From 3fd0781699e5cd0b982c837928af9c96c9ffacba Mon Sep 17 00:00:00 2001 From: ace Date: Sun, 31 Jul 2022 06:27:41 +0300 Subject: [PATCH] mass update and migrate to networking.k8s.io/v1 api --- adguard-home/Chart.yaml | 2 +- adguard-home/templates/_helpers.tpl | 74 +++++++++++--- adguard-home/templates/ingress.yaml | 69 ++++++++----- adguard-home/templates/service.yaml | 2 +- adguard-home/values.yaml | 11 ++- bitwarden/Chart.yaml | 4 +- bitwarden/templates/ingress.yaml | 50 +++++++++- bitwarden/values.yaml | 7 +- mastodon/Chart.yaml | 2 +- mastodon/templates/ingress.yaml | 26 +++-- mastodon/values.yaml | 147 +++++++++++++++++++++++----- peertube/Chart.yaml | 2 +- peertube/values.yaml | 21 ++-- playmaker/Chart.yaml | 2 +- playmaker/values.yaml | 7 +- pypiserver/Chart.yaml | 2 +- pypiserver/templates/_helpers.tpl | 75 ++++++++++++-- pypiserver/templates/ingress.yaml | 70 ++++++++----- pypiserver/values.yaml | 16 +-- roundcube/Chart.yaml | 2 +- roundcube/values.yaml | 9 +- wikijs/Chart.yaml | 2 +- wikijs/templates/ingress.yaml | 50 +++++++--- wikijs/values.yaml | 9 +- 24 files changed, 497 insertions(+), 164 deletions(-) diff --git a/adguard-home/Chart.yaml b/adguard-home/Chart.yaml index ffcb48f..8fcd231 100644 --- a/adguard-home/Chart.yaml +++ b/adguard-home/Chart.yaml @@ -12,4 +12,4 @@ maintainers: name: adguard-home sources: - https://github.com/AdguardTeam/AdGuardHome -version: 2.2.13 +version: 2.3.0 diff --git a/adguard-home/templates/_helpers.tpl b/adguard-home/templates/_helpers.tpl index a6d7f87..1c28bc5 100644 --- a/adguard-home/templates/_helpers.tpl +++ b/adguard-home/templates/_helpers.tpl @@ -1,10 +1,9 @@ -{{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} {{- define "adguard-home.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} {{/* Create a default fully qualified app name. @@ -12,21 +11,68 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "adguard-home.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "adguard-home.postgresql.fullname" -}} +{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Create a default fully qualified redis app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "adguard-home.redis.fullname" -}} +{{- printf "%s-%s" .Release.Name "redis" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Create chart name and version as used by the chart label. */}} {{- define "adguard-home.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "adguard-home.labels" -}} +helm.sh/chart: {{ include "adguard-home.chart" . }} +{{ include "adguard-home.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "adguard-home.selectorLabels" -}} +app.kubernetes.io/name: {{ include "adguard-home.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "adguard-home.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "adguard-home.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/adguard-home/templates/ingress.yaml b/adguard-home/templates/ingress.yaml index 67a5519..e4dd94c 100644 --- a/adguard-home/templates/ingress.yaml +++ b/adguard-home/templates/ingress.yaml @@ -1,38 +1,61 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "adguard-home.fullname" . -}} -{{- $ingressPath := .Values.ingress.path -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} apiVersion: extensions/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }} labels: - app.kubernetes.io/name: {{ include "adguard-home.name" . }} - helm.sh/chart: {{ include "adguard-home.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- with .Values.ingress.annotations }} + {{- include "adguard-home.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.hosts }} - - host: {{ . | quote }} + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} http: paths: - - path: {{ $ingressPath }} + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} serviceName: {{ $fullName }} - servicePort: http - {{- end }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/adguard-home/templates/service.yaml b/adguard-home/templates/service.yaml index 6b64150..33c9d98 100644 --- a/adguard-home/templates/service.yaml +++ b/adguard-home/templates/service.yaml @@ -26,7 +26,7 @@ spec: {{- end }} externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} ports: - - port: 3000 + - port: {{ .Values.service.port }} targetPort: http protocol: TCP name: http diff --git a/adguard-home/values.yaml b/adguard-home/values.yaml index 9e6e2b1..545c04c 100644 --- a/adguard-home/values.yaml +++ b/adguard-home/values.yaml @@ -195,18 +195,18 @@ timezone: "UTC" ingress: enabled: false + className: "" annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - path: / hosts: - - chart-example.local + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: # - chart-example.local - # Probes configuration probes: liveness: @@ -235,6 +235,7 @@ service: annotations: {} # metallb.universe.tf/address-pool: network-services # metallb.universe.tf/allow-shared-ip: adguard-home-svc + port: 80 serviceTCP: enabled: false diff --git a/bitwarden/Chart.yaml b/bitwarden/Chart.yaml index d6c732a..661a47e 100644 --- a/bitwarden/Chart.yaml +++ b/bitwarden/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 1.25.1 +appVersion: 1.25.2 description: Unofficial Bitwarden compatible server written in Rust home: https://github.com/k8s-at-home/charts/tree/master/charts/bitwardenrs icon: https://raw.githubusercontent.com/bitwarden/brand/master/icons/256x256.png @@ -17,4 +17,4 @@ name: bitwarden sources: - https://github.com/dani-garcia/bitwarden_rs type: application -version: 2.0.13 +version: 2.0.15 diff --git a/bitwarden/templates/ingress.yaml b/bitwarden/templates/ingress.yaml index 421a2fc..1952e4b 100644 --- a/bitwarden/templates/ingress.yaml +++ b/bitwarden/templates/ingress.yaml @@ -2,7 +2,14 @@ {{- $fullName := include "bitwarden.fullname" . -}} {{- $svcPort := .Values.service.port -}} {{- $websockets := .Values.bitwarden.websockets -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} apiVersion: extensions/v1beta1 @@ -17,6 +24,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} {{- if .Values.ingress.tls }} tls: {{- range .Values.ingress.tls }} @@ -33,20 +43,50 @@ spec: http: paths: {{- range .paths }} - - path: {{ . }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} serviceName: {{ $fullName }} servicePort: {{ $svcPort }} + {{- end }} {{- if $websockets.enabled }} - - path: {{ . | trimSuffix "/" }}/notifications/hub + - path: {{ .path | trimSuffix "/" }}/notifications/hub + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $websockets.port }} + {{- else }} serviceName: {{ $fullName }} servicePort: {{ $websockets.port }} - - path: {{ . | trimSuffix "/" }}/notifications/hub/negotiate + {{- end }} + - path: {{ .path | trimSuffix "/" }}/notifications/hub/negotiate + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} serviceName: {{ $fullName }} servicePort: {{ $svcPort}} + {{- end }} {{- end }} {{- end }} {{- end }} - {{- end }} +{{- end }} diff --git a/bitwarden/values.yaml b/bitwarden/values.yaml index 080101f..f06f02e 100644 --- a/bitwarden/values.yaml +++ b/bitwarden/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: vaultwarden/server pullPolicy: IfNotPresent - tag: "1.25.1" + tag: "1.25.2" imagePullSecrets: [] nameOverride: "" @@ -146,12 +146,15 @@ service: ingress: enabled: false + className: "" annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local - paths: [] + paths: + - path: / + pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: diff --git a/mastodon/Chart.yaml b/mastodon/Chart.yaml index 93ee801..c2cc769 100644 --- a/mastodon/Chart.yaml +++ b/mastodon/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.7 +version: 0.3.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/mastodon/templates/ingress.yaml b/mastodon/templates/ingress.yaml index 7295297..2c18ae9 100644 --- a/mastodon/templates/ingress.yaml +++ b/mastodon/templates/ingress.yaml @@ -2,7 +2,12 @@ {{- $fullName := include "mastodon.fullname" . -}} {{- $webPort := .Values.mastodon.web.port -}} {{- $streamingPort := .Values.mastodon.streaming.port -}} -{{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1 {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 @@ -19,6 +24,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} {{- if .Values.ingress.tls }} tls: {{- range .Values.ingress.tls }} @@ -36,8 +44,11 @@ spec: paths: {{- range .paths }} - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} backend: - {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} service: name: {{ $fullName }}-web port: @@ -46,12 +57,12 @@ spec: serviceName: {{ $fullName }}-web servicePort: {{ $webPort }} {{- end }} - {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} - pathType: ImplementationSpecific - {{- end }} - path: {{ .path }}api/v1/streaming + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} backend: - {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} service: name: {{ $fullName }}-streaming port: @@ -60,9 +71,6 @@ spec: serviceName: {{ $fullName }}-streaming servicePort: {{ $streamingPort }} {{- end }} - {{- if or ($.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress") (not ($.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress")) }} - pathType: ImplementationSpecific - {{- end }} {{- end }} {{- end }} {{- end }} diff --git a/mastodon/values.yaml b/mastodon/values.yaml index cc7425c..99554ba 100644 --- a/mastodon/values.yaml +++ b/mastodon/values.yaml @@ -29,6 +29,9 @@ mastodon: # available locales: https://github.com/tootsuite/mastodon/blob/master/config/application.rb#L43 locale: en local_domain: mastodon.local + # Use of WEB_DOMAIN requires careful consideration: https://docs.joinmastodon.org/admin/config/#federation + # You must redirect the path LOCAL_DOMAIN/.well-known/ to WEB_DOMAIN/.well-known/ as described + # web_domain: mastodon.example.com persistence: assets: # ReadWriteOnce is more widely supported than ReadWriteMany, but limits @@ -51,6 +54,8 @@ mastodon: endpoint: https://us-east-1.linodeobjects.com hostname: us-east-1.linodeobjects.com region: "" + # If you have a caching proxy, enter its base URL here. + alias_host: "" # these must be set manually; autogenerated keys are rotated on each upgrade secrets: secret_key_base: "" @@ -62,7 +67,7 @@ mastodon: concurrency: 25 smtp: auth_method: plain - ca_file: + ca_file: /etc/ssl/certs/ca-certificates.crt delivery_method: smtp domain: enable_starttls_auto: true @@ -80,29 +85,28 @@ mastodon: # the node running the pod, which is unrelated to the resources allocated to # the pod by k8s workers: 1 + # The base url for streaming can be set if the streaming API is deployed to + # a different domain/subdomain. + # base_url: wws://streaming.example.com web: port: 3000 ingress: - enabled: true + enabled: false + className: "" annotations: {} - #kubernetes.io/ingress.class: nginx - #kubernetes.io/tls-acme: "true" - # cert-manager.io/cluster-issuer: "letsencrypt" - # - # ensure that NGINX's upload size matches Mastodon's - # for the K8s ingress controller: - # nginx.ingress.kubernetes.io/proxy-body-size: 40m - # for the NGINX ingress controller: - # nginx.org/client-max-body-size: 40m + # nginx.ingress.kubernetes.io/proxy-body-size: "0" + # nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + # nginx.ingress.kubernetes.io/proxy-send-timeout: "600" hosts: - - host: mastodon.local + - host: chart-example.local paths: - - path: '/' - tls: - - secretName: mastodon-tls - hosts: - - mastodon.local + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local # https://github.com/bitnami/charts/tree/master/bitnami/elasticsearch#parameters elasticsearch: @@ -112,10 +116,8 @@ elasticsearch: # RAILS_ENV=production bundle exec rake chewy:sync # (https://docs.joinmastodon.org/admin/optional/elasticsearch/) enabled: true - # may be removed once https://github.com/tootsuite/mastodon/pull/13828 is part - # of a tagged release image: - tag: 6 + tag: 7 # https://github.com/bitnami/charts/tree/master/bitnami/postgresql#parameters postgresql: @@ -132,14 +134,113 @@ postgresql: # https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters redis: - enabled: true - auth: - password: "" + # you must set a password; the password generated by the redis chart will be + # rotated on each upgrade: + password: "" service: type: ClusterIP port: 80 +externalAuth: + oidc: + # OpenID Connect support is proposed in PR #16221 and awaiting merge. + enabled: false + # display_name: "example-label" + # issuer: https://login.example.space/auth/realms/example-space + # discovery: true + # scope: "openid,profile" + # uid_field: uid + # client_id: mastodon + # client_secret: SECRETKEY + # redirect_uri: https://example.com/auth/auth/openid_connect/callback + # assume_email_is_verified: true + # client_auth_method: + # response_type: + # response_mode: + # display: + # prompt: + # send_nonce: + # send_scope_to_token_endpoint: + # idp_logout_redirect_uri: + # http_scheme: + # host: + # port: + # jwks_uri: + # auth_endpoint: + # token_endpoint: + # user_info_endpoint: + # end_session_endpoint: + saml: + enabled: false + # acs_url: http://mastodon.example.com/auth/auth/saml/callback + # issuer: mastodon + # idp_sso_target_url: https://login.example.com/auth/realms/example/protocol/saml + # idp_cert: '-----BEGIN CERTIFICATE-----[your_cert_content]-----END CERTIFICATE-----' + # idp_cert_fingerprint: + # name_identifier_format: urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + # cert: + # private_key: + # want_assertion_signed: true + # want_assertion_encrypted: true + # assume_email_is_verified: true + # uid_attribute: "urn:oid:0.9.2342.19200300.100.1.1" + # attributes_statements: + # uid: "urn:oid:0.9.2342.19200300.100.1.1" + # email: "urn:oid:1.3.6.1.4.1.5923.1.1.1.6" + # full_name: "urn:oid:2.16.840.1.113730.3.1.241" + # first_name: "urn:oid:2.5.4.42" + # last_name: "urn:oid:2.5.4.4" + # verified: + # verified_email: + oauth_global: + # Force redirect local login to CAS. Does not function with SAML or LDAP. + oauth_redirect_at_sign_in: false + cas: + enabled: false + # url: https://sso.myserver.com + # host: sso.myserver.com + # port: 443 + # ssl: true + # validate_url: + # callback_url: + # logout_url: + # login_url: + # uid_field: 'user' + # ca_path: + # disable_ssl_verification: false + # assume_email_is_verified: true + # keys: + # uid: 'user' + # name: 'name' + # email: 'email' + # nickname: 'nickname' + # first_name: 'firstname' + # last_name: 'lastname' + # location: 'location' + # image: 'image' + # phone: 'phone' + pam: + enabled: false + # email_domain: example.com + # default_service: rpam + # controlled_service: rpam + ldap: + enabled: false + # host: myservice.namespace.svc + # port: 389 + # method: simple_tls + # base: + # bind_on: + # password: + # uid: cn + # mail: mail + # search_filter: "(|(%{uid}=%{email})(%{mail}=%{email}))" + # uid_conversion: + # enabled: true + # search: "., -" + # replace: _ + # https://github.com/tootsuite/mastodon/blob/master/Dockerfile#L88 # # if you manually change the UID/GID environment variables, ensure these values diff --git a/peertube/Chart.yaml b/peertube/Chart.yaml index c2e1c80..ad64f3c 100644 --- a/peertube/Chart.yaml +++ b/peertube/Chart.yaml @@ -11,5 +11,5 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 12.3.2 type: application -version: 0.1.12 +version: 0.1.13 appVersion: 4.2.2 diff --git a/peertube/values.yaml b/peertube/values.yaml index f350529..d871bc8 100644 --- a/peertube/values.yaml +++ b/peertube/values.yaml @@ -646,19 +646,20 @@ service: ingress: enabled: false - annotations: - #kubernetes.io/ingress.class: nginx - #kubernetes.io/tls-acme: "true" - #nginx.ingress.kubernetes.io/proxy-body-size: "0" - #nginx.ingress.kubernetes.io/proxy-read-timeout: "600" - #nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + className: "" + annotations: {} + # nginx.ingress.kubernetes.io/proxy-body-size: "0" + # nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + # nginx.ingress.kubernetes.io/proxy-send-timeout: "600" hosts: - - host: peertube.example.com - paths: ["/"] + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific tls: [] - # - secretName: peertube.example.com-tls + # - secretName: chart-example-tls # hosts: - # - peertube.example.com + # - chart-example.local persistence: # PeerTube Data (/var/www/peertube) diff --git a/playmaker/Chart.yaml b/playmaker/Chart.yaml index 2904396..3cea24d 100644 --- a/playmaker/Chart.yaml +++ b/playmaker/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.2 +version: 0.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/playmaker/values.yaml b/playmaker/values.yaml index 29cbad3..8508b6b 100644 --- a/playmaker/values.yaml +++ b/playmaker/values.yaml @@ -59,12 +59,13 @@ service: ingress: enabled: false + className: "" annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" hosts: - host: chart-example.local - paths: ["/"] + paths: + - path: / + pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: diff --git a/pypiserver/Chart.yaml b/pypiserver/Chart.yaml index 47f58a0..b7d1f9d 100644 --- a/pypiserver/Chart.yaml +++ b/pypiserver/Chart.yaml @@ -11,4 +11,4 @@ sources: - https://github.com/owkin/charts/tree/master/pypiserver - https://github.com/pypiserver/pypiserver - https://pypi.org/project/pypiserver/ -version: 2.3.0 +version: 2.4.0 diff --git a/pypiserver/templates/_helpers.tpl b/pypiserver/templates/_helpers.tpl index 28db8fc..dc83c13 100644 --- a/pypiserver/templates/_helpers.tpl +++ b/pypiserver/templates/_helpers.tpl @@ -1,16 +1,79 @@ -{{/* vim: set filetype=mustache: */}} {{/* Expand the name of the chart. */}} {{- define "pypiserver.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pypiserver.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} -{{- define "pypiserver.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- define "pypiserver.postgresql.fullname" -}} +{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Create a default fully qualified redis app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "pypiserver.redis.fullname" -}} +{{- printf "%s-%s" .Release.Name "redis" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pypiserver.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "pypiserver.labels" -}} +helm.sh/chart: {{ include "pypiserver.chart" . }} +{{ include "pypiserver.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "pypiserver.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pypiserver.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "pypiserver.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "pypiserver.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + diff --git a/pypiserver/templates/ingress.yaml b/pypiserver/templates/ingress.yaml index 22c3b36..4f62940 100644 --- a/pypiserver/templates/ingress.yaml +++ b/pypiserver/templates/ingress.yaml @@ -1,39 +1,61 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "pypiserver.fullname" . -}} -{{- $servicePort := .Values.service.port -}} -{{- $ingressPath := .Values.ingress.path -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} kind: Ingress metadata: name: {{ $fullName }} labels: - app.kubernetes.io/name: {{ template "pypiserver.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- with .Values.ingress.annotations }} + {{- include "pypiserver.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . }} - {{- end }} - secretName: {{ .secretName }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.hosts }} - - host: {{ . }} + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} http: paths: - - path: {{ $ingressPath }} + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} serviceName: {{ $fullName }} - servicePort: {{ $servicePort }} - {{- end }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/pypiserver/values.yaml b/pypiserver/values.yaml index 5ec39f8..1a4f455 100644 --- a/pypiserver/values.yaml +++ b/pypiserver/values.yaml @@ -28,15 +28,17 @@ podLabels: {} ingress: enabled: false - labels: {} + className: "" annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # path: "/pypiserver" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific tls: [] - # - secretName: pypiserver.cluster.local - # hosts: - # - pypiserver.cluster.local + # - secretName: chart-example-tls + # hosts: + # - chart-example.local service: type: ClusterIP diff --git a/roundcube/Chart.yaml b/roundcube/Chart.yaml index 6fc8461..9c080b1 100644 --- a/roundcube/Chart.yaml +++ b/roundcube/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 appVersion: "1.4.13" description: A Helm chart for Kubernetes name: roundcube -version: 0.2.8 +version: 0.2.9 icon: https://github.com/roundcube/roundcubemail/blob/master/skins/classic/images/roundcube_logo.png diff --git a/roundcube/values.yaml b/roundcube/values.yaml index 51904cc..dc5c840 100644 --- a/roundcube/values.yaml +++ b/roundcube/values.yaml @@ -15,12 +15,13 @@ service: ingress: enabled: false + className: "" annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - path: / hosts: - - chart-example.local + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: diff --git a/wikijs/Chart.yaml b/wikijs/Chart.yaml index 1c434ed..be92149 100644 --- a/wikijs/Chart.yaml +++ b/wikijs/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: wikijs # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 2.2.22 +version: 2.3.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. AppVersion: 2.5.285 diff --git a/wikijs/templates/ingress.yaml b/wikijs/templates/ingress.yaml index 0b08134..fc597f3 100644 --- a/wikijs/templates/ingress.yaml +++ b/wikijs/templates/ingress.yaml @@ -1,7 +1,14 @@ {{- if .Values.ingress.enabled -}} {{- $fullName := include "wiki.fullname" . -}} {{- $svcPort := .Values.service.port -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1beta1 {{- else -}} apiVersion: extensions/v1beta1 @@ -16,26 +23,39 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} {{- end }} -{{- end }} rules: - {{- range .Values.ingress.hosts }} + {{- range .Values.ingress.hosts }} - host: {{ .host | quote }} http: paths: - {{- range .paths }} - - path: {{ . }} + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} serviceName: {{ $fullName }} servicePort: {{ $svcPort }} - {{- end }} - {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/wikijs/values.yaml b/wikijs/values.yaml index 6241d1f..588320e 100644 --- a/wikijs/values.yaml +++ b/wikijs/values.yaml @@ -44,12 +44,13 @@ service: ingress: enabled: false + className: "" annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" hosts: - - host: wiki.local - paths: ["/"] + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific tls: [] # - secretName: chart-example-tls # hosts: