diff --git a/charts/argo-cd/.helmignore b/charts/argo-cd/.helmignore index ebf177fc..eec606dc 100644 --- a/charts/argo-cd/.helmignore +++ b/charts/argo-cd/.helmignore @@ -1,3 +1,4 @@ /*.tgz output ci/ +README.md.gotmpl diff --git a/charts/argo-cd/Chart.yaml b/charts/argo-cd/Chart.yaml index b187abab..0d858ad1 100644 --- a/charts/argo-cd/Chart.yaml +++ b/charts/argo-cd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: 2.1.4 description: A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. name: argo-cd -version: 3.26.1 +version: 3.26.2 home: https://github.com/argoproj/argo-helm icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png keywords: @@ -21,4 +21,4 @@ dependencies: condition: redis-ha.enabled annotations: artifacthub.io/changes: | - - "[Changed]: Upgrade argocd to v2.1.4" + - "[Changed]: Use helm-docs to generate README.md" diff --git a/charts/argo-cd/README.md b/charts/argo-cd/README.md index 6b27338e..36af1b0f 100644 --- a/charts/argo-cd/README.md +++ b/charts/argo-cd/README.md @@ -15,7 +15,7 @@ The default installation is intended to be similar to the provided ArgoCD [relea This chart installs the non-HA version of ArgoCD by default. If you want to run ArgoCD in HA mode, you can use one of the example values in the next sections. Please also have a look into the upstream [Operator Manual regarding High Availability](https://argoproj.github.io/argo-cd/operator-manual/high_availability/) to understand how scaling of ArgoCD works in detail. -> **Warning:** +> **Warning:** > You need at least 3 worker nodes as the HA mode of redis enforces Pods to run on separate nodes. ### HA mode with autoscaling @@ -56,6 +56,7 @@ server: repoServer: replicas: 2 ``` + ### Synchronizing Changes from Original Repository In the original [ArgoCD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). @@ -129,7 +130,6 @@ kubeVersionOverride: "1.18.0" Then you should no longer encounter this issue. - ### 3.0.0 and above Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3. @@ -147,6 +147,7 @@ The application controller is now available as a `StatefulSet` when the `control `controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are now arrays of strings instead of a map What was + ```yaml server: extraArgs: @@ -179,388 +180,433 @@ NAME: my-release ... ``` -## Chart Values +## General parameters -| Parameter | Description | Default | -|-----|------|---------| -| global.image.imagePullPolicy | If defined, a imagePullPolicy applied to all ArgoCD deployments. | `"IfNotPresent"` | -| global.image.repository | If defined, a repository applied to all ArgoCD deployments. | `"argoproj/argocd"` | -| global.image.tag | If defined, a tag applied to all ArgoCD deployments. | `"v2.1.4"` | -| global.podAnnotations | Annotations for the all deployed pods | -| global.podLabels | Labels for the all deployed pods | -| global.securityContext | Toggle and define securityContext | See [values.yaml](values.yaml) | -| global.imagePullSecrets | If defined, uses a Secret to pull an image from a private Docker registry or repository. | `[]` | -| global.hostAliases | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | `[]` | -| global.networkPolicy.create | Create NetworkPolicy objects for all components | `false` | -| global.networkPolicy.defaultDenyIngress | Default deny all ingress traffic | `false` | -| kubeVersionOverride | Override the Kubernetes version, which is used to evaluate certain manifests | `""` | -| nameOverride | Provide a name in place of `argocd` | `"argocd"` | -| fullnameOverride | String to fully override `"argo-cd.fullname"` | `""` | -| apiVersionOverrides.certmanager | String to override apiVersion of certmanager resources rendered by this helm chart | `""` | -| apiVersionOverrides.ingress | String to override apiVersion of ingresses rendered by this helm chart | `""` | -| createAggregateRoles | Create clusterroles that extend aggregated roles to use argo-cd crds | `false` | -| configs.clusterCredentials | Provide one or multiple [external cluster credentials](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters) | `[]` (See [values.yaml](values.yaml)) | -| configs.gpgKeysAnnotations | GnuPG key ring annotations | `{}` | -| configs.gpgKeys | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | `{}` (See [values.yaml](values.yaml)) | -| configs.knownHostsAnnotations | Known Hosts configmap annotations | `{}` | -| configs.knownHosts.data.ssh_known_hosts | Known Hosts | See [values.yaml](values.yaml) | -| configs.secret.annotations | Annotations for argocd-secret | `{}` | -| configs.secret.argocdServerAdminPassword | Bcrypt hashed admin password | `null` | -| configs.secret.argocdServerAdminPasswordMtime | Admin password modification time | `date "2006-01-02T15:04:05Z" now` if configs.secret.argocdServerAdminPassword is set | -| configs.secret.bitbucketSecret | BitBucket incoming webhook secret | `""` | -| configs.secret.createSecret | Create the argocd-secret. | `true` | -| configs.secret.githubSecret | GitHub incoming webhook secret | `""` | -| configs.secret.gitlabSecret | GitLab incoming webhook secret | `""` | -| configs.repositoryCredentials | DEPRECATED: Instead, use configs.credentialTemplates and/or configs.repositories. | `{}` | -| configs.credentialTemplates | Repository credentials to be used as Templates for other repos. | `{}` | -| configs.repositories | Repositories list to be used by applications. | `{}` | -| configs.tlsCertsAnnotations | TLS certificate configmap annotations | `{}` | -| configs.tlsCerts.data."argocd.example.com" | TLS certificate | See [values.yaml](values.yaml) | -| configs.secret.extra | add additional secrets to be added to argocd-secret | `{}` | -| configs.styles | Define custom CSS styles for your argo instance ([Read More](https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/)). This Settings will automatically mount the provided css and reference it in the argo configuration. | `""` (See [values.yaml](values.yaml)) | -| openshift.enabled | enables using arbitrary uid for argo repo server | `false` | -| server.additionalApplications | Deploy ArgoCD Applications within this helm release | `[]` (See [values.yaml](values.yaml)) | -| server.additionalProjects | Deploy ArgoCD Projects within this helm release | `[]` (See [values.yaml](values.yaml)) | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| apiVersionOverrides.certmanager | string | `""` | String to override apiVersion of certmanager resources rendered by this helm chart | +| apiVersionOverrides.ingress | string | `""` | String to override apiVersion of ingresses rendered by this helm chart | +| configs.clusterCredentials | list | `[]` (See [values.yaml]) | Provide one or multiple [external cluster credentials] | +| configs.credentialTemplates | object | `{}` | Repository credentials to be used as Templates for other repos | +| configs.gpgKeys | object | `{}` (See [values.yaml]) | [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring | +| configs.gpgKeysAnnotations | object | `{}` | GnuPG key ring annotations | +| configs.knownHosts.data.ssh_known_hosts | string | See [values.yaml] | Known Hosts | +| configs.knownHostsAnnotations | object | `{}` | Known Hosts configmap annotations | +| configs.repositories | object | `{}` | Repositories list to be used by applications | +| configs.repositoryCredentials | object | `{}` | *DEPRECATED:* Instead, use `configs.credentialTemplates` and/or `configs.repositories` | +| configs.secret.annotations | object | `{}` | Annotations to be added to argocd-secret | +| configs.secret.argocdServerAdminPassword | string | `""` | Bcrypt hashed admin password | +| configs.secret.argocdServerAdminPasswordMtime | string | `""` (defaults to current time) | Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` | +| configs.secret.argocdServerTlsConfig | object | `{}` | Argo TLS Data | +| configs.secret.bitbucketServerSecret | string | `""` | Shared secret for authenticating BitbucketServer webhook events | +| configs.secret.bitbucketUUID | string | `""` | UUID for authenticating Bitbucket webhook events | +| configs.secret.createSecret | bool | `true` | Create the argocd-secret | +| configs.secret.extra | object | `{}` | add additional secrets to be added to argocd-secret | +| configs.secret.githubSecret | string | `""` | Shared secret for authenticating GitHub webhook events | +| configs.secret.gitlabSecret | string | `""` | Shared secret for authenticating GitLab webhook events | +| configs.secret.gogsSecret | string | `""` | Shared secret for authenticating Gogs webhook events | +| configs.styles | string | `""` (See [values.yaml]) | Define custom [CSS styles] for your argo instance. This setting will automatically mount the provided CSS and reference it in the argo configuration. | +| configs.tlsCerts | object | See [values.yaml] | TLS certificate | +| configs.tlsCertsAnnotations | object | `{}` | TLS certificate configmap annotations | +| createAggregateRoles | bool | `false` | Create clusterroles that extend existing clusterroles to interact with argo-cd crds | +| fullnameOverride | string | `""` | String to fully override `"argo-cd.fullname"` | +| global.hostAliases | list | `[]` | Mapping between IP and hostnames that will be injected as entries in the pod's hosts files | +| global.image.imagePullPolicy | string | `"IfNotPresent"` | If defined, a imagePullPolicy applied to all ArgoCD deployments | +| global.image.repository | string | `"quay.io/argoproj/argocd"` | If defined, a repository applied to all ArgoCD deployments | +| global.image.tag | string | `"v2.1.4"` | If defined, a tag applied to all ArgoCD deployments | +| global.imagePullSecrets | list | `[]` | If defined, uses a Secret to pull an image from a private Docker registry or repository | +| global.networkPolicy.create | bool | `false` | Create NetworkPolicy objects for all components | +| global.networkPolicy.defaultDenyIngress | bool | `false` | Default deny all ingress traffic | +| global.podAnnotations | object | `{}` | Annotations for the all deployed pods | +| global.podLabels | object | `{}` | Labels for the all deployed pods | +| global.securityContext | object | `{}` | Toggle and define securityContext. See [values.yaml] | +| kubeVersionOverride | string | `""` | Override the Kubernetes version, which is used to evaluate certain manifests | +| nameOverride | string | `"argocd"` | Provide a name in place of `argocd` | +| openshift.enabled | bool | `false` | enables using arbitrary uid for argo repo server | +| server.additionalApplications | list | `[]` (See [values.yaml]) | Deploy ArgoCD Applications within this helm release | +| server.additionalProjects | list | `[]` (See [values.yaml]) | Deploy ArgoCD Projects within this helm release | ## ArgoCD Controller -| Parameter | Description | Default | -|-----|---------|-------------| -| controller.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| controller.topologySpreadConstraints | [Assign custom topologySpreadConstraints rules to the deployment](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | `[]` | -| controller.args.operationProcessors | define the controller `--operation-processors` | `"10"` | -| controller.args.appResyncPeriod | define the controller `--app-resync` | `"180"` | -| controller.args.selfHealTimeout | define the controller `--self-heal-timeout-seconds` | `"5"` | -| controller.args.statusProcessors | define the controller `--status-processors` | `"20"` | -| controller.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | -| controller.clusterRoleRules.enabled | Enable custom rules for the Application Controller's Cluster Role resource. | `false` | -| controller.clusterRoleRules.rules | List of custom rules for the Application Controller's Cluster Role resource. | `[]` | -| controller.containerPort | Controller listening port. | `8082` | -| controller.extraArgs | Additional arguments for the controller. A list of flags | `[]` | -| controller.extraContainers | Additional containers for the controller. A list of containers. | `[]` | -| controller.enableStatefulSet | Enable deploying the controller as a StatefulSet instead of a Deployment. Used for HA installations. | `false` | -| controller.env | Environment variables for the controller. | `[]` | -| controller.envFrom | `envFrom` to pass to the controller. | `[]` (See [values.yaml](values.yaml)) | -| controller.image.repository | Repository to use for the controller | `global.image.repository` | -| controller.image.imagePullPolicy | Image pull policy for the controller | `global.image.imagePullPolicy` | -| controller.image.tag | Tag to use for the controller | `global.image.tag` | -| controller.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| controller.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| controller.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| controller.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| controller.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| controller.logLevel | Controller log level | `"info"` | -| controller.metrics.enabled | Deploy metrics service | `false` | -| controller.metrics.service.annotations | Metrics service annotations | `{}` | -| controller.metrics.service.labels | Metrics service labels | `{}` | -| controller.metrics.service.servicePort | Metrics service port | `8082` | -| controller.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | -| controller.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | -| controller.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` | -| controller.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` | -| controller.name | Controller name string. | `"application-controller"` | -| controller.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| controller.podAnnotations | Annotations for the controller pods | `{}` | -| controller.podLabels | Labels for the controller pods | `{}` | -| controller.priorityClassName | Priority class for the controller pods | `""` | -| controller.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| controller.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| controller.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| controller.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| controller.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| controller.replicas | The number of controller pods to run | `1` |\ -| controller.resources | Resource limits and requests for the controller pods. | `{}` | -| controller.service.annotations | Controller service annotations. | `{}` | -| controller.service.labels | Controller service labels. | `{}` | -| controller.service.port | Controller service port. | `8082` | -| controller.serviceAccount.annotations | Controller service account annotations | `{}` | -| controller.serviceAccount.automountServiceAccountToken | Automount API credentials for the Service Account | `true` | -| controller.serviceAccount.create | Create a service account for the controller | `true` | -| controller.serviceAccount.name | Service account name. | `"argocd-application-controller"` | -| controller.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| controller.volumeMounts | Controller volume mounts | `[]` | -| controller.volumes | Controller volumes | `[]` | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| controller.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| controller.args.appResyncPeriod | string | `"180"` | define the application controller `--app-resync` | +| controller.args.operationProcessors | string | `"10"` | define the application controller `--operation-processors` | +| controller.args.repoServerTimeoutSeconds | string | `"60"` | define the application controller `--repo-server-timeout-seconds` | +| controller.args.selfHealTimeout | string | `"5"` | define the application controller `--self-heal-timeout-seconds` | +| controller.args.statusProcessors | string | `"20"` | define the application controller `--status-processors` | +| controller.clusterAdminAccess.enabled | bool | `true` | Enable RBAC for local cluster deployments | +| controller.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the application controller's ClusterRole resource | +| controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | +| controller.containerPort | int | `8082` | Application controller listening port | +| controller.containerSecurityContext | object | `{}` | Application controller container-level security context | +| controller.enableStatefulSet | bool | `false` | Deploy the application controller as a StatefulSet instead of a Deployment, this is required for HA capability. This is a feature flag that will become the default in chart version 3.x | +| controller.env | list | `[]` | Environment variables to pass to application controller | +| controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | +| controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller | +| controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod | +| controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller | +| controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller | +| controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the application controller | +| controller.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| controller.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| controller.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| controller.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| controller.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| controller.logFormat | string | `"text"` | Application controller log format. Either `text` or `json` | +| controller.logLevel | string | `"info"` | Application controller log level | +| controller.metrics.enabled | bool | `false` | Deploy metrics service | +| controller.metrics.rules.enabled | bool | `false` | Deploy a PrometheusRule for the application controller | +| controller.metrics.rules.spec | list | `[]` | PrometheusRule.Spec for the application controller | +| controller.metrics.service.annotations | object | `{}` | Metrics service annotations | +| controller.metrics.service.labels | object | `{}` | Metrics service labels | +| controller.metrics.service.servicePort | int | `8082` | Metrics service port | +| controller.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| controller.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| controller.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| controller.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| controller.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| controller.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| controller.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| controller.name | string | `"application-controller"` | Application controller name string | +| controller.nodeSelector | object | `{}` | [Node selector] | +| controller.podAnnotations | object | `{}` | Annotations to be added to application controller pods | +| controller.podLabels | object | `{}` | Labels to be added to application controller pods | +| controller.priorityClassName | string | `""` | Priority class for the application controller pods | +| controller.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| controller.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| controller.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| controller.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| controller.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| controller.replicas | int | `1` | The number of application controller pods to run. If changing the number of replicas you must pass the number as `ARGOCD_CONTROLLER_REPLICAS` as an environment variable | +| controller.resources | object | `{}` | Resource limits and requests for the application controller pods | +| controller.service.annotations | object | `{}` | Application controller service annotations | +| controller.service.labels | object | `{}` | Application controller service labels | +| controller.service.port | int | `8082` | Application controller service port | +| controller.service.portName | string | `"https-controller"` | Application controller service port name | +| controller.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| controller.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| controller.serviceAccount.create | bool | `true` | Create a service account for the application controller | +| controller.serviceAccount.name | string | `"argocd-application-controller"` | Service account name | +| controller.tolerations | list | `[]` | [Tolerations] for use with node taints | +| controller.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the application controller | +| controller.volumeMounts | list | `[]` | Additional volumeMounts to the application controller main container | +| controller.volumes | list | `[]` | Additional volumes to the application controller pod | ## Argo Repo Server -| Property | Description | Default | -|-----|---------|-------------| -| repoServer.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| repoServer.topologySpreadConstraints | [Assign custom topologySpreadConstraints rules to the deployment](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | `[]` | -| repoServer.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the repo server | `false` | -| repoServer.autoscaling.minReplicas | Minimum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` | -| repoServer.autoscaling.maxReplicas | Maximum number of replicas for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` | -| repoServer.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | -| repoServer.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the repo server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | -| repoServer.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `false` | -| repoServer.clusterRoleRules.enabled | Enable custom rules for the Repo server's Cluster Role resource. | `false` | -| repoServer.clusterRoleRules.rules | List of custom rules for the Repo server's Cluster Role resource. | `[]` | -| repoServer.containerPort | Repo server port | `8081` | -| repoServer.extraArgs | Additional arguments for the repo server. A list of flags. | `[]` | -| repoServer.extraContainers | Additional containers for the repo server. A list of containers. | `[]` | -| repoServer.env | Environment variables for the repo server. | `[]` | -| repoServer.envFrom | `envFrom` to pass to the repo server. | `[]` (See [values.yaml](values.yaml)) | -| repoServer.image.repository | Repository to use for the repo server | `global.image.repository` | -| repoServer.image.imagePullPolicy | Image pull policy for the repo server | `global.image.imagePullPolicy` | -| repoServer.image.tag | Tag to use for the repo server | `global.image.tag` | -| repoServer.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| repoServer.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| repoServer.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| repoServer.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| repoServer.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| repoServer.logLevel | Log level | `"info"` | -| repoServer.metrics.enabled | Deploy metrics service | `false` | -| repoServer.metrics.service.annotations | Metrics service annotations | `{}` | -| repoServer.metrics.service.labels | Metrics service labels | `{}` | -| repoServer.metrics.service.servicePort | Metrics service port | `8082` | -| repoServer.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | -| repoServer.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | -| repoServer.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` | -| repoServer.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` | -| repoServer.name | Repo server name | `"repo-server"` | -| repoServer.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| repoServer.podAnnotations | Annotations for the repo server pods | `{}` | -| repoServer.podLabels | Labels for the repo server pods | `{}` | -| repoServer.priorityClassName | Priority class for the repo server | `""` | -| repoServer.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| repoServer.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| repoServer.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| repoServer.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| repoServer.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| repoServer.replicas | The number of repo server pods to run | `1` | -| repoServer.resources | Resource limits and requests for the repo server pods. | `{}` | -| repoServer.service.annotations | Repo server service annotations. | `{}` | -| repoServer.service.automountServiceAccountToken | Automount API credentials for the Service Account | `true` | -| repoServer.service.labels | Repo server service labels. | `{}` | -| repoServer.service.port | Repo server service port. | `8081` | -| repoServer.serviceAccount.annotations | Repo server service account annotations | `{}` | -| repoServer.serviceAccount.create | Create repo server service account | `false` | -| repoServer.serviceAccount.name | Repo server service account name | `"argocd-repo-server"` | -| repoServer.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| repoServer.volumeMounts | Repo server volume mounts | `[]` | -| repoServer.volumes | Repo server volumes | `[]` | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| repoServer.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| repoServer.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the repo server | +| repoServer.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the repo server [HPA] | +| repoServer.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the repo server [HPA] | +| repoServer.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the repo server [HPA] | +| repoServer.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the repo server [HPA] | +| repoServer.clusterAdminAccess.enabled | bool | `false` | Enable RBAC for local cluster deployments | +| repoServer.clusterRoleRules.enabled | bool | `false` | Enable custom rules for the Repo server's Cluster Role resource | +| repoServer.clusterRoleRules.rules | list | `[]` | List of custom rules for the Repo server's Cluster Role resource | +| repoServer.containerPort | int | `8081` | Configures the repo server port | +| repoServer.containerSecurityContext | object | `{}` | Repo server container-level security context | +| repoServer.env | list | `[]` | Environment variables to pass to repo server | +| repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | +| repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server | +| repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod | +| repoServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the repo server | +| repoServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the repo server | +| repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server | +| repoServer.initContainers | list | `[]` | Init containers to add to the repo server pods | +| repoServer.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| repoServer.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| repoServer.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| repoServer.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| repoServer.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| repoServer.logFormat | string | `"text"` | Repo server log format: Either `text` or `json` | +| repoServer.logLevel | string | `"info"` | Repo server log level | +| repoServer.metrics.enabled | bool | `false` | Deploy metrics service | +| repoServer.metrics.service.annotations | object | `{}` | Metrics service annotations | +| repoServer.metrics.service.labels | object | `{}` | Metrics service labels | +| repoServer.metrics.service.servicePort | int | `8084` | Metrics service port | +| repoServer.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| repoServer.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| repoServer.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| repoServer.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| repoServer.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| repoServer.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| repoServer.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| repoServer.name | string | `"repo-server"` | Repo server name | +| repoServer.nodeSelector | object | `{}` | [Node selector] | +| repoServer.podAnnotations | object | `{}` | Annotations to be added to repo server pods | +| repoServer.podLabels | object | `{}` | Labels to be added to repo server pods | +| repoServer.priorityClassName | string | `""` | Priority class for the repo server | +| repoServer.rbac | list | `[]` | Repo server rbac rules | +| repoServer.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| repoServer.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| repoServer.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| repoServer.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| repoServer.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| repoServer.replicas | int | `1` | The number of repo server pods to run | +| repoServer.resources | object | `{}` | Resource limits and requests for the repo server pods | +| repoServer.service.annotations | object | `{}` | Repo server service annotations | +| repoServer.service.labels | object | `{}` | Repo server service labels | +| repoServer.service.port | int | `8081` | Repo server service port | +| repoServer.service.portName | string | `"https-repo-server"` | Repo server service port name | +| repoServer.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| repoServer.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| repoServer.serviceAccount.create | bool | `false` | Create repo server service account | +| repoServer.serviceAccount.name | string | `""` | Repo server service account name | +| repoServer.tolerations | list | `[]` | [Tolerations] for use with node taints | +| repoServer.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the repo server | +| repoServer.volumeMounts | list | `[]` | Additional volumeMounts to the repo server main container | +| repoServer.volumes | list | `[]` | Additional volumes to the repo server pod | ## Argo Server -| Parameter | Description | Default | -|-----|---------|-------------| -| server.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| server.topologySpreadConstraints | [Assign custom topologySpreadConstraints rules to the deployment](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | `[]` | -| server.autoscaling.enabled | Enable Horizontal Pod Autoscaler ([HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)) for the server | `false` | -| server.autoscaling.minReplicas | Minimum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `1` | -| server.autoscaling.maxReplicas | Maximum number of replicas for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `5` | -| server.autoscaling.targetCPUUtilizationPercentage | Average CPU utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | -| server.autoscaling.targetMemoryUtilizationPercentage | Average memory utilization percentage for the server [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | `50` | -| server.GKEbackendConfig.enabled | Enable BackendConfig custom resource for Google Kubernetes Engine. | `false` | -| server.GKEbackendConfig.spec | [BackendConfigSpec](https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom) | `{}` | -| server.certificate.additionalHosts | Certificate manager additional hosts | `[]` | -| server.certificate.domain | Certificate manager domain | `"argocd.example.com"` | -| server.certificate.enabled | Enables a certificate manager certificate. | `false` | -| server.certificate.issuer | Certificate manager issuer | `{}` | -| server.clusterAdminAccess.enabled | Enable RBAC for local cluster deployments. | `true` | -| server.configAnnotations | ArgoCD configuration configmap annotations | `{}` | -| server.config | [General Argo CD configuration](https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories) | See [values.yaml](values.yaml) | -| server.config.repositories | [DEPRECATED: Instead, use configs.credentialTemplates and/or configs.repositories.](https://argo-cd.readthedocs.io/en/latest/operator-manual/declarative-setup/#legacy-behaviour) | See [values.yaml](values.yaml) | -| server.containerPort | Server container port. | `8080` | -| server.extraArgs | Additional arguments for the server. A list of flags. | `[]` | -| server.extraContainers | Additional containers for the server. A list of containers. | `[]` | -| server.staticAssets.enabled | Disable deprecated flag --staticassets | `false` | -| server.env | Environment variables for the server. | `[]` | -| server.envFrom | `envFrom` to pass to the server. | `[]` (See [values.yaml](values.yaml)) | -| server.image.repository | Repository to use for the server | `global.image.repository` | -| server.image.imagePullPolicy | Image pull policy for the server | `global.image.imagePullPolicy` | -| server.image.tag | Tag to use for the server | `global.image.tag` | -| server.ingress.annotations | Additional ingress annotations | `{}` | -| server.ingress.enabled | Enable an ingress resource for the server | `false` | -| server.ingress.hosts | List of ingress hosts | `[]` | -| server.ingress.labels | Additional ingress labels. | `{}` | -| server.ingress.ingressClassName | Defines which ingress controller will implement the resource | `""` | -| server.ingress.tls | Ingress TLS configuration. | `[]` | -| server.ingress.https | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | `false` | -| server.ingressGrpc.annotations | Additional ingress annotations for dedicated [gRPC-ingress] | `{}` | -| server.ingressGrpc.enabled | Enable an ingress resource for the server for dedicated [gRPC-ingress] | `false` | -| server.ingressGrpc.hosts | List of ingress hosts for dedicated [gRPC-ingress] | `[]` | -| server.ingressGrpc.labels | Additional ingress labels for dedicated [gRPC-ingress] | `{}` | -| server.ingressGrpc.ingressClassName | Defines which ingress controller will implement the resource [gRPC-ingress] | `""` | -| server.ingressGrpc.tls | Ingress TLS configuration for dedicated [gRPC-ingress] | `[]` | -| server.ingressGrpc.isAWSALB | Setup up GRPC ingress to work with an AWS ALB | `false` | -| server.ingressGrpc.awsALB.serviceType | Service type for the AWS ALB GRPC service | `NodePort` | -| server.ingressGrpc.awsALB.backendProtocolVersion | Backend protocol version for the AWS ALB GRPC service | `HTTP2` | -| server.route.enabled | Enable a OpenShift route for the server | `false` | -| server.route.hostname | Hostname of OpenShift route | `""` | -| server.lifecycle | PostStart and PreStop hooks configuration | `{}` | -| server.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| server.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| server.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| server.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| server.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| server.logLevel | Log level | `"info"` | -| server.metrics.enabled | Deploy metrics service | `false` | -| server.metrics.service.annotations | Metrics service annotations | `{}` | -| server.metrics.service.labels | Metrics service labels | `{}` | -| server.metrics.service.servicePort | Metrics service port | `8082` | -| server.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | -| server.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | -| server.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` | -| server.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` | -| server.name | Argo CD server name | `"server"` | -| server.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| server.podAnnotations | Annotations for the server pods | `{}` | -| server.podLabels | Labels for the server pods | `{}` | -| server.priorityClassName | Priority class for the server | `""` | -| server.rbacConfigAnnotations | RBAC configmap annotations | `{}` | -| server.rbacConfig | [Argo CD RBAC policy](https://argoproj.github.io/argo-cd/operator-manual/rbac/) | `{}` | -| server.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| server.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| server.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| server.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| server.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| server.replicas | The number of server pods to run | `1` | -| server.resources | Resource limits and requests for the server | `{}` | -| server.service.annotations | Server service annotations | `{}` | -| server.service.labels | Server service labels | `{}` | -| server.service.servicePortHttp | Server service http port | `80` | -| server.service.servicePortHttps | Server service https port | `443` | -| server.service.servicePortHttpName | Server service http port name, can be used to route traffic via istio | `http` | -| server.service.servicePortHttpsName | Server service https port name, can be used to route traffic via istio | `https` | -| server.service.nodePortHttp | Server service http port for NodePort service type| `30080` | -| server.service.servicePortHttps | Server service http port for NodePort service type | `30443` | -| server.service.loadBalancerSourceRanges | Source IP ranges to allow access to service from. | `[]` | -| server.service.externalIPs | Server service external IPs. | `[]` | -| server.service.type | Server service type | `"ClusterIP"` | -| server.serviceAccount.annotations | Server service account annotations | `{}` | -| server.serviceAccount.automountServiceAccountToken | Automount API credentials for the Service Account | `true` | -| server.serviceAccount.create | Create server service account | `true` | -| server.serviceAccount.name | Server service account name | `"argocd-server"` | -| server.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| server.volumeMounts | Server volume mounts | `[]` | -| server.volumes | Server volumes | `[]` | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| server.GKEbackendConfig.enabled | bool | `false` | Enable BackendConfig custom resource for Google Kubernetes Engine | +| server.GKEbackendConfig.spec | object | `{}` | [BackendConfigSpec] | +| server.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| server.autoscaling.enabled | bool | `false` | Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server | +| server.autoscaling.maxReplicas | int | `5` | Maximum number of replicas for the Argo CD server [HPA] | +| server.autoscaling.minReplicas | int | `1` | Minimum number of replicas for the Argo CD server [HPA] | +| server.autoscaling.targetCPUUtilizationPercentage | int | `50` | Average CPU utilization percentage for the Argo CD server [HPA] | +| server.autoscaling.targetMemoryUtilizationPercentage | int | `50` | Average memory utilization percentage for the Argo CD server [HPA] | +| server.certificate.additionalHosts | list | `[]` | Certificate manager additional hosts | +| server.certificate.domain | string | `"argocd.example.com"` | Certificate manager domain | +| server.certificate.enabled | bool | `false` | Enables a certificate manager certificate | +| server.certificate.issuer.kind | string | `nil` | Certificate manager issuer | +| server.certificate.issuer.name | string | `nil` | Certificate manager name | +| server.certificate.secretName | string | `"argocd-server-tls"` | Certificate manager secret name | +| server.clusterAdminAccess.enabled | bool | `true` | Enable RBAC for local cluster deployments | +| server.config | object | See [values.yaml] | [General Argo CD configuration] | +| server.configAnnotations | object | `{}` | Annotations to be added to ArgoCD ConfigMap | +| server.configEnabled | bool | `true` | Manage ArgoCD configmap (Declarative Setup) | +| server.containerPort | int | `8080` | Configures the server port | +| server.containerSecurityContext | object | `{}` | Servers container-level security context | +| server.env | list | `[]` | Environment variables to pass to Argo CD server | +| server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | +| server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | +| server.extraContainers | list | `[]` | Additional containers to be added to the server pod | +| server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server | +| server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server | +| server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | +| server.ingress.annotations | object | `{}` | Additional ingress annotations | +| server.ingress.enabled | bool | `false` | Enable an ingress resource for the Argo CD server | +| server.ingress.extraPaths | list | `[]` | Additional ingress paths | +| server.ingress.hosts | list | `[]` | List of ingress hosts | +| server.ingress.https | bool | `false` | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | +| server.ingress.ingressClassName | string | `""` | Defines which ingress controller will implement the resource | +| server.ingress.labels | object | `{}` | Additional ingress labels | +| server.ingress.pathType | string | `"Prefix"` | Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| server.ingress.paths | list | `["/"]` | List of ingress paths | +| server.ingress.tls | list | `[]` | Ingress TLS configuration | +| server.ingressGrpc.annotations | object | `{}` | Additional ingress annotations for dedicated [gRPC-ingress] | +| server.ingressGrpc.awsALB.backendProtocolVersion | string | `"HTTP2"` | Backend protocol version for the AWS ALB gRPC service | +| server.ingressGrpc.awsALB.serviceType | string | `"NodePort"` | Service type for the AWS ALB gRPC service | +| server.ingressGrpc.enabled | bool | `false` | Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] | +| server.ingressGrpc.extraPaths | list | `[]` | Additional ingress paths for dedicated [gRPC-ingress] | +| server.ingressGrpc.hosts | list | `[]` | List of ingress hosts for dedicated [gRPC-ingress] | +| server.ingressGrpc.https | bool | `false` | Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` | +| server.ingressGrpc.ingressClassName | string | `""` | Defines which ingress controller will implement the resource [gRPC-ingress] | +| server.ingressGrpc.isAWSALB | bool | `false` | Setup up gRPC ingress to work with an AWS ALB | +| server.ingressGrpc.labels | object | `{}` | Additional ingress labels for dedicated [gRPC-ingress] | +| server.ingressGrpc.pathType | string | `"Prefix"` | Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` | +| server.ingressGrpc.paths | list | `["/"]` | List of ingress paths for dedicated [gRPC-ingress] | +| server.ingressGrpc.tls | list | `[]` | Ingress TLS configuration for dedicated [gRPC-ingress] | +| server.lifecycle | object | `{}` | Specify postStart and preStop lifecycle hooks for your argo-cd-server container | +| server.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| server.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| server.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| server.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| server.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| server.logFormat | string | `"text"` | Argo CD server log format: Either `text` or `json` | +| server.logLevel | string | `"info"` | Argo CD server log level | +| server.metrics.enabled | bool | `false` | Deploy metrics service | +| server.metrics.service.annotations | object | `{}` | Metrics service annotations | +| server.metrics.service.labels | object | `{}` | Metrics service labels | +| server.metrics.service.servicePort | int | `8083` | Metrics service port | +| server.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| server.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| server.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| server.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| server.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| server.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| server.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| server.name | string | `"server"` | Argo CD server name | +| server.nodeSelector | object | `{}` | [Node selector] | +| server.podAnnotations | object | `{}` | Annotations to be added to server pods | +| server.podLabels | object | `{}` | Labels to be added to server pods | +| server.priorityClassName | string | `""` | Priority class for the Argo CD server | +| server.rbacConfig | object | `{}` | ArgoCD rbac config ([ArgoCD RBAC policy]) | +| server.rbacConfigAnnotations | object | `{}` | Annotations to be added to ArgoCD rbac ConfigMap | +| server.rbacConfigCreate | bool | `true` | Whether or not to create the configmap. If false, it is expected the configmap will be created by something else. ArgoCD will not work if there is no configMap created with the name above. | +| server.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| server.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| server.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| server.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| server.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| server.replicas | int | `1` | The number of server pods to run | +| server.resources | object | `{}` | Resource limits and requests for the Argo CD server | +| server.route.enabled | bool | `false` | Enable a OpenShift route for the Argo CD server | +| server.route.hostname | string | `""` | Hostname of OpenShift route | +| server.service.annotations | object | `{}` | Server service annotations | +| server.service.externalIPs | list | `[]` | Server service external IPs | +| server.service.externalTrafficPolicy | string | `""` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | +| server.service.labels | object | `{}` | Server service labels | +| server.service.loadBalancerIP | string | `""` | LoadBalancer will get created with the IP specified in this field | +| server.service.loadBalancerSourceRanges | list | `[]` | Source IP ranges to allow access to service from | +| server.service.namedTargetPort | bool | `true` | Use named target port for argocd | +| server.service.nodePortHttp | int | `30080` | Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") | +| server.service.nodePortHttps | int | `30443` | Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort") | +| server.service.servicePortHttp | int | `80` | Server service http port | +| server.service.servicePortHttpName | string | `"http"` | Server service http port name, can be used to route traffic via istio | +| server.service.servicePortHttps | int | `443` | Server service https port | +| server.service.servicePortHttpsName | string | `"https"` | Server service https port name, can be used to route traffic via istio | +| server.service.sessionAffinity | string | `""` | Used to maintain session affinity. Supports `ClientIP` and `None` | +| server.service.type | string | `"ClusterIP"` | Server service type | +| server.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| server.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| server.serviceAccount.create | bool | `true` | Create server service account | +| server.serviceAccount.name | string | `"argocd-server"` | Server service account name | +| server.staticAssets.enabled | bool | `true` | Disable deprecated flag `--staticassets` | +| server.tolerations | list | `[]` | [Tolerations] for use with node taints | +| server.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to the Argo CD server | +| server.volumeMounts | list | `[]` | Additional volumeMounts to the server main container | +| server.volumes | list | `[]` | Additional volumes to the server pod | ## Dex -| Property | Description | Default | -|-----|---------|-------------| -| dex.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| dex.topologySpreadConstraints | [Assign custom topologySpreadConstraints rules to the deployment](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | `[]` | -| dex.containerPortGrpc | GRPC container port | `5557` | -| dex.containerPortHttp | HTTP container port | `5556` | -| dex.enabled | Enable dex | `true` | -| dex.image.imagePullPolicy | Dex imagePullPolicy | `"IfNotPresent"` | -| dex.image.repository | Dex image repository | `"quay.io/dexidp/dex"` | -| dex.image.tag | Dex image tag | `"v2.14.0"` | -| dex.initImage.repository | Argo CD init image repository. | `global.image.repository` | -| dex.initImage.imagePullPolicy | Argo CD init image imagePullPolicy | `global.image.imagePullPolicy` | -| dex.initImage.tag | Argo CD init image tag | `global.image.tag` | -| dex.metrics.enabled | Deploy metrics service | `false` | -| dex.metrics.service.annotations | Metrics service annotations | `{}` | -| dex.metrics.service.labels | Metrics service labels | `{}` | -| dex.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor. | `false` | -| dex.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector. | `{}` | -| dex.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` | -| dex.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` | -| dex.name | Dex name | `"dex-server"` | -| dex.extraContainers | Additional containers for the Dex server. A list of containers. | `[]` | -| dex.env | Environment variables for the Dex server. | `[]` | -| dex.envFrom | `envFrom` to pass to the Dex server. | `[]` (See [values.yaml](values.yaml)) | -| dex.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| dex.podAnnotations | Annotations for the Dex server pods | `{}` | -| dex.podLabels | Labels for the Dex server pods | `{}` | -| dex.livenessProbe.enabled | Enable Kubernetes liveness probe for Dex >= 2.28.0 | `false` | -| dex.livenessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| dex.livenessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) |`10` | -| dex.livenessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| dex.livenessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| dex.livenessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| dex.readinessProbe.enabled | Enable Kubernetes readiness probe for Dex >= 2.28.0 | `false` | -| dex.readinessProbe.failureThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `3` | -| dex.readinessProbe.initialDelaySeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) |`10` | -| dex.readinessProbe.periodSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `10` | -| dex.readinessProbe.successThreshold | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| dex.readinessProbe.timeoutSeconds | [Kubernetes probe configuration](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | `1` | -| dex.priorityClassName | Priority class for dex | `""` | -| dex.resources | Resource limits and requests for dex | `{}` | -| dex.serviceAccount.automountServiceAccountToken | Automount API credentials for the Service Account | `true` | -| dex.serviceAccount.create | Create dex service account | `true` | -| dex.serviceAccount.name | Dex service account name | `"argocd-dex-server"` | -| dex.servicePortGrpc | Server GRPC port | `5557` | -| dex.servicePortGrpcName | Server GRPC port name | `grpc` | -| dex.servicePortHttp | Server HTTP port | `5556` | -| dex.servicePortHttpName | Server GRPC port name | `http` | -| dex.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| dex.volumeMounts | Dex volume mounts | `"/shared"` | -| dex.volumes | Dex volumes | `{}` | -| dex.extraVolumeMounts | Extra dex volume mounts | `[]` | -| dex.extraVolumes | Extra dex volumes | `[]` | +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| dex.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| dex.containerPortGrpc | int | `5557` | Container port for gRPC access | +| dex.containerPortHttp | int | `5556` | Container port for HTTP access | +| dex.containerPortMetrics | int | `5558` | Container port for metrics access | +| dex.containerSecurityContext | object | `{}` | Dex container-level security context | +| dex.enabled | bool | `true` | Enable dex | +| dex.env | list | `[]` | Environment variables to pass to the Dex server | +| dex.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Dex server | +| dex.extraContainers | list | `[]` | Additional containers to be added to the dex pod | +| dex.extraVolumeMounts | list | `[]` | Extra volumeMounts to the dex pod | +| dex.extraVolumes | list | `[]` | Extra volumes to the dex pod | +| dex.image.imagePullPolicy | string | `"IfNotPresent"` | Dex imagePullPolicy | +| dex.image.repository | string | `"ghcr.io/dexidp/dex"` | Dex image repository | +| dex.image.tag | string | `"v2.30.0"` | Dex image tag | +| dex.initImage.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Argo CD init image imagePullPolicy | +| dex.initImage.repository | string | `""` (defaults to global.image.repository) | Argo CD init image repository | +| dex.initImage.tag | string | `""` (defaults to global.image.tag) | Argo CD init image tag | +| dex.livenessProbe.enabled | bool | `false` | Enable Kubernetes liveness probe for Dex >= 2.28.0 | +| dex.livenessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.livenessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| dex.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| dex.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| dex.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| dex.metrics.enabled | bool | `false` | Deploy metrics service | +| dex.metrics.service.annotations | object | `{}` | Metrics service annotations | +| dex.metrics.service.labels | object | `{}` | Metrics service labels | +| dex.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| dex.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| dex.metrics.serviceMonitor.interval | string | `"30s"` | Prometheus ServiceMonitor interval | +| dex.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| dex.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| dex.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| dex.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| dex.name | string | `"dex-server"` | Dex name | +| dex.nodeSelector | object | `{}` | [Node selector] | +| dex.podAnnotations | object | `{}` | Annotations to be added to the Dex server pods | +| dex.podLabels | object | `{}` | Labels to be added to the Dex server pods | +| dex.priorityClassName | string | `""` | Priority class for dex | +| dex.readinessProbe.enabled | bool | `false` | Enable Kubernetes readiness probe for Dex >= 2.28.0 | +| dex.readinessProbe.failureThreshold | int | `3` | Minimum consecutive failures for the [probe] to be considered failed after having succeeded | +| dex.readinessProbe.initialDelaySeconds | int | `10` | Number of seconds after the container has started before [probe] is initiated | +| dex.readinessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | +| dex.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | +| dex.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | +| dex.resources | object | `{}` | Resource limits and requests for dex | +| dex.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| dex.serviceAccount.automountServiceAccountToken | bool | `true` | Automount API credentials for the Service Account | +| dex.serviceAccount.create | bool | `true` | Create dex service account | +| dex.serviceAccount.name | string | `"argocd-dex-server"` | Dex service account name | +| dex.servicePortGrpc | int | `5557` | Service port for gRPC access | +| dex.servicePortGrpcName | string | `"grpc"` | Service port name for gRPC access | +| dex.servicePortHttp | int | `5556` | Service port for HTTP access | +| dex.servicePortHttpName | string | `"http"` | Service port name for HTTP access | +| dex.servicePortMetrics | int | `5558` | Service port for metrics access | +| dex.tolerations | list | `[]` | [Tolerations] for use with node taints | +| dex.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to dex | +| dex.volumeMounts | list | `[{"mountPath":"/shared","name":"static-files"}]` | Additional volumeMounts to the dex main container | +| dex.volumes | list | `[{"emptyDir":{},"name":"static-files"}]` | Additional volumes to the dex pod | ## Redis -When Redis is completely disabled from the chart (`redis.enabled=false`) and -an external Redis instance wants to be used or -when Redis HA subcart is enabled (`redis.enabled=true and redis-ha.enabled=true`) -but HA proxy is disabled `redis-ha.haproxy.enabled=false` Redis flags need to be specified -through `xxx.extraArgs` - -| Parameter | Description | Default | -|-----|---------|-------------| -| redis.affinity | [Assign custom affinity rules to the deployment](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/) | `{}` | -| redis.topologySpreadConstraints | [Assign custom topologySpreadConstraints rules to the deployment](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) | `[]` | -| redis.containerPort | Redis container port | `6379` | -| redis.enabled | Enable redis | `true` | -| redis.image.imagePullPolicy | Redis imagePullPolicy | `"IfNotPresent"` | -| redis.image.repository | Redis repository | `"redis"` | -| redis.image.tag | Redis tag | `"6.2.1-alpine"` | -| redis.extraArgs | Additional arguments for the `redis-server`. A list of flags. | `[]` | -| redis.extraContainers | Additional containers for the redis. A list of containers. | `[]` | -| redis.name | Redis name | `"redis"` | -| redis.env | Environment variables for the Redis server. | `[]` | -| redis.envFrom | `envFrom` to pass to the Redis server. | `[]` (See [values.yaml](values.yaml)) | -| redis.nodeSelector | [Node selector](https://kubernetes.io/docs/user-guide/node-selection/) | `{}` | -| redis.podAnnotations | Annotations for the Redis server pods | `{}` | -| redis.podLabels | Labels for the Redis server pods | `{}` | -| redis.priorityClassName | Priority class for redis | `""` | -| redis.resources | Resource limits and requests for redis | `{}` | -| redis.securityContext | Redis Pod Security Context | See [values.yaml](values.yaml) | -| redis.servicePort | Redis service port | `6379` | -| redis.service.annotations | Redis service annotations | `{}` | -| redis.service.labels | Additional redis service labels | `{}` | -| redis.tolerations | [Tolerations for use with node taints](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) | `[]` | -| redis.metrics.enabled | Deploy metrics service and redis-exporter sidecar | `false` | -| redis.metrics.image.repository | redis-exporter image repository | `quay.io/bitnami/redis-exporter` | -| redis.metrics.image.tag | redis-exporter image tag | `1.26.0-debian-10-r2` | -| redis.metrics.image.imagePullPolicy | redis-exporter image PullPolicy | `IfNotPresent` | -| redis.metrics.containerPort | Port to use for redis-exporter sidecar | `9121` | -| redis.metrics.resources | Resource limits and requests for redis-exporter sidecar | `{}` | -| redis.metrics.service.type | Metrics service type | `ClusterIP` | -| redis.metrics.service.clusterIP | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | `None` | -| redis.metrics.service.annotations | Metrics service annotations | `{}` | -| redis.metrics.service.labels | Metrics service labels | `{}` | -| redis.metrics.service.servicePort | Metrics service port | `9121` | -| redis.metrics.service.portName | Metrics service port name | `http-metrics` | -| redis.metrics.serviceMonitor.enabled | Enable a prometheus ServiceMonitor | `false` | -| redis.metrics.serviceMonitor.interval | Interval at which metrics should be scraped | `30s` | -| redis.metrics.serviceMonitor.relabelings | Prometheus [RelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) to apply to samples before scraping | `[]` | -| redis.metrics.serviceMonitor.metricRelabelings | Prometheus [MetricRelabelConfigs](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) to apply to samples before ingestion | `[]` | -| redis.metrics.serviceMonitor.selector | Prometheus ServiceMonitor selector labels | `{}` | -| redis.metrics.serviceMonitor.namespace | Prometheus ServiceMonitor namespace | `` | -| redis.metrics.serviceMonitor.additionalLabels | Additional labels to add to the Prometheus ServiceMonitor | `{}` | -| redis-ha | Configures [Redis HA subchart](https://github.com/DandyDeveloper/charts/tree/master/charts/redis-ha) The properties below have been changed from the subchart defaults | | -| redis-ha.enabled | Enables the Redis HA subchart and disables the custom Redis single node deployment| `false` | -| redis-ha.exporter.enabled | If `true`, the prometheus exporter sidecar is enabled | `true` | -| redis-ha.persistentVolume.enabled | Configures persistency on Redis nodes | `false` -| redis-ha.redis.masterGroupName | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | `argocd` -| redis-ha.redis.config | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | `` | -| redis-ha.redis.config.save | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | `""` | -| redis-ha.haproxy.enabled | Enabled HAProxy LoadBalancing/Proxy | `true` | -| redis-ha.haproxy.metrics.enabled | HAProxy enable prometheus metric scraping | `true` | -| redis-ha.image.tag | Redis tag | `"6.2.1-alpine"` | - -[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/ - +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| redis.affinity | object | `{}` | Assign custom [affinity] rules to the deployment | +| redis.containerPort | int | `6379` | Redis container port | +| redis.containerSecurityContext | object | `{}` | Redis container-level security context | +| redis.enabled | bool | `true` | Enable redis | +| redis.env | list | `[]` | Environment variables to pass to the Redis server | +| redis.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to the Redis server | +| redis.extraArgs | list | `[]` | Additional command line arguments to pass to redis-server | +| redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | +| redis.image.imagePullPolicy | string | `"IfNotPresent"` | Redis imagePullPolicy | +| redis.image.repository | string | `"redis"` | Redis repository | +| redis.image.tag | string | `"6.2.4-alpine"` | Redis tag | +| redis.metrics.containerPort | int | `9121` | Port to use for redis-exporter sidecar | +| redis.metrics.enabled | bool | `false` | Deploy metrics service and redis-exporter sidecar | +| redis.metrics.image.imagePullPolicy | string | `"IfNotPresent"` | redis-exporter image PullPolicy | +| redis.metrics.image.repository | string | `"quay.io/bitnami/redis-exporter"` | redis-exporter image repository | +| redis.metrics.image.tag | string | `"1.26.0-debian-10-r2"` | redis-exporter image tag | +| redis.metrics.resources | object | `{}` | Resource limits and requests for redis-exporter sidecar | +| redis.metrics.service.annotations | object | `{}` | Metrics service annotations | +| redis.metrics.service.clusterIP | string | `"None"` | Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) | +| redis.metrics.service.labels | object | `{}` | Metrics service labels | +| redis.metrics.service.portName | string | `"http-metrics"` | Metrics service port name | +| redis.metrics.service.servicePort | int | `9121` | Metrics service port | +| redis.metrics.service.type | string | `"ClusterIP"` | Metrics service type | +| redis.metrics.serviceMonitor.additionalLabels | object | `{}` | Prometheus ServiceMonitor labels | +| redis.metrics.serviceMonitor.enabled | bool | `false` | Enable a prometheus ServiceMonitor | +| redis.metrics.serviceMonitor.interval | string | `"30s"` | Interval at which metrics should be scraped | +| redis.metrics.serviceMonitor.metricRelabelings | list | `[]` | Prometheus [MetricRelabelConfigs] to apply to samples before ingestion | +| redis.metrics.serviceMonitor.namespace | string | `""` | Prometheus ServiceMonitor namespace | +| redis.metrics.serviceMonitor.relabelings | list | `[]` | Prometheus [RelabelConfigs] to apply to samples before scraping | +| redis.metrics.serviceMonitor.selector | object | `{}` | Prometheus ServiceMonitor selector | +| redis.name | string | `"redis"` | Redis name | +| redis.nodeSelector | object | `{}` | [Node selector] | +| redis.podAnnotations | object | `{}` | Annotations to be added to the Redis server pods | +| redis.podLabels | object | `{}` | Labels to be added to the Redis server pods | +| redis.priorityClassName | string | `""` | Priority class for redis | +| redis.resources | object | `{}` | Resource limits and requests for redis | +| redis.securityContext | object | `{"runAsNonRoot":true,"runAsUser":999}` | Redis pod-level security context | +| redis.service.annotations | object | `{}` | Redis service annotations | +| redis.service.labels | object | `{}` | Additional redis service labels | +| redis.serviceAccount.annotations | object | `{}` | Annotations applied to created service account | +| redis.serviceAccount.automountServiceAccountToken | bool | `false` | Automount API credentials for the Service Account | +| redis.serviceAccount.create | bool | `false` | Create a service account for the redis pod | +| redis.serviceAccount.name | string | `""` | Service account name for redis pod | +| redis.servicePort | int | `6379` | Redis service port | +| redis.tolerations | list | `[]` | [Tolerations] for use with node taints | +| redis.topologySpreadConstraints | list | `[]` | Assign custom [TopologySpreadConstraints] rules to redis | +| redis.volumeMounts | list | `[]` | Additional volumeMounts to the redis container | +| redis.volumes | list | `[]` | Additional volumes to the redis pod | +| redis-ha.enabled | bool | `false` | Enables the Redis HA subchart and disables the custom Redis single node deployment | +| redis-ha.exporter.enabled | bool | `true` | If `true`, the prometheus exporter sidecar is enabled | +| redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | +| redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | +| redis-ha.image.tag | string | `"6.2.4-alpine"` | Redis tag | +| redis-ha.persistentVolume.enabled | bool | `false` | Configures persistency on Redis nodes | +| redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | +| redis-ha.redis.config.save | string | `"\"\""` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | +| redis-ha.redis.masterGroupName | string | `"argocd"` | Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated | ### Using AWS ALB Ingress Controller With GRPC + If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service. Example: + ```yaml server: ingress: @@ -577,3 +623,22 @@ server: serviceType: ClusterIP ``` + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0) + +[ArgoCD RBAC policy]: https://argoproj.github.io/argo-cd/operator-manual/rbac/ +[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ +[external cluster credentials]: https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters +[General Argo CD configuration]: https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories +[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/ +[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[values.yaml]: values.yaml diff --git a/charts/argo-cd/README.md.gotmpl b/charts/argo-cd/README.md.gotmpl new file mode 100644 index 00000000..608700a1 --- /dev/null +++ b/charts/argo-cd/README.md.gotmpl @@ -0,0 +1,293 @@ +# Argo CD Chart + +A Helm chart for ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes. + +Source code can be found [here](https://argoproj.github.io/argo-cd/) + +## Additional Information + +This is a **community maintained** chart. This chart installs [argo-cd](https://argoproj.github.io/argo-cd/), a declarative, GitOps continuous delivery tool for Kubernetes. + +The default installation is intended to be similar to the provided ArgoCD [releases](https://github.com/argoproj/argo-cd/releases). + +## High Availability + +This chart installs the non-HA version of ArgoCD by default. If you want to run ArgoCD in HA mode, you can use one of the example values in the next sections. +Please also have a look into the upstream [Operator Manual regarding High Availability](https://argoproj.github.io/argo-cd/operator-manual/high_availability/) to understand how scaling of ArgoCD works in detail. + +> **Warning:** +> You need at least 3 worker nodes as the HA mode of redis enforces Pods to run on separate nodes. + +### HA mode with autoscaling + +```yaml +redis-ha: + enabled: true + +controller: + enableStatefulSet: true + +server: + autoscaling: + enabled: true + minReplicas: 2 + +repoServer: + autoscaling: + enabled: true + minReplicas: 2 +``` + +### HA mode without autoscaling + +```yaml +redis-ha: + enabled: true + +controller: + enableStatefulSet: true + +server: + replicas: 2 + env: + - name: ARGOCD_API_SERVER_REPLICAS + value: '2' + +repoServer: + replicas: 2 +``` + +### Synchronizing Changes from Original Repository + +In the original [ArgoCD repository](https://github.com/argoproj/argo-cd/) an [`manifests/install.yaml`](https://github.com/argoproj/argo-cd/blob/master/manifests/install.yaml) is generated using `kustomize`. It's the basis for the installation as [described in the docs](https://argo-cd.readthedocs.io/en/stable/getting_started/#1-install-argo-cd). + +When installing ArgoCD using this helm chart the user should have a similar experience and configuration rolled out. Hence, it makes sense to try to achieve a similar output of rendered `.yaml` resources when calling `helm template` using the default settings in `values.yaml`. + +To update the templates and default settings in `values.yaml` it may come in handy to look up the diff of the `manifests/install.yaml` between two versions accordingly. This can either be done directly via github and look for `manifests/install.yaml`: + +https://github.com/argoproj/argo-cd/compare/v1.8.7...v2.0.0#files_bucket + +Or you clone the repository and do a local `git-diff`: + +```bash +git clone https://github.com/argoproj/argo-cd.git +cd argo-cd +git diff v1.8.7 v2.0.0 -- manifests/install.yaml +``` + +Changes in the `CustomResourceDefinition` resources shall be fixed easily by copying 1:1 from the [`manifests/crds` folder](https://github.com/argoproj/argo-cd/tree/master/manifests/crds) into this [`charts/argo-cd/crds` folder](https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd/crds). + +## Upgrading + +### 3.13.0 + +This release removes the flag `--staticassets` from argocd server as it has been dropped upstream. If this flag needs to be enabled e.g for older releases of ArgoCD, it can be passed via the `server.extraArgs` field + +### 3.10.2 + +ArgoCD has recently deprecated the flag `--staticassets` and from chart version `3.10.2` has been disabled by default +It can be re-enabled by setting `server.staticAssets.enabled` to true + +### 3.8.1 + +This bugfix version potentially introduces a rename (and recreation) of one or more ServiceAccounts. It _only happens_ when you use one of these customization: + +```yaml +# Case 1) - only happens when you do not specify a custom name (repoServer.serviceAccount.name) +repoServer: + serviceAccount: + create: true + +# Case 2) +controller: + serviceAccount: + name: "" # or + +# Case 3) +dex: + serviceAccount: + name: "" # or + +# Case 4) +server: + serviceAccount: + name: "" # or +``` + +Please check if you are affected by one of these cases **before you upgrade**, especially when you use **cloud IAM roles for service accounts.** (eg. IRSA on AWS or Workload Identity for GKE) + +### 3.2.* + +With this minor version we introduced the evaluation for the ingress manifest (depending on the capabilities version), See [Pull Request](https://github.com/argoproj/argo-helm/pull/637). +[Issue 703](https://github.com/argoproj/argo-helm/issues/703) reported that the capabilities evaluation is **not handled correctly when deploying the chart via an ArgoCD instance**, +especially deploying on clusters running a cluster version prior to `1.19` (which misses `Ingress` on apiVersion `networking.k8s.io/v1`). + +If you are running a cluster version prior to `1.19` you can avoid this issue by directly installing chart version `3.6.0` and setting `kubeVersionOverride` like: + +```yaml +kubeVersionOverride: "1.18.0" +``` + +Then you should no longer encounter this issue. + + +### 3.0.0 and above + +Helm apiVersion switched to `v2`. Requires Helm `3.0.0` or above to install. [Read More](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/) on how to migrate your release from Helm 2 to Helm 3. + +### 2.14.7 and above + +The `matchLabels` key in the ArgoCD Application Controller is no longer hard-coded. Note that labels are immutable so caution should be exercised when making changes to this resource. + +### 2.10.x to 2.11.0 + +The application controller is now available as a `StatefulSet` when the `controller.enableStatefulSet` flag is set to true. Depending on your Helm deployment this may be a downtime or breaking change if enabled when using HA and will become the default in 3.x. + +### 1.8.7 to 2.x.x + +`controller.extraArgs`, `repoServer.extraArgs` and `server.extraArgs` are now arrays of strings instead of a map + +What was + +```yaml +server: + extraArgs: + insecure: "" +``` + +is now + +```yaml +server: + extraArgs: + - --insecure +``` + +## Prerequisites + +- Kubernetes 1.7+ +- Helm v3.0.0+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add argo https://argoproj.github.io/argo-helm +"argo" has been added to your repositories + +$ helm install --name my-release argo/argo-cd +NAME: my-release +... +``` + +## General parameters + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if not (or (hasPrefix "controller" .Key) (hasPrefix "repoServer" .Key) (hasPrefix "server" .Key) (hasPrefix "dex" .Key) (hasPrefix "redis" .Key) ) }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} + {{- if hasPrefix "server.additional" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## ArgoCD Controller + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "controller" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Argo Repo Server + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "repoServer" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Argo Server + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if and (hasPrefix "server" .Key) (not (hasPrefix "server.additional" .Key)) }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Dex + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "dex" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + +## Redis + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +{{- range .Values }} + {{- if hasPrefix "redis." .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} +{{- range .Values }} + {{- if hasPrefix "redis-ha" .Key }} +| {{ .Key }} | {{ .Type }} | {{ if .Default }}{{ .Default }}{{ else }}{{ .AutoDefault }}{{ end }} | {{ if .Description }}{{ .Description }}{{ else }}{{ .AutoDescription }}{{ end }} | + {{- end }} +{{- end }} + + + +### Using AWS ALB Ingress Controller With GRPC + +If you are using an AWS ALB Ingress controller, you will need to set `server.ingressGrpc.isAWSALB` to `true`. This will create a second service with the annotation `alb.ingress.kubernetes.io/backend-protocol-version: HTTP2` and modify the server ingress to add a condition annotation to route GRPC traffic to the new service. + +Example: + +```yaml +server: + ingress: + enabled: true + annotations: + alb.ingress.kubernetes.io/backend-protocol: HTTPS + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' + alb.ingress.kubernetes.io/scheme: internal + alb.ingress.kubernetes.io/target-type: ip + ingressGrpc: + enabled: true + isAWSALB: true + awsALB: + serviceType: ClusterIP + +``` + +{{ template "helm-docs.versionFooter" . }} + +[ArgoCD RBAC policy]: https://argoproj.github.io/argo-cd/operator-manual/rbac/ +[affinity]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +[BackendConfigSpec]: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig#backendconfigspec_v1beta1_cloudgooglecom +[CSS styles]: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ +[external cluster credentials]: https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters +[General Argo CD configuration]: https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#repositories +[gRPC-ingress]: https://argoproj.github.io/argo-cd/operator-manual/ingress/ +[HPA]: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +[MetricRelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs +[Node selector]: https://kubernetes.io/docs/user-guide/node-selection/ +[probe]: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes +[RelabelConfigs]: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config +[Tolerations]: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +[TopologySpreadConstraints]: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ +[values.yaml]: values.yaml diff --git a/charts/argo-cd/values.yaml b/charts/argo-cd/values.yaml index 9f9f7c08..f6fae196 100755 --- a/charts/argo-cd/values.yaml +++ b/charts/argo-cd/values.yaml @@ -1,101 +1,125 @@ ## ArgoCD configuration ## Ref: https://github.com/argoproj/argo-cd ## + +# -- Provide a name in place of `argocd` nameOverride: argocd +# -- String to fully override `"argo-cd.fullname"` fullnameOverride: "" +# -- Override the Kubernetes version, which is used to evaluate certain manifests kubeVersionOverride: "" global: image: + # -- If defined, a repository applied to all ArgoCD deployments repository: quay.io/argoproj/argocd + # -- If defined, a tag applied to all ArgoCD deployments tag: v2.1.4 + # -- If defined, a imagePullPolicy applied to all ArgoCD deployments imagePullPolicy: IfNotPresent - ## Annotations applied to all pods + # -- Annotations for the all deployed pods podAnnotations: {} - ## Labels applied to all pods + # -- Labels for the all deployed pods podLabels: {} + # -- Toggle and define securityContext. See [values.yaml] securityContext: {} # runAsUser: 999 # runAsGroup: 999 # fsGroup: 999 + + # -- If defined, uses a Secret to pull an image from a private Docker registry or repository imagePullSecrets: [] + # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files hostAliases: [] # - ip: 10.20.30.40 # hostnames: # - git.myhostname networkPolicy: + # -- Create NetworkPolicy objects for all components create: false + # -- Default deny all ingress traffic defaultDenyIngress: false # Override APIVersions # If you want to template helm charts but cannot access k8s API server # you can set api versions here apiVersionOverrides: + # -- String to override apiVersion of certmanager resources rendered by this helm chart certmanager: "" # cert-manager.io/v1 + # -- String to override apiVersion of ingresses rendered by this helm chart ingress: "" # networking.k8s.io/v1beta1 -## Create clusterroles that extend existing clusterroles to interact with argo-cd crds +# -- Create clusterroles that extend existing clusterroles to interact with argo-cd crds ## Ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles createAggregateRoles: false ## Controller controller: + # -- Application controller name string name: application-controller image: - repository: # defaults to global.image.repository - tag: # defaults to global.image.tag - imagePullPolicy: # IfNotPresent + # -- Repository to use for the application controller + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Tag to use for the application controller + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Image pull policy for the application controller + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" - # If changing the number of replicas you must pass the number as ARGOCD_CONTROLLER_REPLICAS as an environment variable + # -- The number of application controller pods to run. + # If changing the number of replicas you must pass the number as `ARGOCD_CONTROLLER_REPLICAS` as an environment variable replicas: 1 - # Deploy the application as a StatefulSet instead of a Deployment, this is required for HA capability. + # -- Deploy the application controller as a StatefulSet instead of a Deployment, this is required for HA capability. # This is a feature flag that will become the default in chart version 3.x enableStatefulSet: false - ## Argo controller commandline flags + ## Application controller commandline flags args: + # -- define the application controller `--status-processors` statusProcessors: "20" + # -- define the application controller `--operation-processors` operationProcessors: "10" + # -- define the application controller `--app-resync` appResyncPeriod: "180" + # -- define the application controller `--self-heal-timeout-seconds` selfHealTimeout: "5" + # -- define the application controller `--repo-server-timeout-seconds` repoServerTimeoutSeconds: "60" - ## Argo controller log format: text|json + # -- Application controller log format. Either `text` or `json` logFormat: text - ## Argo controller log level + # -- Application controller log level logLevel: info - ## Additional command line arguments to pass to argocd-controller - ## + # -- Additional command line arguments to pass to application controller extraArgs: [] - ## Environment variables to pass to argocd-controller - ## + # -- Environment variables to pass to application controller env: [] # - name: "ARGOCD_CONTROLLER_REPLICAS" # value: "" - ## envFrom to pass to argocd-controller - ## + # -- envFrom to pass to application controller + # @default -- `[]` (See [values.yaml]) envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name - ## Annotations to be added to controller pods - ## + # -- Annotations to be added to application controller pods podAnnotations: {} - ## Labels to be added to controller pods - ## + # -- Labels to be added to application controller pods podLabels: {} - ## Labels to set container specific security contexts + # -- Application controller container-level security context containerSecurityContext: {} # capabilities: @@ -104,55 +128,71 @@ controller: # readOnlyRootFilesystem: true # runAsNonRoot: true - ## Configures the controller port + # -- Application controller listening port containerPort: 8082 ## Readiness and liveness probes for default backend ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ ## readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed successThreshold: 1 + # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed successThreshold: 1 + # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 - ## Additional volumeMounts to the controller main container. + # -- Additional volumeMounts to the application controller main container volumeMounts: [] - ## Additional volumes to the controller pod. + # -- Additional volumes to the application controller pod volumes: [] ## Controller service configuration service: + # -- Application controller service annotations annotations: {} + # -- Application controller service labels labels: {} + # -- Application controller service port port: 8082 + # -- Application controller service port name portName: https-controller - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## + # -- [Node selector] nodeSelector: {} + # -- [Tolerations] for use with node taints tolerations: [] + # -- Assign custom [affinity] rules to the deployment affinity: {} - # Pod Topology Spread Constraints - # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # If labelSelector is left out, it will default to the labelSelector configuration of the deployment + # -- Assign custom [TopologySpreadConstraints] rules to the application controller + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Priority class for the application controller pods priorityClassName: "" + # -- Resource limits and requests for the application controller pods resources: {} # limits: # cpu: 500m @@ -162,31 +202,47 @@ controller: # memory: 256Mi serviceAccount: + # -- Create a service account for the application controller create: true + # -- Service account name name: argocd-application-controller - ## Annotations applied to created service account + # -- Annotations applied to created service account annotations: {} - ## Automount API credentials for the Service Account + # -- Automount API credentials for the Service Account automountServiceAccountToken: true - ## Server metrics controller configuration + ## Application controller metrics configuration metrics: + # -- Deploy metrics service enabled: false service: + # -- Metrics service annotations annotations: {} + # -- Metrics service labels labels: {} + # -- Metrics service port servicePort: 8082 serviceMonitor: + # -- Enable a prometheus ServiceMonitor enabled: false + # -- Prometheus ServiceMonitor interval interval: 30s + # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion metricRelabelings: [] - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} rules: + # -- Deploy a PrometheusRule for the application controller enabled: false + # -- PrometheusRule.Spec for the application controller spec: [] # - alert: ArgoAppMissing # expr: | @@ -217,137 +273,181 @@ controller: # namespace: monitoring # additionalLabels: {} - ## Enable Admin ClusterRole resources. ## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster. clusterAdminAccess: + # -- Enable RBAC for local cluster deployments enabled: true - ## Enable Custom Rules for the Application Controller's Cluster Role resource + ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. ## Defaults to off clusterRoleRules: + # -- Enable custom rules for the application controller's ClusterRole resource enabled: false + # -- List of custom rules for the application controller's ClusterRole resource rules: [] - ## Additional containers to be added to the controller pod. + # -- Additional containers to be added to the application controller pod extraContainers: [] ## Dex dex: + # -- Enable dex enabled: true + # -- Dex name name: dex-server metrics: + # -- Deploy metrics service enabled: false service: + # -- Metrics service annotations annotations: {} + # -- Metrics service labels labels: {} serviceMonitor: + # -- Enable a prometheus ServiceMonitor enabled: false + # -- Prometheus ServiceMonitor interval interval: 30s + # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion metricRelabelings: [] - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} image: + # -- Dex image repository repository: ghcr.io/dexidp/dex + # -- Dex image tag tag: v2.30.0 + # -- Dex imagePullPolicy imagePullPolicy: IfNotPresent initImage: - repository: - tag: - imagePullPolicy: + # -- Argo CD init image repository + # @default -- `""` (defaults to global.image.repository) + repository: "" + # -- Argo CD init image tag + # @default -- `""` (defaults to global.image.tag) + tag: "" + # -- Argo CD init image imagePullPolicy + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" - ## Environment variables to pass to the Dex server - ## + # -- Environment variables to pass to the Dex server env: [] - ## envFrom to pass to the Dex server + # -- envFrom to pass to the Dex server + # @default -- `[]` (See [values.yaml]) envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name - ## Annotations to be added to the Dex server pods - ## + # -- Annotations to be added to the Dex server pods podAnnotations: {} - ## Labels to be added to the Dex server pods - ## + # -- Labels to be added to the Dex server pods podLabels: {} ## Probes for Dex server ## Supported from Dex >= 2.28.0 livenessProbe: + # -- Enable Kubernetes liveness probe for Dex >= 2.28.0 enabled: false + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed successThreshold: 1 + # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 readinessProbe: + # -- Enable Kubernetes readiness probe for Dex >= 2.28.0 enabled: false + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed successThreshold: 1 + # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 serviceAccount: + # -- Create dex service account create: true + # -- Dex service account name name: argocd-dex-server - ## Annotations applied to created service account + # -- Annotations applied to created service account annotations: {} - ## Automount API credentials for the Service Account + # -- Automount API credentials for the Service Account automountServiceAccountToken: true - ## Additional volumeMounts to the controller main container. + # -- Additional volumeMounts to the dex main container volumeMounts: - name: static-files mountPath: /shared - ## Additional volumes to the controller pod. + # -- Additional volumes to the dex pod volumes: - name: static-files emptyDir: {} - ## Extra volumes to the controller pod. + # -- Extra volumes to the dex pod extraVolumes: [] - ## Extra volumeMounts to the controller pod. + # -- Extra volumeMounts to the dex pod extraVolumeMounts: [] - ## Dex deployment container ports + # -- Container port for HTTP access containerPortHttp: 5556 + # -- Service port for HTTP access servicePortHttp: 5556 + # -- Service port name for HTTP access servicePortHttpName: http + # -- Container port for gRPC access containerPortGrpc: 5557 + # -- Service port for gRPC access servicePortGrpc: 5557 + # -- Service port name for gRPC access servicePortGrpcName: grpc + # -- Container port for metrics access containerPortMetrics: 5558 + # -- Service port for metrics access servicePortMetrics: 5558 - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## + # -- [Node selector] nodeSelector: {} + # -- [Tolerations] for use with node taints tolerations: [] + # -- Assign custom [affinity] rules to the deployment affinity: {} - # Pod Topology Spread Constraints - # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # If labelSelector is left out, it will default to the labelSelector configuration of the deployment + # -- Assign custom [TopologySpreadConstraints] rules to dex + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Priority class for dex priorityClassName: "" - ## Labels to set container specific security contexts + # -- Dex container-level security context containerSecurityContext: {} # capabilities: @@ -355,6 +455,7 @@ dex: # - all # readOnlyRootFilesystem: true +# -- Resource limits and requests for dex resources: {} # limits: # cpu: 50m @@ -363,66 +464,70 @@ dex: # cpu: 10m # memory: 32Mi - ## Additional containers to be added to the dex pod. + # -- Additional containers to be added to the dex pod extraContainers: [] ## Redis redis: + # -- Enable redis enabled: true + # -- Redis name name: redis image: + # -- Redis repository repository: redis + # -- Redis tag tag: 6.2.4-alpine + # -- Redis imagePullPolicy imagePullPolicy: IfNotPresent - ## Additional command line arguments to pass to redis-server - ## + # -- Additional command line arguments to pass to redis-server extraArgs: [] # - --bind # - "0.0.0.0" + # -- Redis container port containerPort: 6379 + # -- Redis service port servicePort: 6379 - ## Environment variables to pass to the Redis server - ## + # -- Environment variables to pass to the Redis server env: [] - ## envFrom to pass to the Redis server - ## + # -- envFrom to pass to the Redis server + # @default -- `[]` (See [values.yaml]) envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name - ## Annotations to be added to the Redis server pods - ## + # -- Annotations to be added to the Redis server pods podAnnotations: {} - ## Labels to be added to the Redis server pods - ## + # -- Labels to be added to the Redis server pods podLabels: {} - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## + # -- [Node selector] nodeSelector: {} + # -- [Tolerations] for use with node taints tolerations: [] + # -- Assign custom [affinity] rules to the deployment affinity: {} - # Pod Topology Spread Constraints - # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # If labelSelector is left out, it will default to the labelSelector configuration of the deployment + # -- Assign custom [TopologySpreadConstraints] rules to redis + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Priority class for redis priorityClassName: "" - ## Labels to set container specific security contexts + # -- Redis container-level security context containerSecurityContext: {} # capabilities: @@ -430,19 +535,22 @@ redis: # - all # readOnlyRootFilesystem: true - ## Redis Pod specific security context + # -- Redis pod-level security context securityContext: runAsNonRoot: true runAsUser: 999 serviceAccount: + # -- Create a service account for the redis pod create: false + # -- Service account name for redis pod name: "" - ## Annotations applied to created service account + # -- Annotations applied to created service account annotations: {} - ## Automount API credentials for the Service Account + # -- Automount API credentials for the Service Account automountServiceAccountToken: false + # -- Resource limits and requests for redis resources: {} # limits: # cpu: 200m @@ -451,23 +559,33 @@ redis: # cpu: 100m # memory: 64Mi + # -- Additional volumeMounts to the redis container volumeMounts: [] + # -- Additional volumes to the redis pod volumes: [] - ## Additional containers to be added to the redis pod. + # -- Additional containers to be added to the redis pod extraContainers: [] service: + # -- Redis service annotations annotations: {} + # -- Additional redis service labels labels: {} metrics: + # -- Deploy metrics service and redis-exporter sidecar enabled: false image: + # -- redis-exporter image repository repository: quay.io/bitnami/redis-exporter + # -- redis-exporter image tag tag: 1.26.0-debian-10-r2 + # -- redis-exporter image PullPolicy imagePullPolicy: IfNotPresent + # -- Port to use for redis-exporter sidecar containerPort: 9121 + # -- Resource limits and requests for redis-exporter sidecar resources: {} # limits: # cpu: 50m @@ -476,141 +594,185 @@ redis: # cpu: 10m # memory: 32Mi service: + # -- Metrics service type type: ClusterIP + # -- Metrics service clusterIP. `None` makes a "headless service" (no virtual IP) clusterIP: None + # -- Metrics service annotations annotations: {} + # -- Metrics service labels labels: {} + # -- Metrics service port servicePort: 9121 + # -- Metrics service port name portName: http-metrics serviceMonitor: + # -- Enable a prometheus ServiceMonitor enabled: false + # -- Interval at which metrics should be scraped interval: 30s + # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion metricRelabelings: [] + # -- Prometheus ServiceMonitor selector selector: {} # prometheus: kube-prometheus - # namespace: monitoring + + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels additionalLabels: {} # This key configures Redis-HA subchart and when enabled (redis-ha.enabled=true) # the custom redis deployment is omitted +# Check the redis-ha chart for more properties redis-ha: + # -- Enables the Redis HA subchart and disables the custom Redis single node deployment enabled: false - # Check the redis-ha chart for more properties exporter: + # -- If `true`, the prometheus exporter sidecar is enabled enabled: true persistentVolume: + # -- Configures persistency on Redis nodes enabled: false redis: + # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated masterGroupName: argocd + # -- Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) + # @default -- See [values.yaml] config: + # -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled save: '""' haproxy: + # -- Enabled HAProxy LoadBalancing/Proxy enabled: true metrics: + # -- HAProxy enable prometheus metric scraping enabled: true image: + # -- Redis tag tag: 6.2.4-alpine ## Server server: + # -- Argo CD server name name: server + # -- The number of server pods to run replicas: 1 autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo CD server enabled: false + # -- Minimum number of replicas for the Argo CD server [HPA] minReplicas: 1 + # -- Maximum number of replicas for the Argo CD server [HPA] maxReplicas: 5 + # -- Average CPU utilization percentage for the Argo CD server [HPA] targetCPUUtilizationPercentage: 50 + # -- Average memory utilization percentage for the Argo CD server [HPA] targetMemoryUtilizationPercentage: 50 image: - repository: # defaults to global.image.repository - tag: # defaults to global.image.tag - imagePullPolicy: # IfNotPresent + # -- Repository to use for the Argo CD server + # @default -- `""` (defaults to global.image.repository) + repository: "" # defaults to global.image.repository + # -- Tag to use for the Argo CD server + # @default -- `""` (defaults to global.image.tag) + tag: "" # defaults to global.image.tag + # -- Image pull policy for the Argo CD server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" # IfNotPresent - ## Additional command line arguments to pass to argocd-server - ## + # -- Additional command line arguments to pass to Argo CD server extraArgs: [] # - --insecure - # This flag is used to either remove or pass the CLI flag --staticassets /shared/app to the argocd-server app + # This flag is used to either remove or pass the CLI flag --staticassets /shared/app to the Argo CD server app staticAssets: + # -- Disable deprecated flag `--staticassets` enabled: true - ## Environment variables to pass to argocd-server - ## + # -- Environment variables to pass to Argo CD server env: [] - ## envFrom to pass to argocd-server - ## + # -- envFrom to pass to Argo CD server + # @default -- `[]` (See [values.yaml]) envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name - ## Specify postStart and preStop lifecycle hooks for your argo-cd-server container - ## + # -- Specify postStart and preStop lifecycle hooks for your argo-cd-server container lifecycle: {} - ## Argo server log format: text|json + # -- Argo CD server log format: Either `text` or `json` logFormat: text - ## Argo server log level + # -- Argo CD server log level logLevel: info - ## Annotations to be added to controller pods - ## + # -- Annotations to be added to server pods podAnnotations: {} - ## Labels to be added to controller pods - ## + # -- Labels to be added to server pods podLabels: {} - ## Configures the server port + # -- Configures the server port containerPort: 8080 ## Readiness and liveness probes for default backend ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ ## readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed successThreshold: 1 + # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed successThreshold: 1 + # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 - ## Additional volumeMounts to the server main container. + # -- Additional volumeMounts to the server main container volumeMounts: [] - ## Additional volumes to the controller pod. + # -- Additional volumes to the server pod volumes: [] - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## + # -- [Node selector] nodeSelector: {} + # -- [Tolerations] for use with node taints tolerations: [] + # -- Assign custom [affinity] rules to the deployment affinity: {} - # Pod Topology Spread Constraints - # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # If labelSelector is left out, it will default to the labelSelector configuration of the deployment + # -- Assign custom [TopologySpreadConstraints] rules to the Argo CD server + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Priority class for the Argo CD server priorityClassName: "" - ## Labels to set container specific security contexts + # -- Servers container-level security context containerSecurityContext: {} # capabilities: @@ -618,6 +780,7 @@ server: # - all # readOnlyRootFilesystem: true + # -- Resource limits and requests for the Argo CD server resources: {} # limits: # cpu: 100m @@ -628,74 +791,118 @@ server: ## Certificate configuration certificate: + # -- Enables a certificate manager certificate enabled: false + # -- Certificate manager domain domain: argocd.example.com issuer: + # -- Certificate manager issuer kind: # ClusterIssuer + # -- Certificate manager name name: # letsencrypt + # -- Certificate manager additional hosts additionalHosts: [] + # -- Certificate manager secret name secretName: argocd-server-tls ## Server service configuration service: + # -- Server service annotations annotations: {} + # -- Server service labels labels: {} + # -- Server service type type: ClusterIP - ## For node port default ports + # -- Server service http port for NodePort service type (only if `server.service.type` is set to "NodePort") nodePortHttp: 30080 + # -- Server service https port for NodePort service type (only if `server.service.type` is set to "NodePort") nodePortHttps: 30443 + # -- Server service http port servicePortHttp: 80 + # -- Server service https port servicePortHttps: 443 + # -- Server service http port name, can be used to route traffic via istio servicePortHttpName: http + # -- Server service https port name, can be used to route traffic via istio servicePortHttpsName: https + # -- Use named target port for argocd + ## Named target ports are not supported by GCE health checks, so when deploying argocd on GKE + ## and exposing it via GCE ingress, the health checks fail and the load balancer returns a 502. namedTargetPort: true + # -- LoadBalancer will get created with the IP specified in this field loadBalancerIP: "" + # -- Source IP ranges to allow access to service from loadBalancerSourceRanges: [] + # -- Server service external IPs externalIPs: [] + # -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints externalTrafficPolicy: "" + # -- Used to maintain session affinity. Supports `ClientIP` and `None` sessionAffinity: "" ## Server metrics service configuration metrics: + # -- Deploy metrics service enabled: false service: + # -- Metrics service annotations annotations: {} + # -- Metrics service labels labels: {} + # -- Metrics service port servicePort: 8083 serviceMonitor: + # -- Enable a prometheus ServiceMonitor enabled: false + # -- Prometheus ServiceMonitor interval interval: 30s + # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion metricRelabelings: [] - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor namespace + namespace: "" # monitoring + # -- Prometheus ServiceMonitor labels + additionalLabels: {} serviceAccount: + # -- Create server service account create: true + # -- Server service account name name: argocd-server - ## Annotations applied to created service account + # -- Annotations applied to created service account annotations: {} - ## Automount API credentials for the Service Account + # -- Automount API credentials for the Service Account automountServiceAccountToken: true ingress: + # -- Enable an ingress resource for the Argo CD server enabled: false + # -- Additional ingress annotations annotations: {} + # -- Additional ingress labels labels: {} + # -- Defines which ingress controller will implement the resource ingressClassName: "" + # -- List of ingress hosts ## Argo Ingress. ## Hostnames must be provided if Ingress is enabled. ## Secrets must be manually created in the namespace - ## hosts: [] # - argocd.example.com + + # -- List of ingress paths paths: - / + # -- Ingress path type. One of `Exact`, `Prefix` or `ImplementationSpecific` pathType: Prefix + # -- Additional ingress paths extraPaths: [] # - path: /* @@ -710,31 +917,44 @@ server: # name: ssl-redirect # port: # name: use-annotation + + # -- Ingress TLS configuration tls: [] # - secretName: argocd-tls-certificate # hosts: # - argocd.example.com + + # -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` https: false + # dedicated ingress for gRPC as documented at - # https://argoproj.github.io/argo-cd/operator-manual/ingress/ + # Ref: https://argoproj.github.io/argo-cd/operator-manual/ingress/ ingressGrpc: + # -- Enable an ingress resource for the Argo CD server for dedicated [gRPC-ingress] enabled: false + # -- Setup up gRPC ingress to work with an AWS ALB isAWSALB: false + # -- Additional ingress annotations for dedicated [gRPC-ingress] annotations: {} + # -- Additional ingress labels for dedicated [gRPC-ingress] labels: {} + # -- Defines which ingress controller will implement the resource [gRPC-ingress] ingressClassName: "" awsALB: + # -- Service type for the AWS ALB gRPC service ## Service Type if isAWSALB is set to true ## Can be of type NodePort or ClusterIP depending on which mode you are ## are running. Instance mode needs type NodePort, IP mode needs type ## ClusterIP ## Ref: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/how-it-works/#ingress-traffic serviceType: NodePort - # This tells AWS to send traffic from the ALB using HTTP2. Can use GRPC as well if you want to leverage GRPC specific features + # -- Backend protocol version for the AWS ALB gRPC service + ## This tells AWS to send traffic from the ALB using HTTP2. Can use gRPC as well if you want to leverage gRPC specific features backendProtocolVersion: HTTP2 + # -- List of ingress hosts for dedicated [gRPC-ingress] ## Argo Ingress. ## Hostnames must be provided if Ingress is enabled. ## Secrets must be manually created in the namespace @@ -742,9 +962,13 @@ server: hosts: [] # - argocd.example.com + + # -- List of ingress paths for dedicated [gRPC-ingress] paths: - / + # -- Ingress path type for dedicated [gRPC-ingress]. One of `Exact`, `Prefix` or `ImplementationSpecific` pathType: Prefix + # -- Additional ingress paths for dedicated [gRPC-ingress] extraPaths: [] # - path: /* @@ -759,11 +983,15 @@ server: # name: ssl-redirect # port: # name: use-annotation + + # -- Ingress TLS configuration for dedicated [gRPC-ingress] tls: [] # - secretName: argocd-tls-certificate # hosts: # - argocd.example.com + + # -- Uses `server.service.servicePortHttps` instead `server.service.servicePortHttp` https: false # Create a OpenShift Route with SSL passthrough for UI and CLI @@ -771,12 +999,16 @@ server: # Find your domain with: kubectl describe --namespace=openshift-ingress-operator ingresscontroller/default | grep Domain: # If 'hostname' is an empty string "" OpenShift will create a hostname for you. route: + # -- Enable a OpenShift route for the Argo CD server enabled: false + # -- Hostname of OpenShift route hostname: "" - ## ArgoCD config - ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml + # -- Manage ArgoCD configmap (Declarative Setup) + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-cm.yaml configEnabled: true + # -- [General Argo CD configuration] + # @default -- See [values.yaml] config: # Argo CD's externally facing base URL (optional). Required when configuring SSO url: https://argocd.example.com @@ -809,11 +1041,11 @@ server: # - profile # - email - ## Annotations to be added to ArgoCD ConfigMap + # -- Annotations to be added to ArgoCD ConfigMap configAnnotations: {} - ## ArgoCD rbac config - ## reference https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md + # -- ArgoCD rbac config ([ArgoCD RBAC policy]) + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md rbacConfig: {} # policy.csv is an file containing user-defined RBAC policies and role definitions (optional). @@ -835,16 +1067,16 @@ server: # If omitted, defaults to: '[groups]'. The scope value can be a string, or a list of strings. # scopes: '[cognito:groups, email]' - ## Annotations to be added to ArgoCD rbac ConfigMap + # -- Annotations to be added to ArgoCD rbac ConfigMap rbacConfigAnnotations: {} - # Boolean determining whether or not to create the configmap. If false, it is expected the configmap will be created + # -- Whether or not to create the configmap. If false, it is expected the configmap will be created # by something else. ArgoCD will not work if there is no configMap created with the name above. rbacConfigCreate: true - ## Not well tested and not well supported on release v1.0.0. - ## Applications - ## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ + # -- Deploy ArgoCD Applications within this helm release + # @default -- `[]` (See [values.yaml]) + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ additionalApplications: [] # - name: guestbook # namespace: argocd @@ -875,8 +1107,9 @@ server: # - name: url # value: https://argoproj.github.io/ - ## Projects - ## reference: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ + # -- Deploy ArgoCD Projects within this helm release + # @default -- `[]` (See [values.yaml]) + ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/ additionalProjects: [] # - name: guestbook # namespace: argocd @@ -918,11 +1151,13 @@ server: ## Enable Admin ClusterRole resources. ## Enable if you would like to grant rights to ArgoCD to deploy to the local Kubernetes cluster. clusterAdminAccess: + # -- Enable RBAC for local cluster deployments enabled: true - ## Enable BackendConfig custom resource for Google Kubernetes Engine GKEbackendConfig: + # -- Enable BackendConfig custom resource for Google Kubernetes Engine enabled: false + # -- [BackendConfigSpec] spec: {} # spec: # iap: @@ -930,9 +1165,9 @@ server: # oauthclientCredentials: # secretName: argocd-secret - extraContainers: [] - ## Additional containers to be added to the controller pod. + # -- Additional containers to be added to the server pod ## See https://github.com/lemonldap-ng-controller/lemonldap-ng-controller as example. + extraContainers: [] # - name: my-sidecar # image: nginx:latest # - name: lemonldap-ng-controller @@ -956,94 +1191,119 @@ server: ## Repo Server repoServer: + # -- Repo server name name: repo-server + # -- The number of repo server pods to run replicas: 1 autoscaling: + # -- Enable Horizontal Pod Autoscaler ([HPA]) for the repo server enabled: false + # -- Minimum number of replicas for the repo server [HPA] minReplicas: 1 + # -- Maximum number of replicas for the repo server [HPA] maxReplicas: 5 + # -- Average CPU utilization percentage for the repo server [HPA] targetCPUUtilizationPercentage: 50 + # -- Average memory utilization percentage for the repo server [HPA] targetMemoryUtilizationPercentage: 50 image: - repository: # defaults to global.image.repository - tag: # defaults to global.image.tag - imagePullPolicy: # IfNotPresent + # -- Repository to use for the repo server + # @default -- `""` (defaults to global.image.repository) + repository: "" # defaults to global.image.repository + # -- Tag to use for the repo server + # @default -- `""` (defaults to global.image.tag) + tag: "" # defaults to global.image.tag + # -- Image pull policy for the repo server + # @default -- `""` (defaults to global.image.imagePullPolicy) + imagePullPolicy: "" # IfNotPresent - ## Additional command line arguments to pass to argocd-repo-server - ## + # -- Additional command line arguments to pass to repo server extraArgs: [] - ## Environment variables to pass to argocd-repo-server - ## + # -- Environment variables to pass to repo server env: [] - ## envFrom to pass to argocd-repo-server - ## + # -- envFrom to pass to repo server + # @default -- `[]` (See [values.yaml]) envFrom: [] # - configMapRef: # name: config-map-name # - secretRef: # name: secret-name - ## Argo repoServer log format: text|json + # -- Repo server log format: Either `text` or `json` logFormat: text - ## Argo repoServer log level + # -- Repo server log level logLevel: info - ## Annotations to be added to repo server pods - ## + # -- Annotations to be added to repo server pods podAnnotations: {} - ## Labels to be added to repo server pods - ## + # -- Labels to be added to repo server pods podLabels: {} - ## Configures the repo server port + # -- Configures the repo server port containerPort: 8081 ## Readiness and liveness probes for default backend ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ ## readinessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed successThreshold: 1 + # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 livenessProbe: + # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded failureThreshold: 3 + # -- Number of seconds after the container has started before [probe] is initiated initialDelaySeconds: 10 + # -- How often (in seconds) to perform the [probe] periodSeconds: 10 + # -- Minimum consecutive successes for the [probe] to be considered successful after having failed successThreshold: 1 + # -- Number of seconds after which the [probe] times out timeoutSeconds: 1 - ## Additional volumeMounts to the repo server main container. + # -- Additional volumeMounts to the repo server main container volumeMounts: [] - ## Additional volumes to the repo server pod. + # -- Additional volumes to the repo server pod volumes: [] + ## Use init containers to configure custom tooling + ## https://argoproj.github.io/argo-cd/operator-manual/custom_tools/ + ## When using the volumes & volumeMounts section bellow, please comment out those above. + # - name: custom-tools + # emptyDir: {} - ## Node selectors and tolerations for server scheduling to nodes with taints - ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - ## + # -- [Node selector] nodeSelector: {} + # -- [Tolerations] for use with node taints tolerations: [] + # -- Assign custom [affinity] rules to the deployment affinity: {} - # Pod Topology Spread Constraints - # Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - # If labelSelector is left out, it will default to the labelSelector configuration of the deployment + # -- Assign custom [TopologySpreadConstraints] rules to the repo server + ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ + ## If labelSelector is left out, it will default to the labelSelector configuration of the deployment topologySpreadConstraints: [] # - maxSkew: 1 # topologyKey: topology.kubernetes.io/zone # whenUnsatisfiable: DoNotSchedule + # -- Priority class for the repo server priorityClassName: "" - ## Labels to set container specific security contexts + # -- Repo server container-level security context containerSecurityContext: {} # capabilities: @@ -1051,6 +1311,7 @@ repoServer: # - all # readOnlyRootFilesystem: true + # -- Resource limits and requests for the repo server pods resources: {} # limits: # cpu: 50m @@ -1061,54 +1322,75 @@ repoServer: ## Repo server service configuration service: + # -- Repo server service annotations annotations: {} + # -- Repo server service labels labels: {} + # -- Repo server service port port: 8081 + # -- Repo server service port name portName: https-repo-server ## Repo server metrics service configuration metrics: + # -- Deploy metrics service enabled: false service: + # -- Metrics service annotations annotations: {} + # -- Metrics service labels labels: {} + # -- Metrics service port servicePort: 8084 serviceMonitor: + # -- Enable a prometheus ServiceMonitor enabled: false + # -- Prometheus ServiceMonitor interval interval: 30s + # -- Prometheus [RelabelConfigs] to apply to samples before scraping relabelings: [] + # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion metricRelabelings: [] - # selector: - # prometheus: kube-prometheus - # namespace: monitoring - # additionalLabels: {} + # -- Prometheus ServiceMonitor selector + selector: {} + # prometheus: kube-prometheus + + # -- Prometheus ServiceMonitor namespace + namespace: "" # "monitoring" + # -- Prometheus ServiceMonitor labels + additionalLabels: {} ## Enable Admin ClusterRole resources. - ## Enable if you would like to grant cluster rights to ArgoCD repo-server. + ## Enable if you would like to grant cluster rights to ArgoCD repo server. clusterAdminAccess: + # -- Enable RBAC for local cluster deployments enabled: false ## Enable Custom Rules for the Repo server's Cluster Role resource ## Enable this and set the rules: to whatever custom rules you want for the Cluster Role resource. ## Defaults to off clusterRoleRules: + # -- Enable custom rules for the Repo server's Cluster Role resource enabled: false + # -- List of custom rules for the Repo server's Cluster Role resource rules: [] ## Repo server service account ## If create is set to true, make sure to uncomment the name and update the rbac section below serviceAccount: + # -- Create repo server service account create: false - # name: argocd-repo-server - ## Annotations applied to created service account + # -- Repo server service account name + name: "" # "argocd-repo-server" + # -- Annotations applied to created service account annotations: {} - ## Automount API credentials for the Service Account + # -- Automount API credentials for the Service Account automountServiceAccountToken: true - ## Additional containers to be added to the repo server pod. + # -- Additional containers to be added to the repo server pod extraContainers: [] - ## Repo server rbac rules - # rbac: + # -- Repo server rbac rules + rbac: [] # - apiGroups: # - argoproj.io # resources: @@ -1118,14 +1400,8 @@ repoServer: # - list # - watch - ## Use init containers to configure custom tooling - ## https://argoproj.github.io/argo-cd/operator-manual/custom_tools/ - ## When using the volumes & volumeMounts section bellow, please comment out those above. - # volumes: - # - name: custom-tools - # emptyDir: {} - # - # initContainers: + # -- Init containers to add to the repo server pods + initContainers: [] # - name: download-tools # image: alpine:3.8 # command: [sh, -c] @@ -1142,8 +1418,9 @@ repoServer: ## Argo Configs configs: - ## External Cluster Credentials - ## reference: + # -- Provide one or multiple [external cluster credentials] + # @default -- `[]` (See [values.yaml]) + ## Ref: ## - https://argoproj.github.io/argo-cd/operator-manual/declarative-setup/#clusters ## - https://argoproj.github.io/argo-cd/operator-manual/security/#external-cluster-credentials clusterCredentials: [] @@ -1167,7 +1444,10 @@ configs: # insecure: false # caData: "" + # -- GnuPG key ring annotations gpgKeysAnnotations: {} + # -- [GnuPG](https://argoproj.github.io/argo-cd/user-guide/gpg-verification/) keys to add to the key ring + # @default -- `{}` (See [values.yaml]) gpgKeys: {} # 4AEE18F83AFDEB23: | # -----BEGIN PGP PUBLIC KEY BLOCK----- @@ -1188,9 +1468,12 @@ configs: # =Bvzs # -----END PGP PUBLIC KEY BLOCK----- + # -- Known Hosts configmap annotations knownHostsAnnotations: {} knownHosts: data: + # -- Known Hosts + # @default -- See [values.yaml] ssh_known_hosts: | bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAubiN81eDcafrgMeLzaFPsw2kNvEcqTKl/VqLat/MaB33pZy0y3rJZtnqwR2qOOvbwKZYKiEO1O6VqNEBxKvJJelCq0dTXWT5pbO2gDXC6h6QDXCaHo6pOHGPUy+YBaGQRGuSusMEASYiWunYN0vCAI8QaXnWMXNMdFP3jHAJH0eDsoiGnLPBlBp4TNm6rYI74nMzgz3B9IikW4WVK+dc8KZJZWYjAuORU3jc1c/NPskD2ASinf8v3xnfXeukU0sJ5N6m5E8VLjObPEO+mN2t/FZTMZLiFqPWc/ALSqnMnnhwrNi2rbfg/rd/IpL8Le3pSBne8+seeFVBoGqzHM9yXw== github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== @@ -1199,7 +1482,10 @@ configs: gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H + # -- TLS certificate configmap annotations tlsCertsAnnotations: {} + # -- TLS certificate + # @default -- See [values.yaml] tlsCerts: {} # data: @@ -1238,11 +1524,12 @@ configs: # +LB9LGh4OAp68ImTjqf6ioGKG0RBSznwME+r4nXtT1S/qLR6ASWUS4ViWRhbRlNK # XWyb96wrUlv+E8I= # -----END CERTIFICATE----- -## # Creates a secret with optional repository credentials -## DEPRECATED: Instead, use configs.credentialTemplates and/or configs.repositories + + # -- *DEPRECATED:* Instead, use `configs.credentialTemplates` and/or `configs.repositories` repositoryCredentials: {} -## Creates a secret for each key/value specified below to create repository credentials + # -- Repository credentials to be used as Templates for other repos + ## Creates a secret for each key/value specified below to create repository credentials credentialTemplates: {} # github-enterprise-creds-1: # url: https://github.com/argoproj @@ -1264,8 +1551,9 @@ configs: # ... # -----END OPENSSH PRIVATE KEY----- -## Creates a secret for each key/value specified below to create repositories -## Note: the last example in the list would use a repository credential template, configured under "configs.repositoryCredentials". + # -- Repositories list to be used by applications + ## Creates a secret for each key/value specified below to create repositories + ## Note: the last example in the list would use a repository credential template, configured under "configs.repositoryCredentials". repositories: {} # istio-helm-repo: # url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts @@ -1281,26 +1569,31 @@ configs: # url: https://github.com/argoproj/private-repo secret: + # -- Create the argocd-secret createSecret: true - ## Annotations to be added to argocd-secret - ## + # -- Annotations to be added to argocd-secret annotations: {} - # Webhook Configs + # -- Shared secret for authenticating GitHub webhook events githubSecret: "" + # -- Shared secret for authenticating GitLab webhook events gitlabSecret: "" + # -- Shared secret for authenticating BitbucketServer webhook events bitbucketServerSecret: "" + # -- UUID for authenticating Bitbucket webhook events bitbucketUUID: "" + # -- Shared secret for authenticating Gogs webhook events gogsSecret: "" - # Custom secrets. Useful for injecting SSO secrets into environment variables. - # Ref: https://argoproj.github.io/argo-cd/operator-manual/sso/ - # Note that all values must be non-empty. + # -- add additional secrets to be added to argocd-secret + ## Custom secrets. Useful for injecting SSO secrets into environment variables. + ## Ref: https://argoproj.github.io/argo-cd/operator-manual/sso/ + ## Note that all values must be non-empty. extra: {} # LDAP_PASSWORD: "mypassword" - # Argo TLS Data. + # -- Argo TLS Data argocdServerTlsConfig: {} # key: @@ -1312,18 +1605,24 @@ configs: # # -----END CERTIFICATE----- - # Argo expects the password in the secret to be bcrypt hashed. You can create this hash with - # `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` - # argocdServerAdminPassword: "" - # Password modification time defaults to current time if not set - # argocdServerAdminPasswordMtime: "2006-01-02T15:04:05Z" + # -- Bcrypt hashed admin password + ## Argo expects the password in the secret to be bcrypt hashed. You can create this hash with + ## `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/'` + argocdServerAdminPassword: "" + # -- Admin password modification time. Eg. `"2006-01-02T15:04:05Z"` + # @default -- `""` (defaults to current time) + argocdServerAdminPasswordMtime: "" - ## Custom CSS Styles - ## Reference: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ + # -- Define custom [CSS styles] for your argo instance. + # This setting will automatically mount the provided CSS and reference it in the argo configuration. + # @default -- `""` (See [values.yaml]) + ## Ref: https://argo-cd.readthedocs.io/en/stable/operator-manual/custom-styles/ + styles: "" # styles: | # .nav-bar { # background: linear-gradient(to bottom, #999, #777, #333, #222, #111); # } openshift: + # -- enables using arbitrary uid for argo repo server enabled: false