fix(meshcentral): remove --cert from run command (#4205)

* fix(meshcentral): remove --cert from run command * enable webSocketMaskOverride on agentconfig by default * test somthing * add another question * remove required for testing
2022-10-27 08:41:30 +03:00 · 2022-10-27 08:41:30 +03:00 · eac55c22f5
parent 13a3a43b04
commit eac55c22f5
4 changed files with 21 additions and 8 deletions
--- a/charts/incubator/meshcentral/Chart.yaml
+++ b/charts/incubator/meshcentral/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 kubeVersion: ">=1.16.0-0"
 name: meshcentral
 appVersion: "1.0.90"
-version: 5.0.7
+version: 5.0.8
 description: MeshCentral is a full computer management web site
 type: application
 deprecated: false
--- a/charts/incubator/meshcentral/questions.yaml
+++ b/charts/incubator/meshcentral/questions.yaml
@ -37,21 +37,21 @@ questions:
                description: Set this to the primary DNS name of this MeshCentral server.
                schema:
                  type: string
-                  required: true
+                  # required: true
                  default: ""
              - variable: tlsOffload
                label: tlsOffload
                description: When true, indicates that a TLS offloader is in front of the MeshCentral server. More typically, set this to the IP address of the reverse proxy or TLS offloader so that IP forwarding headers will be trusted. For example 127.0.0.1,traefik.ix-traefik.svc.cluster.local
                schema:
                  type: string
-                  required: true
+                  # required: true
                  default: ""
              - variable: trustedProxy
                label: trustedProxy
                description: Trust forwarded headers from these IPs or domains.  Providing the magic string "CloudFlare" will cause the server to download the IP address list of trusted CloudFlare proxies directly from CloudFlare on each server start. For example 127.0.0.1,traefik.ix-traefik.svc.cluster.local
                schema:
                  type: string
-                  required: true
+                  # required: true
                  default: ""
              - variable: WANonly
                label: WANonly
@ -95,6 +95,12 @@ questions:
                schema:
                  type: boolean
                  default: false
+              - variable: allowHighQualityDesktop
+                label: allowHighQualityDesktop
+                description: When false, users will only be able to set remote desktop image quality to 60%, this can reduce server bandwidth usage.
+                schema:
+                  type: boolean
+                  default: true
              - variable: browserPing
                label: browserPing
                description: When specified, sends data to the browser at x seconds interval and expects a response from the browser.
@ -235,7 +241,7 @@ questions:
                      description: HTTPS URL when to get the TLS certificate that MeshAgent's will see when connecting to this server. This setting is used when a reverse proxy like Traefik is used in front of MeshCentral.
                      schema:
                        type: string
-                        required: true
+                        # required: true
                        default: ""
                    - variable: title
                      label: title
--- a/charts/incubator/meshcentral/templates/_secret.tpl
+++ b/charts/incubator/meshcentral/templates/_secret.tpl
@ -59,6 +59,7 @@ metadata:
 data:
  {{/* Store session_key to reuse */}}
  session_key: {{ $sessionKey | b64enc }}
+  trigger_redeploy: {{ randAlpha 5 }}
  {{/* The actual config */}}
  config.json: |
    {{- toPrettyJson (fromYaml $config) | b64enc | nindent 4 }}
--- a/charts/incubator/meshcentral/values.yaml
+++ b/charts/incubator/meshcentral/values.yaml
@ -8,8 +8,6 @@ command:
  - meshcentral/meshcentral
  - --configfile
  - /opt/meshcentral/meshcentral-config/config.json
-  - --cert
-  - "{{ .Values.meshcentral.settings.cert }}"

 securityContext:
  readOnlyRootFilesystem: false
@ -19,6 +17,12 @@ podSecurityContext:
  runAsUser: 0
  runAsGroup: 0

+env:
+  trigger_redeploy:
+    secretKeyRef:
+      name: '{{ include "tc.common.names.fullname" . }}-secret'
+      key: trigger_redeploy
+
 # - Values with the character _ in-front of them are pruned. Add or remove _ to disable or enable options
 # - More in-depth info for each options can be found here: https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json
 # - Check for this chart's specific info in our webpage https://truecharts.org
@ -776,7 +780,9 @@ meshcentral:
        proxy: null
      _httpHeaders: null
      # - Key and values to add to the MeshAgent .msh file
-      _agentConfig: []
+      agentConfig:
+        # - Needed if you use traefik https://github.com/traefik/traefik/issues/4487
+        - webSocketMaskOverride=1
      # - Key and values to add to the MeshCentral Assistant .msh file
      _assistantConfig: []
      # - When false, users can't set the clipboard of a remove device.