Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / ed33f5e5aff6d0d415b4393109414efa4c525c24 / . / charts / headscale / templates / headscale.yaml
blob: 1bf3a075cb9f98a5f884579eceb206589bf25146 [file] [log] [blame]
Giorgi Lekveishvilid507be52023-05-21 11:33:50 +0400[diff] [blame]1# apiVersion: cert-manager.io/v1
2# kind: Certificate
3# metadata:
4# name: headscale.{{ .Values.domain }}
5# namespace: {{ .Release.Namespace }}
6# annotations:
7# helm.sh/resource-policy: keep
8# spec:
9# dnsNames:
10# - 'headscale.{{ .Values.domain }}'
11# issuerRef:
12# name: {{ .Values.certificateIssuer }}
13# kind: ClusterIssuer
14# secretName: cert-headscale.{{ .Values.domain }}
15# ---
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]16apiVersion: networking.k8s.io/v1
17kind: Ingress
18metadata:
19 name: ingress
20 namespace: {{ .Release.Namespace }}
Giorgi Lekveishvilid507be52023-05-21 11:33:50 +0400[diff] [blame]21 annotations:
22 acme.cert-manager.io/http01-edit-in-place: "true"
23 cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer}}
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]24spec:
25 ingressClassName: {{ .Values.ingressClassName }}
26 tls:
27 - hosts:
28 - headscale.{{ .Values.domain }}
29 secretName: cert-headscale.{{ .Values.domain }}
30 rules:
31 - host: headscale.{{ .Values.domain }}
32 http:
33 paths:
34 - path: /
35 pathType: Prefix
36 backend:
37 service:
38 name: headscale
39 port:
40 name: http
41---
Giorgi Lekveishvilied33f5e2023-05-21 14:12:59 +0400[diff] [blame^]42apiVersion: networking.k8s.io/v1
43kind: Ingress
44metadata:
45 annotations:
46 acme.cert-manager.io/http01-edit-in-place: "true"
47 cert-manager.io/cluster-issuer: {{ .Values.certificateIssuer}}
48 nginx.ingress.kubernetes.io/ssl-redirect: "true"
49 nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
50 name: ingress-grpc
51 namespace: {{ .Release.Namespace }}
52spec:
53 ingressClassName: {{ .Values.ingressClassName }}
54 tls:
55 - hosts:
56 - grpc.headscale.{{ .Values.domain }}
57 secretName: cert-headscale.{{ .Values.domain }}
58 rules:
59 - host: grpc.headscale.{{ .Values.domain }}
60 http:
61 paths:
62 - path: /
63 pathType: Prefix
64 backend:
65 service:
66 name: headscale
67 port:
68 number: grpc
69---
Giorgi Lekveishvili08a19412023-02-04 22:36:01 +0400[diff] [blame]70apiVersion: v1
71kind: Service
72metadata:
73 name: headscale
74 namespace: {{ .Release.Namespace }}
75spec:
76 type: LoadBalancer
77 selector:
78 app: headscale
79 ports:
80 - name: http
81 port: 80
82 targetPort: http
83 protocol: TCP
84---
85apiVersion: v1
86kind: PersistentVolumeClaim
87metadata:
88 name: data
89 namespace: {{ .Release.Namespace }}
90spec:
91 accessModes:
92 - ReadWriteOnce
93 resources:
94 requests:
95 storage: {{ .Values.storage.size }}
96---
97apiVersion: apps/v1
98kind: StatefulSet
99metadata:
100 name: headscale
101 namespace: {{ .Release.Namespace }}
102spec:
103 selector:
104 matchLabels:
105 app: headscale
106 serviceName: headscale
107 replicas: 1
108 template:
109 metadata:
110 labels:
111 app: headscale
112 spec:
113 volumes:
114 - name: data
115 persistentVolumeClaim:
116 claimName: data
117 - name: config
118 configMap:
119 name: config
120 containers:
121 - name: headscale
122 image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
123 imagePullPolicy: {{ .Values.image.pullPolicy }}
124 ports:
125 - name: http
126 containerPort: 8080
127 protocol: TCP
128 command: ["headscale", "--config=/headscale/config/config.yaml", "serve"]
129 resources:
130 # requests:
131 # memory: "10Mi"
132 # cpu: "10m"
133 # limits:
134 # memory: "20Mi"
135 # cpu: "100m"
136 # tolerations:
137 # - key: "pcloud"
138 # operator: "Equal"
139 # value: "role"
140 # effect: "NoSchedule"
141 volumeMounts:
142 - name: data
143 mountPath: /headscale/data
144 readOnly: false
145 - name: config
146 mountPath: /headscale/config
147 readOnly: true