github-personal/netmaker-helm
1
0
Fork 0
mirror of https://github.com/outbackdingo/netmaker-helm.git synced 2026-01-27 10:19:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

upgrading to 0.14.5

Browse Source
This commit is contained in:
afeiszli
2022-07-12 21:57:13 -04:00
parent 5e0d20093d
commit c0a23356ec
8 changed files with 216 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Chart.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: v2
name: netmaker
description: A Helm chart to run HA Netmaker on Kubernetes
icon: https://raw.githubusercontent.com/gravitl/netmaker/master/netclient/windowsdata/resource/netclient.ico
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
@@ -21,7 +21,7 @@ version: 0.1.0
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.9.0"
appVersion: "0.14.5"
dependencies:
- name: "postgresql-ha"

32
README.md
View File

@@ -1,13 +1,13 @@
# Netmaker Helm
![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square)
![Version: 0.2.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.5](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square)
A Helm chart to run Netmaker with High Availability on Kubernetes
## Requirements
To run HA Netmaker on Kubernetes, your cluster must have the following:
- RWO and RWX Storage Classes (RWX is only required if running Netmaker with DNS Management enabled).
- RWO and RWX Storage Classes
- An Ingress Controller and valid TLS certificates
- This chart can currently generate ingress for:
- Nginx Ingress + LetsEncrypt/Cert-Manager
@@ -25,7 +25,7 @@ Furthermore, the chart will by default install and use a postgresql cluster as i
```
helm install ./netmaker --generate-name \ # generate a random id for the deploy
--set wireguard.kernel=true \ # set wireguard to kernel mode (false by default)
--set baseDomain=nm.example.com \ # the base wildcard domain to use for the netmaker api/dashboard/grpc ingress
--set baseDomain=nm.example.com \ # the base wildcard domain to use for the netmaker api/dashboard/mq ingress
--set replicas=3 \ # number of server replicas to deploy (3 by default)
--set ingress.enabled=true \ # deploy ingress automatically (requires nginx or traefik and cert-manager + letsencrypt)
--set ingress.className=nginx \ # ingress class to use
@@ -37,14 +37,20 @@ helm install ./netmaker --generate-name \ # generate a random id for the deploy
### Recommended Settings:
A minimal HA install of Netmaker can be run with the following command:
`helm install netmaker --generate-name --set baseDomain=nm.example.com`
`helm install netmaker --generate-name --set baseDomain=nm.example.com --set RWXStorageClassName=nfs`
`
This install has some notable exceptions:
- Ingress **must** be manually configured post-install (need to create valid Ingress with TLS)
- Server will use "userspace" WireGuard, which is slower than kernel WG
- DNS will be disabled
Below, we discuss the considerations for Ingress, Kernel WireGuard, and DNS.
#### MQ
The MQ Broker is deployed either without Ingress (Nginx) or with Ingress (Traefik). Without Ingress, Netmaker's MQTT sets up a NodePort on the cluster (31883 by default). The broker.domain address must reach the nodes at this port. Certificates are then handled by Netmaker, so Ingress+Certs are not required.
If using Traefik, a TCPIngressRoute object is created, which works in place of the NodePort.
#### Ingress
To run HA Netmaker, you must have ingress installed and enabled on your cluster with valid TLS certificates (not self-signed). If you are running Nginx as your Ingress Controller and LetsEncrypt for TLS certificate management, you can run the helm install with the following settings:
`--set ingress.enabled=true`
@@ -53,10 +59,7 @@ To run HA Netmaker, you must have ingress installed and enabled on your cluster
If you are not using Nginx and LetsEncrypt, we recommend leaving ingress.enabled=false (default), and then manually creating the ingress objects post-install. You will need three ingress objects with TLS:
`dashboard.<baseDomain>`
`api.<baseDomain>`
`grpc.<baseDomain>`
The gRPC ingress object must include annotations to use the gRPC protocol, which is supported by most ingress controllers. For instance, on Traefik, the annotation is:
`ingress.kubernetes.io/protocol: h2c`
`broker.<baseDomain>`
You can find example ingress objects in the kube/example folder.
@@ -76,8 +79,6 @@ This will also require specifying a service address for DNS. Choose a valid ipv4
- bind the CoreDNS service to port 53 on one of your worker nodes and set the COREDNS_ADDRESS equal to the public IP of the worker node
- Create a private Network with Netmaker and set the COREDNS_ADDRESS equal to the private address of the host running CoreDNS. For this, CoreDNS will need a node selector and will ideally run on the same host as one of the Netmaker server instances.
## Values
| Key | Type | Default | Description |
@@ -87,10 +88,8 @@ This will also require specifying a service address for DNS. Choose a valid ipv4
| fullnameOverride | string | `""` | override the full name for netmaker objects |
| image.pullPolicy | string | `"Always"` | Pull Policy for images |
| image.repository | string | `"gravitl/netmaker"` | The image repo to pull Netmaker image from |
| image.tag | string | `"v0.8.4"` | Override the image tag to pull |
| image.tag | string | `"v0.14.5"` | Override the image tag to pull |
| ingress.annotations.base."kubernetes.io/ingress.allow-http" | string | `"false"` | annotation to generate ACME certs if available |
| ingress.annotations.grpc.nginx."nginx.ingress.kubernetes.io/backend-protocol" | string | `"GRPC"` | annotation to use grpc protocol on grpc domain |
| ingress.annotations.grpc.traefik."ingress.kubernetes.io/protocol" | string | `"h2c"` | annotation to use grpc protocol on grpc domain |
| ingress.annotations.nginx."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/"` | destination addr for route |
| ingress.annotations.nginx."nginx.ingress.kubernetes.io/ssl-redirect" | string | `"true"` | Redirect http to https |
| ingress.annotations.tls."kubernetes.io/tls-acme" | string | `"true"` | use acme cert if available |
@@ -98,7 +97,7 @@ This will also require specifying a service address for DNS. Choose a valid ipv4
| ingress.annotations.traefik."traefik.ingress.kubernetes.io/redirect-permanent" | string | `"true"` | Redirect to https permanently |
| ingress.annotations.traefik."traefik.ingress.kubernetes.io/rule-type" | string | `"PathPrefixStrip"` | rule type |
| ingress.enabled | bool | `false` | attempts to configure ingress if true |
| ingress.hostPrefix.grpc | string | `"grpc."` | grpc route subdomain |
| ingress.hostPrefix.mq | string | `"broker."` | broker route subdomain |
| ingress.hostPrefix.rest | string | `"api."` | api (REST) route subdomain |
| ingress.hostPrefix.ui | string | `"dashboard."` | ui route subdomain |
| ingress.tls.enabled | bool | `true` | |
@@ -111,7 +110,7 @@ This will also require specifying a service address for DNS. Choose a valid ipv4
| postgresql-ha.postgresql.password | string | `"netmaker"` | postgres pass to generate |
| postgresql-ha.postgresql.username | string | `"netmaker"` | postgres user to generate |
| replicas | int | `3` | number of netmaker server replicas to create |
| service.grpcPort | int | `443` | port for GRPC service |
| service.mqPort | int | `31883` | port for MQ service |
| service.restPort | int | `8081` | port for API service |
| service.type | string | `"ClusterIP"` | type for netmaker server services |
| service.uiPort | int | `80` | port for UI service |
@@ -119,7 +118,6 @@ This will also require specifying a service address for DNS. Choose a valid ipv4
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
| serviceAccount.name | string | `""` | Name of SA to use. If not set and create is true, a name is generated using the fullname template |
| ui.replicas | int | `2` | how many UI replicas to create |
| wireguard.enabled | bool | `true` | whether or not to use WireGuard on server |
| wireguard.kernel | bool | `false` | whether or not to use Kernel WG (should be false unless WireGuard is installed on hosts). |
| wireguard.networkLimit | int | `10` | max number of networks that Netmaker will support if running with WireGuard enabled |

88
templates/ingress.yaml
View File

@@ -2,10 +2,10 @@
{{- $fullName := include "netmaker.fullname" . -}}
{{- $fullUIName := printf "%s-%s" $fullName "ui" -}}
{{- $fullRESTName := printf "%s-%s" $fullName "rest" -}}
{{- $fullGRPCName := printf "%s-%s" $fullName "grpc" -}}
{{- $fullMQName := printf "%s-%s" $fullName "mq" -}}
{{- $uiSvcPort := .Values.service.uiPort -}}
{{- $restSvcPort := .Values.service.restPort -}}
{{- $grpcSvcPort := .Values.service.grpcPort -}}
{{- $mqSvcPort := .Values.service.mqPort -}}
{{- $classname := required "A valid .Values.ingress.className entry required! Please set this to your ingress class (nginx, traefik)" .Values.ingress.className}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
@@ -127,107 +127,45 @@ spec:
serviceName: {{ $fullRESTName }}
servicePort: {{ $restSvcPort }}
{{- end }}
---
{{- if not (eq .Values.ingress.className "traefik") }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullGRPCName }}
labels:
{{- include "netmaker.labels" . | nindent 4 }}
{{- with .Values.ingress }}
annotations:
{{- toYaml .annotations.base | nindent 4 }}
{{- if or (eq .className "nginx") (eq .className "public") }}
{{- toYaml .annotations.nginx | nindent 4 }}
{{- toYaml .annotations.grpc.nginx | nindent 4 }}
{{- end }}
{{- if eq .className "traefik" }}
{{- toYaml .annotations.traefik | nindent 4 }}
{{- end }}
{{- if and .tls.enabled (eq .tls.issuerName "" )}}
{{- toYaml .annotations.tls | nindent 4 }}
{{- else if .tls.enabled}}
cert-manager.io/cluster-issuer: {{ .tls.issuerName }}
{{- end }}
{{- end }}
spec:
{{- if (not (eq .Values.ingress.className "traefik")) }}
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ required "A valid .Values.ingress.className entry required!" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if .Values.ingress.tls.enabled }}
tls:
- hosts:
- {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}
secretName: {{ $fullGRPCName }}-tls-secret
{{- end }}
rules:
- host: {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}
http:
paths:
- path: /
{{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: Prefix
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullGRPCName }}
port:
number: {{ $grpcSvcPort }}
{{- else }}
serviceName: {{ $fullGRPCName }}
servicePort: {{ $grpcSvcPort }}
{{- end }}
{{- end }}
{{- if eq .Values.ingress.className "traefik" }}
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: {{ $fullGRPCName }}
name: {{ $fullMQName }}
labels:
{{- include "netmaker.labels" . | nindent 4 }}
spec:
entryPoints:
- websecure
routes:
- match: HostSNI(`{{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}`)
- match: HostSNI(`{{ .Values.ingress.hostPrefix.mq }}{{ .Values.baseDomain }}`)
services:
- name: {{ $fullGRPCName }}
port: {{ $grpcSvcPort }}
passthrough: true
scheme: https
- name: {{ $fullMQName }}
port: {{ $mqSvcPort }}
tls:
secretName: {{ $fullGRPCName }}-tls-secret
passthrough: true
secretName: {{ $fullMQName }}-tls-secret
domains:
- main: {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}
- main: {{ .Values.ingress.hostPrefix.mq }}{{ .Values.baseDomain }}
{{- if and .Values.ingress.tls.enabled (not (eq .Values.ingress.tls.issuerName "" ))}}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
annotations:
acme.cert-manager.io/http01-override-ingress-name: {{ $fullRESTName }}
acme.cert-manager.io/http01-override-ingress-name: {{ $fullMQName }}
labels:
{{- include "netmaker.labels" . | nindent 4 }}
name: {{ $fullGRPCName }}-tls-secret
name: {{ $fullMQName }}-tls-secret
spec:
dnsNames:
- {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}
- {{ .Values.ingress.hostPrefix.mq }}{{ .Values.baseDomain }}
issuerRef:
group: cert-manager.io
kind: ClusterIssuer
name: {{ .Values.ingress.tls.issuerName }}
secretName: {{ $fullGRPCName }}-tls-secret
secretName: {{ $fullMQName }}-tls-secret
usages:
- digital signature
- key encipherment

145
templates/mq.yaml Normal file
View File

@@ -0,0 +1,145 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "netmaker.fullname" . }}-mqtt
labels:
app: {{ include "netmaker.fullname" . }}-mqtt
spec:
selector:
matchLabels:
app: {{ include "netmaker.fullname" . }}-mqtt
replicas: {{ .Values.mq.replicas }}
strategy:
type: Recreate
template:
metadata:
labels:
app: {{ include "netmaker.fullname" . }}-mqtt
spec:
{{- if .Values.mq.singlenode }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: mqhost
operator: In
values:
- "true"
{{- end }}
containers:
- image: eclipse-mosquitto:2.0.11-openssl
imagePullPolicy: Always
name: mosquitto
livenessProbe:
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 8883
timeoutSeconds: 1
name: mosquitto
ports:
- containerPort: 1883
name: mqtt
protocol: TCP
- containerPort: 8883
name: mqtt2
protocol: TCP
readinessProbe:
failureThreshold: 3
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 8883
timeoutSeconds: 1
resources: {}
startupProbe:
failureThreshold: 30
periodSeconds: 5
successThreshold: 1
tcpSocket:
port: 8883
timeoutSeconds: 1
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /mosquitto/config/mosquitto.conf
name: mosquitto-config
subPath: mosquitto.conf
- mountPath: /mosquitto/certs
name: shared-certs
volumes:
- configMap:
name: {{ include "netmaker.fullname" . }}-mqtt-config
name: mosquitto-config
- name: shared-certs
persistentVolumeClaim:
claimName: {{ include "netmaker.fullname" . }}-shared-certs-pvc
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "netmaker.fullname" . }}-mqtt
spec:
ports:
- name: mqtt
port: 1883
protocol: TCP
targetPort: mqtt
- name: mqtt2
port: 8883
protocol: TCP
targetPort: mqtt2
selector:
app: {{ include "netmaker.fullname" . }}-mqtt
sessionAffinity: None
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ include "netmaker.fullname" . }}-shared-certs-pvc
spec:
storageClassName: {{ required "A valid .Values.RWXStorageClassName entry required! Specify an available RWX storage class." .Values.RWXStorageClassName}}
accessModes:
- ReadWriteMany
resources:
requests:
storage: {{ .Values.mq.storageSize }}
---
apiVersion: v1
kind: Service
metadata:
labels:
name: {{ include "netmaker.fullname" . }}-mqtt-nodeport
spec:
externalTrafficPolicy: Cluster
type: NodePort
selector:
app: {{ include "netmaker.fullname" . }}-mqtt
ports:
- port: {{ .Values.service.mqPort }}
nodePort: {{ .Values.service.mqPort }}
protocol: TCP
targetPort: 8883
name: nm-mqtt
---
apiVersion: v1
data:
mosquitto.conf: |
per_listener_settings true
listener 8883
allow_anonymous false
require_certificate true
use_identity_as_username true
cafile /mosquitto/certs/root.pem
certfile /mosquitto/certs/server.pem
keyfile /mosquitto/certs/server.key
listener 1883
allow_anonymous true
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/instance: {{ include "netmaker.fullname" . }}-mqtt
app.kubernetes.io/name: {{ include "netmaker.fullname" . }}-mqtt
name: {{ include "netmaker.fullname" . }}-mqtt-config

43
templates/netmaker-statefulset.yaml
View File

@@ -15,8 +15,6 @@ spec:
labels:
app: {{ include "netmaker.fullname" . }}
spec:
{{- if .Values.wireguard.enabled }}
{{- if .Values.setIpForwarding.enabled }}
initContainers:
- name: init-sysctl
image: busybox
@@ -24,7 +22,6 @@ spec:
command: ["sysctl", "-w", "net.ipv4.ip_forward=1"]
securityContext:
privileged: true
{{- end }}
dnsPolicy: ClusterFirstWithHostNet
affinity:
podAntiAffinity:
@@ -36,27 +33,20 @@ spec:
values:
- {{ include "netmaker.fullname" . }}
topologyKey: "kubernetes.io/hostname"
{{- end }}
containers:
- env:
- name: SERVER_NAME
value: broker.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}
- name: SERVER_API_CONN_STRING
value: api.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}:443
- name: SERVER_GRPC_CONN_STRING
value: grpc.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}:443
- name: GRPC_SSL
value: "on"
- name: SERVER_HTTP_HOST
value: api.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}
- name: SERVER_GRPC_HOST
value: grpc.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}
- name: API_PORT
value: "8081"
{{- if not .Values.wireguard.kernel }}
- name: WG_QUICK_USERSPACE_IMPLEMENTATION
value: wireguard-go
{{- end }}
- name: GRPC_PORT
value: "443"
{{- if .Values.dns.enabled }}
- name: DNS_MODE
value: "on"
@@ -66,13 +56,8 @@ spec:
- name: DNS_MODE
value: "off"
{{- end }}
{{- if .Values.wireguard.enabled }}
- name: CLIENT_MODE
value: "on"
{{- else }}
- name: CLIENT_MODE
value: "off"
{{- end }}
- name: MASTER_KEY
value: {{ include "netmaker.masterKey" . }}
- name: PLATFORM
@@ -96,14 +81,20 @@ spec:
value: {{ index .Values "postgresql-ha" "postgresql" "password" }}
- name: DATABASE
value: postgres
- name: MQ_HOST
value: {{ include "netmaker.fullname" . }}-mqtt
- name: MQ_PORT
value: "{{ .Values.service.mqPort }}"
- name: MQ_SERVER_PORT
value: "1883"
- name: VERBOSITY
value: "3"
image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: {{ include "netmaker.fullname" . }}
ports:
- containerPort: {{ .Values.service.restPort }}
protocol: TCP
- containerPort: {{ .Values.service.grpcPort }}
protocol: TCP
{{- if .Values.wireguard.enabled }}
{{ $count := (add .Values.wireguard.networkLimit 1 | int) }}
{{- range untilStep 1 $count 1 }}
@@ -111,18 +102,24 @@ spec:
protocol: UDP
{{- end }}
{{- end }}
resources: {}
{{- if .Values.wireguard.enabled }}
securityContext:
capabilities:
add:
- NET_ADMIN
{{- end }}
{{- if .Values.dns.enabled }}
- NET_RAW
- SYS_MODULE
volumeMounts:
- mountPath: /etc/netmaker/
name: shared-certs
{{- if .Values.dns.enabled }}
- name: {{ include "netmaker.fullname" . }}-dns-pvc
mountPath: /root/config/dnsconfig
{{- end }}
volumes:
- name: shared-certs
persistentVolumeClaim:
claimName: {{ include "netmaker.fullname" . }}-shared-certs-pvc
{{- if .Values.dns.enabled }}
- name: {{ include "netmaker.fullname" . }}-dns-pvc
persistentVolumeClaim:
claimName: {{ include "netmaker.fullname" . }}-dns-pvc

4
templates/netmaker-ui-deployment.yaml
View File

@@ -16,9 +16,9 @@ spec:
spec:
containers:
- name: {{ include "netmaker.fullname" . }}-ui
image: gravitl/netmaker-ui:v0.8
image: gravitl/netmaker-ui:{{ .Values.image.tag }}
ports:
- containerPort: {{ .Values.service.grpcPort }}
- containerPort: {{ .Values.service.uiPort }}
env:
- name: BACKEND_URL
value: 'https://{{ .Values.ingress.hostPrefix.rest }}{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}'

21
templates/services.yaml
View File

@@ -33,24 +33,6 @@ spec:
---
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "netmaker.labels" . | nindent 4 }}
name: '{{ include "netmaker.fullname" . }}-grpc'
spec:
ports:
- name: rest
port: {{ .Values.service.grpcPort }}
protocol: TCP
targetPort: {{ .Values.service.grpcPort }}
selector:
app: '{{ include "netmaker.fullname" . }}'
sessionAffinity: None
type: {{ .Values.service.type }}
{{- if .Values.wireguard.enabled }}
---
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "netmaker.labels" . | nindent 4 }}
@@ -68,5 +50,4 @@ spec:
name: wg-iface-{{ add 31820 . }}
{{- end }}
selector:
app: '{{ include "netmaker.fullname" . }}'
{{- end }}
app: '{{ include "netmaker.fullname" . }}'

37
values.yaml
View File

@@ -11,7 +11,7 @@ image:
# -- Pull Policy for images
pullPolicy: Always
# -- Override the image tag to pull
tag: "v0.8.4-kube"
tag: "v0.14.5"
# -- override the name for netmaker objects
nameOverride: ""
@@ -38,6 +38,18 @@ ui:
# -- how many UI replicas to create
replicas: 2
mq:
# -- how many MQTT replicas to create
replicas: 2
singlenode: true
storageSize: 128Mi
dns:
# -- whether or not to deploy coredns
enabled: false
storageSize: 128Mi
setIpForwarding:
enabled: true
@@ -46,8 +58,8 @@ service:
type: ClusterIP
# -- port for API service
restPort: 8081
# -- port for GRPC service
grpcPort: 443
# -- port for MQTT service
mqPort: 31883
# -- port for UI service
uiPort: 80
@@ -76,20 +88,13 @@ ingress:
traefik.ingress.kubernetes.io/redirect-permanent: "true"
# -- rule type
traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip"
grpc:
nginx:
# -- annotation to use grpc protocol on grpc domain
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
traefik:
# -- annotation to use grpc protocol on grpc domain
ingress.kubernetes.io/protocol: "h2c"
hostPrefix:
# -- ui route subdomain
ui: 'dashboard.'
# -- api (REST) route subdomain
rest: 'api.'
# -- grpc route subdomain
grpc: 'grpc.'
# -- mqtt route subdomain
broker: 'broker.'
wireguard:
# -- whether or not to use WireGuard on server
@@ -99,12 +104,6 @@ wireguard:
# -- max number of networks that Netmaker will support if running with WireGuard enabled
networkLimit: 10
dns:
# -- whether or not to run with DNS (CoreDNS)
enabled: false
# -- volume size for DNS (only needs to hold one file)
storageSize: 128Mi
postgresql-ha:
postgresql:
# -- postgres user to generate
@@ -117,4 +116,4 @@ postgresql-ha:
replicaCount: 2
persistence:
# -- size of postgres DB
size: 3Gi
size: 1Gi