argocd
Helm chart
iamguarded
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
15
## @param global.imageRegistry Global Docker image registry
16
## @param global.imagePullSecrets Global Docker registry secret names as an array
17
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
18
##
19
global:
20
imageRegistry: ""
21
## E.g.
22
## imagePullSecrets:
23
## - myRegistryKeySecretName
24
##
25
imagePullSecrets: []
26
defaultStorageClass: ""
27
## Security parameters
28
##
29
security:
30
## @param global.security.allowInsecureImages Allows skipping image verification
31
allowInsecureImages: false
32
## Compatibility adaptations for Kubernetes platforms
33
##
34
compatibility:
35
## Compatibility adaptations for Openshift
36
##
37
openshift:
38
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
39
##
40
adaptSecurityContext: auto
41
org: ""
42
## @section Common parameters
43
44
## @param kubeVersion Override Kubernetes version
45
##
46
kubeVersion: ""
47
## @param nameOverride String to partially override common.names.fullname
48
##
49
nameOverride: ""
50
## @param fullnameOverride String to fully override common.names.fullname
51
##
52
fullnameOverride: ""
53
## @param commonLabels Labels to add to all deployed objects
54
##
55
commonLabels: {}
56
## @param commonAnnotations Annotations to add to all deployed objects
57
##
58
commonAnnotations: {}
59
## @param clusterDomain Kubernetes cluster domain name
60
##
61
clusterDomain: cluster.local
62
## @param extraDeploy Array of extra objects to deploy with the release
63
##
64
extraDeploy: []
65
## @section Argo CD image parameters
66
67
## Iamguarded Argo CD image
68
## @param image.registry [default: REGISTRY_NAME] Argo CD image registry
69
## @param image.repository [default: REPOSITORY_NAME/argo-cd] Argo CD image repository
70
## @skip image.tag Argo CD image tag (immutable tags are recommended)
71
## @param image.digest Argo CD image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
72
## @param image.pullPolicy Argo CD image pull policy
73
## @param image.pullSecrets Argo CD image pull secrets
74
## @param image.debug Enable Argo CD image debug mode
75
##
76
image:
77
registry: chainreg.biz
78
repository: chainguard-private/argocd-iamguarded
79
tag: 3.4.3
80
digest: ""
81
## Specify a imagePullPolicy
82
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
83
##
84
pullPolicy: IfNotPresent
85
## Optionally specify an array of imagePullSecrets.
86
## Secrets must be manually created in the namespace.
87
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
88
## e.g:
89
## pullSecrets:
90
## - myRegistryKeySecretName
91
##
92
pullSecrets: []
93
## Enable debug mode
94
##
95
debug: false
96
## @section Argo CD application controller parameters
97
98
## Argo CD Controller
99
##
100
controller:
101
## @param controller.kind Kind to deploy ArgoCD application controller in.
102
## Use either StatefulSet or Deployment (default). StatefulSet is required when running in HA mode.
103
## ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/
104
##
105
kind: Deployment
106
## @param controller.replicaCount Number of Argo CD replicas to deploy
107
##
108
replicaCount: 1
109
## Configure extra options for Argo CD containers' liveness and readiness probes
110
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
111
## @param controller.startupProbe.enabled Enable startupProbe on Argo CD nodes
112
## @param controller.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
113
## @param controller.startupProbe.periodSeconds Period seconds for startupProbe
114
## @param controller.startupProbe.timeoutSeconds Timeout seconds for startupProbe
115
## @param controller.startupProbe.failureThreshold Failure threshold for startupProbe
116
## @param controller.startupProbe.successThreshold Success threshold for startupProbe
117
##
118
startupProbe:
119
enabled: false
120
initialDelaySeconds: 10
121
periodSeconds: 10
122
timeoutSeconds: 1
123
failureThreshold: 3
124
successThreshold: 1
125
## @param controller.livenessProbe.enabled Enable livenessProbe on Argo CD nodes
126
## @param controller.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
127
## @param controller.livenessProbe.periodSeconds Period seconds for livenessProbe
128
## @param controller.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
129
## @param controller.livenessProbe.failureThreshold Failure threshold for livenessProbe
130
## @param controller.livenessProbe.successThreshold Success threshold for livenessProbe
131
##
132
livenessProbe:
133
enabled: true
134
initialDelaySeconds: 10
135
periodSeconds: 10
136
timeoutSeconds: 1
137
failureThreshold: 3
138
successThreshold: 1
139
## @param controller.readinessProbe.enabled Enable readinessProbe on Argo CD nodes
140
## @param controller.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
141
## @param controller.readinessProbe.periodSeconds Period seconds for readinessProbe
142
## @param controller.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
143
## @param controller.readinessProbe.failureThreshold Failure threshold for readinessProbe
144
## @param controller.readinessProbe.successThreshold Success threshold for readinessProbe
145
##
146
readinessProbe:
147
enabled: true
148
initialDelaySeconds: 10
149
periodSeconds: 10
150
timeoutSeconds: 1
151
failureThreshold: 3
152
successThreshold: 1
153
## @param controller.customStartupProbe Custom startupProbe that overrides the default one
154
##
155
customStartupProbe: {}
156
## @param controller.customLivenessProbe Custom livenessProbe that overrides the default one
157
##
158
customLivenessProbe: {}
159
## @param controller.customReadinessProbe Custom readinessProbe that overrides the default one
160
##
161
customReadinessProbe: {}
162
## Argo CD resource requests and limits
163
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
164
## @param controller.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production).
165
##
166
resourcesPreset: "micro"
167
## @param controller.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
168
## Example:
169
## resources:
170
## requests:
171
## cpu: 2
172
## memory: 512Mi
173
## limits:
174
## cpu: 3
175
## memory: 1024Mi
176
##
177
resources: {}
178
## Configure Pods Security Context
179
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
180
## @param controller.podSecurityContext.enabled Enabled Argo CD pods' Security Context
181
## @param controller.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
182
## @param controller.podSecurityContext.sysctls Set kernel settings using the sysctl interface
183
## @param controller.podSecurityContext.supplementalGroups Set filesystem extra groups
184
## @param controller.podSecurityContext.fsGroup Set Argo CD pod's Security Context fsGroup
185
##
186
podSecurityContext:
187
enabled: true
188
fsGroupChangePolicy: Always
189
sysctls: []
190
supplementalGroups: []
191
fsGroup: 1001
192
## Configure Container Security Context
193
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
194
## @param controller.containerSecurityContext.enabled Enabled Argo CD containers' Security Context
195
## @param controller.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
196
## @param controller.containerSecurityContext.runAsUser Set Argo CD containers' Security Context runAsUser
197
## @param controller.containerSecurityContext.runAsGroup Set Argo CD containers' Security Context runAsGroup
198
## @param controller.containerSecurityContext.allowPrivilegeEscalation Set Argo CD containers' Security Context allowPrivilegeEscalation
199
## @param controller.containerSecurityContext.capabilities.drop Set Argo CD containers' Security Context capabilities to be dropped
200
## @param controller.containerSecurityContext.readOnlyRootFilesystem Set Argo CD containers' Security Context readOnlyRootFilesystem
201
## @param controller.containerSecurityContext.runAsNonRoot Set Argo CD container's Security Context runAsNonRoot
202
## @param controller.containerSecurityContext.privileged Set controller container's Security Context privileged
203
## @param controller.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
204
##
205
containerSecurityContext:
206
enabled: true
207
seLinuxOptions: {}
208
runAsUser: 1001
209
runAsGroup: 1001
210
runAsNonRoot: true
211
readOnlyRootFilesystem: true
212
allowPrivilegeEscalation: false
213
privileged: false
214
capabilities:
215
drop: ["ALL"]
216
seccompProfile:
217
type: "RuntimeDefault"
218
## ServiceAccount configuration for the Argo CD application controller
219
##
220
serviceAccount:
221
## @param controller.serviceAccount.create Specifies whether a ServiceAccount should be created
222
##
223
create: true
224
## @param controller.serviceAccount.name The name of the ServiceAccount to use.
225
## If not set and create is true, a name is generated using the common.names.fullname template
226
##
227
name: ""
228
## @param controller.serviceAccount.automountServiceAccountToken Automount service account token for the application controller service account
229
##
230
automountServiceAccountToken: false
231
## @param controller.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
232
##
233
annotations: {}
234
## Enable admin clusterrole resources. Allows to Argo CD to deploy to the K8s cluster
235
## @param controller.clusterAdminAccess Enable K8s cluster admin access for the application controller
236
##
237
clusterAdminAccess: true
238
## Enable Custom Rules for the Application Controller cluster role
239
## @param controller.clusterRoleRules Use custom rules for the application controller's cluster role
240
##
241
clusterRoleRules: []
242
## Argo CD application controller log format: text|json
243
## @param controller.logFormat Format for the Argo CD application controller logs. Options: [text, json]
244
##
245
logFormat: text
246
## Argo CD application controller log level
247
## @param controller.logLevel Log level for the Argo CD application controller
248
##
249
logLevel: info
250
## Argo CD application controller ports
251
## @param controller.containerPorts.metrics Argo CD application controller metrics port number
252
containerPorts:
253
metrics: 8082
254
## Argo CD application controller service parameters
255
##
256
service:
257
## @param controller.service.type Argo CD service type
258
##
259
type: ClusterIP
260
## @param controller.service.ports.metrics Argo CD application controller service port
261
##
262
ports:
263
metrics: 8082
264
## Node ports to expose
265
## @param controller.service.nodePorts.metrics Node port for Argo CD application controller service
266
## NOTE: choose port between <30000-32767>
267
##
268
nodePorts:
269
metrics: ""
270
## @param controller.service.clusterIP Argo CD application controller service Cluster IP
271
## e.g.:
272
## clusterIP: None
273
##
274
clusterIP: ""
275
## @param controller.service.loadBalancerIP Argo CD application controller service Load Balancer IP
276
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
277
##
278
loadBalancerIP: ""
279
## @param controller.service.loadBalancerSourceRanges Argo CD application controller service Load Balancer sources
280
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
281
## e.g:
282
## loadBalancerSourceRanges:
283
## - 10.10.10.0/24
284
##
285
loadBalancerSourceRanges: []
286
## @param controller.service.externalTrafficPolicy Argo CD application controller service external traffic policy
287
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
288
##
289
externalTrafficPolicy: Cluster
290
## @param controller.service.annotations Additional custom annotations for Argo CD application controller service
291
##
292
annotations: {}
293
## @param controller.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
294
##
295
extraPorts: []
296
## @param controller.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
297
## If "ClientIP", consecutive client requests will be directed to the same Pod
298
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
299
##
300
sessionAffinity: None
301
## @param controller.service.sessionAffinityConfig Additional settings for the sessionAffinity
302
## sessionAffinityConfig:
303
## clientIP:
304
## timeoutSeconds: 300
305
sessionAffinityConfig: {}
306
## Network Policies
307
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
308
##
309
networkPolicy:
310
## @param controller.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
311
##
312
enabled: true
313
## @param controller.networkPolicy.allowExternal Don't require server label for connections
314
## The Policy model to apply. When set to false, only pods with the correct
315
## server label will have network access to the ports server is listening
316
## on. When true, server will accept connections from any source
317
## (with the correct destination port).
318
##
319
allowExternal: true
320
## @param controller.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
321
##
322
allowExternalEgress: true
323
## @param controller.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
324
##
325
kubeAPIServerPorts: [443, 6443, 8443]
326
## @param controller.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
327
## e.g:
328
## extraIngress:
329
## - ports:
330
## - port: 1234
331
## from:
332
## - podSelector:
333
## - matchLabels:
334
## - role: frontend
335
## - podSelector:
336
## - matchExpressions:
337
## - key: role
338
## operator: In
339
## values:
340
## - frontend
341
extraIngress: []
342
## @param controller.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
343
## e.g:
344
## extraEgress:
345
## - ports:
346
## - port: 1234
347
## to:
348
## - podSelector:
349
## - matchLabels:
350
## - role: frontend
351
## - podSelector:
352
## - matchExpressions:
353
## - key: role
354
## operator: In
355
## values:
356
## - frontend
357
##
358
extraEgress: []
359
## @param controller.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
360
## @param controller.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
361
##
362
ingressNSMatchLabels: {}
363
ingressNSPodMatchLabels: {}
364
## Metrics configuration for Argo CD application controller
365
##
366
metrics:
367
## @param controller.metrics.enabled Enable Argo CD application controller metrics
368
##
369
enabled: false
370
service:
371
## @param controller.metrics.service.type Argo CD application controller service type
372
##
373
type: ClusterIP
374
## @param controller.metrics.service.ports.metrics Argo CD application controller metrics service port
375
##
376
ports:
377
metrics: 8082
378
## Node ports to expose
379
## @param controller.metrics.service.nodePorts.metrics Node port for the application controller service
380
## NOTE: choose port between <30000-32767>
381
##
382
nodePorts:
383
metrics: ""
384
## @param controller.metrics.service.clusterIP Argo CD application controller metrics service Cluster IP
385
## e.g.:
386
## clusterIP: None
387
##
388
clusterIP: ""
389
## @param controller.metrics.service.loadBalancerIP Argo CD application controller service Load Balancer IP
390
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
391
##
392
loadBalancerIP: ""
393
## @param controller.metrics.service.loadBalancerSourceRanges Argo CD application controller service Load Balancer sources
394
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
395
## e.g:
396
## loadBalancerSourceRanges:
397
## - 10.10.10.0/24
398
##
399
loadBalancerSourceRanges: []
400
## @param controller.metrics.service.externalTrafficPolicy Argo CD application controller service external traffic policy
401
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
402
##
403
externalTrafficPolicy: Cluster
404
## @param controller.metrics.service.annotations Additional custom annotations for Argo CD application controller service
405
##
406
annotations: {}
407
## @param controller.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
408
## If "ClientIP", consecutive client requests will be directed to the same Pod
409
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
410
##
411
sessionAffinity: None
412
## @param controller.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
413
## sessionAffinityConfig:
414
## clientIP:
415
## timeoutSeconds: 300
416
sessionAffinityConfig: {}
417
## Argo CD application controller metrics service monitor configuration
418
##
419
serviceMonitor:
420
## @param controller.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
421
##
422
enabled: false
423
## @param controller.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
424
## e.g:
425
## namespace: monitoring
426
##
427
namespace: ""
428
## @param controller.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
429
##
430
jobLabel: ""
431
## @param controller.metrics.serviceMonitor.interval Interval at which metrics should be scraped
432
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
433
##
434
interval: 30s
435
## @param controller.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
436
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
437
##
438
scrapeTimeout: 10s
439
## @param controller.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
440
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
441
##
442
relabelings: []
443
## @param controller.metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
444
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
445
##
446
metricRelabelings: []
447
## @param controller.metrics.serviceMonitor.selector ServiceMonitor selector labels
448
##
449
## selector:
450
## prometheus: my-prometheus
451
##
452
selector: {}
453
## @param controller.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
454
##
455
honorLabels: false
456
## Rules for PrometheusRule object if enabled
457
##
458
## E.g.
459
## @param controller.metrics.rules.enabled Enable render extra rules for PrometheusRule object
460
## @param controller.metrics.rules.spec Rules to render into the PrometheusRule object
461
## @param controller.metrics.rules.selector Selector for the PrometheusRule object
462
## @param controller.metrics.rules.namespace Namespace where to create the PrometheusRule object
463
## @param controller.metrics.rules.additionalLabels Additional lables to add to the PrometheusRule object
464
##
465
rules:
466
enabled: false
467
## E.g
468
## - alert: ArgoAppMissing
469
## expr: |
470
## absent(argocd_app_info)
471
## for: 15m
472
## labels:
473
## severity: critical
474
## annotations:
475
## summary: "[ArgoCD] No reported applications"
476
## description: >
477
## ArgoCD has not reported any applications data for the past 15 minutes which
478
## means that it must be down or not functioning properly. This needs to be
479
## resolved for this cloud to continue to maintain state.
480
## - alert: ArgoAppNotSynced
481
## expr: |
482
## argocd_app_info{sync_status!="Synced"} == 1
483
## for: 12h
484
## labels:
485
## severity: warning
486
## annotations:
487
## summary: "[{{`{{ $labels.name }}`}}] Application not synchronized"
488
## description: >
489
## The application [{{`{{ $labels.name }}`}} has not been synchronized for over
490
## 12 hours which means that the state of this cloud has drifted away from the
491
## state inside Git.
492
##
493
spec: []
494
## E.g
495
## selector:
496
## prometheus: kube-prometheus
497
##
498
selector: {}
499
namespace: monitoring
500
additionalLabels: {}
501
## @param controller.command Override default container command (useful when using custom images)
502
##
503
command: []
504
## Arguments that will be used by default for the application controller
505
## @param controller.defaultArgs.statusProcessors Default status processors for Argo CD controller
506
## @param controller.defaultArgs.operationProcessors Default operation processors for Argo CD controller
507
## @param controller.defaultArgs.appResyncPeriod Default application resync period for Argo CD controller
508
## @param controller.defaultArgs.selfHealTimeout Default self heal timeout for Argo CD controller
509
##
510
defaultArgs:
511
statusProcessors: "20"
512
operationProcessors: "10"
513
appResyncPeriod: "180"
514
selfHealTimeout: "5"
515
## @param controller.args Override default container args (useful when using custom images). Overrides the defaultArgs.
516
##
517
args: []
518
## @param controller.extraArgs Add extra arguments to the default arguments for the Argo CD controller
519
##
520
extraArgs: []
521
## ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/
522
##
523
dynamicClusterDistribution:
524
## @param controller.dynamicClusterDistribution.enabled Whether dynamic cluster distribution is enabled.
525
##
526
enabled: false
527
## @param controller.dynamicClusterDistribution.heartbeatDuration Time to update the cluster sharding (defaults to 10 seconds).
528
## ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution
529
##
530
heartbeatDuration: ""
531
## @param controller.automountServiceAccountToken Mount Service Account token in pod
532
##
533
automountServiceAccountToken: true
534
## @param controller.hostAliases Argo CD pods host aliases
535
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
536
##
537
hostAliases: []
538
## @param controller.podLabels Extra labels for Argo CD pods
539
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
540
##
541
podLabels: {}
542
## @param controller.podAnnotations Annotations for Argo CD pods
543
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
544
##
545
podAnnotations: {}
546
## @param controller.podAffinityPreset Pod affinity preset. Ignored if `controller.affinity` is set. Allowed values: `soft` or `hard`
547
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
548
##
549
podAffinityPreset: ""
550
## @param controller.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `controller.affinity` is set. Allowed values: `soft` or `hard`
551
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
552
##
553
podAntiAffinityPreset: soft
554
## Node controller.affinity preset
555
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
556
##
557
nodeAffinityPreset:
558
## @param controller.nodeAffinityPreset.type Node affinity preset type. Ignored if `controller.affinity` is set. Allowed values: `soft` or `hard`
559
##
560
type: ""
561
## @param controller.nodeAffinityPreset.key Node label key to match. Ignored if `controller.affinity` is set
562
##
563
key: ""
564
## @param controller.nodeAffinityPreset.values Node label values to match. Ignored if `controller.affinity` is set
565
## E.g.
566
## values:
567
## - e2e-az1
568
## - e2e-az2
569
##
570
values: []
571
## @param controller.affinity Affinity for Argo CD pods assignment
572
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
573
## NOTE: `controller.podAffinityPreset`, `controller.podAntiAffinityPreset`, and `controller.nodeAffinityPreset` will be ignored when it's set
574
##
575
affinity: {}
576
## @param controller.nodeSelector Node labels for Argo CD pods assignment
577
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
578
##
579
nodeSelector: {}
580
## @param controller.tolerations Tolerations for Argo CD pods assignment
581
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
582
##
583
tolerations: []
584
## @param controller.schedulerName Name of the k8s scheduler (other than default)
585
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
586
##
587
schedulerName: ""
588
## @param controller.shareProcessNamespace Enable shared process namespace in a pod.
589
## If set to false (default), each container will run in separate namespace, controller will have PID=1.
590
## If set to true, the /pause will run as init process and will reap any zombie PIDs,
591
## for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
592
## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
593
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
594
##
595
shareProcessNamespace: false
596
## @param controller.topologySpreadConstraints Topology Spread Constraints for pod assignment
597
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
598
## The value is evaluated as a template
599
##
600
topologySpreadConstraints: []
601
## @param controller.updateStrategy.type Argo CD statefulset strategy type
602
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
603
##
604
updateStrategy:
605
## StrategyType
606
## Can be set to RollingUpdate or OnDelete
607
##
608
type: RollingUpdate
609
## @param controller.priorityClassName Argo CD pods' priorityClassName
610
##
611
priorityClassName: ""
612
## @param controller.runtimeClassName Name of the runtime class to be used by pod(s)
613
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
614
##
615
runtimeClassName: ""
616
## @param controller.lifecycleHooks for the Argo CD container(s) to automate configuration before or after startup
617
##
618
lifecycleHooks: {}
619
## @param controller.podManagementPolicy podManagementPolicy to manage scaling operation of pods (only in StatefulSet mode)
620
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
621
##
622
podManagementPolicy: ""
623
## @param controller.extraEnvVars Array with extra environment variables to add to Argo CD nodes
624
## e.g:
625
## extraEnvVars:
626
## - name: FOO
627
## value: "bar"
628
##
629
extraEnvVars: []
630
## @param controller.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Argo CD nodes
631
##
632
extraEnvVarsCM: ""
633
## @param controller.extraEnvVarsSecret Name of existing Secret containing extra env vars for Argo CD nodes
634
##
635
extraEnvVarsSecret: ""
636
## @param controller.extraVolumes Optionally specify extra list of additional volumes for the Argo CD pod(s)
637
##
638
extraVolumes: []
639
## @param controller.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Argo CD container(s)
640
##
641
extraVolumeMounts: []
642
## @param controller.sidecars Add additional sidecar containers to the Argo CD pod(s)
643
## e.g:
644
## sidecars:
645
## - name: your-image-name
646
## image: your-image
647
## imagePullPolicy: Always
648
## ports:
649
## - name: portname
650
## containerPort: 1234
651
##
652
sidecars: []
653
## @param controller.initContainers Add additional init containers to the Argo CD pod(s)
654
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
655
## e.g:
656
## initContainers:
657
## - name: your-image-name
658
## image: your-image
659
## imagePullPolicy: Always
660
## command: ['sh', '-c', 'echo "hello world"']
661
##
662
initContainers: []
663
## Pod Disruption Budget configuration
664
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
665
## @param controller.pdb.create Enable/disable a Pod Disruption Budget creation
666
## @param controller.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
667
## @param controller.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `controller.pdb.minAvailable` and `controller.pdb.maxUnavailable` are empty.
668
##
669
pdb:
670
create: true
671
minAvailable: ""
672
maxUnavailable: ""
673
## @section Argo CD ApplicationSet controller parameters
674
675
## ApplicationSet controller
676
##
677
applicationSet:
678
## @param applicationSet.enabled Enable ApplicationSet controller
679
##
680
enabled: false
681
## @param applicationSet.replicaCount The number of ApplicationSet controller pods to run
682
##
683
replicaCount: 1
684
## @param applicationSet.command Override default container command (useful when using custom images)
685
##
686
command: []
687
## Arguments that will be used by default for the application controller
688
## @param applicationSet.defaultArgs.enableLeaderElection Enable leader election
689
## @param applicationSet.defaultArgs.policy Default policy
690
## @param applicationSet.defaultArgs.debug Enable debug mode
691
## @param applicationSet.defaultArgs.dryRun Enable dry-run mode
692
##
693
defaultArgs:
694
enableLeaderElection: false
695
policy: "sync"
696
debug: false
697
dryRun: false
698
## @param applicationSet.args Override default container args (useful when using custom images). Overrides the defaultArgs.
699
##
700
args: []
701
## @param applicationSet.extraArgs Add extra arguments to the default arguments for the Argo CD applicationSet controller
702
##
703
extraArgs: []
704
## Argo CD applicationSet controller log format: text|json
705
## @param applicationSet.logFormat Format for the Argo CD applicationSet controller logs. Options: [text, json]
706
##
707
logFormat: text
708
## Argo CD applicationSet controller log level
709
## @param applicationSet.logLevel Log level for the Argo CD applicationSet controller
710
##
711
logLevel: info
712
## Argo CD applicationSet controller ports
713
## @param applicationSet.containerPorts.metrics Argo CD applicationSet controller metrics port number
714
## @param applicationSet.containerPorts.probe Argo CD applicationSet controller probe port number
715
##
716
containerPorts:
717
metrics: 8085
718
probe: 8081
719
## Metrics configuration for Argo CD applicationSet controller
720
##
721
metrics:
722
## @param applicationSet.metrics.enabled Enable Argo CD applicationSet controller metrics
723
##
724
enabled: false
725
service:
726
## @param applicationSet.metrics.service.type Argo CD applicationSet controller service type
727
##
728
type: ClusterIP
729
## @param applicationSet.metrics.service.ports.metrics Argo CD applicationSet controller metrics service port
730
##
731
ports:
732
metrics: 8085
733
## Node ports to expose
734
## @param applicationSet.metrics.service.nodePorts.metrics Node port for the applicationSet controller service
735
## NOTE: choose port between <30000-32767>
736
##
737
nodePorts:
738
metrics: ""
739
## @param applicationSet.metrics.service.clusterIP Argo CD applicationSet controller metrics service Cluster IP
740
## e.g.:
741
## clusterIP: None
742
##
743
clusterIP: ""
744
## @param applicationSet.metrics.service.loadBalancerIP Argo CD applicationSet controller service Load Balancer IP
745
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
746
##
747
loadBalancerIP: ""
748
## @param applicationSet.metrics.service.loadBalancerSourceRanges Argo CD applicationSet controller service Load Balancer sources
749
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
750
## e.g:
751
## loadBalancerSourceRanges:
752
## - 10.10.10.0/24
753
##
754
loadBalancerSourceRanges: []
755
## @param applicationSet.metrics.service.externalTrafficPolicy Argo CD applicationSet controller service external traffic policy
756
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
757
##
758
externalTrafficPolicy: Cluster
759
## @param applicationSet.metrics.service.annotations Additional custom annotations for Argo CD applicationSet controller service
760
##
761
annotations: {}
762
## @param applicationSet.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
763
## If "ClientIP", consecutive client requests will be directed to the same Pod
764
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
765
##
766
sessionAffinity: None
767
## @param applicationSet.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
768
## sessionAffinityConfig:
769
## clientIP:
770
## timeoutSeconds: 300
771
##
772
sessionAffinityConfig: {}
773
## Argo CD applicationSet controller metrics service monitor configuration
774
##
775
serviceMonitor:
776
## @param applicationSet.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
777
##
778
enabled: false
779
## @param applicationSet.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
780
## e.g:
781
## namespace: monitoring
782
##
783
namespace: ""
784
## @param applicationSet.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
785
##
786
jobLabel: ""
787
## @param applicationSet.metrics.serviceMonitor.interval Interval at which metrics should be scraped
788
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
789
##
790
interval: 30s
791
## @param applicationSet.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
792
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
793
##
794
scrapeTimeout: 10s
795
## @param applicationSet.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
796
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
797
##
798
relabelings: []
799
## @param applicationSet.metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
800
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
801
##
802
metricRelabelings: []
803
## @param applicationSet.metrics.serviceMonitor.selector ServiceMonitor selector labels
804
##
805
## selector:
806
## prometheus: my-prometheus
807
##
808
selector: {}
809
## @param applicationSet.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
810
##
811
honorLabels: false
812
## Argo CD applicationSet controller service parameters
813
##
814
service:
815
## @param applicationSet.service.type Argo CD applicationSet controller service type
816
##
817
type: ClusterIP
818
## @param applicationSet.service.ports.webhook Argo CD applicationSet controller service port
819
##
820
ports:
821
webhook: 7000
822
## Node ports to expose
823
## @param applicationSet.service.nodePorts.webhook Node port for Argo CD applicationSet controller service
824
## NOTE: choose port between <30000-32767>
825
##
826
nodePorts:
827
webhook: ""
828
## @param applicationSet.service.clusterIP Argo CD applicationSet controller service Cluster IP
829
## e.g.:
830
## clusterIP: None
831
##
832
clusterIP: ""
833
## @param applicationSet.service.loadBalancerIP Argo CD applicationSet controller service Load Balancer IP
834
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
835
##
836
loadBalancerIP: ""
837
## @param applicationSet.service.loadBalancerSourceRanges Argo CD applicationSet controller service Load Balancer sources
838
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
839
## e.g:
840
## loadBalancerSourceRanges:
841
## - 10.10.10.0/24
842
##
843
loadBalancerSourceRanges: []
844
## @param applicationSet.service.externalTrafficPolicy Argo CD applicationSet controller service external traffic policy
845
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
846
##
847
externalTrafficPolicy: Cluster
848
## @param applicationSet.service.annotations Additional custom annotations for Argo CD applicationSet controller service
849
##
850
annotations: {}
851
## @param applicationSet.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
852
##
853
extraPorts: []
854
## @param applicationSet.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
855
## If "ClientIP", consecutive client requests will be directed to the same Pod
856
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
857
##
858
sessionAffinity: None
859
## @param applicationSet.service.sessionAffinityConfig Additional settings for the sessionAffinity
860
## sessionAffinityConfig:
861
## clientIP:
862
## timeoutSeconds: 300
863
##
864
sessionAffinityConfig: {}
865
## Network Policies
866
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
867
##
868
networkPolicy:
869
## @param applicationSet.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
870
##
871
enabled: true
872
## @param applicationSet.networkPolicy.allowExternal Don't require server label for connections
873
## The Policy model to apply. When set to false, only pods with the correct
874
## server label will have network access to the ports server is listening
875
## on. When true, server will accept connections from any source
876
## (with the correct destination port).
877
##
878
allowExternal: true
879
## @param applicationSet.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
880
##
881
allowExternalEgress: true
882
## @param applicationSet.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
883
##
884
kubeAPIServerPorts: [443, 6443, 8443]
885
## @param applicationSet.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
886
## e.g:
887
## extraIngress:
888
## - ports:
889
## - port: 1234
890
## from:
891
## - podSelector:
892
## - matchLabels:
893
## - role: frontend
894
## - podSelector:
895
## - matchExpressions:
896
## - key: role
897
## operator: In
898
## values:
899
## - frontend
900
extraIngress: []
901
## @param applicationSet.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
902
## e.g:
903
## extraEgress:
904
## - ports:
905
## - port: 1234
906
## to:
907
## - podSelector:
908
## - matchLabels:
909
## - role: frontend
910
## - podSelector:
911
## - matchExpressions:
912
## - key: role
913
## operator: In
914
## values:
915
## - frontend
916
##
917
extraEgress: []
918
## @param applicationSet.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
919
## @param applicationSet.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
920
##
921
ingressNSMatchLabels: {}
922
ingressNSPodMatchLabels: {}
923
## ServiceAccount configuration for the Argo CD applicationSet controller
924
##
925
serviceAccount:
926
## @param applicationSet.serviceAccount.create Specifies whether a ServiceAccount should be created
927
##
928
create: true
929
## @param applicationSet.serviceAccount.name The name of the ServiceAccount to use.
930
## If not set and create is true, a name is generated using the common.names.fullname template
931
##
932
name: ""
933
## @param applicationSet.serviceAccount.automountServiceAccountToken Automount service account token for the applicationSet controller service account
934
##
935
automountServiceAccountToken: false
936
## @param applicationSet.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
937
##
938
annotations: {}
939
## Enable admin clusterrole resources. Allows Argo CD applicationSet controller to have access to multiple namespaces
940
## @param applicationSet.clusterAdminAccess Enable K8s cluster admin access for the application controller
941
##
942
clusterAdminAccess: false
943
## Enable Custom Rules for Argo CD applicationSet controller cluster role
944
## @param applicationSet.clusterRoleRules Use custom rules for Argo CD applicationSet controller's cluster role
945
##
946
clusterRoleRules: []
947
## @param applicationSet.podAffinityPreset Pod affinity preset. Ignored if `applicationSet.affinity` is set. Allowed values: `soft` or `hard`
948
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
949
##
950
podAffinityPreset: ""
951
## @param applicationSet.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `applicationSet.affinity` is set. Allowed values: `soft` or `hard`
952
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
953
##
954
podAntiAffinityPreset: soft
955
## Node applicationSet.affinity preset
956
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
957
##
958
nodeAffinityPreset:
959
## @param applicationSet.nodeAffinityPreset.type Node affinity preset type. Ignored if `applicationSet.affinity` is set. Allowed values: `soft` or `hard`
960
##
961
type: ""
962
## @param applicationSet.nodeAffinityPreset.key Node label key to match. Ignored if `applicationSet.affinity` is set
963
##
964
key: ""
965
## @param applicationSet.nodeAffinityPreset.values Node label values to match. Ignored if `applicationSet.affinity` is set
966
## E.g.
967
## values:
968
## - e2e-az1
969
## - e2e-az2
970
##
971
values: []
972
## @param applicationSet.affinity Affinity for Argo CD applicationSet controller pods assignment
973
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
974
## NOTE: `applicationSet.podAffinityPreset`, `applicationSet.podAntiAffinityPreset`, and `applicationSet.nodeAffinityPreset` will be ignored when it's set
975
##
976
affinity: {}
977
## @param applicationSet.podAnnotations Annotations for Argo CD applicationSet controller pods
978
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
979
##
980
podAnnotations: {}
981
## @param applicationSet.podLabels Extra labels for Argo CD applicationSet controller pods
982
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
983
##
984
podLabels: {}
985
## Configure Container Security Context
986
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
987
## @param applicationSet.containerSecurityContext.enabled Enabled Argo CD applicationSet controller containers' Security Context
988
## @param applicationSet.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
989
## @param applicationSet.containerSecurityContext.runAsUser Set Argo CD applicationSet controller containers' Security Context runAsUser
990
## @param applicationSet.containerSecurityContext.runAsGroup Set Argo CD applicationSet controller containers' Security Context runAsGroup
991
## @param applicationSet.containerSecurityContext.allowPrivilegeEscalation Set Argo CD applicationSet controller containers' Security Context allowPrivilegeEscalation
992
## @param applicationSet.containerSecurityContext.capabilities.drop Set Argo CD applicationSet controller containers' Security Context capabilities to be dropped
993
## @param applicationSet.containerSecurityContext.readOnlyRootFilesystem Set Argo CD applicationSet controller containers' Security Context readOnlyRootFilesystem
994
## @param applicationSet.containerSecurityContext.runAsNonRoot Set Argo CD applicationSet controller container's Security Context runAsNonRoot
995
## @param applicationSet.containerSecurityContext.privileged Set applicationSet container's Security Context privileged
996
## @param applicationSet.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
997
##
998
containerSecurityContext:
999
enabled: true
1000
seLinuxOptions: {}
1001
runAsUser: 1001
1002
runAsGroup: 1001
1003
runAsNonRoot: true
1004
readOnlyRootFilesystem: true
1005
allowPrivilegeEscalation: false
1006
privileged: false
1007
capabilities:
1008
drop: ["ALL"]
1009
seccompProfile:
1010
type: "RuntimeDefault"
1011
## @param applicationSet.livenessProbe.enabled Enable livenessProbe on Argo CD applicationSet controller nodes
1012
## @param applicationSet.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1013
## @param applicationSet.livenessProbe.periodSeconds Period seconds for livenessProbe
1014
## @param applicationSet.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1015
## @param applicationSet.livenessProbe.failureThreshold Failure threshold for livenessProbe
1016
## @param applicationSet.livenessProbe.successThreshold Success threshold for livenessProbe
1017
##
1018
livenessProbe:
1019
enabled: true
1020
initialDelaySeconds: 10
1021
periodSeconds: 10
1022
timeoutSeconds: 1
1023
failureThreshold: 3
1024
successThreshold: 1
1025
## @param applicationSet.readinessProbe.enabled Enable readinessProbe on Argo CD applicationSet controller nodes
1026
## @param applicationSet.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1027
## @param applicationSet.readinessProbe.periodSeconds Period seconds for readinessProbe
1028
## @param applicationSet.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1029
## @param applicationSet.readinessProbe.failureThreshold Failure threshold for readinessProbe
1030
## @param applicationSet.readinessProbe.successThreshold Success threshold for readinessProbe
1031
##
1032
readinessProbe:
1033
enabled: true
1034
initialDelaySeconds: 10
1035
periodSeconds: 10
1036
timeoutSeconds: 1
1037
failureThreshold: 3
1038
successThreshold: 1
1039
## @param applicationSet.customLivenessProbe Custom livenessProbe that overrides the default one
1040
##
1041
customLivenessProbe: {}
1042
## @param applicationSet.customReadinessProbe Custom readinessProbe that overrides the default one
1043
##
1044
customReadinessProbe: {}
1045
## Argo CD applicationSet controller resource requests and limits
1046
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1047
## @param applicationSet.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if applicationSet.resources is set (applicationSet.resources is recommended for production).
1048
##
1049
resourcesPreset: "nano"
1050
## @param applicationSet.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1051
## Example:
1052
## resources:
1053
## requests:
1054
## cpu: 2
1055
## memory: 512Mi
1056
## limits:
1057
## cpu: 3
1058
## memory: 1024Mi
1059
##
1060
resources: {}
1061
## Configure Pods Security Context
1062
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1063
## @param applicationSet.podSecurityContext.enabled Enabled Argo CD applicationSet controller pods' Security Context
1064
## @param applicationSet.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1065
## @param applicationSet.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1066
## @param applicationSet.podSecurityContext.supplementalGroups Set filesystem extra groups
1067
## @param applicationSet.podSecurityContext.fsGroup Set Argo CD applicationSet controller pod's Security Context fsGroup
1068
##
1069
podSecurityContext:
1070
enabled: true
1071
fsGroupChangePolicy: Always
1072
sysctls: []
1073
supplementalGroups: []
1074
fsGroup: 1001
1075
## @param applicationSet.nodeSelector Node labels for Argo CD applicationSet controller pods assignment
1076
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1077
##
1078
nodeSelector: {}
1079
## @param applicationSet.tolerations Tolerations for Argo CD applicationSet controller pods assignment
1080
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1081
##
1082
tolerations: []
1083
## @param applicationSet.updateStrategy.type Argo CD applicationSet controller statefulset strategy type
1084
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1085
##
1086
updateStrategy:
1087
## StrategyType
1088
## Can be set to RollingUpdate or OnDelete
1089
##
1090
type: RollingUpdate
1091
## @param applicationSet.priorityClassName Argo CD applicationSet controller pods' priorityClassName
1092
##
1093
priorityClassName: ""
1094
## @param applicationSet.extraVolumes Optionally specify extra list of additional volumes for the Argo CD applicationSet controller pod(s)
1095
##
1096
extraVolumes: []
1097
## @param applicationSet.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Argo CD applicationSet controller container(s)
1098
##
1099
extraVolumeMounts: []
1100
## @param applicationSet.extraEnvVars Array with extra environment variables to add to Argo CD applicationSet controller nodes
1101
## e.g:
1102
## extraEnvVars:
1103
## - name: FOO
1104
## value: "bar"
1105
##
1106
extraEnvVars: []
1107
## @param applicationSet.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Argo CD applicationSet controller nodes
1108
##
1109
extraEnvVarsCM: ""
1110
## @param applicationSet.extraEnvVarsSecret Name of existing Secret containing extra env vars for Argo CD applicationSet controller nodes
1111
##
1112
extraEnvVarsSecret: ""
1113
## Webhook for the Git Generator
1114
## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
1115
##
1116
webhook:
1117
ingress:
1118
## @param applicationSet.webhook.ingress.enabled Enable an ingress resource for Webhooks
1119
##
1120
enabled: false
1121
## @param applicationSet.webhook.ingress.annotations Additional ingress annotations
1122
##
1123
annotations: {}
1124
## @param applicationSet.webhook.ingress.labels Additional ingress labels
1125
##
1126
labels: {}
1127
## @param applicationSet.webhook.ingress.ingressClassName Defines which ingress controller will implement the resource
1128
##
1129
ingressClassName: ""
1130
## @param applicationSet.webhook.ingress.hostname Ingress hostname for the Argo CD applicationSet ingress
1131
## Hostname must be provided if Ingress is enabled.
1132
##
1133
hostname: ""
1134
## @param applicationSet.webhook.ingress.path Argo CD applicationSet ingress path
1135
##
1136
path: /api/webhook
1137
## @param applicationSet.webhook.ingress.pathType Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
1138
##
1139
pathType: Prefix
1140
## @param applicationSet.webhook.ingress.extraHosts Extra hosts array for the Argo CD applicationSet ingress
1141
## The list of additional hostnames to be covered with this ingress record.
1142
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
1143
##
1144
extraHosts: []
1145
## @param applicationSet.webhook.ingress.extraPaths Extra paths for the Argo CD applicationSet ingress
1146
## Any additional arbitrary paths that may need to be added to the ingress under the main host.
1147
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
1148
##
1149
extraPaths: []
1150
## - path: /*
1151
## backend:
1152
## serviceName: ssl-redirect
1153
## servicePort: use-annotation
1154
##
1155
## @param applicationSet.webhook.ingress.extraTls Extra TLS configuration for the Argo CD applicationSet ingress
1156
## The tls configuration for additional hostnames to be covered with this ingress record.
1157
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
1158
##
1159
extraTls: []
1160
## - hosts:
1161
## - argocd.server.local
1162
## secretName: argocd.server.local-tls
1163
##
1164
## @param applicationSet.webhook.ingress.tls Ingress TLS configuration
1165
##
1166
tls: []
1167
## Pod Disruption Budget configuration
1168
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1169
## @param applicationSet.pdb.create Enable/disable a Pod Disruption Budget creation
1170
## @param applicationSet.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
1171
## @param applicationSet.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `controller.pdb.minAvailable` and `controller.pdb.maxUnavailable` are empty.
1172
##
1173
pdb:
1174
create: true
1175
minAvailable: ""
1176
maxUnavailable: ""
1177
## @section Argo CD notifications controller parameters
1178
1179
## notifications controller
1180
##
1181
notifications:
1182
## @param notifications.enabled Enable notifications controller
1183
##
1184
enabled: false
1185
## @param notifications.command Override default container command (useful when using custom images)
1186
##
1187
command: []
1188
## @param notifications.args Override default container args (useful when using custom images).
1189
##
1190
args: []
1191
## @param notifications.extraArgs Add extra arguments to the default arguments for the Argo CD notifications controller
1192
##
1193
extraArgs: []
1194
## @param notifications.automountServiceAccountToken Mount Service Account token in pod
1195
##
1196
automountServiceAccountToken: true
1197
## Argo CD notifications controller log format: text|json
1198
## @param notifications.logFormat Format for the Argo CD notifications controller logs. Options: [text, json]
1199
##
1200
logFormat: text
1201
## Argo CD notifications controller log level
1202
## @param notifications.logLevel Log level for the Argo CD notifications controller
1203
##
1204
logLevel: info
1205
## Argo CD notifications controller ports
1206
## @param notifications.containerPorts.metrics Argo CD notifications controller metrics port number
1207
##
1208
containerPorts:
1209
metrics: 8085
1210
## Metrics configuration for Argo CD notifications controller
1211
##
1212
metrics:
1213
## @param notifications.metrics.enabled Enable Argo CD notifications controller metrics
1214
##
1215
enabled: false
1216
service:
1217
## @param notifications.metrics.service.type Argo CD notifications controller service type
1218
##
1219
type: ClusterIP
1220
## @param notifications.metrics.service.ports.metrics Argo CD notifications controller metrics service port
1221
##
1222
ports:
1223
metrics: 8085
1224
## Node ports to expose
1225
## @param notifications.metrics.service.nodePorts.metrics Node port for the notifications controller service
1226
## NOTE: choose port between <30000-32767>
1227
##
1228
nodePorts:
1229
metrics: ""
1230
## @param notifications.metrics.service.clusterIP Argo CD notifications controller metrics service Cluster IP
1231
## e.g.:
1232
## clusterIP: None
1233
##
1234
clusterIP: ""
1235
## @param notifications.metrics.service.loadBalancerIP Argo CD notifications controller service Load Balancer IP
1236
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1237
##
1238
loadBalancerIP: ""
1239
## @param notifications.metrics.service.loadBalancerSourceRanges Argo CD notifications controller service Load Balancer sources
1240
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1241
## e.g:
1242
## loadBalancerSourceRanges:
1243
## - 10.10.10.0/24
1244
##
1245
loadBalancerSourceRanges: []
1246
## @param notifications.metrics.service.externalTrafficPolicy Argo CD notifications controller service external traffic policy
1247
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1248
##
1249
externalTrafficPolicy: Cluster
1250
## @param notifications.metrics.service.annotations Additional custom annotations for Argo CD notifications controller service
1251
##
1252
annotations: {}
1253
## @param notifications.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1254
## If "ClientIP", consecutive client requests will be directed to the same Pod
1255
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1256
##
1257
sessionAffinity: None
1258
## @param notifications.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
1259
## sessionAffinityConfig:
1260
## clientIP:
1261
## timeoutSeconds: 300
1262
##
1263
sessionAffinityConfig: {}
1264
## Argo CD notifications controller metrics service monitor configuration
1265
##
1266
serviceMonitor:
1267
## @param notifications.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
1268
##
1269
enabled: false
1270
## @param notifications.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
1271
## e.g:
1272
## namespace: monitoring
1273
##
1274
namespace: ""
1275
## @param notifications.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
1276
##
1277
jobLabel: ""
1278
## @param notifications.metrics.serviceMonitor.interval Interval at which metrics should be scraped
1279
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1280
##
1281
interval: 30s
1282
## @param notifications.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
1283
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1284
##
1285
scrapeTimeout: 10s
1286
## @param notifications.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
1287
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
1288
##
1289
relabelings: []
1290
## @param notifications.metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
1291
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
1292
##
1293
metricRelabelings: []
1294
## @param notifications.metrics.serviceMonitor.selector ServiceMonitor selector labels
1295
##
1296
## selector:
1297
## prometheus: my-prometheus
1298
##
1299
selector: {}
1300
## @param notifications.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
1301
##
1302
honorLabels: false
1303
## Network Policies
1304
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1305
##
1306
networkPolicy:
1307
## @param notifications.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1308
##
1309
enabled: true
1310
## @param notifications.networkPolicy.allowExternal Don't require server label for connections
1311
## The Policy model to apply. When set to false, only pods with the correct
1312
## server label will have network access to the ports server is listening
1313
## on. When true, server will accept connections from any source
1314
## (with the correct destination port).
1315
##
1316
allowExternal: true
1317
## @param notifications.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1318
##
1319
allowExternalEgress: true
1320
## @param notifications.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
1321
##
1322
kubeAPIServerPorts: [443, 6443, 8443]
1323
## @param notifications.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1324
## e.g:
1325
## extraIngress:
1326
## - ports:
1327
## - port: 1234
1328
## from:
1329
## - podSelector:
1330
## - matchLabels:
1331
## - role: frontend
1332
## - podSelector:
1333
## - matchExpressions:
1334
## - key: role
1335
## operator: In
1336
## values:
1337
## - frontend
1338
extraIngress: []
1339
## @param notifications.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
1340
## e.g:
1341
## extraEgress:
1342
## - ports:
1343
## - port: 1234
1344
## to:
1345
## - podSelector:
1346
## - matchLabels:
1347
## - role: frontend
1348
## - podSelector:
1349
## - matchExpressions:
1350
## - key: role
1351
## operator: In
1352
## values:
1353
## - frontend
1354
##
1355
extraEgress: []
1356
## @param notifications.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1357
## @param notifications.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1358
##
1359
ingressNSMatchLabels: {}
1360
ingressNSPodMatchLabels: {}
1361
## ServiceAccount configuration for the Argo CD notifications controller
1362
##
1363
serviceAccount:
1364
## @param notifications.serviceAccount.create Specifies whether a ServiceAccount should be created
1365
##
1366
create: true
1367
## @param notifications.serviceAccount.name The name of the ServiceAccount to use.
1368
## If not set and create is true, a name is generated using the common.names.fullname template
1369
##
1370
name: ""
1371
## @param notifications.serviceAccount.automountServiceAccountToken Automount service account token for the notifications controller service account
1372
##
1373
automountServiceAccountToken: false
1374
## @param notifications.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
1375
##
1376
annotations: {}
1377
## Enable admin clusterrole resources. Allows Argo CD notifications controller to have access to multiple namespaces
1378
## @param notifications.clusterAdminAccess Enable K8s cluster admin access for the notifications controller
1379
##
1380
clusterAdminAccess: false
1381
## Enable Custom Rules for Argo CD notifications controller cluster role
1382
## @param notifications.clusterRoleRules Use custom rules for notifications controller's cluster role
1383
##
1384
clusterRoleRules: []
1385
## @param notifications.podAffinityPreset Pod affinity preset. Ignored if `notifications.affinity` is set. Allowed values: `soft` or `hard`
1386
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1387
##
1388
podAffinityPreset: ""
1389
## @param notifications.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `notifications.affinity` is set. Allowed values: `soft` or `hard`
1390
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1391
##
1392
podAntiAffinityPreset: soft
1393
## Node notifications.affinity preset
1394
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1395
##
1396
nodeAffinityPreset:
1397
## @param notifications.nodeAffinityPreset.type Node affinity preset type. Ignored if `notifications.affinity` is set. Allowed values: `soft` or `hard`
1398
##
1399
type: ""
1400
## @param notifications.nodeAffinityPreset.key Node label key to match. Ignored if `notifications.affinity` is set
1401
##
1402
key: ""
1403
## @param notifications.nodeAffinityPreset.values Node label values to match. Ignored if `notifications.affinity` is set
1404
## E.g.
1405
## values:
1406
## - e2e-az1
1407
## - e2e-az2
1408
##
1409
values: []
1410
## @param notifications.affinity Affinity for Argo CD notifications controller pods assignment
1411
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1412
## NOTE: `notifications.podAffinityPreset`, `notifications.podAntiAffinityPreset`, and `notifications.nodeAffinityPreset` will be ignored when it's set
1413
##
1414
affinity: {}
1415
## @param notifications.podAnnotations Annotations for Argo CD notifications controller pods
1416
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1417
##
1418
podAnnotations: {}
1419
## @param notifications.podLabels Extra labels for Argo CD notifications controller pods
1420
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1421
##
1422
podLabels: {}
1423
## Configure Container Security Context
1424
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1425
## @param notifications.containerSecurityContext.enabled Enabled Argo CD notifications controller containers' Security Context
1426
## @param notifications.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1427
## @param notifications.containerSecurityContext.runAsUser Set Argo CD notifications controller containers' Security Context runAsUser
1428
## @param notifications.containerSecurityContext.runAsGroup Set Argo CD notifications controller containers' Security Context runAsGroup
1429
## @param notifications.containerSecurityContext.allowPrivilegeEscalation Set Argo CD notifications controller containers' Security Context allowPrivilegeEscalation
1430
## @param notifications.containerSecurityContext.capabilities.drop Set Argo CD notifications controller containers' Security Context capabilities to be dropped
1431
## @param notifications.containerSecurityContext.readOnlyRootFilesystem Set Argo CD notifications controller containers' Security Context readOnlyRootFilesystem
1432
## @param notifications.containerSecurityContext.runAsNonRoot Set Argo CD notifications controller container's Security Context runAsNonRoot
1433
## @param notifications.containerSecurityContext.privileged Set notifications container's Security Context privileged
1434
## @param notifications.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1435
##
1436
containerSecurityContext:
1437
enabled: true
1438
seLinuxOptions: {}
1439
runAsUser: 1001
1440
runAsGroup: 1001
1441
runAsNonRoot: true
1442
readOnlyRootFilesystem: true
1443
allowPrivilegeEscalation: false
1444
privileged: false
1445
capabilities:
1446
drop: ["ALL"]
1447
seccompProfile:
1448
type: "RuntimeDefault"
1449
## Argo CD notifications controller resource requests and limits
1450
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1451
## @param notifications.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if notifications.resources is set (notifications.resources is recommended for production).
1452
##
1453
resourcesPreset: "nano"
1454
## @param notifications.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1455
## Example:
1456
## resources:
1457
## requests:
1458
## cpu: 2
1459
## memory: 512Mi
1460
## limits:
1461
## cpu: 3
1462
## memory: 1024Mi
1463
##
1464
resources: {}
1465
## Configure Pods Security Context
1466
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1467
## @param notifications.podSecurityContext.enabled Enabled Argo CD notifications controller pods' Security Context
1468
## @param notifications.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1469
## @param notifications.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1470
## @param notifications.podSecurityContext.supplementalGroups Set filesystem extra groups
1471
## @param notifications.podSecurityContext.fsGroup Set Argo CD notifications controller pod's Security Context fsGroup
1472
##
1473
podSecurityContext:
1474
enabled: true
1475
fsGroupChangePolicy: Always
1476
sysctls: []
1477
supplementalGroups: []
1478
fsGroup: 1001
1479
## @param notifications.nodeSelector Node labels for Argo CD notifications controller pods assignment
1480
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1481
##
1482
nodeSelector: {}
1483
## @param notifications.tolerations Tolerations for Argo CD notifications controller pods assignment
1484
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1485
##
1486
tolerations: []
1487
## @param notifications.priorityClassName Argo CD notifications controller pods' priorityClassName
1488
##
1489
priorityClassName: ""
1490
## @param notifications.extraVolumes Optionally specify extra list of additional volumes for the Argo CD notifications controller pod(s)
1491
##
1492
extraVolumes: []
1493
## @param notifications.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Argo CD notifications controller container(s)
1494
##
1495
extraVolumeMounts: []
1496
## @param notifications.extraEnvVars Array with extra environment variables to add to Argo CD notifications controller nodes
1497
## e.g:
1498
## extraEnvVars:
1499
## - name: FOO
1500
## value: "bar"
1501
##
1502
extraEnvVars: []
1503
## @param notifications.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Argo CD notifications controller nodes
1504
##
1505
extraEnvVarsCM: ""
1506
## @param notifications.extraEnvVarsSecret Name of existing Secret containing extra env vars for Argo CD notifications controller nodes
1507
##
1508
extraEnvVarsSecret: ""
1509
## Configure extra options for Notification containers' liveness and readiness probes
1510
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1511
## @param notifications.startupProbe.enabled Enable startupProbe on Notification nodes
1512
## @param notifications.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1513
## @param notifications.startupProbe.periodSeconds Period seconds for startupProbe
1514
## @param notifications.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1515
## @param notifications.startupProbe.failureThreshold Failure threshold for startupProbe
1516
## @param notifications.startupProbe.successThreshold Success threshold for startupProbe
1517
##
1518
startupProbe:
1519
enabled: false
1520
initialDelaySeconds: 10
1521
periodSeconds: 10
1522
timeoutSeconds: 1
1523
failureThreshold: 3
1524
successThreshold: 1
1525
## @param notifications.livenessProbe.enabled Enable livenessProbe on Notification nodes
1526
## @param notifications.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1527
## @param notifications.livenessProbe.periodSeconds Period seconds for livenessProbe
1528
## @param notifications.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1529
## @param notifications.livenessProbe.failureThreshold Failure threshold for livenessProbe
1530
## @param notifications.livenessProbe.successThreshold Success threshold for livenessProbe
1531
##
1532
livenessProbe:
1533
enabled: true
1534
initialDelaySeconds: 10
1535
periodSeconds: 10
1536
timeoutSeconds: 1
1537
failureThreshold: 3
1538
successThreshold: 1
1539
## @param notifications.readinessProbe.enabled Enable readinessProbe on Notification nodes
1540
## @param notifications.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1541
## @param notifications.readinessProbe.periodSeconds Period seconds for readinessProbe
1542
## @param notifications.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1543
## @param notifications.readinessProbe.failureThreshold Failure threshold for readinessProbe
1544
## @param notifications.readinessProbe.successThreshold Success threshold for readinessProbe
1545
##
1546
readinessProbe:
1547
enabled: true
1548
initialDelaySeconds: 10
1549
periodSeconds: 10
1550
timeoutSeconds: 1
1551
failureThreshold: 3
1552
successThreshold: 1
1553
## @param notifications.customStartupProbe Custom startupProbe that overrides the default one
1554
##
1555
customStartupProbe: {}
1556
## @param notifications.customLivenessProbe Custom livenessProbe that overrides the default one
1557
##
1558
customLivenessProbe: {}
1559
## @param notifications.customReadinessProbe Custom readinessProbe that overrides the default one
1560
##
1561
customReadinessProbe: {}
1562
## Webhook for the Git Generator
1563
## Ref: https://argocd-notifications.readthedocs.io/en/master/Generators-Git/#webhook-configuration)
1564
##
1565
webhook:
1566
ingress:
1567
## @param notifications.webhook.ingress.enabled Enable an ingress resource for Webhooks
1568
##
1569
enabled: false
1570
## @param notifications.webhook.ingress.annotations Additional ingress annotations
1571
##
1572
annotations: {}
1573
## @param notifications.webhook.ingress.labels Additional ingress labels
1574
##
1575
labels: {}
1576
## @param notifications.webhook.ingress.ingressClassName Defines which ingress controller will implement the resource
1577
##
1578
ingressClassName: ""
1579
## @param notifications.webhook.ingress.hostname Ingress hostname for the Argo CD notifications ingress
1580
## Hostname must be provided if Ingress is enabled.
1581
##
1582
hostname: ""
1583
## @param notifications.webhook.ingress.path Argo CD notifications ingress path
1584
##
1585
path: /api/webhook
1586
## @param notifications.webhook.ingress.pathType Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`
1587
##
1588
pathType: Prefix
1589
## @param notifications.webhook.ingress.extraHosts Extra hosts array for the Argo CD notifications ingress
1590
## The list of additional hostnames to be covered with this ingress record.
1591
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
1592
##
1593
extraHosts: []
1594
## @param notifications.webhook.ingress.extraPaths Extra paths for the Argo CD notifications ingress
1595
## Any additional arbitrary paths that may need to be added to the ingress under the main host.
1596
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
1597
##
1598
extraPaths: []
1599
## - path: /*
1600
## backend:
1601
## serviceName: ssl-redirect
1602
## servicePort: use-annotation
1603
##
1604
## @param notifications.webhook.ingress.extraTls Extra TLS configuration for the Argo CD notifications ingress
1605
## The tls configuration for additional hostnames to be covered with this ingress record.
1606
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
1607
##
1608
extraTls: []
1609
## - hosts:
1610
## - argocd.server.local
1611
## secretName: argocd.server.local-tls
1612
##
1613
## @param notifications.webhook.ingress.tls Ingress TLS configuration
1614
##
1615
tls: []
1616
## The optional bot component simplifies managing subscriptions
1617
## For more information: https://argocd-notifications.readthedocs.io/en/stable/bots/overview/
1618
bots:
1619
slack:
1620
## @param notifications.bots.slack.enabled Enable notifications controller
1621
##
1622
enabled: false
1623
## @param notifications.bots.slack.command Override default container command (useful when using custom images)
1624
##
1625
command: []
1626
## @param notifications.bots.slack.args Override default container args (useful when using custom images).
1627
##
1628
args: []
1629
## @param notifications.bots.slack.extraArgs Add extra arguments to the default arguments for the Argo CD Slack bot
1630
##
1631
extraArgs: []
1632
## Argo CD Slack bot service parameters
1633
##
1634
service:
1635
## @param notifications.bots.slack.service.type Argo CD Slack bot service type
1636
##
1637
type: LoadBalancer
1638
## @param notifications.bots.slack.service.ports.http Argo CD Slack bot service port
1639
##
1640
ports:
1641
http: 80
1642
## Node ports to expose
1643
## @param notifications.bots.slack.service.nodePorts.http Node port for Argo CD Slack bot service
1644
## NOTE: choose port between <30000-32767>
1645
##
1646
nodePorts:
1647
http: ""
1648
## @param notifications.bots.slack.service.clusterIP Argo CD Slack bot service Cluster IP
1649
## e.g.:
1650
## clusterIP: None
1651
##
1652
clusterIP: ""
1653
## @param notifications.bots.slack.service.loadBalancerIP Argo CD Slack bot service Load Balancer IP
1654
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1655
##
1656
loadBalancerIP: ""
1657
## @param notifications.bots.slack.service.loadBalancerSourceRanges Argo CD Slack bot service Load Balancer sources
1658
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1659
## e.g:
1660
## loadBalancerSourceRanges:
1661
## - 10.10.10.0/24
1662
##
1663
loadBalancerSourceRanges: []
1664
## @param notifications.bots.slack.service.externalTrafficPolicy Argo CD Slack bot service external traffic policy
1665
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1666
##
1667
externalTrafficPolicy: Cluster
1668
## @param notifications.bots.slack.service.annotations Additional custom annotations for Argo CD Slack bot service
1669
##
1670
annotations: {}
1671
## @param notifications.bots.slack.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
1672
##
1673
extraPorts: []
1674
## @param notifications.bots.slack.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
1675
## If "ClientIP", consecutive client requests will be directed to the same Pod
1676
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
1677
##
1678
sessionAffinity: None
1679
## @param notifications.bots.slack.service.sessionAffinityConfig Additional settings for the sessionAffinity
1680
## sessionAffinityConfig:
1681
## clientIP:
1682
## timeoutSeconds: 300
1683
##
1684
sessionAffinityConfig: {}
1685
## Network Policies
1686
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1687
##
1688
networkPolicy:
1689
## @param notifications.bots.slack.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
1690
##
1691
enabled: true
1692
## @param notifications.bots.slack.networkPolicy.allowExternal Don't require server label for connections
1693
## The Policy model to apply. When set to false, only pods with the correct
1694
## server label will have network access to the ports server is listening
1695
## on. When true, server will accept connections from any source
1696
## (with the correct destination port).
1697
##
1698
allowExternal: true
1699
## @param notifications.bots.slack.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
1700
##
1701
allowExternalEgress: true
1702
## @param notifications.bots.slack.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
1703
##
1704
kubeAPIServerPorts: [443, 6443, 8443]
1705
## @param notifications.bots.slack.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1706
## e.g:
1707
## extraIngress:
1708
## - ports:
1709
## - port: 1234
1710
## from:
1711
## - podSelector:
1712
## - matchLabels:
1713
## - role: frontend
1714
## - podSelector:
1715
## - matchExpressions:
1716
## - key: role
1717
## operator: In
1718
## values:
1719
## - frontend
1720
extraIngress: []
1721
## @param notifications.bots.slack.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
1722
## e.g:
1723
## extraEgress:
1724
## - ports:
1725
## - port: 1234
1726
## to:
1727
## - podSelector:
1728
## - matchLabels:
1729
## - role: frontend
1730
## - podSelector:
1731
## - matchExpressions:
1732
## - key: role
1733
## operator: In
1734
## values:
1735
## - frontend
1736
##
1737
extraEgress: []
1738
## @param notifications.bots.slack.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1739
## @param notifications.bots.slack.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1740
##
1741
ingressNSMatchLabels: {}
1742
ingressNSPodMatchLabels: {}
1743
## ServiceAccount configuration for the Argo CD Slack bot
1744
##
1745
serviceAccount:
1746
## @param notifications.bots.slack.serviceAccount.create Specifies whether a ServiceAccount should be created
1747
##
1748
create: true
1749
## @param notifications.bots.slack.serviceAccount.name The name of the ServiceAccount to use.
1750
## If not set and create is true, a name is generated using the common.names.fullname template
1751
##
1752
name: ""
1753
## @param notifications.bots.slack.serviceAccount.automountServiceAccountToken Automount service account token for the notifications controller service account
1754
##
1755
automountServiceAccountToken: false
1756
## @param notifications.bots.slack.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
1757
##
1758
annotations: {}
1759
## @param notifications.bots.slack.podAffinityPreset Pod affinity preset. Ignored if `notifications.bots.slack.affinity` is set. Allowed values: `soft` or `hard`
1760
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1761
##
1762
podAffinityPreset: ""
1763
## @param notifications.bots.slack.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `notifications.bots.slack.affinity` is set. Allowed values: `soft` or `hard`
1764
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1765
##
1766
podAntiAffinityPreset: soft
1767
## Node notifications.bots.slack.affinity preset
1768
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1769
##
1770
nodeAffinityPreset:
1771
## @param notifications.bots.slack.nodeAffinityPreset.type Node affinity preset type. Ignored if `notifications.bots.slack.affinity` is set. Allowed values: `soft` or `hard`
1772
##
1773
type: ""
1774
## @param notifications.bots.slack.nodeAffinityPreset.key Node label key to match. Ignored if `notifications.bots.slack.affinity` is set
1775
##
1776
key: ""
1777
## @param notifications.bots.slack.nodeAffinityPreset.values Node label values to match. Ignored if `notifications.bots.slack.affinity` is set
1778
## E.g.
1779
## values:
1780
## - e2e-az1
1781
## - e2e-az2
1782
##
1783
values: []
1784
## Argo CD Slack Bot controller ports
1785
## @param notifications.bots.slack.containerPorts.metrics Slack Bot controller metrics port number
1786
##
1787
containerPorts:
1788
metrics: 9001
1789
## Configure extra options for Slack Bot containers' liveness and readiness probes
1790
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1791
## @param notifications.bots.slack.startupProbe.enabled Enable startupProbe on Slack Bot nodes
1792
## @param notifications.bots.slack.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1793
## @param notifications.bots.slack.startupProbe.periodSeconds Period seconds for startupProbe
1794
## @param notifications.bots.slack.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1795
## @param notifications.bots.slack.startupProbe.failureThreshold Failure threshold for startupProbe
1796
## @param notifications.bots.slack.startupProbe.successThreshold Success threshold for startupProbe
1797
##
1798
startupProbe:
1799
enabled: false
1800
initialDelaySeconds: 10
1801
periodSeconds: 10
1802
timeoutSeconds: 1
1803
failureThreshold: 3
1804
successThreshold: 1
1805
## @param notifications.bots.slack.livenessProbe.enabled Enable livenessProbe on Slack Bot nodes
1806
## @param notifications.bots.slack.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1807
## @param notifications.bots.slack.livenessProbe.periodSeconds Period seconds for livenessProbe
1808
## @param notifications.bots.slack.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1809
## @param notifications.bots.slack.livenessProbe.failureThreshold Failure threshold for livenessProbe
1810
## @param notifications.bots.slack.livenessProbe.successThreshold Success threshold for livenessProbe
1811
##
1812
livenessProbe:
1813
enabled: true
1814
initialDelaySeconds: 10
1815
periodSeconds: 10
1816
timeoutSeconds: 1
1817
failureThreshold: 3
1818
successThreshold: 1
1819
## @param notifications.bots.slack.readinessProbe.enabled Enable readinessProbe on Slack Bot nodes
1820
## @param notifications.bots.slack.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1821
## @param notifications.bots.slack.readinessProbe.periodSeconds Period seconds for readinessProbe
1822
## @param notifications.bots.slack.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1823
## @param notifications.bots.slack.readinessProbe.failureThreshold Failure threshold for readinessProbe
1824
## @param notifications.bots.slack.readinessProbe.successThreshold Success threshold for readinessProbe
1825
##
1826
readinessProbe:
1827
enabled: true
1828
initialDelaySeconds: 10
1829
periodSeconds: 10
1830
timeoutSeconds: 1
1831
failureThreshold: 3
1832
successThreshold: 1
1833
## @param notifications.bots.slack.customStartupProbe Custom startupProbe that overrides the default one
1834
##
1835
customStartupProbe: {}
1836
## @param notifications.bots.slack.customLivenessProbe Custom livenessProbe that overrides the default one
1837
##
1838
customLivenessProbe: {}
1839
## @param notifications.bots.slack.customReadinessProbe Custom readinessProbe that overrides the default one
1840
##
1841
customReadinessProbe: {}
1842
## @param notifications.bots.slack.affinity Affinity for Argo CD Slack bot pods assignment
1843
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1844
## NOTE: `notifications.bots.slack.podAffinityPreset`, `notifications.bots.slack.podAntiAffinityPreset`, and `notifications.bots.slack.nodeAffinityPreset` will be ignored when it's set
1845
##
1846
affinity: {}
1847
## @param notifications.bots.slack.podAnnotations Annotations for Argo CD Slack bot pods
1848
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1849
##
1850
podAnnotations: {}
1851
## @param notifications.bots.slack.podLabels Extra labels for Argo CD Slack bot pods
1852
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1853
##
1854
podLabels: {}
1855
## Configure Container Security Context
1856
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1857
## @param notifications.bots.slack.containerSecurityContext.enabled Enabled Argo CD Slack bot containers' Security Context
1858
## @param notifications.bots.slack.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
1859
## @param notifications.bots.slack.containerSecurityContext.runAsUser Set Argo CD Slack bot containers' Security Context runAsUser
1860
## @param notifications.bots.slack.containerSecurityContext.runAsGroup Set Argo CD Slack bot containers' Security Context runAsGroup
1861
## @param notifications.bots.slack.containerSecurityContext.allowPrivilegeEscalation Set Argo CD Slack bot containers' Security Context allowPrivilegeEscalation
1862
## @param notifications.bots.slack.containerSecurityContext.capabilities.drop Set Argo CD Slack bot containers' Security Context capabilities to be dropped
1863
## @param notifications.bots.slack.containerSecurityContext.readOnlyRootFilesystem Set Argo CD Slack bot containers' Security Context readOnlyRootFilesystem
1864
## @param notifications.bots.slack.containerSecurityContext.runAsNonRoot Set Argo CD Slack bot container's Security Context runAsNonRoot
1865
## @param notifications.bots.slack.containerSecurityContext.privileged Set notifications container's Security Context privileged
1866
## @param notifications.bots.slack.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
1867
##
1868
containerSecurityContext:
1869
enabled: true
1870
seLinuxOptions: {}
1871
runAsUser: 1001
1872
runAsGroup: 1001
1873
runAsNonRoot: true
1874
readOnlyRootFilesystem: true
1875
allowPrivilegeEscalation: false
1876
privileged: false
1877
capabilities:
1878
drop: ["ALL"]
1879
seccompProfile:
1880
type: "RuntimeDefault"
1881
## Argo CD Slack bot resource requests and limits
1882
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1883
## @param notifications.bots.slack.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if notifications.bots.slack.resources is set (notifications.bots.slack.resources is recommended for production).
1884
##
1885
resourcesPreset: "nano"
1886
## @param notifications.bots.slack.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
1887
## Example:
1888
## resources:
1889
## requests:
1890
## cpu: 2
1891
## memory: 512Mi
1892
## limits:
1893
## cpu: 3
1894
## memory: 1024Mi
1895
##
1896
resources: {}
1897
## Configure Pods Security Context
1898
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1899
## @param notifications.bots.slack.podSecurityContext.enabled Enabled Argo CD Slack bot pods' Security Context
1900
## @param notifications.bots.slack.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
1901
## @param notifications.bots.slack.podSecurityContext.sysctls Set kernel settings using the sysctl interface
1902
## @param notifications.bots.slack.podSecurityContext.supplementalGroups Set filesystem extra groups
1903
## @param notifications.bots.slack.podSecurityContext.fsGroup Set Argo CD Slack bot pod's Security Context fsGroup
1904
##
1905
podSecurityContext:
1906
enabled: true
1907
fsGroupChangePolicy: Always
1908
sysctls: []
1909
supplementalGroups: []
1910
fsGroup: 1001
1911
## @param notifications.bots.slack.nodeSelector Node labels for Argo CD Slack bot pods assignment
1912
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1913
##
1914
nodeSelector: {}
1915
## @param notifications.bots.slack.tolerations Tolerations for Argo CD Slack bot pods assignment
1916
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1917
##
1918
tolerations: []
1919
## @param notifications.bots.slack.priorityClassName Argo CD Slack bot pods' priorityClassName
1920
##
1921
priorityClassName: ""
1922
## @param notifications.bots.slack.extraVolumes Optionally specify extra list of additional volumes for the Argo CD Slack bot pod(s)
1923
##
1924
extraVolumes: []
1925
## @param notifications.bots.slack.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Argo CD Slack bot container(s)
1926
##
1927
extraVolumeMounts: []
1928
## @param notifications.bots.slack.extraEnvVars Array with extra environment variables to add to Argo CD Slack bot nodes
1929
## e.g:
1930
## extraEnvVars:
1931
## - name: FOO
1932
## value: "bar"
1933
##
1934
extraEnvVars: []
1935
## @param notifications.bots.slack.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Argo CD Slack bot nodes
1936
##
1937
extraEnvVarsCM: ""
1938
## @param notifications.bots.slack.extraEnvVarsSecret Name of existing Secret containing extra env vars for Argo CD Slack bot nodes
1939
##
1940
extraEnvVarsSecret: ""
1941
## Pod Disruption Budget configuration
1942
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1943
## @param notifications.pdb.create Enable/disable a Pod Disruption Budget creation
1944
## @param notifications.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
1945
## @param notifications.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `notifications.pdb.minAvailable` and `notifications.pdb.maxUnavailable` are empty.
1946
##
1947
pdb:
1948
create: true
1949
minAvailable: ""
1950
maxUnavailable: ""
1951
## @section Argo CD server Parameters
1952
1953
## Argo CD server configuration
1954
##
1955
server:
1956
## @param server.replicaCount Number of Argo CD server replicas to deploy
1957
##
1958
replicaCount: 1
1959
## Configure extra options for Argo CD server containers' liveness and readiness probes
1960
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1961
## @param server.startupProbe.enabled Enable startupProbe on Argo CD server nodes
1962
## @param server.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1963
## @param server.startupProbe.periodSeconds Period seconds for startupProbe
1964
## @param server.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1965
## @param server.startupProbe.failureThreshold Failure threshold for startupProbe
1966
## @param server.startupProbe.successThreshold Success threshold for startupProbe
1967
##
1968
startupProbe:
1969
enabled: false
1970
initialDelaySeconds: 10
1971
periodSeconds: 10
1972
timeoutSeconds: 1
1973
failureThreshold: 3
1974
successThreshold: 1
1975
## @param server.livenessProbe.enabled Enable livenessProbe on Argo CD server nodes
1976
## @param server.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1977
## @param server.livenessProbe.periodSeconds Period seconds for livenessProbe
1978
## @param server.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1979
## @param server.livenessProbe.failureThreshold Failure threshold for livenessProbe
1980
## @param server.livenessProbe.successThreshold Success threshold for livenessProbe
1981
##
1982
livenessProbe:
1983
enabled: true
1984
initialDelaySeconds: 10
1985
periodSeconds: 10
1986
timeoutSeconds: 1
1987
failureThreshold: 3
1988
successThreshold: 1
1989
## @param server.readinessProbe.enabled Enable readinessProbe on Argo CD server nodes
1990
## @param server.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1991
## @param server.readinessProbe.periodSeconds Period seconds for readinessProbe
1992
## @param server.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1993
## @param server.readinessProbe.failureThreshold Failure threshold for readinessProbe
1994
## @param server.readinessProbe.successThreshold Success threshold for readinessProbe
1995
##
1996
readinessProbe:
1997
enabled: true
1998
initialDelaySeconds: 10
1999
periodSeconds: 10
2000
timeoutSeconds: 1
2001
failureThreshold: 3
2002
successThreshold: 1
2003
## @param server.customStartupProbe Custom startupProbe that overrides the default one
2004
##
2005
customStartupProbe: {}
2006
## @param server.customLivenessProbe Custom livenessProbe that overrides the default one
2007
##
2008
customLivenessProbe: {}
2009
## @param server.customReadinessProbe Custom readinessProbe that overrides the default one
2010
##
2011
customReadinessProbe: {}
2012
## Argo CD server resource requests and limits
2013
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2014
## @param server.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if server.resources is set (server.resources is recommended for production).
2015
##
2016
resourcesPreset: "nano"
2017
## @param server.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2018
## Example:
2019
## resources:
2020
## requests:
2021
## cpu: 2
2022
## memory: 512Mi
2023
## limits:
2024
## cpu: 3
2025
## memory: 1024Mi
2026
##
2027
resources: {}
2028
## Configure Pods Security Context
2029
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2030
## @param server.podSecurityContext.enabled Enabled Argo CD server pods' Security Context
2031
## @param server.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
2032
## @param server.podSecurityContext.sysctls Set kernel settings using the sysctl interface
2033
## @param server.podSecurityContext.supplementalGroups Set filesystem extra groups
2034
## @param server.podSecurityContext.fsGroup Set Argo CD server pod's Security Context fsGroup
2035
##
2036
podSecurityContext:
2037
enabled: true
2038
fsGroupChangePolicy: Always
2039
sysctls: []
2040
supplementalGroups: []
2041
fsGroup: 1001
2042
## Configure Container Security Context
2043
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2044
## @param server.containerSecurityContext.enabled Enabled Argo CD server containers' Security Context
2045
## @param server.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2046
## @param server.containerSecurityContext.runAsUser Set Argo CD server containers' Security Context runAsUser
2047
## @param server.containerSecurityContext.runAsGroup Set Argo CD server containers' Security Context runAsGroup
2048
## @param server.containerSecurityContext.allowPrivilegeEscalation Set Argo CD server containers' Security Context allowPrivilegeEscalation
2049
## @param server.containerSecurityContext.capabilities.drop Set Argo CD containers' server Security Context capabilities to be dropped
2050
## @param server.containerSecurityContext.readOnlyRootFilesystem Set Argo CD containers' server Security Context readOnlyRootFilesystem
2051
## @param server.containerSecurityContext.runAsNonRoot Set Argo CD server containers' Security Context runAsNonRoot
2052
## @param server.containerSecurityContext.privileged Set server container's Security Context privileged
2053
## @param server.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
2054
##
2055
containerSecurityContext:
2056
enabled: true
2057
seLinuxOptions: {}
2058
runAsUser: 1001
2059
runAsGroup: 1001
2060
runAsNonRoot: true
2061
readOnlyRootFilesystem: true
2062
allowPrivilegeEscalation: false
2063
privileged: false
2064
capabilities:
2065
drop: ["ALL"]
2066
seccompProfile:
2067
type: "RuntimeDefault"
2068
## Argo CD server deployment autoscaling
2069
## @param server.autoscaling.enabled Enable Argo CD server deployment autoscaling
2070
## @param server.autoscaling.minReplicas Argo CD server deployment autoscaling minimum number of replicas
2071
## @param server.autoscaling.maxReplicas Argo CD server deployment autoscaling maximum number of replicas
2072
## @param server.autoscaling.targetCPU Argo CD server deployment autoscaling target CPU percentage
2073
## @param server.autoscaling.targetMemory Argo CD server deployment autoscaling target CPU memory
2074
##
2075
autoscaling:
2076
enabled: false
2077
minReplicas: 1
2078
maxReplicas: 5
2079
targetCPU: 50
2080
targetMemory: 50
2081
## Redirect all request to https
2082
## @param server.insecure Disable HTTPS redirection for Argo CD server
2083
##
2084
insecure: false
2085
## @param server.logFormat ArgoCD server logs format. Options: [text, json]
2086
##
2087
logFormat: text
2088
## @param server.logLevel ArgoCD server logs level
2089
##
2090
logLevel: info
2091
## Argo CD server enable config
2092
## @param server.configEnabled Enable Argo CD server config
2093
## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml
2094
##
2095
configEnabled: true
2096
## Argo CD server URL
2097
## @param server.url Argo CD server base URL. Required when configuring SSO. Required when enabling dex.
2098
##
2099
url: ""
2100
## Argo CD server config. This object will be directly rendered
2101
## @param server.config [object] Argo CD server configuration that will end on the argocd-cm Config Map
2102
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/
2103
## E.g:
2104
## repositories:
2105
## - url: git@github.com:group/repo.git
2106
## sshPrivateKeySecret:
2107
## name: secret-name
2108
## key: sshPrivateKey
2109
## - type: helm
2110
## url: https://charts.helm.sh/stable
2111
## name: stable
2112
## - type: helm
2113
## url: https://argoproj.github.io/argo-helm
2114
## name: argo
2115
## oidc.config:
2116
## name: AzureAD
2117
## issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
2118
## clientID: CLIENT_ID
2119
## clientSecret: $oidc.azuread.clientSecret
2120
## requestedIDTokenClaims:
2121
## groups:
2122
## essential: true
2123
## requestedScopes:
2124
## - openid
2125
## - profile
2126
## - email
2127
## dex.config:
2128
## connectors:
2129
## # GitHub example
2130
## - type: github
2131
## id: github
2132
## name: GitHub
2133
## config:
2134
## clientID: aabbccddeeff00112233
2135
## clientSecret: $dex.github.clientSecret
2136
## orgs:
2137
## - name: your-github-org
2138
config:
2139
## Argo CD external base URL. Required when configuring SSO. Required when enabling dex.
2140
## E.g:
2141
## url: https://argocd.example.com
2142
##
2143
url: "{{ .Values.server.url }}"
2144
## Argo CD instance label key
2145
##
2146
application.instanceLabelKey: argocd.argoproj.io/instance
2147
## If Dex is enabled you need to add connectors here
2148
## dex.config: |
2149
## connectors: []
2150
##
2151
dex.config: ""
2152
## Configure the ingress for the Argo CD server
2153
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
2154
## @param server.ingress.enabled Enable the creation of an ingress for the Argo CD server
2155
## @param server.ingress.pathType Path type for the Argo CD server ingress
2156
## @param server.ingress.apiVersion Ingress API version for the Argo CD server ingress
2157
## @param server.ingress.hostname Ingress hostname for the Argo CD server ingress
2158
## @param server.ingress.annotations Annotations for the Argo CD server ingress. To enable certificate autogeneration, place here your cert-manager annotations.
2159
## @param server.ingress.tls Enable TLS for the Argo CD server ingress
2160
## @param server.ingress.extraHosts Extra hosts array for the Argo CD server ingress
2161
## @param server.ingress.path Path array for the Argo CD server ingress
2162
## @param server.ingress.extraPaths Extra paths for the Argo CD server ingress
2163
## @param server.ingress.extraTls Extra TLS configuration for the Argo CD server ingress
2164
## @param server.ingress.secrets Secrets array to mount into the Ingress
2165
## @param server.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
2166
##
2167
ingress:
2168
## Set to true to enable ingress record generation
2169
##
2170
enabled: false
2171
## @param server.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
2172
##
2173
selfSigned: false
2174
## Ingress Path type
2175
##
2176
pathType: ImplementationSpecific
2177
## Override API Version (automatically detected if not set)
2178
##
2179
apiVersion: ""
2180
## When the ingress is enabled, a host pointing to this will be created
2181
##
2182
hostname: argocd.server.local
2183
## The Path to Argo CD server. You may need to set this to '/*' in order to use this
2184
## with ALB ingress controllers.
2185
##
2186
path: /
2187
## For a full list of possible ingress annotations, please see
2188
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
2189
## Use this parameter to set the required annotations for cert-manager, see
2190
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
2191
##
2192
## e.g:
2193
## annotations:
2194
## kubernetes.io/ingress.class: nginx
2195
## cert-manager.io/cluster-issuer: cluster-issuer-name
2196
##
2197
annotations: {}
2198
## Enable TLS configuration for the hostname defined at ingress.hostname parameter
2199
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
2200
## You can use the ingress.secrets parameter to create this TLS secret or rely on cert-manager to create it
2201
##
2202
tls: false
2203
## The list of additional hostnames to be covered with this ingress record.
2204
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
2205
extraHosts: []
2206
## - name: argocd.server.local
2207
## path: /
2208
##
2209
2210
## Any additional arbitrary paths that may need to be added to the ingress under the main host.
2211
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
2212
extraPaths: []
2213
## - path: /*
2214
## backend:
2215
## serviceName: ssl-redirect
2216
## servicePort: use-annotation
2217
##
2218
2219
## The tls configuration for additional hostnames to be covered with this ingress record.
2220
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
2221
extraTls: []
2222
## - hosts:
2223
## - argocd.server.local
2224
## secretName: argocd.server.local-tls
2225
##
2226
2227
## If you're providing your own certificates, please use this to add the certificates as secrets
2228
## key and certificate should start with -----BEGIN CERTIFICATE----- or
2229
## -----BEGIN RSA PRIVATE KEY-----
2230
##
2231
## name should line up with a tlsSecret set further up
2232
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
2233
##
2234
## It is also possible to create and manage the certificates outside of this helm chart
2235
## Please see README.md for more information
2236
##
2237
secrets: []
2238
## - name: argocd.server.local-tls
2239
## key:
2240
## certificate:
2241
##
2242
2243
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
2244
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
2245
##
2246
ingressClassName: ""
2247
## @param server.ingress.extraRules Additional rules to be covered with this ingress record
2248
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
2249
## e.g:
2250
## extraRules:
2251
## - host: example.local
2252
## http:
2253
## path: /
2254
## backend:
2255
## service:
2256
## name: example-svc
2257
## port:
2258
## name: http
2259
##
2260
extraRules: []
2261
## Metrics configuration for Argo CD server
2262
##
2263
metrics:
2264
## Enable metrics for Argo CD server
2265
## @param server.metrics.enabled Enable metrics for the Argo CD server
2266
##
2267
enabled: false
2268
service:
2269
## @param server.metrics.service.type Argo CD server service type
2270
##
2271
type: ClusterIP
2272
## @param server.metrics.service.ports.metrics Argo CD server metrics service port
2273
##
2274
ports:
2275
metrics: 8083
2276
## Node ports to expose
2277
## @param server.metrics.service.nodePorts.metrics Node port for Argo CD server metrics service
2278
## NOTE: choose port between <30000-32767>
2279
##
2280
nodePorts:
2281
metrics: ""
2282
## @param server.metrics.service.clusterIP Argo CD server metrics service Cluster IP
2283
## e.g.:
2284
## clusterIP: None
2285
##
2286
clusterIP: ""
2287
## @param server.metrics.service.loadBalancerIP Argo CD server service Load Balancer IP
2288
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2289
##
2290
loadBalancerIP: ""
2291
## @param server.metrics.service.loadBalancerSourceRanges Argo CD server service Load Balancer sources
2292
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
2293
## e.g:
2294
## loadBalancerSourceRanges:
2295
## - 10.10.10.0/24
2296
##
2297
loadBalancerSourceRanges: []
2298
## @param server.metrics.service.externalTrafficPolicy Argo CD server service external traffic policy
2299
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2300
##
2301
externalTrafficPolicy: Cluster
2302
## @param server.metrics.service.annotations Additional custom annotations for Argo CD server service
2303
##
2304
annotations: {}
2305
## @param server.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
2306
## If "ClientIP", consecutive client requests will be directed to the same Pod
2307
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
2308
##
2309
sessionAffinity: None
2310
## @param server.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
2311
## sessionAffinityConfig:
2312
## clientIP:
2313
## timeoutSeconds: 300
2314
sessionAffinityConfig: {}
2315
## Argo CD server metrics service monitor configuration
2316
##
2317
serviceMonitor:
2318
## @param server.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
2319
##
2320
enabled: false
2321
## @param server.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
2322
## e.g:
2323
## namespace: monitoring
2324
##
2325
namespace: ""
2326
## @param server.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
2327
##
2328
jobLabel: ""
2329
## @param server.metrics.serviceMonitor.interval Interval at which metrics should be scraped
2330
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
2331
##
2332
interval: 30s
2333
## @param server.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
2334
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
2335
##
2336
scrapeTimeout: 10s
2337
## @param server.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
2338
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
2339
##
2340
relabelings: []
2341
## @param server.metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
2342
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
2343
##
2344
metricRelabelings: []
2345
## @param server.metrics.serviceMonitor.selector ServiceMonitor selector labels
2346
##
2347
## selector:
2348
## prometheus: my-prometheus
2349
##
2350
selector: {}
2351
## @param server.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
2352
##
2353
honorLabels: false
2354
## Configure the ingress resource that allows you to access the Argo CD gRPC API
2355
## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
2356
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/
2357
## @param server.ingressGrpc.enabled Enable the creation of an ingress for the Argo CD gRPC server
2358
## @param server.ingressGrpc.pathType Path type for the Argo CD gRPC server ingress
2359
## @param server.ingressGrpc.apiVersion Ingress API version for the Argo CD gRPC server ingress
2360
## @param server.ingressGrpc.hostname Ingress hostname for the Argo CD gRPC server ingress
2361
## @param server.ingressGrpc.annotations Annotations for the Argo CD gRPC server ingress. To enable certificate autogeneration, place here your cert-manager annotations
2362
## @param server.ingressGrpc.tls Enable TLS for the Argo CD server ingress
2363
## @param server.ingressGrpc.extraHosts Extra hosts array for the Argo CD gRPC server ingress
2364
## @param server.ingressGrpc.path Path array for the Argo CD gRPC server ingress
2365
## @param server.ingressGrpc.extraPaths Extra paths for the Argo CD gRPC server ingress
2366
## @param server.ingressGrpc.extraTls Extra TLS configuration for the Argo CD gRPC server ingress
2367
## @param server.ingressGrpc.secrets Secrets array to mount into the Ingress
2368
## @param server.ingressGrpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
2369
##
2370
ingressGrpc:
2371
## Set to true to enable ingress record generation
2372
##
2373
enabled: false
2374
## @param server.ingressGrpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
2375
##
2376
selfSigned: false
2377
## Ingress Path type
2378
##
2379
pathType: ImplementationSpecific
2380
## Override API Version (automatically detected if not set)
2381
##
2382
apiVersion: ""
2383
## When the ingress is enabled, a host pointing to this will be created
2384
##
2385
hostname: argocd.server.local
2386
## The Path to Argo CD server gRPC API. You may need to set this to '/*' in order to use this
2387
## with ALB ingress controllers.
2388
##
2389
path: /
2390
## For a full list of possible ingress annotations, please see
2391
## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md
2392
## Use this parameter to set the required annotations for cert-manager, see
2393
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
2394
##
2395
## e.g:
2396
## annotations:
2397
## kubernetes.io/ingress.class: nginx
2398
## cert-manager.io/cluster-issuer: cluster-issuer-name
2399
##
2400
annotations: {}
2401
## Enable TLS configuration for the hostname defined at ingress.hostname parameter
2402
## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}
2403
## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it
2404
##
2405
tls: false
2406
## The list of additional hostnames to be covered with this ingress record.
2407
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
2408
extraHosts: []
2409
## - name: argocd.server.local
2410
## path: /
2411
##
2412
2413
## Any additional arbitrary paths that may need to be added to the ingress under the main host.
2414
## For example: The ALB ingress controller requires a special rule for handling SSL redirection.
2415
extraPaths: []
2416
## - path: /*
2417
## backend:
2418
## serviceName: ssl-redirect
2419
## servicePort: use-annotation
2420
##
2421
2422
## The tls configuration for additional hostnames to be covered with this ingress record.
2423
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
2424
extraTls: []
2425
## - hosts:
2426
## - argocd.server.local
2427
## secretName: argocd.server.local-tls
2428
##
2429
2430
## If you're providing your own certificates, please use this to add the certificates as secrets
2431
## key and certificate should start with -----BEGIN CERTIFICATE----- or
2432
## -----BEGIN RSA PRIVATE KEY-----
2433
##
2434
## name should line up with a tlsSecret set further up
2435
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
2436
##
2437
## It is also possible to create and manage the certificates outside of this helm chart
2438
## Please see README.md for more information
2439
##
2440
secrets: []
2441
## - name: argocd.server.local-tls
2442
## key:
2443
## certificate:
2444
##
2445
2446
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
2447
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
2448
##
2449
ingressClassName: ""
2450
## @param server.ingressGrpc.extraRules Additional rules to be covered with this ingress record
2451
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
2452
## e.g:
2453
## extraRules:
2454
## - host: example.server.local
2455
## http:
2456
## path: /
2457
## backend:
2458
## service:
2459
## name: example-svc
2460
## port:
2461
## name: http
2462
##
2463
extraRules: []
2464
## Argo CD server container port
2465
## @param server.containerPorts.http Argo CD server HTTP container port
2466
## @param server.containerPorts.https Argo CD server HTTPS container port
2467
## @param server.containerPorts.metrics Argo CD server metrics container port
2468
containerPorts:
2469
http: 8080
2470
https: 8443
2471
metrics: 8083
2472
## Argo CD server service parameters
2473
##
2474
service:
2475
## @param server.service.type Argo CD service type
2476
##
2477
type: ClusterIP
2478
## @param server.service.ports.http HTTP port for the gRPC ingress when enabled
2479
## @param server.service.ports.https HTTPS port for the gRPC ingress when enabled
2480
##
2481
ports:
2482
http: 80
2483
https: 443
2484
## Node ports to expose
2485
## @param server.service.nodePorts.http Node port for HTTP
2486
## @param server.service.nodePorts.https Node port for HTTPS
2487
## NOTE: choose port between <30000-32767>
2488
##
2489
nodePorts:
2490
http: ""
2491
https: ""
2492
## @param server.service.clusterIP Argo CD service Cluster IP
2493
## e.g.:
2494
## clusterIP: None
2495
##
2496
clusterIP: ""
2497
## @param server.service.loadBalancerIP Argo CD service Load Balancer IP
2498
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2499
##
2500
loadBalancerIP: ""
2501
## @param server.service.loadBalancerSourceRanges Argo CD service Load Balancer sources
2502
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
2503
## e.g:
2504
## loadBalancerSourceRanges:
2505
## - 10.10.10.0/24
2506
##
2507
loadBalancerSourceRanges: []
2508
## @param server.service.externalTrafficPolicy Argo CD service external traffic policy
2509
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2510
##
2511
externalTrafficPolicy: Cluster
2512
## @param server.service.annotations Additional custom annotations for Argo CD service
2513
##
2514
annotations: {}
2515
## @param server.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
2516
##
2517
extraPorts: []
2518
## @param server.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
2519
## If "ClientIP", consecutive client requests will be directed to the same Pod
2520
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
2521
##
2522
sessionAffinity: None
2523
## @param server.service.sessionAffinityConfig Additional settings for the sessionAffinity
2524
## sessionAffinityConfig:
2525
## clientIP:
2526
## timeoutSeconds: 300
2527
sessionAffinityConfig: {}
2528
## Network Policies
2529
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
2530
##
2531
networkPolicy:
2532
## @param server.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
2533
##
2534
enabled: true
2535
## @param server.networkPolicy.allowExternal Don't require server label for connections
2536
## The Policy model to apply. When set to false, only pods with the correct
2537
## server label will have network access to the ports server is listening
2538
## on. When true, server will accept connections from any source
2539
## (with the correct destination port).
2540
##
2541
allowExternal: true
2542
## @param server.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
2543
##
2544
allowExternalEgress: true
2545
## @param server.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
2546
##
2547
kubeAPIServerPorts: [443, 6443, 8443]
2548
## @param server.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
2549
## e.g:
2550
## extraIngress:
2551
## - ports:
2552
## - port: 1234
2553
## from:
2554
## - podSelector:
2555
## - matchLabels:
2556
## - role: frontend
2557
## - podSelector:
2558
## - matchExpressions:
2559
## - key: role
2560
## operator: In
2561
## values:
2562
## - frontend
2563
extraIngress: []
2564
## @param server.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
2565
## e.g:
2566
## extraEgress:
2567
## - ports:
2568
## - port: 1234
2569
## to:
2570
## - podSelector:
2571
## - matchLabels:
2572
## - role: frontend
2573
## - podSelector:
2574
## - matchExpressions:
2575
## - key: role
2576
## operator: In
2577
## values:
2578
## - frontend
2579
##
2580
extraEgress: []
2581
## @param server.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
2582
## @param server.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
2583
##
2584
ingressNSMatchLabels: {}
2585
ingressNSPodMatchLabels: {}
2586
## @param server.command Override default container command (useful when using custom images)
2587
##
2588
command: []
2589
## @param server.args Override default container args (useful when using custom images)
2590
##
2591
args: []
2592
## @param server.extraArgs concat to the default args
2593
##
2594
extraArgs: []
2595
## @param server.automountServiceAccountToken Mount Service Account token in pod
2596
##
2597
automountServiceAccountToken: true
2598
## @param server.hostAliases Argo CD server pods host aliases
2599
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
2600
##
2601
hostAliases: []
2602
## @param server.podLabels Extra labels for Argo CD server pods
2603
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
2604
##
2605
podLabels: {}
2606
## @param server.podAnnotations Annotations for Argo CD server pods
2607
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2608
##
2609
podAnnotations: {}
2610
## @param server.podAffinityPreset Pod affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard`
2611
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2612
##
2613
podAffinityPreset: ""
2614
## @param server.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard`
2615
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2616
##
2617
podAntiAffinityPreset: soft
2618
## Node server.affinity preset
2619
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
2620
##
2621
nodeAffinityPreset:
2622
## @param server.nodeAffinityPreset.type Node affinity preset type. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard`
2623
##
2624
type: ""
2625
## @param server.nodeAffinityPreset.key Node label key to match. Ignored if `server.affinity` is set
2626
##
2627
key: ""
2628
## @param server.nodeAffinityPreset.values Node label values to match. Ignored if `server.affinity` is set
2629
## E.g.
2630
## values:
2631
## - e2e-az1
2632
## - e2e-az2
2633
##
2634
values: []
2635
## @param server.affinity Affinity for Argo CD server pods assignment
2636
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
2637
## NOTE: `server.podAffinityPreset`, `server.podAntiAffinityPreset`, and `server.nodeAffinityPreset` will be ignored when it's set
2638
##
2639
affinity: {}
2640
## @param server.nodeSelector Node labels for Argo CD server pods assignment
2641
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2642
##
2643
nodeSelector: {}
2644
## @param server.tolerations Tolerations for Argo CD server pods assignment
2645
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
2646
##
2647
tolerations: []
2648
## @param server.schedulerName Name of the k8s scheduler (other than default)
2649
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
2650
##
2651
schedulerName: ""
2652
## @param server.shareProcessNamespace Enable shared process namespace in a pod.
2653
## If set to false (default), each container will run in separate namespace, server will have PID=1.
2654
## If set to true, the /pause will run as init process and will reap any zombie PIDs,
2655
## for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
2656
## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
2657
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
2658
##
2659
shareProcessNamespace: false
2660
## @param server.topologySpreadConstraints Topology Spread Constraints for pod assignment
2661
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
2662
## The value is evaluated as a template
2663
##
2664
topologySpreadConstraints: []
2665
## @param server.updateStrategy.type Argo CD server statefulset strategy type
2666
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
2667
##
2668
updateStrategy:
2669
## StrategyType
2670
## Can be set to RollingUpdate or OnDelete
2671
##
2672
type: RollingUpdate
2673
## @param server.priorityClassName Argo CD server pods' priorityClassName
2674
##
2675
priorityClassName: ""
2676
## @param server.runtimeClassName Name of the runtime class to be used by pod(s)
2677
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
2678
##
2679
runtimeClassName: ""
2680
## @param server.lifecycleHooks for the Argo CD server container(s) to automate configuration before or after startup
2681
##
2682
lifecycleHooks: {}
2683
## @param server.extraEnvVars Array with extra environment variables to add to Argo CD server nodes
2684
## e.g:
2685
## extraEnvVars:
2686
## - name: FOO
2687
## value: "bar"
2688
##
2689
extraEnvVars: []
2690
## @param server.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Argo CD server nodes
2691
##
2692
extraEnvVarsCM: ""
2693
## @param server.extraEnvVarsSecret Name of existing Secret containing extra env vars for Argo CD server nodes
2694
##
2695
extraEnvVarsSecret: ""
2696
## @param server.extraVolumes Optionally specify extra list of additional volumes for the Argo CD server pod(s)
2697
##
2698
extraVolumes: []
2699
## @param server.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Argo CD server container(s)
2700
##
2701
extraVolumeMounts: []
2702
## @param server.sidecars Add additional sidecar containers to the Argo CD server pod(s)
2703
## e.g:
2704
## sidecars:
2705
## - name: your-image-name
2706
## image: your-image
2707
## imagePullPolicy: Always
2708
## ports:
2709
## - name: portname
2710
## containerPort: 1234
2711
##
2712
sidecars: []
2713
## @param server.initContainers Add additional init containers to the Argo CD server pod(s)
2714
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
2715
## e.g:
2716
## initContainers:
2717
## - name: your-image-name
2718
## image: your-image
2719
## imagePullPolicy: Always
2720
## command: ['sh', '-c', 'echo "hello world"']
2721
##
2722
initContainers: []
2723
## ServiceAccount configuration for the Argo CD server
2724
##
2725
serviceAccount:
2726
## @param server.serviceAccount.create Specifies whether a ServiceAccount should be created
2727
##
2728
create: true
2729
## @param server.serviceAccount.name The name of the ServiceAccount to use.
2730
## If not set and create is true, a name is generated using the common.names.fullname template
2731
##
2732
name: ""
2733
## @param server.serviceAccount.automountServiceAccountToken Automount service account token for the server service account
2734
##
2735
automountServiceAccountToken: false
2736
## @param server.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
2737
##
2738
annotations: {}
2739
## Enable admin clusterrole resources. Allows Argo CD server to have access to multiple namespaces
2740
## @param server.clusterAdminAccess Enable K8s cluster admin access for the server
2741
##
2742
clusterAdminAccess: true
2743
## Enable Custom Rules for Argo CD server cluster role
2744
## @param server.clusterRoleRules Use custom rules for server's cluster role
2745
##
2746
clusterRoleRules: []
2747
## Pod Disruption Budget configuration
2748
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
2749
## @param server.pdb.create Enable/disable a Pod Disruption Budget creation
2750
## @param server.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
2751
## @param server.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `server.pdb.minAvailable` and `server.pdb.maxUnavailable` are empty.
2752
##
2753
pdb:
2754
create: true
2755
minAvailable: ""
2756
maxUnavailable: ""
2757
## @section Argo CD repo server Parameters
2758
2759
## Argo CD repository server configuration
2760
##
2761
repoServer:
2762
## @param repoServer.replicaCount Number of Argo CD repo server replicas to deploy
2763
##
2764
replicaCount: 1
2765
## Configure extra options for Argo CD repo server containers' liveness and readiness probes
2766
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
2767
## @param repoServer.startupProbe.enabled Enable startupProbe on Argo CD repo server nodes
2768
## @param repoServer.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
2769
## @param repoServer.startupProbe.periodSeconds Period seconds for startupProbe
2770
## @param repoServer.startupProbe.timeoutSeconds Timeout seconds for startupProbe
2771
## @param repoServer.startupProbe.failureThreshold Failure threshold for startupProbe
2772
## @param repoServer.startupProbe.successThreshold Success threshold for startupProbe
2773
##
2774
startupProbe:
2775
enabled: false
2776
initialDelaySeconds: 10
2777
periodSeconds: 10
2778
timeoutSeconds: 1
2779
failureThreshold: 3
2780
successThreshold: 1
2781
## @param repoServer.livenessProbe.enabled Enable livenessProbe on Argo CD repo server nodes
2782
## @param repoServer.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
2783
## @param repoServer.livenessProbe.periodSeconds Period seconds for livenessProbe
2784
## @param repoServer.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
2785
## @param repoServer.livenessProbe.failureThreshold Failure threshold for livenessProbe
2786
## @param repoServer.livenessProbe.successThreshold Success threshold for livenessProbe
2787
##
2788
livenessProbe:
2789
enabled: true
2790
initialDelaySeconds: 10
2791
periodSeconds: 10
2792
timeoutSeconds: 1
2793
failureThreshold: 3
2794
successThreshold: 1
2795
## @param repoServer.readinessProbe.enabled Enable readinessProbe on Argo CD repo server nodes
2796
## @param repoServer.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
2797
## @param repoServer.readinessProbe.periodSeconds Period seconds for readinessProbe
2798
## @param repoServer.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
2799
## @param repoServer.readinessProbe.failureThreshold Failure threshold for readinessProbe
2800
## @param repoServer.readinessProbe.successThreshold Success threshold for readinessProbe
2801
##
2802
readinessProbe:
2803
enabled: true
2804
initialDelaySeconds: 10
2805
periodSeconds: 10
2806
timeoutSeconds: 1
2807
failureThreshold: 3
2808
successThreshold: 1
2809
## @param repoServer.customStartupProbe Custom startupProbe that overrides the default one
2810
##
2811
customStartupProbe: {}
2812
## @param repoServer.customLivenessProbe Custom livenessProbe that overrides the default one
2813
##
2814
customLivenessProbe: {}
2815
## @param repoServer.customReadinessProbe Custom readinessProbe that overrides the default one
2816
##
2817
customReadinessProbe: {}
2818
## Argo CD repo server resource requests and limits
2819
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2820
## @param repoServer.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if repoServer.resources is set (repoServer.resources is recommended for production).
2821
##
2822
resourcesPreset: "nano"
2823
## @param repoServer.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
2824
## Example:
2825
## resources:
2826
## requests:
2827
## cpu: 2
2828
## memory: 512Mi
2829
## limits:
2830
## cpu: 3
2831
## memory: 1024Mi
2832
##
2833
resources: {}
2834
## Configure Pods Security Context
2835
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2836
## @param repoServer.podSecurityContext.enabled Enabled Argo CD repo server pods' Security Context
2837
## @param repoServer.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
2838
## @param repoServer.podSecurityContext.sysctls Set kernel settings using the sysctl interface
2839
## @param repoServer.podSecurityContext.supplementalGroups Set filesystem extra groups
2840
## @param repoServer.podSecurityContext.fsGroup Set Argo CD repo server pod's Security Context fsGroup
2841
##
2842
podSecurityContext:
2843
enabled: true
2844
fsGroupChangePolicy: Always
2845
sysctls: []
2846
supplementalGroups: []
2847
fsGroup: 1001
2848
## Configure Container Security Context
2849
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2850
## @param repoServer.containerSecurityContext.enabled Enabled Argo CD repo server containers' Security Context
2851
## @param repoServer.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
2852
## @param repoServer.containerSecurityContext.runAsUser Set Argo CD repo server containers' Security Context runAsUser
2853
## @param repoServer.containerSecurityContext.runAsGroup Set Argo CD repo server containers' Security Context runAsGroup
2854
## @param repoServer.containerSecurityContext.allowPrivilegeEscalation Set Argo CD repo server containers' Security Context allowPrivilegeEscalation
2855
## @param repoServer.containerSecurityContext.capabilities.drop Set Argo CD containers' repo server Security Context capabilities to be dropped
2856
## @param repoServer.containerSecurityContext.readOnlyRootFilesystem Set Argo CD containers' repo server Security Context readOnlyRootFilesystem
2857
## @param repoServer.containerSecurityContext.runAsNonRoot Set Argo CD repo server containers' Security Context runAsNonRoot
2858
## @param repoServer.containerSecurityContext.privileged Set repoServer container's Security Context privileged
2859
## @param repoServer.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
2860
##
2861
containerSecurityContext:
2862
enabled: true
2863
seLinuxOptions: {}
2864
runAsUser: 1001
2865
runAsGroup: 1001
2866
runAsNonRoot: true
2867
readOnlyRootFilesystem: true
2868
allowPrivilegeEscalation: false
2869
privileged: false
2870
capabilities:
2871
drop: ["ALL"]
2872
seccompProfile:
2873
type: "RuntimeDefault"
2874
## Repo server service parameters
2875
##
2876
service:
2877
## @param repoServer.service.type Repo server service type
2878
##
2879
type: ClusterIP
2880
## @param repoServer.service.ports.repoServer Repo server service port
2881
##
2882
ports:
2883
repoServer: 8081
2884
## Node ports to expose
2885
## @param repoServer.service.nodePorts.repoServer Node port for the repo server service
2886
## NOTE: choose port between <30000-32767>
2887
##
2888
nodePorts:
2889
repoServer: ""
2890
## @param repoServer.service.clusterIP Repo server service Cluster IP
2891
## e.g.:
2892
## clusterIP: None
2893
##
2894
clusterIP: ""
2895
## @param repoServer.service.loadBalancerIP Repo server service Load Balancer IP
2896
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2897
##
2898
loadBalancerIP: ""
2899
## @param repoServer.service.loadBalancerSourceRanges Repo server service Load Balancer sources
2900
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
2901
## e.g:
2902
## loadBalancerSourceRanges:
2903
## - 10.10.10.0/24
2904
##
2905
loadBalancerSourceRanges: []
2906
## @param repoServer.service.externalTrafficPolicy Repo server service external traffic policy
2907
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2908
##
2909
externalTrafficPolicy: Cluster
2910
## @param repoServer.service.annotations Additional custom annotations for Repo server service
2911
##
2912
annotations: {}
2913
## @param repoServer.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
2914
##
2915
extraPorts: []
2916
## @param repoServer.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
2917
## If "ClientIP", consecutive client requests will be directed to the same Pod
2918
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
2919
##
2920
sessionAffinity: None
2921
## @param repoServer.service.sessionAffinityConfig Additional settings for the sessionAffinity
2922
## sessionAffinityConfig:
2923
## clientIP:
2924
## timeoutSeconds: 300
2925
sessionAffinityConfig: {}
2926
## Network Policies
2927
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
2928
##
2929
networkPolicy:
2930
## @param repoServer.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
2931
##
2932
enabled: true
2933
## @param repoServer.networkPolicy.allowExternal Don't require server label for connections
2934
## The Policy model to apply. When set to false, only pods with the correct
2935
## server label will have network access to the ports server is listening
2936
## on. When true, server will accept connections from any source
2937
## (with the correct destination port).
2938
##
2939
allowExternal: true
2940
## @param repoServer.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
2941
##
2942
allowExternalEgress: true
2943
## @param repoServer.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
2944
##
2945
kubeAPIServerPorts: [443, 6443, 8443]
2946
## @param repoServer.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
2947
## e.g:
2948
## extraIngress:
2949
## - ports:
2950
## - port: 1234
2951
## from:
2952
## - podSelector:
2953
## - matchLabels:
2954
## - role: frontend
2955
## - podSelector:
2956
## - matchExpressions:
2957
## - key: role
2958
## operator: In
2959
## values:
2960
## - frontend
2961
extraIngress: []
2962
## @param repoServer.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
2963
## e.g:
2964
## extraEgress:
2965
## - ports:
2966
## - port: 1234
2967
## to:
2968
## - podSelector:
2969
## - matchLabels:
2970
## - role: frontend
2971
## - podSelector:
2972
## - matchExpressions:
2973
## - key: role
2974
## operator: In
2975
## values:
2976
## - frontend
2977
##
2978
extraEgress: []
2979
## @param repoServer.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
2980
## @param repoServer.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
2981
##
2982
ingressNSMatchLabels: {}
2983
ingressNSPodMatchLabels: {}
2984
## Argo CD repo server log format: text|json
2985
## @param repoServer.logFormat Format for the Argo CD repo server logs. Options: [text, json]
2986
##
2987
logFormat: text
2988
## Argo CD application controller log level
2989
## @param repoServer.logLevel Log level for the Argo CD repo server
2990
##
2991
logLevel: info
2992
## Argo CD repo server container port
2993
## @param repoServer.containerPorts.repoServer Container port for Argo CD repo server
2994
## @param repoServer.containerPorts.metrics Metrics port for Argo CD repo server
2995
##
2996
containerPorts:
2997
repoServer: 8081
2998
metrics: 8084
2999
## Metrics configuration for Argo CD repo server
3000
##
3001
metrics:
3002
## Enable metrics for Argo CD repo server
3003
## @param repoServer.metrics.enabled Enable metrics for the Argo CD repo server
3004
##
3005
enabled: false
3006
service:
3007
## @param repoServer.metrics.service.type Argo CD repo server service type
3008
##
3009
type: ClusterIP
3010
## @param repoServer.metrics.service.ports.metrics Argo CD repo server metrics service port
3011
##
3012
ports:
3013
metrics: 8084
3014
## Node ports to expose
3015
## @param repoServer.metrics.service.nodePorts.metrics Node port for the repo server metrics service
3016
## NOTE: choose port between <30000-32767>
3017
##
3018
nodePorts:
3019
metrics: ""
3020
## @param repoServer.metrics.service.clusterIP Argo CD repo server metrics service Cluster IP
3021
## e.g.:
3022
## clusterIP: None
3023
##
3024
clusterIP: ""
3025
## @param repoServer.metrics.service.loadBalancerIP Argo CD repo server service Load Balancer IP
3026
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
3027
##
3028
loadBalancerIP: ""
3029
## @param repoServer.metrics.service.loadBalancerSourceRanges Argo CD repo server service Load Balancer sources
3030
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
3031
## e.g:
3032
## loadBalancerSourceRanges:
3033
## - 10.10.10.0/24
3034
##
3035
loadBalancerSourceRanges: []
3036
## @param repoServer.metrics.service.externalTrafficPolicy Argo CD repo server service external traffic policy
3037
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
3038
##
3039
externalTrafficPolicy: Cluster
3040
## @param repoServer.metrics.service.annotations Additional custom annotations for Argo CD repo server service
3041
##
3042
annotations: {}
3043
## @param repoServer.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
3044
## If "ClientIP", consecutive client requests will be directed to the same Pod
3045
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
3046
##
3047
sessionAffinity: None
3048
## @param repoServer.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
3049
## sessionAffinityConfig:
3050
## clientIP:
3051
## timeoutSeconds: 300
3052
sessionAffinityConfig: {}
3053
## Argo CD repo server metrics service monitor configuration
3054
##
3055
serviceMonitor:
3056
## @param repoServer.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
3057
##
3058
enabled: false
3059
## @param repoServer.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
3060
## e.g:
3061
## namespace: monitoring
3062
##
3063
namespace: ""
3064
## @param repoServer.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
3065
##
3066
jobLabel: ""
3067
## @param repoServer.metrics.serviceMonitor.interval Interval at which metrics should be scraped
3068
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
3069
##
3070
interval: 30s
3071
## @param repoServer.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
3072
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
3073
##
3074
scrapeTimeout: 10s
3075
## @param repoServer.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
3076
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
3077
##
3078
relabelings: []
3079
## @param repoServer.metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
3080
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
3081
##
3082
metricRelabelings: []
3083
## @param repoServer.metrics.serviceMonitor.selector ServiceMonitor selector labels
3084
##
3085
## selector:
3086
## prometheus: my-prometheus
3087
##
3088
selector: {}
3089
## @param repoServer.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
3090
##
3091
honorLabels: false
3092
## Argo CD repo server deployment autoscaling
3093
## @param repoServer.autoscaling.enabled Enable Argo CD repo server deployment autoscaling
3094
## @param repoServer.autoscaling.minReplicas Argo CD repo server deployment autoscaling minimum number of replicas
3095
## @param repoServer.autoscaling.maxReplicas Argo CD repo server deployment autoscaling maximum number of replicas
3096
## @param repoServer.autoscaling.targetCPU Argo CD repo server deployment autoscaling target CPU percentage
3097
## @param repoServer.autoscaling.targetMemory Argo CD repo server deployment autoscaling target CPU memory
3098
##
3099
autoscaling:
3100
enabled: false
3101
minReplicas: 1
3102
maxReplicas: 5
3103
targetCPU: 50
3104
targetMemory: 50
3105
## ServiceAccount configuration for the Argo CD repo server
3106
##
3107
serviceAccount:
3108
## @param repoServer.serviceAccount.create Specifies whether a ServiceAccount for repo server should be created
3109
##
3110
create: true
3111
## @param repoServer.serviceAccount.name The name of the ServiceAccount for repo server to use.
3112
## If not set and create is true, a name is generated using the common.names.fullname template
3113
##
3114
name: ""
3115
## @param repoServer.serviceAccount.automountServiceAccountToken Automount service account token for the repo server service account
3116
##
3117
automountServiceAccountToken: false
3118
## @param repoServer.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
3119
##
3120
annotations: {}
3121
## Enable admin clusterrole resources. Allows Argo CD repo server to have access to multiple namespaces
3122
## @param repoServer.clusterAdminAccess Enable K8s cluster admin access for the repo server
3123
##
3124
clusterAdminAccess: false
3125
## Enable Custom Rules for Argo CD server cluster role
3126
## @param repoServer.clusterRoleRules Use custom rules for repo server's cluster role
3127
##
3128
clusterRoleRules: []
3129
## @param repoServer.command Override default container command (useful when using custom images)
3130
##
3131
command: []
3132
## @param repoServer.args Override default container args (useful when using custom images)
3133
##
3134
args: []
3135
## @param repoServer.extraArgs Add extra args to the default repo server args
3136
##
3137
extraArgs: []
3138
## @param repoServer.automountServiceAccountToken Mount Service Account token in pod
3139
##
3140
automountServiceAccountToken: true
3141
## @param repoServer.hostAliases Argo CD repo server pods host aliases
3142
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
3143
##
3144
hostAliases: []
3145
## @param repoServer.podLabels Extra labels for Argo CD repo server pods
3146
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
3147
##
3148
podLabels: {}
3149
## @param repoServer.podAnnotations Annotations for Argo CD repo server pods
3150
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
3151
##
3152
podAnnotations: {}
3153
## @param repoServer.podAffinityPreset Pod affinity preset. Ignored if `repoServer.affinity` is set. Allowed values: `soft` or `hard`
3154
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3155
##
3156
podAffinityPreset: ""
3157
## @param repoServer.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `repoServer.affinity` is set. Allowed values: `soft` or `hard`
3158
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3159
##
3160
podAntiAffinityPreset: soft
3161
## Node repoServer.affinity preset
3162
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
3163
##
3164
nodeAffinityPreset:
3165
## @param repoServer.nodeAffinityPreset.type Node affinity preset type. Ignored if `repoServer.affinity` is set. Allowed values: `soft` or `hard`
3166
##
3167
type: ""
3168
## @param repoServer.nodeAffinityPreset.key Node label key to match. Ignored if `repoServer.affinity` is set
3169
##
3170
key: ""
3171
## @param repoServer.nodeAffinityPreset.values Node label values to match. Ignored if `repoServer.affinity` is set
3172
## E.g.
3173
## values:
3174
## - e2e-az1
3175
## - e2e-az2
3176
##
3177
values: []
3178
## @param repoServer.affinity Affinity for Argo CD repo server pods assignment
3179
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
3180
## NOTE: `repoServer.podAffinityPreset`, `repoServer.podAntiAffinityPreset`, and `repoServer.nodeAffinityPreset` will be ignored when it's set
3181
##
3182
affinity: {}
3183
## @param repoServer.nodeSelector Node labels for Argo CD repo server pods assignment
3184
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
3185
##
3186
nodeSelector: {}
3187
## @param repoServer.tolerations Tolerations for Argo CD repo server pods assignment
3188
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
3189
##
3190
tolerations: []
3191
## @param repoServer.schedulerName Name of the k8s scheduler (other than default)
3192
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
3193
##
3194
schedulerName: ""
3195
## @param repoServer.shareProcessNamespace Enable shared process namespace in a pod.
3196
## If set to false (default), each container will run in separate namespace, repoServer will have PID=1.
3197
## If set to true, the /pause will run as init process and will reap any zombie PIDs,
3198
## for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
3199
## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
3200
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
3201
##
3202
shareProcessNamespace: false
3203
## @param repoServer.topologySpreadConstraints Topology Spread Constraints for pod assignment
3204
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
3205
## The value is evaluated as a template
3206
##
3207
topologySpreadConstraints: []
3208
## @param repoServer.updateStrategy.type Argo CD repo server statefulset strategy type
3209
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
3210
##
3211
updateStrategy:
3212
## StrategyType
3213
## Can be set to RollingUpdate or OnDelete
3214
##
3215
type: RollingUpdate
3216
## @param repoServer.priorityClassName Argo CD repo server pods' priorityClassName
3217
##
3218
priorityClassName: ""
3219
## @param repoServer.runtimeClassName Name of the runtime class to be used by pod(s)
3220
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
3221
##
3222
runtimeClassName: ""
3223
## @param repoServer.lifecycleHooks for the Argo CD repo server container(s) to automate configuration before or after startup
3224
##
3225
lifecycleHooks: {}
3226
## @param repoServer.extraEnvVars Array with extra environment variables to add to Argo CD repo server nodes
3227
## e.g:
3228
## extraEnvVars:
3229
## - name: FOO
3230
## value: "bar"
3231
##
3232
extraEnvVars: []
3233
## @param repoServer.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Argo CD repo server nodes
3234
##
3235
extraEnvVarsCM: ""
3236
## @param repoServer.extraEnvVarsSecret Name of existing Secret containing extra env vars for Argo CD repo server nodes
3237
##
3238
extraEnvVarsSecret: ""
3239
## @param repoServer.extraVolumes Optionally specify extra list of additional volumes for the Argo CD repo server pod(s)
3240
##
3241
extraVolumes: []
3242
## @param repoServer.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Argo CD repo server container(s)
3243
##
3244
extraVolumeMounts: []
3245
## @param repoServer.sidecars Add additional sidecar containers to the Argo CD repo server pod(s)
3246
## e.g:
3247
## sidecars:
3248
## - name: your-image-name
3249
## image: your-image
3250
## imagePullPolicy: Always
3251
## ports:
3252
## - name: portname
3253
## containerPort: 1234
3254
##
3255
sidecars: []
3256
## @param repoServer.initContainers Add additional init containers to the Argo CD repo server pod(s)
3257
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
3258
## e.g:
3259
## initContainers:
3260
## - name: your-image-name
3261
## image: your-image
3262
## imagePullPolicy: Always
3263
## command: ['sh', '-c', 'echo "hello world"']
3264
##
3265
initContainers: []
3266
## Pod Disruption Budget configuration
3267
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
3268
## @param repoServer.pdb.create Enable/disable a Pod Disruption Budget creation
3269
## @param repoServer.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
3270
## @param repoServer.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `repoServer.pdb.minAvailable` and `repoServer.pdb.maxUnavailable` are empty.
3271
##
3272
pdb:
3273
create: true
3274
minAvailable: ""
3275
maxUnavailable: ""
3276
## @section Dex Parameters
3277
3278
## Dex configuration
3279
##
3280
dex:
3281
## Iamguarded Dex image
3282
## @param dex.image.registry [default: REGISTRY_NAME] Dex image registry
3283
## @param dex.image.repository [default: REPOSITORY_NAME/dex] Dex image repository
3284
## @skip dex.image.tag Dex image tag (immutable tags are recommended)
3285
## @param dex.image.digest Dex image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
3286
## @param dex.image.pullPolicy Dex image pull policy
3287
## @param dex.image.pullSecrets Dex image pull secrets
3288
## @param dex.image.debug Enable Dex image debug mode
3289
##
3290
image:
3291
registry: chainreg.biz
3292
repository: chainguard-private/dex-iamguarded
3293
tag: 2.45.1
3294
digest: ""
3295
## Specify a imagePullPolicy
3296
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
3297
##
3298
pullPolicy: IfNotPresent
3299
## Optionally specify an array of imagePullSecrets.
3300
## Secrets must be manually created in the namespace.
3301
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
3302
## e.g:
3303
## pullSecrets:
3304
## - myRegistryKeySecretName
3305
##
3306
pullSecrets: []
3307
## Enable debug mode
3308
##
3309
debug: false
3310
## Enable Dex deployment
3311
## @param dex.enabled Enable the creation of a Dex deployment for SSO
3312
##
3313
enabled: false
3314
## @param dex.replicaCount Number of Dex replicas to deploy
3315
##
3316
replicaCount: 1
3317
## Configure extra options for Dex containers' liveness and readiness probes
3318
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
3319
## @param dex.startupProbe.enabled Enable startupProbe on Dex nodes
3320
## @param dex.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
3321
## @param dex.startupProbe.periodSeconds Period seconds for startupProbe
3322
## @param dex.startupProbe.timeoutSeconds Timeout seconds for startupProbe
3323
## @param dex.startupProbe.failureThreshold Failure threshold for startupProbe
3324
## @param dex.startupProbe.successThreshold Success threshold for startupProbe
3325
##
3326
startupProbe:
3327
enabled: false
3328
initialDelaySeconds: 10
3329
periodSeconds: 10
3330
timeoutSeconds: 1
3331
failureThreshold: 3
3332
successThreshold: 1
3333
## @param dex.livenessProbe.enabled Enable livenessProbe on Dex nodes
3334
## @param dex.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
3335
## @param dex.livenessProbe.periodSeconds Period seconds for livenessProbe
3336
## @param dex.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
3337
## @param dex.livenessProbe.failureThreshold Failure threshold for livenessProbe
3338
## @param dex.livenessProbe.successThreshold Success threshold for livenessProbe
3339
##
3340
livenessProbe:
3341
enabled: true
3342
initialDelaySeconds: 10
3343
periodSeconds: 10
3344
timeoutSeconds: 1
3345
failureThreshold: 3
3346
successThreshold: 1
3347
## @param dex.readinessProbe.enabled Enable readinessProbe on Dex nodes
3348
## @param dex.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
3349
## @param dex.readinessProbe.periodSeconds Period seconds for readinessProbe
3350
## @param dex.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
3351
## @param dex.readinessProbe.failureThreshold Failure threshold for readinessProbe
3352
## @param dex.readinessProbe.successThreshold Success threshold for readinessProbe
3353
##
3354
readinessProbe:
3355
enabled: true
3356
initialDelaySeconds: 10
3357
periodSeconds: 10
3358
timeoutSeconds: 1
3359
failureThreshold: 3
3360
successThreshold: 1
3361
## @param dex.customStartupProbe Custom startupProbe that overrides the default one
3362
##
3363
customStartupProbe: {}
3364
## @param dex.customLivenessProbe Custom livenessProbe that overrides the default one
3365
##
3366
customLivenessProbe: {}
3367
## @param dex.customReadinessProbe Custom readinessProbe that overrides the default one
3368
##
3369
customReadinessProbe: {}
3370
## Dex resource requests and limits
3371
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
3372
## @param dex.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dex.resources is set (dex.resources is recommended for production).
3373
##
3374
resourcesPreset: "nano"
3375
## @param dex.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
3376
## Example:
3377
## resources:
3378
## requests:
3379
## cpu: 2
3380
## memory: 512Mi
3381
## limits:
3382
## cpu: 3
3383
## memory: 1024Mi
3384
##
3385
resources: {}
3386
## Configure Pods Security Context
3387
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
3388
## @param dex.podSecurityContext.enabled Enabled Dex pods' Security Context
3389
## @param dex.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
3390
## @param dex.podSecurityContext.sysctls Set kernel settings using the sysctl interface
3391
## @param dex.podSecurityContext.supplementalGroups Set filesystem extra groups
3392
## @param dex.podSecurityContext.fsGroup Set Dex pod's Security Context fsGroup
3393
##
3394
podSecurityContext:
3395
enabled: true
3396
fsGroupChangePolicy: Always
3397
sysctls: []
3398
supplementalGroups: []
3399
fsGroup: 1001
3400
## Configure Container Security Context
3401
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
3402
## @param dex.containerSecurityContext.enabled Enabled Dex containers' Security Context
3403
## @param dex.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
3404
## @param dex.containerSecurityContext.runAsUser Set Dex containers' Security Context runAsUser
3405
## @param dex.containerSecurityContext.runAsGroup Set Dex containers' Security Context runAsGroup
3406
## @param dex.containerSecurityContext.allowPrivilegeEscalation Set Dex containers' Security Context allowPrivilegeEscalation
3407
## @param dex.containerSecurityContext.readOnlyRootFilesystem Set Dex containers' server Security Context readOnlyRootFilesystem
3408
## @param dex.containerSecurityContext.runAsNonRoot Set Dex containers' Security Context runAsNonRoot
3409
## @param dex.containerSecurityContext.capabilities.drop Set Argo CD containers' repo server Security Context capabilities to be dropped
3410
## @param dex.containerSecurityContext.privileged Set dex container's Security Context privileged
3411
## @param dex.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
3412
##
3413
containerSecurityContext:
3414
enabled: true
3415
seLinuxOptions: {}
3416
runAsUser: 1001
3417
runAsGroup: 1001
3418
runAsNonRoot: true
3419
readOnlyRootFilesystem: true
3420
allowPrivilegeEscalation: false
3421
privileged: false
3422
capabilities:
3423
drop: ["ALL"]
3424
seccompProfile:
3425
type: "RuntimeDefault"
3426
## Dex service parameters
3427
##
3428
service:
3429
## @param dex.service.type Dex service type
3430
##
3431
type: ClusterIP
3432
## @param dex.service.ports.http Dex HTTP service port
3433
## @param dex.service.ports.grpc Dex grpc service port
3434
##
3435
ports:
3436
http: 5556
3437
grpc: 5557
3438
## Node ports to expose
3439
## @param dex.service.nodePorts.http HTTP node port for the Dex service
3440
## @param dex.service.nodePorts.grpc gRPC node port for the Dex service
3441
## NOTE: choose port between <30000-32767>
3442
##
3443
nodePorts:
3444
http: ""
3445
grpc: ""
3446
## @param dex.service.clusterIP Dex service Cluster IP
3447
## e.g.:
3448
## clusterIP: None
3449
##
3450
clusterIP: ""
3451
## @param dex.service.loadBalancerIP Dex service Load Balancer IP
3452
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
3453
##
3454
loadBalancerIP: ""
3455
## @param dex.service.loadBalancerSourceRanges Dex service Load Balancer sources
3456
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
3457
## e.g:
3458
## loadBalancerSourceRanges:
3459
## - 10.10.10.0/24
3460
##
3461
loadBalancerSourceRanges: []
3462
## @param dex.service.externalTrafficPolicy Dex service external traffic policy
3463
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
3464
##
3465
externalTrafficPolicy: Cluster
3466
## @param dex.service.annotations Additional custom annotations for Dex service
3467
##
3468
annotations: {}
3469
## @param dex.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)
3470
##
3471
extraPorts: []
3472
## @param dex.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
3473
## If "ClientIP", consecutive client requests will be directed to the same Pod
3474
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
3475
##
3476
sessionAffinity: None
3477
## @param dex.service.sessionAffinityConfig Additional settings for the sessionAffinity
3478
## sessionAffinityConfig:
3479
## clientIP:
3480
## timeoutSeconds: 300
3481
sessionAffinityConfig: {}
3482
## Network Policies
3483
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
3484
##
3485
networkPolicy:
3486
## @param dex.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
3487
##
3488
enabled: true
3489
## @param dex.networkPolicy.allowExternal Don't require server label for connections
3490
## The Policy model to apply. When set to false, only pods with the correct
3491
## server label will have network access to the ports server is listening
3492
## on. When true, server will accept connections from any source
3493
## (with the correct destination port).
3494
##
3495
allowExternal: true
3496
## @param dex.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
3497
##
3498
allowExternalEgress: true
3499
## @param dex.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
3500
##
3501
kubeAPIServerPorts: [443, 6443, 8443]
3502
## @param dex.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
3503
## e.g:
3504
## extraIngress:
3505
## - ports:
3506
## - port: 1234
3507
## from:
3508
## - podSelector:
3509
## - matchLabels:
3510
## - role: frontend
3511
## - podSelector:
3512
## - matchExpressions:
3513
## - key: role
3514
## operator: In
3515
## values:
3516
## - frontend
3517
extraIngress: []
3518
## @param dex.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
3519
## e.g:
3520
## extraEgress:
3521
## - ports:
3522
## - port: 1234
3523
## to:
3524
## - podSelector:
3525
## - matchLabels:
3526
## - role: frontend
3527
## - podSelector:
3528
## - matchExpressions:
3529
## - key: role
3530
## operator: In
3531
## values:
3532
## - frontend
3533
##
3534
extraEgress: []
3535
## @param dex.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
3536
## @param dex.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
3537
##
3538
ingressNSMatchLabels: {}
3539
ingressNSPodMatchLabels: {}
3540
## Dex container ports
3541
## @param dex.containerPorts.http Dex container HTTP port
3542
## @param dex.containerPorts.grpc Dex gRPC port
3543
## @param dex.containerPorts.metrics Dex metrics port
3544
##
3545
containerPorts:
3546
http: 5556
3547
grpc: 5557
3548
metrics: 5558
3549
## Metrics configuration for Dex
3550
##
3551
metrics:
3552
## Enable metrics for Argo Dex
3553
## @param dex.metrics.enabled Enable metrics service for Dex
3554
##
3555
enabled: false
3556
service:
3557
## @param dex.metrics.service.type Dex service type
3558
##
3559
type: ClusterIP
3560
## @param dex.metrics.service.ports.metrics Dex metrics service port
3561
##
3562
ports:
3563
metrics: 5558
3564
## Node ports to expose
3565
## @param dex.metrics.service.nodePorts.metrics Node port for the Dex service
3566
## NOTE: choose port between <30000-32767>
3567
##
3568
nodePorts:
3569
metrics: ""
3570
## @param dex.metrics.service.clusterIP Dex service metrics service Cluster IP
3571
## e.g.:
3572
## clusterIP: None
3573
##
3574
clusterIP: ""
3575
## @param dex.metrics.service.loadBalancerIP Dex service Load Balancer IP
3576
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
3577
##
3578
loadBalancerIP: ""
3579
## @param dex.metrics.service.loadBalancerSourceRanges Dex service Load Balancer sources
3580
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
3581
## e.g:
3582
## loadBalancerSourceRanges:
3583
## - 10.10.10.0/24
3584
##
3585
loadBalancerSourceRanges: []
3586
## @param dex.metrics.service.externalTrafficPolicy Dex service external traffic policy
3587
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
3588
##
3589
externalTrafficPolicy: Cluster
3590
## @param dex.metrics.service.annotations Additional custom annotations for Dex service
3591
##
3592
annotations: {}
3593
## @param dex.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"
3594
## If "ClientIP", consecutive client requests will be directed to the same Pod
3595
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies
3596
##
3597
sessionAffinity: None
3598
## @param dex.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity
3599
## sessionAffinityConfig:
3600
## clientIP:
3601
## timeoutSeconds: 300
3602
sessionAffinityConfig: {}
3603
## Dex metrics service monitor configuration
3604
##
3605
serviceMonitor:
3606
## @param dex.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator
3607
##
3608
enabled: false
3609
## @param dex.metrics.serviceMonitor.namespace Namespace which Prometheus is running in
3610
## e.g:
3611
## namespace: monitoring
3612
##
3613
namespace: ""
3614
## @param dex.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.
3615
##
3616
jobLabel: ""
3617
## @param dex.metrics.serviceMonitor.interval Interval at which metrics should be scraped
3618
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
3619
##
3620
interval: 30s
3621
## @param dex.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
3622
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
3623
##
3624
scrapeTimeout: 10s
3625
## @param dex.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping
3626
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
3627
##
3628
relabelings: []
3629
## @param dex.metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion
3630
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
3631
##
3632
metricRelabelings: []
3633
## @param dex.metrics.serviceMonitor.selector ServiceMonitor selector labels
3634
##
3635
## selector:
3636
## prometheus: my-prometheus
3637
##
3638
selector: {}
3639
## @param dex.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
3640
##
3641
honorLabels: false
3642
## ServiceAccount configuration for the Dex
3643
##
3644
serviceAccount:
3645
## @param dex.serviceAccount.create Specifies whether a ServiceAccount should be created for Dex
3646
##
3647
create: true
3648
## @param dex.serviceAccount.name The name of the ServiceAccount to use.
3649
## If not set and create is true, a name is generated using the common.names.fullname template
3650
##
3651
name: ""
3652
## @param dex.serviceAccount.automountServiceAccountToken Automount service account token for the Dex service account
3653
##
3654
automountServiceAccountToken: false
3655
## @param dex.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.
3656
##
3657
annotations: {}
3658
## @param dex.command Override default container command (useful when using custom images)
3659
##
3660
command: []
3661
## @param dex.args Override default container args (useful when using custom images)
3662
##
3663
args: []
3664
## @param dex.extraArgs Add extra args to the default args for Dex
3665
##
3666
extraArgs: []
3667
## @param dex.automountServiceAccountToken Mount Service Account token in pod
3668
##
3669
automountServiceAccountToken: true
3670
## @param dex.hostAliases Dex pods host aliases
3671
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
3672
##
3673
hostAliases: []
3674
## @param dex.podLabels Extra labels for Dex pods
3675
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
3676
##
3677
podLabels: {}
3678
## @param dex.podAnnotations Annotations for Dex pods
3679
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
3680
##
3681
podAnnotations: {}
3682
## @param dex.podAffinityPreset Pod affinity preset. Ignored if `dex.affinity` is set. Allowed values: `soft` or `hard`
3683
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3684
##
3685
podAffinityPreset: ""
3686
## @param dex.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `dex.affinity` is set. Allowed values: `soft` or `hard`
3687
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3688
##
3689
podAntiAffinityPreset: soft
3690
## Node dex.affinity preset
3691
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
3692
##
3693
nodeAffinityPreset:
3694
## @param dex.nodeAffinityPreset.type Node affinity preset type. Ignored if `dex.affinity` is set. Allowed values: `soft` or `hard`
3695
##
3696
type: ""
3697
## @param dex.nodeAffinityPreset.key Node label key to match. Ignored if `dex.affinity` is set
3698
##
3699
key: ""
3700
## @param dex.nodeAffinityPreset.values Node label values to match. Ignored if `dex.affinity` is set
3701
## E.g.
3702
## values:
3703
## - e2e-az1
3704
## - e2e-az2
3705
##
3706
values: []
3707
## @param dex.affinity Affinity for Dex pods assignment
3708
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
3709
## NOTE: `dex.podAffinityPreset`, `dex.podAntiAffinityPreset`, and `dex.nodeAffinityPreset` will be ignored when it's set
3710
##
3711
affinity: {}
3712
## @param dex.nodeSelector Node labels for Dex pods assignment
3713
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
3714
##
3715
nodeSelector: {}
3716
## @param dex.tolerations Tolerations for Dex pods assignment
3717
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
3718
##
3719
tolerations: []
3720
## @param dex.schedulerName Name of the k8s scheduler (other than default)
3721
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
3722
##
3723
schedulerName: ""
3724
## @param dex.shareProcessNamespace Enable shared process namespace in a pod.
3725
## If set to false (default), each container will run in separate namespace, dex will have PID=1.
3726
## If set to true, the /pause will run as init process and will reap any zombie PIDs,
3727
## for example, generated by a custom exec probe running longer than a probe timeoutSeconds.
3728
## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.
3729
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/
3730
##
3731
shareProcessNamespace: false
3732
## @param dex.topologySpreadConstraints Topology Spread Constraints for pod assignment
3733
## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
3734
## The value is evaluated as a template
3735
##
3736
topologySpreadConstraints: []
3737
## @param dex.updateStrategy.type Dex statefulset strategy type
3738
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
3739
##
3740
updateStrategy:
3741
## StrategyType
3742
## Can be set to RollingUpdate or OnDelete
3743
##
3744
type: RollingUpdate
3745
## @param dex.priorityClassName Dex pods' priorityClassName
3746
##
3747
priorityClassName: ""
3748
## @param dex.runtimeClassName Name of the runtime class to be used by pod(s)
3749
## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/
3750
##
3751
runtimeClassName: ""
3752
## @param dex.lifecycleHooks for the Dex container(s) to automate configuration before or after startup
3753
##
3754
lifecycleHooks: {}
3755
## @param dex.extraEnvVars Array with extra environment variables to add to Dex nodes
3756
## e.g:
3757
## extraEnvVars:
3758
## - name: FOO
3759
## value: "bar"
3760
##
3761
extraEnvVars: []
3762
## @param dex.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Dex nodes
3763
##
3764
extraEnvVarsCM: ""
3765
## @param dex.extraEnvVarsSecret Name of existing Secret containing extra env vars for Dex nodes
3766
##
3767
extraEnvVarsSecret: ""
3768
## @param dex.extraVolumes Optionally specify extra list of additional volumes for the Dex pod(s)
3769
##
3770
extraVolumes: []
3771
## @param dex.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Dex container(s)
3772
##
3773
extraVolumeMounts: []
3774
## @param dex.sidecars Add additional sidecar containers to the Dex pod(s)
3775
## e.g:
3776
## sidecars:
3777
## - name: your-image-name
3778
## image: your-image
3779
## imagePullPolicy: Always
3780
## ports:
3781
## - name: portname
3782
## containerPort: 1234
3783
##
3784
sidecars: []
3785
## @param dex.initContainers Add additional init containers to the Dex pod(s)
3786
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
3787
## e.g:
3788
## initContainers:
3789
## - name: your-image-name
3790
## image: your-image
3791
## imagePullPolicy: Always
3792
## command: ['sh', '-c', 'echo "hello world"']
3793
##
3794
initContainers: []
3795
## Pod Disruption Budget configuration
3796
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
3797
## @param dex.pdb.create Enable/disable a Pod Disruption Budget creation
3798
## @param dex.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
3799
## @param dex.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `dex.pdb.minAvailable` and `dex.pdb.maxUnavailable` are empty.
3800
##
3801
pdb:
3802
create: true
3803
minAvailable: ""
3804
maxUnavailable: ""
3805
## @section Shared config for Argo CD components
3806
config:
3807
## @param config.knownHosts [string] Known hosts to be added to the known hosts list by default. Check the values to see the default value
3808
##
3809
knownHosts: |
3810
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==
3811
github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
3812
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
3813
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
3814
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
3815
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
3816
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
3817
## @param config.extraKnownHosts Add extra known hosts to the known hosts list
3818
## E.g.:
3819
## extraKnownHosts: |
3820
## gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
3821
## gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
3822
##
3823
extraKnownHosts: ""
3824
## @param config.createExtraKnownHosts Whether to create or not the extra known hosts configmap
3825
##
3826
createExtraKnownHosts: true
3827
## @param config.styles Custom CSS styles
3828
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/
3829
## E.g.:
3830
## styles: |
3831
## .nav-bar {
3832
## background: linear-gradient(to bottom, #999, #777, #333, #222, #111);
3833
## }
3834
##
3835
styles: ""
3836
## @param config.existingStylesConfigmap Use an existing styles configmap
3837
##
3838
existingStylesConfigmap: ""
3839
## @param config.tlsCerts TLS certificates used to verify the authenticity of the repository servers
3840
## Certificates will be generated by default if the values are not set.
3841
## E.g:
3842
## tlsCerts:
3843
## argocd-1.example.com: |
3844
## -----BEGIN CERTIFICATE-----
3845
## (...)
3846
## -----END CERTIFICATE-----
3847
## argocd-2.example.com: |
3848
## -----BEGIN CERTIFICATE-----
3849
## (...)
3850
## -----END CERTIFICATE-----
3851
##
3852
tlsCerts: {}
3853
## @param config.gpgKeys GnuPG public keys to add to the keyring
3854
## Keys will be generated by default if the values are not set.
3855
## Note: Public keys should be exported with `gpg --export --armor <KEY>`
3856
##
3857
gpgKeys: {}
3858
# 4AEE18F83AFDEB23: |
3859
# -----BEGIN PGP PUBLIC KEY BLOCK-----
3860
# ...
3861
# -----END PGP PUBLIC KEY BLOCK-----
3862
3863
## @param config.rbac Role-based authentication configuration
3864
##
3865
rbac: {}
3866
# policy.default: role:readonly
3867
# policy.csv: |
3868
# # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project'
3869
# p, my-org:team-alpha, applications, sync, my-project/*, allow
3870
# # Grant all members of 'my-org:team-beta' admins
3871
# g, my-org:team-beta, role:admin
3872
3873
## Argo CD general secret configuration
3874
##
3875
secret:
3876
## @param config.secret.create Whether to create or not the secret
3877
##
3878
create: true
3879
## Annotations to be added to argocd-secret
3880
## @param config.secret.annotations General secret extra annotations
3881
##
3882
annotations: {}
3883
## Webhook Configs
3884
## @param config.secret.githubSecret GitHub secret to configure webhooks
3885
## @param config.secret.gitlabSecret GitLab secret to configure webhooks
3886
## @param config.secret.bitbucketServerSecret BitBucket secret to configure webhooks
3887
## @param config.secret.bitbucketUUID BitBucket UUID to configure webhooks
3888
## @param config.secret.gogsSecret Gogs secret to configure webhooks
3889
##
3890
githubSecret: ""
3891
gitlabSecret: ""
3892
bitbucketServerSecret: ""
3893
bitbucketUUID: ""
3894
gogsSecret: ""
3895
## Extra keys to add to the general config secret. Useful for injecting SSO secrets into environment variables.
3896
## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sso
3897
## @param config.secret.extra Extra keys to add to the configuration secret.
3898
## All values must be non-empty.
3899
## E.g:
3900
## LDAP_PASSWORD: "mypassword"
3901
##
3902
extra: {}
3903
## Argo CD TLS Data.
3904
## @param config.secret.argocdServerTlsConfig.key TLS key for the Argo CD config secret
3905
## @param config.secret.argocdServerTlsConfig.crt TLS certificate for the Argo CD config secret
3906
## E.g:
3907
## key:
3908
## crt: |
3909
## -----BEGIN CERTIFICATE-----
3910
## <cert data>
3911
## -----END CERTIFICATE-----
3912
## -----BEGIN CERTIFICATE-----
3913
## <ca cert data>
3914
## -----END CERTIFICATE-----
3915
##
3916
argocdServerTlsConfig:
3917
key: ""
3918
crt: ""
3919
## Argo admin password
3920
## @param config.secret.argocdServerAdminPassword Argo CD server admin password. Autogenerated by default.
3921
##
3922
argocdServerAdminPassword: ""
3923
## Password modification time defaults to current time if not set
3924
## @param config.secret.argocdServerAdminPasswordMtime Argo CD server password modification time
3925
## E.g:
3926
## argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z"
3927
##
3928
argocdServerAdminPasswordMtime: ""
3929
## Create a secret with optional repository credentials
3930
## @param config.secret.repositoryCredentials Repository credentials to add to the Argo CD server confgi secret
3931
## E.g.
3932
## repositoryCredentials:
3933
## sample-ssh-key: |
3934
## -----BEGIN RSA PRIVATE KEY-----
3935
## <key content>
3936
## -----END RSA PRIVATE KEY-----
3937
##
3938
repositoryCredentials: {}
3939
## External Cluster Credentials
3940
## Refs:
3941
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters
3942
## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials
3943
## @param config.clusterCredentials Configure external cluster credentials
3944
## E.g
3945
## - name: mycluster
3946
## server: https://mycluster.com
3947
## labels: {}
3948
## annotations: {}
3949
## config:
3950
## bearerToken: "<authentication token>"
3951
## tlsClientConfig:
3952
## insecure: false
3953
## caData: "<base64 encoded certificate>"
3954
## - name: mycluster2
3955
## server: https://mycluster2.com
3956
## labels: {}
3957
## annotations: {}
3958
## namespaces: namespace1,namespace2
3959
## config:
3960
## bearerToken: "<authentication token>"
3961
## tlsClientConfig:
3962
## insecure: false
3963
## caData: "<base64 encoded certificate>"
3964
##
3965
clusterCredentials: []
3966
## @section Init Container Parameters
3967
3968
## 'volumePermissions' init container parameters
3969
## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
3970
## based on the *podSecurityContext/*containerSecurityContext parameters
3971
##
3972
volumePermissions:
3973
## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
3974
##
3975
enabled: false
3976
## OS Shell + Utility image
3977
## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry
3978
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository
3979
## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended)
3980
## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
3981
## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy
3982
## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets
3983
##
3984
image:
3985
registry: chainreg.biz
3986
repository: chainguard-private/os-shell-iamguarded
3987
tag: 1.0.0
3988
digest: ""
3989
pullPolicy: IfNotPresent
3990
## Optionally specify an array of imagePullSecrets.
3991
## Secrets must be manually created in the namespace.
3992
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
3993
## e.g:
3994
## pullSecrets:
3995
## - myRegistryKeySecretName
3996
##
3997
pullSecrets: []
3998
## Init container's resource requests and limits
3999
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
4000
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
4001
##
4002
resourcesPreset: "nano"
4003
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
4004
## Example:
4005
## resources:
4006
## requests:
4007
## cpu: 2
4008
## memory: 512Mi
4009
## limits:
4010
## cpu: 3
4011
## memory: 1024Mi
4012
##
4013
resources: {}
4014
## Init container Container Security Context
4015
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
4016
## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
4017
## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
4018
## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
4019
## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
4020
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
4021
##
4022
containerSecurityContext:
4023
seLinuxOptions: {}
4024
runAsUser: 0
4025
## @section Other Parameters
4026
4027
## RBAC configuration
4028
##
4029
rbac:
4030
## @param rbac.create Specifies whether RBAC resources should be created
4031
##
4032
create: true
4033
## Redis parameters
4034
##
4035
redis:
4036
## Iamguarded Redis image
4037
## @param redis.image.registry [default: REGISTRY_NAME] Redis image registry
4038
## @param redis.image.repository [default: REPOSITORY_NAME/redis] Redis image repository
4039
## @skip redis.image.tag Redis image tag (immutable tags are recommended)
4040
## @param redis.image.digest Redis image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
4041
## @param redis.image.pullPolicy Redis image pull policy
4042
## @param redis.image.pullSecrets Redis image pull secrets
4043
##
4044
image:
4045
registry: chainreg.biz
4046
repository: chainguard-private/redis-server-iamguarded
4047
tag: 8.6.3
4048
digest: ""
4049
## Specify a imagePullPolicy
4050
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
4051
##
4052
pullPolicy: IfNotPresent
4053
## Optionally specify an array of imagePullSecrets.
4054
## Secrets must be manually created in the namespace.
4055
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
4056
## e.g:
4057
## pullSecrets:
4058
## - myRegistryKeySecretName
4059
##
4060
pullSecrets: []
4061
## @param redis.enabled Enable Redis dependency
4062
##
4063
enabled: true
4064
## @param redis.nameOverride Name override for the Redis dependency
4065
##
4066
nameOverride: ""
4067
## @param redis.service.ports.redis Service port for Redis dependency
4068
##
4069
service:
4070
ports:
4071
redis: 6379
4072
## Use password authentication
4073
## @param redis.auth.enabled Enable Redis dependency authentication
4074
## @param redis.auth.existingSecret Existing secret to load redis dependency password
4075
## @param redis.auth.existingSecretPasswordKey Pasword key name inside the existing secret
4076
##
4077
auth:
4078
enabled: true
4079
## Name of existing secret object containing the password
4080
##
4081
existingSecret: ""
4082
##
4083
## Password key to be retrieved from Redis® secret
4084
##
4085
existingSecretPasswordKey: 'redis-password'
4086
## Cluster settings
4087
## @param redis.architecture Redis® architecture. Allowed values: `standalone` or `replication`
4088
## TODO(miguelaeh): We need to test the chart with redis sentinel, it seems to be supported at: https://github.com/argoproj/argo-cd/blob/2a410187565e15633b6f2a8c8d8da22cf02b257d/util/cache/cache.go#L40
4089
##
4090
architecture: standalone
4091
##
4092
## External Redis®
4093
##
4094
externalRedis:
4095
## Can be enabled after redisWait.enabled and redis.enabled are set to false
4096
## @param externalRedis.enabled Enables External Redis
4097
##
4098
enabled: false
4099
## Redis® host
4100
## @param externalRedis.host External Redis host
4101
##
4102
host: ""
4103
## Redis® port
4104
## @param externalRedis.port External Redis port
4105
##
4106
port: 6379
4107
## Redis® password for authentication
4108
## Ignored if existingSecret is set
4109
## @param externalRedis.password External Redis password
4110
##
4111
password: ""
4112
## Name of existing secret object containing the password
4113
## @param externalRedis.existingSecret Existing secret for the external redis
4114
##
4115
existingSecret: ""
4116
## Password key to be retrieved from Redis® secret
4117
## @param externalRedis.existingSecretPasswordKey Password key for the existing secret containing the external redis password
4118
##
4119
existingSecretPasswordKey: 'redis-password'
4120
## Specify a label to use with the label selector
4121
## @param externalRedis.selector External Redis selector labels
4122
##
4123
selector: {}
4124
#
4125
# selector:
4126
# app.kubernetes.io/component: master
4127
# app.kubernetes.io/instance: redis
4128
# app.kubernetes.io/name: redis
4129
## Wait-for-redis init container configuration
4130
##
4131
redisWait:
4132
## @param redisWait.enabled Enables waiting for redis
4133
##
4134
enabled: true
4135
## @param redisWait.extraArgs Additional arguments for the redis-cli call, such as TLS
4136
##
4137
extraArgs: ''
4138
## @param redisWait.containerSecurityContext.enabled Enabled Argo CD repo server containers' Security Context
4139
## @param redisWait.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
4140
## @param redisWait.containerSecurityContext.runAsUser Set Argo CD repo server containers' Security Context runAsUser
4141
## @param redisWait.containerSecurityContext.runAsGroup Set Argo CD repo server containers' Security Context runAsGroup
4142
## @param redisWait.containerSecurityContext.allowPrivilegeEscalation Set Argo CD repo server containers' Security Context allowPrivilegeEscalation
4143
## @param redisWait.containerSecurityContext.capabilities.drop Set Argo CD containers' repo server Security Context capabilities to be dropped
4144
## @param redisWait.containerSecurityContext.readOnlyRootFilesystem Set Argo CD containers' repo server Security Context readOnlyRootFilesystem
4145
## @param redisWait.containerSecurityContext.runAsNonRoot Set Argo CD repo server containers' Security Context runAsNonRoot
4146
## @param redisWait.containerSecurityContext.privileged Set redisWait container's Security Context privileged
4147
## @param redisWait.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
4148
##
4149
containerSecurityContext:
4150
enabled: true
4151
seLinuxOptions: {}
4152
runAsUser: 1001
4153
runAsGroup: 1001
4154
runAsNonRoot: true
4155
readOnlyRootFilesystem: true
4156
allowPrivilegeEscalation: false
4157
privileged: false
4158
capabilities:
4159
drop: ["ALL"]
4160
seccompProfile:
4161
type: "RuntimeDefault"
4162
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.