apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: argocd-secret-crossplane
spec:
  secretStoreRef:
    name: vault
    kind: ClusterSecretStore
  target:
    name: argocd-secret-crossplane
  data:
    - secretKey: authToken
      remoteRef:
        key: kv/argocd/provider-argocd
        property: token

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: prod-kubeconfig
spec:
  secretStoreRef:
    name: vault
    kind: ClusterSecretStore
  target:
    name: prod-kubeconfig
  data:
    - secretKey: kubeconfig
      remoteRef:
        key: kv/argocd/prd
        property: kubeconfig

---
apiVersion: argocd.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
  name: argocd-provider
spec:
  serverAddr: argocd-server.argocd.svc:443
  insecure: true
  plainText: false
  credentials:
    source: Secret
    secretRef:
      namespace: argocd
      name: argocd-secret-crossplane
      key: authToken

---
apiVersion: cluster.argocd.crossplane.io/v1alpha1
kind: Cluster
metadata:
  name: prd
  labels:
    purpose: prd
spec:
  forProvider:
    name: prd
    config:
      kubeconfigSecretRef:
        name: prod-kubeconfig
        namespace: argocd
        key: kubeconfig
  providerConfigRef:
    name: argocd-provider

---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
  name: dev-kubeconfig
spec:
  secretStoreRef:
    name: vault
    kind: ClusterSecretStore
  target:
    name: dev-kubeconfig
  data:
    - secretKey: kubeconfig
      remoteRef:
        key: kv/argocd/dev
        property: kubeconfig

---
apiVersion: cluster.argocd.crossplane.io/v1alpha1
kind: Cluster
metadata:
  name: dev
  labels:
    purpose: dev
spec:
  forProvider:
    name: dev
    config:
      kubeconfigSecretRef:
        name: dev-kubeconfig
        namespace: argocd
        key: kubeconfig
  providerConfigRef:
    name: argocd-provider