initialize wg-easy

helm/templates/_helpers.tpl

@@ -0,0 +1,7 @@
+{{ define "wg-easy.name" -}}
+{{ .Chart.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{ define "wg-easy.environment" -}}
+{{ printf "environment-%s" .Chart.Name | trunc 51 | trimSuffix "-" }}
+{{- end }}

helm/templates/configmap.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "wg-easy.environment" . }}
+data:
+  PGID: {{ .Values.environment.PGID | quote }}
+  PUID: {{ .Values.environment.PUID | quote }}
+  INSECURE: {{ .Values.environment.INSECURE | quote }}

helm/templates/service.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "wg-easy.name" . }}
+spec:
+  type: {{ .Values.service.type }}
+  {{- if and .Values.service.loadBalancerIP (ne .Values.service.loadBalancerIP "") }}
+  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+  {{- end }}
+  selector:
+    app: {{ include "wg-easy.name" . }}
+  ports:
+    - name: http
+      port: {{ .Values.service.uiPort }}
+      targetPort: 51821
+      protocol: TCP
+    - name: wireguard
+      port: {{ .Values.service.wgPort }}
+      targetPort: {{ .Values.service.wgPort }}
+      protocol: UDP

helm/templates/statefulset.yaml

@@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "wg-easy.name" . }}
+  labels:
+    app: {{ include "wg-easy.name" . }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ include "wg-easy.name" . }}
+  template:
+    metadata:
+      labels:
+        app: {{ include "wg-easy.name" . }}
+    spec:
+      securityContext:
+        sysctls:
+          {{- if .Values.system.ipv4Forward }}
+          - name: net.ipv4.ip_forward
+            value: "1"
+          {{- end }}
+          {{- if .Values.system.ipv6Forward }}
+          - name: net.ipv6.conf.all.forwarding
+            value: "1"
+          {{- end }}
+      containers:
+        - name: {{ include "wg-easy.name" . }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 51821
+              protocol: TCP
+            - name: wireguard
+              containerPort: {{ .Values.service.wgPort }}
+              protocol: UDP
+          envFrom:
+            - configMapRef:
+                name: {{ include "wg-easy.environment" . }}
+          securityContext:
+            capabilities:
+              add: ["NET_ADMIN", "SYS_MODULE"]
+          volumeMounts:
+            - name: data
+              mountPath: /etc/wireguard
+          {{- if .Values.resources }}
+          resources:
+            {{- if .Values.resources.requests }}
+            requests:
+              {{- if .Values.resources.requests.cpu }}
+              cpu: "{{ .Values.resources.requests.cpu }}"
+              {{- end }}
+              {{- if .Values.resources.requests.memory }}
+              memory: "{{ .Values.resources.requests.memory }}"
+              {{- end }}
+            {{- end }}
+            {{- if .Values.resources.limits }}
+            limits:
+              {{- if .Values.resources.limits.cpu }}
+              cpu: "{{ .Values.resources.limits.cpu }}"
+              {{- end }}
+              {{- if .Values.resources.limits.memory }}
+              memory: "{{ .Values.resources.limits.memory }}"
+              {{- end }}
+            {{- end }}
+          {{- end }}
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+      spec:
+        accessModes: {{ .Values.persistence.accessModes }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.size }}
+        {{- if and .Values.persistence.storageClass (ne .Values.persistence.storageClass "") }}
+        storageClassName: {{ .Values.persistence.storageClass | quote }}
+        {{- end }}