diff --git a/.github/ct-install.yaml b/.github/ct-install.yaml index d4e146a5..d46e3b62 100644 --- a/.github/ct-install.yaml +++ b/.github/ct-install.yaml @@ -15,6 +15,7 @@ excluded-charts: - charts/stable/ser2sock - charts/stable/zalando-postgres-cluster - charts/stable/zigbee2mqtt +- charts/stable/wireguard chart-repos: - bitnami=https://charts.bitnami.com/bitnami - k8s-at-home-libraries=https://library-charts.k8s-at-home.com diff --git a/charts/stable/wireguard/.helmignore b/charts/stable/wireguard/.helmignore new file mode 100644 index 00000000..4379e2b3 --- /dev/null +++ b/charts/stable/wireguard/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS +# helm-docs templates +*.gotmpl diff --git a/charts/stable/wireguard/Chart.yaml b/charts/stable/wireguard/Chart.yaml new file mode 100644 index 00000000..3463d1c7 --- /dev/null +++ b/charts/stable/wireguard/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 +appVersion: 1.0.20210424 +description: Fast, modern, secure VPN tunnel +name: wireguard +version: 1.0.0 +kubeVersion: ">=1.16.0-0" +keywords: +- vpn +- privacy +- security +- wireguard +sources: +- https://github.com/k8s-at-home/container-images +- https://github.com/k8s-at-home/charts +icon: https://avatars.githubusercontent.com/u/13991055?s=200&v=4 +maintainers: +- name: jr0dd + email: j_r0dd@icloud.com +dependencies: +- name: common + version: 4.0.0 + repository: https://library-charts.k8s-at-home.com diff --git a/charts/stable/wireguard/README.md b/charts/stable/wireguard/README.md new file mode 100644 index 00000000..a53d326f --- /dev/null +++ b/charts/stable/wireguard/README.md @@ -0,0 +1,120 @@ +# wireguard + +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: 1.0.20210424](https://img.shields.io/badge/AppVersion-1.0.20210424-informational?style=flat-square) + +Fast, modern, secure VPN tunnel + +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)** + +## Source Code + +* +* + +## Requirements + +Kubernetes: `>=1.16.0-0` + +## Dependencies + +| Repository | Name | Version | +|------------|------|---------| +| https://library-charts.k8s-at-home.com | common | 4.0.0 | + +## TL;DR + +```console +helm repo add k8s-at-home https://k8s-at-home.com/charts/ +helm repo update +helm install wireguard k8s-at-home/wireguard +``` + +## Installing the Chart + +To install the chart with the release name `wireguard` + +```console +helm install wireguard k8s-at-home/wireguard +``` + +## Uninstalling the Chart + +To uninstall the `wireguard` deployment + +```console +helm uninstall wireguard +``` + +The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release. + +## Configuration + +Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values. +Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common). + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +```console +helm install wireguard \ + --set env.TZ="America/New York" \ + k8s-at-home/wireguard +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. + +```console +helm install wireguard k8s-at-home/wireguard -f values.yaml +``` + +## Custom configuration + +The container in this chart requires the wg0.conf to be in /etc/wireguard +for it to run. Either add it under configSecret or under persistence. + +## Values + +**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common) + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| configSecret | object | base64 encoded wg0.conf by running `base64 wg0.conf` | If set to 'true', the configuration will be read from these values. -- Otherwise you have to mount a volume to /etc/wireguard containing the wg0.conf. | +| configSecret.enabled | bool | `false` | Store Wireguard config as a secret | +| env.IPTABLES_BACKEND | string | `"nft"` | Override the backend used by iptables. Valid values are nft and legacy | +| env.KILLSWITCH | bool | false | Enable a killswitch that kills all trafic when the VPN is not connected | +| env.TZ | string | `"UTC"` | Set the container timezone | +| image.pullPolicy | string | `"IfNotPresent"` | image pull policy | +| image.repository | string | `"ghcr.io/k8s-at-home/wireguard"` | image repository | +| image.tag | string | `"v1.0.20210424"` | image tag | +| ingress.main | object | See values.yaml | Enable and configure ingress settings for the chart under this key. | +| persistence | object | See values.yaml | Configure persistence settings for the chart under this key. | +| probes | object | See values.yaml | Configures the probes for the main Pod. | +| securityContext | object | see values.yaml | Security contexts required for container. | +| service | object | See values.yaml | Configures service settings for the chart. | + +## Changelog + +All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/commonREADME.md#Changelog). + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +### [1.0.0] + +#### Added + +- Initial version + +#### Changed + +- N/A + +[1.0.0]: #1.0.0 + +## Support + +- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/) +- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose) +- Ask a [question](https://github.com/k8s-at-home/organization/discussions) +- Join our [Discord](https://discord.gg/sTMX7Vh) community + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) diff --git a/charts/stable/wireguard/README.md.gotmpl b/charts/stable/wireguard/README.md.gotmpl new file mode 100644 index 00000000..358abe31 --- /dev/null +++ b/charts/stable/wireguard/README.md.gotmpl @@ -0,0 +1,146 @@ +{{- define "custom.repository.organization" -}} +k8s-at-home +{{- end -}} + +{{- define "custom.repository.url" -}} +https://github.com/k8s-at-home/charts +{{- end -}} + +{{- define "custom.helm.url" -}} +https://k8s-at-home.com/charts/ +{{- end -}} + +{{- define "custom.helm.path" -}} +{{ template "custom.repository.organization" . }}/{{ template "chart.name" . }} +{{- end -}} + +{{- define "custom.notes" -}} +**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)** +{{- end -}} + +{{- define "custom.requirements" -}} +## Requirements + +{{ template "chart.kubeVersionLine" . }} +{{- end -}} + +{{- define "custom.dependencies" -}} +## Dependencies + +{{ template "chart.requirementsTable" . }} +{{- end -}} + +{{- define "custom.install.tldr" -}} +## TL;DR + +```console +helm repo add {{ template "custom.repository.organization" . }} {{ template "custom.helm.url" . }} +helm repo update +helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} +``` +{{- end -}} + +{{- define "custom.install" -}} +## Installing the Chart + +To install the chart with the release name `{{ template "chart.name" . }}` + +```console +helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} +``` +{{- end -}} + +{{- define "custom.uninstall" -}} +## Uninstalling the Chart + +To uninstall the `{{ template "chart.name" . }}` deployment + +```console +helm uninstall {{ template "chart.name" . }} +``` + +The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release. +{{- end -}} + +{{- define "custom.configuration.header" -}} +## Configuration +{{- end -}} + +{{- define "custom.configuration.readValues" -}} +Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values. +Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common). +{{- end -}} + +{{- define "custom.configuration.example.set" -}} +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. + +```console +helm install {{ template "chart.name" . }} \ + --set env.TZ="America/New York" \ + {{ template "custom.helm.path" . }} +``` +{{- end -}} + +{{- define "custom.configuration.example.file" -}} +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. + +```console +helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} -f values.yaml +``` +{{- end -}} + +{{- define "custom.valuesSection" -}} +## Values + +**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common) + +{{ template "chart.valuesTable" . }} +{{- end -}} + +{{- define "custom.support" -}} +## Support + +- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/) +- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose) +- Ask a [question](https://github.com/k8s-at-home/organization/discussions) +- Join our [Discord](https://discord.gg/sTMX7Vh) community +{{- end -}} + +{{ template "chart.header" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.description" . }} + +{{ template "custom.notes" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "custom.requirements" . }} + +{{ template "custom.dependencies" . }} + +{{ template "custom.install.tldr" . }} + +{{ template "custom.install" . }} + +{{ template "custom.uninstall" . }} + +{{ template "custom.configuration.header" . }} + +{{ template "custom.configuration.readValues" . }} + +{{ template "custom.configuration.example.set" . }} + +{{ template "custom.configuration.example.file" . }} + +{{ template "custom.custom.configuration" . }} + +{{ template "custom.valuesSection" . }} + +{{ template "custom.changelog" . }} + +{{ template "custom.support" . }} + +{{ template "helm-docs.versionFooter" . }} +{{ "" }} diff --git a/charts/stable/wireguard/README_CHANGELOG.md.gotmpl b/charts/stable/wireguard/README_CHANGELOG.md.gotmpl new file mode 100644 index 00000000..595958d0 --- /dev/null +++ b/charts/stable/wireguard/README_CHANGELOG.md.gotmpl @@ -0,0 +1,23 @@ +{{- define "custom.changelog.header" -}} +## Changelog +{{- end -}} + +{{- define "custom.changelog" -}} +{{ template "custom.changelog.header" . }} + +All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/commonREADME.md#Changelog). + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +### [1.0.0] + +#### Added + +- Initial version + +#### Changed + +- N/A + +[1.0.0]: #1.0.0 +{{- end -}} diff --git a/charts/stable/wireguard/README_CONFIG.md.gotmpl b/charts/stable/wireguard/README_CONFIG.md.gotmpl new file mode 100644 index 00000000..7a62eb84 --- /dev/null +++ b/charts/stable/wireguard/README_CONFIG.md.gotmpl @@ -0,0 +1,10 @@ +{{- define "custom.custom.configuration.header" -}} +## Custom configuration +{{- end -}} + +{{- define "custom.custom.configuration" -}} +{{ template "custom.custom.configuration.header" . }} + +The container in this chart requires the wg0.conf to be in /etc/wireguard +for it to run. Either add it under configSecret or under persistence. +{{- end -}} diff --git a/charts/stable/wireguard/templates/NOTES.txt b/charts/stable/wireguard/templates/NOTES.txt new file mode 100644 index 00000000..90f7b653 --- /dev/null +++ b/charts/stable/wireguard/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "common.notes.defaultNotes" . -}} diff --git a/charts/stable/wireguard/templates/common.yaml b/charts/stable/wireguard/templates/common.yaml new file mode 100644 index 00000000..8d4c9444 --- /dev/null +++ b/charts/stable/wireguard/templates/common.yaml @@ -0,0 +1,20 @@ +{{/* Make sure all variables are set properly */}} +{{- include "common.values.setup" . }} + +{{/* Append the secret volume to the volumes */}} +{{- define "wireguard.secretVolume" -}} +enabled: "true" +mountPath: "/etc/wireguard/wg0.conf" +subPath: "wg0.conf" +type: "custom" +volumeSpec: + secret: + defaultMode: 0600 + secretName: {{ include "common.names.fullname" . }}-config +{{- end -}} +{{- if .Values.configSecret.enabled -}} +{{- $_ := set .Values.persistence "wireguard-config" (include "wireguard.secretVolume" . | fromYaml) -}} +{{- end -}} + +{{/* Render the templates */}} +{{ include "common.all" . }} diff --git a/charts/stable/wireguard/templates/secret.yaml b/charts/stable/wireguard/templates/secret.yaml new file mode 100644 index 00000000..13981c25 --- /dev/null +++ b/charts/stable/wireguard/templates/secret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.configSecret.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }}-config + labels: + {{- include "common.labels" . | nindent 4 }} +type: Opaque +data: + wg0.conf: | +{{ .Values.configSecret.config | indent 4 }} +{{- end }} diff --git a/charts/stable/wireguard/values.yaml b/charts/stable/wireguard/values.yaml new file mode 100644 index 00000000..74fad236 --- /dev/null +++ b/charts/stable/wireguard/values.yaml @@ -0,0 +1,96 @@ +# +# IMPORTANT NOTE +# +# This chart inherits from our common library chart. You can check the default values/options here: +# https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml +# + +image: + # -- image repository + repository: ghcr.io/k8s-at-home/wireguard + # -- image tag + tag: v1.0.20210424 + # -- image pull policy + pullPolicy: IfNotPresent + +# @default -- See below +env: + # -- Set the container timezone + TZ: UTC + # -- Override the backend used by iptables. Valid values are nft and legacy + IPTABLES_BACKEND: nft + # -- Enable a killswitch that kills all trafic when the VPN is not connected + # @default -- false + KILLSWITCH: false + # -- A separated list of IPv4 networks that will be excluded from the VPN/killswitch + # KILLSWITCH_EXCLUDEDNETWORKS_IPV4: + # -- A separated list of IPv6 networks that will be excluded from the VPN/killswitch + # KILLSWITCH_EXCLUDEDNETWORKS_IPV6: + # -- The separator that is used to split the KILLSWITCH_EXCLUDEDNETWORKS lists + # @default -- ; + # SEPARATOR: ; + +# -- Configures service settings for the chart. +# @default -- See values.yaml +service: + main: + enabled: true + ports: + http: + enabled: false + vpn: + enabled: true + port: 51820 + protocol: UDP + +ingress: + # -- Enable and configure ingress settings for the chart under this key. + # @default -- See values.yaml + main: + enabled: false + +# -- Configure persistence settings for the chart under this key. +# @default -- See values.yaml +persistence: + config: + enabled: false + mountPath: /etc/wireguard + +# -- Security contexts required for container. +# @default -- see values.yaml +securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + +# -- Configures the probes for the main Pod. +# @default -- See values.yaml +probes: + liveness: + enabled: true + ## Set this to true if you wish to specify your own livenessProbe + custom: true + ## The spec field contains the values for the default livenessProbe. + ## If you selected custom: true, this field holds the definition of the livenessProbe. + spec: + exec: + command: ["bash", "-c", "if [[ $(curl -s https://ipinfo.io) ]]; then exit 0; else exit $?; fi"] + initialDelaySeconds: 0 + timeoutSeconds: 1 + periodSeconds: 5 + failureThreshold: 5 + readiness: + enabled: false + startup: + enabled: false + +# -- If set to 'true', the configuration will be read from these values. +# -- Otherwise you have to mount a volume to /etc/wireguard containing the wg0.conf. +# @default -- base64 encoded wg0.conf by running `base64 wg0.conf` +configSecret: + # -- Store Wireguard config as a secret + enabled: false + # @default -- See values.yaml + config: | + your base64 encoded wg0.conf