Disable autoSync for harbor and add oidc-bootstrap

argocd-apps/harbor.yaml

@@ -15,7 +15,7 @@ spec:
   destination:
     server: https://kubernetes.default.svc
     namespace: dev-tools
-  syncPolicy:
+  syncPolicy: {}
-    automated:
+    # automated:
-      prune: true
+    #   prune: true
-      selfHeal: true
+    #   selfHeal: true

argocd-apps/oidc-bootstrap.yaml

@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: oidc-bootstrap
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://git.dvirlabs.com/dvirlabs/dev-tools.git
+    targetRevision: HEAD
+    path: manifests/oidc-bootstrap
+    directory:
+      recurse: true
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: dev-tools
+  syncPolicy:
+    automated:
+      prune: false
+      selfHeal: true

manifests/oidc-bootstrap/harbor-oidc-job.yaml

@@ -0,0 +1,35 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: harbor-oidc-setup
+  namespace: dev-tools
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: setup
+          image: curlimages/curl:latest
+          command:
+            - /bin/sh
+            - -c
+            - |
+              echo "Waiting for Harbor..."
+              until curl -k -s https://harbor.dvirlabs.com/api/v2.0/ping; do sleep 5; done
+
+              echo "Applying OIDC settings..."
+              curl -k -u admin:SuperSecurePassword123 \
+                -X PUT https://harbor.dvirlabs.com/api/v2.0/configurations \
+                -H "Content-Type: application/json" \
+                -d '{
+                  "auth_mode": "oidc_auth",
+                  "oidc_name": "keycloak",
+                  "oidc_endpoint": "https://keycloak.dvirlabs.com/realms/lab",
+                  "oidc_client_id": "harbor",
+                  "oidc_client_secret": "XWYmXRJufVHEXncdrVLPIeQWgyBnuq4v",
+                  "oidc_scope": "openid,profile,email",
+                  "oidc_verify_cert": false,
+                  "oidc_auto_onboard": true,
+                  "oidc_user_claim": "preferred_username",
+                  "oidc_groups_claim": "groups"
+                }'