| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 1 | input: { |
| 2 | privateNetwork: { |
| 3 | hostname: string |
| 4 | username: string |
| 5 | ipSubnet: string // TODO(gio): use cidr type |
| 6 | } |
| 7 | } |
| 8 | |
| Giorgi Lekveishvili | 08af67a | 2024-01-18 08:53:05 +0400 | [diff] [blame^] | 9 | namespace: "ingress-private" |
| 10 | |
| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 11 | images: { |
| 12 | "ingress-nginx": { |
| 13 | registry: "registry.k8s.io" |
| 14 | repository: "ingress-nginx" |
| 15 | name: "controller" |
| 16 | tag: "v1.8.0" |
| 17 | pullPolicy: "IfNotPresent" |
| 18 | } |
| 19 | "tailscale-proxy": { |
| 20 | repository: "tailscale" |
| 21 | name: "tailscale" |
| 22 | tag: "v1.42.0" |
| 23 | pullPolicy: "IfNotPresent" |
| 24 | } |
| 25 | } |
| 26 | |
| 27 | charts: { |
| 28 | "ingress-nginx": { |
| 29 | chart: "charts/ingress-nginx" |
| 30 | sourceRef: { |
| 31 | kind: "GitRepository" |
| 32 | name: "pcloud" |
| 33 | namespace: global.pcloudEnvName |
| 34 | } |
| 35 | } |
| 36 | "tailscale-proxy": { |
| 37 | chart: "charts/tailscale-proxy" |
| 38 | sourceRef: { |
| 39 | kind: "GitRepository" |
| 40 | name: "pcloud" |
| 41 | namespace: global.pcloudEnvName |
| 42 | } |
| 43 | } |
| 44 | } |
| 45 | |
| 46 | helm: { |
| 47 | "ingress-nginx": { |
| 48 | chart: charts["ingress-nginx"] |
| 49 | values: { |
| 50 | fullnameOverride: "\(global.id)-nginx-private" |
| 51 | controller: { |
| 52 | service: { |
| 53 | enabled: true |
| 54 | type: "LoadBalancer" |
| 55 | annotations: { |
| 56 | "metallb.universe.tf/address-pool": _ingressPrivate |
| 57 | } |
| 58 | } |
| 59 | ingressClassByName: true |
| 60 | ingressClassResource: { |
| 61 | name: _ingressPrivate |
| 62 | enabled: true |
| 63 | default: false |
| 64 | controllerValue: "k8s.io/\(_ingressPrivate)" |
| 65 | } |
| 66 | extraArgs: { |
| 67 | "default-ssl-certificate": "\(_ingressPrivate)/cert-wildcard.\(global.privateDomain)" |
| 68 | } |
| 69 | admissionWebhooks: { |
| 70 | enabled: false |
| 71 | } |
| 72 | image: { |
| 73 | registry: images["ingress-nginx"].registry |
| 74 | image: images["ingress-nginx"].imageName |
| 75 | tag: images["ingress-nginx"].tag |
| 76 | pullPolicy: images["ingress-nginx"].pullPolicy |
| 77 | } |
| 78 | } |
| 79 | } |
| 80 | } |
| 81 | "tailscale-proxy": { |
| 82 | chart: charts["tailscale-proxy"] |
| 83 | values: { |
| 84 | hostname: input.privateNetwork.hostname |
| 85 | apiServer: "http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local" |
| 86 | loginServer: "https://headscale.\(global.domain)" // TODO(gio): take headscale subdomain from configuration |
| 87 | ipSubnet: input.privateNetwork.ipSubnet |
| 88 | username: input.privateNetwork.username // TODO(gio): maybe install headscale-user chart separately? |
| 89 | preAuthKeySecret: "headscale-preauth-key" |
| 90 | image: { |
| 91 | repository: images["tailscale-proxy"].fullName |
| 92 | tag: images["tailscale-proxy"].tag |
| 93 | pullPolicy: images["tailscale-proxy"].pullPolicy |
| 94 | } |
| 95 | } |
| 96 | } |
| 97 | } |