modified: apps/argocd-config/argocd-cm.yaml

new file: apps/argocd-config/argocd-rbac-cm.yaml modified: apps/argocd-config/external-secret.yaml modified: apps/argocd-config/kustomization.yaml
2026-01-12 19:52:51 +00:00
parent fb69df15c0
commit 931a237261
4 changed files with 37 additions and 10 deletions
--- a/apps/argocd-config/argocd-cm.yaml
+++ b/apps/argocd-config/argocd-cm.yaml
@@ -8,14 +8,24 @@ metadata:
    app.kubernetes.io/part-of: argocd
 data:
  url: "https://argocd.k3s.stabify.de"
-  oidc.config: |
-    name: Authentik
-    issuer: https://auth.apps.k3s.stabify.de/application/o/argocd/
-    clientID: $argocd-oidc-secret:oidc_client_id
-    clientSecret: $argocd-oidc-secret:oidc_client_secret
-    requestedScopes: ["openid", "profile", "email", "groups"]
  
-  # Existing Config (Standard Resource Customizations)
+  # DEX Config statt OIDC (für CLI Support)
+  dex.config: |
+    connectors:
+    - config:
+        issuer: https://auth.apps.k3s.stabify.de/application/o/argocd/
+        clientID: $argocd-oidc-secret:oidc.authentik.clientId
+        clientSecret: $argocd-oidc-secret:dex.authentik.clientSecret
+        insecureEnableGroups: true
+        scopes:
+          - openid
+          - profile
+          - email
+      name: authentik
+      type: oidc
+      id: authentik
+
+  # Resource Customizations (unverändert)
  resource.customizations.ignoreResourceUpdates.ConfigMap: |
    jqPathExpressions:
      - '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'