correction for ACL values for autoapprove (#68)

* correction for ACL values for autoapprove also put more flexibility for the name and httpbin as optional for testing * update to true for httpbin
controlplane-com · Dec 23, 2024 · f93c576 · f93c576
1 parent bd0f93d
commit f93c576
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 6 deletions.
diff --git a/examples/tailscale/README.md b/examples/tailscale/README.md
@@ -34,12 +34,18 @@ Any workload that allows access from this tailscale workload will be able to be
          "192.168.0.0/16": ["autogroup:member"],
          "240.240.0.0/16": ["autogroup:member"],
          "10.0.0.0/16": ["autogroup:member"],
-         // aws
+
+         // AWS DNS servers
          "172.20.0.10/32": ["autogroup:member"],
-         // azure
-         "10.1.0.10/32": ["autogroup:member"],
-         // gcp-us-east1
-         "10.194.112.10/32": ["autogroup:member"]
+
+         // GCP DNS servers
+         "10.67.224.10/32": ["autogroup:member"],
+         "10.194.112.10/32": ["autogroup:member"],
+         "10.228.48.10/32": ["autogroup:member"],
+         "10.110.48.10/32": ["autogroup:member"],
+
+         // Azure DNS servers
+         "10.1.0.10/32": ["autogroup:member"]
        }
      }
    }

diff --git a/examples/tailscale/templates/cpln.yaml b/examples/tailscale/templates/cpln.yaml
@@ -43,13 +43,15 @@ spec:
         - name: TS_AUTHKEY
           value: cpln://secret/{{ .Values.tailscale.name }}.authkey
         - name: TS_HOSTNAME
-          value: cpln-test
+          value: "{{ .Values.tailscale.machineName }}"
         - name: TS_KUBE_SECRET
           value: ''
         - name: TS_ROUTES
           value: '192.168.0.0/16,240.240.0.0/16,{{ index .Values.locationDNS .Values.cpln.location }}/32'
         - name: TS_USERSPACE
           value: 'true'
+
+{{- if .Values.httpbin.enabled }}
 ---
 kind: workload
 name: httpbin
@@ -78,6 +80,7 @@ spec:
       # allow access from tailscale internally
       inboundAllowWorkload:
         - //gvc/{{ .Values.cpln.gvc }}/workload/{{ .Values.tailscale.name }}
+{{- end }}
 
 ---
 kind: identity

diff --git a/examples/tailscale/values.yaml b/examples/tailscale/values.yaml
@@ -12,6 +12,7 @@ nameOverride: tailscale
 
 tailscale:
   name: tailscale
+  machineName: cpln-nonprod
 
 resources:
   cpu: 500m
@@ -31,3 +32,7 @@ locationDNS:
   gcp-me-west1: 10.110.48.10
   azure-centralus: 10.1.0.10
   azure-eastus2: 10.1.0.10
+
+# do you want to enable httpbin for testing?
+httpbin:
+  enabled: true