Cloned2Preserve
/
TrueChartsClone
mirror of https://github.com/truecharts/charts.git
1
0
Fork 0
Code

feat(cloudflared): add cloudflared (#3029) 

* add cloudflared zerotrust incubator app

* removed empty line for cloudflared chart.yaml

* update CF questions.yaml

* fix  CF common.yaml

* removed CF vpn tag

* updated CF question.yaml

* update CF questions.yaml

* update cloudflared Chart.yaml

* formatted CF's questions.yaml

* update CF files

* update

* update CF's questions.yaml

* update CF

* apply some fixes

* lint

* add testtoken

* test with rofs

* add CI tests

* newline

* lint

* rename

* lint

* lint

* remove file

* readd file

* root

* whoops

* disable probes

Co-authored-by: Stavros kois <s.kois@outlook.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
This commit is contained in:
Xstar97 2022-07-02 10:36:56 -04:00 committed by GitHub
parent cc03dd7d8d
commit a2994b9244
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 298 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
charts/incubator/cloudflared/Chart.yaml Normal file
View File

@ -0,0 +1,29 @@
apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: cloudflared
version: 0.0.1
appVersion: "2022.6.3"
description: Client for Cloudflare Tunnel, a daemon that exposes private services through the Cloudflare edge.
type: application
deprecated: false
home: https://github.com/truecharts/apps/tree/master/charts/stable/cloudflared
icon: https://truecharts.org/_static/img/appicons/cloudflared.png
keywords:
- cloudflared
- networking
sources:
- https://hub.docker.com/r/cloudflare/cloudflared
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 10.1.4
# condition:
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
annotations:
truecharts.org/catagories: |
- incubator
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

3
charts/incubator/cloudflared/ci/test-values.yaml Normal file
View File

@ -0,0 +1,3 @@
# With the bellow we test both container starts and that tpl is working inside extraArgs list
extraArgs: ["tunnel", "--no-autoupdate", "{{ .Values.testTpl }}"]
testTpl: "--hello-world"

233
charts/incubator/cloudflared/questions.yaml Normal file
View File

@ -0,0 +1,233 @@
# Include{groups}
portals: {}
questions:
# Include{global}
- variable: controller
group: "Controller"
label: ""
schema:
additional_attrs: true
type: dict
attrs:
- variable: advanced
label: "Show Advanced Controller Settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: type
description: "Please specify type of workload to deploy"
label: "(Advanced) Controller Type"
schema:
type: string
default: "deployment"
required: true
enum:
- value: "deployment"
description: "Deployment"
- value: "statefulset"
description: "Statefulset"
- value: "daemonset"
description: "Daemonset"
- variable: replicas
description: "Number of desired pod replicas"
label: "Desired Replicas"
schema:
type: int
default: 1
required: true
- variable: strategy
description: "Please specify type of workload to deploy"
label: "(Advanced) Update Strategy"
schema:
type: string
default: "Recreate"
required: true
enum:
- value: "Recreate"
description: "Recreate: Kill existing pods before creating new ones"
- value: "RollingUpdate"
description: "RollingUpdate: Create new pods and then kill old ones"
- value: "OnDelete"
description: "(Legacy) OnDelete: ignore .spec.template changes"
# Include{controllerExpert}
- variable: env
group: "Container Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: token
label: "Tunnel Token"
description: "Token for tunnel (Tunnel managed by Cloudflare not locally)"
schema:
type: string
required: true
default: ""
# Include{containerConfig}
- variable: service
group: "Networking and Services"
label: "Configure Service(s)"
schema:
additional_attrs: true
type: dict
attrs:
- variable: main
label: "Main Service"
description: "The Primary service on which the healthcheck runs, often the webUI"
schema:
additional_attrs: true
type: dict
attrs:
# Include{serviceSelector}
- variable: main
label: "Main Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 6969
required: true
- variable: advanced
label: "Show Advanced settings"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: protocol
label: "Port Type"
schema:
type: string
default: "HTTP"
enum:
- value: HTTP
description: "HTTP"
- value: "HTTPS"
description: "HTTPS"
- value: TCP
description: "TCP"
- value: "UDP"
description: "UDP"
- variable: nodePort
label: "Node Port (Optional)"
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
schema:
type: int
min: 9000
max: 65535
- variable: targetPort
label: "Target Port"
description: "The internal(!) port on the container the Application runs on"
schema:
type: int
default: 6969
- variable: serviceexpert
group: "Networking and Services"
label: "Show Expert Config"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostNetwork
group: "Networking and Services"
label: "Host-Networking (Complicated)"
schema:
type: boolean
default: false
# Include{serviceExpert}
# Include{serviceList}
- variable: persistence
label: "Integrated Persistent Storage"
description: "Integrated Persistent Storage"
group: "Storage and Persistence"
schema:
additional_attrs: true
type: dict
attrs:
- variable: config
label: "App Config Storage"
description: "Stores the Application Configuration."
schema:
additional_attrs: true
type: dict
attrs:
# Include{persistenceBasic}
# Include{persistenceAdvanced}
# Include{persistenceList}
# Include{ingressList}
# Include{security}
- variable: advancedSecurity
label: "Show Advanced Security Settings"
group: "Security and Permissions"
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: securityContext
label: "Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: privileged
label: "Privileged mode"
schema:
type: boolean
default: false
- variable: readOnlyRootFilesystem
label: "ReadOnly Root Filesystem"
schema:
type: boolean
default: true
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
type: boolean
default: false
- variable: runAsNonRoot
label: "runAsNonRoot"
schema:
type: boolean
default: true
# Include{securityContextAdvanced}
- variable: podSecurityContext
group: "Security and Permissions"
label: "Pod Security Context"
schema:
additional_attrs: true
type: dict
attrs:
- variable: runAsUser
label: "runAsUser"
description: "The UserID of the user running the application"
schema:
type: int
default: 568
- variable: runAsGroup
label: "runAsGroup"
description: "The groupID this App of the user running the application"
schema:
type: int
default: 568
- variable: fsGroup
label: "fsGroup"
description: "The group that should own ALL storage."
schema:
type: int
default: 568
# Include{podSecurityContextAdvanced}
# Include{resources}
# Include{advanced}
# Include{addons}

1
charts/incubator/cloudflared/templates/common.yaml Normal file
View File

@ -0,0 +1 @@
{{ include "tc.common.loader.all" . }}

32
charts/incubator/cloudflared/values.yaml Normal file
View File

@ -0,0 +1,32 @@
image:
repository: cloudflare/cloudflared
pullPolicy: IfNotPresent
tag: 2022.6.3
extraArgs: ["tunnel", "--no-autoupdate", "run", "--token", "{{ .Values.env.token }}"]
env:
token: ""
securityContext:
runAsNonRoot: false
podSecurityContext:
runAsUser: 0
runAsGroup: 0
service:
main:
protocol: HTTP
ports:
main:
targetPort: 6969
port: 6969
probes:
liveness:
enabled: false
readiness:
enabled: false
startup:
enabled: false