platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of gitlab.com:oceanbox/manifests

Browse Source
This commit is contained in:
Jonas Juselius
2025-11-17 10:06:46 +01:00
parent 6f8f3b8264 b4c2a34a41
commit 4a250608c8
8 changed files with 97 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
values/atlantis/manifests/network/allow-world.yaml
+16
View File
@@ -0,0 +1,16 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-world
namespace: {{ .Release.Namespace }}
spec:
egress:
- toPorts:
- ports:
- port: "6379"
protocol: TCP
endpointSelector:
matchLabels:
app.kubernetes.io/name: atlantis
{{- end }}
values/env-hel1.yaml
+2
View File
@@ -11,6 +11,8 @@ clusterConfig:
cluster: "hel1"
ingress_nodes: ["controlplane-1, controlplane-2, controlplane-3"]
ingress_replica_count: 3
ingress_loadbalancer: true
ingress_nodeport: true
fileserver: "10.0.1.1"
s3:
hosts: []
values/env.yaml
+1
View File
@@ -23,6 +23,7 @@ clusterConfig:
ingress_hostnetwork: false
ingress_hostport: false
ingress_nodeport: true
ingress_loadbalancer: false
acme:
email: "acme@oceanbox.io"
dns01: "namecheap-apikey"
values/headscale-router/values/values.yaml
+21
View File
@@ -109,6 +109,7 @@ configMaps:
"tag:hpc": [ "group:admin" ],
"tag:tos-router": [ "group:admin" ],
"tag:vtn-router": [ "group:admin" ],
// "tag:hel1-router": [ "group:admin" ],
"tag:mumindalen": [ "group:admin" ],
"tag:ekman": [ "group:admin" ],
"tag:rossby": [ "group:admin" ],
@@ -124,6 +125,7 @@ configMaps:
"mgmt.tos.net": "10.255.240.0/24",
"dc.vtn.net": "172.16.239.0/24",
"mgmt.vtn.net": "172.16.238.0/24",
// "dc.hel1.net": "10.0.1.0/24",
},
"acls": [
{
@@ -136,6 +138,8 @@ configMaps:
"dst": [
"tag:vtn-router:*",
"dc.vtn.net:*",
// "tag:hel1-router:*",
// "dc.hel1.net:*",
"*:*",
]
},
@@ -149,9 +153,26 @@ configMaps:
"dst": [
"tag:tos-router:*",
"dc.tos.net:*",
// "tag:hel1-router:*",
// "dc.hel1.net:*",
"*:*",
]
},
// {
// "action": "accept",
// "src": [
// "tag:hel1-router",
// "dc.hel1.net",
// "group:admin",
// ],
// "dst": [
// "tag:tos-router:*",
// "tag:vtn-router:*",
// "dc.tos.net:*",
// "dc.vtn.net:*",
// "*:*",
// ]
// },
{
"action": "accept",
"src": [ "group:admin", ],
values/headscale/values/values.yaml
+27 -27
View File
@@ -161,26 +161,26 @@ configMaps:
{
"action": "accept",
"src": [
"group:admin",
"tag:mumindalen",
"group:admin",
"tag:mumindalen",
],
"dst": [
"tag:hpc:*",
"tag:hel1:*",
"tag:mumindalen:*",
"dc.tos.net:*",
"mgmt.tos.net:*",
"office.tos.net:*",
"dc.vtn.net:*",
"mgmt.vtn.net:*",
"dc.hel1.net:*",
"100.64.0.0/10:*",
"tag:hpc:*",
"tag:hel1:*",
"tag:mumindalen:*",
"dc.tos.net:*",
"mgmt.tos.net:*",
"office.tos.net:*",
"dc.vtn.net:*",
"mgmt.vtn.net:*",
"dc.hel1.net:*",
"100.64.0.0/10:*",
]
},
{
"action": "accept",
"src": [
"tag:hpc",
"tag:hpc",
],
"dst": [
"tag:hpc:22",
@@ -192,27 +192,27 @@ configMaps:
"action": "accept",
"src": [ "group:devops" ],
"dst": [
"k8s.oceanbox.tos:6443",
"k8s.ekman.tos:6443",
"tag:hpc:*",
"tag:hel1:*",
"tag:mumindalen:*",
"dc.tos.net:*",
"dc.hel1.net:*",
"k8s.oceanbox.tos:6443",
"k8s.ekman.tos:6443",
"tag:hpc:*",
"tag:hel1:*",
"tag:mumindalen:*",
"dc.tos.net:*",
"dc.hel1.net:*",
]
},
{
"action": "accept",
"src": [
"group:oceanographer",
"group:manager",
"group:marketing",
"group:oceanographer",
"group:manager",
"group:marketing",
],
"dst": [
"tag:mumindalen:0",
"tag:hpc:22,80,443",
"dc.tos.net:22,80,443",
"dc.hel1.net:443",
"tag:mumindalen:0",
"tag:hpc:22,80,443",
"dc.tos.net:22,80,443",
"dc.hel1.net:443",
]
},
{
values/ingress-nginx/env-hel1.yaml.gotmpl
+16
View File
@@ -0,0 +1,16 @@
nginx:
enabled: true
autosync: true
pdb:
minAvailable: 1
resources:
controller:
cpu: "100m"
memory: "100Mi"
annotations:
load-balancer.hetzner.cloud/http-redirect-http: "true"
load-balancer.hetzner.cloud/location: hel1
load-balancer.hetzner.cloud/name: load-balancer-1
load-balancer.hetzner.cloud/type: lb11
load-balancer.hetzner.cloud/use-private-ip: "true"
values/ingress-nginx/values/ingress-nginx.yaml.gotmpl
+13 -2
View File
@@ -15,7 +15,7 @@ controller:
{{if .Values.clusterConfig.ingress_hostnetwork }}
config:
worker-processes: 32
worker-processes: 8
{{end }}
ingressClassResource:
@@ -60,7 +60,14 @@ controller:
minAvailable: {{ .Values.nginx.pdb.minAvailable }}
service:
{{- if .Values.clusterConfig.ingress_nodeport }}
{{- if .Values.clusterConfig.ingress_loadbalancer }}
type: LoadBalancer
{{- if .Values.clusterConfig.ingress_nodeport }}
nodePorts:
http: 30080
https: 30443
{{- end }}
{{- else if .Values.clusterConfig.ingress_nodeport }}
type: NodePort
externalTrafficPolicy: Local
nodePorts:
@@ -71,6 +78,10 @@ controller:
{{- else }}
type: ClusterIP
{{- end }}
annotations:
{{- with .Values.nginx.annotations }}
{{ toYaml . | nindent 8 }}
{{- end }}
hostNetwork: {{ .Values.clusterConfig.ingress_hostnetwork }}
values/makai/values/values-staging.yaml
+1 -1
View File
@@ -1,6 +1,6 @@
replicaCount: 1
image:
tag: "14bd6a54-debug"
tag: "9ea103aa-debug"
env:
- name: APP_VERSION
value: "0.0.0-staging"