From 7d9f098b21afa83f490764a9c96f0b075ec3247b Mon Sep 17 00:00:00 2001 From: Brutus5000 Date: Wed, 15 Nov 2023 22:46:53 +0100 Subject: [PATCH] Configure Github SSO login for ArgoCD --- .gitignore | 3 ++- app-set-prod.yaml | 6 +++--- app-set-test.yaml | 5 +++-- cluster/argocd/templates/secret.yaml | 17 +++++++++++++++++ cluster/argocd/values-test.yaml | 19 +++++++++++++++++++ cluster/argocd/values.yaml | 4 ++++ 6 files changed, 48 insertions(+), 6 deletions(-) create mode 100644 cluster/argocd/templates/secret.yaml create mode 100644 cluster/argocd/values-test.yaml create mode 100644 cluster/argocd/values.yaml diff --git a/.gitignore b/.gitignore index 4a1b153b..2993ad5d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ certs -spicy-secrets/** \ No newline at end of file +spicy-secrets/** +**/charts \ No newline at end of file diff --git a/app-set-prod.yaml b/app-set-prod.yaml index 2c43e1c7..139b0f5b 100644 --- a/app-set-prod.yaml +++ b/app-set-prod.yaml @@ -33,8 +33,8 @@ spec: helm: ignoreMissingValueFiles: true valueFiles: - - /config/prod.yaml - + - '/config/prod.yaml' + - '/{{path}}/values-prod.yaml' --- apiVersion: argoproj.io/v1alpha1 @@ -72,4 +72,4 @@ spec: ignoreMissingValueFiles: true valueFiles: - '/config/prod.yaml' - - '{{path}}/values.yaml' + - '/{{path}}/values-prod.yaml' \ No newline at end of file diff --git a/app-set-test.yaml b/app-set-test.yaml index 86c65634..bcc09986 100644 --- a/app-set-test.yaml +++ b/app-set-test.yaml @@ -34,6 +34,7 @@ spec: ignoreMissingValueFiles: true valueFiles: - /config/test.yaml + - '/{{path}}/values-test.yaml' --- @@ -71,5 +72,5 @@ spec: helm: ignoreMissingValueFiles: true valueFiles: - - '/config/test.yaml' - - '{{path}}/values.yaml' + - /config/test.yaml + - '/{{path}}/values-test.yaml' diff --git a/cluster/argocd/templates/secret.yaml b/cluster/argocd/templates/secret.yaml new file mode 100644 index 00000000..e73f5eed --- /dev/null +++ b/cluster/argocd/templates/secret.yaml @@ -0,0 +1,17 @@ +apiVersion: secrets.infisical.com/v1alpha1 +kind: InfisicalSecret +metadata: + name: dex-github + namespace: faf-ops +spec: + authentication: + serviceToken: + serviceTokenSecretReference: + secretName: infisical-service-token + secretNamespace: faf-ops + secretsScope: + envSlug: {{.Values.infisicalSlug}} + secretsPath: "/argocd" + managedSecretReference: + secretName: argocd + secretNamespace: dex-github diff --git a/cluster/argocd/values-test.yaml b/cluster/argocd/values-test.yaml new file mode 100644 index 00000000..1d334039 --- /dev/null +++ b/cluster/argocd/values-test.yaml @@ -0,0 +1,19 @@ +argocd: + dex.config: | + connectors: + - type: gitlab + # Required field for connector id. + id: github + # Required field for connector name. + name: GitHub + config: + clientID: 838e6d390d5cf6932ca5 + clientSecret: $dex-github:GITHUB_CLIENT_SECRET + orgs: + - name: FAForever + # A white list of teams. Only include group claims for these teams. + teams: + - argocd-test + # Flag which indicates that all user groups and teams should be loaded. + loadAllGroups: false + useLoginAsID: false diff --git a/cluster/argocd/values.yaml b/cluster/argocd/values.yaml new file mode 100644 index 00000000..4efb1173 --- /dev/null +++ b/cluster/argocd/values.yaml @@ -0,0 +1,4 @@ +argocd: + global: + podAnnotations: + - 'reloader.stakater.com/auto: "true"' \ No newline at end of file