--- app-of-apps: project: default destination: server: https://kubernetes.default.svc source: repoURL: ssh://git@forgejo-ssh.git-system.svc.cluster.local:2222/davad/argo.git path: system apps: - name: homepage description: Homelab dashboard path: ../apps/gethomepage namespace: homepage selfHeal: true # - name: cert-manager # namespace: cert-manager # path: cert-manager # plugin: # env: # - name: SOPS_SECRET_FILE # value: secret.sec.yaml # - name: cloudflared # namespace: cloudflared # path: cloudflared # - name: cloudnative-pg # namespace: cnpg # path: cloudnative-pg # - name: kubernetes-dashboard # namespace: kubernetes-dashboard # path: dashboard # plugin: # env: # - name: SOPS_SECRET_FILE # value: secret.sec.yaml # extraSyncOptions: # - RespectIgnoreDifferences=true # ignoreDifferences: # - name: kubernetes-dashboard-csrf # kind: Secret # jsonPointers: # - /data/csrf # - name: dyndns # namespace: dyndns # path: dyndns # plugin: # env: # - name: SOPS_SECRET_FILE # value: secret.sec.yaml # - name: keycloak # namespace: identity # path: identity/keycloak # plugin: # env: # - name: SOPS_SECRET_FILE # value: secret.sec.yaml # - name: metrics-server # namespace: metrics-server # path: metrics-server # - name: nfs-subdir-external-provisioner # namespace: nfs-subdir-provisioner # path: nfs-subdir-external-provisioner # plugin: # env: # - name: SOPS_SECRET_FILE # value: secret.sec.yaml # - name: oauth2-proxy # namespace: oauth2-proxy # path: oauth2-proxy # plugin: # env: # - name: SOPS_SECRET_FILE # value: secret.sec.yaml # - name: prometheus-stack # namespace: monitoring # path: prometheus-stack # plugin: # env: # - name: SOPS_SECRET_FILE # value: secret.sec.yaml # extraSyncOptions: # - ServerSideApply=true # managedNamespaceMetadata: # labels: # pod-security.kubernetes.io/enforce: privileged # # - name: traefik # namespace: traefik # path: traefik # plugin: # env: # - name: SOPS_SECRET_FILE # value: secret.sec.yaml # - name: node-feature-discovery # namespace: node-feature-discovery # path: node-feature-discovery # extraSyncOptions: # - RespectIgnoreDifferences=true # ignoreDifferences: # - group: apps # kind: DaemonSet # jsonPointers: # - /spec/template/metadata/annotations # managedNamespaceMetadata: # labels: # pod-security.kubernetes.io/enforce: privileged # - name: intel-device-plugins-operator # namespace: intel-device-plugins-operator # path: intel-device-plugins-operator # managedNamespaceMetadata: # labels: # pod-security.kubernetes.io/enforce: privileged # - name: intel-gpu-plugin # namespace: intel-gpu-plugin # path: intel-gpu-plugin # extraSyncOptions: # - RespectIgnoreDifferences=true # ignoreDifferences: # - group: deviceplugin.intel.com # kind: GpuDevicePlugin # jsonPointers: # - /spec/resourceManager # managedNamespaceMetadata: # labels: # pod-security.kubernetes.io/enforce: privileged # - name: snapshot-controller # namespace: snapshot-controller # path: snapshot-controller # ignoreDifferences: # - group: "admissionregistration.k8s.io" # kind: ValidatingWebhookConfiguration # name: snapshot-validation-webhook # jqPathExpressions: # - .webhooks[]?.clientConfig.caBundle # - kind: Secret # name: snapshot-validation-webhook-tls # jsonPointers: # - /data # - name: external-secrets # namespace: external-secrets # path: external-secrets # plugin: # env: # - name: SOPS_SECRET_FILE # value: secret.sec.yaml # - name: kubelet-csr-approver # namespace: kube-system # path: kubelet-csr-approver # - name: volsync # namespace: volsync # path: volsync # - name: talos-backup # namespace: talos-backup # path: talos-backup