diff --git a/cerbos/application.yaml b/cerbos/application.yaml index f9feacb5..5247d2f9 100644 --- a/cerbos/application.yaml +++ b/cerbos/application.yaml @@ -5,59 +5,61 @@ metadata: namespace: argocd spec: project: atlantis - source: - repoURL: https://download.cerbos.dev/helm-charts - targetRevision: 0.33.0 - chart: cerbos - helm: - values: | - replicaCount: 1 - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - - # Spec of the cert-manager certificate to create for the Cerbos deployment. - # If certSpec is not empty, a cert-manager.io/v1/Certificate resource will be created with its spec populated with values from certSpec. - # The certSpec value must be a valid Certificate spec. This Helm chart does not provide any defaults or inject any values into it. - # If cerbos.tlsSecretName is defined, it takes precedence over the generated certificate. - certManager: - certSpec: {} - - # Cerbos service settings. - service: - type: ClusterIP - httpPort: 3592 - grpcPort: 3593 - httpNodePort: 13592 - grpcNodePort: 13593 - annotations: {} - - envFrom: - - secretRef: - name: cerbos-gitlab-token - - cerbos: - httpPort: 3592 - grpcPort: 3593 - tlsSecretName: "" - logLevel: INFO - config: - storage: - driver: "git" - git: - protocol: https - url: https://gitlab.com/oceanbox/cerbos - branch: main - subDir: policies - checkoutDir: /work - updatePollInterval: 60s - https: - username: cerbos - password: ${GITLAB_TOKEN} destination: server: https://kubernetes.default.svc namespace: atlantis + sources: + - repoURL: https://download.cerbos.dev/helm-charts + targetRevision: 0.33.0 + chart: cerbos + helm: + values: | + replicaCount: 1 + autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + # Spec of the cert-manager certificate to create for the Cerbos deployment. + # If certSpec is not empty, a cert-manager.io/v1/Certificate resource will be created with its spec populated with values from certSpec. + # The certSpec value must be a valid Certificate spec. This Helm chart does not provide any defaults or inject any values into it. + # If cerbos.tlsSecretName is defined, it takes precedence over the generated certificate. + certManager: + certSpec: {} + + # Cerbos service settings. + service: + type: ClusterIP + httpPort: 3592 + grpcPort: 3593 + httpNodePort: 13592 + grpcNodePort: 13593 + annotations: {} + + envFrom: + - secretRef: + name: cerbos-gitlab-token + + cerbos: + httpPort: 3592 + grpcPort: 3593 + tlsSecretName: "" + logLevel: INFO + config: + storage: + driver: "git" + git: + protocol: https + url: https://gitlab.com/oceanbox/cerbos + branch: main + subDir: policies + checkoutDir: /work + updatePollInterval: 60s + https: + username: cerbos + password: ${GITLAB_TOKEN} + - repoURL: https://gitlab.com/oceanbox/manifests + targetRevision: HEAD + path: cerbos/manifests diff --git a/cerbos/cerbos-gitlab-token.yaml b/cerbos/manifests/cerbos-gitlab-token.yaml similarity index 100% rename from cerbos/cerbos-gitlab-token.yaml rename to cerbos/manifests/cerbos-gitlab-token.yaml diff --git a/rabbitmq/application.yaml b/rabbitmq/application.yaml index 01bdd49a..505530e8 100644 --- a/rabbitmq/application.yaml +++ b/rabbitmq/application.yaml @@ -8,39 +8,42 @@ spec: destination: server: https://kubernetes.default.svc namespace: atlantis - source: - repoURL: https://charts.bitnami.com/bitnami - targetRevision: 12.9.0 - chart: rabbitmq - helm: - values: | - auth: - erlangCookie: "" - existingErlangSecret: "" - existingPasswordSecret: "" - password: hunny-bunny - username: user - clusterDomain: cluster.local - ingress: - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - nginx.ingress.kubernetes.io/ssl-redirect: "true" - nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 - enabled: true - extraHosts: [] - extraPaths: [] - extraRules: [] - hostname: rabbitmq.svc.oceanbox.io - ingressClassName: "" - path: / - pathType: ImplementationSpecific - secrets: [] - selfSigned: false - tls: true - persistence: - accessModes: - - ReadWriteOnce - enabled: true - existingClaim: "" - size: 8Gi - storageClass: "" + sources: + - repoURL: https://charts.bitnami.com/bitnami + targetRevision: 12.9.0 + chart: rabbitmq + helm: + values: | + auth: + erlangCookie: "" + existingErlangSecret: "" + existingPasswordSecret: "" + password: hunny-bunny + username: user + clusterDomain: cluster.local + ingress: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 + enabled: true + extraHosts: [] + extraPaths: [] + extraRules: [] + hostname: rabbitmq.svc.oceanbox.io + ingressClassName: "" + path: / + pathType: ImplementationSpecific + secrets: [] + selfSigned: false + tls: true + persistence: + accessModes: + - ReadWriteOnce + enabled: true + existingClaim: "" + size: 8Gi + storageClass: "" + - repoURL: https://gitlab.com/oceanbox/manifests + targetRevision: HEAD + path: rabbitmq/manifests diff --git a/redis/application.yaml b/redis/application.yaml index b27c6cfe..ce87679b 100644 --- a/redis/application.yaml +++ b/redis/application.yaml @@ -8,18 +8,20 @@ spec: destination: server: https://kubernetes.default.svc namespace: atlantis - source: - repoURL: https://charts.bitnami.com/bitnami - targetRevision: 18.9.1 - chart: redis - helm: - values: | - architecture: replication - auth: - enabled: true - sentinel: true - password: "" - existingSecret: "" - existingSecretPasswordKey: "" - usePasswordFiles: false - + sources: + - repoURL: https://charts.bitnami.com/bitnami + targetRevision: 18.9.1 + chart: redis + helm: + values: | + architecture: replication + auth: + enabled: true + sentinel: true + password: "" + existingSecret: "" + existingSecretPasswordKey: "" + usePasswordFiles: false + - repoURL: https://gitlab.com/oceanbox/manifests + targetRevision: HEAD + path: redis/manifests