diff --git a/charts/defguard-gateway/Chart.yaml b/charts/defguard-gateway/Chart.yaml index ad8d04b..fb2a3e1 100644 --- a/charts/defguard-gateway/Chart.yaml +++ b/charts/defguard-gateway/Chart.yaml @@ -3,5 +3,5 @@ name: defguard-gateway description: Defguard gateway is a public-facing VPN endpoint. type: application -version: 0.2.0 -appVersion: 1.5.0 +version: 0.3.0 +appVersion: 1.5.1 diff --git a/charts/defguard-gateway/templates/NOTES.txt b/charts/defguard-gateway/templates/NOTES.txt index 4fa784b..ab848d9 100644 --- a/charts/defguard-gateway/templates/NOTES.txt +++ b/charts/defguard-gateway/templates/NOTES.txt @@ -3,16 +3,16 @@ {{- range $host := .Values.ingress.hosts }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/ {{- end }} -{{- else if contains "NodePort" .Values.service.type }} +{{- else if contains "NodePort" .Values.service.grpc.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "defguard-gateway.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} +{{- else if contains "LoadBalancer" .Values.service.grpc.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "defguard-gateway.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "defguard-gateway.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} + echo http://$SERVICE_IP:{{ .Values.service.grpc.port }} +{{- else if contains "ClusterIP" .Values.service.grpc.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "defguard-gateway.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" diff --git a/charts/defguard-gateway/templates/deployment.yaml b/charts/defguard-gateway/templates/deployment.yaml index 517c33d..f792180 100644 --- a/charts/defguard-gateway/templates/deployment.yaml +++ b/charts/defguard-gateway/templates/deployment.yaml @@ -40,7 +40,7 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: grpc - containerPort: {{ .Values.service.ports.grpc }} + containerPort: {{ .Values.service.grpc.port }} protocol: UDP resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/charts/defguard-gateway/templates/grpc-service.yaml b/charts/defguard-gateway/templates/grpc-service.yaml index a38d975..7aa7c02 100644 --- a/charts/defguard-gateway/templates/grpc-service.yaml +++ b/charts/defguard-gateway/templates/grpc-service.yaml @@ -2,14 +2,19 @@ apiVersion: v1 kind: Service metadata: annotations: - traefik.ingress.kubernetes.io/service.serversscheme: h2c + {{- with .Values.service.grpc.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "defguard-gateway.fullname" . }}-grpc labels: {{- include "defguard-gateway.labels" . | nindent 4 }} + {{- with .Values.service.grpc.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.service.grpc.type }} ports: - - port: {{ .Values.service.ports.grpc }} + - port: {{ .Values.service.grpc.port }} targetPort: grpc protocol: UDP name: grpc diff --git a/charts/defguard-gateway/templates/ingress-grpc.yaml b/charts/defguard-gateway/templates/ingress-grpc.yaml index 02c5e5a..fa07960 100644 --- a/charts/defguard-gateway/templates/ingress-grpc.yaml +++ b/charts/defguard-gateway/templates/ingress-grpc.yaml @@ -17,6 +17,9 @@ metadata: name: {{ $fullName }}-grpc labels: {{- include "defguard-gateway.labels" . | nindent 4 }} + {{- with .Values.ingress.grpc.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.grpc.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -44,9 +47,9 @@ spec: service: name: {{ $fullName }}-grpc port: - number: {{ .Values.service.ports.grpc }} + number: {{ .Values.service.grpc.port }} {{- else }} serviceName: {{ $fullName }}-grpc - servicePort: {{ .Values.service.ports.grpc }} + servicePort: {{ .Values.service.grpc.port }} {{- end }} {{- end }} diff --git a/charts/defguard-gateway/values.yaml b/charts/defguard-gateway/values.yaml index 831f75e..ea5cd95 100644 --- a/charts/defguard-gateway/values.yaml +++ b/charts/defguard-gateway/values.yaml @@ -32,6 +32,7 @@ ingress: className: "" enabled: true host: defguard-gateway-grpc.local + labels: {} tls: false # defguard-gateway pod affinity configuration affinity: {} @@ -55,9 +56,12 @@ securityContext: {} additionalEnvFromConfigMap: "" # defguard-gateway service configuration service: - ports: - grpc: 50051 - type: ClusterIP + grpc: + annotations: + traefik.ingress.kubernetes.io/service.serversscheme: h2c + labels: {} + port: 50051 + type: ClusterIP # defguard-gateway serviceaccount configuration serviceAccount: annotations: {} diff --git a/charts/defguard-proxy/Chart.yaml b/charts/defguard-proxy/Chart.yaml index 45363d3..827b178 100644 --- a/charts/defguard-proxy/Chart.yaml +++ b/charts/defguard-proxy/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: defguard-proxy -description: Defguard proxy is a public-facing proxy for core defguard service +description: Defguard proxy is a public-facing proxy for core Defguard service type: application -version: 0.6.0 -appVersion: 1.5.0 +version: 0.7.0 +appVersion: 1.5.1 diff --git a/charts/defguard-proxy/templates/NOTES.txt b/charts/defguard-proxy/templates/NOTES.txt index d8d21a5..91920df 100644 --- a/charts/defguard-proxy/templates/NOTES.txt +++ b/charts/defguard-proxy/templates/NOTES.txt @@ -3,16 +3,16 @@ {{- range $host := .Values.ingress.hosts }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/ {{- end }} -{{- else if contains "NodePort" .Values.service.type }} +{{- else if contains "NodePort" .Values.service.web.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "defguard-proxy.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} +{{- else if contains "LoadBalancer" .Values.service.web.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "defguard-proxy.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "defguard-proxy.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} + echo http://$SERVICE_IP:{{ .Values.service.web.port }} +{{- else if contains "ClusterIP" .Values.service.web.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "defguard-proxy.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" diff --git a/charts/defguard-proxy/templates/config.yaml b/charts/defguard-proxy/templates/config.yaml index d9bc278..51c7f21 100644 --- a/charts/defguard-proxy/templates/config.yaml +++ b/charts/defguard-proxy/templates/config.yaml @@ -5,7 +5,6 @@ metadata: labels: {{- include "defguard-proxy.labels" . | nindent 4 }} data: - DEFGUARD_PROXY_HTTP_PORT: {{ .Values.service.ports.http | quote }} - DEFGUARD_PROXY_GRPC_PORT: {{ .Values.service.ports.grpc | quote }} + DEFGUARD_PROXY_HTTP_PORT: {{ .Values.service.web.port | quote }} + DEFGUARD_PROXY_GRPC_PORT: {{ .Values.service.grpc.port | quote }} DEFGUARD_PROXY_URL: {{ .Values.publicUrl | quote }} - diff --git a/charts/defguard-proxy/templates/deployment.yaml b/charts/defguard-proxy/templates/deployment.yaml index eab6a09..baf20a0 100644 --- a/charts/defguard-proxy/templates/deployment.yaml +++ b/charts/defguard-proxy/templates/deployment.yaml @@ -42,10 +42,10 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http - containerPort: {{ .Values.service.ports.http }} + containerPort: {{ .Values.service.web.port }} protocol: TCP - name: grpc - containerPort: {{ .Values.service.ports.grpc }} + containerPort: {{ .Values.service.web.port }} protocol: TCP livenessProbe: httpGet: diff --git a/charts/defguard-proxy/templates/grpc-service.yaml b/charts/defguard-proxy/templates/grpc-service.yaml index b698b07..ad824d7 100644 --- a/charts/defguard-proxy/templates/grpc-service.yaml +++ b/charts/defguard-proxy/templates/grpc-service.yaml @@ -2,14 +2,19 @@ apiVersion: v1 kind: Service metadata: annotations: - traefik.ingress.kubernetes.io/service.serversscheme: h2c + {{- with .Values.service.grpc.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "defguard-proxy.fullname" . }}-grpc labels: {{- include "defguard-proxy.labels" . | nindent 4 }} + {{- with .Values.service.grpc.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.service.grpc.type }} ports: - - port: {{ .Values.service.ports.grpc }} + - port: {{ .Values.service.grpc.port }} targetPort: grpc protocol: TCP name: grpc diff --git a/charts/defguard-proxy/templates/ingress-grpc.yaml b/charts/defguard-proxy/templates/ingress-grpc.yaml index 30fdc66..e7dfefd 100644 --- a/charts/defguard-proxy/templates/ingress-grpc.yaml +++ b/charts/defguard-proxy/templates/ingress-grpc.yaml @@ -17,6 +17,9 @@ metadata: name: {{ $fullName }}-grpc labels: {{- include "defguard-proxy.labels" . | nindent 4 }} + {{- with .Values.ingress.grpc.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.grpc.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -44,9 +47,9 @@ spec: service: name: {{ $fullName }}-grpc port: - number: {{ .Values.service.ports.grpc }} + number: {{ .Values.service.grpc.port }} {{- else }} serviceName: {{ $fullName }}-grpc - servicePort: {{ .Values.service.ports.grpc }} + servicePort: {{ .Values.service.grpc.port }} {{- end }} {{- end }} diff --git a/charts/defguard-proxy/templates/ingress-web.yaml b/charts/defguard-proxy/templates/ingress-web.yaml index e13c124..9c146c1 100644 --- a/charts/defguard-proxy/templates/ingress-web.yaml +++ b/charts/defguard-proxy/templates/ingress-web.yaml @@ -17,6 +17,9 @@ metadata: name: {{ $fullName }}-web labels: {{- include "defguard-proxy.labels" . | nindent 4 }} + {{- with .Values.ingress.web.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.web.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -44,9 +47,9 @@ spec: service: name: {{ $fullName }}-web port: - number: {{ .Values.service.ports.http }} + number: {{ .Values.service.web.port }} {{- else }} serviceName: {{ $fullName }}-web - servicePort: {{ .Values.service.ports.http }} + servicePort: {{ .Values.service.web.port }} {{- end }} {{- end }} diff --git a/charts/defguard-proxy/templates/service.yaml b/charts/defguard-proxy/templates/service.yaml index 151f128..96a2d70 100644 --- a/charts/defguard-proxy/templates/service.yaml +++ b/charts/defguard-proxy/templates/service.yaml @@ -1,13 +1,20 @@ apiVersion: v1 kind: Service metadata: + annotations: + {{- with .Values.service.web.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "defguard-proxy.fullname" . }}-web labels: {{- include "defguard-proxy.labels" . | nindent 4 }} + {{- with .Values.service.web.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.service.web.type }} ports: - - port: {{ .Values.service.ports.http }} + - port: {{ .Values.service.web.port }} targetPort: http protocol: TCP name: http diff --git a/charts/defguard-proxy/values.yaml b/charts/defguard-proxy/values.yaml index 4a38cd4..a43589f 100644 --- a/charts/defguard-proxy/values.yaml +++ b/charts/defguard-proxy/values.yaml @@ -26,12 +26,14 @@ ingress: className: "" enabled: true host: enrollment-grpc.local + labels: {} tls: false web: annotations: {} className: "" enabled: true host: enrollment.local + labels: {} tls: false # defguard-proxy pod affinity affinity: {} @@ -53,10 +55,17 @@ replicaCount: 1 resources: {} # defguard-proxy service configuration service: - ports: - http: 8080 - grpc: 50051 - type: ClusterIP + grpc: + annotations: + traefik.ingress.kubernetes.io/service.serversscheme: h2c + labels: {} + port: 50051 + type: ClusterIP + web: + annotations: {} + labels: {} + port: 8080 + type: ClusterIP # defguard-proxy service account configuration serviceAccount: annotations: {} diff --git a/charts/defguard/Chart.lock b/charts/defguard/Chart.lock index f859a42..3efdaeb 100644 --- a/charts/defguard/Chart.lock +++ b/charts/defguard/Chart.lock @@ -3,10 +3,10 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 12.12.10 - name: defguard-proxy - repository: https://defguard.github.io/deployment - version: 0.6.0 + repository: file://../defguard-proxy + version: 0.7.0 - name: defguard-gateway - repository: https://defguard.github.io/deployment - version: 0.2.0 -digest: sha256:94287139e81b04a14e90669c0b498334db487caa6c63242204af101a52e518a3 -generated: "2025-09-15T14:21:44.380602263+02:00" + repository: file://../defguard-gateway + version: 0.3.0 +digest: sha256:ac44d3ae14c8e870739546499a5c0ae10eff7520c8cace19f385a734aa3f5a99 +generated: "2025-09-24T15:37:23.3864+02:00" diff --git a/charts/defguard/Chart.yaml b/charts/defguard/Chart.yaml index a349455..e223302 100644 --- a/charts/defguard/Chart.yaml +++ b/charts/defguard/Chart.yaml @@ -1,10 +1,10 @@ apiVersion: v2 name: defguard -description: Defguard is an open-source enterprise wireGuard VPN with MFA and SSO +description: Defguard is an open-source enterprise WireGuard VPN with MFA and SSO type: application -version: 0.11.0 -appVersion: 1.5.0 +version: 0.12.0 +appVersion: 1.5.1 dependencies: - name: postgresql @@ -13,9 +13,11 @@ dependencies: repository: https://charts.bitnami.com/bitnami - name: defguard-proxy condition: defguard-proxy.enabled - version: 0.6.0 + version: 0.7.0 repository: https://defguard.github.io/deployment + # repository: "file://../defguard-proxy" - name: defguard-gateway condition: defguard-gateway.enabled - version: 0.2.0 + version: 0.3.0 repository: https://defguard.github.io/deployment + # repository: "file://../defguard-gateway" diff --git a/charts/defguard/charts/defguard-gateway-0.2.0.tgz b/charts/defguard/charts/defguard-gateway-0.2.0.tgz deleted file mode 100644 index ce69c66..0000000 Binary files a/charts/defguard/charts/defguard-gateway-0.2.0.tgz and /dev/null differ diff --git a/charts/defguard/charts/defguard-gateway-0.3.0.tgz b/charts/defguard/charts/defguard-gateway-0.3.0.tgz new file mode 100644 index 0000000..57bc752 Binary files /dev/null and b/charts/defguard/charts/defguard-gateway-0.3.0.tgz differ diff --git a/charts/defguard/charts/defguard-proxy-0.6.0.tgz b/charts/defguard/charts/defguard-proxy-0.6.0.tgz deleted file mode 100644 index e606991..0000000 Binary files a/charts/defguard/charts/defguard-proxy-0.6.0.tgz and /dev/null differ diff --git a/charts/defguard/charts/defguard-proxy-0.7.0.tgz b/charts/defguard/charts/defguard-proxy-0.7.0.tgz new file mode 100644 index 0000000..9cd061c Binary files /dev/null and b/charts/defguard/charts/defguard-proxy-0.7.0.tgz differ diff --git a/charts/defguard/templates/NOTES.txt b/charts/defguard/templates/NOTES.txt index 4550aad..e1b445a 100644 --- a/charts/defguard/templates/NOTES.txt +++ b/charts/defguard/templates/NOTES.txt @@ -3,16 +3,16 @@ {{- range $host := .Values.ingress.hosts }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/ {{- end }} -{{- else if contains "NodePort" .Values.service.type }} +{{- else if contains "NodePort" .Values.service.web.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "defguard.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} +{{- else if contains "LoadBalancer" .Values.service.web.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "defguard.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "defguard.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} + echo http://$SERVICE_IP:{{ .Values.service.web.port }} +{{- else if contains "ClusterIP" .Values.service.web.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "defguard.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" diff --git a/charts/defguard/templates/defguard-config.yaml b/charts/defguard/templates/defguard-config.yaml index b645b48..773c7bf 100644 --- a/charts/defguard/templates/defguard-config.yaml +++ b/charts/defguard/templates/defguard-config.yaml @@ -13,18 +13,10 @@ data: DEFGUARD_DB_PORT: {{ .Values.postgresql.port | quote}} DEFGUARD_DB_NAME: {{ .Values.postgresql.auth.database }} DEFGUARD_DB_USER: {{ .Values.postgresql.auth.username }} - DEFGUARD_GRPC_PORT: {{ .Values.service.ports.grpc | quote }} + DEFGUARD_GRPC_PORT: {{ .Values.service.grpc.port | quote }} DEFGUARD_ENROLLMENT_URL: {{ index .Values "defguard-proxy" "publicUrl" }} {{- if .Values.proxyUrl }} DEFGUARD_PROXY_URL: {{ .Values.proxyUrl }} {{- end }} DEFGUARD_URL: {{ .Values.publicUrl }} DEFGUARD_WEBAUTHN_RP_ID: {{ .Values.ingress.web.host }} - {{- if .Values.ldap.enabled }} - DEFGUARD_LDAP_ADMIN_GROUP: {{ .Values.ldap.admin_group | quote }} - DEFGUARD_LDAP_BIND_PASSWORD: {{ .Values.ldap.bind_password | quote }} - DEFGUARD_LDAP_BIND_USERNAME: {{ .Values.ldap.bind_username | quote }} - DEFGUARD_LDAP_GROUP_SEARCH_BASE: {{ .Values.ldap.group_search_base | quote }} - DEFGUARD_LDAP_USER_SEARCH_BASE: {{ .Values.ldap.user_search_base | quote }} - DEFGUARD_LDAP_URL: {{ .Values.ldap.url | quote }} - {{- end }} diff --git a/charts/defguard/templates/defguard-service.yaml b/charts/defguard/templates/defguard-service.yaml index fa6f8cf..32881ec 100644 --- a/charts/defguard/templates/defguard-service.yaml +++ b/charts/defguard/templates/defguard-service.yaml @@ -1,13 +1,20 @@ apiVersion: v1 kind: Service metadata: + annotations: + {{- with .Values.service.web.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "defguard.fullname" . }}-web labels: {{- include "defguard.labels" . | nindent 4 }} + {{- with .Values.service.web.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.ports.http }} + - port: {{ .Values.service.web.port }} targetPort: http protocol: TCP name: http diff --git a/charts/defguard/templates/grpc-service.yaml b/charts/defguard/templates/grpc-service.yaml index edfef6c..b3af311 100644 --- a/charts/defguard/templates/grpc-service.yaml +++ b/charts/defguard/templates/grpc-service.yaml @@ -2,14 +2,19 @@ apiVersion: v1 kind: Service metadata: annotations: - traefik.ingress.kubernetes.io/service.serversscheme: h2c + {{- with .Values.service.grpc.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "defguard.fullname" . }}-grpc labels: {{- include "defguard.labels" . | nindent 4 }} + {{- with .Values.service.grpc.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.service.grpc.type }} ports: - - port: {{ .Values.service.ports.grpc }} + - port: {{ .Values.service.grpc.port }} targetPort: grpc protocol: TCP name: grpc diff --git a/charts/defguard/templates/ingress-grpc.yaml b/charts/defguard/templates/ingress-grpc.yaml index 189ce8e..430cc20 100644 --- a/charts/defguard/templates/ingress-grpc.yaml +++ b/charts/defguard/templates/ingress-grpc.yaml @@ -17,6 +17,9 @@ metadata: name: {{ $fullName }}-grpc labels: {{- include "defguard.labels" . | nindent 4 }} + {{- with .Values.ingress.grpc.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.grpc.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -44,9 +47,9 @@ spec: service: name: {{ $fullName }}-grpc port: - number: {{ .Values.service.ports.grpc }} + number: {{ .Values.service.grpc.port }} {{- else }} serviceName: {{ $fullName }}-grpc - servicePort: {{ .Values.service.ports.grpc }} + servicePort: {{ .Values.service.grpc.port }} {{- end }} {{- end }} diff --git a/charts/defguard/templates/ingress-web.yaml b/charts/defguard/templates/ingress-web.yaml index c53c7c6..66c6f68 100644 --- a/charts/defguard/templates/ingress-web.yaml +++ b/charts/defguard/templates/ingress-web.yaml @@ -17,6 +17,9 @@ metadata: name: {{ $fullName }}-web labels: {{- include "defguard.labels" . | nindent 4 }} + {{- with .Values.ingress.web.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.web.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -44,9 +47,9 @@ spec: service: name: {{ $fullName }}-web port: - number: {{ .Values.service.ports.http }} + number: {{ .Values.service.web.port }} {{- else }} serviceName: {{ $fullName }}-web - servicePort: {{ .Values.service.ports.http }} + servicePort: {{ .Values.service.web.port }} {{- end }} {{- end }} diff --git a/charts/defguard/values.yaml b/charts/defguard/values.yaml index 657f4af..873404b 100644 --- a/charts/defguard/values.yaml +++ b/charts/defguard/values.yaml @@ -30,24 +30,17 @@ ingress: className: "" enabled: true host: defguard-grpc.local + labels: {} tls: false web: annotations: {} className: "" enabled: true host: defguard.local + labels: {} tls: false # defguard-core existing JWT secret existingJwtSecret: "" -# defguard-core ldap config -ldap: - admin_group: "" - bind_password: "" - bind_username: "" - enabled: false - group_search_base: "" - url: "" - user_search_base: "" # defguard-core pod affinity configuration affinity: {} # defguard-core node selector cnfiguration @@ -68,10 +61,17 @@ replicaCount: 1 resources: {} # defguard-core service configuration service: - ports: - grpc: 50055 - http: 80 - type: ClusterIP + grpc: + annotations: + traefik.ingress.kubernetes.io/service.serversscheme: h2c + labels: {} + port: 50055 + type: ClusterIP + web: + annotations: {} + labels: {} + port:: 80 + type: ClusterIP # defguard-core serviceaccount configuration serviceAccount: annotations: {} @@ -125,12 +125,14 @@ defguard-proxy: className: "" enabled: true host: enrollment-grpc.local + labels: {} tls: false web: annotations: {} className: "" enabled: true host: enrollment.local + labels: {} tls: false # defguard-proxy pod affinity affinity: {} @@ -152,10 +154,17 @@ defguard-proxy: resources: {} # defguard-proxy service configuration service: - ports: - http: 8080 - grpc: 50051 - type: ClusterIP + grpc: + annotations: + traefik.ingress.kubernetes.io/service.serversscheme: h2c + labels: {} + port: 50051 + type: ClusterIP + web: + annotations: {} + labels: {} + port: 8080 + type: ClusterIP # defguard-proxy service account configuration serviceAccount: annotations: {} @@ -201,6 +210,7 @@ defguard-gateway: className: "" enabled: true host: defguard-gateway-grpc.local + labels: {} tls: false # defguard-gateway pod affinity configuration affinity: {} @@ -224,9 +234,12 @@ defguard-gateway: additionalEnvFromConfigMap: "" # defguard-gateway service configuration service: - ports: - grpc: 50051 - type: ClusterIP + grpc: + annotations: + traefik.ingress.kubernetes.io/service.serversscheme: h2c + labels: {} + port: 50051 + type: ClusterIP # defguard-gateway serviceaccount configuration serviceAccount: annotations: {}