installer: app value templates
diff --git a/core/installer/values-tmpl/core-auth-storage.yaml b/core/installer/values-tmpl/core-auth-storage.yaml
index 77aaa7e..9040b62 100644
--- a/core/installer/values-tmpl/core-auth-storage.yaml
+++ b/core/installer/values-tmpl/core-auth-storage.yaml
@@ -16,7 +16,7 @@
pcloudInstanceId: {{ .Global.Id }}
namespacePrefix: {{ .Global.NamespacePrefix }}
namespaces:
- - app-core-auth
+ - core-auth
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
diff --git a/core/installer/values-tmpl/ingress-private.jsonschema b/core/installer/values-tmpl/ingress-private.jsonschema
index 46ae9c3..f9556db 100644
--- a/core/installer/values-tmpl/ingress-private.jsonschema
+++ b/core/installer/values-tmpl/ingress-private.jsonschema
@@ -2,6 +2,7 @@
"type": "object",
"properties": {
"GandiAPIToken": { "type": "string" },
+ "ReservedIP": { "type": "string" },
},
"additionalProperties": false
}
diff --git a/core/installer/values-tmpl/ingress-private.yaml b/core/installer/values-tmpl/ingress-private.yaml
index 55405ac..5696f62 100644
--- a/core/installer/values-tmpl/ingress-private.yaml
+++ b/core/installer/values-tmpl/ingress-private.yaml
@@ -16,7 +16,7 @@
pcloudInstanceId: {{ .Global.Id }}
namespacePrefix: {{ .Global.NamespacePrefix }}
namespaces:
- - app-ingress-private
+ - ingress-private
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
@@ -63,7 +63,8 @@
controller:
service:
enabled: true
- type: ClusterIP
+ type: LoadBalancer
+ loadBalancerIP: {{ .Values.ReservedIP }}
ingressClassByName: true
ingressClassResource:
name: {{ .Global.Id }}-ingress-private
@@ -72,26 +73,3 @@
controllerValue: k8s.io/{{ .Global.Id }}-ingress-private
extraArgs:
default-ssl-certificate: "{{ .Global.Id }}-ingress-private/cert-wildcard.p.{{ .Global.Domain }}"
- extraVolumes:
- - name: tailscale
- persistentVolumeClaim:
- claimName: tailscale
- extraVolumeMounts:
- - name: tailscale
- mountPath: /tailscale-state
- extraContainers:
- - name: tailscale
- image: tailscale/tailscale:v1.42.0
- imagePullPolicy: IfNotPresent
- securityContext:
- privileged: true
- capabilities:
- add:
- - NET_ADMIN
- env:
- - name: TS_KUBE_SECRET
- value: ""
- - name: TS_STATE_DIR
- value: /tailscale-state
- - name: TS_EXTRA_ARGS
- value: --hostname={{ .Global.PCloudEnvName }}-ingress --login-server=headscale.{{ .Global.Domain }} # TODO(gio): take headscale subdomain from configuration
diff --git a/core/installer/values-tmpl/pihole.yaml b/core/installer/values-tmpl/pihole.yaml
index 16e7abf..51e3d97 100644
--- a/core/installer/values-tmpl/pihole.yaml
+++ b/core/installer/values-tmpl/pihole.yaml
@@ -24,7 +24,7 @@
name: pihole
namespace: {{ .Global.Id }}
spec:
- targetNamespace: {{ .Global.NamespacePrefix }}
+ targetNamespace: {{ .Global.NamespacePrefix }}app-pihole
dependsOn:
- name: namespaces-pihole
namespace: {{ .Global.Id }}
@@ -39,6 +39,7 @@
values:
domain: {{ .Values.Subdomain}}.{{ .Global.PrivateDomain }}
pihole:
+ fullnameOverride: pihole
image:
repository: "pihole/pihole"
tag: v5.8.1
@@ -67,12 +68,9 @@
cpu: "500m"
memory: "250M"
oauth2:
- clientId: pihole
- clientSecret: {{ .Values.PiholeOAuth2ClientSecret }}
- cookieSecret: {{ .Values.PiholeOAuth2CookieSecret }}
secretName: oauth2-secret
configName: oauth2-proxy
hydraAdmin: http://hydra-admin.{{ .Global.NamespacePrefix }}core-auth.svc
- hydraPublic: https://hydra.{{ .Global.Domain }}/
+ hydraPublic: https://hydra.{{ .Global.Domain }}
profileUrl: https://accounts-ui.{{ .Global.Domain }}
ingressClassName: {{ .Global.Id }}-ingress-private