Commit new Chart releases for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>

incubator/traefik-forward-auth/0.1.0/CHANGELOG.md

@@ -0,0 +1,13 @@
+**Important:**
+*for the complete changelog, please refer to the website*
+
+
+
+
+## [traefik-forward-auth-0.1.0]traefik-forward-auth-0.1.0 (2023-02-19)
+
+### Feat
+
+- add traefik-forward-auth ([#6965](https://github.com/truecharts/charts/issues/6965))
+  
+  

incubator/traefik-forward-auth/0.1.0/Chart.yaml

@@ -0,0 +1,35 @@
+apiVersion: v2
+kubeVersion: ">=1.16.0-0"
+name: traefik-forward-auth
+version: 0.1.0
+appVersion: "2.2.0"
+description: A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer. An example for a typical setup is included in the source (docs/how-to.md).
+type: application
+deprecated: false
+home: https://github.com/truecharts/charts/tree/master/charts/incubator/traefik-forward-auth
+icon: https://raw.githubusercontent.com/truecharts/charts/master/incubator/traefik-forward-auth/icon.png?raw=true
+keywords:
+  - traefik-forward-auth
+  - traefik
+  - forward-auth
+  - auth
+  - ingress
+  - middleware
+sources:
+  - https://github.com/truecharts/charts/tree/master/charts/incubator/traefik-forward-auth
+  - https://github.com/thomseddon/traefik-forward-auth
+dependencies:
+  - name: common
+    repository: https://library-charts.truecharts.org
+    version:
+      11.1.2
+      # condition:
+maintainers:
+  - email: info@truecharts.org
+    name: TrueCharts
+    url: https://truecharts.org
+annotations:
+  truecharts.org/catagories: |
+    - network
+  truecharts.org/SCALE-support: "true"
+  truecharts.org/grade: U

incubator/traefik-forward-auth/0.1.0/README.md

@@ -0,0 +1,26 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE%20Apps/Important-MUST-READ).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*

incubator/traefik-forward-auth/0.1.0/app-changelog.md

@@ -0,0 +1,9 @@
+
+
+## [traefik-forward-auth-0.1.0]traefik-forward-auth-0.1.0 (2023-02-19)
+
+### Feat
+
+- add traefik-forward-auth ([#6965](https://github.com/truecharts/charts/issues/6965))
+  
+  

incubator/traefik-forward-auth/0.1.0/app-readme.md

@@ -0,0 +1,8 @@
+A minimal forward authentication service that provides OAuth/SSO login and authentication for the traefik reverse proxy/load balancer. An example for a typical setup is included in the source (docs/how-to.md).
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/incubator/traefik-forward-auth](https://truecharts.org/charts/incubator/traefik-forward-auth)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!

incubator/traefik-forward-auth/0.1.0/ix_values.yaml

@@ -0,0 +1,62 @@
+image:
+  repository: tccr.io/truecharts/traefik-forward-auth
+  pullPolicy: IfNotPresent
+  tag: latest@sha256:edd7eb812cb38e59d32b5a00398b57a78506db2390cbe295f5df590a38a5d44e
+
+envFrom:
+  - secretRef:
+      name: '{{ include "tc.common.names.fullname" . }}-google-secret'
+  - secretRef:
+      name: '{{ include "tc.common.names.fullname" . }}-oidc-secret'
+  - secretRef:
+      name: '{{ include "tc.common.names.fullname" . }}-oauth2-secret'
+
+service:
+  main:
+    ports:
+      main:
+        targetPort: 4181
+        port: 4181
+
+tfaAppOptions:
+  secret: something-random
+  port: 4181
+  logLevel: warn
+  logFormat: text
+
+tfaAuthOptions:
+  authHost:
+  urlPath: /_oauth
+  defaultAction: auth
+  defaultProvider: google
+  domain: []
+  whitelist: []
+  rules: []
+
+tfaCookieOptions:
+  cookieDomain: []
+  cookieName: _forward_auth
+  csrfCookieName: _forward_auth_csrf
+  lifetime: 43200
+  insecureCookie: false
+
+tfaGoogleOptions:
+  clientId: "changeme"
+  clientSecret: "changeme"
+  prompt: "changeme"
+
+tfaOidcOptions:
+  issuerUrl: "changeme"
+  clientId: "changeme"
+  clientSecret: "changeme"
+  resource: "changeme"
+
+tfaOauthOptions:
+  authUrl: "changeme"
+  tokenUrl: "changeme"
+  userUrl: "changeme"
+  clientId: "changeme"
+  clientSecret: "changeme"
+  scopes: "changeme"
+  tokenStyle: header
+  resource: "changeme"

incubator/traefik-forward-auth/0.1.0/templates/_args.tpl

@@ -0,0 +1,34 @@
+{{- define "tfa.args" -}}
+args:
+  - --log-level={{ .Values.tfaAppOptions.logLevel }}
+  - --log-format={{ .Values.tfaAppOptions.logFormat }}
+  {{- if .Values.tfaAuthOptions.authHost }}
+  - --auth-host={{ .Values.tfaAuthOptions.authHost }}
+  {{- end }}
+  {{- range .Values.tfaCookieOptions.cookieDomain }}
+  - --cookie-domain={{ . }}
+  {{- end }}
+  {{- if .Values.tfaCookieOptions.insecureCookie }}
+  - --insecure-cookie
+  {{- end }}
+  - --cookie-name={{ .Values.tfaCookieOptions.cookieName }}
+  - --csrf-cookie-name={{ .Values.tfaCookieOptions.csrfCookieName }}
+  - --default-action={{ .Values.tfaAuthOptions.defaultAction }}
+  - --default-provider={{ .Values.tfaAuthOptions.defaultProvider }}
+  {{- range .Values.tfaAuthOptions.domain }}
+  - --domain={{ . }}
+  {{- end }}
+  - --lifetime={{ .Values.tfaCookieOptions.lifetime }}
+  {{- if .Values.tfaAuthOptions.logoutRedirect }}
+  - --logout-redirect={{ .Values.tfaAuthOptions.logoutRedirect }}
+  {{- end }}
+  - --url-path={{ .Values.tfaAuthOptions.urlPath }}
+  - --secret={{ .Values.tfaAppOptions.secret }}
+  {{- range .Values.tfaAuthOptions.whitelist }}
+  - --whitelist={{ . }}
+  {{- end }}
+  - --port={{ .Values.tfaAppOptions.port }}
+  {{- range .Values.tfaAuthOptions.rules }}
+  - --{{ . }}
+  {{- end }}
+{{- end -}}

incubator/traefik-forward-auth/0.1.0/templates/_secret.tpl

@@ -0,0 +1,57 @@
+{{/* Define the secret */}}
+{{- define "tfa.secret" -}}
+
+{{- $googleSecretName := printf "%s-google-secret" (include "tc.common.names.fullname" .) }}
+{{- $oidcSecretName := printf "%s-oidc-secret" (include "tc.common.names.fullname" .) }}
+{{- $oauthSecretName := printf "%s-oauth2-secret" (include "tc.common.names.fullname" .) }}
+
+---
+
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ $googleSecretName }}
+  labels:
+    {{- include "tc.common.labels" . | nindent 4 }}
+data:
+  PROVIDERS_GOOGLE_CLIENT_ID: {{ .Values.tfaGoogleOptions.clientId | trimAll "\"" | b64enc }}
+  PROVIDERS_GOOGLE_CLIENT_SECRET: {{ .Values.tfaGoogleOptions.clientSecret | trimAll "\"" | b64enc }}
+  PROVIDERS_GOOGLE_PROMPT: {{ .Values.tfaGoogleOptions.prompt | trimAll "\"" | b64enc }}
+
+---
+
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ $oidcSecretName }}
+  labels:
+    {{- include "tc.common.labels" . | nindent 4 }}
+data:
+  PROVIDERS_OIDC_ISSUER_URL: {{ .Values.tfaOidcOptions.issuerUrl | trimAll "\"" | b64enc }}
+  PROVIDERS_OIDC_CLIENT_ID: {{ .Values.tfaOidcOptions.clientId | trimAll "\"" | b64enc }}
+  PROVIDERS_OIDC_CLIENT_SECRET: {{ .Values.tfaOidcOptions.clientSecret | trimAll "\"" | b64enc }}
+  PROVIDERS_OIDC_RESOURCE: {{ .Values.tfaOidcOptions.resource | trimAll "\"" | b64enc }}
+
+---
+
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ $oauthSecretName }}
+  labels:
+    {{- include "tc.common.labels" . | nindent 4 }}
+data:
+  PROVIDERS_GENERIC_OAUTH_AUTH_URL: {{ .Values.tfaOauthOptions.authUrl | trimAll "\"" | b64enc }}
+  PROVIDERS_GENERIC_OAUTH_TOKEN_URL: {{ .Values.tfaOauthOptions.tokenUrl | trimAll "\"" | b64enc }}
+  PROVIDERS_GENERIC_OAUTH_USER_URL: {{ .Values.tfaOauthOptions.userUrl | trimAll "\"" | b64enc }}
+  PROVIDERS_GENERIC_OAUTH_CLIENT_ID: {{ .Values.tfaOauthOptions.clientId | trimAll "\"" | b64enc }}
+  PROVIDERS_GENERIC_OAUTH_CLIENT_SECRET: {{ .Values.tfaOauthOptions.clientSecret | trimAll "\"" | b64enc }}
+  PROVIDERS_GENERIC_OAUTH_TOKEN_STYLE: {{ .Values.tfaOauthOptions.tokenStyle | trimAll "\"" | b64enc }}
+  PROVIDERS_GENERIC_OAUTH_RESOURCE: {{ .Values.tfaOauthOptions.resource | trimAll "\"" | b64enc }}
+
+---
+
+{{- end }}

incubator/traefik-forward-auth/0.1.0/templates/common.yaml

@@ -0,0 +1,13 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.common.loader.init" . }}
+
+{{/* Render secret */}}
+{{- include "tfa.secret" . }}
+
+{{- $tplArgs := (include "tfa.args" . | fromYaml) }}
+{{- $_ := set .Values "tplArgs" $tplArgs -}}
+{{- $args := concat .Values.args .Values.tplArgs.args }}
+{{- $_ := set .Values "args" $args -}}
+
+{{/* Render the templates */}}
+{{ include "tc.common.loader.apply" . }}

incubator/traefik-forward-auth/item.yaml

@@ -0,0 +1,4 @@
+icon_url: https://raw.githubusercontent.com/truecharts/charts/master/incubator/traefik-forward-auth/icon.png?raw=true
+categories:
+- network
+