From be6a43c67e6ca217f65348f88d1e113ef564c9fd Mon Sep 17 00:00:00 2001
From: outductor <inductor.kela+seichi@gmail.com>
Date: Thu, 21 Dec 2023 12:33:05 +0900
Subject: [PATCH] fix dex secret

---
 .../argocd-helm-chart-values.yaml               |  6 ++++++
 terraform/onp_cluster_secrets.tf                | 17 +++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/seichi-onp-k8s/manifests/seichi-kubernetes/argocd-helm-chart-values.yaml b/seichi-onp-k8s/manifests/seichi-kubernetes/argocd-helm-chart-values.yaml
index 6c4030b49..f1b72d3b8 100644
--- a/seichi-onp-k8s/manifests/seichi-kubernetes/argocd-helm-chart-values.yaml
+++ b/seichi-onp-k8s/manifests/seichi-kubernetes/argocd-helm-chart-values.yaml
@@ -92,6 +92,12 @@ controller:
         release: prometheus
 
 dex:
+  env:
+    - name: ARGO_WORKFLOWS_SSO_CLIENT_SECRET
+      valueFrom:
+        secretKeyRef:
+          name: argo-workflows-sso
+          key: client-secret
   resources:
     limits:
       cpu: 100m
diff --git a/terraform/onp_cluster_secrets.tf b/terraform/onp_cluster_secrets.tf
index 198fe502a..a81a9859b 100644
--- a/terraform/onp_cluster_secrets.tf
+++ b/terraform/onp_cluster_secrets.tf
@@ -57,6 +57,23 @@ resource "kubernetes_secret" "onp_argocd_applicationset_controller_github_app_se
 
   type = "Opaque"
 }
+
+resource "kubernetes_secret" "onp_argocd_workflows_sso" {
+  depends_on = [kubernetes_namespace.onp_argocd]
+
+  metadata {
+    name      = "argo-workflows-sso"
+    namespace = "argocd"
+  }
+
+  data = {
+    client-id     = "argo-workflows-sso"
+    client-secret = var.onp_k8s_argo_workflows_sso_client_secret
+  }
+
+  type = "Opaque"
+}
+
 resource "kubernetes_secret" "onp_argo_workflows_sso" {
   depends_on = [kubernetes_namespace.onp_argo]