45 lines
1.8 KiB
YAML
45 lines
1.8 KiB
YAML
# Filename: argocd-app-cert-manager-issuer.yaml
|
|
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: cert-manager-clusterissuer-cloudflare
|
|
namespace: argocd # The namespace where Argo CD runs
|
|
finalizers:
|
|
- resources-finalizer.argocd.argoproj.io
|
|
spec:
|
|
project: default # Or your specific Argo CD project name
|
|
|
|
source:
|
|
repoURL: 'https://git.james-mellors.com/mello/cert-manager.git' # Replace with your Git repository URL
|
|
path: 'argocd/apps/cert-manager-issuer' # Replace with the path to your SEALED secret and ClusterIssuer manifests
|
|
targetRevision: main # Or 'main', 'master', a specific tag, or commit hash
|
|
|
|
destination:
|
|
server: 'https://kubernetes.default.svc' # Target cluster URL (use this for in-cluster)
|
|
# The namespace where the *final decrypted* Secret needs to exist,
|
|
# matching the namespace in the SealedSecret metadata.
|
|
namespace: cert-manager
|
|
|
|
syncPolicy:
|
|
automated:
|
|
prune: true
|
|
selfHeal: true
|
|
syncOptions:
|
|
- CreateNamespace=true # Ensures the cert-manager namespace exists
|
|
# Optional: Might be needed if the controller adds annotations/labels
|
|
# - RespectIgnoreDifferences=true
|
|
# Optional: Ignore fields modified by the Sealed Secrets controller
|
|
# ignoreDifferences:
|
|
# - group: bitnami.com
|
|
# kind: SealedSecret
|
|
# jsonPointers:
|
|
# - /metadata/annotations
|
|
# - /metadata/creationTimestamp
|
|
# - /metadata/generation
|
|
# - /metadata/resourceVersion
|
|
# - /metadata/uid
|
|
|
|
# IMPORTANT DEPENDENCY:
|
|
# Ensure the Sealed Secrets controller is running and healthy *before* this
|
|
# application syncs, otherwise the SealedSecret won't be unsealed.
|
|
# If you manage Sealed Secrets via Argo CD, consider using Sync Waves or App of Apps patterns. |