argo-cd: global: domain: argocd.infra.dubyatp.xyz configs: cm: admin.enabled: false dex.config: | connectors: - config: issuer: https://auth.dubyatp.xyz/application/o/argocd/ clientID: ZZ4Rt3ZixVu9ote8yzryHFrEhlbY85C24Hh9Uo98 clientSecret: $weyma-argocd-secrets:dex.authentik.clientSecret insecureEnableGroups: true scopes: - openid - profile - email name: authentik type: oidc id: authentik resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: | jsonPointers: - /webhooks/0/clientConfig/caBundle resource.customizations.ignoreDifferences.admissionregistration.k8s.io_ValidatingWebhookConfiguration: | jsonPointers: - /webhooks/0/clientConfig/caBundle resource.customizations.ignoreDifferences.Secret: | jsonPointers: - /data params: server.insecure: true ssh: extraHosts: | git.dubyatp.xyz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/9ygk32Ibk6/ZqIhwh0ZyTTDpdXxP/BUgtJI4FVLKVWIEFnB+fOCTsSXM/mt8R0Xld/AJ+muywNhZc60nEAg+Pj4yxc0u75t1Ea+C8JjEh2xW7rH+oZLv+JabcLk5Ze7rpaETkq2ILxNmBKemgDut8mXt9BYBo5mk72ClWBsijFWw8Vj8LnWfzw/VsFFlQ4CJvnLuTqw+bgI5VlodwR20wcEHuSuUKY9IA2hyDZLWJ2vZzIlI8TuY21Qc8vFmEVB7M1mgqLJKksdi/ZLHk5UN9HTRz0Q6SaNyvPfjWCeHX8Tb3WnsAnHvnXc0C3A2EWVFqHIpJwVRTC2ef6LCUmZmPv1NqnFWftv192n+oOJqT+537fNesK7tQJfX4Osi5RDCL788GjJHLOarzEIKegpunCjq/9yp/Oi6M/v+/eN7rdd/UY80mcmoOC1HOVPfjxmCfcFFpqKX3NYlx/czF+gpf0mRBaHEpkGk3oPrqGiZbSAShsLDvptZANmBoBSDFwFwJpHxdMzMOLM8NyQNewKs1pYbjklbuC5W33qjgHdVk56jnGVPwCVak/TQgoOI9NtxnfvfV6sB5mQWEkiNsUzEVK3hgu5Wa93vN/DZ75KoS95Ldj4pCfJV92eeeYWvrRPAIdnzxjH2rdfhysHW2NYFdl7PlAqcca+CaO4WOHOMJw== git-ssh.dubyatp.xyz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/9ygk32Ibk6/ZqIhwh0ZyTTDpdXxP/BUgtJI4FVLKVWIEFnB+fOCTsSXM/mt8R0Xld/AJ+muywNhZc60nEAg+Pj4yxc0u75t1Ea+C8JjEh2xW7rH+oZLv+JabcLk5Ze7rpaETkq2ILxNmBKemgDut8mXt9BYBo5mk72ClWBsijFWw8Vj8LnWfzw/VsFFlQ4CJvnLuTqw+bgI5VlodwR20wcEHuSuUKY9IA2hyDZLWJ2vZzIlI8TuY21Qc8vFmEVB7M1mgqLJKksdi/ZLHk5UN9HTRz0Q6SaNyvPfjWCeHX8Tb3WnsAnHvnXc0C3A2EWVFqHIpJwVRTC2ef6LCUmZmPv1NqnFWftv192n+oOJqT+537fNesK7tQJfX4Osi5RDCL788GjJHLOarzEIKegpunCjq/9yp/Oi6M/v+/eN7rdd/UY80mcmoOC1HOVPfjxmCfcFFpqKX3NYlx/czF+gpf0mRBaHEpkGk3oPrqGiZbSAShsLDvptZANmBoBSDFwFwJpHxdMzMOLM8NyQNewKs1pYbjklbuC5W33qjgHdVk56jnGVPwCVak/TQgoOI9NtxnfvfV6sB5mQWEkiNsUzEVK3hgu5Wa93vN/DZ75KoS95Ldj4pCfJV92eeeYWvrRPAIdnzxjH2rdfhysHW2NYFdl7PlAqcca+CaO4WOHOMJw== rbac: policy.csv: | g, ArgoCD Admins, role:admin controller: metrics: enabled: true serviceMonitor: enabled: true rules: enabled: true spec: - alert: ArgoAppMissing expr: | absent(argocd_app_info) == 1 for: 15m labels: severity: critical annotations: summary: "[Argo CD] No reported applications" description: > Argo CD has not reported any applications data for the past 15 minutes which means that it must be down or not functioning properly. This needs to be resolved for this cloud to continue to maintain state. server: ingress: enabled: true livenessProbe: enabled: true readinessProbe: enabled: true metrics: enabled: true serviceMonitor: enabled: true repoServer: livenessProbe: enabled: true readinessProbe: enabled: true metrics: enabled: true serviceMonitor: enabled: true applicationSet: livenessProbe: enabled: true readinessProbe: enabled: true metrics: enabled: true serviceMonitor: enabled: true redis: livenessProbe: enabled: true readinessProbe: enabled: true metrics: enabled: true serviceMonitor: enabled: true dex: livenessProbe: enabled: true readinessProbe: enabled: true metrics: enabled: true serviceMonitor: enabled: true notifications: metrics: enabled: true serviceMonitor: enabled: true extraObjects: - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: weyma-argocd-secrets labels: app.kubernetes.io/part-of: argocd spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: weyma-argocd-secrets creationPolicy: Owner data: - secretKey: webhook.gitea.secret remoteRef: key: argo-cd property: webhook.gitea.secret conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: admin.password remoteRef: key: argo-cd property: admin.password conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: admin.passwordMtime remoteRef: key: argo-cd property: admin.passwordMtime conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: dex.authentik.clientSecret remoteRef: key: argo-cd property: dex.authentik.clientSecret conversionStrategy: Default decodingStrategy: None metadataPolicy: None - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-core-apps labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-core-apps creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: type remoteRef: key: argo-cd-git property: type conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: url remoteRef: key: argo-cd-git property: url.core-apps conversionStrategy: Default decodingStrategy: None metadataPolicy: None - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-weyma-talos labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-weyma-talos creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: type remoteRef: key: argo-cd-git property: type conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: url remoteRef: key: argo-cd-git property: url.weyma-talos conversionStrategy: Default decodingStrategy: None metadataPolicy: None - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-williamp-sites labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-williamp-sites creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: type remoteRef: key: argo-cd-git property: type conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: url remoteRef: key: argo-cd-git property: url.williamp-sites conversionStrategy: Default decodingStrategy: None metadataPolicy: None - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-db-operators labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-db-operators creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: type remoteRef: key: argo-cd-git property: type conversionStrategy: Default decodingStrategy: None metadataPolicy: None - secretKey: url remoteRef: key: argo-cd-git property: url.db-operators conversionStrategy: Default decodingStrategy: None metadataPolicy: None