diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml index 7f57fd2a..e837d709 100644 --- a/charts/common/Chart.yaml +++ b/charts/common/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: common description: Function library for k8s-at-home charts type: library -version: 1.1.0 +version: 1.2.0 keywords: - k8s-at-home - common diff --git a/charts/common/templates/addons/vpn/openvpn/_container.tpl b/charts/common/templates/addons/vpn/openvpn/_container.tpl index 2cdd344a..a64423fb 100644 --- a/charts/common/templates/addons/vpn/openvpn/_container.tpl +++ b/charts/common/templates/addons/vpn/openvpn/_container.tpl @@ -5,15 +5,15 @@ The OpenVPN container(s) to be inserted name: openvpn image: "{{ .Values.addons.vpn.openvpn.image.repository }}:{{ .Values.addons.vpn.openvpn.image.tag }}" imagePullPolicy: {{ .Values.addons.vpn.imagePullPolicy }} +{{- with .Values.addons.vpn.securityContext }} securityContext: - capabilities: - add: - - NET_ADMIN + {{- toYaml . | nindent 2 }} +{{- end }} {{- with .Values.addons.vpn.env }} env: {{- range $k, $v := . }} - name: {{ $k }} - value: {{ $v }} + value: {{ $v | quote }} {{- end }} {{- end }} {{- if or .Values.addons.vpn.openvpn.auth .Values.addons.vpn.openvpn.authSecret }} @@ -52,10 +52,10 @@ volumeMounts: {{- end }} {{- with .Values.addons.vpn.livenessProbe }} livenessProbe: - {{- toYaml . | nindent 4 }} + {{- toYaml . | nindent 2 }} {{- end -}} {{- with .Values.addons.vpn.resources }} resources: - {{- toYaml . | nindent 4 }} + {{- toYaml . | nindent 2 }} {{- end }} {{- end -}} diff --git a/charts/common/templates/addons/vpn/wireguard/_addon.tpl b/charts/common/templates/addons/vpn/wireguard/_addon.tpl index 59a78ee5..1c252ca8 100644 --- a/charts/common/templates/addons/vpn/wireguard/_addon.tpl +++ b/charts/common/templates/addons/vpn/wireguard/_addon.tpl @@ -3,7 +3,7 @@ Template to render Wireguard addon */}} {{- define "common.addon.wireguard" -}} {{/* Append the Wireguard container to the additionalContainers */}} - {{- $container := include "common.addon.wireguard.container" . | fromYaml -}} + {{- $container := fromYaml (include "common.addon.wireguard.container" .) -}} {{- if $container -}} {{- $additionalContainers := append .Values.additionalContainers $container -}} {{- $_ := set .Values "additionalContainers" $additionalContainers -}} diff --git a/charts/common/templates/addons/vpn/wireguard/_container.tpl b/charts/common/templates/addons/vpn/wireguard/_container.tpl index 71500060..31cb9710 100644 --- a/charts/common/templates/addons/vpn/wireguard/_container.tpl +++ b/charts/common/templates/addons/vpn/wireguard/_container.tpl @@ -5,24 +5,22 @@ The Wireguard container(s) to be inserted name: wireguard image: "{{ .Values.addons.vpn.wireguard.image.repository }}:{{ .Values.addons.vpn.wireguard.image.tag }}" imagePullPolicy: {{ .Values.addons.vpn.imagePullPolicy }} +{{- with .Values.addons.vpn.securityContext }} securityContext: - privileged: true - capabilities: - add: - - NET_ADMIN - - SYS_MODULE + {{- toYaml . | nindent 2 }} +{{- end }} {{- with .Values.addons.vpn.env }} env: {{- range $k, $v := . }} - name: {{ $k }} - value: {{ $v }} + value: {{ $v | quote }} {{- end }} {{- end }} {{- if or .Values.addons.vpn.configFile .Values.addons.vpn.scripts.up .Values.addons.vpn.scripts.down .Values.addons.vpn.additionalVolumeMounts .Values.persistence.shared.enabled }} volumeMounts: {{- if .Values.addons.vpn.configFile }} - name: vpnconfig - mountPath: /config/wg0.conf + mountPath: /etc/wireguard/wg0.conf subPath: vpnConfigfile {{- end }} {{- if .Values.addons.vpn.scripts.up }} @@ -45,10 +43,10 @@ volumeMounts: {{- end }} {{- with .Values.addons.vpn.livenessProbe }} livenessProbe: - {{- toYaml . | nindent 4 }} + {{- toYaml . | nindent 2 }} {{- end -}} {{- with .Values.addons.vpn.resources }} resources: - {{- toYaml . | nindent 4 }} + {{- toYaml . | nindent 2 }} {{- end }} {{- end -}} diff --git a/charts/common/templates/lib/controller/_volumes.tpl b/charts/common/templates/lib/controller/_volumes.tpl index 43f16e25..08f343b8 100644 --- a/charts/common/templates/lib/controller/_volumes.tpl +++ b/charts/common/templates/lib/controller/_volumes.tpl @@ -6,15 +6,15 @@ volumes included by the controller {{- if $persistence.enabled }} - name: {{ $index }} {{- if $persistence.existingClaim }} -{{/* Always prefer an existingClaim if that is set */}} +{{- /* Always prefer an existingClaim if that is set */}} persistentVolumeClaim: claimName: {{ $persistence.existingClaim }} {{- else -}} {{- if $persistence.emptyDir -}} - {{/* Always prefer an emptyDir next if that is set */}} + {{- /* Always prefer an emptyDir next if that is set */}} emptyDir: {} {{- else -}} - {{/* Otherwise refer to the PVC name */}} + {{- /* Otherwise refer to the PVC name */}} persistentVolumeClaim: {{- if $persistence.nameSuffix }} claimName: {{ printf "%s-%s" (include "common.names.fullname" $) $persistence.nameSuffix }} diff --git a/charts/common/values.yaml b/charts/common/values.yaml index 784e627c..3dc6fb83 100644 --- a/charts/common/values.yaml +++ b/charts/common/values.yaml @@ -154,14 +154,21 @@ addons: # under the VPN_AUTH key authSecret: # my-vpn-secret - # OpenVPN specific configuration + # WireGuard specific configuration wireguard: image: - repository: linuxserver/wireguard - tag: version-v1.0.20200827 + repository: k8sathome/wireguard + tag: 1.0.20200827 imagePullPolicy: IfNotPresent + # Set the VPN container securityContext + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + # All variables specified here will be added to the vpn sidecar container # See the documentation of the VPN image for all config values env: {}