master-group/charts
2
0
Fork 0
mirror of https://github.com/k8s-at-home/charts.git synced 2025-01-31 05:49:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
c34ecd5a73
charts/charts/stable/pod-gateway/values.yaml
Toboshii Nakama fb898031b4 fix: allow custom selectors without dict merges
2021-08-02 15:58:48 -05:00

140 lines
4.3 KiB
YAML
Raw Blame History

#
# IMPORTANT NOTE
#
# This chart inherits from our common library chart. You can check the default values/options here:
# https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml
#
image:
# -- image repository of the gateway and inserted helper containers
repository: ghcr.io/k8s-at-home/pod-gateway
# -- image pull policy of the gateway and inserted helper cotainers
pullPolicy: IfNotPresent
# -- image tag of the gateway and inserted helper containers
tag: v1.2.6
# -- IP address of the DNS server within the vxlan tunnel.
# All mutated PODs will get this as their DNS server.
# It must match VXLAN_GATEWAY_IP in settings.sh
DNS: 172.16.0.1
# -- cluster name used to derive the gateway full name
clusterName: "cluster.local"
# -- Namespaces that might contain routed PODs and therefore
# require a copy of the gneerated settings configmap.
routed_namespaces: []
# - vpn
settings:
# -- IPs not sent to the POD gateway but to the default K8S.
# Multiple CIDRs can be specified using blanks as separator.
# Example for Calico: ""172.22.0.0/16 172.24.0.0/16"
#
# This is needed, for example, in case your CNI does
# not add a non-default rule for the K8S addresses (Flannel does).
NOT_ROUTED_TO_GATEWAY_CIDRS: ""
# -- Vxlan ID to use
VXLAN_ID: 42
# -- VXLAN needs an /24 IP range not conflicting with K8S and local IP ranges
VXLAN_IP_NETWORK: "172.16.0"
# -- Keep a range of IPs for static assignment in nat.conf
VXLAN_GATEWAY_FIRST_DYNAMIC_IP: 20
# -- If using a VPN, interface name created by it
VPN_INTERFACE: tun0
# -- Prevent non VPN traffic to leave the gateway
VPN_BLOCK_OTHER_TRAFFIC: false
# -- If VPN_BLOCK_OTHER_TRAFFIC is true, allow VPN traffic over this port
VPN_TRAFFIC_PORT: 443
# -- Traffic to these IPs will be send through the K8S gateway
VPN_LOCAL_CIDRS: "10.0.0.0/8 192.168.0.0/16"
# -- DNS queries to these domains will be resolved by K8S DNS instead of
# the default (typcally the VPN client changes it)
DNS_LOCAL_CIDRS: "local"
# -- settings to expose ports, usually through a VPN provider.
# NOTE: if you change it you will need to manually restart the gateway POD
publicPorts:
# - hostname: qbittorrent
# IP: 10
# ports:
# - type: udp
# port: 18289
# - type: tcp
# port: 18289
addons:
vpn:
# -- Enable the VPN if you want to route through a VPN.
# You might also want to set VPN_BLOCK_OTHER_TRAFFIC to true
# for extra safeness in case the VPN does connect
enabled: false
type: openvpn
# openvpn:
# wireguard:
# env:
# configFileSecret: openvpn
networkPolicy:
enabled: true
egress:
# Allow only VPN traffic to Internet
- to:
- ipBlock:
cidr: 0.0.0.0/0
ports:
# VPN traffic (default OpenVPN)
- port: 443
protocol: UDP
# Allow any traffic within k8s
- to:
- ipBlock:
# Cluster IPs (default k3s)
cidr: 10.0.0.0/8
# -- The webhook is used to mutate the PODs matching the given
# namespace labels. It inserts an init and sidecard helper containers
# that connect to the gateway pod created by this chart.
# @default -- See below
webhook:
image:
# -- image repository of the webhook
repository: ghcr.io/k8s-at-home/gateway-admision-controller
# -- image pullPolicy of the webhook
pullPolicy: IfNotPresent
# -- image tag of the webhook
tag: v3.3.2
# -- number of webhook instances to deploy
replicas: 1
# -- strategy for updates
strategy:
type: RollingUpdate
# -- Selector for namespace.
# All pods in this namespace will get evaluated by the webhook.
# **IMPORTANT**: Do not select the namespace where the webhook
# is deployed to or you will get locking issues.
namespaceSelector:
type: label
label: "routed-gateway"
custom: {}
# matchExpressions:
# - key: notTouch
# operator: NotIn
# values: ["1"]
# -- default behviour for new PODs in the evaluated namespace
gatewayDefault: true
# -- label name to check when evaluating POD. If true the POD
# will get the gateway. If not set setGatewayDefault will apply.
gatewayLabel: setGateway
# -- annotation name to check when evaluating POD. If true the POD
# will get the gateway. If not set setGatewayDefault will apply.
gatewayAnnotation: setGateway
Reference in New Issue View Git Blame Copy Permalink