From e1b6f6d974e342768aebdec00586b5527b63945d Mon Sep 17 00:00:00 2001
From: Adam <aciarcinski@teonite.com>
Date: Wed, 24 Jan 2024 15:44:46 +0100
Subject: [PATCH] New chart (#36)

---
 .../defguard-proxy/templates/grpc-service.yaml  | 17 +++++++++++++++++
 charts/defguard-proxy/templates/ingress.yaml    | 17 +++++++++++++++++
 charts/defguard-proxy/templates/service.yaml    |  4 ----
 charts/defguard/Chart.yaml                      |  8 ++++----
 charts/defguard/templates/defguard-config.yaml  | 11 +++++++++--
 charts/defguard/values.yaml                     |  6 +++++-
 6 files changed, 52 insertions(+), 11 deletions(-)
 create mode 100644 charts/defguard-proxy/templates/grpc-service.yaml

diff --git a/charts/defguard-proxy/templates/grpc-service.yaml b/charts/defguard-proxy/templates/grpc-service.yaml
new file mode 100644
index 0000000..b698b07
--- /dev/null
+++ b/charts/defguard-proxy/templates/grpc-service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    traefik.ingress.kubernetes.io/service.serversscheme: h2c
+  name: {{ include "defguard-proxy.fullname" . }}-grpc
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.ports.grpc }}
+      targetPort: grpc
+      protocol: TCP
+      name: grpc
+  selector:
+    {{- include "defguard-proxy.selectorLabels" . | nindent 4 }}
diff --git a/charts/defguard-proxy/templates/ingress.yaml b/charts/defguard-proxy/templates/ingress.yaml
index e3f213a..4e66225 100644
--- a/charts/defguard-proxy/templates/ingress.yaml
+++ b/charts/defguard-proxy/templates/ingress.yaml
@@ -53,4 +53,21 @@ spec:
               serviceName: {{ $fullName }}
               servicePort: {{ .Values.service.ports.http }}
               {{- end }}
+    - host: {{ .Values.ingress.hosts.grpc | quote }}
+      http:
+        paths:
+          - path: /
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: ImplementationSpecific
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-grpc
+                port:
+                  number: {{ .Values.service.ports.grpc }}
+              {{- else }}
+              serviceName: {{ $fullName }}-grpc
+              servicePort: {{ .Values.service.ports.grpc }}
+              {{- end }}
 {{- end }}
diff --git a/charts/defguard-proxy/templates/service.yaml b/charts/defguard-proxy/templates/service.yaml
index 01724f1..d48699e 100644
--- a/charts/defguard-proxy/templates/service.yaml
+++ b/charts/defguard-proxy/templates/service.yaml
@@ -11,9 +11,5 @@ spec:
       targetPort: http
       protocol: TCP
       name: http
-    - port: {{ .Values.service.ports.grpc }}
-      targetPort: grpc
-      protocol: TCP
-      name: grpc
   selector:
     {{- include "defguard-proxy.selectorLabels" . | nindent 4 }}
diff --git a/charts/defguard/Chart.yaml b/charts/defguard/Chart.yaml
index d12d3b0..a0087ce 100644
--- a/charts/defguard/Chart.yaml
+++ b/charts/defguard/Chart.yaml
@@ -3,14 +3,14 @@ name: defguard
 description: Defguard is an open-source identity management system
 
 type: application
-version: 0.5.0
-appVersion: 0.8.0
+version: 0.6.0
+appVersion: 0.9.0
 
 dependencies:
   - name: postgresql
-    version: 12.11.1
+    version: 12.13.2
     repository: https://charts.bitnami.com/bitnami
   - name: defguard-proxy
     condition: defguard-proxy.enabled
-    version: 0.2.0
+    version: 0.3.0
     repository: https://defguard.github.io/deployment
diff --git a/charts/defguard/templates/defguard-config.yaml b/charts/defguard/templates/defguard-config.yaml
index 7838193..f21096a 100644
--- a/charts/defguard/templates/defguard-config.yaml
+++ b/charts/defguard/templates/defguard-config.yaml
@@ -5,13 +5,20 @@ metadata:
   labels:
     {{- include "defguard.labels" . | nindent 4 }}
 data:
-  DEFGUARD_DB_HOST:  {{ include "defguard.fullname" . }}-postgresql
+  {{- if .Values.cookie.domain }}
+  DEFGUARD_COOKIE_DOMAIN: {{ .Values.cookie.domain }}
+  {{- end }}
+  DEFGUARD_COOKIE_INSECURE: {{ .Values.cookie.insecure | quote }}
+  DEFGUARD_DB_HOST: {{ include "defguard.fullname" . }}-postgresql
   DEFGUARD_DB_NAME: {{ .Values.postgresql.auth.database }}
   DEFGUARD_DB_USER: {{ .Values.postgresql.auth.username }}
   DEFGUARD_GRPC_PORT: {{ .Values.service.ports.grpc | quote }}
+  DEFGUARD_ENROLLMENT_URL: {{ index .Values "defguard-proxy" "publicUrl" }}
+  {{- if .Values.proxyUrl }}
+  DEGUARD_PROXY_URL: {{ .Values.proxyUrl }}
+  {{- end }}
   DEFGUARD_URL: {{ .Values.publicUrl }}
   DEFGUARD_WEBAUTHN_RP_ID: {{ .Values.ingress.hosts.web }}
-  DEFGUARD_ENROLLMENT_URL: {{ index .Values "defguard-proxy" "publicUrl" }}
   {{- if .Values.ldap.enabled }}
   DEFGUARD_LDAP_ADMIN_GROUP: {{ .Values.ldap.admin_group | quote }}
   DEFGUARD_LDAP_BIND_PASSWORD: {{ .Values.ldap.bind_password | quote }}
diff --git a/charts/defguard/values.yaml b/charts/defguard/values.yaml
index 3563c60..4c277ad 100644
--- a/charts/defguard/values.yaml
+++ b/charts/defguard/values.yaml
@@ -3,6 +3,9 @@ autoscaling:
   enabled: false
   minReplicas: 1
   maxReplicas: 10
+cookie:
+  domain: ""
+  insecure: false
 fullnameOverride: ""
 image:
   pullPolicy: IfNotPresent
@@ -38,6 +41,7 @@ postgresql:
     database: defguard
     existingSecret: postgres-password
     username: defguard
+proxyUrl: ""
 publicUrl: "http://defguard.local"
 replicaCount: 1
 resources: {}
@@ -54,8 +58,8 @@ tolerations: []
 # sub-chart defguard-proxy
 defguard-proxy:
   enabled: false
-  upstreamGrpcUrl: "http://defguard-grpc.local"
   publicUrl: "http://enrollment.local"
   ingress:
     hosts:
+      grpc: defguard-proxy-grpc.local
       web: enrollment.local