Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 2d1c2eb09083cf7ad106e9bdfdc47e5dbb8b5ab8 / . / charts / headscale / templates / headscale.yaml
blob: 128a24c80bfce128fcf64c59b544accf6f574ba9 [file] [log] [blame]
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]1apiVersion: networking.k8s.io/v1
2kind: Ingress
3metadata:
4 name: ingress
5 namespace: {{ .Release.Namespace }}
Giorgi Lekveishvilid507be52023-05-21 11:33:50 +0400[diff] [blame]6 annotations:
7 acme.cert-manager.io/http01-edit-in-place: "true"
8 cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer}}
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]9spec:
10 ingressClassName: {{ .Values.ingressClassName }}
11 tls:
12 - hosts:
Giorgi Lekveishvilice3c64d2023-05-30 13:28:08 +0400[diff] [blame]13 - {{ .Values.domain }}
14 secretName: cert-{{ .Values.domain }}
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]15 rules:
Giorgi Lekveishvilice3c64d2023-05-30 13:28:08 +0400[diff] [blame]16 - host: {{ .Values.domain }}
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]17 http:
18 paths:
19 - path: /
20 pathType: Prefix
21 backend:
22 service:
23 name: headscale
24 port:
25 name: http
Giorgi Lekveishvilib7691552023-05-31 18:13:19 +0400[diff] [blame]26---
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]27apiVersion: v1
28kind: Service
29metadata:
30 name: headscale
31 namespace: {{ .Release.Namespace }}
Giorgi Lekveishvilic3b28862023-06-15 10:38:28 +0400[diff] [blame]32 annotations:
33 metallb.universe.tf/address-pool: {{ .Values.ipAddressPool }}
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]34spec:
35 type: LoadBalancer
36 selector:
37 app: headscale
38 ports:
39 - name: http
40 port: 80
41 targetPort: http
42 protocol: TCP
43---
44apiVersion: v1
Giorgi Lekveishvili6e90bee2023-06-15 17:00:30 +0400[diff] [blame]45kind: Service
46metadata:
47 name: headscale-api
48 namespace: {{ .Release.Namespace }}
49spec:
50 type: ClusterIP
51 selector:
52 app: headscale
53 ports:
54 - name: http
55 port: 80
56 targetPort: http-api
57 protocol: TCP
58---
59apiVersion: v1
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]60kind: PersistentVolumeClaim
61metadata:
62 name: data
63 namespace: {{ .Release.Namespace }}
64spec:
65 accessModes:
66 - ReadWriteOnce
67 resources:
68 requests:
69 storage: {{ .Values.storage.size }}
70---
Giorgi Lekveishvili6ae65d12023-12-04 15:37:53 +0400[diff] [blame]71apiVersion: v1
72kind: PersistentVolumeClaim
73metadata:
74 name: acls
75 namespace: {{ .Release.Namespace }}
76spec:
77 accessModes:
78 - ReadWriteOnce
79 resources:
80 requests:
81 storage: 1Gi # TODO(gio): configurable
82---
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]83apiVersion: apps/v1
84kind: StatefulSet
85metadata:
86 name: headscale
87 namespace: {{ .Release.Namespace }}
88spec:
89 selector:
90 matchLabels:
91 app: headscale
92 serviceName: headscale
93 replicas: 1
94 template:
95 metadata:
96 labels:
97 app: headscale
98 spec:
99 volumes:
100 - name: data
101 persistentVolumeClaim:
102 claimName: data
Giorgi Lekveishvili6ae65d12023-12-04 15:37:53 +0400[diff] [blame]103 - name: acls
104 persistentVolumeClaim:
105 claimName: acls
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]106 - name: config
107 configMap:
108 name: config
Giorgi Lekveishvili37181d02023-06-15 19:00:41 +0400[diff] [blame]109 - name: api-socket
110 emptyDir: {}
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]111 containers:
112 - name: headscale
113 image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
114 imagePullPolicy: {{ .Values.image.pullPolicy }}
115 ports:
116 - name: http
117 containerPort: 8080
118 protocol: TCP
Giorgi Lekveishvili620caa82023-05-21 19:36:58 +0400[diff] [blame]119 - name: grpc
120 containerPort: 50443
121 protocol: TCP
Giorgi Lekveishvili6e90bee2023-06-15 17:00:30 +0400[diff] [blame]122 command:
123 - headscale
124 - --config=/headscale/config/config.yaml
125 - serve
126 volumeMounts:
127 - name: data
128 mountPath: /headscale/data
129 readOnly: false
130 - name: config
131 mountPath: /headscale/config
132 readOnly: true
Giorgi Lekveishvili6ae65d12023-12-04 15:37:53 +0400[diff] [blame]133 - name: acls
134 mountPath: /headscale/acls
135 readOnly: true
Giorgi Lekveishvili37181d02023-06-15 19:00:41 +0400[diff] [blame]136 - mountPath: /headscale-api
137 name: api-socket
Giorgi Lekveishvili6e90bee2023-06-15 17:00:30 +0400[diff] [blame]138 - name: headscale-api
139 image: {{ .Values.api.image.repository }}:{{ .Values.api.image.tag }}
140 imagePullPolicy: {{ .Values.api.image.pullPolicy }}
141 ports:
142 - name: http-api
Giorgi Lekveishvili602479d2023-06-15 17:59:23 +0400[diff] [blame]143 containerPort: {{ .Values.api.port }}
Giorgi Lekveishvili6e90bee2023-06-15 17:00:30 +0400[diff] [blame]144 protocol: TCP
145 command:
146 - headscale-api
Giorgi Lekveishvili602479d2023-06-15 17:59:23 +0400[diff] [blame]147 - --port={{ .Values.api.port }}
Giorgi Lekveishvili6e90bee2023-06-15 17:00:30 +0400[diff] [blame]148 - --config=/headscale/config/config.yaml
Giorgi Lekveishvili6ae65d12023-12-04 15:37:53 +0400[diff] [blame]149 - --domain={{ .Values.api.rootDomain }}
150 - --acls=/headscale/acls/config.hujson
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]151 volumeMounts:
152 - name: data
153 mountPath: /headscale/data
154 readOnly: false
155 - name: config
156 mountPath: /headscale/config
157 readOnly: true
Giorgi Lekveishvili6ae65d12023-12-04 15:37:53 +0400[diff] [blame]158 - name: acls
159 mountPath: /headscale/acls
160 readOnly: false
Giorgi Lekveishvili37181d02023-06-15 19:00:41 +0400[diff] [blame]161 - mountPath: /headscale-api
162 name: api-socket