dfec78f8 by Adam Heath

cert-manager and istio now follow the helmfile pattern.

1 parent 41755af6
---
releases:
- name: cert-manager
chart: .
wait: true
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager.yaml
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
namespace: cert-manager
name: ca-issuer
spec:
ca:
secretName: root-ca
---
bases:
- ../environments.yaml
---
releases:
- name: cluster-issuer
namespace: cert-manager
chart: .
wait: true
condition: cert-manager.enabled
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./cluster-issuer.yaml
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
namespace: cert-manager
name: ca-issuer
spec:
ca:
secretName: root-ca
---
environments:
default:
values:
- clusterIssuer:
jsonPatches: []
strategicMergePatches: []
caIssuer:
secretName: root-ca
---
helmfiles:
- path: ./charts/cert-manager/helmfile.yaml
values:
-
{{- toYaml .Values | nindent 8 }}
releases:
- name: cluster-issuer
chart: charts/cluster-issuer
jsonPatches:
{{- if not (empty (.Values.clusterIssuer.jsonPatches)) }}
{{- .Values.clusterIssuer.jsonPatches | toYaml | indent 6 }}
{{- end }}
strategicMergePatches:
- apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: ca-issuer
namespace: cert-manager
spec:
ca:
secretName: {{ .Values.clusterIssuer.caIssuer.secretName }}
{{- if not (empty (.Values.clusterIssuer.strategicMergePatches)) }}
{{- .Values.clusterIssuer.strategicMergePatches | toYaml | indent 6 }}
{{- end }}
environments:
default:
values:
- namespace: istio-system
namePrefix: ""
gateways: []
repositories:
- name: istio
url: https://istio-release.storage.googleapis.com/charts
---
helmfiles:
- path: istio-base.helmfile.yaml
values:
- namespace: {{ .Values.namespace }}
namePrefix: ""
- path: istiod.helmfile.yaml
values:
- namespace: {{ .Values.namespace }}
namePrefix: ""
releases:
{{- range $gateway_index, $gateway := .Values.gateways }}
- name: {{ $.Values.namePrefix }}gateway-{{ $gateway.name }}
namespace: {{ $gateway | get "namespace" "istio-system" }}
chart: istio/gateway
values:
- service:
type: LoadBalancer
loadBalancerIP: {{ $gateway | get "loadBalancerIP" "" }}
externalTrafficPolicy: Cluster
ports:
- name: status-port
port: 15021
protocol: TCP
targetPort: 15021
- name: http2
port: 80
protocol: TCP
targetPort: 80
- name: https
port: 443
protocol: TCP
targetPort: 443
name: {{ $gateway.name }}
{{- end }}
releases:
- name: {{ .Values.namePrefix }}istio-base
namespace: {{ .Values.namespace }}
chart: istio/base
releases:
- name: {{ .Values.namePrefix }}istiod
namespace: {{ .Values.namespace }}
chart: istio/istiod