pieced/pieced-threema-gateway-public
Public Access
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: pieced:v0.1.4
Branches Tags
pieced:main
pieced:v0.1.8 pieced:v0.1.7 pieced:v0.1.6 pieced:v0.1.5 pieced:v0.1.4 pieced:v0.1.3 pieced:v0.1.2 pieced:v0.1.1
..
compare: pieced:v0.1.6
Branches Tags
pieced:main
pieced:v0.1.8 pieced:v0.1.7 pieced:v0.1.6 pieced:v0.1.5 pieced:v0.1.4 pieced:v0.1.3 pieced:v0.1.2 pieced:v0.1.1

2 Commits
v0.1.4 ... v0.1.6

Author SHA1 Message Date
pieced-ci
819e90c16c Sync chart from pieced-threema-gateway 0.1.6 2026-05-17 08:35:58 +00:00
pieced-ci
b5abc5958f Sync chart from pieced-threema-gateway 0.1.5 2026-05-17 08:19:18 +00:00
3 changed files with 22 additions and 5 deletions
Expand all files Collapse all files

4
deploy/helm/pieced-threema-gateway/Chart.yaml
View File

@@ -2,5 +2,5 @@ apiVersion: v2
name: pieced-threema-gateway
description: PieCed IT central Threema Gateway relay
type: application
version: 0.1.4
appVersion: "0.1.4"
version: 0.1.6
appVersion: "0.1.6"

15
deploy/helm/pieced-threema-gateway/templates/networkpolicy.yaml
View File

@@ -51,7 +51,17 @@ spec:
- port: "8080"
protocol: TCP
egress:
# DNS
# DNS — with the proxy interceptor on so toFQDNs rules below
# actually work.
#
# Cilium `toFQDNs` matches against a per-pod identity that is
# populated only when the Cilium DNS proxy observes a resolution
# for that name. The proxy is enabled per-policy by a `rules.dns`
# clause on the DNS egress: without it, DNS resolution still
# succeeds (we allow port 53 to kube-system) but Cilium never
# learns the resolved IP, so the subsequent TCP connect to
# msgapi.threema.ch is denied at egress and the relay logs
# "fetch failed" with no further detail.
- toEndpoints:
- matchLabels:
"k8s:io.cilium.k8s.namespace.labels.kubernetes.io/metadata.name": "kube-system"
@@ -61,6 +71,9 @@ spec:
protocol: UDP
- port: "53"
protocol: TCP
rules:
dns:
- matchPattern: "*"
# Threema Gateway public API
- toFQDNs:
- matchName: "msgapi.threema.ch"

8
deploy/helm/pieced-threema-gateway/values.yaml
View File

@@ -6,7 +6,7 @@ namespace: threema-gateway
image:
repository: registry.c5ai.ch/pieced/pieced-threema-gateway
tag: "0.1.4"
tag: "0.1.6"
pullPolicy: IfNotPresent
# Pull from registry.c5ai.ch — matches operator + portal pattern.
@@ -39,7 +39,11 @@ postgres:
instances: 1
storage:
size: 5Gi
storageClass: longhorn-luks2
# Matches portal-db, litellm-pg, zitadel-pg, twenty-pg in pieced-gitops.
# The relay's `messages` log row payload is small (no message bodies,
# ~80 B per row), so 5Gi covers ~50 M messages — far beyond what a
# single tenant's billing window will need.
storageClass: longhorn
resources:
requests:
cpu: 100m