Allow Argo-CD to listen on public ingress, add argo-cd istio policy
This commit is contained in:
parent
84b7be318d
commit
5b9d02db18
@ -1,7 +1,7 @@
|
||||
apiVersion: v2
|
||||
description: KubeZero ArgoCD Helm chart to install ArgoCD itself and the KubeZero ArgoCD Application
|
||||
name: kubezero-argo-cd
|
||||
version: 0.3.2
|
||||
version: 0.3.3
|
||||
home: https://kubezero.com
|
||||
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
|
||||
keywords:
|
||||
|
@ -0,0 +1,23 @@
|
||||
{{- if index .Values "argo-cd" "istio" "enabled" }}
|
||||
apiVersion: security.istio.io/v1beta1
|
||||
kind: AuthorizationPolicy
|
||||
metadata:
|
||||
name: argocd-allow-only
|
||||
namespace: istio-system
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: istio-ingressgateway
|
||||
rules:
|
||||
{{- if index .Values "argo-cd" "istio" "ipBlocks" }}
|
||||
- from:
|
||||
- source:
|
||||
ipBlocks:
|
||||
{{- with index .Values "argo-cd" "istio" "ipBlocks" }}
|
||||
{{- . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
to:
|
||||
- operation:
|
||||
hosts: ["{{ index .Values "argo-cd" "server" "config" "url" }}"]
|
||||
{{- end }}
|
@ -71,3 +71,4 @@ argo-cd:
|
||||
enabled: false
|
||||
# argo-cd.istio.gateway -- Name of the Istio gateway to add the VirtualService to
|
||||
gateway: ingressgateway.istio-system.svc.cluster.local
|
||||
ipBlocks: []
|
||||
|
@ -93,5 +93,5 @@ argo-cd:
|
||||
{{- if and ( not .Values.bootstrap ) .Values.istio.enabled }}
|
||||
istio:
|
||||
enabled: {{ index .Values "argo-cd" "istio" "enabled" }}
|
||||
gateway: private-ingressgateway.istio-system.svc.cluster.local
|
||||
gateway: {{ index .Values "argo-cd" "istio" "gateway" }}
|
||||
{{- end }}
|
||||
|
@ -28,3 +28,4 @@ prometheus:
|
||||
|
||||
argo-cd:
|
||||
server: {}
|
||||
gateway: private-ingressgateway.istio-system.svc.cluster.local
|
||||
|
Loading…
Reference in New Issue
Block a user