infrastructure/weyma-talos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add argocd to system-apps

Browse Source
This commit is contained in:
William P
2025-10-06 10:47:28 -04:00
parent 9ba11b4be9
commit 4cee8124e1
2 changed files with 209 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
system-apps/argocd/Chart.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: v2
name: argocd
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
appVersion: "1.0"
dependencies:
- name: argo-cd
version: 8.5.8
repository: https://argoproj.github.io/argo-helm

181
system-apps/argocd/values.yaml Normal file
View File

@@ -0,0 +1,181 @@
argo-cd:
global:
domain: argocd.infra.dubyatp.xyz
configs:
cm:
admin.enabled: false
dex.config: |
connectors:
- config:
issuer: https://auth.dubyatp.xyz/application/o/argocd/
clientID: ZZ4Rt3ZixVu9ote8yzryHFrEhlbY85C24Hh9Uo98
clientSecret: $weyma-argocd-secrets:dex.authentik.clientSecret
insecureEnableGroups: true
scopes:
- openid
- profile
- email
name: authentik
type: oidc
id: authentik
resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: |
jsonPointers:
- /webhooks/0/clientConfig/caBundle
resource.customizations.ignoreDifferences.admissionregistration.k8s.io_ValidatingWebhookConfiguration: |
jsonPointers:
- /webhooks/0/clientConfig/caBundle
resource.customizations.ignoreDifferences.Secret: |
jsonPointers:
- /data
params:
server.insecure: true
rbac:
policy.csv: |
g, ArgoCD Admins, role:admin
server:
ingress:
enabled: true
extraObjects:
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: weyma-argocd-secrets
labels:
app.kubernetes.io/part-of: argocd
spec:
refreshInterval: 1h
secretStoreRef:
name: weyma-vault
kind: ClusterSecretStore
target:
name: weyma-argocd-secrets
creationPolicy: Owner
data:
- secretKey: webhook.gitea.secret
remoteRef:
key: argo-cd
property: webhook.gitea.secret
- secretKey: admin.password
remoteRef:
key: argo-cd
property: admin.password
- secretKey: admin.passwordMtime
remoteRef:
key: argo-cd
property: admin.passwordMtime
- secretKey: dex.authentik.clientSecret
remoteRef:
key: argo-cd
property: dex.authentik.clientSecret
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: git-core-apps
labels:
app.kubernetes.io/part-of: argocd
argocd.argoproj.io/secret-type: repository
spec:
refreshInterval: 1h
secretStoreRef:
name: weyma-vault
kind: ClusterSecretStore
target:
name: git-core-apps
creationPolicy: Owner
data:
- secretKey: sshPrivateKey
remoteRef:
key: argo-cd-git
property: sshPrivateKey
- secretKey: type
remoteRef:
key: argo-cd-git
property: type
- secretKey: url
remoteRef:
key: argo-cd-git
property: url.core-apps
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: git-weyma-talos
labels:
app.kubernetes.io/part-of: argocd
argocd.argoproj.io/secret-type: repository
spec:
refreshInterval: 1h
secretStoreRef:
name: weyma-vault
kind: ClusterSecretStore
target:
name: git-weyma-talos
creationPolicy: Owner
data:
- secretKey: sshPrivateKey
remoteRef:
key: argo-cd-git
property: sshPrivateKey
- secretKey: type
remoteRef:
key: argo-cd-git
property: type
- secretKey: url
remoteRef:
key: argo-cd-git
property: url.weyma-talos
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: git-williamp-sites
labels:
app.kubernetes.io/part-of: argocd
argocd.argoproj.io/secret-type: repository
spec:
refreshInterval: 1h
secretStoreRef:
name: weyma-vault
kind: ClusterSecretStore
target:
name: git-williamp-sites
creationPolicy: Owner
data:
- secretKey: sshPrivateKey
remoteRef:
key: argo-cd-git
property: sshPrivateKey
- secretKey: type
remoteRef:
key: argo-cd-git
property: type
- secretKey: url
remoteRef:
key: argo-cd-git
property: url.williamp-sites
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: git-db-operators
labels:
app.kubernetes.io/part-of: argocd
argocd.argoproj.io/secret-type: repository
spec:
refreshInterval: 1h
secretStoreRef:
name: weyma-vault
kind: ClusterSecretStore
target:
name: git-db-operators
creationPolicy: Owner
data:
- secretKey: sshPrivateKey
remoteRef:
key: argo-cd-git
property: sshPrivateKey
- secretKey: type
remoteRef:
key: argo-cd-git
property: type
- secretKey: url
remoteRef:
key: argo-cd-git
property: url.db-operators