diff --git a/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml b/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml index 0862972b9..9c74eef95 100644 --- a/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml +++ b/clusters/cl01tl/deployment/argocd/templates/external-secret.yaml @@ -1,70 +1,70 @@ -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: argocd-oidc-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: argocd-oidc-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: server -# app.kubernetes.io/part-of: argocd -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# data: -# - secretKey: secret -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /authentik/oidc/argocd -# metadataPolicy: None -# property: secret -# - secretKey: client -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /authentik/oidc/argocd -# metadataPolicy: None -# property: client +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: argocd-oidc-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: argocd-oidc-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: server + app.kubernetes.io/part-of: argocd +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: secret + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /authentik/oidc/argocd + metadataPolicy: None + property: secret + - secretKey: client + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /authentik/oidc/argocd + metadataPolicy: None + property: client -# --- -# apiVersion: external-secrets.io/v1beta1 -# kind: ExternalSecret -# metadata: -# name: argocd-gitea-repo-infrastructure-secret -# namespace: {{ .Release.Namespace }} -# labels: -# app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret -# app.kubernetes.io/instance: {{ .Release.Name }} -# app.kubernetes.io/version: {{ .Chart.AppVersion }} -# app.kubernetes.io/component: repo -# app.kubernetes.io/part-of: argocd -# argocd.argoproj.io/secret-type: repository -# spec: -# secretStoreRef: -# kind: ClusterSecretStore -# name: vault -# data: -# - secretKey: type -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/argocd/credentials/repo/infrastructure -# metadataPolicy: None -# property: type -# - secretKey: url -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/argocd/credentials/repo/infrastructure -# metadataPolicy: None -# property: url -# - secretKey: sshPrivateKey -# remoteRef: -# conversionStrategy: Default -# decodingStrategy: None -# key: /cl01tl/argocd/credentials/repo/infrastructure -# metadataPolicy: None -# property: sshPrivateKey +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: argocd-gitea-repo-infrastructure-secret + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + app.kubernetes.io/component: repo + app.kubernetes.io/part-of: argocd + argocd.argoproj.io/secret-type: repository +spec: + secretStoreRef: + kind: ClusterSecretStore + name: vault + data: + - secretKey: type + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/argocd/credentials/repo/infrastructure + metadataPolicy: None + property: type + - secretKey: url + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/argocd/credentials/repo/infrastructure + metadataPolicy: None + property: url + - secretKey: sshPrivateKey + remoteRef: + conversionStrategy: Default + decodingStrategy: None + key: /cl01tl/argocd/credentials/repo/infrastructure + metadataPolicy: None + property: sshPrivateKey diff --git a/clusters/cl01tl/deployment/argocd/values.yaml b/clusters/cl01tl/deployment/argocd/values.yaml index c3a4747a8..e3742f799 100644 --- a/clusters/cl01tl/deployment/argocd/values.yaml +++ b/clusters/cl01tl/deployment/argocd/values.yaml @@ -17,20 +17,20 @@ argo-cd: timeout.reconciliation.jitter: 60s url: https://argocd.alexlebens.net statusbadge.enabled: true - # dex.config: | - # connectors: - # - config: - # issuer: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/argocd/ - # clientID: $argocd-oidc-secret:client - # clientSecret: $argocd-oidc-secret:secret - # insecureEnableGroups: true - # scopes: - # - openid - # - profile - # - email - # name: authentik - # type: oidc - # id: authentik + dex.config: | + connectors: + - config: + issuer: https://auth.alexlebens.dev/application/o/argocd/ + clientID: $argocd-oidc-secret:client + clientSecret: $argocd-oidc-secret:secret + insecureEnableGroups: true + scopes: + - openid + - profile + - email + name: authentik + type: oidc + id: authentik rbac: policy.csv: | g, ArgoCD Admins, role:admin