feat argocd sso

e5c3408b · Branden Cobb · runyontr · fb1efa49 · e5c3408b · e5c3408b
Commit e5c3408b authored 4 years ago by Branden Cobb Committed by runyontr 4 years ago
--- a/chart/templates/argocd/argocd-helmrelease.yaml
+++ b/chart/templates/argocd/argocd-helmrelease.yaml
@@ -57,7 +57,20 @@ spec:
    server:
      config:
        url: https://argocd.{{ .Values.hostname }}
-
+    {{- if .Values.addons.argocd.sso.enabled }}
+    sso:
+      enabled: {{ .Values.addons.argocd.sso.enabled }}
+      rbac:
+        policy.csv: {{- toYaml .Values.addons.argocd.sso.groups | nindent 8 }}
+      keycloakClientSecret: {{ .Values.addons.argocd.sso.client_secret }}
+      config:
+        oidc.config: |
+          name: {{ .Values.addons.argocd.sso.provider_name }}
+          issuer: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}
+          clientID: {{ .Values.addons.argocd.sso.client_id }}
+          clientSecret: $oidc.keycloak.clientSecret
+          requestedScopes: ["openid","ArgoCD"]
+    {{- end }}
  {{- if or .Values.monitoring.enabled .Values.istio.enabled }}
  dependsOn:
  {{- if .Values.istio.enabled }}
@@ -69,4 +82,4 @@ spec:
    namespace: {{ .Release.Namespace }}
  {{- end }}
  {{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -195,6 +195,13 @@ addons:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
      path: "./chart"
      tag: "2.9.5-bb.4"
+    sso:
+      enabled: false
+      client_id: "" # sso clientID example: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-argocd
+      provider_name: "" # login as name example: P1 SSO
+      client_secret: ""  # for dev this can be set to anything
+      groups: |
+        g, Impact Level 2 Authorized, role:admin
    values: {}

  authservice: