repositories: - name: gatekeeper url: https://open-policy-agent.github.io/gatekeeper/charts - name: dapr url: https://dapr.github.io/helm-charts/ - name: bitnami url: https://charts.bitnami.com/bitnami - name: ratify url: ghcr.io/deislabs/ratify-chart-dev # PRERELEASE: Change to 'https://deislabs.github.io/ratify' before copying to helmfile.yaml oci: true # PRERELEASE: Remove before copying to helmfile.yaml releases: - name: dapr namespace: dapr-system createNamespace: true chart: dapr/dapr version: 1.11.1 wait: true - name: gatekeeper namespace: gatekeeper-system createNamespace: true chart: gatekeeper/gatekeeper version: 3.14.0 wait: true set: - name: enableExternalData value: true - name: validatingWebhookTimeoutSeconds value: 5 - name: mutatingWebhookTimeoutSeconds value: 2 - name: externaldataProviderResponseCacheTTL value: 10s - name: redis namespace: gatekeeper-system createNamespace: true chart: bitnami/redis version: 17.11.6 wait: true set: - name: image.tag value: 7.0-debian-11 - name: replica.replicaCount value: 1 - name: tls.enabled value: true - name: tls.autoGenerated value: true - name: tls.authClients value: false - name: ratify namespace: gatekeeper-system chart: ratify/ratify version: 0-dev # ATTENTION: Needs to match latest in Chart.yaml wait: true needs: - dapr-system/dapr - gatekeeper-system/redis - gatekeeper-system/gatekeeper hooks: - events: ["presync"] showlogs: true command: "bash" args: - "-c" - "export SIGN_KEY=$(openssl rand 16 | hexdump -v -e '/1 \"%02x\"' | base64) && curl https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml | yq e '.data.signingKey = strenv(SIGN_KEY)' | kubectl apply -f -" - events: ["presync"] showlogs: true command: "kubectl" args: - "apply" - "-f" - "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis.yaml" - "-n" - "gatekeeper-system" - events: ["presync"] showlogs: true command: "bash" args: - "-c" - "kubectl apply -f https://deislabs.github.io/ratify/library/default/template.yaml && kubectl apply -f https://deislabs.github.io/ratify/library/default/samples/constraint.yaml" - events: ["postuninstall"] showlogs: true command: "kubectl" args: - "delete" - "-f" - "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis-secret.yaml" - "-n" - "gatekeeper-system" - "--ignore-not-found=true" - events: ["postuninstall"] showlogs: true command: "kubectl" args: - "delete" - "-f" - "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/dapr/dapr-redis.yaml" - "-n" - "gatekeeper-system" - "--ignore-not-found=true" - events: ["postuninstall"] showlogs: true command: "kubectl" args: - "delete" - "-f" - "https://deislabs.github.io/ratify/library/default/template.yaml" - "--ignore-not-found=true" - events: ["postuninstall"] showlogs: true command: "kubectl" args: - "delete" - "-f" - "https://deislabs.github.io/ratify/library/default/samples/constraint.yaml" - "--ignore-not-found=true" - events: ["postuninstall"] showlogs: true command: "kubectl" args: - "delete" - "crd" - "stores.config.ratify.deislabs.io" - "verifiers.config.ratify.deislabs.io" - "certificatestores.config.ratify.deislabs.io" - "policies.config.ratify.deislabs.io" - events: ["postuninstall"] showlogs: true command: "kubectl" args: - "delete" - "secret" - "ratify-tls" - "-n" - "gatekeeper-system" set: - name: featureFlags.RATIFY_EXPERIMENTAL_HIGH_AVAILABILITY value: true - name: featureFlags.RATIFY_CERT_ROTATION value: true - name: logger.level value: debug - name: notationCert value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/notation.crt") | quote }} - name: replicaCount value: 2 - name: provider.cache.type value: dapr - name: provider.cache.name value: dapr-redis