From 54d91f5afee8bb452f6e3a90dfce48325ef0ffb5 Mon Sep 17 00:00:00 2001 From: Gabe Cook Date: Sat, 22 Apr 2023 18:05:04 -0500 Subject: [PATCH] :sparkles: (headscale): Add ACL policy ConfigMap (see #126) --- charts/headscale/Chart.yaml | 6 +++--- charts/headscale/README.md | 6 ++++-- charts/headscale/templates/common.yaml | 13 +++++++++++++ charts/headscale/values.yaml | 8 ++++++++ 4 files changed, 28 insertions(+), 5 deletions(-) diff --git a/charts/headscale/Chart.yaml b/charts/headscale/Chart.yaml index 27acc3ab6..ca4db1dfc 100644 --- a/charts/headscale/Chart.yaml +++ b/charts/headscale/Chart.yaml @@ -4,7 +4,7 @@ description: An open source, self-hosted implementation of the Tailscale control home: https://charts.gabe565.com/charts/headscale/ icon: https://raw.githubusercontent.com/juanfont/headscale/56a7b1e34952c3e0306a134b2be9b4277f5d8d6e/docs/logo/headscale3-dots.svg type: application -version: 0.11.0 +version: 0.11.1 # renovate datasource=docker depName=ghcr.io/juanfont/headscale appVersion: 0.22.1 kubeVersion: ">=1.22.0-0" @@ -25,8 +25,8 @@ sources: - https://github.com/juanfont/headscale annotations: artifacthub.io/changes: |- - - kind: changed - description: Update ghcr.io/juanfont/headscale Docker tag to v0.22.1 + - kind: added + description: Add ACL policy ConfigMap artifacthub.io/links: |- - name: App Source url: https://github.com/juanfont/headscale diff --git a/charts/headscale/README.md b/charts/headscale/README.md index 0ac761183..537f2807c 100644 --- a/charts/headscale/README.md +++ b/charts/headscale/README.md @@ -2,7 +2,7 @@ headscale logo -![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat) +![Version: 0.11.1](https://img.shields.io/badge/Version-0.11.1-informational?style=flat) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat) ![AppVersion: 0.22.1](https://img.shields.io/badge/AppVersion-0.22.1-informational?style=flat) @@ -11,7 +11,7 @@ An open source, self-hosted implementation of the Tailscale control server. **Homepage:** **This chart is not maintained by the upstream project and any issues with the chart should be raised -[here](https://github.com/gabe565/charts/issues/new?assignees=gabe565&labels=bug&template=bug_report.yaml&name=headscale&version=0.11.0)** +[here](https://github.com/gabe565/charts/issues/new?assignees=gabe565&labels=bug&template=bug_report.yaml&name=headscale&version=0.11.1)** ## Source Code @@ -143,6 +143,8 @@ Once deployed, the UI will be available at `/web`. | Key | Type | Default | Description | |-----|------|---------|-------------| +| configMaps.acl.data.policy | string | `nil` | ACL policy JSON [[ref]](https://tailscale.com/kb/1018/acls/) | +| configMaps.acl.enabled | bool | `false` | Enables ACL policy | | env | object | See [values.yaml](./values.yaml) | Environment variables. [[ref]](https://github.com/juanfont/headscale/blob/main/config-example.yaml) | | env.HEADSCALE_DNS_CONFIG_BASE_DOMAIN | string | `"example.com"` | Defines the base domain to create the hostnames for MagicDNS. `base_domain` must be a FQDNs, without the trailing dot. The FQDN of the hosts will be `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_). | | image.pullPolicy | string | `"IfNotPresent"` | image pull policy | diff --git a/charts/headscale/templates/common.yaml b/charts/headscale/templates/common.yaml index 236a0fc6e..45199acb1 100644 --- a/charts/headscale/templates/common.yaml +++ b/charts/headscale/templates/common.yaml @@ -78,6 +78,19 @@ env: HEADSCALE_DB_PATH: "{{ $.Values.persistence.config.mountPath }}/db.sqlite" {{- end }} {{- end }} + +{{- with .Values.configMaps.acl }} +{{- if .enabled }} + HEADSCALE_ACL_POLICY_PATH: /acl/{{ keys .data | first }} + +persistence: + acl: + enabled: true + type: configMap + name: {{ include "bjw-s.common.lib.chart.names.fullname" $ }}-acl + +{{- end }} +{{- end }} {{- end -}} {{- $_ := merge .Values (include "headscale.harcodedValues" . | fromYaml) -}} diff --git a/charts/headscale/values.yaml b/charts/headscale/values.yaml index 3a3d2b0a0..2b6c10697 100644 --- a/charts/headscale/values.yaml +++ b/charts/headscale/values.yaml @@ -52,6 +52,14 @@ ingress: # hosts: # - chart-example.local +configMaps: + acl: + # -- Enables ACL policy + enabled: false + data: + # -- ACL policy JSON [[ref]](https://tailscale.com/kb/1018/acls/) + policy: + persistence: # -- Configure persistence settings for the chart under this key. # @default -- See [values.yaml](./values.yaml)