remoll/k3s-infra
0
0
Fork 0
Code Issues 1 Pull Requests 3 Packages Projects Releases Wiki Activity

sso for argocd

Browse Source
This commit is contained in:
Remy Moll
2024-10-05 14:59:47 +02:00
parent 37532f10ce
commit a44e84b8cb
4 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
infrastructure/argocd/argocd-oauth.configmap.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cm
data:
url: https://argocd.kluster.moll.re
oidc.config: |
name: Authelia
issuer: https://auth.kluster.moll.re
clientID: argocd
# If you want to store sensitive data in another Kubernetes Secret, instead of argocd-secret. ArgoCD knows to check the keys under data in your Kubernetes Secret for a corresponding key whenever a value in a configmap or secret starts with $, then your Kubernetes Secret name and : (colon).
clientSecret: $argocd-oauth:client-secret
skipAudienceCheckWhenTokenHasNoAudience: true
# Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
requestedScopes: ["openid", "profile", "email", "groups"]
# Optional set of OIDC claims to request on the ID token.
requestedIDTokenClaims: {"groups": {"essential": true}}

16
infrastructure/argocd/argocd-oauth.sealedsecret.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: argocd-oauth
namespace: argocd
spec:
encryptedData:
client-secret: AgAGtwiMd6OOz2IT2QJJR6unSYgLqNVJCb63a6hHko749nK8Kx1WgLwCYT/UURQYUusqMMPkNqbkA+jLUgh92fa7MKhtj4GysSvWavB+j8oFWT3YZbNcYNoJsTxg8mIRKiMFmp5um703e5RtGCv7eiOWdVtHftVv1BycPVeVHUuLU5usc8lmgnTTEPiRUEUB8MjGd7bIEgJ9q5oAiRTiwefickS1NgC02K2K8hVAhG/VkP0lqYn0xYgsy4W4i/7Q7AxRxCwX3y23spjXNUCRJRYvgF7Cf+MHdBgk6xPtvJF3jDLJfw8H2ilUx0GaxkESCDIE/FSVlbhMXmUdVYB9SLVo9K/tzqHe536ufGWO+U7H92mhZl5oZcA7qP9iXLUy13sAY/slixbKT6y4BJ3Tnt/pK1IydASsOE/uuwuN5q6AHWvG++DSHEPfE8xOH3bRVph8aIJD9hi8UlH7KGlEDPIaY3twpaJDUweaGVRTEnjvxW/hKfp2SF8A0PtGDeKSSii/XBZjxjROdOvE2+xM/WTVdVqddvErzogEKfljMvb5Z4OQiNj7fFvFMVuRD55To8p/cYZu+KHx+D8tuUMH3zk6AdADs/0bjI0xAz3PJUAmVp4RE4k0vP8LAImF5rWkIyVUcvJmP8S90jf0d7usJaEFd1ZayFLyUnwGAkP8ua2RiupnNUrZ/49A31cGm1RCpw00DGEJ/5VK6VMP1+T4KOUP5pB90FUYVHUv6S8dAg==
template:
metadata:
creationTimestamp: null
name: argocd-oauth
namespace: argocd
type: Opaque

2
infrastructure/argocd/kustomization.yaml
View File

@@ -8,8 +8,10 @@ resources:
- ingress.yaml - ingress.yaml
- argo-apps.application.yaml - argo-apps.application.yaml
- bootstrap-repo.sealedsecret.yaml - bootstrap-repo.sealedsecret.yaml
- argocd-oauth.sealedsecret.yaml
patches: patches:
- path: known-hosts.configmap.yaml - path: known-hosts.configmap.yaml
- path: argocd.configmap.yaml - path: argocd.configmap.yaml
- path: argocd-oauth.configmap.yaml

2
infrastructure/authelia/authelia-oidc.sealedsecret.yaml
View File

File diff suppressed because one or more lines are too long