platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

fix(hs): Persist config

Browse Source
This commit is contained in:
Moritz Jörg
2025-10-12 18:11:15 +02:00
parent 4e4dd03dd4
commit 71acc5f5f4
1 changed files with 58 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
values/headscale/values/values.yaml
+58 -29
View File
@@ -103,7 +103,6 @@ configMaps:
"Moritz.Jorg@oceanbox.io", "Moritz.Jorg@oceanbox.io",
"simen.kirkvik@oceanbox.io", "simen.kirkvik@oceanbox.io",
"stig.r.jensen@oceanbox.io", "stig.r.jensen@oceanbox.io",
"tos-system",
], ],
"group:devops": [ "group:devops": [
"jonas.juselius@oceanbox.io", "jonas.juselius@oceanbox.io",
@@ -133,6 +132,9 @@ configMaps:
"tagOwners": { "tagOwners": {
"tag:k8s": [ "group:admin" ], "tag:k8s": [ "group:admin" ],
"tag:hpc": [ "group:admin" ], "tag:hpc": [ "group:admin" ],
"tag:tos-relay": [ "group:admin" ],
"tag:vtn-relay": [ "group:admin" ],
"tag:mumindalen": [ "group:admin" ],
}, },
// hosts should be defined using its IP addresses and a subnet mask. // hosts should be defined using its IP addresses and a subnet mask.
// to define a single host, use a /32 mask. You cannot use DNS entries here, // to define a single host, use a /32 mask. You cannot use DNS entries here,
@@ -160,35 +162,33 @@ configMaps:
{ {
"action": "accept", "action": "accept",
"src": [ "src": [
"group:admin", "group:admin",
"group:devops", "group:devops",
"group:oceanographer", "group:oceanographer",
"group:manager", "group:manager",
"group:dev", "group:dev",
], ],
"dst": [ "dst": [
"100.64.0.0/24:0", "100.64.0.0/10:0",
"100.64.0.0/24:22", "100.64.0.0/10:22",
] ]
}, },
{ {
"action": "accept", "action": "accept",
"src": [ "ekman", "net.dc.tos" ], "src": [ "tag:tos-relay", "net.dc.tos" ],
"dst": [ "dst": [
"100.64.0.24/32:*", "tag:vtn-relay:0",
"100.64.0.10/32:*", "tag:vtn-relay:*",
"100.64.0.20/32:*", "net.dc.vtn:*",
"net.dc.vtn:*",
] ]
}, },
{ {
"action": "accept", "action": "accept",
"src": [ "vtn-system", "rossby", "net.dc.vtn" ], "src": [ "tag:vtn-relay", "net.dc.vtn" ],
"dst": [ "dst": [
"100.64.0.36/32:*", "tag:tos-relay:0",
"100.64.0.12/32:*", "tag:tos-relay:*",
"100.64.0.14/32:*", "net.dc.tos:*",
"net.dc.tos:*",
] ]
}, },
{ {
@@ -214,11 +214,11 @@ configMaps:
{ {
"action": "accept", "action": "accept",
"src": [ "src": [
"group:admin", "group:admin",
"group:devops", "group:devops",
"group:oceanographer", "group:oceanographer",
"group:manager", "group:manager",
"group:dev", "group:dev",
], ],
"dst": [ "dst": [
"ingress.oceanbox.tos:443", "ingress.oceanbox.tos:443",
@@ -231,14 +231,43 @@ configMaps:
{ {
"action": "accept", "action": "accept",
"src": [ "src": [
"group:admin", "tag:mumindalen",
"group:devops", "group:admin",
"group:oceanographer",
"group:manager",
"group:dev",
], ],
"dst": [ "dst": [
"100.64.0.0/24:*", "100.64.0.0/10:*",
]
},
{
"action": "accept",
"src": [
"group:admin",
"group:devops",
"group:oceanographer",
"group:manager",
"group:dev",
],
"dst": [
"tag:hpc:*",
"tag:mumindalen:*",
"tag:tos-relay:*",
"autogroup:internet:*",
]
},
{
"action": "accept",
"src": [
"group:admin",
"group:devops",
"group:oceanographer",
"group:manager",
"group:dev",
],
"dst": [
"tag:hpc:*",
"tag:tos-relay:*",
"100.64.0.2/32:0",
"100.64.0.0/10:*",
"autogroup:internet:*", "autogroup:internet:*",
] ]
}, },