From 33131e00836fd504a8287218bbea3c5f7ad83c24 Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@oceanbox.io>
Date: Fri, 20 Jun 2025 15:17:22 +0200
Subject: [PATCH] fix: add sys appproject

---
 values/system/manifests/appproject-sys.yaml   | 88 +++++++++++++++++++
 .../system/oceanbox/kyverno/sync-gitlab.yaml  | 34 -------
 2 files changed, 88 insertions(+), 34 deletions(-)
 create mode 100644 values/system/manifests/appproject-sys.yaml
 delete mode 100644 values/system/oceanbox/kyverno/sync-gitlab.yaml

diff --git a/values/system/manifests/appproject-sys.yaml b/values/system/manifests/appproject-sys.yaml
new file mode 100644
index 00000000..5d425494
--- /dev/null
+++ b/values/system/manifests/appproject-sys.yaml
@@ -0,0 +1,88 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  annotations:
+  name: sys
+  namespace: argocd
+spec:
+  clusterResourceWhitelist:
+  - group: '*'
+    kind: '*'
+  description: sys components project
+  destinations:
+  - namespace: argocd
+    server: https://kubernetes.default.svc
+  - namespace: kube-system
+    server: https://kubernetes.default.svc
+  - namespace: ingress-nginx
+    server: https://kubernetes.default.svc
+  - namespace: prometheus
+    server: https://kubernetes.default.svc
+  - namespace: cnpg
+    server: https://kubernetes.default.svc
+  - namespace: cert-manager
+    server: https://kubernetes.default.svc
+  - namespace: kubernetes-dashboard
+    server: https://kubernetes.default.svc
+  - namespace: rabbitmq
+    server: https://kubernetes.default.svc
+  - namespace: sealed-secrets
+    server: https://kubernetes.default.svc
+  - namespace: gitlab
+    server: https://kubernetes.default.svc
+  - namespace: thanos
+    server: https://kubernetes.default.svc
+  - namespace: linkerd
+    server: https://kubernetes.default.svc
+  - namespace: linkerd-multicluster
+    server: https://kubernetes.default.svc
+  - namespace: observability
+    server: https://kubernetes.default.svc
+  - namespace: kyverno
+    server: https://kubernetes.default.svc
+  - namespace: velero
+    server: https://kubernetes.default.svc
+  - namespace: loki
+    server: https://kubernetes.default.svc
+  - namespace: x509-exporter
+    server: https://kubernetes.default.svc
+  - namespace: mariadb-operator
+    server: https://kubernetes.default.svc
+  - namespace: cilium-spire
+    server: https://kubernetes.default.svc
+  - namespace: cilium-test
+    server: https://kubernetes.default.svc
+  - namespace: cilium-secrets
+    server: https://kubernetes.default.svc
+  - namespace: openfga
+    server: https://kubernetes.default.svc
+  - namespace: dapr
+    server: https://kubernetes.default.svc
+  - namespace: rook-ceph
+    server: https://kubernetes.default.svc
+  - namespace: csi-addon-manager
+    server: https://kubernetes.default.svc
+  sourceRepos:
+  - https://argoproj.github.io/argo-helm
+  - https://kubernetes-sigs.github.io/metrics-server/
+  - https://gitlab.com/oceanbox/manifests.git
+  - https://kubernetes.github.io/ingress-nginx
+  - https://cloudnative-pg.github.io/charts
+  - https://charts.jetstack.io
+  - https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
+  - https://github.com/kubernetes/dashboard
+  - https://bitnami-labs.github.io/sealed-secrets
+  - https://prometheus-community.github.io/helm-charts
+  - https://github.com/prometheus-community/helm-charts.git
+  - https://charts.gitlab.io/
+  - https://charts.bitnami.com/bitnami
+  - https://helm.linkerd.io/stable
+  - https://github.com/jaegertracing/jaeger-operator
+  - https://kyverno.github.io/kyverno/
+  - https://vmware-tanzu.github.io/helm-charts
+  - https://grafana.github.io/helm-charts
+  - https://charts.enix.io
+  - https://helm.mariadb.com/mariadb-operator
+  - https://helm.cilium.io
+  - https://chartmuseum.github.io/charts
+
diff --git a/values/system/oceanbox/kyverno/sync-gitlab.yaml b/values/system/oceanbox/kyverno/sync-gitlab.yaml
deleted file mode 100644
index c9499880..00000000
--- a/values/system/oceanbox/kyverno/sync-gitlab.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-{{- if .Values.clusterConfig.kyverno.enabled }}
-apiVersion: kyverno.io/v1
-kind: ClusterPolicy
-metadata:
-  name: sync-gitlab-secret
-  annotations:
-    policies.clusterConfig.kyverno.io/title: Sync Secrets
-    policies.clusterConfig.kyverno.io/category: Sample
-    policies.clusterConfig.kyverno.io/subject: Secret
-    policies.clusterConfig.kyverno.io/description: >-
-      Secrets like registry credentials often need to exist in multiple
-      Namespaces so Pods there have access. Manually duplicating those Secrets
-      is time consuming and error prone. This policy will copy a
-      Secret called `regcred` which exists in the `default` Namespace to
-      new Namespaces when they are created. It will also push updates to
-      the copied Secrets should the source Secret be changed.
-spec:
-  rules:
-  - name: sync-image-pull-secret
-    skipBackgroundRequests: true
-    match:
-      resources:
-        kinds:
-        - Namespace
-    generate:
-      apiVersion: v1
-      kind: Secret
-      name: regcred
-      namespace: "{{`{{request.object.metadata.name}}`}}"
-      synchronize: true
-      clone:
-        namespace: default
-        name: gitlab-pull-secret
-{{- end }}