argo-helm/charts/argocd-image-updater/values.yaml

# -- Replica count for the deployment. It is not advised to run more than one replica.
replicaCount: 1
image:
  # -- Default image repository
  repository: quay.io/argoprojlabs/argocd-image-updater
  # -- Default image pull policy
  pullPolicy: Always
  # -- Overrides the image tag whose default is the chart appVersion
  tag: ""

# -- The deployment strategy to use to replace existing pods with new ones
updateStrategy:
  type: Recreate
# -- ImagePullSecrets for the image updater deployment
imagePullSecrets: []
# -- Global name (argocd-image-updater.name in _helpers.tpl) override
nameOverride: ""
# -- Global fullname (argocd-image-updater.fullname in _helpers.tpl) override
fullnameOverride: ""

# -- Extra arguments for argocd-image-updater not defined in `config.argocd`.
# If a flag contains both key and value, they need to be split to a new entry
extraArgs: []
  # - --disable-kubernetes
  # - --dry-run
  # - --health-port
  # - 8080
  # - --interval
  # - 2m
  # - --kubeconfig
  # - ~/.kube/config
  # - --match-application-name
  # - staging-*
  # - --max-concurrency
  # - 5
  # - --once
  # - --registries-conf-path
  # - /app/config/registries.conf

# -- Extra environment variables for argocd-image-updater
extraEnv: []
  # - name: AWS_REGION
  #   value: "us-west-1"

config:
  # -- API kind that is used to manage Argo CD applications (`kubernetes` or `argocd`)
  applicationsAPIKind: ""

  # Described in detail here https://argocd-image-updater.readthedocs.io/en/stable/install/running/#flags
  argocd:
    # -- Use the gRPC-web protocol to connect to the Argo CD API
    grpcWeb: true
    # -- Connect to the Argo CD API server at server address
    serverAddress: ""
    # -- If specified, the certificate of the Argo CD API server is not verified.
    insecure: false
    # -- If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS.
    plaintext: false
    # -- If specified, the secret with ArgoCD API key will be created.
    token: ""

  # -- Disable kubernetes events
  disableKubeEvents: false

  # -- Username to use for Git commits
  gitCommitUser: ""

  # -- E-Mail address to use for Git commits
  gitCommitMail: ""

  # -- Changing the Git commit message
  gitCommitTemplate: ""

  # -- ArgoCD Image Update log level
  logLevel: "info"

  # -- ArgoCD Image Updater registries list configuration. More information [here](https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/)
  registries: []
    # - name: Docker Hub
    #   api_url: https://registry-1.docker.io
    #   ping: yes
    #   credentials: secret:foo/bar#creds
    #   defaultns: library
    # - name: Google Container Registry
    #   api_url: https://gcr.io
    #   prefix: gcr.io
    #   ping: no
    #   credentials: pullsecret:foo/bar
    # - name: RedHat Quay
    #   api_url: https://quay.io
    #   ping: no
    #   prefix: quay.io
    #   credentials: env:REGISTRY_SECRET
    # - name: ECR
    #   api_url: https://123456789.dkr.ecr.eu-west-1.amazonaws.com
    #   prefix: 123456789.dkr.ecr.eu-west-1.amazonaws.com
    #   ping: yes
    #   insecure: no
    #   credentials: ext:/scripts/auth1.sh
    #   credsexpire: 10h

  # -- ArgoCD Image Updater ssh client parameter configuration.
  sshConfig:
    {}
    #  config: |
    #    Host *
    #          PubkeyAcceptedAlgorithms +ssh-rsa
    #          HostkeyAlgorithms +ssh-rsa

# whether to mount authentication scripts, if enabled, the authentication scripts will be mounted on /scripts that can be used to authenticate with registries (ECR)
# refer to https://argocd-image-updater.readthedocs.io/en/stable/configuration/registries/#specifying-credentials-for-accessing-container-registries for more info
authScripts:
  # -- Whether to mount the defined scripts that can be used to authenticate with a registry, the scripts will be mounted at `/scripts`
  enabled: false
  # -- Map of key-value pairs where the key consists of the name of the script and the value the contents
  scripts: {}
    # auth1.sh: |
    #   #!/bin/sh
    #   echo "auth script 1 here"
    # auth2.sh: |
    #   #!/bin/sh
    #   echo "auth script 2 here"

serviceAccount:
  # -- Specifies whether a service account should be created
  create: true
  # -- Annotations to add to the service account
  annotations: {}
  # -- The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""

# -- Pod Annotations for the deployment
podAnnotations: {}

# -- Pod security context settings for the deployment
podSecurityContext: {}
  # fsGroup: 2000

# -- Security context settings for the deployment
securityContext: {}
  # capabilities:
  #   drop:
  #   - ALL
  # readOnlyRootFilesystem: true
  # runAsNonRoot: true
  # runAsUser: 1000

rbac:
  # -- Enable RBAC creation
  enabled: true

# -- Pod memory and cpu resource settings for the deployment
resources: {}

# -- Kubernetes nodeSelector settings for the deployment
nodeSelector: {}

# -- Kubernetes toleration settings for the deployment
tolerations: []

# -- Kubernetes affinity settings for the deployment
affinity: {}

# Metrics configuration
metrics:
  # -- Deploy metrics service
  enabled: false
  service:
    # -- Metrics service annotations
    annotations: {}
    # -- Metrics service labels
    labels: {}
    # -- Metrics service port
    servicePort: 8081
  serviceMonitor:
    # -- Enable a prometheus ServiceMonitor
    enabled: false
    # -- Prometheus ServiceMonitor interval
    interval: 30s
    # -- Prometheus [RelabelConfigs] to apply to samples before scraping
    relabelings: []
    # -- Prometheus [MetricRelabelConfigs] to apply to samples before ingestion
    metricRelabelings: []
    # -- Prometheus ServiceMonitor selector
    selector: {}
      # promtheus: kube-prometheus

    # -- Prometheus ServiceMonitor namespace
    namespace: ""
    # -- Prometheus ServiceMonitor labels
    additionalLabels: {}