From 46c30fef0a42adf2c8ed64bfb2c7f102ba9c6806 Mon Sep 17 00:00:00 2001 From: Klaus Erber Date: Wed, 6 Dec 2023 19:18:18 +0000 Subject: [PATCH 1/7] feat: option to leave out the serverCidr as net source --- helm/wireguard/templates/config.yaml | 5 +++-- helm/wireguard/values.yaml | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/helm/wireguard/templates/config.yaml b/helm/wireguard/templates/config.yaml index d8c230a..a7f5a6e 100644 --- a/helm/wireguard/templates/config.yaml +++ b/helm/wireguard/templates/config.yaml @@ -1,9 +1,10 @@ {{- define "wg-config-template" -}} +{{- $natSourceNetOption := .Values.wireguard.natAddSourceNet | ternary (printf "%s %s" "-s" .Values.wireguard.serverCidr) ("") -}} [Interface] Address = {{ .Values.wireguard.serverAddress }} ListenPort = 51820 -PostUp = wg set wg0 private-key /etc/wireguard/privatekey && iptables -t nat -A POSTROUTING -s {{ .Values.wireguard.serverCidr }} -o eth0 -j MASQUERADE -PostDown = iptables -t nat -D POSTROUTING -s {{ .Values.wireguard.serverCidr }} -o eth0 -j MASQUERADE +PostUp = wg set wg0 private-key /etc/wireguard/privatekey && iptables -t nat -A POSTROUTING {{ $natSourceNetOption }} -o eth0 -j MASQUERADE +PostDown = iptables -t nat -D POSTROUTING -s {{ $natSourceNetOption }} -o eth0 -j MASQUERADE # Clients {{- range .Values.wireguard.clients }} diff --git a/helm/wireguard/values.yaml b/helm/wireguard/values.yaml index a574fa9..47c93e6 100644 --- a/helm/wireguard/values.yaml +++ b/helm/wireguard/values.yaml @@ -35,6 +35,8 @@ wireguard: serverAddress: 10.34.0.1/24 # -- Subnet for your VPN, take care not to clash with cluster POD cidr serverCidr: 10.34.0.0/24 + # -- Add the serverCidr to the nat source net option + natAddSourceNet: true # -- A collection of clients that will be added to wg0.conf, accepts objects with keys PublicKey and AllowedIPs (mandatory) and optional FriendlyName or FriendlyJson (https://github.com/MindFlavor/prometheus_wireguard_exporter#friendly-tags), stored in secret clients: [] # - FriendlyName: username1 From 43395654e0d06b4886f795e402ec2a1e0d5e0336 Mon Sep 17 00:00:00 2001 From: Klaus Erber Date: Sat, 9 Dec 2023 19:27:55 +0000 Subject: [PATCH 2/7] feat: hostport --- helm/wireguard/templates/deployment.yaml | 3 +++ helm/wireguard/values.yaml | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/helm/wireguard/templates/deployment.yaml b/helm/wireguard/templates/deployment.yaml index eadd857..cb555d9 100644 --- a/helm/wireguard/templates/deployment.yaml +++ b/helm/wireguard/templates/deployment.yaml @@ -143,6 +143,9 @@ spec: - containerPort: 51820 protocol: UDP name: wireguard + {{- if .Values.useHostPort }} + hostPort: {{ .Values.hostPort }} + {{- end }} env: - name: LOG_LEVEL value: {{ default "info" .Values.logLevel }} diff --git a/helm/wireguard/values.yaml b/helm/wireguard/values.yaml index 47c93e6..9b480ec 100644 --- a/helm/wireguard/values.yaml +++ b/helm/wireguard/values.yaml @@ -30,6 +30,10 @@ keygenJob: extraEnv: {} podAnnotations: {} labels: {} +# -- Expose VPN service on hostPort +useHostPort: false +# -- Host port to expose the VPN service on +hostPort: 51820 wireguard: # -- Address of the VPN server serverAddress: 10.34.0.1/24 From 3d146624ce8976e9626f3013d9d1864ba5989694 Mon Sep 17 00:00:00 2001 From: Klaus Erber Date: Sat, 9 Dec 2023 19:31:35 +0000 Subject: [PATCH 3/7] fix: Recreate --- helm/wireguard/templates/deployment.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/helm/wireguard/templates/deployment.yaml b/helm/wireguard/templates/deployment.yaml index cb555d9..9d66673 100644 --- a/helm/wireguard/templates/deployment.yaml +++ b/helm/wireguard/templates/deployment.yaml @@ -58,7 +58,12 @@ spec: matchLabels: app: "{{ .Release.Name }}-wireguard" {{- if not .Values.daemonSet }} + {{- if eq .Values.deploymentStrategy.type "RollingUpdate" }} strategy: {{ .Values.deploymentStrategy | toYaml | nindent 4 }} + {{- else }} + strategy: + type: {{ .Values.deploymentStrategy.type }} + {{- end }} {{- end }} template: metadata: From 96bda916f31ea57d57163f5c96386a1c03dd9bd2 Mon Sep 17 00:00:00 2001 From: Klaus Erber Date: Sat, 9 Dec 2023 19:37:26 +0000 Subject: [PATCH 4/7] fix: remove hostport code --- helm/wireguard/templates/deployment.yaml | 3 --- helm/wireguard/values.yaml | 4 ---- 2 files changed, 7 deletions(-) diff --git a/helm/wireguard/templates/deployment.yaml b/helm/wireguard/templates/deployment.yaml index 9d66673..232ba1c 100644 --- a/helm/wireguard/templates/deployment.yaml +++ b/helm/wireguard/templates/deployment.yaml @@ -148,9 +148,6 @@ spec: - containerPort: 51820 protocol: UDP name: wireguard - {{- if .Values.useHostPort }} - hostPort: {{ .Values.hostPort }} - {{- end }} env: - name: LOG_LEVEL value: {{ default "info" .Values.logLevel }} diff --git a/helm/wireguard/values.yaml b/helm/wireguard/values.yaml index 9b480ec..47c93e6 100644 --- a/helm/wireguard/values.yaml +++ b/helm/wireguard/values.yaml @@ -30,10 +30,6 @@ keygenJob: extraEnv: {} podAnnotations: {} labels: {} -# -- Expose VPN service on hostPort -useHostPort: false -# -- Host port to expose the VPN service on -hostPort: 51820 wireguard: # -- Address of the VPN server serverAddress: 10.34.0.1/24 From 5a4403a89980224e9ab2ae66718033559d3ea781 Mon Sep 17 00:00:00 2001 From: Klaus Erber Date: Sat, 9 Dec 2023 19:39:42 +0000 Subject: [PATCH 5/7] fix: remove nat config code --- helm/wireguard/templates/config.yaml | 4 ++-- helm/wireguard/values.yaml | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/helm/wireguard/templates/config.yaml b/helm/wireguard/templates/config.yaml index a7f5a6e..91a38d3 100644 --- a/helm/wireguard/templates/config.yaml +++ b/helm/wireguard/templates/config.yaml @@ -3,8 +3,8 @@ [Interface] Address = {{ .Values.wireguard.serverAddress }} ListenPort = 51820 -PostUp = wg set wg0 private-key /etc/wireguard/privatekey && iptables -t nat -A POSTROUTING {{ $natSourceNetOption }} -o eth0 -j MASQUERADE -PostDown = iptables -t nat -D POSTROUTING -s {{ $natSourceNetOption }} -o eth0 -j MASQUERADE +PostUp = wg set wg0 private-key /etc/wireguard/privatekey && iptables -t nat -A POSTROUTING -s {{ .Values.wireguard.serverCidr }} -o eth0 -j MASQUERADE +PostDown = iptables -t nat -D POSTROUTING -s {{ .Values.wireguard.serverCidr }} -o eth0 -j MASQUERADE # Clients {{- range .Values.wireguard.clients }} diff --git a/helm/wireguard/values.yaml b/helm/wireguard/values.yaml index 47c93e6..a574fa9 100644 --- a/helm/wireguard/values.yaml +++ b/helm/wireguard/values.yaml @@ -35,8 +35,6 @@ wireguard: serverAddress: 10.34.0.1/24 # -- Subnet for your VPN, take care not to clash with cluster POD cidr serverCidr: 10.34.0.0/24 - # -- Add the serverCidr to the nat source net option - natAddSourceNet: true # -- A collection of clients that will be added to wg0.conf, accepts objects with keys PublicKey and AllowedIPs (mandatory) and optional FriendlyName or FriendlyJson (https://github.com/MindFlavor/prometheus_wireguard_exporter#friendly-tags), stored in secret clients: [] # - FriendlyName: username1 From 4c8f6801021e8758e9f6f8d6d4122a7e55c4bc75 Mon Sep 17 00:00:00 2001 From: Klaus Erber Date: Sat, 9 Dec 2023 19:40:43 +0000 Subject: [PATCH 6/7] fix: remove nat config code --- helm/wireguard/templates/config.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/helm/wireguard/templates/config.yaml b/helm/wireguard/templates/config.yaml index 91a38d3..d8c230a 100644 --- a/helm/wireguard/templates/config.yaml +++ b/helm/wireguard/templates/config.yaml @@ -1,5 +1,4 @@ {{- define "wg-config-template" -}} -{{- $natSourceNetOption := .Values.wireguard.natAddSourceNet | ternary (printf "%s %s" "-s" .Values.wireguard.serverCidr) ("") -}} [Interface] Address = {{ .Values.wireguard.serverAddress }} ListenPort = 51820 From 3168597e6220c6307208f61a24a364c05e63eeaa Mon Sep 17 00:00:00 2001 From: bryopsida <8363252+bryopsida@users.noreply.github.com> Date: Tue, 12 Dec 2023 17:33:55 -0600 Subject: [PATCH 7/7] bump patch version --- helm/wireguard/Chart.yaml | 2 +- helm/wireguard/README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/helm/wireguard/Chart.yaml b/helm/wireguard/Chart.yaml index 30e5b84..c8fa2f8 100644 --- a/helm/wireguard/Chart.yaml +++ b/helm/wireguard/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: wireguard description: A Helm chart for managing a wireguard vpn in kubernetes type: application -version: 0.16.1 +version: 0.16.2 appVersion: "0.0.0" maintainers: - name: bryopsida diff --git a/helm/wireguard/README.md b/helm/wireguard/README.md index ae627e0..60be00e 100644 --- a/helm/wireguard/README.md +++ b/helm/wireguard/README.md @@ -1,6 +1,6 @@ # wireguard -![Version: 0.16.1](https://img.shields.io/badge/Version-0.16.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square) +![Version: 0.16.2](https://img.shields.io/badge/Version-0.16.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.0](https://img.shields.io/badge/AppVersion-0.0.0-informational?style=flat-square) A Helm chart for managing a wireguard vpn in kubernetes @@ -109,4 +109,4 @@ A Helm chart for managing a wireguard vpn in kubernetes | wireguard.serverCidr | string | `"10.34.0.0/24"` | Subnet for your VPN, take care not to clash with cluster POD cidr | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) +Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)