nivogt · February 18, 2022 07:32
diff --git a/proj-crossplane.yaml b/proj-crossplane.yaml
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: AppProject
 metadata:
  name: argocd-projects
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
  description: Project for deploying Crossplane with ArgoCD
  sourceRepos:
  - <-- your repositories here
  #
  # List of namespaces/clusters to which Applications in this project can be deployed into
  #
  destinations:
  - namespace: crossplane
    server: https://kubernetes.default.svc
  - namespace: kube-system
    server: https://kubernetes.default.svc
  - namespace: sealed-secrets
    server: https://kubernetes.default.svc
  - namespace: eks
    server: https://kubernetes.default.svc
  - namespace: argocd
    server: https://kubernetes.default.svc


  # Deny all cluster-scoped resources from being created, except for the ones listed
  #
  clusterResourceWhitelist:
  - group: ''
    kind: Namespace
  - group: 'rbac.authorization.k8s.io'
    kind: ClusterRole
  - group: 'rbac.authorization.k8s.io'
    kind: ClusterRoleBinding
  - group: 'policy'
    kind: PodSecurityPolicy
  - group: 'apiextensions.k8s.io'
    kind: CustomResourceDefinition
  - group: 'pkg.crossplane.io'
    kind: Configuration
  - group: 'pkg.crossplane.io'
    kind: Lock
  - group: 'pkg.crossplane.io'
    kind: Provider
  - group: 'aws.crossplane.io'
    kind: ProviderConfig
  - group: 'eks.sarathy.io'
    kind: EKSCluster
  - group: 'eks.aws.crossplane.io'
    kind: NodeGroup
  - group: 'eks.aws.crossplane.io'
    kind: Cluster
  - group: 'ec2.aws.crossplane.io'
    kind: Subnet
  - group: 'ec2.aws.crossplane.io'
    kind: RouteTable
  - group: 'ec2.aws.crossplane.io'
    kind: SecurityGroup
  #
  #
  # Allow all namespace-scoped resources to be created, except for ResourceQuota, LimitRange, NetworkPolicy
  #
  namespaceResourceBlacklist:
  - group: ''
    kind: ResourceQuota
  - group: ''
    kind: LimitRange
  - group: ''
    kind: NetworkPolicy
	---
	apiVersion: argoproj.io/v1alpha1
	kind: AppProject
	metadata:
	name: argocd-projects
	namespace: argocd
	finalizers:
	- resources-finalizer.argocd.argoproj.io
	spec:
	description: Project for deploying Crossplane with ArgoCD
	sourceRepos:
	- <-- your repositories here
	#
	# List of namespaces/clusters to which Applications in this project can be deployed into
	#
	destinations:
	- namespace: crossplane
	server: https://kubernetes.default.svc
	- namespace: kube-system
	server: https://kubernetes.default.svc
	- namespace: sealed-secrets
	server: https://kubernetes.default.svc
	- namespace: eks
	server: https://kubernetes.default.svc
	- namespace: argocd
	server: https://kubernetes.default.svc


	# Deny all cluster-scoped resources from being created, except for the ones listed
	#
	clusterResourceWhitelist:
	- group: ''
	kind: Namespace
	- group: 'rbac.authorization.k8s.io'
	kind: ClusterRole
	- group: 'rbac.authorization.k8s.io'
	kind: ClusterRoleBinding
	- group: 'policy'
	kind: PodSecurityPolicy
	- group: 'apiextensions.k8s.io'
	kind: CustomResourceDefinition
	- group: 'pkg.crossplane.io'
	kind: Configuration
	- group: 'pkg.crossplane.io'
	kind: Lock
	- group: 'pkg.crossplane.io'
	kind: Provider
	- group: 'aws.crossplane.io'
	kind: ProviderConfig
	- group: 'eks.sarathy.io'
	kind: EKSCluster
	- group: 'eks.aws.crossplane.io'
	kind: NodeGroup
	- group: 'eks.aws.crossplane.io'
	kind: Cluster
	- group: 'ec2.aws.crossplane.io'
	kind: Subnet
	- group: 'ec2.aws.crossplane.io'
	kind: RouteTable
	- group: 'ec2.aws.crossplane.io'
	kind: SecurityGroup
	#
	#
	# Allow all namespace-scoped resources to be created, except for ResourceQuota, LimitRange, NetworkPolicy
	#
	namespaceResourceBlacklist:
	- group: ''
	kind: ResourceQuota
	- group: ''
	kind: LimitRange
	- group: ''
	kind: NetworkPolicy