Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / f88434168174a99f76853e509877475c7ffde893 / . / core / installer / values-tmpl / private-network.cue
blob: fe78f322feed03ba6d1173ab04cba9a0e783a3af [file] [log] [blame]
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]1import (
2 "encoding/base64"
3)
4
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]5input: {
6 privateNetwork: {
7 hostname: string
8 username: string
9 ipSubnet: string // TODO(gio): use cidr type
10 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]11 sshPrivateKey: string
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]12}
13
Giorgi Lekveishvili03d6f4b2024-03-08 13:05:21 +0400[diff] [blame]14name: "private-network"
Giorgi Lekveishvili08af67a2024-01-18 08:53:05 +0400[diff] [blame]15namespace: "ingress-private"
16
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]17images: {
18 "ingress-nginx": {
19 registry: "registry.k8s.io"
20 repository: "ingress-nginx"
21 name: "controller"
22 tag: "v1.8.0"
23 pullPolicy: "IfNotPresent"
24 }
25 "tailscale-proxy": {
26 repository: "tailscale"
27 name: "tailscale"
28 tag: "v1.42.0"
29 pullPolicy: "IfNotPresent"
30 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]31 portAllocator: {
32 repository: "giolekva"
33 name: "port-allocator"
34 tag: "latest"
35 pullPolicy: "Always"
36 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]37}
38
39charts: {
40 "ingress-nginx": {
giof8843412024-05-22 16:38:05 +0400[diff] [blame^]41 kind: "GitRepository"
42 address: "https://github.com/giolekva/pcloud.git"
43 branch: "main"
44 path: "charts/ingress-nginx"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]45 }
46 "tailscale-proxy": {
giof8843412024-05-22 16:38:05 +0400[diff] [blame^]47 kind: "GitRepository"
48 address: "https://github.com/giolekva/pcloud.git"
49 branch: "main"
50 path: "charts/tailscale-proxy"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]51 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]52 portAllocator: {
giof8843412024-05-22 16:38:05 +0400[diff] [blame^]53 kind: "GitRepository"
54 address: "https://github.com/giolekva/pcloud.git"
55 branch: "main"
56 path: "charts/port-allocator"
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]57 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]58}
59
60helm: {
61 "ingress-nginx": {
62 chart: charts["ingress-nginx"]
63 values: {
64 fullnameOverride: "\(global.id)-nginx-private"
65 controller: {
66 service: {
67 enabled: true
68 type: "LoadBalancer"
69 annotations: {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]70 "metallb.universe.tf/address-pool": ingressPrivate
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]71 }
72 }
73 ingressClassByName: true
74 ingressClassResource: {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]75 name: ingressPrivate
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]76 enabled: true
77 default: false
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]78 controllerValue: "k8s.io/\(ingressPrivate)"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]79 }
Giorgi Lekveishvili13da8ff2024-03-26 12:12:24 +0400[diff] [blame]80 config: {
giodb274d12024-04-19 11:53:18 +0400[diff] [blame]81 "proxy-body-size": "200M" // TODO(giolekva): configurable
Giorgi Lekveishvili13da8ff2024-03-26 12:12:24 +0400[diff] [blame]82 "force-ssl-redirect": "true"
giodb274d12024-04-19 11:53:18 +0400[diff] [blame]83 "server-snippet": """
84 more_clear_headers "X-Frame-Options";
85 """
Giorgi Lekveishvili13da8ff2024-03-26 12:12:24 +0400[diff] [blame]86 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]87 extraArgs: {
gioe72b54f2024-04-22 10:44:41 +0400[diff] [blame]88 "default-ssl-certificate": "\(ingressPrivate)/cert-wildcard.\(global.privateDomain)"
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]89 }
90 admissionWebhooks: {
91 enabled: false
92 }
93 image: {
94 registry: images["ingress-nginx"].registry
95 image: images["ingress-nginx"].imageName
96 tag: images["ingress-nginx"].tag
97 pullPolicy: images["ingress-nginx"].pullPolicy
98 }
99 }
100 }
101 }
102 "tailscale-proxy": {
103 chart: charts["tailscale-proxy"]
104 values: {
105 hostname: input.privateNetwork.hostname
106 apiServer: "http://headscale-api.\(global.namespacePrefix)app-headscale.svc.cluster.local"
107 loginServer: "https://headscale.\(global.domain)" // TODO(gio): take headscale subdomain from configuration
108 ipSubnet: input.privateNetwork.ipSubnet
109 username: input.privateNetwork.username // TODO(gio): maybe install headscale-user chart separately?
110 preAuthKeySecret: "headscale-preauth-key"
111 image: {
112 repository: images["tailscale-proxy"].fullName
113 tag: images["tailscale-proxy"].tag
114 pullPolicy: images["tailscale-proxy"].pullPolicy
115 }
116 }
117 }
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]118 "port-allocator": {
119 chart: charts.portAllocator
120 values: {
121 repoAddr: release.repoAddr
122 sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
gioff2a29a2024-05-01 17:06:42 +0400[diff] [blame]123 ingressNginxPath: "\(release.appDir)/resources/ingress-nginx.yaml"
Giorgi Lekveishvilib59b7c22024-04-03 22:17:50 +0400[diff] [blame]124 image: {
125 repository: images.portAllocator.fullName
126 tag: images.portAllocator.tag
127 pullPolicy: images.portAllocator.pullPolicy
128 }
129 }
130 }
Giorgi Lekveishvilie009a5d2024-01-05 14:10:11 +0400[diff] [blame]131}