| Giorgi Lekveishvili | e009a5d | 2024-01-05 14:10:11 +0400 | [diff] [blame^] | 1 | input: { |
| 2 | privateNetwork: { |
| 3 | hostname: string |
| 4 | username: string |
| 5 | ipSubnet: string // TODO(gio): use cidr type |
| 6 | } |
| 7 | } |
| 8 | |
| 9 | images: { |
| 10 | "ingress-nginx": { |
| 11 | registry: "registry.k8s.io" |
| 12 | repository: "ingress-nginx" |
| 13 | name: "controller" |
| 14 | tag: "v1.8.0" |
| 15 | pullPolicy: "IfNotPresent" |
| 16 | } |
| 17 | "tailscale-proxy": { |
| 18 | repository: "tailscale" |
| 19 | name: "tailscale" |
| 20 | tag: "v1.42.0" |
| 21 | pullPolicy: "IfNotPresent" |
| 22 | } |
| 23 | } |
| 24 | |
| 25 | charts: { |
| 26 | "ingress-nginx": { |
| 27 | chart: "charts/ingress-nginx" |
| 28 | sourceRef: { |
| 29 | kind: "GitRepository" |
| 30 | name: "pcloud" |
| 31 | namespace: global.pcloudEnvName |
| 32 | } |
| 33 | } |
| 34 | "tailscale-proxy": { |
| 35 | chart: "charts/tailscale-proxy" |
| 36 | sourceRef: { |
| 37 | kind: "GitRepository" |
| 38 | name: "pcloud" |
| 39 | namespace: global.pcloudEnvName |
| 40 | } |
| 41 | } |
| 42 | } |
| 43 | |
| 44 | helm: { |
| 45 | "ingress-nginx": { |
| 46 | chart: charts["ingress-nginx"] |
| 47 | values: { |
| 48 | fullnameOverride: "\(global.id)-nginx-private" |
| 49 | controller: { |
| 50 | service: { |
| 51 | enabled: true |
| 52 | type: "LoadBalancer" |
| 53 | annotations: { |
| 54 | "metallb.universe.tf/address-pool": _ingressPrivate |
| 55 | } |
| 56 | } |
| 57 | ingressClassByName: true |
| 58 | ingressClassResource: { |
| 59 | name: _ingressPrivate |
| 60 | enabled: true |
| 61 | default: false |
| 62 | controllerValue: "k8s.io/\(_ingressPrivate)" |
| 63 | } |
| 64 | extraArgs: { |
| 65 | "default-ssl-certificate": "\(_ingressPrivate)/cert-wildcard.\(global.privateDomain)" |
| 66 | } |
| 67 | admissionWebhooks: { |
| 68 | enabled: false |
| 69 | } |
| 70 | image: { |
| 71 | registry: images["ingress-nginx"].registry |
| 72 | image: images["ingress-nginx"].imageName |
| 73 | tag: images["ingress-nginx"].tag |
| 74 | pullPolicy: images["ingress-nginx"].pullPolicy |
| 75 | } |
| 76 | } |
| 77 | } |
| 78 | } |
| 79 | "tailscale-proxy": { |
| 80 | chart: charts["tailscale-proxy"] |
| 81 | values: { |
| 82 | hostname: input.privateNetwork.hostname |
| 83 | apiServer: "http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local" |
| 84 | loginServer: "https://headscale.\(global.domain)" // TODO(gio): take headscale subdomain from configuration |
| 85 | ipSubnet: input.privateNetwork.ipSubnet |
| 86 | username: input.privateNetwork.username // TODO(gio): maybe install headscale-user chart separately? |
| 87 | preAuthKeySecret: "headscale-preauth-key" |
| 88 | image: { |
| 89 | repository: images["tailscale-proxy"].fullName |
| 90 | tag: images["tailscale-proxy"].tag |
| 91 | pullPolicy: images["tailscale-proxy"].pullPolicy |
| 92 | } |
| 93 | } |
| 94 | } |
| 95 | } |