feat(snowflake-proxy) add snowflake-proxy (#5512)
* feat(snowflake-proxy) add snowflake-proxy * Apply suggestions from code review Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * add some options ;) * more * remove args * hostnet * hmm * hmhm * typo -.- * Update charts/incubator/snowflake-proxy/values.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/snowflake-proxy/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * try probe * shell * other probe Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
This commit is contained in:
parent
63ada80386
commit
16256dfe2f
|
@ -0,0 +1,30 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
# OWNERS file for Kubernetes
|
||||
OWNERS
|
||||
# helm-docs templates
|
||||
*.gotmpl
|
||||
# docs folder
|
||||
/docs
|
||||
# icon
|
||||
icon.png
|
|
@ -0,0 +1 @@
|
|||
# Changelog
|
|
@ -0,0 +1,30 @@
|
|||
apiVersion: v2
|
||||
appVersion: "v2.4.1"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.0.7
|
||||
deprecated: false
|
||||
description: Snowflake's Proxy component to help users in the censored regions.
|
||||
home: https://truecharts.org/docs/charts/incubator/snowflake-proxy
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/snowflake-proxy.png
|
||||
keywords:
|
||||
- snowflake-proxy
|
||||
- proxy
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: snowflake-proxy
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/incubator/snowflake-proxy
|
||||
- https://gitlab.torproject.org/tpo/anti-censorship/docker-snowflake-proxy
|
||||
- https://hub.docker.com/r/thetorproject/snowflake-proxy
|
||||
type: application
|
||||
version: 0.0.1
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- proxy
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
|
@ -0,0 +1 @@
|
|||
# snowflake-proxy
|
Binary file not shown.
After Width: | Height: | Size: 31 KiB |
|
@ -0,0 +1,153 @@
|
|||
# Include{groups}
|
||||
portals: {}
|
||||
questions:
|
||||
# Include{global}
|
||||
# Include{controller}
|
||||
# Include{replicas}
|
||||
# Include{replica1}
|
||||
# Include{controllerExpertExtraArgs}
|
||||
- variable: snowflake
|
||||
group: App Configuration
|
||||
label: Snowflake Proxy Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: allow_non_tls_relay
|
||||
label: Allow Non TLS Relay
|
||||
description: Allow relay without tls encryption
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: allowed_relay_hostname_pattern
|
||||
label: Allow Relay Hostname pattern
|
||||
description: A pattern to specify allowed hostname pattern for relay URL.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: snowflake.torproject.net$
|
||||
- variable: broker
|
||||
label: Broker
|
||||
description: Broker URL
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: https://snowflake-broker.torproject.net/
|
||||
- variable: capacity
|
||||
label: Capacity
|
||||
description: Maximum concurrent clients (0 for unlimited)
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 0
|
||||
- variable: ephemeral_ports_range
|
||||
label: Ephemeral Ports Range
|
||||
description: ICE UDP ephemeral ports range in format ("30000:60000")
|
||||
schema:
|
||||
type: string
|
||||
default: "59999:60000"
|
||||
- variable: keep_local_addresses
|
||||
label: Keep Local Addresses
|
||||
description: Keep local LAN address ICE candidates
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: nat_retest_interval
|
||||
label: NAT Retest Interval
|
||||
description: The time interval in second before NAT type is retested, 0s disables retest. Valid time units are s, m, h.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: 24h0m0s
|
||||
- variable: relay
|
||||
label: Relay
|
||||
description: Websocket Relay URL
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: wss://snowflake.bamsoftware.com/
|
||||
- variable: stun
|
||||
label: Stun
|
||||
description: STUN URL
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: stun:stun.stunprotocol.org:3478
|
||||
- variable: summary_interval
|
||||
label: Summary Interval
|
||||
description: The time interval to output summary, 0s disables summaries. Valid time units are s, m, h.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: 1h0m0s
|
||||
- variable: unsafe_logging
|
||||
label: Unsafe Logging
|
||||
description: Prevent logs from being scrubbed
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: verbose
|
||||
label: Verbose
|
||||
description: Increase log verbosity
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: log
|
||||
label: Log
|
||||
description: Log Filename
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
# Include{containerConfig}
|
||||
# Include{serviceExpertRoot}
|
||||
default: true
|
||||
# Include{serviceList}
|
||||
# Include{persistenceList}
|
||||
# Include{security}
|
||||
# Include{securityContextAdvancedRoot}
|
||||
- variable: privileged
|
||||
label: Privileged mode
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: readOnlyRootFilesystem
|
||||
label: ReadOnly Root Filesystem
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: allowPrivilegeEscalation
|
||||
label: Allow Privilege Escalation
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: runAsNonRoot
|
||||
label: runAsNonRoot
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
# Include{podSecurityContextRoot}
|
||||
- variable: runAsUser
|
||||
label: runAsUser
|
||||
description: The UserID of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: runAsGroup
|
||||
description: The groupID this App of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: fsGroup
|
||||
label: fsGroup
|
||||
description: The group that should own ALL storage.
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
# Include{podSecurityContextAdvanced}
|
||||
# Include{resources}
|
||||
# Include{advanced}
|
||||
# Include{addons}
|
||||
# Include{codeserver}
|
||||
# Include{vpn}
|
||||
# Include{documentation}
|
|
@ -0,0 +1,52 @@
|
|||
{{/* Define the configmap */}}
|
||||
{{- define "snowflake.args" -}}
|
||||
args:
|
||||
{{- with .Values.snowflake.ephemeral_ports_range }}
|
||||
- "-ephemeral-ports-range"
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.snowflake.allow_non_tls_relay }}
|
||||
- "-allow-non-tls-relay"
|
||||
{{- end }}
|
||||
{{- with .Values.allowed_relay_hostname_pattern }}
|
||||
- "-allowed-relay-hostname-pattern"
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.snowflake.broker }}
|
||||
- "-broker"
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.snowflake.capacity }}
|
||||
- "-capacity"
|
||||
- {{ int . | quote }}
|
||||
{{- end }}
|
||||
{{- if .Values.snowflake.keep_local_addresses }}
|
||||
- "-keep-local-addresses"
|
||||
{{- end }}
|
||||
{{- with .Values.snowflake.nat_retest_interval }}
|
||||
- "-nat-retest-interval"
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.snowflake.relay }}
|
||||
- "-relay"
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.snowflake.stun }}
|
||||
- "-stun"
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.snowflake.summary_interval }}
|
||||
- "-summary-interval"
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.snowflake.unsafe_logging }}
|
||||
- "-unsafe-logging"
|
||||
{{- end }}
|
||||
{{- with .Values.snowflake.verbose }}
|
||||
- "-verbose"
|
||||
{{- end }}
|
||||
{{- with .Values.snowflake.log }}
|
||||
- "-log"
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,10 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.common.loader.init" . }}
|
||||
|
||||
{{- $newArgs := (include "snowflake.args" . | fromYaml) }}
|
||||
{{- $_ := set .Values "newArgs" $newArgs -}}
|
||||
{{- $args := concat .Values.args .Values.newArgs.args }}
|
||||
{{- $_ := set .Values "args" $args -}}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.common.loader.apply" . }}
|
|
@ -0,0 +1,61 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/snowflake-proxy
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 2.4.1@sha256:aec084e33088c8a8192940aa61d3ff52df91816c4a9465eee6f13c3fdb2e31fd
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
|
||||
# securityContext:
|
||||
# readOnlyRootFilesystem: false
|
||||
|
||||
hostNetwork: true
|
||||
|
||||
snowflake:
|
||||
allow_non_tls_relay: false
|
||||
allowed_relay_hostname_pattern: "snowflake.torproject.net$"
|
||||
broker: "https://snowflake-broker.torproject.net/"
|
||||
capacity: 0
|
||||
ephemeral_ports_range: "59999:60000"
|
||||
keep_local_addresses: false
|
||||
nat_retest_interval: 24h0m0s
|
||||
relay: "wss://snowflake.bamsoftware.com/"
|
||||
stun: "stun:stun.stunprotocol.org:3478"
|
||||
summary_interval: 1h0m0s
|
||||
unsafe_logging: false
|
||||
verbose: false
|
||||
log: ""
|
||||
|
||||
service:
|
||||
main:
|
||||
enabled: false
|
||||
ports:
|
||||
main:
|
||||
enabled: false
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
custom: true
|
||||
spec:
|
||||
exec:
|
||||
command:
|
||||
- /bin/proxy
|
||||
- -version
|
||||
readiness:
|
||||
custom: true
|
||||
spec:
|
||||
exec:
|
||||
command:
|
||||
- /bin/proxy
|
||||
- -version
|
||||
startup:
|
||||
custom: true
|
||||
spec:
|
||||
exec:
|
||||
command:
|
||||
- /bin/proxy
|
||||
- -version
|
||||
|
||||
portal:
|
||||
enabled: false
|
Loading…
Reference in New Issue