fix: add sys appproject
This commit is contained in:
@@ -0,0 +1,88 @@
|
|||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: AppProject
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
name: sys
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
clusterResourceWhitelist:
|
||||||
|
- group: '*'
|
||||||
|
kind: '*'
|
||||||
|
description: sys components project
|
||||||
|
destinations:
|
||||||
|
- namespace: argocd
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: kube-system
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: ingress-nginx
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: prometheus
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: cnpg
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: cert-manager
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: kubernetes-dashboard
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: rabbitmq
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: sealed-secrets
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: gitlab
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: thanos
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: linkerd
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: linkerd-multicluster
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: observability
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: kyverno
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: velero
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: loki
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: x509-exporter
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: mariadb-operator
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: cilium-spire
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: cilium-test
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: cilium-secrets
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: openfga
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: dapr
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: rook-ceph
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
- namespace: csi-addon-manager
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
sourceRepos:
|
||||||
|
- https://argoproj.github.io/argo-helm
|
||||||
|
- https://kubernetes-sigs.github.io/metrics-server/
|
||||||
|
- https://gitlab.com/oceanbox/manifests.git
|
||||||
|
- https://kubernetes.github.io/ingress-nginx
|
||||||
|
- https://cloudnative-pg.github.io/charts
|
||||||
|
- https://charts.jetstack.io
|
||||||
|
- https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
|
||||||
|
- https://github.com/kubernetes/dashboard
|
||||||
|
- https://bitnami-labs.github.io/sealed-secrets
|
||||||
|
- https://prometheus-community.github.io/helm-charts
|
||||||
|
- https://github.com/prometheus-community/helm-charts.git
|
||||||
|
- https://charts.gitlab.io/
|
||||||
|
- https://charts.bitnami.com/bitnami
|
||||||
|
- https://helm.linkerd.io/stable
|
||||||
|
- https://github.com/jaegertracing/jaeger-operator
|
||||||
|
- https://kyverno.github.io/kyverno/
|
||||||
|
- https://vmware-tanzu.github.io/helm-charts
|
||||||
|
- https://grafana.github.io/helm-charts
|
||||||
|
- https://charts.enix.io
|
||||||
|
- https://helm.mariadb.com/mariadb-operator
|
||||||
|
- https://helm.cilium.io
|
||||||
|
- https://chartmuseum.github.io/charts
|
||||||
|
|
||||||
@@ -1,34 +0,0 @@
|
|||||||
{{- if .Values.clusterConfig.kyverno.enabled }}
|
|
||||||
apiVersion: kyverno.io/v1
|
|
||||||
kind: ClusterPolicy
|
|
||||||
metadata:
|
|
||||||
name: sync-gitlab-secret
|
|
||||||
annotations:
|
|
||||||
policies.clusterConfig.kyverno.io/title: Sync Secrets
|
|
||||||
policies.clusterConfig.kyverno.io/category: Sample
|
|
||||||
policies.clusterConfig.kyverno.io/subject: Secret
|
|
||||||
policies.clusterConfig.kyverno.io/description: >-
|
|
||||||
Secrets like registry credentials often need to exist in multiple
|
|
||||||
Namespaces so Pods there have access. Manually duplicating those Secrets
|
|
||||||
is time consuming and error prone. This policy will copy a
|
|
||||||
Secret called `regcred` which exists in the `default` Namespace to
|
|
||||||
new Namespaces when they are created. It will also push updates to
|
|
||||||
the copied Secrets should the source Secret be changed.
|
|
||||||
spec:
|
|
||||||
rules:
|
|
||||||
- name: sync-image-pull-secret
|
|
||||||
skipBackgroundRequests: true
|
|
||||||
match:
|
|
||||||
resources:
|
|
||||||
kinds:
|
|
||||||
- Namespace
|
|
||||||
generate:
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
name: regcred
|
|
||||||
namespace: "{{`{{request.object.metadata.name}}`}}"
|
|
||||||
synchronize: true
|
|
||||||
clone:
|
|
||||||
namespace: default
|
|
||||||
name: gitlab-pull-secret
|
|
||||||
{{- end }}
|
|
||||||
Reference in New Issue
Block a user