mirror of
https://github.com/h44z/wg-portal
synced 2025-02-26 05:49:14 +00:00
6ffe1a90ae
* Added TLS support for web - Added optional configurations `cert_file` and `key_file` to run web server with https Signed-off-by: Dmytro Bondar <git@bonddim.com> * Helm chart update - Refactored Ingress to use one host only (`config.web.external_url` is required) - Added Certificate resource template (secret is mounted to container into `/app/certs/`) - Added support for service with mixed protocols (exposes UI and Wireguard ports on same IP) - Added helm-docs target to makefile - Changed pod labels to use selectorLabels - Removed default probes (app runs without healthy web) - Removed sections from README Signed-off-by: Dmytro Bondar <git@bonddim.com> * Fix chart workflow path filter * Fix chart lint issue * Skip clean-up tested chart * Try k3d cluster --------- Signed-off-by: Dmytro Bondar <git@bonddim.com> |
||
|---|---|---|
| .. | ||
| templates | ||
| .helmignore | ||
| Chart.yaml | ||
| README.md | ||
| README.md.gotmpl | ||
| values.yaml | ||
wg-portal
WireGuard Configuration Portal with LDAP, OAuth, OIDC authentication
Homepage: https://wgportal.org
Source Code
Requirements
Kubernetes: >=1.19.0
Installing the Chart
To install the chart with the release name wg-portal:
helm install wg-portal oci://ghcr.io/h44z/charts/wg-portal
This command deploy wg-portal on the Kubernetes cluster in the default configuration. The Values section lists the parameters that can be configured during installation.
Values
| Key | Type | Default | Description |
|---|---|---|---|
| nameOverride | string | "" |
Partially override resource names (adds suffix) |
| fullnameOverride | string | "" |
Fully override resource names |
| extraDeploy | list | [] |
Array of extra objects to deploy with the release |
| config.advanced | tpl/object | {} |
Advanced configuration options. |
| config.auth | tpl/object | {} |
Auth configuration options. |
| config.core | tpl/object | {} |
Core configuration options. If external admins in auth are not defined and there are no admin_user and admin_password defined here, the default credentials will be generated. |
| config.database | tpl/object | {} |
Database configuration options |
| config.mail | tpl/object | {} |
Mail configuration options |
| config.statistics | tpl/object | {} |
Statistics configuration options |
| config.web | tpl/object | {} |
Web configuration options.listening_address will be set automatically from service.web.port. external_url is required to enable ingress and certificate resources. |
| revisionHistoryLimit | string | 10 |
The number of old ReplicaSets to retain to allow rollback. |
| workloadType | string | "Deployment" |
Workload type - Deployment or StatefulSet |
| strategy | object | {"type":"RollingUpdate"} |
Update strategy for the workload Valid values are: RollingUpdate or Recreate for Deployment, RollingUpdate or OnDelete for StatefulSet |
| image.repository | string | "ghcr.io/h44z/wg-portal" |
Image repository |
| image.pullPolicy | string | "IfNotPresent" |
Image pull policy |
| image.tag | string | "" |
Overrides the image tag whose default is the chart appVersion |
| imagePullSecrets | list | [] |
Image pull secrets |
| podAnnotations | tpl/object | {} |
Extra annotations to add to the pod |
| podLabels | object | {} |
Extra labels to add to the pod |
| podSecurityContext | object | {} |
Pod Security Context |
| securityContext.capabilities.add | list | ["NET_ADMIN"] |
Add capabilities to the container |
| initContainers | tpl/list | [] |
Pod init containers |
| sidecarContainers | tpl/list | [] |
Pod sidecar containers |
| dnsPolicy | string | "ClusterFirst" |
Set DNS policy for the pod. Valid values are ClusterFirstWithHostNet, ClusterFirst, Default or None. |
| restartPolicy | string | "Always" |
Restart policy for all containers within the pod. Valid values are Always, OnFailure or Never. |
| hostNetwork | string | false. |
Use the host's network namespace. |
| resources | object | {} |
Resources requests and limits |
| command | list | [] |
Overwrite pod command |
| args | list | [] |
Additional pod arguments |
| env | tpl/list | [] |
Additional environment variables |
| envFrom | tpl/list | [] |
Additional environment variables from a secret or configMap |
| livenessProbe | object | {} |
Liveness probe configuration |
| readinessProbe | object | {} |
Readiness probe configuration |
| startupProbe | object | {} |
Startup probe configuration |
| volumes | tpl/list | [] |
Additional volumes |
| volumeMounts | tpl/list | [] |
Additional volumeMounts |
| nodeSelector | object | {"kubernetes.io/os":"linux"} |
Node Selector configuration |
| tolerations | list | [] |
Tolerations configuration |
| affinity | object | {} |
Affinity configuration |
| service.mixed.enabled | bool | false |
Whether to create a single service for the web and wireguard interfaces |
| service.mixed.type | string | "LoadBalancer" |
Service type |
| service.web.annotations | object | {} |
Annotations for the web service |
| service.web.type | string | "ClusterIP" |
Web service type |
| service.web.port | int | 8888 |
Web service port Used for the web interface listener |
| service.wireguard.annotations | object | {} |
Annotations for the WireGuard service |
| service.wireguard.type | string | "LoadBalancer" |
Wireguard service type |
| service.wireguard.ports | list | [51820] |
Wireguard service ports. Exposes the WireGuard ports for created interfaces. Lowerest port is selected as start port for the first interface. Increment next port by 1 for each additional interface. |
| ingress.enabled | bool | false |
Specifies whether an ingress resource should be created |
| ingress.className | string | "" |
Ingress class name |
| ingress.annotations | object | {} |
Ingress annotations |
| ingress.tls | bool | false |
Ingress TLS configuration. Enable certificate resource or add ingress annotation to create required secret |
| certificate.enabled | bool | false |
Specifies whether a certificate resource should be created |
| certificate.issuer.name | string | "" |
Certificate issuer name |
| certificate.issuer.kind | string | "" |
Certificate issuer kind (ClusterIssuer or Issuer) |
| certificate.issuer.group | string | "cert-manager.io" |
Certificate issuer group |
| certificate.duration | string | "" |
Optional. Documentation |
| certificate.renewBefore | string | "" |
Optional. Documentation |
| certificate.commonName | string | "" |
Optional. Documentation |
| certificate.emailAddresses | list | [] |
Optional. Documentation |
| certificate.ipAddresses | list | [] |
Optional. Documentation |
| certificate.keystores | object | {} |
Optional. Documentation |
| certificate.privateKey | object | {} |
Optional. Documentation |
| certificate.secretTemplate | object | {} |
Optional. Documentation |
| certificate.subject | object | {} |
Optional. Documentation |
| certificate.uris | list | [] |
Optional. Documentation |
| certificate.usages | list | [] |
Optional. Documentation |
| persistence.enabled | bool | false |
Specifies whether an persistent volume should be created |
| persistence.annotations | object | {} |
Persistent Volume Claim annotations |
| persistence.storageClass | string | "" |
Persistent Volume storage class. If undefined (the default) cluster's default provisioner will be used. |
| persistence.accessMode | string | "ReadWriteOnce" |
Persistent Volume Access Mode |
| persistence.size | string | "1Gi" |
Persistent Volume size |
| serviceAccount.create | bool | true |
Specifies whether a service account should be created |
| serviceAccount.annotations | object | {} |
Service account annotations |
| serviceAccount.automount | bool | false |
Automatically mount a ServiceAccount's API credentials |
| serviceAccount.name | string | "" |
The name of the service account to use. If not set and create is true, a name is generated using the fullname template |