Configure Github SSO login for ArgoCD

Brutus5000 · Brutus5000 · commit 50a2fda67ce5 · 2023-11-15T23:40:44.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 certs
-spicy-secrets/**
+spicy-secrets/**
+**/charts
diff --git a/app-set-prod.yaml b/app-set-prod.yaml
@@ -33,8 +33,8 @@ spec:
         helm:
           ignoreMissingValueFiles: true
           valueFiles:
-          - /config/prod.yaml
-
+          - '/config/prod.yaml'
+          - '/{{path}}/values-prod.yaml'
 
 ---
 apiVersion: argoproj.io/v1alpha1
@@ -72,4 +72,4 @@ spec:
           ignoreMissingValueFiles: true
           valueFiles:
           - '/config/prod.yaml'
-          - '{{path}}/values.yaml'
+          - '/{{path}}/values-prod.yaml'
diff --git a/app-set-test.yaml b/app-set-test.yaml
@@ -34,6 +34,7 @@ spec:
           ignoreMissingValueFiles: true
           valueFiles:
           - /config/test.yaml
+          - '/{{path}}/values-test.yaml'
 
 
 ---
@@ -71,5 +72,5 @@ spec:
         helm:
           ignoreMissingValueFiles: true
           valueFiles:
-          - '/config/test.yaml'
-          - '{{path}}/values.yaml'
+          - /config/test.yaml
+          - '/{{path}}/values-test.yaml'
diff --git a/cluster/argocd/templates/secret.yaml b/cluster/argocd/templates/secret.yaml
@@ -0,0 +1,17 @@
+apiVersion: secrets.infisical.com/v1alpha1
+kind: InfisicalSecret
+metadata:
+  name: dex-github
+  namespace: faf-ops
+spec:
+  authentication:
+    serviceToken:
+      serviceTokenSecretReference:
+        secretName: infisical-service-token
+        secretNamespace: faf-ops
+      secretsScope:
+        envSlug: {{.Values.infisicalSlug}}
+        secretsPath: "/argocd"
+  managedSecretReference:
+    secretName: dex-github
+    secretNamespace: argocd
diff --git a/cluster/argocd/values-test.yaml b/cluster/argocd/values-test.yaml
@@ -0,0 +1,20 @@
+argo-cd:
+  config.cm:
+    dex.config: |
+      connectors:
+      - type: github
+        # Required field for connector id.
+        id: github
+        # Required field for connector name.
+        name: GitHub
+        config:
+          clientID: 838e6d390d5cf6932ca5
+          clientSecret: $dex-github:GITHUB_CLIENT_SECRET
+          orgs:
+            - name: FAForever
+              # A white list of teams. Only include group claims for these teams.
+              teams:
+                - argocd-test
+            # Flag which indicates that all user groups and teams should be loaded.
+            loadAllGroups: false
+            useLoginAsID: false
diff --git a/cluster/argocd/values.yaml b/cluster/argocd/values.yaml
@@ -0,0 +1,4 @@
+argo-cd:
+  global:
+    deploymentAnnotations:
+      reloader.stakater.com/auto: "true"
