forked from ratify-project/ratify
-
Notifications
You must be signed in to change notification settings - Fork 0
/
high-availability.helmfile.yaml
125 lines (124 loc) · 3.75 KB
/
high-availability.helmfile.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
repositories:
- name: dapr
url: https://dapr.github.io/helm-charts/
- name: bitnami
url: https://charts.bitnami.com/bitnami
- name: ratify
url: https://deislabs.github.io/ratify
releases:
- name: dapr
namespace: dapr-system
createNamespace: true
chart: dapr/dapr
version: 1.11.1
wait: true
- name: redis
namespace: gatekeeper-system
chart: bitnami/redis
version: 17.11.6
wait: true
set:
- name: image.tag
value: 7.0-debian-11
- name: replica.replicaCount
value: 1
- name: tls.enabled
value: true
- name: tls.autoGenerated
value: true
- name: tls.authClients
value: false
- name: ratify
namespace: gatekeeper-system
chart: ratify/ratify
version: 1.12.0 # Make sure this matches Chart.yaml
wait: true
needs:
- dapr-system/dapr
- gatekeeper-system/redis
hooks:
- events: ["presync"]
showlogs: true
command: "bash"
args:
- "-c"
- "export SIGN_KEY=$(openssl rand 16 | hexdump -v -e '/1 \"%02x\"' | base64) && curl https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml | yq e '.data.signingKey = strenv(SIGN_KEY)' | kubectl apply -f -"
- events: ["presync"]
showlogs: true
command: "kubectl"
args:
- "apply"
- "-f"
- "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis.yaml"
- "-n"
- "gatekeeper-system"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
args:
- "delete"
- "-f"
- "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml"
- "-n"
- "gatekeeper-system"
- "--ignore-not-found=true"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
args:
- "delete"
- "-f"
- "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis.yaml"
- "-n"
- "gatekeeper-system"
- "--ignore-not-found=true"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
args:
- "delete"
- "-f"
- "https://deislabs.github.io/ratify/library/default/template.yaml"
- "--ignore-not-found=true"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
args:
- "delete"
- "-f"
- "https://deislabs.github.io/ratify/library/default/samples/constraint.yaml"
- "--ignore-not-found=true"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
args:
- "delete"
- "crd"
- "stores.config.ratify.deislabs.io"
- "verifiers.config.ratify.deislabs.io"
- "certificatestores.config.ratify.deislabs.io"
- "policies.config.ratify.deislabs.io"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
args:
- "delete"
- "secret"
- "ratify-tls"
- "-n"
- "gatekeeper-system"
set:
- name: featureFlags.RATIFY_EXPERIMENTAL_HIGH_AVAILABILITY
value: true
- name: featureFlags.RATIFY_CERT_ROTATION
value: true
- name: logger.level
value: debug
- name: notationCert
value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/notation.crt") | quote }}
- name: replicaCount
value: 2
- name: provider.cache.type
value: dapr
- name: provider.cache.name
value: dapr-redis