2021-05-21 12:19:05 +00:00
images :
# imagePullPolicy to apply to all containers
pullPolicy : Always
# Secrets with credentials to pull images from a private registry
pullSecrets : [ ]
# - name: argo-pull-secret
init :
# By default the installation will not set an explicit one, which will mean it uses `default` for the namespace the chart is
# being deployed to. In RBAC clusters, that will almost certainly fail. See the NOTES: section of the readme for more info.
serviceAccount : ""
createAggregateRoles : true
# Restrict Argo to only deploy into a single namespace by apply Roles and RoleBindings instead of the Cluster equivalents,
# and start argo-cli with the --namespaced flag. Use it in clusters with strict access policy.
singleNamespace : false
workflow :
namespace : "" # Specify namespace if workflows run in another namespace than argo. This controls where the service account and RBAC resources will be created.
serviceAccount :
create : false # Specifies whether a service account should be created
annotations : {}
name : "argo-workflow" # Service account which is used to run workflows
rbac :
create : false # adds Role and RoleBinding for the above specified service account to be able to run workflows
controller :
image :
registry : quay.io
repository : argoproj/workflow-controller
# Overrides the image tag whose default is the chart appVersion.
tag : ""
# parallelism dictates how many workflows can be running at the same time
parallelism :
# podAnnotations is an optional map of annotations to be applied to the controller Pods
podAnnotations : {}
# Optional labels to add to the controller pods
podLabels : {}
# SecurityContext to set on the controller pods
podSecurityContext : {}
# podPortName: http
metricsConfig :
enabled : false
path : /metrics
port : 9090
servicePort : 8080
servicePortName : metrics
# the controller container's securityContext
securityContext :
readOnlyRootFilesystem : true
runAsNonRoot : true
allowPrivilegeEscalation : false
capabilities :
drop :
persistence : {}
# connectionPool:
# maxIdleConns: 100
# maxOpenConns: 0
# # save the entire workflow into etcd and DB
# nodeStatusOffLoad: false
# # enable archiving of old workflows
# archive: false
# postgresql:
# host: localhost
# port: 5432
# database: postgres
# tableName: argo_workflows
# # the database secrets must be in the same namespace of the controller
# userNameSecret:
# name: argo-postgres-config
# key: username
# passwordSecret:
# name: argo-postgres-config
# key: password
workflowDefaults : {} # Only valid for 2.7+
# spec:
# ttlStrategy:
# secondsAfterCompletion: 84600
# workflowWorkers: 32
# podWorkers: 32
workflowRestrictions : {} # Only valid for 2.9+
# templateReferencing: Strict|Secure
telemetryConfig :
enabled : false
path : /telemetry
port : 8081
servicePort : 8081
servicePortName : telemetry
serviceMonitor :
enabled : false
additionalLabels : {}
serviceAccount :
create : true
2021-05-27 16:33:22 +00:00
name : ""
2021-05-21 12:19:05 +00:00
# Annotations applied to created service account
annotations : {}
name : workflow-controller
workflowNamespaces :
- default
containerRuntimeExecutor : docker
instanceID :
# `instanceID.enabled` configures the controller to filter workflow submissions
# to only those which have a matching instanceID attribute.
enabled : false
# NOTE: If `instanceID.enabled` is set to `true` then either `instanceID.userReleaseName`
# or `instanceID.explicitID` must be defined.
# useReleaseName: true
# explicitID: unique-argo-controller-identifier
logging :
level : info
globallevel : "0"
serviceType : ClusterIP
# Annotations to be applied to the controller Service
serviceAnnotations : {}
# Optional labels to add to the controller Service
serviceLabels : {}
# Source ranges to allow access to service from. Only applies to
# service type `LoadBalancer`
loadBalancerSourceRanges : [ ]
resources : {}
2021-05-31 16:31:44 +00:00
## Extra environment variables to provide to the controller container
## extraEnv:
## - name: FOO
## value: "bar"
2021-05-21 12:19:05 +00:00
extraEnv : [ ]
2021-05-31 16:31:44 +00:00
2021-05-21 12:19:05 +00:00
# Extra arguments to be added to the controller
extraArgs : [ ]
replicas : 1
pdb :
enabled : false
# minAvailable: 1
# maxUnavailable: 1
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
nodeSelector :
kubernetes.io/os : linux
tolerations : [ ]
affinity : {}
# Leverage a PriorityClass to ensure your pods survive resource shortages
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
# PriorityClass: system-cluster-critical
priorityClassName : ""
# https://argoproj.github.io/argo-workflows/links/
links : [ ]
2021-05-25 06:06:31 +00:00
clusterWorkflowTemplates :
# Create a ClusterRole and CRB for the controller to access ClusterWorkflowTemplates.
enabled : true
2021-05-21 12:19:05 +00:00
# executor controls how the init and wait container should be customized
executor :
image :
registry : quay.io
repository : argoproj/argoexec
# Overrides the image tag whose default is the chart appVersion.
tag : ""
resources : {}
# Adds environment variables for the executor.
env : {}
# sets security context for the executor container
securityContext : {}
server :
enabled : true
# only updates base url of resources on client side,
# it's expected that a proxy server rewrites the request URL and gets rid of this prefix
# https://github.com/argoproj/argo-workflows/issues/716#issuecomment-433213190
baseHref : /
image :
registry : quay.io
repository : argoproj/argocli
# Overrides the image tag whose default is the chart appVersion.
tag : ""
# optional map of annotations to be applied to the ui Pods
podAnnotations : {}
# Optional labels to add to the UI pods
podLabels : {}
# SecurityContext to set on the server pods
podSecurityContext : {}
securityContext :
readOnlyRootFilesystem : false
runAsNonRoot : true
allowPrivilegeEscalation : false
capabilities :
drop :
name : server
serviceType : ClusterIP
servicePort : 2746
# servicePortName: http
serviceAccount :
create : true
2021-05-27 16:33:22 +00:00
name : ""
2021-05-21 12:19:05 +00:00
annotations : {}
# Annotations to be applied to the UI Service
serviceAnnotations : {}
# Optional labels to add to the UI Service
serviceLabels : {}
# Static IP address to assign to loadBalancer
# service type `LoadBalancer`
loadBalancerIP : ""
# Source ranges to allow access to service from. Only applies to
# service type `LoadBalancer`
loadBalancerSourceRanges : [ ]
resources : {}
replicas : 1
pdb :
enabled : false
# minAvailable: 1
# maxUnavailable: 1
## Node selectors and tolerations for server scheduling to nodes with taints
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
nodeSelector :
kubernetes.io/os : linux
tolerations : [ ]
affinity : {}
# Leverage a PriorityClass to ensure your pods survive resource shortages
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
# PriorityClass: system-cluster-critical
priorityClassName : ""
# Run the argo server in "secure" mode. Configure this value instead of
# "--secure" in extraArgs. See the following documentation for more details
# on secure mode:
# https://argoproj.github.io/argo-workflows/tls/
secure : false
2021-05-31 16:31:44 +00:00
## Extra environment variables to provide to the argo-server container
## extraEnv:
## - name: FOO
## value: "bar"
extraEnv : [ ]
2021-05-21 12:19:05 +00:00
# Extra arguments to provide to the Argo server binary.
extraArgs : [ ]
## Additional volumes to the server main container.
volumeMounts : [ ]
volumes : [ ]
## Ingress configuration.
## ref: https://kubernetes.io/docs/user-guide/ingress/
ingress :
enabled : false
annotations : {}
labels : {}
ingressClassName : ""
## Argo Workflows Server Ingress.
## Hostnames must be provided if Ingress is enabled.
## Secrets must be manually created in the namespace
hosts :
[ ]
# - argocd.example.com
paths :
- /
extraPaths :
[ ]
# - path: /*
# backend:
# serviceName: ssl-redirect
# servicePort: use-annotation
tls :
[ ]
# - secretName: argocd-example-tls
# hosts:
# - argocd.example.com
https : false
clusterWorkflowTemplates :
2021-05-25 06:06:31 +00:00
# Create a ClusterRole and CRB for the server to access ClusterWorkflowTemplates.
enabled : true
2021-05-21 12:19:05 +00:00
# Give the server permissions to edit ClusterWorkflowTemplates.
enableEditing : true
sso :
## SSO configuration when SSO is specified as a server auth mode.
## All the values are required. SSO is activated by adding --auth-mode=sso
## to the server command line.
## The root URL of the OIDC identity provider.
# issuer: https://accounts.google.com
## Name of a secret and a key in it to retrieve the app OIDC client ID from.
# clientId:
# name: argo-server-sso
# key: client-id
## Name of a secret and a key in it to retrieve the app OIDC client secret from.
# clientSecret:
# name: argo-server-sso
# key: client-secret
## The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
# redirectUrl: https://argo/oauth2/callback
# rbac:
# enabled: true
## When present, restricts secrets the server can read to a given list.
## You can use it to restrict the server to only be able to access the
## service account token secrets that are associated with service accounts
## used for authorization.
# secretWhitelist: []
## Scopes requested from the SSO ID provider. The 'groups' scope requests
## group membership information, which is usually used for authorization
## decisions.
# scopes:
# - groups
# Influences the creation of the ConfigMap for the workflow-controller itself.
useDefaultArtifactRepo : false
useStaticCredentials : true
artifactRepository :
# archiveLogs will archive the main container logs as an artifact
archiveLogs : false
s3 :
# Note the `key` attribute is not the actual secret, it's the PATH to
# the contents in the associated secret, as defined by the `name` attribute.
accessKeySecret :
# name: <releaseName>-minio
key : accesskey
secretKeySecret :
# name: <releaseName>-minio
key : secretkey
insecure : true
# bucket:
# endpoint:
# region:
# roleARN:
# useSDKCreds: true
# gcs:
# bucket: <project>-argo
# keyFormat: "{{workflow.namespace}}/{{workflow.name}}/"
# serviceAccountKeySecret is a secret selector.
# It references the k8s secret named 'my-gcs-credentials'.
# This secret is expected to have have the key 'serviceAccountKey',
# containing the base64 encoded credentials
# to the bucket.
# If it's running on GKE and Workload Identity is used,
# serviceAccountKeySecret is not needed.
# serviceAccountKeySecret:
# name: my-gcs-credentials
# key: serviceAccountKey