```bash helm repo add jaconi https://charts.jaconi.io helm repo update ``` ```bash fullnameOverride: "netbird" config: database: DB_TYPE: postgres HOST: postgres-postgresql.postgres.svc.cluster.local PORT: 5432 NAME: netbird USER: netbird_user PASSWD: password relay: enabled: true config: NB_EXPOSED_ADDRESS: "netbird-relay.netbird.svc.cluster.local:33080" signal: enabled: true management: enabled: true config: NETBIRD_SIGNAL_URI: "netbird-signal.netbird.svc.cluster.local:10000" NETBIRD_SIGNAL_PROTOCOL: "https" NETBIRD_RELAY_DOMAIN: "netbird-relay.netbird.svc.cluster.local" NETBIRD_RELAY_PORT: "33080" NETBIRD_STUN_URI: "stun:netbird-signal.netbird.svc.cluster.local:3478" NETBIRD_TURN_URI: "turn:netbird-signal.netbird.svc.cluster.local:3478" dashboard: enabled: true service: type: ClusterIP ingress: enabled: false ``` ```bash openssl rand -hex 32 kubectl create secret generic netbird-relay-secret \ -n netbird \ --from-literal=netbird-relay-secret-key="8626c1ed1c8cfcb13df6c65819042771a2bf7a280c16f0ba54abea8cde7b560d" ``` ```bash helm install netbird jaconi/netbird \ -n netbird \ --create-namespace \ -f netbird-values.yaml or helm upgrade netbird jaconi/netbird \ -n netbird \ -f netbird-values.yaml ``` ```bash kubectl -n netbird get pods kubectl -n netbird get svc kubectl -n netbird get ingress ``` ```bash vim netbird-dashboard-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: netbird-dashboard namespace: netbird labels: app: netbird-dashboard spec: replicas: 1 selector: matchLabels: app: netbird-dashboard template: metadata: labels: app: netbird-dashboard spec: containers: - name: dashboard image: netbirdio/dashboard:0.45.1 ports: - containerPort: 80 env: - name: NB_MANAGEMENT_API_ENDPOINT value: "http://netbird.local:30830" ``` ```bash vim netbird-dashboard-service.yaml apiVersion: v1 kind: Service metadata: name: netbird-dashboard namespace: netbird spec: selector: app: netbird-dashboard ports: - protocol: TCP port: 80 targetPort: 80 type: ClusterIP ``` ```bash vim netbird-dashboard-ingress.yaml apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: netbird-dashboard namespace: netbird spec: ingressClassName: nginx rules: - host: netbird.local http: paths: - path: / pathType: Prefix backend: service: name: netbird-dashboard port: number: 80 ``` ```bash kubectl apply -f netbird-dashboard-deployment.yaml kubectl apply -f netbird-dashboard-service.yaml kubectl apply -f netbird-dashboard-ingress.yaml ``` ```bash C:\Windows\System32\drivers\etc\hosts ``` # k8s ```bash vim netbird-application.yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: netbird # как будет называться приложение в ArgoCD namespace: argocd # namespace, где установлен ArgoCD spec: project: default source: repoURL: https://charts.jaconi.io # тот самый helm repo chart: netbird # имя чарта targetRevision: "*" # можно зафиксировать версию, пока пусть будет любая helm: releaseName: netbird # как будто ты делал "helm install netbird ..." values: |- fullnameOverride: "netbird" config: database: DB_TYPE: postgres HOST: postgres-postgresql.postgres.svc.cluster.local PORT: 5432 NAME: netbird USER: netbird_user PASSWD: password relay: enabled: true config: NB_EXPOSED_ADDRESS: "netbird-relay.netbird.svc.cluster.local:33080" signal: enabled: true management: enabled: true config: NETBIRD_SIGNAL_URI: "netbird-signal.netbird.svc.cluster.local:10000" NETBIRD_SIGNAL_PROTOCOL: "https" NETBIRD_RELAY_DOMAIN: "netbird-relay.netbird.svc.cluster.local" NETBIRD_RELAY_PORT: "33080" NETBIRD_STUN_URI: "stun:netbird-signal.netbird.svc.cluster.local:3478" NETBIRD_TURN_URI: "turn:netbird-signal.netbird.svc.cluster.local:3478" dashboard: enabled: true service: type: ClusterIP ingress: enabled: true className: nginx hosts: - host: netbird.local paths: - path: / pathType: Prefix destination: server: https://kubernetes.default.svc namespace: netbird # сюда чарты будут ставиться syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true kubectl apply -f netbird-application.yaml -n argocd ``` ```bash kubectl create namespace netbird || true kubectl create secret generic netbird-relay-secret \ -n netbird \ --from-literal=netbird-relay-secret-key="8626c1ed1c8cfcb13df6c65819042771a2bf7a280c16f0ba54abea8cde7b560d" ``` ```bash helm repo add jaconi https://charts.jaconi.io helm repo update vim netbird-dashboard-values.yaml image: # Версия образа UI; есть тег v2.22.2 на Docker Hub # см. netbirdio/dashboard:v2.22.2 :contentReference[oaicite:2]{index=2} tag: v2.22.2 auth: # OIDC-провайдер (например, Keycloak) authority: https://keycloak.example.com/realms/homelab audience: netbird clientID: netbird supportedScopes: > openid profile email offline_access netbird-api netbird: # HTTP API management-сервиса NetBird (тот же, к которому коннектятся клиенты) managementApiEndpoint: https://netbird.example.com # gRPC endpoint того же сервиса managementGrpcApiEndpoint: https://netbird.example.com ingress: enabled: true className: nginx annotations: # Пример для cert-manager, можно убрать если не используешь cert-manager.io/cluster-issuer: letsencrypt hosts: - host: netbird.example.com paths: - path: / pathType: Prefix tls: - secretName: netbird-tls-certificate hosts: - netbird.example.com # namespace можно выбрать любой, но обычно используют netbird kubectl create namespace netbird --dry-run=client -o yaml | kubectl apply -f - helm install netbird-dashboard jaconi/netbird-dashboard \ --namespace netbird \ --values netbird-dashboard-values.yaml ```