apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: argocd-apps
  namespace: argocd
spec:
  destination:
    namespace: argocd
    server: 'https://kubernetes.default.svc'
  source:
    repoURL: 'https://argoproj.github.io/argo-helm'
    targetRevision: {{ .Values.argocd_apps.version }}
    chart: argocd-apps
    helm:
      values: |
        projects:
          # System component project
          - name: sys
            namespace: argocd
            description: sys components project
            sourceRepos:
            - '{{ .Values.cluster_config.manifests }}'
            - 'https://argoproj.github.io/argo-helm'
            - 'https://kubernetes-sigs.github.io/metrics-server/'
            - 'https://kubernetes.github.io/ingress-nginx'
            - 'https://cloudnative-pg.github.io/charts'
            - 'https://charts.jetstack.io'
            - 'https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/'
            - 'https://github.com/kubernetes/dashboard'
            - 'https://bitnami-labs.github.io/sealed-secrets'
            - 'https://prometheus-community.github.io/helm-charts'
            - 'https://github.com/prometheus-community/helm-charts.git'
            - 'https://charts.gitlab.io/'
            - 'https://charts.bitnami.com/bitnami'
            - 'https://helm.linkerd.io/stable'
            - 'https://github.com/jaegertracing/jaeger-operator'
            - 'https://kyverno.github.io/kyverno/'
            - 'https://vmware-tanzu.github.io/helm-charts'
            - 'https://grafana.github.io/helm-charts'
            - 'https://charts.enix.io'
            - 'https://helm.mariadb.com/mariadb-operator'
            - 'https://helm.cilium.io'
            - 'https://chartmuseum.github.io/charts'
            - 'https://open-telemetry.github.io/opentelemetry-helm-charts'
            - 'https://strimzi.io/charts'
            - 'https://helm.elastic.co'
            - 'https://1password.github.io/connect-helm-charts'
            - 'https://actions-runner-controller.github.io/actions-runner-controller'
            - 'https://imio.github.io/helm-charts'
            - 'https://docs.altinity.com/clickhouse-operator'

            destinations:
            - namespace: argocd
              server: https://kubernetes.default.svc
            - namespace: kube-system
              server: https://kubernetes.default.svc
            - namespace: ingress-nginx
              server: https://kubernetes.default.svc
            - namespace: prometheus
              server: https://kubernetes.default.svc
            - namespace: cnpg
              server: https://kubernetes.default.svc
            - namespace: cert-manager
              server: https://kubernetes.default.svc
            - namespace: kubernetes-dashboard
              server: https://kubernetes.default.svc
            - namespace: rabbitmq
              server: https://kubernetes.default.svc
            - namespace: sealed-secrets
              server: https://kubernetes.default.svc
            - namespace: gitlab
              server: https://kubernetes.default.svc
            - namespace: thanos
              server: https://kubernetes.default.svc
            - namespace: linkerd
              server: https://kubernetes.default.svc
            - namespace: linkerd-multicluster
              server: https://kubernetes.default.svc
            - namespace: observability
              server: https://kubernetes.default.svc
            - namespace: kyverno
              server: https://kubernetes.default.svc
            - namespace: velero
              server: https://kubernetes.default.svc
            - namespace: loki
              server: https://kubernetes.default.svc
            - namespace: tempo
              server: https://kubernetes.default.svc
            - namespace: otel
              server: https://kubernetes.default.svc
            - namespace: x509-exporter
              server: https://kubernetes.default.svc
            - namespace: mariadb-operator
              server: https://kubernetes.default.svc
            - namespace: cilium-spire
              server: https://kubernetes.default.svc
            - namespace: cilium-secrets
              server: https://kubernetes.default.svc
            - namespace: actions-runner-controller
              server: https://kubernetes.default.svc
            - namespace: analytics
              server: https://kubernetes.default.svc
            - namespace: clickhouse
              server: https://kubernetes.default.svc
            clusterResourceWhitelist:
            - group: '*'
              kind: '*'

          {{- if .Values.argo_workflows.enabled }}
          - name: argo-workflows
            namespace: argocd
            description: argo-workflows resources
            sourceRepos:
            - 'https://argoproj.github.io/argo-helm'
            destinations:
            - namespace: argocd
              server: https://kubernetes.default.svc
            {{- range .Values.argo_workflows.allowed_namespaces }}
            - namespace: {{.}}
              server: https://kubernetes.default.svc
            {{- end }}
            namespaceResourceWhitelist:
            - group: "rbac.authorization.k8s.io"
              kind: Role
            - group: "rbac.authorization.k8s.io"
              kind: RoleBinding
            - group: ""
              kind: ConfigMap
            - group: ""
              kind: Secret
            - group: ""
              kind: Service
            - group: ""
              kind: ServiceAccount
            - group: apps
              kind: Deployment
            - group: "monitoring.coreos.com"
              kind: ServiceMonitor
            clusterResourceWhitelist:
            - group: rbac.authorization.k8s.io
              kind: ClusterRole
            - group: rbac.authorization.k8s.io
              kind: ClusterRoleBinding
            - group: apiextensions.k8s.io
              kind: CustomResourceDefinition
          {{- end }}
  project: sys
  syncPolicy:
    automated: {}
    syncOptions:
      - ServerSideApply=true
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true