github/pangolin
1
1
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-04-06 01:11:57 +02:00
Code Issues 85 Packages Projects Releases Wiki Activity

Add kustomize manifests for Kubernetes deployment #144

New Issue
Closed
opened 2026-04-05 17:01:27 +02:00 by MrUnknownDE · 0 comments
MrUnknownDE commented 2026-04-05 17:01:27 +02:00
Owner
Copy Link

Originally created by @Br1an67 on 3/7/2026

Fixes #921

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

This PR adds Kubernetes deployment manifests using kustomize, enabling users to deploy Pangolin on Kubernetes clusters. This addresses the community request for Kubernetes support as discussed in #921.

The implementation includes:

  • Pangolin server deployment with health checks and resource limits
  • Gerbil + Traefik deployment using a sidecar pattern (matching the docker-compose architecture where traefik shares gerbil's network namespace)
  • Persistent storage for configuration and data
  • LoadBalancer service for external access (WireGuard ports + HTTP/HTTPS)
  • Comprehensive documentation with deployment guides and troubleshooting tips

Architecture

The deployment follows the docker-compose structure:

  1. Pangolin - Main application server (port 3001)
  2. Gerbil + Traefik - Combined pod with sidecar pattern:
    • Gerbil: WireGuard VPN tunnel (ports 51820, 21820 UDP)
    • Traefik: Reverse proxy (ports 80, 443 TCP)
    • Shares network namespace like in docker-compose

Key Features

  • Uses official images: fosrl/pangolin:latest, fosrl/gerbil:latest, traefik:v3.6
  • Proper capability management (NET_ADMIN, SYS_MODULE for Gerbil)
  • Health checks and readiness probes
  • Configurable resource limits
  • Single PVC for all config data (can be separated for production)
  • Kustomize-ready structure with base layer

How to test?

Prerequisites

  • Kubernetes cluster (1.24+)
  • kubectl configured
  • Persistent volume provisioner
  • LoadBalancer support (or use NodePort/Ingress)

Quick Test

  1. Create namespace and deploy:

    kubectl apply -k kustomize/base

  2. Verify deployment:

    kubectl get all -n pangolin
kubectl logs -n pangolin -l app.kubernetes.io/name=pangolin

  3. Check pod status:

    kubectl get pods -n pangolin

    Expected output:

    NAME                       READY   STATUS    RESTARTS   AGE
pangolin-xxx-xxx          1/1     Running   0          1m
gerbil-xxx-xxx            2/2     Running   0          1m

  4. Verify services:

    kubectl get svc -n pangolin

    Expected services:

    • pangolin (ClusterIP on port 3001)
    • gerbil (LoadBalancer with ports 80, 443, 51820, 21820)

Configuration Testing

Before production use, you'll need to:

  1. Create a config.yml based on config/config.example.yml
  2. Set up Traefik configuration in config/traefik/
  3. Configure database (SQLite or external PostgreSQL)

See kustomize/README.md for detailed configuration instructions.

Validation

All YAML files have been validated for syntax:

# Validate YAML syntax
python3 -c "import yaml; list(yaml.safe_load_all(open('kustomize/base/pangolin-deployment.yaml')))"

# List resources
find kustomize -type f

Files Changed

kustomize/README.md                     | 294 ++++++++++++++++++++++++++++++++
kustomize/base/gerbil-deployment.yaml   | 118 +++++++++++++
kustomize/base/kustomization.yaml       |  11 ++
kustomize/base/namespace.yaml           |   7 +
kustomize/base/pangolin-deployment.yaml |  96 +++++++++++
5 files changed, 526 insertions(+)

Production Considerations

This is an initial implementation suitable for testing and development. For production:

  • Use separate PVCs for different components
  • Configure external PostgreSQL database
  • Implement proper RBAC and network policies
  • Add monitoring with Prometheus ServiceMonitor
  • Use GitOps tools (ArgoCD, Flux) for deployment

See the comprehensive README in kustomize/README.md for production best practices.

*Originally created by @Br1an67 on 3/7/2026* Fixes #921 ## Community Contribution License Agreement By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. ## Description This PR adds Kubernetes deployment manifests using kustomize, enabling users to deploy Pangolin on Kubernetes clusters. This addresses the community request for Kubernetes support as discussed in #921. The implementation includes: - **Pangolin server deployment** with health checks and resource limits - **Gerbil + Traefik deployment** using a sidecar pattern (matching the docker-compose architecture where traefik shares gerbil's network namespace) - **Persistent storage** for configuration and data - **LoadBalancer service** for external access (WireGuard ports + HTTP/HTTPS) - **Comprehensive documentation** with deployment guides and troubleshooting tips ### Architecture The deployment follows the docker-compose structure: 1. **Pangolin** - Main application server (port 3001) 2. **Gerbil + Traefik** - Combined pod with sidecar pattern: - Gerbil: WireGuard VPN tunnel (ports 51820, 21820 UDP) - Traefik: Reverse proxy (ports 80, 443 TCP) - Shares network namespace like in docker-compose ### Key Features - Uses official images: `fosrl/pangolin:latest`, `fosrl/gerbil:latest`, `traefik:v3.6` - Proper capability management (NET_ADMIN, SYS_MODULE for Gerbil) - Health checks and readiness probes - Configurable resource limits - Single PVC for all config data (can be separated for production) - Kustomize-ready structure with base layer ## How to test? ### Prerequisites - Kubernetes cluster (1.24+) - kubectl configured - Persistent volume provisioner - LoadBalancer support (or use NodePort/Ingress) ### Quick Test 1. **Create namespace and deploy**: ```bash kubectl apply -k kustomize/base ``` 2. **Verify deployment**: ```bash kubectl get all -n pangolin kubectl logs -n pangolin -l app.kubernetes.io/name=pangolin ``` 3. **Check pod status**: ```bash kubectl get pods -n pangolin ``` Expected output: ``` NAME READY STATUS RESTARTS AGE pangolin-xxx-xxx 1/1 Running 0 1m gerbil-xxx-xxx 2/2 Running 0 1m ``` 4. **Verify services**: ```bash kubectl get svc -n pangolin ``` Expected services: - `pangolin` (ClusterIP on port 3001) - `gerbil` (LoadBalancer with ports 80, 443, 51820, 21820) ### Configuration Testing Before production use, you'll need to: 1. Create a config.yml based on `config/config.example.yml` 2. Set up Traefik configuration in `config/traefik/` 3. Configure database (SQLite or external PostgreSQL) See `kustomize/README.md` for detailed configuration instructions. ### Validation All YAML files have been validated for syntax: ```bash # Validate YAML syntax python3 -c "import yaml; list(yaml.safe_load_all(open('kustomize/base/pangolin-deployment.yaml')))" # List resources find kustomize -type f ``` ## Files Changed ``` kustomize/README.md | 294 ++++++++++++++++++++++++++++++++ kustomize/base/gerbil-deployment.yaml | 118 +++++++++++++ kustomize/base/kustomization.yaml | 11 ++ kustomize/base/namespace.yaml | 7 + kustomize/base/pangolin-deployment.yaml | 96 +++++++++++ 5 files changed, 526 insertions(+) ``` ## Production Considerations This is an initial implementation suitable for testing and development. For production: - Use separate PVCs for different components - Configure external PostgreSQL database - Implement proper RBAC and network policies - Add monitoring with Prometheus ServiceMonitor - Use GitOps tools (ArgoCD, Flux) for deployment See the comprehensive README in `kustomize/README.md` for production best practices.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Improvement
Improvement
Improvement
Improvement
Look Into
Security
Security
api
api
authentication
authentication
authentication
authentication
authentication
authentication
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
config
config
config
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
docker
docker
docker
docker
docker
documentation
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
enhancement
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
github_actions
go
go
go
go
go
go
go
go
go
go
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
good first issue
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
help wanted
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
javascript
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
needs investigating
networking
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
new feature
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
non-critical bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
potential bug
question
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
reverse proxy
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
stale
ui
ui
ui
ui
ui
ui
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
MrUnknownDE
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/pangolin#144
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?