Installer: Make Private network optional
Change-Id: Ic7a2e5250a42dc03de2416b1e2a0d1bbca3f010c
diff --git a/core/installer/values-tmpl/appmanager.cue b/core/installer/values-tmpl/appmanager.cue
index 7ce72e2..fd162f1 100644
--- a/core/installer/values-tmpl/appmanager.cue
+++ b/core/installer/values-tmpl/appmanager.cue
@@ -3,9 +3,10 @@
)
input: {
- repoAddr: string
- sshPrivateKey: string
- authGroups: string
+ network: #Network @name(Network)
+ repoAddr: string @name(Repository Address)
+ sshPrivateKey: string @name(SSH Private Key)
+ authGroups: string @name(Allowed Groups)
}
name: "App Manager"
@@ -15,7 +16,7 @@
_subdomain: "apps"
_httpPortName: "http"
-_domain: "\(_subdomain).\(networks.private.domain)"
+_domain: "\(_subdomain).\(input.network.domain)"
url: "https://\(_domain)"
ingress: {
@@ -24,7 +25,7 @@
enabled: true
groups: input.authGroups
}
- network: networks.private
+ network: input.network
subdomain: _subdomain
service: {
name: "appmanager"
@@ -58,7 +59,7 @@
repoAddr: input.repoAddr
sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
ingress: {
- className: networks.private.ingressClass
+ className: input.network.ingressClass
domain: _domain
certificateIssuer: ""
}
diff --git a/core/installer/values-tmpl/cert-manager.cue b/core/installer/values-tmpl/cert-manager.cue
index 4b6154a..40f39c0 100644
--- a/core/installer/values-tmpl/cert-manager.cue
+++ b/core/installer/values-tmpl/cert-manager.cue
@@ -53,7 +53,7 @@
chart: charts.certManager
dependsOn: [{
name: "ingress-public"
- namespace: ingressPublic
+ namespace: "\(global.pcloudEnvName)-ingress-public"
}]
values: {
fullnameOverride: "\(global.pcloudEnvName)-cert-manager"
diff --git a/core/installer/values-tmpl/certificate-issuer-custom.cue b/core/installer/values-tmpl/certificate-issuer-custom.cue
index 382e8fa..2cc7ef7 100644
--- a/core/installer/values-tmpl/certificate-issuer-custom.cue
+++ b/core/installer/values-tmpl/certificate-issuer-custom.cue
@@ -12,7 +12,7 @@
icon: "<svg xmlns='http://www.w3.org/2000/svg' width='50' height='50' viewBox='0 0 48 48'><g fill='none' stroke='currentColor' stroke-linecap='round' stroke-linejoin='round' stroke-width='4'><path d='M4 34h8v8H4zM8 6h32v12H8zm16 28V18'/><path d='M8 34v-8h32v8m-4 0h8v8h-8zm-16 0h8v8h-8zm-6-22h2'/></g></svg>"
charts: {
- "certificate-issuer-public": {
+ "certificate-issuer": {
kind: "GitRepository"
address: "https://github.com/giolekva/pcloud.git"
branch: "main"
@@ -21,7 +21,7 @@
}
helm: {
- "certificate-issuer-public": {
+ "certificate-issuer": {
chart: charts["certificate-issuer-public"]
dependsOn: [{
name: "ingress-nginx"
@@ -31,10 +31,9 @@
issuer: {
name: input.name
server: "https://acme-v02.api.letsencrypt.org/directory"
- // server: "https://acme-staging-v02.api.letsencrypt.org/directory"
domain: input.domain
contactEmail: global.contactEmail
- ingressClass: ingressPublic
+ ingressClass: networks.public.ingressClass
}
}
}
diff --git a/core/installer/values-tmpl/certificate-issuer-private.cue b/core/installer/values-tmpl/certificate-issuer-private.cue
index eef76d3..4707fa1 100644
--- a/core/installer/values-tmpl/certificate-issuer-private.cue
+++ b/core/installer/values-tmpl/certificate-issuer-private.cue
@@ -23,9 +23,8 @@
}]
values: {
issuer: {
- name: issuerPrivate
+ name: "\(global.id)-private"
server: "https://acme-v02.api.letsencrypt.org/directory"
- // server: "https://acme-staging-v02.api.letsencrypt.org/directory"
domain: global.privateDomain
contactEmail: global.contactEmail
}
diff --git a/core/installer/values-tmpl/certificate-issuer-public.cue b/core/installer/values-tmpl/certificate-issuer-public.cue
index 35242bf..725c3b2 100644
--- a/core/installer/values-tmpl/certificate-issuer-public.cue
+++ b/core/installer/values-tmpl/certificate-issuer-public.cue
@@ -1,4 +1,6 @@
-input: {}
+input: {
+ network: #Network
+}
images: {}
@@ -23,12 +25,11 @@
}]
values: {
issuer: {
- name: issuerPublic
+ name: input.network.certificateIssuer
server: "https://acme-v02.api.letsencrypt.org/directory"
- // server: "https://acme-staging-v02.api.letsencrypt.org/directory"
- domain: global.domain
+ domain: input.network.domain
contactEmail: global.contactEmail
- ingressClass: ingressPublic
+ ingressClass: input.network.ingressClass
}
}
}
diff --git a/core/installer/values-tmpl/core-auth.cue b/core/installer/values-tmpl/core-auth.cue
index e2f05c4..9f6157a 100644
--- a/core/installer/values-tmpl/core-auth.cue
+++ b/core/installer/values-tmpl/core-auth.cue
@@ -1,4 +1,5 @@
input: {
+ network: #Network
subdomain: string
}
@@ -154,39 +155,24 @@
}
}
ingress: {
- admin: {
- enabled: true
- className: ingressPrivate
- hosts: [{
- host: "kratos.\(global.privateDomain)"
- paths: [{
- path: "/"
- pathType: "Prefix"
- }]
- }]
- tls: [{
- hosts: [
- "kratos.\(global.privateDomain)"
- ]
- }]
- }
+ admin: enabled: false
public: {
enabled: true
- className: ingressPublic
+ className: input.network.ingressClass
annotations: {
"acme.cert-manager.io/http01-edit-in-place": "true"
- "cert-manager.io/cluster-issuer": issuerPublic
+ "cert-manager.io/cluster-issuer": input.network.certificateIssuer
}
hosts: [{
- host: "accounts.\(global.domain)"
+ host: "accounts.\(input.network.domain)"
paths: [{
path: "/"
pathType: "Prefix"
}]
}]
tls: [{
- hosts: ["accounts.\(global.domain)"]
- secretName: "cert-accounts.\(global.domain)"
+ hosts: ["accounts.\(input.network.domain)"]
+ secretName: "cert-accounts.\(input.network.domain)"
}]
}
}
@@ -206,25 +192,26 @@
dsn: "postgres://kratos:kratos@postgres.\(global.namespacePrefix)core-auth.svc:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4"
serve: {
public: {
- base_url: "https://accounts.\(global.domain)"
+ base_url: "https://accounts.\(input.network.domain)"
cors: {
enabled: true
debug: false
allow_credentials: true
allowed_origins: [
- "https://\(global.domain)",
- "https://*.\(global.domain)",
+ "https://\(input.network.domain)",
+ "https://*.\(input.network.domain)",
]
}
}
admin: {
- base_url: "https://kratos.\(global.privateDomain)/"
+ base_url: "https://kratos-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
}
}
selfservice: {
- default_browser_return_url: "https://accounts-ui.\(global.domain)"
+ default_browser_return_url: "https://accounts-ui.\(input.network.domain)"
allowed_return_urls: [
- "https://*.\(global.domain)/",
+ "https://*.\(input.network.domain)/",
+ // TODO(gio): replace with input.network.privateSubdomain
"https://*.\(global.privateDomain)",
]
methods: {
@@ -234,10 +221,10 @@
}
flows: {
error: {
- ui_url: "https://accounts-ui.\(global.domain)/error"
+ ui_url: "https://accounts-ui.\(input.network.domain)/error"
}
settings: {
- ui_url: "https://accounts-ui.\(global.domain)/settings"
+ ui_url: "https://accounts-ui.\(input.network.domain)/settings"
privileged_session_max_age: "15m"
}
recovery: {
@@ -248,27 +235,27 @@
}
logout: {
after: {
- default_browser_return_url: "https://accounts-ui.\(global.domain)/login"
+ default_browser_return_url: "https://accounts-ui.\(input.network.domain)/login"
}
}
login: {
- ui_url: "https://accounts-ui.\(global.domain)/login"
+ ui_url: "https://accounts-ui.\(input.network.domain)/login"
lifespan: "10m"
after: {
password: {
- default_browser_return_url: "https://accounts-ui.\(global.domain)/"
+ default_browser_return_url: "https://accounts-ui.\(input.network.domain)/"
}
}
}
registration: {
lifespan: "10m"
- ui_url: "https://accounts-ui.\(global.domain)/register"
+ ui_url: "https://accounts-ui.\(input.network.domain)/register"
after: {
password: {
hooks: [{
hook: "session"
}]
- default_browser_return_url: "https://accounts-ui.\(global.domain)/"
+ default_browser_return_url: "https://accounts-ui.\(input.network.domain)/"
}
}
}
@@ -282,7 +269,7 @@
cookies: {
path: "/"
same_site: "None"
- domain: global.domain
+ domain: input.network.domain
}
secrets: {
cookie: ["PLEASE-CHANGE-ME-I-AM-VERY-INSECURE"]
@@ -305,7 +292,7 @@
}
courier: {
smtp: {
- connection_uri: "smtps://test-z1VmkYfYPjgdPRgPFgmeZ31esT9rUgS%40\(global.domain):iW%213Kk%5EPPLFrZa%24%21bbpTPN9Wv3b8mvwS6ZJvMLtce%23A2%2A4MotD@mx1.\(global.domain)"
+ connection_uri: "smtps://test-z1VmkYfYPjgdPRgPFgmeZ31esT9rUgS%40\(input.network.domain):iW%213Kk%5EPPLFrZa%24%21bbpTPN9Wv3b8mvwS6ZJvMLtce%23A2%2A4MotD@mx1.\(input.network.domain)"
}
}
}
@@ -336,37 +323,24 @@
}
}
ingress: {
- admin: {
- enabled: true
- className: ingressPrivate
- hosts: [{
- host: "hydra.\(global.privateDomain)"
- paths: [{
- path: "/"
- pathType: "Prefix"
- }]
- }]
- tls: [{
- hosts: ["hydra.\(global.privateDomain)"]
- }]
- }
+ admin: enabled: false
public: {
enabled: true
- className: ingressPublic
+ className: input.network.ingressClass
annotations: {
"acme.cert-manager.io/http01-edit-in-place": "true"
- "cert-manager.io/cluster-issuer": issuerPublic
+ "cert-manager.io/cluster-issuer": input.network.certificateIssuer
}
hosts: [{
- host: "hydra.\(global.domain)"
+ host: "hydra.\(input.network.domain)"
paths: [{
path: "/"
pathType: "Prefix"
}]
}]
tls: [{
- hosts: ["hydra.\(global.domain)"]
- secretName: "cert-hydra.\(global.domain)"
+ hosts: ["hydra.\(input.network.domain)"]
+ secretName: "cert-hydra.\(input.network.domain)"
}]
}
}
@@ -393,15 +367,15 @@
debug: false
allow_credentials: true
allowed_origins: [
- "https://\(global.domain)",
- "https://*.\(global.domain)"
+ "https://\(input.network.domain)",
+ "https://*.\(input.network.domain)"
]
}
}
admin: {
cors: {
allowed_origins: [
- "https://hydra.\(global.privateDomain)"
+ "https://hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
]
}
tls: {
@@ -422,12 +396,12 @@
}
urls: {
self: {
- public: "https://hydra.\(global.domain)"
- issuer: "https://hydra.\(global.domain)"
+ public: "https://hydra.\(input.network.domain)"
+ issuer: "https://hydra.\(input.network.domain)"
}
- consent: "https://accounts-ui.\(global.domain)/consent"
- login: "https://accounts-ui.\(global.domain)/login"
- logout: "https://accounts-ui.\(global.domain)/logout"
+ consent: "https://accounts-ui.\(input.network.domain)/consent"
+ login: "https://accounts-ui.\(input.network.domain)/login"
+ logout: "https://accounts-ui.\(input.network.domain)/logout"
}
secrets: {
system: ["youReallyNeedToChangeThis"]
@@ -451,10 +425,9 @@
}
}
ui: {
- certificateIssuer: issuerPublic
- ingressClassName: ingressPublic
- domain: global.domain
- internalDomain: global.privateDomain
+ certificateIssuer: input.network.certificateIssuer
+ ingressClassName: input.network.ingressClass
+ domain: input.network.domain
hydra: "hydra-admin.\(global.namespacePrefix)core-auth.svc.cluster.local"
enableRegistration: false
image: {
diff --git a/core/installer/values-tmpl/env-dns.cue b/core/installer/values-tmpl/env-dns.cue
index 99941be..13cc217 100644
--- a/core/installer/values-tmpl/env-dns.cue
+++ b/core/installer/values-tmpl/env-dns.cue
@@ -154,7 +154,7 @@
}
config: "coredns.conf"
db: "records.db"
- zone: global.domain
+ zone: networks.public.domain
publicIP: strings.Join(global.publicIP, ",")
privateIP: global.network.ingress
nameserverIP: strings.Join(global.nameserverIP, ",")
diff --git a/core/installer/values-tmpl/gerrit.cue b/core/installer/values-tmpl/gerrit.cue
index a18cc10..e7925a8 100644
--- a/core/installer/values-tmpl/gerrit.cue
+++ b/core/installer/values-tmpl/gerrit.cue
@@ -157,7 +157,7 @@
userNameToLowerCase = true
userNameCaseInsensitive = true
[plugin "gerrit-oauth-provider-pcloud-oauth"]
- root-url = https://hydra.\(global.domain)
+ root-url = https://hydra.\(networks.public.domain)
client-id = "{{ .client_id }}"
client-secret = "{{ .client_secret }}"
link-to-existing-openid-accounts = true
@@ -182,7 +182,7 @@
timeout = 120 s
[user]
name = Gerrit Code Review
- email = gerrit@\(global.domain)
+ email = gerrit@\(networks.public.domain)
anonymousCoward = Unnamed User
[cache]
directory = cache
diff --git a/core/installer/values-tmpl/headscale.cue b/core/installer/values-tmpl/headscale.cue
index 726acd8..6dd5609 100644
--- a/core/installer/values-tmpl/headscale.cue
+++ b/core/installer/values-tmpl/headscale.cue
@@ -1,4 +1,5 @@
input: {
+ network: #Network
subdomain: string
ipSubnet: string
}
@@ -37,7 +38,7 @@
}
}
-_domain: "\(input.subdomain).\(global.domain)"
+_domain: "\(input.subdomain).\(input.network.domain)"
_oauth2ClientSecretName: "oauth2-client"
helm: {
@@ -71,14 +72,14 @@
pullPolicy: images.headscale.pullPolicy
}
storage: size: "5Gi"
- ingressClassName: ingressPublic
- certificateIssuer: issuerPublic
+ ingressClassName: input.network.ingressClass
+ certificateIssuer: input.network.certificateIssuer
domain: _domain
- publicBaseDomain: global.domain
+ publicBaseDomain: input.network.domain
ipAddressPool: "\(global.id)-headscale"
oauth2: {
secretName: _oauth2ClientSecretName
- issuer: "https://hydra.\(global.domain)"
+ issuer: "https://hydra.\(input.network.domain)"
}
api: {
port: 8585
@@ -108,10 +109,10 @@
contents: "After installing the client application you need to configure it to use https://\(_domain) as a login URL, so you can login to the VPN network with your dodo: account"
children: [{
title: "macOS"
- contents: "[https://headscale.\(global.domain)/apple](https://headscale.\(global.domain)/apple)"
+ contents: "[https://headscale.\(input.network.domain)/apple](https://headscale.\(input.network.domain)/apple)"
}, {
title: "iOS"
- contents: "[https://headscale.\(global.domain)/apple](https://headscale.\(global.domain)/apple)"
+ contents: "[https://headscale.\(input.network.domain)/apple](https://headscale.\(input.network.domain)/apple)"
}, {
title: "Windows"
contents: "[https://tailscale.com/kb/1318/windows-mdm](https://tailscale.com/kb/1318/windows-mdm)"
diff --git a/core/installer/values-tmpl/ingress-public.cue b/core/installer/values-tmpl/ingress-public.cue
index f0827e5..619f15a 100644
--- a/core/installer/values-tmpl/ingress-public.cue
+++ b/core/installer/values-tmpl/ingress-public.cue
@@ -44,7 +44,7 @@
"ingress-public": {
chart: charts.ingressNginx
values: {
- fullnameOverride: ingressPublic
+ fullnameOverride: "\(global.pcloudEnvName)-ingress-public"
controller: {
kind: "DaemonSet"
hostNetwork: true
@@ -52,10 +52,10 @@
service: enabled: false
ingressClassByName: true
ingressClassResource: {
- name: ingressPublic
+ name: networks.public.ingressClass
enabled: true
default: false
- controllerValue: "k8s.io/\(ingressPublic)"
+ controllerValue: "k8s.io/\(networks.public.ingressClass)"
}
config: {
"proxy-body-size": "200M" // TODO(giolekva): configurable
diff --git a/core/installer/values-tmpl/jenkins.cue b/core/installer/values-tmpl/jenkins.cue
index 0202f4e..74f3ebf 100644
--- a/core/installer/values-tmpl/jenkins.cue
+++ b/core/installer/values-tmpl/jenkins.cue
@@ -17,7 +17,7 @@
ingress: {
jenkins: {
auth: enabled: false
- network: networks.private
+ network: input.network
subdomain: input.subdomain
service: {
name: "jenkins"
@@ -108,7 +108,7 @@
oic:
clientId: "${\(_oauth2ClientCredentials)-\(_oauth2ClientId)}"
clientSecret: "${\(_oauth2ClientCredentials)-\(_oauth2ClientSecret)}"
- wellKnownOpenIDConfigurationUrl: "https://hydra.\(global.domain)/.well-known/openid-configuration"
+ wellKnownOpenIDConfigurationUrl: "https://hydra.\(networks.public.domain)/.well-known/openid-configuration"
userNameField: "email"
"""
}
diff --git a/core/installer/values-tmpl/launcher.cue b/core/installer/values-tmpl/launcher.cue
index 12e2246..bbd5f1a 100644
--- a/core/installer/values-tmpl/launcher.cue
+++ b/core/installer/values-tmpl/launcher.cue
@@ -3,12 +3,13 @@
)
input: {
+ network: #Network
repoAddr: string
sshPrivateKey: string
}
_subdomain: "launcher"
-_domain: "\(_subdomain).\(networks.public.domain)"
+_domain: "\(_subdomain).\(input.network.domain)"
name: "Launcher"
namespace: "launcher"
@@ -21,7 +22,7 @@
ingress: {
launcher: {
auth: enabled: true
- network: networks.public
+ network: input.network
subdomain: _subdomain
service: {
name: "launcher"
@@ -60,7 +61,7 @@
portName: _httpPortName
repoAddr: input.repoAddr
sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
- logoutUrl: "https://accounts-ui.\(global.domain)/logout"
+ logoutUrl: "https://accounts-ui.\(networks.public.domain)/logout"
repoAddr: input.repoAddr
sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
}
diff --git a/core/installer/values-tmpl/matrix.cue b/core/installer/values-tmpl/matrix.cue
index 348d190..36971b3 100644
--- a/core/installer/values-tmpl/matrix.cue
+++ b/core/installer/values-tmpl/matrix.cue
@@ -71,11 +71,11 @@
chart: charts.matrix
info: "Installing Synapse server"
values: {
- domain: global.domain
+ domain: input.network.domain
subdomain: input.subdomain
oauth2: {
secretName: "oauth2-client"
- issuer: "https://hydra.\(global.domain)"
+ issuer: "https://hydra.\(input.network.domain)"
}
postgresql: {
host: "postgres"
@@ -84,8 +84,8 @@
user: "matrix"
password: "matrix"
}
- certificateIssuer: issuerPublic
- ingressClassName: ingressPublic
+ certificateIssuer: input.network.certificateIssuer
+ ingressClassName: input.network.ingressClass
configMerge: {
configName: "config-to-merge"
fileName: "to-merge.yaml"
diff --git a/core/installer/values-tmpl/memberships.cue b/core/installer/values-tmpl/memberships.cue
index 9bf9b57..0f2a039 100644
--- a/core/installer/values-tmpl/memberships.cue
+++ b/core/installer/values-tmpl/memberships.cue
@@ -1,9 +1,10 @@
input: {
- authGroups: string
+ network: #Network @name(Network)
+ authGroups: string @name(Allowed Groups)
}
_subdomain: "memberships"
-_domain: "\(_subdomain).\(global.privateDomain)"
+_domain: "\(_subdomain).\(input.network.domain)"
url: "https://\(_domain)"
name: "Memberships"
@@ -20,7 +21,7 @@
enabled: true
groups: input.authGroups
}
- network: networks.private
+ network: input.network
subdomain: _subdomain
service: {
name: "memberships"
diff --git a/core/installer/values-tmpl/open-project.cue b/core/installer/values-tmpl/open-project.cue
index 8c2da74..1badd08 100644
--- a/core/installer/values-tmpl/open-project.cue
+++ b/core/installer/values-tmpl/open-project.cue
@@ -92,7 +92,7 @@
password: "admin"
password_reset: false
name: "admin"
- mail: "op-admin@\(global.domain)"
+ mail: "op-admin@\(networks.public.domain)"
}
}
persistence: {
diff --git a/core/installer/values-tmpl/penpot.cue b/core/installer/values-tmpl/penpot.cue
index cad8227..82caba7 100644
--- a/core/installer/values-tmpl/penpot.cue
+++ b/core/installer/values-tmpl/penpot.cue
@@ -144,7 +144,7 @@
providers: {
oidc: {
enabled: true
- baseURI: "https://hydra.\(global.domain)"
+ baseURI: "https://hydra.\(networks.public.domain)"
clientID: ""
clientSecret: ""
authURI: ""
diff --git a/core/installer/values-tmpl/private-network.cue b/core/installer/values-tmpl/private-network.cue
index fe78f32..0536b50 100644
--- a/core/installer/values-tmpl/private-network.cue
+++ b/core/installer/values-tmpl/private-network.cue
@@ -57,6 +57,8 @@
}
}
+_ingressPrivate: "\(global.id)-ingress-private"
+
helm: {
"ingress-nginx": {
chart: charts["ingress-nginx"]
@@ -67,15 +69,15 @@
enabled: true
type: "LoadBalancer"
annotations: {
- "metallb.universe.tf/address-pool": ingressPrivate
+ "metallb.universe.tf/address-pool": _ingressPrivate
}
}
ingressClassByName: true
ingressClassResource: {
- name: ingressPrivate
+ name: _ingressPrivate
enabled: true
default: false
- controllerValue: "k8s.io/\(ingressPrivate)"
+ controllerValue: "k8s.io/\(_ingressPrivate)"
}
config: {
"proxy-body-size": "200M" // TODO(giolekva): configurable
@@ -85,7 +87,7 @@
"""
}
extraArgs: {
- "default-ssl-certificate": "\(ingressPrivate)/cert-wildcard.\(global.privateDomain)"
+ "default-ssl-certificate": "\(_ingressPrivate)/cert-wildcard.\(global.privateDomain)"
}
admissionWebhooks: {
enabled: false
@@ -104,7 +106,7 @@
values: {
hostname: input.privateNetwork.hostname
apiServer: "http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local"
- loginServer: "https://headscale.\(global.domain)" // TODO(gio): take headscale subdomain from configuration
+ loginServer: "https://headscale.\(networks.public.domain)" // TODO(gio): take headscale subdomain from configuration
ipSubnet: input.privateNetwork.ipSubnet
username: input.privateNetwork.username // TODO(gio): maybe install headscale-user chart separately?
preAuthKeySecret: "headscale-preauth-key"
diff --git a/core/installer/values-tmpl/welcome.cue b/core/installer/values-tmpl/welcome.cue
index 2abd8b2..55f4e14 100644
--- a/core/installer/values-tmpl/welcome.cue
+++ b/core/installer/values-tmpl/welcome.cue
@@ -3,6 +3,7 @@
)
input: {
+ network: #Network
repoAddr: string
sshPrivateKey: string
}
@@ -35,12 +36,12 @@
repoAddr: input.repoAddr
sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
createAccountAddr: "http://api.\(global.namespacePrefix)core-auth.svc.cluster.local/identities"
- loginAddr: "https://launcher.\(global.domain)"
+ loginAddr: "https://launcher.\(networks.public.domain)"
membershipsInitAddr: "http://memberships-api.\(global.namespacePrefix)core-auth-memberships.svc.cluster.local/api/init"
ingress: {
- className: ingressPublic
- domain: "welcome.\(global.domain)"
- certificateIssuer: issuerPublic
+ className: input.network.ingressClass
+ domain: "welcome.\(input.network.domain)"
+ certificateIssuer: input.network.certificateIssuer
}
clusterRoleName: "\(global.id)-welcome"
image: {