mirror of
https://github.com/truecharts/library-charts.git
synced 2026-07-05 04:06:22 -03:00
work on vpn addons with targetSelector support
This commit is contained in:
78
library/common-test/ci/vpn-gluetun-values.yaml
Normal file
78
library/common-test/ci/vpn-gluetun-values.yaml
Normal file
@@ -0,0 +1,78 @@
|
||||
service:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
ports:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
protocol: http
|
||||
port: 8080
|
||||
|
||||
workload:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
type: Deployment
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
args:
|
||||
- --port
|
||||
- "8080"
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
type: http
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
readiness:
|
||||
enabled: true
|
||||
type: http
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
startup:
|
||||
enabled: true
|
||||
type: http
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
|
||||
|
||||
args:
|
||||
- --port
|
||||
- '8080'
|
||||
|
||||
manifestManager:
|
||||
enabled: false
|
||||
staging: false
|
||||
|
||||
# -- The common chart supports several add-ons. These can be configured under this key.
|
||||
# @default -- See below
|
||||
addons:
|
||||
# -- The common chart supports adding a VPN add-on. It can be configured under this key.
|
||||
# For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#wireguard-vpn)
|
||||
# @default -- See values.yaml
|
||||
vpn:
|
||||
# -- Specify the VPN type. Valid options are disabled, gluetun or tailscale
|
||||
type: tailscale
|
||||
|
||||
# -- All variables specified here will be added to the vpn sidecar container
|
||||
# See the documentation of the VPN image for all config values
|
||||
env:
|
||||
something: UTC
|
||||
|
||||
|
||||
# -- you can directly specify the config file here
|
||||
config: "fdgdfsg"
|
||||
|
||||
scripts:
|
||||
# -- you can directly specify the upscript here
|
||||
up: "sffds"
|
||||
# some script
|
||||
|
||||
# -- you can directly specify the downscript here
|
||||
down: "fsdfds"
|
||||
# some script
|
||||
|
||||
# -- select pods to bind vpn addon to
|
||||
targetSelector:
|
||||
- main
|
||||
78
library/common-test/ci/vpn-tailscale-values.yaml
Normal file
78
library/common-test/ci/vpn-tailscale-values.yaml
Normal file
@@ -0,0 +1,78 @@
|
||||
service:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
ports:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
protocol: http
|
||||
port: 8080
|
||||
|
||||
workload:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
type: Deployment
|
||||
podSpec:
|
||||
containers:
|
||||
main:
|
||||
enabled: true
|
||||
primary: true
|
||||
args:
|
||||
- --port
|
||||
- "8080"
|
||||
probes:
|
||||
liveness:
|
||||
enabled: true
|
||||
type: http
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
readiness:
|
||||
enabled: true
|
||||
type: http
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
startup:
|
||||
enabled: true
|
||||
type: http
|
||||
port: "{{ .Values.service.main.ports.main.port }}"
|
||||
|
||||
|
||||
args:
|
||||
- --port
|
||||
- '8080'
|
||||
|
||||
manifestManager:
|
||||
enabled: false
|
||||
staging: false
|
||||
|
||||
# -- The common chart supports several add-ons. These can be configured under this key.
|
||||
# @default -- See below
|
||||
addons:
|
||||
# -- The common chart supports adding a VPN add-on. It can be configured under this key.
|
||||
# For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#wireguard-vpn)
|
||||
# @default -- See values.yaml
|
||||
vpn:
|
||||
# -- Specify the VPN type. Valid options are disabled, gluetun or tailscale
|
||||
type: tailscale
|
||||
|
||||
# -- All variables specified here will be added to the vpn sidecar container
|
||||
# See the documentation of the VPN image for all config values
|
||||
env:
|
||||
something: UTC
|
||||
|
||||
|
||||
# -- you can directly specify the config file here
|
||||
config: "fdgdfsg"
|
||||
|
||||
scripts:
|
||||
# -- you can directly specify the upscript here
|
||||
up: "sffds"
|
||||
# some script
|
||||
|
||||
# -- you can directly specify the downscript here
|
||||
down: "fsdfds"
|
||||
# some script
|
||||
|
||||
# -- select pods to bind vpn addon to
|
||||
targetSelector:
|
||||
- main
|
||||
16
library/common/templates/addons/vpn/_configmap.tpl
Normal file
16
library/common/templates/addons/vpn/_configmap.tpl
Normal file
@@ -0,0 +1,16 @@
|
||||
{{/*
|
||||
The VPN config and scripts to be included.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.configmap" -}}
|
||||
enabled: true
|
||||
data:
|
||||
{{- with .Values.addons.vpn.scripts.up }}
|
||||
up.sh: |-
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
|
||||
{{- with .Values.addons.vpn.scripts.down }}
|
||||
down.sh: |-
|
||||
{{- . | nindent 4 }}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
42
library/common/templates/addons/vpn/_gluetunContainer.tpl
Normal file
42
library/common/templates/addons/vpn/_gluetunContainer.tpl
Normal file
@@ -0,0 +1,42 @@
|
||||
{{/*
|
||||
The gluetun sidecar container to be inserted.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.gluetun.containers" -}}
|
||||
{{- range .Values.addons.vpn.targetSelector }}
|
||||
{{ . }}:
|
||||
podSpec:
|
||||
containers:
|
||||
gluetun:
|
||||
imageSelector: gluetunImage
|
||||
securityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
|
||||
{{- with $.Values.addons.vpn.env }}
|
||||
env:
|
||||
{{- . | toYaml | nindent 10 }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $envList := $.Values.addons.vpn.envList -}}
|
||||
{{- if and $envList.name $envList.value }}
|
||||
{{ $envList.name }}: {{ $envList.value | quote }}
|
||||
{{- else -}}
|
||||
{{- fail "Please specify name/value for VPN environment variable" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- with $.Values.addons.vpn.args }}
|
||||
args:
|
||||
{{- . | toYaml | nindent 10 }}
|
||||
{{- end }}
|
||||
|
||||
{{- with $.Values.addons.vpn.livenessProbe }}
|
||||
livenessProbe:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
9
library/common/templates/addons/vpn/_secret.tpl
Normal file
9
library/common/templates/addons/vpn/_secret.tpl
Normal file
@@ -0,0 +1,9 @@
|
||||
{{/*
|
||||
The OpenVPN config secret to be included.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.secret" -}}
|
||||
enabled: true
|
||||
data:
|
||||
vpn.conf: |-
|
||||
{{- .Values.addons.vpn.config | nindent 4 }}
|
||||
{{- end -}}
|
||||
91
library/common/templates/addons/vpn/_tailscaleContainer.tpl
Normal file
91
library/common/templates/addons/vpn/_tailscaleContainer.tpl
Normal file
@@ -0,0 +1,91 @@
|
||||
{{/*
|
||||
The Tailscale sidecar container to be inserted.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.tailscale.containers" -}}
|
||||
{{- range .Values.addons.vpn.targetSelector }}
|
||||
{{ . }}:
|
||||
podSpec:
|
||||
containers:
|
||||
tailscale:
|
||||
imageSelector: "tailscaleImage"
|
||||
imagePullPolicy: {{ $.Values.tailscaleImage.pullPolicy }}
|
||||
|
||||
command:
|
||||
- /usr/local/bin/containerboot
|
||||
|
||||
securityContext:
|
||||
{{- if $.Values.addons.vpn.tailscale.userspace }}
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: true
|
||||
{{- else }}
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: tailscale-secret
|
||||
|
||||
{{/*
|
||||
Set KUBE_SECRET to empty string to force tailscale
|
||||
to use the filesystem for state tracking.
|
||||
With secret for state tracking you can't always
|
||||
know if the app that uses this sidecard will
|
||||
use a custom ServiceAccount and will lead to falure.
|
||||
*/}}
|
||||
env:
|
||||
TS_KUBE_SECRET: ""
|
||||
TS_SOCKET: /var/run/tailscale/tailscaled.sock
|
||||
TS_STATE_DIR: /var/lib/tailscale
|
||||
TS_AUTH_ONCE: {{ $.Values.addons.vpn.tailscale.auth_once | quote }}
|
||||
TS_USERSPACE: {{ $.Values.addons.vpn.tailscale.userspace | quote }}
|
||||
TS_ACCEPT_DNS: {{ $.Values.addons.vpn.tailscale.accept_dns | quote }}
|
||||
{{- with $.Values.addons.vpn.tailscale.outbound_http_proxy_listen }}
|
||||
TS_OUTBOUND_HTTP_PROXY_LISTEN: {{ . }}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.vpn.tailscale.routes }}
|
||||
TS_ROUTES: {{ . }}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.vpn.tailscale.dest_ip }}
|
||||
TS_DEST_IP: {{ . }}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.vpn.tailscale.sock5_server }}
|
||||
TS_SOCKS5_SERVER: {{ . }}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.vpn.tailscale.extra_args }}
|
||||
TS_EXTRA_ARGS: {{ . | quote }}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.vpn.tailscale.daemon_extra_args }}
|
||||
TS_TAILSCALED_EXTRA_ARGS: {{ . | quote }}
|
||||
{{- end -}}
|
||||
{{- with $.Values.addons.vpn.tailscale.authkey }}
|
||||
TS_AUTH_KEY: {{ . | b64enc }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $envList := $.Values.addons.vpn.envList -}}
|
||||
{{- if and $envList.name $envList.value }}
|
||||
{{ $envList.name }}: {{ $envList.value | quote }}
|
||||
{{- else -}}
|
||||
{{- fail "Please specify name/value for VPN environment variable" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- with $.Values.addons.vpn.env -}}
|
||||
{{- range $k, $v := . }}
|
||||
{{ $k }}: {{ $v | quote }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{- with $.Values.addons.vpn.livenessProbe }}
|
||||
livenessProbe:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
92
library/common/templates/addons/vpn/_volume.tpl
Normal file
92
library/common/templates/addons/vpn/_volume.tpl
Normal file
@@ -0,0 +1,92 @@
|
||||
{{/*
|
||||
The volume (referencing VPN scripts) to be inserted into persistence.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.volume.scripts" -}}
|
||||
enabled: true
|
||||
type: configmap
|
||||
objectName: vpnscripts
|
||||
expandObjectName: false
|
||||
defaultMode: "0777"
|
||||
items:
|
||||
{{- if .Values.addons.vpn.scripts.up }}
|
||||
- key: up.sh
|
||||
path: up.sh
|
||||
mode: 0777
|
||||
{{- end }}
|
||||
{{- if .Values.addons.vpn.scripts.down }}
|
||||
- key: down.sh
|
||||
path: down.sh
|
||||
mode: 0777
|
||||
{{- end }}
|
||||
targetSelector:
|
||||
{{- range .Values.addons.vpn.targetSelector }}
|
||||
{{ . }}:
|
||||
vpn:
|
||||
mountPath: /vpn/
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
The volume (referencing VPN config) to be inserted into persistence.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.volume.config" -}}
|
||||
enabled: true
|
||||
{{- if or .Values.addons.vpn.config .Values.addons.vpn.existingSecret }}
|
||||
type: secret
|
||||
defaultMode: "0777"
|
||||
items:
|
||||
- key: vpn.conf
|
||||
path: vpn.conf
|
||||
|
||||
{{ if .Values.addons.vpn.existingSecret }}
|
||||
objectName: {{ .Values.addons.vpn.existingSecret }}
|
||||
expandObjectName: false
|
||||
{{ else }}
|
||||
objectName: vpnconfig
|
||||
expandObjectName: true
|
||||
{{ end }}
|
||||
{{ else }}
|
||||
|
||||
|
||||
type: hostPath
|
||||
hostPath: {{ .Values.addons.vpn.configFile | default "/vpn/" }}
|
||||
hostPathType: "File"
|
||||
{{- end -}}
|
||||
targetSelector:
|
||||
{{- range .Values.addons.vpn.targetSelector }}
|
||||
{{ . }}:
|
||||
vpn:
|
||||
mountPath: /vpn/
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
The volume (referencing VPN config folder) to be inserted into persistence.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.volume.folder" -}}
|
||||
enabled: true
|
||||
type: hostPath
|
||||
hostPath: '{{ .Values.addons.vpn.configFolder }}'
|
||||
targetSelector:
|
||||
{{- range .Values.addons.vpn.targetSelector }}
|
||||
{{ . }}:
|
||||
vpn:
|
||||
mountPath: /vpn/
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{/*
|
||||
The empty tailscale folder
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.volume.tailscale" -}}
|
||||
enabled: true
|
||||
type: emptyDir
|
||||
targetSelector:
|
||||
{{- range .Values.addons.vpn.targetSelector }}
|
||||
{{ . }}:
|
||||
vpn:
|
||||
mountPath: /vpn/
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
@@ -5,13 +5,70 @@ It will include / inject the required templates based on the given values.
|
||||
{{- define "tc.v1.common.addon.vpn" -}}
|
||||
{{- if ne "disabled" .Values.addons.vpn.type -}}
|
||||
|
||||
{{- if .Values.addons.vpn.config -}}
|
||||
{{/* Append the vpn config secret to the secrets */}}
|
||||
{{- $secret := include "tc.v1.common.addon.vpn.secret" . | fromYaml -}}
|
||||
{{- if $secret -}}
|
||||
{{- $_ := set .Values.secret "vpnconfig" $secret -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
|
||||
{{/* Append the vpn up/down scripts to the configmaps */}}
|
||||
{{- $configmap := include "tc.v1.common.addon.vpn.configmap" . | fromYaml -}}
|
||||
{{- if $configmap -}}
|
||||
{{- $_ := set .Values.secret "vpnscripts" $configmap -}}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .Values.addons.vpn.configFile .Values.addons.vpn.config .Values.addons.vpn.configSecret -}}
|
||||
{{/* Append the vpn config to the persistence */}}
|
||||
{{- $configper := include "tc.v1.common.addon.vpn.volume.config" . | fromYaml -}}
|
||||
{{- if $configper -}}
|
||||
{{- $_ := set .Values.persistence "vpnconfig" $configper -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}}
|
||||
{{/* Append the vpn scripts to the persistence */}}
|
||||
{{- $scriptsper := include "tc.v1.common.addon.vpn.volume.scripts" . | fromYaml -}}
|
||||
{{- if $scriptsper -}}
|
||||
{{- $_ := set .Values.persistence "vpnscripts" $scriptsper -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if or .Values.addons.vpn.configFolder -}}
|
||||
{{/* Append the vpn folder to the persistence */}}
|
||||
{{- $folderper := include "tc.v1.common.addon.vpn.volume.scripts" . | fromYaml -}}
|
||||
{{- if $folderper -}}
|
||||
{{- $_ := set .Values.persistence "vpnfolder" $folderper -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{- if eq "gluetun" .Values.addons.vpn.type -}}
|
||||
{{- include "tc.v1.common.addon.gluetun" . }}
|
||||
{{/* Append the code-server container to the additionalContainers */}}
|
||||
{{- $containers := include "tc.v1.common.addon.vpn.gluetun.containers" . | fromYaml -}}
|
||||
{{- if $containers -}}
|
||||
{{- $newworkloads := merge $.Values.workload $containers }}
|
||||
{{- $_ := set $.Values "workload" $newworkloads -}}
|
||||
{{- end -}}
|
||||
{{- else if ( eq "tailscale" .Values.addons.vpn.type ) -}}
|
||||
{{/* Append the code-server container to the additionalContainers */}}
|
||||
{{- $containers := include "tc.v1.common.addon.vpn.tailscale.containers" . | fromYaml -}}
|
||||
{{- if $containers -}}
|
||||
{{- $newworkloads := merge $.Values.workload $containers }}
|
||||
{{- $_ := set $.Values "workload" $newworkloads -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Append the empty tailscale folder to the persistence */}}
|
||||
{{- $tailscaleper := include "tc.v1.common.addon.vpn.volume.tailscale" . | fromYaml -}}
|
||||
{{- if $tailscaleper -}}
|
||||
{{- $_ := set .Values.persistence "tailscale" $tailscaleper -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if eq "tailscale" .Values.addons.vpn.type -}}
|
||||
{{- include "tc.v1.common.addon.tailscale" . }}
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
@@ -1,11 +0,0 @@
|
||||
{{/*
|
||||
Template to render gluetun addon. It will add a container to the main pod.
|
||||
*/}}
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.gluetun" -}}
|
||||
{{/* Append the code-server container to the additionalContainers */}}
|
||||
{{- $container := include "tc.v1.common.addon.vpn.gluetun.container" . | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- $_ := set .Values.workload.main.podSpec.containers "vpn" $container -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,38 +0,0 @@
|
||||
{{/*
|
||||
The gluetun sidecar container to be inserted.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.gluetun.container" -}}
|
||||
name: gluetun
|
||||
imageSelector: gluetunImage
|
||||
securityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
- SYS_MODULE
|
||||
|
||||
{{- with .Values.addons.vpn.env }}
|
||||
env:
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $envList := .Values.addons.vpn.envList -}}
|
||||
{{- if and $envList.name $envList.value }}
|
||||
{{ $envList.name }}: {{ $envList.value | quote }}
|
||||
{{- else -}}
|
||||
{{- fail "Please specify name/value for VPN environment variable" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- with .Values.addons.vpn.args }}
|
||||
args:
|
||||
{{- . | toYaml | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- with .Values.addons.vpn.livenessProbe }}
|
||||
livenessProbe:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
@@ -1,11 +0,0 @@
|
||||
{{/*
|
||||
Template to render Tailscale addon. It will add the container to the list of additionalContainers.
|
||||
*/}}
|
||||
|
||||
{{- define "tc.v1.common.addon.vpn.tailscale" -}}
|
||||
{{/* Append the code-server container to the additionalContainers */}}
|
||||
{{- $container := include "tc.v1.common.addon.vpn.tailscale.container" . | fromYaml -}}
|
||||
{{- if $container -}}
|
||||
{{- $_ := set .Values.workload.main.podSpec.containers "vpn" $container -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
@@ -1,87 +0,0 @@
|
||||
{{/*
|
||||
The Tailscale sidecar container to be inserted.
|
||||
*/}}
|
||||
{{- define "tc.v1.common.addon.vpn.tailscale.container" -}}
|
||||
name: tailscale
|
||||
imageSelector: "tailscaleImage"
|
||||
imagePullPolicy: {{ .Values.tailscaleImage.pullPolicy }}
|
||||
|
||||
command:
|
||||
- /usr/local/bin/containerboot
|
||||
|
||||
securityContext:
|
||||
{{- if .Values.addons.vpn.tailscale.userspace }}
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
readOnlyRootFilesystem: true
|
||||
{{- else }}
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
readOnlyRootFilesystem: false
|
||||
{{- end }}
|
||||
capabilities:
|
||||
add:
|
||||
- NET_ADMIN
|
||||
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: tailscale-secret
|
||||
|
||||
{{/*
|
||||
Set KUBE_SECRET to empty string to force tailscale
|
||||
to use the filesystem for state tracking.
|
||||
With secret for state tracking you can't always
|
||||
know if the app that uses this sidecard will
|
||||
use a custom ServiceAccount and will lead to falure.
|
||||
*/}}
|
||||
env:
|
||||
TS_KUBE_SECRET: ""
|
||||
TS_SOCKET: /var/run/tailscale/tailscaled.sock
|
||||
TS_STATE_DIR: /var/lib/tailscale
|
||||
TS_AUTH_ONCE: {{ .Values.addons.vpn.tailscale.auth_once | quote }}
|
||||
TS_USERSPACE: {{ .Values.addons.vpn.tailscale.userspace | quote }}
|
||||
TS_ACCEPT_DNS: {{ .Values.addons.vpn.tailscale.accept_dns | quote }}
|
||||
{{- with .Values.addons.vpn.tailscale.outbound_http_proxy_listen }}
|
||||
TS_OUTBOUND_HTTP_PROXY_LISTEN: {{ . }}
|
||||
{{- end -}}
|
||||
{{- with .Values.addons.vpn.tailscale.routes }}
|
||||
TS_ROUTES: {{ . }}
|
||||
{{- end -}}
|
||||
{{- with .Values.addons.vpn.tailscale.dest_ip }}
|
||||
TS_DEST_IP: {{ . }}
|
||||
{{- end -}}
|
||||
{{- with .Values.addons.vpn.tailscale.sock5_server }}
|
||||
TS_SOCKS5_SERVER: {{ . }}
|
||||
{{- end -}}
|
||||
{{- with .Values.addons.vpn.tailscale.extra_args }}
|
||||
TS_EXTRA_ARGS: {{ . | quote }}
|
||||
{{- end -}}
|
||||
{{- with .Values.addons.vpn.tailscale.daemon_extra_args }}
|
||||
TS_TAILSCALED_EXTRA_ARGS: {{ . | quote }}
|
||||
{{- end -}}
|
||||
{{- with .Values.addons.vpn.tailscale.authkey }}
|
||||
TS_AUTH_KEY: {{ . | b64enc }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $envList := .Values.addons.vpn.envList -}}
|
||||
{{- if and $envList.name $envList.value }}
|
||||
{{ $envList.name }}: {{ $envList.value | quote }}
|
||||
{{- else -}}
|
||||
{{- fail "Please specify name/value for VPN environment variable" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- with .Values.addons.vpn.env -}}
|
||||
{{- range $k, $v := . }}
|
||||
{{ $k }}: {{ $v | quote }}
|
||||
{{- end -}}
|
||||
{{- end }}
|
||||
|
||||
{{- with .Values.addons.vpn.livenessProbe }}
|
||||
livenessProbe:
|
||||
{{- toYaml . | nindent 2 }}
|
||||
{{- end -}}
|
||||
|
||||
{{- end -}}
|
||||
@@ -199,30 +199,7 @@ persistence:
|
||||
type: emptyDir
|
||||
mountPath: /dev/shm
|
||||
targetSelectAll: true
|
||||
vpnconfig:
|
||||
enabled: '{{ if or ( eq .Values.addons.vpn.type "gluetun" ) ( eq .Values.addons.vpn.type "tailscale" ) }}true{{ else }}false{{ end }}'
|
||||
type: hostPath
|
||||
hostPath: '{{ .Values.addons.vpn.configFile | default "/vpn/vpn.conf" }}'
|
||||
hostPathType: "File"
|
||||
targetSelector:
|
||||
main:
|
||||
vpn:
|
||||
mountPath: /vpn/vpn.conf
|
||||
vpnfolder:
|
||||
enabled: '{{ if and ( or ( eq .Values.addons.vpn.type "gluetun" ) ( eq .Values.addons.vpn.type "tailscale" )) ( .Values.addons.vpn.configFolder ) }}true{{ else }}false{{ end }}'
|
||||
type: hostPath
|
||||
hostPath: '{{ .Values.addons.vpn.configFolder | default "/vpn/mnt/" }}'
|
||||
targetSelector:
|
||||
main:
|
||||
vpn:
|
||||
mountPath: /vpn/mnt/
|
||||
tailscale:
|
||||
enabled: '{{ if eq .Values.addons.vpn.type "tailscale" }}'
|
||||
type: emptyDir
|
||||
targetSelector:
|
||||
main:
|
||||
vpn:
|
||||
mountPath: /var/lib/tailscale
|
||||
|
||||
|
||||
|
||||
# -- Injected from SCALE middleware
|
||||
@@ -504,16 +481,34 @@ addons:
|
||||
# - name: someenv
|
||||
# value: somevalue
|
||||
|
||||
# -- Provide a customized vpn configuration file to be used by the VPN.
|
||||
|
||||
# -- you can directly specify the config file here
|
||||
config: ""
|
||||
|
||||
scripts:
|
||||
# -- you can directly specify the upscript here
|
||||
up: ""
|
||||
# some script
|
||||
|
||||
# -- you can directly specify the downscript here
|
||||
down: ""
|
||||
# some script
|
||||
|
||||
# -- Provide a customized vpn configuration file location to be used by the VPN.
|
||||
configFile: ""
|
||||
|
||||
# -- Provide a customized vpn configuration folder to be added to the VPN container
|
||||
# -- Provide a customized vpn configuration folder location to be added to the VPN container
|
||||
# The config file needs to be mounted seperately
|
||||
# the upscript and downscript need to be named: upscript.sh and downscript.sh respectively
|
||||
configFolder: ""
|
||||
|
||||
## TODO to be implemented
|
||||
# -- Reference an existing secret that contains the VPN configuration file
|
||||
# The chart expects it to be present under the `vpnConfigfile` key.
|
||||
# configFileSecret:
|
||||
# -- Provide an existing secret for vpn config storage
|
||||
existingSecret: ""
|
||||
|
||||
# -- select pods to bind vpn addon to
|
||||
targetSelector:
|
||||
- main
|
||||
|
||||
|
||||
# -- The common library supports adding a code-server add-on to access files. It can be configured under this key.
|
||||
# For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#code-server)
|
||||
|
||||
Reference in New Issue
Block a user