-
Notifications
You must be signed in to change notification settings - Fork 79
Expand file tree
/
Copy pathdev.helmfile.yaml.gotmpl
More file actions
80 lines (79 loc) · 2.61 KB
/
dev.helmfile.yaml.gotmpl
File metadata and controls
80 lines (79 loc) · 2.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
repositories:
- name: gatekeeper
url: https://open-policy-agent.github.io/gatekeeper/charts
- name: ratify
url: https://notaryproject.github.io/ratify
releases:
- name: gatekeeper
namespace: gatekeeper-system
createNamespace: true
chart: gatekeeper/gatekeeper
version: 3.18.3
wait: true
set:
- name: enableExternalData
value: true
- name: validatingWebhookTimeoutSeconds
value: 5
- name: mutatingWebhookTimeoutSeconds
value: 2
- name: externaldataProviderResponseCacheTTL
value: 10s
- name: ratify-gatekeeper-provider
namespace: gatekeeper-system
chart: ratify/ratify-gatekeeper-provider
version: 2.0.0-dev
wait: true
needs:
- gatekeeper
hooks:
- events: ["presync"]
showlogs: true
command: "bash"
args:
- "-c"
- "kubectl apply -f https://raw.githubusercontent.com/notaryproject/ratify/main/configs/constrainttemplates/default/template.yaml && kubectl apply -f https://raw.githubusercontent.com/notaryproject/ratify/main/configs/constrainttemplates/default/constraint.yaml"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
args:
- "delete"
- "-f"
- "https://raw.githubusercontent.com/notaryproject/ratify/main/configs/constrainttemplates/default/template.yaml"
- "--ignore-not-found=true"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
args:
- "delete"
- "-f"
- "https://raw.githubusercontent.com/notaryproject/ratify/main/configs/constrainttemplates/default/constraint.yaml"
- "--ignore-not-found=true"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
args:
- "delete"
- "secret"
- "ratify-gatekeeper-provider-tls"
- "ratify-gatekeeper-provider-notation-certs"
- "--ignore-not-found=true"
- "-n"
- "gatekeeper-system"
- events: ["postuninstall"]
showlogs: true
command: "kubectl"
args:
- "delete"
- "crd"
- "executors.config.ratify.dev"
- "--ignore-not-found=true"
set:
- name: notation.certs[0].cert
value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/ratify-project/ratify/main/test/testdata/notation.crt") | quote }}
- name: notation.certs[0].provider
value: "inline"
- name: stores[0].credential.provider
value: "static"
- name: executor.scopes[0]
value: "ghcr.io"