--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - github.com/argoproj/argo-cd/manifests/cluster-install?ref=v2.14.15 - ingressRoute.yaml - cert.yaml patches: - target: kind: ConfigMap name: argocd-cmd-params-cm patch: |- apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmd-params-cm data: server.insecure: "true" application.namespaces: "*" - target: kind: ConfigMap name: argocd-rbac-cm patch: |- apiVersion: v1 kind: ConfigMap metadata: name: argocd-rbac-cm data: policy.csv: | g, argocd_admins, role:admin p, argocd_users, applications, list, *, allow p, argocd_users, applications, sync, *, allow p, argocd_users, applications, refresh, *, allow p, argocd_users, applications, get, *, allow - target: kind: ConfigMap name: argocd-cm patch: |- apiVersion: v1 kind: ConfigMap metadata: name: argocd-cm data: admin.enabled: "false" kustomize.buildOptions: --enable-helm url: https://cd.dgse.cloud oidc.config: | name: DGSE issuer: https://auth.dgse.cloud clientID: 7f58ae97-de06-4de2-9be4-3bac6b58e6e7 clientSecret: $oidc.keycloak.clientSecret requestedScopes: ["openid", "profile", "email", "groups"] allowedAudiences: - "7f58ae97-de06-4de2-9be4-3bac6b58e6e7" - target: kind: ClusterRole name: argocd-application-controller patch: |- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: argocd-application-controller rules: - apiGroups: ["*"] resources: ["*"] verbs: ["*"] - target: kind: ClusterRoleBinding name: argocd-application-controller patch: |- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: argocd-application-controller subjects: - kind: ServiceAccount name: argocd-application-controller namespace: argocd roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: argocd-application-controller