weyma-talos/system-apps/argocd/values.yaml

argo-cd:
  global:
    domain: argocd.infra.dubyatp.xyz
  configs:
    cm:
      admin.enabled: false
      dex.config: |
        connectors:
        - config:
            issuer: https://auth.dubyatp.xyz/application/o/argocd/
            clientID: ZZ4Rt3ZixVu9ote8yzryHFrEhlbY85C24Hh9Uo98
            clientSecret: $weyma-argocd-secrets:dex.authentik.clientSecret
            insecureEnableGroups: true
            scopes:
              - openid
              - profile
              - email
          name: authentik
          type: oidc
          id: authentik
      resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: |
        jsonPointers:
          - /webhooks/0/clientConfig/caBundle
      resource.customizations.ignoreDifferences.admissionregistration.k8s.io_ValidatingWebhookConfiguration: |
        jsonPointers:
          - /webhooks/0/clientConfig/caBundle
      resource.customizations.ignoreDifferences.Secret: |
        jsonPointers:
          - /data
    params:
      server.insecure: true
    ssh:
      extraHosts: |
        git.dubyatp.xyz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/9ygk32Ibk6/ZqIhwh0ZyTTDpdXxP/BUgtJI4FVLKVWIEFnB+fOCTsSXM/mt8R0Xld/AJ+muywNhZc60nEAg+Pj4yxc0u75t1Ea+C8JjEh2xW7rH+oZLv+JabcLk5Ze7rpaETkq2ILxNmBKemgDut8mXt9BYBo5mk72ClWBsijFWw8Vj8LnWfzw/VsFFlQ4CJvnLuTqw+bgI5VlodwR20wcEHuSuUKY9IA2hyDZLWJ2vZzIlI8TuY21Qc8vFmEVB7M1mgqLJKksdi/ZLHk5UN9HTRz0Q6SaNyvPfjWCeHX8Tb3WnsAnHvnXc0C3A2EWVFqHIpJwVRTC2ef6LCUmZmPv1NqnFWftv192n+oOJqT+537fNesK7tQJfX4Osi5RDCL788GjJHLOarzEIKegpunCjq/9yp/Oi6M/v+/eN7rdd/UY80mcmoOC1HOVPfjxmCfcFFpqKX3NYlx/czF+gpf0mRBaHEpkGk3oPrqGiZbSAShsLDvptZANmBoBSDFwFwJpHxdMzMOLM8NyQNewKs1pYbjklbuC5W33qjgHdVk56jnGVPwCVak/TQgoOI9NtxnfvfV6sB5mQWEkiNsUzEVK3hgu5Wa93vN/DZ75KoS95Ldj4pCfJV92eeeYWvrRPAIdnzxjH2rdfhysHW2NYFdl7PlAqcca+CaO4WOHOMJw==
        git-ssh.dubyatp.xyz ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/9ygk32Ibk6/ZqIhwh0ZyTTDpdXxP/BUgtJI4FVLKVWIEFnB+fOCTsSXM/mt8R0Xld/AJ+muywNhZc60nEAg+Pj4yxc0u75t1Ea+C8JjEh2xW7rH+oZLv+JabcLk5Ze7rpaETkq2ILxNmBKemgDut8mXt9BYBo5mk72ClWBsijFWw8Vj8LnWfzw/VsFFlQ4CJvnLuTqw+bgI5VlodwR20wcEHuSuUKY9IA2hyDZLWJ2vZzIlI8TuY21Qc8vFmEVB7M1mgqLJKksdi/ZLHk5UN9HTRz0Q6SaNyvPfjWCeHX8Tb3WnsAnHvnXc0C3A2EWVFqHIpJwVRTC2ef6LCUmZmPv1NqnFWftv192n+oOJqT+537fNesK7tQJfX4Osi5RDCL788GjJHLOarzEIKegpunCjq/9yp/Oi6M/v+/eN7rdd/UY80mcmoOC1HOVPfjxmCfcFFpqKX3NYlx/czF+gpf0mRBaHEpkGk3oPrqGiZbSAShsLDvptZANmBoBSDFwFwJpHxdMzMOLM8NyQNewKs1pYbjklbuC5W33qjgHdVk56jnGVPwCVak/TQgoOI9NtxnfvfV6sB5mQWEkiNsUzEVK3hgu5Wa93vN/DZ75KoS95Ldj4pCfJV92eeeYWvrRPAIdnzxjH2rdfhysHW2NYFdl7PlAqcca+CaO4WOHOMJw==
    rbac:
      policy.csv: |
        g, ArgoCD Admins, role:admin
  controller:
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
      rules:
        enabled: true
  server:
    ingress:
      enabled: true
    livenessProbe:
      enabled: true
    readinessProbe:
      enabled: true
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
      rules:
        enabled: true
  repoServer:
    livenessProbe:
      enabled: true
    readinessProbe:
      enabled: true
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
      rules:
        enabled: true
  applicationSet:
    livenessProbe:
      enabled: true
    readinessProbe:
      enabled: true 
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
      rules:
        enabled: true
  redis:
    livenessProbe:
      enabled: true
    readinessProbe:
      enabled: true
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
      rules:
        enabled: true 
  dex:
    livenessProbe:
      enabled: true
    readinessProbe:
      enabled: true
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
      rules:
        enabled: true
  notifications:
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
      rules:
        enabled: true
  extraObjects:
    - apiVersion: external-secrets.io/v1
      kind: ExternalSecret
      metadata:
        name: weyma-argocd-secrets
        labels:
          app.kubernetes.io/part-of: argocd
      spec:
        refreshInterval: 1h
        secretStoreRef:
          name: weyma-vault
          kind: ClusterSecretStore
        target:
          name: weyma-argocd-secrets
          creationPolicy: Owner
        data:
        - secretKey: webhook.gitea.secret
          remoteRef:
            key: argo-cd
            property: webhook.gitea.secret
        - secretKey: admin.password
          remoteRef:
            key: argo-cd
            property: admin.password
        - secretKey: admin.passwordMtime
          remoteRef:
            key: argo-cd
            property: admin.passwordMtime
        - secretKey: dex.authentik.clientSecret
          remoteRef:
            key: argo-cd
            property: dex.authentik.clientSecret
    - apiVersion: external-secrets.io/v1
      kind: ExternalSecret
      metadata:
        name: git-core-apps
        labels:
          app.kubernetes.io/part-of: argocd
          argocd.argoproj.io/secret-type: repository
      spec:
        refreshInterval: 1h
        secretStoreRef:
          name: weyma-vault
          kind: ClusterSecretStore
        target:
          name: git-core-apps
          creationPolicy: Owner
        data:
        - secretKey: sshPrivateKey
          remoteRef:
            key: argo-cd-git
            property: sshPrivateKey
        - secretKey: type
          remoteRef:
            key: argo-cd-git
            property: type
        - secretKey: url
          remoteRef:
            key: argo-cd-git
            property: url.core-apps
    - apiVersion: external-secrets.io/v1
      kind: ExternalSecret
      metadata:
        name: git-weyma-talos
        labels:
          app.kubernetes.io/part-of: argocd
          argocd.argoproj.io/secret-type: repository
      spec:
        refreshInterval: 1h
        secretStoreRef:
          name: weyma-vault
          kind: ClusterSecretStore
        target:
          name: git-weyma-talos
          creationPolicy: Owner
        data:
        - secretKey: sshPrivateKey
          remoteRef:
            key: argo-cd-git
            property: sshPrivateKey
        - secretKey: type
          remoteRef:
            key: argo-cd-git
            property: type
        - secretKey: url
          remoteRef:
            key: argo-cd-git
            property: url.weyma-talos
    - apiVersion: external-secrets.io/v1
      kind: ExternalSecret
      metadata:
        name: git-williamp-sites
        labels:
          app.kubernetes.io/part-of: argocd
          argocd.argoproj.io/secret-type: repository
      spec:
        refreshInterval: 1h
        secretStoreRef:
          name: weyma-vault
          kind: ClusterSecretStore
        target:
          name: git-williamp-sites
          creationPolicy: Owner
        data:
        - secretKey: sshPrivateKey
          remoteRef:
            key: argo-cd-git
            property: sshPrivateKey
        - secretKey: type
          remoteRef:
            key: argo-cd-git
            property: type
        - secretKey: url
          remoteRef:
            key: argo-cd-git
            property: url.williamp-sites
    - apiVersion: external-secrets.io/v1
      kind: ExternalSecret
      metadata:
        name: git-db-operators
        labels:
          app.kubernetes.io/part-of: argocd
          argocd.argoproj.io/secret-type: repository
      spec:
        refreshInterval: 1h
        secretStoreRef:
          name: weyma-vault
          kind: ClusterSecretStore
        target:
          name: git-db-operators
          creationPolicy: Owner
        data:
        - secretKey: sshPrivateKey
          remoteRef:
            key: argo-cd-git
            property: sshPrivateKey
        - secretKey: type
          remoteRef:
            key: argo-cd-git
            property: type
        - secretKey: url
          remoteRef:
            key: argo-cd-git
            property: url.db-operators