From 33def8aba5c018c8c4f1846cdfc6aad790bf48bf Mon Sep 17 00:00:00 2001 From: Richard Robert Reitz Date: Sat, 12 Apr 2025 21:31:05 +0200 Subject: [PATCH] Added keycloak client externalsecret for Forgejo and ArgoCD --- template/stacks/core/argocd-sso.yaml | 29 +++++++++++++++++++ .../stacks/core/argocd-sso/argocd-secret.yaml | 21 ++++++++++++++ template/stacks/core/forgejo-sso.yaml | 29 +++++++++++++++++++ .../core/forgejo-sso/secret-forgejo.yaml | 21 ++++++++++++++ 4 files changed, 100 insertions(+) create mode 100644 template/stacks/core/argocd-sso.yaml create mode 100644 template/stacks/core/argocd-sso/argocd-secret.yaml create mode 100644 template/stacks/core/forgejo-sso.yaml create mode 100644 template/stacks/core/forgejo-sso/secret-forgejo.yaml diff --git a/template/stacks/core/argocd-sso.yaml b/template/stacks/core/argocd-sso.yaml new file mode 100644 index 0000000..7ae15bc --- /dev/null +++ b/template/stacks/core/argocd-sso.yaml @@ -0,0 +1,29 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: argocd-sso + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder + targetRevision: HEAD + path: "stacks/core/argocd-sso" + destination: + server: "https://kubernetes.default.svc" + namespace: argocd + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + selfHeal: true + retry: + limit: -1 + backoff: + duration: 15s + factor: 1 + maxDuration: 15s \ No newline at end of file diff --git a/template/stacks/core/argocd-sso/argocd-secret.yaml b/template/stacks/core/argocd-sso/argocd-secret.yaml new file mode 100644 index 0000000..0ca7b1c --- /dev/null +++ b/template/stacks/core/argocd-sso/argocd-secret.yaml @@ -0,0 +1,21 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: auth-generic-oauth-secret + namespace: argocd +spec: + secretStoreRef: + name: keycloak + kind: ClusterSecretStore + refreshInterval: "0" + target: + name: auth-generic-oauth-secret + template: + engineVersion: v2 + data: + client_secret: "{{.ARGOCD_CLIENT_SECRET}}" + data: + - secretKey: ARGOCD_CLIENT_SECRET + remoteRef: + key: keycloak-clients + property: ARGOCD_CLIENT_SECRET \ No newline at end of file diff --git a/template/stacks/core/forgejo-sso.yaml b/template/stacks/core/forgejo-sso.yaml new file mode 100644 index 0000000..6402b41 --- /dev/null +++ b/template/stacks/core/forgejo-sso.yaml @@ -0,0 +1,29 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: forgejo-sso + namespace: argocd + labels: + env: dev + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder + targetRevision: HEAD + path: "stacks/core/forgejo-sso" + destination: + server: "https://kubernetes.default.svc" + namespace: gitea + syncPolicy: + syncOptions: + - CreateNamespace=true + automated: + selfHeal: true + retry: + limit: -1 + backoff: + duration: 15s + factor: 1 + maxDuration: 15s \ No newline at end of file diff --git a/template/stacks/core/forgejo-sso/secret-forgejo.yaml b/template/stacks/core/forgejo-sso/secret-forgejo.yaml new file mode 100644 index 0000000..09318c3 --- /dev/null +++ b/template/stacks/core/forgejo-sso/secret-forgejo.yaml @@ -0,0 +1,21 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: auth-generic-oauth-secret + namespace: gitea +spec: + secretStoreRef: + name: keycloak + kind: ClusterSecretStore + refreshInterval: "0" + target: + name: auth-generic-oauth-secret + template: + engineVersion: v2 + data: + client_secret: "{{.FORGEJO_CLIENT_SECRET}}" + data: + - secretKey: FORGEJO_CLIENT_SECRET + remoteRef: + key: keycloak-clients + property: FORGEJO_CLIENT_SECRET \ No newline at end of file