enable oidc

2025-02-17 22:15:14 -06:00
parent b0a2c644b3
commit 8a7917325c
2 changed files with 84 additions and 84 deletions
--- a/clusters/cl01tl/deployment/argo-cd/templates/external-secret.yaml
+++ b/clusters/cl01tl/deployment/argo-cd/templates/external-secret.yaml
@@ -1,70 +1,70 @@
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: argocd-oidc-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: "{{ .Release.Name }}-server"
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: server
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   data:
-#     - secretKey: secret
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /authentik/oidc/argocd
-#         metadataPolicy: None
-#         property: secret
-#     - secretKey: client
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /authentik/oidc/argocd
-#         metadataPolicy: None
-#         property: client
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: argocd-oidc-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: "{{ .Release.Name }}-server"
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: server
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: secret
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/argocd
+        metadataPolicy: None
+        property: secret
+    - secretKey: client
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /authentik/oidc/argocd
+        metadataPolicy: None
+        property: client

-# ---
-# apiVersion: external-secrets.io/v1beta1
-# kind: ExternalSecret
-# metadata:
-#   name: argocd-gitea-repo-infrastructure-secret
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/version: {{ .Chart.AppVersion }}
-#     app.kubernetes.io/component: repo
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-#     argocd.argoproj.io/secret-type: repository
-# spec:
-#   secretStoreRef:
-#     kind: ClusterSecretStore
-#     name: vault
-#   data:
-#     - secretKey: type
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/argocd/credentials/repo/infrastructure
-#         metadataPolicy: None
-#         property: type
-#     - secretKey: url
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/argocd/credentials/repo/infrastructure
-#         metadataPolicy: None
-#         property: url
-#     - secretKey: sshPrivateKey
-#       remoteRef:
-#         conversionStrategy: Default
-#         decodingStrategy: None
-#         key: /cl01tl/argocd/credentials/repo/infrastructure
-#         metadataPolicy: None
-#         property: sshPrivateKey
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: argocd-gitea-repo-infrastructure-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: repo
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+    argocd.argoproj.io/secret-type: repository
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: type
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/argocd/credentials/repo/infrastructure
+        metadataPolicy: None
+        property: type
+    - secretKey: url
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/argocd/credentials/repo/infrastructure
+        metadataPolicy: None
+        property: url
+    - secretKey: sshPrivateKey
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/argocd/credentials/repo/infrastructure
+        metadataPolicy: None
+        property: sshPrivateKey
--- a/clusters/cl01tl/deployment/argo-cd/values.yaml
+++ b/clusters/cl01tl/deployment/argo-cd/values.yaml
@@ -17,21 +17,21 @@ argo-cd:
      timeout.reconciliation.jitter: 60s
      url: https://argocd-cl01tl.boreal-beaufort.ts.net
      statusbadge.enabled: true
-      # dex.config: |
-      #   connectors:
-      #   - config:
-      #       issuer: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/argocd/
-      #       clientID: $argocd-oidc-secret:client
-      #       clientSecret: $argocd-oidc-secret:secret
-      #       insecureEnableGroups: true
-      #       scopes:
-      #         - openid
-      #         - profile
-      #         - email
-      #         - groups
-      #     name: authentik
-      #     type: oidc
-      #     id: authentik
+      dex.config: |
+        connectors:
+        - config:
+            issuer: https://auth-cl01tl.boreal-beaufort.ts.net/application/o/argocd/
+            clientID: $argocd-oidc-secret:client
+            clientSecret: $argocd-oidc-secret:secret
+            insecureEnableGroups: true
+            scopes:
+              - openid
+              - profile
+              - email
+              - groups
+          name: authentik
+          type: oidc
+          id: authentik
    rbac:
      policy.csv: |
        g, ArgoCD Admins, role:admin