apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: argocd namespace: argocd finalizers: - resources-finalizer.argocd.argoproj.io spec: project: default source: repoURL: https://argoproj.github.io/argo-helm chart: argo-cd targetRevision: 9.4.15 helm: values: | global: domain: argocd.home.arpa configs: params: server.insecure: "true" cm: oidc.config: | name: Authentik issuer: https://auth.nik4nao.com/application/o/argocd/ clientID: xg3XsKFdFhAt8103X9KUoH72MiPEyLDlpTDcx5hT clientSecret: $argocd-oidc-secret:oidc.authentik.clientSecret clientAuthMethod: client_secret_post requestedScopes: - openid - profile - email - groups rbac: policy.default: role:readonly policy.csv: | g, authentik Admins, role:admin scopes: '[groups]' server: ingress: enabled: false redis-ha: enabled: false controller: replicas: 1 repoServer: replicas: 1 applicationSet: replicas: 1 destination: server: https://kubernetes.default.svc namespace: argocd syncPolicy: automated: prune: false selfHeal: true syncOptions: - CreateNamespace=false