allanger/container-openvpn
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Activity

Fix the chart and add basic tests

Browse Source
This commit is contained in:
Nikolai Rodionov
2023-10-23 07:51:38 +02:00
parent 22338d31aa
commit caba35b2ce
4 changed files with 224 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
helm/Chart.yaml
View File

@@ -3,8 +3,8 @@ apiVersion: v2
name: openvpn
description: A Helm chart for deploying OpenVPN
type: application
version: 1.0.6
appVersion: "2.6.5"
version: 1.0.7
appVersion: 2.6.5
sources:
- https://git.badhouseplants.net/allanger/container-openvpn-xor

15
helm/templates/deployment.yaml
View File

@@ -39,7 +39,6 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
@@ -48,8 +47,10 @@ spec:
- mountPath: /scripts
name: pki-scripts
env:
- name: OVPN_SERVER
value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}"
- name: OVPN_SERVER
value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}"
- name: OPENVPN
value: "/etc/openvpn"
securityContext:
capabilities:
add:
@@ -60,6 +61,7 @@ spec:
# ----------------------------------------------------------------------
- name: 0-ovpn-genconfig
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- mountPath: "/etc/openvpn"
name: pvc-openvpn
@@ -67,7 +69,9 @@ spec:
- name: OVPN_SERVER_URL
value: "{{ .Values.openvpn.proto }}://{{ .Values.openvpn.host }}:{{ .Values.openvpn.port }}"
- name: OVPN_DATA
value: "/etc/openvpn"
value: "/etc/openvpn"
- name: OPENVPN
value: "/etc/openvpn"
command:
- sh
- -c
@@ -76,6 +80,8 @@ spec:
env:
- name: OVPN_DATA
value: /etc/openvpn
- name: OPENVPN
value: "/etc/openvpn"
- name: EASYRSA_REQ_CN
value: {{ .Values.easyrsa.cn }}
- name: EASYRSA_REQ_COUNTRY
@@ -104,6 +110,7 @@ spec:
- mountPath: /scripts
name: pki-scripts
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bash
- /scripts/init_pki.sh

197
helm/templates/tests/test-connection.yaml
View File

@@ -1,15 +1,200 @@
{{- $version := semver .Capabilities.KubeVersion.Version }}
{{- if .Values.tests.enabled }}
# ---------------------------------------------------------------------
# -- Test that CRDs are installed
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test-script
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "6"
data:
get_config.sh: |-
#!/bin/bash
kubectl rollout status deployment/{{ include "openvpn-chart.fullname" . }}
kubectl exec deployment/{{ include "openvpn-chart.fullname" . }} -- ovpn_genclientcert test nopass
kubectl exec deployment/{{ include "openvpn-chart.fullname" . }} -- ovpn_getclient test > /data/test.ovpn
test_connection.sh : |-
sed -i "s/127.0.0.1/{{ include "openvpn-chart.fullname" . }}/g" /data/test.ovpn
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 600 /dev/net/tun
openvpn --config /data/test.ovpn --daemon --log-append /tmp/ovpnlog
tail -n0 -f /tmp/ovpnlog | sed '/Initialization Sequence Completed/ q'
---
# ---------------------------------------------------------------------
# -- Prepare roles and bindings to access k8s resources from the test
# ---------------------------------------------------------------------
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test-role
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "1"
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "1"
automountServiceAccountToken: true
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-rb
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "1"
subjects:
- kind: ServiceAccount
name: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "openvpn-chart.fullname" . }}-test-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "7"
labels:
{{- include "openvpn-chart.labels" . | nindent 4 }}
spec:
storageClassName: {{ .Values.storage.class }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 512Mi
---
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "openvpn-chart.fullname" . }}-test-connection"
name: {{ include "openvpn-chart.fullname" . }}-test
labels:
{{- include "openvpn-chart.labels" . | nindent 4 }}
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "7"
spec:
serviceAccountName: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa
automountServiceAccountToken: true
volumes:
- name: test-script
configMap:
name: {{ include "openvpn-chart.fullname" . }}-test-script
- name: data
persistentVolumeClaim:
claimName: {{ include "openvpn-chart.fullname" . }}-test
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "openvpn-chart.fullname" . }}:{{ .Values.service.port }}']
- name: tester
image: alpine/k8s:{{ $version.Major }}.{{ $version.Minor }}.{{ $version.Patch }}
volumeMounts:
- name: test-script
readOnly: true
mountPath: /get_config.sh
subPath: get_config.sh
- name: data
readOnly: false
mountPath: /data
command:
- bash
args:
- -e
- /get_config.sh
restartPolicy: Never
---
apiVersion: v1
kind: Pod
metadata:
name: {{ include "openvpn-chart.fullname" . }}-test-connection
labels:
{{- include "openvpn-chart.selectorLabels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
{{- if .Values.tests.cleanup }}
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
{{- end }}
"helm.sh/hook-weight": "7"
spec:
serviceAccountName: {{ include "openvpn-chart.fullname" . }}-gsql-dbin-sa
automountServiceAccountToken: true
volumes:
- name: data
persistentVolumeClaim:
claimName: {{ include "openvpn-chart.fullname" . }}-test
- name: test-script
configMap:
name: {{ include "openvpn-chart.fullname" . }}-test-script
containers:
- name: tester
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: data
readOnly: false
mountPath: /data
- name: test-script
readOnly: true
mountPath: /test_connection.sh
subPath: test_connection.sh
command:
- bash
args:
- -e
- /test_connection.sh
securityContext:
capabilities:
add:
- NET_ADMIN
restartPolicy: Never
{{- end }}

27
helm/values.yaml
View File

@@ -1,19 +1,27 @@
# Default values for openvpn-chart.
image:
repository: git.badhouseplants.net/allanger/container-openvpn
pullPolicy: IfNotPresent
# repository: git.badhouseplants.net/allanger/container-openvpn
repository: openvpn
pullPolicy: Never
# -------------------------------------------
# -- TODO: Switch to proper versions
# -------------------------------------------
tag: v2.6.6
# tag: v2.6.6
tag: latest
# -----------------------------
# -- Open VPN configuration
# -----------------------------
openvpn:
proto: udp
proto: tcp
host: 127.0.0.1
port: 1194
# ---------------------------------------
# -- Deploy OpenVPN admin
# -- https://github.com/flant/ovpn-admin
# ---------------------------------------
openvpn_admin:
enabled: true
# -----------------------------
# -- Easy RSA configuration
# -----------------------------
@@ -35,7 +43,7 @@ imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
storage:
class: microk8s-hostpath
class: local-path
size: 1Gi
serviceAccount:
# Specifies whether a service account should be created
@@ -60,8 +68,9 @@ securityContext: {}
# runAsUser: 1000
service:
type: LoadBalancer
type: ClusterIP
port: 1194
protocol: TCP
resources: {}
@@ -74,7 +83,7 @@ resources: {}
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# memory: 128Mi
autoscaling:
enabled: false
@@ -88,3 +97,7 @@ nodeSelector: {}
tolerations: []
affinity: {}
tests:
enabled: true
cleanup: true