Added argocd
This commit is contained in:
Ultradesu
@ -10,9 +10,12 @@ spec:
|
||||
deletionPolicy: Delete
|
||||
template:
|
||||
type: Opaque
|
||||
metadata:
|
||||
labels:
|
||||
app.kubernetes.io/part-of: argocd
|
||||
data:
|
||||
dex.authentik.clientID: "{{ .client_id | quote }}"
|
||||
dex.authentik.clientSecret: "{{ .client_secret | quote }}"
|
||||
id: "{{ .client_id | quote }}"
|
||||
secret: "{{ .client_secret | quote }}"
|
||||
data:
|
||||
- secretKey: client_id
|
||||
sourceRef:
|
||||
|
||||
@ -4,7 +4,7 @@ kind: Kustomization
|
||||
resources:
|
||||
- app.yaml
|
||||
- ingress.yaml
|
||||
# - external-secrets.yaml
|
||||
- external-secrets.yaml
|
||||
|
||||
helmCharts:
|
||||
- name: argo-cd
|
||||
|
||||
@ -19,16 +19,13 @@ configs:
|
||||
application.instanceLabelKey: argocd.argoproj.io/instance
|
||||
admin.enabled: true
|
||||
timeout.reconciliation: 60s
|
||||
dex.config: |
|
||||
connectors:
|
||||
- type: oidc
|
||||
id: authentik
|
||||
oidc.config: |
|
||||
name: Authentik
|
||||
config:
|
||||
issuer: https://auth.hexor.cy/application/o/argocd/
|
||||
clientID: $dex.authentik.clientID
|
||||
clientSecret: $dex.authentik.clientSecret
|
||||
redirectURI: https://ag.hexor.cy/api/dex/callback
|
||||
issuer: https://idm.hexor.cy/application/o/argocd/
|
||||
clientID: $oidc-creds:id
|
||||
clientSecret: $oidc-creds:secret
|
||||
requestedScopes: ["openid", "profile", "email", "groups"]
|
||||
requestedIDTokenClaims: {"groups": {"essential": true}}
|
||||
rbac:
|
||||
create: true
|
||||
policy.default: ""
|
||||
@ -38,26 +35,19 @@ configs:
|
||||
secret:
|
||||
createSecret: true
|
||||
argocdServerAdminPassword: "" # <--- SET BCRYPT HASH HERE OR MANAGE EXTERNALLY
|
||||
extra:
|
||||
dex.authentik.clientID:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-creds
|
||||
key: client-id
|
||||
dex.authentik.clientSecret:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: oidc-creds
|
||||
key: client-secret
|
||||
|
||||
controller:
|
||||
replicas: 1
|
||||
nodeSelector:
|
||||
kubernetes.io/hostname: master.tail2fe2d.ts.net
|
||||
# Add resources (requests/limits), PDB etc. if needed
|
||||
|
||||
# Dex OIDC provider
|
||||
dex:
|
||||
enabled: true # Keep enabled unless using external OIDC/SAML directly
|
||||
# Add resources, PDB etc. if needed
|
||||
replicas: 1
|
||||
nodeSelector:
|
||||
kubernetes.io/hostname: master.tail2fe2d.ts.net
|
||||
enabled: false
|
||||
|
||||
# Standard Redis disabled because Redis HA is enabled
|
||||
redis:
|
||||
@ -78,6 +68,8 @@ redis-ha:
|
||||
# Argo CD Server (API and UI)
|
||||
server:
|
||||
replicas: 1
|
||||
nodeSelector:
|
||||
kubernetes.io/hostname: master.tail2fe2d.ts.net
|
||||
ingress:
|
||||
enabled: false
|
||||
|
||||
@ -90,15 +82,22 @@ server:
|
||||
# Repository Server
|
||||
repoServer:
|
||||
replicas: 1
|
||||
nodeSelector:
|
||||
kubernetes.io/hostname: master.tail2fe2d.ts.net
|
||||
# Add resources (requests/limits), PDB etc. if needed
|
||||
|
||||
# ApplicationSet Controller
|
||||
applicationSet:
|
||||
enabled: true # Enabled by default
|
||||
replicas: 1
|
||||
nodeSelector:
|
||||
kubernetes.io/hostname: master.tail2fe2d.ts.net
|
||||
# Add resources (requests/limits), PDB etc. if needed
|
||||
|
||||
# Notifications Controller
|
||||
notifications:
|
||||
enabled: true # Enabled by default
|
||||
replicas: 1
|
||||
nodeSelector:
|
||||
kubernetes.io/hostname: master.tail2fe2d.ts.net
|
||||
# Add notifiers, triggers, templates configurations if needed
|
||||
|
||||
Reference in New Issue
Block a user