diff --git a/apps/argocd-config/argocd-cm.yaml b/apps/argocd-config/argocd-cm.yaml new file mode 100644 index 0000000..be17585 --- /dev/null +++ b/apps/argocd-config/argocd-cm.yaml @@ -0,0 +1,103 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cm + namespace: argocd + labels: + app.kubernetes.io/name: argocd-cm + app.kubernetes.io/part-of: argocd +data: + url: "https://argocd.k3s.stabify.de" + oidc.config: | + name: Authentik + issuer: https://auth.apps.k3s.stabify.de/application/o/argocd/ + clientID: $argocd-oidc-secret:oidc_client_id + clientSecret: $argocd-oidc-secret:oidc_client_secret + requestedScopes: ["openid", "profile", "email", "groups"] + + # Existing Config (Standard Resource Customizations) + resource.customizations.ignoreResourceUpdates.ConfigMap: | + jqPathExpressions: + - '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"' + - '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"' + resource.customizations.ignoreResourceUpdates.Endpoints: | + jsonPointers: + - /metadata + - /subsets + resource.customizations.ignoreResourceUpdates.all: | + jsonPointers: + - /status + resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: | + jqPathExpressions: + - '.metadata.annotations."deployment.kubernetes.io/desired-replicas"' + - '.metadata.annotations."deployment.kubernetes.io/max-replicas"' + - '.metadata.annotations."rollout.argoproj.io/desired-replicas"' + resource.customizations.ignoreResourceUpdates.argoproj.io_Application: | + jqPathExpressions: + - '.metadata.annotations."notified.notifications.argoproj.io"' + - '.metadata.annotations."argocd.argoproj.io/refresh"' + - '.metadata.annotations."argocd.argoproj.io/hydrate"' + - '.operation' + resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: | + jqPathExpressions: + - '.metadata.annotations."notified.notifications.argoproj.io"' + resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: | + jqPathExpressions: + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"' + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"' + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"' + - '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"' + resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: | + jsonPointers: + - /metadata + - /endpoints + - /ports + resource.exclusions: | + - apiGroups: + - '' + - discovery.k8s.io + kinds: + - Endpoints + - EndpointSlice + - apiGroups: + - coordination.k8s.io + kinds: + - Lease + - apiGroups: + - authentication.k8s.io + - authorization.k8s.io + kinds: + - SelfSubjectReview + - TokenReview + - LocalSubjectAccessReview + - SelfSubjectAccessReview + - SelfSubjectRulesReview + - SubjectAccessReview + - apiGroups: + - certificates.k8s.io + kinds: + - CertificateSigningRequest + - apiGroups: + - cert-manager.io + kinds: + - CertificateRequest + - apiGroups: + - cilium.io + kinds: + - CiliumIdentity + - CiliumEndpoint + - CiliumEndpointSlice + - apiGroups: + - kyverno.io + - reports.kyverno.io + - wgpolicyk8s.io + kinds: + - PolicyReport + - ClusterPolicyReport + - EphemeralReport + - ClusterEphemeralReport + - AdmissionReport + - ClusterAdmissionReport + - BackgroundScanReport + - ClusterBackgroundScanReport + - UpdateRequest diff --git a/apps/argocd-config/kustomization.yaml b/apps/argocd-config/kustomization.yaml index ede3aae..3ebe581 100644 --- a/apps/argocd-config/kustomization.yaml +++ b/apps/argocd-config/kustomization.yaml @@ -2,23 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - external-secret.yaml - -patches: - - target: - kind: ConfigMap - name: argocd-cm - patch: |- - apiVersion: v1 - kind: ConfigMap - metadata: - name: argocd-cm - data: - url: "https://argocd.k3s.stabify.de" - oidc.config: | - name: Authentik - issuer: https://auth.apps.k3s.stabify.de/application/o/argocd/ - clientID: $argocd-oidc-secret:oidc.authentik.clientId - clientSecret: $argocd-oidc-secret:oidc.authentik.clientSecret - requestedScopes: ["openid", "profile", "email", "groups"] - # Optional: Admin-Gruppe mappen - # requestedIDTokenClaims: {"groups": {"essential": true}} + - argocd-cm.yaml