Blame - core/installer/values-tmpl/cluster-network.cue - pcloud

blob: d1ae8784d79cb35ee73d5f1cd58765f61158014b [file] [log] [blame]

gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	1	import (
gio	721c004	2025-04-03 11:56:36 +0400	[diff] [blame]	2	"encoding/base64"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	3	)
				4
				5	input: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	6	cluster: #Cluster
				7	vpnUser: string
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	8	vpnProxyHostname: string
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	9	vpnAuthKey: string @role(VPNAuthKey) @usernameField(vpnUser)
				10	sshPrivateKey: string
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	11	}
				12
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	13	name: "Cluster Network"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	14	namespace: "cluster-network"
				15
				16	out: {
				17	images: {
				18	"ingress-nginx": {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	19	registry: "registry.k8s.io"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	20	repository: "ingress-nginx"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	21	name: "controller"
				22	tag: "v1.8.0"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	23	pullPolicy: "IfNotPresent"
				24	}
				25	"tailscale-proxy": {
				26	repository: "tailscale"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	27	name: "tailscale"
				28	tag: "v1.82.0"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	29	pullPolicy: "IfNotPresent"
				30	}
gio	721c004	2025-04-03 11:56:36 +0400	[diff] [blame]	31	portAllocator: {
				32	repository: "giolekva"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	33	name: "port-allocator"
				34	tag: "latest"
gio	721c004	2025-04-03 11:56:36 +0400	[diff] [blame]	35	pullPolicy: "Always"
				36	}
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	37	}
				38
				39	charts: {
				40	"access-secrets": {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	41	kind: "GitRepository"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	42	address: "https://code.v1.dodo.cloud/helm-charts"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	43	branch: "main"
				44	path: "charts/access-secrets"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	45	}
				46	"ingress-nginx": {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	47	kind: "GitRepository"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	48	address: "https://code.v1.dodo.cloud/helm-charts"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	49	branch: "main"
				50	path: "charts/ingress-nginx"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	51	}
				52	"tailscale-proxy": {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	53	kind: "GitRepository"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	54	address: "https://code.v1.dodo.cloud/helm-charts"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	55	branch: "main"
				56	path: "charts/tailscale-proxy"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	57	}
gio	721c004	2025-04-03 11:56:36 +0400	[diff] [blame]	58	portAllocator: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	59	kind: "GitRepository"
gio	721c004	2025-04-03 11:56:36 +0400	[diff] [blame]	60	address: "https://code.v1.dodo.cloud/helm-charts"
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	61	branch: "main"
				62	path: "charts/port-allocator"
gio	721c004	2025-04-03 11:56:36 +0400	[diff] [blame]	63	}
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	64	}
				65
				66	helm: {
				67	_fullnameOverride: "\(global.id)-nginx-cluster-\(input.cluster.name)"
				68	"access-secrets": {
				69	chart: charts["access-secrets"]
				70	values: {
				71	serviceAccountName: _fullnameOverride
				72	}
				73	}
				74	"ingress-nginx": {
				75	chart: charts["ingress-nginx"]
				76	dependsOn: [{
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	77	name: "access-secrets"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	78	namespace: release.namespace
				79	}]
				80	values: {
				81	fullnameOverride: _fullnameOverride
				82	controller: {
				83	service: enabled: false
				84	ingressClassByName: true
				85	ingressClassResource: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	86	name: input.cluster.ingressClassName
				87	enabled: true
				88	default: false
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	89	controllerValue: "k8s.io/\(input.cluster.name)"
				90	}
				91	config: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	92	"proxy-body-size": "200M" // TODO(giolekva): configurable
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	93	"force-ssl-redirect": "true"
				94	"server-snippet": """
				95	more_clear_headers "X-Frame-Options";
				96	"""
				97	}
				98	admissionWebhooks: {
				99	enabled: false
				100	}
				101	image: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	102	registry: images["ingress-nginx"].registry
				103	image: images["ingress-nginx"].imageName
				104	tag: images["ingress-nginx"].tag
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	105	pullPolicy: images["ingress-nginx"].pullPolicy
				106	}
				107	extraContainers: [{
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	108	name: "proxy"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	109	image: images["tailscale-proxy"].fullNameWithTag
				110	env: [{
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	111	name: "TS_AUTHKEY"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	112	value: input.vpnAuthKey
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	113	}, {
				114	name: "TS_HOSTNAME"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	115	value: input.vpnProxyHostname
				116	}, {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	117	name: "TS_EXTRA_ARGS"
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	118	value: "--login-server=https://headscale.\(global.domain)"
				119	}]
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	120	}]
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	121	}
gio	721c004	2025-04-03 11:56:36 +0400	[diff] [blame]	122	tcp: {}
				123	udp: {}
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	124	}
				125	}
gio	721c004	2025-04-03 11:56:36 +0400	[diff] [blame]	126	"port-allocator": {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	127	chart: charts.portAllocator
gio	721c004	2025-04-03 11:56:36 +0400	[diff] [blame]	128	cluster: null
				129	values: {
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	130	repoAddr: release.repoAddr
				131	sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
gio	721c004	2025-04-03 11:56:36 +0400	[diff] [blame]	132	ingressNginxPath: "\(release.appDir)/resources/ingress-nginx.yaml"
				133	image: {
				134	repository: images.portAllocator.fullName
gio	9bd87ca	2025-04-20 08:05:34 +0400	[diff] [blame]	135	tag: "amd64" // TODO(gio): images.portAllocator.tag
gio	721c004	2025-04-03 11:56:36 +0400	[diff] [blame]	136	pullPolicy: images.portAllocator.pullPolicy
				137	}
				138	}
				139	}
gio	f6ad298	2024-08-23 17:42:49 +0400	[diff] [blame]	140	}
				141	}