feat(cloudflared): add cloudflared (#3029)
* add cloudflared zerotrust incubator app * removed empty line for cloudflared chart.yaml * update CF questions.yaml * fix CF common.yaml * removed CF vpn tag * updated CF question.yaml * update CF questions.yaml * update cloudflared Chart.yaml * formatted CF's questions.yaml * update CF files * update * update CF's questions.yaml * update CF * apply some fixes * lint * add testtoken * test with rofs * add CI tests * newline * lint * rename * lint * lint * remove file * readd file * root * whoops * disable probes Co-authored-by: Stavros kois <s.kois@outlook.com> Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
This commit is contained in:
parent
cc03dd7d8d
commit
a2994b9244
|
@ -0,0 +1,29 @@
|
|||
apiVersion: v2
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
name: cloudflared
|
||||
version: 0.0.1
|
||||
appVersion: "2022.6.3"
|
||||
description: Client for Cloudflare Tunnel, a daemon that exposes private services through the Cloudflare edge.
|
||||
type: application
|
||||
deprecated: false
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/cloudflared
|
||||
icon: https://truecharts.org/_static/img/appicons/cloudflared.png
|
||||
keywords:
|
||||
- cloudflared
|
||||
- networking
|
||||
sources:
|
||||
- https://hub.docker.com/r/cloudflare/cloudflared
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 10.1.4
|
||||
# condition:
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- incubator
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
|
@ -0,0 +1,3 @@
|
|||
# With the bellow we test both container starts and that tpl is working inside extraArgs list
|
||||
extraArgs: ["tunnel", "--no-autoupdate", "{{ .Values.testTpl }}"]
|
||||
testTpl: "--hello-world"
|
|
@ -0,0 +1,233 @@
|
|||
# Include{groups}
|
||||
portals: {}
|
||||
questions:
|
||||
# Include{global}
|
||||
- variable: controller
|
||||
group: "Controller"
|
||||
label: ""
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: advanced
|
||||
label: "Show Advanced Controller Settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: type
|
||||
description: "Please specify type of workload to deploy"
|
||||
label: "(Advanced) Controller Type"
|
||||
schema:
|
||||
type: string
|
||||
default: "deployment"
|
||||
required: true
|
||||
enum:
|
||||
- value: "deployment"
|
||||
description: "Deployment"
|
||||
- value: "statefulset"
|
||||
description: "Statefulset"
|
||||
- value: "daemonset"
|
||||
description: "Daemonset"
|
||||
- variable: replicas
|
||||
description: "Number of desired pod replicas"
|
||||
label: "Desired Replicas"
|
||||
schema:
|
||||
type: int
|
||||
default: 1
|
||||
required: true
|
||||
- variable: strategy
|
||||
description: "Please specify type of workload to deploy"
|
||||
label: "(Advanced) Update Strategy"
|
||||
schema:
|
||||
type: string
|
||||
default: "Recreate"
|
||||
required: true
|
||||
enum:
|
||||
- value: "Recreate"
|
||||
description: "Recreate: Kill existing pods before creating new ones"
|
||||
- value: "RollingUpdate"
|
||||
description: "RollingUpdate: Create new pods and then kill old ones"
|
||||
- value: "OnDelete"
|
||||
description: "(Legacy) OnDelete: ignore .spec.template changes"
|
||||
# Include{controllerExpert}
|
||||
- variable: env
|
||||
group: "Container Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: token
|
||||
label: "Tunnel Token"
|
||||
description: "Token for tunnel (Tunnel managed by Cloudflare not locally)"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
# Include{containerConfig}
|
||||
|
||||
- variable: service
|
||||
group: "Networking and Services"
|
||||
label: "Configure Service(s)"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
description: "The Primary service on which the healthcheck runs, often the webUI"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelector}
|
||||
- variable: main
|
||||
label: "Main Service Port Configuration"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: "Port"
|
||||
description: "This port exposes the container port on the service"
|
||||
schema:
|
||||
type: int
|
||||
default: 6969
|
||||
required: true
|
||||
- variable: advanced
|
||||
label: "Show Advanced settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: protocol
|
||||
label: "Port Type"
|
||||
schema:
|
||||
type: string
|
||||
default: "HTTP"
|
||||
enum:
|
||||
- value: HTTP
|
||||
description: "HTTP"
|
||||
- value: "HTTPS"
|
||||
description: "HTTPS"
|
||||
- value: TCP
|
||||
description: "TCP"
|
||||
- value: "UDP"
|
||||
description: "UDP"
|
||||
- variable: nodePort
|
||||
label: "Node Port (Optional)"
|
||||
description: "This port gets exposed to the node. Only considered when service type is NodePort, Simple or LoadBalancer"
|
||||
schema:
|
||||
type: int
|
||||
min: 9000
|
||||
max: 65535
|
||||
- variable: targetPort
|
||||
label: "Target Port"
|
||||
description: "The internal(!) port on the container the Application runs on"
|
||||
schema:
|
||||
type: int
|
||||
default: 6969
|
||||
|
||||
- variable: serviceexpert
|
||||
group: "Networking and Services"
|
||||
label: "Show Expert Config"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: hostNetwork
|
||||
group: "Networking and Services"
|
||||
label: "Host-Networking (Complicated)"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
# Include{serviceExpert}
|
||||
# Include{serviceList}
|
||||
- variable: persistence
|
||||
label: "Integrated Persistent Storage"
|
||||
description: "Integrated Persistent Storage"
|
||||
group: "Storage and Persistence"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: config
|
||||
label: "App Config Storage"
|
||||
description: "Stores the Application Configuration."
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{persistenceBasic}
|
||||
# Include{persistenceAdvanced}
|
||||
# Include{persistenceList}
|
||||
# Include{ingressList}
|
||||
# Include{security}
|
||||
- variable: advancedSecurity
|
||||
label: "Show Advanced Security Settings"
|
||||
group: "Security and Permissions"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: securityContext
|
||||
label: "Security Context"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: privileged
|
||||
label: "Privileged mode"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: readOnlyRootFilesystem
|
||||
label: "ReadOnly Root Filesystem"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: allowPrivilegeEscalation
|
||||
label: "Allow Privilege Escalation"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: runAsNonRoot
|
||||
label: "runAsNonRoot"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
# Include{securityContextAdvanced}
|
||||
- variable: podSecurityContext
|
||||
group: "Security and Permissions"
|
||||
label: "Pod Security Context"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: runAsUser
|
||||
label: "runAsUser"
|
||||
description: "The UserID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: fsGroup
|
||||
label: "fsGroup"
|
||||
description: "The group that should own ALL storage."
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
# Include{podSecurityContextAdvanced}
|
||||
# Include{resources}
|
||||
# Include{advanced}
|
||||
# Include{addons}
|
|
@ -0,0 +1 @@
|
|||
{{ include "tc.common.loader.all" . }}
|
|
@ -0,0 +1,32 @@
|
|||
image:
|
||||
repository: cloudflare/cloudflared
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 2022.6.3
|
||||
|
||||
extraArgs: ["tunnel", "--no-autoupdate", "run", "--token", "{{ .Values.env.token }}"]
|
||||
|
||||
env:
|
||||
token: ""
|
||||
|
||||
securityContext:
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
service:
|
||||
main:
|
||||
protocol: HTTP
|
||||
ports:
|
||||
main:
|
||||
targetPort: 6969
|
||||
port: 6969
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
Loading…
Reference in New Issue