apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: plane finalizers: - resources-finalizer.argocd.argoproj.io spec: ignoreDifferences: - group: "" kind: PersistentVolumeClaim jsonPointers: - /metadata/creationTimestamp project: default source: repoURL: 'https://helm.plane.so/' chart: 'plane-ce' targetRevision: 1.2.* helm: values: | planeVersion: stable ingress: enabled: true appHost: "plane.innovation-hub-niedersachsen.de" ingressClass: "traefik" ingress_annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" cert-manager.io/cluster-issuer: lets-encrypt ssl: tls_secret_name: "plane-tls" createIssuer: false generateCerts: false minio: local_setup: false env: docstore_bucket: "uploads" doc_upload_size_limit: "5242880" # 5MB aws_access_key: "a0ccb47cc0994bf51ecd" aws_secret_access_key: "0d54ee2f943f2a56b8cafc3afe9cb1e2f9fecac2" aws_region: "eu-central-1" aws_s3_bucket_name: "plane-docstore" aws_s3_endpoint_url: "https://sws3.innovation-hub-niedersachsen.de" destination: server: 'https://kubernetes.default.svc' namespace: plane syncPolicy: managedNamespaceMetadata: labels: pod-security.kubernetes.io/enforce: "privileged" automated: selfHeal: true prune: true syncOptions: - CreateNamespace=true hooks: - name: patch-ingress-tls syncWave: "1" manifest: | apiVersion: batch/v1 kind: Job metadata: name: patch-plane-ingress namespace: plane spec: template: spec: serviceAccountName: argocd-application-controller restartPolicy: OnFailure containers: - name: kubectl image: bitnami/kubectl command: - /bin/sh - -c - | kubectl patch ingress plane-ingress -n plane \ --type merge \ -p '{ "spec": { "tls": [{ "hosts": ["plane.innovation-hub-niedersachsen.de"], "secretName": "plane-tls" }] } }'