75 lines
1.7 KiB
YAML
75 lines
1.7 KiB
YAML
commonEnvVars: &commonEnvVars
|
|
- name: REDIS_USERNAME
|
|
value: ""
|
|
- name: REDIS_PASSWORD
|
|
value: ${ redis_password }
|
|
|
|
commonArgs: &commonRedisArgs
|
|
- --redis=${ redis_service_uri }:6379
|
|
- --redisdb=${ redis_index }
|
|
|
|
redis:
|
|
enabled: false
|
|
|
|
redisWait:
|
|
enabled: false
|
|
|
|
externalRedis:
|
|
host: ${ redis_service_uri }
|
|
password: ${ redis_password }
|
|
database: ${ redis_index }
|
|
|
|
dex:
|
|
enabled: true
|
|
|
|
controller:
|
|
extraArgs: *commonRedisArgs
|
|
extraEnvVars: *commonEnvVars
|
|
|
|
repoServer:
|
|
extraArgs: *commonRedisArgs
|
|
extraEnvVars: *commonEnvVars
|
|
|
|
server:
|
|
extraArgs: *commonRedisArgs
|
|
extraEnvVars: *commonEnvVars
|
|
|
|
url: https://${ service_uri }
|
|
insecure: true
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
hostname: ${ service_uri }
|
|
annotations:
|
|
kubernetes.io/ingress.class: traefik
|
|
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
|
|
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-to-https@kubernetescrd,default-preserve-host-headers@kubernetescrd
|
|
extraTls:
|
|
- hosts:
|
|
- ${ service_uri }
|
|
secretName: argocd-tls
|
|
|
|
config:
|
|
%{ if oauth_uri != null }
|
|
dex.config: |
|
|
connectors:
|
|
- type: oidc
|
|
id: oidc
|
|
name: OIDC
|
|
config:
|
|
issuer: ${ oauth_issuer }
|
|
clientID: ${ oauth_client_id }
|
|
clientSecret: ${ oauth_client_secret }
|
|
insecureSkipEmailVerified: true
|
|
insecureEnableGroups: true
|
|
scopes:
|
|
- profile
|
|
- email
|
|
- openid
|
|
- groups
|
|
claimMapping:
|
|
name: fullName # ArgoCD expects 'name', FusionAuth provides 'fullName'
|
|
preferred_username: email
|
|
%{ endif }
|
|
|