diff --git a/charts/wg-easy/.helmignore b/charts/wg-easy/.helmignore new file mode 100644 index 0000000000..c1347c2c27 --- /dev/null +++ b/charts/wg-easy/.helmignore @@ -0,0 +1,2 @@ +# Patterns to ignore when building packages. +*.png diff --git a/charts/wg-easy/1.0.0/Chart.lock b/charts/wg-easy/1.0.0/Chart.lock new file mode 100644 index 0000000000..332bddc6b2 --- /dev/null +++ b/charts/wg-easy/1.0.0/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: file://../../../library/common/2207.0.0 + version: 2207.0.0 +digest: sha256:f17f3d458ca0210a52e39da0dce35034e900b36f2040d4b19bed46a7aae91506 +generated: "2022-11-07T14:53:51.774827549+02:00" diff --git a/charts/wg-easy/1.0.0/Chart.yaml b/charts/wg-easy/1.0.0/Chart.yaml new file mode 100644 index 0000000000..be5e891ca8 --- /dev/null +++ b/charts/wg-easy/1.0.0/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v2 +appVersion: "7" +dependencies: +- name: common + repository: file://../../../library/common/2207.0.0 + version: 2207.0.0 +description: WG-Easy is the easiest way to install & manage WireGuard! +home: https://github.com/WeeJeWel/wg-easy +icon: https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/src/www/img/logo.png +keywords: +- wireguard +- network +- vpn +name: wg-easy +version: 1.0.0 diff --git a/charts/wg-easy/1.0.0/README.md b/charts/wg-easy/1.0.0/README.md new file mode 100644 index 0000000000..8c6f958538 --- /dev/null +++ b/charts/wg-easy/1.0.0/README.md @@ -0,0 +1,3 @@ +# WG-Easy + +[WG-Easy (WireGuard Easy)](https://github.com/WeeJeWel/wg-easy) is the easiest way to install & manage WireGuard! diff --git a/charts/wg-easy/1.0.0/app-readme.md b/charts/wg-easy/1.0.0/app-readme.md new file mode 100644 index 0000000000..8c6f958538 --- /dev/null +++ b/charts/wg-easy/1.0.0/app-readme.md @@ -0,0 +1,3 @@ +# WG-Easy + +[WG-Easy (WireGuard Easy)](https://github.com/WeeJeWel/wg-easy) is the easiest way to install & manage WireGuard! diff --git a/charts/wg-easy/1.0.0/charts/common-2207.0.0.tgz b/charts/wg-easy/1.0.0/charts/common-2207.0.0.tgz new file mode 100644 index 0000000000..0bc0da8452 Binary files /dev/null and b/charts/wg-easy/1.0.0/charts/common-2207.0.0.tgz differ diff --git a/charts/wg-easy/1.0.0/ix_values.yaml b/charts/wg-easy/1.0.0/ix_values.yaml new file mode 100644 index 0000000000..9fa0a8f646 --- /dev/null +++ b/charts/wg-easy/1.0.0/ix_values.yaml @@ -0,0 +1,4 @@ +image: + pullPolicy: IfNotPresent + repository: weejewel/wg-easy + tag: "7" diff --git a/charts/wg-easy/1.0.0/questions.yaml b/charts/wg-easy/1.0.0/questions.yaml new file mode 100644 index 0000000000..c0673bfddb --- /dev/null +++ b/charts/wg-easy/1.0.0/questions.yaml @@ -0,0 +1,260 @@ +groups: + - name: Configuration + description: WG-Easy application configuration + - name: Storage + description: Configure storage for WG-Easy + - name: Networking + description: Networking Configuration for WG-Easy + - name: Advanced DNS Settings + description: Configure DNS settings + - name: Resource Limits + description: Set CPU/memory limits for Kubernetes Pod + +portals: + web_portal: + protocols: + - http + host: + - $node_ip + ports: + - $variable-webUIPort + path: / + +questions: + - variable: wgUDPPort + label: WireGuard UPD Node Port for WG-Easy + group: Networking + schema: + type: int + min: 9000 + max: 65535 + default: 20920 + required: true + - variable: webUIPort + label: WebUI Node Port for WG-Easy + group: Networking + schema: + type: int + min: 9000 + max: 65535 + default: 20921 + required: true + - variable: hostNetwork + label: Host Network + group: Networking + schema: + type: boolean + default: true + + - variable: dnsConfig + label: DNS Configuration + group: Advanced DNS Settings + schema: + type: dict + attrs: + - variable: options + label: DNS Options + schema: + type: list + items: + - variable: optionsEntry + label: Option Entry Configuration + schema: + type: dict + attrs: + - variable: name + label: Option Name + schema: + type: string + required: true + - variable: value + label: Option Value + schema: + type: string + required: true + + - variable: wgeasy + label: WG-Easy Configuration + group: Configuration + schema: + type: dict + additional_attrs: true + attrs: + - variable: host + label: Hostname or IP + description: The public hostname or IP of your VPN server. + schema: + type: string + required: true + $ref: + - "definitions/nodeIP" + - variable: password + label: Password for WebUI + description: When set, requires a password when logging in to the Web UI. + schema: + type: string + private: true + default: "" + - variable: keep_alive + label: Persistent Keep Alive + description: Value in seconds to keep the "connection" open. If this value is 0, then connections won't be kept alive. + schema: + type: int + required: true + default: 0 + - variable: client_mtu + label: Clients MTU + description: The MTU the clients will use. + schema: + type: int + required: true + default: 1420 + - variable: client_address_range + label: Clients IP Address Range + description: Clients IP address range. + schema: + type: string + required: true + default: 10.8.0.x + - variable: client_dns_server + label: Clients DNS Server + description: Clients DNS Server. + schema: + type: string + required: true + default: "1.1.1.1" + - variable: allowed_ips + label: Allowed IPs + description: Allowed IPs clients will use. If none provided, <0.0.0.0/0,::/0> will be used. + schema: + type: list + default: [] + items: + - variable: entry + label: Allowed IP Entry + schema: + type: string + required: true + default: "" + + - variable: environmentVariables + label: WG-Easy Environment + group: Configuration + schema: + type: list + default: [] + items: + - variable: environmentVariable + label: Environment Variable + schema: + type: dict + attrs: + - variable: name + label: Name + schema: + type: string + required: true + default: "" + - variable: value + label: Value + schema: + type: string + default: "" + required: true + + - variable: appVolumeMounts + label: WG-Easy Storage + group: Storage + schema: + type: dict + attrs: + - variable: config + label: Configuration Volume + schema: + type: dict + attrs: + - variable: datasetName + label: Configuration Volume Dataset Name + schema: + type: string + hidden: true + $ref: + - normalize/ixVolume + show_if: [["hostPathEnabled", "=", false]] + default: ix-wg-easy_config + editable: false + - variable: mountPath + label: Configuration Mount Path + description: Path where the volume will be mounted inside the pod + schema: + type: path + hidden: true + editable: true + default: /etc/wireguard + - variable: hostPathEnabled + label: Enable Custom Host Path for WG-Easy Configuration Volume + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: hostPath + label: Host Path for WG-Easy Configuration Volume + schema: + type: hostpath + required: true + immutable: true + $ref: + - validations/lockedHostPath + + - variable: extraAppVolumeMounts + label: Extra Host Path Volumes + group: Storage + schema: + type: list + items: + - variable: extraAppVolume + label: Host Path Volume + description: Add an extra host path volume for WG-Easy application + schema: + type: dict + attrs: + - variable: mountPath + label: Mount Path in Pod + description: Path where the volume will be mounted inside the pod + schema: + type: path + required: true + - variable: hostPath + label: Host Path + description: Host path + schema: + type: hostpath + required: true + $ref: + - validations/lockedHostPath + + - variable: enableResourceLimits + label: Enable Pod resource limits + group: Resource Limits + schema: + type: boolean + default: false + - variable: cpuLimit + label: CPU Limit resource limits + description: CPU resource limit allow plain integer values with suffix m(milli) e.g 1000m, 100. + group: Resource Limits + schema: + type: string + show_if: [["enableResourceLimits", "=", true]] + valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)" + default: 4000m + - variable: memLimit + label: Memory Limit + group: Resource Limits + description: Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi + schema: + type: string + show_if: [["enableResourceLimits", "=", true]] + valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" + default: 8Gi diff --git a/charts/wg-easy/1.0.0/templates/deployment.yaml b/charts/wg-easy/1.0.0/templates/deployment.yaml new file mode 100644 index 0000000000..c264d270e3 --- /dev/null +++ b/charts/wg-easy/1.0.0/templates/deployment.yaml @@ -0,0 +1,122 @@ +{{ include "common.storage.hostPathValidate" .Values }} +apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "common.names.fullname" . }} + labels: + app: {{ template "common.names.name" . }} + chart: {{ template "common.names.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + rollme: {{ randAlphaNum 5 | quote }} +spec: + replicas: {{ (default 1 .Values.replicas) }} + strategy: + type: "Recreate" + selector: + matchLabels: + app: {{ template "common.names.name" . }} + release: {{ .Release.Name }} + template: + metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.selectorLabels" . | nindent 8 }} + annotations: {{ include "common.annotations" . | nindent 8 }} + spec: + hostNetwork: {{ .Values.hostNetwork }} + hostname: {{ .Release.Name }} + containers: + - name: {{ .Chart.Name }} + {{ include "common.resources.limitation" . | nindent 10 }} + {{ include "common.containers.imageConfig" .Values.image | nindent 10 }} + securityContext: + capabilities: + add: + - NET_ADMIN + - SYS_MODULE + {{/* https://github.com/WeeJeWel/wg-easy/pull/394 */}} + runAsUser: 0 + runAsGroup: 0 + readOnlyRootFilesystem: false + runAsNonRoot: false + volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }} + {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} + - name: extrappvolume-{{ $index }} + mountPath: {{ $hostPathConfiguration.mountPath }} + {{ end }} + ports: + - name: udp + containerPort: {{ .Values.wgUDPPort }} + protocol: UDP + - name: web + containerPort: {{ .Values.webUIPort }} + env: + {{ $wgeasy := .Values.wgeasy }} + {{ $envList := (default list .Values.environmentVariables) }} + {{ $envList = mustAppend $envList (dict "name" "WG_HOST" "value" $wgeasy.host) }} + {{ $envList = mustAppend $envList (dict "name" "PASSWORD" "value" $wgeasy.password) }} + {{ $envList = mustAppend $envList (dict "name" "WG_PORT" "value" .Values.wgUDPPort) }} + {{ $envList = mustAppend $envList (dict "name" "PORT" "value" .Values.webUIPort) }} + {{ $envList = mustAppend $envList (dict "name" "WG_PERSISTENT_KEEPALIVE" "value" $wgeasy.keep_alive) }} + {{ $envList = mustAppend $envList (dict "name" "WG_MTU" "value" $wgeasy.client_mtu) }} + {{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_ADDRESS" "value" $wgeasy.client_address_range) }} + {{ $envList = mustAppend $envList (dict "name" "WG_DEFAULT_DNS" "value" $wgeasy.client_dns_server) }} + {{ if $wgeasy.allowed_ips }} + {{ $envList = mustAppend $envList (dict "name" "WG_ALLOWED_IPS" "value" (join "," $wgeasy.allowed_ips)) }} + {{ else }} + {{ $envList = mustAppend $envList (dict "name" "WG_ALLOWED_IPS" "value" ("0.0.0.0/0,::/0")) }} + {{ end }} + {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }} + readinessProbe: + httpGet: + path: / + port: {{ .Values.webUIPort }} + failureThreshold: 5 + periodSeconds: 15 + livenessProbe: + httpGet: + path: / + port: {{ .Values.webUIPort }} + failureThreshold: 5 + periodSeconds: 15 + startupProbe: + httpGet: + path: / + port: {{ .Values.webUIPort }} + initialDelaySeconds: 5 + failureThreshold: 40 + periodSeconds: 15 + {{ $ip := .Values.wgeasy.client_address_range | replace "x" "0" }} + lifecycle: + preStop: + exec: + command: + - /bin/bash + - -c + - | + echo "Deleting routes created by the app..." + netmask=$(ip route | grep {{ $ip }}) + netmask=$(echo $netmask | grep -o -E '/.\d*') + netmask=${netmask#/} + echo "Matched routes to delete... {{ $ip }}/$netmask" + # Don't try to delete routes if steps above didn't grep-ed anything + if [ ! "$netmask" == "" ]; then + ip route del {{ $ip }}/$netmask || echo "Route deletion failed..." + fi + echo "Routes deleted..." + interface=$(ip a | grep wg0) + if [ ! "$interface" == "" ]; then + echo "Removing wg0 interface..." + ip link delete wg0 + echo "Removed wg0 interface..." + fi + +{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} + volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} + {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} + - name: extrappvolume-{{ $index }} + hostPath: + path: {{ $hostPathConfiguration.hostPath }} + {{ end }} diff --git a/charts/wg-easy/1.0.0/templates/service.yaml b/charts/wg-easy/1.0.0/templates/service.yaml new file mode 100644 index 0000000000..42d960b193 --- /dev/null +++ b/charts/wg-easy/1.0.0/templates/service.yaml @@ -0,0 +1,19 @@ +{{ $selectors := list }} +{{ $selectors = mustAppend $selectors (dict "key" "app" "value" (include "common.names.name" .) ) }} +{{ $selectors = mustAppend $selectors (dict "key" "release" "value" .Release.Name ) }} +{{ $ports := list }} +{{- if not .Values.hostNetwork }} +{{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "nodePort" .Values.webUIPort "targetPort" .Values.webUIPort) }} +{{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "nodePort" .Values.wgUDPPort "targetPort" .Values.wgUDPPort "protocol" "UDP") }} +{{- else }} +{{ $ports = mustAppend $ports (dict "name" "web" "port" .Values.webUIPort "targetPort" .Values.webUIPort) }} +{{ $ports = mustAppend $ports (dict "name" "udp" "port" .Values.wgUDPPort "targetPort" .Values.wgUDPPort "protocol" "UDP") }} +{{- end }} +{{ $params := . }} +{{- if not .Values.hostNetwork }} +{{ $_ := set $params "commonService" (dict "type" "NodePort" "ports" $ports ) }} +{{- else }} +{{ $_ := set $params "commonService" (dict "type" "ClusterIP" "ports" $ports ) }} +{{- end }} +{{ $_1 := set .Values "extraSelectorLabels" $selectors }} +{{ include "common.classes.service" $params }} diff --git a/charts/wg-easy/1.0.0/test_values.yaml b/charts/wg-easy/1.0.0/test_values.yaml new file mode 100644 index 0000000000..9868d3d3b5 --- /dev/null +++ b/charts/wg-easy/1.0.0/test_values.yaml @@ -0,0 +1,26 @@ +image: + pullPolicy: IfNotPresent + repository: weejewel/wg-easy + tag: "7" +appVolumeMounts: + config: + emptyDir: true + mountPath: /etc/wireguard +dnsConfig: + options: [] +emptyDirVolumes: true +environmentVariables: [] +extraAppVolumeMounts: [] +hostNetwork: true +wgUDPPort: 30290 +webUIPort: 30921 +wgeasy: + host: wg.domain.com + password: secret + client_mtu: 1420 + keep_alive: 5 + client_address_range: 10.10.0.x + client_dns_server: "8.8.8.8" + allowed_ips: + - 10.10.10.0/24 + - 10.10.12.0/24 diff --git a/charts/wg-easy/1.0.0/tests/deployment-check.yaml b/charts/wg-easy/1.0.0/tests/deployment-check.yaml new file mode 100644 index 0000000000..3a9557f96d --- /dev/null +++ b/charts/wg-easy/1.0.0/tests/deployment-check.yaml @@ -0,0 +1,21 @@ +{{- $serviceName := (include "common.names.fullname" .) -}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ .Release.Name }}-wgeasy + labels: + app: {{ .Release.Name }} + release: {{ .Release.Name }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: test-curl + image: alpine/curl + imagePullPolicy: "IfNotPresent" + command: + - /bin/sh + - -ec + - | + curl --connect-timeout 5 --max-time 10 --retry 5 --retry-delay 15 --retry-max-time 90 --retry-all-errors -ksf http://{{ $serviceName }}:{{ .Values.webUIPort }}/ + restartPolicy: Never diff --git a/charts/wg-easy/item.yaml b/charts/wg-easy/item.yaml new file mode 100644 index 0000000000..d14a20abcc --- /dev/null +++ b/charts/wg-easy/item.yaml @@ -0,0 +1,5 @@ +icon_url: https://raw.githubusercontent.com/WeeJeWel/wg-easy/master/src/www/img/logo.png +categories: +- wireguard +- network +- vpn diff --git a/charts/wg-easy/upgrade_info.json b/charts/wg-easy/upgrade_info.json new file mode 100644 index 0000000000..a6729a0979 --- /dev/null +++ b/charts/wg-easy/upgrade_info.json @@ -0,0 +1 @@ +{"filename": "ix_values.yaml", "keys": ["image"], "test_filename": "test_values.yaml"}