https://github.com/spittal/twingate-helm
Twingate Helm Chart
https://github.com/spittal/twingate-helm
Last synced: 4 months ago
JSON representation
Twingate Helm Chart
- Host: GitHub
- URL: https://github.com/spittal/twingate-helm
- Owner: Spittal
- Created: 2020-06-09T20:43:49.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2020-06-10T14:52:14.000Z (almost 6 years ago)
- Last Synced: 2025-09-07T17:53:42.872Z (9 months ago)
- Language: Smarty
- Size: 10.7 KB
- Stars: 1
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Twingate Helm Chart
[Twingate](https://www.twingate.com/) is remote access for the modern world.
## TL;DR;
```console
$ helm repo add springboard https://helm-charts.springboardvr.com
$ helm install my-release springboard/twingate -n [namespace]
```
## Introduction
This chart bootstraps a [Twingate Access Node](https://hub.docker.com/r/twingate/access-node) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
This chart is heavily influenced by Bitnami charts best practices.
## Prerequisites
- Kubernetes 1.12+
- Helm 3.0+
## Installing the Chart
To install the chart with the release name `my-release`:
```console
$ helm repo add springboard https://helm-charts.springboardvr.com
$ helm install my-release springboard/twingate -n [namespace]
```
These commands deploy Twingate on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
> **Tip**: List all releases using `helm ls -n [namespace]`
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm del my-release -n [namespace]
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Parameters
The following table lists the configurable parameters of the Twingate chart and their default values.
| Parameter | Description | Default |
|-----------------------------------------|-----------------------------------------------------------------------------|---------------------------------------------------------|
| `image.registry` | Twingate image registry | `docker.io` |
| `image.repository` | Twingate image name | `twingate/access-node` |
| `image.tag` | Twingate image tag | `latest` |
| `image.pullPolicy` | Twingate image pull policy | `IfNotPresent` |
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) |
| `nameOverride` | String to partially override twingate.fullname template | `nil` |
| `fullnameOverride` | String to fully override twingate.fullname template | `nil` |
| `replicas` | Number of replicas for the application | `1` |
| `applicationPort` | Port where the application will be running | `80` |
| `extraEnv` | Any extra environment variables to be pass to the pods | `{}` |
| `envFrom` | An envFrom for the deployment, for adding a secret as ENV vars | `{}` |
| `affinity` | Map of node/pod affinities | `{}` (The value is evaluated as a template) |
| `nodeSelector` | node labels for pod assignment | `{}` (The value is evaluated as a template) |
| `tolerations` | Tolerations for pod assignment | `[]` (The value is evaluated as a template) |
| `securityContext.enabled` | Enable security context | `true` |
| `securityContext.fsGroup` | Group ID for the container | `1001` |
| `securityContext.runAsUser` | User ID for the container | `1001` |
| `resources` | Resource requests and limits | `{}` |
| `service.type` | Kubernetes Service type | `ClusterIP` |
| `service.port` | Kubernetes Service port | `80` |
| `service.annotations` | Annotations for the Service | {} |
| `service.loadBalancerIP` | LoadBalancer IP if Service type is `LoadBalancer` | `nil` |
| `service.nodePort` | nodePort if Service type is `LoadBalancer` or `nodePort` | `nil` |
| `ingress.enabled` | Enable ingress controller resource | `false` |
| `ingress.hosts[0].name` | Hostname to your Twingate installation | `twingate.local` |
| `ingress.hosts[0].path` | Path within the url structure | `/` |
| `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` |
| `ingress.hosts[0].certManager` | Add annotations for cert-manager | `false` |
| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `twingate.local-tls-secret` |
| `ingress.hosts[0].annotations` | Annotations for this host's ingress record | `[]` |
| `ingress.secrets[0].name` | TLS Secret Name | `nil` |
| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` |
| `ingress.secrets[0].key` | TLS Secret Key | `nil` |
The above parameters map to the env variables defined in [spittal/twingate](https://github.com/Spittal/twingate-helm).
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
$ helm install my-release \
--set repository=https://github.com/jbianquetti-nami/simple-twingate-app.git,replicas=2 \
springboard/twingate
```
The above command clones the remote git repository to the `/app/` directory of the container. Additionally it sets the number of `replicas` to `2`.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
$ helm install my-release -f values.yaml springboard/twingate
```
> **Tip**: You can use the default [values.yaml](values.yaml)
## Configuration and installation details
### Twingate settings
You can configure any twingate setting using the `envFrom` parameter like so. [Learn about envFrom](https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/#define-an-environment-variable-for-a-container).
```yaml
envFrom:
- configMapRef:
name: name-of-config-map-with-env-vars
```
Or you can do individual settings like.
```yaml
extraArgs:
- name: TYPESENSE_API_PORT
value: 8080
```
A list of the available options can be found in the [Twingate documentation](https://docs.twingate.com/docs/deployment-semi-automation).
### Set up an Ingress controller
First install the nginx-ingress controller and then deploy the Twingate Helm chart with the following parameters:
```console
ingress.enabled=true
ingress.host=example.com
service.type=ClusterIP
```
### Configure TLS termination for your ingress controller
You must manually create a secret containing the certificate and key for your domain. Then ensure you deploy the Helm chart with the following ingress configuration:
```yaml
ingress:
enabled: false
path: /
host: example.com
annotations:
kubernetes.io/ingress.class: nginx
tls:
hosts:
- example.com
```