defaultValues | Chainguard

1

# This file has been modified by Chainguard, Inc.

2

#

3

4

# Chainguard, Inc. modifications are subject to the license

5

# available at: https://www.chainguard.dev/legal/software-license-agreement

6

#

7

8

# SPDX-License-Identifier: APACHE-2.0

9

10

## @section Global parameters

11

## Global Docker image parameters

12

## Please, note that this will override the image parameters, including dependencies, configured to use the global value

13

## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass

14

15

## @param global.imageRegistry Global Docker image registry

16

## @param global.imagePullSecrets Global Docker registry secret names as an array

17

## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)

18

##

19

global:

20

imageRegistry: ""

21

## E.g.

22

## imagePullSecrets:

23

## - myRegistryKeySecretName

24

##

25

imagePullSecrets: []

26

defaultStorageClass: ""

27

## Security parameters

28

##

29

security:

30

## @param global.security.allowInsecureImages Allows skipping image verification

31

allowInsecureImages: false

32

## Compatibility adaptations for Kubernetes platforms

33

##

34

compatibility:

35

## Compatibility adaptations for Openshift

36

##

37

openshift:

38

## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)

39

##

40

adaptSecurityContext: auto

41

org: ""

42

## @section Common parameters

43

44

## @param kubeVersion Override Kubernetes version

45

##

46

kubeVersion: ""

47

## @param nameOverride String to partially override common.names.fullname

48

##

49

nameOverride: ""

50

## @param fullnameOverride String to fully override common.names.fullname

51

##

52

fullnameOverride: ""

53

## @param commonLabels Labels to add to all deployed objects

54

##

55

commonLabels: {}

56

## @param commonAnnotations Annotations to add to all deployed objects

57

##

58

commonAnnotations: {}

59

## @param clusterDomain Kubernetes cluster domain name

60

##

61

clusterDomain: cluster.local

62

## @param extraDeploy Array of extra objects to deploy with the release

63

##

64

extraDeploy: []

65

## @section Argo CD image parameters

66

67

## Iamguarded Argo CD image

68

## ref: https://hub.docker.com/r/iamguarded/argo-cd/tags/

69

## @param image.registry [default: REGISTRY_NAME] Argo CD image registry

70

## @param image.repository [default: REPOSITORY_NAME/argo-cd] Argo CD image repository

71

## @skip image.tag Argo CD image tag (immutable tags are recommended)

72

## @param image.digest Argo CD image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

73

## @param image.pullPolicy Argo CD image pull policy

74

## @param image.pullSecrets Argo CD image pull secrets

75

## @param image.debug Enable Argo CD image debug mode

76

##

77

image:

78

registry: cgr.dev

79

repository: chainguard-private/argocd-iamguarded

80

tag: 3.3.2

81

digest: ""

82

## Specify a imagePullPolicy

83

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

84

##

85

pullPolicy: IfNotPresent

86

## Optionally specify an array of imagePullSecrets.

87

## Secrets must be manually created in the namespace.

88

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

89

## e.g:

90

## pullSecrets:

91

## - myRegistryKeySecretName

92

##

93

pullSecrets: []

94

## Enable debug mode

95

##

96

debug: false

97

## @section Argo CD application controller parameters

98

99

## Argo CD Controller

100

##

101

controller:

102

## @param controller.kind Kind to deploy ArgoCD application controller in.

103

## Use either StatefulSet or Deployment (default). StatefulSet is required when running in HA mode.

104

## ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/high_availability/

105

##

106

kind: Deployment

107

## @param controller.replicaCount Number of Argo CD replicas to deploy

108

##

109

replicaCount: 1

110

## Configure extra options for Argo CD containers' liveness and readiness probes

111

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

112

## @param controller.startupProbe.enabled Enable startupProbe on Argo CD nodes

113

## @param controller.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

114

## @param controller.startupProbe.periodSeconds Period seconds for startupProbe

115

## @param controller.startupProbe.timeoutSeconds Timeout seconds for startupProbe

116

## @param controller.startupProbe.failureThreshold Failure threshold for startupProbe

117

## @param controller.startupProbe.successThreshold Success threshold for startupProbe

118

##

119

startupProbe:

120

enabled: false

121

initialDelaySeconds: 10

122

periodSeconds: 10

123

timeoutSeconds: 1

124

failureThreshold: 3

125

successThreshold: 1

126

## @param controller.livenessProbe.enabled Enable livenessProbe on Argo CD nodes

127

## @param controller.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

128

## @param controller.livenessProbe.periodSeconds Period seconds for livenessProbe

129

## @param controller.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

130

## @param controller.livenessProbe.failureThreshold Failure threshold for livenessProbe

131

## @param controller.livenessProbe.successThreshold Success threshold for livenessProbe

132

##

133

livenessProbe:

134

enabled: true

135

initialDelaySeconds: 10

136

periodSeconds: 10

137

timeoutSeconds: 1

138

failureThreshold: 3

139

successThreshold: 1

140

## @param controller.readinessProbe.enabled Enable readinessProbe on Argo CD nodes

141

## @param controller.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

142

## @param controller.readinessProbe.periodSeconds Period seconds for readinessProbe

143

## @param controller.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

144

## @param controller.readinessProbe.failureThreshold Failure threshold for readinessProbe

145

## @param controller.readinessProbe.successThreshold Success threshold for readinessProbe

146

##

147

readinessProbe:

148

enabled: true

149

initialDelaySeconds: 10

150

periodSeconds: 10

151

timeoutSeconds: 1

152

failureThreshold: 3

153

successThreshold: 1

154

## @param controller.customStartupProbe Custom startupProbe that overrides the default one

155

##

156

customStartupProbe: {}

157

## @param controller.customLivenessProbe Custom livenessProbe that overrides the default one

158

##

159

customLivenessProbe: {}

160

## @param controller.customReadinessProbe Custom readinessProbe that overrides the default one

161

##

162

customReadinessProbe: {}

163

## Argo CD resource requests and limits

164

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

165

## @param controller.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production).

166

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

167

##

168

resourcesPreset: "micro"

169

## @param controller.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

170

## Example:

171

## resources:

172

## requests:

173

## cpu: 2

174

## memory: 512Mi

175

## limits:

176

## cpu: 3

177

## memory: 1024Mi

178

##

179

resources: {}

180

## Configure Pods Security Context

181

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

182

## @param controller.podSecurityContext.enabled Enabled Argo CD pods' Security Context

183

## @param controller.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

184

## @param controller.podSecurityContext.sysctls Set kernel settings using the sysctl interface

185

## @param controller.podSecurityContext.supplementalGroups Set filesystem extra groups

186

## @param controller.podSecurityContext.fsGroup Set Argo CD pod's Security Context fsGroup

187

##

188

podSecurityContext:

189

enabled: true

190

fsGroupChangePolicy: Always

191

sysctls: []

192

supplementalGroups: []

193

fsGroup: 1001

194

## Configure Container Security Context

195

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

196

## @param controller.containerSecurityContext.enabled Enabled Argo CD containers' Security Context

197

## @param controller.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

198

## @param controller.containerSecurityContext.runAsUser Set Argo CD containers' Security Context runAsUser

199

## @param controller.containerSecurityContext.runAsGroup Set Argo CD containers' Security Context runAsGroup

200

## @param controller.containerSecurityContext.allowPrivilegeEscalation Set Argo CD containers' Security Context allowPrivilegeEscalation

201

## @param controller.containerSecurityContext.capabilities.drop Set Argo CD containers' Security Context capabilities to be dropped

202

## @param controller.containerSecurityContext.readOnlyRootFilesystem Set Argo CD containers' Security Context readOnlyRootFilesystem

203

## @param controller.containerSecurityContext.runAsNonRoot Set Argo CD container's Security Context runAsNonRoot

204

## @param controller.containerSecurityContext.privileged Set controller container's Security Context privileged

205

## @param controller.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

206

##

207

containerSecurityContext:

208

enabled: true

209

seLinuxOptions: {}

210

runAsUser: 1001

211

runAsGroup: 1001

212

runAsNonRoot: true

213

readOnlyRootFilesystem: true

214

allowPrivilegeEscalation: false

215

privileged: false

216

capabilities:

217

drop: ["ALL"]

218

seccompProfile:

219

type: "RuntimeDefault"

220

## ServiceAccount configuration for the Argo CD application controller

221

##

222

serviceAccount:

223

## @param controller.serviceAccount.create Specifies whether a ServiceAccount should be created

224

##

225

create: true

226

## @param controller.serviceAccount.name The name of the ServiceAccount to use.

227

## If not set and create is true, a name is generated using the common.names.fullname template

228

##

229

230

## @param controller.serviceAccount.automountServiceAccountToken Automount service account token for the application controller service account

231

##

232

automountServiceAccountToken: false

233

## @param controller.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.

234

##

235

annotations: {}

236

## Enable admin clusterrole resources. Allows to Argo CD to deploy to the K8s cluster

237

## @param controller.clusterAdminAccess Enable K8s cluster admin access for the application controller

238

##

239

clusterAdminAccess: true

240

## Enable Custom Rules for the Application Controller cluster role

241

## @param controller.clusterRoleRules Use custom rules for the application controller's cluster role

242

##

243

clusterRoleRules: []

244

## Argo CD application controller log format: text|json

245

## @param controller.logFormat Format for the Argo CD application controller logs. Options: [text, json]

246

##

247

logFormat: text

248

## Argo CD application controller log level

249

## @param controller.logLevel Log level for the Argo CD application controller

250

##

251

logLevel: info

252

## Argo CD application controller ports

253

## @param controller.containerPorts.metrics Argo CD application controller metrics port number

254

containerPorts:

255

metrics: 8082

256

## Argo CD application controller service parameters

257

##

258

service:

259

## @param controller.service.type Argo CD service type

260

##

261

type: ClusterIP

262

## @param controller.service.ports.metrics Argo CD application controller service port

263

##

264

ports:

265

metrics: 8082

266

## Node ports to expose

267

## @param controller.service.nodePorts.metrics Node port for Argo CD application controller service

268

## NOTE: choose port between <30000-32767>

269

##

270

nodePorts:

271

metrics: ""

272

## @param controller.service.clusterIP Argo CD application controller service Cluster IP

273

## e.g.:

274

## clusterIP: None

275

##

276

clusterIP: ""

277

## @param controller.service.loadBalancerIP Argo CD application controller service Load Balancer IP

278

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

279

##

280

loadBalancerIP: ""

281

## @param controller.service.loadBalancerSourceRanges Argo CD application controller service Load Balancer sources

282

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

283

## e.g:

284

## loadBalancerSourceRanges:

285

## - 10.10.10.0/24

286

##

287

loadBalancerSourceRanges: []

288

## @param controller.service.externalTrafficPolicy Argo CD application controller service external traffic policy

289

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

290

##

291

externalTrafficPolicy: Cluster

292

## @param controller.service.annotations Additional custom annotations for Argo CD application controller service

293

##

294

annotations: {}

295

## @param controller.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)

296

##

297

extraPorts: []

298

## @param controller.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

299

## If "ClientIP", consecutive client requests will be directed to the same Pod

300

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

301

##

302

sessionAffinity: None

303

## @param controller.service.sessionAffinityConfig Additional settings for the sessionAffinity

304

## sessionAffinityConfig:

305

## clientIP:

306

## timeoutSeconds: 300

307

sessionAffinityConfig: {}

308

## Network Policies

309

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

310

##

311

networkPolicy:

312

## @param controller.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

313

##

314

enabled: true

315

## @param controller.networkPolicy.allowExternal Don't require server label for connections

316

## The Policy model to apply. When set to false, only pods with the correct

317

## server label will have network access to the ports server is listening

318

## on. When true, server will accept connections from any source

319

## (with the correct destination port).

320

##

321

allowExternal: true

322

## @param controller.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

323

##

324

allowExternalEgress: true

325

## @param controller.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)

326

##

327

kubeAPIServerPorts: [443, 6443, 8443]

328

## @param controller.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

329

## e.g:

330

## extraIngress:

331

## - ports:

332

## - port: 1234

333

## from:

334

## - podSelector:

335

## - matchLabels:

336

## - role: frontend

337

## - podSelector:

338

## - matchExpressions:

339

## - key: role

340

## operator: In

341

## values:

342

## - frontend

343

extraIngress: []

344

## @param controller.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

345

## e.g:

346

## extraEgress:

347

## - ports:

348

## - port: 1234

349

## to:

350

## - podSelector:

351

## - matchLabels:

352

## - role: frontend

353

## - podSelector:

354

## - matchExpressions:

355

## - key: role

356

## operator: In

357

## values:

358

## - frontend

359

##

360

extraEgress: []

361

## @param controller.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

362

## @param controller.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

363

##

364

ingressNSMatchLabels: {}

365

ingressNSPodMatchLabels: {}

366

## Metrics configuration for Argo CD application controller

367

##

368

metrics:

369

## @param controller.metrics.enabled Enable Argo CD application controller metrics

370

##

371

enabled: false

372

service:

373

## @param controller.metrics.service.type Argo CD application controller service type

374

##

375

type: ClusterIP

376

## @param controller.metrics.service.ports.metrics Argo CD application controller metrics service port

377

##

378

ports:

379

metrics: 8082

380

## Node ports to expose

381

## @param controller.metrics.service.nodePorts.metrics Node port for the application controller service

382

## NOTE: choose port between <30000-32767>

383

##

384

nodePorts:

385

metrics: ""

386

## @param controller.metrics.service.clusterIP Argo CD application controller metrics service Cluster IP

387

## e.g.:

388

## clusterIP: None

389

##

390

clusterIP: ""

391

## @param controller.metrics.service.loadBalancerIP Argo CD application controller service Load Balancer IP

392

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

393

##

394

loadBalancerIP: ""

395

## @param controller.metrics.service.loadBalancerSourceRanges Argo CD application controller service Load Balancer sources

396

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

397

## e.g:

398

## loadBalancerSourceRanges:

399

## - 10.10.10.0/24

400

##

401

loadBalancerSourceRanges: []

402

## @param controller.metrics.service.externalTrafficPolicy Argo CD application controller service external traffic policy

403

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

404

##

405

externalTrafficPolicy: Cluster

406

## @param controller.metrics.service.annotations Additional custom annotations for Argo CD application controller service

407

##

408

annotations: {}

409

## @param controller.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

410

## If "ClientIP", consecutive client requests will be directed to the same Pod

411

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

412

##

413

sessionAffinity: None

414

## @param controller.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity

415

## sessionAffinityConfig:

416

## clientIP:

417

## timeoutSeconds: 300

418

sessionAffinityConfig: {}

419

## Argo CD application controller metrics service monitor configuration

420

##

421

serviceMonitor:

422

## @param controller.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator

423

##

424

enabled: false

425

## @param controller.metrics.serviceMonitor.namespace Namespace which Prometheus is running in

426

## e.g:

427

## namespace: monitoring

428

##

429

namespace: ""

430

## @param controller.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.

431

##

432

jobLabel: ""

433

## @param controller.metrics.serviceMonitor.interval Interval at which metrics should be scraped

434

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

435

##

436

interval: 30s

437

## @param controller.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended

438

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

439

##

440

scrapeTimeout: 10s

441

## @param controller.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping

442

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

443

##

444

relabelings: []

445

## @param controller.metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion

446

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

447

##

448

metricRelabelings: []

449

## @param controller.metrics.serviceMonitor.selector ServiceMonitor selector labels

450

## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration

451

##

452

## selector:

453

## prometheus: my-prometheus

454

##

455

selector: {}

456

## @param controller.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels

457

##

458

honorLabels: false

459

## Rules for PrometheusRule object if enabled

460

##

461

## E.g.

462

## @param controller.metrics.rules.enabled Enable render extra rules for PrometheusRule object

463

## @param controller.metrics.rules.spec Rules to render into the PrometheusRule object

464

## @param controller.metrics.rules.selector Selector for the PrometheusRule object

465

## @param controller.metrics.rules.namespace Namespace where to create the PrometheusRule object

466

## @param controller.metrics.rules.additionalLabels Additional lables to add to the PrometheusRule object

467

##

468

rules:

469

enabled: false

470

## E.g

471

## - alert: ArgoAppMissing

472

## expr: |

473

## absent(argocd_app_info)

474

## for: 15m

475

## labels:

476

## severity: critical

477

## annotations:

478

## summary: "[ArgoCD] No reported applications"

479

## description: >

480

## ArgoCD has not reported any applications data for the past 15 minutes which

481

## means that it must be down or not functioning properly. This needs to be

482

## resolved for this cloud to continue to maintain state.

483

## - alert: ArgoAppNotSynced

484

## expr: |

485

## argocd_app_info{sync_status!="Synced"} == 1

486

## for: 12h

487

## labels:

488

## severity: warning

489

## annotations:

490

## summary: "[{{`{{ $labels.name }}`}}] Application not synchronized"

491

## description: >

492

## The application [{{`{{ $labels.name }}`}} has not been synchronized for over

493

## 12 hours which means that the state of this cloud has drifted away from the

494

## state inside Git.

495

##

496

spec: []

497

## E.g

498

## selector:

499

## prometheus: kube-prometheus

500

##

501

selector: {}

502

namespace: monitoring

503

additionalLabels: {}

504

## @param controller.command Override default container command (useful when using custom images)

505

##

506

command: []

507

## Arguments that will be used by default for the application controller

508

## @param controller.defaultArgs.statusProcessors Default status processors for Argo CD controller

509

## @param controller.defaultArgs.operationProcessors Default operation processors for Argo CD controller

510

## @param controller.defaultArgs.appResyncPeriod Default application resync period for Argo CD controller

511

## @param controller.defaultArgs.selfHealTimeout Default self heal timeout for Argo CD controller

512

##

513

defaultArgs:

514

statusProcessors: "20"

515

operationProcessors: "10"

516

appResyncPeriod: "180"

517

selfHealTimeout: "5"

518

## @param controller.args Override default container args (useful when using custom images). Overrides the defaultArgs.

519

##

520

args: []

521

## @param controller.extraArgs Add extra arguments to the default arguments for the Argo CD controller

522

##

523

extraArgs: []

524

## ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/

525

##

526

dynamicClusterDistribution:

527

## @param controller.dynamicClusterDistribution.enabled Whether dynamic cluster distribution is enabled.

528

##

529

enabled: false

530

## @param controller.dynamicClusterDistribution.heartbeatDuration Time to update the cluster sharding (defaults to 10 seconds).

531

## ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/dynamic-cluster-distribution/#working-of-dynamic-distribution

532

##

533

heartbeatDuration: ""

534

## @param controller.automountServiceAccountToken Mount Service Account token in pod

535

##

536

automountServiceAccountToken: true

537

## @param controller.hostAliases Argo CD pods host aliases

538

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

539

##

540

hostAliases: []

541

## @param controller.podLabels Extra labels for Argo CD pods

542

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

543

##

544

podLabels: {}

545

## @param controller.podAnnotations Annotations for Argo CD pods

546

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

547

##

548

podAnnotations: {}

549

## @param controller.podAffinityPreset Pod affinity preset. Ignored if `controller.affinity` is set. Allowed values: `soft` or `hard`

550

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

551

##

552

podAffinityPreset: ""

553

## @param controller.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `controller.affinity` is set. Allowed values: `soft` or `hard`

554

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

555

##

556

podAntiAffinityPreset: soft

557

## Node controller.affinity preset

558

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

559

##

560

nodeAffinityPreset:

561

## @param controller.nodeAffinityPreset.type Node affinity preset type. Ignored if `controller.affinity` is set. Allowed values: `soft` or `hard`

562

##

563

type: ""

564

## @param controller.nodeAffinityPreset.key Node label key to match. Ignored if `controller.affinity` is set

565

##

566

key: ""

567

## @param controller.nodeAffinityPreset.values Node label values to match. Ignored if `controller.affinity` is set

568

## E.g.

569

## values:

570

## - e2e-az1

571

## - e2e-az2

572

##

573

values: []

574

## @param controller.affinity Affinity for Argo CD pods assignment

575

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

576

## NOTE: `controller.podAffinityPreset`, `controller.podAntiAffinityPreset`, and `controller.nodeAffinityPreset` will be ignored when it's set

577

##

578

affinity: {}

579

## @param controller.nodeSelector Node labels for Argo CD pods assignment

580

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

581

##

582

nodeSelector: {}

583

## @param controller.tolerations Tolerations for Argo CD pods assignment

584

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

585

##

586

tolerations: []

587

## @param controller.schedulerName Name of the k8s scheduler (other than default)

588

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

589

##

590

schedulerName: ""

591

## @param controller.shareProcessNamespace Enable shared process namespace in a pod.

592

## If set to false (default), each container will run in separate namespace, controller will have PID=1.

593

## If set to true, the /pause will run as init process and will reap any zombie PIDs,

594

## for example, generated by a custom exec probe running longer than a probe timeoutSeconds.

595

## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.

596

## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/

597

##

598

shareProcessNamespace: false

599

## @param controller.topologySpreadConstraints Topology Spread Constraints for pod assignment

600

## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/

601

## The value is evaluated as a template

602

##

603

topologySpreadConstraints: []

604

## @param controller.updateStrategy.type Argo CD statefulset strategy type

605

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies

606

##

607

updateStrategy:

608

## StrategyType

609

## Can be set to RollingUpdate or OnDelete

610

##

611

type: RollingUpdate

612

## @param controller.priorityClassName Argo CD pods' priorityClassName

613

##

614

priorityClassName: ""

615

## @param controller.runtimeClassName Name of the runtime class to be used by pod(s)

616

## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/

617

##

618

runtimeClassName: ""

619

## @param controller.lifecycleHooks for the Argo CD container(s) to automate configuration before or after startup

620

##

621

lifecycleHooks: {}

622

## @param controller.podManagementPolicy podManagementPolicy to manage scaling operation of pods (only in StatefulSet mode)

623

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies

624

##

625

podManagementPolicy: ""

626

## @param controller.extraEnvVars Array with extra environment variables to add to Argo CD nodes

627

## e.g:

628

## extraEnvVars:

629

## - name: FOO

630

## value: "bar"

631

##

632

extraEnvVars: []

633

## @param controller.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Argo CD nodes

634

##

635

extraEnvVarsCM: ""

636

## @param controller.extraEnvVarsSecret Name of existing Secret containing extra env vars for Argo CD nodes

637

##

638

extraEnvVarsSecret: ""

639

## @param controller.extraVolumes Optionally specify extra list of additional volumes for the Argo CD pod(s)

640

##

641

extraVolumes: []

642

## @param controller.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Argo CD container(s)

643

##

644

extraVolumeMounts: []

645

## @param controller.sidecars Add additional sidecar containers to the Argo CD pod(s)

646

## e.g:

647

## sidecars:

648

## - name: your-image-name

649

## image: your-image

650

## imagePullPolicy: Always

651

## ports:

652

## - name: portname

653

## containerPort: 1234

654

##

655

sidecars: []

656

## @param controller.initContainers Add additional init containers to the Argo CD pod(s)

657

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

658

## e.g:

659

## initContainers:

660

## - name: your-image-name

661

## image: your-image

662

## imagePullPolicy: Always

663

## command: ['sh', '-c', 'echo "hello world"']

664

##

665

initContainers: []

666

## Pod Disruption Budget configuration

667

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

668

## @param controller.pdb.create Enable/disable a Pod Disruption Budget creation

669

## @param controller.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

670

## @param controller.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `controller.pdb.minAvailable` and `controller.pdb.maxUnavailable` are empty.

671

##

672

pdb:

673

create: true

674

minAvailable: ""

675

maxUnavailable: ""

676

## @section Argo CD ApplicationSet controller parameters

677

678

## ApplicationSet controller

679

##

680

applicationSet:

681

## @param applicationSet.enabled Enable ApplicationSet controller

682

##

683

enabled: false

684

## @param applicationSet.replicaCount The number of ApplicationSet controller pods to run

685

##

686

replicaCount: 1

687

## @param applicationSet.command Override default container command (useful when using custom images)

688

##

689

command: []

690

## Arguments that will be used by default for the application controller

691

## @param applicationSet.defaultArgs.enableLeaderElection Enable leader election

692

## @param applicationSet.defaultArgs.policy Default policy

693

## @param applicationSet.defaultArgs.debug Enable debug mode

694

## @param applicationSet.defaultArgs.dryRun Enable dry-run mode

695

##

696

defaultArgs:

697

enableLeaderElection: false

698

policy: "sync"

699

debug: false

700

dryRun: false

701

## @param applicationSet.args Override default container args (useful when using custom images). Overrides the defaultArgs.

702

##

703

args: []

704

## @param applicationSet.extraArgs Add extra arguments to the default arguments for the Argo CD applicationSet controller

705

##

706

extraArgs: []

707

## Argo CD applicationSet controller log format: text|json

708

## @param applicationSet.logFormat Format for the Argo CD applicationSet controller logs. Options: [text, json]

709

##

710

logFormat: text

711

## Argo CD applicationSet controller log level

712

## @param applicationSet.logLevel Log level for the Argo CD applicationSet controller

713

##

714

logLevel: info

715

## Argo CD applicationSet controller ports

716

## @param applicationSet.containerPorts.metrics Argo CD applicationSet controller metrics port number

717

## @param applicationSet.containerPorts.probe Argo CD applicationSet controller probe port number

718

##

719

containerPorts:

720

metrics: 8085

721

probe: 8081

722

## Metrics configuration for Argo CD applicationSet controller

723

##

724

metrics:

725

## @param applicationSet.metrics.enabled Enable Argo CD applicationSet controller metrics

726

##

727

enabled: false

728

service:

729

## @param applicationSet.metrics.service.type Argo CD applicationSet controller service type

730

##

731

type: ClusterIP

732

## @param applicationSet.metrics.service.ports.metrics Argo CD applicationSet controller metrics service port

733

##

734

ports:

735

metrics: 8085

736

## Node ports to expose

737

## @param applicationSet.metrics.service.nodePorts.metrics Node port for the applicationSet controller service

738

## NOTE: choose port between <30000-32767>

739

##

740

nodePorts:

741

metrics: ""

742

## @param applicationSet.metrics.service.clusterIP Argo CD applicationSet controller metrics service Cluster IP

743

## e.g.:

744

## clusterIP: None

745

##

746

clusterIP: ""

747

## @param applicationSet.metrics.service.loadBalancerIP Argo CD applicationSet controller service Load Balancer IP

748

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

749

##

750

loadBalancerIP: ""

751

## @param applicationSet.metrics.service.loadBalancerSourceRanges Argo CD applicationSet controller service Load Balancer sources

752

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

753

## e.g:

754

## loadBalancerSourceRanges:

755

## - 10.10.10.0/24

756

##

757

loadBalancerSourceRanges: []

758

## @param applicationSet.metrics.service.externalTrafficPolicy Argo CD applicationSet controller service external traffic policy

759

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

760

##

761

externalTrafficPolicy: Cluster

762

## @param applicationSet.metrics.service.annotations Additional custom annotations for Argo CD applicationSet controller service

763

##

764

annotations: {}

765

## @param applicationSet.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

766

## If "ClientIP", consecutive client requests will be directed to the same Pod

767

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

768

##

769

sessionAffinity: None

770

## @param applicationSet.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity

771

## sessionAffinityConfig:

772

## clientIP:

773

## timeoutSeconds: 300

774

##

775

sessionAffinityConfig: {}

776

## Argo CD applicationSet controller metrics service monitor configuration

777

##

778

serviceMonitor:

779

## @param applicationSet.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator

780

##

781

enabled: false

782

## @param applicationSet.metrics.serviceMonitor.namespace Namespace which Prometheus is running in

783

## e.g:

784

## namespace: monitoring

785

##

786

namespace: ""

787

## @param applicationSet.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.

788

##

789

jobLabel: ""

790

## @param applicationSet.metrics.serviceMonitor.interval Interval at which metrics should be scraped

791

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

792

##

793

interval: 30s

794

## @param applicationSet.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended

795

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

796

##

797

scrapeTimeout: 10s

798

## @param applicationSet.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping

799

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

800

##

801

relabelings: []

802

## @param applicationSet.metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion

803

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

804

##

805

metricRelabelings: []

806

## @param applicationSet.metrics.serviceMonitor.selector ServiceMonitor selector labels

807

## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration

808

##

809

## selector:

810

## prometheus: my-prometheus

811

##

812

selector: {}

813

## @param applicationSet.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels

814

##

815

honorLabels: false

816

## Argo CD applicationSet controller service parameters

817

##

818

service:

819

## @param applicationSet.service.type Argo CD applicationSet controller service type

820

##

821

type: ClusterIP

822

## @param applicationSet.service.ports.webhook Argo CD applicationSet controller service port

823

##

824

ports:

825

webhook: 7000

826

## Node ports to expose

827

## @param applicationSet.service.nodePorts.webhook Node port for Argo CD applicationSet controller service

828

## NOTE: choose port between <30000-32767>

829

##

830

nodePorts:

831

webhook: ""

832

## @param applicationSet.service.clusterIP Argo CD applicationSet controller service Cluster IP

833

## e.g.:

834

## clusterIP: None

835

##

836

clusterIP: ""

837

## @param applicationSet.service.loadBalancerIP Argo CD applicationSet controller service Load Balancer IP

838

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

839

##

840

loadBalancerIP: ""

841

## @param applicationSet.service.loadBalancerSourceRanges Argo CD applicationSet controller service Load Balancer sources

842

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

843

## e.g:

844

## loadBalancerSourceRanges:

845

## - 10.10.10.0/24

846

##

847

loadBalancerSourceRanges: []

848

## @param applicationSet.service.externalTrafficPolicy Argo CD applicationSet controller service external traffic policy

849

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

850

##

851

externalTrafficPolicy: Cluster

852

## @param applicationSet.service.annotations Additional custom annotations for Argo CD applicationSet controller service

853

##

854

annotations: {}

855

## @param applicationSet.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)

856

##

857

extraPorts: []

858

## @param applicationSet.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

859

## If "ClientIP", consecutive client requests will be directed to the same Pod

860

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

861

##

862

sessionAffinity: None

863

## @param applicationSet.service.sessionAffinityConfig Additional settings for the sessionAffinity

864

## sessionAffinityConfig:

865

## clientIP:

866

## timeoutSeconds: 300

867

##

868

sessionAffinityConfig: {}

869

## Network Policies

870

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

871

##

872

networkPolicy:

873

## @param applicationSet.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

874

##

875

enabled: true

876

## @param applicationSet.networkPolicy.allowExternal Don't require server label for connections

877

## The Policy model to apply. When set to false, only pods with the correct

878

## server label will have network access to the ports server is listening

879

## on. When true, server will accept connections from any source

880

## (with the correct destination port).

881

##

882

allowExternal: true

883

## @param applicationSet.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

884

##

885

allowExternalEgress: true

886

## @param applicationSet.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)

887

##

888

kubeAPIServerPorts: [443, 6443, 8443]

889

## @param applicationSet.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

890

## e.g:

891

## extraIngress:

892

## - ports:

893

## - port: 1234

894

## from:

895

## - podSelector:

896

## - matchLabels:

897

## - role: frontend

898

## - podSelector:

899

## - matchExpressions:

900

## - key: role

901

## operator: In

902

## values:

903

## - frontend

904

extraIngress: []

905

## @param applicationSet.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

906

## e.g:

907

## extraEgress:

908

## - ports:

909

## - port: 1234

910

## to:

911

## - podSelector:

912

## - matchLabels:

913

## - role: frontend

914

## - podSelector:

915

## - matchExpressions:

916

## - key: role

917

## operator: In

918

## values:

919

## - frontend

920

##

921

extraEgress: []

922

## @param applicationSet.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

923

## @param applicationSet.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

924

##

925

ingressNSMatchLabels: {}

926

ingressNSPodMatchLabels: {}

927

## ServiceAccount configuration for the Argo CD applicationSet controller

928

##

929

serviceAccount:

930

## @param applicationSet.serviceAccount.create Specifies whether a ServiceAccount should be created

931

##

932

create: true

933

## @param applicationSet.serviceAccount.name The name of the ServiceAccount to use.

934

## If not set and create is true, a name is generated using the common.names.fullname template

935

##

936

937

## @param applicationSet.serviceAccount.automountServiceAccountToken Automount service account token for the applicationSet controller service account

938

##

939

automountServiceAccountToken: false

940

## @param applicationSet.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.

941

##

942

annotations: {}

943

## Enable admin clusterrole resources. Allows Argo CD applicationSet controller to have access to multiple namespaces

944

## @param applicationSet.clusterAdminAccess Enable K8s cluster admin access for the application controller

945

##

946

clusterAdminAccess: false

947

## Enable Custom Rules for Argo CD applicationSet controller cluster role

948

## @param applicationSet.clusterRoleRules Use custom rules for Argo CD applicationSet controller's cluster role

949

##

950

clusterRoleRules: []

951

## @param applicationSet.podAffinityPreset Pod affinity preset. Ignored if `applicationSet.affinity` is set. Allowed values: `soft` or `hard`

952

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

953

##

954

podAffinityPreset: ""

955

## @param applicationSet.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `applicationSet.affinity` is set. Allowed values: `soft` or `hard`

956

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

957

##

958

podAntiAffinityPreset: soft

959

## Node applicationSet.affinity preset

960

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

961

##

962

nodeAffinityPreset:

963

## @param applicationSet.nodeAffinityPreset.type Node affinity preset type. Ignored if `applicationSet.affinity` is set. Allowed values: `soft` or `hard`

964

##

965

type: ""

966

## @param applicationSet.nodeAffinityPreset.key Node label key to match. Ignored if `applicationSet.affinity` is set

967

##

968

key: ""

969

## @param applicationSet.nodeAffinityPreset.values Node label values to match. Ignored if `applicationSet.affinity` is set

970

## E.g.

971

## values:

972

## - e2e-az1

973

## - e2e-az2

974

##

975

values: []

976

## @param applicationSet.affinity Affinity for Argo CD applicationSet controller pods assignment

977

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

978

## NOTE: `applicationSet.podAffinityPreset`, `applicationSet.podAntiAffinityPreset`, and `applicationSet.nodeAffinityPreset` will be ignored when it's set

979

##

980

affinity: {}

981

## @param applicationSet.podAnnotations Annotations for Argo CD applicationSet controller pods

982

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

983

##

984

podAnnotations: {}

985

## @param applicationSet.podLabels Extra labels for Argo CD applicationSet controller pods

986

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

987

##

988

podLabels: {}

989

## Configure Container Security Context

990

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

991

## @param applicationSet.containerSecurityContext.enabled Enabled Argo CD applicationSet controller containers' Security Context

992

## @param applicationSet.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

993

## @param applicationSet.containerSecurityContext.runAsUser Set Argo CD applicationSet controller containers' Security Context runAsUser

994

## @param applicationSet.containerSecurityContext.runAsGroup Set Argo CD applicationSet controller containers' Security Context runAsGroup

995

## @param applicationSet.containerSecurityContext.allowPrivilegeEscalation Set Argo CD applicationSet controller containers' Security Context allowPrivilegeEscalation

996

## @param applicationSet.containerSecurityContext.capabilities.drop Set Argo CD applicationSet controller containers' Security Context capabilities to be dropped

997

## @param applicationSet.containerSecurityContext.readOnlyRootFilesystem Set Argo CD applicationSet controller containers' Security Context readOnlyRootFilesystem

998

## @param applicationSet.containerSecurityContext.runAsNonRoot Set Argo CD applicationSet controller container's Security Context runAsNonRoot

999

## @param applicationSet.containerSecurityContext.privileged Set applicationSet container's Security Context privileged

1000

## @param applicationSet.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

1001

##

1002

containerSecurityContext:

1003

enabled: true

1004

seLinuxOptions: {}

1005

runAsUser: 1001

1006

runAsGroup: 1001

1007

runAsNonRoot: true

1008

readOnlyRootFilesystem: true

1009

allowPrivilegeEscalation: false

1010

privileged: false

1011

capabilities:

1012

drop: ["ALL"]

1013

seccompProfile:

1014

type: "RuntimeDefault"

1015

## @param applicationSet.livenessProbe.enabled Enable livenessProbe on Argo CD applicationSet controller nodes

1016

## @param applicationSet.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

1017

## @param applicationSet.livenessProbe.periodSeconds Period seconds for livenessProbe

1018

## @param applicationSet.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

1019

## @param applicationSet.livenessProbe.failureThreshold Failure threshold for livenessProbe

1020

## @param applicationSet.livenessProbe.successThreshold Success threshold for livenessProbe

1021

##

1022

livenessProbe:

1023

enabled: true

1024

initialDelaySeconds: 10

1025

periodSeconds: 10

1026

timeoutSeconds: 1

1027

failureThreshold: 3

1028

successThreshold: 1

1029

## @param applicationSet.readinessProbe.enabled Enable readinessProbe on Argo CD applicationSet controller nodes

1030

## @param applicationSet.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

1031

## @param applicationSet.readinessProbe.periodSeconds Period seconds for readinessProbe

1032

## @param applicationSet.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

1033

## @param applicationSet.readinessProbe.failureThreshold Failure threshold for readinessProbe

1034

## @param applicationSet.readinessProbe.successThreshold Success threshold for readinessProbe

1035

##

1036

readinessProbe:

1037

enabled: true

1038

initialDelaySeconds: 10

1039

periodSeconds: 10

1040

timeoutSeconds: 1

1041

failureThreshold: 3

1042

successThreshold: 1

1043

## @param applicationSet.customLivenessProbe Custom livenessProbe that overrides the default one

1044

##

1045

customLivenessProbe: {}

1046

## @param applicationSet.customReadinessProbe Custom readinessProbe that overrides the default one

1047

##

1048

customReadinessProbe: {}

1049

## Argo CD applicationSet controller resource requests and limits

1050

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1051

## @param applicationSet.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if applicationSet.resources is set (applicationSet.resources is recommended for production).

1052

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

1053

##

1054

resourcesPreset: "nano"

1055

## @param applicationSet.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

1056

## Example:

1057

## resources:

1058

## requests:

1059

## cpu: 2

1060

## memory: 512Mi

1061

## limits:

1062

## cpu: 3

1063

## memory: 1024Mi

1064

##

1065

resources: {}

1066

## Configure Pods Security Context

1067

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

1068

## @param applicationSet.podSecurityContext.enabled Enabled Argo CD applicationSet controller pods' Security Context

1069

## @param applicationSet.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

1070

## @param applicationSet.podSecurityContext.sysctls Set kernel settings using the sysctl interface

1071

## @param applicationSet.podSecurityContext.supplementalGroups Set filesystem extra groups

1072

## @param applicationSet.podSecurityContext.fsGroup Set Argo CD applicationSet controller pod's Security Context fsGroup

1073

##

1074

podSecurityContext:

1075

enabled: true

1076

fsGroupChangePolicy: Always

1077

sysctls: []

1078

supplementalGroups: []

1079

fsGroup: 1001

1080

## @param applicationSet.nodeSelector Node labels for Argo CD applicationSet controller pods assignment

1081

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

1082

##

1083

nodeSelector: {}

1084

## @param applicationSet.tolerations Tolerations for Argo CD applicationSet controller pods assignment

1085

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

1086

##

1087

tolerations: []

1088

## @param applicationSet.updateStrategy.type Argo CD applicationSet controller statefulset strategy type

1089

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies

1090

##

1091

updateStrategy:

1092

## StrategyType

1093

## Can be set to RollingUpdate or OnDelete

1094

##

1095

type: RollingUpdate

1096

## @param applicationSet.priorityClassName Argo CD applicationSet controller pods' priorityClassName

1097

##

1098

priorityClassName: ""

1099

## @param applicationSet.extraVolumes Optionally specify extra list of additional volumes for the Argo CD applicationSet controller pod(s)

1100

##

1101

extraVolumes: []

1102

## @param applicationSet.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Argo CD applicationSet controller container(s)

1103

##

1104

extraVolumeMounts: []

1105

## @param applicationSet.extraEnvVars Array with extra environment variables to add to Argo CD applicationSet controller nodes

1106

## e.g:

1107

## extraEnvVars:

1108

## - name: FOO

1109

## value: "bar"

1110

##

1111

extraEnvVars: []

1112

## @param applicationSet.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Argo CD applicationSet controller nodes

1113

##

1114

extraEnvVarsCM: ""

1115

## @param applicationSet.extraEnvVarsSecret Name of existing Secret containing extra env vars for Argo CD applicationSet controller nodes

1116

##

1117

extraEnvVarsSecret: ""

1118

## Webhook for the Git Generator

1119

## Ref: https://argocd-applicationset.readthedocs.io/en/master/Generators-Git/#webhook-configuration)

1120

##

1121

webhook:

1122

ingress:

1123

## @param applicationSet.webhook.ingress.enabled Enable an ingress resource for Webhooks

1124

##

1125

enabled: false

1126

## @param applicationSet.webhook.ingress.annotations Additional ingress annotations

1127

##

1128

annotations: {}

1129

## @param applicationSet.webhook.ingress.labels Additional ingress labels

1130

##

1131

labels: {}

1132

## @param applicationSet.webhook.ingress.ingressClassName Defines which ingress controller will implement the resource

1133

##

1134

ingressClassName: ""

1135

## @param applicationSet.webhook.ingress.hostname Ingress hostname for the Argo CD applicationSet ingress

1136

## Hostname must be provided if Ingress is enabled.

1137

##

1138

hostname: ""

1139

## @param applicationSet.webhook.ingress.path Argo CD applicationSet ingress path

1140

##

1141

path: /api/webhook

1142

## @param applicationSet.webhook.ingress.pathType Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`

1143

##

1144

pathType: Prefix

1145

## @param applicationSet.webhook.ingress.extraHosts Extra hosts array for the Argo CD applicationSet ingress

1146

## The list of additional hostnames to be covered with this ingress record.

1147

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

1148

##

1149

extraHosts: []

1150

## @param applicationSet.webhook.ingress.extraPaths Extra paths for the Argo CD applicationSet ingress

1151

## Any additional arbitrary paths that may need to be added to the ingress under the main host.

1152

## For example: The ALB ingress controller requires a special rule for handling SSL redirection.

1153

##

1154

extraPaths: []

1155

## - path: /*

1156

## backend:

1157

## serviceName: ssl-redirect

1158

## servicePort: use-annotation

1159

##

1160

## @param applicationSet.webhook.ingress.extraTls Extra TLS configuration for the Argo CD applicationSet ingress

1161

## The tls configuration for additional hostnames to be covered with this ingress record.

1162

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

1163

##

1164

extraTls: []

1165

## - hosts:

1166

## - argocd.server.local

1167

## secretName: argocd.server.local-tls

1168

##

1169

## @param applicationSet.webhook.ingress.tls Ingress TLS configuration

1170

##

1171

tls: []

1172

## Pod Disruption Budget configuration

1173

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

1174

## @param applicationSet.pdb.create Enable/disable a Pod Disruption Budget creation

1175

## @param applicationSet.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

1176

## @param applicationSet.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `controller.pdb.minAvailable` and `controller.pdb.maxUnavailable` are empty.

1177

##

1178

pdb:

1179

create: true

1180

minAvailable: ""

1181

maxUnavailable: ""

1182

## @section Argo CD notifications controller parameters

1183

1184

## notifications controller

1185

##

1186

notifications:

1187

## @param notifications.enabled Enable notifications controller

1188

##

1189

enabled: false

1190

## @param notifications.command Override default container command (useful when using custom images)

1191

##

1192

command: []

1193

## @param notifications.args Override default container args (useful when using custom images).

1194

##

1195

args: []

1196

## @param notifications.extraArgs Add extra arguments to the default arguments for the Argo CD notifications controller

1197

##

1198

extraArgs: []

1199

## @param notifications.automountServiceAccountToken Mount Service Account token in pod

1200

##

1201

automountServiceAccountToken: true

1202

## Argo CD notifications controller log format: text|json

1203

## @param notifications.logFormat Format for the Argo CD notifications controller logs. Options: [text, json]

1204

##

1205

logFormat: text

1206

## Argo CD notifications controller log level

1207

## @param notifications.logLevel Log level for the Argo CD notifications controller

1208

##

1209

logLevel: info

1210

## Argo CD notifications controller ports

1211

## @param notifications.containerPorts.metrics Argo CD notifications controller metrics port number

1212

##

1213

containerPorts:

1214

metrics: 8085

1215

## Metrics configuration for Argo CD notifications controller

1216

##

1217

metrics:

1218

## @param notifications.metrics.enabled Enable Argo CD notifications controller metrics

1219

##

1220

enabled: false

1221

service:

1222

## @param notifications.metrics.service.type Argo CD notifications controller service type

1223

##

1224

type: ClusterIP

1225

## @param notifications.metrics.service.ports.metrics Argo CD notifications controller metrics service port

1226

##

1227

ports:

1228

metrics: 8085

1229

## Node ports to expose

1230

## @param notifications.metrics.service.nodePorts.metrics Node port for the notifications controller service

1231

## NOTE: choose port between <30000-32767>

1232

##

1233

nodePorts:

1234

metrics: ""

1235

## @param notifications.metrics.service.clusterIP Argo CD notifications controller metrics service Cluster IP

1236

## e.g.:

1237

## clusterIP: None

1238

##

1239

clusterIP: ""

1240

## @param notifications.metrics.service.loadBalancerIP Argo CD notifications controller service Load Balancer IP

1241

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

1242

##

1243

loadBalancerIP: ""

1244

## @param notifications.metrics.service.loadBalancerSourceRanges Argo CD notifications controller service Load Balancer sources

1245

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

1246

## e.g:

1247

## loadBalancerSourceRanges:

1248

## - 10.10.10.0/24

1249

##

1250

loadBalancerSourceRanges: []

1251

## @param notifications.metrics.service.externalTrafficPolicy Argo CD notifications controller service external traffic policy

1252

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

1253

##

1254

externalTrafficPolicy: Cluster

1255

## @param notifications.metrics.service.annotations Additional custom annotations for Argo CD notifications controller service

1256

##

1257

annotations: {}

1258

## @param notifications.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

1259

## If "ClientIP", consecutive client requests will be directed to the same Pod

1260

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

1261

##

1262

sessionAffinity: None

1263

## @param notifications.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity

1264

## sessionAffinityConfig:

1265

## clientIP:

1266

## timeoutSeconds: 300

1267

##

1268

sessionAffinityConfig: {}

1269

## Argo CD notifications controller metrics service monitor configuration

1270

##

1271

serviceMonitor:

1272

## @param notifications.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator

1273

##

1274

enabled: false

1275

## @param notifications.metrics.serviceMonitor.namespace Namespace which Prometheus is running in

1276

## e.g:

1277

## namespace: monitoring

1278

##

1279

namespace: ""

1280

## @param notifications.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.

1281

##

1282

jobLabel: ""

1283

## @param notifications.metrics.serviceMonitor.interval Interval at which metrics should be scraped

1284

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

1285

##

1286

interval: 30s

1287

## @param notifications.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended

1288

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

1289

##

1290

scrapeTimeout: 10s

1291

## @param notifications.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping

1292

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

1293

##

1294

relabelings: []

1295

## @param notifications.metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion

1296

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

1297

##

1298

metricRelabelings: []

1299

## @param notifications.metrics.serviceMonitor.selector ServiceMonitor selector labels

1300

## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration

1301

##

1302

## selector:

1303

## prometheus: my-prometheus

1304

##

1305

selector: {}

1306

## @param notifications.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels

1307

##

1308

honorLabels: false

1309

## Network Policies

1310

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

1311

##

1312

networkPolicy:

1313

## @param notifications.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

1314

##

1315

enabled: true

1316

## @param notifications.networkPolicy.allowExternal Don't require server label for connections

1317

## The Policy model to apply. When set to false, only pods with the correct

1318

## server label will have network access to the ports server is listening

1319

## on. When true, server will accept connections from any source

1320

## (with the correct destination port).

1321

##

1322

allowExternal: true

1323

## @param notifications.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

1324

##

1325

allowExternalEgress: true

1326

## @param notifications.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)

1327

##

1328

kubeAPIServerPorts: [443, 6443, 8443]

1329

## @param notifications.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

1330

## e.g:

1331

## extraIngress:

1332

## - ports:

1333

## - port: 1234

1334

## from:

1335

## - podSelector:

1336

## - matchLabels:

1337

## - role: frontend

1338

## - podSelector:

1339

## - matchExpressions:

1340

## - key: role

1341

## operator: In

1342

## values:

1343

## - frontend

1344

extraIngress: []

1345

## @param notifications.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

1346

## e.g:

1347

## extraEgress:

1348

## - ports:

1349

## - port: 1234

1350

## to:

1351

## - podSelector:

1352

## - matchLabels:

1353

## - role: frontend

1354

## - podSelector:

1355

## - matchExpressions:

1356

## - key: role

1357

## operator: In

1358

## values:

1359

## - frontend

1360

##

1361

extraEgress: []

1362

## @param notifications.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

1363

## @param notifications.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

1364

##

1365

ingressNSMatchLabels: {}

1366

ingressNSPodMatchLabels: {}

1367

## ServiceAccount configuration for the Argo CD notifications controller

1368

##

1369

serviceAccount:

1370

## @param notifications.serviceAccount.create Specifies whether a ServiceAccount should be created

1371

##

1372

create: true

1373

## @param notifications.serviceAccount.name The name of the ServiceAccount to use.

1374

## If not set and create is true, a name is generated using the common.names.fullname template

1375

##

1376

1377

## @param notifications.serviceAccount.automountServiceAccountToken Automount service account token for the notifications controller service account

1378

##

1379

automountServiceAccountToken: false

1380

## @param notifications.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.

1381

##

1382

annotations: {}

1383

## Enable admin clusterrole resources. Allows Argo CD notifications controller to have access to multiple namespaces

1384

## @param notifications.clusterAdminAccess Enable K8s cluster admin access for the notifications controller

1385

##

1386

clusterAdminAccess: false

1387

## Enable Custom Rules for Argo CD notifications controller cluster role

1388

## @param notifications.clusterRoleRules Use custom rules for notifications controller's cluster role

1389

##

1390

clusterRoleRules: []

1391

## @param notifications.podAffinityPreset Pod affinity preset. Ignored if `notifications.affinity` is set. Allowed values: `soft` or `hard`

1392

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1393

##

1394

podAffinityPreset: ""

1395

## @param notifications.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `notifications.affinity` is set. Allowed values: `soft` or `hard`

1396

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1397

##

1398

podAntiAffinityPreset: soft

1399

## Node notifications.affinity preset

1400

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

1401

##

1402

nodeAffinityPreset:

1403

## @param notifications.nodeAffinityPreset.type Node affinity preset type. Ignored if `notifications.affinity` is set. Allowed values: `soft` or `hard`

1404

##

1405

type: ""

1406

## @param notifications.nodeAffinityPreset.key Node label key to match. Ignored if `notifications.affinity` is set

1407

##

1408

key: ""

1409

## @param notifications.nodeAffinityPreset.values Node label values to match. Ignored if `notifications.affinity` is set

1410

## E.g.

1411

## values:

1412

## - e2e-az1

1413

## - e2e-az2

1414

##

1415

values: []

1416

## @param notifications.affinity Affinity for Argo CD notifications controller pods assignment

1417

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

1418

## NOTE: `notifications.podAffinityPreset`, `notifications.podAntiAffinityPreset`, and `notifications.nodeAffinityPreset` will be ignored when it's set

1419

##

1420

affinity: {}

1421

## @param notifications.podAnnotations Annotations for Argo CD notifications controller pods

1422

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

1423

##

1424

podAnnotations: {}

1425

## @param notifications.podLabels Extra labels for Argo CD notifications controller pods

1426

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

1427

##

1428

podLabels: {}

1429

## Configure Container Security Context

1430

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

1431

## @param notifications.containerSecurityContext.enabled Enabled Argo CD notifications controller containers' Security Context

1432

## @param notifications.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

1433

## @param notifications.containerSecurityContext.runAsUser Set Argo CD notifications controller containers' Security Context runAsUser

1434

## @param notifications.containerSecurityContext.runAsGroup Set Argo CD notifications controller containers' Security Context runAsGroup

1435

## @param notifications.containerSecurityContext.allowPrivilegeEscalation Set Argo CD notifications controller containers' Security Context allowPrivilegeEscalation

1436

## @param notifications.containerSecurityContext.capabilities.drop Set Argo CD notifications controller containers' Security Context capabilities to be dropped

1437

## @param notifications.containerSecurityContext.readOnlyRootFilesystem Set Argo CD notifications controller containers' Security Context readOnlyRootFilesystem

1438

## @param notifications.containerSecurityContext.runAsNonRoot Set Argo CD notifications controller container's Security Context runAsNonRoot

1439

## @param notifications.containerSecurityContext.privileged Set notifications container's Security Context privileged

1440

## @param notifications.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

1441

##

1442

containerSecurityContext:

1443

enabled: true

1444

seLinuxOptions: {}

1445

runAsUser: 1001

1446

runAsGroup: 1001

1447

runAsNonRoot: true

1448

readOnlyRootFilesystem: true

1449

allowPrivilegeEscalation: false

1450

privileged: false

1451

capabilities:

1452

drop: ["ALL"]

1453

seccompProfile:

1454

type: "RuntimeDefault"

1455

## Argo CD notifications controller resource requests and limits

1456

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1457

## @param notifications.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if notifications.resources is set (notifications.resources is recommended for production).

1458

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

1459

##

1460

resourcesPreset: "nano"

1461

## @param notifications.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

1462

## Example:

1463

## resources:

1464

## requests:

1465

## cpu: 2

1466

## memory: 512Mi

1467

## limits:

1468

## cpu: 3

1469

## memory: 1024Mi

1470

##

1471

resources: {}

1472

## Configure Pods Security Context

1473

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

1474

## @param notifications.podSecurityContext.enabled Enabled Argo CD notifications controller pods' Security Context

1475

## @param notifications.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

1476

## @param notifications.podSecurityContext.sysctls Set kernel settings using the sysctl interface

1477

## @param notifications.podSecurityContext.supplementalGroups Set filesystem extra groups

1478

## @param notifications.podSecurityContext.fsGroup Set Argo CD notifications controller pod's Security Context fsGroup

1479

##

1480

podSecurityContext:

1481

enabled: true

1482

fsGroupChangePolicy: Always

1483

sysctls: []

1484

supplementalGroups: []

1485

fsGroup: 1001

1486

## @param notifications.nodeSelector Node labels for Argo CD notifications controller pods assignment

1487

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

1488

##

1489

nodeSelector: {}

1490

## @param notifications.tolerations Tolerations for Argo CD notifications controller pods assignment

1491

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

1492

##

1493

tolerations: []

1494

## @param notifications.priorityClassName Argo CD notifications controller pods' priorityClassName

1495

##

1496

priorityClassName: ""

1497

## @param notifications.extraVolumes Optionally specify extra list of additional volumes for the Argo CD notifications controller pod(s)

1498

##

1499

extraVolumes: []

1500

## @param notifications.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Argo CD notifications controller container(s)

1501

##

1502

extraVolumeMounts: []

1503

## @param notifications.extraEnvVars Array with extra environment variables to add to Argo CD notifications controller nodes

1504

## e.g:

1505

## extraEnvVars:

1506

## - name: FOO

1507

## value: "bar"

1508

##

1509

extraEnvVars: []

1510

## @param notifications.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Argo CD notifications controller nodes

1511

##

1512

extraEnvVarsCM: ""

1513

## @param notifications.extraEnvVarsSecret Name of existing Secret containing extra env vars for Argo CD notifications controller nodes

1514

##

1515

extraEnvVarsSecret: ""

1516

## Configure extra options for Notification containers' liveness and readiness probes

1517

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

1518

## @param notifications.startupProbe.enabled Enable startupProbe on Notification nodes

1519

## @param notifications.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

1520

## @param notifications.startupProbe.periodSeconds Period seconds for startupProbe

1521

## @param notifications.startupProbe.timeoutSeconds Timeout seconds for startupProbe

1522

## @param notifications.startupProbe.failureThreshold Failure threshold for startupProbe

1523

## @param notifications.startupProbe.successThreshold Success threshold for startupProbe

1524

##

1525

startupProbe:

1526

enabled: false

1527

initialDelaySeconds: 10

1528

periodSeconds: 10

1529

timeoutSeconds: 1

1530

failureThreshold: 3

1531

successThreshold: 1

1532

## @param notifications.livenessProbe.enabled Enable livenessProbe on Notification nodes

1533

## @param notifications.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

1534

## @param notifications.livenessProbe.periodSeconds Period seconds for livenessProbe

1535

## @param notifications.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

1536

## @param notifications.livenessProbe.failureThreshold Failure threshold for livenessProbe

1537

## @param notifications.livenessProbe.successThreshold Success threshold for livenessProbe

1538

##

1539

livenessProbe:

1540

enabled: true

1541

initialDelaySeconds: 10

1542

periodSeconds: 10

1543

timeoutSeconds: 1

1544

failureThreshold: 3

1545

successThreshold: 1

1546

## @param notifications.readinessProbe.enabled Enable readinessProbe on Notification nodes

1547

## @param notifications.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

1548

## @param notifications.readinessProbe.periodSeconds Period seconds for readinessProbe

1549

## @param notifications.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

1550

## @param notifications.readinessProbe.failureThreshold Failure threshold for readinessProbe

1551

## @param notifications.readinessProbe.successThreshold Success threshold for readinessProbe

1552

##

1553

readinessProbe:

1554

enabled: true

1555

initialDelaySeconds: 10

1556

periodSeconds: 10

1557

timeoutSeconds: 1

1558

failureThreshold: 3

1559

successThreshold: 1

1560

## @param notifications.customStartupProbe Custom startupProbe that overrides the default one

1561

##

1562

customStartupProbe: {}

1563

## @param notifications.customLivenessProbe Custom livenessProbe that overrides the default one

1564

##

1565

customLivenessProbe: {}

1566

## @param notifications.customReadinessProbe Custom readinessProbe that overrides the default one

1567

##

1568

customReadinessProbe: {}

1569

## Webhook for the Git Generator

1570

## Ref: https://argocd-notifications.readthedocs.io/en/master/Generators-Git/#webhook-configuration)

1571

##

1572

webhook:

1573

ingress:

1574

## @param notifications.webhook.ingress.enabled Enable an ingress resource for Webhooks

1575

##

1576

enabled: false

1577

## @param notifications.webhook.ingress.annotations Additional ingress annotations

1578

##

1579

annotations: {}

1580

## @param notifications.webhook.ingress.labels Additional ingress labels

1581

##

1582

labels: {}

1583

## @param notifications.webhook.ingress.ingressClassName Defines which ingress controller will implement the resource

1584

##

1585

ingressClassName: ""

1586

## @param notifications.webhook.ingress.hostname Ingress hostname for the Argo CD notifications ingress

1587

## Hostname must be provided if Ingress is enabled.

1588

##

1589

hostname: ""

1590

## @param notifications.webhook.ingress.path Argo CD notifications ingress path

1591

##

1592

path: /api/webhook

1593

## @param notifications.webhook.ingress.pathType Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific`

1594

##

1595

pathType: Prefix

1596

## @param notifications.webhook.ingress.extraHosts Extra hosts array for the Argo CD notifications ingress

1597

## The list of additional hostnames to be covered with this ingress record.

1598

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

1599

##

1600

extraHosts: []

1601

## @param notifications.webhook.ingress.extraPaths Extra paths for the Argo CD notifications ingress

1602

## Any additional arbitrary paths that may need to be added to the ingress under the main host.

1603

## For example: The ALB ingress controller requires a special rule for handling SSL redirection.

1604

##

1605

extraPaths: []

1606

## - path: /*

1607

## backend:

1608

## serviceName: ssl-redirect

1609

## servicePort: use-annotation

1610

##

1611

## @param notifications.webhook.ingress.extraTls Extra TLS configuration for the Argo CD notifications ingress

1612

## The tls configuration for additional hostnames to be covered with this ingress record.

1613

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

1614

##

1615

extraTls: []

1616

## - hosts:

1617

## - argocd.server.local

1618

## secretName: argocd.server.local-tls

1619

##

1620

## @param notifications.webhook.ingress.tls Ingress TLS configuration

1621

##

1622

tls: []

1623

## The optional bot component simplifies managing subscriptions

1624

## For more information: https://argocd-notifications.readthedocs.io/en/stable/bots/overview/

1625

bots:

1626

slack:

1627

## @param notifications.bots.slack.enabled Enable notifications controller

1628

##

1629

enabled: false

1630

## @param notifications.bots.slack.command Override default container command (useful when using custom images)

1631

##

1632

command: []

1633

## @param notifications.bots.slack.args Override default container args (useful when using custom images).

1634

##

1635

args: []

1636

## @param notifications.bots.slack.extraArgs Add extra arguments to the default arguments for the Argo CD Slack bot

1637

##

1638

extraArgs: []

1639

## Argo CD Slack bot service parameters

1640

##

1641

service:

1642

## @param notifications.bots.slack.service.type Argo CD Slack bot service type

1643

##

1644

type: LoadBalancer

1645

## @param notifications.bots.slack.service.ports.http Argo CD Slack bot service port

1646

##

1647

ports:

1648

http: 80

1649

## Node ports to expose

1650

## @param notifications.bots.slack.service.nodePorts.http Node port for Argo CD Slack bot service

1651

## NOTE: choose port between <30000-32767>

1652

##

1653

nodePorts:

1654

http: ""

1655

## @param notifications.bots.slack.service.clusterIP Argo CD Slack bot service Cluster IP

1656

## e.g.:

1657

## clusterIP: None

1658

##

1659

clusterIP: ""

1660

## @param notifications.bots.slack.service.loadBalancerIP Argo CD Slack bot service Load Balancer IP

1661

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

1662

##

1663

loadBalancerIP: ""

1664

## @param notifications.bots.slack.service.loadBalancerSourceRanges Argo CD Slack bot service Load Balancer sources

1665

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

1666

## e.g:

1667

## loadBalancerSourceRanges:

1668

## - 10.10.10.0/24

1669

##

1670

loadBalancerSourceRanges: []

1671

## @param notifications.bots.slack.service.externalTrafficPolicy Argo CD Slack bot service external traffic policy

1672

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

1673

##

1674

externalTrafficPolicy: Cluster

1675

## @param notifications.bots.slack.service.annotations Additional custom annotations for Argo CD Slack bot service

1676

##

1677

annotations: {}

1678

## @param notifications.bots.slack.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)

1679

##

1680

extraPorts: []

1681

## @param notifications.bots.slack.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

1682

## If "ClientIP", consecutive client requests will be directed to the same Pod

1683

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

1684

##

1685

sessionAffinity: None

1686

## @param notifications.bots.slack.service.sessionAffinityConfig Additional settings for the sessionAffinity

1687

## sessionAffinityConfig:

1688

## clientIP:

1689

## timeoutSeconds: 300

1690

##

1691

sessionAffinityConfig: {}

1692

## Network Policies

1693

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

1694

##

1695

networkPolicy:

1696

## @param notifications.bots.slack.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

1697

##

1698

enabled: true

1699

## @param notifications.bots.slack.networkPolicy.allowExternal Don't require server label for connections

1700

## The Policy model to apply. When set to false, only pods with the correct

1701

## server label will have network access to the ports server is listening

1702

## on. When true, server will accept connections from any source

1703

## (with the correct destination port).

1704

##

1705

allowExternal: true

1706

## @param notifications.bots.slack.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

1707

##

1708

allowExternalEgress: true

1709

## @param notifications.bots.slack.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)

1710

##

1711

kubeAPIServerPorts: [443, 6443, 8443]

1712

## @param notifications.bots.slack.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

1713

## e.g:

1714

## extraIngress:

1715

## - ports:

1716

## - port: 1234

1717

## from:

1718

## - podSelector:

1719

## - matchLabels:

1720

## - role: frontend

1721

## - podSelector:

1722

## - matchExpressions:

1723

## - key: role

1724

## operator: In

1725

## values:

1726

## - frontend

1727

extraIngress: []

1728

## @param notifications.bots.slack.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

1729

## e.g:

1730

## extraEgress:

1731

## - ports:

1732

## - port: 1234

1733

## to:

1734

## - podSelector:

1735

## - matchLabels:

1736

## - role: frontend

1737

## - podSelector:

1738

## - matchExpressions:

1739

## - key: role

1740

## operator: In

1741

## values:

1742

## - frontend

1743

##

1744

extraEgress: []

1745

## @param notifications.bots.slack.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

1746

## @param notifications.bots.slack.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

1747

##

1748

ingressNSMatchLabels: {}

1749

ingressNSPodMatchLabels: {}

1750

## ServiceAccount configuration for the Argo CD Slack bot

1751

##

1752

serviceAccount:

1753

## @param notifications.bots.slack.serviceAccount.create Specifies whether a ServiceAccount should be created

1754

##

1755

create: true

1756

## @param notifications.bots.slack.serviceAccount.name The name of the ServiceAccount to use.

1757

## If not set and create is true, a name is generated using the common.names.fullname template

1758

##

1759

1760

## @param notifications.bots.slack.serviceAccount.automountServiceAccountToken Automount service account token for the notifications controller service account

1761

##

1762

automountServiceAccountToken: false

1763

## @param notifications.bots.slack.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.

1764

##

1765

annotations: {}

1766

## @param notifications.bots.slack.podAffinityPreset Pod affinity preset. Ignored if `notifications.bots.slack.affinity` is set. Allowed values: `soft` or `hard`

1767

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1768

##

1769

podAffinityPreset: ""

1770

## @param notifications.bots.slack.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `notifications.bots.slack.affinity` is set. Allowed values: `soft` or `hard`

1771

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

1772

##

1773

podAntiAffinityPreset: soft

1774

## Node notifications.bots.slack.affinity preset

1775

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

1776

##

1777

nodeAffinityPreset:

1778

## @param notifications.bots.slack.nodeAffinityPreset.type Node affinity preset type. Ignored if `notifications.bots.slack.affinity` is set. Allowed values: `soft` or `hard`

1779

##

1780

type: ""

1781

## @param notifications.bots.slack.nodeAffinityPreset.key Node label key to match. Ignored if `notifications.bots.slack.affinity` is set

1782

##

1783

key: ""

1784

## @param notifications.bots.slack.nodeAffinityPreset.values Node label values to match. Ignored if `notifications.bots.slack.affinity` is set

1785

## E.g.

1786

## values:

1787

## - e2e-az1

1788

## - e2e-az2

1789

##

1790

values: []

1791

## Argo CD Slack Bot controller ports

1792

## @param notifications.bots.slack.containerPorts.metrics Slack Bot controller metrics port number

1793

##

1794

containerPorts:

1795

metrics: 9001

1796

## Configure extra options for Slack Bot containers' liveness and readiness probes

1797

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

1798

## @param notifications.bots.slack.startupProbe.enabled Enable startupProbe on Slack Bot nodes

1799

## @param notifications.bots.slack.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

1800

## @param notifications.bots.slack.startupProbe.periodSeconds Period seconds for startupProbe

1801

## @param notifications.bots.slack.startupProbe.timeoutSeconds Timeout seconds for startupProbe

1802

## @param notifications.bots.slack.startupProbe.failureThreshold Failure threshold for startupProbe

1803

## @param notifications.bots.slack.startupProbe.successThreshold Success threshold for startupProbe

1804

##

1805

startupProbe:

1806

enabled: false

1807

initialDelaySeconds: 10

1808

periodSeconds: 10

1809

timeoutSeconds: 1

1810

failureThreshold: 3

1811

successThreshold: 1

1812

## @param notifications.bots.slack.livenessProbe.enabled Enable livenessProbe on Slack Bot nodes

1813

## @param notifications.bots.slack.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

1814

## @param notifications.bots.slack.livenessProbe.periodSeconds Period seconds for livenessProbe

1815

## @param notifications.bots.slack.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

1816

## @param notifications.bots.slack.livenessProbe.failureThreshold Failure threshold for livenessProbe

1817

## @param notifications.bots.slack.livenessProbe.successThreshold Success threshold for livenessProbe

1818

##

1819

livenessProbe:

1820

enabled: true

1821

initialDelaySeconds: 10

1822

periodSeconds: 10

1823

timeoutSeconds: 1

1824

failureThreshold: 3

1825

successThreshold: 1

1826

## @param notifications.bots.slack.readinessProbe.enabled Enable readinessProbe on Slack Bot nodes

1827

## @param notifications.bots.slack.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

1828

## @param notifications.bots.slack.readinessProbe.periodSeconds Period seconds for readinessProbe

1829

## @param notifications.bots.slack.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

1830

## @param notifications.bots.slack.readinessProbe.failureThreshold Failure threshold for readinessProbe

1831

## @param notifications.bots.slack.readinessProbe.successThreshold Success threshold for readinessProbe

1832

##

1833

readinessProbe:

1834

enabled: true

1835

initialDelaySeconds: 10

1836

periodSeconds: 10

1837

timeoutSeconds: 1

1838

failureThreshold: 3

1839

successThreshold: 1

1840

## @param notifications.bots.slack.customStartupProbe Custom startupProbe that overrides the default one

1841

##

1842

customStartupProbe: {}

1843

## @param notifications.bots.slack.customLivenessProbe Custom livenessProbe that overrides the default one

1844

##

1845

customLivenessProbe: {}

1846

## @param notifications.bots.slack.customReadinessProbe Custom readinessProbe that overrides the default one

1847

##

1848

customReadinessProbe: {}

1849

## @param notifications.bots.slack.affinity Affinity for Argo CD Slack bot pods assignment

1850

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

1851

## NOTE: `notifications.bots.slack.podAffinityPreset`, `notifications.bots.slack.podAntiAffinityPreset`, and `notifications.bots.slack.nodeAffinityPreset` will be ignored when it's set

1852

##

1853

affinity: {}

1854

## @param notifications.bots.slack.podAnnotations Annotations for Argo CD Slack bot pods

1855

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

1856

##

1857

podAnnotations: {}

1858

## @param notifications.bots.slack.podLabels Extra labels for Argo CD Slack bot pods

1859

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

1860

##

1861

podLabels: {}

1862

## Configure Container Security Context

1863

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

1864

## @param notifications.bots.slack.containerSecurityContext.enabled Enabled Argo CD Slack bot containers' Security Context

1865

## @param notifications.bots.slack.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

1866

## @param notifications.bots.slack.containerSecurityContext.runAsUser Set Argo CD Slack bot containers' Security Context runAsUser

1867

## @param notifications.bots.slack.containerSecurityContext.runAsGroup Set Argo CD Slack bot containers' Security Context runAsGroup

1868

## @param notifications.bots.slack.containerSecurityContext.allowPrivilegeEscalation Set Argo CD Slack bot containers' Security Context allowPrivilegeEscalation

1869

## @param notifications.bots.slack.containerSecurityContext.capabilities.drop Set Argo CD Slack bot containers' Security Context capabilities to be dropped

1870

## @param notifications.bots.slack.containerSecurityContext.readOnlyRootFilesystem Set Argo CD Slack bot containers' Security Context readOnlyRootFilesystem

1871

## @param notifications.bots.slack.containerSecurityContext.runAsNonRoot Set Argo CD Slack bot container's Security Context runAsNonRoot

1872

## @param notifications.bots.slack.containerSecurityContext.privileged Set notifications container's Security Context privileged

1873

## @param notifications.bots.slack.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

1874

##

1875

containerSecurityContext:

1876

enabled: true

1877

seLinuxOptions: {}

1878

runAsUser: 1001

1879

runAsGroup: 1001

1880

runAsNonRoot: true

1881

readOnlyRootFilesystem: true

1882

allowPrivilegeEscalation: false

1883

privileged: false

1884

capabilities:

1885

drop: ["ALL"]

1886

seccompProfile:

1887

type: "RuntimeDefault"

1888

## Argo CD Slack bot resource requests and limits

1889

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

1890

## @param notifications.bots.slack.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if notifications.bots.slack.resources is set (notifications.bots.slack.resources is recommended for production).

1891

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

1892

##

1893

resourcesPreset: "nano"

1894

## @param notifications.bots.slack.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

1895

## Example:

1896

## resources:

1897

## requests:

1898

## cpu: 2

1899

## memory: 512Mi

1900

## limits:

1901

## cpu: 3

1902

## memory: 1024Mi

1903

##

1904

resources: {}

1905

## Configure Pods Security Context

1906

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

1907

## @param notifications.bots.slack.podSecurityContext.enabled Enabled Argo CD Slack bot pods' Security Context

1908

## @param notifications.bots.slack.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

1909

## @param notifications.bots.slack.podSecurityContext.sysctls Set kernel settings using the sysctl interface

1910

## @param notifications.bots.slack.podSecurityContext.supplementalGroups Set filesystem extra groups

1911

## @param notifications.bots.slack.podSecurityContext.fsGroup Set Argo CD Slack bot pod's Security Context fsGroup

1912

##

1913

podSecurityContext:

1914

enabled: true

1915

fsGroupChangePolicy: Always

1916

sysctls: []

1917

supplementalGroups: []

1918

fsGroup: 1001

1919

## @param notifications.bots.slack.nodeSelector Node labels for Argo CD Slack bot pods assignment

1920

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

1921

##

1922

nodeSelector: {}

1923

## @param notifications.bots.slack.tolerations Tolerations for Argo CD Slack bot pods assignment

1924

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

1925

##

1926

tolerations: []

1927

## @param notifications.bots.slack.priorityClassName Argo CD Slack bot pods' priorityClassName

1928

##

1929

priorityClassName: ""

1930

## @param notifications.bots.slack.extraVolumes Optionally specify extra list of additional volumes for the Argo CD Slack bot pod(s)

1931

##

1932

extraVolumes: []

1933

## @param notifications.bots.slack.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Argo CD Slack bot container(s)

1934

##

1935

extraVolumeMounts: []

1936

## @param notifications.bots.slack.extraEnvVars Array with extra environment variables to add to Argo CD Slack bot nodes

1937

## e.g:

1938

## extraEnvVars:

1939

## - name: FOO

1940

## value: "bar"

1941

##

1942

extraEnvVars: []

1943

## @param notifications.bots.slack.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Argo CD Slack bot nodes

1944

##

1945

extraEnvVarsCM: ""

1946

## @param notifications.bots.slack.extraEnvVarsSecret Name of existing Secret containing extra env vars for Argo CD Slack bot nodes

1947

##

1948

extraEnvVarsSecret: ""

1949

## Pod Disruption Budget configuration

1950

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

1951

## @param notifications.pdb.create Enable/disable a Pod Disruption Budget creation

1952

## @param notifications.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

1953

## @param notifications.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `notifications.pdb.minAvailable` and `notifications.pdb.maxUnavailable` are empty.

1954

##

1955

pdb:

1956

create: true

1957

minAvailable: ""

1958

maxUnavailable: ""

1959

## @section Argo CD server Parameters

1960

1961

## Argo CD server configuration

1962

##

1963

server:

1964

## @param server.replicaCount Number of Argo CD server replicas to deploy

1965

##

1966

replicaCount: 1

1967

## Configure extra options for Argo CD server containers' liveness and readiness probes

1968

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

1969

## @param server.startupProbe.enabled Enable startupProbe on Argo CD server nodes

1970

## @param server.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

1971

## @param server.startupProbe.periodSeconds Period seconds for startupProbe

1972

## @param server.startupProbe.timeoutSeconds Timeout seconds for startupProbe

1973

## @param server.startupProbe.failureThreshold Failure threshold for startupProbe

1974

## @param server.startupProbe.successThreshold Success threshold for startupProbe

1975

##

1976

startupProbe:

1977

enabled: false

1978

initialDelaySeconds: 10

1979

periodSeconds: 10

1980

timeoutSeconds: 1

1981

failureThreshold: 3

1982

successThreshold: 1

1983

## @param server.livenessProbe.enabled Enable livenessProbe on Argo CD server nodes

1984

## @param server.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

1985

## @param server.livenessProbe.periodSeconds Period seconds for livenessProbe

1986

## @param server.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

1987

## @param server.livenessProbe.failureThreshold Failure threshold for livenessProbe

1988

## @param server.livenessProbe.successThreshold Success threshold for livenessProbe

1989

##

1990

livenessProbe:

1991

enabled: true

1992

initialDelaySeconds: 10

1993

periodSeconds: 10

1994

timeoutSeconds: 1

1995

failureThreshold: 3

1996

successThreshold: 1

1997

## @param server.readinessProbe.enabled Enable readinessProbe on Argo CD server nodes

1998

## @param server.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

1999

## @param server.readinessProbe.periodSeconds Period seconds for readinessProbe

2000

## @param server.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

2001

## @param server.readinessProbe.failureThreshold Failure threshold for readinessProbe

2002

## @param server.readinessProbe.successThreshold Success threshold for readinessProbe

2003

##

2004

readinessProbe:

2005

enabled: true

2006

initialDelaySeconds: 10

2007

periodSeconds: 10

2008

timeoutSeconds: 1

2009

failureThreshold: 3

2010

successThreshold: 1

2011

## @param server.customStartupProbe Custom startupProbe that overrides the default one

2012

##

2013

customStartupProbe: {}

2014

## @param server.customLivenessProbe Custom livenessProbe that overrides the default one

2015

##

2016

customLivenessProbe: {}

2017

## @param server.customReadinessProbe Custom readinessProbe that overrides the default one

2018

##

2019

customReadinessProbe: {}

2020

## Argo CD server resource requests and limits

2021

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

2022

## @param server.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if server.resources is set (server.resources is recommended for production).

2023

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

2024

##

2025

resourcesPreset: "nano"

2026

## @param server.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

2027

## Example:

2028

## resources:

2029

## requests:

2030

## cpu: 2

2031

## memory: 512Mi

2032

## limits:

2033

## cpu: 3

2034

## memory: 1024Mi

2035

##

2036

resources: {}

2037

## Configure Pods Security Context

2038

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

2039

## @param server.podSecurityContext.enabled Enabled Argo CD server pods' Security Context

2040

## @param server.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

2041

## @param server.podSecurityContext.sysctls Set kernel settings using the sysctl interface

2042

## @param server.podSecurityContext.supplementalGroups Set filesystem extra groups

2043

## @param server.podSecurityContext.fsGroup Set Argo CD server pod's Security Context fsGroup

2044

##

2045

podSecurityContext:

2046

enabled: true

2047

fsGroupChangePolicy: Always

2048

sysctls: []

2049

supplementalGroups: []

2050

fsGroup: 1001

2051

## Configure Container Security Context

2052

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

2053

## @param server.containerSecurityContext.enabled Enabled Argo CD server containers' Security Context

2054

## @param server.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

2055

## @param server.containerSecurityContext.runAsUser Set Argo CD server containers' Security Context runAsUser

2056

## @param server.containerSecurityContext.runAsGroup Set Argo CD server containers' Security Context runAsGroup

2057

## @param server.containerSecurityContext.allowPrivilegeEscalation Set Argo CD server containers' Security Context allowPrivilegeEscalation

2058

## @param server.containerSecurityContext.capabilities.drop Set Argo CD containers' server Security Context capabilities to be dropped

2059

## @param server.containerSecurityContext.readOnlyRootFilesystem Set Argo CD containers' server Security Context readOnlyRootFilesystem

2060

## @param server.containerSecurityContext.runAsNonRoot Set Argo CD server containers' Security Context runAsNonRoot

2061

## @param server.containerSecurityContext.privileged Set server container's Security Context privileged

2062

## @param server.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

2063

##

2064

containerSecurityContext:

2065

enabled: true

2066

seLinuxOptions: {}

2067

runAsUser: 1001

2068

runAsGroup: 1001

2069

runAsNonRoot: true

2070

readOnlyRootFilesystem: true

2071

allowPrivilegeEscalation: false

2072

privileged: false

2073

capabilities:

2074

drop: ["ALL"]

2075

seccompProfile:

2076

type: "RuntimeDefault"

2077

## Argo CD server deployment autoscaling

2078

## @param server.autoscaling.enabled Enable Argo CD server deployment autoscaling

2079

## @param server.autoscaling.minReplicas Argo CD server deployment autoscaling minimum number of replicas

2080

## @param server.autoscaling.maxReplicas Argo CD server deployment autoscaling maximum number of replicas

2081

## @param server.autoscaling.targetCPU Argo CD server deployment autoscaling target CPU percentage

2082

## @param server.autoscaling.targetMemory Argo CD server deployment autoscaling target CPU memory

2083

##

2084

autoscaling:

2085

enabled: false

2086

minReplicas: 1

2087

maxReplicas: 5

2088

targetCPU: 50

2089

targetMemory: 50

2090

## Redirect all request to https

2091

## @param server.insecure Disable HTTPS redirection for Argo CD server

2092

##

2093

insecure: false

2094

## @param server.logFormat ArgoCD server logs format. Options: [text, json]

2095

##

2096

logFormat: text

2097

## @param server.logLevel ArgoCD server logs level

2098

##

2099

logLevel: info

2100

## Argo CD server enable config

2101

## @param server.configEnabled Enable Argo CD server config

2102

## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml

2103

##

2104

configEnabled: true

2105

## Argo CD server URL

2106

## @param server.url Argo CD server base URL. Required when configuring SSO. Required when enabling dex.

2107

##

2108

url: ""

2109

## Argo CD server config. This object will be directly rendered

2110

## @param server.config [object] Argo CD server configuration that will end on the argocd-cm Config Map

2111

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/

2112

## E.g:

2113

## repositories:

2114

## - url: git@github.com:group/repo.git

2115

## sshPrivateKeySecret:

2116

## name: secret-name

2117

## key: sshPrivateKey

2118

## - type: helm

2119

## url: https://charts.helm.sh/stable

2120

## name: stable

2121

## - type: helm

2122

## url: https://argoproj.github.io/argo-helm

2123

## name: argo

2124

## oidc.config:

2125

## name: AzureAD

2126

## issuer: https://login.microsoftonline.com/TENANT_ID/v2.0

2127

## clientID: CLIENT_ID

2128

## clientSecret: $oidc.azuread.clientSecret

2129

## requestedIDTokenClaims:

2130

## groups:

2131

## essential: true

2132

## requestedScopes:

2133

## - openid

2134

## - profile

2135

## - email

2136

## dex.config:

2137

## connectors:

2138

## # GitHub example

2139

## - type: github

2140

## id: github

2141

## name: GitHub

2142

## config:

2143

## clientID: aabbccddeeff00112233

2144

## clientSecret: $dex.github.clientSecret

2145

## orgs:

2146

## - name: your-github-org

2147

config:

2148

## Argo CD external base URL. Required when configuring SSO. Required when enabling dex.

2149

## E.g:

2150

## url: https://argocd.example.com

2151

##

2152

url: "{{ .Values.server.url }}"

2153

## Argo CD instance label key

2154

##

2155

application.instanceLabelKey: argocd.argoproj.io/instance

2156

## If Dex is enabled you need to add connectors here

2157

## dex.config: |

2158

## connectors: []

2159

##

2160

dex.config: ""

2161

## Configure the ingress for the Argo CD server

2162

## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/

2163

## @param server.ingress.enabled Enable the creation of an ingress for the Argo CD server

2164

## @param server.ingress.pathType Path type for the Argo CD server ingress

2165

## @param server.ingress.apiVersion Ingress API version for the Argo CD server ingress

2166

## @param server.ingress.hostname Ingress hostname for the Argo CD server ingress

2167

## @param server.ingress.annotations Annotations for the Argo CD server ingress. To enable certificate autogeneration, place here your cert-manager annotations.

2168

## @param server.ingress.tls Enable TLS for the Argo CD server ingress

2169

## @param server.ingress.extraHosts Extra hosts array for the Argo CD server ingress

2170

## @param server.ingress.path Path array for the Argo CD server ingress

2171

## @param server.ingress.extraPaths Extra paths for the Argo CD server ingress

2172

## @param server.ingress.extraTls Extra TLS configuration for the Argo CD server ingress

2173

## @param server.ingress.secrets Secrets array to mount into the Ingress

2174

## @param server.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

2175

##

2176

ingress:

2177

## Set to true to enable ingress record generation

2178

##

2179

enabled: false

2180

## @param server.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

2181

##

2182

selfSigned: false

2183

## Ingress Path type

2184

##

2185

pathType: ImplementationSpecific

2186

## Override API Version (automatically detected if not set)

2187

##

2188

apiVersion: ""

2189

## When the ingress is enabled, a host pointing to this will be created

2190

##

2191

hostname: argocd.server.local

2192

## The Path to Argo CD server. You may need to set this to '/*' in order to use this

2193

## with ALB ingress controllers.

2194

##

2195

path: /

2196

## For a full list of possible ingress annotations, please see

2197

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

2198

## Use this parameter to set the required annotations for cert-manager, see

2199

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

2200

##

2201

## e.g:

2202

## annotations:

2203

## kubernetes.io/ingress.class: nginx

2204

## cert-manager.io/cluster-issuer: cluster-issuer-name

2205

##

2206

annotations: {}

2207

## Enable TLS configuration for the hostname defined at ingress.hostname parameter

2208

## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}

2209

## You can use the ingress.secrets parameter to create this TLS secret or rely on cert-manager to create it

2210

##

2211

tls: false

2212

## The list of additional hostnames to be covered with this ingress record.

2213

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

2214

extraHosts: []

2215

## - name: argocd.server.local

2216

## path: /

2217

##

2218

2219

## Any additional arbitrary paths that may need to be added to the ingress under the main host.

2220

## For example: The ALB ingress controller requires a special rule for handling SSL redirection.

2221

extraPaths: []

2222

## - path: /*

2223

## backend:

2224

## serviceName: ssl-redirect

2225

## servicePort: use-annotation

2226

##

2227

2228

## The tls configuration for additional hostnames to be covered with this ingress record.

2229

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

2230

extraTls: []

2231

## - hosts:

2232

## - argocd.server.local

2233

## secretName: argocd.server.local-tls

2234

##

2235

2236

## If you're providing your own certificates, please use this to add the certificates as secrets

2237

## key and certificate should start with -----BEGIN CERTIFICATE----- or

2238

## -----BEGIN RSA PRIVATE KEY-----

2239

##

2240

## name should line up with a tlsSecret set further up

2241

## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set

2242

##

2243

## It is also possible to create and manage the certificates outside of this helm chart

2244

## Please see README.md for more information

2245

##

2246

secrets: []

2247

## - name: argocd.server.local-tls

2248

## key:

2249

## certificate:

2250

##

2251

2252

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

2253

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

2254

##

2255

ingressClassName: ""

2256

## @param server.ingress.extraRules Additional rules to be covered with this ingress record

2257

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules

2258

## e.g:

2259

## extraRules:

2260

## - host: example.local

2261

## http:

2262

## path: /

2263

## backend:

2264

## service:

2265

## name: example-svc

2266

## port:

2267

## name: http

2268

##

2269

extraRules: []

2270

## Metrics configuration for Argo CD server

2271

##

2272

metrics:

2273

## Enable metrics for Argo CD server

2274

## @param server.metrics.enabled Enable metrics for the Argo CD server

2275

##

2276

enabled: false

2277

service:

2278

## @param server.metrics.service.type Argo CD server service type

2279

##

2280

type: ClusterIP

2281

## @param server.metrics.service.ports.metrics Argo CD server metrics service port

2282

##

2283

ports:

2284

metrics: 8083

2285

## Node ports to expose

2286

## @param server.metrics.service.nodePorts.metrics Node port for Argo CD server metrics service

2287

## NOTE: choose port between <30000-32767>

2288

##

2289

nodePorts:

2290

metrics: ""

2291

## @param server.metrics.service.clusterIP Argo CD server metrics service Cluster IP

2292

## e.g.:

2293

## clusterIP: None

2294

##

2295

clusterIP: ""

2296

## @param server.metrics.service.loadBalancerIP Argo CD server service Load Balancer IP

2297

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

2298

##

2299

loadBalancerIP: ""

2300

## @param server.metrics.service.loadBalancerSourceRanges Argo CD server service Load Balancer sources

2301

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

2302

## e.g:

2303

## loadBalancerSourceRanges:

2304

## - 10.10.10.0/24

2305

##

2306

loadBalancerSourceRanges: []

2307

## @param server.metrics.service.externalTrafficPolicy Argo CD server service external traffic policy

2308

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

2309

##

2310

externalTrafficPolicy: Cluster

2311

## @param server.metrics.service.annotations Additional custom annotations for Argo CD server service

2312

##

2313

annotations: {}

2314

## @param server.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

2315

## If "ClientIP", consecutive client requests will be directed to the same Pod

2316

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

2317

##

2318

sessionAffinity: None

2319

## @param server.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity

2320

## sessionAffinityConfig:

2321

## clientIP:

2322

## timeoutSeconds: 300

2323

sessionAffinityConfig: {}

2324

## Argo CD server metrics service monitor configuration

2325

##

2326

serviceMonitor:

2327

## @param server.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator

2328

##

2329

enabled: false

2330

## @param server.metrics.serviceMonitor.namespace Namespace which Prometheus is running in

2331

## e.g:

2332

## namespace: monitoring

2333

##

2334

namespace: ""

2335

## @param server.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.

2336

##

2337

jobLabel: ""

2338

## @param server.metrics.serviceMonitor.interval Interval at which metrics should be scraped

2339

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

2340

##

2341

interval: 30s

2342

## @param server.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended

2343

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

2344

##

2345

scrapeTimeout: 10s

2346

## @param server.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping

2347

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

2348

##

2349

relabelings: []

2350

## @param server.metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion

2351

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

2352

##

2353

metricRelabelings: []

2354

## @param server.metrics.serviceMonitor.selector ServiceMonitor selector labels

2355

## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration

2356

##

2357

## selector:

2358

## prometheus: my-prometheus

2359

##

2360

selector: {}

2361

## @param server.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels

2362

##

2363

honorLabels: false

2364

## Configure the ingress resource that allows you to access the Argo CD gRPC API

2365

## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/

2366

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/ingress/

2367

## @param server.ingressGrpc.enabled Enable the creation of an ingress for the Argo CD gRPC server

2368

## @param server.ingressGrpc.pathType Path type for the Argo CD gRPC server ingress

2369

## @param server.ingressGrpc.apiVersion Ingress API version for the Argo CD gRPC server ingress

2370

## @param server.ingressGrpc.hostname Ingress hostname for the Argo CD gRPC server ingress

2371

## @param server.ingressGrpc.annotations Annotations for the Argo CD gRPC server ingress. To enable certificate autogeneration, place here your cert-manager annotations

2372

## @param server.ingressGrpc.tls Enable TLS for the Argo CD server ingress

2373

## @param server.ingressGrpc.extraHosts Extra hosts array for the Argo CD gRPC server ingress

2374

## @param server.ingressGrpc.path Path array for the Argo CD gRPC server ingress

2375

## @param server.ingressGrpc.extraPaths Extra paths for the Argo CD gRPC server ingress

2376

## @param server.ingressGrpc.extraTls Extra TLS configuration for the Argo CD gRPC server ingress

2377

## @param server.ingressGrpc.secrets Secrets array to mount into the Ingress

2378

## @param server.ingressGrpc.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)

2379

##

2380

ingressGrpc:

2381

## Set to true to enable ingress record generation

2382

##

2383

enabled: false

2384

## @param server.ingressGrpc.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm

2385

##

2386

selfSigned: false

2387

## Ingress Path type

2388

##

2389

pathType: ImplementationSpecific

2390

## Override API Version (automatically detected if not set)

2391

##

2392

apiVersion: ""

2393

## When the ingress is enabled, a host pointing to this will be created

2394

##

2395

hostname: argocd.server.local

2396

## The Path to Argo CD server gRPC API. You may need to set this to '/*' in order to use this

2397

## with ALB ingress controllers.

2398

##

2399

path: /

2400

## For a full list of possible ingress annotations, please see

2401

## ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md

2402

## Use this parameter to set the required annotations for cert-manager, see

2403

## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations

2404

##

2405

## e.g:

2406

## annotations:

2407

## kubernetes.io/ingress.class: nginx

2408

## cert-manager.io/cluster-issuer: cluster-issuer-name

2409

##

2410

annotations: {}

2411

## Enable TLS configuration for the hostname defined at ingress.hostname parameter

2412

## TLS certificates will be retrieved from a TLS secret with name: {{- printf "%s-tls" .Values.ingress.hostname }}

2413

## You can use the ingress.secrets parameter to create this TLS secret or relay on cert-manager to create it

2414

##

2415

tls: false

2416

## The list of additional hostnames to be covered with this ingress record.

2417

## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array

2418

extraHosts: []

2419

## - name: argocd.server.local

2420

## path: /

2421

##

2422

2423

## Any additional arbitrary paths that may need to be added to the ingress under the main host.

2424

## For example: The ALB ingress controller requires a special rule for handling SSL redirection.

2425

extraPaths: []

2426

## - path: /*

2427

## backend:

2428

## serviceName: ssl-redirect

2429

## servicePort: use-annotation

2430

##

2431

2432

## The tls configuration for additional hostnames to be covered with this ingress record.

2433

## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls

2434

extraTls: []

2435

## - hosts:

2436

## - argocd.server.local

2437

## secretName: argocd.server.local-tls

2438

##

2439

2440

## If you're providing your own certificates, please use this to add the certificates as secrets

2441

## key and certificate should start with -----BEGIN CERTIFICATE----- or

2442

## -----BEGIN RSA PRIVATE KEY-----

2443

##

2444

## name should line up with a tlsSecret set further up

2445

## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set

2446

##

2447

## It is also possible to create and manage the certificates outside of this helm chart

2448

## Please see README.md for more information

2449

##

2450

secrets: []

2451

## - name: argocd.server.local-tls

2452

## key:

2453

## certificate:

2454

##

2455

2456

## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .

2457

## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/

2458

##

2459

ingressClassName: ""

2460

## @param server.ingressGrpc.extraRules Additional rules to be covered with this ingress record

2461

## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules

2462

## e.g:

2463

## extraRules:

2464

## - host: example.server.local

2465

## http:

2466

## path: /

2467

## backend:

2468

## service:

2469

## name: example-svc

2470

## port:

2471

## name: http

2472

##

2473

extraRules: []

2474

## Argo CD server container port

2475

## @param server.containerPorts.http Argo CD server HTTP container port

2476

## @param server.containerPorts.https Argo CD server HTTPS container port

2477

## @param server.containerPorts.metrics Argo CD server metrics container port

2478

containerPorts:

2479

http: 8080

2480

https: 8443

2481

metrics: 8083

2482

## Argo CD server service parameters

2483

##

2484

service:

2485

## @param server.service.type Argo CD service type

2486

##

2487

type: ClusterIP

2488

## @param server.service.ports.http HTTP port for the gRPC ingress when enabled

2489

## @param server.service.ports.https HTTPS port for the gRPC ingress when enabled

2490

##

2491

ports:

2492

http: 80

2493

https: 443

2494

## Node ports to expose

2495

## @param server.service.nodePorts.http Node port for HTTP

2496

## @param server.service.nodePorts.https Node port for HTTPS

2497

## NOTE: choose port between <30000-32767>

2498

##

2499

nodePorts:

2500

http: ""

2501

https: ""

2502

## @param server.service.clusterIP Argo CD service Cluster IP

2503

## e.g.:

2504

## clusterIP: None

2505

##

2506

clusterIP: ""

2507

## @param server.service.loadBalancerIP Argo CD service Load Balancer IP

2508

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

2509

##

2510

loadBalancerIP: ""

2511

## @param server.service.loadBalancerSourceRanges Argo CD service Load Balancer sources

2512

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

2513

## e.g:

2514

## loadBalancerSourceRanges:

2515

## - 10.10.10.0/24

2516

##

2517

loadBalancerSourceRanges: []

2518

## @param server.service.externalTrafficPolicy Argo CD service external traffic policy

2519

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

2520

##

2521

externalTrafficPolicy: Cluster

2522

## @param server.service.annotations Additional custom annotations for Argo CD service

2523

##

2524

annotations: {}

2525

## @param server.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)

2526

##

2527

extraPorts: []

2528

## @param server.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

2529

## If "ClientIP", consecutive client requests will be directed to the same Pod

2530

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

2531

##

2532

sessionAffinity: None

2533

## @param server.service.sessionAffinityConfig Additional settings for the sessionAffinity

2534

## sessionAffinityConfig:

2535

## clientIP:

2536

## timeoutSeconds: 300

2537

sessionAffinityConfig: {}

2538

## Network Policies

2539

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

2540

##

2541

networkPolicy:

2542

## @param server.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

2543

##

2544

enabled: true

2545

## @param server.networkPolicy.allowExternal Don't require server label for connections

2546

## The Policy model to apply. When set to false, only pods with the correct

2547

## server label will have network access to the ports server is listening

2548

## on. When true, server will accept connections from any source

2549

## (with the correct destination port).

2550

##

2551

allowExternal: true

2552

## @param server.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

2553

##

2554

allowExternalEgress: true

2555

## @param server.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)

2556

##

2557

kubeAPIServerPorts: [443, 6443, 8443]

2558

## @param server.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

2559

## e.g:

2560

## extraIngress:

2561

## - ports:

2562

## - port: 1234

2563

## from:

2564

## - podSelector:

2565

## - matchLabels:

2566

## - role: frontend

2567

## - podSelector:

2568

## - matchExpressions:

2569

## - key: role

2570

## operator: In

2571

## values:

2572

## - frontend

2573

extraIngress: []

2574

## @param server.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

2575

## e.g:

2576

## extraEgress:

2577

## - ports:

2578

## - port: 1234

2579

## to:

2580

## - podSelector:

2581

## - matchLabels:

2582

## - role: frontend

2583

## - podSelector:

2584

## - matchExpressions:

2585

## - key: role

2586

## operator: In

2587

## values:

2588

## - frontend

2589

##

2590

extraEgress: []

2591

## @param server.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

2592

## @param server.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

2593

##

2594

ingressNSMatchLabels: {}

2595

ingressNSPodMatchLabels: {}

2596

## @param server.command Override default container command (useful when using custom images)

2597

##

2598

command: []

2599

## @param server.args Override default container args (useful when using custom images)

2600

##

2601

args: []

2602

## @param server.extraArgs concat to the default args

2603

##

2604

extraArgs: []

2605

## @param server.automountServiceAccountToken Mount Service Account token in pod

2606

##

2607

automountServiceAccountToken: true

2608

## @param server.hostAliases Argo CD server pods host aliases

2609

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

2610

##

2611

hostAliases: []

2612

## @param server.podLabels Extra labels for Argo CD server pods

2613

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

2614

##

2615

podLabels: {}

2616

## @param server.podAnnotations Annotations for Argo CD server pods

2617

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

2618

##

2619

podAnnotations: {}

2620

## @param server.podAffinityPreset Pod affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard`

2621

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

2622

##

2623

podAffinityPreset: ""

2624

## @param server.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard`

2625

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

2626

##

2627

podAntiAffinityPreset: soft

2628

## Node server.affinity preset

2629

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

2630

##

2631

nodeAffinityPreset:

2632

## @param server.nodeAffinityPreset.type Node affinity preset type. Ignored if `server.affinity` is set. Allowed values: `soft` or `hard`

2633

##

2634

type: ""

2635

## @param server.nodeAffinityPreset.key Node label key to match. Ignored if `server.affinity` is set

2636

##

2637

key: ""

2638

## @param server.nodeAffinityPreset.values Node label values to match. Ignored if `server.affinity` is set

2639

## E.g.

2640

## values:

2641

## - e2e-az1

2642

## - e2e-az2

2643

##

2644

values: []

2645

## @param server.affinity Affinity for Argo CD server pods assignment

2646

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

2647

## NOTE: `server.podAffinityPreset`, `server.podAntiAffinityPreset`, and `server.nodeAffinityPreset` will be ignored when it's set

2648

##

2649

affinity: {}

2650

## @param server.nodeSelector Node labels for Argo CD server pods assignment

2651

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

2652

##

2653

nodeSelector: {}

2654

## @param server.tolerations Tolerations for Argo CD server pods assignment

2655

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

2656

##

2657

tolerations: []

2658

## @param server.schedulerName Name of the k8s scheduler (other than default)

2659

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

2660

##

2661

schedulerName: ""

2662

## @param server.shareProcessNamespace Enable shared process namespace in a pod.

2663

## If set to false (default), each container will run in separate namespace, server will have PID=1.

2664

## If set to true, the /pause will run as init process and will reap any zombie PIDs,

2665

## for example, generated by a custom exec probe running longer than a probe timeoutSeconds.

2666

## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.

2667

## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/

2668

##

2669

shareProcessNamespace: false

2670

## @param server.topologySpreadConstraints Topology Spread Constraints for pod assignment

2671

## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/

2672

## The value is evaluated as a template

2673

##

2674

topologySpreadConstraints: []

2675

## @param server.updateStrategy.type Argo CD server statefulset strategy type

2676

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies

2677

##

2678

updateStrategy:

2679

## StrategyType

2680

## Can be set to RollingUpdate or OnDelete

2681

##

2682

type: RollingUpdate

2683

## @param server.priorityClassName Argo CD server pods' priorityClassName

2684

##

2685

priorityClassName: ""

2686

## @param server.runtimeClassName Name of the runtime class to be used by pod(s)

2687

## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/

2688

##

2689

runtimeClassName: ""

2690

## @param server.lifecycleHooks for the Argo CD server container(s) to automate configuration before or after startup

2691

##

2692

lifecycleHooks: {}

2693

## @param server.extraEnvVars Array with extra environment variables to add to Argo CD server nodes

2694

## e.g:

2695

## extraEnvVars:

2696

## - name: FOO

2697

## value: "bar"

2698

##

2699

extraEnvVars: []

2700

## @param server.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Argo CD server nodes

2701

##

2702

extraEnvVarsCM: ""

2703

## @param server.extraEnvVarsSecret Name of existing Secret containing extra env vars for Argo CD server nodes

2704

##

2705

extraEnvVarsSecret: ""

2706

## @param server.extraVolumes Optionally specify extra list of additional volumes for the Argo CD server pod(s)

2707

##

2708

extraVolumes: []

2709

## @param server.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Argo CD server container(s)

2710

##

2711

extraVolumeMounts: []

2712

## @param server.sidecars Add additional sidecar containers to the Argo CD server pod(s)

2713

## e.g:

2714

## sidecars:

2715

## - name: your-image-name

2716

## image: your-image

2717

## imagePullPolicy: Always

2718

## ports:

2719

## - name: portname

2720

## containerPort: 1234

2721

##

2722

sidecars: []

2723

## @param server.initContainers Add additional init containers to the Argo CD server pod(s)

2724

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

2725

## e.g:

2726

## initContainers:

2727

## - name: your-image-name

2728

## image: your-image

2729

## imagePullPolicy: Always

2730

## command: ['sh', '-c', 'echo "hello world"']

2731

##

2732

initContainers: []

2733

## ServiceAccount configuration for the Argo CD server

2734

##

2735

serviceAccount:

2736

## @param server.serviceAccount.create Specifies whether a ServiceAccount should be created

2737

##

2738

create: true

2739

## @param server.serviceAccount.name The name of the ServiceAccount to use.

2740

## If not set and create is true, a name is generated using the common.names.fullname template

2741

##

2742

2743

## @param server.serviceAccount.automountServiceAccountToken Automount service account token for the server service account

2744

##

2745

automountServiceAccountToken: false

2746

## @param server.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.

2747

##

2748

annotations: {}

2749

## Enable admin clusterrole resources. Allows Argo CD server to have access to multiple namespaces

2750

## @param server.clusterAdminAccess Enable K8s cluster admin access for the server

2751

##

2752

clusterAdminAccess: true

2753

## Enable Custom Rules for Argo CD server cluster role

2754

## @param server.clusterRoleRules Use custom rules for server's cluster role

2755

##

2756

clusterRoleRules: []

2757

## Pod Disruption Budget configuration

2758

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

2759

## @param server.pdb.create Enable/disable a Pod Disruption Budget creation

2760

## @param server.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

2761

## @param server.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `server.pdb.minAvailable` and `server.pdb.maxUnavailable` are empty.

2762

##

2763

pdb:

2764

create: true

2765

minAvailable: ""

2766

maxUnavailable: ""

2767

## @section Argo CD repo server Parameters

2768

2769

## Argo CD repository server configuration

2770

##

2771

repoServer:

2772

## @param repoServer.replicaCount Number of Argo CD repo server replicas to deploy

2773

##

2774

replicaCount: 1

2775

## Configure extra options for Argo CD repo server containers' liveness and readiness probes

2776

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

2777

## @param repoServer.startupProbe.enabled Enable startupProbe on Argo CD repo server nodes

2778

## @param repoServer.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

2779

## @param repoServer.startupProbe.periodSeconds Period seconds for startupProbe

2780

## @param repoServer.startupProbe.timeoutSeconds Timeout seconds for startupProbe

2781

## @param repoServer.startupProbe.failureThreshold Failure threshold for startupProbe

2782

## @param repoServer.startupProbe.successThreshold Success threshold for startupProbe

2783

##

2784

startupProbe:

2785

enabled: false

2786

initialDelaySeconds: 10

2787

periodSeconds: 10

2788

timeoutSeconds: 1

2789

failureThreshold: 3

2790

successThreshold: 1

2791

## @param repoServer.livenessProbe.enabled Enable livenessProbe on Argo CD repo server nodes

2792

## @param repoServer.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

2793

## @param repoServer.livenessProbe.periodSeconds Period seconds for livenessProbe

2794

## @param repoServer.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

2795

## @param repoServer.livenessProbe.failureThreshold Failure threshold for livenessProbe

2796

## @param repoServer.livenessProbe.successThreshold Success threshold for livenessProbe

2797

##

2798

livenessProbe:

2799

enabled: true

2800

initialDelaySeconds: 10

2801

periodSeconds: 10

2802

timeoutSeconds: 1

2803

failureThreshold: 3

2804

successThreshold: 1

2805

## @param repoServer.readinessProbe.enabled Enable readinessProbe on Argo CD repo server nodes

2806

## @param repoServer.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

2807

## @param repoServer.readinessProbe.periodSeconds Period seconds for readinessProbe

2808

## @param repoServer.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

2809

## @param repoServer.readinessProbe.failureThreshold Failure threshold for readinessProbe

2810

## @param repoServer.readinessProbe.successThreshold Success threshold for readinessProbe

2811

##

2812

readinessProbe:

2813

enabled: true

2814

initialDelaySeconds: 10

2815

periodSeconds: 10

2816

timeoutSeconds: 1

2817

failureThreshold: 3

2818

successThreshold: 1

2819

## @param repoServer.customStartupProbe Custom startupProbe that overrides the default one

2820

##

2821

customStartupProbe: {}

2822

## @param repoServer.customLivenessProbe Custom livenessProbe that overrides the default one

2823

##

2824

customLivenessProbe: {}

2825

## @param repoServer.customReadinessProbe Custom readinessProbe that overrides the default one

2826

##

2827

customReadinessProbe: {}

2828

## Argo CD repo server resource requests and limits

2829

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

2830

## @param repoServer.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if repoServer.resources is set (repoServer.resources is recommended for production).

2831

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

2832

##

2833

resourcesPreset: "nano"

2834

## @param repoServer.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

2835

## Example:

2836

## resources:

2837

## requests:

2838

## cpu: 2

2839

## memory: 512Mi

2840

## limits:

2841

## cpu: 3

2842

## memory: 1024Mi

2843

##

2844

resources: {}

2845

## Configure Pods Security Context

2846

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

2847

## @param repoServer.podSecurityContext.enabled Enabled Argo CD repo server pods' Security Context

2848

## @param repoServer.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

2849

## @param repoServer.podSecurityContext.sysctls Set kernel settings using the sysctl interface

2850

## @param repoServer.podSecurityContext.supplementalGroups Set filesystem extra groups

2851

## @param repoServer.podSecurityContext.fsGroup Set Argo CD repo server pod's Security Context fsGroup

2852

##

2853

podSecurityContext:

2854

enabled: true

2855

fsGroupChangePolicy: Always

2856

sysctls: []

2857

supplementalGroups: []

2858

fsGroup: 1001

2859

## Configure Container Security Context

2860

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

2861

## @param repoServer.containerSecurityContext.enabled Enabled Argo CD repo server containers' Security Context

2862

## @param repoServer.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

2863

## @param repoServer.containerSecurityContext.runAsUser Set Argo CD repo server containers' Security Context runAsUser

2864

## @param repoServer.containerSecurityContext.runAsGroup Set Argo CD repo server containers' Security Context runAsGroup

2865

## @param repoServer.containerSecurityContext.allowPrivilegeEscalation Set Argo CD repo server containers' Security Context allowPrivilegeEscalation

2866

## @param repoServer.containerSecurityContext.capabilities.drop Set Argo CD containers' repo server Security Context capabilities to be dropped

2867

## @param repoServer.containerSecurityContext.readOnlyRootFilesystem Set Argo CD containers' repo server Security Context readOnlyRootFilesystem

2868

## @param repoServer.containerSecurityContext.runAsNonRoot Set Argo CD repo server containers' Security Context runAsNonRoot

2869

## @param repoServer.containerSecurityContext.privileged Set repoServer container's Security Context privileged

2870

## @param repoServer.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

2871

##

2872

containerSecurityContext:

2873

enabled: true

2874

seLinuxOptions: {}

2875

runAsUser: 1001

2876

runAsGroup: 1001

2877

runAsNonRoot: true

2878

readOnlyRootFilesystem: true

2879

allowPrivilegeEscalation: false

2880

privileged: false

2881

capabilities:

2882

drop: ["ALL"]

2883

seccompProfile:

2884

type: "RuntimeDefault"

2885

## Repo server service parameters

2886

##

2887

service:

2888

## @param repoServer.service.type Repo server service type

2889

##

2890

type: ClusterIP

2891

## @param repoServer.service.ports.repoServer Repo server service port

2892

##

2893

ports:

2894

repoServer: 8081

2895

## Node ports to expose

2896

## @param repoServer.service.nodePorts.repoServer Node port for the repo server service

2897

## NOTE: choose port between <30000-32767>

2898

##

2899

nodePorts:

2900

repoServer: ""

2901

## @param repoServer.service.clusterIP Repo server service Cluster IP

2902

## e.g.:

2903

## clusterIP: None

2904

##

2905

clusterIP: ""

2906

## @param repoServer.service.loadBalancerIP Repo server service Load Balancer IP

2907

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

2908

##

2909

loadBalancerIP: ""

2910

## @param repoServer.service.loadBalancerSourceRanges Repo server service Load Balancer sources

2911

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

2912

## e.g:

2913

## loadBalancerSourceRanges:

2914

## - 10.10.10.0/24

2915

##

2916

loadBalancerSourceRanges: []

2917

## @param repoServer.service.externalTrafficPolicy Repo server service external traffic policy

2918

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

2919

##

2920

externalTrafficPolicy: Cluster

2921

## @param repoServer.service.annotations Additional custom annotations for Repo server service

2922

##

2923

annotations: {}

2924

## @param repoServer.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)

2925

##

2926

extraPorts: []

2927

## @param repoServer.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

2928

## If "ClientIP", consecutive client requests will be directed to the same Pod

2929

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

2930

##

2931

sessionAffinity: None

2932

## @param repoServer.service.sessionAffinityConfig Additional settings for the sessionAffinity

2933

## sessionAffinityConfig:

2934

## clientIP:

2935

## timeoutSeconds: 300

2936

sessionAffinityConfig: {}

2937

## Network Policies

2938

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

2939

##

2940

networkPolicy:

2941

## @param repoServer.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

2942

##

2943

enabled: true

2944

## @param repoServer.networkPolicy.allowExternal Don't require server label for connections

2945

## The Policy model to apply. When set to false, only pods with the correct

2946

## server label will have network access to the ports server is listening

2947

## on. When true, server will accept connections from any source

2948

## (with the correct destination port).

2949

##

2950

allowExternal: true

2951

## @param repoServer.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

2952

##

2953

allowExternalEgress: true

2954

## @param repoServer.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)

2955

##

2956

kubeAPIServerPorts: [443, 6443, 8443]

2957

## @param repoServer.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

2958

## e.g:

2959

## extraIngress:

2960

## - ports:

2961

## - port: 1234

2962

## from:

2963

## - podSelector:

2964

## - matchLabels:

2965

## - role: frontend

2966

## - podSelector:

2967

## - matchExpressions:

2968

## - key: role

2969

## operator: In

2970

## values:

2971

## - frontend

2972

extraIngress: []

2973

## @param repoServer.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

2974

## e.g:

2975

## extraEgress:

2976

## - ports:

2977

## - port: 1234

2978

## to:

2979

## - podSelector:

2980

## - matchLabels:

2981

## - role: frontend

2982

## - podSelector:

2983

## - matchExpressions:

2984

## - key: role

2985

## operator: In

2986

## values:

2987

## - frontend

2988

##

2989

extraEgress: []

2990

## @param repoServer.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

2991

## @param repoServer.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

2992

##

2993

ingressNSMatchLabels: {}

2994

ingressNSPodMatchLabels: {}

2995

## Argo CD repo server log format: text|json

2996

## @param repoServer.logFormat Format for the Argo CD repo server logs. Options: [text, json]

2997

##

2998

logFormat: text

2999

## Argo CD application controller log level

3000

## @param repoServer.logLevel Log level for the Argo CD repo server

3001

##

3002

logLevel: info

3003

## Argo CD repo server container port

3004

## @param repoServer.containerPorts.repoServer Container port for Argo CD repo server

3005

## @param repoServer.containerPorts.metrics Metrics port for Argo CD repo server

3006

##

3007

containerPorts:

3008

repoServer: 8081

3009

metrics: 8084

3010

## Metrics configuration for Argo CD repo server

3011

##

3012

metrics:

3013

## Enable metrics for Argo CD repo server

3014

## @param repoServer.metrics.enabled Enable metrics for the Argo CD repo server

3015

##

3016

enabled: false

3017

service:

3018

## @param repoServer.metrics.service.type Argo CD repo server service type

3019

##

3020

type: ClusterIP

3021

## @param repoServer.metrics.service.ports.metrics Argo CD repo server metrics service port

3022

##

3023

ports:

3024

metrics: 8084

3025

## Node ports to expose

3026

## @param repoServer.metrics.service.nodePorts.metrics Node port for the repo server metrics service

3027

## NOTE: choose port between <30000-32767>

3028

##

3029

nodePorts:

3030

metrics: ""

3031

## @param repoServer.metrics.service.clusterIP Argo CD repo server metrics service Cluster IP

3032

## e.g.:

3033

## clusterIP: None

3034

##

3035

clusterIP: ""

3036

## @param repoServer.metrics.service.loadBalancerIP Argo CD repo server service Load Balancer IP

3037

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

3038

##

3039

loadBalancerIP: ""

3040

## @param repoServer.metrics.service.loadBalancerSourceRanges Argo CD repo server service Load Balancer sources

3041

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

3042

## e.g:

3043

## loadBalancerSourceRanges:

3044

## - 10.10.10.0/24

3045

##

3046

loadBalancerSourceRanges: []

3047

## @param repoServer.metrics.service.externalTrafficPolicy Argo CD repo server service external traffic policy

3048

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

3049

##

3050

externalTrafficPolicy: Cluster

3051

## @param repoServer.metrics.service.annotations Additional custom annotations for Argo CD repo server service

3052

##

3053

annotations: {}

3054

## @param repoServer.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

3055

## If "ClientIP", consecutive client requests will be directed to the same Pod

3056

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

3057

##

3058

sessionAffinity: None

3059

## @param repoServer.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity

3060

## sessionAffinityConfig:

3061

## clientIP:

3062

## timeoutSeconds: 300

3063

sessionAffinityConfig: {}

3064

## Argo CD repo server metrics service monitor configuration

3065

##

3066

serviceMonitor:

3067

## @param repoServer.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator

3068

##

3069

enabled: false

3070

## @param repoServer.metrics.serviceMonitor.namespace Namespace which Prometheus is running in

3071

## e.g:

3072

## namespace: monitoring

3073

##

3074

namespace: ""

3075

## @param repoServer.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.

3076

##

3077

jobLabel: ""

3078

## @param repoServer.metrics.serviceMonitor.interval Interval at which metrics should be scraped

3079

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

3080

##

3081

interval: 30s

3082

## @param repoServer.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended

3083

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

3084

##

3085

scrapeTimeout: 10s

3086

## @param repoServer.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping

3087

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

3088

##

3089

relabelings: []

3090

## @param repoServer.metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion

3091

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

3092

##

3093

metricRelabelings: []

3094

## @param repoServer.metrics.serviceMonitor.selector ServiceMonitor selector labels

3095

## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration

3096

##

3097

## selector:

3098

## prometheus: my-prometheus

3099

##

3100

selector: {}

3101

## @param repoServer.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels

3102

##

3103

honorLabels: false

3104

## Argo CD repo server deployment autoscaling

3105

## @param repoServer.autoscaling.enabled Enable Argo CD repo server deployment autoscaling

3106

## @param repoServer.autoscaling.minReplicas Argo CD repo server deployment autoscaling minimum number of replicas

3107

## @param repoServer.autoscaling.maxReplicas Argo CD repo server deployment autoscaling maximum number of replicas

3108

## @param repoServer.autoscaling.targetCPU Argo CD repo server deployment autoscaling target CPU percentage

3109

## @param repoServer.autoscaling.targetMemory Argo CD repo server deployment autoscaling target CPU memory

3110

##

3111

autoscaling:

3112

enabled: false

3113

minReplicas: 1

3114

maxReplicas: 5

3115

targetCPU: 50

3116

targetMemory: 50

3117

## ServiceAccount configuration for the Argo CD repo server

3118

##

3119

serviceAccount:

3120

## @param repoServer.serviceAccount.create Specifies whether a ServiceAccount for repo server should be created

3121

##

3122

create: true

3123

## @param repoServer.serviceAccount.name The name of the ServiceAccount for repo server to use.

3124

## If not set and create is true, a name is generated using the common.names.fullname template

3125

##

3126

3127

## @param repoServer.serviceAccount.automountServiceAccountToken Automount service account token for the repo server service account

3128

##

3129

automountServiceAccountToken: false

3130

## @param repoServer.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.

3131

##

3132

annotations: {}

3133

## Enable admin clusterrole resources. Allows Argo CD repo server to have access to multiple namespaces

3134

## @param repoServer.clusterAdminAccess Enable K8s cluster admin access for the repo server

3135

##

3136

clusterAdminAccess: false

3137

## Enable Custom Rules for Argo CD server cluster role

3138

## @param repoServer.clusterRoleRules Use custom rules for repo server's cluster role

3139

##

3140

clusterRoleRules: []

3141

## @param repoServer.command Override default container command (useful when using custom images)

3142

##

3143

command: []

3144

## @param repoServer.args Override default container args (useful when using custom images)

3145

##

3146

args: []

3147

## @param repoServer.extraArgs Add extra args to the default repo server args

3148

##

3149

extraArgs: []

3150

## @param repoServer.automountServiceAccountToken Mount Service Account token in pod

3151

##

3152

automountServiceAccountToken: true

3153

## @param repoServer.hostAliases Argo CD repo server pods host aliases

3154

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

3155

##

3156

hostAliases: []

3157

## @param repoServer.podLabels Extra labels for Argo CD repo server pods

3158

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

3159

##

3160

podLabels: {}

3161

## @param repoServer.podAnnotations Annotations for Argo CD repo server pods

3162

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

3163

##

3164

podAnnotations: {}

3165

## @param repoServer.podAffinityPreset Pod affinity preset. Ignored if `repoServer.affinity` is set. Allowed values: `soft` or `hard`

3166

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

3167

##

3168

podAffinityPreset: ""

3169

## @param repoServer.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `repoServer.affinity` is set. Allowed values: `soft` or `hard`

3170

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

3171

##

3172

podAntiAffinityPreset: soft

3173

## Node repoServer.affinity preset

3174

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

3175

##

3176

nodeAffinityPreset:

3177

## @param repoServer.nodeAffinityPreset.type Node affinity preset type. Ignored if `repoServer.affinity` is set. Allowed values: `soft` or `hard`

3178

##

3179

type: ""

3180

## @param repoServer.nodeAffinityPreset.key Node label key to match. Ignored if `repoServer.affinity` is set

3181

##

3182

key: ""

3183

## @param repoServer.nodeAffinityPreset.values Node label values to match. Ignored if `repoServer.affinity` is set

3184

## E.g.

3185

## values:

3186

## - e2e-az1

3187

## - e2e-az2

3188

##

3189

values: []

3190

## @param repoServer.affinity Affinity for Argo CD repo server pods assignment

3191

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

3192

## NOTE: `repoServer.podAffinityPreset`, `repoServer.podAntiAffinityPreset`, and `repoServer.nodeAffinityPreset` will be ignored when it's set

3193

##

3194

affinity: {}

3195

## @param repoServer.nodeSelector Node labels for Argo CD repo server pods assignment

3196

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

3197

##

3198

nodeSelector: {}

3199

## @param repoServer.tolerations Tolerations for Argo CD repo server pods assignment

3200

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

3201

##

3202

tolerations: []

3203

## @param repoServer.schedulerName Name of the k8s scheduler (other than default)

3204

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

3205

##

3206

schedulerName: ""

3207

## @param repoServer.shareProcessNamespace Enable shared process namespace in a pod.

3208

## If set to false (default), each container will run in separate namespace, repoServer will have PID=1.

3209

## If set to true, the /pause will run as init process and will reap any zombie PIDs,

3210

## for example, generated by a custom exec probe running longer than a probe timeoutSeconds.

3211

## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.

3212

## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/

3213

##

3214

shareProcessNamespace: false

3215

## @param repoServer.topologySpreadConstraints Topology Spread Constraints for pod assignment

3216

## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/

3217

## The value is evaluated as a template

3218

##

3219

topologySpreadConstraints: []

3220

## @param repoServer.updateStrategy.type Argo CD repo server statefulset strategy type

3221

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies

3222

##

3223

updateStrategy:

3224

## StrategyType

3225

## Can be set to RollingUpdate or OnDelete

3226

##

3227

type: RollingUpdate

3228

## @param repoServer.priorityClassName Argo CD repo server pods' priorityClassName

3229

##

3230

priorityClassName: ""

3231

## @param repoServer.runtimeClassName Name of the runtime class to be used by pod(s)

3232

## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/

3233

##

3234

runtimeClassName: ""

3235

## @param repoServer.lifecycleHooks for the Argo CD repo server container(s) to automate configuration before or after startup

3236

##

3237

lifecycleHooks: {}

3238

## @param repoServer.extraEnvVars Array with extra environment variables to add to Argo CD repo server nodes

3239

## e.g:

3240

## extraEnvVars:

3241

## - name: FOO

3242

## value: "bar"

3243

##

3244

extraEnvVars: []

3245

## @param repoServer.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Argo CD repo server nodes

3246

##

3247

extraEnvVarsCM: ""

3248

## @param repoServer.extraEnvVarsSecret Name of existing Secret containing extra env vars for Argo CD repo server nodes

3249

##

3250

extraEnvVarsSecret: ""

3251

## @param repoServer.extraVolumes Optionally specify extra list of additional volumes for the Argo CD repo server pod(s)

3252

##

3253

extraVolumes: []

3254

## @param repoServer.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Argo CD repo server container(s)

3255

##

3256

extraVolumeMounts: []

3257

## @param repoServer.sidecars Add additional sidecar containers to the Argo CD repo server pod(s)

3258

## e.g:

3259

## sidecars:

3260

## - name: your-image-name

3261

## image: your-image

3262

## imagePullPolicy: Always

3263

## ports:

3264

## - name: portname

3265

## containerPort: 1234

3266

##

3267

sidecars: []

3268

## @param repoServer.initContainers Add additional init containers to the Argo CD repo server pod(s)

3269

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

3270

## e.g:

3271

## initContainers:

3272

## - name: your-image-name

3273

## image: your-image

3274

## imagePullPolicy: Always

3275

## command: ['sh', '-c', 'echo "hello world"']

3276

##

3277

initContainers: []

3278

## Pod Disruption Budget configuration

3279

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

3280

## @param repoServer.pdb.create Enable/disable a Pod Disruption Budget creation

3281

## @param repoServer.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

3282

## @param repoServer.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `repoServer.pdb.minAvailable` and `repoServer.pdb.maxUnavailable` are empty.

3283

##

3284

pdb:

3285

create: true

3286

minAvailable: ""

3287

maxUnavailable: ""

3288

## @section Dex Parameters

3289

3290

## Dex configuration

3291

##

3292

dex:

3293

## Iamguarded Dex image

3294

## ref: https://hub.docker.com/r/iamguarded/argo-cd/tags/

3295

## @param dex.image.registry [default: REGISTRY_NAME] Dex image registry

3296

## @param dex.image.repository [default: REPOSITORY_NAME/dex] Dex image repository

3297

## @skip dex.image.tag Dex image tag (immutable tags are recommended)

3298

## @param dex.image.digest Dex image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

3299

## @param dex.image.pullPolicy Dex image pull policy

3300

## @param dex.image.pullSecrets Dex image pull secrets

3301

## @param dex.image.debug Enable Dex image debug mode

3302

##

3303

image:

3304

registry: cgr.dev

3305

repository: chainguard-private/dex-iamguarded

3306

tag: 2.45.0

3307

digest: ""

3308

## Specify a imagePullPolicy

3309

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

3310

##

3311

pullPolicy: IfNotPresent

3312

## Optionally specify an array of imagePullSecrets.

3313

## Secrets must be manually created in the namespace.

3314

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

3315

## e.g:

3316

## pullSecrets:

3317

## - myRegistryKeySecretName

3318

##

3319

pullSecrets: []

3320

## Enable debug mode

3321

##

3322

debug: false

3323

## Enable Dex deployment

3324

## @param dex.enabled Enable the creation of a Dex deployment for SSO

3325

##

3326

enabled: false

3327

## @param dex.replicaCount Number of Dex replicas to deploy

3328

##

3329

replicaCount: 1

3330

## Configure extra options for Dex containers' liveness and readiness probes

3331

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes

3332

## @param dex.startupProbe.enabled Enable startupProbe on Dex nodes

3333

## @param dex.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe

3334

## @param dex.startupProbe.periodSeconds Period seconds for startupProbe

3335

## @param dex.startupProbe.timeoutSeconds Timeout seconds for startupProbe

3336

## @param dex.startupProbe.failureThreshold Failure threshold for startupProbe

3337

## @param dex.startupProbe.successThreshold Success threshold for startupProbe

3338

##

3339

startupProbe:

3340

enabled: false

3341

initialDelaySeconds: 10

3342

periodSeconds: 10

3343

timeoutSeconds: 1

3344

failureThreshold: 3

3345

successThreshold: 1

3346

## @param dex.livenessProbe.enabled Enable livenessProbe on Dex nodes

3347

## @param dex.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe

3348

## @param dex.livenessProbe.periodSeconds Period seconds for livenessProbe

3349

## @param dex.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe

3350

## @param dex.livenessProbe.failureThreshold Failure threshold for livenessProbe

3351

## @param dex.livenessProbe.successThreshold Success threshold for livenessProbe

3352

##

3353

livenessProbe:

3354

enabled: true

3355

initialDelaySeconds: 10

3356

periodSeconds: 10

3357

timeoutSeconds: 1

3358

failureThreshold: 3

3359

successThreshold: 1

3360

## @param dex.readinessProbe.enabled Enable readinessProbe on Dex nodes

3361

## @param dex.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe

3362

## @param dex.readinessProbe.periodSeconds Period seconds for readinessProbe

3363

## @param dex.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe

3364

## @param dex.readinessProbe.failureThreshold Failure threshold for readinessProbe

3365

## @param dex.readinessProbe.successThreshold Success threshold for readinessProbe

3366

##

3367

readinessProbe:

3368

enabled: true

3369

initialDelaySeconds: 10

3370

periodSeconds: 10

3371

timeoutSeconds: 1

3372

failureThreshold: 3

3373

successThreshold: 1

3374

## @param dex.customStartupProbe Custom startupProbe that overrides the default one

3375

##

3376

customStartupProbe: {}

3377

## @param dex.customLivenessProbe Custom livenessProbe that overrides the default one

3378

##

3379

customLivenessProbe: {}

3380

## @param dex.customReadinessProbe Custom readinessProbe that overrides the default one

3381

##

3382

customReadinessProbe: {}

3383

## Dex resource requests and limits

3384

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

3385

## @param dex.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dex.resources is set (dex.resources is recommended for production).

3386

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

3387

##

3388

resourcesPreset: "nano"

3389

## @param dex.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

3390

## Example:

3391

## resources:

3392

## requests:

3393

## cpu: 2

3394

## memory: 512Mi

3395

## limits:

3396

## cpu: 3

3397

## memory: 1024Mi

3398

##

3399

resources: {}

3400

## Configure Pods Security Context

3401

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

3402

## @param dex.podSecurityContext.enabled Enabled Dex pods' Security Context

3403

## @param dex.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy

3404

## @param dex.podSecurityContext.sysctls Set kernel settings using the sysctl interface

3405

## @param dex.podSecurityContext.supplementalGroups Set filesystem extra groups

3406

## @param dex.podSecurityContext.fsGroup Set Dex pod's Security Context fsGroup

3407

##

3408

podSecurityContext:

3409

enabled: true

3410

fsGroupChangePolicy: Always

3411

sysctls: []

3412

supplementalGroups: []

3413

fsGroup: 1001

3414

## Configure Container Security Context

3415

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

3416

## @param dex.containerSecurityContext.enabled Enabled Dex containers' Security Context

3417

## @param dex.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

3418

## @param dex.containerSecurityContext.runAsUser Set Dex containers' Security Context runAsUser

3419

## @param dex.containerSecurityContext.runAsGroup Set Dex containers' Security Context runAsGroup

3420

## @param dex.containerSecurityContext.allowPrivilegeEscalation Set Dex containers' Security Context allowPrivilegeEscalation

3421

## @param dex.containerSecurityContext.readOnlyRootFilesystem Set Dex containers' server Security Context readOnlyRootFilesystem

3422

## @param dex.containerSecurityContext.runAsNonRoot Set Dex containers' Security Context runAsNonRoot

3423

## @param dex.containerSecurityContext.capabilities.drop Set Argo CD containers' repo server Security Context capabilities to be dropped

3424

## @param dex.containerSecurityContext.privileged Set dex container's Security Context privileged

3425

## @param dex.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

3426

##

3427

containerSecurityContext:

3428

enabled: true

3429

seLinuxOptions: {}

3430

runAsUser: 1001

3431

runAsGroup: 1001

3432

runAsNonRoot: true

3433

readOnlyRootFilesystem: true

3434

allowPrivilegeEscalation: false

3435

privileged: false

3436

capabilities:

3437

drop: ["ALL"]

3438

seccompProfile:

3439

type: "RuntimeDefault"

3440

## Dex service parameters

3441

##

3442

service:

3443

## @param dex.service.type Dex service type

3444

##

3445

type: ClusterIP

3446

## @param dex.service.ports.http Dex HTTP service port

3447

## @param dex.service.ports.grpc Dex grpc service port

3448

##

3449

ports:

3450

http: 5556

3451

grpc: 5557

3452

## Node ports to expose

3453

## @param dex.service.nodePorts.http HTTP node port for the Dex service

3454

## @param dex.service.nodePorts.grpc gRPC node port for the Dex service

3455

## NOTE: choose port between <30000-32767>

3456

##

3457

nodePorts:

3458

http: ""

3459

grpc: ""

3460

## @param dex.service.clusterIP Dex service Cluster IP

3461

## e.g.:

3462

## clusterIP: None

3463

##

3464

clusterIP: ""

3465

## @param dex.service.loadBalancerIP Dex service Load Balancer IP

3466

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

3467

##

3468

loadBalancerIP: ""

3469

## @param dex.service.loadBalancerSourceRanges Dex service Load Balancer sources

3470

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

3471

## e.g:

3472

## loadBalancerSourceRanges:

3473

## - 10.10.10.0/24

3474

##

3475

loadBalancerSourceRanges: []

3476

## @param dex.service.externalTrafficPolicy Dex service external traffic policy

3477

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

3478

##

3479

externalTrafficPolicy: Cluster

3480

## @param dex.service.annotations Additional custom annotations for Dex service

3481

##

3482

annotations: {}

3483

## @param dex.service.extraPorts Extra ports to expose (normally used with the `sidecar` value)

3484

##

3485

extraPorts: []

3486

## @param dex.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

3487

## If "ClientIP", consecutive client requests will be directed to the same Pod

3488

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

3489

##

3490

sessionAffinity: None

3491

## @param dex.service.sessionAffinityConfig Additional settings for the sessionAffinity

3492

## sessionAffinityConfig:

3493

## clientIP:

3494

## timeoutSeconds: 300

3495

sessionAffinityConfig: {}

3496

## Network Policies

3497

## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/

3498

##

3499

networkPolicy:

3500

## @param dex.networkPolicy.enabled Specifies whether a NetworkPolicy should be created

3501

##

3502

enabled: true

3503

## @param dex.networkPolicy.allowExternal Don't require server label for connections

3504

## The Policy model to apply. When set to false, only pods with the correct

3505

## server label will have network access to the ports server is listening

3506

## on. When true, server will accept connections from any source

3507

## (with the correct destination port).

3508

##

3509

allowExternal: true

3510

## @param dex.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.

3511

##

3512

allowExternalEgress: true

3513

## @param dex.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)

3514

##

3515

kubeAPIServerPorts: [443, 6443, 8443]

3516

## @param dex.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy

3517

## e.g:

3518

## extraIngress:

3519

## - ports:

3520

## - port: 1234

3521

## from:

3522

## - podSelector:

3523

## - matchLabels:

3524

## - role: frontend

3525

## - podSelector:

3526

## - matchExpressions:

3527

## - key: role

3528

## operator: In

3529

## values:

3530

## - frontend

3531

extraIngress: []

3532

## @param dex.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)

3533

## e.g:

3534

## extraEgress:

3535

## - ports:

3536

## - port: 1234

3537

## to:

3538

## - podSelector:

3539

## - matchLabels:

3540

## - role: frontend

3541

## - podSelector:

3542

## - matchExpressions:

3543

## - key: role

3544

## operator: In

3545

## values:

3546

## - frontend

3547

##

3548

extraEgress: []

3549

## @param dex.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces

3550

## @param dex.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces

3551

##

3552

ingressNSMatchLabels: {}

3553

ingressNSPodMatchLabels: {}

3554

## Dex container ports

3555

## @param dex.containerPorts.http Dex container HTTP port

3556

## @param dex.containerPorts.grpc Dex gRPC port

3557

## @param dex.containerPorts.metrics Dex metrics port

3558

##

3559

containerPorts:

3560

http: 5556

3561

grpc: 5557

3562

metrics: 5558

3563

## Metrics configuration for Dex

3564

##

3565

metrics:

3566

## Enable metrics for Argo Dex

3567

## @param dex.metrics.enabled Enable metrics service for Dex

3568

##

3569

enabled: false

3570

service:

3571

## @param dex.metrics.service.type Dex service type

3572

##

3573

type: ClusterIP

3574

## @param dex.metrics.service.ports.metrics Dex metrics service port

3575

##

3576

ports:

3577

metrics: 5558

3578

## Node ports to expose

3579

## @param dex.metrics.service.nodePorts.metrics Node port for the Dex service

3580

## NOTE: choose port between <30000-32767>

3581

##

3582

nodePorts:

3583

metrics: ""

3584

## @param dex.metrics.service.clusterIP Dex service metrics service Cluster IP

3585

## e.g.:

3586

## clusterIP: None

3587

##

3588

clusterIP: ""

3589

## @param dex.metrics.service.loadBalancerIP Dex service Load Balancer IP

3590

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer

3591

##

3592

loadBalancerIP: ""

3593

## @param dex.metrics.service.loadBalancerSourceRanges Dex service Load Balancer sources

3594

## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

3595

## e.g:

3596

## loadBalancerSourceRanges:

3597

## - 10.10.10.0/24

3598

##

3599

loadBalancerSourceRanges: []

3600

## @param dex.metrics.service.externalTrafficPolicy Dex service external traffic policy

3601

## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

3602

##

3603

externalTrafficPolicy: Cluster

3604

## @param dex.metrics.service.annotations Additional custom annotations for Dex service

3605

##

3606

annotations: {}

3607

## @param dex.metrics.service.sessionAffinity Session Affinity for Kubernetes service, can be "None" or "ClientIP"

3608

## If "ClientIP", consecutive client requests will be directed to the same Pod

3609

## ref: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies

3610

##

3611

sessionAffinity: None

3612

## @param dex.metrics.service.sessionAffinityConfig Additional settings for the sessionAffinity

3613

## sessionAffinityConfig:

3614

## clientIP:

3615

## timeoutSeconds: 300

3616

sessionAffinityConfig: {}

3617

## Dex metrics service monitor configuration

3618

##

3619

serviceMonitor:

3620

## @param dex.metrics.serviceMonitor.enabled Create ServiceMonitor Resource for scraping metrics using PrometheusOperator

3621

##

3622

enabled: false

3623

## @param dex.metrics.serviceMonitor.namespace Namespace which Prometheus is running in

3624

## e.g:

3625

## namespace: monitoring

3626

##

3627

namespace: ""

3628

## @param dex.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus.

3629

##

3630

jobLabel: ""

3631

## @param dex.metrics.serviceMonitor.interval Interval at which metrics should be scraped

3632

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

3633

##

3634

interval: 30s

3635

## @param dex.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended

3636

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint

3637

##

3638

scrapeTimeout: 10s

3639

## @param dex.metrics.serviceMonitor.relabelings RelabelConfigs to apply to samples before scraping

3640

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

3641

##

3642

relabelings: []

3643

## @param dex.metrics.serviceMonitor.metricRelabelings MetricRelabelConfigs to apply to samples before ingestion

3644

## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#relabelconfig

3645

##

3646

metricRelabelings: []

3647

## @param dex.metrics.serviceMonitor.selector ServiceMonitor selector labels

3648

## ref: https://github.com/iamguarded/charts/tree/main/iamguarded/prometheus-operator#prometheus-configuration

3649

##

3650

## selector:

3651

## prometheus: my-prometheus

3652

##

3653

selector: {}

3654

## @param dex.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels

3655

##

3656

honorLabels: false

3657

## ServiceAccount configuration for the Dex

3658

##

3659

serviceAccount:

3660

## @param dex.serviceAccount.create Specifies whether a ServiceAccount should be created for Dex

3661

##

3662

create: true

3663

## @param dex.serviceAccount.name The name of the ServiceAccount to use.

3664

## If not set and create is true, a name is generated using the common.names.fullname template

3665

##

3666

3667

## @param dex.serviceAccount.automountServiceAccountToken Automount service account token for the Dex service account

3668

##

3669

automountServiceAccountToken: false

3670

## @param dex.serviceAccount.annotations Annotations for service account. Evaluated as a template. Only used if `create` is `true`.

3671

##

3672

annotations: {}

3673

## @param dex.command Override default container command (useful when using custom images)

3674

##

3675

command: []

3676

## @param dex.args Override default container args (useful when using custom images)

3677

##

3678

args: []

3679

## @param dex.extraArgs Add extra args to the default args for Dex

3680

##

3681

extraArgs: []

3682

## @param dex.automountServiceAccountToken Mount Service Account token in pod

3683

##

3684

automountServiceAccountToken: true

3685

## @param dex.hostAliases Dex pods host aliases

3686

## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/

3687

##

3688

hostAliases: []

3689

## @param dex.podLabels Extra labels for Dex pods

3690

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

3691

##

3692

podLabels: {}

3693

## @param dex.podAnnotations Annotations for Dex pods

3694

## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/

3695

##

3696

podAnnotations: {}

3697

## @param dex.podAffinityPreset Pod affinity preset. Ignored if `dex.affinity` is set. Allowed values: `soft` or `hard`

3698

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

3699

##

3700

podAffinityPreset: ""

3701

## @param dex.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `dex.affinity` is set. Allowed values: `soft` or `hard`

3702

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity

3703

##

3704

podAntiAffinityPreset: soft

3705

## Node dex.affinity preset

3706

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity

3707

##

3708

nodeAffinityPreset:

3709

## @param dex.nodeAffinityPreset.type Node affinity preset type. Ignored if `dex.affinity` is set. Allowed values: `soft` or `hard`

3710

##

3711

type: ""

3712

## @param dex.nodeAffinityPreset.key Node label key to match. Ignored if `dex.affinity` is set

3713

##

3714

key: ""

3715

## @param dex.nodeAffinityPreset.values Node label values to match. Ignored if `dex.affinity` is set

3716

## E.g.

3717

## values:

3718

## - e2e-az1

3719

## - e2e-az2

3720

##

3721

values: []

3722

## @param dex.affinity Affinity for Dex pods assignment

3723

## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

3724

## NOTE: `dex.podAffinityPreset`, `dex.podAntiAffinityPreset`, and `dex.nodeAffinityPreset` will be ignored when it's set

3725

##

3726

affinity: {}

3727

## @param dex.nodeSelector Node labels for Dex pods assignment

3728

## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/

3729

##

3730

nodeSelector: {}

3731

## @param dex.tolerations Tolerations for Dex pods assignment

3732

## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/

3733

##

3734

tolerations: []

3735

## @param dex.schedulerName Name of the k8s scheduler (other than default)

3736

## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/

3737

##

3738

schedulerName: ""

3739

## @param dex.shareProcessNamespace Enable shared process namespace in a pod.

3740

## If set to false (default), each container will run in separate namespace, dex will have PID=1.

3741

## If set to true, the /pause will run as init process and will reap any zombie PIDs,

3742

## for example, generated by a custom exec probe running longer than a probe timeoutSeconds.

3743

## Enable this only if customLivenessProbe or customReadinessProbe is used and zombie PIDs are accumulating.

3744

## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/share-process-namespace/

3745

##

3746

shareProcessNamespace: false

3747

## @param dex.topologySpreadConstraints Topology Spread Constraints for pod assignment

3748

## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/

3749

## The value is evaluated as a template

3750

##

3751

topologySpreadConstraints: []

3752

## @param dex.updateStrategy.type Dex statefulset strategy type

3753

## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies

3754

##

3755

updateStrategy:

3756

## StrategyType

3757

## Can be set to RollingUpdate or OnDelete

3758

##

3759

type: RollingUpdate

3760

## @param dex.priorityClassName Dex pods' priorityClassName

3761

##

3762

priorityClassName: ""

3763

## @param dex.runtimeClassName Name of the runtime class to be used by pod(s)

3764

## ref: https://kubernetes.io/docs/concepts/containers/runtime-class/

3765

##

3766

runtimeClassName: ""

3767

## @param dex.lifecycleHooks for the Dex container(s) to automate configuration before or after startup

3768

##

3769

lifecycleHooks: {}

3770

## @param dex.extraEnvVars Array with extra environment variables to add to Dex nodes

3771

## e.g:

3772

## extraEnvVars:

3773

## - name: FOO

3774

## value: "bar"

3775

##

3776

extraEnvVars: []

3777

## @param dex.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Dex nodes

3778

##

3779

extraEnvVarsCM: ""

3780

## @param dex.extraEnvVarsSecret Name of existing Secret containing extra env vars for Dex nodes

3781

##

3782

extraEnvVarsSecret: ""

3783

## @param dex.extraVolumes Optionally specify extra list of additional volumes for the Dex pod(s)

3784

##

3785

extraVolumes: []

3786

## @param dex.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Dex container(s)

3787

##

3788

extraVolumeMounts: []

3789

## @param dex.sidecars Add additional sidecar containers to the Dex pod(s)

3790

## e.g:

3791

## sidecars:

3792

## - name: your-image-name

3793

## image: your-image

3794

## imagePullPolicy: Always

3795

## ports:

3796

## - name: portname

3797

## containerPort: 1234

3798

##

3799

sidecars: []

3800

## @param dex.initContainers Add additional init containers to the Dex pod(s)

3801

## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/

3802

## e.g:

3803

## initContainers:

3804

## - name: your-image-name

3805

## image: your-image

3806

## imagePullPolicy: Always

3807

## command: ['sh', '-c', 'echo "hello world"']

3808

##

3809

initContainers: []

3810

## Pod Disruption Budget configuration

3811

## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb

3812

## @param dex.pdb.create Enable/disable a Pod Disruption Budget creation

3813

## @param dex.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled

3814

## @param dex.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `dex.pdb.minAvailable` and `dex.pdb.maxUnavailable` are empty.

3815

##

3816

pdb:

3817

create: true

3818

minAvailable: ""

3819

maxUnavailable: ""

3820

## @section Shared config for Argo CD components

3821

config:

3822

## @param config.knownHosts [string] Known hosts to be added to the known hosts list by default. Check the values to see the default value

3823

##

3824

knownHosts: |

3825

bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw==

3826

github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

3827

gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=

3828

gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf

3829

gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9

3830

ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H

3831

vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H

3832

## @param config.extraKnownHosts Add extra known hosts to the known hosts list

3833

## E.g.:

3834

## extraKnownHosts: |

3835

## gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf

3836

## gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9

3837

##

3838

extraKnownHosts: ""

3839

## @param config.createExtraKnownHosts Whether to create or not the extra known hosts configmap

3840

##

3841

createExtraKnownHosts: true

3842

## @param config.styles Custom CSS styles

3843

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/

3844

## E.g.:

3845

## styles: |

3846

## .nav-bar {

3847

## background: linear-gradient(to bottom, #999, #777, #333, #222, #111);

3848

## }

3849

##

3850

styles: ""

3851

## @param config.existingStylesConfigmap Use an existing styles configmap

3852

##

3853

existingStylesConfigmap: ""

3854

## @param config.tlsCerts TLS certificates used to verify the authenticity of the repository servers

3855

## Certificates will be generated by default if the values are not set.

3856

## E.g:

3857

## tlsCerts:

3858

## argocd-1.example.com: |

3859

## -----BEGIN CERTIFICATE-----

3860

## (...)

3861

## -----END CERTIFICATE-----

3862

## argocd-2.example.com: |

3863

## -----BEGIN CERTIFICATE-----

3864

## (...)

3865

## -----END CERTIFICATE-----

3866

##

3867

tlsCerts: {}

3868

## @param config.gpgKeys GnuPG public keys to add to the keyring

3869

## Keys will be generated by default if the values are not set.

3870

## Note: Public keys should be exported with `gpg --export --armor <KEY>`

3871

##

3872

gpgKeys: {}

3873

# 4AEE18F83AFDEB23: |

3874

# -----BEGIN PGP PUBLIC KEY BLOCK-----

3875

# ...

3876

# -----END PGP PUBLIC KEY BLOCK-----

3877

3878

## @param config.rbac Role-based authentication configuration

3879

##

3880

rbac: {}

3881

# policy.default: role:readonly

3882

# policy.csv: |

3883

# # Grant all members of the group 'my-org:team-alpha; the ability to sync apps in 'my-project'

3884

# p, my-org:team-alpha, applications, sync, my-project/*, allow

3885

# # Grant all members of 'my-org:team-beta' admins

3886

# g, my-org:team-beta, role:admin

3887

3888

## Argo CD general secret configuration

3889

##

3890

secret:

3891

## @param config.secret.create Whether to create or not the secret

3892

##

3893

create: true

3894

## Annotations to be added to argocd-secret

3895

## @param config.secret.annotations General secret extra annotations

3896

##

3897

annotations: {}

3898

## Webhook Configs

3899

## @param config.secret.githubSecret GitHub secret to configure webhooks

3900

## @param config.secret.gitlabSecret GitLab secret to configure webhooks

3901

## @param config.secret.bitbucketServerSecret BitBucket secret to configure webhooks

3902

## @param config.secret.bitbucketUUID BitBucket UUID to configure webhooks

3903

## @param config.secret.gogsSecret Gogs secret to configure webhooks

3904

##

3905

githubSecret: ""

3906

gitlabSecret: ""

3907

bitbucketServerSecret: ""

3908

bitbucketUUID: ""

3909

gogsSecret: ""

3910

## Extra keys to add to the general config secret. Useful for injecting SSO secrets into environment variables.

3911

## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/user-management/#sso

3912

## @param config.secret.extra Extra keys to add to the configuration secret.

3913

## All values must be non-empty.

3914

## E.g:

3915

## LDAP_PASSWORD: "mypassword"

3916

##

3917

extra: {}

3918

## Argo CD TLS Data.

3919

## @param config.secret.argocdServerTlsConfig.key TLS key for the Argo CD config secret

3920

## @param config.secret.argocdServerTlsConfig.crt TLS certificate for the Argo CD config secret

3921

## E.g:

3922

## key:

3923

## crt: |

3924

## -----BEGIN CERTIFICATE-----

3925

## <cert data>

3926

## -----END CERTIFICATE-----

3927

## -----BEGIN CERTIFICATE-----

3928

## <ca cert data>

3929

## -----END CERTIFICATE-----

3930

##

3931

argocdServerTlsConfig:

3932

key: ""

3933

crt: ""

3934

## Argo admin password

3935

## @param config.secret.argocdServerAdminPassword Argo CD server admin password. Autogenerated by default.

3936

##

3937

argocdServerAdminPassword: ""

3938

## Password modification time defaults to current time if not set

3939

## @param config.secret.argocdServerAdminPasswordMtime Argo CD server password modification time

3940

## E.g:

3941

## argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z"

3942

##

3943

argocdServerAdminPasswordMtime: ""

3944

## Create a secret with optional repository credentials

3945

## @param config.secret.repositoryCredentials Repository credentials to add to the Argo CD server confgi secret

3946

## E.g.

3947

## repositoryCredentials:

3948

## sample-ssh-key: |

3949

## -----BEGIN RSA PRIVATE KEY-----

3950

## <key content>

3951

## -----END RSA PRIVATE KEY-----

3952

##

3953

repositoryCredentials: {}

3954

## External Cluster Credentials

3955

## Refs:

3956

## - https://argo-cd.readthedocs.io/en/stable/operator-manual/declarative-setup/#clusters

3957

## - https://argo-cd.readthedocs.io/en/stable/operator-manual/security/#external-cluster-credentials

3958

## @param config.clusterCredentials Configure external cluster credentials

3959

## E.g

3960

## - name: mycluster

3961

## server: https://mycluster.com

3962

## labels: {}

3963

## annotations: {}

3964

## config:

3965

## bearerToken: "<authentication token>"

3966

## tlsClientConfig:

3967

## insecure: false

3968

## caData: "<base64 encoded certificate>"

3969

## - name: mycluster2

3970

## server: https://mycluster2.com

3971

## labels: {}

3972

## annotations: {}

3973

## namespaces: namespace1,namespace2

3974

## config:

3975

## bearerToken: "<authentication token>"

3976

## tlsClientConfig:

3977

## insecure: false

3978

## caData: "<base64 encoded certificate>"

3979

##

3980

clusterCredentials: []

3981

## @section Init Container Parameters

3982

3983

## 'volumePermissions' init container parameters

3984

## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values

3985

## based on the *podSecurityContext/*containerSecurityContext parameters

3986

##

3987

volumePermissions:

3988

## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`

3989

##

3990

enabled: false

3991

## OS Shell + Utility image

3992

## ref: https://hub.docker.com/r/iamguarded/os-shell/tags/

3993

## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry

3994

## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository

3995

## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended)

3996

## @param volumePermissions.image.digest OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

3997

## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy

3998

## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets

3999

##

4000

image:

4001

registry: cgr.dev

4002

repository: chainguard-private/os-shell-iamguarded

4003

tag: 1.0.0

4004

digest: ""

4005

pullPolicy: IfNotPresent

4006

## Optionally specify an array of imagePullSecrets.

4007

## Secrets must be manually created in the namespace.

4008

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

4009

## e.g:

4010

## pullSecrets:

4011

## - myRegistryKeySecretName

4012

##

4013

pullSecrets: []

4014

## Init container's resource requests and limits

4015

## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/

4016

## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).

4017

## More information: https://github.com/iamguarded/charts/blob/main/iamguarded/common/templates/_resources.tpl#L15

4018

##

4019

resourcesPreset: "nano"

4020

## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)

4021

## Example:

4022

## resources:

4023

## requests:

4024

## cpu: 2

4025

## memory: 512Mi

4026

## limits:

4027

## cpu: 3

4028

## memory: 1024Mi

4029

##

4030

resources: {}

4031

## Init container Container Security Context

4032

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

4033

## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

4034

## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser

4035

## NOTE: when runAsUser is set to special value "auto", init container will try to chown the

4036

## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`

4037

## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)

4038

##

4039

containerSecurityContext:

4040

seLinuxOptions: {}

4041

runAsUser: 0

4042

## @section Other Parameters

4043

4044

## RBAC configuration

4045

##

4046

rbac:

4047

## @param rbac.create Specifies whether RBAC resources should be created

4048

##

4049

create: true

4050

## Redis parameters

4051

##

4052

redis:

4053

## Iamguarded Redis image

4054

## ref: https://hub.docker.com/r/iamguarded/redis/tags/

4055

## @param redis.image.registry [default: REGISTRY_NAME] Redis image registry

4056

## @param redis.image.repository [default: REPOSITORY_NAME/redis] Redis image repository

4057

## @skip redis.image.tag Redis image tag (immutable tags are recommended)

4058

## @param redis.image.digest Redis image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag

4059

## @param redis.image.pullPolicy Redis image pull policy

4060

## @param redis.image.pullSecrets Redis image pull secrets

4061

##

4062

image:

4063

registry: cgr.dev

4064

repository: chainguard-private/redis-server-iamguarded

4065

tag: 8.6.1

4066

digest: ""

4067

## Specify a imagePullPolicy

4068

## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images

4069

##

4070

pullPolicy: IfNotPresent

4071

## Optionally specify an array of imagePullSecrets.

4072

## Secrets must be manually created in the namespace.

4073

## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

4074

## e.g:

4075

## pullSecrets:

4076

## - myRegistryKeySecretName

4077

##

4078

pullSecrets: []

4079

## @param redis.enabled Enable Redis dependency

4080

##

4081

enabled: true

4082

## @param redis.nameOverride Name override for the Redis dependency

4083

##

4084

nameOverride: ""

4085

## @param redis.service.ports.redis Service port for Redis dependency

4086

##

4087

service:

4088

ports:

4089

redis: 6379

4090

## Use password authentication

4091

## @param redis.auth.enabled Enable Redis dependency authentication

4092

## @param redis.auth.existingSecret Existing secret to load redis dependency password

4093

## @param redis.auth.existingSecretPasswordKey Pasword key name inside the existing secret

4094

##

4095

auth:

4096

enabled: true

4097

## Name of existing secret object containing the password

4098

##

4099

existingSecret: ""

4100

##

4101

## Password key to be retrieved from Redis® secret

4102

##

4103

existingSecretPasswordKey: 'redis-password'

4104

## Cluster settings

4105

## @param redis.architecture Redis® architecture. Allowed values: `standalone` or `replication`

4106

## TODO(miguelaeh): We need to test the chart with redis sentinel, it seems to be supported at: https://github.com/argoproj/argo-cd/blob/2a410187565e15633b6f2a8c8d8da22cf02b257d/util/cache/cache.go#L40

4107

##

4108

architecture: standalone

4109

##

4110

## External Redis®

4111

##

4112

externalRedis:

4113

## Can be enabled after redisWait.enabled and redis.enabled are set to false

4114

## @param externalRedis.enabled Enables External Redis

4115

##

4116

enabled: false

4117

## Redis® host

4118

## @param externalRedis.host External Redis host

4119

##

4120

host: ""

4121

## Redis® port

4122

## @param externalRedis.port External Redis port

4123

##

4124

port: 6379

4125

## Redis® password for authentication

4126

## Ignored if existingSecret is set

4127

## @param externalRedis.password External Redis password

4128

##

4129

password: ""

4130

## Name of existing secret object containing the password

4131

## @param externalRedis.existingSecret Existing secret for the external redis

4132

##

4133

existingSecret: ""

4134

## Password key to be retrieved from Redis® secret

4135

## @param externalRedis.existingSecretPasswordKey Password key for the existing secret containing the external redis password

4136

##

4137

existingSecretPasswordKey: 'redis-password'

4138

## Specify a label to use with the label selector

4139

## @param externalRedis.selector External Redis selector labels

4140

##

4141

selector: {}

4142

#

4143

# selector:

4144

# app.kubernetes.io/component: master

4145

# app.kubernetes.io/instance: redis

4146

# app.kubernetes.io/name: redis

4147

## Wait-for-redis init container configuration

4148

##

4149

redisWait:

4150

## @param redisWait.enabled Enables waiting for redis

4151

##

4152

enabled: true

4153

## @param redisWait.extraArgs Additional arguments for the redis-cli call, such as TLS

4154

##

4155

extraArgs: ''

4156

## @param redisWait.containerSecurityContext.enabled Enabled Argo CD repo server containers' Security Context

4157

## @param redisWait.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container

4158

## @param redisWait.containerSecurityContext.runAsUser Set Argo CD repo server containers' Security Context runAsUser

4159

## @param redisWait.containerSecurityContext.runAsGroup Set Argo CD repo server containers' Security Context runAsGroup

4160

## @param redisWait.containerSecurityContext.allowPrivilegeEscalation Set Argo CD repo server containers' Security Context allowPrivilegeEscalation

4161

## @param redisWait.containerSecurityContext.capabilities.drop Set Argo CD containers' repo server Security Context capabilities to be dropped

4162

## @param redisWait.containerSecurityContext.readOnlyRootFilesystem Set Argo CD containers' repo server Security Context readOnlyRootFilesystem

4163

## @param redisWait.containerSecurityContext.runAsNonRoot Set Argo CD repo server containers' Security Context runAsNonRoot

4164

## @param redisWait.containerSecurityContext.privileged Set redisWait container's Security Context privileged

4165

## @param redisWait.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile

4166

##

4167

containerSecurityContext:

4168

enabled: true

4169

seLinuxOptions: {}

4170

runAsUser: 1001

4171

runAsGroup: 1001

4172

runAsNonRoot: true

4173

readOnlyRootFilesystem: true

4174

allowPrivilegeEscalation: false

4175

privileged: false

4176

capabilities:

4177

drop: ["ALL"]

4178

seccompProfile:

4179

type: "RuntimeDefault"

4180

argocd

The trusted source for open source

Product

Solutions

Customers

Resources

Company