Airgapped Docs Release (#232)

* updates for airgapped-docs 0.1.7 (#229) Signed-off-by: Adam Martin <[email protected]> * Fix ipv issue by making ipv4 and ipv6 configurable & fix svc ports. (#228) * Fix ipv issue by making ipv4 and ipv6 configurable & fix svc ports. * Update chart version * Add support for restricted PSA * Update Chart.yaml --------- Signed-off-by: Adam Martin <[email protected]> Co-authored-by: Adam Martin <[email protected]>
rancherfederal · Oct 24, 2024 · 5a8ae2b · 5a8ae2b
1 parent 02e149e
commit 5a8ae2b
Show file tree

Hide file tree

Showing 7 changed files with 157 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -29,7 +29,7 @@ helm install <release-name> carbide-charts/<chart>
 
 If you would like to do add the Carbide Helm Charts to the Rancher Manager Chart Catalog, so you are able to use the user interface to install them, please follow the steps in the [Rancher Manager Docs](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/helm-charts-in-rancher).
 
-## How to Use (Airgaped Environments)
+## How to Use (Airgapped Environments)
 
 ### For Helm Chart Repositories
 

diff --git a/charts/airgapped-docs/Chart.yaml b/charts/airgapped-docs/Chart.yaml
@@ -3,5 +3,5 @@ name: airgapped-docs
 description: Rancher Government Airgapped Docs
 icon: https://raw.githubusercontent.com/rancherfederal/carbide-docs/main/static/img/carbide-logo.svg
 type: application
-version: 0.1.52
+version: 0.1.7
 appVersion: "0.1.7"
diff --git a/charts/airgapped-docs/templates/deployment.yaml b/charts/airgapped-docs/templates/deployment.yaml
@@ -27,9 +27,27 @@ spec:
           imagePullPolicy: Always
           securityContext:
             runAsUser: {{ $value.uid | default .Values.defaults.uid }}
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
+            seccompProfile:
+              type: RuntimeDefault
           ports:
             - name: http
               containerPort: {{ $value.containerPort | default .Values.defaults.containerPort }}
+          volumeMounts:
+            - name: nginx-config
+              mountPath: /etc/nginx/nginx.conf
+              subPath: nginx.conf
+      volumes:
+      - name: nginx-config
+        configMap:
+      {{- if $value.useHtmlBase }}
+          name: nginx-html-config
+      {{- else }}
+          name: nginx-config
+      {{- end }}
 {{- end }}
 {{- end -}}
 {{- end }}
diff --git a/charts/airgapped-docs/templates/navlink.yaml b/charts/airgapped-docs/templates/navlink.yaml
@@ -22,7 +22,7 @@ spec:
   toService:
     name: rancher-offline-docs
     namespace: "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 {{- end }}
 {{- if .Values.docs.elemental.enabled }}
@@ -49,7 +49,7 @@ spec:
   toService:
     name: elemental-offline-docs
     namespace: "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 {{- end }}
 {{- if .Values.docs.longhorn.enabled }}
@@ -76,7 +76,7 @@ spec:
   toService:
     name: longhorn-offline-docs
     namespace: "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 {{- end }}
 {{- if .Values.docs.k3s.enabled }}
@@ -103,7 +103,7 @@ spec:
   toService:
     name: k3s-offline-docs
     namespace: "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 {{- end }}
 {{- if .Values.docs.rke2.enabled }}
@@ -130,7 +130,7 @@ spec:
   toService:
     name: rke2-offline-docs
     namespace: "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 {{- end }}
 {{- if .Values.docs.carbide.enabled }}
@@ -157,7 +157,7 @@ spec:
   toService:
     name: carbide-offline-docs
     namespace: {{ .Release.Namespace }}
-    port: "80"
+    port: "8080"
     scheme: http
 {{- end }}
 {{- if .Values.docs.kubewarden.enabled }}
@@ -185,7 +185,7 @@ spec:
   toService:
     name: kubewarden-offline-docs
     namespace: "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 
 {{- end }}
@@ -207,7 +207,7 @@ spec:
   toService:
     name: neuvector-offline-docs
     namespace: "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 {{- end }}
 {{- if .Values.docs.fleet.enabled }}
@@ -227,7 +227,7 @@ spec:
   toService:
     name: fleet-offline-docs
     namespace: "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 
 {{- end }}
@@ -248,7 +248,7 @@ spec:
   toService:
     name: harvester-offline-docs
     namespace: "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 {{- end }}
 {{- if .Values.docs.kubernetes.enabled }}
@@ -269,7 +269,7 @@ spec:
   toService:
     name: kubernetes-offline-docs
     namespace:  "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 {{- end }}
 {{- if .Values.docs.rancherdesktop.enabled }}
@@ -290,7 +290,7 @@ spec:
   toService:
     name: rancherdesktop-offline-docs
     namespace: "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 {{- end }}
 {{- if .Values.docs.hauler.enabled }}
@@ -311,7 +311,7 @@ spec:
   toService:
     name: hauler-offline-docs
     namespace: "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 {{- end }}
 {{- if .Values.docs.hauler.enabled }}
@@ -332,6 +332,6 @@ spec:
   toService:
     name: neuvector-vdb-explorer-offline-docs
     namespace: "{{ .Release.Namespace }}"
-    port: "80"
+    port: "8080"
     scheme: http
 {{- end }}
diff --git a/charts/airgapped-docs/templates/nginx-config.yaml b/charts/airgapped-docs/templates/nginx-config.yaml
@@ -0,0 +1,112 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-config
+data:
+  nginx.conf: |
+    worker_processes  auto;
+
+    error_log /dev/stdout debug;
+    pid        /run/nginx/nginx.pid;
+
+    events {
+        worker_connections  1024;
+    }
+
+    http {
+        include       /etc/nginx/mime.types;
+        default_type  application/octet-stream;
+
+        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                        '$status $body_bytes_sent "$http_referer" '
+                        '"$http_user_agent" "$http_x_forwarded_for"';
+
+        access_log /dev/stdout;
+
+        sendfile        on;
+
+        keepalive_timeout  65;
+
+        server {
+            {{- if .Values.global.ipv4.enabled }}
+            listen       8080;
+            {{- end }}
+            {{- if .Values.global.ipv6.enabled }}
+            listen  [::]:8080;
+            {{- end }}
+            server_name  localhost;
+
+            port_in_redirect off;
+            root   /var/lib/nginx/html;
+
+            location / {
+                try_files $uri $uri/ @htmlext;
+            }
+
+            location ~ \.html$ {
+                try_files $uri =404;
+            }   
+
+            location @htmlext {
+                rewrite ^(.*)$ $1.html last;
+            }
+        }
+    }
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-html-config
+data:
+  nginx.conf: |
+    worker_processes  auto;
+
+    error_log /dev/stdout info;
+    pid        /run/nginx/nginx.pid;
+
+
+    events {
+        worker_connections  1024;
+    }
+
+    http {
+        include       /etc/nginx/mime.types;
+        default_type  application/octet-stream;
+
+        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                          '$status $body_bytes_sent "$http_referer" '
+                          '"$http_user_agent" "$http_x_forwarded_for"';
+
+        access_log /dev/stdout;
+
+        sendfile        on;
+
+        keepalive_timeout  65;
+
+        server {
+            {{- if .Values.global.ipv4.enabled }}
+            listen       8080;
+            {{- end }}
+            {{- if .Values.global.ipv6.enabled }}
+            listen  [::]:8080;
+            {{- end }}
+            server_name  localhost;
+
+            port_in_redirect off;
+            root   /var/lib/nginx/html;
+            rewrite ^/(.*)/$ /$1.html permanent;
+
+            location / {
+                rewrite ^/(.*)/$ /$1 permanent;
+                try_files $uri $uri/ @htmlext;
+            }
+
+            location ~ \.html$ {
+                try_files $uri =404;
+            }   
+
+            location @htmlext {
+                rewrite ^(.*)$ $1.html last;
+            }
+        }
+    }
diff --git a/charts/airgapped-docs/templates/service.yaml b/charts/airgapped-docs/templates/service.yaml
@@ -10,7 +10,7 @@ metadata:
 spec:
   ports:
   - name: http
-    port: 80
+    port: 8080
     protocol: TCP
     targetPort: http
   selector:

diff --git a/charts/airgapped-docs/values.yaml b/charts/airgapped-docs/values.yaml
@@ -4,6 +4,11 @@
 global:
   cattle:
     systemDefaultRegistry: "rgcrprod.azurecr.us"
+  ipv4:
+    enabled: true
+  ipv6:
+    enabled: true
+
 defaults:
   containerPort: 8080
   uid: 65532
@@ -17,16 +22,19 @@ docs:
       # tag: "0.1.x"
   rancher:
     enabled: true
+    useHtmlBase: true
     image:
       name: "carbide/rancher-docs"
       # tag: "0.1.x"
   rke2:
     enabled: true
+    useHtmlBase: true
     image:
       name: "carbide/rke2-docs"
       # tag: "0.1.x"
   k3s:
     enabled: true
+    useHtmlBase: true
     image:
       name: "carbide/k3s-docs"
       # tag: "0.1.x"
@@ -37,6 +45,7 @@ docs:
       # tag: "0.1.x"
   fleet:
     enabled: true
+    useHtmlBase: true
     image:
       name: "carbide/fleet-docs"
       # tag: "0.1.x"
@@ -62,6 +71,7 @@ docs:
       # tag: "0.1.x"
   harvester:
     enabled: true
+    useHtmlBase: true
     image:
       name: "carbide/harvester-docs"
       # tag: "0.1.x"