mirror of
https://github.com/gravitl/netmaker.git
synced 2024-09-20 15:26:04 +08:00
updated helm charts
This commit is contained in:
parent
a39ef16394
commit
445df67030
|
@ -1,6 +1,6 @@
|
|||
apiVersion: v2
|
||||
name: netmaker
|
||||
description: A Helm chart for Kubernetes
|
||||
description: A Helm chart to run HA Netmaker on Kubernetes
|
||||
|
||||
# A chart can be either an 'application' or a 'library' chart.
|
||||
#
|
||||
|
|
|
@ -1,28 +0,0 @@
|
|||
{{- if .Values.autoscaling.enabled }}
|
||||
apiVersion: autoscaling/v2beta1
|
||||
kind: HorizontalPodAutoscaler
|
||||
metadata:
|
||||
name: {{ include "netmaker.fullname" . }}
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
spec:
|
||||
scaleTargetRef:
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
name: {{ include "netmaker.fullname" . }}
|
||||
minReplicas: {{ .Values.autoscaling.minReplicas }}
|
||||
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
|
||||
metrics:
|
||||
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: cpu
|
||||
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
|
||||
{{- end }}
|
||||
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
- type: Resource
|
||||
resource:
|
||||
name: memory
|
||||
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
|
||||
{{- end }}
|
||||
{{- end }}
|
|
@ -6,6 +6,7 @@
|
|||
{{- $uiSvcPort := .Values.service.uiPort -}}
|
||||
{{- $restSvcPort := .Values.service.restPort -}}
|
||||
{{- $grpcSvcPort := .Values.service.grpcPort -}}
|
||||
{{- $classname := required "A valid .Values.ingress.className entry required! Please set this to your ingress class (nginx, traefik)" .Values.ingress.className}}
|
||||
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
|
||||
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
|
||||
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
|
||||
|
@ -23,18 +24,29 @@ metadata:
|
|||
name: {{ $fullUIName }}
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
{{- with .Values.ingress }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- toYaml .annotations.base | nindent 4 }}
|
||||
{{- if eq .className "nginx" }}
|
||||
{{- toYaml .annotations.nginx | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if eq .className "traefik" }}
|
||||
{{- toYaml .annotations.traefik | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .tls.enabled }}
|
||||
{{- toYaml .annotations.tls | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
ingressClassName: {{ required "A valid .Values.ingress.className entry required!" .Values.ingress.className}}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls.enabled }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostPrefix.ui }}{{ .Values.baseDomain }}
|
||||
secretName: {{ $fullUIName }}-tls-secret
|
||||
{{- end}}
|
||||
rules:
|
||||
- host: {{ .Values.ingress.hostPrefix.ui }}{{ .Values.baseDomain }}
|
||||
http:
|
||||
|
@ -66,18 +78,29 @@ metadata:
|
|||
name: {{ $fullRESTName }}
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
{{- with .Values.ingress }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- toYaml .annotations.base | nindent 4 }}
|
||||
{{- if eq .className "nginx" }}
|
||||
{{- toYaml .annotations.nginx | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if eq .className "traefik" }}
|
||||
{{- toYaml .annotations.traefik | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .tls.enabled }}
|
||||
{{- toYaml .annotations.tls | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
ingressClassName: {{ required "A valid .Values.ingress.className entry required!" .Values.ingress.className}}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls.enabled }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostPrefix.rest }}{{ .Values.baseDomain }}
|
||||
secretName: {{ $fullRESTName }}-tls-secret
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ .Values.ingress.hostPrefix.rest }}{{ .Values.baseDomain }}
|
||||
http:
|
||||
|
@ -109,18 +132,31 @@ metadata:
|
|||
name: {{ $fullGRPCName }}
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.grpcAnnotations }}
|
||||
{{- with .Values.ingress }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- toYaml .annotations.base | nindent 4 }}
|
||||
{{- if eq .className "nginx" }}
|
||||
{{- toYaml .annotations.nginx | nindent 4 }}
|
||||
{{- toYaml .annotations.grpc.nginx | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if eq .className "traefik" }}
|
||||
{{- toYaml .annotations.traefik | nindent 4 }}
|
||||
{{- toYaml .annotations.grpc.traefik | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if .tls.enabled }}
|
||||
{{- toYaml .annotations.tls | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||
ingressClassName: {{ .Values.ingress.className }}
|
||||
ingressClassName: {{ required "A valid .Values.ingress.className entry required!" .Values.ingress.className}}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tls.enabled }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}
|
||||
secretName: {{ $fullGRPCName }}-tls-secret
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}
|
||||
http:
|
||||
|
|
|
@ -16,7 +16,6 @@ spec:
|
|||
app: {{ include "netmaker.fullname" . }}
|
||||
spec:
|
||||
{{- if .Values.wireguard.enabled }}
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
|
@ -96,10 +95,17 @@ spec:
|
|||
imagePullPolicy: Always
|
||||
name: {{ include "netmaker.fullname" . }}
|
||||
ports:
|
||||
- containerPort: 8081
|
||||
- containerPort: {{ .Values.service.restPort }}
|
||||
protocol: TCP
|
||||
- containerPort: 443
|
||||
- containerPort: {{ .Values.service.grpcPort }}
|
||||
protocol: TCP
|
||||
{{- if .Values.wireguard.enabled }}
|
||||
{{ $count := (add .Values.wireguard.networkLimit 1 | int) }}
|
||||
{{- range untilStep 1 $count 1 }}
|
||||
- containerPort: {{ add 31820 . }}
|
||||
protocol: UDP
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
resources: {}
|
||||
{{- if .Values.wireguard.enabled }}
|
||||
securityContext:
|
||||
|
|
|
@ -25,7 +25,7 @@ spec:
|
|||
- name: rest
|
||||
port: {{ .Values.service.restPort }}
|
||||
protocol: TCP
|
||||
targetPort: {{ .Values.service.restPort }}
|
||||
targetPort: {{ .Values.service.grpcPort }}
|
||||
selector:
|
||||
app: '{{ include "netmaker.fullname" . }}'
|
||||
sessionAffinity: None
|
||||
|
@ -46,4 +46,27 @@ spec:
|
|||
selector:
|
||||
app: '{{ include "netmaker.fullname" . }}'
|
||||
sessionAffinity: None
|
||||
type: {{ .Values.service.type }}
|
||||
type: {{ .Values.service.type }}
|
||||
{{- if .Values.wireguard.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "netmaker.labels" . | nindent 4 }}
|
||||
name: '{{ include "netmaker.fullname" . }}-wireguard'
|
||||
spec:
|
||||
externalTrafficPolicy: Local
|
||||
type: NodePort
|
||||
ports:
|
||||
{{ $count := (add .Values.wireguard.networkLimit 1 | int) }}
|
||||
{{- range untilStep 1 $count 1 }}
|
||||
- port: {{ add 31820 . }}
|
||||
nodePort: {{ add 31820 . }}
|
||||
protocol: UDP
|
||||
targetPort: {{ add 31820 . }}
|
||||
name: wg-iface-{{ add 31820 . }}
|
||||
{{- end }}
|
||||
selector:
|
||||
app: '{{ include "netmaker.fullname" . }}'
|
||||
{{- end }}
|
|
@ -2,113 +2,115 @@
|
|||
# This is a YAML-formatted file.
|
||||
# Declare variables to be passed into your templates.
|
||||
|
||||
# -- number of netmaker server replicas to create
|
||||
replicas: 3
|
||||
|
||||
image:
|
||||
# -- The image repo to pull Netmaker image from
|
||||
repository: gravitl/netmaker
|
||||
# -- Pull Policy for images
|
||||
pullPolicy: Always
|
||||
# Overrides the image tag whose default is the chart appVersion.
|
||||
# -- Override the image tag to pull
|
||||
tag: "v0.8.4"
|
||||
|
||||
imagePullSecrets: []
|
||||
nameOverride: ""
|
||||
# -- override the name for netmaker objects
|
||||
nameOverride: ""
|
||||
|
||||
# -- override the full name for netmaker objects
|
||||
fullnameOverride: ""
|
||||
|
||||
serviceAccount:
|
||||
# Specifies whether a service account should be created
|
||||
# -- Specifies whether a service account should be created
|
||||
create: true
|
||||
# Annotations to add to the service account
|
||||
# -- Annotations to add to the service account
|
||||
annotations: {}
|
||||
# The name of the service account to use.
|
||||
# If not set and create is true, a name is generated using the fullname template
|
||||
# -- Name of SA to use. If not set and create is true, a name is generated using the fullname template
|
||||
name: ""
|
||||
|
||||
# -- pod annotations to add
|
||||
podAnnotations: {}
|
||||
|
||||
# -- pod security contect to add
|
||||
podSecurityContext: {}
|
||||
# fsGroup: 2000
|
||||
|
||||
isKernel: false
|
||||
isClient: true
|
||||
|
||||
ui:
|
||||
# -- how many UI replicas to create
|
||||
replicas: 2
|
||||
|
||||
securityContext: {}
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
# readOnlyRootFilesystem: true
|
||||
# runAsNonRoot: true
|
||||
# runAsUser: 1000
|
||||
|
||||
service:
|
||||
# -- type for netmaker server services
|
||||
type: ClusterIP
|
||||
# -- port for API service
|
||||
restPort: 8081
|
||||
# -- port for GRPC service
|
||||
grpcPort: 443
|
||||
# -- port for UI service
|
||||
uiPort: 80
|
||||
|
||||
ingress:
|
||||
# -- attempts to configure ingress if true
|
||||
enabled: false
|
||||
className: ""
|
||||
tls:
|
||||
enabled: true
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
kubernetes.io/tls-acme: "true"
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
||||
grpcAnnotations:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
kubernetes.io/tls-acme: "true"
|
||||
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
||||
base:
|
||||
# -- annotation to generate ACME certs if available
|
||||
kubernetes.io/ingress.allow-http: "false"
|
||||
tls:
|
||||
kubernetes.io/tls-acme: "true"
|
||||
# -- LE issuer name
|
||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||
# -- Block HTTP requests
|
||||
nginx:
|
||||
# -- Redirect http to https
|
||||
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
|
||||
# -- destination addr for route
|
||||
nginx.ingress.kubernetes.io/rewrite-target: /
|
||||
traefik:
|
||||
# -- Redirect to https
|
||||
traefik.ingress.kubernetes.io/redirect-entry-point: https
|
||||
# -- Redirect to https permanently
|
||||
traefik.ingress.kubernetes.io/redirect-permanent: "true"
|
||||
# -- rule type
|
||||
traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
|
||||
grpc:
|
||||
nginx:
|
||||
# -- annotation to use grpc protocol on grpc domain
|
||||
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
|
||||
traefik:
|
||||
# -- annotation to use grpc protocol on grpc domain
|
||||
ingress.kubernetes.io/protocol: "h2c"
|
||||
hostPrefix:
|
||||
# -- ui route subdomain
|
||||
ui: 'dashboard.'
|
||||
# -- api (REST) route subdomain
|
||||
rest: 'api.'
|
||||
# -- grpc route subdomain
|
||||
grpc: 'grpc.'
|
||||
|
||||
resources: {}
|
||||
# We usually recommend not to specify default resources and to leave this as a conscious
|
||||
# choice for the user. This also increases chances charts run on environments with little
|
||||
# resources, such as Minikube. If you do want to specify resources, uncomment the following
|
||||
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
||||
# limits:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
# requests:
|
||||
# cpu: 100m
|
||||
# memory: 128Mi
|
||||
|
||||
wireguard:
|
||||
# -- whether or not to use WireGuard on server
|
||||
enabled: true
|
||||
# -- whether or not to use Kernel WG (should be false unless WireGuard is installed on hosts).
|
||||
kernel: false
|
||||
# -- max number of networks that Netmaker will support if running with WireGuard enabled
|
||||
networkLimit: 10
|
||||
|
||||
dns:
|
||||
# -- whether or not to run with DNS (CoreDNS)
|
||||
enabled: false
|
||||
# -- volume size for DNS (only needs to hold one file)
|
||||
storageSize: 128Mi
|
||||
|
||||
postgresql-ha:
|
||||
postgresql:
|
||||
# -- postgres user to generate
|
||||
username: netmaker
|
||||
# -- postgres pass to generate
|
||||
password: netmaker
|
||||
# -- postgress db to generate
|
||||
database: netmaker
|
||||
persistence:
|
||||
# -- size of postgres DB
|
||||
size: 3Gi
|
||||
|
||||
autoscaling:
|
||||
enabled: false
|
||||
minReplicas: 1
|
||||
maxReplicas: 100
|
||||
targetCPUUtilizationPercentage: 80
|
||||
# targetMemoryUtilizationPercentage: 80
|
||||
|
||||
netmakerUI:
|
||||
|
||||
|
||||
nodeSelector: {}
|
||||
|
||||
tolerations: []
|
||||
|
||||
affinity: {}
|
||||
|
|
|
@ -18,6 +18,7 @@ import (
|
|||
|
||||
// KUBERNETES_LISTEN_PORT - starting port for Kubernetes in order to use NodePort range
|
||||
const KUBERNETES_LISTEN_PORT = 31821
|
||||
const KUBERNETES_SERVER_MTU = 1024
|
||||
|
||||
// ServerJoin - responsible for joining a server to a network
|
||||
func ServerJoin(network string, serverID string, privateKey string) error {
|
||||
|
@ -36,10 +37,12 @@ func ServerJoin(network string, serverID string, privateKey string) error {
|
|||
MacAddress: serverID,
|
||||
UDPHolePunch: "no",
|
||||
}
|
||||
node.SetDefaults()
|
||||
|
||||
if servercfg.GetPlatform() == "Kubernetes" {
|
||||
node.ListenPort = KUBERNETES_LISTEN_PORT
|
||||
node.MTU = KUBERNETES_SERVER_MTU
|
||||
}
|
||||
node.SetDefaults()
|
||||
|
||||
if node.LocalRange != "" && node.LocalAddress == "" {
|
||||
Log("local vpn, getting local address from range: "+node.LocalRange, 1)
|
||||
|
|
|
@ -42,7 +42,7 @@ func Join(cfg config.ClientConfig, privateKey string) error {
|
|||
}
|
||||
if cfg.Daemon != "off" {
|
||||
if ncutils.IsLinux() {
|
||||
err = daemon.RemoveSystemDServices(cfg.Network)
|
||||
err = daemon.RemoveSystemDServices()
|
||||
}
|
||||
if err != nil {
|
||||
ncutils.PrintLog("error removing services: "+err.Error(), 1)
|
||||
|
|
|
@ -98,30 +98,17 @@ WantedBy=timers.target
|
|||
}
|
||||
|
||||
// RemoveSystemDServices - removes the systemd services on a machine
|
||||
func RemoveSystemDServices(network string) error {
|
||||
func RemoveSystemDServices() error {
|
||||
//sysExec, err := exec.LookPath("systemctl")
|
||||
if !ncutils.IsWindows() {
|
||||
fullremove, err := isOnlyService(network)
|
||||
var err error
|
||||
if !ncutils.IsWindows() && isOnlyService() {
|
||||
if err != nil {
|
||||
log.Println(err)
|
||||
}
|
||||
|
||||
if fullremove {
|
||||
_, err = ncutils.RunCmd("systemctl disable netclient.service", true)
|
||||
}
|
||||
_, _ = ncutils.RunCmd("systemctl daemon-reload", true)
|
||||
|
||||
if ncutils.FileExists("/etc/systemd/system/netclient.timer") {
|
||||
_, _ = ncutils.RunCmd("systemctl disable netclient.timer", true)
|
||||
}
|
||||
if fullremove {
|
||||
if ncutils.FileExists("/etc/systemd/system/netclient.service") {
|
||||
err = os.Remove("/etc/systemd/system/netclient.service")
|
||||
}
|
||||
}
|
||||
if ncutils.FileExists("/etc/systemd/system/netclient.timer") {
|
||||
err = os.Remove("/etc/systemd/system/netclient.timer")
|
||||
}
|
||||
_, err = ncutils.RunCmd("systemctl disable netclient.service", true)
|
||||
_, err = ncutils.RunCmd("systemctl disable netclient.timer", true)
|
||||
err = os.Remove("/etc/systemd/system/netclient.service")
|
||||
err = os.Remove("/etc/systemd/system/netclient.timer")
|
||||
if err != nil {
|
||||
log.Println("Error removing file. Please investigate.")
|
||||
log.Println(err)
|
||||
|
@ -132,16 +119,10 @@ func RemoveSystemDServices(network string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func isOnlyService(network string) (bool, error) {
|
||||
isonly := false
|
||||
func isOnlyService() bool {
|
||||
files, err := filepath.Glob("/etc/netclient/config/netconfig-*")
|
||||
if err != nil {
|
||||
return isonly, err
|
||||
return false
|
||||
}
|
||||
count := len(files)
|
||||
if count == 0 {
|
||||
isonly = true
|
||||
}
|
||||
return isonly, err
|
||||
|
||||
return len(files) == 0
|
||||
}
|
||||
|
|
|
@ -229,7 +229,7 @@ func RemoveLocalInstance(cfg *config.ClientConfig, networkName string) error {
|
|||
} else if ncutils.IsMac() {
|
||||
//TODO: Delete mac daemon
|
||||
} else {
|
||||
err = daemon.RemoveSystemDServices(networkName)
|
||||
err = daemon.RemoveSystemDServices()
|
||||
}
|
||||
}
|
||||
return err
|
||||
|
|
Loading…
Reference in a new issue