AppManager: Format cue files
Change-Id: Ia37908797b0227ab3b66e0faab08dcc2379e5282
diff --git a/core/installer/values-tmpl/private-network.cue b/core/installer/values-tmpl/private-network.cue
index 1fcf783..c74480f 100644
--- a/core/installer/values-tmpl/private-network.cue
+++ b/core/installer/values-tmpl/private-network.cue
@@ -8,78 +8,78 @@
username: string
ipSubnet: string // TODO(gio): use cidr type
}
- sshPrivateKey: string
+ sshPrivateKey: string
controllerReplicaCount: int | *3
}
-name: "private-network"
+name: "private-network"
namespace: "ingress-private"
out: {
images: {
"ingress-nginx": {
- registry: "registry.k8s.io"
+ registry: "registry.k8s.io"
repository: "ingress-nginx"
- name: "controller"
- tag: "v1.8.0"
+ name: "controller"
+ tag: "v1.8.0"
pullPolicy: "IfNotPresent"
}
nginx: {
repository: "library"
- name: "nginx"
- tag: "1.27.1-alpine3.20-slim"
+ name: "nginx"
+ tag: "1.27.1-alpine3.20-slim"
pullPolicy: "IfNotPresent"
}
tailscale: {
repository: "tailscale"
- name: "tailscale"
- tag: "v1.82.0"
+ name: "tailscale"
+ tag: "v1.82.0"
pullPolicy: "IfNotPresent"
}
portAllocator: {
repository: "giolekva"
- name: "port-allocator"
- tag: "latest"
+ name: "port-allocator"
+ tag: "latest"
pullPolicy: "Always"
}
}
charts: {
"access-secrets": {
- kind: "GitRepository"
+ kind: "GitRepository"
address: "https://code.v1.dodo.cloud/helm-charts"
- branch: "main"
- path: "charts/access-secrets"
+ branch: "main"
+ path: "charts/access-secrets"
}
service: {
- kind: "GitRepository"
+ kind: "GitRepository"
address: "https://code.v1.dodo.cloud/helm-charts"
- branch: "main"
- path: "charts/service"
+ branch: "main"
+ path: "charts/service"
}
"ingress-nginx": {
- kind: "GitRepository"
+ kind: "GitRepository"
address: "https://code.v1.dodo.cloud/helm-charts"
- branch: "main"
- path: "charts/ingress-nginx"
+ branch: "main"
+ path: "charts/ingress-nginx"
}
"tailscale-proxy": {
- kind: "GitRepository"
+ kind: "GitRepository"
address: "https://code.v1.dodo.cloud/helm-charts"
- branch: "main"
- path: "charts/tailscale-proxy"
+ branch: "main"
+ path: "charts/tailscale-proxy"
}
portAllocator: {
- kind: "GitRepository"
+ kind: "GitRepository"
address: "https://code.v1.dodo.cloud/helm-charts"
- branch: "main"
- path: "charts/port-allocator"
+ branch: "main"
+ path: "charts/port-allocator"
}
headscaleUser: {
- kind: "GitRepository"
+ kind: "GitRepository"
address: "https://code.v1.dodo.cloud/helm-charts"
- branch: "main"
- path: "charts/headscale-user"
+ branch: "main"
+ path: "charts/headscale-user"
}
}
@@ -112,7 +112,7 @@
}
service: {
enabled: true
- type: "LoadBalancer"
+ type: "LoadBalancer"
annotations: {
"metallb.universe.tf/address-pool": _ingressPrivate
}
@@ -123,13 +123,13 @@
}
ingressClassByName: true
ingressClassResource: {
- name: _ingressPrivate
- enabled: true
- default: false
+ name: _ingressPrivate
+ enabled: true
+ default: false
controllerValue: "k8s.io/\(_ingressPrivate)"
}
config: {
- "proxy-body-size": "200M" // TODO(giolekva): configurable
+ "proxy-body-size": "200M" // TODO(giolekva): configurable
"force-ssl-redirect": "true"
"server-snippet": """
more_clear_headers "X-Frame-Options";
@@ -156,7 +156,7 @@
}]
shareProcessNamespace: true
extraContainers: [{
- name: "proxy"
+ name: "proxy"
image: images.tailscale.fullNameWithTag
securityContext: {
capabilities: {
@@ -165,7 +165,7 @@
privileged: true
}
env: [{
- name: "TS_STATE_DIR"
+ name: "TS_STATE_DIR"
value: "/ts-state"
}, {
name: "TS_HOSTNAME"
@@ -175,57 +175,57 @@
}
}
}, {
- name: "TS_EXTRA_ARGS"
+ name: "TS_EXTRA_ARGS"
value: "--login-server=https://headscale.\(global.domain)"
}, {
- name: "TS_USERSPACE"
+ name: "TS_USERSPACE"
value: "false"
}]
command: ["/bin/sh"]
args: [
"-c",
- "TS_AUTHKEY=$(wget --post-data=\"\" -O /tmp/authkey http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local/user/private-network-proxy/preauthkey > /dev/null 2>&1 && cat /tmp/authkey) /usr/local/bin/containerboot"
- ],
+ "TS_AUTHKEY=$(wget --post-data=\"\" -O /tmp/authkey http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local/user/private-network-proxy/preauthkey > /dev/null 2>&1 && cat /tmp/authkey) /usr/local/bin/containerboot",
+ ]
volumeMounts: [{
mountPath: "/ts-state"
- name: "ts-proxy-state"
- readOnly: false
+ name: "ts-proxy-state"
+ readOnly: false
}]
}, {
- name: "proxy-backend"
- image: images.nginx.fullNameWithTag
+ name: "proxy-backend"
+ image: images.nginx.fullNameWithTag
imagePullPolicy: images.nginx.pullPolicy
ports: [{
- name: "proxy"
+ name: "proxy"
containerPort: 9090
- protocol: "TCP"
+ protocol: "TCP"
}]
volumeMounts: [{
- name: _proxyBackendConfigName
+ name: _proxyBackendConfigName
mountPath: "/etc/nginx"
- readOnly: true
+ readOnly: true
}, {
- name: "proxy-backend-pid"
+ name: "proxy-backend-pid"
mountPath: "/var/run/nginx"
- readOnly: false
+ readOnly: false
}]
}, {
- name: "reload-config"
- image: "giolekva/reload:latest"
+ name: "reload-config"
+ image: "giolekva/reload:latest"
imagePullPolicy: "Always"
command: [
"/usr/bin/reload",
"--watch=/etc/nginx/nginx.conf",
"--reload=/var/run/nginx/nginx.pid",
- ]
+ ]
volumeMounts: [{
- name: "proxy-backend-config"
+ name: "proxy-backend-config"
mountPath: "/etc/nginx"
- readOnly: true
+ readOnly: true
}, {
- name: "proxy-backend-pid"
+ name: "proxy-backend-pid"
mountPath: "/var/run/nginx"
- readOnly: true
+ readOnly: true
}]
securityContext: {
capabilities: {
@@ -237,9 +237,9 @@
enabled: false
}
image: {
- registry: images["ingress-nginx"].registry
- image: images["ingress-nginx"].imageName
- tag: images["ingress-nginx"].tag
+ registry: images["ingress-nginx"].registry
+ image: images["ingress-nginx"].imageName
+ tag: images["ingress-nginx"].tag
pullPolicy: images["ingress-nginx"].pullPolicy
}
}
@@ -248,15 +248,15 @@
"tailscale-proxy": {
chart: charts["tailscale-proxy"]
values: {
- hostname: input.privateNetwork.hostname
- apiServer: "http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local"
- loginServer: "https://headscale.\(networks.public.domain)" // TODO(gio): take headscale subdomain from configuration
- ipSubnet: input.privateNetwork.ipSubnet
- username: input.privateNetwork.username // TODO(gio): maybe install headscale-user chart separately?
+ hostname: input.privateNetwork.hostname
+ apiServer: "http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local"
+ loginServer: "https://headscale.\(networks.public.domain)" // TODO(gio): take headscale subdomain from configuration
+ ipSubnet: input.privateNetwork.ipSubnet
+ username: input.privateNetwork.username // TODO(gio): maybe install headscale-user chart separately?
preAuthKeySecret: "headscale-preauth-key"
image: {
repository: images.tailscale.fullName
- tag: images.tailscale.tag
+ tag: images.tailscale.tag
pullPolicy: images.tailscale.pullPolicy
}
}
@@ -264,12 +264,12 @@
"port-allocator": {
chart: charts.portAllocator
values: {
- repoAddr: release.repoAddr
- sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
+ repoAddr: release.repoAddr
+ sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
ingressNginxPath: "\(release.appDir)/resources/ingress-nginx.yaml"
image: {
repository: images.portAllocator.fullName
- tag: images.portAllocator.tag
+ tag: images.portAllocator.tag
pullPolicy: images.portAllocator.pullPolicy
}
}
@@ -282,14 +282,14 @@
type: "ClusterIP"
selector: {
"app.kubernetes.io/component": "controller"
- "app.kubernetes.io/instance": "ingress-nginx"
- "app.kubernetes.io/name": "ingress-nginx"
+ "app.kubernetes.io/instance": "ingress-nginx"
+ "app.kubernetes.io/name": "ingress-nginx"
}
- ports:[{
- name: "http"
- port: 80
+ ports: [{
+ name: "http"
+ port: 80
targetPort: 9090
- protocol: "TCP"
+ protocol: "TCP"
}]
}
}
@@ -298,31 +298,31 @@
resources: {
"proxy-backend-config": {
apiVersion: "v1"
- kind: "ConfigMap"
+ kind: "ConfigMap"
metadata: {
- name: "proxy-backend-config"
+ name: "proxy-backend-config"
namespace: release.namespace
}
data: {
"nginx.conf": """
-worker_processes 1;
-worker_rlimit_nofile 8192;
-pid /var/run/nginx/nginx.pid;
-events {
- worker_connections 1024;
-}
-http {
- map $http_host $backend {
- }
- server {
- listen 9090;
- location / {
- resolver 135.181.48.180;
- proxy_pass http://$backend;
- }
- }
-}
-"""
+ worker_processes 1;
+ worker_rlimit_nofile 8192;
+ pid /var/run/nginx/nginx.pid;
+ events {
+ worker_connections 1024;
+ }
+ http {
+ map $http_host $backend {
+ }
+ server {
+ listen 9090;
+ location / {
+ resolver 135.181.48.180;
+ proxy_pass http://$backend;
+ }
+ }
+ }
+ """
}
}
}