diff --git a/charts/incubator/twofauth/.helmignore b/charts/incubator/twofauth/.helmignore new file mode 100644 index 00000000000..77ca5567b26 --- /dev/null +++ b/charts/incubator/twofauth/.helmignore @@ -0,0 +1,30 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl +# docs folder +/docs +# icon +icon.png diff --git a/charts/incubator/twofauth/CHANGELOG.md b/charts/incubator/twofauth/CHANGELOG.md new file mode 100644 index 00000000000..825c32f0d03 --- /dev/null +++ b/charts/incubator/twofauth/CHANGELOG.md @@ -0,0 +1 @@ +# Changelog diff --git a/charts/incubator/twofauth/Chart.yaml b/charts/incubator/twofauth/Chart.yaml new file mode 100644 index 00000000000..dd0231eea57 --- /dev/null +++ b/charts/incubator/twofauth/Chart.yaml @@ -0,0 +1,27 @@ +apiVersion: v2 +appVersion: "4.2.4" +dependencies: + - name: common + repository: https://library-charts.truecharts.org + version: 17.1.4 +deprecated: false +description: A Web app to manage your 2FA accounts and generate their security codes. +home: https://truecharts.org/charts/incubator/twofauth +icon: https://truecharts.org/img/hotlink-ok/chart-icons/twofauth.png +keywords: + - 2fauth + - auth +kubeVersion: ">=1.16.0-0" +maintainers: + - email: info@truecharts.org + name: TrueCharts + url: https://truecharts.org +name: twofauth +sources: + - https://github.com/truecharts/charts/tree/master/charts/incubator/twofauth + - https://github.com/Bubka/2fauth +type: application +version: 0.0.1 +annotations: + truecharts.org/category: auth + truecharts.org/SCALE-support: "true" diff --git a/charts/incubator/twofauth/README.md b/charts/incubator/twofauth/README.md new file mode 100644 index 00000000000..7e59600739c --- /dev/null +++ b/charts/incubator/twofauth/README.md @@ -0,0 +1 @@ +# README diff --git a/charts/incubator/twofauth/icon.png b/charts/incubator/twofauth/icon.png new file mode 100644 index 00000000000..ac8e6869676 Binary files /dev/null and b/charts/incubator/twofauth/icon.png differ diff --git a/charts/incubator/twofauth/questions.yaml b/charts/incubator/twofauth/questions.yaml new file mode 100644 index 00000000000..f9e60824e0e --- /dev/null +++ b/charts/incubator/twofauth/questions.yaml @@ -0,0 +1,266 @@ +# Include{groups} +portals: + open: +# Include{portalLink} +questions: +# Include{global} +# Include{workload} +# Include{workloadDeployment} + +# Include{replicas1} +# Include{podSpec} +# Include{containerMain} + +# Include{containerBasic} +# Include{containerAdvanced} + + - variable: twofauth + group: App Configuration + label: 2fauth + schema: + additional_attrs: true + type: dict + attrs: + - variable: app + label: App Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: App Name + schema: + type: string + default: "2FAuth" + - variable: session_lifetime + label: Session Lifetime + schema: + type: int + default: 120 + - variable: site_owner + label: Site Owner Email + schema: + type: string + default: "" + - variable: trusted_proxies + label: Trusted Proxies + schema: + type: list + empty: false + default: [] + required: true + items: + - variable: proxy + label: Proxy + schema: + type: string + required: true + default: "" + - variable: mail + label: Mail Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: driver + label: Driver + schema: + type: string + required: true + default: log + enum: + - value: log + description: Log + - value: smtp + description: SMTP + - variable: host + label: Host + schema: + type: string + default: "" + - variable: port + label: Port + schema: + type: int + default: 587 + - variable: from + label: From + schema: + type: string + default: "" + - variable: user + label: User + schema: + type: string + default: "" + - variable: pass + label: Pass + schema: + type: string + private: true + default: "" + - variable: encryption + label: encryption + schema: + type: string + default: "STARTTLS" + enum: + - value: TLS + description: TLS + - value: STARTTLS + description: STARTTLS + - value: SSL + description: SSL + - variable: from_name + label: From Name + schema: + type: string + default: "2FAuth" + - variable: from_address + label: From Address + schema: + type: string + default: "" + - variable: auth + label: Auth Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: guard + label: Guard + schema: + type: string + default: "web-guard" + enum: + - value: web-guard + description: Web Guard + - value: reverse-proxy-guard + description: Reverse Proxy Guard + - variable: proxy_header_for_user + label: Proxy Header for User + schema: + type: string + default: "" + show_if: [[guard, "=", "reverse-proxy-guard"]] + - variable: proxy_header_for_email + label: Proxy Header for Email + schema: + type: string + default: "" + show_if: [[guard, "=", "reverse-proxy-guard"]] + - variable: proxy_logout_url + label: Proxy Logout Url + schema: + type: string + default: "" + show_if: [[guard, "=", "reverse-proxy-guard"]] + - variable: webauthn + label: WebAuthn Configuration + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + default: 2FAuth + - variable: id + label: ID + schema: + type: string + default: "" + - variable: icon + label: Icon + schema: + type: string + default: "" + - variable: user_verified + label: User Verified + schema: + type: string + default: preferred + enum: + - value: required + description: Required + - value: preferred + description: Preferred + - value: discouraged + description: Discouraged + +# Include{containerConfig} +# Include{podOptions} +# Include{serviceRoot} +# Include{serviceMain} +# Include{serviceSelectorLoadBalancer} +# Include{serviceSelectorExtras} + - variable: main + label: "Main Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 8000 + required: true +# Include{serviceExpertRoot} +# Include{serviceExpert} +# Include{serviceList} +# Include{persistenceRoot} + - variable: config + label: "App Config Storage" + description: "Stores the Application Configuration." + schema: + additional_attrs: true + type: dict + attrs: +# Include{persistenceBasic} +# Include{persistenceList} +# Include{ingressRoot} + - variable: main + label: "Main Ingress" + schema: + additional_attrs: true + type: dict + attrs: +# Include{ingressDefault} +# Include{ingressTLS} +# Include{ingressTraefik} +# Include{ingressAdvanced} +# Include{ingressList} +# Include{securityContextRoot} + + - variable: runAsUser + label: "runAsUser" + description: "The UserID of the user running the application" + schema: + type: int + default: 1000 + - variable: runAsGroup + label: "runAsGroup" + description: "The groupID of the user running the application" + schema: + type: int + default: 1000 +# Include{securityContextContainer} +# Include{securityContextAdvanced} +# Include{securityContextPod} + - variable: fsGroup + label: "fsGroup" + description: "The group that should own ALL storage." + schema: + type: int + default: 568 + +# Include{resources} +# Include{advanced} +# Include{addons} +# Include{codeserver} +# Include{netshoot} +# Include{vpn} +# Include{documentation} diff --git a/charts/incubator/twofauth/templates/NOTES.txt b/charts/incubator/twofauth/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/charts/incubator/twofauth/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/charts/incubator/twofauth/templates/_secrets.tpl b/charts/incubator/twofauth/templates/_secrets.tpl new file mode 100644 index 00000000000..5008373e373 --- /dev/null +++ b/charts/incubator/twofauth/templates/_secrets.tpl @@ -0,0 +1,13 @@ +{{/* Define the secrets */}} +{{- define "twofauth.secret" -}} + {{- $secretName := (printf "%s-twofauth-secret" (include "tc.v1.common.lib.chart.names.fullname" $)) }} + + {{- $appKey := randAlphaNum 32 -}} + + {{- with lookup "v1" "Secret" .Release.Namespace $secretName -}} + {{- $appKey = index .data "APP_KEY" | b64dec -}} + {{- end }} +enabled: true +data: + APP_KEY: {{ $appKey }} +{{- end -}} diff --git a/charts/incubator/twofauth/templates/common.yaml b/charts/incubator/twofauth/templates/common.yaml new file mode 100644 index 00000000000..959caee0647 --- /dev/null +++ b/charts/incubator/twofauth/templates/common.yaml @@ -0,0 +1,10 @@ +{{/* Make sure all variables are set properly */}} +{{- include "tc.v1.common.loader.init" . -}} + +{{- $secret := include "twofauth.secret" . | fromYaml -}} +{{- if $secret -}} + {{- $_ := set .Values.secret "twofauth-secret" $secret -}} +{{- end -}} + +{{/* Render the templates */}} +{{- include "tc.v1.common.loader.apply" . -}} diff --git a/charts/incubator/twofauth/values.yaml b/charts/incubator/twofauth/values.yaml new file mode 100644 index 00000000000..998218b18b0 --- /dev/null +++ b/charts/incubator/twofauth/values.yaml @@ -0,0 +1,126 @@ +image: + repository: 2fauth/2fauth + pullPolicy: IfNotPresent + tag: 5.0.0@sha256:4845b8be5b6a2e40e29bb27dee36fffc746ef15b8c9e09f065dcae646c34182f + +securityContext: + container: + readOnlyRootFilesystem: false + runAsUser: 1000 + runAsGroup: 1000 + +twofauth: + app: + name: 2FAuth + site_owner: mail@example.com + url: http://localhost:8000 + session_lifetime: 120 + trusted_proxies: [] + mail: + driver: log + host: "" + port: 587 + from: "" + user: "" + pass: "" + # TLS | STARTTLS | SSL + encryption: STARTTLS + from_name: 2FAuth + from_address: changeme@example.com + auth: + # web-guard | reverse-proxy-guard + guard: web-guard + # show if guard uses reverse-proxy-guard + proxy_header_for_user: "" + proxy_header_for_email: "" + proxy_logout_url: "" + webauthn: + name: 2FAuth + id: "" + icon: "" + # required | preferred | discouraged + user_verified: preferred + +workload: + main: + podSpec: + containers: + main: + probes: + liveness: + path: /infos + readiness: + path: /infos + startup: + type: tcp + env: + # APP + APP_ENV: local + APP_KEY: + secretKeyRef: + name: twofauth-secret + key: APP_KEY + APP_NAME: "{{ .Values.twofauth.app.name }}" + SITE_OWNER: "{{ .Values.twofauth.app.site_owner }}" + APP_URL: "{{ .Values.twofauth.app.url }}" + SESSION_LIFETIME: "{{ .Values.twofauth.app.session_lifetime }}" + TRUSTED_PROXIES: '{{ join "," .Values.twofauth.app.trusted_proxies }}' + # MAIL + MAIL_DRIVER: "{{ .Values.twofauth.mail.driver }}" + MAIL_HOST: "{{ .Values.twofauth.mail.host }}" + MAIL_PORT: "{{ .Values.twofauth.mail.port }}" + MAIL_FROM: "{{ .Values.twofauth.mail.from }}" + MAIL_USERNAME: "{{ .Values.twofauth.mail.user }}" + MAIL_PASSWORD: "{{ .Values.twofauth.mail.pass }}" + MAIL_ENCRYPTION: "{{ .Values.twofauth.mail.encryption }}" + MAIL_FROM_NAME: "{{ .Values.twofauth.mail.from_name }}" + MAIL_FROM_ADDRESS: "{{ .Values.twofauth.mail.from_address }}" + # AUTH + AUTHENTICATION_GUARD: "{{ .Values.twofauth.auth.guard }}" + AUTH_PROXY_HEADER_FOR_USER: "{{ .Values.twofauth.auth.proxy_header_for_user }}" + AUTH_PROXY_HEADER_FOR_EMAIL: "{{ .Values.twofauth.auth.proxy_header_for_email }}" + PROXY_LOGOUT_URL: "{{ .Values.twofauth.auth.proxy_logout_url }}" + # WebAuthn: + WEBAUTHN_NAME: "{{ .Values.twofauth.webauthn.name }}" + WEBAUTHN_ID: "{{ .Values.twofauth.webauthn.id }}" + # Optional image data in BASE64 (128 bytes maximum) or an image url + WEBAUTHN_ICON: "{{ .Values.twofauth.webauthn.icon }}" + WEBAUTHN_USER_VERIFICATION: "{{ .Values.twofauth.webauthn.user_verified }}" + # Postgres + DB_CONNECTION: pgsql + DB_DATABASE: "{{ .Values.cnpg.main.database }}" + DB_USERNAME: "{{ .Values.cnpg.main.user }}" + DB_PORT: 5432 + DB_HOST: + secretKeyRef: + name: cnpg-main-urls + key: host + DB_PASSWORD: + secretKeyRef: + name: cnpg-main-user + key: password + +service: + main: + ports: + main: + protocol: http + targetPort: 8000 + port: 8000 + +persistence: + config: + enabled: true + mountPath: /2fauth + varrun: + enabled: false + +cnpg: + main: + enabled: true + user: twofauth + database: twofauth + +portal: + open: + enabled: true