fmt yaml

base/cert-manager/helmrelease.yaml

----
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
   name: cert-manager
   namespace: cert-manager
 spec:
-  interval: 2m
-
   chart:
     spec:
       chart: cert-manager
-      version: v1.0.3
+      interval: 5m
       sourceRef:
-        kind: HelmRepository
         name: jetstack
         namespace: flux-system
-      interval: 5m
-
-  valuesFrom:
-    - kind: ConfigMap
-      name: env-values
-      optional: true
-    - kind: Secret
-      name: env-values
-      optional: true
-
+        kind: HelmRepository
+      version: v1.0.3
+  interval: 2m
   values:
     installCRDs: true
     prometheus:
       servicemonitor:
-        enabled: false
         labels:
           release: monitoring
+        enabled: false
+  valuesFrom:
+  - name: env-values
+    kind: ConfigMap
+    optional: true
+  - name: env-values
+    kind: Secret
+    optional: true

base/cert-manager/kustomization.yaml

 resources:
-  - namespace.yaml
-  - helmrelease.yaml
\ No newline at end of file
+- namespace.yaml
+- helmrelease.yaml

base/cert-manager/namespace.yaml

----
 apiVersion: v1
 kind: Namespace
 metadata:

base/flux/chart-repositories/banzaicloud.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: flux-system
 spec:
   interval: 24h
-  url: https://kubernetes-charts.banzaicloud.com
   timeout: 3m
+  url: https://kubernetes-charts.banzaicloud.com

base/flux/chart-repositories/gitlab.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: flux-system
 spec:
   interval: 24h
-  url: https://charts.gitlab.io/
   timeout: 3m
+  url: https://charts.gitlab.io/

base/flux/chart-repositories/grafana-loki.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: flux-system
 spec:
   interval: 24h
-  url: https://grafana.github.io/loki/charts
   timeout: 3m
+  url: https://grafana.github.io/loki/charts

base/flux/chart-repositories/jetstack.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: flux-system
 spec:
   interval: 24h
-  url: https://charts.jetstack.io/
   timeout: 3m
+  url: https://charts.jetstack.io/

base/flux/chart-repositories/kustomization.yaml

 resources:
-  - banzaicloud.yaml
-  - gitlab.yaml
-  - grafana-loki.yaml
-  - jetstack.yaml
-  - podinfo.yaml
-  - prometheus-community.yaml
-  - rancher-latest.yaml
\ No newline at end of file
+- banzaicloud.yaml
+- gitlab.yaml
+- grafana-loki.yaml
+- jetstack.yaml
+- podinfo.yaml
+- prometheus-community.yaml
+- rancher-latest.yaml

base/flux/chart-repositories/podinfo.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: flux-system
 spec:
   interval: 24h
-  url: https://stefanprodan.github.io/podinfo
   timeout: 3m
+  url: https://stefanprodan.github.io/podinfo

base/flux/chart-repositories/prometheus-community.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: flux-system
 spec:
   interval: 24h
-  url: https://prometheus-community.github.io/helm-charts
   timeout: 3m
+  url: https://prometheus-community.github.io/helm-charts

base/flux/chart-repositories/rancher-latest.yaml

@@ -5,5 +5,5 @@ metadata:
   namespace: flux-system
 spec:
   interval: 24h
-  url: https://releases.rancher.com/server-charts/latest
   timeout: 3m
+  url: https://releases.rancher.com/server-charts/latest

base/flux/kustomization.yaml

 resources:
-  - toolkit
-  - chart-repositories
\ No newline at end of file
+- toolkit
+- chart-repositories

base/flux/toolkit/kustomization.yaml

 resources:
-  - all.yaml
+- all.yaml

base/gatekeeper/kustomization.yaml

 resources:
-  - namespace.yaml
-  - gatekeeper.yaml
-
+- namespace.yaml
+- gatekeeper.yaml
 images:
-  - name: openpolicyagent/gatekeeper:v3.1.1
-    newName: registry1.dsop.io/ironbank/opensource/openpolicyagent/gatekeeper
-    newTag: v3.1.1
\ No newline at end of file
+- name: openpolicyagent/gatekeeper:v3.1.1
+  newName: registry1.dsop.io/ironbank/opensource/openpolicyagent/gatekeeper
+  newTag: v3.1.1

base/gatekeeper/namespace.yaml

----
 apiVersion: v1
 kind: Namespace
 metadata:
+  name: gatekeeper-system
   labels:
     admission.gatekeeper.sh/ignore: no-self-managing
     control-plane: controller-manager
     gatekeeper.sh/system: "yes"
-  name: gatekeeper-system

base/istio/istio-operator/kustomization.yaml

 resources:
-  - operator.yaml
-
+- operator.yaml
 images:
-  - name: docker.io/istio/operator:1.7.4-distroless
-    newName: registry1.dsop.io/ironbank/opensource/istio/operator
-    newTag: 1.7.3
\ No newline at end of file
+- name: docker.io/istio/operator:1.7.4-distroless
+  newName: registry1.dsop.io/ironbank/opensource/istio/operator
+  newTag: 1.7.3

base/istio/istio-operator/operator.yaml

----
 # Source: istio-operator/templates/namespace.yaml
 apiVersion: v1
 kind: Namespace
 metadata:
   name: istio-operator
   labels:
-    istio-operator-managed: Reconcile
     istio-injection: disabled
+    istio-operator-managed: Reconcile
 ---
 # Source: istio-operator/templates/service_account.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  namespace: istio-operator
   name: istio-operator
+  namespace: istio-operator
 ---
 # Source: istio-operator/templates/crds.yaml
 # SYNC WITH manifests/charts/base/files
@@ -28,164 +27,155 @@ spec:
   names:
     kind: IstioOperator
     plural: istiooperators
-    singular: istiooperator
     shortNames:
-      - iop
+    - iop
+    singular: istiooperator
   scope: Namespaced
   versions:
-    - additionalPrinterColumns:
-        - description: Istio control plane revision
-          jsonPath: .spec.revision
-          name: Revision
-          type: string
-        - description: IOP current state
-          jsonPath: .status.status
-          type: string
-          name: Status
-        - jsonPath: .metadata.creationTimestamp
-          description:
-            "CreationTimestamp is a timestamp representing the server time when
-            this object was created. It is not guaranteed to be set in happens-before order
-            across separate operations. Clients may not set this value. It is represented
-            in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
-            lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
-          name: Age
-          type: date
-      name: v1alpha1
-      schema:
-        openAPIV3Schema:
-          properties:
-            apiVersion:
-              description:
-                "APIVersion defines the versioned schema of this representation
-                of an object. Servers should convert recognized schemas to the latest
-                internal value, and may reject unrecognized values.
-                More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources"
-              type: string
-            kind:
-              description:
-                "Kind is a string value representing the REST resource this
-                object represents. Servers may infer this from the endpoint the client
-                submits requests to. Cannot be updated. In CamelCase.
-                More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
-              type: string
-            spec:
-              description:
-                "Specification of the desired state of the istio control plane resource.
-                More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
-              x-kubernetes-preserve-unknown-fields: true
-              type: object
-            status:
-              description:
-                "Status describes each of istio control plane component status at the current time.
-                0 means NONE, 1 means UPDATING, 2 means HEALTHY, 3 means ERROR, 4 means RECONCILING.
-                More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html &
-                https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
-              x-kubernetes-preserve-unknown-fields: true
-              type: object
-          type: object
-      served: true
-      storage: true
-      subresources:
-        status: {}
+  - name: v1alpha1
+    additionalPrinterColumns:
+    - name: Revision
+      type: string
+      description: Istio control plane revision
+      jsonPath: .spec.revision
+    - name: Status
+      type: string
+      description: IOP current state
+      jsonPath: .status.status
+    - name: Age
+      type: date
+      description: "CreationTimestamp is a timestamp representing the server time
+        when this object was created. It is not guaranteed to be set in happens-before
+        order across separate operations. Clients may not set this value. It is represented
+        in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
+        lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
+      jsonPath: .metadata.creationTimestamp
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          apiVersion:
+            type: string
+            description: "APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources"
+          kind:
+            type: string
+            description: "Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
+          spec:
+            type: object
+            description: "Specification of the desired state of the istio control
+              plane resource. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            type: object
+            description: "Status describes each of istio control plane component status
+              at the current time. 0 means NONE, 1 means UPDATING, 2 means HEALTHY,
+              3 means ERROR, 4 means RECONCILING. More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html
+              & https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status"
+            x-kubernetes-preserve-unknown-fields: true
+    served: true
+    storage: true
+    subresources:
+      status: {}
 ---
 # Source: istio-operator/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  creationTimestamp: null
   name: istio-operator
+  creationTimestamp: null
 rules:
-# istio groups
-- apiGroups:
-  - authentication.istio.io
-  resources:
+- resources:
   - '*'
+  # istio groups
+  apiGroups:
+  - authentication.istio.io
   verbs:
   - '*'
-- apiGroups:
-  - config.istio.io
-  resources:
+- resources:
   - '*'
+  apiGroups:
+  - config.istio.io
   verbs:
   - '*'
-- apiGroups:
-  - install.istio.io
-  resources:
+- resources:
   - '*'
+  apiGroups:
+  - install.istio.io
   verbs:
   - '*'
-- apiGroups:
-  - networking.istio.io
-  resources:
+- resources:
   - '*'
+  apiGroups:
+  - networking.istio.io
   verbs:
   - '*'
-- apiGroups:
-  - security.istio.io
-  resources:
+- resources:
   - '*'
+  apiGroups:
+  - security.istio.io
   verbs:
   - '*'
-# k8s groups
-- apiGroups:
-  - admissionregistration.k8s.io
-  resources:
+- resources:
   - mutatingwebhookconfigurations
   - validatingwebhookconfigurations
+  # k8s groups
+  apiGroups:
+  - admissionregistration.k8s.io
   verbs:
   - '*'
-- apiGroups:
-  - apiextensions.k8s.io
-  resources:
+- resources:
   - customresourcedefinitions.apiextensions.k8s.io
   - customresourcedefinitions
+  apiGroups:
+  - apiextensions.k8s.io
   verbs:
   - '*'
-- apiGroups:
-  - apps
-  - extensions
-  resources:
+- resources:
   - daemonsets
   - deployments
   - deployments/finalizers
   - ingresses
   - replicasets
   - statefulsets
+  apiGroups:
+  - apps
+  - extensions
   verbs:
   - '*'
-- apiGroups:
-  - autoscaling
-  resources:
+- resources:
   - horizontalpodautoscalers
+  apiGroups:
+  - autoscaling
   verbs:
   - '*'
-- apiGroups:
-  - monitoring.coreos.com
-  resources:
+- resources:
   - servicemonitors
+  apiGroups:
+  - monitoring.coreos.com
   verbs:
   - get
   - create
   - update
-- apiGroups:
-  - policy
-  resources:
+- resources:
   - poddisruptionbudgets
+  apiGroups:
+  - policy
   verbs:
   - '*'
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
+- resources:
   - clusterrolebindings
   - clusterroles
   - roles
   - rolebindings
+  apiGroups:
+  - rbac.authorization.k8s.io
   verbs:
   - '*'
-- apiGroups:
-  - ""
-  resources:
+- resources:
   - configmaps
   - endpoints
   - events
@@ -195,45 +185,47 @@ rules:
   - secrets
   - services
   - serviceaccounts
+  apiGroups:
+  - ""
   verbs:
   - '*'
 ---
+apiVersion: rbac.authorization.k8s.io/v1
 # Source: istio-operator/templates/clusterrole_binding.yaml
 kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: istio-operator
-subjects:
-- kind: ServiceAccount
-  name: istio-operator
-  namespace: istio-operator
 roleRef:
-  kind: ClusterRole
   name: istio-operator
+  kind: ClusterRole
   apiGroup: rbac.authorization.k8s.io
+subjects:
+- name: istio-operator
+  namespace: istio-operator
+  kind: ServiceAccount
 ---
 # Source: istio-operator/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
+  name: istio-operator
   namespace: istio-operator
   labels:
     name: istio-operator
-  name: istio-operator
 spec:
+  selector:
+    name: istio-operator
   ports:
   - name: http-metrics
     port: 8383
     targetPort: 8383
-  selector:
-    name: istio-operator
 ---
 # Source: istio-operator/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  namespace: istio-operator
   name: istio-operator
+  namespace: istio-operator
 spec:
   replicas: 1
   selector:
@@ -246,41 +238,41 @@ spec:
     spec:
       serviceAccountName: istio-operator
       containers:
-        - name: istio-operator
-          image: docker.io/istio/operator:1.7.4-distroless
-          command:
-          - operator
-          - server
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-              - ALL
-            privileged: false
-            readOnlyRootFilesystem: true
-            runAsGroup: 1337
-            runAsUser: 1337
-            runAsNonRoot: true
-          imagePullPolicy: IfNotPresent
-          resources:
-            limits:
-              cpu: 200m
-              memory: 256Mi
-            requests:
-              cpu: 50m
-              memory: 128Mi
-          env:
-            - name: WATCH_NAMESPACE
-              value: "istio-system"
-            - name: LEADER_ELECTION_NAMESPACE
-              value: "istio-operator"
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: OPERATOR_NAME
-              value: "istio-operator"
-            - name: WAIT_FOR_RESOURCES_TIMEOUT
-              value: "300s"
-            - name: REVISION
-              value: ""
+      - name: istio-operator
+        image: docker.io/istio/operator:1.7.4-distroless
+        command:
+        - operator
+        - server
+        env:
+        - name: WATCH_NAMESPACE
+          value: "istio-system"
+        - name: LEADER_ELECTION_NAMESPACE
+          value: "istio-operator"
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: OPERATOR_NAME
+          value: "istio-operator"
+        - name: WAIT_FOR_RESOURCES_TIMEOUT
+          value: "300s"
+        - name: REVISION
+          value: ""
+        resources:
+          limits:
+            cpu: 200m
+            memory: 256Mi
+          requests:
+            cpu: 50m
+            memory: 128Mi
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          privileged: false
+          readOnlyRootFilesystem: true
+          runAsGroup: 1337
+          runAsNonRoot: true
+          runAsUser: 1337

base/istio/istio-system/istio.yaml

@@ -4,41 +4,36 @@ metadata:
   name: istiocontrolplane
   namespace: istio-system
 spec:
-  profile: default
-  hub: registry1.dsop.io/ironbank/opensource/istio
-  tag: 1.7.3
-  meshConfig:
-    accessLogFile: /dev/stdout
   addonComponents:
     kiali:
       enabled: true
-
     tracing:
       enabled: true
-
+  hub: registry1.dsop.io/ironbank/opensource/istio
+  meshConfig:
+    accessLogFile: /dev/stdout
+  profile: default
+  tag: 1.7.3
   values:
     global:
       imagePullSecrets:
-        - private-registry
-
-
-    sidecarInjectorWebhook:
-      rewriteAppHTTPProbe: true
-      neverInjectSelector:
-        - matchExpressions:
-            - key: app.kubernetes.io/component
-              operator: In
-              values: [fluentd-configcheck]
-
+      - private-registry
     kiali:
-      hub: registry1.dsop.io/ironbank/opensource/kiali
       image: kiali
-      tag: v1.23.0
       dashboard:
         auth:
           strategy: anonymous
+      hub: registry1.dsop.io/ironbank/opensource/kiali
+      tag: v1.23.0
+    sidecarInjectorWebhook:
+      neverInjectSelector:
+      - matchExpressions:
+        - key: app.kubernetes.io/component
+          operator: In
+          values: [fluentd-configcheck]
+      rewriteAppHTTPProbe: true
     tracing:
       jaeger:
-        hub: registry1.dsop.io/ironbank/opensource/jaegertracing
         image: all-in-one
+        hub: registry1.dsop.io/ironbank/opensource/jaegertracing
         tag: 1.19.2