revert dfe3e5ae4f

revert chore(argocd): Refactor to use helm chart

k8s-peterg/argocd/clusters.yaml

@@ -0,0 +1,32 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: k8s-wheatley-cluster
+spec:
+  secretStoreRef:
+    name: vault-wheatley
+    kind: ClusterSecretStore
+  target:
+    name: k8s-wheatley-cluster
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      type: Opaque
+      metadata:
+        labels:
+          argocd.argoproj.io/secret-type: cluster
+      data:
+        name: k8s-wheatley
+        server: "{{ .endpoint }}"
+        project: argocd
+        config: "{{ .config }}"
+  data:
+    - secretKey: endpoint
+      remoteRef:
+        key: secrets/managed/argocd/clusters/k8s-wheatley
+        property: endpoint
+    - secretKey: config
+      remoteRef:
+        key: secrets/managed/argocd/clusters/k8s-wheatley
+        property: config

k8s-peterg/argocd/httproute.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: argocd-route
+  namespace: argocd
+spec:
+  parentRefs:
+    - name: internal
+      namespace: kube-system
+      sectionName: https
+  hostnames:
+    - "argocd.peterg.nl"
+  rules:
+    - backendRefs:
+        - name: argocd-server
+          port: 80

k8s-peterg/argocd/kustomization.yaml

@@ -1,20 +1,28 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-
-namespace: argocd
-
 resources:
-  - secrets.yaml
+  - httproute.yaml
-  - repositories.yaml
+  - install.yaml
+  - repository.yaml
+  - namespace.yaml
+  - clusters.yaml
+  - oidc.yaml
   - applications-peterg.yaml
   - applications-wheatley.yaml
 
-# ArgoCD Helm chart
-helmCharts:
-  - name: argo-cd
-    repo: oci://ghcr.io/argoproj/argo-helm
-    version: 9.4.16
-    releaseName: argocd
-    valuesFile: values.yaml
 namespace: argocd
+
+configMapGenerator:
+  - name: argocd-cmd-params-cm
+    behavior: replace
+    literals:
+      - server.insecure=true
+      - reposerver.enable.git.submodule=false
+  - name: argocd-cm
+    behavior: merge
+    literals:
+      - kustomize.buildOptions=--enable-helm
+
+patches:
+  - path: patches/configmap.yaml

k8s-peterg/argocd/oidc.yaml

@@ -27,35 +27,3 @@ spec:
       remoteRef:
         key: secrets/managed/argocd/authentik-oidc-credentials
         property: clientSecret
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: k8s-wheatley-cluster
-spec:
-  secretStoreRef:
-    name: vault-wheatley
-    kind: ClusterSecretStore
-  target:
-    name: k8s-wheatley-cluster
-    creationPolicy: Owner
-    template:
-      engineVersion: v2
-      type: Opaque
-      metadata:
-        labels:
-          argocd.argoproj.io/secret-type: cluster
-      data:
-        name: k8s-wheatley
-        server: "{{ .endpoint }}"
-        project: argocd
-        config: "{{ .config }}"
-  data:
-    - secretKey: endpoint
-      remoteRef:
-        key: secrets/managed/argocd/clusters/k8s-wheatley
-        property: endpoint
-    - secretKey: config
-      remoteRef:
-        key: secrets/managed/argocd/clusters/k8s-wheatley
-        property: config

k8s-peterg/argocd/patches/configmap.yaml

@@ -0,0 +1,45 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cm
+  labels:
+    app.kubernetes.io/name: argocd-cm
+    app.kubernetes.io/part-of: argocd
+data:
+  url: https://argocd.peterg.nl
+  dex.config: |
+    connectors:
+    - name: authentik
+      id: authentik
+      type: oidc
+      config:
+        issuer: $argocd-authentik-provider:dex.authentik.issuer
+        clientID: $argocd-authentik-provider:dex.authentik.clientID
+        clientSecret: $argocd-authentik-provider:dex.authentik.clientSecret
+        insecureEnableGroups: true
+        scopes:
+          - openid
+          - profile
+          - email
+          - groups
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-rbac-cm
+  labels:
+    app.kubernetes.io/part-of: argocd
+data:
+  policy.default: role:readonly
+  policy.csv: |
+    p, role:org-admin, applications, *, */*, allow
+    p, role:org-admin, clusters, get, *, allow
+    p, role:org-admin, repositories, get, *, allow
+    p, role:org-admin, repositories, create, *, allow
+    p, role:org-admin, repositories, update, *, allow
+    p, role:org-admin, repositories, delete, *, allow
+    p, role:org-admin, logs, get, */*, allow
+    p, role:org-admin, exec, create, */*, allow
+
+    g, ArgoCD Admins, role:admin

k8s-peterg/argocd/repositories.yaml

@@ -1,35 +0,0 @@
----
-apiVersion: v1
-kind: Secret
-type: Opaque
-metadata:
-  name: argocd-private-repo
-  namespace: argocd
-  annotations:
-    managed-by: argocd.argoproj.io
-  labels:
-    argocd.argoproj.io/secret-type: repository
-stringData:
-  type: git
-  url: https://code.peterg.nl/wheatley/kubernetes.git
-
----
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: repository-credentials
-spec:
-  secretStoreRef:
-    name: vault-wheatley
-    kind: ClusterSecretStore
-  target:
-    name: repository-credentials
-  data:
-    - secretKey: UN_RADARR_0_API_KEY
-      remoteRef:
-        key: secrets/managed/qbittorrent/unpackerr-env-secrets
-        property: radarr_api_key
-    - secretKey: UN_SONARR_0_API_KEY
-      remoteRef:
-        key: secrets/managed/qbittorrent/unpackerr-env-secrets
-        property: sonarr_api_key

k8s-peterg/argocd/repository.yaml

@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: argocd-private-repo
+  namespace: argocd
+  annotations:
+    managed-by: argocd.argoproj.io
+  labels:
+    argocd.argoproj.io/secret-type: repository
+stringData:
+  type: git
+  url: https://code.peterg.nl/wheatley/kubernetes.git

k8s-peterg/argocd/values.yaml

@@ -1,69 +0,0 @@
----
-# ArgoCD Helm Chart Values
-# Chart: argo-cd v9.4.16
-# Repository: oci://ghcr.io/argoproj/argo-helm
-
-# Global configuration
-global:
-  domain: argocd.peterg.nl
-
-# CRD management - let Helm handle CRDs
-crds:
-  install: true
-  keep: true
-  annotations:
-    argocd.argoproj.io/sync-options: ServerSideApply=true
-
-# ArgoCD configuration
-configs:
-  # argocd-cm ConfigMap settings
-  cm:
-    url: https://argocd.peterg.nl
-    kustomize.buildOptions: --enable-helm
-    admin.enabled: false
-    dex.config: |
-      connectors:
-      - name: authentik
-        id: authentik
-        type: oidc
-        config:
-          issuer: $argocd-authentik-provider:dex.authentik.issuer
-          clientID: $argocd-authentik-provider:dex.authentik.clientID
-          clientSecret: $argocd-authentik-provider:dex.authentik.clientSecret
-          insecureEnableGroups: true
-          scopes:
-            - openid
-            - profile
-            - email
-            - groups
-
-  # argocd-cmd-params-cm ConfigMap settings
-  params:
-    server.insecure: true
-    reposerver.enable.git.submodule: false
-
-  # argocd-rbac-cm ConfigMap settings
-  rbac:
-    policy.csv: |
-      p, role:org-admin, applications, *, */*, allow
-      p, role:org-admin, clusters, get, *, allow
-      p, role:org-admin, repositories, get, *, allow
-      p, role:org-admin, repositories, create, *, allow
-      p, role:org-admin, repositories, update, *, allow
-      p, role:org-admin, repositories, delete, *, allow
-      p, role:org-admin, logs, get, */*, allow
-      p, role:org-admin, exec, create, */*, allow
-
-      g, ArgoCD Admins, role:admin
-
-# Server configuration
-server:
-  # Gateway API HTTPRoute configuration
-  httproute:
-    enabled: true
-    parentRefs:
-      - name: internal
-        namespace: kube-system
-        sectionName: https
-    hostnames:
-      - argocd.peterg.nl