argocd: A4 - OIDC login via Authentik, argocd-config app
This commit is contained in:
parent
3f23c09263
commit
40ec0966de
18
argocd/apps/argocd-config.yaml
Normal file
18
argocd/apps/argocd-config.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: argocd-config
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: https://gitea.nik4nao.com/nik/homelab.git
|
||||||
|
targetRevision: main
|
||||||
|
path: manifests/argocd
|
||||||
|
destination:
|
||||||
|
server: https://kubernetes.default.svc
|
||||||
|
namespace: argocd
|
||||||
|
syncPolicy:
|
||||||
|
automated:
|
||||||
|
prune: false
|
||||||
|
selfHeal: true
|
||||||
@ -18,6 +18,22 @@ spec:
|
|||||||
configs:
|
configs:
|
||||||
params:
|
params:
|
||||||
server.insecure: "true"
|
server.insecure: "true"
|
||||||
|
cm:
|
||||||
|
oidc.config: |
|
||||||
|
name: Authentik
|
||||||
|
issuer: https://auth.nik4nao.com/application/o/argocd/
|
||||||
|
clientID: xg3XsKFdFhAt8103X9KUoH72MiPEyLDlpTDcx5hT
|
||||||
|
clientSecret: $argocd-oidc-secret:oidc.authentik.clientSecret
|
||||||
|
requestedScopes:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- email
|
||||||
|
- groups
|
||||||
|
rbac:
|
||||||
|
policy.default: role:readonly
|
||||||
|
policy.csv: |
|
||||||
|
g, authentik Admins, role:admin
|
||||||
|
scopes: '[groups]'
|
||||||
server:
|
server:
|
||||||
ingress:
|
ingress:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|||||||
13
manifests/argocd/argocd-oidc-sealed.yaml
Normal file
13
manifests/argocd/argocd-oidc-sealed.yaml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
name: argocd-oidc-secret
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
oidc.authentik.clientSecret: AgBw8t3SoFx9ldF2wSp/vC76jkQ6OqVrcha4dJzm31t0V7r0LWioX0alr/Ss/fT9NKH4o/QG4gtSfn4pmz7pfhI1Qz8qnAdY89OhXJmS8YAGQjDnNenksFdmmfvKCE4eq0Y/CGEw5PVDFhYsdQEGR3S6MW0XOyz+zAi6BDllAmdBfIz5D0n5ueQ0tOg5IHraXNS3ale1pkpiKey2HavXB65rfUD1IQu/C+4kMzDLB4aUplawJQ0leTAtJZcq9sfyOZZdhXaKJIKAYcvwpCaWbebW8T44GEWy00xYlAYDavSXiVfopzI7UqAOc/SUOSI3qlXT4j//Y5OyIdkWI1Q4U7c+kvCbQFujkzDF+I8/1tShSq09wzKqVj/CEysvwL4aWo9lMuFF+qBTme9b8vDpXtOfPb8m2SRZH6HVcytAHRfrF9yPdVs+DoyBVt42g8czwFYj+L0XqtY3fCvM81YOKsAztEdch6q7IdE3R9RtFAwsK22Z7RwKdCMQ2617GE4htz4iHrPoChOWpbr+3aCyOYe+KEoLgrlthgA1V8CEhtQyRT4HZ69n+GiDk8qLN70FN6PNmkUQ51TveW5fC9pAYJfkzk9FEdvhZls49F1bErcMnVyhyD3IH3RZXGWhAWhpHGAoLMCMnd9wSCKhV98wqIn7Zput5Ul6RWl80i0X63hgbViXXV4ppwwyz/uWJiaavIu0G5yJePppGnB41Z0G34EFto4270FsSDwGa8xfWXsLBSV5ERa60YmzqrViapTNiQ3GaIHBjeC48uPMSTUmUQukxyglhU7oEv446+VtjCrFOlhYLj+Csv4IhnGg+8F5T3DDfqYO+COAIae3hM9LaDQuarWinzhtEY/JosmOVYj4Aw==
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
name: argocd-oidc-secret
|
||||||
|
namespace: argocd
|
||||||
Loading…
x
Reference in New Issue
Block a user