# Argo CD "App-of-Apps" root application.
# A single root Application points at a directory of child Application manifests,
# so onboarding a new app/cluster is a Git commit, not console click-ops.
# Argo CD reconciles the repo to the cluster and self-heals drift.
# Replace REPO_URL and paths. Store NO plaintext secrets in this repo - use
# External Secrets Operator backed by AWS Secrets Manager, and EKS Pod Identity/
# IRSA for AWS access. Test against a non-prod cluster first.
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: root
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  source:
    repoURL: REPO_URL            # e.g. https://github.com/your-org/gitops
    targetRevision: main
    path: apps                   # directory of child Application manifests
  destination:
    server: https://kubernetes.default.svc
    namespace: argocd
  syncPolicy:
    automated:
      prune: true                # delete resources removed from Git
      selfHeal: true             # revert manual (drift) changes back to Git state
    syncOptions:
      - CreateNamespace=true
      - PruneLast=true
    retry:
      limit: 5
      backoff:
        duration: 15s
        factor: 2
        maxDuration: 5m