truecharts.local
/
catalog
mirror of https://github.com/truecharts/catalog.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Commit new Chart releases for TrueCharts 

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2023-02-15 05:30:29 +00:00
parent e8f955fd89
commit 94aebb8d8e
32 changed files with 3845 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
enterprise/traefik/16.0.14/CHANGELOG.md Normal file
View File

@ -0,0 +1,39 @@
**Important:**
*for the complete changelog, please refer to the website*
## [traefik-16.0.14](https://github.com/truecharts/charts/compare/traefik-16.0.13...traefik-16.0.14) (2023-02-15)
### Chore
- update container image tccr.io/truecharts/traefik to v
## [traefik-16.0.13](https://github.com/truecharts/charts/compare/traefik-16.0.12...traefik-16.0.13) (2023-02-11)
### Chore
- update container image tccr.io/truecharts/traefik to 2.9.6
## [traefik-16.0.12](https://github.com/truecharts/charts/compare/traefik-16.0.11...traefik-16.0.12) (2023-02-10)
### Chore
- Add blacklistMode on geoblock and fix label ([#6416](https://github.com/truecharts/charts/issues/6416))
### Feat
- move Grafana, Prometheus and Traefik to Enterprise Train ([#6372](https://github.com/truecharts/charts/issues/6372))
### Fix
- ensure new helm deps repo is used in latest releases as well.

32
enterprise/traefik/16.0.14/Chart.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: v2
appVersion: "2.9.6"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
deprecated: false
description: Traefik is a flexible reverse proxy and Ingress Provider.
home: https://truecharts.org/charts/enterprise/traefik
icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png
keywords:
- traefik
- ingress
kubeVersion: ">=1.16.0-0"
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: traefik
sources:
- https://github.com/truecharts/charts/tree/master/charts/enterprise/traefik
- https://hub.docker.com/_/traefik
- https://github.com/traefik/traefik
- https://github.com/traefik/traefik-helm-chart
- https://traefik.io/
type: application
version: 16.0.14
annotations:
truecharts.org/catagories: |
- network
truecharts.org/SCALE-support: "true"
truecharts.org/grade: U

27
enterprise/traefik/16.0.14/README.md Normal file
View File

@ -0,0 +1,27 @@
# README
## General Info
TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
However only installations using the TrueNAS SCALE Apps system are supported.
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/)
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
## Support
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
- See the [Website](https://truecharts.org)
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
---
## Sponsor TrueCharts
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
*All Rights Reserved - The TrueCharts Project*

9
enterprise/traefik/16.0.14/app-changelog.md Normal file
View File

@ -0,0 +1,9 @@
## [traefik-16.0.14](https://github.com/truecharts/charts/compare/traefik-16.0.13...traefik-16.0.14) (2023-02-15)
### Chore
- update container image tccr.io/truecharts/traefik to v

8
enterprise/traefik/16.0.14/app-readme.md Normal file
View File

@ -0,0 +1,8 @@
Traefik is a flexible reverse proxy and Ingress Provider.
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/traefik](https://truecharts.org/charts/enterprise/traefik)
---
TrueCharts can only exist due to the incredible effort of our staff.
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!

BIN
enterprise/traefik/16.0.14/charts/common-11.1.2.tgz Normal file
View File

Binary file not shown.

407
enterprise/traefik/16.0.14/ix_values.yaml Normal file
View File

@ -0,0 +1,407 @@
image:
repository: tccr.io/truecharts/traefik
# defaults to appVersion
tag: 2.9.6@sha256:cd967c1afead8a5f78a20f974574b0e705dbac869956244e5767a9b54ed26e85
pullPolicy: IfNotPresent
# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
ingressClass:
# true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
enabled: false
isDefaultClass: false
# Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
fallbackApiVersion: ""
# -- Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
enabled: true
# Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: "9180"
#
# -- Configure providers
providers:
kubernetesCRD:
enabled: true
namespaces:
[]
# - "default"
kubernetesIngress:
enabled: true
# labelSelector: environment=production,method=traefik
namespaces:
[]
# - "default"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: true
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
# -- Logs
# https://docs.traefik.io/observability/logs/
logs:
# Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
general:
# By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: ERROR
# -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format
format: common
access:
# To enable access logs
enabled: false
# To write the logs in an asynchronous fashion, specify a bufferingSize option.
# This option represents the number of log lines Traefik will keep in memory before writing
# them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
# Filtering https://docs.traefik.io/observability/access-logs/#filtering
filters:
{}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
# Fields
# https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
fields:
general:
defaultmode: keep
names:
{}
# Examples:
# ClientUsername: drop
headers:
defaultmode: drop
names:
{}
# Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
# -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
format: common
metrics:
# datadog:
# address: 127.0.0.1:8125
# influxdb:
# address: localhost:8089
# protocol: udp
prometheus:
entryPoint: metrics
# statsd:
# address: localhost:8125
globalArguments:
- "--global.checknewversion"
##
# -- Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments:
- "--metrics.prometheus"
- "--ping"
- "--serverstransport.insecureskipverify=true"
- "--providers.kubernetesingress.allowexternalnameservices=true"
# -- TLS Options to be created as TLSOption CRDs
# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
# Example:
tlsOptions:
default:
sniStrict: false
minVersion: VersionTLS12
curvePreferences:
- CurveP521
- CurveP384
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
# -- Options for the main traefik service, where the entrypoints traffic comes from
# from.
service:
main:
type: LoadBalancer
ports:
main:
port: 9000
targetPort: 9000
protocol: HTTP
# -- Forwarded Headers should never be enabled on Main entrypoint
forwardedHeaders:
enabled: false
# -- Proxy Protocol should never be enabled on Main entrypoint
proxyProtocol:
enabled: false
tcp:
enabled: true
type: LoadBalancer
ports:
web:
enabled: true
port: 9080
protocol: HTTP
redirectTo: websecure
# Options: Empty, 0 (ingore), or positive int
# redirectPort:
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders:
enabled: false
# -- List of trusted IP and CIDR references
trustedIPs: []
# -- Trust all forwarded headers
insecureMode: false
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
proxyProtocol:
enabled: false
# -- Only IPs in trustedIPs will lead to remote client address replacement
trustedIPs: []
# -- Trust every incoming connection
insecureMode: false
websecure:
enabled: true
port: 9443
protocol: HTTPS
# -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
forwardedHeaders:
enabled: false
# -- List of trusted IP and CIDR references
trustedIPs: []
# -- Trust all forwarded headers
insecureMode: false
# -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
proxyProtocol:
enabled: false
# -- Only IPs in trustedIPs will lead to remote client address replacement
trustedIPs: []
# -- Trust every incoming connection
insecureMode: false
# tcpexample:
# enabled: true
# targetPort: 9443
# protocol: TCP
# tls:
# enabled: false
# # this is the name of a TLSOption definition
# options: ""
# certResolver: ""
# domains: []
# # - main: example.com
# # sans:
# # - foo.example.com
# # - bar.example.com
metrics:
enabled: true
type: ClusterIP
ports:
metrics:
enabled: true
port: 9180
targetPort: 9180
protocol: HTTP
# -- Forwarded Headers should never be enabled on Metrics entrypoint
forwardedHeaders:
enabled: false
# -- Proxy Protocol should never be enabled on Metrics entrypoint
proxyProtocol:
enabled: false
udp:
enabled: false
# probes:
# # -- Liveness probe configuration
# # @default -- See below
# liveness:
# # -- sets the probe type when not using a custom probe
# # @default -- "TCP"
# type: HTTP
# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# # @default -- "/"
# path: "/ping"
# # -- Redainess probe configuration
# # @default -- See below
# readiness:
# # -- sets the probe type when not using a custom probe
# # @default -- "TCP"
# type: HTTP
# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# # @default -- "/"
# path: "/ping"
# # -- Startup probe configuration
# # @default -- See below
# startup:
# # -- sets the probe type when not using a custom probe
# # @default -- "TCP"
# type: HTTP
# # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
# # @default -- "/"
# path: "/ping"
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
main:
enabled: true
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- middlewaretcps
- tlsoptions
- tlsstores
- traefikservices
- serverstransports
verbs:
- get
- list
- watch
# -- The service account the pods will use to interact with the Kubernetes API
serviceAccount:
main:
enabled: true
# -- SCALE Middleware Handlers
middlewares:
basicAuth: []
# - name: basicauthexample
# users:
# - username: testuser
# password: testpassword
forwardAuth: []
# - name: forwardAuthexample
# address: https://auth.example.com/
# authResponseHeaders:
# - X-Secret
# - X-Auth-User
# authRequestHeaders:
# - "Accept"
# - "X-CustomHeader"
# authResponseHeadersRegex: "^X-"
# trustForwardHeader: true
chain: []
# - name: chainname
# middlewares:
# - name: compress
redirectScheme: []
# - name: redirectSchemeName
# scheme: https
# permanent: true
rateLimit: []
# - name: rateLimitName
# average: 300
# burst: 200
redirectRegex: []
# - name: redirectRegexName
# regex: putregexhere
# replacement: replacementurlhere
# permanent: false
stripPrefixRegex: []
# - name: stripPrefixRegexName
# regex: []
ipWhiteList: []
# - name: ipWhiteListName
# sourceRange: []
# ipStrategy:
# depth: 2
# excludedIPs: []
themeParkVersion: v1.3.0
themePark: []
# - name: themeParkName
# -- Supported apps, lower case name
# -- https://docs.theme-park.dev/themes
# app: appnamehere
# -- Supported themes, lower case name
# -- https://docs.theme-park.dev/themes/APPNAMEHERE
# -- https://docs.theme-park.dev/community-themes
# theme: themenamehere
# -- https://theme-park.dev or a self hosted url
# baseUrl: https://theme-park.dev
realIPVersion: v1.0.3
# Sets X-Real-Ip with an IP from the X-Forwarded-For or
# Cf-Connecting-Ip (If from Cloudflare)
# Evaluation of those headers will go from last to first
realIP: []
# - name: realIPName
# -- The real IP will be the first one that is
# -- not included in any of the CIDRs passed here
# excludedNetworks:
# - 1.1.1.1/24
addPrefix: []
# - name: addPrefixName
# prefix: "/foo"
geoBlockVersion: v0.2.4
geoBlock: []
# -- https://github.com/PascalMinder/geoblock
# - name: geoBlockName
# allowLocalRequests: true
# logLocalRequests: false
# logAllowedRequests: false
# logApiRequests: false
# api: https://get.geojs.io/v1/ip/country/{ip}
# apiTimeoutMs: 500
# cacheSize: 25
# forceMonthlyUpdate: true
# allowUnknownCountries: false
# unknownCountryApiResponse: nil
# blackListMode: false
# countries:
# - RU
portalhook:
enabled: true
persistence:
plugins:
enabled: true
mountPath: "/plugins-storage"
type: emptyDir
portal:
enabled: true

2535
enterprise/traefik/16.0.14/questions.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

178
enterprise/traefik/16.0.14/templates/_args.tpl Normal file
View File

@ -0,0 +1,178 @@
{{/* Define the args */}}
{{- define "traefik.args" -}}
args:
{{/* merge all ports */}}
{{- $ports := dict }}
{{- range $.Values.service }}
{{- range $name, $value := .ports }}
{{- $_ := set $ports $name $value }}
{{- end }}
{{- end }}
{{/* start of actual arguments */}}
{{- with .Values.globalArguments }}
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- range $name, $config := $ports }}
{{- if $config }}
{{- if or ( eq $config.protocol "HTTP" ) ( eq $config.protocol "HTTPS" ) ( eq $config.protocol "TCP" ) }}
{{- $_ := set $config "protocol" "TCP" }}
{{- end }}
- "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
{{- end }}
{{- end }}
- "--api.dashboard=true"
- "--ping=true"
{{- if .Values.metrics }}
{{- if .Values.metrics.datadog }}
- "--metrics.datadog=true"
- "--metrics.datadog.address={{ .Values.metrics.datadog.address }}"
{{- end }}
{{- if .Values.metrics.influxdb }}
- "--metrics.influxdb=true"
- "--metrics.influxdb.address={{ .Values.metrics.influxdb.address }}"
- "--metrics.influxdb.protocol={{ .Values.metrics.influxdb.protocol }}"
{{- end }}
{{- if .Values.metrics.prometheus }}
- "--metrics.prometheus=true"
- "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}"
{{- end }}
{{- if .Values.metrics.statsd }}
- "--metrics.statsd=true"
- "--metrics.statsd.address={{ .Values.metrics.statsd.address }}"
{{- end }}
{{- end }}
{{- if .Values.providers.kubernetesCRD.enabled }}
- "--providers.kubernetescrd"
{{- end }}
{{- if .Values.providers.kubernetesIngress.enabled }}
- "--providers.kubernetesingress"
{{- if .Values.providers.kubernetesIngress.publishedService.enabled }}
- "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
{{- end }}
{{- if .Values.providers.kubernetesIngress.labelSelector }}
- "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
{{- end }}
{{- end }}
{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
{{- if .Values.providers.kubernetesCRD.enabled }}
- "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
{{- end }}
{{- if .Values.providers.kubernetesIngress.enabled }}
- "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
{{- end }}
{{- end }}
{{- if .Values.ingressClass.enabled }}
- "--providers.kubernetesingress.ingressclass={{ .Release.Name }}"
{{- end }}
{{- range $entrypoint, $config := $ports }}
{{/* add args for proxyProtocol support */}}
{{- if $config.proxyProtocol }}
{{- if $config.proxyProtocol.enabled }}
{{- if $config.proxyProtocol.insecureMode }}
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure"
{{- end }}
{{- if not ( empty $config.proxyProtocol.trustedIPs ) }}
- "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
{{- end }}
{{- end }}
{{- end }}
{{/* add args for forwardedHeaders support */}}
{{- if $config.forwardedHeaders.enabled }}
{{- if not ( empty $config.forwardedHeaders.trustedIPs ) }}
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
{{- end }}
{{- if $config.forwardedHeaders.insecureMode }}
- "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
{{- end }}
{{- end }}
{{/* end forwardedHeaders configuration */}}
{{- if $config.redirectTo }}
{{- $toPort := index $ports $config.redirectTo }}
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
{{- else if $config.redirectPort }}
{{ if gt $config.redirectPort 0.0 }}
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}"
- "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
{{- end }}
{{- end }}
{{- if or ( $config.tls ) ( eq $config.protocol "HTTPS" ) }}
{{- if or ( $config.tls.enabled ) ( eq $config.protocol "HTTPS" ) }}
- "--entrypoints.{{ $entrypoint }}.http.tls=true"
{{- if $config.tls.options }}
- "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
{{- end }}
{{- if $config.tls.certResolver }}
- "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
{{- end }}
{{- if $config.tls.domains }}
{{- range $index, $domain := $config.tls.domains }}
{{- if $domain.main }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
{{- end }}
{{- if $domain.sans }}
- "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.logs }}
- "--log.format={{ .general.format }}"
{{- if ne .general.level "ERROR" }}
- "--log.level={{ .general.level | upper }}"
{{- end }}
{{- if .access.enabled }}
- "--accesslog=true"
- "--accesslog.format={{ .access.format }}"
{{- if .access.bufferingsize }}
- "--accesslog.bufferingsize={{ .access.bufferingsize }}"
{{- end }}
{{- if .access.filters }}
{{- if .access.filters.statuscodes }}
- "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
{{- end }}
{{- if .access.filters.retryattempts }}
- "--accesslog.filters.retryattempts"
{{- end }}
{{- if .access.filters.minduration }}
- "--accesslog.filters.minduration={{ .access.filters.minduration }}"
{{- end }}
{{- end }}
- "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
{{- range $fieldname, $fieldaction := .access.fields.general.names }}
- "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
{{- end }}
- "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
{{- range $fieldname, $fieldaction := .access.fields.headers.names }}
- "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
{{- end }}
{{- end }}
{{- end }}
{{/* theme.park */}}
{{- if .Values.middlewares.themePark }}
- "--experimental.plugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark"
- "--experimental.plugins.traefik-themepark.version={{ .Values.middlewares.themeParkVersion }}"
{{- end }}
{{/* End of theme.park */}}
{{/* GeoBlock */}}
{{- if .Values.middlewares.geoBlock }}
- "--experimental.plugins.GeoBlock.modulename=github.com/PascalMinder/geoblock"
- "--experimental.plugins.GeoBlock.version={{ .Values.middlewares.geoBlockVersion }}"
{{- end }}
{{/* End of GeoBlock */}}
{{/* RealIP */}}
{{- if .Values.middlewares.realIP }}
- "--experimental.plugins.traefik-real-ip.modulename=github.com/soulbalz/traefik-real-ip"
- "--experimental.plugins.traefik-real-ip.version={{ .Values.middlewares.realIPVersion }}"
{{- end }}
{{/* End of RealIP */}}
{{- with .Values.additionalArguments }}
{{- range . }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

22
enterprise/traefik/16.0.14/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,22 @@
{{/*
Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
By convention this will simply use the <namespace>/<service-name> to match the name of the
service generated.
Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
*/}}
{{- define "providers.kubernetesIngress.publishedServicePath" -}}
{{- $fullName := include "tc.common.names.fullname" . -}}
{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
{{- print $servicePath | trimSuffix "-" -}}
{{- end -}}
{{/*
Construct a comma-separated list of whitelisted namespaces
*/}}
{{- define "providers.kubernetesIngress.namespaces" -}}
{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
{{- end -}}
{{- define "providers.kubernetesCRD.namespaces" -}}
{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
{{- end -}}

24
enterprise/traefik/16.0.14/templates/_ingressclass.tpl Normal file
View File

@ -0,0 +1,24 @@
{{/* Define the ingressClass */}}
{{- define "traefik.ingressClass" -}}
---
{{ if .Values.ingressClass.enabled }}
{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
apiVersion: networking.k8s.io/v1
{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
apiVersion: networking.k8s.io/v1beta1
{{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }}
apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }}
{{- else }}
{{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }}
{{- end }}
kind: IngressClass
metadata:
annotations:
ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
name: {{ .Release.Name }}
spec:
controller: traefik.io/ingress-controller
{{- end }}
{{- end }}

25
enterprise/traefik/16.0.14/templates/_ingressroute.tpl Normal file
View File

@ -0,0 +1,25 @@
{{/* Define the ingressRoute */}}
{{- define "traefik.ingressRoute" -}}
{{ if .Values.ingressRoute.dashboard.enabled }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: {{ include "tc.common.names.fullname" . }}-dashboard
annotations:
{{- with .Values.ingressRoute.dashboard.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "tc.common.labels" . | nindent 4 }}
spec:
entryPoints:
- main
routes:
- match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
{{ end }}
{{- end -}}

26
enterprise/traefik/16.0.14/templates/_portalhook.tpl Normal file
View File

@ -0,0 +1,26 @@
{{/* Define the portalHook */}}
{{- define "traefik.portalhook" -}}
{{- if .Values.portalhook.enabled }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: portalhook
namespace: {{ $namespace }}
data:
{{- $ports := dict }}
{{- range $.Values.service }}
{{- range $name, $value := .ports }}
{{- $_ := set $ports $name $value }}
{{- end }}
{{- end }}
{{- range $name, $value := $ports }}
{{ $name }}: {{ $value.port | quote }}
{{- end }}
{{- end }}
{{- end -}}

12
enterprise/traefik/16.0.14/templates/_tlsoptions.tpl Normal file
View File

@ -0,0 +1,12 @@
{{/* Define the tlsOptions */}}
{{- define "traefik.tlsOptions" -}}
{{- range $name, $config := .Values.tlsOptions }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: {{ $name }}
spec:
{{- toYaml $config | nindent 2 }}
{{- end }}
{{- end -}}

24
enterprise/traefik/16.0.14/templates/common.yaml Normal file
View File

@ -0,0 +1,24 @@
{{/* Make sure all variables are set properly */}}
{{- include "tc.common.loader.init" . }}
{{- if .Values.metrics }}
{{- if .Values.metrics.prometheus }}
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
{{- $_ := set .Values.podAnnotations "prometheus.io/port" "9180" -}}
{{- end }}
{{- end }}
{{- $newArgs := (include "traefik.args" . | fromYaml) }}
{{- $_ := set .Values "newArgs" $newArgs -}}
{{- $mergedargs := concat .Values.args .Values.newArgs.args }}
{{- $_ := set .Values "args" $mergedargs -}}
{{- include "traefik.portalhook" . }}
{{- include "traefik.tlsOptions" . }}
{{- include "traefik.ingressRoute" . }}
{{- include "traefik.ingressClass" . }}
{{/* Render the templates */}}
{{ include "tc.common.loader.apply" . }}

17
enterprise/traefik/16.0.14/templates/middlewares/addPrefix.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{- range $index, $middlewareData := .Values.middlewares.addPrefix }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
addPrefix:
prefix: {{ $middlewareData.prefix }}
{{- end }}

62
enterprise/traefik/16.0.14/templates/middlewares/basic-middleware.yaml Normal file
View File

@ -0,0 +1,62 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: compress
namespace: {{ $namespace }}
spec:
compress: {}
---
# Here, an average of 300 requests per second is allowed.
# In addition, a burst of 200 requests is allowed.
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: basic-ratelimit
namespace: {{ $namespace }}
spec:
rateLimit:
average: 600
burst: 400
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: basic-secure-headers
namespace: {{ $namespace }}
spec:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- HEAD
- PUT
accessControlMaxAge: 100
stsSeconds: 63072000
# stsIncludeSubdomains: false
# stsPreload: false
forceSTSHeader: true
contentTypeNosniff: true
browserXssFilter: true
referrerPolicy: same-origin
customRequestHeaders:
X-Forwarded-Proto: "https"
customResponseHeaders:
server: ''
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: chain-basic
namespace: {{ $namespace }}
spec:
chain:
middlewares:
- name: basic-ratelimit
- name: basic-secure-headers
- name: compress

34
enterprise/traefik/16.0.14/templates/middlewares/basicauth.yaml Normal file
View File

@ -0,0 +1,34 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.basicAuth }}
---
{{- $users := list }}
{{ range $index, $userdata := $middlewareData.users }}
{{ $users = append $users ( htpasswd $userdata.username $userdata.password ) }}
{{ end }}
apiVersion: v1
kind: Secret
metadata:
name: {{printf "%v-%v" $middlewareData.name "secret" }}
namespace: {{ $namespace }}
type: Opaque
stringData:
users: |
{{- range $index, $user := $users }}
{{ printf "%s" $user }}
{{- end }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
basicAuth:
secret: {{printf "%v-%v" $middlewareData.name "secret" }}
{{ end }}

21
enterprise/traefik/16.0.14/templates/middlewares/chain.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.chain }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
chain:
middlewares:
{{ range $index, $middleware := .middlewares }}
- name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }}
{{ end }}
{{ end }}

34
enterprise/traefik/16.0.14/templates/middlewares/forwardauth.yaml Normal file
View File

@ -0,0 +1,34 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.forwardAuth }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
forwardAuth:
address: {{ $middlewareData.address }}
{{- with $middlewareData.authResponseHeaders }}
authResponseHeaders:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with $middlewareData.authRequestHeaders }}
authRequestHeaders:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if $middlewareData.authResponseHeadersRegex }}
authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }}
{{- end }}
{{- if $middlewareData.trustForwardHeader }}
trustForwardHeader: true
{{- end }}
{{- with $middlewareData.tls }}
tls:
insecureSkipVerify: {{ .insecureSkipVerify | default false }}
{{- end }}
{{ end }}

35
enterprise/traefik/16.0.14/templates/middlewares/geoblock.yaml Normal file
View File

@ -0,0 +1,35 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{- range $index, $middlewareData := .Values.middlewares.geoBlock }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
plugin:
GeoBlock:
allowLocalRequests: {{ $middlewareData.allowLocalRequests }}
logLocalRequests: {{ $middlewareData.logLocalRequests }}
logAllowedRequests: {{ $middlewareData.logAllowedRequests }}
logApiRequests: {{ $middlewareData.logApiRequests }}
api: {{ $middlewareData.api }}
apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }}
cacheSize: {{ $middlewareData.cacheSize }}
forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }}
allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }}
unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }}
blackListMode: {{ $middlewareData.blackListMode }}
{{- if not $middlewareData.countries }}
{{- fail "You have to define at least one country..." }}
{{- end }}
countries:
{{- range $middlewareData.countries }}
- {{ . }}
{{- end }}
{{- end }}

33
enterprise/traefik/16.0.14/templates/middlewares/ipwhitelist.yaml Normal file
View File

@ -0,0 +1,33 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.ipWhiteList }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
ipWhiteList:
sourceRange:
{{- range $middlewareData.sourceRange }}
- {{ . }}
{{- end }}
{{- if $middlewareData.ipStrategy }}
ipStrategy:
{{- if $middlewareData.ipStrategy.depth }}
depth: {{ $middlewareData.ipStrategy.depth }}
{{- end }}
{{- if $middlewareData.ipStrategy.excludedIPs }}
excludedIPs:
{{- range $middlewareData.ipStrategy.excludedIPs }}
- {{ . }}
{{- end }}
{{- end }}
{{- end }}
{{ end }}

19
enterprise/traefik/16.0.14/templates/middlewares/ratelimit.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.rateLimit }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
rateLimit:
average: {{ $middlewareData.average }}
burst: {{ $middlewareData.burst }}
{{ end }}

21
enterprise/traefik/16.0.14/templates/middlewares/real-ip.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{- range $index, $middlewareData := .Values.middlewares.realIP }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
plugin:
traefik-real-ip:
excludednets:
{{- range $middlewareData.excludedNetworks }}
- {{ . | quote }}
{{- end }}
{{- end }}

19
enterprise/traefik/16.0.14/templates/middlewares/redirectScheme.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.redirectScheme }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
redirectScheme:
scheme: {{ $middlewareData.scheme }}
permanent: {{ $middlewareData.permanent }}
{{ end }}

20
enterprise/traefik/16.0.14/templates/middlewares/redirectregex.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.redirectRegex }}
---
# Declaring the user list
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
redirectRegex:
regex: {{ $middlewareData.regex | quote }}
replacement: {{ $middlewareData.replacement | quote }}
permanent: {{ $middlewareData.permanent }}
{{ end }}

20
enterprise/traefik/16.0.14/templates/middlewares/stripPrefixRegex.yaml Normal file
View File

@ -0,0 +1,20 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{ range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
stripPrefixRegex:
regex:
{{- range $middlewareData.regex }}
- {{ . | quote }}
{{- end }}
{{ end }}

29
enterprise/traefik/16.0.14/templates/middlewares/tc-chains.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-opencors-chain
namespace: {{ $namespace }}
spec:
chain:
middlewares:
- name: basic-ratelimit
- name: tc-opencors-headers
- name: compress
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-closedcors-chain
namespace: {{ $namespace }}
spec:
chain:
middlewares:
- name: basic-ratelimit
- name: tc-closedcors-headers
- name: compress

62
enterprise/traefik/16.0.14/templates/middlewares/tc-headers.yaml Normal file
View File

@ -0,0 +1,62 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-opencors-headers
namespace: {{ $namespace }}
spec:
headers:
accessControlAllowHeaders:
- '*'
accessControlAllowMethods:
- GET
- OPTIONS
- HEAD
- PUT
- POST
accessControlAllowOriginList:
- '*'
accessControlMaxAge: 100
browserXssFilter: true
contentTypeNosniff: true
customRequestHeaders:
X-Forwarded-Proto: https
customResponseHeaders:
server: ""
forceSTSHeader: true
referrerPolicy: same-origin
sslForceHost: true
sslRedirect: true
stsSeconds: 63072000
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-closedcors-headers
namespace: {{ $namespace }}
spec:
headers:
accessControlAllowMethods:
- GET
- OPTIONS
- HEAD
- PUT
accessControlMaxAge: 100
sslRedirect: true
stsSeconds: 63072000
# stsIncludeSubdomains: false
# stsPreload: false
forceSTSHeader: true
contentTypeNosniff: true
browserXssFilter: true
sslForceHost: true
referrerPolicy: same-origin
customRequestHeaders:
X-Forwarded-Proto: "https"
customResponseHeaders:
server: ''

25
enterprise/traefik/16.0.14/templates/middlewares/tc-nextcloud.yaml Normal file
View File

@ -0,0 +1,25 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-nextcloud-redirectregex-dav
namespace: {{ $namespace }}
spec:
redirectRegex:
regex: "https://(.*)/.well-known/(card|cal)dav"
replacement: "https://${1}/remote.php/dav/"
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: tc-nextcloud-chain
namespace: {{ $namespace }}
spec:
chain:
middlewares:
- name: tc-nextcloud-redirectregex-dav

26
enterprise/traefik/16.0.14/templates/middlewares/theme-park.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- $values := .Values }}
{{- $namespace := ( printf "ix-%s" .Release.Name ) }}
{{- if or ( not .Values.ingressClass.enabled ) ( and ( .Values.ingressClass.enabled ) ( .Values.ingressClass.isDefaultClass ) ) }}
{{- $namespace = "default" }}
{{- end }}
{{- range $index, $middlewareData := .Values.middlewares.themePark }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: {{ $middlewareData.name }}
namespace: {{ $namespace }}
spec:
plugin:
traefik-themepark:
app: {{ $middlewareData.appName }}
theme: {{ $middlewareData.themeName }}
baseUrl: {{ $middlewareData.baseUrl }}
{{- if $middlewareData.addons }}
addons:
{{- range $middlewareData.addons }}
- {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}

0
enterprise/traefik/16.0.14/values.yaml Normal file
View File