adds a kubernetes job that configures ArgoCD

2025-04-14 16:39:37 +02:00 · 2025-04-14 16:39:37 +02:00 · b533f7adf3
commit b533f7adf3
parent 620f7a3fd9
1 changed files with 68 additions and 0 deletions
--- a/template/stacks/core/argocd-sso/argocd-sso-config.yaml
+++ b/template/stacks/core/argocd-sso/argocd-sso-config.yaml
@ -0,0 +1,68 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: argocd-config
+  namespace: argocd
+#  annotations:
+#    argocd.argoproj.io/hook: PostSync
+spec:
+  template:
+    metadata:
+      generateName: argocd-config-
+    spec:
+      # serviceAccountName: argocd-config
+      restartPolicy: OnFailure
+      containers:
+        - name: push
+          image: docker.io/library/ubuntu:22.04
+          envFrom:
+            - secretRef: 
+                name: auth-generic-oauth-secret # thats the external secret the job should wait for
+            - secretRef:
+                name: k8s-job-token # edpbuilder should create this automatically and feed it to this job
+          command: ["/bin/bash", "-c"]
+          args:
+            - |
+              #! /bin/bash
+
+              if [[ "$client_secret" == "" ]];
+              then
+                exit 1
+              fi
+
+              apt -qq update
+              apt -qq install git wget -y
+              if [[ "$(uname -m)" == "x86_64" ]]; then
+                wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64
+                install yq_linux_amd64 /usr/local/bin/yq
+                rm yq_linux_amd64
+              else
+                wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_arm64
+                install yq_linux_arm64 /usr/local/bin/yq
+                rm yq_linux_arm64
+              fi
+
+              DOMAIN=192-168-197-2.c-one-infra.de
+              GIT_USERNAME=giteaAdmin
+              GIT_PASSWORD=2e53bfe27b64a5aa4e8bc591e15b33cc92ff95fa
+
+              git config --global user.email "bot@bots.de"
+              git config --global user.name "bot"
+              
+              git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git
+              cd edfbuilder
+              yq eval '.configs.cm.oidc.config =
+                {
+                  "name": "Keycloak",
+                  "issuer": "https://${DOMAIN}/keycloak/realms/cnoe/.well-known/openid-configuration",
+                  "clientID": "argocd",
+                  "clientSecret": "$auth-generic-oauth-secret:client_secret",
+                  "requestedScopes": ["openid", "profile", "email", "groups"]
+                }
+              ' -i stacks/core/argocd/values.yaml
+              
+              git add stacks/core/argocd/values.yaml
+              git commit -m "adds Forgejo SSO config"
+              git push
+  backoffLimit: 99