sso for argocd
This commit is contained in:
parent
37532f10ce
commit
a44e84b8cb
21
infrastructure/argocd/argocd-oauth.configmap.yaml
Normal file
21
infrastructure/argocd/argocd-oauth.configmap.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: argocd-cm
|
||||||
|
data:
|
||||||
|
url: https://argocd.kluster.moll.re
|
||||||
|
|
||||||
|
oidc.config: |
|
||||||
|
name: Authelia
|
||||||
|
issuer: https://auth.kluster.moll.re
|
||||||
|
clientID: argocd
|
||||||
|
# If you want to store sensitive data in another Kubernetes Secret, instead of argocd-secret. ArgoCD knows to check the keys under data in your Kubernetes Secret for a corresponding key whenever a value in a configmap or secret starts with $, then your Kubernetes Secret name and : (colon).
|
||||||
|
clientSecret: $argocd-oauth:client-secret
|
||||||
|
|
||||||
|
skipAudienceCheckWhenTokenHasNoAudience: true
|
||||||
|
|
||||||
|
# Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
|
||||||
|
requestedScopes: ["openid", "profile", "email", "groups"]
|
||||||
|
|
||||||
|
# Optional set of OIDC claims to request on the ID token.
|
||||||
|
requestedIDTokenClaims: {"groups": {"essential": true}}
|
||||||
16
infrastructure/argocd/argocd-oauth.sealedsecret.yaml
Normal file
16
infrastructure/argocd/argocd-oauth.sealedsecret.yaml
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
apiVersion: bitnami.com/v1alpha1
|
||||||
|
kind: SealedSecret
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: argocd-oauth
|
||||||
|
namespace: argocd
|
||||||
|
spec:
|
||||||
|
encryptedData:
|
||||||
|
client-secret: AgAGtwiMd6OOz2IT2QJJR6unSYgLqNVJCb63a6hHko749nK8Kx1WgLwCYT/UURQYUusqMMPkNqbkA+jLUgh92fa7MKhtj4GysSvWavB+j8oFWT3YZbNcYNoJsTxg8mIRKiMFmp5um703e5RtGCv7eiOWdVtHftVv1BycPVeVHUuLU5usc8lmgnTTEPiRUEUB8MjGd7bIEgJ9q5oAiRTiwefickS1NgC02K2K8hVAhG/VkP0lqYn0xYgsy4W4i/7Q7AxRxCwX3y23spjXNUCRJRYvgF7Cf+MHdBgk6xPtvJF3jDLJfw8H2ilUx0GaxkESCDIE/FSVlbhMXmUdVYB9SLVo9K/tzqHe536ufGWO+U7H92mhZl5oZcA7qP9iXLUy13sAY/slixbKT6y4BJ3Tnt/pK1IydASsOE/uuwuN5q6AHWvG++DSHEPfE8xOH3bRVph8aIJD9hi8UlH7KGlEDPIaY3twpaJDUweaGVRTEnjvxW/hKfp2SF8A0PtGDeKSSii/XBZjxjROdOvE2+xM/WTVdVqddvErzogEKfljMvb5Z4OQiNj7fFvFMVuRD55To8p/cYZu+KHx+D8tuUMH3zk6AdADs/0bjI0xAz3PJUAmVp4RE4k0vP8LAImF5rWkIyVUcvJmP8S90jf0d7usJaEFd1ZayFLyUnwGAkP8ua2RiupnNUrZ/49A31cGm1RCpw00DGEJ/5VK6VMP1+T4KOUP5pB90FUYVHUv6S8dAg==
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: argocd-oauth
|
||||||
|
namespace: argocd
|
||||||
|
type: Opaque
|
||||||
@ -8,8 +8,10 @@ resources:
|
|||||||
- ingress.yaml
|
- ingress.yaml
|
||||||
- argo-apps.application.yaml
|
- argo-apps.application.yaml
|
||||||
- bootstrap-repo.sealedsecret.yaml
|
- bootstrap-repo.sealedsecret.yaml
|
||||||
|
- argocd-oauth.sealedsecret.yaml
|
||||||
|
|
||||||
|
|
||||||
patches:
|
patches:
|
||||||
- path: known-hosts.configmap.yaml
|
- path: known-hosts.configmap.yaml
|
||||||
- path: argocd.configmap.yaml
|
- path: argocd.configmap.yaml
|
||||||
|
- path: argocd-oauth.configmap.yaml
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
Loading…
x
Reference in New Issue
Block a user