Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 4fa7eb316a34f2e5320d8e06b4c682acbae61e4e / . / core / installer / values-tmpl / cluster-network.cue
blob: 85551e6b84d8a8c5fafc34e44b80ece054cf45ab [file] [log] [blame]
giof6ad2982024-08-23 17:42:49 +0400[diff] [blame]1import (
gio721c0042025-04-03 11:56:36 +0400[diff] [blame]2 "encoding/base64"
giof6ad2982024-08-23 17:42:49 +0400[diff] [blame]3)
4
5input: {
6 cluster: #Cluster
7 vpnUser: string
8 vpnProxyHostname: string
9 vpnAuthKey: string @role(VPNAuthKey) @usernameField(vpnUser)
gio721c0042025-04-03 11:56:36 +0400[diff] [blame]10 sshPrivateKey: string
giof6ad2982024-08-23 17:42:49 +0400[diff] [blame]11}
12
13name: "Cluster Network"
14namespace: "cluster-network"
15
16out: {
17 images: {
18 "ingress-nginx": {
19 registry: "registry.k8s.io"
20 repository: "ingress-nginx"
21 name: "controller"
22 tag: "v1.8.0"
23 pullPolicy: "IfNotPresent"
24 }
25 "tailscale-proxy": {
26 repository: "tailscale"
27 name: "tailscale"
gio997af632025-04-08 12:24:39 +0400[diff] [blame]28 tag: "v1.82.0"
giof6ad2982024-08-23 17:42:49 +0400[diff] [blame]29 pullPolicy: "IfNotPresent"
30 }
gio721c0042025-04-03 11:56:36 +0400[diff] [blame]31 portAllocator: {
32 repository: "giolekva"
33 name: "port-allocator"
34 tag: "latest"
35 pullPolicy: "Always"
36 }
giof6ad2982024-08-23 17:42:49 +0400[diff] [blame]37 }
38
39 charts: {
40 "access-secrets": {
41 kind: "GitRepository"
42 address: "https://code.v1.dodo.cloud/helm-charts"
43 branch: "main"
44 path: "charts/access-secrets"
45 }
46 "ingress-nginx": {
47 kind: "GitRepository"
48 address: "https://code.v1.dodo.cloud/helm-charts"
49 branch: "main"
50 path: "charts/ingress-nginx"
51 }
52 "tailscale-proxy": {
53 kind: "GitRepository"
54 address: "https://code.v1.dodo.cloud/helm-charts"
55 branch: "main"
56 path: "charts/tailscale-proxy"
57 }
gio721c0042025-04-03 11:56:36 +0400[diff] [blame]58 portAllocator: {
59 kind: "GitRepository"
60 address: "https://code.v1.dodo.cloud/helm-charts"
61 branch: "main"
62 path: "charts/port-allocator"
63 }
giof6ad2982024-08-23 17:42:49 +0400[diff] [blame]64 }
65
66 helm: {
67 _fullnameOverride: "\(global.id)-nginx-cluster-\(input.cluster.name)"
68 "access-secrets": {
69 chart: charts["access-secrets"]
70 values: {
71 serviceAccountName: _fullnameOverride
72 }
73 }
74 "ingress-nginx": {
75 chart: charts["ingress-nginx"]
76 dependsOn: [{
77 name: "access-secrets"
78 namespace: release.namespace
79 }]
80 values: {
81 fullnameOverride: _fullnameOverride
82 controller: {
83 service: enabled: false
84 ingressClassByName: true
85 ingressClassResource: {
86 name: input.cluster.ingressClassName
87 enabled: true
88 default: false
89 controllerValue: "k8s.io/\(input.cluster.name)"
90 }
91 config: {
92 "proxy-body-size": "200M" // TODO(giolekva): configurable
93 "force-ssl-redirect": "true"
94 "server-snippet": """
95 more_clear_headers "X-Frame-Options";
96 """
97 }
98 admissionWebhooks: {
99 enabled: false
100 }
101 image: {
102 registry: images["ingress-nginx"].registry
103 image: images["ingress-nginx"].imageName
104 tag: images["ingress-nginx"].tag
105 pullPolicy: images["ingress-nginx"].pullPolicy
106 }
107 extraContainers: [{
108 name: "proxy"
109 image: images["tailscale-proxy"].fullNameWithTag
110 env: [{
111 name: "TS_AUTHKEY"
112 value: input.vpnAuthKey
113 }, {
114 name: "TS_HOSTNAME"
115 value: input.vpnProxyHostname
116 }, {
117 name: "TS_EXTRA_ARGS"
118 value: "--login-server=https://headscale.\(global.domain)"
119 }]
120 }]
121 }
gio721c0042025-04-03 11:56:36 +0400[diff] [blame]122 tcp: {}
123 udp: {}
giof6ad2982024-08-23 17:42:49 +0400[diff] [blame]124 }
125 }
gio721c0042025-04-03 11:56:36 +0400[diff] [blame]126 "port-allocator": {
127 chart: charts.portAllocator
128 cluster: null
129 values: {
130 repoAddr: release.repoAddr
131 sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
132 ingressNginxPath: "\(release.appDir)/resources/ingress-nginx.yaml"
133 image: {
134 repository: images.portAllocator.fullName
135 tag: "amd64" // TODO(gio): images.portAllocator.tag
136 pullPolicy: images.portAllocator.pullPolicy
137 }
138 }
139 }
giof6ad2982024-08-23 17:42:49 +0400[diff] [blame]140 }
141}