No introduction found. Create it?
Install with:
helm repo add bjw-s oci://ghcr.io/bjw-s/helm/
helm install headscale bjw-s/app-template -f values.yamlSee examples from other people.
| Name | Repo | Stars | Version | Timestamp |
|---|---|---|---|---|
| headscale | haraldkoch/kochhaus-home | 125 | 3.6.1 | 9 hours ago |
| headscale | vaskozl/home-infra | 89 | 3.6.1 | 5 days ago |
| headscale | JJGadgets/Biohazard | 48 | 2.6.0 | a year ago |
See the most popular values for this chart:
| Key | Types |
|---|---|
persistence.config.name (4) headscale-config | string |
| string | |
persistence.config.advancedMounts.headscale.app[].path (3) /etc/headscale/config.yaml | string |
| string | |
persistence.config.advancedMounts.main.01-litestream-restore[].path (1) /etc/litestream.yml | string |
| boolean | |
| string | |
persistence.config.advancedMounts.main.litestream[].path (1) /etc/litestream.yml | string |
| boolean | |
persistence.config.advancedMounts.main.litestream[].subPath (1) litestream-replicate | string |
persistence.config.advancedMounts.main.main[].path (1) /etc/headscale/config.yaml | string |
| boolean | |
| string | |
| boolean | |
persistence.tmp.type (4) emptyDir | string |
persistence.tmp.advancedMounts.headscale.app[].path (3) /var/run/headscale | string |
| string | |
persistence.tmp.advancedMounts.ui.app[].path (3) /data | string |
| string | |
| boolean | |
persistence.tmp.globalMounts[].path (1) /var/run/headscale | string |
| boolean | |
| string | |
persistence.var-lib-headscale.advancedMounts.headscale.app[].path (2) /var/lib/headscale | string |
| string | |
| string | |
| string | |
| boolean | |
persistence.nfs.path (1) ${PATH_NAS_PERSIST_K8S}/headscale | string |
persistence.nfs.server (1) ${IP_TRUENAS} | string |
| string | |
| string | |
| string | |
persistence.secrets.advancedMounts.main.main[].path (1) /etc/headscale/private.key | string |
| boolean | |
persistence.secrets.advancedMounts.main.main[].subPath (1) private.key | string |
| number | |
| boolean | |
persistence.secrets.name (1) headscale-secrets | string |
| string | |
persistence.tls.advancedMounts.main.main[].path (1) /tls/fullchain.pem | string |
| boolean | |
persistence.tls.advancedMounts.main.main[].subPath (1) tls.crt | string |
| number | |
| boolean | |
persistence.tls.name (1) headscale-tls | string |
persistence.tls.type (1) secret | string |
| string | |
| string | |
controllers.headscale.containers.app.image.repository (3) ghcr.io/juanfont/headscale | string |
controllers.headscale.containers.app.image.tag (3) v0.24.0@sha256:2a2dcc9fef8f6e520a096743b668e3fd5df06ae422298c808c4e934a78764860 | string |
| boolean | |
| boolean | |
| boolean | |
| number | |
| number | |
| boolean | |
| boolean | |
| string | |
| string | |
controllers.headscale.containers.app.env.HEADSCALE_OIDC_ISSUER (1) https://auth.mcgrath.nz | string |
controllers.headscale.containers.app.env.TZ (1) Pacific/Auckland | string |
| string | |
| string | |
| string | |
| string | |
controllers.ui.containers.app.image.repository (3) ghcr.io/gurucomputing/headscale-ui | string |
controllers.ui.containers.app.image.tag (3) 2024.02.24-beta1@sha256:4c618a7b6e8b32f5ef6af3c7e6936c63e8568ad9ae8d190dafb2551a64ff40a2 | string |
| boolean | |
| boolean | |
| string | |
controllers.ui.containers.app.env.TZ (1) Pacific/Auckland | string |
| string | |
| string | |
controllers.ui.strategy (3) RollingUpdate | string |
| string | |
controllers.main.containers.litestream.env.AGE_PUBKEY.valueFrom.secretKeyRef.key (1) litestream-age-pubkey | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
controllers.main.containers.litestream.env.R2_ENDPOINT.valueFrom.secretKeyRef.key (1) litestream-r2-endpoint | string |
| string | |
controllers.main.containers.litestream.image.repository (1) docker.io/litestream/litestream | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| boolean | |
| string | |
| boolean | |
controllers.main.containers.main.command[] (1) - headscale | string |
controllers.main.containers.main.env.TZ (1) ${CONFIG_TZ} | string |
controllers.main.containers.main.image.repository (1) ghcr.io/juanfont/headscale | string |
controllers.main.containers.main.image.tag (1) 0.23.0@sha256:fd2a5326d0742a98597e33acbb33a6055afbe9c98b05919a7ff65bb0715f9bb4 | string |
| string | |
| string | |
| string | |
| boolean | |
| string | |
| boolean | |
controllers.main.initContainers.01-litestream-restore.args[] (1) - restore | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
| string | |
controllers.main.initContainers.01-litestream-restore.image.repository (1) docker.io/litestream/litestream | string |
| string | |
| string | |
| string | |
| string | |
| string | |
| boolean | |
| string | |
| boolean | |
| string | |
| string | |
| string | |
| number | |
controllers.main.type (1) deployment | string |
ingress.headscale.className (3) external | string |
ingress.headscale.hosts[].host (3) hs.${CLUSTER_DOMAIN} | string |
| string | |
| string | |
| string | |
ingress.headscale.annotations."external-dns.alpha.kubernetes.io/target" (2) network.${CLUSTER_DOMAIN} | string |
| string | |
| string | |
ingress.headscale.tls[].hosts[] (1) - ts.mcgrath.nz | string |
ingress.ui.className (2) haproxy-external | string |
ingress.ui.hosts[].host (2) ts.sko.ai | string |
| string | |
| string | |
| string | |
ingress.ui.annotations."external-dns.alpha.kubernetes.io/target" (1) external.mcgrath.nz | string |
ingress.ui.tls[].hosts[] (1) - ts.mcgrath.nz | string |
service.headscale.controller (3) headscale | string |
| number | |
| boolean | |
| number | |
| string | |
| number | |
service.main.annotations."coredns.io/hostname" (1) ${APP_DNS_HEADSCALE} | string |
service.main.annotations."io.cilium/lb-ipam-ips" (1) ${APP_IP_HEADSCALE} | string |
| string | |
| boolean | |
| string | |
| boolean | |
| number | |
| string | |
| number | |
| boolean | |
| number | |
| string | |
| boolean | |
| number | |
| string | |
service.main.type (1) LoadBalancer | string |
defaultPodOptions.securityContext.fsGroup (2) ${APP_UID_HEADSCALE} | string, number |
| string | |
defaultPodOptions.securityContext.runAsGroup (2) ${APP_UID_HEADSCALE} | string, number |
defaultPodOptions.securityContext.runAsUser (2) ${APP_UID_HEADSCALE} | string, number |
defaultPodOptions.securityContext.sysctls[].name (2) net.ipv4.ip_unprivileged_port_start | string |
| string | |
| boolean | |
| string | |
| boolean | |
secrets.config.stringData."config.yaml" (2) server_url: http://ts.sko.ai
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 0.0.0.0:9090
private_key_path: /var/lib/headscale/private.key
noise:
private_key_path: /var/lib/headscale/noise_private.key
prefixes:
v6: fd7a:115c:a1e0::/48
v4: 100.64.0.0/10
derp:
server:
enabled: false
urls:
- https://controlplane.tailscale.com/derpmap/default
auto_update_enabled: true
update_frequency: 24h
disable_check_updates: false
ephemeral_node_inactivity_timeout: 30m
database:
type: sqlite
sqlite:
path: /var/lib/headscale/db.sqlite
# TODO: Remove after 0.23.0
db_type: sqlite3
db_path: /var/lib/headscale/db.sqlite
dns_config:
# Whether to prefer using Headscale provided DNS or use local.
override_local_dns: true
# List of DNS servers to expose to clients.
nameservers:
- 192.168.1.1
domains: []
magic_dns: true
base_domain: ts.sko.ai
log:
level: debug
| string |
| boolean | |
configMaps.config.data."config.yaml" (1) server_url: https://${APP_DNS_HEADSCALE}:443
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 0.0.0.0:9090
grpc_listen_addr: 127.0.0.1:50443
grpc_allow_insecure: false
private_key_path: /etc/headscale/private.key
noise:
private_key_path: /etc/headscale/noise_private.key
db_type: sqlite3
db_path: /var/run/headscale/headscale.db
tls_cert_path: "/tls/fullchain.pem"
tls_key_path: "/tls/privkey.pem"
log:
format: json
level: info
logtail:
enabled: false
#acl_policy_path: "/etc/headscale/acl.hujson"
ip_prefixes:
- ${CONFIG_HEADSCALE_IPV4}
randomize_client_port: false
dns_config:
magic_dns: true
base_domain: ${DNS_SHORT}
override_local_dns: true
nameservers:
- ${IP_HOME_DNS}
domains:
- ${DNS_SHORT}
derp:
server:
enabled: true
region_id: 999
region_code: "Biohazard"
region_name: "Biohazard-Home-Relay"
stun_listen_addr: "0.0.0.0:3478"
urls:
- https://controlplane.tailscale.com/derpmap/default
paths: []
auto_update_enabled: true
update_frequency: 24h
disable_check_updates: true
ephemeral_node_inactivity_timeout: 30m
node_update_check_interval: 10s
oidc:
only_start_if_oidc_is_available: true
issuer: "${SECRET_HEADSCALE_OIDC_URL}"
client_id: "${SECRET_HEADSCALE_OIDC_ID}"
client_secret_path: "/oidc/secret"
scope: ["openid", "profile", "email"]
expiry: 30d
use_expiry_from_token: false
extra_params:
domain_hint: ${DNS_MAIN}
allowed_domains:
- ${APP_DNS_AUTH}
- ${DNS_MAIN} | string |
configMaps.config.data.litestream-replicate (1) dbs:
- path: /var/run/headscale/headscale.db
replicas:
- name: "nas"
type: "file"
path: "/nfs"
retention: 168h
validation-interval: 1h
age:
recipients:
- ${AGE_PUBKEY}
- name: "r2"
type: "s3"
endpoint: "${R2_ENDPOINT}"
bucket: "${R2_BUCKET}"
path: "headscale"
force-path-style: true
retention: 168h
validation-interval: 24h
age:
recipients:
- ${AGE_PUBKEY}
| string |
configMaps.config.data.litestream-restore (1) dbs:
- path: /var/run/headscale/headscale.db
replicas:
- name: "nas"
type: "file"
path: "/nfs"
retention: 168h
validation-interval: 1h
age:
identities:
- ${AGE_SECRET}
- name: "r2"
type: "s3"
endpoint: "${R2_ENDPOINT}"
bucket: "${R2_BUCKET}"
path: "headscale"
force-path-style: true
retention: 168h
validation-interval: 24h
age:
identities:
- ${AGE_SECRET}
| string |
| boolean | |
| string | |
| string | |
| boolean | |
| string | |
| string | |
| string | |
| string | |
| string | |
serviceMonitor.main.serviceName (1) headscale | string |