Gitiles
Code Review Sign In
code.v1.dodo.cloud / helm-charts / c6d49dcff1884809f3e4b73887a60bf60027de51 / . / charts / proxy / templates / install.yaml
blob: b3b05ff03b62a8fff4934d2eb74b02e0effc79a4 [file] [log] [blame]
Sketch🕴️6fffda22025-08-01 07:05:23 +0400[diff] [blame]1apiVersion: v1
2kind: ConfigMap
3metadata:
4 name: {{ .Values.name }}
5 namespace: {{ .Release.Namespace }}
6data:
7 nginx.conf: |
Sketch🕴️55297d72025-08-01 07:35:39 +0400[diff] [blame]8 {{ .Values.config | nindent 4 }}
Sketch🕴️6fffda22025-08-01 07:05:23 +0400[diff] [blame]9---
Sketch🕴️0af70852025-08-01 12:24:44 +0400[diff] [blame]10{{- if .Values.vpn.enabled }}
11apiVersion: v1
12kind: Secret
13metadata:
14 name: {{ .Values.name }}-vpn-pre-auth-key
15 namespace: {{ .Release.Namespace }}
16stringData:
17 TS_AUTHKEY: {{ .Values.vpn.preAuthKey }}
18{{- end }}
19---
Sketch🕴️6fffda22025-08-01 07:05:23 +0400[diff] [blame]20apiVersion: apps/v1
21kind: Deployment
22metadata:
23 name: {{ .Values.name }}
24 namespace: {{ .Release.Namespace }}
25spec:
26 selector:
27 matchLabels:
28 app: proxy
29 replicas: 1
30 template:
31 metadata:
32 labels:
33 app: proxy
34 spec:
Sketch🕴️0af70852025-08-01 12:24:44 +0400[diff] [blame]35 serviceAccountName: {{ .Values.name }}-proxy
Sketch🕴️b65080b2025-08-01 12:30:18 +0400[diff] [blame]36 volumes:
37 - name: config
38 configMap:
39 name: {{ .Values.name }}
Sketch🕴️6fffda22025-08-01 07:05:23 +0400[diff] [blame]40 containers:
41 - name: proxy
42 image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
43 imagePullPolicy: {{ .Values.image.pullPolicy }}
44 ports:
45 {{- range .Values.ports }}
46 - name: {{ .name }}
47 containerPort: {{ .value }}
48 protocol: {{ .protocol }}
49 {{- end }}
50 volumeMounts:
51 - name: config
52 mountPath: /etc/nginx
Sketch🕴️0af70852025-08-01 12:24:44 +0400[diff] [blame]53 {{- if .Values.vpn.enabled }}
54 - name: tailscale
55 image: {{ .Values.vpn.image.repository }}:{{ .Values.vpn.image.tag }}
56 imagePullPolicy: {{ .Values.vpn.image.pullPolicy }}
57 securityContext:
58 privileged: true
59 capabilities:
60 add:
61 - NET_ADMIN
62 env:
63 - name: TS_KUBE_SECRET
64 value: {{ .Values.name }}-vpn-pre-auth-key
65 - name: TS_HOSTNAME
66 value: {{ .Values.vpn.hostname }}
67 - name: TS_EXTRA_ARGS
68 value: --login-server={{ .Values.vpn.loginServer }}
69 {{- end }}
Sketch🕴️6fffda22025-08-01 07:05:23 +0400[diff] [blame]70---
71apiVersion: v1
72kind: Service
73metadata:
74 name: {{ .Values.name }}
75 namespace: {{ .Release.Namespace }}
76spec:
77 type: ClusterIP
78 selector:
79 app: proxy
80 ports:
81 {{- range .Values.ports }}
82 - name: {{ .name }}
83 port: {{ .value }}
84 targetPort: {{ .name }}
85 protocol: {{ .protocol }}
86 {{- end }}
Sketch🕴️0af70852025-08-01 12:24:44 +0400[diff] [blame]87---
88apiVersion: v1
89kind: ServiceAccount
90metadata:
91 name: {{ .Values.name }}-proxy
92---
93apiVersion: rbac.authorization.k8s.io/v1
94kind: Role
95metadata:
96 name: {{ .Values.name }}-proxy
97 namespace: {{ .Release.Namespace }}
98rules:
99- apiGroups: [""] # "" indicates the core API group
100 resources: ["secrets"]
101 # Create can not be restricted to a resource name.
102 verbs: ["create"]
103- apiGroups: [""] # "" indicates the core API group
104 resourceNames: ["{{ .Values.name }}-vpn-pre-auth-key"]
105 resources: ["secrets"]
106 verbs: ["get", "update", "patch"]
107- apiGroups: [""] # "" indicates the core API group
108 resources: ["events"]
109 verbs: ["get", "create", "patch"]
110---
111apiVersion: rbac.authorization.k8s.io/v1
112kind: RoleBinding
113metadata:
114 name: {{ .Values.name }}-proxy
Sketch🕴️c6d49dc2025-08-01 13:01:38 +0400[diff] [blame^]115 namespace: {{ .Release.Namespace }}
Sketch🕴️0af70852025-08-01 12:24:44 +0400[diff] [blame]116subjects:
117- kind: ServiceAccount
118 name: {{ .Values.name }}-proxy
119roleRef:
120 kind: Role
121 name: {{ .Values.name }}-proxy
122 apiGroup: rbac.authorization.k8s.io