From 61754a9666b245d7e2b335b874018f629bc51623 Mon Sep 17 00:00:00 2001 From: Ultradesu Date: Sat, 12 Apr 2025 13:18:15 +0100 Subject: [PATCH] Added argocd --- k8s/core/argocd/external-secrets.yaml | 7 +++-- k8s/core/argocd/kustomization.yaml | 2 +- k8s/core/argocd/values.yaml | 45 +++++++++++++-------------- 3 files changed, 28 insertions(+), 26 deletions(-) diff --git a/k8s/core/argocd/external-secrets.yaml b/k8s/core/argocd/external-secrets.yaml index 4ed16fc..5a0f609 100644 --- a/k8s/core/argocd/external-secrets.yaml +++ b/k8s/core/argocd/external-secrets.yaml @@ -10,9 +10,12 @@ spec: deletionPolicy: Delete template: type: Opaque + metadata: + labels: + app.kubernetes.io/part-of: argocd data: - dex.authentik.clientID: "{{ .client_id | quote }}" - dex.authentik.clientSecret: "{{ .client_secret | quote }}" + id: "{{ .client_id | quote }}" + secret: "{{ .client_secret | quote }}" data: - secretKey: client_id sourceRef: diff --git a/k8s/core/argocd/kustomization.yaml b/k8s/core/argocd/kustomization.yaml index 5271bc2..9c34c50 100644 --- a/k8s/core/argocd/kustomization.yaml +++ b/k8s/core/argocd/kustomization.yaml @@ -4,7 +4,7 @@ kind: Kustomization resources: - app.yaml - ingress.yaml -# - external-secrets.yaml + - external-secrets.yaml helmCharts: - name: argo-cd diff --git a/k8s/core/argocd/values.yaml b/k8s/core/argocd/values.yaml index 5a30f1f..8777f1c 100644 --- a/k8s/core/argocd/values.yaml +++ b/k8s/core/argocd/values.yaml @@ -19,16 +19,13 @@ configs: application.instanceLabelKey: argocd.argoproj.io/instance admin.enabled: true timeout.reconciliation: 60s - dex.config: | - connectors: - - type: oidc - id: authentik - name: Authentik - config: - issuer: https://auth.hexor.cy/application/o/argocd/ - clientID: $dex.authentik.clientID - clientSecret: $dex.authentik.clientSecret - redirectURI: https://ag.hexor.cy/api/dex/callback + oidc.config: | + name: Authentik + issuer: https://idm.hexor.cy/application/o/argocd/ + clientID: $oidc-creds:id + clientSecret: $oidc-creds:secret + requestedScopes: ["openid", "profile", "email", "groups"] + requestedIDTokenClaims: {"groups": {"essential": true}} rbac: create: true policy.default: "" @@ -38,26 +35,19 @@ configs: secret: createSecret: true argocdServerAdminPassword: "" # <--- SET BCRYPT HASH HERE OR MANAGE EXTERNALLY - extra: - dex.authentik.clientID: - valueFrom: - secretKeyRef: - name: oidc-creds - key: client-id - dex.authentik.clientSecret: - valueFrom: - secretKeyRef: - name: oidc-creds - key: client-secret controller: replicas: 1 + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net # Add resources (requests/limits), PDB etc. if needed # Dex OIDC provider dex: - enabled: true # Keep enabled unless using external OIDC/SAML directly - # Add resources, PDB etc. if needed + replicas: 1 + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net + enabled: false # Standard Redis disabled because Redis HA is enabled redis: @@ -78,6 +68,8 @@ redis-ha: # Argo CD Server (API and UI) server: replicas: 1 + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net ingress: enabled: false @@ -90,15 +82,22 @@ server: # Repository Server repoServer: replicas: 1 + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net # Add resources (requests/limits), PDB etc. if needed # ApplicationSet Controller applicationSet: enabled: true # Enabled by default replicas: 1 + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net # Add resources (requests/limits), PDB etc. if needed # Notifications Controller notifications: enabled: true # Enabled by default + replicas: 1 + nodeSelector: + kubernetes.io/hostname: master.tail2fe2d.ts.net # Add notifiers, triggers, templates configurations if needed