NAS-123206 / 23.10 / migrate `wg-easy` to the new common library (#1403)

* migrate `wg-easy` to the new common library

* rename

* do the helm migration

* default to true as it was

* fix typo

* fix typo

* fix ci case

* hmm

* remove one fail

* hmm

* add 2.

* update migration script

* update migration

* testupgrades

* meta

* cleanup

* reset

* untouch

* bump common

* fix migration entrypoint

* untouch

* bump common

* bump common

* update migrations

* fix values

* fix dnsOpts

* migration changes

* clean up

* bump common

* naming

* Add reasoning for keeping a version around

* update migration script

* untouch catalog.json

charts/wg-easy/item.yaml

@@ -4,5 +4,6 @@ categories:
 screenshots:
   - https://media.sys.truenas.net/apps/wg-easy/screenshots/screenshot1.png
 tags:
-  - vpn
   - wireguard
+  - network
+  - vpn

library/ix-dev/charts/wg-easy/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: common
-  repository: file://../../../common/2304.0.1
-  version: 2304.0.1
-digest: sha256:1ed155c6760e1166e2cb75b52bc5e81c6bdf0252c16ff5ede001157077c41670
-generated: "2023-04-24T13:41:50.229362574+03:00"
+  repository: file://../../../common
+  version: 1.2.3
+digest: sha256:e6ff49b06bf5d4d159e505ae6d153f36cd46170bb519caf90462cd5caebfd0fb
+generated: "2023-11-08T20:13:57.295656002+02:00"

library/ix-dev/charts/wg-easy/Chart.yaml

@@ -3,7 +3,7 @@ description: WG-Easy is the easiest way to install & manage WireGuard!
 annotations:
   title: WG Easy
 type: application
-version: 1.0.12
+version: 2.0.0
 apiVersion: v2
 appVersion: "7"
 kubeVersion: ">=1.16.0-0"
@@ -13,8 +13,8 @@ maintainers:
     email: dev@ixsystems.com
 dependencies:
   - name: common
-    repository: file://../../../common/2304.0.1
-    version: 2304.0.1
+    repository: file://../../../common
+    version: 1.2.3
 home: https://github.com/WeeJeWel/wg-easy
 icon: https://media.sys.truenas.net/apps/wg-easy/icons/icon.png
 sources:

library/ix-dev/charts/wg-easy/ci/test-values.yaml

@@ -1,22 +1,14 @@
-appVolumeMounts:
+wgStorage:
   config:
-    emptyDir: true
-    mountPath: /etc/wireguard
-dnsConfig:
-  options: []
-emptyDirVolumes: true
-environmentVariables: []
-extraAppVolumeMounts: []
-hostNetwork: true
-wgUDPPort: 30290
-webUIPort: 30921
-wgeasy:
+    type: pvc
+
+wgConfig:
   host: wg.domain.com
   password: secret
-  client_mtu: 1420
-  keep_alive: 5
-  client_address_range: 10.10.0.x
-  client_dns_server: "8.8.8.8"
-  allowed_ips:
+  clientMTU: 1420
+  keepAlive: 5
+  clientAddressRange: 10.10.0.x
+  clientDNSServer: "8.8.8.8"
+  allowedIPs:
     - 10.10.10.0/24
     - 10.10.12.0/24

library/ix-dev/charts/wg-easy/metadata.yaml

@@ -5,34 +5,8 @@ runAsContext:
     uid: 0
     description: WG Easy runs as root user.
 capabilities:
-  - name: CHOWN
-    description: WG Easy is able to chown files.
-  - name: FOWNER
-    description: WG Easy is able to bypass permission checks for it's sub-processes.
-  - name: SYS_CHROOT
-    description: WG Easy is able to use chroot.
-  - name: MKNOD
-    description: WG Easy is able to create device nodes.
-  - name: DAC_OVERRIDE
-    description: WG Easy is able to bypass permission checks.
-  - name: FSETID
-    description: WG Easy is able to set file capabilities.
-  - name: KILL
-    description: WG Easy is able to kill processes.
-  - name: SETGID
-    description: WG Easy is able to set group ID for it's sub-processes.
-  - name: SETUID
-    description: WG Easy is able to set user ID for it's sub-processes.
-  - name: SETPCAP
-    description: WG Easy is able to set process capabilities.
-  - name: NET_BIND_SERVICE
-    description: WG Easy is able to bind to privileged ports.
-  - name: SETFCAP
-    description: WG Easy is able to set file capabilities.
   - name: NET_RAW
     description: WG Easy is able to use raw sockets.
-  - name: AUDIT_WRITE
-    description: WG Easy is able to write to audit log.
   - name: SYS_MODULE
     description: WG Easy is able to load kernel modules.
   - name: NET_ADMIN

library/ix-dev/charts/wg-easy/migrations/migrate

@@ -0,0 +1,94 @@
+#!/usr/bin/python3
+import json
+import os
+import sys
+
+
+def migrate_common_lib(values):
+    delete_keys = [
+        'wgUDPPort', 'webUIPort', 'hostNetwork', 'cpuLimit', 'memLimit',
+        'dnsConfig', 'environmentVariables', 'appVolumeMounts',
+        'extraAppVolumeMounts', 'wgeasy', 'enableResourceLimits',
+    ]
+
+    values.update({
+        # Migrate Network
+        'wgNetwork': {
+            'udpPort': values['wgUDPPort'],
+            'webPort': values['webUIPort'],
+            'hostNetwork': values['hostNetwork'],
+        },
+        # Migrate Resources
+        'resources': {
+            'limits': {
+                'cpu': values.get('cpuLimit', '4000m'),
+                'memory': values.get('memLimit', '8Gi'),
+            }
+        },
+        # Migrate DNS
+        'podOptions': {
+            'dnsConfig': {
+                'options': [
+                    {'name': opt['name'], 'value': opt['value']}
+                    for opt in values.get('dnsConfig', {}).get('options', [])
+                ]
+            }
+        },
+        # Migrate Config
+        'wgConfig': {
+            'host': values['wgeasy']['host'],
+            'password': values['wgeasy'].get('password', ''),
+            'keepAlive': values['wgeasy']['keep_alive'],
+            'clientMTU': values['wgeasy']['client_mtu'],
+            'clientAddressRange': values['wgeasy']['client_address_range'],
+            'clientDNSServer': values['wgeasy']['client_dns_server'],
+            'allowedIPs': values['wgeasy']['allowed_ips'],
+            'additionalEnvs': values.get('environmentVariables', []),
+        },
+        # Migrate Storage
+        'wgStorage': {
+            'config': {
+                'type': 'hostPath',
+                'hostPathConfig': {
+                    'hostPath': values['appVolumeMounts']['config']['hostPath']
+                },
+            } if values['appVolumeMounts']['config']['hostPathEnabled'] else {
+                'type': 'ixVolume',
+                'ixVolumeConfig': {
+                    'datasetName': values['appVolumeMounts']['config']['datasetName'],
+                },
+            },
+            'additionalStorages': [
+                {
+                    'type': 'hostPath',
+                    'hostPathConfig': {'hostPath': e['hostPath']},
+                    'mountPath': e['mountPath'],
+                }
+                for e in values.get('extraAppVolumeMounts', [])
+            ],
+        },
+    })
+
+    for k in delete_keys:
+        values.pop(k, None)
+
+    return values
+
+def migrate(values):
+    if not 'wgeasy' in values.keys():
+        return values
+
+
+    return migrate_common_lib(values)
+
+
+
+if __name__ == '__main__':
+    with open('in.json', 'r') as f:
+        print(json.dumps(migrate(json.loads(f.read()))))
+    if len(sys.argv) != 2:
+        exit(1)
+
+    if os.path.exists(sys.argv[1]):
+        with open(sys.argv[1], 'r') as f:
+            print(json.dumps(migrate(json.loads(f.read()))))

library/ix-dev/charts/wg-easy/questions.yaml

@@ -1,84 +1,93 @@
 groups:
-  - name: Configuration
-    description: WG-Easy application configuration
-  - name: Storage
-    description: Configure storage for WG-Easy
-  - name: Networking
-    description: Networking Configuration for WG-Easy
-  - name: Advanced DNS Settings
-    description: Configure DNS settings
-  - name: Resource Limits
-    description: Set CPU/memory limits for Kubernetes Pod
+  - name: WG-Easy Configuration
+    description: Configure WG-Easy
+  - name: Advanced Pod Configuration
+    description: Configure Advanced Pod Options for WG-Easy
+  - name: Network Configuration
+    description: Configure Network for WG-Easy
+  - name: Storage Configuration
+    description: Configure Storage for WG-Easy
+  - name: Resources Configuration
+    description: Configure Resources for WG-Easy
 
 portals:
   web_portal:
     protocols:
-      - http
+      - "$kubernetes-resource_configmap_portal_protocol"
     host:
-      - $node_ip
+      - "$kubernetes-resource_configmap_portal_host"
     ports:
-      - $variable-webUIPort
-    path: /
+      - "$kubernetes-resource_configmap_portal_port"
+    path: "$kubernetes-resource_configmap_portal_path"
 
 questions:
-  - variable: wgUDPPort
-    label: WireGuard UDP Node Port for WG-Easy
-    group: Networking
+  - variable: wgNetwork
+    label: ""
+    group: Network Configuration
     schema:
-      type: int
-      min: 9000
-      max: 65535
-      default: 20920
-      required: true
-  - variable: webUIPort
-    label: WebUI Node Port for WG-Easy
-    group: Networking
-    schema:
-      type: int
-      min: 9000
-      max: 65535
-      default: 20921
-      required: true
-  - variable: hostNetwork
-    label: Host Network
-    group: Networking
-    schema:
-      type: boolean
-      default: true
+      type: dict
+      attrs:
+        - variable: udpPort
+          label: Web Port
+          description: The port for the WG-Easy Wireguard service.
+          schema:
+            type: int
+            default: 30057
+            min: 9000
+            max: 65535
+            required: true
+        - variable: webPort
+          label: Web Port
+          description: The port for the WG-Easy Web UI.
+          schema:
+            type: int
+            default: 30058
+            min: 9000
+            max: 65535
+            required: true
+        - variable: hostNetwork
+          label: Host Network
+          schema:
+            type: boolean
+            default: true
 
-  - variable: dnsConfig
-    label: DNS Configuration
-    group: Advanced DNS Settings
+  - variable: podOptions
+    label: ""
+    group: Advanced Pod Configuration
     schema:
       type: dict
       attrs:
-        - variable: options
-          label: DNS Options
+        - variable: dnsConfig
+          label: Advanced DNS Configuration
           schema:
-            type: list
-            items:
-              - variable: optionsEntry
-                label: Option Entry Configuration
+            type: dict
+            attrs:
+              - variable: options
+                label: DNS Options
                 schema:
-                  type: dict
-                  attrs:
-                    - variable: name
-                      label: Option Name
+                  type: list
+                  items:
+                    - variable: optionsEntry
+                      label: DNS Option Entry
                       schema:
-                        type: string
-                        required: true
-                    - variable: value
-                      label: Option Value
-                      schema:
-                        type: string
-                        required: true
+                        type: dict
+                        attrs:
+                          - variable: name
+                            label: Option Name
+                            schema:
+                              type: string
+                              required: true
+                          - variable: value
+                            label: Option Value
+                            schema:
+                              type: string
+                              required: true
 
-  - variable: wgeasy
-    label: WG-Easy Configuration
-    group: Configuration
+  - variable: wgConfig
+    label: ""
+    group: WG-Easy Configuration
     schema:
       type: dict
-      additional_attrs: true
       attrs:
         - variable: host
           label: Hostname or IP
@@ -95,35 +104,35 @@ questions:
             type: string
             private: true
             default: ""
-        - variable: keep_alive
+        - variable: keepAlive
           label: Persistent Keep Alive
           description: Value in seconds to keep the "connection" open. If this value is 0, then connections won't be kept alive.
           schema:
             type: int
             required: true
             default: 0
-        - variable: client_mtu
+        - variable: clientMTU
           label: Clients MTU
           description: The MTU the clients will use.
           schema:
             type: int
             required: true
             default: 1420
-        - variable: client_address_range
+        - variable: clientAddressRange
           label: Clients IP Address Range
           description: Clients IP address range.
           schema:
             type: string
             required: true
             default: 10.8.0.x
-        - variable: client_dns_server
+        - variable: clientDNSServer
           label: Clients DNS Server
           description: Clients DNS Server.
           schema:
             type: string
             required: true
             default: "1.1.1.1"
-        - variable: allowed_ips
+        - variable: allowedIPs
           label: Allowed IPs
           description: Allowed IPs clients will use. If none provided, <0.0.0.0/0,::/0> will be used.
           schema:
@@ -136,125 +145,296 @@ questions:
                   type: string
                   required: true
                   default: ""
-
-  - variable: environmentVariables
-    label: WG-Easy Environment
-    group: Configuration
-    schema:
-      type: list
-      default: []
-      items:
-        - variable: environmentVariable
-          label: Environment Variable
+        - variable: additionalEnvs
+          label: Additional Environment Variables
+          description: Configure additional environment variables for WG-Easy.
           schema:
-            type: dict
-            attrs:
-              - variable: name
-                label: Name
-                schema:
-                  type: string
-                  required: true
-                  default: ""
-              - variable: value
-                label: Value
+            type: list
+            default: []
+            items:
+              - variable: env
+                label: Environment Variable
                 schema:
-                  type: string
-                  default: ""
-                  required: true
+                  type: dict
+                  attrs:
+                    - variable: name
+                      label: Name
+                      schema:
+                        type: string
+                        required: true
+                    - variable: value
+                      label: Value
+                      schema:
+                        type: string
+                        required: true
 
-  - variable: appVolumeMounts
-    label: WG-Easy Storage
-    group: Storage
+  - variable: wgStorage
+    label: ""
+    group: Storage Configuration
     schema:
       type: dict
       attrs:
         - variable: config
-          label: Configuration Volume
+          label: WG-Easy Config Storage
+          description: The path to store WG-Easy Configuration.
           schema:
             type: dict
             attrs:
-              - variable: datasetName
-                label: Configuration Volume Dataset Name
+              - variable: type
+                label: Type
+                description: |
+                  ixVolume: Is dataset created automatically by the system.</br>
+                  Host Path: Is a path that already exists on the system.
                 schema:
                   type: string
-                  hidden: true
-                  $ref:
-                    - normalize/ixVolume
-                  show_if: [["hostPathEnabled", "=", false]]
-                  default: ix-wg-easy_config
-                  editable: false
-              - variable: mountPath
-                label: Configuration Mount Path
-                description: Path where the volume will be mounted inside the pod
+                  required: true
+                  immutable: true
+                  default: "ixVolume"
+                  enum:
+                    - value: "hostPath"
+                      description: Host Path (Path that already exists on the system)
+                    - value: "ixVolume"
+                      description: ixVolume (Dataset created automatically by the system)
+              - variable: ixVolumeConfig
+                label: ixVolume Configuration
+                description: The configuration for the ixVolume dataset.
                 schema:
-                  type: path
-                  hidden: true
-                  editable: true
-                  default: /etc/wireguard
-              - variable: hostPathEnabled
-                label: Enable Custom Host Path for WG-Easy Configuration Volume
+                  type: dict
+                  show_if: [["type", "=", "ixVolume"]]
+                  $ref:
+                    - "normalize/ixVolume"
+                  attrs:
+                    - variable: aclEnable
+                      label: Enable ACL
+                      description: Enable ACL for the dataset.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: datasetName
+                      label: Dataset Name
+                      description: The name of the dataset to use for storage.
+                      schema:
+                        type: string
+                        required: true
+                        immutable: true
+                        hidden: true
+                        default: "config"
+                    - variable: aclEntries
+                      label: ACL Configuration
+                      schema:
+                        type: dict
+                        show_if: [["aclEnable", "=", true]]
+                        attrs: []
+              - variable: hostPathConfig
+                label: Host Path Config
                 schema:
-                  type: boolean
-                  default: false
-                  show_subquestions_if: true
-                  subquestions:
+                  type: dict
+                  show_if: [["type", "=", "hostPath"]]
+                  attrs:
+                    - variable: aclEnable
+                      label: Enable ACL
+                      description: Enable ACL for the dataset.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: acl
+                      label: ACL Configuration
+                      schema:
+                        type: dict
+                        show_if: [["aclEnable", "=", true]]
+                        attrs: []
+                        $ref:
+                          - "normalize/acl"
                     - variable: hostPath
-                      label: Host Path for WG-Easy Configuration Volume
+                      label: Host Path
+                      description: The host path to use for storage.
                       schema:
                         type: hostpath
+                        show_if: [["aclEnable", "=", false]]
+                        immutable: true
                         required: true
+        - variable: additionalStorages
+          label: Additional Storage
+          description: Additional storage for WG-Easy.
+          schema:
+            type: list
+            default: []
+            items:
+              - variable: storageEntry
+                label: Storage Entry
+                schema:
+                  type: dict
+                  attrs:
+                    - variable: type
+                      label: Type
+                      description: |
+                        ixVolume: Is dataset created automatically by the system.</br>
+                        Host Path: Is a path that already exists on the system.</br>
+                        SMB Share: Is a SMB share that is mounted to a persistent volume claim.
+                      schema:
+                        type: string
+                        required: true
+                        default: "ixVolume"
                         immutable: true
+                        enum:
+                          - value: "hostPath"
+                            description: Host Path (Path that already exists on the system)
+                          - value: "ixVolume"
+                            description: ixVolume (Dataset created automatically by the system)
+                          - value: "smb-pv-pvc"
+                            description: SMB Share (Mounts a persistent volume claim to a SMB share)
+                    - variable: readOnly
+                      label: Read Only
+                      description: Mount the volume as read only.
+                      schema:
+                        type: boolean
+                        default: false
+                    - variable: mountPath
+                      label: Mount Path
+                      description: The path inside the container to mount the storage.
+                      schema:
+                        type: path
+                        required: true
+                    - variable: hostPathConfig
+                      label: Host Path Config
+                      schema:
+                        type: dict
+                        show_if: [["type", "=", "hostPath"]]
+                        attrs:
+                          - variable: aclEnable
+                            label: Enable ACL
+                            description: Enable ACL for the dataset.
+                            schema:
+                              type: boolean
+                              default: false
+                          - variable: acl
+                            label: ACL Configuration
+                            schema:
+                              type: dict
+                              show_if: [["aclEnable", "=", true]]
+                              attrs: []
+                              $ref:
+                                - "normalize/acl"
+                          - variable: hostPath
+                            label: Host Path
+                            description: The host path to use for storage.
+                            schema:
+                              type: hostpath
+                              show_if: [["aclEnable", "=", false]]
+                              immutable: true
+                              required: true
+                    - variable: ixVolumeConfig
+                      label: ixVolume Configuration
+                      description: The configuration for the ixVolume dataset.
+                      schema:
+                        type: dict
+                        show_if: [["type", "=", "ixVolume"]]
                         $ref:
-                          - validations/lockedHostPath
+                          - "normalize/ixVolume"
+                        attrs:
+                          - variable: aclEnable
+                            label: Enable ACL
+                            description: Enable ACL for the dataset.
+                            schema:
+                              type: boolean
+                              default: false
+                          - variable: datasetName
+                            label: Dataset Name
+                            description: The name of the dataset to use for storage.
+                            schema:
+                              type: string
+                              required: true
+                              immutable: true
+                              default: "storage_entry"
+                          - variable: aclEntries
+                            label: ACL Configuration
+                            schema:
+                              type: dict
+                              show_if: [["aclEnable", "=", true]]
+                              attrs: []
+                    - variable: smbConfig
+                      label: SMB Share Configuration
+                      description: The configuration for the SMB Share.
+                      schema:
+                        type: dict
+                        show_if: [["type", "=", "smb-pv-pvc"]]
+                        attrs:
+                          - variable: server
+                            label: Server
+                            description: The server for the SMB share.
+                            schema:
+                              type: string
+                              required: true
+                          - variable: share
+                            label: Share
+                            description: The share name for the SMB share.
+                            schema:
+                              type: string
+                              required: true
+                          - variable: domain
+                            label: Domain (Optional)
+                            description: The domain for the SMB share.
+                            schema:
+                              type: string
+                          - variable: username
+                            label: Username
+                            description: The username for the SMB share.
+                            schema:
+                              type: string
+                              required: true
+                          - variable: password
+                            label: Password
+                            description: The password for the SMB share.
+                            schema:
+                              type: string
+                              required: true
+                              private: true
+                          - variable: size
+                            label: Size (in Gi)
+                            description: The size of the volume quota.
+                            schema:
+                              type: int
+                              required: true
+                              min: 1
+                              default: 1
 
-  - variable: extraAppVolumeMounts
-    label: Extra Host Path Volumes
-    group: Storage
+  - variable: resources
+    group: Resources Configuration
+    label: ""
     schema:
-      type: list
-      items:
-        - variable: extraAppVolume
-          label: Host Path Volume
-          description: Add an extra host path volume for WG-Easy application
+      type: dict
+      attrs:
+        - variable: limits
+          label: Limits
           schema:
             type: dict
             attrs:
-              - variable: mountPath
-                label: Mount Path in Pod
-                description: Path where the volume will be mounted inside the pod
+              - variable: cpu
+                label: CPU
+                description: CPU limit for WG-Easy.
                 schema:
-                  type: path
+                  type: string
+                  max_length: 6
+                  valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$'
+                  valid_chars_error: |
+                    Valid CPU limit formats are</br>
+                    - Plain Integer - eg. 1</br>
+                    - Float - eg. 0.5</br>
+                    - Milicpu - eg. 500m
+                  default: "4000m"
                   required: true
-              - variable: hostPath
-                label: Host Path
-                description: Host path
+              - variable: memory
+                label: Memory
+                description: Memory limit for WG-Easy.
                 schema:
-                  type: hostpath
+                  type: string
+                  max_length: 12
+                  valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$'
+                  valid_chars_error: |
+                    Valid Memory limit formats are</br>
+                    - Suffixed with E/P/T/G/M/K - eg. 1G</br>
+                    - Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi</br>
+                    - Plain Integer in bytes - eg. 1024</br>
+                    - Exponent - eg. 134e6
+                  default: "8Gi"
                   required: true
-                  $ref:
-                    - validations/lockedHostPath
-
-  - variable: enableResourceLimits
-    label: Enable Pod resource limits
-    group: Resource Limits
-    schema:
-      type: boolean
-      default: false
-  - variable: cpuLimit
-    label: CPU Limit resource limits
-    description: CPU resource limit allow  plain integer values with suffix m(milli) e.g 1000m, 100.
-    group: Resource Limits
-    schema:
-      type: string
-      show_if: [["enableResourceLimits", "=", true]]
-      valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)"
-      default: 4000m
-  - variable: memLimit
-    label: Memory Limit
-    group: Resource Limits
-    description: Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi
-    schema:
-      type: string
-      show_if: [["enableResourceLimits", "=", true]]
-      valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
-      default: 8Gi

library/ix-dev/charts/wg-easy/templates/_migration.tpl

@@ -0,0 +1,25 @@
+{{- define "wgeasy.migration.checks" -}}
+  {{/* Safely access the context, so it wont block CI */}}
+  {{- if hasKey .Values.global "ixChartContext" -}}
+    {{- if not .Values.global.ixChartContext.upgradeMetadata -}}
+      {{- fail "Upgrade Metadata is missing. Cannot proceed" -}}
+    {{- end -}}
+
+    {{- $oldChartVersion := .Values.global.ixChartContext.upgradeMetadata.oldChartVersion -}}
+    {{- $newChartVersion := .Values.global.ixChartContext.upgradeMetadata.newChartVersion -}}
+
+    {{/* Explode versions */}}
+    {{- $oldV := semver $oldChartVersion -}}
+    {{- $newV := semver $newChartVersion -}}
+
+    {{/* If new is v2.x.x */}}
+    {{- if eq ($newV.Major | int) 2 -}}
+      {{/* And old is v1.x.x, but lower than .11 */}}
+      {{- if and (eq $oldV.Major 1) (lt ($oldV.Patch | int) 11) -}}
+        {{/* Block the upgrade */}}
+        {{- fail "Migration to 2.x.x is only allowed from 1.0.11 or higher" -}}
+      {{- end -}}
+    {{- end -}}
+
+  {{- end -}}
+{{- end -}}

library/ix-dev/charts/wg-easy/templates/_persistence.tpl

@@ -0,0 +1,26 @@
+{{- define "wgeasy.persistence" -}}
+persistence:
+  config:
+    enabled: true
+    {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.wgStorage.config) | nindent 4 }}
+    targetSelector:
+      wgeasy:
+        wgeasy:
+          mountPath: /etc/wireguard
+  tmp:
+    enabled: true
+    type: emptyDir
+    targetSelector:
+      wgeasy:
+        wgeasy:
+          mountPath: /tmp
+  {{- range $idx, $storage := .Values.wgStorage.additionalStorages }}
+  {{ printf "wgeasy-%v:" (int $idx) }}
+    enabled: true
+    {{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }}
+    targetSelector:
+      wgeasy:
+        wgeasy:
+          mountPath: {{ $storage.mountPath }}
+  {{- end }}
+{{- end -}}

library/ix-dev/charts/wg-easy/templates/_portal.tpl

@@ -0,0 +1,12 @@
+{{- define "wgeasy.portal" -}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: portal
+data:
+  path: "/"
+  port: {{ .Values.wgNetwork.webPort | quote }}
+  protocol: http
+  host: $node_ip
+{{- end -}}

library/ix-dev/charts/wg-easy/templates/_service.tpl

@@ -0,0 +1,21 @@
+{{- define "wgeasy.service" -}}
+service:
+  wgeasy:
+    enabled: true
+    primary: true
+    type: NodePort
+    targetSelector: wgeasy
+    ports:
+      webui:
+        enabled: true
+        primary: true
+        port: {{ .Values.wgNetwork.webPort }}
+        nodePort: {{ .Values.wgNetwork.webPort }}
+        targetSelector: wgeasy
+      vpn:
+        enabled: true
+        port: {{ .Values.wgNetwork.udpPort }}
+        nodePort: {{ .Values.wgNetwork.udpPort }}
+        protocol: udp
+        targetSelector: wgeasy
+{{- end -}}

library/ix-dev/charts/wg-easy/templates/_wgeasy.tpl

@@ -0,0 +1,84 @@
+{{- define "wgeasy.workload" -}}
+workload:
+  wgeasy:
+    enabled: true
+    primary: true
+    type: Deployment
+    podSpec:
+      hostNetwork: {{ .Values.wgNetwork.hostNetwork }}
+      containers:
+        wgeasy:
+          enabled: true
+          primary: true
+          imageSelector: image
+          {{/* https://github.com/WeeJeWel/wg-easy/pull/394 */}}
+          securityContext:
+            runAsUser: 0
+            runAsGroup: 0
+            runAsNonRoot: false
+            readOnlyRootFilesystem: false
+            capabilities:
+              add:
+                - NET_ADMIN
+                - NET_RAW
+                - SYS_MODULE
+          env:
+            WG_PORT: {{ .Values.wgNetwork.udpPort }}
+            PORT: {{ .Values.wgNetwork.webPort }}
+            WG_HOST: {{ .Values.wgConfig.host | quote }}
+            PASSWORD: {{ .Values.wgConfig.password | quote }}
+            WG_PERSISTENT_KEEPALIVE: {{ .Values.wgConfig.keepAlive }}
+            WG_MTU: {{ .Values.wgConfig.clientMTU }}
+            WG_DEFAULT_ADDRESS: {{ .Values.wgConfig.clientAddressRange }}
+            WG_DEFAULT_DNS: {{ .Values.wgConfig.clientDNSServer }}
+            WG_ALLOWED_IPS: {{ join "," .Values.wgConfig.clientAllowedIPs | default "0.0.0.0/0,::/0" | quote }}
+          fixedEnv:
+            PUID: 0
+          {{ with .Values.wgConfig.additionalEnvs }}
+          envList:
+            {{ range $env := . }}
+            - name: {{ $env.name }}
+              value: {{ $env.value }}
+            {{ end }}
+          {{ end }}
+          probes:
+            liveness:
+              enabled: true
+              type: http
+              port: {{ .Values.wgNetwork.webPort }}
+              path: /
+            readiness:
+              enabled: true
+              type: http
+              port: {{ .Values.wgNetwork.webPort }}
+              path: /
+            startup:
+              enabled: true
+              type: http
+              port: {{ .Values.wgNetwork.webPort }}
+              path: /
+          {{ $ip := .Values.wgConfig.clientAddressRange | replace "x" "0" }}
+          lifecycle:
+            preStop:
+              type: exec
+              command:
+                - /bin/bash
+                - -c
+                - |
+                  echo "Deleting routes created by the app..."
+                  netmask=$(ip route | grep {{ $ip }})
+                  netmask=$(echo $netmask | grep -o -E '/.\d*')
+                  netmask=${netmask#/}
+                  echo "Matched routes to delete... {{ $ip }}/$netmask"
+                  # Don't try to delete routes if steps above didn't grep-ed anything
+                  if [ ! "$netmask" == "" ]; then
+                    ip route del {{ $ip }}/$netmask || echo "Route deletion failed..."
+                  fi
+                  echo "Routes deleted..."
+                  interface=$(ip a | grep wg0)
+                  if [ ! "$interface" == "" ]; then
+                    echo "Removing wg0 interface..."
+                    ip link delete wg0
+                    echo "Removed wg0 interface..."
+                  fi
+{{- end -}}

library/ix-dev/charts/wg-easy/templates/common.yaml

@@ -0,0 +1,14 @@
+{{/* Apply helm migrations */}}
+{{- include "ix.v1.common.loader.init" . -}}
+
+{{- include "wgeasy.migration.checks" . -}}
+
+{{/* Merge the templates with Values */}}
+{{- $_ := mustMergeOverwrite .Values (include "wgeasy.workload" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "wgeasy.service" $ | fromYaml) -}}
+{{- $_ := mustMergeOverwrite .Values (include "wgeasy.persistence" $ | fromYaml) -}}
+
+{{/* Create the configmap for portal manually*/}}
+{{- include "wgeasy.portal" $ -}}
+
+{{- include "ix.v1.common.loader.apply" . -}}

library/ix-dev/charts/wg-easy/templates/deployment.yaml

@@ -1,136 +0,0 @@
-{{ include "common.storage.hostPathValidate" .Values }}
-apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
-kind: Deployment
-metadata:
-  name: {{ template "common.names.fullname" . }}-wg
-  labels:
-    app: {{ template "common.names.name" . }}
-    chart: {{ template "common.names.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-  annotations:
-    rollme: {{ randAlphaNum 5 | quote }}
-spec:
-  replicas: {{ (default 1 .Values.replicas) }}
-  strategy:
-    type: "Recreate"
-  selector:
-    matchLabels:
-      app: {{ template "common.names.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      name: {{ template "common.names.fullname" . }}
-      labels:
-        {{- include "common.labels.selectorLabels" . | nindent 8 }}
-      annotations: {{ include "common.annotations" . | nindent 8 }}
-    spec:
-      hostNetwork: {{ .Values.hostNetwork }}
-      hostname: {{ .Release.Name }}
-      containers:
-        - name: {{ .Chart.Name }}
-          {{ include "common.resources.limitation" . | nindent 10 }}
-          {{ include "common.containers.imageConfig" .Values.image | nindent 10 }}
-          securityContext:
-            capabilities:
-              add:
-                - NET_ADMIN
-                - SYS_MODULE
-            {{/* https://github.com/WeeJeWel/wg-easy/pull/394 */}}
-            runAsUser: 0
-            runAsGroup: 0
-            readOnlyRootFilesystem: false
-            runAsNonRoot: false
-          volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }}
-          {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
-            - name: extrappvolume-{{ $index }}
-              mountPath: {{ $hostPathConfiguration.mountPath }}
-          {{ end }}
-          ports:
-            - name: udp
-              containerPort: {{ .Values.wgUDPPort }}
-              protocol: UDP
-            {{- if not .Values.hostNetwork }}
-              hostPort: null
-            {{- end }}
-            - name: web
-              containerPort: {{ .Values.webUIPort }}
-            {{- if not .Values.hostNetwork }}
-              hostPort: null
-            {{- end }}
-          env:
-            {{ $wgeasy := .Values.wgeasy }}
-            {{ $envList := (default list .Values.environmentVariables) }}
-            {{ $envList = mustAppend $envList (dict "name" "WG_HOST" "value" $wgeasy.host) }}
-            {{ $envList = mustAppend $envList (dict "name" "PASSWORD" "value" $wgeasy.password) }}
-            {{ $envList = mustAppend $envList (dict "name" "WG_PORT" "value" .Values.wgUDPPort) }}
-            {{ $envList = mustAppend $envList (dict "name" "PORT" "value" .Values.webUIPort) }}
-            {{ $envList = mustAppend $envList (dict "name" "WG_PERSISTENT_KEEPALIVE" "value" $wgeasy.keep_alive) }}
-            {{ $envList = mustAppend $envList (dict "name" "WG_MTU" "value" $wgeasy.client_mtu) }}
-            {{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_ADDRESS" "value" $wgeasy.client_address_range) }}
-            {{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_DNS" "value" $wgeasy.client_dns_server) }}
-            {{ if $wgeasy.allowed_ips }}
-            {{ $envList = mustAppend $envList (dict "name" "WG_ALLOWED_IPS" "value" (join "," $wgeasy.allowed_ips)) }}
-            {{ else }}
-            {{ $envList = mustAppend $envList (dict "name" "WG_ALLOWED_IPS" "value" ("0.0.0.0/0,::/0")) }}
-            {{ end }}
-            {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }}
-          readinessProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.webUIPort }}
-            initialDelaySeconds: 10
-            periodSeconds: 10
-            timeoutSeconds: 5
-            failureThreshold: 5
-            successThreshold: 2
-          livenessProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.webUIPort }}
-            initialDelaySeconds: 10
-            periodSeconds: 10
-            timeoutSeconds: 5
-            failureThreshold: 5
-            successThreshold: 1
-          startupProbe:
-            httpGet:
-              path: /
-              port: {{ .Values.webUIPort }}
-            initialDelaySeconds: 10
-            periodSeconds: 5
-            timeoutSeconds: 2
-            failureThreshold: 60
-            successThreshold: 1
-          {{ $ip := .Values.wgeasy.client_address_range | replace "x" "0" }}
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                  - /bin/bash
-                  - -c
-                  - |
-                    echo "Deleting routes created by the app..."
-                    netmask=$(ip route | grep {{ $ip }})
-                    netmask=$(echo $netmask | grep -o -E '/.\d*')
-                    netmask=${netmask#/}
-                    echo "Matched routes to delete... {{ $ip }}/$netmask"
-                    # Don't try to delete routes if steps above didn't grep-ed anything
-                    if [ ! "$netmask" == "" ]; then
-                      ip route del {{ $ip }}/$netmask || echo "Route deletion failed..."
-                    fi
-                    echo "Routes deleted..."
-                    interface=$(ip a | grep wg0)
-                    if [ ! "$interface" == "" ]; then
-                      echo "Removing wg0 interface..."
-                      ip link delete wg0
-                      echo "Removed wg0 interface..."
-                    fi
-
-{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }}
-      volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }}
-      {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
-        - name: extrappvolume-{{ $index }}
-          hostPath:
-            path: {{ $hostPathConfiguration.hostPath }}
-      {{ end }}

library/ix-dev/charts/wg-easy/templates/service.yaml

@@ -1,19 +0,0 @@
-{{ $selectors := list }}
-{{ $selectors = mustAppend $selectors (dict "key" "app" "value" (include "common.names.name" .) ) }}
-{{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }}
-{{ $ports := list }}
-{{- if not .Values.hostNetwork }}
-{{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "nodePort" .Values.webUIPort "targetPort" .Values.webUIPort) }}
-{{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "nodePort" .Values.wgUDPPort "targetPort" .Values.wgUDPPort  "protocol" "UDP") }}
-{{- else }}
-{{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "targetPort" .Values.webUIPort) }}
-{{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "targetPort" .Values.wgUDPPort  "protocol" "UDP") }}
-{{- end }}
-{{ $params := . }}
-{{- if not .Values.hostNetwork }}
-{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }}
-{{- else }}
-{{ $_ := set $params "commonService" (dict "type" "ClusterIP" "ports" $ports ) }}
-{{- end }}
-{{ $_1 := set .Values "extraSelectorLabels" $selectors }}
-{{ include "common.classes.service" $params }}

library/ix-dev/charts/wg-easy/to_keep_versions.md

@@ -0,0 +1,4 @@
+# 1.0.12
+
+This version is kept because it contains a fix that is needed for migration to v2.x.x
+It should be safe to remove few months after v2.x.x is released.

library/ix-dev/charts/wg-easy/to_keep_versions.yaml

@@ -0,0 +1 @@
+- 1.0.12

library/ix-dev/charts/wg-easy/values.yaml

@@ -2,3 +2,34 @@ image:
   pullPolicy: IfNotPresent
   repository: weejewel/wg-easy
   tag: "7"
+
+resources:
+  limits:
+    cpu: 4000m
+    memory: 8Gi
+
+podOptions:
+  dnsConfig:
+    options: []
+
+wgNetwork:
+  udpPort: 30057
+  webPort: 30058
+  hostNetwork: true
+
+wgConfig:
+  host: ''
+  password: ''
+  keepAlive: 0
+  clientMTU: 1420
+  clientAddressRange: 10.8.0.x
+  clientDNSServer: "1.1.1.1"
+  allowedIPs: []
+  additionalEnvs: []
+
+wgStorage:
+  config:
+    type: ixVolume
+    ixVolumeConfig:
+      datasetName: config
+  additionalStorages: []