Skip to content

Commit

Permalink
Headscale v0.23.0 (#326)
Browse files Browse the repository at this point in the history
  • Loading branch information
Gerrit91 authored Sep 30, 2024
1 parent 8dc6a8a commit c5939ca
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 16 deletions.
6 changes: 3 additions & 3 deletions control-plane/roles/headscale/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,19 @@ If you want to rotate the API key, you need to delete the `headscale-api-key` se
The role should take the same variables as the wrapped role, but prefixed with `headscale_db_` instead of `postgres_`.

| Name | Mandatory | Description |
|------------------------------------------------|-----------|-------------------------------------------------------------|
| ---------------------------------------------- | --------- | ----------------------------------------------------------- |
| headscale_image_name | yes | Image name of headscale |
| headscale_image_tag | yes | Image version of headscale |
| headscale_db_image_name | yes | Image name of headscale DB |
| headscale_db_image_tag | yes | Image version of headscale DB |
| headscale_db_backup_restore_sidecar_image_name | yes | Image name of init container for headscale DB |
| headscale_db_backup_restore_sidecar_image_tag | yes | Image version of init container for headscale DB |
| headscale_private_key | yes | Private key |
| headscale_noise_private_key | yes | Noise Protocol Private key for TS2021 compatibility |
| headscale_ingress_dns | | Domain name |
| headscale_namespace | | The deployment's target namespace |
| headscale_tls | | Enables TLS for headscale |
| headscale_ingress_annotations | | Annotations that will be attached to the ingress resource |
| headscale_resources | | The kubernetes resources for the actual headscale container |
| headscale_api_key_expiration | | The time how long the generated api key will be valid |
| headscale_ip_prefixes | | Slice of IP Prefixes where the tunnel endpoints are created |
| headscale_ipv4_prefix | | IPv4 prefix where the tunnel endpoints are created |
| headscale_ipv6_prefix | | IPv6 prefix where the tunnel endpoints are created |
5 changes: 2 additions & 3 deletions control-plane/roles/headscale/defaults/main/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,5 @@ headscale_resources:

headscale_api_key_expiration: 365d

headscale_ip_prefixes:
- fd7a:115c:a1e0::/48
- 100.64.0.0/1
headscale_ipv4_prefix: 100.64.0.0/1
headscale_ipv6_prefix: fd7a:115c:a1e0::/48
1 change: 0 additions & 1 deletion control-plane/roles/headscale/tasks/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
- headscale_db_image_tag is defined
- headscale_db_backup_restore_sidecar_image_name is defined
- headscale_db_backup_restore_sidecar_image_tag is defined
- headscale_private_key is defined
- headscale_noise_private_key is defined
- headscale_ingress_dns is not none

Expand Down
25 changes: 16 additions & 9 deletions control-plane/roles/headscale/templates/headscale.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,18 +11,27 @@ data:
listen_addr: 0.0.0.0:8080
grpc_allow_insecure: true
ephemeral_node_inactivity_timeout: 30m
private_key_path: /vol/data/private.key
noise:
private_key_path: /vol/data/noise_private.key
derp:
urls:
- https://controlplane.tailscale.com/derpmap/default
ip_prefixes: {{ headscale_ip_prefixes | to_json }}
db_type: postgres
db_host: headscale-db
db_name: {{ headscale_db_db }}
db_user: {{ headscale_db_user }}
database:
type: postgres
postgres:
host: headscale-db
port: 5432
name: {{ headscale_db_db }}
user: {{ headscale_db_user }}
prefixes:
v4: {{ headscale_ipv4_prefix }}
v6: {{ headscale_ipv6_prefix }}
dns:
magic_dns: false
---
apiVersion: v1
kind: Secret
Expand Down Expand Up @@ -94,9 +103,7 @@ spec:
- containerPort: 50443
name: grpc
env:
- name: HEADSCALE_DB_PORT
value: "5432"
- name: HEADSCALE_DB_PASS
- name: HEADSCALE_DATABASE_POSTGRES_PASS
valueFrom:
secretKeyRef:
key: password
Expand Down

0 comments on commit c5939ca

Please sign in to comment.