fix service port references (#96)

* fix service name references

* bump proxy version

* switch to TCP

* fix wireguard service config

* bump gateway chart version

* fix env var name

* add gateway healthcheck

Author: wojcik91

charts/defguard-gateway/Chart.yaml

@@ -3,5 +3,5 @@ name: defguard-gateway
 description: Defguard gateway is a public-facing VPN endpoint.
 
 type: application
-version: 0.3.0
+version: 0.4.0
 appVersion: 1.5.1

charts/defguard-gateway/templates/NOTES.txt

@@ -1,18 +1,14 @@
 1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}/
-{{- end }}
-{{- else if contains "NodePort" .Values.service.grpc.type }}
+{{- if contains "NodePort" .Values.service.wireguard.type }}
   export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "defguard-gateway.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.grpc.type }}
+{{- else if contains "LoadBalancer" .Values.service.wireguard.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
            You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "defguard-gateway.fullname" . }}'
   export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "defguard-gateway.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.grpc.port }}
-{{- else if contains "ClusterIP" .Values.service.grpc.type }}
+  echo http://$SERVICE_IP:{{ .Values.service.wireguard.port }}
+{{- else if contains "ClusterIP" .Values.service.wireguard.type }}
   export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "defguard-gateway.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
   echo "Visit http://127.0.0.1:8080 to use your application"

charts/defguard-gateway/templates/config.yaml

@@ -8,4 +8,4 @@ data:
   DEFGUARD_USERSPACE: {{ .Values.userspace | quote }}
   DEFGUARD_GRPC_URL: {{ .Values.grpcUrl | quote }}
   DEFGUARD_STATS_PERIOD: {{ .Values.statsPeriod | quote }}
-  RUST_LOG: {{ .Values.logLevel | quote }}
+  DEFGUARD_LOG_LEVEL: {{ .Values.logLevel | quote }}

charts/defguard-gateway/templates/deployment.yaml

@@ -39,11 +39,29 @@ spec:
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
-            - name: grpc
-              containerPort: {{ .Values.service.grpc.port }}
+            - name: wireguard
+              containerPort: {{ .Values.service.wireguard.port }}
               protocol: UDP
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          {{- if .Values.healthCheck.enabled }}
+          livenessProbe:
+            httpGet:
+              path: /
+              port: {{ .Values.healthCheck.port }}
+            initialDelaySeconds: {{ .Values.healthCheck.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.healthCheck.livenessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.healthCheck.livenessProbe.timeoutSeconds }}
+            failureThreshold: {{ .Values.healthCheck.livenessProbe.failureThreshold }}
+          readinessProbe:
+            httpGet:
+              path: /
+              port: {{ .Values.healthCheck.port }}
+            initialDelaySeconds: {{ .Values.healthCheck.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.healthCheck.readinessProbe.periodSeconds }}
+            timeoutSeconds: {{ .Values.healthCheck.readinessProbe.timeoutSeconds }}
+            failureThreshold: {{ .Values.healthCheck.readinessProbe.failureThreshold }}
+          {{- end }}
           {{- if .Values.token }}
           env:
             - name: DEFGUARD_TOKEN
@@ -56,6 +74,11 @@ spec:
                   name: {{ .Values.existingTokenSecret }}
                   key: {{ .Values.existingTokenSecretKey }}
           {{- end }}
+          {{- if .Values.healthCheck.enabled }}
+          env:
+            - name: HEALTH_PORT
+              value: {{ .Values.healthCheck.port }}
+          {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/defguard-gateway/templates/ingress-grpc.yaml

@@ -2,21 +2,21 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    {{- with .Values.service.grpc.annotations }}
+    {{- with .Values.service.wireguard.annotations }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
-  name: {{ include "defguard-gateway.fullname" . }}-grpc
+  name: {{ include "defguard-gateway.fullname" . }}-wireguard
   labels:
     {{- include "defguard-gateway.labels" . | nindent 4 }}
-    {{- with .Values.service.grpc.labels }}
+    {{- with .Values.service.wireguard.labels }}
     {{- toYaml . | nindent 4 }}
     {{- end }}
 spec:
-  type: {{ .Values.service.grpc.type }}
+  type: {{ .Values.service.wireguard.type }}
   ports:
-    - port: {{ .Values.service.grpc.port }}
-      targetPort: grpc
+    - port: {{ .Values.service.wireguard.port }}
+      targetPort: wireguard
       protocol: UDP
-      name: grpc
+      name: wireguard
   selector:
     {{- include "defguard-gateway.selectorLabels" . | nindent 4 }}

…uard-gateway/templates/grpc-service.yaml …gateway/templates/wireguard-service.yamlcharts/defguard-gateway/templates/grpc-service.yaml renamed to charts/defguard-gateway/templates/wireguard-service.yaml charts/defguard-gateway/templates/grpc-service.yaml renamed to charts/defguard-gateway/templates/wireguard-service.yaml

@@ -25,15 +25,6 @@ image:
   tag: "" # overrides .Chart.AppVersion
 # defguard-gateway container image pull secrets
 imagePullSecrets: []
-# defguard-gateway container ingress configuration
-ingress:
-  grpc:
-    annotations: {}
-    className: ""
-    enabled: true
-    host: defguard-gateway-grpc.local
-    labels: {}
-    tls: false
 # defguard-gateway pod affinity configuration
 affinity: {}
 # defguard-gateway node selector configuration
@@ -54,13 +45,26 @@ podSecurityContext: {}
 securityContext: {}
 # defguard-gateway pod additional ENV from configmap
 additionalEnvFromConfigMap: ""
+# defguard-gateway health check configuration
+healthCheck:
+  enabled: false
+  port: 35053
+  livenessProbe:
+    initialDelaySeconds: 30
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 3
+  readinessProbe:
+    initialDelaySeconds: 10
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 3
 # defguard-gateway service configuration
 service:
-  grpc:
-    annotations:
-      traefik.ingress.kubernetes.io/service.serversscheme: h2c
+  wireguard:
+    annotations: {}
     labels: {}
-    port: 50051
+    port: 32140
     type: ClusterIP
 # defguard-gateway serviceaccount configuration
 serviceAccount:

charts/defguard-gateway/values.yaml

@@ -3,5 +3,5 @@ name: defguard-proxy
 description: Defguard proxy is a public-facing proxy for core Defguard service
 
 type: application
-version: 0.7.0
+version: 0.7.1
 appVersion: 1.5.1

charts/defguard-proxy/Chart.yaml

@@ -45,7 +45,7 @@ spec:
               containerPort: {{ .Values.service.web.port }}
               protocol: TCP
             - name: grpc
-              containerPort: {{ .Values.service.web.port }}
+              containerPort: {{ .Values.service.grpc.port }}
               protocol: TCP
           livenessProbe:
             httpGet:

charts/defguard-proxy/templates/deployment.yaml

@@ -70,10 +70,10 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http
-              containerPort: 8000
+              containerPort: {{ .Values.service.web.port }}
               protocol: TCP
             - name: grpc
-              containerPort: 50055
+              containerPort: {{ .Values.service.grpc.port }}
               protocol: TCP
           livenessProbe:
             httpGet: