1## Argo CD configuration
2## Ref: https://github.com/argoproj/argo-cd
5# -- Provide a name in place of `argocd`
7# -- String to fully override `"argo-cd.fullname"`
9# -- Override the namespace
10# @default -- `.Release.Namespace`
12# -- Override the Kubernetes version, which is used to evaluate certain manifests
13kubeVersionOverride: ""
15# If you want to template helm charts but cannot access k8s API server
16# you can set api versions here
17apiVersionOverrides: {}
18# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources
19## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
20createAggregateRoles: false
21# -- Create cluster roles for cluster-wide installation.
22## Used when you manage applications in the same cluster where Argo CD runs
23createClusterRoles: true
25 # -- enables using arbitrary uid for argo repo server
27## Custom resource configuration
29 # -- Install and upgrade CRDs
31 # -- Keep CRDs on chart uninstall
33 # -- Annotations to be added to all CRDs
35 argocd.argoproj.io/sync-options: ServerSideApply=true
36 # -- Additional labels to be added to all CRDs
38## Globally shared configuration
40 # -- Default domain used by all components
41 ## Used for ingresses, certificates, SSO, notifications, etc.
42 domain: argocd.example.com
43 # -- Runtime class name for all components
45 # -- Common labels for the all resources
49 # -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected.
50 revisionHistoryLimit: 3
51 # Default image used by all components
53 # -- If defined, a repository applied to all Argo CD deployments
54 repository: cgr.dev/chainguard-private/argocd
55 # -- Overrides the global Argo CD image tag whose default is the chart appVersion
56 tag: latest@sha256:56b711d0b61a9d247aa62d509380907976a64295b1c1c98efd0fcfbcbebcecd7
57 # -- If defined, a imagePullPolicy applied to all Argo CD deployments
58 imagePullPolicy: IfNotPresent
59 # -- Secrets with credentials to pull images from a private registry
61 # Default logging options used by all components
63 # -- Set the global logging format. Either: `text` or `json`
65 # -- Set the global logging level. One of: `debug`, `info`, `warn` or `error`
67 # -- Annotations for the all deployed Statefulsets
68 statefulsetAnnotations: {}
69 # -- Labels for the all deployed Statefulsets
71 # -- Annotations for the all deployed Deployments
72 deploymentAnnotations: {}
73 # -- Labels for the all deployed Deployments
75 # -- Annotations for the all deployed pods
77 # -- Labels for the all deployed pods
79 # -- Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors.
80 addPrometheusAnnotations: false
81 # -- Toggle and define pod-level security context.
82 # @default -- `{}` (See [values.yaml])
88 # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files
94 # Configure dual-stack used by all component services
96 # -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services)
98 # -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6.
100 # Default network policy rules used by all components
102 # -- Create NetworkPolicy objects for all components
104 # -- Default deny all ingress traffic
105 defaultDenyIngress: false
106 # -- Default priority class for all components
107 priorityClassName: ""
108 # -- Default node selector for all components
110 kubernetes.io/os: linux
111 # -- Default tolerations for all components
113 # Default affinity preset for all components
115 # -- Default pod anti-affinity rules. Either: `none`, `soft` or `hard`
116 podAntiAffinity: soft
117 # Node affinity rules
119 # -- Default node affinity rules. Either: `none`, `soft` or `hard`
121 # -- Default match expressions for node affinity
123 # - key: topology.kubernetes.io/zone
128 # -- Default [TopologySpreadConstraints] rules for all components
129 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
130 ## If labelSelector is left out, it will default to the labelSelector of the component
131 topologySpreadConstraints: []
133 # topologyKey: topology.kubernetes.io/zone
134 # whenUnsatisfiable: DoNotSchedule
136 # -- Deployment strategy for the all deployed Deployments
137 deploymentStrategy: {}
138 # type: RollingUpdate
141 # maxUnavailable: 25%
143 # -- Environment variables to pass to all deployed Deployments
145 # -- Extra volumes to add to all deployed Deployments and StatefulSets
147 # Example of adding a custom CA bundle from a ConfigMap:
150 # name: my-trustbundle
153 # path: ca-certificates.crt
155 # -- Extra volume mounts to add to all deployed Deployments and StatefulSets
156 extraVolumeMounts: []
157 # Example of adding a custom CA bundle mount:
159 # mountPath: /etc/ssl/certs
161 # -- Annotations for the all deployed Certificates
162 certificateAnnotations: {}
165 # General Argo CD configuration. Any values you put under `.configs.cm` are passed to argocd-cm ConfigMap.
166 ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
168 # -- Create the argocd-cm configmap for [declarative setup]
170 # -- Annotations to be added to argocd-cm configmap
172 # -- The name of tracking label used by Argo CD for resource pruning
173 application.instanceLabelKey: argocd.argoproj.io/instance
174 # -- Enable control of the service account used for the sync operation (alpha)
175 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/
176 application.sync.impersonation.enabled: false
177 # -- Enable exec feature in Argo UI
178 ## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#exec-resource
180 # -- Enable local admin user
181 ## Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user
183 # -- Timeout to discover if a new manifests version got published to the repository
184 timeout.reconciliation: 120s
185 # -- Maximum jitter added to the reconciliation timeout to spread out refreshes and reduce repo-server load
186 timeout.reconciliation.jitter: 60s
187 # -- Timeout to refresh application data as well as target manifests cache
188 timeout.hard.reconciliation: 0s
189 # -- Enable Status Badge
190 ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/
191 statusbadge.enabled: false
200 # clientID: aabbccddeeff00112233
201 # clientSecret: $dex.github.clientSecret # Alternatively $<some_K8S_secret>:dex.github.clientSecret
203 # - name: your-github-org
205 # OIDC configuration as an alternative to dex (optional).
208 # issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
209 # clientID: aaaabbbbccccddddeee
210 # clientSecret: $oidc.azuread.clientSecret
211 # # Optional: set to true to use Azure Workload Identity instead of clientSecret
213 # useWorkloadIdentity: false
215 # Some OIDC providers require a separate clientID for different callback URLs.
216 # For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID
217 # for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will
218 # use the same clientID as the Argo CD server
219 # cliClientID: vvvvwwwwxxxxyyyyzzzz
222 # -----BEGIN CERTIFICATE-----
223 # ... encoded certificate data here ...
224 # -----END CERTIFICATE-----
226 # Optional list of allowed aud claims. If omitted or empty, defaults to the clientID value above (and the
227 # cliClientID, if that is also specified). If you specify a list and want the clientID to be allowed, you must
228 # explicitly include it in the list.
229 # Token verification will pass if any of the token's audiences matches any of the audiences in this list.
231 # - aaaabbbbccccddddeee
232 # - qqqqwwwweeeerrrrttt
234 # Optional set of OIDC claims to request on the ID token.
235 # requestedIDTokenClaims:
239 # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
245 # PKCE authentication flow processes authorization flow from browser only - default false
247 # make sure the Identity Provider (IdP) is public and doesn't need clientSecret
248 # make sure the Identity Provider (IdP) has this redirect URI registered: https://argocd.example.com/pkce/verify
249 # enablePKCEAuthentication: true
251 # Extension Configuration
252 ## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/
253 # extension.config: |
257 # connectionTimeout: 2s
259 # idleConnectionTimeout: 60s
260 # maxIdleConnections: 30
262 # - url: http://httpbin.org
264 # - name: some-header
265 # value: '$some.argocd.secret.key'
268 # server: https://some-cluster
270 ## Default configuration for ignoreResourceUpdates.
271 ## The ignoreResourceUpdates list contains K8s resource's properties that are known to be frequently updated
272 ## by controllers and operators. These resources, when watched by argo, will cause many unnecessary updates.
274 # -- Ignoring status for all resources. An update will still be sent if the status update causes the health to change.
275 # @default -- See [values.yaml]
276 resource.customizations.ignoreResourceUpdates.all: |
279 # -- Some Application fields are generated and not related to the application updates itself
280 ## The Application itself is already watched by the controller lister, but this configuration is applied for apps of apps
281 # @default -- See [values.yaml]
282 resource.customizations.ignoreResourceUpdates.argoproj.io_Application: |
284 - '.metadata.annotations."notified.notifications.argoproj.io"'
285 - '.metadata.annotations."argocd.argoproj.io/refresh"'
286 - '.metadata.annotations."argocd.argoproj.io/hydrate"'
288 # -- Ignore Argo Rollouts generated fields
289 # @default -- See [values.yaml]
290 resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: |
292 - '.metadata.annotations."notified.notifications.argoproj.io"'
293 # -- Legacy annotations used on HPA autoscaling/v1
294 # @default -- See [values.yaml]
295 resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: |
297 - '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"'
298 - '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"'
299 - '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"'
300 - '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"'
301 # -- Ignore the cluster-autoscaler status
302 # @default -- See [values.yaml]
303 resource.customizations.ignoreResourceUpdates.ConfigMap: |
305 # Ignore the cluster-autoscaler status
306 - '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'
307 # Ignore the annotation of the legacy Leases election
308 - '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"'
309 # -- Ignore the common scaling annotations
310 # @default -- See [values.yaml]
311 resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: |
313 - '.metadata.annotations."deployment.kubernetes.io/desired-replicas"'
314 - '.metadata.annotations."deployment.kubernetes.io/max-replicas"'
315 - '.metadata.annotations."rollout.argoproj.io/desired-replicas"'
316 # -- Ignores update if EndpointSlice is not excluded globally
317 # @default -- See [values.yaml]
318 resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: |
323 # -- Ignores update if Endpoints is not excluded globally
324 # @default -- See [values.yaml]
325 resource.customizations.ignoreResourceUpdates.Endpoints: |
329 ## Default configuration for exclusions.
330 ## The exclusion list are K8s resources that we assume will never be declared in Git,
331 ## and are never child objects of managed resources that need to be presented in the resource tree.
332 ## This list contains high volume and high churn metadata objects which we exclude for performance
333 ## reasons, reducing connections and load to the K8s API servers of managed clusters.
335 # -- Resource Exclusion/Inclusion
336 # @default -- See [values.yaml]
337 resource.exclusions: |
338 ### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter
345 ### Internal Kubernetes resources excluded reduce the number of watched events
347 - coordination.k8s.io
350 ### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events
352 - authentication.k8s.io
353 - authorization.k8s.io
357 - LocalSubjectAccessReview
358 - SelfSubjectAccessReview
359 - SelfSubjectRulesReview
360 - SubjectAccessReview
361 ### Intermediate Certificate Request excluded reduce the number of watched events
363 - certificates.k8s.io
365 - CertificateSigningRequest
370 ### Cilium internal resources excluded reduce the number of watched events and UI Clutter
376 - CiliumEndpointSlice
377 ### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance
384 - ClusterPolicyReport
386 - ClusterEphemeralReport
388 - ClusterAdmissionReport
389 - BackgroundScanReport
390 - ClusterBackgroundScanReport
392 # Argo CD configuration parameters
393 ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
395 # -- Create the argocd-cmd-params-cm configmap
396 # If false, it is expected the configmap will be created by something else.
398 # -- Annotations to be added to the argocd-cmd-params-cm ConfigMap
400 # You can customize parameters by adding parameters here.
403 # Argo CD RBAC policy configuration
404 ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
406 # -- Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions.
407 # If false, it is expected the configmap will be created by something else.
408 # Argo CD will not work if there is no configmap created with the name above.
410 # -- Annotations to be added to argocd-rbac-cm configmap
412 # -- The name of the default role which Argo CD will falls back to, when authorizing API requests (optional).
413 # If omitted or empty, users may be still be able to login, but will see no apps, projects, etc...
415 # -- File containing user-defined policies and role definitions.
416 # @default -- `''` (See [values.yaml])
418 # Policy rules are in the form:
419 # p, subject, resource, action, object, effect
420 # Role definitions and bindings are in the form:
421 # g, subject, inherited-subject
423 # p, role:org-admin, applications, *, */*, allow
424 # p, role:org-admin, clusters, get, *, allow
425 # p, role:org-admin, repositories, *, *, allow
426 # p, role:org-admin, logs, get, *, allow
427 # p, role:org-admin, exec, create, */*, allow
428 # g, your-github-org:your-team, role:org-admin
430 # -- OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
431 # The scope value can be a string, or a list of strings.
433 # -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher.
434 policy.matchMode: "glob"
435 # GnuPG public keys for commit verification
436 ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
438 # -- Annotations to be added to argocd-gpg-keys-cm configmap
440 # -- [GnuPG] public keys to add to the keyring
441 # @default -- `{}` (See [values.yaml])
442 ## Note: Public keys should be exported with `gpg --export --armor <KEY>`
444 # 4AEE18F83AFDEB23: |
445 # -----BEGIN PGP PUBLIC KEY BLOCK-----
447 # -----END PGP PUBLIC KEY BLOCK-----
448 # SSH known hosts for Git repositories
449 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys
451 # -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm.
453 # -- Annotations to be added to argocd-ssh-known-hosts-cm configmap
455 # -- Known hosts to be added to the known host list by default.
456 # @default -- See [values.yaml]
458 [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
459 [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
460 [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
461 bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
462 bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
463 bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
464 github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
465 github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
466 github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
467 gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
468 gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
469 gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
470 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
471 vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
472 # -- Additional known hosts for private repositories
474 # Repository TLS certificates
475 # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca
477 # -- Annotations to be added to argocd-tls-certs-cm configmap
479 # -- TLS certificates for Git repositories
480 # @default -- `{}` (See [values.yaml])
482 # server.example.com: |
483 # -----BEGIN CERTIFICATE-----
485 # -----END CERTIFICATE-----
487 # -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm.
489 # ConfigMap for Config Management Plugins
490 # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/
492 # -- Create the argocd-cmp-cm configmap
494 # -- Annotations to be added to argocd-cmp-cm configmap
496 # -- Plugin yaml files to be added to argocd-cmp-cm
502 # args: [-c, 'echo "Initializing..."']
507 # echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
509 # fileName: "./subdir/s*.yaml"
511 # glob: "**/Chart.yaml"
512 # command: [sh, -c, find . -name env.yaml]
517 # args: [-c, 'echo "Initializing..."']
522 # echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
524 # fileName: "./subdir/s*.yaml"
526 # glob: "**/Chart.yaml"
527 # command: [sh, -c, find . -name env.yaml]
529 # -- Provide one or multiple [external cluster credentials]
530 # @default -- `{}` (See [values.yaml])
532 ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
533 ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials
534 ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters
535 clusterCredentials: {}
537 # server: https://mycluster.example.com
541 # bearerToken: "<authentication token>"
544 # caData: "<base64 encoded certificate>"
546 # server: https://mycluster2.example.com
549 # namespaces: namespace1,namespace2
550 # clusterResources: true
552 # bearerToken: "<authentication token>"
555 # caData: "<base64 encoded certificate>"
556 # mycluster3-project-scoped:
557 # server: https://mycluster3.example.com
560 # project: my-project1
562 # bearerToken: "<authentication token>"
565 # caData: "<base64 encoded certificate>"
566 # mycluster4-sharded:
568 # server: https://mycluster4.example.com
572 # bearerToken: "<authentication token>"
575 # caData: "<base64 encoded certificate>"
577 # -- Repository credentials to be used as Templates for other repos
578 ## Creates a secret for each key/value specified below to create repository credentials
579 credentialTemplates: {}
580 # github-enterprise-creds-1:
581 # url: https://github.com/argoproj
583 # githubAppInstallationID: 2
584 # githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3
585 # githubAppPrivateKey: |
586 # -----BEGIN OPENSSH PRIVATE KEY-----
588 # -----END OPENSSH PRIVATE KEY-----
590 # url: https://github.com/argoproj
591 # password: my-password
592 # username: my-username
594 # url: git@github.com:argoproj-labs
596 # -----BEGIN OPENSSH PRIVATE KEY-----
598 # -----END OPENSSH PRIVATE KEY-----
600 # -- Annotations to be added to `configs.credentialTemplates` Secret
601 credentialTemplatesAnnotations: {}
602 # -- Repositories list to be used by applications
603 ## Creates a secret for each key/value specified below to create repositories
604 ## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates".
607 # url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
611 # url: https://my-private-chart-repo.internal
614 # password: my-password
615 # username: my-username
617 # url: https://github.com/argoproj/private-repo
619 # -- Annotations to be added to `configs.repositories` Secret
620 repositoriesAnnotations: {}
621 # Argo CD sensitive data
622 # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
624 # -- Create the argocd-secret
626 # -- Labels to be added to argocd-secret
628 # -- Annotations to be added to argocd-secret
630 # -- Shared secret for authenticating GitHub webhook events
632 # -- Shared secret for authenticating GitLab webhook events
634 # -- Shared secret for authenticating BitbucketServer webhook events
635 bitbucketServerSecret: ""
636 # -- UUID for authenticating Bitbucket webhook events
638 # -- Shared secret for authenticating Gogs webhook events
642 # -- Shared secret username for authenticating Azure DevOps webhook events
644 # -- Shared secret password for authenticating Azure DevOps webhook events
646 # -- add additional secrets to be added to argocd-secret
647 ## Custom secrets. Useful for injecting SSO secrets into environment variables.
648 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
649 ## Note that all values must be non-empty.
651 # LDAP_PASSWORD: "mypassword"
653 # -- Bcrypt hashed admin password
654 ## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
655 ## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
656 argocdServerAdminPassword: ""
657 # -- Admin password modification time. Eg. `"2006-01-02T15:04:05Z"`
658 # @default -- `""` (defaults to current time)
659 argocdServerAdminPasswordMtime: ""
660 # -- Define custom [CSS styles] for your argo instance.
661 # This setting will automatically mount the provided CSS and reference it in the argo configuration.
662 # @default -- `""` (See [values.yaml])
663 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
667 # background: linear-gradient(to bottom, #999, #777, #333, #222, #111);
669# -- Array of extra K8s manifests to deploy
670## Note: Supports use of custom Helm templates
672# - apiVersion: secrets-store.csi.x-k8s.io/v1
673# kind: SecretProviderClass
675# name: argocd-secrets-store
680# - objectName: "argocd"
681# objectType: "secretsmanager"
684# objectAlias: "client_id"
685# - path: "client_secret"
686# objectAlias: "client_secret"
690# objectName: client_id
691# - key: client_secret
692# objectName: client_secret
693# secretName: argocd-secrets-store
696# app.kubernetes.io/part-of: argocd
698## Application controller
700 # -- Application controller name string
701 name: application-controller
702 # -- The number of application controller pods to run.
703 # Additional replicas will cause sharding of managed clusters across number of replicas.
704 ## With dynamic cluster distribution turned on, sharding of the clusters will gracefully
705 ## rebalance if the number of replica's changes or one becomes unhealthy. (alpha)
707 # -- Enable dynamic cluster distribution (alpha)
708 # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution
709 ## This is done using a deployment instead of a statefulSet
710 ## When replicas are added or removed, the sharding algorithm is re-run to ensure that the
711 ## clusters are distributed according to the algorithm. If the algorithm is well-balanced,
712 ## like round-robin, then the shards will be well-balanced.
713 dynamicClusterDistribution: false
714 # -- Runtime class name for the application controller
715 # @default -- `""` (defaults to global.runtimeClassName)
717 # -- Application controller heartbeat time
718 # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution
720 # -- Maximum number of controller revisions that will be maintained in StatefulSet history
721 revisionHistoryLimit: 5
722 ## Application controller Pod Disruption Budget
723 ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
725 # -- Deploy a [PodDisruptionBudget] for the application controller
727 # -- Labels to be added to application controller pdb
729 # -- Annotations to be added to application controller pdb
731 # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
732 # @default -- `""` (defaults to 0 if not specified)
734 # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
735 ## Has higher precedence over `controller.pdb.minAvailable`
737 ## Application controller Vertical Pod Autoscaler
738 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
740 # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the application controller
742 # -- Labels to be added to application controller vpa
744 # -- Annotations to be added to application controller vpa
746 # -- One of the VPA operation modes
747 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
748 ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
750 # -- Controls how VPA computes the recommended resources for application controller container
751 ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
753 # controlledResources: ["cpu", "memory"]
760 ## Application controller image
762 # -- Repository to use for the application controller
763 # @default -- `""` (defaults to global.image.repository)
765 # -- Tag to use for the application controller
766 # @default -- `""` (defaults to global.image.tag)
768 # -- Image pull policy for the application controller
769 # @default -- `""` (defaults to global.image.imagePullPolicy)
771 # -- Secrets with credentials to pull images from a private registry
772 # @default -- `[]` (defaults to global.imagePullSecrets)
774 # -- Additional command line arguments to pass to application controller
776 # -- Environment variables to pass to application controller
778 # -- envFrom to pass to application controller
779 # @default -- `[]` (See [values.yaml])
782 # name: config-map-name
786 # -- Additional containers to be added to the application controller pod
787 ## Note: Supports use of custom Helm templates
789 # -- Init containers to add to the application controller pod
790 ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin
791 ## you could use this (and the same in the server pod) to provide such executable
792 ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
793 ## Note: Supports use of custom Helm templates
795 # - name: download-tools
799 # - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip &&
800 # mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip &&
801 # mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip
803 # - mountPath: /custom-tools
806 # -- Additional volumeMounts to the application controller main container
808 # - mountPath: /usr/local/bin/kubelogin
812 # -- Additional volumes to the application controller pod
814 # - name: custom-tools
817 ## Application controller emptyDir volumes
819 # -- EmptyDir size limit for application controller
820 # @default -- `""` (defaults not set if not specified i.e. no size limit)
823 # -- Annotations for the application controller StatefulSet
824 statefulsetAnnotations: {}
825 # -- Labels for the application controller StatefulSet
826 statefulsetLabels: {}
827 # -- Annotations for the application controller Deployment
828 deploymentAnnotations: {}
829 # -- Labels for the application controller Deployment
831 # -- Annotations to be added to application controller pods
833 # -- Labels to be added to application controller pods
835 # -- Resource limits and requests for the application controller pods
844 # Application controller container ports
846 # -- Metrics container port
848 # -- Host Network for application controller pods
850 # -- [DNS configuration]
852 # -- Alternative DNS policy for application controller pods
853 dnsPolicy: "ClusterFirst"
854 # -- Application controller container-level security context
855 # @default -- See [values.yaml]
856 containerSecurityContext:
858 readOnlyRootFilesystem: true
859 allowPrivilegeEscalation: false
865 # Readiness probe for application controller
866 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
868 # -- Http path to use for the readiness probe
870 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
872 # -- Number of seconds after the container has started before [probe] is initiated
873 initialDelaySeconds: 10
874 # -- How often (in seconds) to perform the [probe]
876 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
878 # -- Number of seconds after which the [probe] times out
880 ## Startup probe for application controller (optional)
881 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
883 # -- Enable Kubernetes startup probe for application controller
885 # -- Http path to use for the startup probe
887 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
889 # -- Number of seconds after the container has started before [probe] is initiated
890 initialDelaySeconds: 10
891 # -- How often (in seconds) to perform the [probe]
893 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
895 # -- Number of seconds after which the [probe] times out
897 # -- terminationGracePeriodSeconds for container lifecycle hook
898 terminationGracePeriodSeconds: 30
899 # -- Priority class for the application controller pods
900 # @default -- `""` (defaults to global.priorityClassName)
901 priorityClassName: ""
903 # @default -- `{}` (defaults to global.nodeSelector)
905 # -- [Tolerations] for use with node taints
906 # @default -- `[]` (defaults to global.tolerations)
908 # -- Assign custom [affinity] rules to the deployment
909 # @default -- `{}` (defaults to global.affinity preset)
911 # -- Assign custom [TopologySpreadConstraints] rules to the application controller
912 # @default -- `[]` (defaults to global.topologySpreadConstraints)
913 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
914 ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
915 topologySpreadConstraints: []
917 # topologyKey: topology.kubernetes.io/zone
918 # whenUnsatisfiable: DoNotSchedule
920 # -- Automount API credentials for the Service Account into the pod.
921 automountServiceAccountToken: true
923 # -- Create a service account for the application controller
925 # -- Service account name
926 name: argocd-application-controller
927 # -- Annotations applied to created service account
929 # -- Labels applied to created service account
931 # -- Automount API credentials for the Service Account
932 automountServiceAccountToken: true
933 ## Application controller metrics configuration
935 # -- Deploy metrics service
938 # -- Enables additional labels in argocd_app_labels metric
940 # -- Additional labels
943 # -- Metrics service type
945 # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
947 # -- Metrics service annotations
949 # -- Metrics service labels
951 # -- Metrics service port
953 # -- Metrics service port name
954 portName: http-metrics
956 # -- Enable a prometheus ServiceMonitor
958 # -- Prometheus ServiceMonitor interval
960 # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
962 # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
964 # -- Prometheus [RelabelConfigs] to apply to samples before scraping
966 # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
967 metricRelabelings: []
968 # -- Prometheus ServiceMonitor selector
970 # prometheus: kube-prometheus
972 # -- Prometheus ServiceMonitor scheme
974 # -- Prometheus ServiceMonitor tlsConfig
976 # -- Prometheus ServiceMonitor namespace
977 namespace: "" # "monitoring"
978 # -- Prometheus ServiceMonitor labels
980 # -- Prometheus ServiceMonitor annotations
983 # -- Deploy a PrometheusRule for the application controller
985 # -- PrometheusRule namespace
986 namespace: "" # "monitoring"
987 # -- PrometheusRule selector
989 # prometheus: kube-prometheus
991 # -- PrometheusRule labels
993 # -- PrometheusRule annotations
995 # -- PrometheusRule.Spec for the application controller
997 # - alert: ArgoAppMissing
999 # absent(argocd_app_info) == 1
1002 # severity: critical
1004 # summary: "[Argo CD] No reported applications"
1006 # Argo CD has not reported any applications data for the past 15 minutes which
1007 # means that it must be down or not functioning properly. This needs to be
1008 # resolved for this cloud to continue to maintain state.
1009 # - alert: ArgoAppNotSynced
1011 # argocd_app_info{sync_status!="Synced"} == 1
1016 # summary: "[{{ $labels.name }}] Application not synchronized"
1018 # The application {{ $labels.name }} has not been synchronized for over
1019 # 12 hours which means that the state of this cloud has drifted away from the
1021 ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
1024 # -- Enable custom rules for the application controller's ClusterRole resource
1026 # -- List of custom rules for the application controller's ClusterRole resource
1028 ## Enable this and set the rules: to whatever custom rules you want for the Role resource.
1030 # -- List of custom rules for the application controller's Role resource
1032 # Default application controller's network policy
1034 # -- Default network policy rules used by application controller
1035 # @default -- `false` (defaults to global.networkPolicy.create)
1043 # -- Additional command line arguments to pass to the Dex server
1045 # -- Runtime class name for Dex
1046 # @default -- `""` (defaults to global.runtimeClassName)
1047 runtimeClassName: ""
1049 # -- Deploy metrics service
1052 # -- Metrics service annotations
1054 # -- Metrics service labels
1056 # -- Metrics service port name
1057 portName: http-metrics
1059 # -- Enable a prometheus ServiceMonitor
1061 # -- Prometheus ServiceMonitor interval
1063 # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
1065 # -- Prometheus [RelabelConfigs] to apply to samples before scraping
1067 # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
1068 metricRelabelings: []
1069 # -- Prometheus ServiceMonitor selector
1071 # prometheus: kube-prometheus
1073 # -- Prometheus ServiceMonitor scheme
1075 # -- Prometheus ServiceMonitor tlsConfig
1077 # -- Prometheus ServiceMonitor namespace
1078 namespace: "" # "monitoring"
1079 # -- Prometheus ServiceMonitor labels
1080 additionalLabels: {}
1081 # -- Prometheus ServiceMonitor annotations
1083 ## Dex Pod Disruption Budget
1084 ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1086 # -- Deploy a [PodDisruptionBudget] for the Dex server
1088 # -- Labels to be added to Dex server pdb
1090 # -- Annotations to be added to Dex server pdb
1092 # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
1093 # @default -- `""` (defaults to 0 if not specified)
1095 # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
1096 ## Has higher precedence over `dex.pdb.minAvailable`
1098 ## Dex Vertical Pod Autoscaler
1099 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
1101 # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Dex server
1103 # -- Labels to be added to Dex server vpa
1105 # -- Annotations to be added to Dex server vpa
1107 # -- One of the VPA operation modes
1108 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
1109 ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
1111 # -- Controls how VPA computes the recommended resources for Dex server container
1112 ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
1114 # controlledResources: ["cpu", "memory"]
1123 # -- Dex image repository
1124 repository: cgr.dev/chainguard-private/dex
1126 tag: latest@sha256:8347bcd144da51fb8b0c410f015c75805dff3706b29064529ae7571f700e12ee
1127 # -- Dex imagePullPolicy
1128 # @default -- `""` (defaults to global.image.imagePullPolicy)
1130 # -- Secrets with credentials to pull images from a private registry
1131 # @default -- `[]` (defaults to global.imagePullSecrets)
1132 imagePullSecrets: []
1133 # Argo CD init image that creates Dex config
1135 # -- Argo CD init image repository
1136 # @default -- `""` (defaults to global.image.repository)
1138 # -- Argo CD init image tag
1139 # @default -- `""` (defaults to global.image.tag)
1141 # -- Argo CD init image imagePullPolicy
1142 # @default -- `""` (defaults to global.image.imagePullPolicy)
1144 # -- Argo CD init image resources
1145 # @default -- `{}` (defaults to dex.resources)
1153 # -- Environment variables to pass to the Dex server
1155 # -- envFrom to pass to the Dex server
1156 # @default -- `[]` (See [values.yaml])
1159 # name: config-map-name
1163 # -- Additional containers to be added to the dex pod
1164 ## Note: Supports use of custom Helm templates
1166 # -- Init containers to add to the dex pod
1167 ## Note: Supports use of custom Helm templates
1169 # -- Additional volumeMounts to the dex main container
1171 # -- Additional volumes to the dex pod
1173 ## Dex server emptyDir volumes
1175 # -- EmptyDir size limit for Dex server
1176 # @default -- `""` (defaults not set if not specified i.e. no size limit)
1179 # TLS certificate configuration via Secret
1180 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server
1181 ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers.
1183 # -- Create argocd-dex-server-tls secret
1185 # -- Labels to be added to argocd-dex-server-tls secret
1187 # -- Annotations to be added to argocd-dex-server-tls secret
1189 # -- Certificate authority. Required for self-signed certificates.
1191 # -- Certificate private key
1193 # -- Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc)
1195 # -- Annotations to be added to the Dex server Deployment
1196 deploymentAnnotations: {}
1197 # -- Labels for the Dex server Deployment
1198 deploymentLabels: {}
1199 # -- Annotations to be added to the Dex server pods
1201 # -- Labels to be added to the Dex server pods
1203 # -- Resource limits and requests for dex
1212 # Dex container ports
1213 # NOTE: These ports are currently hardcoded and cannot be changed
1215 # -- HTTP container port
1217 # -- gRPC container port
1219 # -- Metrics container port
1221 # -- [DNS configuration]
1223 # -- Alternative DNS policy for Dex server pods
1224 dnsPolicy: "ClusterFirst"
1225 # -- Dex container-level security context
1226 # @default -- See [values.yaml]
1227 containerSecurityContext:
1230 readOnlyRootFilesystem: true
1231 allowPrivilegeEscalation: false
1233 type: RuntimeDefault
1237 ## Probes for Dex server
1238 ## Supported from Dex >= 2.28.0
1240 # -- Enable Kubernetes liveness probe for Dex >= 2.28.0
1242 # -- Http path to use for the liveness probe
1243 httpPath: /healthz/live
1244 # -- Http port to use for the liveness probe
1246 # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
1248 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1250 # -- Number of seconds after the container has started before [probe] is initiated
1251 initialDelaySeconds: 10
1252 # -- How often (in seconds) to perform the [probe]
1254 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1256 # -- Number of seconds after which the [probe] times out
1259 # -- Enable Kubernetes readiness probe for Dex >= 2.28.0
1261 # -- Http path to use for the readiness probe
1262 httpPath: /healthz/ready
1263 # -- Http port to use for the readiness probe
1265 # -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
1267 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1269 # -- Number of seconds after the container has started before [probe] is initiated
1270 initialDelaySeconds: 10
1271 # -- How often (in seconds) to perform the [probe]
1273 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1275 # -- Number of seconds after which the [probe] times out
1277 ## Startup probe for Dex server (optional)
1278 ## Supported from Dex >= 2.28.0
1280 # -- Enable Kubernetes startup probe for Dex >= 2.28.0
1282 # -- Http path to use for the startup probe
1283 httpPath: /healthz/ready
1284 # -- Http port to use for the startup probe
1286 # -- Scheme to use for the startup probe (can be HTTP or HTTPS)
1288 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1289 failureThreshold: 20
1290 # -- Number of seconds after the container has started before [probe] is initiated
1291 initialDelaySeconds: 10
1292 # -- How often (in seconds) to perform the [probe]
1294 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1296 # -- Number of seconds after which the [probe] times out
1298 # -- terminationGracePeriodSeconds for container lifecycle hook
1299 terminationGracePeriodSeconds: 30
1300 # -- Automount API credentials for the Service Account into the pod.
1301 automountServiceAccountToken: true
1303 # -- Create dex service account
1305 # -- Dex service account name
1306 name: argocd-dex-server
1307 # -- Annotations applied to created service account
1309 # -- Automount API credentials for the Service Account
1310 automountServiceAccountToken: true
1311 # -- Service port for HTTP access
1312 servicePortHttp: 5556
1313 # -- Service port name for HTTP access
1314 servicePortHttpName: http
1315 # -- Service port for gRPC access
1316 servicePortGrpc: 5557
1317 # -- Service port name for gRPC access
1318 servicePortGrpcName: grpc
1319 # -- Service port for metrics access
1320 servicePortMetrics: 5558
1321 # -- Priority class for the dex pods
1322 # @default -- `""` (defaults to global.priorityClassName)
1323 priorityClassName: ""
1324 # -- [Node selector]
1325 # @default -- `{}` (defaults to global.nodeSelector)
1327 # -- [Tolerations] for use with node taints
1328 # @default -- `[]` (defaults to global.tolerations)
1330 # -- Assign custom [affinity] rules to the deployment
1331 # @default -- `{}` (defaults to global.affinity preset)
1333 # -- Assign custom [TopologySpreadConstraints] rules to dex
1334 # @default -- `[]` (defaults to global.topologySpreadConstraints)
1335 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
1336 ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
1337 topologySpreadConstraints: []
1339 # topologyKey: topology.kubernetes.io/zone
1340 # whenUnsatisfiable: DoNotSchedule
1342 # -- Deployment strategy to be added to the Dex server Deployment
1343 deploymentStrategy: {}
1344 # type: RollingUpdate
1347 # maxUnavailable: 25%
1349 # Default Dex server's network policy
1351 # -- Default network policy rules used by Dex server
1352 # @default -- `false` (defaults to global.networkPolicy.create)
1354 # DEPRECATED - Use configs.params to override
1355 # -- Dex log format. Either `text` or `json`
1356 # @default -- `""` (defaults to global.logging.format)
1358 # -- Dex log level. One of: `debug`, `info`, `warn`, `error`
1359 # @default -- `""` (defaults to global.logging.level)
1367 # -- Runtime class name for redis
1368 # @default -- `""` (defaults to global.runtimeClassName)
1369 runtimeClassName: ""
1370 ## Redis Pod Disruption Budget
1371 ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1373 # -- Deploy a [PodDisruptionBudget] for the Redis
1375 # -- Labels to be added to Redis pdb
1377 # -- Annotations to be added to Redis pdb
1379 # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
1380 # @default -- `""` (defaults to 0 if not specified)
1382 # -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
1383 ## Has higher precedence over `redis.pdb.minAvailable`
1385 ## Redis Vertical Pod Autoscaler
1386 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
1388 # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Redis
1390 # -- Labels to be added to Redis vpa
1392 # -- Annotations to be added to Redis vpa
1394 # -- One of the VPA operation modes
1395 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
1396 ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
1398 # -- Controls how VPA computes the recommended resources for Redis container
1399 ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
1401 # controlledResources: ["cpu", "memory"]
1410 # -- Redis repository
1411 repository: cgr.dev/chainguard-private/redis
1413 ## Do not use 7.4.0 <= v < 8.0.0, otherwise you are no longer using an open source version of Redis
1414 tag: latest@sha256:2234bfd693ae4ed64d678587ef480235a289cb95e7e18572f8f608a2053e228e
1415 # -- Redis image pull policy
1416 # @default -- `""` (defaults to global.image.imagePullPolicy)
1418 ## Prometheus redis-exporter sidecar
1420 # -- Enable Prometheus redis-exporter sidecar
1422 # -- Environment variables to pass to the Redis exporter
1424 ## Prometheus redis-exporter image
1426 # -- Repository to use for the redis-exporter
1427 repository: cgr.dev/chainguard-private/prometheus-redis-exporter
1428 # -- Tag to use for the redis-exporter
1429 tag: latest@sha256:cfd9e5492325c5da2c1d1f6cb7326a1293c71cb435a2c02b88f1770405c7e08d
1430 # -- Image pull policy for the redis-exporter
1431 # @default -- `""` (defaults to global.image.imagePullPolicy)
1433 # -- Redis exporter security context
1434 # @default -- See [values.yaml]
1435 containerSecurityContext:
1437 readOnlyRootFilesystem: true
1438 allowPrivilegeEscalation: false
1440 type: RuntimeDefault
1444 ## Probes for Redis exporter (optional)
1445 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
1447 # -- Enable Kubernetes liveness probe for Redis exporter (optional)
1449 # -- Number of seconds after the container has started before [probe] is initiated
1450 initialDelaySeconds: 30
1451 # -- How often (in seconds) to perform the [probe]
1453 # -- Number of seconds after which the [probe] times out
1455 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1457 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1460 # -- Enable Kubernetes liveness probe for Redis exporter
1462 # -- Number of seconds after the container has started before [probe] is initiated
1463 initialDelaySeconds: 30
1464 # -- How often (in seconds) to perform the [probe]
1466 # -- Number of seconds after which the [probe] times out
1468 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1470 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1472 # -- Resource limits and requests for redis-exporter sidecar
1480 # -- Secrets with credentials to pull images from a private registry
1481 # @default -- `[]` (defaults to global.imagePullSecrets)
1482 imagePullSecrets: []
1483 # -- Additional command line arguments to pass to redis-server
1488 # -- Environment variables to pass to the Redis server
1490 # -- envFrom to pass to the Redis server
1491 # @default -- `[]` (See [values.yaml])
1494 # name: config-map-name
1498 ## Probes for Redis server (optional)
1499 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
1501 # -- Enable Kubernetes liveness probe for Redis server
1503 # -- Number of seconds after the container has started before [probe] is initiated
1504 initialDelaySeconds: 30
1505 # -- How often (in seconds) to perform the [probe]
1507 # -- Number of seconds after which the [probe] times out
1509 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1511 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1514 # -- Enable Kubernetes liveness probe for Redis server
1516 # -- Number of seconds after the container has started before [probe] is initiated
1517 initialDelaySeconds: 30
1518 # -- How often (in seconds) to perform the [probe]
1520 # -- Number of seconds after which the [probe] times out
1522 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1524 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1526 # -- Additional containers to be added to the redis pod
1527 ## Note: Supports use of custom Helm templates
1529 # -- Init containers to add to the redis pod
1530 ## Note: Supports use of custom Helm templates
1532 # -- Additional volumeMounts to the redis container
1534 # -- Additional volumes to the redis pod
1536 # -- Annotations to be added to the Redis server Deployment
1537 deploymentAnnotations: {}
1538 # -- Labels for the Redis server Deployment
1539 deploymentLabels: {}
1540 # -- Annotations to be added to the Redis server pods
1542 # -- Labels to be added to the Redis server pods
1544 # -- Resource limits and requests for redis
1553 # -- Redis pod-level security context
1554 # @default -- See [values.yaml]
1559 type: RuntimeDefault
1560 # Redis container ports
1562 # -- Redis container port
1564 # -- Metrics container port
1566 # -- [DNS configuration]
1568 # -- Alternative DNS policy for Redis server pods
1569 dnsPolicy: "ClusterFirst"
1570 # -- Redis container-level security context
1571 # @default -- See [values.yaml]
1572 containerSecurityContext:
1573 readOnlyRootFilesystem: true
1574 allowPrivilegeEscalation: false
1578 # -- Redis service port
1580 # -- Priority class for redis pods
1581 # @default -- `""` (defaults to global.priorityClassName)
1582 priorityClassName: ""
1583 # -- [Node selector]
1584 # @default -- `{}` (defaults to global.nodeSelector)
1586 # -- [Tolerations] for use with node taints
1587 # @default -- `[]` (defaults to global.tolerations)
1589 # -- Assign custom [affinity] rules to the deployment
1590 # @default -- `{}` (defaults to global.affinity preset)
1592 # -- Assign custom [TopologySpreadConstraints] rules to redis
1593 # @default -- `[]` (defaults to global.topologySpreadConstraints)
1594 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
1595 ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
1596 topologySpreadConstraints: []
1598 # topologyKey: topology.kubernetes.io/zone
1599 # whenUnsatisfiable: DoNotSchedule
1601 # -- terminationGracePeriodSeconds for container lifecycle hook
1602 terminationGracePeriodSeconds: 30
1603 # -- Automount API credentials for the Service Account into the pod.
1604 automountServiceAccountToken: true
1606 # -- Create a service account for the redis pod
1608 # -- Service account name for redis pod
1610 # -- Annotations applied to created service account
1612 # -- Automount API credentials for the Service Account
1613 automountServiceAccountToken: false
1615 # -- Redis service annotations
1617 # -- Additional redis service labels
1620 # -- Deploy metrics service
1622 # Redis metrics service configuration
1624 # -- Metrics service type
1626 # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
1628 # -- Metrics service annotations
1630 # -- Metrics service labels
1632 # -- Metrics service port
1634 # -- Metrics service port name
1635 portName: http-metrics
1637 # -- Enable a prometheus ServiceMonitor
1639 # -- Interval at which metrics should be scraped
1641 # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
1643 # -- Prometheus [RelabelConfigs] to apply to samples before scraping
1645 # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
1646 metricRelabelings: []
1647 # -- Prometheus ServiceMonitor selector
1649 # prometheus: kube-prometheus
1651 # -- Prometheus ServiceMonitor scheme
1653 # -- Prometheus ServiceMonitor tlsConfig
1655 # -- Prometheus ServiceMonitor namespace
1656 namespace: "" # "monitoring"
1657 # -- Prometheus ServiceMonitor labels
1658 additionalLabels: {}
1659 # -- Prometheus ServiceMonitor annotations
1661 # Default redis's network policy
1663 # -- Default network policy rules used by redis
1664 # @default -- `false` (defaults to global.networkPolicy.create)
1666## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true`
1667# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml
1669 # -- Enables the Redis HA subchart and disables the custom Redis single node deployment
1673 # -- Redis repository
1674 repository: ecr-public.aws.com/docker/library/redis
1676 ## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis
1678 ## Prometheus redis-exporter sidecar
1680 # -- Enable Prometheus redis-exporter sidecar
1682 # -- Repository to use for the redis-exporter
1683 image: ghcr.io/oliver006/redis_exporter
1684 # -- Tag to use for the redis-exporter
1687 # -- Configures persistence on Redis nodes
1689 ## Redis specific configuration options
1691 # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated
1692 masterGroupName: argocd
1693 # -- Any valid redis config options in this section will be applied to each server (see `redis-ha` chart)
1694 # @default -- See [values.yaml]
1696 # -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled
1697 # @default -- `'""'`
1699 ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
1701 # -- Enabled HAProxy LoadBalancing/Proxy
1703 # -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI.
1705 app.kubernetes.io/name: argocd-redis-ha-haproxy
1707 # -- HAProxy Image Repository
1708 repository: ecr-public.aws.com/docker/library/haproxy
1710 # -- HAProxy enable prometheus metric scraping
1712 # -- Whether the haproxy pods should be forced to run on separate nodes.
1713 hardAntiAffinity: true
1714 # -- Additional affinities to add to the haproxy pods.
1715 additionalAffinities: {}
1716 # -- Assign custom [affinity] rules to the haproxy pods.
1718 # -- [Tolerations] for use with node taints for haproxy pods.
1720 # -- HAProxy container-level security context
1721 # @default -- See [values.yaml]
1722 containerSecurityContext:
1723 readOnlyRootFilesystem: true
1724 # -- Configures redis-ha with AUTH
1726 # -- Existing Secret to use for redis-ha authentication.
1727 # By default the redis-secret-init Job is generating this Secret.
1728 existingSecret: argocd-redis
1729 # -- Whether the Redis server pods should be forced to run on separate nodes.
1730 hardAntiAffinity: true
1731 # -- Additional affinities to add to the Redis server pods.
1732 additionalAffinities: {}
1733 # -- Assign custom [affinity] rules to the Redis pods.
1735 # -- [Tolerations] for use with node taints for Redis pods.
1737 # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods.
1738 ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
1739 topologySpreadConstraints:
1740 # -- Enable Redis HA topology spread constraints
1742 # -- Max skew of pods tolerated
1743 # @default -- `""` (defaults to `1`)
1745 # -- Topology key for spread
1746 # @default -- `""` (defaults to `topology.kubernetes.io/zone`)
1748 # -- Enforcement policy, hard or soft
1749 # @default -- `""` (defaults to `ScheduleAnyway`)
1750 whenUnsatisfiable: ""
1751 # -- Redis HA statefulset container-level security context
1752 # @default -- See [values.yaml]
1753 containerSecurityContext:
1754 readOnlyRootFilesystem: true
1755# External Redis parameters
1757 # -- External Redis server host
1759 # -- External Redis username
1761 # -- External Redis password
1763 # -- External Redis server port
1765 # -- The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials.
1766 # When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored
1768 # -- External Redis Secret annotations
1769 secretAnnotations: {}
1771 # -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods
1773 # -- Redis secret-init name
1774 name: redis-secret-init
1776 # -- Repository to use for the Redis secret-init Job
1777 # @default -- `""` (defaults to global.image.repository)
1778 repository: "" # defaults to global.image.repository
1779 # -- Tag to use for the Redis secret-init Job
1780 # @default -- `""` (defaults to global.image.tag)
1781 tag: "" # defaults to global.image.tag
1782 # -- Image pull policy for the Redis secret-init Job
1783 # @default -- `""` (defaults to global.image.imagePullPolicy)
1784 imagePullPolicy: "" # IfNotPresent
1785 # -- Additional command line arguments for the Redis secret-init Job
1787 # -- Secrets with credentials to pull images from a private registry
1788 # @default -- `[]` (defaults to global.imagePullSecrets)
1789 imagePullSecrets: []
1790 # -- Runtime class name for the Redis secret-init Job
1791 # @default -- `""` (defaults to global.runtimeClassName)
1792 runtimeClassName: ""
1793 # -- Annotations to be added to the Redis secret-init Job
1795 # -- Annotations to be added to the Redis secret-init Job
1797 # -- Labels to be added to the Redis secret-init Job
1799 # -- Resource limits and requests for Redis secret-init Job
1808 # -- Application controller container-level security context
1809 # @default -- See [values.yaml]
1810 containerSecurityContext:
1811 allowPrivilegeEscalation: false
1815 readOnlyRootFilesystem: true
1818 type: RuntimeDefault
1819 # -- Redis secret-init Job pod-level security context
1822 # -- Create a service account for the redis pod
1824 # -- Service account name for redis pod
1826 # -- Annotations applied to created service account
1828 # -- Automount API credentials for the Service Account
1829 automountServiceAccountToken: true
1830 # -- Priority class for Redis secret-init Job
1831 # @default -- `""` (defaults to global.priorityClassName)
1832 priorityClassName: ""
1833 # -- Assign custom [affinity] rules to the Redis secret-init Job
1835 # -- Node selector to be added to the Redis secret-init Job
1836 # @default -- `{}` (defaults to global.nodeSelector)
1838 # -- Tolerations to be added to the Redis secret-init Job
1839 # @default -- `[]` (defaults to global.tolerations)
1843 # -- Argo CD server name
1845 # -- The number of server pods to run
1847 # -- Runtime class name for the Argo CD server
1848 # @default -- `""` (defaults to global.runtimeClassName)
1849 runtimeClassName: ""
1850 ## Argo CD server Horizontal Pod Autoscaler
1852 # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server
1854 # -- Minimum number of replicas for the Argo CD server [HPA]
1856 # -- Maximum number of replicas for the Argo CD server [HPA]
1858 # -- Average CPU utilization percentage for the Argo CD server [HPA]
1859 targetCPUUtilizationPercentage: 50
1860 # -- Average memory utilization percentage for the Argo CD server [HPA]
1861 targetMemoryUtilizationPercentage: 50
1862 # -- Configures the scaling behavior of the target in both Up and Down directions.
1865 # stabilizationWindowSeconds: 300
1869 # periodSeconds: 180
1871 # stabilizationWindowSeconds: 300
1876 # -- Configures custom HPA metrics for the Argo CD server
1877 # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
1879 ## Argo CD server Pod Disruption Budget
1880 ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1882 # -- Deploy a [PodDisruptionBudget] for the Argo CD server
1884 # -- Labels to be added to Argo CD server pdb
1886 # -- Annotations to be added to Argo CD server pdb
1888 # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
1889 # @default -- `""` (defaults to 0 if not specified)
1891 # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
1892 ## Has higher precedence over `server.pdb.minAvailable`
1894 ## Argo CD server Vertical Pod Autoscaler
1895 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
1897 # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Argo CD server
1899 # -- Labels to be added to Argo CD server vpa
1901 # -- Annotations to be added to Argo CD server vpa
1903 # -- One of the VPA operation modes
1904 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
1905 ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
1907 # -- Controls how VPA computes the recommended resources for Argo CD server container
1908 ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
1910 # controlledResources: ["cpu", "memory"]
1917 ## Argo CD server image
1919 # -- Repository to use for the Argo CD server
1920 # @default -- `""` (defaults to global.image.repository)
1921 repository: "" # defaults to global.image.repository
1922 # -- Tag to use for the Argo CD server
1923 # @default -- `""` (defaults to global.image.tag)
1924 tag: "" # defaults to global.image.tag
1925 # -- Image pull policy for the Argo CD server
1926 # @default -- `""` (defaults to global.image.imagePullPolicy)
1927 imagePullPolicy: "" # IfNotPresent
1928 # -- Secrets with credentials to pull images from a private registry
1929 # @default -- `[]` (defaults to global.imagePullSecrets)
1930 imagePullSecrets: []
1931 # -- Additional command line arguments to pass to Argo CD server
1933 # -- Environment variables to pass to Argo CD server
1935 # -- envFrom to pass to Argo CD server
1936 # @default -- `[]` (See [values.yaml])
1939 # name: config-map-name
1943 # -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container
1945 ## Argo CD extensions
1946 ## This function in tech preview stage, do expect instability or breaking changes in newer versions.
1947 ## Ref: https://github.com/argoproj-labs/argocd-extension-installer
1948 ## When you enable extensions, you need to configure RBAC of logged in Argo CD user.
1949 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource
1951 # -- Enable support for Argo CD extensions
1953 ## Argo CD extension installer image
1955 # -- Repository to use for extension installer image
1956 repository: cgr.dev/chainguard-private/argocd-extension-installer
1957 # -- Tag to use for extension installer image
1958 tag: latest@sha256:a03f9f2f22735e47f8a8979026e0be9ba1f373176c5cbc1d85a74507944bcd6d
1959 # -- Image pull policy for extensions
1960 # @default -- `""` (defaults to global.image.imagePullPolicy)
1962 # -- Extensions for Argo CD
1963 # @default -- `[]` (See [values.yaml])
1964 ## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension
1966 # - name: extension-metrics
1968 # - name: EXTENSION_URL
1969 # value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
1970 # - name: EXTENSION_CHECKSUM_URL
1971 # value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt
1973 # -- Server UI extensions container-level security context
1974 # @default -- See [values.yaml]
1975 containerSecurityContext:
1977 readOnlyRootFilesystem: true
1978 allowPrivilegeEscalation: false
1981 type: RuntimeDefault
1985 # -- Resource limits and requests for the argocd-extensions container
1993 # -- Additional containers to be added to the server pod
1994 ## Note: Supports use of custom Helm templates
1996 # - name: my-sidecar
1997 # image: nginx:latest
1998 # - name: lemonldap-ng-controller
1999 # image: lemonldapng/lemonldap-ng-controller:0.2.0
2001 # - /lemonldap-ng-controller
2002 # - --alsologtostderr
2003 # - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
2008 # fieldPath: metadata.name
2009 # - name: POD_NAMESPACE
2012 # fieldPath: metadata.namespace
2014 # - name: copy-portal-skins
2015 # mountPath: /srv/var/lib/lemonldap-ng/portal/skins
2017 # -- Init containers to add to the server pod
2018 ## If your target Kubernetes cluster(s) require a custom credential (exec) plugin
2019 ## you could use this (and the same in the application controller pod) to provide such executable
2020 ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
2022 # - name: download-tools
2026 # - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip &&
2027 # mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip &&
2028 # mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip
2030 # - mountPath: /custom-tools
2031 # name: custom-tools
2033 # -- Additional volumeMounts to the server main container
2035 # - mountPath: /usr/local/bin/kubelogin
2036 # name: custom-tools
2037 # subPath: kubelogin
2039 # -- Additional volumes to the server pod
2041 # - name: custom-tools
2044 ## Argo CD server emptyDir volumes
2046 # -- EmptyDir size limit for the Argo CD server
2047 # @default -- `""` (defaults not set if not specified i.e. no size limit)
2050 # -- Annotations to be added to server Deployment
2051 deploymentAnnotations: {}
2052 # -- Labels for the server Deployment
2053 deploymentLabels: {}
2054 # -- Annotations to be added to server pods
2056 # -- Labels to be added to server pods
2058 # -- Resource limits and requests for the Argo CD server
2067 # Server container ports
2069 # -- Server container port
2071 # -- Metrics container port
2073 # -- Host Network for Server pods
2075 # -- [DNS configuration]
2077 # -- Alternative DNS policy for Server pods
2078 dnsPolicy: "ClusterFirst"
2079 # -- Server container-level security context
2080 # @default -- See [values.yaml]
2081 containerSecurityContext:
2083 readOnlyRootFilesystem: true
2084 allowPrivilegeEscalation: false
2086 type: RuntimeDefault
2090 ## Readiness and liveness probes for default backend
2091 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2093 # -- Enable Kubernetes readiness probe for default backend
2095 # -- Http path to use for the readiness probe
2097 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2099 # -- Number of seconds after the container has started before [probe] is initiated
2100 initialDelaySeconds: 10
2101 # -- How often (in seconds) to perform the [probe]
2103 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2105 # -- Number of seconds after which the [probe] times out
2108 # -- Enable Kubernetes liveness probe for default backend
2110 # -- Http path to use for the liveness probe
2111 httpPath: /healthz?full=true
2112 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2114 # -- Number of seconds after the container has started before [probe] is initiated
2115 initialDelaySeconds: 10
2116 # -- How often (in seconds) to perform the [probe]
2118 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2120 # -- Number of seconds after which the [probe] times out
2122 ## Startup probe for Argo CD server (optional)
2123 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2125 # -- Enable Kubernetes startup probe for Argo CD server
2127 # -- Http path to use for the startup probe
2129 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2130 failureThreshold: 20
2131 # -- Number of seconds after the container has started before [probe] is initiated
2132 initialDelaySeconds: 10
2133 # -- How often (in seconds) to perform the [probe]
2135 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2137 # -- Number of seconds after which the [probe] times out
2139 # -- terminationGracePeriodSeconds for container lifecycle hook
2140 terminationGracePeriodSeconds: 30
2141 # -- Priority class for the Argo CD server pods
2142 # @default -- `""` (defaults to global.priorityClassName)
2143 priorityClassName: ""
2144 # -- [Node selector]
2145 # @default -- `{}` (defaults to global.nodeSelector)
2147 # -- [Tolerations] for use with node taints
2148 # @default -- `[]` (defaults to global.tolerations)
2150 # -- Assign custom [affinity] rules to the deployment
2151 # @default -- `{}` (defaults to global.affinity preset)
2153 # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server
2154 # @default -- `[]` (defaults to global.topologySpreadConstraints)
2155 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2156 ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
2157 topologySpreadConstraints: []
2159 # topologyKey: topology.kubernetes.io/zone
2160 # whenUnsatisfiable: DoNotSchedule
2162 # -- Deployment strategy to be added to the server Deployment
2163 deploymentStrategy: {}
2164 # type: RollingUpdate
2167 # maxUnavailable: 25%
2169 # TLS certificate configuration via cert-manager
2170 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
2172 # -- Deploy a Certificate resource (requires cert-manager)
2174 # -- Certificate primary domain (commonName)
2175 # @default -- `""` (defaults to global.domain)
2177 # -- Certificate Subject Alternate Names (SANs)
2179 # -- The requested 'duration' (i.e. lifetime) of the certificate.
2180 # @default -- `""` (defaults to 2160h = 90d if not specified)
2181 ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
2183 # -- How long before the expiry a certificate should be renewed.
2184 # @default -- `""` (defaults to 360h = 15d if not specified)
2185 ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
2187 # Certificate issuer
2188 ## Ref: https://cert-manager.io/docs/concepts/issuer
2190 # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
2192 # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
2194 # -- Certificate issuer name. Eg. `letsencrypt`
2196 # Private key of the certificate
2198 # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
2199 rotationPolicy: Never
2200 # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
2202 # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
2204 # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
2206 # -- Annotations to be applied to the Server Certificate
2208 # -- Usages for the certificate
2209 ### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage
2211 # -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources
2212 secretTemplateAnnotations: {}
2213 # TLS certificate configuration via Secret
2214 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
2216 # -- Create argocd-server-tls secret
2218 # -- Annotations to be added to argocd-server-tls secret
2220 # -- Labels to be added to argocd-server-tls secret
2222 # -- Private Key of the certificate
2224 # -- Certificate data
2226 ## Server service configuration
2228 # -- Server service annotations
2230 # -- Server service labels
2232 # -- Server service type
2234 # -- Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort")
2236 # -- Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort")
2237 nodePortHttps: 30443
2238 # -- Server service http port
2240 # -- Server service https port
2241 servicePortHttps: 443
2242 # -- Server service http port name, can be used to route traffic via istio
2243 servicePortHttpName: http
2244 # -- Server service https port name, can be used to route traffic via istio
2245 servicePortHttpsName: https
2246 # -- Server service https port appProtocol
2247 ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
2248 servicePortHttpsAppProtocol: ""
2249 # -- The class of the load balancer implementation
2250 loadBalancerClass: ""
2251 # -- LoadBalancer will get created with the IP specified in this field
2253 # -- Source IP ranges to allow access to service from
2254 ## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer
2255 ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb
2256 loadBalancerSourceRanges: []
2257 # -- Server service external IPs
2259 # -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
2260 ## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2261 externalTrafficPolicy: Cluster
2262 # -- Used to maintain session affinity. Supports `ClientIP` and `None`
2263 ## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
2264 sessionAffinity: None
2265 ## Server metrics service configuration
2267 # -- Deploy metrics service
2270 # -- Metrics service type
2272 # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
2274 # -- Metrics service annotations
2276 # -- Metrics service labels
2278 # -- Metrics service port
2280 # -- Metrics service port name
2281 portName: http-metrics
2283 # -- Enable a prometheus ServiceMonitor
2285 # -- Prometheus ServiceMonitor interval
2287 # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
2289 # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
2291 # -- Prometheus [RelabelConfigs] to apply to samples before scraping
2293 # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
2294 metricRelabelings: []
2295 # -- Prometheus ServiceMonitor selector
2297 # prometheus: kube-prometheus
2299 # -- Prometheus ServiceMonitor scheme
2301 # -- Prometheus ServiceMonitor tlsConfig
2303 # -- Prometheus ServiceMonitor namespace
2304 namespace: "" # monitoring
2305 # -- Prometheus ServiceMonitor labels
2306 additionalLabels: {}
2307 # -- Prometheus ServiceMonitor annotations
2309 # -- Automount API credentials for the Service Account into the pod.
2310 automountServiceAccountToken: true
2312 # -- Create server service account
2314 # -- Server service account name
2316 # -- Annotations applied to created service account
2318 # -- Labels applied to created service account
2320 # -- Automount API credentials for the Service Account
2321 automountServiceAccountToken: true
2322 # Argo CD server ingress configuration
2324 # -- Enable an ingress resource for the Argo CD server
2326 # -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke`
2327 ## Additional configuration might be required in related configuration sections
2329 # -- Additional ingress labels
2331 # -- Additional ingress annotations
2332 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
2334 # nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
2335 # nginx.ingress.kubernetes.io/ssl-passthrough: "true"
2337 # -- Defines which ingress controller will implement the resource
2338 ingressClassName: ""
2339 # -- Argo CD server hostname
2340 # @default -- `""` (defaults to global.domain)
2342 # -- The path to Argo CD server
2344 # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
2346 # -- Enable TLS configuration for the hostname defined at `server.ingress.hostname`
2347 ## TLS certificate will be retrieved from a TLS secret `argocd-server-tls`
2348 ## You can create this secret via `certificate` or `certificateSecret` option
2350 # -- The list of additional hostnames to be covered by ingress record
2351 # @default -- `[]` (See [values.yaml])
2353 # - name: argocd.example.com
2356 # -- Additional ingress paths
2357 # @default -- `[]` (See [values.yaml])
2358 ## Note: Supports use of custom Helm templates
2364 # name: ssl-redirect
2366 # name: use-annotation
2368 # -- Additional ingress rules
2369 # @default -- `[]` (See [values.yaml])
2370 ## Note: Supports use of custom Helm templates
2378 # name: '{{ include "argo-cd.server.fullname" . }}'
2380 # name: '{{ .Values.server.service.servicePortHttpsName }}'
2382 # -- Additional TLS configuration
2383 # @default -- `[]` (See [values.yaml])
2386 # - argocd.example.com
2387 # secretName: your-certificate-name
2389 # AWS specific options for Application Load Balancer
2390 # Applies only when `serv.ingress.controller` is set to `aws`
2391 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode
2393 # -- Backend protocol version for the AWS ALB gRPC service
2394 ## This tells AWS to send traffic from the ALB using gRPC.
2395 ## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings
2396 backendProtocolVersion: GRPC
2397 # -- Service type for the AWS ALB gRPC service
2398 ## Can be of type NodePort or ClusterIP depending on which mode you are running.
2399 ## Instance mode needs type NodePort, IP mode needs type ClusterIP
2400 ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic
2401 serviceType: NodePort
2402 # -- Annotations for the AWS ALB gRPC service
2403 ## Allows adding custom annotations to the gRPC service for integrations like DataDog, Prometheus, etc.
2404 serviceAnnotations: {}
2405 # Google specific options for Google Application Load Balancer
2406 # Applies only when `server.ingress.controller` is set to `gke`
2407 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress
2409 # -- Google [BackendConfig] resource, for use with the GKE Ingress Controller
2410 # @default -- `{}` (See [values.yaml])
2411 ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
2415 # oauthclientCredentials:
2416 # secretName: argocd-secret
2418 # -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller
2419 # @default -- `{}` (See [values.yaml])
2420 ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
2424 # responseCodeName: RESPONSE_CODE
2426 # Managed GKE certificate for ingress hostname
2428 # -- Create ManagedCertificate resource and annotations for Google Load balancer
2429 ## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
2431 # -- Additional domains for ManagedCertificate resource
2433 # - argocd.example.com
2434 # Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource
2435 # Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
2437 # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress]
2439 # -- Additional ingress annotations for dedicated [gRPC-ingress]
2441 # -- Additional ingress labels for dedicated [gRPC-ingress]
2443 # -- Defines which ingress controller will implement the resource [gRPC-ingress]
2444 ingressClassName: ""
2445 # -- Argo CD server hostname for dedicated [gRPC-ingress]
2446 # @default -- `""` (defaults to grpc.`server.ingress.hostname`)
2448 # -- Argo CD server ingress path for dedicated [gRPC-ingress]
2450 # -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific`
2452 # -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname`
2453 ## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls`
2455 # -- The list of additional hostnames to be covered by ingress record
2456 # @default -- `[]` (See [values.yaml])
2458 # - name: grpc.argocd.example.com
2461 # -- Additional ingress paths for dedicated [gRPC-ingress]
2462 # @default -- `[]` (See [values.yaml])
2463 ## Note: Supports use of custom Helm templates
2469 # name: ssl-redirect
2471 # name: use-annotation
2473 # -- Additional ingress rules
2474 # @default -- `[]` (See [values.yaml])
2475 ## Note: Supports use of custom Helm templates
2483 # name: '{{ include "argo-cd.server.fullname" . }}'
2485 # name: '{{ .Values.server.service.servicePortHttpName }}'
2487 # -- Additional TLS configuration for dedicated [gRPC-ingress]
2488 # @default -- `[]` (See [values.yaml])
2490 # - secretName: your-certificate-name
2492 # - argocd.example.com
2493 # Create a OpenShift Route with SSL passthrough for UI and CLI
2494 # Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
2495 # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain:
2496 # If 'hostname' is an empty string "" OpenShift will create a hostname for you.
2498 # -- Enable an OpenShift Route for the Argo CD server
2500 # -- Openshift Route annotations
2502 # -- Hostname of OpenShift Route
2504 # -- Termination type of Openshift Route
2505 termination_type: passthrough
2506 # -- Termination policy of Openshift Route
2507 termination_policy: None
2508 # Gateway API HTTPRoute configuration
2509 # NOTE: Gateway API support is in EXPERIMENTAL status
2510 # Support depends on your Gateway controller implementation
2511 # Some controllers may require additional configuration (e.g., BackendTLSPolicy for HTTPS backends)
2512 # Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details
2514 # -- Enable HTTPRoute resource for Argo CD server (Gateway API)
2516 # -- Additional HTTPRoute labels
2518 # -- Additional HTTPRoute annotations
2520 # -- Gateway API parentRefs for the HTTPRoute
2521 ## Must reference an existing Gateway
2522 # @default -- `[]` (See [values.yaml])
2524 # - name: example-gateway
2525 # namespace: example-gateway-namespace
2526 # sectionName: https
2527 # -- List of hostnames for the HTTPRoute
2528 # @default -- `[]` (See [values.yaml])
2530 # - argocd.example.com
2531 # -- HTTPRoute rules configuration
2532 # @default -- `[]` (See [values.yaml])
2539 # - type: RequestHeaderModifier
2540 # requestHeaderModifier:
2542 # - name: X-Custom-Header
2543 # value: custom-value
2546 # backendRequest: 2s
2547 # Gateway API GRPCRoute configuration
2548 # NOTE: Gateway API support is in EXPERIMENTAL status
2549 # Support depends on your Gateway controller implementation
2550 # Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details
2552 # -- Enable GRPCRoute resource for Argo CD server (Gateway API)
2554 # -- Additional GRPCRoute labels
2556 # -- Additional GRPCRoute annotations
2558 # -- Gateway API parentRefs for the GRPCRoute
2559 ## Must reference an existing Gateway
2560 # @default -- `[]` (See [values.yaml])
2562 # - name: example-gateway
2563 # namespace: example-gateway-namespace
2565 # -- List of hostnames for the GRPCRoute
2566 # @default -- `[]` (See [values.yaml])
2568 # - grpc.argocd.example.com
2569 # -- GRPCRoute rules configuration
2570 # @default -- `[]` (See [values.yaml])
2576 # - type: RequestHeaderModifier
2577 # requestHeaderModifier:
2579 # - name: X-Custom-Header
2580 # value: custom-value
2581 # Gateway API BackendTLSPolicy configuration
2582 # NOTE: BackendTLSPolicy support is in EXPERIMENTAL status
2583 # Required for HTTPS backends when using Gateway API
2584 # Not all Gateway controllers support this resource (e.g., Cilium does not support it yet)
2586 # -- Enable BackendTLSPolicy resource for Argo CD server (Gateway API)
2588 # -- Additional BackendTLSPolicy labels
2590 # -- Additional BackendTLSPolicy annotations
2592 # -- Target references for the BackendTLSPolicy
2593 # @default -- `[]` (See [values.yaml])
2597 # name: argocd-server
2598 # sectionName: https
2599 # -- TLS validation configuration
2600 # @default -- `{}` (See [values.yaml])
2602 # hostname: argocd-server.argocd.svc.cluster.local
2603 # caCertificateRefs:
2604 # - name: example-ca-cert
2607 # wellKnownCACertificates: System
2608 # Gateway API ListenerSet configuration
2609 # NOTE: Gateway API support is in EXPERIMENTAL status
2610 # ListenerSet allows attaching additional listeners to an existing Gateway
2611 # Requires Gateway API v1alpha2 and a controller that supports ListenerSet
2612 # Refer to https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.ListenerSet
2614 # -- Enable ListenerSet resource for Argo CD server (Gateway API)
2616 # -- Additional ListenerSet labels
2618 # -- Additional ListenerSet annotations
2620 # -- Gateway API parentRef for the ListenerSet
2621 ## Must reference an existing Gateway. Unlike HTTPRoute, ListenerSet accepts exactly one parentRef.
2622 # @default -- `{}` (See [values.yaml])
2624 # group: gateway.networking.k8s.io
2626 # name: example-gateway
2627 # namespace: example-gateway-namespace
2628 # -- Listeners to attach to the parent Gateway
2629 # @default -- `[]` (See [values.yaml])
2634 # hostname: argocd.example.com
2640 # name: argocd-server-tls
2644 ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
2647 # -- Enable custom rules for the server's ClusterRole resource
2649 # -- List of custom rules for the server's ClusterRole resource
2651 # Default ArgoCD Server's network policy
2653 # -- Default network policy rules used by ArgoCD Server
2654 # @default -- `false` (defaults to global.networkPolicy.create)
2658 # -- Repo server name
2660 # -- The number of repo server pods to run
2662 # -- Runtime class name for the repo server
2663 # @default -- `""` (defaults to global.runtimeClassName)
2664 runtimeClassName: ""
2665 ## Repo server Horizontal Pod Autoscaler
2667 # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server
2669 # -- Minimum number of replicas for the repo server [HPA]
2671 # -- Maximum number of replicas for the repo server [HPA]
2673 # -- Average CPU utilization percentage for the repo server [HPA]
2674 targetCPUUtilizationPercentage: 50
2675 # -- Average memory utilization percentage for the repo server [HPA]
2676 targetMemoryUtilizationPercentage: 50
2677 # -- Configures the scaling behavior of the target in both Up and Down directions.
2680 # stabilizationWindowSeconds: 300
2684 # periodSeconds: 180
2686 # stabilizationWindowSeconds: 300
2691 # -- Configures custom HPA metrics for the Argo CD repo server
2692 # Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
2694 ## Repo server Pod Disruption Budget
2695 ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
2697 # -- Deploy a [PodDisruptionBudget] for the repo server
2699 # -- Labels to be added to repo server pdb
2701 # -- Annotations to be added to repo server pdb
2703 # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
2704 # @default -- `""` (defaults to 0 if not specified)
2706 # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
2707 ## Has higher precedence over `repoServer.pdb.minAvailable`
2709 ## Repo server Vertical Pod Autoscaler
2710 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
2712 # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the repo server
2714 # -- Labels to be added to repo server vpa
2716 # -- Annotations to be added to repo server vpa
2718 # -- One of the VPA operation modes
2719 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
2720 ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
2722 # -- Controls how VPA computes the recommended resources for repo server container
2723 ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
2725 # controlledResources: ["cpu", "memory"]
2732 ## Repo server image
2734 # -- Repository to use for the repo server
2735 # @default -- `""` (defaults to global.image.repository)
2737 # -- Tag to use for the repo server
2738 # @default -- `""` (defaults to global.image.tag)
2740 # -- Image pull policy for the repo server
2741 # @default -- `""` (defaults to global.image.imagePullPolicy)
2743 # -- Secrets with credentials to pull images from a private registry
2744 # @default -- `[]` (defaults to global.imagePullSecrets)
2745 imagePullSecrets: []
2746 # -- Additional command line arguments to pass to repo server
2748 # -- Environment variables to pass to repo server
2750 # -- envFrom to pass to repo server
2751 # @default -- `[]` (See [values.yaml])
2754 # name: config-map-name
2758 # -- Specify postStart and preStop lifecycle hooks for your argo-repo-server container
2760 # -- Additional containers to be added to the repo server pod
2761 ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/
2762 ## Note: Supports use of custom Helm templates
2764 # - name: cmp-my-plugin
2766 # - "/var/run/argocd/argocd-cmp-server"
2769 # runAsNonRoot: true
2772 # - mountPath: /var/run/argocd
2774 # - mountPath: /home/argocd/cmp-server/plugins
2776 # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
2777 # - mountPath: /home/argocd/cmp-server/config/plugin.yaml
2778 # subPath: my-plugin.yaml
2779 # name: argocd-cmp-cm
2780 # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
2781 # # mitigate path traversal attacks.
2784 # - name: cmp-my-plugin2
2786 # - "/var/run/argocd/argocd-cmp-server"
2789 # runAsNonRoot: true
2792 # - mountPath: /var/run/argocd
2794 # # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
2795 # - mountPath: /home/argocd/cmp-server/plugins
2797 # - mountPath: /home/argocd/cmp-server/config/plugin.yaml
2798 # subPath: my-plugin2.yaml
2799 # name: argocd-cmp-cm
2800 # # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
2801 # # mitigate path traversal attacks.
2805 # -- Init containers to add to the repo server pods
2808 # -- Extra arguments for the cp command in the repo server copyutil initContainer
2809 # @default -- `"--update=none"`
2810 extraArgs: "--update=none"
2811 # -- Resource limits and requests for the repo server copyutil initContainer
2819 # -- Additional volumeMounts to the repo server main container
2821 # -- Additional volumes to the repo server pod
2823 # - name: argocd-cmp-cm
2825 # name: argocd-cmp-cm
2829 # -- Volumes to be used in replacement of emptydir on default volumes
2832 # persistentVolumeClaim:
2833 # claimName: pvc-argocd-repo-server-keyring
2835 # persistentVolumeClaim:
2836 # claimName: pvc-argocd-repo-server-workdir
2838 # persistentVolumeClaim:
2839 # claimName: pvc-argocd-repo-server-tmp
2841 # persistentVolumeClaim:
2842 # claimName: pvc-argocd-repo-server-varfiles
2844 # persistentVolumeClaim:
2845 # claimName: pvc-argocd-repo-server-plugins
2847 ## RepoServer emptyDir volumes
2849 # -- EmptyDir size limit for repo server
2850 # @default -- `""` (defaults not set if not specified i.e. no size limit)
2853 # -- Toggle the usage of a ephemeral Helm working directory
2854 useEphemeralHelmWorkingDir: true
2855 # -- Annotations to be added to repo server Deployment
2856 deploymentAnnotations: {}
2857 # -- Labels for the repo server Deployment
2858 deploymentLabels: {}
2859 # -- Annotations to be added to repo server pods
2861 # -- Labels to be added to repo server pods
2863 # -- Resource limits and requests for the repo server pods
2872 # Repo server container ports
2874 # -- Repo server container port
2876 # -- Metrics container port
2878 # -- Host Network for Repo server pods
2880 # -- [DNS configuration]
2882 # -- Alternative DNS policy for Repo server pods
2883 dnsPolicy: "ClusterFirst"
2884 # -- Repo server container-level security context
2885 # @default -- See [values.yaml]
2886 containerSecurityContext:
2888 readOnlyRootFilesystem: true
2889 allowPrivilegeEscalation: false
2891 type: RuntimeDefault
2895 ## Readiness and liveness probes for Repo Server
2896 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2898 # -- Enable Kubernetes readiness probe for Repo Server
2900 # -- Http path to use for the readiness probe
2902 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2904 # -- Number of seconds after the container has started before [probe] is initiated
2905 initialDelaySeconds: 10
2906 # -- How often (in seconds) to perform the [probe]
2908 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2910 # -- Number of seconds after which the [probe] times out
2913 # -- Enable Kubernetes liveness probe for Repo Server
2915 # -- Http path to use for the liveness probe
2916 httpPath: /healthz?full=true
2917 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2919 # -- Number of seconds after the container has started before [probe] is initiated
2920 initialDelaySeconds: 10
2921 # -- How often (in seconds) to perform the [probe]
2923 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2925 # -- Number of seconds after which the [probe] times out
2927 ## Startup probe for Repo Server (optional)
2928 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2930 # -- Enable Kubernetes startup probe for Repo Server
2932 # -- Http path to use for the startup probe
2934 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2935 failureThreshold: 20
2936 # -- Number of seconds after the container has started before [probe] is initiated
2937 initialDelaySeconds: 10
2938 # -- How often (in seconds) to perform the [probe]
2940 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2942 # -- Number of seconds after which the [probe] times out
2944 # -- terminationGracePeriodSeconds for container lifecycle hook
2945 terminationGracePeriodSeconds: 30
2946 # -- [Node selector]
2947 # @default -- `{}` (defaults to global.nodeSelector)
2949 # -- [Tolerations] for use with node taints
2950 # @default -- `[]` (defaults to global.tolerations)
2952 # -- Assign custom [affinity] rules to the deployment
2953 # @default -- `{}` (defaults to global.affinity preset)
2955 # -- Assign custom [TopologySpreadConstraints] rules to the repo server
2956 # @default -- `[]` (defaults to global.topologySpreadConstraints)
2957 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2958 ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
2959 topologySpreadConstraints: []
2961 # topologyKey: topology.kubernetes.io/zone
2962 # whenUnsatisfiable: DoNotSchedule
2964 # -- Deployment strategy to be added to the repo server Deployment
2965 deploymentStrategy: {}
2966 # type: RollingUpdate
2969 # maxUnavailable: 25%
2971 # -- Priority class for the repo server pods
2972 # @default -- `""` (defaults to global.priorityClassName)
2973 priorityClassName: ""
2974 # TLS certificate configuration via Secret
2975 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server
2976 ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers.
2978 # -- Create argocd-repo-server-tls secret
2980 # -- Annotations to be added to argocd-repo-server-tls secret
2982 # -- Labels to be added to argocd-repo-server-tls secret
2984 # -- Certificate authority. Required for self-signed certificates.
2986 # -- Certificate private key
2988 # -- Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc)
2990 ## Repo server service configuration
2992 # -- Repo server service annotations
2994 # -- Repo server service labels
2996 # -- Repo server service port
2998 # -- Repo server service port name
2999 portName: tcp-repo-server
3000 # -- Traffic distribution preference for the repo server service. If the field is not set, the implementation will apply its default routing strategy.
3001 trafficDistribution: ""
3002 ## Repo server metrics service configuration
3004 # -- Deploy metrics service
3007 # -- Metrics service type
3009 # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
3011 # -- Metrics service annotations
3013 # -- Metrics service labels
3015 # -- Metrics service port
3017 # -- Metrics service port name
3018 portName: http-metrics
3020 # -- Enable a prometheus ServiceMonitor
3022 # -- Prometheus ServiceMonitor interval
3024 # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
3026 # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
3028 # -- Prometheus [RelabelConfigs] to apply to samples before scraping
3030 # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
3031 metricRelabelings: []
3032 # -- Prometheus ServiceMonitor selector
3034 # prometheus: kube-prometheus
3036 # -- Prometheus ServiceMonitor scheme
3038 # -- Prometheus ServiceMonitor tlsConfig
3040 # -- Prometheus ServiceMonitor namespace
3041 namespace: "" # "monitoring"
3042 # -- Prometheus ServiceMonitor labels
3043 additionalLabels: {}
3044 # -- Prometheus ServiceMonitor annotations
3046 ## Enable Custom Rules for the Repo server's Cluster Role resource
3047 ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
3050 # -- Enable custom rules for the Repo server's Cluster Role resource
3052 # -- List of custom rules for the Repo server's Cluster Role resource
3054 # -- Automount API credentials for the Service Account into the pod.
3055 automountServiceAccountToken: true
3056 ## Repo server service account
3057 ## If create is set to true, make sure to uncomment the name and update the rbac section below
3059 # -- Create repo server service account
3061 # -- Repo server service account name
3062 name: "" # "argocd-repo-server"
3063 # -- Annotations applied to created service account
3065 # -- Labels applied to created service account
3067 # -- Automount API credentials for the Service Account
3068 automountServiceAccountToken: true
3069 # -- Repo server rbac rules
3080 # Default repo server's network policy
3082 # -- Default network policy rules used by repo server
3083 # @default -- `false` (defaults to global.networkPolicy.create)
3085## ApplicationSet controller
3087 # -- ApplicationSet controller name string
3088 name: applicationset-controller
3089 # -- The number of ApplicationSet controller pods to run
3091 # -- Runtime class name for the ApplicationSet controller
3092 # @default -- `""` (defaults to global.runtimeClassName)
3093 runtimeClassName: ""
3094 ## ApplicationSet controller Pod Disruption Budget
3095 ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
3097 # -- Deploy a [PodDisruptionBudget] for the ApplicationSet controller
3099 # -- Labels to be added to ApplicationSet controller pdb
3101 # -- Annotations to be added to ApplicationSet controller pdb
3103 # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
3104 # @default -- `""` (defaults to 0 if not specified)
3106 # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
3107 ## Has higher precedence over `applicationSet.pdb.minAvailable`
3109 ## ApplicationSet controller Vertical Pod Autoscaler
3110 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
3112 # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the ApplicationSet controller
3114 # -- Labels to be added to ApplicationSet controller vpa
3116 # -- Annotations to be added to ApplicationSet controller vpa
3118 # -- One of the VPA operation modes
3119 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
3120 ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
3122 # -- Controls how VPA computes the recommended resources for ApplicationSet controller container
3123 ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
3125 # controlledResources: ["cpu", "memory"]
3132 ## ApplicationSet controller image
3134 # -- Repository to use for the ApplicationSet controller
3135 # @default -- `""` (defaults to global.image.repository)
3137 # -- Tag to use for the ApplicationSet controller
3138 # @default -- `""` (defaults to global.image.tag)
3140 # -- Image pull policy for the ApplicationSet controller
3141 # @default -- `""` (defaults to global.image.imagePullPolicy)
3143 # -- If defined, uses a Secret to pull an image from a private Docker registry or repository.
3144 # @default -- `[]` (defaults to global.imagePullSecrets)
3145 imagePullSecrets: []
3146 # -- ApplicationSet controller command line flags
3148 # -- Environment variables to pass to the ApplicationSet controller
3153 # -- envFrom to pass to the ApplicationSet controller
3154 # @default -- `[]` (See [values.yaml])
3157 # name: config-map-name
3161 # -- Additional containers to be added to the ApplicationSet controller pod
3162 ## Note: Supports use of custom Helm templates
3164 # -- Init containers to add to the ApplicationSet controller pod
3165 ## Note: Supports use of custom Helm templates
3167 # -- List of extra mounts to add (normally used with extraVolumes)
3168 extraVolumeMounts: []
3169 # -- List of extra volumes to add
3171 ## ApplicationSet controller emptyDir volumes
3173 # -- EmptyDir size limit for applicationSet controller
3174 # @default -- `""` (defaults not set if not specified i.e. no size limit)
3177 ## Metrics service configuration
3179 # -- Deploy metrics service
3182 # -- Metrics service type
3184 # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
3186 # -- Metrics service annotations
3188 # -- Metrics service labels
3190 # -- Metrics service port
3192 # -- Metrics service port name
3193 portName: http-metrics
3195 # -- Enable a prometheus ServiceMonitor
3197 # -- Prometheus ServiceMonitor interval
3199 # -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
3201 # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
3203 # -- Prometheus [RelabelConfigs] to apply to samples before scraping
3205 # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
3206 metricRelabelings: []
3207 # -- Prometheus ServiceMonitor selector
3209 # prometheus: kube-prometheus
3211 # -- Prometheus ServiceMonitor scheme
3213 # -- Prometheus ServiceMonitor tlsConfig
3215 # -- Prometheus ServiceMonitor namespace
3216 namespace: "" # monitoring
3217 # -- Prometheus ServiceMonitor labels
3218 additionalLabels: {}
3219 # -- Prometheus ServiceMonitor annotations
3221 ## ApplicationSet service configuration
3223 # -- ApplicationSet service annotations
3225 # -- ApplicationSet service labels
3227 # -- ApplicationSet service type
3229 # -- ApplicationSet service port
3231 # -- ApplicationSet service port name
3232 portName: http-webhook
3233 # -- Automount API credentials for the Service Account into the pod.
3234 automountServiceAccountToken: true
3236 # -- Create ApplicationSet controller service account
3238 # -- ApplicationSet controller service account name
3239 name: argocd-applicationset-controller
3240 # -- Annotations applied to created service account
3242 # -- Labels applied to created service account
3244 # -- Automount API credentials for the Service Account
3245 automountServiceAccountToken: true
3246 # -- Annotations to be added to ApplicationSet controller Deployment
3247 deploymentAnnotations: {}
3248 # -- Labels for the ApplicationSet controller Deployment
3249 deploymentLabels: {}
3250 # -- Annotations for the ApplicationSet controller pods
3252 # -- Labels for the ApplicationSet controller pods
3254 # -- Resource limits and requests for the ApplicationSet controller pods.
3263 # ApplicationSet controller container ports
3265 # -- Metrics container port
3267 # -- Probe container port
3269 # -- Webhook container port
3271 # -- [DNS configuration]
3273 # -- Alternative DNS policy for ApplicationSet controller pods
3274 dnsPolicy: "ClusterFirst"
3275 # -- ApplicationSet controller container-level security context
3276 # @default -- See [values.yaml]
3277 containerSecurityContext:
3279 readOnlyRootFilesystem: true
3280 allowPrivilegeEscalation: false
3282 type: RuntimeDefault
3286 ## Probes for ApplicationSet controller (optional)
3287 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
3289 # -- Enable Kubernetes liveness probe for ApplicationSet controller
3291 # -- Number of seconds after the container has started before [probe] is initiated
3292 initialDelaySeconds: 10
3293 # -- How often (in seconds) to perform the [probe]
3295 # -- Number of seconds after which the [probe] times out
3297 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3299 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3302 # -- Enable Kubernetes liveness probe for ApplicationSet controller
3304 # -- Number of seconds after the container has started before [probe] is initiated
3305 initialDelaySeconds: 10
3306 # -- How often (in seconds) to perform the [probe]
3308 # -- Number of seconds after which the [probe] times out
3310 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3312 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3314 ## Startup probe for ApplicationSet controller (optional)
3315 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
3317 # -- Enable Kubernetes startup probe for ApplicationSet controller
3319 # -- Number of seconds after the container has started before [probe] is initiated
3320 initialDelaySeconds: 10
3321 # -- How often (in seconds) to perform the [probe]
3323 # -- Number of seconds after which the [probe] times out
3325 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3327 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3328 failureThreshold: 20
3329 # -- terminationGracePeriodSeconds for container lifecycle hook
3330 terminationGracePeriodSeconds: 30
3331 # -- [Node selector]
3332 # @default -- `{}` (defaults to global.nodeSelector)
3334 # -- [Tolerations] for use with node taints
3335 # @default -- `[]` (defaults to global.tolerations)
3337 # -- Assign custom [affinity] rules
3338 # @default -- `{}` (defaults to global.affinity preset)
3340 # -- Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller
3341 # @default -- `[]` (defaults to global.topologySpreadConstraints)
3342 ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
3343 ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
3344 topologySpreadConstraints: []
3346 # topologyKey: topology.kubernetes.io/zone
3347 # whenUnsatisfiable: DoNotSchedule
3349 # -- Deployment strategy to be added to the ApplicationSet controller Deployment
3350 deploymentStrategy: {}
3351 # type: RollingUpdate
3354 # maxUnavailable: 25%
3356 # -- Priority class for the ApplicationSet controller pods
3357 # @default -- `""` (defaults to global.priorityClassName)
3358 priorityClassName: ""
3359 # TLS certificate configuration via cert-manager
3360 ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration
3362 # -- Deploy a Certificate resource (requires cert-manager)
3364 # -- Certificate primary domain (commonName)
3365 # @default -- `""` (defaults to global.domain)
3367 # -- Certificate Subject Alternate Names (SANs)
3369 # -- The requested 'duration' (i.e. lifetime) of the certificate.
3370 # @default -- `""` (defaults to 2160h = 90d if not specified)
3371 ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
3373 # -- How long before the expiry a certificate should be renewed.
3374 # @default -- `""` (defaults to 360h = 15d if not specified)
3375 ## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
3377 # Certificate issuer
3378 ## Ref: https://cert-manager.io/docs/concepts/issuer
3380 # -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
3382 # -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
3384 # -- Certificate issuer name. Eg. `letsencrypt`
3386 # Private key of the certificate
3388 # -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
3389 rotationPolicy: Never
3390 # -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
3392 # -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
3394 # -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
3396 # -- Annotations to be applied to the ApplicationSet Certificate
3398 ## Ingress for the Git Generator webhook
3399 ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
3401 # -- Enable an ingress resource for ApplicationSet webhook
3403 # -- Additional ingress labels
3405 # -- Additional ingress annotations
3407 # -- Defines which ingress ApplicationSet controller will implement the resource
3408 ingressClassName: ""
3409 # -- Argo CD ApplicationSet hostname
3410 # @default -- `""` (defaults to global.domain)
3412 # -- List of ingress paths
3414 # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
3416 # -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname`
3417 ## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls`
3419 # -- The list of additional hostnames to be covered by ingress record
3420 # @default -- `[]` (See [values.yaml])
3422 # - name: argocd.example.com
3425 # -- Additional ingress paths
3426 # @default -- `[]` (See [values.yaml])
3432 # name: ssl-redirect
3434 # name: use-annotation
3436 # -- Additional ingress rules
3437 # @default -- `[]` (See [values.yaml])
3438 ## Note: Supports use of custom Helm templates
3442 # - path: /api/webhook
3446 # name: '{{ include "argo-cd.applicationSet.fullname" . }}'
3448 # name: '{{ .Values.applicationSet.service.portName }}'
3450 # -- Additional ingress TLS configuration
3451 # @default -- `[]` (See [values.yaml])
3453 # - secretName: argocd-applicationset-tls
3455 # - argocd-applicationset.example.com
3456 ## Gateway API HTTPRoute for the Git Generator webhook
3457 ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
3458 # NOTE: Gateway API support is in EXPERIMENTAL status
3459 # Support depends on your Gateway controller implementation
3460 # Some controllers may require additional configuration (e.g., BackendTLSPolicy for HTTPS backends)
3461 # Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details
3463 # -- Enable HTTPRoute resource for Argo CD Applicationset Webhook (Gateway API)
3465 # -- Additional HTTPRoute labels
3467 # -- Additional HTTPRoute annotations
3469 # -- Gateway API parentRefs for the HTTPRoute
3470 ## Must reference an existing Gateway
3471 # @default -- `[]` (See [values.yaml])
3473 # - name: example-gateway
3474 # namespace: example-gateway-namespace
3475 # sectionName: https
3476 # -- List of hostnames for the HTTPRoute
3477 # @default -- `[]` (See [values.yaml])
3479 # - argocd.example.com
3480 # -- HTTPRoute rules configuration
3481 # @default -- `[]` (See [values.yaml])
3488 # - type: RequestHeaderModifier
3489 # requestHeaderModifier:
3491 # - name: X-Custom-Header
3492 # value: custom-value
3493 # Gateway API ListenerSet configuration for the Git Generator webhook
3494 ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration
3495 # NOTE: Gateway API support is in EXPERIMENTAL status
3496 # ListenerSet allows attaching additional listeners to an existing Gateway
3497 # Requires Gateway API v1alpha2 and a controller that supports ListenerSet
3498 # Refer to https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.ListenerSet
3500 # -- Enable ListenerSet resource for Argo CD ApplicationSet webhook (Gateway API)
3502 # -- Additional ListenerSet labels
3504 # -- Additional ListenerSet annotations
3506 # -- Gateway API parentRef for the ListenerSet
3507 ## Must reference an existing Gateway. Unlike HTTPRoute, ListenerSet accepts exactly one parentRef.
3508 # @default -- `{}` (See [values.yaml])
3510 # group: gateway.networking.k8s.io
3512 # name: example-gateway
3513 # namespace: example-gateway-namespace
3514 # -- Listeners to attach to the parent Gateway
3515 # @default -- `[]` (See [values.yaml])
3520 # hostname: argocd.example.com
3526 # name: argocd-applicationset-controller-tls
3530 # -- Enable ApplicationSet in any namespace feature
3531 allowAnyNamespace: false
3532 # Default ApplicationSet controller's network policy
3534 # -- Default network policy rules used by ApplicationSet controller
3535 # @default -- `false` (defaults to global.networkPolicy.create)
3537## Notifications controller
3539 # -- Enable notifications controller
3541 # -- Notifications controller name string
3542 name: notifications-controller
3543 # -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates
3544 # @default -- `""` (defaults to https://`global.domain`)
3546 # -- Runtime class name for the notifications controller
3547 # @default -- `""` (defaults to global.runtimeClassName)
3548 runtimeClassName: ""
3549 ## Notifications controller Pod Disruption Budget
3550 ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
3552 # -- Deploy a [PodDisruptionBudget] for the notifications controller
3554 # -- Labels to be added to notifications controller pdb
3556 # -- Annotations to be added to notifications controller pdb
3558 # -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
3559 # @default -- `""` (defaults to 0 if not specified)
3561 # -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
3562 ## Has higher precedence over `notifications.pdb.minAvailable`
3564 ## Notifications controller Vertical Pod Autoscaler
3565 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
3567 # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the notifications controller
3569 # -- Labels to be added to notifications controller vpa
3571 # -- Annotations to be added to notifications controller vpa
3573 # -- One of the VPA operation modes
3574 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
3575 ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
3577 # -- Controls how VPA computes the recommended resources for notifications controller container
3578 ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
3580 # controlledResources: ["cpu", "memory"]
3587 ## Notifications controller image
3589 # -- Repository to use for the notifications controller
3590 # @default -- `""` (defaults to global.image.repository)
3592 # -- Tag to use for the notifications controller
3593 # @default -- `""` (defaults to global.image.tag)
3595 # -- Image pull policy for the notifications controller
3596 # @default -- `""` (defaults to global.image.imagePullPolicy)
3598 # -- Secrets with credentials to pull images from a private registry
3599 # @default -- `[]` (defaults to global.imagePullSecrets)
3600 imagePullSecrets: []
3601 # DEPRECATED - Use configs.params to override
3602 # -- Notifications controller log format. Either `text` or `json`
3603 # @default -- `""` (defaults to global.logging.format)
3605 # -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error`
3606 # @default -- `""` (defaults to global.logging.level)
3609 # -- Extra arguments to provide to the notifications controller
3611 # -- Additional container environment variables
3613 # -- envFrom to pass to the notifications controller
3614 # @default -- `[]` (See [values.yaml])
3617 # name: config-map-name
3621 # -- Additional containers to be added to the notifications controller pod
3622 ## Note: Supports use of custom Helm templates
3624 # -- Init containers to add to the notifications controller pod
3625 ## Note: Supports use of custom Helm templates
3627 # -- List of extra mounts to add (normally used with extraVolumes)
3628 extraVolumeMounts: []
3629 # -- List of extra volumes to add
3631 # -- Define user-defined context
3632 ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context
3635 # environmentName: staging
3638 # -- Whether helm chart creates notifications controller secret
3639 ## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name.
3641 # -- notifications controller Secret name
3642 name: "argocd-notifications-secret"
3643 # -- key:value pairs of annotations to be added to the secret
3645 # -- key:value pairs of labels to be added to the secret
3647 # -- Generic key:value pairs to be inserted into the secret
3648 ## Can be used for templates, notification services etc. Some examples given below.
3649 ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
3652 # # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/
3654 # # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/
3656 # webhooks-github-token:
3660 # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/
3663 # -- Enables prometheus metrics server
3668 # -- Metrics service type
3670 # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
3672 # -- Metrics service annotations
3674 # -- Metrics service labels
3676 # -- Metrics service port name
3677 portName: http-metrics
3679 # -- Enable a prometheus ServiceMonitor
3681 # -- Prometheus ServiceMonitor selector
3683 # prometheus: kube-prometheus
3684 # -- Prometheus ServiceMonitor labels
3685 additionalLabels: {}
3686 # -- Prometheus ServiceMonitor annotations
3688 # namespace: monitoring
3690 # scrapeTimeout: 10s
3691 # -- Prometheus ServiceMonitor scheme
3693 # -- Prometheus ServiceMonitor tlsConfig
3695 # -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
3697 # -- Prometheus [RelabelConfigs] to apply to samples before scraping
3699 # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
3700 metricRelabelings: []
3701 # -- Configures notification services such as slack, email or custom webhook
3702 # @default -- See [values.yaml]
3703 ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
3706 # token: $slack-token
3708 # -- Annotations to be applied to the notifications controller Deployment
3709 deploymentAnnotations: {}
3710 # -- Labels for the notifications controller Deployment
3711 deploymentLabels: {}
3712 # -- Annotations to be applied to the notifications controller Pods
3714 # -- Labels to be applied to the notifications controller Pods
3716 # -- Resource limits and requests for the notifications controller
3725 # Notification controller container ports
3727 # -- Metrics container port
3729 # -- [DNS configuration]
3731 # -- Alternative DNS policy for notifications controller Pods
3732 dnsPolicy: "ClusterFirst"
3733 # -- Notification controller container-level security Context
3734 # @default -- See [values.yaml]
3735 containerSecurityContext:
3737 readOnlyRootFilesystem: true
3738 allowPrivilegeEscalation: false
3740 type: RuntimeDefault
3744 ## Probes for notifications controller Pods (optional)
3745 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
3747 # -- Enable Kubernetes liveness probe for notifications controller Pods
3749 # -- Number of seconds after the container has started before [probe] is initiated
3750 initialDelaySeconds: 10
3751 # -- How often (in seconds) to perform the [probe]
3753 # -- Number of seconds after which the [probe] times out
3755 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3757 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3760 # -- Enable Kubernetes liveness probe for notifications controller Pods
3762 # -- Number of seconds after the container has started before [probe] is initiated
3763 initialDelaySeconds: 10
3764 # -- How often (in seconds) to perform the [probe]
3766 # -- Number of seconds after which the [probe] times out
3768 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3770 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3772 ## Startup probe for notifications controller Pods (optional)
3773 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
3775 # -- Enable Kubernetes startup probe for notifications controller Pods
3777 # -- Number of seconds after the container has started before [probe] is initiated
3778 initialDelaySeconds: 10
3779 # -- How often (in seconds) to perform the [probe]
3781 # -- Number of seconds after which the [probe] times out
3783 # -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3785 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3786 failureThreshold: 20
3787 # -- terminationGracePeriodSeconds for container lifecycle hook
3788 terminationGracePeriodSeconds: 30
3789 # -- [Node selector]
3790 # @default -- `{}` (defaults to global.nodeSelector)
3792 # -- [Tolerations] for use with node taints
3793 # @default -- `[]` (defaults to global.tolerations)
3795 # -- Assign custom [affinity] rules
3796 # @default -- `{}` (defaults to global.affinity preset)
3798 # -- Assign custom [TopologySpreadConstraints] rules to the application controller
3799 # @default -- `[]` (defaults to global.topologySpreadConstraints)
3800 ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
3801 ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
3802 topologySpreadConstraints: []
3804 # topologyKey: topology.kubernetes.io/zone
3805 # whenUnsatisfiable: DoNotSchedule
3807 # -- Deployment strategy to be added to the notifications controller Deployment
3810 # -- Priority class for the notifications controller pods
3811 # @default -- `""` (defaults to global.priorityClassName)
3812 priorityClassName: ""
3813 # -- Automount API credentials for the Service Account into the pod.
3814 automountServiceAccountToken: true
3816 # -- Create notifications controller service account
3818 # -- Notification controller service account name
3819 name: argocd-notifications-controller
3820 # -- Annotations applied to created service account
3822 # -- Labels applied to created service account
3824 # -- Automount API credentials for the Service Account
3825 automountServiceAccountToken: true
3827 # -- Whether helm chart creates notifications controller config map
3829 ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
3832 # -- List of custom rules for the notifications controller's ClusterRole resource
3834 # -- Contains centrally managed global application subscriptions
3835 ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/
3837 # # subscription for on-sync-status-unknown trigger notifications
3840 # - email:test@gmail.com
3842 # - on-sync-status-unknown
3843 # # subscription restricted to applications with matching labels only
3846 # selector: test=true
3848 # - on-sync-status-unknown
3850 # -- The notification template is used to generate the notification content
3851 ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/
3853 # template.app-deployed: |
3855 # subject: New version of an application {{.app.metadata.name}} is up and running.
3857 # {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests.
3861 # "title": "{{ .app.metadata.name}}",
3862 # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3863 # "color": "#18be52",
3866 # "title": "Sync Status",
3867 # "value": "{{.app.status.sync.status}}",
3871 # "title": "Repository",
3872 # "value": "{{.app.spec.source.repoURL}}",
3876 # "title": "Revision",
3877 # "value": "{{.app.status.sync.revision}}",
3880 # {{range $index, $c := .app.status.conditions}}
3881 # {{if not $index}},{{end}}
3882 # {{if $index}},{{end}}
3884 # "title": "{{$c.type}}",
3885 # "value": "{{$c.message}}",
3891 # template.app-health-degraded: |
3893 # subject: Application {{.app.metadata.name}} has degraded.
3895 # {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded.
3896 # Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
3900 # "title": "{{ .app.metadata.name}}",
3901 # "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3902 # "color": "#f4c030",
3905 # "title": "Sync Status",
3906 # "value": "{{.app.status.sync.status}}",
3910 # "title": "Repository",
3911 # "value": "{{.app.spec.source.repoURL}}",
3914 # {{range $index, $c := .app.status.conditions}}
3915 # {{if not $index}},{{end}}
3916 # {{if $index}},{{end}}
3918 # "title": "{{$c.type}}",
3919 # "value": "{{$c.message}}",
3925 # template.app-sync-failed: |
3927 # subject: Failed to sync application {{.app.metadata.name}}.
3929 # {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}
3930 # Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
3934 # "title": "{{ .app.metadata.name}}",
3935 # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3936 # "color": "#E96D76",
3939 # "title": "Sync Status",
3940 # "value": "{{.app.status.sync.status}}",
3944 # "title": "Repository",
3945 # "value": "{{.app.spec.source.repoURL}}",
3948 # {{range $index, $c := .app.status.conditions}}
3949 # {{if not $index}},{{end}}
3950 # {{if $index}},{{end}}
3952 # "title": "{{$c.type}}",
3953 # "value": "{{$c.message}}",
3959 # template.app-sync-running: |
3961 # subject: Start syncing application {{.app.metadata.name}}.
3963 # The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}.
3964 # Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
3968 # "title": "{{ .app.metadata.name}}",
3969 # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3970 # "color": "#0DADEA",
3973 # "title": "Sync Status",
3974 # "value": "{{.app.status.sync.status}}",
3978 # "title": "Repository",
3979 # "value": "{{.app.spec.source.repoURL}}",
3982 # {{range $index, $c := .app.status.conditions}}
3983 # {{if not $index}},{{end}}
3984 # {{if $index}},{{end}}
3986 # "title": "{{$c.type}}",
3987 # "value": "{{$c.message}}",
3993 # template.app-sync-status-unknown: |
3995 # subject: Application {{.app.metadata.name}} sync status is 'Unknown'
3997 # {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'.
3998 # Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
3999 # {{if ne .serviceType "slack"}}
4000 # {{range $c := .app.status.conditions}}
4007 # "title": "{{ .app.metadata.name}}",
4008 # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
4009 # "color": "#E96D76",
4012 # "title": "Sync Status",
4013 # "value": "{{.app.status.sync.status}}",
4017 # "title": "Repository",
4018 # "value": "{{.app.spec.source.repoURL}}",
4021 # {{range $index, $c := .app.status.conditions}}
4022 # {{if not $index}},{{end}}
4023 # {{if $index}},{{end}}
4025 # "title": "{{$c.type}}",
4026 # "value": "{{$c.message}}",
4032 # template.app-sync-succeeded: |
4034 # subject: Application {{.app.metadata.name}} has been successfully synced.
4036 # {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
4037 # Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
4041 # "title": "{{ .app.metadata.name}}",
4042 # "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
4043 # "color": "#18be52",
4046 # "title": "Sync Status",
4047 # "value": "{{.app.status.sync.status}}",
4051 # "title": "Repository",
4052 # "value": "{{.app.spec.source.repoURL}}",
4055 # {{range $index, $c := .app.status.conditions}}
4056 # {{if not $index}},{{end}}
4057 # {{if $index}},{{end}}
4059 # "title": "{{$c.type}}",
4060 # "value": "{{$c.message}}",
4067 # -- The trigger defines the condition when the notification should be sent
4068 ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/
4070 # trigger.on-deployed: |
4071 # - description: Application is synced and healthy. Triggered once per commit.
4072 # oncePer: app.status.sync.revision
4075 # when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
4076 # trigger.on-health-degraded: |
4077 # - description: Application has degraded
4079 # - app-health-degraded
4080 # when: app.status.health.status == 'Degraded'
4081 # trigger.on-sync-failed: |
4082 # - description: Application syncing has failed
4085 # when: app.status.operationState.phase in ['Error', 'Failed']
4086 # trigger.on-sync-running: |
4087 # - description: Application is being synced
4089 # - app-sync-running
4090 # when: app.status.operationState.phase in ['Running']
4091 # trigger.on-sync-status-unknown: |
4092 # - description: Application status is 'Unknown'
4094 # - app-sync-status-unknown
4095 # when: app.status.sync.status == 'Unknown'
4096 # trigger.on-sync-succeeded: |
4097 # - description: Application syncing has succeeded
4099 # - app-sync-succeeded
4100 # when: app.status.operationState.phase in ['Succeeded']
4102 # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers
4103 # defaultTriggers: |
4104 # - on-sync-status-unknown
4106 # Default notifications controller's network policy
4108 # -- Default network policy rules used by notifications controller
4109 # @default -- `false` (defaults to global.networkPolicy.create)
4112 # -- Enable commit server
4114 # -- Commit server name
4116 # -- Runtime class name for the commit server
4117 # @default -- `""` (defaults to global.runtimeClassName)
4118 runtimeClassName: ""
4119 ## commit server controller image
4121 # -- Repository to use for the commit server
4122 # @default -- `""` (defaults to global.image.repository)
4124 # -- Tag to use for the commit server
4125 # @default -- `""` (defaults to global.image.tag)
4127 # -- Image pull policy for the commit server
4128 # @default -- `""` (defaults to global.image.imagePullPolicy)
4130 # -- commit server command line flags
4132 # -- Environment variables to pass to the commit server
4137 # -- envFrom to pass to the commit server
4138 # @default -- `[]` (See [values.yaml])
4141 # name: config-map-name
4145 # -- List of extra mounts to add (normally used with extraVolumes)
4146 extraVolumeMounts: []
4147 # -- List of extra volumes to add
4150 # -- Enables prometheus metrics server
4153 # -- Metrics service type
4155 # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
4157 # -- Metrics service annotations
4159 # -- Metrics service labels
4161 # -- Metrics service port
4163 # -- Metrics service port name
4165 ## commit server service configuration
4167 # -- commit server service annotations
4169 # -- commit server service labels
4171 # -- commit server service port
4173 # -- commit server service port name
4175 # -- Automount API credentials for the Service Account into the pod.
4176 automountServiceAccountToken: false
4178 # -- Create commit server service account
4180 # -- commit server service account name
4181 name: argocd-commit-server
4182 # -- Annotations applied to created service account
4184 # -- Labels applied to created service account
4186 # -- Automount API credentials for the Service Account
4187 automountServiceAccountToken: true
4188 # -- Annotations to be added to commit server Deployment
4189 deploymentAnnotations: {}
4190 # -- Labels for the commit server Deployment
4191 deploymentLabels: {}
4192 # -- Annotations for the commit server pods
4194 # -- Labels for the commit server pods
4196 # -- Resource limits and requests for the commit server pods.
4205 # -- [DNS configuration]
4207 # -- Alternative DNS policy for commit server pods
4208 dnsPolicy: "ClusterFirst"
4209 # -- commit server container-level security context
4210 # @default -- See [values.yaml]
4211 containerSecurityContext:
4213 readOnlyRootFilesystem: true
4214 allowPrivilegeEscalation: false
4219 type: RuntimeDefault
4220 ## Probes for commit server (optional)
4221 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
4223 # -- Enable Kubernetes liveness probe for commit server
4225 # -- Http path to use for the readiness probe
4227 # -- Number of seconds after the container has started before [probe] is initiated
4228 initialDelaySeconds: 5
4229 # -- How often (in seconds) to perform the [probe]
4231 # -- Number of seconds after which the [probe] times out
4233 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
4236 # -- Enable Kubernetes liveness probe for commit server
4238 # -- Http path to use for the liveness probe
4239 httpPath: /healthz?full=true
4240 # -- Number of seconds after the container has started before [probe] is initiated
4241 initialDelaySeconds: 30
4242 # -- How often (in seconds) to perform the [probe]
4244 # -- Number of seconds after which the [probe] times out
4246 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
4248 ## Startup probe for commit server (optional)
4249 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
4251 # -- Enable Kubernetes startup probe for commit server
4253 # -- Http path to use for the startup probe
4255 # -- Number of seconds after the container has started before [probe] is initiated
4256 initialDelaySeconds: 10
4257 # -- How often (in seconds) to perform the [probe]
4259 # -- Number of seconds after which the [probe] times out
4261 # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
4262 failureThreshold: 20
4263 # -- terminationGracePeriodSeconds for container lifecycle hook
4264 terminationGracePeriodSeconds: 30
4265 # -- [Node selector]
4266 # @default -- `{}` (defaults to global.nodeSelector)
4268 # -- [Tolerations] for use with node taints
4269 # @default -- `[]` (defaults to global.tolerations)
4271 # -- Assign custom [affinity] rules
4272 # @default -- `{}` (defaults to global.affinity preset)
4274 # -- Assign custom [TopologySpreadConstraints] rules to the commit server
4275 # @default -- `[]` (defaults to global.topologySpreadConstraints)
4276 ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
4277 ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
4278 topologySpreadConstraints: []
4280 # topologyKey: topology.kubernetes.io/zone
4281 # whenUnsatisfiable: DoNotSchedule
4283 # -- Deployment strategy to be added to the commit server Deployment
4284 deploymentStrategy: {}
4285 # type: RollingUpdate
4288 # maxUnavailable: 25%
4290 # -- Priority class for the commit server pods
4291 # @default -- `""` (defaults to global.priorityClassName)
4292 priorityClassName: ""
4293 # Default commit server's network policy
4295 # -- Default network policy rules used by commit server
4296 # @default -- `false` (defaults to global.networkPolicy.create)
4298 ## Commit server Vertical Pod Autoscaler
4299 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
4301 # -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the commit server
4303 # -- Labels to be added to commit server vpa
4305 # -- Annotations to be added to commit server vpa
4307 # -- One of the VPA operation modes
4308 ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
4309 ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
4311 # -- Controls how VPA computes the recommended resources for commit server container
4312 ## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
4314 # controlledResources: ["cpu", "memory"]