andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #901 from nflondo/main-source 

Charts CI
pull/903/head
atrendafilov 2023-10-05 15:44:49 +03:00 committed by GitHub
parent b353762194 e5cbf77d04
commit 875c3a3b3d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
213 changed files with 11318 additions and 763 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/bitnami/kafka-25.3.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/bitnami/redis-18.1.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/cockroach-labs/cockroachdb-11.2.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/confluent/confluent-for-kubernetes-0.824.14.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-3.38.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/datadog/datadog-operator-1.1.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/digitalis/vals-operator-0.7.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-ha-107.68.13.tgz Normal file
View File

Binary file not shown.

BIN
assets/jfrog/artifactory-jcr-107.68.13.tgz Normal file
View File

Binary file not shown.

BIN
assets/kong/kong-2.28.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/ngrok/kubernetes-ingress-controller-0.11.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/redpanda/redpanda-5.6.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/stackstate/stackstate-k8s-agent-1.0.49.tgz Normal file
View File

Binary file not shown.

2
charts/bitnami/kafka/Chart.yaml
View File

@ -45,4 +45,4 @@ maintainers:
name: kafka
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/kafka
version: 25.2.0
version: 25.3.0

36
charts/bitnami/kafka/README.md
View File

@ -120,20 +120,28 @@ The command removes all the Kubernetes components associated with the chart and
### Kafka SASL parameters
| Name | Description | Value |
| --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `sasl.enabledMechanisms` | Comma-separated list of allowed SASL mechanisms when SASL listeners are configured. Allowed types: `PLAIN`, `SCRAM-SHA-256`, `SCRAM-SHA-512` | `PLAIN,SCRAM-SHA-256,SCRAM-SHA-512` |
| `sasl.interBrokerMechanism` | SASL mechanism for inter broker communication. | `PLAIN` |
| `sasl.controllerMechanism` | SASL mechanism for controller communications. | `PLAIN` |
| `sasl.interbroker.user` | Username for inter-broker communications when SASL is enabled | `inter_broker_user` |
| `sasl.interbroker.password` | Password for inter-broker communications when SASL is enabled. If not set and SASL is enabled for the controller listener, a random password will be generated. | `""` |
| `sasl.controller.user` | Username for controller communications when SASL is enabled | `controller_user` |
| `sasl.controller.password` | Password for controller communications when SASL is enabled. If not set and SASL is enabled for the inter-broker listener, a random password will be generated. | `""` |
| `sasl.client.users` | Comma-separated list of usernames for client communications when SASL is enabled | `["user1"]` |
| `sasl.client.passwords` | Comma-separated list of passwords for client communications when SASL is enabled, must match the number of client.users | `""` |
| `sasl.zookeeper.user` | Username for zookeeper communications when SASL is enabled. | `""` |
| `sasl.zookeeper.password` | Password for zookeeper communications when SASL is enabled. | `""` |
| `sasl.existingSecret` | Name of the existing secret containing credentials for clientUsers, interBrokerUser, controllerUser and zookeeperUser | `""` |
| Name | Description | Value |
| ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `sasl.enabledMechanisms` | Comma-separated list of allowed SASL mechanisms when SASL listeners are configured. Allowed types: `PLAIN`, `SCRAM-SHA-256`, `SCRAM-SHA-512`, `OAUTHBEARER` | `PLAIN,SCRAM-SHA-256,SCRAM-SHA-512` |
| `sasl.interBrokerMechanism` | SASL mechanism for inter broker communication. | `PLAIN` |
| `sasl.controllerMechanism` | SASL mechanism for controller communications. | `PLAIN` |
| `sasl.oauthbearer.tokenEndpointUrl` | The URL for the OAuth/OIDC identity provider | `""` |
| `sasl.oauthbearer.jwksEndpointUrl` | The OAuth/OIDC provider URL from which the provider's JWKS (JSON Web Key Set) can be retrieved | `""` |
| `sasl.oauthbearer.expectedAudience` | The comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences | `""` |
| `sasl.oauthbearer.subClaimName` | The OAuth claim name for the subject. | `sub` |
| `sasl.interbroker.user` | Username for inter-broker communications when SASL is enabled | `inter_broker_user` |
| `sasl.interbroker.password` | Password for inter-broker communications when SASL is enabled. If not set and SASL is enabled for the controller listener, a random password will be generated. | `""` |
| `sasl.interbroker.clientId` | Client ID for inter-broker communications when SASL is enabled with mechanism OAUTHBEARER | `inter_broker_client` |
| `sasl.interbroker.clientSecret` | Client Secret for inter-broker communications when SASL is enabled with mechanism OAUTHBEARER. If not set and SASL is enabled for the controller listener, a random secret will be generated. | `""` |
| `sasl.controller.user` | Username for controller communications when SASL is enabled | `controller_user` |
| `sasl.controller.password` | Password for controller communications when SASL is enabled. If not set and SASL is enabled for the inter-broker listener, a random password will be generated. | `""` |
| `sasl.controller.clientId` | Client ID for controller communications when SASL is enabled with mechanism OAUTHBEARER | `controller_broker_client` |
| `sasl.controller.clientSecret` | Client Secret for controller communications when SASL is enabled with mechanism OAUTHBEARER. If not set and SASL is enabled for the inter-broker listener, a random secret will be generated. | `""` |
| `sasl.client.users` | Comma-separated list of usernames for client communications when SASL is enabled | `["user1"]` |
| `sasl.client.passwords` | Comma-separated list of passwords for client communications when SASL is enabled, must match the number of client.users | `""` |
| `sasl.zookeeper.user` | Username for zookeeper communications when SASL is enabled. | `""` |
| `sasl.zookeeper.password` | Password for zookeeper communications when SASL is enabled. | `""` |
| `sasl.existingSecret` | Name of the existing secret containing credentials for clientUsers, interBrokerUser, controllerUser and zookeeperUser | `""` |
### Kafka TLS parameters

16
charts/bitnami/kafka/templates/NOTES.txt
View File

@ -77,6 +77,13 @@ To connect a client to your Kafka, you need to create the 'client.properties' co
security.protocol={{ .Values.listeners.client.protocol }}
{{- if $clientSaslEnabled }}
{{- if regexFind "OAUTHBEARER" (upper .Values.sasl.enabledMechanisms ) }}
sasl.jaas.config="org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required"\
clientId="<Valid id From OAUTH provider>" \
password="<Valid password for id from OAUTH provider>";
sasl.login.callback.handler.class=org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerLoginCallbackHandler
sasl.oauthbearer.token.endpoint.url={{ .Values.sasl.oauthbearer.tokenEndpointUrl }}
{{- else }}
{{- if regexFind "SCRAM-SHA-256" (upper .Values.sasl.enabledMechanisms) }}
sasl.mechanism=SCRAM-SHA-256
{{- else if regexFind "SCRAM-SHA-512" (upper .Values.sasl.enabledMechanisms) }}
@ -89,6 +96,7 @@ sasl.jaas.config={{ $securityModule }} \
username="{{ index .Values.sasl.client.users 0 }}" \
password="$(kubectl get secret {{ $fullname }}-user-passwords --namespace {{ $releaseNamespace }} -o jsonpath='{.data.client-passwords}' | base64 -d | cut -d , -f 1)";
{{- end }}
{{- end }}
{{- if $clientSslEnabled }}
{{- $clientTlsType := upper .Values.tls.type }}
ssl.truststore.type={{ $clientTlsType }}
@ -265,6 +273,13 @@ To connect a client to your Kafka, you need to create the 'client.properties' co
security.protocol={{ .Values.listeners.external.protocol }}
{{- if $externalSaslEnabled }}
{{- if regexFind "OAUTHBEARER" (upper .Values.sasl.enabledMechanisms ) }}
sasl.jaas.config="org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required"\
clientId="<Valid id From OAUTH provider>" \
password="<Valid password for id from OAUTH provider>";
sasl.login.callback.handler.class=org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerLoginCallbackHandler
sasl.oauthbearer.token.endpoint.url={{ .Values.sasl.oauthbearer.tokenEndpointUrl }}
{{- else }}
{{- if regexFind "SCRAM-SHA-256" (upper .Values.sasl.enabledMechanisms) }}
sasl.mechanism=SCRAM-SHA-256
{{- else if regexFind "SCRAM-SHA-512" (upper .Values.sasl.enabledMechanisms) }}
@ -277,6 +292,7 @@ sasl.jaas.config={{ $securityModule }} \
username="{{ index .Values.sasl.client.users 0 }}" \
password="$(kubectl get secret {{ $fullname }}-user-passwords --namespace {{ $releaseNamespace }} -o jsonpath='{.data.client-passwords}' | base64 -d | cut -d , -f 1)";
{{- end }}
{{- end }}
{{- if $externalSslEnabled }}
{{- $clientTlsType := upper .Values.tls.type }}
ssl.truststore.type={{ $clientTlsType }}

93
charts/bitnami/kafka/templates/_helpers.tpl
View File

@ -167,6 +167,41 @@ Return true if SASL connections should be configured
{{- end -}}
{{- end -}}
{{/*
Returns true if a sasl mechanism that uses usernames and passwords is in use
*/}}
{{- define "kafka.saslUserPasswordsEnabled" -}}
{{- if (include "kafka.saslEnabled" .) -}}
{{- if or (regexFind "PLAIN" (upper .Values.sasl.enabledMechanisms)) (regexFind "SCRAM" (upper .Values.sasl.enabledMechanisms)) -}}
true
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if a sasl mechanism that uses client IDs and client secrets is in use
*/}}
{{- define "kafka.saslClientSecretsEnabled" -}}
{{- if (include "kafka.saslEnabled" .) -}}
{{- if (regexFind "OAUTHBEARER" (upper .Values.sasl.enabledMechanisms)) -}}
true
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Returns the security module based on the provided sasl mechanism
*/}}
{{- define "kafka.saslSecurityModule" -}}
{{- if eq "PLAIN" .mechanism -}}
org.apache.kafka.common.security.plain.PlainLoginModule required
{{- else if regexFind "SCRAM" .mechanism -}}
org.apache.kafka.common.security.scram.ScramLoginModule required
{{- else if eq "OAUTHBEARER" .mechanism -}}
org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required
{{- end -}}
{{- end -}}
{{/*
Return the Kafka SASL credentials secret
*/}}
@ -418,7 +453,9 @@ The exporter uses a different nomenclature so we need to do this hack
*/}}
{{- define "kafka.metrics.kafka.saslMechanism" -}}
{{- $saslMechanisms := .Values.sasl.enabledMechanisms }}
{{- if contains "SCRAM-SHA-512" (upper $saslMechanisms) }}
{{- if contains "OAUTHBEARER" (upper $saslMechanisms) }}
{{- print "oauthbearer" -}}
{{- else if contains "SCRAM-SHA-512" (upper $saslMechanisms) }}
{{- print "scram-sha512" -}}
{{- else if contains "SCRAM-SHA-256" (upper $saslMechanisms) }}
{{- print "scram-sha256" -}}
@ -597,12 +634,18 @@ listener.name.{{lower $listener.name}}.ssl.client.auth={{ $listener.sslClientAut
{{- end }}
{{- if regexFind "SASL" (upper $listener.protocol) }}
{{- range $mechanism := ( splitList "," $.Values.sasl.enabledMechanisms )}}
{{- $securityModule := ternary "org.apache.kafka.common.security.plain.PlainLoginModule required" "org.apache.kafka.common.security.scram.ScramLoginModule required" (eq "PLAIN" (upper $mechanism)) }}
{{- $securityModule := include "kafka.saslSecurityModule" (dict "mechanism" (upper $mechanism)) }}
{{- $saslJaasConfig := list $securityModule }}
{{- if eq $listener.name $.Values.listeners.interbroker.name }}
{{- if (eq (upper $mechanism) "OAUTHBEARER") }}
{{- $saslJaasConfig = append $saslJaasConfig (printf "clientId=\"%s\"" $.Values.sasl.interbroker.clientId) }}
{{- $saslJaasConfig = append $saslJaasConfig (print "clientSecret=\"interbroker-client-secret-placeholder\"") }}
listener.name.{{lower $listener.name}}.oauthbearer.sasl.login.callback.handler.class=org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerLoginCallbackHandler
{{- else }}
{{- $saslJaasConfig = append $saslJaasConfig (printf "username=\"%s\"" $.Values.sasl.interbroker.user) }}
{{- $saslJaasConfig = append $saslJaasConfig (print "password=\"interbroker-password-placeholder\"") }}
{{- end }}
{{- end }}
{{- if eq (upper $mechanism) "PLAIN" }}
{{- if eq $listener.name $.Values.listeners.interbroker.name }}
{{- $saslJaasConfig = append $saslJaasConfig (printf "user_%s=\"interbroker-password-placeholder\"" $.Values.sasl.interbroker.user) }}
@ -612,9 +655,18 @@ listener.name.{{lower $listener.name}}.ssl.client.auth={{ $listener.sslClientAut
{{- end }}
{{- end }}
listener.name.{{lower $listener.name}}.{{lower $mechanism}}.sasl.jaas.config={{ join " " $saslJaasConfig }};
{{- if eq (upper $mechanism) "OAUTHBEARER" }}
listener.name.{{lower $listener.name}}.oauthbearer.sasl.server.callback.handler.class=org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerValidatorCallbackHandler
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if regexFind "OAUTHBEARER" $.Values.sasl.enabledMechanisms }}
sasl.oauthbearer.token.endpoint.url={{ $.Values.sasl.oauthbearer.tokenEndpointUrl }}
sasl.oauthbearer.jwks.endpoint.url={{ $.Values.sasl.oauthbearer.jwksEndpointUrl }}
sasl.oauthbearer.expected.audience={{ $.Values.sasl.oauthbearer.expectedAudience }}
sasl.oauthbearer.sub.claim.name={{ $.Values.sasl.oauthbearer.subClaimName }}
{{- end }}
# End of SASL JAAS configuration
{{- end }}
{{- end -}}
@ -655,10 +707,15 @@ listener.name.{{lower $listener.name}}.ssl.client.auth={{ $listener.sslClientAut
{{- end }}
{{- if regexFind "SASL" (upper $listener.protocol) }}
{{- $mechanism := $.Values.sasl.controllerMechanism }}
{{- $securityModule := ternary "org.apache.kafka.common.security.plain.PlainLoginModule required" "org.apache.kafka.common.security.scram.ScramLoginModule required" (eq "PLAIN" (upper $mechanism)) }}
{{- $securityModule := include "kafka.saslSecurityModule" (dict "mechanism" (upper $mechanism)) }}
{{- $saslJaasConfig := list $securityModule }}
{{- if (eq (upper $mechanism) "OAUTHBEARER") }}
{{- $saslJaasConfig = append $saslJaasConfig (printf "clientId=\"%s\"" $.Values.sasl.controller.clientId) }}
{{- $saslJaasConfig = append $saslJaasConfig (print "clientSecret=\"controller-client-secret-placeholder\"") }}
{{- else }}
{{- $saslJaasConfig = append $saslJaasConfig (printf "username=\"%s\"" $.Values.sasl.controller.user) }}
{{- $saslJaasConfig = append $saslJaasConfig (print "password=\"controller-password-placeholder\"") }}
{{- end }}
{{- if eq (upper $mechanism) "PLAIN" }}
{{- $saslJaasConfig = append $saslJaasConfig (printf "user_%s=\"controller-password-placeholder\"" $.Values.sasl.controller.user) }}
{{- end }}
@ -666,6 +723,10 @@ listener.name.{{lower $listener.name}}.ssl.client.auth={{ $listener.sslClientAut
sasl.mechanism.controller.protocol={{ upper $mechanism }}
listener.name.{{lower $listener.name}}.sasl.enabled.mechanisms={{ upper $mechanism }}
listener.name.{{lower $listener.name}}.{{lower $mechanism }}.sasl.jaas.config={{ join " " $saslJaasConfig }};
{{- if regexFind "OAUTHBEARER" (upper $mechanism) }}
listener.name.{{lower $listener.name}}.oauthbearer.sasl.server.callback.handler.class=org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerValidatorCallbackHandler
listener.name.{{lower $listener.name}}.oauthbearer.sasl.login.callback.handler.class=org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerLoginCallbackHandler
{{- end }}
{{- end }}
{{- end -}}
@ -753,6 +814,7 @@ Init container definition for Kafka initialization
{{- end }}
{{- end }}
{{- if and (include "kafka.client.saslEnabled" .context ) .context.Values.sasl.client.users }}
{{- if (include "kafka.saslUserPasswordsEnabled" .context) }}
- name: KAFKA_CLIENT_USERS
value: {{ join "," .context.Values.sasl.client.users | quote }}
- name: KAFKA_CLIENT_PASSWORDS
@ -761,7 +823,9 @@ Init container definition for Kafka initialization
name: {{ include "kafka.saslSecretName" .context }}
key: client-passwords
{{- end }}
{{- end }}
{{- if regexFind "SASL" (upper .context.Values.listeners.interbroker.protocol) }}
{{- if (include "kafka.saslUserPasswordsEnabled" .context) }}
- name: KAFKA_INTER_BROKER_USER
value: {{ .context.Values.sasl.interbroker.user | quote }}
- name: KAFKA_INTER_BROKER_PASSWORD
@ -770,13 +834,36 @@ Init container definition for Kafka initialization
name: {{ include "kafka.saslSecretName" .context }}
key: inter-broker-password
{{- end }}
{{- if (include "kafka.saslClientSecretsEnabled" .context) }}
- name: KAFKA_INTER_BROKER_CLIENT_ID
value: {{ .context.Values.sasl.interbroker.clientId | quote }}
- name: KAFKA_INTER_BROKER_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "kafka.saslSecretName" .context }}
key: inter-broker-client-secret
{{- end }}
{{- end }}
{{- if and .context.Values.kraft.enabled (regexFind "SASL" (upper .context.Values.listeners.controller.protocol)) }}
{{- if (include "kafka.saslUserPasswordsEnabled" .context) }}
- name: KAFKA_CONTROLLER_USER
value: {{ .context.Values.sasl.controller.user | quote }}
- name: KAFKA_CONTROLLER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "kafka.saslSecretName" .context }}
key: controller-password
{{- end }}
{{- if (include "kafka.saslClientSecretsEnabled" .context) }}
- name: KAFKA_CONTROLLER_CLIENT_ID
value: {{ .context.Values.sasl.controller.clientId | quote }}
- name: KAFKA_CONTROLLER_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "kafka.saslSecretName" .context }}
key: controller-client-secret
{{- end }}
{{- end }}
{{- if (include "kafka.sslEnabled" .context ) }}
- name: KAFKA_TLS_TYPE
value: {{ ternary "PEM" "JKS" (or .context.Values.tls.autoGenerated (eq (upper .context.Values.tls.type) "PEM")) }}

24
charts/bitnami/kafka/templates/broker/statefulset.yaml
View File

@ -167,7 +167,7 @@ spec:
- name: KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS
value: "true"
{{- end }}
{{- if and (include "kafka.client.saslEnabled" . ) .Values.sasl.client.users }}
{{- if and (include "kafka.client.saslEnabled" . ) .Values.sasl.client.users (include "kafka.saslUserPasswordsEnabled" .) }}
- name: KAFKA_CLIENT_USERS
value: {{ join "," .Values.sasl.client.users | quote }}
- name: KAFKA_CLIENT_PASSWORDS
@ -177,6 +177,7 @@ spec:
key: client-passwords
{{- end }}
{{- if regexFind "SASL" (upper .Values.listeners.interbroker.protocol) }}
{{- if (include "kafka.saslUserPasswordsEnabled" .) }}
- name: KAFKA_INTER_BROKER_USER
value: {{ .Values.sasl.interbroker.user | quote }}
- name: KAFKA_INTER_BROKER_PASSWORD
@ -185,7 +186,18 @@ spec:
name: {{ include "kafka.saslSecretName" . }}
key: inter-broker-password
{{- end }}
{{- if (include "kafka.saslClientSecretsEnabled" .) }}
- name: KAFKA_INTER_BROKER_CLIENT_ID
value: {{ .Values.sasl.interbroker.clientId | quote }}
- name: KAFKA_INTER_BROKER_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "kafka.saslSecretName" . }}
key: inter-broker-client-secret
{{- end }}
{{- end }}
{{- if and .Values.kraft.enabled (regexFind "SASL" (upper .Values.listeners.controller.protocol)) }}
{{- if (include "kafka.saslUserPasswordsEnabled" .) }}
- name: KAFKA_CONTROLLER_USER
value: {{ .Values.sasl.controller.user | quote }}
- name: KAFKA_CONTROLLER_PASSWORD
@ -194,6 +206,16 @@ spec:
name: {{ include "kafka.saslSecretName" . }}
key: controller-password
{{- end }}
{{- if (include "kafka.saslClientSecretsEnabled" .) }}
- name: KAFKA_CONTROLLER_CLIENT_ID
value: {{ .Values.sasl.controller.clientId | quote }}
- name: KAFKA_CONTROLLER_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "kafka.saslSecretName" . }}
key: controller-client-secret
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.metrics.jmx.enabled }}
- name: JMX_PORT

24
charts/bitnami/kafka/templates/controller-eligible/statefulset.yaml
View File

@ -156,7 +156,7 @@ spec:
{{- if and (include "kafka.saslEnabled" .) (or (regexFind "SCRAM" (upper .Values.sasl.enabledMechanisms)) (regexFind "SCRAM" (upper .Values.sasl.controllerMechanism)) (regexFind "SCRAM" (upper .Values.sasl.interBrokerMechanism))) }}
- name: KAFKA_KRAFT_BOOTSTRAP_SCRAM_USERS
value: "true"
{{- if and (include "kafka.client.saslEnabled" . ) .Values.sasl.client.users }}
{{- if and (include "kafka.client.saslEnabled" . ) .Values.sasl.client.users (include "kafka.saslUserPasswordsEnabled" .) }}
- name: KAFKA_CLIENT_USERS
value: {{ join "," .Values.sasl.client.users | quote }}
- name: KAFKA_CLIENT_PASSWORDS
@ -166,6 +166,7 @@ spec:
key: client-passwords
{{- end }}
{{- if regexFind "SASL" (upper .Values.listeners.interbroker.protocol) }}
{{- if (include "kafka.saslUserPasswordsEnabled" .) }}
- name: KAFKA_INTER_BROKER_USER
value: {{ .Values.sasl.interbroker.user | quote }}
- name: KAFKA_INTER_BROKER_PASSWORD
@ -174,7 +175,18 @@ spec:
name: {{ include "kafka.saslSecretName" . }}
key: inter-broker-password
{{- end }}
{{- if (include "kafka.saslClientSecretsEnabled" .) }}
- name: KAFKA_INTER_BROKER_CLIENT_ID
value: {{ .Values.sasl.interbroker.clientId | quote }}
- name: KAFKA_INTER_BROKER_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "kafka.saslSecretName" . }}
key: inter-broker-client-secret
{{- end }}
{{- end }}
{{- if regexFind "SASL" (upper .Values.listeners.controller.protocol) }}
{{- if (include "kafka.saslUserPasswordsEnabled" .) }}
- name: KAFKA_CONTROLLER_USER
value: {{ .Values.sasl.controller.user | quote }}
- name: KAFKA_CONTROLLER_PASSWORD
@ -183,6 +195,16 @@ spec:
name: {{ include "kafka.saslSecretName" . }}
key: controller-password
{{- end }}
{{- if (include "kafka.saslClientSecretsEnabled" .) }}
- name: KAFKA_CONTROLLER_CLIENT_ID
value: {{ .Values.sasl.controller.clientId | quote }}
- name: KAFKA_CONTROLLER_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ include "kafka.saslSecretName" . }}
key: controller-client-secret
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.metrics.jmx.enabled }}
- name: JMX_PORT

16
charts/bitnami/kafka/templates/provisioning/job.yaml
View File

@ -135,6 +135,11 @@ spec:
{{- else if regexFind "SCRAM-SHA-512" ( upper .Values.sasl.enabledMechanisms) }}
kafka_common_conf_set "$CLIENT_CONF" sasl.mechanism SCRAM-SHA-512
kafka_common_conf_set "$CLIENT_CONF" sasl.jaas.config "org.apache.kafka.common.security.scram.ScramLoginModule required username=\"$SASL_USERNAME\" password=\"$SASL_USER_PASSWORD\";"
{{- else if regexFind "OAUTHBEARER" ( upper .Values.sasl.enabledMechanisms) }}
kafka_common_conf_set "$CLIENT_CONF" sasl.mechanism OAUTHBEARER
kafka_common_conf_set "$CLIENT_CONF" sasl.jaas.config "org.apache.kafka.common.security.oauthbearer.OAuthBearerLoginModule required clientId=\"$SASL_CLIENT_ID\" password=\"$SASL_CLIENT_SECRET\";"
kafka_common_conf_set "$CLIENT_CONF" sasl.login.callback.handler.class "org.apache.kafka.common.security.oauthbearer.secured.OAuthBearerLoginCallbackHandler"
kafka_common_conf_set "$CLIENT_CONF" sasl.oauthbearer.token.endpoint.url {{ .Values.sasl.oauthbearer.tokenEndpointUrl | quote }}
{{- end }}
{{- end }}
fi
@ -199,6 +204,7 @@ spec:
- name: KAFKA_SERVICE
value: {{ printf "%s:%d" (include "common.names.fullname" .) (.Values.service.ports.client | int64) }}
{{- if regexFind "SASL" (upper .Values.listeners.client.protocol) }}
{{- if (include "kafka.saslUserPasswordsEnabled" .) }}
- name: SASL_USERNAME
value: {{ index .Values.sasl.client.users 0 | quote }}
- name: SASL_USER_PASSWORD
@ -207,6 +213,16 @@ spec:
name: {{ include "kafka.saslSecretName" . }}
key: system-user-password
{{- end }}
{{- if (include "kafka.saslClientSecretsEnabled" .) }}
- name: SASL_CLIENT_ID
value: {{ .Values.sasl.interbroker.clientId | quote }}
- name: SASL_USER_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "kafka.saslSecretName" . }}
key: inter-broker-client-secret
{{- end }}
{{- end }}
{{- if .Values.provisioning.extraEnvVars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.provisioning.extraEnvVars "context" $) | nindent 12 }}
{{- end }}

10
charts/bitnami/kafka/templates/scripts-configmap.yaml
View File

@ -292,11 +292,21 @@ data:
# Replace placeholders with passwords
{{- if regexFind "SASL" (upper .Values.listeners.interbroker.protocol) }}
{{- if (include "kafka.saslUserPasswordsEnabled" .) }}
replace_placeholder "interbroker-password-placeholder" "$KAFKA_INTER_BROKER_PASSWORD"
{{- end }}
{{- if (include "kafka.saslClientSecretsEnabled" .) }}
replace_placeholder "interbroker-client-secret-placeholder" "$KAFKA_INTER_BROKER_CLIENT_SECRET"
{{- end }}
{{- end -}}
{{- if and .Values.kraft.enabled (regexFind "SASL" (upper .Values.listeners.controller.protocol)) }}
{{- if (include "kafka.saslUserPasswordsEnabled" .) }}
replace_placeholder "controller-password-placeholder" "$KAFKA_CONTROLLER_PASSWORD"
{{- end }}
{{- if (include "kafka.saslClientSecretsEnabled" .) }}
replace_placeholder "controller-client-secret-placeholder" "$KAFKA_CONTROLLER_CLIENT_SECRET"
{{- end }}
{{- end }}
{{- if (include "kafka.client.saslEnabled" .)}}
read -r -a passwords <<<"$(tr ',;' ' ' <<<"${KAFKA_CLIENT_PASSWORDS:-}")"
for ((i = 0; i < ${#passwords[@]}; i++)); do

12
charts/bitnami/kafka/templates/secrets.yaml
View File

@ -32,18 +32,30 @@ data:
{{- end }}
{{- $secretValue = join "," $clientPasswords | toString | b64enc }}
{{- end }}
{{- if (include "kafka.saslUserPasswordsEnabled" .) }}
client-passwords: {{ $secretValue | quote }}
system-user-password: {{ index (splitList "," (b64dec $secretValue)) 0 | b64enc | quote }}
{{- end }}
{{- end }}
{{- if or .Values.sasl.zookeeper.user .Values.zookeeper.auth.client.enabled }}
zookeeper-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "zookeeper-password" "providedValues" (list "sasl.zookeeper.password" "zookeeper.auth.client.clientPassword") "failOnNew" false "context" $) }}
{{- end }}
{{- if regexFind "SASL" (upper .Values.listeners.interbroker.protocol) }}
{{- if (include "kafka.saslUserPasswordsEnabled" .) }}
inter-broker-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "inter-broker-password" "providedValues" (list "sasl.interbroker.password") "failOnNew" false "context" $) }}
{{- end }}
{{- if (include "kafka.saslClientSecretsEnabled" .) }}
inter-broker-client-secret: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "inter-broker-client-secret" "providedValues" (list "sasl.interbroker.clientSecret") "failOnNew" false "context" $) }}
{{- end }}
{{- end }}
{{- if regexFind "SASL" (upper .Values.listeners.controller.protocol) }}
{{- if (include "kafka.saslUserPasswordsEnabled" .) }}
controller-password: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "controller-password" "providedValues" (list "sasl.controller.password") "failOnNew" false "context" $) }}
{{- end }}
{{- if (include "kafka.saslClientSecretsEnabled" .) }}
controller-client-secret: {{ include "common.secrets.passwords.manage" (dict "secret" $secretName "key" "controller-client-secret" "providedValues" (list "sasl.controller.clientSecret") "failOnNew" false "context" $) }}
{{- end }}
{{- end }}
{{- if .Values.serviceBindings.enabled }}
{{- if (include "kafka.client.saslEnabled" .) }}

27
charts/bitnami/kafka/values.yaml
View File

@ -198,7 +198,7 @@ listeners:
## Kafka SASL settings for authentication, required if SASL_PLAINTEXT or SASL_SSL listeners are configured
##
sasl:
## @param sasl.enabledMechanisms Comma-separated list of allowed SASL mechanisms when SASL listeners are configured. Allowed types: `PLAIN`, `SCRAM-SHA-256`, `SCRAM-SHA-512`
## @param sasl.enabledMechanisms Comma-separated list of allowed SASL mechanisms when SASL listeners are configured. Allowed types: `PLAIN`, `SCRAM-SHA-256`, `SCRAM-SHA-512`, `OAUTHBEARER`
## NOTE: At the moment, Kafka Raft mode does not support SCRAM, that is why only PLAIN is configured.
##
enabledMechanisms: PLAIN,SCRAM-SHA-256,SCRAM-SHA-512
@ -208,20 +208,39 @@ sasl:
## @param sasl.controllerMechanism SASL mechanism for controller communications.
##
controllerMechanism: PLAIN
## Settings for oauthbearer mechanism
## @param sasl.oauthbearer.tokenEndpointUrl The URL for the OAuth/OIDC identity provider
## @param sasl.oauthbearer.jwksEndpointUrl The OAuth/OIDC provider URL from which the provider's JWKS (JSON Web Key Set) can be retrieved
## @param sasl.oauthbearer.expectedAudience The comma-delimited setting for the broker to use to verify that the JWT was issued for one of the expected audiences
## @param sasl.oauthbearer.subClaimName The OAuth claim name for the subject.
##
oauthbearer:
tokenEndpointUrl: ""
jwksEndpointUrl: ""
expectedAudience: ""
subClaimName: "sub"
## Credentials for inter-broker communications.
## @param sasl.interbroker.user Username for inter-broker communications when SASL is enabled
## @param sasl.interbroker.password Password for inter-broker communications when SASL is enabled. If not set and SASL is enabled for the controller listener, a random password will be generated.
## @param sasl.interbroker.clientId Client ID for inter-broker communications when SASL is enabled with mechanism OAUTHBEARER
## @param sasl.interbroker.clientSecret Client Secret for inter-broker communications when SASL is enabled with mechanism OAUTHBEARER. If not set and SASL is enabled for the controller listener, a random secret will be generated.
##
interbroker:
user: inter_broker_user
password: ""
clientId: inter_broker_client
clientSecret: ""
## Credentials for controller communications.
## @param sasl.controller.user Username for controller communications when SASL is enabled
## @param sasl.controller.password Password for controller communications when SASL is enabled. If not set and SASL is enabled for the inter-broker listener, a random password will be generated.
## @param sasl.controller.clientId Client ID for controller communications when SASL is enabled with mechanism OAUTHBEARER
## @param sasl.controller.clientSecret Client Secret for controller communications when SASL is enabled with mechanism OAUTHBEARER. If not set and SASL is enabled for the inter-broker listener, a random secret will be generated.
##
controller:
user: controller_user
password: ""
clientId: controller_broker_client
clientSecret: ""
## Credentials for client communications.
## @param sasl.client.users Comma-separated list of usernames for client communications when SASL is enabled
## @param sasl.client.passwords Comma-separated list of passwords for client communications when SASL is enabled, must match the number of client.users
@ -239,8 +258,10 @@ sasl:
password: ""
## @param sasl.existingSecret Name of the existing secret containing credentials for clientUsers, interBrokerUser, controllerUser and zookeeperUser
## Create this secret running the command below where SECRET_NAME is the name of the secret you want to create:
## kubectl create secret generic SECRET_NAME --from-literal=client-passwords=CLIENT_PASSWORD1,CLIENT_PASSWORD2 --from-literal=inter-broker-password=INTER_BROKER_PASSWORD --from-literal=controller-password=CONTROLLER_PASSWORD --from-literal=zookeeper-password=ZOOKEEPER_PASSWORD
##
## kubectl create secret generic SECRET_NAME --from-literal=client-passwords=CLIENT_PASSWORD1,CLIENT_PASSWORD2 --from-literal=inter-broker-password=INTER_BROKER_PASSWORD --from-literal=inter-broker-client-secret=INTER_BROKER_CLIENT_SECRET --from-literal=controller-password=CONTROLLER_PASSWORD --from-literal=controller-client-secret=CONTROLLER_CLIENT_SECRET --from-literal=zookeeper-password=ZOOKEEPER_PASSWORD
## The client secrets are only required when using oauthbearer as sasl mechanism.
## Client, interbroker and controller passwords are only required if the sasl mechanism includes something other than oauthbearer.
##
existingSecret: ""
## @section Kafka TLS parameters

6
charts/bitnami/redis/Chart.lock
View File

@ -1,6 +1,6 @@
dependencies:
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.10.0
digest: sha256:023ded170632d04528f30332370f34fc8fb96efb2886a01d934cb3bd6e6d2e09
generated: "2023-09-05T11:35:55.621686+02:00"
version: 2.13.0
digest: sha256:6b6084c51b6a028a651f6e8539d0197487ee807c5bae44867d4ea6ccd1f9ae93
generated: "2023-09-29T11:06:04.261917+02:00"

2
charts/bitnami/redis/Chart.yaml
View File

@ -37,4 +37,4 @@ maintainers:
name: redis
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/redis
version: 18.1.1
version: 18.1.2

4
charts/bitnami/redis/charts/common/Chart.yaml
View File

@ -2,7 +2,7 @@ annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.9.2
appVersion: 2.13.0
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
@ -20,4 +20,4 @@ name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.10.0
version: 2.13.0

44
charts/bitnami/redis/charts/common/templates/_capabilities.tpl
View File

@ -172,6 +172,50 @@ Return the appropriate apiVersion for Vertical Pod Autoscaler.
{{- end -}}
{{- end -}}
{{/*
Returns true if PodSecurityPolicy is supported
*/}}
{{- define "common.capabilities.psp.supported" -}}
{{- if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if AdmissionConfiguration is supported
*/}}
{{- define "common.capabilities.admisionConfiguration.supported" -}}
{{- if semverCompare ">=1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for AdmissionConfiguration.
*/}}
{{- define "common.capabilities.admisionConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiserver.config.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "apiserver.config.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for PodSecurityConfiguration.
*/}}
{{- define "common.capabilities.podSecurityConfiguration.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "pod-security.admission.config.k8s.io/v1alpha1" -}}
{{- else if semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "pod-security.admission.config.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "pod-security.admission.config.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the used Helm version is 3.3+.
A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.

16
charts/bitnami/redis/charts/common/templates/_images.tpl
View File

@ -83,3 +83,19 @@ imagePullSecrets:
{{- end }}
{{- end }}
{{- end -}}
{{/*
Return the proper image version (ingores image revision/prerelease info & fallbacks to chart appVersion)
{{ include "common.images.version" ( dict "imageRoot" .Values.path.to.the.image "chart" .Chart ) }}
*/}}
{{- define "common.images.version" -}}
{{- $imageTag := .imageRoot.tag | toString -}}
{{/* regexp from https://github.com/Masterminds/semver/blob/23f51de38a0866c5ef0bfc42b3f735c73107b700/version.go#L41-L44 */}}
{{- if regexMatch `^([0-9]+)(\.[0-9]+)?(\.[0-9]+)?(-([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?(\+([0-9A-Za-z\-]+(\.[0-9A-Za-z\-]+)*))?$` $imageTag -}}
{{- $version := semver $imageTag -}}
{{- printf "%d.%d.%d" $version.Major $version.Minor $version.Patch -}}
{{- else -}}
{{- print .chart.AppVersion -}}
{{- end -}}
{{- end -}}

27
charts/bitnami/redis/charts/common/templates/_labels.tpl
View File

@ -11,21 +11,19 @@ Kubernetes standard labels
*/}}
{{- define "common.labels.standard" -}}
{{- if and (hasKey . "customLabels") (hasKey . "context") -}}
{{ merge
(include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml)
(dict
"app.kubernetes.io/name" (include "common.names.name" .context)
"helm.sh/chart" (include "common.names.chart" .context)
"app.kubernetes.io/instance" .context.Release.Name
"app.kubernetes.io/managed-by" .context.Release.Service
)
| toYaml
}}
{{- $default := dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service -}}
{{- with .context.Chart.AppVersion -}}
{{- $_ := set $default "app.kubernetes.io/version" . -}}
{{- end -}}
{{ template "common.tplvalues.merge" (dict "values" (list .customLabels $default) "context" .) }}
{{- else -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
helm.sh/chart: {{ include "common.names.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Chart.AppVersion }}
app.kubernetes.io/version: {{ . | quote }}
{{- end -}}
{{- end -}}
{{- end -}}
@ -40,14 +38,7 @@ overwrote them on metadata.labels fields.
*/}}
{{- define "common.labels.matchLabels" -}}
{{- if and (hasKey . "customLabels") (hasKey . "context") -}}
{{ merge
(pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance")
(dict
"app.kubernetes.io/name" (include "common.names.name" .context)
"app.kubernetes.io/instance" .context.Release.Name
)
| toYaml
}}
{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }}
{{- else -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

10
charts/bitnami/redis/charts/common/templates/_utils.tpl
View File

@ -65,3 +65,13 @@ Usage:
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}
{{/*
Checksum a template at "path" containing a *single* resource (ConfigMap,Secret) for use in pod annotations, excluding the metadata (see #18376).
Usage:
{{ include "common.utils.checksumTemplate" (dict "path" "/configmap.yaml" "context" $) }}
*/}}
{{- define "common.utils.checksumTemplate" -}}
{{- $obj := include (print .context.Template.BasePath .path) .context | fromYaml -}}
{{ omit $obj "apiVersion" "kind" "metadata" | toYaml | sha256sum }}
{{- end -}}

3
charts/bitnami/redis/templates/master/psp.yaml
View File

@ -3,8 +3,7 @@ Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.podSecurityPolicy.create }}
{{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.create }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:

3
charts/bitnami/redis/templates/role.yaml
View File

@ -14,8 +14,7 @@ metadata:
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
rules:
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.podSecurityPolicy.enabled }}
{{- if and (include "common.capabilities.psp.supported" .) .Values.podSecurityPolicy.enabled }}
- apiGroups:
- '{{ template "podSecurityPolicy.apiGroup" . }}'
resources:

4
charts/cockroach-labs/cockroachdb/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.8-0'
catalog.cattle.io/release-name: cockroachdb
apiVersion: v1
appVersion: 23.1.10
appVersion: 23.1.11
description: CockroachDB is a scalable, survivable, strongly-consistent SQL database.
home: https://www.cockroachlabs.com
icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png
@ -14,4 +14,4 @@ maintainers:
name: cockroachdb
sources:
- https://github.com/cockroachdb/cockroach
version: 11.2.0
version: 11.2.1

10
charts/cockroach-labs/cockroachdb/README.md
View File

@ -229,10 +229,10 @@ kubectl get pods \
```
```
my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.10
my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.10
my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.10
my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.10
my-release-cockroachdb-0 cockroachdb/cockroach:v23.1.11
my-release-cockroachdb-1 cockroachdb/cockroach:v23.1.11
my-release-cockroachdb-2 cockroachdb/cockroach:v23.1.11
my-release-cockroachdb-3 cockroachdb/cockroach:v23.1.11
```
Resume normal operations. Once you are comfortable that the stability and performance of the cluster is what you'd expect post-upgrade, finalize the upgrade:
@ -316,7 +316,7 @@ For details see the [`values.yaml`](values.yaml) file.
| `conf.store.size` | CockroachDB storage size | `""` |
| `conf.store.attrs` | CockroachDB storage attributes | `""` |
| `image.repository` | Container image name | `cockroachdb/cockroach` |
| `image.tag` | Container image tag | `v23.1.10` |
| `image.tag` | Container image tag | `v23.1.11` |
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `image.credentials` | `registry`, `user` and `pass` credentials to pull private image | `{}` |
| `statefulset.replicas` | StatefulSet replicas number | `3` |

2
charts/cockroach-labs/cockroachdb/values.yaml
View File

@ -7,7 +7,7 @@ fullnameOverride: ""
image:
repository: cockroachdb/cockroach
tag: v23.1.10
tag: v23.1.11
pullPolicy: IfNotPresent
credentials: {}
# registry: docker.io

2
charts/confluent/confluent-for-kubernetes/Chart.yaml
View File

@ -19,4 +19,4 @@ maintainers:
name: confluent-for-kubernetes
sources:
- https://docs.confluent.io/current/index.html
version: 0.824.2
version: 0.824.14

2
charts/confluent/confluent-for-kubernetes/values.yaml
View File

@ -81,7 +81,7 @@ image:
registry: docker.io
repository: confluentinc/confluent-operator
pullPolicy: IfNotPresent
tag: "0.824.2"
tag: "0.824.14"
###
## Priority class for Confluent Operator pod

4
charts/datadog/datadog-operator/CHANGELOG.md
View File

@ -1,5 +1,9 @@
# Changelog
## 1.1.2
* Add configuration for Operator flag `operatorMetricsEnabled` : this parameter can be used to disable the Operator metrics forwarder. It is enabled by default.
## 1.1.1
* Add permissions to curl `/metrics/slis` to operator cluster role.

2
charts/datadog/datadog-operator/Chart.yaml
View File

@ -26,4 +26,4 @@ name: datadog-operator
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
version: 1.1.1
version: 1.1.2

3
charts/datadog/datadog-operator/README.md
View File

@ -1,6 +1,6 @@
# Datadog Operator
![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square)
![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square)
## Values
@ -36,6 +36,7 @@
| metricsPort | int | `8383` | Port used for OpenMetrics endpoint |
| nameOverride | string | `""` | Override name of app |
| nodeSelector | object | `{}` | Allows to schedule Datadog Operator on specific nodes |
| operatorMetricsEnabled | string | `"true"` | Enable forwarding of Datadog Operator metrics and events to Datadog. |
| podAnnotations | object | `{}` | Allows setting additional annotations for Datadog Operator PODs |
| podLabels | object | `{}` | Allows setting additional labels for for Datadog Operator PODs |
| rbac.create | bool | `true` | Specifies whether the RBAC resources should be created |

1
charts/datadog/datadog-operator/templates/deployment.yaml
View File

@ -93,6 +93,7 @@ spec:
- "-logEncoder=json"
- "-metrics-addr=:{{ .Values.metricsPort }}"
- "-loglevel={{ .Values.logLevel }}"
- "-operatorMetricsEnabled={{ .Values.operatorMetricsEnabled }}"
{{- if and (not (empty .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled)) (semverCompare ">=1.0.0-0" .Values.image.tag ) }}
- "-webhookEnabled={{ .Values.datadogCRDs.migration.datadogAgents.conversionWebhook.enabled }}"
{{- else }}

2
charts/datadog/datadog-operator/values.yaml
View File

@ -58,6 +58,8 @@ logLevel: "info"
maximumGoroutines:
# supportExtendedDaemonset -- If true, supports using ExtendedDaemonSet CRD
supportExtendedDaemonset: "false"
# operatorMetricsEnabled -- Enable forwarding of Datadog Operator metrics and events to Datadog.
operatorMetricsEnabled: "true"
# metricsPort -- Port used for OpenMetrics endpoint
metricsPort: 8383
secretBackend:

4
charts/datadog/datadog/CHANGELOG.md
View File

@ -1,5 +1,9 @@
# Datadog changelog
## 3.38.4
* Add `orchestrator_explorer.enabled` for the Agent
## 3.38.3
* Update `fips.image.tag` to `0.6.0`

2
charts/datadog/datadog/Chart.yaml
View File

@ -19,4 +19,4 @@ name: datadog
sources:
- https://app.datadoghq.com/account/settings#agent/kubernetes
- https://github.com/DataDog/datadog-agent
version: 3.38.3
version: 3.38.4

2
charts/datadog/datadog/README.md
View File

@ -1,6 +1,6 @@
# Datadog
![Version: 3.38.3](https://img.shields.io/badge/Version-3.38.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
![Version: 3.38.4](https://img.shields.io/badge/Version-3.38.4-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square)
[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/).

2
charts/datadog/datadog/templates/_container-agent.yaml
View File

@ -148,6 +148,8 @@
- name: DD_CHECKS_TAG_CARDINALITY
value: {{ .Values.datadog.checksCardinality | quote }}
{{- end }}
- name: DD_ORCHESTRATOR_EXPLORER_ENABLED
value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }}
- name: DD_EXPVAR_PORT
value: {{ .Values.datadog.expvarPort | quote }}
- name: DD_COMPLIANCE_CONFIG_ENABLED

4
charts/digitalis/vals-operator/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: vals-operator
apiVersion: v2
appVersion: v0.7.6
appVersion: v0.7.7
description: 'This helm chart installs the Digitalis Vals Operator to manage and sync
secrets from supported backends into Kubernetes. ## About Vals-Operator Here at
[Digitalis](https://digitalis.io) we love [vals](https://github.com/helmfile/vals),
@ -20,4 +20,4 @@ maintainers:
name: Digitalis.IO
name: vals-operator
type: application
version: 0.7.6
version: 0.7.7

2
charts/digitalis/vals-operator/README.md
View File

@ -1,6 +1,6 @@
# vals-operator
![Version: 0.7.5](https://img.shields.io/badge/Version-0.7.5-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.7.5](https://img.shields.io/badge/AppVersion-v0.7.5-informational?style=flat-square)
![Version: 0.7.7](https://img.shields.io/badge/Version-0.7.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.7.7](https://img.shields.io/badge/AppVersion-v0.7.7-informational?style=flat-square)
This helm chart installs the Digitalis Vals Operator to manage and sync secrets from supported backends into Kubernetes.
## About Vals-Operator

2
charts/jfrog/artifactory-ha/CHANGELOG.md
View File

@ -1,7 +1,7 @@
# JFrog Artifactory-ha Chart Changelog
All changes to this chart will be documented in this file
## [107.68.11] - Sep 20, 2023
## [107.68.13] - Sep 20, 2023
* Fixed rtfs context
* Fixed - Metadata service does not respect customVolumeMounts for DB CAs [GH-1815](https://github.com/jfrog/charts/issues/1815)

4
charts/jfrog/artifactory-ha/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-ha
apiVersion: v2
appVersion: 7.68.11
appVersion: 7.68.13
dependencies:
- condition: postgresql.enabled
name: postgresql
@ -26,4 +26,4 @@ name: artifactory-ha
sources:
- https://github.com/jfrog/charts
type: application
version: 107.68.11
version: 107.68.13

2
charts/jfrog/artifactory-jcr/CHANGELOG.md
View File

@ -1,7 +1,7 @@
# JFrog Container Registry Chart Changelog
All changes to this chart will be documented in this file.
## [107.68.11] - Jul 20, 2023
## [107.68.13] - Jul 20, 2023
* Disabled federation services when splitServicesToContainers=true
## [107.45.0] - Aug 25, 2022

6
charts/jfrog/artifactory-jcr/Chart.yaml
View File

@ -4,11 +4,11 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.14.0-0'
catalog.cattle.io/release-name: artifactory-jcr
apiVersion: v2
appVersion: 7.68.11
appVersion: 7.68.13
dependencies:
- name: artifactory
repository: file://./charts/artifactory
version: 107.68.11
version: 107.68.13
description: JFrog Container Registry
home: https://jfrog.com/container-registry/
icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png
@ -27,4 +27,4 @@ name: artifactory-jcr
sources:
- https://github.com/jfrog/charts
type: application
version: 107.68.11
version: 107.68.13

2
charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md
View File

@ -1,7 +1,7 @@
# JFrog Artifactory Chart Changelog
All changes to this chart will be documented in this file.
## [107.68.11] - Sep 20, 2023
## [107.68.13] - Sep 20, 2023
* Fixed rtfs context
* Fixed - Metadata service does not respect customVolumeMounts for DB CAs [GH-1815](https://github.com/jfrog/charts/issues/1815)

4
charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v2
appVersion: 7.68.11
appVersion: 7.68.13
dependencies:
- condition: postgresql.enabled
name: postgresql
@ -21,4 +21,4 @@ name: artifactory
sources:
- https://github.com/jfrog/charts
type: application
version: 107.68.11
version: 107.68.13

8
charts/kong/kong/CHANGELOG.md
View File

@ -4,6 +4,14 @@
Nothing yet.
## 2.28.1
### Fixed
* The admission webhook now includes Gateway API resources and Ingress
resources for controller versions 2.12+. This version introduces new
validations for Kong's regex path implementation.
## 2.28.0
### Improvements

2
charts/kong/kong/Chart.yaml
View File

@ -20,4 +20,4 @@ maintainers:
name: kong
sources:
- https://github.com/Kong/charts/tree/main/charts/kong
version: 2.28.0
version: 2.28.1

22
charts/kong/kong/templates/admission-webhook.yaml
View File

@ -80,6 +80,28 @@ webhooks:
- UPDATE
resources:
- secrets
{{- if (semverCompare ">= 2.12.0" (include "kong.effectiveVersion" .Values.ingressController.image)) }}
- apiGroups:
- networking.k8s.io
apiVersions:
- 'v1'
operations:
- CREATE
- UPDATE
resources:
- ingresses
- apiGroups:
- gateway.networking.k8s.io
apiVersions:
- 'v1alpha2'
- 'v1beta1'
operations:
- CREATE
- UPDATE
resources:
- gateways
- httproutes
{{- end }}
clientConfig:
{{- if not .Values.ingressController.admissionWebhook.certificate.provided }}
caBundle: {{ b64enc $caCert }}

25
charts/ngrok/kubernetes-ingress-controller/.helmignore Normal file
View File

@ -0,0 +1,25 @@
# Source: https://github.com/helm/helm/blob/main/pkg/repo/repotest/testdata/examplechart/.helmignore
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# helmtest plugin tests
tests

106
charts/ngrok/kubernetes-ingress-controller/CHANGELOG.md Normal file
View File

@ -0,0 +1,106 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## 0.11.0
** Important ** This version of the controller changes the ownership model for https edge and tunnel CRs. To ease out the transition to the new ownership, make sure to run `migrate-edges.sh` and `migrate-tunnels.sh` scripts before installing the new version.
### Changed
- Specify IPPolicyRule action as an enum of (allow,deny) as part of [#260](https://github.com/ngrok/kubernetes-ingress-controller/pull/260)
- Handle special case for changing auth types that causes an error during state transition [#259](https://github.com/ngrok/kubernetes-ingress-controller/pull/259)
- Better handling when changing pathType between 'Exact' and 'Prefix' [#262](https://github.com/ngrok/kubernetes-ingress-controller/pull/262)
- Update ngrok-go to 1.4.0 [#298](https://github.com/ngrok/kubernetes-ingress-controller/pull/298)
- Tunnels are now unique in their respective namespace, not across the cluster [#281](https://github.com/ngrok/kubernetes-ingress-controller/pull/281)
- The CRs that ingress controller creates are uniquely marked and managed by it. Other CRs created manually are no longer deleted when the ingress controller is not using them [#267](https://github.com/ngrok/kubernetes-ingress-controller/issues/267); fixed for tunnel in [#285](https://github.com/ngrok/kubernetes-ingress-controller/pull/285) and for https edges in [#286](https://github.com/ngrok/kubernetes-ingress-controller/pull/286)
- Better error handling and retry, specifically for the case where we try to create an https edge for a domain which is not created yet [#283](https://github.com/ngrok/kubernetes-ingress-controller/issues/283); fixed in [#288](https://github.com/ngrok/kubernetes-ingress-controller/pull/288)
- Watch and apply ngrok module set CR changes [#287](https://github.com/ngrok/kubernetes-ingress-controller/issues/287); fixed in [#290](https://github.com/ngrok/kubernetes-ingress-controller/pull/290)
- Label https edges and tunnels with service UID to make them more unique within ngrok [#291](https://github.com/ngrok/kubernetes-ingress-controller/issues/291); fixed in [#293](https://github.com/ngrok/kubernetes-ingress-controller/pull/293) and [#302](https://github.com/ngrok/kubernetes-ingress-controller/pull/302)
### Added
- Add support for configuring pod affinities, pod disruption budget, and priorityClassName [#258](https://github.com/ngrok/kubernetes-ingress-controller/pull/258)
- The controller stopping at the first resource create [#270](https://github.com/ngrok/kubernetes-ingress-controller/pull/270)
- Using `make deploy` now requires `NGROK_AUTHTOKEN` and `NGROK_API_KEY` to be set [#292](https://github.com/ngrok/kubernetes-ingress-controller/pull/292)
## 0.10.0
### Added
- Support HTTPS backends via service annotation [#238](https://github.com/ngrok/kubernetes-ingress-controller/pull/238)
### Changed
- Normalize all ngrok `.io` TLD to `.app` TLD [#240](https://github.com/ngrok/kubernetes-ingress-controller/pull/240)
- Chart Icon
### Fixed
- Add namespace to secret [#244](https://github.com/ngrok/kubernetes-ingress-controller/pull/244). Thank you for the contribution, @vincetse!
## 0.9.0
### Added
- Add a 'podLabels' option to the helm chart [#212](https://github.com/ngrok/kubernetes-ingress-controller/pull/212).
- Permission to `get`,`list`, and `watch` `services` [#222](https://github.com/ngrok-kubernetes-ingress-controller/pull/222).
## 0.8.0
### Changed
- Log Level configuration to helm chart [#199](https://github.com/ngrok/kubernetes-ingress-controller/pull/199).
- Bump default controller image to use `0.6.0` release [#204](https://github.com/ngrok/kubernetes-ingress-controller/pull/204).
### Fixed
- update default-container annotation so logs work correctly [#197](https://github.com/ngrok/kubernetes-ingress-controller/pull/197)
## 0.7.0
### Added
- Update `NgrokModuleSet` and `HTTPSEdge` CRD to support SAML and OAuth
### Changed
- Update appVersion to `0.5.0` to match the latest release of the controller.
## 0.6.1
### Fixed
- Default the image tag to the chart's `appVersion` for predictable installs. Previously, the helm chart would default to the `latest` image tag which can have breaking changes, notably with CRDs.
## 0.6.0
### Changed
- Ingress Class has Default set to false [#109](https://github.com/ngrok/kubernetes-ingress-controller/pull/109)
### Added
- Allow controller name to be configured to support multiple ngrok ingress classes [#159](https://github.com/ngrok/kubernetes-ingress-controller/pull/159)
- Allow the controller to be configured to only watch a single namespace [#157](https://github.com/ngrok/kubernetes-ingress-controller/pull/157)
- Pass key/value pairs to helm that get added as json string metadata in ngrok api resources [#156](https://github.com/ngrok/kubernetes-ingress-controller/pull/156)
- Add IP Policy CRD and IP Policy Route Module [#120](https://github.com/ngrok/kubernetes-ingress-controller/pull/120)
- Load certs from the directory `"/etc/ssl/certs/ngrok/"` for ngrok-go if present [#111](https://github.com/ngrok/kubernetes-ingress-controller/pull/111)
## 0.5.0
### Changed
- Renamed chart from `ngrok-ingress-controller` to `kubernetes-ingress-controller`.
- Added CRDs for `domains`, `tcpedges`, and `httpsedges`.
## 0.4.0
### Added
- `serverAddr` flag to override the ngrok tunnel server address
- `extraVolumes` to add an arbitrary set of volumes to the controller pod
- `extraVolumeMounts` to add an arbitrary set of volume mounts to the controller container
## 0.3.1
### Fixed
- Fixes rendering of `NOTES.txt` when installing via helm
## 0.3.0
### Changed
- Moved from calling ngrok-agent sidecar to using the ngrok-go library in the controller process.
- Moved `apiKey` and `authtoken` to `credentials.apiKey` and `credentials.authtoken` respectively.
- `credentialSecrets.name` is now `credentials.secret.name`
- Changed replicas to 1 by default to work better for default/demo setup.
## 0.2.0
### Added
- Support for different values commonly found in helm charts
# 0.1.0
TODO

6
charts/ngrok/kubernetes-ingress-controller/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: common
repository: https://charts.bitnami.com/bitnami
version: 2.10.1
digest: sha256:54cb57fbf004b3cf03fe382619b87c9d17469340f3d24f506a2dbec185a9455a
generated: "2023-09-08T12:48:02.907551-04:00"

25
charts/ngrok/kubernetes-ingress-controller/Chart.yaml Normal file
View File

@ -0,0 +1,25 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: ngrok Ingress Controller
catalog.cattle.io/release-name: kubernetes-ingress-controller
apiVersion: v2
appVersion: 0.9.0
dependencies:
- name: common
repository: file://./charts/common
tags:
- bitnami-common
version: 2.x.x
description: A Kubernetes ingress controller built using ngrok.
home: https://ngrok.com
icon: https://assets-global.website-files.com/63ed4bc7a4b189da942a6b8c/6411ffa0b395a44345ed2b1a_Frame%201.svg
keywords:
- ngrok
- networking
- ingress
- edge
- api gateway
name: kubernetes-ingress-controller
sources:
- https://github.com/ngrok/kubernetes-ingress-controller
version: 0.11.0

90
charts/ngrok/kubernetes-ingress-controller/README.md Normal file
View File

@ -0,0 +1,90 @@
# ngrok Ingress Controller
This is the helm chart to install the ngrok ingress controller
# Usage
## Prerequisites
The cluster Must be setup with a secret named `ngrok-ingress-controller-credentials` with the following keys:
* AUTHTOKEN
* API\_KEY
## Install the controller with helm
[Helm](https://helm.sh) must be installed to use the charts. Please refer to
Helm's [documentation](https://helm.sh/docs) to get started.
Once Helm has been set up correctly, add the repo as follows:
`helm repo add ngrok https://ngrok.github.io/kubernetes-ingress-controller`
If you had already added this repo earlier, run `helm repo update` to retrieve
the latest versions of the packages. You can then run `helm search repo ngrok` to see the charts.
To install the ngrok-ingress-controller chart:
`helm install my-ngrok-ingress-controller ngrok/kubernetes-ingress-controller`
To uninstall the chart:
`helm delete my-ngrok-ingress-controller`
<!-- Parameters are auto generated via @bitnami/readme-generator-for-helm -->
## Parameters
### Common parameters
| Name | Description | Value |
| ------------------- | ----------------------------------------------------- | ----- |
| `nameOverride` | String to partially override generated resource names | `""` |
| `fullnameOverride` | String to fully override generated resource names | `""` |
| `commonLabels` | Labels to add to all deployed objects | `{}` |
| `commonAnnotations` | Annotations to add to all deployed objects | `{}` |
### Controller parameters
| Name | Description | Value |
| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------- | ------------------------------------- |
| `podAnnotations` | Used to apply custom annotations to the ingress pods. | `{}` |
| `podLabels` | Used to apply custom labels to the ingress pods. | `{}` |
| `replicaCount` | The number of controllers to run. | `1` |
| `image.registry` | The ngrok ingress controller image registry. | `docker.io` |
| `image.repository` | The ngrok ingress controller image repository. | `ngrok/kubernetes-ingress-controller` |
| `image.tag` | The ngrok ingress controller image tag. Defaults to the chart's appVersion if not specified | `""` |
| `image.pullPolicy` | The ngrok ingress controller image pull policy. | `IfNotPresent` |
| `image.pullSecrets` | An array of imagePullSecrets to be used when pulling the image. | `[]` |
| `ingressClass.name` | The name of the ingress class to use. | `ngrok` |
| `ingressClass.create` | Whether to create the ingress class. | `true` |
| `ingressClass.default` | Whether to set the ingress class as default. | `false` |
| `controllerName` | The name of the controller to look for matching ingress classes | `k8s.ngrok.com/ingress-controller` |
| `watchNamespace` | The namespace to watch for ingress resources. Defaults to all | `""` |
| `credentials.secret.name` | The name of the secret the credentials are in. If not provided, one will be generated using the helm release name. | `""` |
| `credentials.apiKey` | Your ngrok API key. If provided, it will be will be written to the secret and the authtoken must be provided as well. | `""` |
| `credentials.authtoken` | Your ngrok authtoken. If provided, it will be will be written to the secret and the apiKey must be provided as well. | `""` |
| `region` | ngrok region to create tunnels in. Defaults to connect to the closest geographical region. | `""` |
| `serverAddr` | This is the URL of the ngrok server to connect to. You should set this if you are using a custom ingress URL. | `""` |
| `metaData` | This is a map of key/value pairs that will be added as meta data to all ngrok api resources created | `{}` |
| `affinity` | Affinity for the controller pod assignment | `{}` |
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` |
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
| `priorityClassName` | Priority class for pod scheduling | `""` |
| `podDisruptionBudget.create` | Enable a Pod Disruption Budget creation | `false` |
| `podDisruptionBudget.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `""` |
| `podDisruptionBudget.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `1` |
| `resources.limits` | The resources limits for the container | `{}` |
| `resources.requests` | The requested resources for the container | `{}` |
| `extraVolumes` | An array of extra volumes to add to the controller. | `[]` |
| `extraVolumeMounts` | An array of extra volume mounts to add to the controller. | `[]` |
| `extraEnv` | an object of extra environment variables to add to the controller. | `{}` |
| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` |
| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` |
| `serviceAccount.annotations` | Additional annotations to add to the ServiceAccount | `{}` |
| `log.level` | The level to log at. One of 'debug', 'info', or 'error'. | `info` |
| `log.stacktraceLevel` | The level to report stacktrace logs one of 'info' or 'error'. | `error` |
| `log.format` | The log format to use. One of console, json. | `json` |

22
charts/ngrok/kubernetes-ingress-controller/charts/common/.helmignore Normal file
View File

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

23
charts/ngrok/kubernetes-ingress-controller/charts/common/Chart.yaml Normal file
View File

@ -0,0 +1,23 @@
annotations:
category: Infrastructure
licenses: Apache-2.0
apiVersion: v2
appVersion: 2.10.1
description: A Library Helm Chart for grouping common logic between bitnami charts.
This chart is not deployable by itself.
home: https://bitnami.com
icon: https://bitnami.com/downloads/logos/bitnami-mark.png
keywords:
- common
- helper
- template
- function
- bitnami
maintainers:
- name: VMware, Inc.
url: https://github.com/bitnami/charts
name: common
sources:
- https://github.com/bitnami/charts
type: library
version: 2.10.1

235
charts/ngrok/kubernetes-ingress-controller/charts/common/README.md Normal file
View File

@ -0,0 +1,235 @@
# Bitnami Common Library Chart
A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between Bitnami charts.
## TL;DR
```yaml
dependencies:
- name: common
version: 2.x.x
repository: oci://registry-1.docker.io/bitnamicharts
```
```console
helm dependency update
```
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "common.names.fullname" . }}
data:
myvalue: "Hello World"
```
## Introduction
This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager.
Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
Looking to use our applications in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
## Prerequisites
- Kubernetes 1.19+
- Helm 3.2.0+
## Parameters
## Special input schemas
### ImageRoot
```yaml
registry:
type: string
description: Docker registry where the image is located
example: docker.io
repository:
type: string
description: Repository and image name
example: bitnami/nginx
tag:
type: string
description: image tag
example: 1.16.1-debian-10-r63
pullPolicy:
type: string
description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
pullSecrets:
type: array
items:
type: string
description: Optionally specify an array of imagePullSecrets (evaluated as templates).
debug:
type: boolean
description: Set to true if you would like to see extra information on logs
example: false
## An instance would be:
# registry: docker.io
# repository: bitnami/nginx
# tag: 1.16.1-debian-10-r63
# pullPolicy: IfNotPresent
# debug: false
```
### Persistence
```yaml
enabled:
type: boolean
description: Whether enable persistence.
example: true
storageClass:
type: string
description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning.
example: "-"
accessMode:
type: string
description: Access mode for the Persistent Volume Storage.
example: ReadWriteOnce
size:
type: string
description: Size the Persistent Volume Storage.
example: 8Gi
path:
type: string
description: Path to be persisted.
example: /bitnami
## An instance would be:
# enabled: true
# storageClass: "-"
# accessMode: ReadWriteOnce
# size: 8Gi
# path: /bitnami
```
### ExistingSecret
```yaml
name:
type: string
description: Name of the existing secret.
example: mySecret
keyMapping:
description: Mapping between the expected key name and the name of the key in the existing secret.
type: object
## An instance would be:
# name: mySecret
# keyMapping:
# password: myPasswordKey
```
#### Example of use
When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets.
```yaml
# templates/secret.yaml
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "common.names.fullname" . }}
labels:
app: {{ include "common.names.fullname" . }}
type: Opaque
data:
password: {{ .Values.password | b64enc | quote }}
# templates/dpl.yaml
---
...
env:
- name: PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }}
key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }}
...
# values.yaml
---
name: mySecret
keyMapping:
password: myPasswordKey
```
### ValidateValue
#### NOTES.txt
```console
{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
```
If we force those values to be empty we will see some alerts
```console
helm install test mychart --set path.to.value00="",path.to.value01=""
'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value:
export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 -d)
'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value:
export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 -d)
```
## Upgrading
### To 1.0.0
[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL.
#### What changes were introduced in this major version?
- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field.
- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information.
- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts
#### Considerations when upgrading to this version
- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues
- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore
- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3
#### Useful links
- <https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/>
- <https://helm.sh/docs/topics/v2_v3_migration/>
- <https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/>
## License
Copyright &copy; 2023 VMware, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
<http://www.apache.org/licenses/LICENSE-2.0>
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

139
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_affinities.tpl Normal file
View File

@ -0,0 +1,139 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return a soft nodeAffinity definition
{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes.soft" -}}
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: {{ .key }}
operator: In
values:
{{- range .values }}
- {{ . | quote }}
{{- end }}
weight: 1
{{- end -}}
{{/*
Return a hard nodeAffinity definition
{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes.hard" -}}
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: {{ .key }}
operator: In
values:
{{- range .values }}
- {{ . | quote }}
{{- end }}
{{- end -}}
{{/*
Return a nodeAffinity definition
{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.nodes" -}}
{{- if eq .type "soft" }}
{{- include "common.affinities.nodes.soft" . -}}
{{- else if eq .type "hard" }}
{{- include "common.affinities.nodes.hard" . -}}
{{- end -}}
{{- end -}}
{{/*
Return a topologyKey definition
{{ include "common.affinities.topologyKey" (dict "topologyKey" "BAR") -}}
*/}}
{{- define "common.affinities.topologyKey" -}}
{{ .topologyKey | default "kubernetes.io/hostname" -}}
{{- end -}}
{{/*
Return a soft podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.soft" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
*/}}
{{- define "common.affinities.pods.soft" -}}
{{- $component := default "" .component -}}
{{- $customLabels := default (dict) .customLabels -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 10 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := $extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
weight: 1
{{- range $extraPodAffinityTerms }}
- podAffinityTerm:
labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 10 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := .extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
weight: {{ .weight | default 1 -}}
{{- end -}}
{{- end -}}
{{/*
Return a hard podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods.hard" (dict "component" "FOO" "customLabels" .Values.podLabels "extraMatchLabels" .Values.extraMatchLabels "topologyKey" "BAR" "extraPodAffinityTerms" .Values.extraPodAffinityTerms "context" $) -}}
*/}}
{{- define "common.affinities.pods.hard" -}}
{{- $component := default "" .component -}}
{{- $customLabels := default (dict) .customLabels -}}
{{- $extraMatchLabels := default (dict) .extraMatchLabels -}}
{{- $extraPodAffinityTerms := default (list) .extraPodAffinityTerms -}}
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" .context )) | nindent 8 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := $extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
{{- range $extraPodAffinityTerms }}
- labelSelector:
matchLabels: {{- (include "common.labels.matchLabels" ( dict "customLabels" $customLabels "context" $.context )) | nindent 8 }}
{{- if not (empty $component) }}
{{ printf "app.kubernetes.io/component: %s" $component }}
{{- end }}
{{- range $key, $value := .extraMatchLabels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
topologyKey: {{ include "common.affinities.topologyKey" (dict "topologyKey" .topologyKey) }}
{{- end -}}
{{- end -}}
{{/*
Return a podAffinity/podAntiAffinity definition
{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}}
*/}}
{{- define "common.affinities.pods" -}}
{{- if eq .type "soft" }}
{{- include "common.affinities.pods.soft" . -}}
{{- else if eq .type "hard" }}
{{- include "common.affinities.pods.hard" . -}}
{{- end -}}
{{- end -}}

185
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_capabilities.tpl Normal file
View File

@ -0,0 +1,185 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return the target Kubernetes version
*/}}
{{- define "common.capabilities.kubeVersion" -}}
{{- if .Values.global }}
{{- if .Values.global.kubeVersion }}
{{- .Values.global.kubeVersion -}}
{{- else }}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
{{- end -}}
{{- else }}
{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for poddisruptionbudget.
*/}}
{{- define "common.capabilities.policy.apiVersion" -}}
{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "policy/v1beta1" -}}
{{- else -}}
{{- print "policy/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "common.capabilities.networkPolicy.apiVersion" -}}
{{- if semverCompare "<1.7-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for cronjob.
*/}}
{{- define "common.capabilities.cronjob.apiVersion" -}}
{{- if semverCompare "<1.21-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "batch/v1beta1" -}}
{{- else -}}
{{- print "batch/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for daemonset.
*/}}
{{- define "common.capabilities.daemonset.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}
{{- define "common.capabilities.deployment.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for statefulset.
*/}}
{{- define "common.capabilities.statefulset.apiVersion" -}}
{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apps/v1beta1" -}}
{{- else -}}
{{- print "apps/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for ingress.
*/}}
{{- define "common.capabilities.ingress.apiVersion" -}}
{{- if .Values.ingress -}}
{{- if .Values.ingress.apiVersion -}}
{{- .Values.ingress.apiVersion -}}
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end }}
{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "networking.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for RBAC resources.
*/}}
{{- define "common.capabilities.rbac.apiVersion" -}}
{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "rbac.authorization.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "rbac.authorization.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for CRDs.
*/}}
{{- define "common.capabilities.crd.apiVersion" -}}
{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiextensions.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "apiextensions.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for APIService.
*/}}
{{- define "common.capabilities.apiService.apiVersion" -}}
{{- if semverCompare "<1.10-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "apiregistration.k8s.io/v1beta1" -}}
{{- else -}}
{{- print "apiregistration.k8s.io/v1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for Horizontal Pod Autoscaler.
*/}}
{{- define "common.capabilities.hpa.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}}
{{- if .beta2 -}}
{{- print "autoscaling/v2beta2" -}}
{{- else -}}
{{- print "autoscaling/v2beta1" -}}
{{- end -}}
{{- else -}}
{{- print "autoscaling/v2" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for Vertical Pod Autoscaler.
*/}}
{{- define "common.capabilities.vpa.apiVersion" -}}
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .context) -}}
{{- if .beta2 -}}
{{- print "autoscaling/v2beta2" -}}
{{- else -}}
{{- print "autoscaling/v2beta1" -}}
{{- end -}}
{{- else -}}
{{- print "autoscaling/v2" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the used Helm version is 3.3+.
A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure.
This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error.
**To be removed when the catalog's minimun Helm version is 3.3**
*/}}
{{- define "common.capabilities.supportsHelmVersion" -}}
{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }}
{{- true -}}
{{- end -}}
{{- end -}}

28
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_errors.tpl Normal file
View File

@ -0,0 +1,28 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Through error when upgrading using empty passwords values that must not be empty.
Usage:
{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}}
{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}}
{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }}
Required password params:
- validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error.
- context - Context - Required. Parent context.
*/}}
{{- define "common.errors.upgrade.passwords.empty" -}}
{{- $validationErrors := join "" .validationErrors -}}
{{- if and $validationErrors .context.Release.IsUpgrade -}}
{{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}}
{{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}}
{{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}}
{{- $errorString = print $errorString "\n%s" -}}
{{- printf $errorString $validationErrors | fail -}}
{{- end -}}
{{- end -}}

85
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_images.tpl Normal file
View File

@ -0,0 +1,85 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper image name
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global ) }}
*/}}
{{- define "common.images.image" -}}
{{- $registryName := .imageRoot.registry -}}
{{- $repositoryName := .imageRoot.repository -}}
{{- $separator := ":" -}}
{{- $termination := .imageRoot.tag | toString -}}
{{- if .global }}
{{- if .global.imageRegistry }}
{{- $registryName = .global.imageRegistry -}}
{{- end -}}
{{- end -}}
{{- if .imageRoot.digest }}
{{- $separator = "@" -}}
{{- $termination = .imageRoot.digest | toString -}}
{{- end -}}
{{- if $registryName }}
{{- printf "%s/%s%s%s" $registryName $repositoryName $separator $termination -}}
{{- else -}}
{{- printf "%s%s%s" $repositoryName $separator $termination -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names (deprecated: use common.images.renderPullSecrets instead)
{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }}
*/}}
{{- define "common.images.pullSecrets" -}}
{{- $pullSecrets := list }}
{{- if .global }}
{{- range .global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets . -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets | uniq }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names evaluating values as templates
{{ include "common.images.renderPullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "context" $) }}
*/}}
{{- define "common.images.renderPullSecrets" -}}
{{- $pullSecrets := list }}
{{- $context := .context }}
{{- if $context.Values.global }}
{{- range $context.Values.global.imagePullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- range .images -}}
{{- range .pullSecrets -}}
{{- $pullSecrets = append $pullSecrets (include "common.tplvalues.render" (dict "value" . "context" $context)) -}}
{{- end -}}
{{- end -}}
{{- if (not (empty $pullSecrets)) }}
imagePullSecrets:
{{- range $pullSecrets | uniq }}
- name: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

73
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_ingress.tpl Normal file
View File

@ -0,0 +1,73 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Generate backend entry that is compatible with all Kubernetes API versions.
Usage:
{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }}
Params:
- serviceName - String. Name of an existing service backend
- servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.ingress.backend" -}}
{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}}
{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}}
serviceName: {{ .serviceName }}
servicePort: {{ .servicePort }}
{{- else -}}
service:
name: {{ .serviceName }}
port:
{{- if typeIs "string" .servicePort }}
name: {{ .servicePort }}
{{- else if or (typeIs "int" .servicePort) (typeIs "float64" .servicePort) }}
number: {{ .servicePort | int }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Print "true" if the API pathType field is supported
Usage:
{{ include "common.ingress.supportsPathType" . }}
*/}}
{{- define "common.ingress.supportsPathType" -}}
{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}
{{/*
Returns true if the ingressClassname field is supported
Usage:
{{ include "common.ingress.supportsIngressClassname" . }}
*/}}
{{- define "common.ingress.supportsIngressClassname" -}}
{{- if semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .) -}}
{{- print "false" -}}
{{- else -}}
{{- print "true" -}}
{{- end -}}
{{- end -}}
{{/*
Return true if cert-manager required annotations for TLS signed
certificates are set in the Ingress annotations
Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
Usage:
{{ include "common.ingress.certManagerRequest" ( dict "annotations" .Values.path.to.the.ingress.annotations ) }}
*/}}
{{- define "common.ingress.certManagerRequest" -}}
{{ if or (hasKey .annotations "cert-manager.io/cluster-issuer") (hasKey .annotations "cert-manager.io/issuer") (hasKey .annotations "kubernetes.io/tls-acme") }}
{{- true -}}
{{- end -}}
{{- end -}}

39
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_labels.tpl Normal file
View File

@ -0,0 +1,39 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Kubernetes standard labels
{{ include "common.labels.standard" (dict "customLabels" .Values.commonLabels "context" $) -}}
*/}}
{{- define "common.labels.standard" -}}
{{- if and (hasKey . "customLabels") (hasKey . "context") -}}
{{ merge (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) (dict "app.kubernetes.io/name" (include "common.names.name" .context) "helm.sh/chart" (include "common.names.chart" .context) "app.kubernetes.io/instance" .context.Release.Name "app.kubernetes.io/managed-by" .context.Release.Service) | toYaml }}
{{- else -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
helm.sh/chart: {{ include "common.names.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- end -}}
{{/*
Labels used on immutable fields such as deploy.spec.selector.matchLabels or svc.spec.selector
{{ include "common.labels.matchLabels" (dict "customLabels" .Values.podLabels "context" $) -}}
We don't want to loop over custom labels appending them to the selector
since it's very likely that it will break deployments, services, etc.
However, it's important to overwrite the standard labels if the user
overwrote them on metadata.labels fields.
*/}}
{{- define "common.labels.matchLabels" -}}
{{- if and (hasKey . "customLabels") (hasKey . "context") -}}
{{ merge (pick (include "common.tplvalues.render" (dict "value" .customLabels "context" .context) | fromYaml) "app.kubernetes.io/name" "app.kubernetes.io/instance") (dict "app.kubernetes.io/name" (include "common.names.name" .context) "app.kubernetes.io/instance" .context.Release.Name ) | toYaml }}
{{- else -}}
app.kubernetes.io/name: {{ include "common.names.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- end -}}

71
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_names.tpl Normal file
View File

@ -0,0 +1,71 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "common.names.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "common.names.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "common.names.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified dependency name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
Usage:
{{ include "common.names.dependency.fullname" (dict "chartName" "dependency-chart-name" "chartValues" .Values.dependency-chart "context" $) }}
*/}}
{{- define "common.names.dependency.fullname" -}}
{{- if .chartValues.fullnameOverride -}}
{{- .chartValues.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .chartName .chartValues.nameOverride -}}
{{- if contains $name .context.Release.Name -}}
{{- .context.Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .context.Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Allow the release namespace to be overridden for multi-namespace deployments in combined charts.
*/}}
{{- define "common.names.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a fully qualified app name adding the installation's namespace.
*/}}
{{- define "common.names.fullname.namespace" -}}
{{- printf "%s-%s" (include "common.names.fullname" .) (include "common.names.namespace" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}

172
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_secrets.tpl Normal file
View File

@ -0,0 +1,172 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Generate secret name.
Usage:
{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
- defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment.
- context - Dict - Required. The context for the template evaluation.
*/}}
{{- define "common.secrets.name" -}}
{{- $name := (include "common.names.fullname" .context) -}}
{{- if .defaultNameSuffix -}}
{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- with .existingSecret -}}
{{- if not (typeIs "string" .) -}}
{{- with .name -}}
{{- $name = . -}}
{{- end -}}
{{- else -}}
{{- $name = . -}}
{{- end -}}
{{- end -}}
{{- printf "%s" $name -}}
{{- end -}}
{{/*
Generate secret key.
Usage:
{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }}
Params:
- existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user
to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility.
+info: https://github.com/bitnami/charts/tree/main/bitnami/common#existingsecret
- key - String - Required. Name of the key in the secret.
*/}}
{{- define "common.secrets.key" -}}
{{- $key := .key -}}
{{- if .existingSecret -}}
{{- if not (typeIs "string" .existingSecret) -}}
{{- if .existingSecret.keyMapping -}}
{{- $key = index .existingSecret.keyMapping $.key -}}
{{- end -}}
{{- end }}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}
{{/*
Generate secret password or retrieve one if already created.
Usage:
{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- key - String - Required - Name of the key in the secret.
- providedValues - List<String> - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
- length - int - Optional - Length of the generated random password.
- strong - Boolean - Optional - Whether to add symbols to the generated random password.
- chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart.
- context - Context - Required - Parent context.
- failOnNew - Boolean - Optional - Default to true. If set to false, skip errors adding new keys to existing secrets.
The order in which this function returns a secret password:
1. Already existing 'Secret' resource
(If a 'Secret' resource is found under the name provided to the 'secret' parameter to this function and that 'Secret' resource contains a key with the name passed as the 'key' parameter to this function then the value of this existing secret password will be returned)
2. Password provided via the values.yaml
(If one of the keys passed to the 'providedValues' parameter to this function is a valid path to a key in the values.yaml and has a value, the value of the first key with a value will be returned)
3. Randomly generated secret password
(A new random secret password with the length specified in the 'length' parameter will be generated and returned)
*/}}
{{- define "common.secrets.passwords.manage" -}}
{{- $password := "" }}
{{- $subchart := "" }}
{{- $failOnNew := default true .failOnNew }}
{{- $chartName := default "" .chartName }}
{{- $passwordLength := default 10 .length }}
{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }}
{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }}
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data }}
{{- if $secretData }}
{{- if hasKey $secretData .key }}
{{- $password = index $secretData .key | quote }}
{{- else if $failOnNew }}
{{- printf "\nPASSWORDS ERROR: The secret \"%s\" does not contain the key \"%s\"\n" .secret .key | fail -}}
{{- end -}}
{{- else if $providedPasswordValue }}
{{- $password = $providedPasswordValue | toString | b64enc | quote }}
{{- else }}
{{- if .context.Values.enabled }}
{{- $subchart = $chartName }}
{{- end -}}
{{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}}
{{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}}
{{- $passwordValidationErrors := list $requiredPasswordError -}}
{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}}
{{- if .strong }}
{{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }}
{{- $password = randAscii $passwordLength }}
{{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
{{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
{{- else }}
{{- $password = randAlphaNum $passwordLength | b64enc | quote }}
{{- end }}
{{- end -}}
{{- printf "%s" $password -}}
{{- end -}}
{{/*
Reuses the value from an existing secret, otherwise sets its value to a default value.
Usage:
{{ include "common.secrets.lookup" (dict "secret" "secret-name" "key" "keyName" "defaultValue" .Values.myValue "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- key - String - Required - Name of the key in the secret.
- defaultValue - String - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.lookup" -}}
{{- $value := "" -}}
{{- $secretData := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret).data -}}
{{- if and $secretData (hasKey $secretData .key) -}}
{{- $value = index $secretData .key -}}
{{- else if .defaultValue -}}
{{- $value = .defaultValue | toString | b64enc -}}
{{- end -}}
{{- if $value -}}
{{- printf "%s" $value -}}
{{- end -}}
{{- end -}}
{{/*
Returns whether a previous generated secret already exists
Usage:
{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }}
Params:
- secret - String - Required - Name of the 'Secret' resource where the password is stored.
- context - Context - Required - Parent context.
*/}}
{{- define "common.secrets.exists" -}}
{{- $secret := (lookup "v1" "Secret" (include "common.names.namespace" .context) .secret) }}
{{- if $secret }}
{{- true -}}
{{- end -}}
{{- end -}}

28
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_storage.tpl Normal file
View File

@ -0,0 +1,28 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Return the proper Storage Class
{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }}
*/}}
{{- define "common.storage.class" -}}
{{- $storageClass := .persistence.storageClass -}}
{{- if .global -}}
{{- if .global.storageClass -}}
{{- $storageClass = .global.storageClass -}}
{{- end -}}
{{- end -}}
{{- if $storageClass -}}
{{- if (eq "-" $storageClass) -}}
{{- printf "storageClassName: \"\"" -}}
{{- else }}
{{- printf "storageClassName: %s" $storageClass -}}
{{- end -}}
{{- end -}}
{{- end -}}

38
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_tplvalues.tpl Normal file
View File

@ -0,0 +1,38 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Renders a value that contains template perhaps with scope if the scope is present.
Usage:
{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }}
{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }}
*/}}
{{- define "common.tplvalues.render" -}}
{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }}
{{- if contains "{{" (toJson .value) }}
{{- if .scope }}
{{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }}
{{- else }}
{{- tpl $value .context }}
{{- end }}
{{- else }}
{{- $value }}
{{- end }}
{{- end -}}
{{/*
Merge a list of values that contains template after rendering them.
Merge precedence is consistent with http://masterminds.github.io/sprig/dicts.html#merge-mustmerge
Usage:
{{ include "common.tplvalues.merge" ( dict "values" (list .Values.path.to.the.Value1 .Values.path.to.the.Value2) "context" $ ) }}
*/}}
{{- define "common.tplvalues.merge" -}}
{{- $dst := dict -}}
{{- range .values -}}
{{- $dst = include "common.tplvalues.render" (dict "value" . "context" $.context "scope" $.scope) | fromYaml | merge $dst -}}
{{- end -}}
{{ $dst | toYaml }}
{{- end -}}

67
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_utils.tpl Normal file
View File

@ -0,0 +1,67 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Print instructions to get a secret value.
Usage:
{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }}
*/}}
{{- define "common.utils.secret.getvalue" -}}
{{- $varname := include "common.utils.fieldToEnvVar" . -}}
export {{ $varname }}=$(kubectl get secret --namespace {{ include "common.names.namespace" .context | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 -d)
{{- end -}}
{{/*
Build env var name given a field
Usage:
{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }}
*/}}
{{- define "common.utils.fieldToEnvVar" -}}
{{- $fieldNameSplit := splitList "-" .field -}}
{{- $upperCaseFieldNameSplit := list -}}
{{- range $fieldNameSplit -}}
{{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}}
{{- end -}}
{{ join "_" $upperCaseFieldNameSplit }}
{{- end -}}
{{/*
Gets a value from .Values given
Usage:
{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }}
*/}}
{{- define "common.utils.getValueFromKey" -}}
{{- $splitKey := splitList "." .key -}}
{{- $value := "" -}}
{{- $latestObj := $.context.Values -}}
{{- range $splitKey -}}
{{- if not $latestObj -}}
{{- printf "please review the entire path of '%s' exists in values" $.key | fail -}}
{{- end -}}
{{- $value = ( index $latestObj . ) -}}
{{- $latestObj = $value -}}
{{- end -}}
{{- printf "%v" (default "" $value) -}}
{{- end -}}
{{/*
Returns first .Values key with a defined value or first of the list if all non-defined
Usage:
{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }}
*/}}
{{- define "common.utils.getKeyFromList" -}}
{{- $key := first .keys -}}
{{- $reverseKeys := reverse .keys }}
{{- range $reverseKeys }}
{{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }}
{{- if $value -}}
{{- $key = . }}
{{- end -}}
{{- end -}}
{{- printf "%s" $key -}}
{{- end -}}

19
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/_warnings.tpl Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Warning about using rolling tag.
Usage:
{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }}
*/}}
{{- define "common.warnings.rollingTag" -}}
{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }}
WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment.
+info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/
{{- end }}
{{- end -}}

77
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/validations/_cassandra.tpl Normal file
View File

@ -0,0 +1,77 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Validate Cassandra required passwords are not empty.
Usage:
{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret"
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.cassandra.passwords" -}}
{{- $existingSecret := include "common.cassandra.values.existingSecret" . -}}
{{- $enabled := include "common.cassandra.values.enabled" . -}}
{{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}}
{{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.cassandra.values.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.cassandra.values.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.cassandra.dbUser.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.dbUser.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled cassandra.
Usage:
{{ include "common.cassandra.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.cassandra.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.cassandra.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key dbUser
Usage:
{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false
*/}}
{{- define "common.cassandra.values.key.dbUser" -}}
{{- if .subchart -}}
cassandra.dbUser
{{- else -}}
dbUser
{{- end -}}
{{- end -}}

108
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/validations/_mariadb.tpl Normal file
View File

@ -0,0 +1,108 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MariaDB required passwords are not empty.
Usage:
{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret"
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mariadb.passwords" -}}
{{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mariadb.values.enabled" . -}}
{{- $architecture := include "common.mariadb.values.architecture" . -}}
{{- $authPrefix := include "common.mariadb.values.key.auth" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- if not (empty $valueUsername) -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replication") -}}
{{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mariadb.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mariadb.
Usage:
{{ include "common.mariadb.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mariadb.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mariadb.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mariadb.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false
*/}}
{{- define "common.mariadb.values.key.auth" -}}
{{- if .subchart -}}
mariadb.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}

113
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/validations/_mongodb.tpl Normal file
View File

@ -0,0 +1,113 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MongoDB&reg; required passwords are not empty.
Usage:
{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MongoDB&reg; values are stored, e.g: "mongodb-passwords-secret"
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mongodb.passwords" -}}
{{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mongodb.values.enabled" . -}}
{{- $authPrefix := include "common.mongodb.values.key.auth" . -}}
{{- $architecture := include "common.mongodb.values.architecture" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyDatabase := printf "%s.database" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}}
{{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}}
{{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") (eq $authEnabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }}
{{- if and $valueUsername $valueDatabase -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replicaset") -}}
{{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mongodb.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mongodb.
Usage:
{{ include "common.mongodb.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mongodb.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mongodb.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.key.auth" -}}
{{- if .subchart -}}
mongodb.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MongoDB&reg; is used as subchart or not. Default: false
*/}}
{{- define "common.mongodb.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mongodb.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}

108
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/validations/_mysql.tpl Normal file
View File

@ -0,0 +1,108 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Validate MySQL required passwords are not empty.
Usage:
{{ include "common.validations.values.mysql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where MySQL values are stored, e.g: "mysql-passwords-secret"
- subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.mysql.passwords" -}}
{{- $existingSecret := include "common.mysql.values.auth.existingSecret" . -}}
{{- $enabled := include "common.mysql.values.enabled" . -}}
{{- $architecture := include "common.mysql.values.architecture" . -}}
{{- $authPrefix := include "common.mysql.values.key.auth" . -}}
{{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}}
{{- $valueKeyUsername := printf "%s.username" $authPrefix -}}
{{- $valueKeyPassword := printf "%s.password" $authPrefix -}}
{{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mysql-root-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}}
{{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }}
{{- if not (empty $valueUsername) -}}
{{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mysql-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPassword -}}
{{- end -}}
{{- if (eq $architecture "replication") -}}
{{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mysql-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.mysql.values.auth.existingSecret" (dict "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
*/}}
{{- define "common.mysql.values.auth.existingSecret" -}}
{{- if .subchart -}}
{{- .context.Values.mysql.auth.existingSecret | quote -}}
{{- else -}}
{{- .context.Values.auth.existingSecret | quote -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled mysql.
Usage:
{{ include "common.mysql.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.mysql.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.mysql.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for architecture
Usage:
{{ include "common.mysql.values.architecture" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
*/}}
{{- define "common.mysql.values.architecture" -}}
{{- if .subchart -}}
{{- .context.Values.mysql.architecture -}}
{{- else -}}
{{- .context.Values.architecture -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key auth
Usage:
{{ include "common.mysql.values.key.auth" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether MySQL is used as subchart or not. Default: false
*/}}
{{- define "common.mysql.values.key.auth" -}}
{{- if .subchart -}}
mysql.auth
{{- else -}}
auth
{{- end -}}
{{- end -}}

134
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/validations/_postgresql.tpl Normal file
View File

@ -0,0 +1,134 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Validate PostgreSQL required passwords are not empty.
Usage:
{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret"
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.postgresql.passwords" -}}
{{- $existingSecret := include "common.postgresql.values.existingSecret" . -}}
{{- $enabled := include "common.postgresql.values.enabled" . -}}
{{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}}
{{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}}
{{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}}
{{- if (eq $enabledReplication "true") -}}
{{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to decide whether evaluate global values.
Usage:
{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }}
Params:
- key - String - Required. Field to be evaluated within global, e.g: "existingSecret"
*/}}
{{- define "common.postgresql.values.use.global" -}}
{{- if .context.Values.global -}}
{{- if .context.Values.global.postgresql -}}
{{- index .context.Values.global.postgresql .key | quote -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for existingSecret.
Usage:
{{ include "common.postgresql.values.existingSecret" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.existingSecret" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}}
{{- if .subchart -}}
{{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}}
{{- else -}}
{{- default (.context.Values.existingSecret | quote) $globalValue -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled postgresql.
Usage:
{{ include "common.postgresql.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.postgresql.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.postgresql.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key postgressPassword.
Usage:
{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.postgressPassword" -}}
{{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}}
{{- if not $globalValue -}}
{{- if .subchart -}}
postgresql.postgresqlPassword
{{- else -}}
postgresqlPassword
{{- end -}}
{{- else -}}
global.postgresql.postgresqlPassword
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled.replication.
Usage:
{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.enabled.replication" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.postgresql.replication.enabled -}}
{{- else -}}
{{- printf "%v" .context.Values.replication.enabled -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for the key replication.password.
Usage:
{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false
*/}}
{{- define "common.postgresql.values.key.replicationPassword" -}}
{{- if .subchart -}}
postgresql.replication.password
{{- else -}}
replication.password
{{- end -}}
{{- end -}}

81
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/validations/_redis.tpl Normal file
View File

@ -0,0 +1,81 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Validate Redis&reg; required passwords are not empty.
Usage:
{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }}
Params:
- secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret"
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
*/}}
{{- define "common.validations.values.redis.passwords" -}}
{{- $enabled := include "common.redis.values.enabled" . -}}
{{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}}
{{- $standarizedVersion := include "common.redis.values.standarized.version" . }}
{{- $existingSecret := ternary (printf "%s%s" $valueKeyPrefix "auth.existingSecret") (printf "%s%s" $valueKeyPrefix "existingSecret") (eq $standarizedVersion "true") }}
{{- $existingSecretValue := include "common.utils.getValueFromKey" (dict "key" $existingSecret "context" .context) }}
{{- $valueKeyRedisPassword := ternary (printf "%s%s" $valueKeyPrefix "auth.password") (printf "%s%s" $valueKeyPrefix "password") (eq $standarizedVersion "true") }}
{{- $valueKeyRedisUseAuth := ternary (printf "%s%s" $valueKeyPrefix "auth.enabled") (printf "%s%s" $valueKeyPrefix "usePassword") (eq $standarizedVersion "true") }}
{{- if and (or (not $existingSecret) (eq $existingSecret "\"\"")) (eq $enabled "true") -}}
{{- $requiredPasswords := list -}}
{{- $useAuth := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUseAuth "context" .context) -}}
{{- if eq $useAuth "true" -}}
{{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}}
{{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}}
{{- end -}}
{{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right value for enabled redis.
Usage:
{{ include "common.redis.values.enabled" (dict "context" $) }}
*/}}
{{- define "common.redis.values.enabled" -}}
{{- if .subchart -}}
{{- printf "%v" .context.Values.redis.enabled -}}
{{- else -}}
{{- printf "%v" (not .context.Values.enabled) -}}
{{- end -}}
{{- end -}}
{{/*
Auxiliary function to get the right prefix path for the values
Usage:
{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }}
Params:
- subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false
*/}}
{{- define "common.redis.values.keys.prefix" -}}
{{- if .subchart -}}redis.{{- else -}}{{- end -}}
{{- end -}}
{{/*
Checks whether the redis chart's includes the standarizations (version >= 14)
Usage:
{{ include "common.redis.values.standarized.version" (dict "context" $) }}
*/}}
{{- define "common.redis.values.standarized.version" -}}
{{- $standarizedAuth := printf "%s%s" (include "common.redis.values.keys.prefix" .) "auth" -}}
{{- $standarizedAuthValues := include "common.utils.getValueFromKey" (dict "key" $standarizedAuth "context" .context) }}
{{- if $standarizedAuthValues -}}
{{- true -}}
{{- end -}}
{{- end -}}

51
charts/ngrok/kubernetes-ingress-controller/charts/common/templates/validations/_validations.tpl Normal file
View File

@ -0,0 +1,51 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/* vim: set filetype=mustache: */}}
{{/*
Validate values must not be empty.
Usage:
{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}}
{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}}
{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
*/}}
{{- define "common.validations.values.multiple.empty" -}}
{{- range .required -}}
{{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}}
{{- end -}}
{{- end -}}
{{/*
Validate a value must not be empty.
Usage:
{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }}
Validate value params:
- valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password"
- secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret"
- field - String - Optional. Name of the field in the secret data, e.g: "mysql-password"
- subchart - String - Optional - Name of the subchart that the validated password is part of.
*/}}
{{- define "common.validations.values.single.empty" -}}
{{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }}
{{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }}
{{- if not $value -}}
{{- $varname := "my-value" -}}
{{- $getCurrentValue := "" -}}
{{- if and .secret .field -}}
{{- $varname = include "common.utils.fieldToEnvVar" . -}}
{{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}}
{{- end -}}
{{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}}
{{- end -}}
{{- end -}}

8
charts/ngrok/kubernetes-ingress-controller/charts/common/values.yaml Normal file
View File

@ -0,0 +1,8 @@
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
## bitnami/common
## It is required by CI/CD tools and processes.
## @skip exampleValue
##
exampleValue: common-chart

53
charts/ngrok/kubernetes-ingress-controller/templates/NOTES.txt Normal file
View File

@ -0,0 +1,53 @@
================================================================================
The ngrok Ingress controller has been deployed as a Deployment type to your
cluster.
If you haven't yet, create some Ingress resources in your cluster and they will
be automatically configured on the internet using ngrok.
{{- $found := false }}
{{- range $svcIndex, $service := (lookup "v1" "Service" "" "").items }}
{{- if not $found }}
{{- range $portMapIdx, $portMap := $service.spec.ports }}
{{- if eq $portMap.port 80 443 }}
{{- if ne $service.metadata.name "kubernetes" }}
{{- $found = true -}}
{{- $randomStr := randAlphaNum 8 }}
One example, taken from your cluster, is the Service:
{{ $service.metadata.name | quote }}
You can make this accessible via Ngrok with the following manifest:
--------------------------------------------------------------------------------
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $service.metadata.name }}
namespace: {{ $service.metadata.namespace }}
spec:
ingressClassName: ngrok
rules:
- host: {{ $service.metadata.name -}}-{{- $randomStr -}}.ngrok.app
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: {{ $service.metadata.name }}
port:
number: {{ $portMap.port }}
--------------------------------------------------------------------------------
Applying this manifest will make the service {{ $service.metadata.name | quote }}
available on the public internet at "https://{{ $service.metadata.name -}}-{{- $randomStr -}}.ngrok.app/".
{{- end }}
{{- end }}
{{- end }}
{{- end}}
{{- end }}
Once done, view your edges in the Dashboard https://dashboard.ngrok.com/cloud-edge/edges
Find the tunnels running in your cluster here https://dashboard.ngrok.com/tunnels/agents
If you have any questions or feedback, please join us in https://ngrok.com/slack and let us know!

87
charts/ngrok/kubernetes-ingress-controller/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,87 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kubernetes-ingress-controller.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kubernetes-ingress-controller.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "kubernetes-ingress-controller.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default name for the credentials secret name using the helm release
*/}}
{{- define "kubernetes-ingress-controller.credentialsSecretName" -}}
{{- if .Values.credentials.secret.name -}}
{{- .Values.credentials.secret.name -}}
{{- else -}}
{{- printf "%s-credentials" (include "kubernetes-ingress-controller.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "kubernetes-ingress-controller.labels" -}}
helm.sh/chart: {{ include "kubernetes-ingress-controller.chart" . }}
{{ include "kubernetes-ingress-controller.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/part-of: {{ template "kubernetes-ingress-controller.name" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.commonLabels}}
{{ toYaml .Values.commonLabels }}
{{- end }}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "kubernetes-ingress-controller.selectorLabels" -}}
app.kubernetes.io/name: {{ include "kubernetes-ingress-controller.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{/*
Create the name of the controller service account to use
*/}}
{{- define "kubernetes-ingress-controller.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "kubernetes-ingress-controller.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the ngrok/ingress-controller image name
*/}}
{{- define "kubernetes-ingress-controller.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | default .Chart.AppVersion | toString -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}

16
charts/ngrok/kubernetes-ingress-controller/templates/controller-cm.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "kubernetes-ingress-controller.fullname" . }}-manager-config
namespace: {{ .Release.Namespace }}
data:
controller_manager_config.yaml: |
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
kind: ControllerManagerConfig
health:
healthProbeBindAddress: :8081
metrics:
bindAddress: 127.0.0.1:8080
leaderElection:
leaderElect: true
resourceName: {{ include "kubernetes-ingress-controller.fullname" . }}-leader

127
charts/ngrok/kubernetes-ingress-controller/templates/controller-deployment.yaml Normal file
View File

@ -0,0 +1,127 @@
{{- $component := "controller" }}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
{{- include "kubernetes-ingress-controller.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ $component }}
name: {{ include "kubernetes-ingress-controller.fullname" . }}-manager
namespace: {{ .Release.Namespace }}
annotations:
checksum/controller-role: {{ include (print $.Template.BasePath "/rbac/role.yaml") . | sha256sum }}
checksum/rbac: {{ include (print $.Template.BasePath "/controller-rbac.yaml") . | sha256sum }}
spec:
replicas: {{.Values.replicaCount}}
selector:
matchLabels:
{{- include "kubernetes-ingress-controller.selectorLabels" . | nindent 6 }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 6 }}
{{- end }}
app.kubernetes.io/component: {{ $component }}
template:
metadata:
annotations:
{{- if .Values.podAnnotations }}
{{- toYaml .Values.podAnnotations | nindent 8 }}
{{- end }}
prometheus.io/path: /metrics
prometheus.io/port: '8080'
prometheus.io/scrape: 'true'
labels:
{{- include "kubernetes-ingress-controller.selectorLabels" . | nindent 8 }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 8 }}
{{- end }}
app.kubernetes.io/component: {{ $component }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName | quote }}
{{- end }}
{{- if .Values.affinity }}
affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" $component "context" $) | nindent 10 }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" $component "context" $) | nindent 10 }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
serviceAccountName: {{ template "kubernetes-ingress-controller.serviceAccountName" . }}
{{- if .Values.image.pullSecrets }}
imagePullSecrets:
{{- toYaml .Values.image.pullSecrets | nindent 8 }}
{{- end }}
containers:
- name: ngrok-ingress-controller
image: {{ include "kubernetes-ingress-controller.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- /manager
args:
{{- if .Values.region }}
- --region={{ .Values.region}}
{{- end }}
{{- if .Values.serverAddr }}
- --server-addr={{ .Values.serverAddr}}
{{- end }}
{{- if .Values.metaData }}
- --metadata={{- $metadataArgs := list -}}
{{- range $key, $value := .Values.metaData }}
{{- $metadataArgs = append $metadataArgs (printf "%s=%s" $key $value) -}}
{{- end }}
{{- $metadataArgs | join "," }}
{{- end }}
- --controller-name={{ .Values.controllerName }}
{{- if .Values.watchNamespace }}
- --watch-namespace={{ .Values.watchNamespace}}
{{- end }}
- --zap-log-level={{ .Values.log.level }}
- --zap-stacktrace-level={{ .Values.log.stacktraceLevel }}
- --zap-encoder={{ .Values.log.format }}
- --health-probe-bind-address=:8081
- --metrics-bind-address=:8080
- --election-id={{ include "kubernetes-ingress-controller.fullname" . }}-leader
- --manager-name={{ include "kubernetes-ingress-controller.fullname" . }}-manager
securityContext:
allowPrivilegeEscalation: false
env:
- name: NGROK_API_KEY
valueFrom:
secretKeyRef:
key: API_KEY
name: {{ include "kubernetes-ingress-controller.credentialsSecretName" . }}
- name: NGROK_AUTHTOKEN
valueFrom:
secretKeyRef:
key: AUTHTOKEN
name: {{ include "kubernetes-ingress-controller.credentialsSecretName" . }}
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- range $key, $value := .Values.extraEnv }}
- name: {{ $key }}
value: {{- toYaml $value | nindent 12 }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
volumeMounts:
{{ toYaml .Values.extraVolumeMounts | nindent 10 }}
{{- end }}
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
{{- toYaml .Values.resources | nindent 10 }}
{{- if .Values.extraVolumes }}
volumes:
{{ toYaml .Values.extraVolumes | nindent 6 }}
{{- end }}

26
charts/ngrok/kubernetes-ingress-controller/templates/controller-pdb.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- if .Values.podDisruptionBudget.create }}
{{ $component := "controller"}}
---
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "kubernetes-ingress-controller.fullname" . }}-controller-pdb
namespace: {{ .Release.Namespace | quote }}
labels:
{{- include "kubernetes-ingress-controller.labels" . | nindent 4 }}
app.kubernetes.io/component: {{ $component }}
spec:
{{- if .Values.podDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
{{- end }}
{{- if .Values.podDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
{{- end }}
selector:
matchLabels:
{{- include "kubernetes-ingress-controller.selectorLabels" . | nindent 6 }}
{{- if .Values.podLabels }}
{{- toYaml .Values.podLabels | nindent 6 }}
{{- end }}
app.kubernetes.io/component: {{ $component }}
{{- end }}

96
charts/ngrok/kubernetes-ingress-controller/templates/controller-rbac.yaml Normal file
View File

@ -0,0 +1,96 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ngrok-ingress-controller-leader-election-role
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ngrok-ingress-controller-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ngrok-ingress-controller-leader-election-rolebinding
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ngrok-ingress-controller-leader-election-role
subjects:
- kind: ServiceAccount
name: {{ template "kubernetes-ingress-controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ngrok-ingress-controller-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ngrok-ingress-controller-manager-role
subjects:
- kind: ServiceAccount
name: {{ template "kubernetes-ingress-controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ngrok-ingress-controller-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ngrok-ingress-controller-proxy-role
subjects:
- kind: ServiceAccount
name: {{ template "kubernetes-ingress-controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

15
charts/ngrok/kubernetes-ingress-controller/templates/controller-serviceaccount.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.serviceAccount.create -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubernetes-ingress-controller.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kubernetes-ingress-controller.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
{{- if .Values.serviceAccount.annotations }}
annotations:
{{- toYaml .Values.serviceAccount.annotations | nindent 4 }}
{{- end }}
{{- end }}

101
charts/ngrok/kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_domains.yaml Normal file
View File

@ -0,0 +1,101 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: domains.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: Domain
listKind: DomainList
plural: domains
singular: domain
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Domain ID
jsonPath: .status.id
name: ID
type: string
- description: Region
jsonPath: .status.region
name: Region
type: string
- description: Domain
jsonPath: .status.domain
name: Domain
type: string
- description: CNAME Target
jsonPath: .status.cnameTarget
name: CNAME Target
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: Domain is the Schema for the domains API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: DomainSpec defines the desired state of Domain
properties:
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the object
in the ngrok API/Dashboard
type: string
domain:
description: Domain is the domain name to reserve
type: string
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated with
the object in the ngrok API/Dashboard
type: string
region:
description: Region is the region in which to reserve the domain
type: string
required:
- domain
type: object
status:
description: DomainStatus defines the observed state of Domain
properties:
cnameTarget:
description: CNAMETarget is the CNAME target for the domain
type: string
domain:
description: Domain is the domain that was reserved
type: string
id:
description: ID is the unique identifier of the domain
type: string
region:
description: Region is the region in which the domain was created
type: string
uri:
description: URI of the reserved domain API resource
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

1042
charts/ngrok/kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_httpsedges.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

105
charts/ngrok/kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_ippolicies.yaml Normal file
View File

@ -0,0 +1,105 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: ippolicies.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: IPPolicy
listKind: IPPolicyList
plural: ippolicies
singular: ippolicy
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: IPPolicy ID
jsonPath: .status.id
name: ID
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: IPPolicy is the Schema for the ippolicies API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: IPPolicySpec defines the desired state of IPPolicy
properties:
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the object
in the ngrok API/Dashboard
type: string
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated with
the object in the ngrok API/Dashboard
type: string
rules:
description: Rules is a list of rules that belong to the policy
items:
properties:
action:
enum:
- allow
- deny
type: string
cidr:
type: string
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of
the object in the ngrok API/Dashboard
type: string
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated
with the object in the ngrok API/Dashboard
type: string
type: object
type: array
type: object
status:
description: IPPolicyStatus defines the observed state of IPPolicy
properties:
id:
description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
of cluster Important: Run "make" to regenerate code after modifying
this file'
type: string
rules:
items:
properties:
action:
type: string
cidr:
type: string
id:
type: string
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

883
charts/ngrok/kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_ngrokmodulesets.yaml Normal file
View File

@ -0,0 +1,883 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: ngrokmodulesets.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: NgrokModuleSet
listKind: NgrokModuleSetList
plural: ngrokmodulesets
singular: ngrokmoduleset
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NgrokModuleSet is the Schema for the ngrokmodules API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
modules:
properties:
circuitBreaker:
description: CircuitBreaker configuration for this module set
properties:
errorThresholdPercentage:
anyOf:
- type: integer
- type: string
description: Error threshold percentage should be between 0 -
1.0, not 0-100.0
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
numBuckets:
description: Integer number of buckets into which metrics are
retained. Max 128.
format: int32
maximum: 128
minimum: 1
type: integer
rollingWindow:
description: Statistical rolling window duration that metrics
are retained for.
format: duration
type: string
trippedDuration:
description: Duration after which the circuit is tripped to wait
before re-evaluating upstream health
format: duration
type: string
volumeThreshold:
description: Integer number of requests in a rolling window that
will trip the circuit. Helpful if traffic volume is low.
format: int32
type: integer
type: object
compression:
description: Compression configuration for this module set
properties:
enabled:
description: Enabled is whether or not to enable compression for
this endpoint
type: boolean
type: object
headers:
description: Header configuration for this module set
properties:
request:
description: Request headers are the request headers module configuration
or null
properties:
add:
additionalProperties:
type: string
description: a map of header key to header value that will
be injected into the HTTP Request before being sent to the
upstream application server
type: object
remove:
description: a list of header names that will be removed from
the HTTP Request before being sent to the upstream application
server
items:
type: string
type: array
type: object
response:
description: Response headers are the response headers module
configuration or null
properties:
add:
additionalProperties:
type: string
description: a map of header key to header value that will
be injected into the HTTP Response returned to the HTTP
client
type: object
remove:
description: a list of header names that will be removed from
the HTTP Response returned to the HTTP client
items:
type: string
type: array
type: object
type: object
ipRestriction:
description: IPRestriction configuration for this module set
properties:
policies:
items:
type: string
type: array
type: object
oauth:
description: OAuth configuration for this module set
properties:
amazon:
description: configuration for using amazon as the identity provider
properties:
authCheckInterval:
description: Duration after which ngrok guarantees it will
refresh user state from the identity provider and recheck
whether the user is still authorized to access the endpoint.
This is the preferred tunable to use to enforce a minimum
amount of time after which a revoked user will no longer
be able to access the resource.
format: duration
type: string
clientId:
description: the OAuth app client ID. retrieve it from the
identity provider's dashboard where you created your own
OAuth app. optional. if unspecified, ngrok will use its
own managed oauth application which has additional restrictions.
see the OAuth module docs for more details. if present,
clientSecret must be present as well.
type: string
clientSecret:
description: the OAuth app client secret. retrieve if from
the identity provider's dashboard where you created your
own OAuth app. optional, see all of the caveats in the docs
for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: the prefix of the session cookie that ngrok sets
on the http client to cache authentication. default is 'ngrok.'
type: string
emailAddresses:
description: a list of email addresses of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: a list of email domains of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: Duration of inactivity after which if the user
has not accessed the endpoint, their session will time out
and they will be forced to reauthenticate.
format: duration
type: string
maximumDuration:
description: Integer number of seconds of the maximum duration
of an authenticated session. After this period is exceeded,
a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: Do not enforce authentication on HTTP OPTIONS
requests. necessary if you are supporting CORS.
type: boolean
scopes:
description: a list of provider-specific OAuth scopes with
the permissions your OAuth app would like to ask for. these
may not be set if you are using the ngrok-managed oauth
app (i.e. you must pass both client_id and client_secret
to set scopes)
items:
type: string
type: array
type: object
facebook:
description: configuration for using facebook as the identity
provider
properties:
authCheckInterval:
description: Duration after which ngrok guarantees it will
refresh user state from the identity provider and recheck
whether the user is still authorized to access the endpoint.
This is the preferred tunable to use to enforce a minimum
amount of time after which a revoked user will no longer
be able to access the resource.
format: duration
type: string
clientId:
description: the OAuth app client ID. retrieve it from the
identity provider's dashboard where you created your own
OAuth app. optional. if unspecified, ngrok will use its
own managed oauth application which has additional restrictions.
see the OAuth module docs for more details. if present,
clientSecret must be present as well.
type: string
clientSecret:
description: the OAuth app client secret. retrieve if from
the identity provider's dashboard where you created your
own OAuth app. optional, see all of the caveats in the docs
for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: the prefix of the session cookie that ngrok sets
on the http client to cache authentication. default is 'ngrok.'
type: string
emailAddresses:
description: a list of email addresses of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: a list of email domains of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: Duration of inactivity after which if the user
has not accessed the endpoint, their session will time out
and they will be forced to reauthenticate.
format: duration
type: string
maximumDuration:
description: Integer number of seconds of the maximum duration
of an authenticated session. After this period is exceeded,
a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: Do not enforce authentication on HTTP OPTIONS
requests. necessary if you are supporting CORS.
type: boolean
scopes:
description: a list of provider-specific OAuth scopes with
the permissions your OAuth app would like to ask for. these
may not be set if you are using the ngrok-managed oauth
app (i.e. you must pass both client_id and client_secret
to set scopes)
items:
type: string
type: array
type: object
github:
description: configuration for using github as the identity provider
properties:
authCheckInterval:
description: Duration after which ngrok guarantees it will
refresh user state from the identity provider and recheck
whether the user is still authorized to access the endpoint.
This is the preferred tunable to use to enforce a minimum
amount of time after which a revoked user will no longer
be able to access the resource.
format: duration
type: string
clientId:
description: the OAuth app client ID. retrieve it from the
identity provider's dashboard where you created your own
OAuth app. optional. if unspecified, ngrok will use its
own managed oauth application which has additional restrictions.
see the OAuth module docs for more details. if present,
clientSecret must be present as well.
type: string
clientSecret:
description: the OAuth app client secret. retrieve if from
the identity provider's dashboard where you created your
own OAuth app. optional, see all of the caveats in the docs
for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: the prefix of the session cookie that ngrok sets
on the http client to cache authentication. default is 'ngrok.'
type: string
emailAddresses:
description: a list of email addresses of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: a list of email domains of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: Duration of inactivity after which if the user
has not accessed the endpoint, their session will time out
and they will be forced to reauthenticate.
format: duration
type: string
maximumDuration:
description: Integer number of seconds of the maximum duration
of an authenticated session. After this period is exceeded,
a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: Do not enforce authentication on HTTP OPTIONS
requests. necessary if you are supporting CORS.
type: boolean
organizations:
description: a list of github org identifiers. users who are
members of any of the listed organizations will be allowed
access. identifiers should be the organization's 'slug'
items:
type: string
type: array
scopes:
description: a list of provider-specific OAuth scopes with
the permissions your OAuth app would like to ask for. these
may not be set if you are using the ngrok-managed oauth
app (i.e. you must pass both client_id and client_secret
to set scopes)
items:
type: string
type: array
teams:
description: a list of github teams identifiers. users will
be allowed access to the endpoint if they are a member of
any of these teams. identifiers should be in the 'slug'
format qualified with the org name, e.g. org-name/team-name
items:
type: string
type: array
type: object
gitlab:
description: configuration for using gitlab as the identity provider
properties:
authCheckInterval:
description: Duration after which ngrok guarantees it will
refresh user state from the identity provider and recheck
whether the user is still authorized to access the endpoint.
This is the preferred tunable to use to enforce a minimum
amount of time after which a revoked user will no longer
be able to access the resource.
format: duration
type: string
clientId:
description: the OAuth app client ID. retrieve it from the
identity provider's dashboard where you created your own
OAuth app. optional. if unspecified, ngrok will use its
own managed oauth application which has additional restrictions.
see the OAuth module docs for more details. if present,
clientSecret must be present as well.
type: string
clientSecret:
description: the OAuth app client secret. retrieve if from
the identity provider's dashboard where you created your
own OAuth app. optional, see all of the caveats in the docs
for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: the prefix of the session cookie that ngrok sets
on the http client to cache authentication. default is 'ngrok.'
type: string
emailAddresses:
description: a list of email addresses of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: a list of email domains of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: Duration of inactivity after which if the user
has not accessed the endpoint, their session will time out
and they will be forced to reauthenticate.
format: duration
type: string
maximumDuration:
description: Integer number of seconds of the maximum duration
of an authenticated session. After this period is exceeded,
a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: Do not enforce authentication on HTTP OPTIONS
requests. necessary if you are supporting CORS.
type: boolean
scopes:
description: a list of provider-specific OAuth scopes with
the permissions your OAuth app would like to ask for. these
may not be set if you are using the ngrok-managed oauth
app (i.e. you must pass both client_id and client_secret
to set scopes)
items:
type: string
type: array
type: object
google:
description: configuration for using google as the identity provider
properties:
authCheckInterval:
description: Duration after which ngrok guarantees it will
refresh user state from the identity provider and recheck
whether the user is still authorized to access the endpoint.
This is the preferred tunable to use to enforce a minimum
amount of time after which a revoked user will no longer
be able to access the resource.
format: duration
type: string
clientId:
description: the OAuth app client ID. retrieve it from the
identity provider's dashboard where you created your own
OAuth app. optional. if unspecified, ngrok will use its
own managed oauth application which has additional restrictions.
see the OAuth module docs for more details. if present,
clientSecret must be present as well.
type: string
clientSecret:
description: the OAuth app client secret. retrieve if from
the identity provider's dashboard where you created your
own OAuth app. optional, see all of the caveats in the docs
for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: the prefix of the session cookie that ngrok sets
on the http client to cache authentication. default is 'ngrok.'
type: string
emailAddresses:
description: a list of email addresses of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: a list of email domains of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: Duration of inactivity after which if the user
has not accessed the endpoint, their session will time out
and they will be forced to reauthenticate.
format: duration
type: string
maximumDuration:
description: Integer number of seconds of the maximum duration
of an authenticated session. After this period is exceeded,
a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: Do not enforce authentication on HTTP OPTIONS
requests. necessary if you are supporting CORS.
type: boolean
scopes:
description: a list of provider-specific OAuth scopes with
the permissions your OAuth app would like to ask for. these
may not be set if you are using the ngrok-managed oauth
app (i.e. you must pass both client_id and client_secret
to set scopes)
items:
type: string
type: array
type: object
linkedin:
description: configuration for using linkedin as the identity
provider
properties:
authCheckInterval:
description: Duration after which ngrok guarantees it will
refresh user state from the identity provider and recheck
whether the user is still authorized to access the endpoint.
This is the preferred tunable to use to enforce a minimum
amount of time after which a revoked user will no longer
be able to access the resource.
format: duration
type: string
clientId:
description: the OAuth app client ID. retrieve it from the
identity provider's dashboard where you created your own
OAuth app. optional. if unspecified, ngrok will use its
own managed oauth application which has additional restrictions.
see the OAuth module docs for more details. if present,
clientSecret must be present as well.
type: string
clientSecret:
description: the OAuth app client secret. retrieve if from
the identity provider's dashboard where you created your
own OAuth app. optional, see all of the caveats in the docs
for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: the prefix of the session cookie that ngrok sets
on the http client to cache authentication. default is 'ngrok.'
type: string
emailAddresses:
description: a list of email addresses of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: a list of email domains of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: Duration of inactivity after which if the user
has not accessed the endpoint, their session will time out
and they will be forced to reauthenticate.
format: duration
type: string
maximumDuration:
description: Integer number of seconds of the maximum duration
of an authenticated session. After this period is exceeded,
a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: Do not enforce authentication on HTTP OPTIONS
requests. necessary if you are supporting CORS.
type: boolean
scopes:
description: a list of provider-specific OAuth scopes with
the permissions your OAuth app would like to ask for. these
may not be set if you are using the ngrok-managed oauth
app (i.e. you must pass both client_id and client_secret
to set scopes)
items:
type: string
type: array
type: object
microsoft:
description: configuration for using microsoft as the identity
provider
properties:
authCheckInterval:
description: Duration after which ngrok guarantees it will
refresh user state from the identity provider and recheck
whether the user is still authorized to access the endpoint.
This is the preferred tunable to use to enforce a minimum
amount of time after which a revoked user will no longer
be able to access the resource.
format: duration
type: string
clientId:
description: the OAuth app client ID. retrieve it from the
identity provider's dashboard where you created your own
OAuth app. optional. if unspecified, ngrok will use its
own managed oauth application which has additional restrictions.
see the OAuth module docs for more details. if present,
clientSecret must be present as well.
type: string
clientSecret:
description: the OAuth app client secret. retrieve if from
the identity provider's dashboard where you created your
own OAuth app. optional, see all of the caveats in the docs
for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: the prefix of the session cookie that ngrok sets
on the http client to cache authentication. default is 'ngrok.'
type: string
emailAddresses:
description: a list of email addresses of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: a list of email domains of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: Duration of inactivity after which if the user
has not accessed the endpoint, their session will time out
and they will be forced to reauthenticate.
format: duration
type: string
maximumDuration:
description: Integer number of seconds of the maximum duration
of an authenticated session. After this period is exceeded,
a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: Do not enforce authentication on HTTP OPTIONS
requests. necessary if you are supporting CORS.
type: boolean
scopes:
description: a list of provider-specific OAuth scopes with
the permissions your OAuth app would like to ask for. these
may not be set if you are using the ngrok-managed oauth
app (i.e. you must pass both client_id and client_secret
to set scopes)
items:
type: string
type: array
type: object
twitch:
description: configuration for using twitch as the identity provider
properties:
authCheckInterval:
description: Duration after which ngrok guarantees it will
refresh user state from the identity provider and recheck
whether the user is still authorized to access the endpoint.
This is the preferred tunable to use to enforce a minimum
amount of time after which a revoked user will no longer
be able to access the resource.
format: duration
type: string
clientId:
description: the OAuth app client ID. retrieve it from the
identity provider's dashboard where you created your own
OAuth app. optional. if unspecified, ngrok will use its
own managed oauth application which has additional restrictions.
see the OAuth module docs for more details. if present,
clientSecret must be present as well.
type: string
clientSecret:
description: the OAuth app client secret. retrieve if from
the identity provider's dashboard where you created your
own OAuth app. optional, see all of the caveats in the docs
for clientId.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: the prefix of the session cookie that ngrok sets
on the http client to cache authentication. default is 'ngrok.'
type: string
emailAddresses:
description: a list of email addresses of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
emailDomains:
description: a list of email domains of users authenticated
by identity provider who are allowed access to the endpoint
items:
type: string
type: array
inactivityTimeout:
description: Duration of inactivity after which if the user
has not accessed the endpoint, their session will time out
and they will be forced to reauthenticate.
format: duration
type: string
maximumDuration:
description: Integer number of seconds of the maximum duration
of an authenticated session. After this period is exceeded,
a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: Do not enforce authentication on HTTP OPTIONS
requests. necessary if you are supporting CORS.
type: boolean
scopes:
description: a list of provider-specific OAuth scopes with
the permissions your OAuth app would like to ask for. these
may not be set if you are using the ngrok-managed oauth
app (i.e. you must pass both client_id and client_secret
to set scopes)
items:
type: string
type: array
type: object
type: object
oidc:
description: OIDC configuration for this module set
properties:
clientId:
description: The OIDC app's client ID and OIDC audience.
type: string
clientSecret:
description: The OIDC app's client secret.
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
cookiePrefix:
description: the prefix of the session cookie that ngrok sets
on the http client to cache authentication. default is 'ngrok.'
type: string
inactivityTimeout:
description: Duration of inactivity after which if the user has
not accessed the endpoint, their session will time out and they
will be forced to reauthenticate.
format: duration
type: string
issuer:
description: URL of the OIDC "OpenID provider". This is the base
URL used for discovery.
type: string
maximumDuration:
description: The maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
optionsPassthrough:
description: Do not enforce authentication on HTTP OPTIONS requests.
necessary if you are supporting CORS.
type: boolean
scopes:
description: The set of scopes to request from the OIDC identity
provider.
items:
type: string
type: array
type: object
saml:
description: SAML configuration for this module set
properties:
allowIdpInitiated:
description: If true, the IdP may initiate a login directly (e.g.
the user does not need to visit the endpoint first and then
be redirected). The IdP should set the RelayState parameter
to the target URL of the resource they want the user to be redirected
to after the SAML login assertion has been processed.
type: boolean
authorizedGroups:
description: If present, only users who are a member of one of
the listed groups may access the target endpoint.
items:
type: string
type: array
cookiePrefix:
description: the prefix of the session cookie that ngrok sets
on the http client to cache authentication. default is 'ngrok.'
type: string
forceAuthn:
description: If true, indicates that whenever we redirect a user
to the IdP for authentication that the IdP must prompt the user
for authentication credentials even if the user already has
a valid session with the IdP.
type: boolean
idpMetadata:
description: The full XML IdP EntityDescriptor. Your IdP may provide
this to you as a a file to download or as a URL.
type: string
inactivityTimeout:
description: Duration of inactivity after which if the user has
not accessed the endpoint, their session will time out and they
will be forced to reauthenticate.
format: duration
type: string
maximumDuration:
description: The maximum duration of an authenticated session.
After this period is exceeded, a user must reauthenticate.
format: duration
type: string
nameidFormat:
description: Defines the name identifier format the SP expects
the IdP to use in its assertions to identify subjects. If unspecified,
a default value of urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
will be used. A subset of the allowed values enumerated by the
SAML specification are supported.
type: string
optionsPassthrough:
description: Do not enforce authentication on HTTP OPTIONS requests.
necessary if you are supporting CORS.
type: boolean
type: object
tlsTermination:
description: TLSTermination configuration for this module set
properties:
minVersion:
description: MinVersion is the minimum TLS version to allow for
connections to the edge
type: string
type: object
webhookVerification:
description: WebhookVerification configuration for this module set
properties:
provider:
description: a string indicating which webhook provider will be
sending webhooks to this endpoint. Value must be one of the
supported providers defined at https://ngrok.com/docs/cloud-edge#webhook-verification
type: string
secret:
description: SecretRef is a reference to a secret containing the
secret used to validate requests from the given provider. All
providers except AWS SNS require a secret
properties:
key:
description: Key in the secret to use
type: string
name:
description: Name of the Kubernetes secret
type: string
type: object
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}

121
charts/ngrok/kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_tcpedges.yaml Normal file
View File

@ -0,0 +1,121 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: tcpedges.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: TCPEdge
listKind: TCPEdgeList
plural: tcpedges
singular: tcpedge
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Domain ID
jsonPath: .status.id
name: ID
type: string
- description: Hostports
jsonPath: .status.hostports
name: Hostports
type: string
- description: Tunnel Group Backend ID
jsonPath: .status.backend.id
name: Backend ID
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: TCPEdge is the Schema for the tcpedges API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TCPEdgeSpec defines the desired state of TCPEdge
properties:
backend:
description: Backend is the definition for the tunnel group backend
that serves traffic for this edge
properties:
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the
object in the ngrok API/Dashboard
type: string
labels:
additionalProperties:
type: string
description: Labels to watch for tunnels on this backend
type: object
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated
with the object in the ngrok API/Dashboard
type: string
type: object
description:
default: Created by kubernetes-ingress-controller
description: Description is a human-readable description of the object
in the ngrok API/Dashboard
type: string
ipRestriction:
description: IPRestriction is an IPRestriction to apply to this route
properties:
policies:
items:
type: string
type: array
type: object
metadata:
default: '{"owned-by":"kubernetes-ingress-controller"}'
description: Metadata is a string of arbitrary data associated with
the object in the ngrok API/Dashboard
type: string
type: object
status:
description: TCPEdgeStatus defines the observed state of TCPEdge
properties:
backend:
description: Backend stores the status of the tunnel group backend,
mainly the ID of the backend
properties:
id:
description: ID is the unique identifier for this backend
type: string
type: object
hostports:
description: Hostports served by this edge
items:
type: string
type: array
id:
description: ID is the unique identifier for this edge
type: string
uri:
description: URI is the URI of the edge
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

70
charts/ngrok/kubernetes-ingress-controller/templates/crds/ingress.k8s.ngrok.com_tunnels.yaml Normal file
View File

@ -0,0 +1,70 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: tunnels.ingress.k8s.ngrok.com
spec:
group: ingress.k8s.ngrok.com
names:
kind: Tunnel
listKind: TunnelList
plural: tunnels
singular: tunnel
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Service/port to forward to
jsonPath: .spec.forwardsTo
name: ForwardsTo
type: string
- description: Age
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: Tunnel is the Schema for the tunnels API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TunnelSpec defines the desired state of Tunnel
properties:
backend:
description: The configuration for backend connections to services
properties:
protocol:
type: string
type: object
forwardsTo:
description: ForwardsTo is the name and port of the service to forward
traffic to
type: string
labels:
additionalProperties:
type: string
description: Labels are key/value pairs that are attached to the tunnel
type: object
type: object
status:
description: TunnelStatus defines the observed state of Tunnel
type: object
type: object
served: true
storage: true
subresources:
status: {}

11
charts/ngrok/kubernetes-ingress-controller/templates/credentials-secret.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if or (not (empty .Values.credentials.apiKey)) (not (empty .Values.credentials.authtoken)) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "kubernetes-ingress-controller.credentialsSecretName" .}}
namespace: {{ .Release.Namespace }}
type: Opaque
data:
API_KEY: {{ required "An ngrok API key is required" .Values.credentials.apiKey | b64enc }}
AUTHTOKEN: {{ required "An ngrok Authtoken is required" .Values.credentials.authtoken | b64enc }}
{{ end }}

15
charts/ngrok/kubernetes-ingress-controller/templates/ingress-class.yaml Normal file
View File

@ -0,0 +1,15 @@
{{- if .Values.ingressClass.create -}}
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
{{- include "kubernetes-ingress-controller.labels" . | nindent 4 }}
app.kubernetes.io/component: controller
name: {{ .Values.ingressClass.name }}
{{- if .Values.ingressClass.default }}
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
{{- end }}
spec:
controller: {{ .Values.controllerName }}
{{- end}}

Some files were not shown because too many files have changed in this diff Show More