{{- $fullname := include "vCluster.fullname" . -}} {{- $name := include "vCluster.releaseName" . -}} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: {{ $fullname }} namespace: argocd spec: project: atlantis syncPolicy: automated: {} syncOptions: - createNamespace=true destination: server: https://kubernetes.default.svc namespace: {{ .Release.Namespace }} source: repoURL: https://charts.loft.sh targetRevision: 0.18.1 chart: vcluster helm: values: |- vcluster: env: {{ if .Values.persistence }} - name: PG_PASSWORD valueFrom: secretKeyRef: name: "{{ $fullname }}-db-app" key: password - name: K3S_DATASTORE_ENDPOINT value: "postgres://k3s:$(PG_PASSWORD)@{{ $fullname }}-db-rw:5432/k3s" {{ end }} ingress: enabled: true ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-staging nginx.ingress.kubernetes.io/backend-protocol: HTTPS nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 host: "{{ $fullname }}.beta.oceanbox.io" tls: - hosts: - "{{ $fullname }}.beta.oceanbox.io" secretName: "{{ $fullname }}-tls" storage: persistence: false # coredns: # image: coredns/coredns:1.10.1 fallbackHostDns: true multiNamespaceMode: enabled: true mapServices: fromHost: - from: "redis/{{ .Values.environment }}-redis-master" to: "redis/{{ .Values.environment }}-redis-master" - from: "rabbitmq/{{ .Values.environment }}-rabbitmq" to: "rabbitmq/{{ .Values.environment }}-rabbitmq" - from: "{{ .Release.Namespace }}/{{ $name }}-archmeister-rw" to: "atlantis/{{ $name }}-archmeister-rw" - from: "{{ .Release.Namespace }}/jaeger-collector" to: "atlantis/jaeger-collector" sync: secrets: all: true configmaps: all: true ingresses: enabled: true generic: clusterRole: extraRules: - apiGroups: [ "apiextensions.k8s.io" ] resources: [ "customresourcedefinitions" ] verbs: [ "get", "list", "watch" ] role: extraRules: - apiGroups: ["postgresql.cnpg.io"] resources: ["backups", "clusters", "poolers", "scheduledbackups" ] verbs: ["create", "delete", "patch", "update", "get", "list", "watch"] - apiGroups: [ "cilium.io" ] resources: [ "ciliumnetworkpolicies" ] verbs: [ "get", "list", "watch", "create", "patch" ] config: |- version: v1beta1 import: - kind: CiliumNetworkPolicy apiVersion: cilium.io/v2 - kind: Cluster apiVersion: postgresql.cnpg.io/v1 - kind: Secret apiVersion: v1 export: - kind: CiliumNetworkPolicy apiVersion: cilium.io/v2 init: manifests: |- --- apiVersion: v1 kind: ServiceAccount metadata: name: admin namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount namespace: kube-system name: admin --- apiVersion: v1 kind: Secret metadata: name: admin-token namespace: kube-system annotations: kubernetes.io/service-account.name: admin type: kubernetes.io/service-account-token # The contents of manifests-template will be templated using helm # this allows you to use helm values inside, e.g.: {{ .Release.Name }} manifestsTemplate: '' helm: - chart: name: dapr version: 1.12.5 repo: https://dapr.github.io/helm-charts/ release: name: dapr namespace: dapr-system timeout: 180 values: |- ha.enabled: false # plugin: # secret-syncer: # image: registry.gitlab.com/oceanbox/vcluster-secret-syncer:v1.0.1 # imagePullPolicy: IfNotPresent