Installer: use helmfile for installing base & user services. For now only ingress with vpn mesh is covered
diff --git a/helmfile/base/helmfile.yaml b/helmfile/base/helmfile.yaml
new file mode 100644
index 0000000..d9da8e9
--- /dev/null
+++ b/helmfile/base/helmfile.yaml
@@ -0,0 +1,37 @@
+repositories:
+- name: ingress-nginx
+ url: https://kubernetes.github.io/ingress-nginx
+
+helmDefaults:
+ tillerless: true
+
+releases:
+- name: ingress-public
+ chart: ingress-nginx/ingress-nginx
+ version: 4.0.3
+ namespace: {{ .Values.id }}-ingress-public
+ createNamespace: true
+ values:
+ - fullnameOverride: {{ .Values.id }}-ingress-public
+ - controller:
+ service:
+ type: LoadBalancer
+ ingressClassByName: true
+ ingressClassResource:
+ name: {{ .Values.id }}-ingress-public
+ enabled: true
+ default: false
+ controllerValue: k8s.io/{{ .Values.id }}-ingress-public
+ config:
+ proxy-body-size: 100M
+ tcp:
+ - 25: {{ .Values.id }}-app-maddy/maddy:25
+ - 143: {{ .Values.id }}-app-maddy/maddy:143
+ - 993: {{ .Values.id }}-app-maddy/maddy:993
+ - 587: {{ .Values.id }}-app-maddy/maddy:587
+ - 465: {{ .Values.id }}-app-maddy/maddy:465
+
+environments:
+ shveli:
+ values:
+ - id: shveli
diff --git a/helmfile/users/helmfile.yaml b/helmfile/users/helmfile.yaml
new file mode 100644
index 0000000..8953746
--- /dev/null
+++ b/helmfile/users/helmfile.yaml
@@ -0,0 +1,76 @@
+repositories:
+- name: ingress-nginx
+ url: https://kubernetes.github.io/ingress-nginx
+
+helmDefaults:
+ tillerless: true
+
+releases:
+- name: vpn-mesh-config
+ chart: ../../charts/vpn-mesh-config
+ namespace: {{ .Values.id }}-ingress-private
+ createNamespace: true
+ values:
+ - certificateAuthority:
+ name: {{ .Values.id }}
+ secretName: ca-{{ .Values.id }}-cert
+ - lighthouse:
+ internalIP: 111.0.0.1
+ externalIP: 46.49.35.44
+ port: "4243"
+- name: ingress-private
+ chart: ingress-nginx/ingress-nginx
+ version: 4.0.3
+ namespace: {{ .Values.id }}-ingress-private
+ createNamespace: true
+ values:
+ - fullnameOverride: nginx
+ - controller:
+ service:
+ type: ClusterIP
+ ingressClassByName: true
+ ingressClassResource:
+ name: {{ .Values.id }}-ingress-private
+ enabled: true
+ default: false
+ controllerValue: k8s.io/{{ .Values.id }}-ingress-private
+ extraVolumes:
+ - name: lighthouse-cert
+ secret:
+ secretName: node-lighthouse-cert
+ - name: config
+ configMap:
+ name: lighthouse-config
+ extraContainers:
+ - name: lighthouse
+ image: giolekva/nebula:latest
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ privileged: true
+ capabilities:
+ add:
+ - NET_ADMIN
+ ports:
+ - name: nebula
+ containerPort: 4242
+ protocol: UDP
+ command:
+ - nebula
+ - --config=/etc/nebula/config/lighthouse.yaml
+ volumeMounts:
+ - name: lighthouse-cert
+ mountPath: /etc/nebula/lighthouse
+ - name: config
+ mountPath: /etc/nebula/config
+ config:
+ bind-address: 111.0.0.1
+ proxy-body-size: 0
+ udp:
+ - 53: {{ .Values.id }}-app-pihole/pihole-dns-udp:53
+ tcp:
+ - 53: {{ .Values.id }}-app-pihole/pihole-dns-tcp:53
+
+environments:
+ shveli:
+ values:
+ - id: shveli