-
-
Notifications
You must be signed in to change notification settings - Fork 80
/
helmfile.yaml
156 lines (151 loc) · 5.04 KB
/
helmfile.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
bases:
- environments.yaml
---
repositories:
# Add the Jetstack Helm repository
- name: jetstack
url: "https://charts.jetstack.io"
# Kubernetes incubator repo of helm charts
- name: "kubernetes-incubator"
url: "https://charts.helm.sh/incubator"
releases:
# cert-manager - Automatic Let's Encrypt for Ingress.
# Also provides local CA for issuing locally valid TLS certificates.
# https://hub.helm.sh/charts/jetstack/cert-manager
# https://github.com/jetstack/cert-manager/blob/v0.16.1/deploy/charts/cert-manager/values.yaml
# https://cert-manager.io/docs/installation/kubernetes/
- name: "cert-manager"
namespace: "cert-manager"
labels:
chart: "cert-manager"
repo: "stable"
component: "cert-manager"
namespace: "cert-manager"
vendor: "jetstack"
chart: "jetstack/cert-manager"
version: {{ .Values.chart_version | quote }}
wait: true
timeout: 300
atomic: true
cleanupOnFail: true
createNamespace: true
installed: {{ .Values.installed }}
hooks:
- events: ["presync"]
showlogs: true
command: "./cert-manager-crd"
args:
- "upgrade"
- {{ .Values.chart_version | quote }}
- events: ["postsync"]
# Give cert-manager time to initialize itself
showlogs: true
command: "/bin/sleep"
args: ["15"]
- events: ["postuninstall"]
showlogs: true
command: "./cert-manager-crd"
args:
- "uninstall"
- {{ .Values.chart_version | quote }}
values:
- fullnameOverride: cert-manager
rbac:
create: true
# According to cert-manager docs, install_crds does not work with helm 3.3
installCRDs: false
ingressShim:
defaultIssuerName: {{ .Values.ingress_shim_default_issuer_name | quote }}
defaultIssuerKind: {{ .Values.ingress_shim_default_issuer_kind | quote }}
# defaultACMEChallengeType: ""
# defaultACMEDNS01ChallengeProvider: ""
serviceAccount:
create: true
name: "cert-manager"
# https://github.com/jetstack/cert-manager/blob/master/deploy/charts/cert-manager/templates/serviceaccount.yaml
annotations:
eks.amazonaws.com/role-arn: {{ printf "arn:aws:iam::%v:role/%v-%v-%v-eks-cert-manager" .Values.account_number .Values.namespace .Values.environment .Values.stage | quote }}
securityContext:
enabled: true
fsGroup: 1001
runAsGroup: 1001
prometheus:
enabled: {{ .Values.metrics_enabled }}
servicemonitor:
enabled: {{ .Values.metrics_enabled }}
prometheusInstance: default
targetPort: 9402
path: /metrics
interval: 60s
scrapeTimeout: 30s
webhook:
enabled: true
cainjector:
enabled: true
resources:
limits:
cpu: {{ .Values.limit_cpu | quote }}
memory: {{ .Values.limit_memory | quote }}
requests:
cpu: {{ .Values.request_cpu | quote }}
memory: {{ .Values.request_memory | quote }}
- name: 'cert-manager-issuers'
needs: ['cert-manager/cert-manager']
chart: "kubernetes-incubator/raw"
namespace: "cert-manager"
labels:
component: "cert-manager"
namespace: "cert-manager"
version: {{ .Values.cert_manager_issuers_chart_version | quote }}
wait: true
timeout: 120
atomic: true
cleanupOnFail: true
installed: {{ .Values.installed }}
disableValidation: true
values:
- resources:
- apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: {{ printf .Values.support_email_template .Values.stage | quote }}
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
solvers:
# # Enable the HTTP-01 challenge provider
# - http01:
# ingress:
# class: nginx
# Enable the DNS-01 challenge provider
- dns01:
route53:
region: {{ .Values.dns_region | quote }}
- apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: {{ printf .Values.support_email_template .Values.stage | quote }}
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
solvers:
# # Enable the HTTP-01 challenge provider
# - http01:
# ingress:
# class: nginx
# Enable the DNS-01 challenge provider
- dns01:
route53:
region: {{ .Values.dns_region | quote }}