No introduction found. Create it?
Install with:
helm repo add bjw-s oci://ghcr.io/bjw-s/helm/
helm install headscale bjw-s/app-template -f values.yamlSee examples from other people.
| Name | Repo | Stars | Version | Timestamp |
|---|---|---|---|---|
| headscale | joryirving/home-ops | 141 | 3.5.1 | 12 days ago |
| headscale | haraldkoch/kochhaus-home | 118 | 3.5.1 | a month ago |
| headscale | JJGadgets/Biohazard | 39 | 2.6.0 | 9 months ago |
See the most popular values for this chart:
| Key | Types |
|---|---|
persistence.config.name (8) headscale-config | string |
| string | |
persistence.config.advancedMounts.headscale.app[].path (5) /etc/headscale/config.yaml | string |
persistence.config.advancedMounts.headscale.app[].subPath (5) config.yaml | string |
persistence.config.advancedMounts.main.01-litestream-restore[].path (1) /etc/litestream.yml | string |
| boolean | |
| string | |
persistence.config.advancedMounts.main.litestream[].path (1) /etc/litestream.yml | string |
| boolean | |
persistence.config.advancedMounts.main.litestream[].subPath (1) litestream-replicate | string |
persistence.config.advancedMounts.main.main[].path (1) /etc/headscale/config.yaml | string |
| boolean | |
| string | |
| boolean | |
persistence.config.globalMounts[].path (1) /etc/headscale/config.yaml | string |
| string | |
persistence.config.mountPath (1) /etc/headscale/config.yaml | string |
| boolean | |
persistence.config.subPath (1) config.yaml | string |
persistence.tmp.type (7) emptyDir | string |
persistence.tmp.advancedMounts.headscale.app[].path (5) /var/run/headscale | string |
| string | |
persistence.tmp.advancedMounts.headscale.headscale[].path (1) /var/run/headscale | string |
| string | |
persistence.tmp.advancedMounts.ui.app[].path (4) /data | string |
| string | |
| string | |
| boolean | |
persistence.tmp.globalMounts[].path (1) /var/run/headscale | string |
| boolean | |
| string | |
persistence.var-lib-headscale.advancedMounts.headscale.app[].path (3) /var/lib/headscale | string |
| string | |
persistence.keys.advancedMounts.headscale.headscale[].path (1) /etc/headscale/private.key | string |
persistence.keys.advancedMounts.headscale.headscale[].subPath (1) private.key | string |
persistence.keys.name (1) headscale-keys-secret | string |
| string | |
| string | |
| string | |
| boolean | |
persistence.nfs.path (1) ${PATH_NAS_PERSIST_K8S}/headscale | string |
persistence.nfs.server (1) ${IP_TRUENAS} | string |
| string | |
| string | |
| string | |
persistence.secrets.advancedMounts.main.main[].path (1) /etc/headscale/private.key | string |
| boolean | |
persistence.secrets.advancedMounts.main.main[].subPath (1) private.key | string |
| number | |
| boolean | |
persistence.secrets.name (1) headscale-secrets | string |
| string | |
| boolean | |
| string | |
persistence.socket.mountPath (1) /var/run/headscale | string |
persistence.socket.type (1) emptyDir | string |
persistence.tls.advancedMounts.main.main[].path (1) /tls/fullchain.pem | string |
| boolean | |
persistence.tls.advancedMounts.main.main[].subPath (1) tls.crt | string |
| number | |
| boolean | |
persistence.tls.name (1) headscale-tls | string |
persistence.tls.type (1) secret | string |
service.headscale.controller (6) headscale | string |
| number | |
| boolean | |
| number | |
| number | |
| string | |
| number | |
service.main.annotations."coredns.io/hostname" (2) ${APP_DNS_HEADSCALE} | string |
service.main.annotations."io.cilium/lb-ipam-ips" (1) ${APP_IP_HEADSCALE} | string |
service.main.annotations."kube-vip.io/loadbalancerIPs" (1) ${HEADSCALE_LB_ADDR} | string |
| string | |
| boolean | |
| number | |
| string | |
| number | |
| boolean | |
| number | |
| string | |
| boolean | |
| number | |
| string | |
service.main.type (2) LoadBalancer | string |
| string | |
| boolean | |
| string | |
| number | |
| string | |
| string | |
controllers.headscale.containers.app.image.repository (5) ghcr.io/juanfont/headscale | string |
controllers.headscale.containers.app.image.tag (5) v0.23.0@sha256:ffe793968ef6fbec78a8d095893fe03112e6a74231afe366eb504fbc822afea6 | string |
| string | |
| boolean | |
| string | |
| string | |
| boolean | |
| boolean | |
| number | |
| number | |
| boolean | |
| boolean | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
controllers.headscale.containers.app.env.HEADSCALE_DERP_URLS (1) https://controlplane.tailscale.com/derpmap/default | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
controllers.headscale.containers.app.env.HEADSCALE_NOISE_PRIVATE_KEY_PATH (1) /etc/headscale/noise_private.key | string |
controllers.headscale.containers.app.env.HEADSCALE_OIDC_CLIENT_SECRET (1) ${oidc_client_secret} | string |
| string | |
controllers.headscale.containers.app.env.HEADSCALE_PREFIXES_V6 (1) fd7a:115c:a1e0::/48 | string |
controllers.headscale.containers.app.env.HEADSCALE_PRIVATE_KEY_PATH (1) /etc/headscale/private.key | string |
controllers.headscale.containers.app.env.HEADSCALE_SERVER_URL (1) https://${app_url} | string |
controllers.headscale.containers.app.env.TZ (1) Pacific/Auckland | string |
| string | |
| string | |
| string | |
controllers.headscale.containers.headscale.args[] (1) - headscale | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
controllers.headscale.containers.headscale.env.HEADSCALE_OIDC_CLIENT_ID.secretKeyRef.key (1) HEADSCALE_OIDC_CLIENT_ID | string |
| string | |
controllers.headscale.containers.headscale.env.HEADSCALE_OIDC_CLIENT_SECRET.secretKeyRef.key (1) HEADSCALE_OIDC_CLIENT_SECRET | string |
| string | |
| string | |
| string | |
| string | |
controllers.headscale.containers.headscale.image.repository (1) ghcr.io/juanfont/headscale | string |
controllers.headscale.containers.headscale.image.tag (1) 0.23.0-alpha12@sha256:31c31103931fee0269017a21330332d83269ccd139f736c8ce8d0cc8ab053068 | string |
| boolean | |
| boolean | |
| boolean | |
| number | |
| number | |
| boolean | |
| string | |
| boolean | |
| string | |
| string | |
| string | |
| string | |
| number | |
controllers.headscale.type (1) statefulset | string |
controllers.ui.strategy (5) RollingUpdate | string |
controllers.ui.containers.app.image.repository (4) ghcr.io/gurucomputing/headscale-ui | string |
controllers.ui.containers.app.image.tag (4) 2024.02.24-beta1@sha256:4c618a7b6e8b32f5ef6af3c7e6936c63e8568ad9ae8d190dafb2551a64ff40a2 | string |
| boolean | |
| boolean | |
| string | |
controllers.ui.containers.app.env.TZ (1) Pacific/Auckland | string |
| string | |
| string | |
| string | |
controllers.ui.containers.headscale.env.HS_SERVER (1) https://headscale.${EXTERNAL_DOMAIN} | string |
controllers.ui.containers.headscale.env.KEY.secretKeyRef.key (1) UI_ENCRYPTION_KEY | string |
controllers.ui.containers.headscale.env.KEY.secretKeyRef.name (1) headscale-keys-secret | string |
controllers.ui.containers.headscale.env.OIDC_AUTH_URL.secretKeyRef.key (1) HEADSCALE_OIDC_AUTH_URL | string |
| string | |
controllers.ui.containers.headscale.env.OIDC_CLIENT_ID.secretKeyRef.key (1) HEADSCALE_OIDC_CLIENT_ID | string |
| string | |
controllers.ui.containers.headscale.env.OIDC_CLIENT_SECRET.secretKeyRef.key (1) HEADSCALE_OIDC_CLIENT_SECRET | string |
| string | |
| string | |
| string | |
| string | |
controllers.ui.containers.headscale.image.repository (1) ifargle/headscale-webui | string |
| string | |
| boolean | |
| string | |
controllers.admin.containers.main.image.repository (1) goodieshq/headscale-admin | string |
| string | |
| boolean | |
| boolean | |
| boolean | |
| number | |
| number | |
| boolean | |
| string | |
| number | |
| number | |
controllers.admin.strategy (1) RollingUpdate | string |
| string | |
controllers.main.containers.litestream.env.AGE_PUBKEY.valueFrom.secretKeyRef.key (1) litestream-age-pubkey | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
controllers.main.containers.litestream.env.R2_ENDPOINT.valueFrom.secretKeyRef.key (1) litestream-r2-endpoint | string |
| string | |
controllers.main.containers.litestream.image.repository (1) docker.io/litestream/litestream | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| boolean | |
| string | |
| boolean | |
controllers.main.containers.main.command[] (1) - headscale | string |
controllers.main.containers.main.env.TZ (1) ${CONFIG_TZ} | string |
controllers.main.containers.main.image.repository (1) ghcr.io/juanfont/headscale | string |
controllers.main.containers.main.image.tag (1) 0.23.0@sha256:fd2a5326d0742a98597e33acbb33a6055afbe9c98b05919a7ff65bb0715f9bb4 | string |
| string | |
| string | |
| string | |
| boolean | |
| string | |
| boolean | |
controllers.main.initContainers.01-litestream-restore.args[] (1) - restore | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
controllers.main.initContainers.01-litestream-restore.image.repository (1) docker.io/litestream/litestream | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| boolean | |
| string | |
| boolean | |
| string | |
| string | |
| string | |
| number | |
controllers.main.type (1) deployment | string |
ingress.headscale.hosts[].host (4) headscale.${EXTERNAL_DOMAIN} | string |
| string | |
| string | |
| string | |
ingress.headscale.className (3) external | string |
ingress.headscale.tls[].hosts[] (3) - headscale.${EXTERNAL_DOMAIN} | string |
ingress.headscale.tls[].secretName (2) headscale-tls-external | string |
ingress.headscale.annotations."external-dns.alpha.kubernetes.io/target" (2) network.${CLUSTER_DOMAIN} | string |
| string | |
| string | |
| string | |
| boolean | |
| string | |
ingress.app.annotations."external-dns.alpha.kubernetes.io/target" (2) ipv4.${SECRET_DOMAIN},external-utility.${SECRET_DOMAIN} | string |
| string | |
| string | |
ingress.app.className (2) external | string |
ingress.app.hosts[].host (2) {{ .Release.Name }}.${SECRET_DOMAIN} | string |
| string | |
| string | |
| string | |
| boolean | |
ingress.admin.hosts[].host (1) ${app_url} | string |
| string | |
| string | |
| string | |
ingress.admin.tls[].hosts[] (1) - ${app_url} | string |
ingress.admin.tls[].secretName (1) ${certificate_name} | string |
| string | |
ingress.main.annotations."traefik.ingress.kubernetes.io/router.middlewares" (1) networking-traefik-middleware-chain-no-auth@kubernetescrd | string |
| boolean | |
ingress.main.hosts[].host (1) headscale.${SECRET_DOMAIN} | string |
| string | |
| string | |
| string | |
ingress.main.tls[].hosts[] (1) - headscale.${SECRET_DOMAIN} | string |
ingress.main.tls[].secretName (1) ${SECRET_DOMAIN/./-}-production-tls | string |
ingress.ui.annotations."external-dns.alpha.kubernetes.io/target" (1) external.mcgrath.nz | string |
ingress.ui.className (1) external | string |
ingress.ui.hosts[].host (1) ts.mcgrath.nz | string |
| string | |
| string | |
| string | |
ingress.ui.tls[].hosts[] (1) - ts.mcgrath.nz | string |
defaultPodOptions.securityContext.runAsGroup (3) ${APP_UID_HEADSCALE} | string, number |
defaultPodOptions.securityContext.runAsUser (3) ${APP_UID_HEADSCALE} | string, number |
defaultPodOptions.securityContext.sysctls[].name (3) net.ipv4.ip_unprivileged_port_start | string |
| string | |
defaultPodOptions.securityContext.fsGroup (2) ${APP_UID_HEADSCALE} | string, number |
| string | |
| boolean | |
| string | |
| boolean | |
| number | |
| boolean | |
| string | |
secrets.config.stringData."noise_private.key" (1) ${noise_private_key} | string |
secrets.config.stringData."private.key" (1) ${private_key} | string |
| boolean | |
| string | |
| string | |
| string | |
| string | |
| string | |
serviceMonitor.main.serviceName (2) headscale | string |
| boolean | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
args[] (1) - headscale | string |
configMaps.config.data."config.yaml" (1) server_url: https://${APP_DNS_HEADSCALE}:443
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 0.0.0.0:9090
grpc_listen_addr: 127.0.0.1:50443
grpc_allow_insecure: false
private_key_path: /etc/headscale/private.key
noise:
private_key_path: /etc/headscale/noise_private.key
db_type: sqlite3
db_path: /var/run/headscale/headscale.db
tls_cert_path: "/tls/fullchain.pem"
tls_key_path: "/tls/privkey.pem"
log:
format: json
level: info
logtail:
enabled: false
#acl_policy_path: "/etc/headscale/acl.hujson"
ip_prefixes:
- ${CONFIG_HEADSCALE_IPV4}
randomize_client_port: false
dns_config:
magic_dns: true
base_domain: ${DNS_SHORT}
override_local_dns: true
nameservers:
- ${IP_HOME_DNS}
domains:
- ${DNS_SHORT}
derp:
server:
enabled: true
region_id: 999
region_code: "Biohazard"
region_name: "Biohazard-Home-Relay"
stun_listen_addr: "0.0.0.0:3478"
urls:
- https://controlplane.tailscale.com/derpmap/default
paths: []
auto_update_enabled: true
update_frequency: 24h
disable_check_updates: true
ephemeral_node_inactivity_timeout: 30m
node_update_check_interval: 10s
oidc:
only_start_if_oidc_is_available: true
issuer: "${SECRET_HEADSCALE_OIDC_URL}"
client_id: "${SECRET_HEADSCALE_OIDC_ID}"
client_secret_path: "/oidc/secret"
scope: ["openid", "profile", "email"]
expiry: 30d
use_expiry_from_token: false
extra_params:
domain_hint: ${DNS_MAIN}
allowed_domains:
- ${APP_DNS_AUTH}
- ${DNS_MAIN} | string |
configMaps.config.data.litestream-replicate (1) dbs:
- path: /var/run/headscale/headscale.db
replicas:
- name: "nas"
type: "file"
path: "/nfs"
retention: 168h
validation-interval: 1h
age:
recipients:
- ${AGE_PUBKEY}
- name: "r2"
type: "s3"
endpoint: "${R2_ENDPOINT}"
bucket: "${R2_BUCKET}"
path: "headscale"
force-path-style: true
retention: 168h
validation-interval: 24h
age:
recipients:
- ${AGE_PUBKEY}
| string |
configMaps.config.data.litestream-restore (1) dbs:
- path: /var/run/headscale/headscale.db
replicas:
- name: "nas"
type: "file"
path: "/nfs"
retention: 168h
validation-interval: 1h
age:
identities:
- ${AGE_SECRET}
- name: "r2"
type: "s3"
endpoint: "${R2_ENDPOINT}"
bucket: "${R2_BUCKET}"
path: "headscale"
force-path-style: true
retention: 168h
validation-interval: 24h
age:
identities:
- ${AGE_SECRET}
| string |
| boolean | |
| string | |
controller.type (1) statefulset | string |
| string | |
| string | |
env.TZ (1) ${TIMEZONE} | string |
image.repository (1) ghcr.io/juanfont/headscale | string |
image.tag (1) latest@sha256:aadf29a875bb2ffdf6579869e5759935f7a64b9fd19fcea9d5385c5d7220dc7b | string |
| string | |
| string | |
| string | |
volumeClaimTemplates[].accessMode (1) ReadWriteOnce | string |
volumeClaimTemplates[].mountPath (1) /etc/headscale | string |
| string | |
| string | |
volumeClaimTemplates[].storageClass (1) ceph-block | string |