suda / charts Goto Github PK
View Code? Open in Web Editor NEWA collection of Helm charts
License: Apache License 2.0
A collection of Helm charts
License: Apache License 2.0
Using the community edition of openvpn client I can connect to the vpn and all looks well, but it doesn't do anything. I thought maybe I needed to enable ip_forwarding. It's enabled on all my worker nodes deployed using kubeadm. However, when I try to enable it I get read-only file system. I thought NET_ADMIN that you set should have done the trick, but doesn't seem to.
# sysctl -w net.ipv4.ip_forward=1
sysctl: error setting key 'net.ipv4.ip_forward': Read-only file system
Testing by trying to access google.com and attempting to nslookup using server '8.8.8.8'.
I've used ssh connected to localhost:2222 and configured it to setup a dynamic socks5 proxy on localhost:9999.
Snippit from client config:
comp-lzo no
proto tcp
socks-proxy localhost 9999
connect-retry-max 1
#route 127.0.0.1 255.255.255.255 127.0.0.1 default
#route 127.0.0.1 255.255.255.255 net_gateway default
remote <personal_ovpn_ip> 1194 tcp
... everything else is the same from ovpn_getclient ...
values.yaml
personal-ovpn:
namespace: {"name":"openvpn"}
automatic:
enabled: true
externalHostname: 10.0.1.48
dnsServer: 10.0.0.2
service:
type: "LoadBalancer"
port: 1194
# to limit network interaction to namespace only (can't see other pods), trafic with one 'f' is correct
limitTraficToNamespace: false
It would be great to add user revocation and CRL management to it.
Otherwise people will still be able to connect to the VPN.
The ovpn_revokeclient
CLI tool is already in place.
I guess we just have to add a revoke-user
script and CRL secret.
I think the only downside is you'll need to restart the openvpn server instance to reprocess the CRL list.
We also need to add the --crl-verify
option to the server config.
Perhaps it would make sense to enable this by default?
Even if the file is empty it will still allow connections
I ran into the issue it wouldn't allow me to connect to any of my services in a private network.
My fix was to add a small init container to execute sysctl -w net.ipv4.ip_forward=1
because I couldn't do this from the openvpn container ( read only filesystem )
Not sure how others have made it work since I couldn't connect to anything without this.
You've got an issue in your service helm file that makes it impossible to add service annotations.
This wont work because the string is already indented by 4, so adding an additional 4 indent causes it to be invalid YAML
{{- if .Values.service.annotations }}
annotations:
{{ toYaml .Values.service.annotations | indent 4 }}
{{- end }}
The easiest way to fix it is this, which makes it much cleaner as well. nindent starts a new line 4 indentations along.
{{- if .Values.service.annotations }}
annotations: {{ toYaml .Values.service.annotations | nindent 4 }}
{{- end }}
Install instructions are missing any reference to the secret required to run Ackee. The logical place for this would be in the prerequisites section of the readme, which is currently empty. This will help users more quickly realize chart doesn't ship with a database (ref: #1), something that'd be useful to list in the prerequisites section along with the secret.
Example secret:
kind: Secret
apiVersion: v1
metadata:
name: ackee-password
namespace: ackee
data:
ACKEE_PASSWORD: ac2zyNAwDag=
type: Opaque
May be created with kubectl create secret
.
Hello,
With helm we can declare dependancy. I would love that this chart automatically install a mongoDB database (can be configuring in values.yaml of course). [https://helm.sh/docs/helm/helm_dependency/]
I can make the pull request if you are interested :)
Thank you for your work !
Chart: personal-ovpn
I've encountered a failed Helm deployment, using Helm Controller that is bundled with the Rancher's k3OS. The chart fails to install with Errors.
The following preconditions are assumed:
vpn
is createdapiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
namespace: kube-system
name: ovpn-test
spec:
chart: personal-ovpn
repo: https://suda.github.io/charts/
version: 0.2.1
targetNamespace: vpn
valuesContent: |-
limitTraficToNamespace: false
service:
port: 33333
protocol: TCP
type: LoadBalancer
namespace: vpn
kubectl apply -f $CHART_FILE_NAME
A Helm deployment job is successful
A Helm job fails with the following logs:
myclusternodeX [~]$ sudo cat /var/log/pods/kube-system_helm-install-ovpn-test-fd7hr_c242e696-14e4-4690-8c9d-fa31300583b4/helm/2.log
2021-02-02T21:45:15.347897022Z stderr F CHART=$(sed -e "s/%{KUBERNETES_API}%/${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/g" <<< "${CHART}")
2021-02-02T21:45:15.349514629Z stderr F set +v -x
2021-02-02T21:45:15.350334636Z stderr F + cp /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /usr/local/share/ca-certificates/
2021-02-02T21:45:15.35061082Z stderr F + update-ca-certificates
2021-02-02T21:45:15.367185078Z stderr F WARNING: ca-certificates.crt does not contain exactly one certificate or CRL: skipping
2021-02-02T21:45:15.383426801Z stderr F + + export HELM_HOST=127.0.0.1:44134tiller
2021-02-02T21:45:15.383471501Z stderr F --listen=127.0.0.1:44134 --storage=secret
2021-02-02T21:45:15.383477765Z stderr F + HELM_HOST=127.0.0.1:44134
2021-02-02T21:45:15.383483601Z stderr F + helm_v2 init --skip-refresh --client-only
2021-02-02T21:45:15.460058321Z stdout F Creating /root/.helm
2021-02-02T21:45:15.460160847Z stdout F Creating /root/.helm/repository
2021-02-02T21:45:15.460232088Z stdout F Creating /root/.helm/repository/cache
2021-02-02T21:45:15.460240033Z stdout F Creating /root/.helm/repository/local
2021-02-02T21:45:15.460297005Z stdout F Creating /root/.helm/plugins
2021-02-02T21:45:15.460344427Z stdout F Creating /root/.helm/starters
2021-02-02T21:45:15.460394823Z stdout F Creating /root/.helm/cache/archive
2021-02-02T21:45:15.460514278Z stdout F Creating /root/.helm/repository/repositories.yaml
2021-02-02T21:45:15.460522769Z stdout F Adding stable repo with URL: https://kubernetes-charts.storage.googleapis.com
2021-02-02T21:45:15.460585873Z stdout F Adding local repo with URL: http://127.0.0.1:8879/charts
2021-02-02T21:45:15.461358496Z stdout F $HELM_HOME has been configured at /root/.helm.
2021-02-02T21:45:15.46136867Z stdout F Not installing Tiller due to 'client-only' flag having been set
2021-02-02T21:45:15.462971111Z stderr F ++ jq -r '.Releases | length'
2021-02-02T21:45:15.465240575Z stderr F ++ helm_v2 ls --all '^ovpn-test$' --output json
2021-02-02T21:45:15.471242178Z stderr F [main] 2021/02/02 21:45:15 Starting Tiller v2.16.8 (tls=false)
2021-02-02T21:45:15.471270559Z stderr F [main] 2021/02/02 21:45:15 GRPC listening on 127.0.0.1:44134
2021-02-02T21:45:15.471289759Z stderr F [main] 2021/02/02 21:45:15 Probes listening on :44135
2021-02-02T21:45:15.471295144Z stderr F [main] 2021/02/02 21:45:15 Storage driver is Secret
2021-02-02T21:45:15.47129974Z stderr F [main] 2021/02/02 21:45:15 Max history per release is 0
2021-02-02T21:45:15.553812936Z stderr F [storage] 2021/02/02 21:45:15 listing all releases with filter
2021-02-02T21:45:15.572998569Z stderr F + EXIST=
2021-02-02T21:45:15.573115763Z stderr F + '[' '' == 1 ']'
2021-02-02T21:45:15.573126368Z stderr F + '[' '' == v2 ']'
2021-02-02T21:45:15.573131538Z stderr F + shopt -s nullglob
2021-02-02T21:45:15.573136487Z stderr F + helm_content_decode
2021-02-02T21:45:15.573198665Z stderr F + set -e
2021-02-02T21:45:15.573206412Z stderr F + ENC_CHART_PATH=/chart/ovpn-test.tgz.base64
2021-02-02T21:45:15.573211875Z stderr F + CHART_PATH=/ovpn-test.tgz
2021-02-02T21:45:15.573264394Z stderr F + '[' '!' -f /chart/ovpn-test.tgz.base64 ']'
2021-02-02T21:45:15.573272432Z stderr F + return
2021-02-02T21:45:15.573329266Z stderr F + '[' install '!=' delete ']'
2021-02-02T21:45:15.573339094Z stderr F + helm_repo_init
2021-02-02T21:45:15.573391725Z stderr F + grep -q -e 'https\?://'
2021-02-02T21:45:15.579098949Z stderr F + '[' helm_v3 == helm_v3 ']'
2021-02-02T21:45:15.579155168Z stderr F + [[ personal-ovpn == stable/* ]]
2021-02-02T21:45:15.579162805Z stderr F + '[' -n https://suda.github.io/charts/ ']'
2021-02-02T21:45:15.579214524Z stderr F + helm_v3 repo add ovpn-test https://suda.github.io/charts/
2021-02-02T21:45:15.80826059Z stdout F "ovpn-test" has been added to your repositories
2021-02-02T21:45:15.809719982Z stderr F + helm_v3 repo update
2021-02-02T21:45:15.847143569Z stdout F Hang tight while we grab the latest from your chart repositories...
2021-02-02T21:45:16.027848638Z stdout F ...Successfully got an update from the "ovpn-test" chart repository
2021-02-02T21:45:16.027892617Z stdout F Update Complete. ⎈ Happy Helming!⎈
2021-02-02T21:45:16.029283003Z stderr F + helm_update install --namespace test --repo https://suda.github.io/charts/ --version 0.2.1
2021-02-02T21:45:16.029427058Z stderr F + '[' helm_v3 == helm_v3 ']'
2021-02-02T21:45:16.030248021Z stderr F ++ helm_v3 ls --all-namespaces --all -f '^ovpn-test$' --output json
2021-02-02T21:45:16.031857147Z stderr F ++ tr '[:upper:]' '[:lower:]'
2021-02-02T21:45:16.03265807Z stderr F ++ jq -r '"\(.[0].app_version),\(.[0].status)"'
2021-02-02T21:45:16.111399444Z stderr F + LINE=null,null
2021-02-02T21:45:16.11224357Z stderr F ++ echo null,null
2021-02-02T21:45:16.112847348Z stderr F ++ cut -f1 -d,
2021-02-02T21:45:16.11361461Z stderr F + INSTALLED_VERSION=null
2021-02-02T21:45:16.114109339Z stderr F ++ echo null,null
2021-02-02T21:45:16.114555626Z stderr F ++ cut -f2 -d,
2021-02-02T21:45:16.115089185Z stderr F + STATUS=null
2021-02-02T21:45:16.115159057Z stderr F + VALUES=
2021-02-02T21:45:16.11526811Z stderr F + for VALUES_FILE in /config/*.yaml
2021-02-02T21:45:16.11527702Z stderr F + VALUES=' --values /config/values-01_HelmChart.yaml'
2021-02-02T21:45:16.115282485Z stderr F + '[' install = delete ']'
2021-02-02T21:45:16.115450971Z stderr F + '[' -z null ']'
2021-02-02T21:45:16.115745586Z stderr F + '[' null = deployed ']'
2021-02-02T21:45:16.116021803Z stderr F + '[' null = failed ']'
2021-02-02T21:45:16.116145788Z stderr F + '[' null = deleted ']'
2021-02-02T21:45:16.116457441Z stderr F + helm_v3 install --namespace test --repo https://suda.github.io/charts/ --version 0.2.1 ovpn-test personal-ovpn --values /config/values-01_HelmChart.yaml
2021-02-02T21:45:17.092620108Z stderr F Error: template: personal-ovpn/templates/tests/test-connection.yaml:5:23: executing "personal-ovpn/templates/tests/test-connection.yaml" at <.Values.namespace.name>: can't evaluate field name in type interface {}
The steps to create a workaround that I made, are the following:
http://mytempwebserver.mynetwork.local/charts/
.Values.namespace.name
with .Values.namespace
, within this repohelm package ./personal-ovpn-fix && mv ./personal-ovpn-0.2.2.tgz charts/
helm repo index ./charts/
.tgz
archive and index.yaml
to the webserver's directoryspec.repo
field's value with address of the temporary webserverkubectl apply -f (...)
Observation: the deployment succeeds.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.