Commit new Chart releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
951d2b6312
commit
ff048ae0ba
|
@ -14,6 +14,19 @@ title: Changelog
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update ignored updates to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19433](https://github.com/truecharts/charts/issues/19433))
|
||||||
|
|
||||||
|
- lock file maintenance ignored by renovate ([#19370](https://github.com/truecharts/charts/issues/19370))
|
||||||
|
|
||||||
|
- update ignored by renovate (patch) ([#19333](https://github.com/truecharts/charts/issues/19333))
|
||||||
|
|
||||||
|
|
||||||
|
## [atuin-2.3.1](https://github.com/truecharts/charts/compare/atuin-2.1.2...atuin-2.3.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- update ignored updates to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19433](https://github.com/truecharts/charts/issues/19433))
|
- update ignored updates to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19433](https://github.com/truecharts/charts/issues/19433))
|
||||||
|
|
||||||
- lock file maintenance ignored by renovate ([#19370](https://github.com/truecharts/charts/issues/19370))
|
- lock file maintenance ignored by renovate ([#19370](https://github.com/truecharts/charts/issues/19370))
|
||||||
|
@ -84,16 +97,4 @@ title: Changelog
|
||||||
|
|
||||||
- lock file maintenance ignored by renovate ([#19370](https://github.com/truecharts/charts/issues/19370))
|
- lock file maintenance ignored by renovate ([#19370](https://github.com/truecharts/charts/issues/19370))
|
||||||
|
|
||||||
- update ignored by renovate (patch) ([#19333](https://github.com/truecharts/charts/issues/19333))
|
- update ignored by renovate (patch) ([#19333](https://github.com/truecharts/charts/issues/19333))
|
||||||
|
|
||||||
|
|
||||||
## [atuin-2.3.0](https://github.com/truecharts/charts/compare/atuin-2.1.2...atuin-2.3.0) (2024-03-17)
|
|
||||||
|
|
||||||
### Chore
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- lock file maintenance ignored by renovate ([#19370](https://github.com/truecharts/charts/issues/19370))
|
|
||||||
|
|
||||||
- update ignored by renovate (patch) ([#19333](https://github.com/truecharts/charts/issues/19333))
|
|
||||||
|
|
|
@ -1,26 +0,0 @@
|
||||||
---
|
|
||||||
title: Changelog
|
|
||||||
---
|
|
||||||
|
|
||||||
|
|
||||||
*for the complete changelog, please refer to the website*
|
|
||||||
|
|
||||||
**Important:**
|
|
||||||
|
|
||||||
|
|
||||||
## [authelia-23.6.0](https://github.com/truecharts/charts/compare/authelia-23.5.5...authelia-23.6.0) (2024-03-16)
|
|
||||||
|
|
||||||
### Chore
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- update container image common to v20.1.5[@dc867e0](https://github.com/dc867e0) by renovate ([#19210](https://github.com/truecharts/charts/issues/19210))
|
|
||||||
|
|
||||||
|
|
||||||
## [authelia-23.5.5](https://github.com/truecharts/charts/compare/authelia-23.5.4...authelia-23.5.5) (2024-03-16)
|
|
||||||
|
|
||||||
### Chore
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- rename `enterprise`- train to `premium`-train
|
|
|
@ -1,54 +0,0 @@
|
||||||
annotations:
|
|
||||||
max_scale_version: 24.04.0
|
|
||||||
min_scale_version: 23.10.0
|
|
||||||
truecharts.org/SCALE-support: "true"
|
|
||||||
truecharts.org/category: security
|
|
||||||
truecharts.org/max_helm_version: "3.14"
|
|
||||||
truecharts.org/min_helm_version: "3.12"
|
|
||||||
truecharts.org/train: premium
|
|
||||||
apiVersion: v2
|
|
||||||
appVersion: 4.37.5
|
|
||||||
dependencies:
|
|
||||||
- name: common
|
|
||||||
version: 20.1.5
|
|
||||||
repository: oci://tccr.io/truecharts
|
|
||||||
condition: ""
|
|
||||||
alias: ""
|
|
||||||
tags: []
|
|
||||||
import-values: []
|
|
||||||
- name: redis
|
|
||||||
version: 13.0.3
|
|
||||||
repository: oci://tccr.io/truecharts
|
|
||||||
condition: redis.enabled
|
|
||||||
alias: ""
|
|
||||||
tags: []
|
|
||||||
import-values: []
|
|
||||||
deprecated: false
|
|
||||||
description: Authelia is a Single Sign-On Multi-Factor portal for web apps
|
|
||||||
home: https://truecharts.org/charts/premium/authelia
|
|
||||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/authelia.png
|
|
||||||
keywords:
|
|
||||||
- authelia
|
|
||||||
- authentication
|
|
||||||
- login
|
|
||||||
- SSO
|
|
||||||
- Authentication
|
|
||||||
- Security
|
|
||||||
- Two-Factor
|
|
||||||
- U2F
|
|
||||||
- YubiKey
|
|
||||||
- Push Notifications
|
|
||||||
- LDAP
|
|
||||||
kubeVersion: '>=1.24.0-0'
|
|
||||||
maintainers:
|
|
||||||
- name: TrueCharts
|
|
||||||
email: info@truecharts.org
|
|
||||||
url: https://truecharts.org
|
|
||||||
name: authelia
|
|
||||||
sources:
|
|
||||||
- https://github.com/authelia/chartrepo
|
|
||||||
- https://github.com/authelia/authelia
|
|
||||||
- https://github.com/truecharts/charts/tree/master/charts/premium/authelia
|
|
||||||
- https://ghcr.io/authelia/authelia
|
|
||||||
type: application
|
|
||||||
version: 23.6.0
|
|
Binary file not shown.
Binary file not shown.
|
@ -1,582 +0,0 @@
|
||||||
image:
|
|
||||||
repository: ghcr.io/authelia/authelia
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
tag: 4.37.5@sha256:25fc5423238b6f3a1fc967fda3f6a9212846aeb4a720327ef61c8ccff52dbbe2
|
|
||||||
manifestManager:
|
|
||||||
enabled: true
|
|
||||||
workload:
|
|
||||||
main:
|
|
||||||
replicas: 2
|
|
||||||
strategy: RollingUpdate
|
|
||||||
podSpec:
|
|
||||||
containers:
|
|
||||||
main:
|
|
||||||
command:
|
|
||||||
- authelia
|
|
||||||
args:
|
|
||||||
- --config=/configuration.yaml
|
|
||||||
envFrom:
|
|
||||||
- configMapRef:
|
|
||||||
name: authelia-paths
|
|
||||||
probes:
|
|
||||||
liveness:
|
|
||||||
type: http
|
|
||||||
path: "/api/health"
|
|
||||||
readiness:
|
|
||||||
type: http
|
|
||||||
path: "/api/health"
|
|
||||||
startup:
|
|
||||||
type: http
|
|
||||||
path: "/api/health"
|
|
||||||
service:
|
|
||||||
main:
|
|
||||||
ports:
|
|
||||||
main:
|
|
||||||
port: 9091
|
|
||||||
targetPort: 9091
|
|
||||||
persistence:
|
|
||||||
config:
|
|
||||||
enabled: true
|
|
||||||
mountPath: "/config"
|
|
||||||
cnpg:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
user: authelia
|
|
||||||
database: authelia
|
|
||||||
# Enabled redis
|
|
||||||
# ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis
|
|
||||||
redis:
|
|
||||||
enabled: true
|
|
||||||
domain: example.com
|
|
||||||
##
|
|
||||||
## Server Configuration
|
|
||||||
##
|
|
||||||
server:
|
|
||||||
##
|
|
||||||
## Port sets the configured port for the daemon, service, and the probes.
|
|
||||||
## Default is 9091 and should not need to be changed.
|
|
||||||
##
|
|
||||||
port: 9091
|
|
||||||
## Buffers usually should be configured to be the same value.
|
|
||||||
## Explanation at https://www.authelia.com/docs/configuration/server.html
|
|
||||||
## Read buffer size adjusts the server's max incoming request size in bytes.
|
|
||||||
## Write buffer size does the same for outgoing responses.
|
|
||||||
read_buffer_size: 4096
|
|
||||||
write_buffer_size: 4096
|
|
||||||
## Set the single level path Authelia listens on.
|
|
||||||
## Must be alphanumeric chars and should not contain any slashes.
|
|
||||||
path: ""
|
|
||||||
log:
|
|
||||||
## Level of verbosity for logs: info, debug, trace.
|
|
||||||
level: trace
|
|
||||||
## Format the logs are written as: json, text.
|
|
||||||
format: text
|
|
||||||
## TODO: Statefulness check should check if this is set, and the configMap should enable it.
|
|
||||||
## File path where the logs will be written. If not set logs are written to stdout.
|
|
||||||
# file_path: /config/authelia.log
|
|
||||||
## Default redirection URL
|
|
||||||
##
|
|
||||||
## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
|
|
||||||
## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use
|
|
||||||
## in such a case.
|
|
||||||
##
|
|
||||||
## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication.
|
|
||||||
## Default is https://www.<domain> (value at the top of the values.yaml).
|
|
||||||
default_redirection_url: ""
|
|
||||||
# default_redirection_url: https://example.com
|
|
||||||
|
|
||||||
theme: light
|
|
||||||
##
|
|
||||||
## TOTP Configuration
|
|
||||||
##
|
|
||||||
## Parameters used for TOTP generation
|
|
||||||
totp:
|
|
||||||
## The issuer name displayed in the Authenticator application of your choice
|
|
||||||
## See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
|
|
||||||
## Defaults to <domain>.
|
|
||||||
issuer: ""
|
|
||||||
## The period in seconds a one-time password is current for. Changing this will require all users to register
|
|
||||||
## their TOTP applications again. Warning: before changing period read the docs link below.
|
|
||||||
period: 30
|
|
||||||
## The skew controls number of one-time passwords either side of the current one that are valid.
|
|
||||||
## Warning: before changing skew read the docs link below.
|
|
||||||
## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation.
|
|
||||||
skew: 1
|
|
||||||
##
|
|
||||||
## Password Policy Config
|
|
||||||
##
|
|
||||||
## Parameters used for Password Policies
|
|
||||||
password_policy:
|
|
||||||
## See: https://www.authelia.com/configuration/security/password-policy/
|
|
||||||
standard:
|
|
||||||
enabled: false
|
|
||||||
min_length: 8
|
|
||||||
max_length: 0
|
|
||||||
require_uppercase: false
|
|
||||||
require_lowercase: false
|
|
||||||
require_number: false
|
|
||||||
require_special: false
|
|
||||||
zxcvbn:
|
|
||||||
## See https://www.authelia.com/configuration/security/password-policy/#zxcvbn for more info
|
|
||||||
enabled: false
|
|
||||||
min_score: 3
|
|
||||||
##
|
|
||||||
## Duo Push API Configuration
|
|
||||||
##
|
|
||||||
## Parameters used to contact the Duo API. Those are generated when you protect an application of type
|
|
||||||
## "Partner Auth API" in the management panel.
|
|
||||||
duo_api:
|
|
||||||
enabled: false
|
|
||||||
hostname: api-123456789.example.com
|
|
||||||
integration_key: ABCDEF
|
|
||||||
plain_api_key: ""
|
|
||||||
## NTP settings
|
|
||||||
ntp:
|
|
||||||
address: "time.cloudflare.com:123"
|
|
||||||
version: 4
|
|
||||||
max_desync: 3s
|
|
||||||
disable_startup_check: false
|
|
||||||
disable_failure: true
|
|
||||||
##
|
|
||||||
## Authentication Backend Provider Configuration
|
|
||||||
##
|
|
||||||
## Used for verifying user passwords and retrieve information such as email address and groups users belong to.
|
|
||||||
##
|
|
||||||
## The available providers are: `file`, `ldap`. You must use one and only one of these providers.
|
|
||||||
authentication_backend:
|
|
||||||
## Disable both the HTML element and the API for reset password functionality
|
|
||||||
disable_reset_password: false
|
|
||||||
## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation.
|
|
||||||
## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will
|
|
||||||
## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP.
|
|
||||||
## To force update on every request you can set this to '0' or 'always', this will increase processor demand.
|
|
||||||
## See the below documentation for more information.
|
|
||||||
## Duration Notation docs: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
|
||||||
## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval
|
|
||||||
refresh_interval: 5m
|
|
||||||
## LDAP backend configuration.
|
|
||||||
##
|
|
||||||
## This backend allows Authelia to be scaled to more
|
|
||||||
## than one instance and therefore is recommended for
|
|
||||||
## production.
|
|
||||||
ldap:
|
|
||||||
## Enable LDAP Backend.
|
|
||||||
enabled: false
|
|
||||||
## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
|
|
||||||
## Acceptable options are as follows:
|
|
||||||
## - 'activedirectory' - For Microsoft Active Directory.
|
|
||||||
## - 'custom' - For custom specifications of attributes and filters.
|
|
||||||
## This currently defaults to 'custom' to maintain existing behaviour.
|
|
||||||
##
|
|
||||||
## Depending on the option here certain other values in this section have a default value, notably all of the
|
|
||||||
## attribute mappings have a default value that this config overrides, you can read more about these default values
|
|
||||||
## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults
|
|
||||||
implementation: activedirectory
|
|
||||||
## The url to the ldap server. Format: <scheme>://<address>[:<port>].
|
|
||||||
## Scheme can be ldap or ldaps in the format (port optional).
|
|
||||||
url: ldap://openldap.default.svc.cluster.local
|
|
||||||
## Connection Timeout.
|
|
||||||
timeout: 5s
|
|
||||||
## Use StartTLS with the LDAP connection.
|
|
||||||
start_tls: false
|
|
||||||
tls:
|
|
||||||
## Server Name for certificate validation (in case it's not set correctly in the URL).
|
|
||||||
server_name: ""
|
|
||||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
|
||||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
|
||||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
|
||||||
skip_verify: false
|
|
||||||
## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
|
|
||||||
minimum_version: TLS1.2
|
|
||||||
## The base dn for every LDAP query.
|
|
||||||
base_dn: DC=example,DC=com
|
|
||||||
## The attribute holding the username of the user. This attribute is used to populate the username in the session
|
|
||||||
## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
|
|
||||||
## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this
|
|
||||||
## attribute holds the unique identifiers for the users binding the user and the configuration stored in database.
|
|
||||||
## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user
|
|
||||||
## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also
|
|
||||||
## be used but we don't recommend using them, we instead advise to use the attributes mentioned above
|
|
||||||
## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt.
|
|
||||||
username_attribute: "uid"
|
|
||||||
## An additional dn to define the scope to all users.
|
|
||||||
additional_users_dn: OU=Users
|
|
||||||
## The users filter used in search queries to find the user profile based on input filled in login form.
|
|
||||||
## Various placeholders are available in the user filter:
|
|
||||||
## - {input} is a placeholder replaced by what the user inputs in the login form.
|
|
||||||
## - {username_attribute} is a mandatory placeholder replaced by what is configured in `username_attribute`.
|
|
||||||
## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
|
|
||||||
## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
|
|
||||||
## versions, so please don't use it.
|
|
||||||
##
|
|
||||||
## Recommended settings are as follows:
|
|
||||||
## - Microsoft Active Directory: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))
|
|
||||||
## - OpenLDAP:
|
|
||||||
## - (&({username_attribute}={input})(objectClass=person))
|
|
||||||
## - (&({username_attribute}={input})(objectClass=inetOrgPerson))
|
|
||||||
##
|
|
||||||
## To allow sign in both with username and email, one can use a filter like
|
|
||||||
## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
|
|
||||||
users_filter: ""
|
|
||||||
## An additional dn to define the scope of groups.
|
|
||||||
additional_groups_dn: OU=Groups
|
|
||||||
## The groups filter used in search queries to find the groups of the user.
|
|
||||||
## - {input} is a placeholder replaced by what the user inputs in the login form.
|
|
||||||
## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`).
|
|
||||||
## - {dn} is a matcher replaced by the user distinguished name, aka, user DN.
|
|
||||||
## - {username_attribute} is a placeholder replaced by what is configured in `username_attribute`.
|
|
||||||
## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
|
|
||||||
## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
|
|
||||||
## versions, so please don't use it.
|
|
||||||
## - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in
|
|
||||||
## later version, so please don't use it.
|
|
||||||
##
|
|
||||||
## If your groups use the `groupOfUniqueNames` structure use this instead:
|
|
||||||
## (&(uniquemember={dn})(objectclass=groupOfUniqueNames))
|
|
||||||
groups_filter: ""
|
|
||||||
## The attribute holding the name of the group
|
|
||||||
group_name_attribute: "cn"
|
|
||||||
## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the
|
|
||||||
## first one returned by the LDAP server is used.
|
|
||||||
mail_attribute: "mail"
|
|
||||||
## The attribute holding the display name of the user. This will be used to greet an authenticated user.
|
|
||||||
display_name_attribute: "displayname"
|
|
||||||
## The username of the admin user.
|
|
||||||
user: CN=admin,DC=example,DC=com
|
|
||||||
plain_password: ""
|
|
||||||
##
|
|
||||||
## File (Authentication Provider)
|
|
||||||
##
|
|
||||||
## With this backend, the users database is stored in a file which is updated when users reset their passwords.
|
|
||||||
## Therefore, this backend is meant to be used in a dev environment and not in production since it prevents Authelia
|
|
||||||
## to be scaled to more than one instance. The options under 'password' have sane defaults, and as it has security
|
|
||||||
## implications it is highly recommended you leave the default values. Before considering changing these settings
|
|
||||||
## please read the docs page below:
|
|
||||||
## https://www.authelia.com/docs/configuration/authentication/file.html#password-hash-algorithm-tuning
|
|
||||||
##
|
|
||||||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
|
|
||||||
##
|
|
||||||
file:
|
|
||||||
enabled: true
|
|
||||||
path: /config/users_database.yml
|
|
||||||
password:
|
|
||||||
algorithm: argon2id
|
|
||||||
iterations: 1
|
|
||||||
key_length: 32
|
|
||||||
salt_length: 16
|
|
||||||
memory: 1024
|
|
||||||
parallelism: 8
|
|
||||||
##
|
|
||||||
## Access Control Configuration
|
|
||||||
##
|
|
||||||
## Access control is a list of rules defining the authorizations applied for one resource to users or group of users.
|
|
||||||
##
|
|
||||||
## If 'access_control' is not defined, ACL rules are disabled and the 'bypass' rule is applied, i.e., access is allowed
|
|
||||||
## to anyone. Otherwise restrictions follow the rules defined.
|
|
||||||
##
|
|
||||||
## Note: One can use the wildcard * to match any subdomain.
|
|
||||||
## It must stand at the beginning of the pattern. (example: *.mydomain.com)
|
|
||||||
##
|
|
||||||
## Note: You must put patterns containing wildcards between simple quotes for the YAML to be syntactically correct.
|
|
||||||
##
|
|
||||||
## Definition: A 'rule' is an object with the following keys: 'domain', 'subject', 'policy' and 'resources'.
|
|
||||||
##
|
|
||||||
## - 'domain' defines which domain or set of domains the rule applies to.
|
|
||||||
##
|
|
||||||
## - 'subject' defines the subject to apply authorizations to. This parameter is optional and matching any user if not
|
|
||||||
## provided. If provided, the parameter represents either a user or a group. It should be of the form
|
|
||||||
## 'user:<username>' or 'group:<groupname>'.
|
|
||||||
##
|
|
||||||
## - 'policy' is the policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'.
|
|
||||||
##
|
|
||||||
## - 'resources' is a list of regular expressions that matches a set of resources to apply the policy to. This parameter
|
|
||||||
## is optional and matches any resource if not provided.
|
|
||||||
##
|
|
||||||
## Note: the order of the rules is important. The first policy matching (domain, resource, subject) applies.
|
|
||||||
access_control:
|
|
||||||
## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
|
|
||||||
## resource if there is no policy to be applied to the user.
|
|
||||||
default_policy: deny
|
|
||||||
networks_access_control: []
|
|
||||||
# networks_access_control:
|
|
||||||
# - name: private
|
|
||||||
# networks:
|
|
||||||
# - 10.0.0.0/8
|
|
||||||
# - 172.16.0.0/12
|
|
||||||
# - 192.168.0.0/16
|
|
||||||
# - name: vpn
|
|
||||||
# networks:
|
|
||||||
# - 10.9.0.0/16
|
|
||||||
|
|
||||||
rules: []
|
|
||||||
# rules:
|
|
||||||
# - domain: public.example.com
|
|
||||||
# policy: bypass
|
|
||||||
# - domain: "*.example.com"
|
|
||||||
# policy: bypass
|
|
||||||
# methods:
|
|
||||||
# - OPTIONS
|
|
||||||
# - domain: secure.example.com
|
|
||||||
# policy: one_factor
|
|
||||||
# networks:
|
|
||||||
# - private
|
|
||||||
# - vpn
|
|
||||||
# - 192.168.1.0/24
|
|
||||||
# - 10.0.0.1
|
|
||||||
# - domain:
|
|
||||||
# - secure.example.com
|
|
||||||
# - private.example.com
|
|
||||||
# policy: two_factor
|
|
||||||
# - domain: singlefactor.example.com
|
|
||||||
# policy: one_factor
|
|
||||||
# - domain: "mx2.mail.example.com"
|
|
||||||
# subject: "group:admins"
|
|
||||||
# policy: deny
|
|
||||||
# - domain: "*.example.com"
|
|
||||||
# subject:
|
|
||||||
# - "group:admins"
|
|
||||||
# - "group:moderators"
|
|
||||||
# policy: two_factor
|
|
||||||
# - domain: dev.example.com
|
|
||||||
# resources:
|
|
||||||
# - "^/groups/dev/.*$"
|
|
||||||
# subject: "group:dev"
|
|
||||||
# policy: two_factor
|
|
||||||
# - domain: dev.example.com
|
|
||||||
# resources:
|
|
||||||
# - "^/users/john/.*$"
|
|
||||||
# subject:
|
|
||||||
# - ["group:dev", "user:john"]
|
|
||||||
# - "group:admins"
|
|
||||||
# policy: two_factor
|
|
||||||
# - domain: "{user}.example.com"
|
|
||||||
# policy: bypass
|
|
||||||
##
|
|
||||||
## Session Provider Configuration
|
|
||||||
##
|
|
||||||
## The session cookies identify the user once logged in.
|
|
||||||
## The available providers are: `memory`, `redis`. Memory is the provider unless redis is defined.
|
|
||||||
session:
|
|
||||||
## The name of the session cookie. (default: authelia_session).
|
|
||||||
name: authelia_session
|
|
||||||
## Sets the Cookie SameSite value. Possible options are none, lax, or strict.
|
|
||||||
## Please read https://www.authelia.com/docs/configuration/session.html#same_site
|
|
||||||
same_site: lax
|
|
||||||
## The time in seconds before the cookie expires and session is reset.
|
|
||||||
expiration: 1h
|
|
||||||
## The inactivity time in seconds before the session is reset.
|
|
||||||
inactivity: 5m
|
|
||||||
## The remember me duration.
|
|
||||||
## Value is in seconds, or duration notation. Value of 0 disables remember me.
|
|
||||||
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
|
||||||
## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to
|
|
||||||
## spy or attack. Currently the default is 1M or 1 month.
|
|
||||||
remember_me_duration: 1M
|
|
||||||
##
|
|
||||||
## Redis Provider
|
|
||||||
##
|
|
||||||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
|
|
||||||
##
|
|
||||||
## The redis connection details
|
|
||||||
redisProvider:
|
|
||||||
port: 6379
|
|
||||||
## Optional username to be used with authentication.
|
|
||||||
# username: authelia
|
|
||||||
username: ""
|
|
||||||
## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
|
|
||||||
database_index: 0
|
|
||||||
## The maximum number of concurrent active connections to Redis.
|
|
||||||
maximum_active_connections: 8
|
|
||||||
## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
|
|
||||||
minimum_idle_connections: 0
|
|
||||||
## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
|
|
||||||
tls:
|
|
||||||
enabled: false
|
|
||||||
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
|
|
||||||
server_name: ""
|
|
||||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
|
||||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
|
||||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
|
||||||
skip_verify: false
|
|
||||||
## Minimum TLS version for the connection.
|
|
||||||
minimum_version: TLS1.2
|
|
||||||
## The Redis HA configuration options.
|
|
||||||
## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
|
|
||||||
high_availability:
|
|
||||||
enabled: false
|
|
||||||
enabledSecret: false
|
|
||||||
## Sentinel Name / Master Name
|
|
||||||
sentinel_name: mysentinel
|
|
||||||
## The additional nodes to pre-seed the redis provider with (for sentinel).
|
|
||||||
## If the host in the above section is defined, it will be combined with this list to connect to sentinel.
|
|
||||||
## For high availability to be used you must have either defined; the host above or at least one node below.
|
|
||||||
nodes: []
|
|
||||||
# nodes:
|
|
||||||
# - host: sentinel-0.databases.svc.cluster.local
|
|
||||||
# port: 26379
|
|
||||||
# - host: sentinel-1.databases.svc.cluster.local
|
|
||||||
# port: 26379
|
|
||||||
|
|
||||||
## Choose the host with the lowest latency.
|
|
||||||
route_by_latency: false
|
|
||||||
## Choose the host randomly.
|
|
||||||
route_randomly: false
|
|
||||||
##
|
|
||||||
## Regulation Configuration
|
|
||||||
##
|
|
||||||
## This mechanism prevents attackers from brute forcing the first factor. It bans the user if too many attempts are done
|
|
||||||
## in a short period of time.
|
|
||||||
regulation:
|
|
||||||
## The number of failed login attempts before user is banned. Set it to 0 to disable regulation.
|
|
||||||
max_retries: 3
|
|
||||||
## The time range during which the user can attempt login before being banned. The user is banned if the
|
|
||||||
## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation.
|
|
||||||
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
|
||||||
find_time: 2m
|
|
||||||
## The length of time before a banned user can login again. Ban Time accepts duration notation.
|
|
||||||
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
|
||||||
ban_time: 5m
|
|
||||||
##
|
|
||||||
## Storage Provider Configuration
|
|
||||||
##
|
|
||||||
## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers.
|
|
||||||
storage:
|
|
||||||
##
|
|
||||||
## PostgreSQL (Storage Provider)
|
|
||||||
##
|
|
||||||
postgres:
|
|
||||||
port: 5432
|
|
||||||
database: authelia
|
|
||||||
username: authelia
|
|
||||||
sslmode: disable
|
|
||||||
timeout: 5s
|
|
||||||
##
|
|
||||||
## Notification Provider
|
|
||||||
##
|
|
||||||
##
|
|
||||||
## Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration.
|
|
||||||
## The available providers are: filesystem, smtp. You must use one and only one of these providers.
|
|
||||||
notifier:
|
|
||||||
## You can disable the notifier startup check by setting this to true.
|
|
||||||
disable_startup_check: false
|
|
||||||
##
|
|
||||||
## File System (Notification Provider)
|
|
||||||
##
|
|
||||||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
|
|
||||||
##
|
|
||||||
filesystem:
|
|
||||||
enabled: true
|
|
||||||
filename: /config/notification.txt
|
|
||||||
##
|
|
||||||
## SMTP (Notification Provider)
|
|
||||||
##
|
|
||||||
## Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate.
|
|
||||||
## [Security] By default Authelia will:
|
|
||||||
## - force all SMTP connections over TLS including unauthenticated connections
|
|
||||||
## - use the disable_require_tls boolean value to disable this requirement
|
|
||||||
## (only works for unauthenticated connections)
|
|
||||||
## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates
|
|
||||||
## (configure in tls section)
|
|
||||||
smtp:
|
|
||||||
enabled: false
|
|
||||||
enabledSecret: false
|
|
||||||
host: smtp.mail.svc.cluster.local
|
|
||||||
port: 25
|
|
||||||
timeout: 5s
|
|
||||||
username: test
|
|
||||||
plain_password: test
|
|
||||||
sender: admin@example.com
|
|
||||||
## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost.
|
|
||||||
identifier: localhost
|
|
||||||
## Subject configuration of the emails sent.
|
|
||||||
## {title} is replaced by the text from the notifier
|
|
||||||
subject: "[Authelia] {title}"
|
|
||||||
## This address is used during the startup check to verify the email configuration is correct.
|
|
||||||
## It's not important what it is except if your email server only allows local delivery.
|
|
||||||
startup_check_address: test@authelia.com
|
|
||||||
disable_require_tls: false
|
|
||||||
disable_html_emails: false
|
|
||||||
tls:
|
|
||||||
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
|
|
||||||
server_name: ""
|
|
||||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
|
||||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
|
||||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
|
||||||
skip_verify: false
|
|
||||||
## Minimum TLS version for either StartTLS or SMTPS.
|
|
||||||
minimum_version: TLS1.2
|
|
||||||
identity_providers:
|
|
||||||
oidc:
|
|
||||||
## Enables this in the config map. Currently in beta stage.
|
|
||||||
## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap
|
|
||||||
enabled: false
|
|
||||||
access_token_lifespan: 1h
|
|
||||||
authorize_code_lifespan: 1m
|
|
||||||
id_token_lifespan: 1h
|
|
||||||
refresh_token_lifespan: 90m
|
|
||||||
enable_client_debug_messages: false
|
|
||||||
## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for
|
|
||||||
## security reasons.
|
|
||||||
minimum_parameter_entropy: 8
|
|
||||||
clients: []
|
|
||||||
# clients:
|
|
||||||
# -
|
|
||||||
## The ID is the OpenID Connect ClientID which is used to link an application to a configuration.
|
|
||||||
# id: myapp
|
|
||||||
## The description to show to users when they end up on the consent screen. Defaults to the ID above.
|
|
||||||
# description: My Application
|
|
||||||
|
|
||||||
## The client secret is a shared secret between Authelia and the consumer of this client.
|
|
||||||
# secret: apple123
|
|
||||||
|
|
||||||
## Sets the client to public. This should typically not be set, please see the documentation for usage.
|
|
||||||
# public: false
|
|
||||||
|
|
||||||
## The policy to require for this client; one_factor or two_factor.
|
|
||||||
# authorization_policy: two_factor
|
|
||||||
|
|
||||||
## Configures the consent mode; auto, explicit or implicit
|
|
||||||
# consent_mode: auto
|
|
||||||
|
|
||||||
## Audience this client is allowed to request.
|
|
||||||
# audience: []
|
|
||||||
|
|
||||||
## Scopes this client is allowed to request.
|
|
||||||
# scopes:
|
|
||||||
# - openid
|
|
||||||
# - profile
|
|
||||||
# - email
|
|
||||||
# - groups
|
|
||||||
|
|
||||||
## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
|
|
||||||
# redirect_uris:
|
|
||||||
# - https://oidc.example.com/oauth2/callback
|
|
||||||
|
|
||||||
## Grant Types configures which grants this client can obtain.
|
|
||||||
## It's not recommended to configure this unless you know what you're doing.
|
|
||||||
# grant_types:
|
|
||||||
# - refresh_token
|
|
||||||
# - authorization_code
|
|
||||||
|
|
||||||
## Response Types configures which responses this client can be sent.
|
|
||||||
## It's not recommended to configure this unless you know what you're doing.
|
|
||||||
# response_types:
|
|
||||||
# - code
|
|
||||||
|
|
||||||
## Response Modes configures which response modes this client supports.
|
|
||||||
## It's not recommended to configure this unless you know what you're doing.
|
|
||||||
# response_modes:
|
|
||||||
# - form_post
|
|
||||||
# - query
|
|
||||||
# - fragment
|
|
||||||
|
|
||||||
## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
|
|
||||||
# userinfo_signing_algorithm: none
|
|
||||||
|
|
||||||
portal:
|
|
||||||
open:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
required: true
|
|
|
@ -0,0 +1,100 @@
|
||||||
|
---
|
||||||
|
title: Changelog
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
*for the complete changelog, please refer to the website*
|
||||||
|
|
||||||
|
**Important:**
|
||||||
|
|
||||||
|
|
||||||
|
## [authelia-23.8.2](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.2) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
||||||
|
|
||||||
|
|
||||||
|
## [authelia-23.8.1](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
||||||
|
|
||||||
|
|
||||||
|
## [authelia-23.8.1](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
||||||
|
|
||||||
|
|
||||||
|
## [authelia-23.8.1](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
||||||
|
|
||||||
|
|
||||||
|
## [authelia-23.8.1](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
||||||
|
|
||||||
|
|
||||||
|
## [authelia-23.8.1](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
|
@ -0,0 +1,54 @@
|
||||||
|
annotations:
|
||||||
|
max_scale_version: 24.04.0
|
||||||
|
min_scale_version: 23.10.0
|
||||||
|
truecharts.org/SCALE-support: "true"
|
||||||
|
truecharts.org/category: security
|
||||||
|
truecharts.org/max_helm_version: "3.14"
|
||||||
|
truecharts.org/min_helm_version: "3.11"
|
||||||
|
truecharts.org/train: premium
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 4.38.3
|
||||||
|
dependencies:
|
||||||
|
- name: common
|
||||||
|
version: 20.2.2
|
||||||
|
repository: oci://tccr.io/truecharts
|
||||||
|
condition: ""
|
||||||
|
alias: ""
|
||||||
|
tags: []
|
||||||
|
import-values: []
|
||||||
|
- name: redis
|
||||||
|
version: 13.0.5
|
||||||
|
repository: oci://tccr.io/truecharts
|
||||||
|
condition: redis.enabled
|
||||||
|
alias: ""
|
||||||
|
tags: []
|
||||||
|
import-values: []
|
||||||
|
deprecated: false
|
||||||
|
description: Authelia is a Single Sign-On Multi-Factor portal for web apps
|
||||||
|
home: https://truecharts.org/charts/premium/authelia
|
||||||
|
icon: https://truecharts.org/img/hotlink-ok/chart-icons/authelia.png
|
||||||
|
keywords:
|
||||||
|
- authelia
|
||||||
|
- authentication
|
||||||
|
- login
|
||||||
|
- SSO
|
||||||
|
- Authentication
|
||||||
|
- Security
|
||||||
|
- Two-Factor
|
||||||
|
- U2F
|
||||||
|
- YubiKey
|
||||||
|
- Push Notifications
|
||||||
|
- LDAP
|
||||||
|
kubeVersion: '>=1.24.0-0'
|
||||||
|
maintainers:
|
||||||
|
- name: TrueCharts
|
||||||
|
email: info@truecharts.org
|
||||||
|
url: https://truecharts.org
|
||||||
|
name: authelia
|
||||||
|
sources:
|
||||||
|
- https://github.com/authelia/chartrepo
|
||||||
|
- https://github.com/authelia/authelia
|
||||||
|
- https://github.com/truecharts/charts/tree/master/charts/premium/authelia
|
||||||
|
- https://ghcr.io/authelia/authelia
|
||||||
|
type: application
|
||||||
|
version: 23.8.2
|
|
@ -0,0 +1,17 @@
|
||||||
|
|
||||||
|
|
||||||
|
## [authelia-23.8.2](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.2) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
Binary file not shown.
|
@ -0,0 +1,582 @@
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/authelia/authelia
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
tag: 4.38.3@sha256:2405f5c923edb14c2b83d30315ec584f99cabffd79da91d8a990711a3cf1ab6c
|
||||||
|
manifestManager:
|
||||||
|
enabled: true
|
||||||
|
workload:
|
||||||
|
main:
|
||||||
|
replicas: 2
|
||||||
|
strategy: RollingUpdate
|
||||||
|
podSpec:
|
||||||
|
containers:
|
||||||
|
main:
|
||||||
|
command:
|
||||||
|
- authelia
|
||||||
|
args:
|
||||||
|
- --config=/configuration.yaml
|
||||||
|
envFrom:
|
||||||
|
- configMapRef:
|
||||||
|
name: authelia-paths
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
type: http
|
||||||
|
path: "/api/health"
|
||||||
|
readiness:
|
||||||
|
type: http
|
||||||
|
path: "/api/health"
|
||||||
|
startup:
|
||||||
|
type: http
|
||||||
|
path: "/api/health"
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
main:
|
||||||
|
port: 9091
|
||||||
|
targetPort: 9091
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
mountPath: "/config"
|
||||||
|
cnpg:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
user: authelia
|
||||||
|
database: authelia
|
||||||
|
# Enabled redis
|
||||||
|
# ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis
|
||||||
|
redis:
|
||||||
|
enabled: true
|
||||||
|
domain: example.com
|
||||||
|
##
|
||||||
|
## Server Configuration
|
||||||
|
##
|
||||||
|
server:
|
||||||
|
##
|
||||||
|
## Port sets the configured port for the daemon, service, and the probes.
|
||||||
|
## Default is 9091 and should not need to be changed.
|
||||||
|
##
|
||||||
|
port: 9091
|
||||||
|
## Buffers usually should be configured to be the same value.
|
||||||
|
## Explanation at https://www.authelia.com/docs/configuration/server.html
|
||||||
|
## Read buffer size adjusts the server's max incoming request size in bytes.
|
||||||
|
## Write buffer size does the same for outgoing responses.
|
||||||
|
read_buffer_size: 4096
|
||||||
|
write_buffer_size: 4096
|
||||||
|
## Set the single level path Authelia listens on.
|
||||||
|
## Must be alphanumeric chars and should not contain any slashes.
|
||||||
|
path: ""
|
||||||
|
log:
|
||||||
|
## Level of verbosity for logs: info, debug, trace.
|
||||||
|
level: trace
|
||||||
|
## Format the logs are written as: json, text.
|
||||||
|
format: text
|
||||||
|
## TODO: Statefulness check should check if this is set, and the configMap should enable it.
|
||||||
|
## File path where the logs will be written. If not set logs are written to stdout.
|
||||||
|
# file_path: /config/authelia.log
|
||||||
|
## Default redirection URL
|
||||||
|
##
|
||||||
|
## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
|
||||||
|
## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use
|
||||||
|
## in such a case.
|
||||||
|
##
|
||||||
|
## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication.
|
||||||
|
## Default is https://www.<domain> (value at the top of the values.yaml).
|
||||||
|
default_redirection_url: ""
|
||||||
|
# default_redirection_url: https://example.com
|
||||||
|
|
||||||
|
theme: light
|
||||||
|
##
|
||||||
|
## TOTP Configuration
|
||||||
|
##
|
||||||
|
## Parameters used for TOTP generation
|
||||||
|
totp:
|
||||||
|
## The issuer name displayed in the Authenticator application of your choice
|
||||||
|
## See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
|
||||||
|
## Defaults to <domain>.
|
||||||
|
issuer: ""
|
||||||
|
## The period in seconds a one-time password is current for. Changing this will require all users to register
|
||||||
|
## their TOTP applications again. Warning: before changing period read the docs link below.
|
||||||
|
period: 30
|
||||||
|
## The skew controls number of one-time passwords either side of the current one that are valid.
|
||||||
|
## Warning: before changing skew read the docs link below.
|
||||||
|
## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation.
|
||||||
|
skew: 1
|
||||||
|
##
|
||||||
|
## Password Policy Config
|
||||||
|
##
|
||||||
|
## Parameters used for Password Policies
|
||||||
|
password_policy:
|
||||||
|
## See: https://www.authelia.com/configuration/security/password-policy/
|
||||||
|
standard:
|
||||||
|
enabled: false
|
||||||
|
min_length: 8
|
||||||
|
max_length: 0
|
||||||
|
require_uppercase: false
|
||||||
|
require_lowercase: false
|
||||||
|
require_number: false
|
||||||
|
require_special: false
|
||||||
|
zxcvbn:
|
||||||
|
## See https://www.authelia.com/configuration/security/password-policy/#zxcvbn for more info
|
||||||
|
enabled: false
|
||||||
|
min_score: 3
|
||||||
|
##
|
||||||
|
## Duo Push API Configuration
|
||||||
|
##
|
||||||
|
## Parameters used to contact the Duo API. Those are generated when you protect an application of type
|
||||||
|
## "Partner Auth API" in the management panel.
|
||||||
|
duo_api:
|
||||||
|
enabled: false
|
||||||
|
hostname: api-123456789.example.com
|
||||||
|
integration_key: ABCDEF
|
||||||
|
plain_api_key: ""
|
||||||
|
## NTP settings
|
||||||
|
ntp:
|
||||||
|
address: "time.cloudflare.com:123"
|
||||||
|
version: 4
|
||||||
|
max_desync: 3s
|
||||||
|
disable_startup_check: false
|
||||||
|
disable_failure: true
|
||||||
|
##
|
||||||
|
## Authentication Backend Provider Configuration
|
||||||
|
##
|
||||||
|
## Used for verifying user passwords and retrieve information such as email address and groups users belong to.
|
||||||
|
##
|
||||||
|
## The available providers are: `file`, `ldap`. You must use one and only one of these providers.
|
||||||
|
authentication_backend:
|
||||||
|
## Disable both the HTML element and the API for reset password functionality
|
||||||
|
disable_reset_password: false
|
||||||
|
## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation.
|
||||||
|
## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will
|
||||||
|
## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP.
|
||||||
|
## To force update on every request you can set this to '0' or 'always', this will increase processor demand.
|
||||||
|
## See the below documentation for more information.
|
||||||
|
## Duration Notation docs: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||||
|
## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval
|
||||||
|
refresh_interval: 5m
|
||||||
|
## LDAP backend configuration.
|
||||||
|
##
|
||||||
|
## This backend allows Authelia to be scaled to more
|
||||||
|
## than one instance and therefore is recommended for
|
||||||
|
## production.
|
||||||
|
ldap:
|
||||||
|
## Enable LDAP Backend.
|
||||||
|
enabled: false
|
||||||
|
## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
|
||||||
|
## Acceptable options are as follows:
|
||||||
|
## - 'activedirectory' - For Microsoft Active Directory.
|
||||||
|
## - 'custom' - For custom specifications of attributes and filters.
|
||||||
|
## This currently defaults to 'custom' to maintain existing behaviour.
|
||||||
|
##
|
||||||
|
## Depending on the option here certain other values in this section have a default value, notably all of the
|
||||||
|
## attribute mappings have a default value that this config overrides, you can read more about these default values
|
||||||
|
## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults
|
||||||
|
implementation: activedirectory
|
||||||
|
## The url to the ldap server. Format: <scheme>://<address>[:<port>].
|
||||||
|
## Scheme can be ldap or ldaps in the format (port optional).
|
||||||
|
url: ldap://openldap.default.svc.cluster.local
|
||||||
|
## Connection Timeout.
|
||||||
|
timeout: 5s
|
||||||
|
## Use StartTLS with the LDAP connection.
|
||||||
|
start_tls: false
|
||||||
|
tls:
|
||||||
|
## Server Name for certificate validation (in case it's not set correctly in the URL).
|
||||||
|
server_name: ""
|
||||||
|
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||||
|
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||||
|
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||||
|
skip_verify: false
|
||||||
|
## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
|
||||||
|
minimum_version: TLS1.2
|
||||||
|
## The base dn for every LDAP query.
|
||||||
|
base_dn: DC=example,DC=com
|
||||||
|
## The attribute holding the username of the user. This attribute is used to populate the username in the session
|
||||||
|
## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
|
||||||
|
## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this
|
||||||
|
## attribute holds the unique identifiers for the users binding the user and the configuration stored in database.
|
||||||
|
## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user
|
||||||
|
## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also
|
||||||
|
## be used but we don't recommend using them, we instead advise to use the attributes mentioned above
|
||||||
|
## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt.
|
||||||
|
username_attribute: "uid"
|
||||||
|
## An additional dn to define the scope to all users.
|
||||||
|
additional_users_dn: OU=Users
|
||||||
|
## The users filter used in search queries to find the user profile based on input filled in login form.
|
||||||
|
## Various placeholders are available in the user filter:
|
||||||
|
## - {input} is a placeholder replaced by what the user inputs in the login form.
|
||||||
|
## - {username_attribute} is a mandatory placeholder replaced by what is configured in `username_attribute`.
|
||||||
|
## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
|
||||||
|
## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
|
||||||
|
## versions, so please don't use it.
|
||||||
|
##
|
||||||
|
## Recommended settings are as follows:
|
||||||
|
## - Microsoft Active Directory: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))
|
||||||
|
## - OpenLDAP:
|
||||||
|
## - (&({username_attribute}={input})(objectClass=person))
|
||||||
|
## - (&({username_attribute}={input})(objectClass=inetOrgPerson))
|
||||||
|
##
|
||||||
|
## To allow sign in both with username and email, one can use a filter like
|
||||||
|
## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
|
||||||
|
users_filter: ""
|
||||||
|
## An additional dn to define the scope of groups.
|
||||||
|
additional_groups_dn: OU=Groups
|
||||||
|
## The groups filter used in search queries to find the groups of the user.
|
||||||
|
## - {input} is a placeholder replaced by what the user inputs in the login form.
|
||||||
|
## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`).
|
||||||
|
## - {dn} is a matcher replaced by the user distinguished name, aka, user DN.
|
||||||
|
## - {username_attribute} is a placeholder replaced by what is configured in `username_attribute`.
|
||||||
|
## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
|
||||||
|
## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
|
||||||
|
## versions, so please don't use it.
|
||||||
|
## - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in
|
||||||
|
## later version, so please don't use it.
|
||||||
|
##
|
||||||
|
## If your groups use the `groupOfUniqueNames` structure use this instead:
|
||||||
|
## (&(uniquemember={dn})(objectclass=groupOfUniqueNames))
|
||||||
|
groups_filter: ""
|
||||||
|
## The attribute holding the name of the group
|
||||||
|
group_name_attribute: "cn"
|
||||||
|
## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the
|
||||||
|
## first one returned by the LDAP server is used.
|
||||||
|
mail_attribute: "mail"
|
||||||
|
## The attribute holding the display name of the user. This will be used to greet an authenticated user.
|
||||||
|
display_name_attribute: "displayname"
|
||||||
|
## The username of the admin user.
|
||||||
|
user: CN=admin,DC=example,DC=com
|
||||||
|
plain_password: ""
|
||||||
|
##
|
||||||
|
## File (Authentication Provider)
|
||||||
|
##
|
||||||
|
## With this backend, the users database is stored in a file which is updated when users reset their passwords.
|
||||||
|
## Therefore, this backend is meant to be used in a dev environment and not in production since it prevents Authelia
|
||||||
|
## to be scaled to more than one instance. The options under 'password' have sane defaults, and as it has security
|
||||||
|
## implications it is highly recommended you leave the default values. Before considering changing these settings
|
||||||
|
## please read the docs page below:
|
||||||
|
## https://www.authelia.com/docs/configuration/authentication/file.html#password-hash-algorithm-tuning
|
||||||
|
##
|
||||||
|
## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
|
||||||
|
##
|
||||||
|
file:
|
||||||
|
enabled: true
|
||||||
|
path: /config/users_database.yml
|
||||||
|
password:
|
||||||
|
algorithm: argon2id
|
||||||
|
iterations: 1
|
||||||
|
key_length: 32
|
||||||
|
salt_length: 16
|
||||||
|
memory: 1024
|
||||||
|
parallelism: 8
|
||||||
|
##
|
||||||
|
## Access Control Configuration
|
||||||
|
##
|
||||||
|
## Access control is a list of rules defining the authorizations applied for one resource to users or group of users.
|
||||||
|
##
|
||||||
|
## If 'access_control' is not defined, ACL rules are disabled and the 'bypass' rule is applied, i.e., access is allowed
|
||||||
|
## to anyone. Otherwise restrictions follow the rules defined.
|
||||||
|
##
|
||||||
|
## Note: One can use the wildcard * to match any subdomain.
|
||||||
|
## It must stand at the beginning of the pattern. (example: *.mydomain.com)
|
||||||
|
##
|
||||||
|
## Note: You must put patterns containing wildcards between simple quotes for the YAML to be syntactically correct.
|
||||||
|
##
|
||||||
|
## Definition: A 'rule' is an object with the following keys: 'domain', 'subject', 'policy' and 'resources'.
|
||||||
|
##
|
||||||
|
## - 'domain' defines which domain or set of domains the rule applies to.
|
||||||
|
##
|
||||||
|
## - 'subject' defines the subject to apply authorizations to. This parameter is optional and matching any user if not
|
||||||
|
## provided. If provided, the parameter represents either a user or a group. It should be of the form
|
||||||
|
## 'user:<username>' or 'group:<groupname>'.
|
||||||
|
##
|
||||||
|
## - 'policy' is the policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'.
|
||||||
|
##
|
||||||
|
## - 'resources' is a list of regular expressions that matches a set of resources to apply the policy to. This parameter
|
||||||
|
## is optional and matches any resource if not provided.
|
||||||
|
##
|
||||||
|
## Note: the order of the rules is important. The first policy matching (domain, resource, subject) applies.
|
||||||
|
access_control:
|
||||||
|
## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
|
||||||
|
## resource if there is no policy to be applied to the user.
|
||||||
|
default_policy: deny
|
||||||
|
networks_access_control: []
|
||||||
|
# networks_access_control:
|
||||||
|
# - name: private
|
||||||
|
# networks:
|
||||||
|
# - 10.0.0.0/8
|
||||||
|
# - 172.16.0.0/12
|
||||||
|
# - 192.168.0.0/16
|
||||||
|
# - name: vpn
|
||||||
|
# networks:
|
||||||
|
# - 10.9.0.0/16
|
||||||
|
|
||||||
|
rules: []
|
||||||
|
# rules:
|
||||||
|
# - domain: public.example.com
|
||||||
|
# policy: bypass
|
||||||
|
# - domain: "*.example.com"
|
||||||
|
# policy: bypass
|
||||||
|
# methods:
|
||||||
|
# - OPTIONS
|
||||||
|
# - domain: secure.example.com
|
||||||
|
# policy: one_factor
|
||||||
|
# networks:
|
||||||
|
# - private
|
||||||
|
# - vpn
|
||||||
|
# - 192.168.1.0/24
|
||||||
|
# - 10.0.0.1
|
||||||
|
# - domain:
|
||||||
|
# - secure.example.com
|
||||||
|
# - private.example.com
|
||||||
|
# policy: two_factor
|
||||||
|
# - domain: singlefactor.example.com
|
||||||
|
# policy: one_factor
|
||||||
|
# - domain: "mx2.mail.example.com"
|
||||||
|
# subject: "group:admins"
|
||||||
|
# policy: deny
|
||||||
|
# - domain: "*.example.com"
|
||||||
|
# subject:
|
||||||
|
# - "group:admins"
|
||||||
|
# - "group:moderators"
|
||||||
|
# policy: two_factor
|
||||||
|
# - domain: dev.example.com
|
||||||
|
# resources:
|
||||||
|
# - "^/groups/dev/.*$"
|
||||||
|
# subject: "group:dev"
|
||||||
|
# policy: two_factor
|
||||||
|
# - domain: dev.example.com
|
||||||
|
# resources:
|
||||||
|
# - "^/users/john/.*$"
|
||||||
|
# subject:
|
||||||
|
# - ["group:dev", "user:john"]
|
||||||
|
# - "group:admins"
|
||||||
|
# policy: two_factor
|
||||||
|
# - domain: "{user}.example.com"
|
||||||
|
# policy: bypass
|
||||||
|
##
|
||||||
|
## Session Provider Configuration
|
||||||
|
##
|
||||||
|
## The session cookies identify the user once logged in.
|
||||||
|
## The available providers are: `memory`, `redis`. Memory is the provider unless redis is defined.
|
||||||
|
session:
|
||||||
|
## The name of the session cookie. (default: authelia_session).
|
||||||
|
name: authelia_session
|
||||||
|
## Sets the Cookie SameSite value. Possible options are none, lax, or strict.
|
||||||
|
## Please read https://www.authelia.com/docs/configuration/session.html#same_site
|
||||||
|
same_site: lax
|
||||||
|
## The time in seconds before the cookie expires and session is reset.
|
||||||
|
expiration: 1h
|
||||||
|
## The inactivity time in seconds before the session is reset.
|
||||||
|
inactivity: 5m
|
||||||
|
## The remember me duration.
|
||||||
|
## Value is in seconds, or duration notation. Value of 0 disables remember me.
|
||||||
|
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||||
|
## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to
|
||||||
|
## spy or attack. Currently the default is 1M or 1 month.
|
||||||
|
remember_me_duration: 1M
|
||||||
|
##
|
||||||
|
## Redis Provider
|
||||||
|
##
|
||||||
|
## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
|
||||||
|
##
|
||||||
|
## The redis connection details
|
||||||
|
redisProvider:
|
||||||
|
port: 6379
|
||||||
|
## Optional username to be used with authentication.
|
||||||
|
# username: authelia
|
||||||
|
username: ""
|
||||||
|
## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
|
||||||
|
database_index: 0
|
||||||
|
## The maximum number of concurrent active connections to Redis.
|
||||||
|
maximum_active_connections: 8
|
||||||
|
## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
|
||||||
|
minimum_idle_connections: 0
|
||||||
|
## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
|
||||||
|
tls:
|
||||||
|
enabled: false
|
||||||
|
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
|
||||||
|
server_name: ""
|
||||||
|
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||||
|
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||||
|
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||||
|
skip_verify: false
|
||||||
|
## Minimum TLS version for the connection.
|
||||||
|
minimum_version: TLS1.2
|
||||||
|
## The Redis HA configuration options.
|
||||||
|
## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
|
||||||
|
high_availability:
|
||||||
|
enabled: false
|
||||||
|
enabledSecret: false
|
||||||
|
## Sentinel Name / Master Name
|
||||||
|
sentinel_name: mysentinel
|
||||||
|
## The additional nodes to pre-seed the redis provider with (for sentinel).
|
||||||
|
## If the host in the above section is defined, it will be combined with this list to connect to sentinel.
|
||||||
|
## For high availability to be used you must have either defined; the host above or at least one node below.
|
||||||
|
nodes: []
|
||||||
|
# nodes:
|
||||||
|
# - host: sentinel-0.databases.svc.cluster.local
|
||||||
|
# port: 26379
|
||||||
|
# - host: sentinel-1.databases.svc.cluster.local
|
||||||
|
# port: 26379
|
||||||
|
|
||||||
|
## Choose the host with the lowest latency.
|
||||||
|
route_by_latency: false
|
||||||
|
## Choose the host randomly.
|
||||||
|
route_randomly: false
|
||||||
|
##
|
||||||
|
## Regulation Configuration
|
||||||
|
##
|
||||||
|
## This mechanism prevents attackers from brute forcing the first factor. It bans the user if too many attempts are done
|
||||||
|
## in a short period of time.
|
||||||
|
regulation:
|
||||||
|
## The number of failed login attempts before user is banned. Set it to 0 to disable regulation.
|
||||||
|
max_retries: 3
|
||||||
|
## The time range during which the user can attempt login before being banned. The user is banned if the
|
||||||
|
## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation.
|
||||||
|
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||||
|
find_time: 2m
|
||||||
|
## The length of time before a banned user can login again. Ban Time accepts duration notation.
|
||||||
|
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||||
|
ban_time: 5m
|
||||||
|
##
|
||||||
|
## Storage Provider Configuration
|
||||||
|
##
|
||||||
|
## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers.
|
||||||
|
storage:
|
||||||
|
##
|
||||||
|
## PostgreSQL (Storage Provider)
|
||||||
|
##
|
||||||
|
postgres:
|
||||||
|
port: 5432
|
||||||
|
database: authelia
|
||||||
|
username: authelia
|
||||||
|
sslmode: disable
|
||||||
|
timeout: 5s
|
||||||
|
##
|
||||||
|
## Notification Provider
|
||||||
|
##
|
||||||
|
##
|
||||||
|
## Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration.
|
||||||
|
## The available providers are: filesystem, smtp. You must use one and only one of these providers.
|
||||||
|
notifier:
|
||||||
|
## You can disable the notifier startup check by setting this to true.
|
||||||
|
disable_startup_check: false
|
||||||
|
##
|
||||||
|
## File System (Notification Provider)
|
||||||
|
##
|
||||||
|
## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
|
||||||
|
##
|
||||||
|
filesystem:
|
||||||
|
enabled: true
|
||||||
|
filename: /config/notification.txt
|
||||||
|
##
|
||||||
|
## SMTP (Notification Provider)
|
||||||
|
##
|
||||||
|
## Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate.
|
||||||
|
## [Security] By default Authelia will:
|
||||||
|
## - force all SMTP connections over TLS including unauthenticated connections
|
||||||
|
## - use the disable_require_tls boolean value to disable this requirement
|
||||||
|
## (only works for unauthenticated connections)
|
||||||
|
## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates
|
||||||
|
## (configure in tls section)
|
||||||
|
smtp:
|
||||||
|
enabled: false
|
||||||
|
enabledSecret: false
|
||||||
|
host: smtp.mail.svc.cluster.local
|
||||||
|
port: 25
|
||||||
|
timeout: 5s
|
||||||
|
username: test
|
||||||
|
plain_password: test
|
||||||
|
sender: admin@example.com
|
||||||
|
## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost.
|
||||||
|
identifier: localhost
|
||||||
|
## Subject configuration of the emails sent.
|
||||||
|
## {title} is replaced by the text from the notifier
|
||||||
|
subject: "[Authelia] {title}"
|
||||||
|
## This address is used during the startup check to verify the email configuration is correct.
|
||||||
|
## It's not important what it is except if your email server only allows local delivery.
|
||||||
|
startup_check_address: test@authelia.com
|
||||||
|
disable_require_tls: false
|
||||||
|
disable_html_emails: false
|
||||||
|
tls:
|
||||||
|
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
|
||||||
|
server_name: ""
|
||||||
|
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||||
|
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||||
|
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||||
|
skip_verify: false
|
||||||
|
## Minimum TLS version for either StartTLS or SMTPS.
|
||||||
|
minimum_version: TLS1.2
|
||||||
|
identity_providers:
|
||||||
|
oidc:
|
||||||
|
## Enables this in the config map. Currently in beta stage.
|
||||||
|
## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap
|
||||||
|
enabled: false
|
||||||
|
access_token_lifespan: 1h
|
||||||
|
authorize_code_lifespan: 1m
|
||||||
|
id_token_lifespan: 1h
|
||||||
|
refresh_token_lifespan: 90m
|
||||||
|
enable_client_debug_messages: false
|
||||||
|
## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for
|
||||||
|
## security reasons.
|
||||||
|
minimum_parameter_entropy: 8
|
||||||
|
clients: []
|
||||||
|
# clients:
|
||||||
|
# -
|
||||||
|
## The ID is the OpenID Connect ClientID which is used to link an application to a configuration.
|
||||||
|
# id: myapp
|
||||||
|
## The description to show to users when they end up on the consent screen. Defaults to the ID above.
|
||||||
|
# description: My Application
|
||||||
|
|
||||||
|
## The client secret is a shared secret between Authelia and the consumer of this client.
|
||||||
|
# secret: apple123
|
||||||
|
|
||||||
|
## Sets the client to public. This should typically not be set, please see the documentation for usage.
|
||||||
|
# public: false
|
||||||
|
|
||||||
|
## The policy to require for this client; one_factor or two_factor.
|
||||||
|
# authorization_policy: two_factor
|
||||||
|
|
||||||
|
## Configures the consent mode; auto, explicit or implicit
|
||||||
|
# consent_mode: auto
|
||||||
|
|
||||||
|
## Audience this client is allowed to request.
|
||||||
|
# audience: []
|
||||||
|
|
||||||
|
## Scopes this client is allowed to request.
|
||||||
|
# scopes:
|
||||||
|
# - openid
|
||||||
|
# - profile
|
||||||
|
# - email
|
||||||
|
# - groups
|
||||||
|
|
||||||
|
## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
|
||||||
|
# redirect_uris:
|
||||||
|
# - https://oidc.example.com/oauth2/callback
|
||||||
|
|
||||||
|
## Grant Types configures which grants this client can obtain.
|
||||||
|
## It's not recommended to configure this unless you know what you're doing.
|
||||||
|
# grant_types:
|
||||||
|
# - refresh_token
|
||||||
|
# - authorization_code
|
||||||
|
|
||||||
|
## Response Types configures which responses this client can be sent.
|
||||||
|
## It's not recommended to configure this unless you know what you're doing.
|
||||||
|
# response_types:
|
||||||
|
# - code
|
||||||
|
|
||||||
|
## Response Modes configures which response modes this client supports.
|
||||||
|
## It's not recommended to configure this unless you know what you're doing.
|
||||||
|
# response_modes:
|
||||||
|
# - form_post
|
||||||
|
# - query
|
||||||
|
# - fragment
|
||||||
|
|
||||||
|
## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
|
||||||
|
# userinfo_signing_algorithm: none
|
||||||
|
|
||||||
|
portal:
|
||||||
|
open:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
required: true
|
|
@ -1,17 +0,0 @@
|
||||||
---
|
|
||||||
title: Changelog
|
|
||||||
---
|
|
||||||
|
|
||||||
|
|
||||||
*for the complete changelog, please refer to the website*
|
|
||||||
|
|
||||||
**Important:**
|
|
||||||
|
|
||||||
|
|
||||||
## [blocky-14.3.5](https://github.com/truecharts/charts/compare/blocky-14.3.4...blocky-14.3.5) (2024-03-16)
|
|
||||||
|
|
||||||
### Chore
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- rename `enterprise`- train to `premium`-train
|
|
|
@ -1,47 +0,0 @@
|
||||||
annotations:
|
|
||||||
max_scale_version: 24.04.0
|
|
||||||
min_scale_version: 23.10.0
|
|
||||||
truecharts.org/SCALE-support: "true"
|
|
||||||
truecharts.org/category: network
|
|
||||||
truecharts.org/max_helm_version: "3.14"
|
|
||||||
truecharts.org/min_helm_version: "3.12"
|
|
||||||
truecharts.org/train: premium
|
|
||||||
apiVersion: v2
|
|
||||||
appVersion: 0.23.0
|
|
||||||
dependencies:
|
|
||||||
- name: common
|
|
||||||
version: 20.0.9
|
|
||||||
repository: oci://tccr.io/truecharts
|
|
||||||
condition: ""
|
|
||||||
alias: ""
|
|
||||||
tags: []
|
|
||||||
import-values: []
|
|
||||||
- name: redis
|
|
||||||
version: 13.0.3
|
|
||||||
repository: oci://tccr.io/truecharts
|
|
||||||
condition: redis.enabled
|
|
||||||
alias: ""
|
|
||||||
tags: []
|
|
||||||
import-values: []
|
|
||||||
deprecated: false
|
|
||||||
description: Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go
|
|
||||||
home: https://truecharts.org/charts/premium/blocky
|
|
||||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png
|
|
||||||
keywords:
|
|
||||||
- dns
|
|
||||||
- blocky
|
|
||||||
kubeVersion: '>=1.24.0-0'
|
|
||||||
maintainers:
|
|
||||||
- name: TrueCharts
|
|
||||||
email: info@truecharts.org
|
|
||||||
url: https://truecharts.org
|
|
||||||
name: blocky
|
|
||||||
sources:
|
|
||||||
- https://github.com/Mozart409/blocky-frontend
|
|
||||||
- https://0xerr0r.github.io/blocky/
|
|
||||||
- https://github.com/0xERR0R/blocky
|
|
||||||
- https://github.com/truecharts/charts/tree/master/charts/premium/blocky
|
|
||||||
- https://hub.docker.com/r/spx01/blocky
|
|
||||||
- https://quay.io/oriedge/k8s_gateway
|
|
||||||
type: application
|
|
||||||
version: 14.3.5
|
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,99 @@
|
||||||
|
---
|
||||||
|
title: Changelog
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
*for the complete changelog, please refer to the website*
|
||||||
|
|
||||||
|
**Important:**
|
||||||
|
|
||||||
|
|
||||||
|
## [blocky-14.5.1](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
|
@ -0,0 +1,47 @@
|
||||||
|
annotations:
|
||||||
|
max_scale_version: 24.04.0
|
||||||
|
min_scale_version: 23.10.0
|
||||||
|
truecharts.org/SCALE-support: "true"
|
||||||
|
truecharts.org/category: network
|
||||||
|
truecharts.org/max_helm_version: "3.14"
|
||||||
|
truecharts.org/min_helm_version: "3.11"
|
||||||
|
truecharts.org/train: premium
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 0.23.0
|
||||||
|
dependencies:
|
||||||
|
- name: common
|
||||||
|
version: 20.2.2
|
||||||
|
repository: oci://tccr.io/truecharts
|
||||||
|
condition: ""
|
||||||
|
alias: ""
|
||||||
|
tags: []
|
||||||
|
import-values: []
|
||||||
|
- name: redis
|
||||||
|
version: 13.0.5
|
||||||
|
repository: oci://tccr.io/truecharts
|
||||||
|
condition: redis.enabled
|
||||||
|
alias: ""
|
||||||
|
tags: []
|
||||||
|
import-values: []
|
||||||
|
deprecated: false
|
||||||
|
description: Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go
|
||||||
|
home: https://truecharts.org/charts/premium/blocky
|
||||||
|
icon: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png
|
||||||
|
keywords:
|
||||||
|
- dns
|
||||||
|
- blocky
|
||||||
|
kubeVersion: ">=1.24.0-0"
|
||||||
|
maintainers:
|
||||||
|
- name: TrueCharts
|
||||||
|
email: info@truecharts.org
|
||||||
|
url: https://truecharts.org
|
||||||
|
name: blocky
|
||||||
|
sources:
|
||||||
|
- https://github.com/Mozart409/blocky-frontend
|
||||||
|
- https://0xerr0r.github.io/blocky/
|
||||||
|
- https://github.com/0xERR0R/blocky
|
||||||
|
- https://github.com/truecharts/charts/tree/master/charts/premium/blocky
|
||||||
|
- https://quay.io/oriedge/k8s_gateway
|
||||||
|
- https://hub.docker.com/r/spx01/blocky
|
||||||
|
type: application
|
||||||
|
version: 14.5.1
|
|
@ -0,0 +1,13 @@
|
||||||
|
|
||||||
|
|
||||||
|
## [blocky-14.5.1](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
Binary file not shown.
|
@ -0,0 +1,100 @@
|
||||||
|
---
|
||||||
|
title: Changelog
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
*for the complete changelog, please refer to the website*
|
||||||
|
|
||||||
|
**Important:**
|
||||||
|
|
||||||
|
|
||||||
|
## [clusterissuer-7.7.1](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
|
@ -0,0 +1,37 @@
|
||||||
|
annotations:
|
||||||
|
max_scale_version: 24.04.0
|
||||||
|
min_scale_version: 23.10.0
|
||||||
|
truecharts.org/SCALE-support: "true"
|
||||||
|
truecharts.org/category: core
|
||||||
|
truecharts.org/max_helm_version: "3.14"
|
||||||
|
truecharts.org/min_helm_version: "3.11"
|
||||||
|
truecharts.org/train: premium
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: latest
|
||||||
|
dependencies:
|
||||||
|
- name: common
|
||||||
|
version: 20.2.2
|
||||||
|
repository: oci://tccr.io/truecharts
|
||||||
|
condition: ""
|
||||||
|
alias: ""
|
||||||
|
tags: []
|
||||||
|
import-values: []
|
||||||
|
deprecated: false
|
||||||
|
description: Certificate management for Kubernetes
|
||||||
|
home: https://truecharts.org/charts/premium/clusterissuer
|
||||||
|
icon: https://truecharts.org/img/hotlink-ok/chart-icons/clusterissuer.png
|
||||||
|
keywords:
|
||||||
|
- cert-manager
|
||||||
|
- certificates
|
||||||
|
kubeVersion: ">=1.24.0-0"
|
||||||
|
maintainers:
|
||||||
|
- name: TrueCharts
|
||||||
|
email: info@truecharts.org
|
||||||
|
url: https://truecharts.org
|
||||||
|
name: clusterissuer
|
||||||
|
sources:
|
||||||
|
- https://cert-manager.io/
|
||||||
|
- https://github.com/truecharts/charts/tree/master/charts/premium/clusterissuer
|
||||||
|
- https://hub.docker.com/_/hello-world
|
||||||
|
type: application
|
||||||
|
version: 7.7.1
|
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
title: README
|
||||||
|
---
|
||||||
|
|
||||||
|
## General Info
|
||||||
|
|
||||||
|
TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE.
|
||||||
|
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||||
|
|
||||||
|
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/clusterissuer)
|
||||||
|
|
||||||
|
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||||
|
|
||||||
|
## Support
|
||||||
|
|
||||||
|
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
|
||||||
|
- See the [Website](https://truecharts.org)
|
||||||
|
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||||
|
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Sponsor TrueCharts
|
||||||
|
|
||||||
|
TrueCharts can only exist due to the incredible effort of our staff.
|
||||||
|
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||||
|
|
||||||
|
_All Rights Reserved - The TrueCharts Project_
|
|
@ -0,0 +1,11 @@
|
||||||
|
|
||||||
|
|
||||||
|
## [clusterissuer-7.7.1](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
|
@ -0,0 +1,8 @@
|
||||||
|
Certificate management for Kubernetes
|
||||||
|
|
||||||
|
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/clusterissuer](https://truecharts.org/charts/premium/clusterissuer)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
TrueCharts can only exist due to the incredible effort of our staff.
|
||||||
|
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
Binary file not shown.
|
@ -0,0 +1,104 @@
|
||||||
|
image:
|
||||||
|
repository: hello-world
|
||||||
|
tag: latest@sha256:d000bc569937abbe195e20322a0bde6b2922d805332fd6d8a68b19f524b7d21d
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
manifestManager:
|
||||||
|
enabled: true
|
||||||
|
workload:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
podSpec:
|
||||||
|
containers:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
readiness:
|
||||||
|
enabled: false
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
ports:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
port: 9999
|
||||||
|
portal:
|
||||||
|
open:
|
||||||
|
enabled: false
|
||||||
|
operator:
|
||||||
|
verify:
|
||||||
|
additionalOperators:
|
||||||
|
- cert-manager
|
||||||
|
enabled: true
|
||||||
|
failOnError: false
|
||||||
|
clusterIssuer:
|
||||||
|
selfSigned:
|
||||||
|
enabled: true
|
||||||
|
name: "selfsigned"
|
||||||
|
CA: []
|
||||||
|
# - name: myca
|
||||||
|
# selfSigned: true
|
||||||
|
# selfSignedCommonName: "my-selfsigned-ca"
|
||||||
|
# # Used to manually define a CA-crt not used when selfSigned is enabled
|
||||||
|
# crt: ""
|
||||||
|
# key: ""
|
||||||
|
# # TODO: Add option to use SCALE CA certs
|
||||||
|
|
||||||
|
ACME: []
|
||||||
|
# - name: letsencrypt
|
||||||
|
# # Used for both logging in to the DNS provider AND ACME registration
|
||||||
|
# email: ""
|
||||||
|
# server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||||
|
# # Used primarily for the SCALE GUI
|
||||||
|
# customServer: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||||
|
# email: ""
|
||||||
|
# # Options: HTTP01, cloudflare, route53, akamai, digitalocean, rfc2136, acmedns
|
||||||
|
# type: ""
|
||||||
|
# # for cloudflare
|
||||||
|
# cfapikey: ""
|
||||||
|
# cfapitoken: ""
|
||||||
|
# # for route53
|
||||||
|
# region: ""
|
||||||
|
# accessKeyID: ""
|
||||||
|
# route53SecretAccessKey: ""
|
||||||
|
# # optional for route53
|
||||||
|
# role: ""
|
||||||
|
# # for akamai
|
||||||
|
# serviceConsumerDomain: ""
|
||||||
|
# akclientToken: ""
|
||||||
|
# akclientSecret: ""
|
||||||
|
# akaccessToken: ""
|
||||||
|
# # for digitalocean
|
||||||
|
# doaccessToken: ""
|
||||||
|
# # for rfc2136
|
||||||
|
# nameserver: ""
|
||||||
|
# tsigKeyName: ""
|
||||||
|
# tsigAlgorithm: ""
|
||||||
|
# rfctsigSecret: ""
|
||||||
|
# # for acmedns
|
||||||
|
# name: sd
|
||||||
|
# acmednsHost: asdf
|
||||||
|
# # Pick one of the bellow acmednsConfig
|
||||||
|
# acmednsConfigJson:
|
||||||
|
# acmednsConfig:
|
||||||
|
# - domain: ""
|
||||||
|
# username: ""
|
||||||
|
# password: ""
|
||||||
|
# fulldomain: ""
|
||||||
|
# subdomain: ""
|
||||||
|
# allowFrom: []
|
||||||
|
|
||||||
|
clusterCertificates:
|
||||||
|
# Namespaces in which the certificates must be available
|
||||||
|
# Accepts comma-separated regex expressions
|
||||||
|
# replicationNamespaces: 'ix-.*'
|
||||||
|
certificates: []
|
||||||
|
# - name: mycert
|
||||||
|
# enabled: true
|
||||||
|
# certificateIssuer: selfsigned
|
||||||
|
# hosts:
|
||||||
|
# - my.domain.com
|
||||||
|
# - '*.my.domain.com'
|
|
@ -0,0 +1,446 @@
|
||||||
|
groups:
|
||||||
|
- name: Container Image
|
||||||
|
description: Image to be used for container
|
||||||
|
- name: General Settings
|
||||||
|
description: General Deployment Settings
|
||||||
|
- name: Workload Settings
|
||||||
|
description: Workload Settings
|
||||||
|
- name: App Configuration
|
||||||
|
description: App Specific Config Options
|
||||||
|
- name: Networking and Services
|
||||||
|
description: Configure Network and Services for Container
|
||||||
|
- name: Storage and Persistence
|
||||||
|
description: Persist and Share Data that is Separate from the Container
|
||||||
|
- name: Ingress
|
||||||
|
description: Ingress Configuration
|
||||||
|
- name: Security and Permissions
|
||||||
|
description: Configure Security Context and Permissions
|
||||||
|
- name: Resources and Devices
|
||||||
|
description: "Specify Resources/Devices to be Allocated to Workload"
|
||||||
|
- name: Middlewares
|
||||||
|
description: Traefik Middlewares
|
||||||
|
- name: Metrics
|
||||||
|
description: Metrics
|
||||||
|
- name: Addons
|
||||||
|
description: Addon Configuration
|
||||||
|
- name: Backup Configuration
|
||||||
|
description: Configure Velero Backup Schedule
|
||||||
|
- name: Advanced
|
||||||
|
description: Advanced Configuration
|
||||||
|
- name: Postgresql
|
||||||
|
description: Postgresql
|
||||||
|
- name: Documentation
|
||||||
|
description: Documentation
|
||||||
|
|
||||||
|
questions:
|
||||||
|
- variable: global
|
||||||
|
group: General Settings
|
||||||
|
label: "Global Settings"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: stopAll
|
||||||
|
label: Stop All
|
||||||
|
description: "Stops All Running pods and hibernates cnpg"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
|
- variable: clusterIssuer
|
||||||
|
group: App Configuration
|
||||||
|
label: Cluster Certificate Issuer
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: ACME
|
||||||
|
label: 'ACME Issuer'
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: ACMEEntry
|
||||||
|
label: 'ACME Issuer Entry'
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: name
|
||||||
|
label: Name
|
||||||
|
description: "Name to give the issuer"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
||||||
|
default: ""
|
||||||
|
- variable: type
|
||||||
|
label: Type or DNS-Provider
|
||||||
|
description: DNS Provider
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: cloudflare
|
||||||
|
enum:
|
||||||
|
- value: cloudflare
|
||||||
|
description: Cloudflare
|
||||||
|
- value: route53
|
||||||
|
description: Route53
|
||||||
|
- value: akamai
|
||||||
|
description: Akamai
|
||||||
|
- value: digitalocean
|
||||||
|
description: Digitalocean
|
||||||
|
- value: rfc2136
|
||||||
|
description: rfc2136 (Advanced)
|
||||||
|
- value: HTTP01
|
||||||
|
description: HTTP01 (Experimental)
|
||||||
|
- value: acmedns
|
||||||
|
description: ACME DNS (Advanced)
|
||||||
|
- variable: server
|
||||||
|
label: Server
|
||||||
|
description: "Server for ACME, for example: letsencrypt"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: 'Letsencrypt-Production'
|
||||||
|
enum:
|
||||||
|
- value: 'https://acme-v02.api.letsencrypt.org/directory'
|
||||||
|
description: Letsencrypt-Production
|
||||||
|
- value: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||||
|
description: Letsencrypt-Staging
|
||||||
|
- value: 'https://api.buypass.no/acme-v02/directory'
|
||||||
|
description: BuyPass-Production
|
||||||
|
- value: 'https://api.test4.buypass.no/acme-v02/directory'
|
||||||
|
description: BuyPass-Staging
|
||||||
|
- value: custom
|
||||||
|
description: Custom
|
||||||
|
- variable: customServer
|
||||||
|
label: Custom ACME Server (Advanced)
|
||||||
|
description: "This can be used to enter your own custom ACME server"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
show_if: [["server", "=", "custom"]]
|
||||||
|
default: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||||
|
- variable: caBundle
|
||||||
|
label: Trusted CABundle for private ACME server
|
||||||
|
description: "Trusted CABundle for private ACME server, encoded in base64"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
show_if: [["server", "=", "custom"]]
|
||||||
|
- variable: email
|
||||||
|
label: Email
|
||||||
|
description: "Email adress to use for certificate issuing must match your DNS provider email when required"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: "something@example.com"
|
||||||
|
- variable: cfapikey
|
||||||
|
label: CloudFlare API key
|
||||||
|
description: "CloudFlare API Key"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "cloudflare"]]
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: cfapitoken
|
||||||
|
label: CloudFlare API Token
|
||||||
|
description: "CloudFlare API Token"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "cloudflare"]]
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: region
|
||||||
|
label: Route53 Region
|
||||||
|
description: "Route 53 Region"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "route53"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: "us-west-1"
|
||||||
|
- variable: accessKeyID
|
||||||
|
label: Route53 accessKeyID
|
||||||
|
description: "Route53 accessKeyID"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "route53"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: route53SecretAccessKey
|
||||||
|
label: Route53 Secret Access Key
|
||||||
|
description: "Route53 Secret Access Key"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "route53"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: role
|
||||||
|
label: Route53 Role (optional)
|
||||||
|
description: "Route53 Role"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "route53"]]
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: serviceConsumerDomain
|
||||||
|
label: Akamai Service Consumer Domain
|
||||||
|
description: "Akamai Service Consumer Domain"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "akamai"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: akclientToken
|
||||||
|
label: Akamai Client Token
|
||||||
|
description: "Client Token"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "akamai"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: akclientSecret
|
||||||
|
label: Akamai Client Secret
|
||||||
|
description: "Akamai Client Secret"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "akamai"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: akaccessToken
|
||||||
|
label: Akamai Access Token
|
||||||
|
description: "Akamai Access Token"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "akamai"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: doaccessToken
|
||||||
|
label: Digitalocean Access Token
|
||||||
|
description: "Digitalocean Access Token"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "digitalocean"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: nameserver
|
||||||
|
label: rfc2136 Namesever
|
||||||
|
description: "rfc2136 Namesever"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "rfc2136"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: tsigKeyName
|
||||||
|
label: rfc2136 tsig Key Name
|
||||||
|
description: "rfc2136 tsig Key Name"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "rfc2136"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: tsigAlgorithm
|
||||||
|
label: rfc2136 tsig Algorithm
|
||||||
|
description: "rfc2136 tsig Algorithm"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "rfc2136"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: rfctsigSecret
|
||||||
|
label: rfc2136 sig Secret
|
||||||
|
description: "rfc2136 sig Secret"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "rfc2136"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: acmednsHost
|
||||||
|
label: ACME DNS host
|
||||||
|
description: "ACME DNS API server address"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "acmedns"]]
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: "https://auth.acme-dns.io"
|
||||||
|
- variable: acmednsConfig
|
||||||
|
label: ACME DNS config
|
||||||
|
description: "ACME DNS per-domain auth configuration"
|
||||||
|
schema:
|
||||||
|
show_if: [["type", "=", "acmedns"]]
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: acmednsEntry
|
||||||
|
label: 'ACME DNS entry'
|
||||||
|
schema:
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: domain
|
||||||
|
label: Domain
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
- variable: username
|
||||||
|
label: Username
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
- variable: password
|
||||||
|
label: Password
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
- variable: fulldomain
|
||||||
|
label: Full domain
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
- variable: subdomain
|
||||||
|
label: Subdomain
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
- variable: allowFrom
|
||||||
|
label: Allow from
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: cidr
|
||||||
|
label: CIDR
|
||||||
|
schema:
|
||||||
|
type: ipaddr
|
||||||
|
cidr: true
|
||||||
|
required: true
|
||||||
|
- variable: CA
|
||||||
|
label: Certificate Authority Issuer
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: CAEntry
|
||||||
|
label: 'CA Issuer Entry'
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: name
|
||||||
|
label: Name
|
||||||
|
description: "Name to give the issuer"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
||||||
|
default: ""
|
||||||
|
- variable: selfSigned
|
||||||
|
label: selfSigned
|
||||||
|
description: "Create Self Signed CA cert"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
- variable: selfSignedCommonName
|
||||||
|
label: selfSigned CommonName
|
||||||
|
description: "Common name for selfSigned Certiticate Authority"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
show_if: [["selfSigned", "=", true]]
|
||||||
|
default: "my-selfsigned-ca"
|
||||||
|
- variable: crt
|
||||||
|
label: "Custom CA cert (experimental)"
|
||||||
|
description: "certificate for Certiticate Authority"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
max_length: 10240
|
||||||
|
show_if: [["selfSigned", "=", false]]
|
||||||
|
default: ""
|
||||||
|
- variable: key
|
||||||
|
label: "Custom CA key (experimental)"
|
||||||
|
description: "key Certiticate Authority"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
max_length: 10240
|
||||||
|
show_if: [["selfSigned", "=", false]]
|
||||||
|
default: ""
|
||||||
|
- variable: selfSigned
|
||||||
|
label: 'SelfSigned Issuer'
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: enabled
|
||||||
|
label: enabled
|
||||||
|
description: "Enable self-signed issuer"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
- variable: name
|
||||||
|
label: Name
|
||||||
|
description: "Name to give the issuer"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
||||||
|
default: "selfsigned"
|
||||||
|
- variable: clusterCertificates
|
||||||
|
group: App Configuration
|
||||||
|
label: Cluster Wide Certificates (Advanced)
|
||||||
|
description: "Creates certificates for use within the entire cluster. Can be used to create wildcard certificates."
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: certificates
|
||||||
|
label: Cluster Certificates
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: CertEntry
|
||||||
|
label: 'Certificate Entry'
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: enabled
|
||||||
|
label: Enabled
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
- variable: name
|
||||||
|
label: Certificate Name
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: certificateIssuer
|
||||||
|
label: Cert-Manager clusterIssuer
|
||||||
|
description: "One of the Cert-Manager clusterIssuers defined above"
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
||||||
|
default: "selfsigned"
|
||||||
|
- variable: hosts
|
||||||
|
label: Certificate Hosts
|
||||||
|
description: "NOTE: Creation of wildcard certificates with an ACME issuer requires a DNSO1 solver to be set up."
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: host
|
||||||
|
label: Host
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
required: true
|
||||||
|
- variable: customMetrics
|
||||||
|
group: Metrics
|
||||||
|
label: Prometheus Metrics
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: enabled
|
||||||
|
label: Enabled
|
||||||
|
description: Enable Prometheus Metrics
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
|
@ -0,0 +1,128 @@
|
||||||
|
{{- define "certmanager.clusterissuer.acme" -}}
|
||||||
|
{{- $operator := index $.Values.operator "cert-manager" -}}
|
||||||
|
{{- $namespace := $operator.namespace | default "cert-manager" -}}
|
||||||
|
|
||||||
|
{{- $rfctsigSecret := .rfctsigSecret | default "" -}}
|
||||||
|
{{/* https://cert-manager.io/docs/configuration/acme/dns01/rfc2136/#troubleshooting */}}
|
||||||
|
{{- if $rfctsigSecret -}} {{/* If we try to decode and fail, go on and encode it. */}}
|
||||||
|
{{- if (contains "illegal base64" (b64dec $rfctsigSecret)) -}}
|
||||||
|
{{- $rfctsigSecret = b64enc $rfctsigSecret -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- range .Values.clusterIssuer.ACME }}
|
||||||
|
{{- if or (not .name) (not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name)) -}}
|
||||||
|
{{- fail "ACME - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- $validTypes := list "HTTP01" "cloudflare" "route53" "digitalocean" "akamai" "rfc2136" "acmedns" -}}
|
||||||
|
{{- if not (mustHas .type $validTypes) -}}
|
||||||
|
{{- fail (printf "Expected ACME type to be one of [%s], but got [%s]" (join ", " $validTypes) .type) -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- $issuerSecretName := printf "%s-clusterissuer-secret" .name }}
|
||||||
|
{{- $acmednsDict := dict -}}
|
||||||
|
{{- if and (eq .type "acmedns") (not .acmednsConfigJson) }}
|
||||||
|
{{- range .acmednsConfig }}
|
||||||
|
{{/* Transform to a dict with domain as a key, also remove domain from the dict */}}
|
||||||
|
{{- $_ := set $acmednsDict .domain (omit . "domain") -}}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: {{ .name }}
|
||||||
|
spec:
|
||||||
|
acme:
|
||||||
|
email: {{ .email }}
|
||||||
|
server: {{ if eq .server "custom" }}{{ .customServer }}{{ else }}{{ .server }}{{ end }}
|
||||||
|
{{- if .caBundle }}
|
||||||
|
caBundle: {{ .caBundle }}
|
||||||
|
{{- end }}
|
||||||
|
privateKeySecretRef:
|
||||||
|
name: {{ .name }}-acme-clusterissuer-account-key
|
||||||
|
solvers:
|
||||||
|
{{- if eq .type "HTTP01" }}
|
||||||
|
- http01:
|
||||||
|
ingress: {}
|
||||||
|
{{- else }}
|
||||||
|
- dns01:
|
||||||
|
{{- if eq .type "cloudflare" }}
|
||||||
|
cloudflare:
|
||||||
|
email: {{ .email }}
|
||||||
|
{{- if .cfapitoken }}
|
||||||
|
apiTokenSecretRef:
|
||||||
|
name: {{ $issuerSecretName }}
|
||||||
|
key: cf-api-token
|
||||||
|
{{- else if .cfapikey }}
|
||||||
|
apiKeySecretRef:
|
||||||
|
name: {{ $issuerSecretName }}
|
||||||
|
key: cf-api-key
|
||||||
|
{{- else -}}
|
||||||
|
{{- fail "A cloudflare API key or token is required" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- else if eq .type "route53" }}
|
||||||
|
route53:
|
||||||
|
region: {{ .region }}
|
||||||
|
accessKeyID: {{ .accessKeyID }}
|
||||||
|
{{- if .role }}
|
||||||
|
role: {{ .role }}
|
||||||
|
{{- end }}
|
||||||
|
secretAccessKeySecretRef:
|
||||||
|
name: {{ $issuerSecretName }}
|
||||||
|
key: route53-secret-access-key
|
||||||
|
{{- else if eq .type "akamai" }}
|
||||||
|
akamai:
|
||||||
|
serviceConsumerDomain: {{ .serviceConsumerDomain }}
|
||||||
|
clientTokenSecretRef:
|
||||||
|
name: {{ $issuerSecretName }}
|
||||||
|
key: akclientToken
|
||||||
|
clientSecretSecretRef:
|
||||||
|
name: {{ $issuerSecretName }}
|
||||||
|
key: akclientSecret
|
||||||
|
accessTokenSecretRef:
|
||||||
|
name: {{ $issuerSecretName }}
|
||||||
|
key: akaccessToken
|
||||||
|
{{- else if eq .type "digitalocean" }}
|
||||||
|
digitalocean:
|
||||||
|
tokenSecretRef:
|
||||||
|
name: {{ $issuerSecretName }}
|
||||||
|
key: doaccessToken
|
||||||
|
{{- else if eq .type "rfc2136" }}
|
||||||
|
rfc2136:
|
||||||
|
nameserver: {{ .nameserver }}
|
||||||
|
tsigKeyName: {{ .tsigKeyName }}
|
||||||
|
tsigAlgorithm: {{ .tsigAlgorithm }}
|
||||||
|
tsigSecretSecretRef:
|
||||||
|
name: {{ $issuerSecretName }}
|
||||||
|
key: rfctsigSecret
|
||||||
|
{{- else if eq .type "acmedns" }}
|
||||||
|
acmeDNS:
|
||||||
|
host: {{ .acmednsHost }}
|
||||||
|
accountSecretRef:
|
||||||
|
name: {{ $issuerSecretName }}
|
||||||
|
key: acmednsJson
|
||||||
|
{{- end -}}
|
||||||
|
{{- end }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
namespace: {{ $namespace }}
|
||||||
|
name: {{ $issuerSecretName }}
|
||||||
|
type: Opaque
|
||||||
|
stringData:
|
||||||
|
cf-api-token: {{ .cfapitoken | default "" }}
|
||||||
|
cf-api-key: {{ .cfapikey | default "" }}
|
||||||
|
route53-secret-access-key: {{ .route53SecretAccessKey | default "" }}
|
||||||
|
akclientToken: {{ .akclientToken | default "" }}
|
||||||
|
akclientSecret: {{ .akclientSecret | default "" }}
|
||||||
|
akaccessToken: {{ .akaccessToken | default "" }}
|
||||||
|
doaccessToken: {{ .doaccessToken | default "" }}
|
||||||
|
rfctsigSecret: {{ $rfctsigSecret }}
|
||||||
|
{{- if .acmednsConfigJson }}
|
||||||
|
acmednsJson: {{ .acmednsConfigJson }}
|
||||||
|
{{- else if $acmednsDict }}
|
||||||
|
acmednsJson: {{ toJson $acmednsDict | quote }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,54 @@
|
||||||
|
{{- define "certmanager.clusterissuer.ca" -}}
|
||||||
|
{{- $operator := index $.Values.operator "cert-manager" -}}
|
||||||
|
{{- $namespace := $operator.namespace | default "cert-manager" -}}
|
||||||
|
|
||||||
|
{{- range .Values.clusterIssuer.CA }}
|
||||||
|
{{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name) -}}
|
||||||
|
{{- fail "CA - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- if .selfSigned }}
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: {{ .name }}-selfsigned-ca-issuer
|
||||||
|
spec:
|
||||||
|
selfSigned: {}
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: {{ .name }}-selfsigned-ca
|
||||||
|
namespace: {{ $namespace }}
|
||||||
|
spec:
|
||||||
|
isCA: true
|
||||||
|
commonName: {{ .selfSignedCommonName }}
|
||||||
|
secretName: {{ .name }}-ca
|
||||||
|
privateKey:
|
||||||
|
algorithm: ECDSA
|
||||||
|
size: 256
|
||||||
|
issuerRef:
|
||||||
|
name: {{ .name }}-selfsigned-ca-issuer
|
||||||
|
kind: ClusterIssuer
|
||||||
|
group: cert-manager.io
|
||||||
|
{{- else }}
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ .name }}-ca
|
||||||
|
namespace: {{ $namespace }}
|
||||||
|
data:
|
||||||
|
tls.crt: {{ .crt | replace " CERTIFICATE" "_CERTIFICATE" | replace " " "\n" | replace "_CERTIFICATE" " CERTIFICATE" | b64enc }}
|
||||||
|
tls.key: {{ .key | replace " PRIVATE KEY" "_PRIVATE_KEY" | replace " " "\n" | replace "_PRIVATE_KEY" " PRIVATE KEY" | b64enc }}
|
||||||
|
{{- end }}
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: {{ .name }}
|
||||||
|
spec:
|
||||||
|
ca:
|
||||||
|
secretName: {{ .name }}-ca
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,34 @@
|
||||||
|
{{- define "certmanager.clusterissuer.clusterCertificates" -}}
|
||||||
|
{{- if .Values.clusterCertificates -}}
|
||||||
|
{{- $secretTemplates := dict -}}
|
||||||
|
{{- $certNamespace := (include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $ "objectData" dict "caller" "ClusterCertificates")) -}}
|
||||||
|
{{- $replicationNamespaces := ".*" -}}
|
||||||
|
{{- if .Values.clusterCertificates.replicationNamespaces -}}
|
||||||
|
{{- $replicationNamespaces = .Values.clusterCertificates.replicationNamespaces -}}
|
||||||
|
{{- else if .Values.ixChartContext -}}
|
||||||
|
{{- $replicationNamespaces = "ix-.*" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- $reflectorAnnotations := (dict
|
||||||
|
"reflector.v1.k8s.emberstack.com/reflection-allowed" "true"
|
||||||
|
"reflector.v1.k8s.emberstack.com/reflection-auto-enabled" "true"
|
||||||
|
"reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces" (printf "%v,%v" $certNamespace $replicationNamespaces)
|
||||||
|
"reflector.v1.k8s.emberstack.com/reflection-auto-namespaces" $replicationNamespaces ) -}}
|
||||||
|
{{- $certAnnotations := (mustMerge ($reflectorAnnotations) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
|
||||||
|
|
||||||
|
{{- $_ := set $secretTemplates "annotations" $certAnnotations -}}
|
||||||
|
|
||||||
|
{{- if not $.Values.certificate -}}
|
||||||
|
{{- $_ := set $.Values "certificate" dict -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- range .Values.clusterCertificates.certificates -}}
|
||||||
|
{{- $_ := set $.Values.certificate .name (dict
|
||||||
|
"enabled" .enabled
|
||||||
|
"hosts" .hosts
|
||||||
|
"certificateIssuer" .certificateIssuer
|
||||||
|
"certificateSecretTemplate" $secretTemplates
|
||||||
|
) -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{{- define "certmanager.clusterissuer.selfsigned" -}}
|
||||||
|
{{- if .Values.clusterIssuer.selfSigned.enabled -}}
|
||||||
|
{{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .Values.clusterIssuer.selfSigned.name) -}}
|
||||||
|
{{- fail "Self Singed Issuer - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
|
||||||
|
{{- end }}
|
||||||
|
---
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: ClusterIssuer
|
||||||
|
metadata:
|
||||||
|
name: {{ .Values.clusterIssuer.selfSigned.name }}
|
||||||
|
spec:
|
||||||
|
selfSigned: {}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{/* Make sure all variables are set properly */}}
|
||||||
|
{{- include "tc.v1.common.loader.init" . }}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Generate certificate data and set them to $.Values.ceritificate
|
||||||
|
Let common handle the creation of the objects
|
||||||
|
*/}}
|
||||||
|
{{- include "certmanager.clusterissuer.clusterCertificates" . }}
|
||||||
|
|
||||||
|
{{/* Render the templates */}}
|
||||||
|
{{ include "tc.v1.common.loader.apply" . }}
|
||||||
|
|
||||||
|
{{/* Generate the cluster issuers */}}
|
||||||
|
{{- include "certmanager.clusterissuer.acme" . }}
|
||||||
|
{{- include "certmanager.clusterissuer.selfsigned" . }}
|
||||||
|
{{- include "certmanager.clusterissuer.ca" . }}
|
|
@ -0,0 +1,100 @@
|
||||||
|
---
|
||||||
|
title: Changelog
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
*for the complete changelog, please refer to the website*
|
||||||
|
|
||||||
|
**Important:**
|
||||||
|
|
||||||
|
|
||||||
|
## [grafana-14.8.1](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
|
@ -0,0 +1,41 @@
|
||||||
|
annotations:
|
||||||
|
max_scale_version: 24.04.0
|
||||||
|
min_scale_version: 23.10.0
|
||||||
|
truecharts.org/SCALE-support: "true"
|
||||||
|
truecharts.org/category: metrics
|
||||||
|
truecharts.org/max_helm_version: "3.14"
|
||||||
|
truecharts.org/min_helm_version: "3.11"
|
||||||
|
truecharts.org/train: premium
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 10.4.0
|
||||||
|
dependencies:
|
||||||
|
- name: common
|
||||||
|
version: 20.2.2
|
||||||
|
repository: oci://tccr.io/truecharts
|
||||||
|
condition: ""
|
||||||
|
alias: ""
|
||||||
|
tags: []
|
||||||
|
import-values: []
|
||||||
|
deprecated: false
|
||||||
|
description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB.
|
||||||
|
home: https://truecharts.org/charts/premium/grafana
|
||||||
|
icon: https://truecharts.org/img/hotlink-ok/chart-icons/grafana.png
|
||||||
|
keywords:
|
||||||
|
- analytics
|
||||||
|
- monitoring
|
||||||
|
- metrics
|
||||||
|
- logs
|
||||||
|
kubeVersion: ">=1.24.0-0"
|
||||||
|
maintainers:
|
||||||
|
- name: TrueCharts
|
||||||
|
email: info@truecharts.org
|
||||||
|
url: https://truecharts.org
|
||||||
|
name: grafana
|
||||||
|
sources:
|
||||||
|
- https://grafana.com/
|
||||||
|
- https://github.com/bitnami/bitnami-docker-grafana
|
||||||
|
- https://github.com/truecharts/charts/tree/master/charts/premium/grafana
|
||||||
|
- https://quay.io/kiwigrid/k8s-sidecar
|
||||||
|
- https://hub.docker.com/r/grafana/grafana
|
||||||
|
type: application
|
||||||
|
version: 14.8.1
|
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
title: README
|
||||||
|
---
|
||||||
|
|
||||||
|
## General Info
|
||||||
|
|
||||||
|
TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE.
|
||||||
|
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||||
|
|
||||||
|
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/grafana)
|
||||||
|
|
||||||
|
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||||
|
|
||||||
|
## Support
|
||||||
|
|
||||||
|
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
|
||||||
|
- See the [Website](https://truecharts.org)
|
||||||
|
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||||
|
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Sponsor TrueCharts
|
||||||
|
|
||||||
|
TrueCharts can only exist due to the incredible effort of our staff.
|
||||||
|
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||||
|
|
||||||
|
_All Rights Reserved - The TrueCharts Project_
|
|
@ -0,0 +1,11 @@
|
||||||
|
|
||||||
|
|
||||||
|
## [grafana-14.8.1](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
|
@ -0,0 +1,8 @@
|
||||||
|
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB.
|
||||||
|
|
||||||
|
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/grafana](https://truecharts.org/charts/premium/grafana)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
TrueCharts can only exist due to the incredible effort of our staff.
|
||||||
|
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
Binary file not shown.
|
@ -0,0 +1,346 @@
|
||||||
|
image:
|
||||||
|
repository: grafana/grafana
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
tag: 10.4.0@sha256:f9811e4e687ffecf1a43adb9b64096c50bc0d7a782f8608530f478b6542de7d5
|
||||||
|
|
||||||
|
sidecarImage:
|
||||||
|
repository: quay.io/kiwigrid/k8s-sidecar
|
||||||
|
tag: 1.26.1@sha256:b8d5067137fec093cf48670dc3a1dbb38f9e734f3a6683015c2e89a45db5fd16
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
container:
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
main:
|
||||||
|
protocol: http
|
||||||
|
targetPort: 3000
|
||||||
|
port: 3000
|
||||||
|
workload:
|
||||||
|
main:
|
||||||
|
replicas: 2
|
||||||
|
strategy: RollingUpdate
|
||||||
|
podSpec:
|
||||||
|
containers:
|
||||||
|
main:
|
||||||
|
env:
|
||||||
|
GF_SECURITY_ADMIN_USER: "admin"
|
||||||
|
GF_SECURITY_ADMIN_PASSWORD: "testpassword"
|
||||||
|
GF_INSTALL_PLUGINS: ""
|
||||||
|
GF_AUTH_LDAP_ENABLED: "false"
|
||||||
|
GF_AUTH_LDAP_ALLOW_SIGN_UP: "false"
|
||||||
|
GF_SERVER_HTTP_PORT: 3000
|
||||||
|
GF_DATABASE_TYPE: postgres
|
||||||
|
GF_DATABASE_NAME: "{{ .Values.cnpg.main.user }}"
|
||||||
|
GF_DATABASE_USER: "{{ .Values.cnpg.main.database }}"
|
||||||
|
GF_DATABASE_SSL_MODE: disable
|
||||||
|
GF_DATABASE_HOST:
|
||||||
|
secretKeyRef:
|
||||||
|
name: cnpg-main-urls
|
||||||
|
key: host
|
||||||
|
GF_DATABASE_PASSWORD:
|
||||||
|
secretKeyRef:
|
||||||
|
name: cnpg-main-user
|
||||||
|
key: password
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
path: "/api/health"
|
||||||
|
readiness:
|
||||||
|
path: "/api/health"
|
||||||
|
startup:
|
||||||
|
path: "/api/health"
|
||||||
|
dashboards:
|
||||||
|
enabled: true
|
||||||
|
imageSelector: sidecarImage
|
||||||
|
env:
|
||||||
|
IGNORE_ALREADY_PROCESSED: false
|
||||||
|
METHOD: WATCH
|
||||||
|
LABEL: grafana_dashboard
|
||||||
|
LABEL_VALUE: "1"
|
||||||
|
LOG_LEVEL: info
|
||||||
|
FOLDER: /tmp/dashboards
|
||||||
|
RESOURCE: both
|
||||||
|
NAMESPACE: "ALL"
|
||||||
|
UNIQUE_FILENAMES: false
|
||||||
|
# NAMESPACE: null
|
||||||
|
# FOLDER_ANNOTATION: null
|
||||||
|
# script: null
|
||||||
|
# WATCH_SERVER_TIMEOUT: 3600
|
||||||
|
# WATCH_CLIENT_TIMEOUT: 3600
|
||||||
|
SKIP_TLS_VERIFY: false
|
||||||
|
REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}"
|
||||||
|
REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}"
|
||||||
|
REQ_URL: "http://localhost:3000/api/admin/provisioning/dashboards/reload"
|
||||||
|
REQ_METHOD: POST
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
readiness:
|
||||||
|
enabled: false
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
datasources:
|
||||||
|
enabled: true
|
||||||
|
imageSelector: sidecarImage
|
||||||
|
env:
|
||||||
|
IGNORE_ALREADY_PROCESSED: false
|
||||||
|
METHOD: WATCH
|
||||||
|
LABEL: grafana_datasources
|
||||||
|
LABEL_VALUE: "1"
|
||||||
|
LOG_LEVEL: info
|
||||||
|
FOLDER: /etc/grafana/provisioning/datasources
|
||||||
|
RESOURCE: both
|
||||||
|
NAMESPACE: "ALL"
|
||||||
|
UNIQUE_FILENAMES: false
|
||||||
|
# NAMESPACE: null
|
||||||
|
# FOLDER_ANNOTATION: null
|
||||||
|
# script: null
|
||||||
|
# WATCH_SERVER_TIMEOUT: 3600
|
||||||
|
# WATCH_CLIENT_TIMEOUT: 3600
|
||||||
|
SKIP_TLS_VERIFY: false
|
||||||
|
REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}"
|
||||||
|
REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}"
|
||||||
|
REQ_URL: "http://localhost:3000/api/admin/provisioning/datasources/reload"
|
||||||
|
REQ_METHOD: POST
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
readiness:
|
||||||
|
enabled: false
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
alerts:
|
||||||
|
enabled: true
|
||||||
|
imageSelector: sidecarImage
|
||||||
|
env:
|
||||||
|
IGNORE_ALREADY_PROCESSED: false
|
||||||
|
METHOD: WATCH
|
||||||
|
LABEL: grafana_alerts
|
||||||
|
LABEL_VALUE: "1"
|
||||||
|
LOG_LEVEL: info
|
||||||
|
FOLDER: /etc/grafana/provisioning/alerts
|
||||||
|
RESOURCE: both
|
||||||
|
NAMESPACE: "ALL"
|
||||||
|
UNIQUE_FILENAMES: false
|
||||||
|
# NAMESPACE: null
|
||||||
|
# FOLDER_ANNOTATION: null
|
||||||
|
# script: null
|
||||||
|
# WATCH_SERVER_TIMEOUT: 3600
|
||||||
|
# WATCH_CLIENT_TIMEOUT: 3600
|
||||||
|
SKIP_TLS_VERIFY: false
|
||||||
|
REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}"
|
||||||
|
REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}"
|
||||||
|
REQ_URL: "http://localhost:3000/api/admin/provisioning/alerts/reload"
|
||||||
|
REQ_METHOD: POST
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
readiness:
|
||||||
|
enabled: false
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
plugins:
|
||||||
|
enabled: true
|
||||||
|
imageSelector: sidecarImage
|
||||||
|
env:
|
||||||
|
IGNORE_ALREADY_PROCESSED: false
|
||||||
|
METHOD: WATCH
|
||||||
|
LABEL: grafana_plugins
|
||||||
|
LABEL_VALUE: "1"
|
||||||
|
LOG_LEVEL: info
|
||||||
|
FOLDER: /etc/grafana/provisioning/plugins
|
||||||
|
RESOURCE: both
|
||||||
|
NAMESPACE: "ALL"
|
||||||
|
UNIQUE_FILENAMES: false
|
||||||
|
# NAMESPACE: null
|
||||||
|
# FOLDER_ANNOTATION: null
|
||||||
|
# script: null
|
||||||
|
# WATCH_SERVER_TIMEOUT: 3600
|
||||||
|
# WATCH_CLIENT_TIMEOUT: 3600
|
||||||
|
SKIP_TLS_VERIFY: false
|
||||||
|
REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}"
|
||||||
|
REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}"
|
||||||
|
REQ_URL: "http://localhost:3000/api/admin/provisioning/plugins/reload"
|
||||||
|
REQ_METHOD: POST
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
readiness:
|
||||||
|
enabled: false
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
notifiers:
|
||||||
|
enabled: true
|
||||||
|
imageSelector: sidecarImage
|
||||||
|
env:
|
||||||
|
IGNORE_ALREADY_PROCESSED: false
|
||||||
|
METHOD: WATCH
|
||||||
|
LABEL: grafana_notifiers
|
||||||
|
LABEL_VALUE: "1"
|
||||||
|
LOG_LEVEL: info
|
||||||
|
FOLDER: /etc/grafana/provisioning/notifiers
|
||||||
|
RESOURCE: both
|
||||||
|
NAMESPACE: "ALL"
|
||||||
|
UNIQUE_FILENAMES: false
|
||||||
|
# NAMESPACE: null
|
||||||
|
# FOLDER_ANNOTATION: null
|
||||||
|
# script: null
|
||||||
|
# WATCH_SERVER_TIMEOUT: 3600
|
||||||
|
# WATCH_CLIENT_TIMEOUT: 3600
|
||||||
|
SKIP_TLS_VERIFY: false
|
||||||
|
REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}"
|
||||||
|
REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}"
|
||||||
|
REQ_URL: "http://localhost:3000/api/admin/provisioning/notifiers/reload"
|
||||||
|
REQ_METHOD: POST
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
readiness:
|
||||||
|
enabled: false
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
configmap:
|
||||||
|
dashboard-provider:
|
||||||
|
enabled: true
|
||||||
|
data:
|
||||||
|
provider.yaml: |-
|
||||||
|
apiVersion: 1
|
||||||
|
providers:
|
||||||
|
- name: sidecarProvider
|
||||||
|
orgId: 1
|
||||||
|
folder: ''
|
||||||
|
type: file
|
||||||
|
disableDeletion: false
|
||||||
|
allowUiUpdates: false
|
||||||
|
updateIntervalSeconds: 30
|
||||||
|
options:
|
||||||
|
foldersFromFilesStructure: false
|
||||||
|
path: /tmp/dashboards
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
data:
|
||||||
|
grafana.ini: |-
|
||||||
|
paths:
|
||||||
|
data: /var/lib/grafana/
|
||||||
|
logs: /var/log/grafana
|
||||||
|
plugins: /var/lib/grafana/plugins
|
||||||
|
provisioning: /etc/grafana/provisioning
|
||||||
|
analytics:
|
||||||
|
check_for_updates: true
|
||||||
|
log:
|
||||||
|
mode: console
|
||||||
|
grafana_net:
|
||||||
|
url: https://grafana.net
|
||||||
|
server:
|
||||||
|
domain: "{{ if (and .Values.ingress.main.enabled .Values.ingress.main.hosts) }}{{ .Values.ingress.main.hosts | first }}{{ else }}''{{ end }}"
|
||||||
|
ldap.toml: |-
|
||||||
|
# nope
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
type: configmap
|
||||||
|
objectName: config
|
||||||
|
mountPath: /etc/grafana/grafana.ini
|
||||||
|
subPath: grafana.ini
|
||||||
|
ldap:
|
||||||
|
enabled: true
|
||||||
|
type: configmap
|
||||||
|
objectName: config
|
||||||
|
mountPath: /etc/grafana/ldap.toml
|
||||||
|
subPath: ldap.toml
|
||||||
|
data:
|
||||||
|
enabled: true
|
||||||
|
mountPath: "/var/lib/grafana"
|
||||||
|
grafana-tmp:
|
||||||
|
enabled: true
|
||||||
|
type: emptyDir
|
||||||
|
mountPath: /app/tmp
|
||||||
|
targetSelectAll: true
|
||||||
|
sc-dashboard-volume:
|
||||||
|
enabled: true
|
||||||
|
type: emptyDir
|
||||||
|
mountPath: /tmp/dashboards
|
||||||
|
targetSelectAll: true
|
||||||
|
sc-dashboard-config:
|
||||||
|
enabled: true
|
||||||
|
type: configmap
|
||||||
|
objectName: dashboard-provider
|
||||||
|
mountPath: /etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml
|
||||||
|
subPath: provider.yaml
|
||||||
|
sc-datasource-volume:
|
||||||
|
enabled: true
|
||||||
|
type: emptyDir
|
||||||
|
mountPath: /etc/grafana/provisioning/datasources
|
||||||
|
targetSelectAll: true
|
||||||
|
sc-alerts-volume:
|
||||||
|
enabled: true
|
||||||
|
type: emptyDir
|
||||||
|
mountPath: /etc/grafana/provisioning/alerts
|
||||||
|
targetSelectAll: true
|
||||||
|
sc-plugins-volume:
|
||||||
|
enabled: true
|
||||||
|
type: emptyDir
|
||||||
|
mountPath: /etc/grafana/provisioning/plugins
|
||||||
|
targetSelectAll: true
|
||||||
|
sc-notifiers-volume:
|
||||||
|
enabled: true
|
||||||
|
type: emptyDir
|
||||||
|
mountPath: /etc/grafana/provisioning/notifiers
|
||||||
|
targetSelectAll: true
|
||||||
|
metrics:
|
||||||
|
main:
|
||||||
|
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
|
||||||
|
# @default -- See values.yaml
|
||||||
|
enabled: true
|
||||||
|
type: "servicemonitor"
|
||||||
|
endpoints:
|
||||||
|
- port: main
|
||||||
|
path: /metrics
|
||||||
|
# -- Enable and configure Prometheus Rules for the chart under this key.
|
||||||
|
# @default -- See values.yaml
|
||||||
|
prometheusRule:
|
||||||
|
enabled: false
|
||||||
|
labels: {}
|
||||||
|
# -- Configure additionial rules for the chart under this key.
|
||||||
|
# @default -- See prometheusrules.yaml
|
||||||
|
rules: []
|
||||||
|
# - alert: UnifiPollerAbsent
|
||||||
|
# annotations:
|
||||||
|
# description: Unifi Poller has disappeared from Prometheus service discovery.
|
||||||
|
# summary: Unifi Poller is down.
|
||||||
|
# expr: |
|
||||||
|
# absent(up{job=~".*unifi-poller.*"} == 1)
|
||||||
|
# for: 5m
|
||||||
|
# labels:
|
||||||
|
# severity: critical
|
||||||
|
portal:
|
||||||
|
open:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
|
||||||
|
rbac:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
primary: true
|
||||||
|
clusterWide: true
|
||||||
|
rules:
|
||||||
|
- apiGroups: [""]
|
||||||
|
resources: ["configmaps", "secrets"]
|
||||||
|
verbs: ["get", "watch", "list"]
|
||||||
|
|
||||||
|
serviceAccount:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
primary: true
|
||||||
|
|
||||||
|
podOptions:
|
||||||
|
automountServiceAccountToken: true
|
||||||
|
|
||||||
|
cnpg:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
user: grafana
|
||||||
|
database: grafana
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,100 @@
|
||||||
|
---
|
||||||
|
title: Changelog
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
*for the complete changelog, please refer to the website*
|
||||||
|
|
||||||
|
**Important:**
|
||||||
|
|
||||||
|
|
||||||
|
## [metallb-config-6.7.1](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
|
||||||
|
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
|
@ -0,0 +1,38 @@
|
||||||
|
annotations:
|
||||||
|
max_scale_version: 24.04.0
|
||||||
|
min_scale_version: 23.10.0
|
||||||
|
truecharts.org/SCALE-support: "true"
|
||||||
|
truecharts.org/category: core
|
||||||
|
truecharts.org/max_helm_version: "3.14"
|
||||||
|
truecharts.org/min_helm_version: "3.11"
|
||||||
|
truecharts.org/train: premium
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: latest
|
||||||
|
dependencies:
|
||||||
|
- name: common
|
||||||
|
version: 20.2.2
|
||||||
|
repository: oci://tccr.io/truecharts
|
||||||
|
condition: ""
|
||||||
|
alias: ""
|
||||||
|
tags: []
|
||||||
|
import-values: []
|
||||||
|
deprecated: false
|
||||||
|
description: A network load-balancer implementation for Kubernetes using standard routing protocols
|
||||||
|
home: https://truecharts.org/charts/premium/metallb-config
|
||||||
|
icon: https://truecharts.org/img/hotlink-ok/chart-icons/metallb-config.png
|
||||||
|
keywords:
|
||||||
|
- metallb
|
||||||
|
- loadbalancer
|
||||||
|
kubeVersion: ">=1.24.0-0"
|
||||||
|
maintainers:
|
||||||
|
- name: TrueCharts
|
||||||
|
email: info@truecharts.org
|
||||||
|
url: https://truecharts.org
|
||||||
|
name: metallb-config
|
||||||
|
sources:
|
||||||
|
- https://metallb.universe.tf
|
||||||
|
- https://github.com/metallb/metallb
|
||||||
|
- https://github.com/truecharts/charts/tree/master/charts/premium/metallb-config
|
||||||
|
- https://hub.docker.com/_/hello-world
|
||||||
|
type: application
|
||||||
|
version: 6.7.1
|
|
@ -0,0 +1,28 @@
|
||||||
|
---
|
||||||
|
title: README
|
||||||
|
---
|
||||||
|
|
||||||
|
## General Info
|
||||||
|
|
||||||
|
TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE.
|
||||||
|
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||||
|
|
||||||
|
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/metallb-config)
|
||||||
|
|
||||||
|
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||||
|
|
||||||
|
## Support
|
||||||
|
|
||||||
|
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
|
||||||
|
- See the [Website](https://truecharts.org)
|
||||||
|
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||||
|
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Sponsor TrueCharts
|
||||||
|
|
||||||
|
TrueCharts can only exist due to the incredible effort of our staff.
|
||||||
|
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||||
|
|
||||||
|
_All Rights Reserved - The TrueCharts Project_
|
|
@ -0,0 +1,11 @@
|
||||||
|
|
||||||
|
|
||||||
|
## [metallb-config-6.7.1](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
|
@ -0,0 +1,8 @@
|
||||||
|
A network load-balancer implementation for Kubernetes using standard routing protocols
|
||||||
|
|
||||||
|
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/metallb-config](https://truecharts.org/charts/premium/metallb-config)
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
TrueCharts can only exist due to the incredible effort of our staff.
|
||||||
|
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
Binary file not shown.
|
@ -0,0 +1,73 @@
|
||||||
|
image:
|
||||||
|
repository: hello-world
|
||||||
|
tag: latest@sha256:d000bc569937abbe195e20322a0bde6b2922d805332fd6d8a68b19f524b7d21d
|
||||||
|
pullPolicy: IfNotPresent
|
||||||
|
manifestManager:
|
||||||
|
enabled: false
|
||||||
|
workload:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
podSpec:
|
||||||
|
containers:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
readiness:
|
||||||
|
enabled: false
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
ports:
|
||||||
|
main:
|
||||||
|
enabled: false
|
||||||
|
port: 9999
|
||||||
|
operator:
|
||||||
|
verify:
|
||||||
|
enabled: true
|
||||||
|
additionalOperators: ["metallb"]
|
||||||
|
portal:
|
||||||
|
open:
|
||||||
|
enabled: false
|
||||||
|
ipAddressPools: []
|
||||||
|
# - name: example
|
||||||
|
# autoAssign: true
|
||||||
|
# avoidBuggyIPs: true
|
||||||
|
# addresses:
|
||||||
|
# - 192.168.1.1-192.168.1.100
|
||||||
|
L2Advertisements: []
|
||||||
|
# - name: l2adv
|
||||||
|
# addressPools:
|
||||||
|
# - pool1
|
||||||
|
# nodeSelectors:
|
||||||
|
# - nodeA
|
||||||
|
BGPAdvertisements: []
|
||||||
|
# - name: bgpadv
|
||||||
|
# addressPools:
|
||||||
|
# - pool1
|
||||||
|
# aggregationLength: 24
|
||||||
|
# localpref: 100
|
||||||
|
# communities:
|
||||||
|
# - 1234:1
|
||||||
|
# peers:
|
||||||
|
# - peer1
|
||||||
|
Communities: []
|
||||||
|
# - name: community1
|
||||||
|
# value: 1234:1
|
||||||
|
Peers: []
|
||||||
|
# - name: peer1
|
||||||
|
# myASN: 1234
|
||||||
|
# password: pass
|
||||||
|
# routerID: 1234
|
||||||
|
# bfdProfile: profile
|
||||||
|
# ebgpMultiHop: false
|
||||||
|
# holdTime: 10
|
||||||
|
# keepaliveTime: 10
|
||||||
|
# peerAddress: 172.30.0.2
|
||||||
|
# peerPort: 179
|
||||||
|
# sourceAddress: 172.30.0.3
|
||||||
|
# nodeSelectors:
|
||||||
|
# - nodeA
|
|
@ -0,0 +1,368 @@
|
||||||
|
groups:
|
||||||
|
- name: Container Image
|
||||||
|
description: Image to be used for container
|
||||||
|
- name: General Settings
|
||||||
|
description: General Deployment Settings
|
||||||
|
- name: Workload Settings
|
||||||
|
description: Workload Settings
|
||||||
|
- name: App Configuration
|
||||||
|
description: App Specific Config Options
|
||||||
|
- name: Networking and Services
|
||||||
|
description: Configure Network and Services for Container
|
||||||
|
- name: Storage and Persistence
|
||||||
|
description: Persist and Share Data that is Separate from the Container
|
||||||
|
- name: Ingress
|
||||||
|
description: Ingress Configuration
|
||||||
|
- name: Security and Permissions
|
||||||
|
description: Configure Security Context and Permissions
|
||||||
|
- name: Resources and Devices
|
||||||
|
description: "Specify Resources/Devices to be Allocated to Workload"
|
||||||
|
- name: Middlewares
|
||||||
|
description: Traefik Middlewares
|
||||||
|
- name: Metrics
|
||||||
|
description: Metrics
|
||||||
|
- name: Addons
|
||||||
|
description: Addon Configuration
|
||||||
|
- name: Backup Configuration
|
||||||
|
description: Configure Velero Backup Schedule
|
||||||
|
- name: Advanced
|
||||||
|
description: Advanced Configuration
|
||||||
|
- name: Postgresql
|
||||||
|
description: Postgresql
|
||||||
|
- name: Documentation
|
||||||
|
description: Documentation
|
||||||
|
|
||||||
|
questions:
|
||||||
|
- variable: global
|
||||||
|
group: General Settings
|
||||||
|
label: "Global Settings"
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: stopAll
|
||||||
|
label: Stop All
|
||||||
|
description: "Stops All Running pods and hibernates cnpg"
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
|
- variable: ipAddressPools
|
||||||
|
group: App Configuration
|
||||||
|
label: IP Address Pools Object
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: ipAddressPoolsEntry
|
||||||
|
label: IP Address Pool Entry
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: name
|
||||||
|
label: Name
|
||||||
|
description: Name of the IP address pool
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: autoAssign
|
||||||
|
label: Auto Assign
|
||||||
|
description: AutoAssign flag used to prevent MetallB from automatic
|
||||||
|
allocation for a pool.
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
- variable: avoidBuggyIPs
|
||||||
|
label: Avoid Buggy IPs
|
||||||
|
description: AvoidBuggyIPs prevents addresses ending with .0 and .255
|
||||||
|
to be used by a pool.
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: addresses
|
||||||
|
label: Addresses Pools
|
||||||
|
description: A list of IP address ranges over which MetalLB has authority.
|
||||||
|
You can list multiple ranges in a single pool, they will all share
|
||||||
|
the same settings. Each range can be either a CIDR prefix, or an
|
||||||
|
explicit start-end range of IPs.
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: addressPoolEntry
|
||||||
|
label: Address Pool Entry
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
required: true
|
||||||
|
- variable: L2Advertisements
|
||||||
|
group: App Configuration
|
||||||
|
label: L2 Advertisements
|
||||||
|
description: L2Advertisement allows to advertise the LoadBalancer IPs provided
|
||||||
|
by the selected pools via L2.
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: L2AdvertisementEntry
|
||||||
|
label: L2 Advertisement Entry
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: name
|
||||||
|
label: Name
|
||||||
|
description: Name of the L2 Advertisement
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: addressPools
|
||||||
|
label: Address Pools
|
||||||
|
description: The list of IPAddressPools to advertise via this advertisement,
|
||||||
|
selected by name.
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: addressPoolEntry
|
||||||
|
label: Address Pool Entry
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
required: true
|
||||||
|
- variable: nodeSelectors
|
||||||
|
label: Node Selectors
|
||||||
|
description: NodeSelectors allows to limit the nodes to announce as
|
||||||
|
next hops for the LoadBalancer IP. When empty, all the nodes having are
|
||||||
|
announced as next hops.
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: nodeSelectorEntry
|
||||||
|
label: Node Selector Entry
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
required: true
|
||||||
|
- variable: Communities
|
||||||
|
group: App Configuration
|
||||||
|
label: Communities
|
||||||
|
description: Community is a collection of aliases for communities. Users can
|
||||||
|
define named aliases to be used in the BGPPeer CRD.
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: CommunityEntry
|
||||||
|
label: Community Entry
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: name
|
||||||
|
label: Name
|
||||||
|
description: The name of the alias for the community.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: value
|
||||||
|
label: Value
|
||||||
|
description: The BGP community value corresponding to the given name.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: Peers
|
||||||
|
group: App Configuration
|
||||||
|
label: Peers
|
||||||
|
description: BGPPeer is the Schema for the peers API.
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: PeerEntry
|
||||||
|
label: Peer Entry
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: name
|
||||||
|
label: Name
|
||||||
|
description: The name of the peer.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: bfdProfile
|
||||||
|
label: BFD Profile
|
||||||
|
description: The name of the BFD Profile to be used for the BFD session
|
||||||
|
associated to the BGP session. If not set, the BFD session won't
|
||||||
|
be set up.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: ebgpMultiHop
|
||||||
|
label: EBGP MultiHop
|
||||||
|
description: TTo set if the BGPPeer is multi-hops away. Needed for
|
||||||
|
FRR mode only.
|
||||||
|
schema:
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
- variable: holdTime
|
||||||
|
label: Hold Time
|
||||||
|
description: Requested BGP hold time, per RFC4271.
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
- variable: keepaliveTime
|
||||||
|
label: Keep Alive Time
|
||||||
|
description: Requested BGP keep alive time, per RFC4271.
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
- variable: myASN
|
||||||
|
label: My ASN
|
||||||
|
description: AS number to use for the local end of the session.
|
||||||
|
schema:
|
||||||
|
type: int
|
||||||
|
- variable: password
|
||||||
|
label: Password
|
||||||
|
description: Authentication password for routers enforcing TCP MD5
|
||||||
|
authenticated sessions
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
private: true
|
||||||
|
default: ""
|
||||||
|
- variable: peerASN
|
||||||
|
label: Peer ASN
|
||||||
|
description: AS number to expect from the remote end of the session.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
valid_chars: '^[0-9]*$'
|
||||||
|
default: ""
|
||||||
|
- variable: peerAddress
|
||||||
|
label: Peer Address
|
||||||
|
description: Address to dial when establishing the session.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: peerPort
|
||||||
|
label: Peer Port
|
||||||
|
description: Port to dial when establishing the session.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
valid_chars: '^[0-9]*$'
|
||||||
|
default: ""
|
||||||
|
- variable: routerID
|
||||||
|
label: Router ID
|
||||||
|
description: BGP router ID to advertise to the peer
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: sourceAddress
|
||||||
|
label: Source Address
|
||||||
|
description: Source address to use when establishing the session.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
- variable: nodeSelectors
|
||||||
|
label: Node Selectors
|
||||||
|
description: Only connect to this peer on nodes that match one of
|
||||||
|
these selectors.
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: nodeSelectorEntry
|
||||||
|
label: Node Selector Entry
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
required: true
|
||||||
|
- variable: BGPAdvertisements
|
||||||
|
group: App Configuration
|
||||||
|
label: BGP Advertisements
|
||||||
|
description: BGPAdvertisement allows to advertise the IPs coming from the
|
||||||
|
selected IPAddressPools via BGP.
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: BGPAdvertisementEntry
|
||||||
|
label: BGP Advertisement Entry
|
||||||
|
schema:
|
||||||
|
additional_attrs: true
|
||||||
|
type: dict
|
||||||
|
attrs:
|
||||||
|
- variable: name
|
||||||
|
label: Name
|
||||||
|
description: Name of the BGP Advertisement
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
default: ""
|
||||||
|
- variable: addressPools
|
||||||
|
label: Address Pools
|
||||||
|
description: The list of IPAddressPools to advertise via this advertisement,
|
||||||
|
selected by name.
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: addressPoolEntry
|
||||||
|
label: Address Pool Entry
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
required: true
|
||||||
|
- variable: aggregationLength
|
||||||
|
label: Aggregation Length
|
||||||
|
description: The aggregation-length advertisement option lets you
|
||||||
|
"roll up" the /32s into a larger prefix. Defaults to 32. Works for
|
||||||
|
IPv4 addresses.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
valid_chars: '^[0-9]*$'
|
||||||
|
default: ""
|
||||||
|
- variable: localpref
|
||||||
|
label: Local Pref
|
||||||
|
description: The BGP LOCAL_PREF attribute which is used by BGP best
|
||||||
|
path algorithm, Path with higher localpref is preferred over one
|
||||||
|
with lower localpref.
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
valid_chars: '^[0-9]*$'
|
||||||
|
default: ""
|
||||||
|
- variable: communities
|
||||||
|
label: Communities
|
||||||
|
description: The BGP communities to be associated with the announcement.
|
||||||
|
Each item can be a community of the form 1234:1234 or the name of
|
||||||
|
an alias defined in the Community CRD.
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: communityEntry
|
||||||
|
label: Community Entry
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
required: true
|
||||||
|
- variable: peers
|
||||||
|
label: Peers
|
||||||
|
description: Peers limits the BGPpeer to advertise the ips of the
|
||||||
|
selected pools to. When empty, the loadbalancer IP is announced
|
||||||
|
to all the BGPPeers configured.
|
||||||
|
schema:
|
||||||
|
type: list
|
||||||
|
default: []
|
||||||
|
items:
|
||||||
|
- variable: peerEntry
|
||||||
|
label: Peer Entry
|
||||||
|
schema:
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
required: true
|
|
@ -0,0 +1,33 @@
|
||||||
|
{{- define "metallb.bgpadv" -}}
|
||||||
|
{{- range .Values.BGPAdvertisements }}
|
||||||
|
---
|
||||||
|
apiVersion: metallb.io/v1beta1
|
||||||
|
kind: BGPAdvertisement
|
||||||
|
metadata:
|
||||||
|
name: {{ .name }}
|
||||||
|
namespace: {{ $.Values.operatorNamespace }}
|
||||||
|
spec:
|
||||||
|
ipAddressPools:
|
||||||
|
{{- range .addressPools }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .aggregationLength }}
|
||||||
|
aggregationLength: {{ . | int }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .localpref }}
|
||||||
|
localpref: {{ . | int }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .communities }}
|
||||||
|
communities:
|
||||||
|
{{- range .communities }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .peers }}
|
||||||
|
peers:
|
||||||
|
{{- range .peers }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{{- define "metallb.comm" -}}
|
||||||
|
{{- if .Values.Communities }}
|
||||||
|
---
|
||||||
|
apiVersion: metallb.io/v1beta1
|
||||||
|
kind: Community
|
||||||
|
metadata:
|
||||||
|
name: communities
|
||||||
|
namespace: {{ $.Values.operatorNamespace }}
|
||||||
|
spec:
|
||||||
|
communities:
|
||||||
|
{{- range .Values.Communities }}
|
||||||
|
- name: {{ .name }}
|
||||||
|
value: {{ .value }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,17 @@
|
||||||
|
{{- define "metallb.pool" -}}
|
||||||
|
{{- range .Values.ipAddressPools }}
|
||||||
|
---
|
||||||
|
apiVersion: metallb.io/v1beta1
|
||||||
|
kind: IPAddressPool
|
||||||
|
metadata:
|
||||||
|
name: {{ .name }}
|
||||||
|
namespace: {{ $.Values.operatorNamespace }}
|
||||||
|
spec:
|
||||||
|
addresses:
|
||||||
|
{{- range .addresses }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
autoAssign: {{ .autoAssign | default true }}
|
||||||
|
avoidBuggyIPs: {{ .avoidBuggyIPs | default false }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,22 @@
|
||||||
|
{{- define "metallb.l2adv" -}}
|
||||||
|
{{- range .Values.L2Advertisements }}
|
||||||
|
---
|
||||||
|
apiVersion: metallb.io/v1beta1
|
||||||
|
kind: L2Advertisement
|
||||||
|
metadata:
|
||||||
|
name: {{ .name }}
|
||||||
|
namespace: {{ $.Values.operatorNamespace }}
|
||||||
|
spec:
|
||||||
|
ipAddressPools:
|
||||||
|
{{- range .addressPools }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .nodeSelectors }}
|
||||||
|
{{- range .nodeSelectors }}
|
||||||
|
nodeSelectors:
|
||||||
|
- matchLabels:
|
||||||
|
kubernetes.io/hostname: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,51 @@
|
||||||
|
{{- define "metallb.peers" -}}
|
||||||
|
{{- range .Values.Peers }}
|
||||||
|
---
|
||||||
|
apiVersion: metallb.io/v1beta2
|
||||||
|
kind: BGPPeer
|
||||||
|
metadata:
|
||||||
|
name: {{ .name }}
|
||||||
|
namespace: {{ $.Values.operatorNamespace }}
|
||||||
|
spec:
|
||||||
|
{{- with .password }}
|
||||||
|
password: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .routerID }}
|
||||||
|
routerID: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .bfdProfile }}
|
||||||
|
bfdProfile: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .ebgpMultiHop }}
|
||||||
|
ebgpMultiHop: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .holdTime }}
|
||||||
|
holdTime: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .keepaliveTime }}
|
||||||
|
keepaliveTime: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .myASN }}
|
||||||
|
myASN: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .peerASN }}
|
||||||
|
peerASN: {{ . | int }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .peerAddress }}
|
||||||
|
peerAddress: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .peerPort }}
|
||||||
|
peerPort: {{ . | int }}
|
||||||
|
{{- end }}
|
||||||
|
{{- with .sourceAddress }}
|
||||||
|
sourceAddress: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .nodeSelectors }}
|
||||||
|
nodeSelectors:
|
||||||
|
{{- range .nodeSelectors }}
|
||||||
|
- matchLabels:
|
||||||
|
kubernetes.io/hostname: {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,21 @@
|
||||||
|
{{/* Make sure all variables are set properly */}}
|
||||||
|
{{- include "tc.v1.common.loader.init" . }}
|
||||||
|
|
||||||
|
{{- $operatorNamespace := "metallb-system" -}}
|
||||||
|
{{- if .Values.operator.metallb -}}
|
||||||
|
{{ $operatorNamespace = ( $.Values.operator.metallb.namespace | default "metallb-system") }}
|
||||||
|
{{- end -}}
|
||||||
|
{{- $_ := set $.Values "operatorNamespace" $operatorNamespace -}}
|
||||||
|
|
||||||
|
{{/* Render the templates */}}
|
||||||
|
{{ include "tc.v1.common.loader.apply" . }}
|
||||||
|
|
||||||
|
{{- include "metallb.l2adv" . }}
|
||||||
|
|
||||||
|
{{- include "metallb.peers" . }}
|
||||||
|
|
||||||
|
{{- include "metallb.bgpadv" . }}
|
||||||
|
|
||||||
|
{{- include "metallb.comm" . }}
|
||||||
|
|
||||||
|
{{- include "metallb.pool" . }}
|
|
@ -1,26 +0,0 @@
|
||||||
---
|
|
||||||
title: Changelog
|
|
||||||
---
|
|
||||||
|
|
||||||
|
|
||||||
*for the complete changelog, please refer to the website*
|
|
||||||
|
|
||||||
**Important:**
|
|
||||||
|
|
||||||
|
|
||||||
## [nextcloud-29.6.0](https://github.com/truecharts/charts/compare/nextcloud-29.5.6...nextcloud-29.6.0) (2024-03-16)
|
|
||||||
|
|
||||||
### Chore
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- update container image common to v20.1.5[@dc867e0](https://github.com/dc867e0) by renovate ([#19210](https://github.com/truecharts/charts/issues/19210))
|
|
||||||
|
|
||||||
|
|
||||||
## [nextcloud-29.5.6](https://github.com/truecharts/charts/compare/nextcloud-29.5.5...nextcloud-29.5.6) (2024-03-16)
|
|
||||||
|
|
||||||
### Chore
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- rename `enterprise`- train to `premium`-train
|
|
|
@ -1,53 +0,0 @@
|
||||||
annotations:
|
|
||||||
max_scale_version: 24.04.0
|
|
||||||
min_scale_version: 23.10.0
|
|
||||||
truecharts.org/SCALE-support: "true"
|
|
||||||
truecharts.org/category: cloud
|
|
||||||
truecharts.org/max_helm_version: "3.14"
|
|
||||||
truecharts.org/min_helm_version: "3.12"
|
|
||||||
truecharts.org/train: premium
|
|
||||||
apiVersion: v2
|
|
||||||
appVersion: 28.0.3
|
|
||||||
dependencies:
|
|
||||||
- name: common
|
|
||||||
version: 20.1.5
|
|
||||||
repository: oci://tccr.io/truecharts
|
|
||||||
condition: ""
|
|
||||||
alias: ""
|
|
||||||
tags: []
|
|
||||||
import-values: []
|
|
||||||
- name: redis
|
|
||||||
version: 13.0.3
|
|
||||||
repository: oci://tccr.io/truecharts
|
|
||||||
condition: redis.enabled
|
|
||||||
alias: ""
|
|
||||||
tags: []
|
|
||||||
import-values: []
|
|
||||||
deprecated: false
|
|
||||||
description: A private cloud server that puts the control and security of your own data back into your hands.
|
|
||||||
home: https://truecharts.org/charts/premium/nextcloud
|
|
||||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png
|
|
||||||
keywords:
|
|
||||||
- nextcloud
|
|
||||||
- storage
|
|
||||||
- http
|
|
||||||
- web
|
|
||||||
- php
|
|
||||||
kubeVersion: '>=1.24.0-0'
|
|
||||||
maintainers:
|
|
||||||
- name: TrueCharts
|
|
||||||
email: info@truecharts.org
|
|
||||||
url: https://truecharts.org
|
|
||||||
name: nextcloud
|
|
||||||
sources:
|
|
||||||
- https://github.com/nextcloud/docker
|
|
||||||
- https://github.com/nextcloud/helm
|
|
||||||
- https://github.com/truecharts/charts/tree/master/charts/premium/nextcloud
|
|
||||||
- https://hub.docker.com/r/clamav/clamav
|
|
||||||
- https://github.com/truecharts/containers/tree/master/apps/nextcloud-push-notify
|
|
||||||
- https://hub.docker.com/r/collabora/code
|
|
||||||
- https://github.com/truecharts/containers/tree/master/apps/nextcloud-imaginary
|
|
||||||
- https://hub.docker.com/r/nginxinc/nginx-unprivileged
|
|
||||||
- https://github.com/truecharts/containers/tree/master/apps/nextcloud-fpm
|
|
||||||
type: application
|
|
||||||
version: 29.6.0
|
|
Binary file not shown.
Binary file not shown.
|
@ -1,516 +0,0 @@
|
||||||
image:
|
|
||||||
repository: tccr.io/tccr/nextcloud-fpm
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
tag: v28.0.3@sha256:77b7353be48b28d1bc1dcfa8bed1e0f3c989f6223647f9c99b07db0e8ab78c8d
|
|
||||||
nginxImage:
|
|
||||||
repository: nginxinc/nginx-unprivileged
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
tag: 1.25.4@sha256:060d468f78f016c7cfd49a548ed5d3456891cba1b54767b4ed48907981266f06
|
|
||||||
imaginaryImage:
|
|
||||||
repository: tccr.io/tccr/nextcloud-imaginary
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
tag: v20230401@sha256:6be7b4432a536d6004b94edea7dd3573f0cc061328b729ed8043236a0784f98c
|
|
||||||
hpbImage:
|
|
||||||
repository: tccr.io/tccr/nextcloud-push-notify
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
tag: v0.6.9@sha256:1950fd07cc1292551b16c7080514c24d8c22ce7947e06cbb12fd968d13970373
|
|
||||||
clamavImage:
|
|
||||||
repository: clamav/clamav
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
tag: 1.3.0@sha256:57555703249b4c57d760753bf3655871d3c51958bd5bd4a0dac6eb73c1c36516
|
|
||||||
collaboraImage:
|
|
||||||
repository: collabora/code
|
|
||||||
pullPolicy: IfNotPresent
|
|
||||||
tag: 23.05.9.4.1@sha256:18768e665a817a06d17a608bcb0744dd0275e72d805644cad5ad1923f7d623b5
|
|
||||||
nextcloud:
|
|
||||||
# Initial Credentials
|
|
||||||
credentials:
|
|
||||||
initialAdminUser: admin
|
|
||||||
initialAdminPassword: adminpass
|
|
||||||
# General settings
|
|
||||||
general:
|
|
||||||
# Custom Nextcloud Scripts
|
|
||||||
run_optimize: true
|
|
||||||
default_phone_region: GR
|
|
||||||
# IP used for exposing nextcloud,
|
|
||||||
# often the loadbalancer IP
|
|
||||||
accessIP: ""
|
|
||||||
# Allows Nextcloud to connect to unsecure (http) endpoints
|
|
||||||
force_enable_allow_local_remote_servers: false
|
|
||||||
# File settings
|
|
||||||
files:
|
|
||||||
shared_folder_name: Shared
|
|
||||||
max_chunk_size: 10485760
|
|
||||||
# Expiration settings
|
|
||||||
expirations:
|
|
||||||
activity_expire_days: 90
|
|
||||||
trash_retention_obligation: auto
|
|
||||||
versions_retention_obligation: auto
|
|
||||||
# Previews settings
|
|
||||||
previews:
|
|
||||||
enabled: true
|
|
||||||
# It will also deploy the container
|
|
||||||
imaginary: true
|
|
||||||
cron: true
|
|
||||||
schedule: "*/30 * * * *"
|
|
||||||
max_x: 2048
|
|
||||||
max_y: 2048
|
|
||||||
max_memory: 1024
|
|
||||||
max_file_size_image: 50
|
|
||||||
# Setting for Imaginary
|
|
||||||
max_allowed_resolution: 18.0
|
|
||||||
jpeg_quality: 60
|
|
||||||
square_sizes: 32 256
|
|
||||||
width_sizes: 256 384
|
|
||||||
height_sizes: 256
|
|
||||||
# Casings are important
|
|
||||||
# https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269
|
|
||||||
# Only the last part of the provider is needed
|
|
||||||
providers:
|
|
||||||
- PNG
|
|
||||||
- JPEG
|
|
||||||
# Logging settings
|
|
||||||
logging:
|
|
||||||
log_level: 2
|
|
||||||
log_file: /var/www/html/data/logs/nextcloud.log
|
|
||||||
log_audit_file: /var/www/html/data/logs/audit.log
|
|
||||||
log_date_format: d/m/Y H:i:s
|
|
||||||
# ClamAV settings
|
|
||||||
clamav:
|
|
||||||
# It will also deploy the container
|
|
||||||
# Note that this runs as root
|
|
||||||
enabled: false
|
|
||||||
stream_max_length: 26214400
|
|
||||||
file_max_size: -1
|
|
||||||
infected_action: only_log
|
|
||||||
# Notify Push settings
|
|
||||||
notify_push:
|
|
||||||
# It will also deploy the container
|
|
||||||
enabled: true
|
|
||||||
# Collabora settings
|
|
||||||
collabora:
|
|
||||||
# It will also deploy the container
|
|
||||||
enabled: false
|
|
||||||
# default|compact|tabbed
|
|
||||||
interface_mode: default
|
|
||||||
username: admin
|
|
||||||
password: changeme
|
|
||||||
dictionaries:
|
|
||||||
- de_DE
|
|
||||||
- en_GB
|
|
||||||
- en_US
|
|
||||||
- el_GR
|
|
||||||
- es_ES
|
|
||||||
- fr_FR
|
|
||||||
- pt_BR
|
|
||||||
- pt_PT
|
|
||||||
- it
|
|
||||||
- nl
|
|
||||||
- ru
|
|
||||||
onlyoffice:
|
|
||||||
# It will not deploy the container
|
|
||||||
# Only add the OnlyOffice settings
|
|
||||||
enabled: false
|
|
||||||
url: ""
|
|
||||||
internal_url: ""
|
|
||||||
verify_ssl: true
|
|
||||||
jwt: ""
|
|
||||||
jwt_header: Authorization
|
|
||||||
# PHP settings
|
|
||||||
php:
|
|
||||||
memory_limit: 1G
|
|
||||||
upload_limit: 10G
|
|
||||||
pm_max_children: 180
|
|
||||||
pm_start_servers: 18
|
|
||||||
pm_min_spare_servers: 12
|
|
||||||
pm_max_spare_servers: 30
|
|
||||||
opcache:
|
|
||||||
interned_strings_buffer: 32
|
|
||||||
max_accelerated_files: 10000
|
|
||||||
memory_consumption: 128
|
|
||||||
revalidate_freq: 60
|
|
||||||
jit_buffer_size: 128
|
|
||||||
# Do NOT edit below this line
|
|
||||||
workload:
|
|
||||||
# Nextcloud php-fpm
|
|
||||||
main:
|
|
||||||
type: Deployment
|
|
||||||
podSpec:
|
|
||||||
containers:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
primary: true
|
|
||||||
envFrom:
|
|
||||||
- configMapRef:
|
|
||||||
name: nextcloud-config
|
|
||||||
probes:
|
|
||||||
liveness:
|
|
||||||
enabled: true
|
|
||||||
type: exec
|
|
||||||
command: /healthcheck.sh
|
|
||||||
readiness:
|
|
||||||
enabled: true
|
|
||||||
type: exec
|
|
||||||
command: /healthcheck.sh
|
|
||||||
startup:
|
|
||||||
enabled: true
|
|
||||||
type: tcp
|
|
||||||
port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}"
|
|
||||||
nginx:
|
|
||||||
enabled: true
|
|
||||||
type: Deployment
|
|
||||||
strategy: RollingUpdate
|
|
||||||
replicas: 1
|
|
||||||
podSpec:
|
|
||||||
containers:
|
|
||||||
nginx:
|
|
||||||
enabled: true
|
|
||||||
primary: true
|
|
||||||
imageSelector: nginxImage
|
|
||||||
probes:
|
|
||||||
readiness:
|
|
||||||
enabled: true
|
|
||||||
path: /robots.txt
|
|
||||||
port: "{{ .Values.service.main.ports.main.port }}"
|
|
||||||
httpHeaders:
|
|
||||||
Host: kube.internal.healthcheck
|
|
||||||
liveness:
|
|
||||||
enabled: true
|
|
||||||
path: /robots.txt
|
|
||||||
port: "{{ .Values.service.main.ports.main.port }}"
|
|
||||||
httpHeaders:
|
|
||||||
Host: kube.internal.healthcheck
|
|
||||||
startup:
|
|
||||||
enabled: true
|
|
||||||
type: tcp
|
|
||||||
port: "{{ .Values.service.main.ports.main.port }}"
|
|
||||||
notify:
|
|
||||||
enabled: true
|
|
||||||
type: Deployment
|
|
||||||
strategy: RollingUpdate
|
|
||||||
replicas: 1
|
|
||||||
podSpec:
|
|
||||||
containers:
|
|
||||||
notify:
|
|
||||||
primary: true
|
|
||||||
enabled: true
|
|
||||||
imageSelector: hpbImage
|
|
||||||
envFrom:
|
|
||||||
- configMapRef:
|
|
||||||
name: hpb-config
|
|
||||||
probes:
|
|
||||||
readiness:
|
|
||||||
enabled: true
|
|
||||||
path: /push/test/cookie
|
|
||||||
port: 7867
|
|
||||||
httpHeaders:
|
|
||||||
Host: kube.internal.healthcheck
|
|
||||||
liveness:
|
|
||||||
enabled: true
|
|
||||||
path: /push/test/cookie
|
|
||||||
port: 7867
|
|
||||||
httpHeaders:
|
|
||||||
Host: kube.internal.healthcheck
|
|
||||||
startup:
|
|
||||||
enabled: true
|
|
||||||
type: tcp
|
|
||||||
port: 7867
|
|
||||||
imaginary:
|
|
||||||
enabled: true
|
|
||||||
type: Deployment
|
|
||||||
strategy: RollingUpdate
|
|
||||||
replicas: 1
|
|
||||||
podSpec:
|
|
||||||
containers:
|
|
||||||
imaginary:
|
|
||||||
primary: true
|
|
||||||
enabled: true
|
|
||||||
imageSelector: imaginaryImage
|
|
||||||
command: imaginary
|
|
||||||
args:
|
|
||||||
- -p
|
|
||||||
- "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
|
||||||
- -concurrency
|
|
||||||
- "10"
|
|
||||||
- -max-allowed-resolution
|
|
||||||
- "{{ .Values.nextcloud.previews.max_allowed_resolution }}"
|
|
||||||
- -enable-url-source
|
|
||||||
- -return-size
|
|
||||||
probes:
|
|
||||||
readiness:
|
|
||||||
enabled: true
|
|
||||||
path: /health
|
|
||||||
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
|
||||||
liveness:
|
|
||||||
enabled: true
|
|
||||||
path: /health
|
|
||||||
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
|
||||||
startup:
|
|
||||||
enabled: true
|
|
||||||
type: tcp
|
|
||||||
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
|
||||||
clamav:
|
|
||||||
enabled: true
|
|
||||||
type: Deployment
|
|
||||||
strategy: RollingUpdate
|
|
||||||
replicas: 1
|
|
||||||
podSpec:
|
|
||||||
containers:
|
|
||||||
clamav:
|
|
||||||
primary: true
|
|
||||||
enabled: true
|
|
||||||
imageSelector: clamavImage
|
|
||||||
# FIXME: https://github.com/Cisco-Talos/clamav/issues/478
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 0
|
|
||||||
runAsGroup: 0
|
|
||||||
runAsNonRoot: false
|
|
||||||
readOnlyRootFilesystem: false
|
|
||||||
envFrom:
|
|
||||||
- configMapRef:
|
|
||||||
name: clamav-config
|
|
||||||
probes:
|
|
||||||
readiness:
|
|
||||||
enabled: true
|
|
||||||
type: exec
|
|
||||||
command: clamdcheck.sh
|
|
||||||
liveness:
|
|
||||||
enabled: true
|
|
||||||
type: exec
|
|
||||||
command: clamdcheck.sh
|
|
||||||
startup:
|
|
||||||
enabled: true
|
|
||||||
type: tcp
|
|
||||||
port: "{{ .Values.service.clamav.ports.clamav.targetPort }}"
|
|
||||||
collabora:
|
|
||||||
enabled: true
|
|
||||||
type: Deployment
|
|
||||||
strategy: RollingUpdate
|
|
||||||
replicas: 1
|
|
||||||
podSpec:
|
|
||||||
containers:
|
|
||||||
collabora:
|
|
||||||
primary: true
|
|
||||||
enabled: true
|
|
||||||
imageSelector: collaboraImage
|
|
||||||
securityContext:
|
|
||||||
runAsUser: 100
|
|
||||||
runAsGroup: 102
|
|
||||||
readOnlyRootFilesystem: false
|
|
||||||
allowPrivilegeEscalation: true
|
|
||||||
capabilities:
|
|
||||||
add:
|
|
||||||
- CHOWN
|
|
||||||
- FOWNER
|
|
||||||
- SYS_CHROOT
|
|
||||||
- MKNOD
|
|
||||||
envFrom:
|
|
||||||
- configMapRef:
|
|
||||||
name: collabora-config
|
|
||||||
probes:
|
|
||||||
readiness:
|
|
||||||
enabled: true
|
|
||||||
type: http
|
|
||||||
path: /collabora/
|
|
||||||
port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
|
|
||||||
liveness:
|
|
||||||
enabled: true
|
|
||||||
type: http
|
|
||||||
path: /collabora/
|
|
||||||
port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
|
|
||||||
startup:
|
|
||||||
enabled: true
|
|
||||||
type: tcp
|
|
||||||
port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
|
|
||||||
cronjobs:
|
|
||||||
# Don't change names, it's used in the persistence
|
|
||||||
- name: nextcloud-cron
|
|
||||||
enabled: true
|
|
||||||
schedule: "*/5 * * * *"
|
|
||||||
cmd:
|
|
||||||
- echo "Running [php -f /var/www/html/cron.php] ..."
|
|
||||||
- php -f /var/www/html/cron.php
|
|
||||||
- echo "Finished [php -f /var/www/html/cron.php]"
|
|
||||||
- name: preview-cron
|
|
||||||
enabled: "{{ .Values.nextcloud.previews.cron }}"
|
|
||||||
schedule: "{{ .Values.nextcloud.previews.schedule }}"
|
|
||||||
cmd:
|
|
||||||
- echo "Running [occ preview:pre-generate] ..."
|
|
||||||
- occ preview:pre-generate
|
|
||||||
- echo "Finished [occ preview:pre-generate]"
|
|
||||||
service:
|
|
||||||
# Main service links to ingress easier
|
|
||||||
# That's why the nginx is swapped with nextcloud
|
|
||||||
main:
|
|
||||||
targetSelector: nginx
|
|
||||||
ports:
|
|
||||||
main:
|
|
||||||
targetSelector: nginx
|
|
||||||
port: 8080
|
|
||||||
nextcloud:
|
|
||||||
enabled: true
|
|
||||||
targetSelector: main
|
|
||||||
ports:
|
|
||||||
nextcloud:
|
|
||||||
enabled: true
|
|
||||||
targetSelector: main
|
|
||||||
port: 9000
|
|
||||||
targetPort: 9000
|
|
||||||
notify:
|
|
||||||
enabled: true
|
|
||||||
targetSelector: notify
|
|
||||||
ports:
|
|
||||||
notify:
|
|
||||||
enabled: true
|
|
||||||
primary: true
|
|
||||||
port: 7867
|
|
||||||
targetPort: 7867
|
|
||||||
targetSelector: notify
|
|
||||||
metrics:
|
|
||||||
enabled: true
|
|
||||||
port: 7868
|
|
||||||
targetSelector: notify
|
|
||||||
imaginary:
|
|
||||||
enabled: true
|
|
||||||
targetSelector: imaginary
|
|
||||||
ports:
|
|
||||||
imaginary:
|
|
||||||
enabled: true
|
|
||||||
port: 9090
|
|
||||||
targetSelector: imaginary
|
|
||||||
clamav:
|
|
||||||
enabled: true
|
|
||||||
targetSelector: clamav
|
|
||||||
ports:
|
|
||||||
clamav:
|
|
||||||
enabled: true
|
|
||||||
port: 3310
|
|
||||||
targetPort: 3310
|
|
||||||
targetSelector: clamav
|
|
||||||
collabora:
|
|
||||||
enabled: true
|
|
||||||
targetSelector: collabora
|
|
||||||
ports:
|
|
||||||
collabora:
|
|
||||||
enabled: true
|
|
||||||
port: 9980
|
|
||||||
targetPort: 9980
|
|
||||||
targetSelector: collabora
|
|
||||||
persistence:
|
|
||||||
php-tune:
|
|
||||||
enabled: true
|
|
||||||
type: configmap
|
|
||||||
objectName: php-tune
|
|
||||||
targetSelector:
|
|
||||||
main:
|
|
||||||
main:
|
|
||||||
mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf
|
|
||||||
subPath: zz-tune.conf
|
|
||||||
readOnly: true
|
|
||||||
redis-session:
|
|
||||||
enabled: true
|
|
||||||
type: configmap
|
|
||||||
objectName: redis-session
|
|
||||||
targetSelector:
|
|
||||||
main:
|
|
||||||
main:
|
|
||||||
mountPath: /usr/local/etc/php/conf.d/redis-session.ini
|
|
||||||
subPath: redis-session.ini
|
|
||||||
readOnly: true
|
|
||||||
opcache-recommended:
|
|
||||||
enabled: true
|
|
||||||
type: configmap
|
|
||||||
objectName: opcache
|
|
||||||
targetSelector:
|
|
||||||
main:
|
|
||||||
main:
|
|
||||||
mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini
|
|
||||||
subPath: opcache-recommended.ini
|
|
||||||
readOnly: true
|
|
||||||
nginx:
|
|
||||||
enabled: true
|
|
||||||
type: configmap
|
|
||||||
objectName: nginx-config
|
|
||||||
targetSelector:
|
|
||||||
nginx:
|
|
||||||
nginx:
|
|
||||||
mountPath: /etc/nginx/nginx.conf
|
|
||||||
subPath: nginx.conf
|
|
||||||
readOnly: true
|
|
||||||
nginx-temp:
|
|
||||||
enabled: true
|
|
||||||
type: emptyDir
|
|
||||||
targetSelector:
|
|
||||||
nginx:
|
|
||||||
nginx:
|
|
||||||
mountPath: /tmp/nginx
|
|
||||||
html:
|
|
||||||
enabled: true
|
|
||||||
targetSelector:
|
|
||||||
main:
|
|
||||||
main:
|
|
||||||
mountPath: /var/www/html
|
|
||||||
nextcloud-cron:
|
|
||||||
nextcloud-cron:
|
|
||||||
mountPath: /var/www/html
|
|
||||||
preview-cron:
|
|
||||||
preview-cron:
|
|
||||||
mountPath: /var/www/html
|
|
||||||
nginx:
|
|
||||||
nginx:
|
|
||||||
mountPath: /var/www/html
|
|
||||||
readOnly: true
|
|
||||||
config:
|
|
||||||
enabled: true
|
|
||||||
targetSelector:
|
|
||||||
main:
|
|
||||||
main:
|
|
||||||
mountPath: /var/www/html/config
|
|
||||||
nextcloud-cron:
|
|
||||||
nextcloud-cron:
|
|
||||||
mountPath: /var/www/html/config
|
|
||||||
preview-cron:
|
|
||||||
preview-cron:
|
|
||||||
mountPath: /var/www/html/config
|
|
||||||
notify:
|
|
||||||
notify:
|
|
||||||
mountPath: /var/www/html/config
|
|
||||||
readOnly: true
|
|
||||||
nginx:
|
|
||||||
nginx:
|
|
||||||
mountPath: /var/www/html/config
|
|
||||||
readOnly: true
|
|
||||||
data:
|
|
||||||
enabled: true
|
|
||||||
targetSelector:
|
|
||||||
main:
|
|
||||||
main:
|
|
||||||
mountPath: /var/www/html/data
|
|
||||||
init-perms:
|
|
||||||
mountPath: /var/www/html/data
|
|
||||||
nextcloud-cron:
|
|
||||||
nextcloud-cron:
|
|
||||||
mountPath: /var/www/html/data
|
|
||||||
preview-cron:
|
|
||||||
preview-cron:
|
|
||||||
mountPath: /var/www/html/data
|
|
||||||
nginx:
|
|
||||||
nginx:
|
|
||||||
mountPath: /var/www/html/data
|
|
||||||
readOnly: true
|
|
||||||
cnpg:
|
|
||||||
main:
|
|
||||||
enabled: true
|
|
||||||
user: nextcloud
|
|
||||||
database: nextcloud
|
|
||||||
redis:
|
|
||||||
enabled: true
|
|
||||||
username: default
|
|
||||||
portal:
|
|
||||||
open:
|
|
||||||
enabled: true
|
|
||||||
updated: true
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
required: true
|
|
|
@ -0,0 +1,99 @@
|
||||||
|
---
|
||||||
|
title: Changelog
|
||||||
|
---
|
||||||
|
|
||||||
|
|
||||||
|
*for the complete changelog, please refer to the website*
|
||||||
|
|
||||||
|
**Important:**
|
||||||
|
|
||||||
|
|
||||||
|
## [nextcloud-29.7.1](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [nextcloud-29.7.0](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [nextcloud-29.7.0](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [nextcloud-29.7.0](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [nextcloud-29.7.0](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [nextcloud-29.7.0](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||||
|
|
||||||
|
|
||||||
|
## [nextcloud-29.7.0](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.0) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
|
@ -0,0 +1,53 @@
|
||||||
|
annotations:
|
||||||
|
max_scale_version: 24.04.0
|
||||||
|
min_scale_version: 23.10.0
|
||||||
|
truecharts.org/SCALE-support: "true"
|
||||||
|
truecharts.org/category: cloud
|
||||||
|
truecharts.org/max_helm_version: "3.14"
|
||||||
|
truecharts.org/min_helm_version: "3.11"
|
||||||
|
truecharts.org/train: premium
|
||||||
|
apiVersion: v2
|
||||||
|
appVersion: 28.0.3
|
||||||
|
dependencies:
|
||||||
|
- name: common
|
||||||
|
version: 20.2.2
|
||||||
|
repository: oci://tccr.io/truecharts
|
||||||
|
condition: ""
|
||||||
|
alias: ""
|
||||||
|
tags: []
|
||||||
|
import-values: []
|
||||||
|
- name: redis
|
||||||
|
version: 13.0.5
|
||||||
|
repository: oci://tccr.io/truecharts
|
||||||
|
condition: redis.enabled
|
||||||
|
alias: ""
|
||||||
|
tags: []
|
||||||
|
import-values: []
|
||||||
|
deprecated: false
|
||||||
|
description: A private cloud server that puts the control and security of your own data back into your hands.
|
||||||
|
home: https://truecharts.org/charts/premium/nextcloud
|
||||||
|
icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png
|
||||||
|
keywords:
|
||||||
|
- nextcloud
|
||||||
|
- storage
|
||||||
|
- http
|
||||||
|
- web
|
||||||
|
- php
|
||||||
|
kubeVersion: ">=1.24.0-0"
|
||||||
|
maintainers:
|
||||||
|
- name: TrueCharts
|
||||||
|
email: info@truecharts.org
|
||||||
|
url: https://truecharts.org
|
||||||
|
name: nextcloud
|
||||||
|
sources:
|
||||||
|
- https://github.com/nextcloud/docker
|
||||||
|
- https://github.com/nextcloud/helm
|
||||||
|
- https://github.com/truecharts/charts/tree/master/charts/premium/nextcloud
|
||||||
|
- https://github.com/truecharts/containers/tree/master/apps/nextcloud-imaginary
|
||||||
|
- https://github.com/truecharts/containers/tree/master/apps/nextcloud-push-notify
|
||||||
|
- https://hub.docker.com/r/collabora/code
|
||||||
|
- https://github.com/truecharts/containers/tree/master/apps/nextcloud-fpm
|
||||||
|
- https://hub.docker.com/r/clamav/clamav
|
||||||
|
- https://hub.docker.com/r/nginxinc/nginx-unprivileged
|
||||||
|
type: application
|
||||||
|
version: 29.7.1
|
|
@ -0,0 +1,15 @@
|
||||||
|
|
||||||
|
|
||||||
|
## [nextcloud-29.7.1](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.1) (2024-03-17)
|
||||||
|
|
||||||
|
### Chore
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||||
|
|
||||||
|
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||||
|
|
||||||
|
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||||
|
|
||||||
|
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue