apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: cert-manager
  namespace: argo-cd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  destination:
    server: https://kubernetes.default.svc
    namespace: cert-manager
  project: default
  source:
    chart: cert-manager
    helm:
      values: |

        prometheus:
          enabled: false

        extraArgs:
          - --enable-certificate-owner-ref=true

    repoURL: https://charts.jetstack.io
    targetRevision: 1.10.1

  syncPolicy:
    automated:
      prune: true
      selfHeal: true

# ---
# apiVersion: cert-manager.io/v1
# kind: ClusterIssuer
# metadata:
#   name: roxedus.com-cloudflare
#   namespace: cert-manager
# spec:
#   acme:
#     server: https://acme-v02.api.letsencrypt.org/directory
#     privateKeySecretRef:
#       name: cloudflare-issuer-account-key
#     solvers:
#     - dns01:
#         cloudflare:
#           apiTokenSecretRef:
#             name: cloudflare-api-token-secret
#             key: CLOUDFLARE_API_KEY
#       selector:
#         dnsNames:
#         - 'roxedus.com'
#         - '*.roxedus.com'
# ---
# apiVersion: networking.k8s.io/v1
# kind: Ingress
# metadata:
#   annotations:
#     # add an annotation indicating the issuer to use.
#     cert-manager.io/acme-challenge-type: dns01
#     cert-manager.io/cluster-issuer: roxedus.com-cloudflare
#   name: myingress
#   namespace: default
# spec:
#   ingressClassName: traefik
#   rules:
#   - host: test.roxedus.com
#     http:
#       paths:
#       - pathType: Prefix
#         path: /
#         backend:
#           service:
#             name: searxng
#             port:
#               number: 8080
#   tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
#   - hosts:
#     - test.roxedus.com
#     secretName: test-roxedus-com-cert # < cert-manager will store the created certificate in this secret.