Re-enable dex

2026-01-29 11:43:51 +01:00 · 2026-01-29 11:43:51 +01:00 · 7eb0cdff9d
commit 7eb0cdff9d
parent 0effbce5cf
2 changed files with 39 additions and 43 deletions
--- a/template/stacks/core/argocd/values.yaml
+++ b/template/stacks/core/argocd/values.yaml
@ -5,18 +5,16 @@ configs:
  params:
    server.insecure: true
  cm:
-    # This code never quite worked, always led to 503 errors
+    oidc.config: |
-    # In theory it allows access to ArgoCD via OIDC through Forgejo
+      name: FORGEJO
-    # oidc.config: |
+      issuer: https://{{{ .Env.DOMAIN_DEX }}}
-    #   name: FORGEJO
+      clientID: controller-argocd-dex
-    #   issuer: https://{{{ .Env.DOMAIN_DEX }}}
+      clientSecret: $dex-argo-client:clientSecret
-    #   clientID: controller-argocd-dex
+      requestedScopes:
-    #   clientSecret: $dex-argo-client:clientSecret
+      - openid
-    #   requestedScopes:
+      - profile
-    #   - openid
+      - email
-    #   - profile
+      - groups
    #   - email
    #   - groups
    application.resourceTrackingMethod: annotation
    timeout.reconciliation: 60s
    resource.exclusions: |
--- a/template/stacks/core/dex.yaml
+++ b/template/stacks/core/dex.yaml
@ -1,31 +1,29 @@
-# NOTE Dex is disabled as it never quite worked, and was taking up pods which caused us to hit node capacity.
+apiVersion: argoproj.io/v1alpha1
-
+kind: Application
-# apiVersion: argoproj.io/v1alpha1
+metadata:
-# kind: Application
+  name: dex
-# metadata:
+  namespace: argocd
-#   name: dex
+  labels:
-#   namespace: argocd
+    env: dev
-#   labels:
+spec:
-#     env: dev
+  project: default
-# spec:
+  syncPolicy:
-#   project: default
+    automated:
-#   syncPolicy:
+      selfHeal: true
-#     automated:
+    syncOptions:
-#       selfHeal: true
+      - CreateNamespace=true
-#     syncOptions:
+    retry:
-#       - CreateNamespace=true
+      limit: -1
-#     retry:
+  destination:
-#       limit: -1
+    name: in-cluster
-#   destination:
+    namespace: dex
-#     name: in-cluster
+  sources:
-#     namespace: dex
+    - repoURL: https://charts.dexidp.io
-#   sources:
+      chart: dex
-#     - repoURL: https://charts.dexidp.io
+      targetRevision: 0.23.0
-#       chart: dex
+      helm:
-#       targetRevision: 0.23.0
+        valueFiles:
-#       helm:
+          - $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/core/dex/values.yaml
-#         valueFiles:
+    - repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
-#           - $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/core/dex/values.yaml
+      targetRevision: HEAD
-#     - repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
+      ref: values
 #       targetRevision: HEAD
 #       ref: values