diff --git a/.github/docs/development/ingress.md b/.github/docs/development/ingress.md new file mode 100644 index 00000000000..6bcc43a74a9 --- /dev/null +++ b/.github/docs/development/ingress.md @@ -0,0 +1,270 @@ +# Ingress + +Ingress is what we call "Reverse Proxy" in the UI and in the user side of the documentation. Please be aware that those refer to the same system. An Ingress is, simply put, just Kubernetes way of connecting outsides to Apps running in containers. + +### Ingress Types + +We currently support: +- HTTP via Ingres +- HTTP via Traefik IngressRoute (HTTP-IR) +- TCP via Traefik IngressRouteTCP +- UDP via Traefik IngressRouteUDP + +From questions.yaml and the UI, these can be changed with selecting another "Type". However: Under the hood IngressRoutes and Ingress are totally different beasts and have a seperate creation process. Errors for Plain HTTP do NOT have to be present in HTTP-IR. + +It's also important to note that TCP (and even more so: UDP) have less options available. The example configurations below contain a mostly complete overview of what is currently available and reasonable. + +##### Ingress and Services + +It's important to know what Ingress does, before you start creating ingresses in questions.yaml. Ingresses send outside Traffic, to a kubernetes Service, which in turn forwards traffic to the actual containers. + +This means that every container needs to know how to reach their Service. If they do not, things go wrong. + +To ensure this, it's adviced to keep the names of your Ingresses the same as the names of your services. We made sure the ingress would automatically detect (and connect to) the main port of a Service with the same name. + +However: In case you need to do this differently, need to connect to additionalServices and/or need to connect to a secondary port, you can manually set both the serviceName and servicePort in questions.yaml. We advice however, to only do so if absolutely necessary! + +##### The Main Ingress + +The main Ingress and Main service take an important role in our standardisation. Where the main Service is used for healthchecks and the "portal" button, the main Ingress is just used for the portal button. + +However: As the maintainers expect new features to be connecting to the main service and main ingress, it will cause problems if you decide to bypass/ignore these. + +### Standards/Examples + +We try to maintain as much of a standardised questions.yaml format as possible, to ensure (bulk) editing stays as easy as possible. + +##### HTTP Ingress + +``` + - variable: ingress + label: "" + group: "Reverse Proxy Configuration" + schema: + type: dict + attrs: + - variable: webui + label: "Web Reverse Proxy Configuration" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable Web Reverse Proxy" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # type: int + # default: 80 + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + - variable: entrypoint + label: "Select Entrypoint" + schema: + type: string + default: "websecure" + required: true + enum: + - value: "websecure" + description: "Websecure: HTTPS/TLS port 443" + - variable: hosts + label: "Hosts" + schema: + type: list + default: [] + items: + - variable: host + label: "Host" + schema: + type: dict + attrs: + - variable: host + label: "Domain Name" + required: true + schema: + type: string + - variable: paths + label: "paths" + schema: + type: list + default: [] + items: + - variable: path + label: "Path" + schema: + type: dict + attrs: + - variable: path + label: "path" + schema: + type: string + required: true + default: "/" + - variable: pathType + label: "pathType" + schema: + type: string + required: true + default: "prefix" + - variable: certType + label: "Select Certificate Type" + schema: + type: string + default: "selfsigned" + enum: + - value: "" + description: "No Encryption/TLS/Certificates" + - value: "selfsigned" + description: "Self-Signed Certificate" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" + - variable: authForwardURL + label: "Forward Authentication URL" + schema: + type: string + default: "" + +``` + +##### TCP Ingress + +``` + - variable: tcp + label: "TCP Reverse Proxy Configuration" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable TCP Reverse Proxy" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + label: "Select Reverse Proxy Type" + schema: + type: string + default: "TCP" + required: true + editable: false + hidden: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # type: int + # default: 80 + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + - variable: entrypoint + label: "Select Entrypoint" + schema: + type: string + default: "torrent-tcp" + required: true + enum: + - value: "torrent-tcp" + description: "Torrent-TCP: port 51413" +``` + +##### UDP Ingress + +``` + - variable: udp + label: "UDP Reverse Proxy Configuration" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable UDP Reverse Proxy" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + label: "Select Reverse Proxy Type" + schema: + type: string + default: "UDP" + required: true + editable: false + hidden: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # type: int + # default: 80 + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + - variable: entrypoint + label: "Select Entrypoint" + schema: + type: string + default: "torrent-udp" + required: true + enum: + - value: "torrent-udp" + description: "Torrent-UDP: port 51413" +``` diff --git a/.github/docs/development/services.md b/.github/docs/development/services.md index d09b1c05e99..8e3b0c582ce 100644 --- a/.github/docs/development/services.md +++ b/.github/docs/development/services.md @@ -69,7 +69,8 @@ Please keep in mind that every App is different, some just have one service (whi schema: type: int default: 80 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -133,7 +134,8 @@ in some edgecases users might need or want to have the option to add unlimited c schema: type: int default: 80 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" diff --git a/.github/docs/general/reverse-proxy.md b/.github/docs/general/reverse-proxy.md new file mode 100644 index 00000000000..4e38aa1ab53 --- /dev/null +++ b/.github/docs/general/reverse-proxy.md @@ -0,0 +1,24 @@ +# Reverse Proxy + +Within TrueCharts our aim is to make it as easy as possible to secure your Apps. To support this we Supply a Traefik "Reverse Proxy", which has been preconfigured to provide secure and fast connections. + +To use Traefik as a Reverse Proxy, all you have to do is enable "Reverse Proxy" in the App of your choice and fill out a little form. + +### Types of Reverse Proxys + +We currently offer the following types of pre-configured reverse proxies: + +- HTTP + +- HTTP using CRD (Advanced) + +- TCP + +- UDP + +Besides HTTP, all these options, require Traefik to be installed before you enable Reverse Proxy on your App. I many cases, the maintainer of your app has hidden specific settings, like the type of Reverse proxies available, to suit your App. + + +### Adding Certificates + +To add certificates to Apps, we use the TrueNAS SCALE certificate storage. This means you first need to add Certificates to TrueNAS SCALE, after which you can select them when Installing or Editing your App. diff --git a/.gitignore b/.gitignore index 5df53d37d07..fca92e43e78 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,5 @@ tests/test-report.txt tests/test-report.xml private_values.yaml temp/ +library/common-test/charts/* +Chart.lock diff --git a/.tools/copy-from-common-test.sh b/.tools/copy-from-common-test.sh new file mode 100644 index 00000000000..d81a5c1b0bd --- /dev/null +++ b/.tools/copy-from-common-test.sh @@ -0,0 +1,11 @@ +for chart in charts/*; do + if [ -d "${chart}" ]; then + maxfolderversion=$(ls -l ${chart} | grep ^d | awk '{print $9}' | tail -n 1) + chartname=$(basename ${chart}) + echo "Processing: ${chart} - folder: ${maxfolderversion} - version: ${maxchartversion}" + if [ "${maxfolderversion}" != "${maxchartversion}" ]; then + rm -Rf ${chart}/${maxfolderversion}/charts/*.tgz + cp -f library/common-test/charts/* ${chart}/${maxfolderversion}/charts/ + fi + fi +done diff --git a/.tools/tests/charts/common-test_spec.rb b/.tools/tests/charts/common-test_spec.rb index 6ba757de127..7fb7d6f0af7 100644 --- a/.tools/tests/charts/common-test_spec.rb +++ b/.tools/tests/charts/common-test_spec.rb @@ -264,5 +264,644 @@ class Test < ChartTest end end + describe 'ingress' do + it 'should be disabled when (additional)ingress enabled = false' do + values = { + ingress: { + test1: { + enabled: false + }, + test2: { + enabled: false + } + }, + additionalIngress: [ + { + enabled: false, + name: "test3" + }, + { + enabled: false, + name: "test4" + } + ] + } + chart.value values + assert_nil(resource('Ingress')) + end + + it 'should be enabled when (additional)ingress enabled = true' do + values = { + ingress: { + test1: { + enabled: true + }, + test2: { + enabled: true + } + }, + additionalIngress: [ + { + enabled: true, + name: "test3" + }, + { + enabled: true, + name: "test4" + } + ] + } + chart.value values + refute_nil(resource('Ingress')) + end + + it 'should be not create ingressroute unless type tcp/udp' do + values = { + ingress: { + test1: { + enabled: true + }, + test2: { + enabled: true + } + }, + additionalIngress: [ + { + enabled: true, + name: "test3" + }, + { + enabled: true, + name: "test4" + } + ] + } + chart.value values + assert_nil(resource('IngressRouteTCP')) + assert_nil(resource('IngressRouteUDP')) + end + + it 'should be enabled when half (additional)ingress enabled = true' do + values = { + ingress: { + test1: { + enabled: false + }, + test2: { + enabled: true + } + }, + additionalIngress: [ + { + enabled: false, + name: "test3" + }, + { + enabled: true, + name: "test4" + } + ] + } + chart.value values + refute_nil(resource('Ingress')) + end + + it 'ingress with hosts' do + values = { + ingress: { + test1: { + hosts: [ + { + host: 'hostname', + paths: [ + { + path: '/' + } + ] + } + ] + } + } + } + + chart.value values + jq('.spec.rules[0].host', resource('Ingress')).must_equal values[:ingress][:test1][:hosts][0][:host] + jq('.spec.rules[0].http.paths[0].path', resource('Ingress')).must_equal values[:ingress][:test1][:hosts][0][:paths][0][:path] + end + + it 'ingress with hosts template is evaluated' do + expectedHostName = 'common-test.hostname' + values = { + ingress: { + test1: { + hosts: [ + { + hostTpl: '{{ .Release.Name }}.hostname', + paths: [ + { + path: '/' + } + ] + } + ] + } + } + } + + chart.value values + jq('.spec.rules[0].host', resource('Ingress')).must_equal expectedHostName + jq('.spec.rules[0].http.paths[0].path', resource('Ingress')).must_equal values[:ingress][:test1][:hosts][0][:paths][0][:path] + end + + it 'ingress with hosts and tls' do + values = { + ingress: { + test1: { + enabled: true, + hosts: [ + { + host: 'hostname', + paths: [ + { + path: '/' + } + ] + } + ], + tls: [ + { + hosts: [ 'hostname' ], + secretName: 'hostname-secret-name' + } + ] + } + } + } + + chart.value values + jq('.spec.rules[0].host', resource('Ingress')).must_equal values[:ingress][:test1][:hosts][0][:host] + jq('.spec.rules[0].http.paths[0].path', resource('Ingress')).must_equal values[:ingress][:test1][:hosts][0][:paths][0][:path] + jq('.spec.tls[0].hosts[0]', resource('Ingress')).must_equal values[:ingress][:test1][:tls][0][:hosts][0] + jq('.spec.tls[0].secretName', resource('Ingress')).must_equal values[:ingress][:test1][:tls][0][:secretName] + end + + it 'ingress with tls template is evaluated' do + expectedHostName = 'common-test.hostname' + expectedSecretName = 'common-test-hostname-secret-name' + values = { + ingress: { + test1: { + enabled: true, + tls: [ + { + hostsTpl: [ '{{ .Release.Name }}.hostname' ], + secretNameTpl: '{{ .Release.Name }}-hostname-secret-name' + } + ] + } + } + } + + chart.value values + jq('.spec.tls[0].hosts[0]', resource('Ingress')).must_equal expectedHostName + jq('.spec.tls[0].secretName', resource('Ingress')).must_equal expectedSecretName + end + + it 'ingress with hosts and tls template is evaluated' do + expectedHostName = 'common-test.hostname' + expectedSecretName = 'common-test-hostname-secret-name' + values = { + ingress: { + test1: { + enabled: true, + hosts: [ + { + hostTpl: '{{ .Release.Name }}.hostname', + paths: [ + { + path: '/' + } + ] + } + ], + tls: [ + { + hostsTpl: [ '{{ .Release.Name }}.hostname' ], + secretNameTpl: '{{ .Release.Name }}-hostname-secret-name' + } + ] + } + } + } + + chart.value values + jq('.spec.rules[0].host', resource('Ingress')).must_equal expectedHostName + jq('.spec.rules[0].http.paths[0].path', resource('Ingress')).must_equal values[:ingress][:test1][:hosts][0][:paths][0][:path] + jq('.spec.tls[0].hosts[0]', resource('Ingress')).must_equal expectedHostName + jq('.spec.tls[0].secretName', resource('Ingress')).must_equal expectedSecretName + end + + it 'ingress with selfsigned certtype is evaluated' do + expectedHostName = 'common-test.hostname' + expectedSecretName = 'common-test-hostname-secret-name' + values = { + ingress: { + test1: { + enabled: true, + hosts: [ + { + host: 'hostname', + paths: [ + { + path: '/' + } + ] + } + ], + certType: "selfsigned" + } + } + } + + chart.value values + jq('.spec.rules[0].host', resource('Ingress')).must_equal values[:ingress][:test1][:hosts][0][:host] + jq('.spec.rules[0].http.paths[0].path', resource('Ingress')).must_equal values[:ingress][:test1][:hosts][0][:paths][0][:path] + jq('.spec.tls[0].hosts[0]', resource('Ingress')).must_equal values[:ingress][:test1][:hosts][0][:host] + jq('.spec.tls[0].secretName', resource('Ingress')).must_equal nil + end + + it 'should create when type = HTTP' do + values = { + ingress: { + test1: { + enabled: true, + type: "HTTP" + }, + test2: { + enabled: false + } + }, + additionalIngress: [ + { + enabled: false, + name: "test3" + }, + { + enabled: false, + name: "test4" + } + ] + } + chart.value values + refute_nil(resource('Ingress')) + end + + it 'check no middleware without traefik' do + values = { + ingress: { + test1: { + enabled: true + } + } + } + chart.value values + assert_nil(resource('Middleware')) + end + + it 'check authForward when authForwardURL is set' do + expectedName = 'common-test-test1-auth-forward' + values = { + ingress: { + test1: { + enabled: true, + authForwardURL: "test.test.com" + } + } + } + chart.value values + refute_nil(resource('Middleware')) + jq('.spec.forwardAuth.address', resource('Middleware')).must_equal values[:ingress][:test1][:authForwardURL] + jq('.metadata.name', resource('Middleware')).must_equal expectedName + end + + end + + describe 'ingressRoutes' do + it 'should create only TCP when type = TCP' do + values = { + ingress: { + test1: { + enabled: true, + type: "TCP" + }, + test2: { + enabled: false + } + }, + additionalIngress: [ + { + enabled: false, + name: "test3" + }, + { + enabled: false, + name: "test4" + } + ] + } + chart.value values + refute_nil(resource('IngressRouteTCP')) + assert_nil(resource('IngressRouteUDP')) + end + + it 'should create only UDP when type = UDP' do + values = { + ingress: { + test1: { + enabled: true, + type: "UDP" + }, + test2: { + enabled: false + } + }, + additionalIngress: [ + { + enabled: false, + name: "test3" + }, + { + enabled: false, + name: "test4" + } + ] + } + chart.value values + refute_nil(resource('IngressRouteUDP')) + assert_nil(resource('IngressRouteTCP')) + end + + it 'should create only additional TCP when type = TCP' do + values = { + ingress: { + test1: { + enabled: false + }, + test2: { + enabled: false + } + }, + additionalIngress: [ + { + enabled: true, + name: "test3", + type: "TCP" + }, + { + enabled: false, + name: "test4" + } + ] + } + chart.value values + refute_nil(resource('IngressRouteTCP')) + assert_nil(resource('IngressRouteUDP')) + end + + it 'should create only additional UDP when type = UDP' do + values = { + ingress: { + test1: { + enabled: false + }, + test2: { + enabled: false + } + }, + additionalIngress: { + test3: { + enabled: true, + type: "UDP" + }, + test4: { + enabled: false + } + } + } + chart.value values + refute_nil(resource('IngressRouteUDP')) + assert_nil(resource('IngressRouteTCP')) + end + + it 'should be able to create 3 ingress types' do + values = { + ingress: { + test1: { + enabled: true, + type: "UDP" + }, + test2: { + enabled: true, + type: "TCP" + }, + test2b: { + enabled: true, + type: "HTTP" + } + }, + additionalIngress: [ + { + enabled: false, + name: "test3" + }, + { + enabled: false, + name: "test4" + } + ] + } + chart.value values + refute_nil(resource('IngressRouteUDP')) + refute_nil(resource('IngressRouteTCP')) + refute_nil(resource('Ingress')) + end + + it 'should be able to create 3 additional ingress types' do + values = { + ingress: { + test1: { + enabled: false, + type: "UDP" + }, + test2: { + enabled: false, + type: "TCP" + }, + test2b: { + enabled: false, + type: "HTTP" + } + }, + additionalIngress: [ + { + enabled: true, + type: "HTTP", + name: "test3" + }, + { + enabled: true, + type: "TCP", + name: "test4" + }, + { + enabled: true, + type: "UDP", + name: "test5" + } + ] + } + chart.value values + refute_nil(resource('IngressRouteUDP')) + refute_nil(resource('IngressRouteTCP')) + refute_nil(resource('Ingress')) + end + + it 'ingressroute with selfsigned certtype is evaluated' do + values = { + ingress: { + test1: { + type: "TCP", + enabled: true, + hosts: [ + { + host: 'hostname' + } + ], + certType: "selfsigned" + } + } + } + + chart.value values + jq('.spec.tls.domains[0].main', resource('IngressRouteTCP')).must_equal values[:ingress][:test1][:hosts][0][:host] + jq('.spec.tls.secretName', resource('IngressRouteTCP')).must_equal nil + end + + it 'ingressrouteUDP + HTTP +TCP with selfsigned cert is evaluated ' do + values = { + ingress: { + test1: { + type: "TCP", + enabled: true, + hosts: [ + { + host: 'hostname' + } + ], + certType: "selfsigned" + }, + test2: { + enabled: true, + type: "UDP" + }, + test2b: { + enabled: true, + type: "HTTP" + } + } + } + + chart.value values + jq('.spec.tls.domains[0].main', resource('IngressRouteTCP')).must_equal values[:ingress][:test1][:hosts][0][:host] + jq('.spec.tls.secretName', resource('IngressRouteTCP')).must_equal nil + refute_nil(resource('IngressRouteUDP')) + refute_nil(resource('IngressRouteTCP')) + refute_nil(resource('Ingress')) + end + + it 'HTTP-ingressRoute is evaluated ' do + expectedHostString = 'Host(`hostname`)' + values = { + ingress: { + test1: { + type: "HTTP-IR", + enabled: true, + hosts: [ + { + host: 'hostname' + } + ] + } + } + } + + chart.value values + jq('.spec.routes[0].match', resource('IngressRoute')).must_equal expectedHostString + assert_nil(resource('IngressRouteUDP')) + assert_nil(resource('IngressRouteTCP')) + refute_nil(resource('Ingress')) + refute_nil(resource('IngressRoute')) + end + + it 'HTTP-ingressRoute with selfsigned cert is evaluated is evaluated ' do + expectedHostString = 'Host(`hostname`)' + values = { + ingress: { + test1: { + type: "HTTP-IR", + enabled: true, + hosts: [ + { + host: 'hostname' + } + ], + certType: "selfsigned" + } + } + } + + chart.value values + jq('.spec.routes[0].match', resource('IngressRoute')).must_equal expectedHostString + assert_nil(resource('IngressRouteUDP')) + assert_nil(resource('IngressRouteTCP')) + refute_nil(resource('Ingress')) + refute_nil(resource('IngressRoute')) + jq('.spec.tls.domains[0].main', resource('IngressRoute')).must_equal values[:ingress][:test1][:hosts][0][:host] + jq('.spec.tls.secretName', resource('IngressRoute')).must_equal nil + end + + it 'HTTP-ingressRoute+selfsigned+forwardAuth is evaluated is evaluated ' do + expectedHostString = 'Host(`hostname`)' + expectedName = 'common-test-test1-auth-forward' + values = { + ingress: { + test1: { + type: "HTTP-IR", + enabled: true, + hosts: [ + { + host: 'hostname' + } + ], + certType: "selfsigned", + authForwardURL: "test.com" + } + } + } + + chart.value values + jq('.spec.routes[0].match', resource('IngressRoute')).must_equal expectedHostString + assert_nil(resource('IngressRouteUDP')) + assert_nil(resource('IngressRouteTCP')) + refute_nil(resource('Ingress')) + refute_nil(resource('IngressRoute')) + jq('.spec.tls.domains[0].main', resource('IngressRoute')).must_equal values[:ingress][:test1][:hosts][0][:host] + jq('.spec.tls.secretName', resource('IngressRoute')).must_equal nil + jq('.metadata.name', resource('Middleware')).must_equal expectedName + jq('.spec.routes[0].middlewares[1].name', resource('IngressRoute')).must_equal expectedName + end + + end + end end diff --git a/charts/bazarr/2.0.0/charts/common-2.0.0.tgz b/charts/bazarr/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/bazarr/2.0.0/charts/common-2.0.0.tgz and b/charts/bazarr/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/bazarr/2.0.0/questions.yaml b/charts/bazarr/2.0.0/questions.yaml index 8f91feeeaf5..2f3ae2d8f98 100644 --- a/charts/bazarr/2.0.0/questions.yaml +++ b/charts/bazarr/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: web_portal: @@ -170,7 +170,8 @@ questions: schema: type: int default: 6767 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -367,15 +368,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -386,6 +386,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -438,27 +468,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/calibre-web/2.0.0/charts/common-2.0.0.tgz b/charts/calibre-web/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/calibre-web/2.0.0/charts/common-2.0.0.tgz and b/charts/calibre-web/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/calibre-web/2.0.0/questions.yaml b/charts/calibre-web/2.0.0/questions.yaml index 596e010fe6e..a666933914d 100644 --- a/charts/calibre-web/2.0.0/questions.yaml +++ b/charts/calibre-web/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: web_portal: @@ -170,7 +170,8 @@ questions: schema: type: int default: 8083 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -310,15 +311,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -329,6 +329,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -381,27 +411,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/calibre-web/2.0.0/test_values.yaml b/charts/calibre-web/2.0.0/test_values.yaml index 69dcbba78da..2c8803d43c8 100644 --- a/charts/calibre-web/2.0.0/test_values.yaml +++ b/charts/calibre-web/2.0.0/test_values.yaml @@ -41,7 +41,7 @@ persistence: # skipuninstall: false # existingClaim: "" -appIngressEnabled: false + appVolumeMounts: diff --git a/charts/calibre-web/2.0.0/values.yaml b/charts/calibre-web/2.0.0/values.yaml index 06104fa9050..b1760ea4b0d 100644 --- a/charts/calibre-web/2.0.0/values.yaml +++ b/charts/calibre-web/2.0.0/values.yaml @@ -41,7 +41,7 @@ persistence: # skipuninstall: false # existingClaim: "" -appIngressEnabled: false + #appVolumeMounts: diff --git a/charts/collabora-online/2.0.0/charts/common-2.0.0.tgz b/charts/collabora-online/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/collabora-online/2.0.0/charts/common-2.0.0.tgz and b/charts/collabora-online/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/collabora-online/2.0.0/questions.yaml b/charts/collabora-online/2.0.0/questions.yaml index 3b8c5a976ed..0e9b2556ece 100644 --- a/charts/collabora-online/2.0.0/questions.yaml +++ b/charts/collabora-online/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Network Configuration" - name: "Environment Variables" description: "Environment Variables Configuration" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" - name: "Storage" description: "configure app volume mounts" @@ -166,7 +166,8 @@ questions: schema: type: int default: 9980 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -224,13 +225,13 @@ questions: default: 'collabora\.domain\.tld' # Reverse Proxy - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" group: "Reverse Proxy" schema: @@ -243,6 +244,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -295,27 +326,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/deluge/2.0.0/charts/common-2.0.0.tgz b/charts/deluge/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/deluge/2.0.0/charts/common-2.0.0.tgz and b/charts/deluge/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/deluge/2.0.0/questions.yaml b/charts/deluge/2.0.0/questions.yaml index fd459603446..380f5608f3c 100644 --- a/charts/deluge/2.0.0/questions.yaml +++ b/charts/deluge/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "network / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -178,7 +178,8 @@ questions: schema: type: int default: 8112 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -240,7 +241,8 @@ questions: schema: type: int default: 51413 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -302,7 +304,8 @@ questions: schema: type: int default: 51413 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -435,15 +438,14 @@ questions: required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -454,6 +456,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -506,27 +538,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: @@ -534,7 +560,6 @@ questions: default: "" - variable: tcp label: "TCP Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -552,9 +577,28 @@ questions: default: "TCP" required: true editable: false - enum: - - value: "TCP" - description: "Plain TCP Connections" + hidden: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -564,18 +608,9 @@ questions: enum: - value: "torrent-tcp" description: "Torrent-TCP: port 51413" - - variable: certType - label: "Select Certificate Type" - schema: - editable: false - type: string - default: "" - enum: - - value: "" - description: "No Encryption/TLS/Certificates" + - variable: udp label: "UDP Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -593,9 +628,28 @@ questions: default: "UDP" required: true editable: false - enum: - - value: "UDP" - description: "Plain UDP Connections" + hidden: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: diff --git a/charts/deluge/2.0.0/test_values.yaml b/charts/deluge/2.0.0/test_values.yaml index 310b7f0d6b2..b010785d752 100644 --- a/charts/deluge/2.0.0/test_values.yaml +++ b/charts/deluge/2.0.0/test_values.yaml @@ -59,7 +59,7 @@ env: {} # UMASK_SET: "022" # DELUGE_LOGLEVEL: "error" -appIngressEnabled: false + appVolumeMounts: config: diff --git a/charts/deluge/2.0.0/values.yaml b/charts/deluge/2.0.0/values.yaml index 136197cae0d..69b2b755b77 100644 --- a/charts/deluge/2.0.0/values.yaml +++ b/charts/deluge/2.0.0/values.yaml @@ -59,7 +59,7 @@ env: {} # UMASK_SET: "022" # DELUGE_LOGLEVEL: "error" -appIngressEnabled: false + # appVolumeMounts: # config: diff --git a/charts/esphome/2.0.0/charts/common-2.0.0.tgz b/charts/esphome/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/esphome/2.0.0/charts/common-2.0.0.tgz and b/charts/esphome/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/esphome/2.0.0/questions.yaml b/charts/esphome/2.0.0/questions.yaml index e23dc729048..30356bfb738 100644 --- a/charts/esphome/2.0.0/questions.yaml +++ b/charts/esphome/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -188,7 +188,8 @@ questions: schema: type: int default: 6052 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -261,15 +262,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -280,6 +280,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -332,27 +362,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/freshrss/2.0.0/charts/common-2.0.0.tgz b/charts/freshrss/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/freshrss/2.0.0/charts/common-2.0.0.tgz and b/charts/freshrss/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/freshrss/2.0.0/questions.yaml b/charts/freshrss/2.0.0/questions.yaml index af45125c3ad..f3b2b3076d1 100644 --- a/charts/freshrss/2.0.0/questions.yaml +++ b/charts/freshrss/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: web_portal: @@ -170,7 +170,8 @@ questions: schema: type: int default: 80 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -254,15 +255,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -273,6 +273,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -325,27 +355,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/freshrss/2.0.0/test_values.yaml b/charts/freshrss/2.0.0/test_values.yaml index 1f2e52c5321..1dfdb82261c 100644 --- a/charts/freshrss/2.0.0/test_values.yaml +++ b/charts/freshrss/2.0.0/test_values.yaml @@ -23,7 +23,7 @@ persistence: enabled: false emptyDir: false -appIngressEnabled: false + appVolumeMounts: diff --git a/charts/freshrss/2.0.0/values.yaml b/charts/freshrss/2.0.0/values.yaml index 4758d8f97b4..9d62c5f2f32 100644 --- a/charts/freshrss/2.0.0/values.yaml +++ b/charts/freshrss/2.0.0/values.yaml @@ -23,7 +23,7 @@ persistence: enabled: false emptyDir: false -appIngressEnabled: false + #appVolumeMounts: diff --git a/charts/gaps/2.0.0/charts/common-2.0.0.tgz b/charts/gaps/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/gaps/2.0.0/charts/common-2.0.0.tgz and b/charts/gaps/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/gaps/2.0.0/questions.yaml b/charts/gaps/2.0.0/questions.yaml index 0c0d05a4bb2..c42e5bf5960 100644 --- a/charts/gaps/2.0.0/questions.yaml +++ b/charts/gaps/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: web_portal: @@ -170,7 +170,8 @@ questions: schema: type: int default: 8484 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -255,15 +256,14 @@ questions: required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -274,6 +274,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -326,27 +356,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/gaps/2.0.0/test_values.yaml b/charts/gaps/2.0.0/test_values.yaml index ab13d19f8e4..70f0b6b91fc 100644 --- a/charts/gaps/2.0.0/test_values.yaml +++ b/charts/gaps/2.0.0/test_values.yaml @@ -22,7 +22,7 @@ persistence: emptyDir: false mountPath: /usr/data -appIngressEnabled: false + appVolumeMounts: diff --git a/charts/gaps/2.0.0/values.yaml b/charts/gaps/2.0.0/values.yaml index d3dea753918..d6ce15a51ce 100644 --- a/charts/gaps/2.0.0/values.yaml +++ b/charts/gaps/2.0.0/values.yaml @@ -21,5 +21,3 @@ persistence: enabled: false emptyDir: false mountPath: /usr/data - -appIngressEnabled: false diff --git a/charts/grocy/2.0.0/charts/common-2.0.0.tgz b/charts/grocy/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/grocy/2.0.0/charts/common-2.0.0.tgz and b/charts/grocy/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/grocy/2.0.0/questions.yaml b/charts/grocy/2.0.0/questions.yaml index 8c689b677fd..6d4d5aaebbb 100644 --- a/charts/grocy/2.0.0/questions.yaml +++ b/charts/grocy/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: web_portal: @@ -170,7 +170,8 @@ questions: schema: type: int default: 80 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -255,15 +256,14 @@ questions: required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -274,6 +274,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -326,27 +356,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/grocy/2.0.0/test_values.yaml b/charts/grocy/2.0.0/test_values.yaml index 99b4635309f..9992cb9d637 100644 --- a/charts/grocy/2.0.0/test_values.yaml +++ b/charts/grocy/2.0.0/test_values.yaml @@ -23,7 +23,7 @@ persistence: enabled: false emptyDir: false -appIngressEnabled: false + appVolumeMounts: diff --git a/charts/grocy/2.0.0/values.yaml b/charts/grocy/2.0.0/values.yaml index 26c3ac9b3db..afe62698b36 100644 --- a/charts/grocy/2.0.0/values.yaml +++ b/charts/grocy/2.0.0/values.yaml @@ -22,5 +22,3 @@ persistence: config: enabled: false emptyDir: false - -appIngressEnabled: false diff --git a/charts/handbrake/2.0.0/charts/common-2.0.0.tgz b/charts/handbrake/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/handbrake/2.0.0/charts/common-2.0.0.tgz and b/charts/handbrake/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/handbrake/2.0.0/questions.yaml b/charts/handbrake/2.0.0/questions.yaml index ed0578d769d..0c26f9cadbb 100644 --- a/charts/handbrake/2.0.0/questions.yaml +++ b/charts/handbrake/2.0.0/questions.yaml @@ -6,7 +6,7 @@ groups: description: "Container configuration" - name: "Networking" description: "Network configuration" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" - name: "Services" description: "Service configuration" @@ -257,7 +257,8 @@ questions: schema: type: int default: 5800 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -319,7 +320,8 @@ questions: schema: type: int default: 5900 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -606,15 +608,14 @@ questions: default: "/dev/sr0" required: true # Reverse Proxy - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -625,6 +626,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -677,27 +708,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/heimdall/2.0.0/charts/common-2.0.0.tgz b/charts/heimdall/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/heimdall/2.0.0/charts/common-2.0.0.tgz and b/charts/heimdall/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/heimdall/2.0.0/questions.yaml b/charts/heimdall/2.0.0/questions.yaml index a87232f1c5d..139477ad21b 100644 --- a/charts/heimdall/2.0.0/questions.yaml +++ b/charts/heimdall/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -170,7 +170,8 @@ questions: schema: type: int default: 80 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -255,15 +256,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -274,6 +274,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -326,27 +356,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/home-assistant/2.0.0/charts/common-2.0.0.tgz b/charts/home-assistant/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/home-assistant/2.0.0/charts/common-2.0.0.tgz and b/charts/home-assistant/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/home-assistant/2.0.0/questions.yaml b/charts/home-assistant/2.0.0/questions.yaml index 2d34cfdfb54..1ea416bb956 100644 --- a/charts/home-assistant/2.0.0/questions.yaml +++ b/charts/home-assistant/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "network / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -355,7 +355,8 @@ questions: schema: type: int default: 8123 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -366,15 +367,14 @@ questions: default: 36052 required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -385,6 +385,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -437,27 +467,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/jackett/2.0.0/charts/common-2.0.0.tgz b/charts/jackett/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/jackett/2.0.0/charts/common-2.0.0.tgz and b/charts/jackett/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/jackett/2.0.0/questions.yaml b/charts/jackett/2.0.0/questions.yaml index 96cda6e1736..303b6146bbb 100644 --- a/charts/jackett/2.0.0/questions.yaml +++ b/charts/jackett/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -170,7 +170,8 @@ questions: schema: type: int default: 9117 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -255,15 +256,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui - label: "Web Reverse Proxy Configuration" - group: "Ingress" + - variable: main + label: "WebUI" schema: type: dict attrs: @@ -274,6 +274,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -326,27 +356,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/jellyfin/2.0.0/charts/common-2.0.0.tgz b/charts/jellyfin/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/jellyfin/2.0.0/charts/common-2.0.0.tgz and b/charts/jellyfin/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/jellyfin/2.0.0/questions.yaml b/charts/jellyfin/2.0.0/questions.yaml index 23c777875f2..708e9d87c7f 100644 --- a/charts/jellyfin/2.0.0/questions.yaml +++ b/charts/jellyfin/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -170,7 +170,8 @@ questions: schema: type: int default: 8096 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -311,15 +312,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -330,6 +330,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -382,27 +412,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/kms/2.0.0/charts/common-2.0.0.tgz b/charts/kms/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/kms/2.0.0/charts/common-2.0.0.tgz and b/charts/kms/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/kms/2.0.0/questions.yaml b/charts/kms/2.0.0/questions.yaml index 8441db7e786..4f0e908e6fb 100644 --- a/charts/kms/2.0.0/questions.yaml +++ b/charts/kms/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -170,7 +170,8 @@ questions: schema: type: int default: 1688 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -255,15 +256,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: kms + - variable: main label: "KMS Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -281,9 +281,29 @@ questions: default: "TCP" required: true editable: false - enum: - - value: "TCP" - description: "Plain TCP Connections" + hidden: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -293,12 +313,3 @@ questions: enum: - value: "kms" description: "KMS: port 1688" - - variable: certType - label: "Select Certificate Type" - schema: - editable: false - type: string - default: "" - enum: - - value: "" - description: "No Encryption/TLS/Certificates" diff --git a/charts/lazylibrarian/2.0.0/charts/common-2.0.0.tgz b/charts/lazylibrarian/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/lazylibrarian/2.0.0/charts/common-2.0.0.tgz and b/charts/lazylibrarian/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/lazylibrarian/2.0.0/questions.yaml b/charts/lazylibrarian/2.0.0/questions.yaml index ae28ed92b50..5bde0e51cf4 100644 --- a/charts/lazylibrarian/2.0.0/questions.yaml +++ b/charts/lazylibrarian/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -171,7 +171,8 @@ questions: schema: type: int default: 5299 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -368,15 +369,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -387,6 +387,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -439,27 +469,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/lidarr/2.0.0/charts/common-2.0.0.tgz b/charts/lidarr/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/lidarr/2.0.0/charts/common-2.0.0.tgz and b/charts/lidarr/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/lidarr/2.0.0/questions.yaml b/charts/lidarr/2.0.0/questions.yaml index fef113c613e..98fb903cd0e 100644 --- a/charts/lidarr/2.0.0/questions.yaml +++ b/charts/lidarr/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -170,7 +170,8 @@ questions: schema: type: int default: 8686 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -367,15 +368,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -386,6 +386,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -438,27 +468,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/lychee/2.0.0/charts/common-2.0.0.tgz b/charts/lychee/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/lychee/2.0.0/charts/common-2.0.0.tgz and b/charts/lychee/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/lychee/2.0.0/questions.yaml b/charts/lychee/2.0.0/questions.yaml index 915e8c813b0..f53c02e7f7c 100644 --- a/charts/lychee/2.0.0/questions.yaml +++ b/charts/lychee/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: web_portal: @@ -170,7 +170,8 @@ questions: schema: type: int default: 80 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -366,15 +367,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -385,6 +385,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -437,27 +467,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/lychee/2.0.0/test_values.yaml b/charts/lychee/2.0.0/test_values.yaml index 7ee35445142..b1d745dc0aa 100644 --- a/charts/lychee/2.0.0/test_values.yaml +++ b/charts/lychee/2.0.0/test_values.yaml @@ -70,7 +70,7 @@ persistence: # skipuninstall: false # existingClaim: "" -appIngressEnabled: false + appVolumeMounts: diff --git a/charts/lychee/2.0.0/values.yaml b/charts/lychee/2.0.0/values.yaml index dc0c7ddbcbc..65549ccb6f6 100644 --- a/charts/lychee/2.0.0/values.yaml +++ b/charts/lychee/2.0.0/values.yaml @@ -70,7 +70,7 @@ persistence: # skipuninstall: false # existingClaim: "" -appIngressEnabled: false + #appVolumeMounts: diff --git a/charts/navidrome/2.0.0/charts/common-2.0.0.tgz b/charts/navidrome/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/navidrome/2.0.0/charts/common-2.0.0.tgz and b/charts/navidrome/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/navidrome/2.0.0/questions.yaml b/charts/navidrome/2.0.0/questions.yaml index 3ba8276c42f..9b9f4b400c4 100644 --- a/charts/navidrome/2.0.0/questions.yaml +++ b/charts/navidrome/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "network / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -170,7 +170,8 @@ questions: schema: type: int default: 4533 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -312,15 +313,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -331,6 +331,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -383,27 +413,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/navidrome/2.0.0/test_values.yaml b/charts/navidrome/2.0.0/test_values.yaml index d437943891a..ca09e119b64 100644 --- a/charts/navidrome/2.0.0/test_values.yaml +++ b/charts/navidrome/2.0.0/test_values.yaml @@ -57,7 +57,7 @@ persistence: # existingClaim: "" -appIngressEnabled: false + appVolumeMounts: diff --git a/charts/navidrome/2.0.0/values.yaml b/charts/navidrome/2.0.0/values.yaml index 32bd1d8d0e5..ee85dc20057 100644 --- a/charts/navidrome/2.0.0/values.yaml +++ b/charts/navidrome/2.0.0/values.yaml @@ -57,7 +57,7 @@ persistence: # existingClaim: "" -appIngressEnabled: false + # appVolumeMounts: diff --git a/charts/node-red/2.0.0/charts/common-2.0.0.tgz b/charts/node-red/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/node-red/2.0.0/charts/common-2.0.0.tgz and b/charts/node-red/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/node-red/2.0.0/questions.yaml b/charts/node-red/2.0.0/questions.yaml index 0a09689ab29..7aacf0224c9 100644 --- a/charts/node-red/2.0.0/questions.yaml +++ b/charts/node-red/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -170,7 +170,8 @@ questions: schema: type: int default: 1880 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -256,15 +257,14 @@ questions: required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -275,6 +275,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -327,27 +357,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/nzbget/2.0.0/charts/common-2.0.0.tgz b/charts/nzbget/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/nzbget/2.0.0/charts/common-2.0.0.tgz and b/charts/nzbget/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/nzbget/2.0.0/questions.yaml b/charts/nzbget/2.0.0/questions.yaml index 19b2782cc30..e3af89149df 100644 --- a/charts/nzbget/2.0.0/questions.yaml +++ b/charts/nzbget/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: web_portal: @@ -170,7 +170,8 @@ questions: schema: type: int default: 6789 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -310,15 +311,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -329,6 +329,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -381,27 +411,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/nzbget/2.0.0/test_values.yaml b/charts/nzbget/2.0.0/test_values.yaml index 18c84065f90..660849aa920 100644 --- a/charts/nzbget/2.0.0/test_values.yaml +++ b/charts/nzbget/2.0.0/test_values.yaml @@ -52,7 +52,7 @@ persistence: # skipuninstall: false # existingClaim: "" -appIngressEnabled: false + appVolumeMounts: config: diff --git a/charts/nzbget/2.0.0/values.yaml b/charts/nzbget/2.0.0/values.yaml index 59e9abe6be9..1f5716467b7 100644 --- a/charts/nzbget/2.0.0/values.yaml +++ b/charts/nzbget/2.0.0/values.yaml @@ -52,7 +52,7 @@ persistence: # skipuninstall: false # existingClaim: "" -appIngressEnabled: false + # appVolumeMounts: # config: diff --git a/charts/nzbhydra/2.0.0/charts/common-2.0.0.tgz b/charts/nzbhydra/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/nzbhydra/2.0.0/charts/common-2.0.0.tgz and b/charts/nzbhydra/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/nzbhydra/2.0.0/questions.yaml b/charts/nzbhydra/2.0.0/questions.yaml index 948c302dbd7..5c3c3752393 100644 --- a/charts/nzbhydra/2.0.0/questions.yaml +++ b/charts/nzbhydra/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: web_portal: @@ -170,7 +170,8 @@ questions: schema: type: int default: 5076 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -310,15 +311,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -329,6 +329,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -381,27 +411,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/nzbhydra/2.0.0/test_values.yaml b/charts/nzbhydra/2.0.0/test_values.yaml index 9bda297be31..8563b0d89b4 100644 --- a/charts/nzbhydra/2.0.0/test_values.yaml +++ b/charts/nzbhydra/2.0.0/test_values.yaml @@ -59,7 +59,7 @@ persistence: enabled: false emptyDir: false -appIngressEnabled: false + appVolumeMounts: diff --git a/charts/nzbhydra/2.0.0/values.yaml b/charts/nzbhydra/2.0.0/values.yaml index 64c542d654a..07d3a1a7af3 100644 --- a/charts/nzbhydra/2.0.0/values.yaml +++ b/charts/nzbhydra/2.0.0/values.yaml @@ -59,7 +59,7 @@ persistence: enabled: false emptyDir: false -appIngressEnabled: false + #appVolumeMounts: diff --git a/charts/ombi/2.0.0/charts/common-2.0.0.tgz b/charts/ombi/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/ombi/2.0.0/charts/common-2.0.0.tgz and b/charts/ombi/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/ombi/2.0.0/questions.yaml b/charts/ombi/2.0.0/questions.yaml index 555c0bf2125..2e87f060b1d 100644 --- a/charts/ombi/2.0.0/questions.yaml +++ b/charts/ombi/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -170,7 +170,8 @@ questions: schema: type: int default: 3579 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -255,15 +256,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -274,6 +274,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -326,27 +356,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/organizr/2.0.0/charts/common-2.0.0.tgz b/charts/organizr/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/organizr/2.0.0/charts/common-2.0.0.tgz and b/charts/organizr/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/organizr/2.0.0/questions.yaml b/charts/organizr/2.0.0/questions.yaml index 1ae6fdf9787..0cb2b3c7e89 100644 --- a/charts/organizr/2.0.0/questions.yaml +++ b/charts/organizr/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -171,7 +171,8 @@ questions: schema: type: int default: 80 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -313,15 +314,14 @@ questions: required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -332,6 +332,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -384,27 +414,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/qbittorrent/2.0.0/charts/common-2.0.0.tgz b/charts/qbittorrent/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/qbittorrent/2.0.0/charts/common-2.0.0.tgz and b/charts/qbittorrent/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/qbittorrent/2.0.0/questions.yaml b/charts/qbittorrent/2.0.0/questions.yaml index e4c7702c57c..e47aac6cc9d 100644 --- a/charts/qbittorrent/2.0.0/questions.yaml +++ b/charts/qbittorrent/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: web_portal: @@ -160,7 +160,7 @@ questions: label: "container port" schema: type: int - default: 8787 + default: 8080 editable: false hidden: true - variable: targetport @@ -168,8 +168,9 @@ questions: description: "When connecting internally to this App, you'll need this port" schema: type: int - default: 8787 - editable: true + default: 8080 + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -222,7 +223,7 @@ questions: label: "container port" schema: type: int - default: 51413 + default: 6881 editable: false hidden: true - variable: targetport @@ -231,7 +232,8 @@ questions: schema: type: int default: 51413 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -284,7 +286,7 @@ questions: label: "container port" schema: type: int - default: 51413 + default: 6881 editable: false hidden: true - variable: targetport @@ -293,7 +295,8 @@ questions: schema: type: int default: 51413 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -434,15 +437,14 @@ questions: required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -453,6 +455,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -505,27 +537,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: @@ -533,7 +559,6 @@ questions: default: "" - variable: tcp label: "TCP Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -551,9 +576,28 @@ questions: default: "TCP" required: true editable: false - enum: - - value: "TCP" - description: "Plain TCP Connections" + hidden: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -563,18 +607,9 @@ questions: enum: - value: "torrent-tcp" description: "Torrent-TCP: port 51413" - - variable: certType - label: "Select Certificate Type" - schema: - editable: false - type: string - default: "" - enum: - - value: "" - description: "No Encryption/TLS/Certificates" + - variable: udp label: "UDP Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -592,9 +627,28 @@ questions: default: "UDP" required: true editable: false - enum: - - value: "UDP" - description: "Plain UDP Connections" + hidden: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: diff --git a/charts/qbittorrent/2.0.0/test_values.yaml b/charts/qbittorrent/2.0.0/test_values.yaml index dd1a38197d2..e5afd3a8a17 100644 --- a/charts/qbittorrent/2.0.0/test_values.yaml +++ b/charts/qbittorrent/2.0.0/test_values.yaml @@ -22,14 +22,14 @@ services: enabled: true type: ClusterIP port: - port: 51413 + port: 6881 protocol: TCP targetPort: 51413 udp: enabled: true type: ClusterIP port: - port: 51413 + port: 6881 protocol: UDP targetPort: 51413 @@ -85,7 +85,7 @@ additionalVolumeMounts: - mountPath: /config/custom-cont-init.d name: qbittorrent-scripts -appIngressEnabled: false + appVolumeMounts: diff --git a/charts/qbittorrent/2.0.0/values.yaml b/charts/qbittorrent/2.0.0/values.yaml index 4b522444214..ec6914fc413 100644 --- a/charts/qbittorrent/2.0.0/values.yaml +++ b/charts/qbittorrent/2.0.0/values.yaml @@ -86,7 +86,7 @@ additionalVolumeMounts: - mountPath: /config/custom-cont-init.d name: qbittorrent-scripts -appIngressEnabled: false + #appVolumeMounts: diff --git a/charts/radarr/2.0.0/charts/common-2.0.0.tgz b/charts/radarr/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/radarr/2.0.0/charts/common-2.0.0.tgz and b/charts/radarr/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/radarr/2.0.0/questions.yaml b/charts/radarr/2.0.0/questions.yaml index 08edc30bb26..9aa97111fbf 100644 --- a/charts/radarr/2.0.0/questions.yaml +++ b/charts/radarr/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -171,7 +171,8 @@ questions: schema: type: int default: 7878 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -368,15 +369,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -387,6 +387,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -439,27 +469,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/readarr/2.0.0/charts/common-2.0.0.tgz b/charts/readarr/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/readarr/2.0.0/charts/common-2.0.0.tgz and b/charts/readarr/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/readarr/2.0.0/questions.yaml b/charts/readarr/2.0.0/questions.yaml index 6ca6c9154e2..3dd17985f76 100644 --- a/charts/readarr/2.0.0/questions.yaml +++ b/charts/readarr/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: web_portal: @@ -170,7 +170,8 @@ questions: schema: type: int default: 8787 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -366,15 +367,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -385,6 +385,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -437,27 +467,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/readarr/2.0.0/test_values.yaml b/charts/readarr/2.0.0/test_values.yaml index 15969443449..8960b66262f 100644 --- a/charts/readarr/2.0.0/test_values.yaml +++ b/charts/readarr/2.0.0/test_values.yaml @@ -61,7 +61,7 @@ persistence: # skipuninstall: false # existingClaim: "" -appIngressEnabled: false + appVolumeMounts: diff --git a/charts/readarr/2.0.0/values.yaml b/charts/readarr/2.0.0/values.yaml index 3b933e3cbc0..ee4b19dd17e 100644 --- a/charts/readarr/2.0.0/values.yaml +++ b/charts/readarr/2.0.0/values.yaml @@ -61,7 +61,7 @@ persistence: # skipuninstall: false # existingClaim: "" -appIngressEnabled: false + #appVolumeMounts: diff --git a/charts/sabnzbd/2.0.0/charts/common-2.0.0.tgz b/charts/sabnzbd/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/sabnzbd/2.0.0/charts/common-2.0.0.tgz and b/charts/sabnzbd/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/sabnzbd/2.0.0/questions.yaml b/charts/sabnzbd/2.0.0/questions.yaml index a673b387a74..d2488cd5be3 100644 --- a/charts/sabnzbd/2.0.0/questions.yaml +++ b/charts/sabnzbd/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: web_portal: @@ -179,7 +179,8 @@ questions: schema: type: int default: 8080 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -311,15 +312,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -330,6 +330,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -382,27 +412,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/sabnzbd/2.0.0/test_values.yaml b/charts/sabnzbd/2.0.0/test_values.yaml index 7d9b4d70bb7..337f5e567d0 100644 --- a/charts/sabnzbd/2.0.0/test_values.yaml +++ b/charts/sabnzbd/2.0.0/test_values.yaml @@ -40,7 +40,7 @@ persistence: # skipuninstall: false # existingClaim: "" -appIngressEnabled: false + appVolumeMounts: diff --git a/charts/sabnzbd/2.0.0/values.yaml b/charts/sabnzbd/2.0.0/values.yaml index e79f57f827e..1b45f95b82a 100644 --- a/charts/sabnzbd/2.0.0/values.yaml +++ b/charts/sabnzbd/2.0.0/values.yaml @@ -40,7 +40,7 @@ persistence: # skipuninstall: false # existingClaim: "" -appIngressEnabled: false + # appVolumeMounts: diff --git a/charts/sonarr/2.0.0/charts/common-2.0.0.tgz b/charts/sonarr/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/sonarr/2.0.0/charts/common-2.0.0.tgz and b/charts/sonarr/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/sonarr/2.0.0/questions.yaml b/charts/sonarr/2.0.0/questions.yaml index 2524cb8787c..58ef4996fd1 100644 --- a/charts/sonarr/2.0.0/questions.yaml +++ b/charts/sonarr/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -180,7 +180,8 @@ questions: schema: type: int default: 8989 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -369,15 +370,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -388,6 +388,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -440,27 +470,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/tautulli/2.0.0/charts/common-2.0.0.tgz b/charts/tautulli/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/tautulli/2.0.0/charts/common-2.0.0.tgz and b/charts/tautulli/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/tautulli/2.0.0/questions.yaml b/charts/tautulli/2.0.0/questions.yaml index f49d5e70edb..6ebbe090a82 100644 --- a/charts/tautulli/2.0.0/questions.yaml +++ b/charts/tautulli/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -180,7 +180,8 @@ questions: schema: type: int default: 8181 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -257,15 +258,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -276,6 +276,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -328,27 +358,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/traefik/2.0.0/charts/cert-manager-v1.2.0.tgz b/charts/traefik/2.0.0/charts/cert-manager-v1.2.0.tgz deleted file mode 100644 index 45aa0fd1842..00000000000 Binary files a/charts/traefik/2.0.0/charts/cert-manager-v1.2.0.tgz and /dev/null differ diff --git a/charts/traefik/2.0.0/charts/common-2.0.0.tgz b/charts/traefik/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/traefik/2.0.0/charts/common-2.0.0.tgz and b/charts/traefik/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/traefik/2.0.0/charts/reflector-5.4.17.tgz b/charts/traefik/2.0.0/charts/reflector-5.4.17.tgz deleted file mode 100644 index 20850c0504b..00000000000 Binary files a/charts/traefik/2.0.0/charts/reflector-5.4.17.tgz and /dev/null differ diff --git a/charts/traefik/2.0.0/questions.yaml b/charts/traefik/2.0.0/questions.yaml index d5fc4691055..d2a4988fe47 100644 --- a/charts/traefik/2.0.0/questions.yaml +++ b/charts/traefik/2.0.0/questions.yaml @@ -19,8 +19,8 @@ groups: description: "Configure when pod should be restarted in case of failure" - name: "Resource Reservation" description: "Specify resources to be allocated to workload" - - name: "Ingress" - description: "Configure Reverse Proxy" + - name: "Reverse Proxy Configuration" + description: "Reverse Proxy configuration" - name: "Certmanager Settings" description: "Configure Certmanager" - name: "WARNING" @@ -57,7 +57,7 @@ questions: label: "Image Tag" schema: type: string - default: "2.4.2" + default: "2.4.6" - variable: pullPolicy description: "Docker Image Pull Policy" label: "Image Pull Policy" @@ -108,15 +108,138 @@ questions: default: "002" + - variable: ingress + label: "" + group: "Reverse Proxy Configuration" + schema: + type: dict + attrs: + - variable: main + label: "WebUI" + schema: + type: dict + attrs: + - variable: enabled + label: "Enable Web Reverse Proxy" + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP-IR" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "api@internal" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "TraefikService" + - variable: entrypoint + label: "Select Entrypoint" + schema: + type: string + default: "websecure" + required: true + enum: + - value: "websecure" + description: "Websecure: HTTPS/TLS port 443" + - variable: hosts + label: "Hosts" + schema: + type: list + default: [] + items: + - variable: host + label: "Host" + schema: + type: dict + attrs: + - variable: host + label: "Domain Name" + required: true + schema: + type: string + - variable: paths + label: "paths" + schema: + type: list + default: [] + items: + - variable: path + label: "Path" + schema: + type: dict + attrs: + - variable: path + label: "path" + schema: + type: string + required: true + default: "/" + - variable: pathType + label: "pathType" + schema: + type: string + required: true + default: "prefix" + - variable: certType + label: "Select Certificate Type" + schema: + type: string + default: "selfsigned" + enum: + - value: "" + description: "No Encryption/TLS/Certificates" + - value: "selfsigned" + description: "Self-Signed Certificate" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" + - variable: authForwardURL + label: "Forward Authentication URL" + schema: + type: string + default: "" + +## TrueCharts Specific + - variable: appVolumeMounts label: "app storage" group: "Storage" schema: type: dict attrs: - # Config ------------------------ + # Data ------------------------ - variable: data - label: "Data Dataset" + label: "data dataset" schema: type: dict $ref: @@ -130,6 +253,13 @@ questions: required: true hidden: true editable: false + - variable: setPermissions + label: "Automatic Permissions" + description: "Automatically set permissions on install" + schema: + type: boolean + default: true + hidden: false - variable: emptyDir label: "emptyDir" schema: @@ -165,330 +295,6 @@ questions: type: hostpath required: true - - variable: appIngress - label: "" - group: "Ingress" - schema: - type: dict - attrs: - - variable: webui - label: "Web Reverse Proxy Configuration" - group: "Ingress" - schema: - type: dict - attrs: - - variable: enabled - label: "Enable Web Reverse Proxy" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: entrypoint - label: "Select Entrypoint" - schema: - type: string - default: "websecure" - required: true - enum: - - value: "websecure" - description: "Websecure: HTTPS/TLS port 443" - - variable: host - label: "Host" - required: true - schema: - type: string - - variable: certType - label: "Select Certificate Type" - schema: - type: string - default: "letsencrypt-prod" - enum: - - value: "" - description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - - value: "selfsigned" - description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - show_if: [["certType", "=", "existingcert"]] - default: "" - - variable: authForwardURL - label: "Forward Authentication URL" - schema: - type: string - default: "" - - - variable: certmanager - description: "Configure CertManager Settings" - label: "CertManager Settings" - group: "Certmanager Settings" - schema: - type: dict - required: true - attrs: - - variable: provider - description: "Select the CertManager provider to use" - label: "CertManager Provider" - schema: - type: string - default: "" - enum: - - value: "" - description: "none" - - value: "cloudflare" - description: "Cloudflare" - - value: "cloudDNS" - description: "Google cloudDNS" - - value: "route53" - description: "Route53" - - value: "digitalocean" - description: "Digitalocean" - - value: "rfc2136" - description: "rfc2136" - - value: "azureDNS" - description: "AzureDNS" - - value: "akamai" - description: "Akamai" - - value: "acmeDNS" - description: "acmeDNS" - - variable: email - description: "Email Adress to use with Letsencrypt" - label: "Email-Adress" - schema: - show_if: [["provider", "!=", ""]] - type: string - default: "" - required: true - - variable: wildcardDomain - description: "Enter Domain name here, if you want to setup a global wildcard-domain" - label: "Wildcard Domain" - schema: - show_if: [["provider", "!=", ""]] - type: string - default: "" - - variable: cloudflare - description: "Configure Cloudflare Settings" - label: "Cloudflare Settings" - schema: - show_if: [["provider", "=", "cloudflare"]] - type: dict - required: true - attrs: - - variable: apikey - description: "Enter your Cloudflare API-Key" - label: "API-Key" - schema: - type: string - default: "" - required: true - - variable: cloudDNS - description: "Configure Google cloudDNS Settings" - label: "Google cloudDNS Settings" - schema: - type: dict - show_if: [["provider", "=", "cloudDNS"]] - required: true - attrs: - - variable: project - description: "Enter your Google cloudDNS Project Name" - label: "Project" - schema: - type: string - default: "" - required: true - - variable: keyjson - description: "Enter your Google cloudDNS JSON Key" - label: "Key-JSON" - schema: - type: string - default: "" - required: true - - variable: route53 - description: "Configure Route53 Settings" - label: "Route53 Settings" - schema: - type: dict - show_if: [["provider", "=", "route53"]] - required: true - attrs: - - variable: region - description: "Enter your Route53 Region" - label: "Region" - schema: - type: string - default: "" - required: true - - variable: accessKeyID - description: "Enter your Route53 accessKeyID" - label: "accessKeyID" - schema: - type: string - default: "" - required: true - - variable: secretaccesskey - description: "Enter your Route53 secretaccesskey" - label: "Secretaccesskey" - schema: - type: string - default: "" - required: true - - variable: digitalocean - description: "Configure Digitalocean Settings" - label: "Digitalocean Settings" - schema: - type: dict - show_if: [["provider", "=", "digitalocean"]] - required: true - attrs: - - variable: accesstoken - description: "Enter your Digitalocean Access Token" - label: "Access Token" - schema: - type: string - default: "" - required: true - - variable: rfc2136 - description: "Configure rfc2136 Settings" - label: "rfc2136 Settings" - schema: - type: dict - show_if: [["provider", "=", "rfc2136"]] - required: true - attrs: - - variable: nameserver - description: "Enter your rfc2136 Nameserver" - label: "Nameserver" - schema: - type: string - default: "" - required: true - - variable: tsigKeyName - description: "Enter your rfc2136 tsigKeyName" - label: "tsigKeyName" - schema: - type: string - default: "" - required: true - - variable: tsigsecretkey - description: "Enter your rfc2136 tsigsecretkey" - label: "tsigsecretkey" - schema: - type: string - default: "" - required: true - - variable: tsigAlgorithm - description: "Enter your rfc2136 tsigAlgorithm" - label: "tsigAlgorithm" - schema: - type: string - default: "" - required: true - - variable: azureDNS - description: "Configure AzureDNS Settings" - label: "AzureDNS Settings" - schema: - type: dict - show_if: [["provider", "=", "azureDNS"]] - required: true - attrs: - - variable: environment - description: "Enter your AzureDNS environment" - label: "environment" - schema: - type: string - default: "" - required: true - - variable: subscriptionID - description: "Enter your AzureDNS subscriptionID" - label: "subscriptionID" - schema: - type: string - default: "" - required: true - - variable: resourceGroupName - description: "Enter your AzureDNS resourceGroupName" - label: "resourceGroupName" - schema: - type: string - default: "" - required: true - - variable: hostedZoneName - description: "Enter your AzureDNS hostedZoneName" - label: "hostedZoneName" - schema: - type: string - default: "" - required: true - - variable: akamai - description: "Configure Akamai Settings" - label: "Akamai Settings" - schema: - type: dict - show_if: [["provider", "=", "akamai"]] - required: true - attrs: - - variable: serviceConsumerDomain - description: "Enter your Akamai serviceConsumerDomain" - label: "serviceConsumerDomain" - schema: - type: string - default: "" - required: true - - variable: clientToken - description: "Enter your Akamai clientToken" - label: "clientToken" - schema: - type: string - default: "" - required: true - - variable: clientSecret - description: "Enter your Akamai clientSecret" - label: "clientSecret" - schema: - type: string - default: "" - required: true - - variable: accessToken - description: "Enter your Akamai accessToken" - label: "accessToken" - schema: - type: string - default: "" - required: true - - variable: acmeDNS - description: "Configure acmeDNS Settings" - label: "acmeDNS Settings" - schema: - type: dict - show_if: [["provider", "=", "acmeDNS"]] - required: true - attrs: - - variable: host - description: "Enter your acmeDNS host" - label: "host" - schema: - type: string - default: "" - required: true - - variable: apikey - description: "Enter your acmeDNS acmednsjson" - label: "acmednsjson" - schema: - type: string - default: "" - required: true - - variable: warning label: "This App binds to the same ports as TrueNAS SCALE UI: 80 and 443" description: "Please be sure to set the UI to a different port or adapter" diff --git a/charts/traefik/2.0.0/templates/_podtemplate.tpl b/charts/traefik/2.0.0/templates/_podtemplate.tpl index ec657303545..8552879de67 100644 --- a/charts/traefik/2.0.0/templates/_podtemplate.tpl +++ b/charts/traefik/2.0.0/templates/_podtemplate.tpl @@ -72,12 +72,14 @@ {{- toYaml . | nindent 10 }} {{- end }} volumeMounts: - {{- include "configuredAppVolumeMounts" . | indent 10 }} - #- name: data - # mountPath: {{ .Values.persistence.path }} - # {{- if .Values.persistence.subPath }} - # subPath: {{ .Values.persistence.subPath }} - # {{- end }} + {{- include "common.storage.allContainerVolumeMounts" . | indent 10 }} + {{- if .Values.persistence.enabled }} + - name: {{ .Values.persistence.name }} + mountPath: {{ .Values.persistence.path }} + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- end }} - name: tmp mountPath: /tmp {{- $root := . }} @@ -207,27 +209,29 @@ {{- toYaml .Values.deployment.additionalContainers | nindent 6 }} {{- end }} volumes: - {{- include "configuredAppVolumes" . | indent 8 }} - #- name: data - # {{- if .Values.persistence.enabled }} - # persistentVolumeClaim: - # claimName: {{ default (include "traefik.fullname" .) .Values.persistence.existingClaim }} - # {{- else }} - # emptyDir: {} - # {{- end }} + {{- if .Values.appVolumeMounts }} + {{- include "common.storage.allAppVolumes" . | indent 8 }} + {{- else if .Values.persistence.enabled }} + - name: data + persistentVolumeClaim: + claimName: {{ default (include "traefik.fullname" .) .Values.persistence.existingClaim }} + {{- else }} + - name: data + emptyDir: {} + {{- end }} - name: tmp emptyDir: {} - #{{- $root := . }} - #{{- range .Values.volumes }} - #- name: {{ tpl (.name) $root }} - # {{- if eq .type "secret" }} - # secret: - # secretName: {{ tpl (.name) $root }} - # {{- else if eq .type "configMap" }} - # configMap: - # name: {{ tpl (.name) $root }} - # {{- end }} - #{{- end }} + {{- $root := . }} + {{- range .Values.volumes }} + - name: {{ tpl (.name) $root }} + {{- if eq .type "secret" }} + secret: + secretName: {{ tpl (.name) $root }} + {{- else if eq .type "configMap" }} + configMap: + name: {{ tpl (.name) $root }} + {{- end }} + {{- end }} {{- if .Values.deployment.additionalVolumes }} {{- toYaml .Values.deployment.additionalVolumes | nindent 8 }} {{- end }} diff --git a/charts/traefik/2.0.0/templates/custom/_appStorage.tpl b/charts/traefik/2.0.0/templates/custom/_appStorage.tpl deleted file mode 100644 index 1908fe0552d..00000000000 --- a/charts/traefik/2.0.0/templates/custom/_appStorage.tpl +++ /dev/null @@ -1,52 +0,0 @@ -{{/* -Retrieve host path from ix volumes based on dataset name -*/}} -{{- define "retrieveHostPathFromiXVolume" -}} -{{- range $index, $hostPathConfiguration := $.ixVolumes }} -{{- $dsName := base $hostPathConfiguration.hostPath -}} -{{- if eq $.datasetName $dsName -}} -{{- $hostPathConfiguration.hostPath -}} -{{- end }} -{{- end }} -{{- end -}} - -{{/* -Define appVolumeMounts for container -*/}} -{{- define "configuredAppVolumeMounts" -}} -{{- if and .Values.appVolumesEnabled .Values.appVolumeMounts }} -{{- range $name, $avm := .Values.appVolumeMounts -}} -{{- if $avm.enabled }} -- name: {{ $name }} - mountPath: {{ $avm.mountPath }} - {{- if $avm.subPath }} - subPath: {{ $avm.subPath }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end -}} - -{{/* -Define hostPath for appVolumes -*/}} -{{- define "configuredAppVolumes" -}} -{{- if and .Values.appVolumesEnabled .Values.appVolumeMounts }} -{{- range $name, $av := .Values.appVolumeMounts -}} -{{- if $av.enabled }} -- name: {{ $name }} - {{- if or $av.emptyDir $.Values.emptyDirVolumes }} - emptyDir: {} - {{- else }} - hostPath: - {{ if $av.hostPathEnabled }} - path: {{ required "hostPath not set" $av.hostPath }} - {{- else }} - {{- $volDict := dict "datasetName" $av.datasetName "ixVolumes" $.Values.ixVolumes -}} - path: {{ include "retrieveHostPathFromiXVolume" $volDict }} - {{- end }} - {{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end -}} diff --git a/charts/traefik/2.0.0/templates/custom/appingress.yaml b/charts/traefik/2.0.0/templates/custom/appingress.yaml index 92766f2146a..8f87c68f1e5 100644 --- a/charts/traefik/2.0.0/templates/custom/appingress.yaml +++ b/charts/traefik/2.0.0/templates/custom/appingress.yaml @@ -1,69 +1 @@ -{{- if .Values.appIngress.webui.enabled -}} -{{- if .Values.appIngress.webui.host -}} -{{- if or (eq .Values.appIngress.webui.certType "letsencrypt-prod") (eq .Values.appIngress.webui.certType "letsencrypt-staging") }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: {{ .Release.Name }} - annotations: - # hooks are defined here - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation -spec: - commonName: {{ .Values.appIngress.webui.host }} - secretName: {{ .Release.Name }} - dnsNames: - - {{ .Values.appIngress.webui.host }} - issuerRef: - name: letsencrypt-prod - kind: ClusterIssuer - group: cert-manager.io ---- -{{- end }} -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRoute -metadata: - name: {{ .Release.Name }} -spec: - entryPoints: - - {{ .Values.appIngress.webui.entrypoint }} - routes: - - kind: Rule - match: Host(`{{ .Values.appIngress.webui.host }}`) - services: - - name: api@internal # The internal name of the Dashboard for Traefik - kind: TraefikService - middlewares: - - name: traefik-middlewares-chain-public@kubernetescrd - {{- if .Values.appIngress.webui.authForwardUrl -}} - - name: {{ .Release.Name }}-auth-forward - {{- end }} - {{- if .Values.appIngress.webui.certType }} - tls: {{- if eq .Values.appIngress.webui.certType "selfsigned" -}}[]{{ else if eq .Values.appIngress.webui.certType "existingcert" }} - secretName: {{ .Values.appIngress.webui.existingCert }} - {{- else if eq .Values.appIngress.webui.certType "wildcard" -}} - secretName: wildcardcert - {{ else }} - secretName: {{ .Release.Name }} - {{- end }} - {{- end }} -{{- if .Values.appIngress.webui.authForwardUrl -}} ---- -# Forward authentication -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: {{ .Release.Name }}-auth-forward -spec: - forwardAuth: - address: '{{ .Values.appIngress.webui.authForwardUrl }}' - trustForwardHeader: true - authResponseHeaders: - - Remote-User - - Remote-Groups - - Remote-Name - - Remote-Email -{{- end }} -{{- end }} -{{- end }} +{{ include "common.ingress" . }} diff --git a/charts/traefik/2.0.0/templates/custom/clusterissuer.yaml b/charts/traefik/2.0.0/templates/custom/clusterissuer.yaml deleted file mode 100644 index 19a9c371d3c..00000000000 --- a/charts/traefik/2.0.0/templates/custom/clusterissuer.yaml +++ /dev/null @@ -1,197 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: dns-secrets - #namespace: cert-manager -type: Opaque -stringData: - {{- if eq .Values.certmanager.provider "cloudflare" }} - api-key: {{ .Values.certmanager.cloudflare.apikey | quote }} - {{- else if eq .Values.certmanager.provider "cloudDNS" }} - key-json: {{ .Values.certmanager.cloudDNS.keyjson | quote }} - {{- else if eq .Values.certmanager.provider "route53" }} - secret-access-key: {{ .Values.certmanager.route53.secretaccesskey | quote }} - {{- else if eq .Values.certmanager.provider "digitalocean" }} - access-token: {{ .Values.certmanager.digitalocean.accesstoken | quote }} - {{- else if eq .Values.certmanager.provider "rfc2136" }} - rfc2136: - tsig-secret-key: {{ .Values.certmanager.rfc2136.tsigsecretkey | quote }} - {{- else if eq .Values.certmanager.provider "akamai" }} - clientToken: {{ .Values.certmanager.akamai.clientToken| quote }} - clientSecret: {{ .Values.certmanager.akamai.clientSecret| quote }} - accessToken: {{ .Values.certmanager.akamai.accessToken| quote }} - {{- else if eq .Values.certmanager.provider "acmeDNS" }} - acmedns-json: {{ .Values.certmanager.acmeDNS.acmednsjson | quote }} - {{- end }} ---- -{{- if .Values.certmanager.email -}} -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-prod - #namespace: default - annotations: - # hooks are defined here - "helm.sh/hook": post-install,post-upgrade - #"helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": before-hook-creation -spec: - acme: - # You must replace this email address with your own. - # Let's Encrypt will use this to contact you about expiring - # certificates, and issues related to your account. - email: {{ .Values.certmanager.email }} - server: https://acme-v02.api.letsencrypt.org/directory - privateKeySecretRef: - # Secret resource used to store the account's private key. - name: prod-issuer-account-key - # Add a single challenge solver, DNS01 - solvers: - - dns01: - {{- if eq .Values.certmanager.provider "cloudflare" }} - cloudflare: - email: {{ .Values.certmanager.email }} - apiKeySecretRef: - name: dns-secrets - key: api-key - {{- else if eq .Values.certmanager.provider "cloudDNS" }} - cloudDNS: - # The ID of the GCP project - project: {{ .Values.certmanager.cloudDNS.project }} - # This is the secret used to access the service account - serviceAccountSecretRef: - name: dns-secrets - key: key-json - {{- else if eq .Values.certmanager.provider "route53" }} - route53: - region: {{ .Values.certmanager.route53.region }} - accessKeyID: {{ .Values.certmanager.route53.accessKeyID }} - secretAccessKeySecretRef: - name: dns-secrets - key: secret-access-key - # you can also assume a role with these credentials - role: {{ .Values.certmanager.route53.role }} - {{- else if eq .Values.certmanager.provider "digitalocean" }} - digitalocean: - tokenSecretRef: - name: dns-secrets - key: access-token - {{- else if eq .Values.certmanager.provider "rfc2136" }} - rfc2136: - nameserver: {{ .Values.certmanager.rfc2136.nameserver }} - tsigKeyName: {{ .Values.certmanager.rfc2136.tsigKeyName }} - tsigAlgorithm: {{ .Values.certmanager.rfc2136.tsigAlgorithm }} - tsigSecretSecretRef: - name: dns-secrets - key: tsig-secret-key - {{- else if eq .Values.certmanager.provider "azureDNS" }} - azureDNS: - subscriptionID: {{ .Values.certmanager.azureDNS.subscriptionID }} - resourceGroupName: {{ .Values.certmanager.azureDNS.resourceGroupName }} - hostedZoneName: {{ .Values.certmanager.azureDNS.hostedZoneName }} - environment: {{ .Values.certmanager.azureDNS.environment }} - {{- else if eq .Values.certmanager.provider "akamai" }} - akamai: - serviceConsumerDomain: {{ .Values.certmanager.akamai.serviceConsumerDomain }} - clientTokenSecretRef: - name: dns-secrets - key: clientToken - clientSecretSecretRef: - name: dns-secrets - key: clientSecret - accessTokenSecretRef: - name: dns-secrets - key: akamaiaccessToken - {{- else if eq .Values.certmanager.provider "acmeDNS" }} - acmeDNS: - host: {{ .Values.certmanager.acmeDNS.host }} - accountSecretRef: - name: dns-secrets - key: acmedns-json - {{- end }} ---- -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - #namespace: default - annotations: - # hooks are defined here - "helm.sh/hook": post-install,post-upgrade - #"helm.sh/hook-weight": "0" - "helm.sh/hook-delete-policy": before-hook-creation -spec: - acme: - # You must replace this email address with your own. - # Let's Encrypt will use this to contact you about expiring - # certificates, and issues related to your account. - email: {{ .Values.certmanager.email }} - server: https://acme-staging-v02.api.letsencrypt.org/directory - privateKeySecretRef: - # Secret resource used to store the account's private key. - name: staging-issuer-account-key - # Add a single challenge solver, DNS01 - solvers: - - dns01: - {{- if eq .Values.certmanager.provider "cloudflare" }} - cloudflare: - email: {{ .Values.certmanager.email }} - apiKeySecretRef: - name: dns-secrets - key: api-key - {{- else if eq .Values.certmanager.provider "cloudDNS" }} - cloudDNS: - # The ID of the GCP project - project: {{ .Values.certmanager.cloudDNS.project }} - # This is the secret used to access the service account - serviceAccountSecretRef: - name: dns-secrets - key: key-json - {{- else if eq .Values.certmanager.provider "route53" }} - route53: - region: {{ .Values.certmanager.route53.region }} - accessKeyID: {{ .Values.certmanager.route53.accessKeyID }} - secretAccessKeySecretRef: - name: dns-secrets - key: secret-access-key - # you can also assume a role with these credentials - role: arn:aws:iam::YYYYYYYYYYYY:role/dns-manager - {{- else if eq .Values.certmanager.provider "digitalocean" }} - digitalocean: - tokenSecretRef: - name: dns-secrets - key: access-token - {{- else if eq .Values.certmanager.provider "rfc2136" }} - rfc2136: - nameserver: {{ .Values.certmanager.rfc2136.nameserver }} - tsigKeyName: {{ .Values.certmanager.rfc2136.tsigKeyName }} - tsigAlgorithm: {{ .Values.certmanager.rfc2136.tsigAlgorithm }} - tsigSecretSecretRef: - name: dns-secrets - key: tsig-secret-key - {{- else if eq .Values.certmanager.provider "azureDNS" }} - azureDNS: - subscriptionID: {{ .Values.certmanager.azureDNS.subscriptionID }} - resourceGroupName: {{ .Values.certmanager.azureDNS.resourceGroupName }} - hostedZoneName: {{ .Values.certmanager.azureDNS.hostedZoneName }} - environment: {{ .Values.certmanager.azureDNS.environment }} - {{- else if eq .Values.certmanager.provider "akamai" }} - akamai: - serviceConsumerDomain: {{ .Values.certmanager.akamai.serviceConsumerDomain }} - clientTokenSecretRef: - name: dns-secrets - key: clientToken - clientSecretSecretRef: - name: dns-secrets - key: clientSecret - accessTokenSecretRef: - name: dns-secrets - key: akamaiaccessToken - {{- else if eq .Values.certmanager.provider "acmeDNS" }} - acmeDNS: - host: {{ .Values.certmanager.acmeDNS.host }} - accountSecretRef: - name: dns-secrets - key: acmedns-json - {{- end }} -{{- end }} diff --git a/charts/traefik/2.0.0/templates/custom/tlsoptions.yaml b/charts/traefik/2.0.0/templates/custom/tlsoptions.yaml index bd47cf8ab66..0174854ed2f 100644 --- a/charts/traefik/2.0.0/templates/custom/tlsoptions.yaml +++ b/charts/traefik/2.0.0/templates/custom/tlsoptions.yaml @@ -2,7 +2,6 @@ apiVersion: traefik.containo.us/v1alpha1 kind: TLSOption metadata: name: default - namespace: default spec: minVersion: VersionTLS12 cipherSuites: diff --git a/charts/traefik/2.0.0/templates/custom/wildcard.yaml b/charts/traefik/2.0.0/templates/custom/wildcard.yaml deleted file mode 100644 index c3b441a18a9..00000000000 --- a/charts/traefik/2.0.0/templates/custom/wildcard.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.certmanager.wildcardDomain -}} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: wildcardcert - annotations: - # hooks are defined here - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "10" - "helm.sh/hook-delete-policy": before-hook-creation - reflector.v1.k8s.emberstack.com/secret-reflection-allowed: "true" - reflector.v1.k8s.emberstack.com/secret-reflection-auto-enabled: "true" -spec: - commonName: {{ .Values.certmanager.wildcardDomain }} - secretName: wildcardcert - dnsNames: - - {{ .Values.certmanager.wildcardDomain }} - - '*.{{ .Values.certmanager.wildcardDomain }}' - issuerRef: - name: letsencrypt-prod - kind: ClusterIssuer - group: cert-manager.io -{{- end }} diff --git a/charts/traefik/2.0.0/templates/deployment.yaml b/charts/traefik/2.0.0/templates/deployment.yaml index 28e10e85e85..d64a2e1c8eb 100644 --- a/charts/traefik/2.0.0/templates/deployment.yaml +++ b/charts/traefik/2.0.0/templates/deployment.yaml @@ -3,7 +3,7 @@ {{- with .Values.additionalArguments -}} {{- range . -}} {{- if contains ".acme." . -}} - {{- fail (printf "You can not enabled acme if you set more than one traefik replica") -}} + {{- fail (printf "You can not enable acme if you set more than one traefik replica") -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/charts/traefik/2.0.0/test_values.yaml b/charts/traefik/2.0.0/test_values.yaml index 821d5e22bd3..5ba957a604d 100644 --- a/charts/traefik/2.0.0/test_values.yaml +++ b/charts/traefik/2.0.0/test_values.yaml @@ -82,7 +82,7 @@ experimental: # Create an IngressRoute for the dashboard ingressRoute: dashboard: - enabled: true + enabled: false # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) annotations: {} # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) @@ -442,12 +442,12 @@ autoscaling: persistence: enabled: false # existingClaim: "" - accessMode: ReadWriteOnce - size: 128Mi - # storageClass: "" - path: /data - annotations: {} - # subPath: "" # only mount a subpath of the Volume into the pod + #accessMode: ReadWriteOnce + #size: 128Mi + ## storageClass: "" + #path: /data + #annotations: {} + ## subPath: "" # only mount a subpath of the Volume into the pod # If hostNetwork is true, runs traefik in the host network namespace # To prevent unschedulabel pods due to port collisions, if hostNetwork=true @@ -523,55 +523,20 @@ appVolumeMounts: emptyDir: true mountPath: "/data" - - -appIngress: - webui: - enabled: false +ingress: + dashboard: + enabled: true + type: "HTTP-IR" entrypoint: "websecure" - certType: "letsencrypt-prod" - existingcert: "" - authForwardURL: "" - host: "traefik.example.truecharts.org" - -certmanager: - # general - provider: "" - email: "" - wildcardDomain: "" - # provider specific - cloudflare: - apikey: "placeholder" - cloudDNS: - project: "" - keyjson: "placeholder" - route53: - region: "" - accessKeyID: "" - secretaccesskey: "placeholder" - digitalocean: - accesstoken: "placeholder" - rfc2136: - nameserver: "" - tsigKeyName: "" - tsigAlgorithm: "" - tsigsecretkey: "placeholder" - azureDNS: - environment: "" - subscriptionID: "" - resourceGroupName: "" - hostedZoneName: "" - akamai: - serviceConsumerDomain: "" - clientToken: "placeholder" - clientSecret: "placeholder" - accessToken: "placeholder" - acmeDNS: - host: "" - acmednsjson: "placeholder" - -cert-manager: - installCRDs: true - extraArgs: - - --dns01-recursive-nameservers-only - - --dns01-recursive-nameservers=1.1.1.1:53 + certType: "selfsigned" + serviceName: api@internal + servicePort: + serviceKind: "TraefikService" + annotations: {} + labels: {} + hosts: + - host: chart-example.local + paths: + - path: / + # Ignored if not kubeVersion >= 1.14-0 + pathType: Prefix diff --git a/charts/traefik/2.0.0/values.yaml b/charts/traefik/2.0.0/values.yaml index 4450cf1a109..6b1393faf0d 100644 --- a/charts/traefik/2.0.0/values.yaml +++ b/charts/traefik/2.0.0/values.yaml @@ -82,7 +82,7 @@ experimental: # Create an IngressRoute for the dashboard ingressRoute: dashboard: - enabled: true + enabled: false # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) annotations: {} # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) @@ -516,60 +516,9 @@ podSecurityContext: fsGroup: 65532 -#appVolumeMounts: -# data: -# enabled: true -# emptyDir: false -# datasetName: "data" -# mountPath: "/data" - -appIngress: - webui: - enabled: false - entrypoint: "websecure" - certType: "letsencrypt-prod" - existingcert: "" - authForwardURL: "" - host: "traefik.example.truecharts.org" - -certmanager: - # general - provider: "" - email: "" - wildcardDomain: "" - # provider specific - cloudflare: - apikey: "" - cloudDNS: - project: "" - keyjson: "" - route53: - region: "" - accessKeyID: "" - secretaccesskey: "" - digitalocean: - accesstoken: "" - rfc2136: - nameserver: "" - tsigKeyName: "" - tsigsecretkey: "" - tsigAlgorithm: "" - azureDNS: - environment: "" - subscriptionID: "" - resourceGroupName: "" - hostedZoneName: "" - akamai: - serviceConsumerDomain: "" - clientToken: "" - clientSecret: "" - accessToken: "" - acmeDNS: - host: "" - acmednsjson: "" - -cert-manager: - installCRDs: true - extraArgs: - - --dns01-recursive-nameservers-only - - --dns01-recursive-nameservers=1.1.1.1:53 +appVolumeMounts: + data: + enabled: true + emptyDir: false + datasetName: "data" + mountPath: "/data" diff --git a/charts/transmission/2.0.0/charts/common-2.0.0.tgz b/charts/transmission/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/transmission/2.0.0/charts/common-2.0.0.tgz and b/charts/transmission/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/transmission/2.0.0/questions.yaml b/charts/transmission/2.0.0/questions.yaml index a05cf9e0464..d90890e7fd2 100644 --- a/charts/transmission/2.0.0/questions.yaml +++ b/charts/transmission/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "network / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -179,7 +179,8 @@ questions: schema: type: int default: 9091 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -241,7 +242,8 @@ questions: schema: type: int default: 51413 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -303,7 +305,8 @@ questions: schema: type: int default: 51413 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -436,15 +439,14 @@ questions: required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -455,6 +457,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -507,27 +539,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: @@ -535,7 +561,6 @@ questions: default: "" - variable: tcp label: "TCP Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -553,9 +578,28 @@ questions: default: "TCP" required: true editable: false - enum: - - value: "TCP" - description: "Plain TCP Connections" + hidden: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -565,18 +609,9 @@ questions: enum: - value: "torrent-tcp" description: "Torrent-TCP: port 51413" - - variable: certType - label: "Select Certificate Type" - schema: - editable: false - type: string - default: "" - enum: - - value: "" - description: "No Encryption/TLS/Certificates" + - variable: udp label: "UDP Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -594,9 +629,28 @@ questions: default: "UDP" required: true editable: false - enum: - - value: "UDP" - description: "Plain UDP Connections" + hidden: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: diff --git a/charts/truecommand/2.0.0/charts/common-2.0.0.tgz b/charts/truecommand/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/truecommand/2.0.0/charts/common-2.0.0.tgz and b/charts/truecommand/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/truecommand/2.0.0/questions.yaml b/charts/truecommand/2.0.0/questions.yaml index 97eeacc706a..36680ffcf94 100644 --- a/charts/truecommand/2.0.0/questions.yaml +++ b/charts/truecommand/2.0.0/questions.yaml @@ -7,7 +7,7 @@ groups: description: "network / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" portals: @@ -179,7 +179,8 @@ questions: schema: type: int default: 80 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -256,15 +257,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -275,6 +275,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -327,27 +357,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/tvheadend/2.0.0/charts/common-2.0.0.tgz b/charts/tvheadend/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/tvheadend/2.0.0/charts/common-2.0.0.tgz and b/charts/tvheadend/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/tvheadend/2.0.0/questions.yaml b/charts/tvheadend/2.0.0/questions.yaml index 2a985203b92..cd434295df0 100644 --- a/charts/tvheadend/2.0.0/questions.yaml +++ b/charts/tvheadend/2.0.0/questions.yaml @@ -5,7 +5,7 @@ groups: description: "Container configuration" - name: "Networking" description: "Network configuration" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" - name: "Services" description: "Service configuration" @@ -169,7 +169,8 @@ questions: schema: type: int default: 9981 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -230,7 +231,8 @@ questions: schema: type: int default: 9982 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -361,15 +363,14 @@ questions: type: hostpath required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -380,6 +381,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -432,27 +463,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/charts/tvheadend/2.0.0/test_values.yaml b/charts/tvheadend/2.0.0/test_values.yaml index b9924bff174..971ae4ae535 100644 --- a/charts/tvheadend/2.0.0/test_values.yaml +++ b/charts/tvheadend/2.0.0/test_values.yaml @@ -37,7 +37,7 @@ persistence: emptyDir: false mountPath: /recordings -appIngressEnabled: false + appVolumeMounts: diff --git a/charts/tvheadend/2.0.0/values.yaml b/charts/tvheadend/2.0.0/values.yaml index 6c3224895ea..9e9dac06aef 100644 --- a/charts/tvheadend/2.0.0/values.yaml +++ b/charts/tvheadend/2.0.0/values.yaml @@ -38,7 +38,7 @@ persistence: emptyDir: false mountPath: /recordings -appIngressEnabled: false + # appVolumeMounts: diff --git a/charts/unifi/2.0.0/charts/common-2.0.0.tgz b/charts/unifi/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/unifi/2.0.0/charts/common-2.0.0.tgz and b/charts/unifi/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/unifi/2.0.0/questions.yaml b/charts/unifi/2.0.0/questions.yaml index edf8a21caf0..a079ee5251a 100644 --- a/charts/unifi/2.0.0/questions.yaml +++ b/charts/unifi/2.0.0/questions.yaml @@ -7,8 +7,9 @@ groups: description: "Networking / service configuration" - name: "Storage" description: "configure app volume mounts" - - name: "Ingress" - description: "Ingress configuration" + - name: "Reverse Proxy Configuration" + description: "Reverse Proxy configuration" + portals: web_portal: protocols: @@ -169,7 +170,8 @@ questions: schema: type: int default: 8443 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -231,7 +233,8 @@ questions: schema: type: int default: 8080 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -293,7 +296,8 @@ questions: schema: type: int default: 3478 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -378,25 +382,54 @@ questions: required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Ingress Configuration" - group: "Ingress" schema: type: dict attrs: - variable: enabled - label: "Enable Web Ingress" + label: "Enable Web Reverse Proxy" schema: type: boolean default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -449,27 +482,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: @@ -477,7 +504,6 @@ questions: default: "" - variable: tcp label: "TCP Ingress Configuration" - group: "Ingress" schema: type: dict attrs: @@ -495,9 +521,7 @@ questions: default: "TCP" required: true editable: false - enum: - - value: "TCP" - description: "Plain TCP Connections" + hidden: true - variable: entrypoint label: "Select Entrypoint" schema: @@ -507,18 +531,8 @@ questions: enum: - value: "unificom" description: "Unifi Communications TCP: port 8080" - - variable: certType - label: "Select Certificate Type" - schema: - editable: false - type: string - default: "" - enum: - - value: "" - description: "No Encryption/TLS/Certificates" - variable: udp label: "UDP Ingress Configuration" - group: "Ingress" schema: type: dict attrs: @@ -536,9 +550,7 @@ questions: default: "UDP" required: true editable: false - enum: - - value: "UDP" - description: "Plain UDP Connections" + hidden: true - variable: entrypoint label: "Select Entrypoint" schema: diff --git a/charts/unifi/2.0.0/test_values.yaml b/charts/unifi/2.0.0/test_values.yaml index 9b799afa066..3fbc543f694 100644 --- a/charts/unifi/2.0.0/test_values.yaml +++ b/charts/unifi/2.0.0/test_values.yaml @@ -37,7 +37,7 @@ persistence: enabled: false emptyDir: false -appIngressEnabled: false + appVolumeMounts: diff --git a/charts/unifi/2.0.0/values.yaml b/charts/unifi/2.0.0/values.yaml index 4616d0f6544..df789929c4d 100644 --- a/charts/unifi/2.0.0/values.yaml +++ b/charts/unifi/2.0.0/values.yaml @@ -36,5 +36,3 @@ persistence: config: enabled: false emptyDir: false - -appIngressEnabled: true diff --git a/charts/zwavejs2mqtt/2.0.0/charts/common-2.0.0.tgz b/charts/zwavejs2mqtt/2.0.0/charts/common-2.0.0.tgz index 6fb73265460..43b1b928ffe 100644 Binary files a/charts/zwavejs2mqtt/2.0.0/charts/common-2.0.0.tgz and b/charts/zwavejs2mqtt/2.0.0/charts/common-2.0.0.tgz differ diff --git a/charts/zwavejs2mqtt/2.0.0/questions.yaml b/charts/zwavejs2mqtt/2.0.0/questions.yaml index 915f4ba115b..fc070a5e3a1 100644 --- a/charts/zwavejs2mqtt/2.0.0/questions.yaml +++ b/charts/zwavejs2mqtt/2.0.0/questions.yaml @@ -5,7 +5,7 @@ groups: description: "Container configuration" - name: "Networking" description: "Network configuration" - - name: "Ingress" + - name: "Reverse Proxy Configuration" description: "Reverse Proxy configuration" - name: "Services" description: "Service configuration" @@ -169,7 +169,8 @@ questions: schema: type: int default: 8091 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -231,7 +232,8 @@ questions: schema: type: int default: 3000 - editable: true + editable: false + hidden: true - variable: nodePort label: "(optional) host nodePort to expose to" description: "only get used when nodePort is selected" @@ -344,15 +346,14 @@ questions: default: true required: true - - variable: appIngress + - variable: ingress label: "" - group: "Ingress" + group: "Reverse Proxy Configuration" schema: type: dict attrs: - - variable: webui + - variable: main label: "Web Reverse Proxy Configuration" - group: "Ingress" schema: type: dict attrs: @@ -363,6 +364,36 @@ questions: default: false show_subquestions_if: true subquestions: + - variable: type + label: "Reverse Proxy Type" + schema: + type: string + default: "HTTP" + hidden: true + editable: false + required: true + - variable: serviceName + label: "Service name to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" + # - variable: servicePort + # label: "Service Port to proxy to" + # schema: + # hidden: true + # editable: false + # default: 80 + # type: int + # default: + - variable: serviceKind + label: "Service Kind to proxy to" + schema: + hidden: true + editable: false + type: string + default: "" - variable: entrypoint label: "Select Entrypoint" schema: @@ -415,27 +446,21 @@ questions: label: "Select Certificate Type" schema: type: string - default: "letsencrypt-prod" + default: "selfsigned" enum: - value: "" description: "No Encryption/TLS/Certificates" - - value: "letsencrypt-prod" - description: "Letsencrypt Production Certificates" - - value: "letsencrypt-staging" - description: "Letsencrypt Test Certificates" - - value: "wildcard" - description: "Global Wildcard Certificate" - value: "selfsigned" description: "Self-Signed Certificate" - - value: "existingcert" - description: "Existing Certificate" - show_subquestions_if: "existingcert" - subquestions: - - variable: existingcert - label: "Existing Certificate Name" - schema: - type: string - default: "" + - value: "ixcert" + description: "TrueNAS SCALE Certificate" + - variable: certificate + label: "Select TrueNAS SCALE Certificate" + schema: + type: int + show_if: [["certType", "=", "ixcert"]] + $ref: + - "definitions/certificate" - variable: authForwardURL label: "Forward Authentication URL" schema: diff --git a/library/common-test/crds/ingressroute.yaml b/library/common-test/crds/ingressroute.yaml new file mode 100644 index 00000000000..9422be3c878 --- /dev/null +++ b/library/common-test/crds/ingressroute.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ingressroutes.traefik.containo.us +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: IngressRoute + plural: ingressroutes + singular: ingressroute + scope: Namespaced diff --git a/library/common-test/crds/ingressroutetcp.yaml b/library/common-test/crds/ingressroutetcp.yaml new file mode 100644 index 00000000000..b50eb9dcc46 --- /dev/null +++ b/library/common-test/crds/ingressroutetcp.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ingressroutetcps.traefik.containo.us +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: IngressRouteTCP + plural: ingressroutetcps + singular: ingressroutetcp + scope: Namespaced diff --git a/library/common-test/crds/ingressrouteudp.yaml b/library/common-test/crds/ingressrouteudp.yaml new file mode 100644 index 00000000000..d7c2624b576 --- /dev/null +++ b/library/common-test/crds/ingressrouteudp.yaml @@ -0,0 +1,13 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: ingressrouteudps.traefik.containo.us + +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: IngressRouteUDP + plural: ingressrouteudps + singular: ingressrouteudp + scope: Namespaced diff --git a/library/common-test/crds/middlewares.yaml b/library/common-test/crds/middlewares.yaml new file mode 100644 index 00000000000..513b36f5d8a --- /dev/null +++ b/library/common-test/crds/middlewares.yaml @@ -0,0 +1,12 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: middlewares.traefik.containo.us +spec: + group: traefik.containo.us + version: v1alpha1 + names: + kind: Middleware + plural: middlewares + singular: middleware + scope: Namespaced diff --git a/library/common-test/templates/NOTES.txt b/library/common-test/templates/NOTES.txt new file mode 100644 index 00000000000..90f7b653a50 --- /dev/null +++ b/library/common-test/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "common.notes.defaultNotes" . -}} diff --git a/library/common-test/values.yaml b/library/common-test/values.yaml index 513109ffd2c..a858189c907 100644 --- a/library/common-test/values.yaml +++ b/library/common-test/values.yaml @@ -7,7 +7,7 @@ services: main: port: port: 8080 - test2-tcp: + test1: enabled: true type: ClusterIP port: @@ -15,7 +15,7 @@ services: name: tcp-test protocol: TCP targetPort: 8081 - test2-udp: + test2: enabled: true type: ClusterIP port: @@ -25,7 +25,7 @@ services: targetPort: 8082 additionalServices: - - name: test3-tcp + - name: test3 enabled: true type: ClusterIP port: @@ -33,7 +33,7 @@ additionalServices: name: tcp-test protocol: TCP targetPort: 8083 - - name: test4-dp + - name: test4 enabled: true type: ClusterIP port: @@ -43,7 +43,16 @@ additionalServices: targetPort: 8084 ingress: - enabled: true + test1: + enabled: true + test2: + enabled: true + +additionalIngress: + - name: "test3" + enabled: true + - name: "test4" + enabled: true # these values and names are set specifically with the unittests in mind. fixMountPermissions: false diff --git a/library/common/templates/_all.tpl b/library/common/templates/_all.tpl index 458b4a83cad..9f3c0b3bfb0 100644 --- a/library/common/templates/_all.tpl +++ b/library/common/templates/_all.tpl @@ -39,9 +39,6 @@ Main entrypoint for the common library chart. It will render all underlying temp {{- include "common.statefulset" . | nindent 0 }} {{- end -}} {{ include "common.services" . | nindent 0 }} - {{- print "---" | nindent 0 -}} {{ include "common.ingress" . | nindent 0 }} - {{- print "---" | nindent 0 -}} - {{ include "common.appIngress" . | nindent 0 }} {{ include "common.storage.permissions" . | nindent 0 }} {{- end -}} diff --git a/library/common/templates/_ingress.tpl b/library/common/templates/_ingress.tpl index 2e973ab9826..fe5cb322fec 100644 --- a/library/common/templates/_ingress.tpl +++ b/library/common/templates/_ingress.tpl @@ -21,25 +21,84 @@ Renders the Ingress objects required by the chart by returning a concatinated li of the main Ingress and any additionalIngresses. */}} {{- define "common.ingress" -}} - {{- if .Values.ingress.enabled -}} - {{- $svcPort := .Values.services.main.port.port -}} - - {{- /* Generate primary ingress */ -}} - {{- $ingressValues := .Values.ingress -}} - {{- $_ := set . "ObjectValues" (dict "ingress" $ingressValues) -}} - {{- include "common.classes.ingress" . }} - - {{- /* Generate additional ingresses as required */ -}} - {{- range $index, $extraIngress := .Values.ingress.additionalIngresses }} - {{- if $extraIngress.enabled -}} + {{- /* Generate named ingresses as required */ -}} + {{- range $name, $ingress := .Values.ingress }} + {{- if $ingress.enabled -}} {{- print ("---") | nindent 0 -}} - {{- $ingressValues := $extraIngress -}} - {{- if not $ingressValues.nameSuffix -}} - {{- $_ := set $ingressValues "nameSuffix" $index -}} + {{- $ingressValues := $ingress -}} + + {{/* set defaults */}} + {{- if or (not $ingressValues.nameSuffix) ( ne $name "main" ) -}} + {{- $_ := set $ingressValues "nameSuffix" $name -}} {{ end -}} {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}} - {{- include "common.classes.ingress" $ -}} + {{- if not $ingressValues.type -}} + {{- $_ := set $ingressValues "type" "HTTP" -}} + {{ end -}} + {{- if not $ingressValues.certType -}} + {{- $_ := set $ingressValues "certType" "" -}} + {{ end -}} + + {{- if or ( eq $ingressValues.type "TCP" ) ( eq $ingressValues.type "UDP" ) ( eq $ingressValues.type "HTTP-IR" ) -}} + {{- include "common.classes.ingressRoute" $ -}} + {{- else -}} + {{- include "common.classes.ingress" $ -}} + {{ end -}} + + {{- if $ingressValues.authForwardURL -}} + {{- print ("---") | nindent 0 -}} + {{- include "common.classes.ingress.authForward" $ }} + {{ end -}} + + {{- if eq $ingressValues.certType "ixcert" -}} + {{- $_ := set $ "ObjectValues" (dict "certHolder" $ingressValues) -}} + {{- print ("---") | nindent 0 -}} + {{- include "common.resources.cert.secret" $ }} + {{ end -}} {{- end }} {{- end }} - {{- end }} + + + {{- /* Generate additional ingresses as required */ -}} + {{- range $index, $additionalIngress := .Values.additionalIngress }} + {{- if $additionalIngress.enabled -}} + {{- print ("---") | nindent 0 -}} + {{- $ingressValues := $additionalIngress -}} + + {{/* set defaults */}} + {{- $name := ( $index | quote ) -}} + {{- if $ingressValues.name -}} + {{- $name := $ingressValues.name -}} + {{- end }} + + {{- if or (not $ingressValues.nameSuffix) ( ne $name "main" ) -}} + {{- $_ := set $ingressValues "nameSuffix" $name -}} + {{ end -}} + {{- $_ := set $ "ObjectValues" (dict "ingress" $ingressValues) -}} + {{- if not $ingressValues.type -}} + {{- $_ := set $ingressValues "type" "HTTP" -}} + {{ end -}} + {{- if not $ingressValues.certType -}} + {{- $_ := set $ingressValues "certType" "" -}} + {{ end -}} + + {{- if or ( eq $ingressValues.type "TCP" ) ( eq $ingressValues.type "UDP" ) ( eq $ingressValues.type "HTTP-IR" ) -}} + {{- include "common.classes.ingressRoute" $ -}} + {{- else -}} + {{- include "common.classes.ingress" $ -}} + {{ end -}} + + {{- if $ingressValues.authForwardURL -}} + {{- print ("---") | nindent 0 -}} + {{- include "common.classes.ingress.authForward" $ }} + {{ end -}} + + {{- if eq $ingressValues.certType "ixcert" -}} + {{- $_ := set $ "ObjectValues" (dict "certHolder" $ingressValues) -}} + {{- print ("---") | nindent 0 -}} + {{- include "common.resources.cert.secret" $ }} + {{ end -}} + {{- end }} + {{- end }} + {{- end }} diff --git a/library/common/templates/_notes.tpl b/library/common/templates/_notes.tpl index e687b54fe54..8d701d8e90c 100644 --- a/library/common/templates/_notes.tpl +++ b/library/common/templates/_notes.tpl @@ -21,12 +21,9 @@ Default NOTES.txt content. */}} {{- define "common.notes.defaultNotes" -}} {{- $svcPort := .Values.services.main.port.port -}} -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range .Values.ingress.hosts }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{- if .hostTpl }}{{ tpl .hostTpl $ }}{{ else }}{{ .host }}{{ end }}{{ (first .paths).path }} -{{- end }} -{{- else if contains "NodePort" .Values.services.main.type }} + echo "use your Ingress URL to connect or find the application URL by running these commands:" + +{{- if contains "NodePort" .Values.services.main.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.names.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT diff --git a/library/common/templates/_services.tpl b/library/common/templates/_services.tpl index fd9d1cf0a11..fec8530ebe3 100644 --- a/library/common/templates/_services.tpl +++ b/library/common/templates/_services.tpl @@ -27,8 +27,14 @@ of the main Service and any additionalServices. {{- if $extraService.enabled -}} {{- print ("---") | nindent 0 -}} {{- $serviceValues := $extraService -}} - {{- if not $serviceValues.nameSuffix -}} - {{- $_ := set $serviceValues "nameSuffix" $index -}} + + {{- $name := ( $index | quote ) -}} + {{- if $serviceValues.name -}} + {{- $name := $serviceValues.name -}} + {{- end }} + + {{- if or (not $serviceValues.nameSuffix) ( ne $name "main" ) -}} + {{- $_ := set $serviceValues "nameSuffix" $name -}} {{ end -}} {{- $_ := set $ "ObjectValues" (dict "service" $serviceValues) -}} {{- include "common.classes.service" $ -}} diff --git a/library/common/templates/classes/ingress/_appAuthForward.tpl b/library/common/templates/classes/ingress/_appAuthForward.tpl deleted file mode 100644 index 9353f7736c3..00000000000 --- a/library/common/templates/classes/ingress/_appAuthForward.tpl +++ /dev/null @@ -1,31 +0,0 @@ -{{/* -Renders the additioanl authForward objects from appAuthForward -*/}} -{{- define "common.classes.appAuthForward" -}} -{{- /* Generate TrueNAS SCALE app services as required v1 */ -}} -{{- $values := .Values.appIngress -}} -{{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.appIngress -}} - {{- $values = . -}} - {{- end -}} -{{ end -}} -{{- $authForwardName := include "common.names.fullname" . -}} -{{- if hasKey $values "nameSuffix" -}} - {{- $authForwardName = printf "%v-%v" $authForwardName $values.nameSuffix -}} -{{ end -}} -apiVersion: traefik.containo.us/v1alpha1 -kind: Middleware -metadata: - name: {{ $authForwardName }} -spec: - forwardAuth: - address: {{ $values.authForwardURL }} - tls: - insecureSkipVerify: true -rustForwardHeader: true - authResponseHeaders: - - Remote-User - - Remote-Groups - - Remote-Name - - Remote-Email -{{- end }} diff --git a/library/common/templates/classes/ingress/_appIngressHTTP.tpl b/library/common/templates/classes/ingress/_appIngressHTTP.tpl deleted file mode 100644 index 31b2fa7f940..00000000000 --- a/library/common/templates/classes/ingress/_appIngressHTTP.tpl +++ /dev/null @@ -1,84 +0,0 @@ -{{/* -This template serves as a blueprint for all appIngress objects that are created -within the common library. -*/}} -{{- define "common.classes.appIngressHTTP" -}} -{{- $values := .Values.appIngress -}} -{{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.appIngress -}} - {{- $values = . -}} - {{- end -}} -{{ end -}} -{{- $IngressName := include "common.names.fullname" . -}} -{{- if hasKey $values "nameSuffix" -}} - {{- $IngressName = printf "%v-%v" $IngressName $values.nameSuffix -}} -{{ end -}} -{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}} -{{- $svcPort := $values.servicePort | default $.Values.services.main.port.port -}} -apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} -kind: Ingress -metadata: - name: {{ $IngressName }} - labels: - {{- include "common.labels" . | nindent 4 }} - annotations: - {{- if or (eq $values.certType "letsencrypt-prod") (eq $values.certType "letsencrypt-staging") }} - cert-manager.io/cluster-issuer: {{ $values.certType }} - {{- end }} - traefik.ingress.kubernetes.io/router.entrypoints: {{ $values.entrypoint }} - traefik.ingress.kubernetes.io/router.middlewares: traefik-middlewares-chain-public@kubernetescrd - {{- if $values.authForwardURL }} - traefik.ingress.kubernetes.io/router.middlewares: {{ $IngressName }} - {{- end }} - {{- with $values.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }} - {{- if $values.IngressClassName }} - IngressClassName: {{ $values.appIngressHTTPClassName }} - {{- end }} - {{- end }} - {{- if $values.certType }} - tls: - {{- if eq $values.certType "selfsigned" -}}{}{{ else }} - - hosts: - {{- range $values.hosts }} - - {{ .host | quote }} - {{- end }} - {{- if eq $values.certType "selfsigned" -}} - secretName: - {{ else if eq $values.certType "existingcert" }} - secretName: {{ $values.existingcert }} - {{ else if eq $values.certType "ixcert" }} - secretName: {{ $IngressName }} - {{ else if eq $values.certType "wildcard" }} - secretName: wildcardcert - {{ else }} - secretName: {{ $IngressName }}-tls-secret - {{ end }} - {{ end }} - {{- end }} - rules: - {{- range $values.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ .path }} - {{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }} - pathType: Prefix - {{- end }} - backend: - {{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }} - service: - name: {{ $svcName }} - port: - number: {{ $svcPort }} - {{- else }} - serviceName: {{ $svcName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/library/common/templates/classes/ingress/_appIngressTCP.tpl b/library/common/templates/classes/ingress/_appIngressTCP.tpl deleted file mode 100644 index 24025636d4e..00000000000 --- a/library/common/templates/classes/ingress/_appIngressTCP.tpl +++ /dev/null @@ -1,64 +0,0 @@ -{{/* -This template serves as a blueprint for all appIngressTCP objects that are created -within the common library. -*/}} -{{- define "common.classes.appIngressTCP" -}} -{{- $values := .Values.appIngress -}} -{{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.appIngress -}} - {{- $values = . -}} - {{- end -}} -{{ end -}} -{{- $IngressName := include "common.names.fullname" . -}} -{{- if hasKey $values "nameSuffix" -}} - {{- $IngressName = printf "%v-%v" $IngressName $values.nameSuffix -}} -{{ end -}} -{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}} -{{- $svcPort := $values.servicePort | default $.Values.services.main.port.port -}} -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRouteTCP -metadata: - name: {{ $IngressName }} - labels: - {{- include "common.labels" . | nindent 4 }} - annotations: - {{- if or (eq $values.certType "letsencrypt-prod") (eq $values.certType "letsencrypt-staging") }} - cert-manager.io/cluster-issuer: {{ $values.certType }} - {{- end }} - {{- with $values.annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - entryPoints: - - {{ $values.entrypoint }} - routes: - - match: HostSNI(`*`) - services: - - name: {{ $svcName }} - port: {{ $svcPort }} - weight: 10 - terminationDelay: 400 - {{- if $values.certType }} - tls: - {{- if eq $values.certType "selfsigned" -}}{}{{ else }} - domains: - - main: {{ index $values.hosts 0 }} - sans: - {{- range $values.hosts }} - - {{ .host | quote }} - {{- end }} - {{- if eq $values.certType "selfsigned" -}} - secretName: - {{ else if eq $values.certType "existingcert" }} - secretName: {{ $values.existingcert }} - {{ else if eq $values.certType "ixcert" }} - secretName: {{ $IngressName }} - {{ else if eq $values.certType "wildcard" }} - secretName: wildcardcert - {{ else }} - secretName: {{ $IngressName }}-tls-secret - {{ end }} - {{ end }} - passthrough: false - {{- end }} -{{- end }} diff --git a/library/common/templates/classes/ingress/_appIngressUDP.tpl b/library/common/templates/classes/ingress/_appIngressUDP.tpl deleted file mode 100644 index c4399fd391b..00000000000 --- a/library/common/templates/classes/ingress/_appIngressUDP.tpl +++ /dev/null @@ -1,36 +0,0 @@ -{{/* -This template serves as a blueprint for all appIngressTCP objects that are created -within the common library. -*/}} -{{- define "common.classes.appIngressUDP" -}} -{{- $values := .Values.appIngress -}} -{{- if hasKey . "ObjectValues" -}} - {{- with .ObjectValues.appIngress -}} - {{- $values = . -}} - {{- end -}} -{{ end -}} -{{- $IngressName := include "common.names.fullname" . -}} -{{- if hasKey $values "nameSuffix" -}} - {{- $IngressName = printf "%v-%v" $IngressName $values.nameSuffix -}} -{{ end -}} -{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}} -{{- $svcPort := $values.servicePort | default $.Values.services.main.port.port -}} -apiVersion: traefik.containo.us/v1alpha1 -kind: IngressRouteUDP -metadata: - name: {{ $IngressName }} - labels: - {{- include "common.labels" . | nindent 4 }} - {{- with $values.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - entryPoints: - - {{ $values.entrypoint }} - routes: - - services: - - name: {{ $svcName }} - port: {{ $svcPort }} - weight: 10 -{{- end }} diff --git a/library/common/templates/classes/ingress/_authForward.tpl b/library/common/templates/classes/ingress/_authForward.tpl new file mode 100644 index 00000000000..7cb6b9c5fb2 --- /dev/null +++ b/library/common/templates/classes/ingress/_authForward.tpl @@ -0,0 +1,30 @@ +{{/* +Renders the additional authForward objects from ingress +*/}} +{{- define "common.classes.ingress.authForward" -}} +{{- $authForwardName := include "common.names.fullname" . -}} +{{- $values := .Values -}} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.ingress -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} +{{- if hasKey $values "nameSuffix" -}} + {{- $authForwardName = printf "%v-%v" $authForwardName $values.nameSuffix -}} +{{ end -}} +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ $authForwardName }}-auth-forward +spec: + forwardAuth: + address: {{ $values.authForwardURL | quote }} + tls: + insecureSkipVerify: true + trustForwardHeader: true + authResponseHeaders: + - Remote-User + - Remote-Groups + - Remote-Name + - Remote-Email +{{- end }} diff --git a/library/common/templates/classes/ingress/_ingress.tpl b/library/common/templates/classes/ingress/_ingress.tpl index 868ba48c7b3..5ea5fd03b47 100644 --- a/library/common/templates/classes/ingress/_ingress.tpl +++ b/library/common/templates/classes/ingress/_ingress.tpl @@ -15,44 +15,65 @@ limitations under the License. This file is considered to be modified by the TrueCharts Project. */}} - {{/* This template serves as a blueprint for all Ingress objects that are created within the common library. */}} {{- define "common.classes.ingress" -}} {{- $ingressName := include "common.names.fullname" . -}} -{{- $values := .Values.ingress -}} +{{- $values := .Values -}} +{{- $svcPort := 80 }} +{{- $ingressService := $.Values }} {{- if hasKey . "ObjectValues" -}} {{- with .ObjectValues.ingress -}} {{- $values = . -}} {{- end -}} {{ end -}} + {{- if hasKey $values "nameSuffix" -}} {{- $ingressName = printf "%v-%v" $ingressName $values.nameSuffix -}} + {{- if and ( $.Values.services ) ( not $values.servicePort ) }} + {{- $ingressService := index $.Values.services $values.nameSuffix }} + {{- $svcPort = $ingressService.port.port }} + {{ end -}} +{{- else if and ( $.Values.services ) ( not $values.servicePort ) }} + {{- $svcPort = $.Values.services.main.port.port }} {{ end -}} -{{- $svcName := $values.serviceName | default (include "common.names.fullname" .) -}} -{{- $svcPort := $values.servicePort | default $.Values.services.main.port.port -}} + +{{- $svcName := $values.serviceName | default $ingressName -}} + +{{- if $values.servicePort }} + {{- $svcPort = $values.servicePort -}} +{{- end }} + apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ $ingressName }} labels: {{- include "common.labels" . | nindent 4 }} - {{- with $values.annotations }} annotations: - {{- toYaml . | nindent 4 }} - {{- end }} + traefik.ingress.kubernetes.io/router.entrypoints: {{ $values.entrypoint }} + traefik.ingress.kubernetes.io/router.middlewares: traefik-middlewares-chain-public@kubernetescrd{{ if $values.authForwardURL }},{{ $ingressName }}-auth-forward{{ end }} + {{- with $values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if eq (include "common.capabilities.ingress.apiVersion" $) "networking.k8s.io/v1" }} {{- if $values.ingressClassName }} ingressClassName: {{ $values.ingressClassName }} {{- end }} {{- end }} - {{- if $values.tls }} + {{- if or ( eq $values.certType "selfsigned") (eq $values.certType "ixcert") ( $values.tls ) }} tls: + {{- if $values.tls }} {{- range $values.tls }} - hosts: + {{- if and ( not .hosts ) ( not .hostsTpl ) }} + {{- range $values.hosts }} + - {{ .host | quote }} + {{- end }} + {{- end }} {{- range .hosts }} - {{ . | quote }} {{- end }} @@ -61,10 +82,21 @@ spec: {{- end }} {{- if .secretNameTpl }} secretName: {{ tpl .secretNameTpl $ | quote}} - {{- else }} + {{- else if eq $values.certType "ixcert" }} + secretName: {{ $ingressName }} + {{- else if .secretName }} secretName: {{ .secretName }} {{- end }} {{- end }} + {{- else }} + - hosts: + {{- range $values.hosts }} + - {{ .host | quote }} + {{- end }} + {{- if eq $values.certType "ixcert" }} + secretName: {{ $ingressName }} + {{- end }} + {{- end }} {{- end }} rules: {{- range $values.hosts }} diff --git a/library/common/templates/classes/ingress/_ingressRoute.tpl b/library/common/templates/classes/ingress/_ingressRoute.tpl new file mode 100644 index 00000000000..4a06e15aedd --- /dev/null +++ b/library/common/templates/classes/ingress/_ingressRoute.tpl @@ -0,0 +1,125 @@ +{{/* +This template serves as a blueprint for all ingressRoute objects that are created +within the common library. +*/}} +{{- define "common.classes.ingressRoute" -}} +{{- $ingressName := include "common.names.fullname" . -}} +{{- $values := .Values -}} +{{- $svcPort := 80 }} +{{- $ingressService := $.Values }} +{{- if hasKey . "ObjectValues" -}} + {{- with .ObjectValues.ingress -}} + {{- $values = . -}} + {{- end -}} +{{ end -}} + +{{- if hasKey $values "nameSuffix" -}} + {{- $ingressName = printf "%v-%v" $ingressName $values.nameSuffix -}} + {{- if and ( $.Values.services ) ( not $values.servicePort ) }} + {{- $ingressService := index $.Values.services $values.nameSuffix }} + {{- $svcPort = $ingressService.port.port }} + {{ end -}} +{{- else if and ( $.Values.services ) ( not $values.servicePort ) }} + {{- $svcPort = $.Values.services.main.port.port }} +{{ end -}} + +{{- $svcName := $values.serviceName | default $ingressName -}} + +{{- if $values.servicePort }} + {{- $svcPort = $values.servicePort -}} +{{- end }} + +apiVersion: traefik.containo.us/v1alpha1 +{{- if eq $values.type "UDP" }} +kind: IngressRouteUDP +{{- else if eq $values.type "TCP" }} +kind: IngressRouteTCP +{{- else }} +kind: IngressRoute +{{- end }} +metadata: + name: {{ $ingressName }} + labels: + {{- include "common.labels" . | nindent 4 }} + annotations: + {{- with $values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + entryPoints: + - {{ $values.entrypoint }} + routes: + {{- if eq $values.type "UDP" }} + - services: + - name: {{ $svcName }} + port: {{ $svcPort }} + weight: 10 + {{- else if eq $values.type "TCP" }} + - match: HostSNI(`*`) + services: + - name: {{ $svcName }} + port: {{ $svcPort }} + weight: 10 + terminationDelay: 400 + {{- else }} + - kind: Rule + match: Host(`{{ (index $values.hosts 0).host }}`) + services: + - name: {{ $svcName }} + {{- if $values.serviceKind }} + kind: {{ $values.serviceKind }} + {{- else }} + port: {{ $svcPort }} + {{- end }} + middlewares: + - name: traefik-middlewares-chain-public@kubernetescrd + {{- if $values.authForwardURL }} + - name: "{{ $ingressName }}-auth-forward" + {{- end }} + {{- end }} + +{{- if not ( eq $values.type "UDP" ) }} +{{- if or ( eq $values.certType "selfsigned") (eq $values.certType "ixcert") }} + tls: + domains: + - main: {{ (index $values.hosts 0).host }} + sans: + {{- range $values.hosts }} + - {{ .host | quote }} + {{- end }} + + {{- if $values.tls }} + {{- range $values.tls }} + + {{- if .hosts }} + - main: {{ index .hosts 0 }} + {{- range .hosts }} + sans: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + {{- end }} + {{- end }} + + {{- if .hosts }} + - main: {{ index .hostsTpl 0 }} + {{- range .hosts }} + sans: + {{- range .hostsTpl }} + - {{ tpl . $ | quote }} + {{- end }} + {{- end }} + {{- end }} + + {{- end }} + {{- end }} + + {{- if eq $values.certType "ixcert" }} + secretName: {{ $ingressName }} + {{- end }} + passthrough: false + +{{- end }} +{{- end }} + +{{- end }} diff --git a/library/common/templates/lib/resources/_appingress.tpl b/library/common/templates/lib/resources/_appingress.tpl deleted file mode 100644 index 98328f91cf4..00000000000 --- a/library/common/templates/lib/resources/_appingress.tpl +++ /dev/null @@ -1,37 +0,0 @@ -{{/* -Renders the additional ingress objects from appIngress -*/}} -{{- define "common.appIngress" -}} - {{- if .Values.appIngress -}} - {{- range $name, $ingr := .Values.appIngress }} - {{- if $ingr.enabled -}} - {{- print ("---") | nindent 0 -}} - {{- $ingressValues := $ingr -}} - {{- if not $ingressValues.nameSuffix -}} - {{- $_ := set $ingressValues "nameSuffix" $name -}} - {{ end -}} - {{- $_ := set $ "ObjectValues" (dict "appIngress" $ingressValues) -}} - {{- if $ingressValues.type -}} - {{- if eq $ingressValues.type "UDP" -}} - {{- include "common.classes.appIngressUDP" $ }} - {{- else if eq $ingressValues.type "TCP" -}} - {{- include "common.classes.appIngressTCP" $ }} - {{- else }} - {{- include "common.classes.appIngressHTTP" $ }} - {{- if $ingressValues.authForwardURL }} - {{- include "common.classes.appAuthForward" $ }} - {{- end }} - {{- end }} - {{- else }} - {{- include "common.classes.appIngressHTTP" $ }} - {{- if $ingressValues.authForwardURL }} - {{- include "common.classes.appAuthForward" $ }} - {{- end }} - {{- end }} - {{- $_ := set $ "ObjectValues" (dict "certHolder" $ingressValues) -}} - {{- print ("---") | nindent 0 -}} - {{- include "common.resources.cert.secret" $ }} - {{- end }} - {{- end }} - {{- end }} -{{- end }} diff --git a/library/common/values.yaml b/library/common/values.yaml index 5f5d130262b..590598317db 100644 --- a/library/common/values.yaml +++ b/library/common/values.yaml @@ -173,46 +173,57 @@ additionalServices: [] # annotations: {} # labels: {} -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - labels: {} - hosts: - - host: chart-example.local - ## Or a tpl that is evaluated - # hostTpl: '{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.{{ .Values.ingress.domainname }}' - paths: - - path: / - # Ignored if not kubeVersion >= 1.14-0 - pathType: Prefix - tls: [] - # - secretName: chart-example-tls - ## Or if you need a dynamic secretname - # - secretNameTpl: '{{ include "common.names.fullname" . }}-ingress' - # hosts: - # - chart-example.local - ## Or a tpl that is evaluated - # hostsTpl: - # - '{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.{{ .Values.ingress.domainname }}' - additionalIngresses: [] - # - enabled: false - # nameSuffix: "api" - # annotations: {} - # # kubernetes.io/ingress.class: nginx - # # kubernetes.io/tls-acme: "true" - # labels: {} - # hosts: - # - host: chart-example.local - # paths: - # - path: /api - # # Ignored if not kubeVersion >= 1.14-0 - # pathType: Prefix - # tls: [] - # # - secretName: chart-example-tls - # # hosts: - # # - chart-example.local +# ingress: +# main: +# enabled: false +# # Used when including ingress using {{ include "common.ingress" . }} +# type: "HTTP" +# entrypoint: "websecure" +# certType: "" +# ## Optional: defaults to IngressName +# serviceName: "" +# ## Optional: Almost never needed +# serviceKind: "" +# ## Optional: defaults to either service port +# servicePort: 80 +# annotations: {} +# # kubernetes.io/ingress.class: nginx +# # kubernetes.io/tls-acme: "true" +# labels: {} +# hosts: +# - host: chart-example.local +# ## Or a tpl that is evaluated +# # hostTpl: '{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.{{ .Values.ingress.domainname }}' +# paths: +# - path: / +# # Ignored if not kubeVersion >= 1.14-0 +# pathType: Prefix +# tls: [] +# # - secretName: chart-example-tls +# ## Or if you need a dynamic secretname +# # - secretNameTpl: '{{ include "common.names.fullname" . }}-ingress' +# # hosts: +# # - chart-example.local +# ## Or a tpl that is evaluated +# # hostsTpl: +# # - '{{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.{{ .Values.ingress.domainname }}' +# additionalIngresses: [] +# - enabled: false +# nameSuffix: "api" +# annotations: {} +# # kubernetes.io/ingress.class: nginx +# # kubernetes.io/tls-acme: "true" +# labels: {} +# hosts: +# - host: chart-example.local +# paths: +# - path: /api +# # Ignored if not kubeVersion >= 1.14-0 +# pathType: Prefix +# tls: [] +# # - secretName: chart-example-tls +# # hosts: +# # - chart-example.local persistence: config: @@ -291,32 +302,6 @@ PUID: 568 PGID: 568 UMASK: "002" fixMountPermissions: true -# appAdditionalServicesEnabled: false -# appAdditionalServices: -# api: -# enabled: false -# type: NodePort -# protocol: TCP -# port: -# port: 8091 -# nodePort: 38091 -# additionalPorts: [] -# - name: api-alt -# port: 8092 -# targetPort: 8092 -# protocol: TCP -# nodePort: 38092 -# ws: -# enabled: false -# type: ClusterIP -# port: -# port: 3000 -# additionalPorts: {} -# foo: -# name: ws-alt -# protocol: TCP -# port: 3001 -# targetPort: 3001 # appVolumeMounts: # config: @@ -339,40 +324,3 @@ fixMountPermissions: true # hostPathEnabled: false # hostPath: "" # setPermissions: true - -# appIngress: -# main: -# enabled: false -# entrypoint: "websecure" -# certType: "letsencrypt-prod" -# existingcert: "" -# authForwardURL: "" -# annotations: {} -# labels: {} -# hosts: -# - host: app.truecharts.placeholder -# paths: -# - path: / -# # Ignored if not kubeVersion >= 1.14-0 -# pathType: Prefix -# -# maintcp: -# enabled: false -# type: "TCP" -# entrypoint: "kms" -# certType: "none" -# existingcert: "" -# annotations: {} -# labels: {} -# hosts: -# - host: app.truecharts.placeholder -# paths: -# - path: / -# # Ignored if not kubeVersion >= 1.14-0 -# pathType: Prefix -# mainudp: -# enabled: false -# type: "UDP" -# entrypoint: "DNSUDP" -# annotations: {} -# labels: {}