added argocd config

2025-02-12 19:16:50 +01:00 · 2025-02-12 19:16:50 +01:00 · 85ad668497
commit 85ad668497
parent a2119dee6e
2 changed files with 26 additions and 2 deletions
--- a/stages/delivery/.envs/.argocd-oidc-secret.template
+++ b/stages/delivery/.envs/.argocd-oidc-secret.template
@ -0,0 +1 @@
+{{ pw "46289080-39de-4e5e-bae5-6be41b08e25b" }}
--- a/stages/delivery/values/argocd.values.yaml
+++ b/stages/delivery/values/argocd.values.yaml
@ -1,9 +1,32 @@
 global:
  domain: argo.kropcloud.net

+secret:
+  extra:
+    dex.kropcloud-idp.clientSecret: {{ readFile ../.envs}}
+
 configs:
  params:
    server.insecure: true
+  cm:
+    dex.config: |
+      connectors:
+      - id: authentik
+        type: oidc
+        name: KropCloud IDP
+        config:
+          issuer: https://idp.kropcloud.net/application/o/argocd/
+          clientID: R6KnCiwgsevzTkWhB9dopV80sHxL8kS4QjVlMmqI
+          clientSecret: $oidc.kropcloud-idp.clientSecret
+        insecureEnableGroups: true
+        scopes:
+          - openid
+          - profile
+          - email
+          - groups
+  rbac:
+    policy.csv: |
+      g, ArgoCD Admins, role:admin

 redis-ha:
  enabled: true
@ -18,9 +41,9 @@ server:
    ingressClassName: nginx
    annotations:
        nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-        nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+        nginx.ingress.kubernetes.io/ssl-passthrough: "true"
        cert-manager.io/cluster-issuer: cloudflare-issuer
-    extraTls:
+    tls:
      - hosts:
          - argo.kropcloud.net
        secretName: argocd-tls
				`@ -0,0 +1 @@`
				`{{ pw "46289080-39de-4e5e-bae5-6be41b08e25b" }}`