diff --git a/library/common-test/ci/vpn-gluetun-values.yaml b/library/common-test/ci/vpn-gluetun-values.yaml new file mode 100644 index 00000000..0e6a0b9e --- /dev/null +++ b/library/common-test/ci/vpn-gluetun-values.yaml @@ -0,0 +1,78 @@ +service: + main: + enabled: true + primary: true + ports: + main: + enabled: true + primary: true + protocol: http + port: 8080 + +workload: + main: + enabled: true + primary: true + type: Deployment + podSpec: + containers: + main: + enabled: true + primary: true + args: + - --port + - "8080" + probes: + liveness: + enabled: true + type: http + port: "{{ .Values.service.main.ports.main.port }}" + readiness: + enabled: true + type: http + port: "{{ .Values.service.main.ports.main.port }}" + startup: + enabled: true + type: http + port: "{{ .Values.service.main.ports.main.port }}" + + +args: + - --port + - '8080' + +manifestManager: + enabled: false + staging: false + +# -- The common chart supports several add-ons. These can be configured under this key. +# @default -- See below +addons: + # -- The common chart supports adding a VPN add-on. It can be configured under this key. + # For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#wireguard-vpn) + # @default -- See values.yaml + vpn: + # -- Specify the VPN type. Valid options are disabled, gluetun or tailscale + type: tailscale + + # -- All variables specified here will be added to the vpn sidecar container + # See the documentation of the VPN image for all config values + env: + something: UTC + + + # -- you can directly specify the config file here + config: "fdgdfsg" + + scripts: + # -- you can directly specify the upscript here + up: "sffds" + # some script + + # -- you can directly specify the downscript here + down: "fsdfds" + # some script + + # -- select pods to bind vpn addon to + targetSelector: + - main diff --git a/library/common-test/ci/vpn-tailscale-values.yaml b/library/common-test/ci/vpn-tailscale-values.yaml new file mode 100644 index 00000000..0e6a0b9e --- /dev/null +++ b/library/common-test/ci/vpn-tailscale-values.yaml @@ -0,0 +1,78 @@ +service: + main: + enabled: true + primary: true + ports: + main: + enabled: true + primary: true + protocol: http + port: 8080 + +workload: + main: + enabled: true + primary: true + type: Deployment + podSpec: + containers: + main: + enabled: true + primary: true + args: + - --port + - "8080" + probes: + liveness: + enabled: true + type: http + port: "{{ .Values.service.main.ports.main.port }}" + readiness: + enabled: true + type: http + port: "{{ .Values.service.main.ports.main.port }}" + startup: + enabled: true + type: http + port: "{{ .Values.service.main.ports.main.port }}" + + +args: + - --port + - '8080' + +manifestManager: + enabled: false + staging: false + +# -- The common chart supports several add-ons. These can be configured under this key. +# @default -- See below +addons: + # -- The common chart supports adding a VPN add-on. It can be configured under this key. + # For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#wireguard-vpn) + # @default -- See values.yaml + vpn: + # -- Specify the VPN type. Valid options are disabled, gluetun or tailscale + type: tailscale + + # -- All variables specified here will be added to the vpn sidecar container + # See the documentation of the VPN image for all config values + env: + something: UTC + + + # -- you can directly specify the config file here + config: "fdgdfsg" + + scripts: + # -- you can directly specify the upscript here + up: "sffds" + # some script + + # -- you can directly specify the downscript here + down: "fsdfds" + # some script + + # -- select pods to bind vpn addon to + targetSelector: + - main diff --git a/library/common/templates/addons/vpn/_configmap.tpl b/library/common/templates/addons/vpn/_configmap.tpl new file mode 100644 index 00000000..6e58eb92 --- /dev/null +++ b/library/common/templates/addons/vpn/_configmap.tpl @@ -0,0 +1,16 @@ +{{/* +The VPN config and scripts to be included. +*/}} +{{- define "tc.v1.common.addon.vpn.configmap" -}} +enabled: true +data: +{{- with .Values.addons.vpn.scripts.up }} + up.sh: |- + {{- . | nindent 4 }} +{{- end }} + +{{- with .Values.addons.vpn.scripts.down }} + down.sh: |- + {{- . | nindent 4 }} +{{- end -}} +{{- end -}} diff --git a/library/common/templates/addons/vpn/_gluetunContainer.tpl b/library/common/templates/addons/vpn/_gluetunContainer.tpl new file mode 100644 index 00000000..cb273245 --- /dev/null +++ b/library/common/templates/addons/vpn/_gluetunContainer.tpl @@ -0,0 +1,42 @@ +{{/* +The gluetun sidecar container to be inserted. +*/}} +{{- define "tc.v1.common.addon.vpn.gluetun.containers" -}} +{{- range .Values.addons.vpn.targetSelector }} +{{ . }}: + podSpec: + containers: + gluetun: + imageSelector: gluetunImage + securityContext: + runAsUser: 568 + runAsGroup: 568 + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + + {{- with $.Values.addons.vpn.env }} + env: + {{- . | toYaml | nindent 10 }} + {{- end }} + + {{- range $envList := $.Values.addons.vpn.envList -}} + {{- if and $envList.name $envList.value }} + {{ $envList.name }}: {{ $envList.value | quote }} + {{- else -}} + {{- fail "Please specify name/value for VPN environment variable" -}} + {{- end -}} + {{- end -}} + + {{- with $.Values.addons.vpn.args }} + args: + {{- . | toYaml | nindent 10 }} + {{- end }} + + {{- with $.Values.addons.vpn.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 10 }} + {{- end -}} +{{- end }} +{{- end -}} diff --git a/library/common/templates/addons/vpn/_secret.tpl b/library/common/templates/addons/vpn/_secret.tpl new file mode 100644 index 00000000..b46a5d3e --- /dev/null +++ b/library/common/templates/addons/vpn/_secret.tpl @@ -0,0 +1,9 @@ +{{/* +The OpenVPN config secret to be included. +*/}} +{{- define "tc.v1.common.addon.vpn.secret" -}} +enabled: true +data: + vpn.conf: |- + {{- .Values.addons.vpn.config | nindent 4 }} +{{- end -}} diff --git a/library/common/templates/addons/vpn/_tailscaleContainer.tpl b/library/common/templates/addons/vpn/_tailscaleContainer.tpl new file mode 100644 index 00000000..d6b567f2 --- /dev/null +++ b/library/common/templates/addons/vpn/_tailscaleContainer.tpl @@ -0,0 +1,91 @@ +{{/* +The Tailscale sidecar container to be inserted. +*/}} +{{- define "tc.v1.common.addon.vpn.tailscale.containers" -}} +{{- range .Values.addons.vpn.targetSelector }} +{{ . }}: + podSpec: + containers: + tailscale: + imageSelector: "tailscaleImage" + imagePullPolicy: {{ $.Values.tailscaleImage.pullPolicy }} + + command: + - /usr/local/bin/containerboot + + securityContext: + {{- if $.Values.addons.vpn.tailscale.userspace }} + runAsUser: 1000 + runAsGroup: 1000 + runAsNonRoot: true + readOnlyRootFilesystem: true + {{- else }} + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + {{- end }} + capabilities: + add: + - NET_ADMIN + + envFrom: + - secretRef: + name: tailscale-secret + + {{/* + Set KUBE_SECRET to empty string to force tailscale + to use the filesystem for state tracking. + With secret for state tracking you can't always + know if the app that uses this sidecard will + use a custom ServiceAccount and will lead to falure. + */}} + env: + TS_KUBE_SECRET: "" + TS_SOCKET: /var/run/tailscale/tailscaled.sock + TS_STATE_DIR: /var/lib/tailscale + TS_AUTH_ONCE: {{ $.Values.addons.vpn.tailscale.auth_once | quote }} + TS_USERSPACE: {{ $.Values.addons.vpn.tailscale.userspace | quote }} + TS_ACCEPT_DNS: {{ $.Values.addons.vpn.tailscale.accept_dns | quote }} + {{- with $.Values.addons.vpn.tailscale.outbound_http_proxy_listen }} + TS_OUTBOUND_HTTP_PROXY_LISTEN: {{ . }} + {{- end -}} + {{- with $.Values.addons.vpn.tailscale.routes }} + TS_ROUTES: {{ . }} + {{- end -}} + {{- with $.Values.addons.vpn.tailscale.dest_ip }} + TS_DEST_IP: {{ . }} + {{- end -}} + {{- with $.Values.addons.vpn.tailscale.sock5_server }} + TS_SOCKS5_SERVER: {{ . }} + {{- end -}} + {{- with $.Values.addons.vpn.tailscale.extra_args }} + TS_EXTRA_ARGS: {{ . | quote }} + {{- end -}} + {{- with $.Values.addons.vpn.tailscale.daemon_extra_args }} + TS_TAILSCALED_EXTRA_ARGS: {{ . | quote }} + {{- end -}} + {{- with $.Values.addons.vpn.tailscale.authkey }} + TS_AUTH_KEY: {{ . | b64enc }} + {{- end }} + + {{- range $envList := $.Values.addons.vpn.envList -}} + {{- if and $envList.name $envList.value }} + {{ $envList.name }}: {{ $envList.value | quote }} + {{- else -}} + {{- fail "Please specify name/value for VPN environment variable" -}} + {{- end -}} + {{- end -}} + + {{- with $.Values.addons.vpn.env -}} + {{- range $k, $v := . }} + {{ $k }}: {{ $v | quote }} + {{- end -}} + {{- end }} + + {{- with $.Values.addons.vpn.livenessProbe }} + livenessProbe: + {{- toYaml . | nindent 10 }} + {{- end -}} +{{- end }} +{{- end -}} diff --git a/library/common/templates/addons/vpn/_volume.tpl b/library/common/templates/addons/vpn/_volume.tpl new file mode 100644 index 00000000..9179a82e --- /dev/null +++ b/library/common/templates/addons/vpn/_volume.tpl @@ -0,0 +1,92 @@ +{{/* +The volume (referencing VPN scripts) to be inserted into persistence. +*/}} +{{- define "tc.v1.common.addon.vpn.volume.scripts" -}} +enabled: true +type: configmap +objectName: vpnscripts +expandObjectName: false +defaultMode: "0777" +items: +{{- if .Values.addons.vpn.scripts.up }} +- key: up.sh + path: up.sh + mode: 0777 +{{- end }} +{{- if .Values.addons.vpn.scripts.down }} +- key: down.sh + path: down.sh + mode: 0777 +{{- end }} +targetSelector: + {{- range .Values.addons.vpn.targetSelector }} + {{ . }}: + vpn: + mountPath: /vpn/ + {{- end }} +{{- end -}} + + +{{/* +The volume (referencing VPN config) to be inserted into persistence. +*/}} +{{- define "tc.v1.common.addon.vpn.volume.config" -}} +enabled: true +{{- if or .Values.addons.vpn.config .Values.addons.vpn.existingSecret }} +type: secret +defaultMode: "0777" +items: + - key: vpn.conf + path: vpn.conf + +{{ if .Values.addons.vpn.existingSecret }} +objectName: {{ .Values.addons.vpn.existingSecret }} +expandObjectName: false +{{ else }} +objectName: vpnconfig +expandObjectName: true +{{ end }} +{{ else }} + + +type: hostPath +hostPath: {{ .Values.addons.vpn.configFile | default "/vpn/" }} +hostPathType: "File" +{{- end -}} +targetSelector: + {{- range .Values.addons.vpn.targetSelector }} + {{ . }}: + vpn: + mountPath: /vpn/ + {{- end }} +{{- end -}} + +{{/* +The volume (referencing VPN config folder) to be inserted into persistence. +*/}} +{{- define "tc.v1.common.addon.vpn.volume.folder" -}} +enabled: true +type: hostPath +hostPath: '{{ .Values.addons.vpn.configFolder }}' +targetSelector: + {{- range .Values.addons.vpn.targetSelector }} + {{ . }}: + vpn: + mountPath: /vpn/ + {{- end }} +{{- end -}} + + +{{/* +The empty tailscale folder +*/}} +{{- define "tc.v1.common.addon.vpn.volume.tailscale" -}} +enabled: true +type: emptyDir +targetSelector: + {{- range .Values.addons.vpn.targetSelector }} + {{ . }}: + vpn: + mountPath: /vpn/ + {{- end }} +{{- end -}} diff --git a/library/common/templates/addons/vpn/_vpn.tpl b/library/common/templates/addons/vpn/_vpn.tpl index 691b421f..103fcc16 100644 --- a/library/common/templates/addons/vpn/_vpn.tpl +++ b/library/common/templates/addons/vpn/_vpn.tpl @@ -5,13 +5,70 @@ It will include / inject the required templates based on the given values. {{- define "tc.v1.common.addon.vpn" -}} {{- if ne "disabled" .Values.addons.vpn.type -}} + {{- if .Values.addons.vpn.config -}} + {{/* Append the vpn config secret to the secrets */}} + {{- $secret := include "tc.v1.common.addon.vpn.secret" . | fromYaml -}} + {{- if $secret -}} + {{- $_ := set .Values.secret "vpnconfig" $secret -}} + {{- end -}} + {{- end }} + + {{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}} + {{/* Append the vpn up/down scripts to the configmaps */}} + {{- $configmap := include "tc.v1.common.addon.vpn.configmap" . | fromYaml -}} + {{- if $configmap -}} + {{- $_ := set .Values.secret "vpnscripts" $configmap -}} + {{- end -}} + {{- end }} + + {{- if or .Values.addons.vpn.configFile .Values.addons.vpn.config .Values.addons.vpn.configSecret -}} + {{/* Append the vpn config to the persistence */}} + {{- $configper := include "tc.v1.common.addon.vpn.volume.config" . | fromYaml -}} + {{- if $configper -}} + {{- $_ := set .Values.persistence "vpnconfig" $configper -}} + {{- end -}} + {{- end -}} + + {{- if or .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down -}} + {{/* Append the vpn scripts to the persistence */}} + {{- $scriptsper := include "tc.v1.common.addon.vpn.volume.scripts" . | fromYaml -}} + {{- if $scriptsper -}} + {{- $_ := set .Values.persistence "vpnscripts" $scriptsper -}} + {{- end -}} + {{- end -}} + + {{- if or .Values.addons.vpn.configFolder -}} + {{/* Append the vpn folder to the persistence */}} + {{- $folderper := include "tc.v1.common.addon.vpn.volume.scripts" . | fromYaml -}} + {{- if $folderper -}} + {{- $_ := set .Values.persistence "vpnfolder" $folderper -}} + {{- end -}} + {{- end -}} + + {{- if eq "gluetun" .Values.addons.vpn.type -}} - {{- include "tc.v1.common.addon.gluetun" . }} + {{/* Append the code-server container to the additionalContainers */}} + {{- $containers := include "tc.v1.common.addon.vpn.gluetun.containers" . | fromYaml -}} + {{- if $containers -}} + {{- $newworkloads := merge $.Values.workload $containers }} + {{- $_ := set $.Values "workload" $newworkloads -}} + {{- end -}} + {{- else if ( eq "tailscale" .Values.addons.vpn.type ) -}} + {{/* Append the code-server container to the additionalContainers */}} + {{- $containers := include "tc.v1.common.addon.vpn.tailscale.containers" . | fromYaml -}} + {{- if $containers -}} + {{- $newworkloads := merge $.Values.workload $containers }} + {{- $_ := set $.Values "workload" $newworkloads -}} + {{- end -}} + + {{/* Append the empty tailscale folder to the persistence */}} + {{- $tailscaleper := include "tc.v1.common.addon.vpn.volume.tailscale" . | fromYaml -}} + {{- if $tailscaleper -}} + {{- $_ := set .Values.persistence "tailscale" $tailscaleper -}} + {{- end -}} {{- end -}} - {{- if eq "tailscale" .Values.addons.vpn.type -}} - {{- include "tc.v1.common.addon.tailscale" . }} - {{- end -}} + {{- end -}} {{- end -}} diff --git a/library/common/templates/addons/vpn/gluetun/_addon.tpl b/library/common/templates/addons/vpn/gluetun/_addon.tpl deleted file mode 100644 index 70b8bc30..00000000 --- a/library/common/templates/addons/vpn/gluetun/_addon.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{/* -Template to render gluetun addon. It will add a container to the main pod. -*/}} -*/}} -{{- define "tc.v1.common.addon.vpn.gluetun" -}} - {{/* Append the code-server container to the additionalContainers */}} - {{- $container := include "tc.v1.common.addon.vpn.gluetun.container" . | fromYaml -}} - {{- if $container -}} - {{- $_ := set .Values.workload.main.podSpec.containers "vpn" $container -}} - {{- end -}} -{{- end -}} diff --git a/library/common/templates/addons/vpn/gluetun/_container.tpl b/library/common/templates/addons/vpn/gluetun/_container.tpl deleted file mode 100644 index 3dd128db..00000000 --- a/library/common/templates/addons/vpn/gluetun/_container.tpl +++ /dev/null @@ -1,38 +0,0 @@ -{{/* -The gluetun sidecar container to be inserted. -*/}} -{{- define "tc.v1.common.addon.vpn.gluetun.container" -}} -name: gluetun -imageSelector: gluetunImage -securityContext: - runAsUser: 568 - runAsGroup: 568 - capabilities: - add: - - NET_ADMIN - - SYS_MODULE - -{{- with .Values.addons.vpn.env }} -env: - {{- . | toYaml | nindent 2 }} -{{- end }} - -{{- range $envList := .Values.addons.vpn.envList -}} - {{- if and $envList.name $envList.value }} - {{ $envList.name }}: {{ $envList.value | quote }} - {{- else -}} - {{- fail "Please specify name/value for VPN environment variable" -}} - {{- end -}} -{{- end -}} - -{{- with .Values.addons.vpn.args }} -args: - {{- . | toYaml | nindent 2 }} -{{- end }} - -{{- with .Values.addons.vpn.livenessProbe }} -livenessProbe: - {{- toYaml . | nindent 2 }} -{{- end -}} - -{{- end -}} diff --git a/library/common/templates/addons/vpn/tailscale/_addon.tpl b/library/common/templates/addons/vpn/tailscale/_addon.tpl deleted file mode 100644 index be3f51fd..00000000 --- a/library/common/templates/addons/vpn/tailscale/_addon.tpl +++ /dev/null @@ -1,11 +0,0 @@ -{{/* -Template to render Tailscale addon. It will add the container to the list of additionalContainers. -*/}} - -{{- define "tc.v1.common.addon.vpn.tailscale" -}} - {{/* Append the code-server container to the additionalContainers */}} - {{- $container := include "tc.v1.common.addon.vpn.tailscale.container" . | fromYaml -}} - {{- if $container -}} - {{- $_ := set .Values.workload.main.podSpec.containers "vpn" $container -}} - {{- end -}} -{{- end -}} diff --git a/library/common/templates/addons/vpn/tailscale/_container.tpl b/library/common/templates/addons/vpn/tailscale/_container.tpl deleted file mode 100644 index af2892c5..00000000 --- a/library/common/templates/addons/vpn/tailscale/_container.tpl +++ /dev/null @@ -1,87 +0,0 @@ -{{/* -The Tailscale sidecar container to be inserted. -*/}} -{{- define "tc.v1.common.addon.vpn.tailscale.container" -}} -name: tailscale -imageSelector: "tailscaleImage" -imagePullPolicy: {{ .Values.tailscaleImage.pullPolicy }} - -command: - - /usr/local/bin/containerboot - -securityContext: -{{- if .Values.addons.vpn.tailscale.userspace }} - runAsUser: 1000 - runAsGroup: 1000 - runAsNonRoot: true - readOnlyRootFilesystem: true -{{- else }} - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: false - readOnlyRootFilesystem: false -{{- end }} - capabilities: - add: - - NET_ADMIN - -envFrom: - - secretRef: - name: tailscale-secret - -{{/* -Set KUBE_SECRET to empty string to force tailscale -to use the filesystem for state tracking. -With secret for state tracking you can't always -know if the app that uses this sidecard will -use a custom ServiceAccount and will lead to falure. -*/}} -env: - TS_KUBE_SECRET: "" - TS_SOCKET: /var/run/tailscale/tailscaled.sock - TS_STATE_DIR: /var/lib/tailscale - TS_AUTH_ONCE: {{ .Values.addons.vpn.tailscale.auth_once | quote }} - TS_USERSPACE: {{ .Values.addons.vpn.tailscale.userspace | quote }} - TS_ACCEPT_DNS: {{ .Values.addons.vpn.tailscale.accept_dns | quote }} - {{- with .Values.addons.vpn.tailscale.outbound_http_proxy_listen }} - TS_OUTBOUND_HTTP_PROXY_LISTEN: {{ . }} - {{- end -}} - {{- with .Values.addons.vpn.tailscale.routes }} - TS_ROUTES: {{ . }} - {{- end -}} - {{- with .Values.addons.vpn.tailscale.dest_ip }} - TS_DEST_IP: {{ . }} - {{- end -}} - {{- with .Values.addons.vpn.tailscale.sock5_server }} - TS_SOCKS5_SERVER: {{ . }} - {{- end -}} - {{- with .Values.addons.vpn.tailscale.extra_args }} - TS_EXTRA_ARGS: {{ . | quote }} - {{- end -}} - {{- with .Values.addons.vpn.tailscale.daemon_extra_args }} - TS_TAILSCALED_EXTRA_ARGS: {{ . | quote }} - {{- end -}} - {{- with .Values.addons.vpn.tailscale.authkey }} - TS_AUTH_KEY: {{ . | b64enc }} - {{- end }} - -{{- range $envList := .Values.addons.vpn.envList -}} - {{- if and $envList.name $envList.value }} - {{ $envList.name }}: {{ $envList.value | quote }} - {{- else -}} - {{- fail "Please specify name/value for VPN environment variable" -}} - {{- end -}} -{{- end -}} - -{{- with .Values.addons.vpn.env -}} - {{- range $k, $v := . }} - {{ $k }}: {{ $v | quote }} - {{- end -}} -{{- end }} - -{{- with .Values.addons.vpn.livenessProbe }} -livenessProbe: - {{- toYaml . | nindent 2 }} -{{- end -}} - -{{- end -}} diff --git a/library/common/values.yaml b/library/common/values.yaml index 0fdf95bd..271e7ddd 100644 --- a/library/common/values.yaml +++ b/library/common/values.yaml @@ -199,30 +199,7 @@ persistence: type: emptyDir mountPath: /dev/shm targetSelectAll: true - vpnconfig: - enabled: '{{ if or ( eq .Values.addons.vpn.type "gluetun" ) ( eq .Values.addons.vpn.type "tailscale" ) }}true{{ else }}false{{ end }}' - type: hostPath - hostPath: '{{ .Values.addons.vpn.configFile | default "/vpn/vpn.conf" }}' - hostPathType: "File" - targetSelector: - main: - vpn: - mountPath: /vpn/vpn.conf - vpnfolder: - enabled: '{{ if and ( or ( eq .Values.addons.vpn.type "gluetun" ) ( eq .Values.addons.vpn.type "tailscale" )) ( .Values.addons.vpn.configFolder ) }}true{{ else }}false{{ end }}' - type: hostPath - hostPath: '{{ .Values.addons.vpn.configFolder | default "/vpn/mnt/" }}' - targetSelector: - main: - vpn: - mountPath: /vpn/mnt/ - tailscale: - enabled: '{{ if eq .Values.addons.vpn.type "tailscale" }}' - type: emptyDir - targetSelector: - main: - vpn: - mountPath: /var/lib/tailscale + # -- Injected from SCALE middleware @@ -504,16 +481,34 @@ addons: # - name: someenv # value: somevalue - # -- Provide a customized vpn configuration file to be used by the VPN. + + # -- you can directly specify the config file here + config: "" + + scripts: + # -- you can directly specify the upscript here + up: "" + # some script + + # -- you can directly specify the downscript here + down: "" + # some script + + # -- Provide a customized vpn configuration file location to be used by the VPN. configFile: "" - # -- Provide a customized vpn configuration folder to be added to the VPN container + # -- Provide a customized vpn configuration folder location to be added to the VPN container + # The config file needs to be mounted seperately + # the upscript and downscript need to be named: upscript.sh and downscript.sh respectively configFolder: "" - ## TODO to be implemented - # -- Reference an existing secret that contains the VPN configuration file - # The chart expects it to be present under the `vpnConfigfile` key. - # configFileSecret: + # -- Provide an existing secret for vpn config storage + existingSecret: "" + + # -- select pods to bind vpn addon to + targetSelector: + - main + # -- The common library supports adding a code-server add-on to access files. It can be configured under this key. # For more info, check out [our docs](http://docs.k8s-at-home.com/our-helm-charts/common-library-add-ons/#code-server)