charts/sealed-secrets/values.yaml

@@ -0,0 +1,16 @@
+nameOverride: controller
+image:
+  registry: docker.io
+  repository: bitnami/sealed-secrets-controller
+  tag: 0.28.0
+podSecurityContext:
+  enabled: true
+  fsGroup: 65534
+containerSecurityContext:
+  enabled: true
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1001
+  capabilities:
+    drop:
+      - ALL

sealedsecrets/sealedsecrets.yaml

@@ -0,0 +1,26 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: sealed-secrets
+  namespace: argocd
+spec:
+  project: default
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: sealed-secrets
+  sources:
+    - repoURL: https://bitnami-labs.github.io/sealed-secrets
+      chart: sealed-secrets
+      targetRevision: 2.17.1
+      helm:
+        valueFiles:
+          - $values/charts/sealed-secrets/values.yaml
+    - repoURL: https://platform.sunet.se/Drive/k8s-manifests
+      targetRevision: main
+      ref: values
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true