feat(sso): configure sso for ArgoCD

2025-08-15 15:10:55 +02:00 · 2025-08-15 15:10:55 +02:00 · 2eab9bd80b
commit 2eab9bd80b
parent 699b6cedcb
2 changed files with 12 additions and 3 deletions
--- a/template/stacks/core/argocd/values.yaml
+++ b/template/stacks/core/argocd/values.yaml
@ -5,6 +5,16 @@ configs:
  params:
    server.insecure: true
  cm:
+    oidc.config: |
+      name: FORGEJO
+      issuer: https://{{{ .Env.DOMAIN_DEX }}}
+      clientID: controller-argocd-dex
+      clientSecret: $dex-argo-client:clientSecret
+      requestedScopes:
+      - openid
+      - profile
+      - email
+      - groups
    application.resourceTrackingMethod: annotation
    timeout.reconciliation: 60s
    resource.exclusions: |
@ -18,10 +28,9 @@ configs:
        - CiliumIdentity
        clusters:
        - "*"
-    accounts.provider-argocd: apiKey
    url: https://{{{ .Env.DOMAIN_ARGOCD }}}
  rbac:
-    policy.csv: 'g, provider-argocd, role:admin'
+    policy.csv: 'g, DevFW, role:admin'

  tls:
    certificates:
--- a/template/stacks/core/dex/values.yaml
+++ b/template/stacks/core/dex/values.yaml
@ -67,7 +67,7 @@ config:
    - id: controller-argocd-dex
      name: ArgoCD Client
      redirectURIs:
-        - "http://{{{ .Env.DOMAIN_ARGOCD }}}/auth/callback"
+        - "https://{{{ .Env.DOMAIN_ARGOCD }}}/auth/callback"
      secretEnv: "OIDC_DEX_ARGO_CLIENT_SECRET"
    - id: grafana
      redirectURIs: