Commit new Chart releases for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
parent
951d2b6312
commit
ff048ae0ba
|
@ -14,6 +14,19 @@ title: Changelog
|
|||
|
||||
|
||||
|
||||
- update ignored updates to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19433](https://github.com/truecharts/charts/issues/19433))
|
||||
|
||||
- lock file maintenance ignored by renovate ([#19370](https://github.com/truecharts/charts/issues/19370))
|
||||
|
||||
- update ignored by renovate (patch) ([#19333](https://github.com/truecharts/charts/issues/19333))
|
||||
|
||||
|
||||
## [atuin-2.3.1](https://github.com/truecharts/charts/compare/atuin-2.1.2...atuin-2.3.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update ignored updates to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19433](https://github.com/truecharts/charts/issues/19433))
|
||||
|
||||
- lock file maintenance ignored by renovate ([#19370](https://github.com/truecharts/charts/issues/19370))
|
||||
|
@ -84,16 +97,4 @@ title: Changelog
|
|||
|
||||
- lock file maintenance ignored by renovate ([#19370](https://github.com/truecharts/charts/issues/19370))
|
||||
|
||||
- update ignored by renovate (patch) ([#19333](https://github.com/truecharts/charts/issues/19333))
|
||||
|
||||
|
||||
## [atuin-2.3.0](https://github.com/truecharts/charts/compare/atuin-2.1.2...atuin-2.3.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- lock file maintenance ignored by renovate ([#19370](https://github.com/truecharts/charts/issues/19370))
|
||||
|
||||
- update ignored by renovate (patch) ([#19333](https://github.com/truecharts/charts/issues/19333))
|
||||
|
||||
- update ignored by renovate (patch) ([#19333](https://github.com/truecharts/charts/issues/19333))
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
title: Changelog
|
||||
---
|
||||
|
||||
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
**Important:**
|
||||
|
||||
|
||||
## [authelia-23.6.0](https://github.com/truecharts/charts/compare/authelia-23.5.5...authelia-23.6.0) (2024-03-16)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.1.5[@dc867e0](https://github.com/dc867e0) by renovate ([#19210](https://github.com/truecharts/charts/issues/19210))
|
||||
|
||||
|
||||
## [authelia-23.5.5](https://github.com/truecharts/charts/compare/authelia-23.5.4...authelia-23.5.5) (2024-03-16)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- rename `enterprise`- train to `premium`-train
|
|
@ -1,54 +0,0 @@
|
|||
annotations:
|
||||
max_scale_version: 24.04.0
|
||||
min_scale_version: 23.10.0
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/category: security
|
||||
truecharts.org/max_helm_version: "3.14"
|
||||
truecharts.org/min_helm_version: "3.12"
|
||||
truecharts.org/train: premium
|
||||
apiVersion: v2
|
||||
appVersion: 4.37.5
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 20.1.5
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: ""
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
- name: redis
|
||||
version: 13.0.3
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: redis.enabled
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
deprecated: false
|
||||
description: Authelia is a Single Sign-On Multi-Factor portal for web apps
|
||||
home: https://truecharts.org/charts/premium/authelia
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/authelia.png
|
||||
keywords:
|
||||
- authelia
|
||||
- authentication
|
||||
- login
|
||||
- SSO
|
||||
- Authentication
|
||||
- Security
|
||||
- Two-Factor
|
||||
- U2F
|
||||
- YubiKey
|
||||
- Push Notifications
|
||||
- LDAP
|
||||
kubeVersion: '>=1.24.0-0'
|
||||
maintainers:
|
||||
- name: TrueCharts
|
||||
email: info@truecharts.org
|
||||
url: https://truecharts.org
|
||||
name: authelia
|
||||
sources:
|
||||
- https://github.com/authelia/chartrepo
|
||||
- https://github.com/authelia/authelia
|
||||
- https://github.com/truecharts/charts/tree/master/charts/premium/authelia
|
||||
- https://ghcr.io/authelia/authelia
|
||||
type: application
|
||||
version: 23.6.0
|
Binary file not shown.
Binary file not shown.
|
@ -1,582 +0,0 @@
|
|||
image:
|
||||
repository: ghcr.io/authelia/authelia
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 4.37.5@sha256:25fc5423238b6f3a1fc967fda3f6a9212846aeb4a720327ef61c8ccff52dbbe2
|
||||
manifestManager:
|
||||
enabled: true
|
||||
workload:
|
||||
main:
|
||||
replicas: 2
|
||||
strategy: RollingUpdate
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
command:
|
||||
- authelia
|
||||
args:
|
||||
- --config=/configuration.yaml
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: authelia-paths
|
||||
probes:
|
||||
liveness:
|
||||
type: http
|
||||
path: "/api/health"
|
||||
readiness:
|
||||
type: http
|
||||
path: "/api/health"
|
||||
startup:
|
||||
type: http
|
||||
path: "/api/health"
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 9091
|
||||
targetPort: 9091
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
mountPath: "/config"
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
user: authelia
|
||||
database: authelia
|
||||
# Enabled redis
|
||||
# ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis
|
||||
redis:
|
||||
enabled: true
|
||||
domain: example.com
|
||||
##
|
||||
## Server Configuration
|
||||
##
|
||||
server:
|
||||
##
|
||||
## Port sets the configured port for the daemon, service, and the probes.
|
||||
## Default is 9091 and should not need to be changed.
|
||||
##
|
||||
port: 9091
|
||||
## Buffers usually should be configured to be the same value.
|
||||
## Explanation at https://www.authelia.com/docs/configuration/server.html
|
||||
## Read buffer size adjusts the server's max incoming request size in bytes.
|
||||
## Write buffer size does the same for outgoing responses.
|
||||
read_buffer_size: 4096
|
||||
write_buffer_size: 4096
|
||||
## Set the single level path Authelia listens on.
|
||||
## Must be alphanumeric chars and should not contain any slashes.
|
||||
path: ""
|
||||
log:
|
||||
## Level of verbosity for logs: info, debug, trace.
|
||||
level: trace
|
||||
## Format the logs are written as: json, text.
|
||||
format: text
|
||||
## TODO: Statefulness check should check if this is set, and the configMap should enable it.
|
||||
## File path where the logs will be written. If not set logs are written to stdout.
|
||||
# file_path: /config/authelia.log
|
||||
## Default redirection URL
|
||||
##
|
||||
## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
|
||||
## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use
|
||||
## in such a case.
|
||||
##
|
||||
## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication.
|
||||
## Default is https://www.<domain> (value at the top of the values.yaml).
|
||||
default_redirection_url: ""
|
||||
# default_redirection_url: https://example.com
|
||||
|
||||
theme: light
|
||||
##
|
||||
## TOTP Configuration
|
||||
##
|
||||
## Parameters used for TOTP generation
|
||||
totp:
|
||||
## The issuer name displayed in the Authenticator application of your choice
|
||||
## See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
|
||||
## Defaults to <domain>.
|
||||
issuer: ""
|
||||
## The period in seconds a one-time password is current for. Changing this will require all users to register
|
||||
## their TOTP applications again. Warning: before changing period read the docs link below.
|
||||
period: 30
|
||||
## The skew controls number of one-time passwords either side of the current one that are valid.
|
||||
## Warning: before changing skew read the docs link below.
|
||||
## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation.
|
||||
skew: 1
|
||||
##
|
||||
## Password Policy Config
|
||||
##
|
||||
## Parameters used for Password Policies
|
||||
password_policy:
|
||||
## See: https://www.authelia.com/configuration/security/password-policy/
|
||||
standard:
|
||||
enabled: false
|
||||
min_length: 8
|
||||
max_length: 0
|
||||
require_uppercase: false
|
||||
require_lowercase: false
|
||||
require_number: false
|
||||
require_special: false
|
||||
zxcvbn:
|
||||
## See https://www.authelia.com/configuration/security/password-policy/#zxcvbn for more info
|
||||
enabled: false
|
||||
min_score: 3
|
||||
##
|
||||
## Duo Push API Configuration
|
||||
##
|
||||
## Parameters used to contact the Duo API. Those are generated when you protect an application of type
|
||||
## "Partner Auth API" in the management panel.
|
||||
duo_api:
|
||||
enabled: false
|
||||
hostname: api-123456789.example.com
|
||||
integration_key: ABCDEF
|
||||
plain_api_key: ""
|
||||
## NTP settings
|
||||
ntp:
|
||||
address: "time.cloudflare.com:123"
|
||||
version: 4
|
||||
max_desync: 3s
|
||||
disable_startup_check: false
|
||||
disable_failure: true
|
||||
##
|
||||
## Authentication Backend Provider Configuration
|
||||
##
|
||||
## Used for verifying user passwords and retrieve information such as email address and groups users belong to.
|
||||
##
|
||||
## The available providers are: `file`, `ldap`. You must use one and only one of these providers.
|
||||
authentication_backend:
|
||||
## Disable both the HTML element and the API for reset password functionality
|
||||
disable_reset_password: false
|
||||
## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation.
|
||||
## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will
|
||||
## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP.
|
||||
## To force update on every request you can set this to '0' or 'always', this will increase processor demand.
|
||||
## See the below documentation for more information.
|
||||
## Duration Notation docs: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||
## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval
|
||||
refresh_interval: 5m
|
||||
## LDAP backend configuration.
|
||||
##
|
||||
## This backend allows Authelia to be scaled to more
|
||||
## than one instance and therefore is recommended for
|
||||
## production.
|
||||
ldap:
|
||||
## Enable LDAP Backend.
|
||||
enabled: false
|
||||
## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
|
||||
## Acceptable options are as follows:
|
||||
## - 'activedirectory' - For Microsoft Active Directory.
|
||||
## - 'custom' - For custom specifications of attributes and filters.
|
||||
## This currently defaults to 'custom' to maintain existing behaviour.
|
||||
##
|
||||
## Depending on the option here certain other values in this section have a default value, notably all of the
|
||||
## attribute mappings have a default value that this config overrides, you can read more about these default values
|
||||
## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults
|
||||
implementation: activedirectory
|
||||
## The url to the ldap server. Format: <scheme>://<address>[:<port>].
|
||||
## Scheme can be ldap or ldaps in the format (port optional).
|
||||
url: ldap://openldap.default.svc.cluster.local
|
||||
## Connection Timeout.
|
||||
timeout: 5s
|
||||
## Use StartTLS with the LDAP connection.
|
||||
start_tls: false
|
||||
tls:
|
||||
## Server Name for certificate validation (in case it's not set correctly in the URL).
|
||||
server_name: ""
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
|
||||
minimum_version: TLS1.2
|
||||
## The base dn for every LDAP query.
|
||||
base_dn: DC=example,DC=com
|
||||
## The attribute holding the username of the user. This attribute is used to populate the username in the session
|
||||
## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
|
||||
## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this
|
||||
## attribute holds the unique identifiers for the users binding the user and the configuration stored in database.
|
||||
## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user
|
||||
## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also
|
||||
## be used but we don't recommend using them, we instead advise to use the attributes mentioned above
|
||||
## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt.
|
||||
username_attribute: "uid"
|
||||
## An additional dn to define the scope to all users.
|
||||
additional_users_dn: OU=Users
|
||||
## The users filter used in search queries to find the user profile based on input filled in login form.
|
||||
## Various placeholders are available in the user filter:
|
||||
## - {input} is a placeholder replaced by what the user inputs in the login form.
|
||||
## - {username_attribute} is a mandatory placeholder replaced by what is configured in `username_attribute`.
|
||||
## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
|
||||
## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
|
||||
## versions, so please don't use it.
|
||||
##
|
||||
## Recommended settings are as follows:
|
||||
## - Microsoft Active Directory: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))
|
||||
## - OpenLDAP:
|
||||
## - (&({username_attribute}={input})(objectClass=person))
|
||||
## - (&({username_attribute}={input})(objectClass=inetOrgPerson))
|
||||
##
|
||||
## To allow sign in both with username and email, one can use a filter like
|
||||
## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
|
||||
users_filter: ""
|
||||
## An additional dn to define the scope of groups.
|
||||
additional_groups_dn: OU=Groups
|
||||
## The groups filter used in search queries to find the groups of the user.
|
||||
## - {input} is a placeholder replaced by what the user inputs in the login form.
|
||||
## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`).
|
||||
## - {dn} is a matcher replaced by the user distinguished name, aka, user DN.
|
||||
## - {username_attribute} is a placeholder replaced by what is configured in `username_attribute`.
|
||||
## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
|
||||
## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
|
||||
## versions, so please don't use it.
|
||||
## - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in
|
||||
## later version, so please don't use it.
|
||||
##
|
||||
## If your groups use the `groupOfUniqueNames` structure use this instead:
|
||||
## (&(uniquemember={dn})(objectclass=groupOfUniqueNames))
|
||||
groups_filter: ""
|
||||
## The attribute holding the name of the group
|
||||
group_name_attribute: "cn"
|
||||
## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the
|
||||
## first one returned by the LDAP server is used.
|
||||
mail_attribute: "mail"
|
||||
## The attribute holding the display name of the user. This will be used to greet an authenticated user.
|
||||
display_name_attribute: "displayname"
|
||||
## The username of the admin user.
|
||||
user: CN=admin,DC=example,DC=com
|
||||
plain_password: ""
|
||||
##
|
||||
## File (Authentication Provider)
|
||||
##
|
||||
## With this backend, the users database is stored in a file which is updated when users reset their passwords.
|
||||
## Therefore, this backend is meant to be used in a dev environment and not in production since it prevents Authelia
|
||||
## to be scaled to more than one instance. The options under 'password' have sane defaults, and as it has security
|
||||
## implications it is highly recommended you leave the default values. Before considering changing these settings
|
||||
## please read the docs page below:
|
||||
## https://www.authelia.com/docs/configuration/authentication/file.html#password-hash-algorithm-tuning
|
||||
##
|
||||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
|
||||
##
|
||||
file:
|
||||
enabled: true
|
||||
path: /config/users_database.yml
|
||||
password:
|
||||
algorithm: argon2id
|
||||
iterations: 1
|
||||
key_length: 32
|
||||
salt_length: 16
|
||||
memory: 1024
|
||||
parallelism: 8
|
||||
##
|
||||
## Access Control Configuration
|
||||
##
|
||||
## Access control is a list of rules defining the authorizations applied for one resource to users or group of users.
|
||||
##
|
||||
## If 'access_control' is not defined, ACL rules are disabled and the 'bypass' rule is applied, i.e., access is allowed
|
||||
## to anyone. Otherwise restrictions follow the rules defined.
|
||||
##
|
||||
## Note: One can use the wildcard * to match any subdomain.
|
||||
## It must stand at the beginning of the pattern. (example: *.mydomain.com)
|
||||
##
|
||||
## Note: You must put patterns containing wildcards between simple quotes for the YAML to be syntactically correct.
|
||||
##
|
||||
## Definition: A 'rule' is an object with the following keys: 'domain', 'subject', 'policy' and 'resources'.
|
||||
##
|
||||
## - 'domain' defines which domain or set of domains the rule applies to.
|
||||
##
|
||||
## - 'subject' defines the subject to apply authorizations to. This parameter is optional and matching any user if not
|
||||
## provided. If provided, the parameter represents either a user or a group. It should be of the form
|
||||
## 'user:<username>' or 'group:<groupname>'.
|
||||
##
|
||||
## - 'policy' is the policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'.
|
||||
##
|
||||
## - 'resources' is a list of regular expressions that matches a set of resources to apply the policy to. This parameter
|
||||
## is optional and matches any resource if not provided.
|
||||
##
|
||||
## Note: the order of the rules is important. The first policy matching (domain, resource, subject) applies.
|
||||
access_control:
|
||||
## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
|
||||
## resource if there is no policy to be applied to the user.
|
||||
default_policy: deny
|
||||
networks_access_control: []
|
||||
# networks_access_control:
|
||||
# - name: private
|
||||
# networks:
|
||||
# - 10.0.0.0/8
|
||||
# - 172.16.0.0/12
|
||||
# - 192.168.0.0/16
|
||||
# - name: vpn
|
||||
# networks:
|
||||
# - 10.9.0.0/16
|
||||
|
||||
rules: []
|
||||
# rules:
|
||||
# - domain: public.example.com
|
||||
# policy: bypass
|
||||
# - domain: "*.example.com"
|
||||
# policy: bypass
|
||||
# methods:
|
||||
# - OPTIONS
|
||||
# - domain: secure.example.com
|
||||
# policy: one_factor
|
||||
# networks:
|
||||
# - private
|
||||
# - vpn
|
||||
# - 192.168.1.0/24
|
||||
# - 10.0.0.1
|
||||
# - domain:
|
||||
# - secure.example.com
|
||||
# - private.example.com
|
||||
# policy: two_factor
|
||||
# - domain: singlefactor.example.com
|
||||
# policy: one_factor
|
||||
# - domain: "mx2.mail.example.com"
|
||||
# subject: "group:admins"
|
||||
# policy: deny
|
||||
# - domain: "*.example.com"
|
||||
# subject:
|
||||
# - "group:admins"
|
||||
# - "group:moderators"
|
||||
# policy: two_factor
|
||||
# - domain: dev.example.com
|
||||
# resources:
|
||||
# - "^/groups/dev/.*$"
|
||||
# subject: "group:dev"
|
||||
# policy: two_factor
|
||||
# - domain: dev.example.com
|
||||
# resources:
|
||||
# - "^/users/john/.*$"
|
||||
# subject:
|
||||
# - ["group:dev", "user:john"]
|
||||
# - "group:admins"
|
||||
# policy: two_factor
|
||||
# - domain: "{user}.example.com"
|
||||
# policy: bypass
|
||||
##
|
||||
## Session Provider Configuration
|
||||
##
|
||||
## The session cookies identify the user once logged in.
|
||||
## The available providers are: `memory`, `redis`. Memory is the provider unless redis is defined.
|
||||
session:
|
||||
## The name of the session cookie. (default: authelia_session).
|
||||
name: authelia_session
|
||||
## Sets the Cookie SameSite value. Possible options are none, lax, or strict.
|
||||
## Please read https://www.authelia.com/docs/configuration/session.html#same_site
|
||||
same_site: lax
|
||||
## The time in seconds before the cookie expires and session is reset.
|
||||
expiration: 1h
|
||||
## The inactivity time in seconds before the session is reset.
|
||||
inactivity: 5m
|
||||
## The remember me duration.
|
||||
## Value is in seconds, or duration notation. Value of 0 disables remember me.
|
||||
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||
## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to
|
||||
## spy or attack. Currently the default is 1M or 1 month.
|
||||
remember_me_duration: 1M
|
||||
##
|
||||
## Redis Provider
|
||||
##
|
||||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
|
||||
##
|
||||
## The redis connection details
|
||||
redisProvider:
|
||||
port: 6379
|
||||
## Optional username to be used with authentication.
|
||||
# username: authelia
|
||||
username: ""
|
||||
## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
|
||||
database_index: 0
|
||||
## The maximum number of concurrent active connections to Redis.
|
||||
maximum_active_connections: 8
|
||||
## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
|
||||
minimum_idle_connections: 0
|
||||
## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
|
||||
tls:
|
||||
enabled: false
|
||||
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
|
||||
server_name: ""
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
## Minimum TLS version for the connection.
|
||||
minimum_version: TLS1.2
|
||||
## The Redis HA configuration options.
|
||||
## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
|
||||
high_availability:
|
||||
enabled: false
|
||||
enabledSecret: false
|
||||
## Sentinel Name / Master Name
|
||||
sentinel_name: mysentinel
|
||||
## The additional nodes to pre-seed the redis provider with (for sentinel).
|
||||
## If the host in the above section is defined, it will be combined with this list to connect to sentinel.
|
||||
## For high availability to be used you must have either defined; the host above or at least one node below.
|
||||
nodes: []
|
||||
# nodes:
|
||||
# - host: sentinel-0.databases.svc.cluster.local
|
||||
# port: 26379
|
||||
# - host: sentinel-1.databases.svc.cluster.local
|
||||
# port: 26379
|
||||
|
||||
## Choose the host with the lowest latency.
|
||||
route_by_latency: false
|
||||
## Choose the host randomly.
|
||||
route_randomly: false
|
||||
##
|
||||
## Regulation Configuration
|
||||
##
|
||||
## This mechanism prevents attackers from brute forcing the first factor. It bans the user if too many attempts are done
|
||||
## in a short period of time.
|
||||
regulation:
|
||||
## The number of failed login attempts before user is banned. Set it to 0 to disable regulation.
|
||||
max_retries: 3
|
||||
## The time range during which the user can attempt login before being banned. The user is banned if the
|
||||
## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation.
|
||||
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||
find_time: 2m
|
||||
## The length of time before a banned user can login again. Ban Time accepts duration notation.
|
||||
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||
ban_time: 5m
|
||||
##
|
||||
## Storage Provider Configuration
|
||||
##
|
||||
## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers.
|
||||
storage:
|
||||
##
|
||||
## PostgreSQL (Storage Provider)
|
||||
##
|
||||
postgres:
|
||||
port: 5432
|
||||
database: authelia
|
||||
username: authelia
|
||||
sslmode: disable
|
||||
timeout: 5s
|
||||
##
|
||||
## Notification Provider
|
||||
##
|
||||
##
|
||||
## Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration.
|
||||
## The available providers are: filesystem, smtp. You must use one and only one of these providers.
|
||||
notifier:
|
||||
## You can disable the notifier startup check by setting this to true.
|
||||
disable_startup_check: false
|
||||
##
|
||||
## File System (Notification Provider)
|
||||
##
|
||||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
|
||||
##
|
||||
filesystem:
|
||||
enabled: true
|
||||
filename: /config/notification.txt
|
||||
##
|
||||
## SMTP (Notification Provider)
|
||||
##
|
||||
## Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate.
|
||||
## [Security] By default Authelia will:
|
||||
## - force all SMTP connections over TLS including unauthenticated connections
|
||||
## - use the disable_require_tls boolean value to disable this requirement
|
||||
## (only works for unauthenticated connections)
|
||||
## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates
|
||||
## (configure in tls section)
|
||||
smtp:
|
||||
enabled: false
|
||||
enabledSecret: false
|
||||
host: smtp.mail.svc.cluster.local
|
||||
port: 25
|
||||
timeout: 5s
|
||||
username: test
|
||||
plain_password: test
|
||||
sender: admin@example.com
|
||||
## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost.
|
||||
identifier: localhost
|
||||
## Subject configuration of the emails sent.
|
||||
## {title} is replaced by the text from the notifier
|
||||
subject: "[Authelia] {title}"
|
||||
## This address is used during the startup check to verify the email configuration is correct.
|
||||
## It's not important what it is except if your email server only allows local delivery.
|
||||
startup_check_address: test@authelia.com
|
||||
disable_require_tls: false
|
||||
disable_html_emails: false
|
||||
tls:
|
||||
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
|
||||
server_name: ""
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
## Minimum TLS version for either StartTLS or SMTPS.
|
||||
minimum_version: TLS1.2
|
||||
identity_providers:
|
||||
oidc:
|
||||
## Enables this in the config map. Currently in beta stage.
|
||||
## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap
|
||||
enabled: false
|
||||
access_token_lifespan: 1h
|
||||
authorize_code_lifespan: 1m
|
||||
id_token_lifespan: 1h
|
||||
refresh_token_lifespan: 90m
|
||||
enable_client_debug_messages: false
|
||||
## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for
|
||||
## security reasons.
|
||||
minimum_parameter_entropy: 8
|
||||
clients: []
|
||||
# clients:
|
||||
# -
|
||||
## The ID is the OpenID Connect ClientID which is used to link an application to a configuration.
|
||||
# id: myapp
|
||||
## The description to show to users when they end up on the consent screen. Defaults to the ID above.
|
||||
# description: My Application
|
||||
|
||||
## The client secret is a shared secret between Authelia and the consumer of this client.
|
||||
# secret: apple123
|
||||
|
||||
## Sets the client to public. This should typically not be set, please see the documentation for usage.
|
||||
# public: false
|
||||
|
||||
## The policy to require for this client; one_factor or two_factor.
|
||||
# authorization_policy: two_factor
|
||||
|
||||
## Configures the consent mode; auto, explicit or implicit
|
||||
# consent_mode: auto
|
||||
|
||||
## Audience this client is allowed to request.
|
||||
# audience: []
|
||||
|
||||
## Scopes this client is allowed to request.
|
||||
# scopes:
|
||||
# - openid
|
||||
# - profile
|
||||
# - email
|
||||
# - groups
|
||||
|
||||
## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
|
||||
# redirect_uris:
|
||||
# - https://oidc.example.com/oauth2/callback
|
||||
|
||||
## Grant Types configures which grants this client can obtain.
|
||||
## It's not recommended to configure this unless you know what you're doing.
|
||||
# grant_types:
|
||||
# - refresh_token
|
||||
# - authorization_code
|
||||
|
||||
## Response Types configures which responses this client can be sent.
|
||||
## It's not recommended to configure this unless you know what you're doing.
|
||||
# response_types:
|
||||
# - code
|
||||
|
||||
## Response Modes configures which response modes this client supports.
|
||||
## It's not recommended to configure this unless you know what you're doing.
|
||||
# response_modes:
|
||||
# - form_post
|
||||
# - query
|
||||
# - fragment
|
||||
|
||||
## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
|
||||
# userinfo_signing_algorithm: none
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
||||
|
||||
ingress:
|
||||
main:
|
||||
required: true
|
|
@ -0,0 +1,100 @@
|
|||
---
|
||||
title: Changelog
|
||||
---
|
||||
|
||||
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
**Important:**
|
||||
|
||||
|
||||
## [authelia-23.8.2](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.2) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
||||
|
||||
|
||||
## [authelia-23.8.1](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
||||
|
||||
|
||||
## [authelia-23.8.1](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
||||
|
||||
|
||||
## [authelia-23.8.1](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
||||
|
||||
|
||||
## [authelia-23.8.1](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
||||
|
||||
|
||||
## [authelia-23.8.1](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
|
@ -0,0 +1,54 @@
|
|||
annotations:
|
||||
max_scale_version: 24.04.0
|
||||
min_scale_version: 23.10.0
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/category: security
|
||||
truecharts.org/max_helm_version: "3.14"
|
||||
truecharts.org/min_helm_version: "3.11"
|
||||
truecharts.org/train: premium
|
||||
apiVersion: v2
|
||||
appVersion: 4.38.3
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 20.2.2
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: ""
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
- name: redis
|
||||
version: 13.0.5
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: redis.enabled
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
deprecated: false
|
||||
description: Authelia is a Single Sign-On Multi-Factor portal for web apps
|
||||
home: https://truecharts.org/charts/premium/authelia
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/authelia.png
|
||||
keywords:
|
||||
- authelia
|
||||
- authentication
|
||||
- login
|
||||
- SSO
|
||||
- Authentication
|
||||
- Security
|
||||
- Two-Factor
|
||||
- U2F
|
||||
- YubiKey
|
||||
- Push Notifications
|
||||
- LDAP
|
||||
kubeVersion: '>=1.24.0-0'
|
||||
maintainers:
|
||||
- name: TrueCharts
|
||||
email: info@truecharts.org
|
||||
url: https://truecharts.org
|
||||
name: authelia
|
||||
sources:
|
||||
- https://github.com/authelia/chartrepo
|
||||
- https://github.com/authelia/authelia
|
||||
- https://github.com/truecharts/charts/tree/master/charts/premium/authelia
|
||||
- https://ghcr.io/authelia/authelia
|
||||
type: application
|
||||
version: 23.8.2
|
|
@ -0,0 +1,17 @@
|
|||
|
||||
|
||||
## [authelia-23.8.2](https://github.com/truecharts/charts/compare/authelia-23.6.0...authelia-23.8.2) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.3[@2405f5c](https://github.com/2405f5c) by renovate ([#19415](https://github.com/truecharts/charts/issues/19415))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
- update container image ghcr.io/authelia/authelia to v4.38.2[@a1a2d1b](https://github.com/a1a2d1b) by renovate ([#19338](https://github.com/truecharts/charts/issues/19338))
|
Binary file not shown.
|
@ -0,0 +1,582 @@
|
|||
image:
|
||||
repository: ghcr.io/authelia/authelia
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 4.38.3@sha256:2405f5c923edb14c2b83d30315ec584f99cabffd79da91d8a990711a3cf1ab6c
|
||||
manifestManager:
|
||||
enabled: true
|
||||
workload:
|
||||
main:
|
||||
replicas: 2
|
||||
strategy: RollingUpdate
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
command:
|
||||
- authelia
|
||||
args:
|
||||
- --config=/configuration.yaml
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: authelia-paths
|
||||
probes:
|
||||
liveness:
|
||||
type: http
|
||||
path: "/api/health"
|
||||
readiness:
|
||||
type: http
|
||||
path: "/api/health"
|
||||
startup:
|
||||
type: http
|
||||
path: "/api/health"
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 9091
|
||||
targetPort: 9091
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
mountPath: "/config"
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
user: authelia
|
||||
database: authelia
|
||||
# Enabled redis
|
||||
# ... for more options see https://github.com/tccr.io/truecharts/charts/tree/master/tccr.io/truecharts/redis
|
||||
redis:
|
||||
enabled: true
|
||||
domain: example.com
|
||||
##
|
||||
## Server Configuration
|
||||
##
|
||||
server:
|
||||
##
|
||||
## Port sets the configured port for the daemon, service, and the probes.
|
||||
## Default is 9091 and should not need to be changed.
|
||||
##
|
||||
port: 9091
|
||||
## Buffers usually should be configured to be the same value.
|
||||
## Explanation at https://www.authelia.com/docs/configuration/server.html
|
||||
## Read buffer size adjusts the server's max incoming request size in bytes.
|
||||
## Write buffer size does the same for outgoing responses.
|
||||
read_buffer_size: 4096
|
||||
write_buffer_size: 4096
|
||||
## Set the single level path Authelia listens on.
|
||||
## Must be alphanumeric chars and should not contain any slashes.
|
||||
path: ""
|
||||
log:
|
||||
## Level of verbosity for logs: info, debug, trace.
|
||||
level: trace
|
||||
## Format the logs are written as: json, text.
|
||||
format: text
|
||||
## TODO: Statefulness check should check if this is set, and the configMap should enable it.
|
||||
## File path where the logs will be written. If not set logs are written to stdout.
|
||||
# file_path: /config/authelia.log
|
||||
## Default redirection URL
|
||||
##
|
||||
## If user tries to authenticate without any referer, Authelia does not know where to redirect the user to at the end
|
||||
## of the authentication process. This parameter allows you to specify the default redirection URL Authelia will use
|
||||
## in such a case.
|
||||
##
|
||||
## Note: this parameter is optional. If not provided, user won't be redirected upon successful authentication.
|
||||
## Default is https://www.<domain> (value at the top of the values.yaml).
|
||||
default_redirection_url: ""
|
||||
# default_redirection_url: https://example.com
|
||||
|
||||
theme: light
|
||||
##
|
||||
## TOTP Configuration
|
||||
##
|
||||
## Parameters used for TOTP generation
|
||||
totp:
|
||||
## The issuer name displayed in the Authenticator application of your choice
|
||||
## See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
|
||||
## Defaults to <domain>.
|
||||
issuer: ""
|
||||
## The period in seconds a one-time password is current for. Changing this will require all users to register
|
||||
## their TOTP applications again. Warning: before changing period read the docs link below.
|
||||
period: 30
|
||||
## The skew controls number of one-time passwords either side of the current one that are valid.
|
||||
## Warning: before changing skew read the docs link below.
|
||||
## See: https://www.authelia.com/docs/configuration/one-time-password.html#period-and-skew to read the documentation.
|
||||
skew: 1
|
||||
##
|
||||
## Password Policy Config
|
||||
##
|
||||
## Parameters used for Password Policies
|
||||
password_policy:
|
||||
## See: https://www.authelia.com/configuration/security/password-policy/
|
||||
standard:
|
||||
enabled: false
|
||||
min_length: 8
|
||||
max_length: 0
|
||||
require_uppercase: false
|
||||
require_lowercase: false
|
||||
require_number: false
|
||||
require_special: false
|
||||
zxcvbn:
|
||||
## See https://www.authelia.com/configuration/security/password-policy/#zxcvbn for more info
|
||||
enabled: false
|
||||
min_score: 3
|
||||
##
|
||||
## Duo Push API Configuration
|
||||
##
|
||||
## Parameters used to contact the Duo API. Those are generated when you protect an application of type
|
||||
## "Partner Auth API" in the management panel.
|
||||
duo_api:
|
||||
enabled: false
|
||||
hostname: api-123456789.example.com
|
||||
integration_key: ABCDEF
|
||||
plain_api_key: ""
|
||||
## NTP settings
|
||||
ntp:
|
||||
address: "time.cloudflare.com:123"
|
||||
version: 4
|
||||
max_desync: 3s
|
||||
disable_startup_check: false
|
||||
disable_failure: true
|
||||
##
|
||||
## Authentication Backend Provider Configuration
|
||||
##
|
||||
## Used for verifying user passwords and retrieve information such as email address and groups users belong to.
|
||||
##
|
||||
## The available providers are: `file`, `ldap`. You must use one and only one of these providers.
|
||||
authentication_backend:
|
||||
## Disable both the HTML element and the API for reset password functionality
|
||||
disable_reset_password: false
|
||||
## The amount of time to wait before we refresh data from the authentication backend. Uses duration notation.
|
||||
## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will
|
||||
## always belong to groups they belonged to at the time of login even if they have been removed from them in LDAP.
|
||||
## To force update on every request you can set this to '0' or 'always', this will increase processor demand.
|
||||
## See the below documentation for more information.
|
||||
## Duration Notation docs: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||
## Refresh Interval docs: https://www.authelia.com/docs/configuration/authentication/ldap.html#refresh-interval
|
||||
refresh_interval: 5m
|
||||
## LDAP backend configuration.
|
||||
##
|
||||
## This backend allows Authelia to be scaled to more
|
||||
## than one instance and therefore is recommended for
|
||||
## production.
|
||||
ldap:
|
||||
## Enable LDAP Backend.
|
||||
enabled: false
|
||||
## The LDAP implementation, this affects elements like the attribute utilised for resetting a password.
|
||||
## Acceptable options are as follows:
|
||||
## - 'activedirectory' - For Microsoft Active Directory.
|
||||
## - 'custom' - For custom specifications of attributes and filters.
|
||||
## This currently defaults to 'custom' to maintain existing behaviour.
|
||||
##
|
||||
## Depending on the option here certain other values in this section have a default value, notably all of the
|
||||
## attribute mappings have a default value that this config overrides, you can read more about these default values
|
||||
## at https://www.authelia.com/docs/configuration/authentication/ldap.html#defaults
|
||||
implementation: activedirectory
|
||||
## The url to the ldap server. Format: <scheme>://<address>[:<port>].
|
||||
## Scheme can be ldap or ldaps in the format (port optional).
|
||||
url: ldap://openldap.default.svc.cluster.local
|
||||
## Connection Timeout.
|
||||
timeout: 5s
|
||||
## Use StartTLS with the LDAP connection.
|
||||
start_tls: false
|
||||
tls:
|
||||
## Server Name for certificate validation (in case it's not set correctly in the URL).
|
||||
server_name: ""
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
## Minimum TLS version for either Secure LDAP or LDAP StartTLS.
|
||||
minimum_version: TLS1.2
|
||||
## The base dn for every LDAP query.
|
||||
base_dn: DC=example,DC=com
|
||||
## The attribute holding the username of the user. This attribute is used to populate the username in the session
|
||||
## information. It was introduced due to #561 to handle case insensitive search queries. For you information,
|
||||
## Microsoft Active Directory usually uses 'sAMAccountName' and OpenLDAP usually uses 'uid'. Beware that this
|
||||
## attribute holds the unique identifiers for the users binding the user and the configuration stored in database.
|
||||
## Therefore only single value attributes are allowed and the value must never be changed once attributed to a user
|
||||
## otherwise it would break the configuration for that user. Technically, non-unique attributes like 'mail' can also
|
||||
## be used but we don't recommend using them, we instead advise to use the attributes mentioned above
|
||||
## (sAMAccountName and uid) to follow https://www.ietf.org/rfc/rfc2307.txt.
|
||||
username_attribute: "uid"
|
||||
## An additional dn to define the scope to all users.
|
||||
additional_users_dn: OU=Users
|
||||
## The users filter used in search queries to find the user profile based on input filled in login form.
|
||||
## Various placeholders are available in the user filter:
|
||||
## - {input} is a placeholder replaced by what the user inputs in the login form.
|
||||
## - {username_attribute} is a mandatory placeholder replaced by what is configured in `username_attribute`.
|
||||
## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
|
||||
## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
|
||||
## versions, so please don't use it.
|
||||
##
|
||||
## Recommended settings are as follows:
|
||||
## - Microsoft Active Directory: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))
|
||||
## - OpenLDAP:
|
||||
## - (&({username_attribute}={input})(objectClass=person))
|
||||
## - (&({username_attribute}={input})(objectClass=inetOrgPerson))
|
||||
##
|
||||
## To allow sign in both with username and email, one can use a filter like
|
||||
## (&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))
|
||||
users_filter: ""
|
||||
## An additional dn to define the scope of groups.
|
||||
additional_groups_dn: OU=Groups
|
||||
## The groups filter used in search queries to find the groups of the user.
|
||||
## - {input} is a placeholder replaced by what the user inputs in the login form.
|
||||
## - {username} is a placeholder replace by the username stored in LDAP (based on `username_attribute`).
|
||||
## - {dn} is a matcher replaced by the user distinguished name, aka, user DN.
|
||||
## - {username_attribute} is a placeholder replaced by what is configured in `username_attribute`.
|
||||
## - {mail_attribute} is a placeholder replaced by what is configured in `mail_attribute`.
|
||||
## - DON'T USE - {0} is an alias for {input} supported for backward compatibility but it will be deprecated in later
|
||||
## versions, so please don't use it.
|
||||
## - DON'T USE - {1} is an alias for {username} supported for backward compatibility but it will be deprecated in
|
||||
## later version, so please don't use it.
|
||||
##
|
||||
## If your groups use the `groupOfUniqueNames` structure use this instead:
|
||||
## (&(uniquemember={dn})(objectclass=groupOfUniqueNames))
|
||||
groups_filter: ""
|
||||
## The attribute holding the name of the group
|
||||
group_name_attribute: "cn"
|
||||
## The attribute holding the mail address of the user. If multiple email addresses are defined for a user, only the
|
||||
## first one returned by the LDAP server is used.
|
||||
mail_attribute: "mail"
|
||||
## The attribute holding the display name of the user. This will be used to greet an authenticated user.
|
||||
display_name_attribute: "displayname"
|
||||
## The username of the admin user.
|
||||
user: CN=admin,DC=example,DC=com
|
||||
plain_password: ""
|
||||
##
|
||||
## File (Authentication Provider)
|
||||
##
|
||||
## With this backend, the users database is stored in a file which is updated when users reset their passwords.
|
||||
## Therefore, this backend is meant to be used in a dev environment and not in production since it prevents Authelia
|
||||
## to be scaled to more than one instance. The options under 'password' have sane defaults, and as it has security
|
||||
## implications it is highly recommended you leave the default values. Before considering changing these settings
|
||||
## please read the docs page below:
|
||||
## https://www.authelia.com/docs/configuration/authentication/file.html#password-hash-algorithm-tuning
|
||||
##
|
||||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
|
||||
##
|
||||
file:
|
||||
enabled: true
|
||||
path: /config/users_database.yml
|
||||
password:
|
||||
algorithm: argon2id
|
||||
iterations: 1
|
||||
key_length: 32
|
||||
salt_length: 16
|
||||
memory: 1024
|
||||
parallelism: 8
|
||||
##
|
||||
## Access Control Configuration
|
||||
##
|
||||
## Access control is a list of rules defining the authorizations applied for one resource to users or group of users.
|
||||
##
|
||||
## If 'access_control' is not defined, ACL rules are disabled and the 'bypass' rule is applied, i.e., access is allowed
|
||||
## to anyone. Otherwise restrictions follow the rules defined.
|
||||
##
|
||||
## Note: One can use the wildcard * to match any subdomain.
|
||||
## It must stand at the beginning of the pattern. (example: *.mydomain.com)
|
||||
##
|
||||
## Note: You must put patterns containing wildcards between simple quotes for the YAML to be syntactically correct.
|
||||
##
|
||||
## Definition: A 'rule' is an object with the following keys: 'domain', 'subject', 'policy' and 'resources'.
|
||||
##
|
||||
## - 'domain' defines which domain or set of domains the rule applies to.
|
||||
##
|
||||
## - 'subject' defines the subject to apply authorizations to. This parameter is optional and matching any user if not
|
||||
## provided. If provided, the parameter represents either a user or a group. It should be of the form
|
||||
## 'user:<username>' or 'group:<groupname>'.
|
||||
##
|
||||
## - 'policy' is the policy to apply to resources. It must be either 'bypass', 'one_factor', 'two_factor' or 'deny'.
|
||||
##
|
||||
## - 'resources' is a list of regular expressions that matches a set of resources to apply the policy to. This parameter
|
||||
## is optional and matches any resource if not provided.
|
||||
##
|
||||
## Note: the order of the rules is important. The first policy matching (domain, resource, subject) applies.
|
||||
access_control:
|
||||
## Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'. It is the policy applied to any
|
||||
## resource if there is no policy to be applied to the user.
|
||||
default_policy: deny
|
||||
networks_access_control: []
|
||||
# networks_access_control:
|
||||
# - name: private
|
||||
# networks:
|
||||
# - 10.0.0.0/8
|
||||
# - 172.16.0.0/12
|
||||
# - 192.168.0.0/16
|
||||
# - name: vpn
|
||||
# networks:
|
||||
# - 10.9.0.0/16
|
||||
|
||||
rules: []
|
||||
# rules:
|
||||
# - domain: public.example.com
|
||||
# policy: bypass
|
||||
# - domain: "*.example.com"
|
||||
# policy: bypass
|
||||
# methods:
|
||||
# - OPTIONS
|
||||
# - domain: secure.example.com
|
||||
# policy: one_factor
|
||||
# networks:
|
||||
# - private
|
||||
# - vpn
|
||||
# - 192.168.1.0/24
|
||||
# - 10.0.0.1
|
||||
# - domain:
|
||||
# - secure.example.com
|
||||
# - private.example.com
|
||||
# policy: two_factor
|
||||
# - domain: singlefactor.example.com
|
||||
# policy: one_factor
|
||||
# - domain: "mx2.mail.example.com"
|
||||
# subject: "group:admins"
|
||||
# policy: deny
|
||||
# - domain: "*.example.com"
|
||||
# subject:
|
||||
# - "group:admins"
|
||||
# - "group:moderators"
|
||||
# policy: two_factor
|
||||
# - domain: dev.example.com
|
||||
# resources:
|
||||
# - "^/groups/dev/.*$"
|
||||
# subject: "group:dev"
|
||||
# policy: two_factor
|
||||
# - domain: dev.example.com
|
||||
# resources:
|
||||
# - "^/users/john/.*$"
|
||||
# subject:
|
||||
# - ["group:dev", "user:john"]
|
||||
# - "group:admins"
|
||||
# policy: two_factor
|
||||
# - domain: "{user}.example.com"
|
||||
# policy: bypass
|
||||
##
|
||||
## Session Provider Configuration
|
||||
##
|
||||
## The session cookies identify the user once logged in.
|
||||
## The available providers are: `memory`, `redis`. Memory is the provider unless redis is defined.
|
||||
session:
|
||||
## The name of the session cookie. (default: authelia_session).
|
||||
name: authelia_session
|
||||
## Sets the Cookie SameSite value. Possible options are none, lax, or strict.
|
||||
## Please read https://www.authelia.com/docs/configuration/session.html#same_site
|
||||
same_site: lax
|
||||
## The time in seconds before the cookie expires and session is reset.
|
||||
expiration: 1h
|
||||
## The inactivity time in seconds before the session is reset.
|
||||
inactivity: 5m
|
||||
## The remember me duration.
|
||||
## Value is in seconds, or duration notation. Value of 0 disables remember me.
|
||||
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||
## Longer periods are considered less secure because a stolen cookie will last longer giving attackers more time to
|
||||
## spy or attack. Currently the default is 1M or 1 month.
|
||||
remember_me_duration: 1M
|
||||
##
|
||||
## Redis Provider
|
||||
##
|
||||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
|
||||
##
|
||||
## The redis connection details
|
||||
redisProvider:
|
||||
port: 6379
|
||||
## Optional username to be used with authentication.
|
||||
# username: authelia
|
||||
username: ""
|
||||
## This is the Redis DB Index https://redis.io/commands/select (sometimes referred to as database number, DB, etc).
|
||||
database_index: 0
|
||||
## The maximum number of concurrent active connections to Redis.
|
||||
maximum_active_connections: 8
|
||||
## The target number of idle connections to have open ready for work. Useful when opening connections is slow.
|
||||
minimum_idle_connections: 0
|
||||
## The Redis TLS configuration. If defined will require a TLS connection to the Redis instance(s).
|
||||
tls:
|
||||
enabled: false
|
||||
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
|
||||
server_name: ""
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
## Minimum TLS version for the connection.
|
||||
minimum_version: TLS1.2
|
||||
## The Redis HA configuration options.
|
||||
## This provides specific options to Redis Sentinel, sentinel_name must be defined (Master Name).
|
||||
high_availability:
|
||||
enabled: false
|
||||
enabledSecret: false
|
||||
## Sentinel Name / Master Name
|
||||
sentinel_name: mysentinel
|
||||
## The additional nodes to pre-seed the redis provider with (for sentinel).
|
||||
## If the host in the above section is defined, it will be combined with this list to connect to sentinel.
|
||||
## For high availability to be used you must have either defined; the host above or at least one node below.
|
||||
nodes: []
|
||||
# nodes:
|
||||
# - host: sentinel-0.databases.svc.cluster.local
|
||||
# port: 26379
|
||||
# - host: sentinel-1.databases.svc.cluster.local
|
||||
# port: 26379
|
||||
|
||||
## Choose the host with the lowest latency.
|
||||
route_by_latency: false
|
||||
## Choose the host randomly.
|
||||
route_randomly: false
|
||||
##
|
||||
## Regulation Configuration
|
||||
##
|
||||
## This mechanism prevents attackers from brute forcing the first factor. It bans the user if too many attempts are done
|
||||
## in a short period of time.
|
||||
regulation:
|
||||
## The number of failed login attempts before user is banned. Set it to 0 to disable regulation.
|
||||
max_retries: 3
|
||||
## The time range during which the user can attempt login before being banned. The user is banned if the
|
||||
## authentication failed 'max_retries' times in a 'find_time' seconds window. Find Time accepts duration notation.
|
||||
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||
find_time: 2m
|
||||
## The length of time before a banned user can login again. Ban Time accepts duration notation.
|
||||
## See: https://www.authelia.com/docs/configuration/index.html#duration-notation-format
|
||||
ban_time: 5m
|
||||
##
|
||||
## Storage Provider Configuration
|
||||
##
|
||||
## The available providers are: `local`, `mysql`, `postgres`. You must use one and only one of these providers.
|
||||
storage:
|
||||
##
|
||||
## PostgreSQL (Storage Provider)
|
||||
##
|
||||
postgres:
|
||||
port: 5432
|
||||
database: authelia
|
||||
username: authelia
|
||||
sslmode: disable
|
||||
timeout: 5s
|
||||
##
|
||||
## Notification Provider
|
||||
##
|
||||
##
|
||||
## Notifications are sent to users when they require a password reset, a u2f registration or a TOTP registration.
|
||||
## The available providers are: filesystem, smtp. You must use one and only one of these providers.
|
||||
notifier:
|
||||
## You can disable the notifier startup check by setting this to true.
|
||||
disable_startup_check: false
|
||||
##
|
||||
## File System (Notification Provider)
|
||||
##
|
||||
## Important: Kubernetes (or HA) users must read https://www.authelia.com/docs/features/statelessness.html
|
||||
##
|
||||
filesystem:
|
||||
enabled: true
|
||||
filename: /config/notification.txt
|
||||
##
|
||||
## SMTP (Notification Provider)
|
||||
##
|
||||
## Use a SMTP server for sending notifications. Authelia uses the PLAIN or LOGIN methods to authenticate.
|
||||
## [Security] By default Authelia will:
|
||||
## - force all SMTP connections over TLS including unauthenticated connections
|
||||
## - use the disable_require_tls boolean value to disable this requirement
|
||||
## (only works for unauthenticated connections)
|
||||
## - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates
|
||||
## (configure in tls section)
|
||||
smtp:
|
||||
enabled: false
|
||||
enabledSecret: false
|
||||
host: smtp.mail.svc.cluster.local
|
||||
port: 25
|
||||
timeout: 5s
|
||||
username: test
|
||||
plain_password: test
|
||||
sender: admin@example.com
|
||||
## HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost.
|
||||
identifier: localhost
|
||||
## Subject configuration of the emails sent.
|
||||
## {title} is replaced by the text from the notifier
|
||||
subject: "[Authelia] {title}"
|
||||
## This address is used during the startup check to verify the email configuration is correct.
|
||||
## It's not important what it is except if your email server only allows local delivery.
|
||||
startup_check_address: test@authelia.com
|
||||
disable_require_tls: false
|
||||
disable_html_emails: false
|
||||
tls:
|
||||
## Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
|
||||
server_name: ""
|
||||
## Skip verifying the server certificate (to allow a self-signed certificate).
|
||||
## In preference to setting this we strongly recommend you add the public portion of the certificate to the
|
||||
## certificates directory which is defined by the `certificates_directory` option at the top of the config.
|
||||
skip_verify: false
|
||||
## Minimum TLS version for either StartTLS or SMTPS.
|
||||
minimum_version: TLS1.2
|
||||
identity_providers:
|
||||
oidc:
|
||||
## Enables this in the config map. Currently in beta stage.
|
||||
## See https://www.authelia.com/docs/configuration/identity-providers/oidc.html#roadmap
|
||||
enabled: false
|
||||
access_token_lifespan: 1h
|
||||
authorize_code_lifespan: 1m
|
||||
id_token_lifespan: 1h
|
||||
refresh_token_lifespan: 90m
|
||||
enable_client_debug_messages: false
|
||||
## SECURITY NOTICE: It's not recommended changing this option, and highly discouraged to have it below 8 for
|
||||
## security reasons.
|
||||
minimum_parameter_entropy: 8
|
||||
clients: []
|
||||
# clients:
|
||||
# -
|
||||
## The ID is the OpenID Connect ClientID which is used to link an application to a configuration.
|
||||
# id: myapp
|
||||
## The description to show to users when they end up on the consent screen. Defaults to the ID above.
|
||||
# description: My Application
|
||||
|
||||
## The client secret is a shared secret between Authelia and the consumer of this client.
|
||||
# secret: apple123
|
||||
|
||||
## Sets the client to public. This should typically not be set, please see the documentation for usage.
|
||||
# public: false
|
||||
|
||||
## The policy to require for this client; one_factor or two_factor.
|
||||
# authorization_policy: two_factor
|
||||
|
||||
## Configures the consent mode; auto, explicit or implicit
|
||||
# consent_mode: auto
|
||||
|
||||
## Audience this client is allowed to request.
|
||||
# audience: []
|
||||
|
||||
## Scopes this client is allowed to request.
|
||||
# scopes:
|
||||
# - openid
|
||||
# - profile
|
||||
# - email
|
||||
# - groups
|
||||
|
||||
## Redirect URI's specifies a list of valid case-sensitive callbacks for this client.
|
||||
# redirect_uris:
|
||||
# - https://oidc.example.com/oauth2/callback
|
||||
|
||||
## Grant Types configures which grants this client can obtain.
|
||||
## It's not recommended to configure this unless you know what you're doing.
|
||||
# grant_types:
|
||||
# - refresh_token
|
||||
# - authorization_code
|
||||
|
||||
## Response Types configures which responses this client can be sent.
|
||||
## It's not recommended to configure this unless you know what you're doing.
|
||||
# response_types:
|
||||
# - code
|
||||
|
||||
## Response Modes configures which response modes this client supports.
|
||||
## It's not recommended to configure this unless you know what you're doing.
|
||||
# response_modes:
|
||||
# - form_post
|
||||
# - query
|
||||
# - fragment
|
||||
|
||||
## The algorithm used to sign userinfo endpoint responses for this client, either none or RS256.
|
||||
# userinfo_signing_algorithm: none
|
||||
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
||||
|
||||
ingress:
|
||||
main:
|
||||
required: true
|
|
@ -1,17 +0,0 @@
|
|||
---
|
||||
title: Changelog
|
||||
---
|
||||
|
||||
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
**Important:**
|
||||
|
||||
|
||||
## [blocky-14.3.5](https://github.com/truecharts/charts/compare/blocky-14.3.4...blocky-14.3.5) (2024-03-16)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- rename `enterprise`- train to `premium`-train
|
|
@ -1,47 +0,0 @@
|
|||
annotations:
|
||||
max_scale_version: 24.04.0
|
||||
min_scale_version: 23.10.0
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/category: network
|
||||
truecharts.org/max_helm_version: "3.14"
|
||||
truecharts.org/min_helm_version: "3.12"
|
||||
truecharts.org/train: premium
|
||||
apiVersion: v2
|
||||
appVersion: 0.23.0
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 20.0.9
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: ""
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
- name: redis
|
||||
version: 13.0.3
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: redis.enabled
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
deprecated: false
|
||||
description: Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go
|
||||
home: https://truecharts.org/charts/premium/blocky
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png
|
||||
keywords:
|
||||
- dns
|
||||
- blocky
|
||||
kubeVersion: '>=1.24.0-0'
|
||||
maintainers:
|
||||
- name: TrueCharts
|
||||
email: info@truecharts.org
|
||||
url: https://truecharts.org
|
||||
name: blocky
|
||||
sources:
|
||||
- https://github.com/Mozart409/blocky-frontend
|
||||
- https://0xerr0r.github.io/blocky/
|
||||
- https://github.com/0xERR0R/blocky
|
||||
- https://github.com/truecharts/charts/tree/master/charts/premium/blocky
|
||||
- https://hub.docker.com/r/spx01/blocky
|
||||
- https://quay.io/oriedge/k8s_gateway
|
||||
type: application
|
||||
version: 14.3.5
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,99 @@
|
|||
---
|
||||
title: Changelog
|
||||
---
|
||||
|
||||
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
**Important:**
|
||||
|
||||
|
||||
## [blocky-14.5.1](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [blocky-14.5.0](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
annotations:
|
||||
max_scale_version: 24.04.0
|
||||
min_scale_version: 23.10.0
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/category: network
|
||||
truecharts.org/max_helm_version: "3.14"
|
||||
truecharts.org/min_helm_version: "3.11"
|
||||
truecharts.org/train: premium
|
||||
apiVersion: v2
|
||||
appVersion: 0.23.0
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 20.2.2
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: ""
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
- name: redis
|
||||
version: 13.0.5
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: redis.enabled
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
deprecated: false
|
||||
description: Blocky is a DNS proxy, DNS enhancer and ad-blocker for the local network written in Go
|
||||
home: https://truecharts.org/charts/premium/blocky
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/blocky.png
|
||||
keywords:
|
||||
- dns
|
||||
- blocky
|
||||
kubeVersion: ">=1.24.0-0"
|
||||
maintainers:
|
||||
- name: TrueCharts
|
||||
email: info@truecharts.org
|
||||
url: https://truecharts.org
|
||||
name: blocky
|
||||
sources:
|
||||
- https://github.com/Mozart409/blocky-frontend
|
||||
- https://0xerr0r.github.io/blocky/
|
||||
- https://github.com/0xERR0R/blocky
|
||||
- https://github.com/truecharts/charts/tree/master/charts/premium/blocky
|
||||
- https://quay.io/oriedge/k8s_gateway
|
||||
- https://hub.docker.com/r/spx01/blocky
|
||||
type: application
|
||||
version: 14.5.1
|
|
@ -0,0 +1,13 @@
|
|||
|
||||
|
||||
## [blocky-14.5.1](https://github.com/truecharts/charts/compare/blocky-14.4.0...blocky-14.5.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
Binary file not shown.
|
@ -0,0 +1,100 @@
|
|||
---
|
||||
title: Changelog
|
||||
---
|
||||
|
||||
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
**Important:**
|
||||
|
||||
|
||||
## [clusterissuer-7.7.1](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [clusterissuer-7.7.0](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
|
@ -0,0 +1,37 @@
|
|||
annotations:
|
||||
max_scale_version: 24.04.0
|
||||
min_scale_version: 23.10.0
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/category: core
|
||||
truecharts.org/max_helm_version: "3.14"
|
||||
truecharts.org/min_helm_version: "3.11"
|
||||
truecharts.org/train: premium
|
||||
apiVersion: v2
|
||||
appVersion: latest
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 20.2.2
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: ""
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
deprecated: false
|
||||
description: Certificate management for Kubernetes
|
||||
home: https://truecharts.org/charts/premium/clusterissuer
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/clusterissuer.png
|
||||
keywords:
|
||||
- cert-manager
|
||||
- certificates
|
||||
kubeVersion: ">=1.24.0-0"
|
||||
maintainers:
|
||||
- name: TrueCharts
|
||||
email: info@truecharts.org
|
||||
url: https://truecharts.org
|
||||
name: clusterissuer
|
||||
sources:
|
||||
- https://cert-manager.io/
|
||||
- https://github.com/truecharts/charts/tree/master/charts/premium/clusterissuer
|
||||
- https://hub.docker.com/_/hello-world
|
||||
type: application
|
||||
version: 7.7.1
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
title: README
|
||||
---
|
||||
|
||||
## General Info
|
||||
|
||||
TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE.
|
||||
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||
|
||||
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/clusterissuer)
|
||||
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
|
||||
- See the [Website](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||
|
||||
---
|
||||
|
||||
## Sponsor TrueCharts
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||
|
||||
_All Rights Reserved - The TrueCharts Project_
|
|
@ -0,0 +1,11 @@
|
|||
|
||||
|
||||
## [clusterissuer-7.7.1](https://github.com/truecharts/charts/compare/clusterissuer-7.6.0...clusterissuer-7.7.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
|
@ -0,0 +1,8 @@
|
|||
Certificate management for Kubernetes
|
||||
|
||||
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/clusterissuer](https://truecharts.org/charts/premium/clusterissuer)
|
||||
|
||||
---
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
Binary file not shown.
|
@ -0,0 +1,104 @@
|
|||
image:
|
||||
repository: hello-world
|
||||
tag: latest@sha256:d000bc569937abbe195e20322a0bde6b2922d805332fd6d8a68b19f524b7d21d
|
||||
pullPolicy: IfNotPresent
|
||||
manifestManager:
|
||||
enabled: true
|
||||
workload:
|
||||
main:
|
||||
enabled: false
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
enabled: false
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
service:
|
||||
main:
|
||||
enabled: false
|
||||
ports:
|
||||
main:
|
||||
enabled: false
|
||||
port: 9999
|
||||
portal:
|
||||
open:
|
||||
enabled: false
|
||||
operator:
|
||||
verify:
|
||||
additionalOperators:
|
||||
- cert-manager
|
||||
enabled: true
|
||||
failOnError: false
|
||||
clusterIssuer:
|
||||
selfSigned:
|
||||
enabled: true
|
||||
name: "selfsigned"
|
||||
CA: []
|
||||
# - name: myca
|
||||
# selfSigned: true
|
||||
# selfSignedCommonName: "my-selfsigned-ca"
|
||||
# # Used to manually define a CA-crt not used when selfSigned is enabled
|
||||
# crt: ""
|
||||
# key: ""
|
||||
# # TODO: Add option to use SCALE CA certs
|
||||
|
||||
ACME: []
|
||||
# - name: letsencrypt
|
||||
# # Used for both logging in to the DNS provider AND ACME registration
|
||||
# email: ""
|
||||
# server: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
# # Used primarily for the SCALE GUI
|
||||
# customServer: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
# email: ""
|
||||
# # Options: HTTP01, cloudflare, route53, akamai, digitalocean, rfc2136, acmedns
|
||||
# type: ""
|
||||
# # for cloudflare
|
||||
# cfapikey: ""
|
||||
# cfapitoken: ""
|
||||
# # for route53
|
||||
# region: ""
|
||||
# accessKeyID: ""
|
||||
# route53SecretAccessKey: ""
|
||||
# # optional for route53
|
||||
# role: ""
|
||||
# # for akamai
|
||||
# serviceConsumerDomain: ""
|
||||
# akclientToken: ""
|
||||
# akclientSecret: ""
|
||||
# akaccessToken: ""
|
||||
# # for digitalocean
|
||||
# doaccessToken: ""
|
||||
# # for rfc2136
|
||||
# nameserver: ""
|
||||
# tsigKeyName: ""
|
||||
# tsigAlgorithm: ""
|
||||
# rfctsigSecret: ""
|
||||
# # for acmedns
|
||||
# name: sd
|
||||
# acmednsHost: asdf
|
||||
# # Pick one of the bellow acmednsConfig
|
||||
# acmednsConfigJson:
|
||||
# acmednsConfig:
|
||||
# - domain: ""
|
||||
# username: ""
|
||||
# password: ""
|
||||
# fulldomain: ""
|
||||
# subdomain: ""
|
||||
# allowFrom: []
|
||||
|
||||
clusterCertificates:
|
||||
# Namespaces in which the certificates must be available
|
||||
# Accepts comma-separated regex expressions
|
||||
# replicationNamespaces: 'ix-.*'
|
||||
certificates: []
|
||||
# - name: mycert
|
||||
# enabled: true
|
||||
# certificateIssuer: selfsigned
|
||||
# hosts:
|
||||
# - my.domain.com
|
||||
# - '*.my.domain.com'
|
|
@ -0,0 +1,446 @@
|
|||
groups:
|
||||
- name: Container Image
|
||||
description: Image to be used for container
|
||||
- name: General Settings
|
||||
description: General Deployment Settings
|
||||
- name: Workload Settings
|
||||
description: Workload Settings
|
||||
- name: App Configuration
|
||||
description: App Specific Config Options
|
||||
- name: Networking and Services
|
||||
description: Configure Network and Services for Container
|
||||
- name: Storage and Persistence
|
||||
description: Persist and Share Data that is Separate from the Container
|
||||
- name: Ingress
|
||||
description: Ingress Configuration
|
||||
- name: Security and Permissions
|
||||
description: Configure Security Context and Permissions
|
||||
- name: Resources and Devices
|
||||
description: "Specify Resources/Devices to be Allocated to Workload"
|
||||
- name: Middlewares
|
||||
description: Traefik Middlewares
|
||||
- name: Metrics
|
||||
description: Metrics
|
||||
- name: Addons
|
||||
description: Addon Configuration
|
||||
- name: Backup Configuration
|
||||
description: Configure Velero Backup Schedule
|
||||
- name: Advanced
|
||||
description: Advanced Configuration
|
||||
- name: Postgresql
|
||||
description: Postgresql
|
||||
- name: Documentation
|
||||
description: Documentation
|
||||
|
||||
questions:
|
||||
- variable: global
|
||||
group: General Settings
|
||||
label: "Global Settings"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: stopAll
|
||||
label: Stop All
|
||||
description: "Stops All Running pods and hibernates cnpg"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
- variable: clusterIssuer
|
||||
group: App Configuration
|
||||
label: Cluster Certificate Issuer
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: ACME
|
||||
label: 'ACME Issuer'
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: ACMEEntry
|
||||
label: 'ACME Issuer Entry'
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Name
|
||||
description: "Name to give the issuer"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
||||
default: ""
|
||||
- variable: type
|
||||
label: Type or DNS-Provider
|
||||
description: DNS Provider
|
||||
schema:
|
||||
type: string
|
||||
default: cloudflare
|
||||
enum:
|
||||
- value: cloudflare
|
||||
description: Cloudflare
|
||||
- value: route53
|
||||
description: Route53
|
||||
- value: akamai
|
||||
description: Akamai
|
||||
- value: digitalocean
|
||||
description: Digitalocean
|
||||
- value: rfc2136
|
||||
description: rfc2136 (Advanced)
|
||||
- value: HTTP01
|
||||
description: HTTP01 (Experimental)
|
||||
- value: acmedns
|
||||
description: ACME DNS (Advanced)
|
||||
- variable: server
|
||||
label: Server
|
||||
description: "Server for ACME, for example: letsencrypt"
|
||||
schema:
|
||||
type: string
|
||||
default: 'Letsencrypt-Production'
|
||||
enum:
|
||||
- value: 'https://acme-v02.api.letsencrypt.org/directory'
|
||||
description: Letsencrypt-Production
|
||||
- value: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
description: Letsencrypt-Staging
|
||||
- value: 'https://api.buypass.no/acme-v02/directory'
|
||||
description: BuyPass-Production
|
||||
- value: 'https://api.test4.buypass.no/acme-v02/directory'
|
||||
description: BuyPass-Staging
|
||||
- value: custom
|
||||
description: Custom
|
||||
- variable: customServer
|
||||
label: Custom ACME Server (Advanced)
|
||||
description: "This can be used to enter your own custom ACME server"
|
||||
schema:
|
||||
type: string
|
||||
show_if: [["server", "=", "custom"]]
|
||||
default: 'https://acme-staging-v02.api.letsencrypt.org/directory'
|
||||
- variable: caBundle
|
||||
label: Trusted CABundle for private ACME server
|
||||
description: "Trusted CABundle for private ACME server, encoded in base64"
|
||||
schema:
|
||||
type: string
|
||||
show_if: [["server", "=", "custom"]]
|
||||
- variable: email
|
||||
label: Email
|
||||
description: "Email adress to use for certificate issuing must match your DNS provider email when required"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "something@example.com"
|
||||
- variable: cfapikey
|
||||
label: CloudFlare API key
|
||||
description: "CloudFlare API Key"
|
||||
schema:
|
||||
show_if: [["type", "=", "cloudflare"]]
|
||||
type: string
|
||||
default: ""
|
||||
- variable: cfapitoken
|
||||
label: CloudFlare API Token
|
||||
description: "CloudFlare API Token"
|
||||
schema:
|
||||
show_if: [["type", "=", "cloudflare"]]
|
||||
type: string
|
||||
default: ""
|
||||
- variable: region
|
||||
label: Route53 Region
|
||||
description: "Route 53 Region"
|
||||
schema:
|
||||
show_if: [["type", "=", "route53"]]
|
||||
type: string
|
||||
required: true
|
||||
default: "us-west-1"
|
||||
- variable: accessKeyID
|
||||
label: Route53 accessKeyID
|
||||
description: "Route53 accessKeyID"
|
||||
schema:
|
||||
show_if: [["type", "=", "route53"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: route53SecretAccessKey
|
||||
label: Route53 Secret Access Key
|
||||
description: "Route53 Secret Access Key"
|
||||
schema:
|
||||
show_if: [["type", "=", "route53"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: role
|
||||
label: Route53 Role (optional)
|
||||
description: "Route53 Role"
|
||||
schema:
|
||||
show_if: [["type", "=", "route53"]]
|
||||
type: string
|
||||
default: ""
|
||||
- variable: serviceConsumerDomain
|
||||
label: Akamai Service Consumer Domain
|
||||
description: "Akamai Service Consumer Domain"
|
||||
schema:
|
||||
show_if: [["type", "=", "akamai"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: akclientToken
|
||||
label: Akamai Client Token
|
||||
description: "Client Token"
|
||||
schema:
|
||||
show_if: [["type", "=", "akamai"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: akclientSecret
|
||||
label: Akamai Client Secret
|
||||
description: "Akamai Client Secret"
|
||||
schema:
|
||||
show_if: [["type", "=", "akamai"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: akaccessToken
|
||||
label: Akamai Access Token
|
||||
description: "Akamai Access Token"
|
||||
schema:
|
||||
show_if: [["type", "=", "akamai"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: doaccessToken
|
||||
label: Digitalocean Access Token
|
||||
description: "Digitalocean Access Token"
|
||||
schema:
|
||||
show_if: [["type", "=", "digitalocean"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: nameserver
|
||||
label: rfc2136 Namesever
|
||||
description: "rfc2136 Namesever"
|
||||
schema:
|
||||
show_if: [["type", "=", "rfc2136"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: tsigKeyName
|
||||
label: rfc2136 tsig Key Name
|
||||
description: "rfc2136 tsig Key Name"
|
||||
schema:
|
||||
show_if: [["type", "=", "rfc2136"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: tsigAlgorithm
|
||||
label: rfc2136 tsig Algorithm
|
||||
description: "rfc2136 tsig Algorithm"
|
||||
schema:
|
||||
show_if: [["type", "=", "rfc2136"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: rfctsigSecret
|
||||
label: rfc2136 sig Secret
|
||||
description: "rfc2136 sig Secret"
|
||||
schema:
|
||||
show_if: [["type", "=", "rfc2136"]]
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: acmednsHost
|
||||
label: ACME DNS host
|
||||
description: "ACME DNS API server address"
|
||||
schema:
|
||||
show_if: [["type", "=", "acmedns"]]
|
||||
type: string
|
||||
required: true
|
||||
default: "https://auth.acme-dns.io"
|
||||
- variable: acmednsConfig
|
||||
label: ACME DNS config
|
||||
description: "ACME DNS per-domain auth configuration"
|
||||
schema:
|
||||
show_if: [["type", "=", "acmedns"]]
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: acmednsEntry
|
||||
label: 'ACME DNS entry'
|
||||
schema:
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: domain
|
||||
label: Domain
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
- variable: username
|
||||
label: Username
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
- variable: password
|
||||
label: Password
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
- variable: fulldomain
|
||||
label: Full domain
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
- variable: subdomain
|
||||
label: Subdomain
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
- variable: allowFrom
|
||||
label: Allow from
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: cidr
|
||||
label: CIDR
|
||||
schema:
|
||||
type: ipaddr
|
||||
cidr: true
|
||||
required: true
|
||||
- variable: CA
|
||||
label: Certificate Authority Issuer
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: CAEntry
|
||||
label: 'CA Issuer Entry'
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Name
|
||||
description: "Name to give the issuer"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
||||
default: ""
|
||||
- variable: selfSigned
|
||||
label: selfSigned
|
||||
description: "Create Self Signed CA cert"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: selfSignedCommonName
|
||||
label: selfSigned CommonName
|
||||
description: "Common name for selfSigned Certiticate Authority"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
show_if: [["selfSigned", "=", true]]
|
||||
default: "my-selfsigned-ca"
|
||||
- variable: crt
|
||||
label: "Custom CA cert (experimental)"
|
||||
description: "certificate for Certiticate Authority"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
max_length: 10240
|
||||
show_if: [["selfSigned", "=", false]]
|
||||
default: ""
|
||||
- variable: key
|
||||
label: "Custom CA key (experimental)"
|
||||
description: "key Certiticate Authority"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
max_length: 10240
|
||||
show_if: [["selfSigned", "=", false]]
|
||||
default: ""
|
||||
- variable: selfSigned
|
||||
label: 'SelfSigned Issuer'
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: enabled
|
||||
description: "Enable self-signed issuer"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: name
|
||||
label: Name
|
||||
description: "Name to give the issuer"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
||||
default: "selfsigned"
|
||||
- variable: clusterCertificates
|
||||
group: App Configuration
|
||||
label: Cluster Wide Certificates (Advanced)
|
||||
description: "Creates certificates for use within the entire cluster. Can be used to create wildcard certificates."
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: certificates
|
||||
label: Cluster Certificates
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: CertEntry
|
||||
label: 'Certificate Entry'
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: Enabled
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: name
|
||||
label: Certificate Name
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: certificateIssuer
|
||||
label: Cert-Manager clusterIssuer
|
||||
description: "One of the Cert-Manager clusterIssuers defined above"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
valid_chars: '^[a-z]+(-?[a-z]){0,63}-?[a-z]+$'
|
||||
default: "selfsigned"
|
||||
- variable: hosts
|
||||
label: Certificate Hosts
|
||||
description: "NOTE: Creation of wildcard certificates with an ACME issuer requires a DNSO1 solver to be set up."
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: host
|
||||
label: Host
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
required: true
|
||||
- variable: customMetrics
|
||||
group: Metrics
|
||||
label: Prometheus Metrics
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: Enabled
|
||||
description: Enable Prometheus Metrics
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
|
@ -0,0 +1,128 @@
|
|||
{{- define "certmanager.clusterissuer.acme" -}}
|
||||
{{- $operator := index $.Values.operator "cert-manager" -}}
|
||||
{{- $namespace := $operator.namespace | default "cert-manager" -}}
|
||||
|
||||
{{- $rfctsigSecret := .rfctsigSecret | default "" -}}
|
||||
{{/* https://cert-manager.io/docs/configuration/acme/dns01/rfc2136/#troubleshooting */}}
|
||||
{{- if $rfctsigSecret -}} {{/* If we try to decode and fail, go on and encode it. */}}
|
||||
{{- if (contains "illegal base64" (b64dec $rfctsigSecret)) -}}
|
||||
{{- $rfctsigSecret = b64enc $rfctsigSecret -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range .Values.clusterIssuer.ACME }}
|
||||
{{- if or (not .name) (not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name)) -}}
|
||||
{{- fail "ACME - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
|
||||
{{- end -}}
|
||||
{{- $validTypes := list "HTTP01" "cloudflare" "route53" "digitalocean" "akamai" "rfc2136" "acmedns" -}}
|
||||
{{- if not (mustHas .type $validTypes) -}}
|
||||
{{- fail (printf "Expected ACME type to be one of [%s], but got [%s]" (join ", " $validTypes) .type) -}}
|
||||
{{- end -}}
|
||||
{{- $issuerSecretName := printf "%s-clusterissuer-secret" .name }}
|
||||
{{- $acmednsDict := dict -}}
|
||||
{{- if and (eq .type "acmedns") (not .acmednsConfigJson) }}
|
||||
{{- range .acmednsConfig }}
|
||||
{{/* Transform to a dict with domain as a key, also remove domain from the dict */}}
|
||||
{{- $_ := set $acmednsDict .domain (omit . "domain") -}}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
acme:
|
||||
email: {{ .email }}
|
||||
server: {{ if eq .server "custom" }}{{ .customServer }}{{ else }}{{ .server }}{{ end }}
|
||||
{{- if .caBundle }}
|
||||
caBundle: {{ .caBundle }}
|
||||
{{- end }}
|
||||
privateKeySecretRef:
|
||||
name: {{ .name }}-acme-clusterissuer-account-key
|
||||
solvers:
|
||||
{{- if eq .type "HTTP01" }}
|
||||
- http01:
|
||||
ingress: {}
|
||||
{{- else }}
|
||||
- dns01:
|
||||
{{- if eq .type "cloudflare" }}
|
||||
cloudflare:
|
||||
email: {{ .email }}
|
||||
{{- if .cfapitoken }}
|
||||
apiTokenSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: cf-api-token
|
||||
{{- else if .cfapikey }}
|
||||
apiKeySecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: cf-api-key
|
||||
{{- else -}}
|
||||
{{- fail "A cloudflare API key or token is required" -}}
|
||||
{{- end -}}
|
||||
{{- else if eq .type "route53" }}
|
||||
route53:
|
||||
region: {{ .region }}
|
||||
accessKeyID: {{ .accessKeyID }}
|
||||
{{- if .role }}
|
||||
role: {{ .role }}
|
||||
{{- end }}
|
||||
secretAccessKeySecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: route53-secret-access-key
|
||||
{{- else if eq .type "akamai" }}
|
||||
akamai:
|
||||
serviceConsumerDomain: {{ .serviceConsumerDomain }}
|
||||
clientTokenSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: akclientToken
|
||||
clientSecretSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: akclientSecret
|
||||
accessTokenSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: akaccessToken
|
||||
{{- else if eq .type "digitalocean" }}
|
||||
digitalocean:
|
||||
tokenSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: doaccessToken
|
||||
{{- else if eq .type "rfc2136" }}
|
||||
rfc2136:
|
||||
nameserver: {{ .nameserver }}
|
||||
tsigKeyName: {{ .tsigKeyName }}
|
||||
tsigAlgorithm: {{ .tsigAlgorithm }}
|
||||
tsigSecretSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: rfctsigSecret
|
||||
{{- else if eq .type "acmedns" }}
|
||||
acmeDNS:
|
||||
host: {{ .acmednsHost }}
|
||||
accountSecretRef:
|
||||
name: {{ $issuerSecretName }}
|
||||
key: acmednsJson
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
namespace: {{ $namespace }}
|
||||
name: {{ $issuerSecretName }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
cf-api-token: {{ .cfapitoken | default "" }}
|
||||
cf-api-key: {{ .cfapikey | default "" }}
|
||||
route53-secret-access-key: {{ .route53SecretAccessKey | default "" }}
|
||||
akclientToken: {{ .akclientToken | default "" }}
|
||||
akclientSecret: {{ .akclientSecret | default "" }}
|
||||
akaccessToken: {{ .akaccessToken | default "" }}
|
||||
doaccessToken: {{ .doaccessToken | default "" }}
|
||||
rfctsigSecret: {{ $rfctsigSecret }}
|
||||
{{- if .acmednsConfigJson }}
|
||||
acmednsJson: {{ .acmednsConfigJson }}
|
||||
{{- else if $acmednsDict }}
|
||||
acmednsJson: {{ toJson $acmednsDict | quote }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,54 @@
|
|||
{{- define "certmanager.clusterissuer.ca" -}}
|
||||
{{- $operator := index $.Values.operator "cert-manager" -}}
|
||||
{{- $namespace := $operator.namespace | default "cert-manager" -}}
|
||||
|
||||
{{- range .Values.clusterIssuer.CA }}
|
||||
{{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .name) -}}
|
||||
{{- fail "CA - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
|
||||
{{- end -}}
|
||||
{{- if .selfSigned }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: {{ .name }}-selfsigned-ca-issuer
|
||||
spec:
|
||||
selfSigned: {}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: {{ .name }}-selfsigned-ca
|
||||
namespace: {{ $namespace }}
|
||||
spec:
|
||||
isCA: true
|
||||
commonName: {{ .selfSignedCommonName }}
|
||||
secretName: {{ .name }}-ca
|
||||
privateKey:
|
||||
algorithm: ECDSA
|
||||
size: 256
|
||||
issuerRef:
|
||||
name: {{ .name }}-selfsigned-ca-issuer
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
||||
{{- else }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ .name }}-ca
|
||||
namespace: {{ $namespace }}
|
||||
data:
|
||||
tls.crt: {{ .crt | replace " CERTIFICATE" "_CERTIFICATE" | replace " " "\n" | replace "_CERTIFICATE" " CERTIFICATE" | b64enc }}
|
||||
tls.key: {{ .key | replace " PRIVATE KEY" "_PRIVATE_KEY" | replace " " "\n" | replace "_PRIVATE_KEY" " PRIVATE KEY" | b64enc }}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
spec:
|
||||
ca:
|
||||
secretName: {{ .name }}-ca
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,34 @@
|
|||
{{- define "certmanager.clusterissuer.clusterCertificates" -}}
|
||||
{{- if .Values.clusterCertificates -}}
|
||||
{{- $secretTemplates := dict -}}
|
||||
{{- $certNamespace := (include "tc.v1.common.lib.metadata.namespace" (dict "rootCtx" $ "objectData" dict "caller" "ClusterCertificates")) -}}
|
||||
{{- $replicationNamespaces := ".*" -}}
|
||||
{{- if .Values.clusterCertificates.replicationNamespaces -}}
|
||||
{{- $replicationNamespaces = .Values.clusterCertificates.replicationNamespaces -}}
|
||||
{{- else if .Values.ixChartContext -}}
|
||||
{{- $replicationNamespaces = "ix-.*" -}}
|
||||
{{- end -}}
|
||||
{{- $reflectorAnnotations := (dict
|
||||
"reflector.v1.k8s.emberstack.com/reflection-allowed" "true"
|
||||
"reflector.v1.k8s.emberstack.com/reflection-auto-enabled" "true"
|
||||
"reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces" (printf "%v,%v" $certNamespace $replicationNamespaces)
|
||||
"reflector.v1.k8s.emberstack.com/reflection-auto-namespaces" $replicationNamespaces ) -}}
|
||||
{{- $certAnnotations := (mustMerge ($reflectorAnnotations) (include "tc.v1.common.lib.metadata.allAnnotations" $ | fromYaml)) -}}
|
||||
|
||||
{{- $_ := set $secretTemplates "annotations" $certAnnotations -}}
|
||||
|
||||
{{- if not $.Values.certificate -}}
|
||||
{{- $_ := set $.Values "certificate" dict -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- range .Values.clusterCertificates.certificates -}}
|
||||
{{- $_ := set $.Values.certificate .name (dict
|
||||
"enabled" .enabled
|
||||
"hosts" .hosts
|
||||
"certificateIssuer" .certificateIssuer
|
||||
"certificateSecretTemplate" $secretTemplates
|
||||
) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,14 @@
|
|||
{{- define "certmanager.clusterissuer.selfsigned" -}}
|
||||
{{- if .Values.clusterIssuer.selfSigned.enabled -}}
|
||||
{{- if not (mustRegexMatch "^[a-z]+(-?[a-z]){0,63}-?[a-z]+$" .Values.clusterIssuer.selfSigned.name) -}}
|
||||
{{- fail "Self Singed Issuer - Expected name to be all lowercase with hyphens, but not start or end with a hyphen" -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: {{ .Values.clusterIssuer.selfSigned.name }}
|
||||
spec:
|
||||
selfSigned: {}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,16 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.v1.common.loader.init" . }}
|
||||
|
||||
{{/*
|
||||
Generate certificate data and set them to $.Values.ceritificate
|
||||
Let common handle the creation of the objects
|
||||
*/}}
|
||||
{{- include "certmanager.clusterissuer.clusterCertificates" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.v1.common.loader.apply" . }}
|
||||
|
||||
{{/* Generate the cluster issuers */}}
|
||||
{{- include "certmanager.clusterissuer.acme" . }}
|
||||
{{- include "certmanager.clusterissuer.selfsigned" . }}
|
||||
{{- include "certmanager.clusterissuer.ca" . }}
|
|
@ -0,0 +1,100 @@
|
|||
---
|
||||
title: Changelog
|
||||
---
|
||||
|
||||
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
**Important:**
|
||||
|
||||
|
||||
## [grafana-14.8.1](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [grafana-14.8.0](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
|
@ -0,0 +1,41 @@
|
|||
annotations:
|
||||
max_scale_version: 24.04.0
|
||||
min_scale_version: 23.10.0
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/category: metrics
|
||||
truecharts.org/max_helm_version: "3.14"
|
||||
truecharts.org/min_helm_version: "3.11"
|
||||
truecharts.org/train: premium
|
||||
apiVersion: v2
|
||||
appVersion: 10.4.0
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 20.2.2
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: ""
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
deprecated: false
|
||||
description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB.
|
||||
home: https://truecharts.org/charts/premium/grafana
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/grafana.png
|
||||
keywords:
|
||||
- analytics
|
||||
- monitoring
|
||||
- metrics
|
||||
- logs
|
||||
kubeVersion: ">=1.24.0-0"
|
||||
maintainers:
|
||||
- name: TrueCharts
|
||||
email: info@truecharts.org
|
||||
url: https://truecharts.org
|
||||
name: grafana
|
||||
sources:
|
||||
- https://grafana.com/
|
||||
- https://github.com/bitnami/bitnami-docker-grafana
|
||||
- https://github.com/truecharts/charts/tree/master/charts/premium/grafana
|
||||
- https://quay.io/kiwigrid/k8s-sidecar
|
||||
- https://hub.docker.com/r/grafana/grafana
|
||||
type: application
|
||||
version: 14.8.1
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
title: README
|
||||
---
|
||||
|
||||
## General Info
|
||||
|
||||
TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE.
|
||||
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||
|
||||
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/grafana)
|
||||
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
|
||||
- See the [Website](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||
|
||||
---
|
||||
|
||||
## Sponsor TrueCharts
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||
|
||||
_All Rights Reserved - The TrueCharts Project_
|
|
@ -0,0 +1,11 @@
|
|||
|
||||
|
||||
## [grafana-14.8.1](https://github.com/truecharts/charts/compare/grafana-14.7.0...grafana-14.8.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
|
@ -0,0 +1,8 @@
|
|||
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, Elasticsearch, OpenTSDB, Prometheus and InfluxDB.
|
||||
|
||||
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/grafana](https://truecharts.org/charts/premium/grafana)
|
||||
|
||||
---
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
Binary file not shown.
|
@ -0,0 +1,346 @@
|
|||
image:
|
||||
repository: grafana/grafana
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 10.4.0@sha256:f9811e4e687ffecf1a43adb9b64096c50bc0d7a782f8608530f478b6542de7d5
|
||||
|
||||
sidecarImage:
|
||||
repository: quay.io/kiwigrid/k8s-sidecar
|
||||
tag: 1.26.1@sha256:b8d5067137fec093cf48670dc3a1dbb38f9e734f3a6683015c2e89a45db5fd16
|
||||
|
||||
securityContext:
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
protocol: http
|
||||
targetPort: 3000
|
||||
port: 3000
|
||||
workload:
|
||||
main:
|
||||
replicas: 2
|
||||
strategy: RollingUpdate
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
env:
|
||||
GF_SECURITY_ADMIN_USER: "admin"
|
||||
GF_SECURITY_ADMIN_PASSWORD: "testpassword"
|
||||
GF_INSTALL_PLUGINS: ""
|
||||
GF_AUTH_LDAP_ENABLED: "false"
|
||||
GF_AUTH_LDAP_ALLOW_SIGN_UP: "false"
|
||||
GF_SERVER_HTTP_PORT: 3000
|
||||
GF_DATABASE_TYPE: postgres
|
||||
GF_DATABASE_NAME: "{{ .Values.cnpg.main.user }}"
|
||||
GF_DATABASE_USER: "{{ .Values.cnpg.main.database }}"
|
||||
GF_DATABASE_SSL_MODE: disable
|
||||
GF_DATABASE_HOST:
|
||||
secretKeyRef:
|
||||
name: cnpg-main-urls
|
||||
key: host
|
||||
GF_DATABASE_PASSWORD:
|
||||
secretKeyRef:
|
||||
name: cnpg-main-user
|
||||
key: password
|
||||
probes:
|
||||
liveness:
|
||||
path: "/api/health"
|
||||
readiness:
|
||||
path: "/api/health"
|
||||
startup:
|
||||
path: "/api/health"
|
||||
dashboards:
|
||||
enabled: true
|
||||
imageSelector: sidecarImage
|
||||
env:
|
||||
IGNORE_ALREADY_PROCESSED: false
|
||||
METHOD: WATCH
|
||||
LABEL: grafana_dashboard
|
||||
LABEL_VALUE: "1"
|
||||
LOG_LEVEL: info
|
||||
FOLDER: /tmp/dashboards
|
||||
RESOURCE: both
|
||||
NAMESPACE: "ALL"
|
||||
UNIQUE_FILENAMES: false
|
||||
# NAMESPACE: null
|
||||
# FOLDER_ANNOTATION: null
|
||||
# script: null
|
||||
# WATCH_SERVER_TIMEOUT: 3600
|
||||
# WATCH_CLIENT_TIMEOUT: 3600
|
||||
SKIP_TLS_VERIFY: false
|
||||
REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}"
|
||||
REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}"
|
||||
REQ_URL: "http://localhost:3000/api/admin/provisioning/dashboards/reload"
|
||||
REQ_METHOD: POST
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
datasources:
|
||||
enabled: true
|
||||
imageSelector: sidecarImage
|
||||
env:
|
||||
IGNORE_ALREADY_PROCESSED: false
|
||||
METHOD: WATCH
|
||||
LABEL: grafana_datasources
|
||||
LABEL_VALUE: "1"
|
||||
LOG_LEVEL: info
|
||||
FOLDER: /etc/grafana/provisioning/datasources
|
||||
RESOURCE: both
|
||||
NAMESPACE: "ALL"
|
||||
UNIQUE_FILENAMES: false
|
||||
# NAMESPACE: null
|
||||
# FOLDER_ANNOTATION: null
|
||||
# script: null
|
||||
# WATCH_SERVER_TIMEOUT: 3600
|
||||
# WATCH_CLIENT_TIMEOUT: 3600
|
||||
SKIP_TLS_VERIFY: false
|
||||
REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}"
|
||||
REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}"
|
||||
REQ_URL: "http://localhost:3000/api/admin/provisioning/datasources/reload"
|
||||
REQ_METHOD: POST
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
alerts:
|
||||
enabled: true
|
||||
imageSelector: sidecarImage
|
||||
env:
|
||||
IGNORE_ALREADY_PROCESSED: false
|
||||
METHOD: WATCH
|
||||
LABEL: grafana_alerts
|
||||
LABEL_VALUE: "1"
|
||||
LOG_LEVEL: info
|
||||
FOLDER: /etc/grafana/provisioning/alerts
|
||||
RESOURCE: both
|
||||
NAMESPACE: "ALL"
|
||||
UNIQUE_FILENAMES: false
|
||||
# NAMESPACE: null
|
||||
# FOLDER_ANNOTATION: null
|
||||
# script: null
|
||||
# WATCH_SERVER_TIMEOUT: 3600
|
||||
# WATCH_CLIENT_TIMEOUT: 3600
|
||||
SKIP_TLS_VERIFY: false
|
||||
REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}"
|
||||
REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}"
|
||||
REQ_URL: "http://localhost:3000/api/admin/provisioning/alerts/reload"
|
||||
REQ_METHOD: POST
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
plugins:
|
||||
enabled: true
|
||||
imageSelector: sidecarImage
|
||||
env:
|
||||
IGNORE_ALREADY_PROCESSED: false
|
||||
METHOD: WATCH
|
||||
LABEL: grafana_plugins
|
||||
LABEL_VALUE: "1"
|
||||
LOG_LEVEL: info
|
||||
FOLDER: /etc/grafana/provisioning/plugins
|
||||
RESOURCE: both
|
||||
NAMESPACE: "ALL"
|
||||
UNIQUE_FILENAMES: false
|
||||
# NAMESPACE: null
|
||||
# FOLDER_ANNOTATION: null
|
||||
# script: null
|
||||
# WATCH_SERVER_TIMEOUT: 3600
|
||||
# WATCH_CLIENT_TIMEOUT: 3600
|
||||
SKIP_TLS_VERIFY: false
|
||||
REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}"
|
||||
REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}"
|
||||
REQ_URL: "http://localhost:3000/api/admin/provisioning/plugins/reload"
|
||||
REQ_METHOD: POST
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
notifiers:
|
||||
enabled: true
|
||||
imageSelector: sidecarImage
|
||||
env:
|
||||
IGNORE_ALREADY_PROCESSED: false
|
||||
METHOD: WATCH
|
||||
LABEL: grafana_notifiers
|
||||
LABEL_VALUE: "1"
|
||||
LOG_LEVEL: info
|
||||
FOLDER: /etc/grafana/provisioning/notifiers
|
||||
RESOURCE: both
|
||||
NAMESPACE: "ALL"
|
||||
UNIQUE_FILENAMES: false
|
||||
# NAMESPACE: null
|
||||
# FOLDER_ANNOTATION: null
|
||||
# script: null
|
||||
# WATCH_SERVER_TIMEOUT: 3600
|
||||
# WATCH_CLIENT_TIMEOUT: 3600
|
||||
SKIP_TLS_VERIFY: false
|
||||
REQ_USERNAME: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_USER }}"
|
||||
REQ_PASSWORD: "{{ .Values.workload.main.podSpec.containers.main.env.GF_SECURITY_ADMIN_PASSWORD }}"
|
||||
REQ_URL: "http://localhost:3000/api/admin/provisioning/notifiers/reload"
|
||||
REQ_METHOD: POST
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
|
||||
configmap:
|
||||
dashboard-provider:
|
||||
enabled: true
|
||||
data:
|
||||
provider.yaml: |-
|
||||
apiVersion: 1
|
||||
providers:
|
||||
- name: sidecarProvider
|
||||
orgId: 1
|
||||
folder: ''
|
||||
type: file
|
||||
disableDeletion: false
|
||||
allowUiUpdates: false
|
||||
updateIntervalSeconds: 30
|
||||
options:
|
||||
foldersFromFilesStructure: false
|
||||
path: /tmp/dashboards
|
||||
config:
|
||||
enabled: true
|
||||
data:
|
||||
grafana.ini: |-
|
||||
paths:
|
||||
data: /var/lib/grafana/
|
||||
logs: /var/log/grafana
|
||||
plugins: /var/lib/grafana/plugins
|
||||
provisioning: /etc/grafana/provisioning
|
||||
analytics:
|
||||
check_for_updates: true
|
||||
log:
|
||||
mode: console
|
||||
grafana_net:
|
||||
url: https://grafana.net
|
||||
server:
|
||||
domain: "{{ if (and .Values.ingress.main.enabled .Values.ingress.main.hosts) }}{{ .Values.ingress.main.hosts | first }}{{ else }}''{{ end }}"
|
||||
ldap.toml: |-
|
||||
# nope
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: config
|
||||
mountPath: /etc/grafana/grafana.ini
|
||||
subPath: grafana.ini
|
||||
ldap:
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: config
|
||||
mountPath: /etc/grafana/ldap.toml
|
||||
subPath: ldap.toml
|
||||
data:
|
||||
enabled: true
|
||||
mountPath: "/var/lib/grafana"
|
||||
grafana-tmp:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
mountPath: /app/tmp
|
||||
targetSelectAll: true
|
||||
sc-dashboard-volume:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
mountPath: /tmp/dashboards
|
||||
targetSelectAll: true
|
||||
sc-dashboard-config:
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: dashboard-provider
|
||||
mountPath: /etc/grafana/provisioning/dashboards/sc-dashboardproviders.yaml
|
||||
subPath: provider.yaml
|
||||
sc-datasource-volume:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
mountPath: /etc/grafana/provisioning/datasources
|
||||
targetSelectAll: true
|
||||
sc-alerts-volume:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
mountPath: /etc/grafana/provisioning/alerts
|
||||
targetSelectAll: true
|
||||
sc-plugins-volume:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
mountPath: /etc/grafana/provisioning/plugins
|
||||
targetSelectAll: true
|
||||
sc-notifiers-volume:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
mountPath: /etc/grafana/provisioning/notifiers
|
||||
targetSelectAll: true
|
||||
metrics:
|
||||
main:
|
||||
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
|
||||
# @default -- See values.yaml
|
||||
enabled: true
|
||||
type: "servicemonitor"
|
||||
endpoints:
|
||||
- port: main
|
||||
path: /metrics
|
||||
# -- Enable and configure Prometheus Rules for the chart under this key.
|
||||
# @default -- See values.yaml
|
||||
prometheusRule:
|
||||
enabled: false
|
||||
labels: {}
|
||||
# -- Configure additionial rules for the chart under this key.
|
||||
# @default -- See prometheusrules.yaml
|
||||
rules: []
|
||||
# - alert: UnifiPollerAbsent
|
||||
# annotations:
|
||||
# description: Unifi Poller has disappeared from Prometheus service discovery.
|
||||
# summary: Unifi Poller is down.
|
||||
# expr: |
|
||||
# absent(up{job=~".*unifi-poller.*"} == 1)
|
||||
# for: 5m
|
||||
# labels:
|
||||
# severity: critical
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
||||
|
||||
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
|
||||
rbac:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
clusterWide: true
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["configmaps", "secrets"]
|
||||
verbs: ["get", "watch", "list"]
|
||||
|
||||
serviceAccount:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
|
||||
podOptions:
|
||||
automountServiceAccountToken: true
|
||||
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
user: grafana
|
||||
database: grafana
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,100 @@
|
|||
---
|
||||
title: Changelog
|
||||
---
|
||||
|
||||
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
**Important:**
|
||||
|
||||
|
||||
## [metallb-config-6.7.1](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
|
||||
## [metallb-config-6.7.0](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
|
@ -0,0 +1,38 @@
|
|||
annotations:
|
||||
max_scale_version: 24.04.0
|
||||
min_scale_version: 23.10.0
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/category: core
|
||||
truecharts.org/max_helm_version: "3.14"
|
||||
truecharts.org/min_helm_version: "3.11"
|
||||
truecharts.org/train: premium
|
||||
apiVersion: v2
|
||||
appVersion: latest
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 20.2.2
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: ""
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
deprecated: false
|
||||
description: A network load-balancer implementation for Kubernetes using standard routing protocols
|
||||
home: https://truecharts.org/charts/premium/metallb-config
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/metallb-config.png
|
||||
keywords:
|
||||
- metallb
|
||||
- loadbalancer
|
||||
kubeVersion: ">=1.24.0-0"
|
||||
maintainers:
|
||||
- name: TrueCharts
|
||||
email: info@truecharts.org
|
||||
url: https://truecharts.org
|
||||
name: metallb-config
|
||||
sources:
|
||||
- https://metallb.universe.tf
|
||||
- https://github.com/metallb/metallb
|
||||
- https://github.com/truecharts/charts/tree/master/charts/premium/metallb-config
|
||||
- https://hub.docker.com/_/hello-world
|
||||
type: application
|
||||
version: 6.7.1
|
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
title: README
|
||||
---
|
||||
|
||||
## General Info
|
||||
|
||||
TrueCharts can be installed as both _normal_ Helm Charts or as Apps on TrueNAS SCALE.
|
||||
However only installations using the TrueNAS SCALE Apps system are supported.
|
||||
|
||||
For more information about this App, please check the docs on the TrueCharts [website](https://truecharts.org/charts/premium/metallb-config)
|
||||
|
||||
**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/truecharts/charts/issues/new/choose)**
|
||||
|
||||
## Support
|
||||
|
||||
- Please check our [quick-start guides for TrueNAS SCALE](https://truecharts.org/manual/SCALE/guides/scale-intro).
|
||||
- See the [Website](https://truecharts.org)
|
||||
- Check our [Discord](https://discord.gg/tVsPTHWTtr)
|
||||
- Open a [issue](https://github.com/truecharts/charts/issues/new/choose)
|
||||
|
||||
---
|
||||
|
||||
## Sponsor TrueCharts
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
||||
|
||||
_All Rights Reserved - The TrueCharts Project_
|
|
@ -0,0 +1,11 @@
|
|||
|
||||
|
||||
## [metallb-config-6.7.1](https://github.com/truecharts/charts/compare/metallb-config-6.6.0...metallb-config-6.7.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
|
@ -0,0 +1,8 @@
|
|||
A network load-balancer implementation for Kubernetes using standard routing protocols
|
||||
|
||||
This App is supplied by TrueCharts, for more information visit the manual: [https://truecharts.org/charts/premium/metallb-config](https://truecharts.org/charts/premium/metallb-config)
|
||||
|
||||
---
|
||||
|
||||
TrueCharts can only exist due to the incredible effort of our staff.
|
||||
Please consider making a [donation](https://truecharts.org/sponsor) or contributing back to the project any way you can!
|
Binary file not shown.
|
@ -0,0 +1,73 @@
|
|||
image:
|
||||
repository: hello-world
|
||||
tag: latest@sha256:d000bc569937abbe195e20322a0bde6b2922d805332fd6d8a68b19f524b7d21d
|
||||
pullPolicy: IfNotPresent
|
||||
manifestManager:
|
||||
enabled: false
|
||||
workload:
|
||||
main:
|
||||
enabled: false
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
enabled: false
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
service:
|
||||
main:
|
||||
enabled: false
|
||||
ports:
|
||||
main:
|
||||
enabled: false
|
||||
port: 9999
|
||||
operator:
|
||||
verify:
|
||||
enabled: true
|
||||
additionalOperators: ["metallb"]
|
||||
portal:
|
||||
open:
|
||||
enabled: false
|
||||
ipAddressPools: []
|
||||
# - name: example
|
||||
# autoAssign: true
|
||||
# avoidBuggyIPs: true
|
||||
# addresses:
|
||||
# - 192.168.1.1-192.168.1.100
|
||||
L2Advertisements: []
|
||||
# - name: l2adv
|
||||
# addressPools:
|
||||
# - pool1
|
||||
# nodeSelectors:
|
||||
# - nodeA
|
||||
BGPAdvertisements: []
|
||||
# - name: bgpadv
|
||||
# addressPools:
|
||||
# - pool1
|
||||
# aggregationLength: 24
|
||||
# localpref: 100
|
||||
# communities:
|
||||
# - 1234:1
|
||||
# peers:
|
||||
# - peer1
|
||||
Communities: []
|
||||
# - name: community1
|
||||
# value: 1234:1
|
||||
Peers: []
|
||||
# - name: peer1
|
||||
# myASN: 1234
|
||||
# password: pass
|
||||
# routerID: 1234
|
||||
# bfdProfile: profile
|
||||
# ebgpMultiHop: false
|
||||
# holdTime: 10
|
||||
# keepaliveTime: 10
|
||||
# peerAddress: 172.30.0.2
|
||||
# peerPort: 179
|
||||
# sourceAddress: 172.30.0.3
|
||||
# nodeSelectors:
|
||||
# - nodeA
|
|
@ -0,0 +1,368 @@
|
|||
groups:
|
||||
- name: Container Image
|
||||
description: Image to be used for container
|
||||
- name: General Settings
|
||||
description: General Deployment Settings
|
||||
- name: Workload Settings
|
||||
description: Workload Settings
|
||||
- name: App Configuration
|
||||
description: App Specific Config Options
|
||||
- name: Networking and Services
|
||||
description: Configure Network and Services for Container
|
||||
- name: Storage and Persistence
|
||||
description: Persist and Share Data that is Separate from the Container
|
||||
- name: Ingress
|
||||
description: Ingress Configuration
|
||||
- name: Security and Permissions
|
||||
description: Configure Security Context and Permissions
|
||||
- name: Resources and Devices
|
||||
description: "Specify Resources/Devices to be Allocated to Workload"
|
||||
- name: Middlewares
|
||||
description: Traefik Middlewares
|
||||
- name: Metrics
|
||||
description: Metrics
|
||||
- name: Addons
|
||||
description: Addon Configuration
|
||||
- name: Backup Configuration
|
||||
description: Configure Velero Backup Schedule
|
||||
- name: Advanced
|
||||
description: Advanced Configuration
|
||||
- name: Postgresql
|
||||
description: Postgresql
|
||||
- name: Documentation
|
||||
description: Documentation
|
||||
|
||||
questions:
|
||||
- variable: global
|
||||
group: General Settings
|
||||
label: "Global Settings"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: stopAll
|
||||
label: Stop All
|
||||
description: "Stops All Running pods and hibernates cnpg"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
- variable: ipAddressPools
|
||||
group: App Configuration
|
||||
label: IP Address Pools Object
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: ipAddressPoolsEntry
|
||||
label: IP Address Pool Entry
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Name
|
||||
description: Name of the IP address pool
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: autoAssign
|
||||
label: Auto Assign
|
||||
description: AutoAssign flag used to prevent MetallB from automatic
|
||||
allocation for a pool.
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: avoidBuggyIPs
|
||||
label: Avoid Buggy IPs
|
||||
description: AvoidBuggyIPs prevents addresses ending with .0 and .255
|
||||
to be used by a pool.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: addresses
|
||||
label: Addresses Pools
|
||||
description: A list of IP address ranges over which MetalLB has authority.
|
||||
You can list multiple ranges in a single pool, they will all share
|
||||
the same settings. Each range can be either a CIDR prefix, or an
|
||||
explicit start-end range of IPs.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: addressPoolEntry
|
||||
label: Address Pool Entry
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
required: true
|
||||
- variable: L2Advertisements
|
||||
group: App Configuration
|
||||
label: L2 Advertisements
|
||||
description: L2Advertisement allows to advertise the LoadBalancer IPs provided
|
||||
by the selected pools via L2.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: L2AdvertisementEntry
|
||||
label: L2 Advertisement Entry
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Name
|
||||
description: Name of the L2 Advertisement
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: addressPools
|
||||
label: Address Pools
|
||||
description: The list of IPAddressPools to advertise via this advertisement,
|
||||
selected by name.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: addressPoolEntry
|
||||
label: Address Pool Entry
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
required: true
|
||||
- variable: nodeSelectors
|
||||
label: Node Selectors
|
||||
description: NodeSelectors allows to limit the nodes to announce as
|
||||
next hops for the LoadBalancer IP. When empty, all the nodes having are
|
||||
announced as next hops.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: nodeSelectorEntry
|
||||
label: Node Selector Entry
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
required: true
|
||||
- variable: Communities
|
||||
group: App Configuration
|
||||
label: Communities
|
||||
description: Community is a collection of aliases for communities. Users can
|
||||
define named aliases to be used in the BGPPeer CRD.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: CommunityEntry
|
||||
label: Community Entry
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Name
|
||||
description: The name of the alias for the community.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: value
|
||||
label: Value
|
||||
description: The BGP community value corresponding to the given name.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: Peers
|
||||
group: App Configuration
|
||||
label: Peers
|
||||
description: BGPPeer is the Schema for the peers API.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: PeerEntry
|
||||
label: Peer Entry
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Name
|
||||
description: The name of the peer.
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: bfdProfile
|
||||
label: BFD Profile
|
||||
description: The name of the BFD Profile to be used for the BFD session
|
||||
associated to the BGP session. If not set, the BFD session won't
|
||||
be set up.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: ebgpMultiHop
|
||||
label: EBGP MultiHop
|
||||
description: TTo set if the BGPPeer is multi-hops away. Needed for
|
||||
FRR mode only.
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: holdTime
|
||||
label: Hold Time
|
||||
description: Requested BGP hold time, per RFC4271.
|
||||
schema:
|
||||
type: int
|
||||
- variable: keepaliveTime
|
||||
label: Keep Alive Time
|
||||
description: Requested BGP keep alive time, per RFC4271.
|
||||
schema:
|
||||
type: int
|
||||
- variable: myASN
|
||||
label: My ASN
|
||||
description: AS number to use for the local end of the session.
|
||||
schema:
|
||||
type: int
|
||||
- variable: password
|
||||
label: Password
|
||||
description: Authentication password for routers enforcing TCP MD5
|
||||
authenticated sessions
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: peerASN
|
||||
label: Peer ASN
|
||||
description: AS number to expect from the remote end of the session.
|
||||
schema:
|
||||
type: string
|
||||
valid_chars: '^[0-9]*$'
|
||||
default: ""
|
||||
- variable: peerAddress
|
||||
label: Peer Address
|
||||
description: Address to dial when establishing the session.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: peerPort
|
||||
label: Peer Port
|
||||
description: Port to dial when establishing the session.
|
||||
schema:
|
||||
type: string
|
||||
valid_chars: '^[0-9]*$'
|
||||
default: ""
|
||||
- variable: routerID
|
||||
label: Router ID
|
||||
description: BGP router ID to advertise to the peer
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: sourceAddress
|
||||
label: Source Address
|
||||
description: Source address to use when establishing the session.
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: nodeSelectors
|
||||
label: Node Selectors
|
||||
description: Only connect to this peer on nodes that match one of
|
||||
these selectors.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: nodeSelectorEntry
|
||||
label: Node Selector Entry
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
required: true
|
||||
- variable: BGPAdvertisements
|
||||
group: App Configuration
|
||||
label: BGP Advertisements
|
||||
description: BGPAdvertisement allows to advertise the IPs coming from the
|
||||
selected IPAddressPools via BGP.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: BGPAdvertisementEntry
|
||||
label: BGP Advertisement Entry
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Name
|
||||
description: Name of the BGP Advertisement
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: addressPools
|
||||
label: Address Pools
|
||||
description: The list of IPAddressPools to advertise via this advertisement,
|
||||
selected by name.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: addressPoolEntry
|
||||
label: Address Pool Entry
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
required: true
|
||||
- variable: aggregationLength
|
||||
label: Aggregation Length
|
||||
description: The aggregation-length advertisement option lets you
|
||||
"roll up" the /32s into a larger prefix. Defaults to 32. Works for
|
||||
IPv4 addresses.
|
||||
schema:
|
||||
type: string
|
||||
valid_chars: '^[0-9]*$'
|
||||
default: ""
|
||||
- variable: localpref
|
||||
label: Local Pref
|
||||
description: The BGP LOCAL_PREF attribute which is used by BGP best
|
||||
path algorithm, Path with higher localpref is preferred over one
|
||||
with lower localpref.
|
||||
schema:
|
||||
type: string
|
||||
valid_chars: '^[0-9]*$'
|
||||
default: ""
|
||||
- variable: communities
|
||||
label: Communities
|
||||
description: The BGP communities to be associated with the announcement.
|
||||
Each item can be a community of the form 1234:1234 or the name of
|
||||
an alias defined in the Community CRD.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: communityEntry
|
||||
label: Community Entry
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
required: true
|
||||
- variable: peers
|
||||
label: Peers
|
||||
description: Peers limits the BGPpeer to advertise the ips of the
|
||||
selected pools to. When empty, the loadbalancer IP is announced
|
||||
to all the BGPPeers configured.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: peerEntry
|
||||
label: Peer Entry
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
required: true
|
|
@ -0,0 +1,33 @@
|
|||
{{- define "metallb.bgpadv" -}}
|
||||
{{- range .Values.BGPAdvertisements }}
|
||||
---
|
||||
apiVersion: metallb.io/v1beta1
|
||||
kind: BGPAdvertisement
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
namespace: {{ $.Values.operatorNamespace }}
|
||||
spec:
|
||||
ipAddressPools:
|
||||
{{- range .addressPools }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- with .aggregationLength }}
|
||||
aggregationLength: {{ . | int }}
|
||||
{{- end }}
|
||||
{{- with .localpref }}
|
||||
localpref: {{ . | int }}
|
||||
{{- end }}
|
||||
{{- if .communities }}
|
||||
communities:
|
||||
{{- range .communities }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .peers }}
|
||||
peers:
|
||||
{{- range .peers }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,16 @@
|
|||
{{- define "metallb.comm" -}}
|
||||
{{- if .Values.Communities }}
|
||||
---
|
||||
apiVersion: metallb.io/v1beta1
|
||||
kind: Community
|
||||
metadata:
|
||||
name: communities
|
||||
namespace: {{ $.Values.operatorNamespace }}
|
||||
spec:
|
||||
communities:
|
||||
{{- range .Values.Communities }}
|
||||
- name: {{ .name }}
|
||||
value: {{ .value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,17 @@
|
|||
{{- define "metallb.pool" -}}
|
||||
{{- range .Values.ipAddressPools }}
|
||||
---
|
||||
apiVersion: metallb.io/v1beta1
|
||||
kind: IPAddressPool
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
namespace: {{ $.Values.operatorNamespace }}
|
||||
spec:
|
||||
addresses:
|
||||
{{- range .addresses }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
autoAssign: {{ .autoAssign | default true }}
|
||||
avoidBuggyIPs: {{ .avoidBuggyIPs | default false }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,22 @@
|
|||
{{- define "metallb.l2adv" -}}
|
||||
{{- range .Values.L2Advertisements }}
|
||||
---
|
||||
apiVersion: metallb.io/v1beta1
|
||||
kind: L2Advertisement
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
namespace: {{ $.Values.operatorNamespace }}
|
||||
spec:
|
||||
ipAddressPools:
|
||||
{{- range .addressPools }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
{{- if .nodeSelectors }}
|
||||
{{- range .nodeSelectors }}
|
||||
nodeSelectors:
|
||||
- matchLabels:
|
||||
kubernetes.io/hostname: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,51 @@
|
|||
{{- define "metallb.peers" -}}
|
||||
{{- range .Values.Peers }}
|
||||
---
|
||||
apiVersion: metallb.io/v1beta2
|
||||
kind: BGPPeer
|
||||
metadata:
|
||||
name: {{ .name }}
|
||||
namespace: {{ $.Values.operatorNamespace }}
|
||||
spec:
|
||||
{{- with .password }}
|
||||
password: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .routerID }}
|
||||
routerID: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .bfdProfile }}
|
||||
bfdProfile: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .ebgpMultiHop }}
|
||||
ebgpMultiHop: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .holdTime }}
|
||||
holdTime: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .keepaliveTime }}
|
||||
keepaliveTime: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .myASN }}
|
||||
myASN: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .peerASN }}
|
||||
peerASN: {{ . | int }}
|
||||
{{- end }}
|
||||
{{- with .peerAddress }}
|
||||
peerAddress: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .peerPort }}
|
||||
peerPort: {{ . | int }}
|
||||
{{- end }}
|
||||
{{- with .sourceAddress }}
|
||||
sourceAddress: {{ . }}
|
||||
{{- end }}
|
||||
{{- if .nodeSelectors }}
|
||||
nodeSelectors:
|
||||
{{- range .nodeSelectors }}
|
||||
- matchLabels:
|
||||
kubernetes.io/hostname: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
|
@ -0,0 +1,21 @@
|
|||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.v1.common.loader.init" . }}
|
||||
|
||||
{{- $operatorNamespace := "metallb-system" -}}
|
||||
{{- if .Values.operator.metallb -}}
|
||||
{{ $operatorNamespace = ( $.Values.operator.metallb.namespace | default "metallb-system") }}
|
||||
{{- end -}}
|
||||
{{- $_ := set $.Values "operatorNamespace" $operatorNamespace -}}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.v1.common.loader.apply" . }}
|
||||
|
||||
{{- include "metallb.l2adv" . }}
|
||||
|
||||
{{- include "metallb.peers" . }}
|
||||
|
||||
{{- include "metallb.bgpadv" . }}
|
||||
|
||||
{{- include "metallb.comm" . }}
|
||||
|
||||
{{- include "metallb.pool" . }}
|
|
@ -1,26 +0,0 @@
|
|||
---
|
||||
title: Changelog
|
||||
---
|
||||
|
||||
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
**Important:**
|
||||
|
||||
|
||||
## [nextcloud-29.6.0](https://github.com/truecharts/charts/compare/nextcloud-29.5.6...nextcloud-29.6.0) (2024-03-16)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.1.5[@dc867e0](https://github.com/dc867e0) by renovate ([#19210](https://github.com/truecharts/charts/issues/19210))
|
||||
|
||||
|
||||
## [nextcloud-29.5.6](https://github.com/truecharts/charts/compare/nextcloud-29.5.5...nextcloud-29.5.6) (2024-03-16)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- rename `enterprise`- train to `premium`-train
|
|
@ -1,53 +0,0 @@
|
|||
annotations:
|
||||
max_scale_version: 24.04.0
|
||||
min_scale_version: 23.10.0
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/category: cloud
|
||||
truecharts.org/max_helm_version: "3.14"
|
||||
truecharts.org/min_helm_version: "3.12"
|
||||
truecharts.org/train: premium
|
||||
apiVersion: v2
|
||||
appVersion: 28.0.3
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 20.1.5
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: ""
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
- name: redis
|
||||
version: 13.0.3
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: redis.enabled
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
deprecated: false
|
||||
description: A private cloud server that puts the control and security of your own data back into your hands.
|
||||
home: https://truecharts.org/charts/premium/nextcloud
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png
|
||||
keywords:
|
||||
- nextcloud
|
||||
- storage
|
||||
- http
|
||||
- web
|
||||
- php
|
||||
kubeVersion: '>=1.24.0-0'
|
||||
maintainers:
|
||||
- name: TrueCharts
|
||||
email: info@truecharts.org
|
||||
url: https://truecharts.org
|
||||
name: nextcloud
|
||||
sources:
|
||||
- https://github.com/nextcloud/docker
|
||||
- https://github.com/nextcloud/helm
|
||||
- https://github.com/truecharts/charts/tree/master/charts/premium/nextcloud
|
||||
- https://hub.docker.com/r/clamav/clamav
|
||||
- https://github.com/truecharts/containers/tree/master/apps/nextcloud-push-notify
|
||||
- https://hub.docker.com/r/collabora/code
|
||||
- https://github.com/truecharts/containers/tree/master/apps/nextcloud-imaginary
|
||||
- https://hub.docker.com/r/nginxinc/nginx-unprivileged
|
||||
- https://github.com/truecharts/containers/tree/master/apps/nextcloud-fpm
|
||||
type: application
|
||||
version: 29.6.0
|
Binary file not shown.
Binary file not shown.
|
@ -1,516 +0,0 @@
|
|||
image:
|
||||
repository: tccr.io/tccr/nextcloud-fpm
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v28.0.3@sha256:77b7353be48b28d1bc1dcfa8bed1e0f3c989f6223647f9c99b07db0e8ab78c8d
|
||||
nginxImage:
|
||||
repository: nginxinc/nginx-unprivileged
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 1.25.4@sha256:060d468f78f016c7cfd49a548ed5d3456891cba1b54767b4ed48907981266f06
|
||||
imaginaryImage:
|
||||
repository: tccr.io/tccr/nextcloud-imaginary
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v20230401@sha256:6be7b4432a536d6004b94edea7dd3573f0cc061328b729ed8043236a0784f98c
|
||||
hpbImage:
|
||||
repository: tccr.io/tccr/nextcloud-push-notify
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.6.9@sha256:1950fd07cc1292551b16c7080514c24d8c22ce7947e06cbb12fd968d13970373
|
||||
clamavImage:
|
||||
repository: clamav/clamav
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 1.3.0@sha256:57555703249b4c57d760753bf3655871d3c51958bd5bd4a0dac6eb73c1c36516
|
||||
collaboraImage:
|
||||
repository: collabora/code
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 23.05.9.4.1@sha256:18768e665a817a06d17a608bcb0744dd0275e72d805644cad5ad1923f7d623b5
|
||||
nextcloud:
|
||||
# Initial Credentials
|
||||
credentials:
|
||||
initialAdminUser: admin
|
||||
initialAdminPassword: adminpass
|
||||
# General settings
|
||||
general:
|
||||
# Custom Nextcloud Scripts
|
||||
run_optimize: true
|
||||
default_phone_region: GR
|
||||
# IP used for exposing nextcloud,
|
||||
# often the loadbalancer IP
|
||||
accessIP: ""
|
||||
# Allows Nextcloud to connect to unsecure (http) endpoints
|
||||
force_enable_allow_local_remote_servers: false
|
||||
# File settings
|
||||
files:
|
||||
shared_folder_name: Shared
|
||||
max_chunk_size: 10485760
|
||||
# Expiration settings
|
||||
expirations:
|
||||
activity_expire_days: 90
|
||||
trash_retention_obligation: auto
|
||||
versions_retention_obligation: auto
|
||||
# Previews settings
|
||||
previews:
|
||||
enabled: true
|
||||
# It will also deploy the container
|
||||
imaginary: true
|
||||
cron: true
|
||||
schedule: "*/30 * * * *"
|
||||
max_x: 2048
|
||||
max_y: 2048
|
||||
max_memory: 1024
|
||||
max_file_size_image: 50
|
||||
# Setting for Imaginary
|
||||
max_allowed_resolution: 18.0
|
||||
jpeg_quality: 60
|
||||
square_sizes: 32 256
|
||||
width_sizes: 256 384
|
||||
height_sizes: 256
|
||||
# Casings are important
|
||||
# https://github.com/nextcloud/server/blob/master/config/config.sample.php#L1269
|
||||
# Only the last part of the provider is needed
|
||||
providers:
|
||||
- PNG
|
||||
- JPEG
|
||||
# Logging settings
|
||||
logging:
|
||||
log_level: 2
|
||||
log_file: /var/www/html/data/logs/nextcloud.log
|
||||
log_audit_file: /var/www/html/data/logs/audit.log
|
||||
log_date_format: d/m/Y H:i:s
|
||||
# ClamAV settings
|
||||
clamav:
|
||||
# It will also deploy the container
|
||||
# Note that this runs as root
|
||||
enabled: false
|
||||
stream_max_length: 26214400
|
||||
file_max_size: -1
|
||||
infected_action: only_log
|
||||
# Notify Push settings
|
||||
notify_push:
|
||||
# It will also deploy the container
|
||||
enabled: true
|
||||
# Collabora settings
|
||||
collabora:
|
||||
# It will also deploy the container
|
||||
enabled: false
|
||||
# default|compact|tabbed
|
||||
interface_mode: default
|
||||
username: admin
|
||||
password: changeme
|
||||
dictionaries:
|
||||
- de_DE
|
||||
- en_GB
|
||||
- en_US
|
||||
- el_GR
|
||||
- es_ES
|
||||
- fr_FR
|
||||
- pt_BR
|
||||
- pt_PT
|
||||
- it
|
||||
- nl
|
||||
- ru
|
||||
onlyoffice:
|
||||
# It will not deploy the container
|
||||
# Only add the OnlyOffice settings
|
||||
enabled: false
|
||||
url: ""
|
||||
internal_url: ""
|
||||
verify_ssl: true
|
||||
jwt: ""
|
||||
jwt_header: Authorization
|
||||
# PHP settings
|
||||
php:
|
||||
memory_limit: 1G
|
||||
upload_limit: 10G
|
||||
pm_max_children: 180
|
||||
pm_start_servers: 18
|
||||
pm_min_spare_servers: 12
|
||||
pm_max_spare_servers: 30
|
||||
opcache:
|
||||
interned_strings_buffer: 32
|
||||
max_accelerated_files: 10000
|
||||
memory_consumption: 128
|
||||
revalidate_freq: 60
|
||||
jit_buffer_size: 128
|
||||
# Do NOT edit below this line
|
||||
workload:
|
||||
# Nextcloud php-fpm
|
||||
main:
|
||||
type: Deployment
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: nextcloud-config
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
type: exec
|
||||
command: /healthcheck.sh
|
||||
readiness:
|
||||
enabled: true
|
||||
type: exec
|
||||
command: /healthcheck.sh
|
||||
startup:
|
||||
enabled: true
|
||||
type: tcp
|
||||
port: "{{ .Values.service.nextcloud.ports.nextcloud.targetPort }}"
|
||||
nginx:
|
||||
enabled: true
|
||||
type: Deployment
|
||||
strategy: RollingUpdate
|
||||
replicas: 1
|
||||
podSpec:
|
||||
containers:
|
||||
nginx:
|
||||
enabled: true
|
||||
primary: true
|
||||
imageSelector: nginxImage
|
||||
probes:
|
||||
readiness:
|
||||
enabled: true
|
||||
path: /robots.txt
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
httpHeaders:
|
||||
Host: kube.internal.healthcheck
|
||||
liveness:
|
||||
enabled: true
|
||||
path: /robots.txt
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
httpHeaders:
|
||||
Host: kube.internal.healthcheck
|
||||
startup:
|
||||
enabled: true
|
||||
type: tcp
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
notify:
|
||||
enabled: true
|
||||
type: Deployment
|
||||
strategy: RollingUpdate
|
||||
replicas: 1
|
||||
podSpec:
|
||||
containers:
|
||||
notify:
|
||||
primary: true
|
||||
enabled: true
|
||||
imageSelector: hpbImage
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: hpb-config
|
||||
probes:
|
||||
readiness:
|
||||
enabled: true
|
||||
path: /push/test/cookie
|
||||
port: 7867
|
||||
httpHeaders:
|
||||
Host: kube.internal.healthcheck
|
||||
liveness:
|
||||
enabled: true
|
||||
path: /push/test/cookie
|
||||
port: 7867
|
||||
httpHeaders:
|
||||
Host: kube.internal.healthcheck
|
||||
startup:
|
||||
enabled: true
|
||||
type: tcp
|
||||
port: 7867
|
||||
imaginary:
|
||||
enabled: true
|
||||
type: Deployment
|
||||
strategy: RollingUpdate
|
||||
replicas: 1
|
||||
podSpec:
|
||||
containers:
|
||||
imaginary:
|
||||
primary: true
|
||||
enabled: true
|
||||
imageSelector: imaginaryImage
|
||||
command: imaginary
|
||||
args:
|
||||
- -p
|
||||
- "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
||||
- -concurrency
|
||||
- "10"
|
||||
- -max-allowed-resolution
|
||||
- "{{ .Values.nextcloud.previews.max_allowed_resolution }}"
|
||||
- -enable-url-source
|
||||
- -return-size
|
||||
probes:
|
||||
readiness:
|
||||
enabled: true
|
||||
path: /health
|
||||
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
||||
liveness:
|
||||
enabled: true
|
||||
path: /health
|
||||
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
||||
startup:
|
||||
enabled: true
|
||||
type: tcp
|
||||
port: "{{ .Values.service.imaginary.ports.imaginary.port }}"
|
||||
clamav:
|
||||
enabled: true
|
||||
type: Deployment
|
||||
strategy: RollingUpdate
|
||||
replicas: 1
|
||||
podSpec:
|
||||
containers:
|
||||
clamav:
|
||||
primary: true
|
||||
enabled: true
|
||||
imageSelector: clamavImage
|
||||
# FIXME: https://github.com/Cisco-Talos/clamav/issues/478
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
readOnlyRootFilesystem: false
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: clamav-config
|
||||
probes:
|
||||
readiness:
|
||||
enabled: true
|
||||
type: exec
|
||||
command: clamdcheck.sh
|
||||
liveness:
|
||||
enabled: true
|
||||
type: exec
|
||||
command: clamdcheck.sh
|
||||
startup:
|
||||
enabled: true
|
||||
type: tcp
|
||||
port: "{{ .Values.service.clamav.ports.clamav.targetPort }}"
|
||||
collabora:
|
||||
enabled: true
|
||||
type: Deployment
|
||||
strategy: RollingUpdate
|
||||
replicas: 1
|
||||
podSpec:
|
||||
containers:
|
||||
collabora:
|
||||
primary: true
|
||||
enabled: true
|
||||
imageSelector: collaboraImage
|
||||
securityContext:
|
||||
runAsUser: 100
|
||||
runAsGroup: 102
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: true
|
||||
capabilities:
|
||||
add:
|
||||
- CHOWN
|
||||
- FOWNER
|
||||
- SYS_CHROOT
|
||||
- MKNOD
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: collabora-config
|
||||
probes:
|
||||
readiness:
|
||||
enabled: true
|
||||
type: http
|
||||
path: /collabora/
|
||||
port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
|
||||
liveness:
|
||||
enabled: true
|
||||
type: http
|
||||
path: /collabora/
|
||||
port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
|
||||
startup:
|
||||
enabled: true
|
||||
type: tcp
|
||||
port: "{{ .Values.service.collabora.ports.collabora.targetPort }}"
|
||||
cronjobs:
|
||||
# Don't change names, it's used in the persistence
|
||||
- name: nextcloud-cron
|
||||
enabled: true
|
||||
schedule: "*/5 * * * *"
|
||||
cmd:
|
||||
- echo "Running [php -f /var/www/html/cron.php] ..."
|
||||
- php -f /var/www/html/cron.php
|
||||
- echo "Finished [php -f /var/www/html/cron.php]"
|
||||
- name: preview-cron
|
||||
enabled: "{{ .Values.nextcloud.previews.cron }}"
|
||||
schedule: "{{ .Values.nextcloud.previews.schedule }}"
|
||||
cmd:
|
||||
- echo "Running [occ preview:pre-generate] ..."
|
||||
- occ preview:pre-generate
|
||||
- echo "Finished [occ preview:pre-generate]"
|
||||
service:
|
||||
# Main service links to ingress easier
|
||||
# That's why the nginx is swapped with nextcloud
|
||||
main:
|
||||
targetSelector: nginx
|
||||
ports:
|
||||
main:
|
||||
targetSelector: nginx
|
||||
port: 8080
|
||||
nextcloud:
|
||||
enabled: true
|
||||
targetSelector: main
|
||||
ports:
|
||||
nextcloud:
|
||||
enabled: true
|
||||
targetSelector: main
|
||||
port: 9000
|
||||
targetPort: 9000
|
||||
notify:
|
||||
enabled: true
|
||||
targetSelector: notify
|
||||
ports:
|
||||
notify:
|
||||
enabled: true
|
||||
primary: true
|
||||
port: 7867
|
||||
targetPort: 7867
|
||||
targetSelector: notify
|
||||
metrics:
|
||||
enabled: true
|
||||
port: 7868
|
||||
targetSelector: notify
|
||||
imaginary:
|
||||
enabled: true
|
||||
targetSelector: imaginary
|
||||
ports:
|
||||
imaginary:
|
||||
enabled: true
|
||||
port: 9090
|
||||
targetSelector: imaginary
|
||||
clamav:
|
||||
enabled: true
|
||||
targetSelector: clamav
|
||||
ports:
|
||||
clamav:
|
||||
enabled: true
|
||||
port: 3310
|
||||
targetPort: 3310
|
||||
targetSelector: clamav
|
||||
collabora:
|
||||
enabled: true
|
||||
targetSelector: collabora
|
||||
ports:
|
||||
collabora:
|
||||
enabled: true
|
||||
port: 9980
|
||||
targetPort: 9980
|
||||
targetSelector: collabora
|
||||
persistence:
|
||||
php-tune:
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: php-tune
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /usr/local/etc/php-fpm.d/zz-tune.conf
|
||||
subPath: zz-tune.conf
|
||||
readOnly: true
|
||||
redis-session:
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: redis-session
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /usr/local/etc/php/conf.d/redis-session.ini
|
||||
subPath: redis-session.ini
|
||||
readOnly: true
|
||||
opcache-recommended:
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: opcache
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /usr/local/etc/php/conf.d/opcache-recommended.ini
|
||||
subPath: opcache-recommended.ini
|
||||
readOnly: true
|
||||
nginx:
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: nginx-config
|
||||
targetSelector:
|
||||
nginx:
|
||||
nginx:
|
||||
mountPath: /etc/nginx/nginx.conf
|
||||
subPath: nginx.conf
|
||||
readOnly: true
|
||||
nginx-temp:
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
targetSelector:
|
||||
nginx:
|
||||
nginx:
|
||||
mountPath: /tmp/nginx
|
||||
html:
|
||||
enabled: true
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /var/www/html
|
||||
nextcloud-cron:
|
||||
nextcloud-cron:
|
||||
mountPath: /var/www/html
|
||||
preview-cron:
|
||||
preview-cron:
|
||||
mountPath: /var/www/html
|
||||
nginx:
|
||||
nginx:
|
||||
mountPath: /var/www/html
|
||||
readOnly: true
|
||||
config:
|
||||
enabled: true
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /var/www/html/config
|
||||
nextcloud-cron:
|
||||
nextcloud-cron:
|
||||
mountPath: /var/www/html/config
|
||||
preview-cron:
|
||||
preview-cron:
|
||||
mountPath: /var/www/html/config
|
||||
notify:
|
||||
notify:
|
||||
mountPath: /var/www/html/config
|
||||
readOnly: true
|
||||
nginx:
|
||||
nginx:
|
||||
mountPath: /var/www/html/config
|
||||
readOnly: true
|
||||
data:
|
||||
enabled: true
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /var/www/html/data
|
||||
init-perms:
|
||||
mountPath: /var/www/html/data
|
||||
nextcloud-cron:
|
||||
nextcloud-cron:
|
||||
mountPath: /var/www/html/data
|
||||
preview-cron:
|
||||
preview-cron:
|
||||
mountPath: /var/www/html/data
|
||||
nginx:
|
||||
nginx:
|
||||
mountPath: /var/www/html/data
|
||||
readOnly: true
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
user: nextcloud
|
||||
database: nextcloud
|
||||
redis:
|
||||
enabled: true
|
||||
username: default
|
||||
portal:
|
||||
open:
|
||||
enabled: true
|
||||
updated: true
|
||||
|
||||
ingress:
|
||||
main:
|
||||
required: true
|
|
@ -0,0 +1,99 @@
|
|||
---
|
||||
title: Changelog
|
||||
---
|
||||
|
||||
|
||||
*for the complete changelog, please refer to the website*
|
||||
|
||||
**Important:**
|
||||
|
||||
|
||||
## [nextcloud-29.7.1](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [nextcloud-29.7.0](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [nextcloud-29.7.0](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [nextcloud-29.7.0](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [nextcloud-29.7.0](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [nextcloud-29.7.0](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
||||
|
||||
|
||||
## [nextcloud-29.7.0](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.0) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
|
@ -0,0 +1,53 @@
|
|||
annotations:
|
||||
max_scale_version: 24.04.0
|
||||
min_scale_version: 23.10.0
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/category: cloud
|
||||
truecharts.org/max_helm_version: "3.14"
|
||||
truecharts.org/min_helm_version: "3.11"
|
||||
truecharts.org/train: premium
|
||||
apiVersion: v2
|
||||
appVersion: 28.0.3
|
||||
dependencies:
|
||||
- name: common
|
||||
version: 20.2.2
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: ""
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
- name: redis
|
||||
version: 13.0.5
|
||||
repository: oci://tccr.io/truecharts
|
||||
condition: redis.enabled
|
||||
alias: ""
|
||||
tags: []
|
||||
import-values: []
|
||||
deprecated: false
|
||||
description: A private cloud server that puts the control and security of your own data back into your hands.
|
||||
home: https://truecharts.org/charts/premium/nextcloud
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/nextcloud.png
|
||||
keywords:
|
||||
- nextcloud
|
||||
- storage
|
||||
- http
|
||||
- web
|
||||
- php
|
||||
kubeVersion: ">=1.24.0-0"
|
||||
maintainers:
|
||||
- name: TrueCharts
|
||||
email: info@truecharts.org
|
||||
url: https://truecharts.org
|
||||
name: nextcloud
|
||||
sources:
|
||||
- https://github.com/nextcloud/docker
|
||||
- https://github.com/nextcloud/helm
|
||||
- https://github.com/truecharts/charts/tree/master/charts/premium/nextcloud
|
||||
- https://github.com/truecharts/containers/tree/master/apps/nextcloud-imaginary
|
||||
- https://github.com/truecharts/containers/tree/master/apps/nextcloud-push-notify
|
||||
- https://hub.docker.com/r/collabora/code
|
||||
- https://github.com/truecharts/containers/tree/master/apps/nextcloud-fpm
|
||||
- https://hub.docker.com/r/clamav/clamav
|
||||
- https://hub.docker.com/r/nginxinc/nginx-unprivileged
|
||||
type: application
|
||||
version: 29.7.1
|
|
@ -0,0 +1,15 @@
|
|||
|
||||
|
||||
## [nextcloud-29.7.1](https://github.com/truecharts/charts/compare/nextcloud-29.6.0...nextcloud-29.7.1) (2024-03-17)
|
||||
|
||||
### Chore
|
||||
|
||||
|
||||
|
||||
- update container image common to v20.2.2[@f7d0b92](https://github.com/f7d0b92) by renovate ([#19432](https://github.com/truecharts/charts/issues/19432))
|
||||
|
||||
- update container image common to v20.2.0[@91ade87](https://github.com/91ade87) by renovate ([#19361](https://github.com/truecharts/charts/issues/19361))
|
||||
|
||||
- update container image tccr.io/tccr/nextcloud-fpm to v28.0.3[@4e4a3ae](https://github.com/4e4a3ae) by renovate ([#19288](https://github.com/truecharts/charts/issues/19288))
|
||||
|
||||
- update container image redis to v13.0.5[@01c1933](https://github.com/01c1933) by renovate ([#19324](https://github.com/truecharts/charts/issues/19324))
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue