Added Argocd oidc config

k8s/core/argocd/kustomization.yaml

@@ -2,6 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
+  - external-secrets.yaml
   - app.yaml
   - ingress.yaml
 

k8s/core/argocd/values.yaml

@@ -18,17 +18,37 @@ configs:
     kustomize.buildOptions: --enable-helm
     application.instanceLabelKey: argocd.argoproj.io/instance
     admin.enabled: true
-    timeout.reconciliation: 180s
+    timeout.reconciliation: 60s
+    dex.config: |
+      connectors:
+        - type: oidc
+          id: authentik
+          name: Authentik
+          config:
+            issuer: https://auth.hexor.cy/application/o/argocd/
+            clientID: $dex.authentik.clientID
+            clientSecret: $dex.authentik.clientSecret
+            redirectURI: https://ag.hexor.cy/api/dex/callback
   rbac:
     create: true
     policy.default: ""
-    # policy.csv: |
+    policy.csv: |
-    #   p, role:org-admin, applications, *, */*, allow
+      g, k8s_dashboard, role:admin
-    #   g, your-github-group, role:org-admin
 
   secret:
     createSecret: true
     argocdServerAdminPassword: "" # <--- SET BCRYPT HASH HERE OR MANAGE EXTERNALLY
+    extra:
+      dex.authentik.clientID:
+        valueFrom:
+          secretKeyRef:
+            name: oidc-creds
+            key: client-id
+      dex.authentik.clientSecret:
+        valueFrom:
+          secretKeyRef:
+            name: oidc-creds
+            key: client-secret
 
 controller:
   replicas: 1

k8s/core/authentik/external-secrets.yaml

@@ -1,3 +1,4 @@
+---
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata: