apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: name: universal-external-secrets spec: generators: - list: elements: - cluster: cherry url: https://kubernetes.default.svc syncPolicy: applicationsSync: sync template: metadata: name: "{{cluster}}-external-secrets" spec: project: infrastructure syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true source: chart: external-secrets repoURL: https://charts.external-secrets.io targetRevision: 0.9.5 helm: releaseName: external-secrets valuesObject: installCRDs: true # Operator replicaCount: 2 leaderElect: true podDisruptionBudget: enabled: true minAvailable: 1 resources: limits: cpu: 60m memory: 128Mi requests: cpu: 10m memory: 32Mi affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - external-secrets topologyKey: kubernetes.io/hostname # Webhook webhook: replicaCount: 2 podDisruptionBudget: enabled: true minAvailable: 1 resources: limits: cpu: 60m memory: 128Mi requests: cpu: 10m memory: 32Mi affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - external-secrets-webhook topologyKey: kubernetes.io/hostname # Cert Controller certController: replicaCount: 2 podDisruptionBudget: enabled: true minAvailable: 1 resources: limits: cpu: 60m memory: 128Mi requests: cpu: 10m memory: 32Mi affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - external-secrets-cert-controller topologyKey: kubernetes.io/hostname destination: server: "{{url}}" namespace: external-secrets