From ac1036cf1c027893b50614580d15f3e618559b83 Mon Sep 17 00:00:00 2001 From: Corentin Closs Date: Fri, 30 Sep 2022 21:20:40 +0200 Subject: [PATCH] website/integrations: Add ArgoCD documentation (#3553) * Add ArgoCD documentation * fix naming and email verification configuration * specify Slug field and update url to specify it has to match the slug value * update preparation note * minor consistency fixes Signed-off-by: Jens Langhammer Signed-off-by: Jens Langhammer Co-authored-by: Jens Langhammer --- website/integrations/services/argocd/index.md | 105 ++++++++++++++++++ website/sidebarsIntegrations.js | 1 + 2 files changed, 106 insertions(+) create mode 100644 website/integrations/services/argocd/index.md diff --git a/website/integrations/services/argocd/index.md b/website/integrations/services/argocd/index.md new file mode 100644 index 000000000..c6c5fca1f --- /dev/null +++ b/website/integrations/services/argocd/index.md @@ -0,0 +1,105 @@ +--- +title: ArgoCD +--- + +Support level: Community + +## What is ArgoCD + +From https://argoproj.github.io/cd/ + +:::note +Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. +::: + +## Preparation + +The following placeholders will be used: + +- `argocd.company` is the FQDN of the ArgoCD install. +- `authentik.company` is the FQDN of the authentik install. + +:::note +Only settings that have been modified from default have been listed. +::: + +## authentik Configuration + +### Step 1 - Provider creation + +In authentik, create an _OAuth2/OpenID Provider_ (under _Applications/Providers_) with these settings: + +- Name: ArgoCD +- Signing Key: Select any available key +- Redirect URIs: + +``` +http://argocd.company/api/dex/callback +http://localhost:8085/auth/callback +``` + +After creating the provider, take note of the `Client ID` and `Client Secret`, you'll need to give them to ArgoCD in the _ArgoCD Configuration_ field. + +### Step 2 - Application creation + +Create a new _Application_ (under _Applications/Applications_) with these settings: + +- Name: ArgoCD +- Provider: ArgoCD +- Slug: argocd + +### Step 3 - ArgoCD Admin Group creation + +Create a new _Group_ (under _Directory/Groups_) that'll be used as the admin group for ArgoCD (if you already have an "admin" group, you can skip this part!) + +- Name: ArgoCD Admins +- Members: Add your user and/or any user that should be an ArgoCD admin + +## ArgoCD Configuration + +:::note +We're not going to use the oidc config, but instead the "dex", oidc doesn't allow ArgoCD CLI usage while DEX does. +::: + +### Step 1 - Add the OIDC Secret to ArgoCD + +In the `argocd-secret` Secret, add the following value to the `data` field: + +```yaml +dex.authentik.clientSecret: +``` + +### Step 2 - Configure ArgoCD to use authentik as OIDC backend + +In the `argocd-cm` ConfigMap, add the following to the data field : + +```yaml +dex.config: | + connectors: + - config: + issuer: http://authentik.company/application/o// + clientID: + clientSecret: $dex.authentik.clientSecret + insecureEnableGroups: true + scopes: + - openid + - profile + - email + - groups + name: authentik + type: oidc + id: authentik +``` + +### Step 3 - Map the `ArgoCD Admins` group to ArgoCD's admin role + +In the `argocd-rbac-cm` ConfigMap, add the following to the data field (or create it if it's not already there) : + +```yaml +policy.csv: | + g, ArgoCD Admins, role:admin +``` + +If you already had an "admin" group and thus didn't create the `ArgoCD Admins` one, just replace `ArgoCD Admins` with your existing group name. + +Apply all the modified manifests, and you should be able to login to ArgoCD both through the UI and the CLI. diff --git a/website/sidebarsIntegrations.js b/website/sidebarsIntegrations.js index 7d7496901..43ca04231 100644 --- a/website/sidebarsIntegrations.js +++ b/website/sidebarsIntegrations.js @@ -13,6 +13,7 @@ module.exports = { label: "Infrastructure", items: [ "services/apache-guacamole/index", + "services/argocd/index", "services/awx-tower/index", "services/fortimanager/index", "services/harbor/index",