commit b59b7c21e16cdbc0989787c075f1055a295e8235
author Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Wed Apr 03 22:17:50 2024 +0400
committer Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Mon Apr 08 20:28:51 2024 +0400
tree 1a5553a752dfece34e5fc2f9f3fe6701bef08e73
parent c0d2bf569807c5551c98ecc08f4602c17af73ae2

port-allocator: allocates ports on preconfigured ingress-nginx

Replacement of /core/installer/tcp-udp-transport

Change-Id: I3d116b0f4508b462398f69e980ad55771dc88b7c

core/installer/values-tmpl/gerrit.cue

diff --git a/core/installer/values-tmpl/gerrit.cue b/core/installer/values-tmpl/gerrit.cue
index cf0883f..70fda48 100644
--- a/core/installer/values-tmpl/gerrit.cue
+++ b/core/installer/values-tmpl/gerrit.cue
@@ -2,6 +2,7 @@
 	network: #Network
 	subdomain: string
 	key: #SSHKey
+	sshPort: int
 }
 
 _domain: "\(input.subdomain).\(input.network.domain)"
@@ -95,6 +96,15 @@
 _httpPort: 80
 _sshPort: 22
 
+portForward: [#PortForward & {
+	allocator: input.network.allocatePortAddr
+	sourcePort: input.sshPort
+	// TODO(gio): namespace part must be populated by app manager. Otherwise
+	// third-party app developer might point to a service from different namespace.
+	targetService: "\(release.namespace)/gerrit-gerrit-service"
+	targetPort: _sshPort
+}]
+
 helm: _ingressWithAuthProxy.out.helm & {
 	gerrit: {
 		chart: charts.gerrit
@@ -222,6 +232,7 @@
   gracefulStopTimeout = 1m
 [sshd]
   listenAddress = 0.0.0.0:29418
+  advertisedAddress = \(_domain):\(input.sshPort)
 [transfer]
   timeout = 120 s
 [user]

core/installer/values-tmpl/private-network.cue

diff --git a/core/installer/values-tmpl/private-network.cue b/core/installer/values-tmpl/private-network.cue
index 94c73a1..bc58a9f 100644
--- a/core/installer/values-tmpl/private-network.cue
+++ b/core/installer/values-tmpl/private-network.cue
@@ -1,9 +1,14 @@
+import (
+	"encoding/base64"
+)
+
 input: {
 	privateNetwork: {
 		hostname: string
 		username: string
 		ipSubnet: string // TODO(gio): use cidr type
 	}
+	sshPrivateKey: string
 }
 
 name: "private-network"
@@ -23,6 +28,12 @@
 		tag: "v1.42.0"
 		pullPolicy: "IfNotPresent"
 	}
+	portAllocator: {
+		repository: "giolekva"
+		name: "port-allocator"
+		tag: "latest"
+		pullPolicy: "Always"
+	}
 }
 
 charts: {
@@ -42,6 +53,14 @@
 			namespace: global.pcloudEnvName
 		}
 	}
+	portAllocator: {
+		chart: "charts/port-allocator"
+		sourceRef: {
+			kind: "GitRepository"
+			name: "pcloud"
+			namespace: global.id
+		}
+	}
 }
 
 helm: {
@@ -98,4 +117,17 @@
 			}
 		}
 	}
+	"port-allocator": {
+		chart: charts.portAllocator
+		values: {
+			repoAddr: release.repoAddr
+			sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
+			ingressNginxPath: "\(release.appDir)/ingress-nginx.yaml"
+			image: {
+				repository: images.portAllocator.fullName
+				tag: images.portAllocator.tag
+				pullPolicy: images.portAllocator.pullPolicy
+			}
+		}
+	}
 }