From 60ceb2d21e245a046660523a20e2a162a52dc03e Mon Sep 17 00:00:00 2001 From: Mikolaj Sobolewski <51751942+mikolajsobolewski@users.noreply.github.com> Date: Sun, 8 Sep 2024 14:56:19 +0300 Subject: [PATCH] Added interfaceOpts Adapted to usage in amnezia-wg (#56) I adapted this charr for usage in amnezia-wg (https://github.com/amnezia-vpn/amneziawg-tools) but we should to add extra obfuscation opts in interface part of config. --- helm/wireguard/Chart.yaml | 2 +- helm/wireguard/README.md | 3 ++- helm/wireguard/templates/config.yaml | 6 ++++-- helm/wireguard/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/helm/wireguard/Chart.yaml b/helm/wireguard/Chart.yaml index f239f24..8ee53c5 100644 --- a/helm/wireguard/Chart.yaml +++ b/helm/wireguard/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: wireguard description: A Helm chart for managing a wireguard vpn in kubernetes type: application -version: 0.25.0 +version: 0.26.0 appVersion: "0.0.0" maintainers: - name: bryopsida diff --git a/helm/wireguard/README.md b/helm/wireguard/README.md index 193a5f1..793caf3 100644 --- a/helm/wireguard/README.md +++ b/helm/wireguard/README.md @@ -1,6 +1,6 @@ # wireguard -![Version: 0.25.0](https://img.shields.io/badge/Version-0.25.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square) +![Version: 0.26.0](https://img.shields.io/badge/Version-0.26.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square) A Helm chart for managing a wireguard vpn in kubernetes @@ -129,6 +129,7 @@ A Helm chart for managing a wireguard vpn in kubernetes | volumeMounts | object | `{}` | Passthrough pod volume mounts | | volumes | object | `{}` | Passthrough pod volumes | | wireguard.clients | list | `[]` | A collection of clients that will be added to wg0.conf, accepts objects with keys PublicKey and AllowedIPs (mandatory) and optional FriendlyName or FriendlyJson (https://github.com/MindFlavor/prometheus_wireguard_exporter#friendly-tags) and PersistentKeepalive (https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence), stored in secret | +| wireguard.interfaceOpts | object | `{}` | A collection of extraopts for wireguard interface | | wireguard.natAddSourceNet | bool | `true` | Add the serverCidr to the nat source net option | | wireguard.serverAddress | string | `"10.34.0.1/24"` | Address of the VPN server | | wireguard.serverCidr | string | `"10.34.0.0/24"` | Subnet for your VPN, take care not to clash with cluster POD cidr | diff --git a/helm/wireguard/templates/config.yaml b/helm/wireguard/templates/config.yaml index 7f4c6dc..2a426ca 100644 --- a/helm/wireguard/templates/config.yaml +++ b/helm/wireguard/templates/config.yaml @@ -5,7 +5,9 @@ Address = {{ .Values.wireguard.serverAddress }} ListenPort = 51820 PostUp = wg set wg0 private-key /etc/wireguard/privatekey && iptables -t nat -A POSTROUTING {{ $natSourceNetOption }} -o eth0 -j MASQUERADE PostDown = iptables -t nat -D POSTROUTING -s {{ $natSourceNetOption }} -o eth0 -j MASQUERADE - +{{- range $key, $value := .Values.wireguard.interfaceOpts }} +{{ $key }} = {{ $value }} +{{- end }} # Clients {{- range .Values.wireguard.clients }} [Peer] @@ -34,4 +36,4 @@ metadata: name: "{{ .Release.Name }}-wg-config" data: wg0.conf: {{ include "wg-config-template" . | b64enc }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/wireguard/values.yaml b/helm/wireguard/values.yaml index c4754b0..4bd2a66 100644 --- a/helm/wireguard/values.yaml +++ b/helm/wireguard/values.yaml @@ -52,6 +52,8 @@ wireguard: serverCidr: 10.34.0.0/24 # -- Add the serverCidr to the nat source net option natAddSourceNet: true + # -- A collection of extraopts for wireguard interface + interfaceOpts: {} # -- A collection of clients that will be added to wg0.conf, accepts objects with keys PublicKey and AllowedIPs (mandatory) and optional FriendlyName or FriendlyJson (https://github.com/MindFlavor/prometheus_wireguard_exporter#friendly-tags) and PersistentKeepalive (https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence), stored in secret clients: [] # - FriendlyName: username1