diff --git a/library/ix-dev/community/cloudflared/Chart.lock b/library/ix-dev/community/cloudflared/Chart.lock new file mode 100644 index 0000000000..e69f850976 --- /dev/null +++ b/library/ix-dev/community/cloudflared/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../common + version: 1.1.1 +digest: sha256:a7dbe3e4d42dbcd4325776e5e01a1d630c7f185f79e7ebf22b1b9cc80f56eed7 +generated: "2023-09-14T16:02:43.614243798+03:00" diff --git a/library/ix-dev/community/cloudflared/Chart.yaml b/library/ix-dev/community/cloudflared/Chart.yaml new file mode 100644 index 0000000000..4ea468ae36 --- /dev/null +++ b/library/ix-dev/community/cloudflared/Chart.yaml @@ -0,0 +1,27 @@ +name: cloudflared +description: Cloudflared is a client for Cloudflare Tunnel, a daemon that exposes private services through the Cloudflare edge. +annotations: + title: Cloudflared +type: application +version: 1.0.0 +apiVersion: v2 +appVersion: 2023.8.2 +kubeVersion: '>=1.16.0-0' +maintainers: + - name: truenas + url: https://www.truenas.com/ + email: dev@ixsystems.com +dependencies: + - name: common + repository: file://../../../common + version: 1.1.1 +home: https://github.com/cloudflare/cloudflared +icon: https://avatars.githubusercontent.com/u/314135 +sources: + - https://github.com/cloudflare/cloudflared + - https://github.com/truenas/charts/tree/master/library/ix-dev/community/cloudflared + - https://hub.docker.com/r/cloudflare/cloudflared +keywords: + - network + - cloudflare + - tunnel diff --git a/library/ix-dev/community/cloudflared/README.md b/library/ix-dev/community/cloudflared/README.md new file mode 100644 index 0000000000..fb8d18e79b --- /dev/null +++ b/library/ix-dev/community/cloudflared/README.md @@ -0,0 +1,3 @@ +# Cloudflared + +[Cloudflared](https://github.com/cloudflare/cloudflared) is a client for Cloudflare Tunnel, a daemon that exposes private services through the Cloudflare edge. diff --git a/library/ix-dev/community/cloudflared/app-readme.md b/library/ix-dev/community/cloudflared/app-readme.md new file mode 100644 index 0000000000..fb8d18e79b --- /dev/null +++ b/library/ix-dev/community/cloudflared/app-readme.md @@ -0,0 +1,3 @@ +# Cloudflared + +[Cloudflared](https://github.com/cloudflare/cloudflared) is a client for Cloudflare Tunnel, a daemon that exposes private services through the Cloudflare edge. diff --git a/library/ix-dev/community/cloudflared/charts/common-1.1.1.tgz b/library/ix-dev/community/cloudflared/charts/common-1.1.1.tgz new file mode 100644 index 0000000000..1379b77287 Binary files /dev/null and b/library/ix-dev/community/cloudflared/charts/common-1.1.1.tgz differ diff --git a/library/ix-dev/community/cloudflared/ci/basic-values.yaml b/library/ix-dev/community/cloudflared/ci/basic-values.yaml new file mode 100644 index 0000000000..54eb34cc12 --- /dev/null +++ b/library/ix-dev/community/cloudflared/ci/basic-values.yaml @@ -0,0 +1,8 @@ +cloudflaredRunAs: + user: 1000 + group: 1000 + +cloudflaredConfig: + tunnelToken: supersecrettoken + +ci: true diff --git a/library/ix-dev/community/cloudflared/ci/hostNet-values.yaml b/library/ix-dev/community/cloudflared/ci/hostNet-values.yaml new file mode 100644 index 0000000000..27f6102b88 --- /dev/null +++ b/library/ix-dev/community/cloudflared/ci/hostNet-values.yaml @@ -0,0 +1,13 @@ +cloudflaredNetwork: + hostNetwork: true + +cloudflaredStorage: + additionalStorages: + - type: hostPath + hostPath: /mnt/{{ .Release.Namespace }}/data1 + mountPath: /data1 + +cloudflaredConfig: + tunnelToken: supersecrettoken + +ci: true diff --git a/library/ix-dev/community/cloudflared/item.yaml b/library/ix-dev/community/cloudflared/item.yaml new file mode 100644 index 0000000000..6ce36c29c8 --- /dev/null +++ b/library/ix-dev/community/cloudflared/item.yaml @@ -0,0 +1,7 @@ +icon_url: https://avatars.githubusercontent.com/u/314135 +categories: + - network +screenshots: [] +tags: + - tunnel + - cloudflare diff --git a/library/ix-dev/community/cloudflared/metadata.yaml b/library/ix-dev/community/cloudflared/metadata.yaml new file mode 100644 index 0000000000..cb65c696ac --- /dev/null +++ b/library/ix-dev/community/cloudflared/metadata.yaml @@ -0,0 +1,8 @@ +runAsContext: + - userName: cloudflared + groupName: cloudflared + gid: 568 + uid: 568 + description: Cloudflared can run as any non-root user. +capabilities: [] +hostMounts: [] diff --git a/library/ix-dev/community/cloudflared/questions.yaml b/library/ix-dev/community/cloudflared/questions.yaml new file mode 100644 index 0000000000..756ba3cb5d --- /dev/null +++ b/library/ix-dev/community/cloudflared/questions.yaml @@ -0,0 +1,201 @@ +groups: + - name: Cloudflared Configuration + description: Configure Cloudflared + - name: User and Group Configuration + description: Configure User and Group for Cloudflared + - name: Network Configuration + description: Configure Network for Cloudflared + - name: Storage Configuration + description: Configure Storage for Cloudflared + - name: Resources Configuration + description: Configure Resources for Cloudflared + +questions: + - variable: cloudflaredConfig + label: "" + group: Cloudflared Configuration + schema: + type: dict + attrs: + - variable: tunnelToken + label: Tunnel Token + description: The tunnel token to use for Cloudflared. + schema: + type: string + default: "" + required: true + private: true + - variable: additionalArgs + label: Additional Arguments + description: | + Configure additional arguments for Cloudflared.
+ Those will be placed after the "tunnel --no-autoupdate" and before "run".
+ Example:
+ tunnel --no-autoupdate run
+ One argument per line. + schema: + type: list + default: [] + items: + - variable: arg + label: Argument + schema: + type: string + required: true + - variable: additionalEnvs + label: Additional Environment Variables + description: Configure additional environment variables for Cloudflared. + schema: + type: list + default: [] + items: + - variable: env + label: Environment Variable + schema: + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + - variable: value + label: Value + schema: + type: string + required: true + + - variable: cloudflaredRunAs + label: "" + group: User and Group Configuration + schema: + type: dict + attrs: + - variable: user + label: User ID + description: The user id that Cloudflared will run as. + schema: + type: int + min: 2 + default: 568 + required: true + - variable: group + label: Group ID + description: The group id that Cloudflared will run as. + schema: + type: int + min: 2 + default: 568 + required: true + + - variable: cloudflaredNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: hostNetwork + label: Host Network + description: | + Bind to the host network. It's recommended to keep this disabled.
+ schema: + type: boolean + default: false + + - variable: cloudflaredStorage + label: "" + group: Storage Configuration + schema: + type: dict + attrs: + - variable: additionalStorages + label: Additional Storage + description: Additional storage for Cloudflared. + schema: + type: list + default: [] + items: + - variable: storageEntry + label: Storage Entry + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. + schema: + type: string + required: true + default: "ixVolume" + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - variable: mountPath + label: Mount Path + description: The path inside the container to mount the storage. + schema: + type: path + required: true + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["type", "=", "hostPath"]] + required: true + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + show_if: [["type", "=", "ixVolume"]] + required: true + immutable: true + default: "storage_entry" + $ref: + - "normalize/ixVolume" + + - variable: resources + group: Resources Configuration + label: "" + schema: + type: dict + attrs: + - variable: limits + label: Limits + schema: + type: dict + attrs: + - variable: cpu + label: CPU + description: CPU limit for Cloudflared. + schema: + type: string + max_length: 6 + valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$' + valid_chars_error: | + Valid CPU limit formats are
+ - Plain Integer - eg. 1
+ - Float - eg. 0.5
+ - Milicpu - eg. 500m + default: "4000m" + required: true + - variable: memory + label: Memory + description: Memory limit for Cloudflared. + schema: + type: string + max_length: 12 + valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$' + valid_chars_error: | + Valid Memory limit formats are
+ - Suffixed with E/P/T/G/M/K - eg. 1G
+ - Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi
+ - Plain Integer in bytes - eg. 1024
+ - Exponent - eg. 134e6 + default: "8Gi" + required: true diff --git a/library/ix-dev/community/cloudflared/templates/NOTES.txt b/library/ix-dev/community/cloudflared/templates/NOTES.txt new file mode 100644 index 0000000000..ba4e01146c --- /dev/null +++ b/library/ix-dev/community/cloudflared/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/library/ix-dev/community/cloudflared/templates/_cloudflared.tpl b/library/ix-dev/community/cloudflared/templates/_cloudflared.tpl new file mode 100644 index 0000000000..a03966630b --- /dev/null +++ b/library/ix-dev/community/cloudflared/templates/_cloudflared.tpl @@ -0,0 +1,55 @@ +{{- define "cloudflared.workload" -}} +{{- if not .Values.cloudflaredConfig.tunnelToken -}} + {{- fail "Cloudflared - Tunnel Token is required" -}} +{{- end -}} +{{- $reservedArgs := (list "tunnel" "--no-autoupdate" "run") -}} +{{- $addArgs := .Values.cloudflaredConfig.additionalArgs -}} +{{- if not (deepEqual $addArgs (uniq $addArgs)) -}} + {{- fail (printf "Cloudflared - Expected Additional arguments to be unique, but got [%s]" (join ", " $addArgs)) -}} +{{- end }} +workload: + cloudflared: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: {{ .Values.cloudflaredNetwork.hostNetwork }} + containers: + cloudflared: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: {{ .Values.cloudflaredRunAs.user }} + runAsGroup: {{ .Values.cloudflaredRunAs.group }} + args: + - tunnel + - --no-autoupdate + {{ if not .Values.ci }} + {{ range $arg := $addArgs }} + {{- if (mustHas $arg $reservedArgs) -}} + {{- fail (printf "Cloudflared - Argument [%s] is already applied" $arg) -}} + {{- end }} + - {{ $arg }} + {{ end }} + - run + {{ else }} + - --hello-world + {{ end }} + env: + TUNNEL_TOKEN: {{ .Values.cloudflaredConfig.tunnelToken }} + {{ with .Values.cloudflaredConfig.additionalEnvs }} + envList: + {{ range $env := . }} + - name: {{ $env.name }} + value: {{ $env.value }} + {{ end }} + {{ end }} + probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false +{{- end -}} diff --git a/library/ix-dev/community/cloudflared/templates/_persistance.tpl b/library/ix-dev/community/cloudflared/templates/_persistance.tpl new file mode 100644 index 0000000000..df86e50bcf --- /dev/null +++ b/library/ix-dev/community/cloudflared/templates/_persistance.tpl @@ -0,0 +1,14 @@ +{{- define "cloudflared.persistence" -}} +persistence: + {{- range $idx, $storage := .Values.cloudflaredStorage.additionalStorages }} + {{ printf "cloudflared-%v" (int $idx) }}: + enabled: true + type: {{ $storage.type }} + datasetName: {{ $storage.datasetName | default "" }} + hostPath: {{ $storage.hostPath | default "" }} + targetSelector: + cloudflared: + cloudflared: + mountPath: {{ $storage.mountPath }} + {{- end }} +{{- end -}} diff --git a/library/ix-dev/community/cloudflared/templates/common.yaml b/library/ix-dev/community/cloudflared/templates/common.yaml new file mode 100644 index 0000000000..f393748a0c --- /dev/null +++ b/library/ix-dev/community/cloudflared/templates/common.yaml @@ -0,0 +1,7 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "cloudflared.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "cloudflared.persistence" $ | fromYaml) -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/library/ix-dev/community/cloudflared/upgrade_info.json b/library/ix-dev/community/cloudflared/upgrade_info.json new file mode 100644 index 0000000000..767388094a --- /dev/null +++ b/library/ix-dev/community/cloudflared/upgrade_info.json @@ -0,0 +1 @@ +{"filename": "values.yaml", "keys": ["image"]} diff --git a/library/ix-dev/community/cloudflared/upgrade_strategy b/library/ix-dev/community/cloudflared/upgrade_strategy new file mode 100755 index 0000000000..af685230a1 --- /dev/null +++ b/library/ix-dev/community/cloudflared/upgrade_strategy @@ -0,0 +1,31 @@ +#!/usr/bin/python3 +import json +import re +import sys + +from catalog_update.upgrade_strategy import semantic_versioning + + +RE_STABLE_VERSION = re.compile(r'\d+\.\d+\.\d+') + + +def newer_mapping(image_tags): + key = list(image_tags.keys())[0] + tags = {t: t for t in image_tags[key] if RE_STABLE_VERSION.fullmatch(t)} + version = semantic_versioning(list(tags)) + if not version: + return {} + + return { + 'tags': {key: tags[version]}, + 'app_version': version, + } + + +if __name__ == '__main__': + try: + versions_json = json.loads(sys.stdin.read()) + except ValueError: + raise ValueError('Invalid json specified') + + print(json.dumps(newer_mapping(versions_json))) diff --git a/library/ix-dev/community/cloudflared/values.yaml b/library/ix-dev/community/cloudflared/values.yaml new file mode 100644 index 0000000000..4aeb470f0e --- /dev/null +++ b/library/ix-dev/community/cloudflared/values.yaml @@ -0,0 +1,26 @@ +image: + repository: cloudflare/cloudflared + pullPolicy: IfNotPresent + tag: 2023.8.2 + +ci: false + +resources: + limits: + cpu: 4000m + memory: 8Gi + +cloudflaredConfig: + tunnelToken: '' + additionalArgs: [] + additionalEnvs: [] + +cloudflaredNetwork: + hostNetwork: false + +cloudflaredRunAs: + user: 568 + group: 568 + +cloudflaredStorage: + additionalStorages: []