[leaf2mqtt] new chart (#935)

* leaf2mqtt initial

charts/stable/leaf2mqtt/.helmignore

@@ -0,0 +1,26 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+# helm-docs templates
+*.gotmpl

charts/stable/leaf2mqtt/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+appVersion: "0.1"
+description: Nissan Leaf connected services to MQTT adapter
+name: leaf2mqtt
+version: 1.0.0
+kubeVersion: ">=1.16.0-0"
+keywords:
+- leaf2mqtt
+- leaf
+- nissan
+- kamereon
+- carwings
+home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/leaf2mqtt
+icon: https://www.nissanusa.com/content/dam/Nissan/us/Navigation/nissan-logo-black.svg
+sources:
+- https://github.com/mitsumaui/leaf2mqtt
+- https://github.com/k8s-at-home/container-images
+maintainers:
+- name: mitsumaui
+  email: jase@oshelp.co.uk
+dependencies:
+- name: common
+  repository: https://library-charts.k8s-at-home.com
+  version: 2.5.0

charts/stable/leaf2mqtt/README.md

@@ -0,0 +1,116 @@
+# leaf2mqtt
+
+![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: 0.1](https://img.shields.io/badge/AppVersion-0.1-informational?style=flat-square)
+
+Nissan Leaf connected services to MQTT adapter
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## Source Code
+
+* <https://github.com/mitsumaui/leaf2mqtt>
+* <https://github.com/k8s-at-home/container-images>
+
+## Requirements
+
+Kubernetes: `>=1.16.0-0`
+
+## Dependencies
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://library-charts.k8s-at-home.com | common | 2.5.0 |
+
+## TL;DR
+
+```console
+helm repo add k8s-at-home https://k8s-at-home.com/charts/
+helm repo update
+helm install leaf2mqtt k8s-at-home/leaf2mqtt
+```
+
+## Installing the Chart
+
+To install the chart with the release name `leaf2mqtt`
+
+```console
+helm install leaf2mqtt k8s-at-home/leaf2mqtt
+```
+
+## Uninstalling the Chart
+
+To uninstall the `leaf2mqtt` deployment
+
+```console
+helm uninstall leaf2mqtt
+```
+
+The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
+
+## Configuration
+
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common).
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```console
+helm install leaf2mqtt \
+  --set env.TZ="America/New York" \
+    k8s-at-home/leaf2mqtt
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+
+```console
+helm install leaf2mqtt k8s-at-home/leaf2mqtt -f values.yaml
+```
+
+## Custom configuration
+
+N/A
+
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common)
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| env | object | `{}` |  |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.repository | string | `"ghcr.io/k8s-at-home/leaf2mqtt"` | Image repository |
+| image.tag | float | `0.1` | Image tag |
+| service.enabled | bool | `false` |  |
+| strategy.type | string | `"Recreate"` | Deployment recreation strategy |
+
+## Changelog
+
+All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog).
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+### [1.0.0]
+
+#### Added
+
+- Initial version
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[1.0.0]: #1.0.0
+
+## Support
+
+- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/)
+- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose)
+- Ask a [question](https://github.com/k8s-at-home/organization/discussions)
+- Join our [Discord](https://discord.gg/sTMX7Vh) community
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

charts/stable/leaf2mqtt/README.md.gotmpl

@@ -0,0 +1,146 @@
+{{- define "custom.repository.organization" -}}
+k8s-at-home
+{{- end -}}
+
+{{- define "custom.repository.url" -}}
+https://github.com/k8s-at-home/charts
+{{- end -}}
+
+{{- define "custom.helm.url" -}}
+https://k8s-at-home.com/charts/
+{{- end -}}
+
+{{- define "custom.helm.path" -}}
+{{ template "custom.repository.organization" . }}/{{ template "chart.name" . }}
+{{- end -}}
+
+{{- define "custom.notes" -}}
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+{{- end -}}
+
+{{- define "custom.requirements" -}}
+## Requirements
+
+{{ template "chart.kubeVersionLine" . }}
+{{- end -}}
+
+{{- define "custom.dependencies" -}}
+## Dependencies
+
+{{ template "chart.requirementsTable" . }}
+{{- end -}}
+
+{{- define "custom.install.tldr" -}}
+## TL;DR
+
+```console
+helm repo add {{ template "custom.repository.organization" . }} {{ template "custom.helm.url" . }}
+helm repo update
+helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }}
+```
+{{- end -}}
+
+{{- define "custom.install" -}}
+## Installing the Chart
+
+To install the chart with the release name `{{ template "chart.name" . }}`
+
+```console
+helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }}
+```
+{{- end -}}
+
+{{- define "custom.uninstall" -}}
+## Uninstalling the Chart
+
+To uninstall the `{{ template "chart.name" . }}` deployment
+
+```console
+helm uninstall {{ template "chart.name" . }}
+```
+
+The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
+{{- end -}}
+
+{{- define "custom.configuration.header" -}}
+## Configuration
+{{- end -}}
+
+{{- define "custom.configuration.readValues" -}}
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common).
+{{- end -}}
+
+{{- define "custom.configuration.example.set" -}}
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```console
+helm install {{ template "chart.name" . }} \
+  --set env.TZ="America/New York" \
+    {{ template "custom.helm.path" . }}
+```
+{{- end -}}
+
+{{- define "custom.configuration.example.file" -}}
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+
+```console
+helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} -f values.yaml
+```
+{{- end -}}
+
+{{- define "custom.valuesSection" -}}
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common)
+
+{{ template "chart.valuesTable" . }}
+{{- end -}}
+
+{{- define "custom.support" -}}
+## Support
+
+- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/)
+- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose)
+- Ask a [question](https://github.com/k8s-at-home/organization/discussions)
+- Join our [Discord](https://discord.gg/sTMX7Vh) community
+{{- end -}}
+
+{{ template "chart.header" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "custom.notes" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "custom.requirements" . }}
+
+{{ template "custom.dependencies" . }}
+
+{{ template "custom.install.tldr" . }}
+
+{{ template "custom.install" . }}
+
+{{ template "custom.uninstall" . }}
+
+{{ template "custom.configuration.header" . }}
+
+{{ template "custom.configuration.readValues" . }}
+
+{{ template "custom.configuration.example.set" . }}
+
+{{ template "custom.configuration.example.file" . }}
+
+{{ template "custom.custom.configuration" . }}
+
+{{ template "custom.valuesSection" . }}
+
+{{ template "custom.changelog" . }}
+
+{{ template "custom.support" . }}
+
+{{ template "helm-docs.versionFooter" . }}
+{{ "" }}

charts/stable/leaf2mqtt/README_CHANGELOG.md.gotmpl

@@ -0,0 +1,27 @@
+{{- define "custom.changelog.header" -}}
+## Changelog
+{{- end -}}
+
+{{- define "custom.changelog" -}}
+{{ template "custom.changelog.header" . }}
+
+All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog).
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+### [1.0.0]
+
+#### Added
+
+- Initial version
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[1.0.0]: #1.0.0
+{{- end -}}

charts/stable/leaf2mqtt/README_CONFIG.md.gotmpl

@@ -0,0 +1,9 @@
+{{- define "custom.custom.configuration.header" -}}
+## Custom configuration
+{{- end -}}
+
+{{- define "custom.custom.configuration" -}}
+{{ template "custom.custom.configuration.header" . }}
+
+N/A
+{{- end -}}

charts/stable/leaf2mqtt/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/stable/leaf2mqtt/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/stable/leaf2mqtt/values.yaml

@@ -0,0 +1,44 @@
+#
+# IMPORTANT NOTE
+#
+# This chart inherits from our common library chart. You can check the default values/options here:
+# https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml
+#
+
+image:
+  # -- Image repository
+  repository: ghcr.io/k8s-at-home/leaf2mqtt
+  # -- Image pull policy
+  pullPolicy: IfNotPresent
+  # -- Image tag
+  tag: v0.1
+
+strategy:
+  # -- Deployment recreation strategy
+  type: Recreate
+
+# See more environment variables in the leaf2mqtt documentation
+# https://github.com/mitsumaui/leaf2mqtt
+env: {}
+  # LEAF_USERNAME:
+  # LEAF_PASSWORD:
+  # LEAF_TYPE:
+  # MQTT_HOST:
+  # MQTT_PORT:
+  # MQTT_USERNAME:
+  # MQTT_PASSWORD:
+  # MQTT_BASE_TOPIC:
+  # UPDATE_INTERVAL_MINUTES:
+  # CHARGING_UPDATE_INTERVAL_MINUTES:
+  # LOG_LEVEL:
+
+service:
+  enabled: false
+
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false
+  startup:
+    enabled: false

charts/stable/pod-gateway/Chart.yaml

@@ -1,15 +1,16 @@
 apiVersion: v2
-appVersion: 1.0.0
+appVersion: 1.2.6
 description: Admision controller to change the default gateway and DNS server of PODs
 name: pod-gateway
-version: 1.0.1
+version: 2.1.1
 kubeVersion: ">=1.16.0-0"
 keywords:
 - pod-gateway
 home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/pod-gateway
 icon: https://pod-gateway.org/icon
 sources:
-- https://github.com/pod-gateway/pod-gateway-docker
+- https://github.com/k8s-at-home/gateway-admision-controller
+- https://github.com/k8s-at-home/pod-gateway
 maintainers:
 - name: angelnu
   email: git@angelnu.com

charts/stable/pod-gateway/README.md

@@ -1,6 +1,6 @@
 # pod-gateway
 
-![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
+![Version: 2.1.1](https://img.shields.io/badge/Version-2.1.1-informational?style=flat-square) ![AppVersion: 1.2.6](https://img.shields.io/badge/AppVersion-1.2.6-informational?style=flat-square)
 
 Admision controller to change the default gateway and DNS server of PODs
 
@@ -8,7 +8,8 @@ Admision controller to change the default gateway and DNS server of PODs
 
 ## Source Code
 
-* <https://github.com/pod-gateway/pod-gateway-docker>
+* <https://github.com/k8s-at-home/gateway-admision-controller>
+* <https://github.com/k8s-at-home/pod-gateway>
 
 ## Requirements
 
@@ -67,6 +68,9 @@ helm install pod-gateway k8s-at-home/pod-gateway -f values.yaml
 
 ## Custom configuration
 
+Please check [this guide](https://docs.k8s-at-home.com/guides/pod-gateway/)
+for the full instructions.
+
 You need to add `routed-gateway=true` to the namespaces with PODs you
 want to route through this POD gateway. If needed the label name can be changed
 in .Values.
@@ -99,31 +103,49 @@ certificates. It does not install it as dependency to avoid conflicts.
 | additionalVolumeMounts[0].mountPath | string | `"/config"` |  |
 | additionalVolumeMounts[0].name | string | `"config"` |  |
 | additionalVolumeMounts[0].readOnly | bool | `true` |  |
+| addons.vpn.configFileSecret | string | `"openvpn"` |  |
+| addons.vpn.enabled | bool | `false` | Enable the VPN if you want to route through a VPN. You might also want to set VPN_BLOCK_OTHER_TRAFFIC to true for extra safeness in case the VPN does connect |
+| addons.vpn.env | string | `nil` |  |
+| addons.vpn.networkPolicy.egress[0].ports[0].port | int | `443` |  |
+| addons.vpn.networkPolicy.egress[0].ports[0].protocol | string | `"UDP"` |  |
+| addons.vpn.networkPolicy.egress[0].to[0].ipBlock.cidr | string | `"0.0.0.0/0"` |  |
+| addons.vpn.networkPolicy.egress[1].to[0].ipBlock.cidr | string | `"10.0.0.0/8"` |  |
+| addons.vpn.networkPolicy.enabled | bool | `true` |  |
+| addons.vpn.openvpn | string | `nil` |  |
+| addons.vpn.type | string | `"openvpn"` |  |
+| addons.vpn.wireguard | string | `nil` |  |
 | clusterName | string | `"cluster.local"` | cluster name used to derive the gateway full name |
 | command[0] | string | `"/bin/gateway_sidecar.sh"` |  |
-| configmap.data."nat.conf" | string | `"# Configure client PODs with static IP addresses\n# and ports exposed through NAT\n# static IPs must be bellow VXLAN_GATEWAY_FIRST_DYNAMIC_IP\n#\n# hostname IP ports(coma separated)\n# Example:\n# transmission 10 tcp:18289,udp:18289\n"` | settings to expose ports, usually through a VPN provider NOTE: if you change it you will need to manually restart all containers using it |
-| configmap.data."settings.sh" | string | `"#!/bin/sh\n# hostname of the gateway - it must accept vxlan and DHCP traffic\n# clients get it as env variable\nGATEWAY_NAME=\"${gateway}\"\n# K8S DNS IP address\n# clients get it as env variable\nK8S_DNS_IPS=\"${K8S_DNS_ips}\"\n\n# Vxlan ID to use\nVXLAN_ID=\"42\"\n# VXLAN need an /24 IP range not conflicting with K8S and local IP ranges\nVXLAN_IP_NETWORK=\"172.16.0\"\n# Gateway IP within the VXLAN - client PODs will be routed through it\nVXLAN_GATEWAY_IP=\"${VXLAN_IP_NETWORK}.1\"\n# Keep a range of IPs for static assignment in nat.conf\nVXLAN_GATEWAY_FIRST_DYNAMIC_IP=20\n\n# If using a VPN, interface name created by it\nVPN_INTERFACE=tun0\n# Prevent non VPN traffic to leave the gateway\nVPN_BLOCK_OTHER_TRAFFIC=false\n# Traffic to these IPs will be send through the K8S gateway\nVPN_LOCAL_CIDRS=\"10.0.0.0/8 192.168.0.0/16\"\n\n# DNS queries to these domains will be resolved by K8S DNS instead of\n# the default (typcally the VPN client changes it)\nDNS_LOCAL_CIDRS=\"local\"\n"` | settings for gateway - defaults should usually be good NOTE: if you change it you will need to manually restart all containers using it |
-| configmap.enabled | bool | `true` | configmap contains clients and gateway PODs setting |
-| configmap.namespaces | list | `[]` | Namespaces to create the configmap to. It must list all namespaces where client PODs get deployed to. The chart namespace is added automatically |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"ghcr.io/k8s-at-home/pod-gateway"` |  |
-| image.tag | string | `"v1.1.0"` |  |
+| image.tag | string | `"v1.2.6"` |  |
 | initContainers[0].command[0] | string | `"/bin/gateway_init.sh"` |  |
 | initContainers[0].image | string | `nil` | Will be set automatically |
 | initContainers[0].imagePullPolicy | string | `nil` | Will be set automatically |
 | initContainers[0].name | string | `"routes"` |  |
-| initContainers[0].securityContext.capabilities.add[0] | string | `"NET_ADMIN"` |  |
+| initContainers[0].securityContext.privileged | bool | `true` |  |
 | initContainers[0].volumeMounts[0].mountPath | string | `"/config"` |  |
 | initContainers[0].volumeMounts[0].name | string | `"config"` |  |
 | initContainers[0].volumeMounts[0].readOnly | bool | `true` |  |
 | probes.liveness.enabled | bool | `false` |  |
 | probes.readiness.enabled | bool | `false` |  |
 | probes.startup.enabled | bool | `false` |  |
+| publicPorts | string | `nil` | settings to expose ports, usually through a VPN provider. NOTE: if you change it you will need to manually restart the gateway POD |
+| routed_namespaces | list | `[]` | Namespaces that might contain routed PODs and therefore require a copy of the gneerated settings configmap. |
 | securityContext.capabilities.add[0] | string | `"NET_ADMIN"` |  |
 | service.clusterIP | string | `"None"` |  |
 | service.port.port | int | `4789` |  |
 | service.port.protocol | string | `"UDP"` |  |
 | service.type | string | `"ClusterIP"` |  |
+| settings.DNS_LOCAL_CIDRS | string | `"local"` | DNS queries to these domains will be resolved by K8S DNS instead of the default (typcally the VPN client changes it) |
+| settings.NOT_ROUTED_TO_GATEWAY_CIDRS | string | `""` | IPs not sent to the POD gateway but to the default K8S. Multiple CIDRs can be specified using blanks as separator. Example for Calico: ""172.22.0.0/16 172.24.0.0/16" This is needed, for example, in case your CNI does not add a non-default rule for the K8S addresses (Flannel does). |
+| settings.VPN_BLOCK_OTHER_TRAFFIC | bool | `false` | Prevent non VPN traffic to leave the gateway |
+| settings.VPN_INTERFACE | string | `"tun0"` | If using a VPN, interface name created by it |
+| settings.VPN_LOCAL_CIDRS | string | `"10.0.0.0/8 192.168.0.0/16"` | Traffic to these IPs will be send through the K8S gateway |
+| settings.VPN_TRAFFIC_PORT | int | `443` | If VPN_BLOCK_OTHER_TRAFFIC is true, allow VPN traffic over this port |
+| settings.VXLAN_GATEWAY_FIRST_DYNAMIC_IP | int | `20` | Keep a range of IPs for static assignment in nat.conf |
+| settings.VXLAN_ID | int | `42` | Vxlan ID to use |
+| settings.VXLAN_IP_NETWORK | string | `"172.16.0"` | VXLAN needs an /24 IP range not conflicting with K8S and local IP ranges |
 | webhook.additionalVolumes | list | `[]` |  |
 | webhook.args[0] | string | `"--tls-cert-file-path=/tls/tls.crt"` |  |
 | webhook.args[1] | string | `"--tls-key-file-path=/tls/tls.key"` |  |
@@ -133,7 +155,7 @@ certificates. It does not install it as dependency to avoid conflicts.
 | webhook.args[5] | string | `"--DNSPolicy=None"` |  |
 | webhook.image.pullPolicy | string | `"IfNotPresent"` |  |
 | webhook.image.repository | string | `"ghcr.io/k8s-at-home/gateway-admision-controller"` |  |
-| webhook.image.tag | string | `"v3.2.0"` |  |
+| webhook.image.tag | string | `"v3.3.2"` |  |
 | webhook.inserted.init.cmd | string | `"/bin/client_init.sh"` |  |
 | webhook.inserted.init.mountPath | string | `"/config"` |  |
 | webhook.inserted.init.pullPolicy | string | `nil` | Will be set automatically |
@@ -157,6 +179,58 @@ All notable changes to this application Helm chart will be documented in this fi
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+### [2.1.1]
+
+#### Added
+
+- Tolerate PODs that do not include namespace
+- fix for missing VXLAN_GATEWAY_IP
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[2.1.1]: #2.1.1
+
+### [2.1.0]
+
+#### Added
+
+- set Search and Options when DNSPolicy is "None"
+- update instructions
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[2.1.0]: #2.1.0
+
+### [2.0.0]
+
+#### Added
+
+- N/A
+
+#### Changed
+
+- run gateway init container as privileged
+- configmap is now a dictionary instead of a long string
+- only modifed settings need to be specified
+
+#### Removed
+
+- N/A
+
+[2.0.0]: #2.0.0
+
 ### [1.0.1]
 
 #### Added

charts/stable/pod-gateway/README_CHANGELOG.md.gotmpl

@@ -9,6 +9,58 @@ All notable changes to this application Helm chart will be documented in this fi
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+### [2.1.1]
+
+#### Added
+
+- Tolerate PODs that do not include namespace
+- fix for missing VXLAN_GATEWAY_IP
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[2.1.1]: #2.1.1
+
+### [2.1.0]
+
+#### Added
+
+- set Search and Options when DNSPolicy is "None"
+- update instructions
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[2.1.0]: #2.1.0
+
+### [2.0.0]
+
+#### Added
+
+- N/A
+
+#### Changed
+
+- run gateway init container as privileged
+- configmap is now a dictionary instead of a long string
+- only modifed settings need to be specified
+
+#### Removed
+
+- N/A
+
+[2.0.0]: #2.0.0
+
 ### [1.0.1]
 
 #### Added

charts/stable/pod-gateway/README_CONFIG.md.gotmpl

@@ -5,6 +5,9 @@
 {{- define "custom.custom.configuration" -}}
 {{ template "custom.custom.configuration.header" . }}
 
+Please check [this guide](https://docs.k8s-at-home.com/guides/pod-gateway/)
+for the full instructions.
+
 You need to add `routed-gateway=true` to the namespaces with PODs you
 want to route through this POD gateway. If needed the label name can be changed
 in .Values.

charts/stable/pod-gateway/templates/configmap.yaml

@@ -1,5 +1,4 @@
-{{- if .Values.configmap.enabled | default true -}}
-{{- range $namespace := append .Values.configmap.namespaces .Release.Namespace }}
+{{- range $namespace := append .Values.routed_namespaces .Release.Namespace }}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -9,6 +8,23 @@ metadata:
   labels:
     {{- include "common.labels" $ | nindent 4 }}
 data:
-  {{- $.Values.configmap.data | toYaml | nindent 2 }}
-{{- end -}}
+  settings.sh: |
+    #!/bin/sh
+    # Generated by {{ include "common.names.fullname" $ }}
+    {{- range $key, $value := $.Values.settings }}
+    {{ $key }}={{ $value | quote }}
+    {{- end }}
+  nat.conf: |
+    # Generated by {{ include "common.names.fullname" $ }}
+    {{- range $entry := $.Values.publicPorts }}
+    {{ $entry.hostname | required "Missing hostname" }} {{ $entry.IP | required "Missing IP" }}
+      {{- range $index, $port := $entry.ports -}}
+        {{- if eq $index 0 -}}
+          {{- print " " -}}
+        {{- else -}}
+          {{- print "," -}}
+        {{- end -}}
+        {{- $port.type | required "Missing port type" }}:{{ $port.port | required "Missing port number" -}}
+      {{- end }}
+    {{- end }}
 {{- end -}}

charts/stable/pod-gateway/templates/webhook-deployment.yaml

@@ -41,9 +41,7 @@ spec:
             - --webhook-listen-address=:{{ .Values.webhook.service.port.port |toString }}
             - --gateway={{ include "pod-gateway.gateway" . }}
             - --DNS={{ .Values.DNS }}
-            {{- if .Values.configmap.enabled }}
             - --configmapName={{ include "pod-gateway.configmap" . }}
-            {{- end}}
             {{- if ( include "pod-gateway.webhook-inserted-init-repository" . ) }}
             - --initImage={{ include "pod-gateway.webhook-inserted-init-repository" . }}
             - --initImagePullPol={{ include "pod-gateway.webhook-inserted-init-pullPolicy" . }}

charts/stable/pod-gateway/values.yaml

@@ -8,7 +8,7 @@
 image:
   repository: ghcr.io/k8s-at-home/pod-gateway
   pullPolicy: IfNotPresent
-  tag: v1.1.0
+  tag: v1.2.6
 
 # -- IP address of the DNS server within the vxlan tunnel.
 # All mutated PODs will get this as their DNS server.
@@ -18,57 +18,78 @@ DNS: 172.16.0.1
 # -- cluster name used to derive the gateway full name
 clusterName: "cluster.local"
 
-configmap:
-  # -- configmap contains clients and gateway PODs setting
-  enabled: true
-  # -- Namespaces to create the configmap to.
-  # It must list all namespaces where client PODs get deployed to.
-  # The chart namespace is added automatically
-  namespaces: []
-  data:
-    # -- settings for gateway - defaults should usually be good
-    # NOTE: if you change it you will need to manually restart all
-    # containers using it
-    settings.sh: |
-      #!/bin/sh
-      # hostname of the gateway - it must accept vxlan and DHCP traffic
-      # clients get it as env variable
-      GATEWAY_NAME="${gateway}"
-      # K8S DNS IP address
-      # clients get it as env variable
-      K8S_DNS_IPS="${K8S_DNS_ips}"
+# -- Namespaces that might contain routed PODs and therefore
+# require a copy of the gneerated settings configmap.
+routed_namespaces: []
+# - vpn
 
-      # Vxlan ID to use
-      VXLAN_ID="42"
-      # VXLAN need an /24 IP range not conflicting with K8S and local IP ranges
-      VXLAN_IP_NETWORK="172.16.0"
-      # Gateway IP within the VXLAN - client PODs will be routed through it
-      VXLAN_GATEWAY_IP="${VXLAN_IP_NETWORK}.1"
-      # Keep a range of IPs for static assignment in nat.conf
-      VXLAN_GATEWAY_FIRST_DYNAMIC_IP=20
+settings:
+  # -- IPs not sent to the POD gateway but to the default K8S.
+  # Multiple CIDRs can be specified using blanks as separator.
+  # Example for Calico: ""172.22.0.0/16 172.24.0.0/16"
+  #
+  # This is needed, for example, in case your CNI does
+  # not add a non-default rule for the K8S addresses (Flannel does).
+  NOT_ROUTED_TO_GATEWAY_CIDRS: ""
 
-      # If using a VPN, interface name created by it
-      VPN_INTERFACE=tun0
-      # Prevent non VPN traffic to leave the gateway
-      VPN_BLOCK_OTHER_TRAFFIC=false
-      # Traffic to these IPs will be send through the K8S gateway
-      VPN_LOCAL_CIDRS="10.0.0.0/8 192.168.0.0/16"
+  # -- Vxlan ID to use
+  VXLAN_ID: 42
+  # -- VXLAN needs an /24 IP range not conflicting with K8S and local IP ranges
+  VXLAN_IP_NETWORK: "172.16.0"
+  # -- Keep a range of IPs for static assignment in nat.conf
+  VXLAN_GATEWAY_FIRST_DYNAMIC_IP: 20
 
-      # DNS queries to these domains will be resolved by K8S DNS instead of
-      # the default (typcally the VPN client changes it)
-      DNS_LOCAL_CIDRS="local"
+  # -- If using a VPN, interface name created by it
+  VPN_INTERFACE: tun0
+  # -- Prevent non VPN traffic to leave the gateway
+  VPN_BLOCK_OTHER_TRAFFIC: false
+  # -- If VPN_BLOCK_OTHER_TRAFFIC is true, allow VPN traffic over this port
+  VPN_TRAFFIC_PORT: 443
+  # -- Traffic to these IPs will be send through the K8S gateway
+  VPN_LOCAL_CIDRS: "10.0.0.0/8 192.168.0.0/16"
 
-    # -- settings to expose ports, usually through a VPN provider
-    # NOTE: if you change it you will need to manually restart all
-    # containers using it
-    nat.conf: |
-      # Configure client PODs with static IP addresses
-      # and ports exposed through NAT
-      # static IPs must be bellow VXLAN_GATEWAY_FIRST_DYNAMIC_IP
-      #
-      # hostname IP ports(coma separated)
-      # Example:
-      # transmission 10 tcp:18289,udp:18289
+  # -- DNS queries to these domains will be resolved by K8S DNS instead of
+  # the default (typcally the VPN client changes it)
+  DNS_LOCAL_CIDRS: "local"
+
+# -- settings to expose ports, usually through a VPN provider.
+# NOTE: if you change it you will need to manually restart the gateway POD
+publicPorts:
+# - hostname: qbittorrent
+#   IP: 10
+#   ports:
+#   - type: udp
+#     port: 18289
+#   - type: tcp
+#     port: 18289
+
+addons:
+  vpn:
+    # -- Enable the VPN if you want to route through a VPN.
+    # You might also want to set VPN_BLOCK_OTHER_TRAFFIC to true
+    # for extra safeness in case the VPN does connect
+    enabled: false
+    type: openvpn
+    openvpn:
+    wireguard:
+    env:
+    configFileSecret: openvpn
+    networkPolicy:
+      enabled: true
+      egress:
+        # Allow only VPN traffic to Internet
+        - to:
+          - ipBlock:
+              cidr: 0.0.0.0/0
+          ports:
+          # VPN traffic (default OpenVPN)
+          - port: 443
+            protocol: UDP
+        # Allow any traffic within k8s
+        - to:
+          - ipBlock:
+              # Cluster IPs (default k3s)
+              cidr: 10.0.0.0/8
 
 
 # You should not need to change the settings bellow this
@@ -99,9 +120,7 @@ initContainers:
   command:
   - /bin/gateway_init.sh
   securityContext:
-    capabilities:
-      add:
-        - NET_ADMIN
+    privileged: true
   volumeMounts:
   - name: config
     mountPath: /config
@@ -126,7 +145,7 @@ webhook:
   image:
     repository: ghcr.io/k8s-at-home/gateway-admision-controller
     pullPolicy: IfNotPresent
-    tag: v3.2.0
+    tag: v3.3.2
 
   # -- Selector for namespace.
   # All pods in this namespace will get their default gateway changed

charts/stable/syncthing/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 1.16.1
+appVersion: 1.17.0
 description: Open Source Continuous File Synchronization
 name: syncthing
-version: 1.3.0
+version: 1.3.1
 kubeVersion: ">=1.16.0-0"
 keywords:
 - syncthing
@@ -15,6 +15,7 @@ sources:
 maintainers:
 - name: FlipEnergy
   email: dennis.zhang.nrg@gmail.com
+- name: claughinghouse
 dependencies:
 - name: common
   repository: https://library-charts.k8s-at-home.com

charts/stable/syncthing/README.md

@@ -1,6 +1,6 @@
 # syncthing
 
-![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: 1.16.1](https://img.shields.io/badge/AppVersion-1.16.1-informational?style=flat-square)
+![Version: 1.3.1](https://img.shields.io/badge/Version-1.3.1-informational?style=flat-square) ![AppVersion: 1.17.0](https://img.shields.io/badge/AppVersion-1.17.0-informational?style=flat-square)
 
 Open Source Continuous File Synchronization
 
@@ -78,7 +78,7 @@ N/A
 |-----|------|---------|-------------|
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"syncthing/syncthing"` |  |
-| image.tag | string | `"1.16.1"` |  |
+| image.tag | string | `"1.17.0"` |  |
 | ingress.enabled | bool | `false` |  |
 | persistence.data.emptyDir.enabled | bool | `false` |  |
 | persistence.data.enabled | bool | `false` |  |
@@ -108,6 +108,20 @@ All notable changes to this application Helm chart will be documented in this fi
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+### [1.3.1]
+
+#### Added
+
+- N/A
+
+#### Changed
+
+- Updated syncthing container image version to `v1.17.0`.
+
+#### Removed
+
+- N/A
+
 ### [1.3.0]
 
 #### Added
@@ -151,6 +165,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 - N/A
 
+[1.3.1]: #1.3.1
 [1.3.0]: #1.3.0
 [1.1.2]: #1.1.2
 [1.0.0]: #1.0.0

charts/stable/syncthing/README_CHANGELOG.md.gotmpl

@@ -9,6 +9,20 @@ All notable changes to this application Helm chart will be documented in this fi
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+### [1.3.1]
+
+#### Added
+
+- N/A
+
+#### Changed
+
+- Updated syncthing container image version to `v1.17.0`.
+
+#### Removed
+
+- N/A
+
 ### [1.3.0]
 
 #### Added
@@ -52,6 +66,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 - N/A
 
+[1.3.1]: #1.3.1
 [1.3.0]: #1.3.0
 [1.1.2]: #1.1.2
 [1.0.0]: #1.0.0

charts/stable/syncthing/values.yaml

@@ -8,7 +8,7 @@
 image:
   repository: syncthing/syncthing
   pullPolicy: IfNotPresent
-  tag: 1.16.1
+  tag: 1.17.0
 
 strategy:
   type: Recreate