apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: cilium
spec:
  destination:
    server: https://kubernetes.default.svc
    namespace: kube-system
  project: system
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
  source:
    repoURL: https://helm.cilium.io
    chart: cilium
    targetRevision: 1.14.1
    helm:
      values: |
        # https://github.com/cilium/cilium/blob/main/install/kubernetes/cilium/values.yaml
        kubeProxyReplacement: strict
        k8sServiceHost: 192.168.1.8
        k8sServicePort: 6443
        operator:
          replicas: 1
        bpf:
          masquerade: true
        hubble:
          relay:
            enabled: true
          ui:
            enabled: true
            ingress:
              enabled: true
              className: nginx
              annotations:
                cert-manager.io/cluster-issuer: letsencrypt
                nginx.ingress.kubernetes.io/auth-url: "https://oauth2.ioot.xyz/oauth2/auth"
                nginx.ingress.kubernetes.io/auth-signin: "https://oauth2.ioot.xyz/oauth2/start?rd=$scheme://$host$request_uri"
              hosts:
                - hubble.ioot.xyz
              tls:
                - hosts:
                    - hubble.ioot.xyz
                  secretName: hubble-tls