diff --git a/argocd/cm.yaml b/argocd/cm.yaml index ac7cc39..95c86af 100644 --- a/argocd/cm.yaml +++ b/argocd/cm.yaml @@ -5,6 +5,7 @@ metadata: name: argocd-cm namespace: argocd labels: + app.kubernetes.io/instance: argocd-ingress app.kubernetes.io/name: argocd-cm app.kubernetes.io/part-of: argocd data: @@ -22,6 +23,16 @@ data: - CiliumIdentity clusters: - "*" + url: https://aaron-argo.services.yolokube.de + oidc.config: | + name: aaronID + issuer: https://auth.ar21.de/application/o/vcluster-argocd/ + clientID: PaYnOPK9WlGlHe6BRdB20lJVUFwbJAKslLkEMk22 + clientSecret: $oidc.aaronid.clientSecret + + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "profile", "email"] + logoutURL: https://auth.ar21.de/application/o/vcluster-argocd/end-session/ --- kind: ConfigMap apiVersion: v1 @@ -29,7 +40,21 @@ metadata: name: argocd-cmd-params-cm namespace: argocd labels: + app.kubernetes.io/instance: argocd-ingress app.kubernetes.io/name: argocd-cm app.kubernetes.io/part-of: argocd data: server.insecure: "true" +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: argocd-rbac-cm + namespace: argocd + labels: + app.kubernetes.io/instance: argocd-ingress + app.kubernetes.io/name: argocd-cm + app.kubernetes.io/part-of: argocd +data: + policy.csv: | + g, ar21-general, role:admin