REFACTOR(argocd): move config files to manifests/

- Move namespace.yaml to manifests/ - Move argocd-cm.yaml to manifests/ - Move argocd-rbac-cm.yaml to manifests/ - Move argocd-cmd-params-cm.yaml to manifests/ - Move ingress.yaml to manifests/
2026-01-06 15:42:19 +09:00
parent 82781cb4f1
commit 045967b265
6 changed files with 5 additions and 5 deletions
--- a/argocd/manifests/argocd-cm.yaml
+++ b/argocd/manifests/argocd-cm.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cm
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: argocd-cm
+    app.kubernetes.io/part-of: argocd
+data:
+  # Enable anonymous access (Authelia handles authentication)
+  users.anonymous.enabled: "true"
+  # Reconciliation interval (default: 180s)
+  # Set to 24h to reduce memory usage - manual Refresh/Sync when needed
+  timeout.reconciliation: "24h"
--- a/argocd/manifests/argocd-cmd-params-cm.yaml
+++ b/argocd/manifests/argocd-cmd-params-cm.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cmd-params-cm
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: argocd-cmd-params-cm
+    app.kubernetes.io/part-of: argocd
+data:
+  # Run ArgoCD server in insecure mode (let ingress handle TLS)
+  server.insecure: "true"
--- a/argocd/manifests/argocd-rbac-cm.yaml
+++ b/argocd/manifests/argocd-rbac-cm.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-rbac-cm
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: argocd-rbac-cm
+    app.kubernetes.io/part-of: argocd
+data:
+  # Grant admin role to anonymous users (Authelia handles authentication)
+  policy.csv: |
+    g, , role:admin
+  policy.default: role:admin
--- a/argocd/manifests/ingress.yaml
+++ b/argocd/manifests/ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server-ingress
+  namespace: argocd
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
+spec:
+  ingressClassName: traefik
+  tls:
+  - hosts:
+    - argocd0213.kro.kr
+    secretName: argocd-server-tls
+  rules:
+  - host: argocd0213.kro.kr
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argocd-server
+            port:
+              number: 80
--- a/argocd/manifests/namespace.yaml
+++ b/argocd/manifests/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: argocd
+  labels:
+    goldilocks.fairwinds.com/enabled: "true"