mirror of
https://github.com/nold360/hive-apps
synced 2024-07-01 14:03:30 +00:00
216 lines
4.8 KiB
YAML
216 lines
4.8 KiB
YAML
## ArgoCD configuration
|
|
## Ref: https://github.com/argoproj/argo-cd
|
|
##
|
|
|
|
# Optional CRD installation for those without Helm hooks
|
|
installCRDs: true
|
|
|
|
global:
|
|
image:
|
|
repository: quay.io/argoproj/argocd
|
|
tag: v2.2.0-rc1
|
|
# imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
runAsUser: 999
|
|
runAsGroup: 999
|
|
fsGroup: 999
|
|
## Controller
|
|
controller:
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
## Server metrics controller configuration
|
|
metrics:
|
|
enabled: true
|
|
service:
|
|
annotations:
|
|
prometheus.io/scrape: 'true'
|
|
prometheus.io/port: '8082'
|
|
|
|
clusterAdminAccess:
|
|
enabled: true
|
|
|
|
## Dex
|
|
dex:
|
|
enabled: true
|
|
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
## Redis
|
|
redis:
|
|
enabled: true
|
|
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
## Redis Pod specific security context
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
runAsNonRoot: true
|
|
|
|
## Server
|
|
server:
|
|
extraArgs:
|
|
- --insecure
|
|
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
## Server metrics service configuration
|
|
metrics:
|
|
enabled: true
|
|
service:
|
|
annotations:
|
|
prometheus.io/scrape: 'true'
|
|
prometheus.io/port: '8083'
|
|
servicePort: 8083
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: vault-issuer
|
|
kubernetes.io/ingress.class: nginx
|
|
hosts:
|
|
- argocd.dc
|
|
paths:
|
|
- /
|
|
tls:
|
|
- secretName: argocd-tls
|
|
hosts:
|
|
- argocd.dc
|
|
https: false
|
|
# dedicated ingess for gRPC as documented at
|
|
# https://argoproj.github.io/argo-cd/operator-manual/ingress/
|
|
|
|
## ArgoCD config
|
|
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
|
|
configEnabled: true
|
|
config:
|
|
# Argo CD's externally facing base URL (optional). Required when configuring SSO
|
|
url: https://argocd.dc
|
|
accounts.webhook: apiKey, login
|
|
# oidc.config: |
|
|
# name: Keycloak
|
|
# issuer: https://keycloak.dc/auth/realms/LAN
|
|
# clientID: argocd
|
|
# clientSecret: $oidc.auth0.clientSecret
|
|
# requestedScopes:
|
|
# - openid
|
|
# - profile
|
|
# - email
|
|
# - groups
|
|
|
|
additionalApplications: []
|
|
# - name: guestbook
|
|
# namespace: argocd
|
|
# additionalLabels: {}
|
|
# additionalAnnotations: {}
|
|
# project: guestbook
|
|
# source:
|
|
# repoURL: https://github.com/argoproj/argocd-example-apps.git
|
|
# targetRevision: HEAD
|
|
# path: guestbook
|
|
# directory:
|
|
# recurse: true
|
|
# destination:
|
|
# server: https://kubernetes.default.svc
|
|
# namespace: guestbook
|
|
# syncPolicy:
|
|
# automated:
|
|
# prune: false
|
|
# selfHeal: false
|
|
|
|
## Projects
|
|
## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
|
|
additionalProjects: []
|
|
# - name: guestbook
|
|
# namespace: argocd
|
|
# additionalLabels: {}
|
|
# additionalAnnotations: {}
|
|
# description: Example Project
|
|
# sourceRepos:
|
|
# - '*'
|
|
# destinations:
|
|
# - namespace: guestbook
|
|
# server: https://kubernetes.default.svc
|
|
# clusterResourceWhitelist: []
|
|
# namespaceResourceBlacklist:
|
|
# - group: ''
|
|
# kind: ResourceQuota
|
|
# - group: ''
|
|
# kind: LimitRange
|
|
# - group: ''
|
|
# kind: NetworkPolicy
|
|
# orphanedResources: {}
|
|
# roles: []
|
|
# namespaceResourceWhitelist:
|
|
# - group: 'apps'
|
|
# kind: Deployment
|
|
# - group: 'apps'
|
|
# kind: StatefulSet
|
|
# orphanedResources: {}
|
|
# roles: []
|
|
# syncWindows:
|
|
# - kind: allow
|
|
# schedule: '10 1 * * *'
|
|
# duration: 1h
|
|
# applications:
|
|
# - '*-prod'
|
|
# manualSync: true
|
|
|
|
## Enable Admin ClusterRole resources.
|
|
## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster.
|
|
clusterAdminAccess:
|
|
enabled: true
|
|
|
|
## Repo Server
|
|
repoServer:
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
## Repo server metrics service configuration
|
|
metrics:
|
|
enabled: true
|
|
service:
|
|
annotations:
|
|
prometheus.io/scrape: 'true'
|
|
prometheus.io/port: '8084'
|
|
servicePort: 8084
|
|
|
|
## Repo server rbac rules
|
|
# rbac:
|
|
# - apiGroups:
|
|
# - argoproj.io
|
|
# resources:
|
|
# - applications
|
|
# verbs:
|
|
# - get
|
|
# - list
|
|
# - watch
|
|
|
|
configs:
|
|
secret:
|
|
createSecret: false
|