mirror of
https://github.com/nold360/hive-apps
synced 2024-11-19 20:19:27 +00:00
1001 lines
29 KiB
YAML
1001 lines
29 KiB
YAML
## ArgoCD configuration
|
|
## Ref: https://github.com/argoproj/argo-cd
|
|
##
|
|
nameOverride: argocd
|
|
fullnameOverride: ""
|
|
|
|
# Optional CRD installation for those without Helm hooks
|
|
installCRDs: true
|
|
|
|
global:
|
|
image:
|
|
repository: argoproj/argocd
|
|
tag: v2.0.0
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
runAsUser: 999
|
|
runAsGroup: 999
|
|
fsGroup: 999
|
|
imagePullSecrets: []
|
|
hostAliases: []
|
|
# - ip: 10.20.30.40
|
|
# hostnames:
|
|
# - git.myhostname
|
|
|
|
## Controller
|
|
controller:
|
|
name: application-controller
|
|
|
|
image:
|
|
repository: # argoproj/argocd
|
|
tag: # v1.7.11
|
|
imagePullPolicy: # IfNotPresent
|
|
|
|
# If changing the number of replicas you must pass the number as ARGOCD_CONTROLLER_REPLICAS as an environment variable
|
|
replicas: 1
|
|
|
|
# Deploy the application as a StatefulSet instead of a Deployment, this is required for HA capability.
|
|
# This is a feature flag that will become the default in chart version 3.x
|
|
enableStatefulSet: false
|
|
|
|
## Argo controller commandline flags
|
|
args:
|
|
statusProcessors: "20"
|
|
operationProcessors: "10"
|
|
appResyncPeriod: "180"
|
|
selfHealTimeout: "5"
|
|
|
|
## Argo controller log format: text|json
|
|
logFormat: text
|
|
## Argo controller log level
|
|
logLevel: info
|
|
|
|
## Additional command line arguments to pass to argocd-controller
|
|
##
|
|
extraArgs: []
|
|
|
|
## Environment variables to pass to argocd-controller
|
|
##
|
|
env:
|
|
[]
|
|
# - name: "ARGOCD_CONTROLLER_REPLICAS"
|
|
# value: ""
|
|
|
|
## Annotations to be added to controller pods
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Labels to be added to controller pods
|
|
##
|
|
podLabels: {}
|
|
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
## Configures the controller port
|
|
containerPort: 8082
|
|
|
|
## Readiness and liveness probes for default backend
|
|
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
|
|
##
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
|
|
## Additional volumeMounts to the controller main container.
|
|
volumeMounts: []
|
|
|
|
## Additional volumes to the controller pod.
|
|
volumes: []
|
|
|
|
## Controller service configuration
|
|
service:
|
|
annotations: {}
|
|
labels: {}
|
|
port: 8082
|
|
portName: https-controller
|
|
|
|
## Node selectors and tolerations for server scheduling to nodes with taints
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
##
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
|
|
priorityClassName: ""
|
|
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 500m
|
|
# memory: 512Mi
|
|
# requests:
|
|
# cpu: 250m
|
|
# memory: 256Mi
|
|
|
|
serviceAccount:
|
|
create: true
|
|
name: argocd-application-controller
|
|
## Annotations applied to created service account
|
|
annotations: {}
|
|
## Automount API credentials for the Service Account
|
|
automountServiceAccountToken: true
|
|
|
|
## Server metrics controller configuration
|
|
metrics:
|
|
enabled: false
|
|
service:
|
|
annotations: {}
|
|
labels: {}
|
|
servicePort: 8082
|
|
serviceMonitor:
|
|
enabled: false
|
|
# selector:
|
|
# prometheus: kube-prometheus
|
|
# namespace: monitoring
|
|
# additionalLabels: {}
|
|
rules:
|
|
enabled: false
|
|
spec: []
|
|
# - alert: ArgoAppMissing
|
|
# expr: |
|
|
# absent(argocd_app_info)
|
|
# for: 15m
|
|
# labels:
|
|
# severity: critical
|
|
# annotations:
|
|
# summary: "[ArgoCD] No reported applications"
|
|
# description: >
|
|
# ArgoCD has not reported any applications data for the past 15 minutes which
|
|
# means that it must be down or not functioning properly. This needs to be
|
|
# resolved for this cloud to continue to maintain state.
|
|
# - alert: ArgoAppNotSynced
|
|
# expr: |
|
|
# argocd_app_info{sync_status!="Synced"} == 1
|
|
# for: 12h
|
|
# labels:
|
|
# severity: warning
|
|
# annotations:
|
|
# summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
|
|
# description: >
|
|
# The application [{{`{{$labels.name}}`}} has not been synchronized for over
|
|
# 12 hours which means that the state of this cloud has drifted away from the
|
|
# state inside Git.
|
|
# selector:
|
|
# prometheus: kube-prometheus
|
|
# namespace: monitoring
|
|
# additionalLabels: {}
|
|
|
|
## Enable Admin ClusterRole resources.
|
|
## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster.
|
|
clusterAdminAccess:
|
|
enabled: true
|
|
|
|
## Dex
|
|
dex:
|
|
enabled: true
|
|
name: dex-server
|
|
|
|
metrics:
|
|
enabled: false
|
|
service:
|
|
annotations: {}
|
|
labels: {}
|
|
serviceMonitor:
|
|
enabled: false
|
|
|
|
image:
|
|
repository: quay.io/dexidp/dex
|
|
tag: v2.26.0
|
|
imagePullPolicy: IfNotPresent
|
|
initImage:
|
|
repository:
|
|
tag:
|
|
imagePullPolicy:
|
|
|
|
## Environment variables to pass to the Dex server
|
|
##
|
|
env: []
|
|
|
|
## Annotations to be added to the Dex server pods
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Labels to be added to the Dex server pods
|
|
##
|
|
podLabels: {}
|
|
|
|
serviceAccount:
|
|
create: true
|
|
name: argocd-dex-server
|
|
## Annotations applied to created service account
|
|
annotations: {}
|
|
## Automount API credentials for the Service Account
|
|
automountServiceAccountToken: true
|
|
|
|
## Additional volumeMounts to the controller main container.
|
|
volumeMounts:
|
|
- name: static-files
|
|
mountPath: /shared
|
|
|
|
## Additional volumes to the controller pod.
|
|
volumes:
|
|
- name: static-files
|
|
emptyDir: {}
|
|
|
|
## Dex deployment container ports
|
|
containerPortHttp: 5556
|
|
servicePortHttp: 5556
|
|
containerPortGrpc: 5557
|
|
servicePortGrpc: 5557
|
|
containerPortMetrics: 5558
|
|
servicePortMetrics: 5558
|
|
|
|
## Node selectors and tolerations for server scheduling to nodes with taints
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
##
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
|
|
priorityClassName: ""
|
|
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 50m
|
|
# memory: 64Mi
|
|
# requests:
|
|
# cpu: 10m
|
|
# memory: 32Mi
|
|
|
|
## Redis
|
|
redis:
|
|
enabled: true
|
|
name: redis
|
|
|
|
image:
|
|
repository: redis
|
|
tag: 5.0.10-alpine
|
|
imagePullPolicy: IfNotPresent
|
|
|
|
containerPort: 6379
|
|
servicePort: 6379
|
|
|
|
## Environment variables to pass to the Redis server
|
|
##
|
|
env: []
|
|
|
|
## Annotations to be added to the Redis server pods
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Labels to be added to the Redis server pods
|
|
##
|
|
podLabels: {}
|
|
|
|
## Node selectors and tolerations for server scheduling to nodes with taints
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
##
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
|
|
priorityClassName: ""
|
|
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
## Redis Pod specific security context
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
runAsNonRoot: true
|
|
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 200m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 64Mi
|
|
|
|
volumeMounts: []
|
|
volumes: []
|
|
|
|
# This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true)
|
|
# the custom redis deployment is omitted
|
|
redis-ha:
|
|
enabled: false
|
|
# Check the redis-ha chart for more properties
|
|
exporter:
|
|
enabled: true
|
|
persistentVolume:
|
|
enabled: false
|
|
redis:
|
|
masterGroupName: argocd
|
|
config:
|
|
save: '""'
|
|
haproxy:
|
|
enabled: true
|
|
metrics:
|
|
enabled: true
|
|
image:
|
|
tag: 5.0.8-alpine
|
|
|
|
## Server
|
|
server:
|
|
name: server
|
|
|
|
replicas: 1
|
|
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 1
|
|
maxReplicas: 5
|
|
targetCPUUtilizationPercentage: 50
|
|
targetMemoryUtilizationPercentage: 50
|
|
|
|
image:
|
|
repository: # argoproj/argocd
|
|
tag: # v1.7.11
|
|
imagePullPolicy: # IfNotPresent
|
|
|
|
## Additional command line arguments to pass to argocd-server
|
|
##
|
|
extraArgs:
|
|
- --insecure
|
|
|
|
## Environment variables to pass to argocd-server
|
|
##
|
|
env: []
|
|
|
|
## Specify postStart and preStop lifecycle hooks for your argo-cd-server container
|
|
##
|
|
lifecycle: {}
|
|
|
|
## Argo server log format: text|json
|
|
logFormat: text
|
|
## Argo server log level
|
|
logLevel: info
|
|
|
|
## Annotations to be added to controller pods
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Labels to be added to controller pods
|
|
##
|
|
podLabels: {}
|
|
|
|
## Configures the server port
|
|
containerPort: 8080
|
|
|
|
## Readiness and liveness probes for default backend
|
|
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
|
|
##
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
|
|
## Additional volumeMounts to the server main container.
|
|
volumeMounts: []
|
|
|
|
## Additional volumes to the controller pod.
|
|
volumes: []
|
|
|
|
## Node selectors and tolerations for server scheduling to nodes with taints
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
##
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
|
|
priorityClassName: ""
|
|
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 50m
|
|
# memory: 64Mi
|
|
|
|
## Certificate configuration
|
|
certificate:
|
|
enabled: false
|
|
domain: argocd.example.com
|
|
issuer: {}
|
|
additionalHosts: []
|
|
|
|
## Server service configuration
|
|
service:
|
|
annotations: {}
|
|
labels: {}
|
|
type: ClusterIP
|
|
## For node port default ports
|
|
nodePortHttp: 30080
|
|
nodePortHttps: 30443
|
|
servicePortHttp: 80
|
|
servicePortHttps: 443
|
|
servicePortHttpName: http
|
|
servicePortHttpsName: https
|
|
namedTargetPort: true
|
|
loadBalancerIP: ""
|
|
loadBalancerSourceRanges: []
|
|
externalIPs: []
|
|
|
|
## Server metrics service configuration
|
|
metrics:
|
|
enabled: false
|
|
service:
|
|
annotations: {}
|
|
labels: {}
|
|
servicePort: 8083
|
|
serviceMonitor:
|
|
enabled: false
|
|
# selector:
|
|
# prometheus: kube-prometheus
|
|
# namespace: monitoring
|
|
# additionalLabels: {}
|
|
|
|
serviceAccount:
|
|
create: true
|
|
name: argocd-server
|
|
## Annotations applied to created service account
|
|
annotations: {}
|
|
## Automount API credentials for the Service Account
|
|
automountServiceAccountToken: true
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations: {}
|
|
labels: {}
|
|
|
|
## Argo Ingress.
|
|
## Hostnames must be provided if Ingress is enabled.
|
|
## Secrets must be manually created in the namespace
|
|
##
|
|
hosts:
|
|
- argocd.k3s
|
|
paths:
|
|
- /
|
|
extraPaths:
|
|
[]
|
|
# - path: /*
|
|
# backend:
|
|
# serviceName: ssl-redirect
|
|
# servicePort: use-annotation
|
|
tls:
|
|
[]
|
|
# - secretName: argocd-example-tls
|
|
# hosts:
|
|
# - argocd.example.com
|
|
https: false
|
|
# dedicated ingess for gRPC as documented at
|
|
# https://argoproj.github.io/argo-cd/operator-manual/ingress/
|
|
ingressGrpc:
|
|
enabled: false
|
|
annotations: {}
|
|
labels: {}
|
|
|
|
## Argo Ingress.
|
|
## Hostnames must be provided if Ingress is enabled.
|
|
## Secrets must be manually created in the namespace
|
|
##
|
|
hosts:
|
|
[]
|
|
# - argocd.example.com
|
|
paths:
|
|
- /
|
|
extraPaths:
|
|
[]
|
|
# - path: /*
|
|
# backend:
|
|
# serviceName: ssl-redirect
|
|
# servicePort: use-annotation
|
|
tls:
|
|
[]
|
|
# - secretName: argocd-example-tls
|
|
# hosts:
|
|
# - argocd.example.com
|
|
https: false
|
|
|
|
# Create a OpenShift Route with SSL passthrough for UI and CLI
|
|
# Consider setting 'hostname' e.g. https://argocd.apps-crc.testing/ using your Default Ingress Controller Domain
|
|
# Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain:
|
|
# If 'hostname' is an empty string "" OpenShift will create a hostname for you.
|
|
route:
|
|
enabled: false
|
|
hostname: ""
|
|
|
|
## ArgoCD config
|
|
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
|
|
configEnabled: true
|
|
config:
|
|
# Argo CD's externally facing base URL (optional). Required when configuring SSO
|
|
url: https://argocd.k3s
|
|
# Argo CD instance label key
|
|
application.instanceLabelKey: argocd.argoproj.io/instance
|
|
# repositories: |
|
|
# - url: git@github.com:group/repo.git
|
|
# sshPrivateKeySecret:
|
|
# name: secret-name
|
|
# key: sshPrivateKey
|
|
# - type: helm
|
|
# url: https://charts.helm.sh/stable
|
|
# name: stable
|
|
# - type: helm
|
|
# url: https://argoproj.github.io/argo-helm
|
|
# name: argo
|
|
# oidc.config: |
|
|
# name: AzureAD
|
|
# issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
|
|
# clientID: CLIENT_ID
|
|
# clientSecret: $oidc.azuread.clientSecret
|
|
# requestedIDTokenClaims:
|
|
# groups:
|
|
# essential: true
|
|
# requestedScopes:
|
|
# - openid
|
|
# - profile
|
|
# - email
|
|
|
|
## Annotations to be added to ArgoCD ConfigMap
|
|
configAnnotations: {}
|
|
|
|
## ArgoCD rbac config
|
|
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md
|
|
rbacConfig:
|
|
{}
|
|
# policy.csv is an file containing user-defined RBAC policies and role definitions (optional).
|
|
# Policy rules are in the form:
|
|
# p, subject, resource, action, object, effect
|
|
# Role definitions and bindings are in the form:
|
|
# g, subject, inherited-subject
|
|
# See https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md for additional information.
|
|
# policy.csv: |
|
|
# # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project'
|
|
# p, my-org:team-alpha, applications, sync, my-project/*, allow
|
|
# # Grant all members of 'my-org:team-beta' admins
|
|
# g, my-org:team-beta, role:admin
|
|
# policy.default is the name of the default role which Argo CD will falls back to, when
|
|
# authorizing API requests (optional). If omitted or empty, users may be still be able to login,
|
|
# but will see no apps, projects, etc...
|
|
# policy.default: role:readonly
|
|
# scopes controls which OIDC scopes to examine during rbac enforcement (in addition to `sub` scope).
|
|
# If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings.
|
|
# scopes: '[cognito:groups, email]'
|
|
|
|
## Annotations to be added to ArgoCD rbac ConfigMap
|
|
rbacConfigAnnotations: {}
|
|
|
|
# Boolean determining whether or not to create the configmap. If false, it is expected tthe configmap will be created
|
|
# by something else. ArgoCD will not work if there is no configMap created with the name above.
|
|
rbacConfigCreate: true
|
|
|
|
## Not well tested and not well supported on release v1.0.0.
|
|
## Applications
|
|
## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
|
|
additionalApplications: []
|
|
# - name: guestbook
|
|
# namespace: argocd
|
|
# additionalLabels: {}
|
|
# additionalAnnotations: {}
|
|
# project: guestbook
|
|
# source:
|
|
# repoURL: https://github.com/argoproj/argocd-example-apps.git
|
|
# targetRevision: HEAD
|
|
# path: guestbook
|
|
# directory:
|
|
# recurse: true
|
|
# destination:
|
|
# server: https://kubernetes.default.svc
|
|
# namespace: guestbook
|
|
# syncPolicy:
|
|
# automated:
|
|
# prune: false
|
|
# selfHeal: false
|
|
|
|
## Projects
|
|
## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
|
|
additionalProjects: []
|
|
# - name: guestbook
|
|
# namespace: argocd
|
|
# additionalLabels: {}
|
|
# additionalAnnotations: {}
|
|
# description: Example Project
|
|
# sourceRepos:
|
|
# - '*'
|
|
# destinations:
|
|
# - namespace: guestbook
|
|
# server: https://kubernetes.default.svc
|
|
# clusterResourceWhitelist: []
|
|
# namespaceResourceBlacklist:
|
|
# - group: ''
|
|
# kind: ResourceQuota
|
|
# - group: ''
|
|
# kind: LimitRange
|
|
# - group: ''
|
|
# kind: NetworkPolicy
|
|
# orphanedResources: {}
|
|
# roles: []
|
|
# namespaceResourceWhitelist:
|
|
# - group: 'apps'
|
|
# kind: Deployment
|
|
# - group: 'apps'
|
|
# kind: StatefulSet
|
|
# orphanedResources: {}
|
|
# roles: []
|
|
# syncWindows:
|
|
# - kind: allow
|
|
# schedule: '10 1 * * *'
|
|
# duration: 1h
|
|
# applications:
|
|
# - '*-prod'
|
|
# manualSync: true
|
|
|
|
## Enable Admin ClusterRole resources.
|
|
## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster.
|
|
clusterAdminAccess:
|
|
enabled: true
|
|
|
|
## Enable BackendConfig custom resource for Google Kubernetes Engine
|
|
GKEbackendConfig:
|
|
enabled: false
|
|
spec: {}
|
|
# spec:
|
|
# iap:
|
|
# enabled: true
|
|
# oauthclientCredentials:
|
|
# secretName: argocd-secret
|
|
|
|
extraContainers: []
|
|
## Additional containers to be added to the controller pod.
|
|
## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example.
|
|
# - name: my-sidecar
|
|
# image: nginx:latest
|
|
# - name: lemonldap-ng-controller
|
|
# image: lemonldapng/lemonldap-ng-controller:0.2.0
|
|
# args:
|
|
# - /lemonldap-ng-controller
|
|
# - --alsologtostderr
|
|
# - --configmap=$(POD_NAMESPACE)/lemonldap-ng-configuration
|
|
# env:
|
|
# - name: POD_NAME
|
|
# valueFrom:
|
|
# fieldRef:
|
|
# fieldPath: metadata.name
|
|
# - name: POD_NAMESPACE
|
|
# valueFrom:
|
|
# fieldRef:
|
|
# fieldPath: metadata.namespace
|
|
# volumeMounts:
|
|
# - name: copy-portal-skins
|
|
# mountPath: /srv/var/lib/lemonldap-ng/portal/skins
|
|
|
|
## Repo Server
|
|
repoServer:
|
|
name: repo-server
|
|
|
|
replicas: 1
|
|
|
|
autoscaling:
|
|
enabled: false
|
|
minReplicas: 1
|
|
maxReplicas: 5
|
|
targetCPUUtilizationPercentage: 50
|
|
targetMemoryUtilizationPercentage: 50
|
|
|
|
image:
|
|
repository: # argoproj/argocd
|
|
tag: # v1.7.11
|
|
imagePullPolicy: # IfNotPresent
|
|
|
|
## Additional command line arguments to pass to argocd-repo-server
|
|
##
|
|
extraArgs: []
|
|
|
|
## Environment variables to pass to argocd-repo-server
|
|
##
|
|
env: []
|
|
|
|
## Argo repoServer log format: text|json
|
|
logFormat: text
|
|
## Argo repoServer log level
|
|
logLevel: info
|
|
|
|
## Annotations to be added to repo server pods
|
|
##
|
|
podAnnotations: {}
|
|
|
|
## Labels to be added to repo server pods
|
|
##
|
|
podLabels: {}
|
|
|
|
## Configures the repo server port
|
|
containerPort: 8081
|
|
|
|
## Readiness and liveness probes for default backend
|
|
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
|
|
##
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 10
|
|
successThreshold: 1
|
|
timeoutSeconds: 1
|
|
|
|
## Additional volumeMounts to the repo server main container.
|
|
volumeMounts: []
|
|
|
|
## Additional volumes to the repo server pod.
|
|
volumes: []
|
|
|
|
## Node selectors and tolerations for server scheduling to nodes with taints
|
|
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
|
|
##
|
|
nodeSelector: {}
|
|
tolerations: []
|
|
affinity: {}
|
|
|
|
priorityClassName: ""
|
|
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
{}
|
|
# capabilities:
|
|
# drop:
|
|
# - all
|
|
# readOnlyRootFilesystem: true
|
|
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 50m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 10m
|
|
# memory: 64Mi
|
|
|
|
## Repo server service configuration
|
|
service:
|
|
annotations: {}
|
|
labels: {}
|
|
port: 8081
|
|
portName: https-repo-server
|
|
|
|
## Repo server metrics service configuration
|
|
metrics:
|
|
enabled: false
|
|
service:
|
|
annotations: {}
|
|
labels: {}
|
|
servicePort: 8084
|
|
serviceMonitor:
|
|
enabled: false
|
|
# selector:
|
|
# prometheus: kube-prometheus
|
|
# namespace: monitoring
|
|
# additionalLabels: {}
|
|
|
|
## Repo server service account
|
|
## If create is set to true, make sure to uncomment the name and update the rbac section below
|
|
serviceAccount:
|
|
create: false
|
|
# name: argocd-repo-server
|
|
## Annotations applied to created service account
|
|
annotations: {}
|
|
## Automount API credentials for the Service Account
|
|
automountServiceAccountToken: true
|
|
|
|
## Repo server rbac rules
|
|
# rbac:
|
|
# - apiGroups:
|
|
# - argoproj.io
|
|
# resources:
|
|
# - applications
|
|
# verbs:
|
|
# - get
|
|
# - list
|
|
# - watch
|
|
|
|
## Use init containers to configure custom tooling
|
|
## https://argoproj.github.io/argo-cd/operator-manual/custom_tools/
|
|
## When using the volumes & volumeMounts section bellow, please comment out those above.
|
|
# volumes:
|
|
# - name: custom-tools
|
|
# emptyDir: {}
|
|
#
|
|
# initContainers:
|
|
# - name: download-tools
|
|
# image: alpine:3.8
|
|
# command: [sh, -c]
|
|
# args:
|
|
# - wget -qO- https://get.helm.sh/helm-v2.16.1-linux-amd64.tar.gz | tar -xvzf - &&
|
|
# mv linux-amd64/helm /custom-tools/
|
|
# volumeMounts:
|
|
# - mountPath: /custom-tools
|
|
# name: custom-tools
|
|
# volumeMounts:
|
|
# - mountPath: /usr/local/bin/helm
|
|
# name: custom-tools
|
|
# subPath: helm
|
|
|
|
## Argo Configs
|
|
configs:
|
|
## External Cluster Credentials
|
|
## reference:
|
|
## - https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters
|
|
## - https://argoproj.github.io/argo-cd/operator-manual/security/#external-cluster-credentials
|
|
clusterCredentials: []
|
|
# - name: mycluster
|
|
# server: https://mycluster.com
|
|
# annotations: {}
|
|
# config:
|
|
# bearerToken: "<authentication token>"
|
|
# tlsClientConfig:
|
|
# insecure: false
|
|
# caData: "<base64 encoded certificate>"
|
|
# - name: mycluster2
|
|
# server: https://mycluster2.com
|
|
# annotations: {}
|
|
# namespaces: namespace1,namespace2
|
|
# config:
|
|
# bearerToken: "<authentication token>"
|
|
# tlsClientConfig:
|
|
# insecure: false
|
|
# caData: "<base64 encoded certificate>"
|
|
|
|
knownHostsAnnotations: {}
|
|
knownHosts:
|
|
data:
|
|
ssh_known_hosts: |
|
|
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
|
|
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
|
|
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
|
|
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
|
|
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
|
|
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
|
|
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
|
|
tlsCertsAnnotations: {}
|
|
tlsCerts:
|
|
{}
|
|
# data:
|
|
# argocd.example.com: |
|
|
# -----BEGIN CERTIFICATE-----
|
|
# MIIF1zCCA7+gAwIBAgIUQdTcSHY2Sxd3Tq/v1eIEZPCNbOowDQYJKoZIhvcNAQEL
|
|
# BQAwezELMAkGA1UEBhMCREUxFTATBgNVBAgMDExvd2VyIFNheG9ueTEQMA4GA1UE
|
|
# BwwHSGFub3ZlcjEVMBMGA1UECgwMVGVzdGluZyBDb3JwMRIwEAYDVQQLDAlUZXN0
|
|
# c3VpdGUxGDAWBgNVBAMMD2Jhci5leGFtcGxlLmNvbTAeFw0xOTA3MDgxMzU2MTda
|
|
# Fw0yMDA3MDcxMzU2MTdaMHsxCzAJBgNVBAYTAkRFMRUwEwYDVQQIDAxMb3dlciBT
|
|
# YXhvbnkxEDAOBgNVBAcMB0hhbm92ZXIxFTATBgNVBAoMDFRlc3RpbmcgQ29ycDES
|
|
# MBAGA1UECwwJVGVzdHN1aXRlMRgwFgYDVQQDDA9iYXIuZXhhbXBsZS5jb20wggIi
|
|
# MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCv4mHMdVUcafmaSHVpUM0zZWp5
|
|
# NFXfboxA4inuOkE8kZlbGSe7wiG9WqLirdr39Ts+WSAFA6oANvbzlu3JrEQ2CHPc
|
|
# CNQm6diPREFwcDPFCe/eMawbwkQAPVSHPts0UoRxnpZox5pn69ghncBR+jtvx+/u
|
|
# P6HdwW0qqTvfJnfAF1hBJ4oIk2AXiip5kkIznsAh9W6WRy6nTVCeetmIepDOGe0G
|
|
# ZJIRn/OfSz7NzKylfDCat2z3EAutyeT/5oXZoWOmGg/8T7pn/pR588GoYYKRQnp+
|
|
# YilqCPFX+az09EqqK/iHXnkdZ/Z2fCuU+9M/Zhrnlwlygl3RuVBI6xhm/ZsXtL2E
|
|
# Gxa61lNy6pyx5+hSxHEFEJshXLtioRd702VdLKxEOuYSXKeJDs1x9o6cJ75S6hko
|
|
# Ml1L4zCU+xEsMcvb1iQ2n7PZdacqhkFRUVVVmJ56th8aYyX7KNX6M9CD+kMpNm6J
|
|
# kKC1li/Iy+RI138bAvaFplajMF551kt44dSvIoJIbTr1LigudzWPqk31QaZXV/4u
|
|
# kD1n4p/XMc9HYU/was/CmQBFqmIZedTLTtK7clkuFN6wbwzdo1wmUNgnySQuMacO
|
|
# gxhHxxzRWxd24uLyk9Px+9U3BfVPaRLiOPaPoC58lyVOykjSgfpgbus7JS69fCq7
|
|
# bEH4Jatp/10zkco+UQIDAQABo1MwUTAdBgNVHQ4EFgQUjXH6PHi92y4C4hQpey86
|
|
# r6+x1ewwHwYDVR0jBBgwFoAUjXH6PHi92y4C4hQpey86r6+x1ewwDwYDVR0TAQH/
|
|
# BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFE4SdKsX9UsLy+Z0xuHSxhTd0jfn
|
|
# Iih5mtzb8CDNO5oTw4z0aMeAvpsUvjJ/XjgxnkiRACXh7K9hsG2r+ageRWGevyvx
|
|
# CaRXFbherV1kTnZw4Y9/pgZTYVWs9jlqFOppz5sStkfjsDQ5lmPJGDii/StENAz2
|
|
# XmtiPOgfG9Upb0GAJBCuKnrU9bIcT4L20gd2F4Y14ccyjlf8UiUi192IX6yM9OjT
|
|
# +TuXwZgqnTOq6piVgr+FTSa24qSvaXb5z/mJDLlk23npecTouLg83TNSn3R6fYQr
|
|
# d/Y9eXuUJ8U7/qTh2Ulz071AO9KzPOmleYPTx4Xty4xAtWi1QE5NHW9/Ajlv5OtO
|
|
# OnMNWIs7ssDJBsB7VFC8hcwf79jz7kC0xmQqDfw51Xhhk04kla+v+HZcFW2AO9so
|
|
# 6ZdVHHQnIbJa7yQJKZ+hK49IOoBR6JgdB5kymoplLLiuqZSYTcwSBZ72FYTm3iAr
|
|
# jzvt1hxpxVDmXvRnkhRrIRhK4QgJL0jRmirBjDY+PYYd7bdRIjN7WNZLFsgplnS8
|
|
# 9w6CwG32pRlm0c8kkiQ7FXA6BYCqOsDI8f1VGQv331OpR2Ck+FTv+L7DAmg6l37W
|
|
# +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK
|
|
# XWyb96wrUlv+E8I=
|
|
# -----END CERTIFICATE-----
|
|
# Creates a secret with optional repository credentials
|
|
repositoryCredentials:
|
|
{}
|
|
# sample-ssh-key: |
|
|
# -----BEGIN RSA PRIVATE KEY-----
|
|
# MIICXAIBAAKBgQCcmiVJXGUvL8zqWmRRETbCKgFadtjJ9WDQpSwiZzMiktpYBo0N
|
|
# z0cThzGQfWqvdiJYEy72MrKCaSYssV3eHP5zTffk4VBDktNfdl1kgkOpqnh7tQO4
|
|
# nBONRLzcK6KEbKUsmiTbW8Jb4UFYDhyyyveby7y3vYePmaRQIrlEenVfKwIDAQAB
|
|
# AoGAbbg+WZjnt9jYzHWKhZX29LDzg8ty9oT6URT4yB3gIOAdJMFqQHuyg8cb/e0x
|
|
# O0AcrfK623oHwgEj4vpeFwnfaBdtM5GfH9zaj6pnXV7VZc3oBHrBnHUgFT3NEYUe
|
|
# tt6rtatIguBH61Aj/pyij9sOfF0xDj0s1nwFTbdHtZR/31kCQQDIwcVTqhKkDNW6
|
|
# cvdz+Wt3v9x1wNg+VhZhyA/pKILz3+qtn3GogLrQqhpVi+Y7tdvEv9FvgKaCjUp8
|
|
# 6Lfp6dDFAkEAx7HpQbXFdrtcveOi9kosKRDX1PT4zdhB08jAXGlV8jr0jkrZazVM
|
|
# hV5rVCuu35Vh6x1fiyGwwiVsqhgWE+KPLwJAWrDemasM/LsnmjDxhJy6ZcBwsWlK
|
|
# xu5Q8h9UwLmiXtVayNBsofh1bGpLtzWZ7oN7ImidDkgJ8JQvgDoJS0xrGQJBALPJ
|
|
# FkMFnrjtqGqBVkc8shNqyZY90v6oM2OzupO4dht2PpUZCDPAMZtlTWXjSjabbCPc
|
|
# NxexBk1UmkdtFftjHxsCQGjG+nhRYH92MsmrbvZyFzgxg9SIOu6xel7D3Dq9l5Le
|
|
# XG+bpHPF4SiCpAxthP5WNa17zuvk+CDsMZgZNuhYNMo=
|
|
# -----END RSA PRIVATE KEY-----
|
|
secret:
|
|
createSecret: false
|
|
## Annotations to be added to argocd-secret
|
|
##
|
|
annotations: {}
|
|
|
|
# Webhook Configs
|
|
githubSecret: ""
|
|
gitlabSecret: ""
|
|
bitbucketServerSecret: ""
|
|
bitbucketUUID: ""
|
|
gogsSecret: ""
|
|
|
|
# Custom secrets. Useful for injecting SSO secrets into environment variables.
|
|
# Ref: https://argoproj.github.io/argo-cd/operator-manual/sso/
|
|
# Note that all values must be non-empty.
|
|
extra:
|
|
{}
|
|
# LDAP_PASSWORD: "mypassword"
|
|
|
|
# Argo TLS Data.
|
|
argocdServerTlsConfig:
|
|
{}
|
|
# key:
|
|
# crt: |
|
|
# -----BEGIN CERTIFICATE-----
|
|
# <cert data>
|
|
# -----END CERTIFICATE-----
|
|
# -----BEGIN CERTIFICATE-----
|
|
# <ca cert data>
|
|
# -----END CERTIFICATE-----
|
|
|
|
# Argo expects the password in the secret to be bcrypt hashed. You can create this hash with
|
|
# `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'`
|
|
# argocdServerAdminPassword:
|
|
# Password modification time defaults to current time if not set
|
|
# argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z"
|
|
|
|
openshift:
|
|
enabled: false
|