| Giorgi Lekveishvili | b59b7c2 | 2024-04-03 22:17:50 +0400 | [diff] [blame] | 1 | import ( |
| 2 | "encoding/base64" |
| 3 | ) |
| 4 | |
| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 5 | input: { |
| 6 | privateNetwork: { |
| 7 | hostname: string |
| 8 | username: string |
| 9 | ipSubnet: string // TODO(gio): use cidr type |
| 10 | } |
| Giorgi Lekveishvili | b59b7c2 | 2024-04-03 22:17:50 +0400 | [diff] [blame] | 11 | sshPrivateKey: string |
| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 12 | } |
| 13 | |
| Giorgi Lekveishvili | 03d6f4b | 2024-03-08 13:05:21 +0400 | [diff] [blame] | 14 | name: "private-network" |
| Giorgi Lekveishvili | 08af67a | 2024-01-18 08:53:05 +0400 | [diff] [blame] | 15 | namespace: "ingress-private" |
| 16 | |
| gio | 7fbd4ad | 2024-08-27 10:06:39 +0400 | [diff] [blame] | 17 | out: { |
| 18 | images: { |
| 19 | "ingress-nginx": { |
| 20 | registry: "registry.k8s.io" |
| 21 | repository: "ingress-nginx" |
| 22 | name: "controller" |
| 23 | tag: "v1.8.0" |
| 24 | pullPolicy: "IfNotPresent" |
| 25 | } |
| 26 | "tailscale-proxy": { |
| 27 | repository: "tailscale" |
| 28 | name: "tailscale" |
| 29 | tag: "v1.42.0" |
| 30 | pullPolicy: "IfNotPresent" |
| 31 | } |
| 32 | portAllocator: { |
| 33 | repository: "giolekva" |
| 34 | name: "port-allocator" |
| 35 | tag: "latest" |
| 36 | pullPolicy: "Always" |
| 37 | } |
| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 38 | } |
| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 39 | |
| gio | 7fbd4ad | 2024-08-27 10:06:39 +0400 | [diff] [blame] | 40 | charts: { |
| 41 | "ingress-nginx": { |
| 42 | kind: "GitRepository" |
| 43 | address: "https://code.v1.dodo.cloud/helm-charts" |
| 44 | branch: "main" |
| 45 | path: "charts/ingress-nginx" |
| 46 | } |
| 47 | "tailscale-proxy": { |
| 48 | kind: "GitRepository" |
| 49 | address: "https://code.v1.dodo.cloud/helm-charts" |
| 50 | branch: "main" |
| 51 | path: "charts/tailscale-proxy" |
| 52 | } |
| 53 | portAllocator: { |
| 54 | kind: "GitRepository" |
| 55 | address: "https://code.v1.dodo.cloud/helm-charts" |
| 56 | branch: "main" |
| 57 | path: "charts/port-allocator" |
| 58 | } |
| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 59 | } |
| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 60 | |
| gio | 7fbd4ad | 2024-08-27 10:06:39 +0400 | [diff] [blame] | 61 | _ingressPrivate: "\(global.id)-ingress-private" |
| gio | 7841f4f | 2024-07-26 19:53:49 +0400 | [diff] [blame] | 62 | |
| gio | 7fbd4ad | 2024-08-27 10:06:39 +0400 | [diff] [blame] | 63 | helm: { |
| 64 | "ingress-nginx": { |
| 65 | chart: charts["ingress-nginx"] |
| 66 | values: { |
| 67 | fullnameOverride: "\(global.id)-nginx-private" |
| 68 | controller: { |
| 69 | service: { |
| 70 | enabled: true |
| 71 | type: "LoadBalancer" |
| 72 | annotations: { |
| 73 | "metallb.universe.tf/address-pool": _ingressPrivate |
| 74 | } |
| 75 | } |
| 76 | ingressClassByName: true |
| 77 | ingressClassResource: { |
| 78 | name: _ingressPrivate |
| 79 | enabled: true |
| 80 | default: false |
| 81 | controllerValue: "k8s.io/\(_ingressPrivate)" |
| 82 | } |
| 83 | config: { |
| 84 | "proxy-body-size": "200M" // TODO(giolekva): configurable |
| 85 | "force-ssl-redirect": "true" |
| 86 | "server-snippet": """ |
| 87 | more_clear_headers "X-Frame-Options"; |
| 88 | """ |
| 89 | } |
| 90 | extraArgs: { |
| 91 | "default-ssl-certificate": "\(_ingressPrivate)/cert-wildcard.\(global.privateDomain)" |
| 92 | } |
| 93 | admissionWebhooks: { |
| 94 | enabled: false |
| 95 | } |
| 96 | image: { |
| 97 | registry: images["ingress-nginx"].registry |
| 98 | image: images["ingress-nginx"].imageName |
| 99 | tag: images["ingress-nginx"].tag |
| 100 | pullPolicy: images["ingress-nginx"].pullPolicy |
| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 101 | } |
| 102 | } |
| gio | 7fbd4ad | 2024-08-27 10:06:39 +0400 | [diff] [blame] | 103 | } |
| 104 | } |
| 105 | "tailscale-proxy": { |
| 106 | chart: charts["tailscale-proxy"] |
| 107 | values: { |
| 108 | hostname: input.privateNetwork.hostname |
| 109 | apiServer: "http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local" |
| 110 | loginServer: "https://headscale.\(networks.public.domain)" // TODO(gio): take headscale subdomain from configuration |
| 111 | ipSubnet: input.privateNetwork.ipSubnet |
| 112 | username: input.privateNetwork.username // TODO(gio): maybe install headscale-user chart separately? |
| 113 | preAuthKeySecret: "headscale-preauth-key" |
| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 114 | image: { |
| gio | 7fbd4ad | 2024-08-27 10:06:39 +0400 | [diff] [blame] | 115 | repository: images["tailscale-proxy"].fullName |
| 116 | tag: images["tailscale-proxy"].tag |
| 117 | pullPolicy: images["tailscale-proxy"].pullPolicy |
| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 118 | } |
| 119 | } |
| 120 | } |
| gio | 7fbd4ad | 2024-08-27 10:06:39 +0400 | [diff] [blame] | 121 | "port-allocator": { |
| 122 | chart: charts.portAllocator |
| 123 | values: { |
| 124 | repoAddr: release.repoAddr |
| 125 | sshPrivateKey: base64.Encode(null, input.sshPrivateKey) |
| 126 | ingressNginxPath: "\(release.appDir)/resources/ingress-nginx.yaml" |
| 127 | image: { |
| 128 | repository: images.portAllocator.fullName |
| 129 | tag: images.portAllocator.tag |
| 130 | pullPolicy: images.portAllocator.pullPolicy |
| 131 | } |
| Giorgi Lekveishvili | b59b7c2 | 2024-04-03 22:17:50 +0400 | [diff] [blame] | 132 | } |
| 133 | } |
| 134 | } |
| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame] | 135 | } |