diff --git a/k8s/argo-apps/argo-workflows.yaml b/k8s/argo-apps/argo-workflows.yaml deleted file mode 100644 index 0c95a38..0000000 --- a/k8s/argo-apps/argo-workflows.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: argo-workflows - namespace: argocd -spec: - destination: - name: '' - namespace: argo-workflows - server: https://kubernetes.default.svc - project: management - syncPolicy: - automated: {} - sources: - - chart: argo-workflows - repoURL: https://argoproj.github.io/argo-helm - targetRevision: 0.40.* - helm: - valuesObject: - controller: - singleNamespace: true - workflowNamespaces: - - argo-workflows - server: - authMode: sso - sso: - enabled: true - issuer: https://auth.fukurokuju.dev/application/o/argo-workflows/ - clientId: - name: secrets-argo-server-sso - key: client-id - clientSecret: - name: secrets-argo-server-sso - key: client-secret - redirectUrl: https://ci.fuku/oauth2/callback - scopes: - - openid - - profile - - email - - offline_access - rbac: - enabled: true - ingress: - enabled: true - ingressClassName: traefik - hosts: - - ci.fuku - tls: [] diff --git a/k8s/services/argo-workflows/admin-service-account.yaml b/k8s/services/argo-workflows/admin-service-account.yaml deleted file mode 100644 index 9ce4e39..0000000 --- a/k8s/services/argo-workflows/admin-service-account.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: admin-user - namespace: argo-workflows - annotations: - workflows.argoproj.io/rbac-rule: 'true' - workflows.argoproj.io/rbac-rule-precedence: '1' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: admin-user -subjects: - - kind: ServiceAccount - name: admin-user - namespace: argo-workflows -roleRef: - name: argo-workflows-admin - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io ---- -apiVersion: v1 -kind: Secret -metadata: - name: admin-user.service-account-token - namespace: argo-workflows - annotations: - kubernetes.io/service-account.name: admin-user -type: kubernetes.io/service-account-token diff --git a/k8s/services/argo-workflows/sealedsecrets.yaml b/k8s/services/argo-workflows/sealedsecrets.yaml deleted file mode 100644 index d6f50aa..0000000 --- a/k8s/services/argo-workflows/sealedsecrets.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: - name: secrets-argo-server-sso - namespace: argo-workflows -spec: - encryptedData: - client-id: AgBLae+Tym75VhhsY4IK4VXlFKaP9ono6wF71N70X6krXVkURqBg3ncm9HvV6iO8ouPB3LWTRmQsNf0W2MbFD+wMPKGQcuUg3gSFOheDXF5rlUn5VuChDgBcbzemBHArlddVOsTFmuqUixhcMKbXenUHjNqW88N8j0GCxajnTpyPsW4nRHdBLzhqmliJWJCAbhtzGXV+0DM3UbW329ktYoDVFMMwM2RMZS39Uk65zoOqLsWR1eU9vI7PNrQpbcK1GJ3ZyqWfwcD5g6Az+/TiOx2PVkUtfeCqry1KNHCzANytpApcOTYUngg0XBW4vi/Gu84aNpAPXP3SBWOSah+4REgOBl/DlojUTIMIz/UJCvZViWbK6szg9+/RJtW2WKZQ2Pob3rfAtuZ0JKOrjG9koklthLWzjthzZVXk7JBy79GU84Gj7cQv52WwHbMPvIaPrzl5wJlMUZLnCQ8jSNvXpAmQdBf4wres6KMUlPGPw1aF75LNvlrju66dv1f7lRC6Uao7L39jvCXx95dznI2fcybZyE/W+aVznnpUNk/dfHKc4IB12g5DCtq8AfiTlZD72Fq+eMOn3xSlJ+pB6FQXRFLrdnc8f25pw7pqbf3zi/p+ylVdpMiLLTaL0M06RJbTVk5BT28HjGVMslBaR+4pJKLFNL2XwRW1VHteAhPtrvfe/zw5/pXSmK78pZ4UqsW9bb7+dUlQ/OSASwe3xZrs0ogB7yidvUjtQlpS/Ocumcq1mm5X/gRvShz1yqcvaDZ01/sR8ZXQtOAAJEvMLLDS2rugzYFp # yamllint disable rule:line-length - client-secret: AgA8/QhgkPt3QRwa5zDQhlyhnYJurwGd/Uigo5WNIyUAh1vqqfmGlRAyJ9YQRJKPaJmTTU1nsaulOtS8Lafe4pAhXTsGaGsP7r+pntRii1KV79avl6e94zrH8LdhkrWxzaKLh6sW7Lj+Q3Cxj/Anh5jRSyIKGB0lpbR2RDE9XuBGx6r+jKS+8WXCn3Bxh2/ZEOBttAIWT59KxdwhZLeh/N5P809V1h8O7pxBdvvuyvK/nkBxJPWzO85zZnAiszLwraoOoiMZbfo4Z+Uzxf1dlGUxj2ZEoq3gWN9cuWRNoLxMJ1sq26zez99fyPbDD19+y0k6o+dNSQRLfFkhbgLgqCDUvWs3QzoV52oBe3zJ/of37hD03bLl1CUuJQcO8a8hoOsBqe7as+tmJTefKx67jjoUbtGPwoNYwakU2gH74rAlQE7NN/d1LuzjZSnivv27X2pTD169Ts4q/CjBUVVbSrLn/o5icEXu+d1SSFNhiFXI7/lcM/vi7CBVKuxmIsiJ0ka+mpnF6FTgsbcRvNKkFz0qZPGpx0Q7eg7tvvW7wh8aBk8k3Rh+Xp9ZXKGwRUlpBfDCVf2LB0tN5N2ieHgcy41Hxy+v7Ce5+qjTel/NkA2y67M7B5X/ji6+N+1a9wwKwTdQOze60Q/EfK8MPF8X3lpfarGhieWbGQAnHmQW0tVWBIjAnOSYbgrfoeyg2XPYg1vW7YetTfPGdF7QDhmnAEmPeBYbubMDwmXpofrpM1vz87degAL9L6kqyWF+XQph/pVAU5c1cHD30t383j0HTK5uG/dwHbWzt9k9hyz94Un0mXRohz/zAT2NIv1dwM9yv9VC3v89mkcapjlUlxBApPYcow6WWOvvcadyTrEXlVjskQ== # yamllint disable rule:line-length - template: - metadata: - creationTimestamp: - name: secrets-argo-server-sso - namespace: argo-workflows diff --git a/tofu/authentik/main.tf b/tofu/authentik/main.tf index e18ee31..08fbaf6 100644 --- a/tofu/authentik/main.tf +++ b/tofu/authentik/main.tf @@ -27,19 +27,6 @@ resource "authentik_group" "admins" { is_superuser = true } -module "argo-workflows" { - source = "../modules/authentik-oidc" - app_name = "Argo Workflows" - app_slug = "argo-workflows" - client_id = var.argo_workflows_client_id - client_secret = var.argo_workflows_client_secret - app_access_group_id = authentik_group.ci.id - redirect_uris = ["https://ci.fuku/oauth2/callback"] - app_icon = "https://argoproj.github.io/icons/icon-512x512.png" - app_description = "Kubernetes-native workflow engine supporting DAG and step-based workflows" - app_publisher = "Argo Project" - app_url = "https://ci.fuku" -} module "firezone" { source = "../modules/authentik-oidc" diff --git a/tofu/authentik/sample.env b/tofu/authentik/sample.env index 2c0dc5b..a22dd70 100644 --- a/tofu/authentik/sample.env +++ b/tofu/authentik/sample.env @@ -1,7 +1,5 @@ AUTHENTIK_URL=https://auth.fukurokuju.dev AUTHENTIK_TOKEN= -TF_VAR_argo_workflows_client_id= -TF_VAR_argo_workflows_client_secret= TF_VAR_firezone_client_id= TF_VAR_firezone_client_secret= TF_VAR_gitea_client_id= @@ -10,3 +8,5 @@ TF_VAR_miniflux_client_id= TF_VAR_miniflux_client_secret= TF_VAR_portainer_client_id= TF_VAR_portainer_client_secret= +TF_VAR_paperless_client_id= +TF_VAR_paperless_client_secret=