Merge branch 'main' of gitlab.com:oceanbox/manifests

values/atlantis/manifests/network/allow-world.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-world
+  namespace: {{ .Release.Namespace }}
+spec:
+  egress:
+    - toPorts:
+      - ports:
+        - port: "6379"
+          protocol: TCP
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/name: atlantis
+{{- end }}

values/env-hel1.yaml

@@ -11,6 +11,8 @@ clusterConfig:
   cluster: "hel1"
   ingress_nodes: ["controlplane-1, controlplane-2, controlplane-3"]
   ingress_replica_count: 3
+  ingress_loadbalancer: true
+  ingress_nodeport: true
   fileserver: "10.0.1.1"
   s3:
     hosts: []

values/env.yaml

@@ -23,6 +23,7 @@ clusterConfig:
   ingress_hostnetwork: false
   ingress_hostport: false
   ingress_nodeport: true
+  ingress_loadbalancer: false
   acme:
     email: "acme@oceanbox.io"
     dns01: "namecheap-apikey"

values/headscale-router/values/values.yaml

@@ -109,6 +109,7 @@ configMaps:
             "tag:hpc": [ "group:admin" ],
             "tag:tos-router": [ "group:admin" ],
             "tag:vtn-router": [ "group:admin" ],
+            // "tag:hel1-router": [ "group:admin" ],
             "tag:mumindalen": [ "group:admin" ],
             "tag:ekman": [ "group:admin" ],
             "tag:rossby": [ "group:admin" ],
@@ -124,6 +125,7 @@ configMaps:
             "mgmt.tos.net": "10.255.240.0/24",
             "dc.vtn.net": "172.16.239.0/24",
             "mgmt.vtn.net": "172.16.238.0/24",
+            // "dc.hel1.net": "10.0.1.0/24",
           },
           "acls": [
               {
@@ -136,6 +138,8 @@ configMaps:
                 "dst": [
                    "tag:vtn-router:*",
                    "dc.vtn.net:*",
+                   // "tag:hel1-router:*",
+                   // "dc.hel1.net:*",
                    "*:*",
                 ]
               },
@@ -149,9 +153,26 @@ configMaps:
                 "dst": [
                    "tag:tos-router:*",
                    "dc.tos.net:*",
+                   // "tag:hel1-router:*",
+                   // "dc.hel1.net:*",
                    "*:*",
                 ]
               },
+              // {
+              //   "action": "accept",
+              //   "src": [
+              //     "tag:hel1-router",
+              //     "dc.hel1.net",
+              //     "group:admin",
+              //   ],
+              //   "dst": [
+              //      "tag:tos-router:*",
+              //      "tag:vtn-router:*",
+              //      "dc.tos.net:*",
+              //      "dc.vtn.net:*",
+              //      "*:*",
+              //   ]
+              // },
               {
                 "action": "accept",
                 "src": [ "group:admin", ],

values/headscale/values/values.yaml

@@ -161,26 +161,26 @@ configMaps:
             {
               "action": "accept",
               "src": [
-                "group:admin",
+                 "group:admin",
-                "tag:mumindalen",
+                 "tag:mumindalen",
               ],
               "dst": [
-                "tag:hpc:*",
+                 "tag:hpc:*",
-                "tag:hel1:*",
+                 "tag:hel1:*",
-                "tag:mumindalen:*",
+                 "tag:mumindalen:*",
-                "dc.tos.net:*",
+                 "dc.tos.net:*",
-                "mgmt.tos.net:*",
+                 "mgmt.tos.net:*",
-                "office.tos.net:*",
+                 "office.tos.net:*",
-                "dc.vtn.net:*",
+                 "dc.vtn.net:*",
-                "mgmt.vtn.net:*",
+                 "mgmt.vtn.net:*",
-                "dc.hel1.net:*",
+                 "dc.hel1.net:*",
-                "100.64.0.0/10:*",
+                 "100.64.0.0/10:*",
               ]
             },
             {
               "action": "accept",
               "src": [
-                "tag:hpc",
+                 "tag:hpc",
               ],
               "dst": [
                 "tag:hpc:22",
@@ -192,27 +192,27 @@ configMaps:
               "action": "accept",
               "src": [ "group:devops" ],
               "dst": [
-                "k8s.oceanbox.tos:6443",
+                 "k8s.oceanbox.tos:6443",
-                "k8s.ekman.tos:6443",
+                 "k8s.ekman.tos:6443",
-                "tag:hpc:*",
+                 "tag:hpc:*",
-                "tag:hel1:*",
+                 "tag:hel1:*",
-                "tag:mumindalen:*",
+                 "tag:mumindalen:*",
-                "dc.tos.net:*",
+                 "dc.tos.net:*",
-                "dc.hel1.net:*",
+                 "dc.hel1.net:*",
               ]
             },
             {
               "action": "accept",
               "src": [
-                "group:oceanographer",
+                 "group:oceanographer",
-                "group:manager",
+                 "group:manager",
-                "group:marketing",
+                 "group:marketing",
               ],
               "dst": [
-                "tag:mumindalen:0",
+                 "tag:mumindalen:0",
-                "tag:hpc:22,80,443",
+                 "tag:hpc:22,80,443",
-                "dc.tos.net:22,80,443",
+                 "dc.tos.net:22,80,443",
-                "dc.hel1.net:443",
+                 "dc.hel1.net:443",
               ]
             },
             {

values/ingress-nginx/env-hel1.yaml.gotmpl

@@ -0,0 +1,16 @@
+nginx:
+  enabled: true
+  autosync: true
+  pdb:
+    minAvailable: 1
+  resources:
+    controller:
+      cpu: "100m"
+      memory: "100Mi"
+  annotations:
+    load-balancer.hetzner.cloud/http-redirect-http: "true"
+    load-balancer.hetzner.cloud/location: hel1
+    load-balancer.hetzner.cloud/name: load-balancer-1
+    load-balancer.hetzner.cloud/type: lb11
+    load-balancer.hetzner.cloud/use-private-ip: "true"
+

values/ingress-nginx/values/ingress-nginx.yaml.gotmpl

@@ -15,7 +15,7 @@ controller:
 
   {{if .Values.clusterConfig.ingress_hostnetwork }}
   config:
-    worker-processes: 32
+    worker-processes: 8
   {{end }}
 
   ingressClassResource:
@@ -60,7 +60,14 @@ controller:
   minAvailable: {{ .Values.nginx.pdb.minAvailable }}
 
   service:
-  {{- if .Values.clusterConfig.ingress_nodeport }}
+  {{- if .Values.clusterConfig.ingress_loadbalancer }}
+    type: LoadBalancer
+    {{- if .Values.clusterConfig.ingress_nodeport }}
+    nodePorts:
+      http: 30080
+      https: 30443
+    {{- end }}
+  {{- else if .Values.clusterConfig.ingress_nodeport }}
     type: NodePort
     externalTrafficPolicy: Local
     nodePorts:
@@ -71,6 +78,10 @@ controller:
   {{- else }}
     type: ClusterIP
   {{- end }}
+    annotations:
+      {{- with .Values.nginx.annotations }}
+      {{ toYaml . | nindent 8 }}
+      {{- end }}
 
   hostNetwork: {{ .Values.clusterConfig.ingress_hostnetwork }}
 

values/makai/values/values-staging.yaml

@@ -1,6 +1,6 @@
 replicaCount: 1
 image:
-  tag: "14bd6a54-debug"
+  tag: "9ea103aa-debug"
 env:
   - name: APP_VERSION
     value: "0.0.0-staging"