39 lines
1.6 KiB
YAML
39 lines
1.6 KiB
YAML
# Example: argocd-apps/sealed-secrets-app.yaml (in your GitOps repo)
|
|
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: sealed-secrets-controller
|
|
# Recommended: Install Sealed Secrets in the Argo CD control plane namespace
|
|
# or a specific namespace for cluster-wide components.
|
|
namespace: sealed-secrets
|
|
# Optional: Add finalizer to ensure resources are deleted cleanly
|
|
annotations:
|
|
# Sync Wave: Higher number syncs later
|
|
argocdj.argoproj.io/sync-wave: "0"
|
|
finalizers:
|
|
- resources-finalizer.argocd.argoproj.io
|
|
spec:
|
|
project: default # Or your specific Argo CD project
|
|
source:
|
|
repoURL: https://bitnami-labs.github.io/sealed-secrets/ # Sealed Secrets chart repository
|
|
chart: sealed-secrets
|
|
targetRevision: 2.17.2 # Specify the desired chart version (Check for the latest stable version!)
|
|
helm:
|
|
# Manage configuration through values here or via a values file
|
|
values: |
|
|
replicas: 1
|
|
|
|
|
|
destination:
|
|
server: https://kubernetes.default.svc
|
|
# Target namespace for the Sealed Secrets controller deployment itself
|
|
namespace: sealed-secrets # Or your dedicated 'sealed-secrets' namespace
|
|
syncPolicy:
|
|
automated: # Optional: Enable automatic sync
|
|
prune: true
|
|
selfHeal: true
|
|
syncOptions:
|
|
- CreateNamespace=true # Creates the namespace if it doesn't exist
|
|
# --- CRITICAL: Address CRD installation order ---
|
|
# If using Option B (Separate CRD Management below), ensure the controller waits for CRDs.
|
|
# - ApplyOutOfSyncOnly=true # Can help prevent flapping if CRDs take time |