From ffafbfee6364864f68384555eec900176470403a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Sat, 15 Nov 2025 18:59:15 +0100 Subject: [PATCH 1/8] fix(atlantis): Allow Atlantis to 6379 TCP --- .../atlantis/manifests/network/allow-world.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 values/atlantis/manifests/network/allow-world.yaml diff --git a/values/atlantis/manifests/network/allow-world.yaml b/values/atlantis/manifests/network/allow-world.yaml new file mode 100644 index 00000000..ffe06b66 --- /dev/null +++ b/values/atlantis/manifests/network/allow-world.yaml @@ -0,0 +1,16 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-world + namespace: {{ .Release.Namespace }} +spec: + egress: + - toPorts: + - ports: + - port: "6379" + protocol: TCP + endpointSelector: + matchLabels: + app.kubernetes.io/name: atlantis +{{- end }} From 7f64be3af9d97186a06821788b459d617cace346 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Sun, 16 Nov 2025 09:26:42 +0100 Subject: [PATCH 2/8] fix: enable hostnetwork on hel1 ingress --- values/env-hel1.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/values/env-hel1.yaml b/values/env-hel1.yaml index 5ba5c2d1..d50e0217 100644 --- a/values/env-hel1.yaml +++ b/values/env-hel1.yaml @@ -11,6 +11,7 @@ clusterConfig: cluster: "hel1" ingress_nodes: ["controlplane-1, controlplane-2, controlplane-3"] ingress_replica_count: 3 + ingress_hostnetwork: true fileserver: "10.0.1.1" s3: hosts: [] From 96830f07a841d819bf42b9165cd91a5145fefb46 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Sun, 16 Nov 2025 09:33:37 +0100 Subject: [PATCH 3/8] fix: update ingress worker procs to 8 (for hel1) --- values/ingress-nginx/values/ingress-nginx.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl b/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl index 5a856989..cd39bf6a 100644 --- a/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl +++ b/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl @@ -15,7 +15,7 @@ controller: {{if .Values.clusterConfig.ingress_hostnetwork }} config: - worker-processes: 32 + worker-processes: 8 {{end }} ingressClassResource: From 19d1b00ce194ed7ab9a595cef39d006d86576541 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Sun, 16 Nov 2025 12:00:55 +0100 Subject: [PATCH 4/8] fix: fix loadbalancer annotations for hel1 ingress --- values/env-hel1.yaml | 1 - values/ingress-nginx/env-hel1.yaml.gotmpl | 16 ++++++++++++++++ .../values/ingress-nginx.yaml.gotmpl | 4 ++++ 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 values/ingress-nginx/env-hel1.yaml.gotmpl diff --git a/values/env-hel1.yaml b/values/env-hel1.yaml index d50e0217..5ba5c2d1 100644 --- a/values/env-hel1.yaml +++ b/values/env-hel1.yaml @@ -11,7 +11,6 @@ clusterConfig: cluster: "hel1" ingress_nodes: ["controlplane-1, controlplane-2, controlplane-3"] ingress_replica_count: 3 - ingress_hostnetwork: true fileserver: "10.0.1.1" s3: hosts: [] diff --git a/values/ingress-nginx/env-hel1.yaml.gotmpl b/values/ingress-nginx/env-hel1.yaml.gotmpl new file mode 100644 index 00000000..7c994ae8 --- /dev/null +++ b/values/ingress-nginx/env-hel1.yaml.gotmpl @@ -0,0 +1,16 @@ +nginx: + enabled: true + autosync: true + pdb: + minAvailable: 1 + resources: + controller: + cpu: "100m" + memory: "100Mi" + annotations: + load-balancer.hetzner.cloud/http-redirect-http: "true" + load-balancer.hetzner.cloud/location: hel1 + load-balancer.hetzner.cloud/name: load-balancer-1 + load-balancer.hetzner.cloud/type: lb11 + load-balancer.hetzner.cloud/use-private-ip: "true" + diff --git a/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl b/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl index cd39bf6a..0c00547d 100644 --- a/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl +++ b/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl @@ -71,6 +71,10 @@ controller: {{- else }} type: ClusterIP {{- end }} + annotations: + {{- with .Values.nginx.annotations }} + {{ toYaml . | nindent 8 }} + {{- end }} hostNetwork: {{ .Values.clusterConfig.ingress_hostnetwork }} From 9e71b4dd1d5dfe1b9e8a6efefd29876b4d4f26f6 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Sun, 16 Nov 2025 13:12:04 +0100 Subject: [PATCH 5/8] fix: fix ingress nodeport and loadbalancer --- values/env-hel1.yaml | 2 ++ values/env.yaml | 1 + values/ingress-nginx/values/ingress-nginx.yaml.gotmpl | 9 ++++++++- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/values/env-hel1.yaml b/values/env-hel1.yaml index 5ba5c2d1..b3e7976b 100644 --- a/values/env-hel1.yaml +++ b/values/env-hel1.yaml @@ -11,6 +11,8 @@ clusterConfig: cluster: "hel1" ingress_nodes: ["controlplane-1, controlplane-2, controlplane-3"] ingress_replica_count: 3 + ingress_loadbalancer: true + ingress_nodeport: true fileserver: "10.0.1.1" s3: hosts: [] diff --git a/values/env.yaml b/values/env.yaml index 450980ba..cdfebb2c 100644 --- a/values/env.yaml +++ b/values/env.yaml @@ -23,6 +23,7 @@ clusterConfig: ingress_hostnetwork: false ingress_hostport: false ingress_nodeport: true + ingress_loadbalancer: false acme: email: "acme@oceanbox.io" dns01: "namecheap-apikey" diff --git a/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl b/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl index 0c00547d..fad91a69 100644 --- a/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl +++ b/values/ingress-nginx/values/ingress-nginx.yaml.gotmpl @@ -60,7 +60,14 @@ controller: minAvailable: {{ .Values.nginx.pdb.minAvailable }} service: - {{- if .Values.clusterConfig.ingress_nodeport }} + {{- if .Values.clusterConfig.ingress_loadbalancer }} + type: LoadBalancer + {{- if .Values.clusterConfig.ingress_nodeport }} + nodePorts: + http: 30080 + https: 30443 + {{- end }} + {{- else if .Values.clusterConfig.ingress_nodeport }} type: NodePort externalTrafficPolicy: Local nodePorts: From 6bdf30d7900d66a9766cf9069ed6af6b6d465ee7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Sun, 16 Nov 2025 15:38:15 +0100 Subject: [PATCH 6/8] fix(headscale): Persist router CM --- values/headscale-router/values/values.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/values/headscale-router/values/values.yaml b/values/headscale-router/values/values.yaml index 065620b4..96b20052 100644 --- a/values/headscale-router/values/values.yaml +++ b/values/headscale-router/values/values.yaml @@ -109,6 +109,7 @@ configMaps: "tag:hpc": [ "group:admin" ], "tag:tos-router": [ "group:admin" ], "tag:vtn-router": [ "group:admin" ], + // "tag:hel1-router": [ "group:admin" ], "tag:mumindalen": [ "group:admin" ], "tag:ekman": [ "group:admin" ], "tag:rossby": [ "group:admin" ], @@ -124,6 +125,7 @@ configMaps: "mgmt.tos.net": "10.255.240.0/24", "dc.vtn.net": "172.16.239.0/24", "mgmt.vtn.net": "172.16.238.0/24", + // "dc.hel1.net": "10.0.1.0/24", }, "acls": [ { @@ -136,6 +138,8 @@ configMaps: "dst": [ "tag:vtn-router:*", "dc.vtn.net:*", + // "tag:hel1-router:*", + // "dc.hel1.net:*", "*:*", ] }, @@ -149,9 +153,26 @@ configMaps: "dst": [ "tag:tos-router:*", "dc.tos.net:*", + // "tag:hel1-router:*", + // "dc.hel1.net:*", "*:*", ] }, + // { + // "action": "accept", + // "src": [ + // "tag:hel1-router", + // "dc.hel1.net", + // "group:admin", + // ], + // "dst": [ + // "tag:tos-router:*", + // "tag:vtn-router:*", + // "dc.tos.net:*", + // "dc.vtn.net:*", + // "*:*", + // ] + // }, { "action": "accept", "src": [ "group:admin", ], From a0709d6603eb3ba250798bbaf47622e060919388 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Sun, 16 Nov 2025 15:52:28 +0100 Subject: [PATCH 7/8] fix(headscale): Persist CM --- values/headscale/values/values.yaml | 54 ++++++++++++++--------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/values/headscale/values/values.yaml b/values/headscale/values/values.yaml index ce2e521b..62282d60 100644 --- a/values/headscale/values/values.yaml +++ b/values/headscale/values/values.yaml @@ -161,26 +161,26 @@ configMaps: { "action": "accept", "src": [ - "group:admin", - "tag:mumindalen", + "group:admin", + "tag:mumindalen", ], "dst": [ - "tag:hpc:*", - "tag:hel1:*", - "tag:mumindalen:*", - "dc.tos.net:*", - "mgmt.tos.net:*", - "office.tos.net:*", - "dc.vtn.net:*", - "mgmt.vtn.net:*", - "dc.hel1.net:*", - "100.64.0.0/10:*", + "tag:hpc:*", + "tag:hel1:*", + "tag:mumindalen:*", + "dc.tos.net:*", + "mgmt.tos.net:*", + "office.tos.net:*", + "dc.vtn.net:*", + "mgmt.vtn.net:*", + "dc.hel1.net:*", + "100.64.0.0/10:*", ] }, { "action": "accept", "src": [ - "tag:hpc", + "tag:hpc", ], "dst": [ "tag:hpc:22", @@ -192,27 +192,27 @@ configMaps: "action": "accept", "src": [ "group:devops" ], "dst": [ - "k8s.oceanbox.tos:6443", - "k8s.ekman.tos:6443", - "tag:hpc:*", - "tag:hel1:*", - "tag:mumindalen:*", - "dc.tos.net:*", - "dc.hel1.net:*", + "k8s.oceanbox.tos:6443", + "k8s.ekman.tos:6443", + "tag:hpc:*", + "tag:hel1:*", + "tag:mumindalen:*", + "dc.tos.net:*", + "dc.hel1.net:*", ] }, { "action": "accept", "src": [ - "group:oceanographer", - "group:manager", - "group:marketing", + "group:oceanographer", + "group:manager", + "group:marketing", ], "dst": [ - "tag:mumindalen:0", - "tag:hpc:22,80,443", - "dc.tos.net:22,80,443", - "dc.hel1.net:443", + "tag:mumindalen:0", + "tag:hpc:22,80,443", + "dc.tos.net:22,80,443", + "dc.hel1.net:443", ] }, { From b4c2a34a418288de025a7390c391902b55bd20db Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Mon, 17 Nov 2025 07:52:38 +0000 Subject: [PATCH 8/8] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index cab6c363..0077d896 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "14bd6a54-debug" + tag: "9ea103aa-debug" env: - name: APP_VERSION value: "0.0.0-staging"