diff --git a/ArgoCD/manifests/base/config/argocd-cm.yaml b/ArgoCD/manifests/base/config/argocd-cm.yaml index 2abb8b8..b51c677 100644 --- a/ArgoCD/manifests/base/config/argocd-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-cm.yaml @@ -7,15 +7,32 @@ app.kubernetes.io/part-of: argocd data: + oidc.config: | + name: auth-server + issuer: https://auth.jerxie.com + clientID: argocd-server + clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "email"] + # Optional set of OIDC claims to request on the ID token. + requestedIDTokenClaims: {"groups": {"essential": true}} + # logoutURL: https://auth.jerxie.com/auth/logout + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + ################################################### url: https://argocd.jerxie.com admin.enabled: "false" - dex.config: | - connectors: - - config: - issuer: https://accounts.google.com - clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com - clientSecret: aYc2j1lYUUZXkBFFUndnleZI - adminEmail: axieyangb@gmail.com - type: oidc - id: google - name: Google + # dex.config: | + # connectors: + # - config: + # issuer: https://accounts.google.com + # clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com + # clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # adminEmail: axieyangb@gmail.com + # type: oidc + # id: google + # name: Google diff --git a/ArgoCD/manifests/base/config/argocd-cm.yaml b/ArgoCD/manifests/base/config/argocd-cm.yaml index 2abb8b8..b51c677 100644 --- a/ArgoCD/manifests/base/config/argocd-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-cm.yaml @@ -7,15 +7,32 @@ app.kubernetes.io/part-of: argocd data: + oidc.config: | + name: auth-server + issuer: https://auth.jerxie.com + clientID: argocd-server + clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "email"] + # Optional set of OIDC claims to request on the ID token. + requestedIDTokenClaims: {"groups": {"essential": true}} + # logoutURL: https://auth.jerxie.com/auth/logout + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + ################################################### url: https://argocd.jerxie.com admin.enabled: "false" - dex.config: | - connectors: - - config: - issuer: https://accounts.google.com - clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com - clientSecret: aYc2j1lYUUZXkBFFUndnleZI - adminEmail: axieyangb@gmail.com - type: oidc - id: google - name: Google + # dex.config: | + # connectors: + # - config: + # issuer: https://accounts.google.com + # clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com + # clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # adminEmail: axieyangb@gmail.com + # type: oidc + # id: google + # name: Google diff --git a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml index ea52ff8..2a98e3a 100644 --- a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml @@ -9,4 +9,5 @@ data: policy.csv: | g, axieyangb@gmail.com, role:admin + scopes: '[email]' policy.default: role:'' diff --git a/ArgoCD/manifests/base/config/argocd-cm.yaml b/ArgoCD/manifests/base/config/argocd-cm.yaml index 2abb8b8..b51c677 100644 --- a/ArgoCD/manifests/base/config/argocd-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-cm.yaml @@ -7,15 +7,32 @@ app.kubernetes.io/part-of: argocd data: + oidc.config: | + name: auth-server + issuer: https://auth.jerxie.com + clientID: argocd-server + clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "email"] + # Optional set of OIDC claims to request on the ID token. + requestedIDTokenClaims: {"groups": {"essential": true}} + # logoutURL: https://auth.jerxie.com/auth/logout + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + ################################################### url: https://argocd.jerxie.com admin.enabled: "false" - dex.config: | - connectors: - - config: - issuer: https://accounts.google.com - clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com - clientSecret: aYc2j1lYUUZXkBFFUndnleZI - adminEmail: axieyangb@gmail.com - type: oidc - id: google - name: Google + # dex.config: | + # connectors: + # - config: + # issuer: https://accounts.google.com + # clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com + # clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # adminEmail: axieyangb@gmail.com + # type: oidc + # id: google + # name: Google diff --git a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml index ea52ff8..2a98e3a 100644 --- a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml @@ -9,4 +9,5 @@ data: policy.csv: | g, axieyangb@gmail.com, role:admin + scopes: '[email]' policy.default: role:'' diff --git a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml index ffec127..d2bb20b 100644 --- a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -37,7 +37,7 @@ type: RuntimeDefault containers: - name: dex - image: ghcr.io/dexidp/dex:v2.32.0-distroless + image: ghcr.io/dexidp/dex:v2.35.1-distroless imagePullPolicy: Always command: [/shared/argocd-dex, rundex] env: diff --git a/ArgoCD/manifests/base/config/argocd-cm.yaml b/ArgoCD/manifests/base/config/argocd-cm.yaml index 2abb8b8..b51c677 100644 --- a/ArgoCD/manifests/base/config/argocd-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-cm.yaml @@ -7,15 +7,32 @@ app.kubernetes.io/part-of: argocd data: + oidc.config: | + name: auth-server + issuer: https://auth.jerxie.com + clientID: argocd-server + clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "email"] + # Optional set of OIDC claims to request on the ID token. + requestedIDTokenClaims: {"groups": {"essential": true}} + # logoutURL: https://auth.jerxie.com/auth/logout + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + ################################################### url: https://argocd.jerxie.com admin.enabled: "false" - dex.config: | - connectors: - - config: - issuer: https://accounts.google.com - clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com - clientSecret: aYc2j1lYUUZXkBFFUndnleZI - adminEmail: axieyangb@gmail.com - type: oidc - id: google - name: Google + # dex.config: | + # connectors: + # - config: + # issuer: https://accounts.google.com + # clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com + # clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # adminEmail: axieyangb@gmail.com + # type: oidc + # id: google + # name: Google diff --git a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml index ea52ff8..2a98e3a 100644 --- a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml @@ -9,4 +9,5 @@ data: policy.csv: | g, axieyangb@gmail.com, role:admin + scopes: '[email]' policy.default: role:'' diff --git a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml index ffec127..d2bb20b 100644 --- a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -37,7 +37,7 @@ type: RuntimeDefault containers: - name: dex - image: ghcr.io/dexidp/dex:v2.32.0-distroless + image: ghcr.io/dexidp/dex:v2.35.1-distroless imagePullPolicy: Always command: [/shared/argocd-dex, rundex] env: diff --git a/ArgoCD/manifests/base/kustomization.yaml b/ArgoCD/manifests/base/kustomization.yaml index e80274c..057586b 100644 --- a/ArgoCD/manifests/base/kustomization.yaml +++ b/ArgoCD/manifests/base/kustomization.yaml @@ -8,7 +8,7 @@ newTag: latest resources: - ./application-controller -- ./dex + - ./repo-server - ./server - ./config diff --git a/ArgoCD/manifests/base/config/argocd-cm.yaml b/ArgoCD/manifests/base/config/argocd-cm.yaml index 2abb8b8..b51c677 100644 --- a/ArgoCD/manifests/base/config/argocd-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-cm.yaml @@ -7,15 +7,32 @@ app.kubernetes.io/part-of: argocd data: + oidc.config: | + name: auth-server + issuer: https://auth.jerxie.com + clientID: argocd-server + clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "email"] + # Optional set of OIDC claims to request on the ID token. + requestedIDTokenClaims: {"groups": {"essential": true}} + # logoutURL: https://auth.jerxie.com/auth/logout + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + ################################################### url: https://argocd.jerxie.com admin.enabled: "false" - dex.config: | - connectors: - - config: - issuer: https://accounts.google.com - clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com - clientSecret: aYc2j1lYUUZXkBFFUndnleZI - adminEmail: axieyangb@gmail.com - type: oidc - id: google - name: Google + # dex.config: | + # connectors: + # - config: + # issuer: https://accounts.google.com + # clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com + # clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # adminEmail: axieyangb@gmail.com + # type: oidc + # id: google + # name: Google diff --git a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml index ea52ff8..2a98e3a 100644 --- a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml @@ -9,4 +9,5 @@ data: policy.csv: | g, axieyangb@gmail.com, role:admin + scopes: '[email]' policy.default: role:'' diff --git a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml index ffec127..d2bb20b 100644 --- a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -37,7 +37,7 @@ type: RuntimeDefault containers: - name: dex - image: ghcr.io/dexidp/dex:v2.32.0-distroless + image: ghcr.io/dexidp/dex:v2.35.1-distroless imagePullPolicy: Always command: [/shared/argocd-dex, rundex] env: diff --git a/ArgoCD/manifests/base/kustomization.yaml b/ArgoCD/manifests/base/kustomization.yaml index e80274c..057586b 100644 --- a/ArgoCD/manifests/base/kustomization.yaml +++ b/ArgoCD/manifests/base/kustomization.yaml @@ -8,7 +8,7 @@ newTag: latest resources: - ./application-controller -- ./dex + - ./repo-server - ./server - ./config diff --git a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml index 1e7813a..2193d97 100644 --- a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml +++ b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml @@ -23,7 +23,7 @@ serviceAccountName: argocd-redis containers: - name: redis - image: redis:7.0.4-alpine + image: redis:7.0.5-alpine imagePullPolicy: Always args: - "--save" diff --git a/ArgoCD/manifests/base/config/argocd-cm.yaml b/ArgoCD/manifests/base/config/argocd-cm.yaml index 2abb8b8..b51c677 100644 --- a/ArgoCD/manifests/base/config/argocd-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-cm.yaml @@ -7,15 +7,32 @@ app.kubernetes.io/part-of: argocd data: + oidc.config: | + name: auth-server + issuer: https://auth.jerxie.com + clientID: argocd-server + clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "email"] + # Optional set of OIDC claims to request on the ID token. + requestedIDTokenClaims: {"groups": {"essential": true}} + # logoutURL: https://auth.jerxie.com/auth/logout + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + ################################################### url: https://argocd.jerxie.com admin.enabled: "false" - dex.config: | - connectors: - - config: - issuer: https://accounts.google.com - clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com - clientSecret: aYc2j1lYUUZXkBFFUndnleZI - adminEmail: axieyangb@gmail.com - type: oidc - id: google - name: Google + # dex.config: | + # connectors: + # - config: + # issuer: https://accounts.google.com + # clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com + # clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # adminEmail: axieyangb@gmail.com + # type: oidc + # id: google + # name: Google diff --git a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml index ea52ff8..2a98e3a 100644 --- a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml @@ -9,4 +9,5 @@ data: policy.csv: | g, axieyangb@gmail.com, role:admin + scopes: '[email]' policy.default: role:'' diff --git a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml index ffec127..d2bb20b 100644 --- a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -37,7 +37,7 @@ type: RuntimeDefault containers: - name: dex - image: ghcr.io/dexidp/dex:v2.32.0-distroless + image: ghcr.io/dexidp/dex:v2.35.1-distroless imagePullPolicy: Always command: [/shared/argocd-dex, rundex] env: diff --git a/ArgoCD/manifests/base/kustomization.yaml b/ArgoCD/manifests/base/kustomization.yaml index e80274c..057586b 100644 --- a/ArgoCD/manifests/base/kustomization.yaml +++ b/ArgoCD/manifests/base/kustomization.yaml @@ -8,7 +8,7 @@ newTag: latest resources: - ./application-controller -- ./dex + - ./repo-server - ./server - ./config diff --git a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml index 1e7813a..2193d97 100644 --- a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml +++ b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml @@ -23,7 +23,7 @@ serviceAccountName: argocd-redis containers: - name: redis - image: redis:7.0.4-alpine + image: redis:7.0.5-alpine imagePullPolicy: Always args: - "--save" diff --git a/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 76dc9ab..e698fe6 100644 --- a/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -137,6 +137,12 @@ key: reposerver.streamed.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME diff --git a/ArgoCD/manifests/base/config/argocd-cm.yaml b/ArgoCD/manifests/base/config/argocd-cm.yaml index 2abb8b8..b51c677 100644 --- a/ArgoCD/manifests/base/config/argocd-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-cm.yaml @@ -7,15 +7,32 @@ app.kubernetes.io/part-of: argocd data: + oidc.config: | + name: auth-server + issuer: https://auth.jerxie.com + clientID: argocd-server + clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "email"] + # Optional set of OIDC claims to request on the ID token. + requestedIDTokenClaims: {"groups": {"essential": true}} + # logoutURL: https://auth.jerxie.com/auth/logout + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + ################################################### url: https://argocd.jerxie.com admin.enabled: "false" - dex.config: | - connectors: - - config: - issuer: https://accounts.google.com - clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com - clientSecret: aYc2j1lYUUZXkBFFUndnleZI - adminEmail: axieyangb@gmail.com - type: oidc - id: google - name: Google + # dex.config: | + # connectors: + # - config: + # issuer: https://accounts.google.com + # clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com + # clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # adminEmail: axieyangb@gmail.com + # type: oidc + # id: google + # name: Google diff --git a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml index ea52ff8..2a98e3a 100644 --- a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml @@ -9,4 +9,5 @@ data: policy.csv: | g, axieyangb@gmail.com, role:admin + scopes: '[email]' policy.default: role:'' diff --git a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml index ffec127..d2bb20b 100644 --- a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -37,7 +37,7 @@ type: RuntimeDefault containers: - name: dex - image: ghcr.io/dexidp/dex:v2.32.0-distroless + image: ghcr.io/dexidp/dex:v2.35.1-distroless imagePullPolicy: Always command: [/shared/argocd-dex, rundex] env: diff --git a/ArgoCD/manifests/base/kustomization.yaml b/ArgoCD/manifests/base/kustomization.yaml index e80274c..057586b 100644 --- a/ArgoCD/manifests/base/kustomization.yaml +++ b/ArgoCD/manifests/base/kustomization.yaml @@ -8,7 +8,7 @@ newTag: latest resources: - ./application-controller -- ./dex + - ./repo-server - ./server - ./config diff --git a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml index 1e7813a..2193d97 100644 --- a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml +++ b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml @@ -23,7 +23,7 @@ serviceAccountName: argocd-redis containers: - name: redis - image: redis:7.0.4-alpine + image: redis:7.0.5-alpine imagePullPolicy: Always args: - "--save" diff --git a/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 76dc9ab..e698fe6 100644 --- a/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -137,6 +137,12 @@ key: reposerver.streamed.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME diff --git a/ArgoCD/manifests/base/server/argocd-server-role.yaml b/ArgoCD/manifests/base/server/argocd-server-role.yaml index 6073140..81a74b2 100644 --- a/ArgoCD/manifests/base/server/argocd-server-role.yaml +++ b/ArgoCD/manifests/base/server/argocd-server-role.yaml @@ -25,6 +25,7 @@ resources: - applications - appprojects + - applicationsets verbs: - create - get diff --git a/ArgoCD/manifests/base/config/argocd-cm.yaml b/ArgoCD/manifests/base/config/argocd-cm.yaml index 2abb8b8..b51c677 100644 --- a/ArgoCD/manifests/base/config/argocd-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-cm.yaml @@ -7,15 +7,32 @@ app.kubernetes.io/part-of: argocd data: + oidc.config: | + name: auth-server + issuer: https://auth.jerxie.com + clientID: argocd-server + clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "email"] + # Optional set of OIDC claims to request on the ID token. + requestedIDTokenClaims: {"groups": {"essential": true}} + # logoutURL: https://auth.jerxie.com/auth/logout + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + ################################################### url: https://argocd.jerxie.com admin.enabled: "false" - dex.config: | - connectors: - - config: - issuer: https://accounts.google.com - clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com - clientSecret: aYc2j1lYUUZXkBFFUndnleZI - adminEmail: axieyangb@gmail.com - type: oidc - id: google - name: Google + # dex.config: | + # connectors: + # - config: + # issuer: https://accounts.google.com + # clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com + # clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # adminEmail: axieyangb@gmail.com + # type: oidc + # id: google + # name: Google diff --git a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml index ea52ff8..2a98e3a 100644 --- a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml @@ -9,4 +9,5 @@ data: policy.csv: | g, axieyangb@gmail.com, role:admin + scopes: '[email]' policy.default: role:'' diff --git a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml index ffec127..d2bb20b 100644 --- a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -37,7 +37,7 @@ type: RuntimeDefault containers: - name: dex - image: ghcr.io/dexidp/dex:v2.32.0-distroless + image: ghcr.io/dexidp/dex:v2.35.1-distroless imagePullPolicy: Always command: [/shared/argocd-dex, rundex] env: diff --git a/ArgoCD/manifests/base/kustomization.yaml b/ArgoCD/manifests/base/kustomization.yaml index e80274c..057586b 100644 --- a/ArgoCD/manifests/base/kustomization.yaml +++ b/ArgoCD/manifests/base/kustomization.yaml @@ -8,7 +8,7 @@ newTag: latest resources: - ./application-controller -- ./dex + - ./repo-server - ./server - ./config diff --git a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml index 1e7813a..2193d97 100644 --- a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml +++ b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml @@ -23,7 +23,7 @@ serviceAccountName: argocd-redis containers: - name: redis - image: redis:7.0.4-alpine + image: redis:7.0.5-alpine imagePullPolicy: Always args: - "--save" diff --git a/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 76dc9ab..e698fe6 100644 --- a/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -137,6 +137,12 @@ key: reposerver.streamed.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME diff --git a/ArgoCD/manifests/base/server/argocd-server-role.yaml b/ArgoCD/manifests/base/server/argocd-server-role.yaml index 6073140..81a74b2 100644 --- a/ArgoCD/manifests/base/server/argocd-server-role.yaml +++ b/ArgoCD/manifests/base/server/argocd-server-role.yaml @@ -25,6 +25,7 @@ resources: - applications - appprojects + - applicationsets verbs: - create - get diff --git a/ArgoCD/manifests/crds/application-crd.yaml b/ArgoCD/manifests/crds/application-crd.yaml index 522aabc..911fbc0 100644 --- a/ArgoCD/manifests/crds/application-crd.yaml +++ b/ArgoCD/manifests/crds/application-crd.yaml @@ -335,8 +335,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable entries @@ -681,8 +681,7 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management plugin - specific options + description: Plugin holds config management plugin specific options properties: env: description: Env is a list of environment variable entries @@ -1037,8 +1036,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable entries @@ -1409,8 +1408,8 @@ from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin + specific options properties: env: description: Env is a list of environment variable @@ -1753,8 +1752,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable @@ -1845,6 +1844,9 @@ description: SyncStatusCode is a type which represents possible comparison results type: string + syncWave: + format: int64 + type: integer version: type: string type: object @@ -2091,8 +2093,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable diff --git a/ArgoCD/manifests/base/config/argocd-cm.yaml b/ArgoCD/manifests/base/config/argocd-cm.yaml index 2abb8b8..b51c677 100644 --- a/ArgoCD/manifests/base/config/argocd-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-cm.yaml @@ -7,15 +7,32 @@ app.kubernetes.io/part-of: argocd data: + oidc.config: | + name: auth-server + issuer: https://auth.jerxie.com + clientID: argocd-server + clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "email"] + # Optional set of OIDC claims to request on the ID token. + requestedIDTokenClaims: {"groups": {"essential": true}} + # logoutURL: https://auth.jerxie.com/auth/logout + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + ################################################### url: https://argocd.jerxie.com admin.enabled: "false" - dex.config: | - connectors: - - config: - issuer: https://accounts.google.com - clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com - clientSecret: aYc2j1lYUUZXkBFFUndnleZI - adminEmail: axieyangb@gmail.com - type: oidc - id: google - name: Google + # dex.config: | + # connectors: + # - config: + # issuer: https://accounts.google.com + # clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com + # clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # adminEmail: axieyangb@gmail.com + # type: oidc + # id: google + # name: Google diff --git a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml index ea52ff8..2a98e3a 100644 --- a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml @@ -9,4 +9,5 @@ data: policy.csv: | g, axieyangb@gmail.com, role:admin + scopes: '[email]' policy.default: role:'' diff --git a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml index ffec127..d2bb20b 100644 --- a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -37,7 +37,7 @@ type: RuntimeDefault containers: - name: dex - image: ghcr.io/dexidp/dex:v2.32.0-distroless + image: ghcr.io/dexidp/dex:v2.35.1-distroless imagePullPolicy: Always command: [/shared/argocd-dex, rundex] env: diff --git a/ArgoCD/manifests/base/kustomization.yaml b/ArgoCD/manifests/base/kustomization.yaml index e80274c..057586b 100644 --- a/ArgoCD/manifests/base/kustomization.yaml +++ b/ArgoCD/manifests/base/kustomization.yaml @@ -8,7 +8,7 @@ newTag: latest resources: - ./application-controller -- ./dex + - ./repo-server - ./server - ./config diff --git a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml index 1e7813a..2193d97 100644 --- a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml +++ b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml @@ -23,7 +23,7 @@ serviceAccountName: argocd-redis containers: - name: redis - image: redis:7.0.4-alpine + image: redis:7.0.5-alpine imagePullPolicy: Always args: - "--save" diff --git a/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 76dc9ab..e698fe6 100644 --- a/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -137,6 +137,12 @@ key: reposerver.streamed.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME diff --git a/ArgoCD/manifests/base/server/argocd-server-role.yaml b/ArgoCD/manifests/base/server/argocd-server-role.yaml index 6073140..81a74b2 100644 --- a/ArgoCD/manifests/base/server/argocd-server-role.yaml +++ b/ArgoCD/manifests/base/server/argocd-server-role.yaml @@ -25,6 +25,7 @@ resources: - applications - appprojects + - applicationsets verbs: - create - get diff --git a/ArgoCD/manifests/crds/application-crd.yaml b/ArgoCD/manifests/crds/application-crd.yaml index 522aabc..911fbc0 100644 --- a/ArgoCD/manifests/crds/application-crd.yaml +++ b/ArgoCD/manifests/crds/application-crd.yaml @@ -335,8 +335,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable entries @@ -681,8 +681,7 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management plugin - specific options + description: Plugin holds config management plugin specific options properties: env: description: Env is a list of environment variable entries @@ -1037,8 +1036,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable entries @@ -1409,8 +1408,8 @@ from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin + specific options properties: env: description: Env is a list of environment variable @@ -1753,8 +1752,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable @@ -1845,6 +1844,9 @@ description: SyncStatusCode is a type which represents possible comparison results type: string + syncWave: + format: int64 + type: integer version: type: string type: object @@ -2091,8 +2093,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable diff --git a/ArgoCD/manifests/crds/applicationset-crd.yaml b/ArgoCD/manifests/crds/applicationset-crd.yaml index 6bc9f44..5e654ad 100644 --- a/ArgoCD/manifests/crds/applicationset-crd.yaml +++ b/ArgoCD/manifests/crds/applicationset-crd.yaml @@ -3,6 +3,7 @@ metadata: labels: app.kubernetes.io/name: applicationsets.argoproj.io + app.kubernetes.io/part-of: argocd name: applicationsets.argoproj.io spec: group: argoproj.io diff --git a/ArgoCD/manifests/base/config/argocd-cm.yaml b/ArgoCD/manifests/base/config/argocd-cm.yaml index 2abb8b8..b51c677 100644 --- a/ArgoCD/manifests/base/config/argocd-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-cm.yaml @@ -7,15 +7,32 @@ app.kubernetes.io/part-of: argocd data: + oidc.config: | + name: auth-server + issuer: https://auth.jerxie.com + clientID: argocd-server + clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "email"] + # Optional set of OIDC claims to request on the ID token. + requestedIDTokenClaims: {"groups": {"essential": true}} + # logoutURL: https://auth.jerxie.com/auth/logout + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + ################################################### url: https://argocd.jerxie.com admin.enabled: "false" - dex.config: | - connectors: - - config: - issuer: https://accounts.google.com - clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com - clientSecret: aYc2j1lYUUZXkBFFUndnleZI - adminEmail: axieyangb@gmail.com - type: oidc - id: google - name: Google + # dex.config: | + # connectors: + # - config: + # issuer: https://accounts.google.com + # clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com + # clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # adminEmail: axieyangb@gmail.com + # type: oidc + # id: google + # name: Google diff --git a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml index ea52ff8..2a98e3a 100644 --- a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml @@ -9,4 +9,5 @@ data: policy.csv: | g, axieyangb@gmail.com, role:admin + scopes: '[email]' policy.default: role:'' diff --git a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml index ffec127..d2bb20b 100644 --- a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -37,7 +37,7 @@ type: RuntimeDefault containers: - name: dex - image: ghcr.io/dexidp/dex:v2.32.0-distroless + image: ghcr.io/dexidp/dex:v2.35.1-distroless imagePullPolicy: Always command: [/shared/argocd-dex, rundex] env: diff --git a/ArgoCD/manifests/base/kustomization.yaml b/ArgoCD/manifests/base/kustomization.yaml index e80274c..057586b 100644 --- a/ArgoCD/manifests/base/kustomization.yaml +++ b/ArgoCD/manifests/base/kustomization.yaml @@ -8,7 +8,7 @@ newTag: latest resources: - ./application-controller -- ./dex + - ./repo-server - ./server - ./config diff --git a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml index 1e7813a..2193d97 100644 --- a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml +++ b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml @@ -23,7 +23,7 @@ serviceAccountName: argocd-redis containers: - name: redis - image: redis:7.0.4-alpine + image: redis:7.0.5-alpine imagePullPolicy: Always args: - "--save" diff --git a/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 76dc9ab..e698fe6 100644 --- a/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -137,6 +137,12 @@ key: reposerver.streamed.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME diff --git a/ArgoCD/manifests/base/server/argocd-server-role.yaml b/ArgoCD/manifests/base/server/argocd-server-role.yaml index 6073140..81a74b2 100644 --- a/ArgoCD/manifests/base/server/argocd-server-role.yaml +++ b/ArgoCD/manifests/base/server/argocd-server-role.yaml @@ -25,6 +25,7 @@ resources: - applications - appprojects + - applicationsets verbs: - create - get diff --git a/ArgoCD/manifests/crds/application-crd.yaml b/ArgoCD/manifests/crds/application-crd.yaml index 522aabc..911fbc0 100644 --- a/ArgoCD/manifests/crds/application-crd.yaml +++ b/ArgoCD/manifests/crds/application-crd.yaml @@ -335,8 +335,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable entries @@ -681,8 +681,7 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management plugin - specific options + description: Plugin holds config management plugin specific options properties: env: description: Env is a list of environment variable entries @@ -1037,8 +1036,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable entries @@ -1409,8 +1408,8 @@ from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin + specific options properties: env: description: Env is a list of environment variable @@ -1753,8 +1752,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable @@ -1845,6 +1844,9 @@ description: SyncStatusCode is a type which represents possible comparison results type: string + syncWave: + format: int64 + type: integer version: type: string type: object @@ -2091,8 +2093,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable diff --git a/ArgoCD/manifests/crds/applicationset-crd.yaml b/ArgoCD/manifests/crds/applicationset-crd.yaml index 6bc9f44..5e654ad 100644 --- a/ArgoCD/manifests/crds/applicationset-crd.yaml +++ b/ArgoCD/manifests/crds/applicationset-crd.yaml @@ -3,6 +3,7 @@ metadata: labels: app.kubernetes.io/name: applicationsets.argoproj.io + app.kubernetes.io/part-of: argocd name: applicationsets.argoproj.io spec: group: argoproj.io diff --git a/ArgoCD/manifests/crds/appproject-crd.yaml b/ArgoCD/manifests/crds/appproject-crd.yaml index f510ed2..335decf 100644 --- a/ArgoCD/manifests/crds/appproject-crd.yaml +++ b/ArgoCD/manifests/crds/appproject-crd.yaml @@ -159,6 +159,10 @@ for apps which have orphaned resources type: boolean type: object + permitOnlyProjectScopedClusters: + description: PermitOnlyProjectScopedClusters determines whether destinations + can only reference clusters which are project-scoped + type: boolean roles: description: Roles are user defined RBAC roles associated with this project diff --git a/ArgoCD/manifests/base/config/argocd-cm.yaml b/ArgoCD/manifests/base/config/argocd-cm.yaml index 2abb8b8..b51c677 100644 --- a/ArgoCD/manifests/base/config/argocd-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-cm.yaml @@ -7,15 +7,32 @@ app.kubernetes.io/part-of: argocd data: + oidc.config: | + name: auth-server + issuer: https://auth.jerxie.com + clientID: argocd-server + clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "email"] + # Optional set of OIDC claims to request on the ID token. + requestedIDTokenClaims: {"groups": {"essential": true}} + # logoutURL: https://auth.jerxie.com/auth/logout + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + ################################################### url: https://argocd.jerxie.com admin.enabled: "false" - dex.config: | - connectors: - - config: - issuer: https://accounts.google.com - clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com - clientSecret: aYc2j1lYUUZXkBFFUndnleZI - adminEmail: axieyangb@gmail.com - type: oidc - id: google - name: Google + # dex.config: | + # connectors: + # - config: + # issuer: https://accounts.google.com + # clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com + # clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # adminEmail: axieyangb@gmail.com + # type: oidc + # id: google + # name: Google diff --git a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml index ea52ff8..2a98e3a 100644 --- a/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml +++ b/ArgoCD/manifests/base/config/argocd-rbac-cm.yaml @@ -9,4 +9,5 @@ data: policy.csv: | g, axieyangb@gmail.com, role:admin + scopes: '[email]' policy.default: role:'' diff --git a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml index ffec127..d2bb20b 100644 --- a/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml +++ b/ArgoCD/manifests/base/dex/argocd-dex-server-deployment.yaml @@ -37,7 +37,7 @@ type: RuntimeDefault containers: - name: dex - image: ghcr.io/dexidp/dex:v2.32.0-distroless + image: ghcr.io/dexidp/dex:v2.35.1-distroless imagePullPolicy: Always command: [/shared/argocd-dex, rundex] env: diff --git a/ArgoCD/manifests/base/kustomization.yaml b/ArgoCD/manifests/base/kustomization.yaml index e80274c..057586b 100644 --- a/ArgoCD/manifests/base/kustomization.yaml +++ b/ArgoCD/manifests/base/kustomization.yaml @@ -8,7 +8,7 @@ newTag: latest resources: - ./application-controller -- ./dex + - ./repo-server - ./server - ./config diff --git a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml index 1e7813a..2193d97 100644 --- a/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml +++ b/ArgoCD/manifests/base/redis/argocd-redis-deployment.yaml @@ -23,7 +23,7 @@ serviceAccountName: argocd-redis containers: - name: redis - image: redis:7.0.4-alpine + image: redis:7.0.5-alpine imagePullPolicy: Always args: - "--save" diff --git a/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 76dc9ab..e698fe6 100644 --- a/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/ArgoCD/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -137,6 +137,12 @@ key: reposerver.streamed.manifest.max.extracted.size name: argocd-cmd-params-cm optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: reposerver.enable.git.submodule + name: argocd-cmd-params-cm + optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME diff --git a/ArgoCD/manifests/base/server/argocd-server-role.yaml b/ArgoCD/manifests/base/server/argocd-server-role.yaml index 6073140..81a74b2 100644 --- a/ArgoCD/manifests/base/server/argocd-server-role.yaml +++ b/ArgoCD/manifests/base/server/argocd-server-role.yaml @@ -25,6 +25,7 @@ resources: - applications - appprojects + - applicationsets verbs: - create - get diff --git a/ArgoCD/manifests/crds/application-crd.yaml b/ArgoCD/manifests/crds/application-crd.yaml index 522aabc..911fbc0 100644 --- a/ArgoCD/manifests/crds/application-crd.yaml +++ b/ArgoCD/manifests/crds/application-crd.yaml @@ -335,8 +335,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable entries @@ -681,8 +681,7 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management plugin - specific options + description: Plugin holds config management plugin specific options properties: env: description: Env is a list of environment variable entries @@ -1037,8 +1036,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable entries @@ -1409,8 +1408,8 @@ from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin + specific options properties: env: description: Env is a list of environment variable @@ -1753,8 +1752,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable @@ -1845,6 +1844,9 @@ description: SyncStatusCode is a type which represents possible comparison results type: string + syncWave: + format: int64 + type: integer version: type: string type: object @@ -2091,8 +2093,8 @@ and is only valid for applications sourced from Git. type: string plugin: - description: ConfigManagementPlugin holds config management - plugin specific options + description: Plugin holds config management plugin specific + options properties: env: description: Env is a list of environment variable diff --git a/ArgoCD/manifests/crds/applicationset-crd.yaml b/ArgoCD/manifests/crds/applicationset-crd.yaml index 6bc9f44..5e654ad 100644 --- a/ArgoCD/manifests/crds/applicationset-crd.yaml +++ b/ArgoCD/manifests/crds/applicationset-crd.yaml @@ -3,6 +3,7 @@ metadata: labels: app.kubernetes.io/name: applicationsets.argoproj.io + app.kubernetes.io/part-of: argocd name: applicationsets.argoproj.io spec: group: argoproj.io diff --git a/ArgoCD/manifests/crds/appproject-crd.yaml b/ArgoCD/manifests/crds/appproject-crd.yaml index f510ed2..335decf 100644 --- a/ArgoCD/manifests/crds/appproject-crd.yaml +++ b/ArgoCD/manifests/crds/appproject-crd.yaml @@ -159,6 +159,10 @@ for apps which have orphaned resources type: boolean type: object + permitOnlyProjectScopedClusters: + description: PermitOnlyProjectScopedClusters determines whether destinations + can only reference clusters which are project-scoped + type: boolean roles: description: Roles are user defined RBAC roles associated with this project diff --git a/ArgoCD/sync.sh b/ArgoCD/sync.sh index d8072e9..e8cd4f7 100755 --- a/ArgoCD/sync.sh +++ b/ArgoCD/sync.sh @@ -44,18 +44,35 @@ cat << 'EOL' >> manifests/base/config/argocd-cm.yaml data: + oidc.config: | + name: auth-server + issuer: https://auth.jerxie.com + clientID: argocd-server + clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"] + requestedScopes: ["openid", "email"] + # Optional set of OIDC claims to request on the ID token. + requestedIDTokenClaims: {"groups": {"essential": true}} + # logoutURL: https://auth.jerxie.com/auth/logout + + # Some OIDC providers require a separate clientID for different callback URLs. + # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID + # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will + # use the same clientID as the Argo CD server + # cliClientID: vvvvwwwwxxxxyyyyzzzz + ################################################### url: https://argocd.jerxie.com admin.enabled: "false" - dex.config: | - connectors: - - config: - issuer: https://accounts.google.com - clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com - clientSecret: aYc2j1lYUUZXkBFFUndnleZI - adminEmail: axieyangb@gmail.com - type: oidc - id: google - name: Google + # dex.config: | + # connectors: + # - config: + # issuer: https://accounts.google.com + # clientID: 223235257564-um2d8iqleksg4aoap7s7apqjkkdsqos9.apps.googleusercontent.com + # clientSecret: aYc2j1lYUUZXkBFFUndnleZI + # adminEmail: axieyangb@gmail.com + # type: oidc + # id: google + # name: Google EOL # Restrict RBAC @@ -98,6 +115,7 @@ kind: Deployment EOL +sed -i 's#- ./dex##g' manifests/base/kustomization.yaml kubectl apply -k manifests/ PASSWORD=$(kubectl get secrets argocd-initial-admin-secret -o jsonpath='{.data.password}' | base64 -d)