{{ if .Values.kyverno.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: kyverno
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
  finalizers:
  - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    namespace: kyverno
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.cluster_config.manifests }}
    path: {{ .Values.cluster_config.policies }}/kyverno
    targetRevision: HEAD
  - repoURL: 'https://kyverno.github.io/kyverno/'
    targetRevision: {{ .Values.kyverno.version }}
    chart: kyverno
    helm:
      values: |
        replicaCount: 3
        {{ if .Values.kyverno.metrics }}
        admissionController:
          serviceMonitor:
            enabled: true
          metricsService:
            create: true
        backgroundController:
          serviceMonitor:
            enabled: true
          metricsService:
            create: true
        cleanupController:
          serviceMonitor:
            enabled: true
          metricsService:
            create: true
        reportsController:
          serviceMonitor:
            enabled: true
          metricsService:
            create: true
        {{ end }}
        cleanupController:
          resources:
            limits: 
              memory: {{ .Values.kyverno.resources.cleanupController.memory }}
            requests:
              memory: {{ .Values.kyverno.resources.cleanupController.memory }}
        reportsController:
          resources:
            limits: 
              memory: {{ .Values.kyverno.resources.reportsController.memory }}
            requests:
              memory: {{ .Values.kyverno.resources.reportsController.memory }}
        backgroundController:
          resources:
            limits: 
              memory: {{ .Values.kyverno.resources.backgroundController.memory }}
            requests:
              memory: {{ .Values.kyverno.resources.backgroundController.memory }}
  project: sys
  syncPolicy:
    managedNamespaceMetadata:
      labels:
        component: sys
    syncOptions:
      - CreateNamespace=true
      - ApplyOutOfSyncOnly=true
      - ServerSideApply=true
    {{- if .Values.kyverno.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
  ignoreDifferences:
  - group: batch
    kind: CronJob
    jqPathExpressions:
    - '.spec.jobTemplate.spec.template.spec.containers[]?.resources'
{{ end }}