argo-cd: global: domain: argocd.khuedoan.com configs: params: server.insecure: true controller.diff.server.side: true cm: resource.ignoreResourceUpdatesEnabled: true resource.customizations.ignoreResourceUpdates.all: | jsonPointers: - /status server: ingress: enabled: true ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: letsencrypt-prod tls: true metrics: &metrics enabled: true serviceMonitor: enabled: true dex: enabled: false controller: metrics: *metrics repoServer: metrics: *metrics redis: metrics: *metrics argocd-apps: applicationsets: root: namespace: argocd generators: - git: repoURL: &repoURL http://gitea-http.gitea:3000/ops/homelab revision: &revision master directories: - path: system/* - path: platform/* - path: apps/* template: metadata: name: '{{path.basename}}' spec: destination: name: in-cluster namespace: '{{path.basename}}' project: default # TODO source: repoURL: *repoURL path: '{{path}}' targetRevision: *revision syncPolicy: automated: prune: true selfHeal: true retry: limit: 10 backoff: duration: 1m factor: 2 maxDuration: 16m syncOptions: - CreateNamespace=true - ApplyOutOfSyncOnly=true - ServerSideApply=true managedNamespaceMetadata: annotations: # Enable privileged VolSync movers by default for all namespaces # TODO this may be refactored in the future for finer granularity # See also https://volsync.readthedocs.io/en/stable/usage/permissionmodel.html volsync.backube/privileged-movers: "true"