From 3748c11d1bfe5fcefe537a9c26f57a0e5cb34828 Mon Sep 17 00:00:00 2001
From: Janne Mareike Koschinski <janne@kuschku.de>
Date: Thu, 2 Jun 2022 01:47:51 +0200
Subject: [PATCH] feat: add chart for wg-access-server
---
wg-access-server/Chart.yaml | 6 ++
wg-access-server/pipeline.yml | 21 ++++++
wg-access-server/templates/_helpers.tpl | 56 ++++++++++++++
wg-access-server/templates/configmap.yaml | 9 +++
wg-access-server/templates/deployment.yaml | 86 ++++++++++++++++++++++
wg-access-server/templates/ingress.yaml | 20 +++++
wg-access-server/templates/secret.yaml | 10 +++
wg-access-server/templates/service.yaml | 15 ++++
wg-access-server/values.yaml | 49 ++++++++++++
9 files changed, 272 insertions(+)
create mode 100644 wg-access-server/Chart.yaml
create mode 100644 wg-access-server/pipeline.yml
create mode 100644 wg-access-server/templates/_helpers.tpl
create mode 100644 wg-access-server/templates/configmap.yaml
create mode 100644 wg-access-server/templates/deployment.yaml
create mode 100644 wg-access-server/templates/ingress.yaml
create mode 100644 wg-access-server/templates/secret.yaml
create mode 100644 wg-access-server/templates/service.yaml
create mode 100644 wg-access-server/values.yaml
diff --git a/wg-access-server/Chart.yaml b/wg-access-server/Chart.yaml
new file mode 100644
index 0000000..2bdb687
--- /dev/null
+++ b/wg-access-server/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: wg-access-server
+description: Helm Chart for wg-access-server
+type: application
+version: 1.0.0
+appVersion: "v0.4.6"
diff --git a/wg-access-server/pipeline.yml b/wg-access-server/pipeline.yml
new file mode 100644
index 0000000..d1f0d98
--- /dev/null
+++ b/wg-access-server/pipeline.yml
@@ -0,0 +1,21 @@
+lint-wg-access-server:
+ stage: lint
+ rules:
+ - changes:
+ - wg-access-server/**/*
+ script:
+ - helm lint wg-access-server
+
+release-wg-access-server:
+ stage: release
+ needs:
+ - lint-wg-access-server
+ rules:
+ - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+ changes:
+ - wg-access-server/**/*
+ script:
+ - apk add --no-cache git
+ - helm plugin install https://github.com/chartmuseum/helm-push.git
+ - helm repo add --username gitlab-ci-token --password $CI_JOB_TOKEN repo ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/stable
+ - helm cm-push wg-access-server repo
diff --git a/wg-access-server/templates/_helpers.tpl b/wg-access-server/templates/_helpers.tpl
new file mode 100644
index 0000000..4f90abe
--- /dev/null
+++ b/wg-access-server/templates/_helpers.tpl
@@ -0,0 +1,56 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "wg-access-server-helm.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "wg-access-server-helm.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "wg-access-server-helm.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "wg-access-server-helm.labels" -}}
+helm.sh/chart: {{ include "wg-access-server-helm.chart" . }}
+{{ include "wg-access-server-helm.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "wg-access-server-helm.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "wg-access-server-helm.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+
+{{- define "wg-access-server-helm.sslPath" -}}
+/certs
+{{- end }}
diff --git a/wg-access-server/templates/configmap.yaml b/wg-access-server/templates/configmap.yaml
new file mode 100644
index 0000000..79f0152
--- /dev/null
+++ b/wg-access-server/templates/configmap.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "wg-access-server-helm.fullname" . }}
+ labels:
+ {{- include "wg-access-server-helm.labels" . | nindent 4 }}
+data:
+ "config.yaml": |-
+{{ toYaml .Values.config.overrides | indent 4 }}
diff --git a/wg-access-server/templates/deployment.yaml b/wg-access-server/templates/deployment.yaml
new file mode 100644
index 0000000..e97bd6b
--- /dev/null
+++ b/wg-access-server/templates/deployment.yaml
@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "wg-access-server-helm.fullname" . }}
+ labels:
+ {{- include "wg-access-server-helm.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "wg-access-server-helm.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "wg-access-server-helm.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ volumes:
+ - name: tun
+ hostPath:
+ type: 'CharDevice'
+ path: /dev/net/tun
+ - name: data
+ {{- .Values.volume | nindent 10 }}
+ - name: config
+ configMap:
+ name: {{ include "wg-access-server-helm.fullname" . }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ envFrom:
+ - secretRef:
+ name: {{ include "wg-access-server-helm.fullname" . }}
+ ports:
+ - name: http
+ containerPort: 8000
+ protocol: TCP
+ - name: wireguard
+ containerPort: 51820
+ protocol: UDP
+ startupProbe:
+ httpGet:
+ path: /
+ port: http
+ livenessProbe:
+ httpGet:
+ path: /
+ port: http
+ readinessProbe:
+ httpGet:
+ path: /
+ port: http
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ volumeMounts:
+ - name: tun
+ mountPath: /dev/net/tun
+ - mountPath: "/config.yaml"
+ name: config
+ subPath: "config.yaml"
+ - mountPath: "/data"
+ name: data
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/wg-access-server/templates/ingress.yaml b/wg-access-server/templates/ingress.yaml
new file mode 100644
index 0000000..1d6307d
--- /dev/null
+++ b/wg-access-server/templates/ingress.yaml
@@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ include "wg-access-server-helm.fullname" . }}
+ labels:
+ {{- include "wg-access-server-helm.labels" . | nindent 4 }}
+ annotations:
+ {{- .Values.ingress.annotations | toYaml | nindent 4 }}
+spec:
+ rules:
+ - host: "{{ .Values.ingress.host }}"
+ http:
+ paths:
+ - path: "{{ .Values.ingress.path }}"
+ backend:
+ service:
+ name: {{ include "wg-access-server-helm.fullname" . }}
+ port:
+ name: http
+ pathType: Prefix
diff --git a/wg-access-server/templates/secret.yaml b/wg-access-server/templates/secret.yaml
new file mode 100644
index 0000000..3984692
--- /dev/null
+++ b/wg-access-server/templates/secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "wg-access-server-helm.fullname" . }}
+ labels:
+ {{- include "wg-access-server-helm.labels" . | nindent 4 }}
+stringData:
+ WG_WIREGUARD_PRIVATE_KEY: "{{ .Values.config.privateKey }}"
+ WG_ADMIN_USERNAME: "{{ .Values.config.adminUsername }}"
+ WG_ADMIN_PASSWORD: "{{ .Values.config.adminPassword }}"
diff --git a/wg-access-server/templates/service.yaml b/wg-access-server/templates/service.yaml
new file mode 100644
index 0000000..fe29570
--- /dev/null
+++ b/wg-access-server/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "wg-access-server-helm.fullname" . }}
+ labels:
+ {{- include "wg-access-server-helm.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: 80
+ targetPort: http
+ protocol: TCP
+ name: http
+ selector:
+ {{- include "wg-access-server-helm.selectorLabels" . | nindent 4 }}
diff --git a/wg-access-server/values.yaml b/wg-access-server/values.yaml
new file mode 100644
index 0000000..b7f5e27
--- /dev/null
+++ b/wg-access-server/values.yaml
@@ -0,0 +1,49 @@
+replicaCount: 1
+
+image:
+ repository: place1/wg-access-server
+ pullPolicy: IfNotPresent
+ tag: ""
+
+imagePullSecrets: [ ]
+nameOverride: ""
+fullnameOverride: ""
+
+config:
+ adminUsername: ""
+ adminPassword: ""
+ privateKey: ""
+ overrides: {}
+
+volume: |-
+ emptyDir: {}
+
+service:
+ type: ClusterIP
+
+ingress:
+ host: "example.com"
+ path: "/"
+ annotations: { }
+
+podAnnotations: { }
+
+podSecurityContext: { }
+
+securityContext:
+ capabilities:
+ add: [ 'NET_ADMIN' ]
+
+resources:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+
+nodeSelector: { }
+
+tolerations: [ ]
+
+affinity: { }
--
GitLab