From 8de68c6569935cc948109e1f1bfc15ac40c2c7d4 Mon Sep 17 00:00:00 2001
From: Lars Delhage <lasse@sunet.se>
Date: Tue, 25 Feb 2025 14:12:48 +0100
Subject: [PATCH] Add sealedscrets operator

---
 charts/sealed-secrets/values.yaml | 16 ++++++++++++++++
 sealedsecrets/sealedsecrets.yaml  | 26 ++++++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100644 charts/sealed-secrets/values.yaml
 create mode 100644 sealedsecrets/sealedsecrets.yaml

diff --git a/charts/sealed-secrets/values.yaml b/charts/sealed-secrets/values.yaml
new file mode 100644
index 0000000..042be7f
--- /dev/null
+++ b/charts/sealed-secrets/values.yaml
@@ -0,0 +1,16 @@
+nameOverride: controller
+image:
+  registry: docker.io
+  repository: bitnami/sealed-secrets-controller
+  tag: 0.28.0
+podSecurityContext:
+  enabled: true
+  fsGroup: 65534
+containerSecurityContext:
+  enabled: true
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1001
+  capabilities:
+    drop:
+      - ALL
diff --git a/sealedsecrets/sealedsecrets.yaml b/sealedsecrets/sealedsecrets.yaml
new file mode 100644
index 0000000..13ecd4d
--- /dev/null
+++ b/sealedsecrets/sealedsecrets.yaml
@@ -0,0 +1,26 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: sealed-secrets
+  namespace: argocd
+spec:
+  project: default
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: sealed-secrets
+  sources:
+    - repoURL: https://bitnami-labs.github.io/sealed-secrets
+      chart: sealed-secrets
+      targetRevision: 2.17.1
+      helm:
+        valueFiles:
+          - $values/charts/sealed-secrets/values.yaml
+    - repoURL: https://platform.sunet.se/Drive/k8s-manifests
+      targetRevision: main
+      ref: values
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true