duynguyen/k8s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b7f2bc68a9ee5597390679187a7d23fb23a74740
k8s-cluster/manifest/argocd-9.1.0/values.yaml
duynguyen dac76b9713 feat: enable metrics service for ArgoCD components 
Updated values.yaml to enable metrics service for the controller, server, repoServer, and applicationSet components, allowing for improved monitoring and observability through Prometheus ServiceMonitor.
2026-05-03 14:03:16 +07:00

4314 lines
156 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
## Argo CD configuration
## Ref: https://github.com/argoproj/argo-cd
##
# -- Provide a name in place of `argocd`
nameOverride: argocd
# -- String to fully override `"argo-cd.fullname"`
fullnameOverride: ""
# -- Override the namespace
# @default -- `.Release.Namespace`
namespaceOverride: ""
# -- Override the Kubernetes version, which is used to evaluate certain manifests
kubeVersionOverride: ""
# Override APIVersions
# If you want to template helm charts but cannot access k8s API server
# you can set api versions here
apiVersionOverrides: {}
# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
createAggregateRoles: false
# -- Create cluster roles for cluster-wide installation.
## Used when you manage applications in the same cluster where Argo CD runs
createClusterRoles: true
openshift:
# -- enables using arbitrary uid for argo repo server
enabled: false
## Custom resource configuration
crds:
# -- Install and upgrade CRDs
install: true
# -- Keep CRDs on chart uninstall
keep: true
# -- Annotations to be added to all CRDs
annotations:
argocd.argoproj.io/sync-options: ServerSideApply=true
# -- Additional labels to be added to all CRDs
additionalLabels: {}
## Globally shared configuration
global:
# -- Default domain used by all components
## Used for ingresses, certificates, SSO, notifications, etc.
domain: argocd.fireflylab.local
# -- Runtime class name for all components
runtimeClassName: ""
# -- Common labels for the all resources
additionalLabels: {}
# app: argo-cd
# -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected.
revisionHistoryLimit: 3
# Default image used by all components
image:
# -- If defined, a repository applied to all Argo CD deployments
repository: quay.io/argoproj/argocd
# -- Overrides the global Argo CD image tag whose default is the chart appVersion
tag: ""
# -- If defined, a imagePullPolicy applied to all Argo CD deployments
imagePullPolicy: IfNotPresent
# -- Secrets with credentials to pull images from a private registry
imagePullSecrets: []
# Default logging options used by all components
logging:
# -- Set the global logging format. Either: `text` or `json`
format: text
# -- Set the global logging level. One of: `debug`, `info`, `warn` or `error`
level: info
# -- Annotations for the all deployed Statefulsets
statefulsetAnnotations: {}
# -- Labels for the all deployed Statefulsets
statefulsetLabels: {}
# -- Annotations for the all deployed Deployments
deploymentAnnotations: {}
# -- Labels for the all deployed Deployments
deploymentLabels: {}
# -- Annotations for the all deployed pods
podAnnotations: {}
# -- Labels for the all deployed pods
podLabels: {}
# -- Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors.
addPrometheusAnnotations: false
# -- Toggle and define pod-level security context.
# @default -- `{}` (See [values.yaml])
securityContext: {}
# runAsUser: 999
# runAsGroup: 999
# fsGroup: 999
# -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files
hostAliases: []
# - ip: 10.20.30.40
# hostnames:
# - git.myhostname
# Configure dual-stack used by all component services
dualStack:
# -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services)
ipFamilyPolicy: ""
# -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6.
ipFamilies: []
# Default network policy rules used by all components
networkPolicy:
# -- Create NetworkPolicy objects for all components
create: false
# -- Default deny all ingress traffic
defaultDenyIngress: false
# -- Default priority class for all components
priorityClassName: ""
# -- Default node selector for all components
nodeSelector:
kubernetes.io/os: linux
# -- Default tolerations for all components
tolerations: []
# Default affinity preset for all components
affinity:
# -- Default pod anti-affinity rules. Either: `none`, `soft` or `hard`
podAntiAffinity: soft
# Node affinity rules
nodeAffinity:
# -- Default node affinity rules. Either: `none`, `soft` or `hard`
type: hard
# -- Default match expressions for node affinity
matchExpressions: []
# - key: topology.kubernetes.io/zone
# operator: In
# values:
# - antarctica-east1
# - antarctica-west1
# -- Default [TopologySpreadConstraints] rules for all components
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector of the component
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- Deployment strategy for the all deployed Deployments
deploymentStrategy: {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
# -- Environment variables to pass to all deployed Deployments
env: []
# -- Extra volumes to add to all deployed Deployments and StatefulSets
extraVolumes: []
# Example of adding a custom CA bundle from a ConfigMap:
# - name: my-root-ca
# configMap:
# name: my-trustbundle
# items:
# - key: bundle.pem
# path: ca-certificates.crt
# -- Extra volume mounts to add to all deployed Deployments and StatefulSets
extraVolumeMounts: []
# Example of adding a custom CA bundle mount:
# - name: my-root-ca
# mountPath: /etc/ssl/certs
# -- Annotations for the all deployed Certificates
certificateAnnotations: {}
## Argo Configs
configs:
# General Argo CD configuration. Any values you put under `.configs.cm` are passed to argocd-cm ConfigMap.
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
cm:
# -- Create the argocd-cm configmap for [declarative setup]
create: true
# -- Annotations to be added to argocd-cm configmap
annotations: {}
# -- The name of tracking label used by Argo CD for resource pruning
application.instanceLabelKey: argocd.argoproj.io/instance
# -- Enable control of the service account used for the sync operation (alpha)
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/
application.sync.impersonation.enabled: false
# -- Enable exec feature in Argo UI
## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#exec-resource
exec.enabled: false
# -- Enable local admin user
## Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user
admin.enabled: true
# -- Timeout to discover if a new manifests version got published to the repository
timeout.reconciliation: 120s
# -- Maximum jitter added to the reconciliation timeout to spread out refreshes and reduce repo-server load
timeout.reconciliation.jitter: 60s
# -- Timeout to refresh application data as well as target manifests cache
timeout.hard.reconciliation: 0s
# -- Enable Status Badge
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/
statusbadge.enabled: false
# Dex configuration
# dex.config: |
# connectors:
# # GitHub example
# - type: github
# id: github
# name: GitHub
# config:
# clientID: aabbccddeeff00112233
# clientSecret: $dex.github.clientSecret # Alternatively $<some_K8S_secret>:dex.github.clientSecret
# orgs:
# - name: your-github-org
# OIDC configuration as an alternative to dex (optional).
# oidc.config: |
# name: AzureAD
# issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
# clientID: aaaabbbbccccddddeee
# clientSecret: $oidc.azuread.clientSecret
# # Optional: set to true to use Azure Workload Identity instead of clientSecret
# azure:
# useWorkloadIdentity: false
# Some OIDC providers require a separate clientID for different callback URLs.
# For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID
# for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will
# use the same clientID as the Argo CD server
# cliClientID: vvvvwwwwxxxxyyyyzzzz
# rootCA: |
# -----BEGIN CERTIFICATE-----
# ... encoded certificate data here ...
# -----END CERTIFICATE-----
# Optional list of allowed aud claims. If omitted or empty, defaults to the clientID value above (and the
# cliClientID, if that is also specified). If you specify a list and want the clientID to be allowed, you must
# explicitly include it in the list.
# Token verification will pass if any of the token's audiences matches any of the audiences in this list.
# allowedAudiences:
# - aaaabbbbccccddddeee
# - qqqqwwwweeeerrrrttt
# Optional set of OIDC claims to request on the ID token.
# requestedIDTokenClaims:
# groups:
# essential: true
# Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
# requestedScopes:
# - openid
# - profile
# - email
# PKCE authentication flow processes authorization flow from browser only - default false
# uses the clientID
# make sure the Identity Provider (IdP) is public and doesn't need clientSecret
# make sure the Identity Provider (IdP) has this redirect URI registered: https://argocd.example.com/pkce/verify
# enablePKCEAuthentication: true
# Extension Configuration
## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/
# extension.config: |
# extensions:
# - name: httpbin
# backend:
# connectionTimeout: 2s
# keepAlive: 15s
# idleConnectionTimeout: 60s
# maxIdleConnections: 30
# services:
# - url: http://httpbin.org
# headers:
# - name: some-header
# value: '$some.argocd.secret.key'
# cluster:
# name: some-cluster
# server: https://some-cluster
## Default configuration for ignoreResourceUpdates.
## The ignoreResourceUpdates list contains K8s resource's properties that are known to be frequently updated
## by controllers and operators. These resources, when watched by argo, will cause many unnecessary updates.
# -- Ignoring status for all resources. An update will still be sent if the status update causes the health to change.
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.all: |
jsonPointers:
- /status
# -- Some Application fields are generated and not related to the application updates itself
## The Application itself is already watched by the controller lister, but this configuration is applied for apps of apps
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.argoproj.io_Application: |
jqPathExpressions:
- '.metadata.annotations."notified.notifications.argoproj.io"'
- '.metadata.annotations."argocd.argoproj.io/refresh"'
- '.metadata.annotations."argocd.argoproj.io/hydrate"'
- '.operation'
# -- Ignore Argo Rollouts generated fields
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: |
jqPathExpressions:
- '.metadata.annotations."notified.notifications.argoproj.io"'
# -- Legacy annotations used on HPA autoscaling/v1
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: |
jqPathExpressions:
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"'
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"'
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"'
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"'
# -- Ignore the cluster-autoscaler status
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.ConfigMap: |
jqPathExpressions:
# Ignore the cluster-autoscaler status
- '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'
# Ignore the annotation of the legacy Leases election
- '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"'
# -- Ignore the common scaling annotations
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: |
jqPathExpressions:
- '.metadata.annotations."deployment.kubernetes.io/desired-replicas"'
- '.metadata.annotations."deployment.kubernetes.io/max-replicas"'
- '.metadata.annotations."rollout.argoproj.io/desired-replicas"'
# -- Ignores update if EndpointSlice is not excluded globally
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: |
jsonPointers:
- /metadata
- /endpoints
- /ports
# -- Ignores update if Endpoints is not excluded globally
# @default -- See [values.yaml]
resource.customizations.ignoreResourceUpdates.Endpoints: |
jsonPointers:
- /metadata
- /subsets
## Default configuration for exclusions.
## The exclusion list are K8s resources that we assume will never be declared in Git,
## and are never child objects of managed resources that need to be presented in the resource tree.
## This list contains high volume and high churn metadata objects which we exclude for performance
## reasons, reducing connections and load to the K8s API servers of managed clusters.
# -- Resource Exclusion/Inclusion
# @default -- See [values.yaml]
resource.exclusions: |
### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter
- apiGroups:
- ''
- discovery.k8s.io
kinds:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- coordination.k8s.io
kinds:
- Lease
### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events
- apiGroups:
- authentication.k8s.io
- authorization.k8s.io
kinds:
- SelfSubjectReview
- TokenReview
- LocalSubjectAccessReview
- SelfSubjectAccessReview
- SelfSubjectRulesReview
- SubjectAccessReview
### Intermediate Certificate Request excluded reduce the number of watched events
- apiGroups:
- certificates.k8s.io
kinds:
- CertificateSigningRequest
- apiGroups:
- cert-manager.io
kinds:
- CertificateRequest
### Cilium internal resources excluded reduce the number of watched events and UI Clutter
- apiGroups:
- cilium.io
kinds:
- CiliumIdentity
- CiliumEndpoint
- CiliumEndpointSlice
### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance
- apiGroups:
- kyverno.io
- reports.kyverno.io
- wgpolicyk8s.io
kinds:
- PolicyReport
- ClusterPolicyReport
- EphemeralReport
- ClusterEphemeralReport
- AdmissionReport
- ClusterAdmissionReport
- BackgroundScanReport
- ClusterBackgroundScanReport
- UpdateRequest
# Argo CD configuration parameters
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
params:
# -- Create the argocd-cmd-params-cm configmap
# If false, it is expected the configmap will be created by something else.
create: true
server.insecure: true
# -- Annotations to be added to the argocd-cmd-params-cm ConfigMap
annotations: {}
# You can customize parameters by adding parameters here.
# (e.g.)
# otlp.address: ''
# Argo CD RBAC policy configuration
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
rbac:
# -- Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions.
# If false, it is expected the configmap will be created by something else.
# Argo CD will not work if there is no configmap created with the name above.
create: true
# -- Annotations to be added to argocd-rbac-cm configmap
annotations: {}
# -- The name of the default role which Argo CD will falls back to, when authorizing API requests (optional).
# If omitted or empty, users may be still be able to login, but will see no apps, projects, etc...
policy.default: ''
# -- File containing user-defined policies and role definitions.
# @default -- `''` (See [values.yaml])
policy.csv: ''
# Policy rules are in the form:
# p, subject, resource, action, object, effect
# Role definitions and bindings are in the form:
# g, subject, inherited-subject
# policy.csv: |
# p, role:org-admin, applications, *, */*, allow
# p, role:org-admin, clusters, get, *, allow
# p, role:org-admin, repositories, *, *, allow
# p, role:org-admin, logs, get, *, allow
# p, role:org-admin, exec, create, */*, allow
# g, your-github-org:your-team, role:org-admin
# -- OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
# The scope value can be a string, or a list of strings.
scopes: "[groups]"
# -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher.
policy.matchMode: "glob"
# GnuPG public keys for commit verification
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
gpg:
# -- Annotations to be added to argocd-gpg-keys-cm configmap
annotations: {}
# -- [GnuPG] public keys to add to the keyring
# @default -- `{}` (See [values.yaml])
## Note: Public keys should be exported with `gpg --export --armor <KEY>`
keys: {}
# 4AEE18F83AFDEB23: |
# -----BEGIN PGP PUBLIC KEY BLOCK-----
# ...
# -----END PGP PUBLIC KEY BLOCK-----
# SSH known hosts for Git repositories
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys
ssh:
# -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm.
create: true
# -- Annotations to be added to argocd-ssh-known-hosts-cm configmap
annotations: {}
# -- Known hosts to be added to the known host list by default.
# @default -- See [values.yaml]
knownHosts: |
[ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
[ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
# -- Additional known hosts for private repositories
extraHosts: ''
# Repository TLS certificates
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca
tls:
# -- Annotations to be added to argocd-tls-certs-cm configmap
annotations: {}
# -- TLS certificates for Git repositories
# @default -- `{}` (See [values.yaml])
certificates: {}
# server.example.com: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm.
create: true
# ConfigMap for Config Management Plugins
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/
cmp:
# -- Create the argocd-cmp-cm configmap
create: false
# -- Annotations to be added to argocd-cmp-cm configmap
annotations: {}
# -- Plugin yaml files to be added to argocd-cmp-cm
plugins: {}
# --- First plugin
# my-plugin:
# init:
# command: [sh]
# args: [-c, 'echo "Initializing..."']
# generate:
# command: [sh, -c]
# args:
# - |
# echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
# discover:
# fileName: "./subdir/s*.yaml"
# find:
# glob: "**/Chart.yaml"
# command: [sh, -c, find . -name env.yaml]
# --- Second plugin
# my-plugin2:
# init:
# command: [sh]
# args: [-c, 'echo "Initializing..."']
# generate:
# command: [sh, -c]
# args:
# - |
# echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
# discover:
# fileName: "./subdir/s*.yaml"
# find:
# glob: "**/Chart.yaml"
# command: [sh, -c, find . -name env.yaml]
# -- Provide one or multiple [external cluster credentials]
# @default -- `{}` (See [values.yaml])
## Ref:
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials
## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters
clusterCredentials: {}
# mycluster:
# server: https://mycluster.example.com
# labels: {}
# annotations: {}
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
# mycluster2:
# server: https://mycluster2.example.com
# labels: {}
# annotations: {}
# namespaces: namespace1,namespace2
# clusterResources: true
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
# mycluster3-project-scoped:
# server: https://mycluster3.example.com
# labels: {}
# annotations: {}
# project: my-project1
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
# mycluster4-sharded:
# shard: 1
# server: https://mycluster4.example.com
# labels: {}
# annotations: {}
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
# -- Repository credentials to be used as Templates for other repos
## Creates a secret for each key/value specified below to create repository credentials
credentialTemplates: {}
# github-enterprise-creds-1:
# url: https://github.com/argoproj
# githubAppID: 1
# githubAppInstallationID: 2
# githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3
# githubAppPrivateKey: |
# -----BEGIN OPENSSH PRIVATE KEY-----
# ...
# -----END OPENSSH PRIVATE KEY-----
# https-creds:
# url: https://github.com/argoproj
# password: my-password
# username: my-username
# ssh-creds:
# url: git@github.com:argoproj-labs
# sshPrivateKey: |
# -----BEGIN OPENSSH PRIVATE KEY-----
# ...
# -----END OPENSSH PRIVATE KEY-----
# -- Annotations to be added to `configs.credentialTemplates` Secret
credentialTemplatesAnnotations: {}
# -- Repositories list to be used by applications
## Creates a secret for each key/value specified below to create repositories
## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates".
repositories: {}
# istio-helm-repo:
# url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
# name: istio.io
# type: helm
# private-helm-repo:
# url: https://my-private-chart-repo.internal
# name: private-repo
# type: helm
# password: my-password
# username: my-username
# private-repo:
# url: https://github.com/argoproj/private-repo
# -- Annotations to be added to `configs.repositories` Secret
repositoriesAnnotations: {}
# Argo CD sensitive data
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
secret:
# -- Create the argocd-secret
createSecret: true
# -- Labels to be added to argocd-secret
labels: {}
# -- Annotations to be added to argocd-secret
annotations: {}
# -- Shared secret for authenticating GitHub webhook events
githubSecret: ""
# -- Shared secret for authenticating GitLab webhook events
gitlabSecret: ""
# -- Shared secret for authenticating BitbucketServer webhook events
bitbucketServerSecret: ""
# -- UUID for authenticating Bitbucket webhook events
bitbucketUUID: ""
# -- Shared secret for authenticating Gogs webhook events
gogsSecret: ""
## Azure DevOps
azureDevops:
# -- Shared secret username for authenticating Azure DevOps webhook events
username: ""
# -- Shared secret password for authenticating Azure DevOps webhook events
password: ""
# -- add additional secrets to be added to argocd-secret
## Custom secrets. Useful for injecting SSO secrets into environment variables.
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
## Note that all values must be non-empty.
extra:
{}
# LDAP_PASSWORD: "mypassword"
# -- Bcrypt hashed admin password
## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
argocdServerAdminPassword: "$2a$10$K3XKJw2.Igu99bdIETW6leAG/iZI4XePI3N/g/8vzALSFaN6onGXe"
# -- Admin password modification time. Eg. `"2006-01-02T15:04:05Z"`
# @default -- `""` (defaults to current time)
argocdServerAdminPasswordMtime: ""
# -- Define custom [CSS styles] for your argo instance.
# This setting will automatically mount the provided CSS and reference it in the argo configuration.
# @default -- `""` (See [values.yaml])
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
styles: ""
# styles: |
# .sidebar {
# background: linear-gradient(to bottom, #999, #777, #333, #222, #111);
# }
# -- Array of extra K8s manifests to deploy
## Note: Supports use of custom Helm templates
extraObjects: []
# - apiVersion: secrets-store.csi.x-k8s.io/v1
# kind: SecretProviderClass
# metadata:
# name: argocd-secrets-store
# spec:
# provider: aws
# parameters:
# objects: |
# - objectName: "argocd"
# objectType: "secretsmanager"
# jmesPath:
# - path: "client_id"
# objectAlias: "client_id"
# - path: "client_secret"
# objectAlias: "client_secret"
# secretObjects:
# - data:
# - key: client_id
# objectName: client_id
# - key: client_secret
# objectName: client_secret
# secretName: argocd-secrets-store
# type: Opaque
# labels:
# app.kubernetes.io/part-of: argocd
## Application controller
controller:
# -- Application controller name string
name: application-controller
# -- The number of application controller pods to run.
# Additional replicas will cause sharding of managed clusters across number of replicas.
## With dynamic cluster distribution turned on, sharding of the clusters will gracefully
## rebalance if the number of replica's changes or one becomes unhealthy. (alpha)
replicas: 1
# -- Enable dynamic cluster distribution (alpha)
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution
## This is done using a deployment instead of a statefulSet
## When replicas are added or removed, the sharding algorithm is re-run to ensure that the
## clusters are distributed according to the algorithm. If the algorithm is well-balanced,
## like round-robin, then the shards will be well-balanced.
dynamicClusterDistribution: false
# -- Runtime class name for the application controller
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
# -- Application controller heartbeat time
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution
heartbeatTime: 10
# -- Maximum number of controller revisions that will be maintained in StatefulSet history
revisionHistoryLimit: 5
## Application controller Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
# -- Deploy a [PodDisruptionBudget] for the application controller
enabled: false
# -- Labels to be added to application controller pdb
labels: {}
# -- Annotations to be added to application controller pdb
annotations: {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable: ""
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `controller.pdb.minAvailable`
maxUnavailable: ""
## Application controller Vertical Pod Autoscaler
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
vpa:
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the application controller
enabled: false
# -- Labels to be added to application controller vpa
labels: {}
# -- Annotations to be added to application controller vpa
annotations: {}
# -- One of the VPA operation modes
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
updateMode: Initial
# -- Controls how VPA computes the recommended resources for application controller container
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
containerPolicy: {}
# controlledResources: ["cpu", "memory"]
# minAllowed:
# cpu: 250m
# memory: 256Mi
# maxAllowed:
# cpu: 1
# memory: 1Gi
## Application controller image
image:
# -- Repository to use for the application controller
# @default -- `""` (defaults to global.image.repository)
repository: ""
# -- Tag to use for the application controller
# @default -- `""` (defaults to global.image.tag)
tag: ""
# -- Image pull policy for the application controller
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- Additional command line arguments to pass to application controller
extraArgs: []
# -- Environment variables to pass to application controller
env: []
# -- envFrom to pass to application controller
# @default -- `[]` (See [values.yaml])
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# -- Additional containers to be added to the application controller pod
## Note: Supports use of custom Helm templates
extraContainers: []
# -- Init containers to add to the application controller pod
## If your target Kubernetes cluster(s) require a custom credential (exec) plugin
## you could use this (and the same in the server pod) to provide such executable
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
## Note: Supports use of custom Helm templates
initContainers: []
# - name: download-tools
# image: alpine:3
# command: [sh, -c]
# args:
# - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip &&
# mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip &&
# mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip
# volumeMounts:
# - mountPath: /custom-tools
# name: custom-tools
# -- Additional volumeMounts to the application controller main container
volumeMounts: []
# - mountPath: /usr/local/bin/kubelogin
# name: custom-tools
# subPath: kubelogin
# -- Additional volumes to the application controller pod
volumes: []
# - name: custom-tools
# emptyDir: {}
## Application controller emptyDir volumes
emptyDir:
# -- EmptyDir size limit for application controller
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit: ""
# sizeLimit: "1Gi"
# -- Annotations for the application controller StatefulSet
statefulsetAnnotations: {}
# -- Labels for the application controller StatefulSet
statefulsetLabels: {}
# -- Annotations for the application controller Deployment
deploymentAnnotations: {}
# -- Labels for the application controller Deployment
deploymentLabels: {}
# -- Annotations to be added to application controller pods
podAnnotations: {}
# -- Labels to be added to application controller pods
podLabels: {}
# -- Resource limits and requests for the application controller pods
resources: {}
# limits:
# cpu: 500m
# memory: 512Mi
# requests:
# cpu: 250m
# memory: 256Mi
# Application controller container ports
containerPorts:
# -- Metrics container port
metrics: 8082
# -- Host Network for application controller pods
hostNetwork: false
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for application controller pods
dnsPolicy: "ClusterFirst"
# -- Application controller container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# Readiness probe for application controller
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- Priority class for the application controller pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# -- [Node selector]
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
# @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules to the deployment
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# -- Create a service account for the application controller
create: true
# -- Service account name
name: argocd-application-controller
# -- Annotations applied to created service account
annotations: {}
# -- Labels applied to created service account
labels: {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
## Application controller metrics configuration
metrics:
# -- Deploy metrics service
enabled: true
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
applicationLabels:
# -- Enables additional labels in argocd_app_labels metric
enabled: false
# -- Additional labels
labels: []
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
labels: {}
# -- Metrics service port
servicePort: 8082
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Prometheus ServiceMonitor selector
selector: {}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {}
# -- Prometheus ServiceMonitor namespace
namespace: "" # "monitoring"
# -- Prometheus ServiceMonitor labels
additionalLabels: {}
# -- Prometheus ServiceMonitor annotations
annotations: {}
rules:
# -- Deploy a PrometheusRule for the application controller
enabled: false
# -- PrometheusRule namespace
namespace: "" # "monitoring"
# -- PrometheusRule selector
selector: {}
# prometheus: kube-prometheus
# -- PrometheusRule labels
additionalLabels: {}
# -- PrometheusRule annotations
annotations: {}
# -- PrometheusRule.Spec for the application controller
spec: []
# - alert: ArgoAppMissing
# expr: |
# absent(argocd_app_info) == 1
# for: 15m
# labels:
# severity: critical
# annotations:
# summary: "[Argo CD] No reported applications"
# description: >
# Argo CD has not reported any applications data for the past 15 minutes which
# means that it must be down or not functioning properly. This needs to be
# resolved for this cloud to continue to maintain state.
# - alert: ArgoAppNotSynced
# expr: |
# argocd_app_info{sync_status!="Synced"} == 1
# for: 12h
# labels:
# severity: warning
# annotations:
# summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
# description: >
# The application [{{`{{$labels.name}}`}} has not been synchronized for over
# 12 hours which means that the state of this cloud has drifted away from the
# state inside Git.
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
clusterRoleRules:
# -- Enable custom rules for the application controller's ClusterRole resource
enabled: false
# -- List of custom rules for the application controller's ClusterRole resource
rules: []
## Enable this and set the rules: to whatever custom rules you want for the Role resource.
## Defaults to off
# -- List of custom rules for the application controller's Role resource
roleRules: []
# Default application controller's network policy
networkPolicy:
# -- Default network policy rules used by application controller
# @default -- `false` (defaults to global.networkPolicy.create)
create: false
## Dex
dex:
# -- Enable dex
enabled: true
# -- Dex name
name: dex-server
# -- Additional command line arguments to pass to the Dex server
extraArgs: []
# -- Runtime class name for Dex
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
metrics:
# -- Deploy metrics service
enabled: false
service:
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
labels: {}
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Prometheus ServiceMonitor selector
selector: {}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {}
# -- Prometheus ServiceMonitor namespace
namespace: "" # "monitoring"
# -- Prometheus ServiceMonitor labels
additionalLabels: {}
# -- Prometheus ServiceMonitor annotations
annotations: {}
## Dex Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
# -- Deploy a [PodDisruptionBudget] for the Dex server
enabled: false
# -- Labels to be added to Dex server pdb
labels: {}
# -- Annotations to be added to Dex server pdb
annotations: {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable: ""
# -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `dex.pdb.minAvailable`
maxUnavailable: ""
## Dex image
image:
# -- Dex image repository
repository: ghcr.io/dexidp/dex
# -- Dex image tag
tag: v2.45.1
# -- Dex imagePullPolicy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# Argo CD init image that creates Dex config
initImage:
# -- Argo CD init image repository
# @default -- `""` (defaults to global.image.repository)
repository: ""
# -- Argo CD init image tag
# @default -- `""` (defaults to global.image.tag)
tag: ""
# -- Argo CD init image imagePullPolicy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- Argo CD init image resources
# @default -- `{}` (defaults to dex.resources)
resources: {}
# requests:
# cpu: 5m
# memory: 96Mi
# limits:
# cpu: 10m
# memory: 144Mi
# -- Environment variables to pass to the Dex server
env: []
# -- envFrom to pass to the Dex server
# @default -- `[]` (See [values.yaml])
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# -- Additional containers to be added to the dex pod
## Note: Supports use of custom Helm templates
extraContainers: []
# -- Init containers to add to the dex pod
## Note: Supports use of custom Helm templates
initContainers: []
# -- Additional volumeMounts to the dex main container
volumeMounts: []
# -- Additional volumes to the dex pod
volumes: []
## Dex server emptyDir volumes
emptyDir:
# -- EmptyDir size limit for Dex server
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit: ""
# sizeLimit: "1Gi"
# TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server
## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers.
certificateSecret:
# -- Create argocd-dex-server-tls secret
enabled: false
# -- Labels to be added to argocd-dex-server-tls secret
labels: {}
# -- Annotations to be added to argocd-dex-server-tls secret
annotations: {}
# -- Certificate authority. Required for self-signed certificates.
ca: ''
# -- Certificate private key
key: ''
# -- Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc)
crt: ''
# -- Annotations to be added to the Dex server Deployment
deploymentAnnotations: {}
# -- Labels for the Dex server Deployment
deploymentLabels: {}
# -- Annotations to be added to the Dex server pods
podAnnotations: {}
# -- Labels to be added to the Dex server pods
podLabels: {}
# -- Resource limits and requests for dex
resources: {}
# limits:
# cpu: 50m
# memory: 64Mi
# requests:
# cpu: 10m
# memory: 32Mi
# Dex container ports
# NOTE: These ports are currently hardcoded and cannot be changed
containerPorts:
# -- HTTP container port
http: 5556
# -- gRPC container port
grpc: 5557
# -- Metrics container port
metrics: 5558
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Dex server pods
dnsPolicy: "ClusterFirst"
# -- Dex container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
runAsUser: 1001
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## Probes for Dex server
## Supported from Dex >= 2.28.0
livenessProbe:
# -- Enable Kubernetes liveness probe for Dex >= 2.28.0
enabled: false
# -- Http path to use for the liveness probe
httpPath: /healthz/live
# -- Http port to use for the liveness probe
httpPort: metrics
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
httpScheme: HTTP
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
readinessProbe:
# -- Enable Kubernetes readiness probe for Dex >= 2.28.0
enabled: false
# -- Http path to use for the readiness probe
httpPath: /healthz/ready
# -- Http port to use for the readiness probe
httpPort: metrics
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
httpScheme: HTTP
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# -- Create dex service account
create: true
# -- Dex service account name
name: argocd-dex-server
# -- Annotations applied to created service account
annotations: {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
# -- Service port for HTTP access
servicePortHttp: 5556
# -- Service port name for HTTP access
servicePortHttpName: http
# -- Service port for gRPC access
servicePortGrpc: 5557
# -- Service port name for gRPC access
servicePortGrpcName: grpc
# -- Service port for metrics access
servicePortMetrics: 5558
# -- Priority class for the dex pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# -- [Node selector]
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
# @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules to the deployment
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to dex
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- Deployment strategy to be added to the Dex server Deployment
deploymentStrategy: {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
# Default Dex server's network policy
networkPolicy:
# -- Default network policy rules used by Dex server
# @default -- `false` (defaults to global.networkPolicy.create)
create: false
# DEPRECATED - Use configs.params to override
# -- Dex log format. Either `text` or `json`
# @default -- `""` (defaults to global.logging.format)
# logFormat: ""
# -- Dex log level. One of: `debug`, `info`, `warn`, `error`
# @default -- `""` (defaults to global.logging.level)
# logLevel: ""
## Redis
redis:
# -- Enable redis
enabled: true
# -- Redis name
name: redis
# -- Runtime class name for redis
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
## Redis Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
# -- Deploy a [PodDisruptionBudget] for the Redis
enabled: false
# -- Labels to be added to Redis pdb
labels: {}
# -- Annotations to be added to Redis pdb
annotations: {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable: ""
# -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `redis.pdb.minAvailable`
maxUnavailable: ""
## Redis image
image:
# -- Redis repository
repository: ecr-public.aws.com/docker/library/redis
# -- Redis tag
## Do not use 7.4.0 <= v < 8.0.0, otherwise you are no longer using an open source version of Redis
tag: 8.2.3-alpine
# -- Redis image pull policy
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
## Prometheus redis-exporter sidecar
exporter:
# -- Enable Prometheus redis-exporter sidecar
enabled: false
# -- Environment variables to pass to the Redis exporter
env: []
## Prometheus redis-exporter image
image:
# -- Repository to use for the redis-exporter
repository: ghcr.io/oliver006/redis_exporter
# -- Tag to use for the redis-exporter
tag: v1.82.0
# -- Image pull policy for the redis-exporter
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- Redis exporter security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## Probes for Redis exporter (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for Redis exporter (optional)
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 30
# -- How often (in seconds) to perform the [probe]
periodSeconds: 15
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 15
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 5
livenessProbe:
# -- Enable Kubernetes liveness probe for Redis exporter
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 30
# -- How often (in seconds) to perform the [probe]
periodSeconds: 15
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 15
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 5
# -- Resource limits and requests for redis-exporter sidecar
resources: {}
# limits:
# cpu: 50m
# memory: 64Mi
# requests:
# cpu: 10m
# memory: 32Mi
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- Additional command line arguments to pass to redis-server
extraArgs: []
# - --bind
# - "0.0.0.0"
# -- Environment variables to pass to the Redis server
env: []
# -- envFrom to pass to the Redis server
# @default -- `[]` (See [values.yaml])
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
## Probes for Redis server (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for Redis server
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 30
# -- How often (in seconds) to perform the [probe]
periodSeconds: 15
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 15
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 5
livenessProbe:
# -- Enable Kubernetes liveness probe for Redis server
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 30
# -- How often (in seconds) to perform the [probe]
periodSeconds: 15
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 15
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 5
# -- Additional containers to be added to the redis pod
## Note: Supports use of custom Helm templates
extraContainers: []
# -- Init containers to add to the redis pod
## Note: Supports use of custom Helm templates
initContainers: []
# -- Additional volumeMounts to the redis container
volumeMounts: []
# -- Additional volumes to the redis pod
volumes: []
# -- Annotations to be added to the Redis server Deployment
deploymentAnnotations: {}
# -- Labels for the Redis server Deployment
deploymentLabels: {}
# -- Annotations to be added to the Redis server pods
podAnnotations: {}
# -- Labels to be added to the Redis server pods
podLabels: {}
# -- Resource limits and requests for redis
resources: {}
# limits:
# cpu: 200m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 64Mi
# -- Redis pod-level security context
# @default -- See [values.yaml]
securityContext:
runAsNonRoot: true
runAsUser: 999
seccompProfile:
type: RuntimeDefault
# Redis container ports
containerPorts:
# -- Redis container port
redis: 6379
# -- Metrics container port
metrics: 9121
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Redis server pods
dnsPolicy: "ClusterFirst"
# -- Redis container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
# -- Redis service port
servicePort: 6379
# -- Priority class for redis pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# -- [Node selector]
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
# @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules to the deployment
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to redis
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# -- Create a service account for the redis pod
create: false
# -- Service account name for redis pod
name: ""
# -- Annotations applied to created service account
annotations: {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: false
service:
# -- Redis service annotations
annotations: {}
# -- Additional redis service labels
labels: {}
metrics:
# -- Deploy metrics service
enabled: false
# Redis metrics service configuration
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: None
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
labels: {}
# -- Metrics service port
servicePort: 9121
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
# -- Interval at which metrics should be scraped
interval: 30s
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Prometheus ServiceMonitor selector
selector: {}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {}
# -- Prometheus ServiceMonitor namespace
namespace: "" # "monitoring"
# -- Prometheus ServiceMonitor labels
additionalLabels: {}
# -- Prometheus ServiceMonitor annotations
annotations: {}
# Default redis's network policy
networkPolicy:
# -- Default network policy rules used by redis
# @default -- `false` (defaults to global.networkPolicy.create)
create: false
## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true`
# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml
redis-ha:
# -- Enables the Redis HA subchart and disables the custom Redis single node deployment
enabled: false
## Redis image
image:
# -- Redis repository
repository: ecr-public.aws.com/docker/library/redis
# -- Redis tag
## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis
tag: 8.2.3-alpine
## Prometheus redis-exporter sidecar
exporter:
# -- Enable Prometheus redis-exporter sidecar
enabled: false
# -- Repository to use for the redis-exporter
image: ghcr.io/oliver006/redis_exporter
# -- Tag to use for the redis-exporter
tag: v1.75.0
persistentVolume:
# -- Configures persistence on Redis nodes
enabled: false
## Redis specific configuration options
redis:
# -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated
masterGroupName: argocd
# -- Any valid redis config options in this section will be applied to each server (see `redis-ha` chart)
# @default -- See [values.yaml]
config:
# -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled
# @default -- `'""'`
save: '""'
## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
haproxy:
# -- Enabled HAProxy LoadBalancing/Proxy
enabled: true
# -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI.
labels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
image:
# -- HAProxy Image Repository
repository: ecr-public.aws.com/docker/library/haproxy
metrics:
# -- HAProxy enable prometheus metric scraping
enabled: true
# -- Whether the haproxy pods should be forced to run on separate nodes.
hardAntiAffinity: true
# -- Additional affinities to add to the haproxy pods.
additionalAffinities: {}
# -- Assign custom [affinity] rules to the haproxy pods.
affinity: |
# -- [Tolerations] for use with node taints for haproxy pods.
tolerations: []
# -- HAProxy container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
readOnlyRootFilesystem: true
# -- Configures redis-ha with AUTH
auth: true
# -- Existing Secret to use for redis-ha authentication.
# By default the redis-secret-init Job is generating this Secret.
existingSecret: argocd-redis
# -- Whether the Redis server pods should be forced to run on separate nodes.
hardAntiAffinity: true
# -- Additional affinities to add to the Redis server pods.
additionalAffinities: {}
# -- Assign custom [affinity] rules to the Redis pods.
affinity: |
# -- [Tolerations] for use with node taints for Redis pods.
tolerations: []
# -- Assign custom [TopologySpreadConstraints] rules to the Redis pods.
## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
topologySpreadConstraints:
# -- Enable Redis HA topology spread constraints
enabled: false
# -- Max skew of pods tolerated
# @default -- `""` (defaults to `1`)
maxSkew: ""
# -- Topology key for spread
# @default -- `""` (defaults to `topology.kubernetes.io/zone`)
topologyKey: ""
# -- Enforcement policy, hard or soft
# @default -- `""` (defaults to `ScheduleAnyway`)
whenUnsatisfiable: ""
# -- Redis HA statefulset container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
readOnlyRootFilesystem: true
# External Redis parameters
externalRedis:
# -- External Redis server host
host: ""
# -- External Redis username
username: ""
# -- External Redis password
password: ""
# -- External Redis server port
port: 6379
# -- The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials.
# When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored
existingSecret: ""
# -- External Redis Secret annotations
secretAnnotations: {}
redisSecretInit:
# -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods
enabled: true
# -- Redis secret-init name
name: redis-secret-init
image:
# -- Repository to use for the Redis secret-init Job
# @default -- `""` (defaults to global.image.repository)
repository: "" # defaults to global.image.repository
# -- Tag to use for the Redis secret-init Job
# @default -- `""` (defaults to global.image.tag)
tag: "" # defaults to global.image.tag
# -- Image pull policy for the Redis secret-init Job
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: "" # IfNotPresent
# -- Additional command line arguments for the Redis secret-init Job
extraArgs: []
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- Runtime class name for the Redis secret-init Job
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
# -- Annotations to be added to the Redis secret-init Job
jobAnnotations: {}
# -- Annotations to be added to the Redis secret-init Job
podAnnotations: {}
# -- Labels to be added to the Redis secret-init Job
podLabels: {}
# -- Resource limits and requests for Redis secret-init Job
resources: {}
# limits:
# cpu: 200m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 64Mi
# -- Application controller container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# -- Redis secret-init Job pod-level security context
securityContext: {}
serviceAccount:
# -- Create a service account for the redis pod
create: true
# -- Service account name for redis pod
name: ""
# -- Annotations applied to created service account
annotations: {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
# -- Priority class for Redis secret-init Job
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# -- Assign custom [affinity] rules to the Redis secret-init Job
affinity: {}
# -- Node selector to be added to the Redis secret-init Job
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- Tolerations to be added to the Redis secret-init Job
# @default -- `[]` (defaults to global.tolerations)
tolerations: []
## Server
server:
# -- Argo CD server name
name: server
#insecure: true
# -- The number of server pods to run
replicas: 1
# -- Runtime class name for the Argo CD server
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
## Argo CD server Horizontal Pod Autoscaler
autoscaling:
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server
enabled: false
# -- Minimum number of replicas for the Argo CD server [HPA]
minReplicas: 1
# -- Maximum number of replicas for the Argo CD server [HPA]
maxReplicas: 5
# -- Average CPU utilization percentage for the Argo CD server [HPA]
targetCPUUtilizationPercentage: 50
# -- Average memory utilization percentage for the Argo CD server [HPA]
targetMemoryUtilizationPercentage: 50
# -- Configures the scaling behavior of the target in both Up and Down directions.
behavior: {}
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 1
# periodSeconds: 180
# scaleUp:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 2
# periodSeconds: 60
# -- Configures custom HPA metrics for the Argo CD server
# Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
metrics: []
## Argo CD server Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
# -- Deploy a [PodDisruptionBudget] for the Argo CD server
enabled: false
# -- Labels to be added to Argo CD server pdb
labels: {}
# -- Annotations to be added to Argo CD server pdb
annotations: {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable: ""
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `server.pdb.minAvailable`
maxUnavailable: ""
## Argo CD server image
image:
# -- Repository to use for the Argo CD server
# @default -- `""` (defaults to global.image.repository)
repository: "" # defaults to global.image.repository
# -- Tag to use for the Argo CD server
# @default -- `""` (defaults to global.image.tag)
tag: "" # defaults to global.image.tag
# -- Image pull policy for the Argo CD server
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: "" # IfNotPresent
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- Additional command line arguments to pass to Argo CD server
extraArgs: []
# -- Environment variables to pass to Argo CD server
env: []
# -- envFrom to pass to Argo CD server
# @default -- `[]` (See [values.yaml])
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container
lifecycle: {}
## Argo CD extensions
## This function in tech preview stage, do expect instability or breaking changes in newer versions.
## Ref: https://github.com/argoproj-labs/argocd-extension-installer
## When you enable extensions, you need to configure RBAC of logged in Argo CD user.
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource
extensions:
# -- Enable support for Argo CD extensions
enabled: false
## Argo CD extension installer image
image:
# -- Repository to use for extension installer image
repository: "quay.io/argoprojlabs/argocd-extension-installer"
# -- Tag to use for extension installer image
tag: "v0.0.9"
# -- Image pull policy for extensions
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- Extensions for Argo CD
# @default -- `[]` (See [values.yaml])
## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension
extensionList: []
# - name: extension-metrics
# env:
# - name: EXTENSION_URL
# value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
# - name: EXTENSION_CHECKSUM_URL
# value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt
# -- Server UI extensions container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# -- Resource limits and requests for the argocd-extensions container
resources: {}
# limits:
# cpu: 50m
# memory: 128Mi
# requests:
# cpu: 10m
# memory: 64Mi
# -- Additional containers to be added to the server pod
## Note: Supports use of custom Helm templates
extraContainers: []
# - name: my-sidecar
# image: nginx:latest
# - name: lemonldap-ng-controller
# image: lemonldapng/lemonldap-ng-controller:0.2.0
# args:
# - /lemonldap-ng-controller
# - --alsologtostderr
# - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
# env:
# - name: POD_NAME
# valueFrom:
# fieldRef:
# fieldPath: metadata.name
# - name: POD_NAMESPACE
# valueFrom:
# fieldRef:
# fieldPath: metadata.namespace
# volumeMounts:
# - name: copy-portal-skins
# mountPath: /srv/var/lib/lemonldap-ng/portal/skins
# -- Init containers to add to the server pod
## If your target Kubernetes cluster(s) require a custom credential (exec) plugin
## you could use this (and the same in the application controller pod) to provide such executable
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
initContainers: []
# - name: download-tools
# image: alpine:3
# command: [sh, -c]
# args:
# - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip &&
# mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip &&
# mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip
# volumeMounts:
# - mountPath: /custom-tools
# name: custom-tools
# -- Additional volumeMounts to the server main container
volumeMounts: []
# - mountPath: /usr/local/bin/kubelogin
# name: custom-tools
# subPath: kubelogin
# -- Additional volumes to the server pod
volumes: []
# - name: custom-tools
# emptyDir: {}
## Argo CD server emptyDir volumes
emptyDir:
# -- EmptyDir size limit for the Argo CD server
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit: ""
# sizeLimit: "1Gi"
# -- Annotations to be added to server Deployment
deploymentAnnotations: {}
# -- Labels for the server Deployment
deploymentLabels: {}
# -- Annotations to be added to server pods
podAnnotations: {}
# -- Labels to be added to server pods
podLabels: {}
# -- Resource limits and requests for the Argo CD server
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 50m
# memory: 64Mi
# Server container ports
containerPorts:
# -- Server container port
server: 8080
# -- Metrics container port
metrics: 8083
# -- Host Network for Server pods
hostNetwork: false
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Server pods
dnsPolicy: "ClusterFirst"
# -- Server container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## Readiness and liveness probes for default backend
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes readiness probe for default backend
enabled: true
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
livenessProbe:
# -- Enable Kubernetes liveness probe for default backend
enabled: true
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- Priority class for the Argo CD server pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# -- [Node selector]
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
# @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules to the deployment
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- Deployment strategy to be added to the server Deployment
deploymentStrategy: {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
# TLS certificate configuration via cert-manager
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
certificate:
# -- Deploy a Certificate resource (requires cert-manager)
enabled: false
# -- Certificate primary domain (commonName)
# @default -- `""` (defaults to global.domain)
domain: ""
# -- Certificate Subject Alternate Names (SANs)
additionalHosts: []
# -- The requested 'duration' (i.e. lifetime) of the certificate.
# @default -- `""` (defaults to 2160h = 90d if not specified)
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
duration: ""
# -- How long before the expiry a certificate should be renewed.
# @default -- `""` (defaults to 360h = 15d if not specified)
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
renewBefore: ""
# Certificate issuer
## Ref: https://cert-manager.io/docs/concepts/issuer
issuer:
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
group: ""
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
kind: ""
# -- Certificate issuer name. Eg. `letsencrypt`
name: ""
# Private key of the certificate
privateKey:
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
rotationPolicy: Never
# -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
encoding: PKCS1
# -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
algorithm: RSA
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
size: 2048
# -- Annotations to be applied to the Server Certificate
annotations: {}
# -- Usages for the certificate
### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage
usages: []
# -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources
secretTemplateAnnotations: {}
# TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
certificateSecret:
# -- Create argocd-server-tls secret
enabled: false
# -- Annotations to be added to argocd-server-tls secret
annotations: {}
# -- Labels to be added to argocd-server-tls secret
labels: {}
# -- Private Key of the certificate
key: ''
# -- Certificate data
crt: ''
## Server service configuration
service:
# -- Server service annotations
annotations: {}
# -- Server service labels
labels: {}
# -- Server service type
type: ClusterIP
# -- Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort")
nodePortHttp: 30080
# -- Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort")
nodePortHttps: 30443
# -- Server service http port
servicePortHttp: 80
# -- Server service https port
servicePortHttps: 443
# -- Server service http port name, can be used to route traffic via istio
servicePortHttpName: http
# -- Server service https port name, can be used to route traffic via istio
servicePortHttpsName: https
# -- Server service https port appProtocol
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
servicePortHttpsAppProtocol: ""
# -- The class of the load balancer implementation
loadBalancerClass: ""
# -- LoadBalancer will get created with the IP specified in this field
loadBalancerIP: ""
# -- Source IP ranges to allow access to service from
## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer
## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb
loadBalancerSourceRanges: []
# -- Server service external IPs
externalIPs: []
# -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
externalTrafficPolicy: Cluster
# -- Used to maintain session affinity. Supports `ClientIP` and `None`
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
sessionAffinity: None
## Server metrics service configuration
metrics:
# -- Deploy metrics service
enabled: true
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
labels: {}
# -- Metrics service port
servicePort: 8083
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Prometheus ServiceMonitor selector
selector: {}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {}
# -- Prometheus ServiceMonitor namespace
namespace: "" # monitoring
# -- Prometheus ServiceMonitor labels
additionalLabels: {}
# -- Prometheus ServiceMonitor annotations
annotations: {}
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# -- Create server service account
create: true
# -- Server service account name
name: argocd-server
# -- Annotations applied to created service account
annotations: {}
# -- Labels applied to created service account
labels: {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
# Argo CD server ingress configuration
ingress:
# -- Enable an ingress resource for the Argo CD server
enabled: false
# -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke`
## Additional configuration might be required in related configuration sections
controller: generic
# -- Additional ingress labels
labels: {}
# -- Additional ingress annotations
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
annotations: {}
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
# -- Defines which ingress controller will implement the resource
ingressClassName: ""
# -- Argo CD server hostname
# @default -- `""` (defaults to global.domain)
hostname: ""
# -- The path to Argo CD server
path: /
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Enable TLS configuration for the hostname defined at `server.ingress.hostname`
## TLS certificate will be retrieved from a TLS secret `argocd-server-tls`
## You can create this secret via `certificate` or `certificateSecret` option
tls: false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts: []
# - name: argocd.example.com
# path: /
# -- Additional ingress paths
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraPaths: []
# - path: /*
# pathType: Prefix
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraRules: []
# - http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: '{{ include "argo-cd.server.fullname" . }}'
# port:
# name: '{{ .Values.server.service.servicePortHttpsName }}'
# -- Additional TLS configuration
# @default -- `[]` (See [values.yaml])
extraTls: []
# - hosts:
# - argocd.example.com
# secretName: your-certificate-name
# AWS specific options for Application Load Balancer
# Applies only when `serv.ingress.controller` is set to `aws`
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode
aws:
# -- Backend protocol version for the AWS ALB gRPC service
## This tells AWS to send traffic from the ALB using gRPC.
## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings
backendProtocolVersion: GRPC
# -- Service type for the AWS ALB gRPC service
## Can be of type NodePort or ClusterIP depending on which mode you are running.
## Instance mode needs type NodePort, IP mode needs type ClusterIP
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic
serviceType: NodePort
# -- Annotations for the AWS ALB gRPC service
## Allows adding custom annotations to the gRPC service for integrations like DataDog, Prometheus, etc.
serviceAnnotations: {}
# Google specific options for Google Application Load Balancer
# Applies only when `server.ingress.controller` is set to `gke`
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress
gke:
# -- Google [BackendConfig] resource, for use with the GKE Ingress Controller
# @default -- `{}` (See [values.yaml])
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
backendConfig: {}
# iap:
# enabled: true
# oauthclientCredentials:
# secretName: argocd-secret
# -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller
# @default -- `{}` (See [values.yaml])
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
frontendConfig: {}
# redirectToHttps:
# enabled: true
# responseCodeName: RESPONSE_CODE
# Managed GKE certificate for ingress hostname
managedCertificate:
# -- Create ManagedCertificate resource and annotations for Google Load balancer
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
create: true
# -- Additional domains for ManagedCertificate resource
extraDomains: []
# - argocd.example.com
# Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
ingressGrpc:
# -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress]
enabled: false
# -- Additional ingress annotations for dedicated [gRPC-ingress]
annotations: {}
# -- Additional ingress labels for dedicated [gRPC-ingress]
labels: {}
# -- Defines which ingress controller will implement the resource [gRPC-ingress]
ingressClassName: ""
# -- Argo CD server hostname for dedicated [gRPC-ingress]
# @default -- `""` (defaults to grpc.`server.ingress.hostname`)
hostname: ""
# -- Argo CD server ingress path for dedicated [gRPC-ingress]
path: /
# -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname`
## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls`
tls: false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts: []
# - name: grpc.argocd.example.com
# path: /
# -- Additional ingress paths for dedicated [gRPC-ingress]
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraPaths: []
# - path: /*
# pathType: Prefix
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraRules: []
# - http:
# paths:
# - path: /
# pathType: Prefix
# backend:
# service:
# name: '{{ include "argo-cd.server.fullname" . }}'
# port:
# name: '{{ .Values.server.service.servicePortHttpName }}'
# -- Additional TLS configuration for dedicated [gRPC-ingress]
# @default -- `[]` (See [values.yaml])
extraTls: []
# - secretName: your-certificate-name
# hosts:
# - argocd.example.com
# Create a OpenShift Route with SSL passthrough for UI and CLI
# Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
# Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain:
# If 'hostname' is an empty string "" OpenShift will create a hostname for you.
route:
# -- Enable an OpenShift Route for the Argo CD server
enabled: false
# -- Openshift Route annotations
annotations: {}
# -- Hostname of OpenShift Route
hostname: ""
# -- Termination type of Openshift Route
termination_type: passthrough
# -- Termination policy of Openshift Route
termination_policy: None
# Gateway API HTTPRoute configuration
# NOTE: Gateway API support is in EXPERIMENTAL status
# Support depends on your Gateway controller implementation
# Some controllers may require additional configuration (e.g., BackendTLSPolicy for HTTPS backends)
# Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details
httproute:
# -- Enable HTTPRoute resource for Argo CD server (Gateway API)
enabled: true
# -- Additional HTTPRoute labels
labels: {}
# -- Additional HTTPRoute annotations
annotations: {}
# -- Gateway API parentRefs for the HTTPRoute
## Must reference an existing Gateway
# @default -- `[]` (See [values.yaml])
parentRefs:
- name: envoy-gateway
namespace: envoy-gateway-system
sectionName: http
# - name: example-gateway
# namespace: example-gateway-namespace
# sectionName: https
# -- List of hostnames for the HTTPRoute
# @default -- `[]` (See [values.yaml])
hostnames:
- argocd.fireflylab.local
- argocd.fireflylab.cc
# - argocd.example.com
# -- HTTPRoute rules configuration
# @default -- `[]` (See [values.yaml])
rules:
- matches:
- path:
type: PathPrefix
value: /
# filters: []
# - type: RequestHeaderModifier
# requestHeaderModifier:
# add:
# - name: X-Custom-Header
# value: custom-value
# timeouts:
# request: 10s
# backendRequest: 2s
# Gateway API GRPCRoute configuration
# NOTE: Gateway API support is in EXPERIMENTAL status
# Support depends on your Gateway controller implementation
# Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details
grpcroute:
# -- Enable GRPCRoute resource for Argo CD server (Gateway API)
enabled: false
# -- Additional GRPCRoute labels
labels: {}
# -- Additional GRPCRoute annotations
annotations: {}
# -- Gateway API parentRefs for the GRPCRoute
## Must reference an existing Gateway
# @default -- `[]` (See [values.yaml])
parentRefs: []
# - name: example-gateway
# namespace: example-gateway-namespace
# sectionName: grpc
# -- List of hostnames for the GRPCRoute
# @default -- `[]` (See [values.yaml])
hostnames: []
# - grpc.argocd.example.com
# -- GRPCRoute rules configuration
# @default -- `[]` (See [values.yaml])
rules:
- matches:
- method:
type: Exact
# filters: []
# - type: RequestHeaderModifier
# requestHeaderModifier:
# add:
# - name: X-Custom-Header
# value: custom-value
# Gateway API BackendTLSPolicy configuration
# NOTE: BackendTLSPolicy support is in EXPERIMENTAL status
# Required for HTTPS backends when using Gateway API
# Not all Gateway controllers support this resource (e.g., Cilium does not support it yet)
backendTLSPolicy:
# -- Enable BackendTLSPolicy resource for Argo CD server (Gateway API)
enabled: false
# -- Additional BackendTLSPolicy labels
labels: {}
# -- Additional BackendTLSPolicy annotations
annotations: {}
# -- Target references for the BackendTLSPolicy
# @default -- `[]` (See [values.yaml])
targetRefs: []
# - group: ""
# kind: Service
# name: argocd-server
# sectionName: https
# -- TLS validation configuration
# @default -- `{}` (See [values.yaml])
validation: {}
# hostname: argocd-server.argocd.svc.cluster.local
# caCertificateRefs:
# - name: example-ca-cert
# group: ""
# kind: ConfigMap
# wellKnownCACertificates: System
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
clusterRoleRules:
# -- Enable custom rules for the server's ClusterRole resource
enabled: false
# -- List of custom rules for the server's ClusterRole resource
rules: []
# Default ArgoCD Server's network policy
networkPolicy:
# -- Default network policy rules used by ArgoCD Server
# @default -- `false` (defaults to global.networkPolicy.create)
create: false
## Repo Server
repoServer:
# -- Repo server name
name: repo-server
# -- The number of repo server pods to run
replicas: 1
# -- Runtime class name for the repo server
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
## Repo server Horizontal Pod Autoscaler
autoscaling:
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server
enabled: false
# -- Minimum number of replicas for the repo server [HPA]
minReplicas: 1
# -- Maximum number of replicas for the repo server [HPA]
maxReplicas: 5
# -- Average CPU utilization percentage for the repo server [HPA]
targetCPUUtilizationPercentage: 50
# -- Average memory utilization percentage for the repo server [HPA]
targetMemoryUtilizationPercentage: 50
# -- Configures the scaling behavior of the target in both Up and Down directions.
behavior: {}
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 1
# periodSeconds: 180
# scaleUp:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 2
# periodSeconds: 60
# -- Configures custom HPA metrics for the Argo CD repo server
# Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
metrics: []
## Repo server Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
# -- Deploy a [PodDisruptionBudget] for the repo server
enabled: false
# -- Labels to be added to repo server pdb
labels: {}
# -- Annotations to be added to repo server pdb
annotations: {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable: ""
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `repoServer.pdb.minAvailable`
maxUnavailable: ""
## Repo server image
image:
# -- Repository to use for the repo server
# @default -- `""` (defaults to global.image.repository)
repository: ""
# -- Tag to use for the repo server
# @default -- `""` (defaults to global.image.tag)
tag: ""
# -- Image pull policy for the repo server
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- Additional command line arguments to pass to repo server
extraArgs: []
# -- Environment variables to pass to repo server
env: []
# -- envFrom to pass to repo server
# @default -- `[]` (See [values.yaml])
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# -- Specify postStart and preStop lifecycle hooks for your argo-repo-server container
lifecycle: {}
# -- Additional containers to be added to the repo server pod
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/
## Note: Supports use of custom Helm templates
extraContainers: []
# - name: cmp-my-plugin
# command:
# - "/var/run/argocd/argocd-cmp-server"
# image: busybox
# securityContext:
# runAsNonRoot: true
# runAsUser: 999
# volumeMounts:
# - mountPath: /var/run/argocd
# name: var-files
# - mountPath: /home/argocd/cmp-server/plugins
# name: plugins
# # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
# - mountPath: /home/argocd/cmp-server/config/plugin.yaml
# subPath: my-plugin.yaml
# name: argocd-cmp-cm
# # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
# # mitigate path traversal attacks.
# - mountPath: /tmp
# name: cmp-tmp
# - name: cmp-my-plugin2
# command:
# - "/var/run/argocd/argocd-cmp-server"
# image: busybox
# securityContext:
# runAsNonRoot: true
# runAsUser: 999
# volumeMounts:
# - mountPath: /var/run/argocd
# name: var-files
# # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
# - mountPath: /home/argocd/cmp-server/plugins
# name: plugins
# - mountPath: /home/argocd/cmp-server/config/plugin.yaml
# subPath: my-plugin2.yaml
# name: argocd-cmp-cm
# # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
# # mitigate path traversal attacks.
# - mountPath: /tmp
# name: cmp-tmp
# -- Init containers to add to the repo server pods
initContainers: []
copyutil:
# -- Resource limits and requests for the repo server copyutil initContainer
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 50m
# memory: 64Mi
# -- Additional volumeMounts to the repo server main container
volumeMounts: []
# -- Additional volumes to the repo server pod
volumes: []
# - name: argocd-cmp-cm
# configMap:
# name: argocd-cmp-cm
# - name: cmp-tmp
# emptyDir: {}
# -- Volumes to be used in replacement of emptydir on default volumes
existingVolumes: {}
# gpgKeyring:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-keyring
# helmWorkingDir:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-workdir
# tmp:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-tmp
# varFiles:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-varfiles
# plugins:
# persistentVolumeClaim:
# claimName: pvc-argocd-repo-server-plugins
## RepoServer emptyDir volumes
emptyDir:
# -- EmptyDir size limit for repo server
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit: ""
# sizeLimit: "1Gi"
# -- Toggle the usage of a ephemeral Helm working directory
useEphemeralHelmWorkingDir: true
# -- Annotations to be added to repo server Deployment
deploymentAnnotations: {}
# -- Labels for the repo server Deployment
deploymentLabels: {}
# -- Annotations to be added to repo server pods
podAnnotations: {}
# -- Labels to be added to repo server pods
podLabels: {}
# -- Resource limits and requests for the repo server pods
resources: {}
# limits:
# cpu: 50m
# memory: 128Mi
# requests:
# cpu: 10m
# memory: 64Mi
# Repo server container ports
containerPorts:
# -- Repo server container port
server: 8081
# -- Metrics container port
metrics: 8084
# -- Host Network for Repo server pods
hostNetwork: false
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for Repo server pods
dnsPolicy: "ClusterFirst"
# -- Repo server container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## Readiness and liveness probes for Repo Server
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes readiness probe for Repo Server
enabled: true
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
livenessProbe:
# -- Enable Kubernetes liveness probe for Repo Server
enabled: true
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- [Node selector]
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
# @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules to the deployment
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the repo server
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- Deployment strategy to be added to the repo server Deployment
deploymentStrategy: {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
# -- Priority class for the repo server pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# TLS certificate configuration via Secret
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server
## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers.
certificateSecret:
# -- Create argocd-repo-server-tls secret
enabled: false
# -- Annotations to be added to argocd-repo-server-tls secret
annotations: {}
# -- Labels to be added to argocd-repo-server-tls secret
labels: {}
# -- Certificate authority. Required for self-signed certificates.
ca: ''
# -- Certificate private key
key: ''
# -- Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc)
crt: ''
## Repo server service configuration
service:
# -- Repo server service annotations
annotations: {}
# -- Repo server service labels
labels: {}
# -- Repo server service port
port: 8081
# -- Repo server service port name
portName: tcp-repo-server
# -- Traffic distribution preference for the repo server service. If the field is not set, the implementation will apply its default routing strategy.
trafficDistribution: ""
## Repo server metrics service configuration
metrics:
# -- Deploy metrics service
enabled: true
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
labels: {}
# -- Metrics service port
servicePort: 8084
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Prometheus ServiceMonitor selector
selector: {}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {}
# -- Prometheus ServiceMonitor namespace
namespace: "" # "monitoring"
# -- Prometheus ServiceMonitor labels
additionalLabels: {}
# -- Prometheus ServiceMonitor annotations
annotations: {}
## Enable Custom Rules for the Repo server's Cluster Role resource
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
clusterRoleRules:
# -- Enable custom rules for the Repo server's Cluster Role resource
enabled: false
# -- List of custom rules for the Repo server's Cluster Role resource
rules: []
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
## Repo server service account
## If create is set to true, make sure to uncomment the name and update the rbac section below
serviceAccount:
# -- Create repo server service account
create: true
# -- Repo server service account name
name: "" # "argocd-repo-server"
# -- Annotations applied to created service account
annotations: {}
# -- Labels applied to created service account
labels: {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
# -- Repo server rbac rules
rbac: []
# - apiGroups:
# - argoproj.io
# resources:
# - applications
# verbs:
# - get
# - list
# - watch
# Default repo server's network policy
networkPolicy:
# -- Default network policy rules used by repo server
# @default -- `false` (defaults to global.networkPolicy.create)
create: false
## ApplicationSet controller
applicationSet:
# -- ApplicationSet controller name string
name: applicationset-controller
# -- The number of ApplicationSet controller pods to run
replicas: 1
# -- Runtime class name for the ApplicationSet controller
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
## ApplicationSet controller Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
# -- Deploy a [PodDisruptionBudget] for the ApplicationSet controller
enabled: false
# -- Labels to be added to ApplicationSet controller pdb
labels: {}
# -- Annotations to be added to ApplicationSet controller pdb
annotations: {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable: ""
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `applicationSet.pdb.minAvailable`
maxUnavailable: ""
## ApplicationSet controller image
image:
# -- Repository to use for the ApplicationSet controller
# @default -- `""` (defaults to global.image.repository)
repository: ""
# -- Tag to use for the ApplicationSet controller
# @default -- `""` (defaults to global.image.tag)
tag: ""
# -- Image pull policy for the ApplicationSet controller
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- If defined, uses a Secret to pull an image from a private Docker registry or repository.
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# -- ApplicationSet controller command line flags
extraArgs: []
# -- Environment variables to pass to the ApplicationSet controller
extraEnv: []
# - name: "MY_VAR"
# value: "value"
# -- envFrom to pass to the ApplicationSet controller
# @default -- `[]` (See [values.yaml])
extraEnvFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# -- Additional containers to be added to the ApplicationSet controller pod
## Note: Supports use of custom Helm templates
extraContainers: []
# -- Init containers to add to the ApplicationSet controller pod
## Note: Supports use of custom Helm templates
initContainers: []
# -- List of extra mounts to add (normally used with extraVolumes)
extraVolumeMounts: []
# -- List of extra volumes to add
extraVolumes: []
## ApplicationSet controller emptyDir volumes
emptyDir:
# -- EmptyDir size limit for applicationSet controller
# @default -- `""` (defaults not set if not specified i.e. no size limit)
sizeLimit: ""
# sizeLimit: "1Gi"
## Metrics service configuration
metrics:
# -- Deploy metrics service
enabled: true
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
labels: {}
# -- Metrics service port
servicePort: 8080
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: true
# -- Prometheus ServiceMonitor interval
interval: 30s
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
scrapeTimeout: ""
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Prometheus ServiceMonitor selector
selector: {}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {}
# -- Prometheus ServiceMonitor namespace
namespace: "" # monitoring
# -- Prometheus ServiceMonitor labels
additionalLabels: {}
# -- Prometheus ServiceMonitor annotations
annotations: {}
## ApplicationSet service configuration
service:
# -- ApplicationSet service annotations
annotations: {}
# -- ApplicationSet service labels
labels: {}
# -- ApplicationSet service type
type: ClusterIP
# -- ApplicationSet service port
port: 7000
# -- ApplicationSet service port name
portName: http-webhook
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# -- Create ApplicationSet controller service account
create: true
# -- ApplicationSet controller service account name
name: argocd-applicationset-controller
# -- Annotations applied to created service account
annotations: {}
# -- Labels applied to created service account
labels: {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
# -- Annotations to be added to ApplicationSet controller Deployment
deploymentAnnotations: {}
# -- Labels for the ApplicationSet controller Deployment
deploymentLabels: {}
# -- Annotations for the ApplicationSet controller pods
podAnnotations: {}
# -- Labels for the ApplicationSet controller pods
podLabels: {}
# -- Resource limits and requests for the ApplicationSet controller pods.
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# ApplicationSet controller container ports
containerPorts:
# -- Metrics container port
metrics: 8080
# -- Probe container port
probe: 8081
# -- Webhook container port
webhook: 7000
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for ApplicationSet controller pods
dnsPolicy: "ClusterFirst"
# -- ApplicationSet controller container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## Probes for ApplicationSet controller (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for ApplicationSet controller
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
livenessProbe:
# -- Enable Kubernetes liveness probe for ApplicationSet controller
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- [Node selector]
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
# @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- Deployment strategy to be added to the ApplicationSet controller Deployment
deploymentStrategy: {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
# -- Priority class for the ApplicationSet controller pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# TLS certificate configuration via cert-manager
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration
certificate:
# -- Deploy a Certificate resource (requires cert-manager)
enabled: false
# -- Certificate primary domain (commonName)
# @default -- `""` (defaults to global.domain)
domain: ""
# -- Certificate Subject Alternate Names (SANs)
additionalHosts: []
# -- The requested 'duration' (i.e. lifetime) of the certificate.
# @default -- `""` (defaults to 2160h = 90d if not specified)
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
duration: ""
# -- How long before the expiry a certificate should be renewed.
# @default -- `""` (defaults to 360h = 15d if not specified)
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
renewBefore: ""
# Certificate issuer
## Ref: https://cert-manager.io/docs/concepts/issuer
issuer:
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
group: ""
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
kind: ""
# -- Certificate issuer name. Eg. `letsencrypt`
name: ""
# Private key of the certificate
privateKey:
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
rotationPolicy: Never
# -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
encoding: PKCS1
# -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
algorithm: RSA
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
size: 2048
# -- Annotations to be applied to the ApplicationSet Certificate
annotations: {}
## Ingress for the Git Generator webhook
## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
ingress:
# -- Enable an ingress resource for ApplicationSet webhook
enabled: false
# -- Additional ingress labels
labels: {}
# -- Additional ingress annotations
annotations: {}
# -- Defines which ingress ApplicationSet controller will implement the resource
ingressClassName: ""
# -- Argo CD ApplicationSet hostname
# @default -- `""` (defaults to global.domain)
hostname: ""
# -- List of ingress paths
path: /api/webhook
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
pathType: Prefix
# -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname`
## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls`
tls: false
# -- The list of additional hostnames to be covered by ingress record
# @default -- `[]` (See [values.yaml])
extraHosts: []
# - name: argocd.example.com
# path: /
# -- Additional ingress paths
# @default -- `[]` (See [values.yaml])
extraPaths: []
# - path: /*
# pathType: Prefix
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
# -- Additional ingress rules
# @default -- `[]` (See [values.yaml])
## Note: Supports use of custom Helm templates
extraRules: []
# - http:
# paths:
# - path: /api/webhook
# pathType: Prefix
# backend:
# service:
# name: '{{ include "argo-cd.applicationSet.fullname" . }}'
# port:
# name: '{{ .Values.applicationSet.service.portName }}'
# -- Additional ingress TLS configuration
# @default -- `[]` (See [values.yaml])
extraTls: []
# - secretName: argocd-applicationset-tls
# hosts:
# - argocd-applicationset.example.com
# -- Enable ApplicationSet in any namespace feature
allowAnyNamespace: false
# Default ApplicationSet controller's network policy
networkPolicy:
# -- Default network policy rules used by ApplicationSet controller
# @default -- `false` (defaults to global.networkPolicy.create)
create: false
## Notifications controller
notifications:
# -- Enable notifications controller
enabled: true
# -- Notifications controller name string
name: notifications-controller
# -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates
# @default -- `""` (defaults to https://`global.domain`)
argocdUrl: ""
# -- Runtime class name for the notifications controller
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
## Notifications controller Pod Disruption Budget
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
pdb:
# -- Deploy a [PodDisruptionBudget] for the notifications controller
enabled: false
# -- Labels to be added to notifications controller pdb
labels: {}
# -- Annotations to be added to notifications controller pdb
annotations: {}
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
# @default -- `""` (defaults to 0 if not specified)
minAvailable: ""
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
## Has higher precedence over `notifications.pdb.minAvailable`
maxUnavailable: ""
## Notifications controller image
image:
# -- Repository to use for the notifications controller
# @default -- `""` (defaults to global.image.repository)
repository: ""
# -- Tag to use for the notifications controller
# @default -- `""` (defaults to global.image.tag)
tag: ""
# -- Image pull policy for the notifications controller
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- Secrets with credentials to pull images from a private registry
# @default -- `[]` (defaults to global.imagePullSecrets)
imagePullSecrets: []
# DEPRECATED - Use configs.params to override
# -- Notifications controller log format. Either `text` or `json`
# @default -- `""` (defaults to global.logging.format)
# logFormat: ""
# -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error`
# @default -- `""` (defaults to global.logging.level)
# logLevel: ""
# -- Extra arguments to provide to the notifications controller
extraArgs: []
# -- Additional container environment variables
extraEnv: []
# -- envFrom to pass to the notifications controller
# @default -- `[]` (See [values.yaml])
extraEnvFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# -- Additional containers to be added to the notifications controller pod
## Note: Supports use of custom Helm templates
extraContainers: []
# -- Init containers to add to the notifications controller pod
## Note: Supports use of custom Helm templates
initContainers: []
# -- List of extra mounts to add (normally used with extraVolumes)
extraVolumeMounts: []
# -- List of extra volumes to add
extraVolumes: []
# -- Define user-defined context
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context
context: {}
# region: east
# environmentName: staging
secret:
# -- Whether helm chart creates notifications controller secret
## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name.
create: true
# -- notifications controller Secret name
name: "argocd-notifications-secret"
# -- key:value pairs of annotations to be added to the secret
annotations: {}
# -- key:value pairs of labels to be added to the secret
labels: {}
# -- Generic key:value pairs to be inserted into the secret
## Can be used for templates, notification services etc. Some examples given below.
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
items: {}
# slack-token:
# # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/
# grafana-apiKey:
# # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/
# webhooks-github-token:
# email-username:
# email-password:
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/
metrics:
# -- Enables prometheus metrics server
enabled: false
# -- Metrics port
port: 9001
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
labels: {}
# -- Metrics service port name
portName: http-metrics
serviceMonitor:
# -- Enable a prometheus ServiceMonitor
enabled: false
# -- Prometheus ServiceMonitor selector
selector: {}
# prometheus: kube-prometheus
# -- Prometheus ServiceMonitor labels
additionalLabels: {}
# -- Prometheus ServiceMonitor annotations
annotations: {}
# namespace: monitoring
# interval: 30s
# scrapeTimeout: 10s
# -- Prometheus ServiceMonitor scheme
scheme: ""
# -- Prometheus ServiceMonitor tlsConfig
tlsConfig: {}
# -- When true, honorLabels preserves the metrics labels when they collide with the targets labels.
honorLabels: false
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
relabelings: []
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
metricRelabelings: []
# -- Configures notification services such as slack, email or custom webhook
# @default -- See [values.yaml]
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
notifiers: {}
# service.slack: |
# token: $slack-token
# -- Annotations to be applied to the notifications controller Deployment
deploymentAnnotations: {}
# -- Labels for the notifications controller Deployment
deploymentLabels: {}
# -- Annotations to be applied to the notifications controller Pods
podAnnotations: {}
# -- Labels to be applied to the notifications controller Pods
podLabels: {}
# -- Resource limits and requests for the notifications controller
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Notification controller container ports
containerPorts:
# -- Metrics container port
metrics: 9001
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for notifications controller Pods
dnsPolicy: "ClusterFirst"
# -- Notification controller container-level security Context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
## Probes for notifications controller Pods (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for notifications controller Pods
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
livenessProbe:
# -- Enable Kubernetes liveness probe for notifications controller Pods
enabled: false
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 10
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
successThreshold: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- [Node selector]
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
# @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- Deployment strategy to be added to the notifications controller Deployment
deploymentStrategy:
type: Recreate
# -- Priority class for the notifications controller pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: true
serviceAccount:
# -- Create notifications controller service account
create: true
# -- Notification controller service account name
name: argocd-notifications-controller
# -- Annotations applied to created service account
annotations: {}
# -- Labels applied to created service account
labels: {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
cm:
# -- Whether helm chart creates notifications controller config map
create: true
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
## Defaults to off
clusterRoleRules:
# -- List of custom rules for the notifications controller's ClusterRole resource
rules: []
# -- Contains centrally managed global application subscriptions
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/
subscriptions: []
# # subscription for on-sync-status-unknown trigger notifications
# - recipients:
# - slack:test2
# - email:test@gmail.com
# triggers:
# - on-sync-status-unknown
# # subscription restricted to applications with matching labels only
# - recipients:
# - slack:test3
# selector: test=true
# triggers:
# - on-sync-status-unknown
# -- The notification template is used to generate the notification content
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/
templates: {}
# template.app-deployed: |
# email:
# subject: New version of an application {{.app.metadata.name}} is up and running.
# message: |
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests.
# slack:
# attachments: |
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#18be52",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# },
# {
# "title": "Revision",
# "value": "{{.app.status.sync.revision}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-health-degraded: |
# email:
# subject: Application {{.app.metadata.name}} has degraded.
# message: |
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded.
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#f4c030",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-sync-failed: |
# email:
# subject: Failed to sync application {{.app.metadata.name}}.
# message: |
# {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#E96D76",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-sync-running: |
# email:
# subject: Start syncing application {{.app.metadata.name}}.
# message: |
# The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}.
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#0DADEA",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-sync-status-unknown: |
# email:
# subject: Application {{.app.metadata.name}} sync status is 'Unknown'
# message: |
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'.
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
# {{if ne .serviceType "slack"}}
# {{range $c := .app.status.conditions}}
# * {{$c.message}}
# {{end}}
# {{end}}
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#E96D76",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# template.app-sync-succeeded: |
# email:
# subject: Application {{.app.metadata.name}} has been successfully synced.
# message: |
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
# slack:
# attachments: |-
# [{
# "title": "{{ .app.metadata.name}}",
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
# "color": "#18be52",
# "fields": [
# {
# "title": "Sync Status",
# "value": "{{.app.status.sync.status}}",
# "short": true
# },
# {
# "title": "Repository",
# "value": "{{.app.spec.source.repoURL}}",
# "short": true
# }
# {{range $index, $c := .app.status.conditions}}
# {{if not $index}},{{end}}
# {{if $index}},{{end}}
# {
# "title": "{{$c.type}}",
# "value": "{{$c.message}}",
# "short": true
# }
# {{end}}
# ]
# }]
# -- The trigger defines the condition when the notification should be sent
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/
triggers: {}
# trigger.on-deployed: |
# - description: Application is synced and healthy. Triggered once per commit.
# oncePer: app.status.sync.revision
# send:
# - app-deployed
# when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
# trigger.on-health-degraded: |
# - description: Application has degraded
# send:
# - app-health-degraded
# when: app.status.health.status == 'Degraded'
# trigger.on-sync-failed: |
# - description: Application syncing has failed
# send:
# - app-sync-failed
# when: app.status.operationState.phase in ['Error', 'Failed']
# trigger.on-sync-running: |
# - description: Application is being synced
# send:
# - app-sync-running
# when: app.status.operationState.phase in ['Running']
# trigger.on-sync-status-unknown: |
# - description: Application status is 'Unknown'
# send:
# - app-sync-status-unknown
# when: app.status.sync.status == 'Unknown'
# trigger.on-sync-succeeded: |
# - description: Application syncing has succeeded
# send:
# - app-sync-succeeded
# when: app.status.operationState.phase in ['Succeeded']
#
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers
# defaultTriggers: |
# - on-sync-status-unknown
# Default notifications controller's network policy
networkPolicy:
# -- Default network policy rules used by notifications controller
# @default -- `false` (defaults to global.networkPolicy.create)
create: false
commitServer:
# -- Enable commit server
enabled: false
# -- Commit server name
name: commit-server
# -- Runtime class name for the commit server
# @default -- `""` (defaults to global.runtimeClassName)
runtimeClassName: ""
## commit server controller image
image:
# -- Repository to use for the commit server
# @default -- `""` (defaults to global.image.repository)
repository: ""
# -- Tag to use for the commit server
# @default -- `""` (defaults to global.image.tag)
tag: ""
# -- Image pull policy for the commit server
# @default -- `""` (defaults to global.image.imagePullPolicy)
imagePullPolicy: ""
# -- commit server command line flags
extraArgs: []
# -- Environment variables to pass to the commit server
extraEnv: []
# - name: "MY_VAR"
# value: "value"
# -- envFrom to pass to the commit server
# @default -- `[]` (See [values.yaml])
extraEnvFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
# -- List of extra mounts to add (normally used with extraVolumes)
extraVolumeMounts: []
# -- List of extra volumes to add
extraVolumes: []
metrics:
# -- Enables prometheus metrics server
enabled: false
service:
# -- Metrics service type
type: ClusterIP
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
clusterIP: ""
# -- Metrics service annotations
annotations: {}
# -- Metrics service labels
labels: {}
# -- Metrics service port
servicePort: 8087
# -- Metrics service port name
portName: metrics
## commit server service configuration
service:
# -- commit server service annotations
annotations: {}
# -- commit server service labels
labels: {}
# -- commit server service port
port: 8086
# -- commit server service port name
portName: server
# -- Automount API credentials for the Service Account into the pod.
automountServiceAccountToken: false
serviceAccount:
# -- Create commit server service account
create: true
# -- commit server service account name
name: argocd-commit-server
# -- Annotations applied to created service account
annotations: {}
# -- Labels applied to created service account
labels: {}
# -- Automount API credentials for the Service Account
automountServiceAccountToken: true
# -- Annotations to be added to commit server Deployment
deploymentAnnotations: {}
# -- Labels for the commit server Deployment
deploymentLabels: {}
# -- Annotations for the commit server pods
podAnnotations: {}
# -- Labels for the commit server pods
podLabels: {}
# -- Resource limits and requests for the commit server pods.
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# -- [DNS configuration]
dnsConfig: {}
# -- Alternative DNS policy for commit server pods
dnsPolicy: "ClusterFirst"
# -- commit server container-level security context
# @default -- See [values.yaml]
containerSecurityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
## Probes for commit server (optional)
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
readinessProbe:
# -- Enable Kubernetes liveness probe for commit server
enabled: true
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 5
# -- How often (in seconds) to perform the [probe]
periodSeconds: 10
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 1
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
livenessProbe:
# -- Enable Kubernetes liveness probe for commit server
enabled: true
# -- Number of seconds after the container has started before [probe] is initiated
initialDelaySeconds: 30
# -- How often (in seconds) to perform the [probe]
periodSeconds: 30
# -- Number of seconds after which the [probe] times out
timeoutSeconds: 5
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
failureThreshold: 3
# -- terminationGracePeriodSeconds for container lifecycle hook
terminationGracePeriodSeconds: 30
# -- [Node selector]
# @default -- `{}` (defaults to global.nodeSelector)
nodeSelector: {}
# -- [Tolerations] for use with node taints
# @default -- `[]` (defaults to global.tolerations)
tolerations: []
# -- Assign custom [affinity] rules
# @default -- `{}` (defaults to global.affinity preset)
affinity: {}
# -- Assign custom [TopologySpreadConstraints] rules to the commit server
# @default -- `[]` (defaults to global.topologySpreadConstraints)
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: topology.kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# -- Deployment strategy to be added to the commit server Deployment
deploymentStrategy: {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
# -- Priority class for the commit server pods
# @default -- `""` (defaults to global.priorityClassName)
priorityClassName: ""
# Default commit server's network policy
networkPolicy:
# -- Default network policy rules used by commit server
# @default -- `false` (defaults to global.networkPolicy.create)
create: false
Reference in New Issue View Git Blame Copy Permalink