truenas/chart
1
0
Fork 0
mirror of https://github.com/truenas/charts.git synced 2026-04-05 11:48:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

add wg-easy to charts

Browse Source
This commit is contained in:
Stavros Kois
2022-12-22 13:20:06 +02:00
committed by GitHub
parent 8fba317707
commit 5202c5c55e
14 changed files with 487 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
charts/wg-easy/.helmignore Normal file
View File

@@ -0,0 +1,2 @@
# Patterns to ignore when building packages.
*.png

6
charts/wg-easy/1.0.0/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../../../library/common/2207.0.0
version: 2207.0.0
digest: sha256:f17f3d458ca0210a52e39da0dce35034e900b36f2040d4b19bed46a7aae91506
generated: "2022-11-07T14:53:51.774827549+02:00"

15
charts/wg-easy/1.0.0/Chart.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v2
appVersion: "7"
dependencies:
- name: common
repository: file://../../../library/common/2207.0.0
version: 2207.0.0
description: WG-Easy is the easiest way to install & manage WireGuard!
home: https://github.com/WeeJeWel/wg-easy
icon: https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/src/www/img/logo.png
keywords:
- wireguard
- network
- vpn
name: wg-easy
version: 1.0.0

3
charts/wg-easy/1.0.0/README.md Normal file
View File

@@ -0,0 +1,3 @@
# WG-Easy
[WG-Easy (WireGuard Easy)](https://github.com/WeeJeWel/wg-easy) is the easiest way to install & manage WireGuard!

3
charts/wg-easy/1.0.0/app-readme.md Normal file
View File

@@ -0,0 +1,3 @@
# WG-Easy
[WG-Easy (WireGuard Easy)](https://github.com/WeeJeWel/wg-easy) is the easiest way to install & manage WireGuard!

BIN
charts/wg-easy/1.0.0/charts/common-2207.0.0.tgz Normal file
View File

Binary file not shown.

4
charts/wg-easy/1.0.0/ix_values.yaml Normal file
View File

@@ -0,0 +1,4 @@
image:
pullPolicy: IfNotPresent
repository: weejewel/wg-easy
tag: "7"

260
charts/wg-easy/1.0.0/questions.yaml Normal file
View File

@@ -0,0 +1,260 @@
groups:
- name: Configuration
description: WG-Easy application configuration
- name: Storage
description: Configure storage for WG-Easy
- name: Networking
description: Networking Configuration for WG-Easy
- name: Advanced DNS Settings
description: Configure DNS settings
- name: Resource Limits
description: Set CPU/memory limits for Kubernetes Pod
portals:
web_portal:
protocols:
- http
host:
- $node_ip
ports:
- $variable-webUIPort
path: /
questions:
- variable: wgUDPPort
label: WireGuard UPD Node Port for WG-Easy
group: Networking
schema:
type: int
min: 9000
max: 65535
default: 20920
required: true
- variable: webUIPort
label: WebUI Node Port for WG-Easy
group: Networking
schema:
type: int
min: 9000
max: 65535
default: 20921
required: true
- variable: hostNetwork
label: Host Network
group: Networking
schema:
type: boolean
default: true
- variable: dnsConfig
label: DNS Configuration
group: Advanced DNS Settings
schema:
type: dict
attrs:
- variable: options
label: DNS Options
schema:
type: list
items:
- variable: optionsEntry
label: Option Entry Configuration
schema:
type: dict
attrs:
- variable: name
label: Option Name
schema:
type: string
required: true
- variable: value
label: Option Value
schema:
type: string
required: true
- variable: wgeasy
label: WG-Easy Configuration
group: Configuration
schema:
type: dict
additional_attrs: true
attrs:
- variable: host
label: Hostname or IP
description: The public hostname or IP of your VPN server.
schema:
type: string
required: true
$ref:
- "definitions/nodeIP"
- variable: password
label: Password for WebUI
description: When set, requires a password when logging in to the Web UI.
schema:
type: string
private: true
default: ""
- variable: keep_alive
label: Persistent Keep Alive
description: Value in seconds to keep the "connection" open. If this value is 0, then connections won't be kept alive.
schema:
type: int
required: true
default: 0
- variable: client_mtu
label: Clients MTU
description: The MTU the clients will use.
schema:
type: int
required: true
default: 1420
- variable: client_address_range
label: Clients IP Address Range
description: Clients IP address range.
schema:
type: string
required: true
default: 10.8.0.x
- variable: client_dns_server
label: Clients DNS Server
description: Clients DNS Server.
schema:
type: string
required: true
default: "1.1.1.1"
- variable: allowed_ips
label: Allowed IPs
description: Allowed IPs clients will use. If none provided, <0.0.0.0/0,::/0> will be used.
schema:
type: list
default: []
items:
- variable: entry
label: Allowed IP Entry
schema:
type: string
required: true
default: ""
- variable: environmentVariables
label: WG-Easy Environment
group: Configuration
schema:
type: list
default: []
items:
- variable: environmentVariable
label: Environment Variable
schema:
type: dict
attrs:
- variable: name
label: Name
schema:
type: string
required: true
default: ""
- variable: value
label: Value
schema:
type: string
default: ""
required: true
- variable: appVolumeMounts
label: WG-Easy Storage
group: Storage
schema:
type: dict
attrs:
- variable: config
label: Configuration Volume
schema:
type: dict
attrs:
- variable: datasetName
label: Configuration Volume Dataset Name
schema:
type: string
hidden: true
$ref:
- normalize/ixVolume
show_if: [["hostPathEnabled", "=", false]]
default: ix-wg-easy_config
editable: false
- variable: mountPath
label: Configuration Mount Path
description: Path where the volume will be mounted inside the pod
schema:
type: path
hidden: true
editable: true
default: /etc/wireguard
- variable: hostPathEnabled
label: Enable Custom Host Path for WG-Easy Configuration Volume
schema:
type: boolean
default: false
show_subquestions_if: true
subquestions:
- variable: hostPath
label: Host Path for WG-Easy Configuration Volume
schema:
type: hostpath
required: true
immutable: true
$ref:
- validations/lockedHostPath
- variable: extraAppVolumeMounts
label: Extra Host Path Volumes
group: Storage
schema:
type: list
items:
- variable: extraAppVolume
label: Host Path Volume
description: Add an extra host path volume for WG-Easy application
schema:
type: dict
attrs:
- variable: mountPath
label: Mount Path in Pod
description: Path where the volume will be mounted inside the pod
schema:
type: path
required: true
- variable: hostPath
label: Host Path
description: Host path
schema:
type: hostpath
required: true
$ref:
- validations/lockedHostPath
- variable: enableResourceLimits
label: Enable Pod resource limits
group: Resource Limits
schema:
type: boolean
default: false
- variable: cpuLimit
label: CPU Limit resource limits
description: CPU resource limit allow plain integer values with suffix m(milli) e.g 1000m, 100.
group: Resource Limits
schema:
type: string
show_if: [["enableResourceLimits", "=", true]]
valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)"
default: 4000m
- variable: memLimit
label: Memory Limit
group: Resource Limits
description: Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi
schema:
type: string
show_if: [["enableResourceLimits", "=", true]]
valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$"
default: 8Gi

122
charts/wg-easy/1.0.0/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,122 @@
{{ include "common.storage.hostPathValidate" .Values }}
apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "common.names.fullname" . }}
labels:
app: {{ template "common.names.name" . }}
chart: {{ template "common.names.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
rollme: {{ randAlphaNum 5 | quote }}
spec:
replicas: {{ (default 1 .Values.replicas) }}
strategy:
type: "Recreate"
selector:
matchLabels:
app: {{ template "common.names.name" . }}
release: {{ .Release.Name }}
template:
metadata:
name: {{ template "common.names.fullname" . }}
labels:
{{- include "common.labels.selectorLabels" . | nindent 8 }}
annotations: {{ include "common.annotations" . | nindent 8 }}
spec:
hostNetwork: {{ .Values.hostNetwork }}
hostname: {{ .Release.Name }}
containers:
- name: {{ .Chart.Name }}
{{ include "common.resources.limitation" . | nindent 10 }}
{{ include "common.containers.imageConfig" .Values.image | nindent 10 }}
securityContext:
capabilities:
add:
- NET_ADMIN
- SYS_MODULE
{{/* https://github.com/WeeJeWel/wg-easy/pull/394 */}}
runAsUser: 0
runAsGroup: 0
readOnlyRootFilesystem: false
runAsNonRoot: false
volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }}
{{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
- name: extrappvolume-{{ $index }}
mountPath: {{ $hostPathConfiguration.mountPath }}
{{ end }}
ports:
- name: udp
containerPort: {{ .Values.wgUDPPort }}
protocol: UDP
- name: web
containerPort: {{ .Values.webUIPort }}
env:
{{ $wgeasy := .Values.wgeasy }}
{{ $envList := (default list .Values.environmentVariables) }}
{{ $envList = mustAppend $envList (dict "name" "WG_HOST" "value" $wgeasy.host) }}
{{ $envList = mustAppend $envList (dict "name" "PASSWORD" "value" $wgeasy.password) }}
{{ $envList = mustAppend $envList (dict "name" "WG_PORT" "value" .Values.wgUDPPort) }}
{{ $envList = mustAppend $envList (dict "name" "PORT" "value" .Values.webUIPort) }}
{{ $envList = mustAppend $envList (dict "name" "WG_PERSISTENT_KEEPALIVE" "value" $wgeasy.keep_alive) }}
{{ $envList = mustAppend $envList (dict "name" "WG_MTU" "value" $wgeasy.client_mtu) }}
{{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_ADDRESS" "value" $wgeasy.client_address_range) }}
{{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_DNS" "value" $wgeasy.client_dns_server) }}
{{ if $wgeasy.allowed_ips }}
{{ $envList = mustAppend $envList (dict "name" "WG_ALLOWED_IPS" "value" (join "," $wgeasy.allowed_ips)) }}
{{ else }}
{{ $envList = mustAppend $envList (dict "name" "WG_ALLOWED_IPS" "value" ("0.0.0.0/0,::/0")) }}
{{ end }}
{{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }}
readinessProbe:
httpGet:
path: /
port: {{ .Values.webUIPort }}
failureThreshold: 5
periodSeconds: 15
livenessProbe:
httpGet:
path: /
port: {{ .Values.webUIPort }}
failureThreshold: 5
periodSeconds: 15
startupProbe:
httpGet:
path: /
port: {{ .Values.webUIPort }}
initialDelaySeconds: 5
failureThreshold: 40
periodSeconds: 15
{{ $ip := .Values.wgeasy.client_address_range | replace "x" "0" }}
lifecycle:
preStop:
exec:
command:
- /bin/bash
- -c
- |
echo "Deleting routes created by the app..."
netmask=$(ip route | grep {{ $ip }})
netmask=$(echo $netmask | grep -o -E '/.\d*')
netmask=${netmask#/}
echo "Matched routes to delete... {{ $ip }}/$netmask"
# Don't try to delete routes if steps above didn't grep-ed anything
if [ ! "$netmask" == "" ]; then
ip route del {{ $ip }}/$netmask || echo "Route deletion failed..."
fi
echo "Routes deleted..."
interface=$(ip a | grep wg0)
if [ ! "$interface" == "" ]; then
echo "Removing wg0 interface..."
ip link delete wg0
echo "Removed wg0 interface..."
fi
{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }}
volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }}
{{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }}
- name: extrappvolume-{{ $index }}
hostPath:
path: {{ $hostPathConfiguration.hostPath }}
{{ end }}

19
charts/wg-easy/1.0.0/templates/service.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{ $selectors := list }}
{{ $selectors = mustAppend $selectors (dict "key" "app" "value" (include "common.names.name" .) ) }}
{{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }}
{{ $ports := list }}
{{- if not .Values.hostNetwork }}
{{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "nodePort" .Values.webUIPort "targetPort" .Values.webUIPort) }}
{{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "nodePort" .Values.wgUDPPort "targetPort" .Values.wgUDPPort "protocol" "UDP") }}
{{- else }}
{{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "targetPort" .Values.webUIPort) }}
{{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "targetPort" .Values.wgUDPPort "protocol" "UDP") }}
{{- end }}
{{ $params := . }}
{{- if not .Values.hostNetwork }}
{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }}
{{- else }}
{{ $_ := set $params "commonService" (dict "type" "ClusterIP" "ports" $ports ) }}
{{- end }}
{{ $_1 := set .Values "extraSelectorLabels" $selectors }}
{{ include "common.classes.service" $params }}

26
charts/wg-easy/1.0.0/test_values.yaml Normal file
View File

@@ -0,0 +1,26 @@
image:
pullPolicy: IfNotPresent
repository: weejewel/wg-easy
tag: "7"
appVolumeMounts:
config:
emptyDir: true
mountPath: /etc/wireguard
dnsConfig:
options: []
emptyDirVolumes: true
environmentVariables: []
extraAppVolumeMounts: []
hostNetwork: true
wgUDPPort: 30290
webUIPort: 30921
wgeasy:
host: wg.domain.com
password: secret
client_mtu: 1420
keep_alive: 5
client_address_range: 10.10.0.x
client_dns_server: "8.8.8.8"
allowed_ips:
- 10.10.10.0/24
- 10.10.12.0/24

21
charts/wg-easy/1.0.0/tests/deployment-check.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- $serviceName := (include "common.names.fullname" .) -}}
apiVersion: v1
kind: Pod
metadata:
name: {{ .Release.Name }}-wgeasy
labels:
app: {{ .Release.Name }}
release: {{ .Release.Name }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: test-curl
image: alpine/curl
imagePullPolicy: "IfNotPresent"
command:
- /bin/sh
- -ec
- |
curl --connect-timeout 5 --max-time 10 --retry 5 --retry-delay 15 --retry-max-time 90 --retry-all-errors -ksf http://{{ $serviceName }}:{{ .Values.webUIPort }}/
restartPolicy: Never

5
charts/wg-easy/item.yaml Normal file
View File

@@ -0,0 +1,5 @@
icon_url: https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/src/www/img/logo.png
categories:
- wireguard
- network
- vpn

1
charts/wg-easy/upgrade_info.json Normal file
View File

@@ -0,0 +1 @@
{"filename": "ix_values.yaml", "keys": ["image"], "test_filename": "test_values.yaml"}