From 3b35ab2122249f502f1b97dda409f4b0a2d4abd4 Mon Sep 17 00:00:00 2001
From: Ultradesu <ultradesu@hexor.cy>
Date: Sun, 6 Apr 2025 19:54:48 +0100
Subject: [PATCH] Added Argocd oidc config

---
 k8s/core/argocd/kustomization.yaml       |  1 +
 k8s/core/argocd/values.yaml              | 28 ++++++++++++++++++++----
 k8s/core/authentik/external-secrets.yaml |  1 +
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/k8s/core/argocd/kustomization.yaml b/k8s/core/argocd/kustomization.yaml
index a7aff1e..d9b378c 100644
--- a/k8s/core/argocd/kustomization.yaml
+++ b/k8s/core/argocd/kustomization.yaml
@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
+  - external-secrets.yaml
   - app.yaml
   - ingress.yaml
 
diff --git a/k8s/core/argocd/values.yaml b/k8s/core/argocd/values.yaml
index 78b9992..5a30f1f 100644
--- a/k8s/core/argocd/values.yaml
+++ b/k8s/core/argocd/values.yaml
@@ -18,17 +18,37 @@ configs:
     kustomize.buildOptions: --enable-helm
     application.instanceLabelKey: argocd.argoproj.io/instance
     admin.enabled: true
-    timeout.reconciliation: 180s
+    timeout.reconciliation: 60s
+    dex.config: |
+      connectors:
+        - type: oidc
+          id: authentik
+          name: Authentik
+          config:
+            issuer: https://auth.hexor.cy/application/o/argocd/
+            clientID: $dex.authentik.clientID
+            clientSecret: $dex.authentik.clientSecret
+            redirectURI: https://ag.hexor.cy/api/dex/callback
   rbac:
     create: true
     policy.default: ""
-    # policy.csv: |
-    #   p, role:org-admin, applications, *, */*, allow
-    #   g, your-github-group, role:org-admin
+    policy.csv: |
+      g, k8s_dashboard, role:admin
 
   secret:
     createSecret: true
     argocdServerAdminPassword: "" # <--- SET BCRYPT HASH HERE OR MANAGE EXTERNALLY
+    extra:
+      dex.authentik.clientID:
+        valueFrom:
+          secretKeyRef:
+            name: oidc-creds
+            key: client-id
+      dex.authentik.clientSecret:
+        valueFrom:
+          secretKeyRef:
+            name: oidc-creds
+            key: client-secret
 
 controller:
   replicas: 1
diff --git a/k8s/core/authentik/external-secrets.yaml b/k8s/core/authentik/external-secrets.yaml
index 8e0618a..ec1dfb3 100644
--- a/k8s/core/authentik/external-secrets.yaml
+++ b/k8s/core/authentik/external-secrets.yaml
@@ -1,3 +1,4 @@
+---
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata: