From c0a23356ecfd67b2dc98e8e0cfea15812fe92f7c Mon Sep 17 00:00:00 2001 From: afeiszli Date: Tue, 12 Jul 2022 21:57:13 -0400 Subject: [PATCH] upgrading to 0.14.5 --- Chart.yaml | 4 +- README.md | 32 +++--- templates/ingress.yaml | 88 +++------------- templates/mq.yaml | 145 ++++++++++++++++++++++++++ templates/netmaker-statefulset.yaml | 43 ++++---- templates/netmaker-ui-deployment.yaml | 4 +- templates/services.yaml | 21 +--- values.yaml | 37 ++++--- 8 files changed, 216 insertions(+), 158 deletions(-) create mode 100644 templates/mq.yaml diff --git a/Chart.yaml b/Chart.yaml index e036b10..235986f 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: netmaker description: A Helm chart to run HA Netmaker on Kubernetes - +icon: https://raw.githubusercontent.com/gravitl/netmaker/master/netclient/windowsdata/resource/netclient.ico # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives @@ -21,7 +21,7 @@ version: 0.1.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.9.0" +appVersion: "0.14.5" dependencies: - name: "postgresql-ha" diff --git a/README.md b/README.md index 01f2735..a63ca8c 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,13 @@ # Netmaker Helm -![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.9.0](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.14.5](https://img.shields.io/badge/AppVersion-0.9.0-informational?style=flat-square) A Helm chart to run Netmaker with High Availability on Kubernetes ## Requirements To run HA Netmaker on Kubernetes, your cluster must have the following: -- RWO and RWX Storage Classes (RWX is only required if running Netmaker with DNS Management enabled). +- RWO and RWX Storage Classes - An Ingress Controller and valid TLS certificates - This chart can currently generate ingress for: - Nginx Ingress + LetsEncrypt/Cert-Manager @@ -25,7 +25,7 @@ Furthermore, the chart will by default install and use a postgresql cluster as i ``` helm install ./netmaker --generate-name \ # generate a random id for the deploy --set wireguard.kernel=true \ # set wireguard to kernel mode (false by default) ---set baseDomain=nm.example.com \ # the base wildcard domain to use for the netmaker api/dashboard/grpc ingress +--set baseDomain=nm.example.com \ # the base wildcard domain to use for the netmaker api/dashboard/mq ingress --set replicas=3 \ # number of server replicas to deploy (3 by default) --set ingress.enabled=true \ # deploy ingress automatically (requires nginx or traefik and cert-manager + letsencrypt) --set ingress.className=nginx \ # ingress class to use @@ -37,14 +37,20 @@ helm install ./netmaker --generate-name \ # generate a random id for the deploy ### Recommended Settings: A minimal HA install of Netmaker can be run with the following command: -`helm install netmaker --generate-name --set baseDomain=nm.example.com` +`helm install netmaker --generate-name --set baseDomain=nm.example.com --set RWXStorageClassName=nfs` +` This install has some notable exceptions: - Ingress **must** be manually configured post-install (need to create valid Ingress with TLS) -- Server will use "userspace" WireGuard, which is slower than kernel WG - DNS will be disabled Below, we discuss the considerations for Ingress, Kernel WireGuard, and DNS. +#### MQ + +The MQ Broker is deployed either without Ingress (Nginx) or with Ingress (Traefik). Without Ingress, Netmaker's MQTT sets up a NodePort on the cluster (31883 by default). The broker.domain address must reach the nodes at this port. Certificates are then handled by Netmaker, so Ingress+Certs are not required. + +If using Traefik, a TCPIngressRoute object is created, which works in place of the NodePort. + #### Ingress To run HA Netmaker, you must have ingress installed and enabled on your cluster with valid TLS certificates (not self-signed). If you are running Nginx as your Ingress Controller and LetsEncrypt for TLS certificate management, you can run the helm install with the following settings: `--set ingress.enabled=true` @@ -53,10 +59,7 @@ To run HA Netmaker, you must have ingress installed and enabled on your cluster If you are not using Nginx and LetsEncrypt, we recommend leaving ingress.enabled=false (default), and then manually creating the ingress objects post-install. You will need three ingress objects with TLS: `dashboard.` `api.` -`grpc.` - -The gRPC ingress object must include annotations to use the gRPC protocol, which is supported by most ingress controllers. For instance, on Traefik, the annotation is: -`ingress.kubernetes.io/protocol: h2c` +`broker.` You can find example ingress objects in the kube/example folder. @@ -76,8 +79,6 @@ This will also require specifying a service address for DNS. Choose a valid ipv4 - bind the CoreDNS service to port 53 on one of your worker nodes and set the COREDNS_ADDRESS equal to the public IP of the worker node - Create a private Network with Netmaker and set the COREDNS_ADDRESS equal to the private address of the host running CoreDNS. For this, CoreDNS will need a node selector and will ideally run on the same host as one of the Netmaker server instances. - - ## Values | Key | Type | Default | Description | @@ -87,10 +88,8 @@ This will also require specifying a service address for DNS. Choose a valid ipv4 | fullnameOverride | string | `""` | override the full name for netmaker objects | | image.pullPolicy | string | `"Always"` | Pull Policy for images | | image.repository | string | `"gravitl/netmaker"` | The image repo to pull Netmaker image from | -| image.tag | string | `"v0.8.4"` | Override the image tag to pull | +| image.tag | string | `"v0.14.5"` | Override the image tag to pull | | ingress.annotations.base."kubernetes.io/ingress.allow-http" | string | `"false"` | annotation to generate ACME certs if available | -| ingress.annotations.grpc.nginx."nginx.ingress.kubernetes.io/backend-protocol" | string | `"GRPC"` | annotation to use grpc protocol on grpc domain | -| ingress.annotations.grpc.traefik."ingress.kubernetes.io/protocol" | string | `"h2c"` | annotation to use grpc protocol on grpc domain | | ingress.annotations.nginx."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/"` | destination addr for route | | ingress.annotations.nginx."nginx.ingress.kubernetes.io/ssl-redirect" | string | `"true"` | Redirect http to https | | ingress.annotations.tls."kubernetes.io/tls-acme" | string | `"true"` | use acme cert if available | @@ -98,7 +97,7 @@ This will also require specifying a service address for DNS. Choose a valid ipv4 | ingress.annotations.traefik."traefik.ingress.kubernetes.io/redirect-permanent" | string | `"true"` | Redirect to https permanently | | ingress.annotations.traefik."traefik.ingress.kubernetes.io/rule-type" | string | `"PathPrefixStrip"` | rule type | | ingress.enabled | bool | `false` | attempts to configure ingress if true | -| ingress.hostPrefix.grpc | string | `"grpc."` | grpc route subdomain | +| ingress.hostPrefix.mq | string | `"broker."` | broker route subdomain | | ingress.hostPrefix.rest | string | `"api."` | api (REST) route subdomain | | ingress.hostPrefix.ui | string | `"dashboard."` | ui route subdomain | | ingress.tls.enabled | bool | `true` | | @@ -111,7 +110,7 @@ This will also require specifying a service address for DNS. Choose a valid ipv4 | postgresql-ha.postgresql.password | string | `"netmaker"` | postgres pass to generate | | postgresql-ha.postgresql.username | string | `"netmaker"` | postgres user to generate | | replicas | int | `3` | number of netmaker server replicas to create | -| service.grpcPort | int | `443` | port for GRPC service | +| service.mqPort | int | `31883` | port for MQ service | | service.restPort | int | `8081` | port for API service | | service.type | string | `"ClusterIP"` | type for netmaker server services | | service.uiPort | int | `80` | port for UI service | @@ -119,7 +118,6 @@ This will also require specifying a service address for DNS. Choose a valid ipv4 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | Name of SA to use. If not set and create is true, a name is generated using the fullname template | | ui.replicas | int | `2` | how many UI replicas to create | -| wireguard.enabled | bool | `true` | whether or not to use WireGuard on server | | wireguard.kernel | bool | `false` | whether or not to use Kernel WG (should be false unless WireGuard is installed on hosts). | | wireguard.networkLimit | int | `10` | max number of networks that Netmaker will support if running with WireGuard enabled | diff --git a/templates/ingress.yaml b/templates/ingress.yaml index c26df0f..d181eaa 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -2,10 +2,10 @@ {{- $fullName := include "netmaker.fullname" . -}} {{- $fullUIName := printf "%s-%s" $fullName "ui" -}} {{- $fullRESTName := printf "%s-%s" $fullName "rest" -}} -{{- $fullGRPCName := printf "%s-%s" $fullName "grpc" -}} +{{- $fullMQName := printf "%s-%s" $fullName "mq" -}} {{- $uiSvcPort := .Values.service.uiPort -}} {{- $restSvcPort := .Values.service.restPort -}} -{{- $grpcSvcPort := .Values.service.grpcPort -}} +{{- $mqSvcPort := .Values.service.mqPort -}} {{- $classname := required "A valid .Values.ingress.className entry required! Please set this to your ingress class (nginx, traefik)" .Values.ingress.className}} {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} @@ -127,107 +127,45 @@ spec: serviceName: {{ $fullRESTName }} servicePort: {{ $restSvcPort }} {{- end }} ---- -{{- if not (eq .Values.ingress.className "traefik") }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $fullGRPCName }} - labels: - {{- include "netmaker.labels" . | nindent 4 }} - {{- with .Values.ingress }} - annotations: - {{- toYaml .annotations.base | nindent 4 }} - {{- if or (eq .className "nginx") (eq .className "public") }} - {{- toYaml .annotations.nginx | nindent 4 }} - {{- toYaml .annotations.grpc.nginx | nindent 4 }} - {{- end }} - {{- if eq .className "traefik" }} - {{- toYaml .annotations.traefik | nindent 4 }} - {{- end }} - {{- if and .tls.enabled (eq .tls.issuerName "" )}} - {{- toYaml .annotations.tls | nindent 4 }} - {{- else if .tls.enabled}} - cert-manager.io/cluster-issuer: {{ .tls.issuerName }} - {{- end }} - {{- end }} -spec: - {{- if (not (eq .Values.ingress.className "traefik")) }} - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ required "A valid .Values.ingress.className entry required!" .Values.ingress.className}} - {{- end }} - {{- end }} - {{- if .Values.ingress.tls.enabled }} - tls: - - hosts: - - {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }} - secretName: {{ $fullGRPCName }}-tls-secret - {{- end }} - rules: - - host: {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }} - http: - paths: - - path: / - {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: Prefix - {{- end }} - backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} - service: - name: {{ $fullGRPCName }} - port: - number: {{ $grpcSvcPort }} - {{- else }} - serviceName: {{ $fullGRPCName }} - servicePort: {{ $grpcSvcPort }} - {{- end }} -{{- end }} {{- if eq .Values.ingress.className "traefik" }} --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRouteTCP metadata: - name: {{ $fullGRPCName }} + name: {{ $fullMQName }} labels: {{- include "netmaker.labels" . | nindent 4 }} spec: entryPoints: - websecure routes: - - match: HostSNI(`{{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }}`) + - match: HostSNI(`{{ .Values.ingress.hostPrefix.mq }}{{ .Values.baseDomain }}`) services: - - name: {{ $fullGRPCName }} - port: {{ $grpcSvcPort }} - passthrough: true - scheme: https + - name: {{ $fullMQName }} + port: {{ $mqSvcPort }} tls: - secretName: {{ $fullGRPCName }}-tls-secret + passthrough: true + secretName: {{ $fullMQName }}-tls-secret domains: - - main: {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }} + - main: {{ .Values.ingress.hostPrefix.mq }}{{ .Values.baseDomain }} {{- if and .Values.ingress.tls.enabled (not (eq .Values.ingress.tls.issuerName "" ))}} --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: annotations: - acme.cert-manager.io/http01-override-ingress-name: {{ $fullRESTName }} + acme.cert-manager.io/http01-override-ingress-name: {{ $fullMQName }} labels: {{- include "netmaker.labels" . | nindent 4 }} - name: {{ $fullGRPCName }}-tls-secret + name: {{ $fullMQName }}-tls-secret spec: dnsNames: - - {{ .Values.ingress.hostPrefix.grpc }}{{ .Values.baseDomain }} + - {{ .Values.ingress.hostPrefix.mq }}{{ .Values.baseDomain }} issuerRef: group: cert-manager.io kind: ClusterIssuer name: {{ .Values.ingress.tls.issuerName }} - secretName: {{ $fullGRPCName }}-tls-secret + secretName: {{ $fullMQName }}-tls-secret usages: - digital signature - key encipherment diff --git a/templates/mq.yaml b/templates/mq.yaml new file mode 100644 index 0000000..6ee47ac --- /dev/null +++ b/templates/mq.yaml @@ -0,0 +1,145 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "netmaker.fullname" . }}-mqtt + labels: + app: {{ include "netmaker.fullname" . }}-mqtt +spec: + selector: + matchLabels: + app: {{ include "netmaker.fullname" . }}-mqtt + replicas: {{ .Values.mq.replicas }} + strategy: + type: Recreate + template: + metadata: + labels: + app: {{ include "netmaker.fullname" . }}-mqtt + spec: + {{- if .Values.mq.singlenode }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: mqhost + operator: In + values: + - "true" + {{- end }} + containers: + - image: eclipse-mosquitto:2.0.11-openssl + imagePullPolicy: Always + name: mosquitto + livenessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 8883 + timeoutSeconds: 1 + name: mosquitto + ports: + - containerPort: 1883 + name: mqtt + protocol: TCP + - containerPort: 8883 + name: mqtt2 + protocol: TCP + readinessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 8883 + timeoutSeconds: 1 + resources: {} + startupProbe: + failureThreshold: 30 + periodSeconds: 5 + successThreshold: 1 + tcpSocket: + port: 8883 + timeoutSeconds: 1 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /mosquitto/config/mosquitto.conf + name: mosquitto-config + subPath: mosquitto.conf + - mountPath: /mosquitto/certs + name: shared-certs + volumes: + - configMap: + name: {{ include "netmaker.fullname" . }}-mqtt-config + name: mosquitto-config + - name: shared-certs + persistentVolumeClaim: + claimName: {{ include "netmaker.fullname" . }}-shared-certs-pvc +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "netmaker.fullname" . }}-mqtt +spec: + ports: + - name: mqtt + port: 1883 + protocol: TCP + targetPort: mqtt + - name: mqtt2 + port: 8883 + protocol: TCP + targetPort: mqtt2 + selector: + app: {{ include "netmaker.fullname" . }}-mqtt + sessionAffinity: None +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "netmaker.fullname" . }}-shared-certs-pvc +spec: + storageClassName: {{ required "A valid .Values.RWXStorageClassName entry required! Specify an available RWX storage class." .Values.RWXStorageClassName}} + accessModes: + - ReadWriteMany + resources: + requests: + storage: {{ .Values.mq.storageSize }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + name: {{ include "netmaker.fullname" . }}-mqtt-nodeport +spec: + externalTrafficPolicy: Cluster + type: NodePort + selector: + app: {{ include "netmaker.fullname" . }}-mqtt + ports: + - port: {{ .Values.service.mqPort }} + nodePort: {{ .Values.service.mqPort }} + protocol: TCP + targetPort: 8883 + name: nm-mqtt +--- +apiVersion: v1 +data: + mosquitto.conf: | + per_listener_settings true + listener 8883 + allow_anonymous false + require_certificate true + use_identity_as_username true + cafile /mosquitto/certs/root.pem + certfile /mosquitto/certs/server.pem + keyfile /mosquitto/certs/server.key + listener 1883 + allow_anonymous true +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: {{ include "netmaker.fullname" . }}-mqtt + app.kubernetes.io/name: {{ include "netmaker.fullname" . }}-mqtt + name: {{ include "netmaker.fullname" . }}-mqtt-config \ No newline at end of file diff --git a/templates/netmaker-statefulset.yaml b/templates/netmaker-statefulset.yaml index 8fd4a9d..673a172 100644 --- a/templates/netmaker-statefulset.yaml +++ b/templates/netmaker-statefulset.yaml @@ -15,8 +15,6 @@ spec: labels: app: {{ include "netmaker.fullname" . }} spec: - {{- if .Values.wireguard.enabled }} - {{- if .Values.setIpForwarding.enabled }} initContainers: - name: init-sysctl image: busybox @@ -24,7 +22,6 @@ spec: command: ["sysctl", "-w", "net.ipv4.ip_forward=1"] securityContext: privileged: true - {{- end }} dnsPolicy: ClusterFirstWithHostNet affinity: podAntiAffinity: @@ -36,27 +33,20 @@ spec: values: - {{ include "netmaker.fullname" . }} topologyKey: "kubernetes.io/hostname" - {{- end }} containers: - env: + - name: SERVER_NAME + value: broker.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}} - name: SERVER_API_CONN_STRING value: api.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}:443 - - name: SERVER_GRPC_CONN_STRING - value: grpc.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}:443 - - name: GRPC_SSL - value: "on" - name: SERVER_HTTP_HOST value: api.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}} - - name: SERVER_GRPC_HOST - value: grpc.{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}} - name: API_PORT value: "8081" {{- if not .Values.wireguard.kernel }} - name: WG_QUICK_USERSPACE_IMPLEMENTATION value: wireguard-go {{- end }} - - name: GRPC_PORT - value: "443" {{- if .Values.dns.enabled }} - name: DNS_MODE value: "on" @@ -66,13 +56,8 @@ spec: - name: DNS_MODE value: "off" {{- end }} - {{- if .Values.wireguard.enabled }} - name: CLIENT_MODE value: "on" - {{- else }} - - name: CLIENT_MODE - value: "off" - {{- end }} - name: MASTER_KEY value: {{ include "netmaker.masterKey" . }} - name: PLATFORM @@ -96,14 +81,20 @@ spec: value: {{ index .Values "postgresql-ha" "postgresql" "password" }} - name: DATABASE value: postgres + - name: MQ_HOST + value: {{ include "netmaker.fullname" . }}-mqtt + - name: MQ_PORT + value: "{{ .Values.service.mqPort }}" + - name: MQ_SERVER_PORT + value: "1883" + - name: VERBOSITY + value: "3" image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} name: {{ include "netmaker.fullname" . }} ports: - containerPort: {{ .Values.service.restPort }} protocol: TCP - - containerPort: {{ .Values.service.grpcPort }} - protocol: TCP {{- if .Values.wireguard.enabled }} {{ $count := (add .Values.wireguard.networkLimit 1 | int) }} {{- range untilStep 1 $count 1 }} @@ -111,18 +102,24 @@ spec: protocol: UDP {{- end }} {{- end }} - resources: {} - {{- if .Values.wireguard.enabled }} securityContext: capabilities: add: - NET_ADMIN - {{- end }} - {{- if .Values.dns.enabled }} + - NET_RAW + - SYS_MODULE volumeMounts: + - mountPath: /etc/netmaker/ + name: shared-certs + {{- if .Values.dns.enabled }} - name: {{ include "netmaker.fullname" . }}-dns-pvc mountPath: /root/config/dnsconfig + {{- end }} volumes: + - name: shared-certs + persistentVolumeClaim: + claimName: {{ include "netmaker.fullname" . }}-shared-certs-pvc + {{- if .Values.dns.enabled }} - name: {{ include "netmaker.fullname" . }}-dns-pvc persistentVolumeClaim: claimName: {{ include "netmaker.fullname" . }}-dns-pvc diff --git a/templates/netmaker-ui-deployment.yaml b/templates/netmaker-ui-deployment.yaml index b105786..e5dc59b 100644 --- a/templates/netmaker-ui-deployment.yaml +++ b/templates/netmaker-ui-deployment.yaml @@ -16,9 +16,9 @@ spec: spec: containers: - name: {{ include "netmaker.fullname" . }}-ui - image: gravitl/netmaker-ui:v0.8 + image: gravitl/netmaker-ui:{{ .Values.image.tag }} ports: - - containerPort: {{ .Values.service.grpcPort }} + - containerPort: {{ .Values.service.uiPort }} env: - name: BACKEND_URL value: 'https://{{ .Values.ingress.hostPrefix.rest }}{{ required "A valid .Values.baseDomain entry required!" .Values.baseDomain}}' diff --git a/templates/services.yaml b/templates/services.yaml index 8f5bfbb..7ca2471 100644 --- a/templates/services.yaml +++ b/templates/services.yaml @@ -33,24 +33,6 @@ spec: --- apiVersion: v1 kind: Service -metadata: - labels: - {{- include "netmaker.labels" . | nindent 4 }} - name: '{{ include "netmaker.fullname" . }}-grpc' -spec: - ports: - - name: rest - port: {{ .Values.service.grpcPort }} - protocol: TCP - targetPort: {{ .Values.service.grpcPort }} - selector: - app: '{{ include "netmaker.fullname" . }}' - sessionAffinity: None - type: {{ .Values.service.type }} -{{- if .Values.wireguard.enabled }} ---- -apiVersion: v1 -kind: Service metadata: labels: {{- include "netmaker.labels" . | nindent 4 }} @@ -68,5 +50,4 @@ spec: name: wg-iface-{{ add 31820 . }} {{- end }} selector: - app: '{{ include "netmaker.fullname" . }}' -{{- end }} \ No newline at end of file + app: '{{ include "netmaker.fullname" . }}' \ No newline at end of file diff --git a/values.yaml b/values.yaml index 1bed98d..6f9f967 100644 --- a/values.yaml +++ b/values.yaml @@ -11,7 +11,7 @@ image: # -- Pull Policy for images pullPolicy: Always # -- Override the image tag to pull - tag: "v0.8.4-kube" + tag: "v0.14.5" # -- override the name for netmaker objects nameOverride: "" @@ -38,6 +38,18 @@ ui: # -- how many UI replicas to create replicas: 2 +mq: + # -- how many MQTT replicas to create + replicas: 2 + singlenode: true + storageSize: 128Mi + + +dns: + # -- whether or not to deploy coredns + enabled: false + storageSize: 128Mi + setIpForwarding: enabled: true @@ -46,8 +58,8 @@ service: type: ClusterIP # -- port for API service restPort: 8081 - # -- port for GRPC service - grpcPort: 443 + # -- port for MQTT service + mqPort: 31883 # -- port for UI service uiPort: 80 @@ -76,20 +88,13 @@ ingress: traefik.ingress.kubernetes.io/redirect-permanent: "true" # -- rule type traefik.ingress.kubernetes.io/rule-type: "PathPrefixStrip" - grpc: - nginx: - # -- annotation to use grpc protocol on grpc domain - nginx.ingress.kubernetes.io/backend-protocol: "GRPC" - traefik: - # -- annotation to use grpc protocol on grpc domain - ingress.kubernetes.io/protocol: "h2c" hostPrefix: # -- ui route subdomain ui: 'dashboard.' # -- api (REST) route subdomain rest: 'api.' - # -- grpc route subdomain - grpc: 'grpc.' + # -- mqtt route subdomain + broker: 'broker.' wireguard: # -- whether or not to use WireGuard on server @@ -99,12 +104,6 @@ wireguard: # -- max number of networks that Netmaker will support if running with WireGuard enabled networkLimit: 10 -dns: - # -- whether or not to run with DNS (CoreDNS) - enabled: false - # -- volume size for DNS (only needs to hold one file) - storageSize: 128Mi - postgresql-ha: postgresql: # -- postgres user to generate @@ -117,4 +116,4 @@ postgresql-ha: replicaCount: 2 persistence: # -- size of postgres DB - size: 3Gi + size: 1Gi