# !/bin/bash
git clone https://github.com/argoproj/argo-cd.git
if [[ -d "manifests" ]]; then
rm -rf manifests
fi
mkdir -p manifests/crds
mkdir -p manifests/base
mkdir -p manifests/cluster-rbac
cp -r argo-cd/manifests/crds manifests/
cp -r argo-cd/manifests/base manifests/
cp -r argo-cd/manifests/cluster-rbac manifests/
cat << 'EOF' > manifests/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.org/mergeale-ingress-type: "minion"
name: argocd-server
namespace: argocd
labels:
app: argocd-server
spec:
rules:
- host: argocd.jerxie.com
http:
paths:
- backend:
service:
name: argocd-server
port:
number: 80
path: /
pathType: Prefix
EOF
# Enable OIDC Authentication
cat << 'EOL' >> manifests/base/config/argocd-cm.yaml
data:
url: https://argocd.jerxie.com
admin.enabled: "false"
dex.config: |
connectors:
- config:
issuer: https://accounts.google.com
clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com
clientSecret: aYc2j1lYUUZXkBFFUndnleZI
adminEmail: axieyangb@gmail.com
type: oidc
id: google
name: Google
EOL
# Restrict RBAC
cat << 'EOL' >> manifests/base/config/argocd-rbac-cm.yaml
data:
policy.csv: |
g, axieyangb@gmail.com, role:admin
scopes: '[email]'
policy.default: role:''
EOL
cat << 'EOF' > manifests/kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: argocd
resources:
- ./base
- ./cluster-rbac
- ./crds
- ingress.yaml
EOF
rm -rf argo-cd
#Patch arguments for insecure
cat << 'EOL' >> manifests/base/server/kustomization.yaml
patches:
- patch: |-
# - op: add
# path: /spec/template/spec/containers/0/command/-
# value: --rootpath=argocd
- op: add
path: /spec/template/spec/containers/0/command/-
value: --insecure
target:
kind: Deployment
EOL
kubectl apply -k manifests/
PASSWORD=$(kubectl get secrets argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d)
echo "Password is: ${PASSWORD}"
