adding back old file

controller/sealed-secrets.yaml

@@ -0,0 +1,65 @@
+# Example: argocd-apps/sealed-secrets-app.yaml (in your GitOps repo)
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: sealed-secrets-controller
+  # Recommended: Install Sealed Secrets in the Argo CD control plane namespace
+  # or a specific namespace for cluster-wide components.
+  namespace: sealed-secrets
+  # Optional: Add finalizer to ensure resources are deleted cleanly
+  annotations:
+    # Sync Wave: Higher number syncs later
+    argocdj.argoproj.io/sync-wave: "0"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default # Or your specific Argo CD project
+  source:
+    repoURL: https://bitnami-labs.github.io # Sealed Secrets chart repository
+    chart: sealed-secrets
+    targetRevision: v2.17.2 # Specify the desired chart version (Check for the latest stable version!)
+    helm:
+      # Manage configuration through values here or via a values file
+      values: |
+        # Example: Increase replicas for HA (if needed)
+        # replicas: 2
+
+        # Example: Add resource requests/limits
+        # resources:
+        #   requests:
+        #     cpu: 100m
+        #     memory: 128Mi
+        #   limits:
+        #     cpu: 200m
+        #     memory: 256Mi
+
+        # -- CRITICAL: Decide on CRD management ---
+        # Option A (Let Helm manage CRDs - Simpler setup, potential issues on Helm upgrades/uninstall):
+        # installCRDs: true # This flag might exist in some chart versions, check chart docs.
+                           # If not, Helm might install CRDs in templates/crds/ by default.
+
+        # Option B (Recommended by Argo CD for CRDs - Manage CRDs Separately):
+        # Ensure CRDs are NOT managed by this Helm chart application.
+        # You would typically manage CRDs using a separate Argo CD Application
+        # with Sync Waves or apply them manually *before* this app syncs.
+        # Check the specific chart version's values.yaml for a flag like `crds.create` or similar and set it to `false`.
+        # If no such flag, Helm <3.x might still install them from templates/crds.
+        # Let's assume for newer charts you might need to ensure no explicit installCRDs=true is set
+        # and rely on the separate management described below.
+
+      # Optional: Use a separate values file from your Git repo
+      # valueFiles:
+      #  - values/sealed-secrets-values.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    # Target namespace for the Sealed Secrets controller deployment itself
+    namespace: sealed-secrets # Or your dedicated 'sealed-secrets' namespace
+  syncPolicy:
+    automated: # Optional: Enable automatic sync
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true # Creates the namespace if it doesn't exist
+      # --- CRITICAL: Address CRD installation order ---
+      # If using Option B (Separate CRD Management below), ensure the controller waits for CRDs.
+      # - ApplyOutOfSyncOnly=true # Can help prevent flapping if CRDs take time