adds vault-agent-injector

argo1/templates/vault-agent-injector.yaml

@@ -0,0 +1,42 @@
+# {{ if (index .Values "vault-agent-injector").enabled }}
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: "{{ .Release.Name }}-vault-agent-injector"
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    chart: "vault"
+    repoURL: "https://helm.releases.hashicorp.com"
+    targetRevision: "0.23.0"
+    helm:
+      values: |-
+        {{ (index .Values "vault-agent-injector").values | nindent 8 }}
+      # the next line preserves the release name.
+      # this is optional but recommended for singleton services.
+      releaseName: "vault-agent-injector"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: "vault-auth"
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: 10
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m0s
+  ignoreDifferences:
+  - group: admissionregistration.k8s.io
+    kind: MutatingWebhookConfiguration
+    jqPathExpressions:
+    - '.webhooks[].clientConfig.caBundle'
+# {{- end }}

argo1/values.yaml

@@ -17,3 +17,10 @@ argo-cd:
   configs:
     params:
       "server.insecure": "true"
+
+vault-agent-injector:
+  enabled: true
+  values: |
+    global:
+      # disable global vault because we're only using this as an agent injector
+      enabled: false