From f705b715a5e81eb16afea2e4461ddb3de0545c5e Mon Sep 17 00:00:00 2001
From: Greg <miernicki_gregory@bah.com>
Date: Wed, 17 Jul 2024 08:18:49 -0500
Subject: [PATCH] =?UTF-8?q?=20=E2=9B=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
chart/templates/istio-base/helmrelease.yaml | 69 +++++++++++++++++++
.../templates/istio-gateway/helmrelease.yaml | 69 +++++++++++++++++++
chart/templates/istiod/helmrelease.yaml | 69 +++++++++++++++++++
3 files changed, 207 insertions(+)
diff --git a/chart/templates/istio-base/helmrelease.yaml b/chart/templates/istio-base/helmrelease.yaml
index e69de29bb2..97b13abc61 100644
--- a/chart/templates/istio-base/helmrelease.yaml
+++ b/chart/templates/istio-base/helmrelease.yaml
@@ -0,0 +1,69 @@
+{{- $fluxSettingsIstioBase := merge .Values.istioBase.flux .Values.flux -}}
+{{- if .Values.istioBase.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ name: istio-base
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: istio-base
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+ annotations:
+ checksum/bigbang-values: {{ include (print $.Template.BasePath "/istio-base/values.yaml") . | sha256sum }}
+spec:
+ targetNamespace: istio-base
+ chart:
+ spec:
+ {{- if eq .Values.istioBase.sourceType "git" }}
+ chart: {{ .Values.istioBase.git.path }}
+ sourceRef:
+ kind: GitRepository
+ name: istio-base
+ namespace: {{ .Release.Namespace }}
+ {{- else }}
+ chart: {{ .Values.istioBase.helmRepo.chartName }}
+ version: {{ .Values.istioBase.helmRepo.tag }}
+ sourceRef:
+ kind: HelmRepository
+ name: {{ .Values.istioBase.helmRepo.repoName }}
+ namespace: {{ .Release.Namespace }}
+ {{- $repoType := include "getRepoType" (dict "repoName" .Values.istioBase.helmRepo.repoName "allRepos" $.Values.helmRepositories) -}}
+ {{- if (and .Values.istioBase.helmRepo.cosignVerify (eq $repoType "oci")) }} # Needs to be an OCI repo
+ verify:
+ provider: cosign
+ secretRef:
+ name: {{ printf "%s-cosign-pub" .Values.istioBase.helmRepo.repoName }}
+ {{- end }}
+ {{- end }}
+ interval: 5m
+
+ {{- toYaml $fluxSettingsIstioBase | nindent 2 }}
+
+ {{- if .Values.istioBase.postRenderers }}
+ postRenderers:
+ {{ toYaml .Values.istioBase.postRenderers | nindent 4 }}
+ {{- end }}
+ valuesFrom:
+ - name: {{ .Release.Name }}-istio-base-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-istio-base-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-istio-base-values
+ kind: Secret
+ valuesKey: "overlays"
+
+ {{- if or .Values.gatekeeper.enabled .Values.kyvernoPolicies.enabled }}
+ dependsOn:
+ {{- if .Values.gatekeeper.enabled }}
+ - name: gatekeeper
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.kyvernoPolicies.enabled }}
+ - name: kyverno-policies
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/chart/templates/istio-gateway/helmrelease.yaml b/chart/templates/istio-gateway/helmrelease.yaml
index e69de29bb2..06d15c1766 100644
--- a/chart/templates/istio-gateway/helmrelease.yaml
+++ b/chart/templates/istio-gateway/helmrelease.yaml
@@ -0,0 +1,69 @@
+{{- $fluxSettingsIstioGateway := merge .Values.istioGateway.flux .Values.flux -}}
+{{- if .Values.istioGateway.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ name: istio-gateway
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: istio-gateway
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+ annotations:
+ checksum/bigbang-values: {{ include (print $.Template.BasePath "/istio-gateway/values.yaml") . | sha256sum }}
+spec:
+ targetNamespace: istio-gateway
+ chart:
+ spec:
+ {{- if eq .Values.istioGateway.sourceType "git" }}
+ chart: {{ .Values.istioGateway.git.path }}
+ sourceRef:
+ kind: GitRepository
+ name: istio-gateway
+ namespace: {{ .Release.Namespace }}
+ {{- else }}
+ chart: {{ .Values.istioGateway.helmRepo.chartName }}
+ version: {{ .Values.istioGateway.helmRepo.tag }}
+ sourceRef:
+ kind: HelmRepository
+ name: {{ .Values.istioGateway.helmRepo.repoName }}
+ namespace: {{ .Release.Namespace }}
+ {{- $repoType := include "getRepoType" (dict "repoName" .Values.istioGateway.helmRepo.repoName "allRepos" $.Values.helmRepositories) -}}
+ {{- if (and .Values.istioGateway.helmRepo.cosignVerify (eq $repoType "oci")) }} # Needs to be an OCI repo
+ verify:
+ provider: cosign
+ secretRef:
+ name: {{ printf "%s-cosign-pub" .Values.istioGateway.helmRepo.repoName }}
+ {{- end }}
+ {{- end }}
+ interval: 5m
+
+ {{- toYaml $fluxSettingsIstioGateway | nindent 2 }}
+
+ {{- if .Values.istioGateway.postRenderers }}
+ postRenderers:
+ {{ toYaml .Values.istioGateway.postRenderers | nindent 4 }}
+ {{- end }}
+ valuesFrom:
+ - name: {{ .Release.Name }}-istio-gateway-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-istio-gateway-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-istio-gateway-values
+ kind: Secret
+ valuesKey: "overlays"
+
+ {{- if or .Values.gatekeeper.enabled .Values.kyvernoPolicies.enabled }}
+ dependsOn:
+ {{- if .Values.gatekeeper.enabled }}
+ - name: gatekeeper
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.kyvernoPolicies.enabled }}
+ - name: kyverno-policies
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/chart/templates/istiod/helmrelease.yaml b/chart/templates/istiod/helmrelease.yaml
index e69de29bb2..72bc20f9b7 100644
--- a/chart/templates/istiod/helmrelease.yaml
+++ b/chart/templates/istiod/helmrelease.yaml
@@ -0,0 +1,69 @@
+{{- $fluxSettingsIstiod := merge .Values.istiod.flux .Values.flux -}}
+{{- if .Values.istiod.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ name: istiod
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: istiod
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+ annotations:
+ checksum/bigbang-values: {{ include (print $.Template.BasePath "/istiod/values.yaml") . | sha256sum }}
+spec:
+ targetNamespace: istiod
+ chart:
+ spec:
+ {{- if eq .Values.istiod.sourceType "git" }}
+ chart: {{ .Values.istiod.git.path }}
+ sourceRef:
+ kind: GitRepository
+ name: istiod
+ namespace: {{ .Release.Namespace }}
+ {{- else }}
+ chart: {{ .Values.istiod.helmRepo.chartName }}
+ version: {{ .Values.istiod.helmRepo.tag }}
+ sourceRef:
+ kind: HelmRepository
+ name: {{ .Values.istiod.helmRepo.repoName }}
+ namespace: {{ .Release.Namespace }}
+ {{- $repoType := include "getRepoType" (dict "repoName" .Values.istiod.helmRepo.repoName "allRepos" $.Values.helmRepositories) -}}
+ {{- if (and .Values.istiod.helmRepo.cosignVerify (eq $repoType "oci")) }} # Needs to be an OCI repo
+ verify:
+ provider: cosign
+ secretRef:
+ name: {{ printf "%s-cosign-pub" .Values.istiod.helmRepo.repoName }}
+ {{- end }}
+ {{- end }}
+ interval: 5m
+
+ {{- toYaml $fluxSettingsIstiod | nindent 2 }}
+
+ {{- if .Values.istiod.postRenderers }}
+ postRenderers:
+ {{ toYaml .Values.istiod.postRenderers | nindent 4 }}
+ {{- end }}
+ valuesFrom:
+ - name: {{ .Release.Name }}-istiod-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-istiod-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-istiod-values
+ kind: Secret
+ valuesKey: "overlays"
+
+ {{- if or .Values.gatekeeper.enabled .Values.kyvernoPolicies.enabled }}
+ dependsOn:
+ {{- if .Values.gatekeeper.enabled }}
+ - name: gatekeeper
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.kyvernoPolicies.enabled }}
+ - name: kyverno-policies
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
--
GitLab