wrenix/helm-charts
1
0
Fork 0
Code Issues 8 Pull requests 2 Projects Packages Activity

fix(headscale)!: update to v0.23.0 with breaking changes

Browse source
This commit is contained in:
WrenIX 2024-09-21 17:11:35 +02:00
parent 330095207e
commit b626678907
Signed by: wrenix
GPG key ID: 7AFDB012974B1BB5
5 changed files with 56 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
headscale-ui/Chart.yaml
View file

@ -3,9 +3,9 @@ name: headscale-ui
description: A simple Headscale web UI for small-scale deployments. description: A simple Headscale web UI for small-scale deployments.
icon: https://raw.githubusercontent.com/gurucomputing/headscale-ui/master/static/favicon.png icon: https://raw.githubusercontent.com/gurucomputing/headscale-ui/master/static/favicon.png
type: application type: application
version: 0.2.0 version: 0.2.1
# renovate: image=ghcr.io/gurucomputing/headscale-ui # renovate: image=ghcr.io/gurucomputing/headscale-ui
appVersion: "2024.02.24-beta1" appVersion: "2024.10.10"
maintainers: maintainers:
- name: WrenIX - name: WrenIX
url: https://wrenix.eu url: https://wrenix.eu

6
headscale/Chart.yaml
View file

@ -3,9 +3,9 @@ name: headscale
description: An open source, self-hosted implementation of the Tailscale control server. description: An open source, self-hosted implementation of the Tailscale control server.
icon: https://raw.githubusercontent.com/juanfont/headscale/56a7b1e34952c3e0306a134b2be9b4277f5d8d6e/docs/logo/headscale3-dots.svg icon: https://raw.githubusercontent.com/juanfont/headscale/56a7b1e34952c3e0306a134b2be9b4277f5d8d6e/docs/logo/headscale3-dots.svg
type: application type: application
version: 0.4.0 version: 1.0.0
# renovate: image=docker.io/headscale/headscale # renovate: image=ghcr.io/headscale/headscale
appVersion: "0.22.3" appVersion: "0.23.0"
maintainers: maintainers:
- name: WrenIX - name: WrenIX
url: https://wrenix.eu url: https://wrenix.eu

1
headscale/templates/deployment.yaml
View file

@ -40,7 +40,6 @@ spec:
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
args: args:
- "headscale"
- "serve" - "serve"
ports: ports:
- name: http - name: http

65
headscale/templates/jobs.yaml
View file

@ -76,34 +76,10 @@ spec:
spec: spec:
restartPolicy: "Never" restartPolicy: "Never"
serviceAccount: {{ $name }} serviceAccount: {{ $name }}
containers: initContainers:
- name: upload-key
image: bitnami/kubectl
command:
- sh
- -c
- |
# check if key already exists
key=$(kubectl get secret {{ $secretName }} -o jsonpath="{.data['wireguard.key']}" 2> /dev/null)
[ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1
[ -n "$key" ] && echo "Key already created, exiting." && exit 0
# wait for wireguard key
while [ ! -f /etc/headscale/secrets/wireguard.key ]; do
echo "Waiting for wireguard key.."
sleep 5;
done
# update secret
kubectl patch secret {{ $secretName }} -p "{\"data\":{\"wireguard.key\":\"$(base64 /etc/headscale/secrets/wireguard.key | tr -d '\n')\"}}"
kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(base64 /etc/headscale/secrets/noise.key | tr -d '\n')\"}}"
[ $? -ne 0 ] && echo "Failed to update secret." && exit 1
echo "Signing key successfully created."
volumeMounts:
- mountPath: /etc/headscale/secrets
name: secrets
readOnly: true
- name: generate-key - name: generate-key
{{- with .Values.image }} {{- with .Values.image }}
image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}" image: "{{ .registry }}/{{ .repository }}:{{ .tag | default $.Chart.AppVersion }}-debug"
{{- end }} {{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
command: command:
@ -111,16 +87,45 @@ spec:
- -c - -c
- | - |
set -e set -e
/bin/headscale generate private-key | tail -1 | sed 's/privkey://' > /etc/headscale/secrets/wireguard.key echo "generate private-keys"
chown 1001:1001 /etc/headscale/secrets/wireguard.key headscale generate private-key --output json > /etc/headscale/secrets/wireguard.json
/bin/headscale generate private-key | tail -1 | sed 's/privkey://' > /etc/headscale/secrets/noise.key headscale generate private-key --output json > /etc/headscale/secrets/noise.json
chown 1001:1001 /etc/headscale/secrets/noise.key headscale generate private-key --output json > /etc/headscale/secrets/derp.json
ls /etc/headscale/secrets/
volumeMounts: volumeMounts:
- name: config - name: config
mountPath: "/etc/headscale" mountPath: "/etc/headscale"
readOnly: true readOnly: true
- mountPath: "/etc/headscale/secrets" - mountPath: "/etc/headscale/secrets"
name: secrets name: secrets
containers:
- name: upload-key
image: bitnami/kubectl
command:
- sh
- -c
- |
# check if key already exists
key=$(kubectl get secret {{ $secretName }} -o jsonpath="{.data}" 2> /dev/null)
[ $? -ne 0 ] && echo "Failed to get existing secret" && exit 1
if ! echo $key | jq -e 'has("wireguard.key")' 2> /dev/null ; then
echo "store wireguard.key"
kubectl patch secret {{ $secretName }} -p "{\"data\":{\"wireguard.key\":\"$(jq -r '.["private_key"] | split(":")[1] | @base64' /etc/headscale/secrets/wireguard.json)\"}}"
fi
if ! echo $key | jq -e 'has("noise.key")' 2> /dev/null ; then
echo "store noise.key"
kubectl patch secret {{ $secretName }} -p "{\"data\":{\"noise.key\":\"$(jq -r '.["private_key"] | split(":")[1] | @base64' /etc/headscale/secrets/noise.json)\"}}"
fi
if ! echo $key | jq -e 'has("derp.key")' 2> /dev/null ; then
echo "store derp.key"
kubectl patch secret {{ $secretName }} -p "{\"data\":{\"derp.key\":\"$(jq -r '.["private_key"] | split(":")[1] | @base64' /etc/headscale/secrets/derp.json)\"}}"
fi
[ $? -ne 0 ] && echo "Failed to update secret." && exit 1
echo "Signing key successfully created."
volumeMounts:
- mountPath: /etc/headscale/secrets
name: secrets
readOnly: true
volumes: volumes:
- name: config - name: config
secret: secret:

29
headscale/values.yaml
View file

@ -38,19 +38,17 @@ headscale:
server_url: http://127.0.0.1:8080 server_url: http://127.0.0.1:8080
# SQLite config # SQLite config
db_type: sqlite3 database:
type: sqlite
# For production: sqlite:
db_path: /var/lib/headscale/db.sqlite # For production:
path: /var/lib/headscale/db.sqlite
# # Postgres config postgres:
# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank. host: localhost
# db_type: postgres port: 5432
# db_host: localhost name: headscale
# db_port: 5432 user: foo
# db_name: headscale pass: bar
# db_user: foo
# db_pass: bar
private_key_path: "/etc/headscale/secrets/wireguard.key" private_key_path: "/etc/headscale/secrets/wireguard.key"
noise: noise:
private_key_path: "/etc/headscale/secrets/noise.key" private_key_path: "/etc/headscale/secrets/noise.key"
@ -59,6 +57,10 @@ headscale:
## Use already defined certificates: ## Use already defined certificates:
tls_cert_path: "/etc/headscale/certs/tls.crt" tls_cert_path: "/etc/headscale/certs/tls.crt"
tls_key_path: "/etc/headscale/certs/tls.key" tls_key_path: "/etc/headscale/certs/tls.key"
prefixes:
v6: fd7a:115c:a1e0::/48
v4: 100.64.0.0/10
allocation: sequential
derp: derp:
server: server:
enabled: true enabled: true
@ -66,6 +68,7 @@ headscale:
region_code: "headscale" region_code: "headscale"
region_name: "Headscale Embedded DERP" region_name: "Headscale Embedded DERP"
stun_listen_addr: "0.0.0.0:3478" stun_listen_addr: "0.0.0.0:3478"
private_key_path: "/etc/headscale/secrets/derp.key"
urls: [] urls: []
# - https://controlplane.tailscale.com/derpmap/default # - https://controlplane.tailscale.com/derpmap/default
paths: [] paths: []