ziti-host make charts

charts/ziti-host/ziti-host/1.5.1/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/ziti-host/ziti-host/1.5.1/Chart.yaml

@@ -0,0 +1,12 @@
+annotations:
+  catalog.cattle.io/certified: partner
+  catalog.cattle.io/display-name: OpenZiti Service-Hosting
+  catalog.cattle.io/release-name: ziti-host
+apiVersion: v2
+appVersion: 0.24.12
+description: Host NetFoundry services with a single replica pod
+icon: https://partner-charts.rancher.io/assets/logos/ziti-host.png
+kubeVersion: '>= 1.20'
+name: ziti-host
+type: application
+version: 1.5.1

charts/ziti-host/ziti-host/1.5.1/app-readme.md

@@ -0,0 +1,7 @@
+# OpenZiti Service-Hosting Deployment for Kubernetes
+
+[OpenZiti](https://ziti.dev) makes it easy to embed Zero Trust, programmable networking directly into your app. With Ziti you can have Zero Trust, high performance networking on any Internet connection, without VPNs!
+
+You will need an enrollment token from your Ziti network to install this chart. Then you may control access to your Rancher cluster workloads by assigning services to the enrolled edge identity in your Ziti network dashboard.
+
+This chart installs a Ziti edge tunneler in a namespace of your cluster. Like all edge identities in a Ziti network, this tunneler too will need an identity. You will need to create the identity and paste its enrollment token when you install this chart. If you haven't already created your network you can do so for free with [the self-hosted quickstarts](https://openziti.github.io/) or take [the managed route with NetFoundry Teams](https://netfoundry.io/) (free tier).

charts/ziti-host/ziti-host/1.5.1/questions.yaml

@@ -0,0 +1,7 @@
+questions:
+- variable: enrollmentToken
+  required: true
+  type: string
+  label: Ziti identity enrollment token
+  description: Paste the one-time enrollment token which is a JSON web token from the controller 
+  group: "Global Settings"

charts/ziti-host/ziti-host/1.5.1/templates/NOTES.txt

@@ -0,0 +1,2 @@
+1. This deployment does not provide an ingress / server port, only egress from the pod to any `serverEgress` destinations you configure in a NetFoundry network e.g. https://kubernetes.default.svc:443:
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ziti-host.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")

charts/ziti-host/ziti-host/1.5.1/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/*
+Expand the name of the chart.
+*/}}
+
+{{- define "ziti-host.name" -}}
+    {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ziti-host.fullname" -}}
+    {{- if .Values.fullnameOverride }}
+        {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+    {{- else }}
+        {{- $name := default .Chart.Name .Values.nameOverride }}
+    {{- if contains $name .Release.Name }}
+        {{- .Release.Name | trunc 63 | trimSuffix "-" }}
+    {{- else }}
+        {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+    {{- end }}
+    {{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ziti-host.chart" -}}
+    {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ziti-host.labels" -}}
+helm.sh/chart: {{ include "ziti-host.chart" . }}
+{{ include "ziti-host.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ziti-host.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ziti-host.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ziti-host.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "ziti-host.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/ziti-host/ziti-host/1.5.1/templates/secrets.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "ziti-host.fullname" . }}-identity
+type: Opaque
+data:
+  enrollment-token: {{ .Values.enrollmentToken | b64enc }}

charts/ziti-host/ziti-host/1.5.1/templates/service.yaml

@@ -0,0 +1,79 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "ziti-host.fullname" . }}
+  labels:
+    {{- include "ziti-host.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      {{- include "ziti-host.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "ziti-host.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "ziti-host.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      dnsPolicy: {{ .Values.dnsPolicy }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: {{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            {{- toYaml .Values.ports | nindent 12 }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          {{ if .Values.image.command }}
+          command: {{ .Values.image.command }}
+          {{ end }}
+          args:
+            {{- toYaml .Values.image.args | nindent 12 }}
+          env:
+            - name: NF_REG_NAME
+              value: {{ include "ziti-host.fullname" . }}-identity
+          volumeMounts:
+            - mountPath: /enrollment-token
+              name: enrollment-token
+              readOnly: true
+            - mountPath: /netfoundry
+              name: persisted-identity
+              readOnly: false
+      hostNetwork: {{ .Values.hostNetwork }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: enrollment-token
+          secret:
+            secretName: {{ include "ziti-host.fullname" . }}-identity
+            defaultMode: 0400
+            items:
+            - key: enrollment-token
+              path: {{ include "ziti-host.fullname" . }}-identity.jwt
+        - name: persisted-identity
+          persistentVolumeClaim:
+            claimName: {{ include "ziti-host.fullname" . }}
+
+

charts/ziti-host/ziti-host/1.5.1/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ziti-host.serviceAccountName" . }}
+  labels:
+    {{- include "ziti-host.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

charts/ziti-host/ziti-host/1.5.1/templates/storage.yaml

@@ -0,0 +1,14 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "ziti-host.fullname" . }}
+  labels:
+    {{- include "ziti-host.labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- end -}}

charts/ziti-host/ziti-host/1.5.1/values.yaml

@@ -0,0 +1,76 @@
+# Default values for ziti-host.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+ingress:
+  enabled: false
+
+persistence:
+  enabled: true
+  accessMode: ReadWriteOnce
+  size: 100Mi
+
+image:
+  repository: netfoundry/ziti-tunnel
+#  pullPolicy: Never
+  pullPolicy: Always
+#  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+#  tag: helmtest
+#   command: ["sh", "-c", "while true; do sleep 11; done"]
+  args:
+    - "host"  # exec "ziti-tunnel host" to only host, not intercept, no DNS
+    - "--svcPollRate"
+    - "15"
+
+dnsPolicy: ClusterFirstWithHostNet
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+hostNetwork: False
+securityContext: {}
+  # capabilities:
+  #   add:
+  #     - NET_ADMIN
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+ports: []
+
+nodeSelector: {}
+#  kubernetes.io/role: master
+
+tolerations: []
+  # - key: node-role.kubernetes.io/master
+  #   operator: Exists
+  #   effect: NoSchedule
+
+affinity: {}
+
+replicas: 1

index.yaml

@@ -3946,4 +3946,21 @@ entries:
     urls:
     - assets/vals-operator/vals-operator-0.2.1.tgz
     version: 0.2.1
+  ziti-host:
+  - annotations:
+      catalog.cattle.io/certified: partner
+      catalog.cattle.io/display-name: OpenZiti Service-Hosting
+      catalog.cattle.io/release-name: ziti-host
+    apiVersion: v2
+    appVersion: 0.24.12
+    created: "2022-03-12T22:09:23.519926097-05:00"
+    description: Host NetFoundry services with a single replica pod
+    digest: ab8c3ed227d94ac33b2186d7856d2eea329c321d5fa95be8150e1cc1473ea42f
+    icon: https://partner-charts.rancher.io/assets/logos/ziti-host.png
+    kubeVersion: '>= 1.20'
+    name: ziti-host
+    type: application
+    urls:
+    - assets/ziti-host/ziti-host-1.5.1.tgz
+    version: 1.5.1
 generated: "2021-06-23T17:44:55.374388-07:00"