mirror of
https://github.com/nold360/hive-apps
synced 2024-11-16 02:29:34 +00:00
213 lines
4.6 KiB
YAML
213 lines
4.6 KiB
YAML
## ArgoCD configuration
|
|
## Ref: https://github.com/argoproj/argo-cd
|
|
##
|
|
|
|
# Optional CRD installation for those without Helm hooks
|
|
installCRDs: true
|
|
|
|
global:
|
|
image:
|
|
repository: quay.io/argoproj/argocd
|
|
tag: v2.2.3
|
|
# imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
runAsUser: 999
|
|
runAsGroup: 999
|
|
fsGroup: 999
|
|
## Controller
|
|
controller:
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
## Server metrics controller configuration
|
|
metrics:
|
|
enabled: true
|
|
service:
|
|
annotations:
|
|
prometheus.io/scrape: 'true'
|
|
prometheus.io/port: '8082'
|
|
|
|
clusterAdminAccess:
|
|
enabled: true
|
|
|
|
## Dex
|
|
dex:
|
|
enabled: true
|
|
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
## Redis
|
|
redis:
|
|
enabled: true
|
|
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
## Redis Pod specific security context
|
|
securityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
runAsNonRoot: true
|
|
|
|
## Server
|
|
server:
|
|
extraArgs:
|
|
- --insecure
|
|
|
|
## Labels to set container specific security contexts
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
## Server metrics service configuration
|
|
metrics:
|
|
enabled: true
|
|
service:
|
|
annotations:
|
|
prometheus.io/scrape: 'true'
|
|
prometheus.io/port: '8083'
|
|
servicePort: 8083
|
|
|
|
ingress:
|
|
enabled: true
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: vault-issuer
|
|
traefik.ingress.kubernetes.io/router.tls: 'true'
|
|
hosts:
|
|
- argocd.dc
|
|
paths:
|
|
- /
|
|
tls:
|
|
- secretName: argocd-tls
|
|
hosts:
|
|
- argocd.dc
|
|
https: false
|
|
# dedicated ingess for gRPC as documented at
|
|
# https://argoproj.github.io/argo-cd/operator-manual/ingress/
|
|
|
|
## ArgoCD config
|
|
## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
|
|
configEnabled: true
|
|
config:
|
|
# Argo CD's externally facing base URL (optional). Required when configuring SSO
|
|
url: https://argocd.dc
|
|
application.resourceTrackingMethod: annotation+label
|
|
|
|
oidc.config: |
|
|
name: Authentik
|
|
issuer: https://auth.dc/application/o/argocd/
|
|
clientID: 0c149045b7b87eb80e41fcdd3e788476472d7316
|
|
clientSecret: $oidc.auth0.clientSecret
|
|
requestedScopes: ["openid", "profile", "email", "groups"]
|
|
|
|
rbacConfig:
|
|
policy.csv: |
|
|
g, ArgoCDAdmins, role:admin
|
|
|
|
# Mount public CA cert
|
|
volumeMounts:
|
|
- name: certificate
|
|
mountPath: /etc/ssl/certs/ca.crt
|
|
subPath: ca
|
|
|
|
volumes:
|
|
- name: certificate
|
|
secret:
|
|
secretName: ca-cert
|
|
defaultMode: 420
|
|
|
|
additionalApplications: []
|
|
|
|
## Projects
|
|
## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/
|
|
additionalProjects: []
|
|
|
|
## Enable Admin ClusterRole resources.
|
|
## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster.
|
|
clusterAdminAccess:
|
|
enabled: true
|
|
|
|
## Repo Server
|
|
repoServer:
|
|
containerSecurityContext:
|
|
capabilities:
|
|
drop:
|
|
- all
|
|
readOnlyRootFilesystem: true
|
|
|
|
## Repo server metrics service configuration
|
|
metrics:
|
|
enabled: true
|
|
service:
|
|
annotations:
|
|
prometheus.io/scrape: 'true'
|
|
prometheus.io/port: '8084'
|
|
servicePort: 8084
|
|
|
|
volumes:
|
|
- name: var-files
|
|
emptyDir: {}
|
|
- name: plugins
|
|
emptyDir: {}
|
|
|
|
volumeMounts:
|
|
- mountPath: /home/argocd/cmp-server/plugins
|
|
name: plugins
|
|
|
|
initContainers:
|
|
- name: copy-cmp-server
|
|
image: quay.io/argoproj/argocd:v2.2.3
|
|
command:
|
|
- cp
|
|
- -n
|
|
- /usr/local/bin/argocd
|
|
- /var/run/argocd/argocd-cmp-server
|
|
volumeMounts:
|
|
- mountPath: /var/run/argocd
|
|
name: var-files
|
|
|
|
extraContainers:
|
|
- name: cmp-heqet
|
|
command: [/var/run/argocd/argocd-cmp-server]
|
|
image: lib42/heqet-cli:latest
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 999
|
|
volumeMounts:
|
|
- mountPath: /var/run/argocd
|
|
name: var-files
|
|
- mountPath: /home/argocd/cmp-server/plugins
|
|
name: plugins
|
|
- mountPath: /tmp
|
|
name: tmp-dir
|
|
|
|
## Repo server rbac rules
|
|
# rbac:
|
|
# - apiGroups:
|
|
# - argoproj.io
|
|
# resources:
|
|
# - applications
|
|
# verbs:
|
|
# - get
|
|
# - list
|
|
# - watch
|
|
|
|
configs:
|
|
secret:
|
|
createSecret: false
|