[leaf2mqtt] new chart (#935)

* leaf2mqtt initial

.github/ct-install.yaml

@@ -14,7 +14,7 @@ excluded-charts:
 - charts/stable/zalando-postgres-cluster
 - charts/stable/zigbee2mqtt
 - charts/stable/founderyvtt
-- charts/stable/pod-gateway-setter
+- charts/stable/pod-gateway
 chart-repos:
 - bitnami=https://charts.bitnami.com/bitnami
 - k8s-at-home-libraries=https://library-charts.k8s-at-home.com

charts/stable/leaf2mqtt/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+appVersion: "0.1"
+description: Nissan Leaf connected services to MQTT adapter
+name: leaf2mqtt
+version: 1.0.0
+kubeVersion: ">=1.16.0-0"
+keywords:
+- leaf2mqtt
+- leaf
+- nissan
+- kamereon
+- carwings
+home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/leaf2mqtt
+icon: https://www.nissanusa.com/content/dam/Nissan/us/Navigation/nissan-logo-black.svg
+sources:
+- https://github.com/mitsumaui/leaf2mqtt
+- https://github.com/k8s-at-home/container-images
+maintainers:
+- name: mitsumaui
+  email: jase@oshelp.co.uk
+dependencies:
+- name: common
+  repository: https://library-charts.k8s-at-home.com
+  version: 2.5.0

charts/stable/leaf2mqtt/README.md

@@ -0,0 +1,116 @@
+# leaf2mqtt
+
+![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: 0.1](https://img.shields.io/badge/AppVersion-0.1-informational?style=flat-square)
+
+Nissan Leaf connected services to MQTT adapter
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## Source Code
+
+* <https://github.com/mitsumaui/leaf2mqtt>
+* <https://github.com/k8s-at-home/container-images>
+
+## Requirements
+
+Kubernetes: `>=1.16.0-0`
+
+## Dependencies
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://library-charts.k8s-at-home.com | common | 2.5.0 |
+
+## TL;DR
+
+```console
+helm repo add k8s-at-home https://k8s-at-home.com/charts/
+helm repo update
+helm install leaf2mqtt k8s-at-home/leaf2mqtt
+```
+
+## Installing the Chart
+
+To install the chart with the release name `leaf2mqtt`
+
+```console
+helm install leaf2mqtt k8s-at-home/leaf2mqtt
+```
+
+## Uninstalling the Chart
+
+To uninstall the `leaf2mqtt` deployment
+
+```console
+helm uninstall leaf2mqtt
+```
+
+The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
+
+## Configuration
+
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common).
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```console
+helm install leaf2mqtt \
+  --set env.TZ="America/New York" \
+    k8s-at-home/leaf2mqtt
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+
+```console
+helm install leaf2mqtt k8s-at-home/leaf2mqtt -f values.yaml
+```
+
+## Custom configuration
+
+N/A
+
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common)
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| env | object | `{}` |  |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.repository | string | `"ghcr.io/k8s-at-home/leaf2mqtt"` | Image repository |
+| image.tag | float | `0.1` | Image tag |
+| service.enabled | bool | `false` |  |
+| strategy.type | string | `"Recreate"` | Deployment recreation strategy |
+
+## Changelog
+
+All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog).
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+### [1.0.0]
+
+#### Added
+
+- Initial version
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[1.0.0]: #1.0.0
+
+## Support
+
+- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/)
+- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose)
+- Ask a [question](https://github.com/k8s-at-home/organization/discussions)
+- Join our [Discord](https://discord.gg/sTMX7Vh) community
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

charts/stable/leaf2mqtt/README_CONFIG.md.gotmpl

@@ -0,0 +1,9 @@
+{{- define "custom.custom.configuration.header" -}}
+## Custom configuration
+{{- end -}}
+
+{{- define "custom.custom.configuration" -}}
+{{ template "custom.custom.configuration.header" . }}
+
+N/A
+{{- end -}}

charts/stable/leaf2mqtt/templates/common.yaml

@@ -0,0 +1 @@
+{{ include "common.all" . }}

charts/stable/leaf2mqtt/values.yaml

@@ -0,0 +1,44 @@
+#
+# IMPORTANT NOTE
+#
+# This chart inherits from our common library chart. You can check the default values/options here:
+# https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml
+#
+
+image:
+  # -- Image repository
+  repository: ghcr.io/k8s-at-home/leaf2mqtt
+  # -- Image pull policy
+  pullPolicy: IfNotPresent
+  # -- Image tag
+  tag: v0.1
+
+strategy:
+  # -- Deployment recreation strategy
+  type: Recreate
+
+# See more environment variables in the leaf2mqtt documentation
+# https://github.com/mitsumaui/leaf2mqtt
+env: {}
+  # LEAF_USERNAME:
+  # LEAF_PASSWORD:
+  # LEAF_TYPE:
+  # MQTT_HOST:
+  # MQTT_PORT:
+  # MQTT_USERNAME:
+  # MQTT_PASSWORD:
+  # MQTT_BASE_TOPIC:
+  # UPDATE_INTERVAL_MINUTES:
+  # CHARGING_UPDATE_INTERVAL_MINUTES:
+  # LOG_LEVEL:
+
+service:
+  enabled: false
+
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false
+  startup:
+    enabled: false

charts/stable/pod-gateway-setter/README.md

@@ -1,168 +0,0 @@
-# pod-gateway-setter
-
-![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
-
-Admision controller to change the default gateway and DNS server of PODs
-
-**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
-
-## Source Code
-
-* <https://github.com/pod-gateway-setter/pod-gateway-setter-docker>
-
-## Requirements
-
-Kubernetes: `>=1.16.0-0`
-
-## Dependencies
-
-| Repository | Name | Version |
-|------------|------|---------|
-| https://library-charts.k8s-at-home.com | common | 2.5.0 |
-
-## TL;DR
-
-```console
-helm repo add k8s-at-home https://k8s-at-home.com/charts/
-helm repo update
-helm install pod-gateway-setter k8s-at-home/pod-gateway-setter
-```
-
-## Installing the Chart
-
-To install the chart with the release name `pod-gateway-setter`
-
-```console
-helm install pod-gateway-setter k8s-at-home/pod-gateway-setter
-```
-
-## Uninstalling the Chart
-
-To uninstall the `pod-gateway-setter` deployment
-
-```console
-helm uninstall pod-gateway-setter
-```
-
-The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
-
-## Configuration
-
-Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
-Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common).
-
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
-
-```console
-helm install pod-gateway-setter \
-  --set env.TZ="America/New York" \
-    k8s-at-home/pod-gateway-setter
-```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
-
-```console
-helm install pod-gateway-setter k8s-at-home/pod-gateway-setter -f values.yaml
-```
-
-## Custom configuration
-
-You need to set `gateway` to the hostname or address of your gateway. Then
-all PODs in namespaces with the matching label (`routed-gateway=true` by default)
-will be processed by the webhook.
-
-The webhook by default changes all processed pods (remove `--setGatewayDefault`
-if you want to change the default). You can also change the default for a
-POD by adding a label or annotation (`setGateway` by default).
-
-Processed PODs will get their default gateway changed. DNS server will
-also be set to the gateway (at least the option `--keepDNS` is used).
-
-Multiple instances of this chart might be installed that use different label
-values. This is usufull, for example, to route multiple pod groups, each with
-a different gateway.
-
-**IMPORTANT**: Do not deploy this chart to a namespace controlled by this
-webhook. This would result in a likelly deathlock when upgrading the chart.
-
-**NOTE**: This char requires the cert-manager CRD to generate the required
-certificates.
-
-## Values
-
-**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common)
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| additionalVolumeMounts[0].mountPath | string | `"/tls"` |  |
-| additionalVolumeMounts[0].name | string | `"certs"` |  |
-| additionalVolumeMounts[0].readOnly | bool | `true` |  |
-| args[0] | string | `"--tls-cert-file-path=/tls/tls.crt"` |  |
-| args[1] | string | `"--tls-key-file-path=/tls/tls.key"` |  |
-| args[2] | string | `"--setGatewayDefault"` |  |
-| args[3] | string | `"--setGatewayLabel=setGateway"` |  |
-| args[4] | string | `"--setGatewayAnnotation=setGateway"` |  |
-| gateway | string | `"10.0.2.7"` | Gateway to route traffic to. Can be an hostname or an IP |
-| image.pullPolicy | string | `"IfNotPresent"` |  |
-| image.repository | string | `"ghcr.io/k8s-at-home/gateway-admision-controller"` |  |
-| image.tag | string | `"v2.0.0"` |  |
-| ingress.enabled | bool | `false` |  |
-| namespaceSelector | object | `{"matchLabels":{"routed-gateway":"true"}}` | Selector for namespace. All pods in this namespace will get their default gateway changed |
-| probes.liveness.custom | bool | `true` |  |
-| probes.liveness.enabled | bool | `true` |  |
-| probes.liveness.spec.failureThreshold | int | `5` |  |
-| probes.liveness.spec.httpGet.path | string | `"/wh/health"` |  |
-| probes.liveness.spec.httpGet.port | int | `8080` |  |
-| probes.liveness.spec.httpGet.scheme | string | `"HTTPS"` |  |
-| probes.liveness.spec.initialDelaySeconds | int | `1` |  |
-| probes.liveness.spec.timeoutSeconds | int | `10` |  |
-| probes.readiness.custom | bool | `true` |  |
-| probes.readiness.enabled | bool | `true` |  |
-| probes.readiness.spec.failureThreshold | int | `5` |  |
-| probes.readiness.spec.httpGet.path | string | `"/wh/health"` |  |
-| probes.readiness.spec.httpGet.port | int | `8080` |  |
-| probes.readiness.spec.httpGet.scheme | string | `"HTTPS"` |  |
-| probes.readiness.spec.initialDelaySeconds | int | `1` |  |
-| probes.readiness.spec.timeoutSeconds | int | `10` |  |
-| probes.startup.custom | bool | `true` |  |
-| probes.startup.enabled | bool | `true` |  |
-| probes.startup.spec.failureThreshold | int | `30` |  |
-| probes.startup.spec.httpGet.path | string | `"/wh/health"` |  |
-| probes.startup.spec.httpGet.port | int | `8080` |  |
-| probes.startup.spec.httpGet.scheme | string | `"HTTPS"` |  |
-| probes.startup.spec.periodSeconds | int | `1` |  |
-| service.port.path | string | `"/wh/mutating/setgateway"` |  |
-| service.port.port | int | `8080` |  |
-| strategy.type | string | `"RollingUpdate"` |  |
-
-## Changelog
-
-All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog).
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-### [1.0.0]
-
-#### Added
-
-- Initial version
-
-#### Changed
-
-- N/A
-
-#### Removed
-
-- N/A
-
-[1.0.0]: #1.0.0
-
-## Support
-
-- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/)
-- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose)
-- Ask a [question](https://github.com/k8s-at-home/organization/discussions)
-- Join our [Discord](https://discord.gg/sTMX7Vh) community
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

charts/stable/pod-gateway-setter/templates/common.yaml

@@ -1,40 +0,0 @@
-{{/* Make sure all variables are set properly */}}
-{{- include "common.values.setup" . }}
-
-{{- define "pod-gateway-setter.selfSignedIssuer" -}}
-{{ printf "%s-selfsign" (include "common.names.fullname" .) }}
-{{- end -}}
-
-{{- define "pod-gateway-setter.rootCAIssuer" -}}
-{{ printf "%s-ca" (include "common.names.fullname" .) }}
-{{- end -}}
-
-{{- define "pod-gateway-setter.rootCACertificate" -}}
-{{ printf "%s-ca" (include "common.names.fullname" .) }}
-{{- end -}}
-
-{{- define "pod-gateway-setter.servingCertificate" -}}
-{{ printf "%s-webhook-tls" (include "common.names.fullname" .) }}
-{{- end -}}
-
-
-{{/* Append the cert secret to the additionalVolumes */}}
-{{- define "pod-gateway-setter.servingCertificate.volume" -}}
-name: certs
-secret:
-  secretName: {{ include "pod-gateway-setter.servingCertificate" . }}
-{{- end -}}
-
-{{- $volume := include "pod-gateway-setter.servingCertificate.volume" . | fromYaml -}}
-{{- if $volume -}}
-  {{- $additionalVolumes := append .Values.additionalVolumes $volume }}
-  {{- $_ := set .Values "additionalVolumes" (deepCopy $additionalVolumes) -}}
-{{- end -}}
-
-
-{{/* Append generated args */}}
-{{- $noop := printf "--webhook-listen-address=:%s" (.Values.service.port.port |toString) | append .Values.args | set .Values "args" -}}
-{{- $noop := printf "--gateway=%s"                  .Values.gateway                      | append .Values.args | set .Values "args" -}}
-
-{{/* Render the templates */}}
-{{ include "common.all" . }}

charts/stable/pod-gateway-setter/values.yaml

@@ -1,92 +0,0 @@
-#
-# IMPORTANT NOTE
-#
-# This chart inherits from our common library chart. You can check the default values/options here:
-# https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml
-#
-
-image:
-  repository: ghcr.io/k8s-at-home/gateway-admision-controller
-  pullPolicy: IfNotPresent
-  tag: v2.0.0
-
-# -- Gateway to route traffic to.
-# Can be an hostname or an IP
-gateway: 10.0.2.7
-
-# -- Selector for namespace.
-# All pods in this namespace will get their default gateway changed
-namespaceSelector:
-  matchLabels:
-    routed-gateway: "true"
-  # matchExpressions:
-  # - key: notTouch
-  #   operator: NotIn
-  #   values: ["1"]
-
-strategy:
-  type: RollingUpdate
-
-# Args for webhook
-# See more information in the container git repository at
-# https://github.com/k8s-at-home/gateway-admision-controller
-args:
-- --tls-cert-file-path=/tls/tls.crt
-- --tls-key-file-path=/tls/tls.key
-- --setGatewayDefault
-- --setGatewayLabel=setGateway
-- --setGatewayAnnotation=setGateway
-# - --debug
-# - --development
-# - --keepDNS
-# Set by Helm chart:
-# --webhook-listen-address=:<set to service port>
-# --gateway=<set automatically to 'gateway'>
-
-service:
-  port:
-    path: /wh/mutating/setgateway
-    port: 8080
-
-ingress:
-  enabled: false
-
-additionalVolumeMounts:
-- name: certs
-  mountPath: /tls
-  readOnly: true
-
-# Probes configuration
-probes:
-  liveness:
-    enabled: true
-    custom: true
-    spec:
-      httpGet:
-        scheme: HTTPS
-        port: 8080
-        path: /wh/health
-      initialDelaySeconds: 1
-      failureThreshold: 5
-      timeoutSeconds: 10
-  readiness:
-    enabled: true
-    custom: true
-    spec:
-      httpGet:
-        scheme: HTTPS
-        port: 8080
-        path: /wh/health
-      initialDelaySeconds: 1
-      failureThreshold: 5
-      timeoutSeconds: 10
-  startup:
-    enabled: true
-    custom: true
-    spec:
-      httpGet:
-        scheme: HTTPS
-        port: 8080
-        path: /wh/health
-      failureThreshold: 30
-      periodSeconds: 1

charts/stable/pod-gateway/.helmignore

@@ -0,0 +1,26 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+# helm-docs templates
+*.gotmpl

charts/stable/pod-gateway/Chart.yaml

@@ -1,15 +1,16 @@
 apiVersion: v2
-appVersion: 1.0.0
+appVersion: 1.2.6
 description: Admision controller to change the default gateway and DNS server of PODs
-name: pod-gateway-setter
-version: 1.0.0
+name: pod-gateway
+version: 2.1.1
 kubeVersion: ">=1.16.0-0"
 keywords:
-- pod-gateway-setter
-home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/pod-gateway-setter
-icon: https://pod-gateway-setter.org/icon
+- pod-gateway
+home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/pod-gateway
+icon: https://pod-gateway.org/icon
 sources:
-- https://github.com/pod-gateway-setter/pod-gateway-setter-docker
+- https://github.com/k8s-at-home/gateway-admision-controller
+- https://github.com/k8s-at-home/pod-gateway
 maintainers:
 - name: angelnu
   email: git@angelnu.com

charts/stable/pod-gateway/README.md

@@ -0,0 +1,278 @@
+# pod-gateway
+
+![Version: 2.1.1](https://img.shields.io/badge/Version-2.1.1-informational?style=flat-square) ![AppVersion: 1.2.6](https://img.shields.io/badge/AppVersion-1.2.6-informational?style=flat-square)
+
+Admision controller to change the default gateway and DNS server of PODs
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## Source Code
+
+* <https://github.com/k8s-at-home/gateway-admision-controller>
+* <https://github.com/k8s-at-home/pod-gateway>
+
+## Requirements
+
+Kubernetes: `>=1.16.0-0`
+
+## Dependencies
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://library-charts.k8s-at-home.com | common | 2.5.0 |
+
+## TL;DR
+
+```console
+helm repo add k8s-at-home https://k8s-at-home.com/charts/
+helm repo update
+helm install pod-gateway k8s-at-home/pod-gateway
+```
+
+## Installing the Chart
+
+To install the chart with the release name `pod-gateway`
+
+```console
+helm install pod-gateway k8s-at-home/pod-gateway
+```
+
+## Uninstalling the Chart
+
+To uninstall the `pod-gateway` deployment
+
+```console
+helm uninstall pod-gateway
+```
+
+The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
+
+## Configuration
+
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common).
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```console
+helm install pod-gateway \
+  --set env.TZ="America/New York" \
+    k8s-at-home/pod-gateway
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+
+```console
+helm install pod-gateway k8s-at-home/pod-gateway -f values.yaml
+```
+
+## Custom configuration
+
+Please check [this guide](https://docs.k8s-at-home.com/guides/pod-gateway/)
+for the full instructions.
+
+You need to add `routed-gateway=true` to the namespaces with PODs you
+want to route through this POD gateway. If needed the label name can be changed
+in .Values.
+
+The webhook by default changes all processed pods (remove `--setGatewayDefault`
+if you want to change the default). You can also change the default for a
+POD by adding a label or annotation (`setGateway` by default).
+
+Processed PODs will get their default gateway changed. DNS server will
+also be set to the gateway (at least the option `--keepDNS` is used).
+
+If you want to use the VPN please follow the
+[common chart VPN sidecar docummentation](https://github.com/k8s-at-home/library-charts/blob/main/charts/stable/common/values.yaml).
+If you want to test without VPN client you can
+set the `VPN_BLOCK_OTHER_TRAFFIC` to false.
+
+**IMPORTANT**: Do not deploy this chart to a namespace controlled by this
+webhook. This would result in a likelly deathlock when upgrading the chart.
+
+**NOTE**: This char requires the cert-manager CRD to generate the required
+certificates. It does not install it as dependency to avoid conflicts.
+
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common)
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| DNS | string | `"172.16.0.1"` | IP address of the DNS server within the vxlan tunnel. All mutated PODs will get this as their DNS server. It must match VXLAN_GATEWAY_IP in settings.sh |
+| additionalVolumeMounts[0].mountPath | string | `"/config"` |  |
+| additionalVolumeMounts[0].name | string | `"config"` |  |
+| additionalVolumeMounts[0].readOnly | bool | `true` |  |
+| addons.vpn.configFileSecret | string | `"openvpn"` |  |
+| addons.vpn.enabled | bool | `false` | Enable the VPN if you want to route through a VPN. You might also want to set VPN_BLOCK_OTHER_TRAFFIC to true for extra safeness in case the VPN does connect |
+| addons.vpn.env | string | `nil` |  |
+| addons.vpn.networkPolicy.egress[0].ports[0].port | int | `443` |  |
+| addons.vpn.networkPolicy.egress[0].ports[0].protocol | string | `"UDP"` |  |
+| addons.vpn.networkPolicy.egress[0].to[0].ipBlock.cidr | string | `"0.0.0.0/0"` |  |
+| addons.vpn.networkPolicy.egress[1].to[0].ipBlock.cidr | string | `"10.0.0.0/8"` |  |
+| addons.vpn.networkPolicy.enabled | bool | `true` |  |
+| addons.vpn.openvpn | string | `nil` |  |
+| addons.vpn.type | string | `"openvpn"` |  |
+| addons.vpn.wireguard | string | `nil` |  |
+| clusterName | string | `"cluster.local"` | cluster name used to derive the gateway full name |
+| command[0] | string | `"/bin/gateway_sidecar.sh"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"ghcr.io/k8s-at-home/pod-gateway"` |  |
+| image.tag | string | `"v1.2.6"` |  |
+| initContainers[0].command[0] | string | `"/bin/gateway_init.sh"` |  |
+| initContainers[0].image | string | `nil` | Will be set automatically |
+| initContainers[0].imagePullPolicy | string | `nil` | Will be set automatically |
+| initContainers[0].name | string | `"routes"` |  |
+| initContainers[0].securityContext.privileged | bool | `true` |  |
+| initContainers[0].volumeMounts[0].mountPath | string | `"/config"` |  |
+| initContainers[0].volumeMounts[0].name | string | `"config"` |  |
+| initContainers[0].volumeMounts[0].readOnly | bool | `true` |  |
+| probes.liveness.enabled | bool | `false` |  |
+| probes.readiness.enabled | bool | `false` |  |
+| probes.startup.enabled | bool | `false` |  |
+| publicPorts | string | `nil` | settings to expose ports, usually through a VPN provider. NOTE: if you change it you will need to manually restart the gateway POD |
+| routed_namespaces | list | `[]` | Namespaces that might contain routed PODs and therefore require a copy of the gneerated settings configmap. |
+| securityContext.capabilities.add[0] | string | `"NET_ADMIN"` |  |
+| service.clusterIP | string | `"None"` |  |
+| service.port.port | int | `4789` |  |
+| service.port.protocol | string | `"UDP"` |  |
+| service.type | string | `"ClusterIP"` |  |
+| settings.DNS_LOCAL_CIDRS | string | `"local"` | DNS queries to these domains will be resolved by K8S DNS instead of the default (typcally the VPN client changes it) |
+| settings.NOT_ROUTED_TO_GATEWAY_CIDRS | string | `""` | IPs not sent to the POD gateway but to the default K8S. Multiple CIDRs can be specified using blanks as separator. Example for Calico: ""172.22.0.0/16 172.24.0.0/16" This is needed, for example, in case your CNI does not add a non-default rule for the K8S addresses (Flannel does). |
+| settings.VPN_BLOCK_OTHER_TRAFFIC | bool | `false` | Prevent non VPN traffic to leave the gateway |
+| settings.VPN_INTERFACE | string | `"tun0"` | If using a VPN, interface name created by it |
+| settings.VPN_LOCAL_CIDRS | string | `"10.0.0.0/8 192.168.0.0/16"` | Traffic to these IPs will be send through the K8S gateway |
+| settings.VPN_TRAFFIC_PORT | int | `443` | If VPN_BLOCK_OTHER_TRAFFIC is true, allow VPN traffic over this port |
+| settings.VXLAN_GATEWAY_FIRST_DYNAMIC_IP | int | `20` | Keep a range of IPs for static assignment in nat.conf |
+| settings.VXLAN_ID | int | `42` | Vxlan ID to use |
+| settings.VXLAN_IP_NETWORK | string | `"172.16.0"` | VXLAN needs an /24 IP range not conflicting with K8S and local IP ranges |
+| webhook.additionalVolumes | list | `[]` |  |
+| webhook.args[0] | string | `"--tls-cert-file-path=/tls/tls.crt"` |  |
+| webhook.args[1] | string | `"--tls-key-file-path=/tls/tls.key"` |  |
+| webhook.args[2] | string | `"--setGatewayDefault"` |  |
+| webhook.args[3] | string | `"--setGatewayLabel=setGateway"` |  |
+| webhook.args[4] | string | `"--setGatewayAnnotation=setGateway"` |  |
+| webhook.args[5] | string | `"--DNSPolicy=None"` |  |
+| webhook.image.pullPolicy | string | `"IfNotPresent"` |  |
+| webhook.image.repository | string | `"ghcr.io/k8s-at-home/gateway-admision-controller"` |  |
+| webhook.image.tag | string | `"v3.3.2"` |  |
+| webhook.inserted.init.cmd | string | `"/bin/client_init.sh"` |  |
+| webhook.inserted.init.mountPath | string | `"/config"` |  |
+| webhook.inserted.init.pullPolicy | string | `nil` | Will be set automatically |
+| webhook.inserted.init.repository | string | `nil` | Will be set automatically |
+| webhook.inserted.init.tag | string | `nil` | Will be set automatically |
+| webhook.inserted.sidecar.cmd | string | `"/bin/client_sidecar.sh"` |  |
+| webhook.inserted.sidecar.mountPath | string | `"/config"` |  |
+| webhook.inserted.sidecar.pullPolicy | string | `nil` | Will be set automatically |
+| webhook.inserted.sidecar.repository | string | `nil` | Will be set automatically |
+| webhook.inserted.sidecar.tag | string | `nil` | Will be set automatically |
+| webhook.namespaceSelector | object | `{"matchLabels":{"routed-gateway":"true"}}` | Selector for namespace. All pods in this namespace will get their default gateway changed |
+| webhook.replicas | int | `1` |  |
+| webhook.service.port.path | string | `"/wh/mutating/setgateway"` |  |
+| webhook.service.port.port | int | `8080` |  |
+| webhook.service.port.protocol | string | `"HTTPS"` |  |
+| webhook.strategy.type | string | `"RollingUpdate"` |  |
+
+## Changelog
+
+All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog).
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+### [2.1.1]
+
+#### Added
+
+- Tolerate PODs that do not include namespace
+- fix for missing VXLAN_GATEWAY_IP
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[2.1.1]: #2.1.1
+
+### [2.1.0]
+
+#### Added
+
+- set Search and Options when DNSPolicy is "None"
+- update instructions
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[2.1.0]: #2.1.0
+
+### [2.0.0]
+
+#### Added
+
+- N/A
+
+#### Changed
+
+- run gateway init container as privileged
+- configmap is now a dictionary instead of a long string
+- only modifed settings need to be specified
+
+#### Removed
+
+- N/A
+
+[2.0.0]: #2.0.0
+
+### [1.0.1]
+
+#### Added
+
+- N/A
+
+#### Changed
+
+- remove test container - sidecar allows exec as well
+- remove hardcoded namespaces for configmaps
+
+#### Removed
+
+- N/A
+
+[1.0.1]: #1.0.1
+
+### [1.0.0]
+
+#### Added
+
+- renamed chart from `pod-gateway-setter` to `pod-gateway`
+- sidecar support
+- gatewaySufix
+- init container uses now an image
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[1.0.0]: #1.0.0
+
+## Support
+
+- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/)
+- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose)
+- Ask a [question](https://github.com/k8s-at-home/organization/discussions)
+- Join our [Discord](https://discord.gg/sTMX7Vh) community
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

charts/stable/pod-gateway/README.md.gotmpl

@@ -0,0 +1,146 @@
+{{- define "custom.repository.organization" -}}
+k8s-at-home
+{{- end -}}
+
+{{- define "custom.repository.url" -}}
+https://github.com/k8s-at-home/charts
+{{- end -}}
+
+{{- define "custom.helm.url" -}}
+https://k8s-at-home.com/charts/
+{{- end -}}
+
+{{- define "custom.helm.path" -}}
+{{ template "custom.repository.organization" . }}/{{ template "chart.name" . }}
+{{- end -}}
+
+{{- define "custom.notes" -}}
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+{{- end -}}
+
+{{- define "custom.requirements" -}}
+## Requirements
+
+{{ template "chart.kubeVersionLine" . }}
+{{- end -}}
+
+{{- define "custom.dependencies" -}}
+## Dependencies
+
+{{ template "chart.requirementsTable" . }}
+{{- end -}}
+
+{{- define "custom.install.tldr" -}}
+## TL;DR
+
+```console
+helm repo add {{ template "custom.repository.organization" . }} {{ template "custom.helm.url" . }}
+helm repo update
+helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }}
+```
+{{- end -}}
+
+{{- define "custom.install" -}}
+## Installing the Chart
+
+To install the chart with the release name `{{ template "chart.name" . }}`
+
+```console
+helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }}
+```
+{{- end -}}
+
+{{- define "custom.uninstall" -}}
+## Uninstalling the Chart
+
+To uninstall the `{{ template "chart.name" . }}` deployment
+
+```console
+helm uninstall {{ template "chart.name" . }}
+```
+
+The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
+{{- end -}}
+
+{{- define "custom.configuration.header" -}}
+## Configuration
+{{- end -}}
+
+{{- define "custom.configuration.readValues" -}}
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common).
+{{- end -}}
+
+{{- define "custom.configuration.example.set" -}}
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```console
+helm install {{ template "chart.name" . }} \
+  --set env.TZ="America/New York" \
+    {{ template "custom.helm.path" . }}
+```
+{{- end -}}
+
+{{- define "custom.configuration.example.file" -}}
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+
+```console
+helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} -f values.yaml
+```
+{{- end -}}
+
+{{- define "custom.valuesSection" -}}
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common)
+
+{{ template "chart.valuesTable" . }}
+{{- end -}}
+
+{{- define "custom.support" -}}
+## Support
+
+- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/)
+- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose)
+- Ask a [question](https://github.com/k8s-at-home/organization/discussions)
+- Join our [Discord](https://discord.gg/sTMX7Vh) community
+{{- end -}}
+
+{{ template "chart.header" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "custom.notes" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "custom.requirements" . }}
+
+{{ template "custom.dependencies" . }}
+
+{{ template "custom.install.tldr" . }}
+
+{{ template "custom.install" . }}
+
+{{ template "custom.uninstall" . }}
+
+{{ template "custom.configuration.header" . }}
+
+{{ template "custom.configuration.readValues" . }}
+
+{{ template "custom.configuration.example.set" . }}
+
+{{ template "custom.configuration.example.file" . }}
+
+{{ template "custom.custom.configuration" . }}
+
+{{ template "custom.valuesSection" . }}
+
+{{ template "custom.changelog" . }}
+
+{{ template "custom.support" . }}
+
+{{ template "helm-docs.versionFooter" . }}
+{{ "" }}

charts/stable/pod-gateway/README_CHANGELOG.md.gotmpl

@@ -0,0 +1,99 @@
+{{- define "custom.changelog.header" -}}
+## Changelog
+{{- end -}}
+
+{{- define "custom.changelog" -}}
+{{ template "custom.changelog.header" . }}
+
+All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog).
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+### [2.1.1]
+
+#### Added
+
+- Tolerate PODs that do not include namespace
+- fix for missing VXLAN_GATEWAY_IP
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[2.1.1]: #2.1.1
+
+### [2.1.0]
+
+#### Added
+
+- set Search and Options when DNSPolicy is "None"
+- update instructions
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[2.1.0]: #2.1.0
+
+### [2.0.0]
+
+#### Added
+
+- N/A
+
+#### Changed
+
+- run gateway init container as privileged
+- configmap is now a dictionary instead of a long string
+- only modifed settings need to be specified
+
+#### Removed
+
+- N/A
+
+[2.0.0]: #2.0.0
+
+### [1.0.1]
+
+#### Added
+
+- N/A
+
+#### Changed
+
+- remove test container - sidecar allows exec as well
+- remove hardcoded namespaces for configmaps
+
+#### Removed
+
+- N/A
+
+[1.0.1]: #1.0.1
+
+### [1.0.0]
+
+#### Added
+
+- renamed chart from `pod-gateway-setter` to `pod-gateway`
+- sidecar support
+- gatewaySufix
+- init container uses now an image
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[1.0.0]: #1.0.0
+{{- end -}}

charts/stable/pod-gateway/README_CONFIG.md.gotmpl

@@ -5,9 +5,12 @@
 {{- define "custom.custom.configuration" -}}
 {{ template "custom.custom.configuration.header" . }}
 
-You need to set `gateway` to the hostname or address of your gateway. Then
-all PODs in namespaces with the matching label (`routed-gateway=true` by default)
-will be processed by the webhook.
+Please check [this guide](https://docs.k8s-at-home.com/guides/pod-gateway/)
+for the full instructions.
+
+You need to add `routed-gateway=true` to the namespaces with PODs you
+want to route through this POD gateway. If needed the label name can be changed
+in .Values.
 
 The webhook by default changes all processed pods (remove `--setGatewayDefault`
 if you want to change the default). You can also change the default for a
@@ -16,14 +19,15 @@ POD by adding a label or annotation (`setGateway` by default).
 Processed PODs will get their default gateway changed. DNS server will
 also be set to the gateway (at least the option `--keepDNS` is used).
 
-Multiple instances of this chart might be installed that use different label
-values. This is usufull, for example, to route multiple pod groups, each with
-a different gateway.
+If you want to use the VPN please follow the
+[common chart VPN sidecar docummentation](https://github.com/k8s-at-home/library-charts/blob/main/charts/stable/common/values.yaml).
+If you want to test without VPN client you can
+set the `VPN_BLOCK_OTHER_TRAFFIC` to false.
 
 **IMPORTANT**: Do not deploy this chart to a namespace controlled by this
 webhook. This would result in a likelly deathlock when upgrading the chart.
 
 **NOTE**: This char requires the cert-manager CRD to generate the required
-certificates.
+certificates. It does not install it as dependency to avoid conflicts.
 
 {{- end -}}

charts/stable/pod-gateway/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/stable/pod-gateway/templates/common.yaml

@@ -0,0 +1,22 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "common.values.setup" . }}
+
+{{- $_ := set (first .Values.initContainers ) "image" (printf "%s:%s" .Values.image.repository .Values.image.tag ) -}}
+{{- $_ := set (first .Values.initContainers ) "imagePullPolicy" .Values.image.pullPolicy -}}
+
+{{/* Append the cert secret to the additionalVolumes */}}
+{{- define "pod-gateway.settings.volume" -}}
+name: config
+configMap:
+  name: {{ include "pod-gateway.configmap" . }}
+  defaultMode: 0555
+{{- end -}}
+
+{{- $volume := include "pod-gateway.settings.volume" . | fromYaml -}}
+{{- if $volume -}}
+  {{- $additionalVolumes := append .Values.additionalVolumes $volume }}
+  {{- $_ := set .Values "additionalVolumes" (deepCopy $additionalVolumes) -}}
+{{- end -}}
+
+{{/* Render the templates */}}
+{{ include "common.all" . }}

charts/stable/pod-gateway/templates/configmap.yaml

@@ -0,0 +1,30 @@
+{{- range $namespace := append .Values.routed_namespaces .Release.Namespace }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "pod-gateway.configmap" $ | quote }}
+  namespace: {{ $namespace }}
+  labels:
+    {{- include "common.labels" $ | nindent 4 }}
+data:
+  settings.sh: |
+    #!/bin/sh
+    # Generated by {{ include "common.names.fullname" $ }}
+    {{- range $key, $value := $.Values.settings }}
+    {{ $key }}={{ $value | quote }}
+    {{- end }}
+  nat.conf: |
+    # Generated by {{ include "common.names.fullname" $ }}
+    {{- range $entry := $.Values.publicPorts }}
+    {{ $entry.hostname | required "Missing hostname" }} {{ $entry.IP | required "Missing IP" }}
+      {{- range $index, $port := $entry.ports -}}
+        {{- if eq $index 0 -}}
+          {{- print " " -}}
+        {{- else -}}
+          {{- print "," -}}
+        {{- end -}}
+        {{- $port.type | required "Missing port type" }}:{{ $port.port | required "Missing port number" -}}
+      {{- end }}
+    {{- end }}
+{{- end -}}

charts/stable/pod-gateway/templates/webhook-admissionregistration.yaml

@@ -5,11 +5,11 @@ metadata:
   labels:
     {{- include "common.labels" . | nindent 4 }}
   annotations:
-    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "pod-gateway-setter.servingCertificate" . }}"
+    cert-manager.io/inject-ca-from: "{{ .Release.Namespace }}/{{ include "pod-gateway.servingCertificate" . }}"
 webhooks:
 - name: "{{ include "common.names.fullname" . }}.svc.cluster.local"
   namespaceSelector:
-  {{- with .Values.namespaceSelector }}
+  {{- with .Values.webhook.namespaceSelector }}
     {{ toYaml . | nindent 4 }}
   {{- end }}
   rules:
@@ -21,9 +21,9 @@ webhooks:
   clientConfig:
     service:
       namespace: {{ .Release.Namespace | quote }}
-      name: {{ include "common.names.fullname" . | quote }}
-      path: {{ .Values.service.port.path | quote }}
-      port: {{ .Values.service.port.port }}
+      name: {{ include "common.names.fullname" . }}-webhook
+      path: {{ .Values.webhook.service.port.path | quote }}
+      port: {{ .Values.webhook.service.port.port }}
   admissionReviewVersions: ["v1", "v1beta1"]
   sideEffects: None
   timeoutSeconds: 5

charts/stable/pod-gateway/templates/webhook-common.yaml

@@ -0,0 +1,64 @@
+{{/* Make sure all variables are set properly */}}
+{{- include "common.values.setup" . }}
+
+{{- $_ := set .Values.webhook.inserted.init    "repository" .Values.image.repository -}}
+{{- $_ := set .Values.webhook.inserted.init    "tag"        .Values.image.tag -}}
+{{- $_ := set .Values.webhook.inserted.init    "pullPolicy" .Values.image.pullPolicy -}}
+{{- $_ := set .Values.webhook.inserted.sidecar "repository" .Values.image.repository -}}
+{{- $_ := set .Values.webhook.inserted.sidecar "tag"        .Values.image.tag -}}
+{{- $_ := set .Values.webhook.inserted.sidecar "pullPolicy" .Values.image.pullPolicy -}}
+
+{{- define "pod-gateway.webhook-inserted-init-repository" -}}
+{{ printf "%s:%s" ( .Values.image.repository | default .Values.webhook.inserted.init.repository ) ( .Values.image.tag | default .Values.webhook.inserted.init.tag ) }}
+{{- end -}}
+
+{{- define "pod-gateway.webhook-inserted-init-pullPolicy" -}}
+{{ .Values.webhook.inserted.init.pullPolicy | default .Values.image.pullPolicy }}
+{{- end -}}
+
+{{- define "pod-gateway.webhook-inserted-sidecar-repository" -}}
+{{ printf "%s:%s" ( .Values.image.repository | default .Values.webhook.inserted.sidecar.repository ) ( .Values.image.tag | default .Values.webhook.inserted.sidecar.tag ) }}
+{{- end -}}
+
+{{- define "pod-gateway.webhook-inserted-sidecar-pullPolicy" -}}
+{{ .Values.webhook.inserted.sidecar.pullPolicy | default .Values.image.pullPolicy }}
+{{- end -}}
+
+{{- define "pod-gateway.gateway" -}}
+{{ printf "%s.%s.svc.%s" (include "common.names.fullname" .) .Release.Namespace .Values.clusterName }}
+{{- end -}}
+
+{{- define "pod-gateway.init.image" -}}
+{{ printf "%s:%s" .Values.webhook.inserted.init.repository (.Values.webhook.inserted.init.tag | default "latest" ) }}
+{{- end -}}
+
+{{- define "pod-gateway.sidecar.image" -}}
+{{ printf "%s:%s" .Values.webhook.inserted.sidecar.repository (.Values.webhook.inserted.sidecar.tag | default "latest" ) }}
+{{- end -}}
+
+{{- define "pod-gateway.configmap" -}}
+{{ include "common.names.fullname" . }}
+{{- end -}}
+
+
+{{- define "pod-gateway.selfSignedIssuer" -}}
+{{ printf "%s-webhook-selfsign" (include "common.names.fullname" .) }}
+{{- end -}}
+
+{{- define "pod-gateway.rootCAIssuer" -}}
+{{ printf "%s-webhook-ca" (include "common.names.fullname" .) }}
+{{- end -}}
+
+{{- define "pod-gateway.rootCACertificate" -}}
+{{ printf "%s-webhook-ca" (include "common.names.fullname" .) }}
+{{- end -}}
+
+{{- define "pod-gateway.servingCertificate" -}}
+{{ printf "%s-webhook-tls" (include "common.names.fullname" .) }}
+{{- end -}}
+
+
+{{- define "pod-gateway.labels.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "common.names.name" . }}-webhook
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}

charts/stable/pod-gateway/templates/webhook-deployment.yaml

@@ -0,0 +1,101 @@
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  name: {{ include "common.names.fullname" . }}-webhook
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+    {{- with .Values.webhook.controllerLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.webhook.controllerAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  replicas: {{ .Values.webhook.replicas }}
+  {{- with .Values.webhook.strategy }}
+  strategy:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{ include "pod-gateway.labels.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.webhook.podAnnotations }}
+      annotations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+      {{ include "pod-gateway.labels.selectorLabels" . | nindent 8 }}
+    spec:
+      volumes:
+        - name: certs
+          secret:
+            secretName: {{ include "pod-gateway.servingCertificate" . }}
+            defaultMode: 420
+      containers:
+        - name: foo-pod-gateway
+          image: {{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag }}
+          args:
+            - --webhook-listen-address=:{{ .Values.webhook.service.port.port |toString }}
+            - --gateway={{ include "pod-gateway.gateway" . }}
+            - --DNS={{ .Values.DNS }}
+            - --configmapName={{ include "pod-gateway.configmap" . }}
+            {{- if ( include "pod-gateway.webhook-inserted-init-repository" . ) }}
+            - --initImage={{ include "pod-gateway.webhook-inserted-init-repository" . }}
+            - --initImagePullPol={{ include "pod-gateway.webhook-inserted-init-pullPolicy" . }}
+            - --initCmd={{ .Values.webhook.inserted.init.cmd }}
+            - --initMountPoint={{ .Values.webhook.inserted.init.mountPath }}
+            {{- end}}
+            {{- if ( include "pod-gateway.webhook-inserted-sidecar-repository" . ) }}
+            - --sidecarImage={{ include "pod-gateway.webhook-inserted-init-repository" . }}
+            - --sidecarImagePullPol={{ include "pod-gateway.webhook-inserted-sidecar-pullPolicy" . }}
+            - --sidecarCmd={{ .Values.webhook.inserted.sidecar.cmd }}
+            - --sidecarMountPoint={{ .Values.webhook.inserted.sidecar.mountPath }}
+            {{- end}}
+            {{ toYaml .Values.webhook.args | nindent 12 }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.webhook.service.port.port }}
+              protocol: TCP
+          resources: {}
+          volumeMounts:
+            - name: certs
+              readOnly: true
+              mountPath: /tls
+          livenessProbe:
+            httpGet:
+              path: /wh/health
+              port: {{ .Values.webhook.service.port.port }}
+              scheme: {{ .Values.webhook.service.port.protocol }}
+            initialDelaySeconds: 1
+            timeoutSeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 5
+          readinessProbe:
+            httpGet:
+              path: /wh/health
+              port: {{ .Values.webhook.service.port.port }}
+              scheme: {{ .Values.webhook.service.port.protocol }}
+            initialDelaySeconds: 1
+            timeoutSeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            failureThreshold: 5
+          startupProbe:
+            httpGet:
+              path: /wh/health
+              port: {{ .Values.webhook.service.port.port }}
+              scheme: {{ .Values.webhook.service.port.protocol }}
+            timeoutSeconds: 1
+            periodSeconds: 1
+            successThreshold: 1
+            failureThreshold: 30
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: {{ .Values.webhook.image.pullPolicy }}
+      restartPolicy: Always
+  strategy:
+    type: {{ .Values.webhook.strategy.type }}

charts/stable/pod-gateway/templates/webhook-pki.yaml

@@ -4,7 +4,7 @@
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
-  name: {{ include "pod-gateway-setter.selfSignedIssuer" . }}
+  name: {{ include "pod-gateway.selfSignedIssuer" . }}
   namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
@@ -17,17 +17,17 @@ spec:
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: {{ include "pod-gateway-setter.rootCACertificate" . }}
+  name: {{ include "pod-gateway.rootCACertificate" . }}
   namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
 spec:
-  secretName: {{ include "pod-gateway-setter.rootCACertificate" . }}
+  secretName: {{ include "pod-gateway.rootCACertificate" . }}
   duration: 43800h # 5y
   issuerRef:
-    name: {{ include "pod-gateway-setter.selfSignedIssuer" . }}
+    name: {{ include "pod-gateway.selfSignedIssuer" . }}
     kind: Issuer
-  commonName: "ca.pod-gateway-setter.cert-manager"
+  commonName: "ca.pod-gateway.cert-manager"
   isCA: true
 
 ---
@@ -36,13 +36,13 @@ spec:
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
-  name: {{ include "pod-gateway-setter.rootCAIssuer" . }}
+  name: {{ include "pod-gateway.rootCAIssuer" . }}
   namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
 spec:
   ca:
-    secretName: {{ include "pod-gateway-setter.rootCACertificate" . }}
+    secretName: {{ include "pod-gateway.rootCACertificate" . }}
 
 ---
 
@@ -50,17 +50,17 @@ spec:
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
-  name: {{ include "pod-gateway-setter.servingCertificate" . }}
+  name: {{ include "pod-gateway.servingCertificate" . }}
   namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "common.labels" . | nindent 4 }}
 spec:
-  secretName: {{ include "pod-gateway-setter.servingCertificate" . }}
+  secretName: {{ include "pod-gateway.servingCertificate" . }}
   duration: 8760h # 1y
   issuerRef:
-    name: {{ include "pod-gateway-setter.rootCAIssuer" . }}
+    name: {{ include "pod-gateway.rootCAIssuer" . }}
     kind: Issuer
   dnsNames:
-  - {{ include "common.names.fullname" . }}
-  - {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}
-  - {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc
+  - {{ include "common.names.fullname" . }}-webhook
+  - {{ include "common.names.fullname" . }}-webhook.{{ .Release.Namespace }}
+  - {{ include "common.names.fullname" . }}-webhook.{{ .Release.Namespace }}.svc

charts/stable/pod-gateway/templates/webhook-service.yaml

@@ -0,0 +1,32 @@
+{{- $values := .Values.webhook.service -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.names.fullname" . }}-webhook
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  {{- if $values.labels }}
+    {{ toYaml $values.labels | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- if eq ( $values.port.protocol | default "" ) "HTTPS" }}
+    traefik.ingress.kubernetes.io/service.serversscheme: https
+  {{- end }}
+  {{- with $values.annotations }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  {{- if $values.clusterIP }}
+  clusterIP: {{ $values.clusterIP }}
+  {{end}}
+  {{- if $values.sessionAffinity }}
+  sessionAffinity: {{ $values.sessionAffinity }}
+  {{- if $values.sessionAffinityConfig }}
+  sessionAffinityConfig:
+    {{ toYaml $values.sessionAffinityConfig | nindent 4 }}
+  {{- end -}}
+  {{- end }}
+  {{- include "common.classes.service.ports" (dict "svcType" "ClusterIP" "values" $values ) | trim | nindent 2 }}
+  selector:
+    {{- include "pod-gateway.labels.selectorLabels" . | nindent 4 }}

charts/stable/pod-gateway/values.yaml

@@ -0,0 +1,225 @@
+#
+# IMPORTANT NOTE
+#
+# This chart inherits from our common library chart. You can check the default values/options here:
+# https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml
+#
+
+image:
+  repository: ghcr.io/k8s-at-home/pod-gateway
+  pullPolicy: IfNotPresent
+  tag: v1.2.6
+
+# -- IP address of the DNS server within the vxlan tunnel.
+# All mutated PODs will get this as their DNS server.
+# It must match VXLAN_GATEWAY_IP in settings.sh
+DNS: 172.16.0.1
+
+# -- cluster name used to derive the gateway full name
+clusterName: "cluster.local"
+
+# -- Namespaces that might contain routed PODs and therefore
+# require a copy of the gneerated settings configmap.
+routed_namespaces: []
+# - vpn
+
+settings:
+  # -- IPs not sent to the POD gateway but to the default K8S.
+  # Multiple CIDRs can be specified using blanks as separator.
+  # Example for Calico: ""172.22.0.0/16 172.24.0.0/16"
+  #
+  # This is needed, for example, in case your CNI does
+  # not add a non-default rule for the K8S addresses (Flannel does).
+  NOT_ROUTED_TO_GATEWAY_CIDRS: ""
+
+  # -- Vxlan ID to use
+  VXLAN_ID: 42
+  # -- VXLAN needs an /24 IP range not conflicting with K8S and local IP ranges
+  VXLAN_IP_NETWORK: "172.16.0"
+  # -- Keep a range of IPs for static assignment in nat.conf
+  VXLAN_GATEWAY_FIRST_DYNAMIC_IP: 20
+
+  # -- If using a VPN, interface name created by it
+  VPN_INTERFACE: tun0
+  # -- Prevent non VPN traffic to leave the gateway
+  VPN_BLOCK_OTHER_TRAFFIC: false
+  # -- If VPN_BLOCK_OTHER_TRAFFIC is true, allow VPN traffic over this port
+  VPN_TRAFFIC_PORT: 443
+  # -- Traffic to these IPs will be send through the K8S gateway
+  VPN_LOCAL_CIDRS: "10.0.0.0/8 192.168.0.0/16"
+
+  # -- DNS queries to these domains will be resolved by K8S DNS instead of
+  # the default (typcally the VPN client changes it)
+  DNS_LOCAL_CIDRS: "local"
+
+# -- settings to expose ports, usually through a VPN provider.
+# NOTE: if you change it you will need to manually restart the gateway POD
+publicPorts:
+# - hostname: qbittorrent
+#   IP: 10
+#   ports:
+#   - type: udp
+#     port: 18289
+#   - type: tcp
+#     port: 18289
+
+addons:
+  vpn:
+    # -- Enable the VPN if you want to route through a VPN.
+    # You might also want to set VPN_BLOCK_OTHER_TRAFFIC to true
+    # for extra safeness in case the VPN does connect
+    enabled: false
+    type: openvpn
+    openvpn:
+    wireguard:
+    env:
+    configFileSecret: openvpn
+    networkPolicy:
+      enabled: true
+      egress:
+        # Allow only VPN traffic to Internet
+        - to:
+          - ipBlock:
+              cidr: 0.0.0.0/0
+          ports:
+          # VPN traffic (default OpenVPN)
+          - port: 443
+            protocol: UDP
+        # Allow any traffic within k8s
+        - to:
+          - ipBlock:
+              # Cluster IPs (default k3s)
+              cidr: 10.0.0.0/8
+
+
+# You should not need to change the settings bellow this
+# at least you have ready the webhook and pod-gateway containers
+# documentation
+
+command:
+- /bin/gateway_sidecar.sh
+
+securityContext:
+  capabilities:
+    add:
+      - NET_ADMIN
+
+additionalVolumeMounts:
+- name: config
+  mountPath: /config
+  readOnly: true
+
+initContainers:
+- name: "routes"
+  # -- Will be set automatically
+  # @default -- <image.repository>:<image.tag>
+  image:
+  # -- Will be set automatically
+  # @default -- <image.pullPolicy>
+  imagePullPolicy:
+  command:
+  - /bin/gateway_init.sh
+  securityContext:
+    privileged: true
+  volumeMounts:
+  - name: config
+    mountPath: /config
+    readOnly: true
+
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false
+  startup:
+    enabled: false
+
+service:
+  type: ClusterIP
+  clusterIP: None
+  port:
+    port: 4789
+    protocol: UDP
+
+webhook:
+  image:
+    repository: ghcr.io/k8s-at-home/gateway-admision-controller
+    pullPolicy: IfNotPresent
+    tag: v3.3.2
+
+  # -- Selector for namespace.
+  # All pods in this namespace will get their default gateway changed
+  namespaceSelector:
+    matchLabels:
+      routed-gateway: "true"
+    # matchExpressions:
+    # - key: notTouch
+    #   operator: NotIn
+    #   values: ["1"]
+
+  additionalVolumes: []
+
+
+  inserted:
+    init:
+      # -- Will be set automatically
+      # @default -- <image.repository>
+      repository:
+      # -- Will be set automatically
+      # @default -- <image.pullPolicy>
+      pullPolicy:
+      # -- Will be set automatically
+      # @default -- <image.tag>
+      tag:
+      cmd: /bin/client_init.sh
+      mountPath: /config
+
+    sidecar:
+      # -- Will be set automatically
+      # @default -- <image.repository>
+      repository:
+      # -- Will be set automatically
+      # @default -- <image.pullPolicy>
+      pullPolicy:
+      # -- Will be set automatically
+      # @default -- <image.tag>
+      tag:
+      cmd: /bin/client_sidecar.sh
+      mountPath: /config
+
+  replicas: 1
+
+  strategy:
+    type: RollingUpdate
+
+  # Args for webhook
+  # See more information in the container git repository at
+  # https://github.com/k8s-at-home/gateway-admision-controller
+  args:
+  - --tls-cert-file-path=/tls/tls.crt
+  - --tls-key-file-path=/tls/tls.key
+  - --setGatewayDefault
+  - --setGatewayLabel=setGateway
+  - --setGatewayAnnotation=setGateway
+  - --DNSPolicy=None
+  # - --debug
+  # - --development
+  # Set by Helm chart:
+  # --webhook-listen-address=:<set to service port>
+  # --gateway=<set automatically to 'gateway'>
+  # --DNS=<set automatically to 'gateway'>
+  # --initImage
+  # --initImagePullPol
+  # --initCmd
+  # --initMountPoint
+  # --sidecarImage
+  # --sidecarImagePullPol
+  # --sidecarCmd
+  # --sidecarMountPoint
+  # --configmapName
+
+  service:
+    port:
+      path: /wh/mutating/setgateway
+      protocol: HTTPS
+      port: 8080

charts/stable/syncthing/Chart.yaml

@@ -1,8 +1,8 @@
 apiVersion: v2
-appVersion: 1.16.1
+appVersion: 1.17.0
 description: Open Source Continuous File Synchronization
 name: syncthing
-version: 1.3.0
+version: 1.3.1
 kubeVersion: ">=1.16.0-0"
 keywords:
 - syncthing
@@ -15,6 +15,7 @@ sources:
 maintainers:
 - name: FlipEnergy
   email: dennis.zhang.nrg@gmail.com
+- name: claughinghouse
 dependencies:
 - name: common
   repository: https://library-charts.k8s-at-home.com

charts/stable/syncthing/README.md

@@ -1,6 +1,6 @@
 # syncthing
 
-![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: 1.16.1](https://img.shields.io/badge/AppVersion-1.16.1-informational?style=flat-square)
+![Version: 1.3.1](https://img.shields.io/badge/Version-1.3.1-informational?style=flat-square) ![AppVersion: 1.17.0](https://img.shields.io/badge/AppVersion-1.17.0-informational?style=flat-square)
 
 Open Source Continuous File Synchronization
 
@@ -78,7 +78,7 @@ N/A
 |-----|------|---------|-------------|
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"syncthing/syncthing"` |  |
-| image.tag | string | `"1.16.1"` |  |
+| image.tag | string | `"1.17.0"` |  |
 | ingress.enabled | bool | `false` |  |
 | persistence.data.emptyDir.enabled | bool | `false` |  |
 | persistence.data.enabled | bool | `false` |  |
@@ -108,6 +108,20 @@ All notable changes to this application Helm chart will be documented in this fi
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+### [1.3.1]
+
+#### Added
+
+- N/A
+
+#### Changed
+
+- Updated syncthing container image version to `v1.17.0`.
+
+#### Removed
+
+- N/A
+
 ### [1.3.0]
 
 #### Added
@@ -151,6 +165,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 - N/A
 
+[1.3.1]: #1.3.1
 [1.3.0]: #1.3.0
 [1.1.2]: #1.1.2
 [1.0.0]: #1.0.0

charts/stable/syncthing/README_CHANGELOG.md.gotmpl

@@ -9,6 +9,20 @@ All notable changes to this application Helm chart will be documented in this fi
 
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+### [1.3.1]
+
+#### Added
+
+- N/A
+
+#### Changed
+
+- Updated syncthing container image version to `v1.17.0`.
+
+#### Removed
+
+- N/A
+
 ### [1.3.0]
 
 #### Added
@@ -52,6 +66,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 - N/A
 
+[1.3.1]: #1.3.1
 [1.3.0]: #1.3.0
 [1.1.2]: #1.1.2
 [1.0.0]: #1.0.0

charts/stable/syncthing/values.yaml

@@ -8,7 +8,7 @@
 image:
   repository: syncthing/syncthing
   pullPolicy: IfNotPresent
-  tag: 1.16.1
+  tag: 1.17.0
 
 strategy:
   type: Recreate