106 lines
3.4 KiB
YAML
106 lines
3.4 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: argocd-cm
|
|
namespace: argocd
|
|
labels:
|
|
app.kubernetes.io/name: argocd-cm
|
|
app.kubernetes.io/part-of: argocd
|
|
data:
|
|
url: "https://argocd.k3s.stabify.de"
|
|
|
|
# OIDC Direct Config (Dex Bypass)
|
|
oidc.config: |
|
|
name: Authentik
|
|
issuer: https://auth.apps.k3s.stabify.de/application/o/argo-cd/
|
|
clientID: kfQ0L0Z4JSjlgFkciBisEtOMxDMc4ECA729nFujN
|
|
clientSecret: $argocd-oidc-secret:client_secret
|
|
requestedScopes: ["openid", "profile", "email", "groups"]
|
|
|
|
# Resource Customizations (unverändert)
|
|
resource.customizations.ignoreResourceUpdates.ConfigMap: |
|
|
jqPathExpressions:
|
|
- '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'
|
|
- '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"'
|
|
resource.customizations.ignoreResourceUpdates.Endpoints: |
|
|
jsonPointers:
|
|
- /metadata
|
|
- /subsets
|
|
resource.customizations.ignoreResourceUpdates.all: |
|
|
jsonPointers:
|
|
- /status
|
|
resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: |
|
|
jqPathExpressions:
|
|
- '.metadata.annotations."deployment.kubernetes.io/desired-replicas"'
|
|
- '.metadata.annotations."deployment.kubernetes.io/max-replicas"'
|
|
- '.metadata.annotations."rollout.argoproj.io/desired-replicas"'
|
|
resource.customizations.ignoreResourceUpdates.argoproj.io_Application: |
|
|
jqPathExpressions:
|
|
- '.metadata.annotations."notified.notifications.argoproj.io"'
|
|
- '.metadata.annotations."argocd.argoproj.io/refresh"'
|
|
- '.metadata.annotations."argocd.argoproj.io/hydrate"'
|
|
- '.operation'
|
|
resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: |
|
|
jqPathExpressions:
|
|
- '.metadata.annotations."notified.notifications.argoproj.io"'
|
|
resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: |
|
|
jqPathExpressions:
|
|
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"'
|
|
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"'
|
|
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"'
|
|
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"'
|
|
resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: |
|
|
jsonPointers:
|
|
- /metadata
|
|
- /endpoints
|
|
- /ports
|
|
resource.exclusions: |
|
|
- apiGroups:
|
|
- ''
|
|
- discovery.k8s.io
|
|
kinds:
|
|
- Endpoints
|
|
- EndpointSlice
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
kinds:
|
|
- Lease
|
|
- apiGroups:
|
|
- authentication.k8s.io
|
|
- authorization.k8s.io
|
|
kinds:
|
|
- SelfSubjectReview
|
|
- TokenReview
|
|
- LocalSubjectAccessReview
|
|
- SelfSubjectAccessReview
|
|
- SelfSubjectRulesReview
|
|
- SubjectAccessReview
|
|
- apiGroups:
|
|
- certificates.k8s.io
|
|
kinds:
|
|
- CertificateSigningRequest
|
|
- apiGroups:
|
|
- cert-manager.io
|
|
kinds:
|
|
- CertificateRequest
|
|
- apiGroups:
|
|
- cilium.io
|
|
kinds:
|
|
- CiliumIdentity
|
|
- CiliumEndpoint
|
|
- CiliumEndpointSlice
|
|
- apiGroups:
|
|
- kyverno.io
|
|
- reports.kyverno.io
|
|
- wgpolicyk8s.io
|
|
kinds:
|
|
- PolicyReport
|
|
- ClusterPolicyReport
|
|
- EphemeralReport
|
|
- ClusterEphemeralReport
|
|
- AdmissionReport
|
|
- ClusterAdmissionReport
|
|
- BackgroundScanReport
|
|
- ClusterBackgroundScanReport
|
|
- UpdateRequest
|