From 9ebcf1e75c3a31bb75327486f242984b7bce8340 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christoph=20G=C3=B6rn?= <goern@b4mad.net>
Date: Mon, 6 May 2024 10:09:31 +0200
Subject: [PATCH] refactor: cleanup and decoupling of openshift-gitops and
 op1st-gitops
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christoph Görn <goern@b4mad.net>
---
 manifests/applications/gitops/argocd.yaml     |  1 +
 .../applications/gitops/kustomization.yaml    |  1 +
 manifests/applications/gitops/redis-fix.yaml  | 27 +++++++++++++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 manifests/applications/gitops/redis-fix.yaml

diff --git a/manifests/applications/gitops/argocd.yaml b/manifests/applications/gitops/argocd.yaml
index 2d4c19d4..7254d8c5 100644
--- a/manifests/applications/gitops/argocd.yaml
+++ b/manifests/applications/gitops/argocd.yaml
@@ -89,6 +89,7 @@ spec:
   tls:
     ca: {}
   redis:
+    autotls: openshift
     resources:
       limits:
         cpu: 500m
diff --git a/manifests/applications/gitops/kustomization.yaml b/manifests/applications/gitops/kustomization.yaml
index f7494f5a..fef46471 100644
--- a/manifests/applications/gitops/kustomization.yaml
+++ b/manifests/applications/gitops/kustomization.yaml
@@ -4,6 +4,7 @@ kind: Kustomization
 resources:
   - namespace.yaml
   - argocd.yaml
+  - redis-fix.yaml
 
   - clusters/
   - projects/
diff --git a/manifests/applications/gitops/redis-fix.yaml b/manifests/applications/gitops/redis-fix.yaml
new file mode 100644
index 00000000..c8b61f12
--- /dev/null
+++ b/manifests/applications/gitops/redis-fix.yaml
@@ -0,0 +1,27 @@
+# this is based on https://github.com/argoproj/argo-cd/pull/4660
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: argocd-redis
+rules:
+  - apiGroups:
+      - security.openshift.io
+    resourceNames:
+      - nonroot
+    resources:
+      - securitycontextconstraints
+    verbs:
+      - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: argocd-redis
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: argocd-redis
+subjects:
+  - kind: ServiceAccount
+    name: argocd-argocd-redis