-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhelmfile.yaml.gotmpl
More file actions
51 lines (43 loc) · 2.53 KB
/
Copy pathhelmfile.yaml.gotmpl
File metadata and controls
51 lines (43 loc) · 2.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# code: language=helm
{{- /* ATLAS top-level — consumed by users via `git::...` reference or run
directly from this repo. Assembles the atlas context, then hands off to
templates/helmfile.all.yaml.gotmpl for discovery and dispatch.
Env vars (the only supported way to toggle ATLAS runtime behavior from
outside — consumer entry-point helmfiles generally don't forward
arbitrary .Values keys, so env vars are the only knobs that reach
ATLAS reliably):
ATLAS_REDACT_SECRETS enable post-renderer redaction
ATLAS_FILTER_CLUSTER stage-1 filter: render only this cluster
ATLAS_FILTER_DEPLOYMENT_NAME stage-1 filter: render only this deployment */ -}}
{{- /* ── Version gate ──────────────────────────────────────────────────
ATLAS requires Helm >= 4.0.0 and Helmfile >= 1.0.0.
Older versions lack template-context fields (.Environment.Values)
and post-renderer features that the pipeline relies on. */ -}}
{{- $helmVersion := exec "helm" (list "version" "--short") | trim | regexFind "\\d+\\.\\d+\\.\\d+" }}
{{- if not (semverCompare ">=4.0.0" $helmVersion) }}
{{- fail (printf "ATLAS requires Helm >= 4.0.0 (found %s)" $helmVersion) }}
{{- end }}
{{- $hfVersion := exec "helmfile" (list "version") | regexFind "\\d+\\.\\d+\\.\\d+" }}
{{- if not (semverCompare ">=1.0.0" $hfVersion) }}
{{- fail (printf "ATLAS requires Helmfile >= 1.0.0 (found %s)" $hfVersion) }}
{{- end }}
{{- $atlas := deepCopy .Values.atlas }}
{{- /* Redaction toggle — env var is always the source of truth. */ -}}
{{- $_ := set $atlas "redactSecrets" (eq (env "ATLAS_REDACT_SECRETS") "true") }}
{{- /* Stage-1 filter. Always overwritten from env vars — an atlas.filter key
a caller tried to pass through .Values is discarded so there's exactly
one input path and no silent surprises. */ -}}
{{- $_ := unset $atlas "filter" }}
{{- $envCluster := env "ATLAS_FILTER_CLUSTER" | default "" }}
{{- $envDeployment := env "ATLAS_FILTER_DEPLOYMENT_NAME" | default "" }}
{{- if or $envCluster $envDeployment }}
{{- $filter := dict }}
{{- if $envCluster }}{{- $_ := set $filter "cluster" $envCluster }}{{- end }}
{{- if $envDeployment }}{{- $_ := set $filter "deploymentName" $envDeployment }}{{- end }}
{{- $_ := set $atlas "filter" $filter }}
{{- end }}
helmfiles:
- path: templates/helmfile.all.yaml.gotmpl
values:
- atlas:
{{- $atlas | toYaml | nindent 10 }}