VPN: API server returnes config template while client app merges private key into it
diff --git a/charts/vpn-mesh-config/templates/api.yaml b/charts/vpn-mesh-config/templates/api.yaml
index 02506a4..9da26d7 100644
--- a/charts/vpn-mesh-config/templates/api.yaml
+++ b/charts/vpn-mesh-config/templates/api.yaml
@@ -28,6 +28,10 @@
labels:
app: nebula-api
spec:
+ volumes:
+ - name: config
+ configMap:
+ name: lighthouse-config-template
containers:
- name: api
image: {{ .Values.api.image.repository }}:{{ .Values.api.image.tag }}
@@ -41,6 +45,11 @@
- --port=8080
- --namespace={{ .Release.Namespace }}
- --ca-name={{ .Values.certificateAuthority.name }}
+ - --config-tmpl=/etc/nebula-api/config/lighthouse.yaml
+ volumeMounts:
+ - name: config
+ mountPath: /etc/nebula-api/config
+ readOnly: true
resources:
requests:
memory: "10Mi"
diff --git a/charts/vpn-mesh-config/templates/lighthouse-config-template.yaml b/charts/vpn-mesh-config/templates/lighthouse-config-template.yaml
new file mode 100644
index 0000000..cdf18df
--- /dev/null
+++ b/charts/vpn-mesh-config/templates/lighthouse-config-template.yaml
@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: lighthouse-config-template
+ namespace: {{ .Release.Namespace }}
+data:
+ lighthouse.yaml: |
+ pki:
+ ca: ""
+ cert: ""
+ key: ""
+ static_host_map:
+ "{{ .Values.lighthouse.internalIP }}": ["{{ .Values.lighthouse.externalIP }}:{{ .Values.lighthouse.port }}"]
+ lighthouse:
+ am_lighthouse: false
+ interval: 60
+ listen:
+ host: "[::]"
+ port: 4242
+ punchy:
+ punch: true
+ cipher: chachapoly
+ tun:
+ disabled: false
+ dev: pcloud0
+ drop_local_broadcast: false
+ drop_multicast: false
+ tx_queue: 500
+ mtu: 1300
+ logging:
+ level: info
+ format: text
+ firewall:
+ conntrack:
+ tcp_timeout: 12m
+ udp_timeout: 3m
+ default_timeout: 10m
+ max_connections: 100000
+ outbound:
+ - port: any
+ proto: any
+ host: any
+ inbound:
+ - port: any
+ proto: any
+ host: any