From 58960200c01f747759cb6941002a3c90a37cda6a Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Mon, 7 Nov 2022 15:37:09 +0200 Subject: [PATCH 01/23] add wg-easy app (init bolierplate) --- test/wg-easy/.helmignore | 2 + test/wg-easy/1.0.0/Chart.lock | 6 + test/wg-easy/1.0.0/Chart.yaml | 15 ++ test/wg-easy/1.0.0/README.md | 3 + test/wg-easy/1.0.0/app-readme.md | 3 + test/wg-easy/1.0.0/charts/common-2207.0.0.tgz | Bin 0 -> 4976 bytes test/wg-easy/1.0.0/ix_values.yaml | 4 + test/wg-easy/1.0.0/questions.yaml | 246 ++++++++++++++++++ test/wg-easy/1.0.0/test_values.yaml | 0 test/wg-easy/item.yaml | 5 + test/wg-easy/upgrade_info.json | 1 + test/wg-easy/upgrade_strategy | 37 +++ 12 files changed, 322 insertions(+) create mode 100644 test/wg-easy/.helmignore create mode 100644 test/wg-easy/1.0.0/Chart.lock create mode 100644 test/wg-easy/1.0.0/Chart.yaml create mode 100644 test/wg-easy/1.0.0/README.md create mode 100644 test/wg-easy/1.0.0/app-readme.md create mode 100644 test/wg-easy/1.0.0/charts/common-2207.0.0.tgz create mode 100644 test/wg-easy/1.0.0/ix_values.yaml create mode 100644 test/wg-easy/1.0.0/questions.yaml create mode 100644 test/wg-easy/1.0.0/test_values.yaml create mode 100644 test/wg-easy/item.yaml create mode 100644 test/wg-easy/upgrade_info.json create mode 100755 test/wg-easy/upgrade_strategy diff --git a/test/wg-easy/.helmignore b/test/wg-easy/.helmignore new file mode 100644 index 0000000000..c1347c2c27 --- /dev/null +++ b/test/wg-easy/.helmignore @@ -0,0 +1,2 @@ +# Patterns to ignore when building packages. +*.png diff --git a/test/wg-easy/1.0.0/Chart.lock b/test/wg-easy/1.0.0/Chart.lock new file mode 100644 index 0000000000..332bddc6b2 --- /dev/null +++ b/test/wg-easy/1.0.0/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../library/common/2207.0.0 + version: 2207.0.0 +digest: sha256:f17f3d458ca0210a52e39da0dce35034e900b36f2040d4b19bed46a7aae91506 +generated: "2022-11-07T14:53:51.774827549+02:00" diff --git a/test/wg-easy/1.0.0/Chart.yaml b/test/wg-easy/1.0.0/Chart.yaml new file mode 100644 index 0000000000..fc41a1d643 --- /dev/null +++ b/test/wg-easy/1.0.0/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +appVersion: REPLACE +dependencies: +- name: common + repository: file://../../../library/common/2207.0.0 + version: 2207.0.0 +description: WG-Easy is the easiest way to install & manage WireGuard! +home: https://github.com/WeeJeWel/wg-easy +icon: https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/src/www/img/logo.png +keywords: +- wireguard +- network +- vpn +name: wg-easy +version: 1.0.0 diff --git a/test/wg-easy/1.0.0/README.md b/test/wg-easy/1.0.0/README.md new file mode 100644 index 0000000000..8c6f958538 --- /dev/null +++ b/test/wg-easy/1.0.0/README.md @@ -0,0 +1,3 @@ +# WG-Easy + +[WG-Easy (WireGuard Easy)](https://github.com/WeeJeWel/wg-easy) is the easiest way to install & manage WireGuard! diff --git a/test/wg-easy/1.0.0/app-readme.md b/test/wg-easy/1.0.0/app-readme.md new file mode 100644 index 0000000000..8c6f958538 --- /dev/null +++ b/test/wg-easy/1.0.0/app-readme.md @@ -0,0 +1,3 @@ +# WG-Easy + +[WG-Easy (WireGuard Easy)](https://github.com/WeeJeWel/wg-easy) is the easiest way to install & manage WireGuard! diff --git a/test/wg-easy/1.0.0/charts/common-2207.0.0.tgz b/test/wg-easy/1.0.0/charts/common-2207.0.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..0bc0da84525a1602db1da3fa55da2afcfc350f0f GIT binary patch literal 4976 zcmV-$6OZg4iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH<$bKAC-{j6VcmPzN@*_wJ-v3ESvne{rkx1Od>CeGyE&d!bt zk&uL%1Q-C6qfNcPeFrZRd`Yq$D@iMSutoCV-~c!;9vpxXOH)SsXLH15xI}64-RCcZ z!C-JS9_#;u!Jz(sFd7WL8;%bTN5kXe4_Zt&o?>Ye*W z3d+cP%mrce1Qw$n%Chou*o(1XaUlPK*V8G92uk1#NtCcz zkD?TxfMKkjTxR&hRqQPs?$Ky)91g-k?@RapuU@SDOPpp2l34Vw1m+78VH8Cyr!th; zgH^&h`5zw-Yw~|I9`EFTE9KLt{@5ywd4xOYS3oKTQ+Y<&P{{liX$VtLL5bZ zU-$I@V1@pxE4-rrWLnT@Ak8E75G4B*rAhsHD;m}RHk^o3CXsS6J;Vo~*r*%EyKz#Z zrKJ}&0{knH;pn6!YL9W)!yn2C3eJ*TNX*aQ1pBau(@ZXlhx_{mpYd@Ez-AXC_sGB( zmu9}&fj)i0G%g1(5m;fYkaodh{DyHE_+)4fun^Vi#nlv%1cKKzS(ZctqA@sx&Jz$? zutlC_j7uB?p-!ar8$i%Cxi$W(iFc^5i2(Lu5=jUwv4PhyGa^ADnEUVtNKR63W=Ezu zXS3Ha_Zs8w+4et=Y2T=~2MY=cg(mxjBdu$^mCz50u4#J^T)=>LRF z`r5kpuRJH~G4=moczjsb|3{;p{@+UR<3BfyUndO3zIWZJ+&vhh(m6{KtKm4J@oAFH z(M6uZb3YLCCybzc+hvvfM<_!Rk`PJogA~9z|8F#E$p7(Zu#^976zl)VoSTph$}-L} zPLNc;UF<tCP-d!lfS;Cg7 zdZ)W1iABXnr}0uEiKlsT_i+@q<~Bz1{!~Vs(cjr*6@?Qdqj`TZoM4Gs=={KArXyM)#s+W7bO}6S}dQ0@9pvl z{wO)RtWj*BZ8XMpM@M{2wXmg@tyC{L;{a%owx-LosUUZgW7 zk=!p~sa><(bI+}Y)+?7zJt&~p3(Pr*v0etsX#_`yc16gnu|jYV?8BYcb!o?fF1^D_ zu5oEim4h}raHf~V0TqKV&68vaA99qCDNz<7%k-#+y?F zhMx=VZRTo9a1xt^x`d=e;us_YIVS@4CQCh!FD@<>ETJ_nHh zF)f!HDD5|`V@~USR!H)O)Mo(myL1>i&Jq-12>v~Q;40XN+x#xQz!LLRkyOjJv(n5s z#9kDGga6jQrdw@Eb1f3p1nZKm6_9t7GH-}2(t{#>aBmZ@bN`NGUk@r&0wMLO@O7a{ zhSHi3#W5fd2B}u6RZumkCAR|+AaHlqWJ|B^sTwzv)|!yk6h%W=%TZF(Rzp*(-6Gbz z;LW#L+WmiH*Dx3TD@+%JGpb{w_k0ytCoz)vXS^(v#EOhCA6pR3add6r z5+bBgg~5JBTl!T@sNnCMrI$G3SUxH(LN{SFy}kGuFCBFUUdER5JeTN3GH|L*ng)%-8o zbC@4ChR)tMhp&|aPYi7MttN`j323X`N$EPduQXETSPoWuWNYU^Npi-qz$^Bpc%-2u zdHL1PikBhWIR%(5+BdDN0Yo8yt?+jt!Q=Wi3cFj3~p}&)9#ysoXXaZ zlFF^;$gP$CjPZwV0$#WNKNvRh{||?|{LihFs{ETg`3K6stFBYdMKuIjrt8~eea|~p zUdqQGOtQY#6D9Dym4(LDqAFanexT4<%1vs$j*uTzbNe-#GQr<$;_|C`P?h^G#opH_ zhNL+Y((T=HzdbDOmewnNvVIejS!KDsE#H|m25QzInhW7OA8=R7(yIT<6$sJ4$|ZSV z64)C3KN>d9e>pxn8t?S~HcD0hdrMDlZ*ix__i|<(tkLzYyON9D<=q>zYv(jPcqgZ~ z)Khej<18T&5`7^#l6bc4J9L}$)7-fd8IJ6p2a8VATcj}ziv=|ITpJbF^E8`i(g-M>S zJga2v+L{Kdt!XaIrtac|j}oYMAjB^1_pYT?{y7#b=MfhDs|Y{z^oRBFpQAxT{tri^ zo&0a3R9zU!bKIXId)SPcdom?DAC(9|3q%sVtVbx2k7wo6?p4x)lR|~;%C6u&LRdI# zi}INIiqO}Y@#wtOw`zpf`P|ih!CrAXPaT!+(9d}3vN_qMeHXF&WVg#SsA<%hi_aCT6w7p|4ismZqtHx(o-nFiOI#Yw^}t(yP<-r6|_Z^oT6 z>efXiu;>2mF<$QOqDr+n>bAnKJ5o!4a~9uK_esDX>g~8Q$wJr%;}o~H^&_OYkf&Lu zM7Z)KTxs{68{*e+_w^Bt#Xg%~3U$vB$f{uRoyOY{2?&;J=8HqL)O zJ|6G%|5l3K38ghS%Ch$?$y59b%c(u>aed~8WtKAS#)YfhDhDoA}y0en!E6d-Ii+s zt>@@x&C}xS=TuSm2Fba3pl}tp{G1Z~MC6n5zP%{xRh~ApQZx+5DAorH>j&7;I2x?@t^3@f(GpdHRoaq4vkuhtpT&*ksn;WoA`xw4ac zOijiOc$&%O3&P=P@zV~Q0d_Y};8W$?X|tEm%~Ek(w_%yk-G6C_Db7}PtjF<(oNyf5 zlqogOlt~a+29^5$*`~#5*X>6_KQPUde01Dm=kh`Apha67F_K8w%|o?To-SDOLg6_1 z5ezOLSdWQ!!zZ_3lHyi@xESt6AFQx&8@~L>4)@T1rTY&o z^})moOYvrF>W*xbByH0DSxkeasC|3JN+lC+yeXqL2!$E2!(r6>JqD#P$rau77~^AZ z+;xyzT!+mE?MwSq-%?ra|10IHRKt6t!U&`Hc@J3Q{~sP7)$+eb!{@`@{*SE`tzPW( z;^M_$&AYY;}hIstt4Qfw6ljl>r1o zS;8R3ivR-qS&X1+1dR(67WWFos_CmtVH8j{MJvY>`O$i`+}ud zf&KNn+&mGHmmARVz(;EyQH5-dV}WJbLUF3^TQz@E;wFFHKfH)FpK zdx?ZScl!@WFx`j4Dk_IgM~}Q=sW<07TGG*8b7pI_wvjSwLT^IO1|$s?Niv>XnUngi z7A$EY?M{sq$Lco;(C7Ehk!Ts1s&L$M=)I;_Z@MjHA7xp^tN5EJ)xdg}BFlcN2|ccf zd?{{4WVR~JPgP4-?l`7accacAWtIASMEkHgBB~)H)w5^_kR^-j;*xJy$w~ofBuMaP{cH0NMi`uTq z3OB0VE{4rzh|>PA_W#I7I{=UR{fFn{QDgtd@$UTht(0nRQt9{Ubtdw$5P%61I0i<+ z#uip5D{U4vsKv9^DwwBU;KIGA#=?F1Pf@s$0x8$~o>n3y4p;FKydkcZ@8x_uZ=+WJ z!#Pe;GNX*+&)>#c`9FMK|Ni&!V0ZrOR>~9gt|Bp~dZE{FfO_AcFv&?06FP$oMb~JC zMc8`+`fxn^K|ldwj*|pt37eR`NQBOQ0FDzR$pRZaQr<^2?mYpDXGWg)GLEO@BaY3N z9{+7W1idi8sII9GbV8IKPC8*YDt$ zm!}u+;N5HZua|Isary4_)vK2;;KljdmuK%@{rc=#&m6Bw1R(hDpKy{^oByA^xs;hW z>G$221Y#D6zGNARv}>wBuk`V)qW?s}?1yl!9P=#a8525BU3Fo`S)M87x5T$AZe{Epq+!jG;tPGQp}VFW&wd z_IgjAz&Vwi#ko$|u>)!jzqOe;!u7h?EI7wWhPi;7If>>FAzGa3EE&XjffJSi#W#+u uT&El932IEqzB345K8wJ^Z$Z!P%C79nuIx&+{C@xd0RR6+N*1XAiU0u9?%!4b literal 0 HcmV?d00001 diff --git a/test/wg-easy/1.0.0/ix_values.yaml b/test/wg-easy/1.0.0/ix_values.yaml new file mode 100644 index 0000000000..869ce8aa79 --- /dev/null +++ b/test/wg-easy/1.0.0/ix_values.yaml @@ -0,0 +1,4 @@ +image: + pullPolicy: IfNotPresent + repository: weejewel/wg-easy + tag: 7 diff --git a/test/wg-easy/1.0.0/questions.yaml b/test/wg-easy/1.0.0/questions.yaml new file mode 100644 index 0000000000..637a18b0f3 --- /dev/null +++ b/test/wg-easy/1.0.0/questions.yaml @@ -0,0 +1,246 @@ +groups: + - name: Configuration + description: WG-Easy application configuration + - name: Storage + description: Configure storage for WG-Easy + - name: Networking + description: Networking Configuration for WG-Easy + - name: Advanced DNS Settings + description: Configure DNS settings + - name: Resource Limits + description: Set CPU/memory limits for Kubernetes Pod + +portals: + web_portal: + protocols: + - http + host: + - $node_ip + ports: + - $variable-web_port + path: / + +questions: + - variable: wgUDPPort + label: WireGuard UPD Node Port for WG-Easy + group: Networking + schema: + type: int + min: 9000 + max: 65535 + default: 20920 + required: true + - variable: webUIPort + label: WebUI Node Port for WG-Easy + group: Networking + schema: + type: int + min: 9000 + max: 65535 + default: 20921 + required: true + + - variable: dnsConfig + label: DNS Configuration + group: Advanced DNS Settings + schema: + type: dict + attrs: + - variable: options + label: DNS Options + schema: + type: list + items: + - variable: optionsEntry + label: Option Entry Configuration + schema: + type: dict + attrs: + - variable: name + label: Option Name + schema: + type: string + required: true + - variable: value + label: Option Value + schema: + type: string + required: true + + - variable: wg_easy + label: WG-Easy Configuration + group: Configuration + schema: + type: dict + additional_attrs: true + attrs: + - variable: host + label: Hostname or IP + description: The public hostname or IP of your VPN server. + schema: + type: string + required: true + $ref: + - "definitions/nodeIP" + - variable: password + label: Password for WebUI + description: When set, requires a password when logging in to the Web UI. + schema: + type: string + private: true + default: "" + - variable: keep_alive + label: Persistent Keep Alive + description: Value in seconds to keep the "connection" open. If this value is 0, then connections won't be kept alive. + schema: + type: int + required: true + default: 0 + - variable: client_address_range + label: Clients IP Address Range + description: Clients IP address range. + schema: + type: string + required: true + default: 10.8.0.x + - variable: client_dns_server + label: Clients DNS Server + description: Clients DNS Server. + schema: + type: string + required: true + default: "1.1.1.1" + - variable: allowed_ips + label: Allowed IPs + description: Allowed IPs clients will use. If none provided, <0.0.0.0/0,::/0> will be used. + schema: + type: list + default: [] + items: + - variable: entry + label: Allowed IP Entry + schema: + type: string + required: true + default: "" + + - variable: environmentVariables + label: WG-Easy Environment + group: Configuration + schema: + type: list + default: [] + items: + - variable: environmentVariable + label: Environment Variable + schema: + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: value + label: Value + schema: + type: string + default: "" + required: true + + - variable: appVolumeMounts + label: WG-Easy Storage + group: Storage + schema: + type: dict + attrs: + - variable: config + label: Configuration Volume + schema: + type: dict + attrs: + - variable: datasetName + label: Configuration Volume Dataset Name + schema: + type: string + hidden: true + $ref: + - normalize/ixVolume + show_if: [["hostPathEnabled", "=", false]] + default: ix-wg-easy_config + editable: false + - variable: mountPath + label: Configuration Mount Path + description: Path where the volume will be mounted inside the pod + schema: + type: path + hidden: true + editable: true + default: /etc/wireguard + - variable: hostPathEnabled + label: Enable Custom Host Path for WG-Easy Configuration Volume + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostPath + label: Host Path for WG-Easy Configuration Volume + schema: + type: hostpath + required: true + $ref: + - validations/lockedHostPath + + - variable: extraAppVolumeMounts + label: Extra Host Path Volumes + group: Storage + schema: + type: list + items: + - variable: extraAppVolume + label: Host Path Volume + description: Add an extra host path volume for WG-Easy application + schema: + type: dict + attrs: + - variable: mountPath + label: Mount Path in Pod + description: Path where the volume will be mounted inside the pod + schema: + type: path + required: true + - variable: hostPath + label: Host Path + description: Host path + schema: + type: hostpath + required: true + $ref: + - validations/lockedHostPath + + - variable: enableResourceLimits + label: Enable Pod resource limits + group: Resource Limits + schema: + type: boolean + default: false + - variable: cpuLimit + label: CPU Limit resource limits + description: CPU resource limit allow plain integer values with suffix m(milli) e.g 1000m, 100. + group: Resource Limits + schema: + type: string + show_if: [["enableResourceLimits", "=", true]] + valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)" + default: 4000m + - variable: memLimit + label: Memory Limit + group: Resource Limits + description: Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi + schema: + type: string + show_if: [["enableResourceLimits", "=", true]] + valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + default: 8Gi diff --git a/test/wg-easy/1.0.0/test_values.yaml b/test/wg-easy/1.0.0/test_values.yaml new file mode 100644 index 0000000000..e69de29bb2 diff --git a/test/wg-easy/item.yaml b/test/wg-easy/item.yaml new file mode 100644 index 0000000000..d14a20abcc --- /dev/null +++ b/test/wg-easy/item.yaml @@ -0,0 +1,5 @@ +icon_url: https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/src/www/img/logo.png +categories: +- wireguard +- network +- vpn diff --git a/test/wg-easy/upgrade_info.json b/test/wg-easy/upgrade_info.json new file mode 100644 index 0000000000..f22ddd1aee --- /dev/null +++ b/test/wg-easy/upgrade_info.json @@ -0,0 +1 @@ +{"filename": "ix_values.yaml", "keys": ["image"], "test_filename": "test_values.yaml"} diff --git a/test/wg-easy/upgrade_strategy b/test/wg-easy/upgrade_strategy new file mode 100755 index 0000000000..6efc75abf9 --- /dev/null +++ b/test/wg-easy/upgrade_strategy @@ -0,0 +1,37 @@ +#!/usr/bin/python3 +import json +import sys +import re + +from catalog_update.upgrade_strategy import datetime_versioning + + +# Upstream uses only a single digit for tags +VERSION_REG = r'[0-9]*' + + +def newer_mapping(image_tags): + key = list(image_tags.keys())[0] + tags = [] + for tag in image_tags[key]: + match = re.fullmatch(VERSION_REG, tag) + if match: + tags.append(tag.split('-')[0]) + + version = datetime_versioning(list(tags), '%y%m%d') + if not version: + return {} + + return { + 'tags': {key: f'{version}-bullseye'}, + 'app_version': version, + } + + +if __name__ == '__main__': + try: + versions_json = json.loads(sys.stdin.read()) + except ValueError: + raise ValueError('Invalid json specified') + + print(json.dumps(newer_mapping(versions_json))) From cbec64606411780efffe00816dbce4da762bf935 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Mon, 7 Nov 2022 16:18:58 +0200 Subject: [PATCH 02/23] add deployment/service and test values --- test/wg-easy/1.0.0/ix_values.yaml | 2 +- test/wg-easy/1.0.0/questions.yaml | 8 ++- test/wg-easy/1.0.0/templates/deployment.yaml | 66 ++++++++++++++++++++ test/wg-easy/1.0.0/templates/service.yaml | 10 +++ test/wg-easy/1.0.0/test_values.yaml | 25 ++++++++ 5 files changed, 109 insertions(+), 2 deletions(-) create mode 100644 test/wg-easy/1.0.0/templates/deployment.yaml create mode 100644 test/wg-easy/1.0.0/templates/service.yaml diff --git a/test/wg-easy/1.0.0/ix_values.yaml b/test/wg-easy/1.0.0/ix_values.yaml index 869ce8aa79..9fa0a8f646 100644 --- a/test/wg-easy/1.0.0/ix_values.yaml +++ b/test/wg-easy/1.0.0/ix_values.yaml @@ -1,4 +1,4 @@ image: pullPolicy: IfNotPresent repository: weejewel/wg-easy - tag: 7 + tag: "7" diff --git a/test/wg-easy/1.0.0/questions.yaml b/test/wg-easy/1.0.0/questions.yaml index 637a18b0f3..f4d0f022db 100644 --- a/test/wg-easy/1.0.0/questions.yaml +++ b/test/wg-easy/1.0.0/questions.yaml @@ -39,6 +39,12 @@ questions: max: 65535 default: 20921 required: true + - variable: hostNetwork + label: Host Network + group: Networking + schema: + type: boolean + default: false - variable: dnsConfig label: DNS Configuration @@ -67,7 +73,7 @@ questions: type: string required: true - - variable: wg_easy + - variable: wgeasy label: WG-Easy Configuration group: Configuration schema: diff --git a/test/wg-easy/1.0.0/templates/deployment.yaml b/test/wg-easy/1.0.0/templates/deployment.yaml new file mode 100644 index 0000000000..21886549ff --- /dev/null +++ b/test/wg-easy/1.0.0/templates/deployment.yaml @@ -0,0 +1,66 @@ +{{ include "common.storage.hostPathValidate" .Values }} +apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "common.names.fullname" . }} + labels: + app: {{ template "common.names.name" . }} + chart: {{ template "common.names.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} +spec: + replicas: {{ (default 1 .Values.replicas) }} + strategy: + type: "Recreate" + selector: + matchLabels: + app: {{ template "common.names.name" . }} + release: {{ .Release.Name }} + template: + metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.selectorLabels" . | nindent 8 }} + annotations: {{ include "common.annotations" . | nindent 8 }} + spec: + hostNetwork: {{ .Values.hostNetwork }} + hostname: {{ .Release.Name }} + containers: + - name: {{ .Chart.Name }} + {{ include "common.resources.limitation" . | nindent 10 }} + {{ include "common.containers.imageConfig" .Values.image | nindent 10 }} + volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }} + {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} + - name: extrappvolume-{{ $index }} + mountPath: {{ $hostPathConfiguration.mountPath }} + {{ end }} + ports: + - name: udp + containerPort: 51820 + protocol: UDP + - name: web + containerPort: 51821 + env: + {{ $wgeasy := .Values.wgeasy }} + {{ $envList := (default list .Values.environmentVariables) }} + {{ $envList = mustAppend $envList (dict "name" "WG_HOST" "value" $wgeasy.host) }} + {{ $envList = mustAppend $envList (dict "name" "PASSWORD" "value" $wgeasy.password) }} + {{ $envList = mustAppend $envList (dict "name" "WG_PORT" "value" .Values.wgUDPPort) }} + {{ $envList = mustAppend $envList (dict "name" "WG_PERSISTENT_KEEPALIVE" "value" $wgeasy.keep_alive) }} + {{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_ADDRESS" "value" $wgeasy.client_address_range) }} + {{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_DNS" "value" $wgeasy.client_dns_server) }} + {{ if $wgeasy.allowed_ips }} + {{ $envList = mustAppend $envList (dict "name" "WG_ALLOWED_IPS" "value" (join "," $wgeasy.allowed_ips)) }} + {{ else }} + {{ $envList = mustAppend $envList (dict "name" "WG_ALLOWED_IPS" "value" ("0.0.0.0/0,::/0")) }} + {{ end }} + {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }} +{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} + volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} + {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} + - name: extrappvolume-{{ $index }} + hostPath: + path: {{ $hostPathConfiguration.hostPath }} + {{ end }} diff --git a/test/wg-easy/1.0.0/templates/service.yaml b/test/wg-easy/1.0.0/templates/service.yaml new file mode 100644 index 0000000000..b8eb8b9cc4 --- /dev/null +++ b/test/wg-easy/1.0.0/templates/service.yaml @@ -0,0 +1,10 @@ +{{ $selectors := list }} +{{ $selectors = mustAppend $selectors (dict "key" "app" "value" (include "common.names.name" .) ) }} +{{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }} +{{ $ports := list }} +{{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "nodePort" .Values.webUIPort "targetPort" 51821) }} +{{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "nodePort" .Values.wgUDPPort "targetPort" 51820 "protocol" "UDP") }} +{{ $params := . }} +{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} +{{ $_1 := set .Values "extraSelectorLabels" $selectors }} +{{ include "common.classes.service" $params }} diff --git a/test/wg-easy/1.0.0/test_values.yaml b/test/wg-easy/1.0.0/test_values.yaml index e69de29bb2..033a07befe 100644 --- a/test/wg-easy/1.0.0/test_values.yaml +++ b/test/wg-easy/1.0.0/test_values.yaml @@ -0,0 +1,25 @@ +image: + pullPolicy: IfNotPresent + repository: weejewel/wg-easy + tag: "7" +appVolumeMounts: + config: + emptyDir: true + mountPath: /etc/wireguard +dnsConfig: + options: [] +emptyDirVolumes: true +environmentVariables: [] +extraAppVolumeMounts: [] +hostNetwork: true +wgUDPPort: 20290 +webUIPort: 20921 +wgeasy: + host: wg.domain.com + password: secret + keep_alive: 5 + client_address_range: 10.10.0.x + client_dns_server: "8.8.8.8" + allowed_ips: + - 10.10.10.0/24 + - 10.10.12.0/24 From 1e3f8196a794261f91da54e1e2ee39a668569111 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Mon, 7 Nov 2022 16:20:51 +0200 Subject: [PATCH 03/23] add probes --- test/wg-easy/1.0.0/templates/deployment.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/test/wg-easy/1.0.0/templates/deployment.yaml b/test/wg-easy/1.0.0/templates/deployment.yaml index 21886549ff..31f1a5160a 100644 --- a/test/wg-easy/1.0.0/templates/deployment.yaml +++ b/test/wg-easy/1.0.0/templates/deployment.yaml @@ -57,6 +57,25 @@ spec: {{ $envList = mustAppend $envList (dict "name" "WG_ALLOWED_IPS" "value" ("0.0.0.0/0,::/0")) }} {{ end }} {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }} + readinessProbe: + httpGet: + path: / + port: 51821 + failureThreshold: 5 + periodSeconds: 15 + livenessProbe: + httpGet: + path: / + port: 51821 + failureThreshold: 5 + periodSeconds: 15 + startupProbe: + httpGet: + path: / + port: 51821 + initialDelaySeconds: 5 + failureThreshold: 40 + periodSeconds: 15 {{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} From 97dd6cd574fd07604ec1eaed51d9766190cd1ab2 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Mon, 7 Nov 2022 16:30:07 +0200 Subject: [PATCH 04/23] update questions and deployment, and fix tests --- test/wg-easy/1.0.0/questions.yaml | 7 +++++++ test/wg-easy/1.0.0/templates/deployment.yaml | 1 + test/wg-easy/1.0.0/test_values.yaml | 5 +++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/test/wg-easy/1.0.0/questions.yaml b/test/wg-easy/1.0.0/questions.yaml index f4d0f022db..d02faf2c0d 100644 --- a/test/wg-easy/1.0.0/questions.yaml +++ b/test/wg-easy/1.0.0/questions.yaml @@ -102,6 +102,13 @@ questions: type: int required: true default: 0 + - variable: client_mtu + label: Clients MTU + description: The MTU the clients will use. + schema: + type: int + required: true + default: 1420 - variable: client_address_range label: Clients IP Address Range description: Clients IP address range. diff --git a/test/wg-easy/1.0.0/templates/deployment.yaml b/test/wg-easy/1.0.0/templates/deployment.yaml index 31f1a5160a..ee9ad24af2 100644 --- a/test/wg-easy/1.0.0/templates/deployment.yaml +++ b/test/wg-easy/1.0.0/templates/deployment.yaml @@ -49,6 +49,7 @@ spec: {{ $envList = mustAppend $envList (dict "name" "PASSWORD" "value" $wgeasy.password) }} {{ $envList = mustAppend $envList (dict "name" "WG_PORT" "value" .Values.wgUDPPort) }} {{ $envList = mustAppend $envList (dict "name" "WG_PERSISTENT_KEEPALIVE" "value" $wgeasy.keep_alive) }} + {{ $envList = mustAppend $envList (dict "name" "WG_MTU" "value" $wgeasy.client_mtu) }} {{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_ADDRESS" "value" $wgeasy.client_address_range) }} {{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_DNS" "value" $wgeasy.client_dns_server) }} {{ if $wgeasy.allowed_ips }} diff --git a/test/wg-easy/1.0.0/test_values.yaml b/test/wg-easy/1.0.0/test_values.yaml index 033a07befe..9868d3d3b5 100644 --- a/test/wg-easy/1.0.0/test_values.yaml +++ b/test/wg-easy/1.0.0/test_values.yaml @@ -12,11 +12,12 @@ emptyDirVolumes: true environmentVariables: [] extraAppVolumeMounts: [] hostNetwork: true -wgUDPPort: 20290 -webUIPort: 20921 +wgUDPPort: 30290 +webUIPort: 30921 wgeasy: host: wg.domain.com password: secret + client_mtu: 1420 keep_alive: 5 client_address_range: 10.10.0.x client_dns_server: "8.8.8.8" From c5b887783762a6b21e7271110ec20008ad3e6edd Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Mon, 7 Nov 2022 16:42:18 +0200 Subject: [PATCH 05/23] add capabilities --- test/wg-easy/1.0.0/templates/deployment.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/test/wg-easy/1.0.0/templates/deployment.yaml b/test/wg-easy/1.0.0/templates/deployment.yaml index ee9ad24af2..4359ff2b65 100644 --- a/test/wg-easy/1.0.0/templates/deployment.yaml +++ b/test/wg-easy/1.0.0/templates/deployment.yaml @@ -31,6 +31,16 @@ spec: - name: {{ .Chart.Name }} {{ include "common.resources.limitation" . | nindent 10 }} {{ include "common.containers.imageConfig" .Values.image | nindent 10 }} + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + {{/* https://github.com/WeeJeWel/wg-easy/pull/394 */}} + runAsUser: 0 + runAsGroup: 0 + readOnlyRootFilesystem: false + runAsNonRoot: false volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }} {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} - name: extrappvolume-{{ $index }} From f719c26701c7faefa45985d15c1d2ee61a90490e Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Mon, 7 Nov 2022 16:44:18 +0200 Subject: [PATCH 06/23] add test --- .../wg-easy/1.0.0/tests/deployment-check.yaml | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 test/wg-easy/1.0.0/tests/deployment-check.yaml diff --git a/test/wg-easy/1.0.0/tests/deployment-check.yaml b/test/wg-easy/1.0.0/tests/deployment-check.yaml new file mode 100644 index 0000000000..3a9557f96d --- /dev/null +++ b/test/wg-easy/1.0.0/tests/deployment-check.yaml @@ -0,0 +1,21 @@ +{{- $serviceName := (include "common.names.fullname" .) -}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ .Release.Name }}-wgeasy + labels: + app: {{ .Release.Name }} + release: {{ .Release.Name }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: test-curl + image: alpine/curl + imagePullPolicy: "IfNotPresent" + command: + - /bin/sh + - -ec + - | + curl --connect-timeout 5 --max-time 10 --retry 5 --retry-delay 15 --retry-max-time 90 --retry-all-errors -ksf http://{{ $serviceName }}:{{ .Values.webUIPort }}/ + restartPolicy: Never From 4a28f3fb5e6e608f80260394393e630325547fe3 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Mon, 7 Nov 2022 16:49:31 +0200 Subject: [PATCH 07/23] update `appVersion` --- test/wg-easy/1.0.0/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/wg-easy/1.0.0/Chart.yaml b/test/wg-easy/1.0.0/Chart.yaml index fc41a1d643..be5e891ca8 100644 --- a/test/wg-easy/1.0.0/Chart.yaml +++ b/test/wg-easy/1.0.0/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: REPLACE +appVersion: "7" dependencies: - name: common repository: file://../../../library/common/2207.0.0 From ac116e7de468e263764376c1c885a9c97589ddee Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Mon, 7 Nov 2022 16:51:18 +0200 Subject: [PATCH 08/23] empty space --- test/wg-easy/upgrade_info.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/wg-easy/upgrade_info.json b/test/wg-easy/upgrade_info.json index f22ddd1aee..a6729a0979 100644 --- a/test/wg-easy/upgrade_info.json +++ b/test/wg-easy/upgrade_info.json @@ -1 +1 @@ -{"filename": "ix_values.yaml", "keys": ["image"], "test_filename": "test_values.yaml"} +{"filename": "ix_values.yaml", "keys": ["image"], "test_filename": "test_values.yaml"} From fdfefd9bb546b77b89a5c59e601f2da80e4f23d7 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Mon, 14 Nov 2022 22:14:43 +0200 Subject: [PATCH 09/23] add post delete hook --- test/wg-easy/1.0.0/questions.yaml | 2 +- .../delete-route-post-delete-hook.yaml | 33 +++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 test/wg-easy/1.0.0/templates/delete-route-post-delete-hook.yaml diff --git a/test/wg-easy/1.0.0/questions.yaml b/test/wg-easy/1.0.0/questions.yaml index d02faf2c0d..9521de7b4b 100644 --- a/test/wg-easy/1.0.0/questions.yaml +++ b/test/wg-easy/1.0.0/questions.yaml @@ -44,7 +44,7 @@ questions: group: Networking schema: type: boolean - default: false + default: true - variable: dnsConfig label: DNS Configuration diff --git a/test/wg-easy/1.0.0/templates/delete-route-post-delete-hook.yaml b/test/wg-easy/1.0.0/templates/delete-route-post-delete-hook.yaml new file mode 100644 index 0000000000..461ae53ae5 --- /dev/null +++ b/test/wg-easy/1.0.0/templates/delete-route-post-delete-hook.yaml @@ -0,0 +1,33 @@ +{{ $values := (. | mustDeepCopy) }} +{{ $_ := set $values "common" (dict "nameSuffix" "wg-easy") }} +{{ $ip := .Values.wgeasy.client_address_range | replace "x" "0" }} +apiVersion: batch/v1 +kind: Job +metadata: + name: post-delete-routes-wg-easy + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded + rollme: {{ randAlphaNum 5 | quote }} +spec: + template: + metadata: + name: post-delete-routes-wg-easy + spec: + restartPolicy: Never + containers: + - name: {{ .Chart.Name }}-post-delete-routes-wg-easy + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /bin/bash + - -c + - | + echo "Deleting routes created by the app..." + netmask=$(ip route | grep {{ $ip }}) + netmask=$(echo $netmask | grep -o -E '/.\d*') + netmask=${netmask#/} + echo "Matched routes to delete... {{ $ip }}/$netmask" + ip route del {{ $ip }}/$netmask || echo "Route deletion failed..." + echo "Routes deleted..." From 1174088907d77fe3bc28bb8a577dc8dc6a81a8eb Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Tue, 15 Nov 2022 12:20:50 +0200 Subject: [PATCH 10/23] fix portal port in questions --- test/wg-easy/1.0.0/questions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/wg-easy/1.0.0/questions.yaml b/test/wg-easy/1.0.0/questions.yaml index 9521de7b4b..e8c2cffd30 100644 --- a/test/wg-easy/1.0.0/questions.yaml +++ b/test/wg-easy/1.0.0/questions.yaml @@ -17,7 +17,7 @@ portals: host: - $node_ip ports: - - $variable-web_port + - $variable-webUIPort path: / questions: From f023deb911ad6c05f5e3bbeea93e449e87859b29 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Tue, 15 Nov 2022 12:23:19 +0200 Subject: [PATCH 11/23] remove upgrade_strategy for now --- test/wg-easy/upgrade_strategy | 37 ----------------------------------- 1 file changed, 37 deletions(-) delete mode 100755 test/wg-easy/upgrade_strategy diff --git a/test/wg-easy/upgrade_strategy b/test/wg-easy/upgrade_strategy deleted file mode 100755 index 6efc75abf9..0000000000 --- a/test/wg-easy/upgrade_strategy +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/python3 -import json -import sys -import re - -from catalog_update.upgrade_strategy import datetime_versioning - - -# Upstream uses only a single digit for tags -VERSION_REG = r'[0-9]*' - - -def newer_mapping(image_tags): - key = list(image_tags.keys())[0] - tags = [] - for tag in image_tags[key]: - match = re.fullmatch(VERSION_REG, tag) - if match: - tags.append(tag.split('-')[0]) - - version = datetime_versioning(list(tags), '%y%m%d') - if not version: - return {} - - return { - 'tags': {key: f'{version}-bullseye'}, - 'app_version': version, - } - - -if __name__ == '__main__': - try: - versions_json = json.loads(sys.stdin.read()) - except ValueError: - raise ValueError('Invalid json specified') - - print(json.dumps(newer_mapping(versions_json))) From 83f9690c814fc9a2aaa51ec2ff2c6139746cb033 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Tue, 15 Nov 2022 12:25:20 +0200 Subject: [PATCH 12/23] add preStop hook to cleanup routes --- test/wg-easy/1.0.0/templates/deployment.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/test/wg-easy/1.0.0/templates/deployment.yaml b/test/wg-easy/1.0.0/templates/deployment.yaml index 4359ff2b65..1af55d2699 100644 --- a/test/wg-easy/1.0.0/templates/deployment.yaml +++ b/test/wg-easy/1.0.0/templates/deployment.yaml @@ -87,6 +87,20 @@ spec: initialDelaySeconds: 5 failureThreshold: 40 periodSeconds: 15 + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - | + echo "Deleting routes created by the app..." + netmask=$(ip route | grep {{ $ip }}) + netmask=$(echo $netmask | grep -o -E '/.\d*') + netmask=${netmask#/} + echo "Matched routes to delete... {{ $ip }}/$netmask" + ip route del {{ $ip }}/$netmask || echo "Route deletion failed..." + echo "Routes deleted..." {{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} From 20cf02b1b15e6f603ea01b423cb060667dc60b0a Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Tue, 15 Nov 2022 12:28:35 +0200 Subject: [PATCH 13/23] add a safeguard on the script --- .../1.0.0/templates/delete-route-post-delete-hook.yaml | 5 ++++- test/wg-easy/1.0.0/templates/deployment.yaml | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/test/wg-easy/1.0.0/templates/delete-route-post-delete-hook.yaml b/test/wg-easy/1.0.0/templates/delete-route-post-delete-hook.yaml index 461ae53ae5..8e5634b44c 100644 --- a/test/wg-easy/1.0.0/templates/delete-route-post-delete-hook.yaml +++ b/test/wg-easy/1.0.0/templates/delete-route-post-delete-hook.yaml @@ -29,5 +29,8 @@ spec: netmask=$(echo $netmask | grep -o -E '/.\d*') netmask=${netmask#/} echo "Matched routes to delete... {{ $ip }}/$netmask" - ip route del {{ $ip }}/$netmask || echo "Route deletion failed..." + # Don't try to delete routes if steps above didn't grep-ed anything + if [ ! "$netmask" == "" ]; then + ip route del {{ $ip }}/$netmask || echo "Route deletion failed..." + fi echo "Routes deleted..." diff --git a/test/wg-easy/1.0.0/templates/deployment.yaml b/test/wg-easy/1.0.0/templates/deployment.yaml index 1af55d2699..983122c3a9 100644 --- a/test/wg-easy/1.0.0/templates/deployment.yaml +++ b/test/wg-easy/1.0.0/templates/deployment.yaml @@ -99,7 +99,10 @@ spec: netmask=$(echo $netmask | grep -o -E '/.\d*') netmask=${netmask#/} echo "Matched routes to delete... {{ $ip }}/$netmask" - ip route del {{ $ip }}/$netmask || echo "Route deletion failed..." + # Don't try to delete routes if steps above didn't grep-ed anything + if [ ! "$netmask" == "" ]; then + ip route del {{ $ip }}/$netmask || echo "Route deletion failed..." + fi echo "Routes deleted..." {{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} From 51903aee7d13facc93e4464dfdaedaf0c28b41ef Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Tue, 15 Nov 2022 12:29:03 +0200 Subject: [PATCH 14/23] identation --- test/wg-easy/1.0.0/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/wg-easy/1.0.0/templates/deployment.yaml b/test/wg-easy/1.0.0/templates/deployment.yaml index 983122c3a9..dbb75c06e6 100644 --- a/test/wg-easy/1.0.0/templates/deployment.yaml +++ b/test/wg-easy/1.0.0/templates/deployment.yaml @@ -89,7 +89,7 @@ spec: periodSeconds: 15 lifecycle: preStop: - exec: + exec: command: - /bin/bash - -c From afd2f489ffdb6a6191fbd86f63ea21da6a5cecd3 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Tue, 15 Nov 2022 12:33:53 +0200 Subject: [PATCH 15/23] define variable! --- test/wg-easy/1.0.0/templates/deployment.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/test/wg-easy/1.0.0/templates/deployment.yaml b/test/wg-easy/1.0.0/templates/deployment.yaml index dbb75c06e6..1ea233984c 100644 --- a/test/wg-easy/1.0.0/templates/deployment.yaml +++ b/test/wg-easy/1.0.0/templates/deployment.yaml @@ -87,6 +87,7 @@ spec: initialDelaySeconds: 5 failureThreshold: 40 periodSeconds: 15 + {{ $ip := .Values.wgeasy.client_address_range | replace "x" "0" }} lifecycle: preStop: exec: From c67b7db0461c70440d2b55d559da647efb37b37d Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Tue, 15 Nov 2022 19:35:10 +0200 Subject: [PATCH 16/23] fix udp port --- test/wg-easy/1.0.0/templates/deployment.yaml | 2 +- test/wg-easy/1.0.0/templates/service.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/wg-easy/1.0.0/templates/deployment.yaml b/test/wg-easy/1.0.0/templates/deployment.yaml index 1ea233984c..2246cd5cee 100644 --- a/test/wg-easy/1.0.0/templates/deployment.yaml +++ b/test/wg-easy/1.0.0/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: {{ end }} ports: - name: udp - containerPort: 51820 + containerPort: {{ .Values.wgUDPPort }} protocol: UDP - name: web containerPort: 51821 diff --git a/test/wg-easy/1.0.0/templates/service.yaml b/test/wg-easy/1.0.0/templates/service.yaml index b8eb8b9cc4..5f1bfef9e6 100644 --- a/test/wg-easy/1.0.0/templates/service.yaml +++ b/test/wg-easy/1.0.0/templates/service.yaml @@ -3,7 +3,7 @@ {{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }} {{ $ports := list }} {{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "nodePort" .Values.webUIPort "targetPort" 51821) }} -{{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "nodePort" .Values.wgUDPPort "targetPort" 51820 "protocol" "UDP") }} +{{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "nodePort" .Values.wgUDPPort "targetPort" .Values.wgUDPPort "protocol" "UDP") }} {{ $params := . }} {{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} {{ $_1 := set .Values "extraSelectorLabels" $selectors }} From bfc195bdb9b19a9a0dd218bb265004bb0f1825e3 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Tue, 15 Nov 2022 19:36:26 +0200 Subject: [PATCH 17/23] remove post-delete-hook --- .../delete-route-post-delete-hook.yaml | 36 ------------------- 1 file changed, 36 deletions(-) delete mode 100644 test/wg-easy/1.0.0/templates/delete-route-post-delete-hook.yaml diff --git a/test/wg-easy/1.0.0/templates/delete-route-post-delete-hook.yaml b/test/wg-easy/1.0.0/templates/delete-route-post-delete-hook.yaml deleted file mode 100644 index 8e5634b44c..0000000000 --- a/test/wg-easy/1.0.0/templates/delete-route-post-delete-hook.yaml +++ /dev/null @@ -1,36 +0,0 @@ -{{ $values := (. | mustDeepCopy) }} -{{ $_ := set $values "common" (dict "nameSuffix" "wg-easy") }} -{{ $ip := .Values.wgeasy.client_address_range | replace "x" "0" }} -apiVersion: batch/v1 -kind: Job -metadata: - name: post-delete-routes-wg-easy - annotations: - "helm.sh/hook": post-delete - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded - rollme: {{ randAlphaNum 5 | quote }} -spec: - template: - metadata: - name: post-delete-routes-wg-easy - spec: - restartPolicy: Never - containers: - - name: {{ .Chart.Name }}-post-delete-routes-wg-easy - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /bin/bash - - -c - - | - echo "Deleting routes created by the app..." - netmask=$(ip route | grep {{ $ip }}) - netmask=$(echo $netmask | grep -o -E '/.\d*') - netmask=${netmask#/} - echo "Matched routes to delete... {{ $ip }}/$netmask" - # Don't try to delete routes if steps above didn't grep-ed anything - if [ ! "$netmask" == "" ]; then - ip route del {{ $ip }}/$netmask || echo "Route deletion failed..." - fi - echo "Routes deleted..." From 19b575e1cad107955489194fa9f772253cb8f95f Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Tue, 15 Nov 2022 19:39:16 +0200 Subject: [PATCH 18/23] render service only when hostNet is false --- test/wg-easy/1.0.0/templates/service.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/wg-easy/1.0.0/templates/service.yaml b/test/wg-easy/1.0.0/templates/service.yaml index 5f1bfef9e6..0c61f4c572 100644 --- a/test/wg-easy/1.0.0/templates/service.yaml +++ b/test/wg-easy/1.0.0/templates/service.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.hostNetwork }} {{ $selectors := list }} {{ $selectors = mustAppend $selectors (dict "key" "app" "value" (include "common.names.name" .) ) }} {{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }} @@ -8,3 +9,4 @@ {{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} {{ $_1 := set .Values "extraSelectorLabels" $selectors }} {{ include "common.classes.service" $params }} +{{- end }} From e28a9d3742f7f82d83d834ab9c00be7eb8d857cd Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Tue, 15 Nov 2022 20:07:49 +0200 Subject: [PATCH 19/23] render service only when not in hostnet --- test/wg-easy/1.0.0/templates/service.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/wg-easy/1.0.0/templates/service.yaml b/test/wg-easy/1.0.0/templates/service.yaml index 0c61f4c572..4a8eb2d089 100644 --- a/test/wg-easy/1.0.0/templates/service.yaml +++ b/test/wg-easy/1.0.0/templates/service.yaml @@ -1,4 +1,3 @@ -{{- if not .Values.hostNetwork }} {{ $selectors := list }} {{ $selectors = mustAppend $selectors (dict "key" "app" "value" (include "common.names.name" .) ) }} {{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }} @@ -8,5 +7,6 @@ {{ $params := . }} {{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} {{ $_1 := set .Values "extraSelectorLabels" $selectors }} +{{- if not .Values.hostNetwork }} {{ include "common.classes.service" $params }} {{- end }} From 118b063c36bd205555c8b337fd2f57f25a58d8a6 Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Tue, 15 Nov 2022 23:39:28 +0200 Subject: [PATCH 20/23] dynamically set webui Port --- test/wg-easy/1.0.0/templates/deployment.yaml | 9 +++++---- test/wg-easy/1.0.0/templates/service.yaml | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/test/wg-easy/1.0.0/templates/deployment.yaml b/test/wg-easy/1.0.0/templates/deployment.yaml index 2246cd5cee..51a600f550 100644 --- a/test/wg-easy/1.0.0/templates/deployment.yaml +++ b/test/wg-easy/1.0.0/templates/deployment.yaml @@ -51,13 +51,14 @@ spec: containerPort: {{ .Values.wgUDPPort }} protocol: UDP - name: web - containerPort: 51821 + containerPort: {{ .Values.webUIPort }} env: {{ $wgeasy := .Values.wgeasy }} {{ $envList := (default list .Values.environmentVariables) }} {{ $envList = mustAppend $envList (dict "name" "WG_HOST" "value" $wgeasy.host) }} {{ $envList = mustAppend $envList (dict "name" "PASSWORD" "value" $wgeasy.password) }} {{ $envList = mustAppend $envList (dict "name" "WG_PORT" "value" .Values.wgUDPPort) }} + {{ $envList = mustAppend $envList (dict "name" "PORT" "value" .Values.webUIPort) }} {{ $envList = mustAppend $envList (dict "name" "WG_PERSISTENT_KEEPALIVE" "value" $wgeasy.keep_alive) }} {{ $envList = mustAppend $envList (dict "name" "WG_MTU" "value" $wgeasy.client_mtu) }} {{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_ADDRESS" "value" $wgeasy.client_address_range) }} @@ -71,19 +72,19 @@ spec: readinessProbe: httpGet: path: / - port: 51821 + port: {{ .Values.webUIPort }} failureThreshold: 5 periodSeconds: 15 livenessProbe: httpGet: path: / - port: 51821 + port: {{ .Values.webUIPort }} failureThreshold: 5 periodSeconds: 15 startupProbe: httpGet: path: / - port: 51821 + port: {{ .Values.webUIPort }} initialDelaySeconds: 5 failureThreshold: 40 periodSeconds: 15 diff --git a/test/wg-easy/1.0.0/templates/service.yaml b/test/wg-easy/1.0.0/templates/service.yaml index 4a8eb2d089..f345f09fb4 100644 --- a/test/wg-easy/1.0.0/templates/service.yaml +++ b/test/wg-easy/1.0.0/templates/service.yaml @@ -2,7 +2,7 @@ {{ $selectors = mustAppend $selectors (dict "key" "app" "value" (include "common.names.name" .) ) }} {{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }} {{ $ports := list }} -{{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "nodePort" .Values.webUIPort "targetPort" 51821) }} +{{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "nodePort" .Values.webUIPort "targetPort" .Values.webUIPort) }} {{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "nodePort" .Values.wgUDPPort "targetPort" .Values.wgUDPPort "protocol" "UDP") }} {{ $params := . }} {{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} From c5abad592a59807b767ac28b9f823b25e8e8387d Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Tue, 15 Nov 2022 23:52:21 +0200 Subject: [PATCH 21/23] remove wg0 on scale down --- test/wg-easy/1.0.0/templates/deployment.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/test/wg-easy/1.0.0/templates/deployment.yaml b/test/wg-easy/1.0.0/templates/deployment.yaml index 51a600f550..c264d270e3 100644 --- a/test/wg-easy/1.0.0/templates/deployment.yaml +++ b/test/wg-easy/1.0.0/templates/deployment.yaml @@ -106,6 +106,13 @@ spec: ip route del {{ $ip }}/$netmask || echo "Route deletion failed..." fi echo "Routes deleted..." + interface=$(ip a | grep wg0) + if [ ! "$interface" == "" ]; then + echo "Removing wg0 interface..." + ip link delete wg0 + echo "Removed wg0 interface..." + fi + {{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} From f8b67647a84b7b6b85c80c9b37493bab8129142c Mon Sep 17 00:00:00 2001 From: Stavros kois Date: Wed, 16 Nov 2022 00:34:52 +0200 Subject: [PATCH 22/23] render clusterip service when hostnetwork, so other apps can still connect to it internally --- test/wg-easy/1.0.0/templates/service.yaml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/test/wg-easy/1.0.0/templates/service.yaml b/test/wg-easy/1.0.0/templates/service.yaml index f345f09fb4..42d960b193 100644 --- a/test/wg-easy/1.0.0/templates/service.yaml +++ b/test/wg-easy/1.0.0/templates/service.yaml @@ -2,11 +2,18 @@ {{ $selectors = mustAppend $selectors (dict "key" "app" "value" (include "common.names.name" .) ) }} {{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }} {{ $ports := list }} +{{- if not .Values.hostNetwork }} {{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "nodePort" .Values.webUIPort "targetPort" .Values.webUIPort) }} {{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "nodePort" .Values.wgUDPPort "targetPort" .Values.wgUDPPort "protocol" "UDP") }} -{{ $params := . }} -{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} -{{ $_1 := set .Values "extraSelectorLabels" $selectors }} -{{- if not .Values.hostNetwork }} -{{ include "common.classes.service" $params }} +{{- else }} +{{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "targetPort" .Values.webUIPort) }} +{{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "targetPort" .Values.wgUDPPort "protocol" "UDP") }} {{- end }} +{{ $params := . }} +{{- if not .Values.hostNetwork }} +{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} +{{- else }} +{{ $_ := set $params "commonService" (dict "type" "ClusterIP" "ports" $ports ) }} +{{- end }} +{{ $_1 := set .Values "extraSelectorLabels" $selectors }} +{{ include "common.classes.service" $params }} From 5e76c8ec6278bef0605c45dee8b9a5b5babd8fe7 Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Wed, 21 Dec 2022 19:54:20 +0200 Subject: [PATCH 23/23] make hostpath immutable --- test/wg-easy/1.0.0/questions.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/test/wg-easy/1.0.0/questions.yaml b/test/wg-easy/1.0.0/questions.yaml index e8c2cffd30..c0673bfddb 100644 --- a/test/wg-easy/1.0.0/questions.yaml +++ b/test/wg-easy/1.0.0/questions.yaml @@ -203,6 +203,7 @@ questions: schema: type: hostpath required: true + immutable: true $ref: - validations/lockedHostPath