Gitiles
Code Review Sign In
code.v1.dodo.cloud / helm-charts / refs/heads/main / . / charts / headscale / templates / headscale.yaml
blob: 8f1af2810480650a11a7b2ea0cfd7d1005781bfe [file] [log] [blame]
Giorgi Lekveishvili4ec4c022024-08-17 15:09:24 +0400[diff] [blame]1apiVersion: networking.k8s.io/v1
2kind: Ingress
3metadata:
4 name: ingress
5 namespace: {{ .Release.Namespace }}
6 annotations:
7 acme.cert-manager.io/http01-edit-in-place: "true"
8 cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer}}
9 {{ if .Values.ui.enabled }}
10 nginx.org/rewrites: "serviceName=headscale rewrite=/;serviceName=headscale-ui rewrite=/"
11 {{ end }}
12spec:
13 ingressClassName: {{ .Values.ingressClassName }}
14 tls:
15 - hosts:
16 - {{ .Values.domain }}
17 secretName: cert-{{ .Values.domain }}
18 rules:
19 - host: {{ .Values.domain }}
20 http:
21 paths:
22 - path: /
23 pathType: Prefix
24 backend:
25 service:
26 name: headscale
27 port:
28 name: http
29 {{ if .Values.ui.enabled }}
30 - path: /web
31 pathType: Prefix
32 backend:
33 service:
34 name: headscale-ui
35 port:
36 name: http
37 {{ end }}
38---
39apiVersion: v1
40kind: Service
41metadata:
42 name: headscale
43 namespace: {{ .Release.Namespace }}
44 annotations:
45 metallb.universe.tf/address-pool: {{ .Values.ipAddressPool }}
46spec:
47 type: LoadBalancer
48 selector:
49 app: headscale
50 ports:
51 - name: http
52 port: 80
53 targetPort: http
54 protocol: TCP
55{{ if .Values.ui.enabled }}
56---
57apiVersion: v1
58kind: Service
59metadata:
60 name: headscale-ui
61 namespace: {{ .Release.Namespace }}
62 # annotations:
63 # metallb.universe.tf/address-pool: {{ .Values.ipAddressPool }}
64spec:
65 type: ClusterIP
66 selector:
67 app: headscale
68 ports:
69 - name: http
70 port: 80
71 targetPort: http-ui
72 protocol: TCP
73{{ end }}
74---
75apiVersion: v1
76kind: Service
77metadata:
78 name: headscale-api
79 namespace: {{ .Release.Namespace }}
80spec:
81 type: ClusterIP
82 selector:
83 app: headscale
84 ports:
85 - name: http
86 port: 80
87 targetPort: http-api
88 protocol: TCP
89---
90apiVersion: v1
91kind: PersistentVolumeClaim
92metadata:
93 name: data
94 namespace: {{ .Release.Namespace }}
95spec:
96 accessModes:
97 - ReadWriteOnce
98 resources:
99 requests:
100 storage: {{ .Values.storage.size }}
101---
102apiVersion: v1
103kind: PersistentVolumeClaim
104metadata:
105 name: acls
106 namespace: {{ .Release.Namespace }}
107spec:
108 accessModes:
109 - ReadWriteOnce
110 resources:
111 requests:
112 storage: 1Gi # TODO(gio): configurable
113---
114apiVersion: apps/v1
115kind: StatefulSet
116metadata:
117 name: headscale
118 namespace: {{ .Release.Namespace }}
119spec:
120 selector:
121 matchLabels:
122 app: headscale
123 serviceName: headscale
124 replicas: 1
125 template:
126 metadata:
127 labels:
128 app: headscale
129 spec:
130 volumes:
131 - name: data
132 persistentVolumeClaim:
133 claimName: data
134 - name: acls
135 persistentVolumeClaim:
136 claimName: acls
137 - name: config
138 configMap:
139 name: config
140 - name: api-socket
141 emptyDir: {}
142 containers:
143 - name: headscale
144 image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
145 imagePullPolicy: {{ .Values.image.pullPolicy }}
146 ports:
147 - name: http
148 containerPort: 8080
149 protocol: TCP
150 - name: grpc
151 containerPort: 50443
152 protocol: TCP
153 command:
154 - headscale
155 - --config=/headscale/config/config.yaml
156 - serve
157 volumeMounts:
158 - name: data
159 mountPath: /headscale/data
160 readOnly: false
161 - name: config
162 mountPath: /headscale/config
163 readOnly: true
164 - name: acls
165 mountPath: /headscale/acls
166 readOnly: true
167 - mountPath: /headscale-api
168 name: api-socket
Giorgi Lekveishvili2c5b94a2024-08-27 14:34:01 +0400[diff] [blame]169 livenessProbe:
170 exec:
171 command:
172 - cat
173 - /headscale/acls/config.hujson-reload
174 initialDelaySeconds: 60
175 periodSeconds: 5
Giorgi Lekveishvili4ec4c022024-08-17 15:09:24 +0400[diff] [blame]176 - name: headscale-api
177 image: {{ .Values.api.image.repository }}:{{ .Values.api.image.tag }}
178 imagePullPolicy: {{ .Values.api.image.pullPolicy }}
179 ports:
180 - name: http-api
181 containerPort: {{ .Values.api.port }}
182 protocol: TCP
183 command:
184 - headscale-api
185 - --port={{ .Values.api.port }}
186 - --config=/headscale/config/config.yaml
187 - --ip-subnet={{ .Values.api.ipSubnet }}
188 - --acls=/headscale/acls/config.hujson
Giorgi Lekveishvili2c5b94a2024-08-27 14:34:01 +0400[diff] [blame]189 - --self={{ .Values.api.self }}
190 - --fetch-users-addr={{ .Values.api.fetchUsersAddr }}
191 livenessProbe:
192 exec:
193 command:
194 - cat
195 - /headscale/acls/config.hujson-reload
196 initialDelaySeconds: 60
197 periodSeconds: 5
Giorgi Lekveishvili4ec4c022024-08-17 15:09:24 +0400[diff] [blame]198 volumeMounts:
199 - name: data
200 mountPath: /headscale/data
201 readOnly: false
202 - name: config
203 mountPath: /headscale/config
204 readOnly: true
205 - name: acls
206 mountPath: /headscale/acls
207 readOnly: false
208 - mountPath: /headscale-api
209 name: api-socket
210 {{ if .Values.ui.enabled }}
211 - name: headscale-ui # TODO(gio): separate deployment
212 image: {{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}
213 imagePullPolicy: {{ .Values.ui.image.pullPolicy }}
214 ports:
215 - name: http-ui
216 containerPort: 80
217 protocol: TCP
218 {{ end }}