From 85ad668497c76b07f9dcf2a91c7433ddb6a4cd3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Krop=C3=A1=C4=8Dek?= Date: Wed, 12 Feb 2025 19:16:50 +0100 Subject: [PATCH] added argocd config --- .../.envs/.argocd-oidc-secret.template | 1 + stages/delivery/values/argocd.values.yaml | 27 +++++++++++++++++-- 2 files changed, 26 insertions(+), 2 deletions(-) create mode 100644 stages/delivery/.envs/.argocd-oidc-secret.template diff --git a/stages/delivery/.envs/.argocd-oidc-secret.template b/stages/delivery/.envs/.argocd-oidc-secret.template new file mode 100644 index 0000000..4540407 --- /dev/null +++ b/stages/delivery/.envs/.argocd-oidc-secret.template @@ -0,0 +1 @@ +{{ pw "46289080-39de-4e5e-bae5-6be41b08e25b" }} \ No newline at end of file diff --git a/stages/delivery/values/argocd.values.yaml b/stages/delivery/values/argocd.values.yaml index 91b7769..587a565 100644 --- a/stages/delivery/values/argocd.values.yaml +++ b/stages/delivery/values/argocd.values.yaml @@ -1,9 +1,32 @@ global: domain: argo.kropcloud.net +secret: + extra: + dex.kropcloud-idp.clientSecret: {{ readFile ../.envs}} + configs: params: server.insecure: true + cm: + dex.config: | + connectors: + - id: authentik + type: oidc + name: KropCloud IDP + config: + issuer: https://idp.kropcloud.net/application/o/argocd/ + clientID: R6KnCiwgsevzTkWhB9dopV80sHxL8kS4QjVlMmqI + clientSecret: $oidc.kropcloud-idp.clientSecret + insecureEnableGroups: true + scopes: + - openid + - profile + - email + - groups + rbac: + policy.csv: | + g, ArgoCD Admins, role:admin redis-ha: enabled: true @@ -18,9 +41,9 @@ server: ingressClassName: nginx annotations: nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/ssl-passthrough: "true" cert-manager.io/cluster-issuer: cloudflare-issuer - extraTls: + tls: - hosts: - argo.kropcloud.net secretName: argocd-tls