---
# ArgoCD Helm Chart Values
# Chart: argo-cd v9.4.16
# Repository: oci://ghcr.io/argoproj/argo-helm

# Global configuration
global:
  domain: argocd.peterg.nl

# CRD management - let Helm handle CRDs
crds:
  install: true
  keep: true
  annotations:
    argocd.argoproj.io/sync-options: ServerSideApply=true

# ArgoCD configuration
configs:
  # argocd-cm ConfigMap settings
  cm:
    url: https://argocd.peterg.nl
    kustomize.buildOptions: --enable-helm
    admin.enabled: false
    dex.config: |
      connectors:
      - name: authentik
        id: authentik
        type: oidc
        config:
          issuer: $argocd-authentik-provider:dex.authentik.issuer
          clientID: $argocd-authentik-provider:dex.authentik.clientID
          clientSecret: $argocd-authentik-provider:dex.authentik.clientSecret
          insecureEnableGroups: true
          scopes:
            - openid
            - profile
            - email
            - groups

  # argocd-cmd-params-cm ConfigMap settings
  params:
    server.insecure: true
    reposerver.enable.git.submodule: false

  # argocd-rbac-cm ConfigMap settings
  rbac:
    policy.csv: |
      p, role:org-admin, applications, *, */*, allow
      p, role:org-admin, clusters, get, *, allow
      p, role:org-admin, repositories, get, *, allow
      p, role:org-admin, repositories, create, *, allow
      p, role:org-admin, repositories, update, *, allow
      p, role:org-admin, repositories, delete, *, allow
      p, role:org-admin, logs, get, */*, allow
      p, role:org-admin, exec, create, */*, allow

      g, ArgoCD Admins, role:admin

# Server configuration
server:
  # Gateway API HTTPRoute configuration
  httproute:
    enabled: true
    parentRefs:
      - name: internal
        namespace: kube-system
        sectionName: https
    hostnames:
      - argocd.peterg.nl