athens-school/Netbird
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: Add all configuration

Browse Source
This commit is contained in:
Tanguy Herbron 2025-03-03 20:08:05 +01:00
parent 29de0493c9
commit eba053309e
6 changed files with 366 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

209
manifests/deployment.yaml
View File

@ -1,10 +1,43 @@
# TODO
#
# Update var envs
# Create necessary secrets
# Explore volume organisation
# Test multiple replicas configuration
apiVersion: apps/v1
kind: Deployment
metadata:
name: netbird-dashboard
namespace: netbird
spec:
replicas: 1
selector:
matchLabels:
app: netbird-dashboard
template:
metadata:
labels:
app: netbird-dashboard
spec:
containers:
- name: dashboard
image: netbirdio/dashboard:v2.9.0
ports:
- containerPort: 80
env:
- name: NETBIRD_MGMT_API_ENDPOINT
value: "https://netbird.halis.io"
- name: NETBIRD_MGMT_GRPC_API_ENDPOINT
value: "https://netbird.halis.io"
- name: AUTH_CLIENT_SECRET
value: ""
- name: AUTH_AUTHORITY
value: "https://zitadel.halis.io"
- name: USE_AUTH0
value: "false"
- name: AUTH_SUPPORTED_SCOPES
value: "openid profile email offline_access"
- name: AUTH_REDIRECT_URI
value: "/nb-auth"
- name: AUTH_SILENT_REDIRECT_URI
value: "/nb-silent-auth"
- name: NETBIRD_TOKEN_SOURCE
value: ""
---
apiVersion: apps/v1
kind: Deployment
metadata:
@ -20,42 +53,134 @@ spec:
labels:
app: netbird
spec:
hostname: netbird
subdomain: netbird
containers:
- name: dashboard
image: netbirdio/dashboard:v2.3.0
ports:
- containerPort: 80
env:
- name: NETBIRD_MGMT_API_ENDPOINT
value: ""
- name: NETBIRD_MGMT_GRPC_API_ENDPOINT
value: ""
# OIDC
- name: AUTH_AUDIENCE
value: ""
- name: AUTH_CLIENT_ID
value: ""
- name: AUTH_CLIENT_SECRET
value: ""
- name: AUTH_AUTHORITY
value: ""
- name: USE_AUTH0
value: ""
- name: AUTH_SUPPORTED_SCOPES
value: ""
- name: AUTH_REDIRECT_URI
value: ""
- name: AUTH_SILENT_REDIRECT_URI
value: ""
- name: NETBIRD_TOKEN_SOURCE
value: ""
- name: management
image: netbirdio/management:0.27.5
#command: [""]
image: netbirdio/management:0.36.7
args: [
"--port", "443",
"--log-file", "console",
"--log-level", "info",
"--disable-anonymous-metrics=true",
"--single-account-mode-domain=entos.kerux",
"--dns-domain=entos.kerux"
#"--disable-single-account-mode"
]
ports:
- containerPort: 443
# MISSING
# - coturn
# - signal
volumeMounts:
- mountPath: "/etc/netbird/management.json"
name: management-config
subPath: management.json
- mountPath: "/var/lib/netbird"
name: management-pvc
volumes:
- name: management-config
secret:
secretName: netbird-management-secrets
- name: management-pvc
persistentVolumeClaim:
claimName: management-pvc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netbird-signal
namespace: netbird
spec:
replicas: 1
selector:
matchLabels:
app: netbird-signal
template:
metadata:
labels:
app: netbird-signal
spec:
containers:
- name: signal
image: netbirdio/signal:0.36.7
ports:
- containerPort: 10000
volumeMounts:
- mountPath: "/var/lib/netbird"
name: signal-pvc
volumes:
- name: signal-pvc
persistentVolumeClaim:
claimName: signal-pvc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netbird-relay
namespace: netbird
spec:
replicas: 1
selector:
matchLabels:
app: netbird-relay
template:
metadata:
labels:
app: netbird-relay
spec:
containers:
- name: relay
image: netbirdio/relay:0.36.7
ports:
- containerPort: 33080
protocol: TCP
- containerPort: 33080
protocol: UDP
env:
- name: NB_LOG_LEVEL
value: "debug"
- name: NB_LISTEN_ADDRESS
value: ":33080"
- name: NB_EXPOSED_ADDRESS
value: "rels://netbird.halis.io:33080"
# Add Relay section in configmap
- name: NB_AUTH_SECRET
valueFrom:
secretKeyRef:
name: netbird-relay-secrets
key: auth_secret
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: netbird-turn
namespace: netbird
spec:
replicas: 1
selector:
matchLabels:
app: netbird-turn
template:
metadata:
labels:
app: netbird-turn
spec:
containers:
- name: coturn
image: coturn/coturn:4.6.3
args: [
"-c", "/etc/turnserver.conf"
]
ports:
- containerPort: 3478
protocol: UDP
- containerPort: 3478
protocol: TCP
- containerPort: 5349
protocol: UDP
- containerPort: 5349
protocol: TCP
volumeMounts:
- mountPath: "/etc/turnserver.conf:ro"
name: coturn-config
subPath: turnserver.conf
volumes:
- name: coturn-config
secret:
secretName: netbird-turn-secrets

88
manifests/ingress.yaml
View File

@ -1,18 +1,74 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: netbird-ingress
namespace: netbird
annotations:
kubernetes.io/ingress.class: "traefik"
name: netbird-ingress
namespace: netbird
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
kubernetes.io/ingress.class: nginx-external
acme.cert-manager.io/http01-edit-in-place: "true"
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`netbird.beta.halia.dev`)
services:
- name: netbird-svc
namespace: netbird
port: 80
passHostHeader: true
tls:
- hosts:
- netbird.halis.io
secretName: netbird-halis-io-tls
ingressClassName: nginx-external
rules:
- host: netbird.halis.io
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: netbird-svc
port:
number: 80
- path: /api
pathType: Prefix
backend:
service:
name: netbird-management-svc
port:
number: 443
- path: /relay
pathType: Prefix
backend:
service:
name: netbird-relay-svc
port:
number: 33080
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: netbird-grpc-ingress
namespace: netbird
annotations:
kubernetes.io/ingress.class: nginx-external
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "GRPC"
spec:
tls:
- hosts:
- netbird.halis.io
secretName: netbird-halis-io-tls
ingressClassName: nginx-external
rules:
- host: netbird.halis.io
http:
paths:
- path: "/management.ManagementService"
pathType: Prefix
backend:
service:
name: netbird-management-svc
port:
number: 443
- path: "/signalexchange.SignalExchange"
pathType: Prefix
backend:
service:
name: netbird-signal-svc
port:
number: 10000

5
manifests/kustomization.yaml
View File

@ -1,11 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: netbird
resources:
- namespace.yaml
- secrets.yaml
- service.yaml
- ingress.yaml
- pvc.yaml
- deployment.yaml

31
manifests/pvc.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: management-pvc
namespace: netbird
labels:
recurring-job.longhorn.io/source: enabled
recurring-job-group.longhorn.io/standard-pvc: enabled
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
storageClassName: redundant-storage-class
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: signal-pvc
namespace: netbird
labels:
recurring-job.longhorn.io/source: enabled
recurring-job-group.longhorn.io/standard-pvc: enabled
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
storageClassName: redundant-storage-class

24
manifests/secrets.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: netbird-secrets
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://git.halis.io/athens-school/k3s-secrets
targetRevision: prod-migration
path: netbird
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=false
- ApplyOutOfSyncOnly=true
- PruneLast=true
destination:
server: https://kubernetes.default.svc
namespace: netbird

72
manifests/service.yaml
View File

@ -8,10 +8,78 @@ spec:
- name: dashboard
port: 80
protocol: TCP
targetPort: 8080
targetPort: 80
selector:
app: netbird-dashboard
---
apiVersion: v1
kind: Service
metadata:
name: netbird-management-svc
namespace: netbird
spec:
ports:
- name: management
port: 443
protocol: TCP
targetPort: 4443
targetPort: 443
selector:
app: netbird
---
apiVersion: v1
kind: Service
metadata:
name: netbird-signal-svc
namespace: netbird
spec:
ports:
- name: signal
port: 10000
protocol: TCP
targetPort: 10000
selector:
app: netbird-signal
---
apiVersion: v1
kind: Service
metadata:
name: netbird-relay-svc
namespace: netbird
spec:
ports:
- name: relay-udp
port: 33080
protocol: UDP
targetPort: 33080
- name: relay-tcp
port: 33080
protocol: TCP
targetPort: 33080
selector:
app: netbird-relay
---
apiVersion: v1
kind: Service
metadata:
name: netbird-turn-svc
namespace: netbird
spec:
ports:
- name: turn-one-udp
port: 3478
protocol: UDP
targetPort: 3478
- name: turn-one-tcp
port: 3478
protocol: TCP
targetPort: 3478
- name: turn-two-udp
port: 5349
protocol: UDP
targetPort: 5349
- name: turn-two-tcp
port: 5349
protocol: TCP
targetPort: 5349
selector:
app: netbird-turn