suda / charts Goto Github PK

View Code? Open in Web Editor NEW

11.0 11.0 13.0 83 KB

A collection of Helm charts

License: Apache License 2.0

Shell 68.83% Mustache 31.17%

ackee hacktoberfest helm helm-chart-repository helm-charts kubernetes openvpn

charts's People

Contributors

Stargazers

Watchers

Forkers

leandrorosa cmdjulian zquestz vodanet enniowolsink uqix krouma mzihlmann phaoll earthlingdavey liquuid almavizca jennydaman

charts's Issues

[personal-ovpn] does this still work? kubernetes v1.25.3

Using the community edition of openvpn client I can connect to the vpn and all looks well, but it doesn't do anything. I thought maybe I needed to enable ip_forwarding. It's enabled on all my worker nodes deployed using kubeadm. However, when I try to enable it I get read-only file system. I thought NET_ADMIN that you set should have done the trick, but doesn't seem to.

# sysctl -w net.ipv4.ip_forward=1
sysctl: error setting key 'net.ipv4.ip_forward': Read-only file system

Testing by trying to access google.com and attempting to nslookup using server '8.8.8.8'.

I've used ssh connected to localhost:2222 and configured it to setup a dynamic socks5 proxy on localhost:9999.

Snippit from client config:

comp-lzo no
proto tcp
socks-proxy localhost 9999
connect-retry-max 1
#route 127.0.0.1 255.255.255.255 127.0.0.1 default
#route 127.0.0.1 255.255.255.255 net_gateway default

remote <personal_ovpn_ip> 1194 tcp

... everything else is the same from ovpn_getclient ...

values.yaml

personal-ovpn:

  namespace: {"name":"openvpn"}

  automatic:
    enabled: true
    externalHostname: 10.0.1.48
    dnsServer: 10.0.0.2

  service:
    type: "LoadBalancer"
    port: 1194

  # to limit network interaction to namespace only (can't see other pods), trafic with one 'f' is correct
  limitTraficToNamespace: false

user revoke management

It would be great to add user revocation and CRL management to it.
Otherwise people will still be able to connect to the VPN.

The ovpn_revokeclient CLI tool is already in place.
I guess we just have to add a revoke-user script and CRL secret.
I think the only downside is you'll need to restart the openvpn server instance to reprocess the CRL list.
We also need to add the --crl-verify option to the server config.

Perhaps it would make sense to enable this by default?
Even if the file is empty it will still allow connections

IP forwarding issue

I ran into the issue it wouldn't allow me to connect to any of my services in a private network.
My fix was to add a small init container to execute sysctl -w net.ipv4.ip_forward=1 because I couldn't do this from the openvpn container ( read only filesystem )
Not sure how others have made it work since I couldn't connect to anything without this.

Error in helm service template for annotations

You've got an issue in your service helm file that makes it impossible to add service annotations.

This wont work because the string is already indented by 4, so adding an additional 4 indent causes it to be invalid YAML

  {{- if .Values.service.annotations }}
  annotations: 
    {{ toYaml .Values.service.annotations | indent 4 }}
  {{- end }}

The easiest way to fix it is this, which makes it much cleaner as well. nindent starts a new line 4 indentations along.

  {{- if .Values.service.annotations }}
  annotations: {{ toYaml .Values.service.annotations | nindent 4 }}
  {{- end }}

Document secret needs

Install instructions are missing any reference to the secret required to run Ackee. The logical place for this would be in the prerequisites section of the readme, which is currently empty. This will help users more quickly realize chart doesn't ship with a database (ref: #1), something that'd be useful to list in the prerequisites section along with the secret.

Example secret:

kind: Secret
apiVersion: v1
metadata:
  name: ackee-password
  namespace: ackee
data:
  ACKEE_PASSWORD: ac2zyNAwDag=
type: Opaque

May be created with kubectl create secret.

Add mongo as dependancie in the chart

Hello,

With helm we can declare dependancy. I would love that this chart automatically install a mongoDB database (can be configuring in values.yaml of course). [https://helm.sh/docs/helm/helm_dependency/]

I can make the pull request if you are interested :)

Thank you for your work !

Chart fails to deploy, because ".Values.namespace.name" field does not exist

Short description

Chart: personal-ovpn

I've encountered a failed Helm deployment, using Helm Controller that is bundled with the Rancher's k3OS. The chart fails to install with Errors.

Reproduction scenario

The following preconditions are assumed:

Rancher's k3OS is deployed
A namespace vpn is created
A Helm chart .yaml file is created, similar to this:

apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
  namespace: kube-system
  name: ovpn-test
spec:
  chart: personal-ovpn
  repo: https://suda.github.io/charts/
  version: 0.2.1
  targetNamespace: vpn
  valuesContent: |-
    limitTraficToNamespace: false
    service:
      port: 33333
      protocol: TCP
      type: LoadBalancer
    namespace: vpn

The following Helm chart definition is then deployed using kubectl apply -f $CHART_FILE_NAME

Expected output

A Helm deployment job is successful

Actual output

A Helm job fails with the following logs:

myclusternodeX [~]$ sudo cat /var/log/pods/kube-system_helm-install-ovpn-test-fd7hr_c242e696-14e4-4690-8c9d-fa31300583b4/helm/2.log 
2021-02-02T21:45:15.347897022Z stderr F CHART=$(sed -e "s/%{KUBERNETES_API}%/${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/g" <<< "${CHART}")
2021-02-02T21:45:15.349514629Z stderr F set +v -x
2021-02-02T21:45:15.350334636Z stderr F + cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/
2021-02-02T21:45:15.35061082Z stderr F + update-ca-certificates
2021-02-02T21:45:15.367185078Z stderr F WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
2021-02-02T21:45:15.383426801Z stderr F + + export HELM_HOST=127.0.0.1:44134tiller 
2021-02-02T21:45:15.383471501Z stderr F --listen=127.0.0.1:44134 --storage=secret
2021-02-02T21:45:15.383477765Z stderr F + HELM_HOST=127.0.0.1:44134
2021-02-02T21:45:15.383483601Z stderr F + helm_v2 init --skip-refresh --client-only
2021-02-02T21:45:15.460058321Z stdout F Creating /root/.helm 
2021-02-02T21:45:15.460160847Z stdout F Creating /root/.helm/repository 
2021-02-02T21:45:15.460232088Z stdout F Creating /root/.helm/repository/cache 
2021-02-02T21:45:15.460240033Z stdout F Creating /root/.helm/repository/local 
2021-02-02T21:45:15.460297005Z stdout F Creating /root/.helm/plugins 
2021-02-02T21:45:15.460344427Z stdout F Creating /root/.helm/starters 
2021-02-02T21:45:15.460394823Z stdout F Creating /root/.helm/cache/archive 
2021-02-02T21:45:15.460514278Z stdout F Creating /root/.helm/repository/repositories.yaml 
2021-02-02T21:45:15.460522769Z stdout F Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com 
2021-02-02T21:45:15.460585873Z stdout F Adding local repo with URL: http://127.0.0.1:8879/charts 
2021-02-02T21:45:15.461358496Z stdout F $HELM_HOME has been configured at /root/.helm.
2021-02-02T21:45:15.46136867Z stdout F Not installing Tiller due to 'client-only' flag having been set
2021-02-02T21:45:15.462971111Z stderr F ++ jq -r '.Releases | length'
2021-02-02T21:45:15.465240575Z stderr F ++ helm_v2 ls --all '^ovpn-test$' --output json
2021-02-02T21:45:15.471242178Z stderr F [main] 2021/02/02 21:45:15 Starting Tiller v2.16.8 (tls=false)
2021-02-02T21:45:15.471270559Z stderr F [main] 2021/02/02 21:45:15 GRPC listening on 127.0.0.1:44134
2021-02-02T21:45:15.471289759Z stderr F [main] 2021/02/02 21:45:15 Probes listening on :44135
2021-02-02T21:45:15.471295144Z stderr F [main] 2021/02/02 21:45:15 Storage driver is Secret
2021-02-02T21:45:15.47129974Z stderr F [main] 2021/02/02 21:45:15 Max history per release is 0
2021-02-02T21:45:15.553812936Z stderr F [storage] 2021/02/02 21:45:15 listing all releases with filter
2021-02-02T21:45:15.572998569Z stderr F + EXIST=
2021-02-02T21:45:15.573115763Z stderr F + '[' '' == 1 ']'
2021-02-02T21:45:15.573126368Z stderr F + '[' '' == v2 ']'
2021-02-02T21:45:15.573131538Z stderr F + shopt -s nullglob
2021-02-02T21:45:15.573136487Z stderr F + helm_content_decode
2021-02-02T21:45:15.573198665Z stderr F + set -e
2021-02-02T21:45:15.573206412Z stderr F + ENC_CHART_PATH=/chart/ovpn-test.tgz.base64
2021-02-02T21:45:15.573211875Z stderr F + CHART_PATH=/ovpn-test.tgz
2021-02-02T21:45:15.573264394Z stderr F + '[' '!' -f /chart/ovpn-test.tgz.base64 ']'
2021-02-02T21:45:15.573272432Z stderr F + return
2021-02-02T21:45:15.573329266Z stderr F + '[' install '!=' delete ']'
2021-02-02T21:45:15.573339094Z stderr F + helm_repo_init
2021-02-02T21:45:15.573391725Z stderr F + grep -q -e 'https\?://'
2021-02-02T21:45:15.579098949Z stderr F + '[' helm_v3 == helm_v3 ']'
2021-02-02T21:45:15.579155168Z stderr F + [[ personal-ovpn == stable/* ]]
2021-02-02T21:45:15.579162805Z stderr F + '[' -n https://suda.github.io/charts/ ']'
2021-02-02T21:45:15.579214524Z stderr F + helm_v3 repo add ovpn-test https://suda.github.io/charts/
2021-02-02T21:45:15.80826059Z stdout F "ovpn-test" has been added to your repositories
2021-02-02T21:45:15.809719982Z stderr F + helm_v3 repo update
2021-02-02T21:45:15.847143569Z stdout F Hang tight while we grab the latest from your chart repositories...
2021-02-02T21:45:16.027848638Z stdout F ...Successfully got an update from the "ovpn-test" chart repository
2021-02-02T21:45:16.027892617Z stdout F Update Complete. ⎈ Happy Helming!⎈ 
2021-02-02T21:45:16.029283003Z stderr F + helm_update install --namespace test --repo https://suda.github.io/charts/ --version 0.2.1
2021-02-02T21:45:16.029427058Z stderr F + '[' helm_v3 == helm_v3 ']'
2021-02-02T21:45:16.030248021Z stderr F ++ helm_v3 ls --all-namespaces --all -f '^ovpn-test$' --output json
2021-02-02T21:45:16.031857147Z stderr F ++ tr '[:upper:]' '[:lower:]'
2021-02-02T21:45:16.03265807Z stderr F ++ jq -r '"\(.[0].app_version),\(.[0].status)"'
2021-02-02T21:45:16.111399444Z stderr F + LINE=null,null
2021-02-02T21:45:16.11224357Z stderr F ++ echo null,null
2021-02-02T21:45:16.112847348Z stderr F ++ cut -f1 -d,
2021-02-02T21:45:16.11361461Z stderr F + INSTALLED_VERSION=null
2021-02-02T21:45:16.114109339Z stderr F ++ echo null,null
2021-02-02T21:45:16.114555626Z stderr F ++ cut -f2 -d,
2021-02-02T21:45:16.115089185Z stderr F + STATUS=null
2021-02-02T21:45:16.115159057Z stderr F + VALUES=
2021-02-02T21:45:16.11526811Z stderr F + for VALUES_FILE in /config/*.yaml
2021-02-02T21:45:16.11527702Z stderr F + VALUES=' --values /config/values-01_HelmChart.yaml'
2021-02-02T21:45:16.115282485Z stderr F + '[' install = delete ']'
2021-02-02T21:45:16.115450971Z stderr F + '[' -z null ']'
2021-02-02T21:45:16.115745586Z stderr F + '[' null = deployed ']'
2021-02-02T21:45:16.116021803Z stderr F + '[' null = failed ']'
2021-02-02T21:45:16.116145788Z stderr F + '[' null = deleted ']'
2021-02-02T21:45:16.116457441Z stderr F + helm_v3 install --namespace test --repo https://suda.github.io/charts/ --version 0.2.1 ovpn-test personal-ovpn --values /config/values-01_HelmChart.yaml
2021-02-02T21:45:17.092620108Z stderr F Error: template: personal-ovpn/templates/tests/test-connection.yaml:5:23: executing "personal-ovpn/templates/tests/test-connection.yaml" at <.Values.namespace.name>: can't evaluate field name in type interface {}

Workaround

The steps to create a workaround that I made, are the following:

Set up a temporary HTTPS webserver on the local network, e.g. http://mytempwebserver.mynetwork.local/charts/
Replace all occurences of .Values.namespace.name with .Values.namespace, within this repo
Build the chart by using helm package ./personal-ovpn-fix && mv ./personal-ovpn-0.2.2.tgz charts/
Refresh the index by executing helm repo index ./charts/
Copy the .tgz archive and index.yaml to the webserver's directory
replace the spec.repo field's value with address of the temporary webserver
Execute the .yaml definition with kubectl apply -f (...)

Observation: the deployment succeeds.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.