admin/turingpi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

media: add gluetun (AirVPN wireguard) with proxy service

Browse Source
This commit is contained in:
gilgamezh
2026-01-17 11:16:38 +01:00
parent 8dc529451c
commit 1bf2ea313f
10 changed files with 392 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
custom_helm_charts/gluetun/.helmignore
+21
View File
@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
custom_helm_charts/gluetun/Chart.yaml
+6
View File
@@ -0,0 +1,6 @@
apiVersion: v1
appVersion: "1.0"
description: Gluetun - VPN client with HTTP proxy
name: gluetun
version: 0.1.0
icon: https://raw.githubusercontent.com/qdm12/gluetun/master/.github/logo.png
custom_helm_charts/gluetun/templates/NOTES.txt
+19
View File
@@ -0,0 +1,19 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "gluetun.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ template "gluetun.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "gluetun.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "gluetun.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8888 to use your application"
kubectl port-forward $POD_NAME 8888:{{ .Values.service.port }}
{{- end }}
custom_helm_charts/gluetun/templates/_helpers.tpl
+32
View File
@@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "gluetun.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "gluetun.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "gluetun.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
custom_helm_charts/gluetun/templates/deployment.yaml
+55
View File
@@ -0,0 +1,55 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "gluetun.fullname" . }}
labels:
app: {{ template "gluetun.name" . }}
chart: {{ template "gluetun.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ template "gluetun.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "gluetun.name" . }}
release: {{ .Release.Name }}
spec:
volumes:
{{ toYaml .Values.volumes | indent 6 }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
{{ toYaml .Values.securityContext | indent 12 }}
env:
{{ toYaml .Values.env | indent 12 }}
ports:
- name: http-proxy
containerPort: {{ .Values.service.port }}
protocol: TCP
livenessProbe:
{{ toYaml .Values.livenessProbe | indent 12 }}
readinessProbe:
{{ toYaml .Values.readinessProbe | indent 12 }}
volumeMounts:
{{ toYaml .Values.volumeMounts | indent 12 }}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{ toYaml . | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
custom_helm_charts/gluetun/templates/ingress.yaml
+38
View File
@@ -0,0 +1,38 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "gluetun.fullname" . -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
app: {{ template "gluetun.name" . }}
chart: {{ template "gluetun.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: http
{{- end }}
{{- end }}
custom_helm_charts/gluetun/templates/secret.yaml
+15
View File
@@ -0,0 +1,15 @@
{{- if .Values.secret.create -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.secret.name }}
labels:
app: {{ template "gluetun.name" . }}
chart: {{ template "gluetun.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: Opaque
stringData:
WIREGUARD_PRIVATE_KEY: {{ .Values.secret.privateKey | quote }}
WIREGUARD_ADDRESSES: {{ .Values.secret.addresses | quote }}
{{- end }}
custom_helm_charts/gluetun/templates/service.yaml
+19
View File
@@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "gluetun.fullname" . }}
labels:
app: {{ template "gluetun.name" . }}
chart: {{ template "gluetun.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.port }}
protocol: TCP
name: http-proxy
selector:
app: {{ template "gluetun.name" . }}
release: {{ .Release.Name }}
custom_helm_charts/gluetun/values.yaml
+100
View File
@@ -0,0 +1,100 @@
replicaCount: 1
image:
repository: qmcgaw/gluetun
tag: latest
pullPolicy: IfNotPresent
env:
- name: VPN_SERVICE_PROVIDER
value: "airvpn"
- name: VPN_TYPE
value: "wireguard"
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: gluetun-wireguard
key: WIREGUARD_PRIVATE_KEY
- name: WIREGUARD_ADDRESSES
valueFrom:
secretKeyRef:
name: gluetun-wireguard
key: WIREGUARD_ADDRESSES
- name: SERVER_HOSTNAMES
value: "REPLACE_ME"
- name: HTTPPROXY
value: "on"
- name: HTTPPROXY_LOG
value: "off"
- name: FIREWALL_INPUT_PORTS
value: "8888"
- name: TZ
value: "Europe/Amsterdam"
secret:
create: true
name: gluetun-wireguard
privateKey: "REPLACE_ME"
addresses: "REPLACE_ME"
service:
type: ClusterIP
port: 8888
ingress:
enabled: false
annotations:
kubernetes.io/ingress.class: nginx
kubernetes.io/tls-acme: "true"
path: /
hosts:
- gluetun.example.org
tls:
- secretName: gluetun-example-org
hosts:
- gluetun.example.org
volumes:
- name: dev-tun
hostPath:
path: /dev/net/tun
volumeMounts:
- name: dev-tun
mountPath: "/dev/net/tun"
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
livenessProbe:
tcpSocket:
port: 8888
initialDelaySeconds: 10
periodSeconds: 20
timeoutSeconds: 2
failureThreshold: 3
readinessProbe:
tcpSocket:
port: 8888
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 2
failureThreshold: 3
resources:
requests:
memory: 128Mi
cpu: 100m
limits:
memory: 512Mi
cpu: 500m
nodeSelector: {}
tolerations: []
affinity: {}
helm-values/gluetun_values.yaml
+87
View File
@@ -0,0 +1,87 @@
replicaCount: 1
image:
repository: qmcgaw/gluetun
tag: "latest"
pullPolicy: Always
env:
- name: VPN_SERVICE_PROVIDER
value: "airvpn"
- name: VPN_TYPE
value: "wireguard"
- name: WIREGUARD_PRIVATE_KEY
valueFrom:
secretKeyRef:
name: gluetun-wireguard
key: WIREGUARD_PRIVATE_KEY
- name: WIREGUARD_ADDRESSES
valueFrom:
secretKeyRef:
name: gluetun-wireguard
key: WIREGUARD_ADDRESSES
- name: SERVER_HOSTNAMES
value: "REPLACE_ME"
- name: HTTPPROXY
value: "on"
- name: HTTPPROXY_LOG
value: "off"
- name: FIREWALL_INPUT_PORTS
value: "8888"
- name: TZ
value: "Europe/Amsterdam"
secret:
create: true
name: gluetun-wireguard
privateKey: "REPLACE_ME"
addresses: "REPLACE_ME"
service:
type: ClusterIP
port: 8888
volumes:
- name: dev-tun
hostPath:
path: /dev/net/tun
volumeMounts:
- name: dev-tun
mountPath: "/dev/net/tun"
securityContext:
allowPrivilegeEscalation: false
capabilities:
add:
- NET_ADMIN
livenessProbe:
tcpSocket:
port: 8888
initialDelaySeconds: 10
periodSeconds: 20
timeoutSeconds: 2
failureThreshold: 3
readinessProbe:
tcpSocket:
port: 8888
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 2
failureThreshold: 3
resources:
requests:
memory: 128Mi
cpu: 100m
limits:
memory: 512Mi
cpu: 500m
nodeSelector: {}
tolerations: []
affinity: {}