From 9a9aa24049b9f50d4e1d7ed5b525fe7af521d7c4 Mon Sep 17 00:00:00 2001 From: AlMaVizca Date: Sat, 25 Nov 2023 21:08:57 +0700 Subject: [PATCH] Add privileged, iptables forwarding and nodeport configuration Signed-off-by: Aldo Maria Vizcaino --- charts/personal-ovpn/Chart.yaml | 2 +- charts/personal-ovpn/templates/deployment.yaml | 7 +++++++ charts/personal-ovpn/templates/service.yaml | 3 +++ charts/personal-ovpn/values.yaml | 7 +++++++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/charts/personal-ovpn/Chart.yaml b/charts/personal-ovpn/Chart.yaml index a9dedf3..cfbef08 100644 --- a/charts/personal-ovpn/Chart.yaml +++ b/charts/personal-ovpn/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "2.4" description: Roll your own OpenVPN server name: personal-ovpn -version: 0.2.2 +version: 0.2.3 type: application source: - https://github.com/suda/charts/tree/main/charts/personal-ovpn diff --git a/charts/personal-ovpn/templates/deployment.yaml b/charts/personal-ovpn/templates/deployment.yaml index ff74052..dcd9475 100644 --- a/charts/personal-ovpn/templates/deployment.yaml +++ b/charts/personal-ovpn/templates/deployment.yaml @@ -33,6 +33,13 @@ spec: capabilities: add: - NET_ADMIN + privileged: {{ .Values.security.privileged }} + lifecycle: + postStart: + exec: + command: + - "sysctl" + - "net.ipv4.ip_forward={{ .Values.security.ipForward }}" volumeMounts: {{- if .Values.automatic.enabled }} - name: data diff --git a/charts/personal-ovpn/templates/service.yaml b/charts/personal-ovpn/templates/service.yaml index 8b56b28..23081cd 100644 --- a/charts/personal-ovpn/templates/service.yaml +++ b/charts/personal-ovpn/templates/service.yaml @@ -16,6 +16,9 @@ spec: - port: {{ .Values.service.port }} targetPort: openvpn protocol: {{ .Values.service.protocol }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} name: openvpn selector: app.kubernetes.io/name: {{ include "personal-ovpn.name" . }} diff --git a/charts/personal-ovpn/values.yaml b/charts/personal-ovpn/values.yaml index 468b51f..cae9b1a 100644 --- a/charts/personal-ovpn/values.yaml +++ b/charts/personal-ovpn/values.yaml @@ -22,7 +22,14 @@ service: port: 31304 # service.type -- Service type type: NodePort + # service.nodePort -- port binding for the node + port: 31304 + +# securityContext -- security context for pod +security: + privileged: false + ipForward: 0 # limitTraficToNamespace -- limit network traffic just to OpenVPN namespace limitTraficToNamespace: true # limitedCidr -- CIDR to be blocked out