commonEnvVars: &commonEnvVars - name: REDIS_USERNAME value: "" - name: REDIS_PASSWORD value: ${ redis_password } commonArgs: &commonRedisArgs - --redis=${ redis_service_uri }:6379 - --redisdb=${ redis_index } redis: enabled: false redisWait: enabled: false externalRedis: host: ${ redis_service_uri } password: ${ redis_password } database: ${ redis_index } dex: enabled: true controller: extraArgs: *commonRedisArgs extraEnvVars: *commonEnvVars repoServer: extraArgs: *commonRedisArgs extraEnvVars: *commonEnvVars server: extraArgs: *commonRedisArgs extraEnvVars: *commonEnvVars url: https://${ service_uri } insecure: true ingress: enabled: true ingressClassName: traefik hostname: ${ service_uri } annotations: kubernetes.io/ingress.class: traefik %{ if tls } traefik.ingress.kubernetes.io/router.entrypoints: web,websecure traefik.ingress.kubernetes.io/router.middlewares: default-redirect-to-https@kubernetescrd,default-preserve-host-headers@kubernetescrd %{ else } traefik.ingress.kubernetes.io/router.entrypoints: web traefik.ingress.kubernetes.io/router.middlewares: default-preserve-host-headers@kubernetescrd %{ endif } %{ if tls } extraTls: - hosts: - ${ service_uri } secretName: argocd-tls %{ endif } config: rbac: | scopes: '[groups]' "policy.csv": | g, admin, role:admin g, user, role:readonly "policy.default": '' %{ if oauth_uri != null } dex.config: | connectors: - type: oidc id: oidc name: OIDC config: issuer: "${ oauth_issuer }" clientID: "${ oauth_client_id }" clientSecret: "${ oauth_client_secret }" insecureSkipEmailVerified: true insecureEnableGroups: true scopes: - profile - email - openid - groups logoutURL: "${ oauth_redirect_uri }" claimMapping: name: fullName # ArgoCD expects 'name', FusionAuth provides 'fullName' preferred_username: email %{ endif }