92 lines
2.5 KiB
YAML
92 lines
2.5 KiB
YAML
---
|
|
# ArgoCD Server Ingress
|
|
# Note: ArgoCD by default uses gRPC which requires special handling
|
|
apiVersion: networking.k8s.io/v1
|
|
kind: Ingress
|
|
metadata:
|
|
name: argocd-server
|
|
namespace: argocd
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
external-dns.alpha.kubernetes.io/hostname: argocd.dooplex.hu,argocd.home
|
|
nginx.ingress.kubernetes.io/ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
set $geo_allowed 0;
|
|
if ($remote_addr ~ "^192\.168\.") { set $geo_allowed 1; }
|
|
if ($remote_addr ~ "^10\.") { set $geo_allowed 1; }
|
|
if ($geoip2_country_code = "HU") { set $geo_allowed 1; }
|
|
if ($geo_allowed = 0) {
|
|
return 403 "Access restricted to Hungary";
|
|
}
|
|
spec:
|
|
ingressClassName: nginx-internal
|
|
tls:
|
|
- hosts:
|
|
- argocd.dooplex.hu
|
|
secretName: argocd-server-tls
|
|
rules:
|
|
- host: argocd.dooplex.hu
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: argocd-server
|
|
port:
|
|
number: 80
|
|
- host: argocd.home
|
|
http:
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
backend:
|
|
service:
|
|
name: argocd-server
|
|
port:
|
|
number: 80
|
|
---
|
|
# ArgoCD ConfigMap patches for your environment
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: argocd-cmd-params-cm
|
|
namespace: argocd
|
|
data:
|
|
# Run ArgoCD in insecure mode (TLS terminated at ingress)
|
|
server.insecure: "true"
|
|
# Disable TLS for internal communication
|
|
server.disable.auth: "false"
|
|
---
|
|
# Gitea Repository Secret
|
|
# You'll need to create an access token in Gitea first
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: gitea-repo-creds
|
|
namespace: argocd
|
|
labels:
|
|
argocd.argoproj.io/secret-type: repo-creds
|
|
type: Opaque
|
|
stringData:
|
|
# Template for all repos matching this URL pattern
|
|
url: https://gitea.dooplex.hu
|
|
# Create a token in Gitea: Settings -> Applications -> Generate New Token
|
|
username: admin
|
|
password: "4ec870073d8f3ff46ff1461b253cafcaeea4df65"
|
|
---
|
|
# Alternative: Specific repository configuration
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: homelab-manifests-repo
|
|
namespace: argocd
|
|
labels:
|
|
argocd.argoproj.io/secret-type: repository
|
|
type: Opaque
|
|
stringData:
|
|
type: git
|
|
url: https://gitea.dooplex.hu/admin/homelab-manifests.git
|
|
username: admin
|
|
password: "4ec870073d8f3ff46ff1461b253cafcaeea4df65"
|