feat: add routing peers to netbird

2025-12-11 07:17:52 +05:00
parent a22192e978
commit 2b0a85ae9e
2 changed files with 75 additions and 0 deletions
--- a/netbird/index.ts
+++ b/netbird/index.ts
@@ -9,6 +9,7 @@ import { HelmProvider } from "@cdktf/provider-helm/lib/provider";
 import { SecretV1 } from "@cdktf/provider-kubernetes/lib/secret-v1";
 import { Release } from "@cdktf/provider-helm/lib/release";
 import { CloudflareCertificate, OnePasswordSecret } from "../utils";
+import { DeploymentV1 } from "@cdktf/provider-kubernetes/lib/deployment-v1";

 export class Netbird extends TerraformStack {
  constructor(scope: Construct, id: string) {
@@ -91,5 +92,71 @@ export class Netbird extends TerraformStack {
      chart: "netbird",
      values: [fs.readFileSync(path.join(__dirname, "values.yaml"), "utf8")],
    }).importFrom("netbird/netbird");
+
+    new OnePasswordSecret(this, "netbird-setup-key", {
+      name: "netbird-setup-key",
+      namespace,
+      provider: kubernetes,
+      itemPath: "vaults/Lab/items/netbird-setup-key",
+    });
+
+    new DeploymentV1(this, "netbird-routing-peers", {
+      provider: kubernetes,
+      metadata: {
+        name: "netbird-routing-peer",
+        namespace,
+      },
+      spec: {
+        replicas: "3",
+        selector: {
+          matchLabels: {
+            app: "netbird-routing-peers",
+          },
+        },
+        template: {
+          metadata: {
+            labels: {
+              app: "netbird-routing-peers",
+            },
+          },
+          spec: {
+            container: [
+              {
+                name: "netbird-routing-peers",
+                image: "netbirdio/netbird:latest",
+                env: [
+                  {
+                    name: "NB_SETUP_KEY",
+                    valueFrom: {
+                      secretKeyRef: {
+                        name: "netbird-setup-key",
+                        key: "credential",
+                      },
+                    },
+                  },
+                  {
+                    name: "NB_MANAGEMENT_URL",
+                    value: "https://vpn.dogar.dev",
+                  },
+                  {
+                    name: "NB_HOSTNAME",
+                    value: "netbird-k8s-router",
+                  },
+                  {
+                    name: "NB_LOG_LEVEL",
+                    value: "info",
+                  },
+                ],
+                securityContext: {
+                  capabilities: {
+                    add: ["NET_ADMIN", "SYS_RESOURCE", "SYS_ADMIN"],
+                  },
+                },
+              },
+            ],
+          },
+        },
+      },
+    });
  }
 }
--- a/netbird/values.yaml
+++ b/netbird/values.yaml
@@ -1,5 +1,7 @@
 fullnameOverride: netbird
 management:
+  image:
+    tag: latest
  configmap: |-
    {
      "Stuns": [
@@ -137,8 +139,12 @@ management:

 signal:
  enabled: true
+  image:
+    tag: latest

 relay:
+  image:
+    tag: latest
  envFromSecret:
    NB_AUTH_SECRET: netbird/relayPassword
  env:
@@ -148,6 +154,8 @@ relay:

 dashboard:
  enabled: true
+  image:
+    tag: "v2.23.0"
  env:
    # Endpoints
    NETBIRD_MGMT_API_ENDPOINT: https://vpn.dogar.dev:443