Enable auto sync on all apps

Add headlamp-admin sa
Fix sync policy for headlamp
2026-03-16 07:58:38 +02:00 · 2026-03-16 07:31:39 +02:00 · 2026-03-16 07:27:28 +02:00 · 2026-03-16 06:27:58 +02:00 · 2026-03-16 06:27:00 +02:00 · 2026-03-16 06:19:02 +02:00
16 changed files with 110 additions and 11 deletions
--- a/argocd-apps/argocd.yaml
+++ b/argocd-apps/argocd.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: argocd
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  source:
@ -16,5 +18,8 @@ spec:
    server: https://kubernetes.default.svc
    namespace: argocd
  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
    syncOptions:
      - CreateNamespace=true
--- a/argocd-apps/bitnami-minio.yaml
+++ b/argocd-apps/bitnami-minio.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: minio-bitnami
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  source:
@ -15,3 +17,8 @@ spec:
  destination:
    server: https://kubernetes.default.svc
    namespace: infra
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+
--- a/argocd-apps/caretta.yaml
+++ b/argocd-apps/caretta.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: caretta
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  source:
@ -16,5 +18,8 @@ spec:
    server: https://kubernetes.default.svc
    namespace: caretta
  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
    syncOptions:
      - CreateNamespace=true
--- a/argocd-apps/cert-manager.yaml
+++ b/argocd-apps/cert-manager.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: cert-manager
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  source:
@ -16,5 +18,8 @@ spec:
    server: https://kubernetes.default.svc
    namespace: cert-manager
  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
    syncOptions:
      - CreateNamespace=true
--- a/argocd-apps/cloudflared.yaml
+++ b/argocd-apps/cloudflared.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: cloudflared
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  destination:
@ -14,4 +16,10 @@ spec:
    path: charts/cloudflare-tunnel
    helm:
      valueFiles:
-        - ../../manifests/cloudflared/values.yaml
+        - ../../manifests/cloudflared/values.yaml
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
--- a/argocd-apps/headlamp.yaml
+++ b/argocd-apps/headlamp.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: headlamp
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  source:
@ -15,3 +17,8 @@ spec:
  destination:
    server: https://kubernetes.default.svc
    namespace: infra
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+
--- a/argocd-apps/keycloak.yaml
+++ b/argocd-apps/keycloak.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: keycloak
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  source:
@ -14,4 +16,8 @@ spec:
        - ../../manifests/keycloak/values.yaml
  destination:
    server: https://kubernetes.default.svc
-    namespace: infra
+    namespace: infra
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
--- a/argocd-apps/local-path-provisioner.yaml
+++ b/argocd-apps/local-path-provisioner.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: local-path-provisioner
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  destination:
@ -16,5 +18,7 @@ spec:
      valueFiles:
        - ../../manifests/local-path-provisioner/values.yaml
  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true
+
--- a/argocd-apps/metallb-base.yaml
+++ b/argocd-apps/metallb-base.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: metallb-base
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  source:
@ -23,3 +25,9 @@ spec:
    kind: CustomResourceDefinition
    jsonPointers:
      - /spec/conversion/webhook/clientConfig/caBundle
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
--- a/argocd-apps/metallb-config.yaml
+++ b/argocd-apps/metallb-config.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: metallb-config
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  source:
@ -12,3 +14,9 @@ spec:
  destination:
    server: https://kubernetes.default.svc
    namespace: metallb-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
--- a/argocd-apps/nfs-subdir.yaml
+++ b/argocd-apps/nfs-subdir.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: nfs-subdir
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  source:
@ -15,3 +17,8 @@ spec:
  destination:
    server: https://kubernetes.default.svc
    namespace: infra
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+
--- a/argocd-apps/nvidia-device-plugin.yaml
+++ b/argocd-apps/nvidia-device-plugin.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: nvidia-device-plugin
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  source:
@ -13,5 +15,6 @@ spec:
    server: https://kubernetes.default.svc
    namespace: kube-system
  syncPolicy:
-    syncOptions:
-      - CreateNamespace=false
+    automated:
+      prune: true
+      selfHeal: true
--- a/argocd-apps/radar.yaml
+++ b/argocd-apps/radar.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: radar
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  source:
@ -15,3 +17,8 @@ spec:
  destination:
    server: https://kubernetes.default.svc
    namespace: infra
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+
--- a/argocd-apps/raw-resources.yaml
+++ b/argocd-apps/raw-resources.yaml
@ -3,6 +3,8 @@ kind: Application
 metadata:
  name: raw-resources
  namespace: argocd
+  labels:
+    env: infra
 spec:
  project: infra
  source:
@ -15,8 +17,6 @@ spec:
    server: https://kubernetes.default.svc
    namespace: infra
  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
    automated:
      prune: true
      selfHeal: true
--- a/manifests/headlamp/values.yaml
+++ b/manifests/headlamp/values.yaml
@ -7,13 +7,14 @@ image:
  tag: "v0.40.1"

 config:
-  baseURL: ""
+  inCluster: true
  oidc:
    clientID: headlamp
-    clientSecret: lPpiDSlF74VGLhbxCfW7cFpRfcUGjxv7
+    clientSecret: ""
    issuerURL: https://keycloak.dvirlabs.com/realms/lab
-    scopes: openid,profile,email,groups
+    scopes: profile,email
    callbackURL: https://headlamp.dvirlabs.com/oidc-callback
+    usePKCE: true

 serviceAccount:
  create: true
--- a/manifests/raw/keycloak/headlamp/headlamp-admin.yaml
+++ b/manifests/raw/keycloak/headlamp/headlamp-admin.yaml
@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: headlamp-sa
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: headlamp-sa-binding
+subjects:
+  - kind: ServiceAccount
+    name: headlamp-sa
+    namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
Author	SHA1	Message	Date
dvirlabs	4386eca8c5	Enable auto sync on all apps	2026-03-16 07:58:38 +02:00
dvirlabs	76658cb38e	Add headlamp-admin sa	2026-03-16 07:31:39 +02:00
dvirlabs	a7bb9f70b3	Fix sync policy for headlamp	2026-03-16 07:27:28 +02:00
dvirlabs	f7541dce54	Fix headlamp oidc	2026-03-16 06:27:58 +02:00
dvirlabs	e8fdf7a0b7	Fix headlamp oidc	2026-03-16 06:27:00 +02:00
dvirlabs	2abd06a152	Fix headlamp oidc	2026-03-16 06:19:02 +02:00
dvirlabs	cf318dd886	Set headlamp app auttosync	2026-03-16 06:16:52 +02:00
dvirlabs	b29ae2f613	Set headlamp app auttosync	2026-03-16 06:15:19 +02:00
dvirlabs	81a8851ec1	Fix headlamp oidc	2026-03-16 06:14:29 +02:00
dvirlabs	4520178421	Fix headlamp oidc	2026-03-16 06:06:30 +02:00