rke2-single-node/06_argocd_installation/argo-values.yaml

global:
  domain: "argocd.k8s.hnrx.net"

extraObjects:
  - apiVersion: secrets.phase.dev/v1alpha1
    kind: PhaseSecret
    metadata:
      name: argocd-phase-secret
      namespace: argocd
      labels:
        app.kubernetes.io/part-of: argocd
    spec:
      phaseApp: 'argocd' # The name of your Phase application
      phaseAppEnv: 'production' # OPTIONAL - The Phase App Environment to fetch secrets from
      phaseAppEnvPath: '/' # OPTIONAL Path within the Phase application environment to fetch secrets from
      phaseHost: 'https://phase.hnrx.net' # OPTIONAL - URL of a Phase Console instance
      authentication:
        serviceToken:
          serviceTokenSecretReference:
            secretName: 'phase-service-token' # Name of the Phase Service Token with access to your application
            secretNamespace: 'default'
      managedSecretReferences:
        - secretName: 'argocd-authentik-client-secret' # Name of the Kubernetes managed secret that Phase will sync
          secretNamespace: 'argocd'

configs:
  cm:
    url: https://argocd.k8s.hnrx.net
    dex.config: |
      connectors:
      - config:
          issuer: ${AUTHENTIK_ISSUER_URL}
          clientID: ${AUTHENTIK_CLIENT_ID}
          clientSecret: ${AUTHENTIK_CLIENT_SECRET}
          insecureEnableGroups: true
          scopes:
            - openid
            - profile
            - email
        name: authentik
        type: oidc
        id: authentik
        
  params:
    server.insecure: true
  rbac:
    policy.csv: |
      g, ArgoCD Admins, role:admin
      g, ArgoCD Viewers, role:readonly
  secret:
        extra:
            dex.authentik.clientSecret: "${AUTHENTIK_CLIENT_SECRET}"
  cmp:
    credentialTemplates:
      https-creds:
        url: https://git.hnrx.net
        username: ${GIT_USER}
        password: ${GIT_PASSWORD}


dex:
  envFrom:
    - secretRef:
        name: argocd-authentik-client-secret

server:
  httproute:
    enabled: true
    parentRefs:
      - name: argocd-gateway
        namespace: argocd
        sectionName: https
    hostnames:
      - "argocd.k8s.hnrx.net"
    rules:
    - matches:
        - path:
            type: PathPrefix
            value: /
      backendRefs:
        - name: argocd-server
          port: 80
            
  grpcroute:
    enabled: true
    parentRefs:
      - name: argocd-gateway
        namespace: argocd
        sectionName: http
    hostnames:
      - "argocd.k8s.hnrx.net"
    rules:
      - matches:
          - method:
              type: Exact
              service: "cluster.argoproj.v1alpha1.repositorieservice"
              method: "List"
        backendRefs:
          - name: argocd-server
            port: 443