TrueChartsClone/charts/enterprise/blocky/templates/_k8sgateway.tpl

{{- define "k8sgateway.container" -}}
image: {{ .Values.k8sgatewayImage.repository }}:{{ .Values.k8sgatewayImage.tag }}
imagePullPolicy: {{ .Values.k8sgatewayImage.pullPolicy }}
securityContext:
  runAsUser: 0
  runAsGroup: 0
  readOnlyRootFilesystem: true
  runAsNonRoot: false
args: ["-conf", "/etc/coredns/Corefile"]
volumeMounts:
  - name: config-volume
    mountPath: /etc/coredns
probe:
  readiness:
    httpGet:
      path: /ready
      port: 8181
  liveness:
    httpGet:
      path: /health
      port: 8080
  startup:
    httpGet:
      path: /ready
      port: 8181
{{- end -}}

{{/*
Create the matchable regex from domain
*/}}
{{- define "k8sgateway.configmap.regex" -}}
{{- if .dnsChallenge.domain }}
{{- .dnsChallenge.domain | replace "." "[.]" -}}
{{- else -}}
    {{ "unset" }}
{{- end }}
{{- end -}}

{{/* Define the configmap */}}
{{- define "k8sgateway.configmap" -}}
{{- $values := .Values.k8sgateway }}
{{- $fqdn := ( include "tc.v1.common.lib.chart.names.fqdn" . ) }}
enabled: true
data:
  Corefile: |-
    .:{{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }} {
        errors
        log
        health {
            lameduck 5s
        }
        ready
        {{- range .Values.k8sgateway.domains }}
        {{- if .dnsChallenge.enabled }}
        template IN ANY {{ required "Delegated domain ('domain') is mandatory" .domain }} {
           match "_acme-challenge[.](.*)[.]{{ include "k8sgateway.configmap.regex" . }}"
           answer "{{ "{{" }} .Name {{ "}}" }} 5 IN CNAME {{ "{{" }}  index .Match 1 {{ "}}" }}.{{ required "DNS01 challenge domain is mandatory" .dnsChallenge.domain }}"
           fallthrough
        }
        {{- end }}
        {{- end }}
        k8s_gateway {{ range .Values.k8sgateway.domains }}"{{ required "Delegated domain ('domain') is mandatory " .domain }}"{{ end }} {
          apex {{ $values.apex | default $fqdn }}
          ttl {{ $values.ttl }}
          {{- if $values.secondary }}
          secondary {{ $values.secondary }}
          {{- end }}
          {{- if $values.watchedResources }}
          resources {{ join " " $values.watchedResources }}
          {{- end }}
          fallthrough
        }

        prometheus 0.0.0.0:9153
        {{- if .Values.k8sgateway.forward.enabled }}
        forward . {{ .Values.k8sgateway.forward.primary }} {{ .Values.k8sgateway.forward.secondary }} {
          {{- range .Values.k8sgateway.forward.options }}
          {{ .name }} {{ .value }}
          {{- end }}
        }
        {{- else }}
        forward . 1.1.1.1
        {{- end }}
        loop
        reload
        loadbalance
    }
{{- end -}}
feat(blocky): add blocky (#3735) * feat(blocky): add blocky * Chore(Blocky): Ornias's refactor * Chore(Blocky): stavros' refactor * add basic run tests and remaining config options in values.yaml * bump common again * correct minor services whoopsy * whoops again * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Actually add values.yaml settings to blockyconfig file * hmm * Update charts/incubator/blocky/templates/common.yaml Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * dont load k8s-gateway without domains added * remove loop detection from k8s-gateway * response with nxdomain if no forwarding is added to k8s-gateway and fix k8s-gateway domains in blocky config * hmmm * fix some mistakes * fix config mistake * always add a forward to prevent errors, even though forwarding would never be used. Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> Co-authored-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> 2022-09-22 22:05:40 +00:00			`{{- define "k8sgateway.container" -}}`
			`image: {{ .Values.k8sgatewayImage.repository }}:{{ .Values.k8sgatewayImage.tag }}`
			`imagePullPolicy: {{ .Values.k8sgatewayImage.pullPolicy }}`
			`securityContext:`
			`runAsUser: 0`
			`runAsGroup: 0`
			`readOnlyRootFilesystem: true`
			`runAsNonRoot: false`
			`args: ["-conf", "/etc/coredns/Corefile"]`
			`volumeMounts:`
			`- name: config-volume`
			`mountPath: /etc/coredns`
BREAKING CHANGE refactor: port all enterprise apps to new common and add apps (#7738) * use new common * more porting and add notes.txt * portals * add vaultwarden and authelia to enterprise * some changes * authelia porting * fix grafana * fixup metallb * more * traefik * some initial blocky work * fixes * more work on enterprise train * containers * labels * no message * some more fixes * update questions for new enterprise apps * something * remove postgresql dependency from enterprise train apps * fix some traefik bugs * remove prometheus affinities for now * authelia postgresql fixes * bump and fix install test errors * bump common for probe fixes * fix questions * more questions fixes * add some metrics improvements * some more fixes * whoops * some authelia fixes * fix blocky and authelia * bump common for postgresql fixes * hmm * bump common * bump redis to disable double manifest loading * dont enc secrets for authelia * traefik, blocky and authelia fixes * traefik caps on protocols * bump redis for password fixes * ensure roles are clusterwide * ok * redis/common bumps * remove blocky webui and change config location * whoops * redis fix * more blocky tryouts * authelia whoops * bump blocky version * disable prometheus controller * oops * bump common on prometheus for custom service selector labels * rename prometheus selector labels on service * damn * more work * blocky 100 tryout * blocky root tryout * fix blocky config and remove fsgroup * dont drop caps * Update common.yaml Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * Update values.yaml Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * Update values.yaml Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * revert update for blocky * use old-style mount for blocky * put update back for blocky * add initial postgresl query log support * hmm * small lint * bump common --------- Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> Co-authored-by: Stavros kois <s.kois@outlook.com> Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> 2023-03-04 12:42:14 +00:00			`probe:`
			`readiness:`
			`httpGet:`
			`path: /ready`
			`port: 8181`
			`liveness:`
			`httpGet:`
			`path: /health`
			`port: 8080`
			`startup:`
			`httpGet:`
			`path: /ready`
			`port: 8181`
feat(blocky): add blocky (#3735) * feat(blocky): add blocky * Chore(Blocky): Ornias's refactor * Chore(Blocky): stavros' refactor * add basic run tests and remaining config options in values.yaml * bump common again * correct minor services whoopsy * whoops again * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Actually add values.yaml settings to blockyconfig file * hmm * Update charts/incubator/blocky/templates/common.yaml Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * dont load k8s-gateway without domains added * remove loop detection from k8s-gateway * response with nxdomain if no forwarding is added to k8s-gateway and fix k8s-gateway domains in blocky config * hmmm * fix some mistakes * fix config mistake * always add a forward to prevent errors, even though forwarding would never be used. Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> Co-authored-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> 2022-09-22 22:05:40 +00:00			`{{- end -}}`

			`{{/*`
			`Create the matchable regex from domain`
			`*/}}`
			`{{- define "k8sgateway.configmap.regex" -}}`
fix(blocky): Finish up UI (#3866) * fix(blocky): switch from subpath to items * whoops * don't run upgrade * fix identation * no message * see content * also see content * agin * -.- * run * run as is for now * revert few things * fix upstreams * go again * fix configmap of k8s-gateway * bump common * back to subPath * add boostrapDns * add filtering * add custom dns * add client lookup * add caching * add hostsFile * add k8s forward * add unbound * apply suggestions from code review 2022-09-24 18:49:03 +00:00			`{{- if .dnsChallenge.domain }}`
			`{{- .dnsChallenge.domain \| replace "." "[.]" -}}`
feat(blocky): add blocky (#3735) * feat(blocky): add blocky * Chore(Blocky): Ornias's refactor * Chore(Blocky): stavros' refactor * add basic run tests and remaining config options in values.yaml * bump common again * correct minor services whoopsy * whoops again * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Actually add values.yaml settings to blockyconfig file * hmm * Update charts/incubator/blocky/templates/common.yaml Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * dont load k8s-gateway without domains added * remove loop detection from k8s-gateway * response with nxdomain if no forwarding is added to k8s-gateway and fix k8s-gateway domains in blocky config * hmmm * fix some mistakes * fix config mistake * always add a forward to prevent errors, even though forwarding would never be used. Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> Co-authored-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> 2022-09-22 22:05:40 +00:00			`{{- else -}}`
			`{{ "unset" }}`
			`{{- end }}`
			`{{- end -}}`

			`{{/* Define the configmap */}}`
			`{{- define "k8sgateway.configmap" -}}`
			`{{- $values := .Values.k8sgateway }}`
BREAKING CHANGE refactor: port all enterprise apps to new common and add apps (#7738) * use new common * more porting and add notes.txt * portals * add vaultwarden and authelia to enterprise * some changes * authelia porting * fix grafana * fixup metallb * more * traefik * some initial blocky work * fixes * more work on enterprise train * containers * labels * no message * some more fixes * update questions for new enterprise apps * something * remove postgresql dependency from enterprise train apps * fix some traefik bugs * remove prometheus affinities for now * authelia postgresql fixes * bump and fix install test errors * bump common for probe fixes * fix questions * more questions fixes * add some metrics improvements * some more fixes * whoops * some authelia fixes * fix blocky and authelia * bump common for postgresql fixes * hmm * bump common * bump redis to disable double manifest loading * dont enc secrets for authelia * traefik, blocky and authelia fixes * traefik caps on protocols * bump redis for password fixes * ensure roles are clusterwide * ok * redis/common bumps * remove blocky webui and change config location * whoops * redis fix * more blocky tryouts * authelia whoops * bump blocky version * disable prometheus controller * oops * bump common on prometheus for custom service selector labels * rename prometheus selector labels on service * damn * more work * blocky 100 tryout * blocky root tryout * fix blocky config and remove fsgroup * dont drop caps * Update common.yaml Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * Update values.yaml Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * Update values.yaml Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * revert update for blocky * use old-style mount for blocky * put update back for blocky * add initial postgresl query log support * hmm * small lint * bump common --------- Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> Co-authored-by: Stavros kois <s.kois@outlook.com> Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> 2023-03-04 12:42:14 +00:00			`{{- $fqdn := ( include "tc.v1.common.lib.chart.names.fqdn" . ) }}`
			`enabled: true`
feat(blocky): add blocky (#3735) * feat(blocky): add blocky * Chore(Blocky): Ornias's refactor * Chore(Blocky): stavros' refactor * add basic run tests and remaining config options in values.yaml * bump common again * correct minor services whoopsy * whoops again * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Actually add values.yaml settings to blockyconfig file * hmm * Update charts/incubator/blocky/templates/common.yaml Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * dont load k8s-gateway without domains added * remove loop detection from k8s-gateway * response with nxdomain if no forwarding is added to k8s-gateway and fix k8s-gateway domains in blocky config * hmmm * fix some mistakes * fix config mistake * always add a forward to prevent errors, even though forwarding would never be used. Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> Co-authored-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> 2022-09-22 22:05:40 +00:00			`data:`
			`Corefile: \|-`
			`.:{{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }} {`
			`errors`
			`log`
			`health {`
			`lameduck 5s`
			`}`
			`ready`
			`{{- range .Values.k8sgateway.domains }}`
			`{{- if .dnsChallenge.enabled }}`
fix(blocky): Finish up UI (#3866) * fix(blocky): switch from subpath to items * whoops * don't run upgrade * fix identation * no message * see content * also see content * agin * -.- * run * run as is for now * revert few things * fix upstreams * go again * fix configmap of k8s-gateway * bump common * back to subPath * add boostrapDns * add filtering * add custom dns * add client lookup * add caching * add hostsFile * add k8s forward * add unbound * apply suggestions from code review 2022-09-24 18:49:03 +00:00			`template IN ANY {{ required "Delegated domain ('domain') is mandatory" .domain }} {`
feat(blocky): add blocky (#3735) * feat(blocky): add blocky * Chore(Blocky): Ornias's refactor * Chore(Blocky): stavros' refactor * add basic run tests and remaining config options in values.yaml * bump common again * correct minor services whoopsy * whoops again * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Actually add values.yaml settings to blockyconfig file * hmm * Update charts/incubator/blocky/templates/common.yaml Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * dont load k8s-gateway without domains added * remove loop detection from k8s-gateway * response with nxdomain if no forwarding is added to k8s-gateway and fix k8s-gateway domains in blocky config * hmmm * fix some mistakes * fix config mistake * always add a forward to prevent errors, even though forwarding would never be used. Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> Co-authored-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> 2022-09-22 22:05:40 +00:00			`match "_acme-challenge[.](.*)[.]{{ include "k8sgateway.configmap.regex" . }}"`
fix(blocky): Finish up UI (#3866) * fix(blocky): switch from subpath to items * whoops * don't run upgrade * fix identation * no message * see content * also see content * agin * -.- * run * run as is for now * revert few things * fix upstreams * go again * fix configmap of k8s-gateway * bump common * back to subPath * add boostrapDns * add filtering * add custom dns * add client lookup * add caching * add hostsFile * add k8s forward * add unbound * apply suggestions from code review 2022-09-24 18:49:03 +00:00			`answer "{{ "{{" }} .Name {{ "}}" }} 5 IN CNAME {{ "{{" }} index .Match 1 {{ "}}" }}.{{ required "DNS01 challenge domain is mandatory" .dnsChallenge.domain }}"`
feat(blocky): add blocky (#3735) * feat(blocky): add blocky * Chore(Blocky): Ornias's refactor * Chore(Blocky): stavros' refactor * add basic run tests and remaining config options in values.yaml * bump common again * correct minor services whoopsy * whoops again * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Actually add values.yaml settings to blockyconfig file * hmm * Update charts/incubator/blocky/templates/common.yaml Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * dont load k8s-gateway without domains added * remove loop detection from k8s-gateway * response with nxdomain if no forwarding is added to k8s-gateway and fix k8s-gateway domains in blocky config * hmmm * fix some mistakes * fix config mistake * always add a forward to prevent errors, even though forwarding would never be used. Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> Co-authored-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> 2022-09-22 22:05:40 +00:00			`fallthrough`
			`}`
			`{{- end }}`
fix(k8s-gateway): fix multi-domain (#7448) * Update _configmap.tpl Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * Update _k8sgateway.tpl Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * Update Chart.yaml Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * Update Chart.yaml Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> --------- Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> 2023-02-22 09:13:26 +00:00			`{{- end }}`
			`k8s_gateway {{ range .Values.k8sgateway.domains }}"{{ required "Delegated domain ('domain') is mandatory " .domain }}"{{ end }} {`
feat(blocky): add blocky (#3735) * feat(blocky): add blocky * Chore(Blocky): Ornias's refactor * Chore(Blocky): stavros' refactor * add basic run tests and remaining config options in values.yaml * bump common again * correct minor services whoopsy * whoops again * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Actually add values.yaml settings to blockyconfig file * hmm * Update charts/incubator/blocky/templates/common.yaml Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * dont load k8s-gateway without domains added * remove loop detection from k8s-gateway * response with nxdomain if no forwarding is added to k8s-gateway and fix k8s-gateway domains in blocky config * hmmm * fix some mistakes * fix config mistake * always add a forward to prevent errors, even though forwarding would never be used. Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> Co-authored-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> 2022-09-22 22:05:40 +00:00			`apex {{ $values.apex \| default $fqdn }}`
			`ttl {{ $values.ttl }}`
			`{{- if $values.secondary }}`
			`secondary {{ $values.secondary }}`
			`{{- end }}`
			`{{- if $values.watchedResources }}`
			`resources {{ join " " $values.watchedResources }}`
			`{{- end }}`
			`fallthrough`
			`}`
fix(k8s-gateway): fix multi-domain (#7448) * Update _configmap.tpl Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * Update _k8sgateway.tpl Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * Update Chart.yaml Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * Update Chart.yaml Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> --------- Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> 2023-02-22 09:13:26 +00:00
feat(blocky): add blocky (#3735) * feat(blocky): add blocky * Chore(Blocky): Ornias's refactor * Chore(Blocky): stavros' refactor * add basic run tests and remaining config options in values.yaml * bump common again * correct minor services whoopsy * whoops again * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Actually add values.yaml settings to blockyconfig file * hmm * Update charts/incubator/blocky/templates/common.yaml Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * dont load k8s-gateway without domains added * remove loop detection from k8s-gateway * response with nxdomain if no forwarding is added to k8s-gateway and fix k8s-gateway domains in blocky config * hmmm * fix some mistakes * fix config mistake * always add a forward to prevent errors, even though forwarding would never be used. Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> Co-authored-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> 2022-09-22 22:05:40 +00:00			`prometheus 0.0.0.0:9153`
			`{{- if .Values.k8sgateway.forward.enabled }}`
			`forward . {{ .Values.k8sgateway.forward.primary }} {{ .Values.k8sgateway.forward.secondary }} {`
			`{{- range .Values.k8sgateway.forward.options }}`
			`{{ .name }} {{ .value }}`
			`{{- end }}`
			`}`
			`{{- else }}`
			`forward . 1.1.1.1`
			`{{- end }}`
			`loop`
			`reload`
			`loadbalance`
			`}`
			`{{- end -}}`