authentik for argo
This commit is contained in:
30
cluster/argocd/externalsecret.yaml
Normal file
30
cluster/argocd/externalsecret.yaml
Normal file
@@ -0,0 +1,30 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# ExternalSecret — Authentik OIDC credentials for ArgoCD
|
||||
# Pulled from 1Password via Connect Server, materialized as argocd-oidc-secret
|
||||
# in the argocd namespace.
|
||||
#
|
||||
# 1Password item: "argocd-oidc" in the "mk-labs" vault
|
||||
# Fields: client-id, client-secret
|
||||
# ------------------------------------------------------------------------------
|
||||
apiVersion: external-secrets.io/v1beta1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-oidc-secret
|
||||
namespace: argocd
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: onepassword-connect
|
||||
refreshInterval: "1h"
|
||||
target:
|
||||
name: argocd-oidc-secret
|
||||
creationPolicy: Owner
|
||||
data:
|
||||
- secretKey: client-id
|
||||
remoteRef:
|
||||
key: argocd-oidc
|
||||
property: client-id
|
||||
- secretKey: client-secret
|
||||
remoteRef:
|
||||
key: argocd-oidc
|
||||
property: client-secret
|
||||
Reference in New Issue
Block a user