Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-08-08 15:02:18 -04:00
Code Issues Projects Releases Packages Wiki Activity

dev-docs: Helm chart for full L3 VPN connectivity (#2620)

Browse source 
* dev-docs: add 'things to try' section to VPN howto

* dev-docs: full L3 connectivity in VPN chart
This commit is contained in:
Markus Rudy 2024-01-16 13:59:33 +01:00 committed by GitHub
parent 9181705299
commit 16c63d57cd
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 242 additions and 246 deletions
Download patch file Download diff file Expand all files Collapse all files

24
dev-docs/howto/vpn/helm/values.yaml
View file

@ -8,32 +8,12 @@ serviceCIDR: "10.96.0.0/12"
# on-prem IP ranges to expose to Constellation. Must contain at least one CIDR.
peerCIDRs: []
# The sections below configure the VPN connectivity to the Constellation
# cluster. Exactly one `enabled` must be set to true.
# IPSec configuration
ipsec:
enabled: false
# pre-shared key used for authentication
psk: ""
# Address of the peer's gateway router.
peer: ""
# Wireguard configuration
wireguard:
enabled: false
# If Wireguard is enabled, these fields for the Constellation side must be populated.
private_key: ""
peer_key: ""
# Listening port of the Constellation Wireguard.
port: 51820
# Optional host:port of the on-prem Wireguard.
endpoint: ""
# Optional interval for keep-alive packets in seconds. Setting this helps the on-prem server to
# discover a restarted Constellation VPN frontend.
keepAlive: ""
# required tools: sh nsenter ip pidof jq kubectl charon
image: "nixery.dev/shell/util-linux/iproute2/procps/jq/kubernetes/strongswan"