adds a kubernetes job that configures ArgoCD
This commit is contained in:
parent
620f7a3fd9
commit
b533f7adf3
1 changed files with 68 additions and 0 deletions
68
template/stacks/core/argocd-sso/argocd-sso-config.yaml
Normal file
68
template/stacks/core/argocd-sso/argocd-sso-config.yaml
Normal file
|
|
@ -0,0 +1,68 @@
|
||||||
|
---
|
||||||
|
apiVersion: batch/v1
|
||||||
|
kind: Job
|
||||||
|
metadata:
|
||||||
|
name: argocd-config
|
||||||
|
namespace: argocd
|
||||||
|
# annotations:
|
||||||
|
# argocd.argoproj.io/hook: PostSync
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
generateName: argocd-config-
|
||||||
|
spec:
|
||||||
|
# serviceAccountName: argocd-config
|
||||||
|
restartPolicy: OnFailure
|
||||||
|
containers:
|
||||||
|
- name: push
|
||||||
|
image: docker.io/library/ubuntu:22.04
|
||||||
|
envFrom:
|
||||||
|
- secretRef:
|
||||||
|
name: auth-generic-oauth-secret # thats the external secret the job should wait for
|
||||||
|
- secretRef:
|
||||||
|
name: k8s-job-token # edpbuilder should create this automatically and feed it to this job
|
||||||
|
command: ["/bin/bash", "-c"]
|
||||||
|
args:
|
||||||
|
- |
|
||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
if [[ "$client_secret" == "" ]];
|
||||||
|
then
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
apt -qq update
|
||||||
|
apt -qq install git wget -y
|
||||||
|
if [[ "$(uname -m)" == "x86_64" ]]; then
|
||||||
|
wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_amd64
|
||||||
|
install yq_linux_amd64 /usr/local/bin/yq
|
||||||
|
rm yq_linux_amd64
|
||||||
|
else
|
||||||
|
wget https://github.com/mikefarah/yq/releases/download/v4.44.3/yq_linux_arm64
|
||||||
|
install yq_linux_arm64 /usr/local/bin/yq
|
||||||
|
rm yq_linux_arm64
|
||||||
|
fi
|
||||||
|
|
||||||
|
DOMAIN=192-168-197-2.c-one-infra.de
|
||||||
|
GIT_USERNAME=giteaAdmin
|
||||||
|
GIT_PASSWORD=2e53bfe27b64a5aa4e8bc591e15b33cc92ff95fa
|
||||||
|
|
||||||
|
git config --global user.email "bot@bots.de"
|
||||||
|
git config --global user.name "bot"
|
||||||
|
|
||||||
|
git clone https://${GIT_USERNAME}:${GIT_PASSWORD}@gitea-${DOMAIN}/giteaAdmin/edfbuilder.git
|
||||||
|
cd edfbuilder
|
||||||
|
yq eval '.configs.cm.oidc.config =
|
||||||
|
{
|
||||||
|
"name": "Keycloak",
|
||||||
|
"issuer": "https://${DOMAIN}/keycloak/realms/cnoe/.well-known/openid-configuration",
|
||||||
|
"clientID": "argocd",
|
||||||
|
"clientSecret": "$auth-generic-oauth-secret:client_secret",
|
||||||
|
"requestedScopes": ["openid", "profile", "email", "groups"]
|
||||||
|
}
|
||||||
|
' -i stacks/core/argocd/values.yaml
|
||||||
|
|
||||||
|
git add stacks/core/argocd/values.yaml
|
||||||
|
git commit -m "adds Forgejo SSO config"
|
||||||
|
git push
|
||||||
|
backoffLimit: 99
|
||||||
Loading…
Reference in a new issue