Rename wireguard to netbirdPort, add missing proxy config values

Author: lixmal

charts/netbird-proxy/templates/deployment.yaml

@@ -100,9 +100,9 @@ spec:
             - name: NB_PROXY_ALLOW_INSECURE
               value: "true"
             {{- end }}
-            {{- if .Values.logging.debug }}
-            - name: NB_PROXY_DEBUG_LOGS
-              value: "true"
+            {{- if and .Values.logging.level (ne .Values.logging.level "info") }}
+            - name: NB_PROXY_LOG_LEVEL
+              value: {{ .Values.logging.level | quote }}
             {{- end }}
             {{- if .Values.proxy.domain }}
             - name: NB_PROXY_DOMAIN
@@ -120,6 +120,18 @@ spec:
             - name: NB_PROXY_PROXY_PROTOCOL
               value: "true"
             {{- end }}
+            {{- if .Values.proxy.maxDialTimeout }}
+            - name: NB_PROXY_MAX_DIAL_TIMEOUT
+              value: {{ .Values.proxy.maxDialTimeout | quote }}
+            {{- end }}
+            {{- if .Values.proxy.maxSessionIdleTimeout }}
+            - name: NB_PROXY_MAX_SESSION_IDLE_TIMEOUT
+              value: {{ .Values.proxy.maxSessionIdleTimeout | quote }}
+            {{- end }}
+            {{- if .Values.preSharedKey }}
+            - name: NB_PROXY_PRESHARED_KEY
+              value: {{ .Values.preSharedKey | quote }}
+            {{- end }}
             {{- if .Values.acme.enabled }}
             - name: NB_PROXY_ACME_CERTIFICATES
               value: "true"
@@ -139,6 +151,10 @@ spec:
             {{- end }}
             - name: NB_PROXY_CERT_LOCK_METHOD
               value: {{ .Values.acme.certLockMethod | quote }}
+            {{- if .Values.acme.wildcardCertDir }}
+            - name: NB_PROXY_WILDCARD_CERT_DIR
+              value: {{ .Values.acme.wildcardCertDir | quote }}
+            {{- end }}
             {{- else }}
             - name: NB_PROXY_CERTIFICATE_FILE
               value: {{ .Values.tls.certFile | quote }}

charts/netbird-proxy/values.yaml

@@ -32,10 +32,12 @@ proxy:
   forwardedProto: "auto"
   # -- Comma-separated CIDR ranges of trusted upstream proxies.
   trustedProxies: ""
-  # -- Enable PROXY protocol (v1/v2) on TCP listeners.
-  # Required when behind L4 proxies that support PROXY protocol.
-  # that use PROXY protocol to forward real client IPs.
+  # -- Enable PROXY protocol (v1/v2) on TCP listeners for preserving client IPs.
   proxyProtocol: false
+  # -- Cap per-service backend dial timeout (e.g. "10s"). Empty or "0" means no cap.
+  maxDialTimeout: ""
+  # -- Cap per-service session idle timeout (e.g. "5m"). Empty or "0" means no cap.
+  maxSessionIdleTimeout: ""
 
 # -- Allow users to choose a specific listen port for TCP/UDP services.
 # When false, ports are auto-assigned by management. When true, users
@@ -54,6 +56,9 @@ requireSubdomain: false
 # network namespace and all listen ports are directly reachable.
 hostNetwork: false
 
+# -- Pre-shared key for the tunnel between proxy and peers.
+preSharedKey: ""
+
 netbirdPort:
   # -- Expose the NetBird UDP port for direct peer connectivity.
   enabled: false
@@ -75,6 +80,8 @@ acme:
   eabHmacKey: ""
   # -- Certificate lock method: auto, flock, or k8s-lease.
   certLockMethod: "k8s-lease"
+  # -- Directory containing wildcard certificate pairs (<name>.crt/<name>.key).
+  wildcardCertDir: ""
 
 # -- Static TLS certificate configuration (used when acme.enabled=false).
 tls:
@@ -121,8 +128,8 @@ health:
   address: ":8080"
 
 logging:
-  # -- Enable debug-level logging.
-  debug: false
+  # -- Log level: panic, fatal, error, warn, info, debug, trace.
+  level: "info"
 
 # -- Directory where certificates are stored inside the container.
 certDir: "/certs"