| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 1 | input: { |
| 2 | privateNetwork: { |
| 3 | hostname: string |
| 4 | username: string |
| 5 | ipSubnet: string // TODO(gio): use cidr type |
| 6 | } |
| 7 | } |
| 8 | |
| Giorgi Lekveishvili | 03d6f4b | 2024-03-08 13:05:21 +0400 | [diff] [blame^] | 9 | name: "private-network" |
| Giorgi Lekveishvili | 08af67a | 2024-01-18 08:53:05 +0400 | [diff] [blame] | 10 | namespace: "ingress-private" |
| 11 | |
| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 12 | images: { |
| 13 | "ingress-nginx": { |
| 14 | registry: "registry.k8s.io" |
| 15 | repository: "ingress-nginx" |
| 16 | name: "controller" |
| 17 | tag: "v1.8.0" |
| 18 | pullPolicy: "IfNotPresent" |
| 19 | } |
| 20 | "tailscale-proxy": { |
| 21 | repository: "tailscale" |
| 22 | name: "tailscale" |
| 23 | tag: "v1.42.0" |
| 24 | pullPolicy: "IfNotPresent" |
| 25 | } |
| 26 | } |
| 27 | |
| 28 | charts: { |
| 29 | "ingress-nginx": { |
| 30 | chart: "charts/ingress-nginx" |
| 31 | sourceRef: { |
| 32 | kind: "GitRepository" |
| 33 | name: "pcloud" |
| 34 | namespace: global.pcloudEnvName |
| 35 | } |
| 36 | } |
| 37 | "tailscale-proxy": { |
| 38 | chart: "charts/tailscale-proxy" |
| 39 | sourceRef: { |
| 40 | kind: "GitRepository" |
| 41 | name: "pcloud" |
| 42 | namespace: global.pcloudEnvName |
| 43 | } |
| 44 | } |
| 45 | } |
| 46 | |
| 47 | helm: { |
| 48 | "ingress-nginx": { |
| 49 | chart: charts["ingress-nginx"] |
| 50 | values: { |
| 51 | fullnameOverride: "\(global.id)-nginx-private" |
| 52 | controller: { |
| 53 | service: { |
| 54 | enabled: true |
| 55 | type: "LoadBalancer" |
| 56 | annotations: { |
| 57 | "metallb.universe.tf/address-pool": _ingressPrivate |
| 58 | } |
| 59 | } |
| 60 | ingressClassByName: true |
| 61 | ingressClassResource: { |
| 62 | name: _ingressPrivate |
| 63 | enabled: true |
| 64 | default: false |
| 65 | controllerValue: "k8s.io/\(_ingressPrivate)" |
| 66 | } |
| 67 | extraArgs: { |
| 68 | "default-ssl-certificate": "\(_ingressPrivate)/cert-wildcard.\(global.privateDomain)" |
| 69 | } |
| 70 | admissionWebhooks: { |
| 71 | enabled: false |
| 72 | } |
| 73 | image: { |
| 74 | registry: images["ingress-nginx"].registry |
| 75 | image: images["ingress-nginx"].imageName |
| 76 | tag: images["ingress-nginx"].tag |
| 77 | pullPolicy: images["ingress-nginx"].pullPolicy |
| 78 | } |
| 79 | } |
| 80 | } |
| 81 | } |
| 82 | "tailscale-proxy": { |
| 83 | chart: charts["tailscale-proxy"] |
| 84 | values: { |
| 85 | hostname: input.privateNetwork.hostname |
| 86 | apiServer: "http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local" |
| 87 | loginServer: "https://headscale.\(global.domain)" // TODO(gio): take headscale subdomain from configuration |
| 88 | ipSubnet: input.privateNetwork.ipSubnet |
| 89 | username: input.privateNetwork.username // TODO(gio): maybe install headscale-user chart separately? |
| 90 | preAuthKeySecret: "headscale-preauth-key" |
| 91 | image: { |
| 92 | repository: images["tailscale-proxy"].fullName |
| 93 | tag: images["tailscale-proxy"].tag |
| 94 | pullPolicy: images["tailscale-proxy"].pullPolicy |
| 95 | } |
| 96 | } |
| 97 | } |
| 98 | } |