wip: unify sys and apps
This commit is contained in:
@@ -0,0 +1,100 @@
|
||||
{{ if .Values.linkerd.enabled }}
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: linkerd
|
||||
namespace: argocd
|
||||
annotations:
|
||||
argocd.argoproj.io/sync-wave: "5"
|
||||
#finalizers:
|
||||
#- resources-finalizer.argocd.argoproj.io
|
||||
spec:
|
||||
destination:
|
||||
namespace: linkerd
|
||||
server: 'https://kubernetes.default.svc'
|
||||
sources:
|
||||
- repoURL: {{ .Values.cluster_config.manifests }}
|
||||
path: {{ .Values.cluster_config.policies }}/linkerd
|
||||
targetRevision: HEAD
|
||||
- repoURL: 'https://helm.linkerd.io/stable'
|
||||
targetRevision: {{ .Values.linkerd.version }}
|
||||
chart: linkerd-control-plane
|
||||
helm:
|
||||
values: |
|
||||
identityTrustAnchorsPEM: {{- .Values.linkerd.trustAnchorPEM | toYaml | indent 7 }}
|
||||
identity:
|
||||
issuer:
|
||||
scheme: {{ .Values.linkerd.secretScheme }}
|
||||
{{- if .Values.linkerd.identityIssuerPEM }}
|
||||
tls:
|
||||
crtPEM: {{- .Values.linkerd.identityIssuerPEM | toYaml | indent 14 }}
|
||||
{{- end }}
|
||||
policyValidator:
|
||||
externalSecret: true
|
||||
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
|
||||
proxyInjector:
|
||||
externalSecret: true
|
||||
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
|
||||
profileValidator:
|
||||
externalSecret: true
|
||||
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
|
||||
|
||||
project: sys
|
||||
syncPolicy:
|
||||
managedNamespaceMetadata:
|
||||
labels:
|
||||
component: sys
|
||||
syncOptions:
|
||||
- CreateNamespace=true
|
||||
- ApplyOutOfSyncOnly=true
|
||||
{{- if .Values.linkerd.autosync }}
|
||||
automated:
|
||||
prune: true
|
||||
# selfHeal: false
|
||||
{{- end }}
|
||||
ignoreDifferences:
|
||||
- group: batch
|
||||
kind: CronJob
|
||||
jsonPointers:
|
||||
- /spec/schedule
|
||||
- kind: Secret
|
||||
name: linkerd-proxy-injector-k8s-tls
|
||||
jsonPointers:
|
||||
- /data/tls.crt
|
||||
- /data/tls.key
|
||||
- kind: Secret
|
||||
name: linkerd-sp-validator-k8s-tls
|
||||
jsonPointers:
|
||||
- /data/tls.crt
|
||||
- /data/tls.key
|
||||
- kind: Secret
|
||||
name: linkerd-tap-k8s-tls
|
||||
jsonPointers:
|
||||
- /data/tls.crt
|
||||
- /data/tls.key
|
||||
- kind: Secret
|
||||
name: linkerd-policy-validator-k8s-tls
|
||||
jsonPointers:
|
||||
- /data/tls.crt
|
||||
- /data/tls.key
|
||||
- group: admissionregistration.k8s.io
|
||||
kind: MutatingWebhookConfiguration
|
||||
name: linkerd-proxy-injector-webhook-config
|
||||
jqPathExpressions:
|
||||
- '.webhooks[0].clientConfig.caBundle'
|
||||
- group: admissionregistration.k8s.io
|
||||
kind: ValidatingWebhookConfiguration
|
||||
name: linkerd-sp-validator-webhook-config
|
||||
jqPathExpressions:
|
||||
- '.webhooks[0].clientConfig.caBundle'
|
||||
- group: admissionregistration.k8s.io
|
||||
kind: ValidatingWebhookConfiguration
|
||||
name: linkerd-policy-validator-webhook-config
|
||||
jqPathExpressions:
|
||||
- '.webhooks[0].clientConfig.caBundle'
|
||||
- group: apiregistration.k8s.io/v1
|
||||
kind: APIService
|
||||
name: v1alpha1.tap.linkerd.io
|
||||
jsonPointers:
|
||||
- /spec/caBundle
|
||||
{{ end }}
|
||||
Reference in New Issue
Block a user