## ArgoCD configuration ## Ref: https://github.com/argoproj/argo-cd ## # Optional CRD installation for those without Helm hooks installCRDs: true global: image: repository: quay.io/argoproj/argocd tag: v2.2.0-rc1 # imagePullPolicy: IfNotPresent securityContext: runAsUser: 999 runAsGroup: 999 fsGroup: 999 ## Controller controller: ## Labels to set container specific security contexts containerSecurityContext: capabilities: drop: - all readOnlyRootFilesystem: true ## Server metrics controller configuration metrics: enabled: true service: annotations: prometheus.io/scrape: 'true' prometheus.io/port: '8082' clusterAdminAccess: enabled: true ## Dex dex: enabled: true ## Labels to set container specific security contexts containerSecurityContext: capabilities: drop: - all readOnlyRootFilesystem: true ## Redis redis: enabled: true ## Labels to set container specific security contexts containerSecurityContext: capabilities: drop: - all readOnlyRootFilesystem: true ## Redis Pod specific security context securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true ## Server server: extraArgs: - --insecure ## Labels to set container specific security contexts containerSecurityContext: capabilities: drop: - all readOnlyRootFilesystem: true ## Server metrics service configuration metrics: enabled: true service: annotations: prometheus.io/scrape: 'true' prometheus.io/port: '8083' servicePort: 8083 ingress: enabled: true annotations: cert-manager.io/cluster-issuer: vault-issuer kubernetes.io/ingress.class: nginx hosts: - argocd.dc paths: - / tls: - secretName: argocd-tls hosts: - argocd.dc https: false # dedicated ingess for gRPC as documented at # https://argoproj.github.io/argo-cd/operator-manual/ingress/ ## ArgoCD config ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml configEnabled: true config: # Argo CD's externally facing base URL (optional). Required when configuring SSO url: https://argocd.dc accounts.webhook: apiKey, login # oidc.config: | # name: Keycloak # issuer: https://keycloak.dc/auth/realms/LAN # clientID: argocd # clientSecret: $oidc.auth0.clientSecret # requestedScopes: # - openid # - profile # - email # - groups additionalApplications: [] # - name: guestbook # namespace: argocd # additionalLabels: {} # additionalAnnotations: {} # project: guestbook # source: # repoURL: https://github.com/argoproj/argocd-example-apps.git # targetRevision: HEAD # path: guestbook # directory: # recurse: true # destination: # server: https://kubernetes.default.svc # namespace: guestbook # syncPolicy: # automated: # prune: false # selfHeal: false ## Projects ## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ additionalProjects: [] # - name: guestbook # namespace: argocd # additionalLabels: {} # additionalAnnotations: {} # description: Example Project # sourceRepos: # - '*' # destinations: # - namespace: guestbook # server: https://kubernetes.default.svc # clusterResourceWhitelist: [] # namespaceResourceBlacklist: # - group: '' # kind: ResourceQuota # - group: '' # kind: LimitRange # - group: '' # kind: NetworkPolicy # orphanedResources: {} # roles: [] # namespaceResourceWhitelist: # - group: 'apps' # kind: Deployment # - group: 'apps' # kind: StatefulSet # orphanedResources: {} # roles: [] # syncWindows: # - kind: allow # schedule: '10 1 * * *' # duration: 1h # applications: # - '*-prod' # manualSync: true ## Enable Admin ClusterRole resources. ## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster. clusterAdminAccess: enabled: true ## Repo Server repoServer: containerSecurityContext: capabilities: drop: - all readOnlyRootFilesystem: true ## Repo server metrics service configuration metrics: enabled: true service: annotations: prometheus.io/scrape: 'true' prometheus.io/port: '8084' servicePort: 8084 ## Repo server rbac rules # rbac: # - apiGroups: # - argoproj.io # resources: # - applications # verbs: # - get # - list # - watch configs: secret: createSecret: false