Add persistent ArgoCD configs for git-server

- git-server-repo-creds.yaml: Repository credential secret for SSH auth - git-server-known-hosts.yaml: SSH known_hosts for git-server - Ensures configs survive cluster restarts
author: Paul Buetow <paul@buetow.org> 2026-01-10 11:24:36 +0200
committer: Paul Buetow <paul@buetow.org> 2026-01-10 11:24:36 +0200
commit: eff2c9cfdf5baa522b1006623e156a9d64d0eced (patch)
tree: 1765486939e3ec616a7dbd46cfacdd4d6b9331c5 /f3s
parent: 8e9f1eac97dd5c8550fa1e990c1f01f1f285de23 (diff)
2 files changed, 41 insertions, 0 deletions
diff --git a/f3s/argocd/git-server-known-hosts.yaml b/f3s/argocd/git-server-known-hosts.yaml
new file mode 100644
index 0000000..1b3b8ce
--- /dev/null
+++ b/f3s/argocd/git-server-known-hosts.yaml
@@ -0,0 +1,19 @@
+# ArgoCD SSH known_hosts configuration for git-server
+# This ConfigMap adds the git-server SSH host keys to ArgoCD's known_hosts
+# so that ArgoCD can verify the server's identity when cloning repositories
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-ssh-known-hosts-cm
+  namespace: cicd
+  labels:
+    app.kubernetes.io/name: argocd-cm
+    app.kubernetes.io/part-of: argocd
+data:
+  ssh_known_hosts: |
+    # git-server.cicd.svc.cluster.local SSH host keys (ed25519 and rsa only)
+    git-server.cicd.svc.cluster.local ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINqfstttRe6qVZWB+JCTD7BogfHqxfyyhJ5VqOR2asYq
+    git-server.cicd.svc.cluster.local ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZgI8CnekdB12qxZQXftz6qa18NJWz2bjtwd5H6UShTCao71ovvGMVkCQsKXv+PwW9ONHnmtO8EwCEPxhfGW7g7RpZu/mmzKTdEI9FUZTY+TapwLOJwYMRh423wOAn2jcSsVe2iGQbDXiRuNHTPZSXB3fOqsdoL11hCL36QoplfKwMGbIQRvE2KgPZXDZshNWJGJ6VF+rPy/Uyrg7w+hOg5Mjv1F0RxMrcKEyEOHDoJBSH/iruE2K4Ip+FiKOkaILq+Tp6KG8U/Pc/wv9XMQkbUT7l4jEbE4vnBpOztQDPS/bk6LoRBN64CvAyZDy1XL7mpjhqQNNNQZOPQ8Esm6cGk7johsWdlN0GHoPk8wDMIBHK4OebmBafuD9YzrnHcy0asnRKTSq6WcVfEgRpsH1kZRpqYk5PwjUxyZgInb/jvcHTwr/zP9nR0fMHbFCq/Q4A5/FpvgJUcIOqdXaeue0Y2jnT8nrBzKf1FU6u3caciCEZraKBgFCds04OUOZd/4U=
+
+    # Codeberg.org SSH host keys
+    codeberg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIVIC02vnjFyL+I4RHfvIGNtOgJMe769VTF1VR4EB3ZB
diff --git a/f3s/argocd/git-server-repo-creds.yaml b/f3s/argocd/git-server-repo-creds.yaml
new file mode 100644
index 0000000..54207bc
--- /dev/null
+++ b/f3s/argocd/git-server-repo-creds.yaml
@@ -0,0 +1,22 @@
+# ArgoCD Repository Credential for self-hosted git-server
+# This secret tells ArgoCD how to authenticate to the git-server via SSH
+apiVersion: v1
+kind: Secret
+metadata:
+  name: git-server-repo-creds
+  namespace: cicd
+  labels:
+    argocd.argoproj.io/secret-type: repository
+type: Opaque
+stringData:
+  type: git
+  url: ssh://git@git-server.cicd.svc.cluster.local
+  insecure: "true"
+  sshPrivateKey: |
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACAIRE5bIG/4OUmjDzSVif7eLitZ+GW5PksuiMlBJfhHGAAAAJgGCa9qBgmv
+    agAAAAtzc2gtZWQyNTUxOQAAACAIRE5bIG/4OUmjDzSVif7eLitZ+GW5PksuiMlBJfhHGA
+    AAAEAbwYhRydHh8HlKI35Takf/1qCSvZmdJBzbngvz5Zv1bwhETlsgb/g5SaMPNJWJ/t4u
+    K1n4Zbk+Sy6IyUEl+EcYAAAAEmFyZ29jZEBmM3MuY2x1c3RlcgECAw==
+    -----END OPENSSH PRIVATE KEY-----
author	Paul Buetow <paul@buetow.org>	2026-01-10 11:24:36 +0200
committer	Paul Buetow <paul@buetow.org>	2026-01-10 11:24:36 +0200
commit	eff2c9cfdf5baa522b1006623e156a9d64d0eced (patch)
tree	1765486939e3ec616a7dbd46cfacdd4d6b9331c5 /f3s
parent	8e9f1eac97dd5c8550fa1e990c1f01f1f285de23 (diff)