argo/old/projects/system/values.yaml

---
app-of-apps:
  project: default
  destination:
    server: https://kubernetes.default.svc
  source:
    repoURL: ssh://git@forgejo-ssh.git-system.svc.cluster.local:2222/davad/argo.git
    path: system
  apps:
    - name: homepage
      description: Homelab dashboard
      path: ../apps/gethomepage
      namespace: homepage
      selfHeal: true

    # - name: cert-manager
    #   namespace: cert-manager
    #   path: cert-manager
    #   plugin:
    #     env:
    #       - name: SOPS_SECRET_FILE
    #         value: secret.sec.yaml
    # - name: cloudflared
    #   namespace: cloudflared
    #   path: cloudflared
    # - name: cloudnative-pg
    #   namespace: cnpg
    #   path: cloudnative-pg
    # - name: kubernetes-dashboard
    #   namespace: kubernetes-dashboard
    #   path: dashboard
    #   plugin:
    #     env:
    #       - name: SOPS_SECRET_FILE
    #         value: secret.sec.yaml
    #   extraSyncOptions:
    #     - RespectIgnoreDifferences=true
    #   ignoreDifferences:
    #     - name: kubernetes-dashboard-csrf
    #       kind: Secret
    #       jsonPointers:
    #         - /data/csrf
    # - name: dyndns
    #   namespace: dyndns
    #   path: dyndns
    #   plugin:
    #     env:
    #       - name: SOPS_SECRET_FILE
    #         value: secret.sec.yaml
    # - name: keycloak
    #   namespace: identity
    #   path: identity/keycloak
    #   plugin:
    #     env:
    #       - name: SOPS_SECRET_FILE
    #         value: secret.sec.yaml
    # - name: metrics-server
    #   namespace: metrics-server
    #   path: metrics-server

    # - name: nfs-subdir-external-provisioner
    #   namespace: nfs-subdir-provisioner
    #   path: nfs-subdir-external-provisioner
    #   plugin:
    #     env:
    #       - name: SOPS_SECRET_FILE
    #         value: secret.sec.yaml

    # - name: oauth2-proxy
    #   namespace: oauth2-proxy
    #   path: oauth2-proxy
    #   plugin:
    #     env:
    #       - name: SOPS_SECRET_FILE
    #         value: secret.sec.yaml
    # - name: prometheus-stack
    #   namespace: monitoring
    #   path: prometheus-stack
    #   plugin:
    #     env:
    #       - name: SOPS_SECRET_FILE
    #         value: secret.sec.yaml
    #   extraSyncOptions:
    #     - ServerSideApply=true
    #   managedNamespaceMetadata:
    #     labels:
    #       pod-security.kubernetes.io/enforce: privileged
    #
    # - name: traefik
    #   namespace: traefik
    #   path: traefik
    # plugin:
    #   env:
    #     - name: SOPS_SECRET_FILE
    #       value: secret.sec.yaml

    # - name: node-feature-discovery
    #   namespace: node-feature-discovery
    #   path: node-feature-discovery
    #   extraSyncOptions:
    #     - RespectIgnoreDifferences=true
    #   ignoreDifferences:
    #     - group: apps
    #       kind: DaemonSet
    #       jsonPointers:
    #         - /spec/template/metadata/annotations
    #   managedNamespaceMetadata:
    #     labels:
    #       pod-security.kubernetes.io/enforce: privileged
    # - name: intel-device-plugins-operator
    #   namespace: intel-device-plugins-operator
    #   path: intel-device-plugins-operator
    #   managedNamespaceMetadata:
    #     labels:
    #       pod-security.kubernetes.io/enforce: privileged
    # - name: intel-gpu-plugin
    #   namespace: intel-gpu-plugin
    #   path: intel-gpu-plugin
    #   extraSyncOptions:
    #     - RespectIgnoreDifferences=true
    #   ignoreDifferences:
    #     - group: deviceplugin.intel.com
    #       kind: GpuDevicePlugin
    #       jsonPointers:
    #         - /spec/resourceManager
    #   managedNamespaceMetadata:
    #     labels:
    #       pod-security.kubernetes.io/enforce: privileged
    # - name: snapshot-controller
    #   namespace: snapshot-controller
    #   path: snapshot-controller
    #   ignoreDifferences:
    #     - group: "admissionregistration.k8s.io"
    #       kind: ValidatingWebhookConfiguration
    #       name: snapshot-validation-webhook
    #       jqPathExpressions:
    #         - .webhooks[]?.clientConfig.caBundle
    #     - kind: Secret
    #       name: snapshot-validation-webhook-tls
    #       jsonPointers:
    #         - /data
    # - name: external-secrets
    #   namespace: external-secrets
    #   path: external-secrets
    #   plugin:
    #     env:
    #       - name: SOPS_SECRET_FILE
    #         value: secret.sec.yaml
    # - name: kubelet-csr-approver
    #   namespace: kube-system
    #   path: kubelet-csr-approver
    # - name: volsync
    #   namespace: volsync
    #   path: volsync
    # - name: talos-backup
    #   namespace: talos-backup
    #   path: talos-backup