diff --git a/argocd/argocd-cm.yaml b/argocd/argocd-cm.yaml new file mode 100644 index 0000000..355c88f --- /dev/null +++ b/argocd/argocd-cm.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-cm + namespace: argocd + labels: + app.kubernetes.io/name: argocd-cm + app.kubernetes.io/part-of: argocd +data: + # Enable anonymous access (Authelia handles authentication) + users.anonymous.enabled: "true" diff --git a/argocd/argocd-rbac-cm.yaml b/argocd/argocd-rbac-cm.yaml new file mode 100644 index 0000000..2c2325a --- /dev/null +++ b/argocd/argocd-rbac-cm.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-rbac-cm + namespace: argocd + labels: + app.kubernetes.io/name: argocd-rbac-cm + app.kubernetes.io/part-of: argocd +data: + # Grant admin role to anonymous users (Authelia handles authentication) + policy.csv: | + g, , role:admin + policy.default: role:admin diff --git a/argocd/ingress.yaml b/argocd/ingress.yaml index 28cb184..37acc02 100644 --- a/argocd/ingress.yaml +++ b/argocd/ingress.yaml @@ -5,6 +5,7 @@ metadata: namespace: argocd annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" + traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd spec: ingressClassName: traefik tls: diff --git a/argocd/kustomization.yaml b/argocd/kustomization.yaml index 46cc2d0..dc5bb02 100644 --- a/argocd/kustomization.yaml +++ b/argocd/kustomization.yaml @@ -2,5 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - namespace.yaml +- argocd-cm.yaml +- argocd-rbac-cm.yaml - argocd-cmd-params-cm.yaml - ingress.yaml diff --git a/traefik/ingress.yaml b/traefik/ingress.yaml index cacba3c..b6bd902 100644 --- a/traefik/ingress.yaml +++ b/traefik/ingress.yaml @@ -5,6 +5,7 @@ metadata: namespace: kube-system annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" + traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd spec: ingressClassName: traefik tls: