argocd
/
prodwork01-argocd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
main_dev1029_pgbkp_s3apierror_alert
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c904b2ba35'
${ noResults }
prodwork01-argocd/values.yaml

89 lines
3.0 KiB
YAML
Raw Blame History

# Global
## Set this to create nginx for argocd and other services
bootstrap:
argo_namespace: argo-cd
argo_keycloak_clientSecret: vJTtJFwdmctFjxWknh9WHcHvTMJvChmg
# ArgoCD OIDC with Keycloak
argocd:
server:
config:
oidcConfig:
name: sso
issuer: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/infrastructure"
clientID: "argocd"
clientSecret: $oidc.keycloak.clientSecret
requestedScopes: ["openid", "profile", "email", "groups"]
rbacConfig:
policy.default: ''
policy.csv: |
g, admin, role:admin
g, argocd-admins, role:admin
g, mobenedevs, role:mobene-users
p, role:mobene-users, project, get, mobene, allow
p, role:mobene-users, applications, get, mobene/*, allow
p, role:mobene-users, applications, sync, mobene/*, allow
p, role:mobene-users, repositories, get, *, allow
grafana:
grafana_ini:
auth.generic_oauth:
enabled: true
name: Keycloak
allow_sign_up: true
tls_skip_verify_insecure: true
scopes: profile,email,groups
auth_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/master/protocol/openid-connect/auth
token_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/master/protocol/openid-connect/token
api_url: https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/realms/master/protocol/openid-connect/userinfo
client_id: grafana
client_secret: pCi7uGpA3NB5MMtIqmZGTrdqqW5K2Jkd
role_attribute_path: contains(groups[*], 'grafana-viewer') && 'Editor' || 'Viewer'
server:
root_url: https://prodwork01-grafana.smardigo.digital
stage: prodwork01
domain: smardigo.digital
gitea_instance: prodnso-gitea-01
gitea_repo_path: "argocd/prodwork01-argocd"
ingress_ip_whitelist:
- "212.121.131.106/32" # netgo berlin
- "149.233.6.129/32" # netgo e-shelter
- "46.245.219.98/32" # netgo borken
- "79.215.12.94/32" # sven
- "164.138.195.162/32" # aachen
# Application specific
cert-manager:
enable: false
cloud_provider: hetzner
teams_webhook: https://netgo.webhook.office.com/webhookb2/783c0128-5ab8-45a5-a81f-f9f78a98c342@a80318cd-cd6f-4d2e-83bb-ce3d4140f8b7/IncomingWebhook/d66e86e336004dfd980f208274141ee3/521ac200-eb68-43b8-ae5b-a4f210b0f983
alertmanager_config_secret_name: myalertmanager
oidc:
namespace: mobene-keycloak
iam:
secret_name_keycloak_creds: iam-keycloak-creds
envvars:
iam_keycloak_auth_server_url: "https://prodwork01-keycloak-01-keycloak.smardigo.digital/auth/"
prometheus:
retention: 30d
storageSpec:
volumeClaimTemplate:
spec:
storageClassName: hcloud-volumes
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 25Gi
config:
blackboxTargets:
- https://www.google.com
- https://www.stackoverflow.com
- https://www.heise.de
Reference in New Issue View Git Blame Copy Permalink