-
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathcilium_argocd_appset.yaml
64 lines (64 loc) · 2.02 KB
/
cilium_argocd_appset.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
---
# cilium is for backups of persistent volume claims
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: cilium-app-set
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "2"
spec:
goTemplate: true
# generator allows us to source specific values from an external k8s secret
generators:
- plugin:
configMapRef:
name: secret-var-plugin-generator
input:
parameters:
secret_vars:
- cilium_hostname
- vouch_hostname
template:
metadata:
name: cilium-helm-release
spec:
project: cilium
destination:
server: "https://kubernetes.default.svc"
namespace: cilium
syncPolicy:
syncOptions:
- ApplyOutOfSyncOnly=true
automated:
prune: true
selfHeal: true
source:
# official cilium helm repo
repoURL: 'https://helm.cilium.io/'
chart: cilium
targetRevision: 1.17.0
helm:
values: |
operator:
replicas: 1
encryption:
enabled: true
type: wireguard
hubble:
ui:
enabled: true
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: {{ .global_cluster_issuer }}
nginx.ingress.kubernetes.io/auth-signin: "https://{{ .vouch_hostname }}/login?url=$scheme://$http_host$request_uri&vouch-failcount=$auth_resp_failcount&X-Vouch-Token=$auth_resp_jwt&error=$auth_resp_err"
nginx.ingress.kubernetes.io/auth-url: https://{{ .vouch_hostname }}/validate
nginx.ingress.kubernetes.io/auth-response-headers: X-Vouch-User
className: nginx
hosts:
- {{ .cilium_hostname }}
tls:
- secretName: cilium-tls
hosts:
- "{{ .cilium_hostname }}"