From 7a1a08f7f85c7108b53b7d45f38122bf49abd03b Mon Sep 17 00:00:00 2001
From: dvirlabs <dvirlabs@gmail.com>
Date: Sat, 31 May 2025 23:03:36 +0300
Subject: [PATCH] Disable autoSync for harbor and add oidc-bootstrap

---
 argocd-apps/harbor.yaml                       |  8 ++---
 argocd-apps/oidc-bootstrap.yaml               | 20 +++++++++++
 manifests/oidc-bootstrap/harbor-oidc-job.yaml | 35 +++++++++++++++++++
 3 files changed, 59 insertions(+), 4 deletions(-)
 create mode 100644 argocd-apps/oidc-bootstrap.yaml
 create mode 100644 manifests/oidc-bootstrap/harbor-oidc-job.yaml

diff --git a/argocd-apps/harbor.yaml b/argocd-apps/harbor.yaml
index 0746081..4a05ef7 100644
--- a/argocd-apps/harbor.yaml
+++ b/argocd-apps/harbor.yaml
@@ -15,7 +15,7 @@ spec:
   destination:
     server: https://kubernetes.default.svc
     namespace: dev-tools
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: true
+  syncPolicy: {}
+    # automated:
+    #   prune: true
+    #   selfHeal: true
diff --git a/argocd-apps/oidc-bootstrap.yaml b/argocd-apps/oidc-bootstrap.yaml
new file mode 100644
index 0000000..e03d6cb
--- /dev/null
+++ b/argocd-apps/oidc-bootstrap.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: oidc-bootstrap
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/dev-tools.git
+    targetRevision: HEAD
+    path: manifests/oidc-bootstrap
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: dev-tools
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true
diff --git a/manifests/oidc-bootstrap/harbor-oidc-job.yaml b/manifests/oidc-bootstrap/harbor-oidc-job.yaml
new file mode 100644
index 0000000..d6d7782
--- /dev/null
+++ b/manifests/oidc-bootstrap/harbor-oidc-job.yaml
@@ -0,0 +1,35 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: harbor-oidc-setup
+  namespace: dev-tools
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: setup
+          image: curlimages/curl:latest
+          command:
+            - /bin/sh
+            - -c
+            - |
+              echo "Waiting for Harbor..."
+              until curl -k -s https://harbor.dvirlabs.com/api/v2.0/ping; do sleep 5; done
+
+              echo "Applying OIDC settings..."
+              curl -k -u admin:SuperSecurePassword123 \
+                -X PUT https://harbor.dvirlabs.com/api/v2.0/configurations \
+                -H "Content-Type: application/json" \
+                -d '{
+                  "auth_mode": "oidc_auth",
+                  "oidc_name": "keycloak",
+                  "oidc_endpoint": "https://keycloak.dvirlabs.com/realms/lab",
+                  "oidc_client_id": "harbor",
+                  "oidc_client_secret": "XWYmXRJufVHEXncdrVLPIeQWgyBnuq4v",
+                  "oidc_scope": "openid,profile,email",
+                  "oidc_verify_cert": false,
+                  "oidc_auto_onboard": true,
+                  "oidc_user_claim": "preferred_username",
+                  "oidc_groups_claim": "groups"
+                }'