From 3296b2387acbe845080591126b7e73aee3302aee Mon Sep 17 00:00:00 2001
From: Dries De Peuter <dries@stenic.io>
Date: Tue, 17 Nov 2020 23:06:24 +0100
Subject: [PATCH] openvpn-as: Extended documentation

---
 charts/openvpn-as/Chart.yaml  |  2 +-
 charts/openvpn-as/README.md   | 77 +++++++++++++++++------------------
 charts/openvpn-as/values.yaml | 44 ++++++++++++++++++--
 3 files changed, 79 insertions(+), 44 deletions(-)

diff --git a/charts/openvpn-as/Chart.yaml b/charts/openvpn-as/Chart.yaml
index 8b18027..4a6e3b7 100644
--- a/charts/openvpn-as/Chart.yaml
+++ b/charts/openvpn-as/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: openvpn-as
 description: A Helm chart for Kubernetes
 type: application
-version: 0.1.6
+version: 0.1.7
 appVersion: version-2.8.6-916f8e7d-ubuntu18
 maintainers:
   - email: dries@stenic.io
diff --git a/charts/openvpn-as/README.md b/charts/openvpn-as/README.md
index 9bab258..ff2acc5 100644
--- a/charts/openvpn-as/README.md
+++ b/charts/openvpn-as/README.md
@@ -47,50 +47,49 @@ The following tables list the configurable parameters of the openvpn-as chart an
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| affinity | object | `{}` |  |
+| affinity | object | `{}` | Affinity labels for pod assignment |
 | fullnameOverride | string | `""` |  |
-| image.pullPolicy | string | `"IfNotPresent"` |  |
-| image.repository | string | `"ghcr.io/linuxserver/openvpn-as"` |  |
-| image.tag | string | `""` |  |
-| imagePullSecrets | list | `[]` |  |
-| ingress.admin.annotations | object | `{}` |  |
-| ingress.admin.enabled | bool | `false` |  |
-| ingress.admin.hostName | string | `"openvpn.local"` |  |
-| ingress.admin.tls.enabled | bool | `true` |  |
-| ingress.admin.tls.secretName | string | `"openvpn-tls"` |  |
-| ingress.gui.annotations | object | `{}` |  |
-| ingress.gui.enabled | bool | `false` |  |
-| ingress.gui.hostName | string | `"openvpn.local"` |  |
-| ingress.gui.tls.enabled | bool | `true` |  |
-| ingress.gui.tls.secretName | string | `"openvpn-tls"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
+| image.repository | string | `"ghcr.io/linuxserver/openvpn-as"` | Image repository |
+| image.tag | string | `""` | Image tag |
+| imagePullSecrets | list | `[]` | Registry secret names as an array |
+| ingress.admin.annotations | object | `{}` | Ingress annotations |
+| ingress.admin.enabled | bool | `false` | Enable ingress resource for Admin GUI |
+| ingress.admin.hostName | string | `"admin.openvpn.local"` |  |
+| ingress.admin.tls.enabled | bool | `true` | Enable TLS configuration for the hostname defined at ingress.admin.hostname parameter |
+| ingress.admin.tls.secretName | string | `"admin.openvpn-tls"` |  |
+| ingress.gui.annotations | object | `{}` | Ingress annotations |
+| ingress.gui.enabled | bool | `false` | Enable ingress resource for Client GUI |
+| ingress.gui.hostName | string | `"client.openvpn.local"` |  |
+| ingress.gui.tls.enabled | bool | `true` | Enable TLS configuration for the hostname defined at ingress.gui.hostname parameter |
+| ingress.gui.tls.secretName | string | `"client.openvpn-tls"` |  |
 | nameOverride | string | `""` |  |
-| nodeSelector | object | `{}` |  |
-| openvpn.admin.password | string | `"passw0rd"` |  |
-| openvpn.admin.user | string | `"altmin"` |  |
-| openvpn.config."vpn.client.routing.reroute_dns" | string | `"false"` |  |
-| openvpn.config."vpn.client.routing.reroute_gw" | string | `"false"` |  |
-| openvpn.ports.admin | int | `943` |  |
-| openvpn.ports.gui | int | `944` |  |
-| openvpn.ports.tcp | int | `9443` |  |
-| openvpn.ports.udp | int | `1194` |  |
-| openvpn.users | string | `nil` |  |
-| persistence.accessMode | string | `"ReadWriteOnce"` |  |
-| persistence.annotations | object | `{}` |  |
-| persistence.enabled | bool | `true` |  |
-| persistence.size | string | `"8Gi"` |  |
-| persistence.storageClass | string | `nil` |  |
-| podAnnotations | object | `{}` |  |
-| podSecurityContext.fsGroup | int | `1000` |  |
+| nodeSelector | object | `{}` | Node labels for pod assignment |
+| openvpn.admin.password | string | `"passw0rd"` | Password for the initial super_user |
+| openvpn.admin.user | string | `"altmin"` | Username for the initial super_user |
+| openvpn.config | object | `{"vpn.client.routing.reroute_dns":"false","vpn.client.routing.reroute_gw":"false"}` | Config settings to apply to the openvpn-as server |
+| openvpn.ports.admin | int | `943` | Admin GUI port |
+| openvpn.ports.gui | int | `944` | Client GUI port |
+| openvpn.ports.tcp | int | `9443` | VPN TCP port |
+| openvpn.ports.udp | int | `1194` | VPN UDP port |
+| openvpn.users | list | `nil` | Additional users to create when non-existent `[{"user":"someuser","password":"somepassword"}]` |
+| persistence.accessMode | string | `"ReadWriteOnce"` | PVC Access Mode for volume |
+| persistence.annotations | object | `{}` | Annotations for the PVC |
+| persistence.enabled | bool | `true` | Enable persistence using PVC |
+| persistence.size | string | `"8Gi"` | PVC Storage Request for volume |
+| persistence.storageClass | string | `nil` | PVC Storage Class for volume |
+| podAnnotations | object | `{}` | Map of annotations to add to the pods |
+| podSecurityContext.fsGroup | int | `1000` | Group ID for the pod |
 | replicaCount | int | `1` |  |
-| resources | object | `{}` |  |
-| securityContext.capabilities.add[0] | string | `"NET_ADMIN"` |  |
-| service.admin.type | string | `"ClusterIP"` |  |
-| service.gui.type | string | `"ClusterIP"` |  |
-| service.type | string | `"ClusterIP"` |  |
+| resources | object | `{}` | CPU/Memory resource requests/limits |
+| securityContext | object | `{"capabilities":{"add":["NET_ADMIN"]}}` | Security Context |
+| service.admin.type | string | `"ClusterIP"` | Kubernetes Service type for Admin GUI |
+| service.gui.type | string | `"ClusterIP"` | Kubernetes Service type for Client GUI |
+| service.type | string | `"ClusterIP"` | Kubernetes Service type for VPN, generally this is "LoadBalancer" |
 | serviceAccount.annotations | object | `{}` |  |
-| serviceAccount.create | bool | `true` |  |
+| serviceAccount.create | bool | `true` | Create ServiceAccount |
 | serviceAccount.name | string | `""` |  |
-| tolerations | list | `[]` |  |
+| tolerations | list | `[]` | Toleration labels for pod assignment |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
 
diff --git a/charts/openvpn-as/values.yaml b/charts/openvpn-as/values.yaml
index da5e83e..09df239 100644
--- a/charts/openvpn-as/values.yaml
+++ b/charts/openvpn-as/values.yaml
@@ -6,79 +6,112 @@ replicaCount: 1
 
 openvpn:
   ports:
+    # -- Admin GUI port
     admin: 943
+    # -- Client GUI port
     gui: 944
+    # -- VPN TCP port
     tcp: 9443
+    # -- VPN UDP port
     udp: 1194
+  # -- Config settings to apply to the openvpn-as server
   config:
     vpn.client.routing.reroute_gw: "false"
     vpn.client.routing.reroute_dns: "false"
     # host.name: vpn.example.com
 
   admin:
+    # -- Username for the initial super_user
     user: altmin
+    # -- Password for the initial super_user
     password: passw0rd
+  # -- (list) Additional users to create when non-existent `[{"user":"someuser","password":"somepassword"}]`
   users:
     # - user: someuser
     #   password: somepassword
 
 persistence:
+  # -- Enable persistence using PVC
   enabled: true
+  # -- PVC Storage Class for volume
   storageClass:
+  # -- Annotations for the PVC
   annotations: {}
+  # -- PVC Access Mode for volume
   accessMode: "ReadWriteOnce"
+  # -- PVC Storage Request for volume
   size: "8Gi"
 
 image:
+  # -- Image repository
   repository: ghcr.io/linuxserver/openvpn-as
+  # -- Image pull policy
   pullPolicy: IfNotPresent
+  # -- Image tag
   tag: ""
 
+# -- Registry secret names as an array
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
 serviceAccount:
+  # -- Create ServiceAccount
   create: true
   annotations: {}
   name: ""
 
+# -- Map of annotations to add to the pods
 podAnnotations: {}
 
 podSecurityContext:
+  # -- Group ID for the pod
   fsGroup: 1000
 
+# -- Security Context
 securityContext:
   capabilities:
     add: ["NET_ADMIN"]
 
 service:
+  # -- Kubernetes Service type for VPN, generally this is "LoadBalancer"
   type: ClusterIP
   admin:
+    # -- Kubernetes Service type for Admin GUI
     type: ClusterIP
   gui:
+    # -- Kubernetes Service type for Client GUI
     type: ClusterIP
 
 ingress:
   gui:
+    # -- Enable ingress resource for Client GUI
     enabled: false
+    # -- Ingress annotations
     annotations: {}
       # kubernetes.io/ingress.class: nginx
       # kubernetes.io/tls-acme: "true"
-    hostName: openvpn.local
+    # -- Host for the Client GUI
+    hostName: client.openvpn.local
     tls:
+      # -- Enable TLS configuration for the hostname defined at ingress.gui.hostname parameter
       enabled: true
-      secretName: openvpn-tls
+      secretName: client.openvpn-tls
   admin:
+    # -- Enable ingress resource for Admin GUI
     enabled: false
+    # -- Ingress annotations
     annotations: {}
       # kubernetes.io/ingress.class: nginx
       # kubernetes.io/tls-acme: "true"
-    hostName: openvpn.local
+    # -- Host for the Admin GUI
+    hostName: admin.openvpn.local
     tls:
+      # -- Enable TLS configuration for the hostname defined at ingress.admin.hostname parameter
       enabled: true
-      secretName: openvpn-tls
+      secretName: admin.openvpn-tls
 
+# -- CPU/Memory resource requests/limits
 resources: {}
   # limits:
   #   cpu: 100m
@@ -87,6 +120,9 @@ resources: {}
   #   cpu: 100m
   #   memory: 128Mi
 
+# -- Node labels for pod assignment
 nodeSelector: {}
+# -- Toleration labels for pod assignment
 tolerations: []
+# -- Affinity labels for pod assignment
 affinity: {}