mareshq-gitops-legacy/appsets/external-secrets.yaml

apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
  name: universal-external-secrets
spec:
  generators:
    - list:
        elements:
          - cluster: cherry
            url: https://kubernetes.default.svc
  syncPolicy:
    applicationsSync: sync
  template:
    metadata:
      name: "{{cluster}}-external-secrets"
    spec:
      project: infrastructure
      syncPolicy:
        automated:
          prune: true
          selfHeal: true
        syncOptions:
          - CreateNamespace=true
      source:
        chart: external-secrets
        repoURL: https://charts.external-secrets.io
        targetRevision: 0.9.5
        helm:
          releaseName: external-secrets
          valuesObject:
            installCRDs: true
            # Operator
            replicaCount: 2
            leaderElect: true
            podDisruptionBudget:
              enabled: true
              minAvailable: 1
            resources:
              limits:
                cpu: 60m
                memory: 128Mi
              requests:
                cpu: 10m
                memory: 32Mi
            affinity:
              podAntiAffinity:
                requiredDuringSchedulingIgnoredDuringExecution:
                  - labelSelector:
                      matchExpressions:
                        - key: app.kubernetes.io/name
                          operator: In
                          values:
                            - external-secrets
                    topologyKey: kubernetes.io/hostname
            # Webhook
            webhook:
              replicaCount: 2
              podDisruptionBudget:
                enabled: true
                minAvailable: 1
              resources:
                limits:
                  cpu: 60m
                  memory: 128Mi
                requests:
                  cpu: 10m
                  memory: 32Mi
              affinity:
                podAntiAffinity:
                  requiredDuringSchedulingIgnoredDuringExecution:
                    - labelSelector:
                        matchExpressions:
                          - key: app.kubernetes.io/name
                            operator: In
                            values:
                              - external-secrets-webhook
                      topologyKey: kubernetes.io/hostname
            # Cert Controller
            certController:
              replicaCount: 2
              podDisruptionBudget:
                enabled: true
                minAvailable: 1
              resources:
                limits:
                  cpu: 60m
                  memory: 128Mi
                requests:
                  cpu: 10m
                  memory: 32Mi
              affinity:
                podAntiAffinity:
                  requiredDuringSchedulingIgnoredDuringExecution:
                    - labelSelector:
                        matchExpressions:
                          - key: app.kubernetes.io/name
                            operator: In
                            values:
                              - external-secrets-cert-controller
                      topologyKey: kubernetes.io/hostname
      destination:
        server: "{{url}}"
        namespace: external-secrets