{{- if .Values.clusterConfig.argo.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: cilium
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
spec:
  destination:
    namespace: kube-system
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.clusterConfig.manifests }}
    targetRevision: HEAD
    path: helmfile.d
    plugin:
      name: helmfile-cmp
      env:
        - name: CLUSTER_NAME
          value: {{ .Values.clusterConfig.cluster }}
        - name: HELMFILE_ENVIRONMENT
          value: default
        - name: HELMFILE_FILE_PATH
          value: cilium.yaml.gotmpl
  project: sys
  syncPolicy:
    syncOptions:
    - ServerSideApply=true
    {{- if .Values.cilium.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
  ignoreDifferences:
    - group: apps
      jqPathExpressions:
        - .spec.volumeClaimTemplates
      kind: StatefulSet
      name: spire-server
    - group: monitoring.coreos.com
      jqPathExpressions:
        - .spec.endpoints[]?.relabelings[]?.action
      kind: ServiceMonitor
    - group: ''
      jsonPointers:
        - /data/ca.crt
      kind: ConfigMap
      name: hubble-ca-cert
    - group: ''
      jsonPointers:
        - /data/ca.crt
        - /data/ca.key
      kind: Secret
      name: cilium-ca
    - group: ''
      jqPathExpressions:
        - .spec.ports[]?.nodePort
      kind: Service
      name: cilium-ingress
{{- end }}