diff --git a/charts/ziti-router/Chart.yaml b/charts/ziti-router/Chart.yaml index 4a45bc2eb..82cb1976c 100644 --- a/charts/ziti-router/Chart.yaml +++ b/charts/ziti-router/Chart.yaml @@ -3,4 +3,4 @@ appVersion: 1.1.3 description: Host an OpenZiti router in Kubernetes name: ziti-router type: application -version: 1.0.2 +version: 1.0.3 diff --git a/charts/ziti-router/README.md b/charts/ziti-router/README.md index f5c7b32cc..5fb24e454 100644 --- a/charts/ziti-router/README.md +++ b/charts/ziti-router/README.md @@ -1,7 +1,7 @@ # ziti-router -![Version: 1.0.2](https://img.shields.io/badge/Version-1.0.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.3](https://img.shields.io/badge/AppVersion-1.1.3-informational?style=flat-square) +![Version: 1.0.3](https://img.shields.io/badge/Version-1.0.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.3](https://img.shields.io/badge/AppVersion-1.1.3-informational?style=flat-square) Host an OpenZiti router in Kubernetes @@ -231,6 +231,8 @@ tunnel: | securityContext | string | `nil` | deployment container security context | | tolerations | list | `[]` | deployment template spec tolerations | | tunnel.diverterPath | string | `nil` | the tproxy mode can be switched from iptables based interception to bpf interception by passing the user space bpf program path. bpf kernel space program is expected to be loaded prior or during router deployment, e.g. bpfman agent, hostpath, etc | +| tunnel.dnsSvcIpRange | string | `nil` | ip subnet that is used for the internal service name resolution | +| tunnel.lanIf | string | `"lo"` | interface device name for setting up ingress firewall rules if fw enabled. It must be set but not needed in containers. Thus, it is set to lo by default | | tunnel.mode | string | `"none"` | run mode for the router's built-in tunnel component: host, tproxy, proxy, or none | | tunnel.proxyAdditionalK8sServices | list | `[]` | additional Kubernetes services created additionally to the "default" proxy listener service, only if mode is "proxy" | | tunnel.proxyDefaultK8sService | object | `{"enabled":true,"type":"ClusterIP"}` | default Kubernetes service object listening to proxy ports defined in "proxyServices", only if tunnel mode is "proxy" | diff --git a/charts/ziti-router/templates/configmap.yaml b/charts/ziti-router/templates/configmap.yaml index 8c6329b05..de5777b24 100644 --- a/charts/ziti-router/templates/configmap.yaml +++ b/charts/ziti-router/templates/configmap.yaml @@ -66,6 +66,9 @@ data: {{- end }} {{- if eq .Values.tunnel.mode "tproxy" }} resolver: {{ .Values.tunnel.resolver }} + {{- if .Values.tunnel.dnsSvcIpRange }} + dnsSvcIpRange: {{ .Values.tunnel.dnsSvcIpRange }} + {{- end }} lanIf: {{ .Values.tunnel.lanIf }} {{- else if eq .Values.tunnel.mode "proxy" }} services: diff --git a/charts/ziti-router/values.yaml b/charts/ziti-router/values.yaml index 8d8558aba..2d029e387 100644 --- a/charts/ziti-router/values.yaml +++ b/charts/ziti-router/values.yaml @@ -93,7 +93,11 @@ tunnel: mode: none # -- built-in nameserver configuration, e.g. udp://127.1.2.3:53 resolver: none - # lanIf: eth0 # interface device name for tproxy? + # -- ip subnet that is used for the internal service name resolution + dnsSvcIpRange: + # -- interface device name for setting up ingress firewall rules if fw enabled. + # It must be set but not needed in containers. Thus, it is set to lo by default + lanIf: lo # -- the tproxy mode can be switched from iptables based interception to bpf interception by passing # the user space bpf program path. bpf kernel space program is expected to be loaded prior or during # router deployment, e.g. bpfman agent, hostpath, etc