KubernetesApplication/ArgoCD/sync.sh at master - yangyangxie/KubernetesApplication

yangyangxie / KubernetesApplication
Find file
Newer
Older
KubernetesApplication / ArgoCD / sync.sh
yangyang xie on 21 Apr 2023 3 KB Upgrade ArgoCD version
Raw Blame History
# !/bin/bash

git clone https://github.com/argoproj/argo-cd.git

if [[ -d  "manifests" ]]; then
  rm -rf manifests
fi

mkdir -p manifests/crds 
mkdir -p manifests/base
mkdir -p manifests/cluster-rbac

cp -r argo-cd/manifests/crds manifests/ 
cp -r argo-cd/manifests/base manifests/ 
cp -r argo-cd/manifests/cluster-rbac manifests/


cat << 'EOF' > manifests/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.org/mergeale-ingress-type: "minion"
  name: argocd-server
  namespace: argocd
  labels:
    app: argocd-server
spec:
  rules:
  - host: argocd.jerxie.com
    http:
      paths:
      - backend:
          service:
            name: argocd-server
            port:
              number: 80
        path:  /
        pathType: Prefix
EOF

# Enable OIDC Authentication
cat << 'EOL' >> manifests/base/config/argocd-cm.yaml

data:
  oidc.config: |
    name: auth-server
    issuer: https://auth.jerxie.com
    clientID: argocd-server
    clientSecret: aYc2j1lYUUZXkBFFUndnleZI
    # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
    requestedScopes: ["openid", "email"]
    # Optional set of OIDC claims to request on the ID token.
    requestedIDTokenClaims: {"groups": {"essential": true}}
    # logoutURL: https://auth.jerxie.com/auth/logout

    # Some OIDC providers require a separate clientID for different callback URLs.
    # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID
    # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will
    # use the same clientID as the Argo CD server
    # cliClientID: vvvvwwwwxxxxyyyyzzzz
  ###################################################
  url: https://argocd.jerxie.com
  admin.enabled: "false"
  # dex.config: |
  #   connectors:
  #   - config:
  #       issuer: https://accounts.google.com
  #       clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com
  #       clientSecret: aYc2j1lYUUZXkBFFUndnleZI
  #       adminEmail: axieyangb@gmail.com
  #     type: oidc
  #     id: google
  #     name: Google
EOL

# Restrict RBAC
cat << 'EOL' >> manifests/base/config/argocd-rbac-cm.yaml

data:
  policy.csv: |
    g, axieyangb@gmail.com, role:admin
  scopes: '[email]'
  policy.default: role:''
EOL

cat << 'EOF' > manifests/kustomization.yaml

apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: argocd
resources:
- ./base
- ./cluster-rbac
- ./crds
- ingress.yaml
EOF

rm -rf argo-cd


#Patch arguments for insecure 
cat << 'EOL' >> manifests/base/server/kustomization.yaml

patches:
- patch: |-
    # - op: add
    #   path: /spec/template/spec/containers/0/args/-
    #   value: --rootpath=argocd
    - op: add
      path: /spec/template/spec/containers/0/args/-
      value: --insecure
  target:
    kind: Deployment
EOL

sed  -i 's#- ./dex##g' manifests/base/kustomization.yaml

kustomize build manifests/ > argocd.yaml

PASSWORD=$(kubectl get secrets  argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d)
echo "Password is: ${PASSWORD}"