Intaller: nebula controller chart
diff --git a/charts/nebula/.helmignore b/charts/nebula/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/nebula/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/nebula/Chart.yaml b/charts/nebula/Chart.yaml
new file mode 100644
index 0000000..edddb74
--- /dev/null
+++ b/charts/nebula/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: nebula
+description: A Helm chart for Nebula controller
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/nebula/crds/nebula-ca.yaml b/charts/nebula/crds/nebula-ca.yaml
new file mode 100644
index 0000000..c8de194
--- /dev/null
+++ b/charts/nebula/crds/nebula-ca.yaml
@@ -0,0 +1,83 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: nebulacas.lekva.me
+spec:
+ group: lekva.me
+ scope: Namespaced
+ names:
+ kind: NebulaCA
+ listKind: NebulaCAList
+ plural: nebulacas
+ singular: nebulaca
+ shortNames:
+ - nca
+ - ncas
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ properties:
+ secretName:
+ type: string
+ status:
+ type: object
+ properties:
+ state:
+ type: string
+ message:
+ type: string
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: nebulanodes.lekva.me
+spec:
+ group: lekva.me
+ scope: Namespaced
+ names:
+ kind: NebulaNode
+ listKind: NebulaNodeList
+ plural: nebulanodes
+ singular: nebulanode
+ shortNames:
+ - nnode
+ - nnodes
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ properties:
+ caName:
+ type: string
+ caNamespace:
+ type: string
+ ipCidr:
+ type: string
+ pubKey:
+ type: string
+ secretName:
+ type: string
+ status:
+ type: object
+ properties:
+ state:
+ type: string
+ message:
+ type: string
diff --git a/charts/nebula/crds/nebula-node.yaml b/charts/nebula/crds/nebula-node.yaml
new file mode 100644
index 0000000..d59963f
--- /dev/null
+++ b/charts/nebula/crds/nebula-node.yaml
@@ -0,0 +1,45 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: nebulanodes.lekva.me
+spec:
+ group: lekva.me
+ scope: Namespaced
+ names:
+ kind: NebulaNode
+ listKind: NebulaNodeList
+ plural: nebulanodes
+ singular: nebulanode
+ shortNames:
+ - nnode
+ - nnodes
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ properties:
+ caName:
+ type: string
+ caNamespace:
+ type: string
+ ipCidr:
+ type: string
+ pubKey:
+ type: string
+ secretName:
+ type: string
+ status:
+ type: object
+ properties:
+ state:
+ type: string
+ message:
+ type: string
diff --git a/charts/nebula/crds/nebula.crds.yaml b/charts/nebula/crds/nebula.crds.yaml
new file mode 100644
index 0000000..f6b8411
--- /dev/null
+++ b/charts/nebula/crds/nebula.crds.yaml
@@ -0,0 +1,37 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: nebulacas.lekva.me
+spec:
+ group: lekva.me
+ scope: Namespaced
+ names:
+ kind: NebulaCA
+ listKind: NebulaCAList
+ plural: nebulacas
+ singular: nebulaca
+ shortNames:
+ - nca
+ - ncas
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ properties:
+ secretName:
+ type: string
+ status:
+ type: object
+ properties:
+ state:
+ type: string
+ message:
+ type: string
diff --git a/charts/nebula/templates/controller.yaml b/charts/nebula/templates/controller.yaml
new file mode 100644
index 0000000..92aa325
--- /dev/null
+++ b/charts/nebula/templates/controller.yaml
@@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nebula-controller
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ app: nebula-controller
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: nebula-controller
+ spec:
+ containers:
+ - name: controller
+ image: {{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}
+ imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
+ command:
+ - nebula-controller
+ - --nebula-cert=nebula-cert
+ tolerations:
+ - key: "pcloud"
+ operator: "Equal"
+ value: "role"
+ effect: "NoSchedule"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .Release.Namespace }}-nebula-controller
+ namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups:
+ - "lekva.me"
+ resources:
+ - nebulacas
+ - nebulacas/status
+ - nebulanodes
+ - nebulanodes/status
+ verbs:
+ - list
+ - get
+ - create
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - list
+ - get
+ - create
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .Release.Namespace }}-nebula-controller
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ .Release.Namespace }}-nebula-controller
+subjects:
+- kind: ServiceAccount
+ name: default
+ namespace: {{ .Release.Namespace }}
diff --git a/charts/nebula/templates/manage.yaml b/charts/nebula/templates/manage.yaml
new file mode 100644
index 0000000..2272321
--- /dev/null
+++ b/charts/nebula/templates/manage.yaml
@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: nebula-web
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: LoadBalancer
+ selector:
+ app: nebula-web
+ ports:
+ - name: http
+ port: 80
+ targetPort: http
+ protocol: TCP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: nebula-web
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ app: nebula-web
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: nebula-web
+ spec:
+ containers:
+ - name: web
+ image: {{ .Values.manage.image.repository }}:{{ .Values.manage.image.tag }}
+ imagePullPolicy: {{ .Values.manage.image.pullPolicy }}
+ ports:
+ - name: http
+ containerPort: 8080
+ protocol: TCP
+ command:
+ - nebula-web
+ - --port=8080
+ resources:
+ requests:
+ memory: "10Mi"
+ cpu: "10m"
+ limits:
+ memory: "20Mi"
+ cpu: "100m"
+ tolerations:
+ - key: "pcloud"
+ operator: "Equal"
+ value: "role"
+ effect: "NoSchedule"
diff --git a/charts/nebula/values.yaml b/charts/nebula/values.yaml
new file mode 100644
index 0000000..5f3e30f
--- /dev/null
+++ b/charts/nebula/values.yaml
@@ -0,0 +1,10 @@
+controller:
+ image:
+ repository: giolekva/nebula-controller
+ tag: latest
+ pullPolicy: Always
+manage:
+ image:
+ repository: giolekva/nebula-web
+ tag: latest
+ pullPolicy: Always