Commit new Chart releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>

enterprise/traefik/26.4.1/CHANGELOG.md

@@ -22,6 +22,10 @@ title: Changelog
 
 
 
+
+
+
+
 
 
 
@@ -93,7 +97,3 @@ title: Changelog
 
 
 ## [traefik-25.1.10](https://github.com/truecharts/charts/compare/traefik-25.1.9...traefik-25.1.10) (2024-01-09)
-
-### Chore
-
-

enterprise/traefik/26.4.1/Chart.yaml

@@ -4,13 +4,13 @@ annotations:
   truecharts.org/SCALE-support: "true"
   truecharts.org/category: network
   truecharts.org/max_helm_version: "3.14"
-  truecharts.org/min_helm_version: "3.12"
+  truecharts.org/min_helm_version: "3.11"
   truecharts.org/train: enterprise
 apiVersion: v2
 appVersion: 2.11.0
 dependencies:
   - name: common
-    version: 18.0.3
+    version: 18.1.2
     repository: oci://tccr.io/truecharts
     condition: ""
     alias: ""
@@ -36,4 +36,4 @@ sources:
   - https://github.com/truecharts/charts/tree/master/charts/enterprise/traefik
   - https://github.com/truecharts/containers/tree/master/apps/traefik
 type: application
-version: 26.2.1
+version: 26.4.1

enterprise/traefik/26.4.1/ix_values.yaml

@@ -128,16 +128,16 @@ metrics:
 
 globalArguments:
   - "--global.checknewversion"
-  
+
 configmap:
   dashboard:
     enabled: true
     labels:
-      grafana_dashboard: '1'
+      grafana_dashboard: "1"
     data:
       traefik.json: >-
         {{ .Files.Get "dashboard.json" | indent 8 }}
-  
+
 ##
 # -- Additional arguments to be passed at Traefik's binary
 # All available options available on https://docs.traefik.io/reference/static-configuration/cli/
@@ -193,6 +193,7 @@ service:
         enabled: true
         port: 80
         protocol: http
+        externalTrafficPolicy: local
         redirectTo: websecure
         # Options: Empty, 0 (ingore), or positive int
         # redirectPort:
@@ -214,6 +215,7 @@ service:
         enabled: true
         port: 443
         protocol: https
+        externalTrafficPolicy: local
         # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
         forwardedHeaders:
           enabled: false
@@ -436,6 +438,44 @@ middlewares:
   #   modSecurityUrl: modSecurity container URL
   #   timeoutMillis: Configurated  timeout
   #   maxBodySize: maxBodySize
+  crowdsecBouncer: []
+  # - name: modsecurityName
+  #   enabled: false
+  #   logLevel: DEBUG
+  #   updateIntervalSeconds: 60
+  #   defaultDecisionSeconds: 60
+  #   httpTimeoutSeconds: 10
+  #   crowdsecMode: live
+  #   crowdsecAppsecEnabled: false
+  #   crowdsecAppsecHost: crowdsec:7422
+  #   crowdsecAppsecFailureBlock: true
+  #   crowdsecLapiKey: privateKey-foo
+  #   crowdsecLapiKeyFile: /etc/traefik/cs-privateKey-foo
+  #   crowdsecLapiHost: crowdsec:8080
+  #   crowdsecLapiScheme: http
+  #   crowdsecLapiTLSInsecureVerify: false
+  #   crowdsecCapiMachineId: login
+  #   crowdsecCapiPassword: password
+  #   crowdsecCapiScenarios:
+  #     - crowdsecurity/http-path-traversal-probing
+  #     - crowdsecurity/http-xss-probing
+  #     - crowdsecurity/http-generic-bf
+  #   forwardedHeadersTrustedIPs: 
+  #     - 10.0.10.23/32
+  #     - 10.0.20.0/24
+  #   clientTrustedIPs: 
+  #     - 192.168.1.0/24
+  #   forwardedHeadersCustomName: X-Custom-Header
+  #   redisCacheEnabled: false
+  #   redisCacheHost: "redis:6379"
+  #   redisCachePassword: password
+  #   redisCacheDatabase: "5"
+  #   crowdsecLapiTLSCertificateAuthority: |-
+  #   crowdsecLapiTLSCertificateAuthorityFile: /etc/traefik/crowdsec-certs/ca.pem
+  #   crowdsecLapiTLSCertificateBouncer: |-
+  #   crowdsecLapiTLSCertificateBouncerFile: /etc/traefik/crowdsec-certs/bouncer.pem
+  #   crowdsecLapiTLSCertificateBouncerKey: |-
+  #   crowdsecLapiTLSCertificateBouncerKeyFile: /etc/traefik/crowdsec-certs/bouncer-key.pem
   ## Note: body of every request will be buffered in memory while the request is in-flight
   ## (i.e.: during the security check and during the request processing by traefik and the backend),
   ## so you may want to tune maxBodySize depending on how much RAM you have.
@@ -446,6 +486,12 @@ persistence:
     enabled: true
     mountPath: "/plugins-storage"
     type: emptyDir
+  crowdsec-bouncer-tls:
+    enabled: "{{ if .Values.middlewares.crowdsecBouncer }}true{{ else }}false{{ end }}"
+    mountPath: "/etc/traefik/crowdsec-certs"
+    type: secret
+    expandObjectName: false
+    objectName: crowdsec-bouncer-tls
 portal:
   open:
     enabled: true

enterprise/traefik/26.4.1/templates/_args.tpl

@@ -180,6 +180,10 @@ args:
   {{- if .Values.middlewares.modsecurity }}
   - "--experimental.localPlugins.traefik-modsecurity-plugin.modulename=github.com/acouvreur/traefik-modsecurity-plugin"
   {{- end }}
+  {{/* CrowdsecBouncer */}}
+  {{- if .Values.middlewares.crowdsecBouncer }}
+  - "--experimental.localPlugins.crowdsec-bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
+  {{- end }}
   {{/* End of ModSecurity */}}
   {{/* RewriteResponseHeaders */}}
   {{- if .Values.middlewares.rewriteResponseHeaders }}

enterprise/traefik/26.4.1/templates/middlewares/crowdsecBouncer.yaml

@@ -0,0 +1,112 @@
+{{- range $index, $middlewareData := .Values.middlewares.crowdsecBouncer }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  plugin:
+    bouncer:
+    {{- with $middlewareData.enabled -}}
+      enabled:  {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.logLevel -}}
+      logLevel:  {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.updateIntervalSeconds -}}
+      updateIntervalSeconds:  {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.defaultDecisionSeconds -}}
+      defaultDecisionSeconds:  {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.httpTimeoutSeconds -}}
+      httpTimeoutSeconds:  {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecMode -}}
+      crowdsecMode:  {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecAppsecEnabled -}}
+      crowdsecAppsecEnabled:  {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecAppsecHost -}}
+      crowdsecAppsecHost: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecAppsecFailureBlock -}}
+      crowdsecAppsecFailureBlock: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecLapiKey -}}
+      crowdsecLapiKey: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecLapiKeyFile -}}
+      crowdsecLapiKeyFile: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecLapiHost -}}
+      crowdsecLapiHost: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecLapiScheme -}}
+      crowdsecLapiScheme: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecLapiTLSInsecureVerify -}}
+      crowdsecLapiTLSInsecureVerify: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecCapiMachineId -}}
+      crowdsecCapiMachineId: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecCapiPassword -}}
+      crowdsecCapiPassword: {{ . }}
+    {{- end -}}
+    {{- if $middlewareData.crowdsecCapiScenarios -}}
+      crowdsecCapiScenarios:
+      {{- range $middlewareData.crowdsecCapiScenarios -}}
+        - {{ . }}
+      {{- end -}}
+    {{- end -}}
+    {{- if $middlewareData.forwardedHeadersTrustedIPs -}}
+      forwardedHeadersTrustedIPs: 
+      {{- range $middlewareData.forwardedHeadersTrustedIPs -}}
+        - {{ . }}
+      {{- end -}}
+    {{- end -}}
+    {{- if $middlewareData.clientTrustedIPs -}}
+      clientTrustedIPs: 
+      {{- range $middlewareData.clientTrustedIPs -}}
+        - {{ . }}
+      {{- end -}}
+    {{- end -}}
+    {{- with $middlewareData.forwardedHeadersCustomName -}}
+      forwardedHeadersCustomName: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.redisCacheEnabled -}}
+      redisCacheEnabled: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.redisCacheHost -}}
+      redisCacheHost: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.redisCachePassword -}}
+      redisCachePassword: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.redisCacheDatabase -}}
+      redisCacheDatabase: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecLapiTLSCertificateAuthority -}}  
+      crowdsecLapiTLSCertificateAuthority: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecLapiTLSCertificateAuthorityFile -}}
+      crowdsecLapiTLSCertificateAuthorityFile: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecLapiTLSCertificateBouncer -}}  
+      crowdsecLapiTLSCertificateBouncer: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecLapiTLSCertificateBouncerFile -}}
+      crowdsecLapiTLSCertificateBouncerFile: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecLapiTLSCertificateBouncerKey -}}
+      crowdsecLapiTLSCertificateBouncerKey: {{ . }}
+    {{- end -}}
+    {{- with $middlewareData.crowdsecLapiTLSCertificateBouncerKeyFile -}}
+      crowdsecLapiTLSCertificateBouncerKeyFile: {{ . }}
+    {{- end -}}
+
+      
+{{- end -}}