fixingtheMESSIjustmade

docker-lab-Defgard/docker-lab/NginxProxyManagerDocker/docker-compose.yml

@@ -0,0 +1,37 @@
+services:
+  app:
+    image: 'jc21/nginx-proxy-manager:latest'
+    restart: unless-stopped
+    ports:
+      # These ports are in format <host-port>:<container-port>
+      - '80:80' # Public HTTP Port
+      - '443:443' # Public HTTPS Port
+      - '81:81' # Admin Web Port
+      # Add any other Stream port you want to expose
+      # - '21:21' # FTP
+    environment:
+      # Mysql/Maria connection parameters:
+      DB_MYSQL_HOST: "db"
+      DB_MYSQL_PORT: 3306
+      DB_MYSQL_USER: "Zak"
+      DB_MYSQL_PASSWORD: "password"
+      DB_MYSQL_NAME: "npm"
+      # Uncomment this if IPv6 is not enabled on your host
+      # DISABLE_IPV6: 'true'
+    volumes:
+      - ./data:/data
+      - ./letsencrypt:/etc/letsencrypt
+    depends_on:
+      - db
+
+  db:
+    image: 'jc21/mariadb-aria:latest'
+    restart: unless-stopped
+    environment:
+      MYSQL_ROOT_PASSWORD: 'password'
+      MYSQL_DATABASE: 'npm'
+      MYSQL_USER: 'Zak'
+      MYSQL_PASSWORD: 'password'
+      MARIADB_AUTO_UPGRADE: '1'
+    volumes:
+      - ./mysql:/var/lib/mysql

docker-lab-Defgard/docker-lab/authentikDocker/.env

@@ -0,0 +1,22 @@
+PG_USER=authentik
+PG_PASS=complexPASSWORD
+AUTHENTIK_SECRET_KEY=complexPASSWORD
+AUTHENTIK_ERROR_REPORTING__ENABLED=true
+
+AUTHENTIK_EMAIL__HOST=smtp.office365.com
+AUTHENTIK_EMAIL__PORT=587
+# Optionally authenticate (don't add quotation marks to your password)
+AUTHENTIK_EMAIL__USERNAME=zakaria_benmoulay@outlook.com
+AUTHENTIK_EMAIL__PASSWORD=emailPasswd
+# Use StartTLS
+AUTHENTIK_EMAIL__USE_TLS=true
+# Use SSL
+AUTHENTIK_EMAIL__USE_SSL=false
+AUTHENTIK_EMAIL__TIMEOUT=10
+# Email address authentik will send from, should have a correct @domain
+AUTHENTIK_EMAIL__FROM=zakaria_benmoulay@outlook.com
+
+COMPOSE_PORT_HTTP=8941
+COMPOSE_PORT_HTTPS=4443
+# Authentik Version to Pull
+#ATHENTIK_TAG=2023.8.3

docker-lab-Defgard/docker-lab/authentikDocker/docker-compose.yml

@@ -0,0 +1,86 @@
+---
+
+services:
+  postgresql:
+    image: docker.io/library/postgres:16-alpine
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 5s
+    volumes:
+      - database:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: ${PG_PASS:?database password required}
+      POSTGRES_USER: ${PG_USER:-authentik}
+      POSTGRES_DB: ${PG_DB:-authentik}
+    env_file:
+      - .env
+  redis:
+    image: docker.io/library/redis:alpine
+    command: --save 60 1 --loglevel warning
+    restart: unless-stopped
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli ping | grep PONG"]
+      start_period: 20s
+      interval: 30s
+      retries: 5
+      timeout: 3s
+    volumes:
+      - redis:/data
+  server:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.6.2}
+    restart: unless-stopped
+    command: server
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+    volumes:
+      - ./media:/media
+      - ./custom-templates:/templates
+    env_file:
+      - .env
+    ports:
+      - "${COMPOSE_PORT_HTTP:-9000}:9000"
+      - "${COMPOSE_PORT_HTTPS:-9443}:9443"
+    depends_on:
+      - postgresql
+      - redis
+  worker:
+    image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:${AUTHENTIK_TAG:-2024.6.2}
+    restart: unless-stopped
+    command: worker
+    environment:
+      AUTHENTIK_REDIS__HOST: redis
+      AUTHENTIK_POSTGRESQL__HOST: postgresql
+      AUTHENTIK_POSTGRESQL__USER: ${PG_USER:-authentik}
+      AUTHENTIK_POSTGRESQL__NAME: ${PG_DB:-authentik}
+      AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
+    # `user: root` and the docker socket volume are optional.
+    # See more for the docker socket integration here:
+    # https://goauthentik.io/docs/outposts/integrations/docker
+    # Removing `user: root` also prevents the worker from fixing the permissions
+    # on the mounted folders, so when removing this make sure the folders have the correct UID/GID
+    # (1000:1000 by default)
+    user: root
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ./media:/media
+      - ./certs:/certs
+      - ./custom-templates:/templates
+    env_file:
+      - .env
+    depends_on:
+      - postgresql
+      - redis
+
+volumes:
+  database:
+    driver: local
+  redis:
+    driver: local

docker-lab-Defgard/docker-lab/codeserverDocker/docker-compose.yml

@@ -0,0 +1,20 @@
+---
+services:
+  code-server:
+    image: lscr.io/linuxserver/code-server:latest
+    container_name: code-server
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=Etc/UTC
+      - PASSWORD= #optional
+      - HASHED_PASSWORD= #optional
+      - SUDO_PASSWORD=password #optional
+      - SUDO_PASSWORD_HASH= #optional
+      - PROXY_DOMAIN=code-server.my.domain
+      - DEFAULT_WORKSPACE=/config/workspace #optional
+    volumes:
+      - ./config:/config
+    ports:
+      - 8590:8443
+    restart: unless-stopped

docker-lab-Defgard/docker-lab/dashyDocker/dashyDockerCommand.txt

@@ -0,0 +1,9 @@
+# Just copy and run this command!
+
+docker run -d \
+  -p 4000:8080 \
+  --volume /home/zak/dashyDocker/public/conf.yml:/app/public/conf.yml \
+  --volume /home/zak/dashyDocker/icons:/app/public/item-icons/icons \
+  --name dashy \
+  --restart=unless-stopped \
+  lissy93/dashy:latest

docker-lab-Defgard/docker-lab/defGuardDocker/LICENSE

@@ -0,0 +1,13 @@
+Copyright 2023 teonite ventures sp. z o.o. (teonite)
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

docker-lab-Defgard/docker-lab/defGuardDocker/README.md

@@ -0,0 +1,16 @@
+ <p align="center">
+    <img src="docs/header.png" alt="defguard">
+ </p>
+
+# Defguard deployment
+
+Check our [documentation](https://defguard.gitbook.io/defguard/features/setting-up-your-instance) for deployment
+instructions.
+
+## Community and Support
+
+Find us on Matrix: [#defguard:teonite.com](https://matrix.to/#/#defguard:teonite.com)
+
+## Contribution
+
+Please review the [Contributing guide](https://defguard.gitbook.io/defguard/for-developers/contributing) for information on how to get started contributing to the project. You might also find our [environment setup guide](https://defguard.gitbook.io/defguard/for-developers/dev-env-setup) handy.

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard-proxy/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard-proxy/Chart.yaml

@@ -0,0 +1,7 @@
+apiVersion: v2
+name: defguard-proxy
+description: Defguard proxy is a public-facing proxy for core defguard service
+
+type: application
+version: 0.3.5
+appVersion: 0.5.0

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard-proxy/templates/NOTES.txt

@@ -0,0 +1,20 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "defguard-proxy.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "defguard-proxy.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "defguard-proxy.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "defguard-proxy.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard-proxy/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "defguard-proxy.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "defguard-proxy.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "defguard-proxy.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "defguard-proxy.labels" -}}
+helm.sh/chart: {{ include "defguard-proxy.chart" . }}
+{{ include "defguard-proxy.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "defguard-proxy.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "defguard-proxy.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "defguard-proxy.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "defguard-proxy.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard-proxy/templates/config.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "defguard-proxy.fullname" . }}-config
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+data:
+  DEFGUARD_PROXY_HTTP_PORT: {{ .Values.service.ports.http | quote }}
+  DEFGUARD_PROXY_GRPC_PORT: {{ .Values.service.ports.grpc | quote }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard-proxy/templates/deployment.yaml

@@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "defguard-proxy.fullname" . }}
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "defguard-proxy.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "defguard-proxy.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "defguard-proxy.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          envFrom:
+            - configMapRef:
+                name: {{ include "defguard-proxy.fullname" . }}-config
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.ports.http }}
+              protocol: TCP
+            - name: grpc
+              containerPort: {{ .Values.service.ports.grpc }}
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard-proxy/templates/grpc-service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    traefik.ingress.kubernetes.io/service.serversscheme: h2c
+  name: {{ include "defguard-proxy.fullname" . }}-grpc
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.ports.grpc }}
+      targetPort: grpc
+      protocol: TCP
+      name: grpc
+  selector:
+    {{- include "defguard-proxy.selectorLabels" . | nindent 4 }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard-proxy/templates/ingress-grpc.yaml

@@ -0,0 +1,52 @@
+{{- if .Values.ingress.grpc.enabled -}}
+{{- $fullName := include "defguard-proxy.fullname" . -}}
+{{- if and .Values.ingress.grpc.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.grpc.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.grpc.annotations "kubernetes.io/ingress.class" .Values.ingress.grpc.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-grpc
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+  {{- with .Values.ingress.grpc.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.grpc.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.grpc.className }}
+  {{- end }}
+  {{- if .Values.ingress.grpc.tls }}
+  tls:
+    - hosts:
+      - {{ .Values.ingress.grpc.host | quote }}
+      secretName: {{ printf "%s-grpc-tls" .Values.ingress.grpc.host }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.grpc.host | quote }}
+      http:
+        paths:
+          - path: /
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: ImplementationSpecific
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-grpc
+                port:
+                  number: {{ .Values.service.ports.grpc }}
+              {{- else }}
+              serviceName: {{ $fullName }}-grpc
+              servicePort: {{ .Values.service.ports.grpc }}
+              {{- end }}
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard-proxy/templates/ingress-web.yaml

@@ -0,0 +1,52 @@
+{{- if .Values.ingress.web.enabled -}}
+{{- $fullName := include "defguard-proxy.fullname" . -}}
+{{- if and .Values.ingress.web.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.web.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.web.annotations "kubernetes.io/ingress.class" .Values.ingress.web.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-web
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+  {{- with .Values.ingress.web.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.web.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.web.className }}
+  {{- end }}
+  {{- if .Values.ingress.web.tls }}
+  tls:
+    - hosts:
+      - {{ .Values.ingress.web.host | quote }}
+      secretName: {{ printf "%s-web-tls" .Values.ingress.web.host }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.web.host | quote }}
+      http:
+        paths:
+          - path: /
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: ImplementationSpecific
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-web
+                port:
+                  number: {{ .Values.service.ports.http }}
+              {{- else }}
+              serviceName: {{ $fullName }}-web
+              servicePort: {{ .Values.service.ports.http }}
+              {{- end }}
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard-proxy/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "defguard-proxy.fullname" . }}-web
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.ports.http }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "defguard-proxy.selectorLabels" . | nindent 4 }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard-proxy/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "defguard-proxy.serviceAccountName" . }}
+  labels:
+    {{- include "defguard-proxy.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard-proxy/values.yaml

@@ -0,0 +1,42 @@
+affinity: {}
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 10
+fullnameOverride: ""
+image:
+  pullPolicy: IfNotPresent
+  repository: ghcr.io/defguard/defguard-proxy
+  tag: ""
+imagePullSecrets: []
+ingress:
+  grpc:
+    annotations: {}
+    className: ""
+    enabled: true
+    host: enrollment-grpc.local
+    tls: false
+  web:
+    annotations: {}
+    className: ""
+    enabled: true
+    host: enrollment.local
+    tls: false
+nameOverride: ""
+nodeSelector: {}
+podAnnotations: {}
+podLabels: {}
+podSecurityContext: {}
+publicUrl: "http://enrollment.local"
+replicaCount: 1
+resources: {}
+securityContext: {}
+service:
+  ports:
+    http: 8080
+    grpc: 50051
+  type: ClusterIP
+serviceAccount:
+  annotations: {}
+  create: true
+tolerations: []

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 12.12.10
+- name: defguard-proxy
+  repository: https://defguard.github.io/deployment
+  version: 0.3.5
+digest: sha256:de930b480616cfa369caf7b1447c5b3e729fce3e17994717ab0f64aa02c027e7
+generated: "2024-07-26T09:00:54.309522115+02:00"

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/Chart.yaml

@@ -0,0 +1,17 @@
+apiVersion: v2
+name: defguard
+description: Defguard is an open-source enterprise wireGuard VPN with MFA and SSO 
+
+type: application
+version: 0.7.6
+appVersion: 0.11.0
+
+dependencies:
+  - name: postgresql
+    condition: postgresql.enabled
+    version: 12.12.10
+    repository: https://charts.bitnami.com/bitnami
+  - name: defguard-proxy
+    condition: defguard-proxy.enabled
+    version: 0.3.5
+    repository: https://defguard.github.io/deployment

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/templates/NOTES.txt

@@ -0,0 +1,20 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "defguard.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "defguard.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "defguard.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "defguard.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/templates/_helpers.tpl

@@ -0,0 +1,78 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "defguard.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "defguard.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "defguard.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "defguard.labels" -}}
+helm.sh/chart: {{ include "defguard.chart" . }}
+{{ include "defguard.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "defguard.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "defguard.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "defguard.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "defguard.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Define OpenID secret name
+*/}}
+{{- define "defguard.openidSecretName" -}}
+{{- $name := "openid-key" }}
+{{- $name }}
+{{- end }}
+
+{{/*
+Define JWT secret name
+*/}}
+{{- define "defguard.jwtSecretName" -}}
+{{- $name := "jwt-secrets" }}
+{{- $name }}
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/templates/defguard-config.yaml

@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "defguard.fullname" . }}-config
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+data:
+  {{- if .Values.cookie.domain }}
+  DEFGUARD_COOKIE_DOMAIN: {{ .Values.cookie.domain }}
+  {{- end }}
+  DEFGUARD_COOKIE_INSECURE: {{ .Values.cookie.insecure | quote }}
+  DEFGUARD_DB_HOST: {{ .Values.postgresql.host | default (printf "%s-postgresql" (include "defguard.fullname" .)) }}
+  DEFGUARD_DB_PORT: {{ .Values.postgresql.port | quote}}
+  DEFGUARD_DB_NAME: {{ .Values.postgresql.auth.database }}
+  DEFGUARD_DB_USER: {{ .Values.postgresql.auth.username }}
+  DEFGUARD_GRPC_PORT: {{ .Values.service.ports.grpc | quote }}
+  DEFGUARD_ENROLLMENT_URL: {{ index .Values "defguard-proxy" "publicUrl" }}
+  {{- if .Values.proxyUrl }}
+  DEFGUARD_PROXY_URL: {{ .Values.proxyUrl }}
+  {{- end }}
+  DEFGUARD_URL: {{ .Values.publicUrl }}
+  DEFGUARD_WEBAUTHN_RP_ID: {{ .Values.ingress.web.host }}
+  {{- if .Values.ldap.enabled }}
+  DEFGUARD_LDAP_ADMIN_GROUP: {{ .Values.ldap.admin_group | quote }}
+  DEFGUARD_LDAP_BIND_PASSWORD: {{ .Values.ldap.bind_password | quote }}
+  DEFGUARD_LDAP_BIND_USERNAME: {{ .Values.ldap.bind_username | quote }}
+  DEFGUARD_LDAP_GROUP_SEARCH_BASE: {{ .Values.ldap.group_search_base | quote }}
+  DEFGUARD_LDAP_USER_SEARCH_BASE: {{ .Values.ldap.user_search_base | quote }}
+  DEFGUARD_LDAP_URL: {{ .Values.ldap.url | quote }}
+  {{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/templates/defguard-deployment.yaml

@@ -0,0 +1,105 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "defguard.fullname" . }}
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "defguard.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "defguard.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "defguard.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          env:
+            - name: DEFGUARD_DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.postgresql.auth.existingSecret }}
+                  key: {{ .Values.postgresql.auth.existingSecretPasswordKey | default "password" }}
+            - name: DEFGUARD_AUTH_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.existingJwtSecret | default (include "defguard.jwtSecretName" .) }}
+                  key: auth
+            - name: DEFGUARD_GATEWAY_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.existingJwtSecret | default (include "defguard.jwtSecretName" .) }}
+                  key: gateway
+            - name: DEFGUARD_YUBIBRIDGE_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.existingJwtSecret | default (include "defguard.jwtSecretName" .) }}
+                  key: yubi-bridge
+            - name: DEFGUARD_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.existingJwtSecret | default (include "defguard.jwtSecretName" .) }}
+                  key: secret-key
+            - name: DEFGUARD_OPENID_KEY
+              value: "/etc/defguard-openid-key.pem"
+          envFrom:
+            - configMapRef:
+                name: {{ include "defguard.fullname" . }}-config
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+            - name: grpc
+              containerPort: 50055
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /api/v1/health
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: openid-key
+              mountPath: "/etc/defguard-openid-key.pem"
+              readOnly: true
+              subPath: openid-key
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: openid-key
+          secret:
+            secretName: {{ .Values.existingOpenIdSecret | default (include "defguard.openidSecretName" .) }}
+            optional: false

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/templates/defguard-secret.yaml

@@ -0,0 +1,25 @@
+{{ if not .Values.existingJwtSecret }}
+{{- $auth := (randAlpha 16) | b64enc | quote }}
+{{- $gateway := (randAlpha 16) | b64enc | quote }}
+{{- $yubiBridge := (randAlpha 16) | b64enc | quote }}
+{{- $secretKey := (randAlpha 64) | b64enc | quote }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "defguard.jwtSecretName" .)) }}
+{{- if $secret }}
+{{- $auth = index $secret.data "auth" }}
+{{- $gateway = index $secret.data "gateway" }}
+{{- $yubiBridge = index $secret.data "yubi-bridge" }}
+{{- $secretKey = index $secret.data "secret-key" }}
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "defguard.jwtSecretName" . }}
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+type: Opaque
+data:
+  auth: {{ $auth }}
+  gateway: {{ $gateway }}
+  yubi-bridge: {{ $yubiBridge }}
+  secret-key: {{ $secretKey }}
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/templates/defguard-service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "defguard.fullname" . }}-web
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.ports.http }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "defguard.selectorLabels" . | nindent 4 }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/templates/grpc-service.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    traefik.ingress.kubernetes.io/service.serversscheme: h2c
+  name: {{ include "defguard.fullname" . }}-grpc
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.ports.grpc }}
+      targetPort: grpc
+      protocol: TCP
+      name: grpc
+  selector:
+    {{- include "defguard.selectorLabels" . | nindent 4 }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/templates/ingress-grpc.yaml

@@ -0,0 +1,52 @@
+{{- if .Values.ingress.grpc.enabled -}}
+{{- $fullName := include "defguard.fullname" . -}}
+{{- if and .Values.ingress.grpc.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.grpc.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.grpc.annotations "kubernetes.io/ingress.class" .Values.ingress.grpc.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-grpc
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+  {{- with .Values.ingress.grpc.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.grpc.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.grpc.className }}
+  {{- end }}
+  {{- if .Values.ingress.grpc.tls }}
+  tls:
+    - hosts:
+      - {{ .Values.ingress.grpc.host | quote }}
+      secretName: {{ printf "%s-grpc-tls" .Values.ingress.grpc.host }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.grpc.host | quote }}
+      http:
+        paths:
+          - path: /
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: ImplementationSpecific
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-grpc
+                port:
+                  number: {{ .Values.service.ports.grpc }}
+              {{- else }}
+              serviceName: {{ $fullName }}-grpc
+              servicePort: {{ .Values.service.ports.grpc }}
+              {{- end }}
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/templates/ingress-web.yaml

@@ -0,0 +1,52 @@
+{{- if .Values.ingress.web.enabled -}}
+{{- $fullName := include "defguard.fullname" . -}}
+{{- if and .Values.ingress.web.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.web.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.web.annotations "kubernetes.io/ingress.class" .Values.ingress.web.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-web
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+  {{- with .Values.ingress.web.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.web.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.web.className }}
+  {{- end }}
+  {{- if .Values.ingress.web.tls }}
+  tls:
+    - hosts:
+      - {{ .Values.ingress.web.host | quote }}
+      secretName: {{ printf "%s-web-tls" .Values.ingress.web.host }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.ingress.web.host | quote }}
+      http:
+        paths:
+          - path: /
+            {{- if semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion }}
+            pathType: ImplementationSpecific
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-web
+                port:
+                  number: {{ .Values.service.ports.http }}
+              {{- else }}
+              serviceName: {{ $fullName }}-web
+              servicePort: {{ .Values.service.ports.http }}
+              {{- end }}
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/templates/openid-secret.yaml

@@ -0,0 +1,16 @@
+{{ if not .Values.existingOpenIdSecret }}
+{{- $openIdKey := (genPrivateKey "rsa") | b64enc | quote }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace (include "defguard.openidSecretName" .)) }}
+{{- if $secret }}
+{{- $openIdKey = index $secret.data "openid-key" }}
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "defguard.openidSecretName" . }}
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+type: Opaque
+data:
+  openid-key: {{ $openIdKey }}
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/templates/postgresql-secret.yaml

@@ -0,0 +1,19 @@
+{{ if .Values.postgresql.enabled }}
+{{- $password := (randAlpha 16) | b64enc | quote }}
+{{- $postgresPassword := (randAlpha 16) | b64enc | quote }}
+{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.postgresql.auth.existingSecret) }}
+{{- if $secret }}
+{{- $password = index $secret.data "password" }}
+{{- $postgresPassword = index $secret.data "postgres-password" }}
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Values.postgresql.auth.existingSecret }}
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+type: Opaque
+data:
+  password: {{ $password }}
+  postgres-password: {{ $postgresPassword }}
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "defguard.serviceAccountName" . }}
+  labels:
+    {{- include "defguard.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

docker-lab-Defgard/docker-lab/defGuardDocker/charts/defguard/values.yaml

@@ -0,0 +1,75 @@
+affinity: {}
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 10
+cookie:
+  domain: ""
+  insecure: false
+fullnameOverride: ""
+image:
+  pullPolicy: IfNotPresent
+  repository: ghcr.io/defguard/defguard
+  tag: ""
+imagePullSecrets: []
+ingress:
+  grpc:
+    annotations: {}
+    className: ""
+    enabled: true
+    host: defguard-grpc.local
+    tls: false
+  web:
+    annotations: {}
+    className: ""
+    enabled: true
+    host: defguard.local
+    tls: false
+existingJwtSecret: ""
+ldap:
+  admin_group: ""
+  bind_password: ""
+  bind_username: ""
+  enabled: false
+  group_search_base: ""
+  url: ""
+  user_search_base: ""
+nameOverride: ""
+nodeSelector: {}
+existingOpenIdSecret: ""
+podAnnotations: {}
+podLabels: {}
+podSecurityContext: {}
+# sub-chart bitnami/postgresql
+postgresql:
+  enabled: true
+  host: "" # set if using external postgresql ~ enabled: false
+  port: 5432
+  auth:
+    database: defguard
+    existingSecret: postgres-password
+    existingSecretPasswordKey: "" # set if using external postgresql ~ enabled: false
+    username: defguard
+proxyUrl: ""
+publicUrl: "http://defguard.local"
+replicaCount: 1
+resources: {}
+securityContext: {}
+service:
+  ports:
+    grpc: 50055
+    http: 80
+  type: ClusterIP
+serviceAccount:
+  annotations: {}
+  create: true
+tolerations: []
+# sub-chart defguard-proxy
+defguard-proxy:
+  enabled: false
+  publicUrl: "http://enrollment.local"
+  ingress:
+    grpc:
+      host: defguard-proxy-grpc.local
+    web:
+      host: enrollment.local

docker-lab-Defgard/docker-lab/defGuardDocker/deployment/docker-compose/.volumes/db/PG_VERSION

@@ -0,0 +1 @@
+15