Argo/Charts/argo-cd/values.yaml

argo-cd:
  dex:
    enabled: true
  server:
    rbacConfig:
      policy.csv: |
        g, roxedus, role:admin
        g, ArgoCD Admins, role:admin        
    service:
      type: NodePort
    extraArgs:
      - --insecure

    # ingress:
    #   enabled: true
    #   ingressClassName: traefik
    #   annotations:
    #     cert-manager.io/acme-challenge-type: dns01
    #     cert-manager.io/cluster-issuer: roxedus.com-cloudflare
    #   hosts:
    #     - argo.roxedus.com
    #   tls:
    #     - hosts:
    #         - argo.roxedus.com
    #       secretName: argo-roxedus-com-cert

    config:
      accounts.roxedus: apiKey, login
      #      accounts.admin.enabled: "false"
      repositories: |
        - type: helm
          name: argo-cd
          url: https://argoproj.github.io/argo-helm        
  configs:
    cm:
      #      admin.enabled: false
      url: https://argo.roxedus.com

      resource.customizations.health.networking.k8s.io_Ingress: |
        hs = {}
        hs.status = "Healthy"
        return hs        

      ? resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration
      : |
        jqPathExpressions:
        - '.webhooks[]?.clientConfig.caBundle'        

      resource.customizations.health.cert-manager.io_Certificate: |
        hs = {}
        if obj.status ~= nil then
          if obj.status.conditions ~= nil then
            for i, condition in ipairs(obj.status.conditions) do
              if condition.type == "Ready" and condition.status == "False" then
                hs.status = "Degraded"
                hs.message = condition.message
                return hs
              end
              if condition.type == "Ready" and condition.status == "True" then
                hs.status = "Healthy"
                hs.message = condition.message
                return hs
              end
            end
          end
        end

        hs.status = "Progressing"
        hs.message = "Waiting for certificate"
        return hs        

      # dex.config: |

      #   connectors:
      #   - config:
      #       issuer: https://authentik.roxedus.com/application/o/argo/
      #       clientID: 509095b1ecd5117c95b9a2879d1cbcd5adc0b5d9
      #       clientSecret: $authentik-sso:oidc.auth0.clientSecret
      #       insecureEnableGroups: true
      #       scopes:
      #         - openid
      #         - profile
      #         - email
      #         - groups
      #     name: authentik
      #     type: oidc
      #     id: authentik