Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / b59b7c21e16cdbc0989787c075f1055a295e8235 / . / core / installer / values-tmpl / private-network.cue
blob: bc58a9f47d1ea57bbd78c7f6c7304fe4960f26d2 [file] [log] [blame]
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame^]1import (
2 "encoding/base64"
3)
4
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]5input: {
6 privateNetwork: {
7 hostname: string
8 username: string
9 ipSubnet: string // TODO(gio): use cidr type
10 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame^]11 sshPrivateKey: string
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]12}
13
Giorgi Lekveishvili03d6f4b2024-03-08 13:05:21 +0400[diff] [blame]14name: "private-network"
Giorgi Lekveishvili08af67a2024-01-18 08:53:05 +0400[diff] [blame]15namespace: "ingress-private"
16
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]17images: {
18 "ingress-nginx": {
19 registry: "registry.k8s.io"
20 repository: "ingress-nginx"
21 name: "controller"
22 tag: "v1.8.0"
23 pullPolicy: "IfNotPresent"
24 }
25 "tailscale-proxy": {
26 repository: "tailscale"
27 name: "tailscale"
28 tag: "v1.42.0"
29 pullPolicy: "IfNotPresent"
30 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame^]31 portAllocator: {
32 repository: "giolekva"
33 name: "port-allocator"
34 tag: "latest"
35 pullPolicy: "Always"
36 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]37}
38
39charts: {
40 "ingress-nginx": {
41 chart: "charts/ingress-nginx"
42 sourceRef: {
43 kind: "GitRepository"
44 name: "pcloud"
45 namespace: global.pcloudEnvName
46 }
47 }
48 "tailscale-proxy": {
49 chart: "charts/tailscale-proxy"
50 sourceRef: {
51 kind: "GitRepository"
52 name: "pcloud"
53 namespace: global.pcloudEnvName
54 }
55 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame^]56 portAllocator: {
57 chart: "charts/port-allocator"
58 sourceRef: {
59 kind: "GitRepository"
60 name: "pcloud"
61 namespace: global.id
62 }
63 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]64}
65
66helm: {
67 "ingress-nginx": {
68 chart: charts["ingress-nginx"]
69 values: {
70 fullnameOverride: "\(global.id)-nginx-private"
71 controller: {
72 service: {
73 enabled: true
74 type: "LoadBalancer"
75 annotations: {
76 "metallb.universe.tf/address-pool": _ingressPrivate
77 }
78 }
79 ingressClassByName: true
80 ingressClassResource: {
81 name: _ingressPrivate
82 enabled: true
83 default: false
84 controllerValue: "k8s.io/\(_ingressPrivate)"
85 }
Giorgi Lekveishvili13da8ff2024-03-26 12:12:24 +0400[diff] [blame]86 config: {
87 "force-ssl-redirect": "true"
88 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]89 extraArgs: {
90 "default-ssl-certificate": "\(_ingressPrivate)/cert-wildcard.\(global.privateDomain)"
91 }
92 admissionWebhooks: {
93 enabled: false
94 }
95 image: {
96 registry: images["ingress-nginx"].registry
97 image: images["ingress-nginx"].imageName
98 tag: images["ingress-nginx"].tag
99 pullPolicy: images["ingress-nginx"].pullPolicy
100 }
101 }
102 }
103 }
104 "tailscale-proxy": {
105 chart: charts["tailscale-proxy"]
106 values: {
107 hostname: input.privateNetwork.hostname
108 apiServer: "http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local"
109 loginServer: "https://headscale.\(global.domain)" // TODO(gio): take headscale subdomain from configuration
110 ipSubnet: input.privateNetwork.ipSubnet
111 username: input.privateNetwork.username // TODO(gio): maybe install headscale-user chart separately?
112 preAuthKeySecret: "headscale-preauth-key"
113 image: {
114 repository: images["tailscale-proxy"].fullName
115 tag: images["tailscale-proxy"].tag
116 pullPolicy: images["tailscale-proxy"].pullPolicy
117 }
118 }
119 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame^]120 "port-allocator": {
121 chart: charts.portAllocator
122 values: {
123 repoAddr: release.repoAddr
124 sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
125 ingressNginxPath: "\(release.appDir)/ingress-nginx.yaml"
126 image: {
127 repository: images.portAllocator.fullName
128 tag: images.portAllocator.tag
129 pullPolicy: images.portAllocator.pullPolicy
130 }
131 }
132 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]133}