commit 4d2784df122176cb62ba24b7b492749b54a81a71
author Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Thu Jun 01 14:27:32 2023 +0400
committer Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Thu Jun 01 14:27:32 2023 +0400
tree a4eede35ea9dd3c0bb9138dd79465d8cba6b80bb
parent e390a14fcff1f90ce9cbfe0b8808e51da6955ebd

headscale ingress-private

core/installer/values-tmpl/ingress-private.yaml

diff --git a/core/installer/values-tmpl/ingress-private.yaml b/core/installer/values-tmpl/ingress-private.yaml
index 760ff96..a0e4246 100644
--- a/core/installer/values-tmpl/ingress-private.yaml
+++ b/core/installer/values-tmpl/ingress-private.yaml
@@ -2,7 +2,7 @@
 kind: HelmRelease
 metadata:
   name: ingress-private
-  namespace: {{ .Values.NamespacePrefix }}ingress-private
+  namespace: {{ .Global.NamespacePrefix }}ingress-private
 spec:
   chart:
     spec:
@@ -10,58 +10,31 @@
       sourceRef:
         kind: GitRepository
         name: pcloud
-        namespace: {{ .Values.Id }}
+        namespace: {{ .Global.Id }}
   interval: 1m0s
   values:
-    fullnameOverride: {{ .Values.Id }}-nginx-private
+    fullnameOverride: {{ .Global.Id }}-nginx-private
     controller:
       service:
         enabled: true
         type: ClusterIP
       ingressClassByName: true
       ingressClassResource:
-        name: {{ .Values.Id }}-ingress-private
+        name: {{ .Global.Id }}-ingress-private
         enabled: true
         default: false
-        controllerValue: k8s.io/{{ .Values.Id }}-ingress-private
+        controllerValue: k8s.io/{{ .Global.Id }}-ingress-private
       extraArgs:
-        default-ssl-certificate: "{{ .Values.Id }}-ingress-private/cert-wildcard.p.{{ .Values.Domain }}"
-      # extraVolumes:
-      # - name: lighthouse-cert
-      #   secret:
-      #     secretName: node-lighthouse-cert
-      # - name: config
-      #   configMap:
-      #     name: lighthouse-config
-      # extraContainers:
-      # - name: lighthouse
-      #   image: giolekva/nebula:latest
-      #   imagePullPolicy: IfNotPresent
-      #   securityContext:
-      #     privileged: true
-      #     capabilities:
-      #       add:
-      #       - NET_ADMIN
-      #   ports:
-      #   - name: nebula
-      #     containerPort: {{ .Values.LighthouseMainPort }}
-      #     protocol: UDP
-      #   command:
-      #   - nebula
-      #   - --config=/etc/nebula/config/lighthouse.yaml
-      #   volumeMounts:
-      #   - name: lighthouse-cert
-      #     mountPath: /etc/nebula/lighthouse
-      #   - name: config
-      #     mountPath: /etc/nebula/config
-      # config:
-      #   bind-address: {{ .Values.LighthouseMainIP }}
-      #   proxy-body-size: 0
-    # udp:
-    #   "53": "{{ .Values.NamespacePrefix }}app-pihole/pihole-dns-udp:53"
-    # tcp:
-    #   "53": "{{ .Values.NamespacePrefix }}app-pihole/pihole-dns-tcp:53"
-    #   "143": "{{ .Values.NamespacePrefix }}app-maddy/maddy:143"
-    #   "465": "{{ .Values.NamespacePrefix }}app-maddy/maddy:465"
-    #   "587": "{{ .Values.NamespacePrefix }}app-maddy/maddy:587"
-    #   "993": "{{ .Values.NamespacePrefix }}app-maddy/maddy:993"
+        default-ssl-certificate: "{{ .Global.Id }}-ingress-private/cert-wildcard.p.{{ .Global.Domain }}"
+      extraContainers:
+      - name: tailscale
+        image: tailscale/tailscale:v1.42.0
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          privileged: true
+          capabilities:
+            add:
+            - NET_ADMIN
+        env:
+        - name: TS_EXTRA_ARGS
+          value: --hostname={{ .Global.PCloudEnvName }}-ingress --login-server=headscale.{{ .Global.Domain }} # TODO(gio): take headscale subdomain from configuration