mirror of
https://github.com/zoriya/snow.git
synced 2025-12-06 07:16:19 +00:00
74 lines
2.0 KiB
YAML
74 lines
2.0 KiB
YAML
apiVersion: argoproj.io/v1alpha1
|
|
kind: Application
|
|
metadata:
|
|
name: argocd
|
|
namespace: argocd
|
|
spec:
|
|
project: default
|
|
destination:
|
|
server: https://kubernetes.default.svc
|
|
namespace: argocd
|
|
syncPolicy:
|
|
automated:
|
|
prune: true
|
|
selfHeal: true
|
|
source:
|
|
repoURL: https://github.com/argoproj/argo-helm
|
|
targetRevision: argo-cd-8.1.2
|
|
path: charts/argo-cd
|
|
helm:
|
|
valuesObject:
|
|
global:
|
|
domain: argocd.sdg.moe
|
|
certificate:
|
|
enabled: true
|
|
server:
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: cilium
|
|
annotations:
|
|
ingress.cilium.io/tls-passthrough: "true"
|
|
ingress.cilium.io/force-https: "true"
|
|
cert-manager.io/cluster-issuer: letsencrypt
|
|
hostname: argocd.sdg.moe
|
|
tls: true
|
|
configs:
|
|
cm:
|
|
kustomize.buildOptions: --enable-helm
|
|
dex.config: |
|
|
connectors:
|
|
- id: authentik
|
|
name: authentik
|
|
type: oidc
|
|
config:
|
|
issuer: https://authentik.sdg.moe/application/o/argocd/
|
|
clientID: $authentik:clientId
|
|
clientSecret: $authentik:clientSecret
|
|
insecureEnableGroups: true
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
rbac:
|
|
policy.csv: |
|
|
g, admins, role:admin
|
|
g, admins-ro, role:admins
|
|
extraObjects:
|
|
- apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: authentik
|
|
spec:
|
|
refreshInterval: 24h
|
|
secretStoreRef:
|
|
name: bitwarden
|
|
kind: ClusterSecretStore
|
|
target:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/part-of: argocd
|
|
dataFrom:
|
|
- extract:
|
|
key: argocd-sso
|