sso for argocd

infrastructure/argocd/argocd-oauth.configmap.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cm
+data:
+  url: https://argocd.kluster.moll.re
+
+  oidc.config: |
+    name: Authelia
+    issuer: https://auth.kluster.moll.re
+    clientID: argocd
+    # If you want to store sensitive data in another Kubernetes Secret, instead of argocd-secret. ArgoCD knows to check the keys under data in your Kubernetes Secret for a corresponding key whenever a value in a configmap or secret starts with $, then your Kubernetes Secret name and : (colon).
+    clientSecret: $argocd-oauth:client-secret
+
+    skipAudienceCheckWhenTokenHasNoAudience: true
+
+    # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
+    requestedScopes: ["openid", "profile", "email", "groups"]
+
+    # Optional set of OIDC claims to request on the ID token.
+    requestedIDTokenClaims: {"groups": {"essential": true}}