diff --git a/charts/incubator/cloudflared/Chart.yaml b/charts/incubator/cloudflared/Chart.yaml new file mode 100644 index 00000000000..406067b57f2 --- /dev/null +++ b/charts/incubator/cloudflared/Chart.yaml @@ -0,0 +1,29 @@ +apiVersion: v2 +kubeVersion: ">=1.16.0-0" +name: cloudflared +version: 0.0.1 +appVersion: "2022.6.3" +description: Client for Cloudflare Tunnel, a daemon that exposes private services through the Cloudflare edge. +type: application +deprecated: false +home: https://github.com/truecharts/apps/tree/master/charts/stable/cloudflared +icon: https://truecharts.org/_static/img/appicons/cloudflared.png +keywords: + - cloudflared + - networking +sources: + - https://hub.docker.com/r/cloudflare/cloudflared +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 10.1.4 + # condition: +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +annotations: + truecharts.org/catagories: | + - incubator + truecharts.org/SCALE-support: "true" + truecharts.org/grade: U diff --git a/charts/incubator/cloudflared/ci/test-values.yaml b/charts/incubator/cloudflared/ci/test-values.yaml new file mode 100644 index 00000000000..2887e3c1ebf --- /dev/null +++ b/charts/incubator/cloudflared/ci/test-values.yaml @@ -0,0 +1,3 @@ +# With the bellow we test both container starts and that tpl is working inside extraArgs list +extraArgs: ["tunnel", "--no-autoupdate", "{{ .Values.testTpl }}"] +testTpl: "--hello-world" diff --git a/charts/incubator/cloudflared/questions.yaml b/charts/incubator/cloudflared/questions.yaml new file mode 100644 index 00000000000..cae2eb35d6c --- /dev/null +++ b/charts/incubator/cloudflared/questions.yaml @@ -0,0 +1,233 @@ +# Include{groups} +portals: {} +questions: +# Include{global} + - variable: controller + group: "Controller" + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: advanced + label: "Show Advanced Controller Settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + description: "Please specify type of workload to deploy" + label: "(Advanced) Controller Type" + schema: + type: string + default: "deployment" + required: true + enum: + - value: "deployment" + description: "Deployment" + - value: "statefulset" + description: "Statefulset" + - value: "daemonset" + description: "Daemonset" + - variable: replicas + description: "Number of desired pod replicas" + label: "Desired Replicas" + schema: + type: int + default: 1 + required: true + - variable: strategy + description: "Please specify type of workload to deploy" + label: "(Advanced) Update Strategy" + schema: + type: string + default: "Recreate" + required: true + enum: + - value: "Recreate" + description: "Recreate: Kill existing pods before creating new ones" + - value: "RollingUpdate" + description: "RollingUpdate: Create new pods and then kill old ones" + - value: "OnDelete" + description: "(Legacy) OnDelete: ignore .spec.template changes" +# Include{controllerExpert} + - variable: env + group: "Container Configuration" + label: "Image Environment" + schema: + additional_attrs: true + type: dict + attrs: + - variable: token + label: "Tunnel Token" + description: "Token for tunnel (Tunnel managed by Cloudflare not locally)" + schema: + type: string + required: true + default: "" +# Include{containerConfig} + + - variable: service + group: "Networking and Services" + label: "Configure Service(s)" + schema: + additional_attrs: true + type: dict + attrs: + - variable: main + label: "Main Service" + description: "The Primary service on which the healthcheck runs, often the webUI" + schema: + additional_attrs: true + type: dict + attrs: +# Include{serviceSelector} + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 6969 + required: true + - variable: advanced + label: "Show Advanced settings" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: protocol + label: "Port Type" + schema: + type: string + default: "HTTP" + enum: + - value: HTTP + description: "HTTP" + - value: "HTTPS" + description: "HTTPS" + - value: TCP + description: "TCP" + - value: "UDP" + description: "UDP" + - variable: nodePort + label: "Node Port (Optional)" + description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer" + schema: + type: int + min: 9000 + max: 65535 + - variable: targetPort + label: "Target Port" + description: "The internal(!) port on the container the Application runs on" + schema: + type: int + default: 6969 + + - variable: serviceexpert + group: "Networking and Services" + label: "Show Expert Config" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostNetwork + group: "Networking and Services" + label: "Host-Networking (Complicated)" + schema: + type: boolean + default: false +# Include{serviceExpert} +# Include{serviceList} + - variable: persistence + label: "Integrated Persistent Storage" + description: "Integrated Persistent Storage" + group: "Storage and Persistence" + schema: + additional_attrs: true + type: dict + attrs: + - variable: config + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} +# Include{persistenceAdvanced} +# Include{persistenceList} +# Include{ingressList} +# Include{security} + - variable: advancedSecurity + label: "Show Advanced Security Settings" + group: "Security and Permissions" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: securityContext + label: "Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: privileged + label: "Privileged mode" + schema: + type: boolean + default: false + - variable: readOnlyRootFilesystem + label: "ReadOnly Root Filesystem" + schema: + type: boolean + default: true + - variable: allowPrivilegeEscalation + label: "Allow Privilege Escalation" + schema: + type: boolean + default: false + - variable: runAsNonRoot + label: "runAsNonRoot" + schema: + type: boolean + default: true +# Include{securityContextAdvanced} + - variable: podSecurityContext + group: "Security and Permissions" + label: "Pod Security Context" + schema: + additional_attrs: true + type: dict + attrs: + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 568 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID this App of the user running the application" + schema: + type: int + default: 568 + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 +# Include{podSecurityContextAdvanced} +# Include{resources} +# Include{advanced} +# Include{addons} diff --git a/charts/incubator/cloudflared/templates/common.yaml b/charts/incubator/cloudflared/templates/common.yaml new file mode 100644 index 00000000000..c1a366e1cf0 --- /dev/null +++ b/charts/incubator/cloudflared/templates/common.yaml @@ -0,0 +1 @@ +{{ include "tc.common.loader.all" . }} diff --git a/charts/incubator/cloudflared/values.yaml b/charts/incubator/cloudflared/values.yaml new file mode 100644 index 00000000000..5ef530ca46b --- /dev/null +++ b/charts/incubator/cloudflared/values.yaml @@ -0,0 +1,32 @@ +image: + repository: cloudflare/cloudflared + pullPolicy: IfNotPresent + tag: 2022.6.3 + +extraArgs: ["tunnel", "--no-autoupdate", "run", "--token", "{{ .Values.env.token }}"] + +env: + token: "" + +securityContext: + runAsNonRoot: false + +podSecurityContext: + runAsUser: 0 + runAsGroup: 0 + +service: + main: + protocol: HTTP + ports: + main: + targetPort: 6969 + port: 6969 + +probes: + liveness: + enabled: false + readiness: + enabled: false + startup: + enabled: false