apiVersion: v1
kind: Secret
metadata:
  name: kubernetes-repo
  namespace: argocd
  labels:
    argocd.argoproj.io/secret-type: repository
stringData:
  url: https://github.com/kubernetes/k8s.io
  name: kubernetes
  type: git
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: apps
spec:
  destination:
    namespace: argocd
    server: https://kubernetes.default.svc
  project: default
  source:
    path: kubernetes/apps
    repoURL: https://github.com/kubernetes/k8s.io
    targetRevision: main
  syncPolicy:
    automated:
      prune: false
      selfHeal: true
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: argocd
spec:
  hostnames:
    - argo.k8s.io
  parentRefs:
    - name: istio-ingressgateway
      namespace: istio-system
      sectionName: https
  rules:
    - backendRefs:
        - name: argocd-server
          port: 80
---
apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata:
  name: argocd
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: argocd-server
  action: ALLOW
  rules:
    - from:
        - source:
            namespaces:
              - istio-system
      when:
        - key: request.headers[X-Auth-Request-User]
          values:
            - ameukam
            - GenPage
            - hakman
            - iftachk
            - upodroid
            - xmudrii