mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-11 08:54:21 -05:00
473001be55
* vpn: ship our own container image The container image used in the VPN chart should be reproducible and stable. We're sticking close to the original nixery.dev version by building the image with nix ourselves, and then publishing the single layer from the result with Bazel OCI rules. The resulting image should be handled similar to s3proxy: it's built as a part of the Constellation release process and then consumed from a Helm chart in our registry. Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
19 lines
548 B
YAML
19 lines
548 B
YAML
|
|
# Constellation Pod IP range to expose via VPN. The default is for GCP.
|
|
podCIDR: "10.10.0.0/16"
|
|
|
|
# Constellation Service IPs to expose via VPN. The default is for GCP.
|
|
serviceCIDR: "10.96.0.0/12"
|
|
|
|
# on-prem IP ranges to expose to Constellation. Must contain at least one CIDR.
|
|
peerCIDRs: []
|
|
|
|
# IPSec configuration
|
|
ipsec:
|
|
# pre-shared key used for authentication
|
|
psk: ""
|
|
# Address of the peer's gateway router.
|
|
peer: ""
|
|
|
|
image: "ghcr.io/edgelesssys/constellation/vpn@sha256:34e28ced172d04dfdadaadbefb1a53b5857cb24fb24e275fbbc537f3639a789e"
|