Deprecate Authelia

argocd/values.yaml

@@ -1,7 +1,6 @@
 global:
   logLevel: warn
 
-# We use Authelia OIDC instead of Dex
 dex:
   enabled: false
 
@@ -30,11 +29,11 @@ server:
     url: https://argocd.k-space.ee
     application.instanceLabelKey: argocd.argoproj.io/instance
     oidc.config: |
-       name: Authelia
-       issuer: https://auth.k-space.ee
-       clientID: argocd
-       cliClientID: argocd
-       clientSecret: $oidc.config.clientSecret
+       name: OpenID Connect
+       issuer: https://auth2.k-space.ee/
+       clientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID
+       cliClientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID
+       clientSecret: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_SECRET
        requestedIDTokenClaims:
          groups:
            essential: true
@@ -50,10 +49,14 @@ server:
             hs = {}
             hs.status = "Healthy"
             return hs
+      apiextensions.k8s.io/CustomResourceDefinition:
+          ignoreDifferences: |
+            jsonPointers:
+              - "x-kubernetes-validations"
 
   # Members of ArgoCD Admins group in AD/Samba are allowed to administer Argo
   rbacConfig:
-    policy.default: role:readonly
+    policy.default: role:admin
     policy.csv: |
       # Map AD groups to ArgoCD roles
       g, Developers, role:developers