Merge 57adf569a26a66efcad7d9f2b94cdb0de2ff54db into a7aab7cb6ae42c58b9b21fd0659c58cbaa68ce2f

Signed-off-by: Dmitry Shurupov <dmitry.shurupov@palark.com>

README.md

@@ -2,8 +2,6 @@
 
 Simple web UI to manage OpenVPN users, their certificates & routes in Linux. While backend is written in Go, frontend is based on Vue.js.
 
-Originally created in [Flant](https://flant.com/) for internal needs & used for years, then updated to be more modern and [publicly released](https://medium.com/flant-com/introducing-ovpn-admin-a-web-interface-to-manage-openvpn-users-d81705ad8f23) in March'21. Please note that the project is currently on pause, no new Issues or PRs are accepted.
-
 ***DISCLAIMER!** This project was created for experienced users (system administrators) and private (e.g., protected by network policies) environments only. Thus, it is not implemented with security in mind (e.g., it doesn't strictly check all parameters passed by users, etc.). It also relies heavily on files and fails if required files aren't available.*
 
 ## Features
@@ -21,16 +19,16 @@ Originally created in [Flant](https://flant.com/) for internal needs & used for
 ### Screenshots
 
 Managing users in ovpn-admin:
-![ovpn-admin UI](https://raw.githubusercontent.com/flant/ovpn-admin/master/img/ovpn-admin-users.png)
+![ovpn-admin UI](https://raw.githubusercontent.com/palark/ovpn-admin/master/img/ovpn-admin-users.png)
 
 An example of dashboard made using ovpn-admin metrics:
-![ovpn-admin metrics](https://raw.githubusercontent.com/flant/ovpn-admin/master/img/ovpn-admin-metrics.png)
+![ovpn-admin metrics](https://raw.githubusercontent.com/palark/ovpn-admin/master/img/ovpn-admin-metrics.png)
 
 ## Installation
 
 ### 1. Docker
 
-There is a ready-to-use [docker-compose.yaml](https://github.com/flant/ovpn-admin/blob/master/docker-compose.yaml), so you can just change/add values you need and start it with [start.sh](https://github.com/flant/ovpn-admin/blob/master/start.sh).
+There is a ready-to-use [docker-compose.yaml](https://github.com/palark/ovpn-admin/blob/master/docker-compose.yaml), so you can just change/add values you need and start it with [start.sh](https://github.com/palark/ovpn-admin/blob/master/start.sh).
 
 Requirements:
 You need [Docker](https://docs.docker.com/get-docker/) and [docker-compose](https://docs.docker.com/compose/install/) installed.
@@ -38,7 +36,7 @@ You need [Docker](https://docs.docker.com/get-docker/) and [docker-compose](http
 Commands to execute:
 
 ```bash
-git clone https://github.com/flant/ovpn-admin.git
+git clone https://github.com/palark/ovpn-admin.git
 cd ovpn-admin
 ./start.sh
 ```
@@ -56,7 +54,7 @@ Requirements. You need Linux with the following components installed:
 Commands to execute:
 
 ```bash
-git clone https://github.com/flant/ovpn-admin.git
+git clone https://github.com/palark/ovpn-admin.git
 cd ovpn-admin
 ./bootstrap.sh
 ./build.sh
@@ -67,7 +65,7 @@ cd ovpn-admin
 
 ### 3. Prebuilt binary
 
-You can also download and use prebuilt binaries from the [releases](https://github.com/flant/ovpn-admin/releases/latest) page — just choose a relevant tar.gz file.
+You can also download and use prebuilt binaries from the [releases](https://github.com/palark/ovpn-admin/releases/latest) page — just choose a relevant tar.gz file.
 
 
 ## Notes
@@ -172,6 +170,11 @@ Flags:
   --version                    show application version
 ```
 
-## Further information
+## Authors
 
-Please feel free to use [issues](https://github.com/flant/ovpn-admin/issues) and [discussions](https://github.com/flant/ovpn-admin/discussions) to get help from maintainers & community.
+ovpn-admin was originally created in [Flant](https://github.com/flant/) and used internally for years.
+
+In March 2021, it [went public](https://medium.com/flant-com/introducing-ovpn-admin-a-web-interface-to-manage-openvpn-users-d81705ad8f23) and was still developed in Flant.
+Namely, [@vitaliy-sn](https://github.com/vitaliy-sn) created its first version in Python, and [@pashcovich](https://github.com/pashcovich) rewrote it in Go.
+
+In November 2024, this project was moved to [Palark](https://github.com/palark/), which is currently responsible for its maintenance and development.

helm/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm/Chart.yaml

@@ -1,2 +1,24 @@
-name: ovpn-admin
+apiVersion: v2
-version: 1.0.0
+name: ovpn-admin-chart
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

helm/README.md

@@ -1 +0,0 @@
-helm chart example

helm/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ovpn-admin-chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ovpn-admin-chart.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ovpn-admin-chart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "ovpn-admin-chart.labels" -}}
+helm.sh/chart: {{ include "ovpn-admin-chart.chart" . }}
+{{ include "ovpn-admin-chart.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ovpn-admin-chart.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ovpn-admin-chart.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ovpn-admin-chart.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "ovpn-admin-chart.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

helm/templates/deployment.yaml

@@ -1,86 +1,43 @@
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: openvpn
+  name: {{ include "ovpn-admin-chart.fullname" . }}
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
 spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
   selector:
     matchLabels:
-      app: openvpn
+      {{- include "ovpn-admin-chart.selectorLabels" . | nindent 6 }}
   template:
     metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       labels:
-        app: openvpn
+        {{- include "ovpn-admin-chart.selectorLabels" . | nindent 8 }}
     spec:
-      {{- if .Values.openvpn.nodeSelector }}
+      {{- with .Values.imagePullSecrets }}
-      nodeSelector:
+      imagePullSecrets:
-      {{- .Values.openvpn.nodeSelector | toYaml | indent 8 | printf "\n%s" }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- if .Values.openvpn.tolerations }}
+      serviceAccountName: {{ include "ovpn-admin-chart.serviceAccountName" . }}
-      tolerations:
-      {{- .Values.openvpn.tolerations | toYaml | indent 8 | printf "\n%s" }}
-      {{- end }}
-      terminationGracePeriodSeconds: 0
-      serviceAccountName: openvpn
-      containers:
-      - name: ovpn-admin
-        image: {{ .Values.ovpnAdmin.image }}
-        command:
-        - /bin/sh
-        - -c
-        - /app/ovpn-admin
-            --storage.backend="kubernetes.secrets"
-            --listen.host="0.0.0.0"
-            --listen.port="8000"
-            --role="master"
-            {{- if hasKey .Values.openvpn "inlet" }}
-              {{- if eq .Values.openvpn.inlet "LoadBalancer" }}
-            --ovpn.server.behindLB
-            --ovpn.service="openvpn-external"
-              {{- end }}
-            {{- end }}
-            --mgmt=main="127.0.0.1:8989"
-            --ccd --ccd.path="/mnt/ccd"
-            --easyrsa.path="/mnt/certs"
-            {{- $externalHost := "" }}
-            {{- if hasKey .Values.openvpn "inlet" }}
-              {{- if eq .Values.openvpn.inlet "ExternalIP" }}{{ $externalHost = .Values.openvpn.externalIP }}{{- end }}
-            {{- end }}
-            {{- if hasKey .Values.openvpn "externalHost" }}{{ $externalHost = .Values.openvpn.externalHost }}{{- end }}
-            {{- if ne $externalHost "" }}
-            --ovpn.server="{{ $externalHost }}:{{ .Values.openvpn.externalPort | default 5416 | quote }}:tcp"
-            {{- end }}
-        ports:
-        - name: ovpn-admin
-          protocol: TCP
-          containerPort: 8000
-        volumeMounts:
-          - name: certs
-            mountPath: /mnt/certs
-          - name: ccd
-            mountPath: /mnt/ccd
-      - name: openvpn
-        image: {{ .Values.openvpn.image }}
-        command: [ '/entrypoint.sh' ]
-        # imagePullPolicy: Always
       securityContext:
-          allowPrivilegeEscalation: false
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-          capabilities:
+      containers:
-            add:
+        - name: openvpn
-            - NET_ADMIN
+          securityContext:
-            - NET_RAW
+            {{- toYaml .Values.openvpnSecurityContext | nindent 12 }}
-            - MKNOD
+          image: "{{ .Values.openvpn.image.repository }}:{{ .Values.openvpn.image.tag | default .Chart.AppVersion }}"
-            - SETGID
+          imagePullPolicy: {{ .Values.openvpn.image.pullPolicy }}
-            - SETUID
+          command: [ '/entrypoint.sh' ]
-            drop:
-            - ALL
           ports:
           - name: openvpn-tcp
             protocol: TCP
             containerPort: 1194
-          {{- if eq .Values.openvpn.inlet "HostPort" }}
-          hostPort: {{ .Values.openvpn.hostPort }}
-          {{- end }}
           volumeMounts:
           - name: tmp
             mountPath: /tmp
@@ -98,6 +55,45 @@ spec:
             mountPath: /entrypoint.sh
             subPath: entrypoint.sh
             readOnly: true
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.openvpnAdminSecurityContext | nindent 12 }}
+          image: "{{ .Values.openvpnAdmin.image.repository }}:{{ .Values.openvpnAdmin.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.openvpnAdmin.image.pullPolicy }}
+          command:
+          - /bin/sh
+          - -c
+          - /app/ovpn-admin
+            --storage.backend="kubernetes.secrets"
+            --listen.host="0.0.0.0"
+            --listen.port="8000"
+            --role="master"
+            {{- if eq .Values.service.openvpn.connectionType "LoadBalancer" }}
+            --ovpn.server.behindLB
+            --ovpn.service="openvpn-external"
+            {{- end }}
+            --mgmt=main="127.0.0.1:8989"
+            --ccd --ccd.path="/mnt/ccd"
+            --easyrsa.path="/mnt/certs"
+            {{- $externalHost := "" }}
+            {{- if eq .Values.service.openvpn.connectionType "ExternalIP" }}{{ $externalHost = .Values.service.openvpn.externalIP }}{{- end }}
+            {{- if ((.Values.service.openvpn).externalHost) }}{{ $externalHost = .Values.service.openvpn.externalHost }}{{- end }}
+            {{- if ne $externalHost "" }}
+            --ovpn.server="{{ $externalHost }}:{{ .Values.openvpn.externalPort | default 5416 | quote }}:tcp"
+            {{- end }}
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          volumeMounts:
+          - name: certs
+            mountPath: /mnt/certs
+          - name: ccd
+            mountPath: /mnt/ccd
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
       volumes:
         - name: tmp
           emptyDir: {}
@@ -115,3 +111,15 @@ spec:
           configMap:
             name: openvpn
             defaultMode: 0755
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

helm/templates/hpa.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "ovpn-admin-chart.fullname" . }}
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "ovpn-admin-chart.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}

helm/templates/ingress.yaml

@@ -1,39 +1,66 @@
----
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "ovpn-admin-chart.fullname" . -}}
+{{- $svcPort := .Values.openvpnAdmin.service.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
 kind: Ingress
 metadata:
-  name: ovpn-admin
+  name: {{ $fullName }}
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
   annotations:
-    kubernetes.io/ingress.class: nginx
+    {{- if .Values.ingress.basicAuth.enabled -}}
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
     nginx.ingress.kubernetes.io/auth-type: basic
     nginx.ingress.kubernetes.io/auth-realm: "Authentication Required"
-    nginx.ingress.kubernetes.io/auth-secret: basic-auth
+    nginx.ingress.kubernetes.io/auth-secret: {{ include "ovpn-admin-chart.fullname" . }}-basic-auth
+    {{- end -}}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
 spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
   tls:
+    {{- range .Values.ingress.tls }}
     - hosts:
-    - {{ .Values.domain }}
+        {{- range .hosts }}
-    secretName: ingress-tls
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
   rules:
-  - host: {{ .Values.domain }}
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
       http:
         paths:
-      - path: /
+          {{- range .paths }}
-        pathType: Prefix
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
             backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
               service:
-            name: ovpn-admin
+                name: {{ $fullName }}
                 port:
-              name: http
+                  number: {{ $svcPort }}
----
+              {{- else }}
-apiVersion: cert-manager.io/v1
+              serviceName: {{ $fullName }}
-kind: Certificate
+              servicePort: {{ $svcPort }}
-metadata:
+              {{- end }}
-  name: ovpn-admin
+          {{- end }}
-spec:
+    {{- end }}
-  secretName: ingress-tls
+{{- end }}
-  dnsNames:
-  - {{ .Values.domain }}
-  issuerRef:
-    name: letsencrypt
-    kind: ClusterIssuer

helm/templates/rbac.yaml

@@ -1,13 +1,7 @@
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: openvpn
----
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: openvpn
+  name: {{ include "ovpn-admin-chart.serviceAccountName" . }}
 rules:
 - apiGroups:
   - ""
@@ -26,11 +20,11 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: openvpn
+  name: {{ include "ovpn-admin-chart.serviceAccountName" . }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: openvpn
+  name: {{ include "ovpn-admin-chart.serviceAccountName" . }}
 subjects:
 - kind: ServiceAccount
-  name: openvpn
+  name: {{ include "ovpn-admin-chart.serviceAccountName" . }}

helm/templates/secret.yaml

@@ -1,8 +1,10 @@
 ---
+{{- if .Values.ingress.basicAuth.enabled -}}
 apiVersion: v1
 kind: Secret
 metadata:
-  name: basic-auth
+  name: {{ include "ovpn-admin-chart.fullname" . }}-basic-auth
 type: Opaque
 data:
   auth: {{ print .Values.ovpnAdmin.basicAuth.user ":{PLAIN}" .Values.ovpnAdmin.basicAuth.password | b64enc | quote }}
+{{- end -}}

helm/templates/service.yaml

@@ -1,57 +1,56 @@
----
 apiVersion: v1
 kind: Service
 metadata:
-  name: ovpn-admin
+  name: {{ include "ovpn-admin-chart.fullname" . }}
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
 spec:
-  clusterIP: None
+  type: {{ .Values.service.openvpnAdmin.type }}
   ports:
-  - name: http
+    - port: {{ .Values.service.openvpnAdmin.port }}
-    port: 8000
+      targetPort: http
       protocol: TCP
-    targetPort: 8000
+      name: http
   selector:
-    app: openvpn
+    {{- include "ovpn-admin-chart.selectorLabels" . | nindent 4 }}
----
-{{- if hasKey .Values.openvpn "inlet" }}
 
-  {{- if eq .Values.openvpn.inlet "LoadBalancer" }}
+{{- if eq .Values.service.openvpn.connectionType "LoadBalancer"}}
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: openvpn-external
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
 spec:
   externalTrafficPolicy: Local
-  type: LoadBalancer
+  type: {{ .Values.service.openvpn.type }}
   ports:
-    - name: openvpn-tcp
+    - port: {{ .Values.service.openvpn.port }}
-      protocol: TCP
-      port: {{ .Values.openvpn.externalPort | default 1194 }}
       targetPort: openvpn-tcp
+      protocol: TCP
+      name: openvpn-tcp
   selector:
-    app: openvpn
+    {{- include "ovpn-admin-chart.selectorLabels" . | nindent 4 }}
-  {{- else if eq .Values.openvpn.inlet "ExternalIP" }}
+
+{{- else if eq .Values.service.openvpn.connectionType "ExternalIP" }}
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: openvpn-external
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
 spec:
+  externalTrafficPolicy: Local
   type: ClusterIP
   externalIPs:
-  - {{ .Values.openvpn.externalIP }}
+  - {{ .Values.service.openvpn.externalIP }}
   ports:
-  - name: openvpn-tcp
+    - port: {{ .Values.service.openvpn.externalPort }}
-    port: {{ .Values.openvpn.externalPort | default 1194 }}
-    protocol: TCP
       targetPort: openvpn-tcp
+      protocol: TCP
+      name: openvpn-tcp
   selector:
-    app: openvpn
+    {{- include "ovpn-admin-chart.selectorLabels" . | nindent 4 }}
-  {{- else if eq .Values.openvpn.inlet "HostPort" }}
+{{- end -}}
----
-  {{- else }}
-    {{- cat "Unsupported inlet type" .inlet | fail }}
-  {{- end }}
-
-{{- end }}

helm/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ovpn-admin-chart.serviceAccountName" . }}
+  labels:
+    {{- include "ovpn-admin-chart.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

helm/values.yaml

@@ -1,26 +1,109 @@
-domain: changeme
+# Default values for ovpn-admin-chart.
-ovpnAdmin:
+# This is a YAML-formatted file.
-  image: changeme
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+openvpnAdmin:
+  image:
+    repository: changeme
+    pullPolicy: IfNotPresent
+    tag: ""
+
+openvpn:
+  subnet: 172.16.200.0/255.255.255.0
+  image:
+    repository: changeme
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+openvpnSecurityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      add:
+      - NET_ADMIN
+      - NET_RAW
+      - MKNOD
+      - SETGID
+      - SETUID
+      drop:
+      - ALL
+
+openvpnAdminSecurityContext: {}
+
+
+service:
+  openvpn:
+    connectionType: ExternalIP # Choose what type of connection you want ClusterIP / LoadBalancer / ExternalIP
+    #externalHost: 1.2.3.4
+    externalIP: 1.2.3.4
+    externalPort: 2234
+    type: ClusterIP
+    port: 1194
+  openvpnAdmin:
+    type: ClusterIP
+    port: 8000
+
+ingress:
+  enabled: false
+  className: ""
   basicAuth:
+    enabled: false
     user: admin
     password: changeme
-openvpn:
+  annotations: {}
-  image: changeme
+    # kubernetes.io/ingress.class: nginx
-  subnet: 172.16.200.0/255.255.255.0
+    # kubernetes.io/tls-acme: "true"
-  # nodeSelector:
+  hosts:
-  #   node-role.kubernetes.io/master: ""
+    - host: chart-example.local
-  # tolerations:
+      paths:
-  # - effect: NoSchedule
+        - path: /
-  #   key: node-role.kubernetes.io/master
+          pathType: ImplementationSpecific
-  #
+  tls: []
-  # // LoadBalancer or ExternalIP or HostPort
+  #  - secretName: chart-example-tls
-  inlet: HostPort
+  #    hosts:
-  #
+  #      - chart-example.local
-  # If inlet: ExternalIP
+
-  # externalIP: 1.2.3.4
+resources: {}
-  # externalPort: 1194
+  # We usually recommend not to specify default resources and to leave this as a conscious
-  #
+  # choice for the user. This also increases chances charts run on environments with little
-  # If inlet: HostPort
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  hostPort: 1194
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # Domain or ip for connect to OpenVPN server
+  # limits:
-  # externalHost: 1.2.3.4
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}