Update & Fix: Argo-CD

dev
nold 1 year ago
parent 05e1b80b5f
commit 579a06386a
  1. 2
      templates/crds.yaml
  2. 220
      templates/crds/vaultsecrets.yml
  3. 4
      templates/heqet-apps.yaml
  4. 291
      values.d/argocd.yaml
  5. 2
      values.d/vault-secrets-operator.yaml
  6. 40
      values.yaml

@ -1,5 +1,5 @@
{{- if .Values.installCRDs }}
{{- range $path, $_ := .Files.Glob "crds/*.yaml" }}
{{- range $path, $_ := .Files.Glob "crds/*.yml" }}
{{ $.Files.Get $path }}
---
{{- end }}

@ -0,0 +1,220 @@
---
# Source: vault-secrets-operator/templates/custom-resource-definition.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: vaultsecrets.ricoberger.de
labels:
app.kubernetes.io/name: vault-secrets-operator
helm.sh/chart: vault-secrets-operator-1.14.2
app.kubernetes.io/instance: vault-secrets-operator
app.kubernetes.io/managed-by: Helm
spec:
group: ricoberger.de
names:
kind: VaultSecret
listKind: VaultSecretList
plural: vaultsecrets
singular: vaultsecret
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Indicates if the secret was created/updated successfully
jsonPath: .status.conditions[?(@.type=="SecretCreated")].status
name: Succeeded
type: string
- description: Reason for the current status
jsonPath: .status.conditions[?(@.type=="SecretCreated")].reason
name: Reason
type: string
- description: Message with more information, regarding the current status
jsonPath: .status.conditions[?(@.type=="SecretCreated")].message
name: Message
type: string
- description: Time when the condition was updated the last time
jsonPath: .status.conditions[?(@.type=="SecretCreated")].lastTransitionTime
name: Last Transition
type: date
- description: Time when this VaultSecret was created
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: VaultSecret is the Schema for the vaultsecrets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: VaultSecretSpec defines the desired state of VaultSecret
properties:
isBinary:
description: isBinary is a flag indicates if data stored in vault
is binary data. Since vault does not store binary data natively,
the binary data is stored as base64 encoded. However, same data
get encoded again when operator stored them as secret in k8s which
caused the data to get double encoded. This flag will skip the base64
encode which is needed for string data to avoid the double encode
problem.
type: boolean
keys:
description: Keys is an array of Keys, which should be included in
the Kubernetes secret. If the Keys field is ommitted all keys from
the Vault secret will be included in the Kubernetes secret.
items:
type: string
type: array
path:
description: Path is the path of the corresponding secret in Vault.
type: string
reconcileStrategy:
description: ReconcileStrategy defines the strategy for reconcilation.
The default value is "Replace", which replaces any existing data
keys in a secret with the loaded keys from Vault. The second valid
value is "Merge" wiche merges the loaded keys from Vault with the
existing keys in a secret. Duplicated keys will be replaced with
the value from Vault. Other values are not valid for this field.
type: string
secretEngine:
description: SecretEngine specifies the type of the Vault secret engine
in which the secret is stored. Currently the 'KV Secrets Engine
- Version 1' and 'KV Secrets Engine - Version 2' are supported.
The value must be 'kv'. If the value is omitted or an other values
is used the Vault Secrets Operator will try to use the KV secret
engine.
type: string
templates:
additionalProperties:
type: string
description: Templates, if not empty will be run through the the Go
templating engine, with `.Secrets` being mapped to the list of secrets
received from Vault. When omitted set, all secrets will be added
as key/val pairs under Secret.data.
type: object
type:
description: Type is the type of the Kubernetes secret, which will
be created by the Vault Secrets Operator.
type: string
vaultNamespace:
description: 'VaultNamespace can be used to specify the Vault namespace
for a secret. When this value is set, the X-Vault-Namespace header
will be set for the request. More information regarding namespaces
can be found in the Vault Enterprise documentation: https://www.vaultproject.io/docs/enterprise/namespaces'
type: string
vaultRole:
description: VaultRole can be used to specify the Vault role, which
should be used to get the secret from Vault. If the vaultRole property
is set a new client with the specified Vault Role will be created
and the shared client is ignored. If the operator is configured
using the token auth method this property has no effect.
type: string
version:
description: Version sets the version of the secret which should be
used. The version is only used if the KVv2 secret engine is used.
If the version is omitted the Operator uses the latest version of
the secret. If the version omitted and the VAULT_RECONCILIATION_TIME
environment variable is set, the Kubernetes secret will be updated
if the Vault secret changes.
type: integer
required:
- path
- type
type: object
status:
description: VaultSecretStatus defines the observed state of VaultSecret
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are:
\"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type
\ // +patchStrategy=merge // +listType=map // +listMapKey=type
\ Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
\n // other fields }"
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

@ -7,7 +7,7 @@ kind: Namespace
metadata:
name: {{ .namespace | default .name | quote }}
annotations:
argocd.argoproj.io/sync-wave: "-1"
argocd.argoproj.io/sync-wave: "-5"
{{- if .namespace_vars }}
{{ .namespace_vars | indent 2 }}
{{- end }}
@ -72,6 +72,8 @@ metadata:
namespace: {{ $context.namespace | default $context.name | quote }}
labels:
app: {{ $context.name }}
annotations:
argocd.argoproj.io/sync-wave: "-1"
spec:
keys:
{{- range .keys }}

@ -10,12 +10,12 @@ installCRDs: true
global:
image:
repository: argoproj/argocd
tag: v1.6.0-rc1
tag: v2.0.0
imagePullPolicy: IfNotPresent
securityContext: {}
# runAsUser: 999
# runAsGroup: 999
# fsGroup: 999
securityContext:
runAsUser: 999
runAsGroup: 999
fsGroup: 999
imagePullSecrets: []
hostAliases: []
# - ip: 10.20.30.40
@ -28,16 +28,27 @@ controller:
image:
repository: # argoproj/argocd
tag: v1.6.0-rc1
tag: # v1.7.11
imagePullPolicy: # IfNotPresent
# If changing the number of replicas you must pass the number as ARGOCD_CONTROLLER_REPLICAS as an environment variable
replicas: 1
# Deploy the application as a StatefulSet instead of a Deployment, this is required for HA capability.
# This is a feature flag that will become the default in chart version 3.x
enableStatefulSet: false
## Argo controller commandline flags
args:
statusProcessors: "20"
operationProcessors: "10"
appResyncPeriod: "180"
selfHealTimeout: "5"
## Argo controller log format: text|json
logFormat: text
## Argo controller log level
logLevel: debug
logLevel: info
## Additional command line arguments to pass to argocd-controller
##
@ -45,7 +56,10 @@ controller:
## Environment variables to pass to argocd-controller
##
env: []
env:
[]
# - name: "ARGOCD_CONTROLLER_REPLICAS"
# value: ""
## Annotations to be added to controller pods
##
@ -56,10 +70,11 @@ controller:
podLabels: {}
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
containerSecurityContext:
capabilities:
drop:
- all
readOnlyRootFilesystem: true
## Configures the controller port
containerPort: 8082
@ -113,10 +128,14 @@ controller:
serviceAccount:
create: true
name: argocd-application-controller
## Annotations applied to created service account
annotations: {}
## Automount API credentials for the Service Account
automountServiceAccountToken: true
## Server metrics controller configuration
metrics:
enabled: true
enabled: false
service:
annotations: {}
labels: {}
@ -144,7 +163,7 @@ controller:
# resolved for this cloud to continue to maintain state.
# - alert: ArgoAppNotSynced
# expr: |
# argocd_app_sync_status{sync_status!="Synced"} == 1
# argocd_app_info{sync_status!="Synced"} == 1
# for: 12h
# labels:
# severity: warning
@ -169,9 +188,17 @@ dex:
enabled: true
name: dex-server
metrics:
enabled: false
service:
annotations: {}
labels: {}
serviceMonitor:
enabled: false
image:
repository: quay.io/dexidp/dex
tag: v2.22.0
tag: v2.26.0
imagePullPolicy: IfNotPresent
initImage:
repository:
@ -193,6 +220,10 @@ dex:
serviceAccount:
create: true
name: argocd-dex-server
## Annotations applied to created service account
annotations: {}
## Automount API credentials for the Service Account
automountServiceAccountToken: true
## Additional volumeMounts to the controller main container.
volumeMounts:
@ -209,6 +240,8 @@ dex:
servicePortHttp: 5556
containerPortGrpc: 5557
servicePortGrpc: 5557
containerPortMetrics: 5558
servicePortMetrics: 5558
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
@ -220,11 +253,11 @@ dex:
priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
containerSecurityContext:
capabilities:
drop:
- all
readOnlyRootFilesystem: true
resources: {}
# limits:
@ -241,7 +274,7 @@ redis:
image:
repository: redis
tag: 5.0.3
tag: 5.0.10-alpine
imagePullPolicy: IfNotPresent
containerPort: 6379
@ -269,11 +302,18 @@ redis:
priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
containerSecurityContext:
capabilities:
drop:
- all
readOnlyRootFilesystem: true
## Redis Pod specific security context
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
resources: {}
# limits:
@ -298,11 +338,13 @@ redis-ha:
redis:
masterGroupName: argocd
config:
save: "\"\""
save: '""'
haproxy:
enabled: true
metrics:
enabled: true
image:
tag: 5.0.8-alpine
## Server
server:
@ -318,12 +360,12 @@ server:
targetMemoryUtilizationPercentage: 50
image:
repository: argoproj/argocd
tag: v1.6.0-rc1
repository: # argoproj/argocd
tag: # v1.7.11
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-server
## Heqet: We have Ingress
##
extraArgs:
- --insecure
@ -331,9 +373,14 @@ server:
##
env: []
## Specify postStart and preStop lifecycle hooks for your argo-cd-server container
##
lifecycle: {}
## Argo server log format: text|json
logFormat: text
## Argo server log level
# Heqet: Just in case.. this is a Dev Environment!
logLevel: debug
logLevel: info
## Annotations to be added to controller pods
##
@ -378,10 +425,11 @@ server:
priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
# capabilities:
# drop:
# - all
containerSecurityContext:
capabilities:
drop:
- all
readOnlyRootFilesystem: true
resources: {}
# limits:
@ -403,16 +451,21 @@ server:
annotations: {}
labels: {}
type: ClusterIP
## For node port default ports
nodePortHttp: 30080
nodePortHttps: 30443
servicePortHttp: 80
servicePortHttps: 443
servicePortHttpName: http
servicePortHttpsName: https
namedTargetPort: true
loadBalancerIP: ""
loadBalancerSourceRanges: []
externalIPs: []
## Server metrics service configuration
metrics:
enabled: true
enabled: false
service:
annotations: {}
labels: {}
@ -427,8 +480,39 @@ server:
serviceAccount:
create: true
name: argocd-server
## Annotations applied to created service account
annotations: {}
## Automount API credentials for the Service Account
automountServiceAccountToken: true
ingress:
enabled: true
annotations: {}
labels: {}
## Argo Ingress.
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
##
hosts:
- argocd.k3s
paths:
- /
extraPaths:
[]
# - path: /*
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
tls:
[]
# - secretName: argocd-example-tls
# hosts:
# - argocd.example.com
https: false
# dedicated ingess for gRPC as documented at
# https://argoproj.github.io/argo-cd/operator-manual/ingress/
ingressGrpc:
enabled: false
annotations: {}
labels: {}
@ -442,11 +526,18 @@ server:
# - argocd.example.com
paths:
- /
extraPaths:
[]
# - path: /*
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
tls:
[]
# - secretName: argocd-example-tls
# hosts:
# - argocd.example.com
https: false
# Create a OpenShift Route with SSL passthrough for UI and CLI
# Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
@ -458,9 +549,10 @@ server:
## ArgoCD config
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
configEnabled: true
config:
# Argo CD's externally facing base URL (optional). Required when configuring SSO
url: https://argocd.example.com
url: https://argocd.k3s
# Argo CD instance label key
application.instanceLabelKey: argocd.argoproj.io/instance
# repositories: |
@ -469,7 +561,7 @@ server:
# name: secret-name
# key: sshPrivateKey
# - type: helm
# url: https://kubernetes-charts.storage.googleapis.com
# url: https://charts.helm.sh/stable
# name: stable
# - type: helm
# url: https://argoproj.github.io/argo-helm
@ -487,6 +579,9 @@ server:
# - profile
# - email
## Annotations to be added to ArgoCD ConfigMap
configAnnotations: {}
## ArgoCD rbac config
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
rbacConfig:
@ -510,6 +605,13 @@ server:
# If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings.
# scopes: '[cognito:groups, email]'
## Annotations to be added to ArgoCD rbac ConfigMap
rbacConfigAnnotations: {}
# Boolean determining whether or not to create the configmap. If false, it is expected tthe configmap will be created
# by something else. ArgoCD will not work if there is no configMap created with the name above.
rbacConfigCreate: true
## Not well tested and not well supported on release v1.0.0.
## Applications
## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
@ -563,6 +665,13 @@ server:
# kind: StatefulSet
# orphanedResources: {}
# roles: []
# syncWindows:
# - kind: allow
# schedule: '10 1 * * *'
# duration: 1h
# applications:
# - '*-prod'
# manualSync: true
## Enable Admin ClusterRole resources.
## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster.
@ -579,6 +688,30 @@ server:
# oauthclientCredentials:
# secretName: argocd-secret
extraContainers: []
## Additional containers to be added to the controller pod.
## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
# - name: my-sidecar
# image: nginx:latest
# - name: lemonldap-ng-controller
# image: lemonldapng/lemonldap-ng-controller:0.2.0
# args:
# - /lemonldap-ng-controller
# - --alsologtostderr
# - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
# env:
# - name: POD_NAME
# valueFrom:
# fieldRef:
# fieldPath: metadata.name
# - name: POD_NAMESPACE
# valueFrom:
# fieldRef:
# fieldPath: metadata.namespace
# volumeMounts:
# - name: copy-portal-skins
# mountPath: /srv/var/lib/lemonldap-ng/portal/skins
## Repo Server
repoServer:
name: repo-server
@ -593,8 +726,8 @@ repoServer:
targetMemoryUtilizationPercentage: 50
image:
repository: argoproj/argocd
tag: v1.6.0-rc1
repository: # argoproj/argocd
tag: # v1.7.11
imagePullPolicy: # IfNotPresent
## Additional command line arguments to pass to argocd-repo-server
@ -605,8 +738,10 @@ repoServer:
##
env: []
## Argo repoServer log format: text|json
logFormat: text
## Argo repoServer log level
logLevel: debug
logLevel: info
## Annotations to be added to repo server pods
##
@ -651,10 +786,12 @@ repoServer:
priorityClassName: ""
## Labels to set container specific security contexts
containerSecurityContext: {}
containerSecurityContext:
{}
# capabilities:
# drop:
# - all
# readOnlyRootFilesystem: true
resources: {}
# limits:
@ -692,6 +829,8 @@ repoServer:
# name: argocd-repo-server
## Annotations applied to created service account
annotations: {}
## Automount API credentials for the Service Account
automountServiceAccountToken: true
## Repo server rbac rules
# rbac:
@ -707,27 +846,51 @@ repoServer:
## Use init containers to configure custom tooling
## https://argoproj.github.io/argo-cd/operator-manual/custom_tools/
## When using the volumes & volumeMounts section bellow, please comment out those above.
# volumes:
# - name: custom-tools
# emptyDir: {}
#
# initContainers:
# - name: download-tools
# image: alpine:3.8
# command: [sh, -c]
# args:
# - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - &&
# mv linux-amd64/helm /custom-tools/
# volumeMounts:
# - mountPath: /custom-tools
# name: custom-tools
# volumeMounts:
# - mountPath: /usr/local/bin/helm
# name: custom-tools
# subPath: helm
# volumes:
# - name: custom-tools
# emptyDir: {}
#
# initContainers:
# - name: download-tools
# image: alpine:3.8
# command: [sh, -c]
# args:
# - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - &&
# mv linux-amd64/helm /custom-tools/
# volumeMounts:
# - mountPath: /custom-tools
# name: custom-tools
# volumeMounts:
# - mountPath: /usr/local/bin/helm
# name: custom-tools
# subPath: helm
## Argo Configs
configs:
## External Cluster Credentials
## reference:
## - https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters
## - https://argoproj.github.io/argo-cd/operator-manual/security/#external-cluster-credentials
clusterCredentials: []
# - name: mycluster
# server: https://mycluster.com
# annotations: {}
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
# - name: mycluster2
# server: https://mycluster2.com
# annotations: {}
# namespaces: namespace1,namespace2
# config:
# bearerToken: "<authentication token>"
# tlsClientConfig:
# insecure: false
# caData: "<base64 encoded certificate>"
knownHostsAnnotations: {}
knownHosts:
data:
ssh_known_hosts: |
@ -738,6 +901,7 @@ configs:
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
tlsCertsAnnotations: {}
tlsCerts:
{}
# data:
@ -811,10 +975,11 @@ configs:
# Custom secrets. Useful for injecting SSO secrets into environment variables.
# Ref: https://argoproj.github.io/argo-cd/operator-manual/sso/
# Note that all values must be non-empty.
extra: {}
extra:
{}
# LDAP_PASSWORD: "mypassword"
# Argo TLS Data.
# Argo TLS Data.
argocdServerTlsConfig:
{}
# key:

@ -88,7 +88,7 @@ vault:
namespaces: ""
crd:
create: true
create: false
rbac:
create: true

@ -54,24 +54,6 @@ apps:
- admin.password
- server.secretkey
# Loki / Grafana / Promtail Stack for Logging & Metrics
- name: loki-stack
disabled: false
repoURL: https://grafana.github.io/helm-charts
chart: loki-stack
targetRevision: 2.3.1
vhost: grafana.k3s
ingress: grafana
# Polaris - Scan cluster for stuff
- name: polaris
repoURL: https://charts.fairwinds.com/stable
chart: polaris
targetRevision: 3.1.1
ingress: dashboard
namespace: polaris
vhost: polaris.k3s
# Vault
- name: vault
repoURL: https://helm.releases.hashicorp.com
@ -80,6 +62,7 @@ apps:
vhost: vault.k3s
ingressHostsKeymap: true
ingress: server
syncWave: "-3"
parameters:
- name: ui.enabled
value: true
@ -90,10 +73,21 @@ apps:
- name: server.dev.enabled
value: true
# Vault Secret Operator for automatic Secret injection
- name: vault-secrets-operator
repoURL: https://ricoberger.github.io/helm-charts
chart: vault-secrets-operator
targetRevision: 1.14.2
syncWave: "-2"
# Loki / Grafana / Promtail Stack for Logging & Metrics
- name: loki-stack
disabled: false
repoURL: https://grafana.github.io/helm-charts
chart: loki-stack
targetRevision: 2.3.1
vhost: grafana.k3s
ingress: grafana
# PiHole
- name: pihole
@ -114,4 +108,12 @@ apps:
value: folding.k3s
- name: ingess.enabled
value: true
# Polaris - Scan cluster for stuff
- name: polaris
repoURL: https://charts.fairwinds.com/stable
chart: polaris
targetRevision: 3.1.1
ingress: dashboard
namespace: polaris
vhost: polaris.k3s

Loading…
Cancel
Save