +Labels for operator +*/}} +{{- define "kube-prometheus.operator.labels" -}} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 0 }} + {{- end }} +app.kubernetes.io/component: operator +{{- end -}} + +{{/* +Labels for prometheus +*/}} +{{- define "kube-prometheus.prometheus.labels" -}} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 0 }} + {{- end }} +app.kubernetes.io/component: prometheus +{{- end -}} + +{{/* +Labels for alertmanager +*/}} +{{- define "kube-prometheus.alertmanager.labels" -}} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 0 }} + {{- end }} +app.kubernetes.io/component: alertmanager +{{- end -}} + +{{/* +matchLabels for operator +*/}} +{{- define "kube-prometheus.operator.matchLabels" -}} +{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ )}} +app.kubernetes.io/component: operator +{{- end -}} + +{{/* +matchLabels for prometheus +*/}} +{{- define "kube-prometheus.prometheus.matchLabels" -}} +{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ )}} +app.kubernetes.io/component: prometheus +{{- end -}} + +{{/* +matchLabels for alertmanager +*/}} +{{- define "kube-prometheus.alertmanager.matchLabels" -}} +{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ )}} +app.kubernetes.io/component: alertmanager +{{- end -}} + +{{/* +Return the proper Prometheus Operator image name +*/}} +{{- define "kube-prometheus.image" -}} +{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Prometheus Operator Reloader image name +*/}} +{{- define "kube-prometheus.prometheusConfigReloader.image" -}} +{{- include "kube-prometheus.image" . -}} +{{- end -}} + +{{/* +Return the proper Prometheus Image name +*/}} +{{- define "kube-prometheus.prometheus.image" -}} +{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Thanos Image name +*/}} +{{- define "kube-prometheus.prometheus.thanosImage" -}} +{{ printf "%s:%s" .Values.thanosImage.repository (default .Chart.AppVersion .Values.thanosImage.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Alertmanager Image name +*/}} +{{- define "kube-prometheus.alertmanager.image" -}} +{{ printf "%s:%s" .Values.alertmanagerImage.repository (default .Chart.AppVersion .Values.alertmanagerImage.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "kube-prometheus.imagePullSecrets" -}} +{{- end -}} + +{{/* +Create the name of the operator service account to use +*/}} +{{- define "kube-prometheus.operator.serviceAccountName" -}} +{{- if .Values.operator.serviceAccount.create -}} + {{ default (include "kube-prometheus.operator.fullname" .) .Values.operator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.operator.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the prometheus service account to use +*/}} +{{- define "kube-prometheus.prometheus.serviceAccountName" -}} +{{- if .Values.prometheus.serviceAccount.create -}} + {{ default (include "kube-prometheus.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.prometheus.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the alertmanager service account to use +*/}} +{{- define "kube-prometheus.alertmanager.serviceAccountName" -}} +{{- if .Values.alertmanager.serviceAccount.create -}} + {{ default (include "kube-prometheus.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.alertmanager.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "kube-prometheus.validateValues" -}} +{{- $messages := list -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} diff --git a/enterprise/prometheus/13.0.16/templates/alertmanager/_alertmanager.tpl b/enterprise/prometheus/13.0.16/templates/alertmanager/_alertmanager.tpl new file mode 100644 index 0000000000..ed5e24e9da --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/alertmanager/_alertmanager.tpl @@ -0,0 +1,174 @@ +{{- define "prometheus.alertmanager.alertmanager" -}} +{{- if .Values.alertmanager.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: Alertmanager +metadata: + name: {{ template "kube-prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.alertmanager.replicaCount }} + serviceAccountName: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }} + {{- if .Values.alertmanager.image }} + image: {{ template "kube-prometheus.alertmanager.image" . }} + {{- end }} + listenLocal: {{ .Values.alertmanager.listenLocal }} + {{- if index .Values.alertmanager "externalUrl" }} + externalUrl: "{{ .Values.alertmanager.externalUrl }}" + {{- else if and .Values.ingress.alertmanager.enabled .Values.ingress.alertmanager.hosts }} + externalUrl: {{ if .Values.ingress.alertmanager.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.alertmanager.hosts 0).name }}{{ .Values.alertmanager.routePrefix }} + {{- else }} + externalUrl: http://{{ template "kube-prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.alertmanager.ports.alertmanager.port }}{{ .Values.alertmanager.routePrefix }} + {{- end }} + portName: "{{ .Values.alertmanager.portName }}" + paused: {{ .Values.alertmanager.paused }} + logFormat: {{ .Values.alertmanager.logFormat }} + logLevel: {{ .Values.alertmanager.logLevel }} + retention: {{ .Values.alertmanager.retention }} + {{- if .Values.alertmanager.secrets }} + secrets: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.secrets "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.configMaps }} + configMaps: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.configMaps "context" $) | nindent 4 }} + {{- end }} + resources: {{- toYaml .Values.alertmanager.resources | nindent 4 }} + routePrefix: "{{ .Values.alertmanager.routePrefix }}" + {{- if .Values.alertmanager.podSecurityContext.enabled }} + securityContext: {{- omit .Values.alertmanager.podSecurityContext "enabled" | toYaml | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.storageSpec }} + storage: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.storageSpec "context" $) | nindent 4 }} + {{- else }} + {{- if .Values.alertmanager.persistence.enabled }} + storage: + volumeClaimTemplate: + spec: + accessModes: + {{- range .Values.alertmanager.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.alertmanager.persistence.size | quote }} + {{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" . "objectData" .Values.prometheus.persistence )) | trim }} + storageClassName: {{ . }} + {{- end }} + {{- end }} + {{- end }} + {{- if or .Values.alertmanager.podMetadata.labels .Values.alertmanager.podMetadata.annotations (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }} + podMetadata: + labels: + {{- if .Values.alertmanager.podMetadata.labels }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.labels "context" $) | nindent 6 }} + {{- end }} + {{- if or (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }} + {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }} + {{- end }} + {{- if .Values.alertmanager.podMetadata.annotations }} + annotations: + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.annotations "context" $) | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.affinity }} + affinity: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.affinity "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.nodeSelector }} + nodeSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.nodeSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.tolerations }} + tolerations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.tolerations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.volumes }} + volumes: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.volumes "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.volumeMounts }} + volumeMounts: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.volumeMounts "context" $) | nindent 4 }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }} + {{- if or .Values.alertmanager.containers .Values.alertmanager.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + containers: + {{- if or .Values.alertmanager.containerSecurityContext.enabled .Values.alertmanager.livenessProbe.enabled .Values.alertmanager.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: alertmanager + {{- if .Values.alertmanager.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.alertmanager.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.alertmanager.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.alertmanager.livenessProbe.path }} + port: alertmanager + scheme: HTTP + initialDelaySeconds: {{ .Values.alertmanager.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.alertmanager.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.alertmanager.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.alertmanager.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.alertmanager.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.alertmanager.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.alertmanager.readinessProbe.path }} + port: alertmanager + scheme: HTTP + initialDelaySeconds: {{ .Values.alertmanager.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.alertmanager.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.alertmanager.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.alertmanager.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.alertmanager.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: config-reloader + {{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.containers }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.containers "context" $) | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.priorityClassName }} + priorityClassName: {{ .Values.alertmanager.priorityClassName }} + {{- end }} + {{- if .Values.alertmanager.additionalPeers }} + additionalPeers: {{ .Values.alertmanager.additionalPeers }} + {{- end }} + {{- if .Values.alertmanager.configNamespaceSelector }} + alertmanagerConfigNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.configNamespaceSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.configSelector }} + alertmanagerConfigSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.configSelector "context" $) | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/alertmanager/secrets.yaml b/enterprise/prometheus/13.0.16/templates/alertmanager/secrets.yaml new file mode 100644 index 0000000000..9a6f518f35 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/alertmanager/secrets.yaml @@ -0,0 +1,13 @@ +{{- if (and .Values.alertmanager.enabled (not .Values.alertmanager.externalConfig) ) }} +apiVersion: v1 +kind: Secret +metadata: + name: alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} +data: + alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }} +{{- range $key, $val := .Values.alertmanager.templateFiles }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/alertmanager/serviceaccount.yaml b/enterprise/prometheus/13.0.16/templates/alertmanager/serviceaccount.yaml new file mode 100644 index 0000000000..a6f438889a --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/alertmanager/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} + {{- if index .Values.alertmanager.serviceAccount "annotations" }} + annotations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/alertmanager/servicemonitor.yaml b/enterprise/prometheus/13.0.16/templates/alertmanager/servicemonitor.yaml new file mode 100644 index 0000000000..ef0e02d387 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/alertmanager/servicemonitor.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} +spec: + selector: + matchLabels: {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + {{- if .Values.alertmanager.serviceMonitor.interval }} + interval: {{ .Values.alertmanager.serviceMonitor.interval }} + {{- end }} + path: {{ trimSuffix "/" .Values.alertmanager.routePrefix }}/metrics + {{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.alertmanager.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 8 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/common.yaml b/enterprise/prometheus/13.0.16/templates/common.yaml new file mode 100644 index 0000000000..61364503a7 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/common.yaml @@ -0,0 +1,13 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- include "prometheus.prometheus.prometheus" . }} +{{- include "prometheus.prometheus.additionalprometheusrules" . }} +{{- include "prometheus.prometheus.additionalscrapejobs" . }} +{{- include "prometheus.prometheus.servicemonitor" . }} + +{{- include "prometheus.alertmanager.alertmanager" . }} + + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/enterprise/prometheus/13.0.16/templates/exporters/core-dns/service.yaml b/enterprise/prometheus/13.0.16/templates/exporters/core-dns/service.yaml new file mode 100644 index 0000000000..359c945de4 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/exporters/core-dns/service.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.coreDns.enabled .Values.coreDns.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus.fullname" . }}-coredns + namespace: {{ .Values.coreDns.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.coreDns.service.port }} + protocol: TCP + targetPort: {{ .Values.coreDns.service.targetPort }} + selector: + {{- if .Values.coreDns.service.selector }} +{{ toYaml .Values.coreDns.service.selector | indent 4 }} + {{- else}} + k8s-app: kube-dns + {{- end}} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/exporters/core-dns/servicemonitor.yaml b/enterprise/prometheus/13.0.16/templates/exporters/core-dns/servicemonitor.yaml new file mode 100644 index 0000000000..8906b87f8e --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/exporters/core-dns/servicemonitor.yaml @@ -0,0 +1,29 @@ +{{- if .Values.coreDns.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-coredns + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns +spec: + jobLabel: k8s-app + selector: + matchLabels: + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-coredns + namespaceSelector: + matchNames: + - {{ .Values.coreDns.namespace }} + endpoints: + - port: http-metrics + {{- if .Values.coreDns.serviceMonitor.interval}} + interval: {{ .Values.coreDns.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.coreDns.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.coreDns.serviceMonitor.relabelings }} + relabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.coreDns.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/exporters/kube-apiserver/servicemonitor.yaml b/enterprise/prometheus/13.0.16/templates/exporters/kube-apiserver/servicemonitor.yaml new file mode 100644 index 0000000000..7cfbb53f37 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/exporters/kube-apiserver/servicemonitor.yaml @@ -0,0 +1,35 @@ +{{- if .Values.kubeApiServer.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-apiserver + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: apiserver +spec: + jobLabel: component + selector: + matchLabels: + component: apiserver + provider: kubernetes + namespaceSelector: + matchNames: + - default + endpoints: + - port: https + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeApiServer.serviceMonitor.interval }} + interval: {{ .Values.kubeApiServer.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubeApiServer.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubeApiServer.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubeApiServer.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.kubeApiServer.serviceMonitor.relabelings | nindent 8 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/exporters/kube-controller-manager/endpoints.yaml b/enterprise/prometheus/13.0.16/templates/exporters/kube-controller-manager/endpoints.yaml new file mode 100644 index 0000000000..13aa60ebf6 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/exporters/kube-controller-manager/endpoints.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager + namespace: {{ .Values.kubeControllerManager.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: kube-controller-manager +subsets: + - addresses: + {{- range .Values.kubeControllerManager.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeControllerManager.service.port }} + protocol: TCP +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/exporters/kube-controller-manager/service.yaml b/enterprise/prometheus/13.0.16/templates/exporters/kube-controller-manager/service.yaml new file mode 100644 index 0000000000..6a45535983 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/exporters/kube-controller-manager/service.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.kubeControllerManager.enabled .Values.kubeControllerManager.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager + namespace: {{ .Values.kubeControllerManager.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeControllerManager.service.port }} + protocol: TCP + targetPort: {{ .Values.kubeControllerManager.service.targetPort }} +{{- if .Values.kubeControllerManager.endpoints }}{{- else }} + selector: + {{- if .Values.kubeControllerManager.service.selector }} +{{ toYaml .Values.kubeControllerManager.service.selector | indent 4 }} + {{- else}} + component: kube-controller-manager + {{- end}} +{{- end }} + type: ClusterIP +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/exporters/kube-controller-manager/servicemonitor.yaml b/enterprise/prometheus/13.0.16/templates/exporters/kube-controller-manager/servicemonitor.yaml new file mode 100644 index 0000000000..d3f56c4991 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/exporters/kube-controller-manager/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.kubeControllerManager.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager +spec: + jobLabel: component + selector: + matchLabels: + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-controller-manager + namespaceSelector: + matchNames: + - {{ .Values.kubeControllerManager.namespace }} + endpoints: + - port: http-metrics + {{- if .Values.kubeControllerManager.serviceMonitor.interval }} + interval: {{ .Values.kubeControllerManager.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeControllerManager.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- if .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} + insecureSkipVerify: {{ .Values.kubeControllerManager.serviceMonitor.insecureSkipVerify }} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.serverName }} + serverName: {{ .Values.kubeControllerManager.serviceMonitor.serverName }} + {{- end }} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.kubeControllerManager.serviceMonitor.relabelings }} + relabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.kubeControllerManager.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/exporters/kube-scheduler/endpoints.yaml b/enterprise/prometheus/13.0.16/templates/exporters/kube-scheduler/endpoints.yaml new file mode 100644 index 0000000000..dde3d8b911 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/exporters/kube-scheduler/endpoints.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler + namespace: {{ .Values.kubeScheduler.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: kube-scheduler +subsets: + - addresses: + {{- range .Values.kubeScheduler.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: http-metrics + port: {{ .Values.kubeScheduler.service.port }} + protocol: TCP +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/exporters/kube-scheduler/service.yaml b/enterprise/prometheus/13.0.16/templates/exporters/kube-scheduler/service.yaml new file mode 100644 index 0000000000..aad5969f5f --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/exporters/kube-scheduler/service.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.kubeScheduler.enabled .Values.kubeScheduler.service.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler + namespace: {{ .Values.kubeScheduler.namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler +spec: + clusterIP: None + ports: + - name: http-metrics + port: {{ .Values.kubeScheduler.service.port}} + protocol: TCP + targetPort: {{ .Values.kubeScheduler.service.targetPort}} +{{- if .Values.kubeScheduler.endpoints }}{{- else }} + selector: + {{- if .Values.kubeScheduler.service.selector }} +{{ toYaml .Values.kubeScheduler.service.selector | indent 4 }} + {{- else}} + component: kube-scheduler + {{- end}} +{{- end }} + type: ClusterIP +{{- end -}} diff --git a/enterprise/prometheus/13.0.16/templates/exporters/kube-scheduler/servicemonitor.yaml b/enterprise/prometheus/13.0.16/templates/exporters/kube-scheduler/servicemonitor.yaml new file mode 100644 index 0000000000..7cbe29f86d --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/exporters/kube-scheduler/servicemonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.kubeScheduler.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kube-scheduler + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler +spec: + jobLabel: component + selector: + matchLabels: + app.kubernetes.io/component: {{ template "kube-prometheus.fullname" . }}-kube-scheduler + namespaceSelector: + matchNames: + - {{ .Values.kubeScheduler.namespace }} + endpoints: + - port: http-metrics + {{- if .Values.kubeScheduler.serviceMonitor.interval }} + interval: {{ .Values.kubeScheduler.serviceMonitor.interval }} + {{- end }} + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + {{- if .Values.kubeScheduler.serviceMonitor.https }} + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + {{- if .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} + insecureSkipVerify: {{ .Values.kubeScheduler.serviceMonitor.insecureSkipVerify }} + {{- end}} + {{- if .Values.kubeScheduler.serviceMonitor.serverName }} + serverName: {{ .Values.kubeScheduler.serviceMonitor.serverName }} + {{- end}} + {{- end}} + {{- if .Values.kubeScheduler.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.metricRelabelings "context" $) | nindent 6 }} + {{- end }} + {{- if .Values.kubeScheduler.serviceMonitor.relabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.kubeScheduler.serviceMonitor.relabelings "context" $) | nindent 6 }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/exporters/kubelet/servicemonitor.yaml b/enterprise/prometheus/13.0.16/templates/exporters/kubelet/servicemonitor.yaml new file mode 100644 index 0000000000..b109d78c45 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/exporters/kubelet/servicemonitor.yaml @@ -0,0 +1,85 @@ +{{- if .Values.kubelet.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.fullname" . }}-kubelet + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.labels" . | nindent 4 }} + app.kubernetes.io/component: kubelet +spec: + jobLabel: k8s-app + selector: + matchLabels: + k8s-app: kubelet + namespaceSelector: + matchNames: + - {{ .Values.kubelet.namespace }} + endpoints: + {{- if .Values.kubelet.serviceMonitor.https }} + - port: https-metrics + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + honorLabels: true + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + - port: https-metrics + path: /metrics/cadvisor + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + insecureSkipVerify: true + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + honorLabels: true + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} + relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }} + {{- end }} + {{- else }} + - port: http-metrics + scheme: http + tlsConfig: + insecureSkipVerify: false + honorLabels: true + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.kubelet.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + - port: http-metrics + path: /metrics/cadvisor + scheme: http + tlsConfig: + insecureSkipVerify: false + honorLabels: true + {{- if .Values.kubelet.serviceMonitor.interval }} + interval: {{ .Values.kubelet.serviceMonitor.interval }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.kubelet.serviceMonitor.cAdvisorRelabelings }} + relabelings: {{- toYaml .Values.kubelet.serviceMonitor.cAdvisorRelabelings | nindent 8 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/prometheus/_additionalPrometheusRules.tpl b/enterprise/prometheus/13.0.16/templates/prometheus/_additionalPrometheusRules.tpl new file mode 100644 index 0000000000..121048d87c --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/prometheus/_additionalPrometheusRules.tpl @@ -0,0 +1,15 @@ +{{- define "prometheus.prometheus.additionalprometheusrules" -}} +{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPrometheusRules}} + {{- range .Values.prometheus.additionalPrometheusRules }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "kube-prometheus.name" $ }}-{{ .name }} + namespace: {{ $.Release.Namespace }} + labels: {{ include "kube-prometheus.prometheus.labels" $ | nindent 4 }} +spec: + groups: {{- toYaml .groups | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/prometheus/_additionalScrapeJobs.tpl b/enterprise/prometheus/13.0.16/templates/prometheus/_additionalScrapeJobs.tpl new file mode 100644 index 0000000000..3c5f85140a --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/prometheus/_additionalScrapeJobs.tpl @@ -0,0 +1,13 @@ +{{- define "prometheus.prometheus.additionalscrapejobs" -}} +{{- if (and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") ) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +data: + scrape-jobs.yaml: {{ include "tc.v1.common.tplvalues.render" ( dict "value" .Values.prometheus.additionalScrapeConfigs.internal.jobList "context" $ ) | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/prometheus/_prometheus.tpl b/enterprise/prometheus/13.0.16/templates/prometheus/_prometheus.tpl new file mode 100644 index 0000000000..e4c20bc6eb --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/prometheus/_prometheus.tpl @@ -0,0 +1,363 @@ +{{- define "prometheus.prometheus.prometheus" -}} +{{- if .Values.prometheus.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.prometheus.replicaCount }} + serviceAccountName: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} + {{- if .Values.prometheus.serviceMonitorSelector }} + serviceMonitorSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorSelector "context" $) | nindent 4 }} + {{- else }} + serviceMonitorSelector: {} + {{- end }} + {{- if .Values.prometheus.podMonitorSelector }} + podMonitorSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorSelector "context" $) | nindent 4 }} + {{- else }} + podMonitorSelector: {} + {{- end }} + {{- if .Values.prometheus.probeSelector }} + probeSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.probeSelector "context" $) | nindent 4 }} + {{- else }} + probeSelector: {} + {{- end }} + {{- if .Values.prometheus.scrapeConfigSelector }} + scrapeConfigSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.scrapeConfigSelector "context" $) | nindent 4 }} + {{- else }} + scrapeConfigSelector: {} + {{- end }} + alerting: + alertmanagers: + {{- if .Values.prometheus.alertingEndpoints }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.alertingEndpoints "context" $) | nindent 6 }} + {{- else if .Values.alertmanager.enabled }} + - namespace: {{ .Release.Namespace }} + name: {{ template "kube-prometheus.alertmanager.fullname" . }} + port: http + pathPrefix: "{{ .Values.alertmanager.routePrefix }}" + {{- else }} + [] + {{- end }} + {{- if .Values.prometheus.image }} + image: {{ template "kube-prometheus.prometheus.image" . }} + {{- end }} + {{- if .Values.prometheus.externalLabels }} + externalLabels: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.externalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.prometheusExternalLabelNameClear }} + prometheusExternalLabelName: "" + {{- else if .Values.prometheus.prometheusExternalLabelName }} + prometheusExternalLabelName: "{{ .Values.prometheus.prometheusExternalLabelName }}" + {{- end }} + {{- if .Values.prometheus.replicaExternalLabelNameClear }} + replicaExternalLabelName: "" + {{- else if .Values.prometheus.replicaExternalLabelName }} + replicaExternalLabelName: "{{ .Values.prometheus.replicaExternalLabelName }}" + {{- end }} + {{- if index .Values.prometheus "externalUrl" }} + externalUrl: "{{ .Values.prometheus.externalUrl }}" + {{- else if and .Values.ingress.main.enabled .Values.ingress.main.hosts }} + externalUrl: {{ if .Values.ingress.main.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.main.hosts 0).name }}{{ .Values.prometheus.routePrefix }} + {{- else }} + externalUrl: http://{{ template "kube-prometheus.prometheus.fullname" . }}.{{ .Release.Namespace }}:9090{{ .Values.prometheus.routePrefix }} + {{- end }} + paused: {{ .Values.prometheus.paused }} + logLevel: {{ .Values.prometheus.logLevel }} + logFormat: {{ .Values.prometheus.logFormat }} + listenLocal: {{ .Values.prometheus.listenLocal }} + enableAdminAPI: {{ .Values.prometheus.enableAdminAPI }} + {{- if .Values.prometheus.enableFeatures }} + enableFeatures: + {{- range .Values.prometheus.enableFeatures }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.scrapeInterval }} + scrapeInterval: {{ .Values.prometheus.scrapeInterval }} + {{- end }} + {{- if .Values.prometheus.evaluationInterval }} + evaluationInterval: {{ .Values.prometheus.evaluationInterval }} + {{- end }} + {{- if .Values.prometheus.resources }} + resources: {{- toYaml .Values.prometheus.resources | nindent 4 }} + {{- end }} + retention: {{ .Values.prometheus.retention }} + {{- if .Values.prometheus.retentionSize }} + retentionSize: {{ .Values.prometheus.retentionSize }} + {{- end }} + {{- if .Values.prometheus.disableCompaction }} + disableCompaction: {{ .Values.prometheus.disableCompaction }} + {{- end }} + {{- if .Values.prometheus.walCompression }} + walCompression: {{ .Values.prometheus.walCompression }} + {{- end }} + portName: "{{ .Values.prometheus.portName }}" + routePrefix: "{{ .Values.prometheus.routePrefix }}" + {{- if .Values.prometheus.secrets }} + secrets: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.secrets "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.configMaps }} + configMaps: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.configMaps "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitorNamespaceSelector }} + serviceMonitorNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + serviceMonitorNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.podMonitorNamespaceSelector }} + podMonitorNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + podMonitorNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.probeNamespaceSelector }} + probeNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.probeNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + probeNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.scrapeConfigNamespaceSelector }} + scrapeConfigNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.scrapeConfigNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + scrapeConfigNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.remoteRead }} + remoteRead: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.remoteRead "context" $) | nindent 4 }} + {{- end }} + {{- with .Values.prometheus.remoteWrite }} + remoteWrite: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.podSecurityContext.enabled }} + securityContext: {{- omit .Values.prometheus.podSecurityContext "enabled" | toYaml | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.ruleNamespaceSelector }} + ruleNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.ruleNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + ruleNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.ruleSelector }} + ruleSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.ruleSelector "context" $) | nindent 4 }} + {{- else }} + ruleSelector: {} + {{- end }} + {{- if .Values.prometheus.storageSpec }} + storage: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.storageSpec "context" $) | nindent 4 }} + {{- else if .Values.prometheus.persistence.enabled }} + storage: + volumeClaimTemplate: + spec: + accessModes: + {{- range .Values.prometheus.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.prometheus.persistence.size | quote }} + {{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" . "objectData" .Values.prometheus.persistence )) | trim }} + storageClassName: {{ . }} + {{- end }} + {{- end }} + {{- if or .Values.prometheus.podMetadata.labels .Values.prometheus.podMetadata.annotations (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }} + podMetadata: + labels: + {{- if .Values.prometheus.podMetadata.labels }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.labels "context" $) | nindent 6 }} + {{- end }} + {{- if or (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }} + {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }} + {{- end }} + {{- if .Values.prometheus.podMetadata.annotations }} + annotations: + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.annotations "context" $) | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.querySpec }} + query: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.querySpec "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.affinity }} + affinity: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.affinity "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.nodeSelector }} + nodeSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.nodeSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.tolerations }} + tolerations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.tolerations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.volumes }} + volumes: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.volumes "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.volumeMounts }} + volumeMounts: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.volumeMounts "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.prometheus.additionalScrapeConfigs.enabled .Values.prometheus.additionalScrapeConfigsExternal.enabled }} + additionalScrapeConfigs: + {{- if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "external") }} + name: {{ .Values.prometheus.additionalScrapeConfigs.external.name }} + key: {{ .Values.prometheus.additionalScrapeConfigs.external.key }} + {{- else if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") }} + name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }} + key: scrape-jobs.yaml + {{- else if and (not .Values.prometheus.additionalScrapeConfigs.enabled) .Values.prometheus.additionalScrapeConfigsExternal.enabled }} + name: {{ .Values.prometheus.additionalScrapeConfigsExternal.name }} + key: {{ .Values.prometheus.additionalScrapeConfigsExternal.key }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.additionalAlertRelabelConfigsExternal.enabled }} + additionalAlertRelabelConfigs: + name: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.name }} + key: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.key }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }} + {{- if or .Values.prometheus.containers .Values.prometheus.thanos.create .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + containers: + {{- if .Values.prometheus.thanos.create }} + - name: thanos-sidecar + image: {{ template "kube-prometheus.prometheus.thanosImage" . }} + imagePullPolicy: {{ .Values.prometheus.thanos.image.pullPolicy }} + args: + - sidecar + - --prometheus.url={{ default "http://localhost:9090" .Values.prometheus.thanos.prometheusUrl }} + - --grpc-address=0.0.0.0:10901 + - --http-address=0.0.0.0:10902 + - --tsdb.path=/prometheus/ + {{- if .Values.prometheus.thanos.objectStorageConfig }} + - --objstore.config=$(OBJSTORE_CONFIG) + {{- end }} + {{- if .Values.prometheus.thanos.extraArgs }} + {{ toYaml .Values.prometheus.thanos.extraArgs | indent 8 | trim }} + {{- end }} + {{- if .Values.prometheus.thanos.objectStorageConfig }} + env: + - name: OBJSTORE_CONFIG + valueFrom: + secretKeyRef: + name: {{ .Values.prometheus.thanos.objectStorageConfig.secretName }} + key: {{ .Values.prometheus.thanos.objectStorageConfig.secretKey | default "thanos.yaml" }} + {{- end }} + {{- if .Values.prometheus.thanos.resources }} + resources: {{- toYaml .Values.prometheus.thanos.resources | nindent 8 }} + {{- end }} + ports: + - name: thanos + containerPort: 10901 + protocol: TCP + - name: http + containerPort: 10902 + protocol: TCP + volumeMounts: + - mountPath: /prometheus + name: prometheus-{{ template "kube-prometheus.prometheus.fullname" . }}-db + {{- if not (.Values.prometheus.storageSpec.disableMountSubPath | default (not .Values.prometheus.persistence.enabled)) }} + subPath: prometheus-db + {{- end }} + {{- if .Values.prometheus.thanos.extraVolumeMounts }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.thanos.extraVolumeMounts "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.thanos.containerSecurityContext.enabled }} + # yamllint disable rule:indentation + securityContext: {{- omit .Values.prometheus.thanos.containerSecurityContext "enabled" | toYaml | nindent 8 }} + # yamllint enable rule:indentation + {{- end }} + {{- if .Values.prometheus.thanos.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.prometheus.thanos.livenessProbe.path }} + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.thanos.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.thanos.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.thanos.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.thanos.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.thanos.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.prometheus.thanos.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.prometheus.thanos.readinessProbe.path }} + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.thanos.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.thanos.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.thanos.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.thanos.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.thanos.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if or .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.livenessProbe.enabled .Values.prometheus.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: prometheus + {{- if .Values.prometheus.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.prometheus.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.prometheus.livenessProbe.path }} + port: main + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.prometheus.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.prometheus.readinessProbe.path }} + port: main + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: config-reloader + {{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.containers }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.containers "context" $) | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.priorityClassName }} + priorityClassName: {{ .Values.prometheus.priorityClassName }} + {{- end }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/prometheus/_servicemonitor.tpl b/enterprise/prometheus/13.0.16/templates/prometheus/_servicemonitor.tpl new file mode 100644 index 0000000000..20744f2c92 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/prometheus/_servicemonitor.tpl @@ -0,0 +1,29 @@ +{{- define "prometheus.prometheus.servicemonitor" -}} +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +spec: + selector: + matchLabels: {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + {{- if .Values.prometheus.serviceMonitor.interval }} + interval: {{ .Values.prometheus.serviceMonitor.interval }} + {{- end }} + path: {{ trimSuffix "/" .Values.prometheus.routePrefix }}/metrics + {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.prometheus.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/prometheus/clusterrole.yaml b/enterprise/prometheus/13.0.16/templates/prometheus/clusterrole.yaml new file mode 100644 index 0000000000..ae96e2d45f --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/prometheus/clusterrole.yaml @@ -0,0 +1,41 @@ +{{- if .Values.prometheus.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - extensions + - "networking.k8s.io" + resources: + - ingresses + verbs: + - get + - list + - watch + - nonResourceURLs: + - "/metrics" + verbs: + - "get" +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/prometheus/clusterrolebinding.yaml b/enterprise/prometheus/13.0.16/templates/prometheus/clusterrolebinding.yaml new file mode 100644 index 0000000000..7ca10743f4 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/prometheus/clusterrolebinding.yaml @@ -0,0 +1,15 @@ +{{- if .Values.prometheus.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus.prometheus.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/enterprise/prometheus/13.0.16/templates/prometheus/serviceaccount.yaml b/enterprise/prometheus/13.0.16/templates/prometheus/serviceaccount.yaml new file mode 100644 index 0000000000..39539fc119 --- /dev/null +++ b/enterprise/prometheus/13.0.16/templates/prometheus/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} + {{- if index .Values.prometheus.serviceAccount "annotations" }} + annotations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . }} +{{- end }} diff --git a/operators/cloudnative-pg/2.0.11/values.yaml b/enterprise/prometheus/13.0.16/values.yaml similarity index 100% rename from operators/cloudnative-pg/2.0.11/values.yaml rename to enterprise/prometheus/13.0.16/values.yaml diff --git a/enterprise/traefik/21.1.7/CHANGELOG.md b/enterprise/traefik/21.1.7/CHANGELOG.md new file mode 100644 index 0000000000..345ecab18b --- /dev/null +++ b/enterprise/traefik/21.1.7/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [traefik-21.1.7](https://github.com/truecharts/charts/compare/traefik-21.1.6...traefik-21.1.7) (2023-11-08) + + + + +## [traefik-21.1.6](https://github.com/truecharts/charts/compare/traefik-21.1.5...traefik-21.1.6) (2023-11-08) + + + + +## [traefik-21.1.5](https://github.com/truecharts/charts/compare/traefik-21.1.4...traefik-21.1.5) (2023-11-08) + +### Chore + +- update helm general non-major ([#14454](https://github.com/truecharts/charts/issues/14454)) + + + + +## [traefik-21.1.4](https://github.com/truecharts/charts/compare/traefik-21.1.3...traefik-21.1.4) (2023-11-05) + +### Chore + +- update helm general non-major ([#14365](https://github.com/truecharts/charts/issues/14365)) + + + + +## [traefik-21.1.3](https://github.com/truecharts/charts/compare/traefik-21.1.2...traefik-21.1.3) (2023-11-03) + +### Chore + +- update helm general non-major ([#14287](https://github.com/truecharts/charts/issues/14287)) + + + + +## [traefik-21.1.2](https://github.com/truecharts/charts/compare/traefik-21.1.1...traefik-21.1.2) (2023-10-29) + +### Chore + +- Fix typo in categories and make them singular ([#13693](https://github.com/truecharts/charts/issues/13693)) + - update helm general non-major ([#14094](https://github.com/truecharts/charts/issues/14094)) + + + + +## [traefik-21.1.1](https://github.com/truecharts/charts/compare/traefik-21.1.0...traefik-21.1.1) (2023-10-27) + +### Fix + +- fix buffering middlewrae ([#14027](https://github.com/truecharts/charts/issues/14027)) + + + + +## [traefik-21.1.0](https://github.com/truecharts/charts/compare/traefik-21.0.9...traefik-21.1.0) (2023-10-27) + +### Feat + +- Add traefik-plugin-rewrite-headers ([#13961](https://github.com/truecharts/charts/issues/13961)) + + + + +## [traefik-21.0.9](https://github.com/truecharts/charts/compare/traefik-21.0.8...traefik-21.0.9) (2023-10-25) + +### Chore + +- update container image tccr.io/truecharts/traefik to v2.10.5 ([#13969](https://github.com/truecharts/charts/issues/13969)) + + + + +## [traefik-21.0.8](https://github.com/truecharts/charts/compare/traefik-21.0.7...traefik-21.0.8) (2023-10-12) + +### Chore + +- update container image tccr.io/truecharts/traefik to v2.10.5 ([#13534](https://github.com/truecharts/charts/issues/13534)) + - run precocmit ([#13387](https://github.com/truecharts/charts/issues/13387)) + + + + +## [traefik-21.0.7](https://github.com/truecharts/charts/compare/traefik-21.0.6...traefik-21.0.7) (2023-10-07) + +### Chore + +- update helm general non-major ([#13386](https://github.com/truecharts/charts/issues/13386)) + + + + diff --git a/enterprise/traefik/21.1.7/Chart.yaml b/enterprise/traefik/21.1.7/Chart.yaml new file mode 100644 index 0000000000..2a70f9e662 --- /dev/null +++ b/enterprise/traefik/21.1.7/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 +appVersion: "2.10.5" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 14.3.5 +deprecated: false +description: Traefik is a flexible reverse proxy and Ingress Provider. +home: https://truecharts.org/charts/enterprise/traefik +icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png +keywords: + - traefik + - ingress +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: traefik +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/traefik + - https://github.com/traefik/traefik + - https://github.com/traefik/traefik-helm-chart + - https://traefik.io/ +type: application +version: 21.1.7 +annotations: + truecharts.org/category: network + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/traefik/21.1.7/LICENSE b/enterprise/traefik/21.1.7/LICENSE new file mode 100644 index 0000000000..4139714f20 --- /dev/null +++ b/enterprise/traefik/21.1.7/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Traefik" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/traefik/21.1.7/README.md b/enterprise/traefik/21.1.7/README.md new file mode 100644 index 0000000000..f8a41e479f --- /dev/null +++ b/enterprise/traefik/21.1.7/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/traefik/21.1.7/app-changelog.md b/enterprise/traefik/21.1.7/app-changelog.md new file mode 100644 index 0000000000..fce072a699 --- /dev/null +++ b/enterprise/traefik/21.1.7/app-changelog.md @@ -0,0 +1,4 @@ + + +## [traefik-21.1.7](https://github.com/truecharts/charts/compare/traefik-21.1.6...traefik-21.1.7) (2023-11-08) + diff --git a/enterprise/traefik/21.1.7/app-readme.md b/enterprise/traefik/21.1.7/app-readme.md new file mode 100644 index 0000000000..02206fafcf --- /dev/null +++ b/enterprise/traefik/21.1.7/app-readme.md @@ -0,0 +1,8 @@ +Traefik is a flexible reverse proxy and Ingress Provider. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/traefik](https://truecharts.org/charts/enterprise/traefik) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/traefik/21.1.7/charts/common-14.3.5.tgz b/enterprise/traefik/21.1.7/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/enterprise/traefik/21.1.7/charts/common-14.3.5.tgz differ diff --git a/enterprise/traefik/21.1.7/crds/traefik.containo.us_ingressroutes.yaml b/enterprise/traefik/21.1.7/crds/traefik.containo.us_ingressroutes.yaml new file mode 100644 index 0000000000..a13de5922e --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.containo.us_ingressroutes.yaml @@ -0,0 +1,267 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutes.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: Kind defines the kind of the route. Rule is the + only supported kind. + enum: + - Rule + type: string + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule' + type: string + middlewares: + description: 'Middlewares defines the list of references to + Middleware resources. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-middleware' + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority' + type: integer + services: + description: Services defines the list of Service. It can contain + any combination of TraefikService and/or reference to a Kubernetes + Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client + Host header is forwarded to the upstream Kubernetes + Service. By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, + in milliseconds, in between flushes to the client + while copying the response body. A negative value + means to flush immediately after each write to the + client. This configuration is ignored when ReverseProxy + recognizes a response as a streaming response; for + such responses, writes are flushed to the client + immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the + request to the upstream Kubernetes Service. It defaults + to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only + be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round + Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' + properties: + name: + description: 'Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSOption. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: 'Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSStore. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.containo.us_ingressroutetcps.yaml b/enterprise/traefik/21.1.7/crds/traefik.containo.us_ingressroutetcps.yaml new file mode 100644 index 0000000000..37da83b344 --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.containo.us_ingressroutetcps.yaml @@ -0,0 +1,211 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutetcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteTCP holds the TCP route configuration. + properties: + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1' + type: string + middlewares: + description: Middlewares defines the list of references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority_1' + type: integer + services: + description: Services defines the list of TCP services. + items: + description: ServiceTCP defines an upstream TCP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + proxyProtocol: + description: 'ProxyProtocol defines the PROXY protocol + configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#proxy-protocol' + properties: + version: + description: Version defines the PROXY Protocol version + to use. + type: integer + type: object + terminationDelay: + description: TerminationDelay defines the deadline that + the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, + to close the reading capability as well, hence fully + terminating the connection. It is a duration in milliseconds, + defaulting to 100. A negative value means an infinite + deadline (i.e. the reading capability is never closed). + type: integer + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration on a layer 4 / TCP + Route. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls_1' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + passthrough: + description: Passthrough defines whether a TLS router will terminate + the TLS connection. + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.containo.us_ingressrouteudps.yaml b/enterprise/traefik/21.1.7/crds/traefik.containo.us_ingressrouteudps.yaml new file mode 100644 index 0000000000..2ba4dade6b --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.containo.us_ingressrouteudps.yaml @@ -0,0 +1,98 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressrouteudps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteUDP holds the UDP route configuration. + properties: + services: + description: Services defines the list of UDP services. + items: + description: ServiceUDP defines an upstream UDP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.containo.us_middlewares.yaml b/enterprise/traefik/21.1.7/crds/traefik.containo.us_middlewares.yaml new file mode 100644 index 0000000000..26cb51d2e6 --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.containo.us_middlewares.yaml @@ -0,0 +1,917 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewares.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareSpec defines the desired state of a Middleware. + properties: + addPrefix: + description: 'AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding + it. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/addprefix/' + properties: + prefix: + description: Prefix is the string to add before the current path + in the requested URL. It should include a leading slash (/). + type: string + type: object + basicAuth: + description: 'BasicAuth holds the basic auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: 'RemoveHeader sets the removeHeader option to true + to remove the authorization header before forwarding the request + to your service. Default: false.' + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + buffering: + description: 'Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can + be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#maxrequestbodybytes' + properties: + maxRequestBodyBytes: + description: 'MaxRequestBodyBytes defines the maximum allowed + body size for the request (in bytes). If the request exceeds + the allowed size, it is not forwarded to the service, and the + client gets a 413 (Request Entity Too Large) response. Default: + 0 (no maximum).' + format: int64 + type: integer + maxResponseBodyBytes: + description: 'MaxResponseBodyBytes defines the maximum allowed + response size from the service (in bytes). If the response exceeds + the allowed size, it is not forwarded to the client. The client + gets a 500 (Internal Server Error) response instead. Default: + 0 (no maximum).' + format: int64 + type: integer + memRequestBodyBytes: + description: 'MemRequestBodyBytes defines the threshold (in bytes) + from which the request will be buffered on disk instead of in + memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + memResponseBodyBytes: + description: 'MemResponseBodyBytes defines the threshold (in bytes) + from which the response will be buffered on disk instead of + in memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + retryExpression: + description: 'RetryExpression defines the retry conditions. It + is a logical combination of functions with operators AND (&&) + and OR (||). More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#retryexpression' + type: string + type: object + chain: + description: 'Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other + pieces of middleware. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/chain/' + properties: + middlewares: + description: Middlewares is the list of MiddlewareRef which composes + the chain. + items: + description: MiddlewareRef is a reference to a Middleware resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + checkPeriod: + anyOf: + - type: integer + - type: string + description: CheckPeriod is the interval between successive checks + of the circuit breaker condition (when in standby state). + x-kubernetes-int-or-string: true + expression: + description: Expression is the condition that triggers the tripped + state. + type: string + fallbackDuration: + anyOf: + - type: integer + - type: string + description: FallbackDuration is the duration for which the circuit + breaker will wait before trying to recover (from a tripped state). + x-kubernetes-int-or-string: true + recoveryDuration: + anyOf: + - type: integer + - type: string + description: RecoveryDuration is the duration for which the circuit + breaker will try to recover (as soon as it is in recovering + state). + x-kubernetes-int-or-string: true + type: object + compress: + description: 'Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the + client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/compress/' + properties: + excludedContentTypes: + description: ExcludedContentTypes defines the list of content + types to compare the Content-Type header of the incoming requests + and responses before compressing. + items: + type: string + type: array + minResponseBodyBytes: + description: 'MinResponseBodyBytes defines the minimum amount + of bytes a response body must have to be compressed. Default: + 1024.' + type: integer + type: object + contentType: + description: ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least + the default one can be changed in a future version. + properties: + autoDetect: + description: AutoDetect specifies whether to let the `Content-Type` + header, if it has not been set by the backend, be automatically + set to a value derived from the contents of the response. As + a proxy, the default behavior should be to leave the header + alone, regardless of what the backend did with it. However, + the historic default was to always auto-detect and set the header + if it was nil, and it is going to be kept that way in order + to support users currently relying on it. + type: boolean + type: object + digestAuth: + description: 'DigestAuth holds the digest auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/digestauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: RemoveHeader defines whether to remove the authorization + header before forwarding the request to the backend. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + errors: + description: 'ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according + to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/' + properties: + query: + description: Query defines the URL for the error page (hosted + by service). The {status} variable can be used in order to insert + the status code in the URL. + type: string + service: + description: 'Service defines the reference to a Kubernetes Service + that will serve the error page. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/#service' + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the + two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming + response; for such responses, writes are flushed to + the client immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes + Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can + be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported value + at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object (and + to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + description: Status defines which status or range of statuses + should result in an error page. It can be either a status code + as a number (500), as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), or + a combination of the two (404,418,500-599). + items: + type: string + type: array + type: object + forwardAuth: + description: 'ForwardAuth holds the forward auth middleware configuration. + This middleware delegates the request authentication to a Service. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/' + properties: + address: + description: Address defines the authentication server address. + type: string + authRequestHeaders: + description: AuthRequestHeaders defines the list of the headers + to copy from the request to the authentication server. If not + set or empty then all request headers are passed. + items: + type: string + type: array + authResponseHeaders: + description: AuthResponseHeaders defines the list of headers to + copy from the authentication server response and set on forwarded + request, replacing any existing conflicting headers. + items: + type: string + type: array + authResponseHeadersRegex: + description: 'AuthResponseHeadersRegex defines the regex to match + headers to copy from the authentication server response and + set on forwarded request, after stripping all headers that match + the regex. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/#authresponseheadersregex' + type: string + tls: + description: TLS defines the configuration used to secure the + connection to the authentication server. + properties: + caOptional: + type: boolean + caSecret: + description: CASecret is the name of the referenced Kubernetes + Secret containing the CA to validate the server certificate. + The CA certificate is extracted from key `tls.ca` or `ca.crt`. + type: string + certSecret: + description: CertSecret is the name of the referenced Kubernetes + Secret containing the client certificate. The client certificate + is extracted from the keys `tls.crt` and `tls.key`. + type: string + insecureSkipVerify: + description: InsecureSkipVerify defines whether the server + certificates should be validated. + type: boolean + type: object + trustForwardHeader: + description: 'TrustForwardHeader defines whether to trust (ie: + forward) all X-Forwarded-* headers.' + type: boolean + type: object + headers: + description: 'Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. More + info: https://doc.traefik.io/traefik/v2.9/middlewares/http/headers/#customrequestheaders' + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials defines whether the + request can include user credentials. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders defines the Access-Control-Request-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods defines the Access-Control-Request-Method + values sent in preflight response. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge defines the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader defines whether the Vary header is + automatically added/updated when the AccessControlAllowOriginList + is set. + type: boolean + allowedHosts: + description: AllowedHosts defines the fully qualified list of + allowed domain names. + items: + type: string + type: array + browserXssFilter: + description: BrowserXSSFilter defines whether to add the X-XSS-Protection + header with the value 1; mode=block. + type: boolean + contentSecurityPolicy: + description: ContentSecurityPolicy defines the Content-Security-Policy + header value. + type: string + contentTypeNosniff: + description: ContentTypeNosniff defines whether to add the X-Content-Type-Options + header with the nosniff value. + type: boolean + customBrowserXSSValue: + description: CustomBrowserXSSValue defines the X-XSS-Protection + header value. This overrides the BrowserXssFilter option. + type: string + customFrameOptionsValue: + description: CustomFrameOptionsValue defines the X-Frame-Options + header value. This overrides the FrameDeny option. + type: string + customRequestHeaders: + additionalProperties: + type: string + description: CustomRequestHeaders defines the header names and + values to apply to the request. + type: object + customResponseHeaders: + additionalProperties: + type: string + description: CustomResponseHeaders defines the header names and + values to apply to the response. + type: object + featurePolicy: + description: 'Deprecated: use PermissionsPolicy instead.' + type: string + forceSTSHeader: + description: ForceSTSHeader defines whether to add the STS header + even when the connection is HTTP. + type: boolean + frameDeny: + description: FrameDeny defines whether to add the X-Frame-Options + header with the DENY value. + type: boolean + hostsProxyHeaders: + description: HostsProxyHeaders defines the header keys that may + hold a proxied hostname value for the request. + items: + type: string + type: array + isDevelopment: + description: IsDevelopment defines whether to mitigate the unwanted + effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, + not your production domain. If you would like your development + environment to mimic production with complete Host blocking, + SSL redirects, and STS headers, leave this as false. + type: boolean + permissionsPolicy: + description: PermissionsPolicy defines the Permissions-Policy + header value. This allows sites to control browser features. + type: string + publicKey: + description: PublicKey is the public key that implements HPKP + to prevent MITM attacks with forged certificates. + type: string + referrerPolicy: + description: ReferrerPolicy defines the Referrer-Policy header + value. This allows sites to control whether browsers forward + the Referer header to other sites. + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + description: 'SSLProxyHeaders defines the header keys with associated + values that would indicate a valid HTTPS request. It can be + useful when using other proxies (example: "X-Forwarded-Proto": + "https").' + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + description: STSIncludeSubdomains defines whether the includeSubDomains + directive is appended to the Strict-Transport-Security header. + type: boolean + stsPreload: + description: STSPreload defines whether the preload flag is appended + to the Strict-Transport-Security header. + type: boolean + stsSeconds: + description: STSSeconds defines the max-age of the Strict-Transport-Security + header. If set to 0, the header is not set. + format: int64 + type: integer + type: object + inFlightReq: + description: 'InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and + served concurrently. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/' + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + in-flight request. The middleware responds with HTTP 429 Too + Many Requests if there are already amount requests in progress + (based on the same sourceCriterion strategy). + format: int64 + type: integer + sourceCriterion: + description: 'SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. More + info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/#sourcecriterion' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + ipWhiteList: + description: 'IPWhiteList holds the IP whitelist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration used + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + passTLSClientCert: + description: 'PassTLSClientCert holds the pass TLS client cert middleware + configuration. This middleware adds the selected data from the passed + client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/' + properties: + info: + description: Info selects the specific client certificate details + you want to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + issuer: + description: Issuer defines the client certificate issuer + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the issuer. + type: boolean + country: + description: Country defines whether to add the country + information into the issuer. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the issuer. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the issuer. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the issuer. + type: boolean + province: + description: Province defines whether to add the province + information into the issuer. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the issuer. + type: boolean + type: object + notAfter: + description: NotAfter defines whether to add the Not After + information from the Validity part. + type: boolean + notBefore: + description: NotBefore defines whether to add the Not Before + information from the Validity part. + type: boolean + sans: + description: Sans defines whether to add the Subject Alternative + Name information from the Subject Alternative Name part. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the client + serialNumber information. + type: boolean + subject: + description: Subject defines the client certificate subject + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the subject. + type: boolean + country: + description: Country defines whether to add the country + information into the subject. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the subject. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the subject. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the subject. + type: boolean + organizationalUnit: + description: OrganizationalUnit defines whether to add + the organizationalUnit information into the subject. + type: boolean + province: + description: Province defines whether to add the province + information into the subject. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the subject. + type: boolean + type: object + type: object + pem: + description: PEM sets the X-Forwarded-Tls-Client-Cert header with + the escaped certificate. + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/' + type: object + rateLimit: + description: 'RateLimit holds the rate limit configuration. This middleware + ensures that services will receive a fair amount of requests, and + allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ratelimit/' + properties: + average: + description: Average is the maximum rate, by default in requests/s, + allowed for the given source. It defaults to 0, which means + no rate limiting. The rate is actually defined by dividing Average + by Period. So for a rate below 1req/s, one needs to define a + Period larger than a second. + format: int64 + type: integer + burst: + description: Burst is the maximum number of requests allowed to + arrive in the same arbitrarily small period of time. It defaults + to 1. + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + description: 'Period, in combination with Average, defines the + actual maximum rate, such as: r = Average / Period. It defaults + to a second.' + x-kubernetes-int-or-string: true + sourceCriterion: + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote + address field (as an ipStrategy). + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + redirectRegex: + description: 'RedirectRegex holds the redirect regex middleware configuration. + This middleware redirects a request using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectregex/#regex' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + regex: + description: Regex defines the regex used to match and capture + elements from the request URL. + type: string + replacement: + description: Replacement defines how to modify the URL to have + the new target URL. + type: string + type: object + redirectScheme: + description: 'RedirectScheme holds the redirect scheme middleware + configuration. This middleware redirects requests from a scheme/port + to another. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectscheme/' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + port: + description: Port defines the port of the new URL. + type: string + scheme: + description: Scheme defines the scheme of the new URL. + type: string + type: object + replacePath: + description: 'ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the + original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepath/' + properties: + path: + description: Path defines the path to use as replacement in the + request URL. + type: string + type: object + replacePathRegex: + description: 'ReplacePathRegex holds the replace path regex middleware + configuration. This middleware replaces the path of a URL using + regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepathregex/' + properties: + regex: + description: Regex defines the regular expression used to match + and capture the path from the request URL. + type: string + replacement: + description: Replacement defines the replacement path format, + which can include captured variables. + type: string + type: object + retry: + description: 'Retry holds the retry middleware configuration. This + middleware reissues requests a given number of times to a backend + server if that server does not reply. As soon as the server answers, + the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/retry/' + properties: + attempts: + description: Attempts defines how many times the request should + be retried. + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + description: InitialInterval defines the first wait time in the + exponential backoff series. The maximum interval is calculated + as twice the initialInterval. If unspecified, requests will + be retried immediately. The value of initialInterval should + be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: 'StripPrefix holds the strip prefix middleware configuration. + This middleware removes the specified prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/' + properties: + forceSlash: + description: 'ForceSlash ensures that the resulting stripped path + is not the empty string, by replacing it with / when necessary. + Default: true.' + type: boolean + prefixes: + description: Prefixes defines the prefixes to strip from the request + URL. + items: + type: string + type: array + type: object + stripPrefixRegex: + description: 'StripPrefixRegex holds the strip prefix regex middleware + configuration. This middleware removes the matching prefixes from + the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefixregex/' + properties: + regex: + description: Regex defines the regular expression to match the + path prefix from the request URL. + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.containo.us_middlewaretcps.yaml b/enterprise/traefik/21.1.7/crds/traefik.containo.us_middlewaretcps.yaml new file mode 100644 index 0000000000..1f6eec9404 --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.containo.us_middlewaretcps.yaml @@ -0,0 +1,72 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewaretcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v2.9/middlewares/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + connections. The middleware closes the connection if there are + already amount connections opened. + format: int64 + type: integer + type: object + ipWhiteList: + description: IPWhiteList defines the IPWhiteList middleware configuration. + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.containo.us_serverstransports.yaml b/enterprise/traefik/21.1.7/crds/traefik.containo.us_serverstransports.yaml new file mode 100644 index 0000000000..afc0384965 --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.containo.us_serverstransports.yaml @@ -0,0 +1,128 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: serverstransports.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'ServersTransport is the CRD implementation of a ServersTransport. + If no serversTransport is specified, the default@internal will be used. + The default@internal serversTransport is created from the static configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#serverstransport_1' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServersTransportSpec defines the desired state of a ServersTransport. + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: DisableHTTP2 disables HTTP/2 for connections with backend + servers. + type: boolean + forwardingTimeouts: + description: ForwardingTimeouts defines the timeouts for requests + forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + itself. + x-kubernetes-int-or-string: true + pingTimeout: + anyOf: + - type: integer + - type: string + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + readIdleTimeout: + anyOf: + - type: integer + - type: string + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: InsecureSkipVerify disables SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. + type: integer + peerCertURI: + description: PeerCertURI defines the peer cert URI used to match against + SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to validate + self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact the + server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.containo.us_tlsoptions.yaml b/enterprise/traefik/21.1.7/crds/traefik.containo.us_tlsoptions.yaml new file mode 100644 index 0000000000..16ea46008b --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.containo.us_tlsoptions.yaml @@ -0,0 +1,113 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsoptions.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSOption is the CRD implementation of a Traefik TLS Option, + allowing to configure some parameters of the TLS connection. More info: + https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSOptionSpec defines the desired state of a TLSOption. + properties: + alpnProtocols: + description: 'ALPNProtocols defines the list of supported application + level protocols for the TLS handshake, in order of preference. More + info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols' + items: + type: string + type: array + cipherSuites: + description: 'CipherSuites defines the list of supported cipher suites + for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#cipher-suites' + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the server's policy for TLS Client + Authentication. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - RequireAnyClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretNames defines the names of the referenced Kubernetes + Secret storing certificate details. + items: + type: string + type: array + type: object + curvePreferences: + description: 'CurvePreferences defines the preferred elliptic curves + in a specific order. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#curve-preferences' + items: + type: string + type: array + maxVersion: + description: 'MaxVersion defines the maximum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: None.' + type: string + minVersion: + description: 'MinVersion defines the minimum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: VersionTLS10.' + type: string + preferServerCipherSuites: + description: 'PreferServerCipherSuites defines whether the server + chooses a cipher suite among his own instead of among the client''s. + It is enabled automatically when minVersion or maxVersion is set. + Deprecated: https://github.com/golang/go/issues/45430' + type: boolean + sniStrict: + description: SniStrict defines whether Traefik allows connections + from clients connections that do not specify a server_name extension. + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.containo.us_tlsstores.yaml b/enterprise/traefik/21.1.7/crds/traefik.containo.us_tlsstores.yaml new file mode 100644 index 0000000000..f6dfc6c8fb --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.containo.us_tlsstores.yaml @@ -0,0 +1,99 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsstores.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For + the time being, only the TLSStore named default is supported. This means + that you cannot have two stores that are named default in different Kubernetes + namespaces. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#certificates-stores' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSStoreSpec defines the desired state of a TLSStore. + properties: + certificates: + description: Certificates is a list of secret names, each secret holding + a key/certificate pair to add to the store. + items: + description: Certificate holds a secret name for the TLSStore resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + type: array + defaultCertificate: + description: DefaultCertificate defines the default certificate configuration. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + defaultGeneratedCert: + description: DefaultGeneratedCert defines the default generated certificate + configuration. + properties: + domain: + description: Domain is the domain definition for the DefaultCertificate. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain names. + items: + type: string + type: array + type: object + resolver: + description: Resolver is the name of the resolver that will be + used to issue the DefaultCertificate. + type: string + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.containo.us_traefikservices.yaml b/enterprise/traefik/21.1.7/crds/traefik.containo.us_traefikservices.yaml new file mode 100644 index 0000000000..358fdc1eab --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.containo.us_traefikservices.yaml @@ -0,0 +1,381 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: traefikservices.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: - Apply weight to Services on load-balancing + - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-traefikservice' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TraefikServiceSpec defines the desired state of a TraefikService. + properties: + mirroring: + description: Mirroring defines the Mirroring service configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + maxBodySize: + description: MaxBodySize defines the maximum size allowed for + the body of the request. If the body is larger, the request + is not mirrored. Default value is -1, which means unlimited + size. + format: int64 + type: integer + mirrors: + description: Mirrors defines the list of mirrors where Traefik + will duplicate the traffic. + items: + description: MirrorService holds the mirror configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + percent: + description: 'Percent defines the part of the traffic to + mirror. Supported values: 0 to 100.' + type: integer + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the two + is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client Host header + is forwarded to the upstream Kubernetes Service. By default, + passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. This + can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards the + response from the upstream Kubernetes Service to the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https when + Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy between + the servers. RoundRobin is the only supported value at the moment. + type: string + weight: + description: Weight defines the weight and should only be specified + when Name references a TraefikService object (and to be precise, + one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: Weighted defines the Weighted Round Robin configuration. + properties: + services: + description: Services defines the list of Kubernetes Service and/or + TraefikService to load-balance, with weight. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: 'Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.io_ingressroutes.yaml b/enterprise/traefik/21.1.7/crds/traefik.io_ingressroutes.yaml new file mode 100644 index 0000000000..89aaee7595 --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.io_ingressroutes.yaml @@ -0,0 +1,275 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutes.traefik.io +spec: + group: traefik.io + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: Kind defines the kind of the route. Rule is the + only supported kind. + enum: + - Rule + type: string + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule' + type: string + middlewares: + description: 'Middlewares defines the list of references to + Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware' + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority' + type: integer + services: + description: Services defines the list of Service. It can contain + any combination of TraefikService and/or reference to a Kubernetes + Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client + Host header is forwarded to the upstream Kubernetes + Service. By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, + in milliseconds, in between flushes to the client + while copying the response body. A negative value + means to flush immediately after each write to the + client. This configuration is ignored when ReverseProxy + recognizes a response as a streaming response; for + such responses, writes are flushed to the client + immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the + request to the upstream Kubernetes Service. It defaults + to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only + be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round + Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + name: + description: 'Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: 'Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.io_ingressroutetcps.yaml b/enterprise/traefik/21.1.7/crds/traefik.io_ingressroutetcps.yaml new file mode 100644 index 0000000000..82f61ac24f --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.io_ingressroutetcps.yaml @@ -0,0 +1,218 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutetcps.traefik.io +spec: + group: traefik.io + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteTCP holds the TCP route configuration. + properties: + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1' + type: string + middlewares: + description: Middlewares defines the list of references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1' + type: integer + services: + description: Services defines the list of TCP services. + items: + description: ServiceTCP defines an upstream TCP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + proxyProtocol: + description: 'ProxyProtocol defines the PROXY protocol + configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol' + properties: + version: + description: Version defines the PROXY Protocol version + to use. + type: integer + type: object + terminationDelay: + description: TerminationDelay defines the deadline that + the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, + to close the reading capability as well, hence fully + terminating the connection. It is a duration in milliseconds, + defaulting to 100. A negative value means an infinite + deadline (i.e. the reading capability is never closed). + type: integer + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration on a layer 4 / TCP + Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + passthrough: + description: Passthrough defines whether a TLS router will terminate + the TLS connection. + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.io_ingressrouteudps.yaml b/enterprise/traefik/21.1.7/crds/traefik.io_ingressrouteudps.yaml new file mode 100644 index 0000000000..27c50185d0 --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.io_ingressrouteudps.yaml @@ -0,0 +1,105 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressrouteudps.traefik.io +spec: + group: traefik.io + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteUDP holds the UDP route configuration. + properties: + services: + description: Services defines the list of UDP services. + items: + description: ServiceUDP defines an upstream UDP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.io_middlewares.yaml b/enterprise/traefik/21.1.7/crds/traefik.io_middlewares.yaml new file mode 100644 index 0000000000..5a4dc3640f --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.io_middlewares.yaml @@ -0,0 +1,924 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewares.traefik.io +spec: + group: traefik.io + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareSpec defines the desired state of a Middleware. + properties: + addPrefix: + description: 'AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding + it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/' + properties: + prefix: + description: Prefix is the string to add before the current path + in the requested URL. It should include a leading slash (/). + type: string + type: object + basicAuth: + description: 'BasicAuth holds the basic auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: 'RemoveHeader sets the removeHeader option to true + to remove the authorization header before forwarding the request + to your service. Default: false.' + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + buffering: + description: 'Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can + be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes' + properties: + maxRequestBodyBytes: + description: 'MaxRequestBodyBytes defines the maximum allowed + body size for the request (in bytes). If the request exceeds + the allowed size, it is not forwarded to the service, and the + client gets a 413 (Request Entity Too Large) response. Default: + 0 (no maximum).' + format: int64 + type: integer + maxResponseBodyBytes: + description: 'MaxResponseBodyBytes defines the maximum allowed + response size from the service (in bytes). If the response exceeds + the allowed size, it is not forwarded to the client. The client + gets a 500 (Internal Server Error) response instead. Default: + 0 (no maximum).' + format: int64 + type: integer + memRequestBodyBytes: + description: 'MemRequestBodyBytes defines the threshold (in bytes) + from which the request will be buffered on disk instead of in + memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + memResponseBodyBytes: + description: 'MemResponseBodyBytes defines the threshold (in bytes) + from which the response will be buffered on disk instead of + in memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + retryExpression: + description: 'RetryExpression defines the retry conditions. It + is a logical combination of functions with operators AND (&&) + and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression' + type: string + type: object + chain: + description: 'Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other + pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/' + properties: + middlewares: + description: Middlewares is the list of MiddlewareRef which composes + the chain. + items: + description: MiddlewareRef is a reference to a Middleware resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + checkPeriod: + anyOf: + - type: integer + - type: string + description: CheckPeriod is the interval between successive checks + of the circuit breaker condition (when in standby state). + x-kubernetes-int-or-string: true + expression: + description: Expression is the condition that triggers the tripped + state. + type: string + fallbackDuration: + anyOf: + - type: integer + - type: string + description: FallbackDuration is the duration for which the circuit + breaker will wait before trying to recover (from a tripped state). + x-kubernetes-int-or-string: true + recoveryDuration: + anyOf: + - type: integer + - type: string + description: RecoveryDuration is the duration for which the circuit + breaker will try to recover (as soon as it is in recovering + state). + x-kubernetes-int-or-string: true + type: object + compress: + description: 'Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the + client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/' + properties: + excludedContentTypes: + description: ExcludedContentTypes defines the list of content + types to compare the Content-Type header of the incoming requests + and responses before compressing. + items: + type: string + type: array + minResponseBodyBytes: + description: 'MinResponseBodyBytes defines the minimum amount + of bytes a response body must have to be compressed. Default: + 1024.' + type: integer + type: object + contentType: + description: ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least + the default one can be changed in a future version. + properties: + autoDetect: + description: AutoDetect specifies whether to let the `Content-Type` + header, if it has not been set by the backend, be automatically + set to a value derived from the contents of the response. As + a proxy, the default behavior should be to leave the header + alone, regardless of what the backend did with it. However, + the historic default was to always auto-detect and set the header + if it was nil, and it is going to be kept that way in order + to support users currently relying on it. + type: boolean + type: object + digestAuth: + description: 'DigestAuth holds the digest auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: RemoveHeader defines whether to remove the authorization + header before forwarding the request to the backend. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + errors: + description: 'ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according + to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/' + properties: + query: + description: Query defines the URL for the error page (hosted + by service). The {status} variable can be used in order to insert + the status code in the URL. + type: string + service: + description: 'Service defines the reference to a Kubernetes Service + that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service' + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the + two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if + the only child is the Kubernetes Service clusterIP. The + Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming + response; for such responses, writes are flushed to + the client immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes + Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can + be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported value + at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object (and + to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + description: Status defines which status or range of statuses + should result in an error page. It can be either a status code + as a number (500), as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), or + a combination of the two (404,418,500-599). + items: + type: string + type: array + type: object + forwardAuth: + description: 'ForwardAuth holds the forward auth middleware configuration. + This middleware delegates the request authentication to a Service. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/' + properties: + address: + description: Address defines the authentication server address. + type: string + authRequestHeaders: + description: AuthRequestHeaders defines the list of the headers + to copy from the request to the authentication server. If not + set or empty then all request headers are passed. + items: + type: string + type: array + authResponseHeaders: + description: AuthResponseHeaders defines the list of headers to + copy from the authentication server response and set on forwarded + request, replacing any existing conflicting headers. + items: + type: string + type: array + authResponseHeadersRegex: + description: 'AuthResponseHeadersRegex defines the regex to match + headers to copy from the authentication server response and + set on forwarded request, after stripping all headers that match + the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex' + type: string + tls: + description: TLS defines the configuration used to secure the + connection to the authentication server. + properties: + caOptional: + type: boolean + caSecret: + description: CASecret is the name of the referenced Kubernetes + Secret containing the CA to validate the server certificate. + The CA certificate is extracted from key `tls.ca` or `ca.crt`. + type: string + certSecret: + description: CertSecret is the name of the referenced Kubernetes + Secret containing the client certificate. The client certificate + is extracted from the keys `tls.crt` and `tls.key`. + type: string + insecureSkipVerify: + description: InsecureSkipVerify defines whether the server + certificates should be validated. + type: boolean + type: object + trustForwardHeader: + description: 'TrustForwardHeader defines whether to trust (ie: + forward) all X-Forwarded-* headers.' + type: boolean + type: object + headers: + description: 'Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. More + info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders' + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials defines whether the + request can include user credentials. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders defines the Access-Control-Request-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods defines the Access-Control-Request-Method + values sent in preflight response. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge defines the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader defines whether the Vary header is + automatically added/updated when the AccessControlAllowOriginList + is set. + type: boolean + allowedHosts: + description: AllowedHosts defines the fully qualified list of + allowed domain names. + items: + type: string + type: array + browserXssFilter: + description: BrowserXSSFilter defines whether to add the X-XSS-Protection + header with the value 1; mode=block. + type: boolean + contentSecurityPolicy: + description: ContentSecurityPolicy defines the Content-Security-Policy + header value. + type: string + contentTypeNosniff: + description: ContentTypeNosniff defines whether to add the X-Content-Type-Options + header with the nosniff value. + type: boolean + customBrowserXSSValue: + description: CustomBrowserXSSValue defines the X-XSS-Protection + header value. This overrides the BrowserXssFilter option. + type: string + customFrameOptionsValue: + description: CustomFrameOptionsValue defines the X-Frame-Options + header value. This overrides the FrameDeny option. + type: string + customRequestHeaders: + additionalProperties: + type: string + description: CustomRequestHeaders defines the header names and + values to apply to the request. + type: object + customResponseHeaders: + additionalProperties: + type: string + description: CustomResponseHeaders defines the header names and + values to apply to the response. + type: object + featurePolicy: + description: 'Deprecated: use PermissionsPolicy instead.' + type: string + forceSTSHeader: + description: ForceSTSHeader defines whether to add the STS header + even when the connection is HTTP. + type: boolean + frameDeny: + description: FrameDeny defines whether to add the X-Frame-Options + header with the DENY value. + type: boolean + hostsProxyHeaders: + description: HostsProxyHeaders defines the header keys that may + hold a proxied hostname value for the request. + items: + type: string + type: array + isDevelopment: + description: IsDevelopment defines whether to mitigate the unwanted + effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, + not your production domain. If you would like your development + environment to mimic production with complete Host blocking, + SSL redirects, and STS headers, leave this as false. + type: boolean + permissionsPolicy: + description: PermissionsPolicy defines the Permissions-Policy + header value. This allows sites to control browser features. + type: string + publicKey: + description: PublicKey is the public key that implements HPKP + to prevent MITM attacks with forged certificates. + type: string + referrerPolicy: + description: ReferrerPolicy defines the Referrer-Policy header + value. This allows sites to control whether browsers forward + the Referer header to other sites. + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + description: 'SSLProxyHeaders defines the header keys with associated + values that would indicate a valid HTTPS request. It can be + useful when using other proxies (example: "X-Forwarded-Proto": + "https").' + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + description: STSIncludeSubdomains defines whether the includeSubDomains + directive is appended to the Strict-Transport-Security header. + type: boolean + stsPreload: + description: STSPreload defines whether the preload flag is appended + to the Strict-Transport-Security header. + type: boolean + stsSeconds: + description: STSSeconds defines the max-age of the Strict-Transport-Security + header. If set to 0, the header is not set. + format: int64 + type: integer + type: object + inFlightReq: + description: 'InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and + served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/' + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + in-flight request. The middleware responds with HTTP 429 Too + Many Requests if there are already amount requests in progress + (based on the same sourceCriterion strategy). + format: int64 + type: integer + sourceCriterion: + description: 'SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. More + info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + ipWhiteList: + description: 'IPWhiteList holds the IP whitelist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration used + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + passTLSClientCert: + description: 'PassTLSClientCert holds the pass TLS client cert middleware + configuration. This middleware adds the selected data from the passed + client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/' + properties: + info: + description: Info selects the specific client certificate details + you want to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + issuer: + description: Issuer defines the client certificate issuer + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the issuer. + type: boolean + country: + description: Country defines whether to add the country + information into the issuer. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the issuer. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the issuer. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the issuer. + type: boolean + province: + description: Province defines whether to add the province + information into the issuer. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the issuer. + type: boolean + type: object + notAfter: + description: NotAfter defines whether to add the Not After + information from the Validity part. + type: boolean + notBefore: + description: NotBefore defines whether to add the Not Before + information from the Validity part. + type: boolean + sans: + description: Sans defines whether to add the Subject Alternative + Name information from the Subject Alternative Name part. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the client + serialNumber information. + type: boolean + subject: + description: Subject defines the client certificate subject + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the subject. + type: boolean + country: + description: Country defines whether to add the country + information into the subject. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the subject. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the subject. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the subject. + type: boolean + organizationalUnit: + description: OrganizationalUnit defines whether to add + the organizationalUnit information into the subject. + type: boolean + province: + description: Province defines whether to add the province + information into the subject. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the subject. + type: boolean + type: object + type: object + pem: + description: PEM sets the X-Forwarded-Tls-Client-Cert header with + the certificate. + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/' + type: object + rateLimit: + description: 'RateLimit holds the rate limit configuration. This middleware + ensures that services will receive a fair amount of requests, and + allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/' + properties: + average: + description: Average is the maximum rate, by default in requests/s, + allowed for the given source. It defaults to 0, which means + no rate limiting. The rate is actually defined by dividing Average + by Period. So for a rate below 1req/s, one needs to define a + Period larger than a second. + format: int64 + type: integer + burst: + description: Burst is the maximum number of requests allowed to + arrive in the same arbitrarily small period of time. It defaults + to 1. + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + description: 'Period, in combination with Average, defines the + actual maximum rate, such as: r = Average / Period. It defaults + to a second.' + x-kubernetes-int-or-string: true + sourceCriterion: + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote + address field (as an ipStrategy). + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + redirectRegex: + description: 'RedirectRegex holds the redirect regex middleware configuration. + This middleware redirects a request using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + regex: + description: Regex defines the regex used to match and capture + elements from the request URL. + type: string + replacement: + description: Replacement defines how to modify the URL to have + the new target URL. + type: string + type: object + redirectScheme: + description: 'RedirectScheme holds the redirect scheme middleware + configuration. This middleware redirects requests from a scheme/port + to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + port: + description: Port defines the port of the new URL. + type: string + scheme: + description: Scheme defines the scheme of the new URL. + type: string + type: object + replacePath: + description: 'ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the + original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/' + properties: + path: + description: Path defines the path to use as replacement in the + request URL. + type: string + type: object + replacePathRegex: + description: 'ReplacePathRegex holds the replace path regex middleware + configuration. This middleware replaces the path of a URL using + regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/' + properties: + regex: + description: Regex defines the regular expression used to match + and capture the path from the request URL. + type: string + replacement: + description: Replacement defines the replacement path format, + which can include captured variables. + type: string + type: object + retry: + description: 'Retry holds the retry middleware configuration. This + middleware reissues requests a given number of times to a backend + server if that server does not reply. As soon as the server answers, + the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/' + properties: + attempts: + description: Attempts defines how many times the request should + be retried. + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + description: InitialInterval defines the first wait time in the + exponential backoff series. The maximum interval is calculated + as twice the initialInterval. If unspecified, requests will + be retried immediately. The value of initialInterval should + be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: 'StripPrefix holds the strip prefix middleware configuration. + This middleware removes the specified prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/' + properties: + forceSlash: + description: 'ForceSlash ensures that the resulting stripped path + is not the empty string, by replacing it with / when necessary. + Default: true.' + type: boolean + prefixes: + description: Prefixes defines the prefixes to strip from the request + URL. + items: + type: string + type: array + type: object + stripPrefixRegex: + description: 'StripPrefixRegex holds the strip prefix regex middleware + configuration. This middleware removes the matching prefixes from + the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/' + properties: + regex: + description: Regex defines the regular expression to match the + path prefix from the request URL. + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.io_middlewaretcps.yaml b/enterprise/traefik/21.1.7/crds/traefik.io_middlewaretcps.yaml new file mode 100644 index 0000000000..8623568f5b --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.io_middlewaretcps.yaml @@ -0,0 +1,72 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewaretcps.traefik.io +spec: + group: traefik.io + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + connections. The middleware closes the connection if there are + already amount connections opened. + format: int64 + type: integer + type: object + ipWhiteList: + description: IPWhiteList defines the IPWhiteList middleware configuration. + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.io_serverstransports.yaml b/enterprise/traefik/21.1.7/crds/traefik.io_serverstransports.yaml new file mode 100644 index 0000000000..803b56395a --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.io_serverstransports.yaml @@ -0,0 +1,128 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: serverstransports.traefik.io +spec: + group: traefik.io + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'ServersTransport is the CRD implementation of a ServersTransport. + If no serversTransport is specified, the default@internal will be used. + The default@internal serversTransport is created from the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServersTransportSpec defines the desired state of a ServersTransport. + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: DisableHTTP2 disables HTTP/2 for connections with backend + servers. + type: boolean + forwardingTimeouts: + description: ForwardingTimeouts defines the timeouts for requests + forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + itself. + x-kubernetes-int-or-string: true + pingTimeout: + anyOf: + - type: integer + - type: string + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + readIdleTimeout: + anyOf: + - type: integer + - type: string + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: InsecureSkipVerify disables SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. + type: integer + peerCertURI: + description: PeerCertURI defines the peer cert URI used to match against + SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to validate + self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact the + server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.io_tlsoptions.yaml b/enterprise/traefik/21.1.7/crds/traefik.io_tlsoptions.yaml new file mode 100644 index 0000000000..b86fefe0e9 --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.io_tlsoptions.yaml @@ -0,0 +1,113 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsoptions.traefik.io +spec: + group: traefik.io + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSOption is the CRD implementation of a Traefik TLS Option, + allowing to configure some parameters of the TLS connection. More info: + https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSOptionSpec defines the desired state of a TLSOption. + properties: + alpnProtocols: + description: 'ALPNProtocols defines the list of supported application + level protocols for the TLS handshake, in order of preference. More + info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols' + items: + type: string + type: array + cipherSuites: + description: 'CipherSuites defines the list of supported cipher suites + for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites' + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the server's policy for TLS Client + Authentication. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - RequireAnyClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretNames defines the names of the referenced Kubernetes + Secret storing certificate details. + items: + type: string + type: array + type: object + curvePreferences: + description: 'CurvePreferences defines the preferred elliptic curves + in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences' + items: + type: string + type: array + maxVersion: + description: 'MaxVersion defines the maximum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: None.' + type: string + minVersion: + description: 'MinVersion defines the minimum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: VersionTLS10.' + type: string + preferServerCipherSuites: + description: 'PreferServerCipherSuites defines whether the server + chooses a cipher suite among his own instead of among the client''s. + It is enabled automatically when minVersion or maxVersion is set. + Deprecated: https://github.com/golang/go/issues/45430' + type: boolean + sniStrict: + description: SniStrict defines whether Traefik allows connections + from clients connections that do not specify a server_name extension. + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.io_tlsstores.yaml b/enterprise/traefik/21.1.7/crds/traefik.io_tlsstores.yaml new file mode 100644 index 0000000000..47b46854c8 --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.io_tlsstores.yaml @@ -0,0 +1,99 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsstores.traefik.io +spec: + group: traefik.io + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For + the time being, only the TLSStore named default is supported. This means + that you cannot have two stores that are named default in different Kubernetes + namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSStoreSpec defines the desired state of a TLSStore. + properties: + certificates: + description: Certificates is a list of secret names, each secret holding + a key/certificate pair to add to the store. + items: + description: Certificate holds a secret name for the TLSStore resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + type: array + defaultCertificate: + description: DefaultCertificate defines the default certificate configuration. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + defaultGeneratedCert: + description: DefaultGeneratedCert defines the default generated certificate + configuration. + properties: + domain: + description: Domain is the domain definition for the DefaultCertificate. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain names. + items: + type: string + type: array + type: object + resolver: + description: Resolver is the name of the resolver that will be + used to issue the DefaultCertificate. + type: string + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/crds/traefik.io_traefikservices.yaml b/enterprise/traefik/21.1.7/crds/traefik.io_traefikservices.yaml new file mode 100644 index 0000000000..0f3475bda4 --- /dev/null +++ b/enterprise/traefik/21.1.7/crds/traefik.io_traefikservices.yaml @@ -0,0 +1,402 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: traefikservices.traefik.io +spec: + group: traefik.io + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: - Apply weight to Services on load-balancing + - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TraefikServiceSpec defines the desired state of a TraefikService. + properties: + mirroring: + description: Mirroring defines the Mirroring service configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + maxBodySize: + description: MaxBodySize defines the maximum size allowed for + the body of the request. If the body is larger, the request + is not mirrored. Default value is -1, which means unlimited + size. + format: int64 + type: integer + mirrors: + description: Mirrors defines the list of mirrors where Traefik + will duplicate the traffic. + items: + description: MirrorService holds the mirror configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or + if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + percent: + description: 'Percent defines the part of the traffic to + mirror. Supported values: 0 to 100.' + type: integer + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the two + is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the + only child is the Kubernetes Service clusterIP. The Kubernetes + Service itself does load-balance to the pods. By default, NativeLB + is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host header + is forwarded to the upstream Kubernetes Service. By default, + passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. This + can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards the + response from the upstream Kubernetes Service to the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https when + Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy between + the servers. RoundRobin is the only supported value at the moment. + type: string + weight: + description: Weight defines the weight and should only be specified + when Name references a TraefikService object (and to be precise, + one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: Weighted defines the Weighted Round Robin configuration. + properties: + services: + description: Services defines the list of Kubernetes Service and/or + TraefikService to load-balance, with weight. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or + if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: 'Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/enterprise/traefik/21.1.7/ix_values.yaml b/enterprise/traefik/21.1.7/ix_values.yaml new file mode 100644 index 0000000000..d2c944889a --- /dev/null +++ b/enterprise/traefik/21.1.7/ix_values.yaml @@ -0,0 +1,457 @@ +image: + repository: tccr.io/truecharts/traefik + tag: v2.10.5@sha256:b277733b5b8d7f9d2761813d97e161c1f64ec77960f9c06adde13868efbc8dce + pullPolicy: IfNotPresent +manifestManager: + enabled: true +workload: + main: + replicas: 2 + strategy: RollingUpdate + podSpec: + containers: + main: + args: [] + probes: + # -- Liveness probe configuration + # @default -- See below + liveness: + # -- sets the probe type when not using a custom probe + # @default -- "TCP" + type: tcp + # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used + # @default -- "/" + # path: "/ping" + + # -- Readiness probe configuration + # @default -- See below + readiness: + # -- sets the probe type when not using a custom probe + # @default -- "TCP" + type: tcp + # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used + # @default -- "/" + # path: "/ping" + + # -- Startup probe configuration + # @default -- See below + startup: + # -- sets the probe type when not using a custom probe + # @default -- "TCP" + type: tcp + # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used + # @default -- "/" + # path: "/ping" + +# -- Options for all pods +# Can be overruled per pod +podOptions: + automountServiceAccountToken: true + +operator: + register: true + +# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x +ingressClass: + # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12 + enabled: false + isDefaultClass: false + # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1" + fallbackApiVersion: "" + +# -- Create an IngressRoute for the dashboard +ingressRoute: + dashboard: + enabled: true + # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) + annotations: {} + # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) + labels: {} +# +# -- Configure providers +providers: + kubernetesCRD: + enabled: true + namespaces: + [] + # - "default" + kubernetesIngress: + enabled: true + # labelSelector: environment=production,method=traefik + namespaces: + [] + # - "default" + # IP used for Kubernetes Ingress endpoints + publishedService: + enabled: true + # Published Kubernetes Service to copy status from. Format: namespace/servicename + # By default this Traefik service + # pathOverride: "" + +# -- Logs +# https://docs.traefik.io/observability/logs/ +logs: + # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). + general: + # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. + level: ERROR + # -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format + format: common + access: + # To enable access logs + enabled: false + # To write the logs in an asynchronous fashion, specify a bufferingSize option. + # This option represents the number of log lines Traefik will keep in memory before writing + # them to the selected output. In some cases, this option can greatly help performances. + # bufferingSize: 100 + # Filtering https://docs.traefik.io/observability/access-logs/#filtering + filters: + {} + # statuscodes: "200,300-302" + # retryattempts: true + # minduration: 10ms + # Fields + # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers + fields: + general: + defaultmode: keep + names: + {} + # Examples: + # ClientUsername: drop + headers: + defaultmode: drop + names: + {} + # Examples: + # User-Agent: redact + # Authorization: drop + # Content-Type: keep + # -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format + format: common + +metrics: + main: + enabled: false + type: servicemonitor + endpoints: + - port: metrics + path: /metrics + targetSelector: metrics + +globalArguments: + - "--global.checknewversion" + +## +# -- Additional arguments to be passed at Traefik's binary +# All available options available on https://docs.traefik.io/reference/static-configuration/cli/ +## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` +additionalArguments: + - "--serverstransport.insecureskipverify=true" + - "--providers.kubernetesingress.allowexternalnameservices=true" + +# -- TLS Options to be created as TLSOption CRDs +# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options +# Example: +tlsOptions: + default: + sniStrict: false + minVersion: VersionTLS12 + curvePreferences: + - CurveP521 + - CurveP384 + cipherSuites: + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + +# -- Options for the main traefik service, where the entrypoints traffic comes from +# from. +service: + main: + type: LoadBalancer + ports: + main: + port: 9000 + targetPort: 9000 + protocol: http + # -- Forwarded Headers should never be enabled on Main entrypoint + forwardedHeaders: + enabled: false + # -- Proxy Protocol should never be enabled on Main entrypoint + proxyProtocol: + enabled: false + tcp: + enabled: true + type: LoadBalancer + ports: + web: + enabled: true + port: 9080 + protocol: http + redirectTo: websecure + # Options: Empty, 0 (ingore), or positive int + # redirectPort: + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support + proxyProtocol: + enabled: false + # -- Only IPs in trustedIPs will lead to remote client address replacement + trustedIPs: [] + # -- Trust every incoming connection + insecureMode: false + websecure: + enabled: true + port: 9443 + protocol: https + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support + proxyProtocol: + enabled: false + # -- Only IPs in trustedIPs will lead to remote client address replacement + trustedIPs: [] + # -- Trust every incoming connection + insecureMode: false + # tcpexample: + # enabled: true + # targetPort: 9443 + # protocol: tcp + # tls: + # enabled: false + # # this is the name of a TLSOption definition + # options: "" + # certResolver: "" + # domains: [] + # # - main: example.com + # # sans: + # # - foo.example.com + # # - bar.example.com + metrics: + enabled: true + type: ClusterIP + ports: + metrics: + enabled: true + port: 9180 + targetPort: 9180 + protocol: http + # -- Forwarded Headers should never be enabled on Metrics entrypoint + forwardedHeaders: + enabled: false + # -- Proxy Protocol should never be enabled on Metrics entrypoint + proxyProtocol: + enabled: false + # udp: + # enabled: false + +# -- Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - traefik.containo.us + - traefik.io + resources: + - middlewares + - middlewaretcps + - ingressroutes + - traefikservices + - ingressroutetcps + - ingressrouteudps + - tlsoptions + - tlsstores + - serverstransports + verbs: + - get + - list + - watch + +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + enabled: true + primary: true + +# -- SCALE Middleware Handlers +middlewares: + basicAuth: [] + # - name: basicauthexample + # users: + # - username: testuser + # password: testpassword + forwardAuth: [] + # - name: forwardAuthexample + # address: https://auth.example.com/ + # authResponseHeaders: + # - X-Secret + # - X-Auth-User + # authRequestHeaders: + # - "Accept" + # - "X-CustomHeader" + # authResponseHeadersRegex: "^X-" + # trustForwardHeader: true + customRequestHeaders: [] + # - name: customRequestHeaderExample + # headers: + # - name: X-Custom-Header + # value: "foobar" + # - name: X-Header-To-Remove + # value: "" + customResponseHeaders: [] + # - name: customResponseHeaderExample + # headers: + # - name: X-Custom-Header + # value: "foobar" + # - name: X-Header-To-Remove + # value: "" + rewriteResponseHeaders: [] + # - name: rewriteResponseHeadersName + # headers: + # - name: "Location" + # regex: "^http://(.+)$" + # replacement: "https://$1" + # - name: "Date" + # regex: "^[^,]+,\\s*(.+)$" + # replacement: "$1" + customFrameOptionsValue: [] + # - name: customFrameOptionsValueExample + # value: "SAMEORIGIN" + buffering: [] + # - name: bufferingExample + # maxRequestBodyBytes: 1000000 + # memRequestBodyBytes: 1000000 + # maxResponseBodyBytes: 1000000 + # memResponseBodyBytes: 1000000 + # retryExpression: "IsNetworkError() && Attempts() < 2" + chain: [] + # - name: chainname + # middlewares: + # - name: compress + redirectScheme: [] + # - name: redirectSchemeName + # scheme: https + # permanent: true + rateLimit: [] + # - name: rateLimitName + # average: 300 + # burst: 200 + redirectRegex: [] + # - name: redirectRegexName + # regex: putregexhere + # replacement: replacementurlhere + # permanent: false + stripPrefixRegex: [] + # - name: stripPrefixRegexName + # regex: [] + ipWhiteList: [] + # - name: ipWhiteListName + # sourceRange: [] + # ipStrategy: + # depth: 2 + # excludedIPs: [] + themePark: [] + # - name: themeParkName + # -- Supported apps, lower case name + # -- https://docs.theme-park.dev/themes + # app: appnamehere + # -- Supported themes, lower case name + # -- https://docs.theme-park.dev/themes/APPNAMEHERE + # -- https://docs.theme-park.dev/community-themes + # theme: themenamehere + # -- https://theme-park.dev or a self hosted url + # baseUrl: https://theme-park.dev + # Sets X-Real-Ip with an IP from the X-Forwarded-For or + # Cf-Connecting-Ip (If from Cloudflare) + # Evaluation of those headers will go from last to first + realIP: [] + # - name: realIPName + # -- The real IP will be the first one that is + # -- not included in any of the CIDRs passed here + # excludedNetworks: + # - 1.1.1.1/24 + addPrefix: [] + # - name: addPrefixName + # prefix: "/foo" + geoBlock: [] + # -- https://github.com/PascalMinder/geoblock + # - name: geoBlockName + # allowLocalRequests: true + # logLocalRequests: false + # logAllowedRequests: false + # logApiRequests: false + # api: https://get.geojs.io/v1/ip/country/{ip} + # apiTimeoutMs: 500 + # cacheSize: 25 + # forceMonthlyUpdate: true + # allowUnknownCountries: false + # unknownCountryApiResponse: nil + # blackListMode: false + # countries: + # - RU + modsecurity: [] + # - name: modsecurityName + # modSecurityUrl: modSecurity container URL + # timeoutMillis: Configurated timeout + # maxBodySize: maxBodySize + ## Note: body of every request will be buffered in memory while the request is in-flight + ## (i.e.: during the security check and during the request processing by traefik and the backend), + ## so you may want to tune maxBodySize depending on how much RAM you have. + +portalhook: + enabled: true + +persistence: + plugins: + enabled: true + mountPath: "/plugins-storage" + type: emptyDir + +portal: + open: + enabled: true + path: /dashboard/ diff --git a/enterprise/traefik/21.1.7/questions.yaml b/enterprise/traefik/21.1.7/questions.yaml new file mode 100644 index 0000000000..3aac48533f --- /dev/null +++ b/enterprise/traefik/21.1.7/questions.yaml @@ -0,0 +1,2929 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + path: "$kubernetes-resource_configmap_tcportal-open_path" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + - variable: expertIngressClass + label: Expert Mode + group: App Configuration + description: | + Expert Mode contains settings like:
+ - IngressClass
+ schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: ingressClass + label: "ingressClass" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + description: "When enabled, ingressClass will match the entered name of this app" + schema: + type: boolean + default: false + - variable: isDefaultClass + label: "isDefaultClass" + schema: + type: boolean + show_if: [["enabled", "=", true]] + default: false + - variable: logs + label: "Logs" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log Level" + schema: + type: string + default: "ERROR" + enum: + - value: "INFO" + description: "Info" + - value: "WARN" + description: "Warnings" + - value: "ERROR" + description: "Errors" + - value: "FATAL" + description: "Fatal Errors" + - value: "PANIC" + description: "Panics" + - value: "DEBUG" + description: "Debug" + - variable: format + label: "General Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: access + label: "Access Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabledFilters + label: "Enable Filters" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filters + label: "Filters" + schema: + additional_attrs: true + type: dict + attrs: + - variable: statuscodes + label: "Status codes" + schema: + type: string + default: "200,300-302" + - variable: retryattempts + label: "retryattempts" + schema: + type: boolean + default: true + - variable: minduration + label: "minduration" + schema: + type: string + default: "10ms" + - variable: fields + label: "Fields" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "keep" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: headers + label: "Headers" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "drop" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: format + label: "Access Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: middlewares + label: "" + group: "Middlewares" + schema: + additional_attrs: true + type: dict + attrs: + - variable: basicAuth + label: basicAuth + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: users + label: Users + schema: + type: list + default: [] + items: + - variable: usersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: username + label: Username + schema: + type: string + required: true + default: "" + - variable: password + label: Password + schema: + type: string + required: true + default: "" + - variable: forwardAuth + label: forwardAuth + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: address + label: Address + schema: + type: string + required: true + default: "" + - variable: trustForwardHeader + label: trustForwardHeader + schema: + type: boolean + default: false + - variable: tls + label: TLS + schema: + additional_attrs: true + type: dict + attrs: + - variable: insecureSkipVerify + label: insecureSkipVerify (expert) + description: >- + This disables all TLS certificate validation on communications with the authentication endpoint. + This could be a security risk and should only be used if you know what you are doing. + schema: + type: boolean + default: false + - variable: authResponseHeadersRegex + label: authResponseHeadersRegex + schema: + type: string + default: "" + - variable: authResponseHeaders + label: authResponseHeaders + schema: + type: list + default: [] + items: + - variable: authResponseHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: authRequestHeaders + label: authRequestHeaders + schema: + type: list + default: [] + items: + - variable: authRequestHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: buffering + label: Buffering + schema: + type: list + default: [] + items: + - variable: bufferingEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: maxRequestBodyBytes + label: Max Request Body Bytes + description: Leave empty and it won't be set + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: memRequestBodyBytes + label: Mem Request Body Bytes + description: Leave empty and it won't be set + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: maxResponseBodyBytes + label: Max Response Body Bytes + description: Leave empty and it won't be set + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: memResponseBodyBytes + label: Mem Response Body Bytes + description: Leave empty and it won't be set + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: retryExpression + label: Retry Expression + description: Leave empty and it won't be set + schema: + type: string + default: "" + - variable: customRequestHeaders + label: Custom Request Headers + schema: + type: list + default: [] + items: + - variable: customRequestHeadersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: headers + label: Headers to Add + schema: + type: list + default: [] + items: + - variable: headersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Header Name + description: Name of custom header to be added to requests, eg. X-Custom-Header + schema: + valid_chars: ^[a-zA-Z0-9_\-]*$ + type: string + required: true + default: "" + - variable: value + label: Header Value + description: The value of the header. If the value is empty, the header will be removed. + schema: + type: string + default: "" + - variable: customResponseHeaders + label: Custom Response Headers + schema: + type: list + default: [] + items: + - variable: customResponseHeadersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: headers + label: Headers to Add + schema: + type: list + default: [] + items: + - variable: headersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Header Name + description: Name of custom header to be added to responses, eg. X-Custom-Header + schema: + valid_chars: ^[a-zA-Z0-9_\-]*$ + type: string + required: true + default: "" + - variable: value + label: Header Value + description: The value of the header. If the value is empty, the header will be removed. + schema: + type: string + default: "" + - variable: rewriteResponseHeaders + label: Rewrite Response Headers + schema: + type: list + default: [] + items: + - variable: rewriteResponseHeadersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: headers + label: Headers To Rewrite + schema: + type: list + default: [] + items: + - variable: headersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Header Name + description: Name of a header to modified in responses, eg. X-Custom-Header + schema: + valid_chars: ^[a-zA-Z0-9_\-]*$ + type: string + required: true + default: "" + - variable: regex + label: Regex + description: The value of the header to match. Accepts regex expression. + schema: + type: string + default: "" + - variable: replacement + label: Replacement Regex + description: The new value of the header. Accepts regex expression. + schema: + type: string + default: "" + - variable: customFrameOptionsValue + label: Custom Frame Options Value + schema: + type: list + default: [] + items: + - variable: customFrameOptionsValueEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: X-Frame-Options Header Value + description: The value of the header. + schema: + type: string + required: true + default: "" + - variable: chain + label: Chain + schema: + type: list + default: [] + items: + - variable: chainEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: middlewares + label: Middlewares to Chain + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: redirectScheme + label: redirectScheme + schema: + type: list + default: [] + items: + - variable: redirectSchemeEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: scheme + label: Scheme + schema: + type: string + required: true + default: https + enum: + - value: https + description: https + - value: http + description: http + - variable: permanent + label: Permanent + schema: + type: boolean + default: false + - variable: rateLimit + label: rateLimit + schema: + type: list + default: [] + items: + - variable: rateLimitEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: average + label: Average + schema: + type: int + required: true + default: 300 + - variable: burst + label: Burst + schema: + type: int + required: true + default: 200 + - variable: redirectRegex + label: redirectRegex + schema: + type: list + default: [] + items: + - variable: redirectRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: regex + label: Regex + schema: + type: string + required: true + default: "" + - variable: replacement + label: Replacement + schema: + type: string + required: true + default: "" + - variable: permanent + label: Permanent + schema: + type: boolean + default: false + - variable: stripPrefixRegex + label: stripPrefixRegex + schema: + type: list + default: [] + items: + - variable: stripPrefixRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: regex + label: Regex + schema: + type: list + default: [] + items: + - variable: regexEntry + label: Regex + schema: + type: string + required: true + default: "" + - variable: ipWhiteList + label: ipWhiteList + schema: + type: list + default: [] + items: + - variable: ipWhiteListEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: sourceRange + label: Source Range + schema: + type: list + default: [] + items: + - variable: sourceRangeEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: ipStrategy + label: IP Strategy + schema: + additional_attrs: true + type: dict + attrs: + - variable: depth + label: Depth + schema: + type: int + required: true + - variable: excludedIPs + label: Excluded IPs + schema: + type: list + default: [] + items: + - variable: excludedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: themePark + label: theme.park + schema: + type: list + default: [] + items: + - variable: themeParkEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to traefik-themepark + schema: + type: string + required: true + default: "" + - variable: appName + label: App Name + description: Lower case, name of the app to be themed. +
Go to https://docs.theme-park.dev/themes/ to see supported apps. + schema: + type: string + required: true + default: "" + - variable: themeName + label: Theme Name + description: Lower case, name of the theme to be applied. +
Go to https://docs.theme-park.dev/theme-options/ to see supported themes. + schema: + type: string + required: true + default: "" + - variable: baseUrl + label: Base URL + description: Replace `https://theme-park.dev` URL for self-hosting reference. + schema: + type: string + required: true + default: https://theme-park.dev + - variable: addons + label: Addons + schema: + type: list + default: [] + items: + - variable: addonEntry + label: Addon + description: Currently only supports 'darker' and '4k-logo' for *arr apps. +
Go to https://docs.theme-park.dev/themes/addons/ for Addon information. +
Go to https://github.com/packruler/traefik-themepark for more context on plugin + schema: + type: string + required: true + default: "" + - variable: realIP + label: Real IP + schema: + type: list + default: [] + items: + - variable: realIPEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: excludedNetworks + label: Excluded Networks + schema: + type: list + default: [] + items: + - variable: excludedNetEntry + label: Excluded Network Entry + description: Network to exclude setting it to X-Real-Ip + schema: + type: string + required: true + default: "" + - variable: geoBlock + label: GeoBlock + schema: + type: list + default: [] + items: + - variable: geoBlockEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to geoblock + schema: + type: string + required: true + default: "" + - variable: allowLocalRequests + label: Allow Local Requests + description: If set to true, will not block request from Private IP Ranges + schema: + type: boolean + default: true + - variable: logLocalRequests + label: Log Local Requests + description: If set to true, will log every connection from any IP in the private IP range + schema: + type: boolean + default: false + - variable: logAllowedRequests + label: Log Allowed Requests + description: If set to true, will show a log message with the IP and the country of origin if a request is allowed. + schema: + type: boolean + default: false + - variable: logApiRequests + label: Log API Requests + description: If set to true, will show a log message for every API hit. + schema: + type: boolean + default: false + - variable: api + label: API + description: Defines the API URL for the IP to Country resolution. The IP to fetch can be added with {ip} to the URL. + schema: + type: string + required: true + default: https://get.geojs.io/v1/ip/country/{ip} + - variable: apiTimeoutMs + label: API Timeout in ms + description: Timeout for the call to the api uri. + schema: + type: int + required: true + default: 500 + - variable: cacheSize + label: Cache Size + description: Defines the max size of the LRU (least recently used) cache. + schema: + type: int + required: true + default: 25 + - variable: forceMonthlyUpdate + label: Force Monthly Update + description: Even if an IP stays in the cache for a period of a month (about 30 x 24 hours), it must be fetch again after a month. + schema: + type: boolean + default: true + - variable: allowUnknownCountries + label: Allow Unknown Countries + description: Some IP addresses have no country associated with them. If this option is set to true, all IPs with no associated country are also allowed. + schema: + type: boolean + default: false + - variable: unknownCountryApiResponse + label: Unknown Countries API Response + description: The API uri can be customized. This options allows to customize the response string of the API when a IP with no associated country is requested. + schema: + type: string + required: true + default: nil + - variable: blackListMode + label: Blacklist Mode + description: When set to true the filter logic is inverted, i.e. requests originating from countries listed in the countries list are blocked. + schema: + type: boolean + default: false + - variable: countries + description: Country codes (2 characters) from which connections to the service should be allowed or blocked, based on the mode. + label: Countries + schema: + type: list + default: [] + items: + - variable: countryEntry + label: Country + description: Country codes (2 characters) from which connections to the service should be allowed or blocked, based on the mode. + schema: + type: string + required: true + # Allow only 2 Characters + valid_chars: '^[a-zA-Z]{2}$' + default: "" + - variable: addPrefix + label: Add Prefix + schema: + type: list + default: [] + items: + - variable: addPrefixEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: prefix + label: Prefix + schema: + type: string + required: true + default: "" + - variable: modsecurity + label: modsecurity + schema: + type: list + default: [] + items: + - variable: modsecurityEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to traefik-modsecurity-plugin + schema: + type: string + required: true + default: "" + - variable: modSecurityUrl + label: ModSecurity Url + description: It's the URL for the owasp/modsecurity container. + schema: + type: string + required: true + default: "https://someurl" + - variable: timeoutMillis + label: timeout Millis + description: timeout in milliseconds for the http client to talk with modsecurity container. ( + schema: + type: int + required: true + default: 2 + - variable: maxBodySize + label: maxBody Size + description: it's the maximum limit for requests body size. Requests exceeding this value will be rejected using HTTP 413 Request Entity Too Large. Zero means "use default value". + schema: + type: int + required: true + default: 0 + - variable: service + group: "Networking and Services" + label: "Configure Service Entrypoint" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9000 + required: true + - variable: tcp + label: "TCP Service" + description: "The tcp Entrypoint service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: web + label: "web Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9080 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + default: "websecure" + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: websecure + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9443 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + hidden: true + - variable: portsList + label: "Additional TCP Entrypoints" + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: "Custom Entrypoints" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Entrypoints Name" + schema: + type: string + default: "" + - variable: protocol + label: "Entrypoints Type" + schema: + type: string + default: "tcp" + enum: + - value: http + description: "HTTP" + - value: "https" + description: "HTTPS" + - value: tcp + description: "TCP" + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + required: true + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + show_if: [["advanced", "=", true]] + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + show_if: [["advanced", "=", true]] + default: false + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: certificateIssuer + label: certificateIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true + - variable: metrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: prometheusRule + label: PrometheusRule + description: Enable and configure Prometheus Rules for the App. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + # TODO: Rule List section +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/operators/prometheus-operator/1.0.12/templates/NOTES.txt b/enterprise/traefik/21.1.7/templates/NOTES.txt similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/NOTES.txt rename to enterprise/traefik/21.1.7/templates/NOTES.txt diff --git a/enterprise/traefik/21.1.7/templates/_args.tpl b/enterprise/traefik/21.1.7/templates/_args.tpl new file mode 100644 index 0000000000..06e39a4689 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/_args.tpl @@ -0,0 +1,194 @@ +{{/* Define the args */}} +{{- define "traefik.args" -}} +args: + {{/* merge all ports */}} + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{/* start of actual arguments */}} + {{- with .Values.globalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- range $name, $config := $ports }} + {{- if $config }} + {{- if or ( eq $config.protocol "http" ) ( eq $config.protocol "https" ) ( eq $config.protocol "tcp" ) }} + {{- $_ := set $config "protocol" "tcp" }} + {{- end }} + - "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}" + {{- end }} + {{- end }} + - "--api.dashboard=true" + - "--ping=true" + {{- if .Values.traefikMetrics }} + {{- if .Values.traefikMetrics.datadog }} + - "--metrics.datadog=true" + - "--metrics.datadog.address={{ .Values.traefikMetrics.datadog.address }}" + {{- end }} + {{- if .Values.traefikMetrics.influxdb }} + - "--metrics.influxdb=true" + - "--metrics.influxdb.address={{ .Values.traefikMetrics.influxdb.address }}" + - "--metrics.influxdb.protocol={{ .Values.traefikMetrics.influxdb.protocol }}" + {{- end }} + {{- if .Values.traefikMetrics.statsd }} + - "--metrics.statsd=true" + - "--metrics.statsd.address={{ .Values.traefikMetrics.statsd.address }}" + {{- if or .Values.traefikMetrics.prometheus }} + - "--metrics.prometheus=true" + - "--metrics.prometheus.entrypoint=metrics" + {{- end }} + {{- end }} + {{- end }} + {{- if or .Values.metrics.main.enabled }} + - "--metrics.prometheus=true" + - "--metrics.prometheus.entrypoint=metrics" + {{- end }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress" + {{- if .Values.providers.kubernetesIngress.publishedService.enabled }} + - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.labelSelector }} + - "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}" + {{- end }} + {{- end }} + {{- if and .Values.rbac.enabled .Values.rbac.namespaced }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}" + {{- end }} + {{- end }} + {{- if $.Values.ingressClass.enabled }} + - "--providers.kubernetesingress.ingressclass={{ .Release.Name }}" + {{- end }} + {{- range $entrypoint, $config := $ports }} + {{/* add args for proxyProtocol support */}} + {{- if $config.proxyProtocol }} + {{- if $config.proxyProtocol.enabled }} + {{- if $config.proxyProtocol.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure" + {{- end }} + {{- if not ( empty $config.proxyProtocol.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}" + {{- end }} + {{- end }} + {{- end }} + {{/* add args for forwardedHeaders support */}} + {{- if $config.forwardedHeaders.enabled }} + {{- if not ( empty $config.forwardedHeaders.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}" + {{- end }} + {{- if $config.forwardedHeaders.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure" + {{- end }} + {{- end }} + {{/* end forwardedHeaders configuration */}} + {{- if $config.redirectTo }} + {{- $toPort := index $ports $config.redirectTo }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- else if $config.redirectPort }} + {{ if gt $config.redirectPort 0.0 }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- end }} + {{- end }} + {{- if or ( $config.tls ) ( eq $config.protocol "https" ) }} + {{- if or ( $config.tls.enabled ) ( eq $config.protocol "https" ) }} + - "--entrypoints.{{ $entrypoint }}.http.tls=true" + {{- if $config.tls.options }} + - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}" + {{- end }} + {{- if $config.tls.certResolver }} + - "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}" + {{- end }} + {{- if $config.tls.domains }} + {{- range $index, $domain := $config.tls.domains }} + {{- if $domain.main }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}" + {{- end }} + {{- if $domain.sans }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}" + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.logs }} + - "--log.format={{ .general.format }}" + {{- if ne .general.level "ERROR" }} + - "--log.level={{ .general.level | upper }}" + {{- end }} + {{- if .access.enabled }} + - "--accesslog=true" + - "--accesslog.format={{ .access.format }}" + {{- if .access.bufferingsize }} + - "--accesslog.bufferingsize={{ .access.bufferingsize }}" + {{- end }} + {{- if .access.filters }} + {{- if .access.filters.statuscodes }} + - "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}" + {{- end }} + {{- if .access.filters.retryattempts }} + - "--accesslog.filters.retryattempts" + {{- end }} + {{- if .access.filters.minduration }} + - "--accesslog.filters.minduration={{ .access.filters.minduration }}" + {{- end }} + {{- end }} + - "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.general.names }} + - "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + - "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.headers.names }} + - "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + {{- end }} + {{- end }} + {{/* + For new plugins, add them on the container also + https://github.com/truecharts/containers/blob/master/mirror/traefik/Dockerfile + moduleName must match on the container and here + */}} + {{- if .Values.middlewares.themePark }} + {{/* theme.park */}} + - "--experimental.localPlugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark" + {{- end }} + {{/* End of theme.park */}} + {{/* GeoBlock */}} + {{- if .Values.middlewares.geoBlock }} + - "--experimental.localPlugins.GeoBlock.modulename=github.com/PascalMinder/geoblock" + {{- end }} + {{/* End of GeoBlock */}} + {{/* RealIP */}} + {{- if .Values.middlewares.realIP }} + - "--experimental.localPlugins.traefik-real-ip.modulename=github.com/jramsgz/traefik-real-ip" + {{- end }} + {{/* End of RealIP */}} + {{/* ModSecurity */}} + {{- if .Values.middlewares.modsecurity }} + - "--experimental.localPlugins.traefik-modsecurity-plugin.modulename=github.com/acouvreur/traefik-modsecurity-plugin" + {{- end }} + {{/* End of ModSecurity */}} + {{/* RewriteResponseHeaders */}} + {{- if .Values.middlewares.rewriteResponseHeaders }} + - "--experimental.localPlugins.rewriteResponseHeaders.modulename=github.com/XciD/traefik-plugin-rewrite-headers" + {{- end }} + {{/* End of RewriteResponseHeaders */}} + {{- with .Values.additionalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/_helpers.tpl b/enterprise/traefik/21.1.7/templates/_helpers.tpl new file mode 100644 index 0000000000..1345dcea39 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* +Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice. +By convention this will simply use the / to match the name of the +service generated. +Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride` +*/}} +{{- define "providers.kubernetesIngress.publishedServicePath" -}} +{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}} +{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}} +{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }} +{{- print $servicePath | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct a comma-separated list of whitelisted namespaces +*/}} +{{- define "providers.kubernetesIngress.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }} +{{- end -}} +{{- define "providers.kubernetesCRD.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/_ingressclass.tpl b/enterprise/traefik/21.1.7/templates/_ingressclass.tpl new file mode 100644 index 0000000000..4213783865 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/_ingressclass.tpl @@ -0,0 +1,24 @@ +{{/* Define the ingressClass */}} +{{- define "traefik.ingressClass" -}} +--- +{{ if $.Values.ingressClass.enabled }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }} +apiVersion: networking.k8s.io/v1 + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }} +apiVersion: networking.k8s.io/v1beta1 + {{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }} +apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }} + {{- else }} + {{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }} + {{- end }} +kind: IngressClass +metadata: + annotations: + ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }} + labels: + {{- include "tc.v1.common.lib.metadata.allLabels" . | nindent 4 }} + name: {{ .Release.Name }} +spec: + controller: traefik.io/ingress-controller +{{- end }} +{{- end }} diff --git a/enterprise/traefik/21.1.7/templates/_ingressroute.tpl b/enterprise/traefik/21.1.7/templates/_ingressroute.tpl new file mode 100644 index 0000000000..bf235761f8 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/_ingressroute.tpl @@ -0,0 +1,34 @@ +{{/* Define the ingressRoute */}} +{{- define "traefik.ingressRoute" -}} +{{ if .Values.ingressRoute.dashboard.enabled }} + +{{- $ingressRouteLabels := .Values.ingressRoute.dashboard.labels -}} +{{- $ingressRouteAnnotations := .Values.ingressRoute.dashboard.annotations -}} + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}-dashboard + {{- $labels := (mustMerge ($ingressRouteLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge ($ingressRouteAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} + +spec: + entryPoints: + - main + routes: + - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`) + kind: Rule + services: + - name: api@internal + kind: TraefikService +{{ end }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/_portalhook.tpl b/enterprise/traefik/21.1.7/templates/_portalhook.tpl new file mode 100644 index 0000000000..ec69a695ca --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/_portalhook.tpl @@ -0,0 +1,24 @@ +{{/* Define the portalHook */}} +{{- define "traefik.portalhook" -}} +{{- if .Values.portalhook.enabled -}} + {{- $name := "portalhook" -}} + {{- if $.Values.ingressClass.enabled -}} + {{- $name = printf "portalhook-%v" .Release.Name -}} + {{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $name }} +data: + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{- range $name, $value := $ports }} + {{ $name }}: {{ $value.port | quote }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/_tlsoptions.tpl b/enterprise/traefik/21.1.7/templates/_tlsoptions.tpl new file mode 100644 index 0000000000..4194e513cd --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/_tlsoptions.tpl @@ -0,0 +1,12 @@ +{{/* Define the tlsOptions */}} +{{- define "traefik.tlsOptions" -}} +{{- range $name, $config := .Values.tlsOptions }} +--- +apiVersion: traefik.io/v1alpha1 +kind: TLSOption +metadata: + name: {{ $name }} +spec: + {{- toYaml $config | nindent 2 }} +{{- end }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/common.yaml b/enterprise/traefik/21.1.7/templates/common.yaml new file mode 100644 index 0000000000..d70a9887a4 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/common.yaml @@ -0,0 +1,23 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- $newArgs := (include "traefik.args" . | fromYaml) }} +{{- $_ := set .Values "newArgs" $newArgs -}} +{{- $mergedargs := concat $.Values.workload.main.podSpec.containers.main.args .Values.newArgs.args }} +{{- $_ := set $.Values.workload.main.podSpec.containers.main "args" $mergedargs -}} + +{{- include "traefik.portalhook" . }} +{{- include "traefik.tlsOptions" . }} +{{- include "traefik.ingressRoute" . }} +{{- include "traefik.ingressClass" . }} + +{{- with .Values.ingress -}} + {{- with .main -}} + {{- if .enabled -}} + {{- $_ := set $.Values.portal.open.override "protocol" "https" -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/addPrefix.yaml b/enterprise/traefik/21.1.7/templates/middlewares/addPrefix.yaml new file mode 100644 index 0000000000..4713823364 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/addPrefix.yaml @@ -0,0 +1,12 @@ +{{- range $index, $middlewareData := .Values.middlewares.addPrefix }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + addPrefix: + prefix: {{ $middlewareData.prefix }} +{{- end }} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/basic-middleware.yaml b/enterprise/traefik/21.1.7/templates/middlewares/basic-middleware.yaml new file mode 100644 index 0000000000..ef4671254e --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/basic-middleware.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + compress: {} +--- +# Here, an average of 300 requests per second is allowed. +# In addition, a burst of 200 requests is allowed. +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + rateLimit: + average: 600 + burst: 400 +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + server: '' +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-chain-basic" $.Release.Name) "chain-basic" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/basicauth.yaml b/enterprise/traefik/21.1.7/templates/middlewares/basicauth.yaml new file mode 100644 index 0000000000..1bbdc462b3 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/basicauth.yaml @@ -0,0 +1,30 @@ +{{- range $index, $middlewareData := .Values.middlewares.basicAuth -}} + + {{- $users := list -}} + {{- range $index, $userdata := $middlewareData.users -}} + {{- $users = append $users (htpasswd $userdata.username $userdata.password) -}} + {{- end }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%v-%v" $middlewareData.name "secret" }} + namespace: {{ $.Release.Namespace }} +type: Opaque +stringData: + users: | + {{- range $index, $user := $users }} + {{ printf "%s" $user }} + {{- end }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + basicAuth: + secret: {{ printf "%v-%v" $middlewareData.name "secret" }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/buffering.yaml b/enterprise/traefik/21.1.7/templates/middlewares/buffering.yaml new file mode 100644 index 0000000000..eade09784e --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/buffering.yaml @@ -0,0 +1,26 @@ +{{- range $index, $middlewareData := .Values.middlewares.buffering }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + buffering: {{/* Only render if its not and has a value of 0 or greater */}} + {{- if and (not (kindIs "invalid" $middlewareData.maxRequestBodyBytes)) (ge ($middlewareData.maxRequestBodyBytes | int) 0) }} + maxRequestBodyBytes: {{ $middlewareData.maxRequestBodyBytes }} + {{- end -}} + {{- if and (not (kindIs "invalid" $middlewareData.memRequestBodyBytes)) (ge ($middlewareData.memRequestBodyBytes | int) 0) }} + memRequestBodyBytes: {{ $middlewareData.memRequestBodyBytes }} + {{- end -}} + {{- if and (not (kindIs "invalid" $middlewareData.maxResponseBodyBytes)) (ge ($middlewareData.maxResponseBodyBytes | int) 0) }} + maxResponseBodyBytes: {{ $middlewareData.maxResponseBodyBytes }} + {{- end -}} + {{- if and (not (kindIs "invalid" $middlewareData.memResponseBodyBytes)) (ge ($middlewareData.memResponseBodyBytes | int) 0) }} + memResponseBodyBytes: {{ $middlewareData.memResponseBodyBytes }} + {{- end -}} + {{- if $middlewareData.retryExpression }} + retryExpression: {{ $middlewareData.retryExpression | quote }} + {{- end -}} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/chain.yaml b/enterprise/traefik/21.1.7/templates/middlewares/chain.yaml new file mode 100644 index 0000000000..17d8853fb0 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/chain.yaml @@ -0,0 +1,21 @@ +{{- $values := .Values -}} +{{- $namespace := $.Release.Namespace -}} +{{- if $.Values.ingressClass.enabled -}} + {{- $namespace := (printf "%v-%v" $namespace .Release.Name) -}} +{{- end -}} + +{{- range $index, $middlewareData := .Values.middlewares.chain }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + chain: + middlewares: + {{- range $index, $middleware := .middlewares }} + - name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/customFrameOptionsValue.yaml b/enterprise/traefik/21.1.7/templates/middlewares/customFrameOptionsValue.yaml new file mode 100644 index 0000000000..9b9f2b6606 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/customFrameOptionsValue.yaml @@ -0,0 +1,12 @@ +{{- range $index, $middlewareData := .Values.middlewares.customFrameOptionsValue }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + headers: + customFrameOptionsValue: {{ $middlewareData.value }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/customRequestHeaders.yaml b/enterprise/traefik/21.1.7/templates/middlewares/customRequestHeaders.yaml new file mode 100644 index 0000000000..3c43a131a1 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/customRequestHeaders.yaml @@ -0,0 +1,15 @@ +{{- range $index, $middlewareData := .Values.middlewares.customRequestHeaders }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + headers: + customRequestHeaders: + {{- range $index, $customRequestHeader := $middlewareData.headers }} + {{ $customRequestHeader.name }}: {{ $customRequestHeader.value | quote }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/customResponseHeaders.yaml b/enterprise/traefik/21.1.7/templates/middlewares/customResponseHeaders.yaml new file mode 100644 index 0000000000..a75db8a338 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/customResponseHeaders.yaml @@ -0,0 +1,15 @@ +{{- range $index, $middlewareData := .Values.middlewares.customResponseHeaders }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + headers: + customResponseHeaders: + {{- range $index, $customResponseHeader := $middlewareData.headers }} + {{ $customResponseHeader.name }}: {{ $customResponseHeader.value | quote }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/forwardauth.yaml b/enterprise/traefik/21.1.7/templates/middlewares/forwardauth.yaml new file mode 100644 index 0000000000..787fa79682 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/forwardauth.yaml @@ -0,0 +1,29 @@ +{{- range $index, $middlewareData := .Values.middlewares.forwardAuth }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + forwardAuth: + address: {{ $middlewareData.address }} + {{- with $middlewareData.authResponseHeaders }} + authResponseHeaders: + {{- toYaml . | nindent 4 }} + {{- end -}} + {{- with $middlewareData.authRequestHeaders }} + authRequestHeaders: + {{- toYaml . | nindent 4 }} + {{- end -}} + {{- if $middlewareData.authResponseHeadersRegex }} + authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }} + {{- end -}} + {{- if $middlewareData.trustForwardHeader }} + trustForwardHeader: true + {{- end -}} + {{- with $middlewareData.tls }} + tls: + insecureSkipVerify: {{ .insecureSkipVerify | default false }} + {{- end -}} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/geoblock.yaml b/enterprise/traefik/21.1.7/templates/middlewares/geoblock.yaml new file mode 100644 index 0000000000..2a647778e5 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/geoblock.yaml @@ -0,0 +1,29 @@ +{{- range $index, $middlewareData := .Values.middlewares.geoBlock }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + plugin: + GeoBlock: + allowLocalRequests: {{ $middlewareData.allowLocalRequests }} + logLocalRequests: {{ $middlewareData.logLocalRequests }} + logAllowedRequests: {{ $middlewareData.logAllowedRequests }} + logApiRequests: {{ $middlewareData.logApiRequests }} + api: {{ $middlewareData.api }} + apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }} + cacheSize: {{ $middlewareData.cacheSize }} + forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }} + allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }} + unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }} + blackListMode: {{ $middlewareData.blackListMode }} + {{- if not $middlewareData.countries -}} + {{- fail "You have to define at least one country..." -}} + {{- end }} + countries: + {{- range $middlewareData.countries }} + - {{ . }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/ipwhitelist.yaml b/enterprise/traefik/21.1.7/templates/middlewares/ipwhitelist.yaml new file mode 100644 index 0000000000..fc876aca5f --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/ipwhitelist.yaml @@ -0,0 +1,27 @@ +{{- range $index, $middlewareData := .Values.middlewares.ipWhiteList }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + ipWhiteList: + sourceRange: + {{- range $middlewareData.sourceRange }} + - {{ . }} + {{- end }} + {{- if $middlewareData.ipStrategy }} + ipStrategy: + {{- if $middlewareData.ipStrategy.depth }} + depth: {{ $middlewareData.ipStrategy.depth }} + {{- end -}} + {{- if $middlewareData.ipStrategy.excludedIPs }} + excludedIPs: + {{- range $middlewareData.ipStrategy.excludedIPs }} + - {{ . }} + {{- end }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/modsecurity.yaml b/enterprise/traefik/21.1.7/templates/middlewares/modsecurity.yaml new file mode 100644 index 0000000000..07a8d5d358 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/modsecurity.yaml @@ -0,0 +1,14 @@ +{{- range $index, $middlewareData := .Values.middlewares.modsecurity }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + plugin: + traefik-modsecurity-plugin: + modSecurityUrl: {{ $middlewareData.modSecurityUrl }} + timeoutMillis: {{ $middlewareData.timeoutMillis }} + maxBodySize: {{ $middlewareData.maxBodySize }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/ratelimit.yaml b/enterprise/traefik/21.1.7/templates/middlewares/ratelimit.yaml new file mode 100644 index 0000000000..cd9117633f --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/ratelimit.yaml @@ -0,0 +1,13 @@ +{{- range $index, $middlewareData := .Values.middlewares.rateLimit }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + rateLimit: + average: {{ $middlewareData.average }} + burst: {{ $middlewareData.burst }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/real-ip.yaml b/enterprise/traefik/21.1.7/templates/middlewares/real-ip.yaml new file mode 100644 index 0000000000..2877d9ce7f --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/real-ip.yaml @@ -0,0 +1,15 @@ +{{- range $index, $middlewareData := .Values.middlewares.realIP }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + plugin: + traefik-real-ip: + excludednets: + {{- range $middlewareData.excludedNetworks }} + - {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/redirectScheme.yaml b/enterprise/traefik/21.1.7/templates/middlewares/redirectScheme.yaml new file mode 100644 index 0000000000..09f3093998 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/redirectScheme.yaml @@ -0,0 +1,13 @@ +{{- range $index, $middlewareData := .Values.middlewares.redirectScheme }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + redirectScheme: + scheme: {{ $middlewareData.scheme }} + permanent: {{ $middlewareData.permanent }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/redirectregex.yaml b/enterprise/traefik/21.1.7/templates/middlewares/redirectregex.yaml new file mode 100644 index 0000000000..30f44f9081 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/redirectregex.yaml @@ -0,0 +1,14 @@ +{{- range $index, $middlewareData := .Values.middlewares.redirectRegex }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + redirectRegex: + regex: {{ $middlewareData.regex | quote }} + replacement: {{ $middlewareData.replacement | quote }} + permanent: {{ $middlewareData.permanent }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/rewriteResponseHeaders.yaml b/enterprise/traefik/21.1.7/templates/middlewares/rewriteResponseHeaders.yaml new file mode 100644 index 0000000000..d7bfdcdbe0 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/rewriteResponseHeaders.yaml @@ -0,0 +1,17 @@ +{{- range $index, $middlewareData := .Values.middlewares.rewriteResponseHeaders }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + plugin: + rewriteResponseHeaders: + rewrites: + {{- range $index, $rewriteResponseHeader := $middlewareData.headers }} + - header: {{ $rewriteResponseHeader.name }} + regex: {{ $rewriteResponseHeader.regex | quote }} + replacement: {{ $rewriteResponseHeader.replacement | quote }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/stripPrefixRegex.yaml b/enterprise/traefik/21.1.7/templates/middlewares/stripPrefixRegex.yaml new file mode 100644 index 0000000000..6fd4c8c997 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/stripPrefixRegex.yaml @@ -0,0 +1,14 @@ +{{- range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + stripPrefixRegex: + regex: + {{- range $middlewareData.regex }} + - {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/tc-chains.yaml b/enterprise/traefik/21.1.7/templates/middlewares/tc-chains.yaml new file mode 100644 index 0000000000..5566d77c14 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/tc-chains.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-chain") "tc-opencors-chain" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-chain") "tc-closedcors-chain" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/tc-headers.yaml b/enterprise/traefik/21.1.7/templates/middlewares/tc-headers.yaml new file mode 100644 index 0000000000..b0500afc70 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/tc-headers.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + headers: + accessControlAllowHeaders: + - '*' + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + - POST + accessControlAllowOriginList: + - '*' + accessControlMaxAge: 100 + browserXssFilter: true + contentTypeNosniff: true + customRequestHeaders: + X-Forwarded-Proto: https + customResponseHeaders: + server: "" + forceSTSHeader: true + referrerPolicy: same-origin + sslForceHost: true + sslRedirect: true + stsSeconds: 63072000 +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + sslRedirect: true + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + sslForceHost: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + server: '' diff --git a/enterprise/traefik/21.1.7/templates/middlewares/tc-nextcloud.yaml b/enterprise/traefik/21.1.7/templates/middlewares/tc-nextcloud.yaml new file mode 100644 index 0000000000..fcb09becb9 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/tc-nextcloud.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + redirectRegex: + regex: "https://(.*)/.well-known/(card|cal)dav" + replacement: "https://${1}/remote.php/dav/" +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-chain") "tc-nextcloud-chain" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }} diff --git a/enterprise/traefik/21.1.7/templates/middlewares/theme-park.yaml b/enterprise/traefik/21.1.7/templates/middlewares/theme-park.yaml new file mode 100644 index 0000000000..16abf2e2f3 --- /dev/null +++ b/enterprise/traefik/21.1.7/templates/middlewares/theme-park.yaml @@ -0,0 +1,20 @@ +{{- range $index, $middlewareData := .Values.middlewares.themePark }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + plugin: + traefik-themepark: + app: {{ $middlewareData.appName }} + theme: {{ $middlewareData.themeName }} + baseUrl: {{ $middlewareData.baseUrl }} + {{- if $middlewareData.addons }} + addons: + {{- range $middlewareData.addons }} + - {{ . | quote }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/operators/prometheus-operator/1.0.12/values.yaml b/enterprise/traefik/21.1.7/values.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/values.yaml rename to enterprise/traefik/21.1.7/values.yaml diff --git a/enterprise/vaultwarden/23.0.9/CHANGELOG.md b/enterprise/vaultwarden/23.0.9/CHANGELOG.md new file mode 100644 index 0000000000..05c3585613 --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [vaultwarden-23.0.9](https://github.com/truecharts/charts/compare/vaultwarden-23.0.8...vaultwarden-23.0.9) (2023-11-08) + + + + +## [vaultwarden-23.0.8](https://github.com/truecharts/charts/compare/vaultwarden-23.0.7...vaultwarden-23.0.8) (2023-11-08) + + + + +## [vaultwarden-23.0.7](https://github.com/truecharts/charts/compare/vaultwarden-23.0.6...vaultwarden-23.0.7) (2023-11-08) + +### Chore + +- update helm general non-major ([#14454](https://github.com/truecharts/charts/issues/14454)) + + + + +## [vaultwarden-23.0.6](https://github.com/truecharts/charts/compare/vaultwarden-23.0.5...vaultwarden-23.0.6) (2023-11-06) + +### Chore + +- update container image tccr.io/truecharts/vaultwarden to v1.30.0 ([#14379](https://github.com/truecharts/charts/issues/14379)) + + + + +## [vaultwarden-23.0.5](https://github.com/truecharts/charts/compare/vaultwarden-23.0.4...vaultwarden-23.0.5) (2023-11-05) + +### Chore + +- update helm general non-major ([#14365](https://github.com/truecharts/charts/issues/14365)) + + + + +## [vaultwarden-23.0.4](https://github.com/truecharts/charts/compare/vaultwarden-23.0.3...vaultwarden-23.0.4) (2023-11-03) + +### Chore + +- update helm general non-major ([#14287](https://github.com/truecharts/charts/issues/14287)) + + + + +## [vaultwarden-23.0.3](https://github.com/truecharts/charts/compare/vaultwarden-23.0.2...vaultwarden-23.0.3) (2023-10-29) + +### Chore + +- Fix typo in categories and make them singular ([#13693](https://github.com/truecharts/charts/issues/13693)) + - update helm general non-major ([#14094](https://github.com/truecharts/charts/issues/14094)) + - run precocmit ([#13387](https://github.com/truecharts/charts/issues/13387)) + + + + +## [vaultwarden-23.0.2](https://github.com/truecharts/charts/compare/vaultwarden-23.0.1...vaultwarden-23.0.2) (2023-10-07) + +### Chore + +- update helm general non-major ([#13386](https://github.com/truecharts/charts/issues/13386)) + + + + +## [vaultwarden-23.0.1](https://github.com/truecharts/charts/compare/vaultwarden-23.0.0...vaultwarden-23.0.1) (2023-09-16) + +### Chore + +- update container image tccr.io/truecharts/vaultwarden to v1.29.2 ([#12227](https://github.com/truecharts/charts/issues/12227)) + + + + +## [vaultwarden-23.0.0](https://github.com/truecharts/charts/compare/vaultwarden-22.0.0...vaultwarden-23.0.0) (2023-09-16) + +### Fix + +- Update SMTP deprecated variable - user must reassign the smtp security setting ([#11980](https://github.com/truecharts/charts/issues/11980)) + + + + + +## [vaultwarden-22.0.0](https://github.com/truecharts/charts/compare/vaultwarden-21.0.3...vaultwarden-22.0.0) (2023-07-31) + + + + +## [vaultwarden-21.0.3](https://github.com/truecharts/charts/compare/vaultwarden-21.0.2...vaultwarden-21.0.3) (2023-07-30) + +### Chore diff --git a/enterprise/vaultwarden/23.0.9/Chart.yaml b/enterprise/vaultwarden/23.0.9/Chart.yaml new file mode 100644 index 0000000000..b7a10286b7 --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/Chart.yaml @@ -0,0 +1,32 @@ +apiVersion: v2 +appVersion: "1.30.0" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 14.3.5 +deprecated: false +description: Unofficial Bitwarden compatible server written in Rust +home: https://truecharts.org/charts/enterprise/vaultwarden +icon: https://truecharts.org/img/hotlink-ok/chart-icons/vaultwarden.png +keywords: + - bitwarden + - bitwardenrs + - bitwarden_rs + - vaultwarden + - password + - rust +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: vaultwarden +sources: + - https://github.com/truecharts/charts/tree/master/charts/enterprise/vaultwarden + - https://github.com/dani-garcia/vaultwarden +type: application +version: 23.0.9 +annotations: + truecharts.org/category: security + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/enterprise/vaultwarden/23.0.9/LICENSE b/enterprise/vaultwarden/23.0.9/LICENSE new file mode 100644 index 0000000000..80e4ab93f9 --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Cert-Manager" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/enterprise/vaultwarden/23.0.9/README.md b/enterprise/vaultwarden/23.0.9/README.md new file mode 100644 index 0000000000..f8a41e479f --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/enterprise/vaultwarden/23.0.9/app-changelog.md b/enterprise/vaultwarden/23.0.9/app-changelog.md new file mode 100644 index 0000000000..3a861d16a9 --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/app-changelog.md @@ -0,0 +1,4 @@ + + +## [vaultwarden-23.0.9](https://github.com/truecharts/charts/compare/vaultwarden-23.0.8...vaultwarden-23.0.9) (2023-11-08) + diff --git a/enterprise/vaultwarden/23.0.9/app-readme.md b/enterprise/vaultwarden/23.0.9/app-readme.md new file mode 100644 index 0000000000..08d9cc8b1d --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/app-readme.md @@ -0,0 +1,8 @@ +Unofficial Bitwarden compatible server written in Rust + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/vaultwarden](https://truecharts.org/charts/enterprise/vaultwarden) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/enterprise/vaultwarden/23.0.9/charts/common-14.3.5.tgz b/enterprise/vaultwarden/23.0.9/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/enterprise/vaultwarden/23.0.9/charts/common-14.3.5.tgz differ diff --git a/enterprise/vaultwarden/23.0.9/ix_values.yaml b/enterprise/vaultwarden/23.0.9/ix_values.yaml new file mode 100644 index 0000000000..d0c10c22ad --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/ix_values.yaml @@ -0,0 +1,161 @@ +image: + repository: tccr.io/truecharts/vaultwarden + pullPolicy: IfNotPresent + tag: v1.30.0@sha256:57bc723900152d5401473f9e458bed388c253f034eeae878984216166cd14967 +manifestManager: + enabled: true +service: + main: + ports: + main: + port: 10102 + targetPort: 8080 + +workload: + main: + podSpec: + containers: + main: + env: + DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}" + DATABASE_URL: + secretKeyRef: + name: cnpg-main-urls + key: std + + envFrom: + - configMapRef: + name: vaultwardenconfig + - secretRef: + name: vaultwardensecret + +database: + # -- Database type, + # must be one of: 'sqlite', 'mysql' or 'postgresql'. + type: postgresql + # -- Enable DB Write-Ahead-Log for SQLite, + # disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled + wal: true + ## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port). + # url: "" + ## Set the size of the database connection pool. + # maxConnections: 10 + ## Connection retries during startup, 0 for infinite. 1 second between retries. + # retries: 15 + +# Set Bitwarden_rs application variables +vaultwarden: + # -- Allow any user to sign-up + # see: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users + allowSignups: true + ## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set. + # signupDomains: + # - domain.tld + # -- Verify e-mail before login is enabled. + # SMTP must be enabled. + verifySignup: false + # When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled. + requireEmail: false + ## Maximum attempts before an email token is reset and a new email will need to be sent. + # emailAttempts: 3 + ## Email token validity in seconds. + # emailTokenExpiration: 600 + # Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations + allowInvitation: true + # Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display + ## Default organization name in invitation e-mails that are not coming from a specific organization. + # defaultInviteName: "" + showPasswordHint: true + # Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting + enableWebVault: true + # Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users. + orgCreationUsers: all + ## Limit attachment disk usage per organization. + # attachmentLimitOrg: + ## Limit attachment disk usage per user. + # attachmentLimitUser: + ## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key. + # hibpApiKey: + + admin: + # Enable admin portal. + enabled: false + # Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token + disableAdminToken: false + ## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page + # token: + + # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration + smtp: + enabled: false + # SMTP hostname, required if SMTP is enabled. + host: "" + # SMTP sender e-mail address, required if SMTP is enabled. + from: "" + ## SMTP sender name, defaults to 'Bitwarden_RS'. + # fromName: "" + ## Enable SSL connection. + # security: starttls + ## SMTP port. Defaults to 587 with STARTTLS, 465 with FORCE_TLS, and 25 without SSL. + # port: 587 + ## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'. + # authMechanism: Plain + ## Hostname to be sent for SMTP HELO. Defaults to pod name. + # heloName: "" + ## SMTP timeout. + # timeout: 15 + ## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks! + # invalidHostname: false + ## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks! + # invalidCertificate: false + ## SMTP username. + # user: "" + ## SMTP password. Required is user is specified, ignored if no user provided. + # password: "" + + ## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication + yubico: + enabled: false + ## Yubico server. Defaults to YubiCloud. + # server: + ## Yubico ID and Secret Key. + # clientId: + # secretKey: + + ## Enable Mobile Push Notifications. You must obtain and ID and Key here: https://bitwarden.com/host + push: + enabled: false + # installationId: + # installationKey: + + ## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging + log: + # Log to file. + file: "" + # Log level. Options are "trace", "debug", "info", "warn", "error" or "off". + level: "trace" + ## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds. + # timeFormat: "" + + icons: + # Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero. + disableDownload: false + ## Cache time-to-live for icons fetched. 0 means no purging. + # cache: 2592000 + ## Cache time-to-live for icons that were not available. 0 means no purging. + # cacheFailed: 259200 + +persistence: + data: + enabled: true + mountPath: "/data" + +cnpg: + main: + enabled: true + user: vaultwarden + database: vaultwarden + +portal: + open: + enabled: true diff --git a/enterprise/vaultwarden/23.0.9/questions.yaml b/enterprise/vaultwarden/23.0.9/questions.yaml new file mode 100644 index 0000000000..e8714bc00e --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/questions.yaml @@ -0,0 +1,2420 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + admin: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + path: "/admin/" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + - variable: vaultwarden + label: "" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: yubico + label: "Yubico OTP authentication" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Yubico OTP authentication" + description: "Please refer to the manual at: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Yubikey-OTP-authentication" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: server + label: "Yubico server" + description: "Defaults to YubiCloud" + schema: + type: string + default: "" + - variable: clientId + label: "Yubico ID" + schema: + type: string + default: "" + - variable: secretKey + label: "Yubico Secret Key" + schema: + type: string + default: "" + - variable: push + label: "Mobile Push Notifications" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Mobile Push Notifications" + description: "You must obtain and ID and Key here: https://bitwarden.com/host" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: installationId + label: "Installation ID" + schema: + type: string + default: "" + required: true + - variable: installationKey + label: "Installation Key" + schema: + type: string + default: "" + required: true + - variable: admin + label: "Admin Portal" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Admin Portal" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: disableAdminToken + label: "Make Accessible Without Password/Token" + schema: + type: boolean + default: false + - variable: token + label: "Admin Portal Password/Token" + description: "Will be automatically generated if not defined" + schema: + type: string + default: "" + - variable: icons + label: "Icon Download Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: disableDownload + label: "Disable Icon Download" + description: "Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache)" + schema: + type: boolean + default: false + - variable: cache + label: "Cache time-to-live" + description: "Cache time-to-live for icons fetched. 0 means no purging" + schema: + type: int + default: 2592000 + - variable: token + label: "Failed Downloads Cache time-to-live" + description: "Cache time-to-live for icons that were not available. 0 means no purging." + schema: + type: int + default: 2592000 + - variable: log + label: "Logging" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log level" + schema: + type: string + default: "info" + required: true + enum: + - value: "trace" + description: "trace" + - value: "debug" + description: "debug" + - value: "info" + description: "info" + - value: "warn" + description: "warn" + - value: "error" + description: "error" + - value: "off" + description: "off" + - variable: file + label: "Log-File Location" + schema: + type: string + default: "" + - variable: smtp + label: "SMTP Settings (Email)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable SMTP Support" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: host + label: "SMTP hostname" + schema: + type: string + required: true + default: "" + - variable: from + label: "SMTP sender e-mail address" + schema: + type: string + required: true + default: "" + - variable: fromName + label: "SMTP sender name" + schema: + type: string + required: true + default: "" + - variable: user + label: "SMTP username" + schema: + type: string + required: true + default: "" + - variable: password + label: "SMTP password" + description: "Required is user is specified, ignored if no user provided" + schema: + type: string + default: "" + - variable: security + label: "Enable SSL connection" + schema: + type: string + default: "starttls" + enum: + - value: "starttls" + description: "STARTTLS (587)" + - value: "force_tls" + description: "FORCE_TLS (465)" + - value: "off" + description: "OFF (25)" + - variable: port + label: "SMTP port" + description: "Usually: 587 with STARTTLS, 465 with FORCE_TLS, and 25 without SSL" + schema: + type: int + default: 587 + - variable: authMechanism + label: "SMTP Authentication Mechanisms" + description: "Comma-separated options: Plain, Login and Xoauth2" + schema: + type: string + default: "Plain" + - variable: heloName + label: "SMTP HELO - Hostname" + description: "Hostname to be sent for SMTP HELO. Defaults to pod name" + schema: + type: string + default: "" + - variable: timeout + label: "SMTP timeout" + schema: + type: int + default: 15 + - variable: invalidHostname + label: "Accept Invalid Hostname" + description: "Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!" + schema: + type: boolean + default: false + - variable: invalidCertificate + label: "Accept Invalid Certificate" + description: "Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!" + schema: + type: boolean + default: false + - variable: allowSignups + label: "Allow Signup" + description: "Allow any user to sign-up: https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users" + schema: + type: boolean + default: true + - variable: allowInvitation + label: "Always allow Invitation" + description: "Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/vaultwarden/wiki/Disable-invitations" + schema: + type: boolean + default: true + - variable: defaultInviteName + label: "Default Invite Organisation Name" + description: "Default organization name in invitation e-mails that are not coming from a specific organization." + schema: + type: string + default: "" + - variable: showPasswordHint + label: "Show password hints" + description: "https://github.com/dani-garcia/vaultwarden/wiki/Password-hint-display" + schema: + type: boolean + default: true + - variable: signupwhitelistenable + label: "Enable Signup Whitelist" + description: "allowSignups is ignored if set" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: signupDomains + label: "Signup Whitelist Domains" + schema: + type: list + default: [] + items: + - variable: domain + label: "Domain" + schema: + type: string + default: "" + - variable: verifySignup + label: "Verifiy Signup" + description: "Verify e-mail before login is enabled. SMTP must be enabled" + schema: + type: boolean + default: false + - variable: requireEmail + label: "Block Login if email fails" + description: "When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled" + schema: + type: boolean + default: false + - variable: emailAttempts + label: "Email token reset attempts" + description: "Maximum attempts before an email token is reset and a new email will need to be sent" + schema: + type: int + default: 3 + - variable: emailTokenExpiration + label: "Email token validity in seconds" + schema: + type: int + default: 600 + - variable: enableWebVault + label: "Enable Webvault" + description: "Enable Web Vault (static content). https://github.com/dani-garcia/vaultwarden/wiki/Disabling-or-overriding-the-Vault-interface-hosting" + schema: + type: boolean + default: true + - variable: orgCreationUsers + label: "Limit Organisation Creation to (users)" + description: "Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users." + schema: + type: string + default: "all" + - variable: attachmentLimitOrg + label: "Limit Attachment Disk Usage per Organisation" + schema: + type: string + default: "" + - variable: attachmentLimitUser + label: "Limit Attachment Disk Usage per User" + schema: + type: string + default: "" + - variable: hibpApiKey + label: "HaveIBeenPwned API Key" + description: "Can be purchased at https://haveibeenpwned.com/API/Key" + schema: + type: string + default: "" + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10102 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + - variable: data + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: entrypoint + label: (Advanced) Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + show_if: [["advanced", "=", true]] + required: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + show_if: [["advanced", "=", true]] + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + show_if: [["advanced", "=", true]] + default: false + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: service + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: certificateIssuer + label: certificateIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below' + schema: + type: string + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: scaleCert + label: Use TrueNAS SCALE Certificate (Deprecated) + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: entrypoint + label: Traefik Entrypoint + description: Entrypoint used by Traefik when using Traefik as Ingress Provider + schema: + type: string + default: websecure + required: true + - variable: middlewares + label: Traefik Middlewares + description: Add previously created Traefik Middlewares to this Ingress + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + default: "" + required: true + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + - variable: scaleGPU + label: GPU Configuration + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: scaleGPUEntry + label: GPU + schema: + additional_attrs: true + type: dict + attrs: + # Specify GPU configuration + - variable: gpu + label: Select GPU + schema: + additional_attrs: true + type: dict + $ref: + - "definitions/gpuConfiguration" + attrs: [] + - variable: workaround + label: "Workaround" + schema: + type: string + default: workaround + hidden: true +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: cnpg + group: Postgresql + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Postgresql Database" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 2 + - variable: hibernate + label: Hibernate + description: "enable to safely hibernate and shutdown the postgresql cluster" + schema: + type: boolean + default: false + - variable: storage + label: "Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: walsize + label: Walsize + schema: + type: string + default: "256Gi" + - variable: pooler + label: "Pooler" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 2 + - variable: Monitoring + label: "Metrics" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enablePodMonitor + label: "enablePodMonitor" + schema: + type: boolean + default: true + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true diff --git a/enterprise/vaultwarden/23.0.9/templates/NOTES.txt b/enterprise/vaultwarden/23.0.9/templates/NOTES.txt new file mode 100644 index 0000000000..efcb74cb77 --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/enterprise/vaultwarden/23.0.9/templates/_configmap.tpl b/enterprise/vaultwarden/23.0.9/templates/_configmap.tpl new file mode 100644 index 0000000000..7cc26147b0 --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/templates/_configmap.tpl @@ -0,0 +1,111 @@ +{{/* Define the configmap */}} +{{- define "vaultwarden.configmap" -}} +enabled: true +data: + ROCKET_PORT: "8080" + SIGNUPS_ALLOWED: {{ .Values.vaultwarden.allowSignups | quote }} + {{- if .Values.vaultwarden.signupDomains }} + SIGNUPS_DOMAINS_WHITELIST: {{ join "," .Values.vaultwarden.signupDomains | quote }} + {{- end }} + {{- if and (eq .Values.vaultwarden.verifySignup true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}} + SIGNUPS_VERIFY: {{ .Values.vaultwarden.verifySignup | quote }} + {{- if and (eq .Values.vaultwarden.requireEmail true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Requiring emails for login depends on SMTP" nil}}{{end}} + REQUIRE_DEVICE_EMAIL: {{ .Values.vaultwarden.requireEmail | quote }} + {{- if .Values.vaultwarden.emailAttempts }} + EMAIL_ATTEMPTS_LIMIT: {{ .Values.vaultwarden.emailAttempts | quote }} + {{- end }} + {{- if .Values.vaultwarden.emailTokenExpiration }} + EMAIL_EXPIRATION_TIME: {{ .Values.vaultwarden.emailTokenExpiration | quote }} + {{- end }} + INVITATIONS_ALLOWED: {{ .Values.vaultwarden.allowInvitation | quote }} + {{- if .Values.vaultwarden.defaultInviteName }} + INVITATION_ORG_NAME: {{ .Values.vaultwarden.defaultInviteName | quote }} + {{- end }} + SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPasswordHint | quote }} + WEB_VAULT_ENABLED: {{ .Values.vaultwarden.enableWebVault | quote }} + ORG_CREATION_USERS: {{ .Values.vaultwarden.orgCreationUsers | quote }} + {{- if .Values.vaultwarden.attachmentLimitOrg }} + ORG_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitOrg | quote }} + {{- end }} + {{- if .Values.vaultwarden.attachmentLimitUser }} + USER_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitUser | quote }} + {{- end }} + {{- if .Values.vaultwarden.hibpApiKey }} + HIBP_API_KEY: {{ .Values.vaultwarden.hibpApiKey | quote }} + {{- end }} + {{- include "vaultwarden.dbTypeValid" . }} + {{- if .Values.database.retries }} + DB_CONNECTION_RETRIES: {{ .Values.database.retries | quote }} + {{- end }} + {{- if .Values.database.maxConnections }} + DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }} + {{- end }} + {{- if eq .Values.vaultwarden.smtp.enabled true }} + SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .Values.vaultwarden.smtp.host | quote }} + SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.vaultwarden.smtp.from | quote }} + {{- if .Values.vaultwarden.smtp.fromName }} + SMTP_FROM_NAME: {{ .Values.vaultwarden.smtp.fromName | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.ssl }} + SMTP_SECURITY: {{ .Values.vaultwarden.smtp.security | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.port }} + SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.authMechanism }} + SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.heloName }} + HELO_NAME: {{ .Values.vaultwarden.smtp.heloName | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.timeout }} + SMTP_TIMEOUT: {{ .Values.vaultwarden.smtp.timeout | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.invalidHostname }} + SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.invalidHostname | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.invalidCertificate }} + SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.invalidCertificate | quote }} + {{- end }} + {{- end }} + {{- if .Values.vaultwarden.log.file }} + LOG_FILE: {{ .Values.vaultwarden.log.file | quote }} + {{- end }} + {{- if or .Values.vaultwarden.log.level .Values.vaultwarden.log.timeFormat }} + EXTENDED_LOGGING: "true" + {{- end }} + {{- if .Values.vaultwarden.log.level }} + {{- include "vaultwarden.logLevelValid" . }} + LOG_LEVEL: {{ .Values.vaultwarden.log.level | quote }} + {{- end }} + {{- if .Values.vaultwarden.log.timeFormat }} + LOG_TIMESTAMP_FORMAT: {{ .Values.vaultwarden.log.timeFormat | quote }} + {{- end }} + {{- if .Values.vaultwarden.icons.disableDownload }} + DISABLE_ICON_DOWNLOAD: {{ .Values.vaultwarden.icons.disableDownload | quote }} + {{- if and (not .Values.vaultwarden.icons.cache) (eq .Values.vaultwarden.icons.disableDownload "true") }} + ICON_CACHE_TTL: "0" + {{- end }} + {{- end }} + {{- if .Values.vaultwarden.icons.cache }} + ICON_CACHE_TTL: {{ .Values.vaultwarden.icons.cache | quote }} + {{- end }} + {{- if .Values.vaultwarden.icons.cacheFailed }} + ICON_CACHE_NEGTTL: {{ .Values.vaultwarden.icons.cacheFailed | quote }} + {{- end }} + {{- if eq .Values.vaultwarden.admin.enabled true }} + {{- if eq .Values.vaultwarden.admin.disableAdminToken true }} + DISABLE_ADMIN_TOKEN: "true" + {{- end }} + {{- end }} + {{- if eq .Values.vaultwarden.yubico.enabled true }} + {{- if .Values.vaultwarden.yubico.server }} + YUBICO_SERVER: {{ .Values.vaultwarden.yubico.server | quote }} + {{- end }} + {{- end }} + {{- if eq .Values.database.type "sqlite" }} + ENABLE_DB_WAL: {{ .Values.database.wal | quote }} + {{- else }} + ENABLE_DB_WAL: "false" + {{- end }} +{{- end -}} diff --git a/enterprise/vaultwarden/23.0.9/templates/_secrets.tpl b/enterprise/vaultwarden/23.0.9/templates/_secrets.tpl new file mode 100644 index 0000000000..262fcffa1b --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/templates/_secrets.tpl @@ -0,0 +1,37 @@ +{{/* Define the secrets */}} +{{- define "vaultwarden.secrets" -}} + +{{- $adminToken := "" }} +{{- if eq .Values.vaultwarden.admin.enabled true }} +{{- $adminToken = .Values.vaultwarden.admin.token | default (randAlphaNum 48) | quote }} +{{- end -}} + +{{- $smtpUser := "" }} +{{- if and (eq .Values.vaultwarden.smtp.enabled true ) (.Values.vaultwarden.smtp.user) }} +{{- $smtpUser = .Values.vaultwarden.smtp.user | quote }} +{{- end -}} + +{{- $yubicoClientId := "" }} +{{- if eq .Values.vaultwarden.yubico.enabled true }} +{{- $yubicoClientId = required "Yubico Client ID required" .Values.vaultwarden.yubico.clientId | toString | quote }} +{{- end -}} +enabled: true +data: + placeholder: placeholdervalue + {{- if ne $adminToken "" }} + ADMIN_TOKEN: {{ $adminToken }} + {{- end }} + {{- if ne $smtpUser "" }} + SMTP_USERNAME: {{ $smtpUser }} + SMTP_PASSWORD: {{ required "Must specify SMTP password" .Values.vaultwarden.smtp.password | quote }} + {{- end }} + {{- if ne $yubicoClientId "" }} + YUBICO_CLIENT_ID: {{ $yubicoClientId }} + YUBICO_SECRET_KEY: {{ required "Yubico Secret Key required" .Values.vaultwarden.yubico.secretKey | quote }} + {{- end }} + {{- if .Values.vaultwarden.push.enabled }} + PUSH_ENABLED: {{ .Values.vaultwarden.push.enabled | quote }} + PUSH_INSTALLATION_ID: {{ required "Installation ID required" .Values.vaultwarden.push.installationId | quote }} + PUSH_INSTALLATION_KEY: {{ required "Installation Key required" .Values.vaultwarden.push.installationKey | quote }} + {{- end }} +{{- end -}} diff --git a/enterprise/vaultwarden/23.0.9/templates/_validate.tpl b/enterprise/vaultwarden/23.0.9/templates/_validate.tpl new file mode 100644 index 0000000000..e4832c2f6e --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/templates/_validate.tpl @@ -0,0 +1,17 @@ +{{/* +Ensure valid DB type is select, defaults to SQLite +*/}} +{{- define "vaultwarden.dbTypeValid" -}} +{{- if not (or (eq .Values.database.type "postgresql") (eq .Values.database.type "mysql") (eq .Values.database.type "sqlite")) }} +{{- required "Invalid database type" nil }} +{{- end -}} +{{- end -}} + +{{/* +Ensure log type is valid +*/}} +{{- define "vaultwarden.logLevelValid" -}} +{{- if not (or (eq .Values.vaultwarden.log.level "trace") (eq .Values.vaultwarden.log.level "debug") (eq .Values.vaultwarden.log.level "info") (eq .Values.vaultwarden.log.level "warn") (eq .Values.vaultwarden.log.level "error") (eq .Values.vaultwarden.log.level "off")) }} +{{- required "Invalid log level" nil }} +{{- end }} +{{- end }} diff --git a/enterprise/vaultwarden/23.0.9/templates/common.yaml b/enterprise/vaultwarden/23.0.9/templates/common.yaml new file mode 100644 index 0000000000..66c6adab5d --- /dev/null +++ b/enterprise/vaultwarden/23.0.9/templates/common.yaml @@ -0,0 +1,17 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render configmap for vaultwarden */}} +{{- $configmapFile := include "vaultwarden.configmap" . | fromYaml -}} +{{- if $configmapFile -}} + {{- $_ := set .Values.configmap "vaultwardenconfig" $configmapFile -}} +{{- end -}} + +{{/* Render secrets for vaultwarden */}} +{{- $secret := include "vaultwarden.secrets" . | fromYaml -}} +{{- if $secret -}} + {{- $_ := set .Values.secret "vaultwardensecret" $secret -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/operators/cert-manager/1.1.6/templates/crds.yaml b/enterprise/vaultwarden/23.0.9/values.yaml similarity index 100% rename from operators/cert-manager/1.1.6/templates/crds.yaml rename to enterprise/vaultwarden/23.0.9/values.yaml diff --git a/operators/cert-manager/1.1.6/app-changelog.md b/operators/cert-manager/1.1.6/app-changelog.md deleted file mode 100644 index 4de1a70282..0000000000 --- a/operators/cert-manager/1.1.6/app-changelog.md +++ /dev/null @@ -1,4 +0,0 @@ - - -## [cert-manager-1.1.6](https://github.com/truecharts/charts/compare/cert-manager-1.1.5...cert-manager-1.1.6) (2023-11-08) - diff --git a/operators/cert-manager/1.1.6/charts/common-14.3.4.tgz b/operators/cert-manager/1.1.6/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/operators/cert-manager/1.1.6/charts/common-14.3.4.tgz and /dev/null differ diff --git a/operators/cert-manager/1.1.6/CHANGELOG.md b/operators/cert-manager/1.1.7/CHANGELOG.md similarity index 95% rename from operators/cert-manager/1.1.6/CHANGELOG.md rename to operators/cert-manager/1.1.7/CHANGELOG.md index a95c43917a..8d138e9996 100644 --- a/operators/cert-manager/1.1.6/CHANGELOG.md +++ b/operators/cert-manager/1.1.7/CHANGELOG.md @@ -4,6 +4,11 @@ +## [cert-manager-1.1.7](https://github.com/truecharts/charts/compare/cert-manager-1.1.6...cert-manager-1.1.7) (2023-11-08) + + + + ## [cert-manager-1.1.6](https://github.com/truecharts/charts/compare/cert-manager-1.1.5...cert-manager-1.1.6) (2023-11-08) diff --git a/operators/cert-manager/1.1.6/Chart.yaml b/operators/cert-manager/1.1.7/Chart.yaml similarity index 96% rename from operators/cert-manager/1.1.6/Chart.yaml rename to operators/cert-manager/1.1.7/Chart.yaml index 0a0767adba..416010085b 100644 --- a/operators/cert-manager/1.1.6/Chart.yaml +++ b/operators/cert-manager/1.1.7/Chart.yaml @@ -11,7 +11,7 @@ keywords: dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 - name: cert-manager repository: https://charts.jetstack.io version: v1.13.2 @@ -27,7 +27,7 @@ sources: - https://github.com/cert-manager - https://cert-manager.io/ type: application -version: 1.1.6 +version: 1.1.7 annotations: truecharts.org/category: operators truecharts.org/SCALE-support: "true" diff --git a/operators/cert-manager/1.1.6/LICENSE b/operators/cert-manager/1.1.7/LICENSE similarity index 100% rename from operators/cert-manager/1.1.6/LICENSE rename to operators/cert-manager/1.1.7/LICENSE diff --git a/operators/cert-manager/1.1.6/README.md b/operators/cert-manager/1.1.7/README.md similarity index 100% rename from operators/cert-manager/1.1.6/README.md rename to operators/cert-manager/1.1.7/README.md diff --git a/operators/cert-manager/1.1.7/app-changelog.md b/operators/cert-manager/1.1.7/app-changelog.md new file mode 100644 index 0000000000..2eba59eaa8 --- /dev/null +++ b/operators/cert-manager/1.1.7/app-changelog.md @@ -0,0 +1,4 @@ + + +## [cert-manager-1.1.7](https://github.com/truecharts/charts/compare/cert-manager-1.1.6...cert-manager-1.1.7) (2023-11-08) + diff --git a/operators/cert-manager/1.1.6/app-readme.md b/operators/cert-manager/1.1.7/app-readme.md similarity index 100% rename from operators/cert-manager/1.1.6/app-readme.md rename to operators/cert-manager/1.1.7/app-readme.md diff --git a/operators/cert-manager/1.1.6/charts/cert-manager-v1.13.2.tgz b/operators/cert-manager/1.1.7/charts/cert-manager-v1.13.2.tgz similarity index 100% rename from operators/cert-manager/1.1.6/charts/cert-manager-v1.13.2.tgz rename to operators/cert-manager/1.1.7/charts/cert-manager-v1.13.2.tgz diff --git a/operators/cert-manager/1.1.7/charts/common-14.3.5.tgz b/operators/cert-manager/1.1.7/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/operators/cert-manager/1.1.7/charts/common-14.3.5.tgz differ diff --git a/operators/cert-manager/1.1.6/ix_values.yaml b/operators/cert-manager/1.1.7/ix_values.yaml similarity index 100% rename from operators/cert-manager/1.1.6/ix_values.yaml rename to operators/cert-manager/1.1.7/ix_values.yaml diff --git a/operators/cert-manager/1.1.6/questions.yaml b/operators/cert-manager/1.1.7/questions.yaml similarity index 100% rename from operators/cert-manager/1.1.6/questions.yaml rename to operators/cert-manager/1.1.7/questions.yaml diff --git a/operators/cert-manager/1.1.7/templates/NOTES.txt b/operators/cert-manager/1.1.7/templates/NOTES.txt new file mode 100644 index 0000000000..efcb74cb77 --- /dev/null +++ b/operators/cert-manager/1.1.7/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/operators/cert-manager/1.1.6/templates/common.yaml b/operators/cert-manager/1.1.7/templates/common.yaml similarity index 100% rename from operators/cert-manager/1.1.6/templates/common.yaml rename to operators/cert-manager/1.1.7/templates/common.yaml diff --git a/operators/cert-manager/1.1.7/templates/crds.yaml b/operators/cert-manager/1.1.7/templates/crds.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/operators/cert-manager/1.1.7/values.yaml b/operators/cert-manager/1.1.7/values.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/operators/cloudnative-pg/2.0.11/app-changelog.md b/operators/cloudnative-pg/2.0.11/app-changelog.md deleted file mode 100644 index 706bc3cd95..0000000000 --- a/operators/cloudnative-pg/2.0.11/app-changelog.md +++ /dev/null @@ -1,4 +0,0 @@ - - -## [cloudnative-pg-2.0.11](https://github.com/truecharts/charts/compare/cloudnative-pg-2.0.10...cloudnative-pg-2.0.11) (2023-11-08) - diff --git a/operators/cloudnative-pg/2.0.11/charts/common-14.3.4.tgz b/operators/cloudnative-pg/2.0.11/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/operators/cloudnative-pg/2.0.11/charts/common-14.3.4.tgz and /dev/null differ diff --git a/operators/cloudnative-pg/2.0.11/CHANGELOG.md b/operators/cloudnative-pg/2.0.12/CHANGELOG.md similarity index 95% rename from operators/cloudnative-pg/2.0.11/CHANGELOG.md rename to operators/cloudnative-pg/2.0.12/CHANGELOG.md index e939769f8c..19b6d4ba70 100644 --- a/operators/cloudnative-pg/2.0.11/CHANGELOG.md +++ b/operators/cloudnative-pg/2.0.12/CHANGELOG.md @@ -4,6 +4,11 @@ +## [cloudnative-pg-2.0.12](https://github.com/truecharts/charts/compare/cloudnative-pg-2.0.11...cloudnative-pg-2.0.12) (2023-11-08) + + + + ## [cloudnative-pg-2.0.11](https://github.com/truecharts/charts/compare/cloudnative-pg-2.0.10...cloudnative-pg-2.0.11) (2023-11-08) @@ -92,8 +97,3 @@ ### Chore -- update helm general non-major ([#10955](https://github.com/truecharts/charts/issues/10955)) - - - - diff --git a/operators/cloudnative-pg/2.0.11/Chart.yaml b/operators/cloudnative-pg/2.0.12/Chart.yaml similarity index 95% rename from operators/cloudnative-pg/2.0.11/Chart.yaml rename to operators/cloudnative-pg/2.0.12/Chart.yaml index aba233ce1d..9d4d21f73d 100644 --- a/operators/cloudnative-pg/2.0.11/Chart.yaml +++ b/operators/cloudnative-pg/2.0.12/Chart.yaml @@ -11,7 +11,7 @@ keywords: dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 kubeVersion: ">=1.16.0-0" maintainers: - email: info@truecharts.org @@ -23,7 +23,7 @@ sources: - https://github.com/cloudnative-pg - https://cloudnative-pg.io/ type: application -version: 2.0.11 +version: 2.0.12 annotations: truecharts.org/category: operators truecharts.org/SCALE-support: "true" diff --git a/operators/cloudnative-pg/2.0.11/LICENSE b/operators/cloudnative-pg/2.0.12/LICENSE similarity index 100% rename from operators/cloudnative-pg/2.0.11/LICENSE rename to operators/cloudnative-pg/2.0.12/LICENSE diff --git a/operators/cloudnative-pg/2.0.11/README.md b/operators/cloudnative-pg/2.0.12/README.md similarity index 100% rename from operators/cloudnative-pg/2.0.11/README.md rename to operators/cloudnative-pg/2.0.12/README.md diff --git a/operators/cloudnative-pg/2.0.12/app-changelog.md b/operators/cloudnative-pg/2.0.12/app-changelog.md new file mode 100644 index 0000000000..37f25a423f --- /dev/null +++ b/operators/cloudnative-pg/2.0.12/app-changelog.md @@ -0,0 +1,4 @@ + + +## [cloudnative-pg-2.0.12](https://github.com/truecharts/charts/compare/cloudnative-pg-2.0.11...cloudnative-pg-2.0.12) (2023-11-08) + diff --git a/operators/cloudnative-pg/2.0.11/app-readme.md b/operators/cloudnative-pg/2.0.12/app-readme.md similarity index 100% rename from operators/cloudnative-pg/2.0.11/app-readme.md rename to operators/cloudnative-pg/2.0.12/app-readme.md diff --git a/operators/cloudnative-pg/2.0.12/charts/common-14.3.5.tgz b/operators/cloudnative-pg/2.0.12/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/operators/cloudnative-pg/2.0.12/charts/common-14.3.5.tgz differ diff --git a/operators/cloudnative-pg/2.0.11/ix_values.yaml b/operators/cloudnative-pg/2.0.12/ix_values.yaml similarity index 100% rename from operators/cloudnative-pg/2.0.11/ix_values.yaml rename to operators/cloudnative-pg/2.0.12/ix_values.yaml diff --git a/operators/cloudnative-pg/2.0.11/questions.yaml b/operators/cloudnative-pg/2.0.12/questions.yaml similarity index 100% rename from operators/cloudnative-pg/2.0.11/questions.yaml rename to operators/cloudnative-pg/2.0.12/questions.yaml diff --git a/operators/cloudnative-pg/2.0.12/templates/NOTES.txt b/operators/cloudnative-pg/2.0.12/templates/NOTES.txt new file mode 100644 index 0000000000..efcb74cb77 --- /dev/null +++ b/operators/cloudnative-pg/2.0.12/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/operators/cloudnative-pg/2.0.11/templates/_mutatingwebhookconfiguration.tpl b/operators/cloudnative-pg/2.0.12/templates/_mutatingwebhookconfiguration.tpl similarity index 100% rename from operators/cloudnative-pg/2.0.11/templates/_mutatingwebhookconfiguration.tpl rename to operators/cloudnative-pg/2.0.12/templates/_mutatingwebhookconfiguration.tpl diff --git a/operators/cloudnative-pg/2.0.11/templates/_validatingwebhookconfiguration.tpl b/operators/cloudnative-pg/2.0.12/templates/_validatingwebhookconfiguration.tpl similarity index 100% rename from operators/cloudnative-pg/2.0.11/templates/_validatingwebhookconfiguration.tpl rename to operators/cloudnative-pg/2.0.12/templates/_validatingwebhookconfiguration.tpl diff --git a/operators/cloudnative-pg/2.0.11/templates/common.yaml b/operators/cloudnative-pg/2.0.12/templates/common.yaml similarity index 100% rename from operators/cloudnative-pg/2.0.11/templates/common.yaml rename to operators/cloudnative-pg/2.0.12/templates/common.yaml diff --git a/operators/cloudnative-pg/2.0.11/templates/crds.yaml b/operators/cloudnative-pg/2.0.12/templates/crds.yaml similarity index 100% rename from operators/cloudnative-pg/2.0.11/templates/crds.yaml rename to operators/cloudnative-pg/2.0.12/templates/crds.yaml diff --git a/operators/cloudnative-pg/2.0.12/values.yaml b/operators/cloudnative-pg/2.0.12/values.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/operators/metallb/10.0.11/CHANGELOG.md b/operators/metallb/10.0.11/CHANGELOG.md new file mode 100644 index 0000000000..f506d0edf9 --- /dev/null +++ b/operators/metallb/10.0.11/CHANGELOG.md @@ -0,0 +1,99 @@ +**Important:** +*for the complete changelog, please refer to the website* + + + + +## [metallb-10.0.11](https://github.com/truecharts/charts/compare/metallb-10.0.10...metallb-10.0.11) (2023-11-08) + + + + +## [metallb-10.0.10](https://github.com/truecharts/charts/compare/metallb-10.0.9...metallb-10.0.10) (2023-11-08) + + + + +## [metallb-10.0.9](https://github.com/truecharts/charts/compare/metallb-10.0.8...metallb-10.0.9) (2023-11-08) + +### Chore + +- update helm general non-major ([#14454](https://github.com/truecharts/charts/issues/14454)) + + + + +## [metallb-10.0.8](https://github.com/truecharts/charts/compare/metallb-10.0.7...metallb-10.0.8) (2023-11-05) + +### Chore + +- update helm general non-major ([#14365](https://github.com/truecharts/charts/issues/14365)) + + + + +## [metallb-10.0.7](https://github.com/truecharts/charts/compare/metallb-10.0.6...metallb-10.0.7) (2023-11-03) + +### Chore + +- update helm general non-major ([#14287](https://github.com/truecharts/charts/issues/14287)) + + + + +## [metallb-10.0.6](https://github.com/truecharts/charts/compare/metallb-10.0.5...metallb-10.0.6) (2023-10-29) + +### Chore + +- Fix typo in categories and make them singular ([#13693](https://github.com/truecharts/charts/issues/13693)) + - update helm general non-major ([#14094](https://github.com/truecharts/charts/issues/14094)) + + + + +## [metallb-10.0.5](https://github.com/truecharts/charts/compare/metallb-10.0.4...metallb-10.0.5) (2023-10-24) + +### Chore + +- update metallb to v0.13.12 (patch) ([#13869](https://github.com/truecharts/charts/issues/13869)) + + + + +## [metallb-10.0.4](https://github.com/truecharts/charts/compare/metallb-10.0.3...metallb-10.0.4) (2023-10-07) + +### Chore + +- update helm general non-major ([#13386](https://github.com/truecharts/charts/issues/13386)) + + + + +## [metallb-10.0.3](https://github.com/truecharts/charts/compare/metallb-10.0.2...metallb-10.0.3) (2023-09-16) + +### Chore + +- update metallb to v0.13.11 (patch) ([#12310](https://github.com/truecharts/charts/issues/12310)) + + + + +## [metallb-10.0.2](https://github.com/truecharts/charts/compare/metallb-10.0.1...metallb-10.0.2) (2023-07-30) + +### Chore + +- update helm general non-major ([#11034](https://github.com/truecharts/charts/issues/11034)) + + + + +## [metallb-10.0.1](https://github.com/truecharts/charts/compare/metallb-10.0.0...metallb-10.0.1) (2023-07-29) + +### Chore + +- update helm general non-major ([#10955](https://github.com/truecharts/charts/issues/10955)) + + + + +## [metallb-10.0.0](https://github.com/truecharts/charts/compare/metallb-9.0.14...metallb-10.0.0) (2023-07-19) diff --git a/operators/metallb/10.0.11/Chart.yaml b/operators/metallb/10.0.11/Chart.yaml new file mode 100644 index 0000000000..6878e5f28c --- /dev/null +++ b/operators/metallb/10.0.11/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +appVersion: "0.13.12" +deprecated: false +description: A network load-balancer implementation for Kubernetes using standard routing protocols +home: https://truecharts.org/charts/operators/metallb +icon: https://truecharts.org/img/hotlink-ok/chart-icons/metallb.png +keywords: + - metallb + - loadbalancer +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 14.3.5 +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: metallb +sources: + - https://github.com/truecharts/charts/tree/master/charts/operators/metallb + - https://github.com/metallb/metallb + - https://metallb.universe.tf +type: application +version: 10.0.11 +annotations: + truecharts.org/category: operators + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/operators/prometheus-operator/1.0.12/LICENSE b/operators/metallb/10.0.11/LICENSE similarity index 100% rename from operators/prometheus-operator/1.0.12/LICENSE rename to operators/metallb/10.0.11/LICENSE diff --git a/operators/prometheus-operator/1.0.12/README.md b/operators/metallb/10.0.11/README.md similarity index 100% rename from operators/prometheus-operator/1.0.12/README.md rename to operators/metallb/10.0.11/README.md diff --git a/operators/metallb/10.0.11/app-changelog.md b/operators/metallb/10.0.11/app-changelog.md new file mode 100644 index 0000000000..5501331657 --- /dev/null +++ b/operators/metallb/10.0.11/app-changelog.md @@ -0,0 +1,4 @@ + + +## [metallb-10.0.11](https://github.com/truecharts/charts/compare/metallb-10.0.10...metallb-10.0.11) (2023-11-08) + diff --git a/operators/metallb/10.0.11/app-readme.md b/operators/metallb/10.0.11/app-readme.md new file mode 100644 index 0000000000..ef8e745914 --- /dev/null +++ b/operators/metallb/10.0.11/app-readme.md @@ -0,0 +1,8 @@ +A network load-balancer implementation for Kubernetes using standard routing protocols + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/operators/metallb](https://truecharts.org/charts/operators/metallb) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/operators/metallb/10.0.11/charts/common-14.3.5.tgz b/operators/metallb/10.0.11/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/operators/metallb/10.0.11/charts/common-14.3.5.tgz differ diff --git a/operators/metallb/10.0.11/ix_values.yaml b/operators/metallb/10.0.11/ix_values.yaml new file mode 100644 index 0000000000..392f2ea40f --- /dev/null +++ b/operators/metallb/10.0.11/ix_values.yaml @@ -0,0 +1,347 @@ +image: + repository: tccr.io/truecharts/metallb-controller + tag: v0.13.12@sha256:0648f93b8c42b6531b05b1f2c197fd16d367b7a0c2b8b474b15fcb55baaf6867 + pullPolicy: +speakerImage: + repository: tccr.io/truecharts/metallb-speaker + tag: v0.13.12@sha256:92d801d823bfe74e2e129573c9f88f9157616bd4128fddec585d5b6c0dc99bd8 + pullPolicy: + +workload: + main: + strategy: RollingUpdate + labels: + app.kubernetes.io/component: controller + podSpec: + labels: + app.kubernetes.io/component: controller + containers: + main: + args: + - --port=7472 + - --log-level=all + - --cert-service-name={{ include "tc.v1.common.lib.chart.names.fullname" $ }} + - --webhook-mode=enabled + probes: + liveness: + port: controllermon + path: /metrics + readiness: + port: controllermon + path: /metrics + startup: + port: controllermon + type: tcp + env: + METALLB_ML_SECRET_NAME: "memberlist" + METALLB_DEPLOYMENT: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + METALLB_NAMESPACE: "{{$.Release.Namespace}}" + + speaker: + enabled: true + type: DaemonSet + strategy: RollingUpdate + labels: + app.kubernetes.io/component: controller + podSpec: + labels: + app.kubernetes.io/component: controller + shareProcessNamespace: true + hostNetwork: true + containers: + speaker: + enabled: true + primary: true + imageSelector: speakerImage + args: + - --port=7473 + - --log-level=all + probes: + liveness: + port: speakermon + path: /metrics + readiness: + port: speakermon + path: /metrics + startup: + port: speakermon + type: tcp + env: + METALLB_NODE_NAME: + fieldRef: + fieldPath: spec.nodeName + METALLB_HOST: + fieldRef: + fieldPath: status.hostIP + METALLB_ML_BIND_ADDR: + fieldRef: + fieldPath: status.podIP + METALLB_ML_LABELS: "release={{ $.Release.Name }},app.kubernetes.io/component=speaker" + METALLB_ML_BIND_PORT: "{{ $.Values.service.memberlist.ports.memberlisttcp.port }}" + METALLB_ML_SECRET_KEY_PATH: "/etc/ml_secret_key" + METALLB_NAMESPACE: "{{$.Release.Namespace}}" + securityContext: + runAsUser: 0 + capabilities: + add: + - NET_RAW + +podOptions: + automountServiceAccountToken: true + +service: + main: + ports: + main: + port: 443 + targetPort: 9443 + memberlist: + enabled: true + targetSelector: speaker + ports: + memberlisttcp: + enabled: true + protocol: tcp + port: 7946 + memberlistudp: + enabled: true + protocol: udp + port: 7946 + speakermon: + enabled: true + targetSelector: speaker + clusterIP: None + ports: + speakermon: + enabled: true + port: 7473 + controllermon: + enabled: true + clusterIP: None + ports: + controllermon: + enabled: true + port: 7472 + +operator: + register: true + +configmap: + metallb-excludel2: + enabled: true + data: + excludel2.yaml: | + announcedInterfacesToExclude: + - docker.* + - cbr.* + - dummy.* + - virbr.* + - lxcbr.* + - veth.* + - lo + - ^cali.* + - ^tunl.* + - flannel.* + - kube-ipvs.* + - cni.* + - ^nodelocaldns.* + +persistence: + webhook-server-cert: + enabled: true + type: secret + objectName: webhook-server-cert + expandObjectName: false + defaultMode: "0420" + readOnly: true + targetSelector: + main: + main: + mountPath: "/tmp/k8s-webhook-server/serving-certs" + metallb-excludel2: + enabled: "{{ if $.Values.speaker.excludeInterfaces.enabled }}true{{ else }}false{{ end }}" + type: configmap + objectName: metallb-excludel2 + defaultMode: "0256" + readOnly: true + targetSelector: + speaker: + speaker: + mountPath: "/etc/metallb" + memberlist: + enabled: true + type: secret + objectName: memberlist + expandObjectName: false + defaultMode: "0420" + targetSelector: + speaker: + speaker: + mountPath: "/etc/ml_secret_key" +portal: + open: + enabled: false + +# -- Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + main: + enabled: true + primary: true + clusterWide: true + allServiceAccounts: true + rules: + - apiGroups: [""] + resources: ["services", "endpoints", "nodes", "namespaces"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list"] + - apiGroups: [""] + resources: ["services/status"] + verbs: ["update"] + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "patch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + resourceNames: ["metallb-webhook-configuration"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: + ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"] + verbs: ["list", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + resourceNames: + [ + "addresspools.metallb.io", + "bfdprofiles.metallb.io", + "bgpadvertisements.metallb.io", + "bgppeers.metallb.io", + "ipaddresspools.metallb.io", + "l2advertisements.metallb.io", + "communities.metallb.io", + ] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["list", "watch"] + - apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] + controller: + enabled: true + primary: false + clusterWide: false + serviceAccounts: + - main + rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "get", "list", "watch"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list"] + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["get"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["metallb.io"] + resources: ["addresspools"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["ipaddresspools"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["bgppeers"] + verbs: ["get", "list"] + - apiGroups: ["metallb.io"] + resources: ["bgpadvertisements"] + verbs: ["get", "list"] + - apiGroups: ["metallb.io"] + resources: ["l2advertisements"] + verbs: ["get", "list"] + - apiGroups: ["metallb.io"] + resources: ["communities"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["bfdprofiles"] + verbs: ["get", "list", "watch"] + pod-lister: + enabled: true + primary: false + clusterWide: false + serviceAccounts: + - speaker + rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["addresspools"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["bfdprofiles"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["bgppeers"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["l2advertisements"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["bgpadvertisements"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["ipaddresspools"] + verbs: ["get", "list", "watch"] + - apiGroups: ["metallb.io"] + resources: ["communities"] + verbs: ["get", "list", "watch"] + +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + enabled: true + primary: true + targetSelector: + - main + speaker: + enabled: true + primary: false + targetSelector: + - speaker + +# controller contains configuration specific to the MetalLB cluster +# controller. +controller: + enabled: true + # -- Controller log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` + logLevel: info + # command: /controller + # webhookMode: enabled + +# speaker contains configuration specific to the MetalLB speaker +# daemonset. +speaker: + enabled: true + # command: /speaker + # -- Speaker log level. Must be one of: `all`, `debug`, `info`, `warn`, `error` or `none` + logLevel: info + tolerateMaster: true + excludeInterfaces: + enabled: true + +validationFailurePolicy: Fail + +manifestManager: + enabled: false diff --git a/operators/prometheus-operator/1.0.12/questions.yaml b/operators/metallb/10.0.11/questions.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/questions.yaml rename to operators/metallb/10.0.11/questions.yaml diff --git a/operators/metallb/10.0.11/templates/NOTES.txt b/operators/metallb/10.0.11/templates/NOTES.txt new file mode 100644 index 0000000000..efcb74cb77 --- /dev/null +++ b/operators/metallb/10.0.11/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/operators/metallb/10.0.11/templates/_webhooks.tpl b/operators/metallb/10.0.11/templates/_webhooks.tpl new file mode 100644 index 0000000000..4f7e7fe4ae --- /dev/null +++ b/operators/metallb/10.0.11/templates/_webhooks.tpl @@ -0,0 +1,162 @@ +{{- define "metallb.webhooks" -}} +{{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) }} +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: metallb-webhook-configuration + labels: + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 4 }} + {{- end }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta1-addresspool + failurePolicy: {{ .Values.validationFailurePolicy }} + name: addresspoolvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - addresspools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta2-bgppeer + failurePolicy: {{ .Values.validationFailurePolicy }} + name: bgppeervalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - bgppeers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta1-ipaddresspool + failurePolicy: {{ .Values.validationFailurePolicy }} + name: ipaddresspoolvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresspools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta1-bgpadvertisement + failurePolicy: {{ .Values.validationFailurePolicy }} + name: bgpadvertisementvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - bgpadvertisements + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta1-community + failurePolicy: {{ .Values.validationFailurePolicy }} + name: communityvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - communities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta1-bfdprofile + failurePolicy: {{ .Values.validationFailurePolicy }} + name: bfdprofilevalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - DELETE + resources: + - bfdprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + namespace: {{ .Release.Namespace }} + path: /validate-metallb-io-v1beta1-l2advertisement + failurePolicy: {{ .Values.validationFailurePolicy }} + name: l2advertisementvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - l2advertisements + sideEffects: None +--- +apiVersion: v1 +kind: Secret +metadata: + name: webhook-server-cert + labels: + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/operators/metallb/10.0.11/templates/common.yaml b/operators/metallb/10.0.11/templates/common.yaml new file mode 100644 index 0000000000..7199968d14 --- /dev/null +++ b/operators/metallb/10.0.11/templates/common.yaml @@ -0,0 +1,7 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- include "metallb.webhooks" . -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/operators/metallb/10.0.11/templates/crds.yaml b/operators/metallb/10.0.11/templates/crds.yaml new file mode 100644 index 0000000000..fe28279e74 --- /dev/null +++ b/operators/metallb/10.0.11/templates/crds.yaml @@ -0,0 +1,1233 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: addresspools.metallb.io +spec: + group: metallb.io + names: + kind: AddressPool + listKind: AddressPoolList + plural: addresspools + singular: addresspool + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1alpha1", "v1beta1"] + clientConfig: + # this is a valid pem format, otherwise the apiserver will reject the deletion of the crds + # with "unable to parse bytes as PEM block", The controller will patch it with the right content after it starts + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== + service: + namespace: {{ .Release.Namespace }} + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + path: /convert + versions: + - deprecated: true + deprecationWarning: metallb.io v1alpha1 AddressPool is deprecated + name: v1alpha1 + schema: + openAPIV3Schema: + description: AddressPool is the Schema for the addresspools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AddressPoolSpec defines the desired state of AddressPool. + properties: + addresses: + description: A list of IP address ranges over which MetalLB has authority. + You can list multiple ranges in a single pool, they will all share + the same settings. Each range can be either a CIDR prefix, or an + explicit start-end range of IPs. + items: + type: string + type: array + autoAssign: + default: true + description: AutoAssign flag used to prevent MetallB from automatic + allocation for a pool. + type: boolean + bgpAdvertisements: + description: When an IP is allocated from this pool, how should it + be translated into BGP announcements? + items: + properties: + aggregationLength: + default: 32 + description: The aggregation-length advertisement option lets + you “roll up” the /32s into a larger prefix. + format: int32 + minimum: 1 + type: integer + aggregationLengthV6: + default: 128 + description: Optional, defaults to 128 (i.e. no aggregation) + if not specified. + format: int32 + type: integer + communities: + description: BGP communities + items: + type: string + type: array + localPref: + description: BGP LOCAL_PREF attribute which is used by BGP best + path algorithm, Path with higher localpref is preferred over + one with lower localpref. + format: int32 + type: integer + type: object + type: array + protocol: + description: Protocol can be used to select how the announcement is + done. + enum: + - layer2 + - bgp + type: string + required: + - addresses + - protocol + type: object + status: + description: AddressPoolStatus defines the observed state of AddressPool. + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - deprecated: true + deprecationWarning: metallb.io v1beta1 AddressPool is deprecated, consider using + IPAddressPool + name: v1beta1 + schema: + openAPIV3Schema: + description: AddressPool represents a pool of IP addresses that can be allocated + to LoadBalancer services. AddressPool is deprecated and being replaced by + IPAddressPool. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: AddressPoolSpec defines the desired state of AddressPool. + properties: + addresses: + description: A list of IP address ranges over which MetalLB has authority. + You can list multiple ranges in a single pool, they will all share + the same settings. Each range can be either a CIDR prefix, or an + explicit start-end range of IPs. + items: + type: string + type: array + autoAssign: + default: true + description: AutoAssign flag used to prevent MetallB from automatic + allocation for a pool. + type: boolean + bgpAdvertisements: + description: Drives how an IP allocated from this pool should translated + into BGP announcements. + items: + properties: + aggregationLength: + default: 32 + description: The aggregation-length advertisement option lets + you “roll up” the /32s into a larger prefix. + format: int32 + minimum: 1 + type: integer + aggregationLengthV6: + default: 128 + description: Optional, defaults to 128 (i.e. no aggregation) + if not specified. + format: int32 + type: integer + communities: + description: BGP communities to be associated with the given + advertisement. + items: + type: string + type: array + localPref: + description: BGP LOCAL_PREF attribute which is used by BGP best + path algorithm, Path with higher localpref is preferred over + one with lower localpref. + format: int32 + type: integer + type: object + type: array + protocol: + description: Protocol can be used to select how the announcement is + done. + enum: + - layer2 + - bgp + type: string + required: + - addresses + - protocol + type: object + status: + description: AddressPoolStatus defines the observed state of AddressPool. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: bfdprofiles.metallb.io +spec: + group: metallb.io + names: + kind: BFDProfile + listKind: BFDProfileList + plural: bfdprofiles + singular: bfdprofile + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: BFDProfile represents the settings of the bfd session that can + be optionally associated with a BGP session. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BFDProfileSpec defines the desired state of BFDProfile. + properties: + detectMultiplier: + description: Configures the detection multiplier to determine packet + loss. The remote transmission interval will be multiplied by this + value to determine the connection loss detection timer. + format: int32 + maximum: 255 + minimum: 2 + type: integer + echoInterval: + description: Configures the minimal echo receive transmission interval + that this system is capable of handling in milliseconds. Defaults + to 50ms + format: int32 + maximum: 60000 + minimum: 10 + type: integer + echoMode: + description: Enables or disables the echo transmission mode. This + mode is disabled by default, and not supported on multi hops setups. + type: boolean + minimumTtl: + description: 'For multi hop sessions only: configure the minimum expected + TTL for an incoming BFD control packet.' + format: int32 + maximum: 254 + minimum: 1 + type: integer + passiveMode: + description: 'Mark session as passive: a passive session will not + attempt to start the connection and will wait for control packets + from peer before it begins replying.' + type: boolean + receiveInterval: + description: The minimum interval that this system is capable of receiving + control packets in milliseconds. Defaults to 300ms. + format: int32 + maximum: 60000 + minimum: 10 + type: integer + transmitInterval: + description: The minimum transmission interval (less jitter) that + this system wants to use to send BFD control packets in milliseconds. + Defaults to 300ms + format: int32 + maximum: 60000 + minimum: 10 + type: integer + type: object + status: + description: BFDProfileStatus defines the observed state of BFDProfile. + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: bgpadvertisements.metallb.io +spec: + group: metallb.io + names: + kind: BGPAdvertisement + listKind: BGPAdvertisementList + plural: bgpadvertisements + singular: bgpadvertisement + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: BGPAdvertisement allows to advertise the IPs coming from the + selected IPAddressPools via BGP, setting the parameters of the BGP Advertisement. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement. + properties: + aggregationLength: + default: 32 + description: The aggregation-length advertisement option lets you + “roll up” the /32s into a larger prefix. Defaults to 32. Works for + IPv4 addresses. + format: int32 + minimum: 1 + type: integer + aggregationLengthV6: + default: 128 + description: The aggregation-length advertisement option lets you + “roll up” the /128s into a larger prefix. Defaults to 128. Works + for IPv6 addresses. + format: int32 + type: integer + communities: + description: The BGP communities to be associated with the announcement. + Each item can be a community of the form 1234:1234 or the name of + an alias defined in the Community CRD. + items: + type: string + type: array + ipAddressPoolSelectors: + description: A selector for the IPAddressPools which would get advertised + via this advertisement. If no IPAddressPool is selected by this + or by the list, the advertisement is applied to all the IPAddressPools. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: array + ipAddressPools: + description: The list of IPAddressPools to advertise via this advertisement, + selected by name. + items: + type: string + type: array + localPref: + description: The BGP LOCAL_PREF attribute which is used by BGP best + path algorithm, Path with higher localpref is preferred over one + with lower localpref. + format: int32 + type: integer + nodeSelectors: + description: NodeSelectors allows to limit the nodes to announce as + next hops for the LoadBalancer IP. When empty, all the nodes having are + announced as next hops. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: array + peers: + description: Peers limits the bgppeer to advertise the ips of the + selected pools to. When empty, the loadbalancer IP is announced + to all the BGPPeers configured. + items: + type: string + type: array + type: object + status: + description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement. + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: bgppeers.metallb.io +spec: + group: metallb.io + names: + kind: BGPPeer + listKind: BGPPeerList + plural: bgppeers + singular: bgppeer + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1beta1", "v1beta2"] + clientConfig: + # this is a valid pem format, otherwise the apiserver will reject the deletion of the crds + # with "unable to parse bytes as PEM block", The controller will patch it with the right content after it starts + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== + service: + namespace: {{ .Release.Namespace }} + name: '{{ include "tc.v1.common.lib.chart.names.fullname" $ }}' + path: /convert + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: BGPPeer is the Schema for the peers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPPeerSpec defines the desired state of Peer. + properties: + bfdProfile: + type: string + ebgpMultiHop: + description: EBGP peer is multi-hops away + type: boolean + holdTime: + description: Requested BGP hold time, per RFC4271. + type: string + keepaliveTime: + description: Requested BGP keepalive time, per RFC4271. + type: string + myASN: + description: AS number to use for the local end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + nodeSelectors: + description: Only connect to this peer on nodes that match one of + these selectors. + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + minItems: 1 + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: array + password: + description: Authentication password for routers enforcing TCP MD5 + authenticated sessions + type: string + peerASN: + description: AS number to expect from the remote end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + peerAddress: + description: Address to dial when establishing the session. + type: string + peerPort: + description: Port to dial when establishing the session. + maximum: 16384 + minimum: 0 + type: integer + routerID: + description: BGP router ID to advertise to the peer + type: string + sourceAddress: + description: Source address to use when establishing the session. + type: string + required: + - myASN + - peerASN + - peerAddress + type: object + status: + description: BGPPeerStatus defines the observed state of Peer. + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta2 + schema: + openAPIV3Schema: + description: BGPPeer is the Schema for the peers API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BGPPeerSpec defines the desired state of Peer. + properties: + bfdProfile: + description: The name of the BFD Profile to be used for the BFD session + associated to the BGP session. If not set, the BFD session won't + be set up. + type: string + ebgpMultiHop: + description: To set if the BGPPeer is multi-hops away. Needed for + FRR mode only. + type: boolean + holdTime: + description: Requested BGP hold time, per RFC4271. + type: string + keepaliveTime: + description: Requested BGP keepalive time, per RFC4271. + type: string + myASN: + description: AS number to use for the local end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + nodeSelectors: + description: Only connect to this peer on nodes that match one of + these selectors. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: array + password: + description: Authentication password for routers enforcing TCP MD5 + authenticated sessions + type: string + passwordSecret: + description: passwordSecret is name of the authentication secret for + BGP Peer. the secret must be of type "kubernetes.io/basic-auth", + and created in the same namespace as the MetalLB deployment. The + password is stored in the secret as the key "password". + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + peerASN: + description: AS number to expect from the remote end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + peerAddress: + description: Address to dial when establishing the session. + type: string + peerPort: + default: 179 + description: Port to dial when establishing the session. + maximum: 16384 + minimum: 0 + type: integer + routerID: + description: BGP router ID to advertise to the peer + type: string + sourceAddress: + description: Source address to use when establishing the session. + type: string + vrf: + description: To set if we want to peer with the BGPPeer using an interface + belonging to a host vrf + type: string + required: + - myASN + - peerASN + - peerAddress + type: object + status: + description: BGPPeerStatus defines the observed state of Peer. + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: ipaddresspools.metallb.io +spec: + group: metallb.io + names: + kind: IPAddressPool + listKind: IPAddressPoolList + plural: ipaddresspools + singular: ipaddresspool + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: IPAddressPool represents a pool of IP addresses that can be allocated + to LoadBalancer services. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressPoolSpec defines the desired state of IPAddressPool. + properties: + addresses: + description: A list of IP address ranges over which MetalLB has authority. + You can list multiple ranges in a single pool, they will all share + the same settings. Each range can be either a CIDR prefix, or an + explicit start-end range of IPs. + items: + type: string + type: array + autoAssign: + default: true + description: AutoAssign flag used to prevent MetallB from automatic + allocation for a pool. + type: boolean + avoidBuggyIPs: + default: false + description: AvoidBuggyIPs prevents addresses ending with .0 and .255 + to be used by a pool. + type: boolean + serviceAllocation: + description: AllocateTo makes ip pool allocation to specific namespace + and/or service. The controller will use the pool with lowest value + of priority in case of multiple matches. A pool with no priority + set will be used only if the pools with priority can't be used. + If multiple matching IPAddressPools are available it will check + for the availability of IPs sorting the matching IPAddressPools + by priority, starting from the highest to the lowest. If multiple + IPAddressPools have the same priority, choice will be random. + properties: + namespaceSelectors: + description: NamespaceSelectors list of label selectors to select + namespace(s) for ip pool, an alternative to using namespace + list. + items: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + namespaces: + description: Namespaces list of namespace(s) on which ip pool + can be attached. + items: + type: string + type: array + priority: + description: Priority priority given for ip pool while ip allocation + on a service. + type: integer + serviceSelectors: + description: ServiceSelectors list of label selector to select + service(s) for which ip pool can be used for ip allocation. + items: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + type: array + type: object + required: + - addresses + type: object + status: + description: IPAddressPoolStatus defines the observed state of IPAddressPool. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: l2advertisements.metallb.io +spec: + group: metallb.io + names: + kind: L2Advertisement + listKind: L2AdvertisementList + plural: l2advertisements + singular: l2advertisement + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: L2Advertisement allows to advertise the LoadBalancer IPs provided + by the selected pools via L2. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: L2AdvertisementSpec defines the desired state of L2Advertisement. + properties: + interfaces: + description: A list of interfaces to announce from. The LB IP will + be announced only from these interfaces. If the field is not set, + we advertise from all the interfaces on the host. + items: + type: string + type: array + ipAddressPoolSelectors: + description: A selector for the IPAddressPools which would get advertised + via this advertisement. If no IPAddressPool is selected by this + or by the list, the advertisement is applied to all the IPAddressPools. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: array + ipAddressPools: + description: The list of IPAddressPools to advertise via this advertisement, + selected by name. + items: + type: string + type: array + nodeSelectors: + description: NodeSelectors allows to limit the nodes to announce as + next hops for the LoadBalancer IP. When empty, all the nodes having are + announced as next hops. + items: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: array + type: object + status: + description: L2AdvertisementStatus defines the observed state of L2Advertisement. + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: communities.metallb.io +spec: + group: metallb.io + names: + kind: Community + listKind: CommunityList + plural: communities + singular: community + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Community is a collection of aliases for communities. Users can + define named aliases to be used in the BGPPeer CRD. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CommunitySpec defines the desired state of Community. + properties: + communities: + items: + properties: + name: + description: The name of the alias for the community. + type: string + value: + description: The BGP community value corresponding to the given + name. + type: string + type: object + type: array + type: object + status: + description: CommunityStatus defines the observed state of Community. + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/metallb/10.0.11/values.yaml b/operators/metallb/10.0.11/values.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/operators/prometheus-operator/1.0.12/app-changelog.md b/operators/prometheus-operator/1.0.12/app-changelog.md deleted file mode 100644 index fb10e52161..0000000000 --- a/operators/prometheus-operator/1.0.12/app-changelog.md +++ /dev/null @@ -1,4 +0,0 @@ - - -## [prometheus-operator-1.0.12](https://github.com/truecharts/charts/compare/prometheus-operator-1.0.11...prometheus-operator-1.0.12) (2023-11-08) - diff --git a/operators/prometheus-operator/1.0.12/charts/common-14.3.4.tgz b/operators/prometheus-operator/1.0.12/charts/common-14.3.4.tgz deleted file mode 100644 index 631d6bf8cd..0000000000 Binary files a/operators/prometheus-operator/1.0.12/charts/common-14.3.4.tgz and /dev/null differ diff --git a/operators/prometheus-operator/1.0.12/CHANGELOG.md b/operators/prometheus-operator/1.0.13/CHANGELOG.md similarity index 95% rename from operators/prometheus-operator/1.0.12/CHANGELOG.md rename to operators/prometheus-operator/1.0.13/CHANGELOG.md index 39e11e5fa1..74f4fd3dc1 100644 --- a/operators/prometheus-operator/1.0.12/CHANGELOG.md +++ b/operators/prometheus-operator/1.0.13/CHANGELOG.md @@ -4,6 +4,11 @@ +## [prometheus-operator-1.0.13](https://github.com/truecharts/charts/compare/prometheus-operator-1.0.12...prometheus-operator-1.0.13) (2023-11-08) + + + + ## [prometheus-operator-1.0.12](https://github.com/truecharts/charts/compare/prometheus-operator-1.0.11...prometheus-operator-1.0.12) (2023-11-08) @@ -92,8 +97,3 @@ - -## [prometheus-operator-1.0.2](https://github.com/truecharts/charts/compare/prometheus-operator-1.0.1...prometheus-operator-1.0.2) (2023-07-30) - -### Chore - diff --git a/operators/prometheus-operator/1.0.12/Chart.yaml b/operators/prometheus-operator/1.0.13/Chart.yaml similarity index 95% rename from operators/prometheus-operator/1.0.12/Chart.yaml rename to operators/prometheus-operator/1.0.13/Chart.yaml index e4a0472cc7..56a98470f8 100644 --- a/operators/prometheus-operator/1.0.12/Chart.yaml +++ b/operators/prometheus-operator/1.0.13/Chart.yaml @@ -11,7 +11,7 @@ keywords: dependencies: - name: common repository: https://library-charts.truecharts.org - version: 14.3.4 + version: 14.3.5 kubeVersion: ">=1.16.0-0" maintainers: - email: info@truecharts.org @@ -22,7 +22,7 @@ sources: - https://github.com/truecharts/charts/tree/master/charts/operators/prometheus-operator - https://github.com/prometheus-operator type: application -version: 1.0.12 +version: 1.0.13 annotations: truecharts.org/category: operators truecharts.org/SCALE-support: "true" diff --git a/operators/prometheus-operator/1.0.13/LICENSE b/operators/prometheus-operator/1.0.13/LICENSE new file mode 100644 index 0000000000..4dfe12ac30 --- /dev/null +++ b/operators/prometheus-operator/1.0.13/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "MetalLB" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/operators/prometheus-operator/1.0.13/README.md b/operators/prometheus-operator/1.0.13/README.md new file mode 100644 index 0000000000..2af6557331 --- /dev/null +++ b/operators/prometheus-operator/1.0.13/README.md @@ -0,0 +1,27 @@ +# README + +## General Info + +TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/operators/) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +*All Rights Reserved - The TrueCharts Project* diff --git a/operators/prometheus-operator/1.0.13/app-changelog.md b/operators/prometheus-operator/1.0.13/app-changelog.md new file mode 100644 index 0000000000..006fa1c1b6 --- /dev/null +++ b/operators/prometheus-operator/1.0.13/app-changelog.md @@ -0,0 +1,4 @@ + + +## [prometheus-operator-1.0.13](https://github.com/truecharts/charts/compare/prometheus-operator-1.0.12...prometheus-operator-1.0.13) (2023-11-08) + diff --git a/operators/prometheus-operator/1.0.12/app-readme.md b/operators/prometheus-operator/1.0.13/app-readme.md similarity index 100% rename from operators/prometheus-operator/1.0.12/app-readme.md rename to operators/prometheus-operator/1.0.13/app-readme.md diff --git a/operators/prometheus-operator/1.0.13/charts/common-14.3.5.tgz b/operators/prometheus-operator/1.0.13/charts/common-14.3.5.tgz new file mode 100644 index 0000000000..58fbc6f496 Binary files /dev/null and b/operators/prometheus-operator/1.0.13/charts/common-14.3.5.tgz differ diff --git a/operators/prometheus-operator/1.0.12/ix_values.yaml b/operators/prometheus-operator/1.0.13/ix_values.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/ix_values.yaml rename to operators/prometheus-operator/1.0.13/ix_values.yaml diff --git a/operators/prometheus-operator/1.0.13/questions.yaml b/operators/prometheus-operator/1.0.13/questions.yaml new file mode 100644 index 0000000000..e4653ab8c3 --- /dev/null +++ b/operators/prometheus-operator/1.0.13/questions.yaml @@ -0,0 +1,45 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false diff --git a/operators/prometheus-operator/1.0.13/templates/NOTES.txt b/operators/prometheus-operator/1.0.13/templates/NOTES.txt new file mode 100644 index 0000000000..efcb74cb77 --- /dev/null +++ b/operators/prometheus-operator/1.0.13/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/operators/prometheus-operator/1.0.12/templates/_mutatingwebhookconfiguration.tpl b/operators/prometheus-operator/1.0.13/templates/_mutatingwebhookconfiguration.tpl similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/_mutatingwebhookconfiguration.tpl rename to operators/prometheus-operator/1.0.13/templates/_mutatingwebhookconfiguration.tpl diff --git a/operators/prometheus-operator/1.0.12/templates/_validatingwebhookconfiguration.tpl b/operators/prometheus-operator/1.0.13/templates/_validatingwebhookconfiguration.tpl similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/_validatingwebhookconfiguration.tpl rename to operators/prometheus-operator/1.0.13/templates/_validatingwebhookconfiguration.tpl diff --git a/operators/prometheus-operator/1.0.12/templates/common.yaml b/operators/prometheus-operator/1.0.13/templates/common.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/common.yaml rename to operators/prometheus-operator/1.0.13/templates/common.yaml diff --git a/operators/prometheus-operator/1.0.12/templates/crds/crd-alertmanagerconfigs.yaml b/operators/prometheus-operator/1.0.13/templates/crds/crd-alertmanagerconfigs.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/crds/crd-alertmanagerconfigs.yaml rename to operators/prometheus-operator/1.0.13/templates/crds/crd-alertmanagerconfigs.yaml diff --git a/operators/prometheus-operator/1.0.12/templates/crds/crd-alertmanagers.yaml b/operators/prometheus-operator/1.0.13/templates/crds/crd-alertmanagers.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/crds/crd-alertmanagers.yaml rename to operators/prometheus-operator/1.0.13/templates/crds/crd-alertmanagers.yaml diff --git a/operators/prometheus-operator/1.0.12/templates/crds/crd-podmonitors.yaml b/operators/prometheus-operator/1.0.13/templates/crds/crd-podmonitors.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/crds/crd-podmonitors.yaml rename to operators/prometheus-operator/1.0.13/templates/crds/crd-podmonitors.yaml diff --git a/operators/prometheus-operator/1.0.12/templates/crds/crd-probes.yaml b/operators/prometheus-operator/1.0.13/templates/crds/crd-probes.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/crds/crd-probes.yaml rename to operators/prometheus-operator/1.0.13/templates/crds/crd-probes.yaml diff --git a/operators/prometheus-operator/1.0.12/templates/crds/crd-prometheusagents.yaml b/operators/prometheus-operator/1.0.13/templates/crds/crd-prometheusagents.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/crds/crd-prometheusagents.yaml rename to operators/prometheus-operator/1.0.13/templates/crds/crd-prometheusagents.yaml diff --git a/operators/prometheus-operator/1.0.12/templates/crds/crd-prometheuses.yaml b/operators/prometheus-operator/1.0.13/templates/crds/crd-prometheuses.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/crds/crd-prometheuses.yaml rename to operators/prometheus-operator/1.0.13/templates/crds/crd-prometheuses.yaml diff --git a/operators/prometheus-operator/1.0.12/templates/crds/crd-prometheusrules.yaml b/operators/prometheus-operator/1.0.13/templates/crds/crd-prometheusrules.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/crds/crd-prometheusrules.yaml rename to operators/prometheus-operator/1.0.13/templates/crds/crd-prometheusrules.yaml diff --git a/operators/prometheus-operator/1.0.12/templates/crds/crd-scrapeconfigs.yaml b/operators/prometheus-operator/1.0.13/templates/crds/crd-scrapeconfigs.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/crds/crd-scrapeconfigs.yaml rename to operators/prometheus-operator/1.0.13/templates/crds/crd-scrapeconfigs.yaml diff --git a/operators/prometheus-operator/1.0.12/templates/crds/crd-servicemonitors.yaml b/operators/prometheus-operator/1.0.13/templates/crds/crd-servicemonitors.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/crds/crd-servicemonitors.yaml rename to operators/prometheus-operator/1.0.13/templates/crds/crd-servicemonitors.yaml diff --git a/operators/prometheus-operator/1.0.12/templates/crds/crd-thanosrulers.yaml b/operators/prometheus-operator/1.0.13/templates/crds/crd-thanosrulers.yaml similarity index 100% rename from operators/prometheus-operator/1.0.12/templates/crds/crd-thanosrulers.yaml rename to operators/prometheus-operator/1.0.13/templates/crds/crd-thanosrulers.yaml diff --git a/operators/prometheus-operator/1.0.12/update-operator-crds.sh b/operators/prometheus-operator/1.0.13/update-operator-crds.sh similarity index 100% rename from operators/prometheus-operator/1.0.12/update-operator-crds.sh rename to operators/prometheus-operator/1.0.13/update-operator-crds.sh diff --git a/operators/prometheus-operator/1.0.13/values.yaml b/operators/prometheus-operator/1.0.13/values.yaml new file mode 100644 index 0000000000..e69de29bb2