charts: headscale-controller resource-renderer-controller
diff --git a/charts/headscale-controller/Chart.yaml b/charts/headscale-controller/Chart.yaml
new file mode 100644
index 0000000..23162f0
--- /dev/null
+++ b/charts/headscale-controller/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: headscale-controller
+description: A Helm chart for headscale-controller
+type: application
+version: 0.0.1
+appVersion: "0.0.1"
diff --git a/charts/headscale-controller/templates/install.yaml b/charts/headscale-controller/templates/install.yaml
new file mode 100644
index 0000000..1180373
--- /dev/null
+++ b/charts/headscale-controller/templates/install.yaml
@@ -0,0 +1,336 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.9.2
+ creationTimestamp: null
+ name: headscaleusers.headscale.dodo.cloud
+spec:
+ group: headscale.dodo.cloud
+ names:
+ kind: HeadscaleUser
+ listKind: HeadscaleUserList
+ plural: headscaleusers
+ singular: headscaleuser
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: HeadscaleUser is the Schema for the headscaleusers API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HeadscaleUserSpec defines the desired state of HeadscaleUser
+ properties:
+ name:
+ type: string
+ preAuthKey:
+ properties:
+ enabled:
+ type: boolean
+ secretName:
+ type: string
+ type: object
+ type: object
+ status:
+ description: HeadscaleUserStatus defines the observed state of HeadscaleUser
+ properties:
+ ready:
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: controller-controller-manager
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: controller-leader-election-role
+ namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ creationTimestamp: null
+ name: controller-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - headscale.dodo.cloud
+ resources:
+ - headscaleusers
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - headscale.dodo.cloud
+ resources:
+ - headscaleusers/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - headscale.dodo.cloud
+ resources:
+ - headscaleusers/status
+ verbs:
+ - get
+ - patch
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: controller-metrics-reader
+rules:
+- nonResourceURLs:
+ - /metrics
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: controller-proxy-role
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: controller-leader-election-rolebinding
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: controller-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: controller-controller-manager
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: controller-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: controller-manager-role
+subjects:
+- kind: ServiceAccount
+ name: controller-controller-manager
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: controller-proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: controller-proxy-role
+subjects:
+- kind: ServiceAccount
+ name: controller-controller-manager
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+data:
+ controller_manager_config.yaml: |
+ apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
+ kind: ControllerManagerConfig
+ health:
+ healthProbeBindAddress: :8081
+ metrics:
+ bindAddress: 127.0.0.1:8080
+ webhook:
+ port: 9443
+ leaderElection:
+ leaderElect: true
+ resourceName: 798a733c.dodo.cloud
+ # leaderElectionReleaseOnCancel defines if the leader should step down volume
+ # when the Manager ends. This requires the binary to immediately end when the
+ # Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
+ # speeds up voluntary leader transitions as the new leader don't have to wait
+ # LeaseDuration time first.
+ # In the default scaffold provided, the program ends immediately after
+ # the manager stops, so would be fine to enable this option. However,
+ # if you are doing or is intended to do any operation such as perform cleanups
+ # after the manager stops then its usage might be unsafe.
+ # leaderElectionReleaseOnCancel: true
+kind: ConfigMap
+metadata:
+ name: controller-manager-config
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ control-plane: controller-manager
+ name: controller-controller-manager-metrics-service
+ namespace: {{ .Release.Namespace }}
+spec:
+ ports:
+ - name: https
+ port: 8443
+ protocol: TCP
+ targetPort: https
+ selector:
+ control-plane: controller-manager
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ control-plane: controller-manager
+ name: controller-controller-manager
+ namespace: {{ .Release.Namespace }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ control-plane: controller-manager
+ spec:
+ containers:
+ - args:
+ - --secure-listen-address=0.0.0.0:8443
+ - --upstream=http://127.0.0.1:8080/
+ - --logtostderr=true
+ - --v=0
+ image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
+ name: kube-rbac-proxy
+ ports:
+ - containerPort: 8443
+ name: https
+ protocol: TCP
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 5m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ - args:
+ - --health-probe-bind-address=:8081
+ - --metrics-bind-address=127.0.0.1:8080
+ - --leader-elect
+ command:
+ - /manager
+ image: giolekva/headscale-controller:latest
+ imagePullPolicy: Always
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: manager
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ securityContext:
+ runAsNonRoot: true
+ serviceAccountName: controller-controller-manager
+ terminationGracePeriodSeconds: 10
diff --git a/charts/headscale-controller/values.yaml b/charts/headscale-controller/values.yaml
new file mode 100644
index 0000000..13dc30e
--- /dev/null
+++ b/charts/headscale-controller/values.yaml
@@ -0,0 +1,5 @@
+image:
+ repository: giolekva/headscale-controller
+ tag: latest
+ pullPolicy: Always
+installCRDs: false