argo-cd: dex: enabled: true server: rbacConfig: policy.csv: | g, roxedus, role:admin g, ArgoCD Admins, role:admin #service: # type: NodePort extraArgs: - --insecure ingress: enabled: true ingressClassName: traefik annotations: cert-manager.io/acme-challenge-type: dns01 cert-manager.io/cluster-issuer: roxedus.com-cloudflare hosts: - argo.roxedus.com tls: - hosts: - argo.roxedus.com secretName: argo-roxedus-com-cert config: accounts.roxedus: apiKey, login accounts.admin.enabled: "true" repositories: | - type: helm name: argo-cd url: https://argoproj.github.io/argo-helm configs: cm: url: https://argo.roxedus.com resource.customizations.health.networking.k8s.io_Ingress: | hs = {} hs.status = "Healthy" return hs ? resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration : | jqPathExpressions: - '.webhooks[]?.clientConfig.caBundle' resource.customizations.health.cert-manager.io_Certificate: | hs = {} if obj.status ~= nil then if obj.status.conditions ~= nil then for i, condition in ipairs(obj.status.conditions) do if condition.type == "Ready" and condition.status == "False" then hs.status = "Degraded" hs.message = condition.message return hs end if condition.type == "Ready" and condition.status == "True" then hs.status = "Healthy" hs.message = condition.message return hs end end end end hs.status = "Progressing" hs.message = "Waiting for certificate" return hs dex.config: | connectors: - config: issuer: https://authentik.roxedus.com/application/o/argocd/ clientID: $argo-cd-sso:clientID clientSecret: $argo-cd-sso:clientSecret insecureEnableGroups: true scopes: - openid - profile - email - groups name: authentik type: oidc id: authentik