[chart] Update helm chart (#349)

2025-01-23 13:42:51 +01:00 · 2025-01-23 13:42:51 +01:00 · 2cf2341e4c
parent 043d25a08f
commit 2cf2341e4c
7 changed files with 56 additions and 41 deletions
--- a/deploy/helm/Chart.yaml
+++ b/deploy/helm/Chart.yaml
@ -2,10 +2,10 @@ apiVersion: v2
 name: wg-portal
 description: WireGuard Configuration Portal with LDAP, OAuth, OIDC authentication
 # Version is set to ensure compatibility with the chart's Ingress resource.
-kubeVersion: '>=1.19.0'
+kubeVersion: ">=1.19.0"
 type: application
 home: https://wgportal.org
-icon: https://wgportal.org/assets/images/logo.svg
+icon: https://wgportal.org/latest/assets/images/logo.svg
 sources:
  - https://github.com/h44z/wg-portal

@ -16,10 +16,10 @@ annotations:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.0
+version: 0.6.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: latest
+appVersion: "v2"
--- a/deploy/helm/README.md
+++ b/deploy/helm/README.md
@ -1,6 +1,6 @@
 # wg-portal

-![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2](https://img.shields.io/badge/AppVersion-v2-informational?style=flat-square)

 WireGuard Configuration Portal with LDAP, OAuth, OIDC authentication

@ -32,13 +32,13 @@ The [Values](#values) section lists the parameters that can be configured during
 | nameOverride | string | `""` | Partially override resource names (adds suffix) |
 | fullnameOverride | string | `""` | Fully override resource names |
 | extraDeploy | list | `[]` | Array of extra objects to deploy with the release |
-| config.advanced | tpl/object | `{}` | Advanced configuration options. |
-| config.auth | tpl/object | `{}` | Auth configuration options. |
-| config.core | tpl/object | `{}` | Core configuration options.<br> If external admins in `auth` are not defined and there are no `admin_user` and `admin_password` defined here, the default credentials will be generated. |
-| config.database | tpl/object | `{}` | Database configuration options |
-| config.mail | tpl/object | `{}` | Mail configuration options |
-| config.statistics | tpl/object | `{}` | Statistics configuration options |
-| config.web | tpl/object | `{}` | Web configuration options.<br> `listening_address` will be set automatically from `service.web.port`. `external_url` is required to enable ingress and certificate resources. |
+| config.advanced | tpl/object | `{}` | [Advanced configuration](https://wgportal.org/latest/documentation/configuration/overview/#advanced) options. |
+| config.auth | tpl/object | `{}` | [Auth configuration](https://wgportal.org/latest/documentation/configuration/overview/#auth) options. |
+| config.core | tpl/object | `{}` | [Core configuration](https://wgportal.org/latest/documentation/configuration/overview/#core) options.<br> If external admins in `auth` are not defined and there are no `admin_user` and `admin_password` defined here, the default credentials will be generated. |
+| config.database | tpl/object | `{}` | [Database configuration](https://wgportal.org/latest/documentation/configuration/overview/#database) options |
+| config.mail | tpl/object | `{}` | [Mail configuration](https://wgportal.org/latest/documentation/configuration/overview/#mail) options |
+| config.statistics | tpl/object | `{}` | [Statistics configuration](https://wgportal.org/latest/documentation/configuration/overview/#statistics) options |
+| config.web | tpl/object | `{}` | [Web configuration](https://wgportal.org/latest/documentation/configuration/overview/#web) options.<br> `listening_address` will be set automatically from `service.web.port`. `external_url` is required to enable ingress and certificate resources. |
 | revisionHistoryLimit | string | `10` | The number of old ReplicaSets to retain to allow rollback. |
 | workloadType | string | `"Deployment"` | Workload type - `Deployment` or `StatefulSet` |
 | strategy | object | `{"type":"RollingUpdate"}` | Update strategy for the workload Valid values are:  `RollingUpdate` or `Recreate` for Deployment,  `RollingUpdate` or `OnDelete` for StatefulSet |
@ -73,6 +73,7 @@ The [Values](#values) section lists the parameters that can be configured during
 | service.web.annotations | object | `{}` | Annotations for the web service |
 | service.web.type | string | `"ClusterIP"` | Web service type |
 | service.web.port | int | `8888` | Web service port Used for the web interface listener |
+| service.web.appProtocol | string | `"http"` | Web service appProtocol. Will be auto set to `https` if certificate is enabled. |
 | service.wireguard.annotations | object | `{}` | Annotations for the WireGuard service |
 | service.wireguard.type | string | `"LoadBalancer"` | Wireguard service type |
 | service.wireguard.ports | list | `[51820]` | Wireguard service ports. Exposes the WireGuard ports for created interfaces. Lowerest port is selected as start port for the first interface. Increment next port by 1 for each additional interface. |
--- a/deploy/helm/templates/_service.tpl
+++ b/deploy/helm/templates/_service.tpl
@ -51,3 +51,16 @@ spec:
  {{- end }}
  selector: {{- include "wg-portal.selectorLabels" .context | nindent 4 }}
 {{- end -}}
+
+{{/*
+Define the service port template for the web port
+*/}}
+{{- define "wg-portal.service.webPort" -}}
+name: web
+port: {{ .Values.service.web.port }}
+protocol: TCP
+targetPort: web
+{{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.Version }}
+appProtocol: {{ ternary "https" .Values.service.web.appProtocol .Values.certificate.enabled }}
+{{- end -}}
+{{- end -}}
--- a/deploy/helm/templates/service.yaml
+++ b/deploy/helm/templates/service.yaml
@ -1,4 +1,4 @@
-{{- $portsWeb := list (dict "name" "web" "port" .Values.service.web.port "protocol" "TCP" "targetPort" "web") -}}
+{{- $portsWeb := list (include "wg-portal.service.webPort" . | fromYaml) -}}
 {{- $ports := list -}}
 {{- range $idx, $port := .Values.service.wireguard.ports -}}
 {{- $name := printf "wg%d" $idx -}}
--- a/deploy/helm/values.yaml
+++ b/deploy/helm/values.yaml
@ -3,37 +3,36 @@
 # Declare variables to be passed into your templates.

 # -- Partially override resource names (adds suffix)
-nameOverride: ''
+nameOverride: ""
 # -- Fully override resource names
-fullnameOverride: ''
+fullnameOverride: ""
 # -- Array of extra objects to deploy with the release
 extraDeploy: []

-# https://github.com/h44z/wg-portal/blob/master/README.md#configuration-options
 config:
-  # -- (tpl/object) Advanced configuration options.
+  # -- (tpl/object) [Advanced configuration](https://wgportal.org/latest/documentation/configuration/overview/#advanced) options.
  advanced: {}
-  # -- (tpl/object) Auth configuration options.
+  # -- (tpl/object) [Auth configuration](https://wgportal.org/latest/documentation/configuration/overview/#auth) options.
  auth: {}
-  # -- (tpl/object) Core configuration options.<br>
+  # -- (tpl/object) [Core configuration](https://wgportal.org/latest/documentation/configuration/overview/#core) options.<br>
  # If external admins in `auth` are not defined and
  # there are no `admin_user` and `admin_password` defined here,
  # the default credentials will be generated.
  core: {}
-  # -- (tpl/object) Database configuration options
+  # -- (tpl/object) [Database configuration](https://wgportal.org/latest/documentation/configuration/overview/#database) options
  database: {}
-  # -- (tpl/object) Mail configuration options
+  # -- (tpl/object) [Mail configuration](https://wgportal.org/latest/documentation/configuration/overview/#mail) options
  mail: {}
-  # -- (tpl/object) Statistics configuration options
+  # -- (tpl/object) [Statistics configuration](https://wgportal.org/latest/documentation/configuration/overview/#statistics) options
  statistics: {}
-  # -- (tpl/object) Web configuration options.<br>
+  # -- (tpl/object) [Web configuration](https://wgportal.org/latest/documentation/configuration/overview/#web) options.<br>
  # `listening_address` will be set automatically from `service.web.port`.
  # `external_url` is required to enable ingress and certificate resources.
  web: {}

 # -- The number of old ReplicaSets to retain to allow rollback.
 # @default -- `10`
-revisionHistoryLimit: ''
+revisionHistoryLimit: ""
 # -- Workload type - `Deployment` or `StatefulSet`
 workloadType: Deployment
 # -- Update strategy for the workload
@ -49,7 +48,7 @@ image:
  # -- Image pull policy
  pullPolicy: IfNotPresent
  # -- Overrides the image tag whose default is the chart appVersion
-  tag: ''
+  tag: ""

 # -- Image pull secrets
 imagePullSecrets: []
@ -73,14 +72,14 @@ sidecarContainers: []
 # -- Set DNS policy for the pod.
 # Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`.
 # @default -- `"ClusterFirst"`
-dnsPolicy: ''
+dnsPolicy: ""
 # -- Restart policy for all containers within the pod.
 # Valid values are `Always`, `OnFailure` or `Never`.
 # @default -- `"Always"`
-restartPolicy: ''
+restartPolicy: ""
 # -- Use the host's network namespace.
 # @default -- `false`.
-hostNetwork: ''
+hostNetwork: ""
 # -- Resources requests and limits
 resources: {}
 # -- Overwrite pod command
@ -123,6 +122,8 @@ service:
    # -- Web service port
    # Used for the web interface listener
    port: 8888
+    # -- Web service appProtocol. Will be auto set to `https` if certificate is enabled.
+    appProtocol: http
  wireguard:
    # -- Annotations for the WireGuard service
    annotations: {}
@ -141,7 +142,7 @@ ingress:
  # -- Specifies whether an ingress resource should be created
  enabled: false
  # -- Ingress class name
-  className: ''
+  className: ""
  # -- Ingress annotations
  annotations: {}
  # -- Ingress TLS configuration.
@ -153,17 +154,17 @@ certificate:
  enabled: false
  issuer:
    # -- Certificate issuer name
-    name: ''
+    name: ""
    # -- Certificate issuer kind (ClusterIssuer or Issuer)
-    kind: ''
+    kind: ""
    # -- Certificate issuer group
    group: cert-manager.io
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
-  duration: ''
+  duration: ""
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
-  renewBefore: ''
+  renewBefore: ""
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
-  commonName: ''
+  commonName: ""
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
  emailAddresses: []
  # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
@ -188,7 +189,7 @@ persistence:
  annotations: {}
  # -- Persistent Volume storage class.
  # If undefined (the default) cluster's default provisioner will be used.
-  storageClass: ''
+  storageClass: ""
  # -- Persistent Volume Access Mode
  accessMode: ReadWriteOnce
  # -- Persistent Volume size
@ -203,7 +204,7 @@ serviceAccount:
  automount: false
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
-  name: ''
+  name: ""

 monitoring:
  # -- Enable Prometheus monitoring.
@ -220,15 +221,15 @@ monitoring:
  annotations: {}
  # -- Interval at which metrics should be scraped. If not specified `config.statistics.data_collection_interval` interval is used.
  # @default -- `1m`
-  interval: ''
+  interval: ""
  # -- Relabelings to samples before ingestion.
  metricRelabelings: []
  # -- Relabelings to samples before scraping.
  relabelings: []
  # -- Timeout after which the scrape is ended If not specified, the Prometheus global scrape interval is used.
-  scrapeTimeout: ''
+  scrapeTimeout: ""
  # -- The label to use to retrieve the job name from.
-  jobLabel: ''
+  jobLabel: ""
  # -- Transfers labels on the Kubernetes Pod onto the target.
  podTargetLabels: {}

@ -241,4 +242,4 @@ monitoring:
    labels: {}
    # -- Dashboard ConfigMap namespace
    # Overrides the namespace for the dashboard ConfigMap.
-    namespace: ''
+    namespace: ""
--- a/docs/documentation/getting-started/kubernetes.md
+++ b/docs/documentation/getting-started/kubernetes.md
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -63,7 +63,7 @@ nav:
      - Getting Started:
          - Binaries: documentation/getting-started/binaries.md
          - Docker: documentation/getting-started/docker.md
-          - Kubernetes: documentation/getting-started/kubernetes.md
+          - Helm: documentation/getting-started/helm.md
          - Sources: documentation/getting-started/sources.md
      - Configuration:
          - Overview: documentation/configuration/overview.md