From 5ffd029bee6a57aa45a30a38a48e01477eb279c7 Mon Sep 17 00:00:00 2001 From: Vassiliy Yegorov Date: Sat, 11 Mar 2023 09:59:41 +0700 Subject: [PATCH] interga --- 5.Intergation/0.Ldap-federation.sh | 12 ++++++++++++ 5.Intergation/1.links.sh | 4 ++++ 5.Intergation/2.argocd-secret.yaml | 10 ++++++++++ 5.Intergation/3.argocd-cm.yaml | 13 +++++++++++++ 5.Intergation/4.argocd-rbac-cm.yaml | 16 ++++++++++++++++ 6.Addons/argocd-add-rke.yaml | 15 +++++++++++++++ 6 files changed, 70 insertions(+) create mode 100644 5.Intergation/0.Ldap-federation.sh create mode 100644 5.Intergation/1.links.sh create mode 100644 5.Intergation/2.argocd-secret.yaml create mode 100644 5.Intergation/3.argocd-cm.yaml create mode 100644 5.Intergation/4.argocd-rbac-cm.yaml create mode 100644 6.Addons/argocd-add-rke.yaml diff --git a/5.Intergation/0.Ldap-federation.sh b/5.Intergation/0.Ldap-federation.sh new file mode 100644 index 0000000..068e2fc --- /dev/null +++ b/5.Intergation/0.Ldap-federation.sh @@ -0,0 +1,12 @@ +Username LDAP attribute: uid +RDN LDAP attribute: uid +UUID LDAP attribute: uid +User Object Classes: uid +Connection URL Test connection: ldap://id.rmnl.ru +Users DN: cn=users,cn=accounts,dc=rmnl,dc=ru +Custom User LDAP Filter: "" + +Bind DN: uid=system,cn=sysaccounts,cn=etc,dc=rmnl,dc=ru +Bind Credential: + +Connection Timeout: 6000 diff --git a/5.Intergation/1.links.sh b/5.Intergation/1.links.sh new file mode 100644 index 0000000..1d310f7 --- /dev/null +++ b/5.Intergation/1.links.sh @@ -0,0 +1,4 @@ +Valid Redirect URIs: https://argo.rmnl.ru/auth/callback +Base URL: /applications + +Anoteher links: https://argo.rmnl.ru diff --git a/5.Intergation/2.argocd-secret.yaml b/5.Intergation/2.argocd-secret.yaml new file mode 100644 index 0000000..94a6345 --- /dev/null +++ b/5.Intergation/2.argocd-secret.yaml @@ -0,0 +1,10 @@ +echo -n '5OUDHUlU9bJ2A6LtPzmFnD9IgHW6CyjB' | base64 + +apiVersion: v1 +kind: Secret +metadata: + name: argocd-secret +data: + ... + oidc.keycloak.clientSecret: c2Vrb0lFbmJEckNZb2pYMWZOZFRNdmVDckREbkdOYk8= + ... diff --git a/5.Intergation/3.argocd-cm.yaml b/5.Intergation/3.argocd-cm.yaml new file mode 100644 index 0000000..b082a5d --- /dev/null +++ b/5.Intergation/3.argocd-cm.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cm + namespace: argo-cd +data: + url: https://argo.rmnl.ru + oidc.config: | + name: Keycloak + issuer: https://key.rmnl.ru/realms/master + clientID: argocd + clientSecret: $oidc.keycloak.clientSecret + requestedScopes: ["openid", "profile", "email", "groups"] diff --git a/5.Intergation/4.argocd-rbac-cm.yaml b/5.Intergation/4.argocd-rbac-cm.yaml new file mode 100644 index 0000000..1fbf2e2 --- /dev/null +++ b/5.Intergation/4.argocd-rbac-cm.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-rbac-cm +data: + policy.csv: | + g, Argocd-admins, role:admin + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-rbac-cm +data: + policy.csv: | + g, /Argocd-admins, role:admin diff --git a/6.Addons/argocd-add-rke.yaml b/6.Addons/argocd-add-rke.yaml new file mode 100644 index 0000000..8e63d45 --- /dev/null +++ b/6.Addons/argocd-add-rke.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mycluster-secret + namespace: argo-cd + labels: + argocd.argoproj.io/secret-type: cluster +type: Opaque +stringData: + name: mycluster.com + server: https:///k8s/clusters/ + config: | + { + "bearerToken": "", + }