diff --git a/packages/apps/tenant/Chart.yaml b/packages/apps/tenant/Chart.yaml index baefc0e24..25f689949 100644 --- a/packages/apps/tenant/Chart.yaml +++ b/packages/apps/tenant/Chart.yaml @@ -4,4 +4,4 @@ description: Separated tenant namespace icon: /logos/tenant.svg type: application -version: 1.4.0 +version: 1.5.0 diff --git a/packages/apps/tenant/templates/networkpolicy.yaml b/packages/apps/tenant/templates/networkpolicy.yaml index 6521bf617..aa8ed3eab 100644 --- a/packages/apps/tenant/templates/networkpolicy.yaml +++ b/packages/apps/tenant/templates/networkpolicy.yaml @@ -159,6 +159,18 @@ spec: --- apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy +metadata: + name: allow-to-cdi-upload-proxy + namespace: {{ include "tenant.name" . }} +spec: + endpointSelector: {} + egress: + - toEndpoints: + - matchLabels: + "k8s:io.kubernetes.pod.namespace": cozy-kubevirt-cdi +--- +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy metadata: name: allow-to-ingress namespace: {{ include "tenant.name" . }} diff --git a/packages/apps/versions_map b/packages/apps/versions_map index 48e69ab43..27fbc47cd 100644 --- a/packages/apps/versions_map +++ b/packages/apps/versions_map @@ -75,7 +75,8 @@ tenant 1.1.0 4da8ac3b tenant 1.2.0 15478a88 tenant 1.3.0 ceefae03 tenant 1.3.1 c56e5769 -tenant 1.4.0 HEAD +tenant 1.4.0 94c688f7 +tenant 1.5.0 HEAD vm-disk 0.1.0 HEAD vm-instance 0.1.0 HEAD vpn 0.1.0 f642698 diff --git a/packages/extra/ingress/Chart.yaml b/packages/extra/ingress/Chart.yaml index 664a41c52..f0ff843fc 100644 --- a/packages/extra/ingress/Chart.yaml +++ b/packages/extra/ingress/Chart.yaml @@ -3,4 +3,4 @@ name: ingress description: NGINX Ingress Controller icon: /logos/ingress-nginx.svg type: application -version: 1.2.0 +version: 1.3.0 diff --git a/packages/extra/ingress/README.md b/packages/extra/ingress/README.md index 0d00844c4..73aec882a 100644 --- a/packages/extra/ingress/README.md +++ b/packages/extra/ingress/README.md @@ -11,4 +11,5 @@ | `whitelist` | List of client networks | `[]` | | `clouflareProxy` | Restoring original visitor IPs when Cloudflare proxied is enabled | `false` | | `dashboard` | Should ingress serve Cozystack service dashboard | `false` | +| `cdiUploadProxy` | Should ingress serve CDI upload proxy | `false` | diff --git a/packages/extra/ingress/templates/cdi-uploadproxy.yaml b/packages/extra/ingress/templates/cdi-uploadproxy.yaml new file mode 100644 index 000000000..e82e0d26e --- /dev/null +++ b/packages/extra/ingress/templates/cdi-uploadproxy.yaml @@ -0,0 +1,37 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} + +{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} +{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} + +{{- if .Values.cdiUploadProxy }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/backend-protocol: HTTPS + cert-manager.io/cluster-issuer: letsencrypt-prod + {{- if eq $issuerType "cloudflare" }} + {{- else }} + acme.cert-manager.io/http01-ingress-class: {{ .Release.Namespace }} + {{- end }} + name: cdi-uploadproxy-{{ .Release.Namespace }} + namespace: cozy-kubevirt-cdi +spec: + ingressClassName: {{ .Release.Namespace }} + rules: + - host: cdi-uploadproxy.{{ $host }} + http: + paths: + - backend: + service: + name: cdi-uploadproxy + port: + number: 443 + path: / + pathType: Prefix + tls: + - hosts: + - cdi-uploadproxy.{{ $host }} + secretName: cdi-uploadproxy-{{ .Release.Namespace }}-tls +{{- end }} diff --git a/packages/extra/ingress/templates/dashboard.yaml b/packages/extra/ingress/templates/dashboard.yaml index 106f2e6af..63b59e02e 100644 --- a/packages/extra/ingress/templates/dashboard.yaml +++ b/packages/extra/ingress/templates/dashboard.yaml @@ -1,36 +1,36 @@ -{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} -{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} -{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} -{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} +{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} +{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} -{{- if .Values.dashboard }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod +{{- if .Values.dashboard }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod {{- if eq $issuerType "cloudflare" }} - {{- else }} - acme.cert-manager.io/http01-ingress-class: {{ .Release.Namespace }} - {{- end }} - name: dashboard-{{ .Release.Namespace }} - namespace: cozy-dashboard -spec: - ingressClassName: {{ .Release.Namespace }} - rules: - - host: dashboard.{{ $host }} - http: - paths: - - backend: - service: - name: dashboard - port: - number: 80 - path: / - pathType: Prefix - tls: - - hosts: - - dashboard.{{ $host }} - secretName: dashboard-{{ .Release.Namespace }}-tls + {{- else }} + acme.cert-manager.io/http01-ingress-class: {{ .Release.Namespace }} + {{- end }} + name: dashboard-{{ .Release.Namespace }} + namespace: cozy-dashboard +spec: + ingressClassName: {{ .Release.Namespace }} + rules: + - host: dashboard.{{ $host }} + http: + paths: + - backend: + service: + name: dashboard + port: + number: 80 + path: / + pathType: Prefix + tls: + - hosts: + - dashboard.{{ $host }} + secretName: dashboard-{{ .Release.Namespace }}-tls {{- end }} diff --git a/packages/extra/ingress/values.schema.json b/packages/extra/ingress/values.schema.json index e669d70e7..7fcefe688 100644 --- a/packages/extra/ingress/values.schema.json +++ b/packages/extra/ingress/values.schema.json @@ -30,6 +30,11 @@ "type": "boolean", "description": "Should ingress serve Cozystack service dashboard", "default": false + }, + "cdiUploadProxy": { + "type": "boolean", + "description": "Should ingress serve CDI upload proxy", + "default": false } } } \ No newline at end of file diff --git a/packages/extra/ingress/values.yaml b/packages/extra/ingress/values.yaml index b05d6bb56..947808ae2 100644 --- a/packages/extra/ingress/values.yaml +++ b/packages/extra/ingress/values.yaml @@ -27,3 +27,6 @@ clouflareProxy: false ## @param dashboard Should ingress serve Cozystack service dashboard dashboard: false + +## @param cdiUploadProxy Should ingress serve CDI upload proxy +cdiUploadProxy: false diff --git a/packages/extra/monitoring/templates/alerta/alerta.yaml b/packages/extra/monitoring/templates/alerta/alerta.yaml index 30aa24932..87d408f5d 100644 --- a/packages/extra/monitoring/templates/alerta/alerta.yaml +++ b/packages/extra/monitoring/templates/alerta/alerta.yaml @@ -1,4 +1,4 @@ -{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} {{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} @@ -36,7 +36,7 @@ data: 'endpoint' : "/api", 'provider' : "basic" }) - .constant('colors', {}); + .constant('colors', {}); --- apiVersion: v1 kind: Service diff --git a/packages/extra/monitoring/templates/grafana/grafana.yaml b/packages/extra/monitoring/templates/grafana/grafana.yaml index bce84d13d..c86b0483c 100644 --- a/packages/extra/monitoring/templates/grafana/grafana.yaml +++ b/packages/extra/monitoring/templates/grafana/grafana.yaml @@ -1,4 +1,4 @@ -{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} {{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} {{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} @@ -94,7 +94,7 @@ spec: metadata: annotations: {{- if ne $issuerType "cloudflare" }} - acme.cert-manager.io/http01-ingress-class: "{{ $ingress }}" + acme.cert-manager.io/http01-ingress-class: "{{ $ingress }}" {{- end }} cert-manager.io/cluster-issuer: letsencrypt-prod spec: diff --git a/packages/system/kubevirt-cdi-operator/templates/cdi-operator.yaml b/packages/system/kubevirt-cdi-operator/templates/cdi-operator.yaml index 2698b895a..585a5741d 100644 --- a/packages/system/kubevirt-cdi-operator/templates/cdi-operator.yaml +++ b/packages/system/kubevirt-cdi-operator/templates/cdi-operator.yaml @@ -5718,7 +5718,7 @@ spec: - name: APISERVER_IMAGE value: quay.io/kubevirt/cdi-apiserver:v1.60.2 - name: UPLOAD_SERVER_IMAGE - value: quay.io/kubevirt/cdi-uploadserver:v1.60.2 + value: ghcr.io/aenix-io/cozystack/cdi/cdi-uploadserver:v1.60.2-fix@sha256:2c0cfae427861521a204d020e2981fdb23c8b32b66261c03b2a2cdcd7089ac64 - name: UPLOAD_PROXY_IMAGE value: quay.io/kubevirt/cdi-uploadproxy:v1.60.2 - name: VERBOSITY @@ -5753,4 +5753,4 @@ spec: tolerations: - key: CriticalAddonsOnly operator: Exists ---- \ No newline at end of file +--- diff --git a/packages/system/kubevirt-cdi/templates/cdi-cr.yaml b/packages/system/kubevirt-cdi/templates/cdi-cr.yaml index 3e1f683a1..af905af24 100644 --- a/packages/system/kubevirt-cdi/templates/cdi-cr.yaml +++ b/packages/system/kubevirt-cdi/templates/cdi-cr.yaml @@ -4,6 +4,9 @@ metadata: name: cdi spec: config: + {{- with .Values.uploadProxyURL }} + uploadProxyURLOverride: {{ quote . }} + {{- end }} featureGates: - HonorWaitForFirstConsumer - ExpandDisks diff --git a/packages/system/kubevirt-cdi/values.yaml b/packages/system/kubevirt-cdi/values.yaml new file mode 100644 index 000000000..bd9e604a0 --- /dev/null +++ b/packages/system/kubevirt-cdi/values.yaml @@ -0,0 +1 @@ +uploadProxyURL: ""