fix: add sys appproject
This commit is contained in:
@@ -0,0 +1,88 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: AppProject
|
||||
metadata:
|
||||
annotations:
|
||||
name: sys
|
||||
namespace: argocd
|
||||
spec:
|
||||
clusterResourceWhitelist:
|
||||
- group: '*'
|
||||
kind: '*'
|
||||
description: sys components project
|
||||
destinations:
|
||||
- namespace: argocd
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: kube-system
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: ingress-nginx
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: prometheus
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: cnpg
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: cert-manager
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: kubernetes-dashboard
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: rabbitmq
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: sealed-secrets
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: gitlab
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: thanos
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: linkerd
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: linkerd-multicluster
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: observability
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: kyverno
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: velero
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: loki
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: x509-exporter
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: mariadb-operator
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: cilium-spire
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: cilium-test
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: cilium-secrets
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: openfga
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: dapr
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: rook-ceph
|
||||
server: https://kubernetes.default.svc
|
||||
- namespace: csi-addon-manager
|
||||
server: https://kubernetes.default.svc
|
||||
sourceRepos:
|
||||
- https://argoproj.github.io/argo-helm
|
||||
- https://kubernetes-sigs.github.io/metrics-server/
|
||||
- https://gitlab.com/oceanbox/manifests.git
|
||||
- https://kubernetes.github.io/ingress-nginx
|
||||
- https://cloudnative-pg.github.io/charts
|
||||
- https://charts.jetstack.io
|
||||
- https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
|
||||
- https://github.com/kubernetes/dashboard
|
||||
- https://bitnami-labs.github.io/sealed-secrets
|
||||
- https://prometheus-community.github.io/helm-charts
|
||||
- https://github.com/prometheus-community/helm-charts.git
|
||||
- https://charts.gitlab.io/
|
||||
- https://charts.bitnami.com/bitnami
|
||||
- https://helm.linkerd.io/stable
|
||||
- https://github.com/jaegertracing/jaeger-operator
|
||||
- https://kyverno.github.io/kyverno/
|
||||
- https://vmware-tanzu.github.io/helm-charts
|
||||
- https://grafana.github.io/helm-charts
|
||||
- https://charts.enix.io
|
||||
- https://helm.mariadb.com/mariadb-operator
|
||||
- https://helm.cilium.io
|
||||
- https://chartmuseum.github.io/charts
|
||||
|
||||
@@ -1,34 +0,0 @@
|
||||
{{- if .Values.clusterConfig.kyverno.enabled }}
|
||||
apiVersion: kyverno.io/v1
|
||||
kind: ClusterPolicy
|
||||
metadata:
|
||||
name: sync-gitlab-secret
|
||||
annotations:
|
||||
policies.clusterConfig.kyverno.io/title: Sync Secrets
|
||||
policies.clusterConfig.kyverno.io/category: Sample
|
||||
policies.clusterConfig.kyverno.io/subject: Secret
|
||||
policies.clusterConfig.kyverno.io/description: >-
|
||||
Secrets like registry credentials often need to exist in multiple
|
||||
Namespaces so Pods there have access. Manually duplicating those Secrets
|
||||
is time consuming and error prone. This policy will copy a
|
||||
Secret called `regcred` which exists in the `default` Namespace to
|
||||
new Namespaces when they are created. It will also push updates to
|
||||
the copied Secrets should the source Secret be changed.
|
||||
spec:
|
||||
rules:
|
||||
- name: sync-image-pull-secret
|
||||
skipBackgroundRequests: true
|
||||
match:
|
||||
resources:
|
||||
kinds:
|
||||
- Namespace
|
||||
generate:
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
name: regcred
|
||||
namespace: "{{`{{request.object.metadata.name}}`}}"
|
||||
synchronize: true
|
||||
clone:
|
||||
namespace: default
|
||||
name: gitlab-pull-secret
|
||||
{{- end }}
|
||||
Reference in New Issue
Block a user