Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 608148d0414fd65e8dadeccc07093e3e4e9e6321 / . / core / installer / values-tmpl / private-network.cue
blob: 255b375ba7c193a99f03b36630a257c12156d2cc [file] [log] [blame]
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]1import (
2 "encoding/base64"
3)
4
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]5input: {
6 privateNetwork: {
7 hostname: string
8 username: string
9 ipSubnet: string // TODO(gio): use cidr type
10 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]11 sshPrivateKey: string
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]12}
13
Giorgi Lekveishvili03d6f4b2024-03-08 13:05:21 +0400[diff] [blame]14name: "private-network"
Giorgi Lekveishvili08af67a2024-01-18 08:53:05 +0400[diff] [blame]15namespace: "ingress-private"
16
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]17images: {
18 "ingress-nginx": {
19 registry: "registry.k8s.io"
20 repository: "ingress-nginx"
21 name: "controller"
22 tag: "v1.8.0"
23 pullPolicy: "IfNotPresent"
24 }
25 "tailscale-proxy": {
26 repository: "tailscale"
27 name: "tailscale"
28 tag: "v1.42.0"
29 pullPolicy: "IfNotPresent"
30 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]31 portAllocator: {
32 repository: "giolekva"
33 name: "port-allocator"
34 tag: "latest"
35 pullPolicy: "Always"
36 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]37}
38
39charts: {
40 "ingress-nginx": {
giof8843412024-05-22 16:38:05 +0400[diff] [blame]41 kind: "GitRepository"
gio9877f292024-08-17 15:11:15 +0400[diff] [blame]42 address: "https://code.v1.dodo.cloud/helm-charts"
giof8843412024-05-22 16:38:05 +0400[diff] [blame]43 branch: "main"
44 path: "charts/ingress-nginx"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]45 }
46 "tailscale-proxy": {
giof8843412024-05-22 16:38:05 +0400[diff] [blame]47 kind: "GitRepository"
gio9877f292024-08-17 15:11:15 +0400[diff] [blame]48 address: "https://code.v1.dodo.cloud/helm-charts"
giof8843412024-05-22 16:38:05 +0400[diff] [blame]49 branch: "main"
50 path: "charts/tailscale-proxy"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]51 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]52 portAllocator: {
giof8843412024-05-22 16:38:05 +0400[diff] [blame]53 kind: "GitRepository"
gio9877f292024-08-17 15:11:15 +0400[diff] [blame]54 address: "https://code.v1.dodo.cloud/helm-charts"
giof8843412024-05-22 16:38:05 +0400[diff] [blame]55 branch: "main"
56 path: "charts/port-allocator"
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]57 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]58}
59
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]60_ingressPrivate: "\(global.id)-ingress-private"
61
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]62helm: {
63 "ingress-nginx": {
64 chart: charts["ingress-nginx"]
65 values: {
66 fullnameOverride: "\(global.id)-nginx-private"
67 controller: {
68 service: {
69 enabled: true
70 type: "LoadBalancer"
71 annotations: {
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]72 "metallb.universe.tf/address-pool": _ingressPrivate
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]73 }
74 }
75 ingressClassByName: true
76 ingressClassResource: {
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]77 name: _ingressPrivate
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]78 enabled: true
79 default: false
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]80 controllerValue: "k8s.io/\(_ingressPrivate)"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]81 }
Giorgi Lekveishvili13da8ff2024-03-26 12:12:24 +0400[diff] [blame]82 config: {
giodb274d12024-04-19 11:53:18 +0400[diff] [blame]83 "proxy-body-size": "200M" // TODO(giolekva): configurable
Giorgi Lekveishvili13da8ff2024-03-26 12:12:24 +0400[diff] [blame]84 "force-ssl-redirect": "true"
giodb274d12024-04-19 11:53:18 +0400[diff] [blame]85 "server-snippet": """
86 more_clear_headers "X-Frame-Options";
87 """
Giorgi Lekveishvili13da8ff2024-03-26 12:12:24 +0400[diff] [blame]88 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]89 extraArgs: {
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]90 "default-ssl-certificate": "\(_ingressPrivate)/cert-wildcard.\(global.privateDomain)"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]91 }
92 admissionWebhooks: {
93 enabled: false
94 }
95 image: {
96 registry: images["ingress-nginx"].registry
97 image: images["ingress-nginx"].imageName
98 tag: images["ingress-nginx"].tag
99 pullPolicy: images["ingress-nginx"].pullPolicy
100 }
101 }
102 }
103 }
104 "tailscale-proxy": {
105 chart: charts["tailscale-proxy"]
106 values: {
107 hostname: input.privateNetwork.hostname
108 apiServer: "http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local"
gio7841f4f2024-07-26 19:53:49 +0400[diff] [blame]109 loginServer: "https://headscale.\(networks.public.domain)" // TODO(gio): take headscale subdomain from configuration
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]110 ipSubnet: input.privateNetwork.ipSubnet
111 username: input.privateNetwork.username // TODO(gio): maybe install headscale-user chart separately?
112 preAuthKeySecret: "headscale-preauth-key"
113 image: {
114 repository: images["tailscale-proxy"].fullName
115 tag: images["tailscale-proxy"].tag
116 pullPolicy: images["tailscale-proxy"].pullPolicy
117 }
118 }
119 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]120 "port-allocator": {
121 chart: charts.portAllocator
122 values: {
123 repoAddr: release.repoAddr
124 sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
gioff2a29a2024-05-01 17:06:42 +0400[diff] [blame]125 ingressNginxPath: "\(release.appDir)/resources/ingress-nginx.yaml"
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]126 image: {
127 repository: images.portAllocator.fullName
128 tag: images.portAllocator.tag
129 pullPolicy: images.portAllocator.pullPolicy
130 }
131 }
132 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]133}