[chart] Update helm chart (#349)

deploy/helm/Chart.yaml

@@ -2,10 +2,10 @@ apiVersion: v2
 name: wg-portal
 description: WireGuard Configuration Portal with LDAP, OAuth, OIDC authentication
 # Version is set to ensure compatibility with the chart's Ingress resource.
-kubeVersion: '>=1.19.0'
+kubeVersion: ">=1.19.0"
 type: application
 home: https://wgportal.org
-icon: https://wgportal.org/assets/images/logo.svg
+icon: https://wgportal.org/latest/assets/images/logo.svg
 sources:
   - https://github.com/h44z/wg-portal
 
@@ -16,10 +16,10 @@ annotations:
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.0
+version: 0.6.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: latest
+appVersion: "v2"

deploy/helm/README.md

@@ -1,6 +1,6 @@
 # wg-portal
 
-![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: latest](https://img.shields.io/badge/AppVersion-latest-informational?style=flat-square)
+![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2](https://img.shields.io/badge/AppVersion-v2-informational?style=flat-square)
 
 WireGuard Configuration Portal with LDAP, OAuth, OIDC authentication
 
@@ -32,13 +32,13 @@ The [Values](#values) section lists the parameters that can be configured during
 | nameOverride | string | `""` | Partially override resource names (adds suffix) |
 | fullnameOverride | string | `""` | Fully override resource names |
 | extraDeploy | list | `[]` | Array of extra objects to deploy with the release |
-| config.advanced | tpl/object | `{}` | Advanced configuration options. |
+| config.advanced | tpl/object | `{}` | [Advanced configuration](https://wgportal.org/latest/documentation/configuration/overview/#advanced) options. |
-| config.auth | tpl/object | `{}` | Auth configuration options. |
+| config.auth | tpl/object | `{}` | [Auth configuration](https://wgportal.org/latest/documentation/configuration/overview/#auth) options. |
-| config.core | tpl/object | `{}` | Core configuration options.<br> If external admins in `auth` are not defined and there are no `admin_user` and `admin_password` defined here, the default credentials will be generated. |
+| config.core | tpl/object | `{}` | [Core configuration](https://wgportal.org/latest/documentation/configuration/overview/#core) options.<br> If external admins in `auth` are not defined and there are no `admin_user` and `admin_password` defined here, the default credentials will be generated. |
-| config.database | tpl/object | `{}` | Database configuration options |
+| config.database | tpl/object | `{}` | [Database configuration](https://wgportal.org/latest/documentation/configuration/overview/#database) options |
-| config.mail | tpl/object | `{}` | Mail configuration options |
+| config.mail | tpl/object | `{}` | [Mail configuration](https://wgportal.org/latest/documentation/configuration/overview/#mail) options |
-| config.statistics | tpl/object | `{}` | Statistics configuration options |
+| config.statistics | tpl/object | `{}` | [Statistics configuration](https://wgportal.org/latest/documentation/configuration/overview/#statistics) options |
-| config.web | tpl/object | `{}` | Web configuration options.<br> `listening_address` will be set automatically from `service.web.port`. `external_url` is required to enable ingress and certificate resources. |
+| config.web | tpl/object | `{}` | [Web configuration](https://wgportal.org/latest/documentation/configuration/overview/#web) options.<br> `listening_address` will be set automatically from `service.web.port`. `external_url` is required to enable ingress and certificate resources. |
 | revisionHistoryLimit | string | `10` | The number of old ReplicaSets to retain to allow rollback. |
 | workloadType | string | `"Deployment"` | Workload type - `Deployment` or `StatefulSet` |
 | strategy | object | `{"type":"RollingUpdate"}` | Update strategy for the workload Valid values are:  `RollingUpdate` or `Recreate` for Deployment,  `RollingUpdate` or `OnDelete` for StatefulSet |
@@ -73,6 +73,7 @@ The [Values](#values) section lists the parameters that can be configured during
 | service.web.annotations | object | `{}` | Annotations for the web service |
 | service.web.type | string | `"ClusterIP"` | Web service type |
 | service.web.port | int | `8888` | Web service port Used for the web interface listener |
+| service.web.appProtocol | string | `"http"` | Web service appProtocol. Will be auto set to `https` if certificate is enabled. |
 | service.wireguard.annotations | object | `{}` | Annotations for the WireGuard service |
 | service.wireguard.type | string | `"LoadBalancer"` | Wireguard service type |
 | service.wireguard.ports | list | `[51820]` | Wireguard service ports. Exposes the WireGuard ports for created interfaces. Lowerest port is selected as start port for the first interface. Increment next port by 1 for each additional interface. |

deploy/helm/templates/_service.tpl

@@ -51,3 +51,16 @@ spec:
   {{- end }}
   selector: {{- include "wg-portal.selectorLabels" .context | nindent 4 }}
 {{- end -}}
+
+{{/*
+Define the service port template for the web port
+*/}}
+{{- define "wg-portal.service.webPort" -}}
+name: web
+port: {{ .Values.service.web.port }}
+protocol: TCP
+targetPort: web
+{{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.Version }}
+appProtocol: {{ ternary "https" .Values.service.web.appProtocol .Values.certificate.enabled }}
+{{- end -}}
+{{- end -}}

deploy/helm/templates/service.yaml

@@ -1,4 +1,4 @@
-{{- $portsWeb := list (dict "name" "web" "port" .Values.service.web.port "protocol" "TCP" "targetPort" "web") -}}
+{{- $portsWeb := list (include "wg-portal.service.webPort" . | fromYaml) -}}
 {{- $ports := list -}}
 {{- range $idx, $port := .Values.service.wireguard.ports -}}
 {{- $name := printf "wg%d" $idx -}}

deploy/helm/values.yaml

@@ -3,37 +3,36 @@
 # Declare variables to be passed into your templates.
 
 # -- Partially override resource names (adds suffix)
-nameOverride: ''
+nameOverride: ""
 # -- Fully override resource names
-fullnameOverride: ''
+fullnameOverride: ""
 # -- Array of extra objects to deploy with the release
 extraDeploy: []
 
-# https://github.com/h44z/wg-portal/blob/master/README.md#configuration-options
 config:
-  # -- (tpl/object) Advanced configuration options.
+  # -- (tpl/object) [Advanced configuration](https://wgportal.org/latest/documentation/configuration/overview/#advanced) options.
   advanced: {}
-  # -- (tpl/object) Auth configuration options.
+  # -- (tpl/object) [Auth configuration](https://wgportal.org/latest/documentation/configuration/overview/#auth) options.
   auth: {}
-  # -- (tpl/object) Core configuration options.<br>
+  # -- (tpl/object) [Core configuration](https://wgportal.org/latest/documentation/configuration/overview/#core) options.<br>
   # If external admins in `auth` are not defined and
   # there are no `admin_user` and `admin_password` defined here,
   # the default credentials will be generated.
   core: {}
-  # -- (tpl/object) Database configuration options
+  # -- (tpl/object) [Database configuration](https://wgportal.org/latest/documentation/configuration/overview/#database) options
   database: {}
-  # -- (tpl/object) Mail configuration options
+  # -- (tpl/object) [Mail configuration](https://wgportal.org/latest/documentation/configuration/overview/#mail) options
   mail: {}
-  # -- (tpl/object) Statistics configuration options
+  # -- (tpl/object) [Statistics configuration](https://wgportal.org/latest/documentation/configuration/overview/#statistics) options
   statistics: {}
-  # -- (tpl/object) Web configuration options.<br>
+  # -- (tpl/object) [Web configuration](https://wgportal.org/latest/documentation/configuration/overview/#web) options.<br>
   # `listening_address` will be set automatically from `service.web.port`.
   # `external_url` is required to enable ingress and certificate resources.
   web: {}
 
 # -- The number of old ReplicaSets to retain to allow rollback.
 # @default -- `10`
-revisionHistoryLimit: ''
+revisionHistoryLimit: ""
 # -- Workload type - `Deployment` or `StatefulSet`
 workloadType: Deployment
 # -- Update strategy for the workload
@@ -49,7 +48,7 @@ image:
   # -- Image pull policy
   pullPolicy: IfNotPresent
   # -- Overrides the image tag whose default is the chart appVersion
-  tag: ''
+  tag: ""
 
 # -- Image pull secrets
 imagePullSecrets: []
@@ -73,14 +72,14 @@ sidecarContainers: []
 # -- Set DNS policy for the pod.
 # Valid values are `ClusterFirstWithHostNet`, `ClusterFirst`, `Default` or `None`.
 # @default -- `"ClusterFirst"`
-dnsPolicy: ''
+dnsPolicy: ""
 # -- Restart policy for all containers within the pod.
 # Valid values are `Always`, `OnFailure` or `Never`.
 # @default -- `"Always"`
-restartPolicy: ''
+restartPolicy: ""
 # -- Use the host's network namespace.
 # @default -- `false`.
-hostNetwork: ''
+hostNetwork: ""
 # -- Resources requests and limits
 resources: {}
 # -- Overwrite pod command
@@ -123,6 +122,8 @@ service:
     # -- Web service port
     # Used for the web interface listener
     port: 8888
+    # -- Web service appProtocol. Will be auto set to `https` if certificate is enabled.
+    appProtocol: http
   wireguard:
     # -- Annotations for the WireGuard service
     annotations: {}
@@ -141,7 +142,7 @@ ingress:
   # -- Specifies whether an ingress resource should be created
   enabled: false
   # -- Ingress class name
-  className: ''
+  className: ""
   # -- Ingress annotations
   annotations: {}
   # -- Ingress TLS configuration.
@@ -153,17 +154,17 @@ certificate:
   enabled: false
   issuer:
     # -- Certificate issuer name
-    name: ''
+    name: ""
     # -- Certificate issuer kind (ClusterIssuer or Issuer)
-    kind: ''
+    kind: ""
     # -- Certificate issuer group
     group: cert-manager.io
   # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
-  duration: ''
+  duration: ""
   # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
-  renewBefore: ''
+  renewBefore: ""
   # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
-  commonName: ''
+  commonName: ""
   # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
   emailAddresses: []
   # -- Optional. [Documentation](https://cert-manager.io/docs/usage/certificate/#creating-certificate-resources)
@@ -188,7 +189,7 @@ persistence:
   annotations: {}
   # -- Persistent Volume storage class.
   # If undefined (the default) cluster's default provisioner will be used.
-  storageClass: ''
+  storageClass: ""
   # -- Persistent Volume Access Mode
   accessMode: ReadWriteOnce
   # -- Persistent Volume size
@@ -203,7 +204,7 @@ serviceAccount:
   automount: false
   # -- The name of the service account to use.
   # If not set and create is true, a name is generated using the fullname template
-  name: ''
+  name: ""
 
 monitoring:
   # -- Enable Prometheus monitoring.
@@ -220,15 +221,15 @@ monitoring:
   annotations: {}
   # -- Interval at which metrics should be scraped. If not specified `config.statistics.data_collection_interval` interval is used.
   # @default -- `1m`
-  interval: ''
+  interval: ""
   # -- Relabelings to samples before ingestion.
   metricRelabelings: []
   # -- Relabelings to samples before scraping.
   relabelings: []
   # -- Timeout after which the scrape is ended If not specified, the Prometheus global scrape interval is used.
-  scrapeTimeout: ''
+  scrapeTimeout: ""
   # -- The label to use to retrieve the job name from.
-  jobLabel: ''
+  jobLabel: ""
   # -- Transfers labels on the Kubernetes Pod onto the target.
   podTargetLabels: {}
 
@@ -241,4 +242,4 @@ monitoring:
     labels: {}
     # -- Dashboard ConfigMap namespace
     # Overrides the namespace for the dashboard ConfigMap.
-    namespace: ''
+    namespace: ""

mkdocs.yml

@@ -63,7 +63,7 @@ nav:
       - Getting Started:
           - Binaries: documentation/getting-started/binaries.md
           - Docker: documentation/getting-started/docker.md
-          - Kubernetes: documentation/getting-started/kubernetes.md
+          - Helm: documentation/getting-started/helm.md
           - Sources: documentation/getting-started/sources.md
       - Configuration:
           - Overview: documentation/configuration/overview.md