chore(deps): update helm general non-major (#9558)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | minor |
`12.13.0` -> `12.14.1` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | minor |
`12.13.1` -> `12.14.1` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | minor |
`12.10.4` -> `12.14.1` |
|
[kube-state-metrics](https://truecharts.org/charts/dependency/kube-state-metrics)
([source](https://togithub.com/truecharts/charts)) | patch | `1.0.15` ->
`1.0.20` |
| [mariadb](https://truecharts.org/charts/dependency/mariadb)
([source](https://togithub.com/truecharts/charts)) | patch | `7.0.45` ->
`7.0.50` |
| [memcached](https://truecharts.org/charts/dependency/memcached)
([source](https://togithub.com/truecharts/charts)) | patch | `6.0.55` ->
`6.0.59` |
| [mongodb](https://truecharts.org/charts/dependency/mongodb)
([source](https://togithub.com/truecharts/charts)) | patch | `6.0.44` ->
`6.0.48` |
|
[node-exporter](https://truecharts.org/charts/dependency/node-exporter)
([source](https://togithub.com/truecharts/charts)) | patch | `1.0.18` ->
`1.0.22` |
| [redis](https://truecharts.org/charts/dependency/redis)
([source](https://togithub.com/truecharts/charts)) | patch | `6.0.54` ->
`6.0.58` |
| [redis](https://truecharts.org/charts/dependency/redis)
([source](https://togithub.com/truecharts/charts)) | patch | `6.0.46` ->
`6.0.58` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>truecharts/library-charts</summary>

###
[`v12.14.1`](https://togithub.com/truecharts/library-charts/releases/tag/common-12.14.1)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-12.14.0...common-12.14.1)

Function library for TrueCharts

###
[`v12.14.0`](https://togithub.com/truecharts/library-charts/releases/tag/common-12.14.0)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-12.13.2...common-12.14.0)

Function library for TrueCharts

###
[`v12.13.2`](https://togithub.com/truecharts/library-charts/releases/tag/common-12.13.2)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-12.13.1...common-12.13.2)

Function library for TrueCharts

###
[`v12.13.1`](https://togithub.com/truecharts/library-charts/releases/tag/common-12.13.1)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-12.13.0...common-12.13.1)

Function library for TrueCharts

</details>

<details>
<summary>truecharts/charts</summary>

###
[`v1.0.20`](https://togithub.com/truecharts/charts/releases/tag/kube-state-metrics-1.0.20)

[Compare
Source](https://togithub.com/truecharts/charts/compare/kube-state-metrics-1.0.19...kube-state-metrics-1.0.20)

kube-state-metrics is a simple service that listens to the Kubernetes
API server and generates metrics about the state of the objects.

###
[`v1.0.19`](https://togithub.com/truecharts/charts/releases/tag/kube-state-metrics-1.0.19)

[Compare
Source](https://togithub.com/truecharts/charts/compare/kube-state-metrics-1.0.18...kube-state-metrics-1.0.19)

kube-state-metrics is a simple service that listens to the Kubernetes
API server and generates metrics about the state of the objects.

###
[`v1.0.18`](https://togithub.com/truecharts/charts/releases/tag/kube-state-metrics-1.0.18)

[Compare
Source](https://togithub.com/truecharts/charts/compare/kube-state-metrics-1.0.17...kube-state-metrics-1.0.18)

kube-state-metrics is a simple service that listens to the Kubernetes
API server and generates metrics about the state of the objects.

###
[`v1.0.17`](https://togithub.com/truecharts/charts/releases/tag/kube-state-metrics-1.0.17)

[Compare
Source](https://togithub.com/truecharts/charts/compare/kube-state-metrics-1.0.16...kube-state-metrics-1.0.17)

kube-state-metrics is a simple service that listens to the Kubernetes
API server and generates metrics about the state of the objects.

###
[`v1.0.16`](https://togithub.com/truecharts/charts/releases/tag/kube-state-metrics-1.0.16)

[Compare
Source](https://togithub.com/truecharts/charts/compare/kube-state-metrics-1.0.15...kube-state-metrics-1.0.16)

kube-state-metrics is a simple service that listens to the Kubernetes
API server and generates metrics about the state of the objects.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 10pm on tuesday" in timezone
Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xMTUuMiIsInVwZGF0ZWRJblZlciI6IjM1LjExNS4yIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIn0=-->

.all-contributorsrc

@@ -504,7 +504,8 @@
       "avatar_url": "https://avatars.githubusercontent.com/u/18377483?v=4",
       "profile": "https://github.com/j0hnby",
       "contributions": [
-        "bug"
+        "bug",
+        "doc"
       ]
     },
     {
@@ -1808,7 +1809,7 @@
       "profile": "https://github.com/kryojenik",
       "contributions": [
         "code"
-        ]
+      ]
     },
     {
       "login": "malcolmcdixon",
@@ -1818,6 +1819,24 @@
       "contributions": [
         "doc"
       ]
+    },
+    {
+      "login": "depasseg",
+      "name": "depasseg",
+      "avatar_url": "https://avatars.githubusercontent.com/u/3201827?v=4",
+      "profile": "https://github.com/depasseg",
+      "contributions": [
+        "doc"
+      ]
+    },
+    {
+      "login": "j1mbl3s",
+      "name": "j1mbl3s",
+      "avatar_url": "https://avatars.githubusercontent.com/u/44634577?v=4",
+      "profile": "https://github.com/j1mbl3s",
+      "contributions": [
+        "doc"
+      ]
     }
   ],
   "contributorsPerLine": 7,

.github/README.md

@@ -124,7 +124,7 @@ A lot of our work is based on the great effort of others. We would love to exten
 ## Contributors ✨
 
 <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
-[![All Contributors](https://img.shields.io/badge/all_contributors-193-orange.svg?style=for-the-badge)](#contributors)
+[![All Contributors](https://img.shields.io/badge/all_contributors-196-orange.svg?style=for-the-badge)](#contributors)
 <!-- ALL-CONTRIBUTORS-BADGE:END -->
 
 Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
@@ -201,7 +201,7 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
     </tr>
     <tr>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/eingemaischt"><img src="https://avatars.githubusercontent.com/u/151498?v=4?s=100" width="100px;" alt="Philipp"/><br /><sub><b>Philipp</b></sub></a><br /><a href="https://github.com/truecharts/charts/issues?q=author%3Aeingemaischt" title="Bug reports">🐛</a></td>
-      <td align="center" valign="top" width="14.28%"><a href="https://github.com/j0hnby"><img src="https://avatars.githubusercontent.com/u/18377483?v=4?s=100" width="100px;" alt="John"/><br /><sub><b>John</b></sub></a><br /><a href="https://github.com/truecharts/charts/issues?q=author%3Aj0hnby" title="Bug reports">🐛</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/j0hnby"><img src="https://avatars.githubusercontent.com/u/18377483?v=4?s=100" width="100px;" alt="John"/><br /><sub><b>John</b></sub></a><br /><a href="https://github.com/truecharts/charts/issues?q=author%3Aj0hnby" title="Bug reports">🐛</a> <a href="https://github.com/truecharts/charts/commits?author=j0hnby" title="Documentation">📖</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/john-parton"><img src="https://avatars.githubusercontent.com/u/2071543?v=4?s=100" width="100px;" alt="John Parton"/><br /><sub><b>John Parton</b></sub></a><br /><a href="https://github.com/truecharts/charts/issues?q=author%3Ajohn-parton" title="Bug reports">🐛</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/Amasis"><img src="https://avatars.githubusercontent.com/u/7325217?v=4?s=100" width="100px;" alt="Marc"/><br /><sub><b>Marc</b></sub></a><br /><a href="https://github.com/truecharts/charts/issues?q=author%3AAmasis" title="Bug reports">🐛</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/fdzaebel"><img src="https://avatars.githubusercontent.com/u/46503230?v=4?s=100" width="100px;" alt="fdzaebel"/><br /><sub><b>fdzaebel</b></sub></a><br /><a href="https://github.com/truecharts/charts/issues?q=author%3Afdzaebel" title="Bug reports">🐛</a></td>
@@ -385,6 +385,8 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/Emalton"><img src="https://avatars.githubusercontent.com/u/9328458?v=4?s=100" width="100px;" alt="John P"/><br /><sub><b>John P</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=Emalton" title="Documentation">📖</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/kryojenik"><img src="https://avatars.githubusercontent.com/u/845427?v=4?s=100" width="100px;" alt="kryojenik"/><br /><sub><b>kryojenik</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=kryojenik" title="Code">💻</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/malcolmcdixon"><img src="https://avatars.githubusercontent.com/u/56974882?v=4?s=100" width="100px;" alt="Malcolm"/><br /><sub><b>Malcolm</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=malcolmcdixon" title="Documentation">📖</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/depasseg"><img src="https://avatars.githubusercontent.com/u/3201827?v=4?s=100" width="100px;" alt="depasseg"/><br /><sub><b>depasseg</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=depasseg" title="Documentation">📖</a></td>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/j1mbl3s"><img src="https://avatars.githubusercontent.com/u/44634577?v=4?s=100" width="100px;" alt="j1mbl3s"/><br /><sub><b>j1mbl3s</b></sub></a><br /><a href="https://github.com/truecharts/charts/commits?author=j1mbl3s" title="Documentation">📖</a></td>
     </tr>
   </tbody>
 </table>

.github/ct-install.yaml

@@ -11,7 +11,6 @@ chart-dirs:
   - charts/operators
 excluded-charts:
   - charts/dependency/subchart
-  - charts/incubator/frigate
   - charts/incubator/orbital-sync
   - charts/incubator/plex-meta-manager
   - charts/library/common
@@ -23,7 +22,6 @@ excluded-charts:
   - charts/stable/facebox
   - charts/stable/foundryvtt
   - charts/stable/foundryvtt
-  - charts/stable/frigate
   - charts/stable/heimdall
   - charts/stable/multus
   - charts/stable/orbital-sync

.github/renovate.json5

@@ -62,7 +62,7 @@
       "bumpVersion": "major",
       "labels": ["update/helm/dependency/major"],
       "groupName": ["helm dependency major"],
-      "matchPaths": ["charts/dependency/**"],
+      "matchPaths": ["charts/dependency/**", "templates/**"],
     },
     {
       "matchDatasources": ["helm"],
@@ -73,7 +73,7 @@
       ],
       "bumpVersion": "patch",
       "labels": ["update/helm/dependency/non-major", "automerge"],
-      "matchPaths": ["charts/dependency/**"],
+      "matchPaths": ["charts/dependency/**", "templates/**"],
       "groupName": "helm dependency non-major",
     },
     //

.github/workflows/catalog-test.yaml

@@ -17,7 +17,7 @@ jobs:
     container:
       image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         name: Checkout
         with:
           fetch-depth: 100

.github/workflows/charts-lint.yaml

@@ -22,13 +22,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout [master]
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: master
 
       - name: Checkout [commit]
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
@@ -107,7 +107,7 @@ jobs:
       - name: Create/Update comment
         if: steps.list-changed.outputs.detected == 'true'
         continue-on-error: true
-        uses: thollander/actions-comment-pull-request@632cf9ce90574d125be56b5f3405cda41a84e2fd # v2
+        uses: thollander/actions-comment-pull-request@dadb7667129e23f12ca3925c90dc5cd7121ab57e # v2
         with:
           filePath: /tmp/lint_result.txt
           comment_tag: lint_results

.github/workflows/charts-release.yaml

@@ -17,13 +17,13 @@ jobs:
       image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           token: ${{ secrets.BOT_TOKEN }}
           fetch-depth: 1
 
       - name: Checkout Helm-Staging
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           repository: truecharts/helm-staging
@@ -92,7 +92,7 @@ jobs:
           GPG_PASSPHRASE: "${{ secrets.GPG_PASSPHRASE }}"
 
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           token: ${{ secrets.BOT_TOKEN }}
           fetch-depth: 0
@@ -124,7 +124,7 @@ jobs:
           find . -name '*.sh' | xargs chmod +x
 
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         if: |
           steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
         with:
@@ -238,7 +238,7 @@ jobs:
           git push
 
       - name: Checkout Catalog
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         if: |
           steps.collect-changes.outputs.changesDetectedAfterTag == 'true'
         with:

.github/workflows/charts-test.yaml

@@ -50,7 +50,7 @@ jobs:
       detected6: ${{ steps.list-changed.outputs.detected6 }}
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
@@ -115,7 +115,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
@@ -141,12 +141,27 @@ jobs:
           # Flags found here https://github.com/k3d-io/k3d
           k3d-args: --k3s-arg --disable=metrics-server@server:*
           github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Remove node taints
         run: |
           kubectl taint --all=true nodes node.cloudprovider.kubernetes.io/uninitialized- || true
 
+      - name: Add Dependencies
+        run: |
+          ## TODO: Move to our Helm Charts
+          ## TODO: Only add when required
+          if [[ "${{ matrix.chart }}" != "charts/operators/metallb" ]]; then
+            kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
+          fi
+          if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
+            kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.20/releases/cnpg-1.20.0.yaml  --server-side --force-conflicts || echo "error fetching cnpg manifest"
+          fi
+          if [[ "${{ matrix.chart }}" != "charts/operators/prometheus-operator" ]]; then
+            kubectl apply -f  https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.65.2/bundle.yaml --server-side --force-conflicts || echo "error fetching prometheus operator manifest"
+          fi
+
       - name: Run chart-testing (install)
-        run: ct install --config ".github/ct-install.yaml" --charts "${{ matrix.chart }}" #--upgrade
+        run: ct install --config ".github/ct-install.yaml" --charts "${{ matrix.chart }}" # --upgrade
 
   install-charts2:
     needs:
@@ -160,7 +175,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
@@ -191,8 +206,20 @@ jobs:
         run: |
           kubectl taint --all=true nodes node.cloudprovider.kubernetes.io/uninitialized- || true
 
+      - name: Add Dependencies
+        run: |
+          if [[ "${{ matrix.chart }}" != "charts/operators/metallb" ]]; then
+            kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
+          fi
+          if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
+            kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.17/releases/cnpg-1.17.5.yaml  --server-side --force-conflicts || echo "error fetching cnpg manifest"
+          fi
+          if [[ "${{ matrix.chart }}" != "charts/operators/prometheus-operator" ]]; then
+            kubectl apply -f  https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.65.2/bundle.yaml --server-side --force-conflicts || echo "error fetching prometheus operator manifest"
+          fi
+
       - name: Run chart-testing (install)
-        run: ct install --config ".github/ct-install.yaml" --charts "${{ matrix.chart }}" #--upgrade
+        run: ct install --config ".github/ct-install.yaml" --charts "${{ matrix.chart }}" # --upgrade
 
   install-charts3:
     needs:
@@ -206,7 +233,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
@@ -232,12 +259,25 @@ jobs:
           # Flags found here https://github.com/k3d-io/k3d
           k3d-args: --k3s-arg --disable=metrics-server@server:*
           github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Remove node taints
         run: |
           kubectl taint --all=true nodes node.cloudprovider.kubernetes.io/uninitialized- || true
 
+      - name: Add Dependencies
+        run: |
+          if [[ "${{ matrix.chart }}" != "charts/operators/metallb" ]]; then
+            kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
+          fi
+          if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
+            kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.17/releases/cnpg-1.17.5.yaml  --server-side --force-conflicts || echo "error fetching cnpg manifest"
+          fi
+          if [[ "${{ matrix.chart }}" != "charts/operators/prometheus-operator" ]]; then
+            kubectl apply -f  https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.65.2/bundle.yaml --server-side --force-conflicts || echo "error fetching prometheus operator manifest"
+          fi
+
       - name: Run chart-testing (install)
-        run: ct install --config ".github/ct-install.yaml" --charts "${{ matrix.chart }}" #--upgrade
+        run: ct install --config ".github/ct-install.yaml" --charts "${{ matrix.chart }}" # --upgrade
 
   install-charts4:
     needs:
@@ -251,7 +291,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
@@ -277,12 +317,25 @@ jobs:
           # Flags found here https://github.com/k3d-io/k3d
           k3d-args: --k3s-arg --disable=metrics-server@server:*
           github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Remove node taints
         run: |
           kubectl taint --all=true nodes node.cloudprovider.kubernetes.io/uninitialized- || true
 
+      - name: Add Dependencies
+        run: |
+          if [[ "${{ matrix.chart }}" != "charts/operators/metallb" ]]; then
+            kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
+          fi
+          if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
+            kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.17/releases/cnpg-1.17.5.yaml  --server-side --force-conflicts || echo "error fetching cnpg manifest"
+          fi
+          if [[ "${{ matrix.chart }}" != "charts/operators/prometheus-operator" ]]; then
+            kubectl apply -f  https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.65.2/bundle.yaml --server-side --force-conflicts || echo "error fetching prometheus operator manifest"
+          fi
+
       - name: Run chart-testing (install)
-        run: ct install --config ".github/ct-install.yaml" --charts "${{ matrix.chart }}" #--upgrade
+        run: ct install --config ".github/ct-install.yaml" --charts "${{ matrix.chart }}" # --upgrade
 
   install-charts5:
     needs:
@@ -296,7 +349,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
@@ -322,12 +375,25 @@ jobs:
           # Flags found here https://github.com/k3d-io/k3d
           k3d-args: --k3s-arg --disable=metrics-server@server:*
           github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Remove node taints
         run: |
           kubectl taint --all=true nodes node.cloudprovider.kubernetes.io/uninitialized- || true
 
+      - name: Add Dependencies
+        run: |
+          if [[ "${{ matrix.chart }}" != "charts/operators/metallb" ]]; then
+            kubectl apply -f --server-side --force-conflicts https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml
+          fi
+          if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
+            kubectl apply -f --server-side --force-conflicts https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.17/releases/cnpg-1.17.5.yaml
+          fi
+          if [[ "${{ matrix.chart }}" != "charts/operators/prometheus-operator" ]]; then
+            kubectl apply -f --server-side --force-conflicts --server-side --force-conflicts https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.65.2/bundle.yaml
+          fi
+
       - name: Run chart-testing (install)
-        run: ct install --config ".github/ct-install.yaml" --charts "${{ matrix.chart }}" #--upgrade
+        run: ct install --config ".github/ct-install.yaml" --charts "${{ matrix.chart }}" # --upgrade
 
   install-charts6:
     needs:
@@ -341,7 +407,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           ref: ${{ inputs.checkoutCommit }}
@@ -367,12 +433,25 @@ jobs:
           # Flags found here https://github.com/k3d-io/k3d
           k3d-args: --k3s-arg --disable=metrics-server@server:*
           github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Remove node taints
         run: |
           kubectl taint --all=true nodes node.cloudprovider.kubernetes.io/uninitialized- || true
 
+      - name: Add Dependencies
+        run: |
+          if [[ "${{ matrix.chart }}" != "charts/operators/metallb" ]]; then
+            kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.10/config/manifests/metallb-native.yaml --server-side --force-conflicts || echo "error fetching metallb manifest"
+          fi
+          if [[ "${{ matrix.chart }}" != "charts/operators/cloudnative-pg" ]]; then
+            kubectl apply -f https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg/release-1.17/releases/cnpg-1.17.5.yaml  --server-side --force-conflicts || echo "error fetching cnpg manifest"
+          fi
+          if [[ "${{ matrix.chart }}" != "charts/operators/prometheus-operator" ]]; then
+            kubectl apply -f  https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.65.2/bundle.yaml --server-side --force-conflicts || echo "error fetching prometheus operator manifest"
+          fi
+
       - name: Run chart-testing (install)
-        run: ct install --config ".github/ct-install.yaml" --charts "${{ matrix.chart }}" #--upgrade
+        run: ct install --config ".github/ct-install.yaml" --charts "${{ matrix.chart }}" # --upgrade
 
   # Summarize matrix https://github.community/t/status-check-for-a-matrix-jobs/127354/7
   install_success:

.github/workflows/daily.yaml

@@ -20,7 +20,7 @@ jobs:
       image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           token: ${{ secrets.BOT_TOKEN }}
           fetch-depth: 1
@@ -55,7 +55,7 @@ jobs:
           done
 
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           repository: truecharts/website
           path: website
@@ -248,7 +248,7 @@ jobs:
           helm repo update
 
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           token: ${{ secrets.BOT_TOKEN }}
           fetch-depth: 1
@@ -257,7 +257,7 @@ jobs:
         run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
 
       - name: Checkout website
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 1
           repository: truecharts/website
@@ -377,7 +377,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           token: ${{ secrets.BOT_TOKEN }}
           fetch-depth: 1

.github/workflows/pr-validate.yaml

@@ -17,7 +17,7 @@ jobs:
       addedOrModifiedCharts: ${{ steps.collect-changes.outputs.addedOrModifiedCharts }}
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
 
       - name: Collect changes
         id: collect-changes
@@ -57,7 +57,7 @@ jobs:
       head-commit-message: ${{ steps.get_head_commit_message.outputs.headCommitMsg }}
     steps:
       - name: Get repo
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           ref: ${{ github.event.pull_request.head.sha }}
       - name: verbose head git commit message

.github/workflows/prune.yaml

@@ -9,7 +9,7 @@ jobs:
     name: "prune old releases"
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           fetch-depth: 0
       - uses: actions/delete-package-versions@0d39a63126868f5eefaa47169615edd3c0f61e20 # v4

.github/workflows/renovate-bump.yaml

@@ -14,12 +14,12 @@ jobs:
     container:
       image: ghcr.io/truecharts/devcontainer:3.1.10@sha256:c239addf725eb5cedf79517f8089fdafdc32b5270d1893ee87ae6e511b9bcae3
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         name: Checkout
         with:
           fetch-depth: 0
           token: ${{ secrets.BOT_TOKEN }}
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         name: Checkout
         with:
           fetch-depth: 0

.github/workflows/renovate.yml

@@ -8,11 +8,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
         with:
           token: ${{ secrets.BOT_TOKEN }}
       - name: Self-hosted Renovate
-        uses: renovatebot/github-action@04c5c5c6bdc22714621d741d9a81022f702ee797 # v38.1.1
+        uses: renovatebot/github-action@5aa4bc2e097e751b391105d89ff88c0c80519c1a # v38.1.3
         with:
           configurationFile: .github/renovate-config.js
           token: ${{ secrets.BOT_TOKEN }}

.github/workflows/schedule-sync-labels.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3
         with:
           token: ${{ secrets.BOT_TOKEN }}
 

charts/dependency/clickhouse/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "23.4.2.11"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: ClickHouse is a column-oriented database management system (DBMS) for online analytical processing of queries (OLAP).
 home: https://truecharts.org/charts/dependency/clickhouse
@@ -22,7 +22,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/dependency/clickhouse
   - https://clickhouse.com/
 type: application
-version: 5.0.33
+version: 5.0.41
 annotations:
   truecharts.org/catagories: |
     - database

charts/dependency/kube-state-metrics/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "2.8.2"
+appVersion: "2.9.2"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: kube-state-metrics is a simple service that listens to the Kubernetes API server and generates metrics about the state of the objects.
 home: https://truecharts.org/charts/dependency/kube-state-metrics
@@ -21,7 +21,7 @@ name: kube-state-metrics
 sources:
   - https://github.com/truecharts/charts/tree/master/charts/dependency/kube-state-metrics
 type: application
-version: 1.0.11
+version: 1.0.20
 annotations:
   truecharts.org/catagories: |
     - metrics

charts/dependency/kube-state-metrics/values.yaml

@@ -1,7 +1,7 @@
 image:
   repository: tccr.io/truecharts/kube-state-metrics
   pullPolicy: IfNotPresent
-  tag: v2.8.2@sha256:35a4457d904190e4870a88d7955b26b6b2604a60ad82c108f9f672a3a6b09ab1
+  tag: v2.9.2@sha256:3ec0f0765cae3d8635edad876f3bca1315ea2d69c2ae5cbee9f46c881c85acf5
 
 service:
   main:
@@ -48,7 +48,7 @@ workload:
             - --resources=services
             - --resources=statefulsets
             - --resources=storageclasses
-            - --resources=verticalpodautoscalers
+            # - --resources=verticalpodautoscalers
             - --resources=validatingwebhookconfigurations
             - --resources=volumeattachments
 

charts/dependency/mariadb/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "10.11.3"
+appVersion: "10.11.4"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: Fast, reliable, scalable, and easy to use open-source relational database system.
 home: https://truecharts.org/charts/dependency/mariadb
@@ -25,7 +25,7 @@ sources:
   - https://github.com/prometheus/mysqld_exporter
   - https://mariadb.org
 type: application
-version: 7.0.40
+version: 7.0.50
 annotations:
   truecharts.org/catagories: |
     - database

charts/dependency/mariadb/values.yaml

@@ -1,7 +1,7 @@
 image:
   repository: tccr.io/truecharts/mariadb
   pullPolicy: IfNotPresent
-  tag: v10.11.3@sha256:151da5bdf055d3501d552ceb4b4bd9f7ec12cce36abbf6b6ae00eb289688f43d
+  tag: v10.11.4@sha256:c36949f30cb56ed38498d794a0a4fb34d58dcf6c45aa9107f292ab9f1df1c54c
 
 workload:
   main:

charts/dependency/memcached/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "1.6.20"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: Memcached is a memory-backed database caching solution
 home: https://truecharts.org/charts/dependency/memcached
@@ -23,7 +23,7 @@ sources:
   - https://github.com/bitnami/bitnami-docker-memcached
   - http://memcached.org/
 type: application
-version: 6.0.50
+version: 6.0.59
 annotations:
   truecharts.org/catagories: |
     - database

charts/dependency/memcached/values.yaml

@@ -1,7 +1,7 @@
 image:
   repository: tccr.io/truecharts/memcached
   pullPolicy: IfNotPresent
-  tag: v1.6.20@sha256:efe8b463bab1282888737a33899e2577e730bdf783444c131946148e7ca5206f
+  tag: v1.6.20@sha256:ed57e787e5b280440220cd8246d87901dbfd436fa61cb63b640cfd4387e8a07c
 
 service:
   main:

charts/dependency/mongodb/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "6.0.6"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: Fast, reliable, scalable, and easy to use open-source no-sql database system.
 home: https://truecharts.org/charts/dependency/mongodb
@@ -23,7 +23,7 @@ sources:
   - https://github.com/bitnami/bitnami-docker-mongodb
   - https://www.mongodb.com
 type: application
-version: 6.0.39
+version: 6.0.48
 annotations:
   truecharts.org/catagories: |
     - database

charts/dependency/mongodb/values.yaml

@@ -1,7 +1,7 @@
 image:
   repository: tccr.io/truecharts/mongodb
   pullPolicy: IfNotPresent
-  tag: v6.0.6@sha256:39cc3cea56770835768603871e3795bafae19d180aebc01f6efa752e9cbd1b45
+  tag: v6.0.6@sha256:757f91b38a37e3a33710d3c77015eae68762fd890cb675d84c9b86668790f462
 
 workload:
   main:

charts/dependency/node-exporter/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "1.6.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: Prometheus exporter for hardware and OS metrics exposed by UNIX kernels, with pluggable metric collectors.
 home: https://truecharts.org/charts/dependency/node-exporter
@@ -21,7 +21,7 @@ name: node-exporter
 sources:
   - https://github.com/truecharts/charts/tree/master/charts/dependency/node-exporter
 type: application
-version: 1.0.13
+version: 1.0.22
 annotations:
   truecharts.org/catagories: |
     - metrics

charts/dependency/node-exporter/values.yaml

@@ -1,7 +1,7 @@
 image:
   repository: tccr.io/truecharts/node-exporter
   pullPolicy: IfNotPresent
-  tag: v1.6.0@sha256:a7a1272a36866fba1a3bdd53053f8f4d3fa1fb94164aaf5704dafbf44f060174
+  tag: v1.6.0@sha256:c286e5dab7f852d1464a01122c3bbd7c48149ecdec188499aea579aef379238b
 
 service:
   main:

charts/dependency/redis/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "7.0.11"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: Open source, advanced key-value store.
 home: https://truecharts.org/charts/dependency/redis
@@ -23,7 +23,7 @@ sources:
   - https://github.com/bitnami/bitnami-docker-redis
   - http://redis.io/
 type: application
-version: 6.0.50
+version: 6.0.58
 annotations:
   truecharts.org/catagories: |
     - database

charts/dependency/solr/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "9.2.1"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: Apache Solr
 home: https://truecharts.org/charts/dependency/solr
@@ -22,7 +22,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/dependency/solr
   - https://github.com/apache/solr
 type: application
-version: 4.0.39
+version: 4.0.48
 annotations:
   truecharts.org/catagories: |
     - search

charts/dependency/solr/values.yaml

@@ -1,7 +1,7 @@
 image:
   repository: tccr.io/truecharts/solr
   pullPolicy: IfNotPresent
-  tag: v9.2.1@sha256:bf9d3cba824c2485a8f997dba784614a068a6ff26297c8c13fb97b4660bdef63
+  tag: v9.2.1@sha256:04c6f6e9d7c3fcecf1a5c17ca6899223e5880370bd660c1321e11bf72d892bdd
 
 workload:
   main:

charts/enterprise/authelia/Chart.yaml

@@ -3,11 +3,11 @@ appVersion: "4.37.5"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
   - condition: redis.enabled
     name: redis
     repository: https://deps.truecharts.org
-    version: 6.0.50
+    version: 6.0.58
 deprecated: false
 description: Authelia is a Single Sign-On Multi-Factor portal for web apps
 home: https://truecharts.org/charts/enterprise/authelia
@@ -35,7 +35,7 @@ sources:
   - https://github.com/authelia/chartrepo
   - https://github.com/authelia/authelia
 type: application
-version: 15.1.23
+version: 15.1.27
 annotations:
   truecharts.org/catagories: |
     - security

charts/enterprise/blocky/Chart.yaml

@@ -3,11 +3,11 @@ appVersion: "0.21.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
   - condition: redis.enabled
     name: redis
     repository: https://deps.truecharts.org
-    version: 6.0.50
+    version: 6.0.58
 description: Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go
 home: https://truecharts.org/charts/enterprise/blocky
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png
@@ -25,7 +25,7 @@ sources:
   - https://0xerr0r.github.io/blocky/
   - https://github.com/0xERR0R/blocky
   - https://github.com/Mozart409/blocky-frontend
-version: 5.0.36
+version: 5.0.41
 annotations:
   truecharts.org/catagories: |
     - network

charts/enterprise/blocky/docs/installation-notes.md

@@ -55,10 +55,11 @@ However: this negatively affects rollback and high availability, so we _highly_
 
 ## k8s-gateway
 
-Our blocky Chart/App, includes build-in compatibility for [k8s_gateway](https://github.com/ori-edge/k8s_gateway), this tool can be used to ensure devices on your local network, connect directly to the LAN IP of any Charts/Apps using Ingress, instead of via the outside world or, in a lot of cases, having a bunch of connectivity issues.
+Our blocky Chart/App includes build-in compatibility for [k8s_gateway](https://github.com/ori-edge/k8s_gateway).
+This tool can be used to achieve [Split DNS](https://en.wikipedia.org/wiki/Split-horizon_DNS) to ensure devices on your local network connect directly to the LAN IP of any Charts/Apps using Ingress, instead of via the outside world or, in a lot of cases, having a bunch of connectivity issues.
 
-The setup of k8s_gateway is simple:
-Just add the domain(s), which will include and subdomains(!), to the k8s_gateway domains list.
+To setup k8s_gateway add **your** root domain(s) to the `k8s_gateway` section domains list, e.g. `mydomain.com`.
 From that point onwards we will take care to automatically apply the required `conditional` settings in `blocky` as well.
+This will automatically include all your app subdomains exposed via Ingress, e.g. `jellyfin.mydomain.com`.
 
-Please be mindfull that using `Blocky Style` configuration using the `blockyConfig` object in `values.yaml`, might override this automatic setup.
+Please be mindfull that using `Blocky Style` configuration, using the `blockyConfig` object in `values.yaml`, might override this automatic setup.

charts/enterprise/blocky/templates/_k8sgateway.tpl

@@ -38,7 +38,7 @@ Create the matchable regex from domain
 {{- $fqdn := ( include "tc.v1.common.lib.chart.names.fqdn" . ) }}
 enabled: true
 data:
-  Corefile: |-
+  Corefile: |
     .:{{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }} {
         errors
         log
@@ -48,9 +48,15 @@ data:
         ready
         {{- range .Values.k8sgateway.domains }}
         {{- if .dnsChallenge.enabled }}
+          {{- if not .dnsChallenge.domain -}}
+            {{- fail "DNS01 challenge domain is mandatory" -}}
+          {{- end }}
+
         template IN ANY {{ required "Delegated domain ('domain') is mandatory" .domain }} {
            match "_acme-challenge[.](.*)[.]{{ include "k8sgateway.configmap.regex" . }}"
-           answer "{{ "{{" }} .Name {{ "}}" }} 5 IN CNAME {{ "{{" }}  index .Match 1 {{ "}}" }}.{{ required "DNS01 challenge domain is mandatory" .dnsChallenge.domain }}"
+           {{- $name := "{{ \"{{ .Name }}\" }}" }}
+           {{- $index := "{{ \"{{ index .Match 1 }}\" }}" }}
+           answer "{{ $name }} 5 IN CNAME {{ $index }}.{{ .dnsChallenge.domain }}"
            fallthrough
         }
         {{- end }}

charts/enterprise/blocky/templates/common.yaml

@@ -4,7 +4,6 @@
 {{- end }}
 {{- include "tc.v1.common.loader.init" . }}
 
-
 {{/* Render configmap for blocky */}}
 {{- $configmapFile := include "blocky.configmap" . | fromYaml -}}
 {{- if $configmapFile -}}

charts/enterprise/clusterissuer/Chart.yaml

@@ -10,7 +10,7 @@ keywords:
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 kubeVersion: ">=1.16.0-0"
 maintainers:
   - email: info@truecharts.org
@@ -21,7 +21,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/enterprise/clusterissuer
   - https://cert-manager.io/
 type: application
-version: 1.0.2
+version: 1.0.5
 annotations:
   truecharts.org/catagories: |
     - core

charts/enterprise/clusterissuer/questions.yaml

@@ -238,6 +238,7 @@ questions:
                       schema:
                         type: string
                         required: true
+                        max_length: 10240
                         show_if: [["selfSigned", "=", false]]
                         default: ""
                     - variable: key
@@ -246,6 +247,7 @@ questions:
                       schema:
                         type: string
                         required: true
+                        max_length: 10240
                         show_if: [["selfSigned", "=", false]]
                         default: ""
 

charts/enterprise/grafana/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "9.5.2"
+appVersion: "9.5.3"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB.
 home: https://truecharts.org/charts/enterprise/grafana
@@ -24,7 +24,7 @@ sources:
   - https://github.com/bitnami/bitnami-docker-grafana
   - https://grafana.com/
 type: application
-version: 7.0.43
+version: 7.0.49
 annotations:
   truecharts.org/catagories: |
     - metrics

charts/enterprise/grafana/values.yaml

@@ -1,7 +1,7 @@
 image:
   repository: tccr.io/truecharts/grafana
   pullPolicy: IfNotPresent
-  tag: v9.5.2@sha256:0a0560b83c29d21731b55186c5d54d5609133c11aaf16863e688d3cd6e48a82d
+  tag: v9.5.3@sha256:3f22fc64031f0a9e432ef397f8dd94173fd09c96777c5ba54fbe15ddce19e318
 manifestManager:
   enabled: true
 securityContext:

charts/enterprise/metallb-config/Chart.yaml

@@ -10,7 +10,7 @@ keywords:
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 kubeVersion: ">=1.16.0-0"
 maintainers:
   - email: info@truecharts.org
@@ -22,7 +22,7 @@ sources:
   - https://github.com/metallb/metallb
   - https://metallb.universe.tf
 type: application
-version: 1.1.4
+version: 1.1.7
 annotations:
   truecharts.org/catagories: |
     - core

charts/enterprise/prometheus/Chart.yaml

@@ -3,15 +3,15 @@ appVersion: "2.44.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
   - condition: exporters.enabled,exporters.node-exporter.enabled
     name: node-exporter
     repository: https://deps.truecharts.org
-    version: 1.0.13
+    version: 1.0.22
   - condition: exporters.enabled,exporters.kube-state-metrics.enabled
     name: kube-state-metrics
     repository: https://deps.truecharts.org
-    version: 1.0.11
+    version: 1.0.20
 deprecated: false
 description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator.
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png
@@ -29,7 +29,7 @@ sources:
   - https://github.com/prometheus-community/helm-charts
   - https://github.com/prometheus-operator/kube-prometheus
 type: application
-version: 9.0.14
+version: 9.0.20
 annotations:
   truecharts.org/catagories: |
     - metrics

charts/enterprise/prometheus/values.yaml

@@ -1,6 +1,6 @@
 image:
   repository: tccr.io/truecharts/prometheus
-  tag: v2.44.0@sha256:b18c1b302e5f8d12e76a99168c1fc9169bbd770ea6a92c0e105f84ca43e7ab94
+  tag: v2.44.0@sha256:e35ebfcbc50d3655030eb4162ab1a33438a5d2dbadac2dcb4bcc0d794a8dadf7
 
 thanosImage:
   repository: tccr.io/truecharts/thanos

charts/enterprise/traefik/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "2.10.1"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: Traefik is a flexible reverse proxy and Ingress Provider.
 home: https://truecharts.org/charts/enterprise/traefik
@@ -23,7 +23,7 @@ sources:
   - https://github.com/traefik/traefik-helm-chart
   - https://traefik.io/
 type: application
-version: 18.0.8
+version: 18.0.14
 annotations:
   truecharts.org/catagories: |
     - network

charts/enterprise/traefik/crds/traefik.containo.us_ingressroutes.yaml

@@ -0,0 +1,267 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutes.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: IngressRoute
+    listKind: IngressRouteList
+    plural: ingressroutes
+    singular: ingressroute
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteSpec defines the desired state of IngressRoute.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: Route holds the HTTP route configuration.
+                  properties:
+                    kind:
+                      description: Kind defines the kind of the route. Rule is the
+                        only supported kind.
+                      enum:
+                      - Rule
+                      type: string
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule'
+                      type: string
+                    middlewares:
+                      description: 'Middlewares defines the list of references to
+                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-middleware'
+                      items:
+                        description: MiddlewareRef is a reference to a Middleware
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Middleware
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Middleware resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority'
+                      type: integer
+                    services:
+                      description: Services defines the list of Service. It can contain
+                        any combination of TraefikService and/or reference to a Kubernetes
+                        Service.
+                      items:
+                        description: Service defines an upstream HTTP service to proxy
+                          traffic to.
+                        properties:
+                          kind:
+                            description: Kind defines the kind of the Service.
+                            enum:
+                            - Service
+                            - TraefikService
+                            type: string
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service or TraefikService. The differentiation between
+                              the two is specified in the Kind field.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service or TraefikService.
+                            type: string
+                          passHostHeader:
+                            description: PassHostHeader defines whether the client
+                              Host header is forwarded to the upstream Kubernetes
+                              Service. By default, passHostHeader is true.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          responseForwarding:
+                            description: ResponseForwarding defines how Traefik forwards
+                              the response from the upstream Kubernetes Service to
+                              the client.
+                            properties:
+                              flushInterval:
+                                description: 'FlushInterval defines the interval,
+                                  in milliseconds, in between flushes to the client
+                                  while copying the response body. A negative value
+                                  means to flush immediately after each write to the
+                                  client. This configuration is ignored when ReverseProxy
+                                  recognizes a response as a streaming response; for
+                                  such responses, writes are flushed to the client
+                                  immediately. Default: 100ms'
+                                type: string
+                            type: object
+                          scheme:
+                            description: Scheme defines the scheme to use for the
+                              request to the upstream Kubernetes Service. It defaults
+                              to https when Kubernetes Service port is 443, http otherwise.
+                            type: string
+                          serversTransport:
+                            description: ServersTransport defines the name of ServersTransport
+                              resource to use. It allows to configure the transport
+                              between Traefik and your servers. Can only be used on
+                              a Kubernetes Service.
+                            type: string
+                          sticky:
+                            description: 'Sticky defines the sticky sessions configuration.
+                              More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                            properties:
+                              cookie:
+                                description: Cookie defines the sticky cookie configuration.
+                                properties:
+                                  httpOnly:
+                                    description: HTTPOnly defines whether the cookie
+                                      can be accessed by client-side APIs, such as
+                                      JavaScript.
+                                    type: boolean
+                                  name:
+                                    description: Name defines the Cookie name.
+                                    type: string
+                                  sameSite:
+                                    description: 'SameSite defines the same site policy.
+                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                    type: string
+                                  secure:
+                                    description: Secure defines whether the cookie
+                                      can only be transmitted over an encrypted connection
+                                      (i.e. HTTPS).
+                                    type: boolean
+                                type: object
+                            type: object
+                          strategy:
+                            description: Strategy defines the load balancing strategy
+                              between the servers. RoundRobin is the only supported
+                              value at the moment.
+                            type: string
+                          weight:
+                            description: Weight defines the weight and should only
+                              be specified when Name references a TraefikService object
+                              (and to be precise, one that embeds a Weighted Round
+                              Robin).
+                            type: integer
+                        required:
+                        - name
+                        type: object
+                      type: array
+                  required:
+                  - kind
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSOption. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSStore. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.containo.us_ingressroutetcps.yaml

@@ -0,0 +1,211 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutetcps.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: IngressRouteTCP
+    listKind: IngressRouteTCPList
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteTCP holds the TCP route configuration.
+                  properties:
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1'
+                      type: string
+                    middlewares:
+                      description: Middlewares defines the list of references to MiddlewareTCP
+                        resources.
+                      items:
+                        description: ObjectReference is a generic reference to a Traefik
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Traefik
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Traefik resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority_1'
+                      type: integer
+                    services:
+                      description: Services defines the list of TCP services.
+                      items:
+                        description: ServiceTCP defines an upstream TCP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          proxyProtocol:
+                            description: 'ProxyProtocol defines the PROXY protocol
+                              configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#proxy-protocol'
+                            properties:
+                              version:
+                                description: Version defines the PROXY Protocol version
+                                  to use.
+                                type: integer
+                            type: object
+                          terminationDelay:
+                            description: TerminationDelay defines the deadline that
+                              the proxy sets, after one of its connected peers indicates
+                              it has closed the writing capability of its connection,
+                              to close the reading capability as well, hence fully
+                              terminating the connection. It is a duration in milliseconds,
+                              defaulting to 100. A negative value means an infinite
+                              deadline (i.e. the reading capability is never closed).
+                            type: integer
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  required:
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration on a layer 4 / TCP
+                  Route. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls_1'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  passthrough:
+                    description: Passthrough defines whether a TLS router will terminate
+                      the TLS connection.
+                    type: boolean
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.containo.us_ingressrouteudps.yaml

@@ -0,0 +1,98 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressrouteudps.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: IngressRouteUDP
+    listKind: IngressRouteUDPList
+    plural: ingressrouteudps
+    singular: ingressrouteudp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteUDP holds the UDP route configuration.
+                  properties:
+                    services:
+                      description: Services defines the list of UDP services.
+                      items:
+                        description: ServiceUDP defines an upstream UDP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  type: object
+                type: array
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.containo.us_middlewares.yaml

@@ -0,0 +1,917 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: middlewares.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: Middleware
+    listKind: MiddlewareList
+    plural: middlewares
+    singular: middleware
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'Middleware is the CRD implementation of a Traefik Middleware.
+          More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/overview/'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MiddlewareSpec defines the desired state of a Middleware.
+            properties:
+              addPrefix:
+                description: 'AddPrefix holds the add prefix middleware configuration.
+                  This middleware updates the path of a request before forwarding
+                  it. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/addprefix/'
+                properties:
+                  prefix:
+                    description: Prefix is the string to add before the current path
+                      in the requested URL. It should include a leading slash (/).
+                    type: string
+                type: object
+              basicAuth:
+                description: 'BasicAuth holds the basic auth middleware configuration.
+                  This middleware restricts access to your services to known users.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/'
+                properties:
+                  headerField:
+                    description: 'HeaderField defines a header field to store the
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
+                    type: string
+                  realm:
+                    description: 'Realm allows the protected resources on a server
+                      to be partitioned into a set of protection spaces, each with
+                      its own authentication scheme. Default: traefik.'
+                    type: string
+                  removeHeader:
+                    description: 'RemoveHeader sets the removeHeader option to true
+                      to remove the authorization header before forwarding the request
+                      to your service. Default: false.'
+                    type: boolean
+                  secret:
+                    description: Secret is the name of the referenced Kubernetes Secret
+                      containing user credentials.
+                    type: string
+                type: object
+              buffering:
+                description: 'Buffering holds the buffering middleware configuration.
+                  This middleware retries or limits the size of requests that can
+                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#maxrequestbodybytes'
+                properties:
+                  maxRequestBodyBytes:
+                    description: 'MaxRequestBodyBytes defines the maximum allowed
+                      body size for the request (in bytes). If the request exceeds
+                      the allowed size, it is not forwarded to the service, and the
+                      client gets a 413 (Request Entity Too Large) response. Default:
+                      0 (no maximum).'
+                    format: int64
+                    type: integer
+                  maxResponseBodyBytes:
+                    description: 'MaxResponseBodyBytes defines the maximum allowed
+                      response size from the service (in bytes). If the response exceeds
+                      the allowed size, it is not forwarded to the client. The client
+                      gets a 500 (Internal Server Error) response instead. Default:
+                      0 (no maximum).'
+                    format: int64
+                    type: integer
+                  memRequestBodyBytes:
+                    description: 'MemRequestBodyBytes defines the threshold (in bytes)
+                      from which the request will be buffered on disk instead of in
+                      memory. Default: 1048576 (1Mi).'
+                    format: int64
+                    type: integer
+                  memResponseBodyBytes:
+                    description: 'MemResponseBodyBytes defines the threshold (in bytes)
+                      from which the response will be buffered on disk instead of
+                      in memory. Default: 1048576 (1Mi).'
+                    format: int64
+                    type: integer
+                  retryExpression:
+                    description: 'RetryExpression defines the retry conditions. It
+                      is a logical combination of functions with operators AND (&&)
+                      and OR (||). More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#retryexpression'
+                    type: string
+                type: object
+              chain:
+                description: 'Chain holds the configuration of the chain middleware.
+                  This middleware enables to define reusable combinations of other
+                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/chain/'
+                properties:
+                  middlewares:
+                    description: Middlewares is the list of MiddlewareRef which composes
+                      the chain.
+                    items:
+                      description: MiddlewareRef is a reference to a Middleware resource.
+                      properties:
+                        name:
+                          description: Name defines the name of the referenced Middleware
+                            resource.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Middleware resource.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              circuitBreaker:
+                description: CircuitBreaker holds the circuit breaker configuration.
+                properties:
+                  checkPeriod:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: CheckPeriod is the interval between successive checks
+                      of the circuit breaker condition (when in standby state).
+                    x-kubernetes-int-or-string: true
+                  expression:
+                    description: Expression is the condition that triggers the tripped
+                      state.
+                    type: string
+                  fallbackDuration:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: FallbackDuration is the duration for which the circuit
+                      breaker will wait before trying to recover (from a tripped state).
+                    x-kubernetes-int-or-string: true
+                  recoveryDuration:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: RecoveryDuration is the duration for which the circuit
+                      breaker will try to recover (as soon as it is in recovering
+                      state).
+                    x-kubernetes-int-or-string: true
+                type: object
+              compress:
+                description: 'Compress holds the compress middleware configuration.
+                  This middleware compresses responses before sending them to the
+                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/compress/'
+                properties:
+                  excludedContentTypes:
+                    description: ExcludedContentTypes defines the list of content
+                      types to compare the Content-Type header of the incoming requests
+                      and responses before compressing.
+                    items:
+                      type: string
+                    type: array
+                  minResponseBodyBytes:
+                    description: 'MinResponseBodyBytes defines the minimum amount
+                      of bytes a response body must have to be compressed. Default:
+                      1024.'
+                    type: integer
+                type: object
+              contentType:
+                description: ContentType holds the content-type middleware configuration.
+                  This middleware exists to enable the correct behavior until at least
+                  the default one can be changed in a future version.
+                properties:
+                  autoDetect:
+                    description: AutoDetect specifies whether to let the `Content-Type`
+                      header, if it has not been set by the backend, be automatically
+                      set to a value derived from the contents of the response. As
+                      a proxy, the default behavior should be to leave the header
+                      alone, regardless of what the backend did with it. However,
+                      the historic default was to always auto-detect and set the header
+                      if it was nil, and it is going to be kept that way in order
+                      to support users currently relying on it.
+                    type: boolean
+                type: object
+              digestAuth:
+                description: 'DigestAuth holds the digest auth middleware configuration.
+                  This middleware restricts access to your services to known users.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/digestauth/'
+                properties:
+                  headerField:
+                    description: 'HeaderField defines a header field to store the
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
+                    type: string
+                  realm:
+                    description: 'Realm allows the protected resources on a server
+                      to be partitioned into a set of protection spaces, each with
+                      its own authentication scheme. Default: traefik.'
+                    type: string
+                  removeHeader:
+                    description: RemoveHeader defines whether to remove the authorization
+                      header before forwarding the request to the backend.
+                    type: boolean
+                  secret:
+                    description: Secret is the name of the referenced Kubernetes Secret
+                      containing user credentials.
+                    type: string
+                type: object
+              errors:
+                description: 'ErrorPage holds the custom error middleware configuration.
+                  This middleware returns a custom page in lieu of the default, according
+                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/'
+                properties:
+                  query:
+                    description: Query defines the URL for the error page (hosted
+                      by service). The {status} variable can be used in order to insert
+                      the status code in the URL.
+                    type: string
+                  service:
+                    description: 'Service defines the reference to a Kubernetes Service
+                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/#service'
+                    properties:
+                      kind:
+                        description: Kind defines the kind of the Service.
+                        enum:
+                        - Service
+                        - TraefikService
+                        type: string
+                      name:
+                        description: Name defines the name of the referenced Kubernetes
+                          Service or TraefikService. The differentiation between the
+                          two is specified in the Kind field.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Kubernetes Service or TraefikService.
+                        type: string
+                      passHostHeader:
+                        description: PassHostHeader defines whether the client Host
+                          header is forwarded to the upstream Kubernetes Service.
+                          By default, passHostHeader is true.
+                        type: boolean
+                      port:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: Port defines the port of a Kubernetes Service.
+                          This can be a reference to a named port.
+                        x-kubernetes-int-or-string: true
+                      responseForwarding:
+                        description: ResponseForwarding defines how Traefik forwards
+                          the response from the upstream Kubernetes Service to the
+                          client.
+                        properties:
+                          flushInterval:
+                            description: 'FlushInterval defines the interval, in milliseconds,
+                              in between flushes to the client while copying the response
+                              body. A negative value means to flush immediately after
+                              each write to the client. This configuration is ignored
+                              when ReverseProxy recognizes a response as a streaming
+                              response; for such responses, writes are flushed to
+                              the client immediately. Default: 100ms'
+                            type: string
+                        type: object
+                      scheme:
+                        description: Scheme defines the scheme to use for the request
+                          to the upstream Kubernetes Service. It defaults to https
+                          when Kubernetes Service port is 443, http otherwise.
+                        type: string
+                      serversTransport:
+                        description: ServersTransport defines the name of ServersTransport
+                          resource to use. It allows to configure the transport between
+                          Traefik and your servers. Can only be used on a Kubernetes
+                          Service.
+                        type: string
+                      sticky:
+                        description: 'Sticky defines the sticky sessions configuration.
+                          More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                        properties:
+                          cookie:
+                            description: Cookie defines the sticky cookie configuration.
+                            properties:
+                              httpOnly:
+                                description: HTTPOnly defines whether the cookie can
+                                  be accessed by client-side APIs, such as JavaScript.
+                                type: boolean
+                              name:
+                                description: Name defines the Cookie name.
+                                type: string
+                              sameSite:
+                                description: 'SameSite defines the same site policy.
+                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                type: string
+                              secure:
+                                description: Secure defines whether the cookie can
+                                  only be transmitted over an encrypted connection
+                                  (i.e. HTTPS).
+                                type: boolean
+                            type: object
+                        type: object
+                      strategy:
+                        description: Strategy defines the load balancing strategy
+                          between the servers. RoundRobin is the only supported value
+                          at the moment.
+                        type: string
+                      weight:
+                        description: Weight defines the weight and should only be
+                          specified when Name references a TraefikService object (and
+                          to be precise, one that embeds a Weighted Round Robin).
+                        type: integer
+                    required:
+                    - name
+                    type: object
+                  status:
+                    description: Status defines which status or range of statuses
+                      should result in an error page. It can be either a status code
+                      as a number (500), as multiple comma-separated numbers (500,502),
+                      as ranges by separating two codes with a dash (500-599), or
+                      a combination of the two (404,418,500-599).
+                    items:
+                      type: string
+                    type: array
+                type: object
+              forwardAuth:
+                description: 'ForwardAuth holds the forward auth middleware configuration.
+                  This middleware delegates the request authentication to a Service.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/'
+                properties:
+                  address:
+                    description: Address defines the authentication server address.
+                    type: string
+                  authRequestHeaders:
+                    description: AuthRequestHeaders defines the list of the headers
+                      to copy from the request to the authentication server. If not
+                      set or empty then all request headers are passed.
+                    items:
+                      type: string
+                    type: array
+                  authResponseHeaders:
+                    description: AuthResponseHeaders defines the list of headers to
+                      copy from the authentication server response and set on forwarded
+                      request, replacing any existing conflicting headers.
+                    items:
+                      type: string
+                    type: array
+                  authResponseHeadersRegex:
+                    description: 'AuthResponseHeadersRegex defines the regex to match
+                      headers to copy from the authentication server response and
+                      set on forwarded request, after stripping all headers that match
+                      the regex. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/#authresponseheadersregex'
+                    type: string
+                  tls:
+                    description: TLS defines the configuration used to secure the
+                      connection to the authentication server.
+                    properties:
+                      caOptional:
+                        type: boolean
+                      caSecret:
+                        description: CASecret is the name of the referenced Kubernetes
+                          Secret containing the CA to validate the server certificate.
+                          The CA certificate is extracted from key `tls.ca` or `ca.crt`.
+                        type: string
+                      certSecret:
+                        description: CertSecret is the name of the referenced Kubernetes
+                          Secret containing the client certificate. The client certificate
+                          is extracted from the keys `tls.crt` and `tls.key`.
+                        type: string
+                      insecureSkipVerify:
+                        description: InsecureSkipVerify defines whether the server
+                          certificates should be validated.
+                        type: boolean
+                    type: object
+                  trustForwardHeader:
+                    description: 'TrustForwardHeader defines whether to trust (ie:
+                      forward) all X-Forwarded-* headers.'
+                    type: boolean
+                type: object
+              headers:
+                description: 'Headers holds the headers middleware configuration.
+                  This middleware manages the requests and responses headers. More
+                  info: https://doc.traefik.io/traefik/v2.9/middlewares/http/headers/#customrequestheaders'
+                properties:
+                  accessControlAllowCredentials:
+                    description: AccessControlAllowCredentials defines whether the
+                      request can include user credentials.
+                    type: boolean
+                  accessControlAllowHeaders:
+                    description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowMethods:
+                    description: AccessControlAllowMethods defines the Access-Control-Request-Method
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowOriginList:
+                    description: AccessControlAllowOriginList is a list of allowable
+                      origins. Can also be a wildcard origin "*".
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowOriginListRegex:
+                    description: AccessControlAllowOriginListRegex is a list of allowable
+                      origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
+                    items:
+                      type: string
+                    type: array
+                  accessControlExposeHeaders:
+                    description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlMaxAge:
+                    description: AccessControlMaxAge defines the time that a preflight
+                      request may be cached.
+                    format: int64
+                    type: integer
+                  addVaryHeader:
+                    description: AddVaryHeader defines whether the Vary header is
+                      automatically added/updated when the AccessControlAllowOriginList
+                      is set.
+                    type: boolean
+                  allowedHosts:
+                    description: AllowedHosts defines the fully qualified list of
+                      allowed domain names.
+                    items:
+                      type: string
+                    type: array
+                  browserXssFilter:
+                    description: BrowserXSSFilter defines whether to add the X-XSS-Protection
+                      header with the value 1; mode=block.
+                    type: boolean
+                  contentSecurityPolicy:
+                    description: ContentSecurityPolicy defines the Content-Security-Policy
+                      header value.
+                    type: string
+                  contentTypeNosniff:
+                    description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
+                      header with the nosniff value.
+                    type: boolean
+                  customBrowserXSSValue:
+                    description: CustomBrowserXSSValue defines the X-XSS-Protection
+                      header value. This overrides the BrowserXssFilter option.
+                    type: string
+                  customFrameOptionsValue:
+                    description: CustomFrameOptionsValue defines the X-Frame-Options
+                      header value. This overrides the FrameDeny option.
+                    type: string
+                  customRequestHeaders:
+                    additionalProperties:
+                      type: string
+                    description: CustomRequestHeaders defines the header names and
+                      values to apply to the request.
+                    type: object
+                  customResponseHeaders:
+                    additionalProperties:
+                      type: string
+                    description: CustomResponseHeaders defines the header names and
+                      values to apply to the response.
+                    type: object
+                  featurePolicy:
+                    description: 'Deprecated: use PermissionsPolicy instead.'
+                    type: string
+                  forceSTSHeader:
+                    description: ForceSTSHeader defines whether to add the STS header
+                      even when the connection is HTTP.
+                    type: boolean
+                  frameDeny:
+                    description: FrameDeny defines whether to add the X-Frame-Options
+                      header with the DENY value.
+                    type: boolean
+                  hostsProxyHeaders:
+                    description: HostsProxyHeaders defines the header keys that may
+                      hold a proxied hostname value for the request.
+                    items:
+                      type: string
+                    type: array
+                  isDevelopment:
+                    description: IsDevelopment defines whether to mitigate the unwanted
+                      effects of the AllowedHosts, SSL, and STS options when developing.
+                      Usually testing takes place using HTTP, not HTTPS, and on localhost,
+                      not your production domain. If you would like your development
+                      environment to mimic production with complete Host blocking,
+                      SSL redirects, and STS headers, leave this as false.
+                    type: boolean
+                  permissionsPolicy:
+                    description: PermissionsPolicy defines the Permissions-Policy
+                      header value. This allows sites to control browser features.
+                    type: string
+                  publicKey:
+                    description: PublicKey is the public key that implements HPKP
+                      to prevent MITM attacks with forged certificates.
+                    type: string
+                  referrerPolicy:
+                    description: ReferrerPolicy defines the Referrer-Policy header
+                      value. This allows sites to control whether browsers forward
+                      the Referer header to other sites.
+                    type: string
+                  sslForceHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
+                    type: boolean
+                  sslHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
+                    type: string
+                  sslProxyHeaders:
+                    additionalProperties:
+                      type: string
+                    description: 'SSLProxyHeaders defines the header keys with associated
+                      values that would indicate a valid HTTPS request. It can be
+                      useful when using other proxies (example: "X-Forwarded-Proto":
+                      "https").'
+                    type: object
+                  sslRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
+                    type: boolean
+                  sslTemporaryRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
+                    type: boolean
+                  stsIncludeSubdomains:
+                    description: STSIncludeSubdomains defines whether the includeSubDomains
+                      directive is appended to the Strict-Transport-Security header.
+                    type: boolean
+                  stsPreload:
+                    description: STSPreload defines whether the preload flag is appended
+                      to the Strict-Transport-Security header.
+                    type: boolean
+                  stsSeconds:
+                    description: STSSeconds defines the max-age of the Strict-Transport-Security
+                      header. If set to 0, the header is not set.
+                    format: int64
+                    type: integer
+                type: object
+              inFlightReq:
+                description: 'InFlightReq holds the in-flight request middleware configuration.
+                  This middleware limits the number of requests being processed and
+                  served concurrently. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/'
+                properties:
+                  amount:
+                    description: Amount defines the maximum amount of allowed simultaneous
+                      in-flight request. The middleware responds with HTTP 429 Too
+                      Many Requests if there are already amount requests in progress
+                      (based on the same sourceCriterion strategy).
+                    format: int64
+                    type: integer
+                  sourceCriterion:
+                    description: 'SourceCriterion defines what criterion is used to
+                      group requests as originating from a common source. If several
+                      strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the requestHost. More
+                      info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/#sourcecriterion'
+                    properties:
+                      ipStrategy:
+                        description: 'IPStrategy holds the IP strategy configuration
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                        properties:
+                          depth:
+                            description: Depth tells Traefik to use the X-Forwarded-For
+                              header and take the IP located at the depth position
+                              (starting from the right).
+                            type: integer
+                          excludedIPs:
+                            description: ExcludedIPs configures Traefik to scan the
+                              X-Forwarded-For header and select the first IP not in
+                              the list.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      requestHeaderName:
+                        description: RequestHeaderName defines the name of the header
+                          used to group incoming requests.
+                        type: string
+                      requestHost:
+                        description: RequestHost defines whether to consider the request
+                          Host as the source.
+                        type: boolean
+                    type: object
+                type: object
+              ipWhiteList:
+                description: 'IPWhiteList holds the IP whitelist middleware configuration.
+                  This middleware accepts / refuses requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
+                properties:
+                  ipStrategy:
+                    description: 'IPStrategy holds the IP strategy configuration used
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                    properties:
+                      depth:
+                        description: Depth tells Traefik to use the X-Forwarded-For
+                          header and take the IP located at the depth position (starting
+                          from the right).
+                        type: integer
+                      excludedIPs:
+                        description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+                          header and select the first IP not in the list.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  sourceRange:
+                    description: SourceRange defines the set of allowed IPs (or ranges
+                      of allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
+              passTLSClientCert:
+                description: 'PassTLSClientCert holds the pass TLS client cert middleware
+                  configuration. This middleware adds the selected data from the passed
+                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/'
+                properties:
+                  info:
+                    description: Info selects the specific client certificate details
+                      you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                    properties:
+                      issuer:
+                        description: Issuer defines the client certificate issuer
+                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                        properties:
+                          commonName:
+                            description: CommonName defines whether to add the organizationalUnit
+                              information into the issuer.
+                            type: boolean
+                          country:
+                            description: Country defines whether to add the country
+                              information into the issuer.
+                            type: boolean
+                          domainComponent:
+                            description: DomainComponent defines whether to add the
+                              domainComponent information into the issuer.
+                            type: boolean
+                          locality:
+                            description: Locality defines whether to add the locality
+                              information into the issuer.
+                            type: boolean
+                          organization:
+                            description: Organization defines whether to add the organization
+                              information into the issuer.
+                            type: boolean
+                          province:
+                            description: Province defines whether to add the province
+                              information into the issuer.
+                            type: boolean
+                          serialNumber:
+                            description: SerialNumber defines whether to add the serialNumber
+                              information into the issuer.
+                            type: boolean
+                        type: object
+                      notAfter:
+                        description: NotAfter defines whether to add the Not After
+                          information from the Validity part.
+                        type: boolean
+                      notBefore:
+                        description: NotBefore defines whether to add the Not Before
+                          information from the Validity part.
+                        type: boolean
+                      sans:
+                        description: Sans defines whether to add the Subject Alternative
+                          Name information from the Subject Alternative Name part.
+                        type: boolean
+                      serialNumber:
+                        description: SerialNumber defines whether to add the client
+                          serialNumber information.
+                        type: boolean
+                      subject:
+                        description: Subject defines the client certificate subject
+                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                        properties:
+                          commonName:
+                            description: CommonName defines whether to add the organizationalUnit
+                              information into the subject.
+                            type: boolean
+                          country:
+                            description: Country defines whether to add the country
+                              information into the subject.
+                            type: boolean
+                          domainComponent:
+                            description: DomainComponent defines whether to add the
+                              domainComponent information into the subject.
+                            type: boolean
+                          locality:
+                            description: Locality defines whether to add the locality
+                              information into the subject.
+                            type: boolean
+                          organization:
+                            description: Organization defines whether to add the organization
+                              information into the subject.
+                            type: boolean
+                          organizationalUnit:
+                            description: OrganizationalUnit defines whether to add
+                              the organizationalUnit information into the subject.
+                            type: boolean
+                          province:
+                            description: Province defines whether to add the province
+                              information into the subject.
+                            type: boolean
+                          serialNumber:
+                            description: SerialNumber defines whether to add the serialNumber
+                              information into the subject.
+                            type: boolean
+                        type: object
+                    type: object
+                  pem:
+                    description: PEM sets the X-Forwarded-Tls-Client-Cert header with
+                      the escaped certificate.
+                    type: boolean
+                type: object
+              plugin:
+                additionalProperties:
+                  x-kubernetes-preserve-unknown-fields: true
+                description: 'Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/'
+                type: object
+              rateLimit:
+                description: 'RateLimit holds the rate limit configuration. This middleware
+                  ensures that services will receive a fair amount of requests, and
+                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ratelimit/'
+                properties:
+                  average:
+                    description: Average is the maximum rate, by default in requests/s,
+                      allowed for the given source. It defaults to 0, which means
+                      no rate limiting. The rate is actually defined by dividing Average
+                      by Period. So for a rate below 1req/s, one needs to define a
+                      Period larger than a second.
+                    format: int64
+                    type: integer
+                  burst:
+                    description: Burst is the maximum number of requests allowed to
+                      arrive in the same arbitrarily small period of time. It defaults
+                      to 1.
+                    format: int64
+                    type: integer
+                  period:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: 'Period, in combination with Average, defines the
+                      actual maximum rate, such as: r = Average / Period. It defaults
+                      to a second.'
+                    x-kubernetes-int-or-string: true
+                  sourceCriterion:
+                    description: SourceCriterion defines what criterion is used to
+                      group requests as originating from a common source. If several
+                      strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the request's remote
+                      address field (as an ipStrategy).
+                    properties:
+                      ipStrategy:
+                        description: 'IPStrategy holds the IP strategy configuration
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+                        properties:
+                          depth:
+                            description: Depth tells Traefik to use the X-Forwarded-For
+                              header and take the IP located at the depth position
+                              (starting from the right).
+                            type: integer
+                          excludedIPs:
+                            description: ExcludedIPs configures Traefik to scan the
+                              X-Forwarded-For header and select the first IP not in
+                              the list.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      requestHeaderName:
+                        description: RequestHeaderName defines the name of the header
+                          used to group incoming requests.
+                        type: string
+                      requestHost:
+                        description: RequestHost defines whether to consider the request
+                          Host as the source.
+                        type: boolean
+                    type: object
+                type: object
+              redirectRegex:
+                description: 'RedirectRegex holds the redirect regex middleware configuration.
+                  This middleware redirects a request using regex matching and replacement.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectregex/#regex'
+                properties:
+                  permanent:
+                    description: Permanent defines whether the redirection is permanent
+                      (301).
+                    type: boolean
+                  regex:
+                    description: Regex defines the regex used to match and capture
+                      elements from the request URL.
+                    type: string
+                  replacement:
+                    description: Replacement defines how to modify the URL to have
+                      the new target URL.
+                    type: string
+                type: object
+              redirectScheme:
+                description: 'RedirectScheme holds the redirect scheme middleware
+                  configuration. This middleware redirects requests from a scheme/port
+                  to another. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectscheme/'
+                properties:
+                  permanent:
+                    description: Permanent defines whether the redirection is permanent
+                      (301).
+                    type: boolean
+                  port:
+                    description: Port defines the port of the new URL.
+                    type: string
+                  scheme:
+                    description: Scheme defines the scheme of the new URL.
+                    type: string
+                type: object
+              replacePath:
+                description: 'ReplacePath holds the replace path middleware configuration.
+                  This middleware replaces the path of the request URL and store the
+                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepath/'
+                properties:
+                  path:
+                    description: Path defines the path to use as replacement in the
+                      request URL.
+                    type: string
+                type: object
+              replacePathRegex:
+                description: 'ReplacePathRegex holds the replace path regex middleware
+                  configuration. This middleware replaces the path of a URL using
+                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepathregex/'
+                properties:
+                  regex:
+                    description: Regex defines the regular expression used to match
+                      and capture the path from the request URL.
+                    type: string
+                  replacement:
+                    description: Replacement defines the replacement path format,
+                      which can include captured variables.
+                    type: string
+                type: object
+              retry:
+                description: 'Retry holds the retry middleware configuration. This
+                  middleware reissues requests a given number of times to a backend
+                  server if that server does not reply. As soon as the server answers,
+                  the middleware stops retrying, regardless of the response status.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/retry/'
+                properties:
+                  attempts:
+                    description: Attempts defines how many times the request should
+                      be retried.
+                    type: integer
+                  initialInterval:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: InitialInterval defines the first wait time in the
+                      exponential backoff series. The maximum interval is calculated
+                      as twice the initialInterval. If unspecified, requests will
+                      be retried immediately. The value of initialInterval should
+                      be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+                    x-kubernetes-int-or-string: true
+                type: object
+              stripPrefix:
+                description: 'StripPrefix holds the strip prefix middleware configuration.
+                  This middleware removes the specified prefixes from the URL path.
+                  More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
+                properties:
+                  forceSlash:
+                    description: 'ForceSlash ensures that the resulting stripped path
+                      is not the empty string, by replacing it with / when necessary.
+                      Default: true.'
+                    type: boolean
+                  prefixes:
+                    description: Prefixes defines the prefixes to strip from the request
+                      URL.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              stripPrefixRegex:
+                description: 'StripPrefixRegex holds the strip prefix regex middleware
+                  configuration. This middleware removes the matching prefixes from
+                  the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefixregex/'
+                properties:
+                  regex:
+                    description: Regex defines the regular expression to match the
+                      path prefix from the request URL.
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.containo.us_middlewaretcps.yaml

@@ -0,0 +1,72 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: middlewaretcps.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: MiddlewareTCP
+    listKind: MiddlewareTCPList
+    plural: middlewaretcps
+    singular: middlewaretcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+          More info: https://doc.traefik.io/traefik/v2.9/middlewares/overview/'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
+            properties:
+              inFlightConn:
+                description: InFlightConn defines the InFlightConn middleware configuration.
+                properties:
+                  amount:
+                    description: Amount defines the maximum amount of allowed simultaneous
+                      connections. The middleware closes the connection if there are
+                      already amount connections opened.
+                    format: int64
+                    type: integer
+                type: object
+              ipWhiteList:
+                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                properties:
+                  sourceRange:
+                    description: SourceRange defines the allowed IPs (or ranges of
+                      allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.containo.us_serverstransports.yaml

@@ -0,0 +1,128 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: serverstransports.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: ServersTransport
+    listKind: ServersTransportList
+    plural: serverstransports
+    singular: serverstransport
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'ServersTransport is the CRD implementation of a ServersTransport.
+          If no serversTransport is specified, the default@internal will be used.
+          The default@internal serversTransport is created from the static configuration.
+          More info: https://doc.traefik.io/traefik/v2.9/routing/services/#serverstransport_1'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ServersTransportSpec defines the desired state of a ServersTransport.
+            properties:
+              certificatesSecrets:
+                description: CertificatesSecrets defines a list of secret storing
+                  client certificates for mTLS.
+                items:
+                  type: string
+                type: array
+              disableHTTP2:
+                description: DisableHTTP2 disables HTTP/2 for connections with backend
+                  servers.
+                type: boolean
+              forwardingTimeouts:
+                description: ForwardingTimeouts defines the timeouts for requests
+                  forwarded to the backend servers.
+                properties:
+                  dialTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: DialTimeout is the amount of time to wait until a
+                      connection to a backend server can be established.
+                    x-kubernetes-int-or-string: true
+                  idleConnTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: IdleConnTimeout is the maximum period for which an
+                      idle HTTP keep-alive connection will remain open before closing
+                      itself.
+                    x-kubernetes-int-or-string: true
+                  pingTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: PingTimeout is the timeout after which the HTTP/2
+                      connection will be closed if a response to ping is not received.
+                    x-kubernetes-int-or-string: true
+                  readIdleTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: ReadIdleTimeout is the timeout after which a health
+                      check using ping frame will be carried out if no frame is received
+                      on the HTTP/2 connection.
+                    x-kubernetes-int-or-string: true
+                  responseHeaderTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: ResponseHeaderTimeout is the amount of time to wait
+                      for a server's response headers after fully writing the request
+                      (including its body, if any).
+                    x-kubernetes-int-or-string: true
+                type: object
+              insecureSkipVerify:
+                description: InsecureSkipVerify disables SSL certificate verification.
+                type: boolean
+              maxIdleConnsPerHost:
+                description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
+                  to keep per-host.
+                type: integer
+              peerCertURI:
+                description: PeerCertURI defines the peer cert URI used to match against
+                  SAN URI during the peer certificate verification.
+                type: string
+              rootCAsSecrets:
+                description: RootCAsSecrets defines a list of CA secret used to validate
+                  self-signed certificate.
+                items:
+                  type: string
+                type: array
+              serverName:
+                description: ServerName defines the server name used to contact the
+                  server.
+                type: string
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.containo.us_tlsoptions.yaml

@@ -0,0 +1,113 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: tlsoptions.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: TLSOption
+    listKind: TLSOptionList
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
+          allowing to configure some parameters of the TLS connection. More info:
+          https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSOptionSpec defines the desired state of a TLSOption.
+            properties:
+              alpnProtocols:
+                description: 'ALPNProtocols defines the list of supported application
+                  level protocols for the TLS handshake, in order of preference. More
+                  info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols'
+                items:
+                  type: string
+                type: array
+              cipherSuites:
+                description: 'CipherSuites defines the list of supported cipher suites
+                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#cipher-suites'
+                items:
+                  type: string
+                type: array
+              clientAuth:
+                description: ClientAuth defines the server's policy for TLS Client
+                  Authentication.
+                properties:
+                  clientAuthType:
+                    description: ClientAuthType defines the client authentication
+                      type to apply.
+                    enum:
+                    - NoClientCert
+                    - RequestClientCert
+                    - RequireAnyClientCert
+                    - VerifyClientCertIfGiven
+                    - RequireAndVerifyClientCert
+                    type: string
+                  secretNames:
+                    description: SecretNames defines the names of the referenced Kubernetes
+                      Secret storing certificate details.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              curvePreferences:
+                description: 'CurvePreferences defines the preferred elliptic curves
+                  in a specific order. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#curve-preferences'
+                items:
+                  type: string
+                type: array
+              maxVersion:
+                description: 'MaxVersion defines the maximum TLS version that Traefik
+                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+                  VersionTLS13. Default: None.'
+                type: string
+              minVersion:
+                description: 'MinVersion defines the minimum TLS version that Traefik
+                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+                  VersionTLS13. Default: VersionTLS10.'
+                type: string
+              preferServerCipherSuites:
+                description: 'PreferServerCipherSuites defines whether the server
+                  chooses a cipher suite among his own instead of among the client''s.
+                  It is enabled automatically when minVersion or maxVersion is set.
+                  Deprecated: https://github.com/golang/go/issues/45430'
+                type: boolean
+              sniStrict:
+                description: SniStrict defines whether Traefik allows connections
+                  from clients connections that do not specify a server_name extension.
+                type: boolean
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.containo.us_tlsstores.yaml

@@ -0,0 +1,99 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: tlsstores.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: TLSStore
+    listKind: TLSStoreList
+    plural: tlsstores
+    singular: tlsstore
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
+          the time being, only the TLSStore named default is supported. This means
+          that you cannot have two stores that are named default in different Kubernetes
+          namespaces. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#certificates-stores'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSStoreSpec defines the desired state of a TLSStore.
+            properties:
+              certificates:
+                description: Certificates is a list of secret names, each secret holding
+                  a key/certificate pair to add to the store.
+                items:
+                  description: Certificate holds a secret name for the TLSStore resource.
+                  properties:
+                    secretName:
+                      description: SecretName is the name of the referenced Kubernetes
+                        Secret to specify the certificate details.
+                      type: string
+                  required:
+                  - secretName
+                  type: object
+                type: array
+              defaultCertificate:
+                description: DefaultCertificate defines the default certificate configuration.
+                properties:
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                required:
+                - secretName
+                type: object
+              defaultGeneratedCert:
+                description: DefaultGeneratedCert defines the default generated certificate
+                  configuration.
+                properties:
+                  domain:
+                    description: Domain is the domain definition for the DefaultCertificate.
+                    properties:
+                      main:
+                        description: Main defines the main domain name.
+                        type: string
+                      sans:
+                        description: SANs defines the subject alternative domain names.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  resolver:
+                    description: Resolver is the name of the resolver that will be
+                      used to issue the DefaultCertificate.
+                    type: string
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.containo.us_traefikservices.yaml

@@ -0,0 +1,381 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: traefikservices.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: TraefikService
+    listKind: TraefikServiceList
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TraefikService is the CRD implementation of a Traefik Service.
+          TraefikService object allows to: - Apply weight to Services on load-balancing
+          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-traefikservice'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TraefikServiceSpec defines the desired state of a TraefikService.
+            properties:
+              mirroring:
+                description: Mirroring defines the Mirroring service configuration.
+                properties:
+                  kind:
+                    description: Kind defines the kind of the Service.
+                    enum:
+                    - Service
+                    - TraefikService
+                    type: string
+                  maxBodySize:
+                    description: MaxBodySize defines the maximum size allowed for
+                      the body of the request. If the body is larger, the request
+                      is not mirrored. Default value is -1, which means unlimited
+                      size.
+                    format: int64
+                    type: integer
+                  mirrors:
+                    description: Mirrors defines the list of mirrors where Traefik
+                      will duplicate the traffic.
+                    items:
+                      description: MirrorService holds the mirror configuration.
+                      properties:
+                        kind:
+                          description: Kind defines the kind of the Service.
+                          enum:
+                          - Service
+                          - TraefikService
+                          type: string
+                        name:
+                          description: Name defines the name of the referenced Kubernetes
+                            Service or TraefikService. The differentiation between
+                            the two is specified in the Kind field.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Kubernetes Service or TraefikService.
+                          type: string
+                        passHostHeader:
+                          description: PassHostHeader defines whether the client Host
+                            header is forwarded to the upstream Kubernetes Service.
+                            By default, passHostHeader is true.
+                          type: boolean
+                        percent:
+                          description: 'Percent defines the part of the traffic to
+                            mirror. Supported values: 0 to 100.'
+                          type: integer
+                        port:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: Port defines the port of a Kubernetes Service.
+                            This can be a reference to a named port.
+                          x-kubernetes-int-or-string: true
+                        responseForwarding:
+                          description: ResponseForwarding defines how Traefik forwards
+                            the response from the upstream Kubernetes Service to the
+                            client.
+                          properties:
+                            flushInterval:
+                              description: 'FlushInterval defines the interval, in
+                                milliseconds, in between flushes to the client while
+                                copying the response body. A negative value means
+                                to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes
+                                a response as a streaming response; for such responses,
+                                writes are flushed to the client immediately. Default:
+                                100ms'
+                              type: string
+                          type: object
+                        scheme:
+                          description: Scheme defines the scheme to use for the request
+                            to the upstream Kubernetes Service. It defaults to https
+                            when Kubernetes Service port is 443, http otherwise.
+                          type: string
+                        serversTransport:
+                          description: ServersTransport defines the name of ServersTransport
+                            resource to use. It allows to configure the transport
+                            between Traefik and your servers. Can only be used on
+                            a Kubernetes Service.
+                          type: string
+                        sticky:
+                          description: 'Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                          properties:
+                            cookie:
+                              description: Cookie defines the sticky cookie configuration.
+                              properties:
+                                httpOnly:
+                                  description: HTTPOnly defines whether the cookie
+                                    can be accessed by client-side APIs, such as JavaScript.
+                                  type: boolean
+                                name:
+                                  description: Name defines the Cookie name.
+                                  type: string
+                                sameSite:
+                                  description: 'SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  type: string
+                                secure:
+                                  description: Secure defines whether the cookie can
+                                    only be transmitted over an encrypted connection
+                                    (i.e. HTTPS).
+                                  type: boolean
+                              type: object
+                          type: object
+                        strategy:
+                          description: Strategy defines the load balancing strategy
+                            between the servers. RoundRobin is the only supported
+                            value at the moment.
+                          type: string
+                        weight:
+                          description: Weight defines the weight and should only be
+                            specified when Name references a TraefikService object
+                            (and to be precise, one that embeds a Weighted Round Robin).
+                          type: integer
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  name:
+                    description: Name defines the name of the referenced Kubernetes
+                      Service or TraefikService. The differentiation between the two
+                      is specified in the Kind field.
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the referenced
+                      Kubernetes Service or TraefikService.
+                    type: string
+                  passHostHeader:
+                    description: PassHostHeader defines whether the client Host header
+                      is forwarded to the upstream Kubernetes Service. By default,
+                      passHostHeader is true.
+                    type: boolean
+                  port:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: Port defines the port of a Kubernetes Service. This
+                      can be a reference to a named port.
+                    x-kubernetes-int-or-string: true
+                  responseForwarding:
+                    description: ResponseForwarding defines how Traefik forwards the
+                      response from the upstream Kubernetes Service to the client.
+                    properties:
+                      flushInterval:
+                        description: 'FlushInterval defines the interval, in milliseconds,
+                          in between flushes to the client while copying the response
+                          body. A negative value means to flush immediately after
+                          each write to the client. This configuration is ignored
+                          when ReverseProxy recognizes a response as a streaming response;
+                          for such responses, writes are flushed to the client immediately.
+                          Default: 100ms'
+                        type: string
+                    type: object
+                  scheme:
+                    description: Scheme defines the scheme to use for the request
+                      to the upstream Kubernetes Service. It defaults to https when
+                      Kubernetes Service port is 443, http otherwise.
+                    type: string
+                  serversTransport:
+                    description: ServersTransport defines the name of ServersTransport
+                      resource to use. It allows to configure the transport between
+                      Traefik and your servers. Can only be used on a Kubernetes Service.
+                    type: string
+                  sticky:
+                    description: 'Sticky defines the sticky sessions configuration.
+                      More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                    properties:
+                      cookie:
+                        description: Cookie defines the sticky cookie configuration.
+                        properties:
+                          httpOnly:
+                            description: HTTPOnly defines whether the cookie can be
+                              accessed by client-side APIs, such as JavaScript.
+                            type: boolean
+                          name:
+                            description: Name defines the Cookie name.
+                            type: string
+                          sameSite:
+                            description: 'SameSite defines the same site policy. More
+                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            type: string
+                          secure:
+                            description: Secure defines whether the cookie can only
+                              be transmitted over an encrypted connection (i.e. HTTPS).
+                            type: boolean
+                        type: object
+                    type: object
+                  strategy:
+                    description: Strategy defines the load balancing strategy between
+                      the servers. RoundRobin is the only supported value at the moment.
+                    type: string
+                  weight:
+                    description: Weight defines the weight and should only be specified
+                      when Name references a TraefikService object (and to be precise,
+                      one that embeds a Weighted Round Robin).
+                    type: integer
+                required:
+                - name
+                type: object
+              weighted:
+                description: Weighted defines the Weighted Round Robin configuration.
+                properties:
+                  services:
+                    description: Services defines the list of Kubernetes Service and/or
+                      TraefikService to load-balance, with weight.
+                    items:
+                      description: Service defines an upstream HTTP service to proxy
+                        traffic to.
+                      properties:
+                        kind:
+                          description: Kind defines the kind of the Service.
+                          enum:
+                          - Service
+                          - TraefikService
+                          type: string
+                        name:
+                          description: Name defines the name of the referenced Kubernetes
+                            Service or TraefikService. The differentiation between
+                            the two is specified in the Kind field.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Kubernetes Service or TraefikService.
+                          type: string
+                        passHostHeader:
+                          description: PassHostHeader defines whether the client Host
+                            header is forwarded to the upstream Kubernetes Service.
+                            By default, passHostHeader is true.
+                          type: boolean
+                        port:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: Port defines the port of a Kubernetes Service.
+                            This can be a reference to a named port.
+                          x-kubernetes-int-or-string: true
+                        responseForwarding:
+                          description: ResponseForwarding defines how Traefik forwards
+                            the response from the upstream Kubernetes Service to the
+                            client.
+                          properties:
+                            flushInterval:
+                              description: 'FlushInterval defines the interval, in
+                                milliseconds, in between flushes to the client while
+                                copying the response body. A negative value means
+                                to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes
+                                a response as a streaming response; for such responses,
+                                writes are flushed to the client immediately. Default:
+                                100ms'
+                              type: string
+                          type: object
+                        scheme:
+                          description: Scheme defines the scheme to use for the request
+                            to the upstream Kubernetes Service. It defaults to https
+                            when Kubernetes Service port is 443, http otherwise.
+                          type: string
+                        serversTransport:
+                          description: ServersTransport defines the name of ServersTransport
+                            resource to use. It allows to configure the transport
+                            between Traefik and your servers. Can only be used on
+                            a Kubernetes Service.
+                          type: string
+                        sticky:
+                          description: 'Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+                          properties:
+                            cookie:
+                              description: Cookie defines the sticky cookie configuration.
+                              properties:
+                                httpOnly:
+                                  description: HTTPOnly defines whether the cookie
+                                    can be accessed by client-side APIs, such as JavaScript.
+                                  type: boolean
+                                name:
+                                  description: Name defines the Cookie name.
+                                  type: string
+                                sameSite:
+                                  description: 'SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  type: string
+                                secure:
+                                  description: Secure defines whether the cookie can
+                                    only be transmitted over an encrypted connection
+                                    (i.e. HTTPS).
+                                  type: boolean
+                              type: object
+                          type: object
+                        strategy:
+                          description: Strategy defines the load balancing strategy
+                            between the servers. RoundRobin is the only supported
+                            value at the moment.
+                          type: string
+                        weight:
+                          description: Weight defines the weight and should only be
+                            specified when Name references a TraefikService object
+                            (and to be precise, one that embeds a Weighted Round Robin).
+                          type: integer
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  sticky:
+                    description: 'Sticky defines whether sticky sessions are enabled.
+                      More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                    properties:
+                      cookie:
+                        description: Cookie defines the sticky cookie configuration.
+                        properties:
+                          httpOnly:
+                            description: HTTPOnly defines whether the cookie can be
+                              accessed by client-side APIs, such as JavaScript.
+                            type: boolean
+                          name:
+                            description: Name defines the Cookie name.
+                            type: string
+                          sameSite:
+                            description: 'SameSite defines the same site policy. More
+                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            type: string
+                          secure:
+                            description: Secure defines whether the cookie can only
+                              be transmitted over an encrypted connection (i.e. HTTPS).
+                            type: boolean
+                        type: object
+                    type: object
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.io_ingressroutes.yaml

@@ -0,0 +1,275 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutes.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: IngressRoute
+    listKind: IngressRouteList
+    plural: ingressroutes
+    singular: ingressroute
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteSpec defines the desired state of IngressRoute.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: Route holds the HTTP route configuration.
+                  properties:
+                    kind:
+                      description: Kind defines the kind of the route. Rule is the
+                        only supported kind.
+                      enum:
+                      - Rule
+                      type: string
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
+                      type: string
+                    middlewares:
+                      description: 'Middlewares defines the list of references to
+                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
+                      items:
+                        description: MiddlewareRef is a reference to a Middleware
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Middleware
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Middleware resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
+                      type: integer
+                    services:
+                      description: Services defines the list of Service. It can contain
+                        any combination of TraefikService and/or reference to a Kubernetes
+                        Service.
+                      items:
+                        description: Service defines an upstream HTTP service to proxy
+                          traffic to.
+                        properties:
+                          kind:
+                            description: Kind defines the kind of the Service.
+                            enum:
+                            - Service
+                            - TraefikService
+                            type: string
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service or TraefikService. The differentiation between
+                              the two is specified in the Kind field.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service or TraefikService.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          passHostHeader:
+                            description: PassHostHeader defines whether the client
+                              Host header is forwarded to the upstream Kubernetes
+                              Service. By default, passHostHeader is true.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          responseForwarding:
+                            description: ResponseForwarding defines how Traefik forwards
+                              the response from the upstream Kubernetes Service to
+                              the client.
+                            properties:
+                              flushInterval:
+                                description: 'FlushInterval defines the interval,
+                                  in milliseconds, in between flushes to the client
+                                  while copying the response body. A negative value
+                                  means to flush immediately after each write to the
+                                  client. This configuration is ignored when ReverseProxy
+                                  recognizes a response as a streaming response; for
+                                  such responses, writes are flushed to the client
+                                  immediately. Default: 100ms'
+                                type: string
+                            type: object
+                          scheme:
+                            description: Scheme defines the scheme to use for the
+                              request to the upstream Kubernetes Service. It defaults
+                              to https when Kubernetes Service port is 443, http otherwise.
+                            type: string
+                          serversTransport:
+                            description: ServersTransport defines the name of ServersTransport
+                              resource to use. It allows to configure the transport
+                              between Traefik and your servers. Can only be used on
+                              a Kubernetes Service.
+                            type: string
+                          sticky:
+                            description: 'Sticky defines the sticky sessions configuration.
+                              More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                            properties:
+                              cookie:
+                                description: Cookie defines the sticky cookie configuration.
+                                properties:
+                                  httpOnly:
+                                    description: HTTPOnly defines whether the cookie
+                                      can be accessed by client-side APIs, such as
+                                      JavaScript.
+                                    type: boolean
+                                  name:
+                                    description: Name defines the Cookie name.
+                                    type: string
+                                  sameSite:
+                                    description: 'SameSite defines the same site policy.
+                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                    type: string
+                                  secure:
+                                    description: Secure defines whether the cookie
+                                      can only be transmitted over an encrypted connection
+                                      (i.e. HTTPS).
+                                    type: boolean
+                                type: object
+                            type: object
+                          strategy:
+                            description: Strategy defines the load balancing strategy
+                              between the servers. RoundRobin is the only supported
+                              value at the moment.
+                            type: string
+                          weight:
+                            description: Weight defines the weight and should only
+                              be specified when Name references a TraefikService object
+                              (and to be precise, one that embeds a Weighted Round
+                              Robin).
+                            type: integer
+                        required:
+                        - name
+                        type: object
+                      type: array
+                  required:
+                  - kind
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.io_ingressroutetcps.yaml

@@ -0,0 +1,218 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutetcps.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: IngressRouteTCP
+    listKind: IngressRouteTCPList
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteTCP holds the TCP route configuration.
+                  properties:
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
+                      type: string
+                    middlewares:
+                      description: Middlewares defines the list of references to MiddlewareTCP
+                        resources.
+                      items:
+                        description: ObjectReference is a generic reference to a Traefik
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Traefik
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Traefik resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
+                      type: integer
+                    services:
+                      description: Services defines the list of TCP services.
+                      items:
+                        description: ServiceTCP defines an upstream TCP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          proxyProtocol:
+                            description: 'ProxyProtocol defines the PROXY protocol
+                              configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
+                            properties:
+                              version:
+                                description: Version defines the PROXY Protocol version
+                                  to use.
+                                type: integer
+                            type: object
+                          terminationDelay:
+                            description: TerminationDelay defines the deadline that
+                              the proxy sets, after one of its connected peers indicates
+                              it has closed the writing capability of its connection,
+                              to close the reading capability as well, hence fully
+                              terminating the connection. It is a duration in milliseconds,
+                              defaulting to 100. A negative value means an infinite
+                              deadline (i.e. the reading capability is never closed).
+                            type: integer
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  required:
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration on a layer 4 / TCP
+                  Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  passthrough:
+                    description: Passthrough defines whether a TLS router will terminate
+                      the TLS connection.
+                    type: boolean
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.io_ingressrouteudps.yaml

@@ -0,0 +1,105 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressrouteudps.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: IngressRouteUDP
+    listKind: IngressRouteUDPList
+    plural: ingressrouteudps
+    singular: ingressrouteudp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteUDP holds the UDP route configuration.
+                  properties:
+                    services:
+                      description: Services defines the list of UDP services.
+                      items:
+                        description: ServiceUDP defines an upstream UDP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  type: object
+                type: array
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.io_middlewares.yaml

@@ -0,0 +1,924 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: middlewares.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: Middleware
+    listKind: MiddlewareList
+    plural: middlewares
+    singular: middleware
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'Middleware is the CRD implementation of a Traefik Middleware.
+          More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MiddlewareSpec defines the desired state of a Middleware.
+            properties:
+              addPrefix:
+                description: 'AddPrefix holds the add prefix middleware configuration.
+                  This middleware updates the path of a request before forwarding
+                  it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
+                properties:
+                  prefix:
+                    description: Prefix is the string to add before the current path
+                      in the requested URL. It should include a leading slash (/).
+                    type: string
+                type: object
+              basicAuth:
+                description: 'BasicAuth holds the basic auth middleware configuration.
+                  This middleware restricts access to your services to known users.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
+                properties:
+                  headerField:
+                    description: 'HeaderField defines a header field to store the
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    type: string
+                  realm:
+                    description: 'Realm allows the protected resources on a server
+                      to be partitioned into a set of protection spaces, each with
+                      its own authentication scheme. Default: traefik.'
+                    type: string
+                  removeHeader:
+                    description: 'RemoveHeader sets the removeHeader option to true
+                      to remove the authorization header before forwarding the request
+                      to your service. Default: false.'
+                    type: boolean
+                  secret:
+                    description: Secret is the name of the referenced Kubernetes Secret
+                      containing user credentials.
+                    type: string
+                type: object
+              buffering:
+                description: 'Buffering holds the buffering middleware configuration.
+                  This middleware retries or limits the size of requests that can
+                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
+                properties:
+                  maxRequestBodyBytes:
+                    description: 'MaxRequestBodyBytes defines the maximum allowed
+                      body size for the request (in bytes). If the request exceeds
+                      the allowed size, it is not forwarded to the service, and the
+                      client gets a 413 (Request Entity Too Large) response. Default:
+                      0 (no maximum).'
+                    format: int64
+                    type: integer
+                  maxResponseBodyBytes:
+                    description: 'MaxResponseBodyBytes defines the maximum allowed
+                      response size from the service (in bytes). If the response exceeds
+                      the allowed size, it is not forwarded to the client. The client
+                      gets a 500 (Internal Server Error) response instead. Default:
+                      0 (no maximum).'
+                    format: int64
+                    type: integer
+                  memRequestBodyBytes:
+                    description: 'MemRequestBodyBytes defines the threshold (in bytes)
+                      from which the request will be buffered on disk instead of in
+                      memory. Default: 1048576 (1Mi).'
+                    format: int64
+                    type: integer
+                  memResponseBodyBytes:
+                    description: 'MemResponseBodyBytes defines the threshold (in bytes)
+                      from which the response will be buffered on disk instead of
+                      in memory. Default: 1048576 (1Mi).'
+                    format: int64
+                    type: integer
+                  retryExpression:
+                    description: 'RetryExpression defines the retry conditions. It
+                      is a logical combination of functions with operators AND (&&)
+                      and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
+                    type: string
+                type: object
+              chain:
+                description: 'Chain holds the configuration of the chain middleware.
+                  This middleware enables to define reusable combinations of other
+                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
+                properties:
+                  middlewares:
+                    description: Middlewares is the list of MiddlewareRef which composes
+                      the chain.
+                    items:
+                      description: MiddlewareRef is a reference to a Middleware resource.
+                      properties:
+                        name:
+                          description: Name defines the name of the referenced Middleware
+                            resource.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Middleware resource.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              circuitBreaker:
+                description: CircuitBreaker holds the circuit breaker configuration.
+                properties:
+                  checkPeriod:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: CheckPeriod is the interval between successive checks
+                      of the circuit breaker condition (when in standby state).
+                    x-kubernetes-int-or-string: true
+                  expression:
+                    description: Expression is the condition that triggers the tripped
+                      state.
+                    type: string
+                  fallbackDuration:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: FallbackDuration is the duration for which the circuit
+                      breaker will wait before trying to recover (from a tripped state).
+                    x-kubernetes-int-or-string: true
+                  recoveryDuration:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: RecoveryDuration is the duration for which the circuit
+                      breaker will try to recover (as soon as it is in recovering
+                      state).
+                    x-kubernetes-int-or-string: true
+                type: object
+              compress:
+                description: 'Compress holds the compress middleware configuration.
+                  This middleware compresses responses before sending them to the
+                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
+                properties:
+                  excludedContentTypes:
+                    description: ExcludedContentTypes defines the list of content
+                      types to compare the Content-Type header of the incoming requests
+                      and responses before compressing.
+                    items:
+                      type: string
+                    type: array
+                  minResponseBodyBytes:
+                    description: 'MinResponseBodyBytes defines the minimum amount
+                      of bytes a response body must have to be compressed. Default:
+                      1024.'
+                    type: integer
+                type: object
+              contentType:
+                description: ContentType holds the content-type middleware configuration.
+                  This middleware exists to enable the correct behavior until at least
+                  the default one can be changed in a future version.
+                properties:
+                  autoDetect:
+                    description: AutoDetect specifies whether to let the `Content-Type`
+                      header, if it has not been set by the backend, be automatically
+                      set to a value derived from the contents of the response. As
+                      a proxy, the default behavior should be to leave the header
+                      alone, regardless of what the backend did with it. However,
+                      the historic default was to always auto-detect and set the header
+                      if it was nil, and it is going to be kept that way in order
+                      to support users currently relying on it.
+                    type: boolean
+                type: object
+              digestAuth:
+                description: 'DigestAuth holds the digest auth middleware configuration.
+                  This middleware restricts access to your services to known users.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
+                properties:
+                  headerField:
+                    description: 'HeaderField defines a header field to store the
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    type: string
+                  realm:
+                    description: 'Realm allows the protected resources on a server
+                      to be partitioned into a set of protection spaces, each with
+                      its own authentication scheme. Default: traefik.'
+                    type: string
+                  removeHeader:
+                    description: RemoveHeader defines whether to remove the authorization
+                      header before forwarding the request to the backend.
+                    type: boolean
+                  secret:
+                    description: Secret is the name of the referenced Kubernetes Secret
+                      containing user credentials.
+                    type: string
+                type: object
+              errors:
+                description: 'ErrorPage holds the custom error middleware configuration.
+                  This middleware returns a custom page in lieu of the default, according
+                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
+                properties:
+                  query:
+                    description: Query defines the URL for the error page (hosted
+                      by service). The {status} variable can be used in order to insert
+                      the status code in the URL.
+                    type: string
+                  service:
+                    description: 'Service defines the reference to a Kubernetes Service
+                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
+                    properties:
+                      kind:
+                        description: Kind defines the kind of the Service.
+                        enum:
+                        - Service
+                        - TraefikService
+                        type: string
+                      name:
+                        description: Name defines the name of the referenced Kubernetes
+                          Service or TraefikService. The differentiation between the
+                          two is specified in the Kind field.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Kubernetes Service or TraefikService.
+                        type: string
+                      nativeLB:
+                        description: NativeLB controls, when creating the load-balancer,
+                          whether the LB's children are directly the pods IPs or if
+                          the only child is the Kubernetes Service clusterIP. The
+                          Kubernetes Service itself does load-balance to the pods.
+                          By default, NativeLB is false.
+                        type: boolean
+                      passHostHeader:
+                        description: PassHostHeader defines whether the client Host
+                          header is forwarded to the upstream Kubernetes Service.
+                          By default, passHostHeader is true.
+                        type: boolean
+                      port:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: Port defines the port of a Kubernetes Service.
+                          This can be a reference to a named port.
+                        x-kubernetes-int-or-string: true
+                      responseForwarding:
+                        description: ResponseForwarding defines how Traefik forwards
+                          the response from the upstream Kubernetes Service to the
+                          client.
+                        properties:
+                          flushInterval:
+                            description: 'FlushInterval defines the interval, in milliseconds,
+                              in between flushes to the client while copying the response
+                              body. A negative value means to flush immediately after
+                              each write to the client. This configuration is ignored
+                              when ReverseProxy recognizes a response as a streaming
+                              response; for such responses, writes are flushed to
+                              the client immediately. Default: 100ms'
+                            type: string
+                        type: object
+                      scheme:
+                        description: Scheme defines the scheme to use for the request
+                          to the upstream Kubernetes Service. It defaults to https
+                          when Kubernetes Service port is 443, http otherwise.
+                        type: string
+                      serversTransport:
+                        description: ServersTransport defines the name of ServersTransport
+                          resource to use. It allows to configure the transport between
+                          Traefik and your servers. Can only be used on a Kubernetes
+                          Service.
+                        type: string
+                      sticky:
+                        description: 'Sticky defines the sticky sessions configuration.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                        properties:
+                          cookie:
+                            description: Cookie defines the sticky cookie configuration.
+                            properties:
+                              httpOnly:
+                                description: HTTPOnly defines whether the cookie can
+                                  be accessed by client-side APIs, such as JavaScript.
+                                type: boolean
+                              name:
+                                description: Name defines the Cookie name.
+                                type: string
+                              sameSite:
+                                description: 'SameSite defines the same site policy.
+                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                type: string
+                              secure:
+                                description: Secure defines whether the cookie can
+                                  only be transmitted over an encrypted connection
+                                  (i.e. HTTPS).
+                                type: boolean
+                            type: object
+                        type: object
+                      strategy:
+                        description: Strategy defines the load balancing strategy
+                          between the servers. RoundRobin is the only supported value
+                          at the moment.
+                        type: string
+                      weight:
+                        description: Weight defines the weight and should only be
+                          specified when Name references a TraefikService object (and
+                          to be precise, one that embeds a Weighted Round Robin).
+                        type: integer
+                    required:
+                    - name
+                    type: object
+                  status:
+                    description: Status defines which status or range of statuses
+                      should result in an error page. It can be either a status code
+                      as a number (500), as multiple comma-separated numbers (500,502),
+                      as ranges by separating two codes with a dash (500-599), or
+                      a combination of the two (404,418,500-599).
+                    items:
+                      type: string
+                    type: array
+                type: object
+              forwardAuth:
+                description: 'ForwardAuth holds the forward auth middleware configuration.
+                  This middleware delegates the request authentication to a Service.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
+                properties:
+                  address:
+                    description: Address defines the authentication server address.
+                    type: string
+                  authRequestHeaders:
+                    description: AuthRequestHeaders defines the list of the headers
+                      to copy from the request to the authentication server. If not
+                      set or empty then all request headers are passed.
+                    items:
+                      type: string
+                    type: array
+                  authResponseHeaders:
+                    description: AuthResponseHeaders defines the list of headers to
+                      copy from the authentication server response and set on forwarded
+                      request, replacing any existing conflicting headers.
+                    items:
+                      type: string
+                    type: array
+                  authResponseHeadersRegex:
+                    description: 'AuthResponseHeadersRegex defines the regex to match
+                      headers to copy from the authentication server response and
+                      set on forwarded request, after stripping all headers that match
+                      the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
+                    type: string
+                  tls:
+                    description: TLS defines the configuration used to secure the
+                      connection to the authentication server.
+                    properties:
+                      caOptional:
+                        type: boolean
+                      caSecret:
+                        description: CASecret is the name of the referenced Kubernetes
+                          Secret containing the CA to validate the server certificate.
+                          The CA certificate is extracted from key `tls.ca` or `ca.crt`.
+                        type: string
+                      certSecret:
+                        description: CertSecret is the name of the referenced Kubernetes
+                          Secret containing the client certificate. The client certificate
+                          is extracted from the keys `tls.crt` and `tls.key`.
+                        type: string
+                      insecureSkipVerify:
+                        description: InsecureSkipVerify defines whether the server
+                          certificates should be validated.
+                        type: boolean
+                    type: object
+                  trustForwardHeader:
+                    description: 'TrustForwardHeader defines whether to trust (ie:
+                      forward) all X-Forwarded-* headers.'
+                    type: boolean
+                type: object
+              headers:
+                description: 'Headers holds the headers middleware configuration.
+                  This middleware manages the requests and responses headers. More
+                  info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
+                properties:
+                  accessControlAllowCredentials:
+                    description: AccessControlAllowCredentials defines whether the
+                      request can include user credentials.
+                    type: boolean
+                  accessControlAllowHeaders:
+                    description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowMethods:
+                    description: AccessControlAllowMethods defines the Access-Control-Request-Method
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowOriginList:
+                    description: AccessControlAllowOriginList is a list of allowable
+                      origins. Can also be a wildcard origin "*".
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowOriginListRegex:
+                    description: AccessControlAllowOriginListRegex is a list of allowable
+                      origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
+                    items:
+                      type: string
+                    type: array
+                  accessControlExposeHeaders:
+                    description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlMaxAge:
+                    description: AccessControlMaxAge defines the time that a preflight
+                      request may be cached.
+                    format: int64
+                    type: integer
+                  addVaryHeader:
+                    description: AddVaryHeader defines whether the Vary header is
+                      automatically added/updated when the AccessControlAllowOriginList
+                      is set.
+                    type: boolean
+                  allowedHosts:
+                    description: AllowedHosts defines the fully qualified list of
+                      allowed domain names.
+                    items:
+                      type: string
+                    type: array
+                  browserXssFilter:
+                    description: BrowserXSSFilter defines whether to add the X-XSS-Protection
+                      header with the value 1; mode=block.
+                    type: boolean
+                  contentSecurityPolicy:
+                    description: ContentSecurityPolicy defines the Content-Security-Policy
+                      header value.
+                    type: string
+                  contentTypeNosniff:
+                    description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
+                      header with the nosniff value.
+                    type: boolean
+                  customBrowserXSSValue:
+                    description: CustomBrowserXSSValue defines the X-XSS-Protection
+                      header value. This overrides the BrowserXssFilter option.
+                    type: string
+                  customFrameOptionsValue:
+                    description: CustomFrameOptionsValue defines the X-Frame-Options
+                      header value. This overrides the FrameDeny option.
+                    type: string
+                  customRequestHeaders:
+                    additionalProperties:
+                      type: string
+                    description: CustomRequestHeaders defines the header names and
+                      values to apply to the request.
+                    type: object
+                  customResponseHeaders:
+                    additionalProperties:
+                      type: string
+                    description: CustomResponseHeaders defines the header names and
+                      values to apply to the response.
+                    type: object
+                  featurePolicy:
+                    description: 'Deprecated: use PermissionsPolicy instead.'
+                    type: string
+                  forceSTSHeader:
+                    description: ForceSTSHeader defines whether to add the STS header
+                      even when the connection is HTTP.
+                    type: boolean
+                  frameDeny:
+                    description: FrameDeny defines whether to add the X-Frame-Options
+                      header with the DENY value.
+                    type: boolean
+                  hostsProxyHeaders:
+                    description: HostsProxyHeaders defines the header keys that may
+                      hold a proxied hostname value for the request.
+                    items:
+                      type: string
+                    type: array
+                  isDevelopment:
+                    description: IsDevelopment defines whether to mitigate the unwanted
+                      effects of the AllowedHosts, SSL, and STS options when developing.
+                      Usually testing takes place using HTTP, not HTTPS, and on localhost,
+                      not your production domain. If you would like your development
+                      environment to mimic production with complete Host blocking,
+                      SSL redirects, and STS headers, leave this as false.
+                    type: boolean
+                  permissionsPolicy:
+                    description: PermissionsPolicy defines the Permissions-Policy
+                      header value. This allows sites to control browser features.
+                    type: string
+                  publicKey:
+                    description: PublicKey is the public key that implements HPKP
+                      to prevent MITM attacks with forged certificates.
+                    type: string
+                  referrerPolicy:
+                    description: ReferrerPolicy defines the Referrer-Policy header
+                      value. This allows sites to control whether browsers forward
+                      the Referer header to other sites.
+                    type: string
+                  sslForceHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
+                    type: boolean
+                  sslHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
+                    type: string
+                  sslProxyHeaders:
+                    additionalProperties:
+                      type: string
+                    description: 'SSLProxyHeaders defines the header keys with associated
+                      values that would indicate a valid HTTPS request. It can be
+                      useful when using other proxies (example: "X-Forwarded-Proto":
+                      "https").'
+                    type: object
+                  sslRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
+                    type: boolean
+                  sslTemporaryRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
+                    type: boolean
+                  stsIncludeSubdomains:
+                    description: STSIncludeSubdomains defines whether the includeSubDomains
+                      directive is appended to the Strict-Transport-Security header.
+                    type: boolean
+                  stsPreload:
+                    description: STSPreload defines whether the preload flag is appended
+                      to the Strict-Transport-Security header.
+                    type: boolean
+                  stsSeconds:
+                    description: STSSeconds defines the max-age of the Strict-Transport-Security
+                      header. If set to 0, the header is not set.
+                    format: int64
+                    type: integer
+                type: object
+              inFlightReq:
+                description: 'InFlightReq holds the in-flight request middleware configuration.
+                  This middleware limits the number of requests being processed and
+                  served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
+                properties:
+                  amount:
+                    description: Amount defines the maximum amount of allowed simultaneous
+                      in-flight request. The middleware responds with HTTP 429 Too
+                      Many Requests if there are already amount requests in progress
+                      (based on the same sourceCriterion strategy).
+                    format: int64
+                    type: integer
+                  sourceCriterion:
+                    description: 'SourceCriterion defines what criterion is used to
+                      group requests as originating from a common source. If several
+                      strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the requestHost. More
+                      info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
+                    properties:
+                      ipStrategy:
+                        description: 'IPStrategy holds the IP strategy configuration
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        properties:
+                          depth:
+                            description: Depth tells Traefik to use the X-Forwarded-For
+                              header and take the IP located at the depth position
+                              (starting from the right).
+                            type: integer
+                          excludedIPs:
+                            description: ExcludedIPs configures Traefik to scan the
+                              X-Forwarded-For header and select the first IP not in
+                              the list.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      requestHeaderName:
+                        description: RequestHeaderName defines the name of the header
+                          used to group incoming requests.
+                        type: string
+                      requestHost:
+                        description: RequestHost defines whether to consider the request
+                          Host as the source.
+                        type: boolean
+                    type: object
+                type: object
+              ipWhiteList:
+                description: 'IPWhiteList holds the IP whitelist middleware configuration.
+                  This middleware accepts / refuses requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
+                properties:
+                  ipStrategy:
+                    description: 'IPStrategy holds the IP strategy configuration used
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                    properties:
+                      depth:
+                        description: Depth tells Traefik to use the X-Forwarded-For
+                          header and take the IP located at the depth position (starting
+                          from the right).
+                        type: integer
+                      excludedIPs:
+                        description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+                          header and select the first IP not in the list.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  sourceRange:
+                    description: SourceRange defines the set of allowed IPs (or ranges
+                      of allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
+              passTLSClientCert:
+                description: 'PassTLSClientCert holds the pass TLS client cert middleware
+                  configuration. This middleware adds the selected data from the passed
+                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
+                properties:
+                  info:
+                    description: Info selects the specific client certificate details
+                      you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                    properties:
+                      issuer:
+                        description: Issuer defines the client certificate issuer
+                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                        properties:
+                          commonName:
+                            description: CommonName defines whether to add the organizationalUnit
+                              information into the issuer.
+                            type: boolean
+                          country:
+                            description: Country defines whether to add the country
+                              information into the issuer.
+                            type: boolean
+                          domainComponent:
+                            description: DomainComponent defines whether to add the
+                              domainComponent information into the issuer.
+                            type: boolean
+                          locality:
+                            description: Locality defines whether to add the locality
+                              information into the issuer.
+                            type: boolean
+                          organization:
+                            description: Organization defines whether to add the organization
+                              information into the issuer.
+                            type: boolean
+                          province:
+                            description: Province defines whether to add the province
+                              information into the issuer.
+                            type: boolean
+                          serialNumber:
+                            description: SerialNumber defines whether to add the serialNumber
+                              information into the issuer.
+                            type: boolean
+                        type: object
+                      notAfter:
+                        description: NotAfter defines whether to add the Not After
+                          information from the Validity part.
+                        type: boolean
+                      notBefore:
+                        description: NotBefore defines whether to add the Not Before
+                          information from the Validity part.
+                        type: boolean
+                      sans:
+                        description: Sans defines whether to add the Subject Alternative
+                          Name information from the Subject Alternative Name part.
+                        type: boolean
+                      serialNumber:
+                        description: SerialNumber defines whether to add the client
+                          serialNumber information.
+                        type: boolean
+                      subject:
+                        description: Subject defines the client certificate subject
+                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                        properties:
+                          commonName:
+                            description: CommonName defines whether to add the organizationalUnit
+                              information into the subject.
+                            type: boolean
+                          country:
+                            description: Country defines whether to add the country
+                              information into the subject.
+                            type: boolean
+                          domainComponent:
+                            description: DomainComponent defines whether to add the
+                              domainComponent information into the subject.
+                            type: boolean
+                          locality:
+                            description: Locality defines whether to add the locality
+                              information into the subject.
+                            type: boolean
+                          organization:
+                            description: Organization defines whether to add the organization
+                              information into the subject.
+                            type: boolean
+                          organizationalUnit:
+                            description: OrganizationalUnit defines whether to add
+                              the organizationalUnit information into the subject.
+                            type: boolean
+                          province:
+                            description: Province defines whether to add the province
+                              information into the subject.
+                            type: boolean
+                          serialNumber:
+                            description: SerialNumber defines whether to add the serialNumber
+                              information into the subject.
+                            type: boolean
+                        type: object
+                    type: object
+                  pem:
+                    description: PEM sets the X-Forwarded-Tls-Client-Cert header with
+                      the certificate.
+                    type: boolean
+                type: object
+              plugin:
+                additionalProperties:
+                  x-kubernetes-preserve-unknown-fields: true
+                description: 'Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/'
+                type: object
+              rateLimit:
+                description: 'RateLimit holds the rate limit configuration. This middleware
+                  ensures that services will receive a fair amount of requests, and
+                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
+                properties:
+                  average:
+                    description: Average is the maximum rate, by default in requests/s,
+                      allowed for the given source. It defaults to 0, which means
+                      no rate limiting. The rate is actually defined by dividing Average
+                      by Period. So for a rate below 1req/s, one needs to define a
+                      Period larger than a second.
+                    format: int64
+                    type: integer
+                  burst:
+                    description: Burst is the maximum number of requests allowed to
+                      arrive in the same arbitrarily small period of time. It defaults
+                      to 1.
+                    format: int64
+                    type: integer
+                  period:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: 'Period, in combination with Average, defines the
+                      actual maximum rate, such as: r = Average / Period. It defaults
+                      to a second.'
+                    x-kubernetes-int-or-string: true
+                  sourceCriterion:
+                    description: SourceCriterion defines what criterion is used to
+                      group requests as originating from a common source. If several
+                      strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the request's remote
+                      address field (as an ipStrategy).
+                    properties:
+                      ipStrategy:
+                        description: 'IPStrategy holds the IP strategy configuration
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        properties:
+                          depth:
+                            description: Depth tells Traefik to use the X-Forwarded-For
+                              header and take the IP located at the depth position
+                              (starting from the right).
+                            type: integer
+                          excludedIPs:
+                            description: ExcludedIPs configures Traefik to scan the
+                              X-Forwarded-For header and select the first IP not in
+                              the list.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      requestHeaderName:
+                        description: RequestHeaderName defines the name of the header
+                          used to group incoming requests.
+                        type: string
+                      requestHost:
+                        description: RequestHost defines whether to consider the request
+                          Host as the source.
+                        type: boolean
+                    type: object
+                type: object
+              redirectRegex:
+                description: 'RedirectRegex holds the redirect regex middleware configuration.
+                  This middleware redirects a request using regex matching and replacement.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
+                properties:
+                  permanent:
+                    description: Permanent defines whether the redirection is permanent
+                      (301).
+                    type: boolean
+                  regex:
+                    description: Regex defines the regex used to match and capture
+                      elements from the request URL.
+                    type: string
+                  replacement:
+                    description: Replacement defines how to modify the URL to have
+                      the new target URL.
+                    type: string
+                type: object
+              redirectScheme:
+                description: 'RedirectScheme holds the redirect scheme middleware
+                  configuration. This middleware redirects requests from a scheme/port
+                  to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
+                properties:
+                  permanent:
+                    description: Permanent defines whether the redirection is permanent
+                      (301).
+                    type: boolean
+                  port:
+                    description: Port defines the port of the new URL.
+                    type: string
+                  scheme:
+                    description: Scheme defines the scheme of the new URL.
+                    type: string
+                type: object
+              replacePath:
+                description: 'ReplacePath holds the replace path middleware configuration.
+                  This middleware replaces the path of the request URL and store the
+                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
+                properties:
+                  path:
+                    description: Path defines the path to use as replacement in the
+                      request URL.
+                    type: string
+                type: object
+              replacePathRegex:
+                description: 'ReplacePathRegex holds the replace path regex middleware
+                  configuration. This middleware replaces the path of a URL using
+                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
+                properties:
+                  regex:
+                    description: Regex defines the regular expression used to match
+                      and capture the path from the request URL.
+                    type: string
+                  replacement:
+                    description: Replacement defines the replacement path format,
+                      which can include captured variables.
+                    type: string
+                type: object
+              retry:
+                description: 'Retry holds the retry middleware configuration. This
+                  middleware reissues requests a given number of times to a backend
+                  server if that server does not reply. As soon as the server answers,
+                  the middleware stops retrying, regardless of the response status.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
+                properties:
+                  attempts:
+                    description: Attempts defines how many times the request should
+                      be retried.
+                    type: integer
+                  initialInterval:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: InitialInterval defines the first wait time in the
+                      exponential backoff series. The maximum interval is calculated
+                      as twice the initialInterval. If unspecified, requests will
+                      be retried immediately. The value of initialInterval should
+                      be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+                    x-kubernetes-int-or-string: true
+                type: object
+              stripPrefix:
+                description: 'StripPrefix holds the strip prefix middleware configuration.
+                  This middleware removes the specified prefixes from the URL path.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
+                properties:
+                  forceSlash:
+                    description: 'ForceSlash ensures that the resulting stripped path
+                      is not the empty string, by replacing it with / when necessary.
+                      Default: true.'
+                    type: boolean
+                  prefixes:
+                    description: Prefixes defines the prefixes to strip from the request
+                      URL.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              stripPrefixRegex:
+                description: 'StripPrefixRegex holds the strip prefix regex middleware
+                  configuration. This middleware removes the matching prefixes from
+                  the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
+                properties:
+                  regex:
+                    description: Regex defines the regular expression to match the
+                      path prefix from the request URL.
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.io_middlewaretcps.yaml

@@ -0,0 +1,72 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: middlewaretcps.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: MiddlewareTCP
+    listKind: MiddlewareTCPList
+    plural: middlewaretcps
+    singular: middlewaretcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+          More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
+            properties:
+              inFlightConn:
+                description: InFlightConn defines the InFlightConn middleware configuration.
+                properties:
+                  amount:
+                    description: Amount defines the maximum amount of allowed simultaneous
+                      connections. The middleware closes the connection if there are
+                      already amount connections opened.
+                    format: int64
+                    type: integer
+                type: object
+              ipWhiteList:
+                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                properties:
+                  sourceRange:
+                    description: SourceRange defines the allowed IPs (or ranges of
+                      allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.io_serverstransports.yaml

@@ -0,0 +1,128 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: serverstransports.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: ServersTransport
+    listKind: ServersTransportList
+    plural: serverstransports
+    singular: serverstransport
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'ServersTransport is the CRD implementation of a ServersTransport.
+          If no serversTransport is specified, the default@internal will be used.
+          The default@internal serversTransport is created from the static configuration.
+          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ServersTransportSpec defines the desired state of a ServersTransport.
+            properties:
+              certificatesSecrets:
+                description: CertificatesSecrets defines a list of secret storing
+                  client certificates for mTLS.
+                items:
+                  type: string
+                type: array
+              disableHTTP2:
+                description: DisableHTTP2 disables HTTP/2 for connections with backend
+                  servers.
+                type: boolean
+              forwardingTimeouts:
+                description: ForwardingTimeouts defines the timeouts for requests
+                  forwarded to the backend servers.
+                properties:
+                  dialTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: DialTimeout is the amount of time to wait until a
+                      connection to a backend server can be established.
+                    x-kubernetes-int-or-string: true
+                  idleConnTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: IdleConnTimeout is the maximum period for which an
+                      idle HTTP keep-alive connection will remain open before closing
+                      itself.
+                    x-kubernetes-int-or-string: true
+                  pingTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: PingTimeout is the timeout after which the HTTP/2
+                      connection will be closed if a response to ping is not received.
+                    x-kubernetes-int-or-string: true
+                  readIdleTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: ReadIdleTimeout is the timeout after which a health
+                      check using ping frame will be carried out if no frame is received
+                      on the HTTP/2 connection.
+                    x-kubernetes-int-or-string: true
+                  responseHeaderTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: ResponseHeaderTimeout is the amount of time to wait
+                      for a server's response headers after fully writing the request
+                      (including its body, if any).
+                    x-kubernetes-int-or-string: true
+                type: object
+              insecureSkipVerify:
+                description: InsecureSkipVerify disables SSL certificate verification.
+                type: boolean
+              maxIdleConnsPerHost:
+                description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
+                  to keep per-host.
+                type: integer
+              peerCertURI:
+                description: PeerCertURI defines the peer cert URI used to match against
+                  SAN URI during the peer certificate verification.
+                type: string
+              rootCAsSecrets:
+                description: RootCAsSecrets defines a list of CA secret used to validate
+                  self-signed certificate.
+                items:
+                  type: string
+                type: array
+              serverName:
+                description: ServerName defines the server name used to contact the
+                  server.
+                type: string
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.io_tlsoptions.yaml

@@ -0,0 +1,113 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: tlsoptions.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: TLSOption
+    listKind: TLSOptionList
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
+          allowing to configure some parameters of the TLS connection. More info:
+          https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSOptionSpec defines the desired state of a TLSOption.
+            properties:
+              alpnProtocols:
+                description: 'ALPNProtocols defines the list of supported application
+                  level protocols for the TLS handshake, in order of preference. More
+                  info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
+                items:
+                  type: string
+                type: array
+              cipherSuites:
+                description: 'CipherSuites defines the list of supported cipher suites
+                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
+                items:
+                  type: string
+                type: array
+              clientAuth:
+                description: ClientAuth defines the server's policy for TLS Client
+                  Authentication.
+                properties:
+                  clientAuthType:
+                    description: ClientAuthType defines the client authentication
+                      type to apply.
+                    enum:
+                    - NoClientCert
+                    - RequestClientCert
+                    - RequireAnyClientCert
+                    - VerifyClientCertIfGiven
+                    - RequireAndVerifyClientCert
+                    type: string
+                  secretNames:
+                    description: SecretNames defines the names of the referenced Kubernetes
+                      Secret storing certificate details.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              curvePreferences:
+                description: 'CurvePreferences defines the preferred elliptic curves
+                  in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
+                items:
+                  type: string
+                type: array
+              maxVersion:
+                description: 'MaxVersion defines the maximum TLS version that Traefik
+                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+                  VersionTLS13. Default: None.'
+                type: string
+              minVersion:
+                description: 'MinVersion defines the minimum TLS version that Traefik
+                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+                  VersionTLS13. Default: VersionTLS10.'
+                type: string
+              preferServerCipherSuites:
+                description: 'PreferServerCipherSuites defines whether the server
+                  chooses a cipher suite among his own instead of among the client''s.
+                  It is enabled automatically when minVersion or maxVersion is set.
+                  Deprecated: https://github.com/golang/go/issues/45430'
+                type: boolean
+              sniStrict:
+                description: SniStrict defines whether Traefik allows connections
+                  from clients connections that do not specify a server_name extension.
+                type: boolean
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.io_tlsstores.yaml

@@ -0,0 +1,99 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: tlsstores.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: TLSStore
+    listKind: TLSStoreList
+    plural: tlsstores
+    singular: tlsstore
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
+          the time being, only the TLSStore named default is supported. This means
+          that you cannot have two stores that are named default in different Kubernetes
+          namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSStoreSpec defines the desired state of a TLSStore.
+            properties:
+              certificates:
+                description: Certificates is a list of secret names, each secret holding
+                  a key/certificate pair to add to the store.
+                items:
+                  description: Certificate holds a secret name for the TLSStore resource.
+                  properties:
+                    secretName:
+                      description: SecretName is the name of the referenced Kubernetes
+                        Secret to specify the certificate details.
+                      type: string
+                  required:
+                  - secretName
+                  type: object
+                type: array
+              defaultCertificate:
+                description: DefaultCertificate defines the default certificate configuration.
+                properties:
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                required:
+                - secretName
+                type: object
+              defaultGeneratedCert:
+                description: DefaultGeneratedCert defines the default generated certificate
+                  configuration.
+                properties:
+                  domain:
+                    description: Domain is the domain definition for the DefaultCertificate.
+                    properties:
+                      main:
+                        description: Main defines the main domain name.
+                        type: string
+                      sans:
+                        description: SANs defines the subject alternative domain names.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  resolver:
+                    description: Resolver is the name of the resolver that will be
+                      used to issue the DefaultCertificate.
+                    type: string
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/crds/traefik.io_traefikservices.yaml

@@ -0,0 +1,402 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: traefikservices.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: TraefikService
+    listKind: TraefikServiceList
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TraefikService is the CRD implementation of a Traefik Service.
+          TraefikService object allows to: - Apply weight to Services on load-balancing
+          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TraefikServiceSpec defines the desired state of a TraefikService.
+            properties:
+              mirroring:
+                description: Mirroring defines the Mirroring service configuration.
+                properties:
+                  kind:
+                    description: Kind defines the kind of the Service.
+                    enum:
+                    - Service
+                    - TraefikService
+                    type: string
+                  maxBodySize:
+                    description: MaxBodySize defines the maximum size allowed for
+                      the body of the request. If the body is larger, the request
+                      is not mirrored. Default value is -1, which means unlimited
+                      size.
+                    format: int64
+                    type: integer
+                  mirrors:
+                    description: Mirrors defines the list of mirrors where Traefik
+                      will duplicate the traffic.
+                    items:
+                      description: MirrorService holds the mirror configuration.
+                      properties:
+                        kind:
+                          description: Kind defines the kind of the Service.
+                          enum:
+                          - Service
+                          - TraefikService
+                          type: string
+                        name:
+                          description: Name defines the name of the referenced Kubernetes
+                            Service or TraefikService. The differentiation between
+                            the two is specified in the Kind field.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Kubernetes Service or TraefikService.
+                          type: string
+                        nativeLB:
+                          description: NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or
+                            if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the
+                            pods. By default, NativeLB is false.
+                          type: boolean
+                        passHostHeader:
+                          description: PassHostHeader defines whether the client Host
+                            header is forwarded to the upstream Kubernetes Service.
+                            By default, passHostHeader is true.
+                          type: boolean
+                        percent:
+                          description: 'Percent defines the part of the traffic to
+                            mirror. Supported values: 0 to 100.'
+                          type: integer
+                        port:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: Port defines the port of a Kubernetes Service.
+                            This can be a reference to a named port.
+                          x-kubernetes-int-or-string: true
+                        responseForwarding:
+                          description: ResponseForwarding defines how Traefik forwards
+                            the response from the upstream Kubernetes Service to the
+                            client.
+                          properties:
+                            flushInterval:
+                              description: 'FlushInterval defines the interval, in
+                                milliseconds, in between flushes to the client while
+                                copying the response body. A negative value means
+                                to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes
+                                a response as a streaming response; for such responses,
+                                writes are flushed to the client immediately. Default:
+                                100ms'
+                              type: string
+                          type: object
+                        scheme:
+                          description: Scheme defines the scheme to use for the request
+                            to the upstream Kubernetes Service. It defaults to https
+                            when Kubernetes Service port is 443, http otherwise.
+                          type: string
+                        serversTransport:
+                          description: ServersTransport defines the name of ServersTransport
+                            resource to use. It allows to configure the transport
+                            between Traefik and your servers. Can only be used on
+                            a Kubernetes Service.
+                          type: string
+                        sticky:
+                          description: 'Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          properties:
+                            cookie:
+                              description: Cookie defines the sticky cookie configuration.
+                              properties:
+                                httpOnly:
+                                  description: HTTPOnly defines whether the cookie
+                                    can be accessed by client-side APIs, such as JavaScript.
+                                  type: boolean
+                                name:
+                                  description: Name defines the Cookie name.
+                                  type: string
+                                sameSite:
+                                  description: 'SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  type: string
+                                secure:
+                                  description: Secure defines whether the cookie can
+                                    only be transmitted over an encrypted connection
+                                    (i.e. HTTPS).
+                                  type: boolean
+                              type: object
+                          type: object
+                        strategy:
+                          description: Strategy defines the load balancing strategy
+                            between the servers. RoundRobin is the only supported
+                            value at the moment.
+                          type: string
+                        weight:
+                          description: Weight defines the weight and should only be
+                            specified when Name references a TraefikService object
+                            (and to be precise, one that embeds a Weighted Round Robin).
+                          type: integer
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  name:
+                    description: Name defines the name of the referenced Kubernetes
+                      Service or TraefikService. The differentiation between the two
+                      is specified in the Kind field.
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the referenced
+                      Kubernetes Service or TraefikService.
+                    type: string
+                  nativeLB:
+                    description: NativeLB controls, when creating the load-balancer,
+                      whether the LB's children are directly the pods IPs or if the
+                      only child is the Kubernetes Service clusterIP. The Kubernetes
+                      Service itself does load-balance to the pods. By default, NativeLB
+                      is false.
+                    type: boolean
+                  passHostHeader:
+                    description: PassHostHeader defines whether the client Host header
+                      is forwarded to the upstream Kubernetes Service. By default,
+                      passHostHeader is true.
+                    type: boolean
+                  port:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: Port defines the port of a Kubernetes Service. This
+                      can be a reference to a named port.
+                    x-kubernetes-int-or-string: true
+                  responseForwarding:
+                    description: ResponseForwarding defines how Traefik forwards the
+                      response from the upstream Kubernetes Service to the client.
+                    properties:
+                      flushInterval:
+                        description: 'FlushInterval defines the interval, in milliseconds,
+                          in between flushes to the client while copying the response
+                          body. A negative value means to flush immediately after
+                          each write to the client. This configuration is ignored
+                          when ReverseProxy recognizes a response as a streaming response;
+                          for such responses, writes are flushed to the client immediately.
+                          Default: 100ms'
+                        type: string
+                    type: object
+                  scheme:
+                    description: Scheme defines the scheme to use for the request
+                      to the upstream Kubernetes Service. It defaults to https when
+                      Kubernetes Service port is 443, http otherwise.
+                    type: string
+                  serversTransport:
+                    description: ServersTransport defines the name of ServersTransport
+                      resource to use. It allows to configure the transport between
+                      Traefik and your servers. Can only be used on a Kubernetes Service.
+                    type: string
+                  sticky:
+                    description: 'Sticky defines the sticky sessions configuration.
+                      More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                    properties:
+                      cookie:
+                        description: Cookie defines the sticky cookie configuration.
+                        properties:
+                          httpOnly:
+                            description: HTTPOnly defines whether the cookie can be
+                              accessed by client-side APIs, such as JavaScript.
+                            type: boolean
+                          name:
+                            description: Name defines the Cookie name.
+                            type: string
+                          sameSite:
+                            description: 'SameSite defines the same site policy. More
+                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            type: string
+                          secure:
+                            description: Secure defines whether the cookie can only
+                              be transmitted over an encrypted connection (i.e. HTTPS).
+                            type: boolean
+                        type: object
+                    type: object
+                  strategy:
+                    description: Strategy defines the load balancing strategy between
+                      the servers. RoundRobin is the only supported value at the moment.
+                    type: string
+                  weight:
+                    description: Weight defines the weight and should only be specified
+                      when Name references a TraefikService object (and to be precise,
+                      one that embeds a Weighted Round Robin).
+                    type: integer
+                required:
+                - name
+                type: object
+              weighted:
+                description: Weighted defines the Weighted Round Robin configuration.
+                properties:
+                  services:
+                    description: Services defines the list of Kubernetes Service and/or
+                      TraefikService to load-balance, with weight.
+                    items:
+                      description: Service defines an upstream HTTP service to proxy
+                        traffic to.
+                      properties:
+                        kind:
+                          description: Kind defines the kind of the Service.
+                          enum:
+                          - Service
+                          - TraefikService
+                          type: string
+                        name:
+                          description: Name defines the name of the referenced Kubernetes
+                            Service or TraefikService. The differentiation between
+                            the two is specified in the Kind field.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Kubernetes Service or TraefikService.
+                          type: string
+                        nativeLB:
+                          description: NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or
+                            if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the
+                            pods. By default, NativeLB is false.
+                          type: boolean
+                        passHostHeader:
+                          description: PassHostHeader defines whether the client Host
+                            header is forwarded to the upstream Kubernetes Service.
+                            By default, passHostHeader is true.
+                          type: boolean
+                        port:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: Port defines the port of a Kubernetes Service.
+                            This can be a reference to a named port.
+                          x-kubernetes-int-or-string: true
+                        responseForwarding:
+                          description: ResponseForwarding defines how Traefik forwards
+                            the response from the upstream Kubernetes Service to the
+                            client.
+                          properties:
+                            flushInterval:
+                              description: 'FlushInterval defines the interval, in
+                                milliseconds, in between flushes to the client while
+                                copying the response body. A negative value means
+                                to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes
+                                a response as a streaming response; for such responses,
+                                writes are flushed to the client immediately. Default:
+                                100ms'
+                              type: string
+                          type: object
+                        scheme:
+                          description: Scheme defines the scheme to use for the request
+                            to the upstream Kubernetes Service. It defaults to https
+                            when Kubernetes Service port is 443, http otherwise.
+                          type: string
+                        serversTransport:
+                          description: ServersTransport defines the name of ServersTransport
+                            resource to use. It allows to configure the transport
+                            between Traefik and your servers. Can only be used on
+                            a Kubernetes Service.
+                          type: string
+                        sticky:
+                          description: 'Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          properties:
+                            cookie:
+                              description: Cookie defines the sticky cookie configuration.
+                              properties:
+                                httpOnly:
+                                  description: HTTPOnly defines whether the cookie
+                                    can be accessed by client-side APIs, such as JavaScript.
+                                  type: boolean
+                                name:
+                                  description: Name defines the Cookie name.
+                                  type: string
+                                sameSite:
+                                  description: 'SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  type: string
+                                secure:
+                                  description: Secure defines whether the cookie can
+                                    only be transmitted over an encrypted connection
+                                    (i.e. HTTPS).
+                                  type: boolean
+                              type: object
+                          type: object
+                        strategy:
+                          description: Strategy defines the load balancing strategy
+                            between the servers. RoundRobin is the only supported
+                            value at the moment.
+                          type: string
+                        weight:
+                          description: Weight defines the weight and should only be
+                            specified when Name references a TraefikService object
+                            (and to be precise, one that embeds a Weighted Round Robin).
+                          type: integer
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  sticky:
+                    description: 'Sticky defines whether sticky sessions are enabled.
+                      More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                    properties:
+                      cookie:
+                        description: Cookie defines the sticky cookie configuration.
+                        properties:
+                          httpOnly:
+                            description: HTTPOnly defines whether the cookie can be
+                              accessed by client-side APIs, such as JavaScript.
+                            type: boolean
+                          name:
+                            description: Name defines the Cookie name.
+                            type: string
+                          sameSite:
+                            description: 'SameSite defines the same site policy. More
+                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            type: string
+                          secure:
+                            description: Secure defines whether the cookie can only
+                              be transmitted over an encrypted connection (i.e. HTTPS).
+                            type: boolean
+                        type: object
+                    type: object
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

charts/enterprise/traefik/templates/_ingressroute.tpl

@@ -6,7 +6,7 @@
 {{- $ingressRouteAnnotations := .Values.ingressRoute.dashboard.annotations -}}
 
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}-dashboard

charts/enterprise/vaultwarden/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "1.28.1"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: Unofficial Bitwarden compatible server written in Rust
 home: https://truecharts.org/charts/enterprise/vaultwarden
@@ -25,7 +25,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/enterprise/vaultwarden
   - https://github.com/dani-garcia/vaultwarden
 type: application
-version: 20.0.29
+version: 20.0.32
 annotations:
   truecharts.org/catagories: |
     - security

charts/incubator/authentik/Chart.yaml

@@ -3,15 +3,11 @@ appVersion: "2023.4.1"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
-  - condition: postgresql.enabled
-    name: postgresql
-    repository: https://deps.truecharts.org/
-    version: 11.0.31
+    version: 12.14.1
   - condition: redis.enabled
     name: redis
     repository: https://deps.truecharts.org
-    version: 5.0.33
+    version: 6.0.58
 description: authentik is an open-source Identity Provider focused on flexibility and versatility.
 home: https://truecharts.org/charts/incubator/authentik
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/authentik.png
@@ -27,7 +23,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/incubator/authentik
   - https://github.com/goauthentik/authentik
   - https://goauthentik.io/docs/
-version: 11.0.0
+version: 12.0.1
 annotations:
   truecharts.org/catagories: |
     - authentication

charts/incubator/authentik/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/incubator/authentik/templates/_config.tpl

@@ -1,11 +1,12 @@
-{{/* Define the configmap */}}
-{{- define "authentik.config" -}}
+{{/* Define the configmaps */}}
+{{- define "authentik.configmaps" -}}
+
+{{- $authServerWorkerConfigName := printf "%s-authentik-config" (include "tc.v1.common.lib.chart.names.fullname" .) }}
+{{- $authServerConfigName := printf "%s-authentik-server-config" (include "tc.v1.common.lib.chart.names.fullname" .) }}
+{{- $geoipConfigName := printf "%s-geoip-config" (include "tc.v1.common.lib.chart.names.fullname" .) }}
+{{- $ldapConfigName := printf "%s-ldap-config" (include "tc.v1.common.lib.chart.names.fullname" .) }}
+{{- $proxyConfigName := printf "%s-proxy-config" (include "tc.v1.common.lib.chart.names.fullname" .) }}
 
-{{- $authServerWorkerConfigName := printf "%s-authentik-config" (include "tc.common.names.fullname" .) }}
-{{- $authServerConfigName := printf "%s-authentik-server-config" (include "tc.common.names.fullname" .) }}
-{{- $geoipConfigName := printf "%s-geoip-config" (include "tc.common.names.fullname" .) }}
-{{- $ldapConfigName := printf "%s-ldap-config" (include "tc.common.names.fullname" .) }}
-{{- $proxyConfigName := printf "%s-proxy-config" (include "tc.common.names.fullname" .) }}
 {{ $host := printf "https://localhost:%v" .Values.service.main.ports.main.targetPort }}
 {{- if .Values.ingress.main.enabled }}
   {{ $first := (first .Values.ingress.main.hosts) }}
@@ -14,130 +15,104 @@
   {{- end }}
 {{- end }}
 
----
+{{/* This configmap is loaded in both the main authentik container and worker */}}
+{{ $authServerWorkerConfigName }}:
+  enabled: true
+  data:
+    {{/* Dependencies */}}
+    AUTHENTIK_REDIS__HOST: {{ .Values.redis.creds.plain }}
+    {{- with $redis := .Values.redisProvider }}
+    AUTHENTIK_REDIS__PORT: {{ default 6379 $redis.port | quote }}
+    {{- end }}
+    AUTHENTIK_POSTGRESQL__NAME: {{ .Values.cnpg.main.database }}
+    AUTHENTIK_POSTGRESQL__USER: {{ .Values.cnpg.main.user }}
+    AUTHENTIK_POSTGRESQL__HOST: {{ .Values.cnpg.main.creds.host }}
+    {{- with $cnpg := .Values.cnpgProvider }}
+    AUTHENTIK_POSTGRESQL__PORT: {{ default 5432 $cnpg.port | quote }}
+    {{- end }}
+    {{/* Mail */}}
+    {{- with .Values.authentik.mail.port }}
+    AUTHENTIK_EMAIL__PORT: {{ . | quote }}
+    {{- end }}
+    AUTHENTIK_EMAIL__USE_TLS: {{ .Values.authentik.mail.tls | quote }}
+    AUTHENTIK_EMAIL__USE_SSL: {{ .Values.authentik.mail.ssl | quote }}
+    {{- with .Values.authentik.mail.timeout }}
+    AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }}
+    {{- end }}
+    {{/* Logging */}}
+    {{- with .Values.authentik.logging.log_level }}
+    AUTHENTIK_LOG_LEVEL: {{ . }}
+    {{- end }}
+    {{/* General */}}
+    AUTHENTIK_DISABLE_STARTUP_ANALYTICS: {{ .Values.authentik.general.disable_startup_analytics | quote }}
+    AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disable_update_check | quote }}
+    {{- with .Values.authentik.general.avatars }}
+    AUTHENTIK_AVATARS: {{ . }}
+    {{- end }}
+    AUTHENTIK_DEFAULT_USER_CHANGE_NAME: {{ .Values.authentik.general.allow_user_name_change | quote }}
+    AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: {{ .Values.authentik.general.allow_user_mail_change | quote }}
+    AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: {{ .Values.authentik.general.allow_user_username_change | quote }}
+    AUTHENTIK_GDPR_COMPLIANCE: {{ .Values.authentik.general.gdpr_compliance | quote }}
+    AUTHENTIK_IMPERSONATION: {{ .Values.authentik.general.impersonation | quote }}
+    AUTHENTIK_DEFAULT_TOKEN_LENGTH: {{ .Values.authentik.general.token_length | quote }}
+    {{- with .Values.authentik.general.footer_links }}
+    AUTHENTIK_FOOTER_LINKS: {{ . | squote }}
+    {{- end }}
+    {{/* Error Reporting */}}
+    AUTHENTIK_ERROR_REPORTING__ENABLED: {{ .Values.authentik.error_reporting.enabled | quote }}
+    AUTHENTIK_ERROR_REPORTING__SEND_PII: {{ .Values.authentik.error_reporting.send_pii | quote }}
+    {{- with .Values.authentik.error_reporting.environment }}
+    AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: {{ . }}
+    {{- end }}
+    {{/* LDAP */}}
+    {{- with .Values.authentik.ldap.tls_ciphers }}
+    AUTHENTIK_LDAP__TLS__CIPHERS: {{ . | quote }}
+    {{- end }}
+    {{/* Outposts */}}
+    AUTHENTIK_OUTPOSTS__DISCOVER: {{ "false" | quote }}
 
-{{/* This configmap are loaded on both main authentik container and worker */}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $authServerWorkerConfigName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{/* Dependencies */}}
-  AUTHENTIK_REDIS__HOST: {{ printf "%v-%v" .Release.Name "redis" }}
-  AUTHENTIK_REDIS__PORT: "6379"
-  AUTHENTIK_POSTGRESQL__NAME: {{ .Values.postgresql.postgresqlDatabase }}
-  AUTHENTIK_POSTGRESQL__USER: {{ .Values.postgresql.postgresqlUsername }}
-  AUTHENTIK_POSTGRESQL__HOST: {{ printf "%v-%v" .Release.Name "postgresql" }}
-  AUTHENTIK_POSTGRESQL__PORT: "5432"
-  {{/* Mail */}}
-  {{- with .Values.authentik.mail.port }}
-  AUTHENTIK_EMAIL__PORT: {{ . | quote }}
-  {{- end }}
-  AUTHENTIK_EMAIL__USE_TLS: {{ .Values.authentik.mail.tls | quote }}
-  AUTHENTIK_EMAIL__USE_SSL: {{ .Values.authentik.mail.ssl | quote }}
-  {{- with .Values.authentik.mail.timeout }}
-  AUTHENTIK_EMAIL__TIMEOUT: {{ . | quote }}
-  {{- end }}
-  {{/* Logging */}}
-  {{- with .Values.authentik.logging.log_level }}
-  AUTHENTIK_LOG_LEVEL: {{ . }}
-  {{- end }}
-  {{/* General */}}
-  AUTHENTIK_DISABLE_STARTUP_ANALYTICS: {{ .Values.authentik.general.disable_startup_analytics | quote }}
-  AUTHENTIK_DISABLE_UPDATE_CHECK: {{ .Values.authentik.general.disable_update_check | quote }}
-  {{- with .Values.authentik.general.avatars }}
-  AUTHENTIK_AVATARS: {{ . }}
-  {{- end }}
-  AUTHENTIK_DEFAULT_USER_CHANGE_NAME: {{ .Values.authentik.general.allow_user_name_change | quote }}
-  AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL: {{ .Values.authentik.general.allow_user_mail_change | quote }}
-  AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME: {{ .Values.authentik.general.allow_user_username_change | quote }}
-  AUTHENTIK_GDPR_COMPLIANCE: {{ .Values.authentik.general.gdpr_compliance | quote }}
-  AUTHENTIK_IMPERSONATION: {{ .Values.authentik.general.impersonation | quote }}
-  AUTHENTIK_DEFAULT_TOKEN_LENGTH: {{ .Values.authentik.general.token_length | quote }}
-  {{- with .Values.authentik.general.footer_links }}
-  AUTHENTIK_FOOTER_LINKS: {{ . | squote }}
-  {{- end }}
-  {{/* Error Reporting */}}
-  AUTHENTIK_ERROR_REPORTING__ENABLED: {{ .Values.authentik.error_reporting.enabled | quote }}
-  AUTHENTIK_ERROR_REPORTING__SEND_PII: {{ .Values.authentik.error_reporting.send_pii | quote }}
-  {{- with .Values.authentik.error_reporting.environment }}
-  AUTHENTIK_ERROR_REPORTING__ENVIRONMENT: {{ . }}
-  {{- end }}
-  {{/* LDAP */}}
-  {{- with .Values.authentik.ldap.tls_ciphers }}
-  AUTHENTIK_LDAP__TLS__CIPHERS: {{ . | quote }}
-  {{- end }}
-  {{/* Outposts */}}
-  AUTHENTIK_OUTPOSTS__DISCOVER: {{ "false" | quote }}
+{{/* This configmap is loaded in both the main authentik container and worker */}}
+{{ $authServerConfigName }}:
+  enabled: true
+  data:
+    {{/* Listen */}}
+    AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.main.ports.main.targetPort | default 9443 }}
+    AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.http.ports.http.targetPort | default 9000 }}
+    AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.metrics.ports.metrics.targetPort | default 9301 }}
 
----
+{{/* This configmap is loaded in the geoip container */}}
+{{ $geoipConfigName }}:
+  enabled: {{ .Values.geoip.enabled }}
+  data:
+    {{- with .Values.geoip.edition_ids }}
+    GEOIPUPDATE_EDITION_IDS: {{ . }}
+    {{- end }}
+    GEOIPUPDATE_FREQUENCY: {{ .Values.geoip.frequency | quote }}
+    {{- with .Values.geoip.host_server }}
+    GEOIPUPDATE_HOST: {{ . }}
+    {{- end }}
+    GEOIPUPDATE_PRESERVE_FILE_TIMES: {{ ternary "1" "0" .Values.geoip.preserve_file_times | quote }}
+    GEOIPUPDATE_VERBOSE: {{ ternary "1" "0" .Values.geoip.verbose | quote }}
 
-{{/* This configmap are loaded on both main authentik container and worker */}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $authServerConfigName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{/* Listen */}}
-  AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.main.ports.main.targetPort | default 9443 }}
-  AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.http.ports.http.targetPort | default 9000 }}
-  AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.metrics.ports.metrics.targetPort | default 9301 }}
+{{/* This configmap is loaded in the ldap container */}}
+{{ $ldapConfigName }}:
+  enabled: {{ .Values.outposts.ldap.enabled }}
+  data:
+    AUTHENTIK_INSECURE: {{ .Values.outposts.ldap.insecure | default "true" | quote }}
+    AUTHENTIK_HOST: {{ .Values.outposts.ldap.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }}
+    AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.ldap.host_browser | default $host }}
+    AUTHENTIK_LISTEN__LDAPS: 0.0.0.0:{{ .Values.service.ldapldaps.ports.ldapldaps.targetPort | default 6636 }}
+    AUTHENTIK_LISTEN__LDAP: 0.0.0.0:{{ .Values.service.ldapldap.ports.ldapldap.targetPort | default 3389 }}
+    AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort | default 9302 }}
 
----
-
-{{/* This configmap is loaded on ldap container */}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $ldapConfigName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  AUTHENTIK_INSECURE: {{ .Values.outposts.ldap.insecure | default "true" | quote }}
-  AUTHENTIK_HOST: {{ .Values.outposts.ldap.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }}
-  AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.ldap.host_browser | default $host }}
-  AUTHENTIK_LISTEN__LDAPS: 0.0.0.0:{{ .Values.service.ldapldaps.ports.ldapldaps.targetPort | default 6636 }}
-  AUTHENTIK_LISTEN__LDAP: 0.0.0.0:{{ .Values.service.ldapldap.ports.ldapldap.targetPort | default 3389 }}
-  AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort | default 9302 }}
-
----
-
-{{/* This configmap is loaded on ldap container */}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $proxyConfigName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  AUTHENTIK_INSECURE: {{ .Values.outposts.proxy.insecure | default "true" | quote }}
-  AUTHENTIK_HOST: {{ .Values.outposts.proxy.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }}
-  AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.proxy.host_browser | default $host }}
-  AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.proxyhttps.ports.proxyhttps.targetPort | default 9444 }}
-  AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.proxyhttp.ports.proxyhttp.targetPort | default 9001 }}
-  AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.proxymetrics.ports.proxymetrics.targetPort | default 9303 }}
-
----
-
-{{/* This configmap is loaded on geoip container */}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ $geoipConfigName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{- with .Values.geoip.edition_ids }}
-  GEOIPUPDATE_EDITION_IDS: {{ . }}
-  {{- end }}
-  GEOIPUPDATE_FREQUENCY: {{ .Values.geoip.frequency | quote }}
-  {{- with .Values.geoip.host_server }}
-  GEOIPUPDATE_HOST: {{ . }}
-  {{- end }}
-  GEOIPUPDATE_PRESERVE_FILE_TIMES: {{ ternary "1" "0" .Values.geoip.preserve_file_times | quote }}
-  GEOIPUPDATE_VERBOSE: {{ ternary "1" "0" .Values.geoip.verbose | quote }}
+{{/* This configmap is loaded in the proxy container */}}
+{{ $proxyConfigName }}:
+  enabled: {{ .Values.outposts.proxy.enabled }}
+  data:
+    AUTHENTIK_INSECURE: {{ .Values.outposts.proxy.insecure | default "true" | quote }}
+    AUTHENTIK_HOST: {{ .Values.outposts.proxy.host | default (printf "https://localhost:%v" .Values.service.main.ports.main.targetPort) }}
+    AUTHENTIK_HOST_BROWSER: {{ .Values.outposts.proxy.host_browser | default $host }}
+    AUTHENTIK_LISTEN__HTTPS: 0.0.0.0:{{ .Values.service.proxyhttps.ports.proxyhttps.targetPort | default 9444 }}
+    AUTHENTIK_LISTEN__HTTP: 0.0.0.0:{{ .Values.service.proxyhttp.ports.proxyhttp.targetPort | default 9001 }}
+    AUTHENTIK_LISTEN__METRICS: 0.0.0.0:{{ .Values.service.proxymetrics.ports.proxymetrics.targetPort | default 9303 }}
 {{- end -}}

charts/incubator/authentik/templates/_geoip.tpl

@@ -1,20 +1,23 @@
 {{/* Define the geoip container */}}
-{{- define "authentik.geoip" -}}
-image: {{ .Values.geoipImage.repository }}:{{ .Values.geoipImage.tag }}
-imagePullPolicy: {{ .Values.geoipImage.pullPolicy }}
+{{- define "authentik.geoip.container" -}}
+enabled: true
+primary: false
+imageSelector: geoipImage
 securityContext:
   runAsUser: 0
   runAsGroup: 0
-  readOnlyRootFilesystem: false
-  runAsNonRoot: false
-volumeMounts:
-  - name: geoip
-    mountPath: "/usr/share/GeoIP"
 envFrom:
   - secretRef:
-      name: '{{ include "tc.common.names.fullname" . }}-geoip-secret'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-geoip-secret'
   - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-geoip-config'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-geoip-config'
 {{/* TODO: Add healthchecks */}}
 {{/* TODO: https://github.com/maxmind/geoipupdate/issues/105 */}}
+probes:
+  readiness:
+    enabled: false
+  liveness:
+    enabled: false
+  startup:
+    enabled: false
 {{- end -}}

charts/incubator/authentik/templates/_ldap.tpl

@@ -1,17 +1,16 @@
 {{/* Define the ldap container */}}
-{{- define "authentik.ldap" -}}
-image: {{ .Values.ldapImage.repository }}:{{ .Values.ldapImage.tag }}
-imagePullPolicy: {{ .Values.ldapImage.pullPolicy }}
+{{- define "authentik.ldap.container" -}}
+enabled: true
+primary: false
+imageSelector: ldapImage
 securityContext:
-  runAsUser: {{ .Values.podSecurityContext.runAsUser }}
-  runAsGroup: {{ .Values.podSecurityContext.runAsGroup }}
   readOnlyRootFilesystem: true
   runAsNonRoot: true
 envFrom:
   - secretRef:
-      name: '{{ include "tc.common.names.fullname" . }}-ldap-secret'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-ldap-secret'
   - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-ldap-config'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-ldap-config'
 ports:
   - containerPort: {{ .Values.service.ldapldaps.ports.ldapldaps.targetPort }}
     name: ldapldaps
@@ -21,28 +20,20 @@ ports:
   - containerPort: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }}
     name: ldapmetrics
 {{- end }}
-readinessProbe:
-  httpGet:
+probes:
+  readiness:
+    enabled: true
+    type: {{ .Values.service.ldapmetrics.ports.ldapmetrics.protocol }}
     path: /outpost.goauthentik.io/ping
     port: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }}
-  initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
-livenessProbe:
-  httpGet:
+  liveness:
+    enabled: true
+    type: {{ .Values.service.ldapmetrics.ports.ldapmetrics.protocol }}
     path: /outpost.goauthentik.io/ping
     port: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }}
-  initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
-startupProbe:
-  httpGet:
+  startup:
+    enabled: true
+    type: {{ .Values.service.ldapmetrics.ports.ldapmetrics.protocol }}
     path: /outpost.goauthentik.io/ping
     port: {{ .Values.service.ldapmetrics.ports.ldapmetrics.targetPort }}
-  initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
 {{- end -}}

charts/incubator/authentik/templates/_proxy.tpl

@@ -1,17 +1,16 @@
 {{/* Define the proxy container */}}
-{{- define "authentik.proxy" -}}
-image: {{ .Values.proxyImage.repository }}:{{ .Values.proxyImage.tag }}
-imagePullPolicy: {{ .Values.proxyImage.pullPolicy }}
+{{- define "authentik.proxy.container" -}}
+enabled: true
+primary: false
+imageSelector: proxyImage
 securityContext:
-  runAsUser: {{ .Values.podSecurityContext.runAsUser }}
-  runAsGroup: {{ .Values.podSecurityContext.runAsGroup }}
   readOnlyRootFilesystem: true
   runAsNonRoot: true
 envFrom:
   - secretRef:
-      name: '{{ include "tc.common.names.fullname" . }}-proxy-secret'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-proxy-secret'
   - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-proxy-config'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-proxy-config'
 ports:
   - containerPort: {{ .Values.service.proxyhttps.ports.proxyhttps.targetPort }}
     name: proxyhttps
@@ -21,28 +20,20 @@ ports:
   - containerPort: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }}
     name: proxymetrics
 {{- end }}
-readinessProbe:
-  httpGet:
+probes:
+  readiness:
+    enabled: true
+    type: {{ .Values.service.proxymetrics.ports.proxymetrics.protocol }}
     path: /outpost.goauthentik.io/ping
     port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }}
-  initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
-livenessProbe:
-  httpGet:
+  liveness:
+    enabled: true
+    type: {{ .Values.service.proxymetrics.ports.proxymetrics.protocol }}
     path: /outpost.goauthentik.io/ping
     port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }}
-  initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
-startupProbe:
-  httpGet:
+  startup:
+    enabled: true
+    type: {{ .Values.service.proxymetrics.ports.proxymetrics.protocol }}
     path: /outpost.goauthentik.io/ping
     port: {{ .Values.service.proxymetrics.ports.proxymetrics.targetPort }}
-  initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
 {{- end -}}

charts/incubator/authentik/templates/_secret.tpl

@@ -1,106 +1,81 @@
-{{/* Define the secret */}}
-{{- define "authentik.secret" -}}
+{{/* Define the secrets */}}
+{{- define "authentik.secrets" -}}
 
-{{- $authentikSecretName := printf "%s-authentik-secret" (include "tc.common.names.fullname" .) }}
-{{- $geoipSecretName := printf "%s-geoip-secret" (include "tc.common.names.fullname" .) }}
-{{- $ldapSecretName := printf "%s-ldap-secret" (include "tc.common.names.fullname" .) }}
-{{- $proxySecretName := printf "%s-proxy-secret" (include "tc.common.names.fullname" .) }}
-{{- $token := randAlphaNum 128 | b64enc }}
+{{- $authentikSecretName := printf "%s-authentik-secret" (include "tc.v1.common.lib.chart.names.fullname" .) }}
+{{- $geoipSecretName := printf "%s-geoip-secret" (include "tc.v1.common.lib.chart.names.fullname" .) }}
+{{- $ldapSecretName := printf "%s-ldap-secret" (include "tc.v1.common.lib.chart.names.fullname" .) }}
+{{- $proxySecretName := printf "%s-proxy-secret" (include "tc.v1.common.lib.chart.names.fullname" .) }}
+{{- $token := randAlphaNum 128 }}
 
----
-{{/* This secrets are loaded on both main authentik container and worker */}}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ $authentikSecretName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{/* Secret Key */}}
-  {{- with (lookup "v1" "Secret" .Release.Namespace $authentikSecretName) }}
-  AUTHENTIK_SECRET_KEY: {{ index .data "AUTHENTIK_SECRET_KEY" }}
-  {{ $token = index .data "AUTHENTIK_BOOTSTRAP_TOKEN" }}
-  {{- else }}
-  AUTHENTIK_SECRET_KEY: {{ randAlphaNum 32 | b64enc }}
-  {{- end }}
-  AUTHENTIK_BOOTSTRAP_TOKEN: {{ $token }}
-  {{/* Dependencies */}}
-  AUTHENTIK_POSTGRESQL__PASSWORD: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" | b64enc }}
-  AUTHENTIK_REDIS__PASSWORD: {{ .Values.redis.redisPassword | trimAll "\"" | b64enc }}
-  {{/* Credentials */}}
-  {{- with .Values.authentik.credentials.password }}
-  AUTHENTIK_BOOTSTRAP_PASSWORD: {{ . | b64enc }}
-  {{- end }}
-  {{/* Mail */}}
-  {{- with .Values.authentik.mail.host }}
-  AUTHENTIK_EMAIL__HOST: {{ . | b64enc }}
-  {{- end }}
-  {{- with .Values.authentik.mail.user }}
-  AUTHENTIK_EMAIL__USERNAME: {{ . | b64enc }}
-  {{- end }}
-  {{- with .Values.authentik.mail.pass }}
-  AUTHENTIK_EMAIL__PASSWORD: {{ . | b64enc }}
-  {{- end }}
-  {{- with .Values.authentik.mail.from }}
-  AUTHENTIK_EMAIL__FROM: {{ . | b64enc }}
-  {{- end }}
+{{/* This secret is loaded in both the main authentik container and worker */}}
+{{ $authentikSecretName }}:
+  enabled: true
+  data:
+    {{/* Secret Key */}}
+    {{- with (lookup "v1" "Secret" .Release.Namespace $authentikSecretName) }}
+    AUTHENTIK_SECRET_KEY: {{ index .data "AUTHENTIK_SECRET_KEY" }}
+    {{ $token = index .data "AUTHENTIK_BOOTSTRAP_TOKEN" }}
+    {{- else }}
+    AUTHENTIK_SECRET_KEY: {{ randAlphaNum 32 }}
+    {{- end }}
+    AUTHENTIK_BOOTSTRAP_TOKEN: {{ $token }}
+    {{/* Dependencies */}}
+    AUTHENTIK_POSTGRESQL__PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
+    AUTHENTIK_REDIS__PASSWORD: {{ .Values.redis.creds.redisPassword | trimAll "\"" }}
+    {{/* Credentials */}}
+    {{- with .Values.authentik.credentials.password }}
+    AUTHENTIK_BOOTSTRAP_PASSWORD: {{ . }}
+    {{- end }}
+    {{/* Mail */}}
+    {{- with .Values.authentik.mail.host }}
+    AUTHENTIK_EMAIL__HOST: {{ . }}
+    {{- end }}
+    {{- with .Values.authentik.mail.user }}
+    AUTHENTIK_EMAIL__USERNAME: {{ . }}
+    {{- end }}
+    {{- with .Values.authentik.mail.pass }}
+    AUTHENTIK_EMAIL__PASSWORD: {{ . }}
+    {{- end }}
+    {{- with .Values.authentik.mail.from }}
+    AUTHENTIK_EMAIL__FROM: {{ . }}
+    {{- end }}
 
-{{- if .Values.geoip.enabled }}
----
-{{/* This secrets are loaded on geoip container */}}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ $geoipSecretName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{/* Credentials */}}
-  {{- with .Values.geoip.account_id }}
-  GEOIPUPDATE_ACCOUNT_ID: {{ . | b64enc }}
-  {{- end }}
-  {{- with .Values.geoip.license_key }}
-  GEOIPUPDATE_LICENSE_KEY: {{ . | b64enc }}
-  {{- end }}
-  {{/* Proxy */}}
-  {{- with .Values.geoip.proxy }}
-  GEOIPUPDATE_PROXY: {{ . | b64enc }}
-  {{- end }}
-  {{- with .Values.geoip.proxy_user_pass }}
-  GEOIPUPDATE_PROXY_USER_PASSWORD: {{ . | b64enc }}
-  {{- end }}
-{{- end }}
----
-{{/* This secrets are loaded on ldap container */}}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ $ldapSecretName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{- with .Values.outposts.ldap.token }}
-  AUTHENTIK_TOKEN: {{ . | b64enc }}
-  {{- else }}
-  AUTHENTIK_TOKEN: {{ $token }}
-  {{- end }}
-
----
-{{/* This secrets are loaded on ldap container */}}
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: {{ $proxySecretName }}
-  labels:
-    {{- include "tc.common.labels" . | nindent 4 }}
-data:
-  {{- with .Values.outposts.proxy.token }}
-  AUTHENTIK_TOKEN: {{ . | b64enc }}
-  {{- else }}
-  AUTHENTIK_TOKEN: {{ $token }}
-  {{- end }}
+{{/* This secret is loaded in the geoip container */}}
+{{ $geoipSecretName }}:
+  enabled: {{ .Values.geoip.enabled }}
+  data:
+    {{/* Credentials */}}
+    {{- with .Values.geoip.account_id }}
+    GEOIPUPDATE_ACCOUNT_ID: {{ . }}
+    {{- end }}
+    {{- with .Values.geoip.license_key }}
+    GEOIPUPDATE_LICENSE_KEY: {{ . }}
+    {{- end }}
+    {{/* Proxy */}}
+    {{- with .Values.geoip.proxy }}
+    GEOIPUPDATE_PROXY: {{ . }}
+    {{- end }}
+    {{- with .Values.geoip.proxy_user_pass }}
+    GEOIPUPDATE_PROXY_USER_PASSWORD: {{ . }}
+    {{- end }}
+
+{{/* This secret is loaded in the ldap container */}}
+{{ $ldapSecretName }}:
+  enabled: {{ .Values.outposts.ldap.enabled }}
+  data:
+    {{- with .Values.outposts.ldap.token }}
+    AUTHENTIK_TOKEN: {{ . }}
+    {{- else }}
+    AUTHENTIK_TOKEN: {{ $token }}
+    {{- end }}
+
+{{/* This secret is loaded in the proxy container */}}
+{{ $proxySecretName }}:
+  enabled: {{ .Values.outposts.proxy.enabled }}
+  data:
+    {{- with .Values.outposts.proxy.token }}
+    AUTHENTIK_TOKEN: {{ . }}
+    {{- else }}
+    AUTHENTIK_TOKEN: {{ $token }}
+    {{- end }}
 {{- end }}

charts/incubator/authentik/templates/_worker.tpl

@@ -1,52 +1,31 @@
 {{/* Define the worker container */}}
-{{- define "authentik.worker" -}}
-image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-imagePullPolicy: {{ .Values.image.pullPolicy }}
-securityContext:
-  runAsUser: {{ .Values.podSecurityContext.runAsUser }}
-  runAsGroup: {{ .Values.podSecurityContext.runAsGroup }}
-  readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }}
-  runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }}
+{{- define "authentik.worker.container" -}}
+enabled: true
+primary: false
+imageSelector: image
 args: ["worker"]
 envFrom:
   - secretRef:
-      name: '{{ include "tc.common.names.fullname" . }}-authentik-secret'
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-secret'
   - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-authentik-config'
-volumeMounts:
-  - name: media
-    mountPath: "/media"
-  - name: templates
-    mountPath: "/templates"
-  - name: certs
-    mountPath: "/certs"
-  - name: geoip
-    mountPath: "/geoip"
-readinessProbe:
-  exec:
+      name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-config'
+probes:
+  readiness:
+    enabled: true
+    type: exec
     command:
-      - /lifecycle/ak
-      - healthcheck
-  initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
-livenessProbe:
-  exec:
+        - /lifecycle/ak
+        - healthcheck
+  liveness:
+    enabled: true
+    type: exec
     command:
-      - /lifecycle/ak
-      - healthcheck
-  initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
-  timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
-  periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
-startupProbe:
-  exec:
+        - /lifecycle/ak
+        - healthcheck
+  startup:
+    enabled: true
+    type: exec
     command:
-      - /lifecycle/ak
-      - healthcheck
-  initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
-  timeoutSeconds: 10
-  periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
-  failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
+        - /lifecycle/ak
+        - healthcheck
 {{- end -}}

charts/incubator/authentik/templates/common.yaml

@@ -1,30 +1,31 @@
 {{/* Make sure all variables are set properly */}}
-{{- include "tc.common.loader.init" . }}
+{{- include "tc.v1.common.loader.init" . }}
 
-{{/* Render secret */}}
-{{- include "authentik.secret" . }}
-
-{{/* Render config */}}
-{{- include "authentik.config" . }}
-
-{{- if hasKey .Values "metrics" -}}
-{{- if .Values.metrics.enabled -}}
-{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
-{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
-{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.metrics.ports.metrics.targetPort | default 9301 | quote) -}}
+{{/* Render secrets for authentik and friends */}}
+{{- $authentikSecrets := include "authentik.secrets" . | fromYaml -}}
+{{- if $authentikSecrets -}}
+  {{ $secrets := (mustMerge $.Values.secret $authentikSecrets) }}
+  {{- $_ := set .Values "secret" $secrets -}}
 {{- end -}}
+
+{{/* Render configmaps for authentik and friends */}}
+{{- $authentikConfigmaps := include "authentik.configmaps" . | fromYaml -}}
+{{- if $authentikConfigmaps -}}
+  {{ $configmaps := (mustMerge $.Values.configmap $authentikConfigmaps) }}
+  {{- $_ := set .Values "configmap" $configmaps -}}
 {{- end -}}
 
+
 {{- if .Values.workerContainer.enabled -}}
-{{- $_ := set .Values.additionalContainers "worker" (include "authentik.worker" . | fromYaml) -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "worker" (include "authentik.worker.container" . | fromYaml) -}}
 {{- end -}}
 
 {{- if .Values.geoip.enabled -}}
-{{- $_ := set .Values.additionalContainers "geoip" (include "authentik.geoip" . | fromYaml) -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "geoip" (include "authentik.geoip.container" . | fromYaml) -}}
 {{- end -}}
 
 {{- if .Values.outposts.ldap.enabled -}}
-{{- $_ := set .Values.additionalContainers "ldap-outpost" (include "authentik.ldap" . | fromYaml) -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "ldap-outpost" (include "authentik.ldap.container" . | fromYaml) -}}
 {{/* - if .Values.metrics.enabled - */}}
 {{/* https://github.com/prometheus/prometheus/issues/3756 */}}
 {{/* TODO: Figure how the pipe works to connect it to prometheus operator */}}
@@ -33,7 +34,7 @@
 {{- end -}}
 
 {{- if .Values.outposts.proxy.enabled -}}
-{{- $_ := set .Values.additionalContainers "proxy-outpost" (include "authentik.proxy" . | fromYaml) -}}
+{{- $_ := set .Values.workload.main.podSpec.containers "proxy-outpost" (include "authentik.proxy.container" . | fromYaml) -}}
 {{/* - if .Values.metrics.enabled - */}}
 {{/* https://github.com/prometheus/prometheus/issues/3756 */}}
 {{/* TODO: Figure how the pipe works to connect it to prometheus operator */}}
@@ -42,4 +43,4 @@
 {{- end -}}
 
 {{/* Render the templates */}}
-{{ include "tc.common.loader.apply" . }}
+{{ include "tc.v1.common.loader.apply" . }}

charts/incubator/authentik/templates/prometheusrules.yaml

@@ -3,7 +3,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata:
-  name: {{ include "tc.common.names.fullname" . }}
+  name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}
   labels:
     {{- include "tc.common.labels" . | nindent 4 }}
     {{- with .Values.metrics.prometheusRule.labels }}
@@ -11,7 +11,7 @@ metadata:
     {{- end }}
 spec:
   groups:
-    - name: {{ include "tc.common.names.fullname" . }}
+    - name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}
       rules:
         {{- with .Values.metrics.prometheusRule.rules }}
         {{- toYaml . | nindent 8 }}

charts/incubator/authentik/templates/servicemonitor.yaml

@@ -3,7 +3,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ include "tc.common.names.fullname" . }}
+  name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}
   labels:
     {{- include "tc.common.labels" . | nindent 4 }}
     {{- with .Values.metrics.serviceMonitor.labels }}

charts/incubator/authentik/values.yaml

@@ -18,14 +18,200 @@ proxyImage:
   tag: 2023.4.1@sha256:b6e40435836333bdc53afde38f4c4bfb342005b0636d769c641c79348ce1aae4
   pullPolicy: IfNotPresent
 
-args: ["server"]
-
-podSecurityContext:
-  runAsUser: 1000
-  runAsGroup: 1000
-
 securityContext:
-  readOnlyRootFilesystem: false
+  container:
+    runAsUser: 1000
+    runAsGroup: 1000
+    readOnlyRootFilesystem: false
+
+workload:
+  main:
+    replicas: 1
+    strategy: RollingUpdate
+    podSpec:
+      containers:
+        main:
+          args: ["server"]
+          envFrom:
+            - secretRef:
+                name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-secret'
+            - configMapRef:
+                name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-config'
+            - configMapRef:
+                name: '{{ include "tc.v1.common.lib.chart.names.fullname" . }}-authentik-server-config'
+          probes:
+            liveness:
+              type: https
+              path: /-/health/live/
+              port: "{{ .Values.service.main.ports.main.targetPort }}"
+            readiness:
+              type: https
+              path: /-/health/ready/
+              port: "{{ .Values.service.main.ports.main.targetPort }}"
+            startup:
+              type: https
+              path: /-/health/ready/
+              port: "{{ .Values.service.main.ports.main.targetPort }}"
+
+service:
+  main:
+    ports:
+      main:
+        protocol: https
+        port: 10229
+        targetPort: 9443
+  http:
+    enabled: true
+    type: ClusterIP
+    ports:
+      http:
+        enabled: true
+        protocol: http
+        port: 10230
+        targetPort: 9000
+  # LDAP Outpost Services
+  ldapldaps:
+    enabled: true
+    ports:
+      ldapldaps:
+        enabled: true
+        port: 636
+        targetPort: 6636
+  ldapldap:
+    enabled: true
+    ports:
+      ldapldap:
+        enabled: true
+        port: 389
+        targetPort: 3389
+  # Proxy Outpost Services
+  proxyhttps:
+    enabled: true
+    ports:
+      proxyhttps:
+        enabled: true
+        port: 10233
+        protocol: https
+        targetPort: 9444
+  proxyhttp:
+    enabled: true
+    type: ClusterIP
+    ports:
+      proxyhttp:
+        enabled: true
+        port: 10234
+        protocol: http
+        targetPort: 9001
+  # Metrics Services
+  metrics:
+    enabled: true
+    type: ClusterIP
+    ports:
+      metrics:
+        enabled: true
+        protocol: http
+        port: 10231
+        targetPort: 9301
+  ldapmetrics:
+    enabled: true
+    type: ClusterIP
+    ports:
+      ldapmetrics:
+        enabled: true
+        port: 10232
+        protocol: http
+        targetPort: 9302
+  proxymetrics:
+    enabled: true
+    type: ClusterIP
+    ports:
+      proxymetrics:
+        enabled: true
+        port: 10235
+        protocol: http
+        targetPort: 9303
+
+metrics:
+  # TODO
+  main:
+    # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
+    # @default -- See values.yaml
+    enabled: false
+    type: "servicemonitor"
+    endpoints:
+      - port: main
+        path: /metrics
+        interval: 1m
+        scrapeTimeout: 30s
+    # -- Enable and configure Prometheus Rules for the chart under this key.
+    # @default -- See values.yaml
+    prometheusRule:
+      enabled: false
+      labels: {}
+      # -- Configure additionial rules for the chart under this key.
+      # @default -- See prometheusrules.yaml
+      rules:
+        []
+        # - alert: UnifiPollerAbsent
+        #   annotations:
+        #     description: Unifi Poller has disappeared from Prometheus service discovery.
+        #     summary: Unifi Poller is down.
+        #   expr: |
+        #     absent(up{job=~".*unifi-poller.*"} == 1)
+        #   for: 5m
+        #   labels:
+        #     severity: critical
+
+ingress:
+  proxyhttps:
+    autoLink: true
+
+# Target selectors taken from authentik's compose file:
+# See https://github.com/goauthentik/authentik/blob/main/docker-compose.yml
+persistence:
+  media:
+    enabled: true
+    mountPath: "/media"
+    targetSelector:
+      main:
+        main: {}
+        worker: {}
+  templates:
+    enabled: true
+    mountPath: "/templates"
+    targetSelector:
+      main:
+        main: {}
+        worker: {}
+  certs:
+    enabled: true
+    mountPath: "/certs"
+    targetSelector:
+      main:
+        worker: {}
+  geoip:
+    enabled: true
+    mountPath: "/usr/share/GeoIP"
+    targetSelector:
+      main:
+        geoip: {}
+
+cnpg:
+  main:
+    enabled: true
+    user: authentik
+    database: authentik
+
+cnpgProvider:
+  port: 5432
+
+# Enabled redis
+# ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis
+redis:
+  enabled: true
+
+redisProvider:
+  port: 6379
 
 workerContainer:
   enabled: true
@@ -62,6 +248,7 @@ authentik:
     log_level: "info"
   ldap:
     tls_ciphers: "null"
+
 geoip:
   enabled: false
   account_id: ""
@@ -98,161 +285,6 @@ outposts:
     # -- Token is only needed if you accidentally deleted the token within the UI
     # token: ""
 
-metrics:
-  # -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
-  # @default -- See values.yaml
-  enabled: false
-  serviceMonitor:
-    interval: 1m
-    scrapeTimeout: 30s
-    labels: {}
-  # -- Enable and configure Prometheus Rules for the chart under this key.
-  # @default -- See values.yaml
-  prometheusRule:
-    enabled: false
-    useDefault: true
-    labels: {}
-    # -- Configure additional rules for the chart under this key.
-    # @default -- See prometheusrules.yaml
-    rules:
-      []
-      # - alert: UnifiPollerAbsent
-      #   annotations:
-      #     description: Unifi Poller has disappeared from Prometheus service discovery.
-      #     summary: Unifi Poller is down.
-      #   expr: |
-      #     absent(up{job=~".*unifi-poller.*"} == 1)
-      #   for: 5m
-      #   labels:
-      #     severity: critical
-
-envFrom:
-  - secretRef:
-      name: '{{ include "tc.common.names.fullname" . }}-authentik-secret'
-  - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-authentik-config'
-  - configMapRef:
-      name: '{{ include "tc.common.names.fullname" . }}-authentik-server-config'
-
-probes:
-  liveness:
-    type: HTTPS
-    path: /-/health/live/
-    port: "{{ .Values.service.main.ports.main.targetPort }}"
-  readiness:
-    type: HTTPS
-    path: /-/health/ready/
-    port: "{{ .Values.service.main.ports.main.targetPort }}"
-  startup:
-    type: HTTPS
-    path: /-/health/ready/
-    port: "{{ .Values.service.main.ports.main.targetPort }}"
-
-service:
-  main:
-    ports:
-      main:
-        protocol: HTTPS
-        port: 10229
-        targetPort: 9443
-  http:
-    enabled: true
-    type: ClusterIP
-    ports:
-      http:
-        enabled: true
-        protocol: HTTP
-        port: 10230
-        targetPort: 9000
-  # LDAP Outpost Services
-  ldapldaps:
-    enabled: true
-    ports:
-      ldapldaps:
-        enabled: true
-        port: 636
-        targetPort: 6636
-  ldapldap:
-    enabled: true
-    ports:
-      ldapldap:
-        enabled: true
-        port: 389
-        targetPort: 3389
-  # Proxy Outpost Services
-  proxyhttps:
-    enabled: true
-    ports:
-      proxyhttps:
-        enabled: true
-        port: 10233
-        protocol: HTTPS
-        targetPort: 9444
-  proxyhttp:
-    enabled: true
-    type: ClusterIP
-    ports:
-      proxyhttp:
-        enabled: true
-        port: 10234
-        protocol: HTTP
-        targetPort: 9001
-  # Metrics Services
-  metrics:
-    enabled: true
-    type: ClusterIP
-    ports:
-      metrics:
-        enabled: true
-        protocol: HTTP
-        port: 10231
-        targetPort: 9301
-  ldapmetrics:
-    enabled: true
-    type: ClusterIP
-    ports:
-      ldapmetrics:
-        enabled: true
-        port: 10232
-        protocol: HTTP
-        targetPort: 9302
-  proxymetrics:
-    enabled: true
-    type: ClusterIP
-    ports:
-      proxymetrics:
-        enabled: true
-        port: 10235
-        protocol: HTTP
-        targetPort: 9303
-
-ingress:
-  proxyhttps:
-    autoLink: true
-
-persistence:
-  media:
-    enabled: true
-    mountPath: "/media"
-  templates:
-    enabled: true
-    mountPath: "/templates"
-  certs:
-    enabled: true
-    mountPath: "/certs"
-  geoip:
-    enabled: true
-    mountPath: "/geoip"
-
-postgresql:
-  enabled: true
-  existingSecret: "dbcreds"
-  postgresqlUsername: authentik
-  postgresqlDatabase: authentik
-
-redis:
-  enabled: true
-  existingSecret: "rediscreds"
-
 portal:
-  enabled: true
+  open:
+    enabled: true

charts/incubator/cloudflared/ci/test-values.yaml

@@ -1,3 +0,0 @@
-# With the bellow we test both container starts and that tpl is working inside extraArgs list
-args: ["tunnel", "--no-autoupdate", "{{ .Values.testTpl }}"]
-testTpl: "--hello-world"

charts/incubator/cloudflared/templates/common.yaml

@@ -1 +0,0 @@
-{{ include "tc.common.loader.all" . }}

charts/incubator/cloudflared/values.yaml

@@ -1,39 +0,0 @@
-image:
-  repository: tccr.io/truecharts/cloudflared
-  pullPolicy: IfNotPresent
-  tag: 2023.4.2@sha256:e5551a0d74e34f7c10af85ca1df3eda34ec9dba13bd1bc550324a2e12f862230
-
-args:
-  - tunnel
-  - --no-autoupdate
-  - run
-  - --token
-  - "{{ .Values.cloudflared.token }}"
-
-cloudflared:
-  token: ""
-
-securityContext:
-  runAsNonRoot: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
-service:
-  main:
-    enabled: false
-    ports:
-      main:
-        enabled: false
-
-probes:
-  liveness:
-    enabled: false
-  readiness:
-    enabled: false
-  startup:
-    enabled: false
-
-portal:
-  enabled: false

charts/incubator/cryptpad/Chart.yaml

@@ -8,7 +8,7 @@ appVersion: "latest"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: CryptPad is the Zero Knowledge realtime collaborative editor.
 home: https://truecharts.org/charts/incubator/cryptpad
@@ -27,4 +27,4 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/incubator/cryptpad
   - https://cryptpad.fr/
 type: application
-version: 3.0.1
+version: 3.0.4

charts/incubator/dashy/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "2.1.1"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 description: Dashy helps you organize your self-hosted services by making them accessible from a single place
 home: https://truecharts.org/charts/incubator/dashy
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/dashy.png
@@ -18,7 +18,7 @@ name: dashy
 sources:
   - https://github.com/truecharts/charts/tree/master/charts/incubator/dashy
   - https://github.com/airsonic/airsonic
-version: 3.0.6
+version: 3.0.9
 annotations:
   truecharts.org/catagories: |
     - dashboard

charts/incubator/etesync/Chart.yaml

@@ -3,11 +3,11 @@ appVersion: "0.11.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
   - condition: redis.enabled
     name: redis
     repository: https://deps.truecharts.org
-    version: 6.0.50
+    version: 6.0.58
 deprecated: false
 description: Secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars, tasks and notes.
 home: https://truecharts.org/charts/incubator/etesync
@@ -31,7 +31,7 @@ sources:
   - https://github.com/etesync
   - https://github.com/victor-rds/docker-etebase
 type: application
-version: 4.0.3
+version: 4.0.7
 annotations:
   truecharts.org/catagories: |
     - productivity

charts/incubator/factorio/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 kubeVersion: ">=1.16.0-0"
 name: factorio
-version: 4.0.1
+version: 4.0.4
 appVersion: "stable"
 description: "This Chart Chart will download the latest stable release of the game, generate the map and you're ready to play."
 type: application
@@ -17,7 +17,7 @@ sources:
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 maintainers:
   - email: info@truecharts.org
     name: TrueCharts

charts/incubator/firefox/templates/common.yaml

@@ -1 +0,0 @@
-{{ include "tc.common.loader.all" . }}

charts/incubator/firefox/values.yaml

@@ -1,29 +0,0 @@
-image:
-  repository: tccr.io/truecharts/firefox
-  pullPolicy: IfNotPresent
-  tag: 101.0.1@sha256:ed6178aa78fa1d11cad7c86d6554b3d9e903a82aec65ab6d7fb8ea77aeb6810b
-
-securityContext:
-  runAsNonRoot: false
-  readOnlyRootFilesystem: false
-
-podSecurityContext:
-  runAsUser: 0
-  runAsGroup: 0
-
-service:
-  main:
-    ports:
-      main:
-        targetPort: 3000
-        port: 10131
-
-persistence:
-  config:
-    enabled: true
-    mountPath: "/config"
-  varrun:
-    enabled: true
-
-portal:
-  enabled: true

charts/incubator/frigate/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "0.11.1"
+appVersion: "0.12.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: NVR With Realtime Object Detection for IP Cameras
 home: https://truecharts.org/charts/incubator/frigate
@@ -23,7 +23,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/incubator/frigate
   - https://github.com/blakeblackshear/frigate
 type: application
-version: 7.0.1
+version: 9.0.1
 annotations:
   truecharts.org/catagories: |
     - nvr

charts/incubator/frigate/ci/figrate-configfile-values.yaml

@@ -0,0 +1 @@
+frigateConfig: {}

charts/incubator/frigate/ci/figrateConfig-values.yaml

@@ -0,0 +1,11 @@
+frigateConfig:
+  mqtt:
+    enabled: false
+  cameras:
+    dummy:
+      enabled: false
+      ffmpeg:
+        inputs:
+          - path: rtsp://127.0.0.1:554/rtsp
+            roles:
+              - detect

charts/incubator/frigate/templates/_configmap.tpl

@@ -2,491 +2,41 @@
 {{- define "frigate.configmap" -}}
 enabled: true
 data:
+  {{- if .Values.frigateConfig }}
   config.yml: |
-    database:
-      path: /db/frigate.db
+    {{- .Values.frigateConfig | toYaml | nindent 4 }}
+  {{- else }}
+  config.yml.dummy: |
     mqtt:
-      {{- include "frigate.mqtt" .Values.frigate.mqtt | indent 6 }}
-
-    {{- if and .Values.frigate.detectors.render_config .Values.frigate.detectors.config }}
-    detectors:
-      {{- include "frigate.detectors" .Values.frigate.detectors | indent 6 }}
-    {{- end }}
-
-    {{- if .Values.frigate.model.render_config }}
-    model:
-      {{- include "frigate.model" .Values.frigate.model | indent 6 }}
-    {{- end }}
-
-    {{- if .Values.frigate.logger.render_config }}
-    logger:
-      {{- include "frigate.logger" .Values.frigate.logger | indent 6 }}
-    {{- end }}
-
-    {{- if .Values.frigate.birdseye.render_config }}
-    birdseye:
-      {{- include "frigate.birdseye" .Values.frigate.birdseye | indent 6 }}
-    {{- end }}
-
-    {{- if .Values.frigate.ffmpeg.render_config }}
-    ffmpeg:
-      {{- include "frigate.ffmpeg" .Values.frigate.ffmpeg | indent 6 }}
-    {{- end }}
-
-    {{- if .Values.frigate.detect.render_config }}
-    detect:
-      {{- include "frigate.detect" .Values.frigate.detect | indent 6 }}
-    {{- end -}}
-
-    {{- if .Values.frigate.objects.render_config }}
-    objects:
-      {{- include "frigate.objects" .Values.frigate.objects | indent 6 }}
-    {{- end }}
-
-    {{- if .Values.frigate.motion.render_config }}
-    motion:
-      {{- include "frigate.motion" .Values.frigate.motion | indent 6 }}
-    {{- end }}
-
-    {{- if .Values.frigate.record.render_config }}
-    record:
-      {{- include "frigate.record" .Values.frigate.record | indent 6 }}
-    {{- end }}
-
-    {{- if .Values.frigate.snapshots.render_config }}
-    snapshots:
-      {{- include "frigate.snapshots" .Values.frigate.snapshots | indent 6 }}
-    {{- end }}
-
-    {{- if .Values.frigate.rtmp.render_config }}
-    rtmp:
-      {{- include "frigate.rtmp" .Values.frigate.rtmp | indent 6 }}
-    {{- end }}
-
-    {{- if .Values.frigate.live.render_config }}
-    live:
-      {{- include "frigate.live" .Values.frigate.live | indent 6 }}
-    {{- end }}
-
-    {{- if .Values.frigate.timestamp_style.render_config }}
-    timestamp_style:
-      {{- include "frigate.timestamp_style" .Values.frigate.timestamp_style | indent 6 }}
-    {{- end }}
-
-    {{- $cameras := .Values.frigate.cameras }}
+      enabled: false
     cameras:
-    {{- range $cam := $cameras }}
-      {{ $cam.camera_name | required "You need to provide a camera name" }}:
+      dummy:
+        enabled: false
         ffmpeg:
           inputs:
-            {{- range $input := $cam.ffmpeg.inputs }}
-            - path: {{ $input.path | required "You need to provide a path" }}
+            - path: rtsp://127.0.0.1:554/rtsp
               roles:
-              {{- range $role := $input.roles }}
-                - {{ $role }}
-              {{- else -}}
-                {{- fail "You need to provide roles" -}}
-              {{- end -}}
-              {{- include "frigate.ffmpeg" $input | indent 14 }}
-            {{- end -}} {{/* End range $cam.ffmpeg.inputs */}}
-          {{- include "frigate.ffmpeg" $cam.ffmpeg | indent 10 }}
-        {{- with $cam.best_image_timeout }}
-        best_image_timeout: {{ . }}
-        {{- end -}}
-        {{- with $cam.zones }}
-        zones:
-          {{- range $zone := . }}
-          {{ $zone.name | required "You have to specify a zone name" }}:
-            coordinates: {{ required "You have to specify coordinates" .coordinates }}
-            {{- with $zone.objects }}
-            objects:
-              {{- range $obj := . }}
-              - {{ $obj }}
-              {{- end -}}
-            {{- end -}}
-            {{- with $zone.filters }}
-            filters:
-              {{- range $filter := . }}
-              {{ $filter.object | required "You have to specify an object" }}:
-                {{- with $filter.min_area }}
-                min_area: {{ . }}
-                {{- end -}}
-                {{- with $filter.max_area }}
-                max_area: {{ . }}
-                {{- end -}}
-                {{- with $filter.threshold }}
-                threshold: {{ . }}
-                {{- end -}}
-              {{- end -}} {{/* end range filters */}}
-            {{- end -}} {{/* end with filter */}}
-          {{- end -}} {{/* end range zones */}}
-        {{- end -}} {{/* end with zones */}}
-        {{- if $cam.mqtt.render_config -}}
-        {{- with $cam.mqtt }}
-        mqtt:
-          enabled: {{ ternary "True" "False" .enabled }}
-          timestamp: {{ ternary "True" "False" .timestamp }}
-          bounding_box: {{ ternary "True" "False" .bounding_box }}
-          crop: {{ ternary "True" "False" .crop }}
-          {{- with .height }}
-          height: {{ . }}
-          {{- end -}}
-          {{- with .quality }}
-          quality: {{ . }}
-          {{- end -}}
-          {{- with .required_zones }}
-          required_zones:
-            {{- range $zone := . }}
-            - {{ $zone }}
-            {{- end -}}
-          {{- end -}}
-        {{- end -}} {{/* end with mqtt */}}
-        {{- end -}} {{/* end if mqtt.render_config */}}
-        {{- if $cam.ui.render_config -}}
-        {{- with $cam.ui }}
-        ui:
-          {{- if not (kindIs "invalid" .order) }}
-          order: {{ .order }}
-          {{- end }}
-          dashboard: {{ ternary "True" "False" .dashboard }}
-        {{- end -}} {{/* end with ui */}}
-        {{- end -}} {{/* end if ui.render_config */}}
-    {{- end -}} {{/* end range cameras */}}
-{{- end }}
-
-{{- define "frigate.ffmpeg" -}}
-{{- $ffmpeg := . -}}
-
-{{- with $ffmpeg.global_args }}
-global_args: {{ . }}
-{{- end -}}
-{{- with $ffmpeg.input_args }}
-input_args: {{ . }}
-{{- end -}}
-{{- with $ffmpeg.hwaccel_args }}
-hwaccel_args: {{ . }}
-{{- end -}}
-{{- if $ffmpeg.output_args -}}
-{{- if or $ffmpeg.output_args.detect $ffmpeg.output_args.record $ffmpeg.output_args.rtmp }}
-output_args:
-  {{- with $ffmpeg.output_args.detect }}
-  detect: {{ . }}
-  {{- end -}}
-  {{- with $ffmpeg.output_args.record }}
-  record: {{ . }}
-  {{- end -}}
-  {{- with $ffmpeg.output_args.rtmp }}
-  rtmp: {{ . }}
-  {{- end -}}
-{{- end -}}
-{{- end -}}
+                - detect
+  {{- end }}
 {{- end -}}
 
-{{- define "frigate.detect" -}}
-{{- $detect := . }}
-enabled: {{ ternary "True" "False" $detect.enabled }}
-{{- with $detect.width }}
-width: {{ . }}
-{{- end -}}
-{{- with $detect.height }}
-height: {{ . }}
-{{- end -}}
-{{- with $detect.fps }}
-fps: {{ . }}
-{{- end -}}
-{{- with $detect.max_disappeared }}
-max_disappeared: {{ . }}
-{{- end -}}
-{{- if or (not (kindIs "invalid" $detect.stationary.interval)) $detect.stationary.threshold $detect.stationary.set_max_frames }}
-stationary:
-  {{- if not (kindIs "invalid" $detect.stationary.interval) }} {{/* invalid kind means its empty (0 is not empty) */}}
-  interval: {{ $detect.stationary.interval }}
-  {{- end -}}
-  {{- with $detect.stationary.threshold }}
-  threshold: {{ . }}
-  {{- end -}}
-  {{- if (hasKey $detect.stationary "max_frames") }}
-  {{- if or $detect.stationary.max_frames.default $detect.stationary.max_frames.objects }}
-  max_frames:
-    {{- with $detect.stationary.max_frames.default }}
-    default: {{ . }}
-    {{- end -}}
-    {{- with $detect.stationary.max_frames.objects }}
-    objects:
-      {{- range $obj := . }}
-      {{ $obj.object | required "You need to provide an object" }}: {{ $obj.frames | required "You need to provide frames" }}
-      {{- end -}}
-    {{- end -}}
-  {{- end -}}
-  {{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "frigate.motion" -}}
-{{- $motion := . -}}
-
-{{- with $motion.threshold }}
-threshold: {{ . }}
-{{- end -}}
-{{- with $motion.contour_area }}
-contour_area: {{ . }}
-{{- end -}}
-{{- with $motion.delta_alpha }}
-delta_alpha: {{ . }}
-{{- end -}}
-{{- with $motion.frame_alpha }}
-frame_alpha: {{ . }}
-{{- end -}}
-{{- with $motion.frame_height }}
-frame_height: {{ . }}
-{{- end -}}
-{{- with $motion.mask }}
-mask: {{ . }}
-{{- end }}
-improve_contrast: {{ ternary "True" "False" $motion.improve_contrast }}
-{{- with $motion.mqtt_off_delay }}
-mqtt_off_delay: {{ . }}
-{{- end -}}
-{{- end -}}
-
-{{- define "frigate.record" -}}
-{{- $record := . }}
-enabled: {{ ternary "True" "False" $record.enabled }}
-{{- with $record.expire_interval }}
-expire_interval: {{ . }}
-{{- end -}}
-{{- if $record.retain.render_config }}
-retain:
-  {{- if not (kindIs "invalid" $record.retain.days) }}
-  days: {{ $record.retain.days }}
-  {{- end -}}
-  {{- with $record.retain.mode }}
-  mode: {{ . }}
-  {{- end -}}
-{{- end -}}
-{{- if $record.events.render_config }}
-events:
-  {{- if not (kindIs "invalid" $record.events.pre_capture) }}
-  pre_capture: {{ $record.events.pre_capture }}
-  {{- end -}}
-  {{- if not (kindIs "invalid" $record.events.post_capture) }}
-  post_capture: {{ $record.events.post_capture }}
-  {{- end -}}
-  {{- with $record.events.objects }}
-  objects:
-    {{- range $obj := . }}
-    - {{ $obj }}
-    {{- end -}}
-  {{- end -}}
-  {{- with $record.events.required_zones }}
-  required_zones:
-    {{- range $zone := . }}
-    - {{ $zone }}
-    {{- end -}}
-  {{- end -}}
-  {{- if $record.events.retain.render_config }}
-  retain:
-    default: {{ $record.events.retain.default | required "You need to provide default retain days" }}
-    {{- with $record.events.retain.mode }}
-    mode: {{ . }}
-    {{- end -}}
-    {{- with $record.events.retain.objects }}
-    objects:
-    {{- range $obj := . }}
-      {{ $obj.object | required "You need to provide an object" }}: {{ $obj.days | required "You need to provide default retain days" }}
-    {{- end -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "frigate.objects" -}}
-{{- $objects := . -}}
-
-{{- with $objects.track }}
-track:
-  {{- range $track := . }}
-  - {{ $track }}
-  {{- end -}}
-{{- end -}}
-{{- with $objects.mask }}
-mask: {{ . }}
-{{- end -}}
-{{- with $objects.filters }}
-filters:
-  {{- range $filter := . }}
-  {{ $filter.object | required "You need to provide an object" }}:
-    {{- with $filter.min_area }}
-    min_area: {{ . }}
-    {{- end -}}
-    {{- with $filter.max_area }}
-    max_area: {{ . }}
-    {{- end -}}
-    {{- with $filter.min_ratio }}
-    min_ratio: {{ . }}
-    {{- end -}}
-    {{- with $filter.max_ratio }}
-    max_ratio: {{ . }}
-    {{- end -}}
-    {{- with $filter.min_score }}
-    min_score: {{ . }}
-    {{- end -}}
-    {{- with $filter.threshold }}
-    threshold: {{ . }}
-    {{- end -}}
-    {{- with $filter.mask }}
-    mask: {{ . }}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "frigate.birdseye" -}}
-{{- $birdseye := . }}
-enabled: {{ ternary "True" "False" $birdseye.enabled }}
-{{- with $birdseye.width }}
-width: {{ . }}
-{{- end -}}
-{{- with $birdseye.height }}
-height: {{ . }}
-{{- end -}}
-{{- with $birdseye.quality }}
-quality: {{ . }}
-{{- end -}}
-{{- with $birdseye.mode }}
-mode: {{ . }}
-{{- end -}}
-{{- end -}}
-
-{{- define "frigate.timestamp_style" -}}
-{{- $timestamp_style := . -}}
-
-{{- with $timestamp_style.position }}
-position: {{ . }}
-{{- end -}}
-{{- with $timestamp_style.format }}
-format: {{ . }}
-{{- end -}}
-{{- if $timestamp_style.color.render_config }}
-color:
-  red: {{ $timestamp_style.color.red }}
-  green: {{ $timestamp_style.color.green }}
-  blue: {{ $timestamp_style.color.blue }}
-{{- end -}}
-{{- with $timestamp_style.thickness }}
-thickness: {{ . }}
-{{- end -}}
-{{- with $timestamp_style.effect }}
-effect: {{ $timestamp_style.effect }}
-{{- end -}}
-{{- end -}}
-
-{{- define "frigate.live" -}}
-{{- $live := . -}}
-{{- with $live.height }}
-height: {{ . }}
-{{- end -}}
-{{- with $live.quality }}
-quality: {{ . }}
-{{- end -}}
-{{- end -}}
-
-{{- define "frigate.rtmp" -}}
-{{- $rtmp := . }}
-enabled: {{ ternary "True" "False" $rtmp.enabled }}
-{{- end -}}
-
-{{- define "frigate.snapshots" -}}
-{{- $snapshots := . }}
-enabled: {{ ternary "True" "False" $snapshots.enabled }}
-clean_copy: {{ ternary "True" "False" $snapshots.clean_copy }}
-timestamp: {{ ternary "True" "False" $snapshots.timestamp }}
-bounding_box: {{ ternary "True" "False" $snapshots.bounding_box }}
-crop: {{ ternary "True" "False" $snapshots.crop }}
-{{- with $snapshots.height }}
-height: {{ . }}
-{{- end -}}
-{{- with $snapshots.required_zones }}
-required_zones:
-  {{- range $zone := . }}
-  - {{ $zone }}
-  {{- end -}}
-{{- end -}}
-{{- if $snapshots.retain.render_config }}
-retain:
-  default: {{ $snapshots.retain.default | required "You need to provide default retain days" }}
-  {{- with $snapshots.retain.objects }}
-  objects:
-  {{- range $obj := . }}
-    {{ $obj.object | required "You need to provide an object" }}: {{ $obj.days | required "You need to provide default retain days" }}
-  {{- end -}}
-  {{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "frigate.detectors" -}}
-{{- $detectors := . -}}
-
-{{- range $detector := $detectors.config }}
-{{ $detector.name | required "You need to provide a detector name" }}:
-  type: {{ $detector.type | required "You need to provide a detector type" }}
-  {{- with $detector.device }}
-  device: {{ . }}
-  {{- end -}}
-  {{- with $detector.num_threads }}
-  num_threads: {{ . }}
-  {{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "frigate.model" -}}
-{{ $model := . }}
-width: {{ $model.width | required "You need to provide a model width" }}
-height: {{ $model.height | required "You need to provide a model height" }}
-{{- with $model.path }}
-path: {{ . }}
-{{- end -}}
-{{- with $model.labelmap_path }}
-labelmap_path: {{ . }}
-{{- end -}}
-{{- with $model.labelmap }}
-labelmap:
-  {{- range $lmap := . }}
-  {{ $lmap.model | required "You need to provide a labelmap model" }}: {{ $lmap.name | required "You need to provide a labelmap name" }}
-  {{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "frigate.logger" -}}
-{{- $logger := . }}
-default: {{ $logger.default }}
-{{- with $logger.logs }}
-logs:
-  {{- range $log := . }}
-  {{ $log.component | required "You need to provide a logger cmponent" }}: {{ $log.verbosity | required "You need to provide logger verbosity" }}
-  {{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{- define "frigate.mqtt" -}}
-{{- $mqtt := . }}
-host: {{ required "You need to provide an MQTT host" $mqtt.host }}
-{{- with $mqtt.port }}
-port: {{ . }}
-{{- end -}}
-{{- with $mqtt.topic_prefix }}
-topic_prefix: {{ . }}
-{{- end -}}
-{{- with $mqtt.client_id }}
-client_id: {{ . }}
-{{- end -}}
-{{- if not (kindIs "invalid" $mqtt.stats_interval) }}
-stats_interval: {{ $mqtt.stats_interval }}
-{{- end -}}
-{{- with $mqtt.user }}
-user: {{ . }}
-{{- end -}}
-{{- with $mqtt.password }}
-password: {{ . }}
+{{- define "frigate.configVolume" -}}
+enabled: true
+type: configmap
+objectName: frigate-config
+targetSelector:
+  main:
+    main: {}
+    init-config: {}
+{{- if .Values.frigateConfig }}
+mountPath: /config
+items:
+  - key: config.yml
+    path: config.yml
+{{- else  }}
+mountPath: /dummy-config
+items:
+  - key: config.yml.dummy
+    path: config.yml.dummy
 {{- end -}}
 {{- end -}}

charts/incubator/frigate/templates/common.yaml

@@ -7,5 +7,14 @@
   {{- $_ := set .Values.configmap "frigate-config" $config -}}
 {{- end -}}
 
+{{- if not .Values.frigateConfig -}}
+  {{- $_ := set .Values.persistence.config "enabled" true -}}
+{{- end -}}
+
+{{- $vol := include "frigate.configVolume" . | fromYaml -}}
+{{- if $vol -}}
+  {{- $_ := set .Values.persistence "frigate-config" $vol -}}
+{{- end -}}
+
 {{/* Render the templates */}}
 {{ include "tc.v1.common.loader.apply" . }}

charts/incubator/frigate/values.yaml

@@ -1,431 +1,48 @@
 image:
   repository: tccr.io/truecharts/frigate
   pullPolicy: IfNotPresent
-  tag: 0.11.1@sha256:8dd7273eebf396563d7bbc14778fd3d58c624e5063ffcf74b5b0afe63e7cdd7f
+  tag: v0.12.0@sha256:6fac983662fc6095ffdc8dd494f0c918192ddab80602f01d50a3569dab868148
+
+# When this is defined, the contents will be mounted
+# as configmap into the container at /config/config.yml.
+frigateConfig: {}
+  # -- https://docs.frigate.video/configuration/
+  # mqtt:
+  #   enabled: False
+  # cameras:
+  #   dummy:
+  #     enabled: False
+  #     ffmpeg:
+  #       inputs:
+  #         - path: rtsp://127.0.0.1:554/rtsp
+  #           roles:
+  #             - detect
+
+workload:
+  main:
+    podSpec:
+      initContainers:
+        init-config:
+          enabled: "{{ not .Values.frigateConfig }}"
+          type: init
+          imageSelector: alpineImage
+          command:
+            - /bin/sh
+            - -c
+            - |
+              mkdir -p /config
+              if [ ! -f /config/config.yml ]; then
+                echo "Config file not found, copying dummy..."
+                cp /dummy-config/config.yml.dummy /config/config.yml
+                echo "Config file copied, you can now edit it at /config/config.yml"
+              fi
 
 securityContext:
   container:
     readOnlyRootFilesystem: false
     runAsNonRoot: false
     runAsUser: 0
-    runAsGroup: 0  
-# -- The "render_config" key is only used internally to "render" or not the configuration
-# - Some parts of the config bellow are slightly modified so they can be added on SCALE UI. Mainly lists.
-# - Do not blindly copy paste configuration from upstream. As this won't work on all cases
-# - Where you see "null" set as default is ignored by the configmap. (Not all keys are supported).
-# - Those "nulls" should be replaced with integers (if you want to set a value)
-frigate:
-  mqtt:
-    host: mqtt.server.com
-    port: 1883
-    # -- NOTE: Must be unique if you are running multiple instances
-    topic_prefix: ""
-    # -- NOTE: Must be unique if you are running multiple instances
-    client_id: ""
-    user: ""
-    password: ""
-    stats_interval: 60
-
-  detectors:
-    # -- Enable it to add the configuration in the config file
-    render_config: false
-    config: []
-    # -- Required: Name of the detector
-    # - name: coral
-    #   # -- Valid values are 'edgetpu' (requires device property below) and 'cpu'.
-    #   type: edgetpu
-    #   # -- Device name as defined here: https://coral.ai/docs/edgetpu/multiple-edgetpu/#using-the-tensorflow-lite-python-api
-    #   device: usb
-    #   # -- This value is only used for CPU types
-    #   num_threads: 3
-
-  model:
-    # -- Enable it to add the configuration in the config file
-    render_config: false
-    # -- Required: Object detection model input width
-    width: 320
-    # -- Required: Object detection model input height
-    height: 320
-    # -- Optional: Path to the model
-    path: ""
-    # -- Optional: Path to the labelmap
-    labelmap_path: ""
-    # -- Optional: Label name modifications.
-    labelmap: []
-    # - model: "2"
-    #   name: vehicle
-    # - model: 3
-    #   name: vehicle
-
-  logger:
-    # -- Enable it to add the configuration in the config file
-    render_config: false
-    # -- Optional: Default log verbosity (default: shown below)
-    default: info
-    # -- Optional: Component specific logger overrides
-    logs: []
-    # - component: frigate.event
-    #   verbosity: debug
-
-  birdseye:
-    # -- Enable it to add the configuration in the config file
-    render_config: false
-    # -- Enables birdseye
-    enabled: true
-    # -- Optional: Width of the output resolution
-    width: null
-    # -- Optional: Height of the output resolution
-    height: null
-    # -- Optional: Encoding quality of the mpeg1 feed
-    # - 1 is the highest quality, and 31 is the lowest. Lower quality feeds utilize less CPU resources.
-    quality: null
-    # -- Optional: Mode of the view. Available options are: objects, motion, and continuous
-    # - objects - cameras are included if they have had a tracked object within the last 30 seconds
-    # - motion - cameras are included if motion was detected in the last 30 seconds
-    # - continuous - all cameras are included always
-    mode: ""
-
-  ffmpeg:
-    # -- Enable it to add the configuration in the config file
-    render_config: true
-    # -- Optional: global ffmpeg args
-    global_args: ""
-    # -- Optional: global input args
-    input_args: ""
-    # -- Optional: global hwaccel args
-    # - NOTE: See hardware acceleration docs for your specific device
-    hwaccel_args: ""
-    # -- Optional: global output args
-    output_args:
-      # -- Optional: output args for detect streams
-      detect: ""
-      # -- Optional: output args for record streams
-      record: ""
-      # -- Optional: output args for rtmp streams
-      rtmp: ""
-
-  detect:
-    # -- Enable it to add the configuration in the config file
-    render_config: false
-    # -- Enables detection for the camera.
-    # - This value can be set via MQTT and will be updated in startup based on retained value
-    enabled: true
-    # -- Optional: width of the frame for the input with the detect role
-    width: null
-    # -- Optional: height of the frame for the input with the detect role
-    height: null
-    # -- Optional: desired fps for your camera for the input with the detect role
-    # - NOTE: Recommended value of 5. Ideally, try and reduce your FPS on the camera.
-    fps: null
-    # -- Optional: Number of frames without a detection before frigate considers an object to be gone. (default: 5x the frame rate)
-    max_disappeared: null
-    # -- Optional: Configuration for stationary object tracking
-    stationary:
-      # -- Optional: Frequency for confirming stationary objects
-      # - When set to 0, object detection will not confirm stationary objects until movement is detected.
-      # - If set to 10, object detection will run to confirm the object still exists on every 10th frame.
-      interval: null
-      # -- Optional: Number of frames without a position change for an object to be considered stationary (default: 10x the frame rate or 10s)
-      threshold: null
-      # -- Optional: Define a maximum number of frames for tracking a stationary object (default: not set, track forever)
-      # - This can help with false positives for objects that should only be stationary for a limited amount of time.
-      # - It can also be used to disable stationary object tracking. For example, you may want to set a value for person, but leave
-      # - car at the default.
-      # - WARNING: Setting these values overrides default behavior and disables stationary object tracking.
-      # - There are very few situations where you would want it disabled. It is NOT recommended to
-      # - copy these values from the example config into your config unless you know they are needed.
-      # max_frames:
-      #   # -- Optional: Default for all object types (default: not set, track forever)
-      #   default:
-      #   # -- Optional: Object specific values
-      #   objects:
-      #     - object: person
-      #       frames: 1000
-
-  objects:
-    # -- Enable it to add the configuration in the config file
-    render_config: false
-    # -- Optional: list of objects to track from labelmap.txt
-    track: []
-    # - person
-    # - car
-    # -- Optional: mask to prevent all object types from being detected in certain areas (default: no mask)
-    # - Checks based on the bottom center of the bounding box of the object.
-    # - NOTE: This mask is COMBINED with the object type specific mask below
-    mask: ""
-    # - Optional: filters to reduce false positives for specific object types
-    filters: []
-    # - object: person
-    #   # -- Optional: Minimum width*height of the bounding box for the detected object
-    #   min_area: 5000
-    #   # -- Optional: Maximum width*height of the bounding box for the detected object
-    #   max_area: 100000
-    #   # -- Optional: Minimum width/height of the bounding box for the detected object
-    #   min_ratio: "0.5"
-    #   # -- Optional: Maximum width/height of the bounding box for the detected object
-    #   max_ratio: "2.0"
-    #   # -- Optional: Minimum score for the object to initiate tracking
-    #   min_score: "0.5"
-    #   # -- Optional: Minimum decimal percentage for tracked object's computed score to be considered a true positive
-    #   threshold: "0.7"
-    #   # -- Optional: Mask to prevent this object type from being detected in certain areas
-    #   # - Checks based on the bottom center of the bounding box of the object
-    #   mask: 0,0,1000,0,1000,200,0,200
-
-  motion:
-    # -- Enable it to add the configuration in the config file
-    render_config: false
-    # -- Optional: The threshold passed to cv2.threshold to determine if a pixel is different enough to be counted as motion.
-    # - Increasing this value will make motion detection less sensitive and decreasing it will make motion detection more sensitive.
-    # - The value should be between 1 and 255.
-    threshold: null
-    # -- Optional: Minimum size in pixels in the resized motion image that counts as motion
-    # - Increasing this value will prevent smaller areas of motion from being detected. Decreasing will
-    # - make motion detection more sensitive to smaller moving objects.
-    # - As a rule of thumb:
-    # - 15 - high sensitivity
-    # - 30 - medium sensitivity
-    # - 50 - low sensitivity
-    contour_area: null
-    # -- Optional: Alpha value passed to cv2.accumulateWeighted when averaging the motion delta across multiple frames
-    # - Higher values mean the current frame impacts the delta a lot, and a single raindrop may register as motion.
-    # - Too low and a fast moving person wont be detected as motion.
-    delta_alpha: ""
-    # -- Optional: Alpha value passed to cv2.accumulateWeighted when averaging frames to determine the background
-    # - Higher values mean the current frame impacts the average a lot, and a new object will be averaged into the background faster.
-    # - Low values will cause things like moving shadows to be detected as motion for longer.
-    # - https://www.geeksforgeeks.org/background-subtraction-in-an-image-using-concept-of-running-average/
-    frame_alpha: ""
-    # -- Optional: Height of the resized motion frame  (default: 50)
-    # - This operates as an efficient blur alternative. Higher values will result in more granular motion detection at the expense
-    # - of higher CPU usage. Lower values result in less CPU, but small changes may not register as motion.
-    frame_height: null
-    # -- Optional: motion mask
-    # - NOTE: see docs for more detailed info on creating masks
-    mask: ""
-    # -- Optional: improve contrast
-    # - Enables dynamic contrast improvement. This should help improve night detections at the cost of making motion detection more sensitive
-    # - for daytime.
-    improve_contrast: false
-    # -- Optional: Delay when updating camera motion through MQTT from ON -> OFF
-    mqtt_off_delay: null
-
-  record:
-    # -- Enable it to add the configuration in the config file
-    render_config: false
-    # -- Optional: Enable recording
-    # - WARNING: If recording is disabled in the config, turning it on via
-    # - the UI or MQTT later will have no effect.
-    # - WARNING: Frigate does not currently support limiting recordings based
-    # - on available disk space automatically. If using recordings,
-    # - you must specify retention settings for a number of days that
-    # - will fit within the available disk space of your drive or Frigate will crash.
-    enabled: false
-    # -- Optional: Number of minutes to wait between cleanup runs
-    # - This can be used to reduce the frequency of deleting recording segments from disk if you want to minimize i/o
-    expire_interval:
-    # -- Optional: Retention settings for recording
-    retain:
-      # -- Render retain config
-      render_config: false
-      # -- Optional: Number of days to retain recordings regardless of events
-      # - NOTE: This should be set to 0 and retention should be defined in events section below
-      # - if you only want to retain recordings of events.
-      days:
-      # -- Optional: Mode for retention. Available options are: all, motion, and active_objects
-      # - all - save all recording segments regardless of activity
-      # - motion - save all recordings segments with any detected motion
-      # - active_objects - save all recording segments with active/moving objects
-      # - NOTE: this mode only applies when the days setting above is greater than 0
-      mode: ""
-    # -- Optional: Event recording settings
-    events:
-      # -- Enable it to add the configuration in the config file
-      render_config: false
-      # -- Optional: Number of seconds before the event to include
-      pre_capture: null
-      # -- Optional: Number of seconds after the event to include
-      post_capture: null
-      # -- Optional: Objects to save recordings for. Defaults to all
-      objects: []
-      # - person
-      # -- Optional: Restrict recordings to objects that entered any of the listed zones
-      required_zones: []
-      # -- Optional: Retention settings for recordings of events
-      retain:
-        # -- Render retain config
-        render_config: false
-        # -- Required: Default retention days
-        default: 10
-        # -- Optional: Mode for retention.
-        # - all - save all recording segments for events regardless of activity
-        # - motion - save all recordings segments for events with any detected motion
-        # - active_objects - save all recording segments for event with active/moving objects
-        mode: ""
-        # -- Optional: Per object retention days
-        objects: []
-        # - object: person
-        #   days: 15
-
-  snapshots:
-    # -- Enable it to add the configuration in the config file
-    render_config: false
-    # -- Optional: Enable writing jpg snapshot to /media/frigate/clips
-    # - This value can be set via MQTT and will be updated in startup based on retained value
-    enabled: false
-    # -- Optional: Save a clean PNG copy of the snapshot image
-    clean_copy: true
-    # -- Optional: print a timestamp on the snapshots
-    timestamp: false
-    # -- Optional: draw bounding box on the snapshots
-    bounding_box: false
-    # -- Optional: crop the snapshot
-    crop: false
-    # -- Optional: height to resize the snapshot to (default: original size)
-    height:
-    # -- Optional: Restrict snapshots to objects that entered any of the listed zones (default: no required zones)
-    required_zones: []
-    # -- Optional: Camera override for retention settings (default: global values)
-    retain:
-      # -- Render retain config
-      render_config: false
-      # -- Required: Default retention days (default: shown below)
-      default: 10
-      # -- Optional: Per object retention days
-      objects: []
-      # - object: person
-      #   days: 15
-
-  rtmp:
-    # -- Enable it to add the configuration in the config file
-    render_config: false
-    # - Optional: Enable the RTMP stream
-    enabled: true
-
-  live:
-    # -- Enable it to add the configuration in the config file
-    render_config: false
-    # -- Optional: Set the height of the live stream. (default: 720)
-    # - This must be less than or equal to the height of the detect stream. Lower resolutions
-    # - reduce bandwidth required for viewing the live stream. Width is computed to match known aspect ratio.
-    height: null
-    # -- Optional: Set the encode quality of the live stream (default: shown below)
-    # - 1 is the highest quality, and 31 is the lowest. Lower quality feeds utilize less CPU resources.
-    quality: null
-
-  timestamp_style:
-    # -- Enable it to add the configuration in the config file
-    render_config: false
-    # -- Optional: Position of the timestamp
-    # - "tl" (top left), "tr" (top right), "bl" (bottom left), "br" (bottom right)
-    position: ""
-    # -- Optional: Format specifier conform to the Python package "datetime"
-    # - Additional Examples:
-    # - german: "%d.%m.%Y %H:%M:%S"
-    format: ""
-    # -- Optional: Color of font
-    color:
-      # -- Enable it to add the configuration in the config file
-      render_config: false
-      # -- All Required when color is specified (default: shown below)
-      red: 255
-      green: 255
-      blue: 255
-    # -- Optional: Line thickness of font (default: shown below)
-    thickness: null
-    # -- Optional: Effect of lettering (default: shown below)
-    # - None (No effect),
-    # - "solid" (solid background in inverse color of font)
-    # - "shadow" (shadow for font)
-    effect: ""
-
-  cameras:
-    # -- Required: name of the camera
-    - camera_name: back
-      # -- Required: ffmpeg settings for the camera
-      ffmpeg:
-        # -- Required: A list of input streams for the camera. See documentation for more information.
-        inputs:
-          # -- Required: the path to the stream
-          - path: rtsp://viewer:password@10.0.10.10:554/cam/realmonitor?channel=1&subtype=2
-            # -- Required: list of roles for this stream. valid values are: detect,record,rtmp
-            # - NOTICE: In addition to assigning the record, and rtmp roles,
-            # - they must also be enabled in the camera config.
-            roles:
-              - detect
-              - rtmp
-            # -- Optional: stream specific global args
-            global_args: ""
-            # - Optional: stream specific hwaccel args
-            hwaccel_args: ""
-            # - Optional: stream specific input args
-            input_args: ""
-            # - Optional: stream specific output args
-            output_args:
-              detect: ""
-              record: ""
-              rtmp: ""
-        # -- Optional: camera specific global args
-        global_args: ""
-        # -- Optional: camera specific hwaccel args
-        hwaccel_args: ""
-        # -- Optional: camera specific input args
-        input_args: ""
-        # -- Optional: camera specific output args
-        output_args:
-          detect: ""
-          record: ""
-          rtmp: ""
-      # -- Optional: timeout for highest scoring image before allowing it
-      # - to be replaced by a newer image.
-      best_image_timeout: 60
-      # -- Optional: zones for this camera
-      zones:
-        # -- Required: name of the zone
-        # - NOTE: This must be different than any camera names, but can match with another zone on another camera
-        - name: front_steps
-          # -- Required: List of x,y coordinates to define the polygon of the zone.
-          # - NOTE: Presence in a zone is evaluated only based on the bottom center of the objects bounding box.
-          coordinates: 545,1077,747,939,788,805
-          # -- Optional: List of objects that can trigger this zone (default: all tracked objects)
-          objects: []
-          # - person
-          # -- Optional: Zone level object filters.
-          # -NOTE: The global and camera filters are applied upstream.
-          filters: []
-          # - object: person
-          #   min_area: null
-          #   max_area: null
-          #   threshold: ""
-      # -- Optional: Configuration for the jpg snapshots published via MQTT
-      mqtt:
-        # -- Enable it to add the configuration in the config file
-        render_config: false
-        # -- Optional: Enable publishing snapshot via mqtt for camera
-        # - NOTE: Only applies to publishing image data to MQTT via 'frigate/<camera_name>/<object_name>/snapshot'.
-        # - All other messages will still be published.
-        enabled: true
-        # -- Optional: print a timestamp on the snapshots
-        timestamp: true
-        # -- Optional: draw bounding box on the snapshots
-        bounding_box: true
-        # -- Optional: crop the snapshot
-        crop: true
-        # -- Optional: height to resize the snapshot to
-        height: null
-        # -- Optional: jpeg encode quality
-        quality: null
-        # -- Optional: Restrict mqtt messages to objects that entered any of the listed zones
-        required_zones: []
-      # -- Optional: Configuration for how camera is handled in the GUI.
-      ui:
-        # -- Enable it to add the configuration in the config file
-        render_config: false
-        # -- Optional: Adjust sort order of cameras in the UI. Larger numbers come later
-        # - By default the cameras are sorted alphabetically.
-        order: null
-        # -- Optional: Whether or not to show the camera in the Frigate UI
-        dashboard: true
+    runAsGroup: 0
 
 ingress:
   rtmp:
@@ -450,29 +67,14 @@ persistence:
   media:
     enabled: true
     mountPath: /media
-    size: 256Gi
-  db:
-    enabled: true
-    mountPath: /db
-    size: 256Gi
-    type: emptyDir
-  cache:
-    enabled: true
-    mountPath: /tmp/cache
-    type: emptyDir
-  shm:
-    enabled: true
-    mountPath: /dev/shm
-    type: emptyDir
-    medium: Memory
-  frigate-config:
-    enabled: true
+  config:
+    # Only enable when not using frigateConfig
+    enabled: false
     mountPath: /config
-    type: configmap
-    objectName: frigate-config
-    items:
-      - key: config.yml
-        path: config.yml
+    targetSelector:
+      main:
+        main: {}
+        init-config: {}
 
 portal:
   open:

charts/incubator/kopia/Chart.yaml

@@ -1,9 +1,9 @@
 apiVersion: v2
-appVersion: "0.12.1"
+appVersion: "0.13.0"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 11.1.2
+    version: 12.14.1
 description: Kopia is a simple, cross-platform tool for managing encrypted backups in the cloud. It provides fast, incremental backups, secure, client-side end-to-end encryption, compression and data deduplication.
 home: https://truecharts.org/charts/incubator/kopia
 icon: https://truecharts.org/img/hotlink-ok/chart-icons/kopia.png
@@ -19,7 +19,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/incubator/kopia
   - https://kopia.io/docs/installation/#docker-images
   - https://github.com/kopia/kopia
-version: 5.0.0
+version: 6.0.1
 annotations:
   truecharts.org/catagories: |
     - utility

charts/incubator/kopia/ci/test-values.yaml

@@ -0,0 +1,10 @@
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          args:
+            - server
+            - start
+            - --address=http://0.0.0.0:10238
+            - --insecure

charts/incubator/kopia/questions.yaml

@@ -11,19 +11,26 @@ questions:
 # Include{podSpec}
 # Include{containerMain}
 
-                                - variable: env
+                                - variable: kopia
                                   group: "App Configuration"
                                   label: "Image Environment"
                                   schema:
                                     additional_attrs: true
                                     type: dict
                                     attrs:
+                                      - variable: USER
+                                        label: "Kopia User"
+                                        description: "Repository user"
+                                        schema:
+                                          type: string
+                                          default: "secret"
+                                          required: true
                                       - variable: KOPIA_PASSWORD
                                         label: "KOPIA_PASSWORD"
                                         description: "Repository password"
                                         schema:
                                           type: string
-                                          default: ""
+                                          default: "secret"
                                           required: true
                                           private: true
                                       - variable: KOPIA_SERVER_USERNAME
@@ -31,14 +38,14 @@ questions:
                                         description: "Username for WebUI"
                                         schema:
                                           type: string
-                                          default: ""
+                                          default: "server_user"
                                           required: true
                                       - variable: KOPIA_SERVER_PASSWORD
                                         label: "KOPIA_SERVER_PASSWORD"
                                         description: "Password for WebUI"
                                         schema:
                                           type: string
-                                          default: ""
+                                          default: "server_password"
                                           required: true
                                           private: true
 # Include{containerBasic}

charts/incubator/kopia/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}

charts/incubator/kopia/templates/_secret.tpl

@@ -0,0 +1,10 @@
+{{/* Define the secret */}}
+{{- define "kopia.secret" -}}
+
+enabled: true
+data:
+  USER: {{ .Values.kopia.user | default "user" }}
+  KOPIA_PASSWORD: {{ .Values.kopia.password | default "secret" }}
+  KOPIA_SERVER_USERNAME: {{ .Values.kopia.server_password | default "server_user" }}
+  KOPIA_SERVER_PASSWORD: {{ .Values.kopia.server_password | default "server_password" }}
+{{- end }}

charts/incubator/kopia/templates/common.yaml

@@ -1 +1,11 @@
-{{ include "tc.common.loader.all" . }}
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . }}
+
+{{/* Render secrets for kopia */}}
+{{- $secrets := include "kopia.secret" . | fromYaml -}}
+{{- if $secrets -}}
+{{- $_ := set .Values.secret "kopia-secret" $secrets -}}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "tc.v1.common.loader.apply" . }}

charts/incubator/kopia/values.yaml

@@ -1,19 +1,44 @@
 image:
   repository: tccr.io/truecharts/kopia
-  tag: 0.12.1@sha256:8f1c82292cf0c2271be78a9ede514858ba16a80c9105d258aabbde899dd7f1eb
+  tag: 0.13.0@sha256:72ed1856efdd443be31e23535d24242056639a387587aa3ade5413e75dad0603
   pullPolicy: IfNotPresent
 
-extraArgs: ["server", "--address=http://0.0.0.0:10238", "--ui", "--insecure"]
 
-secretEnv:
-  KOPIA_PASSWORD: ""
-  KOPIA_SERVER_USERNAME: "user"
-  KOPIA_SERVER_PASSWORD: "password"
+
+workload:
+  main:
+    podSpec:
+      containers:
+        main:
+          envFrom:
+            - secretRef:
+                name: "kopia-secret"
+          args:
+            - server
+            - start
+            - --address=http://0.0.0.0:10238
+            - --insecure
+            - --server-username={{ .Values.kopia.server_username }}
+            - --server-password={{ .Values.kopia.server_password }}
+          probes:
+            liveness:
+              enabled: false
+            readiness:
+              enabled: false
+            startup:
+              enabled: false
+
+kopia:
+  kopia_user: "user"
+  kopia_password: "secret"
+  kopia_server_username: "user"
+  kopia_server_password: "password"
 
 service:
   main:
     ports:
       main:
+        protocol: http
         port: 10238
 
 persistence:
@@ -31,4 +56,5 @@ persistence:
     mountPath: "/app/rclone"
 
 portal:
-  enabled: true
+  open:
+    enabled: true

charts/incubator/mosquitto/templates/common.yaml

@@ -1,5 +0,0 @@
-{{/* Make sure all variables are set properly */}}
-{{- include "tc.common.loader.init" . }}
-
-{{/* Render the templates */}}
-{{ include "tc.common.loader.apply" . }}

charts/incubator/netbootxyz/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "0.6.7"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: Your favorite operating systems in one place!
 home: https://truecharts.org/charts/incubator/netbootxyz
@@ -21,7 +21,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/incubator/netbootxyz
   - https://github.com/netbootxyz/netboot.xyz
 type: application
-version: 0.0.2
+version: 0.0.5
 annotations:
   truecharts.org/catagories: |
     - networking

charts/incubator/rickroll/Chart.yaml

@@ -3,7 +3,7 @@ appVersion: "latest"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
 deprecated: false
 description: Self-hosted Rick Roll chart.
 home: https://truecharts.org/charts/incubator/rickroll
@@ -21,7 +21,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/incubator/rickroll
   - https://github.com/modem7/docker-rickroll
 type: application
-version: 3.0.1
+version: 3.0.4
 annotations:
   truecharts.org/catagories: |
     - Other

charts/incubator/servas/Chart.yaml

@@ -3,11 +3,11 @@ appVersion: "0.0.5"
 dependencies:
   - name: common
     repository: https://library-charts.truecharts.org
-    version: 12.12.1
+    version: 12.14.1
   - condition: mariadb.enabled
     name: mariadb
     repository: https://deps.truecharts.org/
-    version: 7.0.39
+    version: 7.0.50
 deprecated: false
 description: A self-hosted bookmark management tool.
 home: https://truecharts.org/charts/incubator/servas
@@ -25,7 +25,7 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/incubator/servas
   - https://github.com/beromir/Servas
 type: application
-version: 0.0.2
+version: 0.0.6
 annotations:
   truecharts.org/catagories: |
     - bookmarks