infrastructure/weyma-talos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4cee8124e1f2c4eacf43b8c5453a74cc0f121522
weyma-talos/system-apps/argocd/values.yaml
William P 4cee8124e1 add argocd to system-apps
2025-10-06 10:47:28 -04:00

181 lines
5.1 KiB
YAML
Raw Blame History

argo-cd:
global:
domain: argocd.infra.dubyatp.xyz
configs:
cm:
admin.enabled: false
dex.config: |
connectors:
- config:
issuer: https://auth.dubyatp.xyz/application/o/argocd/
clientID: ZZ4Rt3ZixVu9ote8yzryHFrEhlbY85C24Hh9Uo98
clientSecret: $weyma-argocd-secrets:dex.authentik.clientSecret
insecureEnableGroups: true
scopes:
- openid
- profile
- email
name: authentik
type: oidc
id: authentik
resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: |
jsonPointers:
- /webhooks/0/clientConfig/caBundle
resource.customizations.ignoreDifferences.admissionregistration.k8s.io_ValidatingWebhookConfiguration: |
jsonPointers:
- /webhooks/0/clientConfig/caBundle
resource.customizations.ignoreDifferences.Secret: |
jsonPointers:
- /data
params:
server.insecure: true
rbac:
policy.csv: |
g, ArgoCD Admins, role:admin
server:
ingress:
enabled: true
extraObjects:
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: weyma-argocd-secrets
labels:
app.kubernetes.io/part-of: argocd
spec:
refreshInterval: 1h
secretStoreRef:
name: weyma-vault
kind: ClusterSecretStore
target:
name: weyma-argocd-secrets
creationPolicy: Owner
data:
- secretKey: webhook.gitea.secret
remoteRef:
key: argo-cd
property: webhook.gitea.secret
- secretKey: admin.password
remoteRef:
key: argo-cd
property: admin.password
- secretKey: admin.passwordMtime
remoteRef:
key: argo-cd
property: admin.passwordMtime
- secretKey: dex.authentik.clientSecret
remoteRef:
key: argo-cd
property: dex.authentik.clientSecret
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: git-core-apps
labels:
app.kubernetes.io/part-of: argocd
argocd.argoproj.io/secret-type: repository
spec:
refreshInterval: 1h
secretStoreRef:
name: weyma-vault
kind: ClusterSecretStore
target:
name: git-core-apps
creationPolicy: Owner
data:
- secretKey: sshPrivateKey
remoteRef:
key: argo-cd-git
property: sshPrivateKey
- secretKey: type
remoteRef:
key: argo-cd-git
property: type
- secretKey: url
remoteRef:
key: argo-cd-git
property: url.core-apps
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: git-weyma-talos
labels:
app.kubernetes.io/part-of: argocd
argocd.argoproj.io/secret-type: repository
spec:
refreshInterval: 1h
secretStoreRef:
name: weyma-vault
kind: ClusterSecretStore
target:
name: git-weyma-talos
creationPolicy: Owner
data:
- secretKey: sshPrivateKey
remoteRef:
key: argo-cd-git
property: sshPrivateKey
- secretKey: type
remoteRef:
key: argo-cd-git
property: type
- secretKey: url
remoteRef:
key: argo-cd-git
property: url.weyma-talos
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: git-williamp-sites
labels:
app.kubernetes.io/part-of: argocd
argocd.argoproj.io/secret-type: repository
spec:
refreshInterval: 1h
secretStoreRef:
name: weyma-vault
kind: ClusterSecretStore
target:
name: git-williamp-sites
creationPolicy: Owner
data:
- secretKey: sshPrivateKey
remoteRef:
key: argo-cd-git
property: sshPrivateKey
- secretKey: type
remoteRef:
key: argo-cd-git
property: type
- secretKey: url
remoteRef:
key: argo-cd-git
property: url.williamp-sites
- apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: git-db-operators
labels:
app.kubernetes.io/part-of: argocd
argocd.argoproj.io/secret-type: repository
spec:
refreshInterval: 1h
secretStoreRef:
name: weyma-vault
kind: ClusterSecretStore
target:
name: git-db-operators
creationPolicy: Owner
data:
- secretKey: sshPrivateKey
remoteRef:
key: argo-cd-git
property: sshPrivateKey
- secretKey: type
remoteRef:
key: argo-cd-git
property: type
- secretKey: url
remoteRef:
key: argo-cd-git
property: url.db-operators
Reference in New Issue View Git Blame Copy Permalink