DirectorySecurity AdvisoriesPricing
Sign in
Directory
argo-cd logoHELM

argo-cd

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:

1
## Argo CD configuration
2
## Ref: https://github.com/argoproj/argo-cd
3
##
4
5
# -- Provide a name in place of `argocd`
6
nameOverride: argocd
7
# -- String to fully override `"argo-cd.fullname"`
8
fullnameOverride: ""
9
# -- Override the namespace
10
# @default -- `.Release.Namespace`
11
namespaceOverride: ""
12
# -- Override the Kubernetes version, which is used to evaluate certain manifests
13
kubeVersionOverride: ""
14
# Override APIVersions
15
# If you want to template helm charts but cannot access k8s API server
16
# you can set api versions here
17
apiVersionOverrides: {}
18
# -- Create aggregated roles that extend existing cluster roles to interact with argo-cd resources
19
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
20
createAggregateRoles: false
21
# -- Create cluster roles for cluster-wide installation.
22
## Used when you manage applications in the same cluster where Argo CD runs
23
createClusterRoles: true
24
openshift:
25
# -- enables using arbitrary uid for argo repo server
26
enabled: false
27
## Custom resource configuration
28
crds:
29
# -- Install and upgrade CRDs
30
install: true
31
# -- Keep CRDs on chart uninstall
32
keep: true
33
# -- Annotations to be added to all CRDs
34
annotations:
35
argocd.argoproj.io/sync-options: ServerSideApply=true
36
# -- Additional labels to be added to all CRDs
37
additionalLabels: {}
38
## Globally shared configuration
39
global:
40
# -- Default domain used by all components
41
## Used for ingresses, certificates, SSO, notifications, etc.
42
domain: argocd.example.com
43
# -- Runtime class name for all components
44
runtimeClassName: ""
45
# -- Common labels for the all resources
46
additionalLabels: {}
47
# app: argo-cd
48
49
# -- Number of old deployment ReplicaSets to retain. The rest will be garbage collected.
50
revisionHistoryLimit: 3
51
# Default image used by all components
52
image:
53
# -- If defined, a repository applied to all Argo CD deployments
54
repository: cgr.dev/chainguard-private/argocd
55
# -- Overrides the global Argo CD image tag whose default is the chart appVersion
56
tag: latest@sha256:6354efd8660738235ad0bfc904713c59c73496ef67d2991a11acac6adf63ee38
57
# -- If defined, a imagePullPolicy applied to all Argo CD deployments
58
imagePullPolicy: IfNotPresent
59
# -- Secrets with credentials to pull images from a private registry
60
imagePullSecrets: []
61
# Default logging options used by all components
62
logging:
63
# -- Set the global logging format. Either: `text` or `json`
64
format: text
65
# -- Set the global logging level. One of: `debug`, `info`, `warn` or `error`
66
level: info
67
# -- Annotations for the all deployed Statefulsets
68
statefulsetAnnotations: {}
69
# -- Labels for the all deployed Statefulsets
70
statefulsetLabels: {}
71
# -- Annotations for the all deployed Deployments
72
deploymentAnnotations: {}
73
# -- Labels for the all deployed Deployments
74
deploymentLabels: {}
75
# -- Annotations for the all deployed pods
76
podAnnotations: {}
77
# -- Labels for the all deployed pods
78
podLabels: {}
79
# -- Add Prometheus scrape annotations to all metrics services. This can be used as an alternative to the ServiceMonitors.
80
addPrometheusAnnotations: false
81
# -- Toggle and define pod-level security context.
82
# @default -- `{}` (See [values.yaml])
83
securityContext: {}
84
# runAsUser: 999
85
# runAsGroup: 999
86
# fsGroup: 999
87
88
# -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files
89
hostAliases: []
90
# - ip: 10.20.30.40
91
# hostnames:
92
# - git.myhostname
93
94
# Configure dual-stack used by all component services
95
dualStack:
96
# -- IP family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services)
97
ipFamilyPolicy: ""
98
# -- IP families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6.
99
ipFamilies: []
100
# Default network policy rules used by all components
101
networkPolicy:
102
# -- Create NetworkPolicy objects for all components
103
create: true
104
# -- Default deny all ingress traffic
105
defaultDenyIngress: false
106
# -- Default priority class for all components
107
priorityClassName: ""
108
# -- Default node selector for all components
109
nodeSelector:
110
kubernetes.io/os: linux
111
# -- Default tolerations for all components
112
tolerations: []
113
# Default affinity preset for all components
114
affinity:
115
# -- Default pod anti-affinity rules. Either: `none`, `soft` or `hard`
116
podAntiAffinity: soft
117
# Node affinity rules
118
nodeAffinity:
119
# -- Default node affinity rules. Either: `none`, `soft` or `hard`
120
type: hard
121
# -- Default match expressions for node affinity
122
matchExpressions: []
123
# - key: topology.kubernetes.io/zone
124
# operator: In
125
# values:
126
# - antarctica-east1
127
# - antarctica-west1
128
# -- Default [TopologySpreadConstraints] rules for all components
129
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
130
## If labelSelector is left out, it will default to the labelSelector of the component
131
topologySpreadConstraints: []
132
# - maxSkew: 1
133
# topologyKey: topology.kubernetes.io/zone
134
# whenUnsatisfiable: DoNotSchedule
135
136
# -- Deployment strategy for the all deployed Deployments
137
deploymentStrategy: {}
138
# type: RollingUpdate
139
# rollingUpdate:
140
# maxSurge: 25%
141
# maxUnavailable: 25%
142
143
# -- Environment variables to pass to all deployed Deployments
144
env: []
145
# -- Extra volumes to add to all deployed Deployments and StatefulSets
146
extraVolumes: []
147
# Example of adding a custom CA bundle from a ConfigMap:
148
# - name: my-root-ca
149
# configMap:
150
# name: my-trustbundle
151
# items:
152
# - key: bundle.pem
153
# path: ca-certificates.crt
154
155
# -- Extra volume mounts to add to all deployed Deployments and StatefulSets
156
extraVolumeMounts: []
157
# Example of adding a custom CA bundle mount:
158
# - name: my-root-ca
159
# mountPath: /etc/ssl/certs
160
161
# -- Annotations for the all deployed Certificates
162
certificateAnnotations: {}
163
## Argo Configs
164
configs:
165
# General Argo CD configuration. Any values you put under `.configs.cm` are passed to argocd-cm ConfigMap.
166
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
167
cm:
168
# -- Create the argocd-cm configmap for [declarative setup]
169
create: true
170
# -- Annotations to be added to argocd-cm configmap
171
annotations: {}
172
# -- The name of tracking label used by Argo CD for resource pruning
173
application.instanceLabelKey: argocd.argoproj.io/instance
174
# -- Enable control of the service account used for the sync operation (alpha)
175
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/
176
application.sync.impersonation.enabled: false
177
# -- Enable exec feature in Argo UI
178
## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#exec-resource
179
exec.enabled: false
180
# -- Enable local admin user
181
## Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user
182
admin.enabled: true
183
# -- Timeout to discover if a new manifests version got published to the repository
184
timeout.reconciliation: 120s
185
# -- Maximum jitter added to the reconciliation timeout to spread out refreshes and reduce repo-server load
186
timeout.reconciliation.jitter: 60s
187
# -- Timeout to refresh application data as well as target manifests cache
188
timeout.hard.reconciliation: 0s
189
# -- Enable Status Badge
190
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/
191
statusbadge.enabled: false
192
# Dex configuration
193
# dex.config: |
194
# connectors:
195
# # GitHub example
196
# - type: github
197
# id: github
198
# name: GitHub
199
# config:
200
# clientID: aabbccddeeff00112233
201
# clientSecret: $dex.github.clientSecret # Alternatively $<some_K8S_secret>:dex.github.clientSecret
202
# orgs:
203
# - name: your-github-org
204
205
# OIDC configuration as an alternative to dex (optional).
206
# oidc.config: |
207
# name: AzureAD
208
# issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
209
# clientID: aaaabbbbccccddddeee
210
# clientSecret: $oidc.azuread.clientSecret
211
# # Optional: set to true to use Azure Workload Identity instead of clientSecret
212
# azure:
213
# useWorkloadIdentity: false
214
215
# Some OIDC providers require a separate clientID for different callback URLs.
216
# For example, if configuring Argo CD with self-hosted Dex, you will need a separate client ID
217
# for the 'localhost' (CLI) client to Dex. This field is optional. If omitted, the CLI will
218
# use the same clientID as the Argo CD server
219
# cliClientID: vvvvwwwwxxxxyyyyzzzz
220
221
# rootCA: |
222
# -----BEGIN CERTIFICATE-----
223
# ... encoded certificate data here ...
224
# -----END CERTIFICATE-----
225
226
# Optional list of allowed aud claims. If omitted or empty, defaults to the clientID value above (and the
227
# cliClientID, if that is also specified). If you specify a list and want the clientID to be allowed, you must
228
# explicitly include it in the list.
229
# Token verification will pass if any of the token's audiences matches any of the audiences in this list.
230
# allowedAudiences:
231
# - aaaabbbbccccddddeee
232
# - qqqqwwwweeeerrrrttt
233
234
# Optional set of OIDC claims to request on the ID token.
235
# requestedIDTokenClaims:
236
# groups:
237
# essential: true
238
239
# Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
240
# requestedScopes:
241
# - openid
242
# - profile
243
# - email
244
245
# PKCE authentication flow processes authorization flow from browser only - default false
246
# uses the clientID
247
# make sure the Identity Provider (IdP) is public and doesn't need clientSecret
248
# make sure the Identity Provider (IdP) has this redirect URI registered: https://argocd.example.com/pkce/verify
249
# enablePKCEAuthentication: true
250
251
# Extension Configuration
252
## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/
253
# extension.config: |
254
# extensions:
255
# - name: httpbin
256
# backend:
257
# connectionTimeout: 2s
258
# keepAlive: 15s
259
# idleConnectionTimeout: 60s
260
# maxIdleConnections: 30
261
# services:
262
# - url: http://httpbin.org
263
# headers:
264
# - name: some-header
265
# value: '$some.argocd.secret.key'
266
# cluster:
267
# name: some-cluster
268
# server: https://some-cluster
269
270
## Default configuration for ignoreResourceUpdates.
271
## The ignoreResourceUpdates list contains K8s resource's properties that are known to be frequently updated
272
## by controllers and operators. These resources, when watched by argo, will cause many unnecessary updates.
273
274
# -- Ignoring status for all resources. An update will still be sent if the status update causes the health to change.
275
# @default -- See [values.yaml]
276
resource.customizations.ignoreResourceUpdates.all: |
277
jsonPointers:
278
- /status
279
# -- Some Application fields are generated and not related to the application updates itself
280
## The Application itself is already watched by the controller lister, but this configuration is applied for apps of apps
281
# @default -- See [values.yaml]
282
resource.customizations.ignoreResourceUpdates.argoproj.io_Application: |
283
jqPathExpressions:
284
- '.metadata.annotations."notified.notifications.argoproj.io"'
285
- '.metadata.annotations."argocd.argoproj.io/refresh"'
286
- '.metadata.annotations."argocd.argoproj.io/hydrate"'
287
- '.operation'
288
# -- Ignore Argo Rollouts generated fields
289
# @default -- See [values.yaml]
290
resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: |
291
jqPathExpressions:
292
- '.metadata.annotations."notified.notifications.argoproj.io"'
293
# -- Legacy annotations used on HPA autoscaling/v1
294
# @default -- See [values.yaml]
295
resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: |
296
jqPathExpressions:
297
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"'
298
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"'
299
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"'
300
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"'
301
# -- Ignore the cluster-autoscaler status
302
# @default -- See [values.yaml]
303
resource.customizations.ignoreResourceUpdates.ConfigMap: |
304
jqPathExpressions:
305
# Ignore the cluster-autoscaler status
306
- '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'
307
# Ignore the annotation of the legacy Leases election
308
- '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"'
309
# -- Ignore the common scaling annotations
310
# @default -- See [values.yaml]
311
resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: |
312
jqPathExpressions:
313
- '.metadata.annotations."deployment.kubernetes.io/desired-replicas"'
314
- '.metadata.annotations."deployment.kubernetes.io/max-replicas"'
315
- '.metadata.annotations."rollout.argoproj.io/desired-replicas"'
316
# -- Ignores update if EndpointSlice is not excluded globally
317
# @default -- See [values.yaml]
318
resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: |
319
jsonPointers:
320
- /metadata
321
- /endpoints
322
- /ports
323
# -- Ignores update if Endpoints is not excluded globally
324
# @default -- See [values.yaml]
325
resource.customizations.ignoreResourceUpdates.Endpoints: |
326
jsonPointers:
327
- /metadata
328
- /subsets
329
## Default configuration for exclusions.
330
## The exclusion list are K8s resources that we assume will never be declared in Git,
331
## and are never child objects of managed resources that need to be presented in the resource tree.
332
## This list contains high volume and high churn metadata objects which we exclude for performance
333
## reasons, reducing connections and load to the K8s API servers of managed clusters.
334
335
# -- Resource Exclusion/Inclusion
336
# @default -- See [values.yaml]
337
resource.exclusions: |
338
### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter
339
- apiGroups:
340
- ''
341
- discovery.k8s.io
342
kinds:
343
- Endpoints
344
- EndpointSlice
345
### Internal Kubernetes resources excluded reduce the number of watched events
346
- apiGroups:
347
- coordination.k8s.io
348
kinds:
349
- Lease
350
### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events
351
- apiGroups:
352
- authentication.k8s.io
353
- authorization.k8s.io
354
kinds:
355
- SelfSubjectReview
356
- TokenReview
357
- LocalSubjectAccessReview
358
- SelfSubjectAccessReview
359
- SelfSubjectRulesReview
360
- SubjectAccessReview
361
### Intermediate Certificate Request excluded reduce the number of watched events
362
- apiGroups:
363
- certificates.k8s.io
364
kinds:
365
- CertificateSigningRequest
366
- apiGroups:
367
- cert-manager.io
368
kinds:
369
- CertificateRequest
370
### Cilium internal resources excluded reduce the number of watched events and UI Clutter
371
- apiGroups:
372
- cilium.io
373
kinds:
374
- CiliumIdentity
375
- CiliumEndpoint
376
- CiliumEndpointSlice
377
### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance
378
- apiGroups:
379
- kyverno.io
380
- reports.kyverno.io
381
- wgpolicyk8s.io
382
kinds:
383
- PolicyReport
384
- ClusterPolicyReport
385
- EphemeralReport
386
- ClusterEphemeralReport
387
- AdmissionReport
388
- ClusterAdmissionReport
389
- BackgroundScanReport
390
- ClusterBackgroundScanReport
391
- UpdateRequest
392
# Argo CD configuration parameters
393
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml
394
params:
395
# -- Create the argocd-cmd-params-cm configmap
396
# If false, it is expected the configmap will be created by something else.
397
create: true
398
# -- Annotations to be added to the argocd-cmd-params-cm ConfigMap
399
annotations: {}
400
# You can customize parameters by adding parameters here.
401
# (e.g.)
402
# otlp.address: ''
403
# Argo CD RBAC policy configuration
404
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
405
rbac:
406
# -- Create the argocd-rbac-cm configmap with ([Argo CD RBAC policy]) definitions.
407
# If false, it is expected the configmap will be created by something else.
408
# Argo CD will not work if there is no configmap created with the name above.
409
create: true
410
# -- Annotations to be added to argocd-rbac-cm configmap
411
annotations: {}
412
# -- The name of the default role which Argo CD will falls back to, when authorizing API requests (optional).
413
# If omitted or empty, users may be still be able to login, but will see no apps, projects, etc...
414
policy.default: ""
415
# -- File containing user-defined policies and role definitions.
416
# @default -- `''` (See [values.yaml])
417
policy.csv: ""
418
# Policy rules are in the form:
419
# p, subject, resource, action, object, effect
420
# Role definitions and bindings are in the form:
421
# g, subject, inherited-subject
422
# policy.csv: |
423
# p, role:org-admin, applications, *, */*, allow
424
# p, role:org-admin, clusters, get, *, allow
425
# p, role:org-admin, repositories, *, *, allow
426
# p, role:org-admin, logs, get, *, allow
427
# p, role:org-admin, exec, create, */*, allow
428
# g, your-github-org:your-team, role:org-admin
429
430
# -- OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
431
# The scope value can be a string, or a list of strings.
432
scopes: "[groups]"
433
# -- Matcher function for Casbin, `glob` for glob matcher and `regex` for regex matcher.
434
policy.matchMode: "glob"
435
# GnuPG public keys for commit verification
436
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/
437
gpg:
438
# -- Annotations to be added to argocd-gpg-keys-cm configmap
439
annotations: {}
440
# -- [GnuPG] public keys to add to the keyring
441
# @default -- `{}` (See [values.yaml])
442
## Note: Public keys should be exported with `gpg --export --armor <KEY>`
443
keys: {}
444
# 4AEE18F83AFDEB23: |
445
# -----BEGIN PGP PUBLIC KEY BLOCK-----
446
# ...
447
# -----END PGP PUBLIC KEY BLOCK-----
448
# SSH known hosts for Git repositories
449
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys
450
ssh:
451
# -- Specifies if the argocd-ssh-known-hosts-cm configmap should be created by Helm.
452
create: true
453
# -- Annotations to be added to argocd-ssh-known-hosts-cm configmap
454
annotations: {}
455
# -- Known hosts to be added to the known host list by default.
456
# @default -- See [values.yaml]
457
knownHosts: |
458
[ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
459
[ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
460
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
461
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
462
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
463
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
464
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
465
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
466
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
467
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
468
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
469
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
470
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
471
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
472
# -- Additional known hosts for private repositories
473
extraHosts: ""
474
# Repository TLS certificates
475
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#repositories-using-self-signed-tls-certificates-or-are-signed-by-custom-ca
476
tls:
477
# -- Annotations to be added to argocd-tls-certs-cm configmap
478
annotations: {}
479
# -- TLS certificates for Git repositories
480
# @default -- `{}` (See [values.yaml])
481
certificates: {}
482
# server.example.com: |
483
# -----BEGIN CERTIFICATE-----
484
# ...
485
# -----END CERTIFICATE-----
486
487
# -- Specifies if the argocd-tls-certs-cm configmap should be created by Helm.
488
create: true
489
# ConfigMap for Config Management Plugins
490
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/config-management-plugins/
491
cmp:
492
# -- Create the argocd-cmp-cm configmap
493
create: false
494
# -- Annotations to be added to argocd-cmp-cm configmap
495
annotations: {}
496
# -- Plugin yaml files to be added to argocd-cmp-cm
497
plugins: {}
498
# --- First plugin
499
# my-plugin:
500
# init:
501
# command: [sh]
502
# args: [-c, 'echo "Initializing..."']
503
# generate:
504
# command: [sh, -c]
505
# args:
506
# - |
507
# echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
508
# discover:
509
# fileName: "./subdir/s*.yaml"
510
# find:
511
# glob: "**/Chart.yaml"
512
# command: [sh, -c, find . -name env.yaml]
513
# --- Second plugin
514
# my-plugin2:
515
# init:
516
# command: [sh]
517
# args: [-c, 'echo "Initializing..."']
518
# generate:
519
# command: [sh, -c]
520
# args:
521
# - |
522
# echo "{\"kind\": \"ConfigMap\", \"apiVersion\": \"v1\", \"metadata\": { \"name\": \"$ARGOCD_APP_NAME\", \"namespace\": \"$ARGOCD_APP_NAMESPACE\", \"annotations\": {\"Foo\": \"$ARGOCD_ENV_FOO\", \"KubeVersion\": \"$KUBE_VERSION\", \"KubeApiVersion\": \"$KUBE_API_VERSIONS\",\"Bar\": \"baz\"}}}"
523
# discover:
524
# fileName: "./subdir/s*.yaml"
525
# find:
526
# glob: "**/Chart.yaml"
527
# command: [sh, -c, find . -name env.yaml]
528
529
# -- Provide one or multiple [external cluster credentials]
530
# @default -- `{}` (See [values.yaml])
531
## Ref:
532
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
533
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials
534
## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters
535
clusterCredentials: {}
536
# mycluster:
537
# server: https://mycluster.example.com
538
# labels: {}
539
# annotations: {}
540
# config:
541
# bearerToken: "<authentication token>"
542
# tlsClientConfig:
543
# insecure: false
544
# caData: "<base64 encoded certificate>"
545
# mycluster2:
546
# server: https://mycluster2.example.com
547
# labels: {}
548
# annotations: {}
549
# namespaces: namespace1,namespace2
550
# clusterResources: true
551
# config:
552
# bearerToken: "<authentication token>"
553
# tlsClientConfig:
554
# insecure: false
555
# caData: "<base64 encoded certificate>"
556
# mycluster3-project-scoped:
557
# server: https://mycluster3.example.com
558
# labels: {}
559
# annotations: {}
560
# project: my-project1
561
# config:
562
# bearerToken: "<authentication token>"
563
# tlsClientConfig:
564
# insecure: false
565
# caData: "<base64 encoded certificate>"
566
# mycluster4-sharded:
567
# shard: 1
568
# server: https://mycluster4.example.com
569
# labels: {}
570
# annotations: {}
571
# config:
572
# bearerToken: "<authentication token>"
573
# tlsClientConfig:
574
# insecure: false
575
# caData: "<base64 encoded certificate>"
576
577
# -- Repository credentials to be used as Templates for other repos
578
## Creates a secret for each key/value specified below to create repository credentials
579
credentialTemplates: {}
580
# github-enterprise-creds-1:
581
# url: https://github.com/argoproj
582
# githubAppID: 1
583
# githubAppInstallationID: 2
584
# githubAppEnterpriseBaseUrl: https://ghe.example.com/api/v3
585
# githubAppPrivateKey: |
586
# -----BEGIN OPENSSH PRIVATE KEY-----
587
# ...
588
# -----END OPENSSH PRIVATE KEY-----
589
# https-creds:
590
# url: https://github.com/argoproj
591
# password: my-password
592
# username: my-username
593
# ssh-creds:
594
# url: git@github.com:argoproj-labs
595
# sshPrivateKey: |
596
# -----BEGIN OPENSSH PRIVATE KEY-----
597
# ...
598
# -----END OPENSSH PRIVATE KEY-----
599
600
# -- Annotations to be added to `configs.credentialTemplates` Secret
601
credentialTemplatesAnnotations: {}
602
# -- Repositories list to be used by applications
603
## Creates a secret for each key/value specified below to create repositories
604
## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates".
605
repositories: {}
606
# istio-helm-repo:
607
# url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
608
# name: istio.io
609
# type: helm
610
# private-helm-repo:
611
# url: https://my-private-chart-repo.internal
612
# name: private-repo
613
# type: helm
614
# password: my-password
615
# username: my-username
616
# private-repo:
617
# url: https://github.com/argoproj/private-repo
618
619
# -- Annotations to be added to `configs.repositories` Secret
620
repositoriesAnnotations: {}
621
# Argo CD sensitive data
622
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
623
secret:
624
# -- Create the argocd-secret
625
createSecret: true
626
# -- Labels to be added to argocd-secret
627
labels: {}
628
# -- Annotations to be added to argocd-secret
629
annotations: {}
630
# -- Shared secret for authenticating GitHub webhook events
631
githubSecret: ""
632
# -- Shared secret for authenticating GitLab webhook events
633
gitlabSecret: ""
634
# -- Shared secret for authenticating BitbucketServer webhook events
635
bitbucketServerSecret: ""
636
# -- UUID for authenticating Bitbucket webhook events
637
bitbucketUUID: ""
638
# -- Shared secret for authenticating Gogs webhook events
639
gogsSecret: ""
640
## Azure DevOps
641
azureDevops:
642
# -- Shared secret username for authenticating Azure DevOps webhook events
643
username: ""
644
# -- Shared secret password for authenticating Azure DevOps webhook events
645
password: ""
646
# -- add additional secrets to be added to argocd-secret
647
## Custom secrets. Useful for injecting SSO secrets into environment variables.
648
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets
649
## Note that all values must be non-empty.
650
extra: {}
651
# LDAP_PASSWORD: "mypassword"
652
653
# -- Bcrypt hashed admin password
654
## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
655
## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
656
argocdServerAdminPassword: ""
657
# -- Admin password modification time. Eg. `"2006-01-02T15:04:05Z"`
658
# @default -- `""` (defaults to current time)
659
argocdServerAdminPasswordMtime: ""
660
# -- Define custom [CSS styles] for your argo instance.
661
# This setting will automatically mount the provided CSS and reference it in the argo configuration.
662
# @default -- `""` (See [values.yaml])
663
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
664
styles: ""
665
# styles: |
666
# .sidebar {
667
# background: linear-gradient(to bottom, #999, #777, #333, #222, #111);
668
# }
669
# -- Array of extra K8s manifests to deploy
670
## Note: Supports use of custom Helm templates
671
extraObjects: []
672
# - apiVersion: secrets-store.csi.x-k8s.io/v1
673
# kind: SecretProviderClass
674
# metadata:
675
# name: argocd-secrets-store
676
# spec:
677
# provider: aws
678
# parameters:
679
# objects: |
680
# - objectName: "argocd"
681
# objectType: "secretsmanager"
682
# jmesPath:
683
# - path: "client_id"
684
# objectAlias: "client_id"
685
# - path: "client_secret"
686
# objectAlias: "client_secret"
687
# secretObjects:
688
# - data:
689
# - key: client_id
690
# objectName: client_id
691
# - key: client_secret
692
# objectName: client_secret
693
# secretName: argocd-secrets-store
694
# type: Opaque
695
# labels:
696
# app.kubernetes.io/part-of: argocd
697
698
## Application controller
699
controller:
700
# -- Application controller name string
701
name: application-controller
702
# -- The number of application controller pods to run.
703
# Additional replicas will cause sharding of managed clusters across number of replicas.
704
## With dynamic cluster distribution turned on, sharding of the clusters will gracefully
705
## rebalance if the number of replica's changes or one becomes unhealthy. (alpha)
706
replicas: 1
707
# -- Enable dynamic cluster distribution (alpha)
708
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution
709
## This is done using a deployment instead of a statefulSet
710
## When replicas are added or removed, the sharding algorithm is re-run to ensure that the
711
## clusters are distributed according to the algorithm. If the algorithm is well-balanced,
712
## like round-robin, then the shards will be well-balanced.
713
dynamicClusterDistribution: false
714
# -- Runtime class name for the application controller
715
# @default -- `""` (defaults to global.runtimeClassName)
716
runtimeClassName: ""
717
# -- Application controller heartbeat time
718
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution
719
heartbeatTime: 10
720
# -- Maximum number of controller revisions that will be maintained in StatefulSet history
721
revisionHistoryLimit: 5
722
## Application controller Pod Disruption Budget
723
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
724
pdb:
725
# -- Deploy a [PodDisruptionBudget] for the application controller
726
enabled: false
727
# -- Labels to be added to application controller pdb
728
labels: {}
729
# -- Annotations to be added to application controller pdb
730
annotations: {}
731
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
732
# @default -- `""` (defaults to 0 if not specified)
733
minAvailable: ""
734
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
735
## Has higher precedence over `controller.pdb.minAvailable`
736
maxUnavailable: ""
737
## Application controller Vertical Pod Autoscaler
738
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
739
vpa:
740
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the application controller
741
enabled: false
742
# -- Labels to be added to application controller vpa
743
labels: {}
744
# -- Annotations to be added to application controller vpa
745
annotations: {}
746
# -- One of the VPA operation modes
747
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
748
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
749
updateMode: Initial
750
# -- Controls how VPA computes the recommended resources for application controller container
751
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
752
containerPolicy: {}
753
# controlledResources: ["cpu", "memory"]
754
# minAllowed:
755
# cpu: 250m
756
# memory: 256Mi
757
# maxAllowed:
758
# cpu: 1
759
# memory: 1Gi
760
## Application controller image
761
image:
762
# -- Repository to use for the application controller
763
# @default -- `""` (defaults to global.image.repository)
764
repository: ""
765
# -- Tag to use for the application controller
766
# @default -- `""` (defaults to global.image.tag)
767
tag: ""
768
# -- Image pull policy for the application controller
769
# @default -- `""` (defaults to global.image.imagePullPolicy)
770
imagePullPolicy: ""
771
# -- Secrets with credentials to pull images from a private registry
772
# @default -- `[]` (defaults to global.imagePullSecrets)
773
imagePullSecrets: []
774
# -- Additional command line arguments to pass to application controller
775
extraArgs: []
776
# -- Environment variables to pass to application controller
777
env: []
778
# -- envFrom to pass to application controller
779
# @default -- `[]` (See [values.yaml])
780
envFrom: []
781
# - configMapRef:
782
# name: config-map-name
783
# - secretRef:
784
# name: secret-name
785
786
# -- Additional containers to be added to the application controller pod
787
## Note: Supports use of custom Helm templates
788
extraContainers: []
789
# -- Init containers to add to the application controller pod
790
## If your target Kubernetes cluster(s) require a custom credential (exec) plugin
791
## you could use this (and the same in the server pod) to provide such executable
792
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
793
## Note: Supports use of custom Helm templates
794
initContainers: []
795
# - name: download-tools
796
# image: alpine:3
797
# command: [sh, -c]
798
# args:
799
# - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip &&
800
# mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip &&
801
# mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip
802
# volumeMounts:
803
# - mountPath: /custom-tools
804
# name: custom-tools
805
806
# -- Additional volumeMounts to the application controller main container
807
volumeMounts: []
808
# - mountPath: /usr/local/bin/kubelogin
809
# name: custom-tools
810
# subPath: kubelogin
811
812
# -- Additional volumes to the application controller pod
813
volumes: []
814
# - name: custom-tools
815
# emptyDir: {}
816
817
## Application controller emptyDir volumes
818
emptyDir:
819
# -- EmptyDir size limit for application controller
820
# @default -- `""` (defaults not set if not specified i.e. no size limit)
821
sizeLimit: ""
822
# sizeLimit: "1Gi"
823
# -- Annotations for the application controller StatefulSet
824
statefulsetAnnotations: {}
825
# -- Labels for the application controller StatefulSet
826
statefulsetLabels: {}
827
# -- Annotations for the application controller Deployment
828
deploymentAnnotations: {}
829
# -- Labels for the application controller Deployment
830
deploymentLabels: {}
831
# -- Annotations to be added to application controller pods
832
podAnnotations: {}
833
# -- Labels to be added to application controller pods
834
podLabels: {}
835
# -- Resource limits and requests for the application controller pods
836
resources: {}
837
# limits:
838
# cpu: 500m
839
# memory: 512Mi
840
# requests:
841
# cpu: 250m
842
# memory: 256Mi
843
844
# Application controller container ports
845
containerPorts:
846
# -- Metrics container port
847
metrics: 8082
848
# -- Host Network for application controller pods
849
hostNetwork: false
850
# -- [DNS configuration]
851
dnsConfig: {}
852
# -- Alternative DNS policy for application controller pods
853
dnsPolicy: "ClusterFirst"
854
# -- Application controller container-level security context
855
# @default -- See [values.yaml]
856
containerSecurityContext:
857
runAsNonRoot: true
858
readOnlyRootFilesystem: true
859
allowPrivilegeEscalation: false
860
seccompProfile:
861
type: RuntimeDefault
862
capabilities:
863
drop:
864
- ALL
865
# Readiness probe for application controller
866
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
867
readinessProbe:
868
# -- Http path to use for the readiness probe
869
httpPath: /healthz
870
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
871
failureThreshold: 3
872
# -- Number of seconds after the container has started before [probe] is initiated
873
initialDelaySeconds: 10
874
# -- How often (in seconds) to perform the [probe]
875
periodSeconds: 10
876
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
877
successThreshold: 1
878
# -- Number of seconds after which the [probe] times out
879
timeoutSeconds: 1
880
## Startup probe for application controller (optional)
881
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
882
startupProbe:
883
# -- Enable Kubernetes startup probe for application controller
884
enabled: false
885
# -- Http path to use for the startup probe
886
httpPath: /healthz
887
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
888
failureThreshold: 20
889
# -- Number of seconds after the container has started before [probe] is initiated
890
initialDelaySeconds: 10
891
# -- How often (in seconds) to perform the [probe]
892
periodSeconds: 10
893
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
894
successThreshold: 1
895
# -- Number of seconds after which the [probe] times out
896
timeoutSeconds: 1
897
# -- terminationGracePeriodSeconds for container lifecycle hook
898
terminationGracePeriodSeconds: 30
899
# -- Priority class for the application controller pods
900
# @default -- `""` (defaults to global.priorityClassName)
901
priorityClassName: ""
902
# -- [Node selector]
903
# @default -- `{}` (defaults to global.nodeSelector)
904
nodeSelector: {}
905
# -- [Tolerations] for use with node taints
906
# @default -- `[]` (defaults to global.tolerations)
907
tolerations: []
908
# -- Assign custom [affinity] rules to the deployment
909
# @default -- `{}` (defaults to global.affinity preset)
910
affinity: {}
911
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
912
# @default -- `[]` (defaults to global.topologySpreadConstraints)
913
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
914
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
915
topologySpreadConstraints: []
916
# - maxSkew: 1
917
# topologyKey: topology.kubernetes.io/zone
918
# whenUnsatisfiable: DoNotSchedule
919
920
# -- Automount API credentials for the Service Account into the pod.
921
automountServiceAccountToken: true
922
serviceAccount:
923
# -- Create a service account for the application controller
924
create: true
925
# -- Service account name
926
name: argocd-application-controller
927
# -- Annotations applied to created service account
928
annotations: {}
929
# -- Labels applied to created service account
930
labels: {}
931
# -- Automount API credentials for the Service Account
932
automountServiceAccountToken: true
933
## Application controller metrics configuration
934
metrics:
935
# -- Deploy metrics service
936
enabled: false
937
applicationLabels:
938
# -- Enables additional labels in argocd_app_labels metric
939
enabled: false
940
# -- Additional labels
941
labels: []
942
service:
943
# -- Metrics service type
944
type: ClusterIP
945
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
946
clusterIP: ""
947
# -- Metrics service annotations
948
annotations: {}
949
# -- Metrics service labels
950
labels: {}
951
# -- Metrics service port
952
servicePort: 8082
953
# -- Metrics service port name
954
portName: http-metrics
955
serviceMonitor:
956
# -- Enable a prometheus ServiceMonitor
957
enabled: false
958
# -- Prometheus ServiceMonitor interval
959
interval: 30s
960
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
961
scrapeTimeout: ""
962
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
963
honorLabels: false
964
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
965
relabelings: []
966
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
967
metricRelabelings: []
968
# -- Prometheus ServiceMonitor selector
969
selector: {}
970
# prometheus: kube-prometheus
971
972
# -- Prometheus ServiceMonitor scheme
973
scheme: ""
974
# -- Prometheus ServiceMonitor tlsConfig
975
tlsConfig: {}
976
# -- Prometheus ServiceMonitor namespace
977
namespace: "" # "monitoring"
978
# -- Prometheus ServiceMonitor labels
979
additionalLabels: {}
980
# -- Prometheus ServiceMonitor annotations
981
annotations: {}
982
rules:
983
# -- Deploy a PrometheusRule for the application controller
984
enabled: false
985
# -- PrometheusRule namespace
986
namespace: "" # "monitoring"
987
# -- PrometheusRule selector
988
selector: {}
989
# prometheus: kube-prometheus
990
991
# -- PrometheusRule labels
992
additionalLabels: {}
993
# -- PrometheusRule annotations
994
annotations: {}
995
# -- PrometheusRule.Spec for the application controller
996
spec: []
997
# - alert: ArgoAppMissing
998
# expr: |
999
# absent(argocd_app_info) == 1
1000
# for: 15m
1001
# labels:
1002
# severity: critical
1003
# annotations:
1004
# summary: "[Argo CD] No reported applications"
1005
# description: >
1006
# Argo CD has not reported any applications data for the past 15 minutes which
1007
# means that it must be down or not functioning properly. This needs to be
1008
# resolved for this cloud to continue to maintain state.
1009
# - alert: ArgoAppNotSynced
1010
# expr: |
1011
# argocd_app_info{sync_status!="Synced"} == 1
1012
# for: 12h
1013
# labels:
1014
# severity: warning
1015
# annotations:
1016
# summary: "[{{ $labels.name }}] Application not synchronized"
1017
# description: >
1018
# The application {{ $labels.name }} has not been synchronized for over
1019
# 12 hours which means that the state of this cloud has drifted away from the
1020
# state inside Git.
1021
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
1022
## Defaults to off
1023
clusterRoleRules:
1024
# -- Enable custom rules for the application controller's ClusterRole resource
1025
enabled: false
1026
# -- List of custom rules for the application controller's ClusterRole resource
1027
rules: []
1028
## Enable this and set the rules: to whatever custom rules you want for the Role resource.
1029
## Defaults to off
1030
# -- List of custom rules for the application controller's Role resource
1031
roleRules: []
1032
# Default application controller's network policy
1033
networkPolicy:
1034
# -- Default network policy rules used by application controller
1035
# @default -- `false` (defaults to global.networkPolicy.create)
1036
create: false
1037
## Dex
1038
dex:
1039
# -- Enable dex
1040
enabled: true
1041
# -- Dex name
1042
name: dex-server
1043
# -- Additional command line arguments to pass to the Dex server
1044
extraArgs: []
1045
# -- Runtime class name for Dex
1046
# @default -- `""` (defaults to global.runtimeClassName)
1047
runtimeClassName: ""
1048
metrics:
1049
# -- Deploy metrics service
1050
enabled: false
1051
service:
1052
# -- Metrics service annotations
1053
annotations: {}
1054
# -- Metrics service labels
1055
labels: {}
1056
# -- Metrics service port name
1057
portName: http-metrics
1058
serviceMonitor:
1059
# -- Enable a prometheus ServiceMonitor
1060
enabled: false
1061
# -- Prometheus ServiceMonitor interval
1062
interval: 30s
1063
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
1064
honorLabels: false
1065
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
1066
relabelings: []
1067
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
1068
metricRelabelings: []
1069
# -- Prometheus ServiceMonitor selector
1070
selector: {}
1071
# prometheus: kube-prometheus
1072
1073
# -- Prometheus ServiceMonitor scheme
1074
scheme: ""
1075
# -- Prometheus ServiceMonitor tlsConfig
1076
tlsConfig: {}
1077
# -- Prometheus ServiceMonitor namespace
1078
namespace: "" # "monitoring"
1079
# -- Prometheus ServiceMonitor labels
1080
additionalLabels: {}
1081
# -- Prometheus ServiceMonitor annotations
1082
annotations: {}
1083
## Dex Pod Disruption Budget
1084
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1085
pdb:
1086
# -- Deploy a [PodDisruptionBudget] for the Dex server
1087
enabled: false
1088
# -- Labels to be added to Dex server pdb
1089
labels: {}
1090
# -- Annotations to be added to Dex server pdb
1091
annotations: {}
1092
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
1093
# @default -- `""` (defaults to 0 if not specified)
1094
minAvailable: ""
1095
# -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
1096
## Has higher precedence over `dex.pdb.minAvailable`
1097
maxUnavailable: ""
1098
## Dex Vertical Pod Autoscaler
1099
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
1100
vpa:
1101
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Dex server
1102
enabled: false
1103
# -- Labels to be added to Dex server vpa
1104
labels: {}
1105
# -- Annotations to be added to Dex server vpa
1106
annotations: {}
1107
# -- One of the VPA operation modes
1108
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
1109
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
1110
updateMode: Initial
1111
# -- Controls how VPA computes the recommended resources for Dex server container
1112
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
1113
containerPolicy: {}
1114
# controlledResources: ["cpu", "memory"]
1115
# minAllowed:
1116
# cpu: 250m
1117
# memory: 256Mi
1118
# maxAllowed:
1119
# cpu: 1
1120
# memory: 1Gi
1121
## Dex image
1122
image:
1123
# -- Dex image repository
1124
repository: cgr.dev/chainguard-private/dex
1125
# -- Dex image tag
1126
tag: latest@sha256:d583c823d3fc171eabaf35968db2bd4e42774da6e1cb0c96755327fe23bf783e
1127
# -- Dex imagePullPolicy
1128
# @default -- `""` (defaults to global.image.imagePullPolicy)
1129
imagePullPolicy: ""
1130
# -- Secrets with credentials to pull images from a private registry
1131
# @default -- `[]` (defaults to global.imagePullSecrets)
1132
imagePullSecrets: []
1133
# Argo CD init image that creates Dex config
1134
initImage:
1135
# -- Argo CD init image repository
1136
# @default -- `""` (defaults to global.image.repository)
1137
repository: ""
1138
# -- Argo CD init image tag
1139
# @default -- `""` (defaults to global.image.tag)
1140
tag: ""
1141
# -- Argo CD init image imagePullPolicy
1142
# @default -- `""` (defaults to global.image.imagePullPolicy)
1143
imagePullPolicy: ""
1144
# -- Argo CD init image resources
1145
# @default -- `{}` (defaults to dex.resources)
1146
resources: {}
1147
# requests:
1148
# cpu: 5m
1149
# memory: 96Mi
1150
# limits:
1151
# cpu: 10m
1152
# memory: 144Mi
1153
# -- Environment variables to pass to the Dex server
1154
env: []
1155
# -- envFrom to pass to the Dex server
1156
# @default -- `[]` (See [values.yaml])
1157
envFrom: []
1158
# - configMapRef:
1159
# name: config-map-name
1160
# - secretRef:
1161
# name: secret-name
1162
1163
# -- Additional containers to be added to the dex pod
1164
## Note: Supports use of custom Helm templates
1165
extraContainers: []
1166
# -- Init containers to add to the dex pod
1167
## Note: Supports use of custom Helm templates
1168
initContainers: []
1169
# -- Additional volumeMounts to the dex main container
1170
volumeMounts: []
1171
# -- Additional volumes to the dex pod
1172
volumes: []
1173
## Dex server emptyDir volumes
1174
emptyDir:
1175
# -- EmptyDir size limit for Dex server
1176
# @default -- `""` (defaults not set if not specified i.e. no size limit)
1177
sizeLimit: ""
1178
# sizeLimit: "1Gi"
1179
# TLS certificate configuration via Secret
1180
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server
1181
## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers.
1182
certificateSecret:
1183
# -- Create argocd-dex-server-tls secret
1184
enabled: false
1185
# -- Labels to be added to argocd-dex-server-tls secret
1186
labels: {}
1187
# -- Annotations to be added to argocd-dex-server-tls secret
1188
annotations: {}
1189
# -- Certificate authority. Required for self-signed certificates.
1190
ca: ""
1191
# -- Certificate private key
1192
key: ""
1193
# -- Certificate data. Must contain SANs of Dex service (ie: argocd-dex-server, argocd-dex-server.argo-cd.svc)
1194
crt: ""
1195
# -- Annotations to be added to the Dex server Deployment
1196
deploymentAnnotations: {}
1197
# -- Labels for the Dex server Deployment
1198
deploymentLabels: {}
1199
# -- Annotations to be added to the Dex server pods
1200
podAnnotations: {}
1201
# -- Labels to be added to the Dex server pods
1202
podLabels: {}
1203
# -- Resource limits and requests for dex
1204
resources: {}
1205
# limits:
1206
# cpu: 50m
1207
# memory: 64Mi
1208
# requests:
1209
# cpu: 10m
1210
# memory: 32Mi
1211
1212
# Dex container ports
1213
# NOTE: These ports are currently hardcoded and cannot be changed
1214
containerPorts:
1215
# -- HTTP container port
1216
http: 5556
1217
# -- gRPC container port
1218
grpc: 5557
1219
# -- Metrics container port
1220
metrics: 5558
1221
# -- [DNS configuration]
1222
dnsConfig: {}
1223
# -- Alternative DNS policy for Dex server pods
1224
dnsPolicy: "ClusterFirst"
1225
# -- Dex container-level security context
1226
# @default -- See [values.yaml]
1227
containerSecurityContext:
1228
runAsNonRoot: true
1229
runAsUser: 1001
1230
readOnlyRootFilesystem: true
1231
allowPrivilegeEscalation: false
1232
seccompProfile:
1233
type: RuntimeDefault
1234
capabilities:
1235
drop:
1236
- ALL
1237
## Probes for Dex server
1238
## Supported from Dex >= 2.28.0
1239
livenessProbe:
1240
# -- Enable Kubernetes liveness probe for Dex >= 2.28.0
1241
enabled: false
1242
# -- Http path to use for the liveness probe
1243
httpPath: /healthz/live
1244
# -- Http port to use for the liveness probe
1245
httpPort: metrics
1246
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
1247
httpScheme: HTTP
1248
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1249
failureThreshold: 3
1250
# -- Number of seconds after the container has started before [probe] is initiated
1251
initialDelaySeconds: 10
1252
# -- How often (in seconds) to perform the [probe]
1253
periodSeconds: 10
1254
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1255
successThreshold: 1
1256
# -- Number of seconds after which the [probe] times out
1257
timeoutSeconds: 1
1258
readinessProbe:
1259
# -- Enable Kubernetes readiness probe for Dex >= 2.28.0
1260
enabled: false
1261
# -- Http path to use for the readiness probe
1262
httpPath: /healthz/ready
1263
# -- Http port to use for the readiness probe
1264
httpPort: metrics
1265
# -- Scheme to use for for the liveness probe (can be HTTP or HTTPS)
1266
httpScheme: HTTP
1267
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1268
failureThreshold: 3
1269
# -- Number of seconds after the container has started before [probe] is initiated
1270
initialDelaySeconds: 10
1271
# -- How often (in seconds) to perform the [probe]
1272
periodSeconds: 10
1273
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1274
successThreshold: 1
1275
# -- Number of seconds after which the [probe] times out
1276
timeoutSeconds: 1
1277
## Startup probe for Dex server (optional)
1278
## Supported from Dex >= 2.28.0
1279
startupProbe:
1280
# -- Enable Kubernetes startup probe for Dex >= 2.28.0
1281
enabled: false
1282
# -- Http path to use for the startup probe
1283
httpPath: /healthz/ready
1284
# -- Http port to use for the startup probe
1285
httpPort: metrics
1286
# -- Scheme to use for the startup probe (can be HTTP or HTTPS)
1287
httpScheme: HTTP
1288
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1289
failureThreshold: 20
1290
# -- Number of seconds after the container has started before [probe] is initiated
1291
initialDelaySeconds: 10
1292
# -- How often (in seconds) to perform the [probe]
1293
periodSeconds: 10
1294
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1295
successThreshold: 1
1296
# -- Number of seconds after which the [probe] times out
1297
timeoutSeconds: 1
1298
# -- terminationGracePeriodSeconds for container lifecycle hook
1299
terminationGracePeriodSeconds: 30
1300
# -- Automount API credentials for the Service Account into the pod.
1301
automountServiceAccountToken: true
1302
serviceAccount:
1303
# -- Create dex service account
1304
create: true
1305
# -- Dex service account name
1306
name: argocd-dex-server
1307
# -- Annotations applied to created service account
1308
annotations: {}
1309
# -- Automount API credentials for the Service Account
1310
automountServiceAccountToken: true
1311
# -- Service port for HTTP access
1312
servicePortHttp: 5556
1313
# -- Service port name for HTTP access
1314
servicePortHttpName: http
1315
# -- Service port for gRPC access
1316
servicePortGrpc: 5557
1317
# -- Service port name for gRPC access
1318
servicePortGrpcName: grpc
1319
# -- Service port for metrics access
1320
servicePortMetrics: 5558
1321
# -- Priority class for the dex pods
1322
# @default -- `""` (defaults to global.priorityClassName)
1323
priorityClassName: ""
1324
# -- [Node selector]
1325
# @default -- `{}` (defaults to global.nodeSelector)
1326
nodeSelector: {}
1327
# -- [Tolerations] for use with node taints
1328
# @default -- `[]` (defaults to global.tolerations)
1329
tolerations: []
1330
# -- Assign custom [affinity] rules to the deployment
1331
# @default -- `{}` (defaults to global.affinity preset)
1332
affinity: {}
1333
# -- Assign custom [TopologySpreadConstraints] rules to dex
1334
# @default -- `[]` (defaults to global.topologySpreadConstraints)
1335
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
1336
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
1337
topologySpreadConstraints: []
1338
# - maxSkew: 1
1339
# topologyKey: topology.kubernetes.io/zone
1340
# whenUnsatisfiable: DoNotSchedule
1341
1342
# -- Deployment strategy to be added to the Dex server Deployment
1343
deploymentStrategy: {}
1344
# type: RollingUpdate
1345
# rollingUpdate:
1346
# maxSurge: 25%
1347
# maxUnavailable: 25%
1348
1349
# Default Dex server's network policy
1350
networkPolicy:
1351
# -- Default network policy rules used by Dex server
1352
# @default -- `false` (defaults to global.networkPolicy.create)
1353
create: false
1354
# DEPRECATED - Use configs.params to override
1355
# -- Dex log format. Either `text` or `json`
1356
# @default -- `""` (defaults to global.logging.format)
1357
# logFormat: ""
1358
# -- Dex log level. One of: `debug`, `info`, `warn`, `error`
1359
# @default -- `""` (defaults to global.logging.level)
1360
# logLevel: ""
1361
## Redis
1362
redis:
1363
# -- Enable redis
1364
enabled: true
1365
# -- Redis name
1366
name: redis
1367
# -- Runtime class name for redis
1368
# @default -- `""` (defaults to global.runtimeClassName)
1369
runtimeClassName: ""
1370
## Redis Pod Disruption Budget
1371
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1372
pdb:
1373
# -- Deploy a [PodDisruptionBudget] for the Redis
1374
enabled: false
1375
# -- Labels to be added to Redis pdb
1376
labels: {}
1377
# -- Annotations to be added to Redis pdb
1378
annotations: {}
1379
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
1380
# @default -- `""` (defaults to 0 if not specified)
1381
minAvailable: ""
1382
# -- Number of pods that are unavailble after eviction as number or percentage (eg.: 50%).
1383
## Has higher precedence over `redis.pdb.minAvailable`
1384
maxUnavailable: ""
1385
## Redis Vertical Pod Autoscaler
1386
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
1387
vpa:
1388
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Redis
1389
enabled: false
1390
# -- Labels to be added to Redis vpa
1391
labels: {}
1392
# -- Annotations to be added to Redis vpa
1393
annotations: {}
1394
# -- One of the VPA operation modes
1395
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
1396
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
1397
updateMode: Initial
1398
# -- Controls how VPA computes the recommended resources for Redis container
1399
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
1400
containerPolicy: {}
1401
# controlledResources: ["cpu", "memory"]
1402
# minAllowed:
1403
# cpu: 250m
1404
# memory: 256Mi
1405
# maxAllowed:
1406
# cpu: 1
1407
# memory: 1Gi
1408
## Redis image
1409
image:
1410
# -- Redis repository
1411
repository: cgr.dev/chainguard-private/redis
1412
# -- Redis tag
1413
## Do not use 7.4.0 <= v < 8.0.0, otherwise you are no longer using an open source version of Redis
1414
tag: latest@sha256:2234bfd693ae4ed64d678587ef480235a289cb95e7e18572f8f608a2053e228e
1415
# -- Redis image pull policy
1416
# @default -- `""` (defaults to global.image.imagePullPolicy)
1417
imagePullPolicy: ""
1418
## Prometheus redis-exporter sidecar
1419
exporter:
1420
# -- Enable Prometheus redis-exporter sidecar
1421
enabled: false
1422
# -- Environment variables to pass to the Redis exporter
1423
env: []
1424
## Prometheus redis-exporter image
1425
image:
1426
# -- Repository to use for the redis-exporter
1427
repository: cgr.dev/chainguard-private/prometheus-redis-exporter
1428
# -- Tag to use for the redis-exporter
1429
tag: latest@sha256:fb79828c5f88307557b265ba8ae43243a6dc1e9644076c056da4cde1038abea7
1430
# -- Image pull policy for the redis-exporter
1431
# @default -- `""` (defaults to global.image.imagePullPolicy)
1432
imagePullPolicy: ""
1433
# -- Redis exporter security context
1434
# @default -- See [values.yaml]
1435
containerSecurityContext:
1436
runAsNonRoot: true
1437
readOnlyRootFilesystem: true
1438
allowPrivilegeEscalation: false
1439
seccompProfile:
1440
type: RuntimeDefault
1441
capabilities:
1442
drop:
1443
- ALL
1444
## Probes for Redis exporter (optional)
1445
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
1446
readinessProbe:
1447
# -- Enable Kubernetes liveness probe for Redis exporter (optional)
1448
enabled: false
1449
# -- Number of seconds after the container has started before [probe] is initiated
1450
initialDelaySeconds: 30
1451
# -- How often (in seconds) to perform the [probe]
1452
periodSeconds: 15
1453
# -- Number of seconds after which the [probe] times out
1454
timeoutSeconds: 15
1455
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1456
successThreshold: 1
1457
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1458
failureThreshold: 5
1459
livenessProbe:
1460
# -- Enable Kubernetes liveness probe for Redis exporter
1461
enabled: false
1462
# -- Number of seconds after the container has started before [probe] is initiated
1463
initialDelaySeconds: 30
1464
# -- How often (in seconds) to perform the [probe]
1465
periodSeconds: 15
1466
# -- Number of seconds after which the [probe] times out
1467
timeoutSeconds: 15
1468
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1469
successThreshold: 1
1470
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1471
failureThreshold: 5
1472
# -- Resource limits and requests for redis-exporter sidecar
1473
resources: {}
1474
# limits:
1475
# cpu: 50m
1476
# memory: 64Mi
1477
# requests:
1478
# cpu: 10m
1479
# memory: 32Mi
1480
# -- Secrets with credentials to pull images from a private registry
1481
# @default -- `[]` (defaults to global.imagePullSecrets)
1482
imagePullSecrets: []
1483
# -- Additional command line arguments to pass to redis-server
1484
extraArgs: []
1485
# - --bind
1486
# - "0.0.0.0"
1487
1488
# -- Environment variables to pass to the Redis server
1489
env: []
1490
# -- envFrom to pass to the Redis server
1491
# @default -- `[]` (See [values.yaml])
1492
envFrom: []
1493
# - configMapRef:
1494
# name: config-map-name
1495
# - secretRef:
1496
# name: secret-name
1497
1498
## Probes for Redis server (optional)
1499
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
1500
readinessProbe:
1501
# -- Enable Kubernetes liveness probe for Redis server
1502
enabled: false
1503
# -- Number of seconds after the container has started before [probe] is initiated
1504
initialDelaySeconds: 30
1505
# -- How often (in seconds) to perform the [probe]
1506
periodSeconds: 15
1507
# -- Number of seconds after which the [probe] times out
1508
timeoutSeconds: 15
1509
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1510
successThreshold: 1
1511
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1512
failureThreshold: 5
1513
livenessProbe:
1514
# -- Enable Kubernetes liveness probe for Redis server
1515
enabled: false
1516
# -- Number of seconds after the container has started before [probe] is initiated
1517
initialDelaySeconds: 30
1518
# -- How often (in seconds) to perform the [probe]
1519
periodSeconds: 15
1520
# -- Number of seconds after which the [probe] times out
1521
timeoutSeconds: 15
1522
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
1523
successThreshold: 1
1524
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
1525
failureThreshold: 5
1526
# -- Additional containers to be added to the redis pod
1527
## Note: Supports use of custom Helm templates
1528
extraContainers: []
1529
# -- Init containers to add to the redis pod
1530
## Note: Supports use of custom Helm templates
1531
initContainers: []
1532
# -- Additional volumeMounts to the redis container
1533
volumeMounts: []
1534
# -- Additional volumes to the redis pod
1535
volumes: []
1536
# -- Annotations to be added to the Redis server Deployment
1537
deploymentAnnotations: {}
1538
# -- Labels for the Redis server Deployment
1539
deploymentLabels: {}
1540
# -- Annotations to be added to the Redis server pods
1541
podAnnotations: {}
1542
# -- Labels to be added to the Redis server pods
1543
podLabels: {}
1544
# -- Resource limits and requests for redis
1545
resources: {}
1546
# limits:
1547
# cpu: 200m
1548
# memory: 128Mi
1549
# requests:
1550
# cpu: 100m
1551
# memory: 64Mi
1552
1553
# -- Redis pod-level security context
1554
# @default -- See [values.yaml]
1555
securityContext:
1556
runAsNonRoot: true
1557
runAsUser: 999
1558
seccompProfile:
1559
type: RuntimeDefault
1560
# Redis container ports
1561
containerPorts:
1562
# -- Redis container port
1563
redis: 6379
1564
# -- Metrics container port
1565
metrics: 9121
1566
# -- [DNS configuration]
1567
dnsConfig: {}
1568
# -- Alternative DNS policy for Redis server pods
1569
dnsPolicy: "ClusterFirst"
1570
# -- Redis container-level security context
1571
# @default -- See [values.yaml]
1572
containerSecurityContext:
1573
readOnlyRootFilesystem: true
1574
allowPrivilegeEscalation: false
1575
capabilities:
1576
drop:
1577
- ALL
1578
# -- Redis service port
1579
servicePort: 6379
1580
# -- Priority class for redis pods
1581
# @default -- `""` (defaults to global.priorityClassName)
1582
priorityClassName: ""
1583
# -- [Node selector]
1584
# @default -- `{}` (defaults to global.nodeSelector)
1585
nodeSelector: {}
1586
# -- [Tolerations] for use with node taints
1587
# @default -- `[]` (defaults to global.tolerations)
1588
tolerations: []
1589
# -- Assign custom [affinity] rules to the deployment
1590
# @default -- `{}` (defaults to global.affinity preset)
1591
affinity: {}
1592
# -- Assign custom [TopologySpreadConstraints] rules to redis
1593
# @default -- `[]` (defaults to global.topologySpreadConstraints)
1594
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
1595
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
1596
topologySpreadConstraints: []
1597
# - maxSkew: 1
1598
# topologyKey: topology.kubernetes.io/zone
1599
# whenUnsatisfiable: DoNotSchedule
1600
1601
# -- terminationGracePeriodSeconds for container lifecycle hook
1602
terminationGracePeriodSeconds: 30
1603
# -- Automount API credentials for the Service Account into the pod.
1604
automountServiceAccountToken: true
1605
serviceAccount:
1606
# -- Create a service account for the redis pod
1607
create: false
1608
# -- Service account name for redis pod
1609
name: ""
1610
# -- Annotations applied to created service account
1611
annotations: {}
1612
# -- Automount API credentials for the Service Account
1613
automountServiceAccountToken: false
1614
service:
1615
# -- Redis service annotations
1616
annotations: {}
1617
# -- Additional redis service labels
1618
labels: {}
1619
metrics:
1620
# -- Deploy metrics service
1621
enabled: false
1622
# Redis metrics service configuration
1623
service:
1624
# -- Metrics service type
1625
type: ClusterIP
1626
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
1627
clusterIP: None
1628
# -- Metrics service annotations
1629
annotations: {}
1630
# -- Metrics service labels
1631
labels: {}
1632
# -- Metrics service port
1633
servicePort: 9121
1634
# -- Metrics service port name
1635
portName: http-metrics
1636
serviceMonitor:
1637
# -- Enable a prometheus ServiceMonitor
1638
enabled: false
1639
# -- Interval at which metrics should be scraped
1640
interval: 30s
1641
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
1642
honorLabels: false
1643
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
1644
relabelings: []
1645
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
1646
metricRelabelings: []
1647
# -- Prometheus ServiceMonitor selector
1648
selector: {}
1649
# prometheus: kube-prometheus
1650
1651
# -- Prometheus ServiceMonitor scheme
1652
scheme: ""
1653
# -- Prometheus ServiceMonitor tlsConfig
1654
tlsConfig: {}
1655
# -- Prometheus ServiceMonitor namespace
1656
namespace: "" # "monitoring"
1657
# -- Prometheus ServiceMonitor labels
1658
additionalLabels: {}
1659
# -- Prometheus ServiceMonitor annotations
1660
annotations: {}
1661
# Default redis's network policy
1662
networkPolicy:
1663
# -- Default network policy rules used by redis
1664
# @default -- `false` (defaults to global.networkPolicy.create)
1665
create: false
1666
## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true`
1667
# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml
1668
redis-ha:
1669
# -- Enables the Redis HA subchart and disables the custom Redis single node deployment
1670
enabled: false
1671
## Redis image
1672
image:
1673
# -- Redis repository
1674
repository: ecr-public.aws.com/docker/library/redis
1675
# -- Redis tag
1676
## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis
1677
tag: 8.2.3-alpine
1678
## Prometheus redis-exporter sidecar
1679
exporter:
1680
# -- Enable Prometheus redis-exporter sidecar
1681
enabled: false
1682
# -- Repository to use for the redis-exporter
1683
image: ghcr.io/oliver006/redis_exporter
1684
# -- Tag to use for the redis-exporter
1685
tag: v1.75.0
1686
persistentVolume:
1687
# -- Configures persistence on Redis nodes
1688
enabled: false
1689
## Redis specific configuration options
1690
redis:
1691
# -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated
1692
masterGroupName: argocd
1693
# -- Any valid redis config options in this section will be applied to each server (see `redis-ha` chart)
1694
# @default -- See [values.yaml]
1695
config:
1696
# -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled
1697
# @default -- `'""'`
1698
save: '""'
1699
## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
1700
haproxy:
1701
# -- Enabled HAProxy LoadBalancing/Proxy
1702
enabled: true
1703
# -- Custom labels for the haproxy pod. This is relevant for Argo CD CLI.
1704
labels:
1705
app.kubernetes.io/name: argocd-redis-ha-haproxy
1706
image:
1707
# -- HAProxy Image Repository
1708
repository: ecr-public.aws.com/docker/library/haproxy
1709
metrics:
1710
# -- HAProxy enable prometheus metric scraping
1711
enabled: true
1712
# -- Whether the haproxy pods should be forced to run on separate nodes.
1713
hardAntiAffinity: true
1714
# -- Additional affinities to add to the haproxy pods.
1715
additionalAffinities: {}
1716
# -- Assign custom [affinity] rules to the haproxy pods.
1717
affinity: ""
1718
# -- [Tolerations] for use with node taints for haproxy pods.
1719
tolerations: []
1720
# -- HAProxy container-level security context
1721
# @default -- See [values.yaml]
1722
containerSecurityContext:
1723
readOnlyRootFilesystem: true
1724
# -- Configures redis-ha with AUTH
1725
auth: true
1726
# -- Existing Secret to use for redis-ha authentication.
1727
# By default the redis-secret-init Job is generating this Secret.
1728
existingSecret: argocd-redis
1729
# -- Whether the Redis server pods should be forced to run on separate nodes.
1730
hardAntiAffinity: true
1731
# -- Additional affinities to add to the Redis server pods.
1732
additionalAffinities: {}
1733
# -- Assign custom [affinity] rules to the Redis pods.
1734
affinity: ""
1735
# -- [Tolerations] for use with node taints for Redis pods.
1736
tolerations: []
1737
# -- Assign custom [TopologySpreadConstraints] rules to the Redis pods.
1738
## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
1739
topologySpreadConstraints:
1740
# -- Enable Redis HA topology spread constraints
1741
enabled: false
1742
# -- Max skew of pods tolerated
1743
# @default -- `""` (defaults to `1`)
1744
maxSkew: ""
1745
# -- Topology key for spread
1746
# @default -- `""` (defaults to `topology.kubernetes.io/zone`)
1747
topologyKey: ""
1748
# -- Enforcement policy, hard or soft
1749
# @default -- `""` (defaults to `ScheduleAnyway`)
1750
whenUnsatisfiable: ""
1751
# -- Redis HA statefulset container-level security context
1752
# @default -- See [values.yaml]
1753
containerSecurityContext:
1754
readOnlyRootFilesystem: true
1755
# External Redis parameters
1756
externalRedis:
1757
# -- External Redis server host
1758
host: ""
1759
# -- External Redis username
1760
username: ""
1761
# -- External Redis password
1762
password: ""
1763
# -- External Redis server port
1764
port: 6379
1765
# -- The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials.
1766
# When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored
1767
existingSecret: ""
1768
# -- External Redis Secret annotations
1769
secretAnnotations: {}
1770
redisSecretInit:
1771
# -- Enable Redis secret initialization. If disabled, secret must be provisioned by alternative methods
1772
enabled: true
1773
# -- Redis secret-init name
1774
name: redis-secret-init
1775
image:
1776
# -- Repository to use for the Redis secret-init Job
1777
# @default -- `""` (defaults to global.image.repository)
1778
repository: "" # defaults to global.image.repository
1779
# -- Tag to use for the Redis secret-init Job
1780
# @default -- `""` (defaults to global.image.tag)
1781
tag: "" # defaults to global.image.tag
1782
# -- Image pull policy for the Redis secret-init Job
1783
# @default -- `""` (defaults to global.image.imagePullPolicy)
1784
imagePullPolicy: "" # IfNotPresent
1785
# -- Additional command line arguments for the Redis secret-init Job
1786
extraArgs: []
1787
# -- Secrets with credentials to pull images from a private registry
1788
# @default -- `[]` (defaults to global.imagePullSecrets)
1789
imagePullSecrets: []
1790
# -- Runtime class name for the Redis secret-init Job
1791
# @default -- `""` (defaults to global.runtimeClassName)
1792
runtimeClassName: ""
1793
# -- Annotations to be added to the Redis secret-init Job
1794
jobAnnotations: {}
1795
# -- Annotations to be added to the Redis secret-init Job
1796
podAnnotations: {}
1797
# -- Labels to be added to the Redis secret-init Job
1798
podLabels: {}
1799
# -- Resource limits and requests for Redis secret-init Job
1800
resources: {}
1801
# limits:
1802
# cpu: 200m
1803
# memory: 128Mi
1804
# requests:
1805
# cpu: 100m
1806
# memory: 64Mi
1807
1808
# -- Application controller container-level security context
1809
# @default -- See [values.yaml]
1810
containerSecurityContext:
1811
allowPrivilegeEscalation: false
1812
capabilities:
1813
drop:
1814
- ALL
1815
readOnlyRootFilesystem: true
1816
runAsNonRoot: true
1817
seccompProfile:
1818
type: RuntimeDefault
1819
# -- Redis secret-init Job pod-level security context
1820
securityContext: {}
1821
serviceAccount:
1822
# -- Create a service account for the redis pod
1823
create: true
1824
# -- Service account name for redis pod
1825
name: ""
1826
# -- Annotations applied to created service account
1827
annotations: {}
1828
# -- Automount API credentials for the Service Account
1829
automountServiceAccountToken: true
1830
# -- Priority class for Redis secret-init Job
1831
# @default -- `""` (defaults to global.priorityClassName)
1832
priorityClassName: ""
1833
# -- Assign custom [affinity] rules to the Redis secret-init Job
1834
affinity: {}
1835
# -- Node selector to be added to the Redis secret-init Job
1836
# @default -- `{}` (defaults to global.nodeSelector)
1837
nodeSelector: {}
1838
# -- Tolerations to be added to the Redis secret-init Job
1839
# @default -- `[]` (defaults to global.tolerations)
1840
tolerations: []
1841
## Server
1842
server:
1843
# -- Argo CD server name
1844
name: server
1845
# -- The number of server pods to run
1846
replicas: 1
1847
# -- Runtime class name for the Argo CD server
1848
# @default -- `""` (defaults to global.runtimeClassName)
1849
runtimeClassName: ""
1850
## Argo CD server Horizontal Pod Autoscaler
1851
autoscaling:
1852
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server
1853
enabled: false
1854
# -- Minimum number of replicas for the Argo CD server [HPA]
1855
minReplicas: 1
1856
# -- Maximum number of replicas for the Argo CD server [HPA]
1857
maxReplicas: 5
1858
# -- Average CPU utilization percentage for the Argo CD server [HPA]
1859
targetCPUUtilizationPercentage: 50
1860
# -- Average memory utilization percentage for the Argo CD server [HPA]
1861
targetMemoryUtilizationPercentage: 50
1862
# -- Configures the scaling behavior of the target in both Up and Down directions.
1863
behavior: {}
1864
# scaleDown:
1865
# stabilizationWindowSeconds: 300
1866
# policies:
1867
# - type: Pods
1868
# value: 1
1869
# periodSeconds: 180
1870
# scaleUp:
1871
# stabilizationWindowSeconds: 300
1872
# policies:
1873
# - type: Pods
1874
# value: 2
1875
# periodSeconds: 60
1876
# -- Configures custom HPA metrics for the Argo CD server
1877
# Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
1878
metrics: []
1879
## Argo CD server Pod Disruption Budget
1880
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
1881
pdb:
1882
# -- Deploy a [PodDisruptionBudget] for the Argo CD server
1883
enabled: false
1884
# -- Labels to be added to Argo CD server pdb
1885
labels: {}
1886
# -- Annotations to be added to Argo CD server pdb
1887
annotations: {}
1888
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
1889
# @default -- `""` (defaults to 0 if not specified)
1890
minAvailable: ""
1891
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
1892
## Has higher precedence over `server.pdb.minAvailable`
1893
maxUnavailable: ""
1894
## Argo CD server Vertical Pod Autoscaler
1895
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
1896
vpa:
1897
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the Argo CD server
1898
enabled: false
1899
# -- Labels to be added to Argo CD server vpa
1900
labels: {}
1901
# -- Annotations to be added to Argo CD server vpa
1902
annotations: {}
1903
# -- One of the VPA operation modes
1904
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
1905
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
1906
updateMode: Initial
1907
# -- Controls how VPA computes the recommended resources for Argo CD server container
1908
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
1909
containerPolicy: {}
1910
# controlledResources: ["cpu", "memory"]
1911
# minAllowed:
1912
# cpu: 250m
1913
# memory: 256Mi
1914
# maxAllowed:
1915
# cpu: 1
1916
# memory: 1Gi
1917
## Argo CD server image
1918
image:
1919
# -- Repository to use for the Argo CD server
1920
# @default -- `""` (defaults to global.image.repository)
1921
repository: "" # defaults to global.image.repository
1922
# -- Tag to use for the Argo CD server
1923
# @default -- `""` (defaults to global.image.tag)
1924
tag: "" # defaults to global.image.tag
1925
# -- Image pull policy for the Argo CD server
1926
# @default -- `""` (defaults to global.image.imagePullPolicy)
1927
imagePullPolicy: "" # IfNotPresent
1928
# -- Secrets with credentials to pull images from a private registry
1929
# @default -- `[]` (defaults to global.imagePullSecrets)
1930
imagePullSecrets: []
1931
# -- Additional command line arguments to pass to Argo CD server
1932
extraArgs: []
1933
# -- Environment variables to pass to Argo CD server
1934
env: []
1935
# -- envFrom to pass to Argo CD server
1936
# @default -- `[]` (See [values.yaml])
1937
envFrom: []
1938
# - configMapRef:
1939
# name: config-map-name
1940
# - secretRef:
1941
# name: secret-name
1942
1943
# -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container
1944
lifecycle: {}
1945
## Argo CD extensions
1946
## This function in tech preview stage, do expect instability or breaking changes in newer versions.
1947
## Ref: https://github.com/argoproj-labs/argocd-extension-installer
1948
## When you enable extensions, you need to configure RBAC of logged in Argo CD user.
1949
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource
1950
extensions:
1951
# -- Enable support for Argo CD extensions
1952
enabled: false
1953
## Argo CD extension installer image
1954
image:
1955
# -- Repository to use for extension installer image
1956
repository: cgr.dev/chainguard-private/argocd-extension-installer
1957
# -- Tag to use for extension installer image
1958
tag: latest@sha256:a03f9f2f22735e47f8a8979026e0be9ba1f373176c5cbc1d85a74507944bcd6d
1959
# -- Image pull policy for extensions
1960
# @default -- `""` (defaults to global.image.imagePullPolicy)
1961
imagePullPolicy: ""
1962
# -- Extensions for Argo CD
1963
# @default -- `[]` (See [values.yaml])
1964
## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension
1965
extensionList: []
1966
# - name: extension-metrics
1967
# env:
1968
# - name: EXTENSION_URL
1969
# value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension.tar.gz
1970
# - name: EXTENSION_CHECKSUM_URL
1971
# value: https://github.com/argoproj-labs/argocd-extension-metrics/releases/download/v1.0.0/extension_checksums.txt
1972
1973
# -- Server UI extensions container-level security context
1974
# @default -- See [values.yaml]
1975
containerSecurityContext:
1976
runAsNonRoot: true
1977
readOnlyRootFilesystem: true
1978
allowPrivilegeEscalation: false
1979
runAsUser: 1000
1980
seccompProfile:
1981
type: RuntimeDefault
1982
capabilities:
1983
drop:
1984
- ALL
1985
# -- Resource limits and requests for the argocd-extensions container
1986
resources: {}
1987
# limits:
1988
# cpu: 50m
1989
# memory: 128Mi
1990
# requests:
1991
# cpu: 10m
1992
# memory: 64Mi
1993
# -- Additional containers to be added to the server pod
1994
## Note: Supports use of custom Helm templates
1995
extraContainers: []
1996
# - name: my-sidecar
1997
# image: nginx:latest
1998
# - name: lemonldap-ng-controller
1999
# image: lemonldapng/lemonldap-ng-controller:0.2.0
2000
# args:
2001
# - /lemonldap-ng-controller
2002
# - --alsologtostderr
2003
# - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
2004
# env:
2005
# - name: POD_NAME
2006
# valueFrom:
2007
# fieldRef:
2008
# fieldPath: metadata.name
2009
# - name: POD_NAMESPACE
2010
# valueFrom:
2011
# fieldRef:
2012
# fieldPath: metadata.namespace
2013
# volumeMounts:
2014
# - name: copy-portal-skins
2015
# mountPath: /srv/var/lib/lemonldap-ng/portal/skins
2016
2017
# -- Init containers to add to the server pod
2018
## If your target Kubernetes cluster(s) require a custom credential (exec) plugin
2019
## you could use this (and the same in the application controller pod) to provide such executable
2020
## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins
2021
initContainers: []
2022
# - name: download-tools
2023
# image: alpine:3
2024
# command: [sh, -c]
2025
# args:
2026
# - wget -qO /custom-tools/kubelogin.zip https://github.com/Azure/kubelogin/releases/download/v0.2.7/kubelogin-linux-amd64.zip &&
2027
# mkdir /custom-tools/tmp && unzip -d /custom-tools/tmp /custom-tools/kubelogin.zip &&
2028
# mv /custom-tools/tmp/bin/linux_amd64/kubelogin /custom-tools/ && rm -rf custom-tools/tmp && rm /custom-tools/kubelogin.zip
2029
# volumeMounts:
2030
# - mountPath: /custom-tools
2031
# name: custom-tools
2032
2033
# -- Additional volumeMounts to the server main container
2034
volumeMounts: []
2035
# - mountPath: /usr/local/bin/kubelogin
2036
# name: custom-tools
2037
# subPath: kubelogin
2038
2039
# -- Additional volumes to the server pod
2040
volumes: []
2041
# - name: custom-tools
2042
# emptyDir: {}
2043
2044
## Argo CD server emptyDir volumes
2045
emptyDir:
2046
# -- EmptyDir size limit for the Argo CD server
2047
# @default -- `""` (defaults not set if not specified i.e. no size limit)
2048
sizeLimit: ""
2049
# sizeLimit: "1Gi"
2050
# -- Annotations to be added to server Deployment
2051
deploymentAnnotations: {}
2052
# -- Labels for the server Deployment
2053
deploymentLabels: {}
2054
# -- Annotations to be added to server pods
2055
podAnnotations: {}
2056
# -- Labels to be added to server pods
2057
podLabels: {}
2058
# -- Resource limits and requests for the Argo CD server
2059
resources: {}
2060
# limits:
2061
# cpu: 100m
2062
# memory: 128Mi
2063
# requests:
2064
# cpu: 50m
2065
# memory: 64Mi
2066
2067
# Server container ports
2068
containerPorts:
2069
# -- Server container port
2070
server: 8080
2071
# -- Metrics container port
2072
metrics: 8083
2073
# -- Host Network for Server pods
2074
hostNetwork: false
2075
# -- [DNS configuration]
2076
dnsConfig: {}
2077
# -- Alternative DNS policy for Server pods
2078
dnsPolicy: "ClusterFirst"
2079
# -- Server container-level security context
2080
# @default -- See [values.yaml]
2081
containerSecurityContext:
2082
runAsNonRoot: true
2083
readOnlyRootFilesystem: true
2084
allowPrivilegeEscalation: false
2085
seccompProfile:
2086
type: RuntimeDefault
2087
capabilities:
2088
drop:
2089
- ALL
2090
## Readiness and liveness probes for default backend
2091
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2092
readinessProbe:
2093
# -- Enable Kubernetes readiness probe for default backend
2094
enabled: true
2095
# -- Http path to use for the readiness probe
2096
httpPath: /healthz
2097
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2098
failureThreshold: 3
2099
# -- Number of seconds after the container has started before [probe] is initiated
2100
initialDelaySeconds: 10
2101
# -- How often (in seconds) to perform the [probe]
2102
periodSeconds: 10
2103
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2104
successThreshold: 1
2105
# -- Number of seconds after which the [probe] times out
2106
timeoutSeconds: 1
2107
livenessProbe:
2108
# -- Enable Kubernetes liveness probe for default backend
2109
enabled: true
2110
# -- Http path to use for the liveness probe
2111
httpPath: /healthz?full=true
2112
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2113
failureThreshold: 3
2114
# -- Number of seconds after the container has started before [probe] is initiated
2115
initialDelaySeconds: 10
2116
# -- How often (in seconds) to perform the [probe]
2117
periodSeconds: 10
2118
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2119
successThreshold: 1
2120
# -- Number of seconds after which the [probe] times out
2121
timeoutSeconds: 1
2122
## Startup probe for Argo CD server (optional)
2123
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2124
startupProbe:
2125
# -- Enable Kubernetes startup probe for Argo CD server
2126
enabled: false
2127
# -- Http path to use for the startup probe
2128
httpPath: /healthz
2129
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2130
failureThreshold: 20
2131
# -- Number of seconds after the container has started before [probe] is initiated
2132
initialDelaySeconds: 10
2133
# -- How often (in seconds) to perform the [probe]
2134
periodSeconds: 10
2135
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2136
successThreshold: 1
2137
# -- Number of seconds after which the [probe] times out
2138
timeoutSeconds: 1
2139
# -- terminationGracePeriodSeconds for container lifecycle hook
2140
terminationGracePeriodSeconds: 30
2141
# -- Priority class for the Argo CD server pods
2142
# @default -- `""` (defaults to global.priorityClassName)
2143
priorityClassName: ""
2144
# -- [Node selector]
2145
# @default -- `{}` (defaults to global.nodeSelector)
2146
nodeSelector: {}
2147
# -- [Tolerations] for use with node taints
2148
# @default -- `[]` (defaults to global.tolerations)
2149
tolerations: []
2150
# -- Assign custom [affinity] rules to the deployment
2151
# @default -- `{}` (defaults to global.affinity preset)
2152
affinity: {}
2153
# -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server
2154
# @default -- `[]` (defaults to global.topologySpreadConstraints)
2155
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2156
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
2157
topologySpreadConstraints: []
2158
# - maxSkew: 1
2159
# topologyKey: topology.kubernetes.io/zone
2160
# whenUnsatisfiable: DoNotSchedule
2161
2162
# -- Deployment strategy to be added to the server Deployment
2163
deploymentStrategy: {}
2164
# type: RollingUpdate
2165
# rollingUpdate:
2166
# maxSurge: 25%
2167
# maxUnavailable: 25%
2168
2169
# TLS certificate configuration via cert-manager
2170
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
2171
certificate:
2172
# -- Deploy a Certificate resource (requires cert-manager)
2173
enabled: false
2174
# -- Certificate primary domain (commonName)
2175
# @default -- `""` (defaults to global.domain)
2176
domain: ""
2177
# -- Certificate Subject Alternate Names (SANs)
2178
additionalHosts: []
2179
# -- The requested 'duration' (i.e. lifetime) of the certificate.
2180
# @default -- `""` (defaults to 2160h = 90d if not specified)
2181
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
2182
duration: ""
2183
# -- How long before the expiry a certificate should be renewed.
2184
# @default -- `""` (defaults to 360h = 15d if not specified)
2185
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
2186
renewBefore: ""
2187
# Certificate issuer
2188
## Ref: https://cert-manager.io/docs/concepts/issuer
2189
issuer:
2190
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
2191
group: ""
2192
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
2193
kind: ""
2194
# -- Certificate issuer name. Eg. `letsencrypt`
2195
name: ""
2196
# Private key of the certificate
2197
privateKey:
2198
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
2199
rotationPolicy: Never
2200
# -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
2201
encoding: PKCS1
2202
# -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
2203
algorithm: RSA
2204
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
2205
size: 2048
2206
# -- Annotations to be applied to the Server Certificate
2207
annotations: {}
2208
# -- Usages for the certificate
2209
### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage
2210
usages: []
2211
# -- Annotations that allow the certificate to be composed from data residing in existing Kubernetes Resources
2212
secretTemplateAnnotations: {}
2213
# TLS certificate configuration via Secret
2214
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server
2215
certificateSecret:
2216
# -- Create argocd-server-tls secret
2217
enabled: false
2218
# -- Annotations to be added to argocd-server-tls secret
2219
annotations: {}
2220
# -- Labels to be added to argocd-server-tls secret
2221
labels: {}
2222
# -- Private Key of the certificate
2223
key: ""
2224
# -- Certificate data
2225
crt: ""
2226
## Server service configuration
2227
service:
2228
# -- Server service annotations
2229
annotations: {}
2230
# -- Server service labels
2231
labels: {}
2232
# -- Server service type
2233
type: ClusterIP
2234
# -- Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort")
2235
nodePortHttp: 30080
2236
# -- Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort")
2237
nodePortHttps: 30443
2238
# -- Server service http port
2239
servicePortHttp: 80
2240
# -- Server service https port
2241
servicePortHttps: 443
2242
# -- Server service http port name, can be used to route traffic via istio
2243
servicePortHttpName: http
2244
# -- Server service https port name, can be used to route traffic via istio
2245
servicePortHttpsName: https
2246
# -- Server service https port appProtocol
2247
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol
2248
servicePortHttpsAppProtocol: ""
2249
# -- The class of the load balancer implementation
2250
loadBalancerClass: ""
2251
# -- LoadBalancer will get created with the IP specified in this field
2252
loadBalancerIP: ""
2253
# -- Source IP ranges to allow access to service from
2254
## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer
2255
## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb
2256
loadBalancerSourceRanges: []
2257
# -- Server service external IPs
2258
externalIPs: []
2259
# -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
2260
## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2261
externalTrafficPolicy: Cluster
2262
# -- Used to maintain session affinity. Supports `ClientIP` and `None`
2263
## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
2264
sessionAffinity: None
2265
## Server metrics service configuration
2266
metrics:
2267
# -- Deploy metrics service
2268
enabled: false
2269
service:
2270
# -- Metrics service type
2271
type: ClusterIP
2272
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
2273
clusterIP: ""
2274
# -- Metrics service annotations
2275
annotations: {}
2276
# -- Metrics service labels
2277
labels: {}
2278
# -- Metrics service port
2279
servicePort: 8083
2280
# -- Metrics service port name
2281
portName: http-metrics
2282
serviceMonitor:
2283
# -- Enable a prometheus ServiceMonitor
2284
enabled: false
2285
# -- Prometheus ServiceMonitor interval
2286
interval: 30s
2287
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
2288
scrapeTimeout: ""
2289
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
2290
honorLabels: false
2291
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
2292
relabelings: []
2293
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
2294
metricRelabelings: []
2295
# -- Prometheus ServiceMonitor selector
2296
selector: {}
2297
# prometheus: kube-prometheus
2298
2299
# -- Prometheus ServiceMonitor scheme
2300
scheme: ""
2301
# -- Prometheus ServiceMonitor tlsConfig
2302
tlsConfig: {}
2303
# -- Prometheus ServiceMonitor namespace
2304
namespace: "" # monitoring
2305
# -- Prometheus ServiceMonitor labels
2306
additionalLabels: {}
2307
# -- Prometheus ServiceMonitor annotations
2308
annotations: {}
2309
# -- Automount API credentials for the Service Account into the pod.
2310
automountServiceAccountToken: true
2311
serviceAccount:
2312
# -- Create server service account
2313
create: true
2314
# -- Server service account name
2315
name: argocd-server
2316
# -- Annotations applied to created service account
2317
annotations: {}
2318
# -- Labels applied to created service account
2319
labels: {}
2320
# -- Automount API credentials for the Service Account
2321
automountServiceAccountToken: true
2322
# Argo CD server ingress configuration
2323
ingress:
2324
# -- Enable an ingress resource for the Argo CD server
2325
enabled: false
2326
# -- Specific implementation for ingress controller. One of `generic`, `aws` or `gke`
2327
## Additional configuration might be required in related configuration sections
2328
controller: generic
2329
# -- Additional ingress labels
2330
labels: {}
2331
# -- Additional ingress annotations
2332
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough
2333
annotations: {}
2334
# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
2335
# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
2336
2337
# -- Defines which ingress controller will implement the resource
2338
ingressClassName: ""
2339
# -- Argo CD server hostname
2340
# @default -- `""` (defaults to global.domain)
2341
hostname: ""
2342
# -- The path to Argo CD server
2343
path: /
2344
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
2345
pathType: Prefix
2346
# -- Enable TLS configuration for the hostname defined at `server.ingress.hostname`
2347
## TLS certificate will be retrieved from a TLS secret `argocd-server-tls`
2348
## You can create this secret via `certificate` or `certificateSecret` option
2349
tls: false
2350
# -- The list of additional hostnames to be covered by ingress record
2351
# @default -- `[]` (See [values.yaml])
2352
extraHosts: []
2353
# - name: argocd.example.com
2354
# path: /
2355
2356
# -- Additional ingress paths
2357
# @default -- `[]` (See [values.yaml])
2358
## Note: Supports use of custom Helm templates
2359
extraPaths: []
2360
# - path: /*
2361
# pathType: Prefix
2362
# backend:
2363
# service:
2364
# name: ssl-redirect
2365
# port:
2366
# name: use-annotation
2367
2368
# -- Additional ingress rules
2369
# @default -- `[]` (See [values.yaml])
2370
## Note: Supports use of custom Helm templates
2371
extraRules: []
2372
# - http:
2373
# paths:
2374
# - path: /
2375
# pathType: Prefix
2376
# backend:
2377
# service:
2378
# name: '{{ include "argo-cd.server.fullname" . }}'
2379
# port:
2380
# name: '{{ .Values.server.service.servicePortHttpsName }}'
2381
2382
# -- Additional TLS configuration
2383
# @default -- `[]` (See [values.yaml])
2384
extraTls: []
2385
# - hosts:
2386
# - argocd.example.com
2387
# secretName: your-certificate-name
2388
2389
# AWS specific options for Application Load Balancer
2390
# Applies only when `serv.ingress.controller` is set to `aws`
2391
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode
2392
aws:
2393
# -- Backend protocol version for the AWS ALB gRPC service
2394
## This tells AWS to send traffic from the ALB using gRPC.
2395
## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings
2396
backendProtocolVersion: GRPC
2397
# -- Service type for the AWS ALB gRPC service
2398
## Can be of type NodePort or ClusterIP depending on which mode you are running.
2399
## Instance mode needs type NodePort, IP mode needs type ClusterIP
2400
## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic
2401
serviceType: NodePort
2402
# -- Annotations for the AWS ALB gRPC service
2403
## Allows adding custom annotations to the gRPC service for integrations like DataDog, Prometheus, etc.
2404
serviceAnnotations: {}
2405
# Google specific options for Google Application Load Balancer
2406
# Applies only when `server.ingress.controller` is set to `gke`
2407
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress
2408
gke:
2409
# -- Google [BackendConfig] resource, for use with the GKE Ingress Controller
2410
# @default -- `{}` (See [values.yaml])
2411
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
2412
backendConfig: {}
2413
# iap:
2414
# enabled: true
2415
# oauthclientCredentials:
2416
# secretName: argocd-secret
2417
2418
# -- Google [FrontendConfig] resource, for use with the GKE Ingress Controller
2419
# @default -- `{}` (See [values.yaml])
2420
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters
2421
frontendConfig: {}
2422
# redirectToHttps:
2423
# enabled: true
2424
# responseCodeName: RESPONSE_CODE
2425
2426
# Managed GKE certificate for ingress hostname
2427
managedCertificate:
2428
# -- Create ManagedCertificate resource and annotations for Google Load balancer
2429
## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs
2430
create: true
2431
# -- Additional domains for ManagedCertificate resource
2432
extraDomains: []
2433
# - argocd.example.com
2434
# Dedicated gRPC ingress for ingress controllers that supports only single backend protocol per Ingress resource
2435
# Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-2-multiple-ingress-objects-and-hosts
2436
ingressGrpc:
2437
# -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress]
2438
enabled: false
2439
# -- Additional ingress annotations for dedicated [gRPC-ingress]
2440
annotations: {}
2441
# -- Additional ingress labels for dedicated [gRPC-ingress]
2442
labels: {}
2443
# -- Defines which ingress controller will implement the resource [gRPC-ingress]
2444
ingressClassName: ""
2445
# -- Argo CD server hostname for dedicated [gRPC-ingress]
2446
# @default -- `""` (defaults to grpc.`server.ingress.hostname`)
2447
hostname: ""
2448
# -- Argo CD server ingress path for dedicated [gRPC-ingress]
2449
path: /
2450
# -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific`
2451
pathType: Prefix
2452
# -- Enable TLS configuration for the hostname defined at `server.ingressGrpc.hostname`
2453
## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls`
2454
tls: false
2455
# -- The list of additional hostnames to be covered by ingress record
2456
# @default -- `[]` (See [values.yaml])
2457
extraHosts: []
2458
# - name: grpc.argocd.example.com
2459
# path: /
2460
2461
# -- Additional ingress paths for dedicated [gRPC-ingress]
2462
# @default -- `[]` (See [values.yaml])
2463
## Note: Supports use of custom Helm templates
2464
extraPaths: []
2465
# - path: /*
2466
# pathType: Prefix
2467
# backend:
2468
# service:
2469
# name: ssl-redirect
2470
# port:
2471
# name: use-annotation
2472
2473
# -- Additional ingress rules
2474
# @default -- `[]` (See [values.yaml])
2475
## Note: Supports use of custom Helm templates
2476
extraRules: []
2477
# - http:
2478
# paths:
2479
# - path: /
2480
# pathType: Prefix
2481
# backend:
2482
# service:
2483
# name: '{{ include "argo-cd.server.fullname" . }}'
2484
# port:
2485
# name: '{{ .Values.server.service.servicePortHttpName }}'
2486
2487
# -- Additional TLS configuration for dedicated [gRPC-ingress]
2488
# @default -- `[]` (See [values.yaml])
2489
extraTls: []
2490
# - secretName: your-certificate-name
2491
# hosts:
2492
# - argocd.example.com
2493
# Create a OpenShift Route with SSL passthrough for UI and CLI
2494
# Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
2495
# Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain:
2496
# If 'hostname' is an empty string "" OpenShift will create a hostname for you.
2497
route:
2498
# -- Enable an OpenShift Route for the Argo CD server
2499
enabled: false
2500
# -- Openshift Route annotations
2501
annotations: {}
2502
# -- Hostname of OpenShift Route
2503
hostname: ""
2504
# -- Termination type of Openshift Route
2505
termination_type: passthrough
2506
# -- Termination policy of Openshift Route
2507
termination_policy: None
2508
# Gateway API HTTPRoute configuration
2509
# NOTE: Gateway API support is in EXPERIMENTAL status
2510
# Support depends on your Gateway controller implementation
2511
# Some controllers may require additional configuration (e.g., BackendTLSPolicy for HTTPS backends)
2512
# Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details
2513
httproute:
2514
# -- Enable HTTPRoute resource for Argo CD server (Gateway API)
2515
enabled: false
2516
# -- Additional HTTPRoute labels
2517
labels: {}
2518
# -- Additional HTTPRoute annotations
2519
annotations: {}
2520
# -- Gateway API parentRefs for the HTTPRoute
2521
## Must reference an existing Gateway
2522
# @default -- `[]` (See [values.yaml])
2523
parentRefs: []
2524
# - name: example-gateway
2525
# namespace: example-gateway-namespace
2526
# sectionName: https
2527
# -- List of hostnames for the HTTPRoute
2528
# @default -- `[]` (See [values.yaml])
2529
hostnames: []
2530
# - argocd.example.com
2531
# -- HTTPRoute rules configuration
2532
# @default -- `[]` (See [values.yaml])
2533
rules:
2534
- matches:
2535
- path:
2536
type: PathPrefix
2537
value: /
2538
# filters: []
2539
# - type: RequestHeaderModifier
2540
# requestHeaderModifier:
2541
# add:
2542
# - name: X-Custom-Header
2543
# value: custom-value
2544
# timeouts:
2545
# request: 10s
2546
# backendRequest: 2s
2547
# Gateway API GRPCRoute configuration
2548
# NOTE: Gateway API support is in EXPERIMENTAL status
2549
# Support depends on your Gateway controller implementation
2550
# Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details
2551
grpcroute:
2552
# -- Enable GRPCRoute resource for Argo CD server (Gateway API)
2553
enabled: false
2554
# -- Additional GRPCRoute labels
2555
labels: {}
2556
# -- Additional GRPCRoute annotations
2557
annotations: {}
2558
# -- Gateway API parentRefs for the GRPCRoute
2559
## Must reference an existing Gateway
2560
# @default -- `[]` (See [values.yaml])
2561
parentRefs: []
2562
# - name: example-gateway
2563
# namespace: example-gateway-namespace
2564
# sectionName: grpc
2565
# -- List of hostnames for the GRPCRoute
2566
# @default -- `[]` (See [values.yaml])
2567
hostnames: []
2568
# - grpc.argocd.example.com
2569
# -- GRPCRoute rules configuration
2570
# @default -- `[]` (See [values.yaml])
2571
rules:
2572
- matches:
2573
- method:
2574
type: Exact
2575
# filters: []
2576
# - type: RequestHeaderModifier
2577
# requestHeaderModifier:
2578
# add:
2579
# - name: X-Custom-Header
2580
# value: custom-value
2581
# Gateway API BackendTLSPolicy configuration
2582
# NOTE: BackendTLSPolicy support is in EXPERIMENTAL status
2583
# Required for HTTPS backends when using Gateway API
2584
# Not all Gateway controllers support this resource (e.g., Cilium does not support it yet)
2585
backendTLSPolicy:
2586
# -- Enable BackendTLSPolicy resource for Argo CD server (Gateway API)
2587
enabled: false
2588
# -- Additional BackendTLSPolicy labels
2589
labels: {}
2590
# -- Additional BackendTLSPolicy annotations
2591
annotations: {}
2592
# -- Target references for the BackendTLSPolicy
2593
# @default -- `[]` (See [values.yaml])
2594
targetRefs: []
2595
# - group: ""
2596
# kind: Service
2597
# name: argocd-server
2598
# sectionName: https
2599
# -- TLS validation configuration
2600
# @default -- `{}` (See [values.yaml])
2601
validation: {}
2602
# hostname: argocd-server.argocd.svc.cluster.local
2603
# caCertificateRefs:
2604
# - name: example-ca-cert
2605
# group: ""
2606
# kind: ConfigMap
2607
# wellKnownCACertificates: System
2608
# Gateway API ListenerSet configuration
2609
# NOTE: Gateway API support is in EXPERIMENTAL status
2610
# ListenerSet allows attaching additional listeners to an existing Gateway
2611
# Requires Gateway API v1alpha2 and a controller that supports ListenerSet
2612
# Refer to https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.ListenerSet
2613
listenerset:
2614
# -- Enable ListenerSet resource for Argo CD server (Gateway API)
2615
enabled: false
2616
# -- Additional ListenerSet labels
2617
labels: {}
2618
# -- Additional ListenerSet annotations
2619
annotations: {}
2620
# -- Gateway API parentRef for the ListenerSet
2621
## Must reference an existing Gateway. Unlike HTTPRoute, ListenerSet accepts exactly one parentRef.
2622
# @default -- `{}` (See [values.yaml])
2623
parentRef: {}
2624
# group: gateway.networking.k8s.io
2625
# kind: Gateway
2626
# name: example-gateway
2627
# namespace: example-gateway-namespace
2628
# -- Listeners to attach to the parent Gateway
2629
# @default -- `[]` (See [values.yaml])
2630
listeners: []
2631
# - name: https
2632
# port: 443
2633
# protocol: HTTPS
2634
# hostname: argocd.example.com
2635
# tls:
2636
# mode: Terminate
2637
# certificateRefs:
2638
# - group: ""
2639
# kind: Secret
2640
# name: argocd-server-tls
2641
# allowedRoutes:
2642
# namespaces:
2643
# from: Same
2644
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
2645
## Defaults to off
2646
clusterRoleRules:
2647
# -- Enable custom rules for the server's ClusterRole resource
2648
enabled: false
2649
# -- List of custom rules for the server's ClusterRole resource
2650
rules: []
2651
# Default ArgoCD Server's network policy
2652
networkPolicy:
2653
# -- Default network policy rules used by ArgoCD Server
2654
# @default -- `false` (defaults to global.networkPolicy.create)
2655
create: false
2656
## Repo Server
2657
repoServer:
2658
# -- Repo server name
2659
name: repo-server
2660
# -- The number of repo server pods to run
2661
replicas: 1
2662
# -- Runtime class name for the repo server
2663
# @default -- `""` (defaults to global.runtimeClassName)
2664
runtimeClassName: ""
2665
## Repo server Horizontal Pod Autoscaler
2666
autoscaling:
2667
# -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server
2668
enabled: false
2669
# -- Minimum number of replicas for the repo server [HPA]
2670
minReplicas: 1
2671
# -- Maximum number of replicas for the repo server [HPA]
2672
maxReplicas: 5
2673
# -- Average CPU utilization percentage for the repo server [HPA]
2674
targetCPUUtilizationPercentage: 50
2675
# -- Average memory utilization percentage for the repo server [HPA]
2676
targetMemoryUtilizationPercentage: 50
2677
# -- Configures the scaling behavior of the target in both Up and Down directions.
2678
behavior: {}
2679
# scaleDown:
2680
# stabilizationWindowSeconds: 300
2681
# policies:
2682
# - type: Pods
2683
# value: 1
2684
# periodSeconds: 180
2685
# scaleUp:
2686
# stabilizationWindowSeconds: 300
2687
# policies:
2688
# - type: Pods
2689
# value: 2
2690
# periodSeconds: 60
2691
# -- Configures custom HPA metrics for the Argo CD repo server
2692
# Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
2693
metrics: []
2694
## Repo server Pod Disruption Budget
2695
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
2696
pdb:
2697
# -- Deploy a [PodDisruptionBudget] for the repo server
2698
enabled: false
2699
# -- Labels to be added to repo server pdb
2700
labels: {}
2701
# -- Annotations to be added to repo server pdb
2702
annotations: {}
2703
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
2704
# @default -- `""` (defaults to 0 if not specified)
2705
minAvailable: ""
2706
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
2707
## Has higher precedence over `repoServer.pdb.minAvailable`
2708
maxUnavailable: ""
2709
## Repo server Vertical Pod Autoscaler
2710
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
2711
vpa:
2712
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the repo server
2713
enabled: false
2714
# -- Labels to be added to repo server vpa
2715
labels: {}
2716
# -- Annotations to be added to repo server vpa
2717
annotations: {}
2718
# -- One of the VPA operation modes
2719
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
2720
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
2721
updateMode: Initial
2722
# -- Controls how VPA computes the recommended resources for repo server container
2723
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
2724
containerPolicy: {}
2725
# controlledResources: ["cpu", "memory"]
2726
# minAllowed:
2727
# cpu: 250m
2728
# memory: 256Mi
2729
# maxAllowed:
2730
# cpu: 1
2731
# memory: 1Gi
2732
## Repo server image
2733
image:
2734
# -- Repository to use for the repo server
2735
# @default -- `""` (defaults to global.image.repository)
2736
repository: ""
2737
# -- Tag to use for the repo server
2738
# @default -- `""` (defaults to global.image.tag)
2739
tag: ""
2740
# -- Image pull policy for the repo server
2741
# @default -- `""` (defaults to global.image.imagePullPolicy)
2742
imagePullPolicy: ""
2743
# -- Secrets with credentials to pull images from a private registry
2744
# @default -- `[]` (defaults to global.imagePullSecrets)
2745
imagePullSecrets: []
2746
# -- Additional command line arguments to pass to repo server
2747
extraArgs: []
2748
# -- Environment variables to pass to repo server
2749
env: []
2750
# -- envFrom to pass to repo server
2751
# @default -- `[]` (See [values.yaml])
2752
envFrom: []
2753
# - configMapRef:
2754
# name: config-map-name
2755
# - secretRef:
2756
# name: secret-name
2757
2758
# -- Specify postStart and preStop lifecycle hooks for your argo-repo-server container
2759
lifecycle: {}
2760
# -- Additional containers to be added to the repo server pod
2761
## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/
2762
## Note: Supports use of custom Helm templates
2763
extraContainers: []
2764
# - name: cmp-my-plugin
2765
# command:
2766
# - "/var/run/argocd/argocd-cmp-server"
2767
# image: busybox
2768
# securityContext:
2769
# runAsNonRoot: true
2770
# runAsUser: 999
2771
# volumeMounts:
2772
# - mountPath: /var/run/argocd
2773
# name: var-files
2774
# - mountPath: /home/argocd/cmp-server/plugins
2775
# name: plugins
2776
# # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
2777
# - mountPath: /home/argocd/cmp-server/config/plugin.yaml
2778
# subPath: my-plugin.yaml
2779
# name: argocd-cmp-cm
2780
# # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
2781
# # mitigate path traversal attacks.
2782
# - mountPath: /tmp
2783
# name: cmp-tmp
2784
# - name: cmp-my-plugin2
2785
# command:
2786
# - "/var/run/argocd/argocd-cmp-server"
2787
# image: busybox
2788
# securityContext:
2789
# runAsNonRoot: true
2790
# runAsUser: 999
2791
# volumeMounts:
2792
# - mountPath: /var/run/argocd
2793
# name: var-files
2794
# # Remove this volumeMount if you've chosen to bake the config file into the sidecar image.
2795
# - mountPath: /home/argocd/cmp-server/plugins
2796
# name: plugins
2797
# - mountPath: /home/argocd/cmp-server/config/plugin.yaml
2798
# subPath: my-plugin2.yaml
2799
# name: argocd-cmp-cm
2800
# # Starting with v2.4, do NOT mount the same tmp volume as the repo-server container. The filesystem separation helps
2801
# # mitigate path traversal attacks.
2802
# - mountPath: /tmp
2803
# name: cmp-tmp
2804
2805
# -- Init containers to add to the repo server pods
2806
initContainers: []
2807
copyutil:
2808
# -- Extra arguments for the cp command in the repo server copyutil initContainer
2809
# @default -- `"--update=none"`
2810
extraArgs: "--update=none"
2811
# -- Resource limits and requests for the repo server copyutil initContainer
2812
resources: {}
2813
# limits:
2814
# cpu: 100m
2815
# memory: 128Mi
2816
# requests:
2817
# cpu: 50m
2818
# memory: 64Mi
2819
# -- Additional volumeMounts to the repo server main container
2820
volumeMounts: []
2821
# -- Additional volumes to the repo server pod
2822
volumes: []
2823
# - name: argocd-cmp-cm
2824
# configMap:
2825
# name: argocd-cmp-cm
2826
# - name: cmp-tmp
2827
# emptyDir: {}
2828
2829
# -- Volumes to be used in replacement of emptydir on default volumes
2830
existingVolumes: {}
2831
# gpgKeyring:
2832
# persistentVolumeClaim:
2833
# claimName: pvc-argocd-repo-server-keyring
2834
# helmWorkingDir:
2835
# persistentVolumeClaim:
2836
# claimName: pvc-argocd-repo-server-workdir
2837
# tmp:
2838
# persistentVolumeClaim:
2839
# claimName: pvc-argocd-repo-server-tmp
2840
# varFiles:
2841
# persistentVolumeClaim:
2842
# claimName: pvc-argocd-repo-server-varfiles
2843
# plugins:
2844
# persistentVolumeClaim:
2845
# claimName: pvc-argocd-repo-server-plugins
2846
2847
## RepoServer emptyDir volumes
2848
emptyDir:
2849
# -- EmptyDir size limit for repo server
2850
# @default -- `""` (defaults not set if not specified i.e. no size limit)
2851
sizeLimit: ""
2852
# sizeLimit: "1Gi"
2853
# -- Toggle the usage of a ephemeral Helm working directory
2854
useEphemeralHelmWorkingDir: true
2855
# -- Annotations to be added to repo server Deployment
2856
deploymentAnnotations: {}
2857
# -- Labels for the repo server Deployment
2858
deploymentLabels: {}
2859
# -- Annotations to be added to repo server pods
2860
podAnnotations: {}
2861
# -- Labels to be added to repo server pods
2862
podLabels: {}
2863
# -- Resource limits and requests for the repo server pods
2864
resources: {}
2865
# limits:
2866
# cpu: 50m
2867
# memory: 128Mi
2868
# requests:
2869
# cpu: 10m
2870
# memory: 64Mi
2871
2872
# Repo server container ports
2873
containerPorts:
2874
# -- Repo server container port
2875
server: 8081
2876
# -- Metrics container port
2877
metrics: 8084
2878
# -- Host Network for Repo server pods
2879
hostNetwork: false
2880
# -- [DNS configuration]
2881
dnsConfig: {}
2882
# -- Alternative DNS policy for Repo server pods
2883
dnsPolicy: "ClusterFirst"
2884
# -- Repo server container-level security context
2885
# @default -- See [values.yaml]
2886
containerSecurityContext:
2887
runAsNonRoot: true
2888
readOnlyRootFilesystem: true
2889
allowPrivilegeEscalation: false
2890
seccompProfile:
2891
type: RuntimeDefault
2892
capabilities:
2893
drop:
2894
- ALL
2895
## Readiness and liveness probes for Repo Server
2896
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2897
readinessProbe:
2898
# -- Enable Kubernetes readiness probe for Repo Server
2899
enabled: true
2900
# -- Http path to use for the readiness probe
2901
httpPath: /healthz
2902
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2903
failureThreshold: 3
2904
# -- Number of seconds after the container has started before [probe] is initiated
2905
initialDelaySeconds: 10
2906
# -- How often (in seconds) to perform the [probe]
2907
periodSeconds: 10
2908
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2909
successThreshold: 1
2910
# -- Number of seconds after which the [probe] times out
2911
timeoutSeconds: 1
2912
livenessProbe:
2913
# -- Enable Kubernetes liveness probe for Repo Server
2914
enabled: true
2915
# -- Http path to use for the liveness probe
2916
httpPath: /healthz?full=true
2917
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2918
failureThreshold: 3
2919
# -- Number of seconds after the container has started before [probe] is initiated
2920
initialDelaySeconds: 10
2921
# -- How often (in seconds) to perform the [probe]
2922
periodSeconds: 10
2923
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2924
successThreshold: 1
2925
# -- Number of seconds after which the [probe] times out
2926
timeoutSeconds: 1
2927
## Startup probe for Repo Server (optional)
2928
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
2929
startupProbe:
2930
# -- Enable Kubernetes startup probe for Repo Server
2931
enabled: false
2932
# -- Http path to use for the startup probe
2933
httpPath: /healthz
2934
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
2935
failureThreshold: 20
2936
# -- Number of seconds after the container has started before [probe] is initiated
2937
initialDelaySeconds: 10
2938
# -- How often (in seconds) to perform the [probe]
2939
periodSeconds: 10
2940
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
2941
successThreshold: 1
2942
# -- Number of seconds after which the [probe] times out
2943
timeoutSeconds: 1
2944
# -- terminationGracePeriodSeconds for container lifecycle hook
2945
terminationGracePeriodSeconds: 30
2946
# -- [Node selector]
2947
# @default -- `{}` (defaults to global.nodeSelector)
2948
nodeSelector: {}
2949
# -- [Tolerations] for use with node taints
2950
# @default -- `[]` (defaults to global.tolerations)
2951
tolerations: []
2952
# -- Assign custom [affinity] rules to the deployment
2953
# @default -- `{}` (defaults to global.affinity preset)
2954
affinity: {}
2955
# -- Assign custom [TopologySpreadConstraints] rules to the repo server
2956
# @default -- `[]` (defaults to global.topologySpreadConstraints)
2957
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
2958
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
2959
topologySpreadConstraints: []
2960
# - maxSkew: 1
2961
# topologyKey: topology.kubernetes.io/zone
2962
# whenUnsatisfiable: DoNotSchedule
2963
2964
# -- Deployment strategy to be added to the repo server Deployment
2965
deploymentStrategy: {}
2966
# type: RollingUpdate
2967
# rollingUpdate:
2968
# maxSurge: 25%
2969
# maxUnavailable: 25%
2970
2971
# -- Priority class for the repo server pods
2972
# @default -- `""` (defaults to global.priorityClassName)
2973
priorityClassName: ""
2974
# TLS certificate configuration via Secret
2975
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server
2976
## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers.
2977
certificateSecret:
2978
# -- Create argocd-repo-server-tls secret
2979
enabled: false
2980
# -- Annotations to be added to argocd-repo-server-tls secret
2981
annotations: {}
2982
# -- Labels to be added to argocd-repo-server-tls secret
2983
labels: {}
2984
# -- Certificate authority. Required for self-signed certificates.
2985
ca: ""
2986
# -- Certificate private key
2987
key: ""
2988
# -- Certificate data. Must contain SANs of Repo service (ie: argocd-repo-server, argocd-repo-server.argo-cd.svc)
2989
crt: ""
2990
## Repo server service configuration
2991
service:
2992
# -- Repo server service annotations
2993
annotations: {}
2994
# -- Repo server service labels
2995
labels: {}
2996
# -- Repo server service port
2997
port: 8081
2998
# -- Repo server service port name
2999
portName: tcp-repo-server
3000
# -- Traffic distribution preference for the repo server service. If the field is not set, the implementation will apply its default routing strategy.
3001
trafficDistribution: ""
3002
## Repo server metrics service configuration
3003
metrics:
3004
# -- Deploy metrics service
3005
enabled: false
3006
service:
3007
# -- Metrics service type
3008
type: ClusterIP
3009
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
3010
clusterIP: ""
3011
# -- Metrics service annotations
3012
annotations: {}
3013
# -- Metrics service labels
3014
labels: {}
3015
# -- Metrics service port
3016
servicePort: 8084
3017
# -- Metrics service port name
3018
portName: http-metrics
3019
serviceMonitor:
3020
# -- Enable a prometheus ServiceMonitor
3021
enabled: false
3022
# -- Prometheus ServiceMonitor interval
3023
interval: 30s
3024
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
3025
scrapeTimeout: ""
3026
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
3027
honorLabels: false
3028
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
3029
relabelings: []
3030
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
3031
metricRelabelings: []
3032
# -- Prometheus ServiceMonitor selector
3033
selector: {}
3034
# prometheus: kube-prometheus
3035
3036
# -- Prometheus ServiceMonitor scheme
3037
scheme: ""
3038
# -- Prometheus ServiceMonitor tlsConfig
3039
tlsConfig: {}
3040
# -- Prometheus ServiceMonitor namespace
3041
namespace: "" # "monitoring"
3042
# -- Prometheus ServiceMonitor labels
3043
additionalLabels: {}
3044
# -- Prometheus ServiceMonitor annotations
3045
annotations: {}
3046
## Enable Custom Rules for the Repo server's Cluster Role resource
3047
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
3048
## Defaults to off
3049
clusterRoleRules:
3050
# -- Enable custom rules for the Repo server's Cluster Role resource
3051
enabled: false
3052
# -- List of custom rules for the Repo server's Cluster Role resource
3053
rules: []
3054
# -- Automount API credentials for the Service Account into the pod.
3055
automountServiceAccountToken: true
3056
## Repo server service account
3057
## If create is set to true, make sure to uncomment the name and update the rbac section below
3058
serviceAccount:
3059
# -- Create repo server service account
3060
create: true
3061
# -- Repo server service account name
3062
name: "" # "argocd-repo-server"
3063
# -- Annotations applied to created service account
3064
annotations: {}
3065
# -- Labels applied to created service account
3066
labels: {}
3067
# -- Automount API credentials for the Service Account
3068
automountServiceAccountToken: true
3069
# -- Repo server rbac rules
3070
rbac: []
3071
# - apiGroups:
3072
# - argoproj.io
3073
# resources:
3074
# - applications
3075
# verbs:
3076
# - get
3077
# - list
3078
# - watch
3079
3080
# Default repo server's network policy
3081
networkPolicy:
3082
# -- Default network policy rules used by repo server
3083
# @default -- `false` (defaults to global.networkPolicy.create)
3084
create: false
3085
## ApplicationSet controller
3086
applicationSet:
3087
# -- ApplicationSet controller name string
3088
name: applicationset-controller
3089
# -- The number of ApplicationSet controller pods to run
3090
replicas: 1
3091
# -- Runtime class name for the ApplicationSet controller
3092
# @default -- `""` (defaults to global.runtimeClassName)
3093
runtimeClassName: ""
3094
## ApplicationSet controller Pod Disruption Budget
3095
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
3096
pdb:
3097
# -- Deploy a [PodDisruptionBudget] for the ApplicationSet controller
3098
enabled: false
3099
# -- Labels to be added to ApplicationSet controller pdb
3100
labels: {}
3101
# -- Annotations to be added to ApplicationSet controller pdb
3102
annotations: {}
3103
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
3104
# @default -- `""` (defaults to 0 if not specified)
3105
minAvailable: ""
3106
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
3107
## Has higher precedence over `applicationSet.pdb.minAvailable`
3108
maxUnavailable: ""
3109
## ApplicationSet controller Vertical Pod Autoscaler
3110
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
3111
vpa:
3112
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the ApplicationSet controller
3113
enabled: false
3114
# -- Labels to be added to ApplicationSet controller vpa
3115
labels: {}
3116
# -- Annotations to be added to ApplicationSet controller vpa
3117
annotations: {}
3118
# -- One of the VPA operation modes
3119
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
3120
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
3121
updateMode: Initial
3122
# -- Controls how VPA computes the recommended resources for ApplicationSet controller container
3123
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
3124
containerPolicy: {}
3125
# controlledResources: ["cpu", "memory"]
3126
# minAllowed:
3127
# cpu: 250m
3128
# memory: 256Mi
3129
# maxAllowed:
3130
# cpu: 1
3131
# memory: 1Gi
3132
## ApplicationSet controller image
3133
image:
3134
# -- Repository to use for the ApplicationSet controller
3135
# @default -- `""` (defaults to global.image.repository)
3136
repository: ""
3137
# -- Tag to use for the ApplicationSet controller
3138
# @default -- `""` (defaults to global.image.tag)
3139
tag: ""
3140
# -- Image pull policy for the ApplicationSet controller
3141
# @default -- `""` (defaults to global.image.imagePullPolicy)
3142
imagePullPolicy: ""
3143
# -- If defined, uses a Secret to pull an image from a private Docker registry or repository.
3144
# @default -- `[]` (defaults to global.imagePullSecrets)
3145
imagePullSecrets: []
3146
# -- ApplicationSet controller command line flags
3147
extraArgs: []
3148
# -- Environment variables to pass to the ApplicationSet controller
3149
extraEnv: []
3150
# - name: "MY_VAR"
3151
# value: "value"
3152
3153
# -- envFrom to pass to the ApplicationSet controller
3154
# @default -- `[]` (See [values.yaml])
3155
extraEnvFrom: []
3156
# - configMapRef:
3157
# name: config-map-name
3158
# - secretRef:
3159
# name: secret-name
3160
3161
# -- Additional containers to be added to the ApplicationSet controller pod
3162
## Note: Supports use of custom Helm templates
3163
extraContainers: []
3164
# -- Init containers to add to the ApplicationSet controller pod
3165
## Note: Supports use of custom Helm templates
3166
initContainers: []
3167
# -- List of extra mounts to add (normally used with extraVolumes)
3168
extraVolumeMounts: []
3169
# -- List of extra volumes to add
3170
extraVolumes: []
3171
## ApplicationSet controller emptyDir volumes
3172
emptyDir:
3173
# -- EmptyDir size limit for applicationSet controller
3174
# @default -- `""` (defaults not set if not specified i.e. no size limit)
3175
sizeLimit: ""
3176
# sizeLimit: "1Gi"
3177
## Metrics service configuration
3178
metrics:
3179
# -- Deploy metrics service
3180
enabled: false
3181
service:
3182
# -- Metrics service type
3183
type: ClusterIP
3184
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
3185
clusterIP: ""
3186
# -- Metrics service annotations
3187
annotations: {}
3188
# -- Metrics service labels
3189
labels: {}
3190
# -- Metrics service port
3191
servicePort: 8080
3192
# -- Metrics service port name
3193
portName: http-metrics
3194
serviceMonitor:
3195
# -- Enable a prometheus ServiceMonitor
3196
enabled: false
3197
# -- Prometheus ServiceMonitor interval
3198
interval: 30s
3199
# -- Prometheus ServiceMonitor scrapeTimeout. If empty, Prometheus uses the global scrape timeout unless it is less than the target's scrape interval value in which the latter is used.
3200
scrapeTimeout: ""
3201
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
3202
honorLabels: false
3203
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
3204
relabelings: []
3205
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
3206
metricRelabelings: []
3207
# -- Prometheus ServiceMonitor selector
3208
selector: {}
3209
# prometheus: kube-prometheus
3210
3211
# -- Prometheus ServiceMonitor scheme
3212
scheme: ""
3213
# -- Prometheus ServiceMonitor tlsConfig
3214
tlsConfig: {}
3215
# -- Prometheus ServiceMonitor namespace
3216
namespace: "" # monitoring
3217
# -- Prometheus ServiceMonitor labels
3218
additionalLabels: {}
3219
# -- Prometheus ServiceMonitor annotations
3220
annotations: {}
3221
## ApplicationSet service configuration
3222
service:
3223
# -- ApplicationSet service annotations
3224
annotations: {}
3225
# -- ApplicationSet service labels
3226
labels: {}
3227
# -- ApplicationSet service type
3228
type: ClusterIP
3229
# -- ApplicationSet service port
3230
port: 7000
3231
# -- ApplicationSet service port name
3232
portName: http-webhook
3233
# -- Automount API credentials for the Service Account into the pod.
3234
automountServiceAccountToken: true
3235
serviceAccount:
3236
# -- Create ApplicationSet controller service account
3237
create: true
3238
# -- ApplicationSet controller service account name
3239
name: argocd-applicationset-controller
3240
# -- Annotations applied to created service account
3241
annotations: {}
3242
# -- Labels applied to created service account
3243
labels: {}
3244
# -- Automount API credentials for the Service Account
3245
automountServiceAccountToken: true
3246
# -- Annotations to be added to ApplicationSet controller Deployment
3247
deploymentAnnotations: {}
3248
# -- Labels for the ApplicationSet controller Deployment
3249
deploymentLabels: {}
3250
# -- Annotations for the ApplicationSet controller pods
3251
podAnnotations: {}
3252
# -- Labels for the ApplicationSet controller pods
3253
podLabels: {}
3254
# -- Resource limits and requests for the ApplicationSet controller pods.
3255
resources: {}
3256
# limits:
3257
# cpu: 100m
3258
# memory: 128Mi
3259
# requests:
3260
# cpu: 100m
3261
# memory: 128Mi
3262
3263
# ApplicationSet controller container ports
3264
containerPorts:
3265
# -- Metrics container port
3266
metrics: 8080
3267
# -- Probe container port
3268
probe: 8081
3269
# -- Webhook container port
3270
webhook: 7000
3271
# -- [DNS configuration]
3272
dnsConfig: {}
3273
# -- Alternative DNS policy for ApplicationSet controller pods
3274
dnsPolicy: "ClusterFirst"
3275
# -- ApplicationSet controller container-level security context
3276
# @default -- See [values.yaml]
3277
containerSecurityContext:
3278
runAsNonRoot: true
3279
readOnlyRootFilesystem: true
3280
allowPrivilegeEscalation: false
3281
seccompProfile:
3282
type: RuntimeDefault
3283
capabilities:
3284
drop:
3285
- ALL
3286
## Probes for ApplicationSet controller (optional)
3287
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
3288
readinessProbe:
3289
# -- Enable Kubernetes liveness probe for ApplicationSet controller
3290
enabled: false
3291
# -- Number of seconds after the container has started before [probe] is initiated
3292
initialDelaySeconds: 10
3293
# -- How often (in seconds) to perform the [probe]
3294
periodSeconds: 10
3295
# -- Number of seconds after which the [probe] times out
3296
timeoutSeconds: 1
3297
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3298
successThreshold: 1
3299
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3300
failureThreshold: 3
3301
livenessProbe:
3302
# -- Enable Kubernetes liveness probe for ApplicationSet controller
3303
enabled: false
3304
# -- Number of seconds after the container has started before [probe] is initiated
3305
initialDelaySeconds: 10
3306
# -- How often (in seconds) to perform the [probe]
3307
periodSeconds: 10
3308
# -- Number of seconds after which the [probe] times out
3309
timeoutSeconds: 1
3310
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3311
successThreshold: 1
3312
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3313
failureThreshold: 3
3314
## Startup probe for ApplicationSet controller (optional)
3315
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
3316
startupProbe:
3317
# -- Enable Kubernetes startup probe for ApplicationSet controller
3318
enabled: false
3319
# -- Number of seconds after the container has started before [probe] is initiated
3320
initialDelaySeconds: 10
3321
# -- How often (in seconds) to perform the [probe]
3322
periodSeconds: 10
3323
# -- Number of seconds after which the [probe] times out
3324
timeoutSeconds: 1
3325
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3326
successThreshold: 1
3327
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3328
failureThreshold: 20
3329
# -- terminationGracePeriodSeconds for container lifecycle hook
3330
terminationGracePeriodSeconds: 30
3331
# -- [Node selector]
3332
# @default -- `{}` (defaults to global.nodeSelector)
3333
nodeSelector: {}
3334
# -- [Tolerations] for use with node taints
3335
# @default -- `[]` (defaults to global.tolerations)
3336
tolerations: []
3337
# -- Assign custom [affinity] rules
3338
# @default -- `{}` (defaults to global.affinity preset)
3339
affinity: {}
3340
# -- Assign custom [TopologySpreadConstraints] rules to the ApplicationSet controller
3341
# @default -- `[]` (defaults to global.topologySpreadConstraints)
3342
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
3343
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
3344
topologySpreadConstraints: []
3345
# - maxSkew: 1
3346
# topologyKey: topology.kubernetes.io/zone
3347
# whenUnsatisfiable: DoNotSchedule
3348
3349
# -- Deployment strategy to be added to the ApplicationSet controller Deployment
3350
deploymentStrategy: {}
3351
# type: RollingUpdate
3352
# rollingUpdate:
3353
# maxSurge: 25%
3354
# maxUnavailable: 25%
3355
3356
# -- Priority class for the ApplicationSet controller pods
3357
# @default -- `""` (defaults to global.priorityClassName)
3358
priorityClassName: ""
3359
# TLS certificate configuration via cert-manager
3360
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration
3361
certificate:
3362
# -- Deploy a Certificate resource (requires cert-manager)
3363
enabled: false
3364
# -- Certificate primary domain (commonName)
3365
# @default -- `""` (defaults to global.domain)
3366
domain: ""
3367
# -- Certificate Subject Alternate Names (SANs)
3368
additionalHosts: []
3369
# -- The requested 'duration' (i.e. lifetime) of the certificate.
3370
# @default -- `""` (defaults to 2160h = 90d if not specified)
3371
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
3372
duration: ""
3373
# -- How long before the expiry a certificate should be renewed.
3374
# @default -- `""` (defaults to 360h = 15d if not specified)
3375
## Ref: https://cert-manager.io/docs/usage/certificate/#renewal
3376
renewBefore: ""
3377
# Certificate issuer
3378
## Ref: https://cert-manager.io/docs/concepts/issuer
3379
issuer:
3380
# -- Certificate issuer group. Set if using an external issuer. Eg. `cert-manager.io`
3381
group: ""
3382
# -- Certificate issuer kind. Either `Issuer` or `ClusterIssuer`
3383
kind: ""
3384
# -- Certificate issuer name. Eg. `letsencrypt`
3385
name: ""
3386
# Private key of the certificate
3387
privateKey:
3388
# -- Rotation policy of private key when certificate is re-issued. Either: `Never` or `Always`
3389
rotationPolicy: Never
3390
# -- The private key cryptography standards (PKCS) encoding for private key. Either: `PCKS1` or `PKCS8`
3391
encoding: PKCS1
3392
# -- Algorithm used to generate certificate private key. One of: `RSA`, `Ed25519` or `ECDSA`
3393
algorithm: RSA
3394
# -- Key bit size of the private key. If algorithm is set to `Ed25519`, size is ignored.
3395
size: 2048
3396
# -- Annotations to be applied to the ApplicationSet Certificate
3397
annotations: {}
3398
## Ingress for the Git Generator webhook
3399
## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
3400
ingress:
3401
# -- Enable an ingress resource for ApplicationSet webhook
3402
enabled: false
3403
# -- Additional ingress labels
3404
labels: {}
3405
# -- Additional ingress annotations
3406
annotations: {}
3407
# -- Defines which ingress ApplicationSet controller will implement the resource
3408
ingressClassName: ""
3409
# -- Argo CD ApplicationSet hostname
3410
# @default -- `""` (defaults to global.domain)
3411
hostname: ""
3412
# -- List of ingress paths
3413
path: /api/webhook
3414
# -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
3415
pathType: Prefix
3416
# -- Enable TLS configuration for the hostname defined at `applicationSet.webhook.ingress.hostname`
3417
## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls`
3418
tls: false
3419
# -- The list of additional hostnames to be covered by ingress record
3420
# @default -- `[]` (See [values.yaml])
3421
extraHosts: []
3422
# - name: argocd.example.com
3423
# path: /
3424
3425
# -- Additional ingress paths
3426
# @default -- `[]` (See [values.yaml])
3427
extraPaths: []
3428
# - path: /*
3429
# pathType: Prefix
3430
# backend:
3431
# service:
3432
# name: ssl-redirect
3433
# port:
3434
# name: use-annotation
3435
3436
# -- Additional ingress rules
3437
# @default -- `[]` (See [values.yaml])
3438
## Note: Supports use of custom Helm templates
3439
extraRules: []
3440
# - http:
3441
# paths:
3442
# - path: /api/webhook
3443
# pathType: Prefix
3444
# backend:
3445
# service:
3446
# name: '{{ include "argo-cd.applicationSet.fullname" . }}'
3447
# port:
3448
# name: '{{ .Values.applicationSet.service.portName }}'
3449
3450
# -- Additional ingress TLS configuration
3451
# @default -- `[]` (See [values.yaml])
3452
extraTls: []
3453
# - secretName: argocd-applicationset-tls
3454
# hosts:
3455
# - argocd-applicationset.example.com
3456
## Gateway API HTTPRoute for the Git Generator webhook
3457
## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
3458
# NOTE: Gateway API support is in EXPERIMENTAL status
3459
# Support depends on your Gateway controller implementation
3460
# Some controllers may require additional configuration (e.g., BackendTLSPolicy for HTTPS backends)
3461
# Refer to https://gateway-api.sigs.k8s.io/implementations/ for controller-specific details
3462
httproute:
3463
# -- Enable HTTPRoute resource for Argo CD Applicationset Webhook (Gateway API)
3464
enabled: false
3465
# -- Additional HTTPRoute labels
3466
labels: {}
3467
# -- Additional HTTPRoute annotations
3468
annotations: {}
3469
# -- Gateway API parentRefs for the HTTPRoute
3470
## Must reference an existing Gateway
3471
# @default -- `[]` (See [values.yaml])
3472
parentRefs: []
3473
# - name: example-gateway
3474
# namespace: example-gateway-namespace
3475
# sectionName: https
3476
# -- List of hostnames for the HTTPRoute
3477
# @default -- `[]` (See [values.yaml])
3478
hostnames: []
3479
# - argocd.example.com
3480
# -- HTTPRoute rules configuration
3481
# @default -- `[]` (See [values.yaml])
3482
rules:
3483
- matches:
3484
- path:
3485
type: PathPrefix
3486
value: /api/webhook
3487
# filters: []
3488
# - type: RequestHeaderModifier
3489
# requestHeaderModifier:
3490
# add:
3491
# - name: X-Custom-Header
3492
# value: custom-value
3493
# Gateway API ListenerSet configuration for the Git Generator webhook
3494
## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration
3495
# NOTE: Gateway API support is in EXPERIMENTAL status
3496
# ListenerSet allows attaching additional listeners to an existing Gateway
3497
# Requires Gateway API v1alpha2 and a controller that supports ListenerSet
3498
# Refer to https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.ListenerSet
3499
listenerset:
3500
# -- Enable ListenerSet resource for Argo CD ApplicationSet webhook (Gateway API)
3501
enabled: false
3502
# -- Additional ListenerSet labels
3503
labels: {}
3504
# -- Additional ListenerSet annotations
3505
annotations: {}
3506
# -- Gateway API parentRef for the ListenerSet
3507
## Must reference an existing Gateway. Unlike HTTPRoute, ListenerSet accepts exactly one parentRef.
3508
# @default -- `{}` (See [values.yaml])
3509
parentRef: {}
3510
# group: gateway.networking.k8s.io
3511
# kind: Gateway
3512
# name: example-gateway
3513
# namespace: example-gateway-namespace
3514
# -- Listeners to attach to the parent Gateway
3515
# @default -- `[]` (See [values.yaml])
3516
listeners: []
3517
# - name: https
3518
# port: 443
3519
# protocol: HTTPS
3520
# hostname: argocd.example.com
3521
# tls:
3522
# mode: Terminate
3523
# certificateRefs:
3524
# - group: ""
3525
# kind: Secret
3526
# name: argocd-applicationset-controller-tls
3527
# allowedRoutes:
3528
# namespaces:
3529
# from: Same
3530
# -- Enable ApplicationSet in any namespace feature
3531
allowAnyNamespace: false
3532
# Default ApplicationSet controller's network policy
3533
networkPolicy:
3534
# -- Default network policy rules used by ApplicationSet controller
3535
# @default -- `false` (defaults to global.networkPolicy.create)
3536
create: false
3537
## Notifications controller
3538
notifications:
3539
# -- Enable notifications controller
3540
enabled: true
3541
# -- Notifications controller name string
3542
name: notifications-controller
3543
# -- Argo CD dashboard url; used in place of {{.context.argocdUrl}} in templates
3544
# @default -- `""` (defaults to https://`global.domain`)
3545
argocdUrl: ""
3546
# -- Runtime class name for the notifications controller
3547
# @default -- `""` (defaults to global.runtimeClassName)
3548
runtimeClassName: ""
3549
## Notifications controller Pod Disruption Budget
3550
## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
3551
pdb:
3552
# -- Deploy a [PodDisruptionBudget] for the notifications controller
3553
enabled: false
3554
# -- Labels to be added to notifications controller pdb
3555
labels: {}
3556
# -- Annotations to be added to notifications controller pdb
3557
annotations: {}
3558
# -- Number of pods that are available after eviction as number or percentage (eg.: 50%)
3559
# @default -- `""` (defaults to 0 if not specified)
3560
minAvailable: ""
3561
# -- Number of pods that are unavailable after eviction as number or percentage (eg.: 50%).
3562
## Has higher precedence over `notifications.pdb.minAvailable`
3563
maxUnavailable: ""
3564
## Notifications controller Vertical Pod Autoscaler
3565
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
3566
vpa:
3567
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the notifications controller
3568
enabled: false
3569
# -- Labels to be added to notifications controller vpa
3570
labels: {}
3571
# -- Annotations to be added to notifications controller vpa
3572
annotations: {}
3573
# -- One of the VPA operation modes
3574
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
3575
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
3576
updateMode: Initial
3577
# -- Controls how VPA computes the recommended resources for notifications controller container
3578
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
3579
containerPolicy: {}
3580
# controlledResources: ["cpu", "memory"]
3581
# minAllowed:
3582
# cpu: 250m
3583
# memory: 256Mi
3584
# maxAllowed:
3585
# cpu: 1
3586
# memory: 1Gi
3587
## Notifications controller image
3588
image:
3589
# -- Repository to use for the notifications controller
3590
# @default -- `""` (defaults to global.image.repository)
3591
repository: ""
3592
# -- Tag to use for the notifications controller
3593
# @default -- `""` (defaults to global.image.tag)
3594
tag: ""
3595
# -- Image pull policy for the notifications controller
3596
# @default -- `""` (defaults to global.image.imagePullPolicy)
3597
imagePullPolicy: ""
3598
# -- Secrets with credentials to pull images from a private registry
3599
# @default -- `[]` (defaults to global.imagePullSecrets)
3600
imagePullSecrets: []
3601
# DEPRECATED - Use configs.params to override
3602
# -- Notifications controller log format. Either `text` or `json`
3603
# @default -- `""` (defaults to global.logging.format)
3604
# logFormat: ""
3605
# -- Notifications controller log level. One of: `debug`, `info`, `warn`, `error`
3606
# @default -- `""` (defaults to global.logging.level)
3607
# logLevel: ""
3608
3609
# -- Extra arguments to provide to the notifications controller
3610
extraArgs: []
3611
# -- Additional container environment variables
3612
extraEnv: []
3613
# -- envFrom to pass to the notifications controller
3614
# @default -- `[]` (See [values.yaml])
3615
extraEnvFrom: []
3616
# - configMapRef:
3617
# name: config-map-name
3618
# - secretRef:
3619
# name: secret-name
3620
3621
# -- Additional containers to be added to the notifications controller pod
3622
## Note: Supports use of custom Helm templates
3623
extraContainers: []
3624
# -- Init containers to add to the notifications controller pod
3625
## Note: Supports use of custom Helm templates
3626
initContainers: []
3627
# -- List of extra mounts to add (normally used with extraVolumes)
3628
extraVolumeMounts: []
3629
# -- List of extra volumes to add
3630
extraVolumes: []
3631
# -- Define user-defined context
3632
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context
3633
context: {}
3634
# region: east
3635
# environmentName: staging
3636
3637
secret:
3638
# -- Whether helm chart creates notifications controller secret
3639
## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name.
3640
create: true
3641
# -- notifications controller Secret name
3642
name: "argocd-notifications-secret"
3643
# -- key:value pairs of annotations to be added to the secret
3644
annotations: {}
3645
# -- key:value pairs of labels to be added to the secret
3646
labels: {}
3647
# -- Generic key:value pairs to be inserted into the secret
3648
## Can be used for templates, notification services etc. Some examples given below.
3649
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
3650
items: {}
3651
# slack-token:
3652
# # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/slack/
3653
# grafana-apiKey:
3654
# # For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/grafana/
3655
3656
# webhooks-github-token:
3657
3658
# email-username:
3659
# email-password:
3660
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/email/
3661
3662
metrics:
3663
# -- Enables prometheus metrics server
3664
enabled: false
3665
# -- Metrics port
3666
port: 9001
3667
service:
3668
# -- Metrics service type
3669
type: ClusterIP
3670
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
3671
clusterIP: ""
3672
# -- Metrics service annotations
3673
annotations: {}
3674
# -- Metrics service labels
3675
labels: {}
3676
# -- Metrics service port name
3677
portName: http-metrics
3678
serviceMonitor:
3679
# -- Enable a prometheus ServiceMonitor
3680
enabled: false
3681
# -- Prometheus ServiceMonitor selector
3682
selector: {}
3683
# prometheus: kube-prometheus
3684
# -- Prometheus ServiceMonitor labels
3685
additionalLabels: {}
3686
# -- Prometheus ServiceMonitor annotations
3687
annotations: {}
3688
# namespace: monitoring
3689
# interval: 30s
3690
# scrapeTimeout: 10s
3691
# -- Prometheus ServiceMonitor scheme
3692
scheme: ""
3693
# -- Prometheus ServiceMonitor tlsConfig
3694
tlsConfig: {}
3695
# -- When true, honorLabels preserves the metric’s labels when they collide with the target’s labels.
3696
honorLabels: false
3697
# -- Prometheus [RelabelConfigs] to apply to samples before scraping
3698
relabelings: []
3699
# -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
3700
metricRelabelings: []
3701
# -- Configures notification services such as slack, email or custom webhook
3702
# @default -- See [values.yaml]
3703
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/
3704
notifiers: {}
3705
# service.slack: |
3706
# token: $slack-token
3707
3708
# -- Annotations to be applied to the notifications controller Deployment
3709
deploymentAnnotations: {}
3710
# -- Labels for the notifications controller Deployment
3711
deploymentLabels: {}
3712
# -- Annotations to be applied to the notifications controller Pods
3713
podAnnotations: {}
3714
# -- Labels to be applied to the notifications controller Pods
3715
podLabels: {}
3716
# -- Resource limits and requests for the notifications controller
3717
resources: {}
3718
# limits:
3719
# cpu: 100m
3720
# memory: 128Mi
3721
# requests:
3722
# cpu: 100m
3723
# memory: 128Mi
3724
3725
# Notification controller container ports
3726
containerPorts:
3727
# -- Metrics container port
3728
metrics: 9001
3729
# -- [DNS configuration]
3730
dnsConfig: {}
3731
# -- Alternative DNS policy for notifications controller Pods
3732
dnsPolicy: "ClusterFirst"
3733
# -- Notification controller container-level security Context
3734
# @default -- See [values.yaml]
3735
containerSecurityContext:
3736
runAsNonRoot: true
3737
readOnlyRootFilesystem: true
3738
allowPrivilegeEscalation: false
3739
seccompProfile:
3740
type: RuntimeDefault
3741
capabilities:
3742
drop:
3743
- ALL
3744
## Probes for notifications controller Pods (optional)
3745
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
3746
readinessProbe:
3747
# -- Enable Kubernetes liveness probe for notifications controller Pods
3748
enabled: false
3749
# -- Number of seconds after the container has started before [probe] is initiated
3750
initialDelaySeconds: 10
3751
# -- How often (in seconds) to perform the [probe]
3752
periodSeconds: 10
3753
# -- Number of seconds after which the [probe] times out
3754
timeoutSeconds: 1
3755
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3756
successThreshold: 1
3757
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3758
failureThreshold: 3
3759
livenessProbe:
3760
# -- Enable Kubernetes liveness probe for notifications controller Pods
3761
enabled: false
3762
# -- Number of seconds after the container has started before [probe] is initiated
3763
initialDelaySeconds: 10
3764
# -- How often (in seconds) to perform the [probe]
3765
periodSeconds: 10
3766
# -- Number of seconds after which the [probe] times out
3767
timeoutSeconds: 1
3768
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3769
successThreshold: 1
3770
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3771
failureThreshold: 3
3772
## Startup probe for notifications controller Pods (optional)
3773
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
3774
startupProbe:
3775
# -- Enable Kubernetes startup probe for notifications controller Pods
3776
enabled: false
3777
# -- Number of seconds after the container has started before [probe] is initiated
3778
initialDelaySeconds: 10
3779
# -- How often (in seconds) to perform the [probe]
3780
periodSeconds: 10
3781
# -- Number of seconds after which the [probe] times out
3782
timeoutSeconds: 1
3783
# -- Minimum consecutive successes for the [probe] to be considered successful after having failed
3784
successThreshold: 1
3785
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
3786
failureThreshold: 20
3787
# -- terminationGracePeriodSeconds for container lifecycle hook
3788
terminationGracePeriodSeconds: 30
3789
# -- [Node selector]
3790
# @default -- `{}` (defaults to global.nodeSelector)
3791
nodeSelector: {}
3792
# -- [Tolerations] for use with node taints
3793
# @default -- `[]` (defaults to global.tolerations)
3794
tolerations: []
3795
# -- Assign custom [affinity] rules
3796
# @default -- `{}` (defaults to global.affinity preset)
3797
affinity: {}
3798
# -- Assign custom [TopologySpreadConstraints] rules to the application controller
3799
# @default -- `[]` (defaults to global.topologySpreadConstraints)
3800
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
3801
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
3802
topologySpreadConstraints: []
3803
# - maxSkew: 1
3804
# topologyKey: topology.kubernetes.io/zone
3805
# whenUnsatisfiable: DoNotSchedule
3806
3807
# -- Deployment strategy to be added to the notifications controller Deployment
3808
deploymentStrategy:
3809
type: Recreate
3810
# -- Priority class for the notifications controller pods
3811
# @default -- `""` (defaults to global.priorityClassName)
3812
priorityClassName: ""
3813
# -- Automount API credentials for the Service Account into the pod.
3814
automountServiceAccountToken: true
3815
serviceAccount:
3816
# -- Create notifications controller service account
3817
create: true
3818
# -- Notification controller service account name
3819
name: argocd-notifications-controller
3820
# -- Annotations applied to created service account
3821
annotations: {}
3822
# -- Labels applied to created service account
3823
labels: {}
3824
# -- Automount API credentials for the Service Account
3825
automountServiceAccountToken: true
3826
cm:
3827
# -- Whether helm chart creates notifications controller config map
3828
create: true
3829
## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource.
3830
## Defaults to off
3831
clusterRoleRules:
3832
# -- List of custom rules for the notifications controller's ClusterRole resource
3833
rules: []
3834
# -- Contains centrally managed global application subscriptions
3835
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/
3836
subscriptions: []
3837
# # subscription for on-sync-status-unknown trigger notifications
3838
# - recipients:
3839
# - slack:test2
3840
# - email:test@gmail.com
3841
# triggers:
3842
# - on-sync-status-unknown
3843
# # subscription restricted to applications with matching labels only
3844
# - recipients:
3845
# - slack:test3
3846
# selector: test=true
3847
# triggers:
3848
# - on-sync-status-unknown
3849
3850
# -- The notification template is used to generate the notification content
3851
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/
3852
templates: {}
3853
# template.app-deployed: |
3854
# email:
3855
# subject: New version of an application {{.app.metadata.name}} is up and running.
3856
# message: |
3857
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests.
3858
# slack:
3859
# attachments: |
3860
# [{
3861
# "title": "{{ .app.metadata.name}}",
3862
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3863
# "color": "#18be52",
3864
# "fields": [
3865
# {
3866
# "title": "Sync Status",
3867
# "value": "{{.app.status.sync.status}}",
3868
# "short": true
3869
# },
3870
# {
3871
# "title": "Repository",
3872
# "value": "{{.app.spec.source.repoURL}}",
3873
# "short": true
3874
# },
3875
# {
3876
# "title": "Revision",
3877
# "value": "{{.app.status.sync.revision}}",
3878
# "short": true
3879
# }
3880
# {{range $index, $c := .app.status.conditions}}
3881
# {{if not $index}},{{end}}
3882
# {{if $index}},{{end}}
3883
# {
3884
# "title": "{{$c.type}}",
3885
# "value": "{{$c.message}}",
3886
# "short": true
3887
# }
3888
# {{end}}
3889
# ]
3890
# }]
3891
# template.app-health-degraded: |
3892
# email:
3893
# subject: Application {{.app.metadata.name}} has degraded.
3894
# message: |
3895
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded.
3896
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
3897
# slack:
3898
# attachments: |-
3899
# [{
3900
# "title": "{{ .app.metadata.name}}",
3901
# "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3902
# "color": "#f4c030",
3903
# "fields": [
3904
# {
3905
# "title": "Sync Status",
3906
# "value": "{{.app.status.sync.status}}",
3907
# "short": true
3908
# },
3909
# {
3910
# "title": "Repository",
3911
# "value": "{{.app.spec.source.repoURL}}",
3912
# "short": true
3913
# }
3914
# {{range $index, $c := .app.status.conditions}}
3915
# {{if not $index}},{{end}}
3916
# {{if $index}},{{end}}
3917
# {
3918
# "title": "{{$c.type}}",
3919
# "value": "{{$c.message}}",
3920
# "short": true
3921
# }
3922
# {{end}}
3923
# ]
3924
# }]
3925
# template.app-sync-failed: |
3926
# email:
3927
# subject: Failed to sync application {{.app.metadata.name}}.
3928
# message: |
3929
# {{if eq .serviceType "slack"}}:exclamation:{{end}} The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}
3930
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
3931
# slack:
3932
# attachments: |-
3933
# [{
3934
# "title": "{{ .app.metadata.name}}",
3935
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3936
# "color": "#E96D76",
3937
# "fields": [
3938
# {
3939
# "title": "Sync Status",
3940
# "value": "{{.app.status.sync.status}}",
3941
# "short": true
3942
# },
3943
# {
3944
# "title": "Repository",
3945
# "value": "{{.app.spec.source.repoURL}}",
3946
# "short": true
3947
# }
3948
# {{range $index, $c := .app.status.conditions}}
3949
# {{if not $index}},{{end}}
3950
# {{if $index}},{{end}}
3951
# {
3952
# "title": "{{$c.type}}",
3953
# "value": "{{$c.message}}",
3954
# "short": true
3955
# }
3956
# {{end}}
3957
# ]
3958
# }]
3959
# template.app-sync-running: |
3960
# email:
3961
# subject: Start syncing application {{.app.metadata.name}}.
3962
# message: |
3963
# The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}.
3964
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
3965
# slack:
3966
# attachments: |-
3967
# [{
3968
# "title": "{{ .app.metadata.name}}",
3969
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
3970
# "color": "#0DADEA",
3971
# "fields": [
3972
# {
3973
# "title": "Sync Status",
3974
# "value": "{{.app.status.sync.status}}",
3975
# "short": true
3976
# },
3977
# {
3978
# "title": "Repository",
3979
# "value": "{{.app.spec.source.repoURL}}",
3980
# "short": true
3981
# }
3982
# {{range $index, $c := .app.status.conditions}}
3983
# {{if not $index}},{{end}}
3984
# {{if $index}},{{end}}
3985
# {
3986
# "title": "{{$c.type}}",
3987
# "value": "{{$c.message}}",
3988
# "short": true
3989
# }
3990
# {{end}}
3991
# ]
3992
# }]
3993
# template.app-sync-status-unknown: |
3994
# email:
3995
# subject: Application {{.app.metadata.name}} sync status is 'Unknown'
3996
# message: |
3997
# {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'.
3998
# Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
3999
# {{if ne .serviceType "slack"}}
4000
# {{range $c := .app.status.conditions}}
4001
# * {{$c.message}}
4002
# {{end}}
4003
# {{end}}
4004
# slack:
4005
# attachments: |-
4006
# [{
4007
# "title": "{{ .app.metadata.name}}",
4008
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
4009
# "color": "#E96D76",
4010
# "fields": [
4011
# {
4012
# "title": "Sync Status",
4013
# "value": "{{.app.status.sync.status}}",
4014
# "short": true
4015
# },
4016
# {
4017
# "title": "Repository",
4018
# "value": "{{.app.spec.source.repoURL}}",
4019
# "short": true
4020
# }
4021
# {{range $index, $c := .app.status.conditions}}
4022
# {{if not $index}},{{end}}
4023
# {{if $index}},{{end}}
4024
# {
4025
# "title": "{{$c.type}}",
4026
# "value": "{{$c.message}}",
4027
# "short": true
4028
# }
4029
# {{end}}
4030
# ]
4031
# }]
4032
# template.app-sync-succeeded: |
4033
# email:
4034
# subject: Application {{.app.metadata.name}} has been successfully synced.
4035
# message: |
4036
# {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
4037
# Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
4038
# slack:
4039
# attachments: |-
4040
# [{
4041
# "title": "{{ .app.metadata.name}}",
4042
# "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
4043
# "color": "#18be52",
4044
# "fields": [
4045
# {
4046
# "title": "Sync Status",
4047
# "value": "{{.app.status.sync.status}}",
4048
# "short": true
4049
# },
4050
# {
4051
# "title": "Repository",
4052
# "value": "{{.app.spec.source.repoURL}}",
4053
# "short": true
4054
# }
4055
# {{range $index, $c := .app.status.conditions}}
4056
# {{if not $index}},{{end}}
4057
# {{if $index}},{{end}}
4058
# {
4059
# "title": "{{$c.type}}",
4060
# "value": "{{$c.message}}",
4061
# "short": true
4062
# }
4063
# {{end}}
4064
# ]
4065
# }]
4066
4067
# -- The trigger defines the condition when the notification should be sent
4068
## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/
4069
triggers: {}
4070
# trigger.on-deployed: |
4071
# - description: Application is synced and healthy. Triggered once per commit.
4072
# oncePer: app.status.sync.revision
4073
# send:
4074
# - app-deployed
4075
# when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
4076
# trigger.on-health-degraded: |
4077
# - description: Application has degraded
4078
# send:
4079
# - app-health-degraded
4080
# when: app.status.health.status == 'Degraded'
4081
# trigger.on-sync-failed: |
4082
# - description: Application syncing has failed
4083
# send:
4084
# - app-sync-failed
4085
# when: app.status.operationState.phase in ['Error', 'Failed']
4086
# trigger.on-sync-running: |
4087
# - description: Application is being synced
4088
# send:
4089
# - app-sync-running
4090
# when: app.status.operationState.phase in ['Running']
4091
# trigger.on-sync-status-unknown: |
4092
# - description: Application status is 'Unknown'
4093
# send:
4094
# - app-sync-status-unknown
4095
# when: app.status.sync.status == 'Unknown'
4096
# trigger.on-sync-succeeded: |
4097
# - description: Application syncing has succeeded
4098
# send:
4099
# - app-sync-succeeded
4100
# when: app.status.operationState.phase in ['Succeeded']
4101
#
4102
# For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/#default-triggers
4103
# defaultTriggers: |
4104
# - on-sync-status-unknown
4105
4106
# Default notifications controller's network policy
4107
networkPolicy:
4108
# -- Default network policy rules used by notifications controller
4109
# @default -- `false` (defaults to global.networkPolicy.create)
4110
create: false
4111
commitServer:
4112
# -- Enable commit server
4113
enabled: false
4114
# -- Commit server name
4115
name: commit-server
4116
# -- Runtime class name for the commit server
4117
# @default -- `""` (defaults to global.runtimeClassName)
4118
runtimeClassName: ""
4119
## commit server controller image
4120
image:
4121
# -- Repository to use for the commit server
4122
# @default -- `""` (defaults to global.image.repository)
4123
repository: ""
4124
# -- Tag to use for the commit server
4125
# @default -- `""` (defaults to global.image.tag)
4126
tag: ""
4127
# -- Image pull policy for the commit server
4128
# @default -- `""` (defaults to global.image.imagePullPolicy)
4129
imagePullPolicy: ""
4130
# -- commit server command line flags
4131
extraArgs: []
4132
# -- Environment variables to pass to the commit server
4133
extraEnv: []
4134
# - name: "MY_VAR"
4135
# value: "value"
4136
4137
# -- envFrom to pass to the commit server
4138
# @default -- `[]` (See [values.yaml])
4139
extraEnvFrom: []
4140
# - configMapRef:
4141
# name: config-map-name
4142
# - secretRef:
4143
# name: secret-name
4144
4145
# -- List of extra mounts to add (normally used with extraVolumes)
4146
extraVolumeMounts: []
4147
# -- List of extra volumes to add
4148
extraVolumes: []
4149
metrics:
4150
# -- Enables prometheus metrics server
4151
enabled: false
4152
service:
4153
# -- Metrics service type
4154
type: ClusterIP
4155
# -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP)
4156
clusterIP: ""
4157
# -- Metrics service annotations
4158
annotations: {}
4159
# -- Metrics service labels
4160
labels: {}
4161
# -- Metrics service port
4162
servicePort: 8087
4163
# -- Metrics service port name
4164
portName: metrics
4165
## commit server service configuration
4166
service:
4167
# -- commit server service annotations
4168
annotations: {}
4169
# -- commit server service labels
4170
labels: {}
4171
# -- commit server service port
4172
port: 8086
4173
# -- commit server service port name
4174
portName: server
4175
# -- Automount API credentials for the Service Account into the pod.
4176
automountServiceAccountToken: false
4177
serviceAccount:
4178
# -- Create commit server service account
4179
create: true
4180
# -- commit server service account name
4181
name: argocd-commit-server
4182
# -- Annotations applied to created service account
4183
annotations: {}
4184
# -- Labels applied to created service account
4185
labels: {}
4186
# -- Automount API credentials for the Service Account
4187
automountServiceAccountToken: true
4188
# -- Annotations to be added to commit server Deployment
4189
deploymentAnnotations: {}
4190
# -- Labels for the commit server Deployment
4191
deploymentLabels: {}
4192
# -- Annotations for the commit server pods
4193
podAnnotations: {}
4194
# -- Labels for the commit server pods
4195
podLabels: {}
4196
# -- Resource limits and requests for the commit server pods.
4197
resources: {}
4198
# limits:
4199
# cpu: 100m
4200
# memory: 128Mi
4201
# requests:
4202
# cpu: 100m
4203
# memory: 128Mi
4204
4205
# -- [DNS configuration]
4206
dnsConfig: {}
4207
# -- Alternative DNS policy for commit server pods
4208
dnsPolicy: "ClusterFirst"
4209
# -- commit server container-level security context
4210
# @default -- See [values.yaml]
4211
containerSecurityContext:
4212
runAsNonRoot: true
4213
readOnlyRootFilesystem: true
4214
allowPrivilegeEscalation: false
4215
capabilities:
4216
drop:
4217
- ALL
4218
seccompProfile:
4219
type: RuntimeDefault
4220
## Probes for commit server (optional)
4221
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
4222
readinessProbe:
4223
# -- Enable Kubernetes liveness probe for commit server
4224
enabled: true
4225
# -- Http path to use for the readiness probe
4226
httpPath: /healthz
4227
# -- Number of seconds after the container has started before [probe] is initiated
4228
initialDelaySeconds: 5
4229
# -- How often (in seconds) to perform the [probe]
4230
periodSeconds: 10
4231
# -- Number of seconds after which the [probe] times out
4232
timeoutSeconds: 1
4233
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
4234
failureThreshold: 3
4235
livenessProbe:
4236
# -- Enable Kubernetes liveness probe for commit server
4237
enabled: true
4238
# -- Http path to use for the liveness probe
4239
httpPath: /healthz?full=true
4240
# -- Number of seconds after the container has started before [probe] is initiated
4241
initialDelaySeconds: 30
4242
# -- How often (in seconds) to perform the [probe]
4243
periodSeconds: 30
4244
# -- Number of seconds after which the [probe] times out
4245
timeoutSeconds: 5
4246
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
4247
failureThreshold: 3
4248
## Startup probe for commit server (optional)
4249
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
4250
startupProbe:
4251
# -- Enable Kubernetes startup probe for commit server
4252
enabled: false
4253
# -- Http path to use for the startup probe
4254
httpPath: /healthz
4255
# -- Number of seconds after the container has started before [probe] is initiated
4256
initialDelaySeconds: 10
4257
# -- How often (in seconds) to perform the [probe]
4258
periodSeconds: 10
4259
# -- Number of seconds after which the [probe] times out
4260
timeoutSeconds: 1
4261
# -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded
4262
failureThreshold: 20
4263
# -- terminationGracePeriodSeconds for container lifecycle hook
4264
terminationGracePeriodSeconds: 30
4265
# -- [Node selector]
4266
# @default -- `{}` (defaults to global.nodeSelector)
4267
nodeSelector: {}
4268
# -- [Tolerations] for use with node taints
4269
# @default -- `[]` (defaults to global.tolerations)
4270
tolerations: []
4271
# -- Assign custom [affinity] rules
4272
# @default -- `{}` (defaults to global.affinity preset)
4273
affinity: {}
4274
# -- Assign custom [TopologySpreadConstraints] rules to the commit server
4275
# @default -- `[]` (defaults to global.topologySpreadConstraints)
4276
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
4277
## If labelSelector is left out, it will default to the labelSelector configuration of the deployment
4278
topologySpreadConstraints: []
4279
# - maxSkew: 1
4280
# topologyKey: topology.kubernetes.io/zone
4281
# whenUnsatisfiable: DoNotSchedule
4282
4283
# -- Deployment strategy to be added to the commit server Deployment
4284
deploymentStrategy: {}
4285
# type: RollingUpdate
4286
# rollingUpdate:
4287
# maxSurge: 25%
4288
# maxUnavailable: 25%
4289
4290
# -- Priority class for the commit server pods
4291
# @default -- `""` (defaults to global.priorityClassName)
4292
priorityClassName: ""
4293
# Default commit server's network policy
4294
networkPolicy:
4295
# -- Default network policy rules used by commit server
4296
# @default -- `false` (defaults to global.networkPolicy.create)
4297
create: false
4298
## Commit server Vertical Pod Autoscaler
4299
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/
4300
vpa:
4301
# -- Deploy a [VerticalPodAutoscaler](https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/) for the commit server
4302
enabled: false
4303
# -- Labels to be added to commit server vpa
4304
labels: {}
4305
# -- Annotations to be added to commit server vpa
4306
annotations: {}
4307
# -- One of the VPA operation modes
4308
## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically
4309
## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden
4310
updateMode: Initial
4311
# -- Controls how VPA computes the recommended resources for commit server container
4312
## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml
4313
containerPolicy: {}
4314
# controlledResources: ["cpu", "memory"]
4315
# minAllowed:
4316
# cpu: 250m
4317
# memory: 256Mi
4318
# maxAllowed:
4319
# cpu: 1
4320
# memory: 1Gi
4321

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.