Update catalog information

catalog.json

@@ -42,7 +42,7 @@
             "latest_version": "1.0.88",
             "latest_app_version": "2023.5.2",
             "latest_human_version": "2023.5.2_1.0.88",
-            "last_update": "2023-05-04 11:22:55",
+            "last_update": "2023-05-07 15:37:00",
             "name": "home-assistant",
             "recommended": false,
             "title": "Home Assistant",
@@ -753,6 +753,34 @@
             "tags": [],
             "icon_url": "https://avatars.githubusercontent.com/u/48932923"
         },
+        "zerotier": {
+            "app_readme": "<h1>Zerotier</h1>\n<p><a href=\"https://www.zerotier.com\">Zerotier</a> Securely connect any device, anywhere.</p>",
+            "categories": [
+                "vpn",
+                "zerotier"
+            ],
+            "description": "Securely connect any device, anywhere.",
+            "healthy": true,
+            "healthy_error": null,
+            "home": "https://www.zerotier.com",
+            "location": "/__w/charts/charts/community/zerotier",
+            "latest_version": "1.0.0",
+            "latest_app_version": "1.10.6",
+            "latest_human_version": "1.10.6_1.0.0",
+            "last_update": null,
+            "name": "zerotier",
+            "recommended": false,
+            "title": "Zerotier",
+            "maintainers": [
+                {
+                    "name": "truenas",
+                    "url": "https://www.truenas.com/",
+                    "email": "dev@ixsystems.com"
+                }
+            ],
+            "tags": [],
+            "icon_url": "https://avatars.githubusercontent.com/u/4173285"
+        },
         "jellyfin": {
             "app_readme": "<h1>Jellyfin</h1>\n<p><a href=\"https://jellyfin.org/\">Jellyfin</a> is a Free Software Media System that puts you in control of managing and streaming your media.</p>\n<blockquote>\n<p>When application is installed, a container will be launched with <strong>root</strong> privileges.\nThis is required in order to apply the correct permissions to the <code>Jellyfin</code> directories.\nAfterward, the <code>Jellyfin</code> container will run as a <strong>non</strong>-root user (Default: <code>568</code>).\nAll mounted storage(s) will be <code>chown</code>ed only if the parent directory does not match the configured user.</p>\n</blockquote>",
             "categories": [

community/zerotier/1.0.0/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../../../common
+  version: 1.0.6
+digest: sha256:2f1f31c15fb7f92db141a66adbb8d23a8598727730050a3883a211763a4e5472
+generated: "2023-04-27T15:56:00.724376021Z"

community/zerotier/1.0.0/Chart.yaml

@@ -0,0 +1,26 @@
+name: zerotier
+description: Securely connect any device, anywhere.
+annotations:
+  title: Zerotier
+type: application
+version: 1.0.0
+apiVersion: v2
+appVersion: '1.10.6'
+kubeVersion: '>=1.16.0-0'
+maintainers:
+  - name: truenas
+    url: https://www.truenas.com/
+    email: dev@ixsystems.com
+dependencies:
+  - name: common
+    repository: file://../../../common
+    version: 1.0.6
+home: https://www.zerotier.com
+icon: https://avatars.githubusercontent.com/u/4173285
+sources:
+  - https://www.zerotier.com
+  - https://github.com/truenas/charts/tree/master/community/zerotier
+  - https://hub.docker.com/r/zerotier/zerotier
+keywords:
+  - vpn
+  - zerotier

community/zerotier/1.0.0/README.md

@@ -0,0 +1,3 @@
+# Zerotier
+
+[Zerotier](https://www.zerotier.com) Securely connect any device, anywhere.

community/zerotier/1.0.0/app-readme.md

@@ -0,0 +1,3 @@
+# Zerotier
+
+[Zerotier](https://www.zerotier.com) Securely connect any device, anywhere.

community/zerotier/1.0.0/ci/basic-values.yaml

@@ -0,0 +1,9 @@
+# FIXME: Find a way to have test keys for CI testing
+# We need an authToken(aka API key) network(s) and identityPublic/identitySecret
+zerotierConfig:
+  authToken: some auth token
+  identitySecret: some identity secret
+  identityPublic: some identity public
+  networks:
+    - some net id
+    - some other net id

community/zerotier/1.0.0/ix_values.yaml

@@ -0,0 +1,19 @@
+image:
+  repository: zerotier/zerotier
+  pullPolicy: IfNotPresent
+  tag: '1.10.6'
+
+resources:
+  limits:
+    cpu: 4000m
+    memory: 8Gi
+
+zerotierConfig:
+  authToken: ''
+  identityPublic: ''
+  identitySecret: ''
+  networks: []
+  additionalEnvs: []
+
+zerotierNetwork:
+  hostNetwork: false

community/zerotier/1.0.0/metadata.yaml

@@ -0,0 +1,32 @@
+runAsContext:
+  - userName: root
+    groupName: root
+    gid: 0
+    uid: 0
+    description: Zerotier requires root privileges to start the Zerotier process
+capabilities:
+  - name: NET_ADMIN
+    description: Zerotier requires NET_ADMIN to configure the VPN interface, modify routes, etc.
+  - name: NET_RAW
+    description: Zerotier requires NET_RAW to use raw sockets and proxying
+  - name: AUDIT_WRITE
+    description: Zerotier is able to write to audit log.
+  - name: CHOWN
+    description: Zerotier is able to chown files.
+  - name: DAC_OVERRIDE
+    description: Zerotier is able to bypass permission checks.
+  - name: FOWNER
+    description: Zerotier is able bypass permission checks for it's sub-processes.
+  - name: NET_BIND_SERVICE
+    description: Zerotier is able to bind to privileged ports.
+  - name: SETGID
+    description: Zerotier is able to set group ID for it's sub-processes.
+  - name: SETUID
+    description: Zerotier is able to set user ID for it's sub-processes.
+  - name: SETPCAP
+    description: Zerotier is able to set process capabilities.
+  - name: SYS_ADMIN
+    description: Zerotier is able to perform various system administration operations.
+hostMounts:
+  - hostPath: /dev/tun
+    description: Required to access the TUN device

community/zerotier/1.0.0/questions.yaml

@@ -0,0 +1,120 @@
+groups:
+  - name: Zerotier Configuration
+    description: Configure Zerotier
+  - name: Network Configuration
+    description: Configure Network for Zerotier
+  - name: Resources Configuration
+    description: Configure Resources for Zerotier
+
+questions:
+  - variable: zerotierConfig
+    label: ""
+    group: Zerotier Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: networks
+          label: Networks
+          description: The network(s) to join
+          schema:
+            type: list
+            empty: false
+            required: true
+            min: 1
+            default: []
+            items:
+              - variable: networkEntry
+                label: Network
+                schema:
+                  type: string
+                  required: true
+        - variable: authToken
+          label: Auth Token (API Key)
+          description: |
+            (Optional) The auth token for Zerotier.</br>
+            Same as authtoken.secret.
+          schema:
+            type: string
+            default: ""
+            private: true
+        - variable: identitySecret
+          label: Identity Secret
+          description: |
+            (Optional) The identity secret for Zerotier.</br>
+            Same as identity.secret.
+          schema:
+            type: string
+            default: ""
+            private: true
+        - variable: identityPublic
+          label: Identity Public
+          description: |
+            (Optional) The identity public for Zerotier.</br>
+            Same as identity.public.
+          schema:
+            type: string
+            default: ""
+            private: true
+
+        - variable: additionalEnvs
+          label: Additional Environment Variables
+          description: Configure additional environment variables for Zerotier.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: env
+                label: Environment Variable
+                schema:
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                    - variable: value
+                      label: Value
+                      schema:
+                        type: string
+                        required: true
+
+  - variable: zerotierNetwork
+    label: ""
+    group: Network Configuration
+    schema:
+      type: dict
+      attrs:
+        - variable: hostNetwork
+          label: Host Network
+          description: |
+            Bind to the host network. It's recommended to keep this disabled.</br>
+          schema:
+            type: boolean
+            default: false
+
+  - variable: resources
+    group: Resources Configuration
+    label: ""
+    schema:
+      type: dict
+      attrs:
+        - variable: limits
+          label: Limits
+          schema:
+            type: dict
+            attrs:
+              - variable: cpu
+                label: CPU
+                description: CPU limit for Zerotier.
+                schema:
+                  type: string
+                  default: "4000m"
+                  required: true
+              - variable: memory
+                label: Memory
+                description: Memory limit for Zerotier.
+                schema:
+                  type: string
+                  default: "8Gi"
+                  required: true

community/zerotier/1.0.0/templates/NOTES.txt

@@ -0,0 +1 @@
+{{ include "ix.v1.common.lib.chart.notes" $ }}

community/zerotier/1.0.0/templates/_zerotier.tpl

@@ -0,0 +1,89 @@
+{{- define "zerotier.workload" -}}
+workload:
+  zerotier:
+    enabled: true
+    primary: true
+    type: Deployment
+    podSpec:
+      hostNetwork: {{ .Values.zerotierNetwork.hostNetwork }}
+      sysctls:
+        - name: net.ipv4.ip_forward
+          value: "1"
+        - name: net.ipv6.conf.all.forwarding
+          value: "1"
+      containers:
+        zerotier:
+          enabled: true
+          primary: true
+          imageSelector: image
+          args:
+          {{ if not .Values.zerotierConfig.networks }}
+            {{ fail "Zerotier - At least one network must be specified" }}
+          {{ end }}
+          {{ range .Values.zerotierConfig.networks }}
+          - {{ . }}
+          {{ end }}
+          securityContext:
+            runAsUser: 0
+            runAsGroup: 0
+            runAsNonRoot: false
+            readOnlyRootFilesystem: false
+            capabilities:
+              add:
+                {{/* Most of those capabilities are normally added by default in conainers
+                But by default, in common, we drop all of them. So here we add some of them
+                as they are needed, because zerotier starts as root but drops privs for some
+                of the processes running by the zerotier binary */}}
+                - AUDIT_WRITE
+                - CHOWN
+                - DAC_OVERRIDE
+                - FOWNER
+                - NET_ADMIN
+                - NET_BIND_SERVICE
+                - NET_RAW
+                - SETGID
+                - SETPCAP
+                - SETUID
+                - SYS_ADMIN
+          env:
+            {{ with .Values.zerotierConfig.authToken }}
+            ZEROTIER_API_SECRET: {{ . }}
+            {{ end }}
+            {{ with .Values.zerotierConfig.identityPublic }}
+            ZEROTIER_IDENTITY_PUBLIC: {{ . }}
+            {{ end }}
+            {{ with .Values.zerotierConfig.identitySecret }}
+            ZEROTIER_IDENTITY_SECRET: {{ . }}
+            {{ end }}
+          {{ with .Values.zerotierConfig.additionalEnvs }}
+          envList:
+            {{ range $env := . }}
+            - name: {{ $env.name }}
+              value: {{ $env.value }}
+            {{ end }}
+          {{ end }}
+          probes:
+            liveness:
+              enabled: true
+              type: exec
+              command: /healthcheck.sh
+            readiness:
+              enabled: true
+              type: exec
+              command: /healthcheck.sh
+            startup:
+              enabled: true
+              type: exec
+              command: /healthcheck.sh
+
+{{/* Persistence */}}
+persistence:
+  tun-dev:
+    enabled: true
+    type: device
+    hostPath: /dev/net/tun
+    targetSelector:
+      zerotier:
+        zerotier:
+          mountPath: /dev/net/tun
+{{- end -}}

community/zerotier/1.0.0/templates/common.yaml

@@ -0,0 +1,6 @@
+{{- include "ix.v1.common.loader.init" . -}}
+
+{{/* Merge the templates with Values */}}
+{{- $_ := mustMergeOverwrite .Values (include "zerotier.workload" $ | fromYaml) -}}
+
+{{- include "ix.v1.common.loader.apply" . -}}

community/zerotier/item.yaml

@@ -0,0 +1,4 @@
+icon_url: https://avatars.githubusercontent.com/u/4173285
+categories:
+  - vpn
+  - zerotier