101 lines
2.9 KiB
YAML
101 lines
2.9 KiB
YAML
{{ if .Values.linkerd.enabled }}
|
|
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: linkerd
|
|
namespace: argocd
|
|
annotations:
|
|
argocd.argoproj.io/sync-wave: "5"
|
|
#finalizers:
|
|
#- resources-finalizer.argocd.argoproj.io
|
|
spec:
|
|
destination:
|
|
namespace: linkerd
|
|
server: 'https://kubernetes.default.svc'
|
|
sources:
|
|
- repoURL: {{ .Values.cluster_config.manifests }}
|
|
path: {{ .Values.cluster_config.policies }}/linkerd
|
|
targetRevision: HEAD
|
|
- repoURL: 'https://helm.linkerd.io/stable'
|
|
targetRevision: {{ .Values.linkerd.version }}
|
|
chart: linkerd-control-plane
|
|
helm:
|
|
values: |
|
|
identityTrustAnchorsPEM: {{- .Values.linkerd.trustAnchorPEM | toYaml | indent 7 }}
|
|
identity:
|
|
issuer:
|
|
scheme: {{ .Values.linkerd.secretScheme }}
|
|
{{- if .Values.linkerd.identityIssuerPEM }}
|
|
tls:
|
|
crtPEM: {{- .Values.linkerd.identityIssuerPEM | toYaml | indent 14 }}
|
|
{{- end }}
|
|
policyValidator:
|
|
externalSecret: true
|
|
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
|
|
proxyInjector:
|
|
externalSecret: true
|
|
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
|
|
profileValidator:
|
|
externalSecret: true
|
|
caBundle: {{- .Values.linkerd.webhookPEM | toYaml | indent 9 }}
|
|
|
|
project: sys
|
|
syncPolicy:
|
|
managedNamespaceMetadata:
|
|
labels:
|
|
component: sys
|
|
syncOptions:
|
|
- CreateNamespace=true
|
|
- ApplyOutOfSyncOnly=true
|
|
{{- if .Values.linkerd.autosync }}
|
|
automated:
|
|
prune: true
|
|
# selfHeal: false
|
|
{{- end }}
|
|
ignoreDifferences:
|
|
- group: batch
|
|
kind: CronJob
|
|
jsonPointers:
|
|
- /spec/schedule
|
|
- kind: Secret
|
|
name: linkerd-proxy-injector-k8s-tls
|
|
jsonPointers:
|
|
- /data/tls.crt
|
|
- /data/tls.key
|
|
- kind: Secret
|
|
name: linkerd-sp-validator-k8s-tls
|
|
jsonPointers:
|
|
- /data/tls.crt
|
|
- /data/tls.key
|
|
- kind: Secret
|
|
name: linkerd-tap-k8s-tls
|
|
jsonPointers:
|
|
- /data/tls.crt
|
|
- /data/tls.key
|
|
- kind: Secret
|
|
name: linkerd-policy-validator-k8s-tls
|
|
jsonPointers:
|
|
- /data/tls.crt
|
|
- /data/tls.key
|
|
- group: admissionregistration.k8s.io
|
|
kind: MutatingWebhookConfiguration
|
|
name: linkerd-proxy-injector-webhook-config
|
|
jqPathExpressions:
|
|
- '.webhooks[0].clientConfig.caBundle'
|
|
- group: admissionregistration.k8s.io
|
|
kind: ValidatingWebhookConfiguration
|
|
name: linkerd-sp-validator-webhook-config
|
|
jqPathExpressions:
|
|
- '.webhooks[0].clientConfig.caBundle'
|
|
- group: admissionregistration.k8s.io
|
|
kind: ValidatingWebhookConfiguration
|
|
name: linkerd-policy-validator-webhook-config
|
|
jqPathExpressions:
|
|
- '.webhooks[0].clientConfig.caBundle'
|
|
- group: apiregistration.k8s.io/v1
|
|
kind: APIService
|
|
name: v1alpha1.tap.linkerd.io
|
|
jsonPointers:
|
|
- /spec/caBundle
|
|
{{ end }}
|