headplane icon indicating copy to clipboard operation
headplane copied to clipboard
verified publisher icon tale

feat: add kubernetes deployment configuration using helm

Open jcstryker opened this issue 6 months ago • 2 comments

This PR resolves #55

Alternative Helm chart to the chart provided here https://github.com/nbcloudio/headplane-chart - I have some concerns around best practices and security - feeling it best to start from scratch to also resolve licensing concerns.

This is provided to this project under the MIT licence.

Thank you to @antoniolago for doing some fantastic work updating that chart from nbcloudio

@definitelynobody for some further enhancements to the nbcloudio chart - I did not adapt anything directly for this first version of the chart but happy to take a look and help bring some of those features in the future

I have tested OIDC Login, Persistence, Admin Login, Database-backed ACLs - I am successfully serving 5-10 devices covering common use cases like exit nodes with this chart in my Homelab.

Notably missing is the tailscale relay feature from the @nbcloudio/@antoniolago/@definitelynobody version of the chart.

I am happy to look into adding that feature in a followup PR once I have time to understand what it does, or someone else can take that enhancement.

example values.yaml used for testing

headplane:
  config:
    url: https://vpn.example.com
    debug: true
    generateCredentials: true
    cookieSecret:
      secretName: vpn-cookie-secret
    oidc:
      enabled: true
      issuerUrl: https://id.example.com
      clientId: foo
      clientSecret:
        secretName: "vpn-oidc-credentials"
      disableApiKeyLogin: true
  persistence:
    enabled: true

headscale:
  config:
    url: https://vpn.example.com
    dns:
      baseDomain: secretnet.example.com
    oidc:
      enabled: true
      issuerUrl: https://id.example.com
      clientId: foo
      clientSecret:
        secretName: "vpn-oidc-credentials"
  persistence:
    enabled: true

extraObjects:
  - apiVersion: gateway.networking.k8s.io/v1
    kind: HTTPRoute
    metadata:
      name: headplane
    spec:
      hostnames:
        - vpn.example.com
      parentRefs:
        - group: gateway.networking.k8s.io
          kind: Gateway
          name: headplane
          namespace: headplane
      rules:
        - backendRefs:
            - group: ""
              kind: Service
              name: headplane
              port: 80
              weight: 1
          matches:
            - path:
                type: PathPrefix
                value: /admin
        - backendRefs:
            - group: ""
              kind: Service
              name: headscale
              port: 80
              weight: 1
          matches:
            - path:
                type: PathPrefix
                value: /

Follow Up PR ideas:

  • Github Action to Publish to OCI repository
  • Add Tailscale Relay feature

jcstryker avatar Jun 24 '25 12:06 jcstryker

For reference I added some stuff on top of @antoniolago's repo here

  • https://github.com/definitelynobody/headplane-chart

I only was trying to get things working, use my changes however you would like or not at all :)

definitelynobody avatar Jul 01 '25 22:07 definitelynobody

@tale this should be ready for review now

jcstryker avatar Oct 13 '25 17:10 jcstryker