khuedoan-homelab/system/argocd/values.yaml

argo-cd:
  global:
    domain: argocd.khuedoan.com
  configs:
    params:
      server.insecure: true
      controller.diff.server.side: true
    cm:
      resource.ignoreResourceUpdatesEnabled: true
      resource.customizations.ignoreResourceUpdates.all: |
        jsonPointers:
          - /status        
  server:
    ingress:
      enabled: true
      ingressClassName: nginx
      annotations:
        cert-manager.io/cluster-issuer: letsencrypt-prod
      tls: true
    metrics: &metrics
      enabled: true
      serviceMonitor:
        enabled: true
  dex:
    enabled: false
  controller:
    metrics: *metrics
  repoServer:
    metrics: *metrics
  redis:
    metrics: *metrics
argocd-apps:
  applicationsets:
    root:
      namespace: argocd
      generators:
        - git:
            repoURL: &repoURL http://gitea-http.gitea:3000/ops/homelab
            revision: &revision master
            directories:
              - path: system/*
              - path: platform/*
              - path: apps/*
      template:
        metadata:
          name: '{{path.basename}}'
        spec:
          destination:
            name: in-cluster
            namespace: '{{path.basename}}'
          project: default  # TODO
          source:
            repoURL: *repoURL
            path: '{{path}}'
            targetRevision: *revision
          syncPolicy:
            automated:
              prune: true
              selfHeal: true
            retry:
              limit: 10
              backoff:
                duration: 1m
                factor: 2
                maxDuration: 16m
            syncOptions:
              - CreateNamespace=true
              - ApplyOutOfSyncOnly=true
              - ServerSideApply=true
            managedNamespaceMetadata:
              annotations:
                # Enable privileged VolSync movers by default for all namespaces
                # TODO this may be refactored in the future for finer granularity
                # See also https://volsync.readthedocs.io/en/stable/usage/permissionmodel.html
                volsync.backube/privileged-movers: "true"