Twingate Helm Chart

Twingate is remote access for the modern world.

TL;DR;

$ helm repo add springboard https://helm-charts.springboardvr.com
$ helm install my-release springboard/twingate -n [namespace]

Introduction

This chart bootstraps a Twingate Access Node deployment on a Kubernetes cluster using the Helm package manager.

This chart is heavily influenced by Bitnami charts best practices.

Prerequisites

Kubernetes 1.12+
Helm 3.0+

Installing the Chart

To install the chart with the release name my-release:

$ helm repo add springboard https://helm-charts.springboardvr.com
$ helm install my-release springboard/twingate -n [namespace]

These commands deploy Twingate on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.

Tip: List all releases using helm ls -n [namespace]

Uninstalling the Chart

To uninstall/delete the my-release deployment:

$ helm del my-release -n [namespace]

The command removes all the Kubernetes components associated with the chart and deletes the release.

Parameters

The following table lists the configurable parameters of the Twingate chart and their default values.

Parameter	Description	Default
`image.registry`	Twingate image registry	`docker.io`
`image.repository`	Twingate image name	`twingate/access-node`
`image.tag`	Twingate image tag	`latest`
`image.pullPolicy`	Twingate image pull policy	`IfNotPresent`
`image.pullSecrets`	Specify docker-registry secret names as an array	`[]` (does not add image pull secrets to deployed pods)
`nameOverride`	String to partially override twingate.fullname template	`nil`
`fullnameOverride`	String to fully override twingate.fullname template	`nil`
`replicas`	Number of replicas for the application	`1`
`applicationPort`	Port where the application will be running	`80`
`extraEnv`	Any extra environment variables to be pass to the pods	`{}`
`envFrom`	An envFrom for the deployment, for adding a secret as ENV vars	`{}`
`affinity`	Map of node/pod affinities	`{}` (The value is evaluated as a template)
`nodeSelector`	node labels for pod assignment	`{}` (The value is evaluated as a template)
`tolerations`	Tolerations for pod assignment	`[]` (The value is evaluated as a template)
`securityContext.enabled`	Enable security context	`true`
`securityContext.fsGroup`	Group ID for the container	`1001`
`securityContext.runAsUser`	User ID for the container	`1001`
`resources`	Resource requests and limits	`{}`
`service.type`	Kubernetes Service type	`ClusterIP`
`service.port`	Kubernetes Service port	`80`
`service.annotations`	Annotations for the Service	{}
`service.loadBalancerIP`	LoadBalancer IP if Service type is `LoadBalancer`	`nil`
`service.nodePort`	nodePort if Service type is `LoadBalancer` or `nodePort`	`nil`
`ingress.enabled`	Enable ingress controller resource	`false`
`ingress.hosts[0].name`	Hostname to your Twingate installation	`twingate.local`
`ingress.hosts[0].path`	Path within the url structure	`/`
`ingress.hosts[0].tls`	Utilize TLS backend in ingress	`false`
`ingress.hosts[0].certManager`	Add annotations for cert-manager	`false`
`ingress.hosts[0].tlsSecret`	TLS Secret (certificates)	`twingate.local-tls-secret`
`ingress.hosts[0].annotations`	Annotations for this host's ingress record	`[]`
`ingress.secrets[0].name`	TLS Secret Name	`nil`
`ingress.secrets[0].certificate`	TLS Secret Certificate	`nil`
`ingress.secrets[0].key`	TLS Secret Key	`nil`

The above parameters map to the env variables defined in spittal/twingate.

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,

$ helm install my-release \
  --set repository=https://github.com/jbianquetti-nami/simple-twingate-app.git,replicas=2 \
    springboard/twingate

The above command clones the remote git repository to the /app/ directory of the container. Additionally it sets the number of replicas to 2.

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,

$ helm install my-release -f values.yaml springboard/twingate

Tip: You can use the default values.yaml

Configuration and installation details

Twingate settings

You can configure any twingate setting using the envFrom parameter like so. Learn about envFrom.

envFrom:
  - configMapRef:
      name: name-of-config-map-with-env-vars

Or you can do individual settings like.

extraArgs:
  - name: TYPESENSE_API_PORT
    value: 8080

A list of the available options can be found in the Twingate documentation.

Set up an Ingress controller

First install the nginx-ingress controller and then deploy the Twingate Helm chart with the following parameters:

ingress.enabled=true
ingress.host=example.com
service.type=ClusterIP

Configure TLS termination for your ingress controller

You must manually create a secret containing the certificate and key for your domain. Then ensure you deploy the Helm chart with the following ingress configuration:

ingress:
  enabled: false
  path: /
  host: example.com
  annotations:
    kubernetes.io/ingress.class: nginx
  tls:
      hosts:
        - example.com

Spittal/twingate-helm