diff --git a/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml b/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml index 262479f71..190763d68 100644 --- a/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml +++ b/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml @@ -1,70 +1,70 @@ -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: argocd-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: "{{ .Release.Name }}-server" - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: server - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/argocd - metadataPolicy: None - property: secret - - secretKey: client - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /authentik/oidc/argocd - metadataPolicy: None - property: client +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: argocd-oidc-secret +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: "{{ .Release.Name }}-server" +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: server +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# data: +# - secretKey: secret +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /authentik/oidc/argocd +# metadataPolicy: None +# property: secret +# - secretKey: client +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /authentik/oidc/argocd +# metadataPolicy: None +# property: client ---- -apiVersion: external-secrets.io/v1beta1 -kind: ExternalSecret -metadata: - name: argocd-gitea-repo-infrastructure-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: repo - app.kubernetes.io/part-of: {{ .Release.Name }} - argocd.argoproj.io/secret-type: repository -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: type - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/argocd/credentials/repo/infrastructure - metadataPolicy: None - property: type - - secretKey: url - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/argocd/credentials/repo/infrastructure - metadataPolicy: None - property: url - - secretKey: sshPrivateKey - remoteRef: - conversionStrategy: Default - decodingStrategy: None - key: /cl01tl/argocd/credentials/repo/infrastructure - metadataPolicy: None - property: sshPrivateKey +# --- +# apiVersion: external-secrets.io/v1beta1 +# kind: ExternalSecret +# metadata: +# name: argocd-gitea-repo-infrastructure-secret +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: repo +# app.kubernetes.io/part-of: {{ .Release.Name }} +# argocd.argoproj.io/secret-type: repository +# spec: +# secretStoreRef: +# kind: ClusterSecretStore +# name: vault +# data: +# - secretKey: type +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/argocd/credentials/repo/infrastructure +# metadataPolicy: None +# property: type +# - secretKey: url +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/argocd/credentials/repo/infrastructure +# metadataPolicy: None +# property: url +# - secretKey: sshPrivateKey +# remoteRef: +# conversionStrategy: Default +# decodingStrategy: None +# key: /cl01tl/argocd/credentials/repo/infrastructure +# metadataPolicy: None +# property: sshPrivateKey diff --git a/clusters/cl01tl/deployment/argocd/templates/ingress.yaml b/clusters/cl01tl/deployment/argocd/templates/ingress.yaml index 736d6b565..90f798609 100644 --- a/clusters/cl01tl/deployment/argocd/templates/ingress.yaml +++ b/clusters/cl01tl/deployment/argocd/templates/ingress.yaml @@ -1,27 +1,27 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: argocd-tailscale - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: argocd-tailscale - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - app.kubernetes.io/component: web - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - ingressClassName: tailscale - tls: - - hosts: - - argocd-cl01tl - rules: - - host: argocd-cl01tl - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: argocd-server - port: - number: 80 +# apiVersion: networking.k8s.io/v1 +# kind: Ingress +# metadata: +# name: argocd-tailscale +# namespace: {{ .Release.Namespace }} +# labels: +# app.kubernetes.io/name: argocd-tailscale +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/version: {{ .Chart.AppVersion }} +# app.kubernetes.io/component: web +# app.kubernetes.io/part-of: {{ .Release.Name }} +# spec: +# ingressClassName: tailscale +# tls: +# - hosts: +# - argocd-cl01tl +# rules: +# - host: argocd-cl01tl +# http: +# paths: +# - path: / +# pathType: Prefix +# backend: +# service: +# name: argocd-server +# port: +# number: 80 diff --git a/clusters/cl01tl/deployment/argocd/values.yaml b/clusters/cl01tl/deployment/argocd/values.yaml index 48da090e5..2f6822a60 100644 --- a/clusters/cl01tl/deployment/argocd/values.yaml +++ b/clusters/cl01tl/deployment/argocd/values.yaml @@ -15,23 +15,23 @@ argo-cd: - '.spec.template.spec.hostUsers' timeout.reconciliation: 100s timeout.reconciliation.jitter: 60s - url: https://argocd-cl01tl.boreal-beaufort.ts.net + # url: https://argocd-cl01tl.boreal-beaufort.ts.net statusbadge.enabled: true - dex.config: | - connectors: - - config: - issuer: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/argocd/ - clientID: $argocd-oidc-secret:client - clientSecret: $argocd-oidc-secret:secret - insecureEnableGroups: true - scopes: - - openid - - profile - - email - - groups - name: authentik - type: oidc - id: authentik + # dex.config: | + # connectors: + # - config: + # issuer: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/argocd/ + # clientID: $argocd-oidc-secret:client + # clientSecret: $argocd-oidc-secret:secret + # insecureEnableGroups: true + # scopes: + # - openid + # - profile + # - email + # - groups + # name: authentik + # type: oidc + # id: authentik rbac: policy.csv: | g, ArgoCD Admins, role:admin @@ -40,7 +40,7 @@ argo-cd: server: replicas: 2 ingress: - enabled: true + enabled: false controller: generic ingressClassName: traefik annotations: