platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 7 Actions Packages Projects Releases Wiki Activity
Files
fb38bbfc6392bd32aed1da8da37c46e2f0edbcee
manifests/vcluster/chart/templates/vcluster.yaml
T

156 lines
5.2 KiB
YAML
Raw Blame History

{{- $fullname := include "vCluster.fullname" . -}}
{{- $name := include "vCluster.releaseName" . -}}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: {{ $fullname }}
namespace: argocd
spec:
project: atlantis
syncPolicy:
automated: {}
syncOptions:
- createNamespace=true
destination:
server: https://kubernetes.default.svc
namespace: {{ .Release.Namespace }}
source:
repoURL: https://charts.loft.sh
targetRevision: 0.18.1
chart: vcluster
helm:
values: |-
vcluster:
env:
{{ if .Values.persistence }}
- name: PG_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ $fullname }}-db-app"
key: password
- name: K3S_DATASTORE_ENDPOINT
value: "postgres://k3s:$(PG_PASSWORD)@{{ $fullname }}-db-rw:5432/k3s"
{{ end }}
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
host: "{{ $fullname }}.beta.oceanbox.io"
tls:
- hosts:
- "{{ $fullname }}.beta.oceanbox.io"
secretName: "{{ $fullname }}-tls"
storage:
persistence: false
# coredns:
# image: coredns/coredns:1.10.1
fallbackHostDns: true
multiNamespaceMode:
enabled: true
mapServices:
fromHost:
- from: "redis/{{ .Values.environment }}-redis-master"
to: "redis/{{ .Values.environment }}-redis-master"
- from: "rabbitmq/{{ .Values.environment }}-rabbitmq"
to: "rabbitmq/{{ .Values.environment }}-rabbitmq"
- from: "{{ .Release.Namespace }}/{{ $name }}-archmeister-rw"
to: "atlantis/{{ $name }}-archmeister-rw"
- from: "{{ .Release.Namespace }}/jaeger-collector"
to: "atlantis/jaeger-collector"
sync:
secrets:
all: true
configmaps:
all: true
ingresses:
enabled: true
generic:
clusterRole:
extraRules:
- apiGroups: [ "apiextensions.k8s.io" ]
resources: [ "customresourcedefinitions" ]
verbs: [ "get", "list", "watch" ]
role:
extraRules:
- apiGroups: ["postgresql.cnpg.io"]
resources: ["backups", "clusters", "poolers", "scheduledbackups" ]
verbs: ["create", "delete", "patch", "update", "get", "list", "watch"]
- apiGroups: [ "cilium.io" ]
resources: [ "ciliumnetworkpolicies" ]
verbs: [ "get", "list", "watch", "create", "patch" ]
config: |-
version: v1beta1
import:
- kind: CiliumNetworkPolicy
apiVersion: cilium.io/v2
- kind: Cluster
apiVersion: postgresql.cnpg.io/v1
- kind: Secret
apiVersion: v1
export:
- kind: CiliumNetworkPolicy
apiVersion: cilium.io/v2
init:
manifests: |-
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
namespace: kube-system
name: admin
---
apiVersion: v1
kind: Secret
metadata:
name: admin-token
namespace: kube-system
annotations:
kubernetes.io/service-account.name: admin
type: kubernetes.io/service-account-token
# The contents of manifests-template will be templated using helm
# this allows you to use helm values inside, e.g.: {{ .Release.Name }}
manifestsTemplate: ''
helm:
- chart:
name: dapr
version: 1.12.5
repo: https://dapr.github.io/helm-charts/
release:
name: dapr
namespace: dapr-system
timeout: 180
values: |-
ha.enabled: false
# plugin:
# secret-syncer:
# image: registry.gitlab.com/oceanbox/vcluster-secret-syncer:v1.0.1
# imagePullPolicy: IfNotPresent
Reference in New Issue View Git Blame Copy Permalink