Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code

chore(repo) change enterprise charts to the upstream images (#14737) 

**Description**
Update the enterprise train charts to their direct upstream image.
⚒️ Fixes  # <!--(issue)-->

**⚙️ Type of change**

- [ ] ⚙️ Feature/App addition
- [ ] 🪛 Bugfix
- [ ] ⚠️ Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [ ] 🔃 Refactor of current code

**🧪 How Has This Been Tested?**
<!--
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details
for your test configuration
-->

**📃 Notes:**
<!-- Please enter any other relevant information here -->

**✔️ Checklist:**

- [ ] ⚖️ My code follows the style guidelines of this project
- [ ] 👀 I have performed a self-review of my own code
- [ ] #️⃣ I have commented my code, particularly in hard-to-understand
areas
- [ ] 📄 I have made corresponding changes to the documentation
- [ ] ⚠️ My changes generate no new warnings
- [ ] 🧪 I have added tests to this description that prove my fix is
effective or that my feature works
- [ ] ⬆️ I increased versions for any altered app according to semantic
versioning

** App addition**

If this PR is an app addition please make sure you have done the
following.

- [ ] 🪞 I have opened a PR on
[truecharts/containers](https://github.com/truecharts/containers) adding
the container to TrueCharts mirror repo.
- [ ] 🖼️ I have added an icon in the Chart's root directory called
`icon.png`

---

_Please don't blindly check all the boxes. Read them and only check
those that apply.
Those checkboxes are there for the reviewer to see what is this all
about and
the status of this PR with a quick glance._
This commit is contained in:
Xstar97TheNoob 2023-11-17 05:20:22 -05:00 committed by GitHub
parent 56d2acd75f
commit 2a3488cf11
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 138 additions and 334 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
charts/enterprise/authelia/Chart.yaml
View File

@ -35,7 +35,7 @@ sources:
- https://github.com/authelia/chartrepo
- https://github.com/authelia/authelia
type: application
version: 19.0.12
version: 19.0.13
annotations:
truecharts.org/category: security
truecharts.org/SCALE-support: "true"

154
charts/enterprise/authelia/values.yaml
View File

@ -1,7 +1,7 @@
image:
repository: tccr.io/truecharts/authelia
repository: ghcr.io/authelia/authelia
pullPolicy: IfNotPresent
tag: 4.37.5@sha256:76a4617539534cec140fd98a12f721b878524f2df3a3653f3df8ff2b7eaab586
tag: 4.37.5@sha256:25fc5423238b6f3a1fc967fda3f6a9212846aeb4a720327ef61c8ccff52dbbe2
manifestManager:
enabled: true
workload:
@ -22,40 +22,32 @@ workload:
liveness:
type: http
path: "/api/health"
readiness:
type: http
path: "/api/health"
startup:
type: http
path: "/api/health"
service:
main:
ports:
main:
port: 9091
targetPort: 9091
persistence:
config:
enabled: true
mountPath: "/config"
cnpg:
main:
enabled: true
user: authelia
database: authelia
# Enabled redis
# ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis
redis:
enabled: true
domain: example.com
##
## Server Configuration
##
@ -65,7 +57,6 @@ server:
## Default is 9091 and should not need to be changed.
##
port: 9091
## Buffers usually should be configured to be the same value.
## Explanation at https://www.authelia.com/docs/configuration/server.html
## Read buffer size adjusts the server's max incoming request size in bytes.
@ -75,18 +66,14 @@ server:
## Set the single level path Authelia listens on.
## Must be alphanumeric chars and should not contain any slashes.
path: ""
log:
## Level of verbosity for logs: info, debug, trace.
level: trace
## Format the logs are written as: json, text.
format: text
## TODO: Statefulness check should check if this is set, and the configMap should enable it.
## File path where the logs will be written. If not set logs are written to stdout.
# file_path: /config/authelia.log
## Default redirection URL
##
## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
@ -99,7 +86,6 @@ default_redirection_url: ""
# default_redirection_url: https://example.com
theme: light
##
## TOTP Configuration
##
@ -116,7 +102,6 @@ totp:
## Warning: before changing skew read the docs link below.
## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation.
skew: 1
##
## Password Policy Config
##
@ -135,7 +120,6 @@ password_policy:
## See https://www.authelia.com/configuration/security/password-policy/#zxcvbn for more info
enabled: false
min_score: 3
##
## Duo Push API Configuration
##
@ -146,16 +130,13 @@ duo_api:
hostname: api-123456789.example.com
integration_key: ABCDEF
plain_api_key: ""
## NTP settings
ntp:
address: "time.cloudflare.com:123"
version: 4
max_desync: 3s
disable_startup_check: false
disable_failure: true
##
## Authentication Backend Provider Configuration
##
@ -165,7 +146,6 @@ ntp:
authentication_backend:
## Disable both the HTML element and the API for reset password functionality
disable_reset_password: false
## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation.
## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will
## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP.
@ -174,7 +154,6 @@ authentication_backend:
## Duration Notation docs: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval
refresh_interval: 5m
## LDAP backend configuration.
##
## This backend allows Authelia to be scaled to more
@ -183,7 +162,6 @@ authentication_backend:
ldap:
## Enable LDAP Backend.
enabled: false
## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
## Acceptable options are as follows:
## - 'activedirectory' - For Microsoft Active Directory.
@ -194,32 +172,24 @@ authentication_backend:
## attribute mappings have a default value that this config overrides, you can read more about these default values
## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults
implementation: activedirectory
## The url to the ldap server. Format: <scheme>://<address>[:<port>].
## Scheme can be ldap or ldaps in the format (port optional).
url: ldap://openldap.default.svc.cluster.local
## Connection Timeout.
timeout: 5s
## Use StartTLS with the LDAP connection.
start_tls: false
tls:
## Server Name for certificate validation (in case it's not set correctly in the URL).
server_name: ""
## Skip verifying the server certificate (to allow a self-signed certificate).
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
skip_verify: false
## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
minimum_version: TLS1.2
## The base dn for every LDAP query.
base_dn: DC=example,DC=com
## The attribute holding the username of the user. This attribute is used to populate the username in the session
## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this
@ -229,10 +199,8 @@ authentication_backend:
## be used but we don't recommend using them, we instead advise to use the attributes mentioned above
## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt.
username_attribute: "uid"
## An additional dn to define the scope to all users.
additional_users_dn: OU=Users
## The users filter used in search queries to find the user profile based on input filled in login form.
## Various placeholders are available in the user filter:
## - {input} is a placeholder replaced by what the user inputs in the login form.
@ -250,10 +218,8 @@ authentication_backend:
## To allow sign in both with username and email, one can use a filter like
## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
users_filter: ""
## An additional dn to define the scope of groups.
additional_groups_dn: OU=Groups
## The groups filter used in search queries to find the groups of the user.
## - {input} is a placeholder replaced by what the user inputs in the login form.
## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`).
@ -268,21 +234,16 @@ authentication_backend:
## If your groups use the `groupOfUniqueNames` structure use this instead:
## (&(uniquemember={dn})(objectclass=groupOfUniqueNames))
groups_filter: ""
## The attribute holding the name of the group
group_name_attribute: "cn"
## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the
## first one returned by the LDAP server is used.
mail_attribute: "mail"
## The attribute holding the display name of the user. This will be used to greet an authenticated user.
display_name_attribute: "displayname"
## The username of the admin user.
user: CN=admin,DC=example,DC=com
plain_password: ""
##
## File (Authentication Provider)
##
@ -305,7 +266,6 @@ authentication_backend:
salt_length: 16
memory: 1024
parallelism: 8
##
## Access Control Configuration
##
@ -337,7 +297,6 @@ access_control:
## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
## resource if there is no policy to be applied to the user.
default_policy: deny
networks: []
# networks:
# - name: private
@ -392,7 +351,6 @@ access_control:
# policy: two_factor
# - domain: "{user}.example.com"
# policy: bypass
##
## Session Provider Configuration
##
@ -401,24 +359,19 @@ access_control:
session:
## The name of the session cookie. (default: authelia_session).
name: authelia_session
## Sets the Cookie SameSite value. Possible options are none, lax, or strict.
## Please read https://www.authelia.com/docs/configuration/session.html#same_site
same_site: lax
## The time in seconds before the cookie expires and session is reset.
expiration: 1h
## The inactivity time in seconds before the session is reset.
inactivity: 5m
## The remember me duration.
## Value is in seconds, or duration notation. Value of 0 disables remember me.
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to
## spy or attack. Currently the default is 1M or 1 month.
remember_me_duration: 1M
##
## Redis Provider
##
@ -427,35 +380,26 @@ session:
## The redis connection details
redisProvider:
port: 6379
## Optional username to be used with authentication.
# username: authelia
username: ""
## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
database_index: 0
## The maximum number of concurrent active connections to Redis.
maximum_active_connections: 8
## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
minimum_idle_connections: 0
## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
tls:
enabled: false
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
server_name: ""
## Skip verifying the server certificate (to allow a self-signed certificate).
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
skip_verify: false
## Minimum TLS version for the connection.
minimum_version: TLS1.2
## The Redis HA configuration options.
## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
high_availability:
@ -463,7 +407,6 @@ redisProvider:
enabledSecret: false
## Sentinel Name / Master Name
sentinel_name: mysentinel
## The additional nodes to pre-seed the redis provider with (for sentinel).
## If the host in the above section is defined, it will be combined with this list to connect to sentinel.
## For high availability to be used you must have either defined; the host above or at least one node below.
@ -476,10 +419,8 @@ redisProvider:
## Choose the host with the lowest latency.
route_by_latency: false
## Choose the host randomly.
route_randomly: false
##
## Regulation Configuration
##
@ -488,16 +429,13 @@ redisProvider:
regulation:
## The number of failed login attempts before user is banned. Set it to 0 to disable regulation.
max_retries: 3
## The time range during which the user can attempt login before being banned. The user is banned if the
## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation.
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
find_time: 2m
## The length of time before a banned user can login again. Ban Time accepts duration notation.
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
ban_time: 5m
##
## Storage Provider Configuration
##
@ -512,7 +450,6 @@ storage:
username: authelia
sslmode: disable
timeout: 5s
##
## Notification Provider
##
@ -522,7 +459,6 @@ storage:
notifier:
## You can disable the notifier startup check by setting this to true.
disable_startup_check: false
##
## File System (Notification Provider)
##
@ -531,7 +467,6 @@ notifier:
filesystem:
enabled: true
filename: /config/notification.txt
##
## SMTP (Notification Provider)
##
@ -561,91 +496,82 @@ notifier:
startup_check_address: test@authelia.com
disable_require_tls: false
disable_html_emails: false
tls:
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
server_name: ""
## Skip verifying the server certificate (to allow a self-signed certificate).
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
skip_verify: false
## Minimum TLS version for either StartTLS or SMTPS.
minimum_version: TLS1.2
identity_providers:
oidc:
## Enables this in the config map. Currently in beta stage.
## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap
enabled: false
access_token_lifespan: 1h
authorize_code_lifespan: 1m
id_token_lifespan: 1h
refresh_token_lifespan: 90m
enable_client_debug_messages: false
## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for
## security reasons.
minimum_parameter_entropy: 8
clients: []
# clients:
# -
## The ID is the OpenID Connect ClientID which is used to link an application to a configuration.
# id: myapp
## The description to show to users when they end up on the consent screen. Defaults to the ID above.
# description: My Application
## The description to show to users when they end up on the consent screen. Defaults to the ID above.
# description: My Application
## The client secret is a shared secret between Authelia and the consumer of this client.
# secret: apple123
## The client secret is a shared secret between Authelia and the consumer of this client.
# secret: apple123
## Sets the client to public. This should typically not be set, please see the documentation for usage.
# public: false
## Sets the client to public. This should typically not be set, please see the documentation for usage.
# public: false
## The policy to require for this client; one_factor or two_factor.
# authorization_policy: two_factor
## The policy to require for this client; one_factor or two_factor.
# authorization_policy: two_factor
## Configures the consent mode; auto, explicit or implicit
# consent_mode: auto
## Configures the consent mode; auto, explicit or implicit
# consent_mode: auto
## Audience this client is allowed to request.
# audience: []
## Audience this client is allowed to request.
# audience: []
## Scopes this client is allowed to request.
# scopes:
# - openid
# - profile
# - email
# - groups
## Scopes this client is allowed to request.
# scopes:
# - openid
# - profile
# - email
# - groups
## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
# redirect_uris:
# - https://oidc.example.com/oauth2/callback
## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
# redirect_uris:
# - https://oidc.example.com/oauth2/callback
## Grant Types configures which grants this client can obtain.
## It's not recommended to configure this unless you know what you're doing.
# grant_types:
# - refresh_token
# - authorization_code
## Grant Types configures which grants this client can obtain.
## It's not recommended to configure this unless you know what you're doing.
# grant_types:
# - refresh_token
# - authorization_code
## Response Types configures which responses this client can be sent.
## It's not recommended to configure this unless you know what you're doing.
# response_types:
# - code
## Response Types configures which responses this client can be sent.
## It's not recommended to configure this unless you know what you're doing.
# response_types:
# - code
## Response Modes configures which response modes this client supports.
## It's not recommended to configure this unless you know what you're doing.
# response_modes:
# - form_post
# - query
# - fragment
## Response Modes configures which response modes this client supports.
## It's not recommended to configure this unless you know what you're doing.
# response_modes:
# - form_post
# - query
# - fragment
## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
# userinfo_signing_algorithm: none
## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
# userinfo_signing_algorithm: none
portal:
open:

2
charts/enterprise/blocky/Chart.yaml
View File

@ -25,7 +25,7 @@ sources:
- https://0xerr0r.github.io/blocky/
- https://github.com/0xERR0R/blocky
- https://github.com/Mozart409/blocky-frontend
version: 9.0.9
version: 9.0.10
annotations:
truecharts.org/category: network
truecharts.org/SCALE-support: "true"

48
charts/enterprise/blocky/values.yaml
View File

@ -1,8 +1,7 @@
image:
repository: tccr.io/truecharts/blocky
tag: v0.22.0@sha256:385055de8ad0b9074d2057d054768d649b8289c5dd566367e0b6289ba5d661a4
repository: spx01/blocky
tag: v0.22@sha256:7def473b1b553b730dd38ba0bc436fc732193c15d35681aa0b0eb962dd6350aa
pullPolicy: IfNotPresent
k8sgatewayImage:
repository: tccr.io/truecharts/k8s_gateway
pullPolicy: IfNotPresent
@ -35,7 +34,6 @@ workload:
command:
- /app/blocky
- healthcheck
# -- Blocky Config File content
blockyConfig: {}
# upstream:
@ -46,7 +44,6 @@ blockyConfig: {}
blocky:
# -- Enable prometheus annotations
enablePrometheus: true
service:
main:
enabled: true
@ -95,7 +92,6 @@ service:
port: 5353
protocol: udp
targetPort: 5353
## TODO Add support for SCALE certificates and certificates secrets here
certFile: ""
keyFile: ""
@ -105,7 +101,6 @@ logTimestamp: true
logPrivacy: false
dohUserAgent: ""
minTlsServeVersion: 1.2
# -- set the default DNS upstream servers
# Primarily designed for inclusion in the TrueNAS SCALE GUI
defaultUpstreams:
@ -125,13 +120,12 @@ defaultUpstreams:
- 76.223.122.150
- 76.76.2.0
- 76.76.10.0
# -- set additional upstreams
# Primarily designed for inclusion in the TrueNAS SCALE GUI
upstreams:
# - name: group2
# dnsservers:
# - 1.1.1.1
# - name: group2
# dnsservers:
# - 1.1.1.1
# -- set bootstrap dns (not needed)
# Ensures bootstrap encryption and ensure it doesn't use k8s dns
@ -140,18 +134,15 @@ bootstrapDns:
upstream: ""
# -- IP's linked to upstream DoT/DoH DNS name
ips: []
# -- set additional bootstrap dns (not needed, only used if bootstrapDns is set)
additionalBootstrapDns:
[]
# - upstream: ""
# ips: []
additionalBootstrapDns: []
# - upstream: ""
# ips: []
# -- Return empty answer for these queries
filtering:
# -- Ensures filtering by query type
queryTypes: []
# -- Set manual custom DNS resolution
customDNS:
customTTL: 1h
@ -162,7 +153,6 @@ customDNS:
mapping: []
# - domain: something.com
# dnsserver: 192.168.178.1
# -- Setup client-name lookup
clientLookup:
# -- upstream used for client-name lookup
@ -171,7 +161,6 @@ clientLookup:
clients:
# - domain: laptop
# ips: []
# -- Setup caching
caching:
minTime: 5m
@ -182,7 +171,6 @@ caching:
prefetchThreshold: 5
prefetchMaxItemsCount: 0
cacheTimeNegative: 30m
# -- set conditional settings
# Primarily designed for inclusion in the TrueNAS SCALE GUI
conditional:
@ -192,7 +180,6 @@ conditional:
mapping: []
# - domain: something.com
# dnsserver: 192.168.178.1
# -- set blocking settings using Lists
# Primarily designed for inclusion in the TrueNAS SCALE GUI
blocking:
@ -231,7 +218,6 @@ blocking:
# - name: default
# groups:
# - ads
# -- configure using hostsfile for lookups
# Allows for using the hosts configured in kubernetes and such
hostsFile:
@ -239,7 +225,6 @@ hostsFile:
filePath: /etc/hosts
hostsTTL: 60m
refreshPeriod: 30m
## TODO: add this with postgresql support as well
# queryLog:
# type: csv
@ -247,20 +232,16 @@ hostsFile:
# logRetentionDays: 0
# creationAttempts: 3
# CreationCooldown: 2
podOptions:
automountServiceAccountToken: true
portal:
open:
enabled: false
serviceAccount:
main:
# -- Specifies whether a service account should be created
enabled: true
primary: true
# -- Create a ClusterRole and ClusterRoleBinding
# @default -- See below
rbac:
@ -287,21 +268,16 @@ rbac:
verbs:
- list
- watch
k8sgateway:
enabled: true
# -- TTL for non-apex responses (in seconds)
ttl: 300
# -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"]
watchedResources: []
# -- Service name of a secondary DNS server (should be `serviceName.namespace`)
secondary: ""
# -- Override the default `serviceName.namespace` domain apex
apex: ""
# -- list of processed domains
domains: []
# -- Delegated domain
@ -320,7 +296,6 @@ k8sgateway:
options:
- name: tls_servername
value: cloudflare-dns.com
metrics:
main:
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
@ -330,7 +305,6 @@ metrics:
endpoints:
- port: main
path: /metrics
# -- Enable and configure Prometheus Rules for the chart under this key.
# @default -- See values.yaml
prometheusRule:
@ -338,8 +312,7 @@ metrics:
labels: {}
# -- Configure additionial rules for the chart under this key.
# @default -- See prometheusrules.yaml
rules:
[]
rules: []
# - alert: UnifiPollerAbsent
# annotations:
# description: Unifi Poller has disappeared from Prometheus service discovery.
@ -349,10 +322,8 @@ metrics:
# for: 5m
# labels:
# severity: critical
redis:
enabled: true
# CANNOT be defined in above yaml section
queryLog:
# optional one of: mysql, postgresql, csv, csv-client. If empty, log to console
@ -366,7 +337,6 @@ queryLog:
creationAttempts: 3
# optional: Time between the creation attempts, default: 2s
creationCooldown: 2s
cnpg:
main:
enabled: false

2
charts/enterprise/clusterissuer/Chart.yaml
View File

@ -21,7 +21,7 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/enterprise/clusterissuer
- https://cert-manager.io/
type: application
version: 4.2.9
version: 4.2.10
annotations:
truecharts.org/category: core
truecharts.org/SCALE-support: "true"

8
charts/enterprise/clusterissuer/values.yaml
View File

@ -1,6 +1,6 @@
image:
repository: tccr.io/truecharts/scratch
tag: latest@sha256:7f821eeb99d04ac248c47f79cfbcc2482651fea48aff9ec5d2ba0ba34f1f5531
repository: hello-world
tag: latest@sha256:88ec0acaa3ec199d3b7eaf73588f4518c25f9d34f58ce9a0df68429c5af48e8d
pullPolicy: IfNotPresent
manifestManager:
enabled: true
@ -18,7 +18,6 @@ workload:
enabled: false
startup:
enabled: false
service:
main:
enabled: false
@ -26,18 +25,15 @@ service:
main:
enabled: false
port: 9999
portal:
open:
enabled: false
operator:
verify:
additionalOperators:
- cert-manager
enabled: true
failOnError: false
clusterIssuer:
selfSigned:
enabled: true

2
charts/enterprise/external-dns/Chart.yaml
View File

@ -22,7 +22,7 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/enterprise/external-dns
- https://github.com/kubernetes-sigs/external-dns
type: application
version: 1.0.4
version: 1.0.5
annotations:
truecharts.org/category: networking
truecharts.org/SCALE-support: "true"

68
charts/enterprise/external-dns/values.yaml
View File

@ -1,8 +1,7 @@
image:
repository: tccr.io/truecharts/external-dns
repository: registry.k8s.io/external-dns/external-dns
pullPolicy: IfNotPresent
tag: v0.14.0@sha256:5ce70afd1d4f2d35310aa6097f810d9701cd62866df255906548dfe26c6c8b6a
tag: v0.14.0@sha256:474077b3dfccb3021db0a6638274967d0f64ce60dd9730a6f464bee2f78b046f
externaldns:
logLevel: "info"
logFormat: "text"
@ -22,7 +21,6 @@ externaldns:
txtOwnerId: ""
txtPrefix: ""
txtSuffix: ""
service:
main:
ports:
@ -30,7 +28,6 @@ service:
protocol: http
targetPort: 7979
port: 7979
workload:
main:
podSpec:
@ -55,7 +52,6 @@ workload:
OVH_CONSUMER_KEY: ""
SCW_ACCESS_KEY: ""
SCW_SECRET_KEY: ""
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
main:
@ -65,87 +61,83 @@ rbac:
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list","watch"]
verbs: ["list", "watch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["services","endpoints"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["services", "endpoints"]
verbs: ["get", "watch", "list"]
- apiGroups: ["extensions", "networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.istio.io"]
resources: ["gateways"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["networking.istio.io"]
resources: ["virtualservices"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["getambassador.io"]
resources: ["hosts","ingresses"]
verbs: ["get","watch","list"]
resources: ["hosts", "ingresses"]
verbs: ["get", "watch", "list"]
- apiGroups: ["projectcontour.io"]
resources: ["httpproxies"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["externaldns.k8s.io"]
resources: ["dnsendpoints"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["externaldns.k8s.io"]
resources: ["dnsendpoints/status"]
verbs: ["*"]
- apiGroups: ["gateway.networking.k8s.io"]
resources: ["gateways"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["gateway.networking.k8s.io"]
resources: ["httproutes"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["gateway.networking.k8s.io"]
resources: ["grpcroutes"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["gateway.networking.k8s.io"]
resources: ["tlsroutes"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["gateway.networking.k8s.io"]
resources: ["tcproutes"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["gateway.networking.k8s.io"]
resources: ["udproutes"]
verbs: ["get","watch","list"]
- apiGroups: ["gloo.solo.io","gateway.solo.io"]
resources: ["proxies","virtualservices"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["gloo.solo.io", "gateway.solo.io"]
resources: ["proxies", "virtualservices"]
verbs: ["get", "watch", "list"]
- apiGroups: ["configuration.konghq.com"]
resources: ["tcpingresses"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["traefik.containo.us", "traefik.io"]
resources: ["ingressroutes", "ingressroutetcps", "ingressrouteudps"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["route.openshift.io"]
resources: ["routes"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["zalando.org"]
resources: ["routegroups"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
- apiGroups: ["zalando.org"]
resources: ["routegroups/status"]
verbs: ["patch","update"]
verbs: ["patch", "update"]
- apiGroups: ["cis.f5.com"]
resources: ["virtualservers"]
verbs: ["get","watch","list"]
verbs: ["get", "watch", "list"]
# -- The service account the pods will use to interact with the Kubernetes API
serviceAccount:
main:
enabled: true
primary: true
podOptions:
automountServiceAccountToken: true
portal:
open:
enabled: false

2
charts/enterprise/grafana/Chart.yaml
View File

@ -24,7 +24,7 @@ sources:
- https://github.com/bitnami/bitnami-docker-grafana
- https://grafana.com/
type: application
version: 9.0.38
version: 9.0.39
annotations:
truecharts.org/category: metrics
truecharts.org/SCALE-support: "true"

14
charts/enterprise/grafana/values.yaml
View File

@ -1,13 +1,12 @@
image:
repository: tccr.io/truecharts/grafana
repository: bitnami/grafana
pullPolicy: IfNotPresent
tag: v10.2.0@sha256:144e75d84d82a526ed804b253f91bea02fad28dac1e66e7a662f6dd985a64f7b
tag: 10.2.0@sha256:c488457595e458d4718c3748f106d9b331ca637a84b3f5ff07fdcc1dacaab646
manifestManager:
enabled: true
securityContext:
container:
readOnlyRootFilesystem: false
service:
main:
ports:
@ -15,7 +14,6 @@ service:
protocol: http
targetPort: 3000
port: 10038
workload:
main:
replicas: 2
@ -38,13 +36,10 @@ workload:
probes:
liveness:
path: "/api/health"
readiness:
path: "/api/health"
startup:
path: "/api/health"
persistence:
config:
enabled: true
@ -53,7 +48,6 @@ persistence:
enabled: true
type: emptyDir
mountPath: /opt/bitnami/grafana/tmp
metrics:
main:
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
@ -70,8 +64,7 @@ metrics:
labels: {}
# -- Configure additionial rules for the chart under this key.
# @default -- See prometheusrules.yaml
rules:
[]
rules: []
# - alert: UnifiPollerAbsent
# annotations:
# description: Unifi Poller has disappeared from Prometheus service discovery.
@ -81,7 +74,6 @@ metrics:
# for: 5m
# labels:
# severity: critical
portal:
open:
enabled: true

2
charts/enterprise/kubernetes-reflector/Chart.yaml
View File

@ -24,7 +24,7 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/enterprise/kubernetes-reflector
- https://github.com/emberstack/kubernetes-reflector
type: application
version: 1.0.5
version: 1.0.6
annotations:
truecharts.org/category: operators
truecharts.org/SCALE-support: "true"

12
charts/enterprise/kubernetes-reflector/values.yaml
View File

@ -1,15 +1,12 @@
image:
repository: tccr.io/truecharts/kubernetes-reflector
repository: docker.io/emberstack/kubernetes-reflector
pullPolicy: IfNotPresent
tag: v7.1.217@sha256:4ca9ce8c04441786ba0d343b3e5bfe9c638ac8efcc25aba0aaff3c6fb2363b5f
tag: build-7.1.217@sha256:982b8fc714349abe480a6864f3c3fce8e8801fd5068fac6add5b22ed32efc033
operator:
register: true
portal:
open:
enabled: false
rbac:
main:
enabled: true
@ -36,16 +33,12 @@ rbac:
verbs:
- "watch"
- "list"
serviceAccount:
main:
enabled: true
primary: true
kubernetesReflector:
logLevel: Information
workload:
main:
podSpec:
@ -72,7 +65,6 @@ workload:
type: http
path: /healthz
port: 25080
service:
main:
enabled: false

2
charts/enterprise/metallb-config/Chart.yaml
View File

@ -22,7 +22,7 @@ sources:
- https://github.com/metallb/metallb
- https://metallb.universe.tf
type: application
version: 3.0.10
version: 3.0.11
annotations:
truecharts.org/category: core
truecharts.org/SCALE-support: "true"

8
charts/enterprise/metallb-config/values.yaml
View File

@ -1,6 +1,6 @@
image:
repository: tccr.io/truecharts/scratch
tag: latest@sha256:7f821eeb99d04ac248c47f79cfbcc2482651fea48aff9ec5d2ba0ba34f1f5531
repository: hello-world
tag: latest@sha256:88ec0acaa3ec199d3b7eaf73588f4518c25f9d34f58ce9a0df68429c5af48e8d
pullPolicy: IfNotPresent
manifestManager:
enabled: false
@ -18,7 +18,6 @@ workload:
enabled: false
startup:
enabled: false
service:
main:
enabled: false
@ -26,16 +25,13 @@ service:
main:
enabled: false
port: 9999
operator:
verify:
enabled: true
additionalOperators: ["metallb"]
portal:
open:
enabled: false
ipAddressPools: []
# - name: example
# autoAssign: true

2
charts/enterprise/prometheus/Chart.yaml
View File

@ -29,7 +29,7 @@ sources:
- https://github.com/prometheus-community/helm-charts
- https://github.com/prometheus-operator/kube-prometheus
type: application
version: 13.0.19
version: 13.0.20
annotations:
truecharts.org/category: metrics
truecharts.org/SCALE-support: "true"

29
charts/enterprise/prometheus/values.yaml
View File

@ -1,15 +1,12 @@
image:
repository: tccr.io/truecharts/prometheus
tag: v2.47.2@sha256:92397b84686557a47be6a91fd80d1fe375301f150982ec9c0fb1a45c44ecedfa
repository: bitnami/prometheus
tag: 2.47.2@sha256:e04c2d5d5cc86aa4f59b8cc645ef51ca81c70ed7a7abfa1aaafaaa7e868b44ad
thanosImage:
repository: tccr.io/truecharts/thanos
tag: v0.32.5@sha256:4cea5ca36f1567993344c3375b9a80d8073dbc8d530656644d36c90683f96464
alertmanagerImage:
repository: tccr.io/truecharts/alertmanager
tag: v0.26.0@sha256:f0bbf30d4901be33855b0fb4b71e3d7410b872a33b9d08cd2d7ed576505e40a8
global:
labels: {}
workload:
@ -26,7 +23,6 @@ workload:
enabled: false
startup:
enabled: false
service:
main:
selectorLabels:
@ -59,7 +55,6 @@ service:
port: 10901
targetPort: 10901
protocol: http
ingress:
main:
enabled: false
@ -67,20 +62,16 @@ ingress:
enabled: false
thanos:
enabled: false
####
## Operator Config
####
env:
PROMETHEUS_CONFIG_RELOADER:
configMapKeyRef:
name: prometheus-operator-config
key: prometheus-config-reloader
podOptions:
automountServiceAccountToken: true
rbac:
main:
enabled: true
@ -178,16 +169,13 @@ rbac:
- get
- list
- watch
# -- The service account the pods will use to interact with the Kubernetes API
serviceAccount:
main:
enabled: true
primary: true
securityContext:
readOnlyRootFilesystem: false
probes:
# -- Liveness probe configuration
# @default -- See below
@ -198,7 +186,6 @@ probes:
path: "/metrics"
port: promop
scheme: HTTP
# -- Redainess probe configuration
# @default -- See below
readiness:
@ -208,7 +195,6 @@ probes:
path: "/metrics"
port: promop
scheme: HTTP
# -- Startup probe configuration
# @default -- See below
startup:
@ -218,7 +204,6 @@ probes:
path: "/metrics"
port: promop
scheme: HTTP
operator:
## Create a servicemonitor for the operator
##
@ -238,7 +223,6 @@ operator:
## ref: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
##
relabelings: []
## Prometheus Configmap-reload image to use for reloading configmaps
## defaults to Bitnami Prometheus Operator (ref: https://hub.docker.com/r/tccr.io/truecharts/prometheus-operator/tags/)
##
@ -251,7 +235,6 @@ operator:
capabilities:
drop:
- ALL
livenessProbe:
enabled: true
initialDelaySeconds: 10
@ -259,7 +242,6 @@ operator:
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 15
@ -267,7 +249,6 @@ operator:
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
####
## Prometheus Config (Spawned by Operator)
####
@ -326,7 +307,6 @@ prometheus:
capabilities:
drop:
- ALL
serviceMonitor:
## @param prometheus.serviceMonitor.enabled Creates a ServiceMonitor to monitor Prometheus itself
##
@ -842,7 +822,6 @@ prometheus:
## @param prometheus.portName Port name used for the pods and governing service. This defaults to web
##
portName: main
####
## Alert Manager Config
####
@ -1120,7 +1099,6 @@ alertmanager:
## @param alertmanager.configSelector Namespaces to be selected for AlertmanagerConfig discovery. If nil, only check own namespace. This defaults to {}
##
configSelector: {}
####
## Exporters
####
@ -1138,14 +1116,12 @@ exporters:
## @param exporters.kube-state-metrics.enabled Enable kube-state-metrics
##
enabled: true
## @param kube-state-metrics [object] Node Exporter deployment configuration
##
kube-state-metrics:
serviceMonitor:
enabled: true
honorLabels: true
## Component scraping for kubelet and kubelet hosted cAdvisor
##
kubelet:
@ -1361,7 +1337,6 @@ kubeProxy:
## @param kubeProxy.enabled Create a ServiceMonitor to scrape the kube-proxy Service
##
enabled: false
portal:
open:
enabled: true

2
charts/enterprise/traefik/Chart.yaml
View File

@ -23,7 +23,7 @@ sources:
- https://github.com/traefik/traefik-helm-chart
- https://traefik.io/
type: application
version: 21.1.7
version: 21.1.8
annotations:
truecharts.org/category: network
truecharts.org/SCALE-support: "true"

37
charts/enterprise/traefik/values.yaml
View File

@ -1,6 +1,6 @@
image:
repository: tccr.io/truecharts/traefik
tag: v2.10.5@sha256:b277733b5b8d7f9d2761813d97e161c1f64ec77960f9c06adde13868efbc8dce
repository: traefik
tag: v2.10.5@sha256:948978f7ec62f137a79f8af7044a1785bd7868706ef2c8cba9c88db688d08661
pullPolicy: IfNotPresent
manifestManager:
enabled: true
@ -22,7 +22,6 @@ workload:
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
# path: "/ping"
# -- Readiness probe configuration
# @default -- See below
readiness:
@ -32,7 +31,6 @@ workload:
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
# path: "/ping"
# -- Startup probe configuration
# @default -- See below
startup:
@ -42,15 +40,12 @@ workload:
# -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# @default -- "/"
# path: "/ping"
# -- Options for all pods
# Can be overruled per pod
podOptions:
automountServiceAccountToken: true
operator:
register: true
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
ingressClass:
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
@ -58,7 +53,6 @@ ingressClass:
isDefaultClass: false
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
fallbackApiVersion: ""
# -- Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
@ -72,14 +66,12 @@ ingressRoute:
providers:
kubernetesCRD:
enabled: true
namespaces:
[]
namespaces: []
# - "default"
kubernetesIngress:
enabled: true
# labelSelector: environment=production,method=traefik
namespaces:
[]
namespaces: []
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService:
@ -87,7 +79,6 @@ providers:
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
# -- Logs
# https://docs.traefik.io/observability/logs/
logs:
@ -105,8 +96,7 @@ logs:
# them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
filters:
{}
filters: {}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
@ -115,21 +105,18 @@ logs:
fields:
general:
defaultmode: keep
names:
{}
names: {}
# Examples:
# ClientUsername: drop
headers:
defaultmode: drop
names:
{}
names: {}
# Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
# -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
format: common
metrics:
main:
enabled: false
@ -138,10 +125,8 @@ metrics:
- port: metrics
path: /metrics
targetSelector: metrics
globalArguments:
- "--global.checknewversion"
##
# -- Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
@ -149,7 +134,6 @@ globalArguments:
additionalArguments:
- "--serverstransport.insecureskipverify=true"
- "--providers.kubernetesingress.allowexternalnameservices=true"
# -- TLS Options to be created as TLSOption CRDs
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
# Example:
@ -167,7 +151,6 @@ tlsOptions:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
# -- Options for the main traefik service, where the entrypoints traffic comes from
# from.
service:
@ -258,7 +241,6 @@ service:
enabled: false
# udp:
# enabled: false
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
main:
@ -310,13 +292,11 @@ rbac:
- get
- list
- watch
# -- The service account the pods will use to interact with the Kubernetes API
serviceAccount:
main:
enabled: true
primary: true
# -- SCALE Middleware Handlers
middlewares:
basicAuth: []
@ -441,16 +421,13 @@ middlewares:
## Note: body of every request will be buffered in memory while the request is in-flight
## (i.e.: during the security check and during the request processing by traefik and the backend),
## so you may want to tune maxBodySize depending on how much RAM you have.
portalhook:
enabled: true
persistence:
plugins:
enabled: true
mountPath: "/plugins-storage"
type: emptyDir
portal:
open:
enabled: true

2
charts/enterprise/vaultwarden/Chart.yaml
View File

@ -25,7 +25,7 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/enterprise/vaultwarden
- https://github.com/dani-garcia/vaultwarden
type: application
version: 23.0.9
version: 23.0.10
annotations:
truecharts.org/category: security
truecharts.org/SCALE-support: "true"

16
charts/enterprise/vaultwarden/values.yaml
View File

@ -1,7 +1,7 @@
image:
repository: tccr.io/truecharts/vaultwarden
repository: docker.io/vaultwarden/server
pullPolicy: IfNotPresent
tag: v1.30.0@sha256:57bc723900152d5401473f9e458bed388c253f034eeae878984216166cd14967
tag: 1.30.0@sha256:27638a2ae977d66d99891c06562ff9ba78a60869d2e5a94cf2953f1d03fde12f
manifestManager:
enabled: true
service:
@ -10,7 +10,6 @@ service:
main:
port: 10102
targetPort: 8080
workload:
main:
podSpec:
@ -22,13 +21,11 @@ workload:
secretKeyRef:
name: cnpg-main-urls
key: std
envFrom:
- configMapRef:
name: vaultwardenconfig
- secretRef:
name: vaultwardensecret
database:
# -- Database type,
# must be one of: 'sqlite', 'mysql' or 'postgresql'.
@ -42,7 +39,6 @@ database:
# maxConnections: 10
## Connection retries during startup, 0 for infinite. 1 second between retries.
# retries: 15
# Set Bitwarden_rs application variables
vaultwarden:
# -- Allow any user to sign-up
@ -84,7 +80,6 @@ vaultwarden:
disableAdminToken: false
## Token for admin login, will be generated if not defined. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-admin-page
# token:
# Enable SMTP. https://github.com/dani-garcia/bitwarden_rs/wiki/SMTP-configuration
smtp:
enabled: false
@ -112,7 +107,6 @@ vaultwarden:
# user: ""
## SMTP password. Required is user is specified, ignored if no user provided.
# password: ""
## Enable Yubico OTP authentication. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-Yubikey-OTP-authentication
yubico:
enabled: false
@ -121,13 +115,11 @@ vaultwarden:
## Yubico ID and Secret Key.
# clientId:
# secretKey:
## Enable Mobile Push Notifications. You must obtain and ID and Key here: https://bitwarden.com/host
push:
enabled: false
# installationId:
# installationKey:
## Logging options. https://github.com/dani-garcia/bitwarden_rs/wiki/Logging
log:
# Log to file.
@ -136,7 +128,6 @@ vaultwarden:
level: "trace"
## Log timestamp format. See https://docs.rs/chrono/0.4.15/chrono/format/strftime/index.html. Defaults to time in milliseconds.
# timeFormat: ""
icons:
# Disables download of external icons. Setting to true will still serve icons from cache (/data/icon_cache). TTL will default to zero.
disableDownload: false
@ -144,18 +135,15 @@ vaultwarden:
# cache: 2592000
## Cache time-to-live for icons that were not available. 0 means no purging.
# cacheFailed: 259200
persistence:
data:
enabled: true
mountPath: "/data"
cnpg:
main:
enabled: true
user: vaultwarden
database: vaultwarden
portal:
open:
enabled: true