Files
truecharts/charts/stable/firezone/values.yaml
Xstar97TheNoob 613fd90a4c chore(repo) change stable charts to the upstream images (#14739)
**Description**
Update the stable train charts to their direct upstream image.
⚒️ Fixes  # <!--(issue)-->

**⚙️ Type of change**

- [ ] ⚙️ Feature/App addition
- [ ] 🪛 Bugfix
- [ ] ⚠️ Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] 🔃 Refactor of current code

**🧪 How Has This Been Tested?**
<!--
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details
for your test configuration
-->

**📃 Notes:**
<!-- Please enter any other relevant information here -->

**✔️ Checklist:**

- [ ] ⚖️ My code follows the style guidelines of this project
- [ ] 👀 I have performed a self-review of my own code
- [ ] #️⃣ I have commented my code, particularly in hard-to-understand
areas
- [ ] 📄 I have made corresponding changes to the documentation
- [ ] ⚠️ My changes generate no new warnings
- [ ] 🧪 I have added tests to this description that prove my fix is
effective or that my feature works
- [ ] ⬆️ I increased versions for any altered app according to semantic
versioning

** App addition**

If this PR is an app addition please make sure you have done the
following.

- [ ] 🪞 I have opened a PR on
[truecharts/containers](https://github.com/truecharts/containers) adding
the container to TrueCharts mirror repo.
- [ ] 🖼️ I have added an icon in the Chart's root directory called
`icon.png`

---

_Please don't blindly check all the boxes. Read them and only check
those that apply.
Those checkboxes are there for the reviewer to see what is this all
about and
the status of this PR with a quick glance._

Signed-off-by: Kjeld Schouten <kjeld@schouten-lebbing.nl>
Co-authored-by: Kjeld Schouten <kjeld@schouten-lebbing.nl>
2023-11-17 11:22:57 +01:00

164 lines
5.9 KiB
YAML

image:
repository: firezone/firezone
pullPolicy: IfNotPresent
tag: 0.7.36@sha256:e44d84d836a4df35558944c3109ebc54beea9868fd0cec5db8dee78e57ff3f59
securityContext:
container:
readOnlyRootFilesystem: false
runAsNonRoot: false
PUID: 0
runAsUser: 0
runAsGroup: 0
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
service:
main:
ports:
main:
protocol: http
port: 13000
wireguard:
enabled: true
ports:
wireguard:
enabled: true
protocol: udp
port: 51820
firezone:
web:
external_url: "https://example.com"
trusted_proxies: []
private_clients: []
admin:
reset_admin_on_boot: false
default_email: "admin@email.com"
default_password: "1234567890"
devices:
allow_unprivileged_device_management: true
allow_unprivileged_device_config: true
vpn_session_duration: 0
client_persistent_keepalive: 25
default_client_mtu: 1280
client_endpoint: ""
client_dns:
- 1.1.1.1
- 1.0.0.1
client_allowed_ips:
- 0.0.0.0/0
max_devices_per_user: 10
authorization:
local_auth_enabled: true
disable_vpn_on_oidc_error: false
wireguard:
ipv4_masquerade_enabled: true
connectivity:
checks_enabled: true
checks_interval: 43200
other:
telemetry_enabled: false
workload:
main:
podSpec:
containers:
main:
env:
# web
PHOENIX_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
EXTERNAL_URL: "{{ .Values.firezone.web.external_url }}"
PHOENIX_SECURE_COOKIES: "{{ .Values.firezone.web.secure_cookies }}"
# PHOENIX_HTTP_PROTOCOL_OPTIONS: "{}"
PHOENIX_EXTERNAL_TRUSTED_PROXIES: "{{ toJson .Values.firezone.web.trusted_proxies }}"
PHOENIX_PRIVATE_CLIENTS: "{{ toJson .Values.firezone.web.private_clients }}"
# DB
DATABASE_HOST:
secretKeyRef:
name: cnpg-main-urls
key: host
DATABASE_PORT: 5432
DATABASE_NAME: "{{ .Values.cnpg.main.database }}"
DATABASE_USER: "{{ .Values.cnpg.main.user }}"
DATABASE_PASSWORD:
secretKeyRef:
name: cnpg-main-user
key: password
# DATABASE_POOL_SIZE
DATABASE_SSL_ENABLED: false
# DATABASE_SSL_OPTS: "{}"
# Admin
RESET_ADMIN_ON_BOOT: "{{ .Values.firezone.admin.reset_admin_on_boot }}"
DEFAULT_ADMIN_EMAIL: "{{ .Values.firezone.admin.default_email }}"
DEFAULT_ADMIN_PASSWORD: "{{ .Values.firezone.admin.default_password }}"
# Secrets and Encryption
GUARDIAN_SECRET_KEY:
secretKeyRef:
name: firezone-secrets
key: GUARDIAN_SECRET_KEY
DATABASE_ENCRYPTION_KEY:
secretKeyRef:
name: firezone-secrets
key: DATABASE_ENCRYPTION_KEY
SECRET_KEY_BASE:
secretKeyRef:
name: firezone-secrets
key: SECRET_KEY_BASE
LIVE_VIEW_SIGNING_SALT:
secretKeyRef:
name: firezone-secrets
key: LIVE_VIEW_SIGNING_SALT
COOKIE_SIGNING_SALT:
secretKeyRef:
name: firezone-secrets
key: COOKIE_SIGNING_SALT
COOKIE_ENCRYPTION_SALT:
secretKeyRef:
name: firezone-secrets
key: COOKIE_ENCRYPTION_SALT
# Devices
ALLOW_UNPRIVILEGED_DEVICE_MANAGEMENT: "{{ .Values.firezone.devices.allow_unprivileged_device_management }}"
ALLOW_UNPRIVILEGED_DEVICE_CONFIGURATION: "{{ .Values.firezone.devices.allow_unprivileged_device_config }}"
VPN_SESSION_DURATION: "{{ .Values.firezone.devices.vpn_session_duration }}"
DEFAULT_CLIENT_PERSISTENT_KEEPALIVE: "{{ .Values.firezone.devices.client_persistent_keepalive }}"
DEFAULT_CLIENT_MTU: "{{ .Values.firezone.devices.default_client_mtu }}"
DEFAULT_CLIENT_ENDPOINT: "{{ .Values.firezone.devices.client_endpoint }}"
DEFAULT_CLIENT_DNS: '{{ join "," .Values.firezone.devices.client_dns }}'
DEFAULT_CLIENT_ALLOWED_IPS: '{{ join "," .Values.firezone.devices.client_allowed_ips }}'
# Limits
MAX_DEVICES_PER_USER: "{{ .Values.firezone.devices.max_devices_per_user }}"
# Authorization
LOCAL_AUTH_ENABLED: "{{ .Values.firezone.authorization.local_auth_enabled }}"
DISABLE_VPN_ON_OIDC_ERROR: "{{ .Values.firezone.authorization.disable_vpn_on_oidc_error }}"
# SAML_ENTITY_ID: "urn:firezone.dev:firezone-app"
# SAML_KEYFILE_PATH: "/var/firezone/saml.key"
# SAML_CERTFILE_PATH: "/var/firezone/saml.crt"
# OPENID_CONNECT_PROVIDERS: "[]"
# SAML_IDENTITY_PROVIDERS: "[]"
# WireGuard
WIREGUARD_PORT: "{{ .Values.service.wireguard.ports.wireguard.port }}"
WIREGUARD_IPV4_ENABLED: true
WIREGUARD_IPV4_MASQUERADE: "{{ .Values.firezone.wireguard.ipv4_masquerade_enabled }}"
WIREGUARD_IPV6_ENABLED: false
WIREGUARD_IPV6_MASQUERADE: false
# Outbound Emails
# OUTBOUND_EMAIL_FROM: ""
# OUTBOUND_EMAIL_ADAPTER: "Elixir.FzHttpWeb.Mailer.NoopAdapter"
# OUTBOUND_EMAIL_ADAPTER_OPTS: "{}"
# Connectivity Checks
CONNECTIVITY_CHECKS_ENABLED: "{{ .Values.firezone.connectivity.checks_enabled }}"
CONNECTIVITY_CHECKS_INTERVAL: "{{ .Values.firezone.connectivity.checks_interval }}"
# Telemetry
TELEMETRY_ENABLED: "{{ .Values.firezone.other.telemetry_enabled }}"
persistence:
config:
enabled: true
mountPath: "/var/firezone"
cnpg:
main:
enabled: true
user: firezone
database: firezone
portal:
open:
enabled: true