stackrox
diff --git a/‎dev/config/gitops-config.yaml
Lines changed: 52 additions & 11 deletions b/‎dev/config/gitops-config.yaml
Lines changed: 52 additions & 11 deletions
diff --git a/‎dev/env/manifests/openshift-gitops/04-clusterrole.yaml
Lines changed: 5 additions & 0 deletions b/‎dev/env/manifests/openshift-gitops/04-clusterrole.yaml
Lines changed: 5 additions & 0 deletions
diff --git a/‎dev/env/manifests/shared/00-namespace.yaml
Lines changed: 6 additions & 0 deletions b/‎dev/env/manifests/shared/00-namespace.yaml
Lines changed: 6 additions & 0 deletions
@@ -1,14 +1,55 @@
-rhacsOperators:
-  crdUrls:
-    - https://raw.githubusercontent.com/stackrox/stackrox/4.6.2/operator/bundle/manifests/platform.stackrox.io_securedclusters.yaml
-    - https://raw.githubusercontent.com/stackrox/stackrox/4.6.2/operator/bundle/manifests/platform.stackrox.io_centrals.yaml
-  operators:
-    - deploymentName: "rhacs-operator-dev"
-      image: "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a96572d0df791da60763dec4b4f0f52124772c3649303170968806dcc3de8269" # 4.6.2
-      centralLabelSelector: "rhacs.redhat.com/version-selector=dev"
-      securedClusterReconcilerEnabled: false
-verticalPodAutoscaling:
-  recommenders: []
+applications:
+
+  # Install the RHACS CRDs (Central and SecuredCluster)
+  - metadata:
+      name: rhacs-crds
+    spec:
+      destination:
+        namespace: my-app
+        server: https://kubernetes.default.svc
+      project: default
+      source:
+        directory:
+          include: '{platform.stackrox.io_centrals.yaml,platform.stackrox.io_securedclusters.yaml}'
+        path: operator/bundle/manifests
+        repoURL: https://github.com/stackrox/stackrox
+        targetRevision: 4.6.2
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+        syncOptions:
+          - ServerSideApply=true
+
+  # Install the rhacs-operators
+  - metadata:
+      name: rhacs-operators
+    spec:
+      ignoreDifferences:
+        - kind: ServiceAccount
+          jsonPointers:
+            - /imagePullSecrets
+      destination:
+        namespace: rhacs
+        server: https://kubernetes.default.svc
+      project: default
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeal: true
+      source:
+        path: rhacs-operator-legacy
+        repoURL: https://github.com/stackrox/acscs-manifests
+        targetRevision: HEAD
+        helm:
+          valuesObject:
+            operator:
+              images:
+                - deploymentName: "rhacs-operator-4.6.2"
+                  image: "registry.redhat.io/advanced-cluster-security/rhacs-rhel8-operator@sha256:a96572d0df791da60763dec4b4f0f52124772c3649303170968806dcc3de8269"
+                  centralLabelSelector: "rhacs.redhat.com/version-selector=4.6.2"
+                  securedClusterLabelSelector: "rhacs.redhat.com/selector=dogfooding"
+
 tenantResources:
   default: |
     rolloutGroup: "dev"
 
@@ -5,9 +5,14 @@ kind: ClusterRole
 metadata:
   name: custom-acscs-openshift-gitops
 rules:
+  # Allow managing stackrox centrals and securedClusters
   - apiGroups: [ "platform.stackrox.io" ]
     resources: [ "centrals" ]
     verbs: [ "*" ]
+  # Allow managing CRDs
+  - apiGroups: [ "apiextensions.k8s.io" ]
+    resources: [ "customresourcedefinitions" ]
+    verbs: [ "*" ]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 
@@ -2,13 +2,19 @@ kind: Namespace
 apiVersion: v1
 metadata:
   name: "$ACSCS_NAMESPACE"
+  labels:
+    argocd.argoproj.io/managed-by: "$ARGOCD_NAMESPACE"
 ---
 kind: Namespace
 apiVersion: v1
 metadata:
   name: $STACKROX_OPERATOR_NAMESPACE
+  labels:
+    argocd.argoproj.io/managed-by: "$ARGOCD_NAMESPACE"
 ---
 kind: Namespace
 apiVersion: v1
 metadata:
   name: rhacs-vertical-pod-autoscaler
+  labels:
+    argocd.argoproj.io/managed-by: "$ARGOCD_NAMESPACE"