rasmus
c51f7368e2
It was getting its own argocd.k-space.ee via CR. and probably it failed to update it since in reality ingress.tls.enable was false. Maybe also diff ArgoCD versions.
110 lines
3.6 KiB
YAML
110 lines
3.6 KiB
YAML
global:
|
|
logLevel: warn
|
|
domain: argocd.k-space.ee
|
|
|
|
dex:
|
|
enabled: false
|
|
|
|
redis:
|
|
enabled: false
|
|
redis-ha:
|
|
enabled: false
|
|
externalRedis:
|
|
host: argocd-redis
|
|
existingSecret: argocd-redis
|
|
|
|
server:
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
hosts:
|
|
- argocd.k-space.ee
|
|
extraTls:
|
|
- hosts:
|
|
- "*.k-space.ee"
|
|
|
|
metrics:
|
|
enabled: true
|
|
|
|
# We don't use ApplicationSet CRD-s (yet)
|
|
applicationSet:
|
|
enabled: false
|
|
|
|
repoServer:
|
|
metrics:
|
|
enabled: true
|
|
|
|
notifications:
|
|
metrics:
|
|
enabled: true
|
|
|
|
controller:
|
|
metrics:
|
|
enabled: true
|
|
|
|
configs:
|
|
params:
|
|
server.insecure: true
|
|
rbac:
|
|
policy.default: role:admin
|
|
policy.csv: |
|
|
# Map AD groups to ArgoCD roles
|
|
g, Developers, role:developers
|
|
g, ArgoCD Admins, role:admin
|
|
# Allow developers to read objects
|
|
p, role:developers, applications, get, */*, allow
|
|
p, role:developers, certificates, get, *, allow
|
|
p, role:developers, clusters, get, *, allow
|
|
p, role:developers, repositories, get, *, allow
|
|
p, role:developers, projects, get, *, allow
|
|
p, role:developers, accounts, get, *, allow
|
|
p, role:developers, gpgkeys, get, *, allow
|
|
p, role:developers, logs, get, */*, allow
|
|
p, role:developers, applications, restart, default/camtiler, allow
|
|
p, role:developers, applications, override, default/camtiler, allow
|
|
p, role:developers, applications, action/apps/Deployment/restart, default/camtiler, allow
|
|
p, role:developers, applications, sync, default/camtiler, allow
|
|
p, role:developers, applications, update, default/camtiler, allow
|
|
# argocd-image-updater
|
|
p, role:image-updater, applications, get, */*, allow
|
|
p, role:image-updater, applications, update, */*, allow
|
|
g, image-updater, role:image-updater
|
|
cm:
|
|
kustomize.buildOptions: --enable-helm
|
|
admin.enabled: "false"
|
|
resource.customizations: |
|
|
# https://github.com/argoproj/argo-cd/issues/1704
|
|
networking.k8s.io/Ingress:
|
|
health.lua: |
|
|
hs = {}
|
|
hs.status = "Healthy"
|
|
return hs
|
|
apiextensions.k8s.io/CustomResourceDefinition:
|
|
ignoreDifferences: |
|
|
jsonPointers:
|
|
- "x-kubernetes-validations"
|
|
oidc.config: |
|
|
name: OpenID Connect
|
|
issuer: https://auth.k-space.ee/
|
|
clientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID
|
|
cliClientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID
|
|
clientSecret: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_SECRET
|
|
requestedIDTokenClaims:
|
|
groups:
|
|
essential: true
|
|
requestedScopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
- groups
|
|
secret:
|
|
createSecret: false
|
|
ssh:
|
|
knownHosts: |
|
|
# Copy-pasted from `ssh-keyscan git.k-space.ee`
|
|
git.k-space.ee ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCF1+/TDRXuGwsu4SZQQwQuJusb7W1OciGAQp/ZbTTvKD+0p7fV6dXyUlWjdFmITrFNYDreDnMiOS+FvE62d2Z0=
|
|
git.k-space.ee ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDsLyRuubdIUnTKEqOipu+9x+FforrC8+oxulVrl0ECgdIRBQnLQXIspTNwuC3MKJ4z+DPbndSt8zdN33xWys8UNEs3V5/W6zsaW20tKiaX75WK5eOL4lIDJi/+E97+c0aZBXamhxTrgkRVJ5fcAkY6C5cKEmVM5tlke3v3ihLq78/LpJYv+P947NdnthYE2oc+XGp/elZ0LNfWRPnd///+ykbwWirvQm+iiDz7PMVKkb+Q7l3vw4+zneKJWAyFNrm+aewyJV9lFZZJuHliwlHGTriSf6zhMAWyJzvYqDAN6iT5yi9KGKw60J6vj2GLuK4ULVblTyP9k9+3iELKSWW5
|
|
git.k-space.ee ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL1jaIn/5dZcqN+cwcs/c2xMVJH/ReA84v8Mm73jqDAG
|