wrenix/helm-charts
1
0
Fork 0
Code Issues 8 Pull requests 8 Projects Packages Activity

fix(headscale)!: update to v0.23.0 with breaking changes

Browse source
This commit is contained in:
WrenIX 2024-09-21 17:11:35 +02:00
parent 330095207e
commit 2b84699651
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
11 changed files with 299 additions and 794 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
headscale-ui/Chart.yaml
View file

@ -3,9 +3,9 @@ name: headscale-ui
description: A simple Headscale web UI for small-scale deployments.
icon: https://raw.githubusercontent.com/gurucomputing/headscale-ui/master/static/favicon.png
type: application
version: 0.2.0
version: 0.2.1
# renovate: image=ghcr.io/gurucomputing/headscale-ui
appVersion: "2024.02.24-beta1"
appVersion: "2024.10.10"
maintainers:
- name: WrenIX
url: https://wrenix.eu

251
headscale-ui/README.adoc
View file

@ -1,251 +0,0 @@
= headscale-ui
image::https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square[Version: 0.2.0]
image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
image::https://img.shields.io/badge/AppVersion-2024.02.24-beta1-informational?style=flat-square[AppVersion: 2024.02.24-beta1]
== Maintainers
.Maintainers
|===
| Name | Email | Url
| WrenIX
|
| <https://wrenix.eu>
|===
== Usage
Helm must be installed and setup to your kubernetes cluster to use the charts.
Refer to Helm's https://helm.sh/docs[documentation] to get started.
Once Helm has been set up correctly, fetch the charts as follows:
[source,bash]
----
helm pull oci://codeberg.org/wrenix/helm-charts/headscale-ui
----
You can install a chart release using the following command:
[source,bash]
----
helm install headscale-ui-release oci://codeberg.org/wrenix/helm-charts/headscale-ui --values values.yaml
----
To uninstall a chart release use `helm`'s delete command:
[source,bash]
----
helm uninstall headscale-ui-release
----
== Values
.Values
|===
| Key | Type | Default | Description
| affinity
| object
| `{}`
|
| autoscaling.enabled
| bool
| `false`
|
| autoscaling.maxReplicas
| int
| `100`
|
| autoscaling.minReplicas
| int
| `1`
|
| autoscaling.targetCPUUtilizationPercentage
| int
| `80`
|
| fullnameOverride
| string
| `""`
|
| global.image.pullPolicy
| string
| `nil`
| if set it will overwrite all pullPolicy
| global.image.registry
| string
| `nil`
| if set it will overwrite all registry entries
| image.pullPolicy
| string
| `"IfNotPresent"`
|
| image.registry
| string
| `"ghcr.io"`
|
| image.repository
| string
| `"gurucomputing/headscale-ui"`
|
| image.tag
| string
| `""`
|
| imagePullSecrets
| list
| `[]`
|
| ingress.annotations
| object
| `{}`
|
| ingress.className
| string
| `""`
|
| ingress.enabled
| bool
| `false`
|
| ingress.hosts[0].host
| string
| `"chart-example.local"`
|
| ingress.hosts[0].paths[0].path
| string
| `"/"`
|
| ingress.hosts[0].paths[0].pathType
| string
| `"ImplementationSpecific"`
|
| ingress.tls
| list
| `[]`
|
| nameOverride
| string
| `""`
|
| networkPolicy.egress.enabled
| bool
| `true`
| activate egress no networkpolicy
| networkPolicy.egress.extra
| list
| `[]`
| egress rules
| networkPolicy.enabled
| bool
| `false`
|
| networkPolicy.ingress.http
| list
| `[]`
| ingress for http port (e.g. ingress-controller)
| networkPolicy.ingress.https
| list
| `[]`
|
| nodeSelector
| object
| `{}`
|
| podAnnotations
| object
| `{}`
|
| podLabels
| object
| `{}`
|
| podSecurityContext
| object
| `{}`
|
| replicaCount
| int
| `1`
|
| resources
| object
| `{}`
|
| securityContext
| object
| `{}`
|
| service.port.http
| int
| `8080`
|
| service.port.https
| int
| `8443`
|
| service.type
| string
| `"ClusterIP"`
|
| serviceAccount.annotations
| object
| `{}`
|
| serviceAccount.create
| bool
| `true`
|
| serviceAccount.name
| string
| `""`
|
| tolerations
| list
| `[]`
|
|===
Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

87
headscale-ui/README.md Normal file
View file

@ -0,0 +1,87 @@
---
title: "headscale-ui"
description: "A simple Headscale web UI for small-scale deployments."
---
# headscale-ui
![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2024.10.10](https://img.shields.io/badge/AppVersion-2024.10.10-informational?style=flat-square)
A simple Headscale web UI for small-scale deployments.
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| WrenIX | | <https://wrenix.eu> |
## Usage
Helm must be installed and setup to your kubernetes cluster to use the charts.
Refer to Helm's [documentation](https://helm.sh/docs) to get started.
Once Helm has been set up correctly, fetch the charts as follows:
```bash
helm pull oci://codeberg.org/wrenix/helm-charts/headscale-ui
```
You can install a chart release using the following command:
```bash
helm install headscale-ui-release oci://codeberg.org/wrenix/helm-charts/headscale-ui --values values.yaml
```
To uninstall a chart release use `helm`'s delete command:
```bash
helm uninstall headscale-ui-release
```
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | |
| autoscaling.enabled | bool | `false` | |
| autoscaling.maxReplicas | int | `100` | |
| autoscaling.minReplicas | int | `1` | |
| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
| fullnameOverride | string | `""` | |
| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy |
| global.image.registry | string | `nil` | if set it will overwrite all registry entries |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.registry | string | `"ghcr.io"` | |
| image.repository | string | `"gurucomputing/headscale-ui"` | |
| image.tag | string | `""` | |
| imagePullSecrets | list | `[]` | |
| ingress.annotations | object | `{}` | |
| ingress.className | string | `""` | |
| ingress.enabled | bool | `false` | |
| ingress.hosts[0].host | string | `"chart-example.local"` | |
| ingress.hosts[0].paths[0].path | string | `"/"` | |
| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
| ingress.tls | list | `[]` | |
| nameOverride | string | `""` | |
| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy |
| networkPolicy.egress.extra | list | `[]` | egress rules |
| networkPolicy.enabled | bool | `false` | |
| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) |
| networkPolicy.ingress.https | list | `[]` | |
| nodeSelector | object | `{}` | |
| podAnnotations | object | `{}` | |
| podLabels | object | `{}` | |
| podSecurityContext | object | `{}` | |
| replicaCount | int | `1` | |
| resources | object | `{}` | |
| securityContext | object | `{}` | |
| service.port.http | int | `8080` | |
| service.port.https | int | `8443` | |
| service.type | string | `"ClusterIP"` | |
| serviceAccount.annotations | object | `{}` | |
| serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | |
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

6
headscale/Chart.yaml
View file

@ -3,9 +3,9 @@ name: headscale
description: An open source, self-hosted implementation of the Tailscale control server.
icon: https://raw.githubusercontent.com/juanfont/headscale/56a7b1e34952c3e0306a134b2be9b4277f5d8d6e/docs/logo/headscale3-dots.svg
type: application
version: 0.4.0
# renovate: image=docker.io/headscale/headscale
appVersion: "0.22.3"
version: 1.0.0
# renovate: image=ghcr.io/headscale/headscale
appVersion: "0.23.0"
maintainers:
- name: WrenIX
url: https://wrenix.eu

491
headscale/README.adoc
View file

@ -1,491 +0,0 @@
= headscale
image::https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square[Version: 0.4.0]
image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application]
image::https://img.shields.io/badge/AppVersion-0.22.3-informational?style=flat-square[AppVersion: 0.22.3]
== Maintainers
.Maintainers
|===
| Name | Email | Url
| WrenIX
|
| <https://wrenix.eu>
|===
== Usage
Helm must be installed and setup to your kubernetes cluster to use the charts.
Refer to Helm's https://helm.sh/docs[documentation] to get started.
Once Helm has been set up correctly, fetch the charts as follows:
[source,bash]
----
helm pull oci://codeberg.org/wrenix/helm-charts/headscale
----
You can install a chart release using the following command:
[source,bash]
----
helm install headscale-release oci://codeberg.org/wrenix/helm-charts/headscale --values values.yaml
----
To uninstall a chart release use `helm`'s delete command:
[source,bash]
----
helm uninstall headscale-release
----
== Values
.Values
|===
| Key | Type | Default | Description
| affinity
| object
| `{}`
|
| autoscaling.enabled
| bool
| `false`
|
| autoscaling.maxReplicas
| int
| `100`
|
| autoscaling.minReplicas
| int
| `1`
|
| autoscaling.targetCPUUtilizationPercentage
| int
| `80`
|
| fullnameOverride
| string
| `""`
|
| headscale.certmanager.dnsNames[0]
| string
| `"example.com"`
|
| headscale.certmanager.enabled
| bool
| `true`
|
| headscale.certmanager.issuerRef.group
| string
| `"cert-manager.io"`
|
| headscale.certmanager.issuerRef.kind
| string
| `"ClusterIssuer"`
|
| headscale.certmanager.issuerRef.name
| string
| `"letsencrypt-prod"`
|
| headscale.config.db_path
| string
| `"/var/lib/headscale/db.sqlite"`
|
| headscale.config.db_type
| string
| `"sqlite3"`
|
| headscale.config.derp.paths
| list
| `[]`
|
| headscale.config.derp.server.enabled
| bool
| `true`
|
| headscale.config.derp.server.region_code
| string
| `"headscale"`
|
| headscale.config.derp.server.region_id
| int
| `999`
|
| headscale.config.derp.server.region_name
| string
| `"Headscale Embedded DERP"`
|
| headscale.config.derp.server.stun_listen_addr
| string
| `"0.0.0.0:3478"`
|
| headscale.config.derp.update_frequency
| string
| `"24h"`
|
| headscale.config.derp.urls
| list
| `[]`
|
| headscale.config.disable_check_updates
| bool
| `true`
|
| headscale.config.grpc_listen_addr
| string
| `":50443"`
|
| headscale.config.listen_addr
| string
| `":8080"`
|
| headscale.config.metrics_listen_addr
| string
| `":9090"`
|
| headscale.config.noise.private_key_path
| string
| `"/etc/headscale/secrets/noise.key"`
|
| headscale.config.private_key_path
| string
| `"/etc/headscale/secrets/wireguard.key"`
|
| headscale.config.server_url
| string
| `"http://127.0.0.1:8080"`
|
| headscale.config.tls_cert_path
| string
| `"/etc/headscale/certs/tls.crt"`
|
| headscale.config.tls_key_path
| string
| `"/etc/headscale/certs/tls.key"`
|
| headscale.keys.create
| bool
| `true`
| Create a new private key, if not exists
| headscale.keys.existingSecret
| string
| `""`
| Use an existing secret
| image.pullPolicy
| string
| `"IfNotPresent"`
|
| image.registry
| string
| `"ghcr.io"`
|
| image.repository
| string
| `"juanfont/headscale"`
|
| image.tag
| string
| `""`
|
| imagePullSecrets
| list
| `[]`
|
| ingress.annotations
| object
| `{}`
|
| ingress.className
| string
| `""`
|
| ingress.enabled
| bool
| `false`
|
| ingress.hosts[0].host
| string
| `"chart-example.local"`
|
| ingress.hosts[0].paths[0].path
| string
| `"/"`
|
| ingress.hosts[0].paths[0].pathType
| string
| `"ImplementationSpecific"`
|
| ingress.tls
| list
| `[]`
|
| nameOverride
| string
| `""`
|
| networkPolicy.egress.enabled
| bool
| `false`
| activate egress no networkpolicy
| networkPolicy.egress.extra
| list
| `[]`
| egress rules
| networkPolicy.enabled
| bool
| `false`
|
| networkPolicy.ingress.derp
| list
| `[{"ipBlock":{"cidr":"0.0.0.0/0"}},{"ipBlock":{"cidr":"::/0"}}]`
| ingress for derp
| networkPolicy.ingress.grpc
| list
| `[]`
| ingress for grpc port
| networkPolicy.ingress.http
| list
| `[]`
| ingress for http port (e.g. ingress-controller)
| networkPolicy.ingress.metrics
| list
| `[]`
| ingress for metrics port (e.g. prometheus)
| nodeSelector
| object
| `{}`
|
| persistence.accessMode
| string
| `"ReadWriteOnce"`
|
| persistence.annotations
| object
| `{}`
|
| persistence.enabled
| bool
| `false`
|
| persistence.existingClaim
| string
| `nil`
| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound
| persistence.hostPath
| string
| `nil`
| Create a PV on Node with given hostPath storageClass has to be manual
| persistence.size
| string
| `"1Gi"`
|
| persistence.storageClass
| string
| `nil`
| data Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack)
| podAnnotations
| object
| `{}`
|
| podLabels
| object
| `{}`
|
| podSecurityContext
| object
| `{}`
|
| prometheus.rules.additionalRules
| list
| `[]`
|
| prometheus.rules.defaults.enabled
| bool
| `true`
|
| prometheus.rules.defaults.filter
| string
| `""`
|
| prometheus.rules.defaults.lastUpdates.critical
| int
| `3600`
|
| prometheus.rules.defaults.lastUpdates.info
| int
| `300`
|
| prometheus.rules.defaults.lastUpdates.warning
| int
| `600`
|
| prometheus.rules.enabled
| bool
| `false`
|
| prometheus.rules.labels
| object
| `{}`
|
| prometheus.servicemonitor.enabled
| bool
| `false`
|
| prometheus.servicemonitor.labels
| object
| `{}`
|
| replicaCount
| int
| `1`
|
| resources
| object
| `{}`
|
| securityContext
| object
| `{}`
|
| service.annotations
| string
| `nil`
|
| service.derp.annotations
| string
| `nil`
|
| service.derp.port
| int
| `3478`
|
| service.derp.type
| string
| `"LoadBalancer"`
|
| service.port.grpc
| int
| `50443`
|
| service.port.http
| int
| `8080`
|
| service.port.metrics
| int
| `9090`
|
| service.type
| string
| `"ClusterIP"`
|
| serviceAccount.annotations
| object
| `{}`
|
| serviceAccount.create
| bool
| `true`
|
| serviceAccount.name
| string
| `""`
|
| tolerations
| list
| `[]`
|
|===
Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs]

145
headscale/README.md Normal file
View file

@ -0,0 +1,145 @@
---
title: "headscale"
description: "An open source, self-hosted implementation of the Tailscale control server."
---
# headscale
![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.23.0](https://img.shields.io/badge/AppVersion-0.23.0-informational?style=flat-square)
An open source, self-hosted implementation of the Tailscale control server.
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| WrenIX | | <https://wrenix.eu> |
## Usage
Helm must be installed and setup to your kubernetes cluster to use the charts.
Refer to Helm's [documentation](https://helm.sh/docs) to get started.
Once Helm has been set up correctly, fetch the charts as follows:
```bash
helm pull oci://codeberg.org/wrenix/helm-charts/headscale
```
You can install a chart release using the following command:
```bash
helm install headscale-release oci://codeberg.org/wrenix/helm-charts/headscale --values values.yaml
```
To uninstall a chart release use `helm`'s delete command:
```bash
helm uninstall headscale-release
```
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | |
| autoscaling.enabled | bool | `false` | |
| autoscaling.maxReplicas | int | `100` | |
| autoscaling.minReplicas | int | `1` | |
| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
| fullnameOverride | string | `""` | |
| headscale.certmanager.dnsNames[0] | string | `"example.com"` | |
| headscale.certmanager.enabled | bool | `true` | |
| headscale.certmanager.issuerRef.group | string | `"cert-manager.io"` | |
| headscale.certmanager.issuerRef.kind | string | `"ClusterIssuer"` | |
| headscale.certmanager.issuerRef.name | string | `"letsencrypt-prod"` | |
| headscale.config.database.postgres.host | string | `"localhost"` | |
| headscale.config.database.postgres.name | string | `"headscale"` | |
| headscale.config.database.postgres.pass | string | `"bar"` | |
| headscale.config.database.postgres.port | int | `5432` | |
| headscale.config.database.postgres.user | string | `"foo"` | |
| headscale.config.database.sqlite.path | string | `"/var/lib/headscale/db.sqlite"` | |
| headscale.config.database.type | string | `"sqlite"` | |
| headscale.config.derp.paths | list | `[]` | |
| headscale.config.derp.server.enabled | bool | `true` | |
| headscale.config.derp.server.private_key_path | string | `"/etc/headscale/secrets/derp.key"` | |
| headscale.config.derp.server.region_code | string | `"headscale"` | |
| headscale.config.derp.server.region_id | int | `999` | |
| headscale.config.derp.server.region_name | string | `"Headscale Embedded DERP"` | |
| headscale.config.derp.server.stun_listen_addr | string | `"0.0.0.0:3478"` | |
| headscale.config.derp.update_frequency | string | `"24h"` | |
| headscale.config.derp.urls | list | `[]` | |
| headscale.config.disable_check_updates | bool | `true` | |
| headscale.config.dns.base_domain | string | `"example.com"` | |
| headscale.config.grpc_listen_addr | string | `":50443"` | |
| headscale.config.listen_addr | string | `":8080"` | |
| headscale.config.metrics_listen_addr | string | `":9090"` | |
| headscale.config.noise.private_key_path | string | `"/etc/headscale/secrets/noise.key"` | |
| headscale.config.prefixes.allocation | string | `"sequential"` | |
| headscale.config.prefixes.v4 | string | `"100.64.0.0/10"` | |
| headscale.config.prefixes.v6 | string | `"fd7a:115c:a1e0::/48"` | |
| headscale.config.private_key_path | string | `"/etc/headscale/secrets/wireguard.key"` | |
| headscale.config.server_url | string | `"http://127.0.0.1:8080"` | |
| headscale.config.tls_cert_path | string | `"/etc/headscale/certs/tls.crt"` | |
| headscale.config.tls_key_path | string | `"/etc/headscale/certs/tls.key"` | |
| headscale.keys.create | bool | `true` | Create a new private key, if not exists |
| headscale.keys.existingSecret | string | `""` | Use an existing secret |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.registry | string | `"ghcr.io"` | |
| image.repository | string | `"juanfont/headscale"` | |
| image.tag | string | `""` | |
| imagePullSecrets | list | `[]` | |
| ingress.annotations | object | `{}` | |
| ingress.className | string | `""` | |
| ingress.enabled | bool | `false` | |
| ingress.hosts[0].host | string | `"chart-example.local"` | |
| ingress.hosts[0].paths[0].path | string | `"/"` | |
| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
| ingress.tls | list | `[]` | |
| nameOverride | string | `""` | |
| networkPolicy.egress.enabled | bool | `false` | activate egress no networkpolicy |
| networkPolicy.egress.extra | list | `[]` | egress rules |
| networkPolicy.enabled | bool | `false` | |
| networkPolicy.ingress.derp | list | `[{"ipBlock":{"cidr":"0.0.0.0/0"}},{"ipBlock":{"cidr":"::/0"}}]` | ingress for derp |
| networkPolicy.ingress.grpc | list | `[]` | ingress for grpc port |
| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) |
| networkPolicy.ingress.metrics | list | `[]` | ingress for metrics port (e.g. prometheus) |
| nodeSelector | object | `{}` | |
| persistence.accessMode | string | `"ReadWriteOnce"` | |
| persistence.annotations | object | `{}` | |
| persistence.enabled | bool | `false` | |
| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound |
| persistence.hostPath | string | `nil` | Create a PV on Node with given hostPath storageClass has to be manual |
| persistence.size | string | `"1Gi"` | |
| persistence.storageClass | string | `nil` | data Persistent Volume Storage Class If defined, storageClassName: <storageClass> If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) |
| podAnnotations | object | `{}` | |
| podLabels | object | `{}` | |
| podSecurityContext | object | `{}` | |
| prometheus.rules.additionalRules | list | `[]` | |
| prometheus.rules.defaults.enabled | bool | `true` | |
| prometheus.rules.defaults.filter | string | `""` | |
| prometheus.rules.defaults.lastUpdates.critical | int | `3600` | |
| prometheus.rules.defaults.lastUpdates.info | int | `300` | |
| prometheus.rules.defaults.lastUpdates.warning | int | `600` | |
| prometheus.rules.enabled | bool | `false` | |
| prometheus.rules.labels | object | `{}` | |
| prometheus.servicemonitor.enabled | bool | `false` | |
| prometheus.servicemonitor.labels | object | `{}` | |
| replicaCount | int | `1` | |
| resources | object | `{}` | |
| securityContext | object | `{}` | |
| service.annotations | string | `nil` | |
| service.derp.annotations | string | `nil` | |
| service.derp.port | int | `3478` | |
| service.derp.type | string | `"LoadBalancer"` | |
| service.port.grpc | int | `50443` | |
| service.port.http | int | `8080` | |
| service.port.metrics | int | `9090` | |
| service.type | string | `"ClusterIP"` | |
| serviceAccount.annotations | object | `{}` | |
| serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | |
| tolerations | list | `[]` | |
Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs)

3
headscale/templates/deployment.yaml
View file

@ -40,7 +40,6 @@ spec:
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- "headscale"
- "serve"
ports:
- name: http
@ -110,6 +109,8 @@ spec:
path: "wireguard.key"
- key: "noise.key"
path: "noise.key"
- key: "derp.key"
path: "derp.key"
{{- if .Values.headscale.certmanager.enabled }}
- name: certs
secret:

69
headscale/templates/jobs.yaml
View file

@ -76,34 +76,10 @@ spec:
spec:
restartPolicy: "Never"
serviceAccount: {{ $name }}
containers:
- name: upload-key
image: bitnami/kubectl
command:
- sh
- -c
- |
# check if key already exists
key=$(kubectl get secret {{ $secretName }} -o jsonpath="{.data['wireguard.key']}" 2> /dev/null)
[ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1
[ -n "$key" ] && echo "Key already created, exiting." && exit 0
# wait for wireguard key
while [ ! -f /etc/headscale/secrets/wireguard.key ]; do
echo "Waiting for wireguard key.."
sleep 5;
done
# update secret
kubectl patch secret {{ $secretName }} -p "{\"data\":{\"wireguard.key\":\"$(base64 /etc/headscale/secrets/wireguard.key | tr -d '\n')\"}}"
kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(base64 /etc/headscale/secrets/noise.key | tr -d '\n')\"}}"
[ $? -ne 0 ] && echo "Failed to update secret." && exit 1
echo "Signing key successfully created."
volumeMounts:
- mountPath: /etc/headscale/secrets
name: secrets
readOnly: true
initContainers:
- name: generate-key
{{- with .Values.image }}
image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}"
image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}-debug"
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
@ -111,16 +87,49 @@ spec:
- -c
- |
set -e
/bin/headscale generate private-key | tail -1 | sed 's/privkey://' > /etc/headscale/secrets/wireguard.key
chown 1001:1001 /etc/headscale/secrets/wireguard.key
/bin/headscale generate private-key | tail -1 | sed 's/privkey://' > /etc/headscale/secrets/noise.key
chown 1001:1001 /etc/headscale/secrets/noise.key
echo "generate private-keys"
headscale generate private-key --output json > /etc/headscale/secrets/wireguard.json
headscale generate private-key --output json > /etc/headscale/secrets/noise.json
headscale generate private-key --output json > /etc/headscale/secrets/derp.json
ls /etc/headscale/secrets/
volumeMounts:
- name: config
mountPath: "/etc/headscale"
readOnly: true
- mountPath: "/etc/headscale/secrets"
name: secrets
containers:
- name: upload-key
image: bitnami/kubectl
command:
- sh
- -c
- |
# check if key already exists
key=$(kubectl get secret {{ $secretName }} -o jsonpath="{.data}" 2> /dev/null)
[ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1
if ! echo $key | jq -e 'has("wireguard.key")' 2> /dev/null ; then
echo "store wireguard.key"
kubectl patch secret {{ $secretName }} -p "{\"data\":{\"wireguard.key\":\"$(jq -r '.["private_key"] | split(":")[1] | @base64' /etc/headscale/secrets/wireguard.json)\"}}"
fi
if ! echo $key | jq -e 'has("noise.key")' 2> /dev/null ; then
echo "store noise.key"
kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(jq -r '.["private_key"] | @base64' /etc/headscale/secrets/noise.json)\"}}"
elif ! echo $key | jq -e '.["noise.key"] |@base64d | contains("privkey")' 2> /dev/null ; then
echo "patch noise.key"
newKey="privkey:$(echo $key | jq -r '.["noise.key"]|@base64d')"
kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(echo $newKey | base64 -w0)\"}}"
fi
if ! echo $key | jq -e 'has("derp.key")' 2> /dev/null ; then
echo "store derp.key"
kubectl patch secret {{ $secretName }} -p "{\"data\":{\"derp.key\":\"$(jq -r '.["private_key"] | @base64' /etc/headscale/secrets/derp.json)\"}}"
fi
[ $? -ne 0 ] && echo "Failed to update secret." && exit 1
echo "Signing key successfully created."
volumeMounts:
- mountPath: /etc/headscale/secrets
name: secrets
readOnly: true
volumes:
- name: config
secret:

2
headscale/templates/secret.yaml
View file

@ -4,7 +4,7 @@ kind: Secret
metadata:
name: {{ include "headscale.fullname" . }}
annotations:
"helm.sh/hook": "pre-install"
"helm.sh/hook": "pre-install,pre-upgrade"
config-hash: {{ toYaml .Values.headscale.config | sha256sum | trunc 32 }}
type: Opaque
stringData:

33
headscale/values.yaml
View file

@ -36,21 +36,20 @@ headscale:
grpc_listen_addr: ":50443"
server_url: http://127.0.0.1:8080
disable_check_updates: true
# SQLite config
db_type: sqlite3
# For production:
db_path: /var/lib/headscale/db.sqlite
# # Postgres config
# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
# db_type: postgres
# db_host: localhost
# db_port: 5432
# db_name: headscale
# db_user: foo
# db_pass: bar
database:
type: sqlite
sqlite:
# For production:
path: /var/lib/headscale/db.sqlite
postgres:
host: localhost
port: 5432
name: headscale
user: foo
pass: bar
private_key_path: "/etc/headscale/secrets/wireguard.key"
noise:
private_key_path: "/etc/headscale/secrets/noise.key"
@ -59,6 +58,10 @@ headscale:
## Use already defined certificates:
tls_cert_path: "/etc/headscale/certs/tls.crt"
tls_key_path: "/etc/headscale/certs/tls.key"
prefixes:
v6: fd7a:115c:a1e0::/48
v4: 100.64.0.0/10
allocation: sequential
derp:
server:
enabled: true
@ -66,12 +69,14 @@ headscale:
region_code: "headscale"
region_name: "Headscale Embedded DERP"
stun_listen_addr: "0.0.0.0:3478"
private_key_path: "/etc/headscale/secrets/derp.key"
urls: []
# - https://controlplane.tailscale.com/derpmap/default
paths: []
# auto_update_enabled: true
update_frequency: 24h
disable_check_updates: true
dns:
base_domain: example.com
prometheus:
servicemonitor:

2
publish.sh
View file

@ -54,7 +54,7 @@ for p in * ; do
set -e
echo "update docs"
helm-docs -t ./README.md.gotmpl -t _docs.gotmpl -o README.md -g "${p}"
rm "${p}/README.adoc"
rm -f "${p}/README.adoc"
echo
echo "package and push helm-chart"