Merge 57adf569a26a66efcad7d9f2b94cdb0de2ff54db into 7134815ce6f837f76659dc03c805233a4c24ff37

Update current project status

README.md

@@ -2,7 +2,7 @@
 
 Simple web UI to manage OpenVPN users, their certificates & routes in Linux. While backend is written in Go, frontend is based on Vue.js.
 
-Originally created in [Flant](https://flant.com/) for internal needs & used for years, then updated to be more modern and [publicly released](https://medium.com/flant-com/introducing-ovpn-admin-a-web-interface-to-manage-openvpn-users-d81705ad8f23) in March'21. Your contributions are welcome!
+Originally created in [Flant](https://flant.com/) for internal needs & used for years, then updated to be more modern and [publicly released](https://medium.com/flant-com/introducing-ovpn-admin-a-web-interface-to-manage-openvpn-users-d81705ad8f23) in March'21. Please note that the project is currently on pause, no new Issues or PRs are accepted.
 
 ***DISCLAIMER!** This project was created for experienced users (system administrators) and private (e.g., protected by network policies) environments only. Thus, it is not implemented with security in mind (e.g., it doesn't strictly check all parameters passed by users, etc.). It also relies heavily on files and fails if required files aren't available.*
 

helm/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/Chart.yaml

@@ -1,2 +1,24 @@
-name: ovpn-admin
+apiVersion: v2
-version: 1.0.0
+name: ovpn-admin-chart
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

helm/README.md

@@ -1 +0,0 @@
-helm chart example

helm/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ovpn-admin-chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ovpn-admin-chart.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ovpn-admin-chart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ovpn-admin-chart.labels" -}}
+helm.sh/chart: {{ include "ovpn-admin-chart.chart" . }}
+{{ include "ovpn-admin-chart.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ovpn-admin-chart.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ovpn-admin-chart.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ovpn-admin-chart.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "ovpn-admin-chart.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

helm/templates/deployment.yaml

@@ -1,117 +1,125 @@
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: openvpn
+  name: {{ include "ovpn-admin-chart.fullname" . }}
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
 spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
   selector:
     matchLabels:
-      app: openvpn
+      {{- include "ovpn-admin-chart.selectorLabels" . | nindent 6 }}
   template:
     metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       labels:
-        app: openvpn
+        {{- include "ovpn-admin-chart.selectorLabels" . | nindent 8 }}
     spec:
-      {{- if .Values.openvpn.nodeSelector }}
+      {{- with .Values.imagePullSecrets }}
-      nodeSelector:
+      imagePullSecrets:
-      {{- .Values.openvpn.nodeSelector | toYaml | indent 8 | printf "\n%s" }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if .Values.openvpn.tolerations }}
+      serviceAccountName: {{ include "ovpn-admin-chart.serviceAccountName" . }}
-      tolerations:
+      securityContext:
-      {{- .Values.openvpn.tolerations | toYaml | indent 8 | printf "\n%s" }}
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      {{- end }}
-      terminationGracePeriodSeconds: 0
-      serviceAccountName: openvpn
       containers:
-      - name: ovpn-admin
+        - name: openvpn
-        image: {{ .Values.ovpnAdmin.image }}
+          securityContext:
-        command:
+            {{- toYaml .Values.openvpnSecurityContext | nindent 12 }}
-        - /bin/sh
+          image: "{{ .Values.openvpn.image.repository }}:{{ .Values.openvpn.image.tag | default .Chart.AppVersion }}"
-        - -c
+          imagePullPolicy: {{ .Values.openvpn.image.pullPolicy }}
-        - /app/ovpn-admin
+          command: [ '/entrypoint.sh' ]
+          ports:
+          - name: openvpn-tcp
+            protocol: TCP
+            containerPort: 1194
+          volumeMounts:
+          - name: tmp
+            mountPath: /tmp
+          - name: dev-net
+            mountPath: /dev/net
+          - name: certs
+            mountPath: /etc/openvpn/certs
+          - name: ccd
+            mountPath: /etc/openvpn/ccd
+          - name: config
+            mountPath: /etc/openvpn/openvpn.conf
+            subPath: openvpn.conf
+            readOnly: true
+          - name: entrypoint
+            mountPath: /entrypoint.sh
+            subPath: entrypoint.sh
+            readOnly: true
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.openvpnAdminSecurityContext | nindent 12 }}
+          image: "{{ .Values.openvpnAdmin.image.repository }}:{{ .Values.openvpnAdmin.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.openvpnAdmin.image.pullPolicy }}
+          command:
+          - /bin/sh
+          - -c
+          - /app/ovpn-admin
             --storage.backend="kubernetes.secrets"
             --listen.host="0.0.0.0"
             --listen.port="8000"
             --role="master"
-            {{- if hasKey .Values.openvpn "inlet" }}
+            {{- if eq .Values.service.openvpn.connectionType "LoadBalancer" }}
-              {{- if eq .Values.openvpn.inlet "LoadBalancer" }}
             --ovpn.server.behindLB
             --ovpn.service="openvpn-external"
-              {{- end }}
             {{- end }}
             --mgmt=main="127.0.0.1:8989"
             --ccd --ccd.path="/mnt/ccd"
             --easyrsa.path="/mnt/certs"
             {{- $externalHost := "" }}
-            {{- if hasKey .Values.openvpn "inlet" }}
+            {{- if eq .Values.service.openvpn.connectionType "ExternalIP" }}{{ $externalHost = .Values.service.openvpn.externalIP }}{{- end }}
-              {{- if eq .Values.openvpn.inlet "ExternalIP" }}{{ $externalHost = .Values.openvpn.externalIP }}{{- end }}
+            {{- if ((.Values.service.openvpn).externalHost) }}{{ $externalHost = .Values.service.openvpn.externalHost }}{{- end }}
-            {{- end }}
-            {{- if hasKey .Values.openvpn "externalHost" }}{{ $externalHost = .Values.openvpn.externalHost }}{{- end }}
             {{- if ne $externalHost "" }}
             --ovpn.server="{{ $externalHost }}:{{ .Values.openvpn.externalPort | default 5416 | quote }}:tcp"
             {{- end }}
-        ports:
+          ports:
-        - name: ovpn-admin
+            - name: http
-          protocol: TCP
+              containerPort: 8000
-          containerPort: 8000
+              protocol: TCP
-        volumeMounts:
+          volumeMounts:
           - name: certs
             mountPath: /mnt/certs
           - name: ccd
             mountPath: /mnt/ccd
-      - name: openvpn
+          resources:
-        image: {{ .Values.openvpn.image }}
+            {{- toYaml .Values.resources | nindent 12 }}
-        command: [ '/entrypoint.sh' ]
-        # imagePullPolicy: Always
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            add:
-            - NET_ADMIN
-            - NET_RAW
-            - MKNOD
-            - SETGID
-            - SETUID
-            drop:
-            - ALL
-        ports:
-        - name: openvpn-tcp
-          protocol: TCP
-          containerPort: 1194
-          {{- if eq .Values.openvpn.inlet "HostPort" }}
-          hostPort: {{ .Values.openvpn.hostPort }}
-          {{- end }}
-        volumeMounts:
-        - name: tmp
-          mountPath: /tmp
-        - name: dev-net
-          mountPath: /dev/net
-        - name: certs
-          mountPath: /etc/openvpn/certs
-        - name: ccd
-          mountPath: /etc/openvpn/ccd
-        - name: config
-          mountPath: /etc/openvpn/openvpn.conf
-          subPath: openvpn.conf
-          readOnly: true
-        - name: entrypoint
-          mountPath: /entrypoint.sh
-          subPath: entrypoint.sh
-          readOnly: true
       volumes:
-      - name: tmp
+        - name: tmp
-        emptyDir: {}
+          emptyDir: {}
-      - name: dev-net
+        - name: dev-net
-        emptyDir: {}
+          emptyDir: {}
-      - name: certs
+        - name: certs
-        emptyDir: {}
+          emptyDir: {}
-      - name: ccd
+        - name: ccd
-        emptyDir: {}
+          emptyDir: {}
-      - name: config
+        - name: config
-        configMap:
+          configMap:
-          name: openvpn
+            name: openvpn
-          defaultMode: 0644
+            defaultMode: 0644
-      - name: entrypoint
+        - name: entrypoint
-        configMap:
+          configMap:
-          name: openvpn
+            name: openvpn
-          defaultMode: 0755
+            defaultMode: 0755
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

helm/templates/hpa.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "ovpn-admin-chart.fullname" . }}
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "ovpn-admin-chart.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}

helm/templates/ingress.yaml

@@ -1,39 +1,66 @@
----
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "ovpn-admin-chart.fullname" . -}}
+{{- $svcPort := .Values.openvpnAdmin.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
 kind: Ingress
 metadata:
-  name: ovpn-admin
+  name: {{ $fullName }}
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
   annotations:
-    kubernetes.io/ingress.class: nginx
+    {{- if .Values.ingress.basicAuth.enabled -}}
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
     nginx.ingress.kubernetes.io/auth-type: basic
     nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
-    nginx.ingress.kubernetes.io/auth-secret: basic-auth
+    nginx.ingress.kubernetes.io/auth-secret: {{ include "ovpn-admin-chart.fullname" . }}-basic-auth
+    {{- end -}}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
   tls:
-  - hosts:
+    {{- range .Values.ingress.tls }}
-    - {{ .Values.domain }}
+    - hosts:
-    secretName: ingress-tls
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
   rules:
-  - host: {{ .Values.domain }}
+    {{- range .Values.ingress.hosts }}
-    http:
+    - host: {{ .host | quote }}
-      paths:
+      http:
-      - path: /
+        paths:
-        pathType: Prefix
+          {{- range .paths }}
-        backend:
+          - path: {{ .path }}
-          service:
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
-            name: ovpn-admin
+            pathType: {{ .pathType }}
-            port:
+            {{- end }}
-              name: http
+            backend:
----
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
-apiVersion: cert-manager.io/v1
+              service:
-kind: Certificate
+                name: {{ $fullName }}
-metadata:
+                port:
-  name: ovpn-admin
+                  number: {{ $svcPort }}
-spec:
+              {{- else }}
-  secretName: ingress-tls
+              serviceName: {{ $fullName }}
-  dnsNames:
+              servicePort: {{ $svcPort }}
-  - {{ .Values.domain }}
+              {{- end }}
-  issuerRef:
+          {{- end }}
-    name: letsencrypt
+    {{- end }}
-    kind: ClusterIssuer
+{{- end }}

helm/templates/rbac.yaml

@@ -1,13 +1,7 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: openvpn
----
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: openvpn
+  name: {{ include "ovpn-admin-chart.serviceAccountName" . }}
 rules:
 - apiGroups:
   - ""
@@ -26,11 +20,11 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: openvpn
+  name: {{ include "ovpn-admin-chart.serviceAccountName" . }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: openvpn
+  name: {{ include "ovpn-admin-chart.serviceAccountName" . }}
 subjects:
 - kind: ServiceAccount
-  name: openvpn
+  name: {{ include "ovpn-admin-chart.serviceAccountName" . }}

helm/templates/secret.yaml

@@ -1,8 +1,10 @@
 ---
+{{- if .Values.ingress.basicAuth.enabled -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: basic-auth
+  name: {{ include "ovpn-admin-chart.fullname" . }}-basic-auth
 type: Opaque
 data:
   auth: {{ print .Values.ovpnAdmin.basicAuth.user ":{PLAIN}" .Values.ovpnAdmin.basicAuth.password | b64enc | quote }}
+{{- end -}}

helm/templates/service.yaml

@@ -1,57 +1,56 @@
----
 apiVersion: v1
 kind: Service
 metadata:
-  name: ovpn-admin
+  name: {{ include "ovpn-admin-chart.fullname" . }}
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
 spec:
-  clusterIP: None
+  type: {{ .Values.service.openvpnAdmin.type }}
   ports:
-  - name: http
+    - port: {{ .Values.service.openvpnAdmin.port }}
-    port: 8000
+      targetPort: http
-    protocol: TCP
+      protocol: TCP
-    targetPort: 8000
+      name: http
   selector:
-    app: openvpn
+    {{- include "ovpn-admin-chart.selectorLabels" . | nindent 4 }}
----
-{{- if hasKey .Values.openvpn "inlet" }}
 
-  {{- if eq .Values.openvpn.inlet "LoadBalancer" }}
+{{- if eq .Values.service.openvpn.connectionType "LoadBalancer"}}
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: openvpn-external
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
 spec:
   externalTrafficPolicy: Local
-  type: LoadBalancer
+  type: {{ .Values.service.openvpn.type }}
   ports:
-    - name: openvpn-tcp
+    - port: {{ .Values.service.openvpn.port }}
-      protocol: TCP
-      port: {{ .Values.openvpn.externalPort | default 1194 }}
       targetPort: openvpn-tcp
+      protocol: TCP
+      name: openvpn-tcp
   selector:
-    app: openvpn
+    {{- include "ovpn-admin-chart.selectorLabels" . | nindent 4 }}
-  {{- else if eq .Values.openvpn.inlet "ExternalIP" }}
+
+{{- else if eq .Values.service.openvpn.connectionType "ExternalIP" }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: openvpn-external
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
 spec:
+  externalTrafficPolicy: Local
   type: ClusterIP
   externalIPs:
-  - {{ .Values.openvpn.externalIP }}
+  - {{ .Values.service.openvpn.externalIP }}
   ports:
-  - name: openvpn-tcp
+    - port: {{ .Values.service.openvpn.externalPort }}
-    port: {{ .Values.openvpn.externalPort | default 1194 }}
+      targetPort: openvpn-tcp
-    protocol: TCP
+      protocol: TCP
-    targetPort: openvpn-tcp
+      name: openvpn-tcp
   selector:
-    app: openvpn
+    {{- include "ovpn-admin-chart.selectorLabels" . | nindent 4 }}
-  {{- else if eq .Values.openvpn.inlet "HostPort" }}
+{{- end -}}
----
-  {{- else }}
-    {{- cat "Unsupported inlet type" .inlet | fail }}
-  {{- end }}
-
-{{- end }}

helm/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ovpn-admin-chart.serviceAccountName" . }}
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

helm/values.yaml

@@ -1,26 +1,109 @@
-domain: changeme
+# Default values for ovpn-admin-chart.
-ovpnAdmin:
+# This is a YAML-formatted file.
-  image: changeme
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+openvpnAdmin:
+  image:
+    repository: changeme
+    pullPolicy: IfNotPresent
+    tag: ""
+
+openvpn:
+  subnet: 172.16.200.0/255.255.255.0
+  image:
+    repository: changeme
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+openvpnSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      add:
+      - NET_ADMIN
+      - NET_RAW
+      - MKNOD
+      - SETGID
+      - SETUID
+      drop:
+      - ALL
+
+openvpnAdminSecurityContext: {}
+
+
+service:
+  openvpn:
+    connectionType: ExternalIP # Choose what type of connection you want ClusterIP / LoadBalancer / ExternalIP
+    #externalHost: 1.2.3.4
+    externalIP: 1.2.3.4
+    externalPort: 2234
+    type: ClusterIP
+    port: 1194
+  openvpnAdmin:
+    type: ClusterIP
+    port: 8000
+
+ingress:
+  enabled: false
+  className: ""
   basicAuth:
+    enabled: false
     user: admin
     password: changeme
-openvpn:
+  annotations: {}
-  image: changeme
+    # kubernetes.io/ingress.class: nginx
-  subnet: 172.16.200.0/255.255.255.0
+    # kubernetes.io/tls-acme: "true"
-  # nodeSelector:
+  hosts:
-  #   node-role.kubernetes.io/master: ""
+    - host: chart-example.local
-  # tolerations:
+      paths:
-  # - effect: NoSchedule
+        - path: /
-  #   key: node-role.kubernetes.io/master
+          pathType: ImplementationSpecific
-  #
+  tls: []
-  # // LoadBalancer or ExternalIP or HostPort
+  #  - secretName: chart-example-tls
-  inlet: HostPort
+  #    hosts:
-  #
+  #      - chart-example.local
-  # If inlet: ExternalIP
+
-  # externalIP: 1.2.3.4
+resources: {}
-  # externalPort: 1194
+  # We usually recommend not to specify default resources and to leave this as a conscious
-  #
+  # choice for the user. This also increases chances charts run on environments with little
-  # If inlet: HostPort
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  hostPort: 1194
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # Domain or ip for connect to OpenVPN server
+  # limits:
-  # externalHost: 1.2.3.4
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}