enable oidc support for argocd

apps/argocd-config/external-secret.yaml

@@ -0,0 +1,27 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: argocd-oidc-secret-source
+  namespace: argocd
+spec:
+  refreshInterval: 1m
+  secretStoreRef:
+    name: vault-backend
+    kind: ClusterSecretStore
+  target:
+    name: argocd-oidc-secret
+    template:
+      engineVersion: v2
+      data:
+        # ArgoCD erwartet diese Keys für OIDC Config
+        oidc.authentik.clientId: "{{ .client_id }}"
+        oidc.authentik.clientSecret: "{{ .client_secret }}"
+  data:
+    - secretKey: client_id
+      remoteRef:
+        key: secret/apps/argocd
+        property: client_id
+    - secretKey: client_secret
+      remoteRef:
+        key: secret/apps/argocd
+        property: client_secret