{{- if .Values.cilium.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: cilium
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: "-1"
spec:
  destination:
    namespace: kube-system
    server: 'https://kubernetes.default.svc'
  sources:
  - repoURL: {{ .Values.cluster_config.manifests }}
    targetRevision: HEAD
    ref: manifests
  {{- if .Values.cilium.spire.enabled }}
  - repoURL: {{ .Values.cluster_config.manifests }}
    path: {{ .Values.cluster_config.policies }}/cilium-spire
    targetRevision: HEAD
  {{- end }}
  - repoURL: 'https://helm.cilium.io'
    targetRevision: {{ .Values.cilium.version }}
    chart: cilium
    helm:
      valuesFiles:
      - $manifests/values/cilium/values.yaml
      - $manifests/values/cilium/values-{{ .Values.cluster_config.name }}.yaml
      ignoreMissingValueFiles: true
  project: sys
  syncPolicy:
    syncOptions:
    - ServerSideApply=true
    {{- if .Values.cilium.autosync }}
    automated:
      prune: true
      # selfHeal: false
    {{- end }}
  ignoreDifferences:
    - group: apps
      jqPathExpressions:
        - .spec.volumeClaimTemplates
      kind: StatefulSet
      name: spire-server
    - group: monitoring.coreos.com
      jqPathExpressions:
        - .spec.endpoints[]?.relabelings[]?.action
      kind: ServiceMonitor
    - group: ''
      jsonPointers:
        - /data/ca.crt
      kind: ConfigMap
      name: hubble-ca-cert
    - group: ''
      jsonPointers:
        - /data/ca.crt
        - /data/ca.key
      kind: Secret
      name: cilium-ca
    - group: ''
      jqPathExpressions:
        - .spec.ports[]?.nodePort
      kind: Service
      name: cilium-ingress
{{- end }}