Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 6ec78549d803828a27b62878dfc40567913db195 / . / core / installer / values-tmpl / private-network.cue
blob: 65bfeaf8b79d3de0d07b5bca803d890a0a42a038 [file] [log] [blame]
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]1import (
2 "encoding/base64"
3)
4
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]5input: {
6 privateNetwork: {
7 hostname: string
8 username: string
9 ipSubnet: string // TODO(gio): use cidr type
10 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]11 sshPrivateKey: string
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]12}
13
Giorgi Lekveishvili03d6f4b2024-03-08 13:05:21 +0400[diff] [blame]14name: "private-network"
Giorgi Lekveishvili08af67a2024-01-18 08:53:05 +0400[diff] [blame]15namespace: "ingress-private"
16
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]17images: {
18 "ingress-nginx": {
19 registry: "registry.k8s.io"
20 repository: "ingress-nginx"
21 name: "controller"
22 tag: "v1.8.0"
23 pullPolicy: "IfNotPresent"
24 }
25 "tailscale-proxy": {
26 repository: "tailscale"
27 name: "tailscale"
28 tag: "v1.42.0"
29 pullPolicy: "IfNotPresent"
30 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]31 portAllocator: {
32 repository: "giolekva"
33 name: "port-allocator"
34 tag: "latest"
35 pullPolicy: "Always"
36 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]37}
38
39charts: {
40 "ingress-nginx": {
41 chart: "charts/ingress-nginx"
42 sourceRef: {
43 kind: "GitRepository"
44 name: "pcloud"
45 namespace: global.pcloudEnvName
46 }
47 }
48 "tailscale-proxy": {
49 chart: "charts/tailscale-proxy"
50 sourceRef: {
51 kind: "GitRepository"
52 name: "pcloud"
53 namespace: global.pcloudEnvName
54 }
55 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]56 portAllocator: {
57 chart: "charts/port-allocator"
58 sourceRef: {
59 kind: "GitRepository"
60 name: "pcloud"
61 namespace: global.id
62 }
63 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]64}
65
66helm: {
67 "ingress-nginx": {
68 chart: charts["ingress-nginx"]
69 values: {
70 fullnameOverride: "\(global.id)-nginx-private"
71 controller: {
72 service: {
73 enabled: true
74 type: "LoadBalancer"
75 annotations: {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]76 "metallb.universe.tf/address-pool": ingressPrivate
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]77 }
78 }
79 ingressClassByName: true
80 ingressClassResource: {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]81 name: ingressPrivate
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]82 enabled: true
83 default: false
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]84 controllerValue: "k8s.io/\(ingressPrivate)"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]85 }
Giorgi Lekveishvili13da8ff2024-03-26 12:12:24 +0400[diff] [blame]86 config: {
giodb274d12024-04-19 11:53:18 +0400[diff] [blame]87 "proxy-body-size": "200M" // TODO(giolekva): configurable
Giorgi Lekveishvili13da8ff2024-03-26 12:12:24 +0400[diff] [blame]88 "force-ssl-redirect": "true"
giodb274d12024-04-19 11:53:18 +0400[diff] [blame]89 "server-snippet": """
90 more_clear_headers "X-Frame-Options";
91 """
Giorgi Lekveishvili13da8ff2024-03-26 12:12:24 +0400[diff] [blame]92 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]93 extraArgs: {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]94 "default-ssl-certificate": "\(ingressPrivate)/cert-wildcard.\(global.privateDomain)"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]95 }
96 admissionWebhooks: {
97 enabled: false
98 }
99 image: {
100 registry: images["ingress-nginx"].registry
101 image: images["ingress-nginx"].imageName
102 tag: images["ingress-nginx"].tag
103 pullPolicy: images["ingress-nginx"].pullPolicy
104 }
105 }
106 }
107 }
108 "tailscale-proxy": {
109 chart: charts["tailscale-proxy"]
110 values: {
111 hostname: input.privateNetwork.hostname
112 apiServer: "http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local"
113 loginServer: "https://headscale.\(global.domain)" // TODO(gio): take headscale subdomain from configuration
114 ipSubnet: input.privateNetwork.ipSubnet
115 username: input.privateNetwork.username // TODO(gio): maybe install headscale-user chart separately?
116 preAuthKeySecret: "headscale-preauth-key"
117 image: {
118 repository: images["tailscale-proxy"].fullName
119 tag: images["tailscale-proxy"].tag
120 pullPolicy: images["tailscale-proxy"].pullPolicy
121 }
122 }
123 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]124 "port-allocator": {
125 chart: charts.portAllocator
126 values: {
127 repoAddr: release.repoAddr
128 sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
gioff2a29a2024-05-01 17:06:42 +0400[diff] [blame]129 ingressNginxPath: "\(release.appDir)/resources/ingress-nginx.yaml"
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]130 image: {
131 repository: images.portAllocator.fullName
132 tag: images.portAllocator.tag
133 pullPolicy: images.portAllocator.pullPolicy
134 }
135 }
136 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]137}