You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
heqet/charts/heqet/templates/_helpers.tpl

50 lines
1.3 KiB

{{- /*
Heket's Auto TLS Ingress Injector [ATIC]:
*/ -}}
{{- define "heqet.ingress" }}
ingress:
enabled: true
hosts:
{{- if not .ingress_hosts_keymap }}
- {{ required "You need to set a domain for your app or disable atic" .vhost }}
{{- else }}
- host: {{ required "You need to set a domain for your app or disable atic" .vhost }}
paths: []
{{- end }}
annotations:
kubernetes.io/ingress.class: {{ .ingress_class | default "nginx" }}
kubernetes.io/tls-acme: "true"
cert-manager.io/cluster-issuer: {{ .ingress_cluster_issuer | default "letsencrypt" }}
tls:
- secretName: {{ .name }}-le-tls
hosts:
- {{ .vhost | quote }}
{{- end }}
{{- /*
Read value files for every application
*/ -}}
{{- define "app.values" }}
{{- $values := .Files.Glob "values.d/*.yaml" }}
{{- ($values)| indent 8 }}
{{ end }}
{{- /*
Inject vault-injector into pods
*/ -}}
{{- define "vault.injection" }}
podAnnotations:
heqet.gnu.one/app: "true"
{{- if not .novault }}
vault.hashicorp.com/agent-inject: "true"
vault.hashicorp.com/role: "{{ .name }}-vault-ro"
{{- if .secret }}
{{- $appname := .name }}
{{- range .secrets }}
vault.hashicorp.com/agent-inject-secret-{{ .path }}: "heqet/apps/{{ $appname }}/{{ .name }}"
{{- end }}
{{- end }}
spec:
serviceAccountName: "{{ .name }}-vault-ro"
{{- end }}
{{- end }}