diff --git a/premium/authelia/23.5.5/.helmignore b/premium/authelia/23.5.5/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/premium/authelia/23.5.5/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/premium/authelia/23.5.5/CHANGELOG.md b/premium/authelia/23.5.5/CHANGELOG.md new file mode 100644 index 00000000000..ea73fe1338a --- /dev/null +++ b/premium/authelia/23.5.5/CHANGELOG.md @@ -0,0 +1,17 @@ +--- +title: Changelog +--- + + +*for the complete changelog, please refer to the website* + +**Important:** + + +## [authelia-23.5.5](https://github.com/truecharts/charts/compare/authelia-23.5.4...authelia-23.5.5) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/authelia/23.5.5/Chart.yaml b/premium/authelia/23.5.5/Chart.yaml new file mode 100644 index 00000000000..5fb8313fba8 --- /dev/null +++ b/premium/authelia/23.5.5/Chart.yaml @@ -0,0 +1,54 @@ +annotations: + max_scale_version: 24.04.0 + min_scale_version: 23.10.0 + truecharts.org/SCALE-support: "true" + truecharts.org/category: security + truecharts.org/max_helm_version: "3.14" + truecharts.org/min_helm_version: "3.12" + truecharts.org/train: premium +apiVersion: v2 +appVersion: 4.37.5 +dependencies: + - name: common + version: 20.0.9 + repository: oci://tccr.io/truecharts + condition: "" + alias: "" + tags: [] + import-values: [] + - name: redis + version: 13.0.3 + repository: oci://tccr.io/truecharts + condition: redis.enabled + alias: "" + tags: [] + import-values: [] +deprecated: false +description: Authelia is a Single Sign-On Multi-Factor portal for web apps +home: https://truecharts.org/charts/premium/authelia +icon: https://truecharts.org/img/hotlink-ok/chart-icons/authelia.png +keywords: + - authelia + - authentication + - login + - SSO + - Authentication + - Security + - Two-Factor + - U2F + - YubiKey + - Push Notifications + - LDAP +kubeVersion: '>=1.24.0-0' +maintainers: + - name: TrueCharts + email: info@truecharts.org + url: https://truecharts.org +name: authelia +sources: + - https://github.com/authelia/chartrepo + - https://github.com/authelia/authelia + - https://github.com/truecharts/charts/tree/master/charts/premium/authelia + - https://ghcr.io/authelia/authelia +type: application +version: 23.5.5 diff --git a/premium/authelia/23.5.5/LICENSE b/premium/authelia/23.5.5/LICENSE new file mode 100644 index 00000000000..33a8cbb23f0 --- /dev/null +++ b/premium/authelia/23.5.5/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Blocky" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/premium/authelia/23.5.5/README.md b/premium/authelia/23.5.5/README.md new file mode 100644 index 00000000000..593f83f638f --- /dev/null +++ b/premium/authelia/23.5.5/README.md @@ -0,0 +1,28 @@ +--- +title: README +--- + +## General Info + +TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/authelia) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +_All Rights Reserved - The TrueCharts Project_ diff --git a/premium/authelia/23.5.5/app-changelog.md b/premium/authelia/23.5.5/app-changelog.md new file mode 100644 index 00000000000..e65960170d6 --- /dev/null +++ b/premium/authelia/23.5.5/app-changelog.md @@ -0,0 +1,9 @@ + + +## [authelia-23.5.5](https://github.com/truecharts/charts/compare/authelia-23.5.4...authelia-23.5.5) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/authelia/23.5.5/app-readme.md b/premium/authelia/23.5.5/app-readme.md new file mode 100644 index 00000000000..df11980d22e --- /dev/null +++ b/premium/authelia/23.5.5/app-readme.md @@ -0,0 +1,8 @@ +Authelia is a Single Sign-On Multi-Factor portal for web apps + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/authelia](https://truecharts.org/charts/premium/authelia) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/premium/authelia/23.5.5/charts/common-20.0.9.tgz b/premium/authelia/23.5.5/charts/common-20.0.9.tgz new file mode 100644 index 00000000000..41a62ef2dc2 Binary files /dev/null and b/premium/authelia/23.5.5/charts/common-20.0.9.tgz differ diff --git a/premium/authelia/23.5.5/charts/redis-13.0.3.tgz b/premium/authelia/23.5.5/charts/redis-13.0.3.tgz new file mode 100644 index 00000000000..f04b6a89dbf Binary files /dev/null and b/premium/authelia/23.5.5/charts/redis-13.0.3.tgz differ diff --git a/premium/authelia/23.5.5/ix_values.yaml b/premium/authelia/23.5.5/ix_values.yaml new file mode 100644 index 00000000000..6079b4463f3 --- /dev/null +++ b/premium/authelia/23.5.5/ix_values.yaml @@ -0,0 +1,582 @@ +image: + repository: ghcr.io/authelia/authelia + pullPolicy: IfNotPresent + tag: 4.37.5@sha256:25fc5423238b6f3a1fc967fda3f6a9212846aeb4a720327ef61c8ccff52dbbe2 +manifestManager: + enabled: true +workload: + main: + replicas: 2 + strategy: RollingUpdate + podSpec: + containers: + main: + command: + - authelia + args: + - --config=/configuration.yaml + envFrom: + - configMapRef: + name: authelia-paths + probes: + liveness: + type: http + path: "/api/health" + readiness: + type: http + path: "/api/health" + startup: + type: http + path: "/api/health" +service: + main: + ports: + main: + port: 9091 + targetPort: 9091 +persistence: + config: + enabled: true + mountPath: "/config" +cnpg: + main: + enabled: true + user: authelia + database: authelia +# Enabled redis +# ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis +redis: + enabled: true +domain: example.com +## +## Server Configuration +## +server: + ## + ## Port sets the configured port for the daemon, service, and the probes. + ## Default is 9091 and should not need to be changed. + ## + port: 9091 + ## Buffers usually should be configured to be the same value. + ## Explanation at https://www.authelia.com/docs/configuration/server.html + ## Read buffer size adjusts the server's max incoming request size in bytes. + ## Write buffer size does the same for outgoing responses. + read_buffer_size: 4096 + write_buffer_size: 4096 + ## Set the single level path Authelia listens on. + ## Must be alphanumeric chars and should not contain any slashes. + path: "" +log: + ## Level of verbosity for logs: info, debug, trace. + level: trace + ## Format the logs are written as: json, text. + format: text + ## TODO: Statefulness check should check if this is set, and the configMap should enable it. + ## File path where the logs will be written. If not set logs are written to stdout. + # file_path: /config/authelia.log +## Default redirection URL +## +## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end +## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use +## in such a case. +## +## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication. +## Default is https://www. (value at the top of the values.yaml). +default_redirection_url: "" +# default_redirection_url: https://example.com + +theme: light +## +## TOTP Configuration +## +## Parameters used for TOTP generation +totp: + ## The issuer name displayed in the Authenticator application of your choice + ## See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names + ## Defaults to . + issuer: "" + ## The period in seconds a one-time password is current for. Changing this will require all users to register + ## their TOTP applications again. Warning: before changing period read the docs link below. + period: 30 + ## The skew controls number of one-time passwords either side of the current one that are valid. + ## Warning: before changing skew read the docs link below. + ## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation. + skew: 1 +## +## Password Policy Config +## +## Parameters used for Password Policies +password_policy: + ## See: https://www.authelia.com/configuration/security/password-policy/ + standard: + enabled: false + min_length: 8 + max_length: 0 + require_uppercase: false + require_lowercase: false + require_number: false + require_special: false + zxcvbn: + ## See https://www.authelia.com/configuration/security/password-policy/#zxcvbn for more info + enabled: false + min_score: 3 +## +## Duo Push API Configuration +## +## Parameters used to contact the Duo API. Those are generated when you protect an application of type +## "Partner Auth API" in the management panel. +duo_api: + enabled: false + hostname: api-123456789.example.com + integration_key: ABCDEF + plain_api_key: "" +## NTP settings +ntp: + address: "time.cloudflare.com:123" + version: 4 + max_desync: 3s + disable_startup_check: false + disable_failure: true +## +## Authentication Backend Provider Configuration +## +## Used for verifying user passwords and retrieve information such as email address and groups users belong to. +## +## The available providers are: `file`, `ldap`. You must use one and only one of these providers. +authentication_backend: + ## Disable both the HTML element and the API for reset password functionality + disable_reset_password: false + ## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation. + ## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will + ## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP. + ## To force update on every request you can set this to '0' or 'always', this will increase processor demand. + ## See the below documentation for more information. + ## Duration Notation docs: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + ## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval + refresh_interval: 5m + ## LDAP backend configuration. + ## + ## This backend allows Authelia to be scaled to more + ## than one instance and therefore is recommended for + ## production. + ldap: + ## Enable LDAP Backend. + enabled: false + ## The LDAP implementation, this affects elements like the attribute utilised for resetting a password. + ## Acceptable options are as follows: + ## - 'activedirectory' - For Microsoft Active Directory. + ## - 'custom' - For custom specifications of attributes and filters. + ## This currently defaults to 'custom' to maintain existing behaviour. + ## + ## Depending on the option here certain other values in this section have a default value, notably all of the + ## attribute mappings have a default value that this config overrides, you can read more about these default values + ## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults + implementation: activedirectory + ## The url to the ldap server. Format: ://
[:]. + ## Scheme can be ldap or ldaps in the format (port optional). + url: ldap://openldap.default.svc.cluster.local + ## Connection Timeout. + timeout: 5s + ## Use StartTLS with the LDAP connection. + start_tls: false + tls: + ## Server Name for certificate validation (in case it's not set correctly in the URL). + server_name: "" + ## Skip verifying the server certificate (to allow a self-signed certificate). + ## In preference to setting this we strongly recommend you add the public portion of the certificate to the + ## certificates directory which is defined by the `certificates_directory` option at the top of the config. + skip_verify: false + ## Minimum TLS version for either Secure LDAP or LDAP StartTLS. + minimum_version: TLS1.2 + ## The base dn for every LDAP query. + base_dn: DC=example,DC=com + ## The attribute holding the username of the user. This attribute is used to populate the username in the session + ## information. It was introduced due to #561 to handle case insensitive search queries. For you information, + ## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this + ## attribute holds the unique identifiers for the users binding the user and the configuration stored in database. + ## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user + ## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also + ## be used but we don't recommend using them, we instead advise to use the attributes mentioned above + ## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt. + username_attribute: "uid" + ## An additional dn to define the scope to all users. + additional_users_dn: OU=Users + ## The users filter used in search queries to find the user profile based on input filled in login form. + ## Various placeholders are available in the user filter: + ## - {input} is a placeholder replaced by what the user inputs in the login form. + ## - {username_attribute} is a mandatory placeholder replaced by what is configured in `username_attribute`. + ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`. + ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later + ## versions, so please don't use it. + ## + ## Recommended settings are as follows: + ## - Microsoft Active Directory: (&({username_attribute}={input})(objectCategory=person)(objectClass=user)) + ## - OpenLDAP: + ## - (&({username_attribute}={input})(objectClass=person)) + ## - (&({username_attribute}={input})(objectClass=inetOrgPerson)) + ## + ## To allow sign in both with username and email, one can use a filter like + ## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)) + users_filter: "" + ## An additional dn to define the scope of groups. + additional_groups_dn: OU=Groups + ## The groups filter used in search queries to find the groups of the user. + ## - {input} is a placeholder replaced by what the user inputs in the login form. + ## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`). + ## - {dn} is a matcher replaced by the user distinguished name, aka, user DN. + ## - {username_attribute} is a placeholder replaced by what is configured in `username_attribute`. + ## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`. + ## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later + ## versions, so please don't use it. + ## - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in + ## later version, so please don't use it. + ## + ## If your groups use the `groupOfUniqueNames` structure use this instead: + ## (&(uniquemember={dn})(objectclass=groupOfUniqueNames)) + groups_filter: "" + ## The attribute holding the name of the group + group_name_attribute: "cn" + ## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the + ## first one returned by the LDAP server is used. + mail_attribute: "mail" + ## The attribute holding the display name of the user. This will be used to greet an authenticated user. + display_name_attribute: "displayname" + ## The username of the admin user. + user: CN=admin,DC=example,DC=com + plain_password: "" + ## + ## File (Authentication Provider) + ## + ## With this backend, the users database is stored in a file which is updated when users reset their passwords. + ## Therefore, this backend is meant to be used in a dev environment and not in production since it prevents Authelia + ## to be scaled to more than one instance. The options under 'password' have sane defaults, and as it has security + ## implications it is highly recommended you leave the default values. Before considering changing these settings + ## please read the docs page below: + ## https://www.authelia.com/docs/configuration/authentication/file.html#password-hash-algorithm-tuning + ## + ## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html + ## + file: + enabled: true + path: /config/users_database.yml + password: + algorithm: argon2id + iterations: 1 + key_length: 32 + salt_length: 16 + memory: 1024 + parallelism: 8 +## +## Access Control Configuration +## +## Access control is a list of rules defining the authorizations applied for one resource to users or group of users. +## +## If 'access_control' is not defined, ACL rules are disabled and the 'bypass' rule is applied, i.e., access is allowed +## to anyone. Otherwise restrictions follow the rules defined. +## +## Note: One can use the wildcard * to match any subdomain. +## It must stand at the beginning of the pattern. (example: *.mydomain.com) +## +## Note: You must put patterns containing wildcards between simple quotes for the YAML to be syntactically correct. +## +## Definition: A 'rule' is an object with the following keys: 'domain', 'subject', 'policy' and 'resources'. +## +## - 'domain' defines which domain or set of domains the rule applies to. +## +## - 'subject' defines the subject to apply authorizations to. This parameter is optional and matching any user if not +## provided. If provided, the parameter represents either a user or a group. It should be of the form +## 'user:' or 'group:'. +## +## - 'policy' is the policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'. +## +## - 'resources' is a list of regular expressions that matches a set of resources to apply the policy to. This parameter +## is optional and matches any resource if not provided. +## +## Note: the order of the rules is important. The first policy matching (domain, resource, subject) applies. +access_control: + ## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any + ## resource if there is no policy to be applied to the user. + default_policy: deny + networks_access_control: [] + # networks_access_control: + # - name: private + # networks: + # - 10.0.0.0/8 + # - 172.16.0.0/12 + # - 192.168.0.0/16 + # - name: vpn + # networks: + # - 10.9.0.0/16 + + rules: [] + # rules: + # - domain: public.example.com + # policy: bypass + # - domain: "*.example.com" + # policy: bypass + # methods: + # - OPTIONS + # - domain: secure.example.com + # policy: one_factor + # networks: + # - private + # - vpn + # - 192.168.1.0/24 + # - 10.0.0.1 + # - domain: + # - secure.example.com + # - private.example.com + # policy: two_factor + # - domain: singlefactor.example.com + # policy: one_factor + # - domain: "mx2.mail.example.com" + # subject: "group:admins" + # policy: deny + # - domain: "*.example.com" + # subject: + # - "group:admins" + # - "group:moderators" + # policy: two_factor + # - domain: dev.example.com + # resources: + # - "^/groups/dev/.*$" + # subject: "group:dev" + # policy: two_factor + # - domain: dev.example.com + # resources: + # - "^/users/john/.*$" + # subject: + # - ["group:dev", "user:john"] + # - "group:admins" + # policy: two_factor + # - domain: "{user}.example.com" + # policy: bypass +## +## Session Provider Configuration +## +## The session cookies identify the user once logged in. +## The available providers are: `memory`, `redis`. Memory is the provider unless redis is defined. +session: + ## The name of the session cookie. (default: authelia_session). + name: authelia_session + ## Sets the Cookie SameSite value. Possible options are none, lax, or strict. + ## Please read https://www.authelia.com/docs/configuration/session.html#same_site + same_site: lax + ## The time in seconds before the cookie expires and session is reset. + expiration: 1h + ## The inactivity time in seconds before the session is reset. + inactivity: 5m + ## The remember me duration. + ## Value is in seconds, or duration notation. Value of 0 disables remember me. + ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + ## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to + ## spy or attack. Currently the default is 1M or 1 month. + remember_me_duration: 1M +## +## Redis Provider +## +## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html +## +## The redis connection details +redisProvider: + port: 6379 + ## Optional username to be used with authentication. + # username: authelia + username: "" + ## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc). + database_index: 0 + ## The maximum number of concurrent active connections to Redis. + maximum_active_connections: 8 + ## The target number of idle connections to have open ready for work. Useful when opening connections is slow. + minimum_idle_connections: 0 + ## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s). + tls: + enabled: false + ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option). + server_name: "" + ## Skip verifying the server certificate (to allow a self-signed certificate). + ## In preference to setting this we strongly recommend you add the public portion of the certificate to the + ## certificates directory which is defined by the `certificates_directory` option at the top of the config. + skip_verify: false + ## Minimum TLS version for the connection. + minimum_version: TLS1.2 + ## The Redis HA configuration options. + ## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name). + high_availability: + enabled: false + enabledSecret: false + ## Sentinel Name / Master Name + sentinel_name: mysentinel + ## The additional nodes to pre-seed the redis provider with (for sentinel). + ## If the host in the above section is defined, it will be combined with this list to connect to sentinel. + ## For high availability to be used you must have either defined; the host above or at least one node below. + nodes: [] + # nodes: + # - host: sentinel-0.databases.svc.cluster.local + # port: 26379 + # - host: sentinel-1.databases.svc.cluster.local + # port: 26379 + + ## Choose the host with the lowest latency. + route_by_latency: false + ## Choose the host randomly. + route_randomly: false +## +## Regulation Configuration +## +## This mechanism prevents attackers from brute forcing the first factor. It bans the user if too many attempts are done +## in a short period of time. +regulation: + ## The number of failed login attempts before user is banned. Set it to 0 to disable regulation. + max_retries: 3 + ## The time range during which the user can attempt login before being banned. The user is banned if the + ## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation. + ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + find_time: 2m + ## The length of time before a banned user can login again. Ban Time accepts duration notation. + ## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format + ban_time: 5m +## +## Storage Provider Configuration +## +## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers. +storage: + ## + ## PostgreSQL (Storage Provider) + ## + postgres: + port: 5432 + database: authelia + username: authelia + sslmode: disable + timeout: 5s +## +## Notification Provider +## +## +## Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration. +## The available providers are: filesystem, smtp. You must use one and only one of these providers. +notifier: + ## You can disable the notifier startup check by setting this to true. + disable_startup_check: false + ## + ## File System (Notification Provider) + ## + ## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html + ## + filesystem: + enabled: true + filename: /config/notification.txt + ## + ## SMTP (Notification Provider) + ## + ## Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate. + ## [Security] By default Authelia will: + ## - force all SMTP connections over TLS including unauthenticated connections + ## - use the disable_require_tls boolean value to disable this requirement + ## (only works for unauthenticated connections) + ## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates + ## (configure in tls section) + smtp: + enabled: false + enabledSecret: false + host: smtp.mail.svc.cluster.local + port: 25 + timeout: 5s + username: test + plain_password: test + sender: admin@example.com + ## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost. + identifier: localhost + ## Subject configuration of the emails sent. + ## {title} is replaced by the text from the notifier + subject: "[Authelia] {title}" + ## This address is used during the startup check to verify the email configuration is correct. + ## It's not important what it is except if your email server only allows local delivery. + startup_check_address: test@authelia.com + disable_require_tls: false + disable_html_emails: false + tls: + ## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option). + server_name: "" + ## Skip verifying the server certificate (to allow a self-signed certificate). + ## In preference to setting this we strongly recommend you add the public portion of the certificate to the + ## certificates directory which is defined by the `certificates_directory` option at the top of the config. + skip_verify: false + ## Minimum TLS version for either StartTLS or SMTPS. + minimum_version: TLS1.2 +identity_providers: + oidc: + ## Enables this in the config map. Currently in beta stage. + ## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap + enabled: false + access_token_lifespan: 1h + authorize_code_lifespan: 1m + id_token_lifespan: 1h + refresh_token_lifespan: 90m + enable_client_debug_messages: false + ## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for + ## security reasons. + minimum_parameter_entropy: 8 + clients: [] + # clients: + # - + ## The ID is the OpenID Connect ClientID which is used to link an application to a configuration. + # id: myapp +## The description to show to users when they end up on the consent screen. Defaults to the ID above. +# description: My Application + +## The client secret is a shared secret between Authelia and the consumer of this client. +# secret: apple123 + +## Sets the client to public. This should typically not be set, please see the documentation for usage. +# public: false + +## The policy to require for this client; one_factor or two_factor. +# authorization_policy: two_factor + +## Configures the consent mode; auto, explicit or implicit +# consent_mode: auto + +## Audience this client is allowed to request. +# audience: [] + +## Scopes this client is allowed to request. +# scopes: +# - openid +# - profile +# - email +# - groups + +## Redirect URI's specifies a list of valid case-sensitive callbacks for this client. +# redirect_uris: +# - https://oidc.example.com/oauth2/callback + +## Grant Types configures which grants this client can obtain. +## It's not recommended to configure this unless you know what you're doing. +# grant_types: +# - refresh_token +# - authorization_code + +## Response Types configures which responses this client can be sent. +## It's not recommended to configure this unless you know what you're doing. +# response_types: +# - code + +## Response Modes configures which response modes this client supports. +## It's not recommended to configure this unless you know what you're doing. +# response_modes: +# - form_post +# - query +# - fragment + +## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256. +# userinfo_signing_algorithm: none + +portal: + open: + enabled: true + +ingress: + main: + required: true diff --git a/premium/authelia/23.5.5/questions.yaml b/premium/authelia/23.5.5/questions.yaml new file mode 100755 index 00000000000..d6d169e035f --- /dev/null +++ b/premium/authelia/23.5.5/questions.yaml @@ -0,0 +1,4323 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Backup Configuration + description: Configure Velero Backup Schedule + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation + +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 2 + + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + + - variable: imagePullSecretList + group: "General Settings" + label: "Image Pull Secrets" + schema: + type: list + default: [] + items: + - variable: pullsecretentry + label: "Pull Secret" + schema: + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + - variable: data + label: Data + schema: + type: dict + additional_attrs: true + attrs: + - variable: registry + label: "Registry" + schema: + type: string + required: true + default: "https://index.docker.io/v1/" + - variable: username + label: "Username" + schema: + type: string + required: true + default: "" + - variable: password + label: "Password" + schema: + type: string + required: true + private: true + default: "" + - variable: email + label: "Email" + schema: + type: string + required: true + default: "" + + - variable: domain + group: "App Configuration" + label: "Domain" + description: "The highest domain level possible, for example: domain.com when using app.domain.com" + schema: + type: string + default: "" + required: true + - variable: default_redirection_url + group: "App Configuration" + label: "Default Redirection URL" + description: "If user tries to authenticate without any referrer, this is used" + schema: + type: string + default: "" + valid_chars: '^https?:\/\/(.*)' + - variable: theme + group: "App Configuration" + label: "Theme" + schema: + type: string + default: "auto" + enum: + - value: "auto" + description: "auto" + - value: "light" + description: "light" + - value: "grey" + description: "grey" + - value: "dark" + description: "dark" + - variable: log + group: "App Configuration" + label: "Log Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log Level" + schema: + type: string + default: "info" + enum: + - value: "info" + description: "info" + - value: "debug" + description: "debug" + - value: "trace" + description: "trace" + - variable: format + label: "Log Format" + schema: + type: string + default: "text" + enum: + - value: "json" + description: "json" + - value: "text" + description: "text" + - variable: server + group: "App Configuration" + label: "Server Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: write_buffer_size + label: "Write Buffer Size" + description: "Configures the maximum response size. The default of 4096 is generally sufficient for most use cases." + schema: + type: int + default: 4096 + - variable: read_buffer_size + label: "Read Buffer Size" + description: "Configures the maximum request size. The default of 4096 is generally sufficient for most use cases." + schema: + type: int + default: 4096 + - variable: totp + group: "App Configuration" + label: "TOTP Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: issuer + label: "Issuer" + description: "The issuer name displayed in the Authenticator application of your choice" + schema: + type: string + default: "" + - variable: period + label: "Period" + description: "The period in seconds a one-time password is current for" + schema: + type: int + default: 30 + - variable: skew + label: "skew" + description: "Controls number of one-time passwords either side of the current one that are valid." + schema: + type: int + default: 1 + - variable: password_policy + group: "App Configuration" + label: "Password Policy Configuration" + description: "Authelia allows administrators to configure an enforced password policy. Choose one of Standard or zxcvbn and not both, refer to upstream docs for more info " + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: standard + label: Standard + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + - variable: min_length + label: "Minimum Password Length" + description: "Minimum Password Length" + schema: + type: int + required: true + show_if: [["enabled", "=", true]] + default: 8 + - variable: max_length + label: "Max Passsword Length" + description: "Max Password Length" + schema: + type: int + required: true + show_if: [["enabled", "=", true]] + default: 0 + - variable: require_uppercase + label: "Require Upppercase" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + required: true + - variable: require_lowercase + label: "Require Lowercase" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + required: true + - variable: require_number + label: "Require Numbers" + description: "Require Numbers in the password" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + required: true + - variable: require_special + label: "Require Special Characters" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: zxcvbn + label: zxcvbn + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + required: true + - variable: min_score + label: "Min Score" + schema: + type: int + required: true + show_if: [["enabled", "=", true]] + default: 3 + - variable: duo_api + group: "App Configuration" + label: "DUO API Configuration" + description: "Parameters used to contact the Duo API." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostname + label: "Hostname" + schema: + type: string + required: true + default: "" + - variable: integration_key + label: "integration_key" + schema: + type: string + default: "" + required: true + - variable: plain_api_key + label: "plain_api_key" + schema: + type: string + default: "" + required: true + - variable: session + group: "App Configuration" + label: "Session Provider" + description: "The session cookies identify the user once logged in." + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Cookie Name" + description: | + The name of the session cookie. By default this is set to authelia_session. + It’s mostly useful to change this if you are doing development or running multiple instances of Authelia. + schema: + type: string + required: true + default: "authelia_session" + - variable: same_site + label: "SameSite Value" + description: | + You can read about the SameSite cookie in detail on the MDN. In short setting SameSite to Lax is generally + the most desirable option for Authelia. None is not recommended unless you absolutely know what you’re doing + and trust all the protected apps. Strict is not going to work in many use cases and we have not tested it in + this state but it’s available as an option anyway. + schema: + type: string + default: "lax" + enum: + - value: "lax" + description: "lax" + - value: "strict" + description: "strict" + - variable: expiration + label: "Expiration Time" + description: | + The period of time before the cookie expires and the session is destroyed. This is overriden by + remember_me_duration when the remember me box is checked. + schema: + type: string + default: "1h" + required: true + - variable: inactivity + label: "Inactivity Time" + description: | + The period of time the user can be inactive for until the session is destroyed when the remember me box is + not checked or is otherwise disabled. Useful if you want long session timers but don’t want unused devices to be vulnerable. + schema: + type: string + default: "5m" + required: true + - variable: remember_me_duration + label: "Remember-Me duration" + description: | + The period of time before the cookie expires and the session is destroyed when the remember me box is checked, a user + selecting this option negates the inactivity timeout. Setting this to -1 disables this feature entirely. + schema: + type: string + default: "5M" + required: true + - variable: regulation + group: "App Configuration" + label: "Regulation Configuration" + description: "This mechanism prevents attackers from brute forcing the first factor." + schema: + additional_attrs: true + type: dict + attrs: + - variable: max_retries + label: "Maximum Retries" + description: "The number of failed login attempts before user is banned. Set it to 0 to disable regulation." + schema: + type: int + default: 3 + - variable: find_time + label: "Find Time" + description: | + The period of time analyzed for failed attempts. For example if you set max_retries to 3 and find_time to + 2m this means the user must have 3 failed logins in 2 minutes. + schema: + type: string + default: "2m" + required: true + - variable: ban_time + label: "Ban Duration" + description: | + The period of time the user is banned for after meeting the max_retries and find_time configuration. + After this duration the account will be able to login again. + schema: + type: string + default: "5m" + required: true + - variable: authentication_backend + group: "App Configuration" + label: "Authentication Backend Provider" + description: | + Used for verifying user passwords and retrieve information such as email + address and groups users belong to. + schema: + additional_attrs: true + type: dict + attrs: + - variable: disable_reset_password + label: "Disable Reset Password" + description: "Disable both the HTML element and the API for reset password functionality" + schema: + type: boolean + default: false + - variable: refresh_interval + label: "Reset Interval" + description: "The amount of time to wait before we refresh data from the authentication backend" + schema: + type: string + default: "5m" + required: true + - variable: ldap + label: "LDAP backend configuration" + description: "Used for verifying user passwords and retrieve information such as email address and groups users belong to" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: implementation + label: "Implementation" + description: "The LDAP implementation, this affects elements like the attribute utilized for resetting a password" + schema: + type: string + default: "custom" + enum: + - value: "activedirectory" + description: "Active Directory" + - value: "custom" + description: "Custom" + - variable: url + label: "URL" + description: "The url to the ldap server. Format: ://
[:]" + schema: + type: string + default: "ldap://openldap.default.svc.cluster.local" + required: true + - variable: timeout + label: "Connection Timeout" + schema: + type: string + default: "5s" + required: true + - variable: start_tls + label: "Start TLS" + description: "Use StartTLS with the LDAP connection" + schema: + type: boolean + default: false + - variable: tls + label: "TLS Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: server_name + label: "Server Name" + description: "Server Name for certificate validation (in case it's not set correctly in the URL)." + schema: + type: string + default: "" + - variable: skip_verify + label: "Skip Certificate Verification" + description: "Skip verifying the server certificate (to allow a self-signed certificate)" + schema: + type: boolean + default: false + - variable: minimum_version + label: "Minimum TLS version" + description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS." + schema: + type: string + default: "TLS1.2" + enum: + - value: "TLS1.0" + description: "TLS1.0" + - value: "TLS1.1" + description: "TLS1.1" + - value: "TLS1.2" + description: "TLS1.2" + - value: "TLS1.3" + description: "TLS1.3" + - variable: base_dn + label: "Base DN" + description: "The base dn for every LDAP query." + schema: + type: string + default: "DC=example,DC=com" + required: true + - variable: username_attribute + label: "Username Attribute" + description: "The attribute holding the username of the user" + schema: + type: string + default: "uid" + required: true + - variable: additional_users_dn + label: "Additional Users DN" + description: "An additional dn to define the scope to all users." + schema: + type: string + default: "OU=people" + required: true + - variable: users_filter + label: "Users Filter" + description: "The groups filter used in search queries to find the groups of the user." + schema: + type: string + default: "" + required: true + - variable: additional_groups_dn + label: "Additional Groups DN" + description: "An additional dn to define the scope of groups." + schema: + type: string + default: "OU=Groups" + required: true + - variable: groups_filter + label: "Groups Filter" + description: "The groups filter used in search queries to find the groups of the user." + schema: + type: string + default: "" + required: true + - variable: group_name_attribute + label: "Group name Attribute" + description: "The attribute holding the name of the group" + schema: + type: string + default: "cn" + required: true + - variable: mail_attribute + label: "Mail Attribute" + description: "The attribute holding the primary mail address of the user" + schema: + type: string + default: "mail" + required: true + - variable: display_name_attribute + label: "Display Name Attribute" + description: "he attribute holding the display name of the user. This will be used to greet an authenticated user." + schema: + type: string + default: "displayName" + - variable: user + label: "Admin User" + description: "The username of the admin user used to connect to LDAP." + schema: + type: string + default: "CN=admin,ou=people,DC=example,DC=com" + required: true + - variable: plain_password + label: "Password" + schema: + type: string + default: "" + required: true + - variable: file + label: "File backend configuration" + description: "With this backend, the users database is stored in a file which is updated when users reset their passwords." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: path + label: "Path" + schema: + type: string + default: "/config/users_database.yml" + required: true + - variable: password + label: "Password Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: algorithm + label: "Algorithm" + schema: + type: string + default: "argon2id" + enum: + - value: "argon2id" + description: "argon2id" + - value: "sha512" + description: "sha512" + - variable: iterations + label: "Iterations" + schema: + type: int + default: 1 + required: true + - variable: key_length + label: "Key Length" + schema: + type: int + default: 32 + required: true + - variable: salt_length + label: "Salt Length" + schema: + type: int + default: 16 + required: true + - variable: memory + label: "Memory" + schema: + type: int + default: 1024 + required: true + - variable: parallelism + label: "Parallelism" + schema: + type: int + default: 8 + required: true + - variable: notifier + group: "App Configuration" + label: "Notifier Configuration" + description: "Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: disable_startup_check + label: "Disable Startup Check" + schema: + type: boolean + default: false + - variable: filesystem + label: "Filesystem Provider" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filename + label: "File Path" + schema: + type: string + default: "/config/notification.txt" + required: true + - variable: smtp + label: "SMTP Provider" + description: "Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate." + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: host + label: "Host" + schema: + type: string + default: "smtp.mail.svc.cluster.local" + required: true + - variable: port + label: "Port" + schema: + type: int + default: 25 + required: true + - variable: timeout + label: "Timeout" + schema: + type: string + default: "5s" + required: true + - variable: username + label: "Username" + schema: + type: string + default: "" + - variable: plain_password + label: "Password" + schema: + type: string + default: "" + - variable: sender + label: "Sender" + schema: + type: string + default: "" + required: true + - variable: identifier + label: "Identifier" + description: "HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost." + schema: + type: string + default: "localhost" + required: true + - variable: subject + label: "Subject" + description: "Subject configuration of the emails sent, {title} is replaced by the text from the notifier" + schema: + type: string + default: "[Authelia] {title}" + required: true + - variable: startup_check_address + label: "Startup Check Address" + description: "This address is used during the startup check to verify the email configuration is correct." + schema: + type: string + default: "test@authelia.com" + required: true + - variable: disable_require_tls + label: "Disable Require TLS" + schema: + type: boolean + default: false + - variable: disable_html_emails + label: "Disable HTML emails" + schema: + type: boolean + default: false + - variable: tls + label: "TLS Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: server_name + label: "Server Name" + description: "Server Name for certificate validation (in case it's not set correctly in the URL)." + schema: + type: string + default: "" + - variable: skip_verify + label: "Skip Certificate Verification" + description: "Skip verifying the server certificate (to allow a self-signed certificate)" + schema: + type: boolean + default: false + - variable: minimum_version + label: "Minimum TLS version" + description: "Minimum TLS version for either Secure LDAP or LDAP StartTLS." + schema: + type: string + default: "TLS1.2" + enum: + - value: "TLS1.0" + description: "TLS1.0" + - value: "TLS1.1" + description: "TLS1.1" + - value: "TLS1.2" + description: "TLS1.2" + - value: "TLS1.3" + description: "TLS1.3" + - variable: access_control + group: "App Configuration" + label: "Access Control Configuration" + description: "Access control is a list of rules defining the authorizations applied for one resource to users or group of users." + schema: + additional_attrs: true + type: dict + attrs: + - variable: default_policy + label: "Default Policy" + description: | + The default policy defines the policy applied if no rules section apply to the information known about the request. + It is recommended that this is configured to deny for security reasons. Sites which you do not wish to secure at all + with Authelia should not be configured in your reverse proxy to perform authentication with Authelia at all for performance reasons. + schema: + type: string + default: "deny" + enum: + - value: "bypass" + description: "bypass" + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - value: "deny" + description: "deny" + - variable: networks_access_control + label: "Networks" + schema: + type: list + default: [] + items: + - variable: networkItem + label: "Network Item" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: "Name" + schema: + type: string + default: "" + required: true + - variable: networks + label: "Networks" + schema: + type: list + default: [] + items: + - variable: network + label: "network" + schema: + type: string + default: "" + required: true + - variable: rules + label: "Rules" + schema: + type: list + default: [] + items: + - variable: rulesItem + label: "Rule" + schema: + additional_attrs: true + type: dict + attrs: + - variable: domain + label: "Domains" + description: "Defines which domain or set of domains the rule applies to." + schema: + type: list + default: [] + items: + - variable: domainEntry + label: "Domain" + schema: + type: string + default: "" + required: true + - variable: domain_regex + label: "Domains RegEx" + description: "defines which domain or set of domains the rule applies to using regular expressions." + schema: + type: list + default: [] + items: + - variable: domainRegexEntry + label: "Domain RegEx" + schema: + type: string + default: "" + required: true + - variable: policy + label: "Policy" + description: | + The specific policy to apply to the selected rule. This is not criteria for a match, this is the + action to take when a match is made. + schema: + type: string + default: "two_factor" + enum: + - value: "bypass" + description: "bypass" + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - value: "deny" + description: "deny" + - variable: subject + label: "Subject" + description: | + This criteria matches identifying characteristics about the subject. Currently this is either + user or groups the user belongs to. This allows you to effectively control exactly what each user is + authorized to access or to specifically require two-factor authentication to specific users. Subjects + are prefixed with either user: or group: to identify which part of the identity to check. + schema: + type: list + default: [] + items: + - variable: subjectitem + label: "Subject" + schema: + type: string + default: "" + required: true + - variable: networks + label: "Networks" + schema: + type: list + default: [] + items: + - variable: network + label: "Network" + schema: + type: string + default: "" + required: true + - variable: resources + label: "Resources" + description: "is a list of regular expressions that matches a set of resources to apply the policy to" + schema: + type: list + default: [] + items: + - variable: resource + label: "Resource" + schema: + type: string + default: "" + required: true + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 9091 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + + - variable: config + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - value: iscsi + description: iSCSI Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: disabled + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name (Optional) + description: Defaults to chart name + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description (Optional) + description: Defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: icon + label: Icon (Optional) + description: Defaults to chart icon + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + - variable: widget + label: Widget Settings + schema: + type: dict + additional_attrs: true + show_if: [["enabled", "=", true]] + attrs: + - variable: enabled + label: Enable Widget + description: When disabled all widget annotations are skipped. + schema: + type: boolean + default: true + - variable: custom + label: Options + schema: + type: dict + additional_attrs: true + attrs: + - variable: key + label: API-key (key) + schema: + type: string + default: "" + - variable: customkv + label: Custom Options + schema: + type: list + default: [] + items: + - variable: option + label: Option + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + default: "" + required: true + - variable: value + label: Value + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: overrideService + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: namespace + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description + description: defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: 'gpu.intel.com/i915' + label: Add Intel i915 GPUs + schema: + type: int + default: 0 + - variable: 'nvidia.com/gpu' + label: Add NVIDIA GPUs (Experimental) + schema: + type: int + default: 0 + - variable: 'amd.com/gpu' + label: Add AMD GPUs + schema: + type: int + default: 0 + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + + - variable: cnpg + group: Postgresql + label: "CloudNative-PG (CNPG)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Postgresql Database" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hibernate + label: Hibernate + description: "enable to safely hibernate and shutdown the postgresql cluster" + schema: + type: boolean + default: false + - variable: mode + label: Mode + description: 'Cluster mode of operation. Available modes: standalone - default mode. Creates new or updates an existing CNPG cluster. recovery - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup replica - Creates a replica cluster from an existing CNPG cluster. # TODO.' + schema: + type: string + default: "standalone" + enum: + - value: standalone + description: standalone + - value: replica + description: replica + - value: recovery + description: recovery + - variable: cluster + label: "Cluster Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 1 + - variable: singleNode + label: singleNode + schema: + type: boolean + default: true + hidden: true + - variable: storage + label: "Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: walStorage + label: "WAL Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: monitoring + label: "Monitoring Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enablePodMonitor + label: "enablePodMonitor" + schema: + type: boolean + default: true + - variable: disableDefaultQueries + label: "disableDefaultQueries" + schema: + type: boolean + default: false + - variable: pooler + label: "Pooler Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + - variable: instances + label: Instances + schema: + type: int + show_if: [["enabled", "=", true]] + default: 1 + - variable: createRO + label: "Create ReadOnly Instance" + schema: + type: boolean + show_if: [["enabled", "=", true]] + default: false + - variable: backups + label: "Backup Settings (Experimental)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + - variable: serverName + label: "serverName" + schema: + type: string + default: "" + - variable: revision + label: "serverName" + schema: + type: int + - variable: endpointURL + label: "endpointURL" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: destinationPath + label: "destinationPath" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: retentionPolicy + label: "retentionPolicy" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "30d" + - variable: provider + label: "provider" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "s3" + enum: + - value: s3 + description: S3 + - value: azure + description: Azure + - value: google + description: Google + - variable: s3 + label: "s3" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "s3"]] + attrs: + - variable: region + label: "region" + schema: + type: string + default: "" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: accessKey + label: "accessKey" + schema: + type: string + default: "" + - variable: secretKey + label: "secretKey" + schema: + type: string + default: "" + - variable: azure + label: "azure (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "azure"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: connectionString + label: "connectionString" + schema: + type: string + default: "" + - variable: storageAccount + label: "storageAccount" + schema: + type: string + default: "" + - variable: storageKey + label: "storageKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageSasToken + label: "storageSasToken" + schema: + type: string + default: "" + - variable: containerName + label: "containerName" + schema: + type: string + default: "" + - variable: serviceName + label: "serviceName" + schema: + type: string + default: "blob" + - variable: inheritFromAzureAD + label: "inheritFromAzureAD" + schema: + type: boolean + default: false + - variable: google + label: "google (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "google"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: gkeEnvironment + label: "gkeEnvironment" + schema: + type: string + default: "" + - variable: applicationCredentials + label: "applicationCredentials" + schema: + type: string + default: "" + - variable: recovery + label: "Recovery Settings (Experimental)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + - variable: serverName + label: "serverName" + schema: + type: string + default: "" + - variable: revision + label: "serverName" + schema: + type: int + - variable: endpointURL + label: "endpointURL" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: method + label: "method" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "object_store" + - variable: backupName + label: "backupName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: provider + label: "provider" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "s3" + enum: + - value: s3 + description: S3 + - value: azure + description: Azure + - value: google + description: Google + - variable: s3 + label: "s3" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "s3"]] + attrs: + - variable: region + label: "region" + schema: + type: string + default: "" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: accessKey + label: "accessKey" + schema: + type: string + default: "" + - variable: secretKey + label: "secretKey" + schema: + type: string + default: "" + - variable: azure + label: "azure (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "azure"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: connectionString + label: "connectionString" + schema: + type: string + default: "" + - variable: storageAccount + label: "storageAccount" + schema: + type: string + default: "" + - variable: storageKey + label: "storageKey" + schema: + type: string + default: "" + - variable: storageSasToken + label: "storageSasToken" + schema: + type: string + default: "" + - variable: containerName + label: "containerName" + schema: + type: string + default: "" + - variable: serviceName + label: "serviceName" + schema: + type: string + default: "blob" + - variable: inheritFromAzureAD + label: "inheritFromAzureAD" + schema: + type: boolean + default: false + - variable: google + label: "google (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "google"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: gkeEnvironment + label: "gkeEnvironment" + schema: + type: string + default: "" + - variable: applicationCredentials + label: "applicationCredentials" + schema: + type: string + default: "" + +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + + - variable: identity_providers + group: "Advanced" + label: "Authelia Identity Providers (BETA)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: oidc + label: "OpenID Connect(BETA)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: access_token_lifespan + label: "Access Token Lifespan" + schema: + type: string + default: "1h" + required: true + - variable: authorize_code_lifespan + label: "Authorize Code Lifespan" + schema: + type: string + default: "1m" + required: true + - variable: id_token_lifespan + label: "ID Token Lifespan" + schema: + type: string + default: "1h" + required: true + - variable: refresh_token_lifespan + label: "Refresh Token Lifespan" + schema: + type: string + default: "90m" + required: true + - variable: enable_client_debug_messages + label: "Enable Client Debug Messages" + schema: + type: boolean + default: false + - variable: clients + label: "Clients" + schema: + type: list + default: [] + items: + - variable: clientEntry + label: "Client" + schema: + additional_attrs: true + type: dict + attrs: + - variable: id + label: "ID/Name" + description: "The ID is the OpenID Connect ClientID which is used to link an application to a configuration." + schema: + type: string + default: "myapp" + required: true + - variable: description + label: "Description" + description: "The description to show to users when they end up on the consent screen. Defaults to the ID above." + schema: + type: string + default: "My Application" + required: true + - variable: secret + label: "Secret" + description: "The client secret is a shared secret between Authelia and the consumer of this client." + schema: + type: string + default: "" + required: true + - variable: public + label: "public" + description: "Sets the client to public. This should typically not be set, please see the documentation for usage." + schema: + type: boolean + default: false + - variable: authorization_policy + label: "Authorization Policy" + description: "The policy to require for this client; one_factor or two_factor." + schema: + type: string + default: "two_factor" + enum: + - value: "one_factor" + description: "one_factor" + - value: "two_factor" + description: "two_factor" + - variable: consent_mode + label: "Consent Mode" + description: | + Configures the consent mode. This can be set to auto (default), explicit (consent required every time) or + implicit (automatically assumes consent for every authorization, never asking the user if they wish to give consent.) + schema: + type: string + default: "auto" + enum: + - value: "auto" + description: "auto" + - value: "explicit" + description: "explicit" + - value: "implicit" + description: "implicit" + - variable: userinfo_signing_algorithm + label: "Userinfo Signing Algorithm" + description: "The algorithm used to sign userinfo endpoint responses for this client, either none or RS256." + schema: + type: string + default: "none" + enum: + - value: "none" + description: "none" + - value: "RS256" + description: "RS256" + - variable: audience + label: "Audience" + description: "Audience this client is allowed to request." + schema: + type: list + default: [] + items: + - variable: audienceEntry + label: "" + schema: + type: string + default: "" + required: true + - variable: scopes + label: "Scopes" + description: "Scopes this client is allowed to request." + schema: + type: list + default: [] + items: + - variable: ScopeEntry + label: "Scope" + schema: + type: string + default: "openid" + required: true + - variable: redirect_uris + label: "redirect_uris" + description: "Redirect URI's specifies a list of valid case-sensitive callbacks for this client." + schema: + type: list + default: [] + items: + - variable: uriEntry + label: "Url" + schema: + type: string + default: "https://oidc.example.com/oauth2/callback" + required: true + - variable: grant_types + description: "Grant Types configures which grants this client can obtain." + label: "grant_types" + schema: + type: list + default: [] + items: + - variable: grantEntry + label: "Grant" + schema: + type: string + default: "refresh_token" + required: true + - variable: response_types + description: "Response Types configures which responses this client can be sent." + label: "response_types" + schema: + type: list + default: [] + items: + - variable: responseEntry + label: "type" + schema: + type: string + default: "code" + required: true + - variable: response_modes + description: "Response Modes configures which response modes this client supports." + label: "response_modes" + schema: + type: list + default: [] + items: + - variable: modeEntry + label: "Mode" + schema: + type: string + default: "form_post" + required: true + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: ingress + label: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true + diff --git a/premium/authelia/23.5.5/templates/NOTES.txt b/premium/authelia/23.5.5/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/premium/authelia/23.5.5/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/premium/authelia/23.5.5/templates/_configmap.tpl b/premium/authelia/23.5.5/templates/_configmap.tpl new file mode 100644 index 00000000000..c2797c8aaaa --- /dev/null +++ b/premium/authelia/23.5.5/templates/_configmap.tpl @@ -0,0 +1,376 @@ +{{/* Define the configmap */}} +{{- define "authelia.configmap.paths" -}} +enabled: true +data: + AUTHELIA_SERVER_DISABLE_HEALTHCHECK: "true" + AUTHELIA_JWT_SECRET_FILE: "/secrets/JWT_TOKEN" + AUTHELIA_SESSION_SECRET_FILE: "/secrets/SESSION_ENCRYPTION_KEY" + AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: "/secrets/ENCRYPTION_KEY" + AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: "/secrets/STORAGE_PASSWORD" + {{- if .Values.authentication_backend.ldap.enabled }} + AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE: "/secrets/LDAP_PASSWORD" + {{- end }} + {{- if .Values.notifier.smtp.enabled }} + AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE: "/secrets/SMTP_PASSWORD" + {{- end }} + AUTHELIA_SESSION_REDIS_PASSWORD_FILE: "/secrets/REDIS_PASSWORD" + {{- if .Values.redisProvider.high_availability.enabled }} + AUTHELIA_SESSION_REDIS_HIGH_AVAILABILITY_SENTINEL_PASSWORD_FILE: "/secrets/REDIS_SENTINEL_PASSWORD" + {{- end }} + {{- if .Values.duo_api.enabled }} + AUTHELIA_DUO_API_SECRET_KEY_FILE: "/secrets/DUO_API_KEY" + {{- end }} + {{- if .Values.identity_providers.oidc.enabled }} + AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE: "/secrets/OIDC_HMAC_SECRET" + AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: "/secrets/OIDC_PRIVATE_KEY" + {{- end }} + +{{- end -}} + +{{- define "authelia.configmap.configfile" -}} +enabled: true +data: + configuration.yaml: | + --- + theme: {{ .Values.theme | default "light" }} + default_redirection_url: {{ default (printf "https://www.%s" .Values.domain) .Values.default_redirection_url }} + ntp: + address: {{ .Values.ntp.address | default "time.cloudflare.com:123" }} + version: {{ .Values.ntp.version | default 4 }} + max_desync: {{ .Values.ntp.max_desync | default "3s" }} + disable_startup_check: {{ .Values.ntp.disable_startup_check | default false }} + disable_failure: {{ .Values.ntp.disable_failure | default true }} + server: + host: 0.0.0.0 + port: {{ .Values.server.port | default 9091 }} + {{- if ne "" (.Values.server.path | default "") }} + path: {{ .Values.server.path }} + {{- end }} + buffers: + write: {{ .Values.server.write_buffer_size | default 4096 }} + read: {{ .Values.server.read_buffer_size | default 4096 }} + enable_pprof: {{ .Values.server.enable_pprof | default false }} + enable_expvars: {{ .Values.server.enable_expvars | default false }} + log: + level: {{ .Values.log.level | default "info" }} + format: {{ .Values.log.format | default "text" }} + {{- if ne "" (.Values.log.file_path | default "") }} + file_path: {{ .Values.log.file_path }} + keep_stdout: true + {{- end }} + totp: + issuer: {{ .Values.totp.issuer | default .Values.domain }} + period: {{ .Values.totp.period | default 30 }} + skew: {{ .Values.totp.skew | default 1 }} + {{- if .Values.password_policy.enabled }} + password_policy: + standard: + enabled: {{ .Values.password_policy.standard.enabled | default false }} + min_length: {{ .Values.password_policy.standard.min_length | default 8 }} + max_length: {{ .Values.password_policy.standard.max_length | default 0 }} + require_uppercase: {{ .Values.password_policy.standard.require_uppercase | default false }} + require_lowercase: {{ .Values.password_policy.standard.require_lowercase | default false }} + require_number: {{ .Values.password_policy.standard.require_number | default false }} + require_special: {{ .Values.password_policy.standard.require_special | default false }} + zxcvbn: + enabled: {{ .Values.password_policy.zxcvbn.enabled | default false }} + min_score: {{ .Values.password_policy.zxcvbn.min_score | default 3 }} + {{- end -}} + {{- if .Values.duo_api.enabled }} + duo_api: + hostname: {{ .Values.duo_api.hostname }} + integration_key: {{ .Values.duo_api.integration_key }} + {{- end -}} + {{- with $auth := .Values.authentication_backend }} + authentication_backend: + password_reset: + disable: {{ $auth.disable_reset_password }} + {{- if $auth.file.enabled }} + file: + path: {{ $auth.file.path }} + password: + {{- $p := $auth.file.password -}} + {{- if $p.algorithm }} + algorithm: {{ $p.algorithm }} + {{- end -}} + {{- if $p.iterations }} + iterations: {{ $p.iterations }} + {{- end -}} + {{- if $p.key_length }} + key_length: {{ $p.key_length }} + {{- end -}} + {{- if $p.salt_length }} + salt_length: {{ $p.salt_length }} + {{- end -}} + {{- if $p.memory }} + memory: {{ $p.memory }} + {{- end -}} + {{- if $p.parallelism }} + parallelism: {{ $p.parallelism }} + {{- end -}} + {{- end -}} + {{- if $auth.ldap.enabled }} + ldap: + implementation: {{ $auth.ldap.implementation | default "custom" }} + url: {{ $auth.ldap.url }} + timeout: {{ $auth.ldap.timeout | default "5s" }} + start_tls: {{ $auth.ldap.start_tls }} + tls: + {{- if hasKey $auth.ldap.tls "server_name" }} + server_name: {{ $auth.ldap.tls.server_name | default $auth.ldap.host }} + {{- end }} + minimum_version: {{ $auth.ldap.tls.minimum_version | default "TLS1.2" }} + skip_verify: {{ $auth.ldap.tls.skip_verify | default false }} + {{- if $auth.ldap.base_dn }} + base_dn: {{ $auth.ldap.base_dn }} + {{- end -}} + {{- if $auth.ldap.username_attribute }} + username_attribute: {{ $auth.ldap.username_attribute }} + {{- end -}} + {{- if $auth.ldap.additional_users_dn }} + additional_users_dn: {{ $auth.ldap.additional_users_dn }} + {{- end -}} + {{- if $auth.ldap.users_filter }} + users_filter: {{ $auth.ldap.users_filter }} + {{- end -}} + {{- if $auth.ldap.additional_groups_dn }} + additional_groups_dn: {{ $auth.ldap.additional_groups_dn }} + {{- end -}} + {{- if $auth.ldap.groups_filter }} + groups_filter: {{ $auth.ldap.groups_filter }} + {{- end -}} + {{- if $auth.ldap.group_name_attribute }} + group_name_attribute: {{ $auth.ldap.group_name_attribute }} + {{- end -}} + {{- if $auth.ldap.mail_attribute }} + mail_attribute: {{ $auth.ldap.mail_attribute }} + {{- end -}} + {{- if $auth.ldap.display_name_attribute }} + display_name_attribute: {{ $auth.ldap.display_name_attribute }} + {{- end }} + user: {{ $auth.ldap.user }} + {{- end -}} + {{- end -}} + {{- with $session := .Values.session }} + session: + name: {{ $session.name | default "authelia_session" }} + domain: {{ required "A valid .Values.domain entry required!" $.Values.domain }} + same_site: {{ $session.same_site | default "lax" }} + expiration: {{ $session.expiration | default "1M" }} + inactivity: {{ $session.inactivity | default "5m" }} + remember_me_duration: {{ $session.remember_me_duration | default "1M" }} + {{- end }} + redis: + host: {{ .Values.redis.creds.plain }} + {{- with $redis := .Values.redisProvider }} + port: {{ $redis.port | default 6379 }} + {{- if not (eq $redis.username "") }} + username: {{ $redis.username }} + {{- end }} + maximum_active_connections: {{ $redis.maximum_active_connections | default 8 }} + minimum_idle_connections: {{ $redis.minimum_idle_connections | default 0 }} + {{- if $redis.tls.enabled }} + tls: + server_name: {{ $redis.tls.server_name }} + minimum_version: {{ $redis.tls.minimum_version | default "TLS1.2" }} + skip_verify: {{ $redis.tls.skip_verify }} + {{- end }} + {{- if $redis.high_availability.enabled }} + high_availability: + sentinel_name: {{ $redis.high_availability.sentinel_name }} + {{- if $redis.high_availability.nodes }} + nodes: + {{- range $node := $redis.high_availability.nodes }} + - host: {{ $node.host }} + port: {{ $node.port | default 26379 }} + {{- end -}} + {{- end }} + route_by_latency: {{ $redis.high_availability.route_by_latency }} + route_randomly: {{ $redis.high_availability.route_randomly }} + {{- end }} + {{- end }} + regulation: + max_retries: {{ .Values.regulation.max_retries | default 3 }} + find_time: {{ .Values.regulation.find_time | default "1m" }} + ban_time: {{ .Values.regulation.ban_time | default "5m" }} + storage: + postgres: + host: {{ $.Values.cnpg.main.creds.host }} + {{- with $storage := .Values.storage }} + port: {{ $storage.postgres.port | default 5432 }} + database: {{ $storage.postgres.database | default "authelia" }} + username: {{ $storage.postgres.username | default "authelia" }} + timeout: {{ $storage.postgres.timeout | default "5s" }} + ssl: + mode: {{ $storage.postgres.sslmode | default "disable" }} + {{- end }} + {{- with $notifier := .Values.notifier }} + notifier: + disable_startup_check: {{ $.Values.notifier.disable_startup_check }} + {{- if $notifier.filesystem.enabled }} + filesystem: + filename: {{ $notifier.filesystem.filename }} + {{- end }} + {{- if $notifier.smtp.enabled }} + smtp: + host: {{ $notifier.smtp.host }} + port: {{ $notifier.smtp.port | default 25 }} + timeout: {{ $notifier.smtp.timeout | default "5s" }} + {{- with $notifier.smtp.username }} + username: {{ . }} + {{- end }} + sender: {{ $notifier.smtp.sender | quote }} + identifier: {{ $notifier.smtp.identifier | quote }} + subject: {{ $notifier.smtp.subject | quote }} + startup_check_address: {{ $notifier.smtp.startup_check_address | quote }} + disable_require_tls: {{ $notifier.smtp.disable_require_tls }} + disable_html_emails: {{ $notifier.smtp.disable_html_emails }} + tls: + server_name: {{ $notifier.smtp.tls.server_name | default $notifier.smtp.host }} + minimum_version: {{ $notifier.smtp.tls.minimum_version | default "TLS1.2" }} + skip_verify: {{ $notifier.smtp.tls.skip_verify | default false }} + {{- end }} + {{- end }} + {{- if .Values.identity_providers.oidc.enabled }} + identity_providers: + oidc: + access_token_lifespan: {{ .Values.identity_providers.oidc.access_token_lifespan | default "1h" }} + authorize_code_lifespan: {{ .Values.identity_providers.oidc.authorize_code_lifespan | default "1m" }} + id_token_lifespan: {{ .Values.identity_providers.oidc.id_token_lifespan | default "1h" }} + refresh_token_lifespan: {{ .Values.identity_providers.oidc.refresh_token_lifespan | default "90m" }} + enable_client_debug_messages: {{ .Values.identity_providers.oidc.enable_client_debug_messages | default false }} + minimum_parameter_entropy: {{ .Values.identity_providers.oidc.minimum_parameter_entropy | default 8 }} + {{- if .Values.identity_providers.oidc.clients }} + clients: + {{- range $client := .Values.identity_providers.oidc.clients }} + - id: {{ $client.id }} + description: {{ $client.description | default $client.id }} + secret: {{ $client.secret | default (randAlphaNum 128) }} + {{- if $client.public }} + public: {{ $client.public }} + {{- end }} + authorization_policy: {{ $client.authorization_policy | default "two_factor" }} + consent_mode: {{ $client.consent_mode | default "auto" }} + redirect_uris: + {{- range $client.redirect_uris }} + - {{ . }} + {{- end }} + {{- if $client.audience }} + audience: + {{- range $client.audience }} + - {{ . }} + {{- end }} + {{- end }} + scopes: + {{- range ($client.scopes | default (list "openid" "profile" "email" "groups")) }} + - {{ . }} + {{- end }} + grant_types: + {{- range ($client.grant_types | default (list "refresh_token" "authorization_code")) }} + - {{ . }} + {{- end }} + response_types: + {{- range ($client.response_types | default (list "code")) }} + - {{ . }} + {{- end }} + {{- if $client.response_modes }} + response_modes: + {{- range $client.response_modes }} + - {{ . }} + {{- end }} + {{- end }} + userinfo_signing_algorithm: {{ $client.userinfo_signing_algorithm | default "none" }} + {{- end }} + {{- end }} + {{- end }} + access_control: + {{- if not .Values.access_control.rules }} + {{- if (eq .Values.access_control.default_policy "bypass") }} + default_policy: one_factor + {{- else if (eq .Values.access_control.default_policy "deny") }} + default_policy: two_factor + {{- else }} + default_policy: {{ .Values.access_control.default_policy }} + {{- end }} + {{- else }} + default_policy: {{ .Values.access_control.default_policy }} + {{- end }} + + {{- if and .Values.access_control.networks (not .Values.access_control.networks_access_control) -}} + {{- fail "Please change [.Values.access_control.networks] to [.Values.access_control.networks_access_control]" -}} + {{- end -}} + {{- if not .Values.access_control.networks_access_control }} + networks: [] + {{- else }} + networks: + {{- range $net := .Values.access_control.networks_access_control }} + - name: {{ $net.name }} + networks: + {{- range $net.networks }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + + {{- if not .Values.access_control.rules }} + rules: [] + {{- else }} + rules: + {{- range $rule := .Values.access_control.rules }} + {{- if $rule.domain }} + - domain: + {{- if kindIs "string" $rule.domain }} + - {{ $rule.domain | squote }} + {{- else -}} + {{- range $rule.domain }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end -}} + {{- if $rule.domain_regex }} + domain_regex: + {{- if kindIs "string" $rule.domain_regex }} + - {{ $rule.domain_regex | squote }} + {{- else -}} + {{- range $rule.domain_regex }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- with $rule.policy }} + policy: {{ . }} + {{- end -}} + {{- if $rule.networks }} + networks: + {{- if kindIs "string" $rule.networks }} + - {{ $rule.networks | squote }} + {{- else -}} + {{- range $rule.networks }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- if $rule.subject }} + subject: + {{- if kindIs "string" $rule.subject }} + - {{ $rule.subject | squote }} + {{- else -}} + {{- range $rule.subject }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- if $rule.resources }} + resources: + {{- if kindIs "string" $rule.resources }} + - {{ $rule.resources | squote }} + {{- else -}} + {{- range $rule.resources }} + - {{ . | squote }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + ... +{{- end -}} diff --git a/premium/authelia/23.5.5/templates/_secrets.tpl b/premium/authelia/23.5.5/templates/_secrets.tpl new file mode 100644 index 00000000000..4445f29e909 --- /dev/null +++ b/premium/authelia/23.5.5/templates/_secrets.tpl @@ -0,0 +1,53 @@ +{{/* Define the secrets */}} +{{- define "authelia.secrets" -}} +{{- $basename := include "tc.v1.common.lib.chart.names.fullname" $ -}} +{{- $fetchname := printf "%s-authelia-secrets" $basename -}} + +{{/* Initialize all keys */}} +{{- $oidckey := genPrivateKey "rsa" }} +{{- $oidcsecret := randAlphaNum 32 }} +{{- $jwtsecret := randAlphaNum 50 }} +{{- $sessionsecret := randAlphaNum 50 }} +{{- $encryptionkey := randAlphaNum 100 }} + +enabled: true +data: + {{ with (lookup "v1" "Secret" .Release.Namespace $fetchname) }} + {{/* Get previous values and decode */}} + {{ $sessionsecret = (index .data "SESSION_ENCRYPTION_KEY") | b64dec }} + {{ $jwtsecret = (index .data "JWT_TOKEN") | b64dec }} + {{ $encryptionkey = (index .data "ENCRYPTION_KEY") | b64dec }} + + {{/* Check if those keys ever existed. as OIDC is optional */}} + {{ if and (hasKey .data "OIDC_PRIVATE_KEY") (hasKey .data "OIDC_HMAC_SECRET") }} + {{ $oidckey = (index .data "OIDC_PRIVATE_KEY") | b64dec }} + {{ $oidcsecret = (index .data "OIDC_HMAC_SECRET") | b64dec }} + {{ end }} + {{ end }} + SESSION_ENCRYPTION_KEY: {{ $sessionsecret }} + JWT_TOKEN: {{ $jwtsecret }} + ENCRYPTION_KEY: {{ $encryptionkey }} + + {{- if .Values.authentication_backend.ldap.enabled }} + LDAP_PASSWORD: {{ .Values.authentication_backend.ldap.plain_password | quote }} + {{- end }} + + {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }} + SMTP_PASSWORD: {{ .Values.notifier.smtp.plain_password | quote }} + {{- end }} + + {{- if .Values.duo_api.enabled }} + DUO_API_KEY: {{ .Values.duo_api.plain_api_key | quote }} + {{- end }} + + STORAGE_PASSWORD: {{ $.Values.cnpg.main.creds.password | trimAll "\"" }} + + REDIS_PASSWORD: {{ .Values.redis.creds.redisPassword | trimAll "\"" }} + {{- if .Values.redisProvider.high_availability.enabled }} + REDIS_SENTINEL_PASSWORD: {{ .Values.redis.sentinelPassword | trimAll "\"" }} + {{- end }} + + OIDC_PRIVATE_KEY: | + {{- $oidckey | nindent 4 }} + OIDC_HMAC_SECRET: {{ $oidcsecret }} +{{- end -}} diff --git a/premium/authelia/23.5.5/templates/common.yaml b/premium/authelia/23.5.5/templates/common.yaml new file mode 100644 index 00000000000..54e288e852c --- /dev/null +++ b/premium/authelia/23.5.5/templates/common.yaml @@ -0,0 +1,77 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render configmap for authelia */}} +{{- $configmapPaths := include "authelia.configmap.paths" . | fromYaml -}} +{{- if $configmapPaths -}} + {{- $_ := set .Values.configmap "authelia-paths" $configmapPaths -}} +{{- end -}} + +{{- $configmapFile := include "authelia.configmap.configfile" . | fromYaml -}} +{{- if $configmapFile -}} + {{- $_ := set .Values.configmap "authelia-configfile" $configmapFile -}} +{{- end -}} + +{{/* Render secrets for authelia */}} +{{- $secret := include "authelia.secrets" . | fromYaml -}} +{{- if $secret -}} + {{- $_ := set .Values.secret "authelia-secrets" $secret -}} +{{- end -}} + +{{/* Append the general configMap volume to the volumes */}} +{{- define "authelia.configmapVolume" -}} +enabled: true +mountPath: /configuration.yaml +subPath: configuration.yaml +readOnly: true +type: "configmap" +objectName: authelia-configfile +{{- end -}} + +{{/* Append the general secret volumes to the volumes */}} +{{- define "authelia.secretVolumes" -}} +enabled: true +mountPath: "/secrets" +readOnly: true +type: "secret" +objectName: authelia-secrets +items: + - key: "JWT_TOKEN" + path: JWT_TOKEN + - key: "SESSION_ENCRYPTION_KEY" + path: SESSION_ENCRYPTION_KEY + - key: "ENCRYPTION_KEY" + path: ENCRYPTION_KEY + - key: "STORAGE_PASSWORD" + path: STORAGE_PASSWORD + {{- if .Values.authentication_backend.ldap.enabled }} + - key: "LDAP_PASSWORD" + path: LDAP_PASSWORD + {{- end }} + {{- if and .Values.notifier.smtp.enabled .Values.notifier.smtp.plain_password }} + - key: "SMTP_PASSWORD" + path: SMTP_PASSWORD + {{- end }} + - key: "REDIS_PASSWORD" + path: REDIS_PASSWORD + {{- if .Values.redisProvider.high_availability.enabled}} + - key: "REDIS_SENTINEL_PASSWORD" + path: REDIS_SENTINEL_PASSWORD + {{- end }} + {{- if .Values.duo_api.enabled }} + - key: "DUO_API_KEY" + path: DUO_API_KEY + {{- end }} + {{- if .Values.identity_providers.oidc.enabled }} + - key: "OIDC_PRIVATE_KEY" + path: OIDC_PRIVATE_KEY + - key: "OIDC_HMAC_SECRET" + path: OIDC_HMAC_SECRET + {{- end }} +{{- end -}} + +{{- $_ := set .Values.persistence "authelia-configfile" (include "authelia.configmapVolume" . | fromYaml) -}} +{{- $_ := set .Values.persistence "authelia-secrets" (include "authelia.secretVolumes" . | fromYaml) -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/premium/authelia/23.5.5/values.yaml b/premium/authelia/23.5.5/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/premium/authelia/item.yaml b/premium/authelia/item.yaml new file mode 100644 index 00000000000..84619170039 --- /dev/null +++ b/premium/authelia/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/authelia.png +categories: + - security +screenshots: [] diff --git a/premium/blocky/14.3.5/.helmignore b/premium/blocky/14.3.5/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/premium/blocky/14.3.5/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/premium/blocky/14.3.5/CHANGELOG.md b/premium/blocky/14.3.5/CHANGELOG.md new file mode 100644 index 00000000000..acf48583135 --- /dev/null +++ b/premium/blocky/14.3.5/CHANGELOG.md @@ -0,0 +1,17 @@ +--- +title: Changelog +--- + + +*for the complete changelog, please refer to the website* + +**Important:** + + +## [blocky-14.3.5](https://github.com/truecharts/charts/compare/blocky-14.3.4...blocky-14.3.5) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/blocky/14.3.5/Chart.yaml b/premium/blocky/14.3.5/Chart.yaml new file mode 100644 index 00000000000..965c19e396a --- /dev/null +++ b/premium/blocky/14.3.5/Chart.yaml @@ -0,0 +1,47 @@ +annotations: + max_scale_version: 24.04.0 + min_scale_version: 23.10.0 + truecharts.org/SCALE-support: "true" + truecharts.org/category: network + truecharts.org/max_helm_version: "3.14" + truecharts.org/min_helm_version: "3.12" + truecharts.org/train: premium +apiVersion: v2 +appVersion: 0.23.0 +dependencies: + - name: common + version: 20.0.9 + repository: oci://tccr.io/truecharts + condition: "" + alias: "" + tags: [] + import-values: [] + - name: redis + version: 13.0.3 + repository: oci://tccr.io/truecharts + condition: redis.enabled + alias: "" + tags: [] + import-values: [] +deprecated: false +description: Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go +home: https://truecharts.org/charts/premium/blocky +icon: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png +keywords: + - dns + - blocky +kubeVersion: '>=1.24.0-0' +maintainers: + - name: TrueCharts + email: info@truecharts.org + url: https://truecharts.org +name: blocky +sources: + - https://github.com/Mozart409/blocky-frontend + - https://0xerr0r.github.io/blocky/ + - https://github.com/0xERR0R/blocky + - https://github.com/truecharts/charts/tree/master/charts/premium/blocky + - https://hub.docker.com/r/spx01/blocky + - https://quay.io/oriedge/k8s_gateway +type: application +version: 14.3.5 diff --git a/premium/blocky/14.3.5/LICENSE b/premium/blocky/14.3.5/LICENSE new file mode 100644 index 00000000000..33a8cbb23f0 --- /dev/null +++ b/premium/blocky/14.3.5/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Blocky" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/premium/blocky/14.3.5/README.md b/premium/blocky/14.3.5/README.md new file mode 100644 index 00000000000..c6f2fa256df --- /dev/null +++ b/premium/blocky/14.3.5/README.md @@ -0,0 +1,28 @@ +--- +title: README +--- + +## General Info + +TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/blocky) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +_All Rights Reserved - The TrueCharts Project_ diff --git a/premium/blocky/14.3.5/app-changelog.md b/premium/blocky/14.3.5/app-changelog.md new file mode 100644 index 00000000000..283e76dd81a --- /dev/null +++ b/premium/blocky/14.3.5/app-changelog.md @@ -0,0 +1,9 @@ + + +## [blocky-14.3.5](https://github.com/truecharts/charts/compare/blocky-14.3.4...blocky-14.3.5) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/blocky/14.3.5/app-readme.md b/premium/blocky/14.3.5/app-readme.md new file mode 100644 index 00000000000..d9cf183273a --- /dev/null +++ b/premium/blocky/14.3.5/app-readme.md @@ -0,0 +1,8 @@ +Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/blocky](https://truecharts.org/charts/premium/blocky) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/premium/blocky/14.3.5/charts/common-20.0.9.tgz b/premium/blocky/14.3.5/charts/common-20.0.9.tgz new file mode 100644 index 00000000000..41a62ef2dc2 Binary files /dev/null and b/premium/blocky/14.3.5/charts/common-20.0.9.tgz differ diff --git a/premium/blocky/14.3.5/charts/redis-13.0.3.tgz b/premium/blocky/14.3.5/charts/redis-13.0.3.tgz new file mode 100644 index 00000000000..f04b6a89dbf Binary files /dev/null and b/premium/blocky/14.3.5/charts/redis-13.0.3.tgz differ diff --git a/premium/blocky/14.3.5/dashboard.json b/premium/blocky/14.3.5/dashboard.json new file mode 100644 index 00000000000..847da7c67de --- /dev/null +++ b/premium/blocky/14.3.5/dashboard.json @@ -0,0 +1,1939 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + }, + { + "name": "VAR_BLOCKY_URL", + "type": "constant", + "label": "blocky API URL", + "value": "", + "description": "" + } + ], + "__elements": [], + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "8.3.3" + }, + { + "type": "panel", + "id": "heatmap", + "name": "Heatmap", + "version": "" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "text", + "name": "Text", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "iteration": 1641070862290, + "links": [ + { + "icon": "external link", + "tags": [], + "title": "blocky @ GitHub", + "tooltip": "open GitHub repo", + "type": "link", + "url": "https://github.com/0xERR0R/blocky" + } + ], + "liveNow": false, + "panels": [ + { + "description": "current service state", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "0": { + "text": "down" + }, + "1": { + "text": "up" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "#299c46", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "id": 26, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "sum(up{job=~\"$job\"})", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "State", + "transparent": true, + "type": "stat" + }, + { + "description": "Is blocking enabled?", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "0": { + "text": "off" + }, + "1": { + "text": "on" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#d44a3a", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "#299c46", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 6, + "y": 0 + }, + "id": 43, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "value" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "blocky_blocking_enabled", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Blocking", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Enable Ad disable blocking", + "gridPos": { + "h": 5, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 42, + "options": { + "content": "\n
\n ×Done!\n
\n
\n \n \n \n
\n\n\n", + "mode": "html" + }, + "pluginVersion": "8.3.3", + "title": "Blocking status", + "transparent": true, + "type": "text" + }, + { + "description": "Blocky [version](https://github.com/0xERR0R/blocky) number", + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 0, + "y": 3 + }, + "id": 55, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "center", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "/^version$/", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "blocky_build_info ", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Version", + "transformations": [ + { + "id": "labelsToFields", + "options": {} + }, + { + "id": "merge", + "options": {} + } + ], + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Average query response time for all query types", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 6, + "y": 3 + }, + "id": 24, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(increase(blocky_request_duration_ms_sum[$__range])) / sum(increase(blocky_request_duration_ms_count[$__range]))", + "format": "table", + "instant": false, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Avg response time", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Number of blacklist entries", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 12, + "y": 5 + }, + "id": 30, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(blocky_blacklist_cache) / sum(up{job=~\"$job\"})", + "format": "table", + "instant": false, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Blacklist entries total", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "decimals": 2, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 6, + "y": 12 + }, + "id": 28, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(go_memstats_sys_bytes{job=~\"$job\"})/sum(up{job=~\"$job\"})", + "format": "table", + "instant": false, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Memory allocated", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Percentage of blocked queries", + "fieldConfig": { + "defaults": { + "decimals": 2, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "max": 1, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 6, + "y": 6 + }, + "id": 34, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(increase(blocky_response_total{response_type=\"BLOCKED\"}[$__range])) / sum(increase(blocky_query_total[$__range])) ", + "format": "table", + "instant": false, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Queries blocked", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Number of all queries. Shows the last value", + "fieldConfig": { + "defaults": { + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 0, + "y": 6 + }, + "hideTimeOverride": true, + "id": 4, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "ceil(sum(increase(blocky_query_total[$__range]))) ", + "format": "table", + "instant": false, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Query Count Total", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Number of entries in the cache. Shows the last value", + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 12, + "y": 8 + }, + "id": 45, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["last"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(blocky_cache_entry_count)/ sum(up{job=~\"$job\"})", + "format": "table", + "instant": false, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Cache entries count", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Cache Hit/Miss ratio. 100 % means, all queries could be answered from the cache, 0% - all queries must be resolved via external DNS", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 1, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 18, + "y": 8 + }, + "id": 47, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["mean"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(increase(blocky_cache_hit_count[$__range])) / (sum(increase(blocky_cache_hit_count[$__range])) + sum(increase(blocky_cache_miss_count[$__range])))", + "format": "table", + "instant": false, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Cache Hit/Miss ratio", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Number of occured errors", + "fieldConfig": { + "defaults": { + "decimals": 0, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#299c46", + "value": null + }, + { + "color": "rgba(237, 129, 40, 0.89)", + "value": 1 + }, + { + "color": "#d44a3a" + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 0, + "y": 12 + }, + "id": 36, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(increase(blocky_error_total[$__range]))", + "format": "table", + "instant": false, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Error count", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Amount of performed DNS queries to prefetch cached queries", + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 0, + "y": 9 + }, + "id": 53, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "ceil(sum(increase(blocky_prefetch_count[$__range])))", + "format": "table", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Prefetch count", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Amount of prefetch queries per minute", + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 12, + "y": 11 + }, + "id": 51, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(rate(blocky_prefetch_count[5m])) * 60", + "format": "table", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Prefetch rate per min", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "How many of cached entries were prefetched automatically", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "max": 1, + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 18, + "y": 11 + }, + "id": 58, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["mean"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(increase(blocky_prefetch_hit_count[$__range])) / (sum(increase(blocky_cache_hit_count[$__range])))", + "format": "table", + "instant": false, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Prefetch Hit ratio", + "transparent": true, + "type": "stat" + }, + { + "description": "Time since last list refresh", + "fieldConfig": { + "defaults": { + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 18, + "y": 5 + }, + "id": 57, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "sum(time() -blocky_last_list_group_refresh)/ sum(up{job=~\"$job\"})", + "format": "table", + "instant": true, + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Last list refresh", + "transparent": true, + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Amount of unique domains in the prefetched cache", + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 6, + "x": 6, + "y": 9 + }, + "id": 49, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(blocky_prefetch_domain_name_cache_count)/ sum(up{job=~\"$job\"})", + "format": "table", + "interval": "", + "legendFormat": "", + "refId": "A" + } + ], + "title": "Prefetch domain count", + "transparent": true, + "type": "stat" + }, + { + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "avg requests / min", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 15 + }, + "id": 10, + "options": { + "legend": { + "calcs": [], + "displayMode": "hidden", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(rate(blocky_query_total[5m])) * 60", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": " ", + "refId": "A" + } + ], + "title": "Request rate", + "transparent": true, + "type": "timeseries" + }, + { + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "avg requests / min", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 100, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 22 + }, + "id": 52, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "8.3.3", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum by (client) (rate(blocky_query_total[5m])) * 60", + "format": "time_series", + "instant": false, + "interval": "", + "legendFormat": " {{client}}", + "refId": "A" + } + ], + "title": "Request rate per client", + "transparent": true, + "type": "timeseries" + }, + { + "cards": {}, + "color": { + "cardColor": "#FADE2A", + "colorScale": "sqrt", + "colorScheme": "interpolateYlOrBr", + "exponent": 0.5, + "mode": "opacity" + }, + "dataFormat": "tsbuckets", + "gridPos": { + "h": 9, + "w": 24, + "x": 0, + "y": 29 + }, + "heatmap": {}, + "hideZeroBuckets": false, + "highlightCards": true, + "id": 22, + "legend": { + "show": true + }, + "reverseYBuckets": false, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(increase(blocky_request_duration_ms_bucket{response_type=\"RESOLVED\"}[$__range])) by (le)", + "format": "heatmap", + "instant": false, + "interval": "", + "legendFormat": "{{le}}", + "refId": "A" + } + ], + "title": "request duration (upstream)", + "tooltip": { + "show": true, + "showHistogram": false + }, + "transparent": true, + "type": "heatmap", + "xAxis": { + "show": true + }, + "yAxis": { + "format": "ms", + "logBase": 1, + "show": true + }, + "yBucketBound": "auto" + }, + { + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 0, + "mappings": [], + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 38 + }, + "id": 2, + "links": [], + "maxDataPoints": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "values": ["value", "percent"] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "6.6.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": " sort_desc(sum by (type) (ceil(increase(blocky_query_total[$__range]))))", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "{{ type }}", + "refId": "A" + } + ], + "title": "Query by type", + "transparent": true, + "type": "piechart" + }, + { + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 0, + "mappings": [], + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 38 + }, + "id": 8, + "links": [], + "maxDataPoints": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "values": ["value", "percent"] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "6.6.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "sort_desc(sum by (client) (ceil(increase(blocky_query_total[$__range]))))", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "{{ client }}", + "refId": "A" + } + ], + "title": "Query per Client", + "transparent": true, + "type": "piechart" + }, + { + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 0, + "mappings": [], + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 46 + }, + "id": 32, + "links": [], + "maxDataPoints": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "values": ["value"] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "6.6.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": "topk(1, blocky_blacklist_cache) by (group)", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "{{ group }}", + "refId": "A" + } + ], + "title": "Blacklist by group", + "transparent": true, + "type": "piechart" + }, + { + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 0, + "mappings": [], + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 46 + }, + "id": 14, + "links": [], + "maxDataPoints": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "values": ["value", "percent"] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": " sort_desc(sum by (reason) (ceil(increase(blocky_response_total[$__range]))))", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "{{reason}}", + "refId": "A" + } + ], + "title": "Response Reasons", + "transparent": true, + "type": "piechart" + }, + { + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 0, + "mappings": [], + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 54 + }, + "id": 38, + "interval": "", + "links": [], + "maxDataPoints": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "values": ["value", "percent"] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": " sort_desc(sum by (response_type) (ceil(increase(blocky_response_total[$__range]))))", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "{{response_type}}", + "refId": "A" + } + ], + "title": "Response Type", + "transparent": true, + "type": "piechart" + }, + { + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "decimals": 0, + "mappings": [], + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 54 + }, + "id": 12, + "links": [], + "maxDataPoints": 3, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "values": ["value", "percent"] + }, + "pieType": "donut", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": false, + "expr": " sort_desc(sum by (response_code) (ceil(increase(blocky_response_total[$__range]))))", + "format": "time_series", + "instant": true, + "interval": "", + "legendFormat": "{{response_code}}", + "refId": "A" + } + ], + "title": "Response status", + "transparent": true, + "type": "piechart" + } + ], + "refresh": false, + "schemaVersion": 34, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "DS_PROMETHEUS", + "label": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "hide": 0, + "label": "blocky API URL", + "name": "blocky_url", + "query": "${VAR_BLOCKY_URL}", + "skipUrlSync": false, + "type": "constant", + "current": { + "value": "${VAR_BLOCKY_URL}", + "text": "${VAR_BLOCKY_URL}", + "selected": false + }, + "options": [ + { + "value": "${VAR_BLOCKY_URL}", + "text": "${VAR_BLOCKY_URL}", + "selected": false + } + ] + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(blocky_blocking_enabled,job)", + "hide": 0, + "includeAll": true, + "label": "job", + "multi": false, + "name": "job", + "options": [], + "query": { + "qryType": 1, + "query": "label_values(blocky_blocking_enabled,job)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "type": "query" + } + ] + }, + "time": { + "from": "now-3h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ] + }, + "timezone": "", + "title": "blocky", + "uid": "JvOqE4gRk", + "version": 1, + "weekStart": "" +} diff --git a/premium/blocky/14.3.5/dashboardpsql.json b/premium/blocky/14.3.5/dashboardpsql.json new file mode 100644 index 00000000000..203723f09d2 --- /dev/null +++ b/premium/blocky/14.3.5/dashboardpsql.json @@ -0,0 +1,874 @@ +{ + "__inputs": [ + { + "name": "DS_POSTGRES", + "label": "Postgres", + "description": "", + "type": "datasource", + "pluginId": "postgres", + "pluginName": "Postgres" + } + ], + "__requires": [ + { + "type": "panel", + "id": "barchart", + "name": "Bar chart", + "version": "" + }, + { + "type": "panel", + "id": "bargauge", + "name": "Bar gauge", + "version": "" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "8.1.2" + }, + { + "type": "datasource", + "id": "postgres", + "name": "Postgres", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "panel", + "id": "table", + "name": "Table", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": "-- Grafana --", + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "gnetId": null, + "graphTooltip": 0, + "id": null, + "iteration": 1631130053746, + "links": [], + "panels": [ + { + "cacheTimeout": null, + "datasource": "${DS_POSTGRES}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "displayName": "${__field.labels.response_type}", + "mappings": [], + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 0, + "y": 0 + }, + "id": 14, + "interval": null, + "links": [], + "options": { + "displayLabels": [], + "legend": { + "displayMode": "table", + "placement": "right", + "values": ["value"] + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "8.1.2", + "repeatDirection": "v", + "targets": [ + { + "format": "time_series", + "group": [], + "metricColumn": "none", + "rawQuery": true, + "rawSql": "SELECT t.response_type, max(t.request_Ts) as time, count(*) as cnt from log_entries t \n WHERE $__timeFilter(t.request_Ts) and \n t.response_type in ($response_type) and \n t.client_name in ($client_name) and \n (length(''$question'') = 0 or POSITION(lower(''$question'') IN t.question_name) > 0)\n group by t.response_type\n order by time", + "refId": "A", + "select": [ + [ + { + "params": ["value"], + "type": "column" + } + ] + ], + "timeColumn": "time", + "where": [ + { + "name": "$__timeFilter", + "params": [], + "type": "macro" + } + ] + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Query count by response type", + "transformations": [], + "type": "piechart" + }, + { + "datasource": "${DS_POSTGRES}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 6, + "y": 0 + }, + "id": 16, + "options": { + "displayLabels": [], + "legend": { + "displayMode": "table", + "placement": "right", + "values": ["value"] + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "format": "time_series", + "group": [], + "metricColumn": "none", + "rawQuery": true, + "rawSql": "SELECT max(t.request_ts) AS time,\n case when t.reason like ''BLOCKED%'' then SPLIT_PART(SPLIT_PART(t.reason,''('',-1), '')'',1) else '''' end AS metric,\n count(t.reason) AS cnt\nFROM log_entries t\nWHERE t.response_type =''BLOCKED''\n AND $__timeFilter(t.request_Ts)\n AND t.client_name in ($client_name)\n AND (length(''$question'') = 0 or POSITION(lower(''$question'') IN t.question_name) > 0)\nGROUP BY 2\nORDER BY time", + "refId": "A", + "select": [ + [ + { + "params": ["duration_ms"], + "type": "column" + } + ] + ], + "table": "log_entries", + "timeColumn": "request_ts", + "timeColumnType": "timestamp", + "where": [ + { + "name": "$__timeFilter", + "params": [], + "type": "macro" + } + ] + } + ], + "title": "Blocked by Blacklist", + "type": "piechart" + }, + { + "cacheTimeout": null, + "datasource": "${DS_POSTGRES}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 13, + "interval": null, + "links": [], + "options": { + "displayMode": "gradient", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": true + }, + "showUnfilled": true, + "text": {} + }, + "pluginVersion": "8.1.2", + "repeatDirection": "v", + "targets": [ + { + "format": "table", + "group": [], + "metricColumn": "none", + "rawQuery": true, + "rawSql": "SELECT max(t.request_Ts) as time, t.client_name as metric, count(*) as cnt from log_entries t \n WHERE $__timeFilter(t.request_Ts) and \n t.response_type in ($response_type) and \n t.client_name in ($client_name) and \n (length(''$question'') = 0 or POSITION(lower(''$question'') IN t.question_name) > 0)\n group by t.client_name\n order by 3 desc", + "refId": "A", + "select": [ + [ + { + "params": ["value"], + "type": "column" + } + ] + ], + "timeColumn": "time", + "where": [ + { + "name": "$__timeFilter", + "params": [], + "type": "macro" + } + ] + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Query count by client", + "transformations": [], + "type": "bargauge" + }, + { + "datasource": "${DS_POSTGRES}", + "description": "Top 20 effective top level domain plus one more label", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMin": 0, + "fillOpacity": 67, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineWidth": 2 + }, + "displayName": "count", + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 8 + }, + "id": 11, + "options": { + "barWidth": 0.26, + "groupWidth": 0.7, + "legend": { + "calcs": [], + "displayMode": "hidden", + "placement": "bottom" + }, + "orientation": "horizontal", + "showValue": "never", + "stacking": "none", + "text": { + "valueSize": 10 + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "format": "table", + "group": [], + "hide": false, + "metricColumn": "question_name", + "rawQuery": true, + "rawSql": "SELECT t.effective_tldp as metric, count(*) as value from log_entries t \nWHERE $__timeFilter(t.request_Ts) \n and t.response_type in ($response_type) \n and t.client_name in ($client_name) \n and (length(''$question'') = 0 or POSITION(lower(''$question'') IN t.question_name) > 0) \n group by t.effective_tldp order by count(*) desc limit 20", + "refId": "A", + "select": [ + [ + { + "params": ["value"], + "type": "column" + } + ] + ], + "table": "log_entries", + "timeColumn": "request_ts", + "where": [] + } + ], + "title": "Top 20 effective TLD+1", + "type": "barchart" + }, + { + "datasource": "${DS_POSTGRES}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "axisSoftMin": 0, + "fillOpacity": 67, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineWidth": 2 + }, + "displayName": "count", + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "id": 8, + "options": { + "barWidth": 0.26, + "groupWidth": 0.7, + "legend": { + "calcs": [], + "displayMode": "hidden", + "placement": "bottom" + }, + "orientation": "horizontal", + "showValue": "never", + "stacking": "none", + "text": { + "valueSize": 10 + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "format": "table", + "group": [], + "hide": false, + "metricColumn": "question_name", + "rawQuery": true, + "rawSql": "SELECT t.question_name as metric, count(*) as value from log_entries t \n WHERE $__timeFilter(t.request_Ts) and \n t.response_type in ($response_type) and \n t.client_name in ($client_name) and \n (length(''$question'') = 0 or POSITION(lower(''$question'') IN t.question_name) > 0) \n group by t.question_name order by count(*) desc limit 20", + "refId": "A", + "select": [ + [ + { + "params": ["value"], + "type": "column" + } + ] + ], + "table": "log_entries", + "timeColumn": "request_ts", + "where": [] + } + ], + "title": "Top 20 queried domains", + "type": "barchart" + }, + { + "datasource": "${DS_POSTGRES}", + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "queries count", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "bars", + "fillOpacity": 35, + "gradientMode": "hue", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 12, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": 3600000, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "displayName": "${__field.labels.client_name}", + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 12, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "right" + }, + "tooltip": { + "mode": "single" + } + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "format": "time_series", + "group": [], + "metricColumn": "none", + "rawQuery": true, + "rawSql": "SELECT\n $__timeGroupAlias(t.request_Ts, ''30m''),\n t.client_name,\n count(*) as c\nFROM log_entries t\nWHERE\n $__timeFilter(t.request_Ts) and \n t.response_type in ($response_type) and \n t.client_name in ($client_name) and \n (length(''$question'') = 0 or POSITION(lower(''$question'') IN t.question_name) > 0)\nGROUP BY 1,2\nORDER BY 1", + "refId": "A", + "select": [ + [ + { + "params": ["duration_ms"], + "type": "column" + } + ] + ], + "table": "log_entries", + "timeColumn": "request_ts", + "timeColumnType": "timestamp", + "where": [ + { + "name": "$__timeFilter", + "params": [], + "type": "macro" + } + ] + } + ], + "title": "Queries number per client (30m)", + "type": "timeseries" + }, + { + "datasource": "${DS_POSTGRES}", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": -1, + "drawStyle": "bars", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepBefore", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "line" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "dtdurationms" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 23 + }, + "id": 10, + "options": { + "legend": { + "calcs": [], + "displayMode": "hidden", + "placement": "bottom" + }, + "tooltip": { + "mode": "single" + } + }, + "targets": [ + { + "format": "time_series", + "group": [], + "metricColumn": "none", + "rawQuery": true, + "rawSql": "SELECT\n EXTRACT(EPOCH from t.request_Ts) as time,\n t.duration_ms\nFROM log_entries t\nWHERE\n $__timeFilter(t.request_Ts) and \n t.response_type in ($response_type) and \n t.client_name in ($client_name) and \n (length(''$question'') = 0 or POSITION(lower(''$question'') IN t.question_name) > 0)\nORDER BY request_ts", + "refId": "A", + "select": [ + [ + { + "params": ["duration_ms"], + "type": "column" + } + ] + ], + "table": "log_entries", + "timeColumn": "request_ts", + "timeColumnType": "timestamp", + "where": [ + { + "name": "$__timeFilter", + "params": [], + "type": "macro" + } + ] + } + ], + "title": "Query duration", + "type": "timeseries" + }, + { + "datasource": "${DS_POSTGRES}", + "description": "Last 100 queries, newest on top", + "fieldConfig": { + "defaults": { + "custom": { + "align": null, + "displayMode": "auto", + "filterable": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "time" + }, + "properties": [ + { + "id": "unit", + "value": "dateTimeAsIsoNoDateIfToday" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 31 + }, + "id": 4, + "options": { + "showHeader": true + }, + "pluginVersion": "8.1.2", + "targets": [ + { + "format": "table", + "group": [], + "metricColumn": "none", + "rawQuery": true, + "rawSql": "SELECT EXTRACT(EPOCH from t.request_Ts) as \"time\", \n t.client_ip as \"client IP\", \n t.client_name as \"client name\", \n t.duration_ms as \"duration in ms\", \n t.response_type as \"response type\", \n t.question_type as \"question type\", \n t.question_name as \"question name\", \n t.effective_tldp as \"effective TLD+1\", \n t.answer as \"answer\" from log_entries t \n WHERE $__timeFilter(t.request_Ts) and \n t.response_type in ($response_type) and \n t.client_name in ($client_name) and \n (length(''$question'') = 0 or POSITION(lower(''$question'') IN t.question_name) > 0) \n order by t.request_Ts desc limit 100", + "refId": "A", + "select": [ + [ + { + "params": ["value"], + "type": "column" + } + ] + ], + "timeColumn": "time", + "where": [ + { + "name": "$__timeFilter", + "params": [], + "type": "macro" + } + ] + } + ], + "timeFrom": null, + "timeShift": null, + "title": "Last queries", + "type": "table" + } + ], + "refresh": "", + "schemaVersion": 30, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "BlockyPostgres", + "value": "blockypostgres" + }, + "hide": 0, + "includeAll": false, + "label": "datasource", + "multi": false, + "name": "DS_POSTGRES", + "options": [], + "query": "grafana-postgresql-datasource", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": "", + "current": {}, + "datasource": "${DS_POSTGRES}", + "definition": "select distinct client_name from log_entries", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Client name", + "multi": true, + "name": "client_name", + "options": [], + "query": "select distinct client_name from log_entries", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "allValue": null, + "current": {}, + "datasource": "${DS_POSTGRES}", + "definition": "select distinct response_type from log_entries", + "description": null, + "error": null, + "hide": 0, + "includeAll": true, + "label": "Response type", + "multi": true, + "name": "response_type", + "options": [], + "query": "select distinct response_type from log_entries", + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": { + "selected": false, + "text": "", + "value": "" + }, + "description": null, + "error": null, + "hide": 0, + "label": "Domain (contains)", + "name": "question", + "options": [ + { + "selected": true, + "text": "", + "value": "" + } + ], + "query": "", + "skipUrlSync": false, + "type": "textbox" + } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Blocky query", + "uid": "AVmWSVWgz", + "version": 3 +} diff --git a/premium/blocky/14.3.5/ix_values.yaml b/premium/blocky/14.3.5/ix_values.yaml new file mode 100644 index 00000000000..41a8c5c1b39 --- /dev/null +++ b/premium/blocky/14.3.5/ix_values.yaml @@ -0,0 +1,380 @@ +image: + repository: spx01/blocky + tag: v0.23@sha256:24855b63986c790093554a1f62b58379a06bc10a90ee073906e7c39bf692adcc + pullPolicy: IfNotPresent +k8sgatewayImage: + repository: quay.io/oriedge/k8s_gateway + pullPolicy: IfNotPresent + tag: v0.4.0@sha256:7bdbd447c0244b8f89de9cd6f4826ed0ac66c9406fac3a4ac80081020c251c6b + +workload: + main: + replicas: 2 + strategy: RollingUpdate + podSpec: + containers: + main: + probes: + liveness: + enabled: false + type: exec + command: + - /app/blocky + - healthcheck + readiness: + enabled: false + type: exec + command: + - /app/blocky + - healthcheck + startup: + enabled: false + type: exec + command: + - /app/blocky + - healthcheck +# -- Blocky Config File content +blockyConfig: {} +# upstream: +# default: +# - 1.1.1.1 + +# -- some general blocky settings +blocky: + # -- Enable prometheus annotations + enablePrometheus: true +service: + main: + enabled: true + ports: + main: + enabled: true + port: 4000 + protocol: http + targetPort: 4000 + dns: + enabled: true + ports: + dns: + enabled: true + port: 53 + protocol: udp + targetPort: 53 + dnstcp: + enabled: true + protocol: tcp + port: "{{ .Values.service.dns.ports.dns.port }}" + targetPort: 53 + dot: + enabled: true + ports: + dot: + enabled: true + port: 853 + protocol: tcp + targetPort: 853 + https: + enabled: true + ports: + https: + enabled: true + port: 4443 + protocol: https + targetPort: 4443 + k8sgateway: + enabled: true + ports: + k8sgateway: + enabled: true + port: 5353 + protocol: udp + targetPort: 5353 +## TODO Add support for SCALE certificates and certificates secrets here +certFile: "" +keyFile: "" +logLevel: info +logFormat: text +logTimestamp: true +logPrivacy: false +dohUserAgent: "" +minTlsServeVersion: 1.2 +# -- set the default DNS upstream servers +# Primarily designed for inclusion in the TrueNAS SCALE GUI +defaultUpstreams: + - 1.1.1.1 + - 1.0.0.1 + - 8.8.8.8 + - 8.8.4.4 + - 9.9.9.9 + - 149.112.112.112 + - 208.67.222.222 + - 208.67.220.220 + - 8.26.56.26 + - 8.20.247.20 + - 185.228.168.9 + - 185.228.169.9 + - 76.76.19.19 + - 76.223.122.150 + - 76.76.2.0 + - 76.76.10.0 +# -- set additional upstreams +# Primarily designed for inclusion in the TrueNAS SCALE GUI +upstreams: +# - name: group2 +# dnsservers: +# - 1.1.1.1 + +# -- set bootstrap dns (not needed) +# Ensures bootstrap encryption and ensure it doesn't use k8s dns +bootstrapDns: + # -- Upstream + upstream: "" + # -- IP's linked to upstream DoT/DoH DNS name + ips: [] +# -- set additional bootstrap dns (not needed, only used if bootstrapDns is set) +additionalBootstrapDns: [] +# - upstream: "" +# ips: [] + +# -- Return empty answer for these queries +filtering: + # -- Ensures filtering by query type + queryTypes: [] +# -- Set manual custom DNS resolution +customDNS: + customTTL: 1h + filterUnmappedTypes: true + rewrite: [] + # - in: something.com + # out: somethingelse.com + mapping: [] + # - domain: something.com + # dnsserver: 192.168.178.1 +# -- Setup client-name lookup +clientLookup: + # -- upstream used for client-name lookup + upstream: "" + singleNameOrder: [] + clients: + # - domain: laptop + # ips: [] +# -- Setup caching +caching: + minTime: 5m + maxTime: 30m + maxItemsCount: 0 + prefetching: false + prefetchExpires: 2h + prefetchThreshold: 5 + prefetchMaxItemsCount: 0 + cacheTimeNegative: 30m +# -- set conditional settings +# Primarily designed for inclusion in the TrueNAS SCALE GUI +conditional: + rewrite: [] + # - in: something.com + # out: somethingelse.com + mapping: [] + # - domain: something.com + # dnsserver: 192.168.178.1 +# -- set blocking settings using Lists +# Primarily designed for inclusion in the TrueNAS SCALE GUI +blocking: + # -- Sets the blocktype + blockType: nxDomain + # -- Sets the block ttl + blockTTL: 6h + # -- Sets the block refreshPeriod + refreshPeriod: 4h + # -- Sets the block download timeout + downloadTimeout: 60s + # -- Sets the block download attempt count + downloadAttempts: 3 + # -- Sets the block download cooldown + downloadCooldown: 2s + # -- Set the start strategy (blocking | failOnError | fast) + startStrategy: blocking + # -- Sets how many list-groups can be processed at the same time + processingConcurrency: 4 + # -- Add blocky whitelists + whitelist: [] + # - name: ads + # lists: + # - https://someurl.com/list.txt + # - /somefile.txt + + # -- Blocky blacklists + blacklist: [] + # - name: ads + # lists: + # - https://someurl.com/list.txt + # - /somefile.txt + + # -- Blocky clientGroupsBlock + clientGroupsBlock: [] + # - name: default + # groups: + # - ads +# -- configure using hostsfile for lookups +# Allows for using the hosts configured in kubernetes and such +hostsFile: + enabled: false + filePath: /etc/hosts + hostsTTL: 60m + refreshPeriod: 30m +## TODO: add this with postgresql support as well +# queryLog: +# type: csv +# target: /logs +# logRetentionDays: 0 +# creationAttempts: 3 +# CreationCooldown: 2 +podOptions: + automountServiceAccountToken: true +portal: + open: + enabled: false +serviceAccount: + main: + # -- Specifies whether a service account should be created + enabled: true + primary: true +# -- Create a ClusterRole and ClusterRoleBinding +# @default -- See below +rbac: + main: + # -- Enables or disables the ClusterRole and ClusterRoleBinding + enabled: true + primary: true + clusterWide: true + # -- Set Rules on the ClusterRole + rules: + - apiGroups: + - "" + resources: + - services + - namespaces + verbs: + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch +k8sgateway: + enabled: true + # -- TTL for non-apex responses (in seconds) + ttl: 300 + # -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"] + watchedResources: [] + # -- Service name of a secondary DNS server (should be `serviceName.namespace`) + secondary: "" + # -- Override the default `serviceName.namespace` domain apex + apex: "" + # -- list of processed domains + domains: [] + # -- Delegated domain + # - domain: "example.com" + # # -- Optional configuration option for DNS01 challenge that will redirect all acme + # # challenge requests to external cloud domain (e.g. managed by cert-manager) + # # See: https://cert-manager.io/docs/configuration/acme/dns01/ + # dnsChallenge: + # enabled: false + # domain: dns01.clouddns.com + + forward: + enabled: false + primary: tls://1.1.1.1 + secondary: tls://1.0.0.1 + options: + - name: tls_servername + value: cloudflare-dns.com + +configmap: + dashboard: + enabled: true + labels: + grafana_dashboard: "1" + data: + blocky.json: >- + {{ .Files.Get "dashboard.json" | indent 8 }} + blockypostgres.json: >- + {{ .Files.Get "dashboardpsql.json" | indent 8 }} + datasource: + enabled: true + labels: + grafana_datasources: "1" + data: + datasourceblockypsql.yaml: |- + apiVersion: 1 + datasources: + - name: BlockyPostgres + type: postgres + uid: blockypostgres + url: {{ printf "%s.%s:5432" (.Values.cnpg.main.creds.host | trimAll "\"") .Release.Namespace }} + access: proxy + user: {{ .Values.cnpg.main.user }} + secureJsonData: + password: {{ .Values.cnpg.main.creds.password | default "na" }} + jsonData: + database: {{ .Values.cnpg.main.database }} + sslmode: 'disable' # disable/require/verify-ca/verify-full + maxOpenConns: 100 # Grafana v5.4+ + maxIdleConns: 100 # Grafana v5.4+ + maxIdleConnsAuto: true # Grafana v9.5.1+ + connMaxLifetime: 14400 # Grafana v5.4+ + postgresVersion: 1500 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10 + timescaledb: false + +metrics: + main: + # -- Enable and configure a Prometheus serviceMonitor for the chart under this key. + # @default -- See values.yaml + enabled: true + type: "servicemonitor" + endpoints: + - port: main + path: /metrics + # -- Enable and configure Prometheus Rules for the chart under this key. + # @default -- See values.yaml + prometheusRule: + enabled: false + labels: {} + # -- Configure additionial rules for the chart under this key. + # @default -- See prometheusrules.yaml + rules: [] + # - alert: UnifiPollerAbsent + # annotations: + # description: Unifi Poller has disappeared from Prometheus service discovery. + # summary: Unifi Poller is down. + # expr: | + # absent(up{job=~".*unifi-poller.*"} == 1) + # for: 5m + # labels: + # severity: critical + +redis: + enabled: true +# CANNOT be defined in above yaml section +queryLog: + # optional one of: mysql, postgresql, csv, csv-client. If empty, log to console + type: "postgresql" + # directory (should be mounted as volume in docker) for csv, db connection string for mysql, ignored for included postgresql + # target: /var/log/something + # postgresql target: postgres://user:password@db_host_or_ip:5432/db_name + # if > 0, deletes log files which are older than ... days + logRetentionDays: 0 + # optional: Max attempts to create specific query log writer, default: 3 + creationAttempts: 3 + # optional: Time between the creation attempts, default: 2s + creationCooldown: 2s + +cnpg: + main: + enabled: true + user: blocky + database: blocky diff --git a/premium/blocky/14.3.5/questions.yaml b/premium/blocky/14.3.5/questions.yaml new file mode 100755 index 00000000000..d4872d191e2 --- /dev/null +++ b/premium/blocky/14.3.5/questions.yaml @@ -0,0 +1,3780 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Backup Configuration + description: Configure Velero Backup Schedule + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation + +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + + - variable: webUI + group: App Configuration + label: WebUI Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Web UI + description: Enables Web UI + schema: + type: boolean + default: true + - variable: apiURL + label: API URL + description: API URL for webUI, including port. Only used when not using ingress + schema: + type: string + default: "http://127.0.0.1:4000" + - variable: overrideDefaults + group: App Configuration + label: Override Default Upstreams + description: Overrides the predefined DNS server upstream list + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: defaultUpstreams + label: Default Upstreams + schema: + type: list + default: [] + items: + - variable: upstreamEntry + label: Upstream Entry + schema: + type: string + required: true + default: "" + - variable: upstreams + group: App Configuration + label: Upstreams Groups + description: Refer to +
https://0xerr0r.github.io/blocky/configuration/#upstream-configuration + schema: + type: list + default: [] + items: + - variable: upstreamsGroupEntry + label: Upstreams Group Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Group Name + schema: + type: string + required: true + default: "" + - variable: upstreams + label: Upstreams + schema: + type: list + required: true + default: [] + items: + - variable: upstreamEntry + label: upstream Entry + schema: + type: string + required: true + default: "" + - variable: bootstrapDns + group: App Configuration + label: Bootstrap DNS + description: Used to resolve upstream DoH and DoT servers that are specified as hostnames. +
Refer to https://0xerr0r.github.io/blocky/configuration/#bootstrap-dns-configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: upstream + label: Upstream + schema: + type: string + default: "" + - variable: ips + label: IPs + schema: + type: list + default: [] + items: + - variable: ipEntry + label: IP Entry + schema: + type: string + required: true + default: "" + - variable: additionalBootstrapDns + group: App Configuration + label: Additional Bootstrap DNS + schema: + type: list + show_if: [[ "bootstrapDns", "!=", {"upstream": "", "ips": []} ]] + default: [] + items: + - variable: additionalBootstrapDnsEntry + label: Additional Bootstrap DNS Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: upstream + label: Upstream + schema: + type: string + default: "" + - variable: ips + label: IPs + schema: + type: list + default: [] + items: + - variable: ipEntry + label: IP Entry + schema: + type: string + required: true + default: "" + - variable: filtering + group: App Configuration + label: Filtering + description: Define one or more DNS query types; all queries with these types will be dropped +
Refer to https://0xerr0r.github.io/blocky/configuration/#filtering + schema: + additional_attrs: true + type: dict + attrs: + - variable: queryTypes + label: Query Types + schema: + type: list + default: [] + items: + - variable: queryTypeEntry + label: Query Type Entry + schema: + type: string + required: true + default: "" + - variable: customDNS + group: App Configuration + label: Custom DNS + description: Define your own domain name to IP mappings. +
Refer to https://0xerr0r.github.io/blocky/configuration/#custom-dns + schema: + additional_attrs: true + type: dict + attrs: + - variable: customTTL + label: Custom TTL + schema: + type: string + default: 1h + - variable: filterUnmappedTypes + label: Filter Unmapped Types + schema: + type: boolean + default: true + - variable: rewrite + label: Rewrite + schema: + type: list + default: [] + items: + - variable: rewriteEntry + label: Rewrite Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: in + label: In + schema: + type: string + required: true + default: "" + - variable: out + label: Out + schema: + type: string + required: true + default: "" + - variable: mapping + label: Mapping + schema: + type: list + default: [] + items: + - variable: mappingEntry + label: Mapping Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: domain + label: Domain + schema: + type: string + required: true + default: "" + - variable: dnsserver + label: DNS Server + schema: + type: string + required: true + default: "" + - variable: clientLookup + group: App Configuration + label: Client Lookup + description: Blocky can try to resolve a user-friendly client name from the IP address or server URL (DoT and DoH) +
Refer to https://0xerr0r.github.io/blocky/configuration/#client-name-lookup + schema: + additional_attrs: true + type: dict + attrs: + - variable: upstream + label: Upstream + schema: + type: string + default: "" + - variable: singleNameOrder + label: Single Name Order + schema: + type: list + default: [] + items: + - variable: singleNameEntry + label: Single Name Entry + schema: + type: string + required: true + default: "" + - variable: clients + label: Clients + schema: + type: list + default: [] + items: + - variable: clientEntry + label: Client Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: domain + label: Domain + schema: + type: string + required: true + default: "" + - variable: ips + label: IPs + schema: + type: list + default: [] + items: + - variable: ipEntry + label: IP Entry + schema: + type: string + required: true + default: "" + - variable: caching + group: App Configuration + label: Caching + description: Refer to +
https://0xerr0r.github.io/blocky/configuration/#caching + schema: + additional_attrs: true + type: dict + attrs: + - variable: minTime + label: Min Time + schema: + type: string + default: 5m + - variable: maxTime + label: Max Time + schema: + type: string + default: 30m + - variable: maxItemsCount + label: Max Items Count + schema: + type: int + default: 0 + - variable: prefetching + label: Prefetching + schema: + type: boolean + default: false + - variable: prefetchExpires + label: Prefetch Expires + schema: + type: string + default: 2h + - variable: prefetchThreshold + label: Prefetch Threshold + schema: + type: int + default: 5 + - variable: prefetchMaxItemsCount + label: Prefetch Max Items Count + schema: + type: int + default: 0 + - variable: cacheTimeNegative + label: Cache Time Negative + schema: + type: string + default: 30m + - variable: conditional + group: App Configuration + label: Conditional + description: Define which DNS resolver(s) should be used for queries for the particular domain +
Refer to https://0xerr0r.github.io/blocky/configuration/#conditional-dns-resolution + schema: + additional_attrs: true + type: dict + attrs: + - variable: rewrite + label: Rewrite + schema: + type: list + default: [] + items: + - variable: rewriteEntry + label: Rewrite Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: in + label: In + schema: + type: string + required: true + default: "" + - variable: out + label: Out + schema: + type: string + required: true + default: "" + - variable: mapping + label: Mapping + schema: + type: list + default: [] + items: + - variable: mappingEntry + label: Mapping Entry + schema: + type: dict + additional_attrs: true + attrs: + - variable: domain + label: Domain + schema: + type: string + required: true + default: "" + - variable: dnsserver + label: DNS Server + schema: + type: string + required: true + default: "" + - variable: blocking + group: App Configuration + label: Blocking + description: Each black or whitelist can be either a path to the local file or a URL to download. All Urls must be grouped to a group name. +
Refer to https://0xerr0r.github.io/blocky/configuration/#blocking-and-whitelisting + schema: + additional_attrs: true + type: dict + attrs: + - variable: blockType + label: Block Type + description: Set the response should be sent to the client, if a requested query is blocked + schema: + type: string + default: nxDomain + - variable: blockTTL + label: Block TTL + description: Set the TTL for answers to blocked domains + schema: + type: string + default: 6h + - variable: refreshPeriod + label: Refresh Period + description: Set how often blocky should refresh list cache + schema: + type: string + default: 4h + - variable: downloadTimeout + label: Download Timeout + description: Download attempt timeout + schema: + type: string + default: 60s + - variable: downloadAttempts + label: Download Attempts + description: How many download attempts should be performed + schema: + type: int + default: 3 + - variable: downloadCooldown + label: Download Cooldown + description: Time between the download attempts + schema: + type: string + default: 2s + - variable: startStrategy + label: Start Strategy + description: | + blocking: all blocking lists will be loaded before DNS resolution starts.
+ failOnError: like blocking but blocky will shut down if any download fails.
+ fast: DNS resolution starts immediately without blocking which will be enabled after list load is completed + schema: + type: string + default: blocking + enum: + - value: blocking + description: Blocking + - value: failOnError + description: Fail On Error + - value: fast + description: Fast + - variable: processingConcurrency + label: Processing Concurrency + description: Sets how many list-groups can be processed at the same time + schema: + type: int + default: 4 + - variable: whitelist + label: Whitelist + description: Define whitelists, either URL or file + schema: + type: list + default: [] + items: + - variable: whitelistEntry + label: Whitelist Group Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Group Name + schema: + type: string + required: true + default: "" + - variable: lists + label: Lists + schema: + type: list + required: true + default: [] + items: + - variable: listEntry + label: List Entry + schema: + type: string + required: true + default: "" + - variable: blacklist + label: Blacklist + description: Define blacklists, either URL or file + schema: + type: list + default: [] + items: + - variable: blacklistEntry + label: Blacklist Group Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Group Name + schema: + type: string + required: true + default: "" + - variable: lists + label: Lists + schema: + type: list + required: true + default: [] + items: + - variable: listEntry + label: List Entry + schema: + type: string + required: true + default: "" + - variable: clientGroupsBlock + label: Client Groups Block + description: Define, which blocking group(s) should be used for which client in your network. + schema: + type: list + default: [] + items: + - variable: clientGroupBlockEntry + label: Client Group Block Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Client Group Name + schema: + type: string + required: true + default: "" + - variable: groups + label: Groups + schema: + type: list + required: true + default: [] + items: + - variable: groupEntry + label: Group Entry + schema: + type: string + required: true + default: "" + - variable: hostsFile + group: App Configuration + label: Hosts File + description: You can enable resolving of entries, located in local hosts file. +
Refer to https://0xerr0r.github.io/blocky/configuration/#hosts-file + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filePath + label: File Path + schema: + type: string + default: /etc/hosts + - variable: hostsTTL + label: Hosts TTL + schema: + type: string + default: 60m + - variable: refreshPeriod + label: Refresh Period + schema: + type: string + default: 30m + - variable: queryLog + group: App Configuration + label: Query Logging configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: "" + enum: + - value: "" + description: Console + - value: postgresql + description: postgresql + - value: csv + description: csv + - value: csv-client + description: csv-client + - variable: target + label: Target + schema: + type: string + show_if: [["type", "!=", "postgresql"]] + default: "/var/log/something" + - variable: logRetentionDays + label: Log Retention Days + schema: + type: int + default: 0 + - variable: creationAttempts + label: Creation Attempts + schema: + type: int + default: 3 + - variable: creationCooldown + label: Creation Cooldown + schema: + type: string + default: 2s + - variable: k8sgateway + group: App Configuration + label: k8s-Gateway Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable k8s-Gateway + description: Enables k8s-Gateway + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: domains + label: Domains + description: Please refer to CoreDNS docs for options + schema: + type: list + default: [] + items: + - variable: domainEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: domain + label: Domain name + schema: + type: string + required: true + default: example.com + - variable: dnsChallenge + label: Forward dnsChallenge + description: Optional configuration option for DNS01 challenge that will redirect all acme + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: domain + label: Forward to Domain + schema: + type: string + required: true + default: dns01.clouddns.com + - variable: advancedOptions + label: Advanced Options + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + show_subquestions_if: true + subquestions: + - variable: ttl + label: ttl + description: TTL for non-apex responses (in seconds) + schema: + type: int + default: 300 + - variable: watchedResources + label: Watched Resources + description: imit what kind of resources to watch, e.g. Ingress + schema: + type: list + default: [] + items: + - variable: watchedResource + label: Watched Resource + schema: + type: string + default: "" + - variable: secondary + label: Secondary DNS Server Service + description: Service name of a secondary DNS server (should be serviceName.namespace) + schema: + type: string + default: "" + - variable: apex + label: Apex + description: Override the default `serviceName.namespace` domain apex + schema: + type: string + default: "" + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + + - variable: imagePullSecretList + group: "General Settings" + label: "Image Pull Secrets" + schema: + type: list + default: [] + items: + - variable: pullsecretentry + label: "Pull Secret" + schema: + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + - variable: data + label: Data + schema: + type: dict + additional_attrs: true + attrs: + - variable: registry + label: "Registry" + schema: + type: string + required: true + default: "https://index.docker.io/v1/" + - variable: username + label: "Username" + schema: + type: string + required: true + default: "" + - variable: password + label: "Password" + schema: + type: string + required: true + private: true + default: "" + - variable: email + label: "Email" + schema: + type: string + required: true + default: "" + + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + + - variable: dns + label: DNS Service + description: The DNS service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: dns + label: DNS Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 53 + required: true + - variable: dot + label: DoT Service + description: "DNS-over-TLS service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: ClusterIP + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: dot + label: DoT Port Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + description: This port exposes the container port on the service + schema: + type: int + default: 853 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: Main Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name (Optional) + description: Defaults to chart name + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description (Optional) + description: Defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: icon + label: Icon (Optional) + description: Defaults to chart icon + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + - variable: widget + label: Widget Settings + schema: + type: dict + additional_attrs: true + show_if: [["enabled", "=", true]] + attrs: + - variable: enabled + label: Enable Widget + description: When disabled all widget annotations are skipped. + schema: + type: boolean + default: true + - variable: custom + label: Options + schema: + type: dict + additional_attrs: true + attrs: + - variable: key + label: API-key (key) + schema: + type: string + default: "" + - variable: customkv + label: Custom Options + schema: + type: list + default: [] + items: + - variable: option + label: Option + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + default: "" + required: true + - variable: value + label: Value + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: overrideService + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: namespace + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description + description: defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: 'gpu.intel.com/i915' + label: Add Intel i915 GPUs + schema: + type: int + default: 0 + - variable: 'nvidia.com/gpu' + label: Add NVIDIA GPUs (Experimental) + schema: + type: int + default: 0 + - variable: 'amd.com/gpu' + label: Add AMD GPUs + schema: + type: int + default: 0 + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + + - variable: cnpg + group: Postgresql + label: "CloudNative-PG (CNPG)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Postgresql Database" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hibernate + label: Hibernate + description: "enable to safely hibernate and shutdown the postgresql cluster" + schema: + type: boolean + default: false + - variable: mode + label: Mode + description: 'Cluster mode of operation. Available modes: standalone - default mode. Creates new or updates an existing CNPG cluster. recovery - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup replica - Creates a replica cluster from an existing CNPG cluster. # TODO.' + schema: + type: string + default: "standalone" + enum: + - value: standalone + description: standalone + - value: replica + description: replica + - value: recovery + description: recovery + - variable: cluster + label: "Cluster Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 1 + - variable: singleNode + label: singleNode + schema: + type: boolean + default: true + hidden: true + - variable: storage + label: "Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: walStorage + label: "WAL Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: monitoring + label: "Monitoring Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enablePodMonitor + label: "enablePodMonitor" + schema: + type: boolean + default: true + - variable: disableDefaultQueries + label: "disableDefaultQueries" + schema: + type: boolean + default: false + - variable: pooler + label: "Pooler Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + - variable: instances + label: Instances + schema: + type: int + show_if: [["enabled", "=", true]] + default: 1 + - variable: createRO + label: "Create ReadOnly Instance" + schema: + type: boolean + show_if: [["enabled", "=", true]] + default: false + - variable: backups + label: "Backup Settings (Experimental)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + - variable: serverName + label: "serverName" + schema: + type: string + default: "" + - variable: revision + label: "serverName" + schema: + type: int + - variable: endpointURL + label: "endpointURL" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: destinationPath + label: "destinationPath" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: retentionPolicy + label: "retentionPolicy" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "30d" + - variable: provider + label: "provider" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "s3" + enum: + - value: s3 + description: S3 + - value: azure + description: Azure + - value: google + description: Google + - variable: s3 + label: "s3" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "s3"]] + attrs: + - variable: region + label: "region" + schema: + type: string + default: "" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: accessKey + label: "accessKey" + schema: + type: string + default: "" + - variable: secretKey + label: "secretKey" + schema: + type: string + default: "" + - variable: azure + label: "azure (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "azure"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: connectionString + label: "connectionString" + schema: + type: string + default: "" + - variable: storageAccount + label: "storageAccount" + schema: + type: string + default: "" + - variable: storageKey + label: "storageKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageSasToken + label: "storageSasToken" + schema: + type: string + default: "" + - variable: containerName + label: "containerName" + schema: + type: string + default: "" + - variable: serviceName + label: "serviceName" + schema: + type: string + default: "blob" + - variable: inheritFromAzureAD + label: "inheritFromAzureAD" + schema: + type: boolean + default: false + - variable: google + label: "google (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "google"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: gkeEnvironment + label: "gkeEnvironment" + schema: + type: string + default: "" + - variable: applicationCredentials + label: "applicationCredentials" + schema: + type: string + default: "" + - variable: recovery + label: "Recovery Settings (Experimental)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + - variable: serverName + label: "serverName" + schema: + type: string + default: "" + - variable: revision + label: "serverName" + schema: + type: int + - variable: endpointURL + label: "endpointURL" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: method + label: "method" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "object_store" + - variable: backupName + label: "backupName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: provider + label: "provider" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "s3" + enum: + - value: s3 + description: S3 + - value: azure + description: Azure + - value: google + description: Google + - variable: s3 + label: "s3" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "s3"]] + attrs: + - variable: region + label: "region" + schema: + type: string + default: "" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: accessKey + label: "accessKey" + schema: + type: string + default: "" + - variable: secretKey + label: "secretKey" + schema: + type: string + default: "" + - variable: azure + label: "azure (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "azure"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: connectionString + label: "connectionString" + schema: + type: string + default: "" + - variable: storageAccount + label: "storageAccount" + schema: + type: string + default: "" + - variable: storageKey + label: "storageKey" + schema: + type: string + default: "" + - variable: storageSasToken + label: "storageSasToken" + schema: + type: string + default: "" + - variable: containerName + label: "containerName" + schema: + type: string + default: "" + - variable: serviceName + label: "serviceName" + schema: + type: string + default: "blob" + - variable: inheritFromAzureAD + label: "inheritFromAzureAD" + schema: + type: boolean + default: false + - variable: google + label: "google (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "google"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: gkeEnvironment + label: "gkeEnvironment" + schema: + type: string + default: "" + - variable: applicationCredentials + label: "applicationCredentials" + schema: + type: string + default: "" + + - variable: metrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + + - variable: prometheusRule + label: PrometheusRule + description: Enable and configure Prometheus Rules for the App. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + # TODO: Rule List section + +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: ingress + label: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true + diff --git a/premium/blocky/14.3.5/templates/NOTES.txt b/premium/blocky/14.3.5/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/premium/blocky/14.3.5/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/premium/blocky/14.3.5/templates/_blockyConfig.tpl b/premium/blocky/14.3.5/templates/_blockyConfig.tpl new file mode 100644 index 00000000000..b35491645ac --- /dev/null +++ b/premium/blocky/14.3.5/templates/_blockyConfig.tpl @@ -0,0 +1,231 @@ +{{/* Define the config */}} +{{- define "blocky.configmap" -}} +{{- $config := mustMerge ( include "blocky.config" . | fromYaml ) ( .Values.blockyConfig ) }} +enabled: true +data: + config.yml: | +{{ $config | toYaml | indent 4 }} +{{- end -}} + +{{- define "blocky.config" -}} +redis: + address: {{ printf "%v-%v" .Release.Name "redis" }}:6379 + password: {{ .Values.redis.creds.redisPassword | trimAll "\"" }} + database: 0 + required: true + connectionAttempts: 10 + connectionCooldown: 3s +prometheus: + enable: true + path: /metrics +queryLog: + # optional one of: postgresql, csv, csv-client. If empty, log to console + type: {{ .Values.queryLog.type }} + # directory (should be mounted as volume in docker) for csv, db connection string for mysql/postgresql + #postgresql target: postgres://user:password@db_host_or_ip:5432/db_name + {{- if eq .Values.queryLog.type "postgresql" }} + target: {{ .Values.cnpg.main.creds.std }} + {{- else }} + target: {{ .Values.queryLog.target }} + {{- end }} + # if > 0, deletes log files which are older than ... days + logRetentionDays: {{ .Values.queryLog.logRetentionDays | default 0 }} + # optional: Max attempts to create specific query log writer + creationAttempts: {{ .Values.queryLog.creationAttempts | default 3 }} + # optional: Time between the creation attempts + creationCooldown: {{ .Values.queryLog.creationAttempts | default "2s" }} + +upstream: + default: +{{- .Values.defaultUpstreams | toYaml | nindent 8 }} +{{- range $id, $value := .Values.upstreams }} + {{ $value.name }}: +{{- $value.dnsservers | toYaml | nindent 8 }} +{{- end }} + +ports: + {{- if .Values.service.dns.enabled }} + dns: {{ .Values.service.dns.ports.dns.targetPort }} + {{- end }} + {{- if .Values.service.dot.enabled }} + tls: {{ .Values.service.dot.ports.dot.targetPort }} + {{- end }} + {{- if .Values.service.main.enabled }} + http: {{ .Values.service.main.ports.main.targetPort }} + {{- end }} + {{- if .Values.service.https.enabled }} + https: {{ .Values.service.https.ports.https.targetPort }} + {{- end }} + +{{- if .Values.certFile }} +certFile: {{ .Values.certFile }} +{{- end }} + +{{- if .Values.keyFile }} +keyFile: {{ .Values.keyFile }} +{{- end }} + +log: + {{- if .Values.logLevel }} + level: {{ .Values.logLevel }} + {{- end }} + {{- if .Values.logTimestamp }} + timestamp: {{ .Values.logTimestamp }} + {{- end }} + {{- if .Values.logPrivacy }} + privacy: {{ .Values.logPrivacy }} + {{- end }} + +{{- if .Values.dohUserAgent }} +dohUserAgent: {{ .Values.dohUserAgent }} +{{- end }} + +{{- if .Values.minTlsServeVersion }} +minTlsServeVersion: {{ .Values.minTlsServeVersion }} +{{- end }} + +caching: +{{ toYaml .Values.caching | indent 2 }} + +{{- if .Values.hostsFile.enabled }} +{{ $hostsfile := omit .Values.hostsFile "enabled" }} +hostsFile: +{{ toYaml $hostsfile | indent 2 }} +{{- end }} + +{{- if or .Values.bootstrapDns.upstream .Values.bootstrapDns.ips }} +bootstrapDns: + {{- if .Values.bootstrapDns.upstream }} + - upstream: {{ .Values.bootstrapDns.upstream }} + {{- end }} + {{- if .Values.bootstrapDns.ips }} + ips: + {{- range $id, $value := .Values.bootstrapDns.ips }} + - {{ $value }} + {{- end }} + {{- end }} + {{/* Add additional Bootstrap DNS */}} + {{- range .Values.additionalBootstrapDns }} + {{- with .upstream }} + - upstream: {{ . }} + {{- end }} + {{- if .ips }} + ips: + {{- range $id, $value := .ips }} + - {{ $value }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} + +{{- if or .Values.filtering.filtering }} +filtering: +{{- if .Values.filtering.ips }} + queryTypes: +{{- range $id, $value := .Values.filtering.ips }} + - {{ $value }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.customDNS.filterUnmappedTypes .Values.customDNS.customTTL .Values.customDNS.rewrite .Values.customDNS.mapping }} +customDNS: +{{- if .Values.customDNS.upstream }} + upstream: {{ .Values.customDNS.upstream }} +{{- end }} +{{- if .Values.customDNS.customTTL }} + customTTL: {{ .Values.customDNS.customTTL }} +{{- end }} +{{- if .Values.customDNS.rewrite }} + rewrite: +{{- range $id, $value := .Values.customDNS.rewrite }} + {{ $value.in }}: {{ $value.out }} +{{- end }} +{{- end }} + +{{- if .Values.customDNS.mapping }} + mapping: +{{- range $id, $value := .Values.customDNS.mapping }} + {{ $value.domain }}: {{ $value.dnsserver }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.clientLookup.upstream .Values.clientLookup.ips }} +clientLookup: +{{- if .Values.clientLookup.upstream }} + upstream: {{ .Values.clientLookup.upstream }} +{{- end }} +{{- if .Values.clientLookup.ips }} + singleNameOrder: +{{- range $id, $value := .Values.clientLookup.ips }} + - {{ $value }} +{{- end }} +{{- end }} +{{- if .Values.clientLookup.clients }} + clients: +{{- range $id, $value := .Values.clientLookup.clients }} + {{ $value.domain }}: + {{- range $id, $value := .ips }} + - {{ $value }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- if or .Values.conditional.rewrite .Values.conditional.mapping ( and .Values.k8sgateway.enabled .Values.k8sgateway.domains ) }} +conditional: +{{- if .Values.conditional.rewrite }} + rewrite: +{{- range $id, $value := .Values.conditional.rewrite }} + {{ $value.in }}: {{ $value.out }} +{{- end }} +{{- end }} + +{{- if or .Values.conditional.mapping ( and .Values.k8sgateway.enabled .Values.k8sgateway.domains ) }} + mapping: +{{- if and .Values.k8sgateway.enabled .Values.k8sgateway.domains }} +{{- range $id, $value := .Values.k8sgateway.domains }} + {{ .domain }}: 127.0.0.1:{{ $.Values.service.k8sgateway.ports.k8sgateway.targetPort }} +{{- end }} +{{- end }} +{{- range $id, $value := .Values.conditional.mapping }} + {{ $value.domain }}: {{ $value.dnsserver }} +{{- end }} +{{- end }} +{{- end }} + +blocking: + blockType: {{ .Values.blocking.blockType }} + blockTTL: {{ .Values.blocking.blockTTL }} + refreshPeriod: {{ .Values.blocking.refreshPeriod }} + downloadTimeout: {{ .Values.blocking.downloadTimeout }} + downloadAttempts: {{ .Values.blocking.downloadAttempts }} + downloadCooldown: {{ .Values.blocking.downloadCooldown }} + startStrategy: {{ .Values.blocking.startStrategy }} + processingConcurrency: {{ .Values.blocking.processingConcurrency }} +{{- if .Values.blocking.whitelist }} + whiteLists: +{{- range $id, $value := .Values.blocking.whitelist }} + {{ $value.name }}: +{{- $value.lists | toYaml | nindent 10 }} +{{- end }} +{{- end }} + +{{- if .Values.blocking.blacklist }} + blackLists: +{{- range $id, $value := .Values.blocking.blacklist }} + {{ $value.name }}: +{{- $value.lists | toYaml | nindent 10 }} +{{- end }} +{{- end }} + +{{- if .Values.blocking.clientGroupsBlock }} + clientGroupsBlock: +{{- range $id, $value := .Values.blocking.clientGroupsBlock }} + {{ $value.name }}: +{{- $value.groups | toYaml | nindent 10 }} +{{- end }} +{{- end }} + +{{- end -}} diff --git a/premium/blocky/14.3.5/templates/_k8sgateway.tpl b/premium/blocky/14.3.5/templates/_k8sgateway.tpl new file mode 100644 index 00000000000..463923f85da --- /dev/null +++ b/premium/blocky/14.3.5/templates/_k8sgateway.tpl @@ -0,0 +1,90 @@ +{{- define "k8sgateway.container" -}} +enabled: true +imageSelector: k8sgatewayImage +securityContext: + runAsUser: 0 + runAsGroup: 0 + readOnlyRootFilesystem: true +args: ["-conf", "/etc/coredns/Corefile"] +probes: + readiness: + enabled: true + path: /ready + port: 8181 + liveness: + enabled: true + path: /health + port: 8080 + startup: + enabled: true + path: /ready + port: 8181 +{{- end -}} + +{{/* +Create the matchable regex from domain +*/}} +{{- define "k8sgateway.configmap.regex" -}} +{{- if .dnsChallenge.domain }} +{{- .dnsChallenge.domain | replace "." "[.]" -}} +{{- else -}} + {{ "unset" }} +{{- end }} +{{- end -}} + +{{/* Define the configmap */}} +{{- define "k8sgateway.configmap" -}} +{{- $values := .Values.k8sgateway }} +{{- $fqdn := ( include "tc.v1.common.lib.chart.names.fqdn" . ) }} +enabled: true +data: + Corefile: | + .:{{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }} { + errors + log + health { + lameduck 5s + } + ready + {{- range .Values.k8sgateway.domains }} + {{- if .dnsChallenge.enabled }} + {{- if not .dnsChallenge.domain -}} + {{- fail "DNS01 challenge domain is mandatory" -}} + {{- end }} + + template IN ANY {{ required "Delegated domain ('domain') is mandatory" .domain }} { + match "_acme-challenge[.](.*)[.]{{ include "k8sgateway.configmap.regex" . }}" + {{- $name := "{{ \"{{ .Name }}\" }}" }} + {{- $index := "{{ \"{{ index .Match 1 }}\" }}" }} + answer "{{ $name }} 5 IN CNAME {{ $index }}.{{ .dnsChallenge.domain }}" + fallthrough + } + {{- end }} + {{- end }} + k8s_gateway {{ range .Values.k8sgateway.domains }}"{{ required "Delegated domain ('domain') is mandatory " .domain }}"{{ end }} { + apex {{ $values.apex | default $fqdn }} + ttl {{ $values.ttl }} + {{- if $values.secondary }} + secondary {{ $values.secondary }} + {{- end }} + {{- if $values.watchedResources }} + resources {{ join " " $values.watchedResources }} + {{- end }} + fallthrough + } + + prometheus 0.0.0.0:9153 + {{- if .Values.k8sgateway.forward.enabled }} + forward . {{ .Values.k8sgateway.forward.primary }} {{ .Values.k8sgateway.forward.secondary }} { + {{- range .Values.k8sgateway.forward.options }} + {{ .name }} {{ .value }} + {{- end }} + } + {{- else }} + forward . 1.1.1.1 + {{- end }} + loop + reload + loadbalance + } +{{- end -}} diff --git a/premium/blocky/14.3.5/templates/common.yaml b/premium/blocky/14.3.5/templates/common.yaml new file mode 100644 index 00000000000..310ef64af8f --- /dev/null +++ b/premium/blocky/14.3.5/templates/common.yaml @@ -0,0 +1,106 @@ +{{/* Make sure all variables are set properly */}} +{{- if eq .Values.queryLog.type "postgresql" -}} + {{- $_ := set .Values.cnpg.main "enabled" true -}} +{{- end }} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render configmap for blocky */}} +{{- $configmapFile := include "blocky.configmap" . | fromYaml -}} +{{- if $configmapFile -}} + {{- $_ := set .Values.configmap "config" $configmapFile -}} +{{- end -}} + +{{- $gatewayconfig := include "k8sgateway.configmap" . | fromYaml -}} +{{- if $gatewayconfig -}} + {{- $_ := set .Values.configmap "corefile" $gatewayconfig -}} +{{- end -}} + +{{/* Always mount the configmap, with the basic config, plus the 'blockyConfig' */}} +{{- define "blocky.configmap.mount" -}} +enabled: true +type: configmap +mountPath: /app/config.yml +objectName: config +readOnly: true +subPath: config.yml +{{- end -}} + +{{/* Append the general configMap volume to the volumes */}} +{{- define "k8sgateway.configvolume" -}} +enabled: true +type: configmap +objectName: corefile +items: + - key: Corefile + path: Corefile +targetSelector: + main: + k8sgateway: + mountPath: "/etc/coredns" + readOnly: true + +{{- end -}} + +{{- $_ := set .Values.persistence "tc-config" (include "blocky.configmap.mount" . | fromYaml) -}} + +{{- if and .Values.k8sgateway.enabled .Values.k8sgateway.domains -}} +{{- $_ := set .Values.persistence "config-volume" (include "k8sgateway.configvolume" . | fromYaml) -}} +{{- $_ := set .Values.workload.main.podSpec.containers "k8sgateway" (include "k8sgateway.container" . | fromYaml) -}} +{{- end -}} + +{{/* Define path for api */}} +{{- define "blocky.api" -}} +{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" . -}} +path: "/api" +# -- Ignored if not kubeVersion >= 1.14-0 +pathType: Prefix +service: + # -- Overrides the service name reference for this path + name: {{ printf "%s-main" $fullname }} + port: {{ .Values.service.main.ports.main.port }} +{{- end -}} + +{{/* inject websocket path to all main ingress hosts*/}} +{{- define "blocky.apiinjector" -}} +{{- $path := list (include "blocky.api" . | fromYaml) -}} +{{- if .Values.ingress.main.enabled }} +{{- range .Values.ingress.main.hosts }} +{{- $newpaths := list }} +{{- $newpaths := concat .paths $path }} +{{- $_ := set . "paths" ( deepCopy $newpaths ) -}} +{{- end }} +{{- end }} +{{- end -}} + +{{/* inject api paths in ingress */}} +{{- include "blocky.apiinjector" . }} + +{{/* Define path for DoH */}} +{{- define "blocky.doh" -}} +{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" . -}} +path: "/dns-query" +# -- Ignored if not kubeVersion >= 1.14-0 +pathType: Prefix +service: + # -- Overrides the service name reference for this path + name: {{ printf "%s-main" $fullname }} + port: {{ .Values.service.main.ports.main.port }} +{{- end -}} + +{{/* inject websocket path to all main ingress hosts*/}} +{{- define "blocky.dohinjector" -}} +{{- $path := list (include "blocky.doh" . | fromYaml) -}} +{{- if .Values.ingress.main.enabled }} +{{- range .Values.ingress.main.hosts }} +{{- $newpaths := list }} +{{- $newpaths := concat .paths $path }} +{{- $_ := set . "paths" ( deepCopy $newpaths ) -}} +{{- end }} +{{- end }} +{{- end -}} + +{{/* inject api paths in ingress */}} +{{- include "blocky.dohinjector" . }} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/premium/blocky/14.3.5/values.yaml b/premium/blocky/14.3.5/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/premium/blocky/item.yaml b/premium/blocky/item.yaml new file mode 100644 index 00000000000..6431d31877c --- /dev/null +++ b/premium/blocky/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png +categories: + - network +screenshots: [] diff --git a/premium/clusterissuer/7.5.3/.helmignore b/premium/clusterissuer/7.5.3/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/premium/clusterissuer/7.5.3/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/premium/clusterissuer/7.5.3/CHANGELOG.md b/premium/clusterissuer/7.5.3/CHANGELOG.md new file mode 100644 index 00000000000..379132cc0c3 --- /dev/null +++ b/premium/clusterissuer/7.5.3/CHANGELOG.md @@ -0,0 +1,17 @@ +--- +title: Changelog +--- + + +*for the complete changelog, please refer to the website* + +**Important:** + + +## [clusterissuer-7.5.3](https://github.com/truecharts/charts/compare/clusterissuer-7.5.2...clusterissuer-7.5.3) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/clusterissuer/7.5.3/Chart.yaml b/premium/clusterissuer/7.5.3/Chart.yaml new file mode 100644 index 00000000000..d49a90f577a --- /dev/null +++ b/premium/clusterissuer/7.5.3/Chart.yaml @@ -0,0 +1,37 @@ +annotations: + max_scale_version: 24.04.0 + min_scale_version: 23.10.0 + truecharts.org/SCALE-support: "true" + truecharts.org/category: core + truecharts.org/max_helm_version: "3.14" + truecharts.org/min_helm_version: "3.12" + truecharts.org/train: premium +apiVersion: v2 +appVersion: latest +dependencies: + - name: common + version: 20.0.9 + repository: oci://tccr.io/truecharts + condition: "" + alias: "" + tags: [] + import-values: [] +deprecated: false +description: Certificate management for Kubernetes +home: https://truecharts.org/charts/premium/clusterissuer +icon: https://truecharts.org/img/hotlink-ok/chart-icons/clusterissuer.png +keywords: + - cert-manager + - certificates +kubeVersion: '>=1.24.0-0' +maintainers: + - name: TrueCharts + email: info@truecharts.org + url: https://truecharts.org +name: clusterissuer +sources: + - https://cert-manager.io/ + - https://github.com/truecharts/charts/tree/master/charts/premium/clusterissuer + - https://hub.docker.com/_/hello-world +type: application +version: 7.5.3 diff --git a/premium/clusterissuer/7.5.3/README.md b/premium/clusterissuer/7.5.3/README.md new file mode 100644 index 00000000000..626fef0a05e --- /dev/null +++ b/premium/clusterissuer/7.5.3/README.md @@ -0,0 +1,28 @@ +--- +title: README +--- + +## General Info + +TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/clusterissuer) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +_All Rights Reserved - The TrueCharts Project_ diff --git a/premium/clusterissuer/7.5.3/app-changelog.md b/premium/clusterissuer/7.5.3/app-changelog.md new file mode 100644 index 00000000000..6e912a5e371 --- /dev/null +++ b/premium/clusterissuer/7.5.3/app-changelog.md @@ -0,0 +1,9 @@ + + +## [clusterissuer-7.5.3](https://github.com/truecharts/charts/compare/clusterissuer-7.5.2...clusterissuer-7.5.3) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/clusterissuer/7.5.3/app-readme.md b/premium/clusterissuer/7.5.3/app-readme.md new file mode 100644 index 00000000000..da6fe3111af --- /dev/null +++ b/premium/clusterissuer/7.5.3/app-readme.md @@ -0,0 +1,8 @@ +Certificate management for Kubernetes + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/clusterissuer](https://truecharts.org/charts/premium/clusterissuer) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/premium/clusterissuer/7.5.3/charts/common-20.0.9.tgz b/premium/clusterissuer/7.5.3/charts/common-20.0.9.tgz new file mode 100644 index 00000000000..41a62ef2dc2 Binary files /dev/null and b/premium/clusterissuer/7.5.3/charts/common-20.0.9.tgz differ diff --git a/premium/clusterissuer/7.5.3/ix_values.yaml b/premium/clusterissuer/7.5.3/ix_values.yaml new file mode 100644 index 00000000000..7d18cf8a5c1 --- /dev/null +++ b/premium/clusterissuer/7.5.3/ix_values.yaml @@ -0,0 +1,104 @@ +image: + repository: hello-world + tag: latest@sha256:d000bc569937abbe195e20322a0bde6b2922d805332fd6d8a68b19f524b7d21d + pullPolicy: IfNotPresent +manifestManager: + enabled: true +workload: + main: + enabled: false + podSpec: + containers: + main: + enabled: false + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false +service: + main: + enabled: false + ports: + main: + enabled: false + port: 9999 +portal: + open: + enabled: false +operator: + verify: + additionalOperators: + - cert-manager + enabled: true + failOnError: false +clusterIssuer: + selfSigned: + enabled: true + name: "selfsigned" + CA: [] + # - name: myca + # selfSigned: true + # selfSignedCommonName: "my-selfsigned-ca" + # # Used to manually define a CA-crt not used when selfSigned is enabled + # crt: "" + # key: "" + # # TODO: Add option to use SCALE CA certs + + ACME: [] +# - name: letsencrypt +# # Used for both logging in to the DNS provider AND ACME registration +# email: "" +# server: 'https://acme-staging-v02.api.letsencrypt.org/directory' +# # Used primarily for the SCALE GUI +# customServer: 'https://acme-staging-v02.api.letsencrypt.org/directory' +# email: "" +# # Options: HTTP01, cloudflare, route53, akamai, digitalocean, rfc2136, acmedns +# type: "" +# # for cloudflare +# cfapikey: "" +# cfapitoken: "" +# # for route53 +# region: "" +# accessKeyID: "" +# route53SecretAccessKey: "" +# # optional for route53 +# role: "" +# # for akamai +# serviceConsumerDomain: "" +# akclientToken: "" +# akclientSecret: "" +# akaccessToken: "" +# # for digitalocean +# doaccessToken: "" +# # for rfc2136 +# nameserver: "" +# tsigKeyName: "" +# tsigAlgorithm: "" +# rfctsigSecret: "" +# # for acmedns +# name: sd +# acmednsHost: asdf +# # Pick one of the bellow acmednsConfig +# acmednsConfigJson: +# acmednsConfig: +# - domain: "" +# username: "" +# password: "" +# fulldomain: "" +# subdomain: "" +# allowFrom: [] + +clusterCertificates: + # Namespaces in which the certificates must be available + # Accepts comma-separated regex expressions + # replicationNamespaces: 'ix-.*' + certificates: [] + # - name: mycert + # enabled: true + # certificateIssuer: selfsigned + # hosts: + # - my.domain.com + # - '*.my.domain.com' diff --git a/premium/clusterissuer/7.5.3/questions.yaml b/premium/clusterissuer/7.5.3/questions.yaml new file mode 100755 index 00000000000..135235ae000 --- /dev/null +++ b/premium/clusterissuer/7.5.3/questions.yaml @@ -0,0 +1,446 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Backup Configuration + description: Configure Velero Backup Schedule + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation + +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + + - variable: clusterIssuer + group: App Configuration + label: Cluster Certificate Issuer + schema: + additional_attrs: true + type: dict + attrs: + - variable: ACME + label: 'ACME Issuer' + schema: + type: list + default: [] + items: + - variable: ACMEEntry + label: 'ACME Issuer Entry' + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: "Name to give the issuer" + schema: + type: string + required: true + valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$' + default: "" + - variable: type + label: Type or DNS-Provider + description: DNS Provider + schema: + type: string + default: cloudflare + enum: + - value: cloudflare + description: Cloudflare + - value: route53 + description: Route53 + - value: akamai + description: Akamai + - value: digitalocean + description: Digitalocean + - value: rfc2136 + description: rfc2136 (Advanced) + - value: HTTP01 + description: HTTP01 (Experimental) + - value: acmedns + description: ACME DNS (Advanced) + - variable: server + label: Server + description: "Server for ACME, for example: letsencrypt" + schema: + type: string + default: 'Letsencrypt-Production' + enum: + - value: 'https://acme-v02.api.letsencrypt.org/directory' + description: Letsencrypt-Production + - value: 'https://acme-staging-v02.api.letsencrypt.org/directory' + description: Letsencrypt-Staging + - value: 'https://api.buypass.no/acme-v02/directory' + description: BuyPass-Production + - value: 'https://api.test4.buypass.no/acme-v02/directory' + description: BuyPass-Staging + - value: custom + description: Custom + - variable: customServer + label: Custom ACME Server (Advanced) + description: "This can be used to enter your own custom ACME server" + schema: + type: string + show_if: [["server", "=", "custom"]] + default: 'https://acme-staging-v02.api.letsencrypt.org/directory' + - variable: caBundle + label: Trusted CABundle for private ACME server + description: "Trusted CABundle for private ACME server, encoded in base64" + schema: + type: string + show_if: [["server", "=", "custom"]] + - variable: email + label: Email + description: "Email adress to use for certificate issuing must match your DNS provider email when required" + schema: + type: string + required: true + default: "something@example.com" + - variable: cfapikey + label: CloudFlare API key + description: "CloudFlare API Key" + schema: + show_if: [["type", "=", "cloudflare"]] + type: string + default: "" + - variable: cfapitoken + label: CloudFlare API Token + description: "CloudFlare API Token" + schema: + show_if: [["type", "=", "cloudflare"]] + type: string + default: "" + - variable: region + label: Route53 Region + description: "Route 53 Region" + schema: + show_if: [["type", "=", "route53"]] + type: string + required: true + default: "us-west-1" + - variable: accessKeyID + label: Route53 accessKeyID + description: "Route53 accessKeyID" + schema: + show_if: [["type", "=", "route53"]] + type: string + required: true + default: "" + - variable: route53SecretAccessKey + label: Route53 Secret Access Key + description: "Route53 Secret Access Key" + schema: + show_if: [["type", "=", "route53"]] + type: string + required: true + default: "" + - variable: role + label: Route53 Role (optional) + description: "Route53 Role" + schema: + show_if: [["type", "=", "route53"]] + type: string + default: "" + - variable: serviceConsumerDomain + label: Akamai Service Consumer Domain + description: "Akamai Service Consumer Domain" + schema: + show_if: [["type", "=", "akamai"]] + type: string + required: true + default: "" + - variable: akclientToken + label: Akamai Client Token + description: "Client Token" + schema: + show_if: [["type", "=", "akamai"]] + type: string + required: true + default: "" + - variable: akclientSecret + label: Akamai Client Secret + description: "Akamai Client Secret" + schema: + show_if: [["type", "=", "akamai"]] + type: string + required: true + default: "" + - variable: akaccessToken + label: Akamai Access Token + description: "Akamai Access Token" + schema: + show_if: [["type", "=", "akamai"]] + type: string + required: true + default: "" + - variable: doaccessToken + label: Digitalocean Access Token + description: "Digitalocean Access Token" + schema: + show_if: [["type", "=", "digitalocean"]] + type: string + required: true + default: "" + - variable: nameserver + label: rfc2136 Namesever + description: "rfc2136 Namesever" + schema: + show_if: [["type", "=", "rfc2136"]] + type: string + required: true + default: "" + - variable: tsigKeyName + label: rfc2136 tsig Key Name + description: "rfc2136 tsig Key Name" + schema: + show_if: [["type", "=", "rfc2136"]] + type: string + required: true + default: "" + - variable: tsigAlgorithm + label: rfc2136 tsig Algorithm + description: "rfc2136 tsig Algorithm" + schema: + show_if: [["type", "=", "rfc2136"]] + type: string + required: true + default: "" + - variable: rfctsigSecret + label: rfc2136 sig Secret + description: "rfc2136 sig Secret" + schema: + show_if: [["type", "=", "rfc2136"]] + type: string + required: true + default: "" + - variable: acmednsHost + label: ACME DNS host + description: "ACME DNS API server address" + schema: + show_if: [["type", "=", "acmedns"]] + type: string + required: true + default: "https://auth.acme-dns.io" + - variable: acmednsConfig + label: ACME DNS config + description: "ACME DNS per-domain auth configuration" + schema: + show_if: [["type", "=", "acmedns"]] + type: list + default: [] + items: + - variable: acmednsEntry + label: 'ACME DNS entry' + schema: + type: dict + attrs: + - variable: domain + label: Domain + schema: + type: string + required: true + - variable: username + label: Username + schema: + type: string + required: true + - variable: password + label: Password + schema: + type: string + required: true + - variable: fulldomain + label: Full domain + schema: + type: string + required: true + - variable: subdomain + label: Subdomain + schema: + type: string + required: true + - variable: allowFrom + label: Allow from + schema: + type: list + default: [] + items: + - variable: cidr + label: CIDR + schema: + type: ipaddr + cidr: true + required: true + - variable: CA + label: Certificate Authority Issuer + schema: + type: list + default: [] + items: + - variable: CAEntry + label: 'CA Issuer Entry' + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: "Name to give the issuer" + schema: + type: string + required: true + valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$' + default: "" + - variable: selfSigned + label: selfSigned + description: "Create Self Signed CA cert" + schema: + type: boolean + default: true + - variable: selfSignedCommonName + label: selfSigned CommonName + description: "Common name for selfSigned Certiticate Authority" + schema: + type: string + required: true + show_if: [["selfSigned", "=", true]] + default: "my-selfsigned-ca" + - variable: crt + label: "Custom CA cert (experimental)" + description: "certificate for Certiticate Authority" + schema: + type: string + required: true + max_length: 10240 + show_if: [["selfSigned", "=", false]] + default: "" + - variable: key + label: "Custom CA key (experimental)" + description: "key Certiticate Authority" + schema: + type: string + required: true + max_length: 10240 + show_if: [["selfSigned", "=", false]] + default: "" + - variable: selfSigned + label: 'SelfSigned Issuer' + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + description: "Enable self-signed issuer" + schema: + type: boolean + default: true + - variable: name + label: Name + description: "Name to give the issuer" + schema: + type: string + required: true + valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$' + default: "selfsigned" + - variable: clusterCertificates + group: App Configuration + label: Cluster Wide Certificates (Advanced) + description: "Creates certificates for use within the entire cluster. Can be used to create wildcard certificates." + schema: + additional_attrs: true + type: dict + attrs: + - variable: certificates + label: Cluster Certificates + schema: + type: list + default: [] + items: + - variable: CertEntry + label: 'Certificate Entry' + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + - variable: name + label: Certificate Name + schema: + type: string + required: true + default: "" + - variable: certificateIssuer + label: Cert-Manager clusterIssuer + description: "One of the Cert-Manager clusterIssuers defined above" + schema: + type: string + required: true + valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$' + default: "selfsigned" + - variable: hosts + label: Certificate Hosts + description: "NOTE: Creation of wildcard certificates with an ACME issuer requires a DNSO1 solver to be set up." + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: customMetrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: true diff --git a/premium/clusterissuer/7.5.3/templates/NOTES.txt b/premium/clusterissuer/7.5.3/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/premium/clusterissuer/7.5.3/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/premium/clusterissuer/7.5.3/templates/clusterissuer/_ACME.tpl b/premium/clusterissuer/7.5.3/templates/clusterissuer/_ACME.tpl new file mode 100644 index 00000000000..e49a071c590 --- /dev/null +++ b/premium/clusterissuer/7.5.3/templates/clusterissuer/_ACME.tpl @@ -0,0 +1,128 @@ +{{- define "certmanager.clusterissuer.acme" -}} +{{- $operator := index $.Values.operator "cert-manager" -}} +{{- $namespace := $operator.namespace | default "cert-manager" -}} + +{{- $rfctsigSecret := .rfctsigSecret | default "" -}} +{{/* https://cert-manager.io/docs/configuration/acme/dns01/rfc2136/#troubleshooting */}} +{{- if $rfctsigSecret -}} {{/* If we try to decode and fail, go on and encode it. */}} + {{- if (contains "illegal base64" (b64dec $rfctsigSecret)) -}} + {{- $rfctsigSecret = b64enc $rfctsigSecret -}} + {{- end -}} +{{- end -}} + +{{- range .Values.clusterIssuer.ACME }} + {{- if or (not .name) (not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name)) -}} + {{- fail "ACME - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}} + {{- end -}} + {{- $validTypes := list "HTTP01" "cloudflare" "route53" "digitalocean" "akamai" "rfc2136" "acmedns" -}} + {{- if not (mustHas .type $validTypes) -}} + {{- fail (printf "Expected ACME type to be one of [%s], but got [%s]" (join ", " $validTypes) .type) -}} + {{- end -}} + {{- $issuerSecretName := printf "%s-clusterissuer-secret" .name }} + {{- $acmednsDict := dict -}} + {{- if and (eq .type "acmedns") (not .acmednsConfigJson) }} + {{- range .acmednsConfig }} + {{/* Transform to a dict with domain as a key, also remove domain from the dict */}} + {{- $_ := set $acmednsDict .domain (omit . "domain") -}} + {{- end }} + {{- end }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .name }} +spec: + acme: + email: {{ .email }} + server: {{ if eq .server "custom" }}{{ .customServer }}{{ else }}{{ .server }}{{ end }} + {{- if .caBundle }} + caBundle: {{ .caBundle }} + {{- end }} + privateKeySecretRef: + name: {{ .name }}-acme-clusterissuer-account-key + solvers: + {{- if eq .type "HTTP01" }} + - http01: + ingress: {} + {{- else }} + - dns01: + {{- if eq .type "cloudflare" }} + cloudflare: + email: {{ .email }} + {{- if .cfapitoken }} + apiTokenSecretRef: + name: {{ $issuerSecretName }} + key: cf-api-token + {{- else if .cfapikey }} + apiKeySecretRef: + name: {{ $issuerSecretName }} + key: cf-api-key + {{- else -}} + {{- fail "A cloudflare API key or token is required" -}} + {{- end -}} + {{- else if eq .type "route53" }} + route53: + region: {{ .region }} + accessKeyID: {{ .accessKeyID }} + {{- if .role }} + role: {{ .role }} + {{- end }} + secretAccessKeySecretRef: + name: {{ $issuerSecretName }} + key: route53-secret-access-key + {{- else if eq .type "akamai" }} + akamai: + serviceConsumerDomain: {{ .serviceConsumerDomain }} + clientTokenSecretRef: + name: {{ $issuerSecretName }} + key: akclientToken + clientSecretSecretRef: + name: {{ $issuerSecretName }} + key: akclientSecret + accessTokenSecretRef: + name: {{ $issuerSecretName }} + key: akaccessToken + {{- else if eq .type "digitalocean" }} + digitalocean: + tokenSecretRef: + name: {{ $issuerSecretName }} + key: doaccessToken + {{- else if eq .type "rfc2136" }} + rfc2136: + nameserver: {{ .nameserver }} + tsigKeyName: {{ .tsigKeyName }} + tsigAlgorithm: {{ .tsigAlgorithm }} + tsigSecretSecretRef: + name: {{ $issuerSecretName }} + key: rfctsigSecret + {{- else if eq .type "acmedns" }} + acmeDNS: + host: {{ .acmednsHost }} + accountSecretRef: + name: {{ $issuerSecretName }} + key: acmednsJson + {{- end -}} + {{- end }} +--- +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ $namespace }} + name: {{ $issuerSecretName }} +type: Opaque +stringData: + cf-api-token: {{ .cfapitoken | default "" }} + cf-api-key: {{ .cfapikey | default "" }} + route53-secret-access-key: {{ .route53SecretAccessKey | default "" }} + akclientToken: {{ .akclientToken | default "" }} + akclientSecret: {{ .akclientSecret | default "" }} + akaccessToken: {{ .akaccessToken | default "" }} + doaccessToken: {{ .doaccessToken | default "" }} + rfctsigSecret: {{ $rfctsigSecret }} +{{- if .acmednsConfigJson }} + acmednsJson: {{ .acmednsConfigJson }} +{{- else if $acmednsDict }} + acmednsJson: {{ toJson $acmednsDict | quote }} +{{- end -}} + {{- end -}} +{{- end -}} diff --git a/premium/clusterissuer/7.5.3/templates/clusterissuer/_CA.tpl b/premium/clusterissuer/7.5.3/templates/clusterissuer/_CA.tpl new file mode 100644 index 00000000000..3091b2c5e85 --- /dev/null +++ b/premium/clusterissuer/7.5.3/templates/clusterissuer/_CA.tpl @@ -0,0 +1,54 @@ +{{- define "certmanager.clusterissuer.ca" -}} +{{- $operator := index $.Values.operator "cert-manager" -}} +{{- $namespace := $operator.namespace | default "cert-manager" -}} + +{{- range .Values.clusterIssuer.CA }} + {{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name) -}} + {{- fail "CA - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}} + {{- end -}} +{{- if .selfSigned }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .name }}-selfsigned-ca-issuer +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .name }}-selfsigned-ca + namespace: {{ $namespace }} +spec: + isCA: true + commonName: {{ .selfSignedCommonName }} + secretName: {{ .name }}-ca + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: {{ .name }}-selfsigned-ca-issuer + kind: ClusterIssuer + group: cert-manager.io +{{- else }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }}-ca + namespace: {{ $namespace }} +data: + tls.crt: {{ .crt | replace " CERTIFICATE" "_CERTIFICATE" | replace " " "\n" | replace "_CERTIFICATE" " CERTIFICATE" | b64enc }} + tls.key: {{ .key | replace " PRIVATE KEY" "_PRIVATE_KEY" | replace " " "\n" | replace "_PRIVATE_KEY" " PRIVATE KEY" | b64enc }} +{{- end }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .name }} +spec: + ca: + secretName: {{ .name }}-ca +{{- end }} +{{- end -}} diff --git a/premium/clusterissuer/7.5.3/templates/clusterissuer/_clusterCertificates.tpl b/premium/clusterissuer/7.5.3/templates/clusterissuer/_clusterCertificates.tpl new file mode 100644 index 00000000000..a1e06520730 --- /dev/null +++ b/premium/clusterissuer/7.5.3/templates/clusterissuer/_clusterCertificates.tpl @@ -0,0 +1,34 @@ +{{- define "certmanager.clusterissuer.clusterCertificates" -}} + {{- if .Values.clusterCertificates -}} + {{- $secretTemplates := dict -}} + {{- $certNamespace := (include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $ "objectData" dict "caller" "ClusterCertificates")) -}} + {{- $replicationNamespaces := ".*" -}} + {{- if .Values.clusterCertificates.replicationNamespaces -}} + {{- $replicationNamespaces = .Values.clusterCertificates.replicationNamespaces -}} + {{- else if .Values.ixChartContext -}} + {{- $replicationNamespaces = "ix-.*" -}} + {{- end -}} + {{- $reflectorAnnotations := (dict + "reflector.v1.k8s.emberstack.com/reflection-allowed" "true" + "reflector.v1.k8s.emberstack.com/reflection-auto-enabled" "true" + "reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces" (printf "%v,%v" $certNamespace $replicationNamespaces) + "reflector.v1.k8s.emberstack.com/reflection-auto-namespaces" $replicationNamespaces ) -}} + {{- $certAnnotations := (mustMerge ($reflectorAnnotations) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}} + + {{- $_ := set $secretTemplates "annotations" $certAnnotations -}} + + {{- if not $.Values.certificate -}} + {{- $_ := set $.Values "certificate" dict -}} + {{- end -}} + + {{- range .Values.clusterCertificates.certificates -}} + {{- $_ := set $.Values.certificate .name (dict + "enabled" .enabled + "hosts" .hosts + "certificateIssuer" .certificateIssuer + "certificateSecretTemplate" $secretTemplates + ) -}} + {{- end -}} + + {{- end -}} +{{- end -}} diff --git a/premium/clusterissuer/7.5.3/templates/clusterissuer/_selfSigned.tpl b/premium/clusterissuer/7.5.3/templates/clusterissuer/_selfSigned.tpl new file mode 100644 index 00000000000..235c03452c9 --- /dev/null +++ b/premium/clusterissuer/7.5.3/templates/clusterissuer/_selfSigned.tpl @@ -0,0 +1,14 @@ +{{- define "certmanager.clusterissuer.selfsigned" -}} +{{- if .Values.clusterIssuer.selfSigned.enabled -}} + {{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .Values.clusterIssuer.selfSigned.name) -}} + {{- fail "Self Singed Issuer - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}} + {{- end }} +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .Values.clusterIssuer.selfSigned.name }} +spec: + selfSigned: {} +{{- end }} +{{- end -}} diff --git a/premium/clusterissuer/7.5.3/templates/common.yaml b/premium/clusterissuer/7.5.3/templates/common.yaml new file mode 100644 index 00000000000..494bfc898d5 --- /dev/null +++ b/premium/clusterissuer/7.5.3/templates/common.yaml @@ -0,0 +1,16 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* + Generate certificate data and set them to $.Values.ceritificate + Let common handle the creation of the objects +*/}} +{{- include "certmanager.clusterissuer.clusterCertificates" . }} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} + +{{/* Generate the cluster issuers */}} +{{- include "certmanager.clusterissuer.acme" . }} +{{- include "certmanager.clusterissuer.selfsigned" . }} +{{- include "certmanager.clusterissuer.ca" . }} diff --git a/premium/clusterissuer/7.5.3/values.yaml b/premium/clusterissuer/7.5.3/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/premium/clusterissuer/item.yaml b/premium/clusterissuer/item.yaml new file mode 100644 index 00000000000..6d61fb60a94 --- /dev/null +++ b/premium/clusterissuer/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/clusterissuer.png +categories: + - core +screenshots: [] diff --git a/premium/grafana/14.6.3/.helmignore b/premium/grafana/14.6.3/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/premium/grafana/14.6.3/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/premium/grafana/14.6.3/CHANGELOG.md b/premium/grafana/14.6.3/CHANGELOG.md new file mode 100644 index 00000000000..1a2845d15ca --- /dev/null +++ b/premium/grafana/14.6.3/CHANGELOG.md @@ -0,0 +1,17 @@ +--- +title: Changelog +--- + + +*for the complete changelog, please refer to the website* + +**Important:** + + +## [grafana-14.6.3](https://github.com/truecharts/charts/compare/grafana-14.6.2...grafana-14.6.3) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/grafana/14.6.3/Chart.yaml b/premium/grafana/14.6.3/Chart.yaml new file mode 100644 index 00000000000..f4add8569ef --- /dev/null +++ b/premium/grafana/14.6.3/Chart.yaml @@ -0,0 +1,41 @@ +annotations: + max_scale_version: 24.04.0 + min_scale_version: 23.10.0 + truecharts.org/SCALE-support: "true" + truecharts.org/category: metrics + truecharts.org/max_helm_version: "3.14" + truecharts.org/min_helm_version: "3.12" + truecharts.org/train: premium +apiVersion: v2 +appVersion: 10.4.0 +dependencies: + - name: common + version: 20.0.9 + repository: oci://tccr.io/truecharts + condition: "" + alias: "" + tags: [] + import-values: [] +deprecated: false +description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB. +home: https://truecharts.org/charts/premium/grafana +icon: https://truecharts.org/img/hotlink-ok/chart-icons/grafana.png +keywords: + - analytics + - monitoring + - metrics + - logs +kubeVersion: '>=1.24.0-0' +maintainers: + - name: TrueCharts + email: info@truecharts.org + url: https://truecharts.org +name: grafana +sources: + - https://grafana.com/ + - https://github.com/bitnami/bitnami-docker-grafana + - https://github.com/truecharts/charts/tree/master/charts/premium/grafana + - https://quay.io/kiwigrid/k8s-sidecar + - https://hub.docker.com/r/grafana/grafana +type: application +version: 14.6.3 diff --git a/premium/grafana/14.6.3/README.md b/premium/grafana/14.6.3/README.md new file mode 100644 index 00000000000..d73670064b9 --- /dev/null +++ b/premium/grafana/14.6.3/README.md @@ -0,0 +1,28 @@ +--- +title: README +--- + +## General Info + +TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/grafana) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +_All Rights Reserved - The TrueCharts Project_ diff --git a/premium/grafana/14.6.3/app-changelog.md b/premium/grafana/14.6.3/app-changelog.md new file mode 100644 index 00000000000..fdcf29df2b4 --- /dev/null +++ b/premium/grafana/14.6.3/app-changelog.md @@ -0,0 +1,9 @@ + + +## [grafana-14.6.3](https://github.com/truecharts/charts/compare/grafana-14.6.2...grafana-14.6.3) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/grafana/14.6.3/app-readme.md b/premium/grafana/14.6.3/app-readme.md new file mode 100644 index 00000000000..4c12740ace6 --- /dev/null +++ b/premium/grafana/14.6.3/app-readme.md @@ -0,0 +1,8 @@ +Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/grafana](https://truecharts.org/charts/premium/grafana) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/premium/grafana/14.6.3/charts/common-20.0.9.tgz b/premium/grafana/14.6.3/charts/common-20.0.9.tgz new file mode 100644 index 00000000000..41a62ef2dc2 Binary files /dev/null and b/premium/grafana/14.6.3/charts/common-20.0.9.tgz differ diff --git a/premium/grafana/14.6.3/ix_values.yaml b/premium/grafana/14.6.3/ix_values.yaml new file mode 100644 index 00000000000..6b76cb3206e --- /dev/null +++ b/premium/grafana/14.6.3/ix_values.yaml @@ -0,0 +1,346 @@ +image: + repository: grafana/grafana + pullPolicy: IfNotPresent + tag: 10.4.0@sha256:f9811e4e687ffecf1a43adb9b64096c50bc0d7a782f8608530f478b6542de7d5 + +sidecarImage: + repository: quay.io/kiwigrid/k8s-sidecar + tag: 1.26.1@sha256:b8d5067137fec093cf48670dc3a1dbb38f9e734f3a6683015c2e89a45db5fd16 + +securityContext: + container: + readOnlyRootFilesystem: false +service: + main: + ports: + main: + protocol: http + targetPort: 3000 + port: 3000 +workload: + main: + replicas: 2 + strategy: RollingUpdate + podSpec: + containers: + main: + env: + GF_SECURITY_ADMIN_USER: "admin" + GF_SECURITY_ADMIN_PASSWORD: "testpassword" + GF_INSTALL_PLUGINS: "" + GF_AUTH_LDAP_ENABLED: "false" + GF_AUTH_LDAP_ALLOW_SIGN_UP: "false" + GF_SERVER_HTTP_PORT: 3000 + GF_DATABASE_TYPE: postgres + GF_DATABASE_NAME: "{{ .Values.cnpg.main.user }}" + GF_DATABASE_USER: "{{ .Values.cnpg.main.database }}" + GF_DATABASE_SSL_MODE: disable + GF_DATABASE_HOST: + secretKeyRef: + name: cnpg-main-urls + key: host + GF_DATABASE_PASSWORD: + secretKeyRef: + name: cnpg-main-user + key: password + probes: + liveness: + path: "/api/health" + readiness: + path: "/api/health" + startup: + path: "/api/health" + dashboards: + enabled: true + imageSelector: sidecarImage + env: + IGNORE_ALREADY_PROCESSED: false + METHOD: WATCH + LABEL: grafana_dashboard + LABEL_VALUE: "1" + LOG_LEVEL: info + FOLDER: /tmp/dashboards + RESOURCE: both + NAMESPACE: "ALL" + UNIQUE_FILENAMES: false + # NAMESPACE: null + # FOLDER_ANNOTATION: null + # script: null + # WATCH_SERVER_TIMEOUT: 3600 + # WATCH_CLIENT_TIMEOUT: 3600 + SKIP_TLS_VERIFY: false + REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}" + REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}" + REQ_URL: "http://localhost:3000/api/admin/provisioning/dashboards/reload" + REQ_METHOD: POST + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + datasources: + enabled: true + imageSelector: sidecarImage + env: + IGNORE_ALREADY_PROCESSED: false + METHOD: WATCH + LABEL: grafana_datasources + LABEL_VALUE: "1" + LOG_LEVEL: info + FOLDER: /etc/grafana/provisioning/datasources + RESOURCE: both + NAMESPACE: "ALL" + UNIQUE_FILENAMES: false + # NAMESPACE: null + # FOLDER_ANNOTATION: null + # script: null + # WATCH_SERVER_TIMEOUT: 3600 + # WATCH_CLIENT_TIMEOUT: 3600 + SKIP_TLS_VERIFY: false + REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}" + REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}" + REQ_URL: "http://localhost:3000/api/admin/provisioning/datasources/reload" + REQ_METHOD: POST + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + alerts: + enabled: true + imageSelector: sidecarImage + env: + IGNORE_ALREADY_PROCESSED: false + METHOD: WATCH + LABEL: grafana_alerts + LABEL_VALUE: "1" + LOG_LEVEL: info + FOLDER: /etc/grafana/provisioning/alerts + RESOURCE: both + NAMESPACE: "ALL" + UNIQUE_FILENAMES: false + # NAMESPACE: null + # FOLDER_ANNOTATION: null + # script: null + # WATCH_SERVER_TIMEOUT: 3600 + # WATCH_CLIENT_TIMEOUT: 3600 + SKIP_TLS_VERIFY: false + REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}" + REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}" + REQ_URL: "http://localhost:3000/api/admin/provisioning/alerts/reload" + REQ_METHOD: POST + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + plugins: + enabled: true + imageSelector: sidecarImage + env: + IGNORE_ALREADY_PROCESSED: false + METHOD: WATCH + LABEL: grafana_plugins + LABEL_VALUE: "1" + LOG_LEVEL: info + FOLDER: /etc/grafana/provisioning/plugins + RESOURCE: both + NAMESPACE: "ALL" + UNIQUE_FILENAMES: false + # NAMESPACE: null + # FOLDER_ANNOTATION: null + # script: null + # WATCH_SERVER_TIMEOUT: 3600 + # WATCH_CLIENT_TIMEOUT: 3600 + SKIP_TLS_VERIFY: false + REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}" + REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}" + REQ_URL: "http://localhost:3000/api/admin/provisioning/plugins/reload" + REQ_METHOD: POST + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + notifiers: + enabled: true + imageSelector: sidecarImage + env: + IGNORE_ALREADY_PROCESSED: false + METHOD: WATCH + LABEL: grafana_notifiers + LABEL_VALUE: "1" + LOG_LEVEL: info + FOLDER: /etc/grafana/provisioning/notifiers + RESOURCE: both + NAMESPACE: "ALL" + UNIQUE_FILENAMES: false + # NAMESPACE: null + # FOLDER_ANNOTATION: null + # script: null + # WATCH_SERVER_TIMEOUT: 3600 + # WATCH_CLIENT_TIMEOUT: 3600 + SKIP_TLS_VERIFY: false + REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}" + REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}" + REQ_URL: "http://localhost:3000/api/admin/provisioning/notifiers/reload" + REQ_METHOD: POST + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + +configmap: + dashboard-provider: + enabled: true + data: + provider.yaml: |- + apiVersion: 1 + providers: + - name: sidecarProvider + orgId: 1 + folder: '' + type: file + disableDeletion: false + allowUiUpdates: false + updateIntervalSeconds: 30 + options: + foldersFromFilesStructure: false + path: /tmp/dashboards + config: + enabled: true + data: + grafana.ini: |- + paths: + data: /var/lib/grafana/ + logs: /var/log/grafana + plugins: /var/lib/grafana/plugins + provisioning: /etc/grafana/provisioning + analytics: + check_for_updates: true + log: + mode: console + grafana_net: + url: https://grafana.net + server: + domain: "{{ if (and .Values.ingress.main.enabled .Values.ingress.main.hosts) }}{{ .Values.ingress.main.hosts | first }}{{ else }}''{{ end }}" + ldap.toml: |- + # nope + +persistence: + config: + enabled: true + type: configmap + objectName: config + mountPath: /etc/grafana/grafana.ini + subPath: grafana.ini + ldap: + enabled: true + type: configmap + objectName: config + mountPath: /etc/grafana/ldap.toml + subPath: ldap.toml + data: + enabled: true + mountPath: "/var/lib/grafana" + grafana-tmp: + enabled: true + type: emptyDir + mountPath: /app/tmp + targetSelectAll: true + sc-dashboard-volume: + enabled: true + type: emptyDir + mountPath: /tmp/dashboards + targetSelectAll: true + sc-dashboard-config: + enabled: true + type: configmap + objectName: dashboard-provider + mountPath: /etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml + subPath: provider.yaml + sc-datasource-volume: + enabled: true + type: emptyDir + mountPath: /etc/grafana/provisioning/datasources + targetSelectAll: true + sc-alerts-volume: + enabled: true + type: emptyDir + mountPath: /etc/grafana/provisioning/alerts + targetSelectAll: true + sc-plugins-volume: + enabled: true + type: emptyDir + mountPath: /etc/grafana/provisioning/plugins + targetSelectAll: true + sc-notifiers-volume: + enabled: true + type: emptyDir + mountPath: /etc/grafana/provisioning/notifiers + targetSelectAll: true +metrics: + main: + # -- Enable and configure a Prometheus serviceMonitor for the chart under this key. + # @default -- See values.yaml + enabled: true + type: "servicemonitor" + endpoints: + - port: main + path: /metrics + # -- Enable and configure Prometheus Rules for the chart under this key. + # @default -- See values.yaml + prometheusRule: + enabled: false + labels: {} + # -- Configure additionial rules for the chart under this key. + # @default -- See prometheusrules.yaml + rules: [] + # - alert: UnifiPollerAbsent + # annotations: + # description: Unifi Poller has disappeared from Prometheus service discovery. + # summary: Unifi Poller is down. + # expr: | + # absent(up{job=~".*unifi-poller.*"} == 1) + # for: 5m + # labels: + # severity: critical +portal: + open: + enabled: true + +# -- Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: + - apiGroups: [""] + resources: ["configmaps", "secrets"] + verbs: ["get", "watch", "list"] + +serviceAccount: + main: + enabled: true + primary: true + +podOptions: + automountServiceAccountToken: true + +cnpg: + main: + enabled: true + user: grafana + database: grafana diff --git a/premium/grafana/14.6.3/questions.yaml b/premium/grafana/14.6.3/questions.yaml new file mode 100755 index 00000000000..f0aa40a18e6 --- /dev/null +++ b/premium/grafana/14.6.3/questions.yaml @@ -0,0 +1,2916 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Backup Configuration + description: Configure Velero Backup Schedule + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation + +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + + - variable: env + label: "Image Environment" + schema: + additional_attrs: true + type: dict + attrs: + - variable: GF_SECURITY_ADMIN_USER + label: "Admin User" + schema: + type: string + required: true + default: "admin" + - variable: GF_SECURITY_ADMIN_PASSWORD + label: "Admin Password" + schema: + type: string + required: true + private: true + default: "REPLACETHIS" + - variable: GF_INSTALL_PLUGINS + label: "Extra Plugins to Install" + description: "comma seperated" + schema: + type: string + default: "" + - variable: GF_AUTH_LDAP_ENABLED + label: "enable LDAP" + schema: + type: boolean + default: false + - variable: GF_AUTH_LDAP_ALLOW_SIGN_UP + label: "Allow LDAP Signup" + schema: + type: boolean + default: false + - variable: GF_AUTH_LDAP_CONFIG_FILE + label: "LDAP Config Path" + schema: + type: string + default: "/opt/bitnami/grafana/conf/ldap.toml" + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + + - variable: imagePullSecretList + group: "General Settings" + label: "Image Pull Secrets" + schema: + type: list + default: [] + items: + - variable: pullsecretentry + label: "Pull Secret" + schema: + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + - variable: data + label: Data + schema: + type: dict + additional_attrs: true + attrs: + - variable: registry + label: "Registry" + schema: + type: string + required: true + default: "https://index.docker.io/v1/" + - variable: username + label: "Username" + schema: + type: string + required: true + default: "" + - variable: password + label: "Password" + schema: + type: string + required: true + private: true + default: "" + - variable: email + label: "Email" + schema: + type: string + required: true + default: "" + + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10038 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + + - variable: data + label: "App data Storage" + description: "Stores the Application Data." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - value: iscsi + description: iSCSI Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: disabled + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name (Optional) + description: Defaults to chart name + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description (Optional) + description: Defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: icon + label: Icon (Optional) + description: Defaults to chart icon + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + - variable: widget + label: Widget Settings + schema: + type: dict + additional_attrs: true + show_if: [["enabled", "=", true]] + attrs: + - variable: enabled + label: Enable Widget + description: When disabled all widget annotations are skipped. + schema: + type: boolean + default: true + - variable: custom + label: Options + schema: + type: dict + additional_attrs: true + attrs: + - variable: key + label: API-key (key) + schema: + type: string + default: "" + - variable: customkv + label: Custom Options + schema: + type: list + default: [] + items: + - variable: option + label: Option + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + default: "" + required: true + - variable: value + label: Value + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: overrideService + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: namespace + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description + description: defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: 'gpu.intel.com/i915' + label: Add Intel i915 GPUs + schema: + type: int + default: 0 + - variable: 'nvidia.com/gpu' + label: Add NVIDIA GPUs (Experimental) + schema: + type: int + default: 0 + - variable: 'amd.com/gpu' + label: Add AMD GPUs + schema: + type: int + default: 0 + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + + - variable: metrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + + - variable: prometheusRule + label: PrometheusRule + description: Enable and configure Prometheus Rules for the App. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + # TODO: Rule List section + +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: ingress + label: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true + diff --git a/premium/grafana/14.6.3/templates/NOTES.txt b/premium/grafana/14.6.3/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/premium/grafana/14.6.3/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/premium/grafana/14.6.3/templates/common.yaml b/premium/grafana/14.6.3/templates/common.yaml new file mode 100644 index 00000000000..b51394e00a4 --- /dev/null +++ b/premium/grafana/14.6.3/templates/common.yaml @@ -0,0 +1 @@ +{{ include "tc.v1.common.loader.all" . }} diff --git a/premium/grafana/14.6.3/values.yaml b/premium/grafana/14.6.3/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/premium/grafana/item.yaml b/premium/grafana/item.yaml new file mode 100644 index 00000000000..f5a33383aa4 --- /dev/null +++ b/premium/grafana/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/grafana.png +categories: + - metrics +screenshots: [] diff --git a/premium/metallb-config/6.5.3/.helmignore b/premium/metallb-config/6.5.3/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/premium/metallb-config/6.5.3/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/premium/metallb-config/6.5.3/CHANGELOG.md b/premium/metallb-config/6.5.3/CHANGELOG.md new file mode 100644 index 00000000000..be807a3976d --- /dev/null +++ b/premium/metallb-config/6.5.3/CHANGELOG.md @@ -0,0 +1,17 @@ +--- +title: Changelog +--- + + +*for the complete changelog, please refer to the website* + +**Important:** + + +## [metallb-config-6.5.3](https://github.com/truecharts/charts/compare/metallb-config-6.5.2...metallb-config-6.5.3) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/metallb-config/6.5.3/Chart.yaml b/premium/metallb-config/6.5.3/Chart.yaml new file mode 100644 index 00000000000..bb70d241c4f --- /dev/null +++ b/premium/metallb-config/6.5.3/Chart.yaml @@ -0,0 +1,38 @@ +annotations: + max_scale_version: 24.04.0 + min_scale_version: 23.10.0 + truecharts.org/SCALE-support: "true" + truecharts.org/category: core + truecharts.org/max_helm_version: "3.14" + truecharts.org/min_helm_version: "3.12" + truecharts.org/train: premium +apiVersion: v2 +appVersion: latest +dependencies: + - name: common + version: 20.0.9 + repository: oci://tccr.io/truecharts + condition: "" + alias: "" + tags: [] + import-values: [] +deprecated: false +description: A network load-balancer implementation for Kubernetes using standard routing protocols +home: https://truecharts.org/charts/premium/metallb-config +icon: https://truecharts.org/img/hotlink-ok/chart-icons/metallb-config.png +keywords: + - metallb + - loadbalancer +kubeVersion: '>=1.24.0-0' +maintainers: + - name: TrueCharts + email: info@truecharts.org + url: https://truecharts.org +name: metallb-config +sources: + - https://metallb.universe.tf + - https://github.com/metallb/metallb + - https://github.com/truecharts/charts/tree/master/charts/premium/metallb-config + - https://hub.docker.com/_/hello-world +type: application +version: 6.5.3 diff --git a/premium/metallb-config/6.5.3/README.md b/premium/metallb-config/6.5.3/README.md new file mode 100644 index 00000000000..9ce60030e49 --- /dev/null +++ b/premium/metallb-config/6.5.3/README.md @@ -0,0 +1,28 @@ +--- +title: README +--- + +## General Info + +TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/metallb-config) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +_All Rights Reserved - The TrueCharts Project_ diff --git a/premium/metallb-config/6.5.3/app-changelog.md b/premium/metallb-config/6.5.3/app-changelog.md new file mode 100644 index 00000000000..463668af21a --- /dev/null +++ b/premium/metallb-config/6.5.3/app-changelog.md @@ -0,0 +1,9 @@ + + +## [metallb-config-6.5.3](https://github.com/truecharts/charts/compare/metallb-config-6.5.2...metallb-config-6.5.3) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/metallb-config/6.5.3/app-readme.md b/premium/metallb-config/6.5.3/app-readme.md new file mode 100644 index 00000000000..8f037b6034e --- /dev/null +++ b/premium/metallb-config/6.5.3/app-readme.md @@ -0,0 +1,8 @@ +A network load-balancer implementation for Kubernetes using standard routing protocols + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/metallb-config](https://truecharts.org/charts/premium/metallb-config) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/premium/metallb-config/6.5.3/charts/common-20.0.9.tgz b/premium/metallb-config/6.5.3/charts/common-20.0.9.tgz new file mode 100644 index 00000000000..41a62ef2dc2 Binary files /dev/null and b/premium/metallb-config/6.5.3/charts/common-20.0.9.tgz differ diff --git a/premium/metallb-config/6.5.3/ix_values.yaml b/premium/metallb-config/6.5.3/ix_values.yaml new file mode 100644 index 00000000000..e99632a149c --- /dev/null +++ b/premium/metallb-config/6.5.3/ix_values.yaml @@ -0,0 +1,73 @@ +image: + repository: hello-world + tag: latest@sha256:d000bc569937abbe195e20322a0bde6b2922d805332fd6d8a68b19f524b7d21d + pullPolicy: IfNotPresent +manifestManager: + enabled: false +workload: + main: + enabled: false + podSpec: + containers: + main: + enabled: false + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false +service: + main: + enabled: false + ports: + main: + enabled: false + port: 9999 +operator: + verify: + enabled: true + additionalOperators: ["metallb"] +portal: + open: + enabled: false +ipAddressPools: [] +# - name: example +# autoAssign: true +# avoidBuggyIPs: true +# addresses: +# - 192.168.1.1-192.168.1.100 +L2Advertisements: [] +# - name: l2adv +# addressPools: +# - pool1 +# nodeSelectors: +# - nodeA +BGPAdvertisements: [] +# - name: bgpadv +# addressPools: +# - pool1 +# aggregationLength: 24 +# localpref: 100 +# communities: +# - 1234:1 +# peers: +# - peer1 +Communities: [] +# - name: community1 +# value: 1234:1 +Peers: [] +# - name: peer1 +# myASN: 1234 +# password: pass +# routerID: 1234 +# bfdProfile: profile +# ebgpMultiHop: false +# holdTime: 10 +# keepaliveTime: 10 +# peerAddress: 172.30.0.2 +# peerPort: 179 +# sourceAddress: 172.30.0.3 +# nodeSelectors: +# - nodeA diff --git a/premium/metallb-config/6.5.3/questions.yaml b/premium/metallb-config/6.5.3/questions.yaml new file mode 100755 index 00000000000..2f1cc5655c1 --- /dev/null +++ b/premium/metallb-config/6.5.3/questions.yaml @@ -0,0 +1,368 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Backup Configuration + description: Configure Velero Backup Schedule + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation + +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + + - variable: ipAddressPools + group: App Configuration + label: IP Address Pools Object + schema: + type: list + default: [] + items: + - variable: ipAddressPoolsEntry + label: IP Address Pool Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: Name of the IP address pool + schema: + type: string + required: true + default: "" + - variable: autoAssign + label: Auto Assign + description: AutoAssign flag used to prevent MetallB from automatic + allocation for a pool. + schema: + type: boolean + default: true + - variable: avoidBuggyIPs + label: Avoid Buggy IPs + description: AvoidBuggyIPs prevents addresses ending with .0 and .255 + to be used by a pool. + schema: + type: boolean + default: false + - variable: addresses + label: Addresses Pools + description: A list of IP address ranges over which MetalLB has authority. + You can list multiple ranges in a single pool, they will all share + the same settings. Each range can be either a CIDR prefix, or an + explicit start-end range of IPs. + schema: + type: list + default: [] + items: + - variable: addressPoolEntry + label: Address Pool Entry + schema: + type: string + default: "" + required: true + - variable: L2Advertisements + group: App Configuration + label: L2 Advertisements + description: L2Advertisement allows to advertise the LoadBalancer IPs provided + by the selected pools via L2. + schema: + type: list + default: [] + items: + - variable: L2AdvertisementEntry + label: L2 Advertisement Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: Name of the L2 Advertisement + schema: + type: string + required: true + default: "" + - variable: addressPools + label: Address Pools + description: The list of IPAddressPools to advertise via this advertisement, + selected by name. + schema: + type: list + default: [] + items: + - variable: addressPoolEntry + label: Address Pool Entry + schema: + type: string + default: "" + required: true + - variable: nodeSelectors + label: Node Selectors + description: NodeSelectors allows to limit the nodes to announce as + next hops for the LoadBalancer IP. When empty, all the nodes having are + announced as next hops. + schema: + type: list + default: [] + items: + - variable: nodeSelectorEntry + label: Node Selector Entry + schema: + type: string + default: "" + required: true + - variable: Communities + group: App Configuration + label: Communities + description: Community is a collection of aliases for communities. Users can + define named aliases to be used in the BGPPeer CRD. + schema: + type: list + default: [] + items: + - variable: CommunityEntry + label: Community Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: The name of the alias for the community. + schema: + type: string + required: true + default: "" + - variable: value + label: Value + description: The BGP community value corresponding to the given name. + schema: + type: string + required: true + default: "" + - variable: Peers + group: App Configuration + label: Peers + description: BGPPeer is the Schema for the peers API. + schema: + type: list + default: [] + items: + - variable: PeerEntry + label: Peer Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: The name of the peer. + schema: + type: string + required: true + default: "" + - variable: bfdProfile + label: BFD Profile + description: The name of the BFD Profile to be used for the BFD session + associated to the BGP session. If not set, the BFD session won't + be set up. + schema: + type: string + default: "" + - variable: ebgpMultiHop + label: EBGP MultiHop + description: TTo set if the BGPPeer is multi-hops away. Needed for + FRR mode only. + schema: + type: boolean + default: false + - variable: holdTime + label: Hold Time + description: Requested BGP hold time, per RFC4271. + schema: + type: int + - variable: keepaliveTime + label: Keep Alive Time + description: Requested BGP keep alive time, per RFC4271. + schema: + type: int + - variable: myASN + label: My ASN + description: AS number to use for the local end of the session. + schema: + type: int + - variable: password + label: Password + description: Authentication password for routers enforcing TCP MD5 + authenticated sessions + schema: + type: string + private: true + default: "" + - variable: peerASN + label: Peer ASN + description: AS number to expect from the remote end of the session. + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: peerAddress + label: Peer Address + description: Address to dial when establishing the session. + schema: + type: string + default: "" + - variable: peerPort + label: Peer Port + description: Port to dial when establishing the session. + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: routerID + label: Router ID + description: BGP router ID to advertise to the peer + schema: + type: string + default: "" + - variable: sourceAddress + label: Source Address + description: Source address to use when establishing the session. + schema: + type: string + default: "" + - variable: nodeSelectors + label: Node Selectors + description: Only connect to this peer on nodes that match one of + these selectors. + schema: + type: list + default: [] + items: + - variable: nodeSelectorEntry + label: Node Selector Entry + schema: + type: string + default: "" + required: true + - variable: BGPAdvertisements + group: App Configuration + label: BGP Advertisements + description: BGPAdvertisement allows to advertise the IPs coming from the + selected IPAddressPools via BGP. + schema: + type: list + default: [] + items: + - variable: BGPAdvertisementEntry + label: BGP Advertisement Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: Name of the BGP Advertisement + schema: + type: string + required: true + default: "" + - variable: addressPools + label: Address Pools + description: The list of IPAddressPools to advertise via this advertisement, + selected by name. + schema: + type: list + default: [] + items: + - variable: addressPoolEntry + label: Address Pool Entry + schema: + type: string + default: "" + required: true + - variable: aggregationLength + label: Aggregation Length + description: The aggregation-length advertisement option lets you + "roll up" the /32s into a larger prefix. Defaults to 32. Works for + IPv4 addresses. + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: localpref + label: Local Pref + description: The BGP LOCAL_PREF attribute which is used by BGP best + path algorithm, Path with higher localpref is preferred over one + with lower localpref. + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: communities + label: Communities + description: The BGP communities to be associated with the announcement. + Each item can be a community of the form 1234:1234 or the name of + an alias defined in the Community CRD. + schema: + type: list + default: [] + items: + - variable: communityEntry + label: Community Entry + schema: + type: string + default: "" + required: true + - variable: peers + label: Peers + description: Peers limits the BGPpeer to advertise the ips of the + selected pools to. When empty, the loadbalancer IP is announced + to all the BGPPeers configured. + schema: + type: list + default: [] + items: + - variable: peerEntry + label: Peer Entry + schema: + type: string + default: "" + required: true diff --git a/premium/metallb-config/6.5.3/templates/NOTES.txt b/premium/metallb-config/6.5.3/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/premium/metallb-config/6.5.3/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/premium/metallb-config/6.5.3/templates/_bgpadvertisement.tpl b/premium/metallb-config/6.5.3/templates/_bgpadvertisement.tpl new file mode 100644 index 00000000000..27790c0e17d --- /dev/null +++ b/premium/metallb-config/6.5.3/templates/_bgpadvertisement.tpl @@ -0,0 +1,33 @@ +{{- define "metallb.bgpadv" -}} +{{- range .Values.BGPAdvertisements }} +--- +apiVersion: metallb.io/v1beta1 +kind: BGPAdvertisement +metadata: + name: {{ .name }} + namespace: {{ $.Values.operatorNamespace }} +spec: + ipAddressPools: + {{- range .addressPools }} + - {{ . }} + {{- end }} + {{- with .aggregationLength }} + aggregationLength: {{ . | int }} + {{- end }} + {{- with .localpref }} + localpref: {{ . | int }} + {{- end }} + {{- if .communities }} + communities: + {{- range .communities }} + - {{ . }} + {{- end }} + {{- end }} + {{- if .peers }} + peers: + {{- range .peers }} + - {{ . }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/premium/metallb-config/6.5.3/templates/_community.tpl b/premium/metallb-config/6.5.3/templates/_community.tpl new file mode 100644 index 00000000000..3cd66f96e98 --- /dev/null +++ b/premium/metallb-config/6.5.3/templates/_community.tpl @@ -0,0 +1,16 @@ +{{- define "metallb.comm" -}} +{{- if .Values.Communities }} +--- +apiVersion: metallb.io/v1beta1 +kind: Community +metadata: + name: communities + namespace: {{ $.Values.operatorNamespace }} +spec: + communities: + {{- range .Values.Communities }} + - name: {{ .name }} + value: {{ .value }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/premium/metallb-config/6.5.3/templates/_ipaddresspool.tpl b/premium/metallb-config/6.5.3/templates/_ipaddresspool.tpl new file mode 100644 index 00000000000..f4c020920f0 --- /dev/null +++ b/premium/metallb-config/6.5.3/templates/_ipaddresspool.tpl @@ -0,0 +1,17 @@ +{{- define "metallb.pool" -}} +{{- range .Values.ipAddressPools }} +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: {{ .name }} + namespace: {{ $.Values.operatorNamespace }} +spec: + addresses: + {{- range .addresses }} + - {{ . }} + {{- end }} + autoAssign: {{ .autoAssign | default true }} + avoidBuggyIPs: {{ .avoidBuggyIPs | default false }} +{{- end }} +{{- end -}} diff --git a/premium/metallb-config/6.5.3/templates/_l2advertisement.tpl b/premium/metallb-config/6.5.3/templates/_l2advertisement.tpl new file mode 100644 index 00000000000..beef850b9a6 --- /dev/null +++ b/premium/metallb-config/6.5.3/templates/_l2advertisement.tpl @@ -0,0 +1,22 @@ +{{- define "metallb.l2adv" -}} +{{- range .Values.L2Advertisements }} +--- +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: {{ .name }} + namespace: {{ $.Values.operatorNamespace }} +spec: + ipAddressPools: + {{- range .addressPools }} + - {{ . }} + {{- end }} + {{- if .nodeSelectors }} + {{- range .nodeSelectors }} + nodeSelectors: + - matchLabels: + kubernetes.io/hostname: {{ . }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/premium/metallb-config/6.5.3/templates/_peers.tpl b/premium/metallb-config/6.5.3/templates/_peers.tpl new file mode 100644 index 00000000000..848e72462ae --- /dev/null +++ b/premium/metallb-config/6.5.3/templates/_peers.tpl @@ -0,0 +1,51 @@ +{{- define "metallb.peers" -}} +{{- range .Values.Peers }} +--- +apiVersion: metallb.io/v1beta2 +kind: BGPPeer +metadata: + name: {{ .name }} + namespace: {{ $.Values.operatorNamespace }} +spec: + {{- with .password }} + password: {{ . }} + {{- end }} + {{- with .routerID }} + routerID: {{ . }} + {{- end }} + {{- with .bfdProfile }} + bfdProfile: {{ . }} + {{- end }} + {{- with .ebgpMultiHop }} + ebgpMultiHop: {{ . }} + {{- end }} + {{- with .holdTime }} + holdTime: {{ . }} + {{- end }} + {{- with .keepaliveTime }} + keepaliveTime: {{ . }} + {{- end }} + {{- with .myASN }} + myASN: {{ . }} + {{- end }} + {{- with .peerASN }} + peerASN: {{ . | int }} + {{- end }} + {{- with .peerAddress }} + peerAddress: {{ . }} + {{- end }} + {{- with .peerPort }} + peerPort: {{ . | int }} + {{- end }} + {{- with .sourceAddress }} + sourceAddress: {{ . }} + {{- end }} + {{- if .nodeSelectors }} + nodeSelectors: + {{- range .nodeSelectors }} + - matchLabels: + kubernetes.io/hostname: {{ . }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/premium/metallb-config/6.5.3/templates/common.yaml b/premium/metallb-config/6.5.3/templates/common.yaml new file mode 100644 index 00000000000..05373874e9e --- /dev/null +++ b/premium/metallb-config/6.5.3/templates/common.yaml @@ -0,0 +1,21 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- $operatorNamespace := "metallb-system" -}} +{{- if .Values.operator.metallb -}} +{{ $operatorNamespace = ( $.Values.operator.metallb.namespace | default "metallb-system") }} +{{- end -}} +{{- $_ := set $.Values "operatorNamespace" $operatorNamespace -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} + +{{- include "metallb.l2adv" . }} + +{{- include "metallb.peers" . }} + +{{- include "metallb.bgpadv" . }} + +{{- include "metallb.comm" . }} + +{{- include "metallb.pool" . }} diff --git a/premium/metallb-config/6.5.3/values.yaml b/premium/metallb-config/6.5.3/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/premium/metallb-config/item.yaml b/premium/metallb-config/item.yaml new file mode 100644 index 00000000000..ed1b2bb6277 --- /dev/null +++ b/premium/metallb-config/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/metallb-config.png +categories: + - core +screenshots: [] diff --git a/premium/nextcloud/29.5.6/.helmignore b/premium/nextcloud/29.5.6/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/premium/nextcloud/29.5.6/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/premium/nextcloud/29.5.6/CHANGELOG.md b/premium/nextcloud/29.5.6/CHANGELOG.md new file mode 100644 index 00000000000..bfea52fbdc7 --- /dev/null +++ b/premium/nextcloud/29.5.6/CHANGELOG.md @@ -0,0 +1,17 @@ +--- +title: Changelog +--- + + +*for the complete changelog, please refer to the website* + +**Important:** + + +## [nextcloud-29.5.6](https://github.com/truecharts/charts/compare/nextcloud-29.5.5...nextcloud-29.5.6) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/nextcloud/29.5.6/Chart.yaml b/premium/nextcloud/29.5.6/Chart.yaml new file mode 100644 index 00000000000..582c732570e --- /dev/null +++ b/premium/nextcloud/29.5.6/Chart.yaml @@ -0,0 +1,53 @@ +annotations: + max_scale_version: 24.04.0 + min_scale_version: 23.10.0 + truecharts.org/SCALE-support: "true" + truecharts.org/category: cloud + truecharts.org/max_helm_version: "3.14" + truecharts.org/min_helm_version: "3.12" + truecharts.org/train: premium +apiVersion: v2 +appVersion: 28.0.3 +dependencies: + - name: common + version: 20.0.9 + repository: oci://tccr.io/truecharts + condition: "" + alias: "" + tags: [] + import-values: [] + - name: redis + version: 13.0.3 + repository: oci://tccr.io/truecharts + condition: redis.enabled + alias: "" + tags: [] + import-values: [] +deprecated: false +description: A private cloud server that puts the control and security of your own data back into your hands. +home: https://truecharts.org/charts/premium/nextcloud +icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png +keywords: + - nextcloud + - storage + - http + - web + - php +kubeVersion: '>=1.24.0-0' +maintainers: + - name: TrueCharts + email: info@truecharts.org + url: https://truecharts.org +name: nextcloud +sources: + - https://github.com/nextcloud/docker + - https://github.com/nextcloud/helm + - https://github.com/truecharts/charts/tree/master/charts/premium/nextcloud + - https://hub.docker.com/r/clamav/clamav + - https://github.com/truecharts/containers/tree/master/apps/nextcloud-push-notify + - https://hub.docker.com/r/collabora/code + - https://github.com/truecharts/containers/tree/master/apps/nextcloud-imaginary + - https://hub.docker.com/r/nginxinc/nginx-unprivileged + - https://github.com/truecharts/containers/tree/master/apps/nextcloud-fpm +type: application +version: 29.5.6 diff --git a/premium/nextcloud/29.5.6/LICENSE b/premium/nextcloud/29.5.6/LICENSE new file mode 100644 index 00000000000..33a8cbb23f0 --- /dev/null +++ b/premium/nextcloud/29.5.6/LICENSE @@ -0,0 +1,106 @@ +Business Source License 1.1 + +Parameters + +Licensor: The TrueCharts Project, it's owner and it's contributors +Licensed Work: The TrueCharts "Blocky" Helm Chart +Additional Use Grant: You may use the licensed work in production, as long + as it is directly sourced from a TrueCharts provided + official repository, catalog or source. You may also make private + modification to the directly sourced licenced work, + when used in production. + + The following cases are, due to their nature, also + defined as 'production use' and explicitly prohibited: + - Bundling, including or displaying the licensed work + with(in) another work intended for production use, + with the apparent intend of facilitating and/or + promoting production use by third parties in + violation of this license. + +Change Date: 2050-01-01 + +Change License: 3-clause BSD license + +For information about alternative licensing arrangements for the Software, +please contact: legal@truecharts.org + +Notice + +The Business Source License (this document, or the “License”) is not an Open +Source license. However, the Licensed Work will eventually be made available +under an Open Source License, as stated in this License. + +License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved. +“Business Source License” is a trademark of MariaDB Corporation Ab. + +----------------------------------------------------------------------------- + +Business Source License 1.1 + +Terms + +The Licensor hereby grants you the right to copy, modify, create derivative +works, redistribute, and make non-production use of the Licensed Work. The +Licensor may make an Additional Use Grant, above, permitting limited +production use. + +Effective on the Change Date, or the fourth anniversary of the first publicly +available distribution of a specific version of the Licensed Work under this +License, whichever comes first, the Licensor hereby grants you rights under +the terms of the Change License, and the rights granted in the paragraph +above terminate. + +If your use of the Licensed Work does not comply with the requirements +currently in effect as described in this License, you must purchase a +commercial license from the Licensor, its affiliated entities, or authorized +resellers, or you must refrain from using the Licensed Work. + +All copies of the original and modified Licensed Work, and derivative works +of the Licensed Work, are subject to this License. This License applies +separately for each version of the Licensed Work and the Change Date may vary +for each version of the Licensed Work released by Licensor. + +You must conspicuously display this License on each original or modified copy +of the Licensed Work. If you receive the Licensed Work in original or +modified form from a third party, the terms and conditions set forth in this +License apply to your use of that work. + +Any use of the Licensed Work in violation of this License will automatically +terminate your rights under this License for the current and all other +versions of the Licensed Work. + +This License does not grant you any right in any trademark or logo of +Licensor or its affiliates (provided that you may use a trademark or logo of +Licensor as expressly required by this License). + +TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND +TITLE. + +MariaDB hereby grants you permission to use this License’s text to license +your works, and to refer to it using the trademark “Business Source License”, +as long as you comply with the Covenants of Licensor below. + +Covenants of Licensor + +In consideration of the right to use this License’s text and the “Business +Source License” name and trademark, Licensor covenants to MariaDB, and to all +other recipients of the licensed work to be provided by Licensor: + +1. To specify as the Change License the GPL Version 2.0 or any later version, + or a license that is compatible with GPL Version 2.0 or a later version, + where “compatible” means that software provided under the Change License can + be included in a program with software provided under GPL Version 2.0 or a + later version. Licensor may specify additional Change Licenses without + limitation. + +2. To either: (a) specify an additional grant of rights to use that does not + impose any additional restriction on the right granted in this License, as + the Additional Use Grant; or (b) insert the text “None”. + +3. To specify a Change Date. + +4. Not to modify this License in any other way. diff --git a/premium/nextcloud/29.5.6/README.md b/premium/nextcloud/29.5.6/README.md new file mode 100644 index 00000000000..48ac11ddf36 --- /dev/null +++ b/premium/nextcloud/29.5.6/README.md @@ -0,0 +1,28 @@ +--- +title: README +--- + +## General Info + +TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/nextcloud) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +_All Rights Reserved - The TrueCharts Project_ diff --git a/premium/nextcloud/29.5.6/app-changelog.md b/premium/nextcloud/29.5.6/app-changelog.md new file mode 100644 index 00000000000..8e7a44b2f34 --- /dev/null +++ b/premium/nextcloud/29.5.6/app-changelog.md @@ -0,0 +1,9 @@ + + +## [nextcloud-29.5.6](https://github.com/truecharts/charts/compare/nextcloud-29.5.5...nextcloud-29.5.6) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/nextcloud/29.5.6/app-readme.md b/premium/nextcloud/29.5.6/app-readme.md new file mode 100644 index 00000000000..271d1136ba2 --- /dev/null +++ b/premium/nextcloud/29.5.6/app-readme.md @@ -0,0 +1,8 @@ +A private cloud server that puts the control and security of your own data back into your hands. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/nextcloud](https://truecharts.org/charts/premium/nextcloud) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/premium/nextcloud/29.5.6/charts/common-20.0.9.tgz b/premium/nextcloud/29.5.6/charts/common-20.0.9.tgz new file mode 100644 index 00000000000..41a62ef2dc2 Binary files /dev/null and b/premium/nextcloud/29.5.6/charts/common-20.0.9.tgz differ diff --git a/premium/nextcloud/29.5.6/charts/redis-13.0.3.tgz b/premium/nextcloud/29.5.6/charts/redis-13.0.3.tgz new file mode 100644 index 00000000000..f04b6a89dbf Binary files /dev/null and b/premium/nextcloud/29.5.6/charts/redis-13.0.3.tgz differ diff --git a/premium/nextcloud/29.5.6/ix_values.yaml b/premium/nextcloud/29.5.6/ix_values.yaml new file mode 100644 index 00000000000..08f6d693f0f --- /dev/null +++ b/premium/nextcloud/29.5.6/ix_values.yaml @@ -0,0 +1,516 @@ +image: + repository: tccr.io/tccr/nextcloud-fpm + pullPolicy: IfNotPresent + tag: v28.0.3@sha256:77b7353be48b28d1bc1dcfa8bed1e0f3c989f6223647f9c99b07db0e8ab78c8d +nginxImage: + repository: nginxinc/nginx-unprivileged + pullPolicy: IfNotPresent + tag: 1.25.4@sha256:060d468f78f016c7cfd49a548ed5d3456891cba1b54767b4ed48907981266f06 +imaginaryImage: + repository: tccr.io/tccr/nextcloud-imaginary + pullPolicy: IfNotPresent + tag: v20230401@sha256:6be7b4432a536d6004b94edea7dd3573f0cc061328b729ed8043236a0784f98c +hpbImage: + repository: tccr.io/tccr/nextcloud-push-notify + pullPolicy: IfNotPresent + tag: v0.6.9@sha256:1950fd07cc1292551b16c7080514c24d8c22ce7947e06cbb12fd968d13970373 +clamavImage: + repository: clamav/clamav + pullPolicy: IfNotPresent + tag: 1.3.0@sha256:57555703249b4c57d760753bf3655871d3c51958bd5bd4a0dac6eb73c1c36516 +collaboraImage: + repository: collabora/code + pullPolicy: IfNotPresent + tag: 23.05.9.4.1@sha256:18768e665a817a06d17a608bcb0744dd0275e72d805644cad5ad1923f7d623b5 +nextcloud: + # Initial Credentials + credentials: + initialAdminUser: admin + initialAdminPassword: adminpass + # General settings + general: + # Custom Nextcloud Scripts + run_optimize: true + default_phone_region: GR + # IP used for exposing nextcloud, + # often the loadbalancer IP + accessIP: "" + # Allows Nextcloud to connect to unsecure (http) endpoints + force_enable_allow_local_remote_servers: false + # File settings + files: + shared_folder_name: Shared + max_chunk_size: 10485760 + # Expiration settings + expirations: + activity_expire_days: 90 + trash_retention_obligation: auto + versions_retention_obligation: auto + # Previews settings + previews: + enabled: true + # It will also deploy the container + imaginary: true + cron: true + schedule: "*/30 * * * *" + max_x: 2048 + max_y: 2048 + max_memory: 1024 + max_file_size_image: 50 + # Setting for Imaginary + max_allowed_resolution: 18.0 + jpeg_quality: 60 + square_sizes: 32 256 + width_sizes: 256 384 + height_sizes: 256 + # Casings are important + # https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269 + # Only the last part of the provider is needed + providers: + - PNG + - JPEG + # Logging settings + logging: + log_level: 2 + log_file: /var/www/html/data/logs/nextcloud.log + log_audit_file: /var/www/html/data/logs/audit.log + log_date_format: d/m/Y H:i:s + # ClamAV settings + clamav: + # It will also deploy the container + # Note that this runs as root + enabled: false + stream_max_length: 26214400 + file_max_size: -1 + infected_action: only_log + # Notify Push settings + notify_push: + # It will also deploy the container + enabled: true + # Collabora settings + collabora: + # It will also deploy the container + enabled: false + # default|compact|tabbed + interface_mode: default + username: admin + password: changeme + dictionaries: + - de_DE + - en_GB + - en_US + - el_GR + - es_ES + - fr_FR + - pt_BR + - pt_PT + - it + - nl + - ru + onlyoffice: + # It will not deploy the container + # Only add the OnlyOffice settings + enabled: false + url: "" + internal_url: "" + verify_ssl: true + jwt: "" + jwt_header: Authorization + # PHP settings + php: + memory_limit: 1G + upload_limit: 10G + pm_max_children: 180 + pm_start_servers: 18 + pm_min_spare_servers: 12 + pm_max_spare_servers: 30 + opcache: + interned_strings_buffer: 32 + max_accelerated_files: 10000 + memory_consumption: 128 + revalidate_freq: 60 + jit_buffer_size: 128 +# Do NOT edit below this line +workload: + # Nextcloud php-fpm + main: + type: Deployment + podSpec: + containers: + main: + enabled: true + primary: true + envFrom: + - configMapRef: + name: nextcloud-config + probes: + liveness: + enabled: true + type: exec + command: /healthcheck.sh + readiness: + enabled: true + type: exec + command: /healthcheck.sh + startup: + enabled: true + type: tcp + port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}" + nginx: + enabled: true + type: Deployment + strategy: RollingUpdate + replicas: 1 + podSpec: + containers: + nginx: + enabled: true + primary: true + imageSelector: nginxImage + probes: + readiness: + enabled: true + path: /robots.txt + port: "{{ .Values.service.main.ports.main.port }}" + httpHeaders: + Host: kube.internal.healthcheck + liveness: + enabled: true + path: /robots.txt + port: "{{ .Values.service.main.ports.main.port }}" + httpHeaders: + Host: kube.internal.healthcheck + startup: + enabled: true + type: tcp + port: "{{ .Values.service.main.ports.main.port }}" + notify: + enabled: true + type: Deployment + strategy: RollingUpdate + replicas: 1 + podSpec: + containers: + notify: + primary: true + enabled: true + imageSelector: hpbImage + envFrom: + - configMapRef: + name: hpb-config + probes: + readiness: + enabled: true + path: /push/test/cookie + port: 7867 + httpHeaders: + Host: kube.internal.healthcheck + liveness: + enabled: true + path: /push/test/cookie + port: 7867 + httpHeaders: + Host: kube.internal.healthcheck + startup: + enabled: true + type: tcp + port: 7867 + imaginary: + enabled: true + type: Deployment + strategy: RollingUpdate + replicas: 1 + podSpec: + containers: + imaginary: + primary: true + enabled: true + imageSelector: imaginaryImage + command: imaginary + args: + - -p + - "{{ .Values.service.imaginary.ports.imaginary.port }}" + - -concurrency + - "10" + - -max-allowed-resolution + - "{{ .Values.nextcloud.previews.max_allowed_resolution }}" + - -enable-url-source + - -return-size + probes: + readiness: + enabled: true + path: /health + port: "{{ .Values.service.imaginary.ports.imaginary.port }}" + liveness: + enabled: true + path: /health + port: "{{ .Values.service.imaginary.ports.imaginary.port }}" + startup: + enabled: true + type: tcp + port: "{{ .Values.service.imaginary.ports.imaginary.port }}" + clamav: + enabled: true + type: Deployment + strategy: RollingUpdate + replicas: 1 + podSpec: + containers: + clamav: + primary: true + enabled: true + imageSelector: clamavImage + # FIXME: https://github.com/Cisco-Talos/clamav/issues/478 + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + envFrom: + - configMapRef: + name: clamav-config + probes: + readiness: + enabled: true + type: exec + command: clamdcheck.sh + liveness: + enabled: true + type: exec + command: clamdcheck.sh + startup: + enabled: true + type: tcp + port: "{{ .Values.service.clamav.ports.clamav.targetPort }}" + collabora: + enabled: true + type: Deployment + strategy: RollingUpdate + replicas: 1 + podSpec: + containers: + collabora: + primary: true + enabled: true + imageSelector: collaboraImage + securityContext: + runAsUser: 100 + runAsGroup: 102 + readOnlyRootFilesystem: false + allowPrivilegeEscalation: true + capabilities: + add: + - CHOWN + - FOWNER + - SYS_CHROOT + - MKNOD + envFrom: + - configMapRef: + name: collabora-config + probes: + readiness: + enabled: true + type: http + path: /collabora/ + port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" + liveness: + enabled: true + type: http + path: /collabora/ + port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" + startup: + enabled: true + type: tcp + port: "{{ .Values.service.collabora.ports.collabora.targetPort }}" +cronjobs: + # Don't change names, it's used in the persistence + - name: nextcloud-cron + enabled: true + schedule: "*/5 * * * *" + cmd: + - echo "Running [php -f /var/www/html/cron.php] ..." + - php -f /var/www/html/cron.php + - echo "Finished [php -f /var/www/html/cron.php]" + - name: preview-cron + enabled: "{{ .Values.nextcloud.previews.cron }}" + schedule: "{{ .Values.nextcloud.previews.schedule }}" + cmd: + - echo "Running [occ preview:pre-generate] ..." + - occ preview:pre-generate + - echo "Finished [occ preview:pre-generate]" +service: + # Main service links to ingress easier + # That's why the nginx is swapped with nextcloud + main: + targetSelector: nginx + ports: + main: + targetSelector: nginx + port: 8080 + nextcloud: + enabled: true + targetSelector: main + ports: + nextcloud: + enabled: true + targetSelector: main + port: 9000 + targetPort: 9000 + notify: + enabled: true + targetSelector: notify + ports: + notify: + enabled: true + primary: true + port: 7867 + targetPort: 7867 + targetSelector: notify + metrics: + enabled: true + port: 7868 + targetSelector: notify + imaginary: + enabled: true + targetSelector: imaginary + ports: + imaginary: + enabled: true + port: 9090 + targetSelector: imaginary + clamav: + enabled: true + targetSelector: clamav + ports: + clamav: + enabled: true + port: 3310 + targetPort: 3310 + targetSelector: clamav + collabora: + enabled: true + targetSelector: collabora + ports: + collabora: + enabled: true + port: 9980 + targetPort: 9980 + targetSelector: collabora +persistence: + php-tune: + enabled: true + type: configmap + objectName: php-tune + targetSelector: + main: + main: + mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf + subPath: zz-tune.conf + readOnly: true + redis-session: + enabled: true + type: configmap + objectName: redis-session + targetSelector: + main: + main: + mountPath: /usr/local/etc/php/conf.d/redis-session.ini + subPath: redis-session.ini + readOnly: true + opcache-recommended: + enabled: true + type: configmap + objectName: opcache + targetSelector: + main: + main: + mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini + subPath: opcache-recommended.ini + readOnly: true + nginx: + enabled: true + type: configmap + objectName: nginx-config + targetSelector: + nginx: + nginx: + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + readOnly: true + nginx-temp: + enabled: true + type: emptyDir + targetSelector: + nginx: + nginx: + mountPath: /tmp/nginx + html: + enabled: true + targetSelector: + main: + main: + mountPath: /var/www/html + nextcloud-cron: + nextcloud-cron: + mountPath: /var/www/html + preview-cron: + preview-cron: + mountPath: /var/www/html + nginx: + nginx: + mountPath: /var/www/html + readOnly: true + config: + enabled: true + targetSelector: + main: + main: + mountPath: /var/www/html/config + nextcloud-cron: + nextcloud-cron: + mountPath: /var/www/html/config + preview-cron: + preview-cron: + mountPath: /var/www/html/config + notify: + notify: + mountPath: /var/www/html/config + readOnly: true + nginx: + nginx: + mountPath: /var/www/html/config + readOnly: true + data: + enabled: true + targetSelector: + main: + main: + mountPath: /var/www/html/data + init-perms: + mountPath: /var/www/html/data + nextcloud-cron: + nextcloud-cron: + mountPath: /var/www/html/data + preview-cron: + preview-cron: + mountPath: /var/www/html/data + nginx: + nginx: + mountPath: /var/www/html/data + readOnly: true +cnpg: + main: + enabled: true + user: nextcloud + database: nextcloud +redis: + enabled: true + username: default +portal: + open: + enabled: true +updated: true + +ingress: + main: + required: true diff --git a/premium/nextcloud/29.5.6/questions.yaml b/premium/nextcloud/29.5.6/questions.yaml new file mode 100755 index 00000000000..aa22b141282 --- /dev/null +++ b/premium/nextcloud/29.5.6/questions.yaml @@ -0,0 +1,4144 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Backup Configuration + description: Configure Velero Backup Schedule + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation + +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + + - variable: nextcloud + group: App Configuration + label: Nextcloud + schema: + additional_attrs: true + type: dict + attrs: + - variable: credentials + label: Initial Credentials + schema: + additional_attrs: true + type: dict + attrs: + - variable: initialAdminUser + label: Initial Admin User + description: Sets the initial admin username + schema: + type: string + required: true + default: "" + - variable: initialAdminPassword + label: Initial Admin Password + description: Sets the initial admin password + schema: + type: string + required: true + private: true + default: "" + - variable: general + label: General + schema: + additional_attrs: true + type: dict + attrs: + - variable: run_optimize + label: Run Optimize Scripts + description: | + Runs the following commands at startup:
+ occ db:add-missing-indices
+ occ db:add-missing-columns
+ occ db:add-missing-primary-keys
+ yes | occ db:convert-filecache-bigint
+ occ maintenance:mimetype:update-js
+ occ maintenance:mimetype:update-db
+ occ maintenance:update:htaccess
+ schema: + type: boolean + default: false + - variable: default_phone_region + label: Default Phone Region + description: | + Sets the default phone region in ISO_3166-1 format (e.g. US).
+ https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements + schema: + type: string + valid_chars: '^[A-Z]{2}$' + required: true + default: "" + - variable: accessIP + label: Access IP + description: Set to the IP-Address used to reach Nextcloud. + schema: + type: string + required: true + $ref: + - "definitions/nodeIP" + - variable: force_enable_allow_local_remote_servers + label: Force Enable Allow Local Remote Servers + description: + Enables 'allow_local_remote_servers' option + schema: + type: boolean + default: false + - variable: files + label: Files Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: shared_folder_name + label: Shared Folder Name + schema: + type: string + required: true + default: Shared + - variable: max_chunk_size + label: Max Chunk Size + schema: + type: int + required: true + default: 10485760 + - variable: expirations + label: Expirations Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: activity_expire_days + label: Activity Expire Days + schema: + type: int + required: true + default: 90 + - variable: trash_retention_obligation + label: Trash Retention Obligation + schema: + type: string + required: true + default: auto + - variable: versions_retention_obligation + label: Versions Retention Obligation + schema: + type: string + required: true + default: auto + - variable: previews + label: Previews Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Previews + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: imaginary + label: Enable imaginary + description: | + Enable imaginary to generate previews in the background.
+ It will also deploy the needed container. + schema: + type: boolean + default: true + - variable: cron + label: Enable cron + description: | + Enable cron to generate previews in the background. + schema: + type: boolean + default: true + - variable: schedule + label: Cron Schedule + schema: + type: string + default: "*/30 * * * *" + - variable: max_x + label: Max X + schema: + type: int + required: true + default: 2048 + - variable: max_y + label: Max Y + schema: + type: int + required: true + default: 2048 + - variable: max_memory + label: Max Memory + schema: + type: int + required: true + default: 1024 + - variable: max_allowed_resolution + label: Max Allowed Resolution + schema: + type: string + valid_chars: '^[0-9]{1,5}(\.[0-9]{1,2})?$' + show_if: [["imaginary", "=", true]] + required: true + default: "18.0" + - variable: max_file_size_image + label: Max File Size Image + schema: + type: int + required: true + default: 50 + - variable: jpeg_quality + label: JPEG Quality + schema: + type: int + required: true + default: 60 + - variable: square_sizes + label: Square Sizes + schema: + type: string + required: true + default: "32 256" + - variable: width_sizes + label: Width Sizes + schema: + type: string + required: true + default: "256 384" + - variable: height_sizes + label: Height Sizes + schema: + type: string + required: true + default: "256" + - variable: providers + label: Providers + schema: + type: list + empty: false + required: true + default: + - BMP + - GIF + - JPEG + - Krita + - MarkDown + - MP3 + - OpenDocument + - PNG + - TXT + - XBitmap + items: + - variable: provider_entry + label: Provider Entry + schema: + type: string + required: true + default: "" + enum: + - value: BMP + description: BMP + - value: Font + description: Font + - value: GIF + description: GIF + - value: HEIC + description: HEIC + - value: Illustrator + description: Illustrator + - value: JPEG + description: JPEG + - value: Krita + description: Krita + - value: MarkDown + description: MarkDown + - value: Movie + description: Movie + - value: MP3 + description: MP3 + - value: MSOffice2003 + description: MSOffice2003 + - value: MSOffice2007 + description: MSOffice2007 + - value: MSOfficeDoc + description: MSOfficeDoc + - value: OpenDocument + description: OpenDocument + - value: PDF + description: PDF + - value: Photoshop + description: Photoshop + - value: PNG + description: PNG + - value: Postscript + description: Postscript + - value: StarOffice + description: StarOffice + - value: SVG + description: SVG + - value: TIFF + description: TIFF + - value: TXT + description: TXT + - value: XBitmap + description: XBitmap + - variable: logging + label: Logging Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: log_level + label: Log Level + schema: + type: int + required: true + default: 2 + enum: + - value: 0 + description: Debug + - value: 1 + description: Info + - value: 2 + description: Warning + - value: 3 + description: Error + - value: 4 + description: Fatal + - variable: log_date_format + label: Log Date Format + schema: + type: string + required: true + default: d/m/Y H:i:s + - variable: notify_push + label: Notify Push Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Notify Push + description: | + Enable and Configure Notify Push.
+ It will also deploy the needed container + schema: + type: boolean + default: true + - variable: clamav + label: ClamAV Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable ClamAV + description: | + Enable and configure ClamAV.
+ It will also deploy the needed container.
+ Keep in mind that this will run as root.
+ https://github.com/Cisco-Talos/clamav/issues/478 + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: stream_max_length + label: Stream Max Length + schema: + type: int + required: true + default: 104857600 + - variable: file_max_size + label: File Max Size + schema: + type: int + required: true + default: -1 + - variable: infected_action + label: Infected Action + schema: + type: string + required: true + default: only_log + enum: + - value: delete + description: Delete + - value: only_log + description: Only Log + - variable: collabora + label: Collabora Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Collabora + description: | + Enable and configure Collabora.
+ It will also deploy the needed container.
+ Keep in mind that this will run as root. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: interface_mode + label: Interface Mode + schema: + type: string + required: true + default: default + enum: + - value: default + description: Default + - value: compact + description: Compact + - value: tabbed + description: Tabbed + - variable: username + label: Username + schema: + type: string + default: admin + required: true + - variable: password + label: Password + schema: + type: string + default: "" + required: true + - variable: dictionaries + label: Dictionaries + schema: + type: list + empty: false + required: true + default: + - de_DE + - en_GB + - en_US + - el_GR + - es_ES + - fr_FR + - pt_BR + - pt_PT + - it + - nl + - ru + items: + - variable: dictionary + label: Dictionary + schema: + type: string + required: true + default: "" + - variable: onlyoffice + label: Only Office Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable OnlyOffice + description: | + Enable and configure OnlyOffice.
+ This will NOT deploy the needed container.
+ You need to deploy it yourself. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: url + label: Public URL + description: | + The public FQDN and port of the OnlyOffice Document Server + schema: + type: string + required: true + default: "" + - variable: internal_url + label: Internal URL + description: | + The internal FQDN and port of the OnlyOffice Document Server + schema: + type: string + required: true + default: "" + - variable: verify_ssl + label: Verify SSL (Advanced) + description: | + Verify SSL when connecting to OnlyOffice Document Server + schema: + type: boolean + default: true + - variable: jwt + label: JWT + schema: + type: string + required: true + default: "" + - variable: jwt_header + label: JWT Header + schema: + type: string + required: true + default: Authorization + - variable: php + label: PHP Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: memory_limit + label: Memory Limit + schema: + type: string + required: true + default: 1G + - variable: upload_limit + label: Upload Limit + schema: + type: string + required: true + default: 10G + - variable: pm_max_children + label: Max Children + schema: + type: int + required: true + default: 180 + - variable: pm_start_servers + label: Start Servers + schema: + type: int + required: true + default: 18 + - variable: pm_min_spare_servers + label: Minimum Spare Servers + schema: + type: int + required: true + default: 12 + - variable: pm_max_spare_servers + label: Maximum Spare Servers + schema: + type: int + required: true + default: 30 + - variable: opcache + label: OPCache Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: interned_strings_buffer + label: Interned Strings Buffer + description: The amount of memory used to store interned strings, in megabytes. + schema: + type: int + required: true + default: 32 + - variable: max_accelerated_files + label: Max Accelerated Files + description: The maximum number of keys (and therefore scripts) in the OPcache hash table. + schema: + type: int + required: true + default: 10000 + - variable: memory_consumption + label: Memory Consumption + description: The size of the shared memory storage used by OPcache, in megabytes. + schema: + type: int + required: true + default: 128 + - variable: revalidate_freq + label: Revalidate Frequency + description: How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request. + schema: + type: int + required: true + default: 60 + - variable: jit_buffer_size + label: JIT Buffer Size + description: The amount of shared memory (in megabytes) to reserve for compiled JIT code. A zero value disables the JIT. + schema: + type: int + required: true + default: 128 + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + + - variable: html + label: App HTML Storage + description: Stores the Application HTML. + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - value: iscsi + description: iSCSI Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: disabled + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + + - variable: config + label: App Config Storage + description: Stores the Application Config. + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - value: iscsi + description: iSCSI Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: disabled + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + + - variable: data + label: User Data Storage + description: Stores the User Data. + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - value: iscsi + description: iSCSI Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: disabled + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: Main Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name (Optional) + description: Defaults to chart name + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description (Optional) + description: Defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: icon + label: Icon (Optional) + description: Defaults to chart icon + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + - variable: widget + label: Widget Settings + schema: + type: dict + additional_attrs: true + show_if: [["enabled", "=", true]] + attrs: + - variable: enabled + label: Enable Widget + description: When disabled all widget annotations are skipped. + schema: + type: boolean + default: true + - variable: custom + label: Options + schema: + type: dict + additional_attrs: true + attrs: + - variable: key + label: API-key (key) + schema: + type: string + default: "" + - variable: customkv + label: Custom Options + schema: + type: list + default: [] + items: + - variable: option + label: Option + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + default: "" + required: true + - variable: value + label: Value + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: overrideService + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: namespace + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description + description: defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + + - variable: runAsUser + label: runAsUser + description: The UserID of the user running the application + schema: + type: int + default: 568 + - variable: runAsGroup + label: runAsGroup + description: The groupID of the user running the application + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + + - variable: fsGroup + label: fsGroup + description: The group that should own ALL storage. + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: 'gpu.intel.com/i915' + label: Add Intel i915 GPUs + schema: + type: int + default: 0 + - variable: 'nvidia.com/gpu' + label: Add NVIDIA GPUs (Experimental) + schema: + type: int + default: 0 + - variable: 'amd.com/gpu' + label: Add AMD GPUs + schema: + type: int + default: 0 + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + + - variable: cnpg + group: Postgresql + label: "CloudNative-PG (CNPG)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Postgresql Database" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hibernate + label: Hibernate + description: "enable to safely hibernate and shutdown the postgresql cluster" + schema: + type: boolean + default: false + - variable: mode + label: Mode + description: 'Cluster mode of operation. Available modes: standalone - default mode. Creates new or updates an existing CNPG cluster. recovery - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup replica - Creates a replica cluster from an existing CNPG cluster. # TODO.' + schema: + type: string + default: "standalone" + enum: + - value: standalone + description: standalone + - value: replica + description: replica + - value: recovery + description: recovery + - variable: cluster + label: "Cluster Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 1 + - variable: singleNode + label: singleNode + schema: + type: boolean + default: true + hidden: true + - variable: storage + label: "Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: walStorage + label: "WAL Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: monitoring + label: "Monitoring Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enablePodMonitor + label: "enablePodMonitor" + schema: + type: boolean + default: true + - variable: disableDefaultQueries + label: "disableDefaultQueries" + schema: + type: boolean + default: false + - variable: pooler + label: "Pooler Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + - variable: instances + label: Instances + schema: + type: int + show_if: [["enabled", "=", true]] + default: 1 + - variable: createRO + label: "Create ReadOnly Instance" + schema: + type: boolean + show_if: [["enabled", "=", true]] + default: false + - variable: backups + label: "Backup Settings (Experimental)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + - variable: serverName + label: "serverName" + schema: + type: string + default: "" + - variable: revision + label: "serverName" + schema: + type: int + - variable: endpointURL + label: "endpointURL" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: destinationPath + label: "destinationPath" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: retentionPolicy + label: "retentionPolicy" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "30d" + - variable: provider + label: "provider" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "s3" + enum: + - value: s3 + description: S3 + - value: azure + description: Azure + - value: google + description: Google + - variable: s3 + label: "s3" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "s3"]] + attrs: + - variable: region + label: "region" + schema: + type: string + default: "" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: accessKey + label: "accessKey" + schema: + type: string + default: "" + - variable: secretKey + label: "secretKey" + schema: + type: string + default: "" + - variable: azure + label: "azure (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "azure"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: connectionString + label: "connectionString" + schema: + type: string + default: "" + - variable: storageAccount + label: "storageAccount" + schema: + type: string + default: "" + - variable: storageKey + label: "storageKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageSasToken + label: "storageSasToken" + schema: + type: string + default: "" + - variable: containerName + label: "containerName" + schema: + type: string + default: "" + - variable: serviceName + label: "serviceName" + schema: + type: string + default: "blob" + - variable: inheritFromAzureAD + label: "inheritFromAzureAD" + schema: + type: boolean + default: false + - variable: google + label: "google (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "google"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: gkeEnvironment + label: "gkeEnvironment" + schema: + type: string + default: "" + - variable: applicationCredentials + label: "applicationCredentials" + schema: + type: string + default: "" + - variable: recovery + label: "Recovery Settings (Experimental)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + - variable: serverName + label: "serverName" + schema: + type: string + default: "" + - variable: revision + label: "serverName" + schema: + type: int + - variable: endpointURL + label: "endpointURL" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: method + label: "method" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "object_store" + - variable: backupName + label: "backupName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: provider + label: "provider" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "s3" + enum: + - value: s3 + description: S3 + - value: azure + description: Azure + - value: google + description: Google + - variable: s3 + label: "s3" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "s3"]] + attrs: + - variable: region + label: "region" + schema: + type: string + default: "" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: accessKey + label: "accessKey" + schema: + type: string + default: "" + - variable: secretKey + label: "secretKey" + schema: + type: string + default: "" + - variable: azure + label: "azure (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "azure"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: connectionString + label: "connectionString" + schema: + type: string + default: "" + - variable: storageAccount + label: "storageAccount" + schema: + type: string + default: "" + - variable: storageKey + label: "storageKey" + schema: + type: string + default: "" + - variable: storageSasToken + label: "storageSasToken" + schema: + type: string + default: "" + - variable: containerName + label: "containerName" + schema: + type: string + default: "" + - variable: serviceName + label: "serviceName" + schema: + type: string + default: "blob" + - variable: inheritFromAzureAD + label: "inheritFromAzureAD" + schema: + type: boolean + default: false + - variable: google + label: "google (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "google"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: gkeEnvironment + label: "gkeEnvironment" + schema: + type: string + default: "" + - variable: applicationCredentials + label: "applicationCredentials" + schema: + type: string + default: "" + + - variable: metrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + + - variable: prometheusRule + label: PrometheusRule + description: Enable and configure Prometheus Rules for the App. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + # TODO: Rule List section + +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: ingress + label: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true + diff --git a/premium/nextcloud/29.5.6/templates/NOTES.txt b/premium/nextcloud/29.5.6/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/premium/nextcloud/29.5.6/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/premium/nextcloud/29.5.6/templates/_configmap.tpl b/premium/nextcloud/29.5.6/templates/_configmap.tpl new file mode 100644 index 00000000000..081cf5d71c2 --- /dev/null +++ b/premium/nextcloud/29.5.6/templates/_configmap.tpl @@ -0,0 +1,443 @@ +{{- define "nextcloud.accessurl" -}} + {{- $accessUrl := .Values.chartContext.appUrl -}} + {{- if or (contains "127.0.0.1" $accessUrl) (contains "localhost" $accessUrl) -}} + {{- if .Values.nextcloud.general.accessIP -}} + {{- $prot := "http" -}} + {{- $host := .Values.nextcloud.general.accessIP -}} + {{- $port := .Values.service.main.ports.main.port -}} + {{/* + Allowing here to override protocol and port + should be enough to make it work with any rev proxy + */}} + {{- $accessUrl = printf "%v://%v:%v" $prot $host $port -}} + {{- end -}} + {{- end -}} + + {{- $accessUrl -}} +{{- end -}} + +{{- define "nextcloud.accesshost" -}} + {{- $accessUrl := (include "nextcloud.accessurl" $) -}} + {{- $accessHost := regexReplaceAll ".*://(.*)" $accessUrl "${1}" -}} + {{- $accessHost = regexReplaceAll "(.*):.*" $accessHost "${1}" -}} + + {{- $accessHost -}} +{{- end -}} + +{{/* Define the configmap */}} +{{- define "nextcloud.configmaps" -}} +{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}} +{{- $fqdn := (include "tc.v1.common.lib.chart.names.fqdn" $) -}} +{{- $accessUrl := (include "nextcloud.accessurl" $) -}} +{{- $accessHost := (include "nextcloud.accesshost" $) -}} +{{- $accessHostPort := regexReplaceAll ".*://(.*)" $accessUrl "${1}" -}} +{{- $accessProtocol := regexReplaceAll "(.*)://.*" $accessUrl "${1}" -}} +{{- $redisHost := .Values.redis.creds.plainhost | trimAll "\"" -}} +{{- $redisPass := .Values.redis.creds.redisPassword | trimAll "\"" -}} +{{- $healthHost := "kube.internal.healthcheck" -}} + +php-tune: + enabled: true + data: + zz-tune.conf: | + [www] + pm.max_children = {{ .Values.nextcloud.php.pm_max_children }} + pm.start_servers = {{ .Values.nextcloud.php.pm_start_servers }} + pm.min_spare_servers = {{ .Values.nextcloud.php.pm_min_spare_servers }} + pm.max_spare_servers = {{ .Values.nextcloud.php.pm_max_spare_servers }} + +opcache: + enabled: true + data: + opcache-recommended.ini: | + opcache.enable=1 + opcache.save_comments=1 + opcache.jit=1255 + opcache.interned_strings_buffer={{ .Values.nextcloud.opcache.interned_strings_buffer }} + opcache.max_accelerated_files={{ .Values.nextcloud.opcache.max_accelerated_files }} + opcache.memory_consumption={{ .Values.nextcloud.opcache.memory_consumption }} + opcache.revalidate_freq={{ .Values.nextcloud.opcache.revalidate_freq }} + opcache.jit_buffer_size={{ printf "%vM" .Values.nextcloud.opcache.jit_buffer_size }} + +redis-session: + enabled: true + data: + redis-session.ini: | + session.save_handler = redis + session.save_path = {{ printf "tcp://%v:6379?auth=%v" $redisHost $redisPass | quote }} + redis.session.locking_enabled = 1 + redis.session.lock_retries = -1 + redis.session.lock_wait_time = 10000 + +hpb-config: + enabled: {{ .Values.nextcloud.notify_push.enabled }} + data: + NEXTCLOUD_URL: {{ printf "http://%v:%v" $fullname .Values.service.main.ports.main.port }} + HPB_HOST: {{ $healthHost }} + CONFIG_FILE: {{ printf "%v/config.php" .Values.persistence.config.targetSelector.notify.notify.mountPath }} + METRICS_PORT: {{ .Values.service.notify.ports.metrics.port | quote }} + +clamav-config: + enabled: {{ .Values.nextcloud.clamav.enabled }} + data: + CLAMAV_NO_CLAMD: "false" + CLAMAV_NO_FRESHCLAMD: "true" + CLAMAV_NO_MILTERD: "true" + CLAMD_STARTUP_TIMEOUT: "1800" + +collabora-config: + enabled: {{ .Values.nextcloud.collabora.enabled }} + data: + aliasgroup1: {{ $accessUrl }} + server_name: {{ $accessHostPort }} + dictionaries: {{ join " " .Values.nextcloud.collabora.dictionaries }} + username: {{ .Values.nextcloud.collabora.username | quote }} + password: {{ .Values.nextcloud.collabora.password | quote }} + DONT_GEN_SSL_CERT: "true" + # mount_jail_tree is only used for local storage + # not needed for WOPI https://github.com/CollaboraOnline/online/issues/3604#issuecomment-989833814 + extra_params: | + --o:ssl.enable=false + --o:ssl.termination=true + --o:net.service_root=/collabora + --o:home_mode.enable=true + --o:welcome.enable=false + --o:logging.level=warning + --o:logging.level_startup=warning + --o:security.seccomp=true + --o:mount_jail_tree=false + --o:user_interface.mode={{ .Values.nextcloud.collabora.interface_mode }} + +nextcloud-config: + enabled: true + data: + {{/* Database */}} + POSTGRES_DB: {{ .Values.cnpg.main.database | quote }} + POSTGRES_USER: {{ .Values.cnpg.main.user | quote }} + POSTGRES_PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }} + POSTGRES_HOST: {{ .Values.cnpg.main.creds.host | trimAll "\"" }} + + {{/* Redis */}} + NX_REDIS_HOST: {{ $redisHost }} + NX_REDIS_PASS: {{ $redisPass }} + + {{/* Nextcloud INITIAL credentials */}} + NEXTCLOUD_ADMIN_USER: {{ .Values.nextcloud.credentials.initialAdminUser | quote }} + NEXTCLOUD_ADMIN_PASSWORD: {{ .Values.nextcloud.credentials.initialAdminPassword | quote }} + + {{/* PHP Variables */}} + PHP_MEMORY_LIMIT: {{ .Values.nextcloud.php.memory_limit | quote }} + PHP_UPLOAD_LIMIT: {{ .Values.nextcloud.php.upload_limit | quote }} + + {{/* Notify Push */}} + NX_NOTIFY_PUSH: {{ .Values.nextcloud.notify_push.enabled | quote }} + {{- if .Values.nextcloud.notify_push.enabled }} + NX_NOTIFY_PUSH_ENDPOINT: {{ $accessUrl }}/push + {{- end }} + + {{/* Previews */}} + NX_PREVIEWS: {{ .Values.nextcloud.previews.enabled | quote }} + NX_PREVIEW_PROVIDERS: {{ join " " .Values.nextcloud.previews.providers }} + NX_PREVIEW_MAX_X: {{ .Values.nextcloud.previews.max_x | quote }} + NX_PREVIEW_MAX_Y: {{ .Values.nextcloud.previews.max_y | quote }} + NX_PREVIEW_MAX_MEMORY: {{ .Values.nextcloud.previews.max_memory | quote }} + NX_PREVIEW_MAX_FILESIZE_IMAGE: {{ .Values.nextcloud.previews.max_file_size_image | quote }} + NX_JPEG_QUALITY: {{ .Values.nextcloud.previews.jpeg_quality | quote }} + NX_PREVIEW_SQUARE_SIZES: {{ .Values.nextcloud.previews.square_sizes | quote }} + NX_PREVIEW_WIDTH_SIZES: {{ .Values.nextcloud.previews.width_sizes | quote }} + NX_PREVIEW_HEIGHT_SIZES: {{ .Values.nextcloud.previews.height_sizes | quote }} + + {{/* Imaginary */}} + NX_IMAGINARY: {{ and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary | quote }} + {{- if and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary }} + NX_IMAGINARY_URL: {{ printf "http://%v-imaginary:%v" $fullname .Values.service.imaginary.ports.imaginary.port }} + {{- end }} + + {{/* Expirations */}} + NX_ACTIVITY_EXPIRE_DAYS: {{ .Values.nextcloud.expirations.activity_expire_days | quote }} + NX_TRASH_RETENTION: {{ .Values.nextcloud.expirations.trash_retention_obligation | quote }} + NX_VERSIONS_RETENTION: {{ .Values.nextcloud.expirations.versions_retention_obligation | quote }} + + {{/* General */}} + NX_RUN_OPTIMIZE: {{ .Values.nextcloud.general.run_optimize | quote }} + NX_DEFAULT_PHONE_REGION: {{ .Values.nextcloud.general.default_phone_region | quote }} + NEXTCLOUD_DATA_DIR: {{ .Values.persistence.data.targetSelector.main.main.mountPath }} + NX_FORCE_ENABLE_ALLOW_LOCAL_REMOTE_SERVERS: {{ .Values.nextcloud.general.force_enable_allow_local_remote_servers | quote }} + + {{/* Files */}} + NX_SHARED_FOLDER_NAME: {{ .Values.nextcloud.files.shared_folder_name | quote }} + NX_MAX_CHUNKSIZE: {{ .Values.nextcloud.files.max_chunk_size | mul 1 | quote }} + + {{/* Logging */}} + NX_LOG_LEVEL: {{ .Values.nextcloud.logging.log_level | quote }} + NX_LOG_FILE: {{ .Values.nextcloud.logging.log_file | quote }} + NX_LOG_FILE_AUDIT: {{ .Values.nextcloud.logging.log_audit_file | quote }} + NX_LOG_DATE_FORMAT: {{ .Values.nextcloud.logging.log_date_format | quote }} + NX_LOG_TIMEZONE: {{ .Values.TZ | quote }} + + {{/* ClamAV */}} + NX_CLAMAV: {{ .Values.nextcloud.clamav.enabled | quote }} + {{- if .Values.nextcloud.clamav.enabled }} + NX_CLAMAV_HOST: {{ printf "%v-clamav" $fullname }} + NX_CLAMAV_PORT: {{ .Values.service.clamav.ports.clamav.targetPort | quote }} + NX_CLAMAV_STREAM_MAX_LENGTH: {{ .Values.nextcloud.clamav.stream_max_length | mul 1 | quote }} + NX_CLAMAV_FILE_MAX_SIZE: {{ .Values.nextcloud.clamav.file_max_size | quote }} + NX_CLAMAV_INFECTED_ACTION: {{ .Values.nextcloud.clamav.infected_action | quote }} + {{- end }} + + {{/* Collabora */}} + NX_COLLABORA: {{ .Values.nextcloud.collabora.enabled | quote }} + {{- if .Values.nextcloud.collabora.enabled }} + NX_COLLABORA_URL: {{ printf "%v/collabora" $accessUrl | quote }} + # Ideally this would be a combo of: public ip, pod cidr, svc cidr + # But not always people have static IP. + NX_COLLABORA_ALLOWLIST: "0.0.0.0/0" + {{- end }} + + {{/* Only Office */}} + NX_ONLYOFFICE: {{ .Values.nextcloud.onlyoffice.enabled | quote }} + {{- if .Values.nextcloud.onlyoffice.enabled }} + NX_ONLYOFFICE_URL: {{ .Values.nextcloud.onlyoffice.url | quote }} + NX_ONLYOFFICE_INTERNAL_URL: {{ .Values.nextcloud.onlyoffice.internal_url | quote }} + NX_ONLYOFFICE_VERIFY_SSL: {{ .Values.nextcloud.onlyoffice.verify_ssl | quote }} + NX_ONLYOFFICE_NEXTCLOUD_INTERNAL_URL: {{ printf "http://%v.svc.cluster.local:%v" $fqdn .Values.service.main.ports.main.port }} + NX_ONLYOFFICE_JWT: {{ .Values.nextcloud.onlyoffice.jwt | quote }} + NX_ONLYOFFICE_JWT_HEADER: {{ .Values.nextcloud.onlyoffice.jwt_header | quote }} + {{- end }} + + {{/* URLs */}} + NX_OVERWRITE_HOST: {{ $accessHostPort }} + NX_OVERWRITE_CLI_URL: {{ $accessUrl }} + # Return the protocol part of the URL + NX_OVERWRITE_PROTOCOL: {{ $accessProtocol | lower }} + # IP (or range in this case) of the proxy(ies) + NX_TRUSTED_PROXIES: | + {{ .Values.chartContext.podCIDR }} + {{ .Values.chartContext.svcCIDR }} + # fullname-* will allow access from the + # other services in the same namespace + NX_TRUSTED_DOMAINS: | + 127.0.0.1 + localhost + {{ $fullname }} + {{ printf "%v-*" $fullname }} + {{ $healthHost }} + {{- if not (contains "127.0.0.1" $accessHost) }} + {{- $accessHost | nindent 6 }} + {{- end -}} + {{- with .Values.nextcloud.general.accessIP }} + {{- . | nindent 6 }} + {{- end }} + +# TODO: Replace locations with ingress +# like /push, /.well-known/carddav, /.well-known/caldav +# needs some work as nginx converts urls to pretty urls +# before matching them to locations, so ingress needs to +# take that into consideration. +nginx-config: + enabled: true + data: + nginx.conf: | + worker_processes auto; + + error_log /var/log/nginx/error.log warn; + # Set to /tmp so it can run as non-root + pid /tmp/nginx.pid; + + events { + worker_connections 1024; + } + + http { + # Set to /tmp so it can run as non-root + client_body_temp_path /tmp/nginx/client_temp; + proxy_temp_path /tmp/nginx/proxy_temp_path; + fastcgi_temp_path /tmp/nginx/fastcgi_temp; + uwsgi_temp_path /tmp/nginx/uwsgi_temp; + scgi_temp_path /tmp/nginx/scgi_temp; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + # Prevent nginx HTTP Server Detection + server_tokens off; + + keepalive_timeout 65; + + #gzip on; + + upstream php-handler { + server {{ printf "%v-nextcloud" $fullname }}:{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}; + } + + server { + listen {{ .Values.service.main.ports.main.port }}; + absolute_redirect off; + + {{- if .Values.nextcloud.notify_push.enabled }} + # Forward Notify_Push "High Performance Backend" to it's own container + location ^~ /push/ { + # The trailing "/" is important! + proxy_pass http://{{ printf "%v-notify" $fullname }}:{{ .Values.service.notify.ports.notify.targetPort }}/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + {{- end }} + + # HSTS settings + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always; + + # Set max upload size + client_max_body_size {{ .Values.nextcloud.php.upload_limit | default "512M" }}; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Pagespeed is not supported by Nextcloud, so if your server is built + # with the `ngx_pagespeed` module, uncomment this line to disable it. + #pagespeed off; + + include mime.types; + types { + text/javascript js mjs; + } + + # HTTP response headers borrowed from Nextcloud `.htaccess` + add_header Referrer-Policy "no-referrer" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "noindex, nofollow" always; + add_header X-XSS-Protection "1; mode=block" always; + + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; + + # Path to the root of your installation + root {{ .Values.persistence.html.targetSelector.nginx.nginx.mountPath }}; + + # Specify how to handle directories -- specifying `/index.php$request_uri` + # here as the fallback means that Nginx always exhibits the desired behaviour + # when a client requests a path that corresponds to a directory that exists + # on the server. In particular, if that directory contains an index.php file, + # that file is correctly served; if it doesn't, then the request is passed to + # the front-end controller. This consistent behaviour means that we don't need + # to specify custom rules for certain paths (e.g. images and other assets, + # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus + # `try_files $uri $uri/ /index.php$request_uri` + # always provides the desired behaviour. + index index.php index.html /index.php$request_uri; + + # Rule borrowed from `.htaccess` to handle Microsoft DAV clients + location = / { + if ( $http_user_agent ~ ^DavClnt ) { + return 302 /remote.php/webdav/$is_args$args; + } + } + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The rules in this block are an adaptation of the rules + # in `.htaccess` that concern `/.well-known`. + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + + location /.well-known/acme-challenge { try_files $uri $uri/ =404; } + location /.well-known/pki-validation { try_files $uri $uri/ =404; } + + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 /index.php$request_uri; + } + + # Rules borrowed from `.htaccess` to hide certain paths from clients + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + + # Ensure this block, which passes PHP files to the PHP process, is above the blocks + # which handle static assets (as seen below). If this block is not declared first, + # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php` + # to the URI, resulting in a HTTP 500 error response. + location ~ \.php(?:$|/) { + # Required for legacy support + rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri; + + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + set $path_info $fastcgi_path_info; + + try_files $fastcgi_script_name =404; + + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $path_info; + #fastcgi_param HTTPS on; + + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice + fastcgi_param front_controller_active true; # Enable pretty urls + fastcgi_pass php-handler; + + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + proxy_send_timeout 3600s; + proxy_read_timeout 3600s; + fastcgi_send_timeout 3600s; + fastcgi_read_timeout 3600s; + } + + location ~ \.(?:css|js|svg|gif)$ { + try_files $uri /index.php$request_uri; + expires 6M; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } + + location ~ \.woff2?$ { + try_files $uri /index.php$request_uri; + expires 7d; # Cache-Control policy borrowed from `.htaccess` + access_log off; # Optional: Don't log access to assets + } + + # Rule borrowed from `.htaccess` + location /remote { + return 301 /remote.php$request_uri; + } + + location / { + try_files $uri $uri/ /index.php$request_uri; + } + } + } +{{- end -}} diff --git a/premium/nextcloud/29.5.6/templates/_cronjobs.tpl b/premium/nextcloud/29.5.6/templates/_cronjobs.tpl new file mode 100644 index 00000000000..0fa050dba68 --- /dev/null +++ b/premium/nextcloud/29.5.6/templates/_cronjobs.tpl @@ -0,0 +1,34 @@ +{{- define "nextcloud.cronjobs" -}} +{{- range $cj := .Values.cronjobs }} + {{- $name := $cj.name | required "Nextcloud - Expected non-empty name in cronjob" -}} + {{- $schedule := $cj.schedule | required "Nextcloud - Expected non-empty schedule in cronjob" }} + +{{ $name }}: + enabled: {{ $cj.enabled | quote }} + type: CronJob + schedule: {{ $schedule | quote }} + podSpec: + restartPolicy: Never + containers: + {{ $name }}: + enabled: true + primary: true + imageSelector: image + command: + - /bin/bash + - -c + - | + {{- range $cj.cmd }} + {{- . | nindent 12 }} + {{- else -}} + {{- fail "Nextcloud - Expected non-empty cmd in cronjob" -}} + {{- end }} + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false +{{- end }} +{{- end -}} diff --git a/premium/nextcloud/29.5.6/templates/_ingressInjector.tpl b/premium/nextcloud/29.5.6/templates/_ingressInjector.tpl new file mode 100644 index 00000000000..f99f5bd5047 --- /dev/null +++ b/premium/nextcloud/29.5.6/templates/_ingressInjector.tpl @@ -0,0 +1,23 @@ +{{- define "nextcloud.ingressInjector" -}} + {{- if .Values.ingress.main.enabled -}} + {{- $injectPaths := list -}} + {{- if .Values.nextcloud.collabora.enabled -}} + {{- $injectPaths = mustAppend $injectPaths (include "nextcloud.collabora.ingress" $ | fromYaml) -}} + {{- end -}} + {{/* Append more paths here if needed */}} + + {{- range $host := .Values.ingress.main.hosts -}} + {{- $paths := $host.paths -}} + {{- $paths = concat $paths $injectPaths -}} + {{- $_ := set $host "paths" $paths -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "nextcloud.collabora.ingress" -}} +path: /collabora/ +pathType: Prefix +overrideService: + name: collabora + port: {{ .Values.service.collabora.ports.collabora.port }} +{{- end -}} diff --git a/premium/nextcloud/29.5.6/templates/_initPerms.tpl b/premium/nextcloud/29.5.6/templates/_initPerms.tpl new file mode 100644 index 00000000000..ed94790ad93 --- /dev/null +++ b/premium/nextcloud/29.5.6/templates/_initPerms.tpl @@ -0,0 +1,29 @@ +{{- define "nextcloud.init.perms" -}} +{{- $uid := .Values.securityContext.container.runAsUser -}} +{{- $gid := .Values.securityContext.container.runAsGroup -}} +{{- $path := .Values.persistence.data.targetSelector.main.main.mountPath }} +enabled: true +type: install +imageSelector: alpineImage +securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + capabilities: + disableS6Caps: true + add: + - DAC_OVERRIDE + - FOWNER + - CHOWN +command: /bin/sh +args: + - -c + - | + echo "Setting permissions to 700 on data directory [{{ $path }}] ..." + chmod 770 {{ $path }} | echo "Failed to set permissions on data directory [{{ $path }}]" + + echo "Setting ownership to {{ $uid }}:{{ $gid }} on data directory [{{ $path }}] ..." + chown {{ $uid }}:{{ $gid }} {{ $path }} | echo "Failed to set ownership on data directory [{{ $path }}]" + + echo "Finished." +{{- end -}} diff --git a/premium/nextcloud/29.5.6/templates/_validation.tpl b/premium/nextcloud/29.5.6/templates/_validation.tpl new file mode 100644 index 00000000000..5650c0f63fe --- /dev/null +++ b/premium/nextcloud/29.5.6/templates/_validation.tpl @@ -0,0 +1,42 @@ +{{- define "nextcloud.validation" -}} + + {{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.memory_limit) -}} + {{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.memory_limit) -}} + {{- end -}} + + {{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.upload_limit) -}} + {{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.upload_limit) -}} + {{- end -}} + + {{- if not (deepEqual .Values.nextcloud.previews.providers (uniq .Values.nextcloud.previews.providers)) -}} + {{- fail (printf "Nextcloud - Expected preview providers to be unique but got [%v]" .Values.nextcloud.previews.providers) -}} + {{- end -}} + + {{- if and .Values.nextcloud.collabora.enabled .Values.nextcloud.onlyoffice.enabled -}} + {{- fail "Nextcloud - Expected only one of [Collabora, OnlyOffice] to be enabled" -}} + {{- end -}} + + {{- if contains "$" .Values.nextcloud.collabora.password -}} + {{- fail "Nextcloud - Collabora [Password] cannot contain [$]" -}} + {{- end -}} + + {{- if .Values.nextcloud.collabora.enabled -}} + {{- if lt (len .Values.nextcloud.collabora.password) 8 -}} + {{- fail "Nextcloud - Collabora [Password] must be at least 8 characters" -}} + {{- end -}} + + {{- $collaboraUIModes := (list "default" "compact" "tabbed") -}} + {{- if not (mustHas .Values.nextcloud.collabora.interface_mode $collaboraUIModes) -}} + {{- fail (printf "Nextcloud - Expected [Interface Mode] in Collabora to be one of [%v], but got [%v]" (join "," $collaboraUIModes) .Values.nextcloud.collabora.interface_mode) -}} + {{- end -}} + + {{- if not .Values.nextcloud.collabora.dictionaries -}} + {{- fail "Nextcloud - Expected non-empty Collabora [Dictionaries]" -}} + {{- end -}} + + {{- if not (deepEqual .Values.nextcloud.collabora.dictionaries (uniq .Values.nextcloud.collabora.dictionaries)) -}} + {{- fail "Nextcloud - Collabora [Dictionaries] must be unique" -}} + {{- end -}} + {{- end -}} + +{{- end -}} diff --git a/premium/nextcloud/29.5.6/templates/_waitNextcloud.tpl b/premium/nextcloud/29.5.6/templates/_waitNextcloud.tpl new file mode 100644 index 00000000000..24946d640e8 --- /dev/null +++ b/premium/nextcloud/29.5.6/templates/_waitNextcloud.tpl @@ -0,0 +1,25 @@ +{{- define "nextcloud.wait.nextcloud" -}} +{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}} +{{- $ncURL := printf "%v-nextcloud:%v" $fullname .Values.service.nextcloud.ports.nextcloud.targetPort }} +enabled: true +type: init +imageSelector: image +securityContext: +command: /bin/sh +args: + - -c + - | + echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..." + until \ + REQUEST_METHOD="GET" \ + SCRIPT_NAME="status.php" \ + SCRIPT_FILENAME="status.php" \ + cgi-fcgi -bind -connect "{{ $ncURL }}" | grep -q '"installed":true'; + do + echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..." + sleep 3 + done + + echo "Nextcloud is ready and installed..." + echo "Starting Nginx..." +{{- end -}} diff --git a/premium/nextcloud/29.5.6/templates/common.yaml b/premium/nextcloud/29.5.6/templates/common.yaml new file mode 100644 index 00000000000..d7576a0fb57 --- /dev/null +++ b/premium/nextcloud/29.5.6/templates/common.yaml @@ -0,0 +1,92 @@ +{{- $selector := dict -}} +{{- range $name := (list "main" "nextcloud-cron" "preview-cron") -}} + {{/* creates main: {} */}} + {{- $_ := set $selector $name dict -}} + {{/* sets main: {} to main: { main: {} } */}} + {{- $_ := set (get $selector $name) $name dict -}} +{{- end -}} + +{{- range $item := .Values.persistenceList -}} + {{- $_ := set $item "targetSelector" $selector -}} +{{- end -}} + +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . -}} + +{{- include "nextcloud.validation" $ -}} + +{{/* Render configmaps for all pods */}} +{{- $configmaps := include "nextcloud.configmaps" . | fromYaml -}} +{{- if $configmaps -}} + {{- $_ := mustMergeOverwrite .Values.configmap $configmaps -}} +{{- end -}} + +{{/* Create hostAliases (resolve ingress host to Node/LB IP) */}} +{{- $hostAlias := (list (dict + "ip" .Values.nextcloud.general.accessIP + "hostnames" ( + list (include "nextcloud.accesshost" $) + ) + )) -}} + +{{/* Add [hostAliases] to nextcloud and collabora pod */}} +{{- $_ := set .Values.workload.main.podSpec "hostAliases" $hostAlias -}} +{{- $_ := set .Values.workload.collabora.podSpec "hostAliases" $hostAlias -}} + +{{/* Add [init perms] container to nextcloud */}} +{{- if not (get .Values.workload.main.podSpec "initContainers") -}} + {{- $_ := set .Values.workload.main.podSpec "initContainers" dict -}} +{{- end -}} + +{{- $initPerms := (include "nextcloud.init.perms" . | fromYaml) -}} +{{- $_ := set .Values.workload.main.podSpec.initContainers "init-perms" $initPerms -}} + +{{/* Add [wait nextcloud] container to nginx */}} +{{- if not (get .Values.workload.nginx.podSpec "initContainers") -}} + {{- $_ := set .Values.workload.nginx.podSpec "initContainers" dict -}} +{{- end -}} +{{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}} +{{- $_ := set .Values.workload.nginx.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}} + +{{/* Disable [notify push] if requested */}} +{{- if not .Values.nextcloud.notify_push.enabled -}} + {{- $_ := set .Values.workload.notify "enabled" false -}} + {{- $_ := set .Values.service.notify "enabled" false -}} +{{- else -}} + {{/* Add [wait nextcloud] container to notify push */}} + {{- if not (get .Values.workload.notify.podSpec "initContainers") -}} + {{- $_ := set .Values.workload.notify.podSpec "initContainers" dict -}} + {{- end -}} + {{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}} + {{- $_ := set .Values.workload.notify.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}} +{{- end -}} + +{{/* Disable [clamav] if requested */}} +{{- if not .Values.nextcloud.clamav.enabled -}} + {{- $_ := set .Values.workload.clamav "enabled" false -}} + {{- $_ := set .Values.service.clamav "enabled" false -}} +{{- end -}} + +{{/* Disable [previews] if requested */}} +{{- if or (not .Values.nextcloud.previews.imaginary) (not .Values.nextcloud.previews.enabled) -}} + {{- $_ := set .Values.workload.imaginary "enabled" false -}} + {{- $_ := set .Values.service.imaginary "enabled" false -}} +{{- end -}} + +{{/* Disable [collabora] if requested */}} +{{- if not .Values.nextcloud.collabora.enabled -}} + {{- $_ := set .Values.workload.collabora "enabled" false -}} + {{- $_ := set .Values.service.collabora "enabled" false -}} +{{- end -}} + +{{/* Create [cronjobs] defined */}} +{{- $cronjobs := include "nextcloud.cronjobs" . | fromYaml -}} +{{- if $cronjobs -}} + {{- $_ := mustMergeOverwrite .Values.workload $cronjobs -}} +{{- end -}} + +{{/* TODO: Do we have to cleanup when something (eg Collabora) is disabled? */}} +{{- include "nextcloud.ingressInjector" $ -}} + +{{/* Render the templates */}} +{{- include "tc.v1.common.loader.apply" . -}} diff --git a/premium/nextcloud/29.5.6/values.yaml b/premium/nextcloud/29.5.6/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/premium/nextcloud/item.yaml b/premium/nextcloud/item.yaml new file mode 100644 index 00000000000..8874ed42c9c --- /dev/null +++ b/premium/nextcloud/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png +categories: + - cloud +screenshots: [] diff --git a/premium/prometheus/17.9.3/.helmignore b/premium/prometheus/17.9.3/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/premium/prometheus/17.9.3/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/premium/prometheus/17.9.3/CHANGELOG.md b/premium/prometheus/17.9.3/CHANGELOG.md new file mode 100644 index 00000000000..5153614296c --- /dev/null +++ b/premium/prometheus/17.9.3/CHANGELOG.md @@ -0,0 +1,17 @@ +--- +title: Changelog +--- + + +*for the complete changelog, please refer to the website* + +**Important:** + + +## [prometheus-17.9.3](https://github.com/truecharts/charts/compare/prometheus-17.9.2...prometheus-17.9.3) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/prometheus/17.9.3/Chart.yaml b/premium/prometheus/17.9.3/Chart.yaml new file mode 100644 index 00000000000..8b1b0a6fa59 --- /dev/null +++ b/premium/prometheus/17.9.3/Chart.yaml @@ -0,0 +1,46 @@ +annotations: + max_scale_version: 24.04.0 + min_scale_version: 23.10.0 + truecharts.org/SCALE-support: "true" + truecharts.org/category: metrics + truecharts.org/max_helm_version: "3.14" + truecharts.org/min_helm_version: "3.12" + truecharts.org/train: premium +apiVersion: v2 +appVersion: 2.50.1 +dependencies: + - name: common + version: 20.0.9 + repository: oci://tccr.io/truecharts + condition: "" + alias: "" + tags: [] + import-values: [] + - name: kube-prometheus-stack + version: 56.21.0 + repository: oci://ghcr.io/prometheus-community/charts + condition: "" + alias: kps + tags: [] + import-values: [] +deprecated: false +description: kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. +home: https://truecharts.org/charts/premium/prometheus +icon: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png +keywords: + - metrics +kubeVersion: '>=1.24.0-0' +maintainers: + - name: TrueCharts + email: info@truecharts.org + url: https://truecharts.org +name: prometheus +sources: + - https://github.com/prometheus-community/helm-charts + - https://github.com/prometheus-operator/kube-prometheus + - https://github.com/truecharts/charts/tree/master/charts/premium/prometheus + - https://hub.docker.com/r/bitnami/prometheus + - https://hub.docker.com/r/bitnami/alertmanager + - https://quay.io/thanos/thanos +type: application +version: 17.9.3 diff --git a/premium/prometheus/17.9.3/README.md b/premium/prometheus/17.9.3/README.md new file mode 100644 index 00000000000..810ee1e6b8a --- /dev/null +++ b/premium/prometheus/17.9.3/README.md @@ -0,0 +1,28 @@ +--- +title: README +--- + +## General Info + +TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/prometheus) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +_All Rights Reserved - The TrueCharts Project_ diff --git a/premium/prometheus/17.9.3/app-changelog.md b/premium/prometheus/17.9.3/app-changelog.md new file mode 100644 index 00000000000..33fbbc34e98 --- /dev/null +++ b/premium/prometheus/17.9.3/app-changelog.md @@ -0,0 +1,9 @@ + + +## [prometheus-17.9.3](https://github.com/truecharts/charts/compare/prometheus-17.9.2...prometheus-17.9.3) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/prometheus/17.9.3/app-readme.md b/premium/prometheus/17.9.3/app-readme.md new file mode 100644 index 00000000000..2a4d2dec545 --- /dev/null +++ b/premium/prometheus/17.9.3/app-readme.md @@ -0,0 +1,8 @@ +kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards, and Prometheus rules combined with documentation and scripts to provide easy to operate end-to-end Kubernetes cluster monitoring with Prometheus using the Prometheus Operator. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/prometheus](https://truecharts.org/charts/premium/prometheus) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/premium/prometheus/17.9.3/charts/common-20.0.9.tgz b/premium/prometheus/17.9.3/charts/common-20.0.9.tgz new file mode 100644 index 00000000000..41a62ef2dc2 Binary files /dev/null and b/premium/prometheus/17.9.3/charts/common-20.0.9.tgz differ diff --git a/premium/prometheus/17.9.3/charts/kube-prometheus-stack-56.21.0.tgz b/premium/prometheus/17.9.3/charts/kube-prometheus-stack-56.21.0.tgz new file mode 100644 index 00000000000..ece8d5e6823 Binary files /dev/null and b/premium/prometheus/17.9.3/charts/kube-prometheus-stack-56.21.0.tgz differ diff --git a/premium/prometheus/17.9.3/ix_values.yaml b/premium/prometheus/17.9.3/ix_values.yaml new file mode 100644 index 00000000000..6f93d04c33e --- /dev/null +++ b/premium/prometheus/17.9.3/ix_values.yaml @@ -0,0 +1,1260 @@ +image: + repository: bitnami/prometheus + tag: 2.50.1@sha256:96f94a8ceeccb67be484871bd68f061364ed53366492a53cb369744512822587 +thanosImage: + repository: quay.io/thanos/thanos + tag: v0.34.1@sha256:567346c3f6ff2927c2c6c0daad977b2213f62d45eca54d48afd19e6deb902181 +alertmanagerImage: + repository: bitnami/alertmanager + tag: 0.27.0@sha256:59674055b5193e9b41e687a5174e90ac9d5f0cff896fd695d11af255f7f99de8 +global: + labels: {} +workload: + main: + enabled: false + podSpec: + containers: + main: + enabled: false + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false + +configmap: + grafana-datasource: + enabled: "{{ if .Values.grafana.datasource.enabled }}true{{ else }}false{{ end }}" + labels: + grafana_datasources: "1" + data: + datasource.yaml: |- + apiVersion: 1 + datasources: + - name: Prometheus + type: prometheus + uid: {{ .Values.grafana.datasource.uid | default "prometheus" }} + url: http://{{ include "tc.v1.common.lib.chart.names.fullname" $ }}.{{ include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $ "objectData" . "caller" "Configmap") }}:{{ .Values.service.main.ports.main.port }} + access: proxy + isDefault: {{ .Values.grafana.datasource.default | default true }} + jsonData: + httpMethod: {{ .Values.grafana.datasource.httpMethod | default "POST" }} + timeInterval: {{ .Values.grafana.datasource.scrapeInterval | default "30s" }} + {{- if .Values.grafana.datasource.timeout }} + timeout: {{ .Values.grafana.datasource.timeout }} + {{- end }} + +grafana: + datasource: + enabled: true + default: true + httpMethod: "POST" + scrapeInterval: "30s" + uid: "prometheus" + +kps: + ## Install Prometheus Operator CRDs + ## + crds: + enabled: false + + ## Manages Prometheus and Alertmanager components + ## + prometheusOperator: + enabled: false + + ## + global: + rbac: + create: true + + ## Create default rules for monitoring the cluster + ## + defaultRules: + create: true + + windowsMonitoring: + ## Deploys the windows-exporter and Windows-specific dashboards and rules (job name must be 'windows-exporter') + enabled: false + + ## Configuration for prometheus-windows-exporter + ## ref: https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-windows-exporter + ## + prometheus-windows-exporter: + ## Enable ServiceMonitor and set Kubernetes label to use as a job label + ## + prometheus: + monitor: + enabled: false + + ## Configuration for alertmanager + ## ref: https://prometheus.io/docs/alerting/alertmanager/ + ## + alertmanager: + ## Deploy alertmanager + ## + enabled: false + + ## Using default values from https://github.com/grafana/helm-charts/blob/main/charts/grafana/values.yaml + ## + grafana: + enabled: false + forceDeployDashboards: true + defaultDashboardsEnabled: true + + ## Flag to disable all the kubernetes component scrapers + ## + kubernetesServiceMonitors: + enabled: true + + ## Component scraping the kube api server + ## + kubeApiServer: + enabled: true + + ## Component scraping the kubelet and kubelet-hosted cAdvisor + ## + kubelet: + enabled: true + + ## Component scraping the kube controller manager + ## + kubeControllerManager: + enabled: true + + ## Component scraping coreDns. Use either this or kubeDns + ## + coreDns: + enabled: true + + ## Component scraping kubeDns. Use either this or coreDns + ## + kubeDns: + enabled: false + + ## Component scraping etcd + ## + kubeEtcd: + enabled: true + + ## Component scraping kube scheduler + ## + kubeScheduler: + enabled: true + + ## Component scraping kube proxy + ## + kubeProxy: + enabled: false + + ## Component scraping kube state metrics + ## + kubeStateMetrics: + enabled: true + + ## dontDeploy node exporter as a daemonset to all nodes + ## + nodeExporter: + enabled: true + + ## dont Deploy a Prometheus instance + ## + prometheus: + enabled: false + + ## Configuration for thanosRuler + ## ref: https://thanos.io/tip/components/rule.md/ + ## + thanosRuler: + ## Dont Deploy thanosRuler + ## + enabled: false + +service: + main: + selectorLabels: + app.kubernetes.io/name: prometheus + prometheus: '{{ template "kube-prometheus.prometheus.fullname" . }}' + ports: + main: + port: 9090 + targetPort: 9090 + protocol: http + alertmanager: + enabled: true + selectorLabels: + app.kubernetes.io/name: alertmanager + alertmanager: '{{ template "kube-prometheus.alertmanager.fullname" . }}' + ports: + alertmanager: + enabled: true + port: 9093 + targetPort: 9093 + protocol: http + thanos: + enabled: true + selectorLabels: + app.kubernetes.io/name: prometheus + prometheus: '{{ template "kube-prometheus.prometheus.fullname" . }}' + ports: + thanos: + enabled: true + port: 10901 + targetPort: 10901 + protocol: http +ingress: + main: + enabled: false + alertmanager: + enabled: false + thanos: + enabled: false +#### +## Operator Config +#### +env: + PROMETHEUS_CONFIG_RELOADER: + configMapKeyRef: + name: prometheus-operator-config + key: prometheus-config-reloader +podOptions: + automountServiceAccountToken: true +rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - apiGroups: + - apiextensions.k8s.io + resourceNames: + - alertmanagers.monitoring.coreos.com + - podmonitors.monitoring.coreos.com + - prometheuses.monitoring.coreos.com + - prometheusrules.monitoring.coreos.com + - servicemonitors.monitoring.coreos.com + - thanosrulers.monitoring.coreos.com + - probes.monitoring.coreos.com + resources: + - customresourcedefinitions + verbs: + - get + - update + - apiGroups: + - monitoring.coreos.com + resources: + - alertmanagers + - alertmanagers/finalizers + - alertmanagerconfigs + - prometheuses + - prometheuses/finalizers + - thanosrulers + - thanosrulers/finalizers + - servicemonitors + - podmonitors + - probes + - prometheusrules + verbs: + - "*" + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - "*" + - apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - "*" + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - delete + - apiGroups: + - "" + resources: + - services + - services/finalizers + - endpoints + verbs: + - get + - create + - update + - delete + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - list + - watch +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + enabled: true + primary: true + +securityContext: + readOnlyRootFilesystem: false + +probes: + # -- Liveness probe configuration + # @default -- See below + liveness: + custom: true + spec: + httpGet: + path: "/metrics" + port: promop + scheme: HTTP + # -- Redainess probe configuration + # @default -- See below + readiness: + custom: true + spec: + httpGet: + path: "/metrics" + port: promop + scheme: HTTP + # -- Startup probe configuration + # @default -- See below + startup: + custom: true + spec: + httpGet: + path: "/metrics" + port: promop + scheme: HTTP +operator: + ## Create a servicemonitor for the operator + ## + serviceMonitor: + ## @param operator.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus Operator + ## + enabled: false + ## @param operator.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param operator.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param operator.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + ## Prometheus Configmap-reload image to use for reloading configmaps + ## defaults to Bitnami Prometheus Operator (ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus-operator/tags/) + ## + prometheusConfigReloader: + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 20 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +#### +## Prometheus Config (Spawned by Operator) +#### + +## Deploy a Prometheus instance +## +prometheus: + ## @param prometheus.enabled Deploy Prometheus to the cluster + ## + enabled: true + ## Bitnami Prometheus image version + ## ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus/tags/ + ## @param prometheus.image.registry Prometheus image registry + ## @param prometheus.image.repository Prometheus image repository + ## @param prometheus.image.tag Prometheus Image tag (immutable tags are recommended) + ## @param prometheus.image.pullSecrets Specify docker-registry secret names as an array + ## + ## Service account for Prometheus to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param prometheus.serviceAccount.create Specify whether to create a ServiceAccount for Prometheus + ## + create: true + ## @param prometheus.serviceAccount.name The name of the ServiceAccount to create + ## If not set and create is true, a name is generated using the kube-prometheus.prometheus.fullname template + name: "" + ## @param prometheus.serviceAccount.annotations Additional annotations for created Prometheus ServiceAccount + ## annotations: + ## eks.amazonaws.com/role-arn: arn:aws:iam::ACCOUNT:role/prometheus + ## + annotations: {} + ## Prometheus pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param prometheus.podSecurityContext.enabled Enable security context + ## @param prometheus.podSecurityContext.runAsUser User ID for the container + ## @param prometheus.podSecurityContext.fsGroup Group ID for the container filesystem + ## + podSecurityContext: + enabled: true + runAsUser: 1001 + fsGroup: 1001 + ## Prometheus containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param prometheus.containerSecurityContext.enabled Enable container security context + ## @param prometheus.containerSecurityContext.readOnlyRootFilesystem Mount / (root) as a readonly filesystem + ## @param prometheus.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off + ## @param prometheus.containerSecurityContext.runAsNonRoot Force the container to run as a non root user + ## @param prometheus.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped + ## + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + serviceMonitor: + ## @param prometheus.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus itself + ## + enabled: true + ## @param prometheus.serviceMonitor.interval Scrape interval (use by default, falling back to Prometheus' default) + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param prometheus.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param prometheus.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + ## @param prometheus.externalUrl External URL used to access Prometheus + ## If not creating an ingress but still exposing the service some other way (like a proxy) + ## let Prometheus know what its external URL is so that it can properly create links + ## externalUrl: https://prometheus.example.com + ## + externalUrl: "" + ## @param prometheus.resources CPU/Memory resource requests/limits for node + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param prometheus.podAffinityPreset Prometheus Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param prometheus.podAntiAffinityPreset Prometheus Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param prometheus.nodeAffinityPreset.type Prometheus Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param prometheus.nodeAffinityPreset.key Prometheus Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param prometheus.nodeAffinityPreset.values Prometheus Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param prometheus.affinity Prometheus Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: prometheus.podAffinityPreset, prometheus.podAntiAffinityPreset, and prometheus.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param prometheus.nodeSelector Prometheus Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param prometheus.tolerations Prometheus Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## @param prometheus.scrapeInterval Interval between consecutive scrapes + ## + scrapeInterval: "15s" + ## @param prometheus.evaluationInterval Interval between consecutive evaluations + ## + evaluationInterval: "30s" + ## @param prometheus.listenLocal ListenLocal makes the Prometheus server listen on loopback + ## + listenLocal: false + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.livenessProbe.enabled Turn on and off liveness probe + ## @param prometheus.livenessProbe.path Path of the HTTP service for checking the healthy state + ## @param prometheus.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param prometheus.livenessProbe.periodSeconds How often to perform the probe + ## @param prometheus.livenessProbe.timeoutSeconds When the probe times out + ## @param prometheus.livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + path: /-/healthy + initialDelaySeconds: 0 + failureThreshold: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.readinessProbe.enabled Turn on and off readiness probe + ## @param prometheus.readinessProbe.path Path of the HTTP service for checking the ready state + ## @param prometheus.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param prometheus.readinessProbe.periodSeconds How often to perform the probe + ## @param prometheus.readinessProbe.timeoutSeconds When the probe times out + ## @param prometheus.readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + path: /-/ready + initialDelaySeconds: 0 + failureThreshold: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + ## @param prometheus.enableAdminAPI Enable Prometheus adminitrative API + ## ref: https://prometheus.io/docs/prometheus/latest/querying/api/#tsdb-admin-apis + ## + enableAdminAPI: false + ## @param prometheus.enableFeatures Enable access to Prometheus disabled features. + ## ref: https://prometheus.io/docs/prometheus/latest/disabled_features/ + ## + enableFeatures: [] + ## @param prometheus.alertingEndpoints Alertmanagers to which alerts will be sent + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints + ## + alertingEndpoints: [] + ## @param prometheus.externalLabels External labels to add to any time series or alerts when communicating with external systems + ## + externalLabels: {} + ## @param prometheus.replicaExternalLabelName Name of the external label used to denote replica name + ## + replicaExternalLabelName: "" + ## @param prometheus.replicaExternalLabelNameClear Clear external label used to denote replica name + ## + replicaExternalLabelNameClear: false + ## @param prometheus.routePrefix Prefix used to register routes, overriding externalUrl route + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / + ## @param prometheus.prometheusExternalLabelName Name of the external label used to denote Prometheus instance name + ## + prometheusExternalLabelName: "" + ## @param prometheus.prometheusExternalLabelNameClear Clear external label used to denote Prometheus instance name + ## + prometheusExternalLabelNameClear: false + ## @param prometheus.secrets Secrets that should be mounted into the Prometheus Pods + ## + secrets: [] + ## @param prometheus.configMaps ConfigMaps that should be mounted into the Prometheus Pods + ## + configMaps: [] + ## @param prometheus.querySpec The query command line flags when starting Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#queryspec + ## + querySpec: {} + ## @param prometheus.ruleNamespaceSelector Namespaces to be selected for PrometheusRules discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + ruleNamespaceSelector: {} + ## @param prometheus.ruleSelector PrometheusRules to be selected for target discovery + ## If {}, select all ServiceMonitors + ## + ruleSelector: {} + ## @param prometheus.serviceMonitorSelector ServiceMonitors to be selected for target discovery + ## If {}, select all ServiceMonitors + ## + serviceMonitorSelector: {} + ## @param prometheus.matchLabels Matchlabels + ## + matchLabels: {} + ## @param prometheus.serviceMonitorNamespaceSelector Namespaces to be selected for ServiceMonitor discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + serviceMonitorNamespaceSelector: {} + ## @param prometheus.podMonitorSelector PodMonitors to be selected for target discovery. + ## If {}, select all PodMonitors + ## + podMonitorSelector: {} + ## @param prometheus.podMonitorNamespaceSelector Namespaces to be selected for PodMonitor discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + podMonitorNamespaceSelector: {} + ## @param prometheus.probeSelector Probes to be selected for target discovery. + ## If {}, select all Probes + ## + probeSelector: {} + ## @param prometheus.probeNamespaceSelector Namespaces to be selected for Probe discovery + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage + ## + probeNamespaceSelector: {} + ## @param prometheus.scrapeConfigSelector The scrapeConfigs to be selected for target discovery. + ## If {}, select all scrapeConfigs + ## + scrapeConfigSelector: {} + ## @param prometheus.scrapeConfigNamespaceSelector Namespaces to be selected for scrapeConfig discovery. + ## If {}, select all namespaces. + ## If nil, select own namespace. + scrapeConfigNamespaceSelector: {} + ## @param prometheus.retention Metrics retention days + ## + retention: 31d + ## @param prometheus.retentionSize Maximum size of metrics + ## + retentionSize: "" + ## @param prometheus.disableCompaction Disable the compaction of the Prometheus TSDB + ## See https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## ref: https://prometheus.io/docs/prometheus/latest/storage/#compaction + ## + disableCompaction: false + ## @param prometheus.walCompression Enable compression of the write-ahead log using Snappy + ## + walCompression: false + ## @param prometheus.enableRemoteWriteReceiver Enable Prometheus to be used as a receiver for the Prometheus remote write protocol + ## + enableRemoteWriteReceiver: false + ## @param prometheus.paused If true, the Operator won't process any Prometheus configuration changes + ## + paused: false + ## @param prometheus.replicaCount Number of Prometheus replicas desired + ## + replicaCount: 1 + ## @param prometheus.logLevel Log level for Prometheus + ## + logLevel: info + ## @param prometheus.logFormat Log format for Prometheus + ## + logFormat: logfmt + ## @param prometheus.podMetadata [object] Standard object's metadata + ## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## + podMetadata: + ## labels: + ## app: prometheus + ## k8s-app: prometheus + ## + labels: {} + annotations: {} + ## @param prometheus.remoteRead The remote_read spec configuration for Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotereadspec + ## remoteRead: + ## - url: http://remote1/read + ## + remoteRead: [] + ## @param prometheus.remoteWrite The remote_write spec configuration for Prometheus + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#remotewritespec + ## remoteWrite: + ## - url: http://remote1/push + ## + remoteWrite: [] + ## @param prometheus.storageSpec Prometheus StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Prometheus persistence parameters + ## + persistence: + ## @param prometheus.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect. + ## + enabled: true + ## @param prometheus.persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param prometheus.persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param prometheus.persistence.size Persistent Volume Size + ## + size: 999Gi + ## @param prometheus.priorityClassName Priority class assigned to the Pods + ## + priorityClassName: "" + ## @param prometheus.containers Containers allows injecting additional containers + ## + containers: [] + ## @param prometheus.volumes Volumes allows configuration of additional volumes + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + volumes: [] + ## @param prometheus.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + volumeMounts: [] + ## @param prometheus.additionalPrometheusRules PrometheusRule defines recording and alerting rules for a Prometheus instance. + additionalPrometheusRules: [] + ## - name: custom-recording-rules + ## groups: + ## - name: sum_node_by_job + ## rules: + ## - record: job:kube_node_labels:sum + ## expr: sum(kube_node_labels) by (job) + ## - name: sum_prometheus_config_reload_by_pod + ## rules: + ## - record: job:prometheus_config_last_reload_successful:sum + ## expr: sum(prometheus_config_last_reload_successful) by (pod) + ## - name: custom-alerting-rules + ## groups: + ## - name: prometheus-config + ## rules: + ## - alert: PrometheusConfigurationReload + ## expr: prometheus_config_last_reload_successful > 0 + ## for: 1m + ## labels: + ## severity: error + ## annotations: + ## summary: "Prometheus configuration reload (instance {{ $labels.instance }})" + ## description: "Prometheus configuration reload error\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" + ## - name: custom-node-exporter-alerting-rules + ## rules: + ## - alert: PhysicalComponentTooHot + ## expr: node_hwmon_temp_celsius > 75 + ## for: 5m + ## labels: + ## severity: warning + ## annotations: + ## summary: "Physical component too hot (instance {{ $labels.instance }})" + ## description: "Physical hardware component too hot\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" + ## - alert: NodeOvertemperatureAlarm + ## expr: node_hwmon_temp_alarm == 1 + ## for: 5m + ## labels: + ## severity: critical + ## annotations: + ## summary: "Node overtemperature alarm (instance {{ $labels.instance }})" + ## description: "Physical node temperature alarm triggered\n VALUE = {{ $value }}\n LABELS: {{ $labels }}" + ## + ## Note that the prometheus will fail to provision if the correct secret does not exist. + ## @param prometheus.additionalScrapeConfigs.enabled Enable additional scrape configs + ## @param prometheus.additionalScrapeConfigs.type Indicates if the cart should use external additional scrape configs or internal configs + ## @param prometheus.additionalScrapeConfigs.external.name Name of the secret that Prometheus should use for the additional external scrape configuration + ## @param prometheus.additionalScrapeConfigs.external.key Name of the key inside the secret to be used for the additional external scrape configuration + ## @param prometheus.additionalScrapeConfigs.internal.jobList A list of Prometheus scrape jobs + ## + additionalScrapeConfigs: + enabled: false + type: external + external: + ## Name of the secret that Prometheus should use for the additional scrape configuration + ## + name: "" + ## Name of the key inside the secret to be used for the additional scrape configuration. + ## + key: "" + internal: + jobList: [] + ## @param prometheus.additionalScrapeConfigsExternal.enabled Deprecated: Enable additional scrape configs that are managed externally to this chart + ## @param prometheus.additionalScrapeConfigsExternal.name Deprecated: Name of the secret that Prometheus should use for the additional scrape configuration + ## @param prometheus.additionalScrapeConfigsExternal.key Deprecated: Name of the key inside the secret to be used for the additional scrape configuration + ## + additionalScrapeConfigsExternal: + enabled: false + name: "" + key: "" + ## Enable additional Prometheus alert relabel configs that are managed externally to this chart + ## Note that the prometheus will fail to provision if the correct secret does not exist. + ## @param prometheus.additionalAlertRelabelConfigsExternal.enabled Enable additional Prometheus alert relabel configs that are managed externally to this chart + ## @param prometheus.additionalAlertRelabelConfigsExternal.name Name of the secret that Prometheus should use for the additional Prometheus alert relabel configuration + ## @param prometheus.additionalAlertRelabelConfigsExternal.key Name of the key inside the secret to be used for the additional Prometheus alert relabel configuration + ## + additionalAlertRelabelConfigsExternal: + enabled: false + name: "" + key: "" + ## Thanos sidecar container configuration + ## + thanos: + ## @param prometheus.thanos.create Create a Thanos sidecar container + ## + create: false + ## Bitnami Thanos image + ## ref: https://hub.docker.com/r/tccr.io/truecharts/thanos/tags/ + ## @param prometheus.thanos.image.registry Thanos image registry + ## @param prometheus.thanos.image.repository Thanos image name + ## @param prometheus.thanos.image.tag Thanos image tag + ## @param prometheus.thanos.image.pullPolicy Thanos image pull policy + ## @param prometheus.thanos.image.pullSecrets Specify docker-registry secret names as an array + ## + ## Thanos Sidecar container's securityContext + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param prometheus.thanos.containerSecurityContext.enabled Enable container security context + ## @param prometheus.thanos.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem + ## @param prometheus.thanos.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off + ## @param prometheus.thanos.containerSecurityContext.runAsNonRoot Force the container to run as a non root user + ## @param prometheus.thanos.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped + ## + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + ## @param prometheus.thanos.prometheusUrl Override default prometheus url "http://localhost:9090" + ## + prometheusUrl: "" + ## @param prometheus.thanos.extraArgs Additional arguments passed to the thanos sidecar container + ## extraArgs: + ## - --log.level=debug + ## - --tsdb.path=/data/ + ## + extraArgs: [] + ## @param prometheus.thanos.objectStorageConfig Support mounting a Secret for the objectStorageConfig of the sideCar container. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/thanos.md + ## objectStorageConfig: + ## secretName: thanos-objstore-config + ## secretKey: thanos.yaml + ## + objectStorageConfig: {} + ## ref: https://github.com/thanos-io/thanos/blob/main/docs/components/sidecar.md + ## @param prometheus.thanos.extraVolumeMounts Additional volumeMounts from `prometheus.volumes` for thanos sidecar container + ## extraVolumeMounts: + ## - name: my-secret-volume + ## mountPath: /etc/thanos/secrets/my-secret + ## + extraVolumeMounts: [] + ## Thanos sidecar container resource requests and limits. + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param prometheus.thanos.resources.limits The resources limits for the Thanos sidecar container + ## @param prometheus.thanos.resources.requests The resources requests for the Thanos sidecar container + ## + resources: + ## Example: + ## limits: + ## cpu: 100m + ## memory: 128Mi + limits: {} + ## Examples: + ## requests: + ## cpu: 100m + ## memory: 128Mi + requests: {} + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.thanos.livenessProbe.enabled Turn on and off liveness probe + ## @param prometheus.thanos.livenessProbe.path Path of the HTTP service for checking the healthy state + ## @param prometheus.thanos.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param prometheus.thanos.livenessProbe.periodSeconds How often to perform the probe + ## @param prometheus.thanos.livenessProbe.timeoutSeconds When the probe times out + ## @param prometheus.thanos.livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.thanos.livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + path: /-/healthy + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param prometheus.thanos.readinessProbe.enabled Turn on and off readiness probe + ## @param prometheus.thanos.readinessProbe.path Path of the HTTP service for checking the ready state + ## @param prometheus.thanos.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param prometheus.thanos.readinessProbe.periodSeconds How often to perform the probe + ## @param prometheus.thanos.readinessProbe.timeoutSeconds When the probe times out + ## @param prometheus.thanos.readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param prometheus.thanos.readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + path: /-/ready + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## Thanos Sidecar Service + ## + service: + ## @param prometheus.thanos.service.type Kubernetes service type + ## + type: ClusterIP + ## @param prometheus.thanos.service.port Thanos service port + ## + port: 10901 + ## @param prometheus.thanos.service.clusterIP Specific cluster IP when service type is cluster IP. Use `None` to create headless service by default. + ## Use a "headless" service by default so it returns every pod's IP instead of loadbalancing requests. + ## + clusterIP: None + ## @param prometheus.thanos.service.nodePort Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## e.g: + ## nodePort: 30901 + ## + nodePort: "" + ## @param prometheus.thanos.service.loadBalancerIP `loadBalancerIP` if service type is `LoadBalancer` + ## Set the LoadBalancer service type to internal only + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## @param prometheus.thanos.service.loadBalancerSourceRanges Address that are allowed when svc is `LoadBalancer` + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param prometheus.thanos.service.annotations Additional annotations for Prometheus service + ## + annotations: {} + ## @param prometheus.thanos.service.extraPorts Additional ports to expose from the Thanos sidecar container + ## extraPorts: + ## - name: http + ## port: 10902 + ## targetPort: http + ## protocol: tcp + ## + extraPorts: [] + ## @param prometheus.portName Port name used for the pods and governing service. This defaults to web + ## + portName: main + +#### +## Alert Manager Config +#### + +## @section Alertmanager Parameters + +## Configuration for alertmanager +## ref: https://prometheus.io/docs/alerting/alertmanager/ +## +alertmanager: + ## @param alertmanager.enabled Deploy Alertmanager to the cluster + ## + enabled: true + ## Service account for Alertmanager to use. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param alertmanager.serviceAccount.create Specify whether to create a ServiceAccount for Alertmanager + ## + create: true + ## @param alertmanager.serviceAccount.name The name of the ServiceAccount to create + ## If not set and create is true, a name is generated using the kube-prometheus.alertmanager.fullname template + name: "" + ## Prometheus Alertmanager pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param alertmanager.podSecurityContext.enabled Enable security context + ## @param alertmanager.podSecurityContext.runAsUser User ID for the container + ## @param alertmanager.podSecurityContext.fsGroup Group ID for the container filesystem + ## + podSecurityContext: + enabled: true + runAsUser: 1001 + fsGroup: 1001 + ## Prometheus Alertmanager container's securityContext + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param alertmanager.containerSecurityContext.enabled Enable container security context + ## @param alertmanager.containerSecurityContext.readOnlyRootFilesystem mount / (root) as a readonly filesystem + ## @param alertmanager.containerSecurityContext.allowPrivilegeEscalation Switch privilegeEscalation possibility on or off + ## @param alertmanager.containerSecurityContext.runAsNonRoot Force the container to run as a non root user + ## @param alertmanager.containerSecurityContext.capabilities.drop [array] Linux Kernel capabilities which should be dropped + ## + containerSecurityContext: + enabled: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: + - ALL + ## Configure pod disruption budgets for Alertmanager + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget + ## @param alertmanager.podDisruptionBudget.enabled Create a pod disruption budget for Alertmanager + ## @param alertmanager.podDisruptionBudget.minAvailable Minimum number / percentage of pods that should remain scheduled + ## @param alertmanager.podDisruptionBudget.maxUnavailable Maximum number / percentage of pods that may be made unavailable + ## + podDisruptionBudget: + enabled: false + minAvailable: 1 + maxUnavailable: "" + ## If true, create a serviceMonitor for alertmanager + ## + serviceMonitor: + ## @param alertmanager.serviceMonitor.enabled Creates a ServiceMonitor to monitor Alertmanager + ## + enabled: true + ## @param alertmanager.serviceMonitor.interval Scrape interval. If not set, the Prometheus default scrape interval is used. + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + interval: "" + ## @param alertmanager.serviceMonitor.metricRelabelings Metric relabeling + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs + ## + metricRelabelings: [] + ## @param alertmanager.serviceMonitor.relabelings Relabel configs + ## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + ## + relabelings: [] + ## @param alertmanager.externalUrl External URL used to access Alertmanager + ## e.g: + ## externalUrl: https://alertmanager.example.com + ## + externalUrl: "" + ## @param alertmanager.resources CPU/Memory resource requests/limits for node + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: {} + ## @param alertmanager.podAffinityPreset Alertmanager Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAffinityPreset: "" + ## @param alertmanager.podAntiAffinityPreset Alertmanager Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## + podAntiAffinityPreset: soft + ## Node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## + nodeAffinityPreset: + ## @param alertmanager.nodeAffinityPreset.type Alertmanager Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param alertmanager.nodeAffinityPreset.key Alertmanager Node label key to match Ignored if `affinity` is set. + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## @param alertmanager.nodeAffinityPreset.values Alertmanager Node label values to match. Ignored if `affinity` is set. + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + ## @param alertmanager.affinity Alertmanager Affinity for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: alertmanager.podAffinityPreset, alertmanager.podAntiAffinityPreset, and alertmanager.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + ## @param alertmanager.nodeSelector Alertmanager Node labels for pod assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + ## @param alertmanager.tolerations Alertmanager Tolerations for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + ## Alertmanager configuration + ## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file + ## @param alertmanager.config [object] Alertmanager configuration directive + ## @skip alertmanager.config.route.group_by + ## @skip alertmanager.config.route.routes + ## @skip alertmanager.config.receivers + ## + config: + global: + resolve_timeout: 5m + route: + group_by: + - job + group_wait: 30s + group_interval: 5m + repeat_interval: 12h + receiver: "null" + routes: + - match: + alertname: Watchdog + receiver: "null" + receivers: + - name: "null" + ## @param alertmanager.externalConfig Alertmanager configuration is created externally. If true, `alertmanager.config` is ignored, and a secret will not be created. + ## Alertmanager requires a secret named `alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }}` + ## It must contain: + ## alertmanager.yaml: + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/alerting.md#alerting + ## + externalConfig: false + ## @param alertmanager.replicaCount Number of Alertmanager replicas desired + ## + replicaCount: 1 + ## Configure extra options for liveness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param alertmanager.livenessProbe.enabled Turn on and off liveness probe + ## @param alertmanager.livenessProbe.path Path of the HTTP service for checking the healthy state + ## @param alertmanager.livenessProbe.initialDelaySeconds Delay before liveness probe is initiated + ## @param alertmanager.livenessProbe.periodSeconds How often to perform the probe + ## @param alertmanager.livenessProbe.timeoutSeconds When the probe times out + ## @param alertmanager.livenessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param alertmanager.livenessProbe.successThreshold Minimum consecutive successes for the probe + ## + livenessProbe: + enabled: true + path: /-/healthy + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## Configure extra options for readiness probe + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param alertmanager.readinessProbe.enabled Turn on and off readiness probe + ## @param alertmanager.readinessProbe.path Path of the HTTP service for checking the ready state + ## @param alertmanager.readinessProbe.initialDelaySeconds Delay before readiness probe is initiated + ## @param alertmanager.readinessProbe.periodSeconds How often to perform the probe + ## @param alertmanager.readinessProbe.timeoutSeconds When the probe times out + ## @param alertmanager.readinessProbe.failureThreshold Minimum consecutive failures for the probe + ## @param alertmanager.readinessProbe.successThreshold Minimum consecutive successes for the probe + ## + readinessProbe: + enabled: true + path: /-/ready + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 120 + successThreshold: 1 + ## @param alertmanager.logLevel Log level for Alertmanager + ## + logLevel: info + ## @param alertmanager.logFormat Log format for Alertmanager + ## + logFormat: logfmt + ## @param alertmanager.podMetadata [object] Standard object's metadata. + ## ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata + ## + podMetadata: + labels: {} + annotations: {} + ## @param alertmanager.secrets Secrets that should be mounted into the Alertmanager Pods + ## + secrets: [] + ## @param alertmanager.configMaps ConfigMaps that should be mounted into the Alertmanager Pods + ## + configMaps: [] + ## @param alertmanager.retention Metrics retention days + ## + retention: 240h + ## @param alertmanager.storageSpec Alertmanager StorageSpec for persistent data + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md + ## + storageSpec: {} + ## Alertmanager persistence parameters + ## + persistence: + ## @param alertmanager.persistence.enabled Use PVCs to persist data. If the storageSpec is provided this will not take effect. + ## If you want to use this configuration make sure the storageSpec is not provided. + ## + enabled: true + ## @param alertmanager.persistence.storageClass Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. + ## + storageClass: "" + ## @param alertmanager.persistence.accessModes Persistent Volume Access Modes + ## + accessModes: + - ReadWriteOnce + ## @param alertmanager.persistence.size Persistent Volume Size + ## + size: 999Gi + ## @param alertmanager.paused If true, the Operator won't process any Alertmanager configuration changes + ## + paused: false + ## @param alertmanager.listenLocal ListenLocal makes the Alertmanager server listen on loopback + ## + listenLocal: false + ## @param alertmanager.containers Containers allows injecting additional containers + ## + containers: [] + ## @param alertmanager.volumes Volumes allows configuration of additional volumes. Evaluated as a template + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#alertmanagerspec + ## + volumes: [] + ## @param alertmanager.volumeMounts VolumeMounts allows configuration of additional VolumeMounts. Evaluated as a template + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/pi.md#alertmanagerspec + ## + volumeMounts: [] + ## @param alertmanager.priorityClassName Priority class assigned to the Pods + ## + priorityClassName: "" + ## @param alertmanager.additionalPeers AdditionalPeers allows injecting a set of additional Alertmanagers to peer with to form a highly available cluster + ## + additionalPeers: [] + ## @param alertmanager.routePrefix Prefix used to register routes, overriding externalUrl route + ## Useful for proxies that rewrite URLs. + ## + routePrefix: / + ## @param alertmanager.portName Port name used for the pods and governing service. This defaults to web + ## + portName: alertmanager + ## @param alertmanager.configNamespaceSelector AlertmanagerConfigs to be selected for to merge and configure Alertmanager with. This defaults to {} + ## + configNamespaceSelector: {} + ## @param alertmanager.configSelector Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. This defaults to {} + ## + configSelector: {} + +portal: + open: + enabled: true diff --git a/premium/prometheus/17.9.3/questions.yaml b/premium/prometheus/17.9.3/questions.yaml new file mode 100755 index 00000000000..cde3f07f613 --- /dev/null +++ b/premium/prometheus/17.9.3/questions.yaml @@ -0,0 +1,1808 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Backup Configuration + description: Configure Velero Backup Schedule + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation + +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + +questions: + - variable: operator + group: "App Configuration" + label: "Operator Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: logLevel + label: "Log Level" + description: "Log level for Operator" + schema: + type: string + default: "info" + - variable: prometheus + group: "App Configuration" + label: "Prometheus Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: logLevel + label: "Log Level" + description: "Log level for Prometheus" + schema: + type: string + default: "info" + - variable: retention + label: "Retention" + description: "Metrics retention days" + schema: + type: string + default: "31d" + - variable: retentionSize + label: "Max Retention Size" + description: "Maximum size of metrics" + schema: + type: string + default: "" + - variable: scrapeInterval + label: "Scrape interval" + description: "Interval between consecutive scrapes" + schema: + type: string + default: "15s" + - variable: evaluationInterval + label: "Evaluation interval" + description: "Interval between consecutive evaluations" + schema: + type: string + default: "30s" + - variable: disableCompaction + label: "Disable Compaction" + description: "Disable the compaction of the Prometheus TSDB" + schema: + type: boolean + default: false + - variable: walCompression + label: "WAL Compression" + description: "Enable compression of the write-ahead log using Snappy" + schema: + type: boolean + default: false + - variable: enableRemoteWriteReceiver + label: "Remote Write Receiver" + description: "Enable Prometheus to be used as a receiver for the Prometheus remote write protocol" + schema: + type: boolean + default: false + - variable: remoteWrite + label: "Remote Write" + schema: + type: list + default: [] + items: + - variable: remoteWriteEntry + label: Remote Write Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: url + label: URL + description: Remote write destination URL + schema: + type: string + required: true + default: "" + - variable: basicAuth + label: Basic Auth + description: Basic authentication for remote write + schema: + type: dict + attrs: + - variable: username + label: Username + description: Basic auth username + schema: + type: string + required: true + default: "" + - variable: password + label: Password + description: Basic auth password + schema: + type: string + required: false + default: "" + - variable: exporters + group: "App Configuration" + label: "Exporter Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: node-exporter + label: "node-exporter" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + - variable: kube-state-metrics + label: "Kube-State-Metrics" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + - variable: alertmanager + group: "App Configuration" + label: "Alertmanager Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: logLevel + label: "Log Level" + description: "Log level for Alertmanager" + schema: + type: string + default: "info" + - variable: retention + label: "Retention" + description: "Metrics retention days" + schema: + type: string + default: "240h" + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Service" + description: "The serving the Prometheus WebUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 9090 + required: true + - variable: alertmanager + label: "alertmanager Service" + description: "alertmanager service " + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: alertmanager + label: "alertmanager Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 9093 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name (Optional) + description: Defaults to chart name + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description (Optional) + description: Defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: icon + label: Icon (Optional) + description: Defaults to chart icon + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + - variable: widget + label: Widget Settings + schema: + type: dict + additional_attrs: true + show_if: [["enabled", "=", true]] + attrs: + - variable: enabled + label: Enable Widget + description: When disabled all widget annotations are skipped. + schema: + type: boolean + default: true + - variable: custom + label: Options + schema: + type: dict + additional_attrs: true + attrs: + - variable: key + label: API-key (key) + schema: + type: string + default: "" + - variable: customkv + label: Custom Options + schema: + type: list + default: [] + items: + - variable: option + label: Option + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + default: "" + required: true + - variable: value + label: Value + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: overrideService + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: namespace + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description + description: defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + diff --git a/premium/prometheus/17.9.3/templates/NOTES.txt b/premium/prometheus/17.9.3/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/premium/prometheus/17.9.3/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/premium/prometheus/17.9.3/templates/_helpers.tpl b/premium/prometheus/17.9.3/templates/_helpers.tpl new file mode 100644 index 00000000000..1f44049ac4c --- /dev/null +++ b/premium/prometheus/17.9.3/templates/_helpers.tpl @@ -0,0 +1,210 @@ +{{/* Name suffixed with operator */}} +{{- define "kube-prometheus.fullname" -}} +{{- printf "%s" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with operator */}} +{{- define "kube-prometheus.name" -}} +{{- printf "%s" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with operator */}} +{{- define "kube-prometheus.operator.name" -}} +{{- printf "%s-operator" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with prometheus */}} +{{- define "kube-prometheus.prometheus.name" -}} +{{- printf "%s-prometheus" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with alertmanager */}} +{{- define "kube-prometheus.alertmanager.name" -}} +{{- printf "%s-alertmanager" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Name suffixed with thanos */}} +{{- define "kube-prometheus.thanos.name" -}} +{{- printf "%s-thanos" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with operator */}} +{{- define "kube-prometheus.operator.fullname" -}} +{{- printf "%s-operator" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with prometheus */}} +{{- define "kube-prometheus.prometheus.fullname" -}} +{{- printf "%s-prometheus" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with alertmanager */}} +{{- define "kube-prometheus.alertmanager.fullname" -}} +{{- printf "%s-alertmanager" (include "tc.v1.common.lib.chart.names.fullname" . ) -}} +{{- end }} + +{{/* Fullname suffixed with thanos */}} +{{- define "kube-prometheus.thanos.fullname" -}} +{{- printf "%s-thanos" (include "kube-prometheus.prometheus.fullname" .) -}} +{{- end }} + +{{- define "kube-prometheus.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common Labels +*/}} +{{- define "kube-prometheus.labels" -}} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 0 }} + {{- end }} +{{- if .Values.global.labels }} +{{ toYaml .Values.global.labels }} +{{- end }} +{{- end -}} + +{{/* +Labels for operator +*/}} +{{- define "kube-prometheus.operator.labels" -}} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 0 }} + {{- end }} +app.kubernetes.io/component: operator +{{- end -}} + +{{/* +Labels for prometheus +*/}} +{{- define "kube-prometheus.prometheus.labels" -}} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 0 }} + {{- end }} +app.kubernetes.io/component: prometheus +{{- end -}} + +{{/* +Labels for alertmanager +*/}} +{{- define "kube-prometheus.alertmanager.labels" -}} + {{- $labels := (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + {{- . | nindent 0 }} + {{- end }} +app.kubernetes.io/component: alertmanager +{{- end -}} + +{{/* +matchLabels for operator +*/}} +{{- define "kube-prometheus.operator.matchLabels" -}} +{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ )}} +app.kubernetes.io/component: operator +{{- end -}} + +{{/* +matchLabels for prometheus +*/}} +{{- define "kube-prometheus.prometheus.matchLabels" -}} +{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ )}} +app.kubernetes.io/component: prometheus +{{- end -}} + +{{/* +matchLabels for alertmanager +*/}} +{{- define "kube-prometheus.alertmanager.matchLabels" -}} +{{ include "tc.v1.common.lib.metadata.selectorLabels" (dict "rootCtx" $ )}} +app.kubernetes.io/component: alertmanager +{{- end -}} + +{{/* +Return the proper Prometheus Operator image name +*/}} +{{- define "kube-prometheus.image" -}} +{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Prometheus Operator Reloader image name +*/}} +{{- define "kube-prometheus.prometheusConfigReloader.image" -}} +{{- include "kube-prometheus.image" . -}} +{{- end -}} + +{{/* +Return the proper Prometheus Image name +*/}} +{{- define "kube-prometheus.prometheus.image" -}} +{{ printf "%s:%s" .Values.image.repository (default .Chart.AppVersion .Values.image.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Thanos Image name +*/}} +{{- define "kube-prometheus.prometheus.thanosImage" -}} +{{ printf "%s:%s" .Values.thanosImage.repository (default .Chart.AppVersion .Values.thanosImage.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Alertmanager Image name +*/}} +{{- define "kube-prometheus.alertmanager.image" -}} +{{ printf "%s:%s" .Values.alertmanagerImage.repository (default .Chart.AppVersion .Values.alertmanagerImage.tag) | quote }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "kube-prometheus.imagePullSecrets" -}} +{{- end -}} + +{{/* +Create the name of the operator service account to use +*/}} +{{- define "kube-prometheus.operator.serviceAccountName" -}} +{{- if .Values.operator.serviceAccount.create -}} + {{ default (include "kube-prometheus.operator.fullname" .) .Values.operator.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.operator.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the prometheus service account to use +*/}} +{{- define "kube-prometheus.prometheus.serviceAccountName" -}} +{{- if .Values.prometheus.serviceAccount.create -}} + {{ default (include "kube-prometheus.prometheus.fullname" .) .Values.prometheus.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.prometheus.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the alertmanager service account to use +*/}} +{{- define "kube-prometheus.alertmanager.serviceAccountName" -}} +{{- if .Values.alertmanager.serviceAccount.create -}} + {{ default (include "kube-prometheus.alertmanager.fullname" .) .Values.alertmanager.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.alertmanager.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "kube-prometheus.validateValues" -}} +{{- $messages := list -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} diff --git a/premium/prometheus/17.9.3/templates/alertmanager/_alertmanager.tpl b/premium/prometheus/17.9.3/templates/alertmanager/_alertmanager.tpl new file mode 100644 index 00000000000..ed5e24e9da6 --- /dev/null +++ b/premium/prometheus/17.9.3/templates/alertmanager/_alertmanager.tpl @@ -0,0 +1,174 @@ +{{- define "prometheus.alertmanager.alertmanager" -}} +{{- if .Values.alertmanager.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: Alertmanager +metadata: + name: {{ template "kube-prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.alertmanager.replicaCount }} + serviceAccountName: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }} + {{- if .Values.alertmanager.image }} + image: {{ template "kube-prometheus.alertmanager.image" . }} + {{- end }} + listenLocal: {{ .Values.alertmanager.listenLocal }} + {{- if index .Values.alertmanager "externalUrl" }} + externalUrl: "{{ .Values.alertmanager.externalUrl }}" + {{- else if and .Values.ingress.alertmanager.enabled .Values.ingress.alertmanager.hosts }} + externalUrl: {{ if .Values.ingress.alertmanager.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.alertmanager.hosts 0).name }}{{ .Values.alertmanager.routePrefix }} + {{- else }} + externalUrl: http://{{ template "kube-prometheus.alertmanager.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.service.alertmanager.ports.alertmanager.port }}{{ .Values.alertmanager.routePrefix }} + {{- end }} + portName: "{{ .Values.alertmanager.portName }}" + paused: {{ .Values.alertmanager.paused }} + logFormat: {{ .Values.alertmanager.logFormat }} + logLevel: {{ .Values.alertmanager.logLevel }} + retention: {{ .Values.alertmanager.retention }} + {{- if .Values.alertmanager.secrets }} + secrets: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.secrets "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.configMaps }} + configMaps: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.configMaps "context" $) | nindent 4 }} + {{- end }} + resources: {{- toYaml .Values.alertmanager.resources | nindent 4 }} + routePrefix: "{{ .Values.alertmanager.routePrefix }}" + {{- if .Values.alertmanager.podSecurityContext.enabled }} + securityContext: {{- omit .Values.alertmanager.podSecurityContext "enabled" | toYaml | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.storageSpec }} + storage: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.storageSpec "context" $) | nindent 4 }} + {{- else }} + {{- if .Values.alertmanager.persistence.enabled }} + storage: + volumeClaimTemplate: + spec: + accessModes: + {{- range .Values.alertmanager.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.alertmanager.persistence.size | quote }} + {{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" . "objectData" .Values.prometheus.persistence )) | trim }} + storageClassName: {{ . }} + {{- end }} + {{- end }} + {{- end }} + {{- if or .Values.alertmanager.podMetadata.labels .Values.alertmanager.podMetadata.annotations (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }} + podMetadata: + labels: + {{- if .Values.alertmanager.podMetadata.labels }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.labels "context" $) | nindent 6 }} + {{- end }} + {{- if or (eq .Values.alertmanager.podAntiAffinityPreset "soft") (eq .Values.alertmanager.podAntiAffinityPreset "hard") }} + {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }} + {{- end }} + {{- if .Values.alertmanager.podMetadata.annotations }} + annotations: + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.podMetadata.annotations "context" $) | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.affinity }} + affinity: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.affinity "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.nodeSelector }} + nodeSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.nodeSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.tolerations }} + tolerations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.tolerations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.volumes }} + volumes: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.volumes "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.volumeMounts }} + volumeMounts: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.volumeMounts "context" $) | nindent 4 }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }} + {{- if or .Values.alertmanager.containers .Values.alertmanager.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + containers: + {{- if or .Values.alertmanager.containerSecurityContext.enabled .Values.alertmanager.livenessProbe.enabled .Values.alertmanager.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: alertmanager + {{- if .Values.alertmanager.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.alertmanager.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.alertmanager.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.alertmanager.livenessProbe.path }} + port: alertmanager + scheme: HTTP + initialDelaySeconds: {{ .Values.alertmanager.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.alertmanager.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.alertmanager.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.alertmanager.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.alertmanager.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.alertmanager.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.alertmanager.readinessProbe.path }} + port: alertmanager + scheme: HTTP + initialDelaySeconds: {{ .Values.alertmanager.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.alertmanager.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.alertmanager.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.alertmanager.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.alertmanager.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: config-reloader + {{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.containers }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.containers "context" $) | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.alertmanager.priorityClassName }} + priorityClassName: {{ .Values.alertmanager.priorityClassName }} + {{- end }} + {{- if .Values.alertmanager.additionalPeers }} + additionalPeers: {{ .Values.alertmanager.additionalPeers }} + {{- end }} + {{- if .Values.alertmanager.configNamespaceSelector }} + alertmanagerConfigNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.configNamespaceSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.alertmanager.configSelector }} + alertmanagerConfigSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.configSelector "context" $) | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/premium/prometheus/17.9.3/templates/alertmanager/secrets.yaml b/premium/prometheus/17.9.3/templates/alertmanager/secrets.yaml new file mode 100644 index 00000000000..9a6f518f35c --- /dev/null +++ b/premium/prometheus/17.9.3/templates/alertmanager/secrets.yaml @@ -0,0 +1,13 @@ +{{- if (and .Values.alertmanager.enabled (not .Values.alertmanager.externalConfig) ) }} +apiVersion: v1 +kind: Secret +metadata: + name: alertmanager-{{ template "kube-prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} +data: + alertmanager.yaml: {{ toYaml .Values.alertmanager.config | b64enc | quote }} +{{- range $key, $val := .Values.alertmanager.templateFiles }} + {{ $key }}: {{ $val | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/premium/prometheus/17.9.3/templates/alertmanager/serviceaccount.yaml b/premium/prometheus/17.9.3/templates/alertmanager/serviceaccount.yaml new file mode 100644 index 00000000000..a6f438889a2 --- /dev/null +++ b/premium/prometheus/17.9.3/templates/alertmanager/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus.alertmanager.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} + {{- if index .Values.alertmanager.serviceAccount "annotations" }} + annotations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.alertmanager.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . }} +{{- end }} diff --git a/premium/prometheus/17.9.3/templates/alertmanager/servicemonitor.yaml b/premium/prometheus/17.9.3/templates/alertmanager/servicemonitor.yaml new file mode 100644 index 00000000000..ef0e02d3875 --- /dev/null +++ b/premium/prometheus/17.9.3/templates/alertmanager/servicemonitor.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.alertmanager.labels" . | nindent 4 }} +spec: + selector: + matchLabels: {{- include "kube-prometheus.alertmanager.matchLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + {{- if .Values.alertmanager.serviceMonitor.interval }} + interval: {{ .Values.alertmanager.serviceMonitor.interval }} + {{- end }} + path: {{ trimSuffix "/" .Values.alertmanager.routePrefix }}/metrics + {{- if .Values.alertmanager.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.alertmanager.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.alertmanager.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.alertmanager.serviceMonitor.relabelings | nindent 8 }} + {{- end }} +{{- end }} diff --git a/premium/prometheus/17.9.3/templates/common.yaml b/premium/prometheus/17.9.3/templates/common.yaml new file mode 100644 index 00000000000..61364503a70 --- /dev/null +++ b/premium/prometheus/17.9.3/templates/common.yaml @@ -0,0 +1,13 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- include "prometheus.prometheus.prometheus" . }} +{{- include "prometheus.prometheus.additionalprometheusrules" . }} +{{- include "prometheus.prometheus.additionalscrapejobs" . }} +{{- include "prometheus.prometheus.servicemonitor" . }} + +{{- include "prometheus.alertmanager.alertmanager" . }} + + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/premium/prometheus/17.9.3/templates/prometheus/_additionalPrometheusRules.tpl b/premium/prometheus/17.9.3/templates/prometheus/_additionalPrometheusRules.tpl new file mode 100644 index 00000000000..121048d87ce --- /dev/null +++ b/premium/prometheus/17.9.3/templates/prometheus/_additionalPrometheusRules.tpl @@ -0,0 +1,15 @@ +{{- define "prometheus.prometheus.additionalprometheusrules" -}} +{{- if and .Values.prometheus.enabled .Values.prometheus.additionalPrometheusRules}} + {{- range .Values.prometheus.additionalPrometheusRules }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "kube-prometheus.name" $ }}-{{ .name }} + namespace: {{ $.Release.Namespace }} + labels: {{ include "kube-prometheus.prometheus.labels" $ | nindent 4 }} +spec: + groups: {{- toYaml .groups | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/premium/prometheus/17.9.3/templates/prometheus/_additionalScrapeJobs.tpl b/premium/prometheus/17.9.3/templates/prometheus/_additionalScrapeJobs.tpl new file mode 100644 index 00000000000..3c5f85140a4 --- /dev/null +++ b/premium/prometheus/17.9.3/templates/prometheus/_additionalScrapeJobs.tpl @@ -0,0 +1,13 @@ +{{- define "prometheus.prometheus.additionalscrapejobs" -}} +{{- if (and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") ) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +data: + scrape-jobs.yaml: {{ include "tc.v1.common.tplvalues.render" ( dict "value" .Values.prometheus.additionalScrapeConfigs.internal.jobList "context" $ ) | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/premium/prometheus/17.9.3/templates/prometheus/_prometheus.tpl b/premium/prometheus/17.9.3/templates/prometheus/_prometheus.tpl new file mode 100644 index 00000000000..b5bd3bcb292 --- /dev/null +++ b/premium/prometheus/17.9.3/templates/prometheus/_prometheus.tpl @@ -0,0 +1,366 @@ +{{- define "prometheus.prometheus.prometheus" -}} +{{- if .Values.prometheus.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: Prometheus +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.prometheus.replicaCount }} + serviceAccountName: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} + {{- if .Values.prometheus.serviceMonitorSelector }} + serviceMonitorSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorSelector "context" $) | nindent 4 }} + {{- else }} + serviceMonitorSelector: {} + {{- end }} + {{- if .Values.prometheus.podMonitorSelector }} + podMonitorSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorSelector "context" $) | nindent 4 }} + {{- else }} + podMonitorSelector: {} + {{- end }} + {{- if .Values.prometheus.probeSelector }} + probeSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.probeSelector "context" $) | nindent 4 }} + {{- else }} + probeSelector: {} + {{- end }} + {{- if .Values.prometheus.scrapeConfigSelector }} + scrapeConfigSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.scrapeConfigSelector "context" $) | nindent 4 }} + {{- else }} + scrapeConfigSelector: {} + {{- end }} + alerting: + alertmanagers: + {{- if .Values.prometheus.alertingEndpoints }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.alertingEndpoints "context" $) | nindent 6 }} + {{- else if .Values.alertmanager.enabled }} + - namespace: {{ .Release.Namespace }} + name: {{ template "kube-prometheus.alertmanager.fullname" . }} + port: http + pathPrefix: "{{ .Values.alertmanager.routePrefix }}" + {{- else }} + [] + {{- end }} + {{- if .Values.prometheus.image }} + image: {{ template "kube-prometheus.prometheus.image" . }} + {{- end }} + {{- if .Values.prometheus.externalLabels }} + externalLabels: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.externalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.prometheusExternalLabelNameClear }} + prometheusExternalLabelName: "" + {{- else if .Values.prometheus.prometheusExternalLabelName }} + prometheusExternalLabelName: "{{ .Values.prometheus.prometheusExternalLabelName }}" + {{- end }} + {{- if .Values.prometheus.replicaExternalLabelNameClear }} + replicaExternalLabelName: "" + {{- else if .Values.prometheus.replicaExternalLabelName }} + replicaExternalLabelName: "{{ .Values.prometheus.replicaExternalLabelName }}" + {{- end }} + {{- if index .Values.prometheus "externalUrl" }} + externalUrl: "{{ .Values.prometheus.externalUrl }}" + {{- else if and .Values.ingress.main.enabled .Values.ingress.main.hosts }} + externalUrl: {{ if .Values.ingress.main.tls }}https{{else}}http{{ end }}://{{ (index .Values.ingress.main.hosts 0).name }}{{ .Values.prometheus.routePrefix }} + {{- else }} + externalUrl: http://{{ template "kube-prometheus.prometheus.fullname" . }}.{{ .Release.Namespace }}:9090{{ .Values.prometheus.routePrefix }} + {{- end }} + paused: {{ .Values.prometheus.paused }} + logLevel: {{ .Values.prometheus.logLevel }} + logFormat: {{ .Values.prometheus.logFormat }} + listenLocal: {{ .Values.prometheus.listenLocal }} + enableAdminAPI: {{ .Values.prometheus.enableAdminAPI }} + {{- if .Values.prometheus.enableFeatures }} + enableFeatures: + {{- range .Values.prometheus.enableFeatures }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.scrapeInterval }} + scrapeInterval: {{ .Values.prometheus.scrapeInterval }} + {{- end }} + {{- if .Values.prometheus.evaluationInterval }} + evaluationInterval: {{ .Values.prometheus.evaluationInterval }} + {{- end }} + {{- if .Values.prometheus.resources }} + resources: {{- toYaml .Values.prometheus.resources | nindent 4 }} + {{- end }} + retention: {{ .Values.prometheus.retention }} + {{- if .Values.prometheus.retentionSize }} + retentionSize: {{ .Values.prometheus.retentionSize }} + {{- end }} + {{- if .Values.prometheus.disableCompaction }} + disableCompaction: {{ .Values.prometheus.disableCompaction }} + {{- end }} + {{- if .Values.prometheus.enableRemoteWriteReceiver }} + enableRemoteWriteReceiver: {{ .Values.prometheus.enableRemoteWriteReceiver }} + {{- end }} + {{- if .Values.prometheus.walCompression }} + walCompression: {{ .Values.prometheus.walCompression }} + {{- end }} + portName: "{{ .Values.prometheus.portName }}" + routePrefix: "{{ .Values.prometheus.routePrefix }}" + {{- if .Values.prometheus.secrets }} + secrets: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.secrets "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.configMaps }} + configMaps: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.configMaps "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitorNamespaceSelector }} + serviceMonitorNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.serviceMonitorNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + serviceMonitorNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.podMonitorNamespaceSelector }} + podMonitorNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMonitorNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + podMonitorNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.probeNamespaceSelector }} + probeNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.probeNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + probeNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.scrapeConfigNamespaceSelector }} + scrapeConfigNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.scrapeConfigNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + scrapeConfigNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.remoteRead }} + remoteRead: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.remoteRead "context" $) | nindent 4 }} + {{- end }} + {{- with .Values.prometheus.remoteWrite }} + remoteWrite: + {{- tpl (toYaml .) $ | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.podSecurityContext.enabled }} + securityContext: {{- omit .Values.prometheus.podSecurityContext "enabled" | toYaml | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.ruleNamespaceSelector }} + ruleNamespaceSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.ruleNamespaceSelector "context" $) | nindent 4 }} + {{- else }} + ruleNamespaceSelector: {} + {{- end }} + {{- if .Values.prometheus.ruleSelector }} + ruleSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.ruleSelector "context" $) | nindent 4 }} + {{- else }} + ruleSelector: {} + {{- end }} + {{- if .Values.prometheus.storageSpec }} + storage: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.storageSpec "context" $) | nindent 4 }} + {{- else if .Values.prometheus.persistence.enabled }} + storage: + volumeClaimTemplate: + spec: + accessModes: + {{- range .Values.prometheus.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.prometheus.persistence.size | quote }} + {{- with (include "tc.v1.common.lib.storage.storageClassName" ( dict "rootCtx" . "objectData" .Values.prometheus.persistence )) | trim }} + storageClassName: {{ . }} + {{- end }} + {{- end }} + {{- if or .Values.prometheus.podMetadata.labels .Values.prometheus.podMetadata.annotations (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }} + podMetadata: + labels: + {{- if .Values.prometheus.podMetadata.labels }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.labels "context" $) | nindent 6 }} + {{- end }} + {{- if or (eq .Values.prometheus.podAntiAffinityPreset "soft") (eq .Values.prometheus.podAntiAffinityPreset "hard") }} + {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }} + {{- end }} + {{- if .Values.prometheus.podMetadata.annotations }} + annotations: + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.podMetadata.annotations "context" $) | nindent 6 }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.querySpec }} + query: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.querySpec "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.affinity }} + affinity: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.affinity "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.nodeSelector }} + nodeSelector: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.nodeSelector "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.tolerations }} + tolerations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.tolerations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.volumes }} + volumes: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.volumes "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.prometheus.volumeMounts }} + volumeMounts: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.volumeMounts "context" $) | nindent 4 }} + {{- end }} + {{- if or .Values.prometheus.additionalScrapeConfigs.enabled .Values.prometheus.additionalScrapeConfigsExternal.enabled }} + additionalScrapeConfigs: + {{- if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "external") }} + name: {{ .Values.prometheus.additionalScrapeConfigs.external.name }} + key: {{ .Values.prometheus.additionalScrapeConfigs.external.key }} + {{- else if and .Values.prometheus.additionalScrapeConfigs.enabled (eq .Values.prometheus.additionalScrapeConfigs.type "internal") }} + name: additional-scrape-jobs-{{ template "kube-prometheus.prometheus.fullname" . }} + key: scrape-jobs.yaml + {{- else if and (not .Values.prometheus.additionalScrapeConfigs.enabled) .Values.prometheus.additionalScrapeConfigsExternal.enabled }} + name: {{ .Values.prometheus.additionalScrapeConfigsExternal.name }} + key: {{ .Values.prometheus.additionalScrapeConfigsExternal.key }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.additionalAlertRelabelConfigsExternal.enabled }} + additionalAlertRelabelConfigs: + name: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.name }} + key: {{ .Values.prometheus.additionalAlertRelabelConfigsExternal.key }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . | indent 2 }} + {{- if or .Values.prometheus.containers .Values.prometheus.thanos.create .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + containers: + {{- if .Values.prometheus.thanos.create }} + - name: thanos-sidecar + image: {{ template "kube-prometheus.prometheus.thanosImage" . }} + imagePullPolicy: {{ .Values.prometheus.thanos.image.pullPolicy }} + args: + - sidecar + - --prometheus.url={{ default "http://localhost:9090" .Values.prometheus.thanos.prometheusUrl }} + - --grpc-address=0.0.0.0:10901 + - --http-address=0.0.0.0:10902 + - --tsdb.path=/prometheus/ + {{- if .Values.prometheus.thanos.objectStorageConfig }} + - --objstore.config=$(OBJSTORE_CONFIG) + {{- end }} + {{- if .Values.prometheus.thanos.extraArgs }} + {{ toYaml .Values.prometheus.thanos.extraArgs | indent 8 | trim }} + {{- end }} + {{- if .Values.prometheus.thanos.objectStorageConfig }} + env: + - name: OBJSTORE_CONFIG + valueFrom: + secretKeyRef: + name: {{ .Values.prometheus.thanos.objectStorageConfig.secretName }} + key: {{ .Values.prometheus.thanos.objectStorageConfig.secretKey | default "thanos.yaml" }} + {{- end }} + {{- if .Values.prometheus.thanos.resources }} + resources: {{- toYaml .Values.prometheus.thanos.resources | nindent 8 }} + {{- end }} + ports: + - name: thanos + containerPort: 10901 + protocol: TCP + - name: http + containerPort: 10902 + protocol: TCP + volumeMounts: + - mountPath: /prometheus + name: prometheus-{{ template "kube-prometheus.prometheus.fullname" . }}-db + {{- if not (.Values.prometheus.storageSpec.disableMountSubPath | default (not .Values.prometheus.persistence.enabled)) }} + subPath: prometheus-db + {{- end }} + {{- if .Values.prometheus.thanos.extraVolumeMounts }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.thanos.extraVolumeMounts "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.thanos.containerSecurityContext.enabled }} + # yamllint disable rule:indentation + securityContext: {{- omit .Values.prometheus.thanos.containerSecurityContext "enabled" | toYaml | nindent 8 }} + # yamllint enable rule:indentation + {{- end }} + {{- if .Values.prometheus.thanos.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.prometheus.thanos.livenessProbe.path }} + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.thanos.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.thanos.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.thanos.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.thanos.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.thanos.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.prometheus.thanos.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.prometheus.thanos.readinessProbe.path }} + port: http + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.thanos.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.thanos.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.thanos.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.thanos.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.thanos.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if or .Values.prometheus.containerSecurityContext.enabled .Values.prometheus.livenessProbe.enabled .Values.prometheus.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: prometheus + {{- if .Values.prometheus.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.prometheus.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.prometheus.livenessProbe.path }} + port: main + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.prometheus.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.prometheus.readinessProbe.path }} + port: main + scheme: HTTP + initialDelaySeconds: {{ .Values.prometheus.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.prometheus.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.prometheus.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.prometheus.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.prometheus.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if or .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled .Values.operator.prometheusConfigReloader.livenessProbe.enabled .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + ## This monkey patching is needed until the securityContexts are + ## directly patchable via the CRD. + ## ref: https://github.com/prometheus-operator/prometheus-operator/issues/3947 + ## currently implemented with strategic merge + ## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/strategic-merge-patch.md + - name: config-reloader + {{- if .Values.operator.prometheusConfigReloader.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.operator.prometheusConfigReloader.containerSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.livenessProbe.successThreshold }} + {{- end }} + {{- if .Values.operator.prometheusConfigReloader.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: reloader-web + initialDelaySeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.operator.prometheusConfigReloader.readinessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.failureThreshold }} + successThreshold: {{ .Values.operator.prometheusConfigReloader.readinessProbe.successThreshold }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.containers }} + {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.containers "context" $) | nindent 4 }} + {{- end }} + {{- end }} + {{- if .Values.prometheus.priorityClassName }} + priorityClassName: {{ .Values.prometheus.priorityClassName }} + {{- end }} +{{- end }} +{{- end }} diff --git a/premium/prometheus/17.9.3/templates/prometheus/_servicemonitor.tpl b/premium/prometheus/17.9.3/templates/prometheus/_servicemonitor.tpl new file mode 100644 index 00000000000..20744f2c924 --- /dev/null +++ b/premium/prometheus/17.9.3/templates/prometheus/_servicemonitor.tpl @@ -0,0 +1,29 @@ +{{- define "prometheus.prometheus.servicemonitor" -}} +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceMonitor.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +spec: + selector: + matchLabels: {{- include "kube-prometheus.prometheus.matchLabels" . | nindent 6 }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: http + {{- if .Values.prometheus.serviceMonitor.interval }} + interval: {{ .Values.prometheus.serviceMonitor.interval }} + {{- end }} + path: {{ trimSuffix "/" .Values.prometheus.routePrefix }}/metrics + {{- if .Values.prometheus.serviceMonitor.metricRelabelings }} + metricRelabelings: {{- include "tc.v1.common.tplvalues.render" ( dict "value" .Values.prometheus.serviceMonitor.metricRelabelings "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.prometheus.serviceMonitor.relabelings }} + relabelings: {{- toYaml .Values.prometheus.serviceMonitor.relabelings | nindent 8 }} + {{- end }} +{{- end }} +{{- end }} diff --git a/premium/prometheus/17.9.3/templates/prometheus/clusterrole.yaml b/premium/prometheus/17.9.3/templates/prometheus/clusterrole.yaml new file mode 100644 index 00000000000..ae96e2d45f8 --- /dev/null +++ b/premium/prometheus/17.9.3/templates/prometheus/clusterrole.yaml @@ -0,0 +1,41 @@ +{{- if .Values.prometheus.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: + - "get" + - "list" + - "watch" + - apiGroups: + - extensions + - "networking.k8s.io" + resources: + - ingresses + verbs: + - get + - list + - watch + - nonResourceURLs: + - "/metrics" + verbs: + - "get" +{{- end }} diff --git a/premium/prometheus/17.9.3/templates/prometheus/clusterrolebinding.yaml b/premium/prometheus/17.9.3/templates/prometheus/clusterrolebinding.yaml new file mode 100644 index 00000000000..7ca10743f4a --- /dev/null +++ b/premium/prometheus/17.9.3/templates/prometheus/clusterrolebinding.yaml @@ -0,0 +1,15 @@ +{{- if .Values.prometheus.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "kube-prometheus.prometheus.fullname" . }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "kube-prometheus.prometheus.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/premium/prometheus/17.9.3/templates/prometheus/serviceaccount.yaml b/premium/prometheus/17.9.3/templates/prometheus/serviceaccount.yaml new file mode 100644 index 00000000000..39539fc1191 --- /dev/null +++ b/premium/prometheus/17.9.3/templates/prometheus/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.prometheus.enabled .Values.prometheus.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "kube-prometheus.prometheus.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "kube-prometheus.prometheus.labels" . | nindent 4 }} + {{- if index .Values.prometheus.serviceAccount "annotations" }} + annotations: {{- include "tc.v1.common.tplvalues.render" (dict "value" .Values.prometheus.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} +{{- include "kube-prometheus.imagePullSecrets" . }} +{{- end }} diff --git a/premium/prometheus/17.9.3/values.yaml b/premium/prometheus/17.9.3/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/premium/prometheus/item.yaml b/premium/prometheus/item.yaml new file mode 100644 index 00000000000..dd0c9b30ba0 --- /dev/null +++ b/premium/prometheus/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/prometheus.png +categories: + - metrics +screenshots: [] diff --git a/premium/traefik/26.7.4/.helmignore b/premium/traefik/26.7.4/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/premium/traefik/26.7.4/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/premium/traefik/26.7.4/CHANGELOG.md b/premium/traefik/26.7.4/CHANGELOG.md new file mode 100644 index 00000000000..fb874632b50 --- /dev/null +++ b/premium/traefik/26.7.4/CHANGELOG.md @@ -0,0 +1,17 @@ +--- +title: Changelog +--- + + +*for the complete changelog, please refer to the website* + +**Important:** + + +## [traefik-26.7.4](https://github.com/truecharts/charts/compare/traefik-26.7.3...traefik-26.7.4) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/traefik/26.7.4/Chart.yaml b/premium/traefik/26.7.4/Chart.yaml new file mode 100644 index 00000000000..e9824cd5ee7 --- /dev/null +++ b/premium/traefik/26.7.4/Chart.yaml @@ -0,0 +1,39 @@ +annotations: + max_scale_version: 24.04.0 + min_scale_version: 23.10.0 + truecharts.org/SCALE-support: "true" + truecharts.org/category: network + truecharts.org/max_helm_version: "3.14" + truecharts.org/min_helm_version: "3.12" + truecharts.org/train: premium +apiVersion: v2 +appVersion: 2.11.0 +dependencies: + - name: common + version: 20.0.9 + repository: oci://tccr.io/truecharts + condition: "" + alias: "" + tags: [] + import-values: [] +deprecated: false +description: Traefik is a flexible reverse proxy and Ingress Provider. +home: https://truecharts.org/charts/premium/traefik +icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png +keywords: + - traefik + - ingress +kubeVersion: '>=1.24.0-0' +maintainers: + - name: TrueCharts + email: info@truecharts.org + url: https://truecharts.org +name: traefik +sources: + - https://github.com/traefik/traefik + - https://github.com/traefik/traefik-helm-chart + - https://traefik.io/ + - https://github.com/truecharts/charts/tree/master/charts/premium/traefik + - https://github.com/truecharts/containers/tree/master/apps/traefik +type: application +version: 26.7.4 diff --git a/premium/traefik/26.7.4/README.md b/premium/traefik/26.7.4/README.md new file mode 100644 index 00000000000..3e4e816cdf4 --- /dev/null +++ b/premium/traefik/26.7.4/README.md @@ -0,0 +1,28 @@ +--- +title: README +--- + +## General Info + +TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/traefik) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +_All Rights Reserved - The TrueCharts Project_ diff --git a/premium/traefik/26.7.4/app-changelog.md b/premium/traefik/26.7.4/app-changelog.md new file mode 100644 index 00000000000..c2ee4871d7e --- /dev/null +++ b/premium/traefik/26.7.4/app-changelog.md @@ -0,0 +1,9 @@ + + +## [traefik-26.7.4](https://github.com/truecharts/charts/compare/traefik-26.7.3...traefik-26.7.4) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/traefik/26.7.4/app-readme.md b/premium/traefik/26.7.4/app-readme.md new file mode 100644 index 00000000000..7a332ea668e --- /dev/null +++ b/premium/traefik/26.7.4/app-readme.md @@ -0,0 +1,8 @@ +Traefik is a flexible reverse proxy and Ingress Provider. + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/traefik](https://truecharts.org/charts/premium/traefik) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/premium/traefik/26.7.4/charts/common-20.0.9.tgz b/premium/traefik/26.7.4/charts/common-20.0.9.tgz new file mode 100644 index 00000000000..41a62ef2dc2 Binary files /dev/null and b/premium/traefik/26.7.4/charts/common-20.0.9.tgz differ diff --git a/premium/traefik/26.7.4/crds/traefik.containo.us_ingressroutes.yaml b/premium/traefik/26.7.4/crds/traefik.containo.us_ingressroutes.yaml new file mode 100644 index 00000000000..bd137f410d9 --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.containo.us_ingressroutes.yaml @@ -0,0 +1,275 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutes.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: Kind defines the kind of the route. Rule is the + only supported kind. + enum: + - Rule + type: string + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule' + type: string + middlewares: + description: 'Middlewares defines the list of references to + Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware' + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority' + type: integer + services: + description: Services defines the list of Service. It can contain + any combination of TraefikService and/or reference to a Kubernetes + Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client + Host header is forwarded to the upstream Kubernetes + Service. By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, + in milliseconds, in between flushes to the client + while copying the response body. A negative value + means to flush immediately after each write to the + client. This configuration is ignored when ReverseProxy + recognizes a response as a streaming response; for + such responses, writes are flushed to the client + immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the + request to the upstream Kubernetes Service. It defaults + to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only + be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round + Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + name: + description: 'Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: 'Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.containo.us_ingressroutetcps.yaml b/premium/traefik/26.7.4/crds/traefik.containo.us_ingressroutetcps.yaml new file mode 100644 index 00000000000..589fe31c18c --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.containo.us_ingressroutetcps.yaml @@ -0,0 +1,218 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutetcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteTCP holds the TCP route configuration. + properties: + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1' + type: string + middlewares: + description: Middlewares defines the list of references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1' + type: integer + services: + description: Services defines the list of TCP services. + items: + description: ServiceTCP defines an upstream TCP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + proxyProtocol: + description: 'ProxyProtocol defines the PROXY protocol + configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol' + properties: + version: + description: Version defines the PROXY Protocol version + to use. + type: integer + type: object + terminationDelay: + description: TerminationDelay defines the deadline that + the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, + to close the reading capability as well, hence fully + terminating the connection. It is a duration in milliseconds, + defaulting to 100. A negative value means an infinite + deadline (i.e. the reading capability is never closed). + type: integer + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration on a layer 4 / TCP + Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + passthrough: + description: Passthrough defines whether a TLS router will terminate + the TLS connection. + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.containo.us_ingressrouteudps.yaml b/premium/traefik/26.7.4/crds/traefik.containo.us_ingressrouteudps.yaml new file mode 100644 index 00000000000..c35ee4dc20d --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.containo.us_ingressrouteudps.yaml @@ -0,0 +1,105 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressrouteudps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteUDP holds the UDP route configuration. + properties: + services: + description: Services defines the list of UDP services. + items: + description: ServiceUDP defines an upstream UDP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.containo.us_middlewares.yaml b/premium/traefik/26.7.4/crds/traefik.containo.us_middlewares.yaml new file mode 100644 index 00000000000..5e14f93fa55 --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.containo.us_middlewares.yaml @@ -0,0 +1,924 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewares.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareSpec defines the desired state of a Middleware. + properties: + addPrefix: + description: 'AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding + it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/' + properties: + prefix: + description: Prefix is the string to add before the current path + in the requested URL. It should include a leading slash (/). + type: string + type: object + basicAuth: + description: 'BasicAuth holds the basic auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: 'RemoveHeader sets the removeHeader option to true + to remove the authorization header before forwarding the request + to your service. Default: false.' + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + buffering: + description: 'Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can + be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes' + properties: + maxRequestBodyBytes: + description: 'MaxRequestBodyBytes defines the maximum allowed + body size for the request (in bytes). If the request exceeds + the allowed size, it is not forwarded to the service, and the + client gets a 413 (Request Entity Too Large) response. Default: + 0 (no maximum).' + format: int64 + type: integer + maxResponseBodyBytes: + description: 'MaxResponseBodyBytes defines the maximum allowed + response size from the service (in bytes). If the response exceeds + the allowed size, it is not forwarded to the client. The client + gets a 500 (Internal Server Error) response instead. Default: + 0 (no maximum).' + format: int64 + type: integer + memRequestBodyBytes: + description: 'MemRequestBodyBytes defines the threshold (in bytes) + from which the request will be buffered on disk instead of in + memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + memResponseBodyBytes: + description: 'MemResponseBodyBytes defines the threshold (in bytes) + from which the response will be buffered on disk instead of + in memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + retryExpression: + description: 'RetryExpression defines the retry conditions. It + is a logical combination of functions with operators AND (&&) + and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression' + type: string + type: object + chain: + description: 'Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other + pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/' + properties: + middlewares: + description: Middlewares is the list of MiddlewareRef which composes + the chain. + items: + description: MiddlewareRef is a reference to a Middleware resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + checkPeriod: + anyOf: + - type: integer + - type: string + description: CheckPeriod is the interval between successive checks + of the circuit breaker condition (when in standby state). + x-kubernetes-int-or-string: true + expression: + description: Expression is the condition that triggers the tripped + state. + type: string + fallbackDuration: + anyOf: + - type: integer + - type: string + description: FallbackDuration is the duration for which the circuit + breaker will wait before trying to recover (from a tripped state). + x-kubernetes-int-or-string: true + recoveryDuration: + anyOf: + - type: integer + - type: string + description: RecoveryDuration is the duration for which the circuit + breaker will try to recover (as soon as it is in recovering + state). + x-kubernetes-int-or-string: true + type: object + compress: + description: 'Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the + client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/' + properties: + excludedContentTypes: + description: ExcludedContentTypes defines the list of content + types to compare the Content-Type header of the incoming requests + and responses before compressing. + items: + type: string + type: array + minResponseBodyBytes: + description: 'MinResponseBodyBytes defines the minimum amount + of bytes a response body must have to be compressed. Default: + 1024.' + type: integer + type: object + contentType: + description: ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least + the default one can be changed in a future version. + properties: + autoDetect: + description: AutoDetect specifies whether to let the `Content-Type` + header, if it has not been set by the backend, be automatically + set to a value derived from the contents of the response. As + a proxy, the default behavior should be to leave the header + alone, regardless of what the backend did with it. However, + the historic default was to always auto-detect and set the header + if it was nil, and it is going to be kept that way in order + to support users currently relying on it. + type: boolean + type: object + digestAuth: + description: 'DigestAuth holds the digest auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: RemoveHeader defines whether to remove the authorization + header before forwarding the request to the backend. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + errors: + description: 'ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according + to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/' + properties: + query: + description: Query defines the URL for the error page (hosted + by service). The {status} variable can be used in order to insert + the status code in the URL. + type: string + service: + description: 'Service defines the reference to a Kubernetes Service + that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service' + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the + two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if + the only child is the Kubernetes Service clusterIP. The + Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming + response; for such responses, writes are flushed to + the client immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes + Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can + be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported value + at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object (and + to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + description: Status defines which status or range of statuses + should result in an error page. It can be either a status code + as a number (500), as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), or + a combination of the two (404,418,500-599). + items: + type: string + type: array + type: object + forwardAuth: + description: 'ForwardAuth holds the forward auth middleware configuration. + This middleware delegates the request authentication to a Service. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/' + properties: + address: + description: Address defines the authentication server address. + type: string + authRequestHeaders: + description: AuthRequestHeaders defines the list of the headers + to copy from the request to the authentication server. If not + set or empty then all request headers are passed. + items: + type: string + type: array + authResponseHeaders: + description: AuthResponseHeaders defines the list of headers to + copy from the authentication server response and set on forwarded + request, replacing any existing conflicting headers. + items: + type: string + type: array + authResponseHeadersRegex: + description: 'AuthResponseHeadersRegex defines the regex to match + headers to copy from the authentication server response and + set on forwarded request, after stripping all headers that match + the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex' + type: string + tls: + description: TLS defines the configuration used to secure the + connection to the authentication server. + properties: + caOptional: + type: boolean + caSecret: + description: CASecret is the name of the referenced Kubernetes + Secret containing the CA to validate the server certificate. + The CA certificate is extracted from key `tls.ca` or `ca.crt`. + type: string + certSecret: + description: CertSecret is the name of the referenced Kubernetes + Secret containing the client certificate. The client certificate + is extracted from the keys `tls.crt` and `tls.key`. + type: string + insecureSkipVerify: + description: InsecureSkipVerify defines whether the server + certificates should be validated. + type: boolean + type: object + trustForwardHeader: + description: 'TrustForwardHeader defines whether to trust (ie: + forward) all X-Forwarded-* headers.' + type: boolean + type: object + headers: + description: 'Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. More + info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders' + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials defines whether the + request can include user credentials. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders defines the Access-Control-Request-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods defines the Access-Control-Request-Method + values sent in preflight response. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge defines the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader defines whether the Vary header is + automatically added/updated when the AccessControlAllowOriginList + is set. + type: boolean + allowedHosts: + description: AllowedHosts defines the fully qualified list of + allowed domain names. + items: + type: string + type: array + browserXssFilter: + description: BrowserXSSFilter defines whether to add the X-XSS-Protection + header with the value 1; mode=block. + type: boolean + contentSecurityPolicy: + description: ContentSecurityPolicy defines the Content-Security-Policy + header value. + type: string + contentTypeNosniff: + description: ContentTypeNosniff defines whether to add the X-Content-Type-Options + header with the nosniff value. + type: boolean + customBrowserXSSValue: + description: CustomBrowserXSSValue defines the X-XSS-Protection + header value. This overrides the BrowserXssFilter option. + type: string + customFrameOptionsValue: + description: CustomFrameOptionsValue defines the X-Frame-Options + header value. This overrides the FrameDeny option. + type: string + customRequestHeaders: + additionalProperties: + type: string + description: CustomRequestHeaders defines the header names and + values to apply to the request. + type: object + customResponseHeaders: + additionalProperties: + type: string + description: CustomResponseHeaders defines the header names and + values to apply to the response. + type: object + featurePolicy: + description: 'Deprecated: use PermissionsPolicy instead.' + type: string + forceSTSHeader: + description: ForceSTSHeader defines whether to add the STS header + even when the connection is HTTP. + type: boolean + frameDeny: + description: FrameDeny defines whether to add the X-Frame-Options + header with the DENY value. + type: boolean + hostsProxyHeaders: + description: HostsProxyHeaders defines the header keys that may + hold a proxied hostname value for the request. + items: + type: string + type: array + isDevelopment: + description: IsDevelopment defines whether to mitigate the unwanted + effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, + not your production domain. If you would like your development + environment to mimic production with complete Host blocking, + SSL redirects, and STS headers, leave this as false. + type: boolean + permissionsPolicy: + description: PermissionsPolicy defines the Permissions-Policy + header value. This allows sites to control browser features. + type: string + publicKey: + description: PublicKey is the public key that implements HPKP + to prevent MITM attacks with forged certificates. + type: string + referrerPolicy: + description: ReferrerPolicy defines the Referrer-Policy header + value. This allows sites to control whether browsers forward + the Referer header to other sites. + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + description: 'SSLProxyHeaders defines the header keys with associated + values that would indicate a valid HTTPS request. It can be + useful when using other proxies (example: "X-Forwarded-Proto": + "https").' + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + description: STSIncludeSubdomains defines whether the includeSubDomains + directive is appended to the Strict-Transport-Security header. + type: boolean + stsPreload: + description: STSPreload defines whether the preload flag is appended + to the Strict-Transport-Security header. + type: boolean + stsSeconds: + description: STSSeconds defines the max-age of the Strict-Transport-Security + header. If set to 0, the header is not set. + format: int64 + type: integer + type: object + inFlightReq: + description: 'InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and + served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/' + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + in-flight request. The middleware responds with HTTP 429 Too + Many Requests if there are already amount requests in progress + (based on the same sourceCriterion strategy). + format: int64 + type: integer + sourceCriterion: + description: 'SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. More + info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + ipWhiteList: + description: 'IPWhiteList holds the IP whitelist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration used + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + passTLSClientCert: + description: 'PassTLSClientCert holds the pass TLS client cert middleware + configuration. This middleware adds the selected data from the passed + client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/' + properties: + info: + description: Info selects the specific client certificate details + you want to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + issuer: + description: Issuer defines the client certificate issuer + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the issuer. + type: boolean + country: + description: Country defines whether to add the country + information into the issuer. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the issuer. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the issuer. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the issuer. + type: boolean + province: + description: Province defines whether to add the province + information into the issuer. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the issuer. + type: boolean + type: object + notAfter: + description: NotAfter defines whether to add the Not After + information from the Validity part. + type: boolean + notBefore: + description: NotBefore defines whether to add the Not Before + information from the Validity part. + type: boolean + sans: + description: Sans defines whether to add the Subject Alternative + Name information from the Subject Alternative Name part. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the client + serialNumber information. + type: boolean + subject: + description: Subject defines the client certificate subject + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the subject. + type: boolean + country: + description: Country defines whether to add the country + information into the subject. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the subject. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the subject. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the subject. + type: boolean + organizationalUnit: + description: OrganizationalUnit defines whether to add + the organizationalUnit information into the subject. + type: boolean + province: + description: Province defines whether to add the province + information into the subject. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the subject. + type: boolean + type: object + type: object + pem: + description: PEM sets the X-Forwarded-Tls-Client-Cert header with + the certificate. + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/' + type: object + rateLimit: + description: 'RateLimit holds the rate limit configuration. This middleware + ensures that services will receive a fair amount of requests, and + allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/' + properties: + average: + description: Average is the maximum rate, by default in requests/s, + allowed for the given source. It defaults to 0, which means + no rate limiting. The rate is actually defined by dividing Average + by Period. So for a rate below 1req/s, one needs to define a + Period larger than a second. + format: int64 + type: integer + burst: + description: Burst is the maximum number of requests allowed to + arrive in the same arbitrarily small period of time. It defaults + to 1. + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + description: 'Period, in combination with Average, defines the + actual maximum rate, such as: r = Average / Period. It defaults + to a second.' + x-kubernetes-int-or-string: true + sourceCriterion: + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote + address field (as an ipStrategy). + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + redirectRegex: + description: 'RedirectRegex holds the redirect regex middleware configuration. + This middleware redirects a request using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + regex: + description: Regex defines the regex used to match and capture + elements from the request URL. + type: string + replacement: + description: Replacement defines how to modify the URL to have + the new target URL. + type: string + type: object + redirectScheme: + description: 'RedirectScheme holds the redirect scheme middleware + configuration. This middleware redirects requests from a scheme/port + to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + port: + description: Port defines the port of the new URL. + type: string + scheme: + description: Scheme defines the scheme of the new URL. + type: string + type: object + replacePath: + description: 'ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the + original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/' + properties: + path: + description: Path defines the path to use as replacement in the + request URL. + type: string + type: object + replacePathRegex: + description: 'ReplacePathRegex holds the replace path regex middleware + configuration. This middleware replaces the path of a URL using + regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/' + properties: + regex: + description: Regex defines the regular expression used to match + and capture the path from the request URL. + type: string + replacement: + description: Replacement defines the replacement path format, + which can include captured variables. + type: string + type: object + retry: + description: 'Retry holds the retry middleware configuration. This + middleware reissues requests a given number of times to a backend + server if that server does not reply. As soon as the server answers, + the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/' + properties: + attempts: + description: Attempts defines how many times the request should + be retried. + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + description: InitialInterval defines the first wait time in the + exponential backoff series. The maximum interval is calculated + as twice the initialInterval. If unspecified, requests will + be retried immediately. The value of initialInterval should + be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: 'StripPrefix holds the strip prefix middleware configuration. + This middleware removes the specified prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/' + properties: + forceSlash: + description: 'ForceSlash ensures that the resulting stripped path + is not the empty string, by replacing it with / when necessary. + Default: true.' + type: boolean + prefixes: + description: Prefixes defines the prefixes to strip from the request + URL. + items: + type: string + type: array + type: object + stripPrefixRegex: + description: 'StripPrefixRegex holds the strip prefix regex middleware + configuration. This middleware removes the matching prefixes from + the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/' + properties: + regex: + description: Regex defines the regular expression to match the + path prefix from the request URL. + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.containo.us_middlewaretcps.yaml b/premium/traefik/26.7.4/crds/traefik.containo.us_middlewaretcps.yaml new file mode 100644 index 00000000000..85302fa823d --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.containo.us_middlewaretcps.yaml @@ -0,0 +1,72 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewaretcps.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + connections. The middleware closes the connection if there are + already amount connections opened. + format: int64 + type: integer + type: object + ipWhiteList: + description: IPWhiteList defines the IPWhiteList middleware configuration. + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.containo.us_serverstransports.yaml b/premium/traefik/26.7.4/crds/traefik.containo.us_serverstransports.yaml new file mode 100644 index 00000000000..d6fc3a92dba --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.containo.us_serverstransports.yaml @@ -0,0 +1,128 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: serverstransports.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'ServersTransport is the CRD implementation of a ServersTransport. + If no serversTransport is specified, the default@internal will be used. + The default@internal serversTransport is created from the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServersTransportSpec defines the desired state of a ServersTransport. + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: DisableHTTP2 disables HTTP/2 for connections with backend + servers. + type: boolean + forwardingTimeouts: + description: ForwardingTimeouts defines the timeouts for requests + forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + itself. + x-kubernetes-int-or-string: true + pingTimeout: + anyOf: + - type: integer + - type: string + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + readIdleTimeout: + anyOf: + - type: integer + - type: string + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: InsecureSkipVerify disables SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. + type: integer + peerCertURI: + description: PeerCertURI defines the peer cert URI used to match against + SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to validate + self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact the + server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.containo.us_tlsoptions.yaml b/premium/traefik/26.7.4/crds/traefik.containo.us_tlsoptions.yaml new file mode 100644 index 00000000000..73667667a3a --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.containo.us_tlsoptions.yaml @@ -0,0 +1,113 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsoptions.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSOption is the CRD implementation of a Traefik TLS Option, + allowing to configure some parameters of the TLS connection. More info: + https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSOptionSpec defines the desired state of a TLSOption. + properties: + alpnProtocols: + description: 'ALPNProtocols defines the list of supported application + level protocols for the TLS handshake, in order of preference. More + info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols' + items: + type: string + type: array + cipherSuites: + description: 'CipherSuites defines the list of supported cipher suites + for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites' + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the server's policy for TLS Client + Authentication. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - RequireAnyClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretNames defines the names of the referenced Kubernetes + Secret storing certificate details. + items: + type: string + type: array + type: object + curvePreferences: + description: 'CurvePreferences defines the preferred elliptic curves + in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences' + items: + type: string + type: array + maxVersion: + description: 'MaxVersion defines the maximum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: None.' + type: string + minVersion: + description: 'MinVersion defines the minimum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: VersionTLS10.' + type: string + preferServerCipherSuites: + description: 'PreferServerCipherSuites defines whether the server + chooses a cipher suite among his own instead of among the client''s. + It is enabled automatically when minVersion or maxVersion is set. + Deprecated: https://github.com/golang/go/issues/45430' + type: boolean + sniStrict: + description: SniStrict defines whether Traefik allows connections + from clients connections that do not specify a server_name extension. + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.containo.us_tlsstores.yaml b/premium/traefik/26.7.4/crds/traefik.containo.us_tlsstores.yaml new file mode 100644 index 00000000000..12f0ad37d86 --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.containo.us_tlsstores.yaml @@ -0,0 +1,99 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsstores.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For + the time being, only the TLSStore named default is supported. This means + that you cannot have two stores that are named default in different Kubernetes + namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSStoreSpec defines the desired state of a TLSStore. + properties: + certificates: + description: Certificates is a list of secret names, each secret holding + a key/certificate pair to add to the store. + items: + description: Certificate holds a secret name for the TLSStore resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + type: array + defaultCertificate: + description: DefaultCertificate defines the default certificate configuration. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + defaultGeneratedCert: + description: DefaultGeneratedCert defines the default generated certificate + configuration. + properties: + domain: + description: Domain is the domain definition for the DefaultCertificate. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain names. + items: + type: string + type: array + type: object + resolver: + description: Resolver is the name of the resolver that will be + used to issue the DefaultCertificate. + type: string + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.containo.us_traefikservices.yaml b/premium/traefik/26.7.4/crds/traefik.containo.us_traefikservices.yaml new file mode 100644 index 00000000000..0dcf470034f --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.containo.us_traefikservices.yaml @@ -0,0 +1,402 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: traefikservices.traefik.containo.us +spec: + group: traefik.containo.us + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: - Apply weight to Services on load-balancing + - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TraefikServiceSpec defines the desired state of a TraefikService. + properties: + mirroring: + description: Mirroring defines the Mirroring service configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + maxBodySize: + description: MaxBodySize defines the maximum size allowed for + the body of the request. If the body is larger, the request + is not mirrored. Default value is -1, which means unlimited + size. + format: int64 + type: integer + mirrors: + description: Mirrors defines the list of mirrors where Traefik + will duplicate the traffic. + items: + description: MirrorService holds the mirror configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or + if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + percent: + description: 'Percent defines the part of the traffic to + mirror. Supported values: 0 to 100.' + type: integer + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the two + is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the + only child is the Kubernetes Service clusterIP. The Kubernetes + Service itself does load-balance to the pods. By default, NativeLB + is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host header + is forwarded to the upstream Kubernetes Service. By default, + passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. This + can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards the + response from the upstream Kubernetes Service to the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https when + Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy between + the servers. RoundRobin is the only supported value at the moment. + type: string + weight: + description: Weight defines the weight and should only be specified + when Name references a TraefikService object (and to be precise, + one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: Weighted defines the Weighted Round Robin configuration. + properties: + services: + description: Services defines the list of Kubernetes Service and/or + TraefikService to load-balance, with weight. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or + if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: 'Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.io_ingressroutes.yaml b/premium/traefik/26.7.4/crds/traefik.io_ingressroutes.yaml new file mode 100644 index 00000000000..89aaee75952 --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.io_ingressroutes.yaml @@ -0,0 +1,275 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutes.traefik.io +spec: + group: traefik.io + names: + kind: IngressRoute + listKind: IngressRouteList + plural: ingressroutes + singular: ingressroute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRoute is the CRD implementation of a Traefik HTTP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteSpec defines the desired state of IngressRoute. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: Route holds the HTTP route configuration. + properties: + kind: + description: Kind defines the kind of the route. Rule is the + only supported kind. + enum: + - Rule + type: string + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule' + type: string + middlewares: + description: 'Middlewares defines the list of references to + Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware' + items: + description: MiddlewareRef is a reference to a Middleware + resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority' + type: integer + services: + description: Services defines the list of Service. It can contain + any combination of TraefikService and/or reference to a Kubernetes + Service. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client + Host header is forwarded to the upstream Kubernetes + Service. By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to + the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, + in milliseconds, in between flushes to the client + while copying the response body. A negative value + means to flush immediately after each write to the + client. This configuration is ignored when ReverseProxy + recognizes a response as a streaming response; for + such responses, writes are flushed to the client + immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the + request to the upstream Kubernetes Service. It defaults + to https when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as + JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie + can only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only + be specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round + Robin). + type: integer + required: + - name + type: object + type: array + required: + - kind + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + name: + description: 'Name defines the name of the referenced TLSOption. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption' + type: string + required: + - name + type: object + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: 'Name defines the name of the referenced TLSStore. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + namespace: + description: 'Namespace defines the namespace of the referenced + TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore' + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.io_ingressroutetcps.yaml b/premium/traefik/26.7.4/crds/traefik.io_ingressroutetcps.yaml new file mode 100644 index 00000000000..82f61ac24f1 --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.io_ingressroutetcps.yaml @@ -0,0 +1,218 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressroutetcps.traefik.io +spec: + group: traefik.io + names: + kind: IngressRouteTCP + listKind: IngressRouteTCPList + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteTCP holds the TCP route configuration. + properties: + match: + description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1' + type: string + middlewares: + description: Middlewares defines the list of references to MiddlewareTCP + resources. + items: + description: ObjectReference is a generic reference to a Traefik + resource. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: array + priority: + description: 'Priority defines the router''s priority. More + info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1' + type: integer + services: + description: Services defines the list of TCP services. + items: + description: ServiceTCP defines an upstream TCP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + proxyProtocol: + description: 'ProxyProtocol defines the PROXY protocol + configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol' + properties: + version: + description: Version defines the PROXY Protocol version + to use. + type: integer + type: object + terminationDelay: + description: TerminationDelay defines the deadline that + the proxy sets, after one of its connected peers indicates + it has closed the writing capability of its connection, + to close the reading capability as well, hence fully + terminating the connection. It is a duration in milliseconds, + defaulting to 100. A negative value means an infinite + deadline (i.e. the reading capability is never closed). + type: integer + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + required: + - match + type: object + type: array + tls: + description: 'TLS defines the TLS configuration on a layer 4 / TCP + Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1' + properties: + certResolver: + description: 'CertResolver defines the name of the certificate + resolver to use. Cert resolvers have to be configured in the + static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers' + type: string + domains: + description: 'Domains defines the list of domains that will be + used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains' + items: + description: Domain holds a domain name with SANs. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain + names. + items: + type: string + type: array + type: object + type: array + options: + description: 'Options defines the reference to a TLSOption, that + specifies the parameters of the TLS connection. If not defined, + the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + passthrough: + description: Passthrough defines whether a TLS router will terminate + the TLS connection. + type: boolean + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + store: + description: Store defines the reference to the TLSStore, that + will be used to store certificates. Please note that only `default` + TLSStore can be used. + properties: + name: + description: Name defines the name of the referenced Traefik + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Traefik resource. + type: string + required: + - name + type: object + type: object + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.io_ingressrouteudps.yaml b/premium/traefik/26.7.4/crds/traefik.io_ingressrouteudps.yaml new file mode 100644 index 00000000000..27c50185d08 --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.io_ingressrouteudps.yaml @@ -0,0 +1,105 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: ingressrouteudps.traefik.io +spec: + group: traefik.io + names: + kind: IngressRouteUDP + listKind: IngressRouteUDPList + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP. + properties: + entryPoints: + description: 'EntryPoints defines the list of entry point names to + bind to. Entry points have to be configured in the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/ + Default: all.' + items: + type: string + type: array + routes: + description: Routes defines the list of routes. + items: + description: RouteUDP holds the UDP route configuration. + properties: + services: + description: Services defines the list of UDP services. + items: + description: ServiceUDP defines an upstream UDP service to + proxy traffic to. + properties: + name: + description: Name defines the name of the referenced Kubernetes + Service. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs + or if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + weight: + description: Weight defines the weight used when balancing + requests between multiple Kubernetes Service. + type: integer + required: + - name + - port + type: object + type: array + type: object + type: array + required: + - routes + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.io_middlewares.yaml b/premium/traefik/26.7.4/crds/traefik.io_middlewares.yaml new file mode 100644 index 00000000000..5a4dc3640fa --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.io_middlewares.yaml @@ -0,0 +1,924 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewares.traefik.io +spec: + group: traefik.io + names: + kind: Middleware + listKind: MiddlewareList + plural: middlewares + singular: middleware + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'Middleware is the CRD implementation of a Traefik Middleware. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareSpec defines the desired state of a Middleware. + properties: + addPrefix: + description: 'AddPrefix holds the add prefix middleware configuration. + This middleware updates the path of a request before forwarding + it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/' + properties: + prefix: + description: Prefix is the string to add before the current path + in the requested URL. It should include a leading slash (/). + type: string + type: object + basicAuth: + description: 'BasicAuth holds the basic auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: 'RemoveHeader sets the removeHeader option to true + to remove the authorization header before forwarding the request + to your service. Default: false.' + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + buffering: + description: 'Buffering holds the buffering middleware configuration. + This middleware retries or limits the size of requests that can + be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes' + properties: + maxRequestBodyBytes: + description: 'MaxRequestBodyBytes defines the maximum allowed + body size for the request (in bytes). If the request exceeds + the allowed size, it is not forwarded to the service, and the + client gets a 413 (Request Entity Too Large) response. Default: + 0 (no maximum).' + format: int64 + type: integer + maxResponseBodyBytes: + description: 'MaxResponseBodyBytes defines the maximum allowed + response size from the service (in bytes). If the response exceeds + the allowed size, it is not forwarded to the client. The client + gets a 500 (Internal Server Error) response instead. Default: + 0 (no maximum).' + format: int64 + type: integer + memRequestBodyBytes: + description: 'MemRequestBodyBytes defines the threshold (in bytes) + from which the request will be buffered on disk instead of in + memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + memResponseBodyBytes: + description: 'MemResponseBodyBytes defines the threshold (in bytes) + from which the response will be buffered on disk instead of + in memory. Default: 1048576 (1Mi).' + format: int64 + type: integer + retryExpression: + description: 'RetryExpression defines the retry conditions. It + is a logical combination of functions with operators AND (&&) + and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression' + type: string + type: object + chain: + description: 'Chain holds the configuration of the chain middleware. + This middleware enables to define reusable combinations of other + pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/' + properties: + middlewares: + description: Middlewares is the list of MiddlewareRef which composes + the chain. + items: + description: MiddlewareRef is a reference to a Middleware resource. + properties: + name: + description: Name defines the name of the referenced Middleware + resource. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Middleware resource. + type: string + required: + - name + type: object + type: array + type: object + circuitBreaker: + description: CircuitBreaker holds the circuit breaker configuration. + properties: + checkPeriod: + anyOf: + - type: integer + - type: string + description: CheckPeriod is the interval between successive checks + of the circuit breaker condition (when in standby state). + x-kubernetes-int-or-string: true + expression: + description: Expression is the condition that triggers the tripped + state. + type: string + fallbackDuration: + anyOf: + - type: integer + - type: string + description: FallbackDuration is the duration for which the circuit + breaker will wait before trying to recover (from a tripped state). + x-kubernetes-int-or-string: true + recoveryDuration: + anyOf: + - type: integer + - type: string + description: RecoveryDuration is the duration for which the circuit + breaker will try to recover (as soon as it is in recovering + state). + x-kubernetes-int-or-string: true + type: object + compress: + description: 'Compress holds the compress middleware configuration. + This middleware compresses responses before sending them to the + client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/' + properties: + excludedContentTypes: + description: ExcludedContentTypes defines the list of content + types to compare the Content-Type header of the incoming requests + and responses before compressing. + items: + type: string + type: array + minResponseBodyBytes: + description: 'MinResponseBodyBytes defines the minimum amount + of bytes a response body must have to be compressed. Default: + 1024.' + type: integer + type: object + contentType: + description: ContentType holds the content-type middleware configuration. + This middleware exists to enable the correct behavior until at least + the default one can be changed in a future version. + properties: + autoDetect: + description: AutoDetect specifies whether to let the `Content-Type` + header, if it has not been set by the backend, be automatically + set to a value derived from the contents of the response. As + a proxy, the default behavior should be to leave the header + alone, regardless of what the backend did with it. However, + the historic default was to always auto-detect and set the header + if it was nil, and it is going to be kept that way in order + to support users currently relying on it. + type: boolean + type: object + digestAuth: + description: 'DigestAuth holds the digest auth middleware configuration. + This middleware restricts access to your services to known users. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/' + properties: + headerField: + description: 'HeaderField defines a header field to store the + authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield' + type: string + realm: + description: 'Realm allows the protected resources on a server + to be partitioned into a set of protection spaces, each with + its own authentication scheme. Default: traefik.' + type: string + removeHeader: + description: RemoveHeader defines whether to remove the authorization + header before forwarding the request to the backend. + type: boolean + secret: + description: Secret is the name of the referenced Kubernetes Secret + containing user credentials. + type: string + type: object + errors: + description: 'ErrorPage holds the custom error middleware configuration. + This middleware returns a custom page in lieu of the default, according + to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/' + properties: + query: + description: Query defines the URL for the error page (hosted + by service). The {status} variable can be used in order to insert + the status code in the URL. + type: string + service: + description: 'Service defines the reference to a Kubernetes Service + that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service' + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the + two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if + the only child is the Kubernetes Service clusterIP. The + Kubernetes Service itself does load-balance to the pods. + By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming + response; for such responses, writes are flushed to + the client immediately. Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes + Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can + be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported value + at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object (and + to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + status: + description: Status defines which status or range of statuses + should result in an error page. It can be either a status code + as a number (500), as multiple comma-separated numbers (500,502), + as ranges by separating two codes with a dash (500-599), or + a combination of the two (404,418,500-599). + items: + type: string + type: array + type: object + forwardAuth: + description: 'ForwardAuth holds the forward auth middleware configuration. + This middleware delegates the request authentication to a Service. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/' + properties: + address: + description: Address defines the authentication server address. + type: string + authRequestHeaders: + description: AuthRequestHeaders defines the list of the headers + to copy from the request to the authentication server. If not + set or empty then all request headers are passed. + items: + type: string + type: array + authResponseHeaders: + description: AuthResponseHeaders defines the list of headers to + copy from the authentication server response and set on forwarded + request, replacing any existing conflicting headers. + items: + type: string + type: array + authResponseHeadersRegex: + description: 'AuthResponseHeadersRegex defines the regex to match + headers to copy from the authentication server response and + set on forwarded request, after stripping all headers that match + the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex' + type: string + tls: + description: TLS defines the configuration used to secure the + connection to the authentication server. + properties: + caOptional: + type: boolean + caSecret: + description: CASecret is the name of the referenced Kubernetes + Secret containing the CA to validate the server certificate. + The CA certificate is extracted from key `tls.ca` or `ca.crt`. + type: string + certSecret: + description: CertSecret is the name of the referenced Kubernetes + Secret containing the client certificate. The client certificate + is extracted from the keys `tls.crt` and `tls.key`. + type: string + insecureSkipVerify: + description: InsecureSkipVerify defines whether the server + certificates should be validated. + type: boolean + type: object + trustForwardHeader: + description: 'TrustForwardHeader defines whether to trust (ie: + forward) all X-Forwarded-* headers.' + type: boolean + type: object + headers: + description: 'Headers holds the headers middleware configuration. + This middleware manages the requests and responses headers. More + info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders' + properties: + accessControlAllowCredentials: + description: AccessControlAllowCredentials defines whether the + request can include user credentials. + type: boolean + accessControlAllowHeaders: + description: AccessControlAllowHeaders defines the Access-Control-Request-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlAllowMethods: + description: AccessControlAllowMethods defines the Access-Control-Request-Method + values sent in preflight response. + items: + type: string + type: array + accessControlAllowOriginList: + description: AccessControlAllowOriginList is a list of allowable + origins. Can also be a wildcard origin "*". + items: + type: string + type: array + accessControlAllowOriginListRegex: + description: AccessControlAllowOriginListRegex is a list of allowable + origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/). + items: + type: string + type: array + accessControlExposeHeaders: + description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers + values sent in preflight response. + items: + type: string + type: array + accessControlMaxAge: + description: AccessControlMaxAge defines the time that a preflight + request may be cached. + format: int64 + type: integer + addVaryHeader: + description: AddVaryHeader defines whether the Vary header is + automatically added/updated when the AccessControlAllowOriginList + is set. + type: boolean + allowedHosts: + description: AllowedHosts defines the fully qualified list of + allowed domain names. + items: + type: string + type: array + browserXssFilter: + description: BrowserXSSFilter defines whether to add the X-XSS-Protection + header with the value 1; mode=block. + type: boolean + contentSecurityPolicy: + description: ContentSecurityPolicy defines the Content-Security-Policy + header value. + type: string + contentTypeNosniff: + description: ContentTypeNosniff defines whether to add the X-Content-Type-Options + header with the nosniff value. + type: boolean + customBrowserXSSValue: + description: CustomBrowserXSSValue defines the X-XSS-Protection + header value. This overrides the BrowserXssFilter option. + type: string + customFrameOptionsValue: + description: CustomFrameOptionsValue defines the X-Frame-Options + header value. This overrides the FrameDeny option. + type: string + customRequestHeaders: + additionalProperties: + type: string + description: CustomRequestHeaders defines the header names and + values to apply to the request. + type: object + customResponseHeaders: + additionalProperties: + type: string + description: CustomResponseHeaders defines the header names and + values to apply to the response. + type: object + featurePolicy: + description: 'Deprecated: use PermissionsPolicy instead.' + type: string + forceSTSHeader: + description: ForceSTSHeader defines whether to add the STS header + even when the connection is HTTP. + type: boolean + frameDeny: + description: FrameDeny defines whether to add the X-Frame-Options + header with the DENY value. + type: boolean + hostsProxyHeaders: + description: HostsProxyHeaders defines the header keys that may + hold a proxied hostname value for the request. + items: + type: string + type: array + isDevelopment: + description: IsDevelopment defines whether to mitigate the unwanted + effects of the AllowedHosts, SSL, and STS options when developing. + Usually testing takes place using HTTP, not HTTPS, and on localhost, + not your production domain. If you would like your development + environment to mimic production with complete Host blocking, + SSL redirects, and STS headers, leave this as false. + type: boolean + permissionsPolicy: + description: PermissionsPolicy defines the Permissions-Policy + header value. This allows sites to control browser features. + type: string + publicKey: + description: PublicKey is the public key that implements HPKP + to prevent MITM attacks with forged certificates. + type: string + referrerPolicy: + description: ReferrerPolicy defines the Referrer-Policy header + value. This allows sites to control whether browsers forward + the Referer header to other sites. + type: string + sslForceHost: + description: 'Deprecated: use RedirectRegex instead.' + type: boolean + sslHost: + description: 'Deprecated: use RedirectRegex instead.' + type: string + sslProxyHeaders: + additionalProperties: + type: string + description: 'SSLProxyHeaders defines the header keys with associated + values that would indicate a valid HTTPS request. It can be + useful when using other proxies (example: "X-Forwarded-Proto": + "https").' + type: object + sslRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + sslTemporaryRedirect: + description: 'Deprecated: use EntryPoint redirection or RedirectScheme + instead.' + type: boolean + stsIncludeSubdomains: + description: STSIncludeSubdomains defines whether the includeSubDomains + directive is appended to the Strict-Transport-Security header. + type: boolean + stsPreload: + description: STSPreload defines whether the preload flag is appended + to the Strict-Transport-Security header. + type: boolean + stsSeconds: + description: STSSeconds defines the max-age of the Strict-Transport-Security + header. If set to 0, the header is not set. + format: int64 + type: integer + type: object + inFlightReq: + description: 'InFlightReq holds the in-flight request middleware configuration. + This middleware limits the number of requests being processed and + served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/' + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + in-flight request. The middleware responds with HTTP 429 Too + Many Requests if there are already amount requests in progress + (based on the same sourceCriterion strategy). + format: int64 + type: integer + sourceCriterion: + description: 'SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the requestHost. More + info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + ipWhiteList: + description: 'IPWhiteList holds the IP whitelist middleware configuration. + This middleware accepts / refuses requests based on the client IP. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/' + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration used + by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position (starting + from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the X-Forwarded-For + header and select the first IP not in the list. + items: + type: string + type: array + type: object + sourceRange: + description: SourceRange defines the set of allowed IPs (or ranges + of allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + passTLSClientCert: + description: 'PassTLSClientCert holds the pass TLS client cert middleware + configuration. This middleware adds the selected data from the passed + client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/' + properties: + info: + description: Info selects the specific client certificate details + you want to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + issuer: + description: Issuer defines the client certificate issuer + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the issuer. + type: boolean + country: + description: Country defines whether to add the country + information into the issuer. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the issuer. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the issuer. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the issuer. + type: boolean + province: + description: Province defines whether to add the province + information into the issuer. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the issuer. + type: boolean + type: object + notAfter: + description: NotAfter defines whether to add the Not After + information from the Validity part. + type: boolean + notBefore: + description: NotBefore defines whether to add the Not Before + information from the Validity part. + type: boolean + sans: + description: Sans defines whether to add the Subject Alternative + Name information from the Subject Alternative Name part. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the client + serialNumber information. + type: boolean + subject: + description: Subject defines the client certificate subject + details to add to the X-Forwarded-Tls-Client-Cert-Info header. + properties: + commonName: + description: CommonName defines whether to add the organizationalUnit + information into the subject. + type: boolean + country: + description: Country defines whether to add the country + information into the subject. + type: boolean + domainComponent: + description: DomainComponent defines whether to add the + domainComponent information into the subject. + type: boolean + locality: + description: Locality defines whether to add the locality + information into the subject. + type: boolean + organization: + description: Organization defines whether to add the organization + information into the subject. + type: boolean + organizationalUnit: + description: OrganizationalUnit defines whether to add + the organizationalUnit information into the subject. + type: boolean + province: + description: Province defines whether to add the province + information into the subject. + type: boolean + serialNumber: + description: SerialNumber defines whether to add the serialNumber + information into the subject. + type: boolean + type: object + type: object + pem: + description: PEM sets the X-Forwarded-Tls-Client-Cert header with + the certificate. + type: boolean + type: object + plugin: + additionalProperties: + x-kubernetes-preserve-unknown-fields: true + description: 'Plugin defines the middleware plugin configuration. + More info: https://doc.traefik.io/traefik/plugins/' + type: object + rateLimit: + description: 'RateLimit holds the rate limit configuration. This middleware + ensures that services will receive a fair amount of requests, and + allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/' + properties: + average: + description: Average is the maximum rate, by default in requests/s, + allowed for the given source. It defaults to 0, which means + no rate limiting. The rate is actually defined by dividing Average + by Period. So for a rate below 1req/s, one needs to define a + Period larger than a second. + format: int64 + type: integer + burst: + description: Burst is the maximum number of requests allowed to + arrive in the same arbitrarily small period of time. It defaults + to 1. + format: int64 + type: integer + period: + anyOf: + - type: integer + - type: string + description: 'Period, in combination with Average, defines the + actual maximum rate, such as: r = Average / Period. It defaults + to a second.' + x-kubernetes-int-or-string: true + sourceCriterion: + description: SourceCriterion defines what criterion is used to + group requests as originating from a common source. If several + strategies are defined at the same time, an error will be raised. + If none are set, the default is to use the request's remote + address field (as an ipStrategy). + properties: + ipStrategy: + description: 'IPStrategy holds the IP strategy configuration + used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy' + properties: + depth: + description: Depth tells Traefik to use the X-Forwarded-For + header and take the IP located at the depth position + (starting from the right). + type: integer + excludedIPs: + description: ExcludedIPs configures Traefik to scan the + X-Forwarded-For header and select the first IP not in + the list. + items: + type: string + type: array + type: object + requestHeaderName: + description: RequestHeaderName defines the name of the header + used to group incoming requests. + type: string + requestHost: + description: RequestHost defines whether to consider the request + Host as the source. + type: boolean + type: object + type: object + redirectRegex: + description: 'RedirectRegex holds the redirect regex middleware configuration. + This middleware redirects a request using regex matching and replacement. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + regex: + description: Regex defines the regex used to match and capture + elements from the request URL. + type: string + replacement: + description: Replacement defines how to modify the URL to have + the new target URL. + type: string + type: object + redirectScheme: + description: 'RedirectScheme holds the redirect scheme middleware + configuration. This middleware redirects requests from a scheme/port + to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/' + properties: + permanent: + description: Permanent defines whether the redirection is permanent + (301). + type: boolean + port: + description: Port defines the port of the new URL. + type: string + scheme: + description: Scheme defines the scheme of the new URL. + type: string + type: object + replacePath: + description: 'ReplacePath holds the replace path middleware configuration. + This middleware replaces the path of the request URL and store the + original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/' + properties: + path: + description: Path defines the path to use as replacement in the + request URL. + type: string + type: object + replacePathRegex: + description: 'ReplacePathRegex holds the replace path regex middleware + configuration. This middleware replaces the path of a URL using + regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/' + properties: + regex: + description: Regex defines the regular expression used to match + and capture the path from the request URL. + type: string + replacement: + description: Replacement defines the replacement path format, + which can include captured variables. + type: string + type: object + retry: + description: 'Retry holds the retry middleware configuration. This + middleware reissues requests a given number of times to a backend + server if that server does not reply. As soon as the server answers, + the middleware stops retrying, regardless of the response status. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/' + properties: + attempts: + description: Attempts defines how many times the request should + be retried. + type: integer + initialInterval: + anyOf: + - type: integer + - type: string + description: InitialInterval defines the first wait time in the + exponential backoff series. The maximum interval is calculated + as twice the initialInterval. If unspecified, requests will + be retried immediately. The value of initialInterval should + be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration. + x-kubernetes-int-or-string: true + type: object + stripPrefix: + description: 'StripPrefix holds the strip prefix middleware configuration. + This middleware removes the specified prefixes from the URL path. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/' + properties: + forceSlash: + description: 'ForceSlash ensures that the resulting stripped path + is not the empty string, by replacing it with / when necessary. + Default: true.' + type: boolean + prefixes: + description: Prefixes defines the prefixes to strip from the request + URL. + items: + type: string + type: array + type: object + stripPrefixRegex: + description: 'StripPrefixRegex holds the strip prefix regex middleware + configuration. This middleware removes the matching prefixes from + the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/' + properties: + regex: + description: Regex defines the regular expression to match the + path prefix from the request URL. + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.io_middlewaretcps.yaml b/premium/traefik/26.7.4/crds/traefik.io_middlewaretcps.yaml new file mode 100644 index 00000000000..8623568f5b3 --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.io_middlewaretcps.yaml @@ -0,0 +1,72 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: middlewaretcps.traefik.io +spec: + group: traefik.io + names: + kind: MiddlewareTCP + listKind: MiddlewareTCPList + plural: middlewaretcps + singular: middlewaretcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware. + More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP. + properties: + inFlightConn: + description: InFlightConn defines the InFlightConn middleware configuration. + properties: + amount: + description: Amount defines the maximum amount of allowed simultaneous + connections. The middleware closes the connection if there are + already amount connections opened. + format: int64 + type: integer + type: object + ipWhiteList: + description: IPWhiteList defines the IPWhiteList middleware configuration. + properties: + sourceRange: + description: SourceRange defines the allowed IPs (or ranges of + allowed IPs by using CIDR notation). + items: + type: string + type: array + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.io_serverstransports.yaml b/premium/traefik/26.7.4/crds/traefik.io_serverstransports.yaml new file mode 100644 index 00000000000..803b56395a4 --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.io_serverstransports.yaml @@ -0,0 +1,128 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: serverstransports.traefik.io +spec: + group: traefik.io + names: + kind: ServersTransport + listKind: ServersTransportList + plural: serverstransports + singular: serverstransport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'ServersTransport is the CRD implementation of a ServersTransport. + If no serversTransport is specified, the default@internal will be used. + The default@internal serversTransport is created from the static configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServersTransportSpec defines the desired state of a ServersTransport. + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + disableHTTP2: + description: DisableHTTP2 disables HTTP/2 for connections with backend + servers. + type: boolean + forwardingTimeouts: + description: ForwardingTimeouts defines the timeouts for requests + forwarded to the backend servers. + properties: + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a + connection to a backend server can be established. + x-kubernetes-int-or-string: true + idleConnTimeout: + anyOf: + - type: integer + - type: string + description: IdleConnTimeout is the maximum period for which an + idle HTTP keep-alive connection will remain open before closing + itself. + x-kubernetes-int-or-string: true + pingTimeout: + anyOf: + - type: integer + - type: string + description: PingTimeout is the timeout after which the HTTP/2 + connection will be closed if a response to ping is not received. + x-kubernetes-int-or-string: true + readIdleTimeout: + anyOf: + - type: integer + - type: string + description: ReadIdleTimeout is the timeout after which a health + check using ping frame will be carried out if no frame is received + on the HTTP/2 connection. + x-kubernetes-int-or-string: true + responseHeaderTimeout: + anyOf: + - type: integer + - type: string + description: ResponseHeaderTimeout is the amount of time to wait + for a server's response headers after fully writing the request + (including its body, if any). + x-kubernetes-int-or-string: true + type: object + insecureSkipVerify: + description: InsecureSkipVerify disables SSL certificate verification. + type: boolean + maxIdleConnsPerHost: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. + type: integer + peerCertURI: + description: PeerCertURI defines the peer cert URI used to match against + SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to validate + self-signed certificate. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact the + server. + type: string + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.io_serverstransporttcps.yaml b/premium/traefik/26.7.4/crds/traefik.io_serverstransporttcps.yaml new file mode 100644 index 00000000000..10e0a3f0e79 --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.io_serverstransporttcps.yaml @@ -0,0 +1,122 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: serverstransporttcps.traefik.io +spec: + group: traefik.io + names: + kind: ServersTransportTCP + listKind: ServersTransportTCPList + plural: serverstransporttcps + singular: serverstransporttcp + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'ServersTransportTCP is the CRD implementation of a TCPServersTransport. + If no tcpServersTransport is specified, a default one named default@internal + will be used. The default@internal tcpServersTransport can be configured + in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServersTransportTCPSpec defines the desired state of a ServersTransportTCP. + properties: + dialKeepAlive: + anyOf: + - type: integer + - type: string + description: DialKeepAlive is the interval between keep-alive probes + for an active network connection. If zero, keep-alive probes are + sent with a default value (currently 15 seconds), if supported by + the protocol and operating system. Network protocols or operating + systems that do not support keep-alives ignore this field. If negative, + keep-alive probes are disabled. + x-kubernetes-int-or-string: true + dialTimeout: + anyOf: + - type: integer + - type: string + description: DialTimeout is the amount of time to wait until a connection + to a backend server can be established. + x-kubernetes-int-or-string: true + terminationDelay: + anyOf: + - type: integer + - type: string + description: TerminationDelay defines the delay to wait before fully + terminating the connection, after one connected peer has closed + its writing capability. + x-kubernetes-int-or-string: true + tls: + description: TLS defines the TLS configuration + properties: + certificatesSecrets: + description: CertificatesSecrets defines a list of secret storing + client certificates for mTLS. + items: + type: string + type: array + insecureSkipVerify: + description: InsecureSkipVerify disables TLS certificate verification. + type: boolean + peerCertURI: + description: MaxIdleConnsPerHost controls the maximum idle (keep-alive) + to keep per-host. PeerCertURI defines the peer cert URI used + to match against SAN URI during the peer certificate verification. + type: string + rootCAsSecrets: + description: RootCAsSecrets defines a list of CA secret used to + validate self-signed certificates. + items: + type: string + type: array + serverName: + description: ServerName defines the server name used to contact + the server. + type: string + spiffe: + description: Spiffe defines the SPIFFE configuration. + properties: + ids: + description: IDs defines the allowed SPIFFE IDs (takes precedence + over the SPIFFE TrustDomain). + items: + type: string + type: array + trustDomain: + description: TrustDomain defines the allowed SPIFFE trust + domain. + type: string + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.io_tlsoptions.yaml b/premium/traefik/26.7.4/crds/traefik.io_tlsoptions.yaml new file mode 100644 index 00000000000..b86fefe0e95 --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.io_tlsoptions.yaml @@ -0,0 +1,113 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsoptions.traefik.io +spec: + group: traefik.io + names: + kind: TLSOption + listKind: TLSOptionList + plural: tlsoptions + singular: tlsoption + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSOption is the CRD implementation of a Traefik TLS Option, + allowing to configure some parameters of the TLS connection. More info: + https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSOptionSpec defines the desired state of a TLSOption. + properties: + alpnProtocols: + description: 'ALPNProtocols defines the list of supported application + level protocols for the TLS handshake, in order of preference. More + info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols' + items: + type: string + type: array + cipherSuites: + description: 'CipherSuites defines the list of supported cipher suites + for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites' + items: + type: string + type: array + clientAuth: + description: ClientAuth defines the server's policy for TLS Client + Authentication. + properties: + clientAuthType: + description: ClientAuthType defines the client authentication + type to apply. + enum: + - NoClientCert + - RequestClientCert + - RequireAnyClientCert + - VerifyClientCertIfGiven + - RequireAndVerifyClientCert + type: string + secretNames: + description: SecretNames defines the names of the referenced Kubernetes + Secret storing certificate details. + items: + type: string + type: array + type: object + curvePreferences: + description: 'CurvePreferences defines the preferred elliptic curves + in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences' + items: + type: string + type: array + maxVersion: + description: 'MaxVersion defines the maximum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: None.' + type: string + minVersion: + description: 'MinVersion defines the minimum TLS version that Traefik + will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12, + VersionTLS13. Default: VersionTLS10.' + type: string + preferServerCipherSuites: + description: 'PreferServerCipherSuites defines whether the server + chooses a cipher suite among his own instead of among the client''s. + It is enabled automatically when minVersion or maxVersion is set. + Deprecated: https://github.com/golang/go/issues/45430' + type: boolean + sniStrict: + description: SniStrict defines whether Traefik allows connections + from clients connections that do not specify a server_name extension. + type: boolean + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.io_tlsstores.yaml b/premium/traefik/26.7.4/crds/traefik.io_tlsstores.yaml new file mode 100644 index 00000000000..47b46854c8b --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.io_tlsstores.yaml @@ -0,0 +1,99 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: tlsstores.traefik.io +spec: + group: traefik.io + names: + kind: TLSStore + listKind: TLSStoreList + plural: tlsstores + singular: tlsstore + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For + the time being, only the TLSStore named default is supported. This means + that you cannot have two stores that are named default in different Kubernetes + namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TLSStoreSpec defines the desired state of a TLSStore. + properties: + certificates: + description: Certificates is a list of secret names, each secret holding + a key/certificate pair to add to the store. + items: + description: Certificate holds a secret name for the TLSStore resource. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + type: array + defaultCertificate: + description: DefaultCertificate defines the default certificate configuration. + properties: + secretName: + description: SecretName is the name of the referenced Kubernetes + Secret to specify the certificate details. + type: string + required: + - secretName + type: object + defaultGeneratedCert: + description: DefaultGeneratedCert defines the default generated certificate + configuration. + properties: + domain: + description: Domain is the domain definition for the DefaultCertificate. + properties: + main: + description: Main defines the main domain name. + type: string + sans: + description: SANs defines the subject alternative domain names. + items: + type: string + type: array + type: object + resolver: + description: Resolver is the name of the resolver that will be + used to issue the DefaultCertificate. + type: string + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/crds/traefik.io_traefikservices.yaml b/premium/traefik/26.7.4/crds/traefik.io_traefikservices.yaml new file mode 100644 index 00000000000..0f3475bda46 --- /dev/null +++ b/premium/traefik/26.7.4/crds/traefik.io_traefikservices.yaml @@ -0,0 +1,402 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: traefikservices.traefik.io +spec: + group: traefik.io + names: + kind: TraefikService + listKind: TraefikServiceList + plural: traefikservices + singular: traefikservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: 'TraefikService is the CRD implementation of a Traefik Service. + TraefikService object allows to: - Apply weight to Services on load-balancing + - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TraefikServiceSpec defines the desired state of a TraefikService. + properties: + mirroring: + description: Mirroring defines the Mirroring service configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + maxBodySize: + description: MaxBodySize defines the maximum size allowed for + the body of the request. If the body is larger, the request + is not mirrored. Default value is -1, which means unlimited + size. + format: int64 + type: integer + mirrors: + description: Mirrors defines the list of mirrors where Traefik + will duplicate the traffic. + items: + description: MirrorService holds the mirror configuration. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or + if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + percent: + description: 'Percent defines the part of the traffic to + mirror. Supported values: 0 to 100.' + type: integer + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between the two + is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or if the + only child is the Kubernetes Service clusterIP. The Kubernetes + Service itself does load-balance to the pods. By default, NativeLB + is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host header + is forwarded to the upstream Kubernetes Service. By default, + passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. This + can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards the + response from the upstream Kubernetes Service to the client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in milliseconds, + in between flushes to the client while copying the response + body. A negative value means to flush immediately after + each write to the client. This configuration is ignored + when ReverseProxy recognizes a response as a streaming response; + for such responses, writes are flushed to the client immediately. + Default: 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https when + Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport between + Traefik and your servers. Can only be used on a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy between + the servers. RoundRobin is the only supported value at the moment. + type: string + weight: + description: Weight defines the weight and should only be specified + when Name references a TraefikService object (and to be precise, + one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + weighted: + description: Weighted defines the Weighted Round Robin configuration. + properties: + services: + description: Services defines the list of Kubernetes Service and/or + TraefikService to load-balance, with weight. + items: + description: Service defines an upstream HTTP service to proxy + traffic to. + properties: + kind: + description: Kind defines the kind of the Service. + enum: + - Service + - TraefikService + type: string + name: + description: Name defines the name of the referenced Kubernetes + Service or TraefikService. The differentiation between + the two is specified in the Kind field. + type: string + namespace: + description: Namespace defines the namespace of the referenced + Kubernetes Service or TraefikService. + type: string + nativeLB: + description: NativeLB controls, when creating the load-balancer, + whether the LB's children are directly the pods IPs or + if the only child is the Kubernetes Service clusterIP. + The Kubernetes Service itself does load-balance to the + pods. By default, NativeLB is false. + type: boolean + passHostHeader: + description: PassHostHeader defines whether the client Host + header is forwarded to the upstream Kubernetes Service. + By default, passHostHeader is true. + type: boolean + port: + anyOf: + - type: integer + - type: string + description: Port defines the port of a Kubernetes Service. + This can be a reference to a named port. + x-kubernetes-int-or-string: true + responseForwarding: + description: ResponseForwarding defines how Traefik forwards + the response from the upstream Kubernetes Service to the + client. + properties: + flushInterval: + description: 'FlushInterval defines the interval, in + milliseconds, in between flushes to the client while + copying the response body. A negative value means + to flush immediately after each write to the client. + This configuration is ignored when ReverseProxy recognizes + a response as a streaming response; for such responses, + writes are flushed to the client immediately. Default: + 100ms' + type: string + type: object + scheme: + description: Scheme defines the scheme to use for the request + to the upstream Kubernetes Service. It defaults to https + when Kubernetes Service port is 443, http otherwise. + type: string + serversTransport: + description: ServersTransport defines the name of ServersTransport + resource to use. It allows to configure the transport + between Traefik and your servers. Can only be used on + a Kubernetes Service. + type: string + sticky: + description: 'Sticky defines the sticky sessions configuration. + More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie + can be accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. + More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can + only be transmitted over an encrypted connection + (i.e. HTTPS). + type: boolean + type: object + type: object + strategy: + description: Strategy defines the load balancing strategy + between the servers. RoundRobin is the only supported + value at the moment. + type: string + weight: + description: Weight defines the weight and should only be + specified when Name references a TraefikService object + (and to be precise, one that embeds a Weighted Round Robin). + type: integer + required: + - name + type: object + type: array + sticky: + description: 'Sticky defines whether sticky sessions are enabled. + More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing' + properties: + cookie: + description: Cookie defines the sticky cookie configuration. + properties: + httpOnly: + description: HTTPOnly defines whether the cookie can be + accessed by client-side APIs, such as JavaScript. + type: boolean + name: + description: Name defines the Cookie name. + type: string + sameSite: + description: 'SameSite defines the same site policy. More + info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite' + type: string + secure: + description: Secure defines whether the cookie can only + be transmitted over an encrypted connection (i.e. HTTPS). + type: boolean + type: object + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/premium/traefik/26.7.4/dashboard.json b/premium/traefik/26.7.4/dashboard.json new file mode 100644 index 00000000000..dccba9bde75 --- /dev/null +++ b/premium/traefik/26.7.4/dashboard.json @@ -0,0 +1,1568 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "9.3.1" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Official dashboard for Traefik on Kubernetes", + "editable": false, + "fiscalYearStartMonth": 0, + "gnetId": 17347, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 9, + "panels": [], + "title": "General", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 5, + "x": 0, + "y": 1 + }, + "id": 13, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.3.1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "count(traefik_config_reloads_total)", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Traefik Instances", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 7, + "x": 5, + "y": 1 + }, + "id": 7, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(traefik_entrypoint_requests_total{entrypoint=~\"$entrypoint\"}[1m])) by (entrypoint)", + "legendFormat": "{{entrypoint}}", + "range": true, + "refId": "A" + } + ], + "title": "Requests per Entrypoint", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "https://medium.com/@tristan_96324/prometheus-apdex-alerting-d17a065e39d0", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 6, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "(sum(rate(traefik_entrypoint_request_duration_seconds_bucket{le=\"0.3\",code=\"200\",entrypoint=~\"$entrypoint\"}[5m])) by (method) + \n sum(rate(traefik_entrypoint_request_duration_seconds_bucket{le=\"1.2\",code=\"200\",entrypoint=~\"$entrypoint\"}[5m])) by (method)) / 2 / \n sum(rate(traefik_entrypoint_request_duration_seconds_count{code=\"200\",entrypoint=~\"$entrypoint\"}[5m])) by (method)\n", + "legendFormat": "{{method}}", + "range": true, + "refId": "A" + } + ], + "title": "Apdex score", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Mean Distribution", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 5, + "x": 0, + "y": 3 + }, + "id": 14, + "options": { + "legend": { + "displayMode": "list", + "placement": "right", + "showLegend": true, + "values": ["percent"] + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["mean"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "multi", + "sort": "asc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(traefik_service_requests_total{service=~\"$service.*\",protocol=\"http\"}[1m])) by (method, code)", + "legendFormat": "{{method}}[{{code}}]", + "range": true, + "refId": "A" + } + ], + "title": "Http Code ", + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 23, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n traefik_service_request_duration_seconds_sum{service=~\"$service.*\",protocol=\"http\"} / \n traefik_service_request_duration_seconds_count{service=~\"$service.*\",protocol=\"http\"},\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)\n\n", + "legendFormat": "{{method}}[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Top slow services", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 5, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Most requested services", + "type": "timeseries" + }, + { + "collapsed": true, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 11, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 18 + }, + "id": 3, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "label_replace(\n 1 - (sum by (service)\n (rate(traefik_service_request_duration_seconds_bucket{le=\"1.2\",service=~\"$service.*\"}[5m])) / sum by (service) \n (rate(traefik_service_request_duration_seconds_count{service=~\"$service.*\"}[5m]))\n ) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\"\n)", + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Services failing SLO of 1200ms", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 18 + }, + "id": 4, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "label_replace(\n 1 - (sum by (service)\n (rate(traefik_service_request_duration_seconds_bucket{le=\"0.3\",service=~\"$service.*\"}[5m])) / sum by (service) \n (rate(traefik_service_request_duration_seconds_count{service=~\"$service.*\"}[5m]))\n ) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\"\n)", + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Services failing SLO of 300ms", + "type": "timeseries" + } + ], + "title": "SLO", + "type": "row" + }, + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 18 + }, + "id": 16, + "panels": [], + "title": "HTTP Details", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 8, + "x": 0, + "y": 19 + }, + "id": 17, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code=~\"2..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}}[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "2xx over 5 min", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 8, + "x": 8, + "y": 19 + }, + "id": 18, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code=~\"5..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}}[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "5xx over 5 min", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 8, + "x": 16, + "y": 19 + }, + "id": 19, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method,code) \n (rate(traefik_service_requests_total{service=~\"$service.*\",code!~\"2..|5..\",protocol=\"http\"}[5m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}}[{{code}}] on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Other codes over 5 min", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "binBps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 31 + }, + "id": 20, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method) \n (rate(traefik_service_requests_bytes_total{service=~\"$service.*\",protocol=\"http\"}[1m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}} on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Requests Size", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisGridShow": true, + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "binBps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 31 + }, + "id": 24, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Mean", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "topk(15,\n label_replace(\n sum by (service,method) \n (rate(traefik_service_responses_bytes_total{service=~\"$service.*\",protocol=\"http\"}[1m])) > 0,\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)", + "legendFormat": "{{method}} on {{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Responses Size", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 39 + }, + "id": 2, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "label_replace(\n sum(traefik_service_open_connections{service=~\"$service.*\"}) by (service),\n \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")", + "legendFormat": "{{service}}", + "range": true, + "refId": "A" + } + ], + "title": "Connections per Service", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 39 + }, + "id": 21, + "options": { + "legend": { + "calcs": ["mean", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true, + "sortBy": "Max", + "sortDesc": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(traefik_entrypoint_open_connections{entrypoint=~\"$entrypoint\"}) by (entrypoint)\n", + "legendFormat": "{{entrypoint}}", + "range": true, + "refId": "A" + } + ], + "title": "Connections per Entrypoint", + "type": "timeseries" + } + ], + "refresh": false, + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "DS_PROMETHEUS", + "label": "datasource", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(traefik_entrypoint_open_connections, entrypoint)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "entrypoint", + "options": [], + "query": { + "query": "label_values(traefik_entrypoint_open_connections, entrypoint)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(traefik_service_open_connections, service)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "service", + "options": [], + "query": { + "query": "label_values(traefik_service_open_connections, service)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "/([^-]+-[^-]+).*/", + "skipUrlSync": false, + "sort": 1, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Traefik Official Kubernetes Dashboard", + "uid": "n5bu_kv4k", + "version": 6, + "weekStart": "" +} diff --git a/premium/traefik/26.7.4/ix_values.yaml b/premium/traefik/26.7.4/ix_values.yaml new file mode 100644 index 00000000000..45600bb66bd --- /dev/null +++ b/premium/traefik/26.7.4/ix_values.yaml @@ -0,0 +1,498 @@ +image: + repository: tccr.io/tccr/traefik + tag: v2.11.0@sha256:bc607266aea202d65460dda5621d5dff4f143610ed012f46ab91b3238a601a35 + pullPolicy: IfNotPresent +manifestManager: + enabled: true +workload: + main: + replicas: 2 + strategy: RollingUpdate + podSpec: + containers: + main: + args: [] + probes: + # -- Liveness probe configuration + # @default -- See below + liveness: + # -- sets the probe type when not using a custom probe + # @default -- "TCP" + type: tcp + # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used + # @default -- "/" + # path: "/ping" + # -- Readiness probe configuration + # @default -- See below + readiness: + # -- sets the probe type when not using a custom probe + # @default -- "TCP" + type: tcp + # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used + # @default -- "/" + # path: "/ping" + # -- Startup probe configuration + # @default -- See below + startup: + # -- sets the probe type when not using a custom probe + # @default -- "TCP" + type: tcp + # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used + # @default -- "/" + # path: "/ping" +# -- Options for all pods +# Can be overruled per pod +podOptions: + automountServiceAccountToken: true +operator: + register: true +# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x +ingressClass: + # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12 + enabled: false + isDefaultClass: false + # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1" + fallbackApiVersion: "" +# -- Create an IngressRoute for the dashboard +ingressRoute: + dashboard: + enabled: true + # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) + annotations: {} + # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) + labels: {} +# +# -- Configure providers +providers: + kubernetesCRD: + enabled: true + namespaces: [] + # - "default" + kubernetesIngress: + enabled: true + # labelSelector: environment=production,method=traefik + namespaces: [] + # - "default" + # IP used for Kubernetes Ingress endpoints + publishedService: + enabled: true + # Published Kubernetes Service to copy status from. Format: namespace/servicename + # By default this Traefik service + # pathOverride: "" +# -- Logs +# https://docs.traefik.io/observability/logs/ +logs: + # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on). + general: + # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. + level: ERROR + # -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format + format: common + access: + # To enable access logs + enabled: false + # To write the logs in an asynchronous fashion, specify a bufferingSize option. + # This option represents the number of log lines Traefik will keep in memory before writing + # them to the selected output. In some cases, this option can greatly help performances. + # bufferingSize: 100 + # Filtering https://docs.traefik.io/observability/access-logs/#filtering + filters: {} + # statuscodes: "200,300-302" + # retryattempts: true + # minduration: 10ms + # Fields + # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers + fields: + general: + defaultmode: keep + names: {} + # Examples: + # ClientUsername: drop + headers: + defaultmode: drop + names: {} + # Examples: + # User-Agent: redact + # Authorization: drop + # Content-Type: keep + # -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format + format: common +metrics: + main: + enabled: true + type: servicemonitor + endpoints: + - port: metrics + path: /metrics + targetSelector: metrics + +globalArguments: + - "--global.checknewversion" + +configmap: + dashboard: + enabled: true + labels: + grafana_dashboard: "1" + data: + traefik.json: >- + {{ .Files.Get "dashboard.json" | indent 8 }} + +## +# -- Additional arguments to be passed at Traefik's binary +# All available options available on https://docs.traefik.io/reference/static-configuration/cli/ +## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` +additionalArguments: + - "--serverstransport.insecureskipverify=true" + - "--providers.kubernetesingress.allowexternalnameservices=true" + +# -- Default clusterCertificate generated by clusterissuer +defaultCertificate: "" + +# -- Add custom DNSStore objects +tlsStore: {} + +# -- TLS Options to be created as TLSOption CRDs +# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options +# Example: +tlsOptions: + default: + sniStrict: false + minVersion: VersionTLS12 + curvePreferences: + - CurveP521 + - CurveP384 + cipherSuites: + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 +# -- Options for the main traefik service, where the entrypoints traffic comes from +# from. +service: + main: + type: LoadBalancer + ports: + main: + port: 9000 + targetPort: 9000 + protocol: http + # -- Forwarded Headers should never be enabled on Main entrypoint + forwardedHeaders: + enabled: false + # -- Proxy Protocol should never be enabled on Main entrypoint + proxyProtocol: + enabled: false + tcp: + enabled: true + type: LoadBalancer + ## In most cases, you want this changed to `Local` + externalTrafficPolicy: Cluster + ports: + web: + enabled: true + port: 80 + protocol: http + redirectTo: websecure + # Options: Empty, 0 (ingore), or positive int + # redirectPort: + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support + proxyProtocol: + enabled: false + # -- Only IPs in trustedIPs will lead to remote client address replacement + trustedIPs: [] + # -- Trust every incoming connection + insecureMode: false + websecure: + enabled: true + port: 443 + protocol: https + # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support + forwardedHeaders: + enabled: false + # -- List of trusted IP and CIDR references + trustedIPs: [] + # -- Trust all forwarded headers + insecureMode: false + # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support + proxyProtocol: + enabled: false + # -- Only IPs in trustedIPs will lead to remote client address replacement + trustedIPs: [] + # -- Trust every incoming connection + insecureMode: false + # tcpexample: + # enabled: true + # targetPort: 9443 + # protocol: tcp + # tls: + # enabled: false + # # this is the name of a TLSOption definition + # options: "" + # certResolver: "" + # domains: [] + # # - main: example.com + # # sans: + # # - foo.example.com + # # - bar.example.com + metrics: + enabled: true + type: ClusterIP + ports: + metrics: + enabled: true + port: 9180 + targetPort: 9180 + protocol: http + # -- Forwarded Headers should never be enabled on Metrics entrypoint + forwardedHeaders: + enabled: false + # -- Proxy Protocol should never be enabled on Metrics entrypoint + proxyProtocol: + enabled: false + # udp: + # enabled: false +# -- Whether Role Based Access Control objects like roles and rolebindings should be created +rbac: + main: + enabled: true + primary: true + clusterWide: true + rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - get + - list + - watch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - traefik.containo.us + - traefik.io + resources: + - middlewares + - middlewaretcps + - ingressroutes + - traefikservices + - ingressroutetcps + - ingressrouteudps + - tlsoptions + - tlsstores + - serverstransports + verbs: + - get + - list + - watch +# -- The service account the pods will use to interact with the Kubernetes API +serviceAccount: + main: + enabled: true + primary: true +# -- SCALE Middleware Handlers +middlewares: + basicAuth: [] + # - name: basicauthexample + # users: + # - username: testuser + # password: testpassword + forwardAuth: [] + # - name: forwardAuthexample + # address: https://auth.example.com/ + # authResponseHeaders: + # - X-Secret + # - X-Auth-User + # authRequestHeaders: + # - "Accept" + # - "X-CustomHeader" + # authResponseHeadersRegex: "^X-" + # trustForwardHeader: true + customRequestHeaders: [] + # - name: customRequestHeaderExample + # headers: + # - name: X-Custom-Header + # value: "foobar" + # - name: X-Header-To-Remove + # value: "" + customResponseHeaders: [] + # - name: customResponseHeaderExample + # headers: + # - name: X-Custom-Header + # value: "foobar" + # - name: X-Header-To-Remove + # value: "" + rewriteResponseHeaders: [] + # - name: rewriteResponseHeadersName + # headers: + # - name: "Location" + # regex: "^http://(.+)$" + # replacement: "https://$1" + # - name: "Date" + # regex: "^[^,]+,\\s*(.+)$" + # replacement: "$1" + customFrameOptionsValue: [] + # - name: customFrameOptionsValueExample + # value: "SAMEORIGIN" + buffering: [] + # - name: bufferingExample + # maxRequestBodyBytes: 1000000 + # memRequestBodyBytes: 1000000 + # maxResponseBodyBytes: 1000000 + # memResponseBodyBytes: 1000000 + # retryExpression: "IsNetworkError() && Attempts() < 2" + chain: [] + # - name: chainname + # middlewares: + # - name: compress + redirectScheme: [] + # - name: redirectSchemeName + # scheme: https + # permanent: true + rateLimit: [] + # - name: rateLimitName + # average: 300 + # burst: 200 + redirectRegex: [] + # - name: redirectRegexName + # regex: putregexhere + # replacement: replacementurlhere + # permanent: false + stripPrefixRegex: [] + # - name: stripPrefixRegexName + # regex: [] + ipWhiteList: [] + # - name: ipWhiteListName + # sourceRange: [] + # ipStrategy: + # depth: 2 + # excludedIPs: [] + themePark: [] + # - name: themeParkName + # -- Supported apps, lower case name + # -- https://docs.theme-park.dev/themes + # app: appnamehere + # -- Supported themes, lower case name + # -- https://docs.theme-park.dev/themes/APPNAMEHERE + # -- https://docs.theme-park.dev/community-themes + # theme: themenamehere + # -- https://theme-park.dev or a self hosted url + # baseUrl: https://theme-park.dev + # Sets X-Real-Ip with an IP from the X-Forwarded-For or + # Cf-Connecting-Ip (If from Cloudflare) + # Evaluation of those headers will go from last to first + realIP: [] + # - name: realIPName + # -- The real IP will be the first one that is + # -- not included in any of the CIDRs passed here + # excludedNetworks: + # - 1.1.1.1/24 + addPrefix: [] + # - name: addPrefixName + # prefix: "/foo" + geoBlock: [] + # -- https://github.com/PascalMinder/geoblock + # - name: geoBlockName + # allowLocalRequests: true + # logLocalRequests: false + # logAllowedRequests: false + # logApiRequests: false + # api: https://get.geojs.io/v1/ip/country/{ip} + # apiTimeoutMs: 500 + # cacheSize: 25 + # forceMonthlyUpdate: true + # allowUnknownCountries: false + # unknownCountryApiResponse: nil + # blackListMode: false + # countries: + # - RU + modsecurity: [] + # - name: modsecurityName + # modSecurityUrl: modSecurity container URL + # timeoutMillis: Configurated timeout + # maxBodySize: maxBodySize + bouncer: [] + # - name: bouncer + # enabled: false + # logLevel: DEBUG + # updateIntervalSeconds: 60 + # defaultDecisionSeconds: 60 + # httpTimeoutSeconds: 10 + # crowdsecMode: live + # crowdsecAppsecEnabled: false + # crowdsecAppsecHost: crowdsec:7422 + # crowdsecAppsecFailureBlock: true + # crowdsecLapiKey: privateKey-foo + # crowdsecLapiKeyFile: /etc/traefik/cs-privateKey-foo + # crowdsecLapiHost: crowdsec:8080 + # crowdsecLapiScheme: http + # crowdsecLapiTLSInsecureVerify: false + # crowdsecCapiMachineId: login + # crowdsecCapiPassword: password + # crowdsecCapiScenarios: + # - crowdsecurity/http-path-traversal-probing + # - crowdsecurity/http-xss-probing + # - crowdsecurity/http-generic-bf + # forwardedHeadersTrustedIPs: + # - 10.0.10.23/32 + # - 10.0.20.0/24 + # clientTrustedIPs: + # - 192.168.1.0/24 + # forwardedHeadersCustomName: X-Custom-Header + # redisCacheEnabled: false + # redisCacheHost: "redis:6379" + # redisCachePassword: password + # redisCacheDatabase: "5" + # crowdsecLapiTLSCertificateAuthority: |- + # crowdsecLapiTLSCertificateAuthorityFile: /etc/traefik/crowdsec-certs/ca.pem + # crowdsecLapiTLSCertificateBouncer: |- + # crowdsecLapiTLSCertificateBouncerFile: /etc/traefik/crowdsec-certs/bouncer.pem + # crowdsecLapiTLSCertificateBouncerKey: |- + # crowdsecLapiTLSCertificateBouncerKeyFile: /etc/traefik/crowdsec-certs/bouncer-key.pem + ## Note: body of every request will be buffered in memory while the request is in-flight + ## (i.e.: during the security check and during the request processing by traefik and the backend), + ## so you may want to tune maxBodySize depending on how much RAM you have. +portalhook: + enabled: true +persistence: + plugins: + enabled: true + mountPath: "/plugins-storage" + type: emptyDir + crowdsec-bouncer-tls: + enabled: "{{ if .Values.middlewares.bouncer }}true{{ else }}false{{ end }}" + mountPath: "/etc/traefik/crowdsec-certs" + type: secret + expandObjectName: false + objectName: crowdsec-bouncer-tls +portal: + open: + enabled: true + path: /dashboard/ diff --git a/premium/traefik/26.7.4/questions.yaml b/premium/traefik/26.7.4/questions.yaml new file mode 100755 index 00000000000..338c2f71d37 --- /dev/null +++ b/premium/traefik/26.7.4/questions.yaml @@ -0,0 +1,3434 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Backup Configuration + description: Configure Velero Backup Schedule + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation + +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + + path: "$kubernetes-resource_configmap_tcportal-open_path" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + + - variable: imagePullSecretList + group: "General Settings" + label: "Image Pull Secrets" + schema: + type: list + default: [] + items: + - variable: pullsecretentry + label: "Pull Secret" + schema: + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + - variable: data + label: Data + schema: + type: dict + additional_attrs: true + attrs: + - variable: registry + label: "Registry" + schema: + type: string + required: true + default: "https://index.docker.io/v1/" + - variable: username + label: "Username" + schema: + type: string + required: true + default: "" + - variable: password + label: "Password" + schema: + type: string + required: true + private: true + default: "" + - variable: email + label: "Email" + schema: + type: string + required: true + default: "" + + - variable: expertIngressClass + label: Expert Mode + group: App Configuration + description: | + Expert Mode contains settings like:
+ - IngressClass
+ schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: ingressClass + label: "ingressClass" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + description: "When enabled, ingressClass will match the entered name of this app" + schema: + type: boolean + default: false + - variable: isDefaultClass + label: "isDefaultClass" + schema: + type: boolean + show_if: [["enabled", "=", true]] + default: false + - variable: logs + label: "Logs" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log Level" + schema: + type: string + default: "ERROR" + enum: + - value: "INFO" + description: "Info" + - value: "WARN" + description: "Warnings" + - value: "ERROR" + description: "Errors" + - value: "FATAL" + description: "Fatal Errors" + - value: "PANIC" + description: "Panics" + - value: "DEBUG" + description: "Debug" + - variable: format + label: "General Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: access + label: "Access Logs" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: enabledFilters + label: "Enable Filters" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: filters + label: "Filters" + schema: + additional_attrs: true + type: dict + attrs: + - variable: statuscodes + label: "Status codes" + schema: + type: string + default: "200,300-302" + - variable: retryattempts + label: "retryattempts" + schema: + type: boolean + default: true + - variable: minduration + label: "minduration" + schema: + type: string + default: "10ms" + - variable: fields + label: "Fields" + schema: + additional_attrs: true + type: dict + attrs: + - variable: general + label: "General" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "keep" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: headers + label: "Headers" + schema: + additional_attrs: true + type: dict + attrs: + - variable: defaultmode + label: "Default Mode" + schema: + type: string + default: "drop" + enum: + - value: "keep" + description: "Keep" + - value: "drop" + description: "Drop" + - variable: format + label: "Access Log format" + schema: + type: string + default: "common" + enum: + - value: "common" + description: "Common Log Format" + - value: "json" + description: "JSON" + - variable: middlewares + label: "" + group: "Middlewares" + schema: + additional_attrs: true + type: dict + attrs: + - variable: basicAuth + label: basicAuth + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: users + label: Users + schema: + type: list + default: [] + items: + - variable: usersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: username + label: Username + schema: + type: string + required: true + default: "" + - variable: password + label: Password + schema: + type: string + required: true + default: "" + + - variable: forwardAuth + label: forwardAuth + schema: + type: list + default: [] + items: + - variable: basicAuthEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: address + label: Address + schema: + type: string + required: true + default: "" + - variable: trustForwardHeader + label: trustForwardHeader + schema: + type: boolean + default: false + - variable: tls + label: TLS + schema: + additional_attrs: true + type: dict + attrs: + - variable: insecureSkipVerify + label: insecureSkipVerify (expert) + description: >- + This disables all TLS certificate validation on communications with the authentication endpoint. + This could be a security risk and should only be used if you know what you are doing. + schema: + type: boolean + default: false + - variable: authResponseHeadersRegex + label: authResponseHeadersRegex + schema: + type: string + default: "" + - variable: authResponseHeaders + label: authResponseHeaders + schema: + type: list + default: [] + items: + - variable: authResponseHeadersEntry + label: "" + schema: + type: string + default: "" + - variable: authRequestHeaders + label: authRequestHeaders + schema: + type: list + default: [] + items: + - variable: authRequestHeadersEntry + label: "" + schema: + type: string + default: "" + + - variable: buffering + label: Buffering + schema: + type: list + default: [] + items: + - variable: bufferingEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: maxRequestBodyBytes + label: Max Request Body Bytes + description: Leave empty and it won't be set + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: memRequestBodyBytes + label: Mem Request Body Bytes + description: Leave empty and it won't be set + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: maxResponseBodyBytes + label: Max Response Body Bytes + description: Leave empty and it won't be set + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: memResponseBodyBytes + label: Mem Response Body Bytes + description: Leave empty and it won't be set + schema: + type: string + valid_chars: '^[0-9]*$' + default: "" + - variable: retryExpression + label: Retry Expression + description: Leave empty and it won't be set + schema: + type: string + default: "" + + - variable: customRequestHeaders + label: Custom Request Headers + schema: + type: list + default: [] + items: + - variable: customRequestHeadersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: headers + label: Headers to Add + schema: + type: list + default: [] + items: + - variable: headersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Header Name + description: Name of custom header to be added to requests, eg. X-Custom-Header + schema: + valid_chars: ^[a-zA-Z0-9_\-]*$ + type: string + required: true + default: "" + - variable: value + label: Header Value + description: The value of the header. If the value is empty, the header will be removed. + schema: + type: string + default: "" + + - variable: customResponseHeaders + label: Custom Response Headers + schema: + type: list + default: [] + items: + - variable: customResponseHeadersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: headers + label: Headers to Add + schema: + type: list + default: [] + items: + - variable: headersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Header Name + description: Name of custom header to be added to responses, eg. X-Custom-Header + schema: + valid_chars: ^[a-zA-Z0-9_\-]*$ + type: string + required: true + default: "" + - variable: value + label: Header Value + description: The value of the header. If the value is empty, the header will be removed. + schema: + type: string + default: "" + + - variable: rewriteResponseHeaders + label: Rewrite Response Headers + schema: + type: list + default: [] + items: + - variable: rewriteResponseHeadersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: headers + label: Headers To Rewrite + schema: + type: list + default: [] + items: + - variable: headersEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Header Name + description: Name of a header to modified in responses, eg. X-Custom-Header + schema: + valid_chars: ^[a-zA-Z0-9_\-]*$ + type: string + required: true + default: "" + - variable: regex + label: Regex + description: The value of the header to match. Accepts regex expression. + schema: + type: string + default: "" + - variable: replacement + label: Replacement Regex + description: The new value of the header. Accepts regex expression. + schema: + type: string + default: "" + + - variable: customFrameOptionsValue + label: Custom Frame Options Value + schema: + type: list + default: [] + items: + - variable: customFrameOptionsValueEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: X-Frame-Options Header Value + description: The value of the header. + schema: + type: string + required: true + default: "" + + - variable: chain + label: Chain + schema: + type: list + default: [] + items: + - variable: chainEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: middlewares + label: Middlewares to Chain + schema: + type: list + default: [] + items: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + + - variable: redirectScheme + label: redirectScheme + schema: + type: list + default: [] + items: + - variable: redirectSchemeEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: scheme + label: Scheme + schema: + type: string + required: true + default: https + enum: + - value: https + description: https + - value: http + description: http + - variable: permanent + label: Permanent + schema: + type: boolean + default: false + + - variable: rateLimit + label: rateLimit + schema: + type: list + default: [] + items: + - variable: rateLimitEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: average + label: Average + schema: + type: int + required: true + default: 300 + - variable: burst + label: Burst + schema: + type: int + required: true + default: 200 + + - variable: redirectRegex + label: redirectRegex + schema: + type: list + default: [] + items: + - variable: redirectRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: regex + label: Regex + schema: + type: string + required: true + default: "" + - variable: replacement + label: Replacement + schema: + type: string + required: true + default: "" + - variable: permanent + label: Permanent + schema: + type: boolean + default: false + + - variable: stripPrefixRegex + label: stripPrefixRegex + schema: + type: list + default: [] + items: + - variable: stripPrefixRegexEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: regex + label: Regex + schema: + type: list + default: [] + items: + - variable: regexEntry + label: Regex + schema: + type: string + required: true + default: "" + + - variable: ipWhiteList + label: ipWhiteList + schema: + type: list + default: [] + items: + - variable: ipWhiteListEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: sourceRange + label: Source Range + schema: + type: list + default: [] + items: + - variable: sourceRangeEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: ipStrategy + label: IP Strategy + schema: + additional_attrs: true + type: dict + attrs: + - variable: depth + label: Depth + schema: + type: int + required: true + - variable: excludedIPs + label: Excluded IPs + schema: + type: list + default: [] + items: + - variable: excludedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + + - variable: themePark + label: theme.park + schema: + type: list + default: [] + items: + - variable: themeParkEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to traefik-themepark + schema: + type: string + required: true + default: "" + - variable: appName + label: App Name + description: Lower case, name of the app to be themed. +
Go to https://docs.theme-park.dev/themes/ to see supported apps. + schema: + type: string + required: true + default: "" + - variable: themeName + label: Theme Name + description: Lower case, name of the theme to be applied. +
Go to https://docs.theme-park.dev/theme-options/ to see supported themes. + schema: + type: string + required: true + default: "" + - variable: baseUrl + label: Base URL + description: Replace `https://theme-park.dev` URL for self-hosting reference. + schema: + type: string + required: true + default: https://theme-park.dev + - variable: addons + label: Addons + schema: + type: list + default: [] + items: + - variable: addonEntry + label: Addon + description: Currently only supports 'darker' and '4k-logo' for *arr apps. +
Go to https://docs.theme-park.dev/themes/addons/ for Addon information. +
Go to https://github.com/packruler/traefik-themepark for more context on plugin + schema: + type: string + required: true + default: "" + + - variable: realIP + label: Real IP + schema: + type: list + default: [] + items: + - variable: realIPEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: excludedNetworks + label: Excluded Networks + schema: + type: list + default: [] + items: + - variable: excludedNetEntry + label: Excluded Network Entry + description: Network to exclude setting it to X-Real-Ip + schema: + type: string + required: true + default: "" + + - variable: geoBlock + label: GeoBlock + schema: + type: list + default: [] + items: + - variable: geoBlockEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to geoblock + schema: + type: string + required: true + default: "" + - variable: allowLocalRequests + label: Allow Local Requests + description: If set to true, will not block request from Private IP Ranges + schema: + type: boolean + default: true + - variable: logLocalRequests + label: Log Local Requests + description: If set to true, will log every connection from any IP in the private IP range + schema: + type: boolean + default: false + - variable: logAllowedRequests + label: Log Allowed Requests + description: If set to true, will show a log message with the IP and the country of origin if a request is allowed. + schema: + type: boolean + default: false + - variable: logApiRequests + label: Log API Requests + description: If set to true, will show a log message for every API hit. + schema: + type: boolean + default: false + - variable: api + label: API + description: Defines the API URL for the IP to Country resolution. The IP to fetch can be added with {ip} to the URL. + schema: + type: string + required: true + default: https://get.geojs.io/v1/ip/country/{ip} + - variable: apiTimeoutMs + label: API Timeout in ms + description: Timeout for the call to the api uri. + schema: + type: int + required: true + default: 500 + - variable: cacheSize + label: Cache Size + description: Defines the max size of the LRU (least recently used) cache. + schema: + type: int + required: true + default: 25 + - variable: forceMonthlyUpdate + label: Force Monthly Update + description: Even if an IP stays in the cache for a period of a month (about 30 x 24 hours), it must be fetch again after a month. + schema: + type: boolean + default: true + - variable: allowUnknownCountries + label: Allow Unknown Countries + description: Some IP addresses have no country associated with them. If this option is set to true, all IPs with no associated country are also allowed. + schema: + type: boolean + default: false + - variable: unknownCountryApiResponse + label: Unknown Countries API Response + description: The API uri can be customized. This options allows to customize the response string of the API when a IP with no associated country is requested. + schema: + type: string + required: true + default: nil + - variable: blackListMode + label: Blacklist Mode + description: When set to true the filter logic is inverted, i.e. requests originating from countries listed in the countries list are blocked. + schema: + type: boolean + default: false + - variable: countries + description: Country codes (2 characters) from which connections to the service should be allowed or blocked, based on the mode. + label: Countries + schema: + type: list + default: [] + items: + - variable: countryEntry + label: Country + description: Country codes (2 characters) from which connections to the service should be allowed or blocked, based on the mode. + schema: + type: string + required: true + # Allow only 2 Characters + valid_chars: '^[a-zA-Z]{2}$' + default: "" + + - variable: addPrefix + label: Add Prefix + schema: + type: list + default: [] + items: + - variable: addPrefixEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: prefix + label: Prefix + schema: + type: string + required: true + default: "" + + - variable: modsecurity + label: modsecurity + schema: + type: list + default: [] + items: + - variable: modsecurityEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: This is a 3rd party plugin and not maintained by TrueCharts, + for more information go to traefik-modsecurity-plugin + schema: + type: string + required: true + default: "" + - variable: modSecurityUrl + label: ModSecurity Url + description: It's the URL for the owasp/modsecurity container. + schema: + type: string + required: true + default: "https://someurl" + - variable: timeoutMillis + label: timeout Millis + description: timeout in milliseconds for the http client to talk with modsecurity container. ( + schema: + type: int + required: true + default: 2 + - variable: maxBodySize + label: maxBody Size + description: it's the maximum limit for requests body size. Requests exceeding this value will be rejected using HTTP 413 Request Entity Too Large. Zero means "use default value". + schema: + type: int + required: true + default: 0 + + - variable: service + group: "Networking and Services" + label: "Configure Service Entrypoint" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 9000 + required: true + - variable: tcp + label: "TCP Service" + description: "The tcp Entrypoint service" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: web + label: "web Entrypoint Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 80 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + default: "websecure" + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + + - variable: websecure + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Entrypoints Port" + schema: + type: int + default: 443 + required: true + - variable: advanced + label: Show Advanced Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + hidden: true + - variable: portsList + label: "Additional TCP Entrypoints" + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: "Custom Entrypoints" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable the port" + schema: + type: boolean + default: true + hidden: true + - variable: name + label: "Entrypoints Name" + schema: + type: string + default: "" + - variable: protocol + label: "Entrypoints Type" + schema: + type: string + default: "tcp" + enum: + - value: http + description: "HTTP" + - value: "https" + description: "HTTPS" + - value: tcp + description: "TCP" + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + required: true + - variable: tls + label: "websecure Entrypoints Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enabled" + schema: + type: boolean + default: true + - variable: redirectPort + label: "Redirect to Port" + schema: + type: int + - variable: redirectTo + label: "Redirect to Entrypoint" + schema: + type: string + - variable: forwardedHeaders + label: Accept Forwarded Headers + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Trust Forwarded Headers from specific IPs. + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Always Trust Forwarded Headers + schema: + type: boolean + default: false + + - variable: proxyProtocol + label: Accept Proxy Protocol connections + description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: trustedIPs + label: Trusted IPs + description: Only IPs in trustedIPs will lead to remote client address replacement + schema: + type: list + default: [] + items: + - variable: trustedIPsEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: insecureMode + label: Insecure Mode + description: Trust every incoming connection + schema: + type: boolean + default: false + + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name (Optional) + description: Defaults to chart name + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description (Optional) + description: Defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: icon + label: Icon (Optional) + description: Defaults to chart icon + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + - variable: widget + label: Widget Settings + schema: + type: dict + additional_attrs: true + show_if: [["enabled", "=", true]] + attrs: + - variable: enabled + label: Enable Widget + description: When disabled all widget annotations are skipped. + schema: + type: boolean + default: true + - variable: custom + label: Options + schema: + type: dict + additional_attrs: true + attrs: + - variable: key + label: API-key (key) + schema: + type: string + default: "" + - variable: customkv + label: Custom Options + schema: + type: list + default: [] + items: + - variable: option + label: Option + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + default: "" + required: true + - variable: value + label: Value + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: overrideService + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: namespace + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description + description: defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: 'gpu.intel.com/i915' + label: Add Intel i915 GPUs + schema: + type: int + default: 0 + - variable: 'nvidia.com/gpu' + label: Add NVIDIA GPUs (Experimental) + schema: + type: int + default: 0 + - variable: 'amd.com/gpu' + label: Add AMD GPUs + schema: + type: int + default: 0 + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + + - variable: metrics + group: Metrics + label: Prometheus Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: Main Metrics + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + + - variable: prometheusRule + label: PrometheusRule + description: Enable and configure Prometheus Rules for the App. + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable Prometheus Metrics + schema: + type: boolean + default: false + # TODO: Rule List section + +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: ingress + label: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true + + - variable: warning + group: Documentation + label: 'WARNING: If installed, be sure to move the TrueNAS GUI to another port (not 80 or 443).' + description: 'See:
https://truecharts.org/charts/enterprise/traefik/how-to for more info.' + schema: + additional_attrs: true + type: dict + attrs: + - variable: warningconfim + label: I am aware that I will brick my system, if I did not follow the instructions. + schema: + type: boolean + default: true + required: true diff --git a/premium/traefik/26.7.4/templates/NOTES.txt b/premium/traefik/26.7.4/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/premium/traefik/26.7.4/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/premium/traefik/26.7.4/templates/_args.tpl b/premium/traefik/26.7.4/templates/_args.tpl new file mode 100644 index 00000000000..fbd7e0ae8c2 --- /dev/null +++ b/premium/traefik/26.7.4/templates/_args.tpl @@ -0,0 +1,198 @@ +{{/* Define the args */}} +{{- define "traefik.args" -}} +args: + {{/* merge all ports */}} + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{/* start of actual arguments */}} + {{- with .Values.globalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- range $name, $config := $ports }} + {{- if $config }} + {{- if or ( eq $config.protocol "http" ) ( eq $config.protocol "https" ) ( eq $config.protocol "tcp" ) }} + {{- $_ := set $config "protocol" "tcp" }} + {{- end }} + - "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}" + {{- end }} + {{- end }} + - "--api.dashboard=true" + - "--ping=true" + {{- if .Values.traefikMetrics }} + {{- if .Values.traefikMetrics.datadog }} + - "--metrics.datadog=true" + - "--metrics.datadog.address={{ .Values.traefikMetrics.datadog.address }}" + {{- end }} + {{- if .Values.traefikMetrics.influxdb }} + - "--metrics.influxdb=true" + - "--metrics.influxdb.address={{ .Values.traefikMetrics.influxdb.address }}" + - "--metrics.influxdb.protocol={{ .Values.traefikMetrics.influxdb.protocol }}" + {{- end }} + {{- if .Values.traefikMetrics.statsd }} + - "--metrics.statsd=true" + - "--metrics.statsd.address={{ .Values.traefikMetrics.statsd.address }}" + {{- if or .Values.traefikMetrics.prometheus }} + - "--metrics.prometheus=true" + - "--metrics.prometheus.entrypoint=metrics" + {{- end }} + {{- end }} + {{- end }} + {{- if or .Values.metrics.main.enabled }} + - "--metrics.prometheus=true" + - "--metrics.prometheus.entrypoint=metrics" + {{- end }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress" + {{- if .Values.providers.kubernetesIngress.publishedService.enabled }} + - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.labelSelector }} + - "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}" + {{- end }} + {{- end }} + {{- if and .Values.rbac.enabled .Values.rbac.namespaced }} + {{- if .Values.providers.kubernetesCRD.enabled }} + - "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}" + {{- end }} + {{- if .Values.providers.kubernetesIngress.enabled }} + - "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}" + {{- end }} + {{- end }} + {{- if $.Values.ingressClass.enabled }} + - "--providers.kubernetesingress.ingressclass={{ .Release.Name }}" + {{- end }} + {{- range $entrypoint, $config := $ports }} + {{/* add args for proxyProtocol support */}} + {{- if $config.proxyProtocol }} + {{- if $config.proxyProtocol.enabled }} + {{- if $config.proxyProtocol.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure" + {{- end }} + {{- if not ( empty $config.proxyProtocol.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}" + {{- end }} + {{- end }} + {{- end }} + {{/* add args for forwardedHeaders support */}} + {{- if $config.forwardedHeaders.enabled }} + {{- if not ( empty $config.forwardedHeaders.trustedIPs ) }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}" + {{- end }} + {{- if $config.forwardedHeaders.insecureMode }} + - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure" + {{- end }} + {{- end }} + {{/* end forwardedHeaders configuration */}} + {{- if $config.redirectTo }} + {{- $toPort := index $ports $config.redirectTo }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- else if $config.redirectPort }} + {{ if gt $config.redirectPort 0.0 }} + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}" + - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https" + {{- end }} + {{- end }} + {{- if or ( $config.tls ) ( eq $config.protocol "https" ) }} + {{- if or ( $config.tls.enabled ) ( eq $config.protocol "https" ) }} + - "--entrypoints.{{ $entrypoint }}.http.tls=true" + {{- if $config.tls.options }} + - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}" + {{- end }} + {{- if $config.tls.certResolver }} + - "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}" + {{- end }} + {{- if $config.tls.domains }} + {{- range $index, $domain := $config.tls.domains }} + {{- if $domain.main }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}" + {{- end }} + {{- if $domain.sans }} + - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}" + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- with .Values.logs }} + - "--log.format={{ .general.format }}" + {{- if ne .general.level "ERROR" }} + - "--log.level={{ .general.level | upper }}" + {{- end }} + {{- if .access.enabled }} + - "--accesslog=true" + - "--accesslog.format={{ .access.format }}" + {{- if .access.bufferingsize }} + - "--accesslog.bufferingsize={{ .access.bufferingsize }}" + {{- end }} + {{- if .access.filters }} + {{- if .access.filters.statuscodes }} + - "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}" + {{- end }} + {{- if .access.filters.retryattempts }} + - "--accesslog.filters.retryattempts" + {{- end }} + {{- if .access.filters.minduration }} + - "--accesslog.filters.minduration={{ .access.filters.minduration }}" + {{- end }} + {{- end }} + - "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.general.names }} + - "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + - "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}" + {{- range $fieldname, $fieldaction := .access.fields.headers.names }} + - "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}" + {{- end }} + {{- end }} + {{- end }} + {{/* + For new plugins, add them on the container also + https://github.com/truecharts/containers/blob/master/mirror/traefik/Dockerfile + moduleName must match on the container and here + */}} + {{- if .Values.middlewares.themePark }} + {{/* theme.park */}} + - "--experimental.localPlugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark" + {{- end }} + {{/* End of theme.park */}} + {{/* GeoBlock */}} + {{- if .Values.middlewares.geoBlock }} + - "--experimental.localPlugins.GeoBlock.modulename=github.com/PascalMinder/geoblock" + {{- end }} + {{/* End of GeoBlock */}} + {{/* RealIP */}} + {{- if .Values.middlewares.realIP }} + - "--experimental.localPlugins.traefik-real-ip.modulename=github.com/jramsgz/traefik-real-ip" + {{- end }} + {{/* End of RealIP */}} + {{/* ModSecurity */}} + {{- if .Values.middlewares.modsecurity }} + - "--experimental.localPlugins.traefik-modsecurity-plugin.modulename=github.com/acouvreur/traefik-modsecurity-plugin" + {{- end }} + {{/* CrowdsecBouncer */}} + {{- if .Values.middlewares.bouncer }} + - "--experimental.localPlugins.bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin" + {{- end }} + {{/* End of ModSecurity */}} + {{/* RewriteResponseHeaders */}} + {{- if .Values.middlewares.rewriteResponseHeaders }} + - "--experimental.localPlugins.rewriteResponseHeaders.modulename=github.com/XciD/traefik-plugin-rewrite-headers" + {{- end }} + {{/* End of RewriteResponseHeaders */}} + {{- with .Values.additionalArguments }} + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/_helpers.tpl b/premium/traefik/26.7.4/templates/_helpers.tpl new file mode 100644 index 00000000000..1345dcea39a --- /dev/null +++ b/premium/traefik/26.7.4/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* +Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice. +By convention this will simply use the / to match the name of the +service generated. +Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride` +*/}} +{{- define "providers.kubernetesIngress.publishedServicePath" -}} +{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}} +{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}} +{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }} +{{- print $servicePath | trimSuffix "-" -}} +{{- end -}} + +{{/* +Construct a comma-separated list of whitelisted namespaces +*/}} +{{- define "providers.kubernetesIngress.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }} +{{- end -}} +{{- define "providers.kubernetesCRD.namespaces" -}} +{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/_ingressclass.tpl b/premium/traefik/26.7.4/templates/_ingressclass.tpl new file mode 100644 index 00000000000..4213783865c --- /dev/null +++ b/premium/traefik/26.7.4/templates/_ingressclass.tpl @@ -0,0 +1,24 @@ +{{/* Define the ingressClass */}} +{{- define "traefik.ingressClass" -}} +--- +{{ if $.Values.ingressClass.enabled }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }} +apiVersion: networking.k8s.io/v1 + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }} +apiVersion: networking.k8s.io/v1beta1 + {{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }} +apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }} + {{- else }} + {{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }} + {{- end }} +kind: IngressClass +metadata: + annotations: + ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }} + labels: + {{- include "tc.v1.common.lib.metadata.allLabels" . | nindent 4 }} + name: {{ .Release.Name }} +spec: + controller: traefik.io/ingress-controller +{{- end }} +{{- end }} diff --git a/premium/traefik/26.7.4/templates/_ingressroute.tpl b/premium/traefik/26.7.4/templates/_ingressroute.tpl new file mode 100644 index 00000000000..8e1d0f4e3f9 --- /dev/null +++ b/premium/traefik/26.7.4/templates/_ingressroute.tpl @@ -0,0 +1,34 @@ +{{/* Define the ingressRoute */}} +{{- define "traefik.ingressRoute" -}} +{{ if .Values.ingressRoute.dashboard.enabled }} + +{{- $ingressRouteLabels := .Values.ingressRoute.dashboard.labels }} +{{- $ingressRouteAnnotations := .Values.ingressRoute.dashboard.annotations }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}-dashboard + {{- $labels := (mustMerge ($ingressRouteLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }} + labels: + {{- . | nindent 4 }} + {{- end }} + {{- $annotations := (mustMerge ($ingressRouteAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}} + {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }} + annotations: + {{- . | nindent 4 }} + {{- end }} + +spec: + entryPoints: + - main + routes: + - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`) + kind: Rule + services: + - name: api@internal + kind: TraefikService +{{ end }} +{{- end }} diff --git a/premium/traefik/26.7.4/templates/_portalhook.tpl b/premium/traefik/26.7.4/templates/_portalhook.tpl new file mode 100644 index 00000000000..ec69a695ca6 --- /dev/null +++ b/premium/traefik/26.7.4/templates/_portalhook.tpl @@ -0,0 +1,24 @@ +{{/* Define the portalHook */}} +{{- define "traefik.portalhook" -}} +{{- if .Values.portalhook.enabled -}} + {{- $name := "portalhook" -}} + {{- if $.Values.ingressClass.enabled -}} + {{- $name = printf "portalhook-%v" .Release.Name -}} + {{- end }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $name }} +data: + {{- $ports := dict }} + {{- range $.Values.service }} + {{- range $name, $value := .ports }} + {{- $_ := set $ports $name $value }} + {{- end }} + {{- end }} + {{- range $name, $value := $ports }} + {{ $name }}: {{ $value.port | quote }} + {{- end }} +{{- end }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/_tlsoptions.tpl b/premium/traefik/26.7.4/templates/_tlsoptions.tpl new file mode 100644 index 00000000000..163b5364421 --- /dev/null +++ b/premium/traefik/26.7.4/templates/_tlsoptions.tpl @@ -0,0 +1,13 @@ +{{/* Define the tlsOptions */}} +{{- define "traefik.tlsOptions" -}} +{{- range $name, $config := .Values.tlsOptions }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: TLSOption +metadata: + name: {{ $name }} +spec: + {{- toYaml $config | nindent 2 }} +{{- end }} +{{- end }} diff --git a/premium/traefik/26.7.4/templates/_tlsstore.tpl b/premium/traefik/26.7.4/templates/_tlsstore.tpl new file mode 100644 index 00000000000..bfd28a1fb70 --- /dev/null +++ b/premium/traefik/26.7.4/templates/_tlsstore.tpl @@ -0,0 +1,26 @@ +{{/* Define the tlsOptions */}} +{{- define "traefik.tlsstore" -}} +{{- if .Values.defaultCertificate }} +--- +apiVersion: traefik.io/v1alpha1 +kind: TLSStore +metadata: + name: default +spec: + certificates: + - secretName: certificate-issuer-{{ tpl .Values.defaultCertificate $ }} + defaultCertificate: + secretName: certificate-issuer-{{ tpl .Values.defaultCertificate $ }} +{{- end }} + +{{- range $name, $config := .Values.tlsStore }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: TLSStore +metadata: + name: {{ $name }} +spec: + {{- toYaml $config | nindent 2 }} +{{- end }} +{{- end }} diff --git a/premium/traefik/26.7.4/templates/common.yaml b/premium/traefik/26.7.4/templates/common.yaml new file mode 100644 index 00000000000..d00c5ec4cc2 --- /dev/null +++ b/premium/traefik/26.7.4/templates/common.yaml @@ -0,0 +1,24 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{- $newArgs := (include "traefik.args" . | fromYaml) }} +{{- $_ := set .Values "newArgs" $newArgs -}} +{{- $mergedargs := concat $.Values.workload.main.podSpec.containers.main.args .Values.newArgs.args }} +{{- $_ := set $.Values.workload.main.podSpec.containers.main "args" $mergedargs -}} + +{{- include "traefik.portalhook" . }} +{{- include "traefik.tlsstore" . }} +{{- include "traefik.tlsOptions" . }} +{{- include "traefik.ingressRoute" . }} +{{- include "traefik.ingressClass" . }} + +{{- with .Values.ingress -}} + {{- with .main -}} + {{- if .enabled -}} + {{- $_ := set $.Values.portal.open.override "protocol" "https" -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/premium/traefik/26.7.4/templates/middlewares/addPrefix.yaml b/premium/traefik/26.7.4/templates/middlewares/addPrefix.yaml new file mode 100644 index 00000000000..47138233643 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/addPrefix.yaml @@ -0,0 +1,12 @@ +{{- range $index, $middlewareData := .Values.middlewares.addPrefix }} + +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + addPrefix: + prefix: {{ $middlewareData.prefix }} +{{- end }} diff --git a/premium/traefik/26.7.4/templates/middlewares/basic-middleware.yaml b/premium/traefik/26.7.4/templates/middlewares/basic-middleware.yaml new file mode 100644 index 00000000000..ef4671254ef --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/basic-middleware.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + compress: {} +--- +# Here, an average of 300 requests per second is allowed. +# In addition, a burst of 200 requests is allowed. +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + rateLimit: + average: 600 + burst: 400 +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + referrerPolicy: same-origin + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + server: '' +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-chain-basic" $.Release.Name) "chain-basic" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }} diff --git a/premium/traefik/26.7.4/templates/middlewares/basicauth.yaml b/premium/traefik/26.7.4/templates/middlewares/basicauth.yaml new file mode 100644 index 00000000000..1bbdc462b34 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/basicauth.yaml @@ -0,0 +1,30 @@ +{{- range $index, $middlewareData := .Values.middlewares.basicAuth -}} + + {{- $users := list -}} + {{- range $index, $userdata := $middlewareData.users -}} + {{- $users = append $users (htpasswd $userdata.username $userdata.password) -}} + {{- end }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%v-%v" $middlewareData.name "secret" }} + namespace: {{ $.Release.Namespace }} +type: Opaque +stringData: + users: | + {{- range $index, $user := $users }} + {{ printf "%s" $user }} + {{- end }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + basicAuth: + secret: {{ printf "%v-%v" $middlewareData.name "secret" }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/bouncer.yaml b/premium/traefik/26.7.4/templates/middlewares/bouncer.yaml new file mode 100644 index 00000000000..2e3015297b9 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/bouncer.yaml @@ -0,0 +1,112 @@ +{{- range $index, $middlewareData := .Values.middlewares.bouncer }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + plugin: + bouncer: + {{- with $middlewareData.enabled }} + enabled: {{ . }} + {{- end }} + {{- with $middlewareData.logLevel }} + logLevel: {{ . }} + {{- end }} + {{- with $middlewareData.updateIntervalSeconds }} + updateIntervalSeconds: {{ . }} + {{- end }} + {{- with $middlewareData.defaultDecisionSeconds }} + defaultDecisionSeconds: {{ . }} + {{- end }} + {{- with $middlewareData.httpTimeoutSeconds }} + httpTimeoutSeconds: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecMode }} + crowdsecMode: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecAppsecEnabled }} + crowdsecAppsecEnabled: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecAppsecHost }} + crowdsecAppsecHost: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecAppsecFailureBlock }} + crowdsecAppsecFailureBlock: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecLapiKey }} + crowdsecLapiKey: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecLapiKeyFile }} + crowdsecLapiKeyFile: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecLapiHost }} + crowdsecLapiHost: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecLapiScheme }} + crowdsecLapiScheme: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecLapiTLSInsecureVerify }} + crowdsecLapiTLSInsecureVerify: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecCapiMachineId }} + crowdsecCapiMachineId: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecCapiPassword }} + crowdsecCapiPassword: {{ . }} + {{- end }} + {{- if $middlewareData.crowdsecCapiScenarios }} + crowdsecCapiScenarios: + {{- range $middlewareData.crowdsecCapiScenarios }} + - {{ . }} + {{- end }} + {{- end }} + {{- if $middlewareData.forwardedHeadersTrustedIPs }} + forwardedHeadersTrustedIPs: + {{- range $middlewareData.forwardedHeadersTrustedIPs }} + - {{ . }} + {{- end }} + {{- end }} + {{- if $middlewareData.clientTrustedIPs }} + clientTrustedIPs: + {{- range $middlewareData.clientTrustedIPs }} + - {{ . }} + {{- end }} + {{- end }} + {{- with $middlewareData.forwardedHeadersCustomName }} + forwardedHeadersCustomName: {{ . }} + {{- end }} + {{- with $middlewareData.redisCacheEnabled }} + redisCacheEnabled: {{ . }} + {{- end }} + {{- with $middlewareData.redisCacheHost }} + redisCacheHost: {{ . }} + {{- end }} + {{- with $middlewareData.redisCachePassword }} + redisCachePassword: {{ . }} + {{- end }} + {{- with $middlewareData.redisCacheDatabase }} + redisCacheDatabase: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecLapiTLSCertificateAuthority }} + crowdsecLapiTLSCertificateAuthority: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecLapiTLSCertificateAuthorityFile }} + crowdsecLapiTLSCertificateAuthorityFile: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecLapiTLSCertificateBouncer }} + crowdsecLapiTLSCertificateBouncer: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecLapiTLSCertificateBouncerFile }} + crowdsecLapiTLSCertificateBouncerFile: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecLapiTLSCertificateBouncerKey }} + crowdsecLapiTLSCertificateBouncerKey: {{ . }} + {{- end }} + {{- with $middlewareData.crowdsecLapiTLSCertificateBouncerKeyFile }} + crowdsecLapiTLSCertificateBouncerKeyFile: {{ . }} + {{- end }} + + +{{- end }} diff --git a/premium/traefik/26.7.4/templates/middlewares/buffering.yaml b/premium/traefik/26.7.4/templates/middlewares/buffering.yaml new file mode 100644 index 00000000000..eade09784e4 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/buffering.yaml @@ -0,0 +1,26 @@ +{{- range $index, $middlewareData := .Values.middlewares.buffering }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + buffering: {{/* Only render if its not and has a value of 0 or greater */}} + {{- if and (not (kindIs "invalid" $middlewareData.maxRequestBodyBytes)) (ge ($middlewareData.maxRequestBodyBytes | int) 0) }} + maxRequestBodyBytes: {{ $middlewareData.maxRequestBodyBytes }} + {{- end -}} + {{- if and (not (kindIs "invalid" $middlewareData.memRequestBodyBytes)) (ge ($middlewareData.memRequestBodyBytes | int) 0) }} + memRequestBodyBytes: {{ $middlewareData.memRequestBodyBytes }} + {{- end -}} + {{- if and (not (kindIs "invalid" $middlewareData.maxResponseBodyBytes)) (ge ($middlewareData.maxResponseBodyBytes | int) 0) }} + maxResponseBodyBytes: {{ $middlewareData.maxResponseBodyBytes }} + {{- end -}} + {{- if and (not (kindIs "invalid" $middlewareData.memResponseBodyBytes)) (ge ($middlewareData.memResponseBodyBytes | int) 0) }} + memResponseBodyBytes: {{ $middlewareData.memResponseBodyBytes }} + {{- end -}} + {{- if $middlewareData.retryExpression }} + retryExpression: {{ $middlewareData.retryExpression | quote }} + {{- end -}} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/chain.yaml b/premium/traefik/26.7.4/templates/middlewares/chain.yaml new file mode 100644 index 00000000000..17d8853fb05 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/chain.yaml @@ -0,0 +1,21 @@ +{{- $values := .Values -}} +{{- $namespace := $.Release.Namespace -}} +{{- if $.Values.ingressClass.enabled -}} + {{- $namespace := (printf "%v-%v" $namespace .Release.Name) -}} +{{- end -}} + +{{- range $index, $middlewareData := .Values.middlewares.chain }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + chain: + middlewares: + {{- range $index, $middleware := .middlewares }} + - name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }} + {{- end }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/customFrameOptionsValue.yaml b/premium/traefik/26.7.4/templates/middlewares/customFrameOptionsValue.yaml new file mode 100644 index 00000000000..9b9f2b6606c --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/customFrameOptionsValue.yaml @@ -0,0 +1,12 @@ +{{- range $index, $middlewareData := .Values.middlewares.customFrameOptionsValue }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + headers: + customFrameOptionsValue: {{ $middlewareData.value }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/customRequestHeaders.yaml b/premium/traefik/26.7.4/templates/middlewares/customRequestHeaders.yaml new file mode 100644 index 00000000000..3c43a131a1d --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/customRequestHeaders.yaml @@ -0,0 +1,15 @@ +{{- range $index, $middlewareData := .Values.middlewares.customRequestHeaders }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + headers: + customRequestHeaders: + {{- range $index, $customRequestHeader := $middlewareData.headers }} + {{ $customRequestHeader.name }}: {{ $customRequestHeader.value | quote }} + {{- end }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/customResponseHeaders.yaml b/premium/traefik/26.7.4/templates/middlewares/customResponseHeaders.yaml new file mode 100644 index 00000000000..a75db8a3382 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/customResponseHeaders.yaml @@ -0,0 +1,15 @@ +{{- range $index, $middlewareData := .Values.middlewares.customResponseHeaders }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + headers: + customResponseHeaders: + {{- range $index, $customResponseHeader := $middlewareData.headers }} + {{ $customResponseHeader.name }}: {{ $customResponseHeader.value | quote }} + {{- end }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/forwardauth.yaml b/premium/traefik/26.7.4/templates/middlewares/forwardauth.yaml new file mode 100644 index 00000000000..787fa796823 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/forwardauth.yaml @@ -0,0 +1,29 @@ +{{- range $index, $middlewareData := .Values.middlewares.forwardAuth }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + forwardAuth: + address: {{ $middlewareData.address }} + {{- with $middlewareData.authResponseHeaders }} + authResponseHeaders: + {{- toYaml . | nindent 4 }} + {{- end -}} + {{- with $middlewareData.authRequestHeaders }} + authRequestHeaders: + {{- toYaml . | nindent 4 }} + {{- end -}} + {{- if $middlewareData.authResponseHeadersRegex }} + authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }} + {{- end -}} + {{- if $middlewareData.trustForwardHeader }} + trustForwardHeader: true + {{- end -}} + {{- with $middlewareData.tls }} + tls: + insecureSkipVerify: {{ .insecureSkipVerify | default false }} + {{- end -}} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/geoblock.yaml b/premium/traefik/26.7.4/templates/middlewares/geoblock.yaml new file mode 100644 index 00000000000..2a647778e56 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/geoblock.yaml @@ -0,0 +1,29 @@ +{{- range $index, $middlewareData := .Values.middlewares.geoBlock }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + plugin: + GeoBlock: + allowLocalRequests: {{ $middlewareData.allowLocalRequests }} + logLocalRequests: {{ $middlewareData.logLocalRequests }} + logAllowedRequests: {{ $middlewareData.logAllowedRequests }} + logApiRequests: {{ $middlewareData.logApiRequests }} + api: {{ $middlewareData.api }} + apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }} + cacheSize: {{ $middlewareData.cacheSize }} + forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }} + allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }} + unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }} + blackListMode: {{ $middlewareData.blackListMode }} + {{- if not $middlewareData.countries -}} + {{- fail "You have to define at least one country..." -}} + {{- end }} + countries: + {{- range $middlewareData.countries }} + - {{ . }} + {{- end }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/ipwhitelist.yaml b/premium/traefik/26.7.4/templates/middlewares/ipwhitelist.yaml new file mode 100644 index 00000000000..fc876aca5fe --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/ipwhitelist.yaml @@ -0,0 +1,27 @@ +{{- range $index, $middlewareData := .Values.middlewares.ipWhiteList }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + ipWhiteList: + sourceRange: + {{- range $middlewareData.sourceRange }} + - {{ . }} + {{- end }} + {{- if $middlewareData.ipStrategy }} + ipStrategy: + {{- if $middlewareData.ipStrategy.depth }} + depth: {{ $middlewareData.ipStrategy.depth }} + {{- end -}} + {{- if $middlewareData.ipStrategy.excludedIPs }} + excludedIPs: + {{- range $middlewareData.ipStrategy.excludedIPs }} + - {{ . }} + {{- end }} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/modsecurity.yaml b/premium/traefik/26.7.4/templates/middlewares/modsecurity.yaml new file mode 100644 index 00000000000..07a8d5d358f --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/modsecurity.yaml @@ -0,0 +1,14 @@ +{{- range $index, $middlewareData := .Values.middlewares.modsecurity }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + plugin: + traefik-modsecurity-plugin: + modSecurityUrl: {{ $middlewareData.modSecurityUrl }} + timeoutMillis: {{ $middlewareData.timeoutMillis }} + maxBodySize: {{ $middlewareData.maxBodySize }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/ratelimit.yaml b/premium/traefik/26.7.4/templates/middlewares/ratelimit.yaml new file mode 100644 index 00000000000..cd9117633f6 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/ratelimit.yaml @@ -0,0 +1,13 @@ +{{- range $index, $middlewareData := .Values.middlewares.rateLimit }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + rateLimit: + average: {{ $middlewareData.average }} + burst: {{ $middlewareData.burst }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/real-ip.yaml b/premium/traefik/26.7.4/templates/middlewares/real-ip.yaml new file mode 100644 index 00000000000..2877d9ce7f7 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/real-ip.yaml @@ -0,0 +1,15 @@ +{{- range $index, $middlewareData := .Values.middlewares.realIP }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + plugin: + traefik-real-ip: + excludednets: + {{- range $middlewareData.excludedNetworks }} + - {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/redirectScheme.yaml b/premium/traefik/26.7.4/templates/middlewares/redirectScheme.yaml new file mode 100644 index 00000000000..09f3093998a --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/redirectScheme.yaml @@ -0,0 +1,13 @@ +{{- range $index, $middlewareData := .Values.middlewares.redirectScheme }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + redirectScheme: + scheme: {{ $middlewareData.scheme }} + permanent: {{ $middlewareData.permanent }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/redirectregex.yaml b/premium/traefik/26.7.4/templates/middlewares/redirectregex.yaml new file mode 100644 index 00000000000..30f44f9081b --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/redirectregex.yaml @@ -0,0 +1,14 @@ +{{- range $index, $middlewareData := .Values.middlewares.redirectRegex }} +--- +# Declaring the user list +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + redirectRegex: + regex: {{ $middlewareData.regex | quote }} + replacement: {{ $middlewareData.replacement | quote }} + permanent: {{ $middlewareData.permanent }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/rewriteResponseHeaders.yaml b/premium/traefik/26.7.4/templates/middlewares/rewriteResponseHeaders.yaml new file mode 100644 index 00000000000..d7bfdcdbe07 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/rewriteResponseHeaders.yaml @@ -0,0 +1,17 @@ +{{- range $index, $middlewareData := .Values.middlewares.rewriteResponseHeaders }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + plugin: + rewriteResponseHeaders: + rewrites: + {{- range $index, $rewriteResponseHeader := $middlewareData.headers }} + - header: {{ $rewriteResponseHeader.name }} + regex: {{ $rewriteResponseHeader.regex | quote }} + replacement: {{ $rewriteResponseHeader.replacement | quote }} + {{- end }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/stripPrefixRegex.yaml b/premium/traefik/26.7.4/templates/middlewares/stripPrefixRegex.yaml new file mode 100644 index 00000000000..6fd4c8c9970 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/stripPrefixRegex.yaml @@ -0,0 +1,14 @@ +{{- range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + stripPrefixRegex: + regex: + {{- range $middlewareData.regex }} + - {{ . | quote }} + {{- end }} +{{- end -}} diff --git a/premium/traefik/26.7.4/templates/middlewares/tc-chains.yaml b/premium/traefik/26.7.4/templates/middlewares/tc-chains.yaml new file mode 100644 index 00000000000..5566d77c146 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/tc-chains.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-chain") "tc-opencors-chain" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-chain") "tc-closedcors-chain" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }} + - name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }} diff --git a/premium/traefik/26.7.4/templates/middlewares/tc-headers.yaml b/premium/traefik/26.7.4/templates/middlewares/tc-headers.yaml new file mode 100644 index 00000000000..1b1a1e2f05d --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/tc-headers.yaml @@ -0,0 +1,59 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + headers: + accessControlAllowHeaders: + - '*' + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + - POST + accessControlAllowOriginList: + - '*' + accessControlMaxAge: 100 + browserXssFilter: true + contentTypeNosniff: true + frameDeny: true + customRequestHeaders: + X-Forwarded-Proto: https + customResponseHeaders: + server: "" + forceSTSHeader: true + referrerPolicy: same-origin + sslForceHost: true + sslRedirect: true + stsSeconds: 63072000 +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - HEAD + - PUT + accessControlMaxAge: 100 + sslRedirect: true + stsSeconds: 63072000 + # stsIncludeSubdomains: false + # stsPreload: false + forceSTSHeader: true + contentTypeNosniff: true + browserXssFilter: true + sslForceHost: true + referrerPolicy: same-origin + contentSecurityPolicy: frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests​ + customRequestHeaders: + X-Forwarded-Proto: "https" + customResponseHeaders: + server: '' diff --git a/premium/traefik/26.7.4/templates/middlewares/tc-nextcloud.yaml b/premium/traefik/26.7.4/templates/middlewares/tc-nextcloud.yaml new file mode 100644 index 00000000000..fcb09becb98 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/tc-nextcloud.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + redirectRegex: + regex: "https://(.*)/.well-known/(card|cal)dav" + replacement: "https://${1}/remote.php/dav/" +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-chain") "tc-nextcloud-chain" $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + chain: + middlewares: + - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }} diff --git a/premium/traefik/26.7.4/templates/middlewares/theme-park.yaml b/premium/traefik/26.7.4/templates/middlewares/theme-park.yaml new file mode 100644 index 00000000000..16abf2e2f34 --- /dev/null +++ b/premium/traefik/26.7.4/templates/middlewares/theme-park.yaml @@ -0,0 +1,20 @@ +{{- range $index, $middlewareData := .Values.middlewares.themePark }} +--- +apiVersion: traefik.io/v1alpha1 +kind: Middleware +metadata: + name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }} + namespace: {{ $.Release.Namespace }} +spec: + plugin: + traefik-themepark: + app: {{ $middlewareData.appName }} + theme: {{ $middlewareData.themeName }} + baseUrl: {{ $middlewareData.baseUrl }} + {{- if $middlewareData.addons }} + addons: + {{- range $middlewareData.addons }} + - {{ . | quote }} + {{- end }} + {{- end -}} +{{- end -}} diff --git a/premium/traefik/26.7.4/values.yaml b/premium/traefik/26.7.4/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/premium/traefik/item.yaml b/premium/traefik/item.yaml new file mode 100644 index 00000000000..5d3714bcc16 --- /dev/null +++ b/premium/traefik/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png +categories: + - network +screenshots: [] diff --git a/premium/vaultwarden/26.5.3/.helmignore b/premium/vaultwarden/26.5.3/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/premium/vaultwarden/26.5.3/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/premium/vaultwarden/26.5.3/CHANGELOG.md b/premium/vaultwarden/26.5.3/CHANGELOG.md new file mode 100644 index 00000000000..65d5888c821 --- /dev/null +++ b/premium/vaultwarden/26.5.3/CHANGELOG.md @@ -0,0 +1,17 @@ +--- +title: Changelog +--- + + +*for the complete changelog, please refer to the website* + +**Important:** + + +## [vaultwarden-26.5.3](https://github.com/truecharts/charts/compare/vaultwarden-26.5.2...vaultwarden-26.5.3) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/vaultwarden/26.5.3/Chart.yaml b/premium/vaultwarden/26.5.3/Chart.yaml new file mode 100644 index 00000000000..2d96044bcc5 --- /dev/null +++ b/premium/vaultwarden/26.5.3/Chart.yaml @@ -0,0 +1,41 @@ +annotations: + max_scale_version: 24.04.0 + min_scale_version: 23.10.0 + truecharts.org/SCALE-support: "true" + truecharts.org/category: security + truecharts.org/max_helm_version: "3.14" + truecharts.org/min_helm_version: "3.12" + truecharts.org/train: premium +apiVersion: v2 +appVersion: 1.30.5 +dependencies: + - name: common + version: 20.0.9 + repository: oci://tccr.io/truecharts + condition: "" + alias: "" + tags: [] + import-values: [] +deprecated: false +description: Unofficial Bitwarden compatible server written in Rust +home: https://truecharts.org/charts/premium/vaultwarden +icon: https://truecharts.org/img/hotlink-ok/chart-icons/vaultwarden.png +keywords: + - bitwarden + - bitwardenrs + - bitwarden_rs + - vaultwarden + - password + - rust +kubeVersion: '>=1.24.0-0' +maintainers: + - name: TrueCharts + email: info@truecharts.org + url: https://truecharts.org +name: vaultwarden +sources: + - https://github.com/dani-garcia/vaultwarden + - https://github.com/truecharts/charts/tree/master/charts/premium/vaultwarden + - https://hub.docker.com/r/vaultwarden/server +type: application +version: 26.5.3 diff --git a/premium/vaultwarden/26.5.3/README.md b/premium/vaultwarden/26.5.3/README.md new file mode 100644 index 00000000000..440d727b779 --- /dev/null +++ b/premium/vaultwarden/26.5.3/README.md @@ -0,0 +1,28 @@ +--- +title: README +--- + +## General Info + +TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE. +However only installations using the TrueNAS SCALE Apps system are supported. + +For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/vaultwarden) + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)** + +## Support + +- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro). +- See the [Website](https://truecharts.org) +- Check our [Discord](https://discord.gg/tVsPTHWTtr) +- Open a [issue](https://github.com/truecharts/charts/issues/new/choose) + +--- + +## Sponsor TrueCharts + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! + +_All Rights Reserved - The TrueCharts Project_ diff --git a/premium/vaultwarden/26.5.3/app-changelog.md b/premium/vaultwarden/26.5.3/app-changelog.md new file mode 100644 index 00000000000..19d9f604458 --- /dev/null +++ b/premium/vaultwarden/26.5.3/app-changelog.md @@ -0,0 +1,9 @@ + + +## [vaultwarden-26.5.3](https://github.com/truecharts/charts/compare/vaultwarden-26.5.2...vaultwarden-26.5.3) (2024-03-16) + +### Chore + + + +- rename `enterprise`- train to `premium`-train \ No newline at end of file diff --git a/premium/vaultwarden/26.5.3/app-readme.md b/premium/vaultwarden/26.5.3/app-readme.md new file mode 100644 index 00000000000..436c777e024 --- /dev/null +++ b/premium/vaultwarden/26.5.3/app-readme.md @@ -0,0 +1,8 @@ +Unofficial Bitwarden compatible server written in Rust + +This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/vaultwarden](https://truecharts.org/charts/premium/vaultwarden) + +--- + +TrueCharts can only exist due to the incredible effort of our staff. +Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can! diff --git a/premium/vaultwarden/26.5.3/charts/common-20.0.9.tgz b/premium/vaultwarden/26.5.3/charts/common-20.0.9.tgz new file mode 100644 index 00000000000..41a62ef2dc2 Binary files /dev/null and b/premium/vaultwarden/26.5.3/charts/common-20.0.9.tgz differ diff --git a/premium/vaultwarden/26.5.3/ix_values.yaml b/premium/vaultwarden/26.5.3/ix_values.yaml new file mode 100644 index 00000000000..aecc21666d4 --- /dev/null +++ b/premium/vaultwarden/26.5.3/ix_values.yaml @@ -0,0 +1,152 @@ +image: + repository: docker.io/vaultwarden/server + pullPolicy: IfNotPresent + tag: 1.30.5@sha256:edb8e2bab9cbca22e555638294db9b3657ffbb6e5d149a29d7ccdb243e3c71e0 +manifestManager: + enabled: true +service: + main: + ports: + main: + port: 10102 + targetPort: 8080 +workload: + main: + podSpec: + containers: + main: + env: + DOMAIN: "https://{{ if .Values.ingress }}{{ if .Values.ingress.main.enabled }}{{ ( index .Values.ingress.main.hosts 0 ).host }}{{ else }}placeholder.com{{ end }}{{ else }}placeholder.com{{ end }}" + DATABASE_URL: + secretKeyRef: + name: cnpg-main-urls + key: std + envFrom: + - configMapRef: + name: vaultwardenconfig + - secretRef: + name: vaultwardensecret +database: + # -- Database type, + # must be one of: 'sqlite', 'mysql' or 'postgresql'. + type: postgresql + # -- Enable DB Write-Ahead-Log for SQLite, + # disabled for other databases. https://github.com/dani-garcia/bitwarden_rs/wiki/Running-without-WAL-enabled + wal: true + ## URL for external databases (mysql://user:pass@host:port or postgresql://user:pass@host:port). + # url: "" + ## Set the size of the database connection pool. + # maxConnections: 10 + ## Connection retries during startup, 0 for infinite. 1 second between retries. + # retries: 15 +# Set Bitwarden_rs application variables +vaultwarden: + # -- Allow any user to sign-up + # see: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-registration-of-new-users + allowSignups: true + ## Whitelist domains allowed to sign-up. 'allowSignups' is ignored if set. + # signupDomains: + # - domain.tld + # -- Verify e-mail before login is enabled. + # SMTP must be enabled. + verifySignup: false + # When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled. + requireEmail: false + ## Maximum attempts before an email token is reset and a new email will need to be sent. + # emailAttempts: 3 + ## Email token validity in seconds. + # emailTokenExpiration: 600 + # Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-invitations + allowInvitation: true + # Show password hints: https://github.com/dani-garcia/bitwarden_rs/wiki/Password-hint-display + ## Default organization name in invitation e-mails that are not coming from a specific organization. + # defaultInviteName: "" + showPasswordHint: true + # Enable Web Vault (static content). https://github.com/dani-garcia/bitwarden_rs/wiki/Disabling-or-overriding-the-Vault-interface-hosting + enableWebVault: true + # Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users. + orgCreationUsers: all + ## Limit attachment disk usage per organization. + # attachmentLimitOrg: + ## Limit attachment disk usage per user. + # attachmentLimitUser: + ## HaveIBeenPwned API Key. Can be purchased at https://haveibeenpwned.com/API/Key. + # hibpApiKey: + + admin: + # Enable admin portal. + enabled: false + # Disabling the admin token will make the admin portal accessible to anyone, use carefully: https://github.com/dani-garcia/bitwarden_rs/wiki/Disable-admin-token + disableAdminToken: false + ## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page + # token: + # Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration + smtp: + enabled: false + # SMTP hostname, required if SMTP is enabled. + host: "" + # SMTP sender e-mail address, required if SMTP is enabled. + from: "" + ## SMTP sender name, defaults to 'Bitwarden_RS'. + # fromName: "" + ## Enable SSL connection. + # security: starttls + ## SMTP port. Defaults to 587 with STARTTLS, 465 with FORCE_TLS, and 25 without SSL. + # port: 587 + ## SMTP Authentication Mechanisms. Comma-separated options: 'Plain', 'Login' and 'Xoauth2'. Defaults to 'Plain'. + # authMechanism: Plain + ## Hostname to be sent for SMTP HELO. Defaults to pod name. + # heloName: "" + ## SMTP timeout. + # timeout: 15 + ## Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks! + # invalidHostname: false + ## Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks! + # invalidCertificate: false + ## SMTP username. + # user: "" + ## SMTP password. Required is user is specified, ignored if no user provided. + # password: "" + ## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication + yubico: + enabled: false + ## Yubico server. Defaults to YubiCloud. + # server: + ## Yubico ID and Secret Key. + # clientId: + # secretKey: + ## Enable Mobile Push Notifications. You must obtain and ID and Key here: https://bitwarden.com/host + push: + enabled: false + # installationId: + # installationKey: + ## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging + log: + # Log to file. + file: "" + # Log level. Options are "trace", "debug", "info", "warn", "error" or "off". + level: "trace" + ## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds. + # timeFormat: "" + icons: + # Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero. + disableDownload: false + ## Cache time-to-live for icons fetched. 0 means no purging. + # cache: 2592000 + ## Cache time-to-live for icons that were not available. 0 means no purging. + # cacheFailed: 259200 +persistence: + data: + enabled: true + mountPath: "/data" +cnpg: + main: + enabled: true + user: vaultwarden + database: vaultwarden +portal: + open: + enabled: true +ingress: + main: + required: true diff --git a/premium/vaultwarden/26.5.3/questions.yaml b/premium/vaultwarden/26.5.3/questions.yaml new file mode 100755 index 00000000000..eecafe2f80a --- /dev/null +++ b/premium/vaultwarden/26.5.3/questions.yaml @@ -0,0 +1,3599 @@ +groups: + - name: Container Image + description: Image to be used for container + - name: General Settings + description: General Deployment Settings + - name: Workload Settings + description: Workload Settings + - name: App Configuration + description: App Specific Config Options + - name: Networking and Services + description: Configure Network and Services for Container + - name: Storage and Persistence + description: Persist and Share Data that is Separate from the Container + - name: Ingress + description: Ingress Configuration + - name: Security and Permissions + description: Configure Security Context and Permissions + - name: Resources and Devices + description: "Specify Resources/Devices to be Allocated to Workload" + - name: Middlewares + description: Traefik Middlewares + - name: Metrics + description: Metrics + - name: Addons + description: Addon Configuration + - name: Backup Configuration + description: Configure Velero Backup Schedule + - name: Advanced + description: Advanced Configuration + - name: Postgresql + description: Postgresql + - name: Documentation + description: Documentation + +portals: + open: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + + admin: + protocols: + - "$kubernetes-resource_configmap_tcportal-open_protocol" + host: + - "$kubernetes-resource_configmap_tcportal-open_host" + ports: + - "$kubernetes-resource_configmap_tcportal-open_port" + + path: "/admin/" +questions: + - variable: global + group: General Settings + label: "Global Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: stopAll + label: Stop All + description: "Stops All Running pods and hibernates cnpg" + schema: + type: boolean + default: false + + - variable: workload + group: "Workload Settings" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: type + label: Type (Advanced) + schema: + type: string + default: Deployment + enum: + - value: Deployment + description: Deployment + - value: DaemonSet + description: DaemonSet + + - variable: replicas + label: Replicas (Advanced) + description: Set the number of Replicas + schema: + type: int + show_if: [["type", "!=", "DaemonSet"]] + default: 1 + + - variable: podSpec + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: containers + label: Containers + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: Main Container + schema: + additional_attrs: true + type: dict + attrs: + + - variable: envList + label: Extra Environment Variables + description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..." + schema: + type: list + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + - variable: value + label: Value + schema: + type: string + - variable: extraArgs + label: Extra Args + schema: + type: list + default: [] + items: + - variable: arg + label: Arg + schema: + type: string + + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: command + label: Command + schema: + type: list + default: [] + items: + - variable: param + label: Param + schema: + type: string + + - variable: TZ + label: Timezone + group: "General Settings" + schema: + type: string + default: "Etc/UTC" + $ref: + - "definitions/timezone" + + - variable: podOptions + group: "General Settings" + label: "Global Pod Options (Advanced)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: expertPodOpts + label: "Expert - Pod Options" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + label: "Host Networking" + schema: + type: boolean + default: false + - variable: dnsConfig + label: "DNS Configuration" + schema: + type: dict + additional_attrs: true + attrs: + - variable: options + label: "Options" + schema: + type: list + default: [{"name": "ndots", "value": "1"}] + items: + - variable: optionsEntry + label: "Option Entry" + schema: + type: dict + additional_attrs: true + attrs: + - variable: name + label: "Name" + schema: + type: string + required: true + - variable: value + label: "Value" + schema: + type: string + - variable: nameservers + label: "Nameservers" + schema: + type: list + default: [] + items: + - variable: nsEntry + label: "Nameserver Entry" + schema: + type: string + required: true + - variable: searches + label: "Searches" + schema: + type: list + default: [] + items: + - variable: searchEntry + label: "Search Entry" + schema: + type: string + required: true + + - variable: imagePullSecretList + group: "General Settings" + label: "Image Pull Secrets" + schema: + type: list + default: [] + items: + - variable: pullsecretentry + label: "Pull Secret" + schema: + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: true + - variable: data + label: Data + schema: + type: dict + additional_attrs: true + attrs: + - variable: registry + label: "Registry" + schema: + type: string + required: true + default: "https://index.docker.io/v1/" + - variable: username + label: "Username" + schema: + type: string + required: true + default: "" + - variable: password + label: "Password" + schema: + type: string + required: true + private: true + default: "" + - variable: email + label: "Email" + schema: + type: string + required: true + default: "" + + - variable: vaultwarden + label: "" + group: "App Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: yubico + label: "Yubico OTP authentication" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Yubico OTP authentication" + description: "Please refer to the manual at: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Yubikey-OTP-authentication" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: server + label: "Yubico server" + description: "Defaults to YubiCloud" + schema: + type: string + default: "" + - variable: clientId + label: "Yubico ID" + schema: + type: string + default: "" + - variable: secretKey + label: "Yubico Secret Key" + schema: + type: string + default: "" + - variable: push + label: "Mobile Push Notifications" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Mobile Push Notifications" + description: "You must obtain and ID and Key here: https://bitwarden.com/host" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: installationId + label: "Installation ID" + schema: + type: string + default: "" + required: true + - variable: installationKey + label: "Installation Key" + schema: + type: string + default: "" + required: true + - variable: admin + label: "Admin Portal" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable Admin Portal" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: disableAdminToken + label: "Make Accessible Without Password/Token" + schema: + type: boolean + default: false + - variable: token + label: "Admin Portal Password/Token" + description: "Will be automatically generated if not defined" + schema: + type: string + default: "" + - variable: icons + label: "Icon Download Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: disableDownload + label: "Disable Icon Download" + description: "Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache)" + schema: + type: boolean + default: false + - variable: cache + label: "Cache time-to-live" + description: "Cache time-to-live for icons fetched. 0 means no purging" + schema: + type: int + default: 2592000 + - variable: token + label: "Failed Downloads Cache time-to-live" + description: "Cache time-to-live for icons that were not available. 0 means no purging." + schema: + type: int + default: 2592000 + - variable: log + label: "Logging" + schema: + additional_attrs: true + type: dict + attrs: + - variable: level + label: "Log level" + schema: + type: string + default: "info" + required: true + enum: + - value: "trace" + description: "trace" + - value: "debug" + description: "debug" + - value: "info" + description: "info" + - value: "warn" + description: "warn" + - value: "error" + description: "error" + - value: "off" + description: "off" + - variable: file + label: "Log-File Location" + schema: + type: string + default: "" + - variable: smtp + label: "SMTP Settings (Email)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "Enable SMTP Support" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: host + label: "SMTP hostname" + schema: + type: string + required: true + default: "" + - variable: from + label: "SMTP sender e-mail address" + schema: + type: string + required: true + default: "" + - variable: fromName + label: "SMTP sender name" + schema: + type: string + required: true + default: "" + - variable: user + label: "SMTP username" + schema: + type: string + required: true + default: "" + - variable: password + label: "SMTP password" + description: "Required is user is specified, ignored if no user provided" + schema: + type: string + default: "" + - variable: security + label: "Enable SSL connection" + schema: + type: string + default: "starttls" + enum: + - value: "starttls" + description: "STARTTLS (587)" + - value: "force_tls" + description: "FORCE_TLS (465)" + - value: "off" + description: "OFF (25)" + - variable: port + label: "SMTP port" + description: "Usually: 587 with STARTTLS, 465 with FORCE_TLS, and 25 without SSL" + schema: + type: int + default: 587 + - variable: authMechanism + label: "SMTP Authentication Mechanisms" + description: "Comma-separated options: Plain, Login and Xoauth2" + schema: + type: string + default: "Plain" + - variable: heloName + label: "SMTP HELO - Hostname" + description: "Hostname to be sent for SMTP HELO. Defaults to pod name" + schema: + type: string + default: "" + - variable: timeout + label: "SMTP timeout" + schema: + type: int + default: 15 + - variable: invalidHostname + label: "Accept Invalid Hostname" + description: "Accept SSL session if certificate is valid but hostname doesn't match. DANGEROUS, vulnerable to men-in-the-middle attacks!" + schema: + type: boolean + default: false + - variable: invalidCertificate + label: "Accept Invalid Certificate" + description: "Accept invalid certificates. DANGEROUS, vulnerable to men-in-the-middle attacks!" + schema: + type: boolean + default: false + - variable: allowSignups + label: "Allow Signup" + description: "Allow any user to sign-up: https://github.com/dani-garcia/vaultwarden/wiki/Disable-registration-of-new-users" + schema: + type: boolean + default: true + - variable: allowInvitation + label: "Always allow Invitation" + description: "Allow invited users to sign-up even feature is disabled: https://github.com/dani-garcia/vaultwarden/wiki/Disable-invitations" + schema: + type: boolean + default: true + - variable: defaultInviteName + label: "Default Invite Organisation Name" + description: "Default organization name in invitation e-mails that are not coming from a specific organization." + schema: + type: string + default: "" + - variable: showPasswordHint + label: "Show password hints" + description: "https://github.com/dani-garcia/vaultwarden/wiki/Password-hint-display" + schema: + type: boolean + default: true + - variable: signupwhitelistenable + label: "Enable Signup Whitelist" + description: "allowSignups is ignored if set" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: signupDomains + label: "Signup Whitelist Domains" + schema: + type: list + default: [] + items: + - variable: domain + label: "Domain" + schema: + type: string + default: "" + - variable: verifySignup + label: "Verifiy Signup" + description: "Verify e-mail before login is enabled. SMTP must be enabled" + schema: + type: boolean + default: false + - variable: requireEmail + label: "Block Login if email fails" + description: "When a user logs in an email is required to be sent. If sending the email fails the login attempt will fail. SMTP must be enabled" + schema: + type: boolean + default: false + - variable: emailAttempts + label: "Email token reset attempts" + description: "Maximum attempts before an email token is reset and a new email will need to be sent" + schema: + type: int + default: 3 + - variable: emailTokenExpiration + label: "Email token validity in seconds" + schema: + type: int + default: 600 + - variable: enableWebVault + label: "Enable Webvault" + description: "Enable Web Vault (static content). https://github.com/dani-garcia/vaultwarden/wiki/Disabling-or-overriding-the-Vault-interface-hosting" + schema: + type: boolean + default: true + - variable: orgCreationUsers + label: "Limit Organisation Creation to (users)" + description: "Restrict creation of orgs. Options are: 'all', 'none' or a comma-separated list of users." + schema: + type: string + default: "all" + - variable: attachmentLimitOrg + label: "Limit Attachment Disk Usage per Organisation" + schema: + type: string + default: "" + - variable: attachmentLimitUser + label: "Limit Attachment Disk Usage per User" + schema: + type: string + default: "" + - variable: hibpApiKey + label: "HaveIBeenPwned API Key" + description: "Can be purchased at https://haveibeenpwned.com/API/Key" + schema: + type: string + default: "" + - variable: service + group: Networking and Services + label: Configure Service(s) + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Service + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "Service's Port(s) Configuration" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 10102 + required: true + - variable: serviceexpert + group: Networking and Services + label: Show Expert Config + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + + - variable: scaleExternalInterface + description: Add External Interfaces + label: Add external Interfaces + group: Networking + schema: + type: list + items: + - variable: interfaceConfiguration + description: Interface Configuration + label: Interface Configuration + schema: + additional_attrs: true + type: dict + $ref: + - "normalize/interfaceConfiguration" + attrs: + - variable: hostInterface + description: Please Specify Host Interface + label: Host Interface + schema: + type: string + required: true + $ref: + - "definitions/interface" + - variable: ipam + description: Define how IP Address will be managed + label: IP Address Management + schema: + additional_attrs: true + type: dict + required: true + attrs: + - variable: type + description: Specify type for IPAM + label: IPAM Type + schema: + type: string + required: true + enum: + - value: dhcp + description: Use DHCP + - value: static + description: Use Static IP + - variable: staticIPConfigurations + label: Static IP Addresses + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticIP + label: Static IP + schema: + type: ipaddr + cidr: true + - variable: staticRoutes + label: Static Routes + schema: + type: list + show_if: [["type", "=", "static"]] + items: + - variable: staticRouteConfiguration + label: Static Route Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: destination + label: Destination + schema: + type: ipaddr + cidr: true + required: true + - variable: gateway + label: Gateway + schema: + type: ipaddr + cidr: false + required: true + + - variable: serviceList + label: Add Manual Custom Services + group: Networking and Services + schema: + type: list + default: [] + items: + - variable: serviceListEntry + label: Custom Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the service + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: LoadBalancer + description: LoadBalancer (Expose Ports) + - value: ClusterIP + description: ClusterIP (Do Not Expose Ports) + - value: Simple + description: Deprecated CHANGE THIS + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: advancedsvcset + label: Show Advanced Service Settings + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: externalIPs + label: "External IP's" + description: "External IP's" + schema: + type: list + default: [] + items: + - variable: externalIP + label: External IP + schema: + type: string + - variable: ipFamilyPolicy + label: IP Family Policy + description: Specify the IP Policy + schema: + type: string + default: SingleStack + enum: + - value: SingleStack + description: SingleStack + - value: PreferDualStack + description: PreferDualStack + - value: RequireDualStack + description: RequireDualStack + - variable: ipFamilies + label: IP Families + description: (Advanced) The IP Families that should be used + schema: + type: list + default: [] + items: + - variable: ipFamily + label: IP Family + schema: + type: string + - variable: portsList + label: Additional Service Ports + schema: + type: list + default: [] + items: + - variable: portsListEntry + label: Custom ports + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Port + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Port Name + schema: + type: string + default: "" + - variable: protocol + label: Port Type + schema: + type: string + default: tcp + enum: + - value: http + description: HTTP + - value: https + description: HTTPS + - value: tcp + description: TCP + - value: udp + description: UDP + - variable: targetPort + label: Target Port + description: This port exposes the container port on the service + schema: + type: int + required: true + - variable: port + label: Container Port + schema: + type: int + required: true + + - variable: persistence + label: Integrated Persistent Storage + description: Integrated Persistent Storage + group: Storage and Persistence + schema: + additional_attrs: true + type: dict + attrs: + + - variable: data + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: pvc + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - value: iscsi + description: iSCSI Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size quotum of Storage (Do NOT REDUCE after installation) + description: This value can ONLY be INCREASED after the installation + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: disabled + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + + - variable: persistenceList + label: Additional App Storage + group: Storage and Persistence + schema: + type: list + default: [] + items: + - variable: persistenceListEntry + label: Custom Storage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the storage + schema: + type: boolean + default: true + hidden: true + - variable: type + label: Type of Storage + description: Sets the persistence type, Anything other than PVC could break rollback! + schema: + type: string + default: hostPath + enum: + - value: pvc + description: PVC + - value: hostPath + description: Host Path + - value: emptyDir + description: emptyDir + - value: nfs + description: NFS Share + - variable: server + label: NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: path + label: Path on NFS Server + schema: + show_if: [["type", "=", "nfs"]] + type: string + default: "" + - variable: iscsi + label: iSCSI Options + schema: + show_if: [["type", "=", "iscsi"]] + type: dict + additional_attrs: true + attrs: + - variable: targetPortal + label: targetPortal + schema: + type: string + required: true + default: "" + - variable: iqn + label: iqn + schema: + type: string + required: true + default: "" + - variable: lun + label: lun + schema: + type: int + default: 0 + - variable: authSession + label: authSession + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: authDiscovery + label: authDiscovery + schema: + type: dict + additional_attrs: true + attrs: + - variable: username + label: username + schema: + type: string + default: "" + - variable: password + label: password + schema: + type: string + default: "" + - variable: usernameInitiator + label: usernameInitiator + schema: + type: string + default: "" + - variable: passwordInitiator + label: passwordInitiator + schema: + type: string + default: "" + - variable: autoPermissions + label: Automatic Permissions Configuration + description: Automatically set permissions + schema: + show_if: [["type", "!=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: chown + label: Run CHOWN + description: | + It will run CHOWN on the path with the given fsGroup + schema: + type: boolean + default: false + - variable: chmod + label: Run CHMOD + description: | + It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770 + schema: + type: string + valid_chars: '[0-9]{3}' + default: "" + - variable: recursive + label: Recursive + description: | + It will run CHOWN and CHMOD recursively + schema: + type: boolean + default: false + - variable: readOnly + label: Read Only + schema: + type: boolean + default: false + - variable: hostPath + label: Host Path + description: Path inside the container the storage is mounted + schema: + show_if: [["type", "=", "hostPath"]] + type: hostpath + - variable: mountPath + label: Mount Path + description: Path inside the container the storage is mounted + schema: + type: string + default: "" + required: true + valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$' + - variable: medium + label: EmptyDir Medium + schema: + show_if: [["type", "=", "emptyDir"]] + type: string + default: "" + enum: + - value: "" + description: Default + - value: Memory + description: Memory + - variable: size + label: Size Quotum of Storage + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: 256Gi + - variable: storageClass + label: 'storageClass (Advanced)' + description: 'sets the storageClass to something other than iX default. Only for advanced usecases!' + schema: + show_if: [["type", "=", "pvc"]] + type: string + default: "" + - variable: static + label: 'Static Fixed PVC Bindings (Experimental)' + description: Link a PVC to a specific storage location + schema: + show_if: [["type", "=", "pvc"]] + type: dict + additional_attrs: true + attrs: + - variable: mode + label: mode + description: | + disabled: use normal dynamic PVCs + smb: connect to an SMB share + nfs: connect to an NFS share + schema: + type: string + default: "disabled" + enum: + - value: "disabled" + description: disabled + - value: smb + description: smb + - value: nfs + description: nfs + - variable: server + label: Server + description: server to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "myserver" + - variable: share + label: Share + description: share to connect to + schema: + type: string + show_if: [["mode", "!=", "disabled"]] + default: "/myshare" + - variable: user + label: User + description: connecting user + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "myuser" + - variable: domain + label: Domain + description: user domain + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: password + label: Password + description: connecting password + schema: + type: string + show_if: [["mode", "=", "smb"]] + default: "" + - variable: volumeSnapshots + label: 'Volume Snapshots (Experimental)' + description: Add an entry to the list to force creation of a volumeSnapshot of this PVC + schema: + show_if: [["type", "=", "pvc"]] + type: list + default: [] + items: + - variable: volumeSnapshotEntry + label: Custom volumeSnapshot + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: 'WARNING: renaming this, means deletion of the snapshot with the old name!' + schema: + type: string + default: "mysnapshot" + required: true + - variable: volumeSnapshotClassName + label: 'volumeSnapshot Class Name (Advanced)' + description: For use with PVCs using a non-default storageClass + schema: + type: string + default: "" + + - variable: ingress + label: "" + group: Ingress + schema: + additional_attrs: true + type: dict + attrs: + + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name (Optional) + description: Defaults to chart name + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description (Optional) + description: Defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: icon + label: Icon (Optional) + description: Defaults to chart icon + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + - variable: widget + label: Widget Settings + schema: + type: dict + additional_attrs: true + show_if: [["enabled", "=", true]] + attrs: + - variable: enabled + label: Enable Widget + description: When disabled all widget annotations are skipped. + schema: + type: boolean + default: true + - variable: custom + label: Options + schema: + type: dict + additional_attrs: true + attrs: + - variable: key + label: API-key (key) + schema: + type: string + default: "" + - variable: customkv + label: Custom Options + schema: + type: list + default: [] + items: + - variable: option + label: Option + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + default: "" + required: true + - variable: value + label: Value + schema: + type: string + default: "" + required: true + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + + - variable: ingressList + label: Add Manual Custom Ingresses + group: Ingress + schema: + type: list + default: [] + items: + - variable: ingressListEntry + label: Custom Ingress + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: true + hidden: true + - variable: name + label: Name + schema: + type: string + default: "" + - variable: ingressClassName + label: IngressClass Name + schema: + type: string + default: "" + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: overrideService + label: Linked Service + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Service Name + schema: + type: string + default: "" + - variable: port + label: Service Port + schema: + type: int + - variable: tls + label: TLS-Settings + schema: + type: list + default: [] + show_if: [["certificateIssuer", "=", ""]] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: Use Custom Secret (Advanced) + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: "Allow Cross Origin Requests" + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: namespace + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: homepage + label: Homepage + description: Connect ingress with Homepage + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: name + label: Name + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: description + label: Description + description: defaults to chart description + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: group + label: Group + schema: + type: string + required: true + default: "default" + show_if: [["enabled", "=", true]] + + - variable: securityContext + group: Security and Permissions + label: Security Context + schema: + additional_attrs: true + type: dict + attrs: + - variable: container + label: Container + schema: + additional_attrs: true + type: dict + attrs: + # Settings from questions.yaml get appended here on a per-app basis + + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 568 + # Settings from questions.yaml get appended here on a per-app basis + - variable: PUID + label: Process User ID - PUID + description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps + schema: + type: int + show_if: [["runAsUser", "=", 0]] + default: 568 + - variable: UMASK + label: UMASK + description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps + schema: + type: string + default: "0022" + + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + + - variable: pod + label: Pod + schema: + additional_attrs: true + type: dict + attrs: + - variable: fsGroupChangePolicy + label: "When should we take ownership?" + schema: + type: string + default: OnRootMismatch + enum: + - value: OnRootMismatch + description: OnRootMismatch + - value: Always + description: Always + - variable: supplementalGroups + label: Supplemental Groups + schema: + type: list + default: [] + items: + - variable: supplementalGroupsEntry + label: Supplemental Group + schema: + type: int + # Settings from questions.yaml get appended here on a per-app basis + + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + - variable: resources + group: Resources and Devices + label: "Resource Limits" + schema: + additional_attrs: true + type: dict + attrs: + - variable: limits + label: Advanced Limit Resource Consumption + schema: + additional_attrs: true + type: dict + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 4000m + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: RAM + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 8Gi + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: 'gpu.intel.com/i915' + label: Add Intel i915 GPUs + schema: + type: int + default: 0 + - variable: 'nvidia.com/gpu' + label: Add NVIDIA GPUs (Experimental) + schema: + type: int + default: 0 + - variable: 'amd.com/gpu' + label: Add AMD GPUs + schema: + type: int + default: 0 + - variable: requests + label: "Minimum Resources Required (request)" + schema: + additional_attrs: true + type: dict + hidden: true + attrs: + - variable: cpu + label: CPU + description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 10m + hidden: true + valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$' + - variable: memory + label: "RAM" + description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation" + schema: + type: string + default: 50Mi + hidden: true + valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$' + - variable: deviceList + label: Mount USB Devices + group: Resources and Devices + schema: + type: list + default: [] + items: + - variable: deviceListEntry + label: Device + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable the Storage + schema: + type: boolean + default: true + - variable: type + label: (Advanced) Type of Storage + description: Sets the persistence type + schema: + type: string + default: device + hidden: true + - variable: readOnly + label: readOnly + schema: + type: boolean + default: false + - variable: hostPath + label: Host Device Path + description: Path to the device on the host system + schema: + type: path + - variable: mountPath + label: Container Device Path + description: Path inside the container the device is mounted + schema: + type: string + default: "/dev/ttyACM0" + + - variable: cnpg + group: Postgresql + label: "CloudNative-PG (CNPG)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Postgresql Database" + schema: + additional_attrs: true + type: dict + attrs: + - variable: hibernate + label: Hibernate + description: "enable to safely hibernate and shutdown the postgresql cluster" + schema: + type: boolean + default: false + - variable: mode + label: Mode + description: 'Cluster mode of operation. Available modes: standalone - default mode. Creates new or updates an existing CNPG cluster. recovery - Same as standalone but creates a cluster from a backup, object store or via pg_basebackup replica - Creates a replica cluster from an existing CNPG cluster. # TODO.' + schema: + type: string + default: "standalone" + enum: + - value: standalone + description: standalone + - value: replica + description: replica + - value: recovery + description: recovery + - variable: cluster + label: "Cluster Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: instances + label: Instances + schema: + type: int + default: 1 + - variable: singleNode + label: singleNode + schema: + type: boolean + default: true + hidden: true + - variable: storage + label: "Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: walStorage + label: "WAL Storage" + schema: + additional_attrs: true + type: dict + attrs: + - variable: size + label: Size + schema: + type: string + default: "256Gi" + - variable: monitoring + label: "Monitoring Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enablePodMonitor + label: "enablePodMonitor" + schema: + type: boolean + default: true + - variable: disableDefaultQueries + label: "disableDefaultQueries" + schema: + type: boolean + default: false + - variable: pooler + label: "Pooler Settings" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + - variable: instances + label: Instances + schema: + type: int + show_if: [["enabled", "=", true]] + default: 1 + - variable: createRO + label: "Create ReadOnly Instance" + schema: + type: boolean + show_if: [["enabled", "=", true]] + default: false + - variable: backups + label: "Backup Settings (Experimental)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + - variable: serverName + label: "serverName" + schema: + type: string + default: "" + - variable: revision + label: "serverName" + schema: + type: int + - variable: endpointURL + label: "endpointURL" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: destinationPath + label: "destinationPath" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: retentionPolicy + label: "retentionPolicy" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "30d" + - variable: provider + label: "provider" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "s3" + enum: + - value: s3 + description: S3 + - value: azure + description: Azure + - value: google + description: Google + - variable: s3 + label: "s3" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "s3"]] + attrs: + - variable: region + label: "region" + schema: + type: string + default: "" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: accessKey + label: "accessKey" + schema: + type: string + default: "" + - variable: secretKey + label: "secretKey" + schema: + type: string + default: "" + - variable: azure + label: "azure (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "azure"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: connectionString + label: "connectionString" + schema: + type: string + default: "" + - variable: storageAccount + label: "storageAccount" + schema: + type: string + default: "" + - variable: storageKey + label: "storageKey" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: storageSasToken + label: "storageSasToken" + schema: + type: string + default: "" + - variable: containerName + label: "containerName" + schema: + type: string + default: "" + - variable: serviceName + label: "serviceName" + schema: + type: string + default: "blob" + - variable: inheritFromAzureAD + label: "inheritFromAzureAD" + schema: + type: boolean + default: false + - variable: google + label: "google (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "google"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: gkeEnvironment + label: "gkeEnvironment" + schema: + type: string + default: "" + - variable: applicationCredentials + label: "applicationCredentials" + schema: + type: string + default: "" + - variable: recovery + label: "Recovery Settings (Experimental)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: "enabled" + schema: + type: boolean + default: false + - variable: serverName + label: "serverName" + schema: + type: string + default: "" + - variable: revision + label: "serverName" + schema: + type: int + - variable: endpointURL + label: "endpointURL" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: method + label: "method" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "object_store" + - variable: backupName + label: "backupName" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "" + - variable: provider + label: "provider" + schema: + type: string + show_if: [["enabled", "=", true]] + default: "s3" + enum: + - value: s3 + description: S3 + - value: azure + description: Azure + - value: google + description: Google + - variable: s3 + label: "s3" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "s3"]] + attrs: + - variable: region + label: "region" + schema: + type: string + default: "" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: accessKey + label: "accessKey" + schema: + type: string + default: "" + - variable: secretKey + label: "secretKey" + schema: + type: string + default: "" + - variable: azure + label: "azure (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "azure"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: connectionString + label: "connectionString" + schema: + type: string + default: "" + - variable: storageAccount + label: "storageAccount" + schema: + type: string + default: "" + - variable: storageKey + label: "storageKey" + schema: + type: string + default: "" + - variable: storageSasToken + label: "storageSasToken" + schema: + type: string + default: "" + - variable: containerName + label: "containerName" + schema: + type: string + default: "" + - variable: serviceName + label: "serviceName" + schema: + type: string + default: "blob" + - variable: inheritFromAzureAD + label: "inheritFromAzureAD" + schema: + type: boolean + default: false + - variable: google + label: "google (EXTREMELY EXPERIMENTAL)" + schema: + additional_attrs: true + type: dict + show_if: [["provider", "=", "google"]] + attrs: + - variable: path + label: "path" + schema: + type: string + default: "/" + - variable: bucket + label: "bucket" + schema: + type: string + default: "" + - variable: gkeEnvironment + label: "gkeEnvironment" + schema: + type: string + default: "" + - variable: applicationCredentials + label: "applicationCredentials" + schema: + type: string + default: "" + +# - variable: horizontalPodAutoscaler +# group: Advanced +# label: (Advanced) Horizontal Pod Autoscaler +# schema: +# type: list +# default: [] +# items: +# - variable: hpaEntry +# label: HPA Entry +# schema: +# additional_attrs: true +# type: dict +# attrs: +# - variable: name +# label: Name +# schema: +# type: string +# required: true +# default: "" +# - variable: enabled +# label: Enabled +# schema: +# type: boolean +# default: false +# show_subquestions_if: true +# subquestions: +# - variable: target +# label: Target +# description: Deployment name, Defaults to Main Deployment +# schema: +# type: string +# default: "" +# - variable: minReplicas +# label: Minimum Replicas +# schema: +# type: int +# default: 1 +# - variable: maxReplicas +# label: Maximum Replicas +# schema: +# type: int +# default: 5 +# - variable: targetCPUUtilizationPercentage +# label: Target CPU Utilization Percentage +# schema: +# type: int +# default: 80 +# - variable: targetMemoryUtilizationPercentage +# label: Target Memory Utilization Percentage +# schema: +# type: int +# default: 80 + - variable: networkPolicy + group: Advanced + label: (Advanced) Network Policy + schema: + type: list + default: [] + items: + - variable: netPolicyEntry + label: Network Policy Entry + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: policyType + label: Policy Type + schema: + type: string + default: "" + enum: + - value: "" + description: Default + - value: ingress + description: Ingress + - value: egress + description: Egress + - value: ingress-egress + description: Ingress and Egress + - variable: egress + label: Egress + schema: + type: list + default: [] + items: + - variable: egressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: to + label: To + schema: + type: list + default: [] + items: + - variable: toEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + - variable: ingress + label: Ingress + schema: + type: list + default: [] + items: + - variable: ingressEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: from + label: From + schema: + type: list + default: [] + items: + - variable: fromEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: ipBlock + label: IP Block + schema: + additional_attrs: true + type: dict + attrs: + - variable: cidr + label: CIDR + schema: + type: string + default: "" + - variable: except + label: Except + schema: + type: list + default: [] + items: + - variable: exceptint + label: "" + schema: + type: string + - variable: namespaceSelector + label: Namespace Selector + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: podSelector + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: matchExpressions + label: Match Expressions + schema: + type: list + default: [] + items: + - variable: expressionEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: key + label: Key + schema: + type: string + - variable: operator + label: Operator + schema: + type: string + default: TCP + enum: + - value: In + description: In + - value: NotIn + description: NotIn + - value: Exists + description: Exists + - value: DoesNotExist + description: DoesNotExist + - variable: values + label: Values + schema: + type: list + default: [] + items: + - variable: value + label: "" + schema: + type: string + - variable: ports + label: Ports + schema: + type: list + default: [] + items: + - variable: portsEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + - variable: endPort + label: End Port + schema: + type: int + - variable: protocol + label: Protocol + schema: + type: string + default: TCP + enum: + - value: TCP + description: TCP + - value: UDP + description: UDP + - value: SCTP + description: SCTP + + - variable: addons + group: Addons + label: "" + schema: + additional_attrs: true + type: dict + attrs: + + - variable: codeserver + label: Codeserver + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: service + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Service Type + description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer" + schema: + type: string + default: LoadBalancer + enum: + - value: NodePort + description: Deprecated CHANGE THIS + - value: ClusterIP + description: ClusterIP + - value: LoadBalancer + description: LoadBalancer + - variable: loadBalancerIP + label: LoadBalancer IP + description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB" + schema: + show_if: [["type", "=", "LoadBalancer"]] + type: string + default: "" + - variable: ports + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: codeserver + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: Port + schema: + type: int + default: 36107 + - variable: ingress + label: "Ingress" + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enable Ingress + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hosts + label: Hosts + schema: + type: list + default: [] + items: + - variable: hostEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: host + label: HostName + schema: + type: string + default: "" + required: true + - variable: paths + label: Paths + schema: + type: list + default: [{path: "/", pathType: "Prefix"}] + items: + - variable: pathEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: path + label: Path + schema: + type: string + required: true + default: "/" + - variable: pathType + label: Path Type + schema: + type: string + required: true + default: Prefix + - variable: integrations + label: Integrations + description: Connect ingress with other charts + schema: + additional_attrs: true + type: dict + attrs: + - variable: traefik + label: Traefik + description: Connect ingress with Traefik + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: true + - variable: allowCors + label: 'Allow Cross Origin Requests (advanced)' + schema: + type: boolean + default: false + show_if: [["enabled", "=", true]] + - variable: entrypoints + label: Entrypoints + schema: + type: list + default: ["websecure"] + show_if: [["enabled", "=", true]] + items: + - variable: entrypoint + label: Entrypoint + schema: + type: string + - variable: middlewares + label: Middlewares + schema: + type: list + default: [] + show_if: [["enabled", "=", true]] + items: + - variable: middleware + label: Middleware + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: name + schema: + type: string + default: "" + required: true + - variable: namespace + label: 'namespace (optional)' + schema: + type: string + default: "" + - variable: certManager + label: certManager + description: Connect ingress with certManager + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false + - variable: certificateIssuer + label: certificateIssuer + description: defaults to chartname + schema: + type: string + default: "" + show_if: [["enabled", "=", true]] + - variable: advanced + label: Show Advanced Settings + description: Advanced settings are not covered by TrueCharts Support + schema: + type: boolean + default: false + - variable: ingressClassName + label: (Advanced/Optional) IngressClass Name + schema: + type: string + show_if: [["advanced", "=", true]] + default: "" + - variable: tls + label: TLS-Settings + schema: + type: list + show_if: [["advanced", "=", true]] + default: [] + items: + - variable: tlsEntry + label: Host + schema: + additional_attrs: true + type: dict + attrs: + - variable: hosts + label: Certificate Hosts + schema: + type: list + default: [] + items: + - variable: host + label: Host + schema: + type: string + default: "" + required: true + + - variable: certificateIssuer + label: Use Cert-Manager clusterIssuer + description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.' + schema: + type: string + default: "" + - variable: clusterCertificate + label: 'Cluster Certificate (Advanced)' + description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.' + schema: + type: string + show_if: [["certificateIssuer", "=", ""]] + default: "" + - variable: secretName + label: 'Use Custom Certificate Secret (Advanced)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: string + default: "" + - variable: scaleCert + label: 'Use TrueNAS SCALE Certificate (Deprecated)' + schema: + show_if: [["certificateIssuer", "=", ""]] + type: int + $ref: + - "definitions/certificate" + - variable: envList + label: Codeserver Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: vpn + label: VPN + schema: + additional_attrs: true + type: dict + attrs: + - variable: type + label: Type + schema: + type: string + default: disabled + enum: + - value: disabled + description: disabled + - value: gluetun + description: Gluetun + - value: tailscale + description: Tailscale + - value: openvpn + description: OpenVPN (Deprecated) + - value: wireguard + description: Wireguard (Deprecated) + - variable: openvpn + label: OpenVPN Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "openvpn"]] + attrs: + - variable: username + label: Authentication Username (Optional) + description: Authentication Username, Optional + schema: + type: string + default: "" + - variable: password + label: Authentication Password + description: Authentication Credentials + schema: + type: string + show_if: [["username", "!=", ""]] + default: "" + required: true + - variable: tailscale + label: Tailscale Settings + schema: + additional_attrs: true + type: dict + show_if: [["type", "=", "tailscale"]] + attrs: + - variable: authkey + label: Authentication Key + description: Provide an auth key to automatically authenticate the node as your user account. + schema: + type: string + private: true + default: "" + - variable: auth_once + label: Auth Once + description: Only attempt to log in if not already logged in. + schema: + type: boolean + default: true + - variable: accept_dns + label: Accept DNS + description: Accept DNS configuration from the admin console. + schema: + type: boolean + default: false + - variable: userspace + label: Userspace + description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device. + schema: + type: boolean + default: false + - variable: routes + label: Routes + description: Expose physical subnet routes to your entire Tailscale network. + schema: + type: string + default: "" + - variable: dest_ip + label: Destination IP + description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched. + schema: + type: string + default: "" + - variable: sock5_server + label: Sock5 Server + description: The address on which to listen for SOCKS5 proxying into the tailscale net. + schema: + type: string + default: "" + - variable: outbound_http_proxy_listen + label: Outbound HTTP Proxy Listen + description: The address on which to listen for HTTP proxying into the tailscale net. + schema: + type: string + default: "" + - variable: extra_args + label: Extra Args + description: Extra Args + schema: + type: string + default: "" + - variable: daemon_extra_args + label: Tailscale Daemon Extra Args + description: Tailscale Daemon Extra Args + schema: + type: string + default: "" + - variable: killSwitch + label: Enable Killswitch + schema: + type: boolean + show_if: [["type", "!=", "disabled"]] + default: true + - variable: excludedNetworks_IPv4 + label: Killswitch Excluded IPv4 networks + description: List of Killswitch Excluded IPv4 Addresses + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv4 + label: IPv4 Network + schema: + type: string + required: true + - variable: excludedNetworks_IPv6 + label: Killswitch Excluded IPv6 networks + description: "List of Killswitch Excluded IPv6 Addresses" + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: networkv6 + label: IPv6 Network + schema: + type: string + required: true + - variable: configFile + label: VPN Config File Location + schema: + type: string + show_if: [["type", "!=", "disabled"]] + default: "" + + - variable: envList + label: VPN Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + max_length: 10240 + + - variable: netshoot + label: Netshoot + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: envList + label: Netshoot Environment Variables + schema: + type: list + show_if: [["type", "!=", "disabled"]] + default: [] + items: + - variable: envItem + label: Environment Variable + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: docs + group: Documentation + label: Please read the documentation at https://truecharts.org + description: Please read the documentation at +
https://truecharts.org + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDocs + label: I have checked the documentation + schema: + type: boolean + default: true + - variable: donateNag + group: Documentation + label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor + description: Please consider supporting TrueCharts, see +
https://truecharts.org/sponsor + schema: + additional_attrs: true + type: dict + attrs: + - variable: confirmDonate + label: I have considered donating + schema: + type: boolean + default: true + hidden: true + diff --git a/premium/vaultwarden/26.5.3/templates/NOTES.txt b/premium/vaultwarden/26.5.3/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/premium/vaultwarden/26.5.3/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/premium/vaultwarden/26.5.3/templates/_configmap.tpl b/premium/vaultwarden/26.5.3/templates/_configmap.tpl new file mode 100644 index 00000000000..2749819b03b --- /dev/null +++ b/premium/vaultwarden/26.5.3/templates/_configmap.tpl @@ -0,0 +1,111 @@ +{{/* Define the configmap */}} +{{- define "vaultwarden.configmap" -}} +enabled: true +data: + ROCKET_PORT: "8080" + SIGNUPS_ALLOWED: {{ .Values.vaultwarden.allowSignups | quote }} + {{- if .Values.vaultwarden.signupDomains }} + SIGNUPS_DOMAINS_WHITELIST: {{ join "," .Values.vaultwarden.signupDomains | quote }} + {{- end }} + {{- if and (eq .Values.vaultwarden.verifySignup true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Signup verification requires SMTP to be enabled" nil}}{{end}} + SIGNUPS_VERIFY: {{ .Values.vaultwarden.verifySignup | quote }} + {{- if and (eq .Values.vaultwarden.requireEmail true) (eq .Values.vaultwarden.smtp.enabled false) }}{{ required "Requiring emails for login depends on SMTP" nil}}{{end}} + REQUIRE_DEVICE_EMAIL: {{ .Values.vaultwarden.requireEmail | quote }} + {{- if .Values.vaultwarden.emailAttempts }} + EMAIL_ATTEMPTS_LIMIT: {{ .Values.vaultwarden.emailAttempts | quote }} + {{- end }} + {{- if .Values.vaultwarden.emailTokenExpiration }} + EMAIL_EXPIRATION_TIME: {{ .Values.vaultwarden.emailTokenExpiration | quote }} + {{- end }} + INVITATIONS_ALLOWED: {{ .Values.vaultwarden.allowInvitation | quote }} + {{- if .Values.vaultwarden.defaultInviteName }} + INVITATION_ORG_NAME: {{ .Values.vaultwarden.defaultInviteName | quote }} + {{- end }} + SHOW_PASSWORD_HINT: {{ .Values.vaultwarden.showPasswordHint | quote }} + WEB_VAULT_ENABLED: {{ .Values.vaultwarden.enableWebVault | quote }} + ORG_CREATION_USERS: {{ .Values.vaultwarden.orgCreationUsers | quote }} + {{- if .Values.vaultwarden.attachmentLimitOrg }} + ORG_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitOrg | quote }} + {{- end }} + {{- if .Values.vaultwarden.attachmentLimitUser }} + USER_ATTACHMENT_LIMIT: {{ .Values.vaultwarden.attachmentLimitUser | quote }} + {{- end }} + {{- if .Values.vaultwarden.hibpApiKey }} + HIBP_API_KEY: {{ .Values.vaultwarden.hibpApiKey | quote }} + {{- end }} + {{- include "vaultwarden.dbTypeValid" . }} + {{- if .Values.database.retries }} + DB_CONNECTION_RETRIES: {{ .Values.database.retries | quote }} + {{- end }} + {{- if .Values.database.maxConnections }} + DATABASE_MAX_CONNS: {{ .Values.database.maxConnections | quote }} + {{- end }} + {{- if eq .Values.vaultwarden.smtp.enabled true }} + SMTP_HOST: {{ required "SMTP host is required to enable SMTP" .Values.vaultwarden.smtp.host | quote }} + SMTP_FROM: {{ required "SMTP sender address ('from') is required to enable SMTP" .Values.vaultwarden.smtp.from | quote }} + {{- if .Values.vaultwarden.smtp.fromName }} + SMTP_FROM_NAME: {{ .Values.vaultwarden.smtp.fromName | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.security }} + SMTP_SECURITY: {{ .Values.vaultwarden.smtp.security | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.port }} + SMTP_PORT: {{ .Values.vaultwarden.smtp.port | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.authMechanism }} + SMTP_AUTH_MECHANISM: {{ .Values.vaultwarden.smtp.authMechanism | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.heloName }} + HELO_NAME: {{ .Values.vaultwarden.smtp.heloName | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.timeout }} + SMTP_TIMEOUT: {{ .Values.vaultwarden.smtp.timeout | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.invalidHostname }} + SMTP_ACCEPT_INVALID_HOSTNAMES: {{ .Values.vaultwarden.smtp.invalidHostname | quote }} + {{- end }} + {{- if .Values.vaultwarden.smtp.invalidCertificate }} + SMTP_ACCEPT_INVALID_CERTS: {{ .Values.vaultwarden.smtp.invalidCertificate | quote }} + {{- end }} + {{- end }} + {{- if .Values.vaultwarden.log.file }} + LOG_FILE: {{ .Values.vaultwarden.log.file | quote }} + {{- end }} + {{- if or .Values.vaultwarden.log.level .Values.vaultwarden.log.timeFormat }} + EXTENDED_LOGGING: "true" + {{- end }} + {{- if .Values.vaultwarden.log.level }} + {{- include "vaultwarden.logLevelValid" . }} + LOG_LEVEL: {{ .Values.vaultwarden.log.level | quote }} + {{- end }} + {{- if .Values.vaultwarden.log.timeFormat }} + LOG_TIMESTAMP_FORMAT: {{ .Values.vaultwarden.log.timeFormat | quote }} + {{- end }} + {{- if .Values.vaultwarden.icons.disableDownload }} + DISABLE_ICON_DOWNLOAD: {{ .Values.vaultwarden.icons.disableDownload | quote }} + {{- if and (not .Values.vaultwarden.icons.cache) (eq .Values.vaultwarden.icons.disableDownload "true") }} + ICON_CACHE_TTL: "0" + {{- end }} + {{- end }} + {{- if .Values.vaultwarden.icons.cache }} + ICON_CACHE_TTL: {{ .Values.vaultwarden.icons.cache | quote }} + {{- end }} + {{- if .Values.vaultwarden.icons.cacheFailed }} + ICON_CACHE_NEGTTL: {{ .Values.vaultwarden.icons.cacheFailed | quote }} + {{- end }} + {{- if eq .Values.vaultwarden.admin.enabled true }} + {{- if eq .Values.vaultwarden.admin.disableAdminToken true }} + DISABLE_ADMIN_TOKEN: "true" + {{- end }} + {{- end }} + {{- if eq .Values.vaultwarden.yubico.enabled true }} + {{- if .Values.vaultwarden.yubico.server }} + YUBICO_SERVER: {{ .Values.vaultwarden.yubico.server | quote }} + {{- end }} + {{- end }} + {{- if eq .Values.database.type "sqlite" }} + ENABLE_DB_WAL: {{ .Values.database.wal | quote }} + {{- else }} + ENABLE_DB_WAL: "false" + {{- end }} +{{- end -}} diff --git a/premium/vaultwarden/26.5.3/templates/_secrets.tpl b/premium/vaultwarden/26.5.3/templates/_secrets.tpl new file mode 100644 index 00000000000..262fcffa1b4 --- /dev/null +++ b/premium/vaultwarden/26.5.3/templates/_secrets.tpl @@ -0,0 +1,37 @@ +{{/* Define the secrets */}} +{{- define "vaultwarden.secrets" -}} + +{{- $adminToken := "" }} +{{- if eq .Values.vaultwarden.admin.enabled true }} +{{- $adminToken = .Values.vaultwarden.admin.token | default (randAlphaNum 48) | quote }} +{{- end -}} + +{{- $smtpUser := "" }} +{{- if and (eq .Values.vaultwarden.smtp.enabled true ) (.Values.vaultwarden.smtp.user) }} +{{- $smtpUser = .Values.vaultwarden.smtp.user | quote }} +{{- end -}} + +{{- $yubicoClientId := "" }} +{{- if eq .Values.vaultwarden.yubico.enabled true }} +{{- $yubicoClientId = required "Yubico Client ID required" .Values.vaultwarden.yubico.clientId | toString | quote }} +{{- end -}} +enabled: true +data: + placeholder: placeholdervalue + {{- if ne $adminToken "" }} + ADMIN_TOKEN: {{ $adminToken }} + {{- end }} + {{- if ne $smtpUser "" }} + SMTP_USERNAME: {{ $smtpUser }} + SMTP_PASSWORD: {{ required "Must specify SMTP password" .Values.vaultwarden.smtp.password | quote }} + {{- end }} + {{- if ne $yubicoClientId "" }} + YUBICO_CLIENT_ID: {{ $yubicoClientId }} + YUBICO_SECRET_KEY: {{ required "Yubico Secret Key required" .Values.vaultwarden.yubico.secretKey | quote }} + {{- end }} + {{- if .Values.vaultwarden.push.enabled }} + PUSH_ENABLED: {{ .Values.vaultwarden.push.enabled | quote }} + PUSH_INSTALLATION_ID: {{ required "Installation ID required" .Values.vaultwarden.push.installationId | quote }} + PUSH_INSTALLATION_KEY: {{ required "Installation Key required" .Values.vaultwarden.push.installationKey | quote }} + {{- end }} +{{- end -}} diff --git a/premium/vaultwarden/26.5.3/templates/_validate.tpl b/premium/vaultwarden/26.5.3/templates/_validate.tpl new file mode 100644 index 00000000000..e4832c2f6e5 --- /dev/null +++ b/premium/vaultwarden/26.5.3/templates/_validate.tpl @@ -0,0 +1,17 @@ +{{/* +Ensure valid DB type is select, defaults to SQLite +*/}} +{{- define "vaultwarden.dbTypeValid" -}} +{{- if not (or (eq .Values.database.type "postgresql") (eq .Values.database.type "mysql") (eq .Values.database.type "sqlite")) }} +{{- required "Invalid database type" nil }} +{{- end -}} +{{- end -}} + +{{/* +Ensure log type is valid +*/}} +{{- define "vaultwarden.logLevelValid" -}} +{{- if not (or (eq .Values.vaultwarden.log.level "trace") (eq .Values.vaultwarden.log.level "debug") (eq .Values.vaultwarden.log.level "info") (eq .Values.vaultwarden.log.level "warn") (eq .Values.vaultwarden.log.level "error") (eq .Values.vaultwarden.log.level "off")) }} +{{- required "Invalid log level" nil }} +{{- end }} +{{- end }} diff --git a/premium/vaultwarden/26.5.3/templates/common.yaml b/premium/vaultwarden/26.5.3/templates/common.yaml new file mode 100644 index 00000000000..66c6adab5db --- /dev/null +++ b/premium/vaultwarden/26.5.3/templates/common.yaml @@ -0,0 +1,17 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . }} + +{{/* Render configmap for vaultwarden */}} +{{- $configmapFile := include "vaultwarden.configmap" . | fromYaml -}} +{{- if $configmapFile -}} + {{- $_ := set .Values.configmap "vaultwardenconfig" $configmapFile -}} +{{- end -}} + +{{/* Render secrets for vaultwarden */}} +{{- $secret := include "vaultwarden.secrets" . | fromYaml -}} +{{- if $secret -}} + {{- $_ := set .Values.secret "vaultwardensecret" $secret -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "tc.v1.common.loader.apply" . }} diff --git a/premium/vaultwarden/26.5.3/values.yaml b/premium/vaultwarden/26.5.3/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/premium/vaultwarden/item.yaml b/premium/vaultwarden/item.yaml new file mode 100644 index 00000000000..2fed8eeae78 --- /dev/null +++ b/premium/vaultwarden/item.yaml @@ -0,0 +1,4 @@ +icon_url: https://truecharts.org/img/hotlink-ok/chart-icons/vaultwarden.png +categories: + - security +screenshots: [] diff --git a/system/cert-manager/4.5.4/app-changelog.md b/system/cert-manager/4.5.4/app-changelog.md deleted file mode 100644 index 70fe7f0d353..00000000000 --- a/system/cert-manager/4.5.4/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [cert-manager-4.5.4](https://github.com/truecharts/charts/compare/cert-manager-4.5.3...cert-manager-4.5.4) (2024-03-16) - -### Chore - - - -- rename `operator`-train to `system`-train \ No newline at end of file diff --git a/system/cloudnative-pg/6.6.3/app-changelog.md b/system/cloudnative-pg/6.6.3/app-changelog.md deleted file mode 100644 index a5d25868d60..00000000000 --- a/system/cloudnative-pg/6.6.3/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [cloudnative-pg-6.6.3](https://github.com/truecharts/charts/compare/cloudnative-pg-6.6.2...cloudnative-pg-6.6.3) (2024-03-16) - -### Chore - - - -- rename `operator`-train to `system`-train \ No newline at end of file diff --git a/system/grafana-agent-operator/1.5.3/app-changelog.md b/system/grafana-agent-operator/1.5.3/app-changelog.md deleted file mode 100644 index e57bd5b4dc2..00000000000 --- a/system/grafana-agent-operator/1.5.3/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [grafana-agent-operator-1.5.3](https://github.com/truecharts/charts/compare/grafana-agent-operator-1.5.2...grafana-agent-operator-1.5.3) (2024-03-16) - -### Chore - - - -- rename `operator`-train to `system`-train \ No newline at end of file diff --git a/system/kubeapps/2.7.3/app-changelog.md b/system/kubeapps/2.7.3/app-changelog.md deleted file mode 100644 index 9e264582ac2..00000000000 --- a/system/kubeapps/2.7.3/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [kubeapps-2.7.3](https://github.com/truecharts/charts/compare/kubeapps-2.7.2...kubeapps-2.7.3) (2024-03-16) - -### Chore - - - -- rename `operator`-train to `system`-train \ No newline at end of file diff --git a/system/kubernetes-reflector/4.5.3/app-changelog.md b/system/kubernetes-reflector/4.5.3/app-changelog.md deleted file mode 100644 index 08c33ccca2e..00000000000 --- a/system/kubernetes-reflector/4.5.3/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [kubernetes-reflector-4.5.3](https://github.com/truecharts/charts/compare/kubernetes-reflector-4.5.2...kubernetes-reflector-4.5.3) (2024-03-16) - -### Chore - - - -- rename `operator`-train to `system`-train \ No newline at end of file diff --git a/system/metallb/14.5.3/app-changelog.md b/system/metallb/14.5.3/app-changelog.md deleted file mode 100644 index b61cf899b2c..00000000000 --- a/system/metallb/14.5.3/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [metallb-14.5.3](https://github.com/truecharts/charts/compare/metallb-14.5.2...metallb-14.5.3) (2024-03-16) - -### Chore - - - -- rename `operator`-train to `system`-train \ No newline at end of file diff --git a/system/openebs/3.5.4/app-changelog.md b/system/openebs/3.5.4/app-changelog.md deleted file mode 100644 index aa84bbb5e21..00000000000 --- a/system/openebs/3.5.4/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [openebs-3.5.4](https://github.com/truecharts/charts/compare/openebs-3.5.3...openebs-3.5.4) (2024-03-16) - -### Chore - - - -- rename `operator`-train to `system`-train \ No newline at end of file diff --git a/system/prometheus-operator/6.7.3/app-changelog.md b/system/prometheus-operator/6.7.3/app-changelog.md deleted file mode 100644 index 860bfb7c14d..00000000000 --- a/system/prometheus-operator/6.7.3/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [prometheus-operator-6.7.3](https://github.com/truecharts/charts/compare/prometheus-operator-6.7.2...prometheus-operator-6.7.3) (2024-03-16) - -### Chore - - - -- rename `operator`-train to `system`-train \ No newline at end of file diff --git a/system/traefik-crds/0.1.3/app-changelog.md b/system/traefik-crds/0.1.3/app-changelog.md deleted file mode 100644 index a7549743f32..00000000000 --- a/system/traefik-crds/0.1.3/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [traefik-crds-0.1.3](https://github.com/truecharts/charts/compare/traefik-crds-0.1.2...traefik-crds-0.1.3) (2024-03-16) - -### Chore - - - -- rename `operator`-train to `system`-train \ No newline at end of file diff --git a/system/velero/4.5.3/app-changelog.md b/system/velero/4.5.3/app-changelog.md deleted file mode 100644 index bee3d1029ff..00000000000 --- a/system/velero/4.5.3/app-changelog.md +++ /dev/null @@ -1,9 +0,0 @@ - - -## [velero-4.5.3](https://github.com/truecharts/charts/compare/velero-4.5.2...velero-4.5.3) (2024-03-16) - -### Chore - - - -- rename `operator`-train to `system`-train \ No newline at end of file