forked from k-space/kube
argocd: Update Helm values for new Helm chart
This commit is contained in:
parent
51808b3c6b
commit
73faa9f89c
@ -1,5 +1,6 @@
|
|||||||
global:
|
global:
|
||||||
logLevel: warn
|
logLevel: warn
|
||||||
|
domain: argocd.k-space.ee
|
||||||
|
|
||||||
dex:
|
dex:
|
||||||
enabled: false
|
enabled: false
|
||||||
@ -10,8 +11,6 @@ redis-ha:
|
|||||||
|
|
||||||
server:
|
server:
|
||||||
# HTTPS is implemented by Traefik
|
# HTTPS is implemented by Traefik
|
||||||
extraArgs:
|
|
||||||
- --insecure
|
|
||||||
ingress:
|
ingress:
|
||||||
enabled: true
|
enabled: true
|
||||||
annotations:
|
annotations:
|
||||||
@ -23,25 +22,8 @@ server:
|
|||||||
tls:
|
tls:
|
||||||
- hosts:
|
- hosts:
|
||||||
- "*.k-space.ee"
|
- "*.k-space.ee"
|
||||||
configEnabled: true
|
|
||||||
config:
|
configfucked:
|
||||||
admin.enabled: "false"
|
|
||||||
url: https://argocd.k-space.ee
|
|
||||||
application.instanceLabelKey: argocd.argoproj.io/instance
|
|
||||||
oidc.config: |
|
|
||||||
name: OpenID Connect
|
|
||||||
issuer: https://auth2.k-space.ee/
|
|
||||||
clientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID
|
|
||||||
cliClientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID
|
|
||||||
clientSecret: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_SECRET
|
|
||||||
requestedIDTokenClaims:
|
|
||||||
groups:
|
|
||||||
essential: true
|
|
||||||
requestedScopes:
|
|
||||||
- openid
|
|
||||||
- profile
|
|
||||||
- email
|
|
||||||
- groups
|
|
||||||
resource.customizations: |
|
resource.customizations: |
|
||||||
# https://github.com/argoproj/argo-cd/issues/1704
|
# https://github.com/argoproj/argo-cd/issues/1704
|
||||||
networking.k8s.io/Ingress:
|
networking.k8s.io/Ingress:
|
||||||
@ -54,27 +36,6 @@ server:
|
|||||||
jsonPointers:
|
jsonPointers:
|
||||||
- "x-kubernetes-validations"
|
- "x-kubernetes-validations"
|
||||||
|
|
||||||
# Members of ArgoCD Admins group in AD/Samba are allowed to administer Argo
|
|
||||||
rbacConfig:
|
|
||||||
policy.default: role:admin
|
|
||||||
policy.csv: |
|
|
||||||
# Map AD groups to ArgoCD roles
|
|
||||||
g, Developers, role:developers
|
|
||||||
g, ArgoCD Admins, role:admin
|
|
||||||
# Allow developers to read objects
|
|
||||||
p, role:developers, applications, get, */*, allow
|
|
||||||
p, role:developers, certificates, get, *, allow
|
|
||||||
p, role:developers, clusters, get, *, allow
|
|
||||||
p, role:developers, repositories, get, *, allow
|
|
||||||
p, role:developers, projects, get, *, allow
|
|
||||||
p, role:developers, accounts, get, *, allow
|
|
||||||
p, role:developers, gpgkeys, get, *, allow
|
|
||||||
p, role:developers, logs, get, */*, allow
|
|
||||||
p, role:developers, applications, restart, default/camtiler, allow
|
|
||||||
p, role:developers, applications, override, default/camtiler, allow
|
|
||||||
p, role:developers, applications, action/apps/Deployment/restart, default/camtiler, allow
|
|
||||||
p, role:developers, applications, sync, default/camtiler, allow
|
|
||||||
p, role:developers, applications, update, default/camtiler, allow
|
|
||||||
|
|
||||||
metrics:
|
metrics:
|
||||||
enabled: true
|
enabled: true
|
||||||
@ -96,11 +57,49 @@ controller:
|
|||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
configs:
|
configs:
|
||||||
|
params:
|
||||||
|
server.insecure: true
|
||||||
|
rbac:
|
||||||
|
policy.default: role:admin
|
||||||
|
policy.csv: |
|
||||||
|
# Map AD groups to ArgoCD roles
|
||||||
|
g, Developers, role:developers
|
||||||
|
g, ArgoCD Admins, role:admin
|
||||||
|
# Allow developers to read objects
|
||||||
|
p, role:developers, applications, get, */*, allow
|
||||||
|
p, role:developers, certificates, get, *, allow
|
||||||
|
p, role:developers, clusters, get, *, allow
|
||||||
|
p, role:developers, repositories, get, *, allow
|
||||||
|
p, role:developers, projects, get, *, allow
|
||||||
|
p, role:developers, accounts, get, *, allow
|
||||||
|
p, role:developers, gpgkeys, get, *, allow
|
||||||
|
p, role:developers, logs, get, */*, allow
|
||||||
|
p, role:developers, applications, restart, default/camtiler, allow
|
||||||
|
p, role:developers, applications, override, default/camtiler, allow
|
||||||
|
p, role:developers, applications, action/apps/Deployment/restart, default/camtiler, allow
|
||||||
|
p, role:developers, applications, sync, default/camtiler, allow
|
||||||
|
p, role:developers, applications, update, default/camtiler, allow
|
||||||
|
cm:
|
||||||
|
admin.enabled: "false"
|
||||||
|
|
||||||
|
oidc.config: |
|
||||||
|
name: OpenID Connect
|
||||||
|
issuer: https://auth2.k-space.ee/
|
||||||
|
clientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID
|
||||||
|
cliClientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID
|
||||||
|
clientSecret: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_SECRET
|
||||||
|
requestedIDTokenClaims:
|
||||||
|
groups:
|
||||||
|
essential: true
|
||||||
|
requestedScopes:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- email
|
||||||
|
- groups
|
||||||
secret:
|
secret:
|
||||||
createSecret: false
|
createSecret: false
|
||||||
knownHosts:
|
ssh:
|
||||||
data:
|
knownHosts: |
|
||||||
ssh_known_hosts: |
|
|
||||||
# Copy-pasted from `ssh-keyscan git.k-space.ee`
|
# Copy-pasted from `ssh-keyscan git.k-space.ee`
|
||||||
git.k-space.ee ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCF1+/TDRXuGwsu4SZQQwQuJusb7W1OciGAQp/ZbTTvKD+0p7fV6dXyUlWjdFmITrFNYDreDnMiOS+FvE62d2Z0=
|
git.k-space.ee ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCF1+/TDRXuGwsu4SZQQwQuJusb7W1OciGAQp/ZbTTvKD+0p7fV6dXyUlWjdFmITrFNYDreDnMiOS+FvE62d2Z0=
|
||||||
git.k-space.ee ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsLyRuubdIUnTKEqOipu+9x+FforrC8+oxulVrl0ECgdIRBQnLQXIspTNwuC3MKJ4z+DPbndSt8zdN33xWys8UNEs3V5/W6zsaW20tKiaX75WK5eOL4lIDJi/+E97+c0aZBXamhxTrgkRVJ5fcAkY6C5cKEmVM5tlke3v3ihLq78/LpJYv+P947NdnthYE2oc+XGp/elZ0LNfWRPnd///+ykbwWirvQm+iiDz7PMVKkb+Q7l3vw4+zneKJWAyFNrm+aewyJV9lFZZJuHliwlHGTriSf6zhMAWyJzvYqDAN6iT5yi9KGKw60J6vj2GLuK4ULVblTyP9k9+3iELKSWW5
|
git.k-space.ee ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsLyRuubdIUnTKEqOipu+9x+FforrC8+oxulVrl0ECgdIRBQnLQXIspTNwuC3MKJ4z+DPbndSt8zdN33xWys8UNEs3V5/W6zsaW20tKiaX75WK5eOL4lIDJi/+E97+c0aZBXamhxTrgkRVJ5fcAkY6C5cKEmVM5tlke3v3ihLq78/LpJYv+P947NdnthYE2oc+XGp/elZ0LNfWRPnd///+ykbwWirvQm+iiDz7PMVKkb+Q7l3vw4+zneKJWAyFNrm+aewyJV9lFZZJuHliwlHGTriSf6zhMAWyJzvYqDAN6iT5yi9KGKw60J6vj2GLuK4ULVblTyP9k9+3iELKSWW5
|
||||||
|
Loading…
Reference in New Issue
Block a user