This chart deploys Nebula on Kubernetes nodes as a DaemonSet. This can allow a private cluster to be reachable by users, or can allow the Kube Api Server to talk to normally unroutable Kubelets.
- This currently does not deploy lighthouses
- All cert mangement must be done out of band
- Helm 3
- Kubernetes 1.18+
helm install --create-namespace --namespace nebula-system nebula chart/nebulaThe initial configuration does not setup any nodes. You will need to configure your node CA certs, private keys and public keys.
To do this, create a values-override.yaml and configure the following:
Add the following sections to your config file.
# Lighthouse IP to public IPs
staticHostMap:
192.168.200.1: ["henry.dev:4242"]
ca:
public: |
-----BEGIN NEBULA CERTIFICATE-----
YOUR NEBULA CA PUBLIC KEY HERE
-----END NEBULA CERTIFICATE-----For each Kubelet you wish to add to the cluster, you will need to create a keypair and set that in your configuration file.
nodes:
- name: worker-1
public: |
-----BEGIN NEBULA CERTIFICATE-----
YOUR CLIENT PUBLIC KEY HERE
-----END NEBULA CERTIFICATE-----
private: |
-----BEGIN NEBULA X25519 PRIVATE KEY-----
YOUR CLIENT PUBLIC KEY HERE
-----END NEBULA X25519 PRIVATE KEY-----Each time you update the configuration file, you will need to upgrade your chart release.
helm upgrade --namespace nebula-system nebula -f values-override.yaml chart/nebula