diff --git a/argocd/apps/argocd-config.yaml b/argocd/apps/argocd-config.yaml new file mode 100644 index 0000000..fff4ebe --- /dev/null +++ b/argocd/apps/argocd-config.yaml @@ -0,0 +1,18 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argocd-config + namespace: argocd +spec: + project: default + source: + repoURL: https://gitea.nik4nao.com/nik/homelab.git + targetRevision: main + path: manifests/argocd + destination: + server: https://kubernetes.default.svc + namespace: argocd + syncPolicy: + automated: + prune: false + selfHeal: true \ No newline at end of file diff --git a/argocd/apps/argocd-self.yaml b/argocd/apps/argocd-self.yaml index 90ca573..e6d785a 100644 --- a/argocd/apps/argocd-self.yaml +++ b/argocd/apps/argocd-self.yaml @@ -18,6 +18,22 @@ spec: configs: params: server.insecure: "true" + cm: + oidc.config: | + name: Authentik + issuer: https://auth.nik4nao.com/application/o/argocd/ + clientID: xg3XsKFdFhAt8103X9KUoH72MiPEyLDlpTDcx5hT + clientSecret: $argocd-oidc-secret:oidc.authentik.clientSecret + requestedScopes: + - openid + - profile + - email + - groups + rbac: + policy.default: role:readonly + policy.csv: | + g, authentik Admins, role:admin + scopes: '[groups]' server: ingress: enabled: false diff --git a/manifests/argocd/argocd-oidc-sealed.yaml b/manifests/argocd/argocd-oidc-sealed.yaml new file mode 100644 index 0000000..c05aeff --- /dev/null +++ b/manifests/argocd/argocd-oidc-sealed.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + name: argocd-oidc-secret + namespace: argocd +spec: + encryptedData: + oidc.authentik.clientSecret: AgBw8t3SoFx9ldF2wSp/vC76jkQ6OqVrcha4dJzm31t0V7r0LWioX0alr/Ss/fT9NKH4o/QG4gtSfn4pmz7pfhI1Qz8qnAdY89OhXJmS8YAGQjDnNenksFdmmfvKCE4eq0Y/CGEw5PVDFhYsdQEGR3S6MW0XOyz+zAi6BDllAmdBfIz5D0n5ueQ0tOg5IHraXNS3ale1pkpiKey2HavXB65rfUD1IQu/C+4kMzDLB4aUplawJQ0leTAtJZcq9sfyOZZdhXaKJIKAYcvwpCaWbebW8T44GEWy00xYlAYDavSXiVfopzI7UqAOc/SUOSI3qlXT4j//Y5OyIdkWI1Q4U7c+kvCbQFujkzDF+I8/1tShSq09wzKqVj/CEysvwL4aWo9lMuFF+qBTme9b8vDpXtOfPb8m2SRZH6HVcytAHRfrF9yPdVs+DoyBVt42g8czwFYj+L0XqtY3fCvM81YOKsAztEdch6q7IdE3R9RtFAwsK22Z7RwKdCMQ2617GE4htz4iHrPoChOWpbr+3aCyOYe+KEoLgrlthgA1V8CEhtQyRT4HZ69n+GiDk8qLN70FN6PNmkUQ51TveW5fC9pAYJfkzk9FEdvhZls49F1bErcMnVyhyD3IH3RZXGWhAWhpHGAoLMCMnd9wSCKhV98wqIn7Zput5Ul6RWl80i0X63hgbViXXV4ppwwyz/uWJiaavIu0G5yJePppGnB41Z0G34EFto4270FsSDwGa8xfWXsLBSV5ERa60YmzqrViapTNiQ3GaIHBjeC48uPMSTUmUQukxyglhU7oEv446+VtjCrFOlhYLj+Csv4IhnGg+8F5T3DDfqYO+COAIae3hM9LaDQuarWinzhtEY/JosmOVYj4Aw== + template: + metadata: + name: argocd-oidc-secret + namespace: argocd