diff --git a/charts/ship/.helmignore b/charts/ship/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/ship/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/ship/Chart.yaml b/charts/ship/Chart.yaml index 8ccd02e..107eda7 100644 --- a/charts/ship/Chart.yaml +++ b/charts/ship/Chart.yaml @@ -29,7 +29,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.1 +version: 1.0.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/ship/templates/NOTES.txt b/charts/ship/templates/NOTES.txt new file mode 100644 index 0000000..e1d4e4a --- /dev/null +++ b/charts/ship/templates/NOTES.txt @@ -0,0 +1,24 @@ +Please wait a few seconds until the {{ .Chart.Name }} chart is fully installed. + +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "traefik-dashboard.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "traefik-dashboard.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "traefik-dashboard.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "traefik-dashboard.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/charts/traefik-dashboard/.helmignore b/charts/traefik-dashboard/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/traefik-dashboard/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/traefik-dashboard/Chart.yaml b/charts/traefik-dashboard/Chart.yaml new file mode 100644 index 0000000..30fb19a --- /dev/null +++ b/charts/traefik-dashboard/Chart.yaml @@ -0,0 +1,35 @@ +apiVersion: v2 +name: traefik-dashboard +description: A Helm chart to expose the Traefik Dashboard +home: https://github.com/glenndehaan/charts +keywords: + - kubernetes + - traefik + - dashboard +maintainers: + - email: glenn@dehaan.cloud + name: glenndehaan + url: https://glenndehaan.com +sources: + - https://github.com/glenndehaan/charts + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.0.0" diff --git a/charts/traefik-dashboard/README.md b/charts/traefik-dashboard/README.md new file mode 100644 index 0000000..172e908 --- /dev/null +++ b/charts/traefik-dashboard/README.md @@ -0,0 +1,36 @@ +# traefik-dashboard + +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) + +A Helm chart to expose the Traefik Dashboard + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| glenndehaan | | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| certManager.enabled | bool | `false` | Toggles if a cert-manager certificate should be generated | +| certManager.issuerRef | object | `{}` | Cert-manager issuer reference | +| fullnameOverride | string | `""` | String to fully override names.fullname | +| ingress.annotations | object | `{}` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | +| ingress.entryPoints[0] | string | `"websecure"` | Default entrypoint Traefik listens on | +| ingress.host | string | `"chart-example.local"` | Default host for the ingress record | +| ingress.middlewares | list | `[]` | Traefik middlewares to include | +| ingress.tls | object | `{"enabled":true,"options":{}}` | Default TLS options | +| ingress.tls.enabled | bool | `true` | Toggles the TLS | +| ingress.tls.options | object | `{}` | Optional Traefik TLS options | +| nameOverride | string | `""` | String to partially override names.fullname | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/traefik-dashboard/templates/NOTES.txt b/charts/traefik-dashboard/templates/NOTES.txt new file mode 100644 index 0000000..e680285 --- /dev/null +++ b/charts/traefik-dashboard/templates/NOTES.txt @@ -0,0 +1,4 @@ +Please wait a few seconds until the {{ .Chart.Name }} chart is fully installed. +After installation is complete, you can view the Treafik dashboard here: + +{{ .Values.ingress.host }} diff --git a/charts/traefik-dashboard/templates/_helpers.tpl b/charts/traefik-dashboard/templates/_helpers.tpl new file mode 100644 index 0000000..cfec236 --- /dev/null +++ b/charts/traefik-dashboard/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "traefik-dashboard.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "traefik-dashboard.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "traefik-dashboard.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "traefik-dashboard.labels" -}} +helm.sh/chart: {{ include "traefik-dashboard.chart" . }} +{{ include "traefik-dashboard.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "traefik-dashboard.selectorLabels" -}} +app.kubernetes.io/name: {{ include "traefik-dashboard.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "traefik-dashboard.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "traefik-dashboard.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/traefik-dashboard/templates/certificate.yaml b/charts/traefik-dashboard/templates/certificate.yaml new file mode 100644 index 0000000..bdc8d63 --- /dev/null +++ b/charts/traefik-dashboard/templates/certificate.yaml @@ -0,0 +1,16 @@ +{{- if .Values.certManager.enabled }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ include "traefik-dashboard.fullname" . }} + labels: + {{- include "traefik-dashboard.labels" . | nindent 4 }} +spec: + secretName: {{ include "traefik-dashboard.fullname" . }}-tls + {{- with .Values.certManager.issuerRef }} + issuerRef: + {{- toYaml . | nindent 4 }} + {{- end }} + dnsNames: + - "{{ .Values.ingress.host }}" +{{- end }} diff --git a/charts/traefik-dashboard/templates/ingress.yaml b/charts/traefik-dashboard/templates/ingress.yaml new file mode 100644 index 0000000..7f022f5 --- /dev/null +++ b/charts/traefik-dashboard/templates/ingress.yaml @@ -0,0 +1,37 @@ +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "traefik-dashboard.fullname" . }} + labels: + {{- include "traefik-dashboard.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.tls.enabled }} + tls: + secretName: {{ include "traefik-dashboard.fullname" . }}-tls + {{- with .Values.ingress.tls.options }} + options: + {{- toYaml . | nindent 6 }} + {{- end }} + domains: + - main: {{ .Values.ingress.host }} + {{- end }} + {{- with .Values.ingress.entryPoints }} + entryPoints: + {{- toYaml . | nindent 4 }} + {{- end }} + routes: + - match: 'Host(`{{ .Values.ingress.host }}`)' + kind: Rule + {{- if .Values.ingress.middlewares }} + middlewares: + {{- range .Values.ingress.middlewares }} + - name: {{ .name | quote }} + {{- end }} + {{- end }} + services: + - name: api@internal + kind: TraefikService diff --git a/charts/traefik-dashboard/values.yaml b/charts/traefik-dashboard/values.yaml new file mode 100644 index 0000000..1dfdd77 --- /dev/null +++ b/charts/traefik-dashboard/values.yaml @@ -0,0 +1,36 @@ +# Default values for traefik-dashboard. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- String to partially override names.fullname +nameOverride: "" +# -- String to fully override names.fullname +fullnameOverride: "" + +ingress: + entryPoints: + # -- Default entrypoint Traefik listens on + - websecure + # -- Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # -- Default host for the ingress record + host: chart-example.local + # -- Traefik middlewares to include + middlewares: [] + # - name: ip-whitelist + # -- Default TLS options + tls: + # -- Toggles the TLS + enabled: true + # -- Optional Traefik TLS options + options: {} + +certManager: + # -- Toggles if a cert-manager certificate should be generated + enabled: false + # -- Cert-manager issuer reference + issuerRef: {} + # name: acme-issuer + # kind: ClusterIssuer diff --git a/charts/traefik-helpers/.helmignore b/charts/traefik-helpers/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/charts/traefik-helpers/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/traefik-helpers/Chart.yaml b/charts/traefik-helpers/Chart.yaml new file mode 100644 index 0000000..580bc7a --- /dev/null +++ b/charts/traefik-helpers/Chart.yaml @@ -0,0 +1,37 @@ +apiVersion: v2 +name: traefik-helpers +description: A Helm chart with useful Traefik middlewares, helpers and default configuration +home: https://github.com/glenndehaan/charts +keywords: + - kubernetes + - traefik + - middlewares + - helpers + - config +maintainers: + - email: glenn@dehaan.cloud + name: glenndehaan + url: https://glenndehaan.com +sources: + - https://github.com/glenndehaan/charts + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.0.0" diff --git a/charts/traefik-helpers/README.md b/charts/traefik-helpers/README.md new file mode 100644 index 0000000..dfe832a --- /dev/null +++ b/charts/traefik-helpers/README.md @@ -0,0 +1,38 @@ +# traefik-helpers + +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square) + +A Helm chart with useful Traefik middlewares, helpers and default configuration + +**Homepage:** + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| glenndehaan | | | + +## Source Code + +* + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| fullnameOverride | string | `""` | String to fully override names.fullname | +| ingress.httpRedirects | object | `{"enabled":true}` | Redirects all http traffic to https without www | +| ingress.httpsRedirects | object | `{"enabled":true}` | Redirects all https traffic but strips the www if present | +| middlewares.compress.enabled | bool | `true` | Toggles the middleware | +| middlewares.compress.options | object | `{}` | Treafik compress middleware options, reference: https://doc.traefik.io/traefik/middlewares/http/compress/ | +| middlewares.ipWhitelist.enabled | bool | `true` | Toggles the middleware | +| middlewares.ipWhitelist.options | object | `{}` | Treafik compress middleware options, reference: https://doc.traefik.io/traefik/middlewares/http/ipwhitelist/ | +| middlewares.rateLimit.enabled | bool | `true` | Toggles the middleware | +| middlewares.rateLimit.options | object | `{"average":100,"burst":50}` | Treafik compress middleware options, reference: https://doc.traefik.io/traefik/middlewares/http/ratelimit/ | +| middlewares.secureHeaders.enabled | bool | `true` | Toggles the middleware | +| nameOverride | string | `""` | String to partially override names.fullname | +| serviceMonitor.enabled | bool | `true` | Toggles the service monitor | +| tlsOption.enabled | bool | `true` | Toggles the TLS option | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/charts/traefik-helpers/templates/NOTES.txt b/charts/traefik-helpers/templates/NOTES.txt new file mode 100644 index 0000000..dbb4d3f --- /dev/null +++ b/charts/traefik-helpers/templates/NOTES.txt @@ -0,0 +1,2 @@ +Please wait a few seconds until the {{ .Chart.Name }} chart is fully installed. +After installation is complete, you can use the installed middlewares and configs within Traefik. diff --git a/charts/traefik-helpers/templates/_helpers.tpl b/charts/traefik-helpers/templates/_helpers.tpl new file mode 100644 index 0000000..498cbc6 --- /dev/null +++ b/charts/traefik-helpers/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "traefik-helpers.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "traefik-helpers.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "traefik-helpers.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "traefik-helpers.labels" -}} +helm.sh/chart: {{ include "traefik-helpers.chart" . }} +{{ include "traefik-helpers.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "traefik-helpers.selectorLabels" -}} +app.kubernetes.io/name: {{ include "traefik-helpers.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "traefik-helpers.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "traefik-helpers.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/traefik-helpers/templates/ingress-http-redirects.yaml b/charts/traefik-helpers/templates/ingress-http-redirects.yaml new file mode 100644 index 0000000..cf9797e --- /dev/null +++ b/charts/traefik-helpers/templates/ingress-http-redirects.yaml @@ -0,0 +1,19 @@ +{{- if .Values.ingress.httpRedirects.enabled }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "traefik-helpers.fullname" . }}-http-redirects + labels: + {{- include "traefik-helpers.labels" . | nindent 4 }} +spec: + entryPoints: + - web + routes: + - match: 'hostregexp(`{host:(www\.)?.+}`)' + kind: Rule + middlewares: + - name: {{ include "traefik-helpers.fullname" . }}-redirect-to-non-www-https + services: + - name: noop@internal + kind: TraefikService +{{- end }} diff --git a/charts/traefik-helpers/templates/ingress-https-redirects.yaml b/charts/traefik-helpers/templates/ingress-https-redirects.yaml new file mode 100644 index 0000000..fd573c8 --- /dev/null +++ b/charts/traefik-helpers/templates/ingress-https-redirects.yaml @@ -0,0 +1,19 @@ +{{- if .Values.ingress.httpsRedirects.enabled }} +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: {{ include "traefik-helpers.fullname" . }}-https-redirects + labels: + {{- include "traefik-helpers.labels" . | nindent 4 }} +spec: + entryPoints: + - websecure + routes: + - match: 'hostregexp(`{host:(www\.).+}`)' + kind: Rule + middlewares: + - name: {{ include "traefik-helpers.fullname" . }}-redirect-to-non-www-https + services: + - name: noop@internal + kind: TraefikService +{{- end }} diff --git a/charts/traefik-helpers/templates/middleware-compress.yaml b/charts/traefik-helpers/templates/middleware-compress.yaml new file mode 100644 index 0000000..3966f0c --- /dev/null +++ b/charts/traefik-helpers/templates/middleware-compress.yaml @@ -0,0 +1,17 @@ +{{- if .Values.middlewares.compress.enabled }} +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ include "traefik-helpers.fullname" . }}-compress + labels: + {{- include "traefik-helpers.labels" . | nindent 4 }} +spec: + {{- if not .Values.middlewares.compress.options }} + compress: {} + {{- else }} + {{- with .Values.middlewares.compress.options }} + compress: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/traefik-helpers/templates/middleware-ip-whitelist.yaml b/charts/traefik-helpers/templates/middleware-ip-whitelist.yaml new file mode 100644 index 0000000..7fa90a5 --- /dev/null +++ b/charts/traefik-helpers/templates/middleware-ip-whitelist.yaml @@ -0,0 +1,17 @@ +{{- if .Values.middlewares.ipWhitelist.enabled }} +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ include "traefik-helpers.fullname" . }}-ip-whitelist + labels: + {{- include "traefik-helpers.labels" . | nindent 4 }} +spec: + {{- if not .Values.middlewares.ipWhitelist.options }} + ipWhiteList: {} + {{- else }} + {{- with .Values.middlewares.ipWhitelist.options }} + ipWhiteList: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/traefik-helpers/templates/middleware-rate-limit.yaml b/charts/traefik-helpers/templates/middleware-rate-limit.yaml new file mode 100644 index 0000000..203cdcf --- /dev/null +++ b/charts/traefik-helpers/templates/middleware-rate-limit.yaml @@ -0,0 +1,13 @@ +{{- if .Values.middlewares.rateLimit.enabled }} +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ include "traefik-helpers.fullname" . }}-rate-limit + labels: + {{- include "traefik-helpers.labels" . | nindent 4 }} +spec: + {{- with .Values.middlewares.rateLimit.options }} + rateLimit: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/traefik-helpers/templates/middleware-redirect-to-non-www-https.yaml b/charts/traefik-helpers/templates/middleware-redirect-to-non-www-https.yaml new file mode 100644 index 0000000..7eed065 --- /dev/null +++ b/charts/traefik-helpers/templates/middleware-redirect-to-non-www-https.yaml @@ -0,0 +1,13 @@ +{{- if or .Values.ingress.httpRedirects.enabled .Values.ingress.httpsRedirects.enabled }} +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ include "traefik-helpers.fullname" . }}-redirect-to-non-www-https + labels: + {{- include "traefik-helpers.labels" . | nindent 4 }} +spec: + redirectRegex: + regex: ^https?://(?:www\.)?(.+) + replacement: https://${1} + permanent: true +{{- end }} diff --git a/charts/traefik-helpers/templates/middleware-secure-headers.yaml b/charts/traefik-helpers/templates/middleware-secure-headers.yaml new file mode 100644 index 0000000..9dea760 --- /dev/null +++ b/charts/traefik-helpers/templates/middleware-secure-headers.yaml @@ -0,0 +1,19 @@ +{{- if .Values.middlewares.secureHeaders.enabled }} +apiVersion: traefik.containo.us/v1alpha1 +kind: Middleware +metadata: + name: {{ include "traefik-helpers.fullname" . }}-secure-headers + labels: + {{- include "traefik-helpers.labels" . | nindent 4 }} +spec: + headers: + sslRedirect: true + customFrameOptionsValue: SAMEORIGIN + stsIncludeSubdomains: true + stsPreload: true + stsSeconds: 63072000 + contentTypeNosniff: true + addVaryHeader: true + browserXssFilter: true + referrerPolicy: same-origin +{{- end }} diff --git a/charts/traefik-helpers/templates/servicemonitor.yaml b/charts/traefik-helpers/templates/servicemonitor.yaml new file mode 100644 index 0000000..f80f9f9 --- /dev/null +++ b/charts/traefik-helpers/templates/servicemonitor.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "traefik-helpers.fullname" . }} + labels: + {{- include "traefik-helpers.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + app.kubernetes.io/instance: traefik + app.kubernetes.io/name: traefik + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + endpoints: + - port: metrics +{{- end }} diff --git a/charts/traefik-helpers/templates/tls-option.yaml b/charts/traefik-helpers/templates/tls-option.yaml new file mode 100644 index 0000000..a5a2248 --- /dev/null +++ b/charts/traefik-helpers/templates/tls-option.yaml @@ -0,0 +1,11 @@ +{{- if .Values.tlsOption.enabled }} +apiVersion: traefik.containo.us/v1alpha1 +kind: TLSOption +metadata: + name: {{ include "traefik-helpers.fullname" . }}-tls13 + labels: + {{- include "traefik-helpers.labels" . | nindent 4 }} +spec: + minVersion: VersionTLS13 + sniStrict: true +{{- end }} diff --git a/charts/traefik-helpers/values.yaml b/charts/traefik-helpers/values.yaml new file mode 100644 index 0000000..fc330bc --- /dev/null +++ b/charts/traefik-helpers/values.yaml @@ -0,0 +1,46 @@ +# Default values for traefik-helpers. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# -- String to partially override names.fullname +nameOverride: "" +# -- String to fully override names.fullname +fullnameOverride: "" + +ingress: + # -- Redirects all http traffic to https without www + httpRedirects: + enabled: true + # -- Redirects all https traffic but strips the www if present + httpsRedirects: + enabled: true + +middlewares: + compress: + # -- Toggles the middleware + enabled: true + # -- Treafik compress middleware options, reference: https://doc.traefik.io/traefik/middlewares/http/compress/ + options: {} + ipWhitelist: + # -- Toggles the middleware + enabled: true + # -- Treafik compress middleware options, reference: https://doc.traefik.io/traefik/middlewares/http/ipwhitelist/ + options: {} + rateLimit: + # -- Toggles the middleware + enabled: true + # -- Treafik compress middleware options, reference: https://doc.traefik.io/traefik/middlewares/http/ratelimit/ + options: + average: 100 + burst: 50 + secureHeaders: + # -- Toggles the middleware + enabled: true + +serviceMonitor: + # -- Toggles the service monitor + enabled: true + +tlsOption: + # -- Toggles the TLS option + enabled: true