feat(stable): BREAKING CHANGE migrate to new common part 5 (#8615)
**Description** <!-- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change. --> ⚒️ Fixes # <!--(issue)--> **⚙️ Type of change** - [ ] ⚙️ Feature/App addition - [ ] 🪛 Bugfix - [ ] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [ ] 🔃 Refactor of current code **🧪 How Has This Been Tested?** <!-- Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration --> **📃 Notes:** <!-- Please enter any other relevant information here --> **✔️ Checklist:** - [ ] ⚖️ My code follows the style guidelines of this project - [ ] 👀 I have performed a self-review of my own code - [ ] #️⃣ I have commented my code, particularly in hard-to-understand areas - [ ] 📄 I have made corresponding changes to the documentation - [ ] ⚠️ My changes generate no new warnings - [ ] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [ ] ⬆️ I increased versions for any altered app according to semantic versioning **➕ App addition** If this PR is an app addition please make sure you have done the following. - [ ] 🪞 I have opened a PR on [truecharts/containers](https://github.com/truecharts/containers) adding the container to TrueCharts mirror repo. - [ ] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._
This commit is contained in:
committed by
GitHub
parent
a761da70fd
commit
cc4a7edb53
@@ -3,7 +3,7 @@ appVersion: "1.0.1"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
version: 12.6.1
|
||||
description: ClamAV is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.
|
||||
home: https://truecharts.org/charts/stable/clamav
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/clamav.png
|
||||
@@ -21,9 +21,8 @@ sources:
|
||||
- https://github.com/Cisco-Talos/clamav
|
||||
- https://docs.clamav.net/
|
||||
type: application
|
||||
version: 5.0.16
|
||||
version: 6.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- utilities
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -8,46 +8,46 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: CLAMAV_NO_CLAMD
|
||||
label: "NO CLAMD"
|
||||
description: "Do not start clamd."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CLAMAV_NO_FRESHCLAMD
|
||||
label: "NO FRESHCLAMD"
|
||||
description: "Do not start the freshclam daemon."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CLAMAV_NO_MILTERD
|
||||
label: "NO MILTERD"
|
||||
description: "Do not start the clamav-milter daemon."
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: CLAMD_STARTUP_TIMEOUT
|
||||
label: "STARTUP TIMEOUT"
|
||||
description: "Seconds to wait for clamd to start."
|
||||
schema:
|
||||
type: int
|
||||
default: 1800
|
||||
- variable: FRESHCLAM_CHECKS
|
||||
label: "FRESHCLAM CHECKS "
|
||||
description: "Freshclam daily update frequency."
|
||||
schema:
|
||||
type: int
|
||||
default: 1
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: CLAMAV_NO_CLAMD
|
||||
label: "NO CLAMD"
|
||||
description: "Do not start clamd."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CLAMAV_NO_FRESHCLAMD
|
||||
label: "NO FRESHCLAMD"
|
||||
description: "Do not start the freshclam daemon."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: CLAMAV_NO_MILTERD
|
||||
label: "NO MILTERD"
|
||||
description: "Do not start the clamav-milter daemon."
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: CLAMD_STARTUP_TIMEOUT
|
||||
label: "STARTUP TIMEOUT"
|
||||
description: "Seconds to wait for clamd to start."
|
||||
schema:
|
||||
type: int
|
||||
default: 1800
|
||||
- variable: FRESHCLAM_CHECKS
|
||||
label: "FRESHCLAM CHECKS "
|
||||
description: "Freshclam daily update frequency."
|
||||
schema:
|
||||
type: int
|
||||
default: 1
|
||||
- variable: clamav
|
||||
group: "App Configuration"
|
||||
label: "ClamAV Cron Configuration"
|
||||
@@ -99,7 +99,9 @@ questions:
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
@@ -194,12 +196,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1,85 +1,60 @@
|
||||
{{/* Define the cronjob */}}
|
||||
{{- define "clamav.cronjob" -}}
|
||||
{{- $jobName := include "tc.common.names.fullname" . }}
|
||||
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: {{ printf "%s-cronjob" $jobName }}
|
||||
labels:
|
||||
{{- include "tc.common.labels" . | nindent 4 }}
|
||||
spec:
|
||||
schedule: "{{ .Values.clamav.cron_schedule }}"
|
||||
concurrencyPolicy: Forbid
|
||||
{{- with .Values.cronjob.failedJobsHistoryLimit }}
|
||||
failedJobsHistoryLimit: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.cronjob.successfulJobsHistoryLimit }}
|
||||
successfulJobsHistoryLimit: {{ . }}
|
||||
{{- end }}
|
||||
jobTemplate:
|
||||
metadata:
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
{{- with (include "tc.common.controller.volumes" . | trim) }}
|
||||
volumes:
|
||||
{{- nindent 12 . }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
env:
|
||||
- name: date_format
|
||||
value: {{ .Values.clamav.date_format }}
|
||||
- name: log_file_name
|
||||
value: {{ .Values.clamav.log_file_name }}
|
||||
- name: report_path
|
||||
value: {{ .Values.clamav.report_path | trimSuffix "/" }}
|
||||
- name: extra_args
|
||||
value: {{ .Values.clamav.extra_args }}
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- >
|
||||
export databasePath=/var/lib/clamav;
|
||||
if [ "$(ls -A $databasePath)" ];
|
||||
then
|
||||
echo "Virus database exists...";
|
||||
else
|
||||
echo "Virus database does not exist yet...";
|
||||
echo "Exiting...";
|
||||
exit 1;
|
||||
fi;
|
||||
export status=99;
|
||||
export now=$(date ${date_format});
|
||||
export log_file=$report_path/${log_file_name}_${now};
|
||||
touch $log_file;
|
||||
echo "Starting scan of \"/scandir\"";
|
||||
echo "Args for clamscan: --database=${databasePath} --log=$log_file --recursive ${extra_args}";
|
||||
clamscan --database=${databasePath} --log=$log_file --recursive ${extra_args} /scandir;
|
||||
status=$?;
|
||||
if [ $status -eq 0 ];
|
||||
then
|
||||
echo "Exit Status: $status";
|
||||
echo "No Virus found!";
|
||||
elif [ $status -eq 1 ];
|
||||
then
|
||||
echo "Exit Status: $status.";
|
||||
echo "Virus(es) found. Check \"${log_file}\".";
|
||||
elif [ $status -eq 2 ];
|
||||
then
|
||||
echo "Exit Status: $status.";
|
||||
echo "Some error(s) occured.";
|
||||
else
|
||||
echo "Exit Status: $status.";
|
||||
fi;
|
||||
{{- with (include "tc.common.controller.volumeMounts" . | trim) }}
|
||||
volumeMounts:
|
||||
{{ nindent 16 . }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 16 }}
|
||||
enabled: true
|
||||
type: "CronJob"
|
||||
schedule: "0 8 * * *"
|
||||
podSpec:
|
||||
restartPolicy: Never
|
||||
containers:
|
||||
cron:
|
||||
enabled: true
|
||||
primary: true
|
||||
imageSelector: "image"
|
||||
env:
|
||||
date_format: {{ .Values.clamav.date_format }}
|
||||
log_file_name: {{ .Values.clamav.log_file_name }}
|
||||
report_path: {{ .Values.clamav.report_path | trimSuffix "/" }}
|
||||
extra_args: {{ .Values.clamav.extra_args }}
|
||||
command: ["sh", "-c"]
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
readiness:
|
||||
enabled: false
|
||||
startup:
|
||||
enabled: false
|
||||
args:
|
||||
- >
|
||||
export databasePath=/var/lib/clamav;
|
||||
if [ "$(ls -A $databasePath)" ];
|
||||
then
|
||||
echo "Virus database exists...";
|
||||
else
|
||||
echo "Virus database does not exist yet...";
|
||||
echo "Exiting...";
|
||||
exit 1;
|
||||
fi;
|
||||
export status=99;
|
||||
export now=$(date ${date_format});
|
||||
export log_file=$report_path/${log_file_name}_${now};
|
||||
touch $log_file;
|
||||
echo "Starting scan of \"/scandir\"";
|
||||
echo "Args for clamscan: --database=${databasePath} --log=$log_file --recursive ${extra_args}";
|
||||
clamscan --database=${databasePath} --log=$log_file --recursive ${extra_args} /scandir;
|
||||
status=$?;
|
||||
if [ $status -eq 0 ];
|
||||
then
|
||||
echo "Exit Status: $status";
|
||||
echo "No Virus found!";
|
||||
elif [ $status -eq 1 ];
|
||||
then
|
||||
echo "Exit Status: $status.";
|
||||
echo "Virus(es) found. Check \"${log_file}\".";
|
||||
elif [ $status -eq 2 ];
|
||||
then
|
||||
echo "Exit Status: $status.";
|
||||
echo "Some error(s) occured.";
|
||||
else
|
||||
echo "Exit Status: $status.";
|
||||
fi;
|
||||
{{- end -}}
|
||||
|
||||
@@ -1,10 +1,13 @@
|
||||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.common.loader.init" . }}
|
||||
{{- include "tc.v1.common.loader.init" . }}
|
||||
|
||||
{{- if and .Values.clamav.cron_enabled .Values.clamav.cron_schedule}}
|
||||
{{/* Render cronjob for clamav */}}
|
||||
{{- include "clamav.cronjob" . }}
|
||||
{{- $cronjob := include "clamav.cronjob" . | fromYaml -}}
|
||||
{{- if $cronjob -}}
|
||||
{{- $_ := set .Values.workload "cron" $cronjob -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.common.loader.apply" . }}
|
||||
{{ include "tc.v1.common.loader.apply" . }}
|
||||
|
||||
@@ -3,58 +3,29 @@ image:
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 1.0.1@sha256:6f09199cb0e4ef83356dfe08c5d19d6af65513c3e73792312068036925acda75
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
env:
|
||||
CLAMAV_NO_CLAMD: false
|
||||
CLAMAV_NO_FRESHCLAMD: false
|
||||
CLAMAV_NO_MILTERD: true
|
||||
CLAMD_STARTUP_TIMEOUT: 1800
|
||||
FRESHCLAM_CHECKS: 1
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
clamav:
|
||||
report_path: "/logs"
|
||||
# User Defined
|
||||
|
||||
cron_enabled: true
|
||||
cron_schedule: "* * * * *"
|
||||
date_format: "+%m-%d-%Y_%H.%M.%S"
|
||||
log_file_name: "clamscan_report"
|
||||
extra_args: ""
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
custom: true
|
||||
spec:
|
||||
exec:
|
||||
command:
|
||||
- clamdcheck.sh
|
||||
readiness:
|
||||
enabled: true
|
||||
custom: true
|
||||
spec:
|
||||
exec:
|
||||
command:
|
||||
- clamdcheck.sh
|
||||
startup:
|
||||
enabled: true
|
||||
custom: true
|
||||
spec:
|
||||
exec:
|
||||
command:
|
||||
- clamdcheck.sh
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 3310
|
||||
protocol: http
|
||||
targetPort: 3310
|
||||
milter:
|
||||
enabled: true
|
||||
@@ -62,6 +33,7 @@ service:
|
||||
milter:
|
||||
enabled: true
|
||||
port: 7357
|
||||
protocol: http
|
||||
targetPort: 7357
|
||||
|
||||
cronjob:
|
||||
@@ -69,17 +41,49 @@ cronjob:
|
||||
failedJobsHistoryLimit: 5
|
||||
successfulJobsHistoryLimit: 2
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
type: exec
|
||||
command:
|
||||
- clamdcheck.sh
|
||||
readiness:
|
||||
enabled: true
|
||||
type: exec
|
||||
command:
|
||||
- clamdcheck.sh
|
||||
startup:
|
||||
enabled: true
|
||||
type: exec
|
||||
command:
|
||||
- clamdcheck.sh
|
||||
env:
|
||||
CLAMAV_NO_CLAMD: false
|
||||
CLAMAV_NO_FRESHCLAMD: false
|
||||
CLAMAV_NO_MILTERD: true
|
||||
CLAMD_STARTUP_TIMEOUT: 1800
|
||||
FRESHCLAM_CHECKS: 1
|
||||
|
||||
persistence:
|
||||
sigdatabase:
|
||||
enabled: true
|
||||
mountPath: "/var/lib/clamav"
|
||||
mountPath: /var/lib/clamav
|
||||
targetSelectAll: true
|
||||
scandir:
|
||||
enabled: true
|
||||
mountPath: "/scandir"
|
||||
mountPath: /scandir
|
||||
readOnly: true
|
||||
targetSelectAll: true
|
||||
logs:
|
||||
enabled: true
|
||||
mountPath: "/logs"
|
||||
mountPath: /logs
|
||||
targetSelectAll: true
|
||||
|
||||
portal:
|
||||
enabled: false
|
||||
open:
|
||||
enabled: false
|
||||
|
||||
@@ -3,11 +3,8 @@ appVersion: "1.8.7"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://deps.truecharts.org/
|
||||
version: 11.0.31
|
||||
version: 12.6.1
|
||||
|
||||
description: Commento++ is a free, open source, fast & lightweight comments box that you can embed in your static website instead of Disqus.
|
||||
home: https://truecharts.org/charts/stable/commento-plusplus
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/commento-plusplus.png
|
||||
@@ -22,9 +19,8 @@ name: commento-plusplus
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/commento-plusplus
|
||||
- https://github.com/souramoo/commentoplusplus
|
||||
version: 6.0.23
|
||||
version: 7.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -10,90 +10,91 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: COMMENTO_ORIGIN
|
||||
label: "COMMENTO_ORIGIN"
|
||||
description: "This should be set to the subdomain or the IP address hosting Commento. All API requests will go to this server. This may include subdirectories if Commento is hosted behind a reverse proxy, for example. Include the protocol in the value to use HTTP/HTTPS."
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: COMMENTO_FORBID_NEW_OWNERS
|
||||
label: "COMMENTO_FORBID_NEW_OWNERS"
|
||||
description: "Used to disable new dashboard registrations. Useful if you are the only person using Commento on your server. Does not impact the creation of accounts for your readers."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: COMMENTO_GZIP_STATIC
|
||||
label: "COMMENTO_GZIP_STATIC"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: COMMENTO_ENABLE_WILDCARDS
|
||||
label: "COMMENTO_ENABLE_WILDCARDS"
|
||||
description: "Allows use of wildcards in domain names in the admin dashboard. (e.g. if you share your commento instance with more than one admin/allow new registrations)"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: COMMENTO_ENABLE_LOGGING
|
||||
label: "COMMENTO_ENABLE_LOGGING"
|
||||
description: "Should we log every page view? This will allow you to see stats but will fill up your free postgres database quite quickly."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: smpt_config
|
||||
label: "Enable SMTP"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: SMTP_SKIP_HOST_VERIFY
|
||||
label: "SMTP_SKIP_HOST_VERIFY"
|
||||
description: "Allows skipping of host verification for SMTP email sending."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: COMMENTO_SMTP_USERNAME
|
||||
label: "COMMENTO_SMTP_USERNAME"
|
||||
description: "SMTP credentials and configuration the server should use to send emails."
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: COMMENTO_SMTP_PASSWORD
|
||||
label: "COMMENTO_SMTP_PASSWORD"
|
||||
description: "SMTP credentials and configuration the server should use to send emails."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: COMMENTO_SMTP_HOST
|
||||
label: "COMMENTO_SMTP_HOST"
|
||||
description: "SMTP credentials and configuration the server should use to send emails."
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: COMMENTO_SMTP_FROM_ADDRESS
|
||||
label: "COMMENTO_SMTP_FROM_ADDRESS"
|
||||
description: "SMTP credentials and configuration the server should use to send emails."
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: COMMENTO_SMTP_PORT
|
||||
label: "COMMENTO_SMTP_PORT"
|
||||
description: "SMTP credentials and configuration the server should use to send emails."
|
||||
schema:
|
||||
type: int
|
||||
default: 587
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: COMMENTO_ORIGIN
|
||||
label: "COMMENTO_ORIGIN"
|
||||
description: "This should be set to the subdomain or the IP address hosting Commento. All API requests will go to this server. This may include subdirectories if Commento is hosted behind a reverse proxy, for example. Include the protocol in the value to use HTTP/HTTPS."
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: COMMENTO_FORBID_NEW_OWNERS
|
||||
label: "COMMENTO_FORBID_NEW_OWNERS"
|
||||
description: "Used to disable new dashboard registrations. Useful if you are the only person using Commento on your server. Does not impact the creation of accounts for your readers."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: COMMENTO_GZIP_STATIC
|
||||
label: "COMMENTO_GZIP_STATIC"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: COMMENTO_ENABLE_WILDCARDS
|
||||
label: "COMMENTO_ENABLE_WILDCARDS"
|
||||
description: "Allows use of wildcards in domain names in the admin dashboard. (e.g. if you share your commento instance with more than one admin/allow new registrations)"
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: COMMENTO_ENABLE_LOGGING
|
||||
label: "COMMENTO_ENABLE_LOGGING"
|
||||
description: "Should we log every page view? This will allow you to see stats but will fill up your free postgres database quite quickly."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: smpt_config
|
||||
label: "Enable SMTP"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: SMTP_SKIP_HOST_VERIFY
|
||||
label: "SMTP_SKIP_HOST_VERIFY"
|
||||
description: "Allows skipping of host verification for SMTP email sending."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: COMMENTO_SMTP_USERNAME
|
||||
label: "COMMENTO_SMTP_USERNAME"
|
||||
description: "SMTP credentials and configuration the server should use to send emails."
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: COMMENTO_SMTP_PASSWORD
|
||||
label: "COMMENTO_SMTP_PASSWORD"
|
||||
description: "SMTP credentials and configuration the server should use to send emails."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: COMMENTO_SMTP_HOST
|
||||
label: "COMMENTO_SMTP_HOST"
|
||||
description: "SMTP credentials and configuration the server should use to send emails."
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: COMMENTO_SMTP_FROM_ADDRESS
|
||||
label: "COMMENTO_SMTP_FROM_ADDRESS"
|
||||
description: "SMTP credentials and configuration the server should use to send emails."
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: COMMENTO_SMTP_PORT
|
||||
label: "COMMENTO_SMTP_PORT"
|
||||
description: "SMTP credentials and configuration the server should use to send emails."
|
||||
schema:
|
||||
type: int
|
||||
default: 587
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
@@ -141,12 +142,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1 +1 @@
|
||||
{{ include "tc.common.loader.all" . }}
|
||||
{{ include "tc.v1.common.loader.all" . }}
|
||||
|
||||
@@ -3,36 +3,51 @@ image:
|
||||
tag: v1.8.7@sha256:9e64c97771e6d875c465fd047bc98978c7ffc4ff6c0841a878c790753a8cfca1
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
env:
|
||||
COMMENTO_PORT: "{{ .Values.service.main.ports.main.port }}"
|
||||
# User Defined
|
||||
COMMENTO_FORBID_NEW_OWNERS: false
|
||||
COMMENTO_GZIP_STATIC: true
|
||||
COMMENTO_ORIGIN: "http://localhost:8080"
|
||||
COMMENTO_ENABLE_WILDCARDS: true
|
||||
COMMENTO_ENABLE_LOGGING: false
|
||||
SMTP_SKIP_HOST_VERIFY: false
|
||||
COMMENTO_SMTP_USERNAME: ""
|
||||
COMMENTO_SMTP_PASSWORD: ""
|
||||
COMMENTO_SMTP_HOST: ""
|
||||
COMMENTO_SMTP_FROM_ADDRESS: ""
|
||||
COMMENTO_SMTP_PORT: 587
|
||||
COMMENTO_POSTGRES:
|
||||
secretKeyRef:
|
||||
name: dbcreds
|
||||
key: urlnossl
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 10240
|
||||
protocol: http
|
||||
|
||||
postgresql:
|
||||
enabled: true
|
||||
existingSecret: "dbcreds"
|
||||
postgresqlUsername: comment-plusplus
|
||||
postgresqlDatabase: comment-plusplus
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
startup:
|
||||
type: tcp
|
||||
env:
|
||||
COMMENTO_PORT: "{{ .Values.service.main.ports.main.port }}"
|
||||
# User Defined
|
||||
|
||||
COMMENTO_FORBID_NEW_OWNERS: false
|
||||
COMMENTO_GZIP_STATIC: true
|
||||
COMMENTO_ORIGIN: "http://localhost:8080"
|
||||
COMMENTO_ENABLE_WILDCARDS: true
|
||||
COMMENTO_ENABLE_LOGGING: false
|
||||
SMTP_SKIP_HOST_VERIFY: false
|
||||
COMMENTO_SMTP_USERNAME: ""
|
||||
COMMENTO_SMTP_PASSWORD: ""
|
||||
COMMENTO_SMTP_HOST: ""
|
||||
COMMENTO_SMTP_FROM_ADDRESS: ""
|
||||
COMMENTO_SMTP_PORT: 587
|
||||
COMMENTO_POSTGRES:
|
||||
secretKeyRef:
|
||||
name: cnpg-main-urls
|
||||
key: std
|
||||
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
user: comment-plusplus
|
||||
database: comment-plusplus
|
||||
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: true
|
||||
|
||||
@@ -3,7 +3,7 @@ appVersion: "0.20.2297"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
version: 12.6.1
|
||||
deprecated: false
|
||||
description: Advanced tool to create your own TrueCharts-based App
|
||||
home: https://truecharts.org/charts/stable/custom-app
|
||||
@@ -19,9 +19,8 @@ name: custom-app
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/custom-app
|
||||
type: application
|
||||
version: 7.0.23
|
||||
version: 8.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- custom
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -28,10 +28,6 @@ serviceList:
|
||||
port: 9119
|
||||
targetPort: 9119
|
||||
|
||||
env:
|
||||
{}
|
||||
# PUID: 1001
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
|
||||
@@ -41,11 +41,13 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
# Include{controllerExpertCommand}
|
||||
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
- variable: probes
|
||||
group: "App Configuration"
|
||||
label: "Healthcheck Probes"
|
||||
@@ -276,12 +278,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1 +1 @@
|
||||
{{ include "tc.common.loader.all" . }}
|
||||
{{ include "tc.v1.common.loader.all" . }}
|
||||
|
||||
@@ -4,4 +4,18 @@ image:
|
||||
tag: 0.20.2297@sha256:4de1541011cb56935ba5a8e28a58f6cbcf62a903393dc94581eda0b6e2aa117c
|
||||
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: false
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
startup:
|
||||
type: tcp
|
||||
|
||||
@@ -3,7 +3,7 @@ appVersion: "23.0.1"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
version: 12.6.1
|
||||
deprecated: false
|
||||
description: Dedicated App for using Docker-Compose on TrueNAS SCALE
|
||||
home: https://truecharts.org/charts/stable/docker-compose
|
||||
@@ -20,9 +20,8 @@ name: docker-compose
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/docker-compose
|
||||
type: application
|
||||
version: 5.0.26
|
||||
version: 6.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- docker
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -8,23 +8,24 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: COMPOSE_FILE
|
||||
label: Docker Compose File
|
||||
description: Path on the host of the compose file you want to load. You MUST mount the storage yourself
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
- variable: env
|
||||
group: App Configuration
|
||||
label: Image Environment
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: COMPOSE_FILE
|
||||
label: Docker Compose File
|
||||
description: Path on the host of the compose file you want to load. You MUST mount the storage yourself
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceExpertRoot}
|
||||
default: true
|
||||
# Include{serviceExpert}
|
||||
@@ -32,28 +33,27 @@ questions:
|
||||
# Include{persistenceList}
|
||||
# Include{securityContextRoot}
|
||||
|
||||
- variable: runAsUser
|
||||
label: runAsUser
|
||||
description: The UserID of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: runAsGroup
|
||||
description: The groupID this App of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsUser
|
||||
label: "runAsUser"
|
||||
description: "The UserID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
- variable: fsGroup
|
||||
label: fsGroup
|
||||
description: The group that should own ALL storage.
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
|
||||
- variable: fsGroup
|
||||
label: "fsGroup"
|
||||
description: "The group that should own ALL storage."
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{ingressList}
|
||||
# Include{resources}
|
||||
# Include{advanced}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1 +1 @@
|
||||
{{ include "tc.common.loader.all" . }}
|
||||
{{ include "tc.v1.common.loader.all" . }}
|
||||
|
||||
@@ -2,53 +2,27 @@ image:
|
||||
repository: tccr.io/truecharts/docker-in-docker
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 23.0.1@sha256:118421527d72dd07061e074781b8fee99bb6dc50c5f76e0453e69a1095c25bc2
|
||||
|
||||
controller:
|
||||
# -- Set the controller type.
|
||||
# Valid options are deployment, daemonset or statefulset
|
||||
type: statefulset
|
||||
# -- Number of desired pods
|
||||
replicas: 1
|
||||
# -- Set the controller upgrade strategy
|
||||
# For Deployments, valid values are Recreate (default) and RollingUpdate.
|
||||
# For StatefulSets, valid values are OnDelete and RollingUpdate (default).
|
||||
# DaemonSets ignore this.
|
||||
strategy: RollingUpdate
|
||||
rollingUpdate:
|
||||
# -- Set deployment RollingUpdate max unavailable
|
||||
unavailable: 1
|
||||
# -- Set deployment RollingUpdate max surge
|
||||
surge:
|
||||
# -- Set statefulset RollingUpdate partition
|
||||
partition:
|
||||
# -- ReplicaSet revision history limit
|
||||
revisionHistoryLimit: 3
|
||||
hostNetwork: true
|
||||
|
||||
securityContext:
|
||||
privileged: true
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: true
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
fsGroup: 0
|
||||
|
||||
hostNetwork: true
|
||||
container:
|
||||
privileged: true
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: true
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
fsGroup: 0
|
||||
|
||||
service:
|
||||
main:
|
||||
enabled: true
|
||||
type: ClusterIP
|
||||
ports:
|
||||
main:
|
||||
port: 2376
|
||||
type: HTTPS
|
||||
|
||||
env:
|
||||
DOCKER_TLS_CERTDIR: /certs
|
||||
COMPOSE_FILE: ""
|
||||
|
||||
lifecycle:
|
||||
postStart:
|
||||
exec:
|
||||
@@ -67,20 +41,31 @@ lifecycle:
|
||||
else
|
||||
echo "COMPOSE_FILE not set, not auto-loading compose-file" >> /proc/1/fd/1;
|
||||
fi
|
||||
probes:
|
||||
liveness:
|
||||
spec:
|
||||
initialDelaySeconds: 30
|
||||
readiness:
|
||||
spec:
|
||||
initialDelaySeconds: 30
|
||||
startup:
|
||||
spec:
|
||||
initialDelaySeconds: 30
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
probes:
|
||||
liveness:
|
||||
initialDelaySeconds: 30
|
||||
type: tcp
|
||||
readiness:
|
||||
initialDelaySeconds: 30
|
||||
type: tcp
|
||||
startup:
|
||||
initialDelaySeconds: 30
|
||||
type: tcp
|
||||
env:
|
||||
DOCKER_TLS_CERTDIR: /certs
|
||||
COMPOSE_FILE: ""
|
||||
|
||||
type: StatefulSet
|
||||
replicas: 1
|
||||
strategy: RollingUpdate
|
||||
|
||||
persistence:
|
||||
varrun:
|
||||
enabled: false
|
||||
docker-certs-ca:
|
||||
enabled: true
|
||||
mountPath: /config
|
||||
@@ -94,4 +79,5 @@ volumeClaimTemplates:
|
||||
mountPath: /var/lib/docker
|
||||
|
||||
portal:
|
||||
enabled: false
|
||||
open:
|
||||
enabled: false
|
||||
|
||||
@@ -3,7 +3,7 @@ appVersion: "23.02.2"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
version: 12.6.1
|
||||
deprecated: false
|
||||
description: FileBot is the ultimate tool for organizing and renaming your movies, tv shows or anime, and music well as downloading subtitles and artwork. It's smart and just works.
|
||||
home: https://truecharts.org/charts/stable/filebot
|
||||
@@ -21,9 +21,8 @@ sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/filebot
|
||||
- https://github.com/jlesage/docker-filebot
|
||||
type: application
|
||||
version: 3.0.13
|
||||
version: 4.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -11,23 +11,23 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: VNC_PASSWORD
|
||||
label: "VNC_PASSWORD"
|
||||
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
- variable: secretEnv
|
||||
group: "App Configuration"
|
||||
label: "Image Secrets"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: VNC_PASSWORD
|
||||
label: "VNC_PASSWORD"
|
||||
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: filebot
|
||||
group: "App Configuration"
|
||||
label: "FileBot Configuration"
|
||||
@@ -232,7 +232,9 @@ questions:
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
@@ -335,12 +337,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1 +1 @@
|
||||
{{ include "tc.common.loader.all" . }}
|
||||
{{ include "tc.v1.common.loader.all" . }}
|
||||
|
||||
@@ -4,12 +4,11 @@ image:
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
service:
|
||||
main:
|
||||
@@ -25,13 +24,6 @@ service:
|
||||
port: 10269
|
||||
targetPort: 5900
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: '{{ include "tc.common.names.fullname" . }}-filebot'
|
||||
|
||||
secretEnv:
|
||||
VNC_PASSWORD: ""
|
||||
|
||||
filebot:
|
||||
KEEP_APP_RUNNING: false
|
||||
DISPLAY_WIDTH: 1280
|
||||
@@ -87,19 +79,43 @@ configmap:
|
||||
AMC_INSTALL_PKGS: "{{ .Values.filebot.AMC_INSTALL_PKGS }}"
|
||||
USE_FILEBOT_BETA: '{{ ternary "1" "0" .Values.filebot.USE_FILEBOT_BETA }}'
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
- KILL
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
startup:
|
||||
type: tcp
|
||||
env:
|
||||
VNC_PASSWORD: ""
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "filebot"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
mountPath: "/config"
|
||||
mountPath: /config
|
||||
storage:
|
||||
enabled: true
|
||||
mountPath: "/storage"
|
||||
mountPath: /storage
|
||||
watch:
|
||||
enabled: true
|
||||
mountPath: "/watch"
|
||||
mountPath: /watch
|
||||
output:
|
||||
enabled: true
|
||||
mountPath: "/output"
|
||||
mountPath: /output
|
||||
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: true
|
||||
|
||||
@@ -3,15 +3,12 @@ appVersion: "1.18.5"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://deps.truecharts.org/
|
||||
version: 11.0.31
|
||||
version: 12.6.1
|
||||
|
||||
- condition: memcached.enabled
|
||||
name: memcached
|
||||
repository: https://deps.truecharts.org/
|
||||
version: 5.0.31
|
||||
version: 6.0.15
|
||||
deprecated: false
|
||||
description: Self hosted GIT repositories
|
||||
home: https://truecharts.org/charts/stable/gitea
|
||||
@@ -34,9 +31,8 @@ sources:
|
||||
- https://gitea.com/gitea/helm-chart
|
||||
- https://github.com/go-gitea/gitea
|
||||
type: application
|
||||
version: 12.0.31
|
||||
version: 13.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- GIT
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -0,0 +1,106 @@
|
||||
Business Source License 1.1
|
||||
|
||||
Parameters
|
||||
|
||||
Licensor: The TrueCharts Project, it's owner and it's contributors
|
||||
Licensed Work: The TrueCharts "Blocky" Helm Chart
|
||||
Additional Use Grant: You may use the licensed work in production, as long
|
||||
as it is directly sourced from a TrueCharts provided
|
||||
official repository, catalog or source. You may also make private
|
||||
modification to the directly sourced licenced work,
|
||||
when used in production.
|
||||
|
||||
The following cases are, due to their nature, also
|
||||
defined as 'production use' and explicitly prohibited:
|
||||
- Bundling, including or displaying the licensed work
|
||||
with(in) another work intended for production use,
|
||||
with the apparent intend of facilitating and/or
|
||||
promoting production use by third parties in
|
||||
violation of this license.
|
||||
|
||||
Change Date: 2050-01-01
|
||||
|
||||
Change License: 3-clause BSD license
|
||||
|
||||
For information about alternative licensing arrangements for the Software,
|
||||
please contact: legal@truecharts.org
|
||||
|
||||
Notice
|
||||
|
||||
The Business Source License (this document, or the “License”) is not an Open
|
||||
Source license. However, the Licensed Work will eventually be made available
|
||||
under an Open Source License, as stated in this License.
|
||||
|
||||
License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
|
||||
“Business Source License” is a trademark of MariaDB Corporation Ab.
|
||||
|
||||
-----------------------------------------------------------------------------
|
||||
|
||||
Business Source License 1.1
|
||||
|
||||
Terms
|
||||
|
||||
The Licensor hereby grants you the right to copy, modify, create derivative
|
||||
works, redistribute, and make non-production use of the Licensed Work. The
|
||||
Licensor may make an Additional Use Grant, above, permitting limited
|
||||
production use.
|
||||
|
||||
Effective on the Change Date, or the fourth anniversary of the first publicly
|
||||
available distribution of a specific version of the Licensed Work under this
|
||||
License, whichever comes first, the Licensor hereby grants you rights under
|
||||
the terms of the Change License, and the rights granted in the paragraph
|
||||
above terminate.
|
||||
|
||||
If your use of the Licensed Work does not comply with the requirements
|
||||
currently in effect as described in this License, you must purchase a
|
||||
commercial license from the Licensor, its affiliated entities, or authorized
|
||||
resellers, or you must refrain from using the Licensed Work.
|
||||
|
||||
All copies of the original and modified Licensed Work, and derivative works
|
||||
of the Licensed Work, are subject to this License. This License applies
|
||||
separately for each version of the Licensed Work and the Change Date may vary
|
||||
for each version of the Licensed Work released by Licensor.
|
||||
|
||||
You must conspicuously display this License on each original or modified copy
|
||||
of the Licensed Work. If you receive the Licensed Work in original or
|
||||
modified form from a third party, the terms and conditions set forth in this
|
||||
License apply to your use of that work.
|
||||
|
||||
Any use of the Licensed Work in violation of this License will automatically
|
||||
terminate your rights under this License for the current and all other
|
||||
versions of the Licensed Work.
|
||||
|
||||
This License does not grant you any right in any trademark or logo of
|
||||
Licensor or its affiliates (provided that you may use a trademark or logo of
|
||||
Licensor as expressly required by this License).
|
||||
|
||||
TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
|
||||
AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
|
||||
EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
|
||||
TITLE.
|
||||
|
||||
MariaDB hereby grants you permission to use this License’s text to license
|
||||
your works, and to refer to it using the trademark “Business Source License”,
|
||||
as long as you comply with the Covenants of Licensor below.
|
||||
|
||||
Covenants of Licensor
|
||||
|
||||
In consideration of the right to use this License’s text and the “Business
|
||||
Source License” name and trademark, Licensor covenants to MariaDB, and to all
|
||||
other recipients of the licensed work to be provided by Licensor:
|
||||
|
||||
1. To specify as the Change License the GPL Version 2.0 or any later version,
|
||||
or a license that is compatible with GPL Version 2.0 or a later version,
|
||||
where “compatible” means that software provided under the Change License can
|
||||
be included in a program with software provided under GPL Version 2.0 or a
|
||||
later version. Licensor may specify additional Change Licenses without
|
||||
limitation.
|
||||
|
||||
2. To either: (a) specify an additional grant of rights to use that does not
|
||||
impose any additional restriction on the right granted in this License, as
|
||||
the Additional Use Grant; or (b) insert the text “None”.
|
||||
|
||||
3. To specify a Change Date.
|
||||
|
||||
4. Not to modify this License in any other way.
|
||||
@@ -10,10 +10,12 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
- variable: admin
|
||||
group: "App Configuration"
|
||||
label: "Admin Credentials"
|
||||
@@ -195,12 +197,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 1000
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 1000
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 1000
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1,10 +1,6 @@
|
||||
{{/* Define the configmap */}}
|
||||
{{- define "gitea.configmap" -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: gitea-env
|
||||
enabled: true
|
||||
data:
|
||||
GITEA_APP_INI: "/data/gitea/conf/app.ini"
|
||||
GITEA_CUSTOM: "/data/gitea"
|
||||
@@ -16,5 +12,4 @@ data:
|
||||
SSH_LISTEN_PORT: {{ .Values.service.ssh.ports.ssh.targetPort | quote }}
|
||||
TMPDIR: "/tmp/gitea"
|
||||
GNUPGHOME: "/data/git/.gnupg"
|
||||
|
||||
{{- end -}}
|
||||
|
||||
@@ -1,246 +1,233 @@
|
||||
{{/* Define the secrets */}}
|
||||
{{- define "gitea.secrets" -}}
|
||||
|
||||
---
|
||||
{{ $DOMAIN := .Values.config.nodeIP | quote -}}
|
||||
{{ $URL := (printf "http://%s/" .Values.config.nodeIP) }}
|
||||
{{- $pgHost := printf "%v-cnpg-main-rw" (include "tc.v1.common.lib.chart.names.fullname" $) -}}
|
||||
|
||||
{{- if and (.Values.ingress.main.enabled) (gt (len .Values.ingress.main.hosts) 0) -}}
|
||||
{{- $DOMAIN = (index .Values.ingress.main.hosts 0).host -}}
|
||||
{{- $URL = (printf "https://%s/" (index .Values.ingress.main.hosts 0).host) -}}
|
||||
{{- end -}}
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "tc.common.names.fullname" . }}
|
||||
labels:
|
||||
{{- include "tc.common.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
app.ini: |-
|
||||
APP_NAME = {{ .Values.config.APP_NAME }}
|
||||
RUN_MODE = {{ .Values.config.RUN_MODE }}
|
||||
secret:
|
||||
enabled: true
|
||||
data:
|
||||
app.ini: |-
|
||||
APP_NAME = {{ .Values.config.APP_NAME }}
|
||||
RUN_MODE = {{ .Values.config.RUN_MODE }}
|
||||
|
||||
[cache]
|
||||
ADAPTER = memcache
|
||||
ENABLED = true
|
||||
HOST = {{ printf "%v-%v:%v" .Release.Name "memcached" "11211" }}
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if eq $catvalue.name "cache" }}
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
[cache]
|
||||
ADAPTER = memcache
|
||||
ENABLED = true
|
||||
HOST = {{ printf "%v-%v:%v" .Release.Name "memcached" "11211" }}
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if eq $catvalue.name "cache" }}
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
[database]
|
||||
DB_TYPE = postgres
|
||||
HOST = {{ printf "%v-%v:%v" .Release.Name "postgresql" "5432" }}
|
||||
NAME = {{ .Values.postgresql.postgresqlDatabase }}
|
||||
PASSWD = {{ .Values.postgresql.postgresqlPassword }}
|
||||
USER = {{ .Values.postgresql.postgresqlUsername }}
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if eq $catvalue.name "database" }}
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
[database]
|
||||
DB_TYPE = postgres
|
||||
HOST = {{ printf "%v:5432" $pgHost }}
|
||||
NAME = {{ .Values.cnpg.main.database }}
|
||||
PASSWD = {{ .Values.cnpg.main.creds.password }}
|
||||
USER = {{ .Values.cnpg.main.user }}
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if eq $catvalue.name "database" }}
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
[metrics]
|
||||
ENABLED = {{ .Values.metrics.enabled }}
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if eq $catvalue.name "metrics" }}
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
[metrics]
|
||||
ENABLED = {{ .Values.metrics.enabled }}
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if eq $catvalue.name "metrics" }}
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
[repository]
|
||||
ROOT = /data/git/gitea-repositories
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if eq $catvalue.name "repository" }}
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
[repository]
|
||||
ROOT = /data/git/gitea-repositories
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if eq $catvalue.name "repository" }}
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if eq $catvalue.name "security" }}
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
[security]
|
||||
INSTALL_LOCK = true
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if eq $catvalue.name "security" }}
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
[webhook]
|
||||
ALLOWED_HOST_LIST = {{ .Values.config.ALLOWED_HOST_LIST }}
|
||||
[webhook]
|
||||
ALLOWED_HOST_LIST = {{ .Values.config.ALLOWED_HOST_LIST }}
|
||||
|
||||
[server]
|
||||
APP_DATA_PATH = /data
|
||||
DOMAIN = {{ $DOMAIN }}
|
||||
ENABLE_PPROF = false
|
||||
HTTP_PORT = {{ .Values.service.main.ports.main.targetPort }}
|
||||
PROTOCOL = http
|
||||
ROOT_URL = {{ $URL }}
|
||||
SSH_DOMAIN = {{ $DOMAIN }}
|
||||
SSH_LISTEN_PORT = {{ .Values.service.ssh.ports.ssh.targetPort }}
|
||||
SSH_PORT = {{ .Values.service.ssh.ports.ssh.port }}
|
||||
START_SSH_SERVER = true
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if eq $catvalue.name "server" }}
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
[server]
|
||||
APP_DATA_PATH = /data
|
||||
DOMAIN = {{ $DOMAIN }}
|
||||
ENABLE_PPROF = false
|
||||
HTTP_PORT = {{ .Values.service.main.ports.main.targetPort }}
|
||||
PROTOCOL = http
|
||||
ROOT_URL = {{ $URL }}
|
||||
SSH_DOMAIN = {{ $DOMAIN }}
|
||||
SSH_LISTEN_PORT = {{ .Values.service.ssh.ports.ssh.targetPort }}
|
||||
SSH_PORT = {{ .Values.service.ssh.ports.ssh.port }}
|
||||
START_SSH_SERVER = true
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if eq $catvalue.name "server" }}
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if not ( or ( eq $catvalue.name "server" ) ( eq $catvalue.name "server" ) ( eq $catvalue.name "security" ) ( eq $catvalue.name "repository" ) ( eq $catvalue.name "metrics" ) ( eq $catvalue.name "database" ) ( eq $catvalue.name "cache" ) ) }}
|
||||
[{{ $catvalue.name }}]
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $catindex, $catvalue := .Values.customConfig }}
|
||||
{{- if not ( or ( eq $catvalue.name "server" ) ( eq $catvalue.name "server" ) ( eq $catvalue.name "security" ) ( eq $catvalue.name "repository" ) ( eq $catvalue.name "metrics" ) ( eq $catvalue.name "database" ) ( eq $catvalue.name "cache" ) ) }}
|
||||
[{{ $catvalue.name }}]
|
||||
{{- range $index, $value := $catvalue.keys }}
|
||||
{{ $value.name }} = {{ $value.value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
---
|
||||
init:
|
||||
enabled: true
|
||||
data:
|
||||
init_directory_structure.sh: |-
|
||||
#!/usr/bin/env bash
|
||||
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: {{ include "tc.common.names.fullname" . }}-init
|
||||
labels:
|
||||
{{- include "tc.common.labels" . | nindent 4 }}
|
||||
type: Opaque
|
||||
stringData:
|
||||
init_directory_structure.sh: |-
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
set -euo pipefail
|
||||
{{- if .Values.initPreScript }}
|
||||
# BEGIN: initPreScript
|
||||
{{- with .Values.initPreScript -}}
|
||||
{{ . | nindent 4}}
|
||||
{{- end -}}
|
||||
# END: initPreScript
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.initPreScript }}
|
||||
# BEGIN: initPreScript
|
||||
{{- with .Values.initPreScript -}}
|
||||
{{ . | nindent 4}}
|
||||
{{- end -}}
|
||||
# END: initPreScript
|
||||
{{- end }}
|
||||
set -x
|
||||
|
||||
set -x
|
||||
mkdir -p /data/git/.ssh
|
||||
chmod -R 700 /data/git/.ssh
|
||||
[ ! -d /data/gitea ] && mkdir -p /data/gitea/conf
|
||||
|
||||
mkdir -p /data/git/.ssh
|
||||
chmod -R 700 /data/git/.ssh
|
||||
[ ! -d /data/gitea ] && mkdir -p /data/gitea/conf
|
||||
# prepare temp directory structure
|
||||
mkdir -p "${GITEA_TEMP}"
|
||||
chown -Rf {{ .Values.securityContext.container.runAsUser }}:{{ .Values.securityContext.pod.fsGroup }} "${GITEA_TEMP}"
|
||||
chmod ug+rwx "${GITEA_TEMP}"
|
||||
|
||||
# prepare temp directory structure
|
||||
mkdir -p "${GITEA_TEMP}"
|
||||
chown -Rf {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} "${GITEA_TEMP}"
|
||||
chmod ug+rwx "${GITEA_TEMP}"
|
||||
# Copy config file to writable volume
|
||||
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
|
||||
chown -Rf {{ .Values.securityContext.container.runAsUser }}:{{ .Values.securityContext.pod.fsGroup }} "/data"
|
||||
chmod a+rwx /data/gitea/conf/app.ini
|
||||
|
||||
# Copy config file to writable volume
|
||||
cp /etc/gitea/conf/app.ini /data/gitea/conf/app.ini
|
||||
chown -Rf {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} "/data"
|
||||
chmod a+rwx /data/gitea/conf/app.ini
|
||||
# Patch dockercontainer for dynamic users
|
||||
chown -Rf {{ .Values.securityContext.container.runAsUser }}:{{ .Values.securityContext.pod.fsGroup }} "/var/lib/gitea"
|
||||
|
||||
# Patch dockercontainer for dynamic users
|
||||
chown -Rf {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} "/var/lib/gitea"
|
||||
configure_gitea.sh: |-
|
||||
#!/usr/bin/env bash
|
||||
|
||||
configure_gitea.sh: |-
|
||||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
set -euo pipefail
|
||||
|
||||
|
||||
# Connection retry inspired by https://gist.github.com/dublx/e99ea94858c07d2ca6de
|
||||
function test_db_connection() {
|
||||
local RETRY=0
|
||||
local MAX=30
|
||||
# Connection retry inspired by https://gist.github.com/dublx/e99ea94858c07d2ca6de
|
||||
function test_db_connection() {
|
||||
local RETRY=0
|
||||
local MAX=30
|
||||
|
||||
echo 'Wait for database to become avialable...'
|
||||
until [ "${RETRY}" -ge "${MAX}" ]; do
|
||||
nc -vz -w2 {{ printf "%v-%v" .Release.Name "postgresql" }} 5432 && break
|
||||
RETRY=$[${RETRY}+1]
|
||||
echo "...not ready yet (${RETRY}/${MAX})"
|
||||
done
|
||||
echo 'Wait for database to become avialable...'
|
||||
until [ "${RETRY}" -ge "${MAX}" ]; do
|
||||
nc -vz -w2 {{ $pgHost }} 5432 && break
|
||||
RETRY=$[${RETRY}+1]
|
||||
echo "...not ready yet (${RETRY}/${MAX})"
|
||||
done
|
||||
|
||||
if [ "${RETRY}" -ge "${MAX}" ]; then
|
||||
echo "Database not reachable after '${MAX}' attempts!"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
if [ "${RETRY}" -ge "${MAX}" ]; then
|
||||
echo "Database not reachable after '${MAX}' attempts!"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
test_db_connection
|
||||
test_db_connection
|
||||
|
||||
|
||||
echo '==== BEGIN GITEA MIGRATION ===='
|
||||
echo '==== BEGIN GITEA MIGRATION ===='
|
||||
|
||||
gitea migrate
|
||||
gitea migrate
|
||||
|
||||
echo '==== BEGIN GITEA CONFIGURATION ===='
|
||||
echo '==== BEGIN GITEA CONFIGURATION ===='
|
||||
|
||||
{{- if or .Values.admin.existingSecret (and .Values.admin.username .Values.admin.password) }}
|
||||
function configure_admin_user() {
|
||||
local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\|{{ .Values.admin.email }}\s\+" | awk -F " " "{printf \$1}")
|
||||
if [[ -z "${ACCOUNT_ID}" ]]; then
|
||||
echo "No admin user '${GITEA_ADMIN_USERNAME}' found, neither email '{{ .Values.admin.email }}' is assigned to an admin. Creating now..."
|
||||
gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.admin.email | quote }} --must-change-password=false
|
||||
echo '...created.'
|
||||
else
|
||||
echo "Admin account '${GITEA_ADMIN_USERNAME}' or email {{ .Values.admin.email }} already exist. Running update to sync password..."
|
||||
gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"
|
||||
echo '...password sync done.'
|
||||
fi
|
||||
}
|
||||
{{- if or .Values.admin.existingSecret (and .Values.admin.username .Values.admin.password) }}
|
||||
function configure_admin_user() {
|
||||
local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\|{{ .Values.admin.email }}\s\+" | awk -F " " "{printf \$1}")
|
||||
if [[ -z "${ACCOUNT_ID}" ]]; then
|
||||
echo "No admin user '${GITEA_ADMIN_USERNAME}' found, neither email '{{ .Values.admin.email }}' is assigned to an admin. Creating now..."
|
||||
gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.admin.email | quote }} --must-change-password=false
|
||||
echo '...created.'
|
||||
else
|
||||
echo "Admin account '${GITEA_ADMIN_USERNAME}' or email {{ .Values.admin.email }} already exist. Running update to sync password..."
|
||||
gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"
|
||||
echo '...password sync done.'
|
||||
fi
|
||||
}
|
||||
|
||||
configure_admin_user
|
||||
{{- end }}
|
||||
configure_admin_user
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.ldap.enabled }}
|
||||
function configure_ldap() {
|
||||
local LDAP_NAME={{ (printf "%s" .Values.ldap.name) | squote }}
|
||||
local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}")
|
||||
{{- if .Values.ldap.enabled }}
|
||||
function configure_ldap() {
|
||||
local LDAP_NAME={{ (printf "%s" .Values.ldap.name) | squote }}
|
||||
local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}")
|
||||
|
||||
if [[ -z "${GITEA_AUTH_ID}" ]]; then
|
||||
echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..."
|
||||
gitea admin auth add-ldap {{- include "gitea.ldap_settings" . | indent 1 }}
|
||||
echo '...installed.'
|
||||
else
|
||||
echo "Existing ldap configuration with name '${LDAP_NAME}': '${GITEA_AUTH_ID}'. Running update to sync settings..."
|
||||
gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" {{- include "gitea.ldap_settings" . | indent 1 }}
|
||||
echo '...sync settings done.'
|
||||
fi
|
||||
}
|
||||
if [[ -z "${GITEA_AUTH_ID}" ]]; then
|
||||
echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..."
|
||||
gitea admin auth add-ldap {{- include "gitea.ldap_settings" . | indent 1 }}
|
||||
echo '...installed.'
|
||||
else
|
||||
echo "Existing ldap configuration with name '${LDAP_NAME}': '${GITEA_AUTH_ID}'. Running update to sync settings..."
|
||||
gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" {{- include "gitea.ldap_settings" . | indent 1 }}
|
||||
echo '...sync settings done.'
|
||||
fi
|
||||
}
|
||||
|
||||
configure_ldap
|
||||
{{- end }}
|
||||
configure_ldap
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.oauth.enabled }}
|
||||
function configure_oauth() {
|
||||
local OAUTH_NAME={{ (printf "%s" .Values.oauth.name) | squote }}
|
||||
local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}")
|
||||
{{- if .Values.oauth.enabled }}
|
||||
function configure_oauth() {
|
||||
local OAUTH_NAME={{ (printf "%s" .Values.oauth.name) | squote }}
|
||||
local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}")
|
||||
|
||||
if [[ -z "${AUTH_ID}" ]]; then
|
||||
echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..."
|
||||
gitea admin auth add-oauth {{- include "gitea.oauth_settings" . | indent 1 }}
|
||||
echo '...installed.'
|
||||
else
|
||||
echo "Existing oauth configuration with name '${OAUTH_NAME}': '${AUTH_ID}'. Running update to sync settings..."
|
||||
gitea admin auth update-oauth --id "${AUTH_ID}" {{- include "gitea.oauth_settings" . | indent 1 }}
|
||||
echo '...sync settings done.'
|
||||
fi
|
||||
}
|
||||
if [[ -z "${AUTH_ID}" ]]; then
|
||||
echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..."
|
||||
gitea admin auth add-oauth {{- include "gitea.oauth_settings" . | indent 1 }}
|
||||
echo '...installed.'
|
||||
else
|
||||
echo "Existing oauth configuration with name '${OAUTH_NAME}': '${AUTH_ID}'. Running update to sync settings..."
|
||||
gitea admin auth update-oauth --id "${AUTH_ID}" {{- include "gitea.oauth_settings" . | indent 1 }}
|
||||
echo '...sync settings done.'
|
||||
fi
|
||||
}
|
||||
|
||||
configure_oauth
|
||||
{{- end }}
|
||||
|
||||
echo '==== END GITEA CONFIGURATION ===='
|
||||
configure_oauth
|
||||
{{- end }}
|
||||
|
||||
echo '==== END GITEA CONFIGURATION ===='
|
||||
|
||||
{{- end -}}
|
||||
|
||||
@@ -1,33 +1,47 @@
|
||||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.common.loader.init" . }}
|
||||
{{- include "tc.v1.common.loader.init" . }}
|
||||
|
||||
{{/* Render secrets for gitea */}}
|
||||
{{- include "gitea.secrets" . }}
|
||||
{{- $secrets := include "gitea.secrets" . | fromYaml -}}
|
||||
{{- if $secrets -}}
|
||||
{{- $_ := mustMergeOverwrite .Values.secret $secrets -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Render configmap for gitea */}}
|
||||
{{- include "gitea.configmap" . }}
|
||||
{{- $configmap := include "gitea.configmap" . | fromYaml -}}
|
||||
{{- if $configmap -}}
|
||||
{{- $_ := set .Values.configmap "gitea-env" $configmap -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Append the general secret volumes to the volumes */}}
|
||||
{{- define "gitea.initvolume" -}}
|
||||
enabled: "true"
|
||||
mountPath: "/secrets/ini"
|
||||
enabled: true
|
||||
readOnly: true
|
||||
type: "custom"
|
||||
volumeSpec:
|
||||
secret:
|
||||
secretName: {{ include "tc.common.names.fullname" . }}-init
|
||||
defaultMode: 0777
|
||||
type: secret
|
||||
objectName: init
|
||||
defaultMode: "0777"
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /secrets/ini
|
||||
1-init-directories:
|
||||
mountPath: "/usr/sbin"
|
||||
2-configure-gitea:
|
||||
mountPath: "/usr/sbin"
|
||||
{{- end -}}
|
||||
|
||||
{{/* Append the general secret volumes to the volumes */}}
|
||||
{{- define "gitea.configvolume" -}}
|
||||
enabled: "true"
|
||||
mountPath: "/secrets/config"
|
||||
enabled: true
|
||||
readOnly: true
|
||||
type: "custom"
|
||||
volumeSpec:
|
||||
secret:
|
||||
secretName: {{ include "tc.common.names.fullname" . }}
|
||||
type: secret
|
||||
objectName: secret
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
mountPath: /secrets/config
|
||||
1-init-directories:
|
||||
mountPath: /etc/gitea/conf
|
||||
{{- end -}}
|
||||
|
||||
{{- $_ := set .Values.persistence "init" (include "gitea.initvolume" . | fromYaml) -}}
|
||||
@@ -35,4 +49,4 @@ volumeSpec:
|
||||
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.common.loader.apply" . }}
|
||||
{{ include "tc.v1.common.loader.apply" . }}
|
||||
|
||||
@@ -2,12 +2,6 @@ image:
|
||||
repository: tccr.io/truecharts/gitea
|
||||
tag: 1.18.5@sha256:722c1aa3d962d7cdbec55a8016b33197468ea59a08e89650b33d6410973df944
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
@@ -22,73 +16,27 @@ service:
|
||||
port: 2222
|
||||
targetPort: 2222
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: gitea-env
|
||||
|
||||
initContainers:
|
||||
1-init-directories:
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
command: ["/usr/sbin/init_directory_structure.sh"]
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsNonRoot: false
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: gitea-env
|
||||
volumeMounts:
|
||||
- name: init
|
||||
mountPath: "/usr/sbin"
|
||||
- name: temp
|
||||
mountPath: "/tmp"
|
||||
- name: config
|
||||
mountPath: "/etc/gitea/conf"
|
||||
- name: data
|
||||
mountPath: "/data"
|
||||
2-configure-gitea:
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
command: ["/usr/sbin/configure_gitea.sh"]
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: gitea-env
|
||||
volumeMounts:
|
||||
- name: init
|
||||
mountPath: "/usr/sbin"
|
||||
- name: temp
|
||||
mountPath: "/tmp"
|
||||
- name: data
|
||||
mountPath: "/data"
|
||||
|
||||
persistence:
|
||||
data:
|
||||
enabled: true
|
||||
mountPath: "/data"
|
||||
temp:
|
||||
enabled: true
|
||||
mountPath: "/tmp"
|
||||
type: emptyDir
|
||||
targetSelectAll: true
|
||||
varlib:
|
||||
enabled: true
|
||||
mountPath: "/var/lib/gitea"
|
||||
type: emptyDir
|
||||
|
||||
# Configure commit/action signing prerequisites
|
||||
signing:
|
||||
enabled: true
|
||||
gpgHome: /data/git/.gnupg
|
||||
|
||||
admin:
|
||||
username: giteaadmin
|
||||
password: r8sA8CPHD9!bt6d
|
||||
email: "gitea@local.domain"
|
||||
|
||||
metrics:
|
||||
enabled: false
|
||||
serviceMonitor:
|
||||
enabled: false
|
||||
# additionalLabels:
|
||||
# prometheus-release: prom1
|
||||
|
||||
main:
|
||||
enabled: true
|
||||
type: "servicemonitor"
|
||||
ldap:
|
||||
enabled: false
|
||||
# name:
|
||||
@@ -103,7 +51,6 @@ ldap:
|
||||
# bindPassword:
|
||||
# usernameAttribute:
|
||||
# sshPublicKeyAttribute:
|
||||
|
||||
oauth:
|
||||
enabled: false
|
||||
# name:
|
||||
@@ -116,30 +63,67 @@ oauth:
|
||||
# customTokenUrl:
|
||||
# customProfileUrl:
|
||||
# customEmailUrl:
|
||||
|
||||
config:
|
||||
APP_NAME: "Gitea: Git with a cup of tea"
|
||||
RUN_MODE: dev
|
||||
ALLOWED_HOST_LIST: "127.0.0.1"
|
||||
nodeIP: 127.0.0.1
|
||||
|
||||
customConfig:
|
||||
[]
|
||||
# - name: test
|
||||
# keys:
|
||||
# - name: testkey
|
||||
# value: testvalue
|
||||
customConfig: []
|
||||
# - name: test
|
||||
# keys:
|
||||
# - name: testkey
|
||||
# value: testvalue
|
||||
|
||||
# Enabled postgres
|
||||
postgresql:
|
||||
enabled: true
|
||||
existingSecret: "dbcreds"
|
||||
postgresqlUsername: gitea
|
||||
postgresqlDatabase: gitea
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
|
||||
user: gitea
|
||||
database: gitea
|
||||
# -- memcached dependency settings
|
||||
memcached:
|
||||
enabled: true
|
||||
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: true
|
||||
securityContext:
|
||||
container:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
initContainers:
|
||||
1-init-directories:
|
||||
enabled: true
|
||||
imageSelector: image
|
||||
type: init
|
||||
command: ["/usr/sbin/init_directory_structure.sh"]
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsNonRoot: false
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: gitea-env
|
||||
2-configure-gitea:
|
||||
enabled: true
|
||||
imageSelector: image
|
||||
type: init
|
||||
command: ["/usr/sbin/configure_gitea.sh"]
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: gitea-env
|
||||
containers:
|
||||
main:
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
startup:
|
||||
type: tcp
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: gitea-env
|
||||
|
||||
@@ -3,7 +3,7 @@ appVersion: "23.02.1"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
version: 12.6.1
|
||||
deprecated: false
|
||||
description: HandBrake is a tool for converting video from nearly any format to a selection of modern, widely supported codecs.
|
||||
home: https://truecharts.org/charts/stable/handbrake
|
||||
@@ -23,9 +23,8 @@ sources:
|
||||
- https://github.com/jlesage/docker-handbrake
|
||||
- https://handbrake.fr/
|
||||
type: application
|
||||
version: 15.0.10
|
||||
version: 16.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -11,23 +11,23 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: VNC_PASSWORD
|
||||
label: "VNC_PASSWORD"
|
||||
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
- variable: secretEnv
|
||||
group: "App Configuration"
|
||||
label: "Image Secrets"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: VNC_PASSWORD
|
||||
label: "VNC_PASSWORD"
|
||||
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: handbrake
|
||||
group: "App Configuration"
|
||||
label: "HandBrake Configuration"
|
||||
@@ -110,7 +110,9 @@ questions:
|
||||
type: string
|
||||
default: "ignore"
|
||||
required: true
|
||||
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
@@ -205,12 +207,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1 +1 @@
|
||||
{{ include "tc.common.loader.all" . }}
|
||||
{{ include "tc.v1.common.loader.all" . }}
|
||||
|
||||
@@ -2,15 +2,6 @@ image:
|
||||
repository: tccr.io/truecharts/handbrake
|
||||
tag: 23.02.1@sha256:6c3b2acce5d7750fe4831d181ff9fc3dbf1c5663944778193477d51f9725f060
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
@@ -24,14 +15,6 @@ service:
|
||||
enabled: true
|
||||
port: 10055
|
||||
targetPort: 5900
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: '{{ include "tc.common.names.fullname" . }}-handbrake'
|
||||
|
||||
secretEnv:
|
||||
VNC_PASSWORD: ""
|
||||
|
||||
handbrake:
|
||||
KEEP_APP_RUNNING: false
|
||||
DISPLAY_WIDTH: 1280
|
||||
@@ -42,7 +25,6 @@ handbrake:
|
||||
AUTOMATED_CONVERSION_FORMAT: "mp4"
|
||||
AUTOMATED_CONVERSION_KEEP_SOURCE: true
|
||||
AUTOMATED_CONVERSION_NON_VIDEO_FILE_ACTION: "ignore"
|
||||
|
||||
configmap:
|
||||
handbrake:
|
||||
enabled: true
|
||||
@@ -56,7 +38,6 @@ configmap:
|
||||
AUTOMATED_CONVERSION_PRESET: "{{ .Values.handbrake.AUTOMATED_CONVERSION_PRESET }}"
|
||||
AUTOMATED_CONVERSION_FORMAT: "{{ .Values.handbrake.AUTOMATED_CONVERSION_FORMAT }}"
|
||||
AUTOMATED_CONVERSION_NON_VIDEO_FILE_ACTION: "{{ .Values.handbrake.AUTOMATED_CONVERSION_NON_VIDEO_FILE_ACTION }}"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
@@ -67,6 +48,34 @@ persistence:
|
||||
output:
|
||||
enabled: true
|
||||
mountPath: "/output"
|
||||
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: true
|
||||
securityContext:
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
- KILL
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
startup:
|
||||
type: tcp
|
||||
env:
|
||||
VNC_PASSWORD: ""
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "handbrake"
|
||||
|
||||
@@ -3,7 +3,7 @@ appVersion: "23.02.2"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
version: 12.6.1
|
||||
deprecated: false
|
||||
description: JDownloader is a free, open-source download management tool with a huge community of developers that makes downloading as easy and fast as it should be.
|
||||
home: https://truecharts.org/charts/stable/jdownloader2
|
||||
@@ -22,9 +22,8 @@ sources:
|
||||
- https://github.com/jlesage/docker-jdownloader-2
|
||||
- https://jdownloader.org/
|
||||
type: application
|
||||
version: 10.0.15
|
||||
version: 11.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- downloads
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -11,23 +11,23 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: VNC_PASSWORD
|
||||
label: "VNC_PASSWORD"
|
||||
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: "REPLACETHIS"
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
- variable: secretEnv
|
||||
group: "App Configuration"
|
||||
label: "Image Secrets"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: VNC_PASSWORD
|
||||
label: "VNC_PASSWORD"
|
||||
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: "REPLACETHIS"
|
||||
- variable: jdownloader
|
||||
group: "App Configuration"
|
||||
label: "jDownloader2 Configuration"
|
||||
@@ -75,7 +75,9 @@ questions:
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
@@ -184,12 +186,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1 +1 @@
|
||||
{{ include "tc.common.loader.all" . }}
|
||||
{{ include "tc.v1.common.loader.all" . }}
|
||||
|
||||
@@ -2,15 +2,6 @@ image:
|
||||
repository: tccr.io/truecharts/jdownloader-2
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 23.02.2@sha256:67a8592a99de8921bdaca4d4c6660ad2c44d599ee5156d7da93d93668928d05d
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
@@ -31,14 +22,6 @@ service:
|
||||
enabled: true
|
||||
port: 10056
|
||||
targetPort: 5900
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: '{{ include "tc.common.names.fullname" . }}-jdownloader'
|
||||
|
||||
secretEnv:
|
||||
VNC_PASSWORD: ""
|
||||
|
||||
jdownloader:
|
||||
# General Settings
|
||||
KEEP_APP_RUNNING: false
|
||||
@@ -47,7 +30,6 @@ jdownloader:
|
||||
DISPLAY_HEIGHT: 768
|
||||
SECURE_CONNECTION: false
|
||||
ENABLE_CJK_FONT: false
|
||||
|
||||
configmap:
|
||||
jdownloader:
|
||||
enabled: true
|
||||
@@ -57,7 +39,6 @@ configmap:
|
||||
SECURE_CONNECTION: '{{ ternary "1" "0" .Values.jdownloader.SECURE_CONNECTION }}'
|
||||
DISPLAY_WIDTH: "{{ .Values.jdownloader.DISPLAY_WIDTH }}"
|
||||
DISPLAY_HEIGHT: "{{ .Values.jdownloader.DISPLAY_HEIGHT }}"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
@@ -65,6 +46,34 @@ persistence:
|
||||
output:
|
||||
enabled: true
|
||||
mountPath: "/output"
|
||||
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: true
|
||||
securityContext:
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
- KILL
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
startup:
|
||||
type: tcp
|
||||
env:
|
||||
VNC_PASSWORD: ""
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "jdownloader"
|
||||
|
||||
@@ -3,7 +3,7 @@ appVersion: "2.1.0"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
version: 12.6.1
|
||||
description: ntfy is a simple HTTP-based pub-sub notification service. It allows you to send notifications to your phone or desktop via scripts from any computer.
|
||||
home: https://truecharts.org/charts/stable/ntfy
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/ntfy.png
|
||||
@@ -18,9 +18,8 @@ name: ntfy
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/ntfy
|
||||
- https://github.com/binwiederhier/ntfy/
|
||||
version: 4.0.14
|
||||
version: 5.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
+238
-236
@@ -11,239 +11,241 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: NTFY_BASE_URL
|
||||
label: "Base URL"
|
||||
description: "Public facing base URL of the service (e.g. https://ntfy.sh)"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: NTFY_BEHIND_PROXY
|
||||
label: "Behind Proxy"
|
||||
description: "If set, the X-Forwarded-For header is used to determine the visitor IP address instead of the remote address of the connection."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: ENABLE_CACHE_FILE
|
||||
label: "Enable Firebase File"
|
||||
description: "If set to true, it enables the firebase file by setting the NTFY_FIREBASE_KEY_FILE to \"/etc/ntfy/firebase-key.json\""
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: ENABLE_CACHE_FILE
|
||||
label: "Enable Cache File"
|
||||
description: "If set to true, it enables the cache file by setting the NTFY_CACHE_FILE to \"/var/cache/ntfy/cache.db\""
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: NTFY_CACHE_DURATION
|
||||
label: "Cache Duration"
|
||||
description: "Duration for which messages will be buffered before they are deleted. This is required to support the since=... and poll=1 parameter. Set this to 0 to disable the cache entirely."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "12h"
|
||||
- variable: NTFY_KEEPALIVE_INTERVAL
|
||||
label: "Keepalive interval"
|
||||
description: "Interval in which keepalive messages are sent to the client. This is to prevent intermediaries closing the connection for inactivity. Note that the Android app has a hardcoded timeout at 77s, so it should be less than that."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "45s"
|
||||
- variable: NTFY_MANAGER_INTERVAL
|
||||
label: "Manager Interval"
|
||||
description: "Interval in which the manager prunes old messages, deletes topics and prints the stats."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "1m"
|
||||
- variable: NTFY_GLOBAL_TOPIC_LIMIT
|
||||
label: "Global Topic Limit"
|
||||
description: "Rate limiting: Total number of topics before the server rejects new topics."
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 15000
|
||||
- variable: ENABLE_VISITOR_SETTINGS
|
||||
label: "Enable Visitor Settings"
|
||||
description: "If set to true, it enables the visitor settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: NTFY_VISITOR_SUBSCRIPTION_LIMIT
|
||||
label: "Visitor Ssubscription Limit"
|
||||
description: "Rate limiting: Number of subscriptions per visitor (IP address)"
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 30
|
||||
- variable: NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT
|
||||
label: "Visitor Attachment Total Size Limit"
|
||||
description: "Rate limiting: Total storage limit used for attachments per visitor, for all attachments combined. Storage is freed after attachments expire. See NTFY_ATTACHMENT_EXPIRY_DURATION"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "100M"
|
||||
- variable: NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT
|
||||
label: "Visitor Attachment Daily Bandwidth Limit"
|
||||
description: "Rate limiting: Total daily attachment download/upload traffic limit per visitor. This is to protect your bandwidth costs from exploding."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "500M"
|
||||
- variable: NTFY_VISITOR_REQUEST_LIMIT_BURST
|
||||
label: "Visitor Request Limit Burst"
|
||||
description: "Rate limiting: Allowed GET/PUT/POST requests per second, per visitor. This setting is the initial bucket of requests each visitor has"
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 60
|
||||
- variable: NTFY_VISITOR_REQUEST_LIMIT_REPLENISH
|
||||
label: "Visitor Request Limit Replenish"
|
||||
description: "Rate limiting: Strongly related to NTFY_VISITOR_REQUEST_LIMIT_BURST: The rate at which the bucket is refilled."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "5s"
|
||||
- variable: NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS
|
||||
label: "Visitor Request Limit Exempt Hosts"
|
||||
description: "Rate limiting: List of hostnames and IPs to be exempt from request rate limiting."
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: NTFY_VISITOR_EMAIL_LIMIT_BURST
|
||||
label: "Visitor Email Limit Burst"
|
||||
description: "Rate limiting:Initial limit of e-mails per visitor"
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 16
|
||||
- variable: NTFY_VISITOR_EMAIL_LIMIT_REPLENISH
|
||||
label: "Visitor Email Limit Replenish"
|
||||
description: "Rate limiting: Strongly related to NTFY_VISITOR_EMAIL_LIMIT_BURST: The rate at which the bucket is refilled."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "1h"
|
||||
- variable: ENABLE_ATTACHMENT_CACHE_DIR
|
||||
label: "Enable Attachment Cache Directory"
|
||||
description: "If set to true, it enables the attachment dir by setting the NTFY_ATTACHMENT_CACHE_DIR to \"/var/cache/ntfy/attachments\""
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT
|
||||
label: "Attachment Total Size Limit"
|
||||
description: "Limit of the on-disk attachment cache directory. If the limits is exceeded, new attachments will be rejected."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "5G"
|
||||
- variable: NTFY_ATTACHMENT_FILE_SIZE_LIMIT
|
||||
label: "Attachment File Size Limit"
|
||||
description: "Per-file attachment size limit (e.g. 300k, 2M, 100M). Larger attachment will be rejected."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "15M"
|
||||
- variable: NTFY_ATTACHMENT_EXPIRY_DURATION
|
||||
label: "Attachment Expiry Duration"
|
||||
description: "Duration after which uploaded attachments will be deleted (e.g. 3h, 20h). Strongly affects NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "3h"
|
||||
- variable: ENABLE_AUTH_FILE
|
||||
label: "Enable Auth File"
|
||||
description: "If set to true, it enables the auth file by setting the NTFY_AUTH_FILE to \"/etc/ntfy/user.db\""
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: NTFY_AUTH_DEFAULT_ACCESS
|
||||
label: "Auth Default Access"
|
||||
description: "Default permissions if no matching entries in the auth database are found."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "read-write"
|
||||
enum:
|
||||
- value: "read-write"
|
||||
description: "read-write"
|
||||
- value: "read-only"
|
||||
description: "read-only"
|
||||
- value: "write-only"
|
||||
description: "write-only"
|
||||
- value: "deny-all"
|
||||
description: "deny-all"
|
||||
- variable: ENABLE_SMTP_SETTINGS
|
||||
label: "Enable SMTP Settings"
|
||||
description: "If set to true, it enables the SMTP settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: NTFY_SMTP_SENDER_ADDR
|
||||
label: "SMTP Sender Address"
|
||||
description: "SMTP server address to allow email sending"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: NTFY_SMTP_SENDER_USER
|
||||
label: "SMTP Sender User"
|
||||
description: "SMTP user. Only used if e-mail sending is enabled"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: NTFY_SMTP_SENDER_PASS
|
||||
label: "SMTP Sender Password"
|
||||
description: SMTP password. Only used if e-mail sending is enabled"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: NTFY_SMTP_SENDER_FROM
|
||||
label: "SMTP Sender From Address"
|
||||
description: "SMTP sender e-mail address. Only used if e-mail sending is enabled"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: NTFY_SMTP_SERVER_LISTEN
|
||||
label: "SMTP Server Listen"
|
||||
description: "Defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: NTFY_SMTP_SERVER_DOMAIN
|
||||
label: "SMTP Server Domain"
|
||||
description: "SMTP server e-mail domain, e.g. ntfy.sh"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: NTFY_SMTP_SERVER_ADDR_PREFIX
|
||||
label: "SMTP Server Address Prefix"
|
||||
description: "Optional prefix for the e-mail addresses to prevent spam, e.g. ntfy-"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: NTFY_BASE_URL
|
||||
label: "Base URL"
|
||||
description: "Public facing base URL of the service (e.g. https://ntfy.sh)"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: NTFY_BEHIND_PROXY
|
||||
label: "Behind Proxy"
|
||||
description: "If set, the X-Forwarded-For header is used to determine the visitor IP address instead of the remote address of the connection."
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: ENABLE_CACHE_FILE
|
||||
label: "Enable Firebase File"
|
||||
description: "If set to true, it enables the firebase file by setting the NTFY_FIREBASE_KEY_FILE to \"/etc/ntfy/firebase-key.json\""
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: ENABLE_CACHE_FILE
|
||||
label: "Enable Cache File"
|
||||
description: "If set to true, it enables the cache file by setting the NTFY_CACHE_FILE to \"/var/cache/ntfy/cache.db\""
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: NTFY_CACHE_DURATION
|
||||
label: "Cache Duration"
|
||||
description: "Duration for which messages will be buffered before they are deleted. This is required to support the since=... and poll=1 parameter. Set this to 0 to disable the cache entirely."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "12h"
|
||||
- variable: NTFY_KEEPALIVE_INTERVAL
|
||||
label: "Keepalive interval"
|
||||
description: "Interval in which keepalive messages are sent to the client. This is to prevent intermediaries closing the connection for inactivity. Note that the Android app has a hardcoded timeout at 77s, so it should be less than that."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "45s"
|
||||
- variable: NTFY_MANAGER_INTERVAL
|
||||
label: "Manager Interval"
|
||||
description: "Interval in which the manager prunes old messages, deletes topics and prints the stats."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "1m"
|
||||
- variable: NTFY_GLOBAL_TOPIC_LIMIT
|
||||
label: "Global Topic Limit"
|
||||
description: "Rate limiting: Total number of topics before the server rejects new topics."
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 15000
|
||||
- variable: ENABLE_VISITOR_SETTINGS
|
||||
label: "Enable Visitor Settings"
|
||||
description: "If set to true, it enables the visitor settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: NTFY_VISITOR_SUBSCRIPTION_LIMIT
|
||||
label: "Visitor Ssubscription Limit"
|
||||
description: "Rate limiting: Number of subscriptions per visitor (IP address)"
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 30
|
||||
- variable: NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT
|
||||
label: "Visitor Attachment Total Size Limit"
|
||||
description: "Rate limiting: Total storage limit used for attachments per visitor, for all attachments combined. Storage is freed after attachments expire. See NTFY_ATTACHMENT_EXPIRY_DURATION"
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "100M"
|
||||
- variable: NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT
|
||||
label: "Visitor Attachment Daily Bandwidth Limit"
|
||||
description: "Rate limiting: Total daily attachment download/upload traffic limit per visitor. This is to protect your bandwidth costs from exploding."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "500M"
|
||||
- variable: NTFY_VISITOR_REQUEST_LIMIT_BURST
|
||||
label: "Visitor Request Limit Burst"
|
||||
description: "Rate limiting: Allowed GET/PUT/POST requests per second, per visitor. This setting is the initial bucket of requests each visitor has"
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 60
|
||||
- variable: NTFY_VISITOR_REQUEST_LIMIT_REPLENISH
|
||||
label: "Visitor Request Limit Replenish"
|
||||
description: "Rate limiting: Strongly related to NTFY_VISITOR_REQUEST_LIMIT_BURST: The rate at which the bucket is refilled."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "5s"
|
||||
- variable: NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS
|
||||
label: "Visitor Request Limit Exempt Hosts"
|
||||
description: "Rate limiting: List of hostnames and IPs to be exempt from request rate limiting."
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: NTFY_VISITOR_EMAIL_LIMIT_BURST
|
||||
label: "Visitor Email Limit Burst"
|
||||
description: "Rate limiting:Initial limit of e-mails per visitor"
|
||||
schema:
|
||||
type: int
|
||||
required: true
|
||||
default: 16
|
||||
- variable: NTFY_VISITOR_EMAIL_LIMIT_REPLENISH
|
||||
label: "Visitor Email Limit Replenish"
|
||||
description: "Rate limiting: Strongly related to NTFY_VISITOR_EMAIL_LIMIT_BURST: The rate at which the bucket is refilled."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "1h"
|
||||
- variable: ENABLE_ATTACHMENT_CACHE_DIR
|
||||
label: "Enable Attachment Cache Directory"
|
||||
description: "If set to true, it enables the attachment dir by setting the NTFY_ATTACHMENT_CACHE_DIR to \"/var/cache/ntfy/attachments\""
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT
|
||||
label: "Attachment Total Size Limit"
|
||||
description: "Limit of the on-disk attachment cache directory. If the limits is exceeded, new attachments will be rejected."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "5G"
|
||||
- variable: NTFY_ATTACHMENT_FILE_SIZE_LIMIT
|
||||
label: "Attachment File Size Limit"
|
||||
description: "Per-file attachment size limit (e.g. 300k, 2M, 100M). Larger attachment will be rejected."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "15M"
|
||||
- variable: NTFY_ATTACHMENT_EXPIRY_DURATION
|
||||
label: "Attachment Expiry Duration"
|
||||
description: "Duration after which uploaded attachments will be deleted (e.g. 3h, 20h). Strongly affects NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "3h"
|
||||
- variable: ENABLE_AUTH_FILE
|
||||
label: "Enable Auth File"
|
||||
description: "If set to true, it enables the auth file by setting the NTFY_AUTH_FILE to \"/etc/ntfy/user.db\""
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: NTFY_AUTH_DEFAULT_ACCESS
|
||||
label: "Auth Default Access"
|
||||
description: "Default permissions if no matching entries in the auth database are found."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: "read-write"
|
||||
enum:
|
||||
- value: "read-write"
|
||||
description: "read-write"
|
||||
- value: "read-only"
|
||||
description: "read-only"
|
||||
- value: "write-only"
|
||||
description: "write-only"
|
||||
- value: "deny-all"
|
||||
description: "deny-all"
|
||||
- variable: ENABLE_SMTP_SETTINGS
|
||||
label: "Enable SMTP Settings"
|
||||
description: "If set to true, it enables the SMTP settings"
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: NTFY_SMTP_SENDER_ADDR
|
||||
label: "SMTP Sender Address"
|
||||
description: "SMTP server address to allow email sending"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: NTFY_SMTP_SENDER_USER
|
||||
label: "SMTP Sender User"
|
||||
description: "SMTP user. Only used if e-mail sending is enabled"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: NTFY_SMTP_SENDER_PASS
|
||||
label: "SMTP Sender Password"
|
||||
description: SMTP password. Only used if e-mail sending is enabled"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: NTFY_SMTP_SENDER_FROM
|
||||
label: "SMTP Sender From Address"
|
||||
description: "SMTP sender e-mail address. Only used if e-mail sending is enabled"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: NTFY_SMTP_SERVER_LISTEN
|
||||
label: "SMTP Server Listen"
|
||||
description: "Defines the IP address and port the SMTP server will listen on, e.g. :25 or 1.2.3.4:25"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: NTFY_SMTP_SERVER_DOMAIN
|
||||
label: "SMTP Server Domain"
|
||||
description: "SMTP server e-mail domain, e.g. ntfy.sh"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: NTFY_SMTP_SERVER_ADDR_PREFIX
|
||||
label: "SMTP Server Address Prefix"
|
||||
description: "Optional prefix for the e-mail addresses to prevent spam, e.g. ntfy-"
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
@@ -308,12 +310,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1 +1 @@
|
||||
{{ include "tc.common.loader.all" . }}
|
||||
{{ include "tc.v1.common.loader.all" . }}
|
||||
|
||||
@@ -2,52 +2,11 @@ image:
|
||||
repository: tccr.io/truecharts/ntfy
|
||||
tag: 2.1.0@sha256:ccbaacb4ca95fd61ea5b4ac18615a80ccc5ebae7f0a46115d020879e1fdb929e
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
extraArgs: ["serve"]
|
||||
|
||||
env:
|
||||
NTFY_LISTEN_HTTP: ":{{ .Values.service.main.ports.main.port }}"
|
||||
# User Defined
|
||||
NTFY_BASE_URL: "http://localhost:10222"
|
||||
NTFY_BEHIND_PROXY: false
|
||||
ENABLE_FIREBASE_FILE: false
|
||||
ENABLE_CACHE_FILE: false
|
||||
ENABLE_ATTACHMENT_CACHE_DIR: false
|
||||
ENABLE_AUTH_FILE: false
|
||||
# NTFY_CACHE_DURATION: "12h"
|
||||
# NTFY_KEEPALIVE_INTERVAL: "45s"
|
||||
# NTFY_MANAGER_INTERVAL: "1m"
|
||||
# NTFY_GLOBAL_TOPIC_LIMIT: 15000
|
||||
# NTFY_VISITOR_SUBSCRIPTION_LIMIT: 30
|
||||
# NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT: "100M"
|
||||
# NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT: "500M"
|
||||
# NTFY_VISITOR_REQUEST_LIMIT_BURST: 60
|
||||
# NTFY_VISITOR_REQUEST_LIMIT_REPLENISH: "5s"
|
||||
# NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS: ""
|
||||
# NTFY_VISITOR_EMAIL_LIMIT_BURST: 16
|
||||
# NTFY_VISITOR_EMAIL_LIMIT_REPLENISH: "1h"
|
||||
# NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT: "5G"
|
||||
# NTFY_ATTACHMENT_FILE_SIZE_LIMIT: "15M"
|
||||
# NTFY_ATTACHMENT_EXPIRY_DURATION: "3h"
|
||||
# NTFY_AUTH_DEFAULT_ACCESS: "read-write"
|
||||
# NTFY_SMTP_SENDER_ADDR: ""
|
||||
# NTFY_SMTP_SENDER_USER: ""
|
||||
# NTFY_SMTP_SENDER_PASS: ""
|
||||
# NTFY_SMTP_SENDER_FROM: ""
|
||||
# NTFY_SMTP_SERVER_LISTEN: ""
|
||||
# NTFY_SMTP_SERVER_DOMAIN: ""
|
||||
# NTFY_SMTP_SERVER_ADDR_PREFIX: ""
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: '{{ include "tc.common.names.fullname" . }}-ntfy'
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 10222
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
@@ -55,16 +14,64 @@ persistence:
|
||||
cache:
|
||||
enabled: true
|
||||
mountPath: "/var/cache/ntfy"
|
||||
|
||||
configmap:
|
||||
ntfy:
|
||||
enabled: true
|
||||
data:
|
||||
# If a path is set, it enables this options. To disable set to emtpy path
|
||||
NTFY_ATTACHMENT_CACHE_DIR: '{{ ternary "/var/cache/ntfy/attachments" "" .Values.env.ENABLE_ATTACHMENT_CACHE_DIR }}'
|
||||
NTFY_CACHE_FILE: '{{ ternary "/var/cache/ntfy/cache.db" "" .Values.env.ENABLE_CACHE_FILE }}'
|
||||
NTFY_AUTH_FILE: '{{ ternary "/etc/ntfy/user.db" "" .Values.env.ENABLE_AUTH_FILE }}'
|
||||
NTFY_FIREBASE_KEY_FILE: '{{ ternary "/etc/ntfy/firebase-key.json" "" .Values.env.ENABLE_FIREBASE_FILE }}'
|
||||
|
||||
# If a path is set, it enables this options. To disable set to empty path
|
||||
NTFY_ATTACHMENT_CACHE_DIR: '{{ ternary "/var/cache/ntfy/attachments" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_ATTACHMENT_CACHE_DIR }}'
|
||||
NTFY_CACHE_FILE: '{{ ternary "/var/cache/ntfy/cache.db" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_CACHE_FILE }}'
|
||||
NTFY_AUTH_FILE: '{{ ternary "/etc/ntfy/user.db" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_AUTH_FILE }}'
|
||||
NTFY_FIREBASE_KEY_FILE: '{{ ternary "/etc/ntfy/firebase-key.json" "" .Values.workload.main.podSpec.containers.main.env.ENABLE_FIREBASE_FILE }}'
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: true
|
||||
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
startup:
|
||||
type: tcp
|
||||
args: ["serve"]
|
||||
env:
|
||||
NTFY_LISTEN_HTTP: ":{{ .Values.service.main.ports.main.port }}"
|
||||
# User Defined
|
||||
NTFY_BASE_URL: "http://localhost:10222"
|
||||
NTFY_BEHIND_PROXY: false
|
||||
ENABLE_FIREBASE_FILE: false
|
||||
ENABLE_CACHE_FILE: false
|
||||
ENABLE_ATTACHMENT_CACHE_DIR: false
|
||||
ENABLE_AUTH_FILE: false
|
||||
# NTFY_CACHE_DURATION: "12h"
|
||||
# NTFY_KEEPALIVE_INTERVAL: "45s"
|
||||
# NTFY_MANAGER_INTERVAL: "1m"
|
||||
# NTFY_GLOBAL_TOPIC_LIMIT: 15000
|
||||
# NTFY_VISITOR_SUBSCRIPTION_LIMIT: 30
|
||||
# NTFY_VISITOR_ATTACHMENT_TOTAL_SIZE_LIMIT: "100M"
|
||||
# NTFY_VISITOR_ATTACHMENT_DAILY_BANDWIDTH_LIMIT: "500M"
|
||||
# NTFY_VISITOR_REQUEST_LIMIT_BURST: 60
|
||||
# NTFY_VISITOR_REQUEST_LIMIT_REPLENISH: "5s"
|
||||
# NTFY_VISITOR_REQUEST_LIMIT_EXEMPT_HOSTS: ""
|
||||
# NTFY_VISITOR_EMAIL_LIMIT_BURST: 16
|
||||
# NTFY_VISITOR_EMAIL_LIMIT_REPLENISH: "1h"
|
||||
# NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT: "5G"
|
||||
# NTFY_ATTACHMENT_FILE_SIZE_LIMIT: "15M"
|
||||
# NTFY_ATTACHMENT_EXPIRY_DURATION: "3h"
|
||||
# NTFY_AUTH_DEFAULT_ACCESS: "read-write"
|
||||
# NTFY_SMTP_SENDER_ADDR: ""
|
||||
# NTFY_SMTP_SENDER_USER: ""
|
||||
# NTFY_SMTP_SENDER_PASS: ""
|
||||
# NTFY_SMTP_SENDER_FROM: ""
|
||||
# NTFY_SMTP_SERVER_LISTEN: ""
|
||||
# NTFY_SMTP_SERVER_DOMAIN: ""
|
||||
# NTFY_SMTP_SERVER_ADDR_PREFIX: ""
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "ntfy"
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
apiVersion: v2
|
||||
appVersion: "3.4.3"
|
||||
appVersion: "3.4.2"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
version: 12.6.1
|
||||
deprecated: false
|
||||
description: OpenHab is a home-automation application
|
||||
home: https://truecharts.org/charts/stable/openhab
|
||||
@@ -19,10 +19,9 @@ name: openhab
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/openhab
|
||||
type: application
|
||||
version: 4.0.13
|
||||
version: 5.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
- test
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -10,10 +10,12 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
@@ -108,12 +110,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1,5 +1,5 @@
|
||||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.common.loader.init" . }}
|
||||
{{- include "tc.v1.common.loader.init" . }}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.common.loader.apply" . }}
|
||||
{{ include "tc.v1.common.loader.apply" . }}
|
||||
|
||||
@@ -1,22 +1,20 @@
|
||||
image:
|
||||
repository: tccr.io/truecharts/openhab
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 3.4.3@sha256:d0aa6f705e7491678210ce7819b1ca0a9a77555c94bcf7ad931e0b70f5ac6e90
|
||||
|
||||
tag: 3.4.2@sha256:bb3fdf98084426d18ff82b3e576a93c88570e9b037066db5b25fd9d661aaf3d1
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
protocol: HTTP
|
||||
protocol: http
|
||||
port: 10169
|
||||
https:
|
||||
enabled: true
|
||||
ports:
|
||||
https:
|
||||
protocol: HTTPS
|
||||
protocol: https
|
||||
enabled: true
|
||||
port: 10170
|
||||
|
||||
configmap:
|
||||
init:
|
||||
enabled: true
|
||||
@@ -24,19 +22,6 @@ configmap:
|
||||
enable-console-logging.sh: |
|
||||
echo 'Enabling console logging.'
|
||||
sed -i -E 's|(<AppenderRef ref="OSGI"/>).*|\1<AppenderRef ref="STDOUT"/>|' /openhab/userdata/etc/log4j2.xml
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
env:
|
||||
OPENHAB_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
|
||||
OPENHAB_HTTPS_PORT: "{{ .Values.service.https.ports.https.port }}"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
@@ -51,10 +36,29 @@ persistence:
|
||||
enabled: true
|
||||
mountPath: /etc/cont-init.d/enable-console-logging.sh
|
||||
subPath: enable-console-logging.sh
|
||||
type: custom
|
||||
volumeSpec:
|
||||
configMap:
|
||||
name: '{{ printf "%v-init" (include "tc.common.names.fullname" .) }}'
|
||||
|
||||
type: configmap
|
||||
objectName: init
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: true
|
||||
securityContext:
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
startup:
|
||||
type: tcp
|
||||
env:
|
||||
OPENHAB_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
|
||||
OPENHAB_HTTPS_PORT: "{{ .Values.service.https.ports.https.port }}"
|
||||
|
||||
@@ -3,7 +3,7 @@ appVersion: "23.02.2"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
version: 12.6.1
|
||||
deprecated: false
|
||||
description: PuTTY is a free and open-source terminal emulator, serial console and network file transfer application.
|
||||
home: https://truecharts.org/charts/stable/putty
|
||||
@@ -21,9 +21,8 @@ sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/putty
|
||||
- https://github.com/jlesage/docker-putty
|
||||
type: application
|
||||
version: 3.0.12
|
||||
version: 4.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- utilities
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -11,23 +11,24 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: VNC_PASSWORD
|
||||
label: "VNC_PASSWORD"
|
||||
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
- variable: secretEnv
|
||||
group: "App Configuration"
|
||||
label: "Image Secrets"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: VNC_PASSWORD
|
||||
label: "VNC_PASSWORD"
|
||||
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: putty
|
||||
group: "App Configuration"
|
||||
label: "PuTTY Configuration"
|
||||
@@ -81,7 +82,9 @@ questions:
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
@@ -160,12 +163,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1 +1 @@
|
||||
{{ include "tc.common.loader.all" . }}
|
||||
{{ include "tc.v1.common.loader.all" . }}
|
||||
|
||||
@@ -2,15 +2,6 @@ image:
|
||||
repository: tccr.io/truecharts/putty
|
||||
tag: 23.02.2@sha256:4bec4d770722ee284dcb7db8250768a62d72a5f29c54ed547458c2450f0676a5
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
@@ -24,14 +15,6 @@ service:
|
||||
enabled: true
|
||||
port: 10267
|
||||
targetPort: 5900
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: '{{ include "tc.common.names.fullname" . }}-putty'
|
||||
|
||||
secretEnv:
|
||||
VNC_PASSWORD: ""
|
||||
|
||||
putty:
|
||||
KEEP_APP_RUNNING: false
|
||||
DISPLAY_WIDTH: 1280
|
||||
@@ -39,7 +22,6 @@ putty:
|
||||
SECURE_CONNECTION: false
|
||||
DISABLE_RESTART_SESSION_DIALOG_WINDOW: false
|
||||
ENABLE_CJK_FONT: false
|
||||
|
||||
configmap:
|
||||
putty:
|
||||
enabled: true
|
||||
@@ -50,11 +32,38 @@ configmap:
|
||||
DISABLE_RESTART_SESSION_DIALOG_WINDOW: '{{ ternary "1" "0" .Values.putty.DISABLE_RESTART_SESSION_DIALOG_WINDOW }}'
|
||||
DISPLAY_WIDTH: "{{ .Values.putty.DISPLAY_WIDTH }}"
|
||||
DISPLAY_HEIGHT: "{{ .Values.putty.DISPLAY_HEIGHT }}"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
mountPath: "/config"
|
||||
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: true
|
||||
securityContext:
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
- KILL
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
startup:
|
||||
type: tcp
|
||||
env:
|
||||
VNC_PASSWORD: ""
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "putty"
|
||||
|
||||
@@ -3,7 +3,7 @@ appVersion: "23.02.2"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
version: 12.6.1
|
||||
deprecated: false
|
||||
description: QDirStat is a graphical application to show where your disk space has gone and to help you to clean it up.
|
||||
home: https://truecharts.org/charts/stable/qdirstat
|
||||
@@ -21,9 +21,8 @@ sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/qdirstat
|
||||
- https://github.com/jlesage/docker-qdirstat
|
||||
type: application
|
||||
version: 3.0.13
|
||||
version: 4.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -11,23 +11,24 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: VNC_PASSWORD
|
||||
label: "VNC_PASSWORD"
|
||||
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
- variable: secretEnv
|
||||
group: "App Configuration"
|
||||
label: "Image Secrets"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: VNC_PASSWORD
|
||||
label: "VNC_PASSWORD"
|
||||
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: qdirstat
|
||||
group: "App Configuration"
|
||||
label: "QDirStat Configuration"
|
||||
@@ -75,7 +76,9 @@ questions:
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
@@ -162,12 +165,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1 +1 @@
|
||||
{{ include "tc.common.loader.all" . }}
|
||||
{{ include "tc.v1.common.loader.all" . }}
|
||||
|
||||
@@ -2,15 +2,6 @@ image:
|
||||
repository: tccr.io/truecharts/qdirstat
|
||||
tag: 23.02.2@sha256:acb8020059c185a9f5888ee59090d8663cfb483c76be9f93cb0771f637834019
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
@@ -24,21 +15,12 @@ service:
|
||||
enabled: true
|
||||
port: 10263
|
||||
targetPort: 5900
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: '{{ include "tc.common.names.fullname" . }}-qdirstat'
|
||||
|
||||
secretEnv:
|
||||
VNC_PASSWORD: ""
|
||||
|
||||
qdirstat:
|
||||
KEEP_APP_RUNNING: false
|
||||
DISPLAY_WIDTH: 1280
|
||||
DISPLAY_HEIGHT: 768
|
||||
SECURE_CONNECTION: false
|
||||
ENABLE_CJK_FONT: false
|
||||
|
||||
configmap:
|
||||
qdirstat:
|
||||
enabled: true
|
||||
@@ -48,7 +30,6 @@ configmap:
|
||||
SECURE_CONNECTION: '{{ ternary "1" "0" .Values.qdirstat.SECURE_CONNECTION }}'
|
||||
DISPLAY_WIDTH: "{{ .Values.qdirstat.DISPLAY_WIDTH }}"
|
||||
DISPLAY_HEIGHT: "{{ .Values.qdirstat.DISPLAY_HEIGHT }}"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
@@ -56,6 +37,34 @@ persistence:
|
||||
storage:
|
||||
enabled: true
|
||||
mountPath: "/storage"
|
||||
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: true
|
||||
securityContext:
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
- KILL
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
startup:
|
||||
type: tcp
|
||||
env:
|
||||
VNC_PASSWORD: ""
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "qdirstat"
|
||||
|
||||
@@ -3,7 +3,7 @@ appVersion: "23.02.3"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
version: 12.6.1
|
||||
deprecated: false
|
||||
description: tsMuxer is a Transport Stream muxer.
|
||||
home: https://truecharts.org/charts/stable/tsmuxer
|
||||
@@ -21,9 +21,8 @@ sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/tsmuxer
|
||||
- https://github.com/jlesage/docker-tsmuxer
|
||||
type: application
|
||||
version: 3.0.14
|
||||
version: 4.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- media
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -11,23 +11,24 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: VNC_PASSWORD
|
||||
label: "VNC_PASSWORD"
|
||||
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
- variable: secretEnv
|
||||
group: "App Configuration"
|
||||
label: "Image Secrets"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: VNC_PASSWORD
|
||||
label: "VNC_PASSWORD"
|
||||
description: "Password needed to connect to the application's GUI. See the VNC Password section for more details."
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
default: ""
|
||||
- variable: tsmuxer
|
||||
group: "App Configuration"
|
||||
label: "tsMuxeR Configuration"
|
||||
@@ -75,7 +76,9 @@ questions:
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
@@ -162,12 +165,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1 +1 @@
|
||||
{{ include "tc.common.loader.all" . }}
|
||||
{{ include "tc.v1.common.loader.all" . }}
|
||||
|
||||
@@ -2,15 +2,6 @@ image:
|
||||
repository: tccr.io/truecharts/tsmuxer
|
||||
tag: 23.02.3@sha256:9b419b4806415d38b9455e0c4513df2234daee5d0696d8b8fb91bb5f54ac2174
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
@@ -24,21 +15,12 @@ service:
|
||||
enabled: true
|
||||
port: 10275
|
||||
targetPort: 5900
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: '{{ include "tc.common.names.fullname" . }}-tsmuxer'
|
||||
|
||||
secretEnv:
|
||||
VNC_PASSWORD: ""
|
||||
|
||||
tsmuxer:
|
||||
KEEP_APP_RUNNING: false
|
||||
DISPLAY_WIDTH: 1280
|
||||
DISPLAY_HEIGHT: 768
|
||||
SECURE_CONNECTION: false
|
||||
ENABLE_CJK_FONT: false
|
||||
|
||||
configmap:
|
||||
tsmuxer:
|
||||
enabled: true
|
||||
@@ -48,7 +30,6 @@ configmap:
|
||||
SECURE_CONNECTION: '{{ ternary "1" "0" .Values.tsmuxer.SECURE_CONNECTION }}'
|
||||
DISPLAY_WIDTH: "{{ .Values.tsmuxer.DISPLAY_WIDTH }}"
|
||||
DISPLAY_HEIGHT: "{{ .Values.tsmuxer.DISPLAY_HEIGHT }}"
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
@@ -56,6 +37,34 @@ persistence:
|
||||
storage:
|
||||
enabled: true
|
||||
mountPath: "/storage"
|
||||
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: true
|
||||
securityContext:
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
securityContext:
|
||||
capabilities:
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
- KILL
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
startup:
|
||||
type: tcp
|
||||
env:
|
||||
VNC_PASSWORD: ""
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: "tsmuxer"
|
||||
|
||||
@@ -3,15 +3,12 @@ appVersion: "0.20.2"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
- condition: postgresql.enabled
|
||||
name: postgresql
|
||||
repository: https://deps.truecharts.org/
|
||||
version: 11.0.31
|
||||
version: 12.6.1
|
||||
|
||||
- condition: redis.enabled
|
||||
name: redis
|
||||
repository: https://deps.truecharts.org
|
||||
version: 5.0.33
|
||||
version: 6.0.21
|
||||
description: The to-do app to organize your life.
|
||||
home: https://truecharts.org/charts/stable/vikunja
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/vikunja.png
|
||||
@@ -26,9 +23,8 @@ name: vikunja
|
||||
sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/vikunja
|
||||
- https://vikunja.io/docs
|
||||
version: 7.0.1
|
||||
version: 8.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- productivity
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -838,7 +838,9 @@ questions:
|
||||
type: string
|
||||
required: true
|
||||
default: <frontend url>/migrate/microsoft-todo
|
||||
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: Main Service
|
||||
@@ -888,31 +890,32 @@ questions:
|
||||
# Include{ingressTraefik}
|
||||
# Include{ingressList}
|
||||
|
||||
# Include{podSecurityContextRoot}
|
||||
- variable: runAsUser
|
||||
label: runAsUser
|
||||
description: The UserID of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: runAsGroup
|
||||
description: The groupID this App of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{securityContextRoot}
|
||||
- variable: runAsUser
|
||||
label: "runAsUser"
|
||||
description: "The UserID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
- variable: fsGroup
|
||||
label: fsGroup
|
||||
description: The group that should own ALL storage.
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: fsGroup
|
||||
label: "fsGroup"
|
||||
description: "The group that should own ALL storage."
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
|
||||
# Include{resources}
|
||||
# Include{metrics}
|
||||
# Include{prometheusRule}
|
||||
# Include{advanced}
|
||||
# Include{addons}
|
||||
# Include{codeserver}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1,189 +1,196 @@
|
||||
{{/* Define the secrets */}}
|
||||
{{- define "vikunja.secrets" -}}
|
||||
|
||||
{{- $secretName := printf "%s-secret" (include "tc.common.names.fullname" .) -}}
|
||||
{{- $secretStorage := printf "%s-storage-secret" (include "tc.common.names.fullname" .) -}}
|
||||
|
||||
{{- $secretStorage := printf "%s-storage-secret" (include "tc.v1.common.lib.chart.names.fullname" .) -}}
|
||||
{{- $pgHost := printf "%v-cnpg-main-rw" (include "tc.v1.common.lib.chart.names.fullname" $) -}}
|
||||
{{- $jwtSecret := randAlphaNum 32 -}}
|
||||
{{- with lookup "v1" "Secret" .Release.Namespace $secretStorage -}}
|
||||
{{- $jwtSecret = index .data "JWT_SECRET" | b64dec -}}
|
||||
{{- end }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: {{ $secretStorage }}
|
||||
labels:
|
||||
{{- include "tc.common.labels" . | nindent 4 }}
|
||||
data:
|
||||
JWT_SECRET: {{ $jwtSecret | b64enc }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: {{ $secretName }}
|
||||
labels:
|
||||
{{- include "tc.common.labels" . | nindent 4 }}
|
||||
stringData:
|
||||
config.yml: |
|
||||
database:
|
||||
type: postgres
|
||||
user: {{ .Values.postgresql.postgresqlUsername }}
|
||||
password: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" }}
|
||||
host: {{ printf "%v-%v" .Release.Name "postgres" }}
|
||||
secret:
|
||||
secret-storage:
|
||||
enabled: true
|
||||
data:
|
||||
JWT_SECRET: {{ $jwtSecret }}
|
||||
|
||||
cache:
|
||||
enabled: true
|
||||
type: redis
|
||||
config:
|
||||
enabled: true
|
||||
data:
|
||||
config.yaml: |
|
||||
database:
|
||||
type: postgres
|
||||
user: {{ .Values.cnpg.main.user }}
|
||||
password: {{ .Values.cnpg.main.creds.password | trimAll "\"" }}
|
||||
host: {{ $pgHost }}
|
||||
|
||||
redis:
|
||||
enabled: true
|
||||
host: {{ printf "%v-%v:%v" .Release.Name "redis" "6379" }}
|
||||
password: {{ .Values.redis.redisPassword | trimAll "\""}}
|
||||
db: 0
|
||||
cache:
|
||||
enabled: true
|
||||
type: redis
|
||||
|
||||
keyvalue:
|
||||
type: redis
|
||||
redis:
|
||||
enabled: true
|
||||
host: {{ printf "%v-%v:%v" .Release.Name "redis" "6379" }}
|
||||
password: {{ .Values.redis.creds.redisPassword | trimAll "\""}}
|
||||
db: 0
|
||||
|
||||
service:
|
||||
interface: ":3456"
|
||||
JWTSecret: {{ $jwtSecret }}
|
||||
timezone: {{ .Values.TZ | quote }}
|
||||
jwtttl: {{ .Values.vikunja.service.jwtttl | int }}
|
||||
jwtttllong: {{ .Values.vikunja.service.jwtttllong | int }}
|
||||
frontendurl: {{ .Values.vikunja.service.frontendurl | quote }}
|
||||
maxitemsperpage: {{ .Values.vikunja.service.maxitemsperpage }}
|
||||
enablecaldav: {{ .Values.vikunja.service.enablecaldav }}
|
||||
motd: {{ .Values.vikunja.service.motd | quote }}
|
||||
enablelinksharing: {{ .Values.vikunja.service.enablelinksharing }}
|
||||
enableregistration: {{ .Values.vikunja.service.enableregistration }}
|
||||
enabletaskattachments: {{ .Values.vikunja.service.enabletaskattachments }}
|
||||
enabletaskcomments: {{ .Values.vikunja.service.enabletaskcomments }}
|
||||
enabletotp: {{ .Values.vikunja.service.enabletotp }}
|
||||
enableemailreminders: {{ .Values.vikunja.service.enableemailreminders }}
|
||||
enableuserdeletion: {{ .Values.vikunja.service.enableuserdeletion }}
|
||||
maxavatarsize: {{ .Values.vikunja.service.maxavatarsize }}
|
||||
keyvalue:
|
||||
type: redis
|
||||
|
||||
metrics:
|
||||
enabled: {{ .Values.metrics.enabled }}
|
||||
service:
|
||||
interface: ":3456"
|
||||
JWTSecret: {{ $jwtSecret }}
|
||||
timezone: {{ .Values.TZ | quote }}
|
||||
{{- /* Multiply by 1, so large integers are not rendered in scientific notation
|
||||
See: https://github.com/helm/helm/issues/1707#issuecomment-1167860346 */}}
|
||||
jwtttl: {{ mul .Values.vikunja.service.jwtttl 1 }}
|
||||
jwtttllong: {{ mul .Values.vikunja.service.jwtttllong 1 }}
|
||||
frontendurl: {{ .Values.vikunja.service.frontendurl | quote }}
|
||||
maxitemsperpage: {{ .Values.vikunja.service.maxitemsperpage }}
|
||||
enablecaldav: {{ .Values.vikunja.service.enablecaldav }}
|
||||
motd: {{ .Values.vikunja.service.motd | quote }}
|
||||
enablelinksharing: {{ .Values.vikunja.service.enablelinksharing }}
|
||||
enableregistration: {{ .Values.vikunja.service.enableregistration }}
|
||||
enabletaskattachments: {{ .Values.vikunja.service.enabletaskattachments }}
|
||||
enabletaskcomments: {{ .Values.vikunja.service.enabletaskcomments }}
|
||||
enabletotp: {{ .Values.vikunja.service.enabletotp }}
|
||||
enableemailreminders: {{ .Values.vikunja.service.enableemailreminders }}
|
||||
enableuserdeletion: {{ .Values.vikunja.service.enableuserdeletion }}
|
||||
maxavatarsize: {{ .Values.vikunja.service.maxavatarsize }}
|
||||
|
||||
cors:
|
||||
enabled: {{ .Values.vikunja.cors.enabled }}
|
||||
{{- with .Values.vikunja.cors.origins }}
|
||||
origins:
|
||||
{{- range . }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- else }}
|
||||
origins: []
|
||||
{{- end }}
|
||||
maxage: {{ .Values.vikunja.cors.maxage }}
|
||||
metrics:
|
||||
enabled: {{ .Values.metrics.enabled }}
|
||||
|
||||
mailer:
|
||||
enabled: {{ .Values.vikunja.mailer.enabled }}
|
||||
host: {{ .Values.vikunja.mailer.host | quote }}
|
||||
port: {{ .Values.vikunja.mailer.port }}
|
||||
authtype: {{ .Values.vikunja.mailer.authtype | quote }}
|
||||
username: {{ .Values.vikunja.mailer.username | quote }}
|
||||
password: {{ .Values.vikunja.mailer.password | quote }}
|
||||
skiptlsverify: {{ .Values.vikunja.mailer.skiptlsverify }}
|
||||
fromemail: {{ .Values.vikunja.mailer.fromemail | quote }}
|
||||
queuelength: {{ .Values.vikunja.mailer.queuelength }}
|
||||
queuetimeout: {{ .Values.vikunja.mailer.queuetimeout }}
|
||||
forcessl: {{ .Values.vikunja.mailer.forcessl }}
|
||||
|
||||
log:
|
||||
enabled: {{ .Values.vikunja.log.enabled }}
|
||||
path: {{ .Values.vikunja.log.path | quote }}
|
||||
standard: {{ .Values.vikunja.log.standard | quote }}
|
||||
level: {{ .Values.vikunja.log.level | quote }}
|
||||
database: {{ .Values.vikunja.log.database | quote }}}
|
||||
databaselevel: {{ .Values.vikunja.log.databaselevel | quote }}
|
||||
http: {{ .Values.vikunja.log.http | quote }}
|
||||
echo: {{ .Values.vikunja.log.echo | quote }}}
|
||||
events: {{ .Values.vikunja.log.events | quote }}
|
||||
eventslevel: {{ .Values.vikunja.log.eventslevel | quote }}
|
||||
|
||||
ratelimit:
|
||||
enabled: {{ .Values.vikunja.ratelimit.enabled }}}
|
||||
kind: {{ .Values.vikunja.ratelimit.kind | quote }}
|
||||
period: {{ .Values.vikunja.ratelimit.period }}
|
||||
limit: {{ .Values.vikunja.ratelimit.limit }}
|
||||
store: redis
|
||||
|
||||
files:
|
||||
maxsize: {{ .Values.vikunja.files.maxsize }}
|
||||
|
||||
avatar:
|
||||
gravatarexpiration: {{ .Values.vikunja.avatar.gravatarexpiration }}
|
||||
|
||||
legal:
|
||||
imprinturl: {{ .Values.vikunja.legal.imprinturl | quote }}
|
||||
privacyurl: {{ .Values.vikunja.legal.privacyurl | quote }}
|
||||
|
||||
backgrounds:
|
||||
enabled: {{ .Values.vikunja.backgrounds.enabled }}
|
||||
providers:
|
||||
upload:
|
||||
enabled: {{ .Values.vikunja.backgrounds.providers.upload.enabled }}
|
||||
unsplash:
|
||||
enabled: {{ .Values.vikunja.backgrounds.providers.unsplash.enabled }}
|
||||
accesstoken: {{ .Values.vikunja.backgrounds.providers.unsplash.accesstoken | quote }}
|
||||
applicationid: {{ .Values.vikunja.backgrounds.providers.unsplash.applicationid | quote }}
|
||||
|
||||
migration:
|
||||
todoist:
|
||||
enable: {{ .Values.vikunja.migration.todoist.enable }}
|
||||
clientid: {{ .Values.vikunja.migration.todoist.clientid | quote }}
|
||||
clientsecret: {{ .Values.vikunja.migration.todoist.clientsecret | quote }}
|
||||
redirecturl: {{ .Values.vikunja.migration.todoist.redirecturl | quote }}
|
||||
trello:
|
||||
enable: {{ .Values.vikunja.migration.trello.enable }}
|
||||
key: {{ .Values.vikunja.migration.trello.key | quote }}
|
||||
redirecturl: {{ .Values.vikunja.migration.trello.redirecturl | quote }}
|
||||
microsofttodo:
|
||||
enable: {{ .Values.vikunja.migration.microsofttodo.enable }}
|
||||
clientid: {{ .Values.vikunja.migration.microsofttodo.clientid | quote }}
|
||||
clientsecret: {{ .Values.vikunja.migration.microsofttodo.clientsecret | quote }}
|
||||
redirecturl: {{ .Values.vikunja.migration.microsofttodo.redirecturl | quote }}
|
||||
|
||||
auth:
|
||||
local:
|
||||
enabled: {{ .Values.vikunja.auth.local.enabled }}
|
||||
openid:
|
||||
enabled: {{ .Values.vikunja.auth.openid.enabled }}
|
||||
{{- with .Values.vikunja.auth.openid.redirecturl }}
|
||||
redirecturl: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.vikunja.auth.openid.providers }}
|
||||
providers:
|
||||
{{- range . }}
|
||||
- name: {{ .name | quote }}
|
||||
authurl: {{ .authurl | quote }}
|
||||
{{- with .logouturl }}
|
||||
logouturl: {{ . | quote }}
|
||||
cors:
|
||||
enabled: {{ .Values.vikunja.cors.enabled }}
|
||||
{{- with .Values.vikunja.cors.origins }}
|
||||
origins:
|
||||
{{- range . }}
|
||||
- {{ . | quote }}
|
||||
{{- end }}
|
||||
clientid: {{ .clientid | quote }}
|
||||
clientsecret: {{ .clientsecret | quote }}
|
||||
{{- else }}
|
||||
origins: []
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
maxage: {{ .Values.vikunja.cors.maxage }}
|
||||
|
||||
defaultsettings:
|
||||
avatar_provider: {{ .Values.vikunja.defaultsettings.avatar_provider | quote }}
|
||||
avatar_file_id: {{ .Values.vikunja.defaultsettings.avatar_file_id }}
|
||||
email_reminders_enabled: {{ .Values.vikunja.defaultsettings.email_reminders_enabled }}
|
||||
discoverable_by_name: {{ .Values.vikunja.defaultsettings.discoverable_by_name }}
|
||||
discoverable_by_email: {{ .Values.vikunja.defaultsettings.discoverable_by_email }}
|
||||
overdue_tasks_reminders_enabled: {{ .Values.vikunja.defaultsettings.overdue_tasks_reminders_enabled }}
|
||||
overdue_tasks_reminders_time: {{ .Values.vikunja.defaultsettings.overdue_tasks_reminders_time | quote }}
|
||||
default_list_id: {{ .Values.vikunja.defaultsettings.default_list_id }}
|
||||
week_start: {{ .Values.vikunja.defaultsettings.week_start }}
|
||||
{{- with .Values.vikunja.defaultsettings.language }}
|
||||
language: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.vikunja.defaultsettings.timezone }}
|
||||
timezone: {{ . | quote }}
|
||||
{{- end }}
|
||||
mailer:
|
||||
enabled: {{ .Values.vikunja.mailer.enabled }}
|
||||
host: {{ .Values.vikunja.mailer.host | quote }}
|
||||
port: {{ .Values.vikunja.mailer.port }}
|
||||
authtype: {{ .Values.vikunja.mailer.authtype | quote }}
|
||||
username: {{ .Values.vikunja.mailer.username | quote }}
|
||||
password: {{ .Values.vikunja.mailer.password | quote }}
|
||||
skiptlsverify: {{ .Values.vikunja.mailer.skiptlsverify }}
|
||||
fromemail: {{ .Values.vikunja.mailer.fromemail | quote }}
|
||||
queuelength: {{ .Values.vikunja.mailer.queuelength }}
|
||||
queuetimeout: {{ .Values.vikunja.mailer.queuetimeout }}
|
||||
forcessl: {{ .Values.vikunja.mailer.forcessl }}
|
||||
|
||||
log:
|
||||
enabled: {{ .Values.vikunja.log.enabled }}
|
||||
path: {{ .Values.vikunja.log.path | quote }}
|
||||
standard: {{ .Values.vikunja.log.standard | quote }}
|
||||
level: {{ .Values.vikunja.log.level | quote }}
|
||||
database: {{ .Values.vikunja.log.database | quote }}
|
||||
databaselevel: {{ .Values.vikunja.log.databaselevel | quote }}
|
||||
http: {{ .Values.vikunja.log.http | quote }}
|
||||
echo: {{ .Values.vikunja.log.echo | quote }}
|
||||
events: {{ .Values.vikunja.log.events | quote }}
|
||||
eventslevel: {{ .Values.vikunja.log.eventslevel | quote }}
|
||||
|
||||
ratelimit:
|
||||
enabled: {{ .Values.vikunja.ratelimit.enabled }}
|
||||
kind: {{ .Values.vikunja.ratelimit.kind | quote }}
|
||||
period: {{ .Values.vikunja.ratelimit.period }}
|
||||
limit: {{ .Values.vikunja.ratelimit.limit }}
|
||||
store: redis
|
||||
|
||||
files:
|
||||
maxsize: {{ .Values.vikunja.files.maxsize }}
|
||||
|
||||
avatar:
|
||||
gravatarexpiration: {{ .Values.vikunja.avatar.gravatarexpiration }}
|
||||
|
||||
legal:
|
||||
imprinturl: {{ .Values.vikunja.legal.imprinturl | quote }}
|
||||
privacyurl: {{ .Values.vikunja.legal.privacyurl | quote }}
|
||||
|
||||
backgrounds:
|
||||
enabled: {{ .Values.vikunja.backgrounds.enabled }}
|
||||
providers:
|
||||
upload:
|
||||
enabled: {{ .Values.vikunja.backgrounds.providers.upload.enabled }}
|
||||
unsplash:
|
||||
enabled: {{ .Values.vikunja.backgrounds.providers.unsplash.enabled }}
|
||||
accesstoken: {{ .Values.vikunja.backgrounds.providers.unsplash.accesstoken | quote }}
|
||||
applicationid: {{ .Values.vikunja.backgrounds.providers.unsplash.applicationid | quote }}
|
||||
|
||||
migration:
|
||||
todoist:
|
||||
enable: {{ .Values.vikunja.migration.todoist.enable }}
|
||||
clientid: {{ .Values.vikunja.migration.todoist.clientid | quote }}
|
||||
clientsecret: {{ .Values.vikunja.migration.todoist.clientsecret | quote }}
|
||||
redirecturl: {{ .Values.vikunja.migration.todoist.redirecturl | quote }}
|
||||
trello:
|
||||
enable: {{ .Values.vikunja.migration.trello.enable }}
|
||||
key: {{ .Values.vikunja.migration.trello.key | quote }}
|
||||
redirecturl: {{ .Values.vikunja.migration.trello.redirecturl | quote }}
|
||||
microsofttodo:
|
||||
enable: {{ .Values.vikunja.migration.microsofttodo.enable }}
|
||||
clientid: {{ .Values.vikunja.migration.microsofttodo.clientid | quote }}
|
||||
clientsecret: {{ .Values.vikunja.migration.microsofttodo.clientsecret | quote }}
|
||||
redirecturl: {{ .Values.vikunja.migration.microsofttodo.redirecturl | quote }}
|
||||
|
||||
auth:
|
||||
local:
|
||||
enabled: {{ .Values.vikunja.auth.local.enabled }}
|
||||
openid:
|
||||
enabled: {{ .Values.vikunja.auth.openid.enabled }}
|
||||
{{- with .Values.vikunja.auth.openid.redirecturl }}
|
||||
redirecturl: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.vikunja.auth.openid.providers }}
|
||||
providers:
|
||||
{{- range . }}
|
||||
- name: {{ .name | quote }}
|
||||
authurl: {{ .authurl | quote }}
|
||||
{{- with .logouturl }}
|
||||
logouturl: {{ . | quote }}
|
||||
{{- end }}
|
||||
clientid: {{ .clientid | quote }}
|
||||
clientsecret: {{ .clientsecret | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
defaultsettings:
|
||||
avatar_provider: {{ .Values.vikunja.defaultsettings.avatar_provider | quote }}
|
||||
avatar_file_id: {{ .Values.vikunja.defaultsettings.avatar_file_id }}
|
||||
email_reminders_enabled: {{ .Values.vikunja.defaultsettings.email_reminders_enabled }}
|
||||
discoverable_by_name: {{ .Values.vikunja.defaultsettings.discoverable_by_name }}
|
||||
discoverable_by_email: {{ .Values.vikunja.defaultsettings.discoverable_by_email }}
|
||||
overdue_tasks_reminders_enabled: {{ .Values.vikunja.defaultsettings.overdue_tasks_reminders_enabled }}
|
||||
overdue_tasks_reminders_time: {{ .Values.vikunja.defaultsettings.overdue_tasks_reminders_time | quote }}
|
||||
default_list_id: {{ .Values.vikunja.defaultsettings.default_list_id }}
|
||||
week_start: {{ .Values.vikunja.defaultsettings.week_start }}
|
||||
{{- with .Values.vikunja.defaultsettings.language }}
|
||||
language: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.vikunja.defaultsettings.timezone }}
|
||||
timezone: {{ . | quote }}
|
||||
{{- end }}
|
||||
|
||||
configmap:
|
||||
nginx-config:
|
||||
enabled: true
|
||||
data:
|
||||
nginx-config: |
|
||||
server {
|
||||
listen {{ .Values.service.main.ports.main.port }};
|
||||
location / {
|
||||
proxy_pass http://localhost:80;
|
||||
}
|
||||
location ~* ^/(api|dav|\.well-known)/ {
|
||||
proxy_pass http://localhost:3456;
|
||||
client_max_body_size {{ .Values.vikunja.files.maxsize | upper | trimSuffix "B" }};
|
||||
}
|
||||
}
|
||||
{{- end -}}
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
{{- include "tc.common.loader.init" . }}
|
||||
{{- include "tc.v1.common.loader.init" . }}
|
||||
|
||||
{{ include "vikunja.secrets" . }}
|
||||
{{- $secrets := include "vikunja.secrets" . | fromYaml -}}
|
||||
{{- if $secrets -}}
|
||||
{{- $_ := mustMergeOverwrite .Values $secrets -}}
|
||||
{{- end -}}
|
||||
|
||||
{{ include "tc.common.loader.apply" . }}
|
||||
{{ include "tc.v1.common.loader.apply" . }}
|
||||
|
||||
@@ -2,39 +2,58 @@ image:
|
||||
repository: tccr.io/truecharts/vikunja-api
|
||||
tag: 0.20.2@sha256:408c9e649901a27bf7f9b6f009de0e90e6c898413b1bc95f49c5ee9051f82dc0
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
frontendImage:
|
||||
repository: tccr.io/truecharts/vikunja-frontend
|
||||
tag: 0.20.3@sha256:f8b46f3e31991656d2a774f48118a2affa9a9df8454ab41bac8f318d17cde6c9
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
nginxImage:
|
||||
repository: tccr.io/truecharts/nginx
|
||||
tag: 1.23.4@sha256:7e6b4bc511d01b48171cb3c345a67802297c77143c1411e22c5cf7e8acbf1915
|
||||
tag: 1.23.3@sha256:0d92357c536291f04dad45f9af95dbdad46fb7a6e940f981a3a332f9d5279665
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
configmap:
|
||||
nginx-config:
|
||||
enabled: true
|
||||
data:
|
||||
nginx-config: |
|
||||
server {
|
||||
listen {{ .Values.service.main.ports.main.port }};
|
||||
location / {
|
||||
proxy_pass http://localhost:80;
|
||||
}
|
||||
location ~* ^/(api|dav|\.well-known)/ {
|
||||
proxy_pass http://localhost:3456;
|
||||
client_max_body_size {{ .Values.vikunja.files.maxsize | upper | trimSuffix "B" }};
|
||||
}
|
||||
}
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
probes:
|
||||
liveness:
|
||||
type: http
|
||||
port: 3456
|
||||
path: /health
|
||||
readiness:
|
||||
type: http
|
||||
port: 3456
|
||||
path: /health
|
||||
startup:
|
||||
type: http
|
||||
port: 3456
|
||||
path: /health
|
||||
frontend:
|
||||
enabled: true
|
||||
imageSelector: frontendImage
|
||||
probes:
|
||||
liveness:
|
||||
type: http
|
||||
port: 80
|
||||
readiness:
|
||||
type: http
|
||||
port: 80
|
||||
startup:
|
||||
type: http
|
||||
port: 80
|
||||
proxy:
|
||||
enabled: true
|
||||
imageSelector: nginxImage
|
||||
probes:
|
||||
liveness:
|
||||
type: http
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
readiness:
|
||||
type: http
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
startup:
|
||||
type: http
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
|
||||
vikunja:
|
||||
service:
|
||||
@@ -118,13 +137,12 @@ vikunja:
|
||||
openid:
|
||||
enabled: false
|
||||
redirecturl: ""
|
||||
providers:
|
||||
[]
|
||||
# - name: ""
|
||||
# authurl: ""
|
||||
# logouturl: ""
|
||||
# clientid: ""
|
||||
# clientsecret: ""
|
||||
providers: []
|
||||
# - name: ""
|
||||
# authurl: ""
|
||||
# logouturl: ""
|
||||
# clientid: ""
|
||||
# clientsecret: ""
|
||||
migration:
|
||||
todoist:
|
||||
enable: false
|
||||
@@ -147,25 +165,6 @@ service:
|
||||
main:
|
||||
port: 10220
|
||||
|
||||
additionalContainers:
|
||||
frontend:
|
||||
name: frontend
|
||||
image: "{{ .Values.frontendImage.repository }}:{{ .Values.frontendImage.tag }}"
|
||||
ports:
|
||||
- containerPort: 80
|
||||
name: http
|
||||
proxy:
|
||||
name: proxy
|
||||
image: "{{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}"
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: main
|
||||
volumeMounts:
|
||||
- name: vikunja-nginx
|
||||
mountPath: /etc/nginx/conf.d/default.conf
|
||||
subPath: nginx-config
|
||||
readOnly: true
|
||||
|
||||
persistence:
|
||||
files:
|
||||
enabled: true
|
||||
@@ -173,53 +172,47 @@ persistence:
|
||||
vikunja-nginx:
|
||||
enabled: true
|
||||
noMount: true
|
||||
mountPath: /etc/nginx/conf.d/default.conf
|
||||
subPath: nginx-config
|
||||
type: configMap
|
||||
objectName: '{{ template "tc.common.names.fullname" . }}-nginx-config'
|
||||
type: configmap
|
||||
objectName: nginx-config
|
||||
targetSelector:
|
||||
main:
|
||||
proxy:
|
||||
mountPath: /etc/nginx/conf.d/default.conf
|
||||
subPath: nginx-config
|
||||
vikunja-config:
|
||||
enabled: true
|
||||
mountPath: /etc/vikunja
|
||||
subPath: config.yml
|
||||
type: secret
|
||||
objectName: '{{ template "tc.common.names.fullname" . }}-secret'
|
||||
|
||||
objectName: config
|
||||
targetSelector:
|
||||
main:
|
||||
main:
|
||||
subPath: config.yaml
|
||||
mountPath: /etc/vikunja/config.yaml
|
||||
metrics:
|
||||
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
|
||||
# @default -- See values.yaml
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
interval: 1m
|
||||
scrapeTimeout: 30s
|
||||
labels: {}
|
||||
# -- Enable and configure Prometheus Rules for the chart under this key.
|
||||
# @default -- See values.yaml
|
||||
prometheusRule:
|
||||
enabled: false
|
||||
labels: {}
|
||||
# -- Configure additionial rules for the chart under this key.
|
||||
# @default -- See prometheusrules.yaml
|
||||
rules:
|
||||
[]
|
||||
# - alert: UnifiPollerAbsent
|
||||
# annotations:
|
||||
# description: Unifi Poller has disappeared from Prometheus service discovery.
|
||||
# summary: Unifi Poller is down.
|
||||
# expr: |
|
||||
# absent(up{job=~".*unifi-poller.*"} == 1)
|
||||
# for: 5m
|
||||
# labels:
|
||||
# severity: critical
|
||||
|
||||
postgresql:
|
||||
enabled: true
|
||||
existingSecret: dbcreds
|
||||
postgresqlUsername: vikunja
|
||||
postgresqlDatabase: vikunja
|
||||
main:
|
||||
enabled: true
|
||||
type: "servicemonitor"
|
||||
prometheusRule:
|
||||
enabled: false
|
||||
cnpg:
|
||||
main:
|
||||
enabled: true
|
||||
user: vikunja
|
||||
database: vikunja
|
||||
|
||||
redis:
|
||||
enabled: true
|
||||
existingSecret: rediscreds
|
||||
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: true
|
||||
|
||||
securityContext:
|
||||
container:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
capabilities:
|
||||
add:
|
||||
- NET_BIND_SERVICE
|
||||
|
||||
@@ -3,7 +3,7 @@ appVersion: "latest"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 11.1.2
|
||||
version: 12.6.1
|
||||
deprecated: false
|
||||
description: The easiest way to run WireGuard VPN + Web-based Admin UI.
|
||||
home: https://truecharts.org/charts/stable/wg-easy
|
||||
@@ -22,9 +22,8 @@ sources:
|
||||
- https://github.com/truecharts/charts/tree/master/charts/stable/wg-easy
|
||||
- https://github.com/WeeJeWel/wg-easy
|
||||
type: application
|
||||
version: 3.0.8
|
||||
version: 4.0.0
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- networking
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
|
||||
@@ -10,68 +10,63 @@ questions:
|
||||
# Include{replicas1}
|
||||
# Include{podSpec}
|
||||
# Include{containerMain}
|
||||
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: WG_HOST
|
||||
label: "WG_HOST"
|
||||
description: "The public hostname of your VPN server."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: WG_MTU
|
||||
label: "WG_MTU"
|
||||
description: "The MTU the clients will use. Server uses default WG MTU."
|
||||
schema:
|
||||
type: int
|
||||
default: 1420
|
||||
- variable: WG_PERSISTENT_KEEPALIVE
|
||||
label: "WG_PERSISTENT_KEEPALIVE"
|
||||
description: "Value in seconds to keep the connection open."
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: WG_DEFAULT_ADDRESS
|
||||
label: "WG_DEFAULT_ADDRESS"
|
||||
description: "Clients IP address range."
|
||||
schema:
|
||||
type: string
|
||||
default: "10.8.0.x"
|
||||
- variable: WG_DEFAULT_DNS
|
||||
label: "WG_DEFAULT_DNS"
|
||||
description: "Clients default DNS IP"
|
||||
schema:
|
||||
type: string
|
||||
default: "1.1.1.1"
|
||||
- variable: WG_ALLOWED_IPS
|
||||
label: "WG_ALLOWED_IPS"
|
||||
description: "Allowed IPs clients will use."
|
||||
schema:
|
||||
type: string
|
||||
default: "0.0.0.0/0, ::/0"
|
||||
- variable: PASSWORD
|
||||
label: "ADMIN_PASSWORD"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
required: true
|
||||
default: ""
|
||||
# Include{containerBasic}
|
||||
# Include{containerAdvanced}
|
||||
|
||||
- variable: env
|
||||
group: "App Configuration"
|
||||
label: "Image Environment"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: WG_HOST
|
||||
label: "WG_HOST"
|
||||
description: "The public hostname of your VPN server."
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: WG_MTU
|
||||
label: "WG_MTU"
|
||||
description: "The MTU the clients will use. Server uses default WG MTU."
|
||||
schema:
|
||||
type: int
|
||||
default: 1420
|
||||
- variable: WG_PERSISTENT_KEEPALIVE
|
||||
label: "WG_PERSISTENT_KEEPALIVE"
|
||||
description: "Value in seconds to keep the connection open."
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: WG_DEFAULT_ADDRESS
|
||||
label: "WG_DEFAULT_ADDRESS"
|
||||
description: "Clients IP address range."
|
||||
schema:
|
||||
type: string
|
||||
default: "10.8.0.x"
|
||||
- variable: WG_DEFAULT_DNS
|
||||
label: "WG_DEFAULT_DNS"
|
||||
description: "Clients default DNS IP"
|
||||
schema:
|
||||
type: string
|
||||
default: "1.1.1.1"
|
||||
- variable: WG_ALLOWED_IPS
|
||||
label: "WG_ALLOWED_IPS"
|
||||
description: "Allowed IPs clients will use."
|
||||
schema:
|
||||
type: string
|
||||
default: "0.0.0.0/0, ::/0"
|
||||
- variable: secretEnv
|
||||
group: "App Configuration"
|
||||
label: "Image Secrets"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: PASSWORD
|
||||
label: "ADMIN_PASSWORD"
|
||||
schema:
|
||||
type: string
|
||||
private: true
|
||||
required: true
|
||||
default: ""
|
||||
# Include{containerConfig}
|
||||
# Include{podOptions}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: "Main Service"
|
||||
@@ -151,12 +146,12 @@ questions:
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID this App of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
- variable: runAsGroup
|
||||
label: "runAsGroup"
|
||||
description: "The groupID of the user running the application"
|
||||
schema:
|
||||
type: int
|
||||
default: 0
|
||||
# Include{securityContextContainer}
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{securityContextPod}
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
{{- include "tc.v1.common.lib.chart.notes" $ -}}
|
||||
@@ -1 +1 @@
|
||||
{{ include "tc.common.loader.all" . }}
|
||||
{{ include "tc.v1.common.loader.all" . }}
|
||||
|
||||
@@ -2,33 +2,6 @@ image:
|
||||
repository: tccr.io/truecharts/wg-easy
|
||||
pullPolicy: IfNotPresent
|
||||
tag: latest@sha256:5cc96ad86c87fb2ebc7dab65fc5b190ff0dcce370d0b9afa4aa4b5b2580a5000
|
||||
|
||||
securityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
|
||||
security:
|
||||
PUID: 0
|
||||
|
||||
podSecurityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
|
||||
secretEnv:
|
||||
PASSWORD: "secretpass"
|
||||
|
||||
env:
|
||||
WG_HOST: "localhost"
|
||||
WG_MTU: 1420
|
||||
WG_PERSISTENT_KEEPALIVE: 0
|
||||
WG_DEFAULT_ADDRESS: "10.8.0.x"
|
||||
WG_DEFAULT_DNS: "1.1.1.1"
|
||||
WG_ALLOWED_IPS: "0.0.0.0/0, ::/0"
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
@@ -40,14 +13,45 @@ service:
|
||||
ports:
|
||||
vpn:
|
||||
enabled: true
|
||||
protocol: UDP
|
||||
protocol: udp
|
||||
port: 51820
|
||||
targetPort: 51820
|
||||
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
mountPath: "/etc/wireguard"
|
||||
|
||||
portal:
|
||||
enabled: true
|
||||
open:
|
||||
enabled: true
|
||||
securityContext:
|
||||
container:
|
||||
PUID: 0
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
readOnlyRootFilesystem: false
|
||||
runAsNonRoot: false
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
- NET_RAW
|
||||
- SYS_MODULE
|
||||
workload:
|
||||
main:
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
probes:
|
||||
liveness:
|
||||
type: tcp
|
||||
readiness:
|
||||
type: tcp
|
||||
startup:
|
||||
type: tcp
|
||||
env:
|
||||
WG_HOST: "localhost"
|
||||
WG_MTU: 1420
|
||||
WG_PERSISTENT_KEEPALIVE: 0
|
||||
WG_DEFAULT_ADDRESS: "10.8.0.x"
|
||||
WG_DEFAULT_DNS: "1.1.1.1"
|
||||
WG_ALLOWED_IPS: "0.0.0.0/0, ::/0"
|
||||
PASSWORD: "secretpass"
|
||||
|
||||
Reference in New Issue
Block a user