ab/homelab
1
1
Fork 1
Code Issues Pull Requests 109 Actions Packages Wiki Activity

Added config reload
Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 58s
Details
Check with kubeconform / lint (push) Successful in 7s
Details
Auto-update README / Generate README and Create MR (push) Successful in 5s
Details

Browse Source
This commit is contained in:
Ultradesu
2026-06-29 21:00:55 +03:00
parent 67104123a5
commit f8c69c2434
2 changed files with 96 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
k8s/apps/amnezia/configmap-scripts.yaml
+57 -1
View File
@@ -126,7 +126,7 @@ data:
set -euo pipefail set -euo pipefail
SERVER_CONFIG="/etc/amnezia/server/awg0.conf" SERVER_CONFIG="/etc/amnezia/server/awg0.conf"
CLIENTS_DIR="/etc/amnezia/clients" CLIENTS_DIR="${AMNEZIAWG_CLIENTS_DIR:-/run/amnezia/clients}"
RUNTIME_CONFIG="/run/amnezia/awg0.conf" RUNTIME_CONFIG="/run/amnezia/awg0.conf"
SYNC_CONFIG="/run/amnezia/awg0.sync.conf" SYNC_CONFIG="/run/amnezia/awg0.sync.conf"
STATUS_FILE="/run/amnezia/reload-status" STATUS_FILE="/run/amnezia/reload-status"
@@ -229,6 +229,62 @@ data:
write_reload_status applied "${initial_hash}" write_reload_status applied "${initial_hash}"
watch_client_config "${initial_hash}" watch_client_config "${initial_hash}"
client-secret-sync.sh: |
#!/usr/bin/env bash
set -euo pipefail
CLIENT_SECRET="${AMNEZIAWG_CLIENT_SECRET:-amneziawg-clients}"
CLIENT_SECRET_KEY="${AMNEZIAWG_CLIENT_SECRET_KEY:-peers.conf}"
CLIENTS_DIR="${AMNEZIAWG_CLIENTS_DIR:-/run/amnezia/clients}"
PEERS_FILE="${CLIENTS_DIR}/peers.conf"
SYNC_INTERVAL="${AMNEZIAWG_CLIENT_SECRET_SYNC_INTERVAL:-5}"
NAMESPACE="${POD_NAMESPACE:-$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)}"
write_empty_once() {
mkdir -p "${CLIENTS_DIR}"
if [ ! -f "${PEERS_FILE}" ]; then
: > "${PEERS_FILE}"
chmod 0600 "${PEERS_FILE}"
fi
}
sync_once() {
mkdir -p "${CLIENTS_DIR}"
local tmp_file="${PEERS_FILE}.tmp"
local encoded=""
if ! encoded="$(kubectl get secret "${CLIENT_SECRET}" -n "${NAMESPACE}" -o "go-template={{ index .data \"${CLIENT_SECRET_KEY}\" }}" 2>/dev/null)"; then
echo "WARN: failed to read Secret ${NAMESPACE}/${CLIENT_SECRET}; keeping current peers" >&2
write_empty_once
return 0
fi
if [ -n "${encoded}" ]; then
printf '%s' "${encoded}" | base64 -d > "${tmp_file}"
else
: > "${tmp_file}"
fi
chmod 0600 "${tmp_file}"
if [ -f "${PEERS_FILE}" ] && cmp -s "${tmp_file}" "${PEERS_FILE}"; then
rm -f "${tmp_file}"
return 0
fi
mv "${tmp_file}" "${PEERS_FILE}"
echo "Synced AmneziaWG client peers from Secret ${NAMESPACE}/${CLIENT_SECRET}:${CLIENT_SECRET_KEY}"
}
if [ "${1:-}" = "once" ]; then
sync_once
exit 0
fi
while true; do
sync_once || true
sleep "${SYNC_INTERVAL}"
done
status-patch.sh: | status-patch.sh: |
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
k8s/apps/amnezia/daemonset.yaml
+39 -8
View File
@@ -78,6 +78,26 @@ spec:
kubectl create secret generic amneziawg-endpoints -n "${NAMESPACE}" \ kubectl create secret generic amneziawg-endpoints -n "${NAMESPACE}" \
--from-literal="${NODE_NAME}=${VALUE}" --from-literal="${NODE_NAME}=${VALUE}"
fi fi
- name: sync-client-secret
image: bitnami/kubectl:latest
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- /scripts/client-secret-sync.sh
- once
resources:
requests:
memory: "32Mi"
cpu: "10m"
limits:
memory: "128Mi"
cpu: "100m"
volumeMounts:
- name: scripts
mountPath: /scripts
readOnly: true
- name: runtime-config
mountPath: /run/amnezia
containers: containers:
- name: amneziawg - name: amneziawg
image: amneziavpn/amneziawg-go:latest image: amneziavpn/amneziawg-go:latest
@@ -126,9 +146,6 @@ spec:
- name: server-config - name: server-config
mountPath: /etc/amnezia/server mountPath: /etc/amnezia/server
readOnly: true readOnly: true
- name: client-config
mountPath: /etc/amnezia/clients
readOnly: true
- name: scripts - name: scripts
mountPath: /scripts mountPath: /scripts
readOnly: true readOnly: true
@@ -160,6 +177,25 @@ spec:
readOnly: true readOnly: true
- name: runtime-config - name: runtime-config
mountPath: /run/amnezia mountPath: /run/amnezia
- name: client-secret-sync
image: bitnami/kubectl:latest
imagePullPolicy: IfNotPresent
command:
- /bin/bash
- /scripts/client-secret-sync.sh
resources:
requests:
memory: "32Mi"
cpu: "10m"
limits:
memory: "128Mi"
cpu: "100m"
volumeMounts:
- name: scripts
mountPath: /scripts
readOnly: true
- name: runtime-config
mountPath: /run/amnezia
- name: amneziawg-exporter-redis - name: amneziawg-exporter-redis
image: redis:alpine image: redis:alpine
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
@@ -219,11 +255,6 @@ spec:
items: items:
- key: awg0.conf - key: awg0.conf
path: awg0.conf path: awg0.conf
- name: client-config
secret:
secretName: amneziawg-clients
optional: true
defaultMode: 0600
- name: scripts - name: scripts
configMap: configMap:
name: amneziawg-scripts name: amneziawg-scripts