apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
data:
  url: "https://argocd.k3s.stabify.de"
  
  # OIDC Direct Config (Dex Bypass)
  oidc.config: |
    name: Authentik
    issuer: https://auth.apps.k3s.stabify.de/application/o/argo-cd/
    clientID: $argocd-oidc-secret:oidc-client-id
    clientSecret: $argocd-oidc-secret:oidc-client-secret
    requestedScopes: ["openid", "profile", "email", "groups"]

  # Resource Customizations (unverändert)
  resource.customizations.ignoreResourceUpdates.ConfigMap: |
    jqPathExpressions:
      - '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'
      - '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"'
  resource.customizations.ignoreResourceUpdates.Endpoints: |
    jsonPointers:
      - /metadata
      - /subsets
  resource.customizations.ignoreResourceUpdates.all: |
    jsonPointers:
      - /status
  resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: |
    jqPathExpressions:
      - '.metadata.annotations."deployment.kubernetes.io/desired-replicas"'
      - '.metadata.annotations."deployment.kubernetes.io/max-replicas"'
      - '.metadata.annotations."rollout.argoproj.io/desired-replicas"'
  resource.customizations.ignoreResourceUpdates.argoproj.io_Application: |
    jqPathExpressions:
      - '.metadata.annotations."notified.notifications.argoproj.io"'
      - '.metadata.annotations."argocd.argoproj.io/refresh"'
      - '.metadata.annotations."argocd.argoproj.io/hydrate"'
      - '.operation'
  resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: |
    jqPathExpressions:
      - '.metadata.annotations."notified.notifications.argoproj.io"'
  resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: |
    jqPathExpressions:
      - '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"'
      - '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"'
      - '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"'
      - '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"'
  resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: |
    jsonPointers:
      - /metadata
      - /endpoints
      - /ports
  resource.exclusions: |
    - apiGroups:
      - ''
      - discovery.k8s.io
      kinds:
      - Endpoints
      - EndpointSlice
    - apiGroups:
      - coordination.k8s.io
      kinds:
      - Lease
    - apiGroups:
      - authentication.k8s.io
      - authorization.k8s.io
      kinds:
      - SelfSubjectReview
      - TokenReview
      - LocalSubjectAccessReview
      - SelfSubjectAccessReview
      - SelfSubjectRulesReview
      - SubjectAccessReview
    - apiGroups:
      - certificates.k8s.io
      kinds:
      - CertificateSigningRequest
    - apiGroups:
      - cert-manager.io
      kinds:
      - CertificateRequest
    - apiGroups:
      - cilium.io
      kinds:
      - CiliumIdentity
      - CiliumEndpoint
      - CiliumEndpointSlice
    - apiGroups:
      - kyverno.io
      - reports.kyverno.io
      - wgpolicyk8s.io
      kinds:
      - PolicyReport
      - ClusterPolicyReport
      - EphemeralReport
      - ClusterEphemeralReport
      - AdmissionReport
      - ClusterAdmissionReport
      - BackgroundScanReport
      - ClusterBackgroundScanReport
      - UpdateRequest