266 lines
8.7 KiB
YAML
266 lines
8.7 KiB
YAML
argo-cd:
|
|
global:
|
|
domain: argocd.infra.dubyatp.xyz
|
|
configs:
|
|
cm:
|
|
admin.enabled: false
|
|
dex.config: |
|
|
connectors:
|
|
- config:
|
|
issuer: https://auth.dubyatp.xyz/application/o/argocd/
|
|
clientID: ZZ4Rt3ZixVu9ote8yzryHFrEhlbY85C24Hh9Uo98
|
|
clientSecret: $weyma-argocd-secrets:dex.authentik.clientSecret
|
|
insecureEnableGroups: true
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
name: authentik
|
|
type: oidc
|
|
id: authentik
|
|
resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: |
|
|
jsonPointers:
|
|
- /webhooks/0/clientConfig/caBundle
|
|
resource.customizations.ignoreDifferences.admissionregistration.k8s.io_ValidatingWebhookConfiguration: |
|
|
jsonPointers:
|
|
- /webhooks/0/clientConfig/caBundle
|
|
resource.customizations.ignoreDifferences.Secret: |
|
|
jsonPointers:
|
|
- /data
|
|
params:
|
|
server.insecure: true
|
|
ssh:
|
|
extraHosts: |
|
|
git.dubyatp.xyz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/9ygk32Ibk6/ZqIhwh0ZyTTDpdXxP/BUgtJI4FVLKVWIEFnB+fOCTsSXM/mt8R0Xld/AJ+muywNhZc60nEAg+Pj4yxc0u75t1Ea+C8JjEh2xW7rH+oZLv+JabcLk5Ze7rpaETkq2ILxNmBKemgDut8mXt9BYBo5mk72ClWBsijFWw8Vj8LnWfzw/VsFFlQ4CJvnLuTqw+bgI5VlodwR20wcEHuSuUKY9IA2hyDZLWJ2vZzIlI8TuY21Qc8vFmEVB7M1mgqLJKksdi/ZLHk5UN9HTRz0Q6SaNyvPfjWCeHX8Tb3WnsAnHvnXc0C3A2EWVFqHIpJwVRTC2ef6LCUmZmPv1NqnFWftv192n+oOJqT+537fNesK7tQJfX4Osi5RDCL788GjJHLOarzEIKegpunCjq/9yp/Oi6M/v+/eN7rdd/UY80mcmoOC1HOVPfjxmCfcFFpqKX3NYlx/czF+gpf0mRBaHEpkGk3oPrqGiZbSAShsLDvptZANmBoBSDFwFwJpHxdMzMOLM8NyQNewKs1pYbjklbuC5W33qjgHdVk56jnGVPwCVak/TQgoOI9NtxnfvfV6sB5mQWEkiNsUzEVK3hgu5Wa93vN/DZ75KoS95Ldj4pCfJV92eeeYWvrRPAIdnzxjH2rdfhysHW2NYFdl7PlAqcca+CaO4WOHOMJw==
|
|
git-ssh.dubyatp.xyz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/9ygk32Ibk6/ZqIhwh0ZyTTDpdXxP/BUgtJI4FVLKVWIEFnB+fOCTsSXM/mt8R0Xld/AJ+muywNhZc60nEAg+Pj4yxc0u75t1Ea+C8JjEh2xW7rH+oZLv+JabcLk5Ze7rpaETkq2ILxNmBKemgDut8mXt9BYBo5mk72ClWBsijFWw8Vj8LnWfzw/VsFFlQ4CJvnLuTqw+bgI5VlodwR20wcEHuSuUKY9IA2hyDZLWJ2vZzIlI8TuY21Qc8vFmEVB7M1mgqLJKksdi/ZLHk5UN9HTRz0Q6SaNyvPfjWCeHX8Tb3WnsAnHvnXc0C3A2EWVFqHIpJwVRTC2ef6LCUmZmPv1NqnFWftv192n+oOJqT+537fNesK7tQJfX4Osi5RDCL788GjJHLOarzEIKegpunCjq/9yp/Oi6M/v+/eN7rdd/UY80mcmoOC1HOVPfjxmCfcFFpqKX3NYlx/czF+gpf0mRBaHEpkGk3oPrqGiZbSAShsLDvptZANmBoBSDFwFwJpHxdMzMOLM8NyQNewKs1pYbjklbuC5W33qjgHdVk56jnGVPwCVak/TQgoOI9NtxnfvfV6sB5mQWEkiNsUzEVK3hgu5Wa93vN/DZ75KoS95Ldj4pCfJV92eeeYWvrRPAIdnzxjH2rdfhysHW2NYFdl7PlAqcca+CaO4WOHOMJw==
|
|
rbac:
|
|
policy.csv: |
|
|
g, ArgoCD Admins, role:admin
|
|
controller:
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
rules:
|
|
enabled: true
|
|
spec:
|
|
- alert: ArgoAppMissing
|
|
expr: |
|
|
absent(argocd_app_info) == 1
|
|
for: 15m
|
|
labels:
|
|
severity: critical
|
|
annotations:
|
|
summary: "[Argo CD] No reported applications"
|
|
description: >
|
|
Argo CD has not reported any applications data for the past 15 minutes which
|
|
means that it must be down or not functioning properly. This needs to be
|
|
resolved for this cloud to continue to maintain state.
|
|
- alert: ArgoAppNotSynced
|
|
expr: |
|
|
argocd_app_info{sync_status!="Synced"} == 1
|
|
for: 12h
|
|
labels:
|
|
severity: warning
|
|
annotations:
|
|
summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
|
|
description: >
|
|
The application [{{`{{$labels.name}}`}} has not been synchronized for over
|
|
12 hours which means that the state of this cloud has drifted away from the
|
|
state inside Git.
|
|
server:
|
|
ingress:
|
|
enabled: true
|
|
livenessProbe:
|
|
enabled: true
|
|
readinessProbe:
|
|
enabled: true
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
repoServer:
|
|
livenessProbe:
|
|
enabled: true
|
|
readinessProbe:
|
|
enabled: true
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
applicationSet:
|
|
livenessProbe:
|
|
enabled: true
|
|
readinessProbe:
|
|
enabled: true
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
redis:
|
|
livenessProbe:
|
|
enabled: true
|
|
readinessProbe:
|
|
enabled: true
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
dex:
|
|
livenessProbe:
|
|
enabled: true
|
|
readinessProbe:
|
|
enabled: true
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
notifications:
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
extraObjects:
|
|
- apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: weyma-argocd-secrets
|
|
labels:
|
|
app.kubernetes.io/part-of: argocd
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: weyma-vault
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: weyma-argocd-secrets
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: webhook.gitea.secret
|
|
remoteRef:
|
|
key: argo-cd
|
|
property: webhook.gitea.secret
|
|
- secretKey: admin.password
|
|
remoteRef:
|
|
key: argo-cd
|
|
property: admin.password
|
|
- secretKey: admin.passwordMtime
|
|
remoteRef:
|
|
key: argo-cd
|
|
property: admin.passwordMtime
|
|
- secretKey: dex.authentik.clientSecret
|
|
remoteRef:
|
|
key: argo-cd
|
|
property: dex.authentik.clientSecret
|
|
- apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: git-core-apps
|
|
labels:
|
|
app.kubernetes.io/part-of: argocd
|
|
argocd.argoproj.io/secret-type: repository
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: weyma-vault
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: git-core-apps
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: sshPrivateKey
|
|
remoteRef:
|
|
key: argo-cd-git
|
|
property: sshPrivateKey
|
|
- secretKey: type
|
|
remoteRef:
|
|
key: argo-cd-git
|
|
property: type
|
|
- secretKey: url
|
|
remoteRef:
|
|
key: argo-cd-git
|
|
property: url.core-apps
|
|
- apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: git-weyma-talos
|
|
labels:
|
|
app.kubernetes.io/part-of: argocd
|
|
argocd.argoproj.io/secret-type: repository
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: weyma-vault
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: git-weyma-talos
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: sshPrivateKey
|
|
remoteRef:
|
|
key: argo-cd-git
|
|
property: sshPrivateKey
|
|
- secretKey: type
|
|
remoteRef:
|
|
key: argo-cd-git
|
|
property: type
|
|
- secretKey: url
|
|
remoteRef:
|
|
key: argo-cd-git
|
|
property: url.weyma-talos
|
|
- apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: git-williamp-sites
|
|
labels:
|
|
app.kubernetes.io/part-of: argocd
|
|
argocd.argoproj.io/secret-type: repository
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: weyma-vault
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: git-williamp-sites
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: sshPrivateKey
|
|
remoteRef:
|
|
key: argo-cd-git
|
|
property: sshPrivateKey
|
|
- secretKey: type
|
|
remoteRef:
|
|
key: argo-cd-git
|
|
property: type
|
|
- secretKey: url
|
|
remoteRef:
|
|
key: argo-cd-git
|
|
property: url.williamp-sites
|
|
- apiVersion: external-secrets.io/v1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: git-db-operators
|
|
labels:
|
|
app.kubernetes.io/part-of: argocd
|
|
argocd.argoproj.io/secret-type: repository
|
|
spec:
|
|
refreshInterval: 1h
|
|
secretStoreRef:
|
|
name: weyma-vault
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: git-db-operators
|
|
creationPolicy: Owner
|
|
data:
|
|
- secretKey: sshPrivateKey
|
|
remoteRef:
|
|
key: argo-cd-git
|
|
property: sshPrivateKey
|
|
- secretKey: type
|
|
remoteRef:
|
|
key: argo-cd-git
|
|
property: type
|
|
- secretKey: url
|
|
remoteRef:
|
|
key: argo-cd-git
|
|
property: url.db-operators |