apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: rancher
  namespace: argocd
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  ignoreDifferences:
  - group: apps
    kind: Deployment
    jsonPointers: ["/metadata/finalizers"]
  destination:
    namespace: cattle-system
    server: {{ $.Values.spec.destination.server }}
  project: homelab
  source:
    repoURL: https://releases.rancher.com/server-charts/stable
    chart: rancher
    targetRevision: v2.13.1
    helm:
      values: |
        hostname: rancher.k8s.hnrx.net
        replicas: 1
        bootstrapPassword: "admin123!"
        agentTLSMode: system-store # Because we use external TLS with Let's Encrypt 
        ingress:
          enabled: false
        service:
          type: ClusterIP
        persistence:
          enabled: true
          size: 10Gi
          storageClass: nfs-csi
        tls: external
        extraEnv:
          - name: CATTLE_FEATURES
            value: "continuous-delivery=false"

  syncPolicy:
    automated: 
      selfHeal: true
    syncOptions:
      - CreateNamespace=true

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: rancher-route
  namespace: default
spec:
  parentRefs:
    - name: shared-gateway  # Ihr Envoy Gateway
      namespace: default
  hostnames:
    - "rancher.k8s.hnrx.net"
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: rancher  # Rancher Service Name
          port: 80  # Rancher läuft auf Port 80 intern