argo-cd: global: domain: argocd.infra.dubyatp.xyz configs: cm: admin.enabled: false dex.config: | connectors: - config: issuer: https://auth.dubyatp.xyz/application/o/argocd/ clientID: ZZ4Rt3ZixVu9ote8yzryHFrEhlbY85C24Hh9Uo98 clientSecret: $weyma-argocd-secrets:dex.authentik.clientSecret insecureEnableGroups: true scopes: - openid - profile - email name: authentik type: oidc id: authentik resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: | jsonPointers: - /webhooks/0/clientConfig/caBundle resource.customizations.ignoreDifferences.admissionregistration.k8s.io_ValidatingWebhookConfiguration: | jsonPointers: - /webhooks/0/clientConfig/caBundle resource.customizations.ignoreDifferences.Secret: | jsonPointers: - /data params: server.insecure: true ssh: extraHosts: | git.dubyatp.xyz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/9ygk32Ibk6/ZqIhwh0ZyTTDpdXxP/BUgtJI4FVLKVWIEFnB+fOCTsSXM/mt8R0Xld/AJ+muywNhZc60nEAg+Pj4yxc0u75t1Ea+C8JjEh2xW7rH+oZLv+JabcLk5Ze7rpaETkq2ILxNmBKemgDut8mXt9BYBo5mk72ClWBsijFWw8Vj8LnWfzw/VsFFlQ4CJvnLuTqw+bgI5VlodwR20wcEHuSuUKY9IA2hyDZLWJ2vZzIlI8TuY21Qc8vFmEVB7M1mgqLJKksdi/ZLHk5UN9HTRz0Q6SaNyvPfjWCeHX8Tb3WnsAnHvnXc0C3A2EWVFqHIpJwVRTC2ef6LCUmZmPv1NqnFWftv192n+oOJqT+537fNesK7tQJfX4Osi5RDCL788GjJHLOarzEIKegpunCjq/9yp/Oi6M/v+/eN7rdd/UY80mcmoOC1HOVPfjxmCfcFFpqKX3NYlx/czF+gpf0mRBaHEpkGk3oPrqGiZbSAShsLDvptZANmBoBSDFwFwJpHxdMzMOLM8NyQNewKs1pYbjklbuC5W33qjgHdVk56jnGVPwCVak/TQgoOI9NtxnfvfV6sB5mQWEkiNsUzEVK3hgu5Wa93vN/DZ75KoS95Ldj4pCfJV92eeeYWvrRPAIdnzxjH2rdfhysHW2NYFdl7PlAqcca+CaO4WOHOMJw== git-ssh.dubyatp.xyz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/9ygk32Ibk6/ZqIhwh0ZyTTDpdXxP/BUgtJI4FVLKVWIEFnB+fOCTsSXM/mt8R0Xld/AJ+muywNhZc60nEAg+Pj4yxc0u75t1Ea+C8JjEh2xW7rH+oZLv+JabcLk5Ze7rpaETkq2ILxNmBKemgDut8mXt9BYBo5mk72ClWBsijFWw8Vj8LnWfzw/VsFFlQ4CJvnLuTqw+bgI5VlodwR20wcEHuSuUKY9IA2hyDZLWJ2vZzIlI8TuY21Qc8vFmEVB7M1mgqLJKksdi/ZLHk5UN9HTRz0Q6SaNyvPfjWCeHX8Tb3WnsAnHvnXc0C3A2EWVFqHIpJwVRTC2ef6LCUmZmPv1NqnFWftv192n+oOJqT+537fNesK7tQJfX4Osi5RDCL788GjJHLOarzEIKegpunCjq/9yp/Oi6M/v+/eN7rdd/UY80mcmoOC1HOVPfjxmCfcFFpqKX3NYlx/czF+gpf0mRBaHEpkGk3oPrqGiZbSAShsLDvptZANmBoBSDFwFwJpHxdMzMOLM8NyQNewKs1pYbjklbuC5W33qjgHdVk56jnGVPwCVak/TQgoOI9NtxnfvfV6sB5mQWEkiNsUzEVK3hgu5Wa93vN/DZ75KoS95Ldj4pCfJV92eeeYWvrRPAIdnzxjH2rdfhysHW2NYFdl7PlAqcca+CaO4WOHOMJw== rbac: policy.csv: | g, ArgoCD Admins, role:admin controller: metrics: enabled: true serviceMonitor: enabled: true rules: enabled: true spec: - alert: ArgoAppMissing expr: | absent(argocd_app_info) == 1 for: 15m labels: severity: critical annotations: summary: "[Argo CD] No reported applications" description: > Argo CD has not reported any applications data for the past 15 minutes which means that it must be down or not functioning properly. This needs to be resolved for this cloud to continue to maintain state. - alert: ArgoAppNotSynced expr: | argocd_app_info{sync_status!="Synced"} == 1 for: 12h labels: severity: warning annotations: summary: "[{{`{{$labels.name}}`}}] Application not synchronized" description: > The application [{{`{{$labels.name}}`}} has not been synchronized for over 12 hours which means that the state of this cloud has drifted away from the state inside Git. server: ingress: enabled: true livenessProbe: enabled: true readinessProbe: enabled: true metrics: enabled: true serviceMonitor: enabled: true repoServer: livenessProbe: enabled: true readinessProbe: enabled: true metrics: enabled: true serviceMonitor: enabled: true applicationSet: livenessProbe: enabled: true readinessProbe: enabled: true metrics: enabled: true serviceMonitor: enabled: true redis: livenessProbe: enabled: true readinessProbe: enabled: true metrics: enabled: true serviceMonitor: enabled: true dex: livenessProbe: enabled: true readinessProbe: enabled: true metrics: enabled: true serviceMonitor: enabled: true notifications: metrics: enabled: true serviceMonitor: enabled: true extraObjects: - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: weyma-argocd-secrets labels: app.kubernetes.io/part-of: argocd spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: weyma-argocd-secrets creationPolicy: Owner data: - secretKey: webhook.gitea.secret remoteRef: key: argo-cd property: webhook.gitea.secret - secretKey: admin.password remoteRef: key: argo-cd property: admin.password - secretKey: admin.passwordMtime remoteRef: key: argo-cd property: admin.passwordMtime - secretKey: dex.authentik.clientSecret remoteRef: key: argo-cd property: dex.authentik.clientSecret - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-core-apps labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-core-apps creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey - secretKey: type remoteRef: key: argo-cd-git property: type - secretKey: url remoteRef: key: argo-cd-git property: url.core-apps - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-weyma-talos labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-weyma-talos creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey - secretKey: type remoteRef: key: argo-cd-git property: type - secretKey: url remoteRef: key: argo-cd-git property: url.weyma-talos - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-williamp-sites labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-williamp-sites creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey - secretKey: type remoteRef: key: argo-cd-git property: type - secretKey: url remoteRef: key: argo-cd-git property: url.williamp-sites - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: git-db-operators labels: app.kubernetes.io/part-of: argocd argocd.argoproj.io/secret-type: repository spec: refreshInterval: 1h secretStoreRef: name: weyma-vault kind: ClusterSecretStore target: name: git-db-operators creationPolicy: Owner data: - secretKey: sshPrivateKey remoteRef: key: argo-cd-git property: sshPrivateKey - secretKey: type remoteRef: key: argo-cd-git property: type - secretKey: url remoteRef: key: argo-cd-git property: url.db-operators