Blame - charts/headscale/templates/headscale.yaml - pcloud

blob: d483854dd61c2f0f75d4a362200d17ae530e5a75 [file] [log] [blame]

Giorgi Lekveishvili	08a1941	2023-02-04 22:36:01 +0400	[diff] [blame]	1	apiVersion: networking.k8s.io/v1
				2	kind: Ingress
				3	metadata:
				4	name: ingress
				5	namespace: {{ .Release.Namespace }}
Giorgi Lekveishvili	d507be5	2023-05-21 11:33:50 +0400	[diff] [blame]	6	annotations:
				7	acme.cert-manager.io/http01-edit-in-place: "true"
				8	cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer}}
Giorgi Lekveishvili	e287076	2023-12-09 14:21:22 +0400	[diff] [blame]	9	{{ if .Values.ui.enabled }}
				10	nginx.org/rewrites: "serviceName=headscale rewrite=/;serviceName=headscale-ui rewrite=/"
				11	{{ end }}
Giorgi Lekveishvili	08a1941	2023-02-04 22:36:01 +0400	[diff] [blame]	12	spec:
				13	ingressClassName: {{ .Values.ingressClassName }}
				14	tls:
				15	- hosts:
Giorgi Lekveishvili	ce3c64d	2023-05-30 13:28:08 +0400	[diff] [blame]	16	- {{ .Values.domain }}
				17	secretName: cert-{{ .Values.domain }}
Giorgi Lekveishvili	08a1941	2023-02-04 22:36:01 +0400	[diff] [blame]	18	rules:
Giorgi Lekveishvili	ce3c64d	2023-05-30 13:28:08 +0400	[diff] [blame]	19	- host: {{ .Values.domain }}
Giorgi Lekveishvili	08a1941	2023-02-04 22:36:01 +0400	[diff] [blame]	20	http:
				21	paths:
				22	- path: /
				23	pathType: Prefix
				24	backend:
				25	service:
				26	name: headscale
				27	port:
				28	name: http
Giorgi Lekveishvili	e287076	2023-12-09 14:21:22 +0400	[diff] [blame]	29	{{ if .Values.ui.enabled }}
				30	- path: /web
				31	pathType: Prefix
				32	backend:
				33	service:
				34	name: headscale-ui
				35	port:
				36	name: http
				37	{{ end }}
Giorgi Lekveishvili	b769155	2023-05-31 18:13:19 +0400	[diff] [blame]	38	---
Giorgi Lekveishvili	08a1941	2023-02-04 22:36:01 +0400	[diff] [blame]	39	apiVersion: v1
				40	kind: Service
				41	metadata:
				42	name: headscale
				43	namespace: {{ .Release.Namespace }}
Giorgi Lekveishvili	c3b2886	2023-06-15 10:38:28 +0400	[diff] [blame]	44	annotations:
				45	metallb.universe.tf/address-pool: {{ .Values.ipAddressPool }}
Giorgi Lekveishvili	08a1941	2023-02-04 22:36:01 +0400	[diff] [blame]	46	spec:
				47	type: LoadBalancer
				48	selector:
				49	app: headscale
				50	ports:
				51	- name: http
				52	port: 80
				53	targetPort: http
				54	protocol: TCP
Giorgi Lekveishvili	e287076	2023-12-09 14:21:22 +0400	[diff] [blame]	55	{{ if .Values.ui.enabled }}
				56	---
				57	apiVersion: v1
				58	kind: Service
				59	metadata:
				60	name: headscale-ui
				61	namespace: {{ .Release.Namespace }}
				62	# annotations:
				63	# metallb.universe.tf/address-pool: {{ .Values.ipAddressPool }}
				64	spec:
				65	type: ClusterIP
				66	selector:
				67	app: headscale
				68	ports:
				69	- name: http
				70	port: 80
				71	targetPort: http-ui
				72	protocol: TCP
				73	{{ end }}
Giorgi Lekveishvili	08a1941	2023-02-04 22:36:01 +0400	[diff] [blame]	74	---
				75	apiVersion: v1
Giorgi Lekveishvili	6e90bee	2023-06-15 17:00:30 +0400	[diff] [blame]	76	kind: Service
				77	metadata:
				78	name: headscale-api
				79	namespace: {{ .Release.Namespace }}
				80	spec:
				81	type: ClusterIP
				82	selector:
				83	app: headscale
				84	ports:
				85	- name: http
				86	port: 80
				87	targetPort: http-api
				88	protocol: TCP
				89	---
				90	apiVersion: v1
Giorgi Lekveishvili	08a1941	2023-02-04 22:36:01 +0400	[diff] [blame]	91	kind: PersistentVolumeClaim
				92	metadata:
				93	name: data
				94	namespace: {{ .Release.Namespace }}
				95	spec:
				96	accessModes:
				97	- ReadWriteOnce
				98	resources:
				99	requests:
				100	storage: {{ .Values.storage.size }}
				101	---
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	102	apiVersion: v1
				103	kind: PersistentVolumeClaim
				104	metadata:
				105	name: acls
				106	namespace: {{ .Release.Namespace }}
				107	spec:
				108	accessModes:
				109	- ReadWriteOnce
				110	resources:
				111	requests:
				112	storage: 1Gi # TODO(gio): configurable
				113	---
Giorgi Lekveishvili	08a1941	2023-02-04 22:36:01 +0400	[diff] [blame]	114	apiVersion: apps/v1
				115	kind: StatefulSet
				116	metadata:
				117	name: headscale
				118	namespace: {{ .Release.Namespace }}
				119	spec:
				120	selector:
				121	matchLabels:
				122	app: headscale
				123	serviceName: headscale
				124	replicas: 1
				125	template:
				126	metadata:
				127	labels:
				128	app: headscale
				129	spec:
				130	volumes:
				131	- name: data
				132	persistentVolumeClaim:
				133	claimName: data
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	134	- name: acls
				135	persistentVolumeClaim:
				136	claimName: acls
Giorgi Lekveishvili	08a1941	2023-02-04 22:36:01 +0400	[diff] [blame]	137	- name: config
				138	configMap:
				139	name: config
Giorgi Lekveishvili	37181d0	2023-06-15 19:00:41 +0400	[diff] [blame]	140	- name: api-socket
				141	emptyDir: {}
Giorgi Lekveishvili	08a1941	2023-02-04 22:36:01 +0400	[diff] [blame]	142	containers:
				143	- name: headscale
				144	image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
				145	imagePullPolicy: {{ .Values.image.pullPolicy }}
				146	ports:
				147	- name: http
				148	containerPort: 8080
				149	protocol: TCP
Giorgi Lekveishvili	620caa8	2023-05-21 19:36:58 +0400	[diff] [blame]	150	- name: grpc
				151	containerPort: 50443
				152	protocol: TCP
Giorgi Lekveishvili	6e90bee	2023-06-15 17:00:30 +0400	[diff] [blame]	153	command:
				154	- headscale
				155	- --config=/headscale/config/config.yaml
				156	- serve
				157	volumeMounts:
				158	- name: data
				159	mountPath: /headscale/data
				160	readOnly: false
				161	- name: config
				162	mountPath: /headscale/config
				163	readOnly: true
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	164	- name: acls
				165	mountPath: /headscale/acls
				166	readOnly: true
Giorgi Lekveishvili	37181d0	2023-06-15 19:00:41 +0400	[diff] [blame]	167	- mountPath: /headscale-api
				168	name: api-socket
Giorgi Lekveishvili	6e90bee	2023-06-15 17:00:30 +0400	[diff] [blame]	169	- name: headscale-api
				170	image: {{ .Values.api.image.repository }}:{{ .Values.api.image.tag }}
				171	imagePullPolicy: {{ .Values.api.image.pullPolicy }}
				172	ports:
				173	- name: http-api
Giorgi Lekveishvili	602479d	2023-06-15 17:59:23 +0400	[diff] [blame]	174	containerPort: {{ .Values.api.port }}
Giorgi Lekveishvili	6e90bee	2023-06-15 17:00:30 +0400	[diff] [blame]	175	protocol: TCP
				176	command:
				177	- headscale-api
Giorgi Lekveishvili	602479d	2023-06-15 17:59:23 +0400	[diff] [blame]	178	- --port={{ .Values.api.port }}
Giorgi Lekveishvili	6e90bee	2023-06-15 17:00:30 +0400	[diff] [blame]	179	- --config=/headscale/config/config.yaml
Giorgi Lekveishvili	9d5e3f5	2024-03-13 15:02:50 +0400	[diff] [blame^]	180	- --ip-subnet={{ .Values.api.ipSubnet }}
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	181	- --acls=/headscale/acls/config.hujson
Giorgi Lekveishvili	08a1941	2023-02-04 22:36:01 +0400	[diff] [blame]	182	volumeMounts:
				183	- name: data
				184	mountPath: /headscale/data
				185	readOnly: false
				186	- name: config
				187	mountPath: /headscale/config
				188	readOnly: true
Giorgi Lekveishvili	6ae65d1	2023-12-04 15:37:53 +0400	[diff] [blame]	189	- name: acls
				190	mountPath: /headscale/acls
				191	readOnly: false
Giorgi Lekveishvili	37181d0	2023-06-15 19:00:41 +0400	[diff] [blame]	192	- mountPath: /headscale-api
				193	name: api-socket
Giorgi Lekveishvili	e287076	2023-12-09 14:21:22 +0400	[diff] [blame]	194	{{ if .Values.ui.enabled }}
				195	- name: headscale-ui # TODO(gio): separate deployment
				196	image: {{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }}
				197	imagePullPolicy: {{ .Values.ui.image.pullPolicy }}
				198	ports:
				199	- name: http-ui
				200	containerPort: 80
				201	protocol: TCP
				202	{{ end }}