core/installer/values-tmpl/ingress-private.yaml - pcloud - Gitiles

 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
   name: namespaces-ingress-private
   namespace: {{ .Global.Id }}
 spec:
   chart:
     spec:
       chart: charts/namespaces
       sourceRef:
         kind: GitRepository
         name: pcloud
         namespace: {{ .Global.Id }}
   interval: 1m0s
   values:
     pcloudInstanceId: {{ .Global.Id }}
     namespacePrefix: {{ .Global.NamespacePrefix }}
     namespaces:
     - app-ingress-private
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
   name: volumes-ingress-private
   namespace: {{ .Global.Id }}
 spec:
   targetNamespace: {{ .Global.NamespacePrefix }}ingress-private
   dependsOn:
     - name: namespaces-ingress-private
       namespace: {{ .Global.Id }}
   chart:
     spec:
       chart: charts/volumes
       sourceRef:
         kind: GitRepository
         name: pcloud
         namespace: {{ .Global.Id }}
   interval: 1m0s
   values:
     name: tailscale
     size: 1Gi
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
   name: ingress-private
   namespace: {{ .Global.Id }}
 spec:
   targetNamespace: {{ .Global.NamespacePrefix }}ingress-private
   dependsOn:
     - name: volumes-ingress-private
       namespace: {{ .Global.Id }}
   chart:
     spec:
       chart: charts/ingress-nginx
       sourceRef:
         kind: GitRepository
         name: pcloud
         namespace: {{ .Global.Id }}
   interval: 1m0s
   values:
     fullnameOverride: {{ .Global.Id }}-nginx-private
     controller:
       service:
         enabled: true
         type: ClusterIP
       ingressClassByName: true
       ingressClassResource:
         name: {{ .Global.Id }}-ingress-private
         enabled: true
         default: false
         controllerValue: k8s.io/{{ .Global.Id }}-ingress-private
       extraArgs:
         default-ssl-certificate: "{{ .Global.Id }}-ingress-private/cert-wildcard.p.{{ .Global.Domain }}"
       extraVolumes:
       - name: tailscale
         persistentVolumeClaim:
           claimName: tailscale
       extraVolumeMounts:
       - name: tailscale
         mountPath: /tailscale-state
       extraContainers:
       - name: tailscale
         image: tailscale/tailscale:v1.42.0
         imagePullPolicy: IfNotPresent
         securityContext:
           privileged: true
           capabilities:
             add:
             - NET_ADMIN
         env:
         - name: TS_KUBE_SECRET
           value: ""
         - name: TS_STATE_DIR
           value: /tailscale-state
         - name: TS_EXTRA_ARGS
           value: --hostname={{ .Global.PCloudEnvName }}-ingress --login-server=headscale.{{ .Global.Domain }} # TODO(gio): take headscale subdomain from configuration
	apiVersion: helm.toolkit.fluxcd.io/v2beta1
	kind: HelmRelease
	metadata:
	name: namespaces-ingress-private
	namespace: {{ .Global.Id }}
	spec:
	chart:
	spec:
	chart: charts/namespaces
	sourceRef:
	kind: GitRepository
	name: pcloud
	namespace: {{ .Global.Id }}
	interval: 1m0s
	values:
	pcloudInstanceId: {{ .Global.Id }}
	namespacePrefix: {{ .Global.NamespacePrefix }}
	namespaces:
	- app-ingress-private
	---
	apiVersion: helm.toolkit.fluxcd.io/v2beta1
	kind: HelmRelease
	metadata:
	name: volumes-ingress-private
	namespace: {{ .Global.Id }}
	spec:
	targetNamespace: {{ .Global.NamespacePrefix }}ingress-private
	dependsOn:
	- name: namespaces-ingress-private
	namespace: {{ .Global.Id }}
	chart:
	spec:
	chart: charts/volumes
	sourceRef:
	kind: GitRepository
	name: pcloud
	namespace: {{ .Global.Id }}
	interval: 1m0s
	values:
	name: tailscale
	size: 1Gi
	---
	apiVersion: helm.toolkit.fluxcd.io/v2beta1
	kind: HelmRelease
	metadata:
	name: ingress-private
	namespace: {{ .Global.Id }}
	spec:
	targetNamespace: {{ .Global.NamespacePrefix }}ingress-private
	dependsOn:
	- name: volumes-ingress-private
	namespace: {{ .Global.Id }}
	chart:
	spec:
	chart: charts/ingress-nginx
	sourceRef:
	kind: GitRepository
	name: pcloud
	namespace: {{ .Global.Id }}
	interval: 1m0s
	values:
	fullnameOverride: {{ .Global.Id }}-nginx-private
	controller:
	service:
	enabled: true
	type: ClusterIP
	ingressClassByName: true
	ingressClassResource:
	name: {{ .Global.Id }}-ingress-private
	enabled: true
	default: false
	controllerValue: k8s.io/{{ .Global.Id }}-ingress-private
	extraArgs:
	default-ssl-certificate: "{{ .Global.Id }}-ingress-private/cert-wildcard.p.{{ .Global.Domain }}"
	extraVolumes:
	- name: tailscale
	persistentVolumeClaim:
	claimName: tailscale
	extraVolumeMounts:
	- name: tailscale
	mountPath: /tailscale-state
	extraContainers:
	- name: tailscale
	image: tailscale/tailscale:v1.42.0
	imagePullPolicy: IfNotPresent
	securityContext:
	privileged: true
	capabilities:
	add:
	- NET_ADMIN
	env:
	- name: TS_KUBE_SECRET
	value: ""
	- name: TS_STATE_DIR
	value: /tailscale-state
	- name: TS_EXTRA_ARGS
	value: --hostname={{ .Global.PCloudEnvName }}-ingress --login-server=headscale.{{ .Global.Domain }} # TODO(gio): take headscale subdomain from configuration