forked from k-space/kube
Deprecate Authelia
This commit is contained in:
@@ -11,12 +11,13 @@ To deploy ArgoCD:
|
||||
helm repo add argo-cd https://argoproj.github.io/argo-helm
|
||||
kubectl create secret -n argocd generic argocd-secret # Initialize empty secret for sessions
|
||||
helm template -n argocd --release-name k6 argo-cd/argo-cd --include-crds -f values.yaml > argocd.yml
|
||||
kubectl apply -f argocd.yml -n argocd
|
||||
kubectl apply -f argocd.yml -f application-extras.yml -n argocd
|
||||
kubectl -n argocd rollout restart deployment/k6-argocd-redis
|
||||
kubectl -n argocd rollout restart deployment/k6-argocd-repo-server
|
||||
kubectl -n argocd rollout restart deployment/k6-argocd-server
|
||||
kubectl -n argocd rollout restart deployment/k6-argocd-notifications-controller
|
||||
kubectl -n argocd rollout restart statefulset/k6-argocd-application-controller
|
||||
kubectl label -n argocd secret oidc-client-argocd-owner-secrets app.kubernetes.io/part-of=argocd
|
||||
```
|
||||
|
||||
Note: Refer to Authelia README for OIDC secret setup
|
||||
|
||||
22
argocd/application-extras.yml
Normal file
22
argocd/application-extras.yml
Normal file
@@ -0,0 +1,22 @@
|
||||
---
|
||||
apiVersion: codemowers.io/v1alpha1
|
||||
kind: OIDCGWClient
|
||||
metadata:
|
||||
name: argocd
|
||||
spec:
|
||||
displayName: Argo CD
|
||||
uri: https://argocd.k-space.ee
|
||||
redirectUris:
|
||||
- https://argocd.k-space.ee/auth/callback
|
||||
allowedGroups:
|
||||
- github.com:codemowers:admins
|
||||
grantTypes:
|
||||
- authorization_code
|
||||
- refresh_token
|
||||
responseTypes:
|
||||
- code
|
||||
availableScopes:
|
||||
- openid
|
||||
- profile
|
||||
pkce: false
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
global:
|
||||
logLevel: warn
|
||||
|
||||
# We use Authelia OIDC instead of Dex
|
||||
dex:
|
||||
enabled: false
|
||||
|
||||
@@ -30,11 +29,11 @@ server:
|
||||
url: https://argocd.k-space.ee
|
||||
application.instanceLabelKey: argocd.argoproj.io/instance
|
||||
oidc.config: |
|
||||
name: Authelia
|
||||
issuer: https://auth.k-space.ee
|
||||
clientID: argocd
|
||||
cliClientID: argocd
|
||||
clientSecret: $oidc.config.clientSecret
|
||||
name: OpenID Connect
|
||||
issuer: https://auth2.k-space.ee/
|
||||
clientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID
|
||||
cliClientID: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_ID
|
||||
clientSecret: $oidc-client-argocd-owner-secrets:OIDC_CLIENT_SECRET
|
||||
requestedIDTokenClaims:
|
||||
groups:
|
||||
essential: true
|
||||
@@ -50,10 +49,14 @@ server:
|
||||
hs = {}
|
||||
hs.status = "Healthy"
|
||||
return hs
|
||||
apiextensions.k8s.io/CustomResourceDefinition:
|
||||
ignoreDifferences: |
|
||||
jsonPointers:
|
||||
- "x-kubernetes-validations"
|
||||
|
||||
# Members of ArgoCD Admins group in AD/Samba are allowed to administer Argo
|
||||
rbacConfig:
|
||||
policy.default: role:readonly
|
||||
policy.default: role:admin
|
||||
policy.csv: |
|
||||
# Map AD groups to ArgoCD roles
|
||||
g, Developers, role:developers
|
||||
|
||||
Reference in New Issue
Block a user