Compare commits
2 Commits
6498a04b62
...
c62fdb574a
| Author | SHA1 | Date | |
|---|---|---|---|
| c62fdb574a | |||
| 1fc0b70e1a |
@@ -0,0 +1,3 @@
|
||||
# Members of this group get ArgoCD role:admin (mapped in argocd-rbac-cm).
|
||||
# Everyone else who logs in via Authentik gets role:readonly.
|
||||
name: argocd-admins
|
||||
@@ -0,0 +1,21 @@
|
||||
# OAuth2/OIDC provider + application for the in-cluster ArgoCD
|
||||
# (argocd.k8s.syd1.au.unkin.net). client_secret is read from Vault, not committed.
|
||||
name: ArgoCD
|
||||
authorization_flow: default-provider-authorization-implicit-consent
|
||||
invalidation_flow: default-provider-invalidation-flow
|
||||
client_type: confidential
|
||||
client_id: argocd
|
||||
client_secret_vault:
|
||||
mount: kv
|
||||
path: kubernetes/namespace/argocd/default/oauth-credentials
|
||||
scope_mappings:
|
||||
- goauthentik.io/providers/oauth2/scope-openid
|
||||
- goauthentik.io/providers/oauth2/scope-email
|
||||
- goauthentik.io/providers/oauth2/scope-profile
|
||||
redirect_uris:
|
||||
# Web UI SSO callback.
|
||||
- matching_mode: strict
|
||||
url: https://argocd.k8s.syd1.au.unkin.net/auth/callback
|
||||
# `argocd login --sso` CLI callback (local listener).
|
||||
- matching_mode: strict
|
||||
url: http://localhost:8085/auth/callback
|
||||
Reference in New Issue
Block a user