[common] Release v4.5.0 (#171)

Co-authored-by: Joseph Petersen <[email protected]> Co-authored-by: Amos <[email protected]> Co-authored-by: Steven Imle <[email protected]> Co-authored-by: Devin Buhl <[email protected]>
k8s-at-home · Jul 26, 2022 · ce4e406 · ce4e406
1 parent 8097346
commit ce4e406
Show file tree

Hide file tree

Showing 15 changed files with 205 additions and 36 deletions.
diff --git a/charts/stable/common/Chart.yaml b/charts/stable/common/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: common
 description: Function library for k8s-at-home charts
 type: library
-version: 4.4.2
+version: 4.5.0
 kubeVersion: ">=1.16.0-0"
 keywords:
   - k8s-at-home

diff --git a/charts/stable/common/README.md b/charts/stable/common/README.md
@@ -1,6 +1,6 @@
 # common
 
-![Version: 4.4.2](https://img.shields.io/badge/Version-4.4.2-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
+![Version: 4.5.0](https://img.shields.io/badge/Version-4.5.0-informational?style=flat-square) ![Type: library](https://img.shields.io/badge/Type-library-informational?style=flat-square)
 
 Function library for k8s-at-home charts
 
@@ -60,25 +60,26 @@ N/A
 | addons.codeserver.git.deployKeyBase64 | string | `""` | Base64-encoded SSH private key. When both variables are set, the raw SSH key takes precedence. |
 | addons.codeserver.git.deployKeySecret | string | `""` | Existing secret containing SSH private key The chart expects it to be present under the `id_rsa` key. |
 | addons.codeserver.image.pullPolicy | string | `"IfNotPresent"` | Specify the code-server image pull policy |
-| addons.codeserver.image.repository | string | `"codercom/code-server"` | Specify the code-server image |
-| addons.codeserver.image.tag | string | `"3.9.2"` | Specify the code-server image tag |
+| addons.codeserver.image.repository | string | `"ghcr.io/coder/code-server"` | Specify the code-server image |
+| addons.codeserver.image.tag | string | `"4.5.1"` | Specify the code-server image tag |
 | addons.codeserver.ingress.enabled | bool | `false` | Enable an ingress for the code-server add-on. |
+| addons.codeserver.ingress.ingressClassName | string | `nil` | Set the ingressClass that is used for this ingress. Requires Kubernetes >=1.19 |
 | addons.codeserver.service.enabled | bool | `true` | Enable a service for the code-server add-on. |
 | addons.codeserver.volumeMounts | list | `[]` | Specify a list of volumes that get mounted in the code-server container. At least 1 volumeMount is required! |
 | addons.codeserver.workingDir | string | `""` | Specify the working dir that will be opened when code-server starts If not given, the app will default to the mountpah of the first specified volumeMount |
 | addons.netshoot | object | See values.yaml | The common library supports adding a netshoot add-on to troubleshoot network issues within a Pod. It can be configured under this key. |
 | addons.netshoot.enabled | bool | `false` | Enable running a netshoot container in the pod |
 | addons.netshoot.env | object | `{}` | Set any environment variables for netshoot here |
-| addons.netshoot.image.pullPolicy | string | `"Always"` | Specify the netshoot image pull policy |
-| addons.netshoot.image.repository | string | `"nicolaka/netshoot"` | Specify the netshoot image |
-| addons.netshoot.image.tag | string | `"latest"` | Specify the netshoot image tag |
+| addons.netshoot.image.pullPolicy | string | `"IfNotPresent"` | Specify the netshoot image pull policy |
+| addons.netshoot.image.repository | string | `"ghcr.io/nicolaka/netshoot"` | Specify the netshoot image |
+| addons.netshoot.image.tag | string | `"v0.7"` | Specify the netshoot image tag |
 | addons.promtail | object | See values.yaml | The common library supports adding a promtail add-on to to access logs and ship them to loki. It can be configured under this key. |
 | addons.promtail.args | list | `[]` | Set promtail command line arguments |
 | addons.promtail.enabled | bool | `false` | Enable running a promtail container in the pod |
 | addons.promtail.env | object | `{}` | Set any environment variables for promtail here |
 | addons.promtail.image.pullPolicy | string | `"IfNotPresent"` | Specify the promtail image pull policy |
-| addons.promtail.image.repository | string | `"grafana/promtail"` | Specify the promtail image |
-| addons.promtail.image.tag | string | `"2.2.0"` | Specify the promtail image tag |
+| addons.promtail.image.repository | string | `"docker.io/grafana/promtail"` | Specify the promtail image |
+| addons.promtail.image.tag | string | `"2.6.1"` | Specify the promtail image tag |
 | addons.promtail.logs | list | `[]` | The paths to logs on the volume |
 | addons.promtail.loki | string | `""` | The URL to Loki |
 | addons.promtail.volumeMounts | list | `[]` | Specify a list of volumes that get mounted in the promtail container. At least 1 volumeMount is required! |
@@ -88,6 +89,10 @@ N/A
 | addons.vpn.configFileSecret | string | `nil` | Reference an existing secret that contains the VPN configuration file The chart expects it to be present under the `vpnConfigfile` key. |
 | addons.vpn.enabled | bool | `false` | Enable running a VPN in the pod to route traffic through a VPN |
 | addons.vpn.env | object | `{}` | All variables specified here will be added to the vpn sidecar container See the documentation of the VPN image for all config values |
+| addons.vpn.gluetun | object | See below | Gluetun specific configuration -- Make sure to read the [documentation](https://github.com/qdm12/gluetun/wiki) to see how to configure this addon! |
+| addons.vpn.gluetun.image.pullPolicy | string | `"IfNotPresent"` | Specify the Gluetun image pull policy |
+| addons.vpn.gluetun.image.repository | string | `"docker.io/qmcgaw/gluetun"` | Specify the Gluetun image |
+| addons.vpn.gluetun.image.tag | string | `"v3.30.0"` | Specify the Gluetun image tag |
 | addons.vpn.livenessProbe | object | `{}` | Optionally specify a livenessProbe, e.g. to check if the connection is still being protected by the VPN |
 | addons.vpn.networkPolicy.annotations | object | `{}` | Provide additional annotations which may be required. |
 | addons.vpn.networkPolicy.egress | string | `nil` | The egress configuration for your network policy, All outbound traffic from the pod will be blocked unless specified here. [[ref]](https://kubernetes.io/docs/concepts/services-networking/network-policies/) [[recipes]](https://github.com/ahmetb/kubernetes-network-policy-recipes) |
@@ -102,7 +107,7 @@ N/A
 | addons.vpn.openvpn.image.tag | string | `"latest"` | Specify the openvpn client image tag |
 | addons.vpn.scripts | object | See values.yaml | Provide custom up/down scripts that can be used by the vpn configuration. |
 | addons.vpn.securityContext | object | See values.yaml | Set the VPN container securityContext |
-| addons.vpn.type | string | `"openvpn"` | Specify the VPN type. Valid options are openvpn or wireguard |
+| addons.vpn.type | string | `"openvpn"` | Specify the VPN type. Valid options are `openvpn`, `wireguard` and `gluetun`. |
 | addons.vpn.wireguard | object | See below | WireGuard specific configuration |
 | addons.vpn.wireguard.image.pullPolicy | string | `"IfNotPresent"` | Specify the WireGuard image pull policy |
 | addons.vpn.wireguard.image.repository | string | `"ghcr.io/k8s-at-home/wireguard"` | Specify the WireGuard image |
@@ -232,6 +237,25 @@ All notable changes to this library Helm chart will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+### [4.5.0]
+
+#### Added
+
+- Support checksum/config annotations for configMaps to automate roll deployments/daemonsets/statefulsets after config changes.
+- Support Gluetun VPN client add-on. Please see [the project repository](https://github.com/qdm12/gluetun) for more information and how to configure.
+- Added support for the `envFrom` field in the VPN add-on.
+
+#### Changed
+
+- Updated and pinned `netshoot` add-on image to `v0.7`.
+- Updated `code-server` add-on image to `4.5.1`.
+- Updated `promtail` add-on image to `2.6.1`.
+
+#### Fixed
+
+- Added `ingressClassName` description under the `code-server` add-on.
+- `valueFrom` now works correctly when `env` is a list of variables.
+
 ### [4.4.2]
 
 #### Fixed
@@ -533,4 +557,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Join our [Discord](https://discord.gg/sTMX7Vh) community
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)
+Autogenerated from chart metadata using [helm-docs v0.1.1](https://github.com/k8s-at-home/helm-docs/releases/v0.1.1)
diff --git a/charts/stable/common/README_CHANGELOG.md.gotmpl b/charts/stable/common/README_CHANGELOG.md.gotmpl
@@ -10,6 +10,25 @@ All notable changes to this library Helm chart will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+### [4.5.0]
+
+#### Added
+
+- Support checksum/config annotations for configMaps to automate roll deployments/daemonsets/statefulsets after config changes.
+- Support Gluetun VPN client add-on. Please see [the project repository](https://github.com/qdm12/gluetun) for more information and how to configure.
+- Added support for the `envFrom` field in the VPN add-on.
+
+#### Changed
+
+- Updated and pinned `netshoot` add-on image to `v0.7`.
+- Updated `code-server` add-on image to `4.5.1`.
+- Updated `promtail` add-on image to `2.6.1`.
+
+#### Fixed
+
+- Added `ingressClassName` description under the `code-server` add-on.
+- `valueFrom` now works correctly when `env` is a list of variables.
+
 ### [4.4.2]
 
 #### Fixed

diff --git a/charts/stable/common/templates/_daemonset.tpl b/charts/stable/common/templates/_daemonset.tpl
@@ -21,9 +21,9 @@ spec:
       {{- include "common.labels.selectorLabels" . | nindent 6 }}
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
+      {{- with include ("common.podAnnotations") . }}
       annotations:
-        {{- toYaml . | nindent 8 }}
+        {{- . | nindent 8 }}
       {{- end }}
       labels:
         {{- include "common.labels.selectorLabels" . | nindent 8 }}

diff --git a/charts/stable/common/templates/_deployment.tpl b/charts/stable/common/templates/_deployment.tpl
@@ -39,9 +39,9 @@ spec:
       {{- include "common.labels.selectorLabels" . | nindent 6 }}
   template:
     metadata:
-      {{ if .Values.podAnnotations }}
+      {{- with include ("common.podAnnotations") . }}
       annotations:
-        {{- tpl (toYaml .Values.podAnnotations) . | nindent 8 }}
+        {{- . | nindent 8 }}
       {{- end }}
       labels:
         {{- include "common.labels.selectorLabels" . | nindent 8 }}

diff --git a/charts/stable/common/templates/_statefulset.tpl b/charts/stable/common/templates/_statefulset.tpl
@@ -34,9 +34,9 @@ spec:
   serviceName: {{ include "common.names.fullname" . }}
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
+      {{- with include ("common.podAnnotations") . }}
       annotations:
-        {{- toYaml . | nindent 8 }}
+        {{- . | nindent 8 }}
       {{- end }}
       labels:
         {{- include "common.labels.selectorLabels" . | nindent 8 }}

diff --git a/charts/stable/common/templates/addons/vpn/_vpn.tpl b/charts/stable/common/templates/addons/vpn/_vpn.tpl
@@ -12,6 +12,10 @@ It will include / inject the required templates based on the given values.
     {{- include "common.addon.wireguard" . }}
   {{- end -}}
 
+  {{- if eq "gluetun" .Values.addons.vpn.type -}}
+    {{- include "common.addon.gluetun" . }}
+  {{- end -}}
+
   {{/* Include the configmap if not empty */}}
   {{- $configmap := include "common.addon.vpn.configmap" . -}}
   {{- if $configmap -}}

diff --git a/charts/stable/common/templates/addons/vpn/gluetun/_addon.tpl b/charts/stable/common/templates/addons/vpn/gluetun/_addon.tpl
@@ -0,0 +1,11 @@
+{{/*
+Template to render gluetun addon. It will add the container to the list of additionalContainers.
+*/}}
+*/}}
+{{- define "common.addon.gluetun" -}}
+  {{/* Append the gluetun container to the additionalContainers */}}
+  {{- $container := fromYaml (include "common.addon.gluetun.container" .) -}}
+  {{- if $container -}}
+    {{- $_ := set .Values.additionalContainers "addon-gluetun" $container -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/stable/common/templates/addons/vpn/gluetun/_container.tpl b/charts/stable/common/templates/addons/vpn/gluetun/_container.tpl
@@ -0,0 +1,57 @@
+{{/*
+The gluetun sidecar container to be inserted.
+*/}}
+{{- define "common.addon.gluetun.container" -}}
+name: gluetun
+image: "{{ .Values.addons.vpn.gluetun.image.repository }}:{{ .Values.addons.vpn.gluetun.image.tag }}"
+imagePullPolicy: {{ .Values.addons.vpn.gluetun.pullPolicy }}
+{{- with .Values.addons.vpn.securityContext }}
+securityContext:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.vpn.env }}
+env:
+  {{- . | toYaml | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.vpn.envFrom }}
+envFrom:
+  {{- . | toYaml | nindent 2 }}
+{{- end }}
+{{- with .Values.addons.vpn.args }}
+args:
+  {{- . | toYaml | nindent 2 }}
+{{- end }}
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
+volumeMounts:
+{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret }}
+  - name: vpnconfig
+    mountPath: /gluetun/config.conf
+    subPath: vpnConfigfile
+{{- end }}
+{{- if .Values.addons.vpn.scripts.up }}
+  - name: vpnscript
+    mountPath: /gluetun/scripts/up.sh
+    subPath: up.sh
+{{- end }}
+{{- if .Values.addons.vpn.scripts.down }}
+  - name: vpnscript
+    mountPath: /gluetun/scripts/down.sh
+    subPath: down.sh
+{{- end }}
+{{- if .Values.persistence.shared.enabled }}
+  - mountPath: {{ .Values.persistence.shared.mountPath }}
+    name: shared
+{{- end }}
+{{- with .Values.addons.vpn.additionalVolumeMounts }}
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
+{{- with .Values.addons.vpn.livenessProbe }}
+livenessProbe:
+  {{- toYaml . | nindent 2 }}
+{{- end -}}
+{{- with .Values.addons.vpn.resources }}
+resources:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end -}}
diff --git a/charts/stable/common/templates/addons/vpn/openvpn/_container.tpl b/charts/stable/common/templates/addons/vpn/openvpn/_container.tpl
@@ -11,14 +11,15 @@ securityContext:
 {{- end }}
 {{- with .Values.addons.vpn.env }}
 env:
-{{- range $k, $v := . }}
-  - name: {{ $k }}
-    value: {{ $v | quote }}
+  {{- . | toYaml | nindent 2 }}
 {{- end }}
+{{- with .Values.addons.vpn.envFrom }}
+envFrom:
+  {{- . | toYaml | nindent 2 }}
 {{- end }}
+{{- with .Values.addons.vpn.args }}
 args:
-{{- range .Values.addons.vpn.args }}
-- {{ . | quote }}
+  {{- . | toYaml | nindent 2 }}
 {{- end }}
 {{- if or .Values.addons.vpn.openvpn.auth .Values.addons.vpn.openvpn.authSecret }}
 envFrom:

diff --git a/charts/stable/common/templates/addons/vpn/wireguard/_container.tpl b/charts/stable/common/templates/addons/vpn/wireguard/_container.tpl
@@ -11,14 +11,15 @@ securityContext:
 {{- end }}
 {{- with .Values.addons.vpn.env }}
 env:
-{{- range $k, $v := . }}
-  - name: {{ $k }}
-    value: {{ $v | quote }}
+  {{- . | toYaml | nindent 2 }}
 {{- end }}
+{{- with .Values.addons.vpn.envFrom }}
+envFrom:
+  {{- . | toYaml | nindent 2 }}
 {{- end }}
+{{- with .Values.addons.vpn.args }}
 args:
-{{- range .Values.addons.vpn.args }}
-- {{ . | quote }}
+  {{- . | toYaml | nindent 2 }}
 {{- end }}
 {{- if or .Values.addons.vpn.configFile .Values.addons.vpn.configFileSecret .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }}
 volumeMounts:

diff --git a/charts/stable/common/templates/lib/chart/_annotations.tpl b/charts/stable/common/templates/lib/chart/_annotations.tpl
@@ -8,3 +8,20 @@
     {{- end }}
   {{- end }}
 {{- end -}}
+
+{{/* Determine the Pod annotations used in the controller */}}
+{{- define "common.podAnnotations" -}}
+  {{- if .Values.podAnnotations -}}
+    {{- tpl (toYaml .Values.podAnnotations) . | nindent 0 -}}
+  {{- end -}}
+
+  {{- $configMapsFound := false -}}
+  {{- range $name, $configmap := .Values.configmap -}}
+    {{- if $configmap.enabled -}}
+      {{- $configMapsFound = true -}}
+    {{- end -}}
+  {{- end -}}
+  {{- if $configMapsFound -}}
+    {{- printf "checksum/config: %v" (include ("common.configmap") . | sha256sum) | nindent 0 -}}
+  {{- end -}}
+{{- end -}}
diff --git a/charts/stable/common/templates/lib/controller/_container.tpl b/charts/stable/common/templates/lib/controller/_container.tpl
@@ -47,7 +47,7 @@
         {{- if hasKey $value "value" }}
             {{- $value = $value.value -}}
         {{- else if hasKey $value "valueFrom" }}
-          {{- toYaml $value | nindent 6 }}
+          {{- dict "valueFrom" $value.valueFrom | toYaml | nindent 6 }}
         {{- else }}
           {{- dict "valueFrom" $value | toYaml | nindent 6 }}
         {{- end }}

diff --git a/charts/stable/common/values.yaml b/charts/stable/common/values.yaml
@@ -483,7 +483,7 @@ addons:
     # -- Enable running a VPN in the pod to route traffic through a VPN
     enabled: false
 
-    # -- Specify the VPN type. Valid options are openvpn or wireguard
+    # -- Specify the VPN type. Valid options are `openvpn`, `wireguard` and `gluetun`.
     type: openvpn
 
     # -- OpenVPN specific configuration
@@ -514,6 +514,18 @@ addons:
         # -- Specify the WireGuard image pull policy
         pullPolicy: IfNotPresent
 
+    # -- Gluetun specific configuration
+    # -- Make sure to read the [documentation](https://github.com/qdm12/gluetun/wiki) to see how to configure this addon!
+    # @default -- See below
+    gluetun:
+      image:
+        # -- Specify the Gluetun image
+        repository: docker.io/qmcgaw/gluetun
+        # -- Specify the Gluetun image tag
+        tag: v3.30.0
+        # -- Specify the Gluetun image pull policy
+        pullPolicy: IfNotPresent
+
     # -- Set the VPN container securityContext
     # @default -- See values.yaml
     securityContext:
@@ -605,9 +617,9 @@ addons:
 
     image:
       # -- Specify the code-server image
-      repository: codercom/code-server
+      repository: ghcr.io/coder/code-server
       # -- Specify the code-server image tag
-      tag: 3.9.2
+      tag: 4.5.1
       # -- Specify the code-server image pull policy
       pullPolicy: IfNotPresent
 
@@ -671,6 +683,11 @@ addons:
         # kubernetes.io/tls-acme: "true"
 
       labels: {}
+
+      # -- Set the ingressClass that is used for this ingress.
+      # Requires Kubernetes >=1.19
+      ingressClassName:  # "nginx"
+
       hosts:
         - host: code.chart-example.local
           paths:
@@ -693,9 +710,9 @@ addons:
 
     image:
       # -- Specify the promtail image
-      repository: grafana/promtail
+      repository: docker.io/grafana/promtail
       # -- Specify the promtail image tag
-      tag: 2.2.0
+      tag: 2.6.1
       # -- Specify the promtail image pull policy
       pullPolicy: IfNotPresent
 
@@ -731,11 +748,11 @@ addons:
 
     image:
       # -- Specify the netshoot image
-      repository: nicolaka/netshoot
+      repository: ghcr.io/nicolaka/netshoot
       # -- Specify the netshoot image tag
-      tag: latest
+      tag: v0.7
       # -- Specify the netshoot image pull policy
-      pullPolicy: Always
+      pullPolicy: IfNotPresent
 
     # -- Set any environment variables for netshoot here
     env: {}