ArgoCD app for ArgoCD so that ArgoCD can manage itself, ArgoCD 🧡
Example screenshot of Argo CD ingress
Example screenshot of Argo CD AppSet secret-plugin
For the Argo CD App of Apps in ./app_of_apps:
- External Secret and Argo CD appset secret plugin
- Argo CD
We use an external secret for the OIDC credentials.
When creating external secrets for argocd, don't forget to set spec.target.template.metadata.labels like:
---
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: argocd-oidc
spec:
target:
# Name for the secret to be created on the cluster
name: argocd-oidc
deletionPolicy: Delete
template:
type: Opaque
metadata:
labels:
app.kubernetes.io/part-of: "argocd"
data:
oidc.keycloak.clientSecret: |-
{{ .password }}
...Reference on external secrets labels: external-secrets/external-secrets#2041
To deploy this, create a new Argo CD app, and select "Edit as YAML". Copy and paste this into the input field:
project: argo-cd
source:
repoURL: 'https://github.com/small-hack/argocd.git'
path: argocd/
targetRevision: main
destination:
server: 'https://kubernetes.default.svc'
namespace: argocd
syncPolicy:
syncOptions:
- ApplyOutOfSyncOnly=trueCheckout out the README in the keycloak directory relative this this one for more info on how to setup an ArgoCD client for Keycloak.
This was put together from these older docs:
- https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/keycloak/
- https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#example_1
These were really helpful guides on configuring a zitadel argocd app: