| giolekva | 5cd3216 | 2021-11-05 20:10:19 +0400 | [diff] [blame] | 1 | repositories: |
| 2 | - name: ingress-nginx |
| 3 | url: https://kubernetes.github.io/ingress-nginx |
| 4 | |
| 5 | helmDefaults: |
| 6 | tillerless: true |
| 7 | |
| 8 | releases: |
| 9 | - name: vpn-mesh-config |
| 10 | chart: ../../charts/vpn-mesh-config |
| 11 | namespace: {{ .Values.id }}-ingress-private |
| 12 | createNamespace: true |
| 13 | values: |
| 14 | - certificateAuthority: |
| 15 | name: {{ .Values.id }} |
| 16 | secretName: ca-{{ .Values.id }}-cert |
| 17 | - lighthouse: |
| 18 | internalIP: 111.0.0.1 |
| 19 | externalIP: 46.49.35.44 |
| 20 | port: "4243" |
| 21 | - name: ingress-private |
| 22 | chart: ingress-nginx/ingress-nginx |
| 23 | version: 4.0.3 |
| 24 | namespace: {{ .Values.id }}-ingress-private |
| 25 | createNamespace: true |
| 26 | values: |
| 27 | - fullnameOverride: nginx |
| 28 | - controller: |
| 29 | service: |
| 30 | type: ClusterIP |
| 31 | ingressClassByName: true |
| 32 | ingressClassResource: |
| 33 | name: {{ .Values.id }}-ingress-private |
| 34 | enabled: true |
| 35 | default: false |
| 36 | controllerValue: k8s.io/{{ .Values.id }}-ingress-private |
| 37 | extraVolumes: |
| 38 | - name: lighthouse-cert |
| 39 | secret: |
| 40 | secretName: node-lighthouse-cert |
| 41 | - name: config |
| 42 | configMap: |
| 43 | name: lighthouse-config |
| 44 | extraContainers: |
| 45 | - name: lighthouse |
| 46 | image: giolekva/nebula:latest |
| 47 | imagePullPolicy: IfNotPresent |
| 48 | securityContext: |
| 49 | privileged: true |
| 50 | capabilities: |
| 51 | add: |
| 52 | - NET_ADMIN |
| 53 | ports: |
| 54 | - name: nebula |
| 55 | containerPort: 4242 |
| 56 | protocol: UDP |
| 57 | command: |
| 58 | - nebula |
| 59 | - --config=/etc/nebula/config/lighthouse.yaml |
| 60 | volumeMounts: |
| 61 | - name: lighthouse-cert |
| 62 | mountPath: /etc/nebula/lighthouse |
| 63 | - name: config |
| 64 | mountPath: /etc/nebula/config |
| 65 | config: |
| 66 | bind-address: 111.0.0.1 |
| 67 | proxy-body-size: 0 |
| 68 | udp: |
| 69 | - 53: {{ .Values.id }}-app-pihole/pihole-dns-udp:53 |
| 70 | tcp: |
| 71 | - 53: {{ .Values.id }}-app-pihole/pihole-dns-tcp:53 |
| giolekva | f15d5a3 | 2021-11-06 16:42:58 +0400 | [diff] [blame^] | 72 | - name: certificate-issuer |
| 73 | chart: ../../charts/certificate-issuer |
| 74 | namespace: {{ .Values.certManagerNamespace }} # {{ .Values.id }}-ingress-private |
| 75 | createNamespace: true |
| 76 | values: |
| 77 | - public: |
| 78 | name: {{ .Values.id }}-public |
| 79 | server: https://acme-v02.api.letsencrypt.org/directory |
| 80 | contactEmail: {{ .Values.contactEmail }} |
| 81 | ingressClass: ingress-nginx |
| 82 | - private: |
| 83 | name: {{ .Values.id }}-private |
| giolekva | 5cd3216 | 2021-11-05 20:10:19 +0400 | [diff] [blame] | 84 | |
| 85 | environments: |
| 86 | shveli: |
| 87 | values: |
| 88 | - id: shveli |
| giolekva | f15d5a3 | 2021-11-06 16:42:58 +0400 | [diff] [blame^] | 89 | - contactEmail: giolekva@gmail.com |
| 90 | - certManagerNamespace: cert-manager |