wireguard-chart icon indicating copy to clipboard operation
wireguard-chart copied to clipboard

Published 20 hours ago verified publisher icon bryopsida

Optional toggle to use k8s-wireguard-mgr for keygen hook

Open bryopsida opened this issue 1 year ago • 1 comments

What

When running through a system such as argo, which doesn't correctly handle the helm hook directives and always runs the install phase hook, more graceful handling of the case of the secret already existing is needed. This is also beneficial for cases where the release has been uninstalled and one wants to re-use the existing key on a new install.

This introduces a new boolean toggle to opt into using the k8s-wireguard-mgr image found here:

https://github.com/bryopsida/k8s-wireguard-mgr

This image generates the server key, if an error is returned from the kubernetes API it inspects the reason, if the reason is already exists, it exits with status code 0. The reason it always attempts to create the secret is to avoid giving the hook/job serviceaccount access to read secrets.

The toggle is enabled with the value keygenJob.useWireguardManager, the image used can be customized with

  • keygenJob.wireguardMgrImage.repository
  • keygenJob.wireguardMgrImage.tag

Relates to: #46

bryopsida avatar Mar 24 '24 16:03 bryopsida

Introducing client connection test in: https://github.com/bryopsida/wireguard-chart/pull/55

Once that is integrated this will just need a test case added with the appropriate values toggled on to use the key mgr sidecar.

bryopsida avatar Aug 10 '24 20:08 bryopsida