squash

Author: nvanthao

applications/wg-easy/charts/cert-manager-issuers/templates/secret-preflights.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cert-manager-preflights
+  labels:
+    troubleshoot.sh/kind: preflight
+type: Opaque
+stringData:
+  preflight.yaml: |
+    apiVersion: troubleshoot.sh/v1beta2
+    kind: Preflight
+    metadata:
+      name: cert-manager-preflights
+    spec:
+      analyzers:
+        # https://github.com/cert-manager/cert-manager/blob/master/deploy/charts/cert-manager/README.template.md#prerequisites
+        - clusterVersion:
+            outcomes:
+              - fail:
+                  when: "< 1.22.0"
+                  message: The application requires at least Kubernetes 1.22.0, and recommends 1.25.0.
+                  uri: https://kubernetes.io
+              - warn:
+                  when: "< 1.25.0"
+                  message: Your cluster meets the minimum version of Kubernetes, but we recommend you update to 1.25.0 or later.
+                  uri: https://kubernetes.io
+              - pass:
+                  message: Your cluster meets the recommended and required versions of Kubernetes.

applications/wg-easy/container/Containerfile

@@ -63,7 +63,19 @@ RUN curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | b
     | cut -d : -f 2,3 \
     | tr -d \") -o replicated.tar.gz \
     && tar xf replicated.tar.gz replicated && rm replicated.tar.gz \
-    && mv replicated /usr/local/bin/replicated
+    && mv replicated /usr/local/bin/replicated \
+    
+    # Install Preflight CLI
+    && curl -Ls https://github.com/replicatedhq/troubleshoot/releases/latest/download/preflight_linux_amd64.tar.gz -o preflight.tar.gz \
+    && tar xf preflight.tar.gz preflight && rm preflight.tar.gz \
+    && mv preflight /usr/local/bin/preflight \
+
+    # Install yq
+    && BINARY=yq_linux_amd64 \
+    && VERSION=v4.45.1 \
+    && curl -Ls https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY}.tar.gz -O \
+    && tar xf ${BINARY}.tar.gz && rm ${BINARY}.tar.gz \
+    && mv ${BINARY} /usr/local/bin/yq
 
 # Create a non-root user for better security
 RUN groupadd -r devuser && useradd -r -g devuser -m -s /bin/bash devuser

applications/wg-easy/wg-easy/templates/secret-preflights.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wg-easy-preflights
+  labels:
+    troubleshoot.sh/kind: preflight
+type: Opaque
+stringData:
+  preflight.yaml: |
+    apiVersion: troubleshoot.sh/v1beta2
+    kind: Preflight
+    metadata:
+      name: wg-easy-preflights
+    spec:
+      collectors:
+        - sysctl:
+            image: debian:buster-slim
+      analyzers:
+        - sysctl:
+            checkName: IP forwarding enabled
+            outcomes:
+              - fail:
+                  when: 'net.ipv4.ip_forward == 0'
+                  message: "IP forwarding must be enabled. To enable it, edit /etc/sysctl.conf, add or uncomment the line 'net.ipv4.ip_forward=1', and run 'sudo sysctl -p'."
+              - pass:
+                  when: 'net.ipv4.ip_forward == 1'
+                  message: "IP forwarding is enabled."