diff --git a/charts/netbird/Chart.yaml b/charts/netbird/Chart.yaml index 266849d..f341066 100644 --- a/charts/netbird/Chart.yaml +++ b/charts/netbird/Chart.yaml @@ -3,6 +3,6 @@ apiVersion: v2 name: netbird description: NetBird VPN management platform type: application -version: 1.9.0 -appVersion: "0.46.0" +version: 2.0.0 +appVersion: "0.67.1" icon: https://images.crunchbase.com/image/upload/c_pad,h_256,w_256,f_auto,q_auto:eco,dpr_1/kuu5tm1wt09ztp6ctlag diff --git a/charts/netbird/README.md b/charts/netbird/README.md index 913461c..90a6bf4 100644 --- a/charts/netbird/README.md +++ b/charts/netbird/README.md @@ -55,7 +55,7 @@ The following table lists the configurable parameters of the NetBird Helm chart | dashboard.envRaw | list | `[]` | | | dashboard.image.pullPolicy | string | `"IfNotPresent"` | | | dashboard.image.repository | string | `"netbirdio/dashboard"` | | -| dashboard.image.tag | string | `"v2.13.1"` | | +| dashboard.image.tag | string | `"v2.36.0"` | | | dashboard.imagePullSecrets | list | `[]` | | | dashboard.ingress.annotations | object | `{}` | | | dashboard.ingress.className | string | `""` | | @@ -94,31 +94,41 @@ The following table lists the configurable parameters of the NetBird Helm chart | management.volumeMounts | list | `[]` | | | management.volumes | list | `[]` | | | management.affinity | object | `{}` | | -| management.configmap | string | `""` | | +| management.configYaml | string | `""` | | +| management.envsubst.enabled | bool | `false` | | +| management.envsubst.allowedPrefix | string | `"NETBIRD_"` | | +| management.envsubst.env | object | `{}` | | +| management.envsubst.envFromSecret | object | `{}` | | +| management.envsubst.envRaw | list | `[]` | | +| management.initContainers | list | `[]` | | | management.containerPort | int | `80` | | | management.deploymentAnnotations | object | `{}` | | | management.enabled | bool | `true` | | | management.env | object | `{}` | | | management.envFromSecret | object | `{}` | | | management.envRaw | list | `[]` | | -| management.grpcContainerPort | int | `33073` | | +| management.grpcContainerPort | int | `80` | | +| management.stunContainerPort | int | `3478` | | | management.image.pullPolicy | string | `"IfNotPresent"` | | -| management.image.repository | string | `"netbirdio/management"` | | +| management.image.repository | string | `"netbirdio/netbird-server"` | | | management.image.tag | string | `""` | | | management.imagePullSecrets | list | `[]` | | | management.ingress.annotations | object | `{}` | | | management.ingress.className | string | `""` | | | management.ingress.enabled | bool | `false` | | | management.ingress.hosts[0].host | string | `"example.com"` | | -| management.ingress.hosts[0].paths[0].path | string | `"/"` | | +| management.ingress.hosts[0].paths[0].path | string | `"/api"` | | | management.ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| management.ingress.hosts[0].paths[1].path | string | `"/ws-proxy"` | | +| management.ingress.hosts[0].paths[1].pathType | string | `"ImplementationSpecific"` | | +| management.ingress.hosts[0].paths[2].path | string | `"/oauth2"` | | +| management.ingress.hosts[0].paths[2].pathType | string | `"ImplementationSpecific"` | | | management.ingress.tls | list | `[]` | | | management.ingressGrpc.annotations | object | `{}` | | | management.ingressGrpc.className | string | `""` | | | management.ingressGrpc.enabled | bool | `false` | | | management.ingressGrpc.hosts[0].host | string | `"example.com"` | | -| management.ingressGrpc.hosts[0].paths[0].path | string | `"/"` | | -| management.ingressGrpc.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| management.ingressGrpc.hosts[0].paths[0].path | string | `"/management.ManagementService"` | | | management.ingressGrpc.tls | list | `[]` | | | management.lifecycle | object | `{}` | | | management.livenessProbe.failureThreshold | int | `3` | | @@ -159,7 +169,7 @@ The following table lists the configurable parameters of the NetBird Helm chart | management.serviceAccount.create | bool | `true` | | | management.serviceAccount.name | string | `""` | | | management.serviceGrpc.name | string | `"grpc"` | | -| management.serviceGrpc.port | int | `33073` | | +| management.serviceGrpc.port | int | `80` | | | management.serviceGrpc.type | string | `"ClusterIP"` | | | management.serviceGrpc.externalIPs | list | `[]` | | | management.serviceGrpc.annotations | object | `{}` | | @@ -183,6 +193,7 @@ The following table lists the configurable parameters of the NetBird Helm chart | relay.containerPort | int | `33080` | | | relay.deploymentAnnotations | object | `{}` | | | relay.enabled | bool | `true` | | +| relay.standalone | bool | `false` | | | relay.env | object | `{}` | | | relay.envFromSecret | object | `{}` | | | relay.envRaw | list | `[]` | | @@ -213,7 +224,7 @@ The following table lists the configurable parameters of the NetBird Helm chart | relay.resources | object | `{}` | | | relay.securityContext | object | `{}` | | | relay.service.name | string | `"http"` | | -| relay.service.port | int | `33080` | | +| relay.service.port | int | `80` | | | relay.service.type | string | `"ClusterIP"` | | | relay.service.externalIPs | list | `[]` | | | relay.service.annotations | object | `{}` | | @@ -227,6 +238,7 @@ The following table lists the configurable parameters of the NetBird Helm chart | signal.containerPort | int | `80` | | | signal.deploymentAnnotations | object | `{}` | | | signal.enabled | bool | `true` | | +| signal.standalone | bool | `false` | | | signal.image.pullPolicy | string | `"IfNotPresent"` | | | signal.image.repository | string | `"netbirdio/signal"` | | | signal.image.tag | string | `""` | | diff --git a/charts/netbird/examples/aws-eks-alb-nlb/README.md b/charts/netbird/examples/aws-eks-alb-nlb/README.md new file mode 100644 index 0000000..f42556b --- /dev/null +++ b/charts/netbird/examples/aws-eks-alb-nlb/README.md @@ -0,0 +1,31 @@ +# Netbird Self-Hosted Setup + +This example provides a fully configured and tested setup for deploying Netbird using the following components: + +- **Ingress Controller**: AWS ALB (HTTP) and NLB (STUN) +- **Database Storage**: PostgreSQL +- **Identity Provider**: Embedded (Dex) + +## Prerequisites + +This setup assumes you have an existing AWS EKS cluster (with the AWS Load Balancer Controller installed) and a PostgreSQL database installed and configured. + +## Kubernetes Secret Configuration + +This setup requires Kubernetes secrets to store sensitive data. You'll need to create a secret named `netbird` in your Kubernetes cluster, containing the following key-value pairs: + +- `relayAuthSecret`: `xxxxxx` # Password used to secure communication between peers in the relay service. +- `datastoreDsnPassword`: `xxxxxx` # Password for the PostgreSQL database connection. +- `datastoreEncryptionKey`: `xxxxxxx` # A random encryption key for the datastore, e.g., generated via `openssl rand -base64 32`. + +> **Note:** The `datastoreEncryptionKey` must also be provided in a ConfigMap for the Netbird setup. + +## Deployment + +Once the required secrets and configuration are in place, this setup will deploy all necessary services for running Netbird, including the following exposed endpoints: + +- `netbird.example.com` - The main Netbird services (dashboard|server). + +## Additional info + +While this setup also deploys the embedded STUN server, you will likely need to use a separate hostname for the ELB (since STUN cannot be served by ALB). It does not seem like NetBird allows configuring a separate hostname for the STUN server; it may be easier to simply use a public STUN server and configure it under `stuns` in the `config.yaml`. diff --git a/charts/netbird/examples/aws-eks-alb-nlb/values.yaml b/charts/netbird/examples/aws-eks-alb-nlb/values.yaml new file mode 100644 index 0000000..a6c8fe8 --- /dev/null +++ b/charts/netbird/examples/aws-eks-alb-nlb/values.yaml @@ -0,0 +1,158 @@ +management: + configYaml: |- + server: + listenAddress: :80 + exposedAddress: https://netbird.example.com:443 + stunPorts: [3478] + metricsPort: 9090 + healthcheckAddress: :9000 + logLevel: info + logFile: console + authSecret: "${NETBIRD_RELAY_AUTH_SECRET}" + dataDir: /var/lib/netbird + auth: + issuer: https://netbird.example.com/oauth2 + signKeyRefreshEnabled: true + dashboardRedirectURIs: + - https://netbird.example.com/nb-auth + - https://netbird.example.com/nb-silent-auth + cliRedirectURIs: + - http://localhost:53000/ + reverseProxy: + trustedHTTPProxies: + - 172.30.0.10/32 + store: + engine: postgres + dsn: >- + host=database.local + port=5432 + dbname=store_db + user=store_user + password=${NETBIRD_STORE_DSN_PASSWORD} + encryptionKey: "${NETBIRD_DATASTORE_ENC_KEY}" + activityStore: + engine: postgres + dsn: >- + host=database.local + port=5432 + dbname=events_db + user=events_user + password=${NETBIRD_STORE_DSN_PASSWORD} + authStore: + engine: postgres + dsn: >- + host=database.local + port=5432 + sslmode=require + dbname=idp_db + user=idp_user + password=${NETBIRD_STORE_DSN_PASSWORD} + envsubst: + enabled: true + envFromSecret: + NETBIRD_RELAY_AUTH_SECRET: netbird/relayAuthSecret + NETBIRD_STORE_DSN_PASSWORD: netbird/datastoreDsnPassword + NETBIRD_DATASTORE_ENC_KEY: netbird/datastoreEncryptionKey + ingress: + enabled: true + className: alb + annotations: + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/group.name: netbird + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]' + alb.ingress.kubernetes.io/load-balancer-name: netbird-alb + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:{region}:{account}:certificate/{id} + alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=3600 + hosts: + - host: netbird.example.com + paths: + - path: /api + pathType: Prefix + - path: /ws-proxy + pathType: Prefix + - path: /oauth2 + pathType: Prefix + - path: /relay + pathType: Prefix + ingressGrpc: + enabled: true + className: alb + annotations: + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/group.name: netbird + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]' + alb.ingress.kubernetes.io/backend-protocol-version: GRPC + alb.ingress.kubernetes.io/healthcheck-path: /management.ManagementService/isHealthy + alb.ingress.kubernetes.io/success-codes: "0" + hosts: + - host: netbird.example.com + paths: + - path: /management.ManagementService + pathType: Prefix + - path: /signalexchange.SignalExchange + pathType: Prefix + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + persistentVolume: + enabled: false +dashboard: + ingress: + enabled: true + className: alb + annotations: + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/group.name: netbird + alb.ingress.kubernetes.io/group.order: "10" + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]' + hosts: + - host: netbird.example.com + paths: + - path: / + pathType: Prefix + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + env: + NETBIRD_MGMT_API_ENDPOINT: https://netbird.example.com + NETBIRD_MGMT_GRPC_API_ENDPOINT: https://netbird.example.com + AUTH_AUDIENCE: netbird-dashboard + AUTH_CLIENT_ID: netbird-dashboard + AUTH_CLIENT_SECRET: "" + AUTH_AUTHORITY: https://netbird.example.com/oauth2 + USE_AUTH0: false + AUTH_SUPPORTED_SCOPES: openid profile email groups + AUTH_REDIRECT_URI: /nb-auth + AUTH_SILENT_REDIRECT_URI: /nb-silent-auth + LETSENCRYPT_DOMAIN: none +extraManifests: + - apiVersion: networking.k8s.io/v1 + kind: IngressClass + metadata: + name: alb + spec: + controller: ingress.k8s.aws/alb + - apiVersion: v1 + kind: Service + metadata: + name: netbird-stun + namespace: netbird + spec: + type: LoadBalancer + loadBalancerClass: service.k8s.aws/nlb + selector: + app.kubernetes.io/instance: netbird + app.kubernetes.io/name: netbird-management + ports: + - protocol: UDP + port: 3478 + targetPort: stun diff --git a/charts/netbird/templates/_helpers.tpl b/charts/netbird/templates/_helpers.tpl index 39e9e72..b01f561 100644 --- a/charts/netbird/templates/_helpers.tpl +++ b/charts/netbird/templates/_helpers.tpl @@ -95,19 +95,33 @@ app.kubernetes.io/name: {{ include "netbird.name" . }}-management app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Signal target service +*/}} +{{- define "netbird.signal.targetService" -}} +{{ include "netbird.fullname" . }}-{{ .Values.signal.standalone | ternary "signal" "management" }} +{{- end }} + {{/* Signal selector labels */}} {{- define "netbird.signal.selectorLabels" -}} -app.kubernetes.io/name: {{ include "netbird.name" . }}-signal +app.kubernetes.io/name: {{ include "netbird.signal.targetService" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{/* +Relay target service +*/}} +{{- define "netbird.relay.targetService" -}} +{{ include "netbird.fullname" . }}-{{ .Values.relay.standalone | ternary "relay" "management" }} +{{- end }} + {{/* Relay selector labels */}} {{- define "netbird.relay.selectorLabels" -}} -app.kubernetes.io/name: {{ include "netbird.name" . }}-relay +app.kubernetes.io/name: {{ include "netbird.relay.targetService" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} diff --git a/charts/netbird/templates/management-cm.yaml b/charts/netbird/templates/management-cm.yaml index 4aaacd9..188caae 100644 --- a/charts/netbird/templates/management-cm.yaml +++ b/charts/netbird/templates/management-cm.yaml @@ -7,6 +7,6 @@ metadata: labels: {{- include "netbird.management.labels" . | nindent 4 }} data: - management.json: |- - {{- .Values.management.configmap | nindent 4 }} + config.yaml: |- + {{- .Values.management.configYaml | nindent 4 }} {{- end -}} diff --git a/charts/netbird/templates/management-deployment.yaml b/charts/netbird/templates/management-deployment.yaml index ff1950e..3688140 100644 --- a/charts/netbird/templates/management-deployment.yaml +++ b/charts/netbird/templates/management-deployment.yaml @@ -33,6 +33,48 @@ spec: serviceAccountName: {{ include "netbird.management.serviceAccountName" . }} securityContext: {{- toYaml .Values.management.podSecurityContext | nindent 8 }} + {{- if or .Values.management.envsubst.enabled .Values.management.initContainers }} + initContainers: + {{- if .Values.management.envsubst.enabled }} + - name: envsubst + image: nginx:stable-alpine-slim + command: + - /bin/sh + - -c + - |- + {{- with .Values.management.envsubst.allowedPrefix }} + ALLOWED_KEYS="$(printf '${%s} ' $(env | grep '^{{ . }}' | cut -d'=' -f1))" + envsubst "${ALLOWED_KEYS}" < /template/config.yaml > /output/config.yaml + {{- else }} + envsubst < /template/config.yaml > /output/config.yaml + {{- end }} + env: + {{- range $key, $val := .Values.management.envsubst.env }} + - name: {{ $key }} + value: {{ $val | quote }} + {{- end }} + {{- if .Values.management.envsubst.envRaw }} + {{- with .Values.management.envsubst.envRaw }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} + {{- range $key, $val := .Values.management.envsubst.envFromSecret }} + - name: {{ $key }} + valueFrom: + secretKeyRef: + name: {{ (split "/" $val)._0 }} + key: {{ (split "/" $val)._1 }} + {{- end }} + volumeMounts: + - name: config + mountPath: /output + - name: config-template + mountPath: /template + {{- end }} + {{- with .Values.management.initContainers }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} containers: - name: {{ .Chart.Name }}-management securityContext: @@ -71,12 +113,17 @@ spec: - name: http containerPort: {{ .Values.management.containerPort }} protocol: TCP - - name: grpc - containerPort: {{ .Values.management.grpcContainerPort }} - protocol: TCP - name: metrics containerPort: {{ .Values.management.metrics.port }} protocol: TCP + - name: stun + containerPort: {{ .Values.management.stunContainerPort }} + protocol: UDP + {{- if .Values.management.useBackwardsGrpcService }} + - name: grpc + containerPort: {{ .Values.management.grpcContainerPort }} + protocol: TCP + {{- end }} {{- if .Values.management.livenessProbe }} {{- with .Values.management.livenessProbe }} livenessProbe: @@ -94,6 +141,7 @@ spec: volumeMounts: - mountPath: /etc/netbird name: config + readOnly: true - mountPath: /var/lib/netbird name: management {{- if .Values.management.volumeMounts }} @@ -112,9 +160,18 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: + {{- if .Values.management.envsubst.enabled }} - name: config + emptyDir: + sizeLimit: 1Mi + - name: config-template configMap: name: {{ include "netbird.fullname" . }}-management + {{- else }} + - name: config + configMap: + name: {{ include "netbird.fullname" . }}-management + {{- end }} - name: management {{- if .Values.management.persistentVolume.enabled }} persistentVolumeClaim: diff --git a/charts/netbird/templates/relay-deployment.yaml b/charts/netbird/templates/relay-deployment.yaml index 46fc17c..bd889a5 100644 --- a/charts/netbird/templates/relay-deployment.yaml +++ b/charts/netbird/templates/relay-deployment.yaml @@ -1,5 +1,4 @@ -{{- if .Values.relay.enabled -}} - +{{- if and .Values.relay.enabled .Values.relay.standalone -}} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/charts/netbird/templates/relay-ingress.yaml b/charts/netbird/templates/relay-ingress.yaml index 8c17eb9..093d5f5 100644 --- a/charts/netbird/templates/relay-ingress.yaml +++ b/charts/netbird/templates/relay-ingress.yaml @@ -36,7 +36,7 @@ spec: pathType: {{ .pathType }} backend: service: - name: {{ $fullName }} + name: {{ include "netbird.relay.targetService" $ }} port: number: {{ $svcPort }} {{- end }} diff --git a/charts/netbird/templates/relay-service.yaml b/charts/netbird/templates/relay-service.yaml index d4c3a9c..45a26bc 100644 --- a/charts/netbird/templates/relay-service.yaml +++ b/charts/netbird/templates/relay-service.yaml @@ -1,4 +1,4 @@ -{{- if .Values.relay.enabled -}} +{{- if and .Values.relay.enabled .Values.relay.standalone -}} apiVersion: v1 kind: Service metadata: diff --git a/charts/netbird/templates/relay-serviceaccount.yaml b/charts/netbird/templates/relay-serviceaccount.yaml index b33543c..e4b5c47 100644 --- a/charts/netbird/templates/relay-serviceaccount.yaml +++ b/charts/netbird/templates/relay-serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if .Values.relay.enabled -}} +{{- if and .Values.relay.enabled .Values.relay.standalone -}} {{- if .Values.relay.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount diff --git a/charts/netbird/templates/signal-deployment.yaml b/charts/netbird/templates/signal-deployment.yaml index fa7ec27..a5c05b7 100644 --- a/charts/netbird/templates/signal-deployment.yaml +++ b/charts/netbird/templates/signal-deployment.yaml @@ -1,5 +1,4 @@ -{{- if .Values.signal.enabled -}} - +{{- if and .Values.signal.enabled .Values.signal.standalone -}} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/charts/netbird/templates/signal-ingress.yaml b/charts/netbird/templates/signal-ingress.yaml index 618c95c..0b399cf 100644 --- a/charts/netbird/templates/signal-ingress.yaml +++ b/charts/netbird/templates/signal-ingress.yaml @@ -36,7 +36,7 @@ spec: pathType: {{ .pathType }} backend: service: - name: {{ $fullName }} + name: {{ include "netbird.signal.targetService" $ }} port: number: {{ $svcPort }} {{- end }} diff --git a/charts/netbird/templates/signal-service.yaml b/charts/netbird/templates/signal-service.yaml index f6bd6a6..44be928 100644 --- a/charts/netbird/templates/signal-service.yaml +++ b/charts/netbird/templates/signal-service.yaml @@ -1,4 +1,4 @@ -{{- if .Values.signal.enabled -}} +{{- if and .Values.signal.enabled .Values.signal.standalone -}} apiVersion: v1 kind: Service metadata: diff --git a/charts/netbird/templates/signal-serviceaccount.yaml b/charts/netbird/templates/signal-serviceaccount.yaml index 1498f4d..b65de05 100644 --- a/charts/netbird/templates/signal-serviceaccount.yaml +++ b/charts/netbird/templates/signal-serviceaccount.yaml @@ -1,5 +1,4 @@ -{{- if .Values.signal.enabled -}} - +{{- if and .Values.signal.enabled .Values.signal.standalone -}} {{- if .Values.signal.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount diff --git a/charts/netbird/templates/xtraManifests.yaml b/charts/netbird/templates/xtra-manifests.yaml similarity index 100% rename from charts/netbird/templates/xtraManifests.yaml rename to charts/netbird/templates/xtra-manifests.yaml diff --git a/charts/netbird/values.yaml b/charts/netbird/values.yaml index bf8d019..5972334 100644 --- a/charts/netbird/values.yaml +++ b/charts/netbird/values.yaml @@ -24,14 +24,30 @@ management: ## podCommand: args: - - --port=80 - - --log-file=console - - --log-level=info - - --disable-anonymous-metrics=false - - --single-account-mode-domain=netbird.selfhosted - - --dns-domain=netbird.selfhosted + - --config + - /etc/netbird/config.yaml - configmap: |- # Placeholder for ConfigMap data + ## @param management.configYaml NetBird server config.yaml. + ## + configYaml: |- + + ## @param management.envsubst Runtime secrets injection for config.yaml. + ## + envsubst: + ## @param management.envsubst.enabled Enable or disable envsubst init container. + enabled: false + ## @param management.envsubst.allowedPrefix Define an allowed prefix for environment variable keys to be substituted. + allowedPrefix: NETBIRD_ + ## @param management.envsubst.env Environment variables for the envsubst init container. + env: {} + ## @param management.envsubst.envRaw Raw environment variables for the envsubst init container. + envRaw: [] + ## @param management.envsubst.envFromSecret Environment variables from secrets for the envsubst init container. + envFromSecret: {} + + ## @param management.initContainers Additional init containers for the management deployment. + ## + initContainers: [] lifecycle: {} # Define lifecycle hooks (preStop, postStart) if needed. @@ -60,7 +76,7 @@ management: image: ## @param management.image.repository Docker image repository for the management component. ## - repository: netbirdio/management + repository: netbirdio/netbird-server ## @param management.image.pullPolicy Docker image pull policy. ## @@ -110,7 +126,7 @@ management: # runAsNonRoot: true # runAsUser: 1000 - ## @param management.useBackwardsGrpcService Use the backwards-compatible GRPC service. + ## @param management.useBackwardsGrpcService [Deprecated] Use the legacy backwards-compatible GRPC service. useBackwardsGrpcService: false metrics: @@ -146,9 +162,9 @@ management: ## annotations: {} - ## @param management.grpcContainerPort Container port for the management service. + ## @param management.grpcContainerPort [Deprecated] Legacy GRPC container port for the management service for management.useBackwardsGrpcService. ## - grpcContainerPort: 33073 + grpcContainerPort: 80 serviceGrpc: ## @param management.serviceGrpc.type Service type for the management GRPC component. @@ -157,7 +173,7 @@ management: ## @param management.serviceGrpc.port Port for the management GRPC service. ## - port: 33073 + port: 80 ## @param management.serviceGrpc.name Name for the management GRPC service port. ## @@ -171,6 +187,9 @@ management: ## annotations: {} + ## @param management.stunContainerPort Container port for the STUN service. + stunContainerPort: 3478 + ingress: ## @param management.ingress.enabled Enable or disable ingress for the management component. ## @@ -191,10 +210,18 @@ management: paths: ## @param management.ingress.hosts[0].paths[0].path Path for the ingress. ## - - path: / + - path: /api ## @param management.ingress.hosts[0].paths[0].pathType Path type for the ingress. ## pathType: ImplementationSpecific + - path: /ws-proxy + ## @param management.ingress.hosts[0].paths[1].pathType Path type for the ingress. + ## + pathType: ImplementationSpecific + - path: /oauth2 + ## @param management.ingress.hosts[0].paths[2].pathType Path type for the ingress. + ## + pathType: ImplementationSpecific ## @param management.ingress.tls TLS settings for the ingress. ## @@ -223,7 +250,7 @@ management: paths: ## @param management.ingressGrpc.hosts[0].paths[0].path Path for GRPC ingress. ## - - path: / + - path: /management.ManagementService ## @param management.ingressGrpc.hosts[0].paths[0].pathType Path type for GRPC ingress. ## pathType: ImplementationSpecific @@ -310,6 +337,10 @@ management: signal: enabled: true + + ## @param signal.standalone Whether to create a standalone signal deployment. + standalone: false + ## @param signal.logLevel Log level for the signal component. ## logLevel: info @@ -491,6 +522,9 @@ relay: ## enabled: true + ## @param relay.standalone Whether to create a standalone relay deployment. + standalone: false + ## @param relay.replicaCount Number of relay pod replicas. ## replicaCount: 1 @@ -575,7 +609,7 @@ relay: ## @param relay.containerPort Container port for the relay service. ## - containerPort: 33080 + containerPort: 80 service: ## @param relay.service.type Service type for the relay component. @@ -584,7 +618,7 @@ relay: ## @param relay.service.port Port for the relay service. ## - port: 33080 + port: 80 ## @param relay.service.name Name for the relay service port. ## @@ -697,7 +731,7 @@ dashboard: pullPolicy: IfNotPresent ## @param image.tag image tag (immutable tags are recommended) - tag: "v2.13.1" + tag: "v2.36.0" ## @param imagePullSecrets image pull secrets imagePullSecrets: []