argo-cd
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
## Argo CD configuration
2
## Ref: https://github.com/argoproj/argo-cd
3
##
4
5
# -- Provide a name in place of `argocd`
6
nameOverride: argocd
7
# -- String to fully override `"argo-cd.fullname"`
8
fullnameOverride: ""
9
# -- Override the namespace
10
# @default -- `.Release.Namespace`
11
namespaceOverride: ""
12
# -- Override the Kubernetes version, which is used to evaluate certain manifests
13
kubeVersionOverride: ""
14
# Override APIVersions
15
# If you want to template helm charts but cannot access k8s API server
16
# you can set api versions here
17
apiVersionOverrides: {}
18
# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources
19
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
20
createAggregateRoles: false
21
# -- Create cluster roles for cluster-wide installation.
22
## Used when you manage applications in the same cluster where Argo CD runs
23
createClusterRoles: true
24
openshift:
25
# -- enables using arbitrary uid for argo repo server
26
enabled: false
27
## Custom resource configuration
28
crds:
29
# -- Install and upgrade CRDs
30
install: true
31
# -- Keep CRDs on chart uninstall
32
keep: true
33
# -- Annotations to be added to all CRDs
34
annotations:
35
argocd.argoproj.io/sync-options: ServerSideApply=true
36
# -- Additional labels to be added to all CRDs
37
additionalLabels: {}
38
## Globally shared configuration
39
global:
40
# -- Default domain used by all components
41
## Used for ingresses, certificates, SSO, notifications, etc.
42
domain: argocd.example.com
43
# -- Runtime class name for all components
44
runtimeClassName: ""
45
# -- Common labels for the all resources
46
additionalLabels: {}
47
# app: argo-cd
48
49
# -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected.
50
revisionHistoryLimit: 3
51
# Default image used by all components
52
image:
53
# -- If defined, a repository applied to all Argo CD deployments
54
repository: cgr.dev/chainguard-private/argocd
55
# -- Overrides the global Argo CD image tag whose default is the chart appVersion
56
tag: latest@sha256:1b40f37b3e4c46bd17b7d1f05288782b21a4f3b8c7790f0f9ee534e70b387f55
57
# -- If defined, a imagePullPolicy applied to all Argo CD deployments
58
imagePullPolicy: IfNotPresent
59
# -- Secrets with credentials to pull images from a private registry
60
imagePullSecrets: []
61
# Default logging options used by all components
62
logging:
63
# -- Set the global logging format. Either: `text` or `json`
64
format: text
65
# -- Set the global logging level. One of: `debug`, `info`, `warn` or `error`
66
level: info
67
# -- Annotations for the all deployed Statefulsets
68
statefulsetAnnotations: {}
69
# -- Labels for the all deployed Statefulsets
70
statefulsetLabels: {}
71
# -- Annotations for the all deployed Deployments
72
deploymentAnnotations: {}
73
# -- Labels for the all deployed Deployments
74
deploymentLabels: {}
75
# -- Annotations for the all deployed pods
76
podAnnotations: {}
77
# -- Labels for the all deployed pods
78
podLabels: {}
79
# -- Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors.
80
addPrometheusAnnotations: false
81
# -- Toggle and define pod-level security context.
82
# @default -- `{}` (See [values.yaml])
83
securityContext: {}
84
# runAsUser: 999
85
# runAsGroup: 999
86
# fsGroup: 999
87
88
# -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files
89
hostAliases: []
90
# - ip: 10.20.30.40
91
# hostnames:
92
# - git.myhostname
93
94
# Configure dual-stack used by all component services
95
dualStack:
96
# -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services)
97
ipFamilyPolicy: ""
98
# -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6.
99
ipFamilies: []
100
# Default network policy rules used by all components
101
networkPolicy:
102
# -- Create NetworkPolicy objects for all components
103
create: false
104
# -- Default deny all ingress traffic
105
defaultDenyIngress: false
106
# -- Default priority class for all components
107
priorityClassName: ""
108
# -- Default node selector for all components
109
nodeSelector:
110
kubernetes.io/os: linux
111
# -- Default tolerations for all components
112
tolerations: []
113
# Default affinity preset for all components
114
affinity:
115
# -- Default pod anti-affinity rules. Either: `none`, `soft` or `hard`
116
podAntiAffinity: soft
117
# Node affinity rules
118
nodeAffinity:
119
# -- Default node affinity rules. Either: `none`, `soft` or `hard`
120
type: hard
121
# -- Default match expressions for node affinity
122
matchExpressions: []
123
# - key: topology.kubernetes.io/zone
124
# operator: In
125
# values:
126
# - antarctica-east1
127
# - antarctica-west1
128
# -- Default [TopologySpreadConstraints] rules for all components
129
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
130
## If labelSelector is left out, it will default to the labelSelector of the component
131
topologySpreadConstraints: []
132
# - maxSkew: 1
133
# topologyKey: topology.kubernetes.io/zone
134
# whenUnsatisfiable: DoNotSchedule
135
136
# -- Deployment strategy for the all deployed Deployments
137
deploymentStrategy: {}
138
# type: RollingUpdate
139
# rollingUpdate:
140
# maxSurge: 25%
141
# maxUnavailable: 25%
142
143
# -- Environment variables to pass to all deployed Deployments
144
env: []
145
# -- Extra volumes to add to all deployed Deployments and StatefulSets
146
extraVolumes: []
147
# Example of adding a custom CA bundle from a ConfigMap:
148
# - name: my-root-ca
149
# configMap:
150
# name: my-trustbundle
151
# items:
152
# - key: bundle.pem
153
# path: ca-certificates.crt
154
155
# -- Extra volume mounts to add to all deployed Deployments and StatefulSets
156
extraVolumeMounts: []
157
# Example of adding a custom CA bundle mount:
158
# - name: my-root-ca
159
# mountPath: /etc/ssl/certs
160
161
# -- Annotations for the all deployed Certificates
162
certificateAnnotations: {}
163
## Argo Configs
164
configs:
165
# General Argo CD configuration. Any values you put under `.configs.cm` are passed to argocd-cm ConfigMap.
166
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
167
cm:
168
# -- Create the argocd-cm configmap for [declarative setup]
169
create: true
170
# -- Annotations to be added to argocd-cm configmap
171
annotations: {}
172
# -- The name of tracking label used by Argo CD for resource pruning
173
application.instanceLabelKey: argocd.argoproj.io/instance
174
# -- Enable control of the service account used for the sync operation (alpha)
175
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/
176
application.sync.impersonation.enabled: false
177
# -- Enable exec feature in Argo UI
178
## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#exec-resource
179
exec.enabled: false
180
# -- Enable local admin user
181
## Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user
182
admin.enabled: true
183
# -- Timeout to discover if a new manifests version got published to the repository
184
timeout.reconciliation: 120s
185
# -- Maximum jitter added to the reconciliation timeout to spread out refreshes and reduce repo-server load
186
timeout.reconciliation.jitter: 60s
187
# -- Timeout to refresh application data as well as target manifests cache
188
timeout.hard.reconciliation: 0s
189
# -- Enable Status Badge
190
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/
191
statusbadge.enabled: false
192
# Dex configuration
193
# dex.config: |
194
# connectors:
195
# # GitHub example
196
# - type: github
197
# id: github
198
# name: GitHub
199
# config:
200
# clientID: aabbccddeeff00112233
201
# clientSecret: $dex.github.clientSecret # Alternatively $<some_K8S_secret>:dex.github.clientSecret
202
# orgs:
203
# - name: your-github-org
204
205
# OIDC configuration as an alternative to dex (optional).
206
# oidc.config: |
207
# name: AzureAD
208
# issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
209
# clientID: aaaabbbbccccddddeee
210
# clientSecret: $oidc.azuread.clientSecret
211
# # Optional: set to true to use Azure Workload Identity instead of clientSecret
212
# azure:
213
# useWorkloadIdentity: false
214
215
# Some OIDC providers require a separate clientID for different callback URLs.
216
# For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID
217
# for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will
218
# use the same clientID as the Argo CD server
219
# cliClientID: vvvvwwwwxxxxyyyyzzzz
220
221
# rootCA: |
222
# -----BEGIN CERTIFICATE-----
223
# ... encoded certificate data here ...
224
# -----END CERTIFICATE-----
225
226
# Optional list of allowed aud claims. If omitted or empty, defaults to the clientID value above (and the
227
# cliClientID, if that is also specified). If you specify a list and want the clientID to be allowed, you must
228
# explicitly include it in the list.
229
# Token verification will pass if any of the token's audiences matches any of the audiences in this list.
230
# allowedAudiences:
231
# - aaaabbbbccccddddeee
232
# - qqqqwwwweeeerrrrttt
233
234
# Optional set of OIDC claims to request on the ID token.
235
# requestedIDTokenClaims:
236
# groups:
237
# essential: true
238
239
# Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
240
# requestedScopes:
241
# - openid
242
# - profile
243
# - email
244
245
# PKCE authentication flow processes authorization flow from browser only - default false
246
# uses the clientID
247
# make sure the Identity Provider (IdP) is public and doesn't need clientSecret
248
# make sure the Identity Provider (IdP) has this redirect URI registered: https://argocd.example.com/pkce/verify
249
# enablePKCEAuthentication: true
250
251
# Extension Configuration
252
## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/
253
# extension.config: |
254
# extensions:
255
# - name: httpbin
256
# backend:
257
# connectionTimeout: 2s
258
# keepAlive: 15s
259
# idleConnectionTimeout: 60s
260
# maxIdleConnections: 30
261
# services:
262
# - url: http://httpbin.org
263
# headers:
264
# - name: some-header
265
# value: '$some.argocd.secret.key'
266
# cluster:
267
# name: some-cluster
268
# server: https://some-cluster
269
270
## Default configuration for ignoreResourceUpdates.
271
## The ignoreResourceUpdates list contains K8s resource's properties that are known to be frequently updated
272
## by controllers and operators. These resources, when watched by argo, will cause many unnecessary updates.
273
274
# -- Ignoring status for all resources. An update will still be sent if the status update causes the health to change.
275
# @default -- See [values.yaml]
276
resource.customizations.ignoreResourceUpdates.all: |
277
jsonPointers:
278
- /status
279
# -- Some Application fields are generated and not related to the application updates itself
280
## The Application itself is already watched by the controller lister, but this configuration is applied for apps of apps
281
# @default -- See [values.yaml]
282
resource.customizations.ignoreResourceUpdates.argoproj.io_Application: |
283
jqPathExpressions:
284
- '.metadata.annotations."notified.notifications.argoproj.io"'
285
- '.metadata.annotations."argocd.argoproj.io/refresh"'
286
- '.metadata.annotations."argocd.argoproj.io/hydrate"'
287
- '.operation'
288
# -- Ignore Argo Rollouts generated fields
289
# @default -- See [values.yaml]
290
resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: |
291
jqPathExpressions:
292
- '.metadata.annotations."notified.notifications.argoproj.io"'
293
# -- Legacy annotations used on HPA autoscaling/v1
294
# @default -- See [values.yaml]
295
resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: |
296
jqPathExpressions:
297
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"'
298
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"'
299
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"'
300
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"'
301
# -- Ignore the cluster-autoscaler status
302
# @default -- See [values.yaml]
303
resource.customizations.ignoreResourceUpdates.ConfigMap: |
304
jqPathExpressions:
305
# Ignore the cluster-autoscaler status
306
- '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'
307
# Ignore the annotation of the legacy Leases election
308
- '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"'
309
# -- Ignore the common scaling annotations
310
# @default -- See [values.yaml]
311
resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: |
312
jqPathExpressions:
313
- '.metadata.annotations."deployment.kubernetes.io/desired-replicas"'
314
- '.metadata.annotations."deployment.kubernetes.io/max-replicas"'
315
- '.metadata.annotations."rollout.argoproj.io/desired-replicas"'
316
# -- Ignores update if EndpointSlice is not excluded globally
317
# @default -- See [values.yaml]
318
resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: |
319
jsonPointers:
320
- /metadata
321
- /endpoints
322
- /ports
323
# -- Ignores update if Endpoints is not excluded globally
324
# @default -- See [values.yaml]
325
resource.customizations.ignoreResourceUpdates.Endpoints: |
326
jsonPointers:
327
- /metadata
328
- /subsets
329
## Default configuration for exclusions.
330
## The exclusion list are K8s resources that we assume will never be declared in Git,
331
## and are never child objects of managed resources that need to be presented in the resource tree.
332
## This list contains high volume and high churn metadata objects which we exclude for performance
333
## reasons, reducing connections and load to the K8s API servers of managed clusters.
334
335
# -- Resource Exclusion/Inclusion
336
# @default -- See [values.yaml]
337
resource.exclusions: |
338
### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter
339
- apiGroups:
340
- ''
341
- discovery.k8s.io
342
kinds:
343
- Endpoints
344
- EndpointSlice
345
### Internal Kubernetes resources excluded reduce the number of watched events
346
- apiGroups:
347
- coordination.k8s.io
348
kinds:
349
- Lease
350
### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events
351
- apiGroups:
352
- authentication.k8s.io
353
- authorization.k8s.io
354
kinds:
355
- SelfSubjectReview
356
- TokenReview
357
- LocalSubjectAccessReview
358
- SelfSubjectAccessReview
359
- SelfSubjectRulesReview
360
- SubjectAccessReview
361
### Intermediate Certificate Request excluded reduce the number of watched events
362
- apiGroups:
363
- certificates.k8s.io
364
kinds:
365
- CertificateSigningRequest
366
- apiGroups:
367
- cert-manager.io
368
kinds:
369
- CertificateRequest
370
### Cilium internal resources excluded reduce the number of watched events and UI Clutter
371
- apiGroups:
372
- cilium.io
373
kinds:
374
- CiliumIdentity
375
- CiliumEndpoint
376
- CiliumEndpointSlice
377
### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance
378
- apiGroups:
379
- kyverno.io
380
- reports.kyverno.io
381
- wgpolicyk8s.io
382
kinds:
383
- PolicyReport
384
- ClusterPolicyReport
385
- EphemeralReport
386
- ClusterEphemeralReport
387
- AdmissionReport
388
- ClusterAdmissionReport
389
- BackgroundScanReport
390
- ClusterBackgroundScanReport
391
- UpdateRequest
392
# Argo CD configuration parameters
393
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
394
params:
395
# -- Create the argocd-cmd-params-cm configmap
396
# If false, it is expected the configmap will be created by something else.
397
create: true
398
# -- Annotations to be added to the argocd-cmd-params-cm ConfigMap
399
annotations: {}
400
# You can customize parameters by adding parameters here.
401
# (e.g.)
402
# otlp.address: ''
403
# Argo CD RBAC policy configuration
404
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
405
rbac:
406
# -- Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions.
407
# If false, it is expected the configmap will be created by something else.
408
# Argo CD will not work if there is no configmap created with the name above.
409
create: true
410
# -- Annotations to be added to argocd-rbac-cm configmap
411
annotations: {}
412
# -- The name of the default role which Argo CD will falls back to, when authorizing API requests (optional).
413
# If omitted or empty, users may be still be able to login, but will see no apps, projects, etc...
414
policy.default: ""
415
# -- File containing user-defined policies and role definitions.
416
# @default -- `''` (See [values.yaml])
417
policy.csv: ""
418
# Policy rules are in the form:
419
# p, subject, resource, action, object, effect
420
# Role definitions and bindings are in the form:
421
# g, subject, inherited-subject
422
# policy.csv: |
423
# p, role:org-admin, applications, *, */*, allow
424
# p, role:org-admin, clusters, get, *, allow
425
# p, role:org-admin, repositories, *, *, allow
426
# p, role:org-admin, logs, get, *, allow
427
# p, role:org-admin, exec, create, */*, allow
428
# g, your-github-org:your-team, role:org-admin
429
430
# -- OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
431
# The scope value can be a string, or a list of strings.
432
scopes: "[groups]"
433
# -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher.
434
policy.matchMode: "glob"
435
# GnuPG public keys for commit verification
436
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
437
gpg:
438
# -- Annotations to be added to argocd-gpg-keys-cm configmap
439
annotations: {}
440
# -- [GnuPG] public keys to add to the keyring
441
# @default -- `{}` (See [values.yaml])
442
## Note: Public keys should be exported with `gpg --export --armor <KEY>`
443
keys: {}
444
# 4AEE18F83AFDEB23: |
445
# -----BEGIN PGP PUBLIC KEY BLOCK-----
446
# ...
447
# -----END PGP PUBLIC KEY BLOCK-----
448
# SSH known hosts for Git repositories
449
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys
450
ssh:
451
# -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm.
452
create: true
453
# -- Annotations to be added to argocd-ssh-known-hosts-cm configmap
454
annotations: {}
455
# -- Known hosts to be added to the known host list by default.
456
# @default -- See [values.yaml]
457
knownHosts: |
458
[ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
459
[ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
460
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
461
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
462
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
463
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
464
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
465
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
466
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
467
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
468
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
469
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
470
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
471
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
472
# -- Additional known hosts for private repositories
473
extraHosts: ""
474
# Repository TLS certificates
475
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca
476
tls:
477
# -- Annotations to be added to argocd-tls-certs-cm configmap
478
annotations: {}
479
# -- TLS certificates for Git repositories
480
# @default -- `{}` (See [values.yaml])
481
certificates: {}
482
# server.example.com: |
483
# -----BEGIN CERTIFICATE-----
484
# ...
485
# -----END CERTIFICATE-----
486
487
# -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm.
488
create: true
489
# ConfigMap for Config Management Plugins
490
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/
491
cmp:
492
# -- Create the argocd-cmp-cm configmap
493
create: false
494
# -- Annotations to be added to argocd-cmp-cm configmap
495
annotations: {}
496
# -- Plugin yaml files to be added to argocd-cmp-cm
497
plugins: {}
498
# --- First plugin
499
# my-plugin:
500
# init:
501
# command: [sh]
502
# args: [-c, 'echo "Initializing..."']
503
# generate:
504
# command: [sh, -c]
505
# args:
506
# - |
507
# echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
508
# discover:
509
# fileName: "./subdir/s*.yaml"
510
# find:
511
# glob: "**/Chart.yaml"
512
# command: [sh, -c, find . -name env.yaml]
513
# --- Second plugin
514
# my-plugin2:
515
# init:
516
# command: [sh]
517
# args: [-c, 'echo "Initializing..."']
518
# generate:
519
# command: [sh, -c]
520
# args:
521
# - |
522
# echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
523
# discover:
524
# fileName: "./subdir/s*.yaml"
525
# find:
526
# glob: "**/Chart.yaml"
527
# command: [sh, -c, find . -name env.yaml]
528
529
# -- Provide one or multiple [external cluster credentials]
530
# @default -- `{}` (See [values.yaml])
531
## Ref:
532
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
533
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials
534
## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters
535
clusterCredentials: {}
536
# mycluster:
537
# server: https://mycluster.example.com
538
# labels: {}
539
# annotations: {}
540
# config:
541
# bearerToken: "<authentication token>"
542
# tlsClientConfig:
543
# insecure: false
544
# caData: "<base64 encoded certificate>"
545
# mycluster2:
546
# server: https://mycluster2.example.com
547
# labels: {}
548
# annotations: {}
549
# namespaces: namespace1,namespace2
550
# clusterResources: true
551
# config:
552
# bearerToken: "<authentication token>"
553
# tlsClientConfig:
554
# insecure: false
555
# caData: "<base64 encoded certificate>"
556
# mycluster3-project-scoped:
557
# server: https://mycluster3.example.com
558
# labels: {}
559
# annotations: {}
560
# project: my-project1
561
# config:
562
# bearerToken: "<authentication token>"
563
# tlsClientConfig:
564
# insecure: false
565
# caData: "<base64 encoded certificate>"
566
# mycluster4-sharded:
567
# shard: 1
568
# server: https://mycluster4.example.com
569
# labels: {}
570
# annotations: {}
571
# config:
572
# bearerToken: "<authentication token>"
573
# tlsClientConfig:
574
# insecure: false
575
# caData: "<base64 encoded certificate>"
576
577
# -- Repository credentials to be used as Templates for other repos
578
## Creates a secret for each key/value specified below to create repository credentials
579
credentialTemplates: {}
580
# github-enterprise-creds-1:
581
# url: https://github.com/argoproj
582
# githubAppID: 1
583
# githubAppInstallationID: 2
584
# githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3
585
# githubAppPrivateKey: |
586
# -----BEGIN OPENSSH PRIVATE KEY-----
587
# ...
588
# -----END OPENSSH PRIVATE KEY-----
589
# https-creds:
590
# url: https://github.com/argoproj
591
# password: my-password
592
# username: my-username
593
# ssh-creds:
594
# url: git@github.com:argoproj-labs
595
# sshPrivateKey: |
596
# -----BEGIN OPENSSH PRIVATE KEY-----
597
# ...
598
# -----END OPENSSH PRIVATE KEY-----
599
600
# -- Annotations to be added to `configs.credentialTemplates` Secret
601
credentialTemplatesAnnotations: {}
602
# -- Repositories list to be used by applications
603
## Creates a secret for each key/value specified below to create repositories
604
## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates".
605
repositories: {}
606
# istio-helm-repo:
607
# url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
608
# name: istio.io
609
# type: helm
610
# private-helm-repo:
611
# url: https://my-private-chart-repo.internal
612
# name: private-repo
613
# type: helm
614
# password: my-password
615
# username: my-username
616
# private-repo:
617
# url: https://github.com/argoproj/private-repo
618
619
# -- Annotations to be added to `configs.repositories` Secret
620
repositoriesAnnotations: {}
621
# Argo CD sensitive data
622
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
623
secret:
624
# -- Create the argocd-secret
625
createSecret: true
626
# -- Labels to be added to argocd-secret
627
labels: {}
628
# -- Annotations to be added to argocd-secret
629
annotations: {}
630
# -- Shared secret for authenticating GitHub webhook events
631
githubSecret: ""
632
# -- Shared secret for authenticating GitLab webhook events
633
gitlabSecret: ""
634
# -- Shared secret for authenticating BitbucketServer webhook events
635
bitbucketServerSecret: ""
636
# -- UUID for authenticating Bitbucket webhook events
637
bitbucketUUID: ""
638
# -- Shared secret for authenticating Gogs webhook events
639
gogsSecret: ""
640
## Azure DevOps
641
azureDevops:
642
# -- Shared secret username for authenticating Azure DevOps webhook events
643
username: ""
644
# -- Shared secret password for authenticating Azure DevOps webhook events
645
password: ""
646
# -- add additional secrets to be added to argocd-secret
647
## Custom secrets. Useful for injecting SSO secrets into environment variables.
648
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
649
## Note that all values must be non-empty.
650
extra: {}
651
# LDAP_PASSWORD: "mypassword"
652
653
# -- Bcrypt hashed admin password
654
## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
655
## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
656
argocdServerAdminPassword: ""
657
# -- Admin password modification time. Eg. `"2006-01-02T15:04:05Z"`
658
# @default -- `""` (defaults to current time)
659
argocdServerAdminPasswordMtime: ""
660
# -- Define custom [CSS styles] for your argo instance.
661
# This setting will automatically mount the provided CSS and reference it in the argo configuration.
662
# @default -- `""` (See [values.yaml])
663
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
664
styles: ""
665
# styles: |
666
# .sidebar {
667
# background: linear-gradient(to bottom, #999, #777, #333, #222, #111);
668
# }
669
# -- Array of extra K8s manifests to deploy
670
## Note: Supports use of custom Helm templates
671
extraObjects: []
672
# - apiVersion: secrets-store.csi.x-k8s.io/v1
673
# kind: SecretProviderClass
674
# metadata:
675
# name: argocd-secrets-store
676
# spec:
677
# provider: aws
678
# parameters:
679
# objects: |
680
# - objectName: "argocd"
681
# objectType: "secretsmanager"
682
# jmesPath:
683
# - path: "client_id"
684
# objectAlias: "client_id"
685
# - path: "client_secret"
686
# objectAlias: "client_secret"
687
# secretObjects:
688
# - data:
689
# - key: client_id
690
# objectName: client_id
691
# - key: client_secret
692
# objectName: client_secret
693
# secretName: argocd-secrets-store
694
# type: Opaque
695
# labels:
696
# app.kubernetes.io/part-of: argocd
697
698
## Application controller
699
controller:
700
# -- Application controller name string
701
name: application-controller
702
# -- The number of application controller pods to run.
703
# Additional replicas will cause sharding of managed clusters across number of replicas.
704
## With dynamic cluster distribution turned on, sharding of the clusters will gracefully
705
## rebalance if the number of replica's changes or one becomes unhealthy. (alpha)
706
replicas: 1
707
# -- Enable dynamic cluster distribution (alpha)
708
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution
709
## This is done using a deployment instead of a statefulSet
710
## When replicas are added or removed, the sharding algorithm is re-run to ensure that the
711
## clusters are distributed according to the algorithm. If the algorithm is well-balanced,
712
## like round-robin, then the shards will be well-balanced.
713
dynamicClusterDistribution: false
714
# -- Runtime class name for the application controller
715
# @default -- `""` (defaults to global.runtimeClassName)
716
runtimeClassName: ""
717
# -- Application controller heartbeat time
718
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution
719
heartbeatTime: 10
720
# -- Maximum number of controller revisions that will be maintained in StatefulSet history
721
revisionHistoryLimit: 5
722
## Application controller Pod Disruption Budget
723
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
724
pdb:
725
# -- Deploy a [PodDisruptionBudget] for the application controller
726
enabled: false
727
# -- Labels to be added to application controller pdb
728
labels: {}
729
# -- Annotations to be added to application controller pdb
730
annotations: {}
731
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
732
# @default -- `""` (defaults to 0 if not specified)
733
minAvailable: ""
734
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
735
## Has higher precedence over `controller.pdb.minAvailable`
736
maxUnavailable: ""
737
## Application controller Vertical Pod Autoscaler
738
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
739
vpa:
740
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the application controller
741
enabled: false
742
# -- Labels to be added to application controller vpa
743
labels: {}
744
# -- Annotations to be added to application controller vpa
745
annotations: {}
746
# -- One of the VPA operation modes
747
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
748
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
749
updateMode: Initial
750
# -- Controls how VPA computes the recommended resources for application controller container
751
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
752
containerPolicy: {}
753
# controlledResources: ["cpu", "memory"]
754
# minAllowed:
755
# cpu: 250m
756
# memory: 256Mi
757
# maxAllowed:
758
# cpu: 1
759
# memory: 1Gi
760
## Application controller image
761
image:
762
# -- Repository to use for the application controller
763
# @default -- `""` (defaults to global.image.repository)
764
repository: ""
765
# -- Tag to use for the application controller
766
# @default -- `""` (defaults to global.image.tag)
767
tag: ""
768
# -- Image pull policy for the application controller
769
# @default -- `""` (defaults to global.image.imagePullPolicy)
770
imagePullPolicy: ""
771
# -- Secrets with credentials to pull images from a private registry
772
# @default -- `[]` (defaults to global.imagePullSecrets)
773
imagePullSecrets: []
774
# -- Additional command line arguments to pass to application controller
775
extraArgs: []
776
# -- Environment variables to pass to application controller
777
env: []
778
# -- envFrom to pass to application controller
779
# @default -- `[]` (See [values.yaml])
780
envFrom: []
781
# - configMapRef:
782
# name: config-map-name
783
# - secretRef:
784
# name: secret-name
785
786
# -- Additional containers to be added to the application controller pod
787
## Note: Supports use of custom Helm templates
788
extraContainers: []
789
# -- Init containers to add to the application controller pod
790
## If your target Kubernetes cluster(s) require a custom credential (exec) plugin
791
## you could use this (and the same in the server pod) to provide such executable
792
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
793
## Note: Supports use of custom Helm templates
794
initContainers: []
795
# - name: download-tools
796
# image: alpine:3
797
# command: [sh, -c]
798
# args:
799
# - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip &&
800
# mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip &&
801
# mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip
802
# volumeMounts:
803
# - mountPath: /custom-tools
804
# name: custom-tools
805
806
# -- Additional volumeMounts to the application controller main container
807
volumeMounts: []
808
# - mountPath: /usr/local/bin/kubelogin
809
# name: custom-tools
810
# subPath: kubelogin
811
812
# -- Additional volumes to the application controller pod
813
volumes: []
814
# - name: custom-tools
815
# emptyDir: {}
816
817
## Application controller emptyDir volumes
818
emptyDir:
819
# -- EmptyDir size limit for application controller
820
# @default -- `""` (defaults not set if not specified i.e. no size limit)
821
sizeLimit: ""
822
# sizeLimit: "1Gi"
823
# -- Annotations for the application controller StatefulSet
824
statefulsetAnnotations: {}
825
# -- Labels for the application controller StatefulSet
826
statefulsetLabels: {}
827
# -- Annotations for the application controller Deployment
828
deploymentAnnotations: {}
829
# -- Labels for the application controller Deployment
830
deploymentLabels: {}
831
# -- Annotations to be added to application controller pods
832
podAnnotations: {}
833
# -- Labels to be added to application controller pods
834
podLabels: {}
835
# -- Resource limits and requests for the application controller pods
836
resources: {}
837
# limits:
838
# cpu: 500m
839
# memory: 512Mi
840
# requests:
841
# cpu: 250m
842
# memory: 256Mi
843
844
# Application controller container ports
845
containerPorts:
846
# -- Metrics container port
847
metrics: 8082
848
# -- Host Network for application controller pods
849
hostNetwork: false
850
# -- [DNS configuration]
851
dnsConfig: {}
852
# -- Alternative DNS policy for application controller pods
853
dnsPolicy: "ClusterFirst"
854
# -- Application controller container-level security context
855
# @default -- See [values.yaml]
856
containerSecurityContext:
857
runAsNonRoot: true
858
readOnlyRootFilesystem: true
859
allowPrivilegeEscalation: false
860
seccompProfile:
861
type: RuntimeDefault
862
capabilities:
863
drop:
864
- ALL
865
# Readiness probe for application controller
866
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
867
readinessProbe:
868
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
869
failureThreshold: 3
870
# -- Number of seconds after the container has started before [probe] is initiated
871
initialDelaySeconds: 10
872
# -- How often (in seconds) to perform the [probe]
873
periodSeconds: 10
874
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
875
successThreshold: 1
876
# -- Number of seconds after which the [probe] times out
877
timeoutSeconds: 1
878
# -- terminationGracePeriodSeconds for container lifecycle hook
879
terminationGracePeriodSeconds: 30
880
# -- Priority class for the application controller pods
881
# @default -- `""` (defaults to global.priorityClassName)
882
priorityClassName: ""
883
# -- [Node selector]
884
# @default -- `{}` (defaults to global.nodeSelector)
885
nodeSelector: {}
886
# -- [Tolerations] for use with node taints
887
# @default -- `[]` (defaults to global.tolerations)
888
tolerations: []
889
# -- Assign custom [affinity] rules to the deployment
890
# @default -- `{}` (defaults to global.affinity preset)
891
affinity: {}
892
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
893
# @default -- `[]` (defaults to global.topologySpreadConstraints)
894
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
895
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
896
topologySpreadConstraints: []
897
# - maxSkew: 1
898
# topologyKey: topology.kubernetes.io/zone
899
# whenUnsatisfiable: DoNotSchedule
900
901
# -- Automount API credentials for the Service Account into the pod.
902
automountServiceAccountToken: true
903
serviceAccount:
904
# -- Create a service account for the application controller
905
create: true
906
# -- Service account name
907
name: argocd-application-controller
908
# -- Annotations applied to created service account
909
annotations: {}
910
# -- Labels applied to created service account
911
labels: {}
912
# -- Automount API credentials for the Service Account
913
automountServiceAccountToken: true
914
## Application controller metrics configuration
915
metrics:
916
# -- Deploy metrics service
917
enabled: false
918
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
919
scrapeTimeout: ""
920
applicationLabels:
921
# -- Enables additional labels in argocd_app_labels metric
922
enabled: false
923
# -- Additional labels
924
labels: []
925
service:
926
# -- Metrics service type
927
type: ClusterIP
928
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
929
clusterIP: ""
930
# -- Metrics service annotations
931
annotations: {}
932
# -- Metrics service labels
933
labels: {}
934
# -- Metrics service port
935
servicePort: 8082
936
# -- Metrics service port name
937
portName: http-metrics
938
serviceMonitor:
939
# -- Enable a prometheus ServiceMonitor
940
enabled: false
941
# -- Prometheus ServiceMonitor interval
942
interval: 30s
943
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
944
honorLabels: false
945
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
946
relabelings: []
947
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
948
metricRelabelings: []
949
# -- Prometheus ServiceMonitor selector
950
selector: {}
951
# prometheus: kube-prometheus
952
953
# -- Prometheus ServiceMonitor scheme
954
scheme: ""
955
# -- Prometheus ServiceMonitor tlsConfig
956
tlsConfig: {}
957
# -- Prometheus ServiceMonitor namespace
958
namespace: "" # "monitoring"
959
# -- Prometheus ServiceMonitor labels
960
additionalLabels: {}
961
# -- Prometheus ServiceMonitor annotations
962
annotations: {}
963
rules:
964
# -- Deploy a PrometheusRule for the application controller
965
enabled: false
966
# -- PrometheusRule namespace
967
namespace: "" # "monitoring"
968
# -- PrometheusRule selector
969
selector: {}
970
# prometheus: kube-prometheus
971
972
# -- PrometheusRule labels
973
additionalLabels: {}
974
# -- PrometheusRule annotations
975
annotations: {}
976
# -- PrometheusRule.Spec for the application controller
977
spec: []
978
# - alert: ArgoAppMissing
979
# expr: |
980
# absent(argocd_app_info) == 1
981
# for: 15m
982
# labels:
983
# severity: critical
984
# annotations:
985
# summary: "[Argo CD] No reported applications"
986
# description: >
987
# Argo CD has not reported any applications data for the past 15 minutes which
988
# means that it must be down or not functioning properly. This needs to be
989
# resolved for this cloud to continue to maintain state.
990
# - alert: ArgoAppNotSynced
991
# expr: |
992
# argocd_app_info{sync_status!="Synced"} == 1
993
# for: 12h
994
# labels:
995
# severity: warning
996
# annotations:
997
# summary: "[{{ $labels.name }}] Application not synchronized"
998
# description: >
999
# The application {{ $labels.name }} has not been synchronized for over
1000
# 12 hours which means that the state of this cloud has drifted away from the
1001
# state inside Git.
1002
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
1003
## Defaults to off
1004
clusterRoleRules:
1005
# -- Enable custom rules for the application controller's ClusterRole resource
1006
enabled: false
1007
# -- List of custom rules for the application controller's ClusterRole resource
1008
rules: []
1009
## Enable this and set the rules: to whatever custom rules you want for the Role resource.
1010
## Defaults to off
1011
# -- List of custom rules for the application controller's Role resource
1012
roleRules: []
1013
# Default application controller's network policy
1014
networkPolicy:
1015
# -- Default network policy rules used by application controller
1016
# @default -- `false` (defaults to global.networkPolicy.create)
1017
create: false
1018
## Dex
1019
dex:
1020
# -- Enable dex
1021
enabled: true
1022
# -- Dex name
1023
name: dex-server
1024
# -- Additional command line arguments to pass to the Dex server
1025
extraArgs: []
1026
# -- Runtime class name for Dex
1027
# @default -- `""` (defaults to global.runtimeClassName)
1028
runtimeClassName: ""
1029
metrics:
1030
# -- Deploy metrics service
1031
enabled: false
1032
service:
1033
# -- Metrics service annotations
1034
annotations: {}
1035
# -- Metrics service labels
1036
labels: {}
1037
# -- Metrics service port name
1038
portName: http-metrics
1039
serviceMonitor:
1040
# -- Enable a prometheus ServiceMonitor
1041
enabled: false
1042
# -- Prometheus ServiceMonitor interval
1043
interval: 30s
1044
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
1045
honorLabels: false
1046
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
1047
relabelings: []
1048
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
1049
metricRelabelings: []
1050
# -- Prometheus ServiceMonitor selector
1051
selector: {}
1052
# prometheus: kube-prometheus
1053
1054
# -- Prometheus ServiceMonitor scheme
1055
scheme: ""
1056
# -- Prometheus ServiceMonitor tlsConfig
1057
tlsConfig: {}
1058
# -- Prometheus ServiceMonitor namespace
1059
namespace: "" # "monitoring"
1060
# -- Prometheus ServiceMonitor labels
1061
additionalLabels: {}
1062
# -- Prometheus ServiceMonitor annotations
1063
annotations: {}
1064
## Dex Pod Disruption Budget
1065
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1066
pdb:
1067
# -- Deploy a [PodDisruptionBudget] for the Dex server
1068
enabled: false
1069
# -- Labels to be added to Dex server pdb
1070
labels: {}
1071
# -- Annotations to be added to Dex server pdb
1072
annotations: {}
1073
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
1074
# @default -- `""` (defaults to 0 if not specified)
1075
minAvailable: ""
1076
# -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
1077
## Has higher precedence over `dex.pdb.minAvailable`
1078
maxUnavailable: ""
1079
## Dex Vertical Pod Autoscaler
1080
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
1081
vpa:
1082
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Dex server
1083
enabled: false
1084
# -- Labels to be added to Dex server vpa
1085
labels: {}
1086
# -- Annotations to be added to Dex server vpa
1087
annotations: {}
1088
# -- One of the VPA operation modes
1089
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
1090
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
1091
updateMode: Initial
1092
# -- Controls how VPA computes the recommended resources for Dex server container
1093
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
1094
containerPolicy: {}
1095
# controlledResources: ["cpu", "memory"]
1096
# minAllowed:
1097
# cpu: 250m
1098
# memory: 256Mi
1099
# maxAllowed:
1100
# cpu: 1
1101
# memory: 1Gi
1102
## Dex image
1103
image:
1104
# -- Dex image repository
1105
repository: cgr.dev/chainguard-private/dex
1106
# -- Dex image tag
1107
tag: latest@sha256:9c172fd3c5ed9270cd9bf40a14b43e0fcd4d76bd362708efae93a107dfa06a6b
1108
# -- Dex imagePullPolicy
1109
# @default -- `""` (defaults to global.image.imagePullPolicy)
1110
imagePullPolicy: ""
1111
# -- Secrets with credentials to pull images from a private registry
1112
# @default -- `[]` (defaults to global.imagePullSecrets)
1113
imagePullSecrets: []
1114
# Argo CD init image that creates Dex config
1115
initImage:
1116
# -- Argo CD init image repository
1117
# @default -- `""` (defaults to global.image.repository)
1118
repository: ""
1119
# -- Argo CD init image tag
1120
# @default -- `""` (defaults to global.image.tag)
1121
tag: ""
1122
# -- Argo CD init image imagePullPolicy
1123
# @default -- `""` (defaults to global.image.imagePullPolicy)
1124
imagePullPolicy: ""
1125
# -- Argo CD init image resources
1126
# @default -- `{}` (defaults to dex.resources)
1127
resources: {}
1128
# requests:
1129
# cpu: 5m
1130
# memory: 96Mi
1131
# limits:
1132
# cpu: 10m
1133
# memory: 144Mi
1134
# -- Environment variables to pass to the Dex server
1135
env: []
1136
# -- envFrom to pass to the Dex server
1137
# @default -- `[]` (See [values.yaml])
1138
envFrom: []
1139
# - configMapRef:
1140
# name: config-map-name
1141
# - secretRef:
1142
# name: secret-name
1143
1144
# -- Additional containers to be added to the dex pod
1145
## Note: Supports use of custom Helm templates
1146
extraContainers: []
1147
# -- Init containers to add to the dex pod
1148
## Note: Supports use of custom Helm templates
1149
initContainers: []
1150
# -- Additional volumeMounts to the dex main container
1151
volumeMounts: []
1152
# -- Additional volumes to the dex pod
1153
volumes: []
1154
## Dex server emptyDir volumes
1155
emptyDir:
1156
# -- EmptyDir size limit for Dex server
1157
# @default -- `""` (defaults not set if not specified i.e. no size limit)
1158
sizeLimit: ""
1159
# sizeLimit: "1Gi"
1160
# TLS certificate configuration via Secret
1161
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server
1162
## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers.
1163
certificateSecret:
1164
# -- Create argocd-dex-server-tls secret
1165
enabled: false
1166
# -- Labels to be added to argocd-dex-server-tls secret
1167
labels: {}
1168
# -- Annotations to be added to argocd-dex-server-tls secret
1169
annotations: {}
1170
# -- Certificate authority. Required for self-signed certificates.
1171
ca: ""
1172
# -- Certificate private key
1173
key: ""
1174
# -- Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc)
1175
crt: ""
1176
# -- Annotations to be added to the Dex server Deployment
1177
deploymentAnnotations: {}
1178
# -- Labels for the Dex server Deployment
1179
deploymentLabels: {}
1180
# -- Annotations to be added to the Dex server pods
1181
podAnnotations: {}
1182
# -- Labels to be added to the Dex server pods
1183
podLabels: {}
1184
# -- Resource limits and requests for dex
1185
resources: {}
1186
# limits:
1187
# cpu: 50m
1188
# memory: 64Mi
1189
# requests:
1190
# cpu: 10m
1191
# memory: 32Mi
1192
1193
# Dex container ports
1194
# NOTE: These ports are currently hardcoded and cannot be changed
1195
containerPorts:
1196
# -- HTTP container port
1197
http: 5556
1198
# -- gRPC container port
1199
grpc: 5557
1200
# -- Metrics container port
1201
metrics: 5558
1202
# -- [DNS configuration]
1203
dnsConfig: {}
1204
# -- Alternative DNS policy for Dex server pods
1205
dnsPolicy: "ClusterFirst"
1206
# -- Dex container-level security context
1207
# @default -- See [values.yaml]
1208
containerSecurityContext:
1209
runAsNonRoot: true
1210
runAsUser: 1001
1211
readOnlyRootFilesystem: true
1212
allowPrivilegeEscalation: false
1213
seccompProfile:
1214
type: RuntimeDefault
1215
capabilities:
1216
drop:
1217
- ALL
1218
## Probes for Dex server
1219
## Supported from Dex >= 2.28.0
1220
livenessProbe:
1221
# -- Enable Kubernetes liveness probe for Dex >= 2.28.0
1222
enabled: false
1223
# -- Http path to use for the liveness probe
1224
httpPath: /healthz/live
1225
# -- Http port to use for the liveness probe
1226
httpPort: metrics
1227
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
1228
httpScheme: HTTP
1229
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1230
failureThreshold: 3
1231
# -- Number of seconds after the container has started before [probe] is initiated
1232
initialDelaySeconds: 10
1233
# -- How often (in seconds) to perform the [probe]
1234
periodSeconds: 10
1235
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1236
successThreshold: 1
1237
# -- Number of seconds after which the [probe] times out
1238
timeoutSeconds: 1
1239
readinessProbe:
1240
# -- Enable Kubernetes readiness probe for Dex >= 2.28.0
1241
enabled: false
1242
# -- Http path to use for the readiness probe
1243
httpPath: /healthz/ready
1244
# -- Http port to use for the readiness probe
1245
httpPort: metrics
1246
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
1247
httpScheme: HTTP
1248
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1249
failureThreshold: 3
1250
# -- Number of seconds after the container has started before [probe] is initiated
1251
initialDelaySeconds: 10
1252
# -- How often (in seconds) to perform the [probe]
1253
periodSeconds: 10
1254
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1255
successThreshold: 1
1256
# -- Number of seconds after which the [probe] times out
1257
timeoutSeconds: 1
1258
# -- terminationGracePeriodSeconds for container lifecycle hook
1259
terminationGracePeriodSeconds: 30
1260
# -- Automount API credentials for the Service Account into the pod.
1261
automountServiceAccountToken: true
1262
serviceAccount:
1263
# -- Create dex service account
1264
create: true
1265
# -- Dex service account name
1266
name: argocd-dex-server
1267
# -- Annotations applied to created service account
1268
annotations: {}
1269
# -- Automount API credentials for the Service Account
1270
automountServiceAccountToken: true
1271
# -- Service port for HTTP access
1272
servicePortHttp: 5556
1273
# -- Service port name for HTTP access
1274
servicePortHttpName: http
1275
# -- Service port for gRPC access
1276
servicePortGrpc: 5557
1277
# -- Service port name for gRPC access
1278
servicePortGrpcName: grpc
1279
# -- Service port for metrics access
1280
servicePortMetrics: 5558
1281
# -- Priority class for the dex pods
1282
# @default -- `""` (defaults to global.priorityClassName)
1283
priorityClassName: ""
1284
# -- [Node selector]
1285
# @default -- `{}` (defaults to global.nodeSelector)
1286
nodeSelector: {}
1287
# -- [Tolerations] for use with node taints
1288
# @default -- `[]` (defaults to global.tolerations)
1289
tolerations: []
1290
# -- Assign custom [affinity] rules to the deployment
1291
# @default -- `{}` (defaults to global.affinity preset)
1292
affinity: {}
1293
# -- Assign custom [TopologySpreadConstraints] rules to dex
1294
# @default -- `[]` (defaults to global.topologySpreadConstraints)
1295
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
1296
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
1297
topologySpreadConstraints: []
1298
# - maxSkew: 1
1299
# topologyKey: topology.kubernetes.io/zone
1300
# whenUnsatisfiable: DoNotSchedule
1301
1302
# -- Deployment strategy to be added to the Dex server Deployment
1303
deploymentStrategy: {}
1304
# type: RollingUpdate
1305
# rollingUpdate:
1306
# maxSurge: 25%
1307
# maxUnavailable: 25%
1308
1309
# Default Dex server's network policy
1310
networkPolicy:
1311
# -- Default network policy rules used by Dex server
1312
# @default -- `false` (defaults to global.networkPolicy.create)
1313
create: false
1314
# DEPRECATED - Use configs.params to override
1315
# -- Dex log format. Either `text` or `json`
1316
# @default -- `""` (defaults to global.logging.format)
1317
# logFormat: ""
1318
# -- Dex log level. One of: `debug`, `info`, `warn`, `error`
1319
# @default -- `""` (defaults to global.logging.level)
1320
# logLevel: ""
1321
## Redis
1322
redis:
1323
# -- Enable redis
1324
enabled: true
1325
# -- Redis name
1326
name: redis
1327
# -- Runtime class name for redis
1328
# @default -- `""` (defaults to global.runtimeClassName)
1329
runtimeClassName: ""
1330
## Redis Pod Disruption Budget
1331
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1332
pdb:
1333
# -- Deploy a [PodDisruptionBudget] for the Redis
1334
enabled: false
1335
# -- Labels to be added to Redis pdb
1336
labels: {}
1337
# -- Annotations to be added to Redis pdb
1338
annotations: {}
1339
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
1340
# @default -- `""` (defaults to 0 if not specified)
1341
minAvailable: ""
1342
# -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
1343
## Has higher precedence over `redis.pdb.minAvailable`
1344
maxUnavailable: ""
1345
## Redis Vertical Pod Autoscaler
1346
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
1347
vpa:
1348
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Redis
1349
enabled: false
1350
# -- Labels to be added to Redis vpa
1351
labels: {}
1352
# -- Annotations to be added to Redis vpa
1353
annotations: {}
1354
# -- One of the VPA operation modes
1355
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
1356
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
1357
updateMode: Initial
1358
# -- Controls how VPA computes the recommended resources for Redis container
1359
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
1360
containerPolicy: {}
1361
# controlledResources: ["cpu", "memory"]
1362
# minAllowed:
1363
# cpu: 250m
1364
# memory: 256Mi
1365
# maxAllowed:
1366
# cpu: 1
1367
# memory: 1Gi
1368
## Redis image
1369
image:
1370
# -- Redis repository
1371
repository: cgr.dev/chainguard-private/redis
1372
# -- Redis tag
1373
## Do not use 7.4.0 <= v < 8.0.0, otherwise you are no longer using an open source version of Redis
1374
tag: latest@sha256:918d7c855dd24cefdac9f7552b8855a7a33f269ab19143e81e6bd5948632cc96
1375
# -- Redis image pull policy
1376
# @default -- `""` (defaults to global.image.imagePullPolicy)
1377
imagePullPolicy: ""
1378
## Prometheus redis-exporter sidecar
1379
exporter:
1380
# -- Enable Prometheus redis-exporter sidecar
1381
enabled: false
1382
# -- Environment variables to pass to the Redis exporter
1383
env: []
1384
## Prometheus redis-exporter image
1385
image:
1386
# -- Repository to use for the redis-exporter
1387
repository: cgr.dev/chainguard-private/prometheus-redis-exporter
1388
# -- Tag to use for the redis-exporter
1389
tag: latest@sha256:a728f1ed4fb5a901ea79dbc564f0e7e71c00bc80d9f3f5e0b170852b83ce49c0
1390
# -- Image pull policy for the redis-exporter
1391
# @default -- `""` (defaults to global.image.imagePullPolicy)
1392
imagePullPolicy: ""
1393
# -- Redis exporter security context
1394
# @default -- See [values.yaml]
1395
containerSecurityContext:
1396
runAsNonRoot: true
1397
readOnlyRootFilesystem: true
1398
allowPrivilegeEscalation: false
1399
seccompProfile:
1400
type: RuntimeDefault
1401
capabilities:
1402
drop:
1403
- ALL
1404
## Probes for Redis exporter (optional)
1405
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
1406
readinessProbe:
1407
# -- Enable Kubernetes liveness probe for Redis exporter (optional)
1408
enabled: false
1409
# -- Number of seconds after the container has started before [probe] is initiated
1410
initialDelaySeconds: 30
1411
# -- How often (in seconds) to perform the [probe]
1412
periodSeconds: 15
1413
# -- Number of seconds after which the [probe] times out
1414
timeoutSeconds: 15
1415
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1416
successThreshold: 1
1417
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1418
failureThreshold: 5
1419
livenessProbe:
1420
# -- Enable Kubernetes liveness probe for Redis exporter
1421
enabled: false
1422
# -- Number of seconds after the container has started before [probe] is initiated
1423
initialDelaySeconds: 30
1424
# -- How often (in seconds) to perform the [probe]
1425
periodSeconds: 15
1426
# -- Number of seconds after which the [probe] times out
1427
timeoutSeconds: 15
1428
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1429
successThreshold: 1
1430
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1431
failureThreshold: 5
1432
# -- Resource limits and requests for redis-exporter sidecar
1433
resources: {}
1434
# limits:
1435
# cpu: 50m
1436
# memory: 64Mi
1437
# requests:
1438
# cpu: 10m
1439
# memory: 32Mi
1440
# -- Secrets with credentials to pull images from a private registry
1441
# @default -- `[]` (defaults to global.imagePullSecrets)
1442
imagePullSecrets: []
1443
# -- Additional command line arguments to pass to redis-server
1444
extraArgs: []
1445
# - --bind
1446
# - "0.0.0.0"
1447
1448
# -- Environment variables to pass to the Redis server
1449
env: []
1450
# -- envFrom to pass to the Redis server
1451
# @default -- `[]` (See [values.yaml])
1452
envFrom: []
1453
# - configMapRef:
1454
# name: config-map-name
1455
# - secretRef:
1456
# name: secret-name
1457
1458
## Probes for Redis server (optional)
1459
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
1460
readinessProbe:
1461
# -- Enable Kubernetes liveness probe for Redis server
1462
enabled: false
1463
# -- Number of seconds after the container has started before [probe] is initiated
1464
initialDelaySeconds: 30
1465
# -- How often (in seconds) to perform the [probe]
1466
periodSeconds: 15
1467
# -- Number of seconds after which the [probe] times out
1468
timeoutSeconds: 15
1469
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1470
successThreshold: 1
1471
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1472
failureThreshold: 5
1473
livenessProbe:
1474
# -- Enable Kubernetes liveness probe for Redis server
1475
enabled: false
1476
# -- Number of seconds after the container has started before [probe] is initiated
1477
initialDelaySeconds: 30
1478
# -- How often (in seconds) to perform the [probe]
1479
periodSeconds: 15
1480
# -- Number of seconds after which the [probe] times out
1481
timeoutSeconds: 15
1482
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1483
successThreshold: 1
1484
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1485
failureThreshold: 5
1486
# -- Additional containers to be added to the redis pod
1487
## Note: Supports use of custom Helm templates
1488
extraContainers: []
1489
# -- Init containers to add to the redis pod
1490
## Note: Supports use of custom Helm templates
1491
initContainers: []
1492
# -- Additional volumeMounts to the redis container
1493
volumeMounts: []
1494
# -- Additional volumes to the redis pod
1495
volumes: []
1496
# -- Annotations to be added to the Redis server Deployment
1497
deploymentAnnotations: {}
1498
# -- Labels for the Redis server Deployment
1499
deploymentLabels: {}
1500
# -- Annotations to be added to the Redis server pods
1501
podAnnotations: {}
1502
# -- Labels to be added to the Redis server pods
1503
podLabels: {}
1504
# -- Resource limits and requests for redis
1505
resources: {}
1506
# limits:
1507
# cpu: 200m
1508
# memory: 128Mi
1509
# requests:
1510
# cpu: 100m
1511
# memory: 64Mi
1512
1513
# -- Redis pod-level security context
1514
# @default -- See [values.yaml]
1515
securityContext:
1516
runAsNonRoot: true
1517
runAsUser: 999
1518
seccompProfile:
1519
type: RuntimeDefault
1520
# Redis container ports
1521
containerPorts:
1522
# -- Redis container port
1523
redis: 6379
1524
# -- Metrics container port
1525
metrics: 9121
1526
# -- [DNS configuration]
1527
dnsConfig: {}
1528
# -- Alternative DNS policy for Redis server pods
1529
dnsPolicy: "ClusterFirst"
1530
# -- Redis container-level security context
1531
# @default -- See [values.yaml]
1532
containerSecurityContext:
1533
readOnlyRootFilesystem: true
1534
allowPrivilegeEscalation: false
1535
capabilities:
1536
drop:
1537
- ALL
1538
# -- Redis service port
1539
servicePort: 6379
1540
# -- Priority class for redis pods
1541
# @default -- `""` (defaults to global.priorityClassName)
1542
priorityClassName: ""
1543
# -- [Node selector]
1544
# @default -- `{}` (defaults to global.nodeSelector)
1545
nodeSelector: {}
1546
# -- [Tolerations] for use with node taints
1547
# @default -- `[]` (defaults to global.tolerations)
1548
tolerations: []
1549
# -- Assign custom [affinity] rules to the deployment
1550
# @default -- `{}` (defaults to global.affinity preset)
1551
affinity: {}
1552
# -- Assign custom [TopologySpreadConstraints] rules to redis
1553
# @default -- `[]` (defaults to global.topologySpreadConstraints)
1554
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
1555
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
1556
topologySpreadConstraints: []
1557
# - maxSkew: 1
1558
# topologyKey: topology.kubernetes.io/zone
1559
# whenUnsatisfiable: DoNotSchedule
1560
1561
# -- terminationGracePeriodSeconds for container lifecycle hook
1562
terminationGracePeriodSeconds: 30
1563
# -- Automount API credentials for the Service Account into the pod.
1564
automountServiceAccountToken: true
1565
serviceAccount:
1566
# -- Create a service account for the redis pod
1567
create: false
1568
# -- Service account name for redis pod
1569
name: ""
1570
# -- Annotations applied to created service account
1571
annotations: {}
1572
# -- Automount API credentials for the Service Account
1573
automountServiceAccountToken: false
1574
service:
1575
# -- Redis service annotations
1576
annotations: {}
1577
# -- Additional redis service labels
1578
labels: {}
1579
metrics:
1580
# -- Deploy metrics service
1581
enabled: false
1582
# Redis metrics service configuration
1583
service:
1584
# -- Metrics service type
1585
type: ClusterIP
1586
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
1587
clusterIP: None
1588
# -- Metrics service annotations
1589
annotations: {}
1590
# -- Metrics service labels
1591
labels: {}
1592
# -- Metrics service port
1593
servicePort: 9121
1594
# -- Metrics service port name
1595
portName: http-metrics
1596
serviceMonitor:
1597
# -- Enable a prometheus ServiceMonitor
1598
enabled: false
1599
# -- Interval at which metrics should be scraped
1600
interval: 30s
1601
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
1602
honorLabels: false
1603
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
1604
relabelings: []
1605
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
1606
metricRelabelings: []
1607
# -- Prometheus ServiceMonitor selector
1608
selector: {}
1609
# prometheus: kube-prometheus
1610
1611
# -- Prometheus ServiceMonitor scheme
1612
scheme: ""
1613
# -- Prometheus ServiceMonitor tlsConfig
1614
tlsConfig: {}
1615
# -- Prometheus ServiceMonitor namespace
1616
namespace: "" # "monitoring"
1617
# -- Prometheus ServiceMonitor labels
1618
additionalLabels: {}
1619
# -- Prometheus ServiceMonitor annotations
1620
annotations: {}
1621
# Default redis's network policy
1622
networkPolicy:
1623
# -- Default network policy rules used by redis
1624
# @default -- `false` (defaults to global.networkPolicy.create)
1625
create: false
1626
## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true`
1627
# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml
1628
redis-ha:
1629
# -- Enables the Redis HA subchart and disables the custom Redis single node deployment
1630
enabled: false
1631
## Redis image
1632
image:
1633
# -- Redis repository
1634
repository: ecr-public.aws.com/docker/library/redis
1635
# -- Redis tag
1636
## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis
1637
tag: 8.2.3-alpine
1638
## Prometheus redis-exporter sidecar
1639
exporter:
1640
# -- Enable Prometheus redis-exporter sidecar
1641
enabled: false
1642
# -- Repository to use for the redis-exporter
1643
image: ghcr.io/oliver006/redis_exporter
1644
# -- Tag to use for the redis-exporter
1645
tag: v1.75.0
1646
persistentVolume:
1647
# -- Configures persistence on Redis nodes
1648
enabled: false
1649
## Redis specific configuration options
1650
redis:
1651
# -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated
1652
masterGroupName: argocd
1653
# -- Any valid redis config options in this section will be applied to each server (see `redis-ha` chart)
1654
# @default -- See [values.yaml]
1655
config:
1656
# -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled
1657
# @default -- `'""'`
1658
save: '""'
1659
## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
1660
haproxy:
1661
# -- Enabled HAProxy LoadBalancing/Proxy
1662
enabled: true
1663
# -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI.
1664
labels:
1665
app.kubernetes.io/name: argocd-redis-ha-haproxy
1666
image:
1667
# -- HAProxy Image Repository
1668
repository: ecr-public.aws.com/docker/library/haproxy
1669
metrics:
1670
# -- HAProxy enable prometheus metric scraping
1671
enabled: true
1672
# -- Whether the haproxy pods should be forced to run on separate nodes.
1673
hardAntiAffinity: true
1674
# -- Additional affinities to add to the haproxy pods.
1675
additionalAffinities: {}
1676
# -- Assign custom [affinity] rules to the haproxy pods.
1677
affinity: ""
1678
# -- [Tolerations] for use with node taints for haproxy pods.
1679
tolerations: []
1680
# -- HAProxy container-level security context
1681
# @default -- See [values.yaml]
1682
containerSecurityContext:
1683
readOnlyRootFilesystem: true
1684
# -- Configures redis-ha with AUTH
1685
auth: true
1686
# -- Existing Secret to use for redis-ha authentication.
1687
# By default the redis-secret-init Job is generating this Secret.
1688
existingSecret: argocd-redis
1689
# -- Whether the Redis server pods should be forced to run on separate nodes.
1690
hardAntiAffinity: true
1691
# -- Additional affinities to add to the Redis server pods.
1692
additionalAffinities: {}
1693
# -- Assign custom [affinity] rules to the Redis pods.
1694
affinity: ""
1695
# -- [Tolerations] for use with node taints for Redis pods.
1696
tolerations: []
1697
# -- Assign custom [TopologySpreadConstraints] rules to the Redis pods.
1698
## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
1699
topologySpreadConstraints:
1700
# -- Enable Redis HA topology spread constraints
1701
enabled: false
1702
# -- Max skew of pods tolerated
1703
# @default -- `""` (defaults to `1`)
1704
maxSkew: ""
1705
# -- Topology key for spread
1706
# @default -- `""` (defaults to `topology.kubernetes.io/zone`)
1707
topologyKey: ""
1708
# -- Enforcement policy, hard or soft
1709
# @default -- `""` (defaults to `ScheduleAnyway`)
1710
whenUnsatisfiable: ""
1711
# -- Redis HA statefulset container-level security context
1712
# @default -- See [values.yaml]
1713
containerSecurityContext:
1714
readOnlyRootFilesystem: true
1715
# External Redis parameters
1716
externalRedis:
1717
# -- External Redis server host
1718
host: ""
1719
# -- External Redis username
1720
username: ""
1721
# -- External Redis password
1722
password: ""
1723
# -- External Redis server port
1724
port: 6379
1725
# -- The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials.
1726
# When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored
1727
existingSecret: ""
1728
# -- External Redis Secret annotations
1729
secretAnnotations: {}
1730
redisSecretInit:
1731
# -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods
1732
enabled: true
1733
# -- Redis secret-init name
1734
name: redis-secret-init
1735
image:
1736
# -- Repository to use for the Redis secret-init Job
1737
# @default -- `""` (defaults to global.image.repository)
1738
repository: "" # defaults to global.image.repository
1739
# -- Tag to use for the Redis secret-init Job
1740
# @default -- `""` (defaults to global.image.tag)
1741
tag: "" # defaults to global.image.tag
1742
# -- Image pull policy for the Redis secret-init Job
1743
# @default -- `""` (defaults to global.image.imagePullPolicy)
1744
imagePullPolicy: "" # IfNotPresent
1745
# -- Additional command line arguments for the Redis secret-init Job
1746
extraArgs: []
1747
# -- Secrets with credentials to pull images from a private registry
1748
# @default -- `[]` (defaults to global.imagePullSecrets)
1749
imagePullSecrets: []
1750
# -- Runtime class name for the Redis secret-init Job
1751
# @default -- `""` (defaults to global.runtimeClassName)
1752
runtimeClassName: ""
1753
# -- Annotations to be added to the Redis secret-init Job
1754
jobAnnotations: {}
1755
# -- Annotations to be added to the Redis secret-init Job
1756
podAnnotations: {}
1757
# -- Labels to be added to the Redis secret-init Job
1758
podLabels: {}
1759
# -- Resource limits and requests for Redis secret-init Job
1760
resources: {}
1761
# limits:
1762
# cpu: 200m
1763
# memory: 128Mi
1764
# requests:
1765
# cpu: 100m
1766
# memory: 64Mi
1767
1768
# -- Application controller container-level security context
1769
# @default -- See [values.yaml]
1770
containerSecurityContext:
1771
allowPrivilegeEscalation: false
1772
capabilities:
1773
drop:
1774
- ALL
1775
readOnlyRootFilesystem: true
1776
runAsNonRoot: true
1777
seccompProfile:
1778
type: RuntimeDefault
1779
# -- Redis secret-init Job pod-level security context
1780
securityContext: {}
1781
serviceAccount:
1782
# -- Create a service account for the redis pod
1783
create: true
1784
# -- Service account name for redis pod
1785
name: ""
1786
# -- Annotations applied to created service account
1787
annotations: {}
1788
# -- Automount API credentials for the Service Account
1789
automountServiceAccountToken: true
1790
# -- Priority class for Redis secret-init Job
1791
# @default -- `""` (defaults to global.priorityClassName)
1792
priorityClassName: ""
1793
# -- Assign custom [affinity] rules to the Redis secret-init Job
1794
affinity: {}
1795
# -- Node selector to be added to the Redis secret-init Job
1796
# @default -- `{}` (defaults to global.nodeSelector)
1797
nodeSelector: {}
1798
# -- Tolerations to be added to the Redis secret-init Job
1799
# @default -- `[]` (defaults to global.tolerations)
1800
tolerations: []
1801
## Server
1802
server:
1803
# -- Argo CD server name
1804
name: server
1805
# -- The number of server pods to run
1806
replicas: 1
1807
# -- Runtime class name for the Argo CD server
1808
# @default -- `""` (defaults to global.runtimeClassName)
1809
runtimeClassName: ""
1810
## Argo CD server Horizontal Pod Autoscaler
1811
autoscaling:
1812
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server
1813
enabled: false
1814
# -- Minimum number of replicas for the Argo CD server [HPA]
1815
minReplicas: 1
1816
# -- Maximum number of replicas for the Argo CD server [HPA]
1817
maxReplicas: 5
1818
# -- Average CPU utilization percentage for the Argo CD server [HPA]
1819
targetCPUUtilizationPercentage: 50
1820
# -- Average memory utilization percentage for the Argo CD server [HPA]
1821
targetMemoryUtilizationPercentage: 50
1822
# -- Configures the scaling behavior of the target in both Up and Down directions.
1823
behavior: {}
1824
# scaleDown:
1825
# stabilizationWindowSeconds: 300
1826
# policies:
1827
# - type: Pods
1828
# value: 1
1829
# periodSeconds: 180
1830
# scaleUp:
1831
# stabilizationWindowSeconds: 300
1832
# policies:
1833
# - type: Pods
1834
# value: 2
1835
# periodSeconds: 60
1836
# -- Configures custom HPA metrics for the Argo CD server
1837
# Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
1838
metrics: []
1839
## Argo CD server Pod Disruption Budget
1840
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1841
pdb:
1842
# -- Deploy a [PodDisruptionBudget] for the Argo CD server
1843
enabled: false
1844
# -- Labels to be added to Argo CD server pdb
1845
labels: {}
1846
# -- Annotations to be added to Argo CD server pdb
1847
annotations: {}
1848
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
1849
# @default -- `""` (defaults to 0 if not specified)
1850
minAvailable: ""
1851
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
1852
## Has higher precedence over `server.pdb.minAvailable`
1853
maxUnavailable: ""
1854
## Argo CD server Vertical Pod Autoscaler
1855
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
1856
vpa:
1857
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Argo CD server
1858
enabled: false
1859
# -- Labels to be added to Argo CD server vpa
1860
labels: {}
1861
# -- Annotations to be added to Argo CD server vpa
1862
annotations: {}
1863
# -- One of the VPA operation modes
1864
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
1865
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
1866
updateMode: Initial
1867
# -- Controls how VPA computes the recommended resources for Argo CD server container
1868
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
1869
containerPolicy: {}
1870
# controlledResources: ["cpu", "memory"]
1871
# minAllowed:
1872
# cpu: 250m
1873
# memory: 256Mi
1874
# maxAllowed:
1875
# cpu: 1
1876
# memory: 1Gi
1877
## Argo CD server image
1878
image:
1879
# -- Repository to use for the Argo CD server
1880
# @default -- `""` (defaults to global.image.repository)
1881
repository: "" # defaults to global.image.repository
1882
# -- Tag to use for the Argo CD server
1883
# @default -- `""` (defaults to global.image.tag)
1884
tag: "" # defaults to global.image.tag
1885
# -- Image pull policy for the Argo CD server
1886
# @default -- `""` (defaults to global.image.imagePullPolicy)
1887
imagePullPolicy: "" # IfNotPresent
1888
# -- Secrets with credentials to pull images from a private registry
1889
# @default -- `[]` (defaults to global.imagePullSecrets)
1890
imagePullSecrets: []
1891
# -- Additional command line arguments to pass to Argo CD server
1892
extraArgs: []
1893
# -- Environment variables to pass to Argo CD server
1894
env: []
1895
# -- envFrom to pass to Argo CD server
1896
# @default -- `[]` (See [values.yaml])
1897
envFrom: []
1898
# - configMapRef:
1899
# name: config-map-name
1900
# - secretRef:
1901
# name: secret-name
1902
1903
# -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container
1904
lifecycle: {}
1905
## Argo CD extensions
1906
## This function in tech preview stage, do expect instability or breaking changes in newer versions.
1907
## Ref: https://github.com/argoproj-labs/argocd-extension-installer
1908
## When you enable extensions, you need to configure RBAC of logged in Argo CD user.
1909
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource
1910
extensions:
1911
# -- Enable support for Argo CD extensions
1912
enabled: false
1913
## Argo CD extension installer image
1914
image:
1915
# -- Repository to use for extension installer image
1916
repository: cgr.dev/chainguard-private/argocd-extension-installer
1917
# -- Tag to use for extension installer image
1918
tag: latest@sha256:4be89c60758e92d9a3e6b94e0bdb716c0f24ecc6329fe71539454b66e61ca623
1919
# -- Image pull policy for extensions
1920
# @default -- `""` (defaults to global.image.imagePullPolicy)
1921
imagePullPolicy: ""
1922
# -- Extensions for Argo CD
1923
# @default -- `[]` (See [values.yaml])
1924
## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension
1925
extensionList: []
1926
# - name: extension-metrics
1927
# env:
1928
# - name: EXTENSION_URL
1929
# value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
1930
# - name: EXTENSION_CHECKSUM_URL
1931
# value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt
1932
1933
# -- Server UI extensions container-level security context
1934
# @default -- See [values.yaml]
1935
containerSecurityContext:
1936
runAsNonRoot: true
1937
readOnlyRootFilesystem: true
1938
allowPrivilegeEscalation: false
1939
runAsUser: 1000
1940
seccompProfile:
1941
type: RuntimeDefault
1942
capabilities:
1943
drop:
1944
- ALL
1945
# -- Resource limits and requests for the argocd-extensions container
1946
resources: {}
1947
# limits:
1948
# cpu: 50m
1949
# memory: 128Mi
1950
# requests:
1951
# cpu: 10m
1952
# memory: 64Mi
1953
# -- Additional containers to be added to the server pod
1954
## Note: Supports use of custom Helm templates
1955
extraContainers: []
1956
# - name: my-sidecar
1957
# image: nginx:latest
1958
# - name: lemonldap-ng-controller
1959
# image: lemonldapng/lemonldap-ng-controller:0.2.0
1960
# args:
1961
# - /lemonldap-ng-controller
1962
# - --alsologtostderr
1963
# - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
1964
# env:
1965
# - name: POD_NAME
1966
# valueFrom:
1967
# fieldRef:
1968
# fieldPath: metadata.name
1969
# - name: POD_NAMESPACE
1970
# valueFrom:
1971
# fieldRef:
1972
# fieldPath: metadata.namespace
1973
# volumeMounts:
1974
# - name: copy-portal-skins
1975
# mountPath: /srv/var/lib/lemonldap-ng/portal/skins
1976
1977
# -- Init containers to add to the server pod
1978
## If your target Kubernetes cluster(s) require a custom credential (exec) plugin
1979
## you could use this (and the same in the application controller pod) to provide such executable
1980
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
1981
initContainers: []
1982
# - name: download-tools
1983
# image: alpine:3
1984
# command: [sh, -c]
1985
# args:
1986
# - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip &&
1987
# mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip &&
1988
# mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip
1989
# volumeMounts:
1990
# - mountPath: /custom-tools
1991
# name: custom-tools
1992
1993
# -- Additional volumeMounts to the server main container
1994
volumeMounts: []
1995
# - mountPath: /usr/local/bin/kubelogin
1996
# name: custom-tools
1997
# subPath: kubelogin
1998
1999
# -- Additional volumes to the server pod
2000
volumes: []
2001
# - name: custom-tools
2002
# emptyDir: {}
2003
2004
## Argo CD server emptyDir volumes
2005
emptyDir:
2006
# -- EmptyDir size limit for the Argo CD server
2007
# @default -- `""` (defaults not set if not specified i.e. no size limit)
2008
sizeLimit: ""
2009
# sizeLimit: "1Gi"
2010
# -- Annotations to be added to server Deployment
2011
deploymentAnnotations: {}
2012
# -- Labels for the server Deployment
2013
deploymentLabels: {}
2014
# -- Annotations to be added to server pods
2015
podAnnotations: {}
2016
# -- Labels to be added to server pods
2017
podLabels: {}
2018
# -- Resource limits and requests for the Argo CD server
2019
resources: {}
2020
# limits:
2021
# cpu: 100m
2022
# memory: 128Mi
2023
# requests:
2024
# cpu: 50m
2025
# memory: 64Mi
2026
2027
# Server container ports
2028
containerPorts:
2029
# -- Server container port
2030
server: 8080
2031
# -- Metrics container port
2032
metrics: 8083
2033
# -- Host Network for Server pods
2034
hostNetwork: false
2035
# -- [DNS configuration]
2036
dnsConfig: {}
2037
# -- Alternative DNS policy for Server pods
2038
dnsPolicy: "ClusterFirst"
2039
# -- Server container-level security context
2040
# @default -- See [values.yaml]
2041
containerSecurityContext:
2042
runAsNonRoot: true
2043
readOnlyRootFilesystem: true
2044
allowPrivilegeEscalation: false
2045
seccompProfile:
2046
type: RuntimeDefault
2047
capabilities:
2048
drop:
2049
- ALL
2050
## Readiness and liveness probes for default backend
2051
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2052
readinessProbe:
2053
# -- Enable Kubernetes readiness probe for default backend
2054
enabled: true
2055
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2056
failureThreshold: 3
2057
# -- Number of seconds after the container has started before [probe] is initiated
2058
initialDelaySeconds: 10
2059
# -- How often (in seconds) to perform the [probe]
2060
periodSeconds: 10
2061
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2062
successThreshold: 1
2063
# -- Number of seconds after which the [probe] times out
2064
timeoutSeconds: 1
2065
livenessProbe:
2066
# -- Enable Kubernetes liveness probe for default backend
2067
enabled: true
2068
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2069
failureThreshold: 3
2070
# -- Number of seconds after the container has started before [probe] is initiated
2071
initialDelaySeconds: 10
2072
# -- How often (in seconds) to perform the [probe]
2073
periodSeconds: 10
2074
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2075
successThreshold: 1
2076
# -- Number of seconds after which the [probe] times out
2077
timeoutSeconds: 1
2078
# -- terminationGracePeriodSeconds for container lifecycle hook
2079
terminationGracePeriodSeconds: 30
2080
# -- Priority class for the Argo CD server pods
2081
# @default -- `""` (defaults to global.priorityClassName)
2082
priorityClassName: ""
2083
# -- [Node selector]
2084
# @default -- `{}` (defaults to global.nodeSelector)
2085
nodeSelector: {}
2086
# -- [Tolerations] for use with node taints
2087
# @default -- `[]` (defaults to global.tolerations)
2088
tolerations: []
2089
# -- Assign custom [affinity] rules to the deployment
2090
# @default -- `{}` (defaults to global.affinity preset)
2091
affinity: {}
2092
# -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server
2093
# @default -- `[]` (defaults to global.topologySpreadConstraints)
2094
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2095
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
2096
topologySpreadConstraints: []
2097
# - maxSkew: 1
2098
# topologyKey: topology.kubernetes.io/zone
2099
# whenUnsatisfiable: DoNotSchedule
2100
2101
# -- Deployment strategy to be added to the server Deployment
2102
deploymentStrategy: {}
2103
# type: RollingUpdate
2104
# rollingUpdate:
2105
# maxSurge: 25%
2106
# maxUnavailable: 25%
2107
2108
# TLS certificate configuration via cert-manager
2109
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
2110
certificate:
2111
# -- Deploy a Certificate resource (requires cert-manager)
2112
enabled: false
2113
# -- Certificate primary domain (commonName)
2114
# @default -- `""` (defaults to global.domain)
2115
domain: ""
2116
# -- Certificate Subject Alternate Names (SANs)
2117
additionalHosts: []
2118
# -- The requested 'duration' (i.e. lifetime) of the certificate.
2119
# @default -- `""` (defaults to 2160h = 90d if not specified)
2120
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
2121
duration: ""
2122
# -- How long before the expiry a certificate should be renewed.
2123
# @default -- `""` (defaults to 360h = 15d if not specified)
2124
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
2125
renewBefore: ""
2126
# Certificate issuer
2127
## Ref: https://cert-manager.io/docs/concepts/issuer
2128
issuer:
2129
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
2130
group: ""
2131
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
2132
kind: ""
2133
# -- Certificate issuer name. Eg. `letsencrypt`
2134
name: ""
2135
# Private key of the certificate
2136
privateKey:
2137
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
2138
rotationPolicy: Never
2139
# -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
2140
encoding: PKCS1
2141
# -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
2142
algorithm: RSA
2143
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
2144
size: 2048
2145
# -- Annotations to be applied to the Server Certificate
2146
annotations: {}
2147
# -- Usages for the certificate
2148
### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage
2149
usages: []
2150
# -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources
2151
secretTemplateAnnotations: {}
2152
# TLS certificate configuration via Secret
2153
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
2154
certificateSecret:
2155
# -- Create argocd-server-tls secret
2156
enabled: false
2157
# -- Annotations to be added to argocd-server-tls secret
2158
annotations: {}
2159
# -- Labels to be added to argocd-server-tls secret
2160
labels: {}
2161
# -- Private Key of the certificate
2162
key: ""
2163
# -- Certificate data
2164
crt: ""
2165
## Server service configuration
2166
service:
2167
# -- Server service annotations
2168
annotations: {}
2169
# -- Server service labels
2170
labels: {}
2171
# -- Server service type
2172
type: ClusterIP
2173
# -- Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort")
2174
nodePortHttp: 30080
2175
# -- Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort")
2176
nodePortHttps: 30443
2177
# -- Server service http port
2178
servicePortHttp: 80
2179
# -- Server service https port
2180
servicePortHttps: 443
2181
# -- Server service http port name, can be used to route traffic via istio
2182
servicePortHttpName: http
2183
# -- Server service https port name, can be used to route traffic via istio
2184
servicePortHttpsName: https
2185
# -- Server service https port appProtocol
2186
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
2187
servicePortHttpsAppProtocol: ""
2188
# -- The class of the load balancer implementation
2189
loadBalancerClass: ""
2190
# -- LoadBalancer will get created with the IP specified in this field
2191
loadBalancerIP: ""
2192
# -- Source IP ranges to allow access to service from
2193
## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer
2194
## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb
2195
loadBalancerSourceRanges: []
2196
# -- Server service external IPs
2197
externalIPs: []
2198
# -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
2199
## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2200
externalTrafficPolicy: Cluster
2201
# -- Used to maintain session affinity. Supports `ClientIP` and `None`
2202
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
2203
sessionAffinity: None
2204
## Server metrics service configuration
2205
metrics:
2206
# -- Deploy metrics service
2207
enabled: false
2208
service:
2209
# -- Metrics service type
2210
type: ClusterIP
2211
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
2212
clusterIP: ""
2213
# -- Metrics service annotations
2214
annotations: {}
2215
# -- Metrics service labels
2216
labels: {}
2217
# -- Metrics service port
2218
servicePort: 8083
2219
# -- Metrics service port name
2220
portName: http-metrics
2221
serviceMonitor:
2222
# -- Enable a prometheus ServiceMonitor
2223
enabled: false
2224
# -- Prometheus ServiceMonitor interval
2225
interval: 30s
2226
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
2227
scrapeTimeout: ""
2228
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
2229
honorLabels: false
2230
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
2231
relabelings: []
2232
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
2233
metricRelabelings: []
2234
# -- Prometheus ServiceMonitor selector
2235
selector: {}
2236
# prometheus: kube-prometheus
2237
2238
# -- Prometheus ServiceMonitor scheme
2239
scheme: ""
2240
# -- Prometheus ServiceMonitor tlsConfig
2241
tlsConfig: {}
2242
# -- Prometheus ServiceMonitor namespace
2243
namespace: "" # monitoring
2244
# -- Prometheus ServiceMonitor labels
2245
additionalLabels: {}
2246
# -- Prometheus ServiceMonitor annotations
2247
annotations: {}
2248
# -- Automount API credentials for the Service Account into the pod.
2249
automountServiceAccountToken: true
2250
serviceAccount:
2251
# -- Create server service account
2252
create: true
2253
# -- Server service account name
2254
name: argocd-server
2255
# -- Annotations applied to created service account
2256
annotations: {}
2257
# -- Labels applied to created service account
2258
labels: {}
2259
# -- Automount API credentials for the Service Account
2260
automountServiceAccountToken: true
2261
# Argo CD server ingress configuration
2262
ingress:
2263
# -- Enable an ingress resource for the Argo CD server
2264
enabled: false
2265
# -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke`
2266
## Additional configuration might be required in related configuration sections
2267
controller: generic
2268
# -- Additional ingress labels
2269
labels: {}
2270
# -- Additional ingress annotations
2271
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
2272
annotations: {}
2273
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
2274
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
2275
2276
# -- Defines which ingress controller will implement the resource
2277
ingressClassName: ""
2278
# -- Argo CD server hostname
2279
# @default -- `""` (defaults to global.domain)
2280
hostname: ""
2281
# -- The path to Argo CD server
2282
path: /
2283
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
2284
pathType: Prefix
2285
# -- Enable TLS configuration for the hostname defined at `server.ingress.hostname`
2286
## TLS certificate will be retrieved from a TLS secret `argocd-server-tls`
2287
## You can create this secret via `certificate` or `certificateSecret` option
2288
tls: false
2289
# -- The list of additional hostnames to be covered by ingress record
2290
# @default -- `[]` (See [values.yaml])
2291
extraHosts: []
2292
# - name: argocd.example.com
2293
# path: /
2294
2295
# -- Additional ingress paths
2296
# @default -- `[]` (See [values.yaml])
2297
## Note: Supports use of custom Helm templates
2298
extraPaths: []
2299
# - path: /*
2300
# pathType: Prefix
2301
# backend:
2302
# service:
2303
# name: ssl-redirect
2304
# port:
2305
# name: use-annotation
2306
2307
# -- Additional ingress rules
2308
# @default -- `[]` (See [values.yaml])
2309
## Note: Supports use of custom Helm templates
2310
extraRules: []
2311
# - http:
2312
# paths:
2313
# - path: /
2314
# pathType: Prefix
2315
# backend:
2316
# service:
2317
# name: '{{ include "argo-cd.server.fullname" . }}'
2318
# port:
2319
# name: '{{ .Values.server.service.servicePortHttpsName }}'
2320
2321
# -- Additional TLS configuration
2322
# @default -- `[]` (See [values.yaml])
2323
extraTls: []
2324
# - hosts:
2325
# - argocd.example.com
2326
# secretName: your-certificate-name
2327
2328
# AWS specific options for Application Load Balancer
2329
# Applies only when `serv.ingress.controller` is set to `aws`
2330
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode
2331
aws:
2332
# -- Backend protocol version for the AWS ALB gRPC service
2333
## This tells AWS to send traffic from the ALB using gRPC.
2334
## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings
2335
backendProtocolVersion: GRPC
2336
# -- Service type for the AWS ALB gRPC service
2337
## Can be of type NodePort or ClusterIP depending on which mode you are running.
2338
## Instance mode needs type NodePort, IP mode needs type ClusterIP
2339
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic
2340
serviceType: NodePort
2341
# -- Annotations for the AWS ALB gRPC service
2342
## Allows adding custom annotations to the gRPC service for integrations like DataDog, Prometheus, etc.
2343
serviceAnnotations: {}
2344
# Google specific options for Google Application Load Balancer
2345
# Applies only when `server.ingress.controller` is set to `gke`
2346
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress
2347
gke:
2348
# -- Google [BackendConfig] resource, for use with the GKE Ingress Controller
2349
# @default -- `{}` (See [values.yaml])
2350
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
2351
backendConfig: {}
2352
# iap:
2353
# enabled: true
2354
# oauthclientCredentials:
2355
# secretName: argocd-secret
2356
2357
# -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller
2358
# @default -- `{}` (See [values.yaml])
2359
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
2360
frontendConfig: {}
2361
# redirectToHttps:
2362
# enabled: true
2363
# responseCodeName: RESPONSE_CODE
2364
2365
# Managed GKE certificate for ingress hostname
2366
managedCertificate:
2367
# -- Create ManagedCertificate resource and annotations for Google Load balancer
2368
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
2369
create: true
2370
# -- Additional domains for ManagedCertificate resource
2371
extraDomains: []
2372
# - argocd.example.com
2373
# Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource
2374
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
2375
ingressGrpc:
2376
# -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress]
2377
enabled: false
2378
# -- Additional ingress annotations for dedicated [gRPC-ingress]
2379
annotations: {}
2380
# -- Additional ingress labels for dedicated [gRPC-ingress]
2381
labels: {}
2382
# -- Defines which ingress controller will implement the resource [gRPC-ingress]
2383
ingressClassName: ""
2384
# -- Argo CD server hostname for dedicated [gRPC-ingress]
2385
# @default -- `""` (defaults to grpc.`server.ingress.hostname`)
2386
hostname: ""
2387
# -- Argo CD server ingress path for dedicated [gRPC-ingress]
2388
path: /
2389
# -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific`
2390
pathType: Prefix
2391
# -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname`
2392
## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls`
2393
tls: false
2394
# -- The list of additional hostnames to be covered by ingress record
2395
# @default -- `[]` (See [values.yaml])
2396
extraHosts: []
2397
# - name: grpc.argocd.example.com
2398
# path: /
2399
2400
# -- Additional ingress paths for dedicated [gRPC-ingress]
2401
# @default -- `[]` (See [values.yaml])
2402
## Note: Supports use of custom Helm templates
2403
extraPaths: []
2404
# - path: /*
2405
# pathType: Prefix
2406
# backend:
2407
# service:
2408
# name: ssl-redirect
2409
# port:
2410
# name: use-annotation
2411
2412
# -- Additional ingress rules
2413
# @default -- `[]` (See [values.yaml])
2414
## Note: Supports use of custom Helm templates
2415
extraRules: []
2416
# - http:
2417
# paths:
2418
# - path: /
2419
# pathType: Prefix
2420
# backend:
2421
# service:
2422
# name: '{{ include "argo-cd.server.fullname" . }}'
2423
# port:
2424
# name: '{{ .Values.server.service.servicePortHttpName }}'
2425
2426
# -- Additional TLS configuration for dedicated [gRPC-ingress]
2427
# @default -- `[]` (See [values.yaml])
2428
extraTls: []
2429
# - secretName: your-certificate-name
2430
# hosts:
2431
# - argocd.example.com
2432
# Create a OpenShift Route with SSL passthrough for UI and CLI
2433
# Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
2434
# Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain:
2435
# If 'hostname' is an empty string "" OpenShift will create a hostname for you.
2436
route:
2437
# -- Enable an OpenShift Route for the Argo CD server
2438
enabled: false
2439
# -- Openshift Route annotations
2440
annotations: {}
2441
# -- Hostname of OpenShift Route
2442
hostname: ""
2443
# -- Termination type of Openshift Route
2444
termination_type: passthrough
2445
# -- Termination policy of Openshift Route
2446
termination_policy: None
2447
# Gateway API HTTPRoute configuration
2448
# NOTE: Gateway API support is in EXPERIMENTAL status
2449
# Support depends on your Gateway controller implementation
2450
# Some controllers may require additional configuration (e.g., BackendTLSPolicy for HTTPS backends)
2451
# Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details
2452
httproute:
2453
# -- Enable HTTPRoute resource for Argo CD server (Gateway API)
2454
enabled: false
2455
# -- Additional HTTPRoute labels
2456
labels: {}
2457
# -- Additional HTTPRoute annotations
2458
annotations: {}
2459
# -- Gateway API parentRefs for the HTTPRoute
2460
## Must reference an existing Gateway
2461
# @default -- `[]` (See [values.yaml])
2462
parentRefs: []
2463
# - name: example-gateway
2464
# namespace: example-gateway-namespace
2465
# sectionName: https
2466
# -- List of hostnames for the HTTPRoute
2467
# @default -- `[]` (See [values.yaml])
2468
hostnames: []
2469
# - argocd.example.com
2470
# -- HTTPRoute rules configuration
2471
# @default -- `[]` (See [values.yaml])
2472
rules:
2473
- matches:
2474
- path:
2475
type: PathPrefix
2476
value: /
2477
# filters: []
2478
# - type: RequestHeaderModifier
2479
# requestHeaderModifier:
2480
# add:
2481
# - name: X-Custom-Header
2482
# value: custom-value
2483
# timeouts:
2484
# request: 10s
2485
# backendRequest: 2s
2486
# Gateway API GRPCRoute configuration
2487
# NOTE: Gateway API support is in EXPERIMENTAL status
2488
# Support depends on your Gateway controller implementation
2489
# Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details
2490
grpcroute:
2491
# -- Enable GRPCRoute resource for Argo CD server (Gateway API)
2492
enabled: false
2493
# -- Additional GRPCRoute labels
2494
labels: {}
2495
# -- Additional GRPCRoute annotations
2496
annotations: {}
2497
# -- Gateway API parentRefs for the GRPCRoute
2498
## Must reference an existing Gateway
2499
# @default -- `[]` (See [values.yaml])
2500
parentRefs: []
2501
# - name: example-gateway
2502
# namespace: example-gateway-namespace
2503
# sectionName: grpc
2504
# -- List of hostnames for the GRPCRoute
2505
# @default -- `[]` (See [values.yaml])
2506
hostnames: []
2507
# - grpc.argocd.example.com
2508
# -- GRPCRoute rules configuration
2509
# @default -- `[]` (See [values.yaml])
2510
rules:
2511
- matches:
2512
- method:
2513
type: Exact
2514
# filters: []
2515
# - type: RequestHeaderModifier
2516
# requestHeaderModifier:
2517
# add:
2518
# - name: X-Custom-Header
2519
# value: custom-value
2520
# Gateway API BackendTLSPolicy configuration
2521
# NOTE: BackendTLSPolicy support is in EXPERIMENTAL status
2522
# Required for HTTPS backends when using Gateway API
2523
# Not all Gateway controllers support this resource (e.g., Cilium does not support it yet)
2524
backendTLSPolicy:
2525
# -- Enable BackendTLSPolicy resource for Argo CD server (Gateway API)
2526
enabled: false
2527
# -- Additional BackendTLSPolicy labels
2528
labels: {}
2529
# -- Additional BackendTLSPolicy annotations
2530
annotations: {}
2531
# -- Target references for the BackendTLSPolicy
2532
# @default -- `[]` (See [values.yaml])
2533
targetRefs: []
2534
# - group: ""
2535
# kind: Service
2536
# name: argocd-server
2537
# sectionName: https
2538
# -- TLS validation configuration
2539
# @default -- `{}` (See [values.yaml])
2540
validation: {}
2541
# hostname: argocd-server.argocd.svc.cluster.local
2542
# caCertificateRefs:
2543
# - name: example-ca-cert
2544
# group: ""
2545
# kind: ConfigMap
2546
# wellKnownCACertificates: System
2547
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
2548
## Defaults to off
2549
clusterRoleRules:
2550
# -- Enable custom rules for the server's ClusterRole resource
2551
enabled: false
2552
# -- List of custom rules for the server's ClusterRole resource
2553
rules: []
2554
# Default ArgoCD Server's network policy
2555
networkPolicy:
2556
# -- Default network policy rules used by ArgoCD Server
2557
# @default -- `false` (defaults to global.networkPolicy.create)
2558
create: false
2559
## Repo Server
2560
repoServer:
2561
# -- Repo server name
2562
name: repo-server
2563
# -- The number of repo server pods to run
2564
replicas: 1
2565
# -- Runtime class name for the repo server
2566
# @default -- `""` (defaults to global.runtimeClassName)
2567
runtimeClassName: ""
2568
## Repo server Horizontal Pod Autoscaler
2569
autoscaling:
2570
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server
2571
enabled: false
2572
# -- Minimum number of replicas for the repo server [HPA]
2573
minReplicas: 1
2574
# -- Maximum number of replicas for the repo server [HPA]
2575
maxReplicas: 5
2576
# -- Average CPU utilization percentage for the repo server [HPA]
2577
targetCPUUtilizationPercentage: 50
2578
# -- Average memory utilization percentage for the repo server [HPA]
2579
targetMemoryUtilizationPercentage: 50
2580
# -- Configures the scaling behavior of the target in both Up and Down directions.
2581
behavior: {}
2582
# scaleDown:
2583
# stabilizationWindowSeconds: 300
2584
# policies:
2585
# - type: Pods
2586
# value: 1
2587
# periodSeconds: 180
2588
# scaleUp:
2589
# stabilizationWindowSeconds: 300
2590
# policies:
2591
# - type: Pods
2592
# value: 2
2593
# periodSeconds: 60
2594
# -- Configures custom HPA metrics for the Argo CD repo server
2595
# Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
2596
metrics: []
2597
## Repo server Pod Disruption Budget
2598
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
2599
pdb:
2600
# -- Deploy a [PodDisruptionBudget] for the repo server
2601
enabled: false
2602
# -- Labels to be added to repo server pdb
2603
labels: {}
2604
# -- Annotations to be added to repo server pdb
2605
annotations: {}
2606
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
2607
# @default -- `""` (defaults to 0 if not specified)
2608
minAvailable: ""
2609
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
2610
## Has higher precedence over `repoServer.pdb.minAvailable`
2611
maxUnavailable: ""
2612
## Repo server Vertical Pod Autoscaler
2613
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
2614
vpa:
2615
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the repo server
2616
enabled: false
2617
# -- Labels to be added to repo server vpa
2618
labels: {}
2619
# -- Annotations to be added to repo server vpa
2620
annotations: {}
2621
# -- One of the VPA operation modes
2622
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
2623
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
2624
updateMode: Initial
2625
# -- Controls how VPA computes the recommended resources for repo server container
2626
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
2627
containerPolicy: {}
2628
# controlledResources: ["cpu", "memory"]
2629
# minAllowed:
2630
# cpu: 250m
2631
# memory: 256Mi
2632
# maxAllowed:
2633
# cpu: 1
2634
# memory: 1Gi
2635
## Repo server image
2636
image:
2637
# -- Repository to use for the repo server
2638
# @default -- `""` (defaults to global.image.repository)
2639
repository: ""
2640
# -- Tag to use for the repo server
2641
# @default -- `""` (defaults to global.image.tag)
2642
tag: ""
2643
# -- Image pull policy for the repo server
2644
# @default -- `""` (defaults to global.image.imagePullPolicy)
2645
imagePullPolicy: ""
2646
# -- Secrets with credentials to pull images from a private registry
2647
# @default -- `[]` (defaults to global.imagePullSecrets)
2648
imagePullSecrets: []
2649
# -- Additional command line arguments to pass to repo server
2650
extraArgs: []
2651
# -- Environment variables to pass to repo server
2652
env: []
2653
# -- envFrom to pass to repo server
2654
# @default -- `[]` (See [values.yaml])
2655
envFrom: []
2656
# - configMapRef:
2657
# name: config-map-name
2658
# - secretRef:
2659
# name: secret-name
2660
2661
# -- Specify postStart and preStop lifecycle hooks for your argo-repo-server container
2662
lifecycle: {}
2663
# -- Additional containers to be added to the repo server pod
2664
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/
2665
## Note: Supports use of custom Helm templates
2666
extraContainers: []
2667
# - name: cmp-my-plugin
2668
# command:
2669
# - "/var/run/argocd/argocd-cmp-server"
2670
# image: busybox
2671
# securityContext:
2672
# runAsNonRoot: true
2673
# runAsUser: 999
2674
# volumeMounts:
2675
# - mountPath: /var/run/argocd
2676
# name: var-files
2677
# - mountPath: /home/argocd/cmp-server/plugins
2678
# name: plugins
2679
# # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
2680
# - mountPath: /home/argocd/cmp-server/config/plugin.yaml
2681
# subPath: my-plugin.yaml
2682
# name: argocd-cmp-cm
2683
# # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
2684
# # mitigate path traversal attacks.
2685
# - mountPath: /tmp
2686
# name: cmp-tmp
2687
# - name: cmp-my-plugin2
2688
# command:
2689
# - "/var/run/argocd/argocd-cmp-server"
2690
# image: busybox
2691
# securityContext:
2692
# runAsNonRoot: true
2693
# runAsUser: 999
2694
# volumeMounts:
2695
# - mountPath: /var/run/argocd
2696
# name: var-files
2697
# # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
2698
# - mountPath: /home/argocd/cmp-server/plugins
2699
# name: plugins
2700
# - mountPath: /home/argocd/cmp-server/config/plugin.yaml
2701
# subPath: my-plugin2.yaml
2702
# name: argocd-cmp-cm
2703
# # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
2704
# # mitigate path traversal attacks.
2705
# - mountPath: /tmp
2706
# name: cmp-tmp
2707
2708
# -- Init containers to add to the repo server pods
2709
initContainers: []
2710
copyutil:
2711
# -- Extra arguments for the cp command in the repo server copyutil initContainer
2712
# @default -- `"--update=none"`
2713
extraArgs: "--update=none"
2714
# -- Resource limits and requests for the repo server copyutil initContainer
2715
resources: {}
2716
# limits:
2717
# cpu: 100m
2718
# memory: 128Mi
2719
# requests:
2720
# cpu: 50m
2721
# memory: 64Mi
2722
# -- Additional volumeMounts to the repo server main container
2723
volumeMounts: []
2724
# -- Additional volumes to the repo server pod
2725
volumes: []
2726
# - name: argocd-cmp-cm
2727
# configMap:
2728
# name: argocd-cmp-cm
2729
# - name: cmp-tmp
2730
# emptyDir: {}
2731
2732
# -- Volumes to be used in replacement of emptydir on default volumes
2733
existingVolumes: {}
2734
# gpgKeyring:
2735
# persistentVolumeClaim:
2736
# claimName: pvc-argocd-repo-server-keyring
2737
# helmWorkingDir:
2738
# persistentVolumeClaim:
2739
# claimName: pvc-argocd-repo-server-workdir
2740
# tmp:
2741
# persistentVolumeClaim:
2742
# claimName: pvc-argocd-repo-server-tmp
2743
# varFiles:
2744
# persistentVolumeClaim:
2745
# claimName: pvc-argocd-repo-server-varfiles
2746
# plugins:
2747
# persistentVolumeClaim:
2748
# claimName: pvc-argocd-repo-server-plugins
2749
2750
## RepoServer emptyDir volumes
2751
emptyDir:
2752
# -- EmptyDir size limit for repo server
2753
# @default -- `""` (defaults not set if not specified i.e. no size limit)
2754
sizeLimit: ""
2755
# sizeLimit: "1Gi"
2756
# -- Toggle the usage of a ephemeral Helm working directory
2757
useEphemeralHelmWorkingDir: true
2758
# -- Annotations to be added to repo server Deployment
2759
deploymentAnnotations: {}
2760
# -- Labels for the repo server Deployment
2761
deploymentLabels: {}
2762
# -- Annotations to be added to repo server pods
2763
podAnnotations: {}
2764
# -- Labels to be added to repo server pods
2765
podLabels: {}
2766
# -- Resource limits and requests for the repo server pods
2767
resources: {}
2768
# limits:
2769
# cpu: 50m
2770
# memory: 128Mi
2771
# requests:
2772
# cpu: 10m
2773
# memory: 64Mi
2774
2775
# Repo server container ports
2776
containerPorts:
2777
# -- Repo server container port
2778
server: 8081
2779
# -- Metrics container port
2780
metrics: 8084
2781
# -- Host Network for Repo server pods
2782
hostNetwork: false
2783
# -- [DNS configuration]
2784
dnsConfig: {}
2785
# -- Alternative DNS policy for Repo server pods
2786
dnsPolicy: "ClusterFirst"
2787
# -- Repo server container-level security context
2788
# @default -- See [values.yaml]
2789
containerSecurityContext:
2790
runAsNonRoot: true
2791
readOnlyRootFilesystem: true
2792
allowPrivilegeEscalation: false
2793
seccompProfile:
2794
type: RuntimeDefault
2795
capabilities:
2796
drop:
2797
- ALL
2798
## Readiness and liveness probes for Repo Server
2799
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2800
readinessProbe:
2801
# -- Enable Kubernetes readiness probe for Repo Server
2802
enabled: true
2803
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2804
failureThreshold: 3
2805
# -- Number of seconds after the container has started before [probe] is initiated
2806
initialDelaySeconds: 10
2807
# -- How often (in seconds) to perform the [probe]
2808
periodSeconds: 10
2809
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2810
successThreshold: 1
2811
# -- Number of seconds after which the [probe] times out
2812
timeoutSeconds: 1
2813
livenessProbe:
2814
# -- Enable Kubernetes liveness probe for Repo Server
2815
enabled: true
2816
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2817
failureThreshold: 3
2818
# -- Number of seconds after the container has started before [probe] is initiated
2819
initialDelaySeconds: 10
2820
# -- How often (in seconds) to perform the [probe]
2821
periodSeconds: 10
2822
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2823
successThreshold: 1
2824
# -- Number of seconds after which the [probe] times out
2825
timeoutSeconds: 1
2826
# -- terminationGracePeriodSeconds for container lifecycle hook
2827
terminationGracePeriodSeconds: 30
2828
# -- [Node selector]
2829
# @default -- `{}` (defaults to global.nodeSelector)
2830
nodeSelector: {}
2831
# -- [Tolerations] for use with node taints
2832
# @default -- `[]` (defaults to global.tolerations)
2833
tolerations: []
2834
# -- Assign custom [affinity] rules to the deployment
2835
# @default -- `{}` (defaults to global.affinity preset)
2836
affinity: {}
2837
# -- Assign custom [TopologySpreadConstraints] rules to the repo server
2838
# @default -- `[]` (defaults to global.topologySpreadConstraints)
2839
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2840
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
2841
topologySpreadConstraints: []
2842
# - maxSkew: 1
2843
# topologyKey: topology.kubernetes.io/zone
2844
# whenUnsatisfiable: DoNotSchedule
2845
2846
# -- Deployment strategy to be added to the repo server Deployment
2847
deploymentStrategy: {}
2848
# type: RollingUpdate
2849
# rollingUpdate:
2850
# maxSurge: 25%
2851
# maxUnavailable: 25%
2852
2853
# -- Priority class for the repo server pods
2854
# @default -- `""` (defaults to global.priorityClassName)
2855
priorityClassName: ""
2856
# TLS certificate configuration via Secret
2857
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server
2858
## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers.
2859
certificateSecret:
2860
# -- Create argocd-repo-server-tls secret
2861
enabled: false
2862
# -- Annotations to be added to argocd-repo-server-tls secret
2863
annotations: {}
2864
# -- Labels to be added to argocd-repo-server-tls secret
2865
labels: {}
2866
# -- Certificate authority. Required for self-signed certificates.
2867
ca: ""
2868
# -- Certificate private key
2869
key: ""
2870
# -- Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc)
2871
crt: ""
2872
## Repo server service configuration
2873
service:
2874
# -- Repo server service annotations
2875
annotations: {}
2876
# -- Repo server service labels
2877
labels: {}
2878
# -- Repo server service port
2879
port: 8081
2880
# -- Repo server service port name
2881
portName: tcp-repo-server
2882
# -- Traffic distribution preference for the repo server service. If the field is not set, the implementation will apply its default routing strategy.
2883
trafficDistribution: ""
2884
## Repo server metrics service configuration
2885
metrics:
2886
# -- Deploy metrics service
2887
enabled: false
2888
service:
2889
# -- Metrics service type
2890
type: ClusterIP
2891
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
2892
clusterIP: ""
2893
# -- Metrics service annotations
2894
annotations: {}
2895
# -- Metrics service labels
2896
labels: {}
2897
# -- Metrics service port
2898
servicePort: 8084
2899
# -- Metrics service port name
2900
portName: http-metrics
2901
serviceMonitor:
2902
# -- Enable a prometheus ServiceMonitor
2903
enabled: false
2904
# -- Prometheus ServiceMonitor interval
2905
interval: 30s
2906
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
2907
scrapeTimeout: ""
2908
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
2909
honorLabels: false
2910
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
2911
relabelings: []
2912
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
2913
metricRelabelings: []
2914
# -- Prometheus ServiceMonitor selector
2915
selector: {}
2916
# prometheus: kube-prometheus
2917
2918
# -- Prometheus ServiceMonitor scheme
2919
scheme: ""
2920
# -- Prometheus ServiceMonitor tlsConfig
2921
tlsConfig: {}
2922
# -- Prometheus ServiceMonitor namespace
2923
namespace: "" # "monitoring"
2924
# -- Prometheus ServiceMonitor labels
2925
additionalLabels: {}
2926
# -- Prometheus ServiceMonitor annotations
2927
annotations: {}
2928
## Enable Custom Rules for the Repo server's Cluster Role resource
2929
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
2930
## Defaults to off
2931
clusterRoleRules:
2932
# -- Enable custom rules for the Repo server's Cluster Role resource
2933
enabled: false
2934
# -- List of custom rules for the Repo server's Cluster Role resource
2935
rules: []
2936
# -- Automount API credentials for the Service Account into the pod.
2937
automountServiceAccountToken: true
2938
## Repo server service account
2939
## If create is set to true, make sure to uncomment the name and update the rbac section below
2940
serviceAccount:
2941
# -- Create repo server service account
2942
create: true
2943
# -- Repo server service account name
2944
name: "" # "argocd-repo-server"
2945
# -- Annotations applied to created service account
2946
annotations: {}
2947
# -- Labels applied to created service account
2948
labels: {}
2949
# -- Automount API credentials for the Service Account
2950
automountServiceAccountToken: true
2951
# -- Repo server rbac rules
2952
rbac: []
2953
# - apiGroups:
2954
# - argoproj.io
2955
# resources:
2956
# - applications
2957
# verbs:
2958
# - get
2959
# - list
2960
# - watch
2961
2962
# Default repo server's network policy
2963
networkPolicy:
2964
# -- Default network policy rules used by repo server
2965
# @default -- `false` (defaults to global.networkPolicy.create)
2966
create: false
2967
## ApplicationSet controller
2968
applicationSet:
2969
# -- ApplicationSet controller name string
2970
name: applicationset-controller
2971
# -- The number of ApplicationSet controller pods to run
2972
replicas: 1
2973
# -- Runtime class name for the ApplicationSet controller
2974
# @default -- `""` (defaults to global.runtimeClassName)
2975
runtimeClassName: ""
2976
## ApplicationSet controller Pod Disruption Budget
2977
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
2978
pdb:
2979
# -- Deploy a [PodDisruptionBudget] for the ApplicationSet controller
2980
enabled: false
2981
# -- Labels to be added to ApplicationSet controller pdb
2982
labels: {}
2983
# -- Annotations to be added to ApplicationSet controller pdb
2984
annotations: {}
2985
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
2986
# @default -- `""` (defaults to 0 if not specified)
2987
minAvailable: ""
2988
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
2989
## Has higher precedence over `applicationSet.pdb.minAvailable`
2990
maxUnavailable: ""
2991
## ApplicationSet controller Vertical Pod Autoscaler
2992
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
2993
vpa:
2994
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the ApplicationSet controller
2995
enabled: false
2996
# -- Labels to be added to ApplicationSet controller vpa
2997
labels: {}
2998
# -- Annotations to be added to ApplicationSet controller vpa
2999
annotations: {}
3000
# -- One of the VPA operation modes
3001
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
3002
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
3003
updateMode: Initial
3004
# -- Controls how VPA computes the recommended resources for ApplicationSet controller container
3005
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
3006
containerPolicy: {}
3007
# controlledResources: ["cpu", "memory"]
3008
# minAllowed:
3009
# cpu: 250m
3010
# memory: 256Mi
3011
# maxAllowed:
3012
# cpu: 1
3013
# memory: 1Gi
3014
## ApplicationSet controller image
3015
image:
3016
# -- Repository to use for the ApplicationSet controller
3017
# @default -- `""` (defaults to global.image.repository)
3018
repository: ""
3019
# -- Tag to use for the ApplicationSet controller
3020
# @default -- `""` (defaults to global.image.tag)
3021
tag: ""
3022
# -- Image pull policy for the ApplicationSet controller
3023
# @default -- `""` (defaults to global.image.imagePullPolicy)
3024
imagePullPolicy: ""
3025
# -- If defined, uses a Secret to pull an image from a private Docker registry or repository.
3026
# @default -- `[]` (defaults to global.imagePullSecrets)
3027
imagePullSecrets: []
3028
# -- ApplicationSet controller command line flags
3029
extraArgs: []
3030
# -- Environment variables to pass to the ApplicationSet controller
3031
extraEnv: []
3032
# - name: "MY_VAR"
3033
# value: "value"
3034
3035
# -- envFrom to pass to the ApplicationSet controller
3036
# @default -- `[]` (See [values.yaml])
3037
extraEnvFrom: []
3038
# - configMapRef:
3039
# name: config-map-name
3040
# - secretRef:
3041
# name: secret-name
3042
3043
# -- Additional containers to be added to the ApplicationSet controller pod
3044
## Note: Supports use of custom Helm templates
3045
extraContainers: []
3046
# -- Init containers to add to the ApplicationSet controller pod
3047
## Note: Supports use of custom Helm templates
3048
initContainers: []
3049
# -- List of extra mounts to add (normally used with extraVolumes)
3050
extraVolumeMounts: []
3051
# -- List of extra volumes to add
3052
extraVolumes: []
3053
## ApplicationSet controller emptyDir volumes
3054
emptyDir:
3055
# -- EmptyDir size limit for applicationSet controller
3056
# @default -- `""` (defaults not set if not specified i.e. no size limit)
3057
sizeLimit: ""
3058
# sizeLimit: "1Gi"
3059
## Metrics service configuration
3060
metrics:
3061
# -- Deploy metrics service
3062
enabled: false
3063
service:
3064
# -- Metrics service type
3065
type: ClusterIP
3066
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
3067
clusterIP: ""
3068
# -- Metrics service annotations
3069
annotations: {}
3070
# -- Metrics service labels
3071
labels: {}
3072
# -- Metrics service port
3073
servicePort: 8080
3074
# -- Metrics service port name
3075
portName: http-metrics
3076
serviceMonitor:
3077
# -- Enable a prometheus ServiceMonitor
3078
enabled: false
3079
# -- Prometheus ServiceMonitor interval
3080
interval: 30s
3081
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
3082
scrapeTimeout: ""
3083
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
3084
honorLabels: false
3085
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
3086
relabelings: []
3087
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
3088
metricRelabelings: []
3089
# -- Prometheus ServiceMonitor selector
3090
selector: {}
3091
# prometheus: kube-prometheus
3092
3093
# -- Prometheus ServiceMonitor scheme
3094
scheme: ""
3095
# -- Prometheus ServiceMonitor tlsConfig
3096
tlsConfig: {}
3097
# -- Prometheus ServiceMonitor namespace
3098
namespace: "" # monitoring
3099
# -- Prometheus ServiceMonitor labels
3100
additionalLabels: {}
3101
# -- Prometheus ServiceMonitor annotations
3102
annotations: {}
3103
## ApplicationSet service configuration
3104
service:
3105
# -- ApplicationSet service annotations
3106
annotations: {}
3107
# -- ApplicationSet service labels
3108
labels: {}
3109
# -- ApplicationSet service type
3110
type: ClusterIP
3111
# -- ApplicationSet service port
3112
port: 7000
3113
# -- ApplicationSet service port name
3114
portName: http-webhook
3115
# -- Automount API credentials for the Service Account into the pod.
3116
automountServiceAccountToken: true
3117
serviceAccount:
3118
# -- Create ApplicationSet controller service account
3119
create: true
3120
# -- ApplicationSet controller service account name
3121
name: argocd-applicationset-controller
3122
# -- Annotations applied to created service account
3123
annotations: {}
3124
# -- Labels applied to created service account
3125
labels: {}
3126
# -- Automount API credentials for the Service Account
3127
automountServiceAccountToken: true
3128
# -- Annotations to be added to ApplicationSet controller Deployment
3129
deploymentAnnotations: {}
3130
# -- Labels for the ApplicationSet controller Deployment
3131
deploymentLabels: {}
3132
# -- Annotations for the ApplicationSet controller pods
3133
podAnnotations: {}
3134
# -- Labels for the ApplicationSet controller pods
3135
podLabels: {}
3136
# -- Resource limits and requests for the ApplicationSet controller pods.
3137
resources: {}
3138
# limits:
3139
# cpu: 100m
3140
# memory: 128Mi
3141
# requests:
3142
# cpu: 100m
3143
# memory: 128Mi
3144
3145
# ApplicationSet controller container ports
3146
containerPorts:
3147
# -- Metrics container port
3148
metrics: 8080
3149
# -- Probe container port
3150
probe: 8081
3151
# -- Webhook container port
3152
webhook: 7000
3153
# -- [DNS configuration]
3154
dnsConfig: {}
3155
# -- Alternative DNS policy for ApplicationSet controller pods
3156
dnsPolicy: "ClusterFirst"
3157
# -- ApplicationSet controller container-level security context
3158
# @default -- See [values.yaml]
3159
containerSecurityContext:
3160
runAsNonRoot: true
3161
readOnlyRootFilesystem: true
3162
allowPrivilegeEscalation: false
3163
seccompProfile:
3164
type: RuntimeDefault
3165
capabilities:
3166
drop:
3167
- ALL
3168
## Probes for ApplicationSet controller (optional)
3169
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
3170
readinessProbe:
3171
# -- Enable Kubernetes liveness probe for ApplicationSet controller
3172
enabled: false
3173
# -- Number of seconds after the container has started before [probe] is initiated
3174
initialDelaySeconds: 10
3175
# -- How often (in seconds) to perform the [probe]
3176
periodSeconds: 10
3177
# -- Number of seconds after which the [probe] times out
3178
timeoutSeconds: 1
3179
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3180
successThreshold: 1
3181
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3182
failureThreshold: 3
3183
livenessProbe:
3184
# -- Enable Kubernetes liveness probe for ApplicationSet controller
3185
enabled: false
3186
# -- Number of seconds after the container has started before [probe] is initiated
3187
initialDelaySeconds: 10
3188
# -- How often (in seconds) to perform the [probe]
3189
periodSeconds: 10
3190
# -- Number of seconds after which the [probe] times out
3191
timeoutSeconds: 1
3192
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3193
successThreshold: 1
3194
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3195
failureThreshold: 3
3196
# -- terminationGracePeriodSeconds for container lifecycle hook
3197
terminationGracePeriodSeconds: 30
3198
# -- [Node selector]
3199
# @default -- `{}` (defaults to global.nodeSelector)
3200
nodeSelector: {}
3201
# -- [Tolerations] for use with node taints
3202
# @default -- `[]` (defaults to global.tolerations)
3203
tolerations: []
3204
# -- Assign custom [affinity] rules
3205
# @default -- `{}` (defaults to global.affinity preset)
3206
affinity: {}
3207
# -- Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller
3208
# @default -- `[]` (defaults to global.topologySpreadConstraints)
3209
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
3210
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
3211
topologySpreadConstraints: []
3212
# - maxSkew: 1
3213
# topologyKey: topology.kubernetes.io/zone
3214
# whenUnsatisfiable: DoNotSchedule
3215
3216
# -- Deployment strategy to be added to the ApplicationSet controller Deployment
3217
deploymentStrategy: {}
3218
# type: RollingUpdate
3219
# rollingUpdate:
3220
# maxSurge: 25%
3221
# maxUnavailable: 25%
3222
3223
# -- Priority class for the ApplicationSet controller pods
3224
# @default -- `""` (defaults to global.priorityClassName)
3225
priorityClassName: ""
3226
# TLS certificate configuration via cert-manager
3227
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration
3228
certificate:
3229
# -- Deploy a Certificate resource (requires cert-manager)
3230
enabled: false
3231
# -- Certificate primary domain (commonName)
3232
# @default -- `""` (defaults to global.domain)
3233
domain: ""
3234
# -- Certificate Subject Alternate Names (SANs)
3235
additionalHosts: []
3236
# -- The requested 'duration' (i.e. lifetime) of the certificate.
3237
# @default -- `""` (defaults to 2160h = 90d if not specified)
3238
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
3239
duration: ""
3240
# -- How long before the expiry a certificate should be renewed.
3241
# @default -- `""` (defaults to 360h = 15d if not specified)
3242
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
3243
renewBefore: ""
3244
# Certificate issuer
3245
## Ref: https://cert-manager.io/docs/concepts/issuer
3246
issuer:
3247
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
3248
group: ""
3249
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
3250
kind: ""
3251
# -- Certificate issuer name. Eg. `letsencrypt`
3252
name: ""
3253
# Private key of the certificate
3254
privateKey:
3255
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
3256
rotationPolicy: Never
3257
# -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
3258
encoding: PKCS1
3259
# -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
3260
algorithm: RSA
3261
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
3262
size: 2048
3263
# -- Annotations to be applied to the ApplicationSet Certificate
3264
annotations: {}
3265
## Ingress for the Git Generator webhook
3266
## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
3267
ingress:
3268
# -- Enable an ingress resource for ApplicationSet webhook
3269
enabled: false
3270
# -- Additional ingress labels
3271
labels: {}
3272
# -- Additional ingress annotations
3273
annotations: {}
3274
# -- Defines which ingress ApplicationSet controller will implement the resource
3275
ingressClassName: ""
3276
# -- Argo CD ApplicationSet hostname
3277
# @default -- `""` (defaults to global.domain)
3278
hostname: ""
3279
# -- List of ingress paths
3280
path: /api/webhook
3281
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
3282
pathType: Prefix
3283
# -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname`
3284
## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls`
3285
tls: false
3286
# -- The list of additional hostnames to be covered by ingress record
3287
# @default -- `[]` (See [values.yaml])
3288
extraHosts: []
3289
# - name: argocd.example.com
3290
# path: /
3291
3292
# -- Additional ingress paths
3293
# @default -- `[]` (See [values.yaml])
3294
extraPaths: []
3295
# - path: /*
3296
# pathType: Prefix
3297
# backend:
3298
# service:
3299
# name: ssl-redirect
3300
# port:
3301
# name: use-annotation
3302
3303
# -- Additional ingress rules
3304
# @default -- `[]` (See [values.yaml])
3305
## Note: Supports use of custom Helm templates
3306
extraRules: []
3307
# - http:
3308
# paths:
3309
# - path: /api/webhook
3310
# pathType: Prefix
3311
# backend:
3312
# service:
3313
# name: '{{ include "argo-cd.applicationSet.fullname" . }}'
3314
# port:
3315
# name: '{{ .Values.applicationSet.service.portName }}'
3316
3317
# -- Additional ingress TLS configuration
3318
# @default -- `[]` (See [values.yaml])
3319
extraTls: []
3320
# - secretName: argocd-applicationset-tls
3321
# hosts:
3322
# - argocd-applicationset.example.com
3323
## Gateway API HTTPRoute for the Git Generator webhook
3324
## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
3325
# NOTE: Gateway API support is in EXPERIMENTAL status
3326
# Support depends on your Gateway controller implementation
3327
# Some controllers may require additional configuration (e.g., BackendTLSPolicy for HTTPS backends)
3328
# Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details
3329
httproute:
3330
# -- Enable HTTPRoute resource for Argo CD Applicationset Webhook (Gateway API)
3331
enabled: false
3332
# -- Additional HTTPRoute labels
3333
labels: {}
3334
# -- Additional HTTPRoute annotations
3335
annotations: {}
3336
# -- Gateway API parentRefs for the HTTPRoute
3337
## Must reference an existing Gateway
3338
# @default -- `[]` (See [values.yaml])
3339
parentRefs: []
3340
# - name: example-gateway
3341
# namespace: example-gateway-namespace
3342
# sectionName: https
3343
# -- List of hostnames for the HTTPRoute
3344
# @default -- `[]` (See [values.yaml])
3345
hostnames: []
3346
# - argocd.example.com
3347
# -- HTTPRoute rules configuration
3348
# @default -- `[]` (See [values.yaml])
3349
rules:
3350
- matches:
3351
- path:
3352
type: PathPrefix
3353
value: /api/webhook
3354
# filters: []
3355
# - type: RequestHeaderModifier
3356
# requestHeaderModifier:
3357
# add:
3358
# - name: X-Custom-Header
3359
# value: custom-value
3360
# -- Enable ApplicationSet in any namespace feature
3361
allowAnyNamespace: false
3362
# Default ApplicationSet controller's network policy
3363
networkPolicy:
3364
# -- Default network policy rules used by ApplicationSet controller
3365
# @default -- `false` (defaults to global.networkPolicy.create)
3366
create: false
3367
## Notifications controller
3368
notifications:
3369
# -- Enable notifications controller
3370
enabled: true
3371
# -- Notifications controller name string
3372
name: notifications-controller
3373
# -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates
3374
# @default -- `""` (defaults to https://`global.domain`)
3375
argocdUrl: ""
3376
# -- Runtime class name for the notifications controller
3377
# @default -- `""` (defaults to global.runtimeClassName)
3378
runtimeClassName: ""
3379
## Notifications controller Pod Disruption Budget
3380
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
3381
pdb:
3382
# -- Deploy a [PodDisruptionBudget] for the notifications controller
3383
enabled: false
3384
# -- Labels to be added to notifications controller pdb
3385
labels: {}
3386
# -- Annotations to be added to notifications controller pdb
3387
annotations: {}
3388
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
3389
# @default -- `""` (defaults to 0 if not specified)
3390
minAvailable: ""
3391
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
3392
## Has higher precedence over `notifications.pdb.minAvailable`
3393
maxUnavailable: ""
3394
## Notifications controller Vertical Pod Autoscaler
3395
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
3396
vpa:
3397
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the notifications controller
3398
enabled: false
3399
# -- Labels to be added to notifications controller vpa
3400
labels: {}
3401
# -- Annotations to be added to notifications controller vpa
3402
annotations: {}
3403
# -- One of the VPA operation modes
3404
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
3405
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
3406
updateMode: Initial
3407
# -- Controls how VPA computes the recommended resources for notifications controller container
3408
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
3409
containerPolicy: {}
3410
# controlledResources: ["cpu", "memory"]
3411
# minAllowed:
3412
# cpu: 250m
3413
# memory: 256Mi
3414
# maxAllowed:
3415
# cpu: 1
3416
# memory: 1Gi
3417
## Notifications controller image
3418
image:
3419
# -- Repository to use for the notifications controller
3420
# @default -- `""` (defaults to global.image.repository)
3421
repository: ""
3422
# -- Tag to use for the notifications controller
3423
# @default -- `""` (defaults to global.image.tag)
3424
tag: ""
3425
# -- Image pull policy for the notifications controller
3426
# @default -- `""` (defaults to global.image.imagePullPolicy)
3427
imagePullPolicy: ""
3428
# -- Secrets with credentials to pull images from a private registry
3429
# @default -- `[]` (defaults to global.imagePullSecrets)
3430
imagePullSecrets: []
3431
# DEPRECATED - Use configs.params to override
3432
# -- Notifications controller log format. Either `text` or `json`
3433
# @default -- `""` (defaults to global.logging.format)
3434
# logFormat: ""
3435
# -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error`
3436
# @default -- `""` (defaults to global.logging.level)
3437
# logLevel: ""
3438
3439
# -- Extra arguments to provide to the notifications controller
3440
extraArgs: []
3441
# -- Additional container environment variables
3442
extraEnv: []
3443
# -- envFrom to pass to the notifications controller
3444
# @default -- `[]` (See [values.yaml])
3445
extraEnvFrom: []
3446
# - configMapRef:
3447
# name: config-map-name
3448
# - secretRef:
3449
# name: secret-name
3450
3451
# -- Additional containers to be added to the notifications controller pod
3452
## Note: Supports use of custom Helm templates
3453
extraContainers: []
3454
# -- Init containers to add to the notifications controller pod
3455
## Note: Supports use of custom Helm templates
3456
initContainers: []
3457
# -- List of extra mounts to add (normally used with extraVolumes)
3458
extraVolumeMounts: []
3459
# -- List of extra volumes to add
3460
extraVolumes: []
3461
# -- Define user-defined context
3462
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context
3463
context: {}
3464
# region: east
3465
# environmentName: staging
3466
3467
secret:
3468
# -- Whether helm chart creates notifications controller secret
3469
## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name.
3470
create: true
3471
# -- notifications controller Secret name
3472
name: "argocd-notifications-secret"
3473
# -- key:value pairs of annotations to be added to the secret
3474
annotations: {}
3475
# -- key:value pairs of labels to be added to the secret
3476
labels: {}
3477
# -- Generic key:value pairs to be inserted into the secret
3478
## Can be used for templates, notification services etc. Some examples given below.
3479
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
3480
items: {}
3481
# slack-token:
3482
# # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/
3483
# grafana-apiKey:
3484
# # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/
3485
3486
# webhooks-github-token:
3487
3488
# email-username:
3489
# email-password:
3490
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/
3491
3492
metrics:
3493
# -- Enables prometheus metrics server
3494
enabled: false
3495
# -- Metrics port
3496
port: 9001
3497
service:
3498
# -- Metrics service type
3499
type: ClusterIP
3500
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
3501
clusterIP: ""
3502
# -- Metrics service annotations
3503
annotations: {}
3504
# -- Metrics service labels
3505
labels: {}
3506
# -- Metrics service port name
3507
portName: http-metrics
3508
serviceMonitor:
3509
# -- Enable a prometheus ServiceMonitor
3510
enabled: false
3511
# -- Prometheus ServiceMonitor selector
3512
selector: {}
3513
# prometheus: kube-prometheus
3514
# -- Prometheus ServiceMonitor labels
3515
additionalLabels: {}
3516
# -- Prometheus ServiceMonitor annotations
3517
annotations: {}
3518
# namespace: monitoring
3519
# interval: 30s
3520
# scrapeTimeout: 10s
3521
# -- Prometheus ServiceMonitor scheme
3522
scheme: ""
3523
# -- Prometheus ServiceMonitor tlsConfig
3524
tlsConfig: {}
3525
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
3526
honorLabels: false
3527
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
3528
relabelings: []
3529
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
3530
metricRelabelings: []
3531
# -- Configures notification services such as slack, email or custom webhook
3532
# @default -- See [values.yaml]
3533
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
3534
notifiers: {}
3535
# service.slack: |
3536
# token: $slack-token
3537
3538
# -- Annotations to be applied to the notifications controller Deployment
3539
deploymentAnnotations: {}
3540
# -- Labels for the notifications controller Deployment
3541
deploymentLabels: {}
3542
# -- Annotations to be applied to the notifications controller Pods
3543
podAnnotations: {}
3544
# -- Labels to be applied to the notifications controller Pods
3545
podLabels: {}
3546
# -- Resource limits and requests for the notifications controller
3547
resources: {}
3548
# limits:
3549
# cpu: 100m
3550
# memory: 128Mi
3551
# requests:
3552
# cpu: 100m
3553
# memory: 128Mi
3554
3555
# Notification controller container ports
3556
containerPorts:
3557
# -- Metrics container port
3558
metrics: 9001
3559
# -- [DNS configuration]
3560
dnsConfig: {}
3561
# -- Alternative DNS policy for notifications controller Pods
3562
dnsPolicy: "ClusterFirst"
3563
# -- Notification controller container-level security Context
3564
# @default -- See [values.yaml]
3565
containerSecurityContext:
3566
runAsNonRoot: true
3567
readOnlyRootFilesystem: true
3568
allowPrivilegeEscalation: false
3569
seccompProfile:
3570
type: RuntimeDefault
3571
capabilities:
3572
drop:
3573
- ALL
3574
## Probes for notifications controller Pods (optional)
3575
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
3576
readinessProbe:
3577
# -- Enable Kubernetes liveness probe for notifications controller Pods
3578
enabled: false
3579
# -- Number of seconds after the container has started before [probe] is initiated
3580
initialDelaySeconds: 10
3581
# -- How often (in seconds) to perform the [probe]
3582
periodSeconds: 10
3583
# -- Number of seconds after which the [probe] times out
3584
timeoutSeconds: 1
3585
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3586
successThreshold: 1
3587
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3588
failureThreshold: 3
3589
livenessProbe:
3590
# -- Enable Kubernetes liveness probe for notifications controller Pods
3591
enabled: false
3592
# -- Number of seconds after the container has started before [probe] is initiated
3593
initialDelaySeconds: 10
3594
# -- How often (in seconds) to perform the [probe]
3595
periodSeconds: 10
3596
# -- Number of seconds after which the [probe] times out
3597
timeoutSeconds: 1
3598
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3599
successThreshold: 1
3600
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3601
failureThreshold: 3
3602
# -- terminationGracePeriodSeconds for container lifecycle hook
3603
terminationGracePeriodSeconds: 30
3604
# -- [Node selector]
3605
# @default -- `{}` (defaults to global.nodeSelector)
3606
nodeSelector: {}
3607
# -- [Tolerations] for use with node taints
3608
# @default -- `[]` (defaults to global.tolerations)
3609
tolerations: []
3610
# -- Assign custom [affinity] rules
3611
# @default -- `{}` (defaults to global.affinity preset)
3612
affinity: {}
3613
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
3614
# @default -- `[]` (defaults to global.topologySpreadConstraints)
3615
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
3616
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
3617
topologySpreadConstraints: []
3618
# - maxSkew: 1
3619
# topologyKey: topology.kubernetes.io/zone
3620
# whenUnsatisfiable: DoNotSchedule
3621
3622
# -- Deployment strategy to be added to the notifications controller Deployment
3623
deploymentStrategy:
3624
type: Recreate
3625
# -- Priority class for the notifications controller pods
3626
# @default -- `""` (defaults to global.priorityClassName)
3627
priorityClassName: ""
3628
# -- Automount API credentials for the Service Account into the pod.
3629
automountServiceAccountToken: true
3630
serviceAccount:
3631
# -- Create notifications controller service account
3632
create: true
3633
# -- Notification controller service account name
3634
name: argocd-notifications-controller
3635
# -- Annotations applied to created service account
3636
annotations: {}
3637
# -- Labels applied to created service account
3638
labels: {}
3639
# -- Automount API credentials for the Service Account
3640
automountServiceAccountToken: true
3641
cm:
3642
# -- Whether helm chart creates notifications controller config map
3643
create: true
3644
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
3645
## Defaults to off
3646
clusterRoleRules:
3647
# -- List of custom rules for the notifications controller's ClusterRole resource
3648
rules: []
3649
# -- Contains centrally managed global application subscriptions
3650
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/
3651
subscriptions: []
3652
# # subscription for on-sync-status-unknown trigger notifications
3653
# - recipients:
3654
# - slack:test2
3655
# - email:test@gmail.com
3656
# triggers:
3657
# - on-sync-status-unknown
3658
# # subscription restricted to applications with matching labels only
3659
# - recipients:
3660
# - slack:test3
3661
# selector: test=true
3662
# triggers:
3663
# - on-sync-status-unknown
3664
3665
# -- The notification template is used to generate the notification content
3666
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/
3667
templates: {}
3668
# template.app-deployed: |
3669
# email:
3670
# subject: New version of an application {{.app.metadata.name}} is up and running.
3671
# message: |
3672
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests.
3673
# slack:
3674
# attachments: |
3675
# [{
3676
# "title": "{{ .app.metadata.name}}",
3677
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3678
# "color": "#18be52",
3679
# "fields": [
3680
# {
3681
# "title": "Sync Status",
3682
# "value": "{{.app.status.sync.status}}",
3683
# "short": true
3684
# },
3685
# {
3686
# "title": "Repository",
3687
# "value": "{{.app.spec.source.repoURL}}",
3688
# "short": true
3689
# },
3690
# {
3691
# "title": "Revision",
3692
# "value": "{{.app.status.sync.revision}}",
3693
# "short": true
3694
# }
3695
# {{range $index, $c := .app.status.conditions}}
3696
# {{if not $index}},{{end}}
3697
# {{if $index}},{{end}}
3698
# {
3699
# "title": "{{$c.type}}",
3700
# "value": "{{$c.message}}",
3701
# "short": true
3702
# }
3703
# {{end}}
3704
# ]
3705
# }]
3706
# template.app-health-degraded: |
3707
# email:
3708
# subject: Application {{.app.metadata.name}} has degraded.
3709
# message: |
3710
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded.
3711
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
3712
# slack:
3713
# attachments: |-
3714
# [{
3715
# "title": "{{ .app.metadata.name}}",
3716
# "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3717
# "color": "#f4c030",
3718
# "fields": [
3719
# {
3720
# "title": "Sync Status",
3721
# "value": "{{.app.status.sync.status}}",
3722
# "short": true
3723
# },
3724
# {
3725
# "title": "Repository",
3726
# "value": "{{.app.spec.source.repoURL}}",
3727
# "short": true
3728
# }
3729
# {{range $index, $c := .app.status.conditions}}
3730
# {{if not $index}},{{end}}
3731
# {{if $index}},{{end}}
3732
# {
3733
# "title": "{{$c.type}}",
3734
# "value": "{{$c.message}}",
3735
# "short": true
3736
# }
3737
# {{end}}
3738
# ]
3739
# }]
3740
# template.app-sync-failed: |
3741
# email:
3742
# subject: Failed to sync application {{.app.metadata.name}}.
3743
# message: |
3744
# {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}
3745
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
3746
# slack:
3747
# attachments: |-
3748
# [{
3749
# "title": "{{ .app.metadata.name}}",
3750
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3751
# "color": "#E96D76",
3752
# "fields": [
3753
# {
3754
# "title": "Sync Status",
3755
# "value": "{{.app.status.sync.status}}",
3756
# "short": true
3757
# },
3758
# {
3759
# "title": "Repository",
3760
# "value": "{{.app.spec.source.repoURL}}",
3761
# "short": true
3762
# }
3763
# {{range $index, $c := .app.status.conditions}}
3764
# {{if not $index}},{{end}}
3765
# {{if $index}},{{end}}
3766
# {
3767
# "title": "{{$c.type}}",
3768
# "value": "{{$c.message}}",
3769
# "short": true
3770
# }
3771
# {{end}}
3772
# ]
3773
# }]
3774
# template.app-sync-running: |
3775
# email:
3776
# subject: Start syncing application {{.app.metadata.name}}.
3777
# message: |
3778
# The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}.
3779
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
3780
# slack:
3781
# attachments: |-
3782
# [{
3783
# "title": "{{ .app.metadata.name}}",
3784
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3785
# "color": "#0DADEA",
3786
# "fields": [
3787
# {
3788
# "title": "Sync Status",
3789
# "value": "{{.app.status.sync.status}}",
3790
# "short": true
3791
# },
3792
# {
3793
# "title": "Repository",
3794
# "value": "{{.app.spec.source.repoURL}}",
3795
# "short": true
3796
# }
3797
# {{range $index, $c := .app.status.conditions}}
3798
# {{if not $index}},{{end}}
3799
# {{if $index}},{{end}}
3800
# {
3801
# "title": "{{$c.type}}",
3802
# "value": "{{$c.message}}",
3803
# "short": true
3804
# }
3805
# {{end}}
3806
# ]
3807
# }]
3808
# template.app-sync-status-unknown: |
3809
# email:
3810
# subject: Application {{.app.metadata.name}} sync status is 'Unknown'
3811
# message: |
3812
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'.
3813
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
3814
# {{if ne .serviceType "slack"}}
3815
# {{range $c := .app.status.conditions}}
3816
# * {{$c.message}}
3817
# {{end}}
3818
# {{end}}
3819
# slack:
3820
# attachments: |-
3821
# [{
3822
# "title": "{{ .app.metadata.name}}",
3823
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3824
# "color": "#E96D76",
3825
# "fields": [
3826
# {
3827
# "title": "Sync Status",
3828
# "value": "{{.app.status.sync.status}}",
3829
# "short": true
3830
# },
3831
# {
3832
# "title": "Repository",
3833
# "value": "{{.app.spec.source.repoURL}}",
3834
# "short": true
3835
# }
3836
# {{range $index, $c := .app.status.conditions}}
3837
# {{if not $index}},{{end}}
3838
# {{if $index}},{{end}}
3839
# {
3840
# "title": "{{$c.type}}",
3841
# "value": "{{$c.message}}",
3842
# "short": true
3843
# }
3844
# {{end}}
3845
# ]
3846
# }]
3847
# template.app-sync-succeeded: |
3848
# email:
3849
# subject: Application {{.app.metadata.name}} has been successfully synced.
3850
# message: |
3851
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
3852
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
3853
# slack:
3854
# attachments: |-
3855
# [{
3856
# "title": "{{ .app.metadata.name}}",
3857
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3858
# "color": "#18be52",
3859
# "fields": [
3860
# {
3861
# "title": "Sync Status",
3862
# "value": "{{.app.status.sync.status}}",
3863
# "short": true
3864
# },
3865
# {
3866
# "title": "Repository",
3867
# "value": "{{.app.spec.source.repoURL}}",
3868
# "short": true
3869
# }
3870
# {{range $index, $c := .app.status.conditions}}
3871
# {{if not $index}},{{end}}
3872
# {{if $index}},{{end}}
3873
# {
3874
# "title": "{{$c.type}}",
3875
# "value": "{{$c.message}}",
3876
# "short": true
3877
# }
3878
# {{end}}
3879
# ]
3880
# }]
3881
3882
# -- The trigger defines the condition when the notification should be sent
3883
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/
3884
triggers: {}
3885
# trigger.on-deployed: |
3886
# - description: Application is synced and healthy. Triggered once per commit.
3887
# oncePer: app.status.sync.revision
3888
# send:
3889
# - app-deployed
3890
# when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
3891
# trigger.on-health-degraded: |
3892
# - description: Application has degraded
3893
# send:
3894
# - app-health-degraded
3895
# when: app.status.health.status == 'Degraded'
3896
# trigger.on-sync-failed: |
3897
# - description: Application syncing has failed
3898
# send:
3899
# - app-sync-failed
3900
# when: app.status.operationState.phase in ['Error', 'Failed']
3901
# trigger.on-sync-running: |
3902
# - description: Application is being synced
3903
# send:
3904
# - app-sync-running
3905
# when: app.status.operationState.phase in ['Running']
3906
# trigger.on-sync-status-unknown: |
3907
# - description: Application status is 'Unknown'
3908
# send:
3909
# - app-sync-status-unknown
3910
# when: app.status.sync.status == 'Unknown'
3911
# trigger.on-sync-succeeded: |
3912
# - description: Application syncing has succeeded
3913
# send:
3914
# - app-sync-succeeded
3915
# when: app.status.operationState.phase in ['Succeeded']
3916
#
3917
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers
3918
# defaultTriggers: |
3919
# - on-sync-status-unknown
3920
3921
# Default notifications controller's network policy
3922
networkPolicy:
3923
# -- Default network policy rules used by notifications controller
3924
# @default -- `false` (defaults to global.networkPolicy.create)
3925
create: false
3926
commitServer:
3927
# -- Enable commit server
3928
enabled: false
3929
# -- Commit server name
3930
name: commit-server
3931
# -- Runtime class name for the commit server
3932
# @default -- `""` (defaults to global.runtimeClassName)
3933
runtimeClassName: ""
3934
## commit server controller image
3935
image:
3936
# -- Repository to use for the commit server
3937
# @default -- `""` (defaults to global.image.repository)
3938
repository: ""
3939
# -- Tag to use for the commit server
3940
# @default -- `""` (defaults to global.image.tag)
3941
tag: ""
3942
# -- Image pull policy for the commit server
3943
# @default -- `""` (defaults to global.image.imagePullPolicy)
3944
imagePullPolicy: ""
3945
# -- commit server command line flags
3946
extraArgs: []
3947
# -- Environment variables to pass to the commit server
3948
extraEnv: []
3949
# - name: "MY_VAR"
3950
# value: "value"
3951
3952
# -- envFrom to pass to the commit server
3953
# @default -- `[]` (See [values.yaml])
3954
extraEnvFrom: []
3955
# - configMapRef:
3956
# name: config-map-name
3957
# - secretRef:
3958
# name: secret-name
3959
3960
# -- List of extra mounts to add (normally used with extraVolumes)
3961
extraVolumeMounts: []
3962
# -- List of extra volumes to add
3963
extraVolumes: []
3964
metrics:
3965
# -- Enables prometheus metrics server
3966
enabled: false
3967
service:
3968
# -- Metrics service type
3969
type: ClusterIP
3970
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
3971
clusterIP: ""
3972
# -- Metrics service annotations
3973
annotations: {}
3974
# -- Metrics service labels
3975
labels: {}
3976
# -- Metrics service port
3977
servicePort: 8087
3978
# -- Metrics service port name
3979
portName: metrics
3980
## commit server service configuration
3981
service:
3982
# -- commit server service annotations
3983
annotations: {}
3984
# -- commit server service labels
3985
labels: {}
3986
# -- commit server service port
3987
port: 8086
3988
# -- commit server service port name
3989
portName: server
3990
# -- Automount API credentials for the Service Account into the pod.
3991
automountServiceAccountToken: false
3992
serviceAccount:
3993
# -- Create commit server service account
3994
create: true
3995
# -- commit server service account name
3996
name: argocd-commit-server
3997
# -- Annotations applied to created service account
3998
annotations: {}
3999
# -- Labels applied to created service account
4000
labels: {}
4001
# -- Automount API credentials for the Service Account
4002
automountServiceAccountToken: true
4003
# -- Annotations to be added to commit server Deployment
4004
deploymentAnnotations: {}
4005
# -- Labels for the commit server Deployment
4006
deploymentLabels: {}
4007
# -- Annotations for the commit server pods
4008
podAnnotations: {}
4009
# -- Labels for the commit server pods
4010
podLabels: {}
4011
# -- Resource limits and requests for the commit server pods.
4012
resources: {}
4013
# limits:
4014
# cpu: 100m
4015
# memory: 128Mi
4016
# requests:
4017
# cpu: 100m
4018
# memory: 128Mi
4019
4020
# -- [DNS configuration]
4021
dnsConfig: {}
4022
# -- Alternative DNS policy for commit server pods
4023
dnsPolicy: "ClusterFirst"
4024
# -- commit server container-level security context
4025
# @default -- See [values.yaml]
4026
containerSecurityContext:
4027
runAsNonRoot: true
4028
readOnlyRootFilesystem: true
4029
allowPrivilegeEscalation: false
4030
capabilities:
4031
drop:
4032
- ALL
4033
seccompProfile:
4034
type: RuntimeDefault
4035
## Probes for commit server (optional)
4036
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
4037
readinessProbe:
4038
# -- Enable Kubernetes liveness probe for commit server
4039
enabled: true
4040
# -- Number of seconds after the container has started before [probe] is initiated
4041
initialDelaySeconds: 5
4042
# -- How often (in seconds) to perform the [probe]
4043
periodSeconds: 10
4044
# -- Number of seconds after which the [probe] times out
4045
timeoutSeconds: 1
4046
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
4047
failureThreshold: 3
4048
livenessProbe:
4049
# -- Enable Kubernetes liveness probe for commit server
4050
enabled: true
4051
# -- Number of seconds after the container has started before [probe] is initiated
4052
initialDelaySeconds: 30
4053
# -- How often (in seconds) to perform the [probe]
4054
periodSeconds: 30
4055
# -- Number of seconds after which the [probe] times out
4056
timeoutSeconds: 5
4057
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
4058
failureThreshold: 3
4059
# -- terminationGracePeriodSeconds for container lifecycle hook
4060
terminationGracePeriodSeconds: 30
4061
# -- [Node selector]
4062
# @default -- `{}` (defaults to global.nodeSelector)
4063
nodeSelector: {}
4064
# -- [Tolerations] for use with node taints
4065
# @default -- `[]` (defaults to global.tolerations)
4066
tolerations: []
4067
# -- Assign custom [affinity] rules
4068
# @default -- `{}` (defaults to global.affinity preset)
4069
affinity: {}
4070
# -- Assign custom [TopologySpreadConstraints] rules to the commit server
4071
# @default -- `[]` (defaults to global.topologySpreadConstraints)
4072
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
4073
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
4074
topologySpreadConstraints: []
4075
# - maxSkew: 1
4076
# topologyKey: topology.kubernetes.io/zone
4077
# whenUnsatisfiable: DoNotSchedule
4078
4079
# -- Deployment strategy to be added to the commit server Deployment
4080
deploymentStrategy: {}
4081
# type: RollingUpdate
4082
# rollingUpdate:
4083
# maxSurge: 25%
4084
# maxUnavailable: 25%
4085
4086
# -- Priority class for the commit server pods
4087
# @default -- `""` (defaults to global.priorityClassName)
4088
priorityClassName: ""
4089
# Default commit server's network policy
4090
networkPolicy:
4091
# -- Default network policy rules used by commit server
4092
# @default -- `false` (defaults to global.networkPolicy.create)
4093
create: false
4094
## Commit server Vertical Pod Autoscaler
4095
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
4096
vpa:
4097
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the commit server
4098
enabled: false
4099
# -- Labels to be added to commit server vpa
4100
labels: {}
4101
# -- Annotations to be added to commit server vpa
4102
annotations: {}
4103
# -- One of the VPA operation modes
4104
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
4105
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
4106
updateMode: Initial
4107
# -- Controls how VPA computes the recommended resources for commit server container
4108
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
4109
containerPolicy: {}
4110
# controlledResources: ["cpu", "memory"]
4111
# minAllowed:
4112
# cpu: 250m
4113
# memory: 256Mi
4114
# maxAllowed:
4115
# cpu: 1
4116
# memory: 1Gi
4117
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.