website/integrations: Add ArgoCD documentation (#3553)

* Add ArgoCD documentation

* fix naming and email verification configuration

* specify Slug field and update url to specify it has to match the slug value

* update preparation note

* minor consistency fixes

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Co-authored-by: Jens Langhammer <jens.langhammer@beryju.org>

website/integrations/services/argocd/index.md

@@ -0,0 +1,105 @@
+---
+title: ArgoCD
+---
+
+<span class="badge badge--secondary">Support level: Community</span>
+
+## What is ArgoCD
+
+From https://argoproj.github.io/cd/
+
+:::note
+Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.
+:::
+
+## Preparation
+
+The following placeholders will be used:
+
+-   `argocd.company` is the FQDN of the ArgoCD install.
+-   `authentik.company` is the FQDN of the authentik install.
+
+:::note
+Only settings that have been modified from default have been listed.
+:::
+
+## authentik Configuration
+
+### Step 1 - Provider creation
+
+In authentik, create an _OAuth2/OpenID Provider_ (under _Applications/Providers_) with these settings:
+
+-   Name: ArgoCD
+-   Signing Key: Select any available key
+-   Redirect URIs:
+
+```
+http://argocd.company/api/dex/callback
+http://localhost:8085/auth/callback
+```
+
+After creating the provider, take note of the `Client ID` and `Client Secret`, you'll need to give them to ArgoCD in the _ArgoCD Configuration_ field.
+
+### Step 2 - Application creation
+
+Create a new _Application_ (under _Applications/Applications_) with these settings:
+
+-   Name: ArgoCD
+-   Provider: ArgoCD
+-   Slug: argocd
+
+### Step 3 - ArgoCD Admin Group creation
+
+Create a new _Group_ (under _Directory/Groups_) that'll be used as the admin group for ArgoCD (if you already have an "admin" group, you can skip this part!)
+
+-   Name: ArgoCD Admins
+-   Members: Add your user and/or any user that should be an ArgoCD admin
+
+## ArgoCD Configuration
+
+:::note
+We're not going to use the oidc config, but instead the "dex", oidc doesn't allow ArgoCD CLI usage while DEX does.
+:::
+
+### Step 1 - Add the OIDC Secret to ArgoCD
+
+In the `argocd-secret` Secret, add the following value to the `data` field:
+
+```yaml
+dex.authentik.clientSecret: <base 64 encoded value of the Client Secret from the Provider above>
+```
+
+### Step 2 - Configure ArgoCD to use authentik as OIDC backend
+
+In the `argocd-cm` ConfigMap, add the following to the data field :
+
+```yaml
+dex.config: |
+    connectors:
+    - config:
+        issuer: http://authentik.company/application/o/<application slug defined in step 2>/
+        clientID: <client ID from the Provider above>
+        clientSecret: $dex.authentik.clientSecret
+        insecureEnableGroups: true
+        scopes:
+          - openid
+          - profile
+          - email
+          - groups
+      name: authentik
+      type: oidc
+      id: authentik
+```
+
+### Step 3 - Map the `ArgoCD Admins` group to ArgoCD's admin role
+
+In the `argocd-rbac-cm` ConfigMap, add the following to the data field (or create it if it's not already there) :
+
+```yaml
+policy.csv: |
+    g, ArgoCD Admins, role:admin
+```
+
+If you already had an "admin" group and thus didn't create the `ArgoCD Admins` one, just replace `ArgoCD Admins` with your existing group name.
+
+Apply all the modified manifests, and you should be able to login to ArgoCD both through the UI and the CLI.

website/sidebarsIntegrations.js

@@ -13,6 +13,7 @@ module.exports = {
                     label: "Infrastructure",
                     items: [
                         "services/apache-guacamole/index",
+                        "services/argocd/index",
                         "services/awx-tower/index",
                         "services/fortimanager/index",
                         "services/harbor/index",