From 2b846996510750d8178e615df86fc6de6c7b6f2e Mon Sep 17 00:00:00 2001 From: WrenIX Date: Sat, 21 Sep 2024 17:11:35 +0200 Subject: [PATCH] fix(headscale)!: update to v0.23.0 with breaking changes --- headscale-ui/Chart.yaml | 4 +- headscale-ui/README.adoc | 251 -------------- headscale-ui/README.md | 87 +++++ headscale/Chart.yaml | 6 +- headscale/README.adoc | 491 ---------------------------- headscale/README.md | 145 ++++++++ headscale/templates/deployment.yaml | 3 +- headscale/templates/jobs.yaml | 69 ++-- headscale/templates/secret.yaml | 2 +- headscale/values.yaml | 33 +- publish.sh | 2 +- 11 files changed, 299 insertions(+), 794 deletions(-) delete mode 100644 headscale-ui/README.adoc create mode 100644 headscale-ui/README.md delete mode 100644 headscale/README.adoc create mode 100644 headscale/README.md diff --git a/headscale-ui/Chart.yaml b/headscale-ui/Chart.yaml index 5ce6be0..f8a7fe6 100644 --- a/headscale-ui/Chart.yaml +++ b/headscale-ui/Chart.yaml @@ -3,9 +3,9 @@ name: headscale-ui description: A simple Headscale web UI for small-scale deployments. icon: https://raw.githubusercontent.com/gurucomputing/headscale-ui/master/static/favicon.png type: application -version: 0.2.0 +version: 0.2.1 # renovate: image=ghcr.io/gurucomputing/headscale-ui -appVersion: "2024.02.24-beta1" +appVersion: "2024.10.10" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/headscale-ui/README.adoc b/headscale-ui/README.adoc deleted file mode 100644 index cf34c93..0000000 --- a/headscale-ui/README.adoc +++ /dev/null @@ -1,251 +0,0 @@ - - -= headscale-ui - -image::https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square[Version: 0.2.0] -image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-2024.02.24-beta1-informational?style=flat-square[AppVersion: 2024.02.24-beta1] -== Maintainers - -.Maintainers -|=== -| Name | Email | Url - -| WrenIX -| -| -|=== - -== Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's https://helm.sh/docs[documentation] to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -[source,bash] ----- -helm pull oci://codeberg.org/wrenix/helm-charts/headscale-ui ----- - -You can install a chart release using the following command: - -[source,bash] ----- -helm install headscale-ui-release oci://codeberg.org/wrenix/helm-charts/headscale-ui --values values.yaml ----- - -To uninstall a chart release use `helm`'s delete command: - -[source,bash] ----- -helm uninstall headscale-ui-release ----- - -== Values - -.Values -|=== -| Key | Type | Default | Description - -| affinity -| object -| `{}` -| - -| autoscaling.enabled -| bool -| `false` -| - -| autoscaling.maxReplicas -| int -| `100` -| - -| autoscaling.minReplicas -| int -| `1` -| - -| autoscaling.targetCPUUtilizationPercentage -| int -| `80` -| - -| fullnameOverride -| string -| `""` -| - -| global.image.pullPolicy -| string -| `nil` -| if set it will overwrite all pullPolicy - -| global.image.registry -| string -| `nil` -| if set it will overwrite all registry entries - -| image.pullPolicy -| string -| `"IfNotPresent"` -| - -| image.registry -| string -| `"ghcr.io"` -| - -| image.repository -| string -| `"gurucomputing/headscale-ui"` -| - -| image.tag -| string -| `""` -| - -| imagePullSecrets -| list -| `[]` -| - -| ingress.annotations -| object -| `{}` -| - -| ingress.className -| string -| `""` -| - -| ingress.enabled -| bool -| `false` -| - -| ingress.hosts[0].host -| string -| `"chart-example.local"` -| - -| ingress.hosts[0].paths[0].path -| string -| `"/"` -| - -| ingress.hosts[0].paths[0].pathType -| string -| `"ImplementationSpecific"` -| - -| ingress.tls -| list -| `[]` -| - -| nameOverride -| string -| `""` -| - -| networkPolicy.egress.enabled -| bool -| `true` -| activate egress no networkpolicy - -| networkPolicy.egress.extra -| list -| `[]` -| egress rules - -| networkPolicy.enabled -| bool -| `false` -| - -| networkPolicy.ingress.http -| list -| `[]` -| ingress for http port (e.g. ingress-controller) - -| networkPolicy.ingress.https -| list -| `[]` -| - -| nodeSelector -| object -| `{}` -| - -| podAnnotations -| object -| `{}` -| - -| podLabels -| object -| `{}` -| - -| podSecurityContext -| object -| `{}` -| - -| replicaCount -| int -| `1` -| - -| resources -| object -| `{}` -| - -| securityContext -| object -| `{}` -| - -| service.port.http -| int -| `8080` -| - -| service.port.https -| int -| `8443` -| - -| service.type -| string -| `"ClusterIP"` -| - -| serviceAccount.annotations -| object -| `{}` -| - -| serviceAccount.create -| bool -| `true` -| - -| serviceAccount.name -| string -| `""` -| - -| tolerations -| list -| `[]` -| -|=== - -Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/headscale-ui/README.md b/headscale-ui/README.md new file mode 100644 index 0000000..87cf2d0 --- /dev/null +++ b/headscale-ui/README.md @@ -0,0 +1,87 @@ +--- +title: "headscale-ui" + +description: "A simple Headscale web UI for small-scale deployments." + +--- + +# headscale-ui + +![Version: 0.2.1](https://img.shields.io/badge/Version-0.2.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2024.10.10](https://img.shields.io/badge/AppVersion-2024.10.10-informational?style=flat-square) + +A simple Headscale web UI for small-scale deployments. + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| WrenIX | | | + +## Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's [documentation](https://helm.sh/docs) to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +```bash +helm pull oci://codeberg.org/wrenix/helm-charts/headscale-ui +``` + +You can install a chart release using the following command: + +```bash +helm install headscale-ui-release oci://codeberg.org/wrenix/helm-charts/headscale-ui --values values.yaml +``` + +To uninstall a chart release use `helm`'s delete command: + +```bash +helm uninstall headscale-ui-release +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| fullnameOverride | string | `""` | | +| global.image.pullPolicy | string | `nil` | if set it will overwrite all pullPolicy | +| global.image.registry | string | `nil` | if set it will overwrite all registry entries | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.registry | string | `"ghcr.io"` | | +| image.repository | string | `"gurucomputing/headscale-ui"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.className | string | `""` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths[0].path | string | `"/"` | | +| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| ingress.tls | list | `[]` | | +| nameOverride | string | `""` | | +| networkPolicy.egress.enabled | bool | `true` | activate egress no networkpolicy | +| networkPolicy.egress.extra | list | `[]` | egress rules | +| networkPolicy.enabled | bool | `false` | | +| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | +| networkPolicy.ingress.https | list | `[]` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | +| podSecurityContext | object | `{}` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.port.http | int | `8080` | | +| service.port.https | int | `8443` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tolerations | list | `[]` | | + +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/headscale/Chart.yaml b/headscale/Chart.yaml index 3224f12..b461907 100644 --- a/headscale/Chart.yaml +++ b/headscale/Chart.yaml @@ -3,9 +3,9 @@ name: headscale description: An open source, self-hosted implementation of the Tailscale control server. icon: https://raw.githubusercontent.com/juanfont/headscale/56a7b1e34952c3e0306a134b2be9b4277f5d8d6e/docs/logo/headscale3-dots.svg type: application -version: 0.4.0 -# renovate: image=docker.io/headscale/headscale -appVersion: "0.22.3" +version: 1.0.0 +# renovate: image=ghcr.io/headscale/headscale +appVersion: "0.23.0" maintainers: - name: WrenIX url: https://wrenix.eu diff --git a/headscale/README.adoc b/headscale/README.adoc deleted file mode 100644 index af1405c..0000000 --- a/headscale/README.adoc +++ /dev/null @@ -1,491 +0,0 @@ - - -= headscale - -image::https://img.shields.io/badge/Version-0.4.0-informational?style=flat-square[Version: 0.4.0] -image::https://img.shields.io/badge/Version-application-informational?style=flat-square[Type: application] -image::https://img.shields.io/badge/AppVersion-0.22.3-informational?style=flat-square[AppVersion: 0.22.3] -== Maintainers - -.Maintainers -|=== -| Name | Email | Url - -| WrenIX -| -| -|=== - -== Usage - -Helm must be installed and setup to your kubernetes cluster to use the charts. -Refer to Helm's https://helm.sh/docs[documentation] to get started. -Once Helm has been set up correctly, fetch the charts as follows: - -[source,bash] ----- -helm pull oci://codeberg.org/wrenix/helm-charts/headscale ----- - -You can install a chart release using the following command: - -[source,bash] ----- -helm install headscale-release oci://codeberg.org/wrenix/helm-charts/headscale --values values.yaml ----- - -To uninstall a chart release use `helm`'s delete command: - -[source,bash] ----- -helm uninstall headscale-release ----- - -== Values - -.Values -|=== -| Key | Type | Default | Description - -| affinity -| object -| `{}` -| - -| autoscaling.enabled -| bool -| `false` -| - -| autoscaling.maxReplicas -| int -| `100` -| - -| autoscaling.minReplicas -| int -| `1` -| - -| autoscaling.targetCPUUtilizationPercentage -| int -| `80` -| - -| fullnameOverride -| string -| `""` -| - -| headscale.certmanager.dnsNames[0] -| string -| `"example.com"` -| - -| headscale.certmanager.enabled -| bool -| `true` -| - -| headscale.certmanager.issuerRef.group -| string -| `"cert-manager.io"` -| - -| headscale.certmanager.issuerRef.kind -| string -| `"ClusterIssuer"` -| - -| headscale.certmanager.issuerRef.name -| string -| `"letsencrypt-prod"` -| - -| headscale.config.db_path -| string -| `"/var/lib/headscale/db.sqlite"` -| - -| headscale.config.db_type -| string -| `"sqlite3"` -| - -| headscale.config.derp.paths -| list -| `[]` -| - -| headscale.config.derp.server.enabled -| bool -| `true` -| - -| headscale.config.derp.server.region_code -| string -| `"headscale"` -| - -| headscale.config.derp.server.region_id -| int -| `999` -| - -| headscale.config.derp.server.region_name -| string -| `"Headscale Embedded DERP"` -| - -| headscale.config.derp.server.stun_listen_addr -| string -| `"0.0.0.0:3478"` -| - -| headscale.config.derp.update_frequency -| string -| `"24h"` -| - -| headscale.config.derp.urls -| list -| `[]` -| - -| headscale.config.disable_check_updates -| bool -| `true` -| - -| headscale.config.grpc_listen_addr -| string -| `":50443"` -| - -| headscale.config.listen_addr -| string -| `":8080"` -| - -| headscale.config.metrics_listen_addr -| string -| `":9090"` -| - -| headscale.config.noise.private_key_path -| string -| `"/etc/headscale/secrets/noise.key"` -| - -| headscale.config.private_key_path -| string -| `"/etc/headscale/secrets/wireguard.key"` -| - -| headscale.config.server_url -| string -| `"http://127.0.0.1:8080"` -| - -| headscale.config.tls_cert_path -| string -| `"/etc/headscale/certs/tls.crt"` -| - -| headscale.config.tls_key_path -| string -| `"/etc/headscale/certs/tls.key"` -| - -| headscale.keys.create -| bool -| `true` -| Create a new private key, if not exists - -| headscale.keys.existingSecret -| string -| `""` -| Use an existing secret - -| image.pullPolicy -| string -| `"IfNotPresent"` -| - -| image.registry -| string -| `"ghcr.io"` -| - -| image.repository -| string -| `"juanfont/headscale"` -| - -| image.tag -| string -| `""` -| - -| imagePullSecrets -| list -| `[]` -| - -| ingress.annotations -| object -| `{}` -| - -| ingress.className -| string -| `""` -| - -| ingress.enabled -| bool -| `false` -| - -| ingress.hosts[0].host -| string -| `"chart-example.local"` -| - -| ingress.hosts[0].paths[0].path -| string -| `"/"` -| - -| ingress.hosts[0].paths[0].pathType -| string -| `"ImplementationSpecific"` -| - -| ingress.tls -| list -| `[]` -| - -| nameOverride -| string -| `""` -| - -| networkPolicy.egress.enabled -| bool -| `false` -| activate egress no networkpolicy - -| networkPolicy.egress.extra -| list -| `[]` -| egress rules - -| networkPolicy.enabled -| bool -| `false` -| - -| networkPolicy.ingress.derp -| list -| `[{"ipBlock":{"cidr":"0.0.0.0/0"}},{"ipBlock":{"cidr":"::/0"}}]` -| ingress for derp - -| networkPolicy.ingress.grpc -| list -| `[]` -| ingress for grpc port - -| networkPolicy.ingress.http -| list -| `[]` -| ingress for http port (e.g. ingress-controller) - -| networkPolicy.ingress.metrics -| list -| `[]` -| ingress for metrics port (e.g. prometheus) - -| nodeSelector -| object -| `{}` -| - -| persistence.accessMode -| string -| `"ReadWriteOnce"` -| - -| persistence.annotations -| object -| `{}` -| - -| persistence.enabled -| bool -| `false` -| - -| persistence.existingClaim -| string -| `nil` -| A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound - -| persistence.hostPath -| string -| `nil` -| Create a PV on Node with given hostPath storageClass has to be manual - -| persistence.size -| string -| `"1Gi"` -| - -| persistence.storageClass -| string -| `nil` -| data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) - -| podAnnotations -| object -| `{}` -| - -| podLabels -| object -| `{}` -| - -| podSecurityContext -| object -| `{}` -| - -| prometheus.rules.additionalRules -| list -| `[]` -| - -| prometheus.rules.defaults.enabled -| bool -| `true` -| - -| prometheus.rules.defaults.filter -| string -| `""` -| - -| prometheus.rules.defaults.lastUpdates.critical -| int -| `3600` -| - -| prometheus.rules.defaults.lastUpdates.info -| int -| `300` -| - -| prometheus.rules.defaults.lastUpdates.warning -| int -| `600` -| - -| prometheus.rules.enabled -| bool -| `false` -| - -| prometheus.rules.labels -| object -| `{}` -| - -| prometheus.servicemonitor.enabled -| bool -| `false` -| - -| prometheus.servicemonitor.labels -| object -| `{}` -| - -| replicaCount -| int -| `1` -| - -| resources -| object -| `{}` -| - -| securityContext -| object -| `{}` -| - -| service.annotations -| string -| `nil` -| - -| service.derp.annotations -| string -| `nil` -| - -| service.derp.port -| int -| `3478` -| - -| service.derp.type -| string -| `"LoadBalancer"` -| - -| service.port.grpc -| int -| `50443` -| - -| service.port.http -| int -| `8080` -| - -| service.port.metrics -| int -| `9090` -| - -| service.type -| string -| `"ClusterIP"` -| - -| serviceAccount.annotations -| object -| `{}` -| - -| serviceAccount.create -| bool -| `true` -| - -| serviceAccount.name -| string -| `""` -| - -| tolerations -| list -| `[]` -| -|=== - -Autogenerated from chart metadata using https://github.com/norwoodj/helm-docs[helm-docs] diff --git a/headscale/README.md b/headscale/README.md new file mode 100644 index 0000000..3e80569 --- /dev/null +++ b/headscale/README.md @@ -0,0 +1,145 @@ +--- +title: "headscale" + +description: "An open source, self-hosted implementation of the Tailscale control server." + +--- + +# headscale + +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.23.0](https://img.shields.io/badge/AppVersion-0.23.0-informational?style=flat-square) + +An open source, self-hosted implementation of the Tailscale control server. + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| WrenIX | | | + +## Usage + +Helm must be installed and setup to your kubernetes cluster to use the charts. +Refer to Helm's [documentation](https://helm.sh/docs) to get started. +Once Helm has been set up correctly, fetch the charts as follows: + +```bash +helm pull oci://codeberg.org/wrenix/helm-charts/headscale +``` + +You can install a chart release using the following command: + +```bash +helm install headscale-release oci://codeberg.org/wrenix/helm-charts/headscale --values values.yaml +``` + +To uninstall a chart release use `helm`'s delete command: + +```bash +helm uninstall headscale-release +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| autoscaling.enabled | bool | `false` | | +| autoscaling.maxReplicas | int | `100` | | +| autoscaling.minReplicas | int | `1` | | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | | +| fullnameOverride | string | `""` | | +| headscale.certmanager.dnsNames[0] | string | `"example.com"` | | +| headscale.certmanager.enabled | bool | `true` | | +| headscale.certmanager.issuerRef.group | string | `"cert-manager.io"` | | +| headscale.certmanager.issuerRef.kind | string | `"ClusterIssuer"` | | +| headscale.certmanager.issuerRef.name | string | `"letsencrypt-prod"` | | +| headscale.config.database.postgres.host | string | `"localhost"` | | +| headscale.config.database.postgres.name | string | `"headscale"` | | +| headscale.config.database.postgres.pass | string | `"bar"` | | +| headscale.config.database.postgres.port | int | `5432` | | +| headscale.config.database.postgres.user | string | `"foo"` | | +| headscale.config.database.sqlite.path | string | `"/var/lib/headscale/db.sqlite"` | | +| headscale.config.database.type | string | `"sqlite"` | | +| headscale.config.derp.paths | list | `[]` | | +| headscale.config.derp.server.enabled | bool | `true` | | +| headscale.config.derp.server.private_key_path | string | `"/etc/headscale/secrets/derp.key"` | | +| headscale.config.derp.server.region_code | string | `"headscale"` | | +| headscale.config.derp.server.region_id | int | `999` | | +| headscale.config.derp.server.region_name | string | `"Headscale Embedded DERP"` | | +| headscale.config.derp.server.stun_listen_addr | string | `"0.0.0.0:3478"` | | +| headscale.config.derp.update_frequency | string | `"24h"` | | +| headscale.config.derp.urls | list | `[]` | | +| headscale.config.disable_check_updates | bool | `true` | | +| headscale.config.dns.base_domain | string | `"example.com"` | | +| headscale.config.grpc_listen_addr | string | `":50443"` | | +| headscale.config.listen_addr | string | `":8080"` | | +| headscale.config.metrics_listen_addr | string | `":9090"` | | +| headscale.config.noise.private_key_path | string | `"/etc/headscale/secrets/noise.key"` | | +| headscale.config.prefixes.allocation | string | `"sequential"` | | +| headscale.config.prefixes.v4 | string | `"100.64.0.0/10"` | | +| headscale.config.prefixes.v6 | string | `"fd7a:115c:a1e0::/48"` | | +| headscale.config.private_key_path | string | `"/etc/headscale/secrets/wireguard.key"` | | +| headscale.config.server_url | string | `"http://127.0.0.1:8080"` | | +| headscale.config.tls_cert_path | string | `"/etc/headscale/certs/tls.crt"` | | +| headscale.config.tls_key_path | string | `"/etc/headscale/certs/tls.key"` | | +| headscale.keys.create | bool | `true` | Create a new private key, if not exists | +| headscale.keys.existingSecret | string | `""` | Use an existing secret | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.registry | string | `"ghcr.io"` | | +| image.repository | string | `"juanfont/headscale"` | | +| image.tag | string | `""` | | +| imagePullSecrets | list | `[]` | | +| ingress.annotations | object | `{}` | | +| ingress.className | string | `""` | | +| ingress.enabled | bool | `false` | | +| ingress.hosts[0].host | string | `"chart-example.local"` | | +| ingress.hosts[0].paths[0].path | string | `"/"` | | +| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| ingress.tls | list | `[]` | | +| nameOverride | string | `""` | | +| networkPolicy.egress.enabled | bool | `false` | activate egress no networkpolicy | +| networkPolicy.egress.extra | list | `[]` | egress rules | +| networkPolicy.enabled | bool | `false` | | +| networkPolicy.ingress.derp | list | `[{"ipBlock":{"cidr":"0.0.0.0/0"}},{"ipBlock":{"cidr":"::/0"}}]` | ingress for derp | +| networkPolicy.ingress.grpc | list | `[]` | ingress for grpc port | +| networkPolicy.ingress.http | list | `[]` | ingress for http port (e.g. ingress-controller) | +| networkPolicy.ingress.metrics | list | `[]` | ingress for metrics port (e.g. prometheus) | +| nodeSelector | object | `{}` | | +| persistence.accessMode | string | `"ReadWriteOnce"` | | +| persistence.annotations | object | `{}` | | +| persistence.enabled | bool | `false` | | +| persistence.existingClaim | string | `nil` | A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound | +| persistence.hostPath | string | `nil` | Create a PV on Node with given hostPath storageClass has to be manual | +| persistence.size | string | `"1Gi"` | | +| persistence.storageClass | string | `nil` | data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack) | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | +| podSecurityContext | object | `{}` | | +| prometheus.rules.additionalRules | list | `[]` | | +| prometheus.rules.defaults.enabled | bool | `true` | | +| prometheus.rules.defaults.filter | string | `""` | | +| prometheus.rules.defaults.lastUpdates.critical | int | `3600` | | +| prometheus.rules.defaults.lastUpdates.info | int | `300` | | +| prometheus.rules.defaults.lastUpdates.warning | int | `600` | | +| prometheus.rules.enabled | bool | `false` | | +| prometheus.rules.labels | object | `{}` | | +| prometheus.servicemonitor.enabled | bool | `false` | | +| prometheus.servicemonitor.labels | object | `{}` | | +| replicaCount | int | `1` | | +| resources | object | `{}` | | +| securityContext | object | `{}` | | +| service.annotations | string | `nil` | | +| service.derp.annotations | string | `nil` | | +| service.derp.port | int | `3478` | | +| service.derp.type | string | `"LoadBalancer"` | | +| service.port.grpc | int | `50443` | | +| service.port.http | int | `8080` | | +| service.port.metrics | int | `9090` | | +| service.type | string | `"ClusterIP"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| tolerations | list | `[]` | | + +Autogenerated from chart metadata using [helm-docs](https://github.com/norwoodj/helm-docs) diff --git a/headscale/templates/deployment.yaml b/headscale/templates/deployment.yaml index 981420f..be2b749 100644 --- a/headscale/templates/deployment.yaml +++ b/headscale/templates/deployment.yaml @@ -40,7 +40,6 @@ spec: {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} args: - - "headscale" - "serve" ports: - name: http @@ -110,6 +109,8 @@ spec: path: "wireguard.key" - key: "noise.key" path: "noise.key" + - key: "derp.key" + path: "derp.key" {{- if .Values.headscale.certmanager.enabled }} - name: certs secret: diff --git a/headscale/templates/jobs.yaml b/headscale/templates/jobs.yaml index 92d46de..f848d1c 100644 --- a/headscale/templates/jobs.yaml +++ b/headscale/templates/jobs.yaml @@ -76,34 +76,10 @@ spec: spec: restartPolicy: "Never" serviceAccount: {{ $name }} - containers: - - name: upload-key - image: bitnami/kubectl - command: - - sh - - -c - - | - # check if key already exists - key=$(kubectl get secret {{ $secretName }} -o jsonpath="{.data['wireguard.key']}" 2> /dev/null) - [ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1 - [ -n "$key" ] && echo "Key already created, exiting." && exit 0 - # wait for wireguard key - while [ ! -f /etc/headscale/secrets/wireguard.key ]; do - echo "Waiting for wireguard key.." - sleep 5; - done - # update secret - kubectl patch secret {{ $secretName }} -p "{\"data\":{\"wireguard.key\":\"$(base64 /etc/headscale/secrets/wireguard.key | tr -d '\n')\"}}" - kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(base64 /etc/headscale/secrets/noise.key | tr -d '\n')\"}}" - [ $? -ne 0 ] && echo "Failed to update secret." && exit 1 - echo "Signing key successfully created." - volumeMounts: - - mountPath: /etc/headscale/secrets - name: secrets - readOnly: true + initContainers: - name: generate-key {{- with .Values.image }} - image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" + image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}-debug" {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: @@ -111,16 +87,49 @@ spec: - -c - | set -e - /bin/headscale generate private-key | tail -1 | sed 's/privkey://' > /etc/headscale/secrets/wireguard.key - chown 1001:1001 /etc/headscale/secrets/wireguard.key - /bin/headscale generate private-key | tail -1 | sed 's/privkey://' > /etc/headscale/secrets/noise.key - chown 1001:1001 /etc/headscale/secrets/noise.key + echo "generate private-keys" + headscale generate private-key --output json > /etc/headscale/secrets/wireguard.json + headscale generate private-key --output json > /etc/headscale/secrets/noise.json + headscale generate private-key --output json > /etc/headscale/secrets/derp.json + ls /etc/headscale/secrets/ volumeMounts: - name: config mountPath: "/etc/headscale" readOnly: true - mountPath: "/etc/headscale/secrets" name: secrets + containers: + - name: upload-key + image: bitnami/kubectl + command: + - sh + - -c + - | + # check if key already exists + key=$(kubectl get secret {{ $secretName }} -o jsonpath="{.data}" 2> /dev/null) + [ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1 + if ! echo $key | jq -e 'has("wireguard.key")' 2> /dev/null ; then + echo "store wireguard.key" + kubectl patch secret {{ $secretName }} -p "{\"data\":{\"wireguard.key\":\"$(jq -r '.["private_key"] | split(":")[1] | @base64' /etc/headscale/secrets/wireguard.json)\"}}" + fi + if ! echo $key | jq -e 'has("noise.key")' 2> /dev/null ; then + echo "store noise.key" + kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(jq -r '.["private_key"] | @base64' /etc/headscale/secrets/noise.json)\"}}" + elif ! echo $key | jq -e '.["noise.key"] |@base64d | contains("privkey")' 2> /dev/null ; then + echo "patch noise.key" + newKey="privkey:$(echo $key | jq -r '.["noise.key"]|@base64d')" + kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(echo $newKey | base64 -w0)\"}}" + fi + if ! echo $key | jq -e 'has("derp.key")' 2> /dev/null ; then + echo "store derp.key" + kubectl patch secret {{ $secretName }} -p "{\"data\":{\"derp.key\":\"$(jq -r '.["private_key"] | @base64' /etc/headscale/secrets/derp.json)\"}}" + fi + [ $? -ne 0 ] && echo "Failed to update secret." && exit 1 + echo "Signing key successfully created." + volumeMounts: + - mountPath: /etc/headscale/secrets + name: secrets + readOnly: true volumes: - name: config secret: diff --git a/headscale/templates/secret.yaml b/headscale/templates/secret.yaml index 5963e2c..467ea1f 100644 --- a/headscale/templates/secret.yaml +++ b/headscale/templates/secret.yaml @@ -4,7 +4,7 @@ kind: Secret metadata: name: {{ include "headscale.fullname" . }} annotations: - "helm.sh/hook": "pre-install" + "helm.sh/hook": "pre-install,pre-upgrade" config-hash: {{ toYaml .Values.headscale.config | sha256sum | trunc 32 }} type: Opaque stringData: diff --git a/headscale/values.yaml b/headscale/values.yaml index 63cf39e..d90e827 100644 --- a/headscale/values.yaml +++ b/headscale/values.yaml @@ -36,21 +36,20 @@ headscale: grpc_listen_addr: ":50443" server_url: http://127.0.0.1:8080 + disable_check_updates: true # SQLite config - db_type: sqlite3 - - # For production: - db_path: /var/lib/headscale/db.sqlite - - # # Postgres config - # If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank. - # db_type: postgres - # db_host: localhost - # db_port: 5432 - # db_name: headscale - # db_user: foo - # db_pass: bar + database: + type: sqlite + sqlite: + # For production: + path: /var/lib/headscale/db.sqlite + postgres: + host: localhost + port: 5432 + name: headscale + user: foo + pass: bar private_key_path: "/etc/headscale/secrets/wireguard.key" noise: private_key_path: "/etc/headscale/secrets/noise.key" @@ -59,6 +58,10 @@ headscale: ## Use already defined certificates: tls_cert_path: "/etc/headscale/certs/tls.crt" tls_key_path: "/etc/headscale/certs/tls.key" + prefixes: + v6: fd7a:115c:a1e0::/48 + v4: 100.64.0.0/10 + allocation: sequential derp: server: enabled: true @@ -66,12 +69,14 @@ headscale: region_code: "headscale" region_name: "Headscale Embedded DERP" stun_listen_addr: "0.0.0.0:3478" + private_key_path: "/etc/headscale/secrets/derp.key" urls: [] # - https://controlplane.tailscale.com/derpmap/default paths: [] # auto_update_enabled: true update_frequency: 24h - disable_check_updates: true + dns: + base_domain: example.com prometheus: servicemonitor: diff --git a/publish.sh b/publish.sh index 99f92f3..c281d2d 100755 --- a/publish.sh +++ b/publish.sh @@ -54,7 +54,7 @@ for p in * ; do set -e echo "update docs" helm-docs -t ./README.md.gotmpl -t _docs.gotmpl -o README.md -g "${p}" - rm "${p}/README.adoc" + rm -f "${p}/README.adoc" echo echo "package and push helm-chart"