From 316c9da542722fc4a15f0155dacaa2eddf088d76 Mon Sep 17 00:00:00 2001
From: Romain Pluciennik <romain.pluciennik@gmail.com>
Date: Wed, 21 Aug 2024 00:32:49 +0200
Subject: [PATCH] feat(cloudflare): Initial release (#17)

* feat(cloudflare): Initial release

* feat(cloudflare): Update README.md
---
 README.md                                     |   1 +
 charts/cloudflare-tunnel/.helmignore          |  23 ++++
 charts/cloudflare-tunnel/Chart.lock           |   6 +
 charts/cloudflare-tunnel/Chart.yaml           |  30 +++++
 charts/cloudflare-tunnel/README.md            | 109 ++++++++++++++++++
 .../cloudflare-tunnel/README_CONFIG.md.gotmpl |  15 +++
 charts/cloudflare-tunnel/icon.svg             |   7 ++
 .../cloudflare-tunnel/templates/common.yaml   |  59 ++++++++++
 charts/cloudflare-tunnel/values.yaml          |  76 ++++++++++++
 9 files changed, 326 insertions(+)
 create mode 100644 charts/cloudflare-tunnel/.helmignore
 create mode 100644 charts/cloudflare-tunnel/Chart.lock
 create mode 100644 charts/cloudflare-tunnel/Chart.yaml
 create mode 100644 charts/cloudflare-tunnel/README.md
 create mode 100644 charts/cloudflare-tunnel/README_CONFIG.md.gotmpl
 create mode 100644 charts/cloudflare-tunnel/icon.svg
 create mode 100644 charts/cloudflare-tunnel/templates/common.yaml
 create mode 100644 charts/cloudflare-tunnel/values.yaml

diff --git a/README.md b/README.md
index 163c414..1febe44 100644
--- a/README.md
+++ b/README.md
@@ -27,6 +27,7 @@ The code in this repository is provided as-is with no warranties.
 
 | Chart | Description |
 | ----- | ----------- |
+| [# cloudflare-tunnel <img src='https://raw.githubusercontent.com/plcnk/charts/master/charts/cloudflare-tunnel/icon.svg' alt='cloudflare-tunnel icon' width='18px' align='right' loading='lazy'>](https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel/) | Connect your resources to Cloudflare without a publicly routable IP address. |
 | [# it-tools <img src='https://raw.githubusercontent.com/plcnk/charts/master/charts/it-tools/icon.svg' alt='it-tools icon' width='18px' align='right' loading='lazy'>](https://github.com/plcnk/charts/tree/master/charts/it-tools/) | Collection of handy online tools for developers, with great UX. |
 | [# moodist <img src='https://raw.githubusercontent.com/plcnk/charts/master/charts/moodist/icon.svg' alt='moodist icon' width='18px' align='right' loading='lazy'>](https://github.com/plcnk/charts/tree/master/charts/moodist/) | Ambient sounds for focus and calm. |
 | [# wikijs <img src='https://raw.githubusercontent.com/plcnk/charts/master/charts/wikijs/icon.svg' alt='wikijs icon' width='18px' align='right' loading='lazy'>](https://github.com/plcnk/charts/tree/master/charts/wikijs/) | A modern, lightweight and powerful wiki app built on NodeJS. |
diff --git a/charts/cloudflare-tunnel/.helmignore b/charts/cloudflare-tunnel/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/cloudflare-tunnel/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/cloudflare-tunnel/Chart.lock b/charts/cloudflare-tunnel/Chart.lock
new file mode 100644
index 0000000..ed0213d
--- /dev/null
+++ b/charts/cloudflare-tunnel/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: https://bjw-s.github.io/helm-charts
+  version: 3.3.2
+digest: sha256:5a0f9f06aa383b7cc3070899b879401bcd4ae48b021d0a2b7f9ba39827019e24
+generated: "2024-08-20T23:20:57.06668901+02:00"
diff --git a/charts/cloudflare-tunnel/Chart.yaml b/charts/cloudflare-tunnel/Chart.yaml
new file mode 100644
index 0000000..c03624a
--- /dev/null
+++ b/charts/cloudflare-tunnel/Chart.yaml
@@ -0,0 +1,30 @@
+apiVersion: v2
+name: cloudflare-tunnel
+description: Connect your resources to Cloudflare without a publicly routable IP address.
+home: https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel
+icon: https://raw.githubusercontent.com/plcnk/charts/master/charts/cloudflare-tunnel/icon.svg
+type: application
+version: 0.1.0
+# renovate datasource=docker depName=cloudflare/cloudflared
+appVersion: "2024.8.2"
+kubeVersion: ">=1.22.0-0"
+keywords:
+  - cloudflared
+  - cloudflare
+  - argo
+  - tunnel
+dependencies:
+  - name: common
+    repository: https://bjw-s.github.io/helm-charts
+    version: 3.3.2
+sources:
+  - https://github.com/cloudflare/cloudflared
+annotations:
+  artifacthub.io/changes: |-
+    - kind: added
+      description: Initial release
+  artifacthub.io/links: |-
+    - name: App Source
+      url: https://github.com/cloudflare/cloudflared
+    - name: Chart Source
+      url: https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel
diff --git a/charts/cloudflare-tunnel/README.md b/charts/cloudflare-tunnel/README.md
new file mode 100644
index 0000000..3e104f3
--- /dev/null
+++ b/charts/cloudflare-tunnel/README.md
@@ -0,0 +1,109 @@
+# # cloudflare-tunnel
+
+<img src="https://raw.githubusercontent.com/plcnk/charts/master/charts/cloudflare-tunnel/icon.svg" align="right" width="92" alt="cloudflare-tunnel logo">
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat)
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat)
+![AppVersion: 2024.8.2](https://img.shields.io/badge/AppVersion-2024.8.2-informational?style=flat)
+
+Connect your resources to Cloudflare without a publicly routable IP address.
+
+**Homepage:** <https://github.com/plcnk/charts/tree/master/charts/cloudflare-tunnel>
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised
+[here](https://github.com/plcnk/charts/issues/new?assignees=plcnk&labels=bug&template=bug_report.yaml&name=cloudflare-tunnel&version=0.1.0)**
+
+## Source Code
+
+* <https://github.com/cloudflare/cloudflared>
+
+## Requirements
+
+Kubernetes: `>=1.22.0-0`
+
+## Dependencies
+
+| Repository | Name | Version |
+|------------|------|---------|
+| <https://bjw-s.github.io/helm-charts> | common | 3.3.2 |
+
+## Installing the Chart
+
+To install the chart with the release name `cloudflare-tunnel`
+
+### OCI (Recommended)
+
+```console
+helm install cloudflare-tunnel oci://ghcr.io/plcnk/charts/cloudflare-tunnel
+```
+
+### Traditional
+
+```console
+helm repo add plcnk https://charts.plcnk.net
+helm repo update
+helm install cloudflare-tunnel plcnk/cloudflare-tunnel
+```
+
+## Uninstalling the Chart
+
+To uninstall the `cloudflare-tunnel` deployment
+
+```console
+helm uninstall cloudflare-tunnel
+```
+
+The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
+
+## Configuration
+
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Other values may be used from the [values.yaml](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common/values.yaml) from the [bjw-s common library](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common).
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```console
+helm install cloudflare-tunnel \
+  --set env.TZ="America/New York" \
+    plcnk/cloudflare-tunnel
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+
+```console
+helm install cloudflare-tunnel plcnk/cloudflare-tunnel -f values.yaml
+```
+
+## Custom configuration
+
+> [!NOTE]
+> This chart only supports the **remotely-managed** (dashboard) version of Cloudflare Tunnel.
+> The **locally-managed** (CLI) version is currently **not supported**.
+
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from the bjw-s common library chart [here](https://github.com/bjw-s/helm-charts/tree/main/charts/library/common)
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| controllers.main.containers.app.env | object | See [values.yaml](./values.yaml) | Environment variables |
+| controllers.main.containers.app.image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| controllers.main.containers.app.image.repository | string | `"cloudflare/cloudflared"` | Image repository |
+| controllers.main.containers.app.image.tag | string | `"2024.8.2"` | Image tag |
+| controllers.main.containers.app.securityContext.allowPrivilegeEscalation | bool | `false` | Disable privilege escalations |
+| controllers.main.containers.app.securityContext.capabilities | object | `{"drop":["ALL"]}` | Drop all capabilities |
+| controllers.main.containers.app.securityContext.readOnlyRootFilesystem | bool | `true` | Mount the container's root filesystem as read-only |
+| controllers.main.pod.securityContext.fsGroup | int | `65534` | Volume binds will be granted to `nobody` group |
+| controllers.main.pod.securityContext.runAsGroup | int | `65534` | Run as `nobody` group |
+| controllers.main.pod.securityContext.runAsNonRoot | bool | `true` | Run container as a non-root user |
+| controllers.main.pod.securityContext.runAsUser | int | `65534` | Run as `nobody` user |
+| controllers.main.replicas | int | `1` | Number of desired pods |
+| controllers.main.resources | object | `{}` | Set the resource requests / limits for the container. |
+| controllers.main.type | string | `"deployment"` | Controller type |
+| logLevel | string | `"info"` | Set the container log level.    Accepted values: `debug`, `info`, `warn`, `error`, `fatal` |
+| metrics | object | `{"enabled":false,"port":""}` | Enable Metrics Monitor under this key. |
+| tunnel.existingSecret | object | `{"enabled":false,"key":"","name":""}` | You can set the token as an existing secret here. |
+| tunnel.token | string | `"your-token-here"` | Set the Cloudflare Tunnel token here. |
+
+---
+Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)
diff --git a/charts/cloudflare-tunnel/README_CONFIG.md.gotmpl b/charts/cloudflare-tunnel/README_CONFIG.md.gotmpl
new file mode 100644
index 0000000..21aa1ef
--- /dev/null
+++ b/charts/cloudflare-tunnel/README_CONFIG.md.gotmpl
@@ -0,0 +1,15 @@
+{{- define "custom.chart.name" -}}
+# {{ .Name }}
+{{- end -}}
+
+{{- define "custom.custom.configuration.header" -}}
+## Custom configuration
+{{- end -}}
+
+{{- define "custom.custom.configuration" -}}
+{{ template "custom.custom.configuration.header" . }}
+
+> [!NOTE]
+> This chart only supports the **remotely-managed** (dashboard) version of Cloudflare Tunnel.
+> The **locally-managed** (CLI) version is currently **not supported**.
+{{- end -}}
diff --git a/charts/cloudflare-tunnel/icon.svg b/charts/cloudflare-tunnel/icon.svg
new file mode 100644
index 0000000..739274a
--- /dev/null
+++ b/charts/cloudflare-tunnel/icon.svg
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?><!-- Uploaded to: SVG Repo, www.svgrepo.com, Generator: SVG Repo Mixer Tools -->
+<svg xmlns="http://www.w3.org/2000/svg"
+aria-label="Cloudflare" role="img"
+viewBox="0 0 512 512"><rect
+width="512" height="512"
+rx="15%"
+fill="#ffffff"/><path fill="#f38020" d="M331 326c11-26-4-38-19-38l-148-2c-4 0-4-6 1-7l150-2c17-1 37-15 43-33 0 0 10-21 9-24a97 97 0 0 0-187-11c-38-25-78 9-69 46-48 3-65 46-60 72 0 1 1 2 3 2h274c1 0 3-1 3-3z"/><path fill="#faae40" d="M381 224c-4 0-6-1-7 1l-5 21c-5 16 3 30 20 31l32 2c4 0 4 6-1 7l-33 1c-36 4-46 39-46 39 0 2 0 3 2 3h113l3-2a81 81 0 0 0-78-103"/></svg>
\ No newline at end of file
diff --git a/charts/cloudflare-tunnel/templates/common.yaml b/charts/cloudflare-tunnel/templates/common.yaml
new file mode 100644
index 0000000..edeae92
--- /dev/null
+++ b/charts/cloudflare-tunnel/templates/common.yaml
@@ -0,0 +1,59 @@
+{{/* Append the hardcoded settings */}}
+{{- define "cloudflare-tunnel.harcodedValues" -}}
+{{- if .Values.metrics.enabled }}
+service:
+  main:
+    controller: main
+    ports:
+      metrics:
+        port: {{ .Values.metrics.port }}
+        protocol: TCP
+serviceMonitor:
+  main:
+    enabled: true
+    serviceName: {{ include "bjw-s.common.lib.chart.names.fullname" $ }}
+    endpoints:
+      - port: metrics
+        path: /metrics
+{{- end }}
+
+controllers:
+  main:
+    containers:
+      app:
+        {{- if .Values.metrics.enabled }}
+        ports:
+          - name: metrics
+            containerPort: {{ .Values.metrics.port }}
+        {{- end }}
+        env:
+          TUNNEL_TOKEN: {{ if not .Values.tunnel.existingSecret.enabled }}{{ .Values.tunnel.token }}{{ end }}
+            {{- if .Values.tunnel.existingSecret.enabled }}
+            secretKeyRef:
+              name: {{ .Values.tunnel.existingSecret.name }}
+              key: {{ .Values.tunnel.existingSecret.key }}
+            {{- end }}
+        args:
+          - tunnel
+          - --no-autoupdate
+          {{- if .Values.logLevel }}
+          - --loglevel
+          - {{ .Values.logLevel }}
+          {{- end }}
+          {{- if .Values.metrics.enabled }}
+          - --metrics
+          - "0.0.0.0:{{ .Values.metrics.port }}"
+          {{- end }}
+          - run
+          - --token
+          - $(TUNNEL_TOKEN)
+{{- end -}}
+
+{{- $tmplVars := deepCopy . -}}
+{{ include "bjw-s.common.loader.init" $tmplVars }}
+{{- $defaultValues := include "cloudflare-tunnel.harcodedValues" $tmplVars | fromYaml -}}
+{{- $_ := mustMerge .Values $defaultValues -}}
+
+{{/* Render the templates */}}
+{{ include "bjw-s.common.loader.init" . }}
+{{ include "bjw-s.common.loader.generate" . }}
diff --git a/charts/cloudflare-tunnel/values.yaml b/charts/cloudflare-tunnel/values.yaml
new file mode 100644
index 0000000..f5e47dc
--- /dev/null
+++ b/charts/cloudflare-tunnel/values.yaml
@@ -0,0 +1,76 @@
+---
+#
+# IMPORTANT NOTE
+#
+# This chart inherits from our common library chart. You can check the default values/options here:
+# https://github.com/bjw-s/helm-charts/blob/main/charts/library/common/values.yaml
+#
+
+controllers:
+  main:
+    # -- Controller type
+    type: deployment
+    # -- Number of desired pods
+    replicas: 1
+    containers:
+      app:
+        image:
+          # -- Image repository
+          repository: cloudflare/cloudflared
+          # -- Image pull policy
+          pullPolicy: IfNotPresent
+          # -- Image tag
+          tag: 2024.8.2
+
+        # -- Environment variables
+        # @default -- See [values.yaml](./values.yaml)
+        env: {}
+          # TZ: UTC
+
+        securityContext:
+          # -- Mount the container's root filesystem as read-only
+          readOnlyRootFilesystem: true
+          # -- Disable privilege escalations
+          allowPrivilegeEscalation: false
+          # -- Drop all capabilities
+          capabilities:
+            drop:
+              - ALL
+
+    pod:
+      securityContext:
+        # -- Run container as a non-root user
+        runAsNonRoot: true
+        # -- Run as `nobody` user
+        runAsUser: 65534
+        # -- Run as `nobody` group
+        runAsGroup: 65534
+        # -- Volume binds will be granted to `nobody` group
+        fsGroup: 65534
+
+    # -- Set the resource requests / limits for the container.
+    resources: {}
+      # limits:
+      #   cpu: 100m
+      #   memory: 128Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 128Mi
+
+tunnel:
+  # -- Set the Cloudflare Tunnel token here.
+  token: "your-token-here"
+  # -- You can set the token as an existing secret here.
+  existingSecret:
+    enabled: false
+    name: ""
+    key: ""
+
+# -- Set the container log level.
+#    Accepted values: `debug`, `info`, `warn`, `error`, `fatal`
+logLevel: info
+
+# -- Enable Metrics Monitor under this key.
+metrics:
+  enabled: false
+  port: ""