2022-03-16 21:01:30 +00:00
## Argo CD configuration
2019-11-05 00:17:25 +00:00
## Ref: https://github.com/argoproj/argo-cd
##
2021-10-21 11:33:45 +00:00
# -- Provide a name in place of `argocd`
2019-11-05 00:17:25 +00:00
nameOverride : argocd
2021-10-21 11:33:45 +00:00
# -- String to fully override `"argo-cd.fullname"`
2019-11-21 04:40:15 +00:00
fullnameOverride : ""
2024-05-14 15:17:31 +00:00
# -- Override the namespace
# @default -- `.Release.Namespace`
namespaceOverride : ""
2021-10-21 11:33:45 +00:00
# -- Override the Kubernetes version, which is used to evaluate certain manifests
2021-05-23 12:25:26 +00:00
kubeVersionOverride : ""
2022-09-21 11:48:37 +00:00
# Override APIVersions
# If you want to template helm charts but cannot access k8s API server
# you can set api versions here
2024-02-07 21:40:05 +00:00
apiVersionOverrides : {}
2022-09-21 11:48:37 +00:00
2023-01-10 08:58:45 +00:00
# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources
2022-09-21 11:48:37 +00:00
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
createAggregateRoles : false
2023-01-10 08:58:45 +00:00
# -- Create cluster roles for cluster-wide installation.
## Used when you manage applications in the same cluster where Argo CD runs
createClusterRoles : true
2022-09-21 11:48:37 +00:00
openshift :
# -- enables using arbitrary uid for argo repo server
enabled : false
2019-11-21 04:40:15 +00:00
2022-08-25 08:42:43 +00:00
## Custom resource configuration
crds :
# -- Install and upgrade CRDs
install : true
# -- Keep CRDs on chart uninstall
keep : true
# -- Annotations to be added to all CRDs
annotations : {}
2023-05-11 14:06:46 +00:00
# -- Addtional labels to be added to all CRDs
additionalLabels : {}
2022-08-25 08:42:43 +00:00
2022-10-26 13:18:59 +00:00
## Globally shared configuration
2019-11-05 00:17:25 +00:00
global :
2024-02-16 14:44:51 +00:00
# -- Default domain used by all components
## Used for ingresses, certificates, SSO, notifications, etc.
domain : argocd.example.com
2024-09-20 07:59:01 +00:00
# -- Runtime class name for all components
runtimeClassName : ""
2022-10-26 13:18:59 +00:00
# -- Common labels for the all resources
additionalLabels : {}
# app: argo-cd
2022-11-01 19:26:44 +00:00
# -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected.
revisionHistoryLimit : 3
2022-10-26 13:18:59 +00:00
# Default image used by all components
2019-02-13 22:22:11 +00:00
image :
2022-03-16 21:01:30 +00:00
# -- If defined, a repository applied to all Argo CD deployments
2021-04-24 10:50:25 +00:00
repository : quay.io/argoproj/argocd
2022-03-16 21:01:30 +00:00
# -- Overrides the global Argo CD image tag whose default is the chart appVersion
2021-10-21 20:55:34 +00:00
tag : ""
2022-03-16 21:01:30 +00:00
# -- If defined, a imagePullPolicy applied to all Argo CD deployments
2019-11-05 00:17:25 +00:00
imagePullPolicy : IfNotPresent
2022-10-10 20:46:11 +00:00
# -- Secrets with credentials to pull images from a private registry
imagePullSecrets : [ ]
2022-10-26 13:18:59 +00:00
# Default logging options used by all components
2022-08-25 10:41:43 +00:00
logging :
# -- Set the global logging format. Either: `text` or `json`
format : text
# -- Set the global logging level. One of: `debug`, `info`, `warn` or `error`
level : info
2022-10-26 13:18:59 +00:00
2022-11-30 23:25:22 +00:00
# -- Annotations for the all deployed Statefulsets
statefulsetAnnotations : {}
# -- Annotations for the all deployed Deployments
deploymentAnnotations : {}
2021-10-21 11:33:45 +00:00
# -- Annotations for the all deployed pods
2021-08-24 12:48:03 +00:00
podAnnotations : {}
2022-10-26 13:18:59 +00:00
2021-10-21 11:33:45 +00:00
# -- Labels for the all deployed pods
2021-08-24 12:48:03 +00:00
podLabels : {}
2022-10-26 13:18:59 +00:00
2023-05-11 00:39:56 +00:00
# -- Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors.
addPrometheusAnnotations : false
2022-10-26 13:18:59 +00:00
# -- Toggle and define pod-level security context.
# @default -- `{}` (See [values.yaml])
2019-12-16 02:55:09 +00:00
securityContext : {}
# runAsUser: 999
# runAsGroup: 999
# fsGroup: 999
2021-10-21 11:33:45 +00:00
# -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files
2020-03-27 13:49:47 +00:00
hostAliases : [ ]
# - ip: 10.20.30.40
# hostnames:
# - git.myhostname
2019-11-05 00:17:25 +00:00
2024-05-31 12:04:50 +00:00
# Configure dual-stack used by all component services
dualStack :
# -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services)
ipFamilyPolicy : ""
# -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6.
ipFamilies : [ ]
2023-02-17 16:38:17 +00:00
# Default network policy rules used by all components
2021-07-13 06:35:25 +00:00
networkPolicy :
2021-10-21 11:33:45 +00:00
# -- Create NetworkPolicy objects for all components
2021-07-13 06:35:25 +00:00
create : false
2021-10-21 11:33:45 +00:00
# -- Default deny all ingress traffic
2021-07-13 06:35:25 +00:00
defaultDenyIngress : false
2023-03-02 14:28:23 +00:00
# -- Default priority class for all components
priorityClassName : ""
# -- Default node selector for all components
nodeSelector : {}
# -- Default tolerations for all components
2023-04-06 16:16:40 +00:00
tolerations : [ ]
2023-03-02 14:28:23 +00:00
2023-02-17 16:38:17 +00:00
# Default affinity preset for all components
affinity :
2023-03-02 14:28:23 +00:00
# -- Default pod anti-affinity rules. Either: `none`, `soft` or `hard`
2023-02-17 16:38:17 +00:00
podAntiAffinity : soft
# Node affinity rules
nodeAffinity :
2023-03-02 14:28:23 +00:00
# -- Default node affinity rules. Either: `none`, `soft` or `hard`
2023-02-17 16:38:17 +00:00
type : hard
# -- Default match expressions for node affinity
matchExpressions : [ ]
# - key: topology.kubernetes.io/zone
# operator: In
# values:
# - antarctica-east1
# - antarctica-west1
2023-03-02 14:28:23 +00:00
# -- Default [TopologySpreadConstraints] rules for all components
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2023-03-02 14:28:23 +00:00
## If labelSelector is left out, it will default to the labelSelector of the component
topologySpreadConstraints : [ ]
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
2023-04-03 09:58:50 +00:00
# -- Deployment strategy for the all deployed Deployments
deploymentStrategy : {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
2023-03-02 14:28:23 +00:00
2023-06-07 08:52:02 +00:00
# -- Environment variables to pass to all deployed Deployments
env : [ ]
2023-07-11 13:01:02 +00:00
# -- Annotations for the all deployed Certificates
certificateAnnotations : {}
2022-09-21 11:48:37 +00:00
## Argo Configs
configs :
2022-10-25 17:05:38 +00:00
# General Argo CD configuration
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
cm :
2022-11-20 13:29:41 +00:00
# -- Create the argocd-cm configmap for [declarative setup]
2022-10-25 17:05:38 +00:00
create : true
# -- Annotations to be added to argocd-cm configmap
annotations : {}
# -- The name of tracking label used by Argo CD for resource pruning
application.instanceLabelKey : argocd.argoproj.io/instance
# -- Enable logs RBAC enforcement
## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/upgrading/2.3-2.4/#enable-logs-rbac-enforcement
2022-10-29 19:08:16 +00:00
server.rbac.log.enforce.enable : false
2022-10-25 17:05:38 +00:00
# -- Enable exec feature in Argo UI
## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#exec-resource
2022-10-29 19:08:16 +00:00
exec.enabled : false
2022-10-25 17:05:38 +00:00
# -- Enable local admin user
## Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user
2022-10-29 19:08:16 +00:00
admin.enabled : true
2022-10-25 17:05:38 +00:00
# -- Timeout to discover if a new manifests version got published to the repository
timeout.reconciliation : 180s
# -- Timeout to refresh application data as well as target manifests cache
2022-12-13 21:31:00 +00:00
timeout.hard.reconciliation : 0s
2022-10-25 17:05:38 +00:00
2024-04-24 07:07:57 +00:00
# -- Enable Status Badge
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/
statusbadge.enabled : false
2022-10-25 17:05:38 +00:00
# Dex configuration
# dex.config: |
# connectors:
# # GitHub example
# - type: github
# id: github
# name: GitHub
# config:
# clientID: aabbccddeeff00112233
# clientSecret: $dex.github.clientSecret # Alternatively $<some_K8S_secret>:dex.github.clientSecret
# orgs:
# - name: your-github-org
# OIDC configuration as an alternative to dex (optional).
# oidc.config: |
# name: AzureAD
# issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
# clientID: CLIENT_ID
# clientSecret: $oidc.azuread.clientSecret
2022-10-26 13:18:59 +00:00
# rootCA: |
# -----BEGIN CERTIFICATE-----
# ... encoded certificate data here ...
# -----END CERTIFICATE-----
2022-10-25 17:05:38 +00:00
# requestedIDTokenClaims:
# groups:
# essential: true
# requestedScopes:
# - openid
# - profile
# - email
2024-09-30 12:24:51 +00:00
# Extension Configuration
## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/
# extension.config: |
# extensions:
# - name: httpbin
# backend:
# connectionTimeout: 2s
# keepAlive: 15s
# idleConnectionTimeout: 60s
# maxIdleConnections: 30
# services:
# - url: http://httpbin.org
# headers:
# - name: some-header
# value: '$some.argocd.secret.key'
# cluster:
# name: some-cluster
# server: https://some-cluster
2022-10-25 17:05:38 +00:00
# Argo CD configuration parameters
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
params :
2023-06-26 14:31:20 +00:00
# -- Create the argocd-cmd-params-cm configmap
# If false, it is expected the configmap will be created by something else.
create : true
2022-10-25 17:05:38 +00:00
# -- Annotations to be added to the argocd-cmd-params-cm ConfigMap
annotations : {}
## Generic parameters
# -- Open-Telemetry collector address: (e.g. "otel-collector:4317")
otlp.address : ''
## Controller Properties
# -- Number of application status processors
controller.status.processors : 20
# -- Number of application operation processors
controller.operation.processors : 10
# -- Specifies timeout between application self heal attempts
controller.self.heal.timeout.seconds : 5
# -- Repo server RPC call timeout seconds.
controller.repo.server.timeout.seconds : 60
## Server properties
# -- Run server without TLS
2024-02-11 14:52:23 +00:00
## NOTE: This value should be set when you generate params by other means as it changes ports used by ingress template.
2022-10-25 17:05:38 +00:00
server.insecure : false
# -- Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from /
server.basehref : /
# -- Used if Argo CD is running behind reverse proxy under subpath different from /
server.rootpath : ''
# -- Directory path that contains additional static assets
server.staticassets : /shared/app
# -- Disable Argo CD RBAC for user authentication
server.disable.auth : false
# -- Enable GZIP compression
2023-08-08 14:35:41 +00:00
server.enable.gzip : true
2024-09-30 12:24:51 +00:00
# -- Enable proxy extension feature. (proxy extension is in Alpha phase)
server.enable.proxy.extension : false
2022-10-25 17:05:38 +00:00
# -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "".
server.x.frame.options : sameorigin
## Repo-server properties
# -- Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit.
reposerver.parallelism.limit : 0
2023-02-07 15:02:23 +00:00
## ApplicationSet Properties
# -- Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete`
applicationsetcontroller.policy : sync
# -- Enables use of the Progressive Syncs capability
applicationsetcontroller.enable.progressive.syncs : false
2024-09-30 18:24:31 +00:00
# -- A list of glob patterns specifying where to look for ApplicationSet resources. (e.g. `"argocd,argocd-appsets-*"`)
# @default -- `""` (default is only the ns where the controller is installed)
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/
2024-09-25 15:17:55 +00:00
applicationsetcontroller.namespaces : ""
2023-02-07 15:02:23 +00:00
2023-11-10 12:41:09 +00:00
# -- Enables [Applications in any namespace]
## List of additional namespaces where applications may be created in and reconciled from.
## The namespace where Argo CD is installed to will always be allowed.
## Set comma-separated list. (e.g. app-team-one, app-team-two)
application.namespaces : ""
2024-04-26 19:35:49 +00:00
# -- JQ Path expression timeout
## By default, the evaluation of a JQPathExpression is limited to one second.
## If you encounter a "JQ patch execution timed out" error message due to a complex JQPathExpression
## that requires more time to evaluate, you can extend the timeout period.
controller.ignore.normalizer.jq.timeout : "1s"
2022-10-25 17:05:38 +00:00
# Argo CD RBAC policy configuration
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
rbac :
# -- Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions.
# If false, it is expected the configmap will be created by something else.
# Argo CD will not work if there is no configmap created with the name above.
create : true
# -- Annotations to be added to argocd-rbac-cm configmap
annotations : {}
# -- The name of the default role which Argo CD will falls back to, when authorizing API requests (optional).
# If omitted or empty, users may be still be able to login, but will see no apps, projects, etc...
policy.default : ''
# -- File containing user-defined policies and role definitions.
# @default -- `''` (See [values.yaml])
policy.csv : ''
# Policy rules are in the form:
# p, subject, resource, action, object, effect
# Role definitions and bindings are in the form:
# g, subject, inherited-subject
2024-01-15 09:12:39 +00:00
# policy.csv: |
2022-10-25 17:05:38 +00:00
# p, role:org-admin, applications, *, */*, allow
# p, role:org-admin, clusters, get, *, allow
# p, role:org-admin, repositories, *, *, allow
# p, role:org-admin, logs, get, *, allow
# p, role:org-admin, exec, create, */*, allow
# g, your-github-org:your-team, role:org-admin
# -- OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
# The scope value can be a string, or a list of strings.
scopes : "[groups]"
2024-01-22 13:09:08 +00:00
# -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher.
policy.matchMode : "glob"
2022-11-20 13:29:41 +00:00
# GnuPG public keys for commit verification
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
gpg :
# -- Annotations to be added to argocd-gpg-keys-cm configmap
annotations : {}
# -- [GnuPG] public keys to add to the keyring
# @default -- `{}` (See [values.yaml])
## Note: Public keys should be exported with `gpg --export --armor <KEY>`
keys : {}
# 4AEE18F83AFDEB23: |
# -----BEGIN PGP PUBLIC KEY BLOCK-----
# ...
# -----END PGP PUBLIC KEY BLOCK-----
2023-01-21 09:24:46 +00:00
# SSH known hosts for Git repositories
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys
ssh :
2024-12-21 12:05:37 +00:00
# -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm.
create : true
2023-01-21 09:24:46 +00:00
# -- Annotations to be added to argocd-ssh-known-hosts-cm configmap
annotations : {}
# -- Known hosts to be added to the known host list by default.
# @default -- See [values.yaml]
knownHosts : |
2023-06-06 04:34:59 +00:00
[ ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
[ ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
[ ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
2023-05-17 14:24:43 +00:00
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
2023-06-06 04:34:59 +00:00
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
2023-10-30 08:51:56 +00:00
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
2023-01-21 09:24:46 +00:00
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
2023-03-24 09:57:01 +00:00
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
2023-01-21 09:24:46 +00:00
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
# -- Additional known hosts for private repositories
extraHosts : ''
# Repository TLS certificates
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca
tls :
# -- Annotations to be added to argocd-tls-certs-cm configmap
annotations : {}
# -- TLS certificates for Git repositories
# @default -- `{}` (See [values.yaml])
certificates : {}
# server.example.com: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
2022-11-20 13:29:41 +00:00
2025-01-14 10:17:29 +00:00
# -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm.
create : true
2023-03-12 14:00:24 +00:00
# ConfigMap for Config Management Plugins
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/
cmp :
# -- Create the argocd-cmp-cm configmap
create : false
# -- Annotations to be added to argocd-cmp-cm configmap
annotations : {}
# -- Plugin yaml files to be added to argocd-cmp-cm
plugins : {}
# --- First plugin
# my-plugin:
# init:
# command: [sh]
# args: [-c, 'echo "Initializing..."']
# generate:
# command: [sh, -c]
# args:
# - |
# echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
# discover:
# fileName: "./subdir/s*.yaml"
# find:
# glob: "**/Chart.yaml"
# command: [sh, -c, find . -name env.yaml]
# --- Second plugin
# my-plugin2:
# init:
# command: [sh]
# args: [-c, 'echo "Initializing..."']
# generate:
# command: [sh, -c]
# args:
# - |
# echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
# discover:
# fileName: "./subdir/s*.yaml"
# find:
# glob: "**/Chart.yaml"
# command: [sh, -c, find . -name env.yaml]
2022-09-21 11:48:37 +00:00
# -- Provide one or multiple [external cluster credentials]
2024-05-28 13:38:23 +00:00
# @default -- `{}` (See [values.yaml])
2022-09-21 11:48:37 +00:00
## Ref:
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials
2023-03-16 00:08:55 +00:00
## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters
2024-05-28 13:38:23 +00:00
clusterCredentials : {}
# mycluster:
2023-11-19 22:18:57 +00:00
# server: https://mycluster.example.com
2022-09-21 11:48:37 +00:00
# labels: {}
# annotations: {}
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
2024-05-28 13:38:23 +00:00
# mycluster2:
2023-11-19 22:18:57 +00:00
# server: https://mycluster2.example.com
2022-09-21 11:48:37 +00:00
# labels: {}
# annotations: {}
# namespaces: namespace1,namespace2
# clusterResources: true
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
2024-05-28 13:38:23 +00:00
# mycluster3-project-scoped:
2023-11-19 22:18:57 +00:00
# server: https://mycluster3.example.com
2023-03-16 00:08:55 +00:00
# labels: {}
# annotations: {}
# project: my-project1
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
2024-06-25 12:25:46 +00:00
# mycluster4-sharded:
# shard: 1
# server: https://mycluster4.example.com
# labels: {}
# annotations: {}
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
2021-07-09 12:34:09 +00:00
2022-09-21 11:48:37 +00:00
# -- Repository credentials to be used as Templates for other repos
## Creates a secret for each key/value specified below to create repository credentials
credentialTemplates : {}
# github-enterprise-creds-1:
# url: https://github.com/argoproj
# githubAppID: 1
# githubAppInstallationID: 2
# githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3
# githubAppPrivateKey: |
# -----BEGIN OPENSSH PRIVATE KEY-----
# ...
# -----END OPENSSH PRIVATE KEY-----
# https-creds:
# url: https://github.com/argoproj
# password: my-password
# username: my-username
# ssh-creds:
# url: git@github.com:argoproj-labs
# sshPrivateKey: |
# -----BEGIN OPENSSH PRIVATE KEY-----
# ...
# -----END OPENSSH PRIVATE KEY-----
# -- Annotations to be added to `configs.credentialTemplates` Secret
credentialTemplatesAnnotations : {}
# -- Repositories list to be used by applications
## Creates a secret for each key/value specified below to create repositories
2023-08-15 08:57:28 +00:00
## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates".
2022-09-21 11:48:37 +00:00
repositories : {}
# istio-helm-repo:
# url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
# name: istio.io
# type: helm
# private-helm-repo:
# url: https://my-private-chart-repo.internal
# name: private-repo
# type: helm
# password: my-password
# username: my-username
# private-repo:
# url: https://github.com/argoproj/private-repo
# -- Annotations to be added to `configs.repositories` Secret
repositoriesAnnotations : {}
2022-10-26 13:18:59 +00:00
# Argo CD sensitive data
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
2022-09-21 11:48:37 +00:00
secret :
# -- Create the argocd-secret
createSecret : true
2023-01-19 22:14:49 +00:00
# -- Labels to be added to argocd-secret
labels : {}
2022-09-21 11:48:37 +00:00
# -- Annotations to be added to argocd-secret
annotations : {}
# -- Shared secret for authenticating GitHub webhook events
githubSecret : ""
# -- Shared secret for authenticating GitLab webhook events
gitlabSecret : ""
# -- Shared secret for authenticating BitbucketServer webhook events
bitbucketServerSecret : ""
# -- UUID for authenticating Bitbucket webhook events
bitbucketUUID : ""
# -- Shared secret for authenticating Gogs webhook events
gogsSecret : ""
2024-01-21 13:35:46 +00:00
## Azure DevOps
azureDevops :
# -- Shared secret username for authenticating Azure DevOps webhook events
username : ""
# -- Shared secret password for authenticating Azure DevOps webhook events
password : ""
2022-09-21 11:48:37 +00:00
# -- add additional secrets to be added to argocd-secret
## Custom secrets. Useful for injecting SSO secrets into environment variables.
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
## Note that all values must be non-empty.
extra :
{}
# LDAP_PASSWORD: "mypassword"
# -- Bcrypt hashed admin password
## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
argocdServerAdminPassword : ""
# -- Admin password modification time. Eg. `"2006-01-02T15:04:05Z"`
# @default -- `""` (defaults to current time)
argocdServerAdminPasswordMtime : ""
# -- Define custom [CSS styles] for your argo instance.
# This setting will automatically mount the provided CSS and reference it in the argo configuration.
# @default -- `""` (See [values.yaml])
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
styles : ""
# styles: |
2023-09-04 11:01:36 +00:00
# .sidebar {
2022-09-21 11:48:37 +00:00
# background: linear-gradient(to bottom, #999, #777, #333, #222, #111);
# }
2022-01-20 10:51:57 +00:00
# -- Array of extra K8s manifests to deploy
2023-01-10 12:31:57 +00:00
## Note: Supports use of custom Helm templates
2022-01-20 10:51:57 +00:00
extraObjects : [ ]
# - apiVersion: secrets-store.csi.x-k8s.io/v1
# kind: SecretProviderClass
# metadata:
# name: argocd-secrets-store
# spec:
# provider: aws
# parameters:
# objects: |
# - objectName: "argocd"
# objectType: "secretsmanager"
# jmesPath:
# - path: "client_id"
# objectAlias: "client_id"
# - path: "client_secret"
# objectAlias: "client_secret"
# secretObjects:
# - data:
# - key: client_id
# objectName: client_id
# - key: client_secret
# objectName: client_secret
# secretName: argocd-secrets-store
# type: Opaque
# labels:
# app.kubernetes.io/part-of: argocd
2022-10-12 12:55:33 +00:00
## Application controller
2019-11-05 00:17:25 +00:00
controller :
2021-10-21 11:33:45 +00:00
# -- Application controller name string
2019-11-05 00:17:25 +00:00
name : application-controller
2022-10-12 12:55:33 +00:00
# -- The number of application controller pods to run.
# Additional replicas will cause sharding of managed clusters across number of replicas.
2024-02-25 12:47:00 +00:00
## With dynamic cluster distribution turned on, sharding of the clusters will gracefully
## rebalance if the number of replica's changes or one becomes unhealthy. (alpha)
2022-10-12 12:55:33 +00:00
replicas : 1
2024-02-25 12:47:00 +00:00
# -- Enable dynamic cluster distribution (alpha)
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution
## This is done using a deployment instead of a statefulSet
## When replicas are added or removed, the sharding algorithm is re-run to ensure that the
## clusters are distributed according to the algorithm. If the algorithm is well-balanced,
## like round-robin, then the shards will be well-balanced.
dynamicClusterDistribution : false
2024-09-20 07:59:01 +00:00
# -- Runtime class name for the application controller
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName : ""
2024-02-25 12:47:00 +00:00
# -- Application controller heartbeat time
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution
heartbeatTime : 10
2024-02-07 21:40:05 +00:00
# -- Maximum number of controller revisions that will be maintained in StatefulSet history
revisionHistoryLimit : 5
2022-10-12 12:55:33 +00:00
## Application controller Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb :
# -- Deploy a [PodDisruptionBudget] for the application controller
enabled : false
# -- Labels to be added to application controller pdb
labels : {}
# -- Annotations to be added to application controller pdb
annotations : {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable : ""
2023-02-26 16:34:01 +00:00
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
2022-10-12 12:55:33 +00:00
## Has higher precedence over `controller.pdb.minAvailable`
maxUnavailable : ""
## Application controller image
2019-11-21 04:40:15 +00:00
image :
2021-10-21 11:33:45 +00:00
# -- Repository to use for the application controller
# @default -- `""` (defaults to global.image.repository)
repository : ""
# -- Tag to use for the application controller
# @default -- `""` (defaults to global.image.tag)
tag : ""
# -- Image pull policy for the application controller
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy : ""
2022-10-10 20:46:11 +00:00
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets : [ ]
2021-10-21 11:33:45 +00:00
# -- Additional command line arguments to pass to application controller
2020-03-25 16:54:54 +00:00
extraArgs : [ ]
2019-11-05 00:17:25 +00:00
2021-10-21 11:33:45 +00:00
# -- Environment variables to pass to application controller
2022-08-25 11:35:17 +00:00
env : [ ]
2019-12-05 23:50:47 +00:00
2021-10-21 11:33:45 +00:00
# -- envFrom to pass to application controller
# @default -- `[]` (See [values.yaml])
2021-05-21 16:43:24 +00:00
envFrom : [ ]
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
2023-01-04 09:49:30 +00:00
# -- Additional containers to be added to the application controller pod
2023-01-10 12:31:57 +00:00
## Note: Supports use of custom Helm templates
2023-01-04 09:49:30 +00:00
extraContainers : [ ]
# -- Init containers to add to the application controller pod
## If your target Kubernetes cluster(s) require a custom credential (exec) plugin
## you could use this (and the same in the server pod) to provide such executable
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
2023-01-10 12:31:57 +00:00
## Note: Supports use of custom Helm templates
2023-01-04 09:49:30 +00:00
initContainers : [ ]
# - name: download-tools
# image: alpine:3
# command: [sh, -c]
# args:
# - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip &&
# unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/
# volumeMounts:
# - mountPath: /custom-tools
# name: custom-tools
# -- Additional volumeMounts to the application controller main container
volumeMounts : [ ]
# - mountPath: /usr/local/bin/kubelogin
# name: custom-tools
# subPath: kubelogin
# -- Additional volumes to the application controller pod
volumes : [ ]
# - name: custom-tools
# emptyDir: {}
2024-04-02 13:36:34 +00:00
## Application controller emptyDir volumes
emptyDir :
# -- EmptyDir size limit for application controller
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit : ""
# sizeLimit: "1Gi"
2022-11-30 23:25:22 +00:00
# -- Annotations for the application controller StatefulSet
statefulsetAnnotations : {}
2024-02-25 12:47:00 +00:00
# -- Annotations for the application controller Deployment
deploymentAnnotations : {}
2021-10-21 11:33:45 +00:00
# -- Annotations to be added to application controller pods
2019-11-05 00:17:25 +00:00
podAnnotations : {}
2021-10-21 11:33:45 +00:00
# -- Labels to be added to application controller pods
2019-11-05 00:17:25 +00:00
podLabels : {}
2023-01-04 09:49:30 +00:00
# -- Resource limits and requests for the application controller pods
resources : {}
# limits:
# cpu: 500m
# memory: 512Mi
# requests:
# cpu: 250m
# memory: 256Mi
2023-01-21 12:07:14 +00:00
# Application controller container ports
containerPorts :
# -- Metrics container port
metrics : 8082
2023-02-06 04:40:13 +00:00
# -- Host Network for application controller pods
hostNetwork : false
2023-02-15 00:11:16 +00:00
# -- [DNS configuration]
dnsConfig : {}
2023-02-06 04:40:13 +00:00
# -- Alternative DNS policy for application controller pods
dnsPolicy : "ClusterFirst"
2021-10-21 11:33:45 +00:00
# -- Application controller container-level security context
2022-10-30 19:12:46 +00:00
# @default -- See [values.yaml]
2020-12-15 06:15:13 +00:00
containerSecurityContext :
2022-10-30 19:12:46 +00:00
runAsNonRoot : true
readOnlyRootFilesystem : true
allowPrivilegeEscalation : false
seccompProfile :
type : RuntimeDefault
capabilities :
drop :
- ALL
2020-01-13 05:18:35 +00:00
2023-02-26 16:34:01 +00:00
# Readiness probe for application controller
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2019-11-05 00:17:25 +00:00
readinessProbe :
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2019-11-05 00:17:25 +00:00
failureThreshold : 3
2021-10-21 11:33:45 +00:00
# -- Number of seconds after the container has started before [probe] is initiated
2019-11-05 00:17:25 +00:00
initialDelaySeconds : 10
2021-10-21 11:33:45 +00:00
# -- How often (in seconds) to perform the [probe]
2019-11-05 00:17:25 +00:00
periodSeconds : 10
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2019-11-05 00:17:25 +00:00
successThreshold : 1
2021-10-21 11:33:45 +00:00
# -- Number of seconds after which the [probe] times out
2019-11-05 00:17:25 +00:00
timeoutSeconds : 1
2023-10-27 09:43:52 +00:00
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds : 30
2023-03-02 14:28:23 +00:00
# -- Priority class for the application controller pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName : ""
2021-10-21 11:33:45 +00:00
# -- [Node selector]
2023-03-02 14:28:23 +00:00
# @default -- `{}` (defaults to global.nodeSelector)
2019-11-05 00:17:25 +00:00
nodeSelector : {}
2022-10-24 18:00:02 +00:00
2021-10-21 11:33:45 +00:00
# -- [Tolerations] for use with node taints
2023-03-02 14:28:23 +00:00
# @default -- `[]` (defaults to global.tolerations)
2019-11-07 10:06:22 +00:00
tolerations : [ ]
2022-10-24 18:00:02 +00:00
2021-10-21 11:33:45 +00:00
# -- Assign custom [affinity] rules to the deployment
2023-02-17 16:38:17 +00:00
# @default -- `{}` (defaults to global.affinity preset)
2019-11-05 00:17:25 +00:00
affinity : {}
2021-10-21 11:33:45 +00:00
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
2023-03-02 14:28:23 +00:00
# @default -- `[]` (defaults to global.topologySpreadConstraints)
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2021-10-21 11:33:45 +00:00
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
2021-09-17 13:57:26 +00:00
topologySpreadConstraints : [ ]
2023-03-02 14:28:23 +00:00
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
2019-11-05 00:17:25 +00:00
2024-04-10 20:05:47 +00:00
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken : true
2019-11-05 00:17:25 +00:00
serviceAccount :
2021-10-21 11:33:45 +00:00
# -- Create a service account for the application controller
2019-11-05 00:17:25 +00:00
create : true
2021-10-21 11:33:45 +00:00
# -- Service account name
2019-11-05 00:17:25 +00:00
name : argocd-application-controller
2021-10-21 11:33:45 +00:00
# -- Annotations applied to created service account
2020-06-24 13:48:41 +00:00
annotations : {}
2022-10-06 14:31:51 +00:00
# -- Labels applied to created service account
labels : {}
2021-10-21 11:33:45 +00:00
# -- Automount API credentials for the Service Account
2021-03-18 22:04:52 +00:00
automountServiceAccountToken : true
2019-11-05 00:17:25 +00:00
2021-10-21 11:33:45 +00:00
## Application controller metrics configuration
2019-11-05 00:17:25 +00:00
metrics :
2021-10-21 11:33:45 +00:00
# -- Deploy metrics service
2019-11-05 00:17:25 +00:00
enabled : false
2024-02-12 18:36:39 +00:00
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout : ""
2021-11-24 16:30:09 +00:00
applicationLabels :
# -- Enables additional labels in argocd_app_labels metric
enabled : false
# -- Additional labels
2022-03-12 18:59:04 +00:00
labels : [ ]
2019-11-05 00:17:25 +00:00
service :
2023-05-11 00:39:56 +00:00
# -- Metrics service type
type : ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP : ""
2021-10-21 11:33:45 +00:00
# -- Metrics service annotations
2019-11-05 00:17:25 +00:00
annotations : {}
2021-10-21 11:33:45 +00:00
# -- Metrics service labels
2019-11-05 00:17:25 +00:00
labels : {}
2021-10-21 11:33:45 +00:00
# -- Metrics service port
2019-11-05 00:17:25 +00:00
servicePort : 8082
2022-05-10 07:40:49 +00:00
# -- Metrics service port name
portName : http-metrics
2019-11-05 00:17:25 +00:00
serviceMonitor :
2021-10-21 11:33:45 +00:00
# -- Enable a prometheus ServiceMonitor
2019-11-05 00:17:25 +00:00
enabled : false
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor interval
2021-05-21 12:43:10 +00:00
interval : 30s
2024-11-10 01:42:00 +00:00
# -- When true, honorLabels preserves the metric’ ’
honorLabels : false
2021-10-21 11:33:45 +00:00
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
2021-08-25 15:04:29 +00:00
relabelings : [ ]
2021-10-21 11:33:45 +00:00
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
2021-08-25 15:04:29 +00:00
metricRelabelings : [ ]
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor selector
selector : {}
# prometheus: kube-prometheus
2022-05-10 07:40:49 +00:00
# -- Prometheus ServiceMonitor scheme
scheme : ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig : {}
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor namespace
namespace : "" # "monitoring"
# -- Prometheus ServiceMonitor labels
additionalLabels : {}
2022-10-21 08:10:53 +00:00
# -- Prometheus ServiceMonitor annotations
annotations : {}
2019-12-09 03:34:52 +00:00
rules :
2021-10-21 11:33:45 +00:00
# -- Deploy a PrometheusRule for the application controller
2019-12-09 03:34:52 +00:00
enabled : false
2023-03-08 07:46:33 +00:00
# -- PrometheusRule namespace
namespace : "" # "monitoring"
# -- PrometheusRule selector
selector : {}
# prometheus: kube-prometheus
# -- PrometheusRule labels
additionalLabels : {}
# -- PrometheusRule annotations
annotations : {}
2021-10-21 11:33:45 +00:00
# -- PrometheusRule.Spec for the application controller
2019-12-09 03:34:52 +00:00
spec : [ ]
# - alert: ArgoAppMissing
# expr: |
2022-10-06 22:23:33 +00:00
# absent(argocd_app_info) == 1
2019-12-09 03:34:52 +00:00
# for: 15m
# labels:
# severity: critical
# annotations:
2022-03-16 21:01:30 +00:00
# summary: "[Argo CD] No reported applications"
2019-12-09 03:34:52 +00:00
# description: >
2022-03-16 21:01:30 +00:00
# Argo CD has not reported any applications data for the past 15 minutes which
2019-12-09 03:34:52 +00:00
# means that it must be down or not functioning properly. This needs to be
# resolved for this cloud to continue to maintain state.
# - alert: ArgoAppNotSynced
# expr: |
2021-01-26 23:40:18 +00:00
# argocd_app_info{sync_status!="Synced"} == 1
2019-12-09 03:34:52 +00:00
# for: 12h
# labels:
# severity: warning
# annotations:
# summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
# description: >
# The application [{{`{{$labels.name}}`}} has not been synchronized for over
# 12 hours which means that the state of this cloud has drifted away from the
# state inside Git.
2019-11-05 00:17:25 +00:00
2021-05-13 05:36:13 +00:00
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
clusterRoleRules :
2021-10-21 11:33:45 +00:00
# -- Enable custom rules for the application controller's ClusterRole resource
2021-05-13 05:36:13 +00:00
enabled : false
2021-10-21 11:33:45 +00:00
# -- List of custom rules for the application controller's ClusterRole resource
2021-05-13 05:36:13 +00:00
rules : [ ]
2019-11-05 00:17:25 +00:00
## Dex
dex :
2021-10-21 11:33:45 +00:00
# -- Enable dex
2019-11-05 00:17:25 +00:00
enabled : true
2021-10-21 11:33:45 +00:00
# -- Dex name
2019-11-05 00:17:25 +00:00
name : dex-server
2022-02-23 11:02:22 +00:00
# -- Additional command line arguments to pass to the Dex server
extraArgs : [ ]
2024-09-20 07:59:01 +00:00
# -- Runtime class name for Dex
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName : ""
2020-09-22 01:50:19 +00:00
metrics :
2021-10-21 11:33:45 +00:00
# -- Deploy metrics service
2020-09-22 01:50:19 +00:00
enabled : false
service :
2021-10-21 11:33:45 +00:00
# -- Metrics service annotations
2020-09-22 01:50:19 +00:00
annotations : {}
2021-10-21 11:33:45 +00:00
# -- Metrics service labels
2020-09-22 01:50:19 +00:00
labels : {}
2022-05-10 07:40:49 +00:00
# -- Metrics service port name
portName : http-metrics
2020-09-22 01:50:19 +00:00
serviceMonitor :
2021-10-21 11:33:45 +00:00
# -- Enable a prometheus ServiceMonitor
2020-09-22 01:50:19 +00:00
enabled : false
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor interval
2021-05-21 12:43:10 +00:00
interval : 30s
2024-11-10 01:42:00 +00:00
# -- When true, honorLabels preserves the metric’ ’
honorLabels : false
2021-10-21 11:33:45 +00:00
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
2021-08-25 15:04:29 +00:00
relabelings : [ ]
2021-10-21 11:33:45 +00:00
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
2021-08-25 15:04:29 +00:00
metricRelabelings : [ ]
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor selector
selector : {}
# prometheus: kube-prometheus
2022-05-10 07:40:49 +00:00
# -- Prometheus ServiceMonitor scheme
scheme : ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig : {}
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor namespace
namespace : "" # "monitoring"
# -- Prometheus ServiceMonitor labels
additionalLabels : {}
2022-10-21 08:10:53 +00:00
# -- Prometheus ServiceMonitor annotations
annotations : {}
2020-09-22 01:50:19 +00:00
2022-10-12 12:55:33 +00:00
## Dex Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb :
# -- Deploy a [PodDisruptionBudget] for the Dex server
enabled : false
# -- Labels to be added to Dex server pdb
labels : {}
# -- Annotations to be added to Dex server pdb
annotations : {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable : ""
# -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `dex.pdb.minAvailable`
maxUnavailable : ""
## Dex image
2019-02-13 22:22:11 +00:00
image :
2021-10-21 11:33:45 +00:00
# -- Dex image repository
2021-05-29 14:37:17 +00:00
repository : ghcr.io/dexidp/dex
2021-10-21 11:33:45 +00:00
# -- Dex image tag
2024-11-04 23:59:47 +00:00
tag : v2.41.1
2021-10-21 11:33:45 +00:00
# -- Dex imagePullPolicy
2022-05-05 21:59:18 +00:00
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy : ""
2022-10-10 20:46:11 +00:00
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets : [ ]
2022-10-30 19:12:46 +00:00
# Argo CD init image that creates Dex config
2019-11-21 04:40:15 +00:00
initImage :
2021-10-21 11:33:45 +00:00
# -- Argo CD init image repository
# @default -- `""` (defaults to global.image.repository)
repository : ""
# -- Argo CD init image tag
# @default -- `""` (defaults to global.image.tag)
tag : ""
# -- Argo CD init image imagePullPolicy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy : ""
2023-07-13 14:05:13 +00:00
# -- Argo CD init image resources
# @default -- `{}` (defaults to dex.resources)
resources : {}
# requests:
# cpu: 5m
# memory: 96Mi
# limits:
# cpu: 10m
# memory: 144Mi
2021-10-21 11:33:45 +00:00
# -- Environment variables to pass to the Dex server
2019-12-05 23:50:47 +00:00
env : [ ]
2021-10-21 11:33:45 +00:00
# -- envFrom to pass to the Dex server
# @default -- `[]` (See [values.yaml])
2021-05-21 16:43:24 +00:00
envFrom : [ ]
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
2023-01-04 09:49:30 +00:00
# -- Additional containers to be added to the dex pod
2023-01-10 12:31:57 +00:00
## Note: Supports use of custom Helm templates
2023-01-04 09:49:30 +00:00
extraContainers : [ ]
# -- Init containers to add to the dex pod
2023-01-10 12:31:57 +00:00
## Note: Supports use of custom Helm templates
2023-01-04 09:49:30 +00:00
initContainers : [ ]
# -- Additional volumeMounts to the dex main container
volumeMounts : [ ]
# -- Additional volumes to the dex pod
volumes : [ ]
2024-04-02 13:36:34 +00:00
## Dex server emptyDir volumes
emptyDir :
# -- EmptyDir size limit for Dex server
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit : ""
# sizeLimit: "1Gi"
2022-10-30 20:44:13 +00:00
# TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server
## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers.
certificateSecret :
# -- Create argocd-dex-server-tls secret
enabled : false
# -- Labels to be added to argocd-dex-server-tls secret
labels : {}
# -- Annotations to be added to argocd-dex-server-tls secret
annotations : {}
# -- Certificate authority. Required for self-signed certificates.
ca : ''
# -- Certificate private key
key : ''
# -- Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc)
crt : ''
2022-11-30 23:25:22 +00:00
# -- Annotations to be added to the Dex server Deployment
deploymentAnnotations : {}
2021-10-21 11:33:45 +00:00
# -- Annotations to be added to the Dex server pods
2020-03-09 10:39:21 +00:00
podAnnotations : {}
2021-10-21 11:33:45 +00:00
# -- Labels to be added to the Dex server pods
2020-03-09 10:39:21 +00:00
podLabels : {}
2023-01-04 09:49:30 +00:00
# -- Resource limits and requests for dex
resources : {}
# limits:
# cpu: 50m
# memory: 64Mi
# requests:
# cpu: 10m
# memory: 32Mi
2023-01-21 12:07:14 +00:00
# Dex container ports
# NOTE: These ports are currently hardcoded and cannot be changed
containerPorts :
# -- HTTP container port
http : 5556
# -- gRPC container port
grpc : 5557
# -- Metrics container port
metrics : 5558
2023-02-15 00:11:16 +00:00
# -- [DNS configuration]
dnsConfig : {}
# -- Alternative DNS policy for Dex server pods
dnsPolicy : "ClusterFirst"
2022-10-30 19:12:46 +00:00
# -- Dex container-level security context
# @default -- See [values.yaml]
containerSecurityContext :
runAsNonRoot : true
readOnlyRootFilesystem : true
allowPrivilegeEscalation : false
seccompProfile :
type : RuntimeDefault
capabilities :
drop :
- ALL
2021-08-24 12:37:34 +00:00
## Probes for Dex server
## Supported from Dex >= 2.28.0
livenessProbe :
2021-10-21 11:33:45 +00:00
# -- Enable Kubernetes liveness probe for Dex >= 2.28.0
2021-08-24 12:37:34 +00:00
enabled : false
2024-02-23 14:17:55 +00:00
# -- Http path to use for the liveness probe
httpPath : /healthz/live
# -- Http port to use for the liveness probe
httpPort : metrics
2024-02-28 06:28:35 +00:00
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
httpScheme : HTTP
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2021-08-24 12:37:34 +00:00
failureThreshold : 3
2021-10-21 11:33:45 +00:00
# -- Number of seconds after the container has started before [probe] is initiated
2021-08-24 12:37:34 +00:00
initialDelaySeconds : 10
2021-10-21 11:33:45 +00:00
# -- How often (in seconds) to perform the [probe]
2021-08-24 12:37:34 +00:00
periodSeconds : 10
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2021-08-24 12:37:34 +00:00
successThreshold : 1
2021-10-21 11:33:45 +00:00
# -- Number of seconds after which the [probe] times out
2021-08-24 12:37:34 +00:00
timeoutSeconds : 1
2023-01-21 12:07:14 +00:00
2021-08-24 12:37:34 +00:00
readinessProbe :
2021-10-21 11:33:45 +00:00
# -- Enable Kubernetes readiness probe for Dex >= 2.28.0
2021-08-24 12:37:34 +00:00
enabled : false
2024-02-23 14:17:55 +00:00
# -- Http path to use for the readiness probe
httpPath : /healthz/ready
# -- Http port to use for the readiness probe
httpPort : metrics
2024-02-28 06:28:35 +00:00
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
httpScheme : HTTP
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2021-08-24 12:37:34 +00:00
failureThreshold : 3
2021-10-21 11:33:45 +00:00
# -- Number of seconds after the container has started before [probe] is initiated
2021-08-24 12:37:34 +00:00
initialDelaySeconds : 10
2021-10-21 11:33:45 +00:00
# -- How often (in seconds) to perform the [probe]
2021-08-24 12:37:34 +00:00
periodSeconds : 10
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2021-08-24 12:37:34 +00:00
successThreshold : 1
2021-10-21 11:33:45 +00:00
# -- Number of seconds after which the [probe] times out
2021-08-24 12:37:34 +00:00
timeoutSeconds : 1
2023-10-27 09:43:52 +00:00
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds : 30
2024-04-10 20:05:47 +00:00
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken : true
2019-11-05 00:17:25 +00:00
serviceAccount :
2021-10-21 11:33:45 +00:00
# -- Create dex service account
2019-11-05 00:17:25 +00:00
create : true
2021-10-21 11:33:45 +00:00
# -- Dex service account name
2019-11-05 00:17:25 +00:00
name : argocd-dex-server
2021-10-21 11:33:45 +00:00
# -- Annotations applied to created service account
2021-02-16 23:21:58 +00:00
annotations : {}
2021-10-21 11:33:45 +00:00
# -- Automount API credentials for the Service Account
2021-03-18 22:04:52 +00:00
automountServiceAccountToken : true
2019-11-05 00:17:25 +00:00
2021-10-21 11:33:45 +00:00
# -- Service port for HTTP access
2019-02-13 22:22:11 +00:00
servicePortHttp : 5556
2021-10-21 11:33:45 +00:00
# -- Service port name for HTTP access
2021-08-23 17:23:07 +00:00
servicePortHttpName : http
2021-10-21 11:33:45 +00:00
# -- Service port for gRPC access
2019-02-13 22:22:11 +00:00
servicePortGrpc : 5557
2021-10-21 11:33:45 +00:00
# -- Service port name for gRPC access
2021-08-23 17:23:07 +00:00
servicePortGrpcName : grpc
2021-10-21 11:33:45 +00:00
# -- Service port for metrics access
2020-09-22 01:50:19 +00:00
servicePortMetrics : 5558
2019-02-13 22:22:11 +00:00
2023-03-02 14:28:23 +00:00
# -- Priority class for the dex pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName : ""
2021-10-21 11:33:45 +00:00
# -- [Node selector]
2023-03-02 14:28:23 +00:00
# @default -- `{}` (defaults to global.nodeSelector)
2019-11-05 00:17:25 +00:00
nodeSelector : {}
2023-03-02 14:28:23 +00:00
2021-10-21 11:33:45 +00:00
# -- [Tolerations] for use with node taints
2023-03-02 14:28:23 +00:00
# @default -- `[]` (defaults to global.tolerations)
2019-11-07 10:06:22 +00:00
tolerations : [ ]
2023-03-02 14:28:23 +00:00
2021-10-21 11:33:45 +00:00
# -- Assign custom [affinity] rules to the deployment
2023-02-17 16:38:17 +00:00
# @default -- `{}` (defaults to global.affinity preset)
2019-11-05 00:17:25 +00:00
affinity : {}
2019-09-19 23:02:21 +00:00
2021-10-21 11:33:45 +00:00
# -- Assign custom [TopologySpreadConstraints] rules to dex
2023-03-02 14:28:23 +00:00
# @default -- `[]` (defaults to global.topologySpreadConstraints)
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2021-10-21 11:33:45 +00:00
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
2021-09-17 13:57:26 +00:00
topologySpreadConstraints : [ ]
2023-03-02 14:28:23 +00:00
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
2019-09-19 23:02:21 +00:00
2023-04-03 09:58:50 +00:00
# -- Deployment strategy to be added to the Dex server Deployment
deploymentStrategy : {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
2023-04-11 13:33:49 +00:00
# -- Dex log format. Either `text` or `json`
# @default -- `""` (defaults to global.logging.format)
logFormat : ""
# -- Dex log level. One of: `debug`, `info`, `warn`, `error`
# @default -- `""` (defaults to global.logging.level)
logLevel : ""
2019-11-05 00:17:25 +00:00
## Redis
2019-04-09 17:49:15 +00:00
redis :
2021-10-21 11:33:45 +00:00
# -- Enable redis
2019-11-14 03:01:01 +00:00
enabled : true
2021-10-21 11:33:45 +00:00
# -- Redis name
2019-11-05 00:17:25 +00:00
name : redis
2024-09-20 07:59:01 +00:00
# -- Runtime class name for redis
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName : ""
2022-10-12 12:55:33 +00:00
## Redis Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb :
# -- Deploy a [PodDisruptionBudget] for the Redis
enabled : false
# -- Labels to be added to Redis pdb
labels : {}
# -- Annotations to be added to Redis pdb
annotations : {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable : ""
# -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `redis.pdb.minAvailable`
maxUnavailable : ""
## Redis image
2019-04-09 17:49:15 +00:00
image :
2021-10-21 11:33:45 +00:00
# -- Redis repository
2022-07-29 14:40:11 +00:00
repository : public.ecr.aws/docker/library/redis
2021-10-21 11:33:45 +00:00
# -- Redis tag
2024-11-12 16:28:33 +00:00
tag : 7.4 .1 -alpine
2023-01-26 12:06:19 +00:00
# -- Redis image pull policy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy : ""
2019-11-05 00:17:25 +00:00
2023-01-26 12:06:19 +00:00
## Prometheus redis-exporter sidecar
2023-01-22 17:20:30 +00:00
exporter :
# -- Enable Prometheus redis-exporter sidecar
2023-01-26 12:06:19 +00:00
enabled : false
2023-03-09 12:05:01 +00:00
# -- Environment variables to pass to the Redis exporter
env : [ ]
2023-01-26 12:06:19 +00:00
## Prometheus redis-exporter image
2023-01-22 17:20:30 +00:00
image :
2023-01-26 12:06:19 +00:00
# -- Repository to use for the redis-exporter
2023-01-22 17:20:30 +00:00
repository : public.ecr.aws/bitnami/redis-exporter
2023-01-26 12:06:19 +00:00
# -- Tag to use for the redis-exporter
2024-02-18 22:06:23 +00:00
tag : 1.58 .0
2023-01-26 12:06:19 +00:00
# -- Image pull policy for the redis-exporter
2023-01-22 17:20:30 +00:00
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy : ""
# -- Redis exporter security context
# @default -- See [values.yaml]
containerSecurityContext :
runAsNonRoot : true
readOnlyRootFilesystem : true
allowPrivilegeEscalation : false
seccompProfile :
type : RuntimeDefault
capabilities :
drop :
- ALL
2024-02-06 13:11:23 +00:00
## Probes for Redis exporter (optional)
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2024-02-06 13:11:23 +00:00
readinessProbe :
# -- Enable Kubernetes liveness probe for Redis exporter (optional)
enabled : false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds : 30
# -- How often (in seconds) to perform the [probe]
periodSeconds : 15
# -- Number of seconds after which the [probe] times out
timeoutSeconds : 15
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold : 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold : 5
livenessProbe :
# -- Enable Kubernetes liveness probe for Redis exporter
enabled : false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds : 30
# -- How often (in seconds) to perform the [probe]
periodSeconds : 15
# -- Number of seconds after which the [probe] times out
timeoutSeconds : 15
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold : 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold : 5
2023-01-22 17:20:30 +00:00
# -- Resource limits and requests for redis-exporter sidecar
resources : {}
# limits:
# cpu: 50m
# memory: 64Mi
# requests:
# cpu: 10m
# memory: 32Mi
2022-10-10 20:46:11 +00:00
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets : [ ]
2021-10-21 11:33:45 +00:00
# -- Additional command line arguments to pass to redis-server
2021-04-24 10:50:25 +00:00
extraArgs : [ ]
# - --bind
# - "0.0.0.0"
2021-10-21 11:33:45 +00:00
# -- Environment variables to pass to the Redis server
2019-12-05 23:50:47 +00:00
env : [ ]
2021-10-21 11:33:45 +00:00
# -- envFrom to pass to the Redis server
# @default -- `[]` (See [values.yaml])
2021-05-21 16:43:24 +00:00
envFrom : [ ]
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
2024-02-06 13:11:23 +00:00
## Probes for Redis server (optional)
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2024-02-06 13:11:23 +00:00
readinessProbe :
# -- Enable Kubernetes liveness probe for Redis server
enabled : false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds : 30
# -- How often (in seconds) to perform the [probe]
periodSeconds : 15
# -- Number of seconds after which the [probe] times out
timeoutSeconds : 15
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold : 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold : 5
livenessProbe :
# -- Enable Kubernetes liveness probe for Redis server
enabled : false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds : 30
# -- How often (in seconds) to perform the [probe]
periodSeconds : 15
# -- Number of seconds after which the [probe] times out
timeoutSeconds : 15
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold : 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold : 5
2023-01-04 09:49:30 +00:00
# -- Additional containers to be added to the redis pod
2023-01-10 12:31:57 +00:00
## Note: Supports use of custom Helm templates
2023-01-04 09:49:30 +00:00
extraContainers : [ ]
# -- Init containers to add to the redis pod
2023-01-10 12:31:57 +00:00
## Note: Supports use of custom Helm templates
2023-01-04 09:49:30 +00:00
initContainers : [ ]
# -- Additional volumeMounts to the redis container
volumeMounts : [ ]
# -- Additional volumes to the redis pod
volumes : [ ]
2022-11-30 23:25:22 +00:00
# -- Annotations to be added to the Redis server Deployment
deploymentAnnotations : {}
2021-10-21 11:33:45 +00:00
# -- Annotations to be added to the Redis server pods
2020-03-09 10:39:21 +00:00
podAnnotations : {}
2021-10-21 11:33:45 +00:00
# -- Labels to be added to the Redis server pods
2020-03-09 10:39:21 +00:00
podLabels : {}
2023-01-04 09:49:30 +00:00
# -- Resource limits and requests for redis
resources : {}
# limits:
# cpu: 200m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 64Mi
2022-10-30 19:12:46 +00:00
# -- Redis pod-level security context
# @default -- See [values.yaml]
securityContext :
runAsNonRoot : true
runAsUser : 999
seccompProfile :
type : RuntimeDefault
2023-01-21 12:07:14 +00:00
# Redis container ports
containerPorts :
# -- Redis container port
redis : 6379
# -- Metrics container port
metrics : 9121
2023-02-15 00:11:16 +00:00
# -- [DNS configuration]
dnsConfig : {}
# -- Alternative DNS policy for Redis server pods
dnsPolicy : "ClusterFirst"
2022-10-30 19:12:46 +00:00
# -- Redis container-level security context
# @default -- See [values.yaml]
containerSecurityContext :
2023-10-12 09:50:51 +00:00
readOnlyRootFilesystem : true
2022-10-30 19:12:46 +00:00
allowPrivilegeEscalation : false
capabilities :
drop :
- ALL
2023-01-04 09:49:30 +00:00
# -- Redis service port
servicePort : 6379
2023-03-02 14:28:23 +00:00
# -- Priority class for redis pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName : ""
2021-10-21 11:33:45 +00:00
# -- [Node selector]
2023-03-02 14:28:23 +00:00
# @default -- `{}` (defaults to global.nodeSelector)
2019-11-05 00:17:25 +00:00
nodeSelector : {}
2023-01-04 09:49:30 +00:00
2021-10-21 11:33:45 +00:00
# -- [Tolerations] for use with node taints
2023-03-02 14:28:23 +00:00
# @default -- `[]` (defaults to global.tolerations)
2019-11-07 10:06:22 +00:00
tolerations : [ ]
2023-01-04 09:49:30 +00:00
2021-10-21 11:33:45 +00:00
# -- Assign custom [affinity] rules to the deployment
2023-02-17 16:38:17 +00:00
# @default -- `{}` (defaults to global.affinity preset)
2019-11-05 00:17:25 +00:00
affinity : {}
2021-10-21 11:33:45 +00:00
# -- Assign custom [TopologySpreadConstraints] rules to redis
2023-03-02 14:28:23 +00:00
# @default -- `[]` (defaults to global.topologySpreadConstraints)
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2021-10-21 11:33:45 +00:00
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
2021-09-17 13:57:26 +00:00
topologySpreadConstraints : [ ]
2023-03-02 14:28:23 +00:00
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
2019-11-05 00:17:25 +00:00
2023-10-27 09:43:52 +00:00
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds : 30
2024-04-10 20:05:47 +00:00
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken : true
2021-07-12 11:06:50 +00:00
serviceAccount :
2021-10-21 11:33:45 +00:00
# -- Create a service account for the redis pod
2021-07-12 11:06:50 +00:00
create : false
2021-10-21 11:33:45 +00:00
# -- Service account name for redis pod
2021-07-12 11:06:50 +00:00
name : ""
2021-10-21 11:33:45 +00:00
# -- Annotations applied to created service account
2021-07-12 11:06:50 +00:00
annotations : {}
2021-10-21 11:33:45 +00:00
# -- Automount API credentials for the Service Account
2021-07-12 11:06:50 +00:00
automountServiceAccountToken : false
2021-10-04 22:19:30 +00:00
service :
2021-10-21 11:33:45 +00:00
# -- Redis service annotations
2021-10-04 22:19:30 +00:00
annotations : {}
2021-10-21 11:33:45 +00:00
# -- Additional redis service labels
2021-10-04 22:19:30 +00:00
labels : {}
2021-09-17 17:47:11 +00:00
metrics :
2023-01-22 17:20:30 +00:00
# -- Deploy metrics service
2021-09-17 17:47:11 +00:00
enabled : false
2022-10-30 19:12:46 +00:00
2023-01-22 17:20:30 +00:00
# Redis metrics service configuration
2021-09-17 17:47:11 +00:00
service :
2021-10-21 11:33:45 +00:00
# -- Metrics service type
2021-09-17 17:47:11 +00:00
type : ClusterIP
2021-10-21 11:33:45 +00:00
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
2021-09-17 17:47:11 +00:00
clusterIP : None
2021-10-21 11:33:45 +00:00
# -- Metrics service annotations
2021-09-17 17:47:11 +00:00
annotations : {}
2021-10-21 11:33:45 +00:00
# -- Metrics service labels
2021-09-17 17:47:11 +00:00
labels : {}
2021-10-21 11:33:45 +00:00
# -- Metrics service port
2021-09-17 17:47:11 +00:00
servicePort : 9121
2021-10-21 11:33:45 +00:00
# -- Metrics service port name
2021-09-17 17:47:11 +00:00
portName : http-metrics
2023-01-22 17:20:30 +00:00
2021-09-17 17:47:11 +00:00
serviceMonitor :
2021-10-21 11:33:45 +00:00
# -- Enable a prometheus ServiceMonitor
2021-09-17 17:47:11 +00:00
enabled : false
2021-10-21 11:33:45 +00:00
# -- Interval at which metrics should be scraped
2021-09-17 17:47:11 +00:00
interval : 30s
2024-11-10 01:42:00 +00:00
# -- When true, honorLabels preserves the metric’ ’
honorLabels : false
2021-10-21 11:33:45 +00:00
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
2021-09-17 17:47:11 +00:00
relabelings : [ ]
2021-10-21 11:33:45 +00:00
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
2021-09-17 17:47:11 +00:00
metricRelabelings : [ ]
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor selector
2021-09-17 17:47:11 +00:00
selector : {}
# prometheus: kube-prometheus
2021-10-21 11:33:45 +00:00
2022-05-10 07:40:49 +00:00
# -- Prometheus ServiceMonitor scheme
scheme : ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig : {}
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor namespace
namespace : "" # "monitoring"
# -- Prometheus ServiceMonitor labels
2021-09-17 17:47:11 +00:00
additionalLabels : {}
2022-10-21 08:10:53 +00:00
# -- Prometheus ServiceMonitor annotations
annotations : {}
2021-09-17 17:47:11 +00:00
2023-09-08 14:58:05 +00:00
## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true`
# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml
2020-04-09 16:31:13 +00:00
redis-ha :
2021-10-21 11:33:45 +00:00
# -- Enables the Redis HA subchart and disables the custom Redis single node deployment
2020-04-09 16:31:13 +00:00
enabled : false
2023-09-08 14:58:05 +00:00
## Redis image
image :
# -- Redis repository
2024-01-22 23:54:49 +00:00
repository : public.ecr.aws/docker/library/redis
2023-09-08 14:58:05 +00:00
# -- Redis tag
2024-11-12 16:28:33 +00:00
tag : 7.4 .1 -alpine
2023-01-26 12:06:19 +00:00
## Prometheus redis-exporter sidecar
2020-04-09 16:31:13 +00:00
exporter :
2023-01-26 12:06:19 +00:00
# -- Enable Prometheus redis-exporter sidecar
enabled : false
# -- Repository to use for the redis-exporter
image : public.ecr.aws/bitnami/redis-exporter
# -- Tag to use for the redis-exporter
2024-02-18 22:06:23 +00:00
tag : 1.58 .0
2020-04-09 16:31:13 +00:00
persistentVolume :
2023-02-26 16:34:01 +00:00
# -- Configures persistence on Redis nodes
2020-04-09 16:31:13 +00:00
enabled : false
2023-09-08 14:58:05 +00:00
## Redis specific configuration options
2020-04-09 16:31:13 +00:00
redis :
2021-10-21 11:33:45 +00:00
# -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated
2020-04-09 16:31:13 +00:00
masterGroupName : argocd
2021-10-21 11:33:45 +00:00
# -- Any valid redis config options in this section will be applied to each server (see `redis-ha` chart)
# @default -- See [values.yaml]
2020-04-09 16:31:13 +00:00
config :
2021-10-21 11:33:45 +00:00
# -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled
2022-05-25 11:06:37 +00:00
# @default -- `'""'`
2020-12-15 06:15:13 +00:00
save : '""'
2023-09-08 14:58:05 +00:00
## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
2020-04-09 16:31:13 +00:00
haproxy :
2021-10-21 11:33:45 +00:00
# -- Enabled HAProxy LoadBalancing/Proxy
2020-04-09 16:31:13 +00:00
enabled : true
2024-04-04 18:47:21 +00:00
# -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI.
labels :
app.kubernetes.io/name : argocd-redis-ha-haproxy
2020-04-09 16:31:13 +00:00
metrics :
2021-10-21 11:33:45 +00:00
# -- HAProxy enable prometheus metric scraping
2020-04-09 16:31:13 +00:00
enabled : true
2023-09-08 14:58:05 +00:00
# -- Whether the haproxy pods should be forced to run on separate nodes.
hardAntiAffinity : true
# -- Additional affinities to add to the haproxy pods.
additionalAffinities : {}
# -- Assign custom [affinity] rules to the haproxy pods.
2023-09-15 10:47:59 +00:00
affinity : |
2023-10-12 09:50:51 +00:00
2023-09-08 14:58:05 +00:00
# -- [Tolerations] for use with node taints for haproxy pods.
tolerations : [ ]
2023-10-12 09:50:51 +00:00
# -- HAProxy container-level security context
# @default -- See [values.yaml]
containerSecurityContext :
readOnlyRootFilesystem : true
2023-09-08 14:58:05 +00:00
2024-05-21 16:36:32 +00:00
# -- Configures redis-ha with AUTH
auth : true
# -- Existing Secret to use for redis-ha authentication.
# By default the redis-secret-init Job is generating this Secret.
existingSecret : argocd-redis
2023-09-08 14:58:05 +00:00
# -- Whether the Redis server pods should be forced to run on separate nodes.
hardAntiAffinity : true
# -- Additional affinities to add to the Redis server pods.
additionalAffinities : {}
# -- Assign custom [affinity] rules to the Redis pods.
2023-09-15 10:47:59 +00:00
affinity : |
2023-09-08 14:58:05 +00:00
# -- [Tolerations] for use with node taints for Redis pods.
tolerations : [ ]
2020-04-09 16:31:13 +00:00
2023-09-08 14:58:05 +00:00
# -- Assign custom [TopologySpreadConstraints] rules to the Redis pods.
2025-01-02 06:18:00 +00:00
## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2022-05-25 11:06:37 +00:00
topologySpreadConstraints :
# -- Enable Redis HA topology spread constraints
enabled : false
# -- Max skew of pods tolerated
# @default -- `""` (defaults to `1`)
maxSkew : ""
# -- Topology key for spread
# @default -- `""` (defaults to `topology.kubernetes.io/zone`)
topologyKey : ""
# -- Enforcement policy, hard or soft
# @default -- `""` (defaults to `ScheduleAnyway`)
whenUnsatisfiable : ""
2023-10-12 09:50:51 +00:00
# -- Redis HA statefulset container-level security context
# @default -- See [values.yaml]
containerSecurityContext :
readOnlyRootFilesystem : true
2022-05-25 11:06:37 +00:00
2022-03-31 12:18:54 +00:00
# External Redis parameters
externalRedis :
# -- External Redis server host
host : ""
2022-09-21 18:21:12 +00:00
# -- External Redis username
username : ""
2022-03-31 12:18:54 +00:00
# -- External Redis password
password : ""
# -- External Redis server port
port : 6379
2024-06-26 11:28:42 +00:00
# -- The name of an existing secret with Redis (must contain key `redis-password`) and Sentinel credentials.
2022-03-31 12:18:54 +00:00
# When it's set, the `externalRedis.password` parameter is ignored
existingSecret : ""
2022-06-08 06:03:58 +00:00
# -- External Redis Secret annotations
secretAnnotations : {}
2022-03-31 12:18:54 +00:00
2024-05-21 16:36:32 +00:00
redisSecretInit :
2024-05-23 12:36:49 +00:00
# -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods
enabled : true
2024-05-21 16:36:32 +00:00
# -- Redis secret-init name
name : redis-secret-init
image :
# -- Repository to use for the Redis secret-init Job
# @default -- `""` (defaults to global.image.repository)
repository : "" # defaults to global.image.repository
# -- Tag to use for the Redis secret-init Job
# @default -- `""` (defaults to global.image.tag)
tag : "" # defaults to global.image.tag
# -- Image pull policy for the Redis secret-init Job
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy : "" # IfNotPresent
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets : [ ]
# -- Annotations to be added to the Redis secret-init Job
jobAnnotations : {}
# -- Annotations to be added to the Redis secret-init Job
podAnnotations : {}
# -- Labels to be added to the Redis secret-init Job
podLabels : {}
# -- Resource limits and requests for Redis secret-init Job
resources : {}
# limits:
# cpu: 200m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 64Mi
# -- Application controller container-level security context
# @default -- See [values.yaml]
containerSecurityContext :
allowPrivilegeEscalation : false
capabilities :
drop :
- ALL
readOnlyRootFilesystem : true
runAsNonRoot : true
seccompProfile :
type : RuntimeDefault
# -- Redis secret-init Job pod-level security context
securityContext : {}
serviceAccount :
# -- Create a service account for the redis pod
create : true
# -- Service account name for redis pod
name : ""
# -- Annotations applied to created service account
annotations : {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken : true
2024-05-22 11:20:34 +00:00
# -- Priority class for Redis secret-init Job
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName : ""
2024-10-03 13:53:05 +00:00
# -- Assign custom [affinity] rules to the Redis secret-init Job
affinity : {}
2024-05-22 07:17:05 +00:00
# -- Node selector to be added to the Redis secret-init Job
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector : {}
# -- Tolerations to be added to the Redis secret-init Job
# @default -- `[]` (defaults to global.tolerations)
tolerations : [ ]
2024-05-21 16:36:32 +00:00
2019-11-05 00:17:25 +00:00
## Server
server :
2021-10-21 11:33:45 +00:00
# -- Argo CD server name
2019-11-05 00:17:25 +00:00
name : server
2021-10-21 11:33:45 +00:00
# -- The number of server pods to run
2020-02-05 20:32:17 +00:00
replicas : 1
2024-09-20 07:59:01 +00:00
# -- Runtime class name for the Argo CD server
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName : ""
2022-10-12 12:55:33 +00:00
## Argo CD server Horizontal Pod Autoscaler
2020-02-17 00:14:39 +00:00
autoscaling :
2021-10-21 11:33:45 +00:00
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server
2020-02-17 00:14:39 +00:00
enabled : false
2021-10-21 11:33:45 +00:00
# -- Minimum number of replicas for the Argo CD server [HPA]
2020-02-17 00:14:39 +00:00
minReplicas : 1
2021-10-21 11:33:45 +00:00
# -- Maximum number of replicas for the Argo CD server [HPA]
2020-02-17 00:14:39 +00:00
maxReplicas : 5
2021-10-21 11:33:45 +00:00
# -- Average CPU utilization percentage for the Argo CD server [HPA]
2020-02-17 00:14:39 +00:00
targetCPUUtilizationPercentage : 50
2021-10-21 11:33:45 +00:00
# -- Average memory utilization percentage for the Argo CD server [HPA]
2020-02-17 00:14:39 +00:00
targetMemoryUtilizationPercentage : 50
2022-08-25 06:40:50 +00:00
# -- Configures the scaling behavior of the target in both Up and Down directions.
behavior : {}
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 1
# periodSeconds: 180
# scaleUp:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 2
# periodSeconds: 60
2023-07-17 12:20:47 +00:00
# -- Configures custom HPA metrics for the Argo CD server
# Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
metrics : [ ]
2022-10-12 12:55:33 +00:00
## Argo CD server Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb :
# -- Deploy a [PodDisruptionBudget] for the Argo CD server
enabled : false
# -- Labels to be added to Argo CD server pdb
labels : {}
# -- Annotations to be added to Argo CD server pdb
annotations : {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable : ""
2023-02-26 16:34:01 +00:00
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
2022-10-12 12:55:33 +00:00
## Has higher precedence over `server.pdb.minAvailable`
maxUnavailable : ""
## Argo CD server image
2019-11-21 04:40:15 +00:00
image :
2021-10-21 11:33:45 +00:00
# -- Repository to use for the Argo CD server
# @default -- `""` (defaults to global.image.repository)
repository : "" # defaults to global.image.repository
# -- Tag to use for the Argo CD server
# @default -- `""` (defaults to global.image.tag)
tag : "" # defaults to global.image.tag
# -- Image pull policy for the Argo CD server
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy : "" # IfNotPresent
2022-10-10 20:46:11 +00:00
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets : [ ]
2021-10-21 11:33:45 +00:00
# -- Additional command line arguments to pass to Argo CD server
2020-03-25 16:54:54 +00:00
extraArgs : [ ]
2021-08-26 14:21:58 +00:00
2021-10-21 11:33:45 +00:00
# -- Environment variables to pass to Argo CD server
2019-12-05 23:50:47 +00:00
env : [ ]
2021-10-21 11:33:45 +00:00
# -- envFrom to pass to Argo CD server
# @default -- `[]` (See [values.yaml])
2021-05-21 16:43:24 +00:00
envFrom : [ ]
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
2021-10-21 11:33:45 +00:00
# -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container
2021-02-03 13:51:58 +00:00
lifecycle : {}
2023-12-30 17:02:10 +00:00
## Argo CD extensions
2023-02-26 16:34:01 +00:00
## This function in tech preview stage, do expect instability or breaking changes in newer versions.
2023-12-30 17:02:10 +00:00
## Ref: https://github.com/argoproj-labs/argocd-extension-installer
2024-01-20 12:07:38 +00:00
## When you enable extensions, you need to configure RBAC of logged in Argo CD user.
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource
2023-01-04 09:49:30 +00:00
extensions :
2023-12-30 17:02:10 +00:00
# -- Enable support for Argo CD extensions
2023-01-04 09:49:30 +00:00
enabled : false
2023-12-30 17:02:10 +00:00
## Argo CD extension installer image
2023-01-04 09:49:30 +00:00
image :
2023-12-30 17:02:10 +00:00
# -- Repository to use for extension installer image
repository : "quay.io/argoprojlabs/argocd-extension-installer"
# -- Tag to use for extension installer image
2024-12-09 09:17:14 +00:00
tag : "v0.0.8"
2023-01-04 09:49:30 +00:00
# -- Image pull policy for extensions
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy : ""
2023-12-30 17:02:10 +00:00
# -- Extensions for Argo CD
# @default -- `[]` (See [values.yaml])
## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension
extensionList : [ ]
# - name: extension-metrics
# env:
# - name: EXTENSION_URL
# value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
# - name: EXTENSION_CHECKSUM_URL
# value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt
2023-01-04 09:49:30 +00:00
# -- Server UI extensions container-level security context
# @default -- See [values.yaml]
containerSecurityContext :
runAsNonRoot : true
readOnlyRootFilesystem : true
allowPrivilegeEscalation : false
2023-12-30 17:02:10 +00:00
runAsUser : 1000
2023-01-04 09:49:30 +00:00
seccompProfile :
type : RuntimeDefault
capabilities :
drop :
- ALL
# -- Resource limits and requests for the argocd-extensions container
resources : {}
# limits:
# cpu: 50m
# memory: 128Mi
# requests:
# cpu: 10m
# memory: 64Mi
# -- Additional containers to be added to the server pod
2023-01-10 12:31:57 +00:00
## Note: Supports use of custom Helm templates
2023-01-04 09:49:30 +00:00
extraContainers : [ ]
# - name: my-sidecar
# image: nginx:latest
# - name: lemonldap-ng-controller
# image: lemonldapng/lemonldap-ng-controller:0.2.0
# args:
# - /lemonldap-ng-controller
# - --alsologtostderr
# - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
# env:
# - name: POD_NAME
# valueFrom:
# fieldRef:
# fieldPath: metadata.name
# - name: POD_NAMESPACE
# valueFrom:
# fieldRef:
# fieldPath: metadata.namespace
# volumeMounts:
# - name: copy-portal-skins
# mountPath: /srv/var/lib/lemonldap-ng/portal/skins
# -- Init containers to add to the server pod
## If your target Kubernetes cluster(s) require a custom credential (exec) plugin
## you could use this (and the same in the application controller pod) to provide such executable
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
initContainers : [ ]
# - name: download-tools
# image: alpine:3
# command: [sh, -c]
# args:
# - wget -qO kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.0.25/kubelogin-linux-amd64.zip &&
# unzip kubelogin.zip && mv bin/linux_amd64/kubelogin /custom-tools/
# volumeMounts:
# - mountPath: /custom-tools
# name: custom-tools
# -- Additional volumeMounts to the server main container
volumeMounts : [ ]
# - mountPath: /usr/local/bin/kubelogin
# name: custom-tools
# subPath: kubelogin
# -- Additional volumes to the server pod
volumes : [ ]
# - name: custom-tools
# emptyDir: {}
2019-11-05 00:17:25 +00:00
2024-04-02 13:36:34 +00:00
## Argo CD server emptyDir volumes
emptyDir :
# -- EmptyDir size limit for the Argo CD server
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit : ""
# sizeLimit: "1Gi"
2022-11-30 23:25:22 +00:00
# -- Annotations to be added to server Deployment
deploymentAnnotations : {}
2021-10-21 11:33:45 +00:00
# -- Annotations to be added to server pods
2019-11-05 00:17:25 +00:00
podAnnotations : {}
2021-10-21 11:33:45 +00:00
# -- Labels to be added to server pods
2019-11-05 00:17:25 +00:00
podLabels : {}
2023-01-04 09:49:30 +00:00
# -- Resource limits and requests for the Argo CD server
resources : {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 50m
# memory: 64Mi
2023-01-21 12:07:14 +00:00
# Server container ports
containerPorts :
# -- Server container port
server : 8080
# -- Metrics container port
2023-03-15 19:27:34 +00:00
metrics : 8083
2023-01-21 12:07:14 +00:00
2023-02-06 04:40:13 +00:00
# -- Host Network for Server pods
hostNetwork : false
2023-02-15 00:11:16 +00:00
# -- [DNS configuration]
dnsConfig : {}
2023-02-06 04:40:13 +00:00
# -- Alternative DNS policy for Server pods
dnsPolicy : "ClusterFirst"
2023-01-21 12:07:14 +00:00
# -- Server container-level security context
# @default -- See [values.yaml]
containerSecurityContext :
runAsNonRoot : true
readOnlyRootFilesystem : true
allowPrivilegeEscalation : false
seccompProfile :
type : RuntimeDefault
capabilities :
drop :
- ALL
2019-11-05 00:17:25 +00:00
## Readiness and liveness probes for default backend
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2019-11-05 00:17:25 +00:00
readinessProbe :
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2019-11-05 00:17:25 +00:00
failureThreshold : 3
2021-10-21 11:33:45 +00:00
# -- Number of seconds after the container has started before [probe] is initiated
2019-11-05 00:17:25 +00:00
initialDelaySeconds : 10
2021-10-21 11:33:45 +00:00
# -- How often (in seconds) to perform the [probe]
2019-11-05 00:17:25 +00:00
periodSeconds : 10
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2019-11-05 00:17:25 +00:00
successThreshold : 1
2021-10-21 11:33:45 +00:00
# -- Number of seconds after which the [probe] times out
2019-11-05 00:17:25 +00:00
timeoutSeconds : 1
2023-01-21 12:07:14 +00:00
2019-11-05 00:17:25 +00:00
livenessProbe :
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2019-11-05 00:17:25 +00:00
failureThreshold : 3
2021-10-21 11:33:45 +00:00
# -- Number of seconds after the container has started before [probe] is initiated
2019-11-05 00:17:25 +00:00
initialDelaySeconds : 10
2021-10-21 11:33:45 +00:00
# -- How often (in seconds) to perform the [probe]
2019-11-05 00:17:25 +00:00
periodSeconds : 10
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2019-11-05 00:17:25 +00:00
successThreshold : 1
2021-10-21 11:33:45 +00:00
# -- Number of seconds after which the [probe] times out
2019-11-05 00:17:25 +00:00
timeoutSeconds : 1
2023-10-27 09:43:52 +00:00
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds : 30
2023-03-02 14:28:23 +00:00
# -- Priority class for the Argo CD server pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName : ""
2021-10-21 11:33:45 +00:00
# -- [Node selector]
2023-03-02 14:28:23 +00:00
# @default -- `{}` (defaults to global.nodeSelector)
2019-11-05 00:17:25 +00:00
nodeSelector : {}
2023-03-02 14:28:23 +00:00
2021-10-21 11:33:45 +00:00
# -- [Tolerations] for use with node taints
2023-03-02 14:28:23 +00:00
# @default -- `[]` (defaults to global.tolerations)
2019-11-07 10:06:22 +00:00
tolerations : [ ]
2023-03-02 14:28:23 +00:00
2021-10-21 11:33:45 +00:00
# -- Assign custom [affinity] rules to the deployment
2023-02-17 16:38:17 +00:00
# @default -- `{}` (defaults to global.affinity preset)
2019-11-05 00:17:25 +00:00
affinity : {}
2021-10-21 11:33:45 +00:00
# -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server
2023-03-02 14:28:23 +00:00
# @default -- `[]` (defaults to global.topologySpreadConstraints)
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2021-10-21 11:33:45 +00:00
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
2021-09-17 13:57:26 +00:00
topologySpreadConstraints : [ ]
2023-03-02 14:28:23 +00:00
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
2019-11-05 00:17:25 +00:00
2023-04-03 09:58:50 +00:00
# -- Deployment strategy to be added to the server Deployment
deploymentStrategy : {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
2022-10-30 22:03:30 +00:00
# TLS certificate configuration via cert-manager
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
2019-11-05 00:17:25 +00:00
certificate :
2022-04-03 09:13:56 +00:00
# -- Deploy a Certificate resource (requires cert-manager)
2019-11-05 00:17:25 +00:00
enabled : false
2022-04-03 09:13:56 +00:00
# -- Certificate primary domain (commonName)
2024-02-16 14:44:51 +00:00
# @default -- `""` (defaults to global.domain)
domain : ""
2022-10-30 22:03:30 +00:00
# -- Certificate Subject Alternate Names (SANs)
additionalHosts : [ ]
# -- The requested 'duration' (i.e. lifetime) of the certificate.
# @default -- `""` (defaults to 2160h = 90d if not specified)
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
2022-04-03 09:13:56 +00:00
duration : ""
2022-10-30 22:03:30 +00:00
# -- How long before the expiry a certificate should be renewed.
# @default -- `""` (defaults to 360h = 15d if not specified)
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
2022-04-03 09:13:56 +00:00
renewBefore : ""
2022-10-30 22:03:30 +00:00
# Certificate issuer
## Ref: https://cert-manager.io/docs/concepts/issuer
issuer :
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
group : ""
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
kind : ""
2023-02-26 16:34:01 +00:00
# -- Certificate issuer name. Eg. `letsencrypt`
2022-10-30 22:03:30 +00:00
name : ""
2022-09-19 21:36:26 +00:00
# Private key of the certificate
privateKey :
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
rotationPolicy : Never
# -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
encoding : PKCS1
# -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
algorithm : RSA
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
size : 2048
2023-07-11 13:01:02 +00:00
# -- Annotations to be applied to the Server Certificate
annotations : {}
2023-07-02 08:07:17 +00:00
# -- Usages for the certificate
### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage
usages : [ ]
2024-06-19 14:04:02 +00:00
# -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources
secretTemplateAnnotations : {}
2022-10-30 22:03:30 +00:00
# TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
certificateSecret :
# -- Create argocd-server-tls secret
enabled : false
# -- Annotations to be added to argocd-server-tls secret
annotations : {}
# -- Labels to be added to argocd-server-tls secret
labels : {}
# -- Private Key of the certificate
key : ''
# -- Certificate data
crt : ''
2019-11-05 00:17:25 +00:00
## Server service configuration
service :
2021-10-21 11:33:45 +00:00
# -- Server service annotations
2019-11-05 00:17:25 +00:00
annotations : {}
2021-10-21 11:33:45 +00:00
# -- Server service labels
2019-11-05 00:17:25 +00:00
labels : {}
2021-10-21 11:33:45 +00:00
# -- Server service type
2019-11-05 00:17:25 +00:00
type : ClusterIP
2021-10-21 11:33:45 +00:00
# -- Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort")
2021-02-16 23:38:40 +00:00
nodePortHttp : 30080
2021-10-21 11:33:45 +00:00
# -- Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort")
2021-02-16 23:38:40 +00:00
nodePortHttps : 30443
2021-10-21 11:33:45 +00:00
# -- Server service http port
2019-11-05 00:17:25 +00:00
servicePortHttp : 80
2021-10-21 11:33:45 +00:00
# -- Server service https port
2019-11-05 00:17:25 +00:00
servicePortHttps : 443
2021-10-21 11:33:45 +00:00
# -- Server service http port name, can be used to route traffic via istio
2020-05-04 19:18:56 +00:00
servicePortHttpName : http
2021-10-21 11:33:45 +00:00
# -- Server service https port name, can be used to route traffic via istio
2020-05-04 19:18:56 +00:00
servicePortHttpsName : https
2024-05-13 22:59:03 +00:00
# -- Server service https port appProtocol
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
servicePortHttpsAppProtocol : ""
2024-06-18 01:13:21 +00:00
# -- The class of the load balancer implementation
loadBalancerClass : ""
2021-10-21 11:33:45 +00:00
# -- LoadBalancer will get created with the IP specified in this field
2020-04-14 21:15:17 +00:00
loadBalancerIP : ""
2021-10-21 11:33:45 +00:00
# -- Source IP ranges to allow access to service from
2025-01-02 06:18:00 +00:00
## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer
## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb
2020-04-09 16:02:23 +00:00
loadBalancerSourceRanges : [ ]
2021-10-21 11:33:45 +00:00
# -- Server service external IPs
2021-02-15 14:11:15 +00:00
externalIPs : [ ]
2021-10-21 11:33:45 +00:00
# -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
2024-05-13 22:59:03 +00:00
## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
externalTrafficPolicy : Cluster
2021-10-21 11:33:45 +00:00
# -- Used to maintain session affinity. Supports `ClientIP` and `None`
2024-05-13 22:59:03 +00:00
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
sessionAffinity : None
2019-11-05 00:17:25 +00:00
## Server metrics service configuration
metrics :
2021-10-21 11:33:45 +00:00
# -- Deploy metrics service
2019-11-05 00:17:25 +00:00
enabled : false
service :
2023-05-11 00:39:56 +00:00
# -- Metrics service type
type : ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP : ""
2021-10-21 11:33:45 +00:00
# -- Metrics service annotations
2019-11-05 00:17:25 +00:00
annotations : {}
2021-10-21 11:33:45 +00:00
# -- Metrics service labels
2019-11-05 00:17:25 +00:00
labels : {}
2021-10-21 11:33:45 +00:00
# -- Metrics service port
2019-11-05 00:17:25 +00:00
servicePort : 8083
2022-05-10 07:40:49 +00:00
# -- Metrics service port name
portName : http-metrics
2019-11-05 00:17:25 +00:00
serviceMonitor :
2021-10-21 11:33:45 +00:00
# -- Enable a prometheus ServiceMonitor
2019-11-05 00:17:25 +00:00
enabled : false
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor interval
2021-05-21 12:43:10 +00:00
interval : 30s
2024-02-12 18:36:39 +00:00
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout : ""
2024-11-10 01:42:00 +00:00
# -- When true, honorLabels preserves the metric’ ’
honorLabels : false
2021-10-21 11:33:45 +00:00
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
2021-08-25 15:04:29 +00:00
relabelings : [ ]
2021-10-21 11:33:45 +00:00
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
2021-08-25 15:04:29 +00:00
metricRelabelings : [ ]
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor selector
selector : {}
# prometheus: kube-prometheus
2022-05-10 07:40:49 +00:00
# -- Prometheus ServiceMonitor scheme
scheme : ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig : {}
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor namespace
namespace : "" # monitoring
# -- Prometheus ServiceMonitor labels
additionalLabels : {}
2022-10-21 08:10:53 +00:00
# -- Prometheus ServiceMonitor annotations
annotations : {}
2019-11-05 00:17:25 +00:00
2024-04-10 20:05:47 +00:00
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken : true
2019-11-05 00:17:25 +00:00
serviceAccount :
2021-10-21 11:33:45 +00:00
# -- Create server service account
2019-11-05 00:17:25 +00:00
create : true
2021-10-21 11:33:45 +00:00
# -- Server service account name
2019-11-05 00:17:25 +00:00
name : argocd-server
2021-10-21 11:33:45 +00:00
# -- Annotations applied to created service account
2020-06-24 13:48:41 +00:00
annotations : {}
2022-10-06 14:31:51 +00:00
# -- Labels applied to created service account
labels : {}
2021-10-21 11:33:45 +00:00
# -- Automount API credentials for the Service Account
2021-03-18 22:04:52 +00:00
automountServiceAccountToken : true
2019-11-05 00:17:25 +00:00
2024-02-07 21:40:05 +00:00
# Argo CD server ingress configuration
2019-11-05 00:17:25 +00:00
ingress :
2021-10-21 11:33:45 +00:00
# -- Enable an ingress resource for the Argo CD server
2019-11-05 00:17:25 +00:00
enabled : false
2024-02-07 21:40:05 +00:00
# -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke`
## Additional configuration might be required in related configuration sections
controller : generic
2021-10-21 11:33:45 +00:00
# -- Additional ingress labels
2019-11-05 00:17:25 +00:00
labels : {}
2024-02-07 21:40:05 +00:00
# -- Additional ingress annotations
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
annotations : {}
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
2021-10-21 11:33:45 +00:00
# -- Defines which ingress controller will implement the resource
2021-04-21 19:31:16 +00:00
ingressClassName : ""
2019-11-05 00:17:25 +00:00
2024-02-07 21:40:05 +00:00
# -- Argo CD server hostname
2024-02-16 14:44:51 +00:00
# @default -- `""` (defaults to global.domain)
hostname : ""
2024-02-07 21:40:05 +00:00
# -- The path to Argo CD server
path : /
2021-10-21 11:33:45 +00:00
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
2021-07-05 09:52:59 +00:00
pathType : Prefix
2024-02-07 21:40:05 +00:00
# -- Enable TLS configuration for the hostname defined at `server.ingress.hostname`
## TLS certificate will be retrieved from a TLS secret `argocd-server-tls`
## You can create this secret via `certificate` or `certificateSecret` option
tls : false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts : [ ]
# - name: argocd.example.com
# path: /
2021-10-21 11:33:45 +00:00
# -- Additional ingress paths
2024-02-07 21:40:05 +00:00
# @default -- `[]` (See [values.yaml])
2024-02-29 19:45:29 +00:00
## Note: Supports use of custom Helm templates
2022-12-29 16:26:36 +00:00
extraPaths : [ ]
2021-05-31 20:15:09 +00:00
# - path: /*
# pathType: Prefix
# backend:
2021-06-25 06:06:59 +00:00
# service:
2021-05-31 20:15:09 +00:00
# name: ssl-redirect
# port:
# name: use-annotation
2021-10-21 11:33:45 +00:00
2024-02-07 21:40:05 +00:00
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
2024-02-29 19:45:29 +00:00
## Note: Supports use of custom Helm templates
2024-02-07 21:40:05 +00:00
extraRules : [ ]
2024-02-29 19:45:29 +00:00
# - http:
# paths:
# - path: /
# pathType: Prefix
2024-02-07 21:40:05 +00:00
# backend:
# service:
2024-02-29 19:45:29 +00:00
# name: '{{ include "argo-cd.server.fullname" . }}'
2024-02-07 21:40:05 +00:00
# port:
2024-02-29 19:45:29 +00:00
# name: '{{ .Values.server.service.servicePortHttpsName }}'
2024-02-07 21:40:05 +00:00
# -- Additional TLS configuration
# @default -- `[]` (See [values.yaml])
extraTls : [ ]
# - hosts:
# - argocd.example.com
# secretName: your-certificate-name
# AWS specific options for Application Load Balancer
# Applies only when `serv.ingress.controller` is set to `aws`
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode
aws :
# -- Backend protocol version for the AWS ALB gRPC service
2024-02-29 11:24:21 +00:00
## This tells AWS to send traffic from the ALB using gRPC.
## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings
backendProtocolVersion : GRPC
2024-02-07 21:40:05 +00:00
# -- Service type for the AWS ALB gRPC service
## Can be of type NodePort or ClusterIP depending on which mode you are running.
## Instance mode needs type NodePort, IP mode needs type ClusterIP
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic
serviceType : NodePort
2021-10-21 11:33:45 +00:00
2024-02-07 21:40:05 +00:00
# Google specific options for Google Application Load Balancer
# Applies only when `server.ingress.controller` is set to `gke`
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress
gke :
# -- Google [BackendConfig] resource, for use with the GKE Ingress Controller
# @default -- `{}` (See [values.yaml])
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
backendConfig : {}
# iap:
# enabled: true
# oauthclientCredentials:
# secretName: argocd-secret
# -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller
# @default -- `{}` (See [values.yaml])
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
frontendConfig : {}
# redirectToHttps:
# enabled: true
# responseCodeName: RESPONSE_CODE
# Managed GKE certificate for ingress hostname
managedCertificate :
# -- Create ManagedCertificate resource and annotations for Google Load balancer
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
create : true
# -- Additional domains for ManagedCertificate resource
extraDomains : [ ]
# - argocd.example.com
# Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
2020-06-26 13:25:00 +00:00
ingressGrpc :
2021-10-21 11:33:45 +00:00
# -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress]
2020-06-26 13:25:00 +00:00
enabled : false
2021-10-21 11:33:45 +00:00
# -- Additional ingress annotations for dedicated [gRPC-ingress]
2020-06-26 13:25:00 +00:00
annotations : {}
2021-10-21 11:33:45 +00:00
# -- Additional ingress labels for dedicated [gRPC-ingress]
2020-06-26 13:25:00 +00:00
labels : {}
2021-10-21 11:33:45 +00:00
# -- Defines which ingress controller will implement the resource [gRPC-ingress]
2021-04-21 19:31:16 +00:00
ingressClassName : ""
2020-06-26 13:25:00 +00:00
2024-02-07 21:40:05 +00:00
# -- Argo CD server hostname for dedicated [gRPC-ingress]
2024-02-11 14:52:23 +00:00
# @default -- `""` (defaults to grpc.`server.ingress.hostname`)
2024-02-07 21:40:05 +00:00
hostname : ""
# -- Argo CD server ingress path for dedicated [gRPC-ingress]
path : /
2021-08-11 15:44:18 +00:00
2021-10-21 11:33:45 +00:00
# -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific`
2021-07-05 09:52:59 +00:00
pathType : Prefix
2024-02-07 21:40:05 +00:00
# -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname`
2024-02-11 14:52:23 +00:00
## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls`
2024-02-07 21:40:05 +00:00
tls : false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts : [ ]
# - name: grpc.argocd.example.com
# path: /
2021-10-21 11:33:45 +00:00
# -- Additional ingress paths for dedicated [gRPC-ingress]
2024-02-07 21:40:05 +00:00
# @default -- `[]` (See [values.yaml])
2024-02-29 19:45:29 +00:00
## Note: Supports use of custom Helm templates
2022-12-29 16:26:36 +00:00
extraPaths : [ ]
2021-05-31 20:15:09 +00:00
# - path: /*
# pathType: Prefix
# backend:
2021-06-25 06:06:59 +00:00
# service:
2021-05-31 20:15:09 +00:00
# name: ssl-redirect
# port:
# name: use-annotation
2021-10-21 11:33:45 +00:00
2024-02-07 21:40:05 +00:00
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
2024-02-29 19:45:29 +00:00
## Note: Supports use of custom Helm templates
2024-02-07 21:40:05 +00:00
extraRules : [ ]
2024-02-29 19:45:29 +00:00
# - http:
# paths:
# - path: /
# pathType: Prefix
2024-02-07 21:40:05 +00:00
# backend:
# service:
2024-02-29 19:45:29 +00:00
# name: '{{ include "argo-cd.server.fullname" . }}'
2024-02-07 21:40:05 +00:00
# port:
2024-02-29 19:45:29 +00:00
# name: '{{ .Values.server.service.servicePortHttpName }}'
2024-02-07 21:40:05 +00:00
# -- Additional TLS configuration for dedicated [gRPC-ingress]
# @default -- `[]` (See [values.yaml])
extraTls : [ ]
2022-10-30 22:03:30 +00:00
# - secretName: your-certificate-name
2020-06-26 13:25:00 +00:00
# hosts:
# - argocd.example.com
2021-10-21 11:33:45 +00:00
2019-11-07 08:20:31 +00:00
# Create a OpenShift Route with SSL passthrough for UI and CLI
# Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
# Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain:
# If 'hostname' is an empty string "" OpenShift will create a hostname for you.
route :
2021-11-10 17:18:13 +00:00
# -- Enable an OpenShift Route for the Argo CD server
2019-11-07 08:20:31 +00:00
enabled : false
2021-11-10 17:18:13 +00:00
# -- Openshift Route annotations
annotations : {}
# -- Hostname of OpenShift Route
2019-11-07 08:20:31 +00:00
hostname : ""
2021-11-10 17:18:13 +00:00
# -- Termination type of Openshift Route
termination_type : passthrough
# -- Termination policy of Openshift Route
termination_policy : None
2019-11-07 08:20:31 +00:00
2024-04-02 05:03:37 +00:00
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
clusterRoleRules :
# -- Enable custom rules for the server's ClusterRole resource
enabled : false
# -- List of custom rules for the server's ClusterRole resource
rules : [ ]
2019-11-05 00:17:25 +00:00
## Repo Server
repoServer :
2021-10-21 11:33:45 +00:00
# -- Repo server name
2019-11-05 00:17:25 +00:00
name : repo-server
2021-10-21 11:33:45 +00:00
# -- The number of repo server pods to run
2020-02-05 20:32:17 +00:00
replicas : 1
2024-09-20 07:59:01 +00:00
# -- Runtime class name for the repo server
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName : ""
2022-10-12 12:55:33 +00:00
## Repo server Horizontal Pod Autoscaler
2020-02-17 00:14:39 +00:00
autoscaling :
2021-10-21 11:33:45 +00:00
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server
2020-02-17 00:14:39 +00:00
enabled : false
2021-10-21 11:33:45 +00:00
# -- Minimum number of replicas for the repo server [HPA]
2020-02-17 00:14:39 +00:00
minReplicas : 1
2021-10-21 11:33:45 +00:00
# -- Maximum number of replicas for the repo server [HPA]
2020-02-17 00:14:39 +00:00
maxReplicas : 5
2021-10-21 11:33:45 +00:00
# -- Average CPU utilization percentage for the repo server [HPA]
2020-02-17 00:14:39 +00:00
targetCPUUtilizationPercentage : 50
2021-10-21 11:33:45 +00:00
# -- Average memory utilization percentage for the repo server [HPA]
2020-02-17 00:14:39 +00:00
targetMemoryUtilizationPercentage : 50
2022-08-25 06:40:50 +00:00
# -- Configures the scaling behavior of the target in both Up and Down directions.
behavior : {}
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 1
# periodSeconds: 180
# scaleUp:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 2
# periodSeconds: 60
2023-07-17 12:20:47 +00:00
# -- Configures custom HPA metrics for the Argo CD repo server
# Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
metrics : [ ]
2020-02-17 00:14:39 +00:00
2022-10-12 12:55:33 +00:00
## Repo server Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb :
# -- Deploy a [PodDisruptionBudget] for the repo server
enabled : false
# -- Labels to be added to repo server pdb
labels : {}
# -- Annotations to be added to repo server pdb
annotations : {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable : ""
2023-02-26 16:34:01 +00:00
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
2022-10-12 12:55:33 +00:00
## Has higher precedence over `repoServer.pdb.minAvailable`
maxUnavailable : ""
## Repo server image
2019-11-21 04:40:15 +00:00
image :
2021-10-21 11:33:45 +00:00
# -- Repository to use for the repo server
# @default -- `""` (defaults to global.image.repository)
2023-01-04 09:49:30 +00:00
repository : ""
2021-10-21 11:33:45 +00:00
# -- Tag to use for the repo server
# @default -- `""` (defaults to global.image.tag)
2023-01-04 09:49:30 +00:00
tag : ""
2021-10-21 11:33:45 +00:00
# -- Image pull policy for the repo server
# @default -- `""` (defaults to global.image.imagePullPolicy)
2023-01-04 09:49:30 +00:00
imagePullPolicy : ""
2021-10-21 11:33:45 +00:00
2022-10-10 20:46:11 +00:00
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets : [ ]
2021-10-21 11:33:45 +00:00
# -- Additional command line arguments to pass to repo server
2020-03-25 16:54:54 +00:00
extraArgs : [ ]
2019-11-05 00:17:25 +00:00
2021-10-21 11:33:45 +00:00
# -- Environment variables to pass to repo server
2019-12-05 23:50:47 +00:00
env : [ ]
2021-10-21 11:33:45 +00:00
# -- envFrom to pass to repo server
# @default -- `[]` (See [values.yaml])
2021-05-21 16:43:24 +00:00
envFrom : [ ]
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
2023-05-17 13:40:18 +00:00
# -- Specify postStart and preStop lifecycle hooks for your argo-repo-server container
lifecycle : {}
2023-01-04 09:49:30 +00:00
# -- Additional containers to be added to the repo server pod
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/
2023-01-10 12:31:57 +00:00
## Note: Supports use of custom Helm templates
2023-01-04 09:49:30 +00:00
extraContainers : [ ]
2023-03-12 14:00:24 +00:00
# - name: cmp-my-plugin
# command:
# - "/var/run/argocd/argocd-cmp-server"
# image: busybox
# securityContext:
# runAsNonRoot: true
# runAsUser: 999
# volumeMounts:
# - mountPath: /var/run/argocd
# name: var-files
# - mountPath: /home/argocd/cmp-server/plugins
# name: plugins
# # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
# - mountPath: /home/argocd/cmp-server/config/plugin.yaml
# subPath: my-plugin.yaml
# name: argocd-cmp-cm
# # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
# # mitigate path traversal attacks.
# - mountPath: /tmp
# name: cmp-tmp
# - name: cmp-my-plugin2
# command:
# - "/var/run/argocd/argocd-cmp-server"
# image: busybox
# securityContext:
# runAsNonRoot: true
# runAsUser: 999
# volumeMounts:
# - mountPath: /var/run/argocd
# name: var-files
# # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
# - mountPath: /home/argocd/cmp-server/plugins
# name: plugins
# - mountPath: /home/argocd/cmp-server/config/plugin.yaml
# subPath: my-plugin2.yaml
# name: argocd-cmp-cm
# # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
# # mitigate path traversal attacks.
# - mountPath: /tmp
# name: cmp-tmp
2023-01-04 09:49:30 +00:00
# -- Init containers to add to the repo server pods
initContainers : [ ]
# -- Additional volumeMounts to the repo server main container
volumeMounts : [ ]
# -- Additional volumes to the repo server pod
volumes : [ ]
2023-03-12 14:00:24 +00:00
# - name: argocd-cmp-cm
2023-01-04 09:49:30 +00:00
# configMap:
2023-03-12 14:00:24 +00:00
# name: argocd-cmp-cm
2023-01-04 09:49:30 +00:00
# - name: cmp-tmp
# emptyDir: {}
2019-11-05 00:17:25 +00:00
2024-01-18 13:56:33 +00:00
# -- Volumes to be used in replacement of emptydir on default volumes
existingVolumes : {}
# gpgKeyring:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-keyring
# helmWorkingDir:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-workdir
# tmp:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-tmp
# varFiles:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-varfiles
# plugins:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-plugins
2024-04-02 13:36:34 +00:00
## RepoServer emptyDir volumes
emptyDir :
# -- EmptyDir size limit for repo server
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit : ""
# sizeLimit: "1Gi"
2023-09-09 08:55:47 +00:00
# -- Toggle the usage of a ephemeral Helm working directory
useEphemeralHelmWorkingDir : true
2022-11-30 23:25:22 +00:00
# -- Annotations to be added to repo server Deployment
deploymentAnnotations : {}
2021-10-21 11:33:45 +00:00
# -- Annotations to be added to repo server pods
2019-11-05 00:17:25 +00:00
podAnnotations : {}
2021-10-21 11:33:45 +00:00
# -- Labels to be added to repo server pods
2019-11-05 00:17:25 +00:00
podLabels : {}
2023-01-04 09:49:30 +00:00
# -- Resource limits and requests for the repo server pods
resources : {}
# limits:
# cpu: 50m
# memory: 128Mi
# requests:
# cpu: 10m
# memory: 64Mi
2023-01-21 12:07:14 +00:00
# Repo server container ports
containerPorts :
# -- Repo server container port
server : 8081
# -- Metrics container port
metrics : 8084
2023-02-06 04:40:13 +00:00
# -- Host Network for Repo server pods
hostNetwork : false
2023-02-15 00:11:16 +00:00
# -- [DNS configuration]
dnsConfig : {}
2023-02-06 04:40:13 +00:00
# -- Alternative DNS policy for Repo server pods
dnsPolicy : "ClusterFirst"
2023-01-21 12:07:14 +00:00
# -- Repo server container-level security context
# @default -- See [values.yaml]
containerSecurityContext :
runAsNonRoot : true
readOnlyRootFilesystem : true
allowPrivilegeEscalation : false
seccompProfile :
type : RuntimeDefault
capabilities :
drop :
- ALL
2019-11-05 00:17:25 +00:00
## Readiness and liveness probes for default backend
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2019-11-05 00:17:25 +00:00
readinessProbe :
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2019-11-05 00:17:25 +00:00
failureThreshold : 3
2021-10-21 11:33:45 +00:00
# -- Number of seconds after the container has started before [probe] is initiated
2019-11-05 00:17:25 +00:00
initialDelaySeconds : 10
2021-10-21 11:33:45 +00:00
# -- How often (in seconds) to perform the [probe]
2019-11-05 00:17:25 +00:00
periodSeconds : 10
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2019-11-05 00:17:25 +00:00
successThreshold : 1
2021-10-21 11:33:45 +00:00
# -- Number of seconds after which the [probe] times out
2019-11-05 00:17:25 +00:00
timeoutSeconds : 1
2023-01-21 12:07:14 +00:00
2019-11-05 00:17:25 +00:00
livenessProbe :
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2019-11-05 00:17:25 +00:00
failureThreshold : 3
2021-10-21 11:33:45 +00:00
# -- Number of seconds after the container has started before [probe] is initiated
2019-11-05 00:17:25 +00:00
initialDelaySeconds : 10
2021-10-21 11:33:45 +00:00
# -- How often (in seconds) to perform the [probe]
2019-11-05 00:17:25 +00:00
periodSeconds : 10
2021-10-21 11:33:45 +00:00
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2019-11-05 00:17:25 +00:00
successThreshold : 1
2021-10-21 11:33:45 +00:00
# -- Number of seconds after which the [probe] times out
2019-11-05 00:17:25 +00:00
timeoutSeconds : 1
2023-10-27 09:43:52 +00:00
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds : 30
2021-10-21 11:33:45 +00:00
# -- [Node selector]
2023-03-02 14:28:23 +00:00
# @default -- `{}` (defaults to global.nodeSelector)
2019-11-05 00:17:25 +00:00
nodeSelector : {}
2023-03-02 14:28:23 +00:00
2021-10-21 11:33:45 +00:00
# -- [Tolerations] for use with node taints
2023-03-02 14:28:23 +00:00
# @default -- `[]` (defaults to global.tolerations)
2019-11-07 10:06:22 +00:00
tolerations : [ ]
2023-03-02 14:28:23 +00:00
2021-10-21 11:33:45 +00:00
# -- Assign custom [affinity] rules to the deployment
2023-02-17 16:38:17 +00:00
# @default -- `{}` (defaults to global.affinity preset)
2019-11-05 00:17:25 +00:00
affinity : {}
2021-10-21 11:33:45 +00:00
# -- Assign custom [TopologySpreadConstraints] rules to the repo server
2023-03-02 14:28:23 +00:00
# @default -- `[]` (defaults to global.topologySpreadConstraints)
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2021-10-21 11:33:45 +00:00
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
2021-09-17 13:57:26 +00:00
topologySpreadConstraints : [ ]
2023-03-02 14:28:23 +00:00
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
2021-09-17 13:57:26 +00:00
2023-04-03 09:58:50 +00:00
# -- Deployment strategy to be added to the repo server Deployment
deploymentStrategy : {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
2023-03-02 14:28:23 +00:00
# -- Priority class for the repo server pods
# @default -- `""` (defaults to global.priorityClassName)
2019-11-05 00:17:25 +00:00
priorityClassName : ""
2022-11-29 21:14:17 +00:00
# TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server
## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers.
certificateSecret :
# -- Create argocd-repo-server-tls secret
enabled : false
# -- Annotations to be added to argocd-repo-server-tls secret
annotations : {}
# -- Labels to be added to argocd-repo-server-tls secret
labels : {}
# -- Certificate authority. Required for self-signed certificates.
ca : ''
# -- Certificate private key
key : ''
# -- Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc)
crt : ''
2019-11-05 00:17:25 +00:00
## Repo server service configuration
service :
2021-10-21 11:33:45 +00:00
# -- Repo server service annotations
2019-11-05 00:17:25 +00:00
annotations : {}
2021-10-21 11:33:45 +00:00
# -- Repo server service labels
2019-11-05 00:17:25 +00:00
labels : {}
2021-10-21 11:33:45 +00:00
# -- Repo server service port
2019-11-05 00:17:25 +00:00
port : 8081
2021-10-21 11:33:45 +00:00
# -- Repo server service port name
2024-02-13 08:23:39 +00:00
portName : tcp-repo-server
2019-11-05 00:17:25 +00:00
## Repo server metrics service configuration
metrics :
2021-10-21 11:33:45 +00:00
# -- Deploy metrics service
2019-11-05 00:17:25 +00:00
enabled : false
service :
2023-05-11 00:39:56 +00:00
# -- Metrics service type
type : ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP : ""
2021-10-21 11:33:45 +00:00
# -- Metrics service annotations
2019-11-05 00:17:25 +00:00
annotations : {}
2021-10-21 11:33:45 +00:00
# -- Metrics service labels
2019-11-05 00:17:25 +00:00
labels : {}
2021-10-21 11:33:45 +00:00
# -- Metrics service port
2019-11-05 00:17:25 +00:00
servicePort : 8084
2022-05-10 07:40:49 +00:00
# -- Metrics service port name
portName : http-metrics
2019-11-05 00:17:25 +00:00
serviceMonitor :
2021-10-21 11:33:45 +00:00
# -- Enable a prometheus ServiceMonitor
2019-11-05 00:17:25 +00:00
enabled : false
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor interval
2021-05-21 12:43:10 +00:00
interval : 30s
2024-02-12 18:36:39 +00:00
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout : ""
2024-11-10 01:42:00 +00:00
# -- When true, honorLabels preserves the metric’ ’
honorLabels : false
2021-10-21 11:33:45 +00:00
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
2021-08-25 15:04:29 +00:00
relabelings : [ ]
2021-10-21 11:33:45 +00:00
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
2021-08-25 15:04:29 +00:00
metricRelabelings : [ ]
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor selector
selector : {}
# prometheus: kube-prometheus
2022-05-10 07:40:49 +00:00
# -- Prometheus ServiceMonitor scheme
scheme : ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig : {}
2021-10-21 11:33:45 +00:00
# -- Prometheus ServiceMonitor namespace
namespace : "" # "monitoring"
# -- Prometheus ServiceMonitor labels
additionalLabels : {}
2022-10-21 08:10:53 +00:00
# -- Prometheus ServiceMonitor annotations
annotations : {}
2019-11-05 00:17:25 +00:00
2021-09-17 20:14:31 +00:00
## Enable Custom Rules for the Repo server's Cluster Role resource
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
clusterRoleRules :
2021-10-21 11:33:45 +00:00
# -- Enable custom rules for the Repo server's Cluster Role resource
2021-09-17 20:14:31 +00:00
enabled : false
2021-10-21 11:33:45 +00:00
# -- List of custom rules for the Repo server's Cluster Role resource
2021-09-17 20:14:31 +00:00
rules : [ ]
2024-04-10 20:05:47 +00:00
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken : true
2019-11-19 23:27:12 +00:00
## Repo server service account
## If create is set to true, make sure to uncomment the name and update the rbac section below
serviceAccount :
2021-10-21 11:33:45 +00:00
# -- Create repo server service account
2022-03-10 10:45:15 +00:00
create : true
2021-10-21 11:33:45 +00:00
# -- Repo server service account name
name : "" # "argocd-repo-server"
# -- Annotations applied to created service account
2019-11-19 23:27:12 +00:00
annotations : {}
2022-10-09 08:33:55 +00:00
# -- Labels applied to created service account
labels : {}
2021-10-21 11:33:45 +00:00
# -- Automount API credentials for the Service Account
2021-03-18 22:04:52 +00:00
automountServiceAccountToken : true
2019-11-19 23:27:12 +00:00
2021-10-21 11:33:45 +00:00
# -- Repo server rbac rules
rbac : [ ]
2019-12-09 23:03:02 +00:00
# - apiGroups:
# - argoproj.io
# resources:
# - applications
# verbs:
# - get
# - list
# - watch
2019-11-19 23:27:12 +00:00
2022-10-12 12:55:33 +00:00
## ApplicationSet controller
2022-03-16 21:01:30 +00:00
applicationSet :
2022-12-14 21:12:57 +00:00
# -- ApplicationSet controller name string
2022-03-16 21:01:30 +00:00
name : applicationset-controller
2022-10-12 12:55:33 +00:00
# -- The number of ApplicationSet controller pods to run
2023-08-09 08:35:48 +00:00
replicas : 1
2022-03-16 21:01:30 +00:00
2024-09-20 07:59:01 +00:00
# -- Runtime class name for the ApplicationSet controller
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName : ""
2022-10-12 12:55:33 +00:00
## ApplicationSet controller Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb :
# -- Deploy a [PodDisruptionBudget] for the ApplicationSet controller
enabled : false
# -- Labels to be added to ApplicationSet controller pdb
labels : {}
# -- Annotations to be added to ApplicationSet controller pdb
annotations : {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable : ""
2023-02-26 16:34:01 +00:00
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
2022-10-12 12:55:33 +00:00
## Has higher precedence over `applicationSet.pdb.minAvailable`
maxUnavailable : ""
## ApplicationSet controller image
2022-03-16 21:01:30 +00:00
image :
2022-12-14 21:12:57 +00:00
# -- Repository to use for the ApplicationSet controller
2022-06-14 10:10:08 +00:00
# @default -- `""` (defaults to global.image.repository)
repository : ""
2022-12-14 21:12:57 +00:00
# -- Tag to use for the ApplicationSet controller
2022-06-14 10:10:08 +00:00
# @default -- `""` (defaults to global.image.tag)
tag : ""
2022-12-14 21:12:57 +00:00
# -- Image pull policy for the ApplicationSet controller
2022-05-05 21:59:18 +00:00
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy : ""
2022-03-16 21:01:30 +00:00
2022-10-10 20:46:11 +00:00
# -- If defined, uses a Secret to pull an image from a private Docker registry or repository.
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets : [ ]
2024-02-07 21:40:05 +00:00
# -- ApplicationSet controller command line flags
2023-01-04 09:49:30 +00:00
extraArgs : [ ]
# -- Environment variables to pass to the ApplicationSet controller
extraEnv : [ ]
# - name: "MY_VAR"
# value: "value"
# -- envFrom to pass to the ApplicationSet controller
# @default -- `[]` (See [values.yaml])
extraEnvFrom : [ ]
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
2022-08-25 10:41:43 +00:00
2022-12-14 21:12:57 +00:00
# -- Additional containers to be added to the ApplicationSet controller pod
2023-01-10 12:31:57 +00:00
## Note: Supports use of custom Helm templates
2022-03-16 21:01:30 +00:00
extraContainers : [ ]
2023-01-10 12:31:57 +00:00
# -- Init containers to add to the ApplicationSet controller pod
## Note: Supports use of custom Helm templates
initContainers : [ ]
2023-01-04 09:49:30 +00:00
# -- List of extra mounts to add (normally used with extraVolumes)
extraVolumeMounts : [ ]
# -- List of extra volumes to add
extraVolumes : [ ]
2024-04-02 13:36:34 +00:00
## ApplicationSet controller emptyDir volumes
emptyDir :
# -- EmptyDir size limit for applicationSet controller
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit : ""
# sizeLimit: "1Gi"
2022-03-28 21:01:54 +00:00
## Metrics service configuration
2022-03-16 21:01:30 +00:00
metrics :
# -- Deploy metrics service
enabled : false
service :
2023-05-11 00:39:56 +00:00
# -- Metrics service type
type : ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP : ""
2022-03-16 21:01:30 +00:00
# -- Metrics service annotations
annotations : {}
# -- Metrics service labels
labels : {}
# -- Metrics service port
2023-06-23 13:59:14 +00:00
servicePort : 8080
2022-05-10 07:40:49 +00:00
# -- Metrics service port name
portName : http-metrics
2022-03-16 21:01:30 +00:00
serviceMonitor :
# -- Enable a prometheus ServiceMonitor
enabled : false
# -- Prometheus ServiceMonitor interval
interval : 30s
2024-02-12 18:36:39 +00:00
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout : ""
2024-11-10 01:42:00 +00:00
# -- When true, honorLabels preserves the metric’ ’
honorLabels : false
2022-03-16 21:01:30 +00:00
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings : [ ]
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings : [ ]
# -- Prometheus ServiceMonitor selector
selector : {}
# prometheus: kube-prometheus
2022-05-10 07:40:49 +00:00
# -- Prometheus ServiceMonitor scheme
scheme : ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig : {}
2022-03-16 21:01:30 +00:00
# -- Prometheus ServiceMonitor namespace
namespace : "" # monitoring
# -- Prometheus ServiceMonitor labels
additionalLabels : {}
2022-10-21 08:10:53 +00:00
# -- Prometheus ServiceMonitor annotations
annotations : {}
2022-03-16 21:01:30 +00:00
2022-12-14 21:12:57 +00:00
## ApplicationSet service configuration
2022-03-16 21:01:30 +00:00
service :
2022-12-14 21:12:57 +00:00
# -- ApplicationSet service annotations
2022-03-16 21:01:30 +00:00
annotations : {}
2022-12-14 21:12:57 +00:00
# -- ApplicationSet service labels
2022-03-16 21:01:30 +00:00
labels : {}
2023-05-08 11:22:52 +00:00
# -- ApplicationSet service type
type : ClusterIP
2022-12-14 21:12:57 +00:00
# -- ApplicationSet service port
2022-03-16 21:01:30 +00:00
port : 7000
2022-12-14 21:12:57 +00:00
# -- ApplicationSet service port name
2024-02-13 08:23:39 +00:00
portName : http-webhook
2022-03-16 21:01:30 +00:00
2024-04-10 20:05:47 +00:00
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken : true
2022-03-16 21:01:30 +00:00
serviceAccount :
2023-01-21 12:18:53 +00:00
# -- Create ApplicationSet controller service account
2022-03-16 21:01:30 +00:00
create : true
2023-01-21 12:18:53 +00:00
# -- ApplicationSet controller service account name
name : argocd-applicationset-controller
# -- Annotations applied to created service account
2022-03-16 21:01:30 +00:00
annotations : {}
2022-10-06 14:31:51 +00:00
# -- Labels applied to created service account
labels : {}
2023-01-21 12:18:53 +00:00
# -- Automount API credentials for the Service Account
automountServiceAccountToken : true
2022-03-16 21:01:30 +00:00
2022-11-30 23:25:22 +00:00
# -- Annotations to be added to ApplicationSet controller Deployment
deploymentAnnotations : {}
2022-12-14 21:12:57 +00:00
# -- Annotations for the ApplicationSet controller pods
2022-03-16 21:01:30 +00:00
podAnnotations : {}
2022-12-14 21:12:57 +00:00
# -- Labels for the ApplicationSet controller pods
2022-03-16 21:01:30 +00:00
podLabels : {}
2023-01-04 09:49:30 +00:00
# -- Resource limits and requests for the ApplicationSet controller pods.
resources : {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
2023-01-21 12:07:14 +00:00
# ApplicationSet controller container ports
containerPorts :
# -- Metrics container port
2023-06-23 13:59:14 +00:00
metrics : 8080
2023-01-21 12:07:14 +00:00
# -- Probe container port
probe : 8081
# -- Webhook container port
webhook : 7000
2023-02-15 00:11:16 +00:00
# -- [DNS configuration]
dnsConfig : {}
# -- Alternative DNS policy for ApplicationSet controller pods
dnsPolicy : "ClusterFirst"
2022-10-30 19:12:46 +00:00
# -- ApplicationSet controller container-level security context
# @default -- See [values.yaml]
containerSecurityContext :
runAsNonRoot : true
readOnlyRootFilesystem : true
allowPrivilegeEscalation : false
seccompProfile :
type : RuntimeDefault
capabilities :
drop :
- ALL
2022-03-16 21:01:30 +00:00
2022-10-30 15:37:04 +00:00
## Probes for ApplicationSet controller (optional)
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2022-10-30 15:37:04 +00:00
readinessProbe :
# -- Enable Kubernetes liveness probe for ApplicationSet controller
enabled : false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds : 10
# -- How often (in seconds) to perform the [probe]
periodSeconds : 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds : 1
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold : 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold : 3
livenessProbe :
# -- Enable Kubernetes liveness probe for ApplicationSet controller
enabled : false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds : 10
# -- How often (in seconds) to perform the [probe]
periodSeconds : 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds : 1
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold : 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold : 3
2023-10-27 09:43:52 +00:00
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds : 30
2022-03-16 21:01:30 +00:00
# -- [Node selector]
2023-03-02 14:28:23 +00:00
# @default -- `{}` (defaults to global.nodeSelector)
2022-03-16 21:01:30 +00:00
nodeSelector : {}
# -- [Tolerations] for use with node taints
2023-03-02 14:28:23 +00:00
# @default -- `[]` (defaults to global.tolerations)
2022-03-16 21:01:30 +00:00
tolerations : [ ]
# -- Assign custom [affinity] rules
2023-02-17 16:38:17 +00:00
# @default -- `{}` (defaults to global.affinity preset)
2022-03-16 21:01:30 +00:00
affinity : {}
2023-03-02 14:28:23 +00:00
# -- Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints : [ ]
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
2023-04-03 09:58:50 +00:00
# -- Deployment strategy to be added to the ApplicationSet controller Deployment
deploymentStrategy : {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
2023-03-02 14:28:23 +00:00
# -- Priority class for the ApplicationSet controller pods
# @default -- `""` (defaults to global.priorityClassName)
2022-03-16 21:01:30 +00:00
priorityClassName : ""
2023-05-13 11:01:19 +00:00
# TLS certificate configuration via cert-manager
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration
certificate :
# -- Deploy a Certificate resource (requires cert-manager)
enabled : false
# -- Certificate primary domain (commonName)
2024-02-16 14:44:51 +00:00
# @default -- `""` (defaults to global.domain)
domain : ""
2023-05-13 11:01:19 +00:00
# -- Certificate Subject Alternate Names (SANs)
additionalHosts : [ ]
# -- The requested 'duration' (i.e. lifetime) of the certificate.
# @default -- `""` (defaults to 2160h = 90d if not specified)
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
duration : ""
# -- How long before the expiry a certificate should be renewed.
# @default -- `""` (defaults to 360h = 15d if not specified)
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
renewBefore : ""
# Certificate issuer
## Ref: https://cert-manager.io/docs/concepts/issuer
issuer :
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
group : ""
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
kind : ""
# -- Certificate issuer name. Eg. `letsencrypt`
name : ""
# Private key of the certificate
privateKey :
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
rotationPolicy : Never
# -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
encoding : PKCS1
# -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
algorithm : RSA
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
size : 2048
2023-07-11 13:01:02 +00:00
# -- Annotations to be applied to the ApplicationSet Certificate
annotations : {}
2023-05-13 11:01:19 +00:00
2024-02-07 21:40:05 +00:00
## Ingress for the Git Generator webhook
## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
ingress :
# -- Enable an ingress resource for ApplicationSet webhook
enabled : false
# -- Additional ingress labels
labels : {}
# -- Additional ingress annotations
annotations : {}
# -- Defines which ingress ApplicationSet controller will implement the resource
ingressClassName : ""
# -- Argo CD ApplicationSet hostname
2024-02-16 14:44:51 +00:00
# @default -- `""` (defaults to global.domain)
hostname : ""
2024-02-07 21:40:05 +00:00
# -- List of ingress paths
path : /api/webhook
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType : Prefix
# -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname`
2024-02-14 10:52:32 +00:00
## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls`
2024-02-07 21:40:05 +00:00
tls : false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts : [ ]
# - name: argocd.example.com
# path: /
# -- Additional ingress paths
# @default -- `[]` (See [values.yaml])
extraPaths : [ ]
# - path: /*
# pathType: Prefix
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
2024-02-29 19:45:29 +00:00
## Note: Supports use of custom Helm templates
2024-02-07 21:40:05 +00:00
extraRules : [ ]
2024-02-29 19:45:29 +00:00
# - http:
# paths:
# - path: /api/webhook
# pathType: Prefix
# backend:
# service:
# name: '{{ include "argo-cd.applicationSet.fullname" . }}'
# port:
# name: '{{ .Values.applicationSet.service.portName }}'
2024-02-07 21:40:05 +00:00
# -- Additional ingress TLS configuration
# @default -- `[]` (See [values.yaml])
extraTls : [ ]
# - secretName: argocd-applicationset-tls
# hosts:
# - argocd-applicationset.example.com
2024-03-02 11:20:12 +00:00
# -- Enable ApplicationSet in any namespace feature
allowAnyNamespace : false
2022-10-12 12:55:33 +00:00
## Notifications controller
2022-03-16 21:01:30 +00:00
notifications :
2022-10-12 12:55:33 +00:00
# -- Enable notifications controller
2022-03-18 16:41:56 +00:00
enabled : true
2022-03-16 21:01:30 +00:00
# -- Notifications controller name string
name : notifications-controller
# -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates
2024-02-16 14:44:51 +00:00
# @default -- `""` (defaults to https://`global.domain`)
argocdUrl : ""
2022-03-16 21:01:30 +00:00
2024-09-20 07:59:01 +00:00
# -- Runtime class name for the notifications controller
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName : ""
2022-10-12 12:55:33 +00:00
## Notifications controller Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb :
# -- Deploy a [PodDisruptionBudget] for the notifications controller
enabled : false
# -- Labels to be added to notifications controller pdb
labels : {}
# -- Annotations to be added to notifications controller pdb
annotations : {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable : ""
2023-02-26 16:34:01 +00:00
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
2022-10-12 12:55:33 +00:00
## Has higher precedence over `notifications.pdb.minAvailable`
maxUnavailable : ""
## Notifications controller image
2022-03-16 21:01:30 +00:00
image :
# -- Repository to use for the notifications controller
# @default -- `""` (defaults to global.image.repository)
repository : ""
# -- Tag to use for the notifications controller
# @default -- `""` (defaults to global.image.tag)
tag : ""
# -- Image pull policy for the notifications controller
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy : ""
# -- Secrets with credentials to pull images from a private registry
2022-10-10 20:46:11 +00:00
# @default -- `[]` (defaults to global.imagePullSecrets)
2022-03-16 21:01:30 +00:00
imagePullSecrets : [ ]
2023-01-04 09:49:30 +00:00
# -- Notifications controller log format. Either `text` or `json`
# @default -- `""` (defaults to global.logging.format)
logFormat : ""
# -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error`
# @default -- `""` (defaults to global.logging.level)
logLevel : ""
# -- Extra arguments to provide to the notifications controller
extraArgs : [ ]
# -- Additional container environment variables
extraEnv : [ ]
# -- envFrom to pass to the notifications controller
# @default -- `[]` (See [values.yaml])
extraEnvFrom : [ ]
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
2023-01-10 12:31:57 +00:00
# -- Additional containers to be added to the notifications controller pod
## Note: Supports use of custom Helm templates
extraContainers : [ ]
# -- Init containers to add to the notifications controller pod
## Note: Supports use of custom Helm templates
initContainers : [ ]
2023-01-04 09:49:30 +00:00
# -- List of extra mounts to add (normally used with extraVolumes)
extraVolumeMounts : [ ]
# -- List of extra volumes to add
extraVolumes : [ ]
2022-03-16 21:01:30 +00:00
# -- Define user-defined context
2024-02-13 11:27:08 +00:00
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context
2022-03-16 21:01:30 +00:00
context : {}
# region: east
# environmentName: staging
secret :
2022-12-14 21:12:57 +00:00
# -- Whether helm chart creates notifications controller secret
2024-03-11 18:26:07 +00:00
## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name.
2022-03-16 21:01:30 +00:00
create : true
2024-03-11 18:26:07 +00:00
# -- notifications controller Secret name
name : "argocd-notifications-secret"
2022-03-16 21:01:30 +00:00
# -- key:value pairs of annotations to be added to the secret
annotations : {}
2023-07-27 21:44:15 +00:00
# -- key:value pairs of labels to be added to the secret
labels : {}
2022-03-16 21:01:30 +00:00
# -- Generic key:value pairs to be inserted into the secret
## Can be used for templates, notification services etc. Some examples given below.
2024-02-13 11:27:08 +00:00
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
2022-03-16 21:01:30 +00:00
items : {}
# slack-token:
2024-02-13 11:27:08 +00:00
# # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/
2022-03-16 21:01:30 +00:00
# grafana-apiKey:
2024-02-13 11:27:08 +00:00
# # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/
2022-03-16 21:01:30 +00:00
# webhooks-github-token:
# email-username:
# email-password:
2024-02-13 11:27:08 +00:00
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/
2022-03-16 21:01:30 +00:00
metrics :
# -- Enables prometheus metrics server
enabled : false
# -- Metrics port
port : 9001
service :
2023-05-11 00:39:56 +00:00
# -- Metrics service type
type : ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP : ""
2022-03-16 21:01:30 +00:00
# -- Metrics service annotations
annotations : {}
# -- Metrics service labels
labels : {}
2022-05-10 07:40:49 +00:00
# -- Metrics service port name
portName : http-metrics
2022-03-16 21:01:30 +00:00
serviceMonitor :
# -- Enable a prometheus ServiceMonitor
enabled : false
2022-03-17 17:15:20 +00:00
# -- Prometheus ServiceMonitor selector
selector : {}
# prometheus: kube-prometheus
2022-03-16 21:01:30 +00:00
# -- Prometheus ServiceMonitor labels
additionalLabels : {}
2022-10-21 08:10:53 +00:00
# -- Prometheus ServiceMonitor annotations
annotations : {}
2022-03-16 21:01:30 +00:00
# namespace: monitoring
# interval: 30s
# scrapeTimeout: 10s
2022-05-10 07:40:49 +00:00
# -- Prometheus ServiceMonitor scheme
scheme : ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig : {}
2024-11-10 01:42:00 +00:00
# -- When true, honorLabels preserves the metric’ ’
honorLabels : false
2022-12-20 13:18:07 +00:00
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings : [ ]
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings : [ ]
2022-03-16 21:01:30 +00:00
2022-04-12 14:28:04 +00:00
# -- Configures notification services such as slack, email or custom webhook
2022-03-16 21:01:30 +00:00
# @default -- See [values.yaml]
2024-02-13 11:27:08 +00:00
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
2022-03-29 11:24:04 +00:00
notifiers : {}
# service.slack: |
# token: $slack-token
2022-03-16 21:01:30 +00:00
2022-11-30 23:25:22 +00:00
# -- Annotations to be applied to the notifications controller Deployment
deploymentAnnotations : {}
2022-12-14 21:12:57 +00:00
# -- Annotations to be applied to the notifications controller Pods
2022-03-16 21:01:30 +00:00
podAnnotations : {}
2022-12-14 21:12:57 +00:00
# -- Labels to be applied to the notifications controller Pods
2022-03-16 21:01:30 +00:00
podLabels : {}
2023-01-04 09:49:30 +00:00
# -- Resource limits and requests for the notifications controller
resources : {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
2023-01-21 12:07:14 +00:00
# Notification controller container ports
containerPorts :
# -- Metrics container port
metrics : 9001
2023-02-15 00:11:16 +00:00
# -- [DNS configuration]
dnsConfig : {}
# -- Alternative DNS policy for notifications controller Pods
dnsPolicy : "ClusterFirst"
2022-10-30 19:12:46 +00:00
# -- Notification controller container-level security Context
# @default -- See [values.yaml]
containerSecurityContext :
runAsNonRoot : true
readOnlyRootFilesystem : true
allowPrivilegeEscalation : false
seccompProfile :
type : RuntimeDefault
capabilities :
drop :
- ALL
2022-03-16 21:01:30 +00:00
2024-08-12 15:28:21 +00:00
## Probes for notifications controller Pods (optional)
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2024-08-12 15:28:21 +00:00
readinessProbe :
# -- Enable Kubernetes liveness probe for notifications controller Pods
enabled : false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds : 10
# -- How often (in seconds) to perform the [probe]
periodSeconds : 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds : 1
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold : 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold : 3
livenessProbe :
# -- Enable Kubernetes liveness probe for notifications controller Pods
enabled : false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds : 10
# -- How often (in seconds) to perform the [probe]
periodSeconds : 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds : 1
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold : 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold : 3
2023-10-27 09:43:52 +00:00
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds : 30
2023-01-04 09:49:30 +00:00
# -- [Node selector]
2023-03-02 14:28:23 +00:00
# @default -- `{}` (defaults to global.nodeSelector)
2023-01-04 09:49:30 +00:00
nodeSelector : {}
# -- [Tolerations] for use with node taints
2023-03-02 14:28:23 +00:00
# @default -- `[]` (defaults to global.tolerations)
2023-01-04 09:49:30 +00:00
tolerations : [ ]
# -- Assign custom [affinity] rules
2023-02-17 16:38:17 +00:00
# @default -- `{}` (defaults to global.affinity preset)
2023-01-04 09:49:30 +00:00
affinity : {}
2023-03-02 14:28:23 +00:00
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
# @default -- `[]` (defaults to global.topologySpreadConstraints)
2025-01-02 06:18:00 +00:00
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2023-03-02 14:28:23 +00:00
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints : [ ]
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
2023-04-03 09:58:50 +00:00
# -- Deployment strategy to be added to the notifications controller Deployment
deploymentStrategy :
type : Recreate
2022-12-14 21:12:57 +00:00
# -- Priority class for the notifications controller pods
2023-03-02 14:28:23 +00:00
# @default -- `""` (defaults to global.priorityClassName)
2022-09-06 10:13:28 +00:00
priorityClassName : ""
2024-04-10 20:05:47 +00:00
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken : true
2022-03-16 21:01:30 +00:00
serviceAccount :
2023-01-21 12:18:53 +00:00
# -- Create notifications controller service account
2022-03-16 21:01:30 +00:00
create : true
2023-01-21 12:18:53 +00:00
# -- Notification controller service account name
2022-03-16 21:01:30 +00:00
name : argocd-notifications-controller
# -- Annotations applied to created service account
annotations : {}
2022-10-09 08:33:55 +00:00
# -- Labels applied to created service account
labels : {}
2023-01-21 12:18:53 +00:00
# -- Automount API credentials for the Service Account
automountServiceAccountToken : true
2022-03-16 21:01:30 +00:00
cm :
2022-12-14 21:12:57 +00:00
# -- Whether helm chart creates notifications controller config map
2022-03-16 21:01:30 +00:00
create : true
2023-10-30 14:42:32 +00:00
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
clusterRoleRules :
# -- List of custom rules for the notifications controller's ClusterRole resource
rules : [ ]
2022-03-16 21:01:30 +00:00
# -- Contains centrally managed global application subscriptions
2024-02-13 11:27:08 +00:00
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/
2022-03-28 13:17:43 +00:00
subscriptions : [ ]
2022-03-16 21:01:30 +00:00
# # subscription for on-sync-status-unknown trigger notifications
# - recipients:
# - slack:test2
# - email:test@gmail.com
# triggers:
# - on-sync-status-unknown
# # subscription restricted to applications with matching labels only
# - recipients:
# - slack:test3
# selector: test=true
# triggers:
# - on-sync-status-unknown
# -- The notification template is used to generate the notification content
2024-02-13 11:27:08 +00:00
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/
2022-03-16 21:01:30 +00:00
templates : {}
# template.app-deployed: |
# email:
# subject: New version of an application {{.app.metadata.name}} is up and running.
# message: |
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests.
# slack:
# attachments: |
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#18be52",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# },
# {
# "title": "Revision",
# "value": "{{.app.status.sync.revision}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-health-degraded: |
# email:
# subject: Application {{.app.metadata.name}} has degraded.
# message: |
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded.
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#f4c030",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-sync-failed: |
# email:
# subject: Failed to sync application {{.app.metadata.name}}.
# message: |
# {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#E96D76",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-sync-running: |
# email:
# subject: Start syncing application {{.app.metadata.name}}.
# message: |
# The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}.
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#0DADEA",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-sync-status-unknown: |
# email:
# subject: Application {{.app.metadata.name}} sync status is 'Unknown'
# message: |
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'.
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
# {{if ne .serviceType "slack"}}
# {{range $c := .app.status.conditions}}
# * {{$c.message}}
# {{end}}
# {{end}}
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#E96D76",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-sync-succeeded: |
# email:
# subject: Application {{.app.metadata.name}} has been successfully synced.
# message: |
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
# slack:
2022-03-29 11:24:04 +00:00
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#18be52",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
2022-03-16 21:01:30 +00:00
# -- The trigger defines the condition when the notification should be sent
2024-02-13 11:27:08 +00:00
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/
2022-03-16 21:01:30 +00:00
triggers : {}
# trigger.on-deployed: |
# - description: Application is synced and healthy. Triggered once per commit.
# oncePer: app.status.sync.revision
# send:
# - app-deployed
# when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
# trigger.on-health-degraded: |
# - description: Application has degraded
# send:
# - app-health-degraded
# when: app.status.health.status == 'Degraded'
# trigger.on-sync-failed: |
# - description: Application syncing has failed
# send:
# - app-sync-failed
# when: app.status.operationState.phase in ['Error', 'Failed']
# trigger.on-sync-running: |
# - description: Application is being synced
# send:
# - app-sync-running
# when: app.status.operationState.phase in ['Running']
# trigger.on-sync-status-unknown: |
# - description: Application status is 'Unknown'
# send:
# - app-sync-status-unknown
# when: app.status.sync.status == 'Unknown'
# trigger.on-sync-succeeded: |
# - description: Application syncing has succeeded
# send:
# - app-sync-succeeded
# when: app.status.operationState.phase in ['Succeeded']
#
2024-02-13 11:27:08 +00:00
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers
2022-03-16 21:01:30 +00:00
# defaultTriggers: |
# - on-sync-status-unknown
