kubernetes/k8s-peterg/argocd/patches/configmap.yaml

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
data:
  url: https://argocd.peterg.nl
  dex.config: |
    connectors:
    - name: authentik
      id: authentik
      type: oidc
      config:
        issuer: $argocd-authentik-provider:dex.authentik.issuer
        clientID: $argocd-authentik-provider:dex.authentik.clientID
        clientSecret: $argocd-authentik-provider:dex.authentik.clientSecret
        insecureEnableGroups: true
        scopes:
          - openid
          - profile
          - email
          - groups
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-rbac-cm
  labels:
    app.kubernetes.io/part-of: argocd
data:
  policy.default: role:readonly
  policy.csv: |
    p, role:org-admin, applications, *, */*, allow
    p, role:org-admin, clusters, get, *, allow
    p, role:org-admin, repositories, get, *, allow
    p, role:org-admin, repositories, create, *, allow
    p, role:org-admin, repositories, update, *, allow
    p, role:org-admin, repositories, delete, *, allow
    p, role:org-admin, logs, get, */*, allow
    p, role:org-admin, exec, create, */*, allow

    g, ArgoCD Admins, role:admin
feat(k8s-peterg): Add Authentik authentication to ArgoCD 2025-11-10 14:01:55 +01:00			`---`
			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: argocd-cm`
			`labels:`
			`app.kubernetes.io/name: argocd-cm`
			`app.kubernetes.io/part-of: argocd`
			`data:`
fix: Resourcenames are hard 2025-11-10 20:47:47 +01:00			`url: https://argocd.peterg.nl`
feat(k8s-peterg): Add Authentik authentication to ArgoCD 2025-11-10 14:01:55 +01:00			`dex.config: \|`
			`connectors:`
			`- name: authentik`
			`id: authentik`
fix: Use correct attribute names 2025-11-10 14:15:01 +01:00			`type: oidc`
feat(k8s-peterg): Add Authentik authentication to ArgoCD 2025-11-10 14:01:55 +01:00			`config:`
			`issuer: $argocd-authentik-provider:dex.authentik.issuer`
fix: Resourcenames are hard 2025-11-10 20:47:47 +01:00			`clientID: $argocd-authentik-provider:dex.authentik.clientID`
			`clientSecret: $argocd-authentik-provider:dex.authentik.clientSecret`
fix(argocd): Use correct syntax for exposing Authentik groups 2026-03-04 18:24:57 +01:00			`insecureEnableGroups: true`
feat(k8s-peterg): Add Authentik authentication to ArgoCD 2025-11-10 14:01:55 +01:00			`scopes:`
			`- openid`
			`- profile`
			`- email`
chore(argocd): Expose Authentik groups 2026-01-29 17:22:11 +01:00			`- groups`
feat(k8s-peterg): Add Authentik authentication to ArgoCD 2025-11-10 14:01:55 +01:00			`---`
			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: argocd-rbac-cm`
			`labels:`
			`app.kubernetes.io/part-of: argocd`
			`data:`
			`policy.default: role:readonly`
			`policy.csv: \|`
chore(argocd): Expose Authentik groups 2026-01-29 17:22:11 +01:00			`p, role:org-admin, applications, , /*, allow`
			`p, role:org-admin, clusters, get, *, allow`
			`p, role:org-admin, repositories, get, *, allow`
			`p, role:org-admin, repositories, create, *, allow`
			`p, role:org-admin, repositories, update, *, allow`
			`p, role:org-admin, repositories, delete, *, allow`
			`p, role:org-admin, logs, get, /, allow`
			`p, role:org-admin, exec, create, /, allow`

chore(argocd): Modify rbac policy 2026-01-29 16:38:17 +01:00			`g, ArgoCD Admins, role:admin`