dont wrap the wg-easy chart

Author: adamancini

applications/wg-easy/charts/wg-easy/charts/wg-easy/.helmignore renamed to applications/wg-easy/charts/wg-easy/.helmignore

@@ -1,6 +1,6 @@
 dependencies:
-- name: templates
-  repository: file://../templates
-  version: 1.0.0
-digest: sha256:9939fc386e44c7a8d0a274f270ec92ac70ac9858442b4f85638122044082da74
-generated: "2025-05-06T15:20:40.596254-04:00"
+- name: common
+  repository: https://bjw-s-labs.github.io/helm-charts
+  version: 3.7.3
+digest: sha256:8d4fda6f1e6a4b35c83a8a65274352a9ade5a96ed80cfa68d072ab3f89d18d59
+generated: "2025-05-06T17:08:23.761384-04:00"

applications/wg-easy/charts/wg-easy/Chart.lock

@@ -1,7 +1,16 @@
-name: wg-easy
-version: 1.0.0
 apiVersion: v2
 dependencies:
-  - name: templates
-    version: '*'
-    repository: file://../templates
+- name: common
+  repository: https://bjw-s-labs.github.io/helm-charts
+  version: 3.7.3
+- name: templates
+  version: '*'
+  repository: file://../templates
+description: Simple wireguard with web configuration management
+home: https://github.com/chris-sanders/helm-charts/charts/wg-easy
+maintainers:
+- email: [email protected]
+  name: Chris Sanders
+  url: https://github.com/chris-sanders/helm-charts
+name: wg-easy
+version: 1.0.0

applications/wg-easy/charts/wg-easy/Chart.yaml

@@ -1,13 +1,169 @@
-wg-easy:
-  wireguard:
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/app-template-3.7.3/charts/other/app-template/values.schema.json
+controllers:
+  main:
+    containers:
+      main:
+        env:
+          # Host is required, no default makes sense
+          WG_HOST: '{{ required "external host name is required. Set wireguard.host" .Values.wireguard.host }}'
+          # Use dig with sensible defaults for all other parameters
+          WG_PORT: '{{ dig "wireguard" "port" "" .Values | quote }}'
+          WG_MTU: '{{ dig "wireguard" "mtu" "" .Values | quote }}'
+          WG_PERSISTENT_KEEPALIVE: '{{ dig "wireguard" "persistentKeepalive" "" .Values | quote }}'
+          WG_DEFAULT_ADDRESS: '{{ dig "wireguard" "defaultAddress" "" .Values | quote }}'
+          WG_DEFAULT_DNS: '{{ dig "wireguard" "defaultDns" "" .Values | quote }}'
+          WG_ALLOWED_IPS: '{{ dig "wireguard" "allowedIps" "" .Values | quote }}'
+          WG_PRE_UP: '{{ dig "wireguard" "preUp" "" .Values | quote }}'
+          WG_POST_UP: '{{ dig "wireguard" "postUp" "" .Values | quote }}'
+          WG_PRE_DOWN: '{{ dig "wireguard" "preDown" "" .Values | quote }}'
+          WG_POST_DOWN: '{{ dig "wireguard" "postDown" "" .Values | quote }}'
+        envFrom:
+          - secretRef:
+              identifier: webpass
+        securityContext:
+          allowPrivilegeEscalation: false
+          sysctls:
+            - name: net.ipv4.ip_forward
+              value: "1"
+          capabilities:
+            add:
+              - NET_ADMIN
+        image:
+          repository: ghcr.io/wg-easy/wg-easy
+          tag: 9.0
+          pullPolicy: IfNotPresent
+        ports:
+          - containerPort: 51821
+            protocol: TCP
+          - containerPort: 51820
+            protocol: UDP
+        resources:
+          requests:
+            cpu: 50m
+            memory: 50Mi
+          limits:
+            cpu: 100m
+            memory: 100Mi
+        probes:
+          liveness:
+            enabled: true
+            spec:
+              initialDelaySeconds: 0
+              periodSeconds: 10
+              timeoutSeconds: 5
+              failureThreshold: 5
+          readiness:
+            enabled: true
+            spec:
+              initialDelaySeconds: 0
+              periodSeconds: 10
+              timeoutSeconds: 1
+              failureThreshold: 5
+
+    #          Liveness:   tcp-socket :51821 delay=0s timeout=5s period=10s #success=1 #failure=5
+    #          Readiness:  tcp-socket :51821 delay=0s timeout=1s period=10s #success=1 #failure=5
+
+secrets:
+  webpass:
+    enabled: true
+    data:
+      PASSWORD: '{{ dig "wireguard" "password" nil .Values | quote }}'
+
+service:
+  web:
+    controller: main
+    enabled: true
+    type: ClusterIP
+    ipFamilyPolicy: SingleStack
+    ipFamilies:
+      - IPv4
+    ports:
+      http:
+        enabled: true
+        port: 51821
+        protocol: HTTP
+    primary: true
+  vpn:
+    controller: main
+    enabled: true
+    type: LoadBalancer
+    ipFamilyPolicy: SingleStack
+    ipFamilies:
+      - IPv4
+    ports:
+      udp:
+        enabled: true
+        port: 51820
+        protocol: UDP
+
+persistence:
+  config:
+    enabled: true
+    type: persistentVolumeClaim
+    storageClass: ''
+    accessMode: ReadWriteOnce
+    size: 1Gi
+    retain: false
+    globalMounts:
+      - path: /etc/wireguard
+
+# Wireguard configuration
+wireguard:
+  # If password is defined will set a password on the web interface
     password: "testpass"
+  # See https://github.com/WeeJeWel/wg-easy for configuration options
     host: "example.com"
     port: 51820 # This is used in the postUp
     defaultAddress: "10.10.10.x"
     defaultDns: "1.1.1.1"
     allowedIps: "0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 224.0.0.0/3"
     postUp: "iptables -A FORWARD -i wg0 -o eth0 -d 192.168.0.0/16,172.16.0.0/12,10.0.0.0/8 -j DROP; iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT"
 
+# Troubleshoot
+troubleshoot:
+  support-bundles:
+    replicated:
+      enabled: true
+    # wg-easy:  # arbitrary name for your custom spec
+    #   enabled: true
+    #   collectors:
+    #     - logs:
+    #         name: wg-easy
+    #         collectorName: wg-easy
+    #         selector:
+    #           - app=wg-easy
+    #         # namespace: {{ .Release.Namespace }}
+    #         containerNames:
+    #           - wg-easy
+    #     securityContext:
+    #       allowPrivilegeEscalation: false
+    #       sysctls:
+    #         - name: net.ipv4.ip_forward
+    #           value: "1"
+    #       capabilities:
+    #         add:
+    #           - NET_ADMIN
+    #     image:
+    #       repository: ghcr.io/wg-easy/wg-easy
+    #       tag: 9.0
+    #       pullPolicy: IfNotPresent
+    #     ports:
+    #       - containerPort: 51821
+    #         protocol: TCP
+    #       - containerPort: 51820
+    #         protocol: UDP
+    #     resources:
+    #       requests:
+    #         cpu: 50m
+    #         memory: 50Mi
+    #       limits:
+    #         cpu: 100m
+    #         memory: 100Mi
+
+
+wg-easy:
+
+
 templates:
   traefikRoutes:
     web-tls: