helm-charts/headscale/README.md

title	description
headscale	An open source, self-hosted implementation of the Tailscale control server.

headscale

An open source, self-hosted implementation of the Tailscale control server.

Maintainers

Name	Email	Url
WrenIX		https://wrenix.eu

Usage

Helm must be installed and setup to your kubernetes cluster to use the charts. Refer to Helm's documentation to get started. Once Helm has been set up correctly, fetch the charts as follows:

helm pull oci://codeberg.org/wrenix/helm-charts/headscale

You can install a chart release using the following command:

helm install headscale-release oci://codeberg.org/wrenix/helm-charts/headscale --values values.yaml

To uninstall a chart release use helm's delete command:

helm uninstall headscale-release

Values

Key	Type	Default	Description
affinity	object	{}
autoscaling.enabled	bool	false
autoscaling.maxReplicas	int	100
autoscaling.minReplicas	int	1
autoscaling.targetCPUUtilizationPercentage	int	80
fullnameOverride	string	""
headscale.certmanager.dnsNames[0]	string	"example.com"
headscale.certmanager.enabled	bool	true
headscale.certmanager.issuerRef.group	string	"cert-manager.io"
headscale.certmanager.issuerRef.kind	string	"ClusterIssuer"
headscale.certmanager.issuerRef.name	string	"letsencrypt-prod"
headscale.config.database.postgres.host	string	"localhost"
headscale.config.database.postgres.name	string	"headscale"
headscale.config.database.postgres.pass	string	"bar"
headscale.config.database.postgres.port	int	5432
headscale.config.database.postgres.user	string	"foo"
headscale.config.database.sqlite.path	string	"/var/lib/headscale/db.sqlite"
headscale.config.database.type	string	"sqlite"
headscale.config.derp.paths	list	[]
headscale.config.derp.server.enabled	bool	true
headscale.config.derp.server.private_key_path	string	"/etc/headscale/secrets/derp.key"
headscale.config.derp.server.region_code	string	"headscale"
headscale.config.derp.server.region_id	int	999
headscale.config.derp.server.region_name	string	"Headscale Embedded DERP"
headscale.config.derp.server.stun_listen_addr	string	"0.0.0.0:3478"
headscale.config.derp.update_frequency	string	"24h"
headscale.config.derp.urls	list	[]
headscale.config.disable_check_updates	bool	true
headscale.config.dns.base_domain	string	"example.com"
headscale.config.grpc_listen_addr	string	":50443"
headscale.config.listen_addr	string	":8080"
headscale.config.metrics_listen_addr	string	":9090"
headscale.config.noise.private_key_path	string	"/etc/headscale/secrets/noise.key"
headscale.config.prefixes.allocation	string	"sequential"
headscale.config.prefixes.v4	string	"100.64.0.0/10"
headscale.config.prefixes.v6	string	"fd7a:115c:a1e0::/48"
headscale.config.private_key_path	string	"/etc/headscale/secrets/wireguard.key"
headscale.config.server_url	string	"http://127.0.0.1:8080"
headscale.config.tls_cert_path	string	"/etc/headscale/certs/tls.crt"
headscale.config.tls_key_path	string	"/etc/headscale/certs/tls.key"
headscale.keys.create	bool	true	Create a new private key, if not exists
headscale.keys.existingSecret	string	""	Use an existing secret
image.pullPolicy	string	"IfNotPresent"
image.registry	string	"ghcr.io"
image.repository	string	"juanfont/headscale"
image.tag	string	""
imagePullSecrets	list	[]
ingress.annotations	object	{}
ingress.className	string	""
ingress.enabled	bool	false
ingress.hosts[0].host	string	"chart-example.local"
ingress.hosts[0].paths[0].path	string	"/"
ingress.hosts[0].paths[0].pathType	string	"ImplementationSpecific"
ingress.tls	list	[]
nameOverride	string	""
networkPolicy.egress.enabled	bool	false	activate egress no networkpolicy
networkPolicy.egress.extra	list	[]	egress rules
networkPolicy.enabled	bool	false
networkPolicy.ingress.derp	list	[{"ipBlock":{"cidr":"0.0.0.0/0"}},{"ipBlock":{"cidr":"::/0"}}]	ingress for derp
networkPolicy.ingress.grpc	list	[]	ingress for grpc port
networkPolicy.ingress.http	list	[]	ingress for http port (e.g. ingress-controller)
networkPolicy.ingress.metrics	list	[]	ingress for metrics port (e.g. prometheus)
nodeSelector	object	{}
persistence.accessMode	string	"ReadWriteOnce"
persistence.annotations	object	{}
persistence.enabled	bool	false
persistence.existingClaim	string	nil	A manually managed Persistent Volume and Claim Requires persistence.enabled: true If defined, PVC must be created manually before volume will be bound
persistence.hostPath	string	nil	Create a PV on Node with given hostPath storageClass has to be manual
persistence.size	string	"1Gi"
persistence.storageClass	string	nil	data Persistent Volume Storage Class If defined, storageClassName: If set to "-", storageClassName: "", which disables dynamic provisioning If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner. (gp2 on AWS, standard on GKE, AWS & OpenStack)
podAnnotations	object	{}
podLabels	object	{}
podSecurityContext	object	{}
prometheus.rules.additionalRules	list	[]
prometheus.rules.defaults.enabled	bool	true
prometheus.rules.defaults.filter	string	""
prometheus.rules.defaults.lastUpdates.critical	int	3600
prometheus.rules.defaults.lastUpdates.info	int	300
prometheus.rules.defaults.lastUpdates.warning	int	600
prometheus.rules.enabled	bool	false
prometheus.rules.labels	object	{}
prometheus.servicemonitor.enabled	bool	false
prometheus.servicemonitor.labels	object	{}
replicaCount	int	1
resources	object	{}
securityContext	object	{}
service.annotations	string	nil
service.derp.annotations	string	nil
service.derp.port	int	3478
service.derp.type	string	"LoadBalancer"
service.port.grpc	int	50443
service.port.http	int	8080
service.port.metrics	int	9090
service.type	string	"ClusterIP"
serviceAccount.annotations	object	{}
serviceAccount.create	bool	true
serviceAccount.name	string	""
tolerations	list	[]

Autogenerated from chart metadata using helm-docs