From 95db39b91b465d64d0ba9bf8f10c69426b40efae Mon Sep 17 00:00:00 2001
From: DeveloperDurp <developerdurp@durp.info>
Date: Mon, 26 Sep 2022 15:24:59 +0000
Subject: [PATCH] Update argocd/sealed-secrets/templates/deployment.yaml,
 argocd/sealed-secrets/Chart.yaml, argocd/sealed-secrets/values.yaml

---
 argocd/sealed-secrets/Chart.yaml              |   8 +-
 .../sealed-secrets/templates/deployment.yaml  | 252 +++++++++++++++
 argocd/sealed-secrets/values.yaml             | 287 +++++++++---------
 3 files changed, 400 insertions(+), 147 deletions(-)
 create mode 100644 argocd/sealed-secrets/templates/deployment.yaml

diff --git a/argocd/sealed-secrets/Chart.yaml b/argocd/sealed-secrets/Chart.yaml
index c1e5300..1d632ef 100644
--- a/argocd/sealed-secrets/Chart.yaml
+++ b/argocd/sealed-secrets/Chart.yaml
@@ -5,7 +5,7 @@ type: application
 version: 0.0.1
 appVersion: 0.0.1
 
-dependencies:
-- name: sealed-secrets
-  repository: https://bitnami-labs.github.io/sealed-secrets
-  version: 2.6.9
+#dependencies:
+#- name: sealed-secrets
+#  repository: https://bitnami-labs.github.io/sealed-secrets
+#  version: 2.6.9
diff --git a/argocd/sealed-secrets/templates/deployment.yaml b/argocd/sealed-secrets/templates/deployment.yaml
new file mode 100644
index 0000000..d042058
--- /dev/null
+++ b/argocd/sealed-secrets/templates/deployment.yaml
@@ -0,0 +1,252 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-service-proxier
+  name: sealed-secrets-service-proxier
+  namespace: kube-system
+rules:
+- apiGroups:
+  - ""
+  resourceNames:
+  - sealed-secrets-controller
+  resources:
+  - services
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resourceNames:
+  - 'http:sealed-secrets-controller:'
+  - sealed-secrets-controller
+  resources:
+  - services/proxy
+  verbs:
+  - create
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-key-admin
+  name: sealed-secrets-key-admin
+  namespace: kube-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-controller
+  name: sealed-secrets-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: secrets-unsealer
+subjects:
+- kind: ServiceAccount
+  name: sealed-secrets-controller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations: {}
+  labels:
+    name: secrets-unsealer
+  name: secrets-unsealer
+rules:
+- apiGroups:
+  - bitnami.com
+  resources:
+  - sealedsecrets
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - bitnami.com
+  resources:
+  - sealedsecrets/status
+  verbs:
+  - update
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - create
+  - update
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-controller
+  name: sealed-secrets-controller
+  namespace: kube-system
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-controller
+  name: sealed-secrets-controller
+  namespace: kube-system
+spec:
+  minReadySeconds: 30
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      name: sealed-secrets-controller
+  strategy:
+    rollingUpdate:
+      maxSurge: 25%
+      maxUnavailable: 25%
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations: {}
+      labels:
+        name: sealed-secrets-controller
+    spec:
+      containers:
+      - args: []
+        command:
+        - controller
+        env: []
+        image: docker.io/bitnami/sealed-secrets-controller:v0.17.5
+        imagePullPolicy: Always
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: http
+        name: sealed-secrets-controller
+        ports:
+        - containerPort: 8080
+          name: http
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: http
+        securityContext:
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1001
+        stdin: false
+        tty: false
+        volumeMounts:
+        - mountPath: /tmp
+          name: tmp
+      imagePullSecrets: []
+      initContainers: []
+      securityContext:
+        fsGroup: 65534
+      serviceAccountName: sealed-secrets-controller
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - emptyDir: {}
+        name: tmp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: sealedsecrets.bitnami.com
+spec:
+  group: bitnami.com
+  names:
+    kind: SealedSecret
+    listKind: SealedSecretList
+    plural: sealedsecrets
+    singular: sealedsecret
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        properties:
+          spec:
+            type: object
+            x-kubernetes-preserve-unknown-fields: true
+          status:
+            x-kubernetes-preserve-unknown-fields: true
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-controller
+  name: sealed-secrets-controller
+  namespace: kube-system
+spec:
+  ports:
+  - port: 8080
+    targetPort: 8080
+  selector:
+    name: sealed-secrets-controller
+  type: ClusterIP
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-service-proxier
+  name: sealed-secrets-service-proxier
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: sealed-secrets-service-proxier
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: Group
+  name: system:authenticated
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  annotations: {}
+  labels:
+    name: sealed-secrets-controller
+  name: sealed-secrets-controller
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: sealed-secrets-key-admin
+subjects:
+- kind: ServiceAccount
+  name: sealed-secrets-controller
+  namespace: kube-system
diff --git a/argocd/sealed-secrets/values.yaml b/argocd/sealed-secrets/values.yaml
index d84473f..065365c 100644
--- a/argocd/sealed-secrets/values.yaml
+++ b/argocd/sealed-secrets/values.yaml
@@ -1,143 +1,144 @@
-sealed-secrets:  
-  
-  kubeVersion: ""
-  nameOverride: ""
-  fullnameOverride: ""
-  namespace: ""
-  extraDeploy: []
-  commonAnnotations: {}
-  
-  image:
-    registry: docker.io
-    repository: bitnami/sealed-secrets-controller
-    tag: v0.18.5
-    pullPolicy: Always
-    pullSecrets: []
-  
-  createController: true
-  secretName: "sealed-secrets-key"
-  updateStatus: true
-  keyrenewperiod: ""
-  rateLimit: ""
-  rateLimitBurst: ""
-  additionalNamespaces: []
-  command: []
-  args: []
-  livenessProbe:
-    enabled: true
-    initialDelaySeconds: 0
-    periodSeconds: 10
-    timeoutSeconds: 1
-    failureThreshold: 3
-    successThreshold: 1
-  readinessProbe:
-    enabled: true
-    initialDelaySeconds: 0
-    periodSeconds: 10
-    timeoutSeconds: 1
-    failureThreshold: 3
-    successThreshold: 1
-  startupProbe:
-    enabled: false
-    initialDelaySeconds: 0
-    periodSeconds: 10
-    timeoutSeconds: 1
-    failureThreshold: 3
-    successThreshold: 1
-  
-  customLivenessProbe: {}
-  
-  customReadinessProbe: {}
-  
-  customStartupProbe: {}
-  
-  resources:
-    limits: {}
-    requests: {}
-  
-  podSecurityContext:
-    enabled: true
-    fsGroup: 65534
-  containerSecurityContext:
-    enabled: true
-    readOnlyRootFilesystem: true
-    runAsNonRoot: true
-    runAsUser: 1001
-  
-  automountServiceAccountToken: ""
-  
-  podLabels: {}
-  
-  podAnnotations: {}
-  
-  priorityClassName: ""
-  
-  runtimeClassName: ""
-  
-  affinity: {}
-  
-  nodeSelector: {}
-  
-  tolerations: []
-  
-  additionalVolumes: []
-  
-  additionalVolumeMounts: []
-  
-  hostNetwork: false
-  
-  dnsPolicy: ""
-  
-  service:
-    type: ClusterIP
-    port: 8080
-    nodePort: ""
-    annotations: {}
-  
-  ingress:
-    enabled: false
-    pathType: ImplementationSpecific
-    apiVersion: ""
-    ingressClassName: ""
-    hostname: sealed-secrets.local
-    path: /v1/cert.pem
-    annotations:
-    tls: false
-    selfSigned: false
-    extraHosts: []
-    extraPaths: []
-    extraTls: []
-    secrets: []
-  
-  networkPolicy:
-    enabled: false
-  
-  serviceAccount:
-    annotations: {}
-    create: true
-    labels: {}
-    name: ""
-    automountServiceAccountToken: ""
-  
-  rbac:
-    create: true
-    clusterRole: true
-    labels: {}
-    pspEnabled: false
-  
-  metrics:
-    serviceMonitor:
-      enabled: false
-      namespace: ""
-      labels: {}
-      annotations: {}
-      interval: ""
-      scrapeTimeout: ""
-      honorLabels: true
-      metricRelabelings: []
-      relabelings: []
-    dashboards:
-      create: false
-      labels: {}
-      namespace: ""
-  
+#sealed-secrets:  
+#  
+#  kubeVersion: ""
+#  nameOverride: ""
+#  fullnameOverride: ""
+#  namespace: ""
+#  extraDeploy: []
+#  commonAnnotations: {}
+#  
+#  image:
+#    registry: docker.io
+#    repository: bitnami/sealed-secrets-controller
+#    tag: v0.18.5
+#    pullPolicy: Always
+#    pullSecrets: []
+#  
+#  createController: true
+#  secretName: "sealed-secrets-key"
+#  updateStatus: true
+#  keyrenewperiod: ""
+#  rateLimit: ""
+#  rateLimitBurst: ""
+#  additionalNamespaces: []
+#  command: []
+#  args: []
+#  livenessProbe:
+#    enabled: true
+#    initialDelaySeconds: 0
+#    periodSeconds: 10
+#    timeoutSeconds: 1
+#    failureThreshold: 3
+#    successThreshold: 1
+#  readinessProbe:
+#    enabled: true
+#    initialDelaySeconds: 0
+#    periodSeconds: 10
+#    timeoutSeconds: 1
+#    failureThreshold: 3
+#    successThreshold: 1
+#  startupProbe:
+#    enabled: false
+#    initialDelaySeconds: 0
+#    periodSeconds: 10
+#    timeoutSeconds: 1
+#    failureThreshold: 3
+#    successThreshold: 1
+#  
+#  customLivenessProbe: {}
+#  
+#  customReadinessProbe: {}
+#  
+#  customStartupProbe: {}
+#  
+#  resources:
+#    limits: {}
+#    requests: {}
+#  
+#  podSecurityContext:
+#    enabled: true
+#    fsGroup: 65534
+#  containerSecurityContext:
+#    enabled: true
+#    readOnlyRootFilesystem: true
+#    runAsNonRoot: true
+#    runAsUser: 1001
+#  
+#  automountServiceAccountToken: ""
+#  
+#  podLabels: {}
+#  
+#  podAnnotations: {}
+#  
+#  priorityClassName: ""
+#  
+#  runtimeClassName: ""
+#  
+#  affinity: {}
+#  
+#  nodeSelector: {}
+#  
+#  tolerations: []
+#  
+#  additionalVolumes: []
+#  
+#  additionalVolumeMounts: []
+#  
+#  hostNetwork: false
+#  
+#  dnsPolicy: ""
+#  
+#  service:
+#    type: ClusterIP
+#    port: 8080
+#    nodePort: ""
+#    annotations: {}
+#  
+#  ingress:
+#    enabled: false
+#    pathType: ImplementationSpecific
+#    apiVersion: ""
+#    ingressClassName: ""
+#    hostname: sealed-secrets.local
+#    path: /v1/cert.pem
+#    annotations:
+#    tls: false
+#    selfSigned: false
+#    extraHosts: []
+#    extraPaths: []
+#    extraTls: []
+#    secrets: []
+#  
+#  networkPolicy:
+#    enabled: false
+#  
+#  serviceAccount:
+#    annotations: {}
+#    create: true
+#    labels: {}
+#    name: ""
+#    automountServiceAccountToken: ""
+#  
+#  rbac:
+#    create: true
+#    clusterRole: true
+#    labels: {}
+#    pspEnabled: false
+#  
+#  metrics:
+#    serviceMonitor:
+#      enabled: false
+#      namespace: ""
+#      labels: {}
+#      annotations: {}
+#      interval: ""
+#      scrapeTimeout: ""
+#      honorLabels: true
+#      metricRelabelings: []
+#      relabelings: []
+#    dashboards:
+#      create: false
+#      labels: {}
+#      namespace: ""
+#  
+#
\ No newline at end of file