diff --git a/charts/freeradius/Chart.yaml b/charts/freeradius/Chart.yaml index a6a8561f..04658f42 100644 --- a/charts/freeradius/Chart.yaml +++ b/charts/freeradius/Chart.yaml @@ -5,7 +5,7 @@ appVersion: 3.2.7 dependencies: - name: st-common repository: https://startechnica.github.io/apps - version: 0.1.10 + version: 0.1.12 - name: mariadb condition: mariadb.enabled repository: oci://registry-1.docker.io/bitnamicharts @@ -30,4 +30,4 @@ sources: - https://freeradius.org/ - https://github.com/FreeRADIUS/freeradius-server type: application -version: 1.0.3 \ No newline at end of file +version: 1.0.4 \ No newline at end of file diff --git a/charts/freeradius/templates/Certificate.yaml b/charts/freeradius/templates/Certificate.yaml index 9a65f834..34b3bdc1 100644 --- a/charts/freeradius/templates/Certificate.yaml +++ b/charts/freeradius/templates/Certificate.yaml @@ -4,51 +4,39 @@ SPDX-License-Identifier: APACHE-2.0 */}} {{- if and (include "freeradius.createTlsSecret" .) .Values.tls.autoGenerator.certmanager.enabled }} -{{- if not (eq (include "st-common.capabilities.certManager.apiVersion" .) "false") }} -{{- $releaseNamespace := include "st-common.names.namespace" . }} -{{- $clusterDomain := .Values.clusterDomain }} -{{- $fullname := include "st-common.names.fullname" . }} -{{- $serviceName := include "st-common.names.fullname" . }} -{{- $altNames := list (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc" $serviceName $releaseNamespace) (printf "%s.%s" $serviceName $releaseNamespace) $fullname }} -{{/* -{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc" $serviceName $releaseNamespace) (printf "%s.%s" $serviceName $releaseNamespace) $fullname }} -*/}} -apiVersion: {{ include "st-common.capabilities.certManager.apiVersion" . }} +{{- if not (eq (include "st-common.capabilities.certmanager.apiVersion" .) "false") }} +apiVersion: {{ include "st-common.capabilities.certmanager.apiVersion" . }} kind: Certificate metadata: name: {{ include "st-common.names.fullname" . }}-tls namespace: {{ include "st-common.names.namespace" . | quote }} {{- if .Values.commonAnnotations }} - annotations: {{- include "st-common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} - labels: {{- include "st-common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "st-common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + annotations: + {{- include "st-common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} + labels: + {{- include "st-common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "st-common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} spec: secretName: {{ include "freeradius.tlsSecretName" . }} issuerRef: group: cert-manager.io kind: {{ .Values.tls.autoGenerator.certmanager.issuerKind }} name: {{ .Values.tls.autoGenerator.certmanager.issuerName }} - #name: letsencrypt-prd + {{- if .Values.tls.autoGenerator.certmanager.privateKey }} privateKey: - algorithm: ECDSA - rotationPolicy: Always - size: 256 + {{- include "st-common.tplvalues.render" (dict "value" .Values.tls.autoGenerator.certmanager.privateKey "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.tls.autoGenerator.certmanager.subject }} subject: - organizations: - - {{ .Release.Name | quote }} - organizationalUnits: - - {{ include "st-common.names.fullname" . }} + {{- include "st-common.tplvalues.render" (dict "value" .Values.tls.autoGenerator.certmanager.subject "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.tls.autoGenerator.certmanager.dnsNames }} dnsNames: - - {{ .Values.ingress.hostname | quote }} - {{- range .Values.ingress.extraHosts }} - - {{ .name | quote }} - {{- end }} - {{- with $altNames }} - {{- toYaml . | nindent 4 }} - {{- end }} + {{- include "st-common.tplvalues.render" (dict "value" .Values.tls.autoGenerator.certmanager.dnsNames "context" $) | nindent 4 }} + {{- end }} {{- end }} {{- end }} --- \ No newline at end of file diff --git a/charts/freeradius/templates/ConfigMap/clients.yaml b/charts/freeradius/templates/ConfigMap/clients.yaml index afbe9287..0634e788 100644 --- a/charts/freeradius/templates/ConfigMap/clients.yaml +++ b/charts/freeradius/templates/ConfigMap/clients.yaml @@ -10,12 +10,14 @@ kind: ConfigMap metadata: name: {{ printf "%s-clients" (include "st-common.names.fullname" .) }} namespace: {{ include "st-common.names.namespace" . | quote }} - labels: {{- include "st-common.labels.standard" . | nindent 4 }} + labels: + {{- include "st-common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "st-common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} - annotations: {{- include "st-common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + annotations: + {{- include "st-common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} data: clients.conf: |- diff --git a/charts/freeradius/templates/ConfigMap/configuration.yaml b/charts/freeradius/templates/ConfigMap/configuration.yaml new file mode 100644 index 00000000..d4dc0a28 --- /dev/null +++ b/charts/freeradius/templates/ConfigMap/configuration.yaml @@ -0,0 +1,24 @@ +{{- /* +Copyright (c) 2025 Firmansyah Nainggolan. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.configuration }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "freeradius.configurationCM" . }} + namespace: {{ include "st-common.names.namespace" . | quote }} + labels: + {{- include "st-common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "st-common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: + {{- include "st-common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} +data: + radiusd.conf: |- + {{- include "st-common.tplvalues.render" (dict "value" .Values.configuration "context" $) | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/freeradius/templates/ConfigMap/envvars.yaml b/charts/freeradius/templates/ConfigMap/envvars.yaml index 2b6b3a15..1ecb0c24 100644 --- a/charts/freeradius/templates/ConfigMap/envvars.yaml +++ b/charts/freeradius/templates/ConfigMap/envvars.yaml @@ -8,12 +8,14 @@ kind: ConfigMap metadata: name: {{ include "freeradius.names.envvars" . }} namespace: {{ include "st-common.names.namespace" . | quote }} - labels: {{- include "st-common.labels.standard" . | nindent 4 }} + labels: + {{- include "st-common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "st-common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} - annotations: {{- include "st-common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + annotations: + {{- include "st-common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} data: FREERADIUS_ENABLE_TLS: {{ ternary "true" "false" .Values.tls.enabled | quote }} diff --git a/charts/freeradius/templates/ConfigMap/mods-enabled.yaml b/charts/freeradius/templates/ConfigMap/mods-enabled.yaml index 169bc9f8..d859eced 100644 --- a/charts/freeradius/templates/ConfigMap/mods-enabled.yaml +++ b/charts/freeradius/templates/ConfigMap/mods-enabled.yaml @@ -8,12 +8,14 @@ kind: ConfigMap metadata: name: {{ printf "%s-mods" (include "st-common.names.fullname" .) }} namespace: {{ include "st-common.names.namespace" . | quote }} - labels: {{- include "st-common.labels.standard" . | nindent 4 }} + labels: + {{- include "st-common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "st-common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} - annotations: {{- include "st-common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + annotations: + {{- include "st-common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} data: {{- if .Values.modsEnabled.sql.enabled }} diff --git a/charts/freeradius/templates/ConfigMap/sites-enabled.yaml b/charts/freeradius/templates/ConfigMap/sites-enabled.yaml index d751767a..348d13b5 100644 --- a/charts/freeradius/templates/ConfigMap/sites-enabled.yaml +++ b/charts/freeradius/templates/ConfigMap/sites-enabled.yaml @@ -8,12 +8,14 @@ kind: ConfigMap metadata: name: {{ printf "%s-sites" (include "st-common.names.fullname" .) }} namespace: {{ include "st-common.names.namespace" . | quote }} - labels: {{- include "st-common.labels.standard" . | nindent 4 }} + labels: + {{- include "st-common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "st-common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} - annotations: {{- include "st-common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + annotations: + {{- include "st-common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} data: {{ (.Files.Glob "files/sites-available/default").AsConfig | indent 2 }} diff --git a/charts/freeradius/templates/Deployment.yaml b/charts/freeradius/templates/Deployment.yaml index 2342c74c..f3868f59 100644 --- a/charts/freeradius/templates/Deployment.yaml +++ b/charts/freeradius/templates/Deployment.yaml @@ -34,9 +34,11 @@ spec: checksum/configmap-env: {{ include (print $.Template.BasePath "/ConfigMap/envvars.yaml") . | sha256sum }} checksum/configmap-mods: {{ include (print $.Template.BasePath "/ConfigMap/mods-enabled.yaml") . | sha256sum }} checksum/configmap-sites: {{ include (print $.Template.BasePath "/ConfigMap/sites-enabled.yaml") . | sha256sum }} + checksum/configmap-configuration: {{ include (print $.Template.BasePath "/ConfigMap/configuration.yaml") . | sha256sum }} checksum/secret-credentials: {{ include (print $.Template.BasePath "/Secret/credentials.yaml") . | sha256sum }} checksum/secret-sql-tls: {{ include (print $.Template.BasePath "/Secret/sql-tls.yaml") . | sha256sum }} checksum/secret-tls: {{ include (print $.Template.BasePath "/Secret/tls.yaml") . | sha256sum }} + checksum/secret-env: {{ include (print $.Template.BasePath "/Secret/envvars.yaml") . | sha256sum }} {{- if .Values.podAnnotations }} {{- include "st-common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} {{- end }} @@ -172,13 +174,17 @@ spec: envFrom: - configMapRef: name: {{ include "freeradius.names.envvars" . }} - {{- if .Values.extraEnvVarsCM }} + {{- if .Values.extraSecretEnvVars }} + - secretRef: + name: {{ include "freeradius.names.envvars" . }} + {{- end }} + {{- if .Values.extraEnvVarsExistingCM }} - configMapRef: - name: {{ .Values.extraEnvVarsCM }} + name: {{ .Values.extraEnvVarsExistingCM }} {{- end }} - {{- if .Values.extraEnvVarsSecret }} + {{- if .Values.extraEnvVarsExistingSecret }} - secretRef: - name: {{ .Values.extraEnvVarsSecret }} + name: {{ .Values.extraEnvVarsExistingSecret }} {{- end }} {{- if .Values.lifecycleHooks }} lifecycle: {{- include "st-common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} @@ -246,6 +252,7 @@ spec: /bin/echo "Message-Authenticator = 0x00" | /usr/bin/radclient 127.0.0.1:${FREERADIUS_SITES_STATUS_PORT} status ${FREERADIUS_SITES_STATUS_SECRET} {{- end }} {{- end }} + {{- end }} {{- if .resources }} resources: {{- include "st-common.tplvalues.render" (dict "value" .resources "context" $) | nindent 12 }} {{- else if and .resourcesPreset (ne .resourcesPreset "none") }} diff --git a/charts/freeradius/templates/Secret/credentials.yaml b/charts/freeradius/templates/Secret/credentials.yaml index 6618ad56..930ef074 100644 --- a/charts/freeradius/templates/Secret/credentials.yaml +++ b/charts/freeradius/templates/Secret/credentials.yaml @@ -10,13 +10,15 @@ kind: Secret metadata: name: {{ $secretName }} namespace: {{ include "st-common.names.namespace" . | quote }} - labels: {{- include "st-common.labels.standard" . | nindent 4 }} + labels: app.kubernetes.io/component: freeradius + {{- include "st-common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "st-common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} {{- if .Values.commonAnnotations }} - annotations: {{- include "st-common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + annotations: + {{- include "st-common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} {{- end }} type: Opaque data: diff --git a/charts/freeradius/templates/Secret/envvars.yaml b/charts/freeradius/templates/Secret/envvars.yaml new file mode 100644 index 00000000..59911e61 --- /dev/null +++ b/charts/freeradius/templates/Secret/envvars.yaml @@ -0,0 +1,24 @@ +{{- /* +Copyright (c) 2025 Firmansyah Nainggolan. All Rights Reserved. +SPDX-License-Identifier: APACHE-2.0 +*/}} + +{{- if .Values.extraSecretEnvVars }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "freeradius.names.envvars" . }} + namespace: {{ include "st-common.names.namespace" . | quote }} + labels: + {{- include "st-common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "st-common.tplvalues.render" (dict "value" .Values.commonLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: + {{- include "st-common.tplvalues.render" (dict "value" .Values.commonAnnotations "context" $) | nindent 4 }} + {{- end }} +type: Opaque +stringData: + {{- include "st-common.tplvalues.render" (dict "value" .Values.extraSecretEnvVars "context" $) | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/freeradius/templates/Secret/sql-tls.yaml b/charts/freeradius/templates/Secret/sql-tls.yaml index e49a5e2d..a605a503 100644 --- a/charts/freeradius/templates/Secret/sql-tls.yaml +++ b/charts/freeradius/templates/Secret/sql-tls.yaml @@ -16,9 +16,11 @@ metadata: name: {{ include "st-common.names.fullname" . }}-sql-tls namespace: {{ include "st-common.names.namespace" . | quote }} {{- if .Values.commonAnnotations }} - annotations: {{- include "st-common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + annotations: + {{- include "st-common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} - labels: {{- include "st-common.labels.standard" . | nindent 4 }} + labels: + {{- include "st-common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "st-common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} diff --git a/charts/freeradius/templates/Secret/tls.yaml b/charts/freeradius/templates/Secret/tls.yaml index 3b182d56..2a943cb2 100644 --- a/charts/freeradius/templates/Secret/tls.yaml +++ b/charts/freeradius/templates/Secret/tls.yaml @@ -16,9 +16,11 @@ metadata: name: {{ include "st-common.names.fullname" . }}-tls namespace: {{ include "st-common.names.namespace" . | quote }} {{- if .Values.commonAnnotations }} - annotations: {{- include "st-common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + annotations: + {{- include "st-common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} - labels: {{- include "st-common.labels.standard" . | nindent 4 }} + labels: + {{- include "st-common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "st-common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} diff --git a/charts/freeradius/values.yaml b/charts/freeradius/values.yaml index 62c1dc7a..68089b35 100644 --- a/charts/freeradius/values.yaml +++ b/charts/freeradius/values.yaml @@ -391,16 +391,23 @@ extraFlags: "" ## @param extraEnvVars Extra environment variables to be set on FreeRADIUS containers ## E.g. ## extraEnvVars: -## - name: TZ -## value: "Europe/Paris" +## - name: TZ +## value: "Europe/Paris" ## extraEnvVars: [] -## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for FreeRADIUS containers + +## @param extraSecretEnvVars Extra environment variables to be stored in Secret and set on FreeRADIUS containers +## E.g. +## extraSecretEnvVars: +## FREERADIUS_PROXY_SECRET: test123456 +extraSecretEnvVars: {} + +## @param extraEnvVarsExistingCM Name of existing ConfigMap containing extra env vars for FreeRADIUS containers ## -extraEnvVarsCM: "" -## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for FreeRADIUS containers +extraEnvVarsExistingCM: "" +## @param extraEnvVarsExistingSecret Name of existing Secret containing extra env vars for FreeRADIUS containers ## -extraEnvVarsSecret: "" +extraEnvVarsExistingSecret: "" ## @section Persistence Parameters @@ -899,6 +906,27 @@ tls: enabled: false issuerKind: ClusterIssuer issuerName: selfsigned-issuer + privateKey: + algorithm: ECDSA + rotationPolicy: Always + size: 256 + subject: |- + organizations: + - {{ .Release.Name | quote }} + organizationalUnits: + - {{ include "st-common.names.fullname" . | quote }} + dnsNames: |- + {{- $releaseNamespace := include "st-common.names.namespace" . }} + {{- $clusterDomain := .Values.clusterDomain }} + {{- $serviceName := include "st-common.names.fullname" . }} + {{- $altNames := list (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc" $serviceName $releaseNamespace) (printf "%s.%s" $serviceName $releaseNamespace) $serviceName -}} + - {{ .Values.ingress.hostname | quote }} + {{- range .Values.ingress.extraHosts }} + - {{ .name | quote }} + {{- end }} + {{- with $altNames }} + {{ toYaml . }} + {{- end }} ## @param tls.certificatesSecret Name of the secret that contains the certificates ## certificatesSecret: ""