change(argocd): reenabled authentik oidc

2024-09-27 19:08:59 +00:00 · 2022-12-13 14:13:25 +01:00 · 2022-12-13 14:13:25 +01:00 · f5c1546766
parent 351d66311b
commit f5c1546766
2 changed files with 20 additions and 14 deletions
--- a/projects/argocd/project.yml
+++ b/projects/argocd/project.yml
@ -15,7 +15,7 @@ apps:
    keys:
    - admin.password
    - server.secretkey
-    - oidc.auth0.clientSecret
+    - dex.authentik.clientSecret
    - webhook.gogs.secret
  - name: ca-cert
    keys:
--- a/projects/argocd/values/argocd.yaml
+++ b/projects/argocd/values/argocd.yaml
@ -111,26 +111,32 @@ server:

    oidc.config: |
      name: Authentik
+      type: oidc
+      id: authentik
      issuer: https://auth.dc/application/o/argocd/
-      clientID: 0c149045b7b87eb80e41fcdd3e788476472d7316
-      clientSecret: $oidc.auth0.clientSecret
-      requestedScopes: ["openid", "profile", "email", "groups"]
+      clientID: 3793eb413f1d568b9e9cf82fd4d8d596b2867ec5
+      clientSecret: $dex.authentik.clientSecret
+      scopes:
+          - openid
+          - profile
+          - email
+          - groups

  rbacConfig:
    policy.csv: |
      g, ArgoCDAdmins, role:admin

-  # Mount public CA cert
-  volumeMounts: []
-#  - name: certificate
-#    mountPath: /etc/ssl/certs/ca.crt
-#    subPath: ca
+  # Mount vault CA cert
+  volumeMounts:
+  - name: certificate
+    mountPath: /etc/ssl/certs/vault-ca-certificates.crt
+    subPath: ca

-  volumes: []
-#  - name: certificate
-#    secret:
-#      secretName: ca-cert
-#      defaultMode: 420
+  volumes:
+  - name: certificate
+    secret:
+      secretName: ca-cert
+      defaultMode: 420

  additionalApplications: []