kubernetes/dev/argocd/values.org at 9e6566a99f095a4f51d6b3e529ed709deb5269cd

AllardDCS/kubernetes

Fork 0

Files

allard 376a944abc initial commit

2025-11-23 18:58:51 +01:00

155 KiB

Raw Blame History

## Argo CD configuration ## Ref: https://github.com/argoproj/argo-cd ##

nameOverride: argocd

fullnameOverride: ""

namespaceOverride: ""

kubeVersionOverride: ""

apiVersionOverrides: {}

## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles createAggregateRoles: false

## Used when you manage applications in the same cluster where Argo CD runs createClusterRoles: true

openshift:

enabled: false

## Custom resource configuration crds:

install: true

keep: true

annotations: {}

additionalLabels: {}

## Globally shared configuration global:

## Used for ingresses, certificates, SSO, notifications, etc. domain: argocd.example.com

runtimeClassName: ""

additionalLabels: {}

revisionHistoryLimit: 3

image:

repository: quay.io/argoproj/argocd

tag: ""

imagePullPolicy: IfNotPresent

imagePullSecrets: []

logging:

format: text

level: info

statefulsetAnnotations: {}

deploymentAnnotations: {}

deploymentLabels: {}

podAnnotations: {}

podLabels: {}

addPrometheusAnnotations: false

securityContext: {}

hostAliases: []

dualStack:

ipFamilyPolicy: ""

ipFamilies: []

networkPolicy:

create: false

defaultDenyIngress: false

priorityClassName: ""

nodeSelector: kubernetes.io/os: linux

tolerations: []

affinity:

podAntiAffinity: soft

nodeAffinity:

type: hard

matchExpressions: []

## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector of the component topologySpreadConstraints: []

deploymentStrategy: {}

env: []

certificateAnnotations: {}

## Argo Configs configs:

## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml cm:

create: true

annotations: {}

application.instanceLabelKey: argocd.argoproj.io/instance

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/app-sync-using-impersonation/ application.sync.impersonation.enabled: false

## Ref: https://argo-cd.readthedocs.io/en/latest/operator-manual/rbac/#exec-resource exec.enabled: false

## Ref: https://argo-cd.readthedocs.io/en/latest/faq/#how-to-disable-admin-user admin.enabled: true

timeout.reconciliation: 180s

timeout.hard.reconciliation: 0s

## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/status-badge/ statusbadge.enabled: false

## Ref: https://argo-cd.readthedocs.io/en/latest/developer-guide/extensions/proxy-extensions/

## Default configuration for ignoreResourceUpdates. ## The ignoreResourceUpdates list contains K8s resource's properties that are known to be frequently updated ## by controllers and operators. These resources, when watched by argo, will cause many unnecessary updates.

resource.customizations.ignoreResourceUpdates.all: | jsonPointers:

/status

## The Application itself is already watched by the controller lister, but this configuration is applied for apps of apps

resource.customizations.ignoreResourceUpdates.argoproj.io_Application: | jqPathExpressions:

'.metadata.annotations."notified.notifications.argoproj.io"'
'.metadata.annotations."argocd.argoproj.io/refresh"'
'.metadata.annotations."argocd.argoproj.io/hydrate"'
'.operation'

resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: | jqPathExpressions:

'.metadata.annotations."notified.notifications.argoproj.io"'

resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: | jqPathExpressions:

'.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"'
'.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"'
'.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"'
'.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"'

resource.customizations.ignoreResourceUpdates.ConfigMap: | jqPathExpressions:

'.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'

'.metadata.annotations."control-plane.alpha.kubernetes.io/leader"'

resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: | jqPathExpressions:

'.metadata.annotations."deployment.kubernetes.io/desired-replicas"'
'.metadata.annotations."deployment.kubernetes.io/max-replicas"'
'.metadata.annotations."rollout.argoproj.io/desired-replicas"'

resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: | jsonPointers:

/metadata
/endpoints
/ports

resource.customizations.ignoreResourceUpdates.Endpoints: | jsonPointers:

/metadata
/subsets

## Default configuration for exclusions. ## The exclusion list are K8s resources that we assume will never be declared in Git, ## and are never child objects of managed resources that need to be presented in the resource tree. ## This list contains high volume and high churn metadata objects which we exclude for performance ## reasons, reducing connections and load to the K8s API servers of managed clusters.

resource.exclusions: | ### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter

apiGroups:
- ''
- discovery.k8s.io
kinds:
- Endpoints
- EndpointSlice

### Internal Kubernetes resources excluded reduce the number of watched events

apiGroups:
- coordination.k8s.io
kinds:
- Lease

### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events

apiGroups:
- authentication.k8s.io
- authorization.k8s.io
kinds:
- SelfSubjectReview
- TokenReview
- LocalSubjectAccessReview
- SelfSubjectAccessReview
- SelfSubjectRulesReview
- SubjectAccessReview

### Intermediate Certificate Request excluded reduce the number of watched events

apiGroups:
- certificates.k8s.io
kinds:
- CertificateSigningRequest
apiGroups:
- cert-manager.io
kinds:
- CertificateRequest

### Cilium internal resources excluded reduce the number of watched events and UI Clutter

apiGroups:
- cilium.io
kinds:
- CiliumIdentity
- CiliumEndpoint
- CiliumEndpointSlice

### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance

apiGroups:
- kyverno.io
- reports.kyverno.io
- wgpolicyk8s.io
kinds:
- PolicyReport
- ClusterPolicyReport
- EphemeralReport
- ClusterEphemeralReport
- AdmissionReport
- ClusterAdmissionReport
- BackgroundScanReport
- ClusterBackgroundScanReport
- UpdateRequest

## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cmd-params-cm.yaml params:

create: true

annotations: {}

## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md rbac:

create: true

annotations: {}

policy.default: ''

policy.csv: ''

scopes: "[groups]"

policy.matchMode: "glob"

## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/gpg-verification/ gpg:

annotations: {}

## Note: Public keys should be exported with `gpg –export –armor <KEY>` keys: {}

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#ssh-known-host-public-keys ssh:

create: true

annotations: {}

knownHosts: | [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H

extraHosts: ''

tls:

annotations: {}

certificates: {}

create: true

cmp:

create: false

annotations: {}

plugins: {}

## Ref: ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters ## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials ## - https://argo-cd.readthedocs.io/en/stable/user-guide/projects/#project-scoped-repositories-and-clusters clusterCredentials: {}

## Creates a secret for each key/value specified below to create repository credentials credentialTemplates: {}

credentialTemplatesAnnotations: {}

## Creates a secret for each key/value specified below to create repositories ## Note: the last example in the list would use a repository credential template, configured under "configs.credentialTemplates". repositories: {}

repositoriesAnnotations: {}

secret:

createSecret: true

labels: {}

annotations: {}

githubSecret: ""

gitlabSecret: ""

bitbucketServerSecret: ""

bitbucketUUID: ""

gogsSecret: "" ## Azure DevOps azureDevops:

username: ""

password: ""

## Custom secrets. Useful for injecting SSO secrets into environment variables. ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sensitive-data-and-sso-client-secrets ## Note that all values must be non-empty. extra: {}

## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with ## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` argocdServerAdminPassword: ""

argocdServerAdminPasswordMtime: ""

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ styles: ""

## Note: Supports use of custom Helm templates extraObjects: []

## Application controller controller:

## With dynamic cluster distribution turned on, sharding of the clusters will gracefully ## rebalance if the number of replica's changes or one becomes unhealthy. (alpha) replicas: 1

## This is done using a deployment instead of a statefulSet ## When replicas are added or removed, the sharding algorithm is re-run to ensure that the ## clusters are distributed according to the algorithm. If the algorithm is well-balanced, ## like round-robin, then the shards will be well-balanced. dynamicClusterDistribution: false

runtimeClassName: ""

heartbeatTime: 10

revisionHistoryLimit: 5

## Application controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb:

enabled: false

labels: {}

annotations: {}

minAvailable: ""

## Has higher precedence over `controller.pdb.minAvailable` maxUnavailable: ""

## Application controller Vertical Pod Autoscaler ## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically/ vpa:

enabled: false

labels: {}

annotations: {}

## Ref: https://kubernetes.io/docs/concepts/workloads/autoscaling/#scaling-workloads-vertically ## Note: Recreate update mode requires more than one replica unless the min-replicas VPA controller flag is overridden updateMode: Initial

## Ref: https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/examples/hamster.yaml containerPolicy: {}

## Application controller image image:

repository: ""

tag: ""

imagePullPolicy: ""

imagePullSecrets: []

extraArgs: []

env: []

envFrom: []

## Note: Supports use of custom Helm templates extraContainers: []

## If your target Kubernetes cluster(s) require a custom credential (exec) plugin ## you could use this (and the same in the server pod) to provide such executable ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins ## Note: Supports use of custom Helm templates initContainers: []

volumeMounts: []

volumes: []

## Application controller emptyDir volumes emptyDir:

sizeLimit: ""

statefulsetAnnotations: {}

deploymentAnnotations: {}

deploymentLabels: {}

podAnnotations: {}

podLabels: {}

resources: {}

containerPorts:

metrics: 8082

hostNetwork: false

dnsConfig: {}

dnsPolicy: "ClusterFirst"

containerSecurityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop:

## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe:

failureThreshold: 3

initialDelaySeconds: 10

periodSeconds: 10

successThreshold: 1

timeoutSeconds: 1

terminationGracePeriodSeconds: 30

priorityClassName: ""

nodeSelector: {}

tolerations: []

affinity: {}

## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: []

automountServiceAccountToken: true

serviceAccount:

create: true

annotations: {}

labels: {}

automountServiceAccountToken: true

## Application controller metrics configuration metrics:

enabled: false

scrapeTimeout: "" applicationLabels:

enabled: false

labels: [] service:

type: ClusterIP

clusterIP: ""

annotations: {}

labels: {}

servicePort: 8082

portName: http-metrics serviceMonitor:

enabled: false

interval: 30s

honorLabels: false

relabelings: []

metricRelabelings: []

selector: {}

scheme: ""

tlsConfig: {}

namespace: "" # "monitoring"

additionalLabels: {}

annotations: {} rules:

enabled: false

namespace: "" # "monitoring"

selector: {}

additionalLabels: {}

annotations: {}

spec: []

## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. ## Defaults to off clusterRoleRules:

enabled: false

rules: []

## Enable this and set the rules: to whatever custom rules you want for the Role resource. ## Defaults to off

roleRules: []

networkPolicy:

create: false

## Dex dex:

enabled: true

extraArgs: []

runtimeClassName: ""

metrics:

enabled: false service:

annotations: {}

labels: {}

portName: http-metrics serviceMonitor:

enabled: false

interval: 30s

honorLabels: false

relabelings: []

metricRelabelings: []

selector: {}

scheme: ""

tlsConfig: {}

namespace: "" # "monitoring"

additionalLabels: {}

annotations: {}

## Dex Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb:

enabled: false

labels: {}

annotations: {}

minAvailable: ""

## Has higher precedence over `dex.pdb.minAvailable` maxUnavailable: ""

## Dex image image:

repository: ghcr.io/dexidp/dex

tag: v2.44.0

imagePullPolicy: ""

imagePullSecrets: []

initImage:

repository: ""

tag: ""

imagePullPolicy: ""

resources: {}

env: []

envFrom: []

## Note: Supports use of custom Helm templates extraContainers: []

## Note: Supports use of custom Helm templates initContainers: []

volumeMounts: []

volumes: []

## Dex server emptyDir volumes emptyDir:

sizeLimit: ""

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-dex-server ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart Dex automatically without extra controllers. certificateSecret:

enabled: false

labels: {}

annotations: {}

ca: ''

key: ''

crt: ''

deploymentAnnotations: {}

deploymentLabels: {}

podAnnotations: {}

podLabels: {}

resources: {}

containerPorts:

http: 5556

grpc: 5557

metrics: 5558

dnsConfig: {}

dnsPolicy: "ClusterFirst"

containerSecurityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop:

## Probes for Dex server ## Supported from Dex >= 2.28.0 livenessProbe:

enabled: false

httpPath: /healthz/live

httpPort: metrics

httpScheme: HTTP

failureThreshold: 3

initialDelaySeconds: 10

periodSeconds: 10

successThreshold: 1

timeoutSeconds: 1

readinessProbe:

enabled: false

httpPath: /healthz/ready

httpPort: metrics

httpScheme: HTTP

failureThreshold: 3

initialDelaySeconds: 10

periodSeconds: 10

successThreshold: 1

timeoutSeconds: 1

terminationGracePeriodSeconds: 30

automountServiceAccountToken: true

serviceAccount:

create: true

annotations: {}

automountServiceAccountToken: true

servicePortHttp: 5556

servicePortHttpName: http

servicePortGrpc: 5557

servicePortGrpcName: grpc

servicePortMetrics: 5558

priorityClassName: ""

nodeSelector: {}

tolerations: []

affinity: {}

deploymentStrategy: {}

networkPolicy:

create: false

## Redis redis:

enabled: true

runtimeClassName: ""

## Redis Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb:

enabled: false

labels: {}

annotations: {}

minAvailable: ""

## Has higher precedence over `redis.pdb.minAvailable` maxUnavailable: ""

## Redis image image:

repository: ecr-public.aws.com/docker/library/redis

## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis tag: 8.2.2-alpine

imagePullPolicy: ""

## Prometheus redis-exporter sidecar exporter:

enabled: false

env: [] ## Prometheus redis-exporter image image:

repository: ghcr.io/oliver006/redis_exporter

tag: v1.80.0

imagePullPolicy: ""

containerSecurityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop:

## Probes for Redis exporter (optional) ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe:

enabled: false

initialDelaySeconds: 30

periodSeconds: 15

timeoutSeconds: 15

successThreshold: 1

failureThreshold: 5 livenessProbe:

enabled: false

initialDelaySeconds: 30

periodSeconds: 15

timeoutSeconds: 15

successThreshold: 1

failureThreshold: 5

resources: {}

imagePullSecrets: []

extraArgs: []

env: []

envFrom: []

## Probes for Redis server (optional) ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe:

enabled: false

initialDelaySeconds: 30

periodSeconds: 15

timeoutSeconds: 15

successThreshold: 1

failureThreshold: 5 livenessProbe:

enabled: false

initialDelaySeconds: 30

periodSeconds: 15

timeoutSeconds: 15

successThreshold: 1

failureThreshold: 5

## Note: Supports use of custom Helm templates extraContainers: []

## Note: Supports use of custom Helm templates initContainers: []

volumeMounts: []

volumes: []

deploymentAnnotations: {}

deploymentLabels: {}

podAnnotations: {}

podLabels: {}

resources: {}

securityContext: runAsNonRoot: true runAsUser: 999 seccompProfile: type: RuntimeDefault

containerPorts:

redis: 6379

metrics: 9121

dnsConfig: {}

dnsPolicy: "ClusterFirst"

containerSecurityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop:

servicePort: 6379

priorityClassName: ""

nodeSelector: {}

tolerations: []

affinity: {}

terminationGracePeriodSeconds: 30

automountServiceAccountToken: true

serviceAccount:

create: false

annotations: {}

automountServiceAccountToken: false

service:

annotations: {}

labels: {}

metrics:

enabled: false

service:

type: ClusterIP

clusterIP: None

annotations: {}

labels: {}

servicePort: 9121

portName: http-metrics

serviceMonitor:

enabled: false

interval: 30s

honorLabels: false

relabelings: []

metricRelabelings: []

selector: {}

scheme: ""

tlsConfig: {}

namespace: "" # "monitoring"

additionalLabels: {}

annotations: {}

networkPolicy:

create: false

## Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true`

redis-ha:

enabled: false ## Redis image image:

repository: ecr-public.aws.com/docker/library/redis

## Do not upgrade to >= 7.4.0, otherwise you are no longer using an open source version of Redis tag: 8.2.2-alpine ## Prometheus redis-exporter sidecar exporter:

enabled: false

image: ghcr.io/oliver006/redis_exporter

tag: v1.75.0 persistentVolume:

enabled: false ## Redis specific configuration options redis:

masterGroupName: argocd

config:

save: '""' ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master. haproxy:

enabled: true

labels: app.kubernetes.io/name: argocd-redis-ha-haproxy image:

repository: ecr-public.aws.com/docker/library/haproxy metrics:

enabled: true

hardAntiAffinity: true

additionalAffinities: {}

affinity: |

tolerations: []

containerSecurityContext: readOnlyRootFilesystem: true

auth: true

existingSecret: argocd-redis

hardAntiAffinity: true

additionalAffinities: {}

affinity: |

tolerations: []

## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ topologySpreadConstraints:

enabled: false

maxSkew: ""

topologyKey: ""

whenUnsatisfiable: ""

containerSecurityContext: readOnlyRootFilesystem: true

externalRedis:

host: ""

username: ""

password: ""

port: 6379

existingSecret: ""

secretAnnotations: {}

redisSecretInit:

enabled: true

image:

repository: "" # defaults to global.image.repository

tag: "" # defaults to global.image.tag

imagePullPolicy: "" # IfNotPresent

extraArgs: []

imagePullSecrets: []

runtimeClassName: ""

jobAnnotations: {}

podAnnotations: {}

podLabels: {}

resources: {}

containerSecurityContext: allowPrivilegeEscalation: false capabilities: drop:

readOnlyRootFilesystem: true runAsNonRoot: true seccompProfile: type: RuntimeDefault

securityContext: {}

serviceAccount:

create: true

annotations: {}

automountServiceAccountToken: true

priorityClassName: ""

affinity: {}

nodeSelector: {}

tolerations: []

## Server server:

replicas: 1

runtimeClassName: ""

## Argo CD server Horizontal Pod Autoscaler autoscaling:

enabled: false

minReplicas: 1

maxReplicas: 5

targetCPUUtilizationPercentage: 50

targetMemoryUtilizationPercentage: 50

behavior: {}

metrics: []

## Argo CD server Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb:

enabled: false

labels: {}

annotations: {}

minAvailable: ""

## Has higher precedence over `server.pdb.minAvailable` maxUnavailable: ""

## Argo CD server image image:

repository: "" # defaults to global.image.repository

tag: "" # defaults to global.image.tag

imagePullPolicy: "" # IfNotPresent

imagePullSecrets: []

extraArgs: []

env: []

envFrom: []

lifecycle: {}

## Argo CD extensions ## This function in tech preview stage, do expect instability or breaking changes in newer versions. ## Ref: https://github.com/argoproj-labs/argocd-extension-installer ## When you enable extensions, you need to configure RBAC of logged in Argo CD user. ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/#the-extensions-resource extensions:

enabled: false

## Argo CD extension installer image image:

repository: "quay.io/argoprojlabs/argocd-extension-installer"

tag: "v0.0.8"

imagePullPolicy: ""

## Ref: https://github.com/argoproj-labs/argocd-extension-metrics#install-ui-extension extensionList: []

containerSecurityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false runAsUser: 1000 seccompProfile: type: RuntimeDefault capabilities: drop:

resources: {}

## Note: Supports use of custom Helm templates extraContainers: []

## If your target Kubernetes cluster(s) require a custom credential (exec) plugin ## you could use this (and the same in the application controller pod) to provide such executable ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#client-go-credential-plugins initContainers: []

volumeMounts: []

volumes: []

## Argo CD server emptyDir volumes emptyDir:

sizeLimit: ""

deploymentAnnotations: {}

deploymentLabels: {}

podAnnotations: {}

podLabels: {}

resources: {}

containerPorts:

server: 8080

metrics: 8083

hostNetwork: false

dnsConfig: {}

dnsPolicy: "ClusterFirst"

containerSecurityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop:

## Readiness and liveness probes for default backend ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe:

failureThreshold: 3

initialDelaySeconds: 10

periodSeconds: 10

successThreshold: 1

timeoutSeconds: 1

livenessProbe:

failureThreshold: 3

initialDelaySeconds: 10

periodSeconds: 10

successThreshold: 1

timeoutSeconds: 1

terminationGracePeriodSeconds: 30

priorityClassName: ""

nodeSelector: {}

tolerations: []

affinity: {}

deploymentStrategy: {}

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server certificate:

enabled: false

domain: ""

additionalHosts: []

## Ref: https://cert-manager.io/docs/usage/certificate/#renewal duration: ""

## Ref: https://cert-manager.io/docs/usage/certificate/#renewal renewBefore: ""

## Ref: https://cert-manager.io/docs/concepts/issuer issuer:

group: ""

kind: ""

privateKey:

rotationPolicy: Never

encoding: PKCS1

algorithm: RSA

size: 2048

annotations: {}

### Ref: https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.KeyUsage usages: []

secretTemplateAnnotations: {}

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-certificates-used-by-argocd-server certificateSecret:

enabled: false

annotations: {}

labels: {}

key: ''

crt: ''

## Server service configuration service:

annotations: {}

labels: {}

type: ClusterIP

nodePortHttp: 30080

nodePortHttps: 30443

servicePortHttp: 80

servicePortHttps: 443

servicePortHttpName: http

servicePortHttpsName: https

## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol servicePortHttpsAppProtocol: ""

loadBalancerClass: ""

loadBalancerIP: ""

## EKS Ref: https://repost.aws/knowledge-center/eks-cidr-ip-address-loadbalancer ## GKE Ref: https://cloud.google.com/kubernetes-engine/docs/concepts/network-overview#limit-connectivity-ext-lb loadBalancerSourceRanges: []

externalIPs: []

## Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip externalTrafficPolicy: Cluster

## Ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies sessionAffinity: None

## Server metrics service configuration metrics:

enabled: false service:

type: ClusterIP

clusterIP: ""

annotations: {}

labels: {}

servicePort: 8083

portName: http-metrics serviceMonitor:

enabled: false

interval: 30s

scrapeTimeout: ""

honorLabels: false

relabelings: []

metricRelabelings: []

selector: {}

scheme: ""

tlsConfig: {}

namespace: "" # monitoring

additionalLabels: {}

annotations: {}

automountServiceAccountToken: true

serviceAccount:

create: true

annotations: {}

labels: {}

automountServiceAccountToken: true

ingress:

enabled: false

## Additional configuration might be required in related configuration sections controller: generic

labels: {}

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#option-1-ssl-passthrough annotations: {}

ingressClassName: ""

hostname: ""

path: /

pathType: Prefix

## TLS certificate will be retrieved from a TLS secret `argocd-server-tls` ## You can create this secret via `certificate` or `certificateSecret` option tls: false

extraHosts: []

## Note: Supports use of custom Helm templates extraPaths: []

## Note: Supports use of custom Helm templates extraRules: []

extraTls: []

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#aws-application-load-balancers-albs-and-classic-elb-http-mode aws:

## This tells AWS to send traffic from the ALB using gRPC. ## For more information: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/target-group-health-checks.html#health-check-settings backendProtocolVersion: GRPC

## Can be of type NodePort or ClusterIP depending on which mode you are running. ## Instance mode needs type NodePort, IP mode needs type ClusterIP ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic serviceType: NodePort

## Allows adding custom annotations to the gRPC service for integrations like DataDog, Prometheus, etc. serviceAnnotations: {}

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/#google-cloud-load-balancers-with-kubernetes-ingress gke:

## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters backendConfig: {}

## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features#configuring_ingress_features_through_frontendconfig_parameters frontendConfig: {}

managedCertificate:

## Ref: https://cloud.google.com/kubernetes-engine/docs/how-to/managed-certs create: true

extraDomains: []

ingressGrpc:

enabled: false

annotations: {}

labels: {}

ingressClassName: ""

hostname: ""

path: /

pathType: Prefix

## TLS certificate will be retrieved from a TLS secret with name: `argocd-server-grpc-tls` tls: false

extraHosts: []

## Note: Supports use of custom Helm templates extraPaths: []

## Note: Supports use of custom Helm templates extraRules: []

extraTls: []

route:

enabled: false

annotations: {}

hostname: ""

termination_type: passthrough

termination_policy: None

httproute:

enabled: false

labels: {}

annotations: {}

## Must reference an existing Gateway

parentRefs: []

hostnames: []

rules:

matches:
- path: type: PathPrefix value: /

grpcroute:

enabled: false

labels: {}

annotations: {}

## Must reference an existing Gateway

parentRefs: []

hostnames: []

rules:

matches:
- method: type: Exact

backendTLSPolicy:

enabled: false

labels: {}

annotations: {}

targetRefs: []

validation: {}

## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. ## Defaults to off clusterRoleRules:

enabled: false

rules: []

networkPolicy:

create: false

## Repo Server repoServer:

replicas: 1

runtimeClassName: ""

## Repo server Horizontal Pod Autoscaler autoscaling:

enabled: false

minReplicas: 1

maxReplicas: 5

targetCPUUtilizationPercentage: 50

targetMemoryUtilizationPercentage: 50

behavior: {}

metrics: []

## Repo server Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb:

enabled: false

labels: {}

annotations: {}

minAvailable: ""

## Has higher precedence over `repoServer.pdb.minAvailable` maxUnavailable: ""

## Repo server image image:

repository: ""

tag: ""

imagePullPolicy: ""

imagePullSecrets: []

extraArgs: []

env: []

envFrom: []

lifecycle: {}

## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/ ## Note: Supports use of custom Helm templates extraContainers: []

initContainers: []

copyutil:

resources: {}

volumeMounts: []

volumes: []

existingVolumes: {}

## RepoServer emptyDir volumes emptyDir:

sizeLimit: ""

useEphemeralHelmWorkingDir: true

deploymentAnnotations: {}

deploymentLabels: {}

podAnnotations: {}

podLabels: {}

resources: {}

containerPorts:

server: 8081

metrics: 8084

hostNetwork: false

dnsConfig: {}

dnsPolicy: "ClusterFirst"

containerSecurityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop:

## Readiness and liveness probes for default backend ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe:

failureThreshold: 3

initialDelaySeconds: 10

periodSeconds: 10

successThreshold: 1

timeoutSeconds: 1

livenessProbe:

failureThreshold: 3

initialDelaySeconds: 10

periodSeconds: 10

successThreshold: 1

timeoutSeconds: 1

terminationGracePeriodSeconds: 30

nodeSelector: {}

tolerations: []

affinity: {}

deploymentStrategy: {}

priorityClassName: ""

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#configuring-tls-to-argocd-repo-server ## Note: Issuing certificates via cert-manager in not supported right now because it's not possible to restart repo server automatically without extra controllers. certificateSecret:

enabled: false

annotations: {}

labels: {}

ca: ''

key: ''

crt: ''

## Repo server service configuration service:

annotations: {}

labels: {}

port: 8081

portName: tcp-repo-server

trafficDistribution: ""

## Repo server metrics service configuration metrics:

enabled: false service:

type: ClusterIP

clusterIP: ""

annotations: {}

labels: {}

servicePort: 8084

portName: http-metrics serviceMonitor:

enabled: false

interval: 30s

scrapeTimeout: ""

honorLabels: false

relabelings: []

metricRelabelings: []

selector: {}

scheme: ""

tlsConfig: {}

namespace: "" # "monitoring"

additionalLabels: {}

annotations: {}

## Enable Custom Rules for the Repo server's Cluster Role resource ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. ## Defaults to off clusterRoleRules:

enabled: false

rules: []

automountServiceAccountToken: true

## Repo server service account ## If create is set to true, make sure to uncomment the name and update the rbac section below serviceAccount:

create: true

annotations: {}

labels: {}

automountServiceAccountToken: true

rbac: []

networkPolicy:

create: false

## ApplicationSet controller applicationSet:

replicas: 1

runtimeClassName: ""

## ApplicationSet controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb:

enabled: false

labels: {}

annotations: {}

minAvailable: ""

## Has higher precedence over `applicationSet.pdb.minAvailable` maxUnavailable: ""

## ApplicationSet controller image image:

repository: ""

tag: ""

imagePullPolicy: ""

imagePullSecrets: []

extraArgs: []

extraEnv: []

extraEnvFrom: []

## Note: Supports use of custom Helm templates extraContainers: []

## Note: Supports use of custom Helm templates initContainers: []

extraVolumeMounts: []

extraVolumes: []

## ApplicationSet controller emptyDir volumes emptyDir:

sizeLimit: ""

## Metrics service configuration metrics:

enabled: false service:

type: ClusterIP

clusterIP: ""

annotations: {}

labels: {}

servicePort: 8080

portName: http-metrics serviceMonitor:

enabled: false

interval: 30s

scrapeTimeout: ""

honorLabels: false

relabelings: []

metricRelabelings: []

selector: {}

scheme: ""

tlsConfig: {}

namespace: "" # monitoring

additionalLabels: {}

annotations: {}

## ApplicationSet service configuration service:

annotations: {}

labels: {}

type: ClusterIP

port: 7000

portName: http-webhook

automountServiceAccountToken: true

serviceAccount:

create: true

annotations: {}

labels: {}

automountServiceAccountToken: true

deploymentAnnotations: {}

deploymentLabels: {}

podAnnotations: {}

podLabels: {}

resources: {}

containerPorts:

metrics: 8080

probe: 8081

webhook: 7000

dnsConfig: {}

dnsPolicy: "ClusterFirst"

containerSecurityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop:

## Probes for ApplicationSet controller (optional) ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe:

enabled: false

initialDelaySeconds: 10

periodSeconds: 10

timeoutSeconds: 1

successThreshold: 1

failureThreshold: 3

livenessProbe:

enabled: false

initialDelaySeconds: 10

periodSeconds: 10

timeoutSeconds: 1

successThreshold: 1

failureThreshold: 3

terminationGracePeriodSeconds: 30

nodeSelector: {}

tolerations: []

affinity: {}

## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: []

deploymentStrategy: {}

priorityClassName: ""

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/tls/#tls-configuration certificate:

enabled: false

domain: ""

additionalHosts: []

## Ref: https://cert-manager.io/docs/usage/certificate/#renewal duration: ""

## Ref: https://cert-manager.io/docs/usage/certificate/#renewal renewBefore: ""

## Ref: https://cert-manager.io/docs/concepts/issuer issuer:

group: ""

kind: ""

privateKey:

rotationPolicy: Never

encoding: PKCS1

algorithm: RSA

size: 2048

annotations: {}

## Ingress for the Git Generator webhook ## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration) ingress:

enabled: false

labels: {}

annotations: {}

ingressClassName: ""

hostname: ""

path: /api/webhook

pathType: Prefix

## TLS certificate will be retrieved from a TLS secret with name:`argocd-applicationset-controller-tls` tls: false

extraHosts: []

extraPaths: []

## Note: Supports use of custom Helm templates extraRules: []

extraTls: []

allowAnyNamespace: false

networkPolicy:

create: false

## Notifications controller notifications:

enabled: true

argocdUrl: ""

runtimeClassName: ""

## Notifications controller Pod Disruption Budget ## Ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ pdb:

enabled: false

labels: {}

annotations: {}

minAvailable: ""

## Has higher precedence over `notifications.pdb.minAvailable` maxUnavailable: ""

## Notifications controller image image:

repository: ""

tag: ""

imagePullPolicy: ""

imagePullSecrets: []

extraArgs: []

extraEnv: []

extraEnvFrom: []

## Note: Supports use of custom Helm templates extraContainers: []

## Note: Supports use of custom Helm templates initContainers: []

extraVolumeMounts: []

extraVolumes: []

## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/#defining-user-defined-context context: {}

secret:

## If true, will create a secret with the name below. Otherwise, will assume existence of a secret with that name. create: true

annotations: {}

labels: {}

## Can be used for templates, notification services etc. Some examples given below. ## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ items: {}

metrics:

enabled: false

port: 9001 service:

type: ClusterIP

clusterIP: ""

annotations: {}

labels: {}

portName: http-metrics serviceMonitor:

enabled: false

selector: {}

additionalLabels: {}

annotations: {}

scheme: ""

tlsConfig: {}

honorLabels: false

relabelings: []

metricRelabelings: []

## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/services/overview/ notifiers: {}

deploymentAnnotations: {}

deploymentLabels: {}

podAnnotations: {}

podLabels: {}

resources: {}

containerPorts:

metrics: 9001

dnsConfig: {}

dnsPolicy: "ClusterFirst"

containerSecurityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault capabilities: drop:

## Probes for notifications controller Pods (optional) ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe:

enabled: false

initialDelaySeconds: 10

periodSeconds: 10

timeoutSeconds: 1

successThreshold: 1

failureThreshold: 3

livenessProbe:

enabled: false

initialDelaySeconds: 10

periodSeconds: 10

timeoutSeconds: 1

successThreshold: 1

failureThreshold: 3

terminationGracePeriodSeconds: 30

nodeSelector: {}

tolerations: []

affinity: {}

deploymentStrategy: type: Recreate

priorityClassName: ""

automountServiceAccountToken: true

serviceAccount:

create: true

annotations: {}

labels: {}

automountServiceAccountToken: true

cm:

create: true

## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. ## Defaults to off clusterRoleRules:

rules: []

## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/subscriptions/ subscriptions: []

## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/templates/ templates: {}

## For more information: https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/triggers/ triggers: {}

networkPolicy:

create: false

commitServer:

enabled: false

runtimeClassName: ""

## commit server controller image image:

repository: ""

tag: ""

imagePullPolicy: ""

extraArgs: []

extraEnv: []

extraEnvFrom: []

extraVolumeMounts: []

extraVolumes: []

metrics:

enabled: false service:

type: ClusterIP

clusterIP: ""

annotations: {}

labels: {}

servicePort: 8087

portName: metrics

## commit server service configuration service:

annotations: {}

labels: {}

port: 8086

portName: server

automountServiceAccountToken: false

serviceAccount:

create: true

annotations: {}

labels: {}

automountServiceAccountToken: true

deploymentAnnotations: {}

deploymentLabels: {}

podAnnotations: {}

podLabels: {}

resources: {}

dnsConfig: {}

dnsPolicy: "ClusterFirst"

containerSecurityContext: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop:

seccompProfile: type: RuntimeDefault

## Probes for commit server (optional) ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ readinessProbe:

enabled: true

initialDelaySeconds: 5

periodSeconds: 10

timeoutSeconds: 1

failureThreshold: 3

livenessProbe:

enabled: true

initialDelaySeconds: 30

periodSeconds: 30

timeoutSeconds: 5

failureThreshold: 3

terminationGracePeriodSeconds: 30

nodeSelector: {}

tolerations: []

affinity: {}

deploymentStrategy: {}

priorityClassName: ""

networkPolicy:

create: false

155 KiB Raw Blame History Unescape Escape

155 KiB

Raw Blame History