Skip to content

brainfood / k8s-helmfiles

Go to a project
Toggle navigation
Toggle navigation pinning
Switch branch/tag
helmfile.yaml 3.17 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 
bases:
  - ../common/environments.yaml

---

repositories:
  - name: istio
    url: https://istio-release.storage.googleapis.com/charts
  - name: bedag
    url: https://bedag.github.io/helm-charts/

releases:
  - name: istio-gateway-{{ .Values.name }}
    namespace: istio-ingress
    chart: bedag/raw
    version: {{ $.Values.version.raw }}
    disableValidationOnInstall: true
    dependencies:
      - chart: istio/gateway
        alias: gateway
        version: {{ $.Values.version.istio }}
    values:
      - gateway:
          namespace: istio-ingress
          name: {{ .Values.name }}
        resources:
          - apiVersion: v1
            kind: ConfigMap
            metadata:
              name: istio-gateway-foo-{{ .Values.name }}
            data:
              foo: "bar"
    {{- range $gateway_index, $gateway := .Values.gateways }}
          - apiVersion: networking.istio.io/v1beta1
            kind: Gateway
            metadata:
              name: istio-gateway-{{ $gateway.name }}
            spec:
              selector:
                app: istio-gateway-{{ $.Values.name }}
                istio: gateway-{{ $.Values.name }}
              servers:
      {{- range $host_index, $host := $gateway.hosts }}
                - port:
                    name: http-{{ $host.name }}
                    number: 80
                    protocol: HTTP
                  hosts:
                    - {{ $host.name | quote }}
        {{- if hasKey $host "tls" }}
                - port:
                    name: https-{{ $host.name }}
                    number: 443
                    protocol: HTTPS
                  hosts:
                    - {{ $host.name | quote }}
                  tls:
                    # TODO: Switch certs based on wildcard or not
          {{- if hasKey $host.tls "certRef" }}
                    credentialName: {{ $host.tls.certRef | quote }}
          {{- else if hasPrefix "*." $host.name }}
                    credentialName: istio-gateway-wildcardcert-{{ $host.name | replace "*." "" }}
          {{- else }}
                    credentialName: istio-gateway-cert-{{ $host.name }}
          {{- end }}
                    mode: {{ $host.tls.mode | quote }}
        {{- end }}
      {{- end }}
      {{- range $host_index, $host := $gateway.hosts }}
        {{- if hasKey $host "tls" }}
          {{- if not (hasKey $host.tls "certRef") }}
          - apiVersion: cert-manager.io/v1
            kind: Certificate
            metadata:
              namespace: istio-ingress
            {{- if hasPrefix "*." $host.name }}
              name: istio-gateway-wildcardcert-{{ $host.name | replace "*." "" }}
            {{- else }}
              name: istio-gateway-cert-{{ $host.name }}
            {{- end }}
            spec:
            {{- if hasPrefix "*." $host.name }}
              secretName: istio-gateway-wildcardcert-{{ $host.name | replace "*i." "" }}
            {{- else }}
              secretName: istio-gateway-cert-{{ $host.name }}
            {{- end }}
              dnsNames:
                - {{ $host.name | quote }}
              issuerRef: {{ $host.tls.issuerRef | toYaml | nindent 18 }}
          {{- end }}
        {{- end }}
      {{- end }}
    {{- end }}
---