helmfile.yaml 4.22 KB

Raw Blame History Permalink

bases:
  - ../common/environments.yaml


---

releases:
  - name: {{ .Values.name }}-gateway
    chart: charts/gateway
    namespace: {{ .Values.namespace }}
    values:
      - namePrefix: "{{ .Values.name }}-"

    jsonPatches:
      - target:
          version: v1
          group: cert-manager.io
          kind: Certificate
          namespace: {{ .Values.namespace }}
          name: {{ .Values.name }}-exact-cert
        patch:
          - op: replace
            path: /spec/dnsNames
            value:
              - {{ .Values.base.domain }}
      - target:
          version: v1
          group: cert-manager.io
          kind: Certificate
          namespace: {{ .Values.namespace }}
          name: {{ .Values.name }}-subs-cert
        patch:
          - op: replace
            path: /spec/dnsNames
            value: {{ .Values.sub.domains | toYaml | nindent 14 }}
      - target:
          version: v1beta1
          group: gateway.networking.k8s.io
          kind: Gateway
          namespace: {{ .Values.namespace }}
          name: {{ .Values.name }}-gateway-http
        patch:
          - op: replace
            path: /spec/gatewayClassName
            value: {{ .Values.gatewayClassName }}
      - target:
          version: v1beta1
          group: gateway.networking.k8s.io
          kind: Gateway
          namespace: {{ .Values.namespace }}
          name: {{ .Values.name }}-gateway-https
        patch:
          - op: replace
            path: /spec/gatewayClassName
            value: {{ .Values.gatewayClassName }}
          - op: replace
            path: /spec/listeners/0/hostname
            value: {{ .Values.base.domain }}
          - op: replace
            path: /spec/listeners/0/tls/certificateRefs/0/name
            value: {{ .Values.name }}-exact-cert
          - op: replace
            path: /spec/listeners/1/hostname
            value: "*.{{ .Values.base.domain }}"
          - op: replace
            path: /spec/listeners/1/tls/certificateRefs/0/name
            value: {{ .Values.name }}-subs-cert
      - target:
          version: v1
          group: cert-manager.io
          kind: Issuer
          namespace: {{ .Values.namespace }}
          name: {{ .Values.name }}-letsencrypt-staging
        patch:
          - op: replace
            path: /spec/acme/solvers/0/http01/gatewayHTTPRoute/parentRefs/0/name
            value: {{ .Values.name }}-gateway
      - target:
          version: v1
          group: cert-manager.io
          kind: Issuer
          namespace: {{ .Values.namespace }}
          name: {{ .Values.name }}-letsencrypt-production
        patch:
          - op: replace
            path: /spec/acme/solvers/0/http01/gatewayHTTPRoute/parentRefs/0/name
            value: {{ .Values.name }}-gateway
    strategicMergePatches:
      - apiVersion: cert-manager.io/v1
        kind: Certificate
        metadata:
          namespace: {{ .Values.namespace }}
          name: {{ .Values.name }}-exact-cert
        spec:
          issuerRef:
            name: {{ .Values.name }}-{{ .Values.base.issuerRef }}
          secretName: {{ .Values.name }}-exact-cert
          secretTemplate: {{ .Values.base.secretTemplate | toYaml | nindent 12 }}
      - apiVersion: cert-manager.io/v1
        kind: Certificate
        metadata:
          namespace: {{ .Values.namespace }}
          name: {{ .Values.name }}-subs-cert
        spec:
          issuerRef:
            name: {{ .Values.name }}-{{ .Values.base.issuerRef }}
          secretName: {{ .Values.name }}-subs-cert
          secretTemplate: {{ .Values.sub.secretTemplate | toYaml | nindent 12 }}
      - apiVersion: cert-manager.io/v1
        kind: Issuer
        metadata:
          namespace: {{ .Values.namespace }}
          name: {{ .Values.name }}-letsencrypt-staging
        spec:
          acme:
            email: {{ .Values.letsEncrypt.email }}
            privateKeySecretRef:
              name: {{ .Values.name }}-letsencrypt-account
      - apiVersion: cert-manager.io/v1
        kind: Issuer
        metadata:
          namespace: {{ .Values.namespace }}
          name: {{ .Values.name }}-letsencrypt-production
        spec:
          acme:
            email: {{ .Values.letsEncrypt.email }}
            privateKeySecretRef:
              name: {{ .Values.name }}-letsencrypt-account