Commit new Chart releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2024-03-04 15:21:25 +00:00
parent 1be50135f1
commit 7af5f508fc
82 changed files with 168 additions and 6 deletions

View File

@ -23,6 +23,11 @@ title: Changelog
@ -92,8 +97,3 @@ title: Changelog
- update metadata in chart.yaml ([#17457](https://github.com/truecharts/charts/issues/17457))
## [traefik-25.1.10](https://github.com/truecharts/charts/compare/traefik-25.1.9...traefik-25.1.10) (2024-01-09)
### Chore

View File

@ -36,4 +36,4 @@ sources:
- https://github.com/truecharts/charts/tree/master/charts/enterprise/traefik
- https://github.com/truecharts/containers/tree/master/apps/traefik
type: application
version: 26.3.0
version: 26.4.3

View File

@ -193,6 +193,7 @@ service:
enabled: true
port: 80
protocol: http
externalTrafficPolicy: local
redirectTo: websecure
# Options: Empty, 0 (ingore), or positive int
# redirectPort:
@ -214,6 +215,7 @@ service:
enabled: true
port: 443
protocol: https
externalTrafficPolicy: local
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders:
enabled: false
@ -436,6 +438,44 @@ middlewares:
# modSecurityUrl: modSecurity container URL
# timeoutMillis: Configurated timeout
# maxBodySize: maxBodySize
crowdsecBouncer: []
# - name: modsecurityName
# enabled: false
# logLevel: DEBUG
# updateIntervalSeconds: 60
# defaultDecisionSeconds: 60
# httpTimeoutSeconds: 10
# crowdsecMode: live
# crowdsecAppsecEnabled: false
# crowdsecAppsecHost: crowdsec:7422
# crowdsecAppsecFailureBlock: true
# crowdsecLapiKey: privateKey-foo
# crowdsecLapiKeyFile: /etc/traefik/cs-privateKey-foo
# crowdsecLapiHost: crowdsec:8080
# crowdsecLapiScheme: http
# crowdsecLapiTLSInsecureVerify: false
# crowdsecCapiMachineId: login
# crowdsecCapiPassword: password
# crowdsecCapiScenarios:
# - crowdsecurity/http-path-traversal-probing
# - crowdsecurity/http-xss-probing
# - crowdsecurity/http-generic-bf
# forwardedHeadersTrustedIPs:
# - 10.0.10.23/32
# - 10.0.20.0/24
# clientTrustedIPs:
# - 192.168.1.0/24
# forwardedHeadersCustomName: X-Custom-Header
# redisCacheEnabled: false
# redisCacheHost: "redis:6379"
# redisCachePassword: password
# redisCacheDatabase: "5"
# crowdsecLapiTLSCertificateAuthority: |-
# crowdsecLapiTLSCertificateAuthorityFile: /etc/traefik/crowdsec-certs/ca.pem
# crowdsecLapiTLSCertificateBouncer: |-
# crowdsecLapiTLSCertificateBouncerFile: /etc/traefik/crowdsec-certs/bouncer.pem
# crowdsecLapiTLSCertificateBouncerKey: |-
# crowdsecLapiTLSCertificateBouncerKeyFile: /etc/traefik/crowdsec-certs/bouncer-key.pem
## Note: body of every request will be buffered in memory while the request is in-flight
## (i.e.: during the security check and during the request processing by traefik and the backend),
## so you may want to tune maxBodySize depending on how much RAM you have.
@ -446,6 +486,12 @@ persistence:
enabled: true
mountPath: "/plugins-storage"
type: emptyDir
crowdsec-bouncer-tls:
enabled: "{{ if .Values.middlewares.crowdsecBouncer }}true{{ else }}false{{ end }}"
mountPath: "/etc/traefik/crowdsec-certs"
type: secret
expandObjectName: false
objectName: crowdsec-bouncer-tls
portal:
open:
enabled: true

View File

@ -180,6 +180,10 @@ args:
{{- if .Values.middlewares.modsecurity }}
- "--experimental.localPlugins.traefik-modsecurity-plugin.modulename=github.com/acouvreur/traefik-modsecurity-plugin"
{{- end }}
{{/* CrowdsecBouncer */}}
{{- if .Values.middlewares.crowdsecBouncer }}
- "--experimental.localPlugins.crowdsec-bouncer.modulename=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
{{- end }}
{{/* End of ModSecurity */}}
{{/* RewriteResponseHeaders */}}
{{- if .Values.middlewares.rewriteResponseHeaders }}

View File

@ -0,0 +1,112 @@
{{- range $index, $middlewareData := .Values.middlewares.crowdsecBouncer }}
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
namespace: {{ $.Release.Namespace }}
spec:
plugin:
bouncer:
{{ with $middlewareData.enabled -}}
enabled: {{ . }}
{{- end }}
{{ with $middlewareData.logLevel -}}
logLevel: {{ . }}
{{- end }}
{{ with $middlewareData.updateIntervalSeconds -}}
updateIntervalSeconds: {{ . }}
{{- end }}
{{ with $middlewareData.defaultDecisionSeconds -}}
defaultDecisionSeconds: {{ . }}
{{- end }}
{{ with $middlewareData.httpTimeoutSeconds -}}
httpTimeoutSeconds: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecMode -}}
crowdsecMode: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecAppsecEnabled -}}
crowdsecAppsecEnabled: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecAppsecHost -}}
crowdsecAppsecHost: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecAppsecFailureBlock -}}
crowdsecAppsecFailureBlock: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecLapiKey -}}
crowdsecLapiKey: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecLapiKeyFile -}}
crowdsecLapiKeyFile: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecLapiHost -}}
crowdsecLapiHost: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecLapiScheme -}}
crowdsecLapiScheme: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecLapiTLSInsecureVerify -}}
crowdsecLapiTLSInsecureVerify: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecCapiMachineId -}}
crowdsecCapiMachineId: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecCapiPassword -}}
crowdsecCapiPassword: {{ . }}
{{- end }}
{{- if $middlewareData.crowdsecCapiScenarios -}}
crowdsecCapiScenarios:
{{- range $middlewareData.crowdsecCapiScenarios -}}
- {{ . }}
{{- end }}
{{- end }}
{{- if $middlewareData.forwardedHeadersTrustedIPs -}}
forwardedHeadersTrustedIPs:
{{- range $middlewareData.forwardedHeadersTrustedIPs -}}
- {{ . }}
{{- end }}
{{- end }}
{{- if $middlewareData.clientTrustedIPs -}}
clientTrustedIPs:
{{- range $middlewareData.clientTrustedIPs -}}
- {{ . }}
{{- end }}
{{- end }}
{{ with $middlewareData.forwardedHeadersCustomName -}}
forwardedHeadersCustomName: {{ . }}
{{- end }}
{{ with $middlewareData.redisCacheEnabled -}}
redisCacheEnabled: {{ . }}
{{- end }}
{{ with $middlewareData.redisCacheHost -}}
redisCacheHost: {{ . }}
{{- end }}
{{ with $middlewareData.redisCachePassword -}}
redisCachePassword: {{ . }}
{{- end }}
{{ with $middlewareData.redisCacheDatabase -}}
redisCacheDatabase: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecLapiTLSCertificateAuthority -}}
crowdsecLapiTLSCertificateAuthority: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecLapiTLSCertificateAuthorityFile -}}
crowdsecLapiTLSCertificateAuthorityFile: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecLapiTLSCertificateBouncer -}}
crowdsecLapiTLSCertificateBouncer: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecLapiTLSCertificateBouncerFile -}}
crowdsecLapiTLSCertificateBouncerFile: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecLapiTLSCertificateBouncerKey -}}
crowdsecLapiTLSCertificateBouncerKey: {{ . }}
{{- end }}
{{ with $middlewareData.crowdsecLapiTLSCertificateBouncerKeyFile -}}
crowdsecLapiTLSCertificateBouncerKeyFile: {{ . }}
{{- end }}
{{- end -}}