hive-apps/projects/argocd/values/argocd.yaml

229 lines
5.1 KiB
YAML
Raw Normal View History

2021-11-28 11:16:31 +01:00
## ArgoCD configuration
## Ref: https://github.com/argoproj/argo-cd
##
# Optional CRD installation for those without Helm hooks
installCRDs: true
global:
image:
repository: quay.io/argoproj/argocd
tag: v2.8.0
2021-11-28 11:16:31 +01:00
# imagePullPolicy: IfNotPresent
securityContext:
runAsUser: 999
runAsGroup: 999
fsGroup: 999
## Controller
controller:
## Labels to set container specific security contexts
containerSecurityContext:
capabilities:
drop:
- all
readOnlyRootFilesystem: true
## Server metrics controller configuration
metrics:
enabled: true
service:
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '8082'
clusterAdminAccess:
enabled: true
## Dex
dex:
enabled: true
## Labels to set container specific security contexts
containerSecurityContext:
capabilities:
drop:
- all
readOnlyRootFilesystem: true
## Redis
redis:
enabled: true
## Labels to set container specific security contexts
containerSecurityContext:
capabilities:
drop:
- all
readOnlyRootFilesystem: true
## Redis Pod specific security context
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
## Server
server:
extraArgs:
- --insecure
## Labels to set container specific security contexts
containerSecurityContext:
capabilities:
drop:
- all
readOnlyRootFilesystem: true
## Server metrics service configuration
metrics:
enabled: true
service:
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '8083'
servicePort: 8083
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: vault-issuer
2022-01-05 20:16:14 +01:00
traefik.ingress.kubernetes.io/router.tls: 'true'
2021-11-28 11:16:31 +01:00
hosts:
- argocd.dc
paths:
- /
tls:
- secretName: argocd-tls
hosts:
- argocd.dc
https: false
# dedicated ingess for gRPC as documented at
# https://argoproj.github.io/argo-cd/operator-manual/ingress/
## ArgoCD config
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
configEnabled: true
config:
# Argo CD's externally facing base URL (optional). Required when configuring SSO
url: https://argocd.dc
2021-11-28 21:42:14 +01:00
application.resourceTrackingMethod: annotation+label
2021-11-28 11:16:31 +01:00
oidc.config: |
name: Authentik
type: oidc
id: authentik
2021-11-28 11:16:31 +01:00
issuer: https://auth.dc/application/o/argocd/
2023-08-09 18:10:47 +02:00
clientID: "1080104731533290513674458574364055869568731613048916978401072612100150376072438332692042842646474"
clientSecret: $dex.authentik.clientSecret
scopes:
- openid
- profile
- email
- groups
2022-08-24 21:00:55 +02:00
2021-11-28 11:16:31 +01:00
rbacConfig:
policy.csv: |
g, ArgoCDAdmins, role:admin
# Mount vault CA cert
volumeMounts:
- name: certificate
mountPath: /etc/ssl/certs/vault-ca-certificates.crt
subPath: ca
volumes:
- name: certificate
secret:
secretName: ca-cert
defaultMode: 420
2021-11-28 11:16:31 +01:00
additionalApplications: []
## Projects
## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
additionalProjects: []
## Enable Admin ClusterRole resources.
## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster.
clusterAdminAccess:
enabled: true
## Repo Server
repoServer:
containerSecurityContext:
capabilities:
drop:
- all
readOnlyRootFilesystem: true
## Repo server metrics service configuration
metrics:
enabled: true
service:
annotations:
prometheus.io/scrape: 'true'
prometheus.io/port: '8084'
servicePort: 8084
2022-03-18 21:58:39 +01:00
# volumes:
# - name: cmp-plugins
# emptyDir: {}
2021-11-28 11:16:31 +01:00
2022-03-18 21:58:39 +01:00
# volumeMounts:
# - mountPath: /home/argocd/cmp-server/plugins
# name: cmp-plugins
2021-11-28 11:16:31 +01:00
initContainers:
- name: copy-cmp-server
image: quay.io/argoproj/argocd:v2.8.0
2021-11-28 11:16:31 +01:00
command:
- cp
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
extraContainers:
- name: cmp-heqet
2022-02-03 22:50:10 +01:00
command: ["/bin/sh","-c"]
2022-02-06 09:37:14 +01:00
args: [ 'HELM_CACHE_HOME=/tmp helm plugin install https://github.com/lib42/helm-heqet ; sed -i "s/bin\/bash\$/bin\/sh/" /helm-working-dir/plugins/helm-heqet/heqet.sh ; /var/run/argocd/argocd-cmp-server' ]
2021-11-28 11:16:31 +01:00
image: lib42/heqet-cli:latest
2022-02-03 22:44:47 +01:00
imagePullPolicy: Always
2022-01-28 10:11:17 +01:00
env:
- name: HELM_CACHE_HOME
value: /helm-working-dir
- name: HELM_CONFIG_HOME
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
2021-11-28 11:16:31 +01:00
securityContext:
runAsNonRoot: true
runAsUser: 999
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
2022-10-30 12:37:38 +01:00
name: tmp
2022-01-28 10:11:17 +01:00
- mountPath: /helm-working-dir
name: helm-working-dir
2021-11-28 11:16:31 +01:00
## Repo server rbac rules
# rbac:
# - apiGroups:
# - argoproj.io
# resources:
# - applications
# verbs:
# - get
# - list
# - watch
configs:
secret:
createSecret: false