feat: configure argo-workflows

registry/clusters/dev/components/20-argo-workflows.yaml

@@ -0,0 +1,47 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argo-workflows-components
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/mrsimonemms/infrastructure
+    path: registry/components/argo-workflows
+    targetRevision: HEAD
+    kustomize:
+      patches:
+        - target:
+            group: argoproj.io
+            version: v1alpha1
+            kind: Application
+            name: argo-workflows
+          patch: |-
+            - op: replace
+              path: /spec/source/helm/valuesObject/server/sso/issuer
+              value: https://oidc.dev.simonemms.com
+            - op: replace
+              path: /spec/source/helm/valuesObject/server/sso/insecureSkipVerify
+              value: true
+            - op: replace
+              path: /spec/source/helm/valuesObject/server/ingress/hosts/0
+              value: workflows.dev.simonemms.com
+            - op: replace
+              path: /spec/source/helm/valuesObject/server/ingress/tls/0/hosts/0
+              value: workflows.dev.simonemms.com
+            - op: replace
+              path: /spec/source/helm/valuesObject/server/ingress/annotations/cert-manager.io~1cluster-issuer
+              value: letsencrypt-staging
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argo-workflows
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

registry/clusters/prod/components/20-argo-workflows.yaml

@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argo-workflows-components
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "20"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://github.com/mrsimonemms/infrastructure
+    path: registry/components/argo-workflows
+    targetRevision: HEAD
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argo-workflows
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

registry/components/argo-workflows/application.yaml

@@ -0,0 +1,70 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argo-workflows
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "10"
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    chart: argo-workflows
+    repoURL: https://argoproj.github.io/argo-helm
+    targetRevision: 0.45.2
+    helm:
+      valuesObject:
+        artifactRepository:
+          s3:
+            accessKeySecret:
+              name: bum
+              key: accesskey
+            secretKeySecret:
+              name: bum
+              key: secretkey
+            insecure: false
+            bucket: sje-data
+            endpoint: your-objectstorage.com
+            region: nbg1
+            useSDKCreds: false
+            encryptionOptions:
+              enableEncryption: true
+        controller:
+          deploymentAnnotations:
+            configmap.reloader.stakater.com/reload: argo-workflows-workflow-controller-configmap
+            secret.reloader.stakater.com/reload: argo-server-sso
+        server:
+          deploymentAnnotations:
+            configmap.reloader.stakater.com/reload: argo-workflows-workflow-controller-configmap
+            secret.reloader.stakater.com/reload: argo-server-sso
+          authModes:
+            - sso
+          sso:
+            enabled: true
+            issuer: https://oidc.simonemms.com
+            insecureSkipVerify: false
+            userInfoPath: /userinfo
+            rbac:
+              enabled: false
+          ingress:
+            enabled: true
+            ingressClassName: nginx
+            annotations:
+              kubernetes.io/tls-acme: "true"
+              cert-manager.io/cluster-issuer: letsencrypt
+            hosts:
+              - workflows.simonemms.com
+            tls:
+              - hosts:
+                  - workflows.simonemms.com
+                secretName: workflows-tls
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argo-workflows
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true

registry/components/argo-workflows/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - application.yaml
+  - namespace.yaml
+  - secret.yaml

registry/components/argo-workflows/namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: argo-workflows
+  labels:
+    prometheus: enabled
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"

registry/components/argo-workflows/secret.yaml

@@ -0,0 +1,27 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: argo-server-sso
+  namespace: argo-workflows
+  annotations:
+    argocd.argoproj.io/sync-wave: "10"
+spec:
+  refreshInterval: 30s
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: bitwarden
+  target:
+    name: argo-server-sso
+  data:
+    - secretKey: client-id
+      remoteRef:
+        key: OIDC_CLIENT_ID
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None
+    - secretKey: client-secret
+      remoteRef:
+        key: OIDC_CLIENT_SECRET
+        conversionStrategy: Default
+        decodingStrategy: None
+        metadataPolicy: None

registry/components/dex/secret.yaml

@@ -11,6 +11,7 @@ spec:
   data:
     base_url: https://oidc.simonemms.com
     argocd_url: https://argocd.simonemms.com
+    argo_workflows_url: https://workflows.simonemms.com
     grafana_url: https://grafana.simonemms.com
     homepage_url: https://homepage.simonemms.com
 ---
@@ -43,6 +44,7 @@ spec:
               secret: {{ .oidc_client_secret }}
               redirectURIs:
                 - {{ .argocd_url }}/auth/callback
+                - {{ .argo_workflows_url }}/oauth2/callback
                 - {{ .grafana_url }}/login/generic_oauth
                 - {{ .homepage_url }}/oauth2/callback
           connectors: