warroyo

#@ load("@ytt:overlay", "overlay")
#@ load("@ytt:data", "data")
#@ load("@ytt:yaml", "yaml")


#@overlay/match by=overlay.subset({"kind":"Secret","metadata":{"annotations":{"tkg.tanzu.vmware.com/addon-type": "cni/antrea"}}})
---
apiVersion: v1
kind: Secret
#@ if data.values.ANTREA_VXLAN:

warroyo

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid" : "AllowTanzuServiceMeshPermissions",
            "Effect": "Allow",
            "Action": [
                "route53:ListHostedZones",
                "route53:ListHostedZonesByName",
                "route53:ListResourceRecordSets",

warroyo

apiVersion: networking.istio.io/v1alpha3
kind: EnvoyFilter
metadata:
  name: stats-filter-1.7
  namespace: istio-system
  labels:
    istio.io/rev: default
spec:
  configPatches:
    - applyTo: HTTP_FILTER

warroyo

#this is just an example, you will want to update the kinds and api groups accordingly as well as add excluded namepsaces
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: allowedgroups
metadata:
  name: must-be-memberof
spec:
  match:
    kinds:
      - apiGroups: [""]
        kinds: ["Namespace"]

warroyo

#@ load("@ytt:overlay", "overlay")
#@ load("/values.star", "values")

#@ harbor_tls_cert = overlay.subset({"kind": "Certificate", "metadata": {"name": "harbor-tls-cert"}})

#@overlay/match by=harbor_tls_cert
---
spec:
  issuerRef:
    name: #@ values.customIssuer

warroyo

#@data/values
---
extrapools:
- name: tkg-aws-wc-np-1
  replicas: 2
  az: us-west-2b
  nodeMachineType: t3.large
  autoscaler_min_size: 2
  autoscaler_max_size: 5
  tags:

warroyo

SOURCE_IMAGE = os.getenv("SOURCE_IMAGE", default='dev.registry.pivotal.io/warroyo/tap-go-sample-source')
LOCAL_PATH = os.getenv("LOCAL_PATH", default='./build')
NAMESPACE = os.getenv("NAMESPACE", default='default')

# (Re)build locally when source code changes
local_resource('go-build',
  cmd='GOOS=linux GOARCH=amd64 go build -o ./build/ -buildmode pie .',
  deps=['./main.go','./pkg/'],
  ignore=['./build'],
  dir='.'

warroyo

---
apiVersion: v1
data:
  secret-access-key: ""
kind: Secret
metadata:
  name: prod-route53-credentials-secret
  namespace: cert-manager
---
apiVersion: cert-manager.io/v1

warroyo

profile: iterate

shared:
  ingress_domain: "iterate.eks.tapmc.aws.warroyo.com"

ceip_policy_disclosed: TRUE # Installation fails if this is not set to true. Not a string.
buildservice:
  kp_default_repository: "dev.registry.pivotal.io/warroyo/iterate"
  kp_default_repository_username: ""
  kp_default_repository_password: ""

warroyo

SOURCE_IMAGE = 'dev.registry.pivotal.io/warroyo/iterate/sme-fe-code'
LOCAL_PATH = os.getenv("LOCAL_PATH", default='.')
NAMESPACE = os.getenv("NAMESPACE", default='default')

k8s_custom_deploy(
    'sme-frontend-code',
    apply_cmd="tanzu apps workload apply -f config/workload.yaml" +
               " --local-path " + LOCAL_PATH +
               " --source-image " + SOURCE_IMAGE +
               " --namespace " + NAMESPACE +