WIP: IPCEICIS-2435_oidc_in_argocd #15
4 changed files with 51 additions and 13 deletions
29
template/stacks/core/argocd-sso.yaml
Normal file
29
template/stacks/core/argocd-sso.yaml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
apiVersion: argoproj.io/v1alpha1
|
||||||
|
kind: Application
|
||||||
|
metadata:
|
||||||
|
name: argocd-sso
|
||||||
|
namespace: argocd
|
||||||
|
labels:
|
||||||
|
env: dev
|
||||||
|
finalizers:
|
||||||
|
- resources-finalizer.argocd.argoproj.io
|
||||||
|
spec:
|
||||||
|
project: default
|
||||||
|
source:
|
||||||
|
repoURL: https://{{{ .Env.DOMAIN_GITEA }}}/giteaAdmin/edfbuilder
|
||||||
|
targetRevision: HEAD
|
||||||
|
path: "stacks/core/argocd-sso"
|
||||||
|
destination:
|
||||||
|
server: "https://kubernetes.default.svc"
|
||||||
|
namespace: monitoring
|
||||||
|
syncPolicy:
|
||||||
|
syncOptions:
|
||||||
|
- CreateNamespace=true
|
||||||
|
automated:
|
||||||
|
selfHeal: true
|
||||||
|
retry:
|
||||||
|
limit: -1
|
||||||
|
backoff:
|
||||||
|
duration: 15s
|
||||||
|
factor: 1
|
||||||
|
maxDuration: 15s
|
21
template/stacks/core/argocd-sso/argocd-secret.yaml
Normal file
21
template/stacks/core/argocd-sso/argocd-secret.yaml
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
apiVersion: external-secrets.io/v1beta1
|
||||||
|
kind: ExternalSecret
|
||||||
|
metadata:
|
||||||
|
name: auth-generic-oauth-secret
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
secretStoreRef:
|
||||||
|
name: keycloak
|
||||||
|
kind: ClusterSecretStore
|
||||||
|
refreshInterval: "0"
|
||||||
|
target:
|
||||||
|
name: auth-generic-oauth-secret
|
||||||
|
template:
|
||||||
|
engineVersion: v2
|
||||||
|
data:
|
||||||
|
client_secret: "{{.ARGOCD_CLIENT_SECRET}}"
|
||||||
|
data:
|
||||||
|
- secretKey: ARGOCD_CLIENT_SECRET
|
||||||
|
remoteRef:
|
||||||
|
key: keycloak-clients
|
||||||
|
property: ARGOCD_CLIENT_SECRET
|
|
@ -1,11 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app.kubernetes.io/part-of: argocd
|
|
||||||
name: keycloak-oidc
|
|
||||||
namespace: argocd
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
clientSecret: RktYc3hFWXJabW5RbnlmdDdKbXpUUTF6OEZvalV1cnUK
|
|
||||||
immutable: false
|
|
|
@ -501,4 +501,3 @@ spec:
|
||||||
" > /tmp/secret.yaml
|
" > /tmp/secret.yaml
|
||||||
|
|
||||||
./kubectl apply -f /tmp/secret.yaml
|
./kubectl apply -f /tmp/secret.yaml
|
||||||
|
|
||||||
|
|
Reference in a new issue