diff --git a/incubator/meshcentral/5.0.9/CHANGELOG.md b/incubator/meshcentral/5.0.10/CHANGELOG.md similarity index 89% rename from incubator/meshcentral/5.0.9/CHANGELOG.md rename to incubator/meshcentral/5.0.10/CHANGELOG.md index bba201e634f..912e66ab803 100644 --- a/incubator/meshcentral/5.0.9/CHANGELOG.md +++ b/incubator/meshcentral/5.0.10/CHANGELOG.md @@ -2,6 +2,19 @@ +## [meshcentral-5.0.10](https://github.com/truecharts/charts/compare/meshcentral-5.0.9...meshcentral-5.0.10) (2022-10-27) + +### Chore + +- Auto-update chart README [skip ci] + + ### Fix + +- correctly merge custom domain for scale gui ([#4211](https://github.com/truecharts/charts/issues/4211)) + + + + ## [meshcentral-5.0.9](https://github.com/truecharts/charts/compare/meshcentral-5.0.8...meshcentral-5.0.9) (2022-10-27) ### Chore @@ -84,16 +97,3 @@ - Auto-update chart README [skip ci] - update helm general non-major ([#4182](https://github.com/truecharts/charts/issues/4182)) - - - -## [meshcentral-5.0.2](https://github.com/truecharts/charts/compare/meshcentral-5.0.1...meshcentral-5.0.2) (2022-10-25) - -### Chore - -- Auto-update chart README [skip ci] - - ### Fix - -- use transitioning variable tcdefaultdomain in scale GUI ([#4184](https://github.com/truecharts/charts/issues/4184)) - diff --git a/incubator/meshcentral/5.0.10/Chart.lock b/incubator/meshcentral/5.0.10/Chart.lock new file mode 100644 index 00000000000..ded380f887d --- /dev/null +++ b/incubator/meshcentral/5.0.10/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: common + repository: https://library-charts.truecharts.org + version: 10.7.8 +- name: mongodb + repository: https://charts.truecharts.org/ + version: 2.0.42 +digest: sha256:368ab09d96987d02826b4821e7040b6230712e811bfec896c486195289b5f81d +generated: "2022-10-27T13:54:35.334142339Z" diff --git a/incubator/meshcentral/5.0.9/Chart.yaml b/incubator/meshcentral/5.0.10/Chart.yaml similarity index 94% rename from incubator/meshcentral/5.0.9/Chart.yaml rename to incubator/meshcentral/5.0.10/Chart.yaml index 7b8607902d4..0423f47c166 100644 --- a/incubator/meshcentral/5.0.9/Chart.yaml +++ b/incubator/meshcentral/5.0.10/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 kubeVersion: ">=1.16.0-0" name: meshcentral appVersion: "1.0.90" -version: 5.0.9 +version: 5.0.10 description: MeshCentral is a full computer management web site type: application deprecated: false @@ -18,11 +18,11 @@ sources: dependencies: - name: common repository: https://library-charts.truecharts.org - version: 10.7.7 + version: 10.7.8 - condition: mongodb.enabled name: mongodb repository: https://charts.truecharts.org/ - version: 2.0.40 + version: 2.0.42 maintainers: - email: info@truecharts.org name: TrueCharts diff --git a/incubator/meshcentral/5.0.9/README.md b/incubator/meshcentral/5.0.10/README.md similarity index 96% rename from incubator/meshcentral/5.0.9/README.md rename to incubator/meshcentral/5.0.10/README.md index 9d63ad33582..56b550f7773 100644 --- a/incubator/meshcentral/5.0.9/README.md +++ b/incubator/meshcentral/5.0.10/README.md @@ -22,8 +22,8 @@ Kubernetes: `>=1.16.0-0` | Repository | Name | Version | |------------|------|---------| -| https://charts.truecharts.org/ | mongodb | 2.0.40 | -| https://library-charts.truecharts.org | common | 10.7.7 | +| https://charts.truecharts.org/ | mongodb | 2.0.42 | +| https://library-charts.truecharts.org | common | 10.7.8 | ## Installing the Chart diff --git a/incubator/meshcentral/5.0.9/app-readme.md b/incubator/meshcentral/5.0.10/app-readme.md similarity index 100% rename from incubator/meshcentral/5.0.9/app-readme.md rename to incubator/meshcentral/5.0.10/app-readme.md diff --git a/incubator/meshcentral/5.0.10/charts/common-10.7.8.tgz b/incubator/meshcentral/5.0.10/charts/common-10.7.8.tgz new file mode 100644 index 00000000000..c6c5c7be729 Binary files /dev/null and b/incubator/meshcentral/5.0.10/charts/common-10.7.8.tgz differ diff --git a/incubator/meshcentral/5.0.10/charts/mongodb-2.0.42.tgz b/incubator/meshcentral/5.0.10/charts/mongodb-2.0.42.tgz new file mode 100644 index 00000000000..7deeef806e4 Binary files /dev/null and b/incubator/meshcentral/5.0.10/charts/mongodb-2.0.42.tgz differ diff --git a/incubator/meshcentral/5.0.9/ci/ci-values.yaml b/incubator/meshcentral/5.0.10/ci/ci-values.yaml similarity index 100% rename from incubator/meshcentral/5.0.9/ci/ci-values.yaml rename to incubator/meshcentral/5.0.10/ci/ci-values.yaml diff --git a/incubator/meshcentral/5.0.9/ix_values.yaml b/incubator/meshcentral/5.0.10/ix_values.yaml similarity index 98% rename from incubator/meshcentral/5.0.9/ix_values.yaml rename to incubator/meshcentral/5.0.10/ix_values.yaml index c7dbfa74ebd..2480123b0c7 100644 --- a/incubator/meshcentral/5.0.9/ix_values.yaml +++ b/incubator/meshcentral/5.0.10/ix_values.yaml @@ -6,8 +6,6 @@ image: command: - node - meshcentral/meshcentral - - --configfile - - /opt/meshcentral/meshcentral-config/config.json securityContext: readOnlyRootFilesystem: false @@ -17,12 +15,6 @@ podSecurityContext: runAsUser: 0 runAsGroup: 0 -env: - trigger_redeploy: - secretKeyRef: - name: '{{ include "tc.common.names.fullname" . }}-secret' - key: trigger_redeploy - # - Values with the character _ in-front of them are pruned. Add or remove _ to disable or enable options # - More in-depth info for each options can be found here: https://github.com/Ylianst/MeshCentral/blob/master/meshcentral-config-schema.json # - Check for this chart's specific info in our webpage https://truecharts.org @@ -64,7 +56,7 @@ meshcentral: _StrictTransportSecurity: null # - When enabled, the MeshCentral web site can be embedded within another website's iframe. allowFraming: false - # - Options: strict | lax | none + # - Options: strict | lax | none | true _cookieIpCheck: lax # - When enabled, allows use of WebRTC to allow direct network traffic between the agent and browser. webRTC: false @@ -93,7 +85,7 @@ meshcentral: # - Enables server-side, websocket per-message deflate compression. wsCompression: true # - Enables agent-side, websocket per-message deflate compression. wscompression must also be true for this to work. - _agentWsCompression: true + agentWsCompression: true # - Set to 1 to present the server from updating any agent. _noAgentUpdate: 0 # - When set to 2, all agents that need to be updated will use the meshcore.js update system. With the default value of 1, the native update system is used. @@ -209,25 +201,25 @@ meshcentral: _redirects: meshcommander: https://www.meshcommander.com/ # - This section described a policy for how many times an IP address is allowed to attempt to login incorrectly. By default it's 10 times in 10 minutes, but this can be changed here. - _maxInvalidLogin: + maxInvalidLogin: # - Ranges of IP addresses that are not subject to invalid login limitations. For example: 192.168.1.0/24,172.16.0.1 - exclude: null + _exclude: "" # - Time in minutes over which the a maximum number of invalid login attempts is allowed from an IP address. time: 10 # - Maximum number of invalid login attempts from an IP address in the time period. count: 10 # - Additional time in minute that login attempts will be denied once the invalid login limit is reached. - coolofftime: null + coolofftime: 30 # - This section described a policy for how many times an IP address is allowed to attempt to perform two-factor authentication (2FA) incorrectly. By default it's 10 times in 10 minutes, but this can be changed here. - _maxInvalid2fa: + maxInvalid2fa: # - Ranges of IP addresses that are not subject to invalid 2FA limitations. For example: 192.168.1.0/24,172.16.0.1 - exclude: null + _exclude: "" # - Time in minutes over which the a maximum number of invalid 2FA attempts is allowed from an IP address. time: 10 # - Maximum number of invalid 2FA attempts from an IP address in the time period. count: 10 # - Additional time in minute that 2FA attempts will be denied once the invalid login limit is reached. - coolofftime: null + coolofftime: 30 # - When present, this section will enable the Intel AMT provisioning server on the local network. This is used for Intel AMT bare-metal ACM activation. _amtProvisioningServer: # - Port number that provisioning server will listen to. @@ -529,13 +521,13 @@ meshcentral: # - Action taken if one of the lines in meshagent.tag contains ~ServerTags:tag1,tag2,tag3. 0=Ignore, 1=Set, 2=SetIfEmpty, 3=Append. ServerTags: 0 # - Enables the geo-location feature and device location map in the user interface, this feature is not being worked on. - _geoLocation: false + geoLocation: true # - When enabled, activates the built-in web-based VNC client. - _novnc: true + novnc: true # - When enabled, activates the built-in web-based RDP client. - _mstsc: false + mstsc: true # - When enabled, activates the built-in web-based SSH client. - _ssh: false + ssh: true # - Path where to find custom email templates for this domain. _webEmailsPath: null _customUI: null @@ -995,10 +987,8 @@ persistence: readOnly: true defaultMode: "0600" objectName: '{{ include "tc.common.names.fullname" . }}-secret' - mountPath: /opt/meshcentral/meshcentral-config - items: - - key: config.json - path: config.json + mountPath: /opt/meshcentral/meshcentral-data/config.json + subPath: config.json portal: enabled: true diff --git a/incubator/meshcentral/5.0.9/questions.yaml b/incubator/meshcentral/5.0.10/questions.yaml similarity index 96% rename from incubator/meshcentral/5.0.9/questions.yaml rename to incubator/meshcentral/5.0.10/questions.yaml index c040d22f5e8..eeb47f11f9f 100644 --- a/incubator/meshcentral/5.0.9/questions.yaml +++ b/incubator/meshcentral/5.0.10/questions.yaml @@ -235,6 +235,12 @@ questions: schema: type: boolean default: true + - variable: agentWsCompression + label: agentWsCompression + description: Enables agent-side, websocket per-message deflate compression. wscompression must also be true for this to work. + schema: + type: boolean + default: true - variable: allowFraming label: allowFraming description: When enabled, the MeshCentral web site can be embedded within another website's iframe. @@ -253,6 +259,18 @@ questions: schema: type: boolean default: true + - variable: agentLogDump + label: agentLogDump + description: Automatically downloads all agent error logs into meshcentral-data/agenterrorlogs.txt. + schema: + type: boolean + default: false + - variable: agentCoreDump + label: agentCoreDump + description: Automatically activates and transfers any agent crash dump files to the server in meshcentral-data/coredumps. + schema: + type: boolean + default: false - variable: browserPing label: browserPing description: When specified, sends data to the browser at x seconds interval and expects a response from the browser. @@ -283,17 +301,66 @@ questions: schema: type: int default: -99 - - variable: plugins - label: Section + - variable: maxInvalidLogin + label: Section schema: additional_attrs: true type: dict attrs: - - variable: enabled - label: enabled + - variable: time + label: time + description: Time in minutes over which the a maximum number of invalid login attempts is allowed from an IP address. schema: - type: boolean - default: false + type: int + default: 10 + - variable: count + label: count + description: Maximum number of invalid login attempts from an IP address in the time period. + schema: + type: int + default: 10 + - variable: coolofftime + label: coolofftime + description: Additional time in minute that login attempts will be denied once the invalid login limit is reached. + schema: + type: int + default: 30 + - variable: exclude + label: exclude + description: Ranges of IP addresses that are not subject to invalid login limitations. For example 192.168.1.0/24,172.16.0.1 + schema: + type: string + default: "" + - variable: maxInvalid2fa + label: Section + schema: + additional_attrs: true + type: dict + attrs: + - variable: time + label: time + description: Time in minutes over which the a maximum number of invalid 2FA attempts is allowed from an IP address. + schema: + type: int + default: 10 + - variable: count + label: count + description: Maximum number of invalid 2FA attempts from an IP address in the time period. + schema: + type: int + default: 10 + - variable: coolofftime + label: coolofftime + description: Additional time in minute that 2FA attempts will be denied once the invalid login limit is reached. + schema: + type: int + default: 30 + - variable: exclude + label: exclude + description: Ranges of IP addresses that are not subject to invalid 2FA limitations. For example 192.168.1.0/24,172.16.0.1 + schema: + type: string + default: "" - variable: autobackup label: Section schema: @@ -376,6 +443,17 @@ questions: type: string required: true default: "" + - variable: plugins + label: Section + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: enabled + schema: + type: boolean + default: false - variable: domains label: Section schema: @@ -428,6 +506,30 @@ questions: schema: type: boolean default: true + - variable: mstsc + label: mstsc + description: When enabled, activates the built-in web-based RDP client. + schema: + type: boolean + default: true + - variable: ssh + label: ssh + description: When enabled, activates the built-in web-based SSH client. + schema: + type: boolean + default: true + - variable: novnc + label: novnc + description: When enabled, activates the built-in web-based VNC client. + schema: + type: boolean + default: true + - variable: geoLocation + label: geoLocation + description: Enables the geo-location feature and device location map in the user interface, this feature is not being worked on. + schema: + type: boolean + default: true - variable: nightMode label: nightMode description: 0 = User selects day/night mode, 1 = Always night mode, 2 = Always day mode @@ -446,6 +548,30 @@ questions: max: 2 requited: true default: 2 + - variable: deviceMeshRouterLinks + label: Section + schema: + additional_attrs: true + type: dict + attrs: + - variable: rdp + label: rdp + description: Display a RDP link in the device tab when supported + schema: + type: boolean + default: true + - variable: ssh + label: ssh + description: Display a SSH link in the device tab when supported + schema: + type: boolean + default: true + - variable: scp + label: scp + description: Display a SCP link in the device tab when supported + schema: + type: boolean + default: true - variable: agentCustomization label: Section schema: diff --git a/incubator/meshcentral/5.0.9/templates/_secret.tpl b/incubator/meshcentral/5.0.10/templates/_secret.tpl similarity index 81% rename from incubator/meshcentral/5.0.9/templates/_secret.tpl rename to incubator/meshcentral/5.0.10/templates/_secret.tpl index 07dc63dcb1c..17b21de5e61 100644 --- a/incubator/meshcentral/5.0.9/templates/_secret.tpl +++ b/incubator/meshcentral/5.0.10/templates/_secret.tpl @@ -2,6 +2,8 @@ {{- define "meshcentral.secret" -}} {{- $secretName := printf "%s-secret" (include "tc.common.names.fullname" .) }} +{{- $secretStorageName := printf "%s-storage-secret" (include "tc.common.names.fullname" .) }} + {{- $config := .Values.meshcentral }} {{- $isScale := false }} @@ -12,7 +14,7 @@ {{- end }} {{- $sessionKey := "" }} -{{- with (lookup "v1" "Secret" .Release.Namespace $secretName) }} +{{- with (lookup "v1" "Secret" .Release.Namespace $secretStorageName) }} {{- $sessionKey = (index .data "session_key") }} {{- else }} {{- $sessionKey = randAlphaNum 32 }} @@ -43,10 +45,25 @@ {{- end }} {{- if $isScale }} - {{- $config = (include "prune.keys.scale" $config) }} + {{- $config = (include "mergeAndrenameDefaultDomain" $config) }} + {{- $config = (include "prune.keys.scale" (fromYaml $config)) }} {{- else }} {{- $config = (include "prune.keys" $config) }} {{- end }} + +--- + +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ $secretStorageName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +data: + {{/* Store session_key to reuse */}} + session_key: {{ $sessionKey | b64enc }} + --- apiVersion: v1 @@ -57,9 +74,6 @@ metadata: labels: {{- include "tc.common.labels" . | nindent 4 }} data: - {{/* Store session_key to reuse */}} - session_key: {{ $sessionKey | b64enc }} - trigger_redeploy: {{ randAlpha 5 | b64enc }} {{/* The actual config */}} config.json: | {{- toPrettyJson (fromYaml $config) | b64enc | nindent 4 }} @@ -85,17 +99,8 @@ data: {{/* Prunes int and float equal to -99 */}} {{/* Prunes empty strings (Does not prune empty strings in lists) */}} {{/* Prunes keys that start with _ */}} -{{/* Renames tcdefaultdomain variable to "" as this is the key used by MeshCentral */}} -{{/* but SCALE GUI does not handle it well */}} {{- define "prune.keys.scale" }} {{- $values := . }} - {{- if (hasKey $values "domains") }} - {{- if (hasKey $values.domains "tcdefaultdomain") }} - {{- $defaultDomain := $values.domains.tcdefaultdomain }} - {{- $_ := set $values.domains "" $defaultDomain }} - {{- $_ := unset $values.domains "tcdefaultdomain" }} - {{- end }} - {{- end }} {{- range $k, $v := $values }} {{- if eq (kindOf $v) "string" }} {{- if not $v }} @@ -122,3 +127,14 @@ data: {{- end }} {{- toYaml $values }} {{- end }} + +{{/* Renames tcdefaultdomain variable to "" as this is the key used by MeshCentral */}} +{{/* but SCALE GUI does not handle it well */}} +{{- define "mergeAndrenameDefaultDomain" }} + {{- $values := . }} + {{- $defaultDomain := index $values.domains "" }} + {{- $computedDomain := mergeOverwrite $defaultDomain $values.domains.tcdefaultdomain }} + {{- $_ := set $values.domains "" $computedDomain }} + {{- $_ := unset $values.domains "tcdefaultdomain" }} + {{- toYaml $values }} +{{- end }} diff --git a/incubator/meshcentral/5.0.9/templates/common.yaml b/incubator/meshcentral/5.0.10/templates/common.yaml similarity index 100% rename from incubator/meshcentral/5.0.9/templates/common.yaml rename to incubator/meshcentral/5.0.10/templates/common.yaml diff --git a/incubator/meshcentral/5.0.9/values.yaml b/incubator/meshcentral/5.0.10/values.yaml similarity index 100% rename from incubator/meshcentral/5.0.9/values.yaml rename to incubator/meshcentral/5.0.10/values.yaml diff --git a/incubator/meshcentral/5.0.9/Chart.lock b/incubator/meshcentral/5.0.9/Chart.lock deleted file mode 100644 index 351d4b1b695..00000000000 --- a/incubator/meshcentral/5.0.9/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: common - repository: https://library-charts.truecharts.org - version: 10.7.7 -- name: mongodb - repository: https://charts.truecharts.org/ - version: 2.0.40 -digest: sha256:d4f7a8e0a0b71397241720094b69aaafad84c580c21f86c83d521e03affddb20 -generated: "2022-10-27T08:06:13.936954863Z" diff --git a/incubator/meshcentral/5.0.9/charts/common-10.7.7.tgz b/incubator/meshcentral/5.0.9/charts/common-10.7.7.tgz deleted file mode 100644 index 94ac67364b7..00000000000 Binary files a/incubator/meshcentral/5.0.9/charts/common-10.7.7.tgz and /dev/null differ diff --git a/incubator/meshcentral/5.0.9/charts/mongodb-2.0.40.tgz b/incubator/meshcentral/5.0.9/charts/mongodb-2.0.40.tgz deleted file mode 100644 index b701a41dd4a..00000000000 Binary files a/incubator/meshcentral/5.0.9/charts/mongodb-2.0.40.tgz and /dev/null differ