45 lines
1.2 KiB
YAML
45 lines
1.2 KiB
YAML
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: argocd-cm
|
|
labels:
|
|
app.kubernetes.io/name: argocd-cm
|
|
app.kubernetes.io/part-of: argocd
|
|
data:
|
|
url: https://argocd.peterg.nl
|
|
dex.config: |
|
|
connectors:
|
|
- name: authentik
|
|
id: authentik
|
|
type: oidc
|
|
config:
|
|
issuer: $argocd-authentik-provider:dex.authentik.issuer
|
|
clientID: $argocd-authentik-provider:dex.authentik.clientID
|
|
clientSecret: $argocd-authentik-provider:dex.authentik.clientSecret
|
|
insecureEnableGroups: true
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
- groups
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: argocd-rbac-cm
|
|
labels:
|
|
app.kubernetes.io/part-of: argocd
|
|
data:
|
|
policy.default: role:readonly
|
|
policy.csv: |
|
|
p, role:org-admin, applications, *, */*, allow
|
|
p, role:org-admin, clusters, get, *, allow
|
|
p, role:org-admin, repositories, get, *, allow
|
|
p, role:org-admin, repositories, create, *, allow
|
|
p, role:org-admin, repositories, update, *, allow
|
|
p, role:org-admin, repositories, delete, *, allow
|
|
p, role:org-admin, logs, get, */*, allow
|
|
p, role:org-admin, exec, create, */*, allow
|
|
|
|
g, ArgoCD Admins, role:admin
|