Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / ff0ee0f02dfac596bbcdbe734605fa4f34f31a76 / . / core / installer / values-tmpl / cluster-network.cue
blob: d470ff19322c50a8f7e61df071c45ec02cbfeae4 [file] [log] [blame]
giof6ad2982024-08-23 17:42:49 +0400[diff] [blame]1import (
2 // "encoding/base64"
3)
4
5input: {
6 cluster: #Cluster
7 vpnUser: string
8 vpnProxyHostname: string
9 vpnAuthKey: string @role(VPNAuthKey) @usernameField(vpnUser)
10 // TODO(gio): support port allocator
11}
12
13name: "Cluster Network"
14namespace: "cluster-network"
15
16out: {
17 images: {
18 "ingress-nginx": {
19 registry: "registry.k8s.io"
20 repository: "ingress-nginx"
21 name: "controller"
22 tag: "v1.8.0"
23 pullPolicy: "IfNotPresent"
24 }
25 "tailscale-proxy": {
26 repository: "tailscale"
27 name: "tailscale"
28 tag: "v1.42.0"
29 pullPolicy: "IfNotPresent"
30 }
31 // portAllocator: {
32 // repository: "giolekva"
33 // name: "port-allocator"
34 // tag: "latest"
35 // pullPolicy: "Always"
36 // }
37 }
38
39 charts: {
40 "access-secrets": {
41 kind: "GitRepository"
42 address: "https://code.v1.dodo.cloud/helm-charts"
43 branch: "main"
44 path: "charts/access-secrets"
45 }
46 "ingress-nginx": {
47 kind: "GitRepository"
48 address: "https://code.v1.dodo.cloud/helm-charts"
49 branch: "main"
50 path: "charts/ingress-nginx"
51 }
52 "tailscale-proxy": {
53 kind: "GitRepository"
54 address: "https://code.v1.dodo.cloud/helm-charts"
55 branch: "main"
56 path: "charts/tailscale-proxy"
57 }
58 // portAllocator: {
59 // kind: "GitRepository"
60 // address: "https://code.v1.dodo.cloud/helm-charts"
61 // branch: "main"
62 // path: "charts/port-allocator"
63 // }
64 }
65
66 helm: {
67 _fullnameOverride: "\(global.id)-nginx-cluster-\(input.cluster.name)"
68 "access-secrets": {
69 chart: charts["access-secrets"]
70 values: {
71 serviceAccountName: _fullnameOverride
72 }
73 }
74 "ingress-nginx": {
75 chart: charts["ingress-nginx"]
76 dependsOn: [{
77 name: "access-secrets"
78 namespace: release.namespace
79 }]
80 values: {
81 fullnameOverride: _fullnameOverride
82 controller: {
83 service: enabled: false
84 ingressClassByName: true
85 ingressClassResource: {
86 name: input.cluster.ingressClassName
87 enabled: true
88 default: false
89 controllerValue: "k8s.io/\(input.cluster.name)"
90 }
91 config: {
92 "proxy-body-size": "200M" // TODO(giolekva): configurable
93 "force-ssl-redirect": "true"
94 "server-snippet": """
95 more_clear_headers "X-Frame-Options";
96 """
97 }
98 admissionWebhooks: {
99 enabled: false
100 }
101 image: {
102 registry: images["ingress-nginx"].registry
103 image: images["ingress-nginx"].imageName
104 tag: images["ingress-nginx"].tag
105 pullPolicy: images["ingress-nginx"].pullPolicy
106 }
107 extraContainers: [{
108 name: "proxy"
109 image: images["tailscale-proxy"].fullNameWithTag
110 env: [{
111 name: "TS_AUTHKEY"
112 value: input.vpnAuthKey
113 }, {
114 name: "TS_HOSTNAME"
115 value: input.vpnProxyHostname
116 }, {
117 name: "TS_EXTRA_ARGS"
118 value: "--login-server=https://headscale.\(global.domain)"
119 }]
120 }]
121 }
122 }
123 }
124 // "port-allocator": {
125 // chart: charts.portAllocator
126 // values: {
127 // repoAddr: release.repoAddr
128 // sshPrivateKey: base64.Encode(null, input.sshPrivateKey)
129 // ingressNginxPath: "\(release.appDir)/resources/ingress-nginx.yaml"
130 // image: {
131 // repository: images.portAllocator.fullName
132 // tag: images.portAllocator.tag
133 // pullPolicy: images.portAllocator.pullPolicy
134 // }
135 // }
136 // }
137 }
138}