diff --git a/enterprise/traefik/21.1.9/CHANGELOG.md b/enterprise/traefik/21.1.9/CHANGELOG.md
new file mode 100644
index 00000000000..4f38e19a586
--- /dev/null
+++ b/enterprise/traefik/21.1.9/CHANGELOG.md
@@ -0,0 +1,99 @@
+**Important:**
+*for the complete changelog, please refer to the website*
+
+
+
+
+## [traefik-21.1.9](https://github.com/truecharts/charts/compare/traefik-21.1.8...traefik-21.1.9) (2023-11-17)
+
+
+
+
+## [traefik-21.1.8](https://github.com/truecharts/charts/compare/traefik-21.1.7...traefik-21.1.8) (2023-11-17)
+
+
+
+
+## [traefik-21.1.7](https://github.com/truecharts/charts/compare/traefik-21.1.6...traefik-21.1.7) (2023-11-08)
+
+
+
+
+## [traefik-21.1.6](https://github.com/truecharts/charts/compare/traefik-21.1.5...traefik-21.1.6) (2023-11-08)
+
+
+
+
+## [traefik-21.1.5](https://github.com/truecharts/charts/compare/traefik-21.1.4...traefik-21.1.5) (2023-11-08)
+
+### Chore
+
+- update helm general non-major ([#14454](https://github.com/truecharts/charts/issues/14454))
+
+
+
+
+## [traefik-21.1.4](https://github.com/truecharts/charts/compare/traefik-21.1.3...traefik-21.1.4) (2023-11-05)
+
+### Chore
+
+- update helm general non-major ([#14365](https://github.com/truecharts/charts/issues/14365))
+
+
+
+
+## [traefik-21.1.3](https://github.com/truecharts/charts/compare/traefik-21.1.2...traefik-21.1.3) (2023-11-03)
+
+### Chore
+
+- update helm general non-major ([#14287](https://github.com/truecharts/charts/issues/14287))
+
+
+
+
+## [traefik-21.1.2](https://github.com/truecharts/charts/compare/traefik-21.1.1...traefik-21.1.2) (2023-10-29)
+
+### Chore
+
+- Fix typo in categories and make them singular ([#13693](https://github.com/truecharts/charts/issues/13693))
+ - update helm general non-major ([#14094](https://github.com/truecharts/charts/issues/14094))
+
+
+
+
+## [traefik-21.1.1](https://github.com/truecharts/charts/compare/traefik-21.1.0...traefik-21.1.1) (2023-10-27)
+
+### Fix
+
+- fix buffering middlewrae ([#14027](https://github.com/truecharts/charts/issues/14027))
+
+
+
+
+## [traefik-21.1.0](https://github.com/truecharts/charts/compare/traefik-21.0.9...traefik-21.1.0) (2023-10-27)
+
+### Feat
+
+- Add traefik-plugin-rewrite-headers ([#13961](https://github.com/truecharts/charts/issues/13961))
+
+
+
+
+## [traefik-21.0.9](https://github.com/truecharts/charts/compare/traefik-21.0.8...traefik-21.0.9) (2023-10-25)
+
+### Chore
+
+- update container image tccr.io/truecharts/traefik to v2.10.5 ([#13969](https://github.com/truecharts/charts/issues/13969))
+
+
+
+
+## [traefik-21.0.8](https://github.com/truecharts/charts/compare/traefik-21.0.7...traefik-21.0.8) (2023-10-12)
+
+### Chore
+
+- update container image tccr.io/truecharts/traefik to v2.10.5 ([#13534](https://github.com/truecharts/charts/issues/13534))
+ - run precocmit ([#13387](https://github.com/truecharts/charts/issues/13387))
+
+
+
diff --git a/enterprise/traefik/21.1.9/Chart.yaml b/enterprise/traefik/21.1.9/Chart.yaml
new file mode 100644
index 00000000000..1317f0f0c33
--- /dev/null
+++ b/enterprise/traefik/21.1.9/Chart.yaml
@@ -0,0 +1,30 @@
+apiVersion: v2
+appVersion: "2.10.5"
+dependencies:
+ - name: common
+ repository: https://library-charts.truecharts.org
+ version: 14.3.5
+deprecated: false
+description: Traefik is a flexible reverse proxy and Ingress Provider.
+home: https://truecharts.org/charts/enterprise/traefik
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/traefik.png
+keywords:
+ - traefik
+ - ingress
+kubeVersion: ">=1.16.0-0"
+maintainers:
+ - email: info@truecharts.org
+ name: TrueCharts
+ url: https://truecharts.org
+name: traefik
+sources:
+ - https://github.com/truecharts/charts/tree/master/charts/enterprise/traefik
+ - https://github.com/traefik/traefik
+ - https://github.com/traefik/traefik-helm-chart
+ - https://traefik.io/
+type: application
+version: 21.1.9
+annotations:
+ truecharts.org/category: network
+ truecharts.org/SCALE-support: "true"
+ truecharts.org/grade: U
diff --git a/enterprise/traefik/21.1.9/LICENSE b/enterprise/traefik/21.1.9/LICENSE
new file mode 100644
index 00000000000..4139714f204
--- /dev/null
+++ b/enterprise/traefik/21.1.9/LICENSE
@@ -0,0 +1,106 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor: The TrueCharts Project, it's owner and it's contributors
+Licensed Work: The TrueCharts "Traefik" Helm Chart
+Additional Use Grant: You may use the licensed work in production, as long
+ as it is directly sourced from a TrueCharts provided
+ official repository, catalog or source. You may also make private
+ modification to the directly sourced licenced work,
+ when used in production.
+
+ The following cases are, due to their nature, also
+ defined as 'production use' and explicitly prohibited:
+ - Bundling, including or displaying the licensed work
+ with(in) another work intended for production use,
+ with the apparent intend of facilitating and/or
+ promoting production use by third parties in
+ violation of this license.
+
+Change Date: 2050-01-01
+
+Change License: 3-clause BSD license
+
+For information about alternative licensing arrangements for the Software,
+please contact: legal@truecharts.org
+
+Notice
+
+The Business Source License (this document, or the “License”) is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license
+your works, and to refer to it using the trademark “Business Source License”,
+as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the “Business
+Source License” name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+ or a license that is compatible with GPL Version 2.0 or a later version,
+ where “compatible” means that software provided under the Change License can
+ be included in a program with software provided under GPL Version 2.0 or a
+ later version. Licensor may specify additional Change Licenses without
+ limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+ impose any additional restriction on the right granted in this License, as
+ the Additional Use Grant; or (b) insert the text “None”.
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.
diff --git a/enterprise/traefik/21.1.9/README.md b/enterprise/traefik/21.1.9/README.md
new file mode 100644
index 00000000000..f8a41e479fe
--- /dev/null
+++ b/enterprise/traefik/21.1.9/README.md
@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/enterprise/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*
diff --git a/enterprise/traefik/21.1.9/app-changelog.md b/enterprise/traefik/21.1.9/app-changelog.md
new file mode 100644
index 00000000000..db63f7c6ff5
--- /dev/null
+++ b/enterprise/traefik/21.1.9/app-changelog.md
@@ -0,0 +1,4 @@
+
+
+## [traefik-21.1.9](https://github.com/truecharts/charts/compare/traefik-21.1.8...traefik-21.1.9) (2023-11-17)
+
diff --git a/enterprise/traefik/21.1.9/app-readme.md b/enterprise/traefik/21.1.9/app-readme.md
new file mode 100644
index 00000000000..02206fafcf4
--- /dev/null
+++ b/enterprise/traefik/21.1.9/app-readme.md
@@ -0,0 +1,8 @@
+Traefik is a flexible reverse proxy and Ingress Provider.
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/enterprise/traefik](https://truecharts.org/charts/enterprise/traefik)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
diff --git a/enterprise/traefik/21.1.9/charts/common-14.3.5.tgz b/enterprise/traefik/21.1.9/charts/common-14.3.5.tgz
new file mode 100644
index 00000000000..58fbc6f4962
Binary files /dev/null and b/enterprise/traefik/21.1.9/charts/common-14.3.5.tgz differ
diff --git a/enterprise/traefik/21.1.9/crds/traefik.containo.us_ingressroutes.yaml b/enterprise/traefik/21.1.9/crds/traefik.containo.us_ingressroutes.yaml
new file mode 100644
index 00000000000..a13de5922e4
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.containo.us_ingressroutes.yaml
@@ -0,0 +1,267 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: ingressroutes.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: IngressRoute
+ listKind: IngressRouteList
+ plural: ingressroutes
+ singular: ingressroute
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IngressRouteSpec defines the desired state of IngressRoute.
+ properties:
+ entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
+ Default: all.'
+ items:
+ type: string
+ type: array
+ routes:
+ description: Routes defines the list of routes.
+ items:
+ description: Route holds the HTTP route configuration.
+ properties:
+ kind:
+ description: Kind defines the kind of the route. Rule is the
+ only supported kind.
+ enum:
+ - Rule
+ type: string
+ match:
+ description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule'
+ type: string
+ middlewares:
+ description: 'Middlewares defines the list of references to
+ Middleware resources. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-middleware'
+ items:
+ description: MiddlewareRef is a reference to a Middleware
+ resource.
+ properties:
+ name:
+ description: Name defines the name of the referenced Middleware
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Middleware resource.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ priority:
+ description: 'Priority defines the router''s priority. More
+ info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority'
+ type: integer
+ services:
+ description: Services defines the list of Service. It can contain
+ any combination of TraefikService and/or reference to a Kubernetes
+ Service.
+ items:
+ description: Service defines an upstream HTTP service to proxy
+ traffic to.
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ passHostHeader:
+ description: PassHostHeader defines whether the client
+ Host header is forwarded to the upstream Kubernetes
+ Service. By default, passHostHeader is true.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to
+ the client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval,
+ in milliseconds, in between flushes to the client
+ while copying the response body. A negative value
+ means to flush immediately after each write to the
+ client. This configuration is ignored when ReverseProxy
+ recognizes a response as a streaming response; for
+ such responses, writes are flushed to the client
+ immediately. Default: 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the
+ request to the upstream Kubernetes Service. It defaults
+ to https when Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as
+ JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie
+ can only be transmitted over an encrypted connection
+ (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only
+ be specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round
+ Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - kind
+ - match
+ type: object
+ type: array
+ tls:
+ description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls'
+ properties:
+ certResolver:
+ description: 'CertResolver defines the name of the certificate
+ resolver to use. Cert resolvers have to be configured in the
+ static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
+ type: string
+ domains:
+ description: 'Domains defines the list of domains that will be
+ used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
+ items:
+ description: Domain holds a domain name with SANs.
+ properties:
+ main:
+ description: Main defines the main domain name.
+ type: string
+ sans:
+ description: SANs defines the subject alternative domain
+ names.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ options:
+ description: 'Options defines the reference to a TLSOption, that
+ specifies the parameters of the TLS connection. If not defined,
+ the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
+ properties:
+ name:
+ description: 'Name defines the name of the referenced TLSOption.
+ More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
+ type: string
+ namespace:
+ description: 'Namespace defines the namespace of the referenced
+ TLSOption. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsoption'
+ type: string
+ required:
+ - name
+ type: object
+ secretName:
+ description: SecretName is the name of the referenced Kubernetes
+ Secret to specify the certificate details.
+ type: string
+ store:
+ description: Store defines the reference to the TLSStore, that
+ will be used to store certificates. Please note that only `default`
+ TLSStore can be used.
+ properties:
+ name:
+ description: 'Name defines the name of the referenced TLSStore.
+ More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
+ type: string
+ namespace:
+ description: 'Namespace defines the namespace of the referenced
+ TLSStore. More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-tlsstore'
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ required:
+ - routes
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.containo.us_ingressroutetcps.yaml b/enterprise/traefik/21.1.9/crds/traefik.containo.us_ingressroutetcps.yaml
new file mode 100644
index 00000000000..37da83b3441
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.containo.us_ingressroutetcps.yaml
@@ -0,0 +1,211 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: ingressroutetcps.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: IngressRouteTCP
+ listKind: IngressRouteTCPList
+ plural: ingressroutetcps
+ singular: ingressroutetcp
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
+ properties:
+ entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
+ Default: all.'
+ items:
+ type: string
+ type: array
+ routes:
+ description: Routes defines the list of routes.
+ items:
+ description: RouteTCP holds the TCP route configuration.
+ properties:
+ match:
+ description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#rule_1'
+ type: string
+ middlewares:
+ description: Middlewares defines the list of references to MiddlewareTCP
+ resources.
+ items:
+ description: ObjectReference is a generic reference to a Traefik
+ resource.
+ properties:
+ name:
+ description: Name defines the name of the referenced Traefik
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ priority:
+ description: 'Priority defines the router''s priority. More
+ info: https://doc.traefik.io/traefik/v2.9/routing/routers/#priority_1'
+ type: integer
+ services:
+ description: Services defines the list of TCP services.
+ items:
+ description: ServiceTCP defines an upstream TCP service to
+ proxy traffic to.
+ properties:
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ proxyProtocol:
+ description: 'ProxyProtocol defines the PROXY protocol
+ configuration. More info: https://doc.traefik.io/traefik/v2.9/routing/services/#proxy-protocol'
+ properties:
+ version:
+ description: Version defines the PROXY Protocol version
+ to use.
+ type: integer
+ type: object
+ terminationDelay:
+ description: TerminationDelay defines the deadline that
+ the proxy sets, after one of its connected peers indicates
+ it has closed the writing capability of its connection,
+ to close the reading capability as well, hence fully
+ terminating the connection. It is a duration in milliseconds,
+ defaulting to 100. A negative value means an infinite
+ deadline (i.e. the reading capability is never closed).
+ type: integer
+ weight:
+ description: Weight defines the weight used when balancing
+ requests between multiple Kubernetes Service.
+ type: integer
+ required:
+ - name
+ - port
+ type: object
+ type: array
+ required:
+ - match
+ type: object
+ type: array
+ tls:
+ description: 'TLS defines the TLS configuration on a layer 4 / TCP
+ Route. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#tls_1'
+ properties:
+ certResolver:
+ description: 'CertResolver defines the name of the certificate
+ resolver to use. Cert resolvers have to be configured in the
+ static configuration. More info: https://doc.traefik.io/traefik/v2.9/https/acme/#certificate-resolvers'
+ type: string
+ domains:
+ description: 'Domains defines the list of domains that will be
+ used to issue certificates. More info: https://doc.traefik.io/traefik/v2.9/routing/routers/#domains'
+ items:
+ description: Domain holds a domain name with SANs.
+ properties:
+ main:
+ description: Main defines the main domain name.
+ type: string
+ sans:
+ description: SANs defines the subject alternative domain
+ names.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ options:
+ description: 'Options defines the reference to a TLSOption, that
+ specifies the parameters of the TLS connection. If not defined,
+ the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
+ properties:
+ name:
+ description: Name defines the name of the referenced Traefik
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
+ type: string
+ required:
+ - name
+ type: object
+ passthrough:
+ description: Passthrough defines whether a TLS router will terminate
+ the TLS connection.
+ type: boolean
+ secretName:
+ description: SecretName is the name of the referenced Kubernetes
+ Secret to specify the certificate details.
+ type: string
+ store:
+ description: Store defines the reference to the TLSStore, that
+ will be used to store certificates. Please note that only `default`
+ TLSStore can be used.
+ properties:
+ name:
+ description: Name defines the name of the referenced Traefik
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ required:
+ - routes
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.containo.us_ingressrouteudps.yaml b/enterprise/traefik/21.1.9/crds/traefik.containo.us_ingressrouteudps.yaml
new file mode 100644
index 00000000000..2ba4dade6b7
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.containo.us_ingressrouteudps.yaml
@@ -0,0 +1,98 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: ingressrouteudps.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: IngressRouteUDP
+ listKind: IngressRouteUDPList
+ plural: ingressrouteudps
+ singular: ingressrouteudp
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
+ properties:
+ entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.9/routing/entrypoints/
+ Default: all.'
+ items:
+ type: string
+ type: array
+ routes:
+ description: Routes defines the list of routes.
+ items:
+ description: RouteUDP holds the UDP route configuration.
+ properties:
+ services:
+ description: Services defines the list of UDP services.
+ items:
+ description: ServiceUDP defines an upstream UDP service to
+ proxy traffic to.
+ properties:
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service.
+ type: string
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ weight:
+ description: Weight defines the weight used when balancing
+ requests between multiple Kubernetes Service.
+ type: integer
+ required:
+ - name
+ - port
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - routes
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.containo.us_middlewares.yaml b/enterprise/traefik/21.1.9/crds/traefik.containo.us_middlewares.yaml
new file mode 100644
index 00000000000..26cb51d2e6b
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.containo.us_middlewares.yaml
@@ -0,0 +1,917 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: middlewares.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: Middleware
+ listKind: MiddlewareList
+ plural: middlewares
+ singular: middleware
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'Middleware is the CRD implementation of a Traefik Middleware.
+ More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/overview/'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MiddlewareSpec defines the desired state of a Middleware.
+ properties:
+ addPrefix:
+ description: 'AddPrefix holds the add prefix middleware configuration.
+ This middleware updates the path of a request before forwarding
+ it. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/addprefix/'
+ properties:
+ prefix:
+ description: Prefix is the string to add before the current path
+ in the requested URL. It should include a leading slash (/).
+ type: string
+ type: object
+ basicAuth:
+ description: 'BasicAuth holds the basic auth middleware configuration.
+ This middleware restricts access to your services to known users.
+ More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/'
+ properties:
+ headerField:
+ description: 'HeaderField defines a header field to store the
+ authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
+ type: string
+ realm:
+ description: 'Realm allows the protected resources on a server
+ to be partitioned into a set of protection spaces, each with
+ its own authentication scheme. Default: traefik.'
+ type: string
+ removeHeader:
+ description: 'RemoveHeader sets the removeHeader option to true
+ to remove the authorization header before forwarding the request
+ to your service. Default: false.'
+ type: boolean
+ secret:
+ description: Secret is the name of the referenced Kubernetes Secret
+ containing user credentials.
+ type: string
+ type: object
+ buffering:
+ description: 'Buffering holds the buffering middleware configuration.
+ This middleware retries or limits the size of requests that can
+ be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#maxrequestbodybytes'
+ properties:
+ maxRequestBodyBytes:
+ description: 'MaxRequestBodyBytes defines the maximum allowed
+ body size for the request (in bytes). If the request exceeds
+ the allowed size, it is not forwarded to the service, and the
+ client gets a 413 (Request Entity Too Large) response. Default:
+ 0 (no maximum).'
+ format: int64
+ type: integer
+ maxResponseBodyBytes:
+ description: 'MaxResponseBodyBytes defines the maximum allowed
+ response size from the service (in bytes). If the response exceeds
+ the allowed size, it is not forwarded to the client. The client
+ gets a 500 (Internal Server Error) response instead. Default:
+ 0 (no maximum).'
+ format: int64
+ type: integer
+ memRequestBodyBytes:
+ description: 'MemRequestBodyBytes defines the threshold (in bytes)
+ from which the request will be buffered on disk instead of in
+ memory. Default: 1048576 (1Mi).'
+ format: int64
+ type: integer
+ memResponseBodyBytes:
+ description: 'MemResponseBodyBytes defines the threshold (in bytes)
+ from which the response will be buffered on disk instead of
+ in memory. Default: 1048576 (1Mi).'
+ format: int64
+ type: integer
+ retryExpression:
+ description: 'RetryExpression defines the retry conditions. It
+ is a logical combination of functions with operators AND (&&)
+ and OR (||). More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/buffering/#retryexpression'
+ type: string
+ type: object
+ chain:
+ description: 'Chain holds the configuration of the chain middleware.
+ This middleware enables to define reusable combinations of other
+ pieces of middleware. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/chain/'
+ properties:
+ middlewares:
+ description: Middlewares is the list of MiddlewareRef which composes
+ the chain.
+ items:
+ description: MiddlewareRef is a reference to a Middleware resource.
+ properties:
+ name:
+ description: Name defines the name of the referenced Middleware
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Middleware resource.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ circuitBreaker:
+ description: CircuitBreaker holds the circuit breaker configuration.
+ properties:
+ checkPeriod:
+ anyOf:
+ - type: integer
+ - type: string
+ description: CheckPeriod is the interval between successive checks
+ of the circuit breaker condition (when in standby state).
+ x-kubernetes-int-or-string: true
+ expression:
+ description: Expression is the condition that triggers the tripped
+ state.
+ type: string
+ fallbackDuration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: FallbackDuration is the duration for which the circuit
+ breaker will wait before trying to recover (from a tripped state).
+ x-kubernetes-int-or-string: true
+ recoveryDuration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: RecoveryDuration is the duration for which the circuit
+ breaker will try to recover (as soon as it is in recovering
+ state).
+ x-kubernetes-int-or-string: true
+ type: object
+ compress:
+ description: 'Compress holds the compress middleware configuration.
+ This middleware compresses responses before sending them to the
+ client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/compress/'
+ properties:
+ excludedContentTypes:
+ description: ExcludedContentTypes defines the list of content
+ types to compare the Content-Type header of the incoming requests
+ and responses before compressing.
+ items:
+ type: string
+ type: array
+ minResponseBodyBytes:
+ description: 'MinResponseBodyBytes defines the minimum amount
+ of bytes a response body must have to be compressed. Default:
+ 1024.'
+ type: integer
+ type: object
+ contentType:
+ description: ContentType holds the content-type middleware configuration.
+ This middleware exists to enable the correct behavior until at least
+ the default one can be changed in a future version.
+ properties:
+ autoDetect:
+ description: AutoDetect specifies whether to let the `Content-Type`
+ header, if it has not been set by the backend, be automatically
+ set to a value derived from the contents of the response. As
+ a proxy, the default behavior should be to leave the header
+ alone, regardless of what the backend did with it. However,
+ the historic default was to always auto-detect and set the header
+ if it was nil, and it is going to be kept that way in order
+ to support users currently relying on it.
+ type: boolean
+ type: object
+ digestAuth:
+ description: 'DigestAuth holds the digest auth middleware configuration.
+ This middleware restricts access to your services to known users.
+ More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/digestauth/'
+ properties:
+ headerField:
+ description: 'HeaderField defines a header field to store the
+ authenticated user. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/basicauth/#headerfield'
+ type: string
+ realm:
+ description: 'Realm allows the protected resources on a server
+ to be partitioned into a set of protection spaces, each with
+ its own authentication scheme. Default: traefik.'
+ type: string
+ removeHeader:
+ description: RemoveHeader defines whether to remove the authorization
+ header before forwarding the request to the backend.
+ type: boolean
+ secret:
+ description: Secret is the name of the referenced Kubernetes Secret
+ containing user credentials.
+ type: string
+ type: object
+ errors:
+ description: 'ErrorPage holds the custom error middleware configuration.
+ This middleware returns a custom page in lieu of the default, according
+ to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/'
+ properties:
+ query:
+ description: Query defines the URL for the error page (hosted
+ by service). The {status} variable can be used in order to insert
+ the status code in the URL.
+ type: string
+ service:
+ description: 'Service defines the reference to a Kubernetes Service
+ that will serve the error page. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/errorpages/#service'
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between the
+ two is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval, in milliseconds,
+ in between flushes to the client while copying the response
+ body. A negative value means to flush immediately after
+ each write to the client. This configuration is ignored
+ when ReverseProxy recognizes a response as a streaming
+ response; for such responses, writes are flushed to
+ the client immediately. Default: 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport between
+ Traefik and your servers. Can only be used on a Kubernetes
+ Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie can
+ be accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported value
+ at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object (and
+ to be precise, one that embeds a Weighted Round Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ status:
+ description: Status defines which status or range of statuses
+ should result in an error page. It can be either a status code
+ as a number (500), as multiple comma-separated numbers (500,502),
+ as ranges by separating two codes with a dash (500-599), or
+ a combination of the two (404,418,500-599).
+ items:
+ type: string
+ type: array
+ type: object
+ forwardAuth:
+ description: 'ForwardAuth holds the forward auth middleware configuration.
+ This middleware delegates the request authentication to a Service.
+ More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/'
+ properties:
+ address:
+ description: Address defines the authentication server address.
+ type: string
+ authRequestHeaders:
+ description: AuthRequestHeaders defines the list of the headers
+ to copy from the request to the authentication server. If not
+ set or empty then all request headers are passed.
+ items:
+ type: string
+ type: array
+ authResponseHeaders:
+ description: AuthResponseHeaders defines the list of headers to
+ copy from the authentication server response and set on forwarded
+ request, replacing any existing conflicting headers.
+ items:
+ type: string
+ type: array
+ authResponseHeadersRegex:
+ description: 'AuthResponseHeadersRegex defines the regex to match
+ headers to copy from the authentication server response and
+ set on forwarded request, after stripping all headers that match
+ the regex. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/forwardauth/#authresponseheadersregex'
+ type: string
+ tls:
+ description: TLS defines the configuration used to secure the
+ connection to the authentication server.
+ properties:
+ caOptional:
+ type: boolean
+ caSecret:
+ description: CASecret is the name of the referenced Kubernetes
+ Secret containing the CA to validate the server certificate.
+ The CA certificate is extracted from key `tls.ca` or `ca.crt`.
+ type: string
+ certSecret:
+ description: CertSecret is the name of the referenced Kubernetes
+ Secret containing the client certificate. The client certificate
+ is extracted from the keys `tls.crt` and `tls.key`.
+ type: string
+ insecureSkipVerify:
+ description: InsecureSkipVerify defines whether the server
+ certificates should be validated.
+ type: boolean
+ type: object
+ trustForwardHeader:
+ description: 'TrustForwardHeader defines whether to trust (ie:
+ forward) all X-Forwarded-* headers.'
+ type: boolean
+ type: object
+ headers:
+ description: 'Headers holds the headers middleware configuration.
+ This middleware manages the requests and responses headers. More
+ info: https://doc.traefik.io/traefik/v2.9/middlewares/http/headers/#customrequestheaders'
+ properties:
+ accessControlAllowCredentials:
+ description: AccessControlAllowCredentials defines whether the
+ request can include user credentials.
+ type: boolean
+ accessControlAllowHeaders:
+ description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
+ values sent in preflight response.
+ items:
+ type: string
+ type: array
+ accessControlAllowMethods:
+ description: AccessControlAllowMethods defines the Access-Control-Request-Method
+ values sent in preflight response.
+ items:
+ type: string
+ type: array
+ accessControlAllowOriginList:
+ description: AccessControlAllowOriginList is a list of allowable
+ origins. Can also be a wildcard origin "*".
+ items:
+ type: string
+ type: array
+ accessControlAllowOriginListRegex:
+ description: AccessControlAllowOriginListRegex is a list of allowable
+ origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
+ items:
+ type: string
+ type: array
+ accessControlExposeHeaders:
+ description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
+ values sent in preflight response.
+ items:
+ type: string
+ type: array
+ accessControlMaxAge:
+ description: AccessControlMaxAge defines the time that a preflight
+ request may be cached.
+ format: int64
+ type: integer
+ addVaryHeader:
+ description: AddVaryHeader defines whether the Vary header is
+ automatically added/updated when the AccessControlAllowOriginList
+ is set.
+ type: boolean
+ allowedHosts:
+ description: AllowedHosts defines the fully qualified list of
+ allowed domain names.
+ items:
+ type: string
+ type: array
+ browserXssFilter:
+ description: BrowserXSSFilter defines whether to add the X-XSS-Protection
+ header with the value 1; mode=block.
+ type: boolean
+ contentSecurityPolicy:
+ description: ContentSecurityPolicy defines the Content-Security-Policy
+ header value.
+ type: string
+ contentTypeNosniff:
+ description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
+ header with the nosniff value.
+ type: boolean
+ customBrowserXSSValue:
+ description: CustomBrowserXSSValue defines the X-XSS-Protection
+ header value. This overrides the BrowserXssFilter option.
+ type: string
+ customFrameOptionsValue:
+ description: CustomFrameOptionsValue defines the X-Frame-Options
+ header value. This overrides the FrameDeny option.
+ type: string
+ customRequestHeaders:
+ additionalProperties:
+ type: string
+ description: CustomRequestHeaders defines the header names and
+ values to apply to the request.
+ type: object
+ customResponseHeaders:
+ additionalProperties:
+ type: string
+ description: CustomResponseHeaders defines the header names and
+ values to apply to the response.
+ type: object
+ featurePolicy:
+ description: 'Deprecated: use PermissionsPolicy instead.'
+ type: string
+ forceSTSHeader:
+ description: ForceSTSHeader defines whether to add the STS header
+ even when the connection is HTTP.
+ type: boolean
+ frameDeny:
+ description: FrameDeny defines whether to add the X-Frame-Options
+ header with the DENY value.
+ type: boolean
+ hostsProxyHeaders:
+ description: HostsProxyHeaders defines the header keys that may
+ hold a proxied hostname value for the request.
+ items:
+ type: string
+ type: array
+ isDevelopment:
+ description: IsDevelopment defines whether to mitigate the unwanted
+ effects of the AllowedHosts, SSL, and STS options when developing.
+ Usually testing takes place using HTTP, not HTTPS, and on localhost,
+ not your production domain. If you would like your development
+ environment to mimic production with complete Host blocking,
+ SSL redirects, and STS headers, leave this as false.
+ type: boolean
+ permissionsPolicy:
+ description: PermissionsPolicy defines the Permissions-Policy
+ header value. This allows sites to control browser features.
+ type: string
+ publicKey:
+ description: PublicKey is the public key that implements HPKP
+ to prevent MITM attacks with forged certificates.
+ type: string
+ referrerPolicy:
+ description: ReferrerPolicy defines the Referrer-Policy header
+ value. This allows sites to control whether browsers forward
+ the Referer header to other sites.
+ type: string
+ sslForceHost:
+ description: 'Deprecated: use RedirectRegex instead.'
+ type: boolean
+ sslHost:
+ description: 'Deprecated: use RedirectRegex instead.'
+ type: string
+ sslProxyHeaders:
+ additionalProperties:
+ type: string
+ description: 'SSLProxyHeaders defines the header keys with associated
+ values that would indicate a valid HTTPS request. It can be
+ useful when using other proxies (example: "X-Forwarded-Proto":
+ "https").'
+ type: object
+ sslRedirect:
+ description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+ instead.'
+ type: boolean
+ sslTemporaryRedirect:
+ description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+ instead.'
+ type: boolean
+ stsIncludeSubdomains:
+ description: STSIncludeSubdomains defines whether the includeSubDomains
+ directive is appended to the Strict-Transport-Security header.
+ type: boolean
+ stsPreload:
+ description: STSPreload defines whether the preload flag is appended
+ to the Strict-Transport-Security header.
+ type: boolean
+ stsSeconds:
+ description: STSSeconds defines the max-age of the Strict-Transport-Security
+ header. If set to 0, the header is not set.
+ format: int64
+ type: integer
+ type: object
+ inFlightReq:
+ description: 'InFlightReq holds the in-flight request middleware configuration.
+ This middleware limits the number of requests being processed and
+ served concurrently. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/'
+ properties:
+ amount:
+ description: Amount defines the maximum amount of allowed simultaneous
+ in-flight request. The middleware responds with HTTP 429 Too
+ Many Requests if there are already amount requests in progress
+ (based on the same sourceCriterion strategy).
+ format: int64
+ type: integer
+ sourceCriterion:
+ description: 'SourceCriterion defines what criterion is used to
+ group requests as originating from a common source. If several
+ strategies are defined at the same time, an error will be raised.
+ If none are set, the default is to use the requestHost. More
+ info: https://doc.traefik.io/traefik/v2.9/middlewares/http/inflightreq/#sourcecriterion'
+ properties:
+ ipStrategy:
+ description: 'IPStrategy holds the IP strategy configuration
+ used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+ properties:
+ depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position
+ (starting from the right).
+ type: integer
+ excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the
+ X-Forwarded-For header and select the first IP not in
+ the list.
+ items:
+ type: string
+ type: array
+ type: object
+ requestHeaderName:
+ description: RequestHeaderName defines the name of the header
+ used to group incoming requests.
+ type: string
+ requestHost:
+ description: RequestHost defines whether to consider the request
+ Host as the source.
+ type: boolean
+ type: object
+ type: object
+ ipWhiteList:
+ description: 'IPWhiteList holds the IP whitelist middleware configuration.
+ This middleware accepts / refuses requests based on the client IP.
+ More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/'
+ properties:
+ ipStrategy:
+ description: 'IPStrategy holds the IP strategy configuration used
+ by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+ properties:
+ depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position (starting
+ from the right).
+ type: integer
+ excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+ header and select the first IP not in the list.
+ items:
+ type: string
+ type: array
+ type: object
+ sourceRange:
+ description: SourceRange defines the set of allowed IPs (or ranges
+ of allowed IPs by using CIDR notation).
+ items:
+ type: string
+ type: array
+ type: object
+ passTLSClientCert:
+ description: 'PassTLSClientCert holds the pass TLS client cert middleware
+ configuration. This middleware adds the selected data from the passed
+ client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/passtlsclientcert/'
+ properties:
+ info:
+ description: Info selects the specific client certificate details
+ you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
+ properties:
+ issuer:
+ description: Issuer defines the client certificate issuer
+ details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+ properties:
+ commonName:
+ description: CommonName defines whether to add the organizationalUnit
+ information into the issuer.
+ type: boolean
+ country:
+ description: Country defines whether to add the country
+ information into the issuer.
+ type: boolean
+ domainComponent:
+ description: DomainComponent defines whether to add the
+ domainComponent information into the issuer.
+ type: boolean
+ locality:
+ description: Locality defines whether to add the locality
+ information into the issuer.
+ type: boolean
+ organization:
+ description: Organization defines whether to add the organization
+ information into the issuer.
+ type: boolean
+ province:
+ description: Province defines whether to add the province
+ information into the issuer.
+ type: boolean
+ serialNumber:
+ description: SerialNumber defines whether to add the serialNumber
+ information into the issuer.
+ type: boolean
+ type: object
+ notAfter:
+ description: NotAfter defines whether to add the Not After
+ information from the Validity part.
+ type: boolean
+ notBefore:
+ description: NotBefore defines whether to add the Not Before
+ information from the Validity part.
+ type: boolean
+ sans:
+ description: Sans defines whether to add the Subject Alternative
+ Name information from the Subject Alternative Name part.
+ type: boolean
+ serialNumber:
+ description: SerialNumber defines whether to add the client
+ serialNumber information.
+ type: boolean
+ subject:
+ description: Subject defines the client certificate subject
+ details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+ properties:
+ commonName:
+ description: CommonName defines whether to add the organizationalUnit
+ information into the subject.
+ type: boolean
+ country:
+ description: Country defines whether to add the country
+ information into the subject.
+ type: boolean
+ domainComponent:
+ description: DomainComponent defines whether to add the
+ domainComponent information into the subject.
+ type: boolean
+ locality:
+ description: Locality defines whether to add the locality
+ information into the subject.
+ type: boolean
+ organization:
+ description: Organization defines whether to add the organization
+ information into the subject.
+ type: boolean
+ organizationalUnit:
+ description: OrganizationalUnit defines whether to add
+ the organizationalUnit information into the subject.
+ type: boolean
+ province:
+ description: Province defines whether to add the province
+ information into the subject.
+ type: boolean
+ serialNumber:
+ description: SerialNumber defines whether to add the serialNumber
+ information into the subject.
+ type: boolean
+ type: object
+ type: object
+ pem:
+ description: PEM sets the X-Forwarded-Tls-Client-Cert header with
+ the escaped certificate.
+ type: boolean
+ type: object
+ plugin:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: 'Plugin defines the middleware plugin configuration.
+ More info: https://doc.traefik.io/traefik/plugins/'
+ type: object
+ rateLimit:
+ description: 'RateLimit holds the rate limit configuration. This middleware
+ ensures that services will receive a fair amount of requests, and
+ allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ratelimit/'
+ properties:
+ average:
+ description: Average is the maximum rate, by default in requests/s,
+ allowed for the given source. It defaults to 0, which means
+ no rate limiting. The rate is actually defined by dividing Average
+ by Period. So for a rate below 1req/s, one needs to define a
+ Period larger than a second.
+ format: int64
+ type: integer
+ burst:
+ description: Burst is the maximum number of requests allowed to
+ arrive in the same arbitrarily small period of time. It defaults
+ to 1.
+ format: int64
+ type: integer
+ period:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Period, in combination with Average, defines the
+ actual maximum rate, such as: r = Average / Period. It defaults
+ to a second.'
+ x-kubernetes-int-or-string: true
+ sourceCriterion:
+ description: SourceCriterion defines what criterion is used to
+ group requests as originating from a common source. If several
+ strategies are defined at the same time, an error will be raised.
+ If none are set, the default is to use the request's remote
+ address field (as an ipStrategy).
+ properties:
+ ipStrategy:
+ description: 'IPStrategy holds the IP strategy configuration
+ used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/ipwhitelist/#ipstrategy'
+ properties:
+ depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position
+ (starting from the right).
+ type: integer
+ excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the
+ X-Forwarded-For header and select the first IP not in
+ the list.
+ items:
+ type: string
+ type: array
+ type: object
+ requestHeaderName:
+ description: RequestHeaderName defines the name of the header
+ used to group incoming requests.
+ type: string
+ requestHost:
+ description: RequestHost defines whether to consider the request
+ Host as the source.
+ type: boolean
+ type: object
+ type: object
+ redirectRegex:
+ description: 'RedirectRegex holds the redirect regex middleware configuration.
+ This middleware redirects a request using regex matching and replacement.
+ More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectregex/#regex'
+ properties:
+ permanent:
+ description: Permanent defines whether the redirection is permanent
+ (301).
+ type: boolean
+ regex:
+ description: Regex defines the regex used to match and capture
+ elements from the request URL.
+ type: string
+ replacement:
+ description: Replacement defines how to modify the URL to have
+ the new target URL.
+ type: string
+ type: object
+ redirectScheme:
+ description: 'RedirectScheme holds the redirect scheme middleware
+ configuration. This middleware redirects requests from a scheme/port
+ to another. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/redirectscheme/'
+ properties:
+ permanent:
+ description: Permanent defines whether the redirection is permanent
+ (301).
+ type: boolean
+ port:
+ description: Port defines the port of the new URL.
+ type: string
+ scheme:
+ description: Scheme defines the scheme of the new URL.
+ type: string
+ type: object
+ replacePath:
+ description: 'ReplacePath holds the replace path middleware configuration.
+ This middleware replaces the path of the request URL and store the
+ original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepath/'
+ properties:
+ path:
+ description: Path defines the path to use as replacement in the
+ request URL.
+ type: string
+ type: object
+ replacePathRegex:
+ description: 'ReplacePathRegex holds the replace path regex middleware
+ configuration. This middleware replaces the path of a URL using
+ regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/replacepathregex/'
+ properties:
+ regex:
+ description: Regex defines the regular expression used to match
+ and capture the path from the request URL.
+ type: string
+ replacement:
+ description: Replacement defines the replacement path format,
+ which can include captured variables.
+ type: string
+ type: object
+ retry:
+ description: 'Retry holds the retry middleware configuration. This
+ middleware reissues requests a given number of times to a backend
+ server if that server does not reply. As soon as the server answers,
+ the middleware stops retrying, regardless of the response status.
+ More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/retry/'
+ properties:
+ attempts:
+ description: Attempts defines how many times the request should
+ be retried.
+ type: integer
+ initialInterval:
+ anyOf:
+ - type: integer
+ - type: string
+ description: InitialInterval defines the first wait time in the
+ exponential backoff series. The maximum interval is calculated
+ as twice the initialInterval. If unspecified, requests will
+ be retried immediately. The value of initialInterval should
+ be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+ x-kubernetes-int-or-string: true
+ type: object
+ stripPrefix:
+ description: 'StripPrefix holds the strip prefix middleware configuration.
+ This middleware removes the specified prefixes from the URL path.
+ More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefix/'
+ properties:
+ forceSlash:
+ description: 'ForceSlash ensures that the resulting stripped path
+ is not the empty string, by replacing it with / when necessary.
+ Default: true.'
+ type: boolean
+ prefixes:
+ description: Prefixes defines the prefixes to strip from the request
+ URL.
+ items:
+ type: string
+ type: array
+ type: object
+ stripPrefixRegex:
+ description: 'StripPrefixRegex holds the strip prefix regex middleware
+ configuration. This middleware removes the matching prefixes from
+ the URL path. More info: https://doc.traefik.io/traefik/v2.9/middlewares/http/stripprefixregex/'
+ properties:
+ regex:
+ description: Regex defines the regular expression to match the
+ path prefix from the request URL.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.containo.us_middlewaretcps.yaml b/enterprise/traefik/21.1.9/crds/traefik.containo.us_middlewaretcps.yaml
new file mode 100644
index 00000000000..1f6eec94044
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.containo.us_middlewaretcps.yaml
@@ -0,0 +1,72 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: middlewaretcps.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: MiddlewareTCP
+ listKind: MiddlewareTCPList
+ plural: middlewaretcps
+ singular: middlewaretcp
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+ More info: https://doc.traefik.io/traefik/v2.9/middlewares/overview/'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
+ properties:
+ inFlightConn:
+ description: InFlightConn defines the InFlightConn middleware configuration.
+ properties:
+ amount:
+ description: Amount defines the maximum amount of allowed simultaneous
+ connections. The middleware closes the connection if there are
+ already amount connections opened.
+ format: int64
+ type: integer
+ type: object
+ ipWhiteList:
+ description: IPWhiteList defines the IPWhiteList middleware configuration.
+ properties:
+ sourceRange:
+ description: SourceRange defines the allowed IPs (or ranges of
+ allowed IPs by using CIDR notation).
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.containo.us_serverstransports.yaml b/enterprise/traefik/21.1.9/crds/traefik.containo.us_serverstransports.yaml
new file mode 100644
index 00000000000..afc03849651
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.containo.us_serverstransports.yaml
@@ -0,0 +1,128 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: serverstransports.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: ServersTransport
+ listKind: ServersTransportList
+ plural: serverstransports
+ singular: serverstransport
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'ServersTransport is the CRD implementation of a ServersTransport.
+ If no serversTransport is specified, the default@internal will be used.
+ The default@internal serversTransport is created from the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.9/routing/services/#serverstransport_1'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ServersTransportSpec defines the desired state of a ServersTransport.
+ properties:
+ certificatesSecrets:
+ description: CertificatesSecrets defines a list of secret storing
+ client certificates for mTLS.
+ items:
+ type: string
+ type: array
+ disableHTTP2:
+ description: DisableHTTP2 disables HTTP/2 for connections with backend
+ servers.
+ type: boolean
+ forwardingTimeouts:
+ description: ForwardingTimeouts defines the timeouts for requests
+ forwarded to the backend servers.
+ properties:
+ dialTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: DialTimeout is the amount of time to wait until a
+ connection to a backend server can be established.
+ x-kubernetes-int-or-string: true
+ idleConnTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: IdleConnTimeout is the maximum period for which an
+ idle HTTP keep-alive connection will remain open before closing
+ itself.
+ x-kubernetes-int-or-string: true
+ pingTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: PingTimeout is the timeout after which the HTTP/2
+ connection will be closed if a response to ping is not received.
+ x-kubernetes-int-or-string: true
+ readIdleTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: ReadIdleTimeout is the timeout after which a health
+ check using ping frame will be carried out if no frame is received
+ on the HTTP/2 connection.
+ x-kubernetes-int-or-string: true
+ responseHeaderTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: ResponseHeaderTimeout is the amount of time to wait
+ for a server's response headers after fully writing the request
+ (including its body, if any).
+ x-kubernetes-int-or-string: true
+ type: object
+ insecureSkipVerify:
+ description: InsecureSkipVerify disables SSL certificate verification.
+ type: boolean
+ maxIdleConnsPerHost:
+ description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
+ to keep per-host.
+ type: integer
+ peerCertURI:
+ description: PeerCertURI defines the peer cert URI used to match against
+ SAN URI during the peer certificate verification.
+ type: string
+ rootCAsSecrets:
+ description: RootCAsSecrets defines a list of CA secret used to validate
+ self-signed certificate.
+ items:
+ type: string
+ type: array
+ serverName:
+ description: ServerName defines the server name used to contact the
+ server.
+ type: string
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.containo.us_tlsoptions.yaml b/enterprise/traefik/21.1.9/crds/traefik.containo.us_tlsoptions.yaml
new file mode 100644
index 00000000000..16ea46008ba
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.containo.us_tlsoptions.yaml
@@ -0,0 +1,113 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: tlsoptions.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: TLSOption
+ listKind: TLSOptionList
+ plural: tlsoptions
+ singular: tlsoption
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
+ allowing to configure some parameters of the TLS connection. More info:
+ https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TLSOptionSpec defines the desired state of a TLSOption.
+ properties:
+ alpnProtocols:
+ description: 'ALPNProtocols defines the list of supported application
+ level protocols for the TLS handshake, in order of preference. More
+ info: https://doc.traefik.io/traefik/v2.9/https/tls/#alpn-protocols'
+ items:
+ type: string
+ type: array
+ cipherSuites:
+ description: 'CipherSuites defines the list of supported cipher suites
+ for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#cipher-suites'
+ items:
+ type: string
+ type: array
+ clientAuth:
+ description: ClientAuth defines the server's policy for TLS Client
+ Authentication.
+ properties:
+ clientAuthType:
+ description: ClientAuthType defines the client authentication
+ type to apply.
+ enum:
+ - NoClientCert
+ - RequestClientCert
+ - RequireAnyClientCert
+ - VerifyClientCertIfGiven
+ - RequireAndVerifyClientCert
+ type: string
+ secretNames:
+ description: SecretNames defines the names of the referenced Kubernetes
+ Secret storing certificate details.
+ items:
+ type: string
+ type: array
+ type: object
+ curvePreferences:
+ description: 'CurvePreferences defines the preferred elliptic curves
+ in a specific order. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#curve-preferences'
+ items:
+ type: string
+ type: array
+ maxVersion:
+ description: 'MaxVersion defines the maximum TLS version that Traefik
+ will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+ VersionTLS13. Default: None.'
+ type: string
+ minVersion:
+ description: 'MinVersion defines the minimum TLS version that Traefik
+ will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+ VersionTLS13. Default: VersionTLS10.'
+ type: string
+ preferServerCipherSuites:
+ description: 'PreferServerCipherSuites defines whether the server
+ chooses a cipher suite among his own instead of among the client''s.
+ It is enabled automatically when minVersion or maxVersion is set.
+ Deprecated: https://github.com/golang/go/issues/45430'
+ type: boolean
+ sniStrict:
+ description: SniStrict defines whether Traefik allows connections
+ from clients connections that do not specify a server_name extension.
+ type: boolean
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.containo.us_tlsstores.yaml b/enterprise/traefik/21.1.9/crds/traefik.containo.us_tlsstores.yaml
new file mode 100644
index 00000000000..f6dfc6c8fb0
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.containo.us_tlsstores.yaml
@@ -0,0 +1,99 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: tlsstores.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: TLSStore
+ listKind: TLSStoreList
+ plural: tlsstores
+ singular: tlsstore
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
+ the time being, only the TLSStore named default is supported. This means
+ that you cannot have two stores that are named default in different Kubernetes
+ namespaces. More info: https://doc.traefik.io/traefik/v2.9/https/tls/#certificates-stores'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TLSStoreSpec defines the desired state of a TLSStore.
+ properties:
+ certificates:
+ description: Certificates is a list of secret names, each secret holding
+ a key/certificate pair to add to the store.
+ items:
+ description: Certificate holds a secret name for the TLSStore resource.
+ properties:
+ secretName:
+ description: SecretName is the name of the referenced Kubernetes
+ Secret to specify the certificate details.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ defaultCertificate:
+ description: DefaultCertificate defines the default certificate configuration.
+ properties:
+ secretName:
+ description: SecretName is the name of the referenced Kubernetes
+ Secret to specify the certificate details.
+ type: string
+ required:
+ - secretName
+ type: object
+ defaultGeneratedCert:
+ description: DefaultGeneratedCert defines the default generated certificate
+ configuration.
+ properties:
+ domain:
+ description: Domain is the domain definition for the DefaultCertificate.
+ properties:
+ main:
+ description: Main defines the main domain name.
+ type: string
+ sans:
+ description: SANs defines the subject alternative domain names.
+ items:
+ type: string
+ type: array
+ type: object
+ resolver:
+ description: Resolver is the name of the resolver that will be
+ used to issue the DefaultCertificate.
+ type: string
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.containo.us_traefikservices.yaml b/enterprise/traefik/21.1.9/crds/traefik.containo.us_traefikservices.yaml
new file mode 100644
index 00000000000..358fdc1eab5
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.containo.us_traefikservices.yaml
@@ -0,0 +1,381 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: traefikservices.traefik.containo.us
+spec:
+ group: traefik.containo.us
+ names:
+ kind: TraefikService
+ listKind: TraefikServiceList
+ plural: traefikservices
+ singular: traefikservice
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'TraefikService is the CRD implementation of a Traefik Service.
+ TraefikService object allows to: - Apply weight to Services on load-balancing
+ - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#kind-traefikservice'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TraefikServiceSpec defines the desired state of a TraefikService.
+ properties:
+ mirroring:
+ description: Mirroring defines the Mirroring service configuration.
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ maxBodySize:
+ description: MaxBodySize defines the maximum size allowed for
+ the body of the request. If the body is larger, the request
+ is not mirrored. Default value is -1, which means unlimited
+ size.
+ format: int64
+ type: integer
+ mirrors:
+ description: Mirrors defines the list of mirrors where Traefik
+ will duplicate the traffic.
+ items:
+ description: MirrorService holds the mirror configuration.
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
+ type: boolean
+ percent:
+ description: 'Percent defines the part of the traffic to
+ mirror. Supported values: 0 to 100.'
+ type: integer
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval, in
+ milliseconds, in between flushes to the client while
+ copying the response body. A negative value means
+ to flush immediately after each write to the client.
+ This configuration is ignored when ReverseProxy recognizes
+ a response as a streaming response; for such responses,
+ writes are flushed to the client immediately. Default:
+ 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ type: array
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between the two
+ is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ passHostHeader:
+ description: PassHostHeader defines whether the client Host header
+ is forwarded to the upstream Kubernetes Service. By default,
+ passHostHeader is true.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service. This
+ can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards the
+ response from the upstream Kubernetes Service to the client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval, in milliseconds,
+ in between flushes to the client while copying the response
+ body. A negative value means to flush immediately after
+ each write to the client. This configuration is ignored
+ when ReverseProxy recognizes a response as a streaming response;
+ for such responses, writes are flushed to the client immediately.
+ Default: 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https when
+ Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport between
+ Traefik and your servers. Can only be used on a Kubernetes Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie can be
+ accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy. More
+ info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can only
+ be transmitted over an encrypted connection (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy between
+ the servers. RoundRobin is the only supported value at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only be specified
+ when Name references a TraefikService object (and to be precise,
+ one that embeds a Weighted Round Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ weighted:
+ description: Weighted defines the Weighted Round Robin configuration.
+ properties:
+ services:
+ description: Services defines the list of Kubernetes Service and/or
+ TraefikService to load-balance, with weight.
+ items:
+ description: Service defines an upstream HTTP service to proxy
+ traffic to.
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval, in
+ milliseconds, in between flushes to the client while
+ copying the response body. A negative value means
+ to flush immediately after each write to the client.
+ This configuration is ignored when ReverseProxy recognizes
+ a response as a streaming response; for such responses,
+ writes are flushed to the client immediately. Default:
+ 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.9/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ type: array
+ sticky:
+ description: 'Sticky defines whether sticky sessions are enabled.
+ More info: https://doc.traefik.io/traefik/v2.9/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie can be
+ accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy. More
+ info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can only
+ be transmitted over an encrypted connection (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.io_ingressroutes.yaml b/enterprise/traefik/21.1.9/crds/traefik.io_ingressroutes.yaml
new file mode 100644
index 00000000000..89aaee75952
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.io_ingressroutes.yaml
@@ -0,0 +1,275 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: ingressroutes.traefik.io
+spec:
+ group: traefik.io
+ names:
+ kind: IngressRoute
+ listKind: IngressRouteList
+ plural: ingressroutes
+ singular: ingressroute
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IngressRouteSpec defines the desired state of IngressRoute.
+ properties:
+ entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+ Default: all.'
+ items:
+ type: string
+ type: array
+ routes:
+ description: Routes defines the list of routes.
+ items:
+ description: Route holds the HTTP route configuration.
+ properties:
+ kind:
+ description: Kind defines the kind of the route. Rule is the
+ only supported kind.
+ enum:
+ - Rule
+ type: string
+ match:
+ description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
+ type: string
+ middlewares:
+ description: 'Middlewares defines the list of references to
+ Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
+ items:
+ description: MiddlewareRef is a reference to a Middleware
+ resource.
+ properties:
+ name:
+ description: Name defines the name of the referenced Middleware
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Middleware resource.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ priority:
+ description: 'Priority defines the router''s priority. More
+ info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
+ type: integer
+ services:
+ description: Services defines the list of Service. It can contain
+ any combination of TraefikService and/or reference to a Kubernetes
+ Service.
+ items:
+ description: Service defines an upstream HTTP service to proxy
+ traffic to.
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ nativeLB:
+ description: NativeLB controls, when creating the load-balancer,
+ whether the LB's children are directly the pods IPs
+ or if the only child is the Kubernetes Service clusterIP.
+ The Kubernetes Service itself does load-balance to the
+ pods. By default, NativeLB is false.
+ type: boolean
+ passHostHeader:
+ description: PassHostHeader defines whether the client
+ Host header is forwarded to the upstream Kubernetes
+ Service. By default, passHostHeader is true.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to
+ the client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval,
+ in milliseconds, in between flushes to the client
+ while copying the response body. A negative value
+ means to flush immediately after each write to the
+ client. This configuration is ignored when ReverseProxy
+ recognizes a response as a streaming response; for
+ such responses, writes are flushed to the client
+ immediately. Default: 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the
+ request to the upstream Kubernetes Service. It defaults
+ to https when Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as
+ JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie
+ can only be transmitted over an encrypted connection
+ (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only
+ be specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round
+ Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ type: array
+ required:
+ - kind
+ - match
+ type: object
+ type: array
+ tls:
+ description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
+ properties:
+ certResolver:
+ description: 'CertResolver defines the name of the certificate
+ resolver to use. Cert resolvers have to be configured in the
+ static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+ type: string
+ domains:
+ description: 'Domains defines the list of domains that will be
+ used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+ items:
+ description: Domain holds a domain name with SANs.
+ properties:
+ main:
+ description: Main defines the main domain name.
+ type: string
+ sans:
+ description: SANs defines the subject alternative domain
+ names.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ options:
+ description: 'Options defines the reference to a TLSOption, that
+ specifies the parameters of the TLS connection. If not defined,
+ the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+ properties:
+ name:
+ description: 'Name defines the name of the referenced TLSOption.
+ More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+ type: string
+ namespace:
+ description: 'Namespace defines the namespace of the referenced
+ TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+ type: string
+ required:
+ - name
+ type: object
+ secretName:
+ description: SecretName is the name of the referenced Kubernetes
+ Secret to specify the certificate details.
+ type: string
+ store:
+ description: Store defines the reference to the TLSStore, that
+ will be used to store certificates. Please note that only `default`
+ TLSStore can be used.
+ properties:
+ name:
+ description: 'Name defines the name of the referenced TLSStore.
+ More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+ type: string
+ namespace:
+ description: 'Namespace defines the namespace of the referenced
+ TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ required:
+ - routes
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.io_ingressroutetcps.yaml b/enterprise/traefik/21.1.9/crds/traefik.io_ingressroutetcps.yaml
new file mode 100644
index 00000000000..82f61ac24f1
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.io_ingressroutetcps.yaml
@@ -0,0 +1,218 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: ingressroutetcps.traefik.io
+spec:
+ group: traefik.io
+ names:
+ kind: IngressRouteTCP
+ listKind: IngressRouteTCPList
+ plural: ingressroutetcps
+ singular: ingressroutetcp
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
+ properties:
+ entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+ Default: all.'
+ items:
+ type: string
+ type: array
+ routes:
+ description: Routes defines the list of routes.
+ items:
+ description: RouteTCP holds the TCP route configuration.
+ properties:
+ match:
+ description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
+ type: string
+ middlewares:
+ description: Middlewares defines the list of references to MiddlewareTCP
+ resources.
+ items:
+ description: ObjectReference is a generic reference to a Traefik
+ resource.
+ properties:
+ name:
+ description: Name defines the name of the referenced Traefik
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ priority:
+ description: 'Priority defines the router''s priority. More
+ info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
+ type: integer
+ services:
+ description: Services defines the list of TCP services.
+ items:
+ description: ServiceTCP defines an upstream TCP service to
+ proxy traffic to.
+ properties:
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service.
+ type: string
+ nativeLB:
+ description: NativeLB controls, when creating the load-balancer,
+ whether the LB's children are directly the pods IPs
+ or if the only child is the Kubernetes Service clusterIP.
+ The Kubernetes Service itself does load-balance to the
+ pods. By default, NativeLB is false.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ proxyProtocol:
+ description: 'ProxyProtocol defines the PROXY protocol
+ configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
+ properties:
+ version:
+ description: Version defines the PROXY Protocol version
+ to use.
+ type: integer
+ type: object
+ terminationDelay:
+ description: TerminationDelay defines the deadline that
+ the proxy sets, after one of its connected peers indicates
+ it has closed the writing capability of its connection,
+ to close the reading capability as well, hence fully
+ terminating the connection. It is a duration in milliseconds,
+ defaulting to 100. A negative value means an infinite
+ deadline (i.e. the reading capability is never closed).
+ type: integer
+ weight:
+ description: Weight defines the weight used when balancing
+ requests between multiple Kubernetes Service.
+ type: integer
+ required:
+ - name
+ - port
+ type: object
+ type: array
+ required:
+ - match
+ type: object
+ type: array
+ tls:
+ description: 'TLS defines the TLS configuration on a layer 4 / TCP
+ Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
+ properties:
+ certResolver:
+ description: 'CertResolver defines the name of the certificate
+ resolver to use. Cert resolvers have to be configured in the
+ static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+ type: string
+ domains:
+ description: 'Domains defines the list of domains that will be
+ used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+ items:
+ description: Domain holds a domain name with SANs.
+ properties:
+ main:
+ description: Main defines the main domain name.
+ type: string
+ sans:
+ description: SANs defines the subject alternative domain
+ names.
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ options:
+ description: 'Options defines the reference to a TLSOption, that
+ specifies the parameters of the TLS connection. If not defined,
+ the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+ properties:
+ name:
+ description: Name defines the name of the referenced Traefik
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
+ type: string
+ required:
+ - name
+ type: object
+ passthrough:
+ description: Passthrough defines whether a TLS router will terminate
+ the TLS connection.
+ type: boolean
+ secretName:
+ description: SecretName is the name of the referenced Kubernetes
+ Secret to specify the certificate details.
+ type: string
+ store:
+ description: Store defines the reference to the TLSStore, that
+ will be used to store certificates. Please note that only `default`
+ TLSStore can be used.
+ properties:
+ name:
+ description: Name defines the name of the referenced Traefik
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Traefik resource.
+ type: string
+ required:
+ - name
+ type: object
+ type: object
+ required:
+ - routes
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.io_ingressrouteudps.yaml b/enterprise/traefik/21.1.9/crds/traefik.io_ingressrouteudps.yaml
new file mode 100644
index 00000000000..27c50185d08
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.io_ingressrouteudps.yaml
@@ -0,0 +1,105 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: ingressrouteudps.traefik.io
+spec:
+ group: traefik.io
+ names:
+ kind: IngressRouteUDP
+ listKind: IngressRouteUDPList
+ plural: ingressrouteudps
+ singular: ingressrouteudp
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
+ properties:
+ entryPoints:
+ description: 'EntryPoints defines the list of entry point names to
+ bind to. Entry points have to be configured in the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+ Default: all.'
+ items:
+ type: string
+ type: array
+ routes:
+ description: Routes defines the list of routes.
+ items:
+ description: RouteUDP holds the UDP route configuration.
+ properties:
+ services:
+ description: Services defines the list of UDP services.
+ items:
+ description: ServiceUDP defines an upstream UDP service to
+ proxy traffic to.
+ properties:
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service.
+ type: string
+ nativeLB:
+ description: NativeLB controls, when creating the load-balancer,
+ whether the LB's children are directly the pods IPs
+ or if the only child is the Kubernetes Service clusterIP.
+ The Kubernetes Service itself does load-balance to the
+ pods. By default, NativeLB is false.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ weight:
+ description: Weight defines the weight used when balancing
+ requests between multiple Kubernetes Service.
+ type: integer
+ required:
+ - name
+ - port
+ type: object
+ type: array
+ type: object
+ type: array
+ required:
+ - routes
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.io_middlewares.yaml b/enterprise/traefik/21.1.9/crds/traefik.io_middlewares.yaml
new file mode 100644
index 00000000000..5a4dc3640fa
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.io_middlewares.yaml
@@ -0,0 +1,924 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: middlewares.traefik.io
+spec:
+ group: traefik.io
+ names:
+ kind: Middleware
+ listKind: MiddlewareList
+ plural: middlewares
+ singular: middleware
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'Middleware is the CRD implementation of a Traefik Middleware.
+ More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MiddlewareSpec defines the desired state of a Middleware.
+ properties:
+ addPrefix:
+ description: 'AddPrefix holds the add prefix middleware configuration.
+ This middleware updates the path of a request before forwarding
+ it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
+ properties:
+ prefix:
+ description: Prefix is the string to add before the current path
+ in the requested URL. It should include a leading slash (/).
+ type: string
+ type: object
+ basicAuth:
+ description: 'BasicAuth holds the basic auth middleware configuration.
+ This middleware restricts access to your services to known users.
+ More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
+ properties:
+ headerField:
+ description: 'HeaderField defines a header field to store the
+ authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+ type: string
+ realm:
+ description: 'Realm allows the protected resources on a server
+ to be partitioned into a set of protection spaces, each with
+ its own authentication scheme. Default: traefik.'
+ type: string
+ removeHeader:
+ description: 'RemoveHeader sets the removeHeader option to true
+ to remove the authorization header before forwarding the request
+ to your service. Default: false.'
+ type: boolean
+ secret:
+ description: Secret is the name of the referenced Kubernetes Secret
+ containing user credentials.
+ type: string
+ type: object
+ buffering:
+ description: 'Buffering holds the buffering middleware configuration.
+ This middleware retries or limits the size of requests that can
+ be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
+ properties:
+ maxRequestBodyBytes:
+ description: 'MaxRequestBodyBytes defines the maximum allowed
+ body size for the request (in bytes). If the request exceeds
+ the allowed size, it is not forwarded to the service, and the
+ client gets a 413 (Request Entity Too Large) response. Default:
+ 0 (no maximum).'
+ format: int64
+ type: integer
+ maxResponseBodyBytes:
+ description: 'MaxResponseBodyBytes defines the maximum allowed
+ response size from the service (in bytes). If the response exceeds
+ the allowed size, it is not forwarded to the client. The client
+ gets a 500 (Internal Server Error) response instead. Default:
+ 0 (no maximum).'
+ format: int64
+ type: integer
+ memRequestBodyBytes:
+ description: 'MemRequestBodyBytes defines the threshold (in bytes)
+ from which the request will be buffered on disk instead of in
+ memory. Default: 1048576 (1Mi).'
+ format: int64
+ type: integer
+ memResponseBodyBytes:
+ description: 'MemResponseBodyBytes defines the threshold (in bytes)
+ from which the response will be buffered on disk instead of
+ in memory. Default: 1048576 (1Mi).'
+ format: int64
+ type: integer
+ retryExpression:
+ description: 'RetryExpression defines the retry conditions. It
+ is a logical combination of functions with operators AND (&&)
+ and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
+ type: string
+ type: object
+ chain:
+ description: 'Chain holds the configuration of the chain middleware.
+ This middleware enables to define reusable combinations of other
+ pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
+ properties:
+ middlewares:
+ description: Middlewares is the list of MiddlewareRef which composes
+ the chain.
+ items:
+ description: MiddlewareRef is a reference to a Middleware resource.
+ properties:
+ name:
+ description: Name defines the name of the referenced Middleware
+ resource.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Middleware resource.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ type: object
+ circuitBreaker:
+ description: CircuitBreaker holds the circuit breaker configuration.
+ properties:
+ checkPeriod:
+ anyOf:
+ - type: integer
+ - type: string
+ description: CheckPeriod is the interval between successive checks
+ of the circuit breaker condition (when in standby state).
+ x-kubernetes-int-or-string: true
+ expression:
+ description: Expression is the condition that triggers the tripped
+ state.
+ type: string
+ fallbackDuration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: FallbackDuration is the duration for which the circuit
+ breaker will wait before trying to recover (from a tripped state).
+ x-kubernetes-int-or-string: true
+ recoveryDuration:
+ anyOf:
+ - type: integer
+ - type: string
+ description: RecoveryDuration is the duration for which the circuit
+ breaker will try to recover (as soon as it is in recovering
+ state).
+ x-kubernetes-int-or-string: true
+ type: object
+ compress:
+ description: 'Compress holds the compress middleware configuration.
+ This middleware compresses responses before sending them to the
+ client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
+ properties:
+ excludedContentTypes:
+ description: ExcludedContentTypes defines the list of content
+ types to compare the Content-Type header of the incoming requests
+ and responses before compressing.
+ items:
+ type: string
+ type: array
+ minResponseBodyBytes:
+ description: 'MinResponseBodyBytes defines the minimum amount
+ of bytes a response body must have to be compressed. Default:
+ 1024.'
+ type: integer
+ type: object
+ contentType:
+ description: ContentType holds the content-type middleware configuration.
+ This middleware exists to enable the correct behavior until at least
+ the default one can be changed in a future version.
+ properties:
+ autoDetect:
+ description: AutoDetect specifies whether to let the `Content-Type`
+ header, if it has not been set by the backend, be automatically
+ set to a value derived from the contents of the response. As
+ a proxy, the default behavior should be to leave the header
+ alone, regardless of what the backend did with it. However,
+ the historic default was to always auto-detect and set the header
+ if it was nil, and it is going to be kept that way in order
+ to support users currently relying on it.
+ type: boolean
+ type: object
+ digestAuth:
+ description: 'DigestAuth holds the digest auth middleware configuration.
+ This middleware restricts access to your services to known users.
+ More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
+ properties:
+ headerField:
+ description: 'HeaderField defines a header field to store the
+ authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+ type: string
+ realm:
+ description: 'Realm allows the protected resources on a server
+ to be partitioned into a set of protection spaces, each with
+ its own authentication scheme. Default: traefik.'
+ type: string
+ removeHeader:
+ description: RemoveHeader defines whether to remove the authorization
+ header before forwarding the request to the backend.
+ type: boolean
+ secret:
+ description: Secret is the name of the referenced Kubernetes Secret
+ containing user credentials.
+ type: string
+ type: object
+ errors:
+ description: 'ErrorPage holds the custom error middleware configuration.
+ This middleware returns a custom page in lieu of the default, according
+ to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
+ properties:
+ query:
+ description: Query defines the URL for the error page (hosted
+ by service). The {status} variable can be used in order to insert
+ the status code in the URL.
+ type: string
+ service:
+ description: 'Service defines the reference to a Kubernetes Service
+ that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between the
+ two is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ nativeLB:
+ description: NativeLB controls, when creating the load-balancer,
+ whether the LB's children are directly the pods IPs or if
+ the only child is the Kubernetes Service clusterIP. The
+ Kubernetes Service itself does load-balance to the pods.
+ By default, NativeLB is false.
+ type: boolean
+ passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval, in milliseconds,
+ in between flushes to the client while copying the response
+ body. A negative value means to flush immediately after
+ each write to the client. This configuration is ignored
+ when ReverseProxy recognizes a response as a streaming
+ response; for such responses, writes are flushed to
+ the client immediately. Default: 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport between
+ Traefik and your servers. Can only be used on a Kubernetes
+ Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie can
+ be accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported value
+ at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object (and
+ to be precise, one that embeds a Weighted Round Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ status:
+ description: Status defines which status or range of statuses
+ should result in an error page. It can be either a status code
+ as a number (500), as multiple comma-separated numbers (500,502),
+ as ranges by separating two codes with a dash (500-599), or
+ a combination of the two (404,418,500-599).
+ items:
+ type: string
+ type: array
+ type: object
+ forwardAuth:
+ description: 'ForwardAuth holds the forward auth middleware configuration.
+ This middleware delegates the request authentication to a Service.
+ More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
+ properties:
+ address:
+ description: Address defines the authentication server address.
+ type: string
+ authRequestHeaders:
+ description: AuthRequestHeaders defines the list of the headers
+ to copy from the request to the authentication server. If not
+ set or empty then all request headers are passed.
+ items:
+ type: string
+ type: array
+ authResponseHeaders:
+ description: AuthResponseHeaders defines the list of headers to
+ copy from the authentication server response and set on forwarded
+ request, replacing any existing conflicting headers.
+ items:
+ type: string
+ type: array
+ authResponseHeadersRegex:
+ description: 'AuthResponseHeadersRegex defines the regex to match
+ headers to copy from the authentication server response and
+ set on forwarded request, after stripping all headers that match
+ the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
+ type: string
+ tls:
+ description: TLS defines the configuration used to secure the
+ connection to the authentication server.
+ properties:
+ caOptional:
+ type: boolean
+ caSecret:
+ description: CASecret is the name of the referenced Kubernetes
+ Secret containing the CA to validate the server certificate.
+ The CA certificate is extracted from key `tls.ca` or `ca.crt`.
+ type: string
+ certSecret:
+ description: CertSecret is the name of the referenced Kubernetes
+ Secret containing the client certificate. The client certificate
+ is extracted from the keys `tls.crt` and `tls.key`.
+ type: string
+ insecureSkipVerify:
+ description: InsecureSkipVerify defines whether the server
+ certificates should be validated.
+ type: boolean
+ type: object
+ trustForwardHeader:
+ description: 'TrustForwardHeader defines whether to trust (ie:
+ forward) all X-Forwarded-* headers.'
+ type: boolean
+ type: object
+ headers:
+ description: 'Headers holds the headers middleware configuration.
+ This middleware manages the requests and responses headers. More
+ info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
+ properties:
+ accessControlAllowCredentials:
+ description: AccessControlAllowCredentials defines whether the
+ request can include user credentials.
+ type: boolean
+ accessControlAllowHeaders:
+ description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
+ values sent in preflight response.
+ items:
+ type: string
+ type: array
+ accessControlAllowMethods:
+ description: AccessControlAllowMethods defines the Access-Control-Request-Method
+ values sent in preflight response.
+ items:
+ type: string
+ type: array
+ accessControlAllowOriginList:
+ description: AccessControlAllowOriginList is a list of allowable
+ origins. Can also be a wildcard origin "*".
+ items:
+ type: string
+ type: array
+ accessControlAllowOriginListRegex:
+ description: AccessControlAllowOriginListRegex is a list of allowable
+ origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
+ items:
+ type: string
+ type: array
+ accessControlExposeHeaders:
+ description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
+ values sent in preflight response.
+ items:
+ type: string
+ type: array
+ accessControlMaxAge:
+ description: AccessControlMaxAge defines the time that a preflight
+ request may be cached.
+ format: int64
+ type: integer
+ addVaryHeader:
+ description: AddVaryHeader defines whether the Vary header is
+ automatically added/updated when the AccessControlAllowOriginList
+ is set.
+ type: boolean
+ allowedHosts:
+ description: AllowedHosts defines the fully qualified list of
+ allowed domain names.
+ items:
+ type: string
+ type: array
+ browserXssFilter:
+ description: BrowserXSSFilter defines whether to add the X-XSS-Protection
+ header with the value 1; mode=block.
+ type: boolean
+ contentSecurityPolicy:
+ description: ContentSecurityPolicy defines the Content-Security-Policy
+ header value.
+ type: string
+ contentTypeNosniff:
+ description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
+ header with the nosniff value.
+ type: boolean
+ customBrowserXSSValue:
+ description: CustomBrowserXSSValue defines the X-XSS-Protection
+ header value. This overrides the BrowserXssFilter option.
+ type: string
+ customFrameOptionsValue:
+ description: CustomFrameOptionsValue defines the X-Frame-Options
+ header value. This overrides the FrameDeny option.
+ type: string
+ customRequestHeaders:
+ additionalProperties:
+ type: string
+ description: CustomRequestHeaders defines the header names and
+ values to apply to the request.
+ type: object
+ customResponseHeaders:
+ additionalProperties:
+ type: string
+ description: CustomResponseHeaders defines the header names and
+ values to apply to the response.
+ type: object
+ featurePolicy:
+ description: 'Deprecated: use PermissionsPolicy instead.'
+ type: string
+ forceSTSHeader:
+ description: ForceSTSHeader defines whether to add the STS header
+ even when the connection is HTTP.
+ type: boolean
+ frameDeny:
+ description: FrameDeny defines whether to add the X-Frame-Options
+ header with the DENY value.
+ type: boolean
+ hostsProxyHeaders:
+ description: HostsProxyHeaders defines the header keys that may
+ hold a proxied hostname value for the request.
+ items:
+ type: string
+ type: array
+ isDevelopment:
+ description: IsDevelopment defines whether to mitigate the unwanted
+ effects of the AllowedHosts, SSL, and STS options when developing.
+ Usually testing takes place using HTTP, not HTTPS, and on localhost,
+ not your production domain. If you would like your development
+ environment to mimic production with complete Host blocking,
+ SSL redirects, and STS headers, leave this as false.
+ type: boolean
+ permissionsPolicy:
+ description: PermissionsPolicy defines the Permissions-Policy
+ header value. This allows sites to control browser features.
+ type: string
+ publicKey:
+ description: PublicKey is the public key that implements HPKP
+ to prevent MITM attacks with forged certificates.
+ type: string
+ referrerPolicy:
+ description: ReferrerPolicy defines the Referrer-Policy header
+ value. This allows sites to control whether browsers forward
+ the Referer header to other sites.
+ type: string
+ sslForceHost:
+ description: 'Deprecated: use RedirectRegex instead.'
+ type: boolean
+ sslHost:
+ description: 'Deprecated: use RedirectRegex instead.'
+ type: string
+ sslProxyHeaders:
+ additionalProperties:
+ type: string
+ description: 'SSLProxyHeaders defines the header keys with associated
+ values that would indicate a valid HTTPS request. It can be
+ useful when using other proxies (example: "X-Forwarded-Proto":
+ "https").'
+ type: object
+ sslRedirect:
+ description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+ instead.'
+ type: boolean
+ sslTemporaryRedirect:
+ description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+ instead.'
+ type: boolean
+ stsIncludeSubdomains:
+ description: STSIncludeSubdomains defines whether the includeSubDomains
+ directive is appended to the Strict-Transport-Security header.
+ type: boolean
+ stsPreload:
+ description: STSPreload defines whether the preload flag is appended
+ to the Strict-Transport-Security header.
+ type: boolean
+ stsSeconds:
+ description: STSSeconds defines the max-age of the Strict-Transport-Security
+ header. If set to 0, the header is not set.
+ format: int64
+ type: integer
+ type: object
+ inFlightReq:
+ description: 'InFlightReq holds the in-flight request middleware configuration.
+ This middleware limits the number of requests being processed and
+ served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
+ properties:
+ amount:
+ description: Amount defines the maximum amount of allowed simultaneous
+ in-flight request. The middleware responds with HTTP 429 Too
+ Many Requests if there are already amount requests in progress
+ (based on the same sourceCriterion strategy).
+ format: int64
+ type: integer
+ sourceCriterion:
+ description: 'SourceCriterion defines what criterion is used to
+ group requests as originating from a common source. If several
+ strategies are defined at the same time, an error will be raised.
+ If none are set, the default is to use the requestHost. More
+ info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
+ properties:
+ ipStrategy:
+ description: 'IPStrategy holds the IP strategy configuration
+ used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+ properties:
+ depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position
+ (starting from the right).
+ type: integer
+ excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the
+ X-Forwarded-For header and select the first IP not in
+ the list.
+ items:
+ type: string
+ type: array
+ type: object
+ requestHeaderName:
+ description: RequestHeaderName defines the name of the header
+ used to group incoming requests.
+ type: string
+ requestHost:
+ description: RequestHost defines whether to consider the request
+ Host as the source.
+ type: boolean
+ type: object
+ type: object
+ ipWhiteList:
+ description: 'IPWhiteList holds the IP whitelist middleware configuration.
+ This middleware accepts / refuses requests based on the client IP.
+ More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
+ properties:
+ ipStrategy:
+ description: 'IPStrategy holds the IP strategy configuration used
+ by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+ properties:
+ depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position (starting
+ from the right).
+ type: integer
+ excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+ header and select the first IP not in the list.
+ items:
+ type: string
+ type: array
+ type: object
+ sourceRange:
+ description: SourceRange defines the set of allowed IPs (or ranges
+ of allowed IPs by using CIDR notation).
+ items:
+ type: string
+ type: array
+ type: object
+ passTLSClientCert:
+ description: 'PassTLSClientCert holds the pass TLS client cert middleware
+ configuration. This middleware adds the selected data from the passed
+ client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
+ properties:
+ info:
+ description: Info selects the specific client certificate details
+ you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
+ properties:
+ issuer:
+ description: Issuer defines the client certificate issuer
+ details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+ properties:
+ commonName:
+ description: CommonName defines whether to add the organizationalUnit
+ information into the issuer.
+ type: boolean
+ country:
+ description: Country defines whether to add the country
+ information into the issuer.
+ type: boolean
+ domainComponent:
+ description: DomainComponent defines whether to add the
+ domainComponent information into the issuer.
+ type: boolean
+ locality:
+ description: Locality defines whether to add the locality
+ information into the issuer.
+ type: boolean
+ organization:
+ description: Organization defines whether to add the organization
+ information into the issuer.
+ type: boolean
+ province:
+ description: Province defines whether to add the province
+ information into the issuer.
+ type: boolean
+ serialNumber:
+ description: SerialNumber defines whether to add the serialNumber
+ information into the issuer.
+ type: boolean
+ type: object
+ notAfter:
+ description: NotAfter defines whether to add the Not After
+ information from the Validity part.
+ type: boolean
+ notBefore:
+ description: NotBefore defines whether to add the Not Before
+ information from the Validity part.
+ type: boolean
+ sans:
+ description: Sans defines whether to add the Subject Alternative
+ Name information from the Subject Alternative Name part.
+ type: boolean
+ serialNumber:
+ description: SerialNumber defines whether to add the client
+ serialNumber information.
+ type: boolean
+ subject:
+ description: Subject defines the client certificate subject
+ details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+ properties:
+ commonName:
+ description: CommonName defines whether to add the organizationalUnit
+ information into the subject.
+ type: boolean
+ country:
+ description: Country defines whether to add the country
+ information into the subject.
+ type: boolean
+ domainComponent:
+ description: DomainComponent defines whether to add the
+ domainComponent information into the subject.
+ type: boolean
+ locality:
+ description: Locality defines whether to add the locality
+ information into the subject.
+ type: boolean
+ organization:
+ description: Organization defines whether to add the organization
+ information into the subject.
+ type: boolean
+ organizationalUnit:
+ description: OrganizationalUnit defines whether to add
+ the organizationalUnit information into the subject.
+ type: boolean
+ province:
+ description: Province defines whether to add the province
+ information into the subject.
+ type: boolean
+ serialNumber:
+ description: SerialNumber defines whether to add the serialNumber
+ information into the subject.
+ type: boolean
+ type: object
+ type: object
+ pem:
+ description: PEM sets the X-Forwarded-Tls-Client-Cert header with
+ the certificate.
+ type: boolean
+ type: object
+ plugin:
+ additionalProperties:
+ x-kubernetes-preserve-unknown-fields: true
+ description: 'Plugin defines the middleware plugin configuration.
+ More info: https://doc.traefik.io/traefik/plugins/'
+ type: object
+ rateLimit:
+ description: 'RateLimit holds the rate limit configuration. This middleware
+ ensures that services will receive a fair amount of requests, and
+ allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
+ properties:
+ average:
+ description: Average is the maximum rate, by default in requests/s,
+ allowed for the given source. It defaults to 0, which means
+ no rate limiting. The rate is actually defined by dividing Average
+ by Period. So for a rate below 1req/s, one needs to define a
+ Period larger than a second.
+ format: int64
+ type: integer
+ burst:
+ description: Burst is the maximum number of requests allowed to
+ arrive in the same arbitrarily small period of time. It defaults
+ to 1.
+ format: int64
+ type: integer
+ period:
+ anyOf:
+ - type: integer
+ - type: string
+ description: 'Period, in combination with Average, defines the
+ actual maximum rate, such as: r = Average / Period. It defaults
+ to a second.'
+ x-kubernetes-int-or-string: true
+ sourceCriterion:
+ description: SourceCriterion defines what criterion is used to
+ group requests as originating from a common source. If several
+ strategies are defined at the same time, an error will be raised.
+ If none are set, the default is to use the request's remote
+ address field (as an ipStrategy).
+ properties:
+ ipStrategy:
+ description: 'IPStrategy holds the IP strategy configuration
+ used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+ properties:
+ depth:
+ description: Depth tells Traefik to use the X-Forwarded-For
+ header and take the IP located at the depth position
+ (starting from the right).
+ type: integer
+ excludedIPs:
+ description: ExcludedIPs configures Traefik to scan the
+ X-Forwarded-For header and select the first IP not in
+ the list.
+ items:
+ type: string
+ type: array
+ type: object
+ requestHeaderName:
+ description: RequestHeaderName defines the name of the header
+ used to group incoming requests.
+ type: string
+ requestHost:
+ description: RequestHost defines whether to consider the request
+ Host as the source.
+ type: boolean
+ type: object
+ type: object
+ redirectRegex:
+ description: 'RedirectRegex holds the redirect regex middleware configuration.
+ This middleware redirects a request using regex matching and replacement.
+ More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
+ properties:
+ permanent:
+ description: Permanent defines whether the redirection is permanent
+ (301).
+ type: boolean
+ regex:
+ description: Regex defines the regex used to match and capture
+ elements from the request URL.
+ type: string
+ replacement:
+ description: Replacement defines how to modify the URL to have
+ the new target URL.
+ type: string
+ type: object
+ redirectScheme:
+ description: 'RedirectScheme holds the redirect scheme middleware
+ configuration. This middleware redirects requests from a scheme/port
+ to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
+ properties:
+ permanent:
+ description: Permanent defines whether the redirection is permanent
+ (301).
+ type: boolean
+ port:
+ description: Port defines the port of the new URL.
+ type: string
+ scheme:
+ description: Scheme defines the scheme of the new URL.
+ type: string
+ type: object
+ replacePath:
+ description: 'ReplacePath holds the replace path middleware configuration.
+ This middleware replaces the path of the request URL and store the
+ original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
+ properties:
+ path:
+ description: Path defines the path to use as replacement in the
+ request URL.
+ type: string
+ type: object
+ replacePathRegex:
+ description: 'ReplacePathRegex holds the replace path regex middleware
+ configuration. This middleware replaces the path of a URL using
+ regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
+ properties:
+ regex:
+ description: Regex defines the regular expression used to match
+ and capture the path from the request URL.
+ type: string
+ replacement:
+ description: Replacement defines the replacement path format,
+ which can include captured variables.
+ type: string
+ type: object
+ retry:
+ description: 'Retry holds the retry middleware configuration. This
+ middleware reissues requests a given number of times to a backend
+ server if that server does not reply. As soon as the server answers,
+ the middleware stops retrying, regardless of the response status.
+ More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
+ properties:
+ attempts:
+ description: Attempts defines how many times the request should
+ be retried.
+ type: integer
+ initialInterval:
+ anyOf:
+ - type: integer
+ - type: string
+ description: InitialInterval defines the first wait time in the
+ exponential backoff series. The maximum interval is calculated
+ as twice the initialInterval. If unspecified, requests will
+ be retried immediately. The value of initialInterval should
+ be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+ x-kubernetes-int-or-string: true
+ type: object
+ stripPrefix:
+ description: 'StripPrefix holds the strip prefix middleware configuration.
+ This middleware removes the specified prefixes from the URL path.
+ More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
+ properties:
+ forceSlash:
+ description: 'ForceSlash ensures that the resulting stripped path
+ is not the empty string, by replacing it with / when necessary.
+ Default: true.'
+ type: boolean
+ prefixes:
+ description: Prefixes defines the prefixes to strip from the request
+ URL.
+ items:
+ type: string
+ type: array
+ type: object
+ stripPrefixRegex:
+ description: 'StripPrefixRegex holds the strip prefix regex middleware
+ configuration. This middleware removes the matching prefixes from
+ the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
+ properties:
+ regex:
+ description: Regex defines the regular expression to match the
+ path prefix from the request URL.
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.io_middlewaretcps.yaml b/enterprise/traefik/21.1.9/crds/traefik.io_middlewaretcps.yaml
new file mode 100644
index 00000000000..8623568f5b3
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.io_middlewaretcps.yaml
@@ -0,0 +1,72 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: middlewaretcps.traefik.io
+spec:
+ group: traefik.io
+ names:
+ kind: MiddlewareTCP
+ listKind: MiddlewareTCPList
+ plural: middlewaretcps
+ singular: middlewaretcp
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+ More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
+ properties:
+ inFlightConn:
+ description: InFlightConn defines the InFlightConn middleware configuration.
+ properties:
+ amount:
+ description: Amount defines the maximum amount of allowed simultaneous
+ connections. The middleware closes the connection if there are
+ already amount connections opened.
+ format: int64
+ type: integer
+ type: object
+ ipWhiteList:
+ description: IPWhiteList defines the IPWhiteList middleware configuration.
+ properties:
+ sourceRange:
+ description: SourceRange defines the allowed IPs (or ranges of
+ allowed IPs by using CIDR notation).
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.io_serverstransports.yaml b/enterprise/traefik/21.1.9/crds/traefik.io_serverstransports.yaml
new file mode 100644
index 00000000000..803b56395a4
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.io_serverstransports.yaml
@@ -0,0 +1,128 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: serverstransports.traefik.io
+spec:
+ group: traefik.io
+ names:
+ kind: ServersTransport
+ listKind: ServersTransportList
+ plural: serverstransports
+ singular: serverstransport
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'ServersTransport is the CRD implementation of a ServersTransport.
+ If no serversTransport is specified, the default@internal will be used.
+ The default@internal serversTransport is created from the static configuration.
+ More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ServersTransportSpec defines the desired state of a ServersTransport.
+ properties:
+ certificatesSecrets:
+ description: CertificatesSecrets defines a list of secret storing
+ client certificates for mTLS.
+ items:
+ type: string
+ type: array
+ disableHTTP2:
+ description: DisableHTTP2 disables HTTP/2 for connections with backend
+ servers.
+ type: boolean
+ forwardingTimeouts:
+ description: ForwardingTimeouts defines the timeouts for requests
+ forwarded to the backend servers.
+ properties:
+ dialTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: DialTimeout is the amount of time to wait until a
+ connection to a backend server can be established.
+ x-kubernetes-int-or-string: true
+ idleConnTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: IdleConnTimeout is the maximum period for which an
+ idle HTTP keep-alive connection will remain open before closing
+ itself.
+ x-kubernetes-int-or-string: true
+ pingTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: PingTimeout is the timeout after which the HTTP/2
+ connection will be closed if a response to ping is not received.
+ x-kubernetes-int-or-string: true
+ readIdleTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: ReadIdleTimeout is the timeout after which a health
+ check using ping frame will be carried out if no frame is received
+ on the HTTP/2 connection.
+ x-kubernetes-int-or-string: true
+ responseHeaderTimeout:
+ anyOf:
+ - type: integer
+ - type: string
+ description: ResponseHeaderTimeout is the amount of time to wait
+ for a server's response headers after fully writing the request
+ (including its body, if any).
+ x-kubernetes-int-or-string: true
+ type: object
+ insecureSkipVerify:
+ description: InsecureSkipVerify disables SSL certificate verification.
+ type: boolean
+ maxIdleConnsPerHost:
+ description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
+ to keep per-host.
+ type: integer
+ peerCertURI:
+ description: PeerCertURI defines the peer cert URI used to match against
+ SAN URI during the peer certificate verification.
+ type: string
+ rootCAsSecrets:
+ description: RootCAsSecrets defines a list of CA secret used to validate
+ self-signed certificate.
+ items:
+ type: string
+ type: array
+ serverName:
+ description: ServerName defines the server name used to contact the
+ server.
+ type: string
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.io_tlsoptions.yaml b/enterprise/traefik/21.1.9/crds/traefik.io_tlsoptions.yaml
new file mode 100644
index 00000000000..b86fefe0e95
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.io_tlsoptions.yaml
@@ -0,0 +1,113 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: tlsoptions.traefik.io
+spec:
+ group: traefik.io
+ names:
+ kind: TLSOption
+ listKind: TLSOptionList
+ plural: tlsoptions
+ singular: tlsoption
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
+ allowing to configure some parameters of the TLS connection. More info:
+ https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TLSOptionSpec defines the desired state of a TLSOption.
+ properties:
+ alpnProtocols:
+ description: 'ALPNProtocols defines the list of supported application
+ level protocols for the TLS handshake, in order of preference. More
+ info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
+ items:
+ type: string
+ type: array
+ cipherSuites:
+ description: 'CipherSuites defines the list of supported cipher suites
+ for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
+ items:
+ type: string
+ type: array
+ clientAuth:
+ description: ClientAuth defines the server's policy for TLS Client
+ Authentication.
+ properties:
+ clientAuthType:
+ description: ClientAuthType defines the client authentication
+ type to apply.
+ enum:
+ - NoClientCert
+ - RequestClientCert
+ - RequireAnyClientCert
+ - VerifyClientCertIfGiven
+ - RequireAndVerifyClientCert
+ type: string
+ secretNames:
+ description: SecretNames defines the names of the referenced Kubernetes
+ Secret storing certificate details.
+ items:
+ type: string
+ type: array
+ type: object
+ curvePreferences:
+ description: 'CurvePreferences defines the preferred elliptic curves
+ in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
+ items:
+ type: string
+ type: array
+ maxVersion:
+ description: 'MaxVersion defines the maximum TLS version that Traefik
+ will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+ VersionTLS13. Default: None.'
+ type: string
+ minVersion:
+ description: 'MinVersion defines the minimum TLS version that Traefik
+ will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+ VersionTLS13. Default: VersionTLS10.'
+ type: string
+ preferServerCipherSuites:
+ description: 'PreferServerCipherSuites defines whether the server
+ chooses a cipher suite among his own instead of among the client''s.
+ It is enabled automatically when minVersion or maxVersion is set.
+ Deprecated: https://github.com/golang/go/issues/45430'
+ type: boolean
+ sniStrict:
+ description: SniStrict defines whether Traefik allows connections
+ from clients connections that do not specify a server_name extension.
+ type: boolean
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.io_tlsstores.yaml b/enterprise/traefik/21.1.9/crds/traefik.io_tlsstores.yaml
new file mode 100644
index 00000000000..47b46854c8b
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.io_tlsstores.yaml
@@ -0,0 +1,99 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: tlsstores.traefik.io
+spec:
+ group: traefik.io
+ names:
+ kind: TLSStore
+ listKind: TLSStoreList
+ plural: tlsstores
+ singular: tlsstore
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
+ the time being, only the TLSStore named default is supported. This means
+ that you cannot have two stores that are named default in different Kubernetes
+ namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TLSStoreSpec defines the desired state of a TLSStore.
+ properties:
+ certificates:
+ description: Certificates is a list of secret names, each secret holding
+ a key/certificate pair to add to the store.
+ items:
+ description: Certificate holds a secret name for the TLSStore resource.
+ properties:
+ secretName:
+ description: SecretName is the name of the referenced Kubernetes
+ Secret to specify the certificate details.
+ type: string
+ required:
+ - secretName
+ type: object
+ type: array
+ defaultCertificate:
+ description: DefaultCertificate defines the default certificate configuration.
+ properties:
+ secretName:
+ description: SecretName is the name of the referenced Kubernetes
+ Secret to specify the certificate details.
+ type: string
+ required:
+ - secretName
+ type: object
+ defaultGeneratedCert:
+ description: DefaultGeneratedCert defines the default generated certificate
+ configuration.
+ properties:
+ domain:
+ description: Domain is the domain definition for the DefaultCertificate.
+ properties:
+ main:
+ description: Main defines the main domain name.
+ type: string
+ sans:
+ description: SANs defines the subject alternative domain names.
+ items:
+ type: string
+ type: array
+ type: object
+ resolver:
+ description: Resolver is the name of the resolver that will be
+ used to issue the DefaultCertificate.
+ type: string
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/crds/traefik.io_traefikservices.yaml b/enterprise/traefik/21.1.9/crds/traefik.io_traefikservices.yaml
new file mode 100644
index 00000000000..0f3475bda46
--- /dev/null
+++ b/enterprise/traefik/21.1.9/crds/traefik.io_traefikservices.yaml
@@ -0,0 +1,402 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.6.2
+ creationTimestamp: null
+ name: traefikservices.traefik.io
+spec:
+ group: traefik.io
+ names:
+ kind: TraefikService
+ listKind: TraefikServiceList
+ plural: traefikservices
+ singular: traefikservice
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: 'TraefikService is the CRD implementation of a Traefik Service.
+ TraefikService object allows to: - Apply weight to Services on load-balancing
+ - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice'
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: TraefikServiceSpec defines the desired state of a TraefikService.
+ properties:
+ mirroring:
+ description: Mirroring defines the Mirroring service configuration.
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ maxBodySize:
+ description: MaxBodySize defines the maximum size allowed for
+ the body of the request. If the body is larger, the request
+ is not mirrored. Default value is -1, which means unlimited
+ size.
+ format: int64
+ type: integer
+ mirrors:
+ description: Mirrors defines the list of mirrors where Traefik
+ will duplicate the traffic.
+ items:
+ description: MirrorService holds the mirror configuration.
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ nativeLB:
+ description: NativeLB controls, when creating the load-balancer,
+ whether the LB's children are directly the pods IPs or
+ if the only child is the Kubernetes Service clusterIP.
+ The Kubernetes Service itself does load-balance to the
+ pods. By default, NativeLB is false.
+ type: boolean
+ passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
+ type: boolean
+ percent:
+ description: 'Percent defines the part of the traffic to
+ mirror. Supported values: 0 to 100.'
+ type: integer
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval, in
+ milliseconds, in between flushes to the client while
+ copying the response body. A negative value means
+ to flush immediately after each write to the client.
+ This configuration is ignored when ReverseProxy recognizes
+ a response as a streaming response; for such responses,
+ writes are flushed to the client immediately. Default:
+ 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ type: array
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between the two
+ is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ nativeLB:
+ description: NativeLB controls, when creating the load-balancer,
+ whether the LB's children are directly the pods IPs or if the
+ only child is the Kubernetes Service clusterIP. The Kubernetes
+ Service itself does load-balance to the pods. By default, NativeLB
+ is false.
+ type: boolean
+ passHostHeader:
+ description: PassHostHeader defines whether the client Host header
+ is forwarded to the upstream Kubernetes Service. By default,
+ passHostHeader is true.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service. This
+ can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards the
+ response from the upstream Kubernetes Service to the client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval, in milliseconds,
+ in between flushes to the client while copying the response
+ body. A negative value means to flush immediately after
+ each write to the client. This configuration is ignored
+ when ReverseProxy recognizes a response as a streaming response;
+ for such responses, writes are flushed to the client immediately.
+ Default: 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https when
+ Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport between
+ Traefik and your servers. Can only be used on a Kubernetes Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie can be
+ accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy. More
+ info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can only
+ be transmitted over an encrypted connection (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy between
+ the servers. RoundRobin is the only supported value at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only be specified
+ when Name references a TraefikService object (and to be precise,
+ one that embeds a Weighted Round Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ weighted:
+ description: Weighted defines the Weighted Round Robin configuration.
+ properties:
+ services:
+ description: Services defines the list of Kubernetes Service and/or
+ TraefikService to load-balance, with weight.
+ items:
+ description: Service defines an upstream HTTP service to proxy
+ traffic to.
+ properties:
+ kind:
+ description: Kind defines the kind of the Service.
+ enum:
+ - Service
+ - TraefikService
+ type: string
+ name:
+ description: Name defines the name of the referenced Kubernetes
+ Service or TraefikService. The differentiation between
+ the two is specified in the Kind field.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the referenced
+ Kubernetes Service or TraefikService.
+ type: string
+ nativeLB:
+ description: NativeLB controls, when creating the load-balancer,
+ whether the LB's children are directly the pods IPs or
+ if the only child is the Kubernetes Service clusterIP.
+ The Kubernetes Service itself does load-balance to the
+ pods. By default, NativeLB is false.
+ type: boolean
+ passHostHeader:
+ description: PassHostHeader defines whether the client Host
+ header is forwarded to the upstream Kubernetes Service.
+ By default, passHostHeader is true.
+ type: boolean
+ port:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Port defines the port of a Kubernetes Service.
+ This can be a reference to a named port.
+ x-kubernetes-int-or-string: true
+ responseForwarding:
+ description: ResponseForwarding defines how Traefik forwards
+ the response from the upstream Kubernetes Service to the
+ client.
+ properties:
+ flushInterval:
+ description: 'FlushInterval defines the interval, in
+ milliseconds, in between flushes to the client while
+ copying the response body. A negative value means
+ to flush immediately after each write to the client.
+ This configuration is ignored when ReverseProxy recognizes
+ a response as a streaming response; for such responses,
+ writes are flushed to the client immediately. Default:
+ 100ms'
+ type: string
+ type: object
+ scheme:
+ description: Scheme defines the scheme to use for the request
+ to the upstream Kubernetes Service. It defaults to https
+ when Kubernetes Service port is 443, http otherwise.
+ type: string
+ serversTransport:
+ description: ServersTransport defines the name of ServersTransport
+ resource to use. It allows to configure the transport
+ between Traefik and your servers. Can only be used on
+ a Kubernetes Service.
+ type: string
+ sticky:
+ description: 'Sticky defines the sticky sessions configuration.
+ More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie
+ can be accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy.
+ More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can
+ only be transmitted over an encrypted connection
+ (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ strategy:
+ description: Strategy defines the load balancing strategy
+ between the servers. RoundRobin is the only supported
+ value at the moment.
+ type: string
+ weight:
+ description: Weight defines the weight and should only be
+ specified when Name references a TraefikService object
+ (and to be precise, one that embeds a Weighted Round Robin).
+ type: integer
+ required:
+ - name
+ type: object
+ type: array
+ sticky:
+ description: 'Sticky defines whether sticky sessions are enabled.
+ More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+ properties:
+ cookie:
+ description: Cookie defines the sticky cookie configuration.
+ properties:
+ httpOnly:
+ description: HTTPOnly defines whether the cookie can be
+ accessed by client-side APIs, such as JavaScript.
+ type: boolean
+ name:
+ description: Name defines the Cookie name.
+ type: string
+ sameSite:
+ description: 'SameSite defines the same site policy. More
+ info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+ type: string
+ secure:
+ description: Secure defines whether the cookie can only
+ be transmitted over an encrypted connection (i.e. HTTPS).
+ type: boolean
+ type: object
+ type: object
+ type: object
+ type: object
+ required:
+ - metadata
+ - spec
+ type: object
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
diff --git a/enterprise/traefik/21.1.9/ix_values.yaml b/enterprise/traefik/21.1.9/ix_values.yaml
new file mode 100644
index 00000000000..b3f73ad87e1
--- /dev/null
+++ b/enterprise/traefik/21.1.9/ix_values.yaml
@@ -0,0 +1,434 @@
+image:
+ repository: tccr.io/truecharts/traefik
+ tag: v2.10.5@sha256:b277733b5b8d7f9d2761813d97e161c1f64ec77960f9c06adde13868efbc8dce
+ pullPolicy: IfNotPresent
+manifestManager:
+ enabled: true
+workload:
+ main:
+ replicas: 2
+ strategy: RollingUpdate
+ podSpec:
+ containers:
+ main:
+ args: []
+ probes:
+ # -- Liveness probe configuration
+ # @default -- See below
+ liveness:
+ # -- sets the probe type when not using a custom probe
+ # @default -- "TCP"
+ type: tcp
+ # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
+ # @default -- "/"
+ # path: "/ping"
+ # -- Readiness probe configuration
+ # @default -- See below
+ readiness:
+ # -- sets the probe type when not using a custom probe
+ # @default -- "TCP"
+ type: tcp
+ # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
+ # @default -- "/"
+ # path: "/ping"
+ # -- Startup probe configuration
+ # @default -- See below
+ startup:
+ # -- sets the probe type when not using a custom probe
+ # @default -- "TCP"
+ type: tcp
+ # -- If a HTTP probe is used (default for HTTP/HTTPS services) this path is used
+ # @default -- "/"
+ # path: "/ping"
+# -- Options for all pods
+# Can be overruled per pod
+podOptions:
+ automountServiceAccountToken: true
+operator:
+ register: true
+# -- Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
+ingressClass:
+ # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
+ enabled: false
+ isDefaultClass: false
+ # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
+ fallbackApiVersion: ""
+# -- Create an IngressRoute for the dashboard
+ingressRoute:
+ dashboard:
+ enabled: true
+ # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
+ annotations: {}
+ # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
+ labels: {}
+#
+# -- Configure providers
+providers:
+ kubernetesCRD:
+ enabled: true
+ namespaces: []
+ # - "default"
+ kubernetesIngress:
+ enabled: true
+ # labelSelector: environment=production,method=traefik
+ namespaces: []
+ # - "default"
+ # IP used for Kubernetes Ingress endpoints
+ publishedService:
+ enabled: true
+ # Published Kubernetes Service to copy status from. Format: namespace/servicename
+ # By default this Traefik service
+ # pathOverride: ""
+# -- Logs
+# https://docs.traefik.io/observability/logs/
+logs:
+ # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
+ general:
+ # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
+ level: ERROR
+ # -- Set the format of General Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/logs/#format
+ format: common
+ access:
+ # To enable access logs
+ enabled: false
+ # To write the logs in an asynchronous fashion, specify a bufferingSize option.
+ # This option represents the number of log lines Traefik will keep in memory before writing
+ # them to the selected output. In some cases, this option can greatly help performances.
+ # bufferingSize: 100
+ # Filtering https://docs.traefik.io/observability/access-logs/#filtering
+ filters: {}
+ # statuscodes: "200,300-302"
+ # retryattempts: true
+ # minduration: 10ms
+ # Fields
+ # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
+ fields:
+ general:
+ defaultmode: keep
+ names: {}
+ # Examples:
+ # ClientUsername: drop
+ headers:
+ defaultmode: drop
+ names: {}
+ # Examples:
+ # User-Agent: redact
+ # Authorization: drop
+ # Content-Type: keep
+ # -- Set the format of Access Logs to be either Common Log Format or JSON. For more information: https://doc.traefik.io/traefik/observability/access-logs/#format
+ format: common
+metrics:
+ main:
+ enabled: false
+ type: servicemonitor
+ endpoints:
+ - port: metrics
+ path: /metrics
+ targetSelector: metrics
+globalArguments:
+ - "--global.checknewversion"
+##
+# -- Additional arguments to be passed at Traefik's binary
+# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
+## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
+additionalArguments:
+ - "--serverstransport.insecureskipverify=true"
+ - "--providers.kubernetesingress.allowexternalnameservices=true"
+# -- TLS Options to be created as TLSOption CRDs
+# https://doc.traefik.io/tccr.io/truecharts/https/tls/#tls-options
+# Example:
+tlsOptions:
+ default:
+ sniStrict: false
+ minVersion: VersionTLS12
+ curvePreferences:
+ - CurveP521
+ - CurveP384
+ cipherSuites:
+ - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+ - TLS_AES_128_GCM_SHA256
+ - TLS_AES_256_GCM_SHA384
+ - TLS_CHACHA20_POLY1305_SHA256
+# -- Options for the main traefik service, where the entrypoints traffic comes from
+# from.
+service:
+ main:
+ type: LoadBalancer
+ ports:
+ main:
+ port: 9000
+ targetPort: 9000
+ protocol: http
+ # -- Forwarded Headers should never be enabled on Main entrypoint
+ forwardedHeaders:
+ enabled: false
+ # -- Proxy Protocol should never be enabled on Main entrypoint
+ proxyProtocol:
+ enabled: false
+ tcp:
+ enabled: true
+ type: LoadBalancer
+ ports:
+ web:
+ enabled: true
+ port: 9080
+ protocol: http
+ redirectTo: websecure
+ # Options: Empty, 0 (ingore), or positive int
+ # redirectPort:
+ # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
+ forwardedHeaders:
+ enabled: false
+ # -- List of trusted IP and CIDR references
+ trustedIPs: []
+ # -- Trust all forwarded headers
+ insecureMode: false
+ # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
+ proxyProtocol:
+ enabled: false
+ # -- Only IPs in trustedIPs will lead to remote client address replacement
+ trustedIPs: []
+ # -- Trust every incoming connection
+ insecureMode: false
+ websecure:
+ enabled: true
+ port: 9443
+ protocol: https
+ # -- Configure (Forwarded Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#forwarded-headers] Support
+ forwardedHeaders:
+ enabled: false
+ # -- List of trusted IP and CIDR references
+ trustedIPs: []
+ # -- Trust all forwarded headers
+ insecureMode: false
+ # -- Configure (Proxy Protocol Headers)[https://doc.traefik.io/traefik/routing/entrypoints/#proxyprotocol] Support
+ proxyProtocol:
+ enabled: false
+ # -- Only IPs in trustedIPs will lead to remote client address replacement
+ trustedIPs: []
+ # -- Trust every incoming connection
+ insecureMode: false
+ # tcpexample:
+ # enabled: true
+ # targetPort: 9443
+ # protocol: tcp
+ # tls:
+ # enabled: false
+ # # this is the name of a TLSOption definition
+ # options: ""
+ # certResolver: ""
+ # domains: []
+ # # - main: example.com
+ # # sans:
+ # # - foo.example.com
+ # # - bar.example.com
+ metrics:
+ enabled: true
+ type: ClusterIP
+ ports:
+ metrics:
+ enabled: true
+ port: 9180
+ targetPort: 9180
+ protocol: http
+ # -- Forwarded Headers should never be enabled on Metrics entrypoint
+ forwardedHeaders:
+ enabled: false
+ # -- Proxy Protocol should never be enabled on Metrics entrypoint
+ proxyProtocol:
+ enabled: false
+ # udp:
+ # enabled: false
+# -- Whether Role Based Access Control objects like roles and rolebindings should be created
+rbac:
+ main:
+ enabled: true
+ primary: true
+ clusterWide: true
+ rules:
+ - apiGroups:
+ - ""
+ resources:
+ - services
+ - endpoints
+ - secrets
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - extensions
+ - networking.k8s.io
+ resources:
+ - ingresses
+ - ingressclasses
+ verbs:
+ - get
+ - list
+ - watch
+ - apiGroups:
+ - extensions
+ - networking.k8s.io
+ resources:
+ - ingresses/status
+ verbs:
+ - update
+ - apiGroups:
+ - traefik.containo.us
+ - traefik.io
+ resources:
+ - middlewares
+ - middlewaretcps
+ - ingressroutes
+ - traefikservices
+ - ingressroutetcps
+ - ingressrouteudps
+ - tlsoptions
+ - tlsstores
+ - serverstransports
+ verbs:
+ - get
+ - list
+ - watch
+# -- The service account the pods will use to interact with the Kubernetes API
+serviceAccount:
+ main:
+ enabled: true
+ primary: true
+# -- SCALE Middleware Handlers
+middlewares:
+ basicAuth: []
+ # - name: basicauthexample
+ # users:
+ # - username: testuser
+ # password: testpassword
+ forwardAuth: []
+ # - name: forwardAuthexample
+ # address: https://auth.example.com/
+ # authResponseHeaders:
+ # - X-Secret
+ # - X-Auth-User
+ # authRequestHeaders:
+ # - "Accept"
+ # - "X-CustomHeader"
+ # authResponseHeadersRegex: "^X-"
+ # trustForwardHeader: true
+ customRequestHeaders: []
+ # - name: customRequestHeaderExample
+ # headers:
+ # - name: X-Custom-Header
+ # value: "foobar"
+ # - name: X-Header-To-Remove
+ # value: ""
+ customResponseHeaders: []
+ # - name: customResponseHeaderExample
+ # headers:
+ # - name: X-Custom-Header
+ # value: "foobar"
+ # - name: X-Header-To-Remove
+ # value: ""
+ rewriteResponseHeaders: []
+ # - name: rewriteResponseHeadersName
+ # headers:
+ # - name: "Location"
+ # regex: "^http://(.+)$"
+ # replacement: "https://$1"
+ # - name: "Date"
+ # regex: "^[^,]+,\\s*(.+)$"
+ # replacement: "$1"
+ customFrameOptionsValue: []
+ # - name: customFrameOptionsValueExample
+ # value: "SAMEORIGIN"
+ buffering: []
+ # - name: bufferingExample
+ # maxRequestBodyBytes: 1000000
+ # memRequestBodyBytes: 1000000
+ # maxResponseBodyBytes: 1000000
+ # memResponseBodyBytes: 1000000
+ # retryExpression: "IsNetworkError() && Attempts() < 2"
+ chain: []
+ # - name: chainname
+ # middlewares:
+ # - name: compress
+ redirectScheme: []
+ # - name: redirectSchemeName
+ # scheme: https
+ # permanent: true
+ rateLimit: []
+ # - name: rateLimitName
+ # average: 300
+ # burst: 200
+ redirectRegex: []
+ # - name: redirectRegexName
+ # regex: putregexhere
+ # replacement: replacementurlhere
+ # permanent: false
+ stripPrefixRegex: []
+ # - name: stripPrefixRegexName
+ # regex: []
+ ipWhiteList: []
+ # - name: ipWhiteListName
+ # sourceRange: []
+ # ipStrategy:
+ # depth: 2
+ # excludedIPs: []
+ themePark: []
+ # - name: themeParkName
+ # -- Supported apps, lower case name
+ # -- https://docs.theme-park.dev/themes
+ # app: appnamehere
+ # -- Supported themes, lower case name
+ # -- https://docs.theme-park.dev/themes/APPNAMEHERE
+ # -- https://docs.theme-park.dev/community-themes
+ # theme: themenamehere
+ # -- https://theme-park.dev or a self hosted url
+ # baseUrl: https://theme-park.dev
+ # Sets X-Real-Ip with an IP from the X-Forwarded-For or
+ # Cf-Connecting-Ip (If from Cloudflare)
+ # Evaluation of those headers will go from last to first
+ realIP: []
+ # - name: realIPName
+ # -- The real IP will be the first one that is
+ # -- not included in any of the CIDRs passed here
+ # excludedNetworks:
+ # - 1.1.1.1/24
+ addPrefix: []
+ # - name: addPrefixName
+ # prefix: "/foo"
+ geoBlock: []
+ # -- https://github.com/PascalMinder/geoblock
+ # - name: geoBlockName
+ # allowLocalRequests: true
+ # logLocalRequests: false
+ # logAllowedRequests: false
+ # logApiRequests: false
+ # api: https://get.geojs.io/v1/ip/country/{ip}
+ # apiTimeoutMs: 500
+ # cacheSize: 25
+ # forceMonthlyUpdate: true
+ # allowUnknownCountries: false
+ # unknownCountryApiResponse: nil
+ # blackListMode: false
+ # countries:
+ # - RU
+ modsecurity: []
+ # - name: modsecurityName
+ # modSecurityUrl: modSecurity container URL
+ # timeoutMillis: Configurated timeout
+ # maxBodySize: maxBodySize
+ ## Note: body of every request will be buffered in memory while the request is in-flight
+ ## (i.e.: during the security check and during the request processing by traefik and the backend),
+ ## so you may want to tune maxBodySize depending on how much RAM you have.
+portalhook:
+ enabled: true
+persistence:
+ plugins:
+ enabled: true
+ mountPath: "/plugins-storage"
+ type: emptyDir
+portal:
+ open:
+ enabled: true
+ path: /dashboard/
diff --git a/enterprise/traefik/21.1.9/questions.yaml b/enterprise/traefik/21.1.9/questions.yaml
new file mode 100644
index 00000000000..1d619d093fa
--- /dev/null
+++ b/enterprise/traefik/21.1.9/questions.yaml
@@ -0,0 +1,2929 @@
+groups:
+ - name: Container Image
+ description: Image to be used for container
+ - name: General Settings
+ description: General Deployment Settings
+ - name: Workload Settings
+ description: Workload Settings
+ - name: App Configuration
+ description: App Specific Config Options
+ - name: Networking and Services
+ description: Configure Network and Services for Container
+ - name: Storage and Persistence
+ description: Persist and Share Data that is Separate from the Container
+ - name: Ingress
+ description: Ingress Configuration
+ - name: Security and Permissions
+ description: Configure Security Context and Permissions
+ - name: Resources and Devices
+ description: "Specify Resources/Devices to be Allocated to Workload"
+ - name: Middlewares
+ description: Traefik Middlewares
+ - name: Metrics
+ description: Metrics
+ - name: Addons
+ description: Addon Configuration
+ - name: Advanced
+ description: Advanced Configuration
+ - name: Postgresql
+ description: Postgresql
+ - name: Documentation
+ description: Documentation
+portals:
+ open:
+ protocols:
+ - "$kubernetes-resource_configmap_tcportal-open_protocol"
+ host:
+ - "$kubernetes-resource_configmap_tcportal-open_host"
+ ports:
+ - "$kubernetes-resource_configmap_tcportal-open_port"
+ path: "$kubernetes-resource_configmap_tcportal-open_path"
+questions:
+ - variable: global
+ group: General Settings
+ label: "Global Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: stopAll
+ label: Stop All
+ description: "Stops All Running pods and hibernates cnpg"
+ schema:
+ type: boolean
+ default: false
+ - variable: workload
+ group: "Workload Settings"
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type (Advanced)
+ schema:
+ type: string
+ default: Deployment
+ enum:
+ - value: Deployment
+ description: Deployment
+ - value: DaemonSet
+ description: DaemonSet
+
+ - variable: replicas
+ label: Replicas (Advanced)
+ description: Set the number of Replicas
+ schema:
+ type: int
+ show_if: [["type", "!=", "DaemonSet"]]
+ default: 1
+ - variable: podSpec
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: containers
+ label: Containers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: envList
+ label: Extra Environment Variables
+ description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ - variable: extraArgs
+ label: Extra Args
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: arg
+ label: Arg
+ schema:
+ type: string
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: command
+ label: Command
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: param
+ label: Param
+ schema:
+ type: string
+
+ - variable: TZ
+ label: Timezone
+ group: "General Settings"
+ schema:
+ type: string
+ default: "Etc/UTC"
+ $ref:
+ - "definitions/timezone"
+ - variable: podOptions
+ group: "General Settings"
+ label: "Global Pod Options (Advanced)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: expertPodOpts
+ label: "Expert - Pod Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hostNetwork
+ label: "Host Networking"
+ schema:
+ type: boolean
+ default: false
+ - variable: dnsConfig
+ label: "DNS Configuration"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: options
+ label: "Options"
+ schema:
+ type: list
+ default: [{"name": "ndots", "value": "1"}]
+ items:
+ - variable: optionsEntry
+ label: "Option Entry"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: nameservers
+ label: "Nameservers"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: nsEntry
+ label: "Nameserver Entry"
+ schema:
+ type: string
+ required: true
+ - variable: searches
+ label: "Searches"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: searchEntry
+ label: "Search Entry"
+ schema:
+ type: string
+ required: true
+ - variable: expertIngressClass
+ label: Expert Mode
+ group: App Configuration
+ description: |
+ Expert Mode contains settings like:
+ - IngressClass
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: ingressClass
+ label: "ingressClass"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ description: "When enabled, ingressClass will match the entered name of this app"
+ schema:
+ type: boolean
+ default: false
+ - variable: isDefaultClass
+ label: "isDefaultClass"
+ schema:
+ type: boolean
+ show_if: [["enabled", "=", true]]
+ default: false
+ - variable: logs
+ label: "Logs"
+ group: "App Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: general
+ label: "General Logs"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: level
+ label: "Log Level"
+ schema:
+ type: string
+ default: "ERROR"
+ enum:
+ - value: "INFO"
+ description: "Info"
+ - value: "WARN"
+ description: "Warnings"
+ - value: "ERROR"
+ description: "Errors"
+ - value: "FATAL"
+ description: "Fatal Errors"
+ - value: "PANIC"
+ description: "Panics"
+ - value: "DEBUG"
+ description: "Debug"
+ - variable: format
+ label: "General Log format"
+ schema:
+ type: string
+ default: "common"
+ enum:
+ - value: "common"
+ description: "Common Log Format"
+ - value: "json"
+ description: "JSON"
+ - variable: access
+ label: "Access Logs"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: enabledFilters
+ label: "Enable Filters"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: filters
+ label: "Filters"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: statuscodes
+ label: "Status codes"
+ schema:
+ type: string
+ default: "200,300-302"
+ - variable: retryattempts
+ label: "retryattempts"
+ schema:
+ type: boolean
+ default: true
+ - variable: minduration
+ label: "minduration"
+ schema:
+ type: string
+ default: "10ms"
+ - variable: fields
+ label: "Fields"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: general
+ label: "General"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: defaultmode
+ label: "Default Mode"
+ schema:
+ type: string
+ default: "keep"
+ enum:
+ - value: "keep"
+ description: "Keep"
+ - value: "drop"
+ description: "Drop"
+ - variable: headers
+ label: "Headers"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: defaultmode
+ label: "Default Mode"
+ schema:
+ type: string
+ default: "drop"
+ enum:
+ - value: "keep"
+ description: "Keep"
+ - value: "drop"
+ description: "Drop"
+ - variable: format
+ label: "Access Log format"
+ schema:
+ type: string
+ default: "common"
+ enum:
+ - value: "common"
+ description: "Common Log Format"
+ - value: "json"
+ description: "JSON"
+ - variable: middlewares
+ label: ""
+ group: "Middlewares"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: basicAuth
+ label: basicAuth
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: basicAuthEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: users
+ label: Users
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: usersEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: username
+ label: Username
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: password
+ label: Password
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: forwardAuth
+ label: forwardAuth
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: basicAuthEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: address
+ label: Address
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: trustForwardHeader
+ label: trustForwardHeader
+ schema:
+ type: boolean
+ default: false
+ - variable: tls
+ label: TLS
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: insecureSkipVerify
+ label: insecureSkipVerify (expert)
+ description: >-
+ This disables all TLS certificate validation on communications with the authentication endpoint.
+ This could be a security risk and should only be used if you know what you are doing.
+ schema:
+ type: boolean
+ default: false
+ - variable: authResponseHeadersRegex
+ label: authResponseHeadersRegex
+ schema:
+ type: string
+ default: ""
+ - variable: authResponseHeaders
+ label: authResponseHeaders
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: authResponseHeadersEntry
+ label: ""
+ schema:
+ type: string
+ default: ""
+ - variable: authRequestHeaders
+ label: authRequestHeaders
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: authRequestHeadersEntry
+ label: ""
+ schema:
+ type: string
+ default: ""
+ - variable: buffering
+ label: Buffering
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: bufferingEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: maxRequestBodyBytes
+ label: Max Request Body Bytes
+ description: Leave empty and it won't be set
+ schema:
+ type: string
+ valid_chars: '^[0-9]*$'
+ default: ""
+ - variable: memRequestBodyBytes
+ label: Mem Request Body Bytes
+ description: Leave empty and it won't be set
+ schema:
+ type: string
+ valid_chars: '^[0-9]*$'
+ default: ""
+ - variable: maxResponseBodyBytes
+ label: Max Response Body Bytes
+ description: Leave empty and it won't be set
+ schema:
+ type: string
+ valid_chars: '^[0-9]*$'
+ default: ""
+ - variable: memResponseBodyBytes
+ label: Mem Response Body Bytes
+ description: Leave empty and it won't be set
+ schema:
+ type: string
+ valid_chars: '^[0-9]*$'
+ default: ""
+ - variable: retryExpression
+ label: Retry Expression
+ description: Leave empty and it won't be set
+ schema:
+ type: string
+ default: ""
+ - variable: customRequestHeaders
+ label: Custom Request Headers
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: customRequestHeadersEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: headers
+ label: Headers to Add
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: headersEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Header Name
+ description: Name of custom header to be added to requests, eg. X-Custom-Header
+ schema:
+ valid_chars: ^[a-zA-Z0-9_\-]*$
+ type: string
+ required: true
+ default: ""
+ - variable: value
+ label: Header Value
+ description: The value of the header. If the value is empty, the header will be removed.
+ schema:
+ type: string
+ default: ""
+ - variable: customResponseHeaders
+ label: Custom Response Headers
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: customResponseHeadersEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: headers
+ label: Headers to Add
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: headersEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Header Name
+ description: Name of custom header to be added to responses, eg. X-Custom-Header
+ schema:
+ valid_chars: ^[a-zA-Z0-9_\-]*$
+ type: string
+ required: true
+ default: ""
+ - variable: value
+ label: Header Value
+ description: The value of the header. If the value is empty, the header will be removed.
+ schema:
+ type: string
+ default: ""
+ - variable: rewriteResponseHeaders
+ label: Rewrite Response Headers
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: rewriteResponseHeadersEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: headers
+ label: Headers To Rewrite
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: headersEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Header Name
+ description: Name of a header to modified in responses, eg. X-Custom-Header
+ schema:
+ valid_chars: ^[a-zA-Z0-9_\-]*$
+ type: string
+ required: true
+ default: ""
+ - variable: regex
+ label: Regex
+ description: The value of the header to match. Accepts regex expression.
+ schema:
+ type: string
+ default: ""
+ - variable: replacement
+ label: Replacement Regex
+ description: The new value of the header. Accepts regex expression.
+ schema:
+ type: string
+ default: ""
+ - variable: customFrameOptionsValue
+ label: Custom Frame Options Value
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: customFrameOptionsValueEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: X-Frame-Options Header Value
+ description: The value of the header.
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: chain
+ label: Chain
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: chainEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: middlewares
+ label: Middlewares to Chain
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: redirectScheme
+ label: redirectScheme
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: redirectSchemeEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: scheme
+ label: Scheme
+ schema:
+ type: string
+ required: true
+ default: https
+ enum:
+ - value: https
+ description: https
+ - value: http
+ description: http
+ - variable: permanent
+ label: Permanent
+ schema:
+ type: boolean
+ default: false
+ - variable: rateLimit
+ label: rateLimit
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: rateLimitEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: average
+ label: Average
+ schema:
+ type: int
+ required: true
+ default: 300
+ - variable: burst
+ label: Burst
+ schema:
+ type: int
+ required: true
+ default: 200
+ - variable: redirectRegex
+ label: redirectRegex
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: redirectRegexEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: regex
+ label: Regex
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: replacement
+ label: Replacement
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: permanent
+ label: Permanent
+ schema:
+ type: boolean
+ default: false
+ - variable: stripPrefixRegex
+ label: stripPrefixRegex
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: stripPrefixRegexEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: regex
+ label: Regex
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: regexEntry
+ label: Regex
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: ipWhiteList
+ label: ipWhiteList
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ipWhiteListEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: sourceRange
+ label: Source Range
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: sourceRangeEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: ipStrategy
+ label: IP Strategy
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: depth
+ label: Depth
+ schema:
+ type: int
+ required: true
+ - variable: excludedIPs
+ label: Excluded IPs
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: excludedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: themePark
+ label: theme.park
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: themeParkEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: This is a 3rd party plugin and not maintained by TrueCharts,
+ for more information go to traefik-themepark
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: appName
+ label: App Name
+ description: Lower case, name of the app to be themed.
+
Go to https://docs.theme-park.dev/themes/ to see supported apps.
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: themeName
+ label: Theme Name
+ description: Lower case, name of the theme to be applied.
+
Go to https://docs.theme-park.dev/theme-options/ to see supported themes.
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: baseUrl
+ label: Base URL
+ description: Replace `https://theme-park.dev` URL for self-hosting reference.
+ schema:
+ type: string
+ required: true
+ default: https://theme-park.dev
+ - variable: addons
+ label: Addons
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: addonEntry
+ label: Addon
+ description: Currently only supports 'darker' and '4k-logo' for *arr apps.
+
Go to https://docs.theme-park.dev/themes/addons/ for Addon information.
+
Go to https://github.com/packruler/traefik-themepark for more context on plugin
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: realIP
+ label: Real IP
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: realIPEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: excludedNetworks
+ label: Excluded Networks
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: excludedNetEntry
+ label: Excluded Network Entry
+ description: Network to exclude setting it to X-Real-Ip
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: geoBlock
+ label: GeoBlock
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: geoBlockEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: This is a 3rd party plugin and not maintained by TrueCharts,
+ for more information go to geoblock
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: allowLocalRequests
+ label: Allow Local Requests
+ description: If set to true, will not block request from Private IP Ranges
+ schema:
+ type: boolean
+ default: true
+ - variable: logLocalRequests
+ label: Log Local Requests
+ description: If set to true, will log every connection from any IP in the private IP range
+ schema:
+ type: boolean
+ default: false
+ - variable: logAllowedRequests
+ label: Log Allowed Requests
+ description: If set to true, will show a log message with the IP and the country of origin if a request is allowed.
+ schema:
+ type: boolean
+ default: false
+ - variable: logApiRequests
+ label: Log API Requests
+ description: If set to true, will show a log message for every API hit.
+ schema:
+ type: boolean
+ default: false
+ - variable: api
+ label: API
+ description: Defines the API URL for the IP to Country resolution. The IP to fetch can be added with {ip} to the URL.
+ schema:
+ type: string
+ required: true
+ default: https://get.geojs.io/v1/ip/country/{ip}
+ - variable: apiTimeoutMs
+ label: API Timeout in ms
+ description: Timeout for the call to the api uri.
+ schema:
+ type: int
+ required: true
+ default: 500
+ - variable: cacheSize
+ label: Cache Size
+ description: Defines the max size of the LRU (least recently used) cache.
+ schema:
+ type: int
+ required: true
+ default: 25
+ - variable: forceMonthlyUpdate
+ label: Force Monthly Update
+ description: Even if an IP stays in the cache for a period of a month (about 30 x 24 hours), it must be fetch again after a month.
+ schema:
+ type: boolean
+ default: true
+ - variable: allowUnknownCountries
+ label: Allow Unknown Countries
+ description: Some IP addresses have no country associated with them. If this option is set to true, all IPs with no associated country are also allowed.
+ schema:
+ type: boolean
+ default: false
+ - variable: unknownCountryApiResponse
+ label: Unknown Countries API Response
+ description: The API uri can be customized. This options allows to customize the response string of the API when a IP with no associated country is requested.
+ schema:
+ type: string
+ required: true
+ default: nil
+ - variable: blackListMode
+ label: Blacklist Mode
+ description: When set to true the filter logic is inverted, i.e. requests originating from countries listed in the countries list are blocked.
+ schema:
+ type: boolean
+ default: false
+ - variable: countries
+ description: Country codes (2 characters) from which connections to the service should be allowed or blocked, based on the mode.
+ label: Countries
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: countryEntry
+ label: Country
+ description: Country codes (2 characters) from which connections to the service should be allowed or blocked, based on the mode.
+ schema:
+ type: string
+ required: true
+ # Allow only 2 Characters
+ valid_chars: '^[a-zA-Z]{2}$'
+ default: ""
+ - variable: addPrefix
+ label: Add Prefix
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: addPrefixEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: prefix
+ label: Prefix
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: modsecurity
+ label: modsecurity
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: modsecurityEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: This is a 3rd party plugin and not maintained by TrueCharts,
+ for more information go to traefik-modsecurity-plugin
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: modSecurityUrl
+ label: ModSecurity Url
+ description: It's the URL for the owasp/modsecurity container.
+ schema:
+ type: string
+ required: true
+ default: "https://someurl"
+ - variable: timeoutMillis
+ label: timeout Millis
+ description: timeout in milliseconds for the http client to talk with modsecurity container. (
+ schema:
+ type: int
+ required: true
+ default: 2
+ - variable: maxBodySize
+ label: maxBody Size
+ description: it's the maximum limit for requests body size. Requests exceeding this value will be rejected using HTTP 413 Request Entity Too Large. Zero means "use default value".
+ schema:
+ type: int
+ required: true
+ default: 0
+ - variable: service
+ group: "Networking and Services"
+ label: "Configure Service Entrypoint"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Service"
+ description: "The Primary service on which the healthcheck runs, often the webUI"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Entrypoint Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: "Entrypoints Port"
+ schema:
+ type: int
+ default: 9000
+ required: true
+ - variable: tcp
+ label: "TCP Service"
+ description: "The tcp Entrypoint service"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: web
+ label: "web Entrypoint Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: "Entrypoints Port"
+ schema:
+ type: int
+ default: 9080
+ required: true
+ - variable: advanced
+ label: Show Advanced Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: redirectPort
+ label: "Redirect to Port"
+ schema:
+ type: int
+ - variable: redirectTo
+ label: "Redirect to Entrypoint"
+ schema:
+ type: string
+ default: "websecure"
+ - variable: forwardedHeaders
+ label: Accept Forwarded Headers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: trustedIPs
+ label: Trusted IPs
+ description: Trust Forwarded Headers from specific IPs.
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: trustedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: insecureMode
+ label: Insecure Mode
+ description: Always Trust Forwarded Headers
+ schema:
+ type: boolean
+ default: false
+ - variable: proxyProtocol
+ label: Accept Proxy Protocol connections
+ description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: trustedIPs
+ label: Trusted IPs
+ description: Only IPs in trustedIPs will lead to remote client address replacement
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: trustedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: insecureMode
+ label: Insecure Mode
+ description: Trust every incoming connection
+ schema:
+ type: boolean
+ default: false
+ - variable: websecure
+ label: "websecure Entrypoints Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: "Entrypoints Port"
+ schema:
+ type: int
+ default: 9443
+ required: true
+ - variable: advanced
+ label: Show Advanced Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: redirectPort
+ label: "Redirect to Port"
+ schema:
+ type: int
+ - variable: redirectTo
+ label: "Redirect to Entrypoint"
+ schema:
+ type: string
+ - variable: forwardedHeaders
+ label: Accept Forwarded Headers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: trustedIPs
+ label: Trusted IPs
+ description: Trust Forwarded Headers from specific IPs.
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: trustedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: insecureMode
+ label: Insecure Mode
+ description: Always Trust Forwarded Headers
+ schema:
+ type: boolean
+ default: false
+ - variable: proxyProtocol
+ label: Accept Proxy Protocol connections
+ description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: trustedIPs
+ label: Trusted IPs
+ description: Only IPs in trustedIPs will lead to remote client address replacement
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: trustedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: insecureMode
+ label: Insecure Mode
+ description: Trust every incoming connection
+ schema:
+ type: boolean
+ default: false
+ - variable: tls
+ label: "websecure Entrypoints Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ hidden: true
+ attrs:
+ - variable: enabled
+ label: "Enabled"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: portsList
+ label: "Additional TCP Entrypoints"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsListEntry
+ label: "Custom Entrypoints"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enable the port"
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: "Entrypoints Name"
+ schema:
+ type: string
+ default: ""
+ - variable: protocol
+ label: "Entrypoints Type"
+ schema:
+ type: string
+ default: "tcp"
+ enum:
+ - value: http
+ description: "HTTP"
+ - value: "https"
+ description: "HTTPS"
+ - value: tcp
+ description: "TCP"
+ - variable: port
+ label: "Port"
+ description: "This port exposes the container port on the service"
+ schema:
+ type: int
+ required: true
+ - variable: tls
+ label: "websecure Entrypoints Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: "Enabled"
+ schema:
+ type: boolean
+ default: true
+ - variable: redirectPort
+ label: "Redirect to Port"
+ schema:
+ type: int
+ - variable: redirectTo
+ label: "Redirect to Entrypoint"
+ schema:
+ type: string
+ - variable: forwardedHeaders
+ label: Accept Forwarded Headers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: trustedIPs
+ label: Trusted IPs
+ description: Trust Forwarded Headers from specific IPs.
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: trustedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: insecureMode
+ label: Insecure Mode
+ description: Always Trust Forwarded Headers
+ schema:
+ type: boolean
+ default: false
+ - variable: proxyProtocol
+ label: Accept Proxy Protocol connections
+ description: If Proxy Protocol header parsing is enabled for the entry point, this entry point can accept connections with or without Proxy Protocol headers.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: trustedIPs
+ label: Trusted IPs
+ description: Only IPs in trustedIPs will lead to remote client address replacement
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: trustedIPsEntry
+ label: ""
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: insecureMode
+ label: Insecure Mode
+ description: Trust every incoming connection
+ schema:
+ type: boolean
+ default: false
+ - variable: ingress
+ label: ""
+ group: Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: "Main Ingress"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: [{path: "/", pathType: "Prefix"}]
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: certificateIssuer
+ label: Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ show_if: [["advanced", "=", true]]
+ required: true
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ show_if: [["advanced", "=", true]]
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ show_if: [["advanced", "=", true]]
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: 'Use Custom Certificate Secret (Advanced)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: 'Use TrueNAS SCALE Certificate (Deprecated)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: ingressList
+ label: Add Manual Custom Ingresses
+ group: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressListEntry
+ label: Custom Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: ingressClassName
+ label: IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: service
+ label: Linked Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Service Name
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: Service Port
+ schema:
+ type: int
+ - variable: certificateIssuer
+ label: certificateIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ show_if: [["certificateIssuer", "=", ""]]
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: Use TrueNAS SCALE Certificate (Deprecated)
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: Use Custom Secret (Advanced)
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: entrypoint
+ label: Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: securityContext
+ group: Security and Permissions
+ label: Security Context
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: container
+ label: Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: runAsUser
+ label: "runAsUser"
+ description: "The UserID of the user running the application"
+ schema:
+ type: int
+ default: 568
+ - variable: runAsGroup
+ label: "runAsGroup"
+ description: "The groupID of the user running the application"
+ schema:
+ type: int
+ default: 568
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: PUID
+ label: Process User ID - PUID
+ description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
+ schema:
+ type: int
+ show_if: [["runAsUser", "=", 0]]
+ default: 568
+ - variable: UMASK
+ label: UMASK
+ description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
+ schema:
+ type: string
+ default: "0022"
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: privileged
+ label: "Privileged mode"
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnlyRootFilesystem
+ label: "ReadOnly Root Filesystem"
+ schema:
+ type: boolean
+ default: true
+ - variable: pod
+ label: Pod
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: fsGroupChangePolicy
+ label: "When should we take ownership?"
+ schema:
+ type: string
+ default: OnRootMismatch
+ enum:
+ - value: OnRootMismatch
+ description: OnRootMismatch
+ - value: Always
+ description: Always
+ - variable: supplementalGroups
+ label: Supplemental Groups
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: supplementalGroupsEntry
+ label: Supplemental Group
+ schema:
+ type: int
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: fsGroup
+ label: "fsGroup"
+ description: "The group that should own ALL storage."
+ schema:
+ type: int
+ default: 568
+
+ - variable: resources
+ group: Resources and Devices
+ label: "Resource Limits"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: limits
+ label: Advanced Limit Resource Consumption
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 4000m
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: RAM
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 8Gi
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: requests
+ label: "Minimum Resources Required (request)"
+ schema:
+ additional_attrs: true
+ type: dict
+ hidden: true
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 10m
+ hidden: true
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: "RAM"
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 50Mi
+ hidden: true
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: deviceList
+ label: Mount USB Devices
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: deviceListEntry
+ label: Device
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Storage
+ schema:
+ type: boolean
+ default: true
+ - variable: type
+ label: (Advanced) Type of Storage
+ description: Sets the persistence type
+ schema:
+ type: string
+ default: device
+ hidden: true
+ - variable: readOnly
+ label: readOnly
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Device Path
+ description: Path to the device on the host system
+ schema:
+ type: path
+ - variable: mountPath
+ label: Container Device Path
+ description: Path inside the container the device is mounted
+ schema:
+ type: string
+ default: "/dev/ttyACM0"
+ - variable: scaleGPU
+ label: GPU Configuration
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: scaleGPUEntry
+ label: GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Specify GPU configuration
+ - variable: gpu
+ label: Select GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "definitions/gpuConfiguration"
+ attrs: []
+ - variable: workaround
+ label: "Workaround"
+ schema:
+ type: string
+ default: workaround
+ hidden: true
+ - variable: metrics
+ group: Metrics
+ label: Prometheus Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: prometheusRule
+ label: PrometheusRule
+ description: Enable and configure Prometheus Rules for the App.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ # TODO: Rule List section
+# - variable: horizontalPodAutoscaler
+# group: Advanced
+# label: (Advanced) Horizontal Pod Autoscaler
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: hpaEntry
+# label: HPA Entry
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: name
+# label: Name
+# schema:
+# type: string
+# required: true
+# default: ""
+# - variable: enabled
+# label: Enabled
+# schema:
+# type: boolean
+# default: false
+# show_subquestions_if: true
+# subquestions:
+# - variable: target
+# label: Target
+# description: Deployment name, Defaults to Main Deployment
+# schema:
+# type: string
+# default: ""
+# - variable: minReplicas
+# label: Minimum Replicas
+# schema:
+# type: int
+# default: 1
+# - variable: maxReplicas
+# label: Maximum Replicas
+# schema:
+# type: int
+# default: 5
+# - variable: targetCPUUtilizationPercentage
+# label: Target CPU Utilization Percentage
+# schema:
+# type: int
+# default: 80
+# - variable: targetMemoryUtilizationPercentage
+# label: Target Memory Utilization Percentage
+# schema:
+# type: int
+# default: 80
+ - variable: networkPolicy
+ group: Advanced
+ label: (Advanced) Network Policy
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: netPolicyEntry
+ label: Network Policy Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: policyType
+ label: Policy Type
+ schema:
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: ingress
+ description: Ingress
+ - value: egress
+ description: Egress
+ - value: ingress-egress
+ description: Ingress and Egress
+ - variable: egress
+ label: Egress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: egressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: to
+ label: To
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: toEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: ingress
+ label: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: from
+ label: From
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: fromEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: addons
+ group: Addons
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: Codeserver
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: service
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: NodePort
+ description: Deprecated CHANGE THIS
+ - value: ClusterIP
+ description: ClusterIP
+ - value: LoadBalancer
+ description: LoadBalancer
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ default: 36107
+ - variable: envList
+ label: Codeserver Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: netshoot
+ label: Netshoot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: envList
+ label: Netshoot Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: vpn
+ label: VPN
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ schema:
+ type: string
+ default: disabled
+ enum:
+ - value: disabled
+ description: disabled
+ - value: gluetun
+ description: Gluetun
+ - value: tailscale
+ description: Tailscale
+ - value: openvpn
+ description: OpenVPN (Deprecated)
+ - value: wireguard
+ description: Wireguard (Deprecated)
+ - variable: openvpn
+ label: OpenVPN Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "openvpn"]]
+ attrs:
+ - variable: username
+ label: Authentication Username (Optional)
+ description: Authentication Username, Optional
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: Authentication Password
+ description: Authentication Credentials
+ schema:
+ type: string
+ show_if: [["username", "!=", ""]]
+ default: ""
+ required: true
+ - variable: tailscale
+ label: Tailscale Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "tailscale"]]
+ attrs:
+ - variable: authkey
+ label: Authentication Key
+ description: Provide an auth key to automatically authenticate the node as your user account.
+ schema:
+ type: string
+ private: true
+ default: ""
+ - variable: auth_once
+ label: Auth Once
+ description: Only attempt to log in if not already logged in.
+ schema:
+ type: boolean
+ default: true
+ - variable: accept_dns
+ label: Accept DNS
+ description: Accept DNS configuration from the admin console.
+ schema:
+ type: boolean
+ default: false
+ - variable: userspace
+ label: Userspace
+ description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
+ schema:
+ type: boolean
+ default: false
+ - variable: routes
+ label: Routes
+ description: Expose physical subnet routes to your entire Tailscale network.
+ schema:
+ type: string
+ default: ""
+ - variable: dest_ip
+ label: Destination IP
+ description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
+ schema:
+ type: string
+ default: ""
+ - variable: sock5_server
+ label: Sock5 Server
+ description: The address on which to listen for SOCKS5 proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: outbound_http_proxy_listen
+ label: Outbound HTTP Proxy Listen
+ description: The address on which to listen for HTTP proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: extra_args
+ label: Extra Args
+ description: Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: daemon_extra_args
+ label: Tailscale Daemon Extra Args
+ description: Tailscale Daemon Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: killSwitch
+ label: Enable Killswitch
+ schema:
+ type: boolean
+ show_if: [["type", "!=", "disabled"]]
+ default: true
+ - variable: excludedNetworks_IPv4
+ label: Killswitch Excluded IPv4 networks
+ description: List of Killswitch Excluded IPv4 Addresses
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv4
+ label: IPv4 Network
+ schema:
+ type: string
+ required: true
+ - variable: excludedNetworks_IPv6
+ label: Killswitch Excluded IPv6 networks
+ description: "List of Killswitch Excluded IPv6 Addresses"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv6
+ label: IPv6 Network
+ schema:
+ type: string
+ required: true
+ - variable: configFile
+ label: VPN Config File Location
+ schema:
+ type: string
+ show_if: [["type", "!=", "disabled"]]
+ default: ""
+
+ - variable: envList
+ label: VPN Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ max_length: 10240
+ - variable: docs
+ group: Documentation
+ label: Please read the documentation at https://truecharts.org
+ description: Please read the documentation at
+
https://truecharts.org
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDocs
+ label: I have checked the documentation
+ schema:
+ type: boolean
+ default: true
+ - variable: donateNag
+ group: Documentation
+ label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
+ description: Please consider supporting TrueCharts, see
+
https://truecharts.org/sponsor
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDonate
+ label: I have considered donating
+ schema:
+ type: boolean
+ default: true
+ hidden: true
diff --git a/enterprise/traefik/21.1.9/templates/NOTES.txt b/enterprise/traefik/21.1.9/templates/NOTES.txt
new file mode 100644
index 00000000000..efcb74cb772
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/NOTES.txt
@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}
diff --git a/enterprise/traefik/21.1.9/templates/_args.tpl b/enterprise/traefik/21.1.9/templates/_args.tpl
new file mode 100644
index 00000000000..06e39a46890
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/_args.tpl
@@ -0,0 +1,194 @@
+{{/* Define the args */}}
+{{- define "traefik.args" -}}
+args:
+ {{/* merge all ports */}}
+ {{- $ports := dict }}
+ {{- range $.Values.service }}
+ {{- range $name, $value := .ports }}
+ {{- $_ := set $ports $name $value }}
+ {{- end }}
+ {{- end }}
+ {{/* start of actual arguments */}}
+ {{- with .Values.globalArguments }}
+ {{- range . }}
+ - {{ . | quote }}
+ {{- end }}
+ {{- end }}
+ {{- range $name, $config := $ports }}
+ {{- if $config }}
+ {{- if or ( eq $config.protocol "http" ) ( eq $config.protocol "https" ) ( eq $config.protocol "tcp" ) }}
+ {{- $_ := set $config "protocol" "tcp" }}
+ {{- end }}
+ - "--entryPoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
+ {{- end }}
+ {{- end }}
+ - "--api.dashboard=true"
+ - "--ping=true"
+ {{- if .Values.traefikMetrics }}
+ {{- if .Values.traefikMetrics.datadog }}
+ - "--metrics.datadog=true"
+ - "--metrics.datadog.address={{ .Values.traefikMetrics.datadog.address }}"
+ {{- end }}
+ {{- if .Values.traefikMetrics.influxdb }}
+ - "--metrics.influxdb=true"
+ - "--metrics.influxdb.address={{ .Values.traefikMetrics.influxdb.address }}"
+ - "--metrics.influxdb.protocol={{ .Values.traefikMetrics.influxdb.protocol }}"
+ {{- end }}
+ {{- if .Values.traefikMetrics.statsd }}
+ - "--metrics.statsd=true"
+ - "--metrics.statsd.address={{ .Values.traefikMetrics.statsd.address }}"
+ {{- if or .Values.traefikMetrics.prometheus }}
+ - "--metrics.prometheus=true"
+ - "--metrics.prometheus.entrypoint=metrics"
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- if or .Values.metrics.main.enabled }}
+ - "--metrics.prometheus=true"
+ - "--metrics.prometheus.entrypoint=metrics"
+ {{- end }}
+ {{- if .Values.providers.kubernetesCRD.enabled }}
+ - "--providers.kubernetescrd"
+ {{- end }}
+ {{- if .Values.providers.kubernetesIngress.enabled }}
+ - "--providers.kubernetesingress"
+ {{- if .Values.providers.kubernetesIngress.publishedService.enabled }}
+ - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
+ {{- end }}
+ {{- if .Values.providers.kubernetesIngress.labelSelector }}
+ - "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
+ {{- end }}
+ {{- end }}
+ {{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
+ {{- if .Values.providers.kubernetesCRD.enabled }}
+ - "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" . }}"
+ {{- end }}
+ {{- if .Values.providers.kubernetesIngress.enabled }}
+ - "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" . }}"
+ {{- end }}
+ {{- end }}
+ {{- if $.Values.ingressClass.enabled }}
+ - "--providers.kubernetesingress.ingressclass={{ .Release.Name }}"
+ {{- end }}
+ {{- range $entrypoint, $config := $ports }}
+ {{/* add args for proxyProtocol support */}}
+ {{- if $config.proxyProtocol }}
+ {{- if $config.proxyProtocol.enabled }}
+ {{- if $config.proxyProtocol.insecureMode }}
+ - "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure"
+ {{- end }}
+ {{- if not ( empty $config.proxyProtocol.trustedIPs ) }}
+ - "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{/* add args for forwardedHeaders support */}}
+ {{- if $config.forwardedHeaders.enabled }}
+ {{- if not ( empty $config.forwardedHeaders.trustedIPs ) }}
+ - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
+ {{- end }}
+ {{- if $config.forwardedHeaders.insecureMode }}
+ - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
+ {{- end }}
+ {{- end }}
+ {{/* end forwardedHeaders configuration */}}
+ {{- if $config.redirectTo }}
+ {{- $toPort := index $ports $config.redirectTo }}
+ - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.port }}"
+ - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
+ {{- else if $config.redirectPort }}
+ {{ if gt $config.redirectPort 0.0 }}
+ - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $config.redirectPort }}"
+ - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
+ {{- end }}
+ {{- end }}
+ {{- if or ( $config.tls ) ( eq $config.protocol "https" ) }}
+ {{- if or ( $config.tls.enabled ) ( eq $config.protocol "https" ) }}
+ - "--entrypoints.{{ $entrypoint }}.http.tls=true"
+ {{- if $config.tls.options }}
+ - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
+ {{- end }}
+ {{- if $config.tls.certResolver }}
+ - "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
+ {{- end }}
+ {{- if $config.tls.domains }}
+ {{- range $index, $domain := $config.tls.domains }}
+ {{- if $domain.main }}
+ - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
+ {{- end }}
+ {{- if $domain.sans }}
+ - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{- with .Values.logs }}
+ - "--log.format={{ .general.format }}"
+ {{- if ne .general.level "ERROR" }}
+ - "--log.level={{ .general.level | upper }}"
+ {{- end }}
+ {{- if .access.enabled }}
+ - "--accesslog=true"
+ - "--accesslog.format={{ .access.format }}"
+ {{- if .access.bufferingsize }}
+ - "--accesslog.bufferingsize={{ .access.bufferingsize }}"
+ {{- end }}
+ {{- if .access.filters }}
+ {{- if .access.filters.statuscodes }}
+ - "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
+ {{- end }}
+ {{- if .access.filters.retryattempts }}
+ - "--accesslog.filters.retryattempts"
+ {{- end }}
+ {{- if .access.filters.minduration }}
+ - "--accesslog.filters.minduration={{ .access.filters.minduration }}"
+ {{- end }}
+ {{- end }}
+ - "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
+ {{- range $fieldname, $fieldaction := .access.fields.general.names }}
+ - "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
+ {{- end }}
+ - "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
+ {{- range $fieldname, $fieldaction := .access.fields.headers.names }}
+ - "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
+ {{- end }}
+ {{- end }}
+ {{- end }}
+ {{/*
+ For new plugins, add them on the container also
+ https://github.com/truecharts/containers/blob/master/mirror/traefik/Dockerfile
+ moduleName must match on the container and here
+ */}}
+ {{- if .Values.middlewares.themePark }}
+ {{/* theme.park */}}
+ - "--experimental.localPlugins.traefik-themepark.modulename=github.com/packruler/traefik-themepark"
+ {{- end }}
+ {{/* End of theme.park */}}
+ {{/* GeoBlock */}}
+ {{- if .Values.middlewares.geoBlock }}
+ - "--experimental.localPlugins.GeoBlock.modulename=github.com/PascalMinder/geoblock"
+ {{- end }}
+ {{/* End of GeoBlock */}}
+ {{/* RealIP */}}
+ {{- if .Values.middlewares.realIP }}
+ - "--experimental.localPlugins.traefik-real-ip.modulename=github.com/jramsgz/traefik-real-ip"
+ {{- end }}
+ {{/* End of RealIP */}}
+ {{/* ModSecurity */}}
+ {{- if .Values.middlewares.modsecurity }}
+ - "--experimental.localPlugins.traefik-modsecurity-plugin.modulename=github.com/acouvreur/traefik-modsecurity-plugin"
+ {{- end }}
+ {{/* End of ModSecurity */}}
+ {{/* RewriteResponseHeaders */}}
+ {{- if .Values.middlewares.rewriteResponseHeaders }}
+ - "--experimental.localPlugins.rewriteResponseHeaders.modulename=github.com/XciD/traefik-plugin-rewrite-headers"
+ {{- end }}
+ {{/* End of RewriteResponseHeaders */}}
+ {{- with .Values.additionalArguments }}
+ {{- range . }}
+ - {{ . | quote }}
+ {{- end }}
+ {{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/_helpers.tpl b/enterprise/traefik/21.1.9/templates/_helpers.tpl
new file mode 100644
index 00000000000..1345dcea39a
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/_helpers.tpl
@@ -0,0 +1,22 @@
+{{/*
+Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
+By convention this will simply use the / to match the name of the
+service generated.
+Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
+*/}}
+{{- define "providers.kubernetesIngress.publishedServicePath" -}}
+{{- $fullName := include "tc.v1.common.lib.chart.names.fullname" . -}}
+{{- $defServiceName := printf "%s/%s-tcp" .Release.Namespace $fullName -}}
+{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
+{{- print $servicePath | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Construct a comma-separated list of whitelisted namespaces
+*/}}
+{{- define "providers.kubernetesIngress.namespaces" -}}
+{{- default .Release.Namespace (join "," .Values.providers.kubernetesIngress.namespaces) }}
+{{- end -}}
+{{- define "providers.kubernetesCRD.namespaces" -}}
+{{- default .Release.Namespace (join "," .Values.providers.kubernetesCRD.namespaces) }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/_ingressclass.tpl b/enterprise/traefik/21.1.9/templates/_ingressclass.tpl
new file mode 100644
index 00000000000..4213783865c
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/_ingressclass.tpl
@@ -0,0 +1,24 @@
+{{/* Define the ingressClass */}}
+{{- define "traefik.ingressClass" -}}
+---
+{{ if $.Values.ingressClass.enabled }}
+ {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass" }}
+apiVersion: networking.k8s.io/v1
+ {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass" }}
+apiVersion: networking.k8s.io/v1beta1
+ {{- else if or (eq .Values.ingressClass.fallbackApiVersion "v1beta1") (eq .Values.ingressClass.fallbackApiVersion "v1") }}
+apiVersion: {{ printf "networking.k8s.io/%s" .Values.ingressClass.fallbackApiVersion }}
+ {{- else }}
+ {{- fail "\n\n ERROR: You must have at least networking.k8s.io/v1beta1 to use ingressClass" }}
+ {{- end }}
+kind: IngressClass
+metadata:
+ annotations:
+ ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
+ labels:
+ {{- include "tc.v1.common.lib.metadata.allLabels" . | nindent 4 }}
+ name: {{ .Release.Name }}
+spec:
+ controller: traefik.io/ingress-controller
+{{- end }}
+{{- end }}
diff --git a/enterprise/traefik/21.1.9/templates/_ingressroute.tpl b/enterprise/traefik/21.1.9/templates/_ingressroute.tpl
new file mode 100644
index 00000000000..bf235761f80
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/_ingressroute.tpl
@@ -0,0 +1,34 @@
+{{/* Define the ingressRoute */}}
+{{- define "traefik.ingressRoute" -}}
+{{ if .Values.ingressRoute.dashboard.enabled }}
+
+{{- $ingressRouteLabels := .Values.ingressRoute.dashboard.labels -}}
+{{- $ingressRouteAnnotations := .Values.ingressRoute.dashboard.annotations -}}
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+ name: {{ include "tc.v1.common.lib.chart.names.fullname" . }}-dashboard
+ {{- $labels := (mustMerge ($ingressRouteLabels | default dict) (include "tc.v1.common.lib.metadata.allLabels" $ | fromYaml)) -}}
+ {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "labels" $labels) | trim) }}
+ labels:
+ {{- . | nindent 4 }}
+ {{- end }}
+ {{- $annotations := (mustMerge ($ingressRouteAnnotations | default dict) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
+ {{- with (include "tc.v1.common.lib.metadata.render" (dict "rootCtx" $ "annotations" $annotations) | trim) }}
+ annotations:
+ {{- . | nindent 4 }}
+ {{- end }}
+
+spec:
+ entryPoints:
+ - main
+ routes:
+ - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
+ kind: Rule
+ services:
+ - name: api@internal
+ kind: TraefikService
+{{ end }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/_portalhook.tpl b/enterprise/traefik/21.1.9/templates/_portalhook.tpl
new file mode 100644
index 00000000000..ec69a695ca6
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/_portalhook.tpl
@@ -0,0 +1,24 @@
+{{/* Define the portalHook */}}
+{{- define "traefik.portalhook" -}}
+{{- if .Values.portalhook.enabled -}}
+ {{- $name := "portalhook" -}}
+ {{- if $.Values.ingressClass.enabled -}}
+ {{- $name = printf "portalhook-%v" .Release.Name -}}
+ {{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ $name }}
+data:
+ {{- $ports := dict }}
+ {{- range $.Values.service }}
+ {{- range $name, $value := .ports }}
+ {{- $_ := set $ports $name $value }}
+ {{- end }}
+ {{- end }}
+ {{- range $name, $value := $ports }}
+ {{ $name }}: {{ $value.port | quote }}
+ {{- end }}
+{{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/_tlsoptions.tpl b/enterprise/traefik/21.1.9/templates/_tlsoptions.tpl
new file mode 100644
index 00000000000..4194e513cd3
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/_tlsoptions.tpl
@@ -0,0 +1,12 @@
+{{/* Define the tlsOptions */}}
+{{- define "traefik.tlsOptions" -}}
+{{- range $name, $config := .Values.tlsOptions }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: TLSOption
+metadata:
+ name: {{ $name }}
+spec:
+ {{- toYaml $config | nindent 2 }}
+{{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/common.yaml b/enterprise/traefik/21.1.9/templates/common.yaml
new file mode 100644
index 00000000000..d70a9887a47
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/common.yaml
@@ -0,0 +1,23 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . }}
+
+{{- $newArgs := (include "traefik.args" . | fromYaml) }}
+{{- $_ := set .Values "newArgs" $newArgs -}}
+{{- $mergedargs := concat $.Values.workload.main.podSpec.containers.main.args .Values.newArgs.args }}
+{{- $_ := set $.Values.workload.main.podSpec.containers.main "args" $mergedargs -}}
+
+{{- include "traefik.portalhook" . }}
+{{- include "traefik.tlsOptions" . }}
+{{- include "traefik.ingressRoute" . }}
+{{- include "traefik.ingressClass" . }}
+
+{{- with .Values.ingress -}}
+ {{- with .main -}}
+ {{- if .enabled -}}
+ {{- $_ := set $.Values.portal.open.override "protocol" "https" -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "tc.v1.common.loader.apply" . }}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/addPrefix.yaml b/enterprise/traefik/21.1.9/templates/middlewares/addPrefix.yaml
new file mode 100644
index 00000000000..47138233643
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/addPrefix.yaml
@@ -0,0 +1,12 @@
+{{- range $index, $middlewareData := .Values.middlewares.addPrefix }}
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ addPrefix:
+ prefix: {{ $middlewareData.prefix }}
+{{- end }}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/basic-middleware.yaml b/enterprise/traefik/21.1.9/templates/middlewares/basic-middleware.yaml
new file mode 100644
index 00000000000..ef4671254ef
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/basic-middleware.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ compress: {}
+---
+# Here, an average of 300 requests per second is allowed.
+# In addition, a burst of 200 requests is allowed.
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ rateLimit:
+ average: 600
+ burst: 400
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ headers:
+ accessControlAllowMethods:
+ - GET
+ - OPTIONS
+ - HEAD
+ - PUT
+ accessControlMaxAge: 100
+ stsSeconds: 63072000
+ # stsIncludeSubdomains: false
+ # stsPreload: false
+ forceSTSHeader: true
+ contentTypeNosniff: true
+ browserXssFilter: true
+ referrerPolicy: same-origin
+ customRequestHeaders:
+ X-Forwarded-Proto: "https"
+ customResponseHeaders:
+ server: ''
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-chain-basic" $.Release.Name) "chain-basic" $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ chain:
+ middlewares:
+ - name: {{ ternary (printf "%v-basic-ratelimit" $.Release.Name) "basic-ratelimit" $.Values.ingressClass.enabled }}
+ - name: {{ ternary (printf "%v-basic-secure-headers" $.Release.Name) "basic-secure-headers" $.Values.ingressClass.enabled }}
+ - name: {{ ternary (printf "%v-compress" $.Release.Name) "compress" $.Values.ingressClass.enabled }}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/basicauth.yaml b/enterprise/traefik/21.1.9/templates/middlewares/basicauth.yaml
new file mode 100644
index 00000000000..1bbdc462b34
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/basicauth.yaml
@@ -0,0 +1,30 @@
+{{- range $index, $middlewareData := .Values.middlewares.basicAuth -}}
+
+ {{- $users := list -}}
+ {{- range $index, $userdata := $middlewareData.users -}}
+ {{- $users = append $users (htpasswd $userdata.username $userdata.password) -}}
+ {{- end }}
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ printf "%v-%v" $middlewareData.name "secret" }}
+ namespace: {{ $.Release.Namespace }}
+type: Opaque
+stringData:
+ users: |
+ {{- range $index, $user := $users }}
+ {{ printf "%s" $user }}
+ {{- end }}
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ basicAuth:
+ secret: {{ printf "%v-%v" $middlewareData.name "secret" }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/buffering.yaml b/enterprise/traefik/21.1.9/templates/middlewares/buffering.yaml
new file mode 100644
index 00000000000..eade09784e4
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/buffering.yaml
@@ -0,0 +1,26 @@
+{{- range $index, $middlewareData := .Values.middlewares.buffering }}
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ buffering: {{/* Only render if its not and has a value of 0 or greater */}}
+ {{- if and (not (kindIs "invalid" $middlewareData.maxRequestBodyBytes)) (ge ($middlewareData.maxRequestBodyBytes | int) 0) }}
+ maxRequestBodyBytes: {{ $middlewareData.maxRequestBodyBytes }}
+ {{- end -}}
+ {{- if and (not (kindIs "invalid" $middlewareData.memRequestBodyBytes)) (ge ($middlewareData.memRequestBodyBytes | int) 0) }}
+ memRequestBodyBytes: {{ $middlewareData.memRequestBodyBytes }}
+ {{- end -}}
+ {{- if and (not (kindIs "invalid" $middlewareData.maxResponseBodyBytes)) (ge ($middlewareData.maxResponseBodyBytes | int) 0) }}
+ maxResponseBodyBytes: {{ $middlewareData.maxResponseBodyBytes }}
+ {{- end -}}
+ {{- if and (not (kindIs "invalid" $middlewareData.memResponseBodyBytes)) (ge ($middlewareData.memResponseBodyBytes | int) 0) }}
+ memResponseBodyBytes: {{ $middlewareData.memResponseBodyBytes }}
+ {{- end -}}
+ {{- if $middlewareData.retryExpression }}
+ retryExpression: {{ $middlewareData.retryExpression | quote }}
+ {{- end -}}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/chain.yaml b/enterprise/traefik/21.1.9/templates/middlewares/chain.yaml
new file mode 100644
index 00000000000..17d8853fb05
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/chain.yaml
@@ -0,0 +1,21 @@
+{{- $values := .Values -}}
+{{- $namespace := $.Release.Namespace -}}
+{{- if $.Values.ingressClass.enabled -}}
+ {{- $namespace := (printf "%v-%v" $namespace .Release.Name) -}}
+{{- end -}}
+
+{{- range $index, $middlewareData := .Values.middlewares.chain }}
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ chain:
+ middlewares:
+ {{- range $index, $middleware := .middlewares }}
+ - name: {{ printf "%v-%v@%v" $namespace $middleware "kubernetescrd" }}
+ {{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/customFrameOptionsValue.yaml b/enterprise/traefik/21.1.9/templates/middlewares/customFrameOptionsValue.yaml
new file mode 100644
index 00000000000..9b9f2b6606c
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/customFrameOptionsValue.yaml
@@ -0,0 +1,12 @@
+{{- range $index, $middlewareData := .Values.middlewares.customFrameOptionsValue }}
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ headers:
+ customFrameOptionsValue: {{ $middlewareData.value }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/customRequestHeaders.yaml b/enterprise/traefik/21.1.9/templates/middlewares/customRequestHeaders.yaml
new file mode 100644
index 00000000000..3c43a131a1d
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/customRequestHeaders.yaml
@@ -0,0 +1,15 @@
+{{- range $index, $middlewareData := .Values.middlewares.customRequestHeaders }}
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ headers:
+ customRequestHeaders:
+ {{- range $index, $customRequestHeader := $middlewareData.headers }}
+ {{ $customRequestHeader.name }}: {{ $customRequestHeader.value | quote }}
+ {{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/customResponseHeaders.yaml b/enterprise/traefik/21.1.9/templates/middlewares/customResponseHeaders.yaml
new file mode 100644
index 00000000000..a75db8a3382
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/customResponseHeaders.yaml
@@ -0,0 +1,15 @@
+{{- range $index, $middlewareData := .Values.middlewares.customResponseHeaders }}
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ headers:
+ customResponseHeaders:
+ {{- range $index, $customResponseHeader := $middlewareData.headers }}
+ {{ $customResponseHeader.name }}: {{ $customResponseHeader.value | quote }}
+ {{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/forwardauth.yaml b/enterprise/traefik/21.1.9/templates/middlewares/forwardauth.yaml
new file mode 100644
index 00000000000..787fa796823
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/forwardauth.yaml
@@ -0,0 +1,29 @@
+{{- range $index, $middlewareData := .Values.middlewares.forwardAuth }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ forwardAuth:
+ address: {{ $middlewareData.address }}
+ {{- with $middlewareData.authResponseHeaders }}
+ authResponseHeaders:
+ {{- toYaml . | nindent 4 }}
+ {{- end -}}
+ {{- with $middlewareData.authRequestHeaders }}
+ authRequestHeaders:
+ {{- toYaml . | nindent 4 }}
+ {{- end -}}
+ {{- if $middlewareData.authResponseHeadersRegex }}
+ authResponseHeadersRegex: {{ $middlewareData.authResponseHeadersRegex }}
+ {{- end -}}
+ {{- if $middlewareData.trustForwardHeader }}
+ trustForwardHeader: true
+ {{- end -}}
+ {{- with $middlewareData.tls }}
+ tls:
+ insecureSkipVerify: {{ .insecureSkipVerify | default false }}
+ {{- end -}}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/geoblock.yaml b/enterprise/traefik/21.1.9/templates/middlewares/geoblock.yaml
new file mode 100644
index 00000000000..2a647778e56
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/geoblock.yaml
@@ -0,0 +1,29 @@
+{{- range $index, $middlewareData := .Values.middlewares.geoBlock }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ plugin:
+ GeoBlock:
+ allowLocalRequests: {{ $middlewareData.allowLocalRequests }}
+ logLocalRequests: {{ $middlewareData.logLocalRequests }}
+ logAllowedRequests: {{ $middlewareData.logAllowedRequests }}
+ logApiRequests: {{ $middlewareData.logApiRequests }}
+ api: {{ $middlewareData.api }}
+ apiTimeoutMs: {{ $middlewareData.apiTimeoutMs }}
+ cacheSize: {{ $middlewareData.cacheSize }}
+ forceMonthlyUpdate: {{ $middlewareData.forceMonthlyUpdate }}
+ allowUnknownCountries: {{ $middlewareData.allowUnknownCountries }}
+ unknownCountryApiResponse: {{ $middlewareData.unknownCountryApiResponse }}
+ blackListMode: {{ $middlewareData.blackListMode }}
+ {{- if not $middlewareData.countries -}}
+ {{- fail "You have to define at least one country..." -}}
+ {{- end }}
+ countries:
+ {{- range $middlewareData.countries }}
+ - {{ . }}
+ {{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/ipwhitelist.yaml b/enterprise/traefik/21.1.9/templates/middlewares/ipwhitelist.yaml
new file mode 100644
index 00000000000..fc876aca5fe
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/ipwhitelist.yaml
@@ -0,0 +1,27 @@
+{{- range $index, $middlewareData := .Values.middlewares.ipWhiteList }}
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ ipWhiteList:
+ sourceRange:
+ {{- range $middlewareData.sourceRange }}
+ - {{ . }}
+ {{- end }}
+ {{- if $middlewareData.ipStrategy }}
+ ipStrategy:
+ {{- if $middlewareData.ipStrategy.depth }}
+ depth: {{ $middlewareData.ipStrategy.depth }}
+ {{- end -}}
+ {{- if $middlewareData.ipStrategy.excludedIPs }}
+ excludedIPs:
+ {{- range $middlewareData.ipStrategy.excludedIPs }}
+ - {{ . }}
+ {{- end }}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/modsecurity.yaml b/enterprise/traefik/21.1.9/templates/middlewares/modsecurity.yaml
new file mode 100644
index 00000000000..07a8d5d358f
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/modsecurity.yaml
@@ -0,0 +1,14 @@
+{{- range $index, $middlewareData := .Values.middlewares.modsecurity }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ plugin:
+ traefik-modsecurity-plugin:
+ modSecurityUrl: {{ $middlewareData.modSecurityUrl }}
+ timeoutMillis: {{ $middlewareData.timeoutMillis }}
+ maxBodySize: {{ $middlewareData.maxBodySize }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/ratelimit.yaml b/enterprise/traefik/21.1.9/templates/middlewares/ratelimit.yaml
new file mode 100644
index 00000000000..cd9117633f6
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/ratelimit.yaml
@@ -0,0 +1,13 @@
+{{- range $index, $middlewareData := .Values.middlewares.rateLimit }}
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ rateLimit:
+ average: {{ $middlewareData.average }}
+ burst: {{ $middlewareData.burst }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/real-ip.yaml b/enterprise/traefik/21.1.9/templates/middlewares/real-ip.yaml
new file mode 100644
index 00000000000..2877d9ce7f7
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/real-ip.yaml
@@ -0,0 +1,15 @@
+{{- range $index, $middlewareData := .Values.middlewares.realIP }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ plugin:
+ traefik-real-ip:
+ excludednets:
+ {{- range $middlewareData.excludedNetworks }}
+ - {{ . | quote }}
+ {{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/redirectScheme.yaml b/enterprise/traefik/21.1.9/templates/middlewares/redirectScheme.yaml
new file mode 100644
index 00000000000..09f3093998a
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/redirectScheme.yaml
@@ -0,0 +1,13 @@
+{{- range $index, $middlewareData := .Values.middlewares.redirectScheme }}
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ redirectScheme:
+ scheme: {{ $middlewareData.scheme }}
+ permanent: {{ $middlewareData.permanent }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/redirectregex.yaml b/enterprise/traefik/21.1.9/templates/middlewares/redirectregex.yaml
new file mode 100644
index 00000000000..30f44f9081b
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/redirectregex.yaml
@@ -0,0 +1,14 @@
+{{- range $index, $middlewareData := .Values.middlewares.redirectRegex }}
+---
+# Declaring the user list
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ redirectRegex:
+ regex: {{ $middlewareData.regex | quote }}
+ replacement: {{ $middlewareData.replacement | quote }}
+ permanent: {{ $middlewareData.permanent }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/rewriteResponseHeaders.yaml b/enterprise/traefik/21.1.9/templates/middlewares/rewriteResponseHeaders.yaml
new file mode 100644
index 00000000000..d7bfdcdbe07
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/rewriteResponseHeaders.yaml
@@ -0,0 +1,17 @@
+{{- range $index, $middlewareData := .Values.middlewares.rewriteResponseHeaders }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ plugin:
+ rewriteResponseHeaders:
+ rewrites:
+ {{- range $index, $rewriteResponseHeader := $middlewareData.headers }}
+ - header: {{ $rewriteResponseHeader.name }}
+ regex: {{ $rewriteResponseHeader.regex | quote }}
+ replacement: {{ $rewriteResponseHeader.replacement | quote }}
+ {{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/stripPrefixRegex.yaml b/enterprise/traefik/21.1.9/templates/middlewares/stripPrefixRegex.yaml
new file mode 100644
index 00000000000..6fd4c8c9970
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/stripPrefixRegex.yaml
@@ -0,0 +1,14 @@
+{{- range $index, $middlewareData := .Values.middlewares.stripPrefixRegex }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ stripPrefixRegex:
+ regex:
+ {{- range $middlewareData.regex }}
+ - {{ . | quote }}
+ {{- end }}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/tc-chains.yaml b/enterprise/traefik/21.1.9/templates/middlewares/tc-chains.yaml
new file mode 100644
index 00000000000..5566d77c146
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/tc-chains.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-chain") "tc-opencors-chain" $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ chain:
+ middlewares:
+ - name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }}
+ - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }}
+ - name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-chain") "tc-closedcors-chain" $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ chain:
+ middlewares:
+ - name: {{ ternary (printf "%v-%v" $.Release.Name "basic-ratelimit") "basic-ratelimit" $.Values.ingressClass.enabled }}
+ - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }}
+ - name: {{ ternary (printf "%v-%v" $.Release.Name "compress") "compress" $.Values.ingressClass.enabled }}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/tc-headers.yaml b/enterprise/traefik/21.1.9/templates/middlewares/tc-headers.yaml
new file mode 100644
index 00000000000..b0500afc708
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/tc-headers.yaml
@@ -0,0 +1,57 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name "tc-opencors-headers") "tc-opencors-headers" $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ headers:
+ accessControlAllowHeaders:
+ - '*'
+ accessControlAllowMethods:
+ - GET
+ - OPTIONS
+ - HEAD
+ - PUT
+ - POST
+ accessControlAllowOriginList:
+ - '*'
+ accessControlMaxAge: 100
+ browserXssFilter: true
+ contentTypeNosniff: true
+ customRequestHeaders:
+ X-Forwarded-Proto: https
+ customResponseHeaders:
+ server: ""
+ forceSTSHeader: true
+ referrerPolicy: same-origin
+ sslForceHost: true
+ sslRedirect: true
+ stsSeconds: 63072000
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name "tc-closedcors-headers") "tc-closedcors-headers" $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ headers:
+ accessControlAllowMethods:
+ - GET
+ - OPTIONS
+ - HEAD
+ - PUT
+ accessControlMaxAge: 100
+ sslRedirect: true
+ stsSeconds: 63072000
+ # stsIncludeSubdomains: false
+ # stsPreload: false
+ forceSTSHeader: true
+ contentTypeNosniff: true
+ browserXssFilter: true
+ sslForceHost: true
+ referrerPolicy: same-origin
+ customRequestHeaders:
+ X-Forwarded-Proto: "https"
+ customResponseHeaders:
+ server: ''
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/tc-nextcloud.yaml b/enterprise/traefik/21.1.9/templates/middlewares/tc-nextcloud.yaml
new file mode 100644
index 00000000000..fcb09becb98
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/tc-nextcloud.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ redirectRegex:
+ regex: "https://(.*)/.well-known/(card|cal)dav"
+ replacement: "https://${1}/remote.php/dav/"
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-chain") "tc-nextcloud-chain" $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ chain:
+ middlewares:
+ - name: {{ ternary (printf "%v-%v" $.Release.Name "tc-nextcloud-redirectregex-dav") "tc-nextcloud-redirectregex-dav" $.Values.ingressClass.enabled }}
diff --git a/enterprise/traefik/21.1.9/templates/middlewares/theme-park.yaml b/enterprise/traefik/21.1.9/templates/middlewares/theme-park.yaml
new file mode 100644
index 00000000000..16abf2e2f34
--- /dev/null
+++ b/enterprise/traefik/21.1.9/templates/middlewares/theme-park.yaml
@@ -0,0 +1,20 @@
+{{- range $index, $middlewareData := .Values.middlewares.themePark }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+ name: {{ ternary (printf "%v-%v" $.Release.Name $middlewareData.name) $middlewareData.name $.Values.ingressClass.enabled }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ plugin:
+ traefik-themepark:
+ app: {{ $middlewareData.appName }}
+ theme: {{ $middlewareData.themeName }}
+ baseUrl: {{ $middlewareData.baseUrl }}
+ {{- if $middlewareData.addons }}
+ addons:
+ {{- range $middlewareData.addons }}
+ - {{ . | quote }}
+ {{- end }}
+ {{- end -}}
+{{- end -}}
diff --git a/enterprise/traefik/21.1.9/values.yaml b/enterprise/traefik/21.1.9/values.yaml
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/stable/nextcloud/22.1.15/CHANGELOG.md b/stable/nextcloud/22.1.15/CHANGELOG.md
new file mode 100644
index 00000000000..e5444865006
--- /dev/null
+++ b/stable/nextcloud/22.1.15/CHANGELOG.md
@@ -0,0 +1,99 @@
+**Important:**
+*for the complete changelog, please refer to the website*
+
+
+
+
+## [nextcloud-22.1.15](https://github.com/truecharts/charts/compare/nextcloud-22.1.14...nextcloud-22.1.15) (2023-11-17)
+
+
+
+
+## [nextcloud-22.1.14](https://github.com/truecharts/charts/compare/nextcloud-22.1.13...nextcloud-22.1.14) (2023-11-17)
+
+
+
+
+## [nextcloud-22.1.13](https://github.com/truecharts/charts/compare/nextcloud-22.1.12...nextcloud-22.1.13) (2023-11-16)
+
+### Chore
+
+- update container image tccr.io/truecharts/collabora to v23.05.5.4.1 ([#14708](https://github.com/truecharts/charts/issues/14708))
+
+
+
+
+## [nextcloud-22.1.12](https://github.com/truecharts/charts/compare/nextcloud-22.1.11...nextcloud-22.1.12) (2023-11-15)
+
+### Chore
+
+- update container image tccr.io/truecharts/nginx-unprivileged to v1.25.3 ([#14667](https://github.com/truecharts/charts/issues/14667))
+
+
+
+
+## [nextcloud-22.1.11](https://github.com/truecharts/charts/compare/nextcloud-22.1.10...nextcloud-22.1.11) (2023-11-13)
+
+### Chore
+
+- update container image tccr.io/truecharts/collabora to v23.05.5.4.1 ([#14613](https://github.com/truecharts/charts/issues/14613))
+ - update container image tccr.io/truecharts/nginx-unprivileged to v1.25.2 ([#14619](https://github.com/truecharts/charts/issues/14619))
+
+
+
+
+## [nextcloud-22.1.10](https://github.com/truecharts/charts/compare/nextcloud-22.1.9...nextcloud-22.1.10) (2023-11-08)
+
+### Chore
+
+- update helm general non-major ([#14465](https://github.com/truecharts/charts/issues/14465))
+
+
+
+
+## [nextcloud-22.1.9](https://github.com/truecharts/charts/compare/nextcloud-22.1.8...nextcloud-22.1.9) (2023-11-08)
+
+### Chore
+
+- update helm general non-major ([#14454](https://github.com/truecharts/charts/issues/14454))
+
+
+
+
+## [nextcloud-22.1.8](https://github.com/truecharts/charts/compare/nextcloud-22.1.7...nextcloud-22.1.8) (2023-11-08)
+
+### Chore
+
+- update container image tccr.io/truecharts/nginx-unprivileged to v1.25.2 ([#14439](https://github.com/truecharts/charts/issues/14439))
+
+
+
+
+## [nextcloud-22.1.7](https://github.com/truecharts/charts/compare/nextcloud-22.1.6...nextcloud-22.1.7) (2023-11-07)
+
+### Chore
+
+- update container image tccr.io/truecharts/nextcloud-imaginary to v20230401 ([#14434](https://github.com/truecharts/charts/issues/14434))
+
+
+
+
+## [nextcloud-22.1.6](https://github.com/truecharts/charts/compare/nextcloud-22.1.5...nextcloud-22.1.6) (2023-11-07)
+
+### Chore
+
+- update container image tccr.io/truecharts/nextcloud-imaginary to v20230401 ([#14433](https://github.com/truecharts/charts/issues/14433))
+
+
+
+
+## [nextcloud-22.1.5](https://github.com/truecharts/charts/compare/nextcloud-22.1.4...nextcloud-22.1.5) (2023-11-05)
+
+### Chore
+
+- update helm general non-major ([#14365](https://github.com/truecharts/charts/issues/14365))
+
+
+
+
+## [nextcloud-22.1.4](https://github.com/truecharts/charts/compare/nextcloud-22.1.3...nextcloud-22.1.4) (2023-11-02)
diff --git a/stable/nextcloud/22.1.15/Chart.yaml b/stable/nextcloud/22.1.15/Chart.yaml
new file mode 100644
index 00000000000..c7c04af938d
--- /dev/null
+++ b/stable/nextcloud/22.1.15/Chart.yaml
@@ -0,0 +1,35 @@
+apiVersion: v2
+appVersion: "27.1.3"
+dependencies:
+ - name: common
+ repository: https://library-charts.truecharts.org
+ version: 14.3.5
+ - condition: redis.enabled
+ name: redis
+ repository: https://deps.truecharts.org
+ version: 6.0.66
+deprecated: false
+description: A private cloud server that puts the control and security of your own data back into your hands.
+home: https://truecharts.org/charts/stable/nextcloud
+icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png
+keywords:
+ - nextcloud
+ - storage
+ - http
+ - web
+ - php
+kubeVersion: ">=1.16.0-0"
+maintainers:
+ - email: info@truecharts.org
+ name: TrueCharts
+ url: https://truecharts.org
+name: nextcloud
+sources:
+ - https://github.com/truecharts/charts/tree/master/charts/stable/nextcloud
+ - https://github.com/nextcloud/docker
+ - https://github.com/nextcloud/helm
+type: application
+version: 22.1.15
+annotations:
+ truecharts.org/category: cloud
+ truecharts.org/SCALE-support: "true"
diff --git a/stable/nextcloud/22.1.15/LICENSE b/stable/nextcloud/22.1.15/LICENSE
new file mode 100644
index 00000000000..33a8cbb23f0
--- /dev/null
+++ b/stable/nextcloud/22.1.15/LICENSE
@@ -0,0 +1,106 @@
+Business Source License 1.1
+
+Parameters
+
+Licensor: The TrueCharts Project, it's owner and it's contributors
+Licensed Work: The TrueCharts "Blocky" Helm Chart
+Additional Use Grant: You may use the licensed work in production, as long
+ as it is directly sourced from a TrueCharts provided
+ official repository, catalog or source. You may also make private
+ modification to the directly sourced licenced work,
+ when used in production.
+
+ The following cases are, due to their nature, also
+ defined as 'production use' and explicitly prohibited:
+ - Bundling, including or displaying the licensed work
+ with(in) another work intended for production use,
+ with the apparent intend of facilitating and/or
+ promoting production use by third parties in
+ violation of this license.
+
+Change Date: 2050-01-01
+
+Change License: 3-clause BSD license
+
+For information about alternative licensing arrangements for the Software,
+please contact: legal@truecharts.org
+
+Notice
+
+The Business Source License (this document, or the “License”) is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+“Business Source License” is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Business Source License 1.1
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License’s text to license
+your works, and to refer to it using the trademark “Business Source License”,
+as long as you comply with the Covenants of Licensor below.
+
+Covenants of Licensor
+
+In consideration of the right to use this License’s text and the “Business
+Source License” name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+ or a license that is compatible with GPL Version 2.0 or a later version,
+ where “compatible” means that software provided under the Change License can
+ be included in a program with software provided under GPL Version 2.0 or a
+ later version. Licensor may specify additional Change Licenses without
+ limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+ impose any additional restriction on the right granted in this License, as
+ the Additional Use Grant; or (b) insert the text “None”.
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.
diff --git a/stable/nextcloud/22.1.15/README.md b/stable/nextcloud/22.1.15/README.md
new file mode 100644
index 00000000000..e0a9b8fa8d7
--- /dev/null
+++ b/stable/nextcloud/22.1.15/README.md
@@ -0,0 +1,27 @@
+# README
+
+## General Info
+
+TrueCharts can be installed as both *normal* Helm Charts or as Apps on TrueNAS SCALE.
+However only installations using the TrueNAS SCALE Apps system are supported.
+
+For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/stable/)
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
+
+
+## Support
+
+- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
+- See the [Website](https://truecharts.org)
+- Check our [Discord](https://discord.gg/tVsPTHWTtr)
+- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
+
+---
+
+## Sponsor TrueCharts
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
+
+*All Rights Reserved - The TrueCharts Project*
diff --git a/stable/nextcloud/22.1.15/app-changelog.md b/stable/nextcloud/22.1.15/app-changelog.md
new file mode 100644
index 00000000000..be98b5f774b
--- /dev/null
+++ b/stable/nextcloud/22.1.15/app-changelog.md
@@ -0,0 +1,4 @@
+
+
+## [nextcloud-22.1.15](https://github.com/truecharts/charts/compare/nextcloud-22.1.14...nextcloud-22.1.15) (2023-11-17)
+
diff --git a/stable/nextcloud/22.1.15/app-readme.md b/stable/nextcloud/22.1.15/app-readme.md
new file mode 100644
index 00000000000..1369f69bf57
--- /dev/null
+++ b/stable/nextcloud/22.1.15/app-readme.md
@@ -0,0 +1,8 @@
+A private cloud server that puts the control and security of your own data back into your hands.
+
+This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/stable/nextcloud](https://truecharts.org/charts/stable/nextcloud)
+
+---
+
+TrueCharts can only exist due to the incredible effort of our staff.
+Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
diff --git a/stable/nextcloud/22.1.15/charts/common-14.3.5.tgz b/stable/nextcloud/22.1.15/charts/common-14.3.5.tgz
new file mode 100644
index 00000000000..58fbc6f4962
Binary files /dev/null and b/stable/nextcloud/22.1.15/charts/common-14.3.5.tgz differ
diff --git a/stable/nextcloud/22.1.15/charts/redis-6.0.66.tgz b/stable/nextcloud/22.1.15/charts/redis-6.0.66.tgz
new file mode 100644
index 00000000000..77495e13510
Binary files /dev/null and b/stable/nextcloud/22.1.15/charts/redis-6.0.66.tgz differ
diff --git a/stable/nextcloud/22.1.15/ix_values.yaml b/stable/nextcloud/22.1.15/ix_values.yaml
new file mode 100644
index 00000000000..a4629898da6
--- /dev/null
+++ b/stable/nextcloud/22.1.15/ix_values.yaml
@@ -0,0 +1,509 @@
+image:
+ repository: tccr.io/truecharts/nextcloud-fpm
+ pullPolicy: IfNotPresent
+ tag: v27.1.3@sha256:517609d65d5cbdc5827dc8ae3f209aa546b43ede3a038ac4b2b1011a5f13d118
+nginxImage:
+ repository: tccr.io/truecharts/nginx-unprivileged
+ pullPolicy: IfNotPresent
+ tag: v1.25.3@sha256:1bba1131cb28a9a43b8b72c1c543cbf60679cb72be9d4432527f6074d1dadf96
+imaginaryImage:
+ repository: tccr.io/truecharts/nextcloud-imaginary
+ pullPolicy: IfNotPresent
+ tag: v20230401@sha256:50cb9b1013b1e2eb36c719597bfed38dff4ccdc5f69429c95dea6d92605f9bf7
+hpbImage:
+ repository: tccr.io/truecharts/nextcloud-push-notify
+ pullPolicy: IfNotPresent
+ tag: v0.6.3@sha256:b9c35ab123354eeac3996e361f8c30b8e4de6d2ccd69e5179a7c2a101a67b46f
+clamavImage:
+ repository: tccr.io/truecharts/clamav
+ pullPolicy: IfNotPresent
+ tag: v1.2.1@sha256:f9fe7d0ccd86d1ee0583465a0ccf1cbd4bae7468c4c6297be4b8ca7f73260f42
+collaboraImage:
+ repository: tccr.io/truecharts/collabora
+ pullPolicy: IfNotPresent
+ tag: v23.05.5.4.1@sha256:0ce2644cd5587c04d8aa62b94b2a62f8a0aee3110c3f36ddd3e4d54475432ac9
+nextcloud:
+ # Initial Credentials
+ credentials:
+ initialAdminUser: admin
+ initialAdminPassword: adminpass
+ # General settings
+ general:
+ # Custom Nextcloud Scripts
+ run_optimize: true
+ default_phone_region: GR
+ # IP used for exposing nextcloud,
+ # often the loadbalancer IP
+ accessIP: ""
+ # Allows Nextcloud to connect to unsecure (http) endpoints
+ force_enable_allow_local_remote_servers: false
+ # File settings
+ files:
+ shared_folder_name: Shared
+ max_chunk_size: 10485760
+ # Expiration settings
+ expirations:
+ activity_expire_days: 90
+ trash_retention_obligation: auto
+ versions_retention_obligation: auto
+ # Previews settings
+ previews:
+ enabled: true
+ # It will also deploy the container
+ imaginary: true
+ cron: true
+ schedule: "*/30 * * * *"
+ max_x: 2048
+ max_y: 2048
+ max_memory: 1024
+ max_file_size_image: 50
+ # Setting for Imaginary
+ max_allowed_resolution: 18.0
+ jpeg_quality: 60
+ square_sizes: 32 256
+ width_sizes: 256 384
+ height_sizes: 256
+ # Casings are important
+ # https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269
+ # Only the last part of the provider is needed
+ providers:
+ - PNG
+ - JPEG
+ # Logging settings
+ logging:
+ log_level: 2
+ log_file: /var/www/html/data/logs/nextcloud.log
+ log_audit_file: /var/www/html/data/logs/audit.log
+ log_date_format: d/m/Y H:i:s
+ # ClamAV settings
+ clamav:
+ # It will also deploy the container
+ # Note that this runs as root
+ enabled: false
+ stream_max_length: 26214400
+ file_max_size: -1
+ infected_action: only_log
+ # Notify Push settings
+ notify_push:
+ # It will also deploy the container
+ enabled: true
+ # Collabora settings
+ collabora:
+ # It will also deploy the container
+ enabled: false
+ # default|compact|tabbed
+ interface_mode: default
+ username: admin
+ password: changeme
+ dictionaries:
+ - de_DE
+ - en_GB
+ - en_US
+ - el_GR
+ - es_ES
+ - fr_FR
+ - pt_BR
+ - pt_PT
+ - it
+ - nl
+ - ru
+ onlyoffice:
+ # It will not deploy the container
+ # Only add the OnlyOffice settings
+ enabled: false
+ url: ""
+ jwt: ""
+ jwt_header: Authorization
+ # PHP settings
+ php:
+ memory_limit: 1G
+ upload_limit: 10G
+ pm_max_children: 180
+ pm_start_servers: 18
+ pm_min_spare_servers: 12
+ pm_max_spare_servers: 30
+ opcache:
+ interned_strings_buffer: 32
+ max_accelerated_files: 10000
+ memory_consumption: 128
+ revalidate_freq: 60
+ jit_buffer_size: 128
+# Do NOT edit below this line
+workload:
+ # Nextcloud php-fpm
+ main:
+ type: Deployment
+ podSpec:
+ containers:
+ main:
+ enabled: true
+ primary: true
+ envFrom:
+ - configMapRef:
+ name: nextcloud-config
+ probes:
+ liveness:
+ enabled: true
+ type: exec
+ command: /healthcheck.sh
+ readiness:
+ enabled: true
+ type: exec
+ command: /healthcheck.sh
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}"
+ nginx:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ nginx:
+ enabled: true
+ primary: true
+ imageSelector: nginxImage
+ probes:
+ readiness:
+ enabled: true
+ path: /robots.txt
+ port: "{{ .Values.service.main.ports.main.port }}"
+ httpHeaders:
+ Host: kube.internal.healthcheck
+ liveness:
+ enabled: true
+ path: /robots.txt
+ port: "{{ .Values.service.main.ports.main.port }}"
+ httpHeaders:
+ Host: kube.internal.healthcheck
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.main.ports.main.port }}"
+ notify:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ notify:
+ primary: true
+ enabled: true
+ imageSelector: hpbImage
+ envFrom:
+ - configMapRef:
+ name: hpb-config
+ probes:
+ readiness:
+ enabled: true
+ path: /push/test/cookie
+ port: 7867
+ httpHeaders:
+ Host: kube.internal.healthcheck
+ liveness:
+ enabled: true
+ path: /push/test/cookie
+ port: 7867
+ httpHeaders:
+ Host: kube.internal.healthcheck
+ startup:
+ enabled: true
+ type: tcp
+ port: 7867
+ imaginary:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ imaginary:
+ primary: true
+ enabled: true
+ imageSelector: imaginaryImage
+ command: imaginary
+ args:
+ - -p
+ - "{{ .Values.service.imaginary.ports.imaginary.port }}"
+ - -concurrency
+ - "10"
+ - -max-allowed-resolution
+ - "{{ .Values.nextcloud.previews.max_allowed_resolution }}"
+ - -enable-url-source
+ - -return-size
+ probes:
+ readiness:
+ enabled: true
+ path: /health
+ port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
+ liveness:
+ enabled: true
+ path: /health
+ port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
+ clamav:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ clamav:
+ primary: true
+ enabled: true
+ imageSelector: clamavImage
+ # FIXME: https://github.com/Cisco-Talos/clamav/issues/478
+ securityContext:
+ runAsUser: 0
+ runAsGroup: 0
+ runAsNonRoot: false
+ readOnlyRootFilesystem: false
+ envFrom:
+ - configMapRef:
+ name: clamav-config
+ probes:
+ readiness:
+ enabled: true
+ type: exec
+ command: clamdcheck.sh
+ liveness:
+ enabled: true
+ type: exec
+ command: clamdcheck.sh
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.clamav.ports.clamav.targetPort }}"
+ collabora:
+ enabled: true
+ type: Deployment
+ strategy: RollingUpdate
+ replicas: 1
+ podSpec:
+ containers:
+ collabora:
+ primary: true
+ enabled: true
+ imageSelector: collaboraImage
+ securityContext:
+ runAsUser: 100
+ runAsGroup: 102
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: true
+ capabilities:
+ add:
+ - CHOWN
+ - FOWNER
+ - SYS_CHROOT
+ - MKNOD
+ envFrom:
+ - configMapRef:
+ name: collabora-config
+ probes:
+ readiness:
+ enabled: true
+ type: http
+ path: /collabora/
+ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
+ liveness:
+ enabled: true
+ type: http
+ path: /collabora/
+ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
+ startup:
+ enabled: true
+ type: tcp
+ port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
+cronjobs:
+ # Don't change names, it's used in the persistence
+ - name: nextcloud-cron
+ enabled: true
+ schedule: "*/5 * * * *"
+ cmd:
+ - echo "Running [php -f /var/www/html/cron.php] ..."
+ - php -f /var/www/html/cron.php
+ - echo "Finished [php -f /var/www/html/cron.php]"
+ - name: preview-cron
+ enabled: "{{ .Values.nextcloud.previews.cron }}"
+ schedule: "{{ .Values.nextcloud.previews.schedule }}"
+ cmd:
+ - echo "Running [occ preview:pre-generate] ..."
+ - occ preview:pre-generate
+ - echo "Finished [occ preview:pre-generate]"
+service:
+ # Main service links to ingress easier
+ # That's why the nginx is swapped with nextcloud
+ main:
+ targetSelector: nginx
+ ports:
+ main:
+ targetSelector: nginx
+ port: 8080
+ nextcloud:
+ enabled: true
+ targetSelector: main
+ ports:
+ nextcloud:
+ enabled: true
+ targetSelector: main
+ port: 9000
+ targetPort: 9000
+ notify:
+ enabled: true
+ targetSelector: notify
+ ports:
+ notify:
+ enabled: true
+ primary: true
+ port: 7867
+ targetPort: 7867
+ targetSelector: notify
+ metrics:
+ enabled: true
+ port: 7868
+ targetSelector: notify
+ imaginary:
+ enabled: true
+ targetSelector: imaginary
+ ports:
+ imaginary:
+ enabled: true
+ port: 9090
+ targetSelector: imaginary
+ clamav:
+ enabled: true
+ targetSelector: clamav
+ ports:
+ clamav:
+ enabled: true
+ port: 3310
+ targetPort: 3310
+ targetSelector: clamav
+ collabora:
+ enabled: true
+ targetSelector: collabora
+ ports:
+ collabora:
+ enabled: true
+ port: 9980
+ targetPort: 9980
+ targetSelector: collabora
+persistence:
+ php-tune:
+ enabled: true
+ type: configmap
+ objectName: php-tune
+ targetSelector:
+ main:
+ main:
+ mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf
+ subPath: zz-tune.conf
+ readOnly: true
+ redis-session:
+ enabled: true
+ type: configmap
+ objectName: redis-session
+ targetSelector:
+ main:
+ main:
+ mountPath: /usr/local/etc/php/conf.d/redis-session.ini
+ subPath: redis-session.ini
+ readOnly: true
+ opcache-recommended:
+ enabled: true
+ type: configmap
+ objectName: opcache
+ targetSelector:
+ main:
+ main:
+ mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini
+ subPath: opcache-recommended.ini
+ readOnly: true
+ nginx:
+ enabled: true
+ type: configmap
+ objectName: nginx-config
+ targetSelector:
+ nginx:
+ nginx:
+ mountPath: /etc/nginx/nginx.conf
+ subPath: nginx.conf
+ readOnly: true
+ nginx-temp:
+ enabled: true
+ type: emptyDir
+ targetSelector:
+ nginx:
+ nginx:
+ mountPath: /tmp/nginx
+ html:
+ enabled: true
+ targetSelector:
+ main:
+ main:
+ mountPath: /var/www/html
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html
+ preview-cron:
+ preview-cron:
+ mountPath: /var/www/html
+ nginx:
+ nginx:
+ mountPath: /var/www/html
+ readOnly: true
+ config:
+ enabled: true
+ targetSelector:
+ main:
+ main:
+ mountPath: /var/www/html/config
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html/config
+ preview-cron:
+ preview-cron:
+ mountPath: /var/www/html/config
+ notify:
+ notify:
+ mountPath: /var/www/html/config
+ readOnly: true
+ nginx:
+ nginx:
+ mountPath: /var/www/html/config
+ readOnly: true
+ data:
+ enabled: true
+ targetSelector:
+ main:
+ main:
+ mountPath: /var/www/html/data
+ init-perms:
+ mountPath: /var/www/html/data
+ nextcloud-cron:
+ nextcloud-cron:
+ mountPath: /var/www/html/data
+ preview-cron:
+ preview-cron:
+ mountPath: /var/www/html/data
+ nginx:
+ nginx:
+ mountPath: /var/www/html/data
+ readOnly: true
+cnpg:
+ main:
+ enabled: true
+ user: nextcloud
+ database: nextcloud
+redis:
+ enabled: true
+ username: default
+portal:
+ open:
+ enabled: true
diff --git a/stable/nextcloud/22.1.15/questions.yaml b/stable/nextcloud/22.1.15/questions.yaml
new file mode 100644
index 00000000000..a851994c7a6
--- /dev/null
+++ b/stable/nextcloud/22.1.15/questions.yaml
@@ -0,0 +1,3179 @@
+groups:
+ - name: Container Image
+ description: Image to be used for container
+ - name: General Settings
+ description: General Deployment Settings
+ - name: Workload Settings
+ description: Workload Settings
+ - name: App Configuration
+ description: App Specific Config Options
+ - name: Networking and Services
+ description: Configure Network and Services for Container
+ - name: Storage and Persistence
+ description: Persist and Share Data that is Separate from the Container
+ - name: Ingress
+ description: Ingress Configuration
+ - name: Security and Permissions
+ description: Configure Security Context and Permissions
+ - name: Resources and Devices
+ description: "Specify Resources/Devices to be Allocated to Workload"
+ - name: Middlewares
+ description: Traefik Middlewares
+ - name: Metrics
+ description: Metrics
+ - name: Addons
+ description: Addon Configuration
+ - name: Advanced
+ description: Advanced Configuration
+ - name: Postgresql
+ description: Postgresql
+ - name: Documentation
+ description: Documentation
+portals:
+ open:
+ protocols:
+ - "$kubernetes-resource_configmap_tcportal-open_protocol"
+ host:
+ - "$kubernetes-resource_configmap_tcportal-open_host"
+ ports:
+ - "$kubernetes-resource_configmap_tcportal-open_port"
+questions:
+ - variable: global
+ group: General Settings
+ label: "Global Settings"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: stopAll
+ label: Stop All
+ description: "Stops All Running pods and hibernates cnpg"
+ schema:
+ type: boolean
+ default: false
+ - variable: workload
+ group: "Workload Settings"
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type (Advanced)
+ schema:
+ type: string
+ default: Deployment
+ enum:
+ - value: Deployment
+ description: Deployment
+ - value: DaemonSet
+ description: DaemonSet
+ - variable: replicas
+ label: Replicas (Advanced)
+ description: Set the number of Replicas
+ schema:
+ type: int
+ show_if: [["type", "!=", "DaemonSet"]]
+ default: 1
+ - variable: podSpec
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: containers
+ label: Containers
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: envList
+ label: Extra Environment Variables
+ description: "Please be aware that some variables are set in the background, adding duplicates here might cause issues or prevent the app from starting..."
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ - variable: extraArgs
+ label: Extra Args
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: arg
+ label: Arg
+ schema:
+ type: string
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: command
+ label: Command
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: param
+ label: Param
+ schema:
+ type: string
+ - variable: TZ
+ label: Timezone
+ group: "General Settings"
+ schema:
+ type: string
+ default: "Etc/UTC"
+ $ref:
+ - "definitions/timezone"
+ - variable: nextcloud
+ group: App Configuration
+ label: Nextcloud
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: credentials
+ label: Initial Credentials
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: initialAdminUser
+ label: Initial Admin User
+ description: Sets the initial admin username
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: initialAdminPassword
+ label: Initial Admin Password
+ description: Sets the initial admin password
+ schema:
+ type: string
+ required: true
+ private: true
+ default: ""
+ - variable: general
+ label: General
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: run_optimize
+ label: Run Optimize Scripts
+ description: |
+ Runs the following commands at startup:
+ occ db:add-missing-indices
+ occ db:add-missing-columns
+ occ db:add-missing-primary-keys
+ yes | occ db:convert-filecache-bigint
+ occ maintenance:mimetype:update-js
+ occ maintenance:mimetype:update-db
+ occ maintenance:update:htaccess
+ schema:
+ type: boolean
+ default: false
+ - variable: default_phone_region
+ label: Default Phone Region
+ description: |
+ Sets the default phone region in ISO_3166-1 format (e.g. US).
+ https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#Officially_assigned_code_elements
+ schema:
+ type: string
+ valid_chars: '^[A-Z]{2}$'
+ required: true
+ default: ""
+ - variable: accessIP
+ label: Access IP
+ description: Set to the IP-Address used to reach Nextcloud.
+ schema:
+ type: string
+ required: true
+ $ref:
+ - "definitions/nodeIP"
+ - variable: force_enable_allow_local_remote_servers
+ label: Force Enable Allow Local Remote Servers
+ description:
+ Enables 'allow_local_remote_servers' option
+ schema:
+ type: boolean
+ default: false
+ - variable: files
+ label: Files Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: shared_folder_name
+ label: Shared Folder Name
+ schema:
+ type: string
+ required: true
+ default: Shared
+ - variable: max_chunk_size
+ label: Max Chunk Size
+ schema:
+ type: int
+ required: true
+ default: 10485760
+ - variable: expirations
+ label: Expirations Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: activity_expire_days
+ label: Activity Expire Days
+ schema:
+ type: int
+ required: true
+ default: 90
+ - variable: trash_retention_obligation
+ label: Trash Retention Obligation
+ schema:
+ type: string
+ required: true
+ default: auto
+ - variable: versions_retention_obligation
+ label: Versions Retention Obligation
+ schema:
+ type: string
+ required: true
+ default: auto
+ - variable: previews
+ label: Previews Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Previews
+ schema:
+ type: boolean
+ default: true
+ show_subquestions_if: true
+ subquestions:
+ - variable: imaginary
+ label: Enable imaginary
+ description: |
+ Enable imaginary to generate previews in the background.
+ It will also deploy the needed container.
+ schema:
+ type: boolean
+ default: true
+ - variable: cron
+ label: Enable cron
+ description: |
+ Enable cron to generate previews in the background.
+ schema:
+ type: boolean
+ default: true
+ - variable: schedule
+ label: Cron Schedule
+ schema:
+ type: string
+ default: "*/30 * * * *"
+ - variable: max_x
+ label: Max X
+ schema:
+ type: int
+ required: true
+ default: 2048
+ - variable: max_y
+ label: Max Y
+ schema:
+ type: int
+ required: true
+ default: 2048
+ - variable: max_memory
+ label: Max Memory
+ schema:
+ type: int
+ required: true
+ default: 1024
+ - variable: max_allowed_resolution
+ label: Max Allowed Resolution
+ schema:
+ type: string
+ valid_chars: '^[0-9]{1,5}(\.[0-9]{1,2})?$'
+ show_if: [["imaginary", "=", true]]
+ required: true
+ default: "18.0"
+ - variable: max_file_size_image
+ label: Max File Size Image
+ schema:
+ type: int
+ required: true
+ default: 50
+ - variable: jpeg_quality
+ label: JPEG Quality
+ schema:
+ type: int
+ required: true
+ default: 60
+ - variable: square_sizes
+ label: Square Sizes
+ schema:
+ type: string
+ required: true
+ default: "32 256"
+ - variable: width_sizes
+ label: Width Sizes
+ schema:
+ type: string
+ required: true
+ default: "256 384"
+ - variable: height_sizes
+ label: Height Sizes
+ schema:
+ type: string
+ required: true
+ default: "256"
+ - variable: providers
+ label: Providers
+ schema:
+ type: list
+ empty: false
+ required: true
+ default:
+ - BMP
+ - GIF
+ - JPEG
+ - Krita
+ - MarkDown
+ - MP3
+ - OpenDocument
+ - PNG
+ - TXT
+ - XBitmap
+ items:
+ - variable: provider_entry
+ label: Provider Entry
+ schema:
+ type: string
+ required: true
+ default: ""
+ enum:
+ - value: BMP
+ description: BMP
+ - value: Font
+ description: Font
+ - value: GIF
+ description: GIF
+ - value: HEIC
+ description: HEIC
+ - value: Illustrator
+ description: Illustrator
+ - value: JPEG
+ description: JPEG
+ - value: Krita
+ description: Krita
+ - value: MarkDown
+ description: MarkDown
+ - value: Movie
+ description: Movie
+ - value: MP3
+ description: MP3
+ - value: MSOffice2003
+ description: MSOffice2003
+ - value: MSOffice2007
+ description: MSOffice2007
+ - value: MSOfficeDoc
+ description: MSOfficeDoc
+ - value: OpenDocument
+ description: OpenDocument
+ - value: PDF
+ description: PDF
+ - value: Photoshop
+ description: Photoshop
+ - value: PNG
+ description: PNG
+ - value: Postscript
+ description: Postscript
+ - value: StarOffice
+ description: StarOffice
+ - value: SVG
+ description: SVG
+ - value: TIFF
+ description: TIFF
+ - value: TXT
+ description: TXT
+ - value: XBitmap
+ description: XBitmap
+ - variable: Logging
+ label: Logging Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: log_level
+ label: Log Level
+ schema:
+ type: string
+ required: true
+ default: "2"
+ enum:
+ - value: "0"
+ description: Debug
+ - value: "1"
+ description: Info
+ - value: "2"
+ description: Warning
+ - value: "3"
+ description: Error
+ - value: "4"
+ description: Fatal
+ - variable: log_date_format
+ label: Log Date Format
+ schema:
+ type: string
+ required: true
+ default: d/m/Y H:i:s
+ - variable: notify_push
+ label: Notify Push Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Notify Push
+ description: |
+ Enable and Configure Notify Push.
+ It will also deploy the needed container
+ schema:
+ type: boolean
+ default: true
+ - variable: clamav
+ label: ClamAV Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable ClamAV
+ description: |
+ Enable and configure ClamAV.
+ It will also deploy the needed container.
+ Keep in mind that this will run as root.
+ https://github.com/Cisco-Talos/clamav/issues/478
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: stream_max_length
+ label: Stream Max Length
+ schema:
+ type: int
+ required: true
+ default: 104857600
+ - variable: file_max_size
+ label: File Max Size
+ schema:
+ type: int
+ required: true
+ default: -1
+ - variable: infected_action
+ label: Infected Action
+ schema:
+ type: string
+ required: true
+ default: only_log
+ enum:
+ - value: delete
+ description: Delete
+ - value: only_log
+ description: Only Log
+ - variable: collabora
+ label: Collabora Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Collabora
+ description: |
+ Enable and configure Collabora.
+ It will also deploy the needed container.
+ Keep in mind that this will run as root.
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: interface_mode
+ label: Interface Mode
+ schema:
+ type: string
+ required: true
+ default: default
+ enum:
+ - value: default
+ description: Default
+ - value: compact
+ description: Compact
+ - value: tabbed
+ description: Tabbed
+ - variable: username
+ label: Username
+ schema:
+ type: string
+ default: admin
+ required: true
+ - variable: password
+ label: Password
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: dictionaries
+ label: Dictionaries
+ schema:
+ type: list
+ empty: false
+ required: true
+ default:
+ - de_DE
+ - en_GB
+ - en_US
+ - el_GR
+ - es_ES
+ - fr_FR
+ - pt_BR
+ - pt_PT
+ - it
+ - nl
+ - ru
+ items:
+ - variable: dictionary
+ label: Dictionary
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: onlyoffice
+ label: Only Office Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable OnlyOffice
+ description: |
+ Enable and configure OnlyOffice.
+ This will NOT deploy the needed container.
+ You need to deploy it yourself.
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: url
+ label: URL
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: jwt
+ label: JWT
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: jwt_header
+ label: JWT Header
+ schema:
+ type: string
+ required: true
+ default: Authorization
+ - variable: php
+ label: PHP Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: memory_limit
+ label: Memory Limit
+ schema:
+ type: string
+ required: true
+ default: 1G
+ - variable: upload_limit
+ label: Upload Limit
+ schema:
+ type: string
+ required: true
+ default: 10G
+ - variable: pm_max_children
+ label: Max Children
+ schema:
+ type: int
+ required: true
+ default: 180
+ - variable: pm_start_servers
+ label: Start Servers
+ schema:
+ type: int
+ required: true
+ default: 18
+ - variable: pm_min_spare_servers
+ label: Minimum Spare Servers
+ schema:
+ type: int
+ required: true
+ default: 12
+ - variable: pm_max_spare_servers
+ label: Maximum Spare Servers
+ schema:
+ type: int
+ required: true
+ default: 30
+ - variable: opcache
+ label: OPCache Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: interned_strings_buffer
+ label: Interned Strings Buffer
+ description: The amount of memory used to store interned strings, in megabytes.
+ schema:
+ type: int
+ required: true
+ default: 32
+ - variable: max_accelerated_files
+ label: Max Accelerated Files
+ description: The maximum number of keys (and therefore scripts) in the OPcache hash table.
+ schema:
+ type: int
+ required: true
+ default: 10000
+ - variable: memory_consumption
+ label: Memory Consumption
+ description: The size of the shared memory storage used by OPcache, in megabytes.
+ schema:
+ type: int
+ required: true
+ default: 128
+ - variable: revalidate_freq
+ label: Revalidate Frequency
+ description: How often to check script timestamps for updates, in seconds. 0 will result in OPcache checking for updates on every request.
+ schema:
+ type: int
+ required: true
+ default: 60
+ - variable: jit_buffer_size
+ label: JIT Buffer Size
+ description: The amount of shared memory (in megabytes) to reserve for compiled JIT code. A zero value disables the JIT.
+ schema:
+ type: int
+ required: true
+ default: 128
+
+ - variable: podOptions
+ group: "General Settings"
+ label: "Global Pod Options (Advanced)"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: expertPodOpts
+ label: "Expert - Pod Options"
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hostNetwork
+ label: "Host Networking"
+ schema:
+ type: boolean
+ default: false
+ - variable: dnsConfig
+ label: "DNS Configuration"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: options
+ label: "Options"
+ schema:
+ type: list
+ default: [{"name": "ndots", "value": "1"}]
+ items:
+ - variable: optionsEntry
+ label: "Option Entry"
+ schema:
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: name
+ label: "Name"
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: "Value"
+ schema:
+ type: string
+ - variable: nameservers
+ label: "Nameservers"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: nsEntry
+ label: "Nameserver Entry"
+ schema:
+ type: string
+ required: true
+ - variable: searches
+ label: "Searches"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: searchEntry
+ label: "Search Entry"
+ schema:
+ type: string
+ required: true
+ - variable: service
+ group: Networking and Services
+ label: Configure Service(s)
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Service
+ description: The Primary service on which the healthcheck runs, often the webUI
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: "Service's Port(s) Configuration"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Service Port Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ default: 12000
+ required: true
+ - variable: serviceexpert
+ group: Networking and Services
+ label: Show Expert Config
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: scaleExternalInterface
+ description: Add External Interfaces
+ label: Add external Interfaces
+ group: Networking
+ schema:
+ type: list
+ items:
+ - variable: interfaceConfiguration
+ description: Interface Configuration
+ label: Interface Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "normalize/interfaceConfiguration"
+ attrs:
+ - variable: hostInterface
+ description: Please Specify Host Interface
+ label: Host Interface
+ schema:
+ type: string
+ required: true
+ $ref:
+ - "definitions/interface"
+ - variable: ipam
+ description: Define how IP Address will be managed
+ label: IP Address Management
+ schema:
+ additional_attrs: true
+ type: dict
+ required: true
+ attrs:
+ - variable: type
+ description: Specify type for IPAM
+ label: IPAM Type
+ schema:
+ type: string
+ required: true
+ enum:
+ - value: dhcp
+ description: Use DHCP
+ - value: static
+ description: Use Static IP
+ - variable: staticIPConfigurations
+ label: Static IP Addresses
+ schema:
+ type: list
+ show_if: [["type", "=", "static"]]
+ items:
+ - variable: staticIP
+ label: Static IP
+ schema:
+ type: ipaddr
+ cidr: true
+ - variable: staticRoutes
+ label: Static Routes
+ schema:
+ type: list
+ show_if: [["type", "=", "static"]]
+ items:
+ - variable: staticRouteConfiguration
+ label: Static Route Configuration
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: destination
+ label: Destination
+ schema:
+ type: ipaddr
+ cidr: true
+ required: true
+ - variable: gateway
+ label: Gateway
+ schema:
+ type: ipaddr
+ cidr: false
+ required: true
+ - variable: serviceList
+ label: Add Manual Custom Services
+ group: Networking and Services
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: serviceListEntry
+ label: Custom Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the service
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: LoadBalancer
+ description: LoadBalancer (Expose Ports)
+ - value: ClusterIP
+ description: ClusterIP (Do Not Expose Ports)
+ - value: Simple
+ description: Deprecated CHANGE THIS
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: advancedsvcset
+ label: Show Advanced Service Settings
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: externalIPs
+ label: "External IP's"
+ description: "External IP's"
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: externalIP
+ label: External IP
+ schema:
+ type: string
+ - variable: ipFamilyPolicy
+ label: IP Family Policy
+ description: Specify the IP Policy
+ schema:
+ type: string
+ default: SingleStack
+ enum:
+ - value: SingleStack
+ description: SingleStack
+ - value: PreferDualStack
+ description: PreferDualStack
+ - value: RequireDualStack
+ description: RequireDualStack
+ - variable: ipFamilies
+ label: IP Families
+ description: (Advanced) The IP Families that should be used
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ipFamily
+ label: IP Family
+ schema:
+ type: string
+ - variable: portsList
+ label: Additional Service Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsListEntry
+ label: Custom ports
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Port
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Port Name
+ schema:
+ type: string
+ default: ""
+ - variable: protocol
+ label: Port Type
+ schema:
+ type: string
+ default: tcp
+ enum:
+ - value: http
+ description: HTTP
+ - value: https
+ description: HTTPS
+ - value: tcp
+ description: TCP
+ - value: udp
+ description: UDP
+ - variable: targetPort
+ label: Target Port
+ description: This port exposes the container port on the service
+ schema:
+ type: int
+ required: true
+ - variable: port
+ label: Container Port
+ schema:
+ type: int
+ required: true
+ - variable: persistence
+ label: Integrated Persistent Storage
+ description: Integrated Persistent Storage
+ group: Storage and Persistence
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: html
+ label: App HTML Storage
+ description: Stores the Application HTML.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: "disabled"
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: config
+ label: App Config Storage
+ description: Stores the Application Config.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: "disabled"
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: data
+ label: User Data Storage
+ description: Stores the User Data.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: pvc
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size quotum of Storage (Do NOT REDUCE after installation)
+ description: This value can ONLY be INCREASED after the installation
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: "disabled"
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: persistenceList
+ label: Additional App Storage
+ group: Storage and Persistence
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: persistenceListEntry
+ label: Custom Storage
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the storage
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: type
+ label: Type of Storage
+ description: Sets the persistence type, Anything other than PVC could break rollback!
+ schema:
+ type: string
+ default: hostPath
+ enum:
+ - value: pvc
+ description: PVC
+ - value: hostPath
+ description: Host Path
+ - value: emptyDir
+ description: emptyDir
+ - value: nfs
+ description: NFS Share
+ - variable: server
+ label: NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: path
+ label: Path on NFS Server
+ schema:
+ show_if: [["type", "=", "nfs"]]
+ type: string
+ default: ""
+ - variable: autoPermissions
+ label: Automatic Permissions Configuration
+ description: Automatically set permissions
+ schema:
+ show_if: [["type", "!=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: enabled
+ label: enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: chown
+ label: Run CHOWN
+ description: |
+ It will run CHOWN on the path with the given fsGroup
+ schema:
+ type: boolean
+ default: false
+ - variable: chmod
+ label: Run CHMOD
+ description: |
+ It will run CHMOD on the path with the given value
+ Format should be 3 digits, e.g. 770
+ schema:
+ type: string
+ valid_chars: '[0-9]{3}'
+ default: ""
+ - variable: recursive
+ label: Recursive
+ description: |
+ It will run CHOWN and CHMOD recursively
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnly
+ label: Read Only
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Path
+ description: Path inside the container the storage is mounted
+ schema:
+ show_if: [["type", "=", "hostPath"]]
+ type: hostpath
+ - variable: mountPath
+ label: Mount Path
+ description: Path inside the container the storage is mounted
+ schema:
+ type: string
+ default: ""
+ required: true
+ valid_chars: '^\/([a-zA-Z0-9._-]+(\s?[a-zA-Z0-9._-]+|\/?))+$'
+ - variable: medium
+ label: EmptyDir Medium
+ schema:
+ show_if: [["type", "=", "emptyDir"]]
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: Memory
+ description: Memory
+ - variable: size
+ label: Size Quotum of Storage
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: 256Gi
+ - variable: storageClass
+ label: 'storageClass (Advanced)'
+ description: 'sets the storageClass to something other than iX default. Only for advanced usecases!'
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: string
+ default: ""
+ - variable: static
+ label: 'Static Fixed PVC Bindings (Experimental)'
+ description: Link a PVC to a specific storage location
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: dict
+ additional_attrs: true
+ attrs:
+ - variable: mode
+ label: mode
+ description: |
+ disabled: use normal dynamic PVCs
+ smb: connect to an SMB share
+ nfs: connect to an NFS share
+ schema:
+ type: string
+ default: "disabled"
+ enum:
+ - value: "disabled"
+ description: disabled
+ - value: smb
+ description: smb
+ - value: nfs
+ description: nfs
+ - variable: server
+ label: Server
+ description: server to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "myserver"
+ - variable: share
+ label: Share
+ description: share to connect to
+ schema:
+ type: string
+ show_if: [["mode", "!=", "disabled"]]
+ default: "/myshare"
+ - variable: user
+ label: User
+ description: connecting user
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: "myuser"
+ - variable: domain
+ label: Domain
+ description: user domain
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: password
+ label: Password
+ description: connecting password
+ schema:
+ type: string
+ show_if: [["mode", "=", "smb"]]
+ default: ""
+ - variable: volumeSnapshots
+ label: 'Volume Snapshots (Experimental)'
+ description: Add an entry to the list to force creation of a volumeSnapshot of this PVC
+ schema:
+ show_if: [["type", "=", "pvc"]]
+ type: list
+ default: []
+ items:
+ - variable: volumeSnapshotEntry
+ label: Custom volumeSnapshot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ description: 'WARNING: renaming this, means deletion of the snapshot with the old name!'
+ schema:
+ type: string
+ default: "mysnapshot"
+ required: true
+ - variable: volumeSnapshotClassName
+ label: 'volumeSnapshot Class Name (Advanced)'
+ description: For use with PVCs using a non-default storageClass
+ schema:
+ type: string
+ default: ""
+ - variable: ingress
+ label: ""
+ group: Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: [{path: "/", pathType: "Prefix"}]
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: certificateIssuer
+ label: Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ - variable: entrypoint
+ label: (Advanced) Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ show_if: [["advanced", "=", true]]
+ required: true
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: ingressClassName
+ label: (Advanced/Optional) IngressClass Name
+ schema:
+ type: string
+ show_if: [["advanced", "=", true]]
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ show_if: [["advanced", "=", true]]
+ default: []
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: 'Use Custom Certificate Secret (Advanced)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: 'Use TrueNAS SCALE Certificate (Deprecated)'
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: ingressList
+ label: Add Manual Custom Ingresses
+ group: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressListEntry
+ label: Custom Ingress
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable Ingress
+ schema:
+ type: boolean
+ default: true
+ hidden: true
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ - variable: ingressClassName
+ label: IngressClass Name
+ schema:
+ type: string
+ default: ""
+ - variable: allowCors
+ label: "Allow Cross Origin Requests"
+ schema:
+ type: boolean
+ show_if: [["advanced", "=", true]]
+ default: false
+ - variable: hosts
+ label: Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: hostEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: host
+ label: HostName
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: paths
+ label: Paths
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: pathEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: path
+ label: Path
+ schema:
+ type: string
+ required: true
+ default: "/"
+ - variable: pathType
+ label: Path Type
+ schema:
+ type: string
+ required: true
+ default: Prefix
+ - variable: service
+ label: Linked Service
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Service Name
+ schema:
+ type: string
+ default: ""
+ - variable: port
+ label: Service Port
+ schema:
+ type: int
+ - variable: certificateIssuer
+ label: certificateIssuer
+ description: 'add the name of your cert-manager clusterIssuer here for automatic tls certificates. Cannot be used combined with tls option below'
+ schema:
+ type: string
+ default: ""
+ - variable: tls
+ label: TLS-Settings
+ schema:
+ type: list
+ default: []
+ show_if: [["certificateIssuer", "=", ""]]
+ items:
+ - variable: tlsEntry
+ label: Host
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: hosts
+ label: Certificate Hosts
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: host
+ label: Host
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: certificateIssuer
+ label: Use Cert-Manager clusterIssuer
+ description: 'add the name of your Cert-Manager clusterIssuer here for automatic tls certificates.'
+ schema:
+ type: string
+ default: ""
+ - variable: scaleCert
+ label: Use TrueNAS SCALE Certificate (Deprecated)
+ schema:
+ show_if: [["certificateIssuer", "=", ""]]
+ type: int
+ $ref:
+ - "definitions/certificate"
+ - variable: clusterCertificate
+ label: 'Cluster Certificate (Advanced)'
+ description: 'Add the name of your cluster-wide certificate, that you set up in the ClusterIssuer chart.'
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: secretName
+ label: Use Custom Secret (Advanced)
+ schema:
+ type: string
+ show_if: [["certificateIssuer", "=", ""]]
+ default: ""
+ - variable: entrypoint
+ label: Traefik Entrypoint
+ description: Entrypoint used by Traefik when using Traefik as Ingress Provider
+ schema:
+ type: string
+ default: websecure
+ required: true
+ - variable: middlewares
+ label: Traefik Middlewares
+ description: Add previously created Traefik Middlewares to this Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ default: ""
+ required: true
+ - variable: securityContext
+ group: Security and Permissions
+ label: Security Context
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: container
+ label: Container
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: runAsUser
+ label: runAsUser
+ description: The UserID of the user running the application
+ schema:
+ type: int
+ default: 568
+ - variable: runAsGroup
+ label: runAsGroup
+ description: The groupID of the user running the application
+ schema:
+ type: int
+ default: 568
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: PUID
+ label: Process User ID - PUID
+ description: When supported by the container, this sets the User ID running the Application Process. Not supported by all Apps
+ schema:
+ type: int
+ show_if: [["runAsUser", "=", 0]]
+ default: 568
+ - variable: UMASK
+ label: UMASK
+ description: When supported by the container, this sets the UMASK for the App. Not supported by all Apps
+ schema:
+ type: string
+ default: "0022"
+ - variable: advanced
+ label: Show Advanced Settings
+ description: Advanced settings are not covered by TrueCharts Support
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: privileged
+ label: "Privileged mode"
+ schema:
+ type: boolean
+ default: false
+ - variable: readOnlyRootFilesystem
+ label: "ReadOnly Root Filesystem"
+ schema:
+ type: boolean
+ default: true
+ - variable: pod
+ label: Pod
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: fsGroupChangePolicy
+ label: "When should we take ownership?"
+ schema:
+ type: string
+ default: OnRootMismatch
+ enum:
+ - value: OnRootMismatch
+ description: OnRootMismatch
+ - value: Always
+ description: Always
+ - variable: supplementalGroups
+ label: Supplemental Groups
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: supplementalGroupsEntry
+ label: Supplemental Group
+ schema:
+ type: int
+ # Settings from questions.yaml get appended here on a per-app basis
+ - variable: fsGroup
+ label: fsGroup
+ description: The group that should own ALL storage.
+ schema:
+ type: int
+ default: 568
+ - variable: resources
+ group: Resources and Devices
+ label: "Resource Limits"
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: limits
+ label: Advanced Limit Resource Consumption
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 4000m
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: RAM
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 8Gi
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: requests
+ label: "Minimum Resources Required (request)"
+ schema:
+ additional_attrs: true
+ type: dict
+ hidden: true
+ attrs:
+ - variable: cpu
+ label: CPU
+ description: "1000m means 1 hyperthread. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 10m
+ hidden: true
+ valid_chars: '^(?!^0(\.0|m|)$)([0-9]+)(\.[0-9]|m?)$'
+ - variable: memory
+ label: "RAM"
+ description: "1Gi means 1 Gibibyte RAM. Detailed info: https://truecharts.org/manual/SCALE/validation"
+ schema:
+ type: string
+ default: 50Mi
+ hidden: true
+ valid_chars: '^(?!^0(e[0-9]|[EPTGMK]i?|)$)([0-9]+)(|[EPTGMK]i?|e[0-9]+)$'
+ - variable: deviceList
+ label: Mount USB Devices
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: deviceListEntry
+ label: Device
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enable the Storage
+ schema:
+ type: boolean
+ default: true
+ - variable: type
+ label: (Advanced) Type of Storage
+ description: Sets the persistence type
+ schema:
+ type: string
+ default: device
+ hidden: true
+ - variable: readOnly
+ label: readOnly
+ schema:
+ type: boolean
+ default: false
+ - variable: hostPath
+ label: Host Device Path
+ description: Path to the device on the host system
+ schema:
+ type: path
+ - variable: mountPath
+ label: Container Device Path
+ description: Path inside the container the device is mounted
+ schema:
+ type: string
+ default: "/dev/ttyACM0"
+ - variable: scaleGPU
+ label: GPU Configuration
+ group: Resources and Devices
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: scaleGPUEntry
+ label: GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ # Specify GPU configuration
+ - variable: gpu
+ label: Select GPU
+ schema:
+ additional_attrs: true
+ type: dict
+ $ref:
+ - "definitions/gpuConfiguration"
+ attrs: []
+ - variable: workaround
+ label: "Workaround"
+ schema:
+ type: string
+ default: workaround
+ hidden: true
+ - variable: metrics
+ group: Metrics
+ label: Prometheus Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: main
+ label: Main Metrics
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: prometheusRule
+ label: PrometheusRule
+ description: Enable and configure Prometheus Rules for the App.
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ description: Enable Prometheus Metrics
+ schema:
+ type: boolean
+ default: false
+ # TODO: Rule List section
+# - variable: horizontalPodAutoscaler
+# group: Advanced
+# label: (Advanced) Horizontal Pod Autoscaler
+# schema:
+# type: list
+# default: []
+# items:
+# - variable: hpaEntry
+# label: HPA Entry
+# schema:
+# additional_attrs: true
+# type: dict
+# attrs:
+# - variable: name
+# label: Name
+# schema:
+# type: string
+# required: true
+# default: ""
+# - variable: enabled
+# label: Enabled
+# schema:
+# type: boolean
+# default: false
+# show_subquestions_if: true
+# subquestions:
+# - variable: target
+# label: Target
+# description: Deployment name, Defaults to Main Deployment
+# schema:
+# type: string
+# default: ""
+# - variable: minReplicas
+# label: Minimum Replicas
+# schema:
+# type: int
+# default: 1
+# - variable: maxReplicas
+# label: Maximum Replicas
+# schema:
+# type: int
+# default: 5
+# - variable: targetCPUUtilizationPercentage
+# label: Target CPU Utilization Percentage
+# schema:
+# type: int
+# default: 80
+# - variable: targetMemoryUtilizationPercentage
+# label: Target Memory Utilization Percentage
+# schema:
+# type: int
+# default: 80
+ - variable: networkPolicy
+ group: Advanced
+ label: (Advanced) Network Policy
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: netPolicyEntry
+ label: Network Policy Entry
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ default: ""
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: policyType
+ label: Policy Type
+ schema:
+ type: string
+ default: ""
+ enum:
+ - value: ""
+ description: Default
+ - value: ingress
+ description: Ingress
+ - value: egress
+ description: Egress
+ - value: ingress-egress
+ description: Ingress and Egress
+ - variable: egress
+ label: Egress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: egressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: to
+ label: To
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: toEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: ingress
+ label: Ingress
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: ingressEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: from
+ label: From
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: fromEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: ipBlock
+ label: IP Block
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: cidr
+ label: CIDR
+ schema:
+ type: string
+ default: ""
+ - variable: except
+ label: Except
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: exceptint
+ label: ""
+ schema:
+ type: string
+ - variable: namespaceSelector
+ label: Namespace Selector
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: podSelector
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: matchExpressions
+ label: Match Expressions
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: expressionEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: key
+ label: Key
+ schema:
+ type: string
+ - variable: operator
+ label: Operator
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: In
+ description: In
+ - value: NotIn
+ description: NotIn
+ - value: Exists
+ description: Exists
+ - value: DoesNotExist
+ description: DoesNotExist
+ - variable: values
+ label: Values
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: value
+ label: ""
+ schema:
+ type: string
+ - variable: ports
+ label: Ports
+ schema:
+ type: list
+ default: []
+ items:
+ - variable: portsEntry
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ - variable: endPort
+ label: End Port
+ schema:
+ type: int
+ - variable: protocol
+ label: Protocol
+ schema:
+ type: string
+ default: TCP
+ enum:
+ - value: TCP
+ description: TCP
+ - value: UDP
+ description: UDP
+ - value: SCTP
+ description: SCTP
+ - variable: addons
+ group: Addons
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: Codeserver
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: service
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Service Type
+ description: "ClusterIP's are only internally available and Loadbalancer exposes the service using the system loadbalancer"
+ schema:
+ type: string
+ default: LoadBalancer
+ enum:
+ - value: NodePort
+ description: Deprecated CHANGE THIS
+ - value: ClusterIP
+ description: ClusterIP
+ - value: LoadBalancer
+ description: LoadBalancer
+ - variable: loadBalancerIP
+ label: LoadBalancer IP
+ description: "MetalLB Only: Selects the Loadbalancer IP to expose on. Required when using PortalButton with MetalLB"
+ schema:
+ show_if: [["type", "=", "LoadBalancer"]]
+ type: string
+ default: ""
+ - variable: ports
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: codeserver
+ label: ""
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: port
+ label: Port
+ schema:
+ type: int
+ default: 36107
+ - variable: envList
+ label: Codeserver Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: netshoot
+ label: Netshoot
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: enabled
+ label: Enabled
+ schema:
+ type: boolean
+ default: false
+ show_subquestions_if: true
+ subquestions:
+ - variable: envList
+ label: Netshoot Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ - variable: vpn
+ label: VPN
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: type
+ label: Type
+ schema:
+ type: string
+ default: disabled
+ enum:
+ - value: disabled
+ description: disabled
+ - value: gluetun
+ description: Gluetun
+ - value: tailscale
+ description: Tailscale
+ - value: openvpn
+ description: OpenVPN (Deprecated)
+ - value: wireguard
+ description: Wireguard (Deprecated)
+ - variable: openvpn
+ label: OpenVPN Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "openvpn"]]
+ attrs:
+ - variable: username
+ label: Authentication Username (Optional)
+ description: Authentication Username, Optional
+ schema:
+ type: string
+ default: ""
+ - variable: password
+ label: Authentication Password
+ description: Authentication Credentials
+ schema:
+ type: string
+ show_if: [["username", "!=", ""]]
+ default: ""
+ required: true
+ - variable: tailscale
+ label: Tailscale Settings
+ schema:
+ additional_attrs: true
+ type: dict
+ show_if: [["type", "=", "tailscale"]]
+ attrs:
+ - variable: authkey
+ label: Authentication Key
+ description: Provide an auth key to automatically authenticate the node as your user account.
+ schema:
+ type: string
+ private: true
+ default: ""
+ - variable: auth_once
+ label: Auth Once
+ description: Only attempt to log in if not already logged in.
+ schema:
+ type: boolean
+ default: true
+ - variable: accept_dns
+ label: Accept DNS
+ description: Accept DNS configuration from the admin console.
+ schema:
+ type: boolean
+ default: false
+ - variable: userspace
+ label: Userspace
+ description: Userspace Networking mode allows running Tailscale where you do not have access to create a VPN tunnel device.
+ schema:
+ type: boolean
+ default: false
+ - variable: routes
+ label: Routes
+ description: Expose physical subnet routes to your entire Tailscale network.
+ schema:
+ type: string
+ default: ""
+ - variable: dest_ip
+ label: Destination IP
+ description: Tells the DNAT mechanism which Destination IP to set in the IP header, and where to send packets that are matched.
+ schema:
+ type: string
+ default: ""
+ - variable: sock5_server
+ label: Sock5 Server
+ description: The address on which to listen for SOCKS5 proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: outbound_http_proxy_listen
+ label: Outbound HTTP Proxy Listen
+ description: The address on which to listen for HTTP proxying into the tailscale net.
+ schema:
+ type: string
+ default: ""
+ - variable: extra_args
+ label: Extra Args
+ description: Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: daemon_extra_args
+ label: Tailscale Daemon Extra Args
+ description: Tailscale Daemon Extra Args
+ schema:
+ type: string
+ default: ""
+ - variable: killSwitch
+ label: Enable Killswitch
+ schema:
+ type: boolean
+ show_if: [["type", "!=", "disabled"]]
+ default: true
+ - variable: excludedNetworks_IPv4
+ label: Killswitch Excluded IPv4 networks
+ description: List of Killswitch Excluded IPv4 Addresses
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv4
+ label: IPv4 Network
+ schema:
+ type: string
+ required: true
+ - variable: excludedNetworks_IPv6
+ label: Killswitch Excluded IPv6 networks
+ description: "List of Killswitch Excluded IPv6 Addresses"
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: networkv6
+ label: IPv6 Network
+ schema:
+ type: string
+ required: true
+ - variable: configFile
+ label: VPN Config File Location
+ schema:
+ type: string
+ show_if: [["type", "!=", "disabled"]]
+ default: ""
+
+ - variable: envList
+ label: VPN Environment Variables
+ schema:
+ type: list
+ show_if: [["type", "!=", "disabled"]]
+ default: []
+ items:
+ - variable: envItem
+ label: Environment Variable
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: name
+ label: Name
+ schema:
+ type: string
+ required: true
+ - variable: value
+ label: Value
+ schema:
+ type: string
+ required: true
+ max_length: 10240
+ - variable: docs
+ group: Documentation
+ label: Please read the documentation at https://truecharts.org
+ description: Please read the documentation at
+
https://truecharts.org
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDocs
+ label: I have checked the documentation
+ schema:
+ type: boolean
+ default: true
+ - variable: donateNag
+ group: Documentation
+ label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
+ description: Please consider supporting TrueCharts, see
+
https://truecharts.org/sponsor
+ schema:
+ additional_attrs: true
+ type: dict
+ attrs:
+ - variable: confirmDonate
+ label: I have considered donating
+ schema:
+ type: boolean
+ default: true
+ hidden: true
diff --git a/stable/nextcloud/22.1.15/templates/NOTES.txt b/stable/nextcloud/22.1.15/templates/NOTES.txt
new file mode 100644
index 00000000000..efcb74cb772
--- /dev/null
+++ b/stable/nextcloud/22.1.15/templates/NOTES.txt
@@ -0,0 +1 @@
+{{- include "tc.v1.common.lib.chart.notes" $ -}}
diff --git a/stable/nextcloud/22.1.15/templates/_configmap.tpl b/stable/nextcloud/22.1.15/templates/_configmap.tpl
new file mode 100644
index 00000000000..5a6a3e9f10b
--- /dev/null
+++ b/stable/nextcloud/22.1.15/templates/_configmap.tpl
@@ -0,0 +1,421 @@
+{{/* Define the configmap */}}
+{{- define "nextcloud.configmaps" -}}
+{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
+{{- $accessUrl := .Values.chartContext.APPURL -}}
+{{- if or (contains "127.0.0.1" $accessUrl) (contains "localhost" $accessUrl) -}}
+ {{- if .Values.nextcloud.general.accessIP -}}
+ {{- $prot := "http" -}}
+ {{- $host := .Values.nextcloud.general.accessIP -}}
+ {{- $port := .Values.service.main.ports.main.port -}}
+ {{/*
+ Allowing here to override protocol and port
+ should be enough to make it work with any rev proxy
+ */}}
+ {{- $accessUrl = printf "%v://%v:%v" $prot $host $port -}}
+ {{- end -}}
+{{- end -}}
+{{- $accessHost := regexReplaceAll ".*://(.*)" $accessUrl "${1}" -}}
+{{- $accessHost = regexReplaceAll "(.*):.*" $accessUrl "${1}" -}}
+{{- $accessHostPort := regexReplaceAll ".*://(.*)" $accessUrl "${1}" -}}
+{{- $accessProtocol := regexReplaceAll "(.*)://.*" $accessUrl "${1}" -}}
+{{- $redisHost := .Values.redis.creds.plainhost | trimAll "\"" -}}
+{{- $redisPass := .Values.redis.creds.redisPassword | trimAll "\"" -}}
+{{- $healthHost := "kube.internal.healthcheck" -}}
+
+php-tune:
+ enabled: true
+ data:
+ zz-tune.conf: |
+ [www]
+ pm.max_children = {{ .Values.nextcloud.php.pm_max_children }}
+ pm.start_servers = {{ .Values.nextcloud.php.pm_start_servers }}
+ pm.min_spare_servers = {{ .Values.nextcloud.php.pm_min_spare_servers }}
+ pm.max_spare_servers = {{ .Values.nextcloud.php.pm_max_spare_servers }}
+
+opcache:
+ enabled: true
+ data:
+ opcache-recommended.ini: |
+ opcache.enable=1
+ opcache.save_comments=1
+ opcache.jit=1255
+ opcache.interned_strings_buffer={{ .Values.nextcloud.opcache.interned_strings_buffer }}
+ opcache.max_accelerated_files={{ .Values.nextcloud.opcache.max_accelerated_files }}
+ opcache.memory_consumption={{ .Values.nextcloud.opcache.memory_consumption }}
+ opcache.revalidate_freq={{ .Values.nextcloud.opcache.revalidate_freq }}
+ opcache.jit_buffer_size={{ printf "%vM" .Values.nextcloud.opcache.jit_buffer_size }}
+
+redis-session:
+ enabled: true
+ data:
+ redis-session.ini: |
+ session.save_handler = redis
+ session.save_path = {{ printf "tcp://%v:6379?auth=%v" $redisHost $redisPass | quote }}
+ redis.session.locking_enabled = 1
+ redis.session.lock_retries = -1
+ redis.session.lock_wait_time = 10000
+
+hpb-config:
+ enabled: {{ .Values.nextcloud.notify_push.enabled }}
+ data:
+ NEXTCLOUD_URL: {{ printf "http://%v:%v" $fullname .Values.service.main.ports.main.port }}
+ HPB_HOST: {{ $healthHost }}
+ CONFIG_FILE: {{ printf "%v/config.php" .Values.persistence.config.targetSelector.notify.notify.mountPath }}
+ METRICS_PORT: {{ .Values.service.notify.ports.metrics.port | quote }}
+
+clamav-config:
+ enabled: {{ .Values.nextcloud.clamav.enabled }}
+ data:
+ CLAMAV_NO_CLAMD: "false"
+ CLAMAV_NO_FRESHCLAMD: "true"
+ CLAMAV_NO_MILTERD: "true"
+ CLAMD_STARTUP_TIMEOUT: "1800"
+
+collabora-config:
+ enabled: {{ .Values.nextcloud.collabora.enabled }}
+ data:
+ aliasgroup1: {{ $accessUrl }}
+ server_name: {{ $accessHostPort }}
+ dictionaries: {{ join " " .Values.nextcloud.collabora.dictionaries }}
+ username: {{ .Values.nextcloud.collabora.username | quote }}
+ password: {{ .Values.nextcloud.collabora.password | quote }}
+ DONT_GEN_SSL_CERT: "true"
+ # mount_jail_tree is only used for local storage
+ # not needed for WOPI https://github.com/CollaboraOnline/online/issues/3604#issuecomment-989833814
+ extra_params: |
+ --o:ssl.enable=false
+ --o:ssl.termination=true
+ --o:net.service_root=/collabora
+ --o:home_mode.enable=true
+ --o:welcome.enable=false
+ --o:logging.level=warning
+ --o:logging.level_startup=warning
+ --o:security.seccomp=true
+ --o:mount_jail_tree=false
+ --o:user_interface.mode={{ .Values.nextcloud.collabora.user_interface_mode }}
+
+nextcloud-config:
+ enabled: true
+ data:
+ {{/* Database */}}
+ POSTGRES_DB: {{ .Values.cnpg.main.database | quote }}
+ POSTGRES_USER: {{ .Values.cnpg.main.user | quote }}
+ POSTGRES_PASSWORD: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
+ POSTGRES_HOST: {{ .Values.cnpg.main.creds.host | trimAll "\"" }}
+
+ {{/* Redis */}}
+ NX_REDIS_HOST: {{ $redisHost }}
+ NX_REDIS_PASS: {{ $redisPass }}
+
+ {{/* Nextcloud INITIAL credentials */}}
+ NEXTCLOUD_ADMIN_USER: {{ .Values.nextcloud.credentials.initialAdminUser | quote }}
+ NEXTCLOUD_ADMIN_PASSWORD: {{ .Values.nextcloud.credentials.initialAdminPassword | quote }}
+
+ {{/* PHP Variables */}}
+ PHP_MEMORY_LIMIT: {{ .Values.nextcloud.php.memory_limit | quote }}
+ PHP_UPLOAD_LIMIT: {{ .Values.nextcloud.php.upload_limit | quote }}
+
+ {{/* Notify Push */}}
+ NX_NOTIFY_PUSH: {{ .Values.nextcloud.notify_push.enabled | quote }}
+ {{- if .Values.nextcloud.notify_push.enabled }}
+ NX_NOTIFY_PUSH_ENDPOINT: {{ $accessUrl }}/push
+ {{- end }}
+
+ {{/* Previews */}}
+ NX_PREVIEWS: {{ .Values.nextcloud.previews.enabled | quote }}
+ NX_PREVIEW_PROVIDERS: {{ join " " .Values.nextcloud.previews.providers }}
+ NX_PREVIEW_MAX_X: {{ .Values.nextcloud.previews.max_x | quote }}
+ NX_PREVIEW_MAX_Y: {{ .Values.nextcloud.previews.max_y | quote }}
+ NX_PREVIEW_MAX_MEMORY: {{ .Values.nextcloud.previews.max_memory | quote }}
+ NX_PREVIEW_MAX_FILESIZE_IMAGE: {{ .Values.nextcloud.previews.max_file_size_image | quote }}
+ NX_JPEG_QUALITY: {{ .Values.nextcloud.previews.jpeg_quality | quote }}
+ NX_PREVIEW_SQUARE_SIZES: {{ .Values.nextcloud.previews.square_sizes | quote }}
+ NX_PREVIEW_WIDTH_SIZES: {{ .Values.nextcloud.previews.width_sizes | quote }}
+ NX_PREVIEW_HEIGHT_SIZES: {{ .Values.nextcloud.previews.height_sizes | quote }}
+
+ {{/* Imaginary */}}
+ NX_IMAGINARY: {{ and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary | quote }}
+ {{- if and .Values.nextcloud.previews.enabled .Values.nextcloud.previews.imaginary }}
+ NX_IMAGINARY_URL: {{ printf "http://%v-imaginary:%v" $fullname .Values.service.imaginary.ports.imaginary.port }}
+ {{- end }}
+
+ {{/* Expirations */}}
+ NX_ACTIVITY_EXPIRE_DAYS: {{ .Values.nextcloud.expirations.activity_expire_days | quote }}
+ NX_TRASH_RETENTION: {{ .Values.nextcloud.expirations.trash_retention_obligation | quote }}
+ NX_VERSIONS_RETENTION: {{ .Values.nextcloud.expirations.versions_retention_obligation | quote }}
+
+ {{/* General */}}
+ NX_RUN_OPTIMIZE: {{ .Values.nextcloud.general.run_optimize | quote }}
+ NX_DEFAULT_PHONE_REGION: {{ .Values.nextcloud.general.default_phone_region | quote }}
+ NEXTCLOUD_DATA_DIR: {{ .Values.persistence.data.targetSelector.main.main.mountPath }}
+ NX_FORCE_ENABLE_ALLOW_LOCAL_REMOTE_SERVERS: {{ .Values.nextcloud.general.force_enable_allow_local_remote_servers | quote }}
+
+ {{/* Files */}}
+ NX_SHARED_FOLDER_NAME: {{ .Values.nextcloud.files.shared_folder_name | quote }}
+ NX_MAX_CHUNKSIZE: {{ .Values.nextcloud.files.max_chunk_size | mul 1 | quote }}
+
+ {{/* Logging */}}
+ NX_LOG_LEVEL: {{ .Values.nextcloud.logging.log_level | quote }}
+ NX_LOG_FILE: {{ .Values.nextcloud.logging.log_file | quote }}
+ NX_LOG_FILE_AUDIT: {{ .Values.nextcloud.logging.log_audit_file | quote }}
+ NX_LOG_DATE_FORMAT: {{ .Values.nextcloud.logging.log_date_format | quote }}
+ NX_LOG_TIMEZONE: {{ .Values.TZ | quote }}
+
+ {{/* ClamAV */}}
+ NX_CLAMAV: {{ .Values.nextcloud.clamav.enabled | quote }}
+ {{- if .Values.nextcloud.clamav.enabled }}
+ NX_CLAMAV_HOST: {{ printf "%v-clamav" $fullname }}
+ NX_CLAMAV_PORT: {{ .Values.service.clamav.ports.clamav.targetPort | quote }}
+ NX_CLAMAV_STREAM_MAX_LENGTH: {{ .Values.nextcloud.clamav.stream_max_length | mul 1 | quote }}
+ NX_CLAMAV_FILE_MAX_SIZE: {{ .Values.nextcloud.clamav.file_max_size | quote }}
+ NX_CLAMAV_INFECTED_ACTION: {{ .Values.nextcloud.clamav.infected_action | quote }}
+ {{- end }}
+
+ {{/* Collabora */}}
+ NX_COLLABORA: {{ .Values.nextcloud.collabora.enabled | quote }}
+ {{- if .Values.nextcloud.collabora.enabled }}
+ NX_COLLABORA_URL: {{ printf "%v/collabora" $accessUrl | quote }}
+ # Ideally this would be a combo of: public ip, pod cidr, svc cidr
+ # But not always people have static IP.
+ NX_COLLABORA_ALLOWLIST: "0.0.0.0/0"
+ {{- end }}
+
+ {{/* Only Office */}}
+ NX_ONLYOFFICE: {{ .Values.nextcloud.onlyoffice.enabled | quote }}
+ {{- if .Values.nextcloud.onlyoffice.enabled }}
+ NX_ONLYOFFICE_URL: {{ .Values.nextcloud.onlyoffice.url | quote }}
+ NX_ONLYOFFICE_JWT: {{ .Values.nextcloud.onlyoffice.jwt | quote }}
+ NX_ONLYOFFICE_JWT_HEADER: {{ .Values.nextcloud.onlyoffice.jwt_header | quote }}
+ {{- end }}
+
+ {{/* URLs */}}
+ NX_OVERWRITE_HOST: {{ $accessHostPort }}
+ NX_OVERWRITE_CLI_URL: {{ $accessUrl }}
+ # Return the protocol part of the URL
+ NX_OVERWRITE_PROTOCOL: {{ $accessProtocol | lower }}
+ # IP (or range in this case) of the proxy(ies)
+ NX_TRUSTED_PROXIES: |
+ {{ .Values.chartContext.podCIDR }}
+ {{ .Values.chartContext.svcCIDR }}
+ # fullname-* will allow access from the
+ # other services in the same namespace
+ NX_TRUSTED_DOMAINS: |
+ 127.0.0.1
+ localhost
+ {{ $fullname }}
+ {{ printf "%v-*" $fullname }}
+ {{ $healthHost }}
+ {{- if not (contains "127.0.0.1" $accessHost) }}
+ {{- $accessHost | nindent 6 }}
+ {{- end -}}
+ {{- with .Values.nextcloud.general.accessIP }}
+ {{- . | nindent 6 }}
+ {{- end }}
+
+# TODO: Replace locations with ingress
+# like /push, /.well-known/carddav, /.well-known/caldav
+# needs some work as nginx converts urls to pretty urls
+# before matching them to locations, so ingress needs to
+# take that into consideration.
+nginx-config:
+ enabled: true
+ data:
+ nginx.conf: |
+ worker_processes auto;
+
+ error_log /var/log/nginx/error.log warn;
+ # Set to /tmp so it can run as non-root
+ pid /tmp/nginx.pid;
+
+ events {
+ worker_connections 1024;
+ }
+
+ http {
+ # Set to /tmp so it can run as non-root
+ client_body_temp_path /tmp/nginx/client_temp;
+ proxy_temp_path /tmp/nginx/proxy_temp_path;
+ fastcgi_temp_path /tmp/nginx/fastcgi_temp;
+ uwsgi_temp_path /tmp/nginx/uwsgi_temp;
+ scgi_temp_path /tmp/nginx/scgi_temp;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ sendfile on;
+ #tcp_nopush on;
+
+ # Prevent nginx HTTP Server Detection
+ server_tokens off;
+
+ keepalive_timeout 65;
+
+ #gzip on;
+
+ upstream php-handler {
+ server {{ printf "%v-nextcloud" $fullname }}:{{ .Values.service.nextcloud.ports.nextcloud.targetPort }};
+ }
+
+ server {
+ listen {{ .Values.service.main.ports.main.port }};
+ absolute_redirect off;
+
+ {{- if .Values.nextcloud.notify_push.enabled }}
+ # Forward Notify_Push "High Performance Backend" to it's own container
+ location ^~ /push/ {
+ # The trailing "/" is important!
+ proxy_pass http://{{ printf "%v-notify" $fullname }}:{{ .Values.service.notify.ports.notify.targetPort }}/;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "Upgrade";
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+ {{- end }}
+
+ # HSTS settings
+ # WARNING: Only add the preload option once you read about
+ # the consequences in https://hstspreload.org/. This option
+ # will add the domain to a hardcoded list that is shipped
+ # in all major browsers and getting removed from this list
+ # could take several months.
+ #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+
+ # Set max upload size
+ client_max_body_size {{ .Values.nextcloud.php.upload_limit | default "512M" }};
+ fastcgi_buffers 64 4K;
+
+ # Enable gzip but do not remove ETag headers
+ gzip on;
+ gzip_vary on;
+ gzip_comp_level 4;
+ gzip_min_length 256;
+ gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
+ gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+
+ # Pagespeed is not supported by Nextcloud, so if your server is built
+ # with the `ngx_pagespeed` module, uncomment this line to disable it.
+ #pagespeed off;
+
+ # HTTP response headers borrowed from Nextcloud `.htaccess`
+ add_header Referrer-Policy "no-referrer" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header X-Download-Options "noopen" always;
+ add_header X-Frame-Options "SAMEORIGIN" always;
+ add_header X-Permitted-Cross-Domain-Policies "none" always;
+ add_header X-Robots-Tag "noindex, nofollow" always;
+ add_header X-XSS-Protection "1; mode=block" always;
+
+ # Remove X-Powered-By, which is an information leak
+ fastcgi_hide_header X-Powered-By;
+
+ # Path to the root of your installation
+ root {{ .Values.persistence.html.targetSelector.nginx.nginx.mountPath }};
+
+ # Specify how to handle directories -- specifying `/index.php$request_uri`
+ # here as the fallback means that Nginx always exhibits the desired behaviour
+ # when a client requests a path that corresponds to a directory that exists
+ # on the server. In particular, if that directory contains an index.php file,
+ # that file is correctly served; if it doesn't, then the request is passed to
+ # the front-end controller. This consistent behaviour means that we don't need
+ # to specify custom rules for certain paths (e.g. images and other assets,
+ # `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
+ # `try_files $uri $uri/ /index.php$request_uri`
+ # always provides the desired behaviour.
+ index index.php index.html /index.php$request_uri;
+
+ # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
+ location = / {
+ if ( $http_user_agent ~ ^DavClnt ) {
+ return 302 /remote.php/webdav/$is_args$args;
+ }
+ }
+
+ location = /robots.txt {
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+
+ # Make a regex exception for `/.well-known` so that clients can still
+ # access it despite the existence of the regex rule
+ # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+ # for `/.well-known`.
+ location ^~ /.well-known {
+ # The rules in this block are an adaptation of the rules
+ # in `.htaccess` that concern `/.well-known`.
+
+ location = /.well-known/carddav { return 301 /remote.php/dav/; }
+ location = /.well-known/caldav { return 301 /remote.php/dav/; }
+
+ location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
+ location /.well-known/pki-validation { try_files $uri $uri/ =404; }
+
+ # Let Nextcloud's API for `/.well-known` URIs handle all other
+ # requests by passing them to the front-end controller.
+ return 301 /index.php$request_uri;
+ }
+
+ # Rules borrowed from `.htaccess` to hide certain paths from clients
+ location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
+ location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
+
+ # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+ # which handle static assets (as seen below). If this block is not declared first,
+ # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+ # to the URI, resulting in a HTTP 500 error response.
+ location ~ \.php(?:$|/) {
+ # Required for legacy support
+ rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ set $path_info $fastcgi_path_info;
+
+ try_files $fastcgi_script_name =404;
+
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param PATH_INFO $path_info;
+ #fastcgi_param HTTPS on;
+
+ fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
+ fastcgi_param front_controller_active true; # Enable pretty urls
+ fastcgi_pass php-handler;
+
+ fastcgi_intercept_errors on;
+ fastcgi_request_buffering off;
+ proxy_send_timeout 3600s;
+ proxy_read_timeout 3600s;
+ fastcgi_send_timeout 3600s;
+ fastcgi_read_timeout 3600s;
+ }
+
+ location ~ \.(?:css|js|svg|gif)$ {
+ try_files $uri /index.php$request_uri;
+ expires 6M; # Cache-Control policy borrowed from `.htaccess`
+ access_log off; # Optional: Don't log access to assets
+ }
+
+ location ~ \.woff2?$ {
+ try_files $uri /index.php$request_uri;
+ expires 7d; # Cache-Control policy borrowed from `.htaccess`
+ access_log off; # Optional: Don't log access to assets
+ }
+
+ # Rule borrowed from `.htaccess`
+ location /remote {
+ return 301 /remote.php$request_uri;
+ }
+
+ location / {
+ try_files $uri $uri/ /index.php$request_uri;
+ }
+ }
+ }
+{{- end -}}
diff --git a/stable/nextcloud/22.1.15/templates/_cronjobs.tpl b/stable/nextcloud/22.1.15/templates/_cronjobs.tpl
new file mode 100644
index 00000000000..0fa050dba68
--- /dev/null
+++ b/stable/nextcloud/22.1.15/templates/_cronjobs.tpl
@@ -0,0 +1,34 @@
+{{- define "nextcloud.cronjobs" -}}
+{{- range $cj := .Values.cronjobs }}
+ {{- $name := $cj.name | required "Nextcloud - Expected non-empty name in cronjob" -}}
+ {{- $schedule := $cj.schedule | required "Nextcloud - Expected non-empty schedule in cronjob" }}
+
+{{ $name }}:
+ enabled: {{ $cj.enabled | quote }}
+ type: CronJob
+ schedule: {{ $schedule | quote }}
+ podSpec:
+ restartPolicy: Never
+ containers:
+ {{ $name }}:
+ enabled: true
+ primary: true
+ imageSelector: image
+ command:
+ - /bin/bash
+ - -c
+ - |
+ {{- range $cj.cmd }}
+ {{- . | nindent 12 }}
+ {{- else -}}
+ {{- fail "Nextcloud - Expected non-empty cmd in cronjob" -}}
+ {{- end }}
+ probes:
+ liveness:
+ enabled: false
+ readiness:
+ enabled: false
+ startup:
+ enabled: false
+{{- end }}
+{{- end -}}
diff --git a/stable/nextcloud/22.1.15/templates/_ingressInjector.tpl b/stable/nextcloud/22.1.15/templates/_ingressInjector.tpl
new file mode 100644
index 00000000000..37919189e21
--- /dev/null
+++ b/stable/nextcloud/22.1.15/templates/_ingressInjector.tpl
@@ -0,0 +1,24 @@
+{{- define "nextcloud.ingressInjector" -}}
+ {{- if .Values.ingress.main.enabled -}}
+ {{- $injectPaths := list -}}
+ {{- if .Values.nextcloud.collabora.enabled -}}
+ {{- $injectPaths = mustAppend $injectPaths (include "nextcloud.collabora.ingress" $ | fromYaml) -}}
+ {{- end -}}
+ {{/* Append more paths here if needed */}}
+
+ {{- range $host := .Values.ingress.main.hosts -}}
+ {{- $paths := $host.paths -}}
+ {{- $paths = concat $paths $injectPaths -}}
+ {{- $_ := set $host "paths" $paths -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{- define "nextcloud.collabora.ingress" -}}
+{{- $fullname := include "tc.v1.common.lib.chart.names.fullname" . }}
+path: /collabora/
+pathType: Prefix
+service:
+ name: {{ printf "%v-collabora" $fullname }}
+ port: {{ .Values.service.collabora.ports.collabora.port }}
+{{- end -}}
diff --git a/stable/nextcloud/22.1.15/templates/_initPerms.tpl b/stable/nextcloud/22.1.15/templates/_initPerms.tpl
new file mode 100644
index 00000000000..ed94790ad93
--- /dev/null
+++ b/stable/nextcloud/22.1.15/templates/_initPerms.tpl
@@ -0,0 +1,29 @@
+{{- define "nextcloud.init.perms" -}}
+{{- $uid := .Values.securityContext.container.runAsUser -}}
+{{- $gid := .Values.securityContext.container.runAsGroup -}}
+{{- $path := .Values.persistence.data.targetSelector.main.main.mountPath }}
+enabled: true
+type: install
+imageSelector: alpineImage
+securityContext:
+ runAsUser: 0
+ runAsGroup: 0
+ runAsNonRoot: false
+ capabilities:
+ disableS6Caps: true
+ add:
+ - DAC_OVERRIDE
+ - FOWNER
+ - CHOWN
+command: /bin/sh
+args:
+ - -c
+ - |
+ echo "Setting permissions to 700 on data directory [{{ $path }}] ..."
+ chmod 770 {{ $path }} | echo "Failed to set permissions on data directory [{{ $path }}]"
+
+ echo "Setting ownership to {{ $uid }}:{{ $gid }} on data directory [{{ $path }}] ..."
+ chown {{ $uid }}:{{ $gid }} {{ $path }} | echo "Failed to set ownership on data directory [{{ $path }}]"
+
+ echo "Finished."
+{{- end -}}
diff --git a/stable/nextcloud/22.1.15/templates/_validation.tpl b/stable/nextcloud/22.1.15/templates/_validation.tpl
new file mode 100644
index 00000000000..5650c0f63fe
--- /dev/null
+++ b/stable/nextcloud/22.1.15/templates/_validation.tpl
@@ -0,0 +1,42 @@
+{{- define "nextcloud.validation" -}}
+
+ {{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.memory_limit) -}}
+ {{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.memory_limit) -}}
+ {{- end -}}
+
+ {{- if not (mustRegexMatch "^[0-9]+(M|G){1}$" .Values.nextcloud.php.upload_limit) -}}
+ {{- fail (printf "Nextcloud - Expected Memory Limit to be in format [1M, 1G] but got [%v]" .Values.nextcloud.php.upload_limit) -}}
+ {{- end -}}
+
+ {{- if not (deepEqual .Values.nextcloud.previews.providers (uniq .Values.nextcloud.previews.providers)) -}}
+ {{- fail (printf "Nextcloud - Expected preview providers to be unique but got [%v]" .Values.nextcloud.previews.providers) -}}
+ {{- end -}}
+
+ {{- if and .Values.nextcloud.collabora.enabled .Values.nextcloud.onlyoffice.enabled -}}
+ {{- fail "Nextcloud - Expected only one of [Collabora, OnlyOffice] to be enabled" -}}
+ {{- end -}}
+
+ {{- if contains "$" .Values.nextcloud.collabora.password -}}
+ {{- fail "Nextcloud - Collabora [Password] cannot contain [$]" -}}
+ {{- end -}}
+
+ {{- if .Values.nextcloud.collabora.enabled -}}
+ {{- if lt (len .Values.nextcloud.collabora.password) 8 -}}
+ {{- fail "Nextcloud - Collabora [Password] must be at least 8 characters" -}}
+ {{- end -}}
+
+ {{- $collaboraUIModes := (list "default" "compact" "tabbed") -}}
+ {{- if not (mustHas .Values.nextcloud.collabora.interface_mode $collaboraUIModes) -}}
+ {{- fail (printf "Nextcloud - Expected [Interface Mode] in Collabora to be one of [%v], but got [%v]" (join "," $collaboraUIModes) .Values.nextcloud.collabora.interface_mode) -}}
+ {{- end -}}
+
+ {{- if not .Values.nextcloud.collabora.dictionaries -}}
+ {{- fail "Nextcloud - Expected non-empty Collabora [Dictionaries]" -}}
+ {{- end -}}
+
+ {{- if not (deepEqual .Values.nextcloud.collabora.dictionaries (uniq .Values.nextcloud.collabora.dictionaries)) -}}
+ {{- fail "Nextcloud - Collabora [Dictionaries] must be unique" -}}
+ {{- end -}}
+ {{- end -}}
+
+{{- end -}}
diff --git a/stable/nextcloud/22.1.15/templates/_waitNextcloud.tpl b/stable/nextcloud/22.1.15/templates/_waitNextcloud.tpl
new file mode 100644
index 00000000000..24946d640e8
--- /dev/null
+++ b/stable/nextcloud/22.1.15/templates/_waitNextcloud.tpl
@@ -0,0 +1,25 @@
+{{- define "nextcloud.wait.nextcloud" -}}
+{{- $fullname := (include "tc.v1.common.lib.chart.names.fullname" $) -}}
+{{- $ncURL := printf "%v-nextcloud:%v" $fullname .Values.service.nextcloud.ports.nextcloud.targetPort }}
+enabled: true
+type: init
+imageSelector: image
+securityContext:
+command: /bin/sh
+args:
+ - -c
+ - |
+ echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..."
+ until \
+ REQUEST_METHOD="GET" \
+ SCRIPT_NAME="status.php" \
+ SCRIPT_FILENAME="status.php" \
+ cgi-fcgi -bind -connect "{{ $ncURL }}" | grep -q '"installed":true';
+ do
+ echo "Waiting Nextcloud [{{ $ncURL }}] to be ready and installed..."
+ sleep 3
+ done
+
+ echo "Nextcloud is ready and installed..."
+ echo "Starting Nginx..."
+{{- end -}}
diff --git a/stable/nextcloud/22.1.15/templates/common.yaml b/stable/nextcloud/22.1.15/templates/common.yaml
new file mode 100644
index 00000000000..22ed3e0e564
--- /dev/null
+++ b/stable/nextcloud/22.1.15/templates/common.yaml
@@ -0,0 +1,68 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "tc.v1.common.loader.init" . -}}
+
+{{- include "nextcloud.validation" $ -}}
+
+{{/* Render configmaps for all pods */}}
+{{- $configmaps := include "nextcloud.configmaps" . | fromYaml -}}
+{{- if $configmaps -}}
+ {{- $_ := mustMergeOverwrite .Values.configmap $configmaps -}}
+{{- end -}}
+
+{{/* Add [init perms] container to nextcloud */}}
+{{- if not (get .Values.workload.main.podSpec "initContainers") -}}
+ {{- $_ := set .Values.workload.main.podSpec "initContainers" dict -}}
+{{- end -}}
+
+{{- $initPerms := (include "nextcloud.init.perms" . | fromYaml) -}}
+{{- $_ := set .Values.workload.main.podSpec.initContainers "init-perms" $initPerms -}}
+
+{{/* Add [wait nextcloud] container to nginx */}}
+{{- if not (get .Values.workload.nginx.podSpec "initContainers") -}}
+ {{- $_ := set .Values.workload.nginx.podSpec "initContainers" dict -}}
+{{- end -}}
+{{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}}
+{{- $_ := set .Values.workload.nginx.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}}
+
+{{/* Disable [notify push] if requested */}}
+{{- if not .Values.nextcloud.notify_push.enabled -}}
+ {{- $_ := set .Values.workload.notify "enabled" false -}}
+ {{- $_ := set .Values.service.notify "enabled" false -}}
+{{- else -}}
+ {{/* Add [wait nextcloud] container to notify push */}}
+ {{- if not (get .Values.workload.notify.podSpec "initContainers") -}}
+ {{- $_ := set .Values.workload.notify.podSpec "initContainers" dict -}}
+ {{- end -}}
+ {{- $waitNextcloud := (include "nextcloud.wait.nextcloud" . | fromYaml) -}}
+ {{- $_ := set .Values.workload.notify.podSpec.initContainers "wait-nextcloud" $waitNextcloud -}}
+{{- end -}}
+
+{{/* Disable [clamav] if requested */}}
+{{- if not .Values.nextcloud.clamav.enabled -}}
+ {{- $_ := set .Values.workload.clamav "enabled" false -}}
+ {{- $_ := set .Values.service.clamav "enabled" false -}}
+{{- end -}}
+
+{{/* Disable [previews] if requested */}}
+{{- if or (not .Values.nextcloud.previews.imaginary) (not .Values.nextcloud.previews.enabled) -}}
+ {{- $_ := set .Values.workload.imaginary "enabled" false -}}
+ {{- $_ := set .Values.service.imaginary "enabled" false -}}
+{{- end -}}
+
+{{/* Disable [collabora] if requested */}}
+{{- if not .Values.nextcloud.collabora.enabled -}}
+ {{- $_ := set .Values.workload.collabora "enabled" false -}}
+ {{- $_ := set .Values.service.collabora "enabled" false -}}
+{{- end -}}
+
+{{/* Create [cronjobs] defined */}}
+{{- $cronjobs := include "nextcloud.cronjobs" . | fromYaml -}}
+{{- if $cronjobs -}}
+ {{- $_ := mustMergeOverwrite .Values.workload $cronjobs -}}
+{{- end -}}
+
+{{/* TODO: Do we have to cleanup when something (eg Collabora) is disabled? */}}
+{{- include "nextcloud.ingressInjector" $ -}}
+
+{{/* Render the templates */}}
+{{- include "tc.v1.common.loader.apply" . -}}
diff --git a/stable/nextcloud/22.1.15/values.yaml b/stable/nextcloud/22.1.15/values.yaml
new file mode 100644
index 00000000000..e69de29bb2d