homelab/argocd/apps/argocd-self.yaml

57 lines
1.5 KiB
YAML

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: argocd
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://argoproj.github.io/argo-helm
chart: argo-cd
targetRevision: 9.4.15
helm:
values: |
global:
domain: argocd.home.arpa
configs:
params:
server.insecure: "true"
cm:
oidc.config: |
name: Authentik
issuer: https://auth.nik4nao.com/application/o/argocd/
clientID: xg3XsKFdFhAt8103X9KUoH72MiPEyLDlpTDcx5hT
clientSecret: $argocd-oidc-secret:oidc.authentik.clientSecret
clientAuthMethod: client_secret_post
requestedScopes:
- openid
- profile
- email
- groups
rbac:
policy.default: role:readonly
policy.csv: |
g, authentik Admins, role:admin
scopes: '[groups]'
server:
ingress:
enabled: false
redis-ha:
enabled: false
controller:
replicas: 1
repoServer:
replicas: 1
applicationSet:
replicas: 1
destination:
server: https://kubernetes.default.svc
namespace: argocd
syncPolicy:
automated:
prune: false
selfHeal: true
syncOptions:
- CreateNamespace=false