platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

fix: update cerbos manifests

Browse Source
This commit is contained in:
Jonas Juselius
2024-01-31 15:22:05 +01:00
parent 2198a2ea89
commit 4a6c135573
5 changed files with 85 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cerbos/application.yaml
-65
View File
@@ -1,65 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: cerbos
namespace: argocd
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: atlantis
sources:
- repoURL: https://download.cerbos.dev/helm-charts
targetRevision: 0.33.0
chart: cerbos
helm:
values: |
replicaCount: 1
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Spec of the cert-manager certificate to create for the Cerbos deployment.
# If certSpec is not empty, a cert-manager.io/v1/Certificate resource will be created with its spec populated with values from certSpec.
# The certSpec value must be a valid Certificate spec. This Helm chart does not provide any defaults or inject any values into it.
# If cerbos.tlsSecretName is defined, it takes precedence over the generated certificate.
certManager:
certSpec: {}
# Cerbos service settings.
service:
type: ClusterIP
httpPort: 3592
grpcPort: 3593
httpNodePort: 13592
grpcNodePort: 13593
annotations: {}
envFrom:
- secretRef:
name: cerbos-gitlab-token
cerbos:
httpPort: 3592
grpcPort: 3593
tlsSecretName: ""
logLevel: INFO
config:
storage:
driver: "git"
git:
protocol: https
url: https://gitlab.com/oceanbox/cerbos
branch: main
subDir: policies
checkoutDir: /work
updatePollInterval: 60s
https:
username: cerbos
password: ${GITLAB_TOKEN}
- repoURL: https://gitlab.com/oceanbox/manifests
targetRevision: HEAD
path: cerbos/manifests
cerbos/applicationset.yaml
+33
View File
@@ -0,0 +1,33 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: cerbos
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
- cluster: https://kubernetes.default.svc
env: staging
template:
metadata:
name: '{{ env }}-cerbox'
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: idp
sources:
- repoURL: https://download.cerbos.dev/helm-charts
targetRevision: 0.33.0
chart: cerbos
helm:
valueFiles:
- $values/cerbos/values.yaml
- $values/cerbos/{{ env }}-values.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
path: cerbos/manifests
ref: values
cerbos/prod-values.yaml
+3
View File
@@ -0,0 +1,3 @@
service:
httpNodePort: 30592
grpcNodePort: 30593
cerbos/staging-values.yaml
+3
View File
@@ -0,0 +1,3 @@
service:
httpNodePort: 31592
grpcNodePort: 31593
cerbos/values.yaml
+46
View File
@@ -0,0 +1,46 @@
replicaCount: 1
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Spec of the cert-manager certificate to create for the Cerbos deployment.
# If certSpec is not empty, a cert-manager.io/v1/Certificate resource will be created with its spec populated with values from certSpec.
# The certSpec value must be a valid Certificate spec. This Helm chart does not provide any defaults or inject any values into it.
# If cerbos.tlsSecretName is defined, it takes precedence over the generated certificate.
certManager:
certSpec: {}
# Cerbos service settings.
service:
type: ClusterIP
httpPort: 3592
grpcPort: 3593
httpNodePort: 13592
grpcNodePort: 13593
annotations: {}
envFrom:
- secretRef:
name: cerbos-gitlab-token
cerbos:
httpPort: 3592
grpcPort: 3593
tlsSecretName: ""
logLevel: INFO
config:
storage:
driver: "git"
git:
protocol: https
url: https://gitlab.com/oceanbox/cerbos
branch: main
subDir: policies
checkoutDir: /work
updatePollInterval: 60s
https:
username: cerbos
password: ${GITLAB_TOKEN}