Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 050609f66431dba5a0f8bdc53bced2e10c96ff12^! / . / core / installer / values-tmpl / ingress-private.yaml
commit050609f66431dba5a0f8bdc53bced2e10c96ff12[log] [tgz]
authorgiolekva <giolekva@gmail.com>Wed Dec 29 15:51:40 2021 +0400
committergiolekva <giolekva@gmail.com>Wed Dec 29 15:51:40 2021 +0400
tree37732e563792d710be32f27f726ed928ccd95ade
parent08531a4f9f63ae422921a5543074c35754b7afe8 [diff] [blame]
installer cmd line tool

diff --git a/core/installer/values-tmpl/ingress-private.yaml b/core/installer/values-tmpl/ingress-private.yaml
new file mode 100644
index 0000000..29f0d98
--- /dev/null
+++ b/core/installer/values-tmpl/ingress-private.yaml

@@ -0,0 +1,71 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: ingress-private
+  namespace: {{ .Values.NamespacePrefix }}ingress-private
+spec:
+  chart:
+    spec:
+      chart: ingress-nginx
+      version: 4.0.3
+      sourceRef:
+        kind: HelmRepository
+        name: ingress-nginx
+        namespace: {{ .Values.Id }}
+  dependsOn:
+  - name: vpn-mesh-config
+    namespace: {{ .Values.NamespacePrefix }}ingress-private
+  interval: 1m0s
+  values:
+    fullnameOverride: {{ .Values.Id }}-nginx-private
+    controller:
+      service:
+        enabled: true
+        type: ClusterIP
+      ingressClassByName: true
+      ingressClassResource:
+        name: {{ .Values.Id }}-ingress-private
+        enabled: true
+        default: false
+        controllerValue: k8s.io/{{ .Values.Id }}-ingress-private
+      extraArgs:
+        default-ssl-certificate: "{{ .Values.Id }}-ingress-private/cert-wildcard.p.{{ .Values.Domain }}"
+      extraVolumes:
+      - name: lighthouse-cert
+        secret:
+          secretName: node-lighthouse-cert
+      - name: config
+        configMap:
+          name: lighthouse-config
+      extraContainers:
+      - name: lighthouse
+        image: giolekva/nebula:latest
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
+        ports:
+        - name: nebula
+          containerPort: {{ .Values.LighthouseMainPort }}
+          protocol: UDP
+        command:
+        - nebula
+        - --config=/etc/nebula/config/lighthouse.yaml
+        volumeMounts:
+        - name: lighthouse-cert
+          mountPath: /etc/nebula/lighthouse
+        - name: config
+          mountPath: /etc/nebula/config
+      config:
+        bind-address: {{ .Values.LighthouseMainIP }}
+        proxy-body-size: 0
+    udp:
+      "53": "{{ .Values.NamespacePrefix }}app-pihole/pihole-dns-udp:53"
+    tcp:
+      "53": "{{ .Values.NamespacePrefix }}app-pihole/pihole-dns-tcp:53"
+      "143": "{{ .Values.NamespacePrefix }}app-maddy/maddy:143"
+      "465": "{{ .Values.NamespacePrefix }}app-maddy/maddy:465"
+      "587": "{{ .Values.NamespacePrefix }}app-maddy/maddy:587"
+      "993": "{{ .Values.NamespacePrefix }}app-maddy/maddy:993"