helmfile.yaml 2.91 KB
environments:
  default:
    values:
      - clusterIssuer:
          jsonPatches: []
          strategicMergePatches: []
          caIssuer:
            secretName: root-ca
          letsencrypt:
            enabled: true
            email: name@example.com
            tls_key: replace-me
        root-ca:
          crt: null
          key: null
        version:
          raw: 1.1.0

repositories:
  - name: jetstack
    url: https://charts.jetstack.io
  - name: bedag
    url: https://bedag.github.io/helm-charts/

---
releases:
  - name: cert-manager
    chart: jetstack/cert-manager
    namespace: cert-manager
    dependencies:
      - chart: bedag/raw
        alias: root-ca
        version: {{ $.Values.version.raw }}
    values:
      - installCRDs: true
      - root-ca:
          resources:
            - apiVersion: v1
              kind: Secret
              metadata:
                name: root-ca
                namespace: cert-manager
              data:
                tls.crt: {{ .Values | get "root-ca.crt" }}
                tls.key: {{ .Values | get "root-ca.key" }}
                ca.crt: {{ .Values | get "root-ca.crt" }}
                ca.key: {{ .Values | get "root-ca.key" }}

  - name: cluster-issuer
    chart: charts/cluster-issuer
    disableValidationOnInstall: true
    needs:
      - cert-manager/cert-manager
    jsonPatches:
      {{- if not (empty (.Values.clusterIssuer.jsonPatches)) }}
      {{- .Values.clusterIssuer.jsonPatches | toYaml | indent 6 }}
      {{- end }}
    strategicMergePatches:
      - apiVersion: cert-manager.io/v1
        kind: ClusterIssuer
        metadata:
          name: ca-issuer
          namespace: cert-manager
        spec:
          ca:
            secretName: {{ .Values.clusterIssuer.caIssuer.secretName }}
      - apiVersion: v1
        kind: Secret
        metadata:
          namespace: cert-manager
          name: acme-account-key
      {{- if .Values.clusterIssuer.letsencrypt.enabled }}
        data:
          tls.key: {{ .Values.clusterIssuer.letsencrypt.tls_key }}
      {{- else }}
        $patch: delete
      {{- end }}
      - apiVersion: cert-manager.io/v1
        kind: ClusterIssuer
        metadata:
          namespace: cert-manager
          name: letsencrypt-staging
      {{- if .Values.clusterIssuer.letsencrypt.enabled }}
        spec:
          email: {{ .Values.clusterIssuer.letsencrypt.email }}
      {{- else }}
        $patch: delete
      {{- end }}
      - apiVersion: cert-manager.io/v1
        kind: ClusterIssuer
        metadata:
          namespace: cert-manager
          name: letsencrypt-production
      {{- if .Values.clusterIssuer.letsencrypt.enabled }}
        spec:
          email: {{ .Values.clusterIssuer.letsencrypt.email }}
      {{- else }}
        $patch: delete
      {{- end }}
      {{- if not (empty (.Values.clusterIssuer.strategicMergePatches)) }}
      {{- .Values.clusterIssuer.strategicMergePatches | toYaml | indent 6 }}
      {{- end }}