argo-cd: dex: enabled: true server: rbacConfig: policy.csv: | g, roxedus, role:admin g, ArgoCD Admins, role:admin #service: # type: NodePort extraArgs: - --insecure ingress: enabled: true ingressClassName: traefik annotations: cert-manager.io/acme-challenge-type: dns01 cert-manager.io/cluster-issuer: roxedus.com-cloudflare hosts: - argo.roxedus.com tls: - hosts: - argo.roxedus.com secretName: argo-roxedus-com-cert config: accounts.roxedus: apiKey, login # accounts.admin.enabled: "false" repositories: | - type: helm name: argo-cd url: https://argoproj.github.io/argo-helm configs: cm: # admin.enabled: false url: https://argo.roxedus.com resource.customizations.health.networking.k8s.io_Ingress: | hs = {} hs.status = "Healthy" return hs ? resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration : | jqPathExpressions: - '.webhooks[]?.clientConfig.caBundle' resource.customizations.health.cert-manager.io_Certificate: | hs = {} if obj.status ~= nil then if obj.status.conditions ~= nil then for i, condition in ipairs(obj.status.conditions) do if condition.type == "Ready" and condition.status == "False" then hs.status = "Degraded" hs.message = condition.message return hs end if condition.type == "Ready" and condition.status == "True" then hs.status = "Healthy" hs.message = condition.message return hs end end end end hs.status = "Progressing" hs.message = "Waiting for certificate" return hs # dex.config: | # connectors: # - config: # issuer: https://authentik.roxedus.com/application/o/argo/ # clientID: 509095b1ecd5117c95b9a2879d1cbcd5adc0b5d9 # clientSecret: $authentik-sso:oidc.auth0.clientSecret # insecureEnableGroups: true # scopes: # - openid # - profile # - email # - groups # name: authentik # type: oidc # id: authentik