From 36d9c5b1d24107a7c3b9f7bbe01ecfb0e193ed9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= Date: Wed, 24 Sep 2025 17:22:53 +0200 Subject: [PATCH 1/2] Use labels and annotations; update to Defguard 1.5.1 --- charts/defguard-gateway/Chart.yaml | 4 +- charts/defguard-gateway/templates/NOTES.txt | 8 ++-- .../templates/deployment.yaml | 2 +- .../templates/grpc-service.yaml | 11 +++-- .../templates/ingress-grpc.yaml | 7 ++- charts/defguard-gateway/values.yaml | 10 ++-- charts/defguard-proxy/Chart.yaml | 6 +-- charts/defguard-proxy/templates/NOTES.txt | 8 ++-- charts/defguard-proxy/templates/config.yaml | 5 +- .../defguard-proxy/templates/deployment.yaml | 4 +- .../templates/grpc-service.yaml | 11 +++-- .../templates/ingress-grpc.yaml | 7 ++- .../defguard-proxy/templates/ingress-web.yaml | 7 ++- charts/defguard-proxy/templates/service.yaml | 11 ++++- charts/defguard-proxy/values.yaml | 17 +++++-- charts/defguard/Chart.lock | 12 ++--- charts/defguard/Chart.yaml | 12 +++-- .../charts/defguard-gateway-0.2.0.tgz | Bin 3578 -> 0 bytes .../charts/defguard-gateway-0.3.0.tgz | Bin 0 -> 3627 bytes .../defguard/charts/defguard-proxy-0.6.0.tgz | Bin 3565 -> 0 bytes .../defguard/charts/defguard-proxy-0.7.0.tgz | Bin 0 -> 3630 bytes charts/defguard/templates/NOTES.txt | 8 ++-- .../defguard/templates/defguard-config.yaml | 2 +- .../defguard/templates/defguard-service.yaml | 9 +++- charts/defguard/templates/grpc-service.yaml | 11 +++-- charts/defguard/templates/ingress-grpc.yaml | 7 ++- charts/defguard/templates/ingress-web.yaml | 7 ++- charts/defguard/values.yaml | 44 +++++++++++++----- 28 files changed, 155 insertions(+), 75 deletions(-) delete mode 100644 charts/defguard/charts/defguard-gateway-0.2.0.tgz create mode 100644 charts/defguard/charts/defguard-gateway-0.3.0.tgz delete mode 100644 charts/defguard/charts/defguard-proxy-0.6.0.tgz create mode 100644 charts/defguard/charts/defguard-proxy-0.7.0.tgz diff --git a/charts/defguard-gateway/Chart.yaml b/charts/defguard-gateway/Chart.yaml index ad8d04b..fb2a3e1 100644 --- a/charts/defguard-gateway/Chart.yaml +++ b/charts/defguard-gateway/Chart.yaml @@ -3,5 +3,5 @@ name: defguard-gateway description: Defguard gateway is a public-facing VPN endpoint. type: application -version: 0.2.0 -appVersion: 1.5.0 +version: 0.3.0 +appVersion: 1.5.1 diff --git a/charts/defguard-gateway/templates/NOTES.txt b/charts/defguard-gateway/templates/NOTES.txt index 4fa784b..ab848d9 100644 --- a/charts/defguard-gateway/templates/NOTES.txt +++ b/charts/defguard-gateway/templates/NOTES.txt @@ -3,16 +3,16 @@ {{- range $host := .Values.ingress.hosts }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/ {{- end }} -{{- else if contains "NodePort" .Values.service.type }} +{{- else if contains "NodePort" .Values.service.grpc.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "defguard-gateway.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} +{{- else if contains "LoadBalancer" .Values.service.grpc.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "defguard-gateway.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "defguard-gateway.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} + echo http://$SERVICE_IP:{{ .Values.service.grpc.port }} +{{- else if contains "ClusterIP" .Values.service.grpc.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "defguard-gateway.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" diff --git a/charts/defguard-gateway/templates/deployment.yaml b/charts/defguard-gateway/templates/deployment.yaml index 517c33d..f792180 100644 --- a/charts/defguard-gateway/templates/deployment.yaml +++ b/charts/defguard-gateway/templates/deployment.yaml @@ -40,7 +40,7 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: grpc - containerPort: {{ .Values.service.ports.grpc }} + containerPort: {{ .Values.service.grpc.port }} protocol: UDP resources: {{- toYaml .Values.resources | nindent 12 }} diff --git a/charts/defguard-gateway/templates/grpc-service.yaml b/charts/defguard-gateway/templates/grpc-service.yaml index a38d975..7aa7c02 100644 --- a/charts/defguard-gateway/templates/grpc-service.yaml +++ b/charts/defguard-gateway/templates/grpc-service.yaml @@ -2,14 +2,19 @@ apiVersion: v1 kind: Service metadata: annotations: - traefik.ingress.kubernetes.io/service.serversscheme: h2c + {{- with .Values.service.grpc.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "defguard-gateway.fullname" . }}-grpc labels: {{- include "defguard-gateway.labels" . | nindent 4 }} + {{- with .Values.service.grpc.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.service.grpc.type }} ports: - - port: {{ .Values.service.ports.grpc }} + - port: {{ .Values.service.grpc.port }} targetPort: grpc protocol: UDP name: grpc diff --git a/charts/defguard-gateway/templates/ingress-grpc.yaml b/charts/defguard-gateway/templates/ingress-grpc.yaml index 02c5e5a..fa07960 100644 --- a/charts/defguard-gateway/templates/ingress-grpc.yaml +++ b/charts/defguard-gateway/templates/ingress-grpc.yaml @@ -17,6 +17,9 @@ metadata: name: {{ $fullName }}-grpc labels: {{- include "defguard-gateway.labels" . | nindent 4 }} + {{- with .Values.ingress.grpc.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.grpc.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -44,9 +47,9 @@ spec: service: name: {{ $fullName }}-grpc port: - number: {{ .Values.service.ports.grpc }} + number: {{ .Values.service.grpc.port }} {{- else }} serviceName: {{ $fullName }}-grpc - servicePort: {{ .Values.service.ports.grpc }} + servicePort: {{ .Values.service.grpc.port }} {{- end }} {{- end }} diff --git a/charts/defguard-gateway/values.yaml b/charts/defguard-gateway/values.yaml index 831f75e..ea5cd95 100644 --- a/charts/defguard-gateway/values.yaml +++ b/charts/defguard-gateway/values.yaml @@ -32,6 +32,7 @@ ingress: className: "" enabled: true host: defguard-gateway-grpc.local + labels: {} tls: false # defguard-gateway pod affinity configuration affinity: {} @@ -55,9 +56,12 @@ securityContext: {} additionalEnvFromConfigMap: "" # defguard-gateway service configuration service: - ports: - grpc: 50051 - type: ClusterIP + grpc: + annotations: + traefik.ingress.kubernetes.io/service.serversscheme: h2c + labels: {} + port: 50051 + type: ClusterIP # defguard-gateway serviceaccount configuration serviceAccount: annotations: {} diff --git a/charts/defguard-proxy/Chart.yaml b/charts/defguard-proxy/Chart.yaml index 45363d3..827b178 100644 --- a/charts/defguard-proxy/Chart.yaml +++ b/charts/defguard-proxy/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: defguard-proxy -description: Defguard proxy is a public-facing proxy for core defguard service +description: Defguard proxy is a public-facing proxy for core Defguard service type: application -version: 0.6.0 -appVersion: 1.5.0 +version: 0.7.0 +appVersion: 1.5.1 diff --git a/charts/defguard-proxy/templates/NOTES.txt b/charts/defguard-proxy/templates/NOTES.txt index d8d21a5..91920df 100644 --- a/charts/defguard-proxy/templates/NOTES.txt +++ b/charts/defguard-proxy/templates/NOTES.txt @@ -3,16 +3,16 @@ {{- range $host := .Values.ingress.hosts }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/ {{- end }} -{{- else if contains "NodePort" .Values.service.type }} +{{- else if contains "NodePort" .Values.service.web.type }} export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "defguard-proxy.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} +{{- else if contains "LoadBalancer" .Values.service.web.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "defguard-proxy.fullname" . }}' export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "defguard-proxy.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} + echo http://$SERVICE_IP:{{ .Values.service.web.port }} +{{- else if contains "ClusterIP" .Values.service.web.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "defguard-proxy.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" diff --git a/charts/defguard-proxy/templates/config.yaml b/charts/defguard-proxy/templates/config.yaml index d9bc278..51c7f21 100644 --- a/charts/defguard-proxy/templates/config.yaml +++ b/charts/defguard-proxy/templates/config.yaml @@ -5,7 +5,6 @@ metadata: labels: {{- include "defguard-proxy.labels" . | nindent 4 }} data: - DEFGUARD_PROXY_HTTP_PORT: {{ .Values.service.ports.http | quote }} - DEFGUARD_PROXY_GRPC_PORT: {{ .Values.service.ports.grpc | quote }} + DEFGUARD_PROXY_HTTP_PORT: {{ .Values.service.web.port | quote }} + DEFGUARD_PROXY_GRPC_PORT: {{ .Values.service.grpc.port | quote }} DEFGUARD_PROXY_URL: {{ .Values.publicUrl | quote }} - diff --git a/charts/defguard-proxy/templates/deployment.yaml b/charts/defguard-proxy/templates/deployment.yaml index eab6a09..baf20a0 100644 --- a/charts/defguard-proxy/templates/deployment.yaml +++ b/charts/defguard-proxy/templates/deployment.yaml @@ -42,10 +42,10 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http - containerPort: {{ .Values.service.ports.http }} + containerPort: {{ .Values.service.web.port }} protocol: TCP - name: grpc - containerPort: {{ .Values.service.ports.grpc }} + containerPort: {{ .Values.service.web.port }} protocol: TCP livenessProbe: httpGet: diff --git a/charts/defguard-proxy/templates/grpc-service.yaml b/charts/defguard-proxy/templates/grpc-service.yaml index b698b07..ad824d7 100644 --- a/charts/defguard-proxy/templates/grpc-service.yaml +++ b/charts/defguard-proxy/templates/grpc-service.yaml @@ -2,14 +2,19 @@ apiVersion: v1 kind: Service metadata: annotations: - traefik.ingress.kubernetes.io/service.serversscheme: h2c + {{- with .Values.service.grpc.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "defguard-proxy.fullname" . }}-grpc labels: {{- include "defguard-proxy.labels" . | nindent 4 }} + {{- with .Values.service.grpc.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.service.grpc.type }} ports: - - port: {{ .Values.service.ports.grpc }} + - port: {{ .Values.service.grpc.port }} targetPort: grpc protocol: TCP name: grpc diff --git a/charts/defguard-proxy/templates/ingress-grpc.yaml b/charts/defguard-proxy/templates/ingress-grpc.yaml index 30fdc66..e7dfefd 100644 --- a/charts/defguard-proxy/templates/ingress-grpc.yaml +++ b/charts/defguard-proxy/templates/ingress-grpc.yaml @@ -17,6 +17,9 @@ metadata: name: {{ $fullName }}-grpc labels: {{- include "defguard-proxy.labels" . | nindent 4 }} + {{- with .Values.ingress.grpc.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.grpc.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -44,9 +47,9 @@ spec: service: name: {{ $fullName }}-grpc port: - number: {{ .Values.service.ports.grpc }} + number: {{ .Values.service.grpc.port }} {{- else }} serviceName: {{ $fullName }}-grpc - servicePort: {{ .Values.service.ports.grpc }} + servicePort: {{ .Values.service.grpc.port }} {{- end }} {{- end }} diff --git a/charts/defguard-proxy/templates/ingress-web.yaml b/charts/defguard-proxy/templates/ingress-web.yaml index e13c124..9c146c1 100644 --- a/charts/defguard-proxy/templates/ingress-web.yaml +++ b/charts/defguard-proxy/templates/ingress-web.yaml @@ -17,6 +17,9 @@ metadata: name: {{ $fullName }}-web labels: {{- include "defguard-proxy.labels" . | nindent 4 }} + {{- with .Values.ingress.web.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.ingress.web.annotations }} annotations: {{- toYaml . | nindent 4 }} @@ -44,9 +47,9 @@ spec: service: name: {{ $fullName }}-web port: - number: {{ .Values.service.ports.http }} + number: {{ .Values.service.web.port }} {{- else }} serviceName: {{ $fullName }}-web - servicePort: {{ .Values.service.ports.http }} + servicePort: {{ .Values.service.web.port }} {{- end }} {{- end }} diff --git a/charts/defguard-proxy/templates/service.yaml b/charts/defguard-proxy/templates/service.yaml index 151f128..96a2d70 100644 --- a/charts/defguard-proxy/templates/service.yaml +++ b/charts/defguard-proxy/templates/service.yaml @@ -1,13 +1,20 @@ apiVersion: v1 kind: Service metadata: + annotations: + {{- with .Values.service.web.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} name: {{ include "defguard-proxy.fullname" . }}-web labels: {{- include "defguard-proxy.labels" . | nindent 4 }} + {{- with .Values.service.web.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.service.web.type }} ports: - - port: {{ .Values.service.ports.http }} + - port: {{ .Values.service.web.port }} targetPort: http protocol: TCP name: http diff --git a/charts/defguard-proxy/values.yaml b/charts/defguard-proxy/values.yaml index 4a38cd4..a43589f 100644 --- a/charts/defguard-proxy/values.yaml +++ b/charts/defguard-proxy/values.yaml @@ -26,12 +26,14 @@ ingress: className: "" enabled: true host: enrollment-grpc.local + labels: {} tls: false web: annotations: {} className: "" enabled: true host: enrollment.local + labels: {} tls: false # defguard-proxy pod affinity affinity: {} @@ -53,10 +55,17 @@ replicaCount: 1 resources: {} # defguard-proxy service configuration service: - ports: - http: 8080 - grpc: 50051 - type: ClusterIP + grpc: + annotations: + traefik.ingress.kubernetes.io/service.serversscheme: h2c + labels: {} + port: 50051 + type: ClusterIP + web: + annotations: {} + labels: {} + port: 8080 + type: ClusterIP # defguard-proxy service account configuration serviceAccount: annotations: {} diff --git a/charts/defguard/Chart.lock b/charts/defguard/Chart.lock index f859a42..3efdaeb 100644 --- a/charts/defguard/Chart.lock +++ b/charts/defguard/Chart.lock @@ -3,10 +3,10 @@ dependencies: repository: https://charts.bitnami.com/bitnami version: 12.12.10 - name: defguard-proxy - repository: https://defguard.github.io/deployment - version: 0.6.0 + repository: file://../defguard-proxy + version: 0.7.0 - name: defguard-gateway - repository: https://defguard.github.io/deployment - version: 0.2.0 -digest: sha256:94287139e81b04a14e90669c0b498334db487caa6c63242204af101a52e518a3 -generated: "2025-09-15T14:21:44.380602263+02:00" + repository: file://../defguard-gateway + version: 0.3.0 +digest: sha256:ac44d3ae14c8e870739546499a5c0ae10eff7520c8cace19f385a734aa3f5a99 +generated: "2025-09-24T15:37:23.3864+02:00" diff --git a/charts/defguard/Chart.yaml b/charts/defguard/Chart.yaml index a349455..e223302 100644 --- a/charts/defguard/Chart.yaml +++ b/charts/defguard/Chart.yaml @@ -1,10 +1,10 @@ apiVersion: v2 name: defguard -description: Defguard is an open-source enterprise wireGuard VPN with MFA and SSO +description: Defguard is an open-source enterprise WireGuard VPN with MFA and SSO type: application -version: 0.11.0 -appVersion: 1.5.0 +version: 0.12.0 +appVersion: 1.5.1 dependencies: - name: postgresql @@ -13,9 +13,11 @@ dependencies: repository: https://charts.bitnami.com/bitnami - name: defguard-proxy condition: defguard-proxy.enabled - version: 0.6.0 + version: 0.7.0 repository: https://defguard.github.io/deployment + # repository: "file://../defguard-proxy" - name: defguard-gateway condition: defguard-gateway.enabled - version: 0.2.0 + version: 0.3.0 repository: https://defguard.github.io/deployment + # repository: "file://../defguard-gateway" diff --git a/charts/defguard/charts/defguard-gateway-0.2.0.tgz b/charts/defguard/charts/defguard-gateway-0.2.0.tgz deleted file mode 100644 index ce69c663cf6f42c728e3535ac565487a55b8ec46..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3578 zcmVDc zVQyr3R8em|NM&qo0PH;bZ`(YQ{aJs-oRh`2y;^qOJpnzSmt>2e{gNO~dsr+M0WFPf zexXP$NhR^QzQ27zQg6$TG}#s(HvGYnDRO2wXd6~G$# z-#a{7kpIJj{TKQF8LivxdRy>SA*2eWN=S%sPbE4rr*XnCMy{=lzB6M+DFeYlO_j!2 z!9CRzk!s*X)4S?al_rUh+J^yZ&;qnfu{R=2p;urEpksSF-d3qvK3!cN!`G`X?*RR= zU)3El3H^8)iZ~&B>W3osOxIV*0_YeJ*WwmAjHHN5Xe3Dtc7B5J=Q86{%Fn zMnHIEhv5TNn)0!wZQuq`t~8R!)21(@J$t1EjLn}3f-Y9$wE)Scea5MogAZDgusIJX zZ^PdP?lVp^h$lFr92HE&J&2J;4zDRU%M(0OZ$M2%$|9g#qa2yTqRiP)nuZF72nxAf zM8SWB@(!hEMyX4bR73&n^}Q{SsnWp27#Q9mduO(pq|97RCuL9`U4ntg1 zTfr!042+EdafedU2tCtfdM>h#Y+Vae>$5hQ5elvela~44CZ;Jb)x+ z>{2iqP6Id_oeO;_(eT9skeCQXwUE;Q#*}V=S;AP5~+j14a-~PS^2p>ySs<}|tYnE!{&-?`-oC~KVQ~fAa2 zosR86Ze%SAtTwPc6QT5?f8b=DiI6ZmN;4IJQywh@Cn5qe8c|O5v_Wg$ZE0#d1R^qr zmSL!cY|J(92HC4+^9^b(7`iFSt2{4bucfx+mY0a=V}p51W-&5EW+!~HPpigCw5}C| zBIVl4z8#w{0qiWFq(mx1R9^A43Wrsy8P7F7XhYc`>pON`%chrSYypVc41#526j8%9 z!r=7$o6~u24`Y&e<=az!_ZKPRWBckik}MN&qpWDy6zr_minfqixdU&HJ{2RlY$ ztv`FrQl(LzU9JF5Lc1mHI6k_U2E(F2h1S+&vh!T_f5HFL7$=NqRK4?y>(ha+AM{gk ztn>f&`UegF?{H`5CI0& z%>@gYMesBA4)eJkAqgKNY#S91!H0#>reB${028f~+0204ZjRE-j8U_h2`XVe4|=`X zECV{9_bej!#yv8H22Q466m-r-gqK3Y`zg%haVq|WW)Kz$?47I#nttP?bo;I z5JSzZJJ#(Q_rN*Fvl;kT$dD-X&x_vq9J&I2SAr)*Pd;>JzDh9kt-knM|L;D}h?sYB zJ)jIE%0re$Xgr*{82Y&v(*Ymm^EV9|&n_Dj8u;pm=%mJtHzXPtEmb~=BExsIec6|J z#}W`ugx#s2*W1p>2(}BJEn)u`L8AX5jPMZUsx1Hjqi_P_b;o21n%o+{dW827Q=V#6 zFcQ)p)GA0gyEOjh5KC9ychFq>t4JXv9PWt@Cw8`5Cx}t?fdBc?+pX?G=-xkO6aQRp z;^6e^+u3o;K3b@opnn8j=yr3Z4xQPoGn-|S`I_0-OicS zs+$TI%+gY5s-oMet74-&->9NG-|wB>BfszW{hi=_|9wA?iB0rdH6zC9&ne%CVnaoD zB;>sb9ZT{Jj$pgal&a$Y)kgFW+*bI1HxpzDO6BY1X{o?<{@=lFGyiwgf64#F z-g>7G3E`2ojxH-Qvd^K-ICyV+ndXjcYG|o$?3Tl9CMU~SST&gI^=g_0zMD{nhj6%O zA89;DM=;335QFIo^!e4em65-IrEmj--PkTN@vg8b`imc&3Cq> zv0#S-(lm~a&RXXqiAyBqdIX(6sqUXtrvb|$-Ta)jKh{oPWm}ERWY<<^OYPQX=fsV& z37bu}*A6fDwz;M%yWMk^1BCB3(POM<=RZ5px#>J!s6-qKp68a=ahGTujfE-S;UB5c*x<$@l$dZb#;7}- z1~rdmkY$P5xS8h*H|J+_x!qP;+%@Wk4r#)% z&X*~&`Y_)myr5xLUT+llyjcd6SJzz8BRTj^_OK9(v;tVr6~Ee^Keny#|6GRh8E%5t z)qflu9X9iShr7Ek{@>4Nwfc`8@0Ri?fFe=uWPQ0J3$^~+R!D=t;{cl zzzVJZ9XRC?at-@NuyQI+PXF@h>&L5;o3De@tHI^R<5Q>8GGQ%mu`6o6GV9aTzkjf^-;Dnb_I6(6|7WzS{F5Y6y+R3`6x;taE$}?zZ=$Wh-JmlX5>*qe z>h-3>n0r+YXH0ZB`BEWb9T|&0Xi3hY!;s5KhM~ft9Q-}ilY+$hEpL(Xu3hsLd22IU zi@%bX)iA#=r&T--*THJ5d&>F>EIG?t*V8N}C@EPeGkD6f79GbmXRpoE^sDgdm&>iR zm0Q-h&2A^UOr)0Jx}}^{qqky?D~7PQ(n0mQ0=n77@NXo!!cqO5X-_c1Wox+I%P-37 z1V4hh$Aezj`jy+YWXsgj{o2{BLw40V(5cXByZo|52j=r&;k71X_})x})Z)=j6U$|# z9%unxSu9kiuTp8yJX6M7X>h)lw6FUpl^Yo6=rkD*kVv6LC|CerPcAF($|8_;d@n|> z;CSQExiYn;K(w#8aK)}KKA)a9sJ8{HwKcbZu3kLl!`e#oo{OGE!3KAnU9DZK@U)1} zS`zbii_>)zKjXB8Csm1CQ1aCZsB&1XF6t@DeF0xl#8sNdyngFh@l>j`%2CzQtsleo zt9`j2X)FAHqb$0){&-3RurB^T+S_aT|3~{T{{K&Dt?_@B;jH=n3y!Lm1V{9?DAcJZ z9P@MI>VK6ACunrrWH^!g@}F(2tHu2n%KzTcZZrRPbadE%k^i63mQ?cDJMVt_c(E0BVJO0l5ZodQmF-gdfGO8&m|8qLT zOm+F6sLmeWym3;PA+-P}L>cF&6?sLiL8p0V;>KC}Iu*FvH--TU^%Fs^VMl?l{c@6y zpp8@iwJE2vo2F9zXFq?TeC*%8clT&JwTi7aboS^-iD9B(Rm%r$!MzZaQo1`y< zfVFw9&ewCl^~h|ltq{(g@$OQTwidXSfG>lsg4oKPx^-+dTPA>6X>pTynKGERP|8rLRf!`p(kdA1$J~0C@B;hUc zs2Rqt(@Z}^Z;=OFk#TAh?Rv8wTwBzg#zT~k&YDy&kXwm8-;}g${14@Bo_Y(t!vCxP zVC4xO;M)7&-QBwXx7*)4e2M>lO53OcqiKhmfnqlNvG+tPa`pcjquf~CGn(Z;Y!+xi z{{0EEn2x!S_*^*F%Ku*T_h0*myD#zIPib3lNwh}E6=(r&-{F3O9EK@n5#?h@NO()e zsC;h=t|wIGKkZkbCde3!nHah&R?5fkKq7Ph3&408m43n_Zwok%-7m~uClW{W0V5}( z|MA9$3(lq>xSeT8f&?Wn%F*}ylflhE3yIzqWEG3wjt3A?sXTv7bW=qHK*p0v6Btp3%6sdp`^0Dc zVQyr3R8em|NM&qo0PI}<9qwbVwydm@6;fzS_ z&q>T)JXPuU`~8ExJ^R`3_nV*no!$P6!G8Z>zu({A-`{`HAMEW7c3wdL$t1X^q)HR{ zqW@@K&B6U5g(UPVN<{?^;Cja+Nm6_r`1}6Ai%^A8g?fn zqlm`(Kn{eBxN8t zsJYS@E4ZP0CQ=QYXnI}ks?sD8Qu{DM4O)PfDfT9WDf9|X0d#Cl$J;7h%g6KKA$&Ri z{07jU`c>Z{lhBXnp@q(+j&a90?n5@Bj+hk|nq z-GIn7p^S_fnlW+IH$q-PLZ;|@TX3R{f8#=f#8AXB@(3eCEma75MwJhT5{X72hJi#4 zbCF7gYyyNwwi(`1r753U*+#Arla(GF(8J^&gdIf4GQWgQ_8s)?+7G>6k(lk^s zMo`G@APW5}l-DRd(@G6dQV|8P+xNCWrb+`7Q($HvV`BQ*yb7RW zD~xbWZv~T-F)(`!h-;LRM(CL;Q*)M8WaC=uTJN<eo zwWZXyCPZY`FvCy_+30KDjj~s(`Wx0-Fmzp%S9xBgZ7Xf5JTDQ^hlVa!^m0lu9X^-p zSRv9nB_e7w z3RaC#M2*%6gX7b$&IP(Tj7j2^Z;$!)-=v5S?W^BNvdZ3#@1kMT&a>Lp%imT2Xi0EF zul&qh{Ht_~lA}gttUjaSJO8LuI74G6vz@SQ!JC~l0E3SP&HyZYK4huVC{Kp>2v0&g zJE#!i_5lm zxVy70B;iwpZL`Hg@P4VasaK{gz)b68u`ndJo2@i6ZPa1`$PMM7*IO(yqIY*a%gDWP zk4&MVlkF%9I;SGSp^&;$2$1_;3o?u=bwc2+akFrGc659>JUhR5zx~qq>`*g{$-7;H z5#0%Cu>k)Z84`v5X;FK32VDWbE5Q?@XYV@;UnLm&hN}8U|DQh3B)RM4-dPz+l!q*h z(7@cfE&4f>?SKz=cdr^Uo(vlj8v5$HnXCbU3rU-C#jXs!RQ^51w;%9YXi!Av5{cawbQ|=U-0_ zTPD*|-Gu!E_(HdvyLad;7M;Z+v(cB7M|cbQ^s|aub3=swE4aH`EPV4Pv$)P(%c3Yp z6d0M?=Gu;YrNI`kW>bqDo*iADe)#RUp}|B%n_2^d4oQ**L^B=V->cnHvu~EWn^V5g z;QJ<9qqvm@7^5Z;(ZtfuwChHBcy@a6;pFuAyv;co_`A_iw{vB+x~c+)TUiRnRa86g zRZMy3D^*nIGe6jQ>-YV>KM3CS-}Uo2$y}tey0w^tU@rMa5*sPH6CrPij4I+A9>I29 zDb>y3XK$>(NVy09UCxjtD3!01$AyB|;lKTz=Kasx{`39Mk12~q@3nV)n-Ct^J<&zQ zCiXeB5hw3;FLTwA4GpgJgWa;3jpSt!E9>%dM_vuH!8dcZs$H;G&!~czAAr*_N~CZ99nI{pK@U%2=qw5ovCOPR?58 z1BFW@<$400zo_nCRHs49G2MKfwLjKYUu9a2&1Bb>W=ieUX6wYYvQeB(rq?zv=e9Yf zs=D2C76XQFHnL}S%Fe%cpmW)IxKW8X7Ca9ot{2rcbh6Hn#lD*LtoXtGNHiOw?}WIg zVIF?{oH6n%t7$0+Zr&|Jui`G*fQqFq-{4=V(Adz%GL@KcGR3Gno(DB_GRne&ZQ9HO z#GC80IoximEbbb8LonLXKL?}163)7Btv5G>JRq6}6&=LeXpq%-r7^Cwo{re6$i+@)bXOKYwVs2miT{@e^bMtjqt|e|yl3{~hc; z$NzpvspbC+yerD10E(LtFF%e39>4}Zs2*#}HwbuE4cD3oxp8b36Kf;8Gd5rwA>459?%QYk{}H8X|0GFNuW$lK#q>YU3p|bao6}a{GAI}giK>}a^*-Bi%u$u&8514O zK39ZTC&n@cEyX!-9CAC!I8-#0lfR*QR)|=?)-M9xZ5PL`w-$dVF{^QYS9Yr)4p+fy zqkGKw3NE?ITgTH(CMhLZN;7%Pu$F=2nzh%4H2o^QdNx6;Y~_?S(ihr=E`z2exo&AE z)ze$i$0ftqG=!jfNdevLrv5jQoa3ba&Xh-N!ewc|?$wzQb%7rs-NQ*QP5r&owPMQD z%J~}X)G51cE$CEawN-wZq6K$%!P09@rtqy92&tV%J54UbN

Uy)s#>E}xCPH?^5raNTEe2SO8y+hLv|^($6}z7cK8mcw^1EEXAfhv=6vIVi#wh zj!zrX+kEBPkXuMsFPidZZJC)*CC{>5gImom)w0!gTC8WSh8QR@GF!@8kBfq1<LQ={(rB(-~9d8+qVbL{{M%R6`7oN&hvE6{HA8xc-+(ME_gG)T)E^S zJZfiC{7eL1a-rd+!uT5Hp@PM1XqmF`K`{gv9K%1uiV^d9K zH;v`?pZ)xe@~MCI&fTL9YAJec?Dn3N-552g@N9O$TaDa2s(M?e6o*|-oG#mAmgNfm z;{ii$QokE8tRuXHvs!W5YGy6i6dkpOZM;2 zki~S$g~X@gvDW^V;=g+bJJ0zaKcsBIkZ6sPE6@Vmyu-~5IgC@vBFd+bknoC3QTg5$ zT+FD-|Fw$(HABW=%EZ{ESWrHF0}`40UoZv=R_Y0lye;53b-yrunMj<_Ta28E{@W`b z&N!Qc;I^j`2@;gRC`aG(k4BdxEhKtdkYy}?Jsd$qrSkkK)jj*yiSPO2|B*fWH?NpY zd*)C6RbBI5Nyxy>G=T|asJz#{x=Fm({+L{OuYDbxXCdj-d;P!O7JMa=id4bL(XsOU xM2g=r)SgcxBt6$$ir+o|T7@FQ-Y@0~p38H2E`PG}e*pjh|NmRk)Z+kB007R%Nbvvw literal 0 HcmV?d00001 diff --git a/charts/defguard/charts/defguard-proxy-0.6.0.tgz b/charts/defguard/charts/defguard-proxy-0.6.0.tgz deleted file mode 100644 index e606991be00186ba4bbb8abf73a04933173bcb83..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3565 zcmVDc zVQyr3R8em|NM&qo0PI|Qa~nBw_uum=I<&6Nc8)_*q9kXkoGM4sIjZ%_D#`0)>*~q{ z&NNA^Kwu8Q=n-1^>?r{Aeu$Jr%h^5Q4{3-2x*H92_IU5bXm_}`Jsgh4E~&K;oFukQh$hWhTVX-}8swkJi#3x76(a zlCT8Th8@5P``_6f@6_#oXMgx?|4&i+{l53IW{<|Mbs{-NAf{88+?e+yVcG}eWWo@% z0K%BKf-MmZ%RdaivGz?3kB-b>JPszA*}!XlU;5cuWnBTR@g zym(CxpYoYRrTi zhE0B<;F?g566k`=u*T2U8BTG+*r{MNyb0iVdLs0xM1@>?01{)Ns21`jfZ05hJ{5zE z$)M(?0W_JJfy2vODGGcC8Q$j`$7(T+JfJX?s8yTHrwL={?sWiv`+Lj!bnBwt*VUR4 z&tx2${{Vz@q3wGW!1C7Cg^Vb5VmG2*&(`E~p=E-$#w@p>w5I!pq+4P3y=JPIxhtG( zmRmcc_VqTMQcm@ampxdDt-j31bNfli?oL`TbP85p>A8JktU!ehyjVo< zYbt5&!^i}gZT`_db+=R)CX#BmsPI~wKIduOfvaloTr9!{33b2z(%B@0BH`LgKOLA4 z#%x=qmZ(G`!@7lL)g9waF;lHmT5AnkNUhw;v)&Ni4&M&#M{5AEI~?vBN8<3+0ZWud zd3@TI!3;I@`v&`|n1l$+CHQB^kSO#| z^4i;5=nMEw2_6$Yf7e_3D#p;a4*GAyzxzBD;O9e0PUN3vK?T*_m>sjn>}PnHptv z+S&p&iHIhacB)Y~#)D5MpWh#!9G$g!Ap<1W8t7K0s#c$r16eCe?xFH(=ce*$?tP(( z>TI@0+xz~|ANr%fKuu$Ni9)y$i7am)=9rU7zLvyBivCo{D+;41t#-XGWS-`?)d&NKddin3e|-grmXG2xNjA6>}HMf5@& z+40^CQvV&{l=3bQ*)JNAgy}3UWSwE=+shF&_-4+EJcPX+`$!k($#hDuq1W%_8-_D; z&kA{9PnbY*4rZ^rfqx`~(J95qI3O#&@BJ4#+P1wm9L!J@OfV$IUn#Lb_$l|~ZqQST zEK)!u0;3D6F*5GW#w%Y-bm_aFt zGIA<|Y_gc-YW)^_dZyzN^sWaoGu3szUq|g`pH82*>=1%?>(6T;W3CKGq`pBqIV+X- z6fTyO>nZg9r22nSy&5gYbp2J<{#aRirAamRl3r4o3AGcOt`gVEhO|~su5Db*Y<)y! zWxMAz$_n3X9LnsUy?^aN?`!Y=1|=2?!L!)gDnVT{C+Qs7!dLTw6+XBNkEX-(odBK9 zR2qi-m@@H8tEdrRHt(8HEWa@{AfwUc8~h^?8f$uJQdtmAW*GG+H$erhoTmY@Ha%uB z)O9skA8fx>5_eI$7BFq;odMIJfw}Hl-}Mck9u{KENTh4ld){aNn)zX7K_Lat$K3@wx3 z@aV4}etCa(`1SPc(|`Z^^*=v7L>TE_7~arJRcL?E_?&w5np3<-1zfthAd0WWdacx*$57e=NygZT5Gdp^b$ELbt=UKtHU?4e?VPdbTQHM00tzc zgUiuij)duXy@{2urZ$NrqEE#t%L!Vwe)EMVA@Wz6y_jmz=%+?QR_J=bOjXUM(Z$VlkWHWS%4fsM`L3TG7uzB)opZRgmgUus(}vM!i+_$6F~bFN zw;0c34C$1HtK%#H6B1q^kLpL>RetF~^5!AEI|4{;hFvWd!8K|Dc(RzFymv&Re4*Sb z?8&;KrR^US7um$E^h*49g_Fl#0IkG-!v_A_89n2_Cn+6n+06R)hJS{~k3xTj_h!N0 zy(r$Ti)ZNfeWBkKPQEkpt1pJ{5BzGz^klfN%6DzpXSzKM^<}>Wa39cjg_Cy7mlJy^ z`T|N-68w5(T@q)Z?vqk|1|acQEp(B{qK%y`M=x4 z(eU~F_atSlocuZ*uRDsg`ThLG9jRB}1De-Hwn23MyG|LX*}p$WwxBaEByNt!O8eib z-~W%F^Z%cyyo6JtHA=2P3ve?JS99brNhpi#PdbwDg3M6)-b?swf4(h=?Jf#xj*P*K ziHXaWrF`}mkjRLpmuSx&rFz06?y70K5=#fg4>=(B#2Q0 zqa1zDKRo|>u7yPJC8Xb5`*Ls&5tYjGXH*aDUnjojPyR;^?BA?nJ{y=n*++HB2L&N> zwn<``QijTVJ>aC~^AJU^D=Hw?As(+J7H nHJ9Qy&%acmh;Z;bbO+DnxjdJDqVj(M009601LXo809pV5ZuKr{ diff --git a/charts/defguard/charts/defguard-proxy-0.7.0.tgz b/charts/defguard/charts/defguard-proxy-0.7.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..9cd061c2517d54d8bf3d4aa00649d14b8d607d03 GIT binary patch literal 3630 zcmV+}4$<)+iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI|QZyPz1pTGN4)G1zUl3TSTTXu2{yZh5{G#-sdKf&-3W#}x4(nS6= zd@!&2;C_%oV)_N8qJjr-vF(vK&OeU)U4P_7s6t6&ZL1E_)dF_4098OBP9}_o{V544 zpQSIRLP97c79AAI3mT%w$pQnYt~yU&#~1*KV@5+_IC&SD5JUfsKlHx0mi~21&HgV4 zOHe(s16X1IJG(n?>h?b#?r!Y=IZD6Z_g>WO(b%<4B*zHEbPAJe^PVJ3`+%HG7=ji+ z7!#L}CZaXcU{P)Zu1XR1ui zr?et~UQ5SnpVjSS5dlfGP$6N)8HR#S=`4}XrVk{KZLS6?jn}^b;VvsQz z)Vwr+CNnc|c#$hbf$t#0`#f;07SqTB3PXunwaI*vFm~o%2k^JQx2#XMF6w<3W#s#EQeDfcr zQsErUf}L-NZHq7#QU_q7_sA_u3+MJ(qBP2*lT{YcO6~3N?XZr1AE8ZURi@!>-*tf5KA+fdZ?;YM(mKy%k zxQH3is0PQMJ|CX>`bs~X$141{Guo};zump@&IbQIM;ZC>0ks8irTv#fW!E4R&JB>! zb5zFDEEa@ED)5%eKF}%nU)**fb0TRZgPR-MLJ~eh*fP-!f_IJ9re2x000zq~mxkn4 zy_IIBjan`NxuF~k2Fqni^yX$@8M!y^ktsBEQirUdcPt`25mNVZ0W$AqV5M;{P6oU( zo(GOU9UOi=`E>gE-PTLv6hqBmh8p^Pga1@aLWJcK{8MB|6#B<`?adAJ1^liAkBOeY z>n(j1W9S>I>Tkop`#crorkD9FWhhY|vLr(2)xd8CQG4LS&CRQtghwYe`3!Y+FDa?U zg%wa~q7&tlC^DKyTbF*g=~)57xquXRZ>3@cTe-$MCg7tW(SH#}c!+Y)o`hhhjW|k+@}=?XWxTG!OA>8tTcXgRjT$e>tpa zFBZ|dX276F;TBqGDP?LygVri$Ebz|KBbo}}K z(edGFn@2Lxajk)FWvXiRPdRk8vgF<>uXZjgpYGlls;JIpeYE|?ANoUo6d1r}Y%oy> z*CLVSaANj3ndECpY^3NBN6u=g4A|%GdEjQ-Q1S z-}ueAhX3|<$J-nH_Z(%p9K7}puVTU@8y8*5%VqRJo7wSR4^p2U;gs?&kJv97k%Z|i zFJzrx=FiI+H27xrTReol9s5WZXUTL*ub|iO5KWeoT&>?CmS;LHLGOAZ zGgDpX`*qZAVsrYuWrq;FTYp{)8FOVgBK3giEGvAonI;o2d;i{p-q+sU z4N5E)f@j&aRf4)^PSQEDg|FrVD|~Pp4o!#WI{`YIsWj2}F=gVHR#79tY~D4YSAJq> zKt-d=H~2>)G}iRcq_QBK%rNRtu7e6XIZKmFZF~LOnk>us^mi$IWyq7*Sb{wq) z8ouFs$L_}{o%qkCI3MLCc-8%n-Q8gw|Ltt_jA-2WJP=afeQk)bExJ{PS~_>Fkhst2avs?{wT`BKv!jrsap&V9gKA>WTNi5^RQ1c$ zs%QVLk`>ccyK2xba*=N>$n^`eDsTDnKJJ=`JzoyW=NiyYkD`Ae@hMKL?@YOO%q~g| zwRazQSH-=9YqSOn&vB+{oA2aP3-`&6k3FW1@L+Qq?Mt;OwYiO z(F^3L)QJ=mtPb4_`2*_uf{Tfs2QVNp9bAkCb0kd9>rJeDHI+#u5q&OJ*^Qr7Yd3G% zv1%Lcw|t$eXjZx8^$@q);FsMuD}}A>2HK^84J_?+RSfu=C)( z#_Ex|uJ;&J29Mp1#;$ZjanGR?)%$6@xHU&nxIZFis9mrvh2yqRT8Y`!{m*^31LHrG z|NPNQr~gl{|G0baPwM~2!`+>_|KA;M^1shgI&N~>Sdmm4^*d* zuU-{toitPQa!%CGc-_vt9Hn~o6ExS(%GWE=-TG>VuTVdb3e&;LlNC3VBZX%s+qYPE<#gn|f{R#*fNwf|`_g*1O=9Ms6NewXIW%LoP>7m+cwL zV*NffV5m&#y#d22!VQeoiqX26wP2GwSnIorRnB>|Gj8T>Z}VX~)4XOm zma-SmvyEZDlcl|4UOD&ymt~SzBo<2-Htdc`vo6a{Z>-mamkGm)WZgPw7s%ek^vbD+ zO8TImWh2^>dYyB)wU$xWvNeX$XA5qR7BRyGa<>@IVhrh&hO1L}0230PBaiACl~pe9 zUh?MI;#+c)Z9bz~EHZD@0`O!pLAfqwuc#%xs?aLy@w$?w?K^XBtAzNMyza0mwXzcb zU*hDU2f!=w|4#k>$D5teCjav+r6YElS$}HyZ+Lt!^lx}SF8IF_#oKkUf&Nbm{V#Fy zN}U{r*AAD*vB;_3J@lVCDCJ zMz!C6-5!ocoBRLIQr7xTUVS@W4-{$hyM0gKmaEr~;K#eXcs8;}+(ZA+sJUkU{v6qY z&bW~Hcsy3x|4#k)zs5V`HyitZj`9Ldh}I~%0xiJJJY3F^!z7_BvOnoe!gDf1<$EvS zv;FzjB)0ej)EpUu850xtZ5hgEe*uY%XnKJ*J5Z`8Jn~)u$C>+uv6r#LDZRqTnd!g1 z^5GL_*C4pu6ir+o|LWLs2!4K#THf2*b Date: Thu, 25 Sep 2025 08:51:52 +0200 Subject: [PATCH 2/2] Remove obsolete LDAP settings --- charts/defguard/templates/defguard-config.yaml | 8 -------- charts/defguard/values.yaml | 9 --------- 2 files changed, 17 deletions(-) diff --git a/charts/defguard/templates/defguard-config.yaml b/charts/defguard/templates/defguard-config.yaml index 09887e6..773c7bf 100644 --- a/charts/defguard/templates/defguard-config.yaml +++ b/charts/defguard/templates/defguard-config.yaml @@ -20,11 +20,3 @@ data: {{- end }} DEFGUARD_URL: {{ .Values.publicUrl }} DEFGUARD_WEBAUTHN_RP_ID: {{ .Values.ingress.web.host }} - {{- if .Values.ldap.enabled }} - DEFGUARD_LDAP_ADMIN_GROUP: {{ .Values.ldap.admin_group | quote }} - DEFGUARD_LDAP_BIND_PASSWORD: {{ .Values.ldap.bind_password | quote }} - DEFGUARD_LDAP_BIND_USERNAME: {{ .Values.ldap.bind_username | quote }} - DEFGUARD_LDAP_GROUP_SEARCH_BASE: {{ .Values.ldap.group_search_base | quote }} - DEFGUARD_LDAP_USER_SEARCH_BASE: {{ .Values.ldap.user_search_base | quote }} - DEFGUARD_LDAP_URL: {{ .Values.ldap.url | quote }} - {{- end }} diff --git a/charts/defguard/values.yaml b/charts/defguard/values.yaml index 1370ce2..873404b 100644 --- a/charts/defguard/values.yaml +++ b/charts/defguard/values.yaml @@ -41,15 +41,6 @@ ingress: tls: false # defguard-core existing JWT secret existingJwtSecret: "" -# defguard-core ldap config -ldap: - admin_group: "" - bind_password: "" - bind_username: "" - enabled: false - group_search_base: "" - url: "" - user_search_base: "" # defguard-core pod affinity configuration affinity: {} # defguard-core node selector cnfiguration