chore(repo) change enterprise charts to the upstream images (#14737)
**Description** Update the enterprise train charts to their direct upstream image. ⚒️ Fixes # <!--(issue)--> **⚙️ Type of change** - [ ] ⚙️ Feature/App addition - [ ] 🪛 Bugfix - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] 🔃 Refactor of current code **🧪 How Has This Been Tested?** <!-- Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration --> **📃 Notes:** <!-- Please enter any other relevant information here --> **✔️ Checklist:** - [ ] ⚖️ My code follows the style guidelines of this project - [ ] 👀 I have performed a self-review of my own code - [ ] #️⃣ I have commented my code, particularly in hard-to-understand areas - [ ] 📄 I have made corresponding changes to the documentation - [ ] ⚠️ My changes generate no new warnings - [ ] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [ ] ⬆️ I increased versions for any altered app according to semantic versioning **➕ App addition** If this PR is an app addition please make sure you have done the following. - [ ] 🪞 I have opened a PR on [truecharts/containers](https://github.com/truecharts/containers) adding the container to TrueCharts mirror repo. - [ ] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._
This commit is contained in:
parent
56d2acd75f
commit
2a3488cf11
|
@ -35,7 +35,7 @@ sources:
|
|||
- https://github.com/authelia/chartrepo
|
||||
- https://github.com/authelia/authelia
|
||||
type: application
|
||||
version: 19.0.12
|
||||
version: 19.0.13
|
||||
annotations:
|
||||
truecharts.org/category: security
|
||||
truecharts.org/SCALE-support: "true"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/authelia
|
||||
repository: ghcr.io/authelia/authelia
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 4.37.5@sha256:76a4617539534cec140fd98a12f721b878524f2df3a3653f3df8ff2b7eaab586
|
||||
tag: 4.37.5@sha256:25fc5423238b6f3a1fc967fda3f6a9212846aeb4a720327ef61c8ccff52dbbe2
|
||||
manifestManager:
|
||||
enabled: true
|
||||
workload:
|
||||
|
@ -22,40 +22,32 @@ workload:
|
|||
liveness:
|
||||
type: http
|
||||
path: "/api/health"
|
||||
|
||||
readiness:
|
||||
type: http
|
||||
path: "/api/health"
|
||||
|
||||
startup:
|
||||
type: http
|
||||
path: "/api/health"
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 9091
|
||||
targetPort: 9091
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
mountPath: "/config"
|
||||
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
user: authelia
|
||||
database: authelia
|
||||
|
||||
# Enabled redis
|
||||
# ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis
|
||||
redis:
|
||||
enabled: true
|
||||
|
||||
domain: example.com
|
||||
|
||||
##
|
||||
## Server Configuration
|
||||
##
|
||||
|
@ -65,7 +57,6 @@ server:
|
|||
## Default is 9091 and should not need to be changed.
|
||||
##
|
||||
port: 9091
|
||||
|
||||
## Buffers usually should be configured to be the same value.
|
||||
## Explanation at https://www.authelia.com/docs/configuration/server.html
|
||||
## Read buffer size adjusts the server's max incoming request size in bytes.
|
||||
|
@ -75,18 +66,14 @@ server:
|
|||
## Set the single level path Authelia listens on.
|
||||
## Must be alphanumeric chars and should not contain any slashes.
|
||||
path: ""
|
||||
|
||||
log:
|
||||
## Level of verbosity for logs: info, debug, trace.
|
||||
level: trace
|
||||
|
||||
## Format the logs are written as: json, text.
|
||||
format: text
|
||||
|
||||
## TODO: Statefulness check should check if this is set, and the configMap should enable it.
|
||||
## File path where the logs will be written. If not set logs are written to stdout.
|
||||
# file_path: /config/authelia.log
|
||||
|
||||
## Default redirection URL
|
||||
##
|
||||
## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
|
||||
|
@ -99,7 +86,6 @@ default_redirection_url: ""
|
|||
# default_redirection_url: https://example.com
|
||||
|
||||
theme: light
|
||||
|
||||
##
|
||||
## TOTP Configuration
|
||||
##
|
||||
|
@ -116,7 +102,6 @@ totp:
|
|||
## Warning: before changing skew read the docs link below.
|
||||
## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation.
|
||||
skew: 1
|
||||
|
||||
##
|
||||
## Password Policy Config
|
||||
##
|
||||
|
@ -135,7 +120,6 @@ password_policy:
|
|||
## See https://www.authelia.com/configuration/security/password-policy/#zxcvbn for more info
|
||||
enabled: false
|
||||
min_score: 3
|
||||
|
||||
##
|
||||
## Duo Push API Configuration
|
||||
##
|
||||
|
@ -146,16 +130,13 @@ duo_api:
|
|||
hostname: api-123456789.example.com
|
||||
integration_key: ABCDEF
|
||||
plain_api_key: ""
|
||||
|
||||
## NTP settings
|
||||
|
||||
ntp:
|
||||
address: "time.cloudflare.com:123"
|
||||
version: 4
|
||||
max_desync: 3s
|
||||
disable_startup_check: false
|
||||
disable_failure: true
|
||||
|
||||
##
|
||||
## Authentication Backend Provider Configuration
|
||||
##
|
||||
|
@ -165,7 +146,6 @@ ntp:
|
|||
authentication_backend:
|
||||
## Disable both the HTML element and the API for reset password functionality
|
||||
disable_reset_password: false
|
||||
|
||||
## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation.
|
||||
## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will
|
||||
## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP.
|
||||
|
@ -174,7 +154,6 @@ authentication_backend:
|
|||
## Duration Notation docs: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||
## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval
|
||||
refresh_interval: 5m
|
||||
|
||||
## LDAP backend configuration.
|
||||
##
|
||||
## This backend allows Authelia to be scaled to more
|
||||
|
@ -183,7 +162,6 @@ authentication_backend:
|
|||
ldap:
|
||||
## Enable LDAP Backend.
|
||||
enabled: false
|
||||
|
||||
## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
|
||||
## Acceptable options are as follows:
|
||||
## - 'activedirectory' - For Microsoft Active Directory.
|
||||
|
@ -194,32 +172,24 @@ authentication_backend:
|
|||
## attribute mappings have a default value that this config overrides, you can read more about these default values
|
||||
## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults
|
||||
implementation: activedirectory
|
||||
|
||||
## The url to the ldap server. Format: <scheme>://<address>[:<port>].
|
||||
## Scheme can be ldap or ldaps in the format (port optional).
|
||||
url: ldap://openldap.default.svc.cluster.local
|
||||
|
||||
## Connection Timeout.
|
||||
timeout: 5s
|
||||
|
||||
## Use StartTLS with the LDAP connection.
|
||||
start_tls: false
|
||||
|
||||
tls:
|
||||
## Server Name for certificate validation (in case it's not set correctly in the URL).
|
||||
server_name: ""
|
||||
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
|
||||
## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
|
||||
minimum_version: TLS1.2
|
||||
|
||||
## The base dn for every LDAP query.
|
||||
base_dn: DC=example,DC=com
|
||||
|
||||
## The attribute holding the username of the user. This attribute is used to populate the username in the session
|
||||
## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
|
||||
## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this
|
||||
|
@ -229,10 +199,8 @@ authentication_backend:
|
|||
## be used but we don't recommend using them, we instead advise to use the attributes mentioned above
|
||||
## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt.
|
||||
username_attribute: "uid"
|
||||
|
||||
## An additional dn to define the scope to all users.
|
||||
additional_users_dn: OU=Users
|
||||
|
||||
## The users filter used in search queries to find the user profile based on input filled in login form.
|
||||
## Various placeholders are available in the user filter:
|
||||
## - {input} is a placeholder replaced by what the user inputs in the login form.
|
||||
|
@ -250,10 +218,8 @@ authentication_backend:
|
|||
## To allow sign in both with username and email, one can use a filter like
|
||||
## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
|
||||
users_filter: ""
|
||||
|
||||
## An additional dn to define the scope of groups.
|
||||
additional_groups_dn: OU=Groups
|
||||
|
||||
## The groups filter used in search queries to find the groups of the user.
|
||||
## - {input} is a placeholder replaced by what the user inputs in the login form.
|
||||
## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`).
|
||||
|
@ -268,21 +234,16 @@ authentication_backend:
|
|||
## If your groups use the `groupOfUniqueNames` structure use this instead:
|
||||
## (&(uniquemember={dn})(objectclass=groupOfUniqueNames))
|
||||
groups_filter: ""
|
||||
|
||||
## The attribute holding the name of the group
|
||||
group_name_attribute: "cn"
|
||||
|
||||
## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the
|
||||
## first one returned by the LDAP server is used.
|
||||
mail_attribute: "mail"
|
||||
|
||||
## The attribute holding the display name of the user. This will be used to greet an authenticated user.
|
||||
display_name_attribute: "displayname"
|
||||
|
||||
## The username of the admin user.
|
||||
user: CN=admin,DC=example,DC=com
|
||||
plain_password: ""
|
||||
|
||||
##
|
||||
## File (Authentication Provider)
|
||||
##
|
||||
|
@ -305,7 +266,6 @@ authentication_backend:
|
|||
salt_length: 16
|
||||
memory: 1024
|
||||
parallelism: 8
|
||||
|
||||
##
|
||||
## Access Control Configuration
|
||||
##
|
||||
|
@ -337,7 +297,6 @@ access_control:
|
|||
## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
|
||||
## resource if there is no policy to be applied to the user.
|
||||
default_policy: deny
|
||||
|
||||
networks: []
|
||||
# networks:
|
||||
# - name: private
|
||||
|
@ -392,7 +351,6 @@ access_control:
|
|||
# policy: two_factor
|
||||
# - domain: "{user}.example.com"
|
||||
# policy: bypass
|
||||
|
||||
##
|
||||
## Session Provider Configuration
|
||||
##
|
||||
|
@ -401,24 +359,19 @@ access_control:
|
|||
session:
|
||||
## The name of the session cookie. (default: authelia_session).
|
||||
name: authelia_session
|
||||
|
||||
## Sets the Cookie SameSite value. Possible options are none, lax, or strict.
|
||||
## Please read https://www.authelia.com/docs/configuration/session.html#same_site
|
||||
same_site: lax
|
||||
|
||||
## The time in seconds before the cookie expires and session is reset.
|
||||
expiration: 1h
|
||||
|
||||
## The inactivity time in seconds before the session is reset.
|
||||
inactivity: 5m
|
||||
|
||||
## The remember me duration.
|
||||
## Value is in seconds, or duration notation. Value of 0 disables remember me.
|
||||
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||
## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to
|
||||
## spy or attack. Currently the default is 1M or 1 month.
|
||||
remember_me_duration: 1M
|
||||
|
||||
##
|
||||
## Redis Provider
|
||||
##
|
||||
|
@ -427,35 +380,26 @@ session:
|
|||
## The redis connection details
|
||||
redisProvider:
|
||||
port: 6379
|
||||
|
||||
## Optional username to be used with authentication.
|
||||
# username: authelia
|
||||
username: ""
|
||||
|
||||
## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
|
||||
database_index: 0
|
||||
|
||||
## The maximum number of concurrent active connections to Redis.
|
||||
maximum_active_connections: 8
|
||||
|
||||
## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
|
||||
minimum_idle_connections: 0
|
||||
|
||||
## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
|
||||
tls:
|
||||
enabled: false
|
||||
|
||||
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
|
||||
server_name: ""
|
||||
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
|
||||
## Minimum TLS version for the connection.
|
||||
minimum_version: TLS1.2
|
||||
|
||||
## The Redis HA configuration options.
|
||||
## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
|
||||
high_availability:
|
||||
|
@ -463,7 +407,6 @@ redisProvider:
|
|||
enabledSecret: false
|
||||
## Sentinel Name / Master Name
|
||||
sentinel_name: mysentinel
|
||||
|
||||
## The additional nodes to pre-seed the redis provider with (for sentinel).
|
||||
## If the host in the above section is defined, it will be combined with this list to connect to sentinel.
|
||||
## For high availability to be used you must have either defined; the host above or at least one node below.
|
||||
|
@ -476,10 +419,8 @@ redisProvider:
|
|||
|
||||
## Choose the host with the lowest latency.
|
||||
route_by_latency: false
|
||||
|
||||
## Choose the host randomly.
|
||||
route_randomly: false
|
||||
|
||||
##
|
||||
## Regulation Configuration
|
||||
##
|
||||
|
@ -488,16 +429,13 @@ redisProvider:
|
|||
regulation:
|
||||
## The number of failed login attempts before user is banned. Set it to 0 to disable regulation.
|
||||
max_retries: 3
|
||||
|
||||
## The time range during which the user can attempt login before being banned. The user is banned if the
|
||||
## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation.
|
||||
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||
find_time: 2m
|
||||
|
||||
## The length of time before a banned user can login again. Ban Time accepts duration notation.
|
||||
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||
ban_time: 5m
|
||||
|
||||
##
|
||||
## Storage Provider Configuration
|
||||
##
|
||||
|
@ -512,7 +450,6 @@ storage:
|
|||
username: authelia
|
||||
sslmode: disable
|
||||
timeout: 5s
|
||||
|
||||
##
|
||||
## Notification Provider
|
||||
##
|
||||
|
@ -522,7 +459,6 @@ storage:
|
|||
notifier:
|
||||
## You can disable the notifier startup check by setting this to true.
|
||||
disable_startup_check: false
|
||||
|
||||
##
|
||||
## File System (Notification Provider)
|
||||
##
|
||||
|
@ -531,7 +467,6 @@ notifier:
|
|||
filesystem:
|
||||
enabled: true
|
||||
filename: /config/notification.txt
|
||||
|
||||
##
|
||||
## SMTP (Notification Provider)
|
||||
##
|
||||
|
@ -561,91 +496,82 @@ notifier:
|
|||
startup_check_address: test@authelia.com
|
||||
disable_require_tls: false
|
||||
disable_html_emails: false
|
||||
|
||||
tls:
|
||||
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
|
||||
server_name: ""
|
||||
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
|
||||
## Minimum TLS version for either StartTLS or SMTPS.
|
||||
minimum_version: TLS1.2
|
||||
|
||||
identity_providers:
|
||||
oidc:
|
||||
## Enables this in the config map. Currently in beta stage.
|
||||
## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap
|
||||
enabled: false
|
||||
|
||||
access_token_lifespan: 1h
|
||||
authorize_code_lifespan: 1m
|
||||
id_token_lifespan: 1h
|
||||
refresh_token_lifespan: 90m
|
||||
|
||||
enable_client_debug_messages: false
|
||||
|
||||
## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for
|
||||
## security reasons.
|
||||
minimum_parameter_entropy: 8
|
||||
|
||||
clients: []
|
||||
# clients:
|
||||
# -
|
||||
## The ID is the OpenID Connect ClientID which is used to link an application to a configuration.
|
||||
# id: myapp
|
||||
## The description to show to users when they end up on the consent screen. Defaults to the ID above.
|
||||
# description: My Application
|
||||
|
||||
## The description to show to users when they end up on the consent screen. Defaults to the ID above.
|
||||
# description: My Application
|
||||
## The client secret is a shared secret between Authelia and the consumer of this client.
|
||||
# secret: apple123
|
||||
|
||||
## The client secret is a shared secret between Authelia and the consumer of this client.
|
||||
# secret: apple123
|
||||
## Sets the client to public. This should typically not be set, please see the documentation for usage.
|
||||
# public: false
|
||||
|
||||
## Sets the client to public. This should typically not be set, please see the documentation for usage.
|
||||
# public: false
|
||||
## The policy to require for this client; one_factor or two_factor.
|
||||
# authorization_policy: two_factor
|
||||
|
||||
## The policy to require for this client; one_factor or two_factor.
|
||||
# authorization_policy: two_factor
|
||||
## Configures the consent mode; auto, explicit or implicit
|
||||
# consent_mode: auto
|
||||
|
||||
## Configures the consent mode; auto, explicit or implicit
|
||||
# consent_mode: auto
|
||||
## Audience this client is allowed to request.
|
||||
# audience: []
|
||||
|
||||
## Audience this client is allowed to request.
|
||||
# audience: []
|
||||
## Scopes this client is allowed to request.
|
||||
# scopes:
|
||||
# - openid
|
||||
# - profile
|
||||
# - email
|
||||
# - groups
|
||||
|
||||
## Scopes this client is allowed to request.
|
||||
# scopes:
|
||||
# - openid
|
||||
# - profile
|
||||
# - email
|
||||
# - groups
|
||||
## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
|
||||
# redirect_uris:
|
||||
# - https://oidc.example.com/oauth2/callback
|
||||
|
||||
## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
|
||||
# redirect_uris:
|
||||
# - https://oidc.example.com/oauth2/callback
|
||||
## Grant Types configures which grants this client can obtain.
|
||||
## It's not recommended to configure this unless you know what you're doing.
|
||||
# grant_types:
|
||||
# - refresh_token
|
||||
# - authorization_code
|
||||
|
||||
## Grant Types configures which grants this client can obtain.
|
||||
## It's not recommended to configure this unless you know what you're doing.
|
||||
# grant_types:
|
||||
# - refresh_token
|
||||
# - authorization_code
|
||||
## Response Types configures which responses this client can be sent.
|
||||
## It's not recommended to configure this unless you know what you're doing.
|
||||
# response_types:
|
||||
# - code
|
||||
|
||||
## Response Types configures which responses this client can be sent.
|
||||
## It's not recommended to configure this unless you know what you're doing.
|
||||
# response_types:
|
||||
# - code
|
||||
## Response Modes configures which response modes this client supports.
|
||||
## It's not recommended to configure this unless you know what you're doing.
|
||||
# response_modes:
|
||||
# - form_post
|
||||
# - query
|
||||
# - fragment
|
||||
|
||||
## Response Modes configures which response modes this client supports.
|
||||
## It's not recommended to configure this unless you know what you're doing.
|
||||
# response_modes:
|
||||
# - form_post
|
||||
# - query
|
||||
# - fragment
|
||||
|
||||
## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
|
||||
# userinfo_signing_algorithm: none
|
||||
## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
|
||||
# userinfo_signing_algorithm: none
|
||||
|
||||
portal:
|
||||
open:
|
||||
|
|
|
@ -25,7 +25,7 @@ sources:
|
|||
- https://0xerr0r.github.io/blocky/
|
||||
- https://github.com/0xERR0R/blocky
|
||||
- https://github.com/Mozart409/blocky-frontend
|
||||
version: 9.0.9
|
||||
version: 9.0.10
|
||||
annotations:
|
||||
truecharts.org/category: network
|
||||
truecharts.org/SCALE-support: "true"
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/blocky
|
||||
tag: v0.22.0@sha256:385055de8ad0b9074d2057d054768d649b8289c5dd566367e0b6289ba5d661a4
|
||||
repository: spx01/blocky
|
||||
tag: v0.22@sha256:7def473b1b553b730dd38ba0bc436fc732193c15d35681aa0b0eb962dd6350aa
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
k8sgatewayImage:
|
||||
repository: tccr.io/truecharts/k8s_gateway
|
||||
pullPolicy: IfNotPresent
|
||||
|
@ -35,7 +34,6 @@ workload:
|
|||
command:
|
||||
- /app/blocky
|
||||
- healthcheck
|
||||
|
||||
# -- Blocky Config File content
|
||||
blockyConfig: {}
|
||||
# upstream:
|
||||
|
@ -46,7 +44,6 @@ blockyConfig: {}
|
|||
blocky:
|
||||
# -- Enable prometheus annotations
|
||||
enablePrometheus: true
|
||||
|
||||
service:
|
||||
main:
|
||||
enabled: true
|
||||
|
@ -95,7 +92,6 @@ service:
|
|||
port: 5353
|
||||
protocol: udp
|
||||
targetPort: 5353
|
||||
|
||||
## TODO Add support for SCALE certificates and certificates secrets here
|
||||
certFile: ""
|
||||
keyFile: ""
|
||||
|
@ -105,7 +101,6 @@ logTimestamp: true
|
|||
logPrivacy: false
|
||||
dohUserAgent: ""
|
||||
minTlsServeVersion: 1.2
|
||||
|
||||
# -- set the default DNS upstream servers
|
||||
# Primarily designed for inclusion in the TrueNAS SCALE GUI
|
||||
defaultUpstreams:
|
||||
|
@ -125,13 +120,12 @@ defaultUpstreams:
|
|||
- 76.223.122.150
|
||||
- 76.76.2.0
|
||||
- 76.76.10.0
|
||||
|
||||
# -- set additional upstreams
|
||||
# Primarily designed for inclusion in the TrueNAS SCALE GUI
|
||||
upstreams:
|
||||
# - name: group2
|
||||
# dnsservers:
|
||||
# - 1.1.1.1
|
||||
# - name: group2
|
||||
# dnsservers:
|
||||
# - 1.1.1.1
|
||||
|
||||
# -- set bootstrap dns (not needed)
|
||||
# Ensures bootstrap encryption and ensure it doesn't use k8s dns
|
||||
|
@ -140,18 +134,15 @@ bootstrapDns:
|
|||
upstream: ""
|
||||
# -- IP's linked to upstream DoT/DoH DNS name
|
||||
ips: []
|
||||
|
||||
# -- set additional bootstrap dns (not needed, only used if bootstrapDns is set)
|
||||
additionalBootstrapDns:
|
||||
[]
|
||||
# - upstream: ""
|
||||
# ips: []
|
||||
additionalBootstrapDns: []
|
||||
# - upstream: ""
|
||||
# ips: []
|
||||
|
||||
# -- Return empty answer for these queries
|
||||
filtering:
|
||||
# -- Ensures filtering by query type
|
||||
queryTypes: []
|
||||
|
||||
# -- Set manual custom DNS resolution
|
||||
customDNS:
|
||||
customTTL: 1h
|
||||
|
@ -162,7 +153,6 @@ customDNS:
|
|||
mapping: []
|
||||
# - domain: something.com
|
||||
# dnsserver: 192.168.178.1
|
||||
|
||||
# -- Setup client-name lookup
|
||||
clientLookup:
|
||||
# -- upstream used for client-name lookup
|
||||
|
@ -171,7 +161,6 @@ clientLookup:
|
|||
clients:
|
||||
# - domain: laptop
|
||||
# ips: []
|
||||
|
||||
# -- Setup caching
|
||||
caching:
|
||||
minTime: 5m
|
||||
|
@ -182,7 +171,6 @@ caching:
|
|||
prefetchThreshold: 5
|
||||
prefetchMaxItemsCount: 0
|
||||
cacheTimeNegative: 30m
|
||||
|
||||
# -- set conditional settings
|
||||
# Primarily designed for inclusion in the TrueNAS SCALE GUI
|
||||
conditional:
|
||||
|
@ -192,7 +180,6 @@ conditional:
|
|||
mapping: []
|
||||
# - domain: something.com
|
||||
# dnsserver: 192.168.178.1
|
||||
|
||||
# -- set blocking settings using Lists
|
||||
# Primarily designed for inclusion in the TrueNAS SCALE GUI
|
||||
blocking:
|
||||
|
@ -231,7 +218,6 @@ blocking:
|
|||
# - name: default
|
||||
# groups:
|
||||
# - ads
|
||||
|
||||
# -- configure using hostsfile for lookups
|
||||
# Allows for using the hosts configured in kubernetes and such
|
||||
hostsFile:
|
||||
|
@ -239,7 +225,6 @@ hostsFile:
|
|||
filePath: /etc/hosts
|
||||
hostsTTL: 60m
|
||||
refreshPeriod: 30m
|
||||
|
||||
## TODO: add this with postgresql support as well
|
||||
# queryLog:
|
||||
# type: csv
|
||||
|
@ -247,20 +232,16 @@ hostsFile:
|
|||
# logRetentionDays: 0
|
||||
# creationAttempts: 3
|
||||
# CreationCooldown: 2
|
||||
|
||||
podOptions:
|
||||
automountServiceAccountToken: true
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: false
|
||||
|
||||
serviceAccount:
|
||||
main:
|
||||
# -- Specifies whether a service account should be created
|
||||
enabled: true
|
||||
primary: true
|
||||
|
||||
# -- Create a ClusterRole and ClusterRoleBinding
|
||||
# @default -- See below
|
||||
rbac:
|
||||
|
@ -287,21 +268,16 @@ rbac:
|
|||
verbs:
|
||||
- list
|
||||
- watch
|
||||
|
||||
k8sgateway:
|
||||
enabled: true
|
||||
# -- TTL for non-apex responses (in seconds)
|
||||
ttl: 300
|
||||
|
||||
# -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"]
|
||||
watchedResources: []
|
||||
|
||||
# -- Service name of a secondary DNS server (should be `serviceName.namespace`)
|
||||
secondary: ""
|
||||
|
||||
# -- Override the default `serviceName.namespace` domain apex
|
||||
apex: ""
|
||||
|
||||
# -- list of processed domains
|
||||
domains: []
|
||||
# -- Delegated domain
|
||||
|
@ -320,7 +296,6 @@ k8sgateway:
|
|||
options:
|
||||
- name: tls_servername
|
||||
value: cloudflare-dns.com
|
||||
|
||||
metrics:
|
||||
main:
|
||||
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
|
||||
|
@ -330,7 +305,6 @@ metrics:
|
|||
endpoints:
|
||||
- port: main
|
||||
path: /metrics
|
||||
|
||||
# -- Enable and configure Prometheus Rules for the chart under this key.
|
||||
# @default -- See values.yaml
|
||||
prometheusRule:
|
||||
|
@ -338,21 +312,18 @@ metrics:
|
|||
labels: {}
|
||||
# -- Configure additionial rules for the chart under this key.
|
||||
# @default -- See prometheusrules.yaml
|
||||
rules:
|
||||
[]
|
||||
# - alert: UnifiPollerAbsent
|
||||
# annotations:
|
||||
# description: Unifi Poller has disappeared from Prometheus service discovery.
|
||||
# summary: Unifi Poller is down.
|
||||
# expr: |
|
||||
# absent(up{job=~".*unifi-poller.*"} == 1)
|
||||
# for: 5m
|
||||
# labels:
|
||||
# severity: critical
|
||||
|
||||
rules: []
|
||||
# - alert: UnifiPollerAbsent
|
||||
# annotations:
|
||||
# description: Unifi Poller has disappeared from Prometheus service discovery.
|
||||
# summary: Unifi Poller is down.
|
||||
# expr: |
|
||||
# absent(up{job=~".*unifi-poller.*"} == 1)
|
||||
# for: 5m
|
||||
# labels:
|
||||
# severity: critical
|
||||
redis:
|
||||
enabled: true
|
||||
|
||||
# CANNOT be defined in above yaml section
|
||||
queryLog:
|
||||
# optional one of: mysql, postgresql, csv, csv-client. If empty, log to console
|
||||
|
@ -366,7 +337,6 @@ queryLog:
|
|||
creationAttempts: 3
|
||||
# optional: Time between the creation attempts, default: 2s
|
||||
creationCooldown: 2s
|
||||
|
||||
cnpg:
|
||||
main:
|
||||
enabled: false
|
||||
|
|
|
@ -21,7 +21,7 @@ sources:
|
|||
- https://github.com/truecharts/charts/tree/master/charts/enterprise/clusterissuer
|
||||
- https://cert-manager.io/
|
||||
type: application
|
||||
version: 4.2.9
|
||||
version: 4.2.10
|
||||
annotations:
|
||||
truecharts.org/category: core
|
||||
truecharts.org/SCALE-support: "true"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/scratch
|
||||
tag: latest@sha256:7f821eeb99d04ac248c47f79cfbcc2482651fea48aff9ec5d2ba0ba34f1f5531
|
||||
repository: hello-world
|
||||
tag: latest@sha256:88ec0acaa3ec199d3b7eaf73588f4518c25f9d34f58ce9a0df68429c5af48e8d
|
||||
pullPolicy: IfNotPresent
|
||||
manifestManager:
|
||||
enabled: true
|
||||
|
@ -18,7 +18,6 @@ workload:
|
|||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
|
||||
service:
|
||||
main:
|
||||
enabled: false
|
||||
|
@ -26,18 +25,15 @@ service:
|
|||
main:
|
||||
enabled: false
|
||||
port: 9999
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: false
|
||||
|
||||
operator:
|
||||
verify:
|
||||
additionalOperators:
|
||||
- cert-manager
|
||||
enabled: true
|
||||
failOnError: false
|
||||
|
||||
clusterIssuer:
|
||||
selfSigned:
|
||||
enabled: true
|
||||
|
|
|
@ -22,7 +22,7 @@ sources:
|
|||
- https://github.com/truecharts/charts/tree/master/charts/enterprise/external-dns
|
||||
- https://github.com/kubernetes-sigs/external-dns
|
||||
type: application
|
||||
version: 1.0.4
|
||||
version: 1.0.5
|
||||
annotations:
|
||||
truecharts.org/category: networking
|
||||
truecharts.org/SCALE-support: "true"
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/external-dns
|
||||
repository: registry.k8s.io/external-dns/external-dns
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.14.0@sha256:5ce70afd1d4f2d35310aa6097f810d9701cd62866df255906548dfe26c6c8b6a
|
||||
|
||||
tag: v0.14.0@sha256:474077b3dfccb3021db0a6638274967d0f64ce60dd9730a6f464bee2f78b046f
|
||||
externaldns:
|
||||
logLevel: "info"
|
||||
logFormat: "text"
|
||||
|
@ -22,7 +21,6 @@ externaldns:
|
|||
txtOwnerId: ""
|
||||
txtPrefix: ""
|
||||
txtSuffix: ""
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
|
@ -30,7 +28,6 @@ service:
|
|||
protocol: http
|
||||
targetPort: 7979
|
||||
port: 7979
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
|
@ -55,7 +52,6 @@ workload:
|
|||
OVH_CONSUMER_KEY: ""
|
||||
SCW_ACCESS_KEY: ""
|
||||
SCW_SECRET_KEY: ""
|
||||
|
||||
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
|
||||
rbac:
|
||||
main:
|
||||
|
@ -65,87 +61,83 @@ rbac:
|
|||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["nodes"]
|
||||
verbs: ["list","watch"]
|
||||
verbs: ["list", "watch"]
|
||||
- apiGroups: [""]
|
||||
resources: ["pods"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: [""]
|
||||
resources: ["services","endpoints"]
|
||||
verbs: ["get","watch","list"]
|
||||
- apiGroups: ["extensions","networking.k8s.io"]
|
||||
resources: ["services", "endpoints"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["extensions", "networking.k8s.io"]
|
||||
resources: ["ingresses"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["networking.istio.io"]
|
||||
resources: ["gateways"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["networking.istio.io"]
|
||||
resources: ["virtualservices"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["getambassador.io"]
|
||||
resources: ["hosts","ingresses"]
|
||||
verbs: ["get","watch","list"]
|
||||
resources: ["hosts", "ingresses"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["projectcontour.io"]
|
||||
resources: ["httpproxies"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["externaldns.k8s.io"]
|
||||
resources: ["dnsendpoints"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["externaldns.k8s.io"]
|
||||
resources: ["dnsendpoints/status"]
|
||||
verbs: ["*"]
|
||||
- apiGroups: ["gateway.networking.k8s.io"]
|
||||
resources: ["gateways"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["gateway.networking.k8s.io"]
|
||||
resources: ["httproutes"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: [""]
|
||||
resources: ["namespaces"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["gateway.networking.k8s.io"]
|
||||
resources: ["grpcroutes"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["gateway.networking.k8s.io"]
|
||||
resources: ["tlsroutes"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["gateway.networking.k8s.io"]
|
||||
resources: ["tcproutes"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["gateway.networking.k8s.io"]
|
||||
resources: ["udproutes"]
|
||||
verbs: ["get","watch","list"]
|
||||
- apiGroups: ["gloo.solo.io","gateway.solo.io"]
|
||||
resources: ["proxies","virtualservices"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["gloo.solo.io", "gateway.solo.io"]
|
||||
resources: ["proxies", "virtualservices"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["configuration.konghq.com"]
|
||||
resources: ["tcpingresses"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["traefik.containo.us", "traefik.io"]
|
||||
resources: ["ingressroutes", "ingressroutetcps", "ingressrouteudps"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["route.openshift.io"]
|
||||
resources: ["routes"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["zalando.org"]
|
||||
resources: ["routegroups"]
|
||||
verbs: ["get","watch","list"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
- apiGroups: ["zalando.org"]
|
||||
resources: ["routegroups/status"]
|
||||
verbs: ["patch","update"]
|
||||
verbs: ["patch", "update"]
|
||||
- apiGroups: ["cis.f5.com"]
|
||||
resources: ["virtualservers"]
|
||||
verbs: ["get","watch","list"]
|
||||
|
||||
|
||||
verbs: ["get", "watch", "list"]
|
||||
# -- The service account the pods will use to interact with the Kubernetes API
|
||||
serviceAccount:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
|
||||
podOptions:
|
||||
automountServiceAccountToken: true
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: false
|
||||
|
|
|
@ -24,7 +24,7 @@ sources:
|
|||
- https://github.com/bitnami/bitnami-docker-grafana
|
||||
- https://grafana.com/
|
||||
type: application
|
||||
version: 9.0.38
|
||||
version: 9.0.39
|
||||
annotations:
|
||||
truecharts.org/category: metrics
|
||||
truecharts.org/SCALE-support: "true"
|
||||
|
|
|
@ -1,13 +1,12 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/grafana
|
||||
repository: bitnami/grafana
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v10.2.0@sha256:144e75d84d82a526ed804b253f91bea02fad28dac1e66e7a662f6dd985a64f7b
|
||||
tag: 10.2.0@sha256:c488457595e458d4718c3748f106d9b331ca637a84b3f5ff07fdcc1dacaab646
|
||||
manifestManager:
|
||||
enabled: true
|
||||
securityContext:
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
|
@ -15,7 +14,6 @@ service:
|
|||
protocol: http
|
||||
targetPort: 3000
|
||||
port: 10038
|
||||
|
||||
workload:
|
||||
main:
|
||||
replicas: 2
|
||||
|
@ -38,13 +36,10 @@ workload:
|
|||
probes:
|
||||
liveness:
|
||||
path: "/api/health"
|
||||
|
||||
readiness:
|
||||
path: "/api/health"
|
||||
|
||||
startup:
|
||||
path: "/api/health"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
|
@ -53,7 +48,6 @@ persistence:
|
|||
enabled: true
|
||||
type: emptyDir
|
||||
mountPath: /opt/bitnami/grafana/tmp
|
||||
|
||||
metrics:
|
||||
main:
|
||||
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
|
||||
|
@ -70,18 +64,16 @@ metrics:
|
|||
labels: {}
|
||||
# -- Configure additionial rules for the chart under this key.
|
||||
# @default -- See prometheusrules.yaml
|
||||
rules:
|
||||
[]
|
||||
# - alert: UnifiPollerAbsent
|
||||
# annotations:
|
||||
# description: Unifi Poller has disappeared from Prometheus service discovery.
|
||||
# summary: Unifi Poller is down.
|
||||
# expr: |
|
||||
# absent(up{job=~".*unifi-poller.*"} == 1)
|
||||
# for: 5m
|
||||
# labels:
|
||||
# severity: critical
|
||||
|
||||
rules: []
|
||||
# - alert: UnifiPollerAbsent
|
||||
# annotations:
|
||||
# description: Unifi Poller has disappeared from Prometheus service discovery.
|
||||
# summary: Unifi Poller is down.
|
||||
# expr: |
|
||||
# absent(up{job=~".*unifi-poller.*"} == 1)
|
||||
# for: 5m
|
||||
# labels:
|
||||
# severity: critical
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
||||
|
|
|
@ -24,7 +24,7 @@ sources:
|
|||
- https://github.com/truecharts/charts/tree/master/charts/enterprise/kubernetes-reflector
|
||||
- https://github.com/emberstack/kubernetes-reflector
|
||||
type: application
|
||||
version: 1.0.5
|
||||
version: 1.0.6
|
||||
annotations:
|
||||
truecharts.org/category: operators
|
||||
truecharts.org/SCALE-support: "true"
|
||||
|
|
|
@ -1,15 +1,12 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/kubernetes-reflector
|
||||
repository: docker.io/emberstack/kubernetes-reflector
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v7.1.217@sha256:4ca9ce8c04441786ba0d343b3e5bfe9c638ac8efcc25aba0aaff3c6fb2363b5f
|
||||
|
||||
tag: build-7.1.217@sha256:982b8fc714349abe480a6864f3c3fce8e8801fd5068fac6add5b22ed32efc033
|
||||
operator:
|
||||
register: true
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: false
|
||||
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
|
@ -36,16 +33,12 @@ rbac:
|
|||
verbs:
|
||||
- "watch"
|
||||
- "list"
|
||||
|
||||
serviceAccount:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
|
||||
|
||||
kubernetesReflector:
|
||||
logLevel: Information
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
|
@ -72,7 +65,6 @@ workload:
|
|||
type: http
|
||||
path: /healthz
|
||||
port: 25080
|
||||
|
||||
service:
|
||||
main:
|
||||
enabled: false
|
||||
|
|
|
@ -22,7 +22,7 @@ sources:
|
|||
- https://github.com/metallb/metallb
|
||||
- https://metallb.universe.tf
|
||||
type: application
|
||||
version: 3.0.10
|
||||
version: 3.0.11
|
||||
annotations:
|
||||
truecharts.org/category: core
|
||||
truecharts.org/SCALE-support: "true"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/scratch
|
||||
tag: latest@sha256:7f821eeb99d04ac248c47f79cfbcc2482651fea48aff9ec5d2ba0ba34f1f5531
|
||||
repository: hello-world
|
||||
tag: latest@sha256:88ec0acaa3ec199d3b7eaf73588f4518c25f9d34f58ce9a0df68429c5af48e8d
|
||||
pullPolicy: IfNotPresent
|
||||
manifestManager:
|
||||
enabled: false
|
||||
|
@ -18,7 +18,6 @@ workload:
|
|||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
|
||||
service:
|
||||
main:
|
||||
enabled: false
|
||||
|
@ -26,16 +25,13 @@ service:
|
|||
main:
|
||||
enabled: false
|
||||
port: 9999
|
||||
|
||||
operator:
|
||||
verify:
|
||||
enabled: true
|
||||
additionalOperators: ["metallb"]
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: false
|
||||
|
||||
ipAddressPools: []
|
||||
# - name: example
|
||||
# autoAssign: true
|
||||
|
|
|
@ -29,7 +29,7 @@ sources:
|
|||
- https://github.com/prometheus-community/helm-charts
|
||||
- https://github.com/prometheus-operator/kube-prometheus
|
||||
type: application
|
||||
version: 13.0.19
|
||||
version: 13.0.20
|
||||
annotations:
|
||||
truecharts.org/category: metrics
|
||||
truecharts.org/SCALE-support: "true"
|
||||
|
|
|
@ -1,15 +1,12 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/prometheus
|
||||
tag: v2.47.2@sha256:92397b84686557a47be6a91fd80d1fe375301f150982ec9c0fb1a45c44ecedfa
|
||||
|
||||
repository: bitnami/prometheus
|
||||
tag: 2.47.2@sha256:e04c2d5d5cc86aa4f59b8cc645ef51ca81c70ed7a7abfa1aaafaaa7e868b44ad
|
||||
thanosImage:
|
||||
repository: tccr.io/truecharts/thanos
|
||||
tag: v0.32.5@sha256:4cea5ca36f1567993344c3375b9a80d8073dbc8d530656644d36c90683f96464
|
||||
|
||||
alertmanagerImage:
|
||||
repository: tccr.io/truecharts/alertmanager
|
||||
tag: v0.26.0@sha256:f0bbf30d4901be33855b0fb4b71e3d7410b872a33b9d08cd2d7ed576505e40a8
|
||||
|
||||
global:
|
||||
labels: {}
|
||||
workload:
|
||||
|
@ -26,7 +23,6 @@ workload:
|
|||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
|
||||
service:
|
||||
main:
|
||||
selectorLabels:
|
||||
|
@ -59,7 +55,6 @@ service:
|
|||
port: 10901
|
||||
targetPort: 10901
|
||||
protocol: http
|
||||
|
||||
ingress:
|
||||
main:
|
||||
enabled: false
|
||||
|
@ -67,20 +62,16 @@ ingress:
|
|||
enabled: false
|
||||
thanos:
|
||||
enabled: false
|
||||
|
||||
####
|
||||
## Operator Config
|
||||
####
|
||||
|
||||
env:
|
||||
PROMETHEUS_CONFIG_RELOADER:
|
||||
configMapKeyRef:
|
||||
name: prometheus-operator-config
|
||||
key: prometheus-config-reloader
|
||||
|
||||
podOptions:
|
||||
automountServiceAccountToken: true
|
||||
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
|
@ -178,16 +169,13 @@ rbac:
|
|||
- get
|
||||
- list
|
||||
- watch
|
||||
|
||||
# -- The service account the pods will use to interact with the Kubernetes API
|
||||
serviceAccount:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
|
||||
probes:
|
||||
# -- Liveness probe configuration
|
||||
# @default -- See below
|
||||
|
@ -198,7 +186,6 @@ probes:
|
|||
path: "/metrics"
|
||||
port: promop
|
||||
scheme: HTTP
|
||||
|
||||
# -- Redainess probe configuration
|
||||
# @default -- See below
|
||||
readiness:
|
||||
|
@ -208,7 +195,6 @@ probes:
|
|||
path: "/metrics"
|
||||
port: promop
|
||||
scheme: HTTP
|
||||
|
||||
# -- Startup probe configuration
|
||||
# @default -- See below
|
||||
startup:
|
||||
|
@ -218,7 +204,6 @@ probes:
|
|||
path: "/metrics"
|
||||
port: promop
|
||||
scheme: HTTP
|
||||
|
||||
operator:
|
||||
## Create a servicemonitor for the operator
|
||||
##
|
||||
|
@ -238,7 +223,6 @@ operator:
|
|||
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
|
||||
##
|
||||
relabelings: []
|
||||
|
||||
## Prometheus Configmap-reload image to use for reloading configmaps
|
||||
## defaults to Bitnami Prometheus Operator (ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus-operator/tags/)
|
||||
##
|
||||
|
@ -251,7 +235,6 @@ operator:
|
|||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 10
|
||||
|
@ -259,7 +242,6 @@ operator:
|
|||
timeoutSeconds: 5
|
||||
failureThreshold: 6
|
||||
successThreshold: 1
|
||||
|
||||
readinessProbe:
|
||||
enabled: true
|
||||
initialDelaySeconds: 15
|
||||
|
@ -267,7 +249,6 @@ operator:
|
|||
timeoutSeconds: 5
|
||||
failureThreshold: 6
|
||||
successThreshold: 1
|
||||
|
||||
####
|
||||
## Prometheus Config (Spawned by Operator)
|
||||
####
|
||||
|
@ -326,7 +307,6 @@ prometheus:
|
|||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
|
||||
serviceMonitor:
|
||||
## @param prometheus.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus itself
|
||||
##
|
||||
|
@ -842,7 +822,6 @@ prometheus:
|
|||
## @param prometheus.portName Port name used for the pods and governing service. This defaults to web
|
||||
##
|
||||
portName: main
|
||||
|
||||
####
|
||||
## Alert Manager Config
|
||||
####
|
||||
|
@ -1120,7 +1099,6 @@ alertmanager:
|
|||
## @param alertmanager.configSelector Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. This defaults to {}
|
||||
##
|
||||
configSelector: {}
|
||||
|
||||
####
|
||||
## Exporters
|
||||
####
|
||||
|
@ -1138,14 +1116,12 @@ exporters:
|
|||
## @param exporters.kube-state-metrics.enabled Enable kube-state-metrics
|
||||
##
|
||||
enabled: true
|
||||
|
||||
## @param kube-state-metrics [object] Node Exporter deployment configuration
|
||||
##
|
||||
kube-state-metrics:
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
honorLabels: true
|
||||
|
||||
## Component scraping for kubelet and kubelet hosted cAdvisor
|
||||
##
|
||||
kubelet:
|
||||
|
@ -1361,7 +1337,6 @@ kubeProxy:
|
|||
## @param kubeProxy.enabled Create a ServiceMonitor to scrape the kube-proxy Service
|
||||
##
|
||||
enabled: false
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
||||
|
|
|
@ -23,7 +23,7 @@ sources:
|
|||
- https://github.com/traefik/traefik-helm-chart
|
||||
- https://traefik.io/
|
||||
type: application
|
||||
version: 21.1.7
|
||||
version: 21.1.8
|
||||
annotations:
|
||||
truecharts.org/category: network
|
||||
truecharts.org/SCALE-support: "true"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/traefik
|
||||
tag: v2.10.5@sha256:b277733b5b8d7f9d2761813d97e161c1f64ec77960f9c06adde13868efbc8dce
|
||||
repository: traefik
|
||||
tag: v2.10.5@sha256:948978f7ec62f137a79f8af7044a1785bd7868706ef2c8cba9c88db688d08661
|
||||
pullPolicy: IfNotPresent
|
||||
manifestManager:
|
||||
enabled: true
|
||||
|
@ -22,7 +22,6 @@ workload:
|
|||
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# @default -- "/"
|
||||
# path: "/ping"
|
||||
|
||||
# -- Readiness probe configuration
|
||||
# @default -- See below
|
||||
readiness:
|
||||
|
@ -32,7 +31,6 @@ workload:
|
|||
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# @default -- "/"
|
||||
# path: "/ping"
|
||||
|
||||
# -- Startup probe configuration
|
||||
# @default -- See below
|
||||
startup:
|
||||
|
@ -42,15 +40,12 @@ workload:
|
|||
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
|
||||
# @default -- "/"
|
||||
# path: "/ping"
|
||||
|
||||
# -- Options for all pods
|
||||
# Can be overruled per pod
|
||||
podOptions:
|
||||
automountServiceAccountToken: true
|
||||
|
||||
operator:
|
||||
register: true
|
||||
|
||||
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
|
||||
ingressClass:
|
||||
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
|
||||
|
@ -58,7 +53,6 @@ ingressClass:
|
|||
isDefaultClass: false
|
||||
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
|
||||
fallbackApiVersion: ""
|
||||
|
||||
# -- Create an IngressRoute for the dashboard
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
|
@ -72,22 +66,19 @@ ingressRoute:
|
|||
providers:
|
||||
kubernetesCRD:
|
||||
enabled: true
|
||||
namespaces:
|
||||
[]
|
||||
# - "default"
|
||||
namespaces: []
|
||||
# - "default"
|
||||
kubernetesIngress:
|
||||
enabled: true
|
||||
# labelSelector: environment=production,method=traefik
|
||||
namespaces:
|
||||
[]
|
||||
# - "default"
|
||||
namespaces: []
|
||||
# - "default"
|
||||
# IP used for Kubernetes Ingress endpoints
|
||||
publishedService:
|
||||
enabled: true
|
||||
# Published Kubernetes Service to copy status from. Format: namespace/servicename
|
||||
# By default this Traefik service
|
||||
# pathOverride: ""
|
||||
|
||||
# -- Logs
|
||||
# https://docs.traefik.io/observability/logs/
|
||||
logs:
|
||||
|
@ -105,31 +96,27 @@ logs:
|
|||
# them to the selected output. In some cases, this option can greatly help performances.
|
||||
# bufferingSize: 100
|
||||
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
|
||||
filters:
|
||||
{}
|
||||
# statuscodes: "200,300-302"
|
||||
# retryattempts: true
|
||||
# minduration: 10ms
|
||||
filters: {}
|
||||
# statuscodes: "200,300-302"
|
||||
# retryattempts: true
|
||||
# minduration: 10ms
|
||||
# Fields
|
||||
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
|
||||
fields:
|
||||
general:
|
||||
defaultmode: keep
|
||||
names:
|
||||
{}
|
||||
# Examples:
|
||||
# ClientUsername: drop
|
||||
names: {}
|
||||
# Examples:
|
||||
# ClientUsername: drop
|
||||
headers:
|
||||
defaultmode: drop
|
||||
names:
|
||||
{}
|
||||
# Examples:
|
||||
# User-Agent: redact
|
||||
# Authorization: drop
|
||||
# Content-Type: keep
|
||||
names: {}
|
||||
# Examples:
|
||||
# User-Agent: redact
|
||||
# Authorization: drop
|
||||
# Content-Type: keep
|
||||
# -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
|
||||
format: common
|
||||
|
||||
metrics:
|
||||
main:
|
||||
enabled: false
|
||||
|
@ -138,10 +125,8 @@ metrics:
|
|||
- port: metrics
|
||||
path: /metrics
|
||||
targetSelector: metrics
|
||||
|
||||
globalArguments:
|
||||
- "--global.checknewversion"
|
||||
|
||||
##
|
||||
# -- Additional arguments to be passed at Traefik's binary
|
||||
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
|
||||
|
@ -149,7 +134,6 @@ globalArguments:
|
|||
additionalArguments:
|
||||
- "--serverstransport.insecureskipverify=true"
|
||||
- "--providers.kubernetesingress.allowexternalnameservices=true"
|
||||
|
||||
# -- TLS Options to be created as TLSOption CRDs
|
||||
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
|
||||
# Example:
|
||||
|
@ -167,7 +151,6 @@ tlsOptions:
|
|||
- TLS_AES_128_GCM_SHA256
|
||||
- TLS_AES_256_GCM_SHA384
|
||||
- TLS_CHACHA20_POLY1305_SHA256
|
||||
|
||||
# -- Options for the main traefik service, where the entrypoints traffic comes from
|
||||
# from.
|
||||
service:
|
||||
|
@ -258,7 +241,6 @@ service:
|
|||
enabled: false
|
||||
# udp:
|
||||
# enabled: false
|
||||
|
||||
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
|
||||
rbac:
|
||||
main:
|
||||
|
@ -310,13 +292,11 @@ rbac:
|
|||
- get
|
||||
- list
|
||||
- watch
|
||||
|
||||
# -- The service account the pods will use to interact with the Kubernetes API
|
||||
serviceAccount:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
|
||||
# -- SCALE Middleware Handlers
|
||||
middlewares:
|
||||
basicAuth: []
|
||||
|
@ -441,16 +421,13 @@ middlewares:
|
|||
## Note: body of every request will be buffered in memory while the request is in-flight
|
||||
## (i.e.: during the security check and during the request processing by traefik and the backend),
|
||||
## so you may want to tune maxBodySize depending on how much RAM you have.
|
||||
|
||||
portalhook:
|
||||
enabled: true
|
||||
|
||||
persistence:
|
||||
plugins:
|
||||
enabled: true
|
||||
mountPath: "/plugins-storage"
|
||||
type: emptyDir
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
||||
|
|
|
@ -25,7 +25,7 @@ sources:
|
|||
- https://github.com/truecharts/charts/tree/master/charts/enterprise/vaultwarden
|
||||
- https://github.com/dani-garcia/vaultwarden
|
||||
type: application
|
||||
version: 23.0.9
|
||||
version: 23.0.10
|
||||
annotations:
|
||||
truecharts.org/category: security
|
||||
truecharts.org/SCALE-support: "true"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
image:
|
||||
repository: tccr.io/truecharts/vaultwarden
|
||||
repository: docker.io/vaultwarden/server
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v1.30.0@sha256:57bc723900152d5401473f9e458bed388c253f034eeae878984216166cd14967
|
||||
tag: 1.30.0@sha256:27638a2ae977d66d99891c06562ff9ba78a60869d2e5a94cf2953f1d03fde12f
|
||||
manifestManager:
|
||||
enabled: true
|
||||
service:
|
||||
|
@ -10,7 +10,6 @@ service:
|
|||
main:
|
||||
port: 10102
|
||||
targetPort: 8080
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
|
@ -22,13 +21,11 @@ workload:
|
|||
secretKeyRef:
|
||||
name: cnpg-main-urls
|
||||
key: std
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: vaultwardenconfig
|
||||
- secretRef:
|
||||
name: vaultwardensecret
|
||||
|
||||
database:
|
||||
# -- Database type,
|
||||
# must be one of: 'sqlite', 'mysql' or 'postgresql'.
|
||||
|
@ -42,7 +39,6 @@ database:
|
|||
# maxConnections: 10
|
||||
## Connection retries during startup, 0 for infinite. 1 second between retries.
|
||||
# retries: 15
|
||||
|
||||
# Set Bitwarden_rs application variables
|
||||
vaultwarden:
|
||||
# -- Allow any user to sign-up
|
||||
|
@ -84,7 +80,6 @@ vaultwarden:
|
|||
disableAdminToken: false
|
||||
## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
|
||||
# token:
|
||||
|
||||
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
|
||||
smtp:
|
||||
enabled: false
|
||||
|
@ -112,7 +107,6 @@ vaultwarden:
|
|||
# user: ""
|
||||
## SMTP password. Required is user is specified, ignored if no user provided.
|
||||
# password: ""
|
||||
|
||||
## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
|
||||
yubico:
|
||||
enabled: false
|
||||
|
@ -121,13 +115,11 @@ vaultwarden:
|
|||
## Yubico ID and Secret Key.
|
||||
# clientId:
|
||||
# secretKey:
|
||||
|
||||
## Enable Mobile Push Notifications. You must obtain and ID and Key here: https://bitwarden.com/host
|
||||
push:
|
||||
enabled: false
|
||||
# installationId:
|
||||
# installationKey:
|
||||
|
||||
## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
|
||||
log:
|
||||
# Log to file.
|
||||
|
@ -136,7 +128,6 @@ vaultwarden:
|
|||
level: "trace"
|
||||
## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
|
||||
# timeFormat: ""
|
||||
|
||||
icons:
|
||||
# Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
|
||||
disableDownload: false
|
||||
|
@ -144,18 +135,15 @@ vaultwarden:
|
|||
# cache: 2592000
|
||||
## Cache time-to-live for icons that were not available. 0 means no purging.
|
||||
# cacheFailed: 259200
|
||||
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
mountPath: "/data"
|
||||
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
user: vaultwarden
|
||||
database: vaultwarden
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
||||
|
|
Loading…
Reference in New Issue