diff --git a/applications/wg-easy/README.md b/applications/wg-easy/README.md index 03052995..83a65a12 100644 --- a/applications/wg-easy/README.md +++ b/applications/wg-easy/README.md @@ -43,9 +43,9 @@ The `task release-prepare` command walks all `charts/*/replicated/` directories, Charts are deployed in dependency order via `helmfile.yaml.gotmpl`. The same helmfile serves two purposes through Helmfile environments: -- **`default` environment**: Charts are installed from local paths (`./charts/cert-manager`, `./charts/wg-easy`, etc.). The Replicated SDK is disabled. This is the inner development loop -- validate chart changes against a test cluster without touching the Replicated platform. +- **`default` environment**: Charts are installed from local paths (`./charts/cert-manager`, `./charts/wg-easy`, etc.). This is the inner development loop -- validate chart changes against a test cluster without touching the Replicated platform. -- **`replicated` environment**: Charts are pulled from the Replicated OCI registry (`oci://registry.replicated.com///`), authenticated with a customer license ID. Container images are routed through the Replicated registry proxy. The Replicated SDK is enabled. This simulates what an end customer's installation looks like. +- **`replicated` environment**: Charts are pulled from the Replicated OCI registry (`oci://registry.replicated.com///`), authenticated with a customer license ID. Container images are routed through the Replicated registry proxy. This simulates what an end customer's installation looks like. ```bash # Local development -- charts from disk @@ -89,12 +89,11 @@ applications/wg-easy/ ├── charts/ │ ├── cert-manager/ # Wrapped cert-manager chart │ ├── cert-manager-issuers/ # Chart for cert-manager issuers -│ ├── replicated-sdk/ # Replicated SDK chart │ ├── templates/ # Common templates shared across charts │ ├── traefik/ # Wrapped Traefik chart -│ └── wg-easy/ # Main application chart +│ └── wg-easy/ # Main application chart (includes Replicated SDK as dependency) ├── replicated/ # Root Replicated configuration -├── taskfiles/ # Task utility functions +├── development-config-values.yaml # ConfigValues for headless installs ├── helmfile.yaml.gotmpl # Defines chart installation order └── Taskfile.yaml # Main task definitions ``` diff --git a/applications/wg-easy/Taskfile.yaml b/applications/wg-easy/Taskfile.yaml index b5f26172..6243d050 100644 --- a/applications/wg-easy/Taskfile.yaml +++ b/applications/wg-easy/Taskfile.yaml @@ -668,10 +668,11 @@ tasks: - dependencies-update chart-validate: - desc: Validate all Helm charts (lint + template + helmfile) + desc: Validate all Helm charts (lint + template + helmfile + config contract) cmds: - task: chart-lint-all - task: chart-template-all + - task: config-validate - echo "Validating helmfile template..." - | if [ -f "helmfile.yaml.gotmpl" ]; then @@ -689,6 +690,109 @@ tasks: echo "No helmfile.yaml.gotmpl found, skipping helmfile validation" fi + config-validate: + desc: Validate the four-way contract between values.yaml, HelmChart CR, KOTS Config, and ConfigValues + cmds: + - echo "Validating configuration contract..." + - | + ERRORS=0 + + # 1. Collect all config item names from KOTS Config screens + CONFIG_ITEMS=$(find . -path '*/replicated/config.yaml' -exec yq -r '.spec.groups[].items[].name' {} \; 2>/dev/null | sort -u) + ROOT_CONFIG_ITEMS="" + if [ -f "./replicated/config.yaml" ]; then + ROOT_CONFIG_ITEMS=$(yq -r '.spec.groups[].items[].name' ./replicated/config.yaml 2>/dev/null | sort -u) + fi + ALL_CONFIG_ITEMS=$(echo -e "${CONFIG_ITEMS}\n${ROOT_CONFIG_ITEMS}" | sort -u | grep -v '^$') + + echo "=== KOTS Config items ===" + echo "$ALL_CONFIG_ITEMS" + echo "" + + # 2. Collect all ConfigOption references from HelmChart CRs + HELMCHART_REFS=$(find . -path '*/replicated/helmChart-*.yaml' -exec grep -o 'ConfigOption [^}]*' {} \; 2>/dev/null | sed 's/ConfigOption [`"'"'"']//' | sed 's/[`"'"'"'].*//' | sed 's/ConfigOption //' | sort -u) + + echo "=== ConfigOption references in HelmChart CRs ===" + echo "$HELMCHART_REFS" + echo "" + + # 3. Check that every ConfigOption reference has a matching Config item + for ref in $HELMCHART_REFS; do + if ! echo "$ALL_CONFIG_ITEMS" | grep -qx "$ref"; then + echo "ERROR: HelmChart references ConfigOption '$ref' but no matching Config item found" + ERRORS=$((ERRORS + 1)) + fi + done + + # 4. Check that every Config item is referenced in at least one HelmChart CR + for item in $ALL_CONFIG_ITEMS; do + if ! echo "$HELMCHART_REFS" | grep -qx "$item"; then + echo "WARNING: Config item '$item' is not referenced by any HelmChart CR" + fi + done + + # 5. Validate ConfigValues file if present + if [ -f "development-config-values.yaml" ]; then + echo "=== Validating development-config-values.yaml ===" + CV_ITEMS=$(yq -r '.spec.values | keys | .[]' development-config-values.yaml 2>/dev/null | sort -u) + echo "ConfigValues items: $CV_ITEMS" + echo "" + + # Every ConfigValues item should match a Config item + for cv_item in $CV_ITEMS; do + if ! echo "$ALL_CONFIG_ITEMS" | grep -qx "$cv_item"; then + echo "ERROR: ConfigValues contains '$cv_item' but no matching Config item found" + ERRORS=$((ERRORS + 1)) + fi + done + + # Every required Config item should have a value in ConfigValues + REQUIRED_ITEMS=$(find . -path '*/replicated/config.yaml' -exec yq -r '.spec.groups[].items[] | select(.required == true) | .name' {} \; 2>/dev/null | sort -u) + if [ -f "./replicated/config.yaml" ]; then + ROOT_REQUIRED=$(yq -r '.spec.groups[].items[] | select(.required == true) | .name' ./replicated/config.yaml 2>/dev/null | sort -u) + REQUIRED_ITEMS=$(echo -e "${REQUIRED_ITEMS}\n${ROOT_REQUIRED}" | sort -u | grep -v '^$') + fi + + for req_item in $REQUIRED_ITEMS; do + CV_VALUE=$(yq -r ".spec.values.\"$req_item\".value" development-config-values.yaml 2>/dev/null) + if [ -z "$CV_VALUE" ]; then + echo "ERROR: Required Config item '$req_item' has no value in development-config-values.yaml" + ERRORS=$((ERRORS + 1)) + fi + done + else + echo "WARNING: No development-config-values.yaml found, skipping ConfigValues validation" + fi + + # 6. Validate HelmChart value keys exist in chart values.yaml + echo "" + echo "=== Validating HelmChart values against chart values.yaml ===" + find ./charts -maxdepth 2 -mindepth 2 -type d -name replicated | while read chartDir; do + parent=$(basename $(dirname $chartDir)) + helmChartFile="$chartDir/helmChart-$parent.yaml" + valuesFile="$(dirname $chartDir)/values.yaml" + + if [ -f "$helmChartFile" ] && [ -f "$valuesFile" ]; then + # Extract top-level value keys from HelmChart CR (excluding template functions) + HC_KEYS=$(yq -r '.spec.values | keys | .[]' "$helmChartFile" 2>/dev/null | sort -u) + VALUES_KEYS=$(yq -r 'keys | .[]' "$valuesFile" 2>/dev/null | sort -u) + + for key in $HC_KEYS; do + if ! echo "$VALUES_KEYS" | grep -qx "$key"; then + echo "INFO: HelmChart $parent sets top-level key '$key' not in $valuesFile (may be subchart value)" + fi + done + fi + done + + echo "" + if [ $ERRORS -gt 0 ]; then + echo "FAILED: $ERRORS error(s) found in configuration contract" + exit 1 + else + echo "Configuration contract validation passed!" + fi + chart-package-all: desc: Package all Helm charts for distribution cmds: diff --git a/applications/wg-easy/charts/cert-manager/templates/_supportbundle.tpl b/applications/wg-easy/charts/cert-manager/templates/_supportbundle.tpl index 6e05ee0e..62a1700b 100644 --- a/applications/wg-easy/charts/cert-manager/templates/_supportbundle.tpl +++ b/applications/wg-easy/charts/cert-manager/templates/_supportbundle.tpl @@ -6,7 +6,7 @@ metadata: spec: collectors: - logs: - namespace: {{ .Release.Namespace }} + namespaces: {{ .Release.Namespace }} selector: - app.kubernetes.io/instance=cert-manager -{{- end -}} +{{- end -}} diff --git a/applications/wg-easy/charts/replicated/Chart.lock b/applications/wg-easy/charts/replicated/Chart.lock deleted file mode 100644 index 8ce12e03..00000000 --- a/applications/wg-easy/charts/replicated/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: templates - repository: file://../templates - version: 1.1.0 -- name: replicated - repository: oci://registry.replicated.com/library - version: 1.7.0 -digest: sha256:846ea61ba3696e1ba9b6283a30b39754558750c1ff9c779981595cd592259501 -generated: "2025-06-25T10:58:27.696287-04:00" diff --git a/applications/wg-easy/charts/replicated/Chart.yaml b/applications/wg-easy/charts/replicated/Chart.yaml deleted file mode 100644 index 6fb9e788..00000000 --- a/applications/wg-easy/charts/replicated/Chart.yaml +++ /dev/null @@ -1,10 +0,0 @@ -name: replicated -version: 1.7.0 -apiVersion: v2 -dependencies: - - name: templates - version: '*' - repository: file://../templates - - name: replicated - repository: oci://registry.replicated.com/library - version: 1.7.0 diff --git a/applications/wg-easy/charts/replicated/replicated/helmChart-replicated.yaml b/applications/wg-easy/charts/replicated/replicated/helmChart-replicated.yaml deleted file mode 100644 index 3b5ecf3d..00000000 --- a/applications/wg-easy/charts/replicated/replicated/helmChart-replicated.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: kots.io/v1beta2 -kind: HelmChart -metadata: - name: replicated -spec: - chart: - name: replicated - weight: 1 - - # helmUpgradeFlags specifies additional flags to pass to the `helm upgrade` command. - helmUpgradeFlags: - - --skip-crds - - --timeout - - 30s - - --history-max=15 - - --wait - - values: - replicated: - image: - registry: '{{repl HasLocalRegistry | ternary LocalRegistryHost "registry.replicated.com" }}' - repository: '{{repl HasLocalRegistry | ternary LocalRegistryNamespace "library" }}/replicated-sdk-image' - imagePullSecrets: - - name: '{{repl ImagePullSecretName }}' - namespace: replicated - builder: {} diff --git a/applications/wg-easy/charts/replicated/values.yaml b/applications/wg-easy/charts/replicated/values.yaml deleted file mode 100644 index 3deb696a..00000000 --- a/applications/wg-easy/charts/replicated/values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# Values for replicated-sdk chart -replicated: - enabled: true - image: - registry: registry.replicated.com - repository: "library/replicated-sdk-image" diff --git a/applications/wg-easy/charts/wg-easy/Chart.lock b/applications/wg-easy/charts/wg-easy/Chart.lock index 265e1306..987936db 100644 --- a/applications/wg-easy/charts/wg-easy/Chart.lock +++ b/applications/wg-easy/charts/wg-easy/Chart.lock @@ -5,5 +5,8 @@ dependencies: - name: templates repository: file://../templates version: 1.1.0 -digest: sha256:b31a8b14ce1e7d0bb2452ff43d6e5433bd438c86cff3138c4a028902950e9884 -generated: "2025-06-25T10:58:36.514573-04:00" +- name: replicated + repository: oci://registry.replicated.com/library + version: 1.16.0 +digest: sha256:5370f364086a8743fd2aca9559f6effbd2a0d87eb793d31c3938360e82cd8bf3 +generated: "2026-02-24T13:52:16.626819-05:00" diff --git a/applications/wg-easy/charts/wg-easy/Chart.yaml b/applications/wg-easy/charts/wg-easy/Chart.yaml index bf1d3b59..b5fc452f 100644 --- a/applications/wg-easy/charts/wg-easy/Chart.yaml +++ b/applications/wg-easy/charts/wg-easy/Chart.yaml @@ -6,6 +6,9 @@ dependencies: - name: templates version: '*' repository: file://../templates +- name: replicated + version: 1.16.0 + repository: oci://registry.replicated.com/library description: Simple wireguard with web configuration management home: https://github.com/replicatedhq/platform-examples/ maintainers: diff --git a/applications/wg-easy/charts/wg-easy/replicated/helmChart-wg-easy.yaml b/applications/wg-easy/charts/wg-easy/replicated/helmChart-wg-easy.yaml index b163f89d..e4d3c0d1 100644 --- a/applications/wg-easy/charts/wg-easy/replicated/helmChart-wg-easy.yaml +++ b/applications/wg-easy/charts/wg-easy/replicated/helmChart-wg-easy.yaml @@ -6,7 +6,7 @@ spec: chart: name: wg-easy weight: 3 - + # helmUpgradeFlags specifies additional flags to pass to the `helm upgrade` command. helmUpgradeFlags: - --skip-crds @@ -16,6 +16,13 @@ spec: - --wait values: + replicated: + createPullSecret: true + image: + registry: '{{repl HasLocalRegistry | ternary LocalRegistryHost "registry.replicated.com" }}' + repository: '{{repl HasLocalRegistry | ternary LocalRegistryNamespace "library" }}/replicated-sdk-image' + imagePullSecrets: + - name: '{{repl ImagePullSecretName }}' service: vpn: ports: @@ -43,4 +50,6 @@ spec: repository: '{{repl HasLocalRegistry | ternary LocalRegistryHost "docker.io" }}/{{repl HasLocalRegistry | ternary LocalRegistryNamespace "library" }}/debian:bookworm-slim' namespace: wg-easy - builder: {} + builder: + replicated: + enabled: true diff --git a/applications/wg-easy/charts/wg-easy/templates/_supportbundle.tpl b/applications/wg-easy/charts/wg-easy/templates/_supportbundle.tpl index 404932e2..6b616ba3 100644 --- a/applications/wg-easy/charts/wg-easy/templates/_supportbundle.tpl +++ b/applications/wg-easy/charts/wg-easy/templates/_supportbundle.tpl @@ -5,6 +5,9 @@ metadata: name: wg-easy-supportbundle spec: collectors: + - clusterResources: + namespaces: + - {{ .Release.Namespace }} - logs: namespace: {{ .Release.Namespace }} selector: @@ -21,4 +24,4 @@ spec: - pass: when: 'net.ipv4.ip_forward == 1' message: "IP forwarding is enabled." -{{- end -}} +{{- end -}} diff --git a/applications/wg-easy/charts/wg-easy/values.yaml b/applications/wg-easy/charts/wg-easy/values.yaml index 46e8f035..61cbb396 100644 --- a/applications/wg-easy/charts/wg-easy/values.yaml +++ b/applications/wg-easy/charts/wg-easy/values.yaml @@ -13,7 +13,7 @@ wireguard: port: 51820 # This is used in the postUp defaultAddress: 10.10.10.x defaultDns: 1.1.1.1 - allowedIps: 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3 + allowedIps: 0.0.0.0/0 postUp: iptables -A FORWARD -i wg0 -o eth0 -d 192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 -j DROP; iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT # Shared templates for Traefik routes diff --git a/applications/wg-easy/development-config-values.yaml b/applications/wg-easy/development-config-values.yaml new file mode 100644 index 00000000..0d1eb0c6 --- /dev/null +++ b/applications/wg-easy/development-config-values.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: kots.io/v1beta1 +kind: ConfigValues +metadata: + name: wg-easy +spec: + values: + # Wireguard Settings + password: + value: "testpassword123" + domain: + value: "10.0.0.11" + vpn-port: + default: "20000" + value: "20000" diff --git a/applications/wg-easy/docs/chart-structure.md b/applications/wg-easy/docs/chart-structure.md index 25b065f3..524db433 100644 --- a/applications/wg-easy/docs/chart-structure.md +++ b/applications/wg-easy/docs/chart-structure.md @@ -6,19 +6,21 @@ This document explains the modular chart approach used in the WG-Easy Helm chart ``` applications/wg-easy/ -├── charts/templates/ # Common templates shared across charts -│ ├── traefik-routes.yaml # Templates for Traefik IngressRoutes -│ └── traefik-route-tcp.yaml # Templates for Traefik TCP routes -├── cert-manager/ # Wrapped cert-manager chart -├── cert-manager-issuers/ # Chart for cert-manager issuers +├── charts/ +│ ├── templates/ # Common templates shared across charts +│ │ ├── traefik-routes.yaml # Templates for Traefik IngressRoutes +│ │ └── traefik-route-tcp.yaml # Templates for Traefik TCP routes +│ ├── cert-manager/ # Wrapped cert-manager chart +│ ├── cert-manager-issuers/ # Chart for cert-manager issuers +│ ├── traefik/ # Wrapped Traefik chart +│ └── wg-easy/ # Main application chart (includes Replicated SDK as dependency) ├── replicated/ # Root Replicated configuration -├── replicated-sdk/ # Replicated SDK chart -├── traefik/ # Wrapped Traefik chart -├── wg-easy/ # Main application chart -├── helmfile.yaml.gotmpl # Defines chart installation order +├── helmfile.yaml.gotmpl # Defines chart installation order └── Taskfile.yaml # Main task definitions ``` +The Replicated SDK is included as a dependency of the wg-easy chart (declared in `charts/wg-easy/Chart.yaml`) rather than deployed as a standalone chart. This means the SDK runs in the same namespace as the application and its values are configured through the `replicated` key in the wg-easy HelmChart CR. + ## Chart Wrapping Concept Chart wrapping is a core technique in this pattern where upstream Helm charts are encapsulated in local charts rather than used directly. This provides several key benefits: diff --git a/applications/wg-easy/docs/replicated-integration.md b/applications/wg-easy/docs/replicated-integration.md index 36b620e6..d401a305 100644 --- a/applications/wg-easy/docs/replicated-integration.md +++ b/applications/wg-easy/docs/replicated-integration.md @@ -121,6 +121,61 @@ The composable configuration approach enables multi-team ownership of a single R 4. **Automatic Merging**: Configuration merging is automated at release time 5. **Automatic Aggregation**: Support bundles and preflights are aggregated by Replicated at runtime +## Replicated SDK as a Subchart + +The Replicated SDK is included as a dependency of the wg-easy chart rather than deployed as a standalone chart in its own namespace. This is declared in `charts/wg-easy/Chart.yaml`: + +```yaml +dependencies: + - name: replicated + version: 1.16.0 + repository: oci://registry.replicated.com/library +``` + +The SDK values (image registry overrides, pull secrets) are configured in the wg-easy HelmChart CR under the `replicated` key. The `builder` section enables the SDK to resolve images during airgap builds: + +```yaml +# charts/wg-easy/replicated/helmChart-wg-easy.yaml +spec: + values: + replicated: + createPullSecret: true + image: + registry: '{{repl HasLocalRegistry | ternary LocalRegistryHost "registry.replicated.com" }}' + ... + builder: + replicated: + enabled: true +``` + +This approach keeps the SDK in the same namespace as the application, simplifying deployment and reducing the number of namespaces to manage. + +## Headless Installation with ConfigValues + +A `development-config-values.yaml` file provides default values for headless (non-interactive) installations. This file uses the KOTS `ConfigValues` kind and maps directly to the items defined in the KOTS Config screen: + +```yaml +apiVersion: kots.io/v1beta1 +kind: ConfigValues +metadata: + name: wg-easy +spec: + values: + password: + value: "testpassword123" + domain: + value: "10.0.0.11" + vpn-port: + default: "20000" + value: "20000" +``` + +The `task config-validate` command validates the four-way contract between: +1. **`values.yaml`** -- chart defaults +2. **`helmChart-*.yaml`** -- KOTS HelmChart CR (maps ConfigOption references to chart values) +3. **`config.yaml`** -- KOTS Config screen items +4. **`development-config-values.yaml`** -- ConfigValues for headless installs + ## Embedded Cluster Support Replicated's embedded Kubernetes capability is configured via the `cluster.yaml` file: @@ -129,10 +184,10 @@ Replicated's embedded Kubernetes capability is configured via the `cluster.yaml` apiVersion: embeddedcluster.replicated.com/v1beta1 kind: Config spec: - version: 2.1.3+k8s-1.29 + version: 2.13.4+k8s-1.33 unsupportedOverrides: k0s: |- - config: + config: spec: workerProfiles: - name: default diff --git a/applications/wg-easy/docs/task-reference.md b/applications/wg-easy/docs/task-reference.md index bee5db7f..f770fadb 100644 --- a/applications/wg-easy/docs/task-reference.md +++ b/applications/wg-easy/docs/task-reference.md @@ -44,6 +44,7 @@ These tasks support the iterative development process, focusing on fast feedback | Task | Description | Related Workflow Stage | |------|-------------|------------------------| | `dependencies-update` | Updates Helm dependencies for all charts in the repository | Stage 1: Dependencies | +| `config-validate` | Validates the four-way contract between values.yaml, HelmChart CR, KOTS Config, and ConfigValues | Stage 2-3: Validation | | `helm-preflight` | Runs preflight checks on Helm charts using the preflight CLI | Stage 4: Validation | | `helm-install` | Installs all charts using helmfile with proper sequencing | Stage 5: Integration Testing | | `ports-expose` | Exposes the configured ports on the cluster for testing | Stage 4-5: Chart Installation/Integration | diff --git a/applications/wg-easy/helmfile.yaml.gotmpl b/applications/wg-easy/helmfile.yaml.gotmpl index fa86f2ac..e37acd66 100644 --- a/applications/wg-easy/helmfile.yaml.gotmpl +++ b/applications/wg-easy/helmfile.yaml.gotmpl @@ -14,16 +14,12 @@ environments: certManagerIssuers: ./charts/cert-manager-issuers traefik: ./charts/traefik wgEasy: ./charts/wg-easy - replicatedSDK: ./charts/replicated # Dynamic chart versions read from Chart.yaml files - chartVersions: certManager: '{{ exec "yq" (list ".version" "./charts/cert-manager/Chart.yaml") }}' certManagerIssuers: '{{ exec "yq" (list ".version" "./charts/cert-manager-issuers/Chart.yaml") }}' traefik: '{{ exec "yq" (list ".version" "./charts/traefik/Chart.yaml") }}' wgEasy: '{{ exec "yq" (list ".version" "./charts/wg-easy/Chart.yaml") }}' - replicatedSDK: '{{ exec "yq" (list ".version" "./charts/replicated/Chart.yaml") }}' - - extras: - enableReplicatedSDK: false replicated: values: - app: '{{ env "REPLICATED_APP" | default "wg-easy-cre" }}' @@ -35,16 +31,12 @@ environments: certManagerIssuers: 'oci://registry.replicated.com/{{ env "REPLICATED_APP" | default "wg-easy-cre" }}/{{ env "CHANNEL" | default "unstable" }}/cert-manager-issuers' traefik: 'oci://registry.replicated.com/{{ env "REPLICATED_APP" | default "wg-easy-cre" }}/{{ env "CHANNEL" | default "unstable" }}/traefik' wgEasy: 'oci://registry.replicated.com/{{ env "REPLICATED_APP" | default "wg-easy-cre" }}/{{ env "CHANNEL" | default "unstable" }}/wg-easy' - replicatedSDK: 'oci://registry.replicated.com/{{ env "REPLICATED_APP" | default "wg-easy-cre" }}/{{ env "CHANNEL" | default "unstable" }}/replicated' # Dynamic chart versions read from Chart.yaml files - chartVersions: certManager: '{{ exec "yq" (list ".version" "./charts/cert-manager/Chart.yaml") }}' certManagerIssuers: '{{ exec "yq" (list ".version" "./charts/cert-manager-issuers/Chart.yaml") }}' traefik: '{{ exec "yq" (list ".version" "./charts/traefik/Chart.yaml") }}' wgEasy: '{{ exec "yq" (list ".version" "./charts/wg-easy/Chart.yaml") }}' - replicatedSDK: '{{ exec "yq" (list ".version" "./charts/replicated/Chart.yaml") }}' - - extras: - enableReplicatedSDK: true # Replicated Registry Proxy configurations for container images - proxyImages: wgEasy: @@ -169,23 +161,6 @@ releases: enabled: true {{- end }} - # Install replicated-sdk (only in replicated environment) - - name: replicated - namespace: replicated - chart: {{ .Values.chartSources.replicatedSDK }} - version: {{ .Values.chartVersions.replicatedSDK }} - createNamespace: true - wait: true - installed: {{ .Values.extras.enableReplicatedSDK }} - skipDeps: true - needs: - - traefik/traefik - values: - - templates: - replicated: - imagePullSecret: - enabled: true - # Install wg-easy - name: wg-easy namespace: wg-easy diff --git a/applications/wg-easy/replicated/application.yaml b/applications/wg-easy/replicated/application.yaml index 0f710d53..f43f5448 100644 --- a/applications/wg-easy/replicated/application.yaml +++ b/applications/wg-easy/replicated/application.yaml @@ -6,17 +6,13 @@ metadata: spec: title: wg-easy icon: https://www.logo.wine/a/logo/WireGuard/WireGuard-Icon-Logo.wine.svg - #releaseNotes: These are our release notes allowRollback: true additionalImages: - debian:buster-slim + additionalNamespaces: [] #additionalNamespaces should be populated by the Task file - #ports: - # - serviceName: wg-easy/web - # servicePort: 51821 - # applicationUrl: "http://web" statusInformers: - - wg-easy/deployment/public + - wg-easy/deployment/wg-easy - traefik/deployment/traefik - cert-manager/deployment/cert-manager - cert-manager/deployment/cert-manager-cainjector diff --git a/applications/wg-easy/replicated/cluster.yaml b/applications/wg-easy/replicated/cluster.yaml index 7a3deb7b..fc25c6b1 100644 --- a/applications/wg-easy/replicated/cluster.yaml +++ b/applications/wg-easy/replicated/cluster.yaml @@ -1,10 +1,15 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/replicatedhq/embedded-cluster/refs/heads/main/operator/schemas/config-embeddedcluster-v1beta1.json + apiVersion: embeddedcluster.replicated.com/v1beta1 kind: Config spec: - version: 2.1.3+k8s-1.29 + version: 2.13.4+k8s-1.33 + domains: + proxyRegistryDomain: proxy.xdrcft.net + replicatedAppDomain: app.xdrcft.net unsupportedOverrides: k0s: |- - config: + config: spec: workerProfiles: - name: default diff --git a/applications/wg-easy/task-dependency-graph.md b/applications/wg-easy/task-dependency-graph.md index f858044f..c21005c3 100644 --- a/applications/wg-easy/task-dependency-graph.md +++ b/applications/wg-easy/task-dependency-graph.md @@ -16,6 +16,7 @@ graph TD DU --> CTA[chart-template-all
📥 chart directories
📤 template validation] CLA --> CV[chart-validate
📥 chart directories
📤 validation status] CTA --> CV + CFV[config-validate
📥 config.yaml, helmChart, ConfigValues
📤 contract status] --> CV %% Release Chain DU --> RP[release-prepare
📥 chart directories
📤 release/ directory] @@ -129,11 +130,17 @@ graph TD - **Dependencies**: `dependencies-update` - **Purpose**: Template charts to validate syntax +#### `config-validate` +- **Inputs**: `config.yaml` files, `helmChart-*.yaml` files, `development-config-values.yaml`, `values.yaml` files +- **Outputs**: Contract validation status (errors/warnings) +- **Dependencies**: None +- **Purpose**: Validate the four-way contract between chart values, HelmChart CRs, KOTS Config items, and ConfigValues + #### `chart-validate` - **Inputs**: Chart directories, helmfile template - **Outputs**: Complete validation status -- **Dependencies**: `chart-lint-all`, `chart-template-all` -- **Purpose**: Complete chart validation including helmfile +- **Dependencies**: `chart-lint-all`, `chart-template-all`, `config-validate` +- **Purpose**: Complete chart validation including helmfile and config contract #### `chart-package-all` - **Inputs**: Chart directories