helmfile.yaml

repositories:
  - name: gatekeeper
    url: https://open-policy-agent.github.io/gatekeeper/charts
  - name: ratify
    url: https://ratify-project.github.io/ratify

releases:
  - name: gatekeeper
    namespace: gatekeeper-system
    createNamespace: true
    chart: gatekeeper/gatekeeper
    version: 3.17.0
    wait: true
    set:
      - name: enableExternalData
        value: true
      - name: validatingWebhookTimeoutSeconds
        value: 5
      - name: mutatingWebhookTimeoutSeconds
        value: 2
      - name: externaldataProviderResponseCacheTTL
        value: 10s
  - name: ratify
    namespace: gatekeeper-system
    chart: ratify/ratify
    version: 1.14.1 # Make sure this matches Chart.yaml
    wait: true
    needs:
      - gatekeeper
    hooks:
      - events: ["presync"]
        showlogs: true
        command: "bash"
        args:
          - "-c"
          - "kubectl apply -f https://ratify-project.github.io/ratify/library/default/template.yaml && kubectl apply -f https://ratify-project.github.io/ratify/library/default/samples/constraint.yaml"
      - events: ["postuninstall"]
        showlogs: true
        command: "kubectl"
        args:
          - "delete"
          - "-f"
          - "https://ratify-project.github.io/ratify/library/default/template.yaml"
          - "--ignore-not-found=true"
      - events: ["postuninstall"]
        showlogs: true
        command: "kubectl"
        args:
          - "delete"
          - "-f"
          - "https://ratify-project.github.io/ratify/library/default/samples/constraint.yaml"
          - "--ignore-not-found=true"
      - events: ["postuninstall"]
        showlogs: true
        command: "kubectl"
        args:
          - "delete"
          - "crd"
          - "stores.config.ratify.deislabs.io"
          - "verifiers.config.ratify.deislabs.io"
          - "certificatestores.config.ratify.deislabs.io"
          - "policies.config.ratify.deislabs.io"
          - "keymanagementproviders.config.ratify.deislabs.io"
          - "namespacedkeymanagementproviders.config.ratify.deislabs.io"
          - "namespacedpolicies.config.ratify.deislabs.io"
          - "namespacedstores.config.ratify.deislabs.io"
          - "namespacedverifiers.config.ratify.deislabs.io"
      - events: ["postuninstall"]
        showlogs: true
        command: "kubectl"
        args:
          - "delete"
          - "secret"
          - "ratify-tls"
          - "-n"
          - "gatekeeper-system"
    set:
      - name: notationCerts[0]
        value: {{ exec "curl" (list "-sSL" "https://raw.githubusercontent.com/deislabs/ratify/main/test/testdata/notation.crt") | quote }}
      - name: featureFlags.RATIFY_CERT_ROTATION
        value: true