931a237261
new file: apps/argocd-config/argocd-rbac-cm.yaml modified: apps/argocd-config/external-secret.yaml modified: apps/argocd-config/kustomization.yaml
31 lines
856 B
YAML
31 lines
856 B
YAML
apiVersion: external-secrets.io/v1beta1
|
|
kind: ExternalSecret
|
|
metadata:
|
|
name: argocd-oidc-secret-source
|
|
namespace: argocd
|
|
spec:
|
|
refreshInterval: 1m
|
|
secretStoreRef:
|
|
name: vault-backend
|
|
kind: ClusterSecretStore
|
|
target:
|
|
name: argocd-oidc-secret
|
|
template:
|
|
engineVersion: v2
|
|
data:
|
|
# ArgoCD Dex Config Key
|
|
dex.authentik.clientSecret: "{{ .oidc_client_secret }}"
|
|
# Dex braucht keine clientID im Secret, die steht in der ConfigMap.
|
|
# Aber wir können sie hier lassen oder entfernen.
|
|
oidc.authentik.clientId: "{{ .oidc_client_id }}" # Legacy / Optional
|
|
|
|
data:
|
|
- secretKey: client_id
|
|
remoteRef:
|
|
key: secret/apps/argocd
|
|
property: oidc_client_id
|
|
- secretKey: client_secret
|
|
remoteRef:
|
|
key: secret/apps/argocd
|
|
property: oidc_client_secret
|