values.yaml 2.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113
  1. # Image registry secret. Required if authorization is needed on registry access.
  2. # Value of $(base64 ~/.docker/config.json).
  3. # For more info see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  4. # registry_secret_data:
  5. # Settings for main openvpn deployment
  6. openvpn:
  7. image: "jcr.infoclinica.ru/sys/openvpn-rsa"
  8. tag: "200207025"
  9. pullPolicy: IfNotPresent
  10. podAnnotations: {}
  11. resources:
  12. limits:
  13. cpu: 350m
  14. memory: 50Mi
  15. requests:
  16. cpu: 350m
  17. memory: 50Mi
  18. # Openvpn config file
  19. configuration: |-
  20. dev openvpn-tun
  21. dev-type tun
  22. port 1194
  23. proto udp
  24. verb 3
  25. status /var/log/openvpn-status.log
  26. management localhost 7505
  27. keepalive 10 120
  28. persist-key
  29. persist-tun
  30. comp-lzo yes
  31. push comp-lzo yes
  32. topology subnet
  33. mssfix
  34. server 10.100.0.0 255.255.0.0
  35. crl-verify /etc/openvpn/keys/crl.pem
  36. client-config-dir /etc/openvpn/ccd
  37. ccd-exclusive
  38. ca /etc/openvpn/keys/ca.crt
  39. cert /etc/openvpn/keys/server.crt
  40. key /etc/openvpn/keys/server.key
  41. # Openvpn keys
  42. keys:
  43. ca.crt: |-
  44. -----BEGIN CERTIFICATE-----
  45. -----END CERTIFICATE-----
  46. server.crt: |-
  47. -----BEGIN CERTIFICATE-----
  48. -----END CERTIFICATE-----
  49. server.key: |-
  50. -----BEGIN PRIVATE KEY-----
  51. -----END PRIVATE KEY-----
  52. crl.pem: |-
  53. -----BEGIN X509 CRL-----
  54. -----END X509 CRL-----
  55. # Openvn healthcheck script
  56. # healthcheck: |-
  57. # #!/bin/bash
  58. # echo state | nc localhost 7505 | grep -i connected
  59. service: {}
  60. # Loadbalancer IP and port
  61. # ip, port and protocol for loadbalancer service, in case it's a server
  62. # ip: 192.168.21.75
  63. # must be same, as port in openvpn config
  64. # port: 1194
  65. # must be same, as proto in openvpn config
  66. # proto: UDP
  67. # annotations
  68. # annotations: {}
  69. # metallb.universe.tf/allow-shared-ip: openvpn-ip
  70. # Virtual flow ip for openvpn service
  71. virtIP_addr: {}
  72. # 192.168.21.71
  73. virtIP_dev: {}
  74. # team0
  75. # Create additional NetworkAttachmentDefinition for multus deployment
  76. multus: {}
  77. # masterIface: team0
  78. # internalIP: 10.215.0.10/24
  79. # internalGW: 10.215.0.1
  80. # externalIP: 217.74.42.168/32
  81. # dnsIP: 192.168.215.100
  82. # Networks CIDR which has to be routed through openvpn
  83. netOpenvpn: {}
  84. # - 10.10.0.0/16
  85. # - 10.1.200.0/24
  86. # CCD configmap
  87. ccd: {}
  88. # test: |-
  89. # ifconfig-push 10.10.10.10 255.255.0.0
  90. # iroute 10.1.200.0 255.255.255.0
  91. # push "route 192.168.200.0 255.255.248.0"
  92. # Router container
  93. router: {}
  94. # image: "images.sdsys.ru/sys/ovpn-rsa" #nicolaka/netshoot
  95. # tag: "200207025"
  96. # pullPolicy: IfNotPresent
  97. # resources:
  98. # limits:
  99. # cpu: 50m
  100. # memory: 50Mi
  101. # requests:
  102. # cpu: 50m
  103. # memory: 50Mi