diff --git a/README.md b/README.md index 262ecb3..ff160ef 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ helm install carbide-charts/ If you would like to do add the Carbide Helm Charts to the Rancher Manager Chart Catalog, so you are able to use the user interface to install them, please follow the steps in the [Rancher Manager Docs](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/helm-charts-in-rancher). -## How to Use (Airgaped Environments) +## How to Use (Airgapped Environments) ### For Helm Chart Repositories diff --git a/charts/airgapped-docs/Chart.yaml b/charts/airgapped-docs/Chart.yaml index b7b0577..65a93a2 100644 --- a/charts/airgapped-docs/Chart.yaml +++ b/charts/airgapped-docs/Chart.yaml @@ -3,5 +3,5 @@ name: airgapped-docs description: Rancher Government Airgapped Docs icon: https://raw.githubusercontent.com/rancherfederal/carbide-docs/main/static/img/carbide-logo.svg type: application -version: 0.1.52 +version: 0.1.7 appVersion: "0.1.7" diff --git a/charts/airgapped-docs/templates/deployment.yaml b/charts/airgapped-docs/templates/deployment.yaml index 499acff..021d821 100644 --- a/charts/airgapped-docs/templates/deployment.yaml +++ b/charts/airgapped-docs/templates/deployment.yaml @@ -27,9 +27,27 @@ spec: imagePullPolicy: Always securityContext: runAsUser: {{ $value.uid | default .Values.defaults.uid }} + runAsNonRoot: true + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + seccompProfile: + type: RuntimeDefault ports: - name: http containerPort: {{ $value.containerPort | default .Values.defaults.containerPort }} + volumeMounts: + - name: nginx-config + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf + volumes: + - name: nginx-config + configMap: + {{- if $value.useHtmlBase }} + name: nginx-html-config + {{- else }} + name: nginx-config + {{- end }} {{- end }} {{- end -}} {{- end }} \ No newline at end of file diff --git a/charts/airgapped-docs/templates/navlink.yaml b/charts/airgapped-docs/templates/navlink.yaml index 324561d..f77ad8d 100644 --- a/charts/airgapped-docs/templates/navlink.yaml +++ b/charts/airgapped-docs/templates/navlink.yaml @@ -22,7 +22,7 @@ spec: toService: name: rancher-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} {{- if .Values.docs.elemental.enabled }} @@ -49,7 +49,7 @@ spec: toService: name: elemental-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} {{- if .Values.docs.longhorn.enabled }} @@ -76,7 +76,7 @@ spec: toService: name: longhorn-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} {{- if .Values.docs.k3s.enabled }} @@ -103,7 +103,7 @@ spec: toService: name: k3s-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} {{- if .Values.docs.rke2.enabled }} @@ -130,7 +130,7 @@ spec: toService: name: rke2-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} {{- if .Values.docs.carbide.enabled }} @@ -157,7 +157,7 @@ spec: toService: name: carbide-offline-docs namespace: {{ .Release.Namespace }} - port: "80" + port: "8080" scheme: http {{- end }} {{- if .Values.docs.kubewarden.enabled }} @@ -185,7 +185,7 @@ spec: toService: name: kubewarden-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} @@ -207,7 +207,7 @@ spec: toService: name: neuvector-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} {{- if .Values.docs.fleet.enabled }} @@ -227,7 +227,7 @@ spec: toService: name: fleet-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} @@ -248,7 +248,7 @@ spec: toService: name: harvester-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} {{- if .Values.docs.kubernetes.enabled }} @@ -269,7 +269,7 @@ spec: toService: name: kubernetes-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} {{- if .Values.docs.rancherdesktop.enabled }} @@ -290,7 +290,7 @@ spec: toService: name: rancherdesktop-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} {{- if .Values.docs.hauler.enabled }} @@ -311,7 +311,7 @@ spec: toService: name: hauler-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} {{- if .Values.docs.hauler.enabled }} @@ -332,6 +332,6 @@ spec: toService: name: neuvector-vdb-explorer-offline-docs namespace: "{{ .Release.Namespace }}" - port: "80" + port: "8080" scheme: http {{- end }} \ No newline at end of file diff --git a/charts/airgapped-docs/templates/nginx-config.yaml b/charts/airgapped-docs/templates/nginx-config.yaml new file mode 100644 index 0000000..2bc4070 --- /dev/null +++ b/charts/airgapped-docs/templates/nginx-config.yaml @@ -0,0 +1,112 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-config +data: + nginx.conf: | + worker_processes auto; + + error_log /dev/stdout debug; + pid /run/nginx/nginx.pid; + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /dev/stdout; + + sendfile on; + + keepalive_timeout 65; + + server { + {{- if .Values.global.ipv4.enabled }} + listen 8080; + {{- end }} + {{- if .Values.global.ipv6.enabled }} + listen [::]:8080; + {{- end }} + server_name localhost; + + port_in_redirect off; + root /var/lib/nginx/html; + + location / { + try_files $uri $uri/ @htmlext; + } + + location ~ \.html$ { + try_files $uri =404; + } + + location @htmlext { + rewrite ^(.*)$ $1.html last; + } + } + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-html-config +data: + nginx.conf: | + worker_processes auto; + + error_log /dev/stdout info; + pid /run/nginx/nginx.pid; + + + events { + worker_connections 1024; + } + + http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /dev/stdout; + + sendfile on; + + keepalive_timeout 65; + + server { + {{- if .Values.global.ipv4.enabled }} + listen 8080; + {{- end }} + {{- if .Values.global.ipv6.enabled }} + listen [::]:8080; + {{- end }} + server_name localhost; + + port_in_redirect off; + root /var/lib/nginx/html; + rewrite ^/(.*)/$ /$1.html permanent; + + location / { + rewrite ^/(.*)/$ /$1 permanent; + try_files $uri $uri/ @htmlext; + } + + location ~ \.html$ { + try_files $uri =404; + } + + location @htmlext { + rewrite ^(.*)$ $1.html last; + } + } + } \ No newline at end of file diff --git a/charts/airgapped-docs/templates/service.yaml b/charts/airgapped-docs/templates/service.yaml index b7c7707..9cf41a5 100644 --- a/charts/airgapped-docs/templates/service.yaml +++ b/charts/airgapped-docs/templates/service.yaml @@ -10,7 +10,7 @@ metadata: spec: ports: - name: http - port: 80 + port: 8080 protocol: TCP targetPort: http selector: diff --git a/charts/airgapped-docs/values.yaml b/charts/airgapped-docs/values.yaml index da97011..be413a3 100644 --- a/charts/airgapped-docs/values.yaml +++ b/charts/airgapped-docs/values.yaml @@ -4,6 +4,11 @@ global: cattle: systemDefaultRegistry: "rgcrprod.azurecr.us" + ipv4: + enabled: true + ipv6: + enabled: true + defaults: containerPort: 8080 uid: 65532 @@ -17,16 +22,19 @@ docs: # tag: "0.1.x" rancher: enabled: true + useHtmlBase: true image: name: "carbide/rancher-docs" # tag: "0.1.x" rke2: enabled: true + useHtmlBase: true image: name: "carbide/rke2-docs" # tag: "0.1.x" k3s: enabled: true + useHtmlBase: true image: name: "carbide/k3s-docs" # tag: "0.1.x" @@ -37,6 +45,7 @@ docs: # tag: "0.1.x" fleet: enabled: true + useHtmlBase: true image: name: "carbide/fleet-docs" # tag: "0.1.x" @@ -62,6 +71,7 @@ docs: # tag: "0.1.x" harvester: enabled: true + useHtmlBase: true image: name: "carbide/harvester-docs" # tag: "0.1.x"