argocd: A4 - OIDC login via Authentik, argocd-config app
This commit is contained in:
parent
3f23c09263
commit
40ec0966de
18
argocd/apps/argocd-config.yaml
Normal file
18
argocd/apps/argocd-config.yaml
Normal file
@ -0,0 +1,18 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: argocd-config
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: default
|
||||
source:
|
||||
repoURL: https://gitea.nik4nao.com/nik/homelab.git
|
||||
targetRevision: main
|
||||
path: manifests/argocd
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: argocd
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: false
|
||||
selfHeal: true
|
||||
@ -18,6 +18,22 @@ spec:
|
||||
configs:
|
||||
params:
|
||||
server.insecure: "true"
|
||||
cm:
|
||||
oidc.config: |
|
||||
name: Authentik
|
||||
issuer: https://auth.nik4nao.com/application/o/argocd/
|
||||
clientID: xg3XsKFdFhAt8103X9KUoH72MiPEyLDlpTDcx5hT
|
||||
clientSecret: $argocd-oidc-secret:oidc.authentik.clientSecret
|
||||
requestedScopes:
|
||||
- openid
|
||||
- profile
|
||||
- email
|
||||
- groups
|
||||
rbac:
|
||||
policy.default: role:readonly
|
||||
policy.csv: |
|
||||
g, authentik Admins, role:admin
|
||||
scopes: '[groups]'
|
||||
server:
|
||||
ingress:
|
||||
enabled: false
|
||||
|
||||
13
manifests/argocd/argocd-oidc-sealed.yaml
Normal file
13
manifests/argocd/argocd-oidc-sealed.yaml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
name: argocd-oidc-secret
|
||||
namespace: argocd
|
||||
spec:
|
||||
encryptedData:
|
||||
oidc.authentik.clientSecret: AgBw8t3SoFx9ldF2wSp/vC76jkQ6OqVrcha4dJzm31t0V7r0LWioX0alr/Ss/fT9NKH4o/QG4gtSfn4pmz7pfhI1Qz8qnAdY89OhXJmS8YAGQjDnNenksFdmmfvKCE4eq0Y/CGEw5PVDFhYsdQEGR3S6MW0XOyz+zAi6BDllAmdBfIz5D0n5ueQ0tOg5IHraXNS3ale1pkpiKey2HavXB65rfUD1IQu/C+4kMzDLB4aUplawJQ0leTAtJZcq9sfyOZZdhXaKJIKAYcvwpCaWbebW8T44GEWy00xYlAYDavSXiVfopzI7UqAOc/SUOSI3qlXT4j//Y5OyIdkWI1Q4U7c+kvCbQFujkzDF+I8/1tShSq09wzKqVj/CEysvwL4aWo9lMuFF+qBTme9b8vDpXtOfPb8m2SRZH6HVcytAHRfrF9yPdVs+DoyBVt42g8czwFYj+L0XqtY3fCvM81YOKsAztEdch6q7IdE3R9RtFAwsK22Z7RwKdCMQ2617GE4htz4iHrPoChOWpbr+3aCyOYe+KEoLgrlthgA1V8CEhtQyRT4HZ69n+GiDk8qLN70FN6PNmkUQ51TveW5fC9pAYJfkzk9FEdvhZls49F1bErcMnVyhyD3IH3RZXGWhAWhpHGAoLMCMnd9wSCKhV98wqIn7Zput5Ul6RWl80i0X63hgbViXXV4ppwwyz/uWJiaavIu0G5yJePppGnB41Z0G34EFto4270FsSDwGa8xfWXsLBSV5ERa60YmzqrViapTNiQ3GaIHBjeC48uPMSTUmUQukxyglhU7oEv446+VtjCrFOlhYLj+Csv4IhnGg+8F5T3DDfqYO+COAIae3hM9LaDQuarWinzhtEY/JosmOVYj4Aw==
|
||||
template:
|
||||
metadata:
|
||||
name: argocd-oidc-secret
|
||||
namespace: argocd
|
||||
Loading…
x
Reference in New Issue
Block a user