From 73faa9f89ccb7e428d3ddab7f89f2c81302db80c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Tue, 21 May 2024 12:59:23 +0300 Subject: [PATCH] argocd: Update Helm values for new Helm chart --- argocd/values.yaml | 89 +++++++++++++++++++++++----------------------- 1 file changed, 44 insertions(+), 45 deletions(-) diff --git a/argocd/values.yaml b/argocd/values.yaml index f0e70e1..c5a2ed3 100644 --- a/argocd/values.yaml +++ b/argocd/values.yaml @@ -1,5 +1,6 @@ global: logLevel: warn + domain: argocd.k-space.ee dex: enabled: false @@ -10,8 +11,6 @@ redis-ha: server: # HTTPS is implemented by Traefik - extraArgs: - - --insecure ingress: enabled: true annotations: @@ -23,25 +22,8 @@ server: tls: - hosts: - "*.k-space.ee" - configEnabled: true - config: - admin.enabled: "false" - url: https://argocd.k-space.ee - application.instanceLabelKey: argocd.argoproj.io/instance - oidc.config: | - name: OpenID Connect - issuer: https://auth2.k-space.ee/ - clientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID - cliClientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID - clientSecret: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_SECRET - requestedIDTokenClaims: - groups: - essential: true - requestedScopes: - - openid - - profile - - email - - groups + + configfucked: resource.customizations: | # https://github.com/argoproj/argo-cd/issues/1704 networking.k8s.io/Ingress: @@ -54,27 +36,6 @@ server: jsonPointers: - "x-kubernetes-validations" - # Members of ArgoCD Admins group in AD/Samba are allowed to administer Argo - rbacConfig: - policy.default: role:admin - policy.csv: | - # Map AD groups to ArgoCD roles - g, Developers, role:developers - g, ArgoCD Admins, role:admin - # Allow developers to read objects - p, role:developers, applications, get, */*, allow - p, role:developers, certificates, get, *, allow - p, role:developers, clusters, get, *, allow - p, role:developers, repositories, get, *, allow - p, role:developers, projects, get, *, allow - p, role:developers, accounts, get, *, allow - p, role:developers, gpgkeys, get, *, allow - p, role:developers, logs, get, */*, allow - p, role:developers, applications, restart, default/camtiler, allow - p, role:developers, applications, override, default/camtiler, allow - p, role:developers, applications, action/apps/Deployment/restart, default/camtiler, allow - p, role:developers, applications, sync, default/camtiler, allow - p, role:developers, applications, update, default/camtiler, allow metrics: enabled: true @@ -96,11 +57,49 @@ controller: enabled: true configs: + params: + server.insecure: true + rbac: + policy.default: role:admin + policy.csv: | + # Map AD groups to ArgoCD roles + g, Developers, role:developers + g, ArgoCD Admins, role:admin + # Allow developers to read objects + p, role:developers, applications, get, */*, allow + p, role:developers, certificates, get, *, allow + p, role:developers, clusters, get, *, allow + p, role:developers, repositories, get, *, allow + p, role:developers, projects, get, *, allow + p, role:developers, accounts, get, *, allow + p, role:developers, gpgkeys, get, *, allow + p, role:developers, logs, get, */*, allow + p, role:developers, applications, restart, default/camtiler, allow + p, role:developers, applications, override, default/camtiler, allow + p, role:developers, applications, action/apps/Deployment/restart, default/camtiler, allow + p, role:developers, applications, sync, default/camtiler, allow + p, role:developers, applications, update, default/camtiler, allow + cm: + admin.enabled: "false" + + oidc.config: | + name: OpenID Connect + issuer: https://auth2.k-space.ee/ + clientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID + cliClientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID + clientSecret: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_SECRET + requestedIDTokenClaims: + groups: + essential: true + requestedScopes: + - openid + - profile + - email + - groups secret: createSecret: false - knownHosts: - data: - ssh_known_hosts: | + ssh: + knownHosts: | # Copy-pasted from `ssh-keyscan git.k-space.ee` git.k-space.ee ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCF1+/TDRXuGwsu4SZQQwQuJusb7W1OciGAQp/ZbTTvKD+0p7fV6dXyUlWjdFmITrFNYDreDnMiOS+FvE62d2Z0= git.k-space.ee ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsLyRuubdIUnTKEqOipu+9x+FforrC8+oxulVrl0ECgdIRBQnLQXIspTNwuC3MKJ4z+DPbndSt8zdN33xWys8UNEs3V5/W6zsaW20tKiaX75WK5eOL4lIDJi/+E97+c0aZBXamhxTrgkRVJ5fcAkY6C5cKEmVM5tlke3v3ihLq78/LpJYv+P947NdnthYE2oc+XGp/elZ0LNfWRPnd///+ykbwWirvQm+iiDz7PMVKkb+Q7l3vw4+zneKJWAyFNrm+aewyJV9lFZZJuHliwlHGTriSf6zhMAWyJzvYqDAN6iT5yi9KGKw60J6vj2GLuK4ULVblTyP9k9+3iELKSWW5