Selaa lähdekoodia

add wg-easy to charts

Stavros Kois 2 vuotta sitten
vanhempi
commit
5202c5c55e

+ 2 - 0
charts/wg-easy/.helmignore

@@ -0,0 +1,2 @@
+# Patterns to ignore when building packages.
+*.png

+ 6 - 0
charts/wg-easy/1.0.0/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: common
+  repository: file://../../../library/common/2207.0.0
+  version: 2207.0.0
+digest: sha256:f17f3d458ca0210a52e39da0dce35034e900b36f2040d4b19bed46a7aae91506
+generated: "2022-11-07T14:53:51.774827549+02:00"

+ 15 - 0
charts/wg-easy/1.0.0/Chart.yaml

@@ -0,0 +1,15 @@
+apiVersion: v2
+appVersion: "7"
+dependencies:
+- name: common
+  repository: file://../../../library/common/2207.0.0
+  version: 2207.0.0
+description: WG-Easy is the easiest way to install & manage WireGuard!
+home: https://github.com/WeeJeWel/wg-easy
+icon: https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/src/www/img/logo.png
+keywords:
+- wireguard
+- network
+- vpn
+name: wg-easy
+version: 1.0.0

+ 3 - 0
charts/wg-easy/1.0.0/README.md

@@ -0,0 +1,3 @@
+# WG-Easy
+
+[WG-Easy (WireGuard Easy)](https://github.com/WeeJeWel/wg-easy) is the easiest way to install & manage WireGuard!

+ 3 - 0
charts/wg-easy/1.0.0/app-readme.md

@@ -0,0 +1,3 @@
+# WG-Easy
+
+[WG-Easy (WireGuard Easy)](https://github.com/WeeJeWel/wg-easy) is the easiest way to install & manage WireGuard!

BIN
charts/wg-easy/1.0.0/charts/common-2207.0.0.tgz


+ 4 - 0
charts/wg-easy/1.0.0/ix_values.yaml

@@ -0,0 +1,4 @@
+image:
+  pullPolicy: IfNotPresent
+  repository: weejewel/wg-easy
+  tag: "7"

+ 260 - 0
charts/wg-easy/1.0.0/questions.yaml

@@ -0,0 +1,260 @@
+groups:
+  - name: Configuration
+    description: WG-Easy application configuration
+  - name: Storage
+    description: Configure storage for WG-Easy
+  - name: Networking
+    description: Networking Configuration for WG-Easy
+  - name: Advanced DNS Settings
+    description: Configure DNS settings
+  - name: Resource Limits
+    description: Set CPU/memory limits for Kubernetes Pod
+
+portals:
+  web_portal:
+    protocols:
+      - http
+    host:
+      - $node_ip
+    ports:
+      - $variable-webUIPort
+    path: /
+
+questions:
+  - variable: wgUDPPort
+    label: WireGuard UPD Node Port for WG-Easy
+    group: Networking
+    schema:
+      type: int
+      min: 9000
+      max: 65535
+      default: 20920
+      required: true
+  - variable: webUIPort
+    label: WebUI Node Port for WG-Easy
+    group: Networking
+    schema:
+      type: int
+      min: 9000
+      max: 65535
+      default: 20921
+      required: true
+  - variable: hostNetwork
+    label: Host Network
+    group: Networking
+    schema:
+      type: boolean
+      default: true
+
+  - variable: dnsConfig
+    label: DNS Configuration
+    group: Advanced DNS Settings
+    schema:
+      type: dict
+      attrs:
+        - variable: options
+          label: DNS Options
+          schema:
+            type: list
+            items:
+              - variable: optionsEntry
+                label: Option Entry Configuration
+                schema:
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Option Name
+                      schema:
+                        type: string
+                        required: true
+                    - variable: value
+                      label: Option Value
+                      schema:
+                        type: string
+                        required: true
+
+  - variable: wgeasy
+    label: WG-Easy Configuration
+    group: Configuration
+    schema:
+      type: dict
+      additional_attrs: true
+      attrs:
+        - variable: host
+          label: Hostname or IP
+          description: The public hostname or IP of your VPN server.
+          schema:
+            type: string
+            required: true
+            $ref:
+              - "definitions/nodeIP"
+        - variable: password
+          label: Password for WebUI
+          description: When set, requires a password when logging in to the Web UI.
+          schema:
+            type: string
+            private: true
+            default: ""
+        - variable: keep_alive
+          label: Persistent Keep Alive
+          description: Value in seconds to keep the "connection" open. If this value is 0, then connections won't be kept alive.
+          schema:
+            type: int
+            required: true
+            default: 0
+        - variable: client_mtu
+          label: Clients MTU
+          description: The MTU the clients will use.
+          schema:
+            type: int
+            required: true
+            default: 1420
+        - variable: client_address_range
+          label: Clients IP Address Range
+          description: Clients IP address range.
+          schema:
+            type: string
+            required: true
+            default: 10.8.0.x
+        - variable: client_dns_server
+          label: Clients DNS Server
+          description: Clients DNS Server.
+          schema:
+            type: string
+            required: true
+            default: "1.1.1.1"
+        - variable: allowed_ips
+          label: Allowed IPs
+          description: Allowed IPs clients will use. If none provided, <0.0.0.0/0,::/0> will be used.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: entry
+                label: Allowed IP Entry
+                schema:
+                  type: string
+                  required: true
+                  default: ""
+
+  - variable: environmentVariables
+    label: WG-Easy Environment
+    group: Configuration
+    schema:
+      type: list
+      default: []
+      items:
+        - variable: environmentVariable
+          label: Environment Variable
+          schema:
+            type: dict
+            attrs:
+              - variable: name
+                label: Name
+                schema:
+                  type: string
+                  required: true
+                  default: ""
+              - variable: value
+                label: Value
+                schema:
+                  type: string
+                  default: ""
+                  required: true
+
+  - variable: appVolumeMounts
+    label: WG-Easy Storage
+    group: Storage
+    schema:
+      type: dict
+      attrs:
+        - variable: config
+          label: Configuration Volume
+          schema:
+            type: dict
+            attrs:
+              - variable: datasetName
+                label: Configuration Volume Dataset Name
+                schema:
+                  type: string
+                  hidden: true
+                  $ref:
+                    - normalize/ixVolume
+                  show_if: [["hostPathEnabled", "=", false]]
+                  default: ix-wg-easy_config
+                  editable: false
+              - variable: mountPath
+                label: Configuration Mount Path
+                description: Path where the volume will be mounted inside the pod
+                schema:
+                  type: path
+                  hidden: true
+                  editable: true
+                  default: /etc/wireguard
+              - variable: hostPathEnabled
+                label: Enable Custom Host Path for WG-Easy Configuration Volume
+                schema:
+                  type: boolean
+                  default: false
+                  show_subquestions_if: true
+                  subquestions:
+                    - variable: hostPath
+                      label: Host Path for WG-Easy Configuration Volume
+                      schema:
+                        type: hostpath
+                        required: true
+                        immutable: true
+                        $ref:
+                          - validations/lockedHostPath
+
+  - variable: extraAppVolumeMounts
+    label: Extra Host Path Volumes
+    group: Storage
+    schema:
+      type: list
+      items:
+        - variable: extraAppVolume
+          label: Host Path Volume
+          description: Add an extra host path volume for WG-Easy application
+          schema:
+            type: dict
+            attrs:
+              - variable: mountPath
+                label: Mount Path in Pod
+                description: Path where the volume will be mounted inside the pod
+                schema:
+                  type: path
+                  required: true
+              - variable: hostPath
+                label: Host Path
+                description: Host path
+                schema:
+                  type: hostpath
+                  required: true
+                  $ref:
+                    - validations/lockedHostPath
+
+  - variable: enableResourceLimits
+    label: Enable Pod resource limits
+    group: Resource Limits
+    schema:
+      type: boolean
+      default: false
+  - variable: cpuLimit
+    label: CPU Limit resource limits
+    description: CPU resource limit allow  plain integer values with suffix m(milli) e.g 1000m, 100.
+    group: Resource Limits
+    schema:
+      type: string
+      show_if: [["enableResourceLimits", "=", true]]
+      valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)"
+      default: 4000m
+  - variable: memLimit
+    label: Memory Limit
+    group: Resource Limits
+    description: Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi
+    schema:
+      type: string
+      show_if: [["enableResourceLimits", "=", true]]
+      valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
+      default: 8Gi

+ 122 - 0
charts/wg-easy/1.0.0/templates/deployment.yaml

@@ -0,0 +1,122 @@
+{{ include "common.storage.hostPathValidate" .Values }}
+apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  name: {{ template "common.names.fullname" . }}
+  labels:
+    app: {{ template "common.names.name" . }}
+    chart: {{ template "common.names.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+  annotations:
+    rollme: {{ randAlphaNum 5 | quote }}
+spec:
+  replicas: {{ (default 1 .Values.replicas) }}
+  strategy:
+    type: "Recreate"
+  selector:
+    matchLabels:
+      app: {{ template "common.names.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      name: {{ template "common.names.fullname" . }}
+      labels:
+        {{- include "common.labels.selectorLabels" . | nindent 8 }}
+      annotations: {{ include "common.annotations" . | nindent 8 }}
+    spec:
+      hostNetwork: {{ .Values.hostNetwork }}
+      hostname: {{ .Release.Name }}
+      containers:
+        - name: {{ .Chart.Name }}
+          {{ include "common.resources.limitation" . | nindent 10 }}
+          {{ include "common.containers.imageConfig" .Values.image | nindent 10 }}
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+                - SYS_MODULE
+            {{/* https://github.com/WeeJeWel/wg-easy/pull/394 */}}
+            runAsUser: 0
+            runAsGroup: 0
+            readOnlyRootFilesystem: false
+            runAsNonRoot: false
+          volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }}
+          {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
+            - name: extrappvolume-{{ $index }}
+              mountPath: {{ $hostPathConfiguration.mountPath }}
+          {{ end }}
+          ports:
+            - name: udp
+              containerPort: {{ .Values.wgUDPPort }}
+              protocol: UDP
+            - name: web
+              containerPort: {{ .Values.webUIPort }}
+          env:
+            {{ $wgeasy := .Values.wgeasy }}
+            {{ $envList := (default list .Values.environmentVariables) }}
+            {{ $envList = mustAppend $envList (dict "name" "WG_HOST" "value" $wgeasy.host) }}
+            {{ $envList = mustAppend $envList (dict "name" "PASSWORD" "value" $wgeasy.password) }}
+            {{ $envList = mustAppend $envList (dict "name" "WG_PORT" "value" .Values.wgUDPPort) }}
+            {{ $envList = mustAppend $envList (dict "name" "PORT" "value" .Values.webUIPort) }}
+            {{ $envList = mustAppend $envList (dict "name" "WG_PERSISTENT_KEEPALIVE" "value" $wgeasy.keep_alive) }}
+            {{ $envList = mustAppend $envList (dict "name" "WG_MTU" "value" $wgeasy.client_mtu) }}
+            {{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_ADDRESS" "value" $wgeasy.client_address_range) }}
+            {{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_DNS" "value" $wgeasy.client_dns_server) }}
+            {{ if $wgeasy.allowed_ips }}
+            {{ $envList = mustAppend $envList (dict "name" "WG_ALLOWED_IPS" "value" (join "," $wgeasy.allowed_ips)) }}
+            {{ else }}
+            {{ $envList = mustAppend $envList (dict "name" "WG_ALLOWED_IPS" "value" ("0.0.0.0/0,::/0")) }}
+            {{ end }}
+            {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }}
+          readinessProbe:
+            httpGet:
+              path: /
+              port: {{ .Values.webUIPort }}
+            failureThreshold: 5
+            periodSeconds: 15
+          livenessProbe:
+            httpGet:
+              path: /
+              port: {{ .Values.webUIPort }}
+            failureThreshold: 5
+            periodSeconds: 15
+          startupProbe:
+            httpGet:
+              path: /
+              port: {{ .Values.webUIPort }}
+            initialDelaySeconds: 5
+            failureThreshold: 40
+            periodSeconds: 15
+          {{ $ip := .Values.wgeasy.client_address_range | replace "x" "0" }}
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /bin/bash
+                  - -c
+                  - |
+                    echo "Deleting routes created by the app..."
+                    netmask=$(ip route | grep {{ $ip }})
+                    netmask=$(echo $netmask | grep -o -E '/.\d*')
+                    netmask=${netmask#/}
+                    echo "Matched routes to delete... {{ $ip }}/$netmask"
+                    # Don't try to delete routes if steps above didn't grep-ed anything
+                    if [ ! "$netmask" == "" ]; then
+                      ip route del {{ $ip }}/$netmask || echo "Route deletion failed..."
+                    fi
+                    echo "Routes deleted..."
+                    interface=$(ip a | grep wg0)
+                    if [ ! "$interface" == "" ]; then
+                      echo "Removing wg0 interface..."
+                      ip link delete wg0
+                      echo "Removed wg0 interface..."
+                    fi
+
+{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }}
+      volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }}
+      {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
+        - name: extrappvolume-{{ $index }}
+          hostPath:
+            path: {{ $hostPathConfiguration.hostPath }}
+      {{ end }}

+ 19 - 0
charts/wg-easy/1.0.0/templates/service.yaml

@@ -0,0 +1,19 @@
+{{ $selectors := list }}
+{{ $selectors = mustAppend $selectors (dict "key" "app" "value" (include "common.names.name" .) ) }}
+{{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }}
+{{ $ports := list }}
+{{- if not .Values.hostNetwork }}
+{{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "nodePort" .Values.webUIPort "targetPort" .Values.webUIPort) }}
+{{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "nodePort" .Values.wgUDPPort "targetPort" .Values.wgUDPPort  "protocol" "UDP") }}
+{{- else }}
+{{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "targetPort" .Values.webUIPort) }}
+{{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "targetPort" .Values.wgUDPPort  "protocol" "UDP") }}
+{{- end }}
+{{ $params := . }}
+{{- if not .Values.hostNetwork }}
+{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }}
+{{- else }}
+{{ $_ := set $params "commonService" (dict "type" "ClusterIP" "ports" $ports ) }}
+{{- end }}
+{{ $_1 := set .Values "extraSelectorLabels" $selectors }}
+{{ include "common.classes.service" $params }}

+ 26 - 0
charts/wg-easy/1.0.0/test_values.yaml

@@ -0,0 +1,26 @@
+image:
+  pullPolicy: IfNotPresent
+  repository: weejewel/wg-easy
+  tag: "7"
+appVolumeMounts:
+  config:
+    emptyDir: true
+    mountPath: /etc/wireguard
+dnsConfig:
+  options: []
+emptyDirVolumes: true
+environmentVariables: []
+extraAppVolumeMounts: []
+hostNetwork: true
+wgUDPPort: 30290
+webUIPort: 30921
+wgeasy:
+  host: wg.domain.com
+  password: secret
+  client_mtu: 1420
+  keep_alive: 5
+  client_address_range: 10.10.0.x
+  client_dns_server: "8.8.8.8"
+  allowed_ips:
+    - 10.10.10.0/24
+    - 10.10.12.0/24

+ 21 - 0
charts/wg-easy/1.0.0/tests/deployment-check.yaml

@@ -0,0 +1,21 @@
+{{- $serviceName := (include "common.names.fullname" .) -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ .Release.Name }}-wgeasy
+  labels:
+    app: {{ .Release.Name }}
+    release: {{ .Release.Name }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+    containers:
+      - name: test-curl
+        image: alpine/curl
+        imagePullPolicy: "IfNotPresent"
+        command:
+          - /bin/sh
+          - -ec
+          - |
+            curl --connect-timeout 5 --max-time 10 --retry 5 --retry-delay 15 --retry-max-time 90 --retry-all-errors -ksf http://{{ $serviceName }}:{{ .Values.webUIPort }}/
+    restartPolicy: Never

+ 5 - 0
charts/wg-easy/item.yaml

@@ -0,0 +1,5 @@
+icon_url: https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/src/www/img/logo.png
+categories:
+- wireguard
+- network
+- vpn

+ 1 - 0
charts/wg-easy/upgrade_info.json

@@ -0,0 +1 @@
+{"filename": "ix_values.yaml", "keys": ["image"], "test_filename": "test_values.yaml"}