diff --git a/chart/README.md b/chart/README.md index 1d36d56..ed70a06 100644 --- a/chart/README.md +++ b/chart/README.md @@ -17,7 +17,7 @@ AtomiCloud's Deployment Platform via ArgoCD |-----|------|---------|-------------| | admin | bool | `true` | Enable Admin Access | | applicationWait | bool | `true` | Enable waiting in sync-waves | -| argo-cd | object | `{"configs":{"cm":{"create":false},"params":{"create":false}},"dex":{"enabled":false},"global":{"logging":{"format":"json","level":"info"}}}` | ArgoCD Specific configuration. See [ArgoCD Helm Documentation](https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd) | +| argo-cd | object | `{"configs":{"cm":{"create":false},"params":{"create":false},"rbac":{"create":false}},"dex":{"enabled":false},"global":{"logging":{"format":"json","level":"info"}}}` | ArgoCD Specific configuration. See [ArgoCD Helm Documentation](https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd) | | banner | string | `""` | Banner to show in ArgoCD UI | | connector | object | `{"clusters":{},"policy":{"creation":"Owner","deletion":"Retain"},"secretStore":{"kind":"SecretStore","name":"doppler"}}` | Connectors to other cluster | | connector.clusters | object | `{}` | Clusters to connect to | @@ -58,14 +58,14 @@ AtomiCloud's Deployment Platform via ArgoCD | rbac.name | string | `"Atomi"` | Name of the OIDC Provider | | rbac.requestedScopes | list | `["openid","profile","email","https://atomi.cloud/roles"]` | Scopes to request from OIDC | | serviceTree | object | `{"layer":"1","platform":"sulfoxide","service":"chlorine"}` | AtomiCloud Service Tree. See [ServiceTree](https://atomicloud.larksuite.com/wiki/OkfJwTXGFiMJkrk6W3RuwRrZs64?theme=DARK&contentTheme=DARK#MHw5d76uDo2tBLx86cduFQMRsBb) | -| sso | object | `{"external":{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"/suicune/auth0/client_secret","secretStore":{"kind":"ClusterStore","name":"doppler"}},"internal":{"enable":false,"secret":""},"secretName":"argo-cd-sso-secret"}` | SSO Secret using OIDC | -| sso.external | object | `{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"/suicune/auth0/client_secret","secretStore":{"kind":"ClusterStore","name":"doppler"}}` | External Secret Configuration | +| sso | object | `{"external":{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"","secretStore":{"kind":"ClusterStore","name":"doppler"}},"internal":{"enable":false,"secret":""},"secretName":"argo-cd-sso-secret"}` | SSO Secret using OIDC | +| sso.external | object | `{"enable":true,"policy":{"creation":"Owner","deletion":"Retain"},"refreshInterval":"1h","remoteSecretName":"","secretStore":{"kind":"ClusterStore","name":"doppler"}}` | External Secret Configuration | | sso.external.enable | bool | `true` | Enable External Secret | | sso.external.policy | object | `{"creation":"Owner","deletion":"Retain"}` | External Secret Policy | | sso.external.policy.creation | string | `"Owner"` | Creation policy | | sso.external.policy.deletion | string | `"Retain"` | Deletion policy | | sso.external.refreshInterval | string | `"1h"` | Refresh Interval for fetching the secret from remote | -| sso.external.remoteSecretName | string | `"/suicune/auth0/client_secret"` | Secret Remote Reference for OIDC Client Secret | +| sso.external.remoteSecretName | string | `""` | Secret Remote Reference for OIDC Client Secret | | sso.external.secretStore.kind | string | `"ClusterStore"` | Kind of the Secret Store: `ClusterSecretStore` or `SecretStore` | | sso.external.secretStore.name | string | `"doppler"` | Name of the Secret Store | | sso.internal | object | `{"enable":false,"secret":""}` | Internal Secret, Hard coded secrets | diff --git a/chart/templates/post-install/cluster_external_secret.yaml b/chart/templates/post-install/cluster_secret.yaml similarity index 62% rename from chart/templates/post-install/cluster_external_secret.yaml rename to chart/templates/post-install/cluster_secret.yaml index 1d117c5..98b9a65 100644 --- a/chart/templates/post-install/cluster_external_secret.yaml +++ b/chart/templates/post-install/cluster_secret.yaml @@ -20,19 +20,20 @@ spec: name: {{ $lk }}-{{ $ck }}-cluster-secret creationPolicy: {{ $.Values.connector.policy.creation }} deletionPolicy: {{ $.Values.connector.policy.deletion }} + template: + metadata: + labels: {{- include "sulfoxide-helium.labels" $ | nindent 10 }} + argocd.argoproj.io/secret-type: cluster + annotations: {{- include "sulfoxide-helium.annotations" $ | nindent 10 }} + argocd.argoproj.io/secret-type: cluster + data: + name: '{{ `{{ get ( .kubeconfig | fromJson ) "name" }}` }}' + server: '{{ `{{ get ( .kubeconfig | fromJson ) "server" }}` }}' + config: '{{ `{{ get ( .kubeconfig | fromJson ) "config" }}` }}' data: - - secretKey: name + - secretKey: kubeconfig remoteRef: key: "{{ $cv.remoteSecretName }}" - property: name - - secretKey: server - remoteRef: - key: "{{ $cv.remoteSecretName }}" - property: server - - secretKey: config - remoteRef: - key: "{{ $cv.remoteSecretName }}" - property: config --- {{- end }} {{- end }} diff --git a/chart/values.suicune.opal-ruby.yaml b/chart/values.suicune.opal-ruby.yaml index a3094fa..4348016 100644 --- a/chart/values.suicune.opal-ruby.yaml +++ b/chart/values.suicune.opal-ruby.yaml @@ -31,26 +31,30 @@ github: external: enable: true refreshInterval: 1h - usernameRef: "GITHUB_USERNAME" - passwordRef: "GITHUB_PASSWORD" + usernameRef: "MANUAL_GITHUB_USERNAME" + passwordRef: "MANUAL_GITHUB_PASSWORD" sso: internal: enable: false external: enable: true - remoteSecretName: /suicune/manual/argocd/auth0-client-secret + remoteSecretName: "MANUAL_AUTH0_CLIENT_SECRET" -# clusters: -# pichu: -# opal: -# # -- refresh interval for fetching the secret from remote -# refreshInterval: 24h -# # -- secret for the cluster -# remoteSecretName: /suicune/auto/argocd/cluster-connector-pichu-opal -# # -- enable App of Apps -# aoa: -# enable: true +connector: + clusters: + suicune: + opal: + refreshInterval: 1h + remoteSecretName: SUICUNE_OPAL_KUBECONFIG + aoa: + enable: false + entei: + opal: + refreshInterval: 1h + remoteSecretName: ENTEI_OPAL_KUBECONFIG + aoa: + enable: false # repo: https://github.com/AtomiCloud/helm.systems_app-of-apps # version: HEAD # path: chart diff --git a/chart/values.yaml b/chart/values.yaml index 45a010b..9e0db80 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -11,6 +11,8 @@ argo-cd: create: false params: create: false + rbac: + create: false global: logging: format: json @@ -127,7 +129,7 @@ sso: # -- Refresh Interval for fetching the secret from remote refreshInterval: 1h # -- Secret Remote Reference for OIDC Client Secret - remoteSecretName: /suicune/auth0/client_secret + remoteSecretName: "" secretStore: # -- Name of the Secret Store name: doppler