zloeber/gist:e280030aa819be22653809bb1d353c0d

## gistfile1.txt
helmDefaults:
  tillerless: true
  tillerNamespace: platform
  atomic: false
  verify: false
  wait: true
  timeout: 1200
  recreatePods: true
  force: true

repositories:
- name: jetstack
  url: "https://charts.jetstack.io"
- name: "incubator"
  url: "https://kubernetes-charts-incubator.storage.googleapis.com"
- name: "zloeber"
  url: "git+https://github.com/zloeber/helm-namespace@chart"
releases:
###############################################################################
## CERT-MANAGER - Automatic Let's Encrypt for Ingress  ########################
##   Also provides local CA for issuing locally valid TLS certificates  #######
###############################################################################
# References:
# - https://github.com/jetstack/cert-manager/blob/v0.11.0/deploy/charts/cert-manager/values.yaml
# Instructions for installing and testing correct install are at
# - https://docs.cert-manager.io/en/release-0.9/getting-started/install/kubernetes.html
- name: namespace-cert-manager
  # Helm 3 needs to put deployment info into a namespace. As this creates a namespace it will not exist yet so we use 'kube-system'
  #  which should exist in all clusters.
  chart: zloeber/namespace
  namespace: kube-system
  labels:
    chart: namespace-cert-manager
    component: "cert-manager"
    namespace: "cert-manager"
  wait: true
  installed: {{ env "STACK_CERTMANAGER" | default "true" }}
  values:
  - namespaces:
    - cert-manager
    helmResourcePolicy: delete
    annotations:
      certmanager.k8s.io/disable-validation: "true"
- name: cert-manager
  namespace: "cert-manager"
  labels:
    chart: "cert-manager"
    repo: "stable"
    component: "kiam"
    namespace: "cert-manager"
    vendor: "jetstack"
    default: "false"
  chart: jetstack/cert-manager
  version: "v0.9.0"
  wait: true
  installed: {{ env "STACK_CERTMANAGER" | default "true" }}
  needs:
    - kube-system/namespace-cert-manager
  hooks:
    # This hook adds the CRDs
    - events: ["presync"]
      showlogs: true
      command: "/bin/sh"
      args: ["-c", "kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.9/deploy/manifests/00-crds.yaml"]
  values:
    - fullnameOverride: cert-manager
      rbac:
        create: {{ env "RBAC_ENABLED" | default "true" }}
      ingressShim:
        defaultIssuerName: '{{ env "CERT_MANAGER_INGRESS_SHIM_DEFAULT_ISSUER_NAME" | default "letsencrypt-staging" }}'
        defaultIssuerKind: '{{ env "CERT_MANAGER_INGRESS_SHIM_DEFAULT_ISSUER_KIND" | default "ClusterIssuer" }}'
{{ if env "CERT_MANAGER_IAM_ROLE" | default "" }}
      podAnnotations:
        iam.amazonaws.com/role: '{{ env "CERT_MANAGER_IAM_ROLE" }}'
{{ end }}
      serviceAccount:
        create: {{ env "RBAC_ENABLED" | default "true" }}
        name: '{{ env "CERT_MANAGER_SERVICE_ACCOUNT_NAME" | default "" }}'
{{- if eq (env "MONITORING_ENABLED" | default "true") "true" }}
      prometheus:
        enabled: true
        servicemonitor:
          enabled: true
          prometheusInstance: {{ env "PROMETHEUS_INSTANCE" | default "kube-prometheus" }}
          targetPort: 9402
          path: /metrics
          interval: 60s
          scrapeTimeout: 30s
{{ end }}
      webhook:
        enabled: false
      cainjector:
        enabled: true
      resources:
        limits:
          cpu: "200m"
          memory: "256Mi"
        requests:
          cpu: "50m"
          memory: "128Mi"
- name: cert-manager-issuers
  chart: "incubator/raw"
  namespace: "cert-manager"
  labels:
    component: "cert-manager"
    namespace: "cert-manager"
    default: "true"
  wait: true
  force: true
  recreatePods: true
  installed: {{ env "STACK_CERTMANAGER" | default "true" }}
  needs:
    - kube-system/namespace-cert-manager
    - cert-manager/cert-manager
  values:
  - resources:
    - apiVersion: certmanager.k8s.io/v1alpha1
      kind: ClusterIssuer
      metadata:
        name: letsencrypt-staging
      spec:
        acme:
          server: https://acme-staging-v02.api.letsencrypt.org/directory
          email: {{ coalesce (env "SMTP_RECIPIENT") (env "CERT_MANAGER_EMAIL") (env "KUBE_LEGO_EMAIL") "user@example.com" }}
          privateKeySecretRef:
            name: letsencrypt-staging
          solvers:
            - http01:
                ingress:
                  class: nginx
{{- if env "CERT_MANAGER_IAM_ROLE" | default "" }}
            - dns01:
                route53: {}
{{- end }}
    - apiVersion: certmanager.k8s.io/v1alpha1
      kind: ClusterIssuer
      metadata:
        name: letsencrypt-prod
      spec:
        acme:
          server: https://acme-v02.api.letsencrypt.org/directory
          email: {{ coalesce (env "SMTP_RECIPIENT") (env "CERT_MANAGER_EMAIL") (env "KUBE_LEGO_EMAIL") "user@example.com" }}
          privateKeySecretRef:
            name: letsencrypt-prod
          solvers:
            - http01:
                ingress:
                  class: nginx
{{- if env "CERT_MANAGER_IAM_ROLE" | default "" }}
            - dns01:
                route53: {}
{{- end }}
	helmDefaults:
	tillerless: true
	tillerNamespace: platform
	atomic: false
	verify: false
	wait: true
	timeout: 1200
	recreatePods: true
	force: true

	repositories:
	- name: jetstack
	url: "https://charts.jetstack.io"
	- name: "incubator"
	url: "https://kubernetes-charts-incubator.storage.googleapis.com"
	- name: "zloeber"
	url: "git+https://github.com/zloeber/helm-namespace@chart"
	releases:
	###############################################################################
	## CERT-MANAGER - Automatic Let's Encrypt for Ingress ########################
	## Also provides local CA for issuing locally valid TLS certificates #######
	###############################################################################
	# References:
	# - https://github.com/jetstack/cert-manager/blob/v0.11.0/deploy/charts/cert-manager/values.yaml
	# Instructions for installing and testing correct install are at
	# - https://docs.cert-manager.io/en/release-0.9/getting-started/install/kubernetes.html
	- name: namespace-cert-manager
	# Helm 3 needs to put deployment info into a namespace. As this creates a namespace it will not exist yet so we use 'kube-system'
	# which should exist in all clusters.
	chart: zloeber/namespace
	namespace: kube-system
	labels:
	chart: namespace-cert-manager
	component: "cert-manager"
	namespace: "cert-manager"
	wait: true
	installed: {{ env "STACK_CERTMANAGER" \| default "true" }}
	values:
	- namespaces:
	- cert-manager
	helmResourcePolicy: delete
	annotations:
	certmanager.k8s.io/disable-validation: "true"
	- name: cert-manager
	namespace: "cert-manager"
	labels:
	chart: "cert-manager"
	repo: "stable"
	component: "kiam"
	namespace: "cert-manager"
	vendor: "jetstack"
	default: "false"
	chart: jetstack/cert-manager
	version: "v0.9.0"
	wait: true
	installed: {{ env "STACK_CERTMANAGER" \| default "true" }}
	needs:
	- kube-system/namespace-cert-manager
	hooks:
	# This hook adds the CRDs
	- events: ["presync"]
	showlogs: true
	command: "/bin/sh"
	args: ["-c", "kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.9/deploy/manifests/00-crds.yaml"]
	values:
	- fullnameOverride: cert-manager
	rbac:
	create: {{ env "RBAC_ENABLED" \| default "true" }}
	ingressShim:
	defaultIssuerName: '{{ env "CERT_MANAGER_INGRESS_SHIM_DEFAULT_ISSUER_NAME" \| default "letsencrypt-staging" }}'
	defaultIssuerKind: '{{ env "CERT_MANAGER_INGRESS_SHIM_DEFAULT_ISSUER_KIND" \| default "ClusterIssuer" }}'
	{{ if env "CERT_MANAGER_IAM_ROLE" \| default "" }}
	podAnnotations:
	iam.amazonaws.com/role: '{{ env "CERT_MANAGER_IAM_ROLE" }}'
	{{ end }}
	serviceAccount:
	create: {{ env "RBAC_ENABLED" \| default "true" }}
	name: '{{ env "CERT_MANAGER_SERVICE_ACCOUNT_NAME" \| default "" }}'
	{{- if eq (env "MONITORING_ENABLED" \| default "true") "true" }}
	prometheus:
	enabled: true
	servicemonitor:
	enabled: true
	prometheusInstance: {{ env "PROMETHEUS_INSTANCE" \| default "kube-prometheus" }}
	targetPort: 9402
	path: /metrics
	interval: 60s
	scrapeTimeout: 30s
	{{ end }}
	webhook:
	enabled: false
	cainjector:
	enabled: true
	resources:
	limits:
	cpu: "200m"
	memory: "256Mi"
	requests:
	cpu: "50m"
	memory: "128Mi"
	- name: cert-manager-issuers
	chart: "incubator/raw"
	namespace: "cert-manager"
	labels:
	component: "cert-manager"
	namespace: "cert-manager"
	default: "true"
	wait: true
	force: true
	recreatePods: true
	installed: {{ env "STACK_CERTMANAGER" \| default "true" }}
	needs:
	- kube-system/namespace-cert-manager
	- cert-manager/cert-manager
	values:
	- resources:
	- apiVersion: certmanager.k8s.io/v1alpha1
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-staging
	spec:
	acme:
	server: https://acme-staging-v02.api.letsencrypt.org/directory
	email: {{ coalesce (env "SMTP_RECIPIENT") (env "CERT_MANAGER_EMAIL") (env "KUBE_LEGO_EMAIL") "user@example.com" }}
	privateKeySecretRef:
	name: letsencrypt-staging
	solvers:
	- http01:
	ingress:
	class: nginx
	{{- if env "CERT_MANAGER_IAM_ROLE" \| default "" }}
	- dns01:
	route53: {}
	{{- end }}
	- apiVersion: certmanager.k8s.io/v1alpha1
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-prod
	spec:
	acme:
	server: https://acme-v02.api.letsencrypt.org/directory
	email: {{ coalesce (env "SMTP_RECIPIENT") (env "CERT_MANAGER_EMAIL") (env "KUBE_LEGO_EMAIL") "user@example.com" }}
	privateKeySecretRef:
	name: letsencrypt-prod
	solvers:
	- http01:
	ingress:
	class: nginx
	{{- if env "CERT_MANAGER_IAM_ROLE" \| default "" }}
	- dns01:
	route53: {}
	{{- end }}