argo-cd: global: domain: argocd.infra.dubyatp.xyz configs: cm: admin.enabled: false dex.config: | connectors: - config: issuer: https://auth.dubyatp.xyz/application/o/argocd/ clientID: ZZ4Rt3ZixVu9ote8yzryHFrEhlbY85C24Hh9Uo98 clientSecret: $weyma-argocd-secrets:dex.authentik.clientSecret insecureEnableGroups: true scopes: - openid - profile - email name: authentik type: oidc id: authentik resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: | jsonPointers: - /webhooks/0/clientConfig/caBundle resource.customizations.ignoreDifferences.admissionregistration.k8s.io_ValidatingWebhookConfiguration: | jsonPointers: - /webhooks/0/clientConfig/caBundle resource.customizations.ignoreDifferences.Secret: | jsonPointers: - /data params: server.insecure: true rbac: policy.csv: | g, ArgoCD Admins, role:admin server: ingress: enabled: true extraObjects: - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: weyma-argocd-secrets labels: app.kubernetes.io/part-of: argocd spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: weyma-argocd-secrets creationPolicy: Owner data: - secretKey: webhook.gitea.secret remoteRef: key: argo-cd property: webhook.gitea.secret - secretKey: admin.password remoteRef: key: argo-cd property: admin.password - secretKey: admin.passwordMtime remoteRef: key: argo-cd property: admin.passwordMtime - secretKey: dex.authentik.clientSecret remoteRef: key: argo-cd property: dex.authentik.clientSecret - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-core-apps labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-core-apps creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey - secretKey: type remoteRef: key: argo-cd-git property: type - secretKey: url remoteRef: key: argo-cd-git property: url.core-apps - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-weyma-talos labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-weyma-talos creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey - secretKey: type remoteRef: key: argo-cd-git property: type - secretKey: url remoteRef: key: argo-cd-git property: url.weyma-talos - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-williamp-sites labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-williamp-sites creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey - secretKey: type remoteRef: key: argo-cd-git property: type - secretKey: url remoteRef: key: argo-cd-git property: url.williamp-sites - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-db-operators labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-db-operators creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey - secretKey: type remoteRef: key: argo-cd-git property: type - secretKey: url remoteRef: key: argo-cd-git property: url.db-operators