Bitnami package for Argo CD
Argo CD is a continuous delivery tool for Kubernetes based on GitOps.
Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
TL;DR
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/argo-cd
Note: You need to substitute the placeholders
REGISTRY_NAMEandREPOSITORY_NAMEwith a reference to your Helm chart registry and repository.
Introduction
This chart bootstraps an Argo CD deployment on a Kubernetes cluster using the Helm package manager.
Bitnami charts can be used with Kubeapps for deployment and management of Helm Charts in clusters.
Prerequisites
- Kubernetes 1.23+
- Helm 3.8.0+
- PV provisioner support in the underlying infrastructure
- ReadWriteMany volumes for deployment scaling
Installing the Chart
To install the chart with the release name my-release:
helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/argo-cd
Note: You need to substitute the placeholders
REGISTRY_NAMEandREPOSITORY_NAMEwith a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to useREGISTRY_NAME=registry-1.docker.ioandREPOSITORY_NAME=bitnamicharts.
The command deploys argo-cd on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.
Tip: List all releases using
helm list
Configuration and installation details
Resource requests and limits
Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the resources value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
To make this process easier, the chart contains the resourcesPreset values, which automatically sets the resources section according to different presets. Check these presets in the bitnami/common chart. However, in production workloads using resourcePreset is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the official Kubernetes documentation.
Rolling VS Immutable tags
It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
Ingress
This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as nginx-ingress-controller or contour you can utilize the ingress controller to serve your application.To enable Ingress integration, set server.ingress.enabled to true for the http ingress or server.grpcIngress.enabled to true for the gRPC ingress.
The most common scenario is to have one host name mapped to the deployment. In this case, the xxx.ingress.hostname property can be used to set the host name. The xxx.ingress.tls parameter can be used to add the TLS configuration for this host.
However, it is also possible to have more than one host. To facilitate this, the xxx.ingress.extraHosts parameter (if available) can be set with the host names specified as an array. The xxx.ingress.extraTLS parameter (if available) can also be used to add the TLS configuration for extra hosts.
NOTE: For each host specified in the
xxx.ingress.extraHostsparameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but this annotation reference document lists the annotations supported by many popular Ingress controllers.
Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists.
Learn more about Ingress controllers.
TLS secrets
This chart facilitates the creation of TLS secrets for use with the Ingress controller (although this is not mandatory). Apart from the Ingress TLS certificates, Argo CD repo server will auto-generate a secret named argocd-repo-server-tls. This secret contains the TLS configuration for the Argo CD components. The secret will be created only if it does not exist, so if you want to add custom TLS configuration you can create a secret with that name before installing the chart. There are several common use cases for the TLS secrets generation:
- Generate certificate secrets based on chart parameters.
- Enable externally generated certificates.
- Manage application certificates via an external service (like cert-manager).
- Create self-signed certificates within the chart (if supported).
In the first two cases, a certificate and a key are needed. Files are expected in .pem format.
Here is an example of a certificate file:
NOTE: There may be more than one certificate if there is a certificate chain.
-----BEGIN CERTIFICATE-----
MIID6TCCAtGgAwIBAgIJAIaCwivkeB5EMA0GCSqGSIb3DQEBCwUAMFYxCzAJBgNV
...
jScrvkiBO65F46KioCL9h5tDvomdU1aqpI/CBzhvZn1c0ZTf87tGQR8NK7v7
-----END CERTIFICATE-----
Here is an example of a certificate key:
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAvLYcyu8f3skuRyUgeeNpeDvYBCDcgq+LsWap6zbX5f8oLqp4
...
wrj2wDbCDCFmfqnSJ+dKI3vFLlEz44sAV8jX/kd4Y6ZTQhlLbYc=
-----END RSA PRIVATE KEY-----
- If using Helm to manage the certificates based on the parameters, copy these values into the
certificateandkeyvalues for a given*.ingress.secretsentry. - If managing TLS secrets separately, it is necessary to create a TLS secret with name
INGRESS_HOSTNAME-tls(where INGRESS_HOSTNAME is a placeholder to be replaced with the hostname you set using the*.ingress.hostnameparameter). - If your cluster has a cert-manager add-on to automate the management and issuance of TLS certificates, add to
*.ingress.annotationsthe corresponding ones for cert-manager. - If using self-signed certificates created by Helm, set both
*.ingress.tlsand*.ingress.selfSignedtotrue.
Default config maps and secrets
The chart has hardcoded names for some ConfigMaps and Secrets like argocd-ssh-known-hosts-cm, argocd-repo-server-tls or argocd-ssh-known-hosts-cm. Argo CD will search for those specific names when the chart installed, so installing the chart twice in the same namespaces is not possible due to this restriction. For more information about each configmap or secret check the references at the corresponding YAML files.
Using SSO
In order to use SSO you need to enable Dex by setting dex.enabled=true. You can follow this guide to configure your Argo CD deployment into your identity provider. After that, you need to configure Argo CD like described here. You can set the Dex configuration at server.config.dex\.config that will populate the argocd-cm config map.
NOTE:
dex.configis the key of the object. IF you are using the Helm CLI to set the parameter you need to scape the.like--set server.config.dex\.config. IMPORTANT: if you enable Dex without configuring it you will get an error similar tomsg="dex is not configured", and the Dex pod will never reach the running state.
Installing a Config Management Plugin
In order to install a Config Management Plugin as described in the official documentation, it’s recommended to run a sidecar container & mount the plugin configuration from a ConfigMap. You can achieve so by using repoServer.extraVolumes, repoServer.sidecars and extraDeploy parameters as shown in the example below:
repoServer:
extraVolumes:
- name: plugin-config
configMap:
name: my-plugin-config
- name: plugins
emptyDir: {}
- name: plugin-tmp
emptyDir: {}
- name: var-files
emptyDir: {}
sidecars:
- name: plugin-sidecar
command: [argocd-cmp-server, --config-dir-path, /app/config]
image: "{{ include \"argocd.image\" . }}"
env:
- name: ARGOCD_PLUGINSOCKFILEPATH
value: /app/plugins
securityContext:
runAsNonRoot: true
runAsUser: 1001
volumeMounts:
- mountPath: /app/plugins
name: plugins
- mountPath: /tmp
name: plugin-tmp
- mountPath: /var/run/argocd
name: var-files
# Insert plugin configuration
- mountPath: /app/config/plugin.yaml
subPath: plugin.yaml
name: plugin-config
extraDeploy:
- apiVersion: v1
kind: ConfigMap
metadata:
name: my-plugin-config
data:
plugin.yaml: |
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: my-plugin
spec:
version: v1.0
(...)
Allowing multi namespace tendancy
In case you would like to allow applications / application sets in multiple namespaces, you can use the following to configure Argo-CD.
Upstream docs:
- Reconfigure Argo CD to allow certain namespaces for apps
- Reconfigure Argo CD to allow certain namespaces for appset
controller:
# Default is true
clusterAdminAccess: true
extraArgs:
# Refer to documentation to allow specific namespaces:
# https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#change-workload-startup-parameters
- --application-namespaces=*
# Refer to documentation if you are enabling notifications
# https://argo-cd.readthedocs.io/en/stable/operator-manual/notifications/#namespace-based-configuration
- --self-service-notification-enabled
server:
# Default is true
clusterAdminAccess: true
# Refer to recommended documentation for config:
# https://argo-cd.readthedocs.io/en/stable/operator-manual/app-any-namespace/#switch-resource-tracking-method
config:
application.resourceTrackingMethod: annotation
repoServer:
# Default is false
clusterAdminAccess: true
notifications:
# Enable if you would like notifications to be used, default false
enabled: true
# Default is false
clusterAdminAccess: true
applicationSet:
# Enable if you would like applicationSets to be used, default false
enabled: true
# Default is false
clusterAdminAccess: true
# Refer to documentation for SCM providers:
# https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/#scm-providers-secrets-consideration
extraEnv:
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
value: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS
value: https://git.mydomain.com/,https://gitlab.mydomain.com/
# Refer to documentation to allow specific namespaces:
# https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Appset-Any-Namespace/#change-workload-startup-parameters
extraArgs:
- --applicationset-namespaces=*
Additional environment variables
In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the extraEnvVars property.
argo-cd:
extraEnvVars:
- name: LOG_LEVEL
value: error
Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the extraEnvVarsCM or the extraEnvVarsSecret values.
Sidecars
If additional containers are needed in the same pod as Argo-CD (such as additional metrics or logging exporters), they can be defined using the sidecars parameter.
sidecars:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
If these sidecars export extra ports, extra port definitions can be added using the service.extraPorts parameter (where available), as shown in the example below:
service:
extraPorts:
- name: extraPort
port: 11311
targetPort: 11311
NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the
--enable-metrics=trueparameter at deployment time. Thesidecarsparameter should therefore only be used for any extra sidecar containers.
If additional init containers are needed in the same pod, they can be defined using the initContainers parameter. Here is an example:
initContainers:
- name: your-image-name
image: your-image
imagePullPolicy: Always
ports:
- name: portname
containerPort: 1234
Learn more about sidecar containers and init containers.
Pod affinity
This chart allows you to set your custom affinity using the affinity parameter. Find more information about Pod affinity in the kubernetes documentation.
As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the bitnami/common chart. To do so, set the podAffinityPreset, podAntiAffinityPreset, or nodeAffinityPreset parameters.
Parameters
Global parameters
| Name | Description | Value |
|---|---|---|
global.imageRegistry |
Global Docker image registry | "" |
global.imagePullSecrets |
Global Docker registry secret names as an array | [] |
global.storageClass |
Global StorageClass for Persistent Volume(s) | "" |
global.compatibility.openshift.adaptSecurityContext |
Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | auto |
Common parameters
| Name | Description | Value |
|---|---|---|
kubeVersion |
Override Kubernetes version | "" |
nameOverride |
String to partially override common.names.fullname | "" |
fullnameOverride |
String to fully override common.names.fullname | "" |
commonLabels |
Labels to add to all deployed objects | {} |
commonAnnotations |
Annotations to add to all deployed objects | {} |
clusterDomain |
Kubernetes cluster domain name | cluster.local |
extraDeploy |
Array of extra objects to deploy with the release | [] |
Argo CD image parameters
| Name | Description | Value |
|---|---|---|
image.registry |
Argo CD image registry | REGISTRY_NAME |
image.repository |
Argo CD image repository | REPOSITORY_NAME/argo-cd |
image.digest |
Argo CD image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag | "" |
image.pullPolicy |
Argo CD image pull policy | IfNotPresent |
image.pullSecrets |
Argo CD image pull secrets | [] |
image.debug |
Enable Argo CD image debug mode | false |
Argo CD application controller parameters
| Name | Description | Value |
|---|---|---|
controller.replicaCount |
Number of Argo CD replicas to deploy | 1 |
controller.startupProbe.enabled |
Enable startupProbe on Argo CD nodes | false |
controller.startupProbe.initialDelaySeconds |
Initial delay seconds for startupProbe | 10 |
controller.startupProbe.periodSeconds |
Period seconds for startupProbe | 10 |
controller.startupProbe.timeoutSeconds |
Timeout seconds for startupProbe | 1 |
controller.startupProbe.failureThreshold |
Failure threshold for startupProbe | 3 |
controller.startupProbe.successThreshold |
Success threshold for startupProbe | 1 |
controller.livenessProbe.enabled |
Enable livenessProbe on Argo CD nodes | true |
controller.livenessProbe.initialDelaySeconds |
Initial delay seconds for livenessProbe | 10 |
controller.livenessProbe.periodSeconds |
Period seconds for livenessProbe | 10 |
controller.livenessProbe.timeoutSeconds |
Timeout seconds for livenessProbe | 1 |
controller.livenessProbe.failureThreshold |
Failure threshold for livenessProbe | 3 |
controller.livenessProbe.successThreshold |
Success threshold for livenessProbe | 1 |
controller.readinessProbe.enabled |
Enable readinessProbe on Argo CD nodes | true |
controller.readinessProbe.initialDelaySeconds |
Initial delay seconds for readinessProbe | 10 |
controller.readinessProbe.periodSeconds |
Period seconds for readinessProbe | 10 |
controller.readinessProbe.timeoutSeconds |
Timeout seconds for readinessProbe | 1 |
controller.readinessProbe.failureThreshold |
Failure threshold for readinessProbe | 3 |
controller.readinessProbe.successThreshold |
Success threshold for readinessProbe | 1 |
controller.customStartupProbe |
Custom startupProbe that overrides the default one | {} |
controller.customLivenessProbe |
Custom livenessProbe that overrides the default one | {} |
controller.customReadinessProbe |
Custom readinessProbe that overrides the default one | {} |
controller.resourcesPreset |
Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if controller.resources is set (controller.resources is recommended for production). | micro |
controller.resources |
Set container requests and limits for different resources like CPU or memory (essential for production workloads) | {} |
controller.podSecurityContext.enabled |
Enabled Argo CD pods’ Security Context | true |
controller.podSecurityContext.fsGroupChangePolicy |
Set filesystem group change policy | Always |
controller.podSecurityContext.sysctls |
Set kernel settings using the sysctl interface | [] |
controller.podSecurityContext.supplementalGroups |
Set filesystem extra groups | [] |
controller.podSecurityContext.fsGroup |
Set Argo CD pod’s Security Context fsGroup | 1001 |
controller.containerSecurityContext.enabled |
Enabled Argo CD containers’ Security Context | true |
controller.containerSecurityContext.seLinuxOptions |
Set SELinux options in container | {} |
controller.containerSecurityContext.runAsUser |
Set Argo CD containers’ Security Context runAsUser | 1001 |
controller.containerSecurityContext.runAsGroup |
Set Argo CD containers’ Security Context runAsGroup | 1001 |
controller.containerSecurityContext.allowPrivilegeEscalation |
Set Argo CD containers’ Security Context allowPrivilegeEscalation | false |
controller.containerSecurityContext.capabilities.drop |
Set Argo CD containers’ Security Context capabilities to be dropped | ["ALL"] |
controller.containerSecurityContext.readOnlyRootFilesystem |
Set Argo CD containers’ Security Context readOnlyRootFilesystem | true |
controller.containerSecurityContext.runAsNonRoot |
Set Argo CD container’s Security Context runAsNonRoot | true |
controller.containerSecurityContext.privileged |
Set controller container’s Security Context privileged | false |
controller.containerSecurityContext.seccompProfile.type |
Set container’s Security Context seccomp profile | RuntimeDefault |
controller.serviceAccount.create |
Specifies whether a ServiceAccount should be created | true |
controller.serviceAccount.name |
The name of the ServiceAccount to use. | "" |
controller.serviceAccount.automountServiceAccountToken |
Automount service account token for the application controller service account | false |
controller.serviceAccount.annotations |
Annotations for service account. Evaluated as a template. Only used if create is true. |
{} |
controller.clusterAdminAccess |
Enable K8s cluster admin access for the application controller | true |
controller.clusterRoleRules |
Use custom rules for the application controller’s cluster role | [] |
controller.logFormat |
Format for the Argo CD application controller logs. Options: [text, json] | text |
controller.logLevel |
Log level for the Argo CD application controller | info |
controller.containerPorts.metrics |
Argo CD application controller metrics port number | 8082 |
controller.service.type |
Argo CD service type | ClusterIP |
controller.service.ports.metrics |
Argo CD application controller service port | 8082 |
controller.service.nodePorts.metrics |
Node port for Argo CD application controller service | "" |
controller.service.clusterIP |
Argo CD application controller service Cluster IP | "" |
controller.service.loadBalancerIP |
Argo CD application controller service Load Balancer IP | "" |
controller.service.loadBalancerSourceRanges |
Argo CD application controller service Load Balancer sources | [] |
controller.service.externalTrafficPolicy |
Argo CD application controller service external traffic policy | Cluster |
controller.service.annotations |
Additional custom annotations for Argo CD application controller service | {} |
controller.service.extraPorts |
Extra ports to expose (normally used with the sidecar value) |
[] |
controller.service.sessionAffinity |
Session Affinity for Kubernetes service, can be “None” or “ClientIP” | None |
controller.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
controller.networkPolicy.enabled |
Specifies whether a NetworkPolicy should be created | true |
controller.networkPolicy.allowExternal |
Don’t require server label for connections | true |
controller.networkPolicy.allowExternalEgress |
Allow the pod to access any range of port and all destinations. | true |
controller.networkPolicy.kubeAPIServerPorts |
List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | [] |
controller.networkPolicy.extraIngress |
Add extra ingress rules to the NetworkPolicy | [] |
controller.networkPolicy.extraEgress |
Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | [] |
controller.networkPolicy.ingressNSMatchLabels |
Labels to match to allow traffic from other namespaces | {} |
controller.networkPolicy.ingressNSPodMatchLabels |
Pod labels to match to allow traffic from other namespaces | {} |
controller.metrics.enabled |
Enable Argo CD application controller metrics | false |
controller.metrics.service.type |
Argo CD application controller service type | ClusterIP |
controller.metrics.service.ports.metrics |
Argo CD application controller metrics service port | 8082 |
controller.metrics.service.nodePorts.metrics |
Node port for the application controller service | "" |
controller.metrics.service.clusterIP |
Argo CD application controller metrics service Cluster IP | "" |
controller.metrics.service.loadBalancerIP |
Argo CD application controller service Load Balancer IP | "" |
controller.metrics.service.loadBalancerSourceRanges |
Argo CD application controller service Load Balancer sources | [] |
controller.metrics.service.externalTrafficPolicy |
Argo CD application controller service external traffic policy | Cluster |
controller.metrics.service.annotations |
Additional custom annotations for Argo CD application controller service | {} |
controller.metrics.service.sessionAffinity |
Session Affinity for Kubernetes service, can be “None” or “ClientIP” | None |
controller.metrics.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
controller.metrics.serviceMonitor.enabled |
Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | false |
controller.metrics.serviceMonitor.namespace |
Namespace which Prometheus is running in | "" |
controller.metrics.serviceMonitor.jobLabel |
The name of the label on the target service to use as the job name in prometheus. | "" |
controller.metrics.serviceMonitor.interval |
Interval at which metrics should be scraped | 30s |
controller.metrics.serviceMonitor.scrapeTimeout |
Timeout after which the scrape is ended | 10s |
controller.metrics.serviceMonitor.relabelings |
RelabelConfigs to apply to samples before scraping | [] |
controller.metrics.serviceMonitor.metricRelabelings |
MetricRelabelConfigs to apply to samples before ingestion | [] |
controller.metrics.serviceMonitor.selector |
ServiceMonitor selector labels | {} |
controller.metrics.serviceMonitor.honorLabels |
honorLabels chooses the metric’s labels on collisions with target labels | false |
controller.metrics.rules.enabled |
Enable render extra rules for PrometheusRule object | false |
controller.metrics.rules.spec |
Rules to render into the PrometheusRule object | [] |
controller.metrics.rules.selector |
Selector for the PrometheusRule object | {} |
controller.metrics.rules.namespace |
Namespace where to create the PrometheusRule object | monitoring |
controller.metrics.rules.additionalLabels |
Additional lables to add to the PrometheusRule object | {} |
controller.command |
Override default container command (useful when using custom images) | [] |
controller.defaultArgs.statusProcessors |
Default status processors for Argo CD controller | 20 |
controller.defaultArgs.operationProcessors |
Default operation processors for Argo CD controller | 10 |
controller.defaultArgs.appResyncPeriod |
Default application resync period for Argo CD controller | 180 |
controller.defaultArgs.selfHealTimeout |
Default self heal timeout for Argo CD controller | 5 |
controller.args |
Override default container args (useful when using custom images). Overrides the defaultArgs. | [] |
controller.extraArgs |
Add extra arguments to the default arguments for the Argo CD controller | [] |
controller.automountServiceAccountToken |
Mount Service Account token in pod | true |
controller.hostAliases |
Argo CD pods host aliases | [] |
controller.podLabels |
Extra labels for Argo CD pods | {} |
controller.podAnnotations |
Annotations for Argo CD pods | {} |
controller.podAffinityPreset |
Pod affinity preset. Ignored if controller.affinity is set. Allowed values: soft or hard |
"" |
controller.podAntiAffinityPreset |
Pod anti-affinity preset. Ignored if controller.affinity is set. Allowed values: soft or hard |
soft |
controller.nodeAffinityPreset.type |
Node affinity preset type. Ignored if controller.affinity is set. Allowed values: soft or hard |
"" |
controller.nodeAffinityPreset.key |
Node label key to match. Ignored if controller.affinity is set |
"" |
controller.nodeAffinityPreset.values |
Node label values to match. Ignored if controller.affinity is set |
[] |
controller.affinity |
Affinity for Argo CD pods assignment | {} |
controller.nodeSelector |
Node labels for Argo CD pods assignment | {} |
controller.tolerations |
Tolerations for Argo CD pods assignment | [] |
controller.schedulerName |
Name of the k8s scheduler (other than default) | "" |
controller.shareProcessNamespace |
Enable shared process namespace in a pod. | false |
controller.topologySpreadConstraints |
Topology Spread Constraints for pod assignment | [] |
controller.updateStrategy.type |
Argo CD statefulset strategy type | RollingUpdate |
controller.priorityClassName |
Argo CD pods’ priorityClassName | "" |
controller.runtimeClassName |
Name of the runtime class to be used by pod(s) | "" |
controller.lifecycleHooks |
for the Argo CD container(s) to automate configuration before or after startup | {} |
controller.extraEnvVars |
Array with extra environment variables to add to Argo CD nodes | [] |
controller.extraEnvVarsCM |
Name of existing ConfigMap containing extra env vars for Argo CD nodes | "" |
controller.extraEnvVarsSecret |
Name of existing Secret containing extra env vars for Argo CD nodes | "" |
controller.extraVolumes |
Optionally specify extra list of additional volumes for the Argo CD pod(s) | [] |
controller.extraVolumeMounts |
Optionally specify extra list of additional volumeMounts for the Argo CD container(s) | [] |
controller.sidecars |
Add additional sidecar containers to the Argo CD pod(s) | [] |
controller.initContainers |
Add additional init containers to the Argo CD pod(s) | [] |
controller.pdb.create |
Enable/disable a Pod Disruption Budget creation | true |
controller.pdb.minAvailable |
Minimum number/percentage of pods that should remain scheduled | "" |
controller.pdb.maxUnavailable |
Maximum number/percentage of pods that may be made unavailable. Defaults to 1 if both controller.pdb.minAvailable and controller.pdb.maxUnavailable are empty. |
"" |
Argo CD ApplicationSet controller parameters
| Name | Description | Value |
|---|---|---|
applicationSet.enabled |
Enable ApplicationSet controller | false |
applicationSet.replicaCount |
The number of ApplicationSet controller pods to run | 1 |
applicationSet.command |
Override default container command (useful when using custom images) | [] |
applicationSet.defaultArgs.enableLeaderElection |
Enable leader election | false |
applicationSet.defaultArgs.policy |
Default policy | sync |
applicationSet.defaultArgs.debug |
Enable debug mode | false |
applicationSet.defaultArgs.dryRun |
Enable dry-run mode | false |
applicationSet.args |
Override default container args (useful when using custom images). Overrides the defaultArgs. | [] |
applicationSet.extraArgs |
Add extra arguments to the default arguments for the Argo CD applicationSet controller | [] |
applicationSet.logFormat |
Format for the Argo CD applicationSet controller logs. Options: [text, json] | text |
applicationSet.logLevel |
Log level for the Argo CD applicationSet controller | info |
applicationSet.containerPorts.metrics |
Argo CD applicationSet controller metrics port number | 8085 |
applicationSet.containerPorts.probe |
Argo CD applicationSet controller probe port number | 8081 |
applicationSet.metrics.enabled |
Enable Argo CD applicationSet controller metrics | false |
applicationSet.metrics.service.type |
Argo CD applicationSet controller service type | ClusterIP |
applicationSet.metrics.service.ports.metrics |
Argo CD applicationSet controller metrics service port | 8085 |
applicationSet.metrics.service.nodePorts.metrics |
Node port for the applicationSet controller service | "" |
applicationSet.metrics.service.clusterIP |
Argo CD applicationSet controller metrics service Cluster IP | "" |
applicationSet.metrics.service.loadBalancerIP |
Argo CD applicationSet controller service Load Balancer IP | "" |
applicationSet.metrics.service.loadBalancerSourceRanges |
Argo CD applicationSet controller service Load Balancer sources | [] |
applicationSet.metrics.service.externalTrafficPolicy |
Argo CD applicationSet controller service external traffic policy | Cluster |
applicationSet.metrics.service.annotations |
Additional custom annotations for Argo CD applicationSet controller service | {} |
applicationSet.metrics.service.sessionAffinity |
Session Affinity for Kubernetes service, can be “None” or “ClientIP” | None |
applicationSet.metrics.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
applicationSet.metrics.serviceMonitor.enabled |
Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | false |
applicationSet.metrics.serviceMonitor.namespace |
Namespace which Prometheus is running in | "" |
applicationSet.metrics.serviceMonitor.jobLabel |
The name of the label on the target service to use as the job name in prometheus. | "" |
applicationSet.metrics.serviceMonitor.interval |
Interval at which metrics should be scraped | 30s |
applicationSet.metrics.serviceMonitor.scrapeTimeout |
Timeout after which the scrape is ended | 10s |
applicationSet.metrics.serviceMonitor.relabelings |
RelabelConfigs to apply to samples before scraping | [] |
applicationSet.metrics.serviceMonitor.metricRelabelings |
MetricRelabelConfigs to apply to samples before ingestion | [] |
applicationSet.metrics.serviceMonitor.selector |
ServiceMonitor selector labels | {} |
applicationSet.metrics.serviceMonitor.honorLabels |
honorLabels chooses the metric’s labels on collisions with target labels | false |
applicationSet.service.type |
Argo CD applicationSet controller service type | ClusterIP |
applicationSet.service.ports.webhook |
Argo CD applicationSet controller service port | 7000 |
applicationSet.service.nodePorts.webhook |
Node port for Argo CD applicationSet controller service | "" |
applicationSet.service.clusterIP |
Argo CD applicationSet controller service Cluster IP | "" |
applicationSet.service.loadBalancerIP |
Argo CD applicationSet controller service Load Balancer IP | "" |
applicationSet.service.loadBalancerSourceRanges |
Argo CD applicationSet controller service Load Balancer sources | [] |
applicationSet.service.externalTrafficPolicy |
Argo CD applicationSet controller service external traffic policy | Cluster |
applicationSet.service.annotations |
Additional custom annotations for Argo CD applicationSet controller service | {} |
applicationSet.service.extraPorts |
Extra ports to expose (normally used with the sidecar value) |
[] |
applicationSet.service.sessionAffinity |
Session Affinity for Kubernetes service, can be “None” or “ClientIP” | None |
applicationSet.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
applicationSet.networkPolicy.enabled |
Specifies whether a NetworkPolicy should be created | true |
applicationSet.networkPolicy.allowExternal |
Don’t require server label for connections | true |
applicationSet.networkPolicy.allowExternalEgress |
Allow the pod to access any range of port and all destinations. | true |
applicationSet.networkPolicy.kubeAPIServerPorts |
List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | [] |
applicationSet.networkPolicy.extraIngress |
Add extra ingress rules to the NetworkPolicy | [] |
applicationSet.networkPolicy.extraEgress |
Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | [] |
applicationSet.networkPolicy.ingressNSMatchLabels |
Labels to match to allow traffic from other namespaces | {} |
applicationSet.networkPolicy.ingressNSPodMatchLabels |
Pod labels to match to allow traffic from other namespaces | {} |
applicationSet.serviceAccount.create |
Specifies whether a ServiceAccount should be created | true |
applicationSet.serviceAccount.name |
The name of the ServiceAccount to use. | "" |
applicationSet.serviceAccount.automountServiceAccountToken |
Automount service account token for the applicationSet controller service account | false |
applicationSet.serviceAccount.annotations |
Annotations for service account. Evaluated as a template. Only used if create is true. |
{} |
applicationSet.clusterAdminAccess |
Enable K8s cluster admin access for the application controller | false |
applicationSet.clusterRoleRules |
Use custom rules for Argo CD applicationSet controller’s cluster role | [] |
applicationSet.podAffinityPreset |
Pod affinity preset. Ignored if applicationSet.affinity is set. Allowed values: soft or hard |
"" |
applicationSet.podAntiAffinityPreset |
Pod anti-affinity preset. Ignored if applicationSet.affinity is set. Allowed values: soft or hard |
soft |
applicationSet.nodeAffinityPreset.type |
Node affinity preset type. Ignored if applicationSet.affinity is set. Allowed values: soft or hard |
"" |
applicationSet.nodeAffinityPreset.key |
Node label key to match. Ignored if applicationSet.affinity is set |
"" |
applicationSet.nodeAffinityPreset.values |
Node label values to match. Ignored if applicationSet.affinity is set |
[] |
applicationSet.affinity |
Affinity for Argo CD applicationSet controller pods assignment | {} |
applicationSet.podAnnotations |
Annotations for Argo CD applicationSet controller pods | {} |
applicationSet.podLabels |
Extra labels for Argo CD applicationSet controller pods | {} |
applicationSet.containerSecurityContext.enabled |
Enabled Argo CD applicationSet controller containers’ Security Context | true |
applicationSet.containerSecurityContext.seLinuxOptions |
Set SELinux options in container | {} |
applicationSet.containerSecurityContext.runAsUser |
Set Argo CD applicationSet controller containers’ Security Context runAsUser | 1001 |
applicationSet.containerSecurityContext.runAsGroup |
Set Argo CD applicationSet controller containers’ Security Context runAsGroup | 1001 |
applicationSet.containerSecurityContext.allowPrivilegeEscalation |
Set Argo CD applicationSet controller containers’ Security Context allowPrivilegeEscalation | false |
applicationSet.containerSecurityContext.capabilities.drop |
Set Argo CD applicationSet controller containers’ Security Context capabilities to be dropped | ["ALL"] |
applicationSet.containerSecurityContext.readOnlyRootFilesystem |
Set Argo CD applicationSet controller containers’ Security Context readOnlyRootFilesystem | true |
applicationSet.containerSecurityContext.runAsNonRoot |
Set Argo CD applicationSet controller container’s Security Context runAsNonRoot | true |
applicationSet.containerSecurityContext.privileged |
Set applicationSet container’s Security Context privileged | false |
applicationSet.containerSecurityContext.seccompProfile.type |
Set container’s Security Context seccomp profile | RuntimeDefault |
applicationSet.livenessProbe.enabled |
Enable livenessProbe on Argo CD applicationSet controller nodes | true |
applicationSet.livenessProbe.initialDelaySeconds |
Initial delay seconds for livenessProbe | 10 |
applicationSet.livenessProbe.periodSeconds |
Period seconds for livenessProbe | 10 |
applicationSet.livenessProbe.timeoutSeconds |
Timeout seconds for livenessProbe | 1 |
applicationSet.livenessProbe.failureThreshold |
Failure threshold for livenessProbe | 3 |
applicationSet.livenessProbe.successThreshold |
Success threshold for livenessProbe | 1 |
applicationSet.readinessProbe.enabled |
Enable readinessProbe on Argo CD applicationSet controller nodes | true |
applicationSet.readinessProbe.initialDelaySeconds |
Initial delay seconds for readinessProbe | 10 |
applicationSet.readinessProbe.periodSeconds |
Period seconds for readinessProbe | 10 |
applicationSet.readinessProbe.timeoutSeconds |
Timeout seconds for readinessProbe | 1 |
applicationSet.readinessProbe.failureThreshold |
Failure threshold for readinessProbe | 3 |
applicationSet.readinessProbe.successThreshold |
Success threshold for readinessProbe | 1 |
applicationSet.customLivenessProbe |
Custom livenessProbe that overrides the default one | {} |
applicationSet.customReadinessProbe |
Custom readinessProbe that overrides the default one | {} |
applicationSet.resourcesPreset |
Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if applicationSet.resources is set (applicationSet.resources is recommended for production). | nano |
applicationSet.resources |
Set container requests and limits for different resources like CPU or memory (essential for production workloads) | {} |
applicationSet.podSecurityContext.enabled |
Enabled Argo CD applicationSet controller pods’ Security Context | true |
applicationSet.podSecurityContext.fsGroupChangePolicy |
Set filesystem group change policy | Always |
applicationSet.podSecurityContext.sysctls |
Set kernel settings using the sysctl interface | [] |
applicationSet.podSecurityContext.supplementalGroups |
Set filesystem extra groups | [] |
applicationSet.podSecurityContext.fsGroup |
Set Argo CD applicationSet controller pod’s Security Context fsGroup | 1001 |
applicationSet.nodeSelector |
Node labels for Argo CD applicationSet controller pods assignment | {} |
applicationSet.tolerations |
Tolerations for Argo CD applicationSet controller pods assignment | [] |
applicationSet.updateStrategy.type |
Argo CD applicationSet controller statefulset strategy type | RollingUpdate |
applicationSet.priorityClassName |
Argo CD applicationSet controller pods’ priorityClassName | "" |
applicationSet.extraVolumes |
Optionally specify extra list of additional volumes for the Argo CD applicationSet controller pod(s) | [] |
applicationSet.extraVolumeMounts |
Optionally specify extra list of additional volumeMounts for the Argo CD applicationSet controller container(s) | [] |
applicationSet.extraEnvVars |
Array with extra environment variables to add to Argo CD applicationSet controller nodes | [] |
applicationSet.extraEnvVarsCM |
Name of existing ConfigMap containing extra env vars for Argo CD applicationSet controller nodes | "" |
applicationSet.extraEnvVarsSecret |
Name of existing Secret containing extra env vars for Argo CD applicationSet controller nodes | "" |
applicationSet.webhook.ingress.enabled |
Enable an ingress resource for Webhooks | false |
applicationSet.webhook.ingress.annotations |
Additional ingress annotations | {} |
applicationSet.webhook.ingress.labels |
Additional ingress labels | {} |
applicationSet.webhook.ingress.ingressClassName |
Defines which ingress controller will implement the resource | "" |
applicationSet.webhook.ingress.hostname |
Ingress hostname for the Argo CD applicationSet ingress | "" |
applicationSet.webhook.ingress.path |
Argo CD applicationSet ingress path | /api/webhook |
applicationSet.webhook.ingress.pathType |
Ingress path type. One of Exact, Prefix or ImplementationSpecific |
Prefix |
applicationSet.webhook.ingress.extraHosts |
Extra hosts array for the Argo CD applicationSet ingress | [] |
applicationSet.webhook.ingress.extraPaths |
Extra paths for the Argo CD applicationSet ingress | [] |
applicationSet.webhook.ingress.extraTls |
Extra TLS configuration for the Argo CD applicationSet ingress | [] |
applicationSet.webhook.ingress.tls |
Ingress TLS configuration | [] |
applicationSet.pdb.create |
Enable/disable a Pod Disruption Budget creation | true |
applicationSet.pdb.minAvailable |
Minimum number/percentage of pods that should remain scheduled | "" |
applicationSet.pdb.maxUnavailable |
Maximum number/percentage of pods that may be made unavailable. Defaults to 1 if both controller.pdb.minAvailable and controller.pdb.maxUnavailable are empty. |
"" |
Argo CD notifications controller parameters
| Name | Description | Value |
|---|---|---|
notifications.enabled |
Enable notifications controller | false |
notifications.command |
Override default container command (useful when using custom images) | [] |
notifications.args |
Override default container args (useful when using custom images). | [] |
notifications.extraArgs |
Add extra arguments to the default arguments for the Argo CD notifications controller | [] |
notifications.automountServiceAccountToken |
Mount Service Account token in pod | true |
notifications.logFormat |
Format for the Argo CD notifications controller logs. Options: [text, json] | text |
notifications.logLevel |
Log level for the Argo CD notifications controller | info |
notifications.containerPorts.metrics |
Argo CD notifications controller metrics port number | 8085 |
notifications.metrics.enabled |
Enable Argo CD notifications controller metrics | false |
notifications.metrics.service.type |
Argo CD notifications controller service type | ClusterIP |
notifications.metrics.service.ports.metrics |
Argo CD notifications controller metrics service port | 8085 |
notifications.metrics.service.nodePorts.metrics |
Node port for the notifications controller service | "" |
notifications.metrics.service.clusterIP |
Argo CD notifications controller metrics service Cluster IP | "" |
notifications.metrics.service.loadBalancerIP |
Argo CD notifications controller service Load Balancer IP | "" |
notifications.metrics.service.loadBalancerSourceRanges |
Argo CD notifications controller service Load Balancer sources | [] |
notifications.metrics.service.externalTrafficPolicy |
Argo CD notifications controller service external traffic policy | Cluster |
notifications.metrics.service.annotations |
Additional custom annotations for Argo CD notifications controller service | {} |
notifications.metrics.service.sessionAffinity |
Session Affinity for Kubernetes service, can be “None” or “ClientIP” | None |
notifications.metrics.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
notifications.metrics.serviceMonitor.enabled |
Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | false |
notifications.metrics.serviceMonitor.namespace |
Namespace which Prometheus is running in | "" |
notifications.metrics.serviceMonitor.jobLabel |
The name of the label on the target service to use as the job name in prometheus. | "" |
notifications.metrics.serviceMonitor.interval |
Interval at which metrics should be scraped | 30s |
notifications.metrics.serviceMonitor.scrapeTimeout |
Timeout after which the scrape is ended | 10s |
notifications.metrics.serviceMonitor.relabelings |
RelabelConfigs to apply to samples before scraping | [] |
notifications.metrics.serviceMonitor.metricRelabelings |
MetricRelabelConfigs to apply to samples before ingestion | [] |
notifications.metrics.serviceMonitor.selector |
ServiceMonitor selector labels | {} |
notifications.metrics.serviceMonitor.honorLabels |
honorLabels chooses the metric’s labels on collisions with target labels | false |
notifications.networkPolicy.enabled |
Specifies whether a NetworkPolicy should be created | true |
notifications.networkPolicy.allowExternal |
Don’t require server label for connections | true |
notifications.networkPolicy.allowExternalEgress |
Allow the pod to access any range of port and all destinations. | true |
notifications.networkPolicy.kubeAPIServerPorts |
List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | [] |
notifications.networkPolicy.extraIngress |
Add extra ingress rules to the NetworkPolicy | [] |
notifications.networkPolicy.extraEgress |
Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | [] |
notifications.networkPolicy.ingressNSMatchLabels |
Labels to match to allow traffic from other namespaces | {} |
notifications.networkPolicy.ingressNSPodMatchLabels |
Pod labels to match to allow traffic from other namespaces | {} |
notifications.serviceAccount.create |
Specifies whether a ServiceAccount should be created | true |
notifications.serviceAccount.name |
The name of the ServiceAccount to use. | "" |
notifications.serviceAccount.automountServiceAccountToken |
Automount service account token for the notifications controller service account | false |
notifications.serviceAccount.annotations |
Annotations for service account. Evaluated as a template. Only used if create is true. |
{} |
notifications.clusterAdminAccess |
Enable K8s cluster admin access for the notifications controller | false |
notifications.clusterRoleRules |
Use custom rules for notifications controller’s cluster role | [] |
notifications.podAffinityPreset |
Pod affinity preset. Ignored if notifications.affinity is set. Allowed values: soft or hard |
"" |
notifications.podAntiAffinityPreset |
Pod anti-affinity preset. Ignored if notifications.affinity is set. Allowed values: soft or hard |
soft |
notifications.nodeAffinityPreset.type |
Node affinity preset type. Ignored if notifications.affinity is set. Allowed values: soft or hard |
"" |
notifications.nodeAffinityPreset.key |
Node label key to match. Ignored if notifications.affinity is set |
"" |
notifications.nodeAffinityPreset.values |
Node label values to match. Ignored if notifications.affinity is set |
[] |
notifications.affinity |
Affinity for Argo CD notifications controller pods assignment | {} |
notifications.podAnnotations |
Annotations for Argo CD notifications controller pods | {} |
notifications.podLabels |
Extra labels for Argo CD notifications controller pods | {} |
notifications.containerSecurityContext.enabled |
Enabled Argo CD notifications controller containers’ Security Context | true |
notifications.containerSecurityContext.seLinuxOptions |
Set SELinux options in container | {} |
notifications.containerSecurityContext.runAsUser |
Set Argo CD notifications controller containers’ Security Context runAsUser | 1001 |
notifications.containerSecurityContext.runAsGroup |
Set Argo CD notifications controller containers’ Security Context runAsGroup | 1001 |
notifications.containerSecurityContext.allowPrivilegeEscalation |
Set Argo CD notifications controller containers’ Security Context allowPrivilegeEscalation | false |
notifications.containerSecurityContext.capabilities.drop |
Set Argo CD notifications controller containers’ Security Context capabilities to be dropped | ["ALL"] |
notifications.containerSecurityContext.readOnlyRootFilesystem |
Set Argo CD notifications controller containers’ Security Context readOnlyRootFilesystem | true |
notifications.containerSecurityContext.runAsNonRoot |
Set Argo CD notifications controller container’s Security Context runAsNonRoot | true |
notifications.containerSecurityContext.privileged |
Set notifications container’s Security Context privileged | false |
notifications.containerSecurityContext.seccompProfile.type |
Set container’s Security Context seccomp profile | RuntimeDefault |
notifications.resourcesPreset |
Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if notifications.resources is set (notifications.resources is recommended for production). | nano |
notifications.resources |
Set container requests and limits for different resources like CPU or memory (essential for production workloads) | {} |
notifications.podSecurityContext.enabled |
Enabled Argo CD notifications controller pods’ Security Context | true |
notifications.podSecurityContext.fsGroupChangePolicy |
Set filesystem group change policy | Always |
notifications.podSecurityContext.sysctls |
Set kernel settings using the sysctl interface | [] |
notifications.podSecurityContext.supplementalGroups |
Set filesystem extra groups | [] |
notifications.podSecurityContext.fsGroup |
Set Argo CD notifications controller pod’s Security Context fsGroup | 1001 |
notifications.nodeSelector |
Node labels for Argo CD notifications controller pods assignment | {} |
notifications.tolerations |
Tolerations for Argo CD notifications controller pods assignment | [] |
notifications.priorityClassName |
Argo CD notifications controller pods’ priorityClassName | "" |
notifications.extraVolumes |
Optionally specify extra list of additional volumes for the Argo CD notifications controller pod(s) | [] |
notifications.extraVolumeMounts |
Optionally specify extra list of additional volumeMounts for the Argo CD notifications controller container(s) | [] |
notifications.extraEnvVars |
Array with extra environment variables to add to Argo CD notifications controller nodes | [] |
notifications.extraEnvVarsCM |
Name of existing ConfigMap containing extra env vars for Argo CD notifications controller nodes | "" |
notifications.extraEnvVarsSecret |
Name of existing Secret containing extra env vars for Argo CD notifications controller nodes | "" |
notifications.startupProbe.enabled |
Enable startupProbe on Notification nodes | false |
notifications.startupProbe.initialDelaySeconds |
Initial delay seconds for startupProbe | 10 |
notifications.startupProbe.periodSeconds |
Period seconds for startupProbe | 10 |
notifications.startupProbe.timeoutSeconds |
Timeout seconds for startupProbe | 1 |
notifications.startupProbe.failureThreshold |
Failure threshold for startupProbe | 3 |
notifications.startupProbe.successThreshold |
Success threshold for startupProbe | 1 |
notifications.livenessProbe.enabled |
Enable livenessProbe on Notification nodes | true |
notifications.livenessProbe.initialDelaySeconds |
Initial delay seconds for livenessProbe | 10 |
notifications.livenessProbe.periodSeconds |
Period seconds for livenessProbe | 10 |
notifications.livenessProbe.timeoutSeconds |
Timeout seconds for livenessProbe | 1 |
notifications.livenessProbe.failureThreshold |
Failure threshold for livenessProbe | 3 |
notifications.livenessProbe.successThreshold |
Success threshold for livenessProbe | 1 |
notifications.readinessProbe.enabled |
Enable readinessProbe on Notification nodes | true |
notifications.readinessProbe.initialDelaySeconds |
Initial delay seconds for readinessProbe | 10 |
notifications.readinessProbe.periodSeconds |
Period seconds for readinessProbe | 10 |
notifications.readinessProbe.timeoutSeconds |
Timeout seconds for readinessProbe | 1 |
notifications.readinessProbe.failureThreshold |
Failure threshold for readinessProbe | 3 |
notifications.readinessProbe.successThreshold |
Success threshold for readinessProbe | 1 |
notifications.customStartupProbe |
Custom startupProbe that overrides the default one | {} |
notifications.customLivenessProbe |
Custom livenessProbe that overrides the default one | {} |
notifications.customReadinessProbe |
Custom readinessProbe that overrides the default one | {} |
notifications.webhook.ingress.enabled |
Enable an ingress resource for Webhooks | false |
notifications.webhook.ingress.annotations |
Additional ingress annotations | {} |
notifications.webhook.ingress.labels |
Additional ingress labels | {} |
notifications.webhook.ingress.ingressClassName |
Defines which ingress controller will implement the resource | "" |
notifications.webhook.ingress.hostname |
Ingress hostname for the Argo CD notifications ingress | "" |
notifications.webhook.ingress.path |
Argo CD notifications ingress path | /api/webhook |
notifications.webhook.ingress.pathType |
Ingress path type. One of Exact, Prefix or ImplementationSpecific |
Prefix |
notifications.webhook.ingress.extraHosts |
Extra hosts array for the Argo CD notifications ingress | [] |
notifications.webhook.ingress.extraPaths |
Extra paths for the Argo CD notifications ingress | [] |
notifications.webhook.ingress.extraTls |
Extra TLS configuration for the Argo CD notifications ingress | [] |
notifications.webhook.ingress.tls |
Ingress TLS configuration | [] |
notifications.bots.slack.enabled |
Enable notifications controller | false |
notifications.bots.slack.command |
Override default container command (useful when using custom images) | [] |
notifications.bots.slack.args |
Override default container args (useful when using custom images). | [] |
notifications.bots.slack.extraArgs |
Add extra arguments to the default arguments for the Argo CD Slack bot | [] |
notifications.bots.slack.service.type |
Argo CD Slack bot service type | LoadBalancer |
notifications.bots.slack.service.ports.http |
Argo CD Slack bot service port | 80 |
notifications.bots.slack.service.nodePorts.http |
Node port for Argo CD Slack bot service | "" |
notifications.bots.slack.service.clusterIP |
Argo CD Slack bot service Cluster IP | "" |
notifications.bots.slack.service.loadBalancerIP |
Argo CD Slack bot service Load Balancer IP | "" |
notifications.bots.slack.service.loadBalancerSourceRanges |
Argo CD Slack bot service Load Balancer sources | [] |
notifications.bots.slack.service.externalTrafficPolicy |
Argo CD Slack bot service external traffic policy | Cluster |
notifications.bots.slack.service.annotations |
Additional custom annotations for Argo CD Slack bot service | {} |
notifications.bots.slack.service.extraPorts |
Extra ports to expose (normally used with the sidecar value) |
[] |
notifications.bots.slack.service.sessionAffinity |
Session Affinity for Kubernetes service, can be “None” or “ClientIP” | None |
notifications.bots.slack.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
notifications.bots.slack.networkPolicy.enabled |
Specifies whether a NetworkPolicy should be created | true |
notifications.bots.slack.networkPolicy.allowExternal |
Don’t require server label for connections | true |
notifications.bots.slack.networkPolicy.allowExternalEgress |
Allow the pod to access any range of port and all destinations. | true |
notifications.bots.slack.networkPolicy.kubeAPIServerPorts |
List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | [] |
notifications.bots.slack.networkPolicy.extraIngress |
Add extra ingress rules to the NetworkPolicy | [] |
notifications.bots.slack.networkPolicy.extraEgress |
Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | [] |
notifications.bots.slack.networkPolicy.ingressNSMatchLabels |
Labels to match to allow traffic from other namespaces | {} |
notifications.bots.slack.networkPolicy.ingressNSPodMatchLabels |
Pod labels to match to allow traffic from other namespaces | {} |
notifications.bots.slack.serviceAccount.create |
Specifies whether a ServiceAccount should be created | true |
notifications.bots.slack.serviceAccount.name |
The name of the ServiceAccount to use. | "" |
notifications.bots.slack.serviceAccount.automountServiceAccountToken |
Automount service account token for the notifications controller service account | false |
notifications.bots.slack.serviceAccount.annotations |
Annotations for service account. Evaluated as a template. Only used if create is true. |
{} |
notifications.bots.slack.podAffinityPreset |
Pod affinity preset. Ignored if notifications.bots.slack.affinity is set. Allowed values: soft or hard |
"" |
notifications.bots.slack.podAntiAffinityPreset |
Pod anti-affinity preset. Ignored if notifications.bots.slack.affinity is set. Allowed values: soft or hard |
soft |
notifications.bots.slack.nodeAffinityPreset.type |
Node affinity preset type. Ignored if notifications.bots.slack.affinity is set. Allowed values: soft or hard |
"" |
notifications.bots.slack.nodeAffinityPreset.key |
Node label key to match. Ignored if notifications.bots.slack.affinity is set |
"" |
notifications.bots.slack.nodeAffinityPreset.values |
Node label values to match. Ignored if notifications.bots.slack.affinity is set |
[] |
notifications.bots.slack.containerPorts.metrics |
Slack Bot controller metrics port number | 9001 |
notifications.bots.slack.startupProbe.enabled |
Enable startupProbe on Slack Bot nodes | false |
notifications.bots.slack.startupProbe.initialDelaySeconds |
Initial delay seconds for startupProbe | 10 |
notifications.bots.slack.startupProbe.periodSeconds |
Period seconds for startupProbe | 10 |
notifications.bots.slack.startupProbe.timeoutSeconds |
Timeout seconds for startupProbe | 1 |
notifications.bots.slack.startupProbe.failureThreshold |
Failure threshold for startupProbe | 3 |
notifications.bots.slack.startupProbe.successThreshold |
Success threshold for startupProbe | 1 |
notifications.bots.slack.livenessProbe.enabled |
Enable livenessProbe on Slack Bot nodes | true |
notifications.bots.slack.livenessProbe.initialDelaySeconds |
Initial delay seconds for livenessProbe | 10 |
notifications.bots.slack.livenessProbe.periodSeconds |
Period seconds for livenessProbe | 10 |
notifications.bots.slack.livenessProbe.timeoutSeconds |
Timeout seconds for livenessProbe | 1 |
notifications.bots.slack.livenessProbe.failureThreshold |
Failure threshold for livenessProbe | 3 |
notifications.bots.slack.livenessProbe.successThreshold |
Success threshold for livenessProbe | 1 |
notifications.bots.slack.readinessProbe.enabled |
Enable readinessProbe on Slack Bot nodes | true |
notifications.bots.slack.readinessProbe.initialDelaySeconds |
Initial delay seconds for readinessProbe | 10 |
notifications.bots.slack.readinessProbe.periodSeconds |
Period seconds for readinessProbe | 10 |
notifications.bots.slack.readinessProbe.timeoutSeconds |
Timeout seconds for readinessProbe | 1 |
notifications.bots.slack.readinessProbe.failureThreshold |
Failure threshold for readinessProbe | 3 |
notifications.bots.slack.readinessProbe.successThreshold |
Success threshold for readinessProbe | 1 |
notifications.bots.slack.customStartupProbe |
Custom startupProbe that overrides the default one | {} |
notifications.bots.slack.customLivenessProbe |
Custom livenessProbe that overrides the default one | {} |
notifications.bots.slack.customReadinessProbe |
Custom readinessProbe that overrides the default one | {} |
notifications.bots.slack.affinity |
Affinity for Argo CD Slack bot pods assignment | {} |
notifications.bots.slack.podAnnotations |
Annotations for Argo CD Slack bot pods | {} |
notifications.bots.slack.podLabels |
Extra labels for Argo CD Slack bot pods | {} |
notifications.bots.slack.containerSecurityContext.enabled |
Enabled Argo CD Slack bot containers’ Security Context | true |
notifications.bots.slack.containerSecurityContext.seLinuxOptions |
Set SELinux options in container | {} |
notifications.bots.slack.containerSecurityContext.runAsUser |
Set Argo CD Slack bot containers’ Security Context runAsUser | 1001 |
notifications.bots.slack.containerSecurityContext.runAsGroup |
Set Argo CD Slack bot containers’ Security Context runAsGroup | 1001 |
notifications.bots.slack.containerSecurityContext.allowPrivilegeEscalation |
Set Argo CD Slack bot containers’ Security Context allowPrivilegeEscalation | false |
notifications.bots.slack.containerSecurityContext.capabilities.drop |
Set Argo CD Slack bot containers’ Security Context capabilities to be dropped | ["ALL"] |
notifications.bots.slack.containerSecurityContext.readOnlyRootFilesystem |
Set Argo CD Slack bot containers’ Security Context readOnlyRootFilesystem | true |
notifications.bots.slack.containerSecurityContext.runAsNonRoot |
Set Argo CD Slack bot container’s Security Context runAsNonRoot | true |
notifications.bots.slack.containerSecurityContext.privileged |
Set notifications container’s Security Context privileged | false |
notifications.bots.slack.containerSecurityContext.seccompProfile.type |
Set container’s Security Context seccomp profile | RuntimeDefault |
notifications.bots.slack.resourcesPreset |
Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if notifications.bots.slack.resources is set (notifications.bots.slack.resources is recommended for production). | nano |
notifications.bots.slack.resources |
Set container requests and limits for different resources like CPU or memory (essential for production workloads) | {} |
notifications.bots.slack.podSecurityContext.enabled |
Enabled Argo CD Slack bot pods’ Security Context | true |
notifications.bots.slack.podSecurityContext.fsGroupChangePolicy |
Set filesystem group change policy | Always |
notifications.bots.slack.podSecurityContext.sysctls |
Set kernel settings using the sysctl interface | [] |
notifications.bots.slack.podSecurityContext.supplementalGroups |
Set filesystem extra groups | [] |
notifications.bots.slack.podSecurityContext.fsGroup |
Set Argo CD Slack bot pod’s Security Context fsGroup | 1001 |
notifications.bots.slack.nodeSelector |
Node labels for Argo CD Slack bot pods assignment | {} |
notifications.bots.slack.tolerations |
Tolerations for Argo CD Slack bot pods assignment | [] |
notifications.bots.slack.priorityClassName |
Argo CD Slack bot pods’ priorityClassName | "" |
notifications.bots.slack.extraVolumes |
Optionally specify extra list of additional volumes for the Argo CD Slack bot pod(s) | [] |
notifications.bots.slack.extraVolumeMounts |
Optionally specify extra list of additional volumeMounts for the Argo CD Slack bot container(s) | [] |
notifications.bots.slack.extraEnvVars |
Array with extra environment variables to add to Argo CD Slack bot nodes | [] |
notifications.bots.slack.extraEnvVarsCM |
Name of existing ConfigMap containing extra env vars for Argo CD Slack bot nodes | "" |
notifications.bots.slack.extraEnvVarsSecret |
Name of existing Secret containing extra env vars for Argo CD Slack bot nodes | "" |
notifications.pdb.create |
Enable/disable a Pod Disruption Budget creation | true |
notifications.pdb.minAvailable |
Minimum number/percentage of pods that should remain scheduled | "" |
notifications.pdb.maxUnavailable |
Maximum number/percentage of pods that may be made unavailable. Defaults to 1 if both notifications.pdb.minAvailable and notifications.pdb.maxUnavailable are empty. |
"" |
Argo CD server Parameters
| Name | Description | Value |
|---|---|---|
server.replicaCount |
Number of Argo CD server replicas to deploy | 1 |
server.startupProbe.enabled |
Enable startupProbe on Argo CD server nodes | false |
server.startupProbe.initialDelaySeconds |
Initial delay seconds for startupProbe | 10 |
server.startupProbe.periodSeconds |
Period seconds for startupProbe | 10 |
server.startupProbe.timeoutSeconds |
Timeout seconds for startupProbe | 1 |
server.startupProbe.failureThreshold |
Failure threshold for startupProbe | 3 |
server.startupProbe.successThreshold |
Success threshold for startupProbe | 1 |
server.livenessProbe.enabled |
Enable livenessProbe on Argo CD server nodes | true |
server.livenessProbe.initialDelaySeconds |
Initial delay seconds for livenessProbe | 10 |
server.livenessProbe.periodSeconds |
Period seconds for livenessProbe | 10 |
server.livenessProbe.timeoutSeconds |
Timeout seconds for livenessProbe | 1 |
server.livenessProbe.failureThreshold |
Failure threshold for livenessProbe | 3 |
server.livenessProbe.successThreshold |
Success threshold for livenessProbe | 1 |
server.readinessProbe.enabled |
Enable readinessProbe on Argo CD server nodes | true |
server.readinessProbe.initialDelaySeconds |
Initial delay seconds for readinessProbe | 10 |
server.readinessProbe.periodSeconds |
Period seconds for readinessProbe | 10 |
server.readinessProbe.timeoutSeconds |
Timeout seconds for readinessProbe | 1 |
server.readinessProbe.failureThreshold |
Failure threshold for readinessProbe | 3 |
server.readinessProbe.successThreshold |
Success threshold for readinessProbe | 1 |
server.customStartupProbe |
Custom startupProbe that overrides the default one | {} |
server.customLivenessProbe |
Custom livenessProbe that overrides the default one | {} |
server.customReadinessProbe |
Custom readinessProbe that overrides the default one | {} |
server.resourcesPreset |
Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if server.resources is set (server.resources is recommended for production). | nano |
server.resources |
Set container requests and limits for different resources like CPU or memory (essential for production workloads) | {} |
server.podSecurityContext.enabled |
Enabled Argo CD server pods’ Security Context | true |
server.podSecurityContext.fsGroupChangePolicy |
Set filesystem group change policy | Always |
server.podSecurityContext.sysctls |
Set kernel settings using the sysctl interface | [] |
server.podSecurityContext.supplementalGroups |
Set filesystem extra groups | [] |
server.podSecurityContext.fsGroup |
Set Argo CD server pod’s Security Context fsGroup | 1001 |
server.containerSecurityContext.enabled |
Enabled Argo CD server containers’ Security Context | true |
server.containerSecurityContext.seLinuxOptions |
Set SELinux options in container | {} |
server.containerSecurityContext.runAsUser |
Set Argo CD server containers’ Security Context runAsUser | 1001 |
server.containerSecurityContext.runAsGroup |
Set Argo CD server containers’ Security Context runAsGroup | 1001 |
server.containerSecurityContext.allowPrivilegeEscalation |
Set Argo CD server containers’ Security Context allowPrivilegeEscalation | false |
server.containerSecurityContext.capabilities.drop |
Set Argo CD containers’ server Security Context capabilities to be dropped | ["ALL"] |
server.containerSecurityContext.readOnlyRootFilesystem |
Set Argo CD containers’ server Security Context readOnlyRootFilesystem | true |
server.containerSecurityContext.runAsNonRoot |
Set Argo CD server containers’ Security Context runAsNonRoot | true |
server.containerSecurityContext.privileged |
Set server container’s Security Context privileged | false |
server.containerSecurityContext.seccompProfile.type |
Set container’s Security Context seccomp profile | RuntimeDefault |
server.autoscaling.enabled |
Enable Argo CD server deployment autoscaling | false |
server.autoscaling.minReplicas |
Argo CD server deployment autoscaling minimum number of replicas | 1 |
server.autoscaling.maxReplicas |
Argo CD server deployment autoscaling maximum number of replicas | 5 |
server.autoscaling.targetCPU |
Argo CD server deployment autoscaling target CPU percentage | 50 |
server.autoscaling.targetMemory |
Argo CD server deployment autoscaling target CPU memory | 50 |
server.insecure |
Disable HTTPS redirection for Argo CD server | false |
server.logFormat |
ArgoCD server logs format. Options: [text, json] | text |
server.logLevel |
ArgoCD server logs level | info |
server.configEnabled |
Enable Argo CD server config | true |
server.url |
Argo CD server base URL. Required when configuring SSO. Required when enabling dex. | "" |
server.config |
Argo CD server configuration that will end on the argocd-cm Config Map | {} |
server.ingress.enabled |
Enable the creation of an ingress for the Argo CD server | false |
server.ingress.pathType |
Path type for the Argo CD server ingress | ImplementationSpecific |
server.ingress.apiVersion |
Ingress API version for the Argo CD server ingress | "" |
server.ingress.hostname |
Ingress hostname for the Argo CD server ingress | argocd.server.local |
server.ingress.annotations |
Annotations for the Argo CD server ingress. To enable certificate autogeneration, place here your cert-manager annotations. | {} |
server.ingress.tls |
Enable TLS for the Argo CD server ingress | false |
server.ingress.extraHosts |
Extra hosts array for the Argo CD server ingress | [] |
server.ingress.path |
Path array for the Argo CD server ingress | / |
server.ingress.extraPaths |
Extra paths for the Argo CD server ingress | [] |
server.ingress.extraTls |
Extra TLS configuration for the Argo CD server ingress | [] |
server.ingress.secrets |
Secrets array to mount into the Ingress | [] |
server.ingress.ingressClassName |
IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | "" |
server.ingress.selfSigned |
Create a TLS secret for this ingress record using self-signed certificates generated by Helm | false |
server.ingress.extraRules |
Additional rules to be covered with this ingress record | [] |
server.metrics.enabled |
Enable metrics for the Argo CD server | false |
server.metrics.service.type |
Argo CD server service type | ClusterIP |
server.metrics.service.ports.metrics |
Argo CD server metrics service port | 8083 |
server.metrics.service.nodePorts.metrics |
Node port for Argo CD server metrics service | "" |
server.metrics.service.clusterIP |
Argo CD server metrics service Cluster IP | "" |
server.metrics.service.loadBalancerIP |
Argo CD server service Load Balancer IP | "" |
server.metrics.service.loadBalancerSourceRanges |
Argo CD server service Load Balancer sources | [] |
server.metrics.service.externalTrafficPolicy |
Argo CD server service external traffic policy | Cluster |
server.metrics.service.annotations |
Additional custom annotations for Argo CD server service | {} |
server.metrics.service.sessionAffinity |
Session Affinity for Kubernetes service, can be “None” or “ClientIP” | None |
server.metrics.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
server.metrics.serviceMonitor.enabled |
Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | false |
server.metrics.serviceMonitor.namespace |
Namespace which Prometheus is running in | "" |
server.metrics.serviceMonitor.jobLabel |
The name of the label on the target service to use as the job name in prometheus. | "" |
server.metrics.serviceMonitor.interval |
Interval at which metrics should be scraped | 30s |
server.metrics.serviceMonitor.scrapeTimeout |
Timeout after which the scrape is ended | 10s |
server.metrics.serviceMonitor.relabelings |
RelabelConfigs to apply to samples before scraping | [] |
server.metrics.serviceMonitor.metricRelabelings |
MetricRelabelConfigs to apply to samples before ingestion | [] |
server.metrics.serviceMonitor.selector |
ServiceMonitor selector labels | {} |
server.metrics.serviceMonitor.honorLabels |
honorLabels chooses the metric’s labels on collisions with target labels | false |
server.ingressGrpc.enabled |
Enable the creation of an ingress for the Argo CD gRPC server | false |
server.ingressGrpc.pathType |
Path type for the Argo CD gRPC server ingress | ImplementationSpecific |
server.ingressGrpc.apiVersion |
Ingress API version for the Argo CD gRPC server ingress | "" |
server.ingressGrpc.hostname |
Ingress hostname for the Argo CD gRPC server ingress | argocd.server.local |
server.ingressGrpc.annotations |
Annotations for the Argo CD gRPC server ingress. To enable certificate autogeneration, place here your cert-manager annotations | {} |
server.ingressGrpc.tls |
Enable TLS for the Argo CD server ingress | false |
server.ingressGrpc.extraHosts |
Extra hosts array for the Argo CD gRPC server ingress | [] |
server.ingressGrpc.path |
Path array for the Argo CD gRPC server ingress | / |
server.ingressGrpc.extraPaths |
Extra paths for the Argo CD gRPC server ingress | [] |
server.ingressGrpc.extraTls |
Extra TLS configuration for the Argo CD gRPC server ingress | [] |
server.ingressGrpc.secrets |
Secrets array to mount into the Ingress | [] |
server.ingressGrpc.ingressClassName |
IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | "" |
server.ingressGrpc.selfSigned |
Create a TLS secret for this ingress record using self-signed certificates generated by Helm | false |
server.ingressGrpc.extraRules |
Additional rules to be covered with this ingress record | [] |
server.containerPorts.http |
Argo CD server HTTP container port | 8080 |
server.containerPorts.https |
Argo CD server HTTPS container port | 8443 |
server.containerPorts.metrics |
Argo CD server metrics container port | 8083 |
server.service.type |
Argo CD service type | ClusterIP |
server.service.ports.http |
HTTP port for the gRPC ingress when enabled | 80 |
server.service.ports.https |
HTTPS port for the gRPC ingress when enabled | 443 |
server.service.nodePorts.http |
Node port for HTTP | "" |
server.service.nodePorts.https |
Node port for HTTPS | "" |
server.service.clusterIP |
Argo CD service Cluster IP | "" |
server.service.loadBalancerIP |
Argo CD service Load Balancer IP | "" |
server.service.loadBalancerSourceRanges |
Argo CD service Load Balancer sources | [] |
server.service.externalTrafficPolicy |
Argo CD service external traffic policy | Cluster |
server.service.annotations |
Additional custom annotations for Argo CD service | {} |
server.service.extraPorts |
Extra ports to expose (normally used with the sidecar value) |
[] |
server.service.sessionAffinity |
Session Affinity for Kubernetes service, can be “None” or “ClientIP” | None |
server.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
server.networkPolicy.enabled |
Specifies whether a NetworkPolicy should be created | true |
server.networkPolicy.allowExternal |
Don’t require server label for connections | true |
server.networkPolicy.allowExternalEgress |
Allow the pod to access any range of port and all destinations. | true |
server.networkPolicy.kubeAPIServerPorts |
List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | [] |
server.networkPolicy.extraIngress |
Add extra ingress rules to the NetworkPolicy | [] |
server.networkPolicy.extraEgress |
Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | [] |
server.networkPolicy.ingressNSMatchLabels |
Labels to match to allow traffic from other namespaces | {} |
server.networkPolicy.ingressNSPodMatchLabels |
Pod labels to match to allow traffic from other namespaces | {} |
server.command |
Override default container command (useful when using custom images) | [] |
server.args |
Override default container args (useful when using custom images) | [] |
server.extraArgs |
concat to the default args | [] |
server.automountServiceAccountToken |
Mount Service Account token in pod | true |
server.hostAliases |
Argo CD server pods host aliases | [] |
server.podLabels |
Extra labels for Argo CD server pods | {} |
server.podAnnotations |
Annotations for Argo CD server pods | {} |
server.podAffinityPreset |
Pod affinity preset. Ignored if server.affinity is set. Allowed values: soft or hard |
"" |
server.podAntiAffinityPreset |
Pod anti-affinity preset. Ignored if server.affinity is set. Allowed values: soft or hard |
soft |
server.nodeAffinityPreset.type |
Node affinity preset type. Ignored if server.affinity is set. Allowed values: soft or hard |
"" |
server.nodeAffinityPreset.key |
Node label key to match. Ignored if server.affinity is set |
"" |
server.nodeAffinityPreset.values |
Node label values to match. Ignored if server.affinity is set |
[] |
server.affinity |
Affinity for Argo CD server pods assignment | {} |
server.nodeSelector |
Node labels for Argo CD server pods assignment | {} |
server.tolerations |
Tolerations for Argo CD server pods assignment | [] |
server.schedulerName |
Name of the k8s scheduler (other than default) | "" |
server.shareProcessNamespace |
Enable shared process namespace in a pod. | false |
server.topologySpreadConstraints |
Topology Spread Constraints for pod assignment | [] |
server.updateStrategy.type |
Argo CD server statefulset strategy type | RollingUpdate |
server.priorityClassName |
Argo CD server pods’ priorityClassName | "" |
server.runtimeClassName |
Name of the runtime class to be used by pod(s) | "" |
server.lifecycleHooks |
for the Argo CD server container(s) to automate configuration before or after startup | {} |
server.extraEnvVars |
Array with extra environment variables to add to Argo CD server nodes | [] |
server.extraEnvVarsCM |
Name of existing ConfigMap containing extra env vars for Argo CD server nodes | "" |
server.extraEnvVarsSecret |
Name of existing Secret containing extra env vars for Argo CD server nodes | "" |
server.extraVolumes |
Optionally specify extra list of additional volumes for the Argo CD server pod(s) | [] |
server.extraVolumeMounts |
Optionally specify extra list of additional volumeMounts for the Argo CD server container(s) | [] |
server.sidecars |
Add additional sidecar containers to the Argo CD server pod(s) | [] |
server.initContainers |
Add additional init containers to the Argo CD server pod(s) | [] |
server.serviceAccount.create |
Specifies whether a ServiceAccount should be created | true |
server.serviceAccount.name |
The name of the ServiceAccount to use. | "" |
server.serviceAccount.automountServiceAccountToken |
Automount service account token for the server service account | false |
server.serviceAccount.annotations |
Annotations for service account. Evaluated as a template. Only used if create is true. |
{} |
server.clusterAdminAccess |
Enable K8s cluster admin access for the server | true |
server.clusterRoleRules |
Use custom rules for server’s cluster role | [] |
server.pdb.create |
Enable/disable a Pod Disruption Budget creation | true |
server.pdb.minAvailable |
Minimum number/percentage of pods that should remain scheduled | "" |
server.pdb.maxUnavailable |
Maximum number/percentage of pods that may be made unavailable. Defaults to 1 if both server.pdb.minAvailable and server.pdb.maxUnavailable are empty. |
"" |
Argo CD repo server Parameters
| Name | Description | Value |
|---|---|---|
repoServer.replicaCount |
Number of Argo CD repo server replicas to deploy | 1 |
repoServer.startupProbe.enabled |
Enable startupProbe on Argo CD repo server nodes | false |
repoServer.startupProbe.initialDelaySeconds |
Initial delay seconds for startupProbe | 10 |
repoServer.startupProbe.periodSeconds |
Period seconds for startupProbe | 10 |
repoServer.startupProbe.timeoutSeconds |
Timeout seconds for startupProbe | 1 |
repoServer.startupProbe.failureThreshold |
Failure threshold for startupProbe | 3 |
repoServer.startupProbe.successThreshold |
Success threshold for startupProbe | 1 |
repoServer.livenessProbe.enabled |
Enable livenessProbe on Argo CD repo server nodes | true |
repoServer.livenessProbe.initialDelaySeconds |
Initial delay seconds for livenessProbe | 10 |
repoServer.livenessProbe.periodSeconds |
Period seconds for livenessProbe | 10 |
repoServer.livenessProbe.timeoutSeconds |
Timeout seconds for livenessProbe | 1 |
repoServer.livenessProbe.failureThreshold |
Failure threshold for livenessProbe | 3 |
repoServer.livenessProbe.successThreshold |
Success threshold for livenessProbe | 1 |
repoServer.readinessProbe.enabled |
Enable readinessProbe on Argo CD repo server nodes | true |
repoServer.readinessProbe.initialDelaySeconds |
Initial delay seconds for readinessProbe | 10 |
repoServer.readinessProbe.periodSeconds |
Period seconds for readinessProbe | 10 |
repoServer.readinessProbe.timeoutSeconds |
Timeout seconds for readinessProbe | 1 |
repoServer.readinessProbe.failureThreshold |
Failure threshold for readinessProbe | 3 |
repoServer.readinessProbe.successThreshold |
Success threshold for readinessProbe | 1 |
repoServer.customStartupProbe |
Custom startupProbe that overrides the default one | {} |
repoServer.customLivenessProbe |
Custom livenessProbe that overrides the default one | {} |
repoServer.customReadinessProbe |
Custom readinessProbe that overrides the default one | {} |
repoServer.resourcesPreset |
Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if repoServer.resources is set (repoServer.resources is recommended for production). | nano |
repoServer.resources |
Set container requests and limits for different resources like CPU or memory (essential for production workloads) | {} |
repoServer.podSecurityContext.enabled |
Enabled Argo CD repo server pods’ Security Context | true |
repoServer.podSecurityContext.fsGroupChangePolicy |
Set filesystem group change policy | Always |
repoServer.podSecurityContext.sysctls |
Set kernel settings using the sysctl interface | [] |
repoServer.podSecurityContext.supplementalGroups |
Set filesystem extra groups | [] |
repoServer.podSecurityContext.fsGroup |
Set Argo CD repo server pod’s Security Context fsGroup | 1001 |
repoServer.containerSecurityContext.enabled |
Enabled Argo CD repo server containers’ Security Context | true |
repoServer.containerSecurityContext.seLinuxOptions |
Set SELinux options in container | {} |
repoServer.containerSecurityContext.runAsUser |
Set Argo CD repo server containers’ Security Context runAsUser | 1001 |
repoServer.containerSecurityContext.runAsGroup |
Set Argo CD repo server containers’ Security Context runAsGroup | 1001 |
repoServer.containerSecurityContext.allowPrivilegeEscalation |
Set Argo CD repo server containers’ Security Context allowPrivilegeEscalation | false |
repoServer.containerSecurityContext.capabilities.drop |
Set Argo CD containers’ repo server Security Context capabilities to be dropped | ["ALL"] |
repoServer.containerSecurityContext.readOnlyRootFilesystem |
Set Argo CD containers’ repo server Security Context readOnlyRootFilesystem | true |
repoServer.containerSecurityContext.runAsNonRoot |
Set Argo CD repo server containers’ Security Context runAsNonRoot | true |
repoServer.containerSecurityContext.privileged |
Set repoServer container’s Security Context privileged | false |
repoServer.containerSecurityContext.seccompProfile.type |
Set container’s Security Context seccomp profile | RuntimeDefault |
repoServer.service.type |
Repo server service type | ClusterIP |
repoServer.service.ports.repoServer |
Repo server service port | 8081 |
repoServer.service.nodePorts.repoServer |
Node port for the repo server service | "" |
repoServer.service.clusterIP |
Repo server service Cluster IP | "" |
repoServer.service.loadBalancerIP |
Repo server service Load Balancer IP | "" |
repoServer.service.loadBalancerSourceRanges |
Repo server service Load Balancer sources | [] |
repoServer.service.externalTrafficPolicy |
Repo server service external traffic policy | Cluster |
repoServer.service.annotations |
Additional custom annotations for Repo server service | {} |
repoServer.service.extraPorts |
Extra ports to expose (normally used with the sidecar value) |
[] |
repoServer.service.sessionAffinity |
Session Affinity for Kubernetes service, can be “None” or “ClientIP” | None |
repoServer.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
repoServer.networkPolicy.enabled |
Specifies whether a NetworkPolicy should be created | true |
repoServer.networkPolicy.allowExternal |
Don’t require server label for connections | true |
repoServer.networkPolicy.allowExternalEgress |
Allow the pod to access any range of port and all destinations. | true |
repoServer.networkPolicy.kubeAPIServerPorts |
List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | [] |
repoServer.networkPolicy.extraIngress |
Add extra ingress rules to the NetworkPolicy | [] |
repoServer.networkPolicy.extraEgress |
Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | [] |
repoServer.networkPolicy.ingressNSMatchLabels |
Labels to match to allow traffic from other namespaces | {} |
repoServer.networkPolicy.ingressNSPodMatchLabels |
Pod labels to match to allow traffic from other namespaces | {} |
repoServer.logFormat |
Format for the Argo CD repo server logs. Options: [text, json] | text |
repoServer.logLevel |
Log level for the Argo CD repo server | info |
repoServer.containerPorts.repoServer |
Container port for Argo CD repo server | 8081 |
repoServer.containerPorts.metrics |
Metrics port for Argo CD repo server | 8084 |
repoServer.metrics.enabled |
Enable metrics for the Argo CD repo server | false |
repoServer.metrics.service.type |
Argo CD repo server service type | ClusterIP |
repoServer.metrics.service.ports.metrics |
Argo CD repo server metrics service port | 8084 |
repoServer.metrics.service.nodePorts.metrics |
Node port for the repo server metrics service | "" |
repoServer.metrics.service.clusterIP |
Argo CD repo server metrics service Cluster IP | "" |
repoServer.metrics.service.loadBalancerIP |
Argo CD repo server service Load Balancer IP | "" |
repoServer.metrics.service.loadBalancerSourceRanges |
Argo CD repo server service Load Balancer sources | [] |
repoServer.metrics.service.externalTrafficPolicy |
Argo CD repo server service external traffic policy | Cluster |
repoServer.metrics.service.annotations |
Additional custom annotations for Argo CD repo server service | {} |
repoServer.metrics.service.sessionAffinity |
Session Affinity for Kubernetes service, can be “None” or “ClientIP” | None |
repoServer.metrics.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
repoServer.metrics.serviceMonitor.enabled |
Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | false |
repoServer.metrics.serviceMonitor.namespace |
Namespace which Prometheus is running in | "" |
repoServer.metrics.serviceMonitor.jobLabel |
The name of the label on the target service to use as the job name in prometheus. | "" |
repoServer.metrics.serviceMonitor.interval |
Interval at which metrics should be scraped | 30s |
repoServer.metrics.serviceMonitor.scrapeTimeout |
Timeout after which the scrape is ended | 10s |
repoServer.metrics.serviceMonitor.relabelings |
RelabelConfigs to apply to samples before scraping | [] |
repoServer.metrics.serviceMonitor.metricRelabelings |
MetricRelabelConfigs to apply to samples before ingestion | [] |
repoServer.metrics.serviceMonitor.selector |
ServiceMonitor selector labels | {} |
repoServer.metrics.serviceMonitor.honorLabels |
honorLabels chooses the metric’s labels on collisions with target labels | false |
repoServer.autoscaling.enabled |
Enable Argo CD repo server deployment autoscaling | false |
repoServer.autoscaling.minReplicas |
Argo CD repo server deployment autoscaling minimum number of replicas | 1 |
repoServer.autoscaling.maxReplicas |
Argo CD repo server deployment autoscaling maximum number of replicas | 5 |
repoServer.autoscaling.targetCPU |
Argo CD repo server deployment autoscaling target CPU percentage | 50 |
repoServer.autoscaling.targetMemory |
Argo CD repo server deployment autoscaling target CPU memory | 50 |
repoServer.serviceAccount.create |
Specifies whether a ServiceAccount for repo server should be created | true |
repoServer.serviceAccount.name |
The name of the ServiceAccount for repo server to use. | "" |
repoServer.serviceAccount.automountServiceAccountToken |
Automount service account token for the repo server service account | false |
repoServer.serviceAccount.annotations |
Annotations for service account. Evaluated as a template. Only used if create is true. |
{} |
repoServer.clusterAdminAccess |
Enable K8s cluster admin access for the repo server | false |
repoServer.clusterRoleRules |
Use custom rules for repo server’s cluster role | [] |
repoServer.command |
Override default container command (useful when using custom images) | [] |
repoServer.args |
Override default container args (useful when using custom images) | [] |
repoServer.extraArgs |
Add extra args to the default repo server args | [] |
repoServer.automountServiceAccountToken |
Mount Service Account token in pod | true |
repoServer.hostAliases |
Argo CD repo server pods host aliases | [] |
repoServer.podLabels |
Extra labels for Argo CD repo server pods | {} |
repoServer.podAnnotations |
Annotations for Argo CD repo server pods | {} |
repoServer.podAffinityPreset |
Pod affinity preset. Ignored if repoServer.affinity is set. Allowed values: soft or hard |
"" |
repoServer.podAntiAffinityPreset |
Pod anti-affinity preset. Ignored if repoServer.affinity is set. Allowed values: soft or hard |
soft |
repoServer.nodeAffinityPreset.type |
Node affinity preset type. Ignored if repoServer.affinity is set. Allowed values: soft or hard |
"" |
repoServer.nodeAffinityPreset.key |
Node label key to match. Ignored if repoServer.affinity is set |
"" |
repoServer.nodeAffinityPreset.values |
Node label values to match. Ignored if repoServer.affinity is set |
[] |
repoServer.affinity |
Affinity for Argo CD repo server pods assignment | {} |
repoServer.nodeSelector |
Node labels for Argo CD repo server pods assignment | {} |
repoServer.tolerations |
Tolerations for Argo CD repo server pods assignment | [] |
repoServer.schedulerName |
Name of the k8s scheduler (other than default) | "" |
repoServer.shareProcessNamespace |
Enable shared process namespace in a pod. | false |
repoServer.topologySpreadConstraints |
Topology Spread Constraints for pod assignment | [] |
repoServer.updateStrategy.type |
Argo CD repo server statefulset strategy type | RollingUpdate |
repoServer.priorityClassName |
Argo CD repo server pods’ priorityClassName | "" |
repoServer.runtimeClassName |
Name of the runtime class to be used by pod(s) | "" |
repoServer.lifecycleHooks |
for the Argo CD repo server container(s) to automate configuration before or after startup | {} |
repoServer.extraEnvVars |
Array with extra environment variables to add to Argo CD repo server nodes | [] |
repoServer.extraEnvVarsCM |
Name of existing ConfigMap containing extra env vars for Argo CD repo server nodes | "" |
repoServer.extraEnvVarsSecret |
Name of existing Secret containing extra env vars for Argo CD repo server nodes | "" |
repoServer.extraVolumes |
Optionally specify extra list of additional volumes for the Argo CD repo server pod(s) | [] |
repoServer.extraVolumeMounts |
Optionally specify extra list of additional volumeMounts for the Argo CD repo server container(s) | [] |
repoServer.sidecars |
Add additional sidecar containers to the Argo CD repo server pod(s) | [] |
repoServer.initContainers |
Add additional init containers to the Argo CD repo server pod(s) | [] |
repoServer.pdb.create |
Enable/disable a Pod Disruption Budget creation | true |
repoServer.pdb.minAvailable |
Minimum number/percentage of pods that should remain scheduled | "" |
repoServer.pdb.maxUnavailable |
Maximum number/percentage of pods that may be made unavailable. Defaults to 1 if both repoServer.pdb.minAvailable and repoServer.pdb.maxUnavailable are empty. |
"" |
Dex Parameters
| Name | Description | Value |
|---|---|---|
dex.image.registry |
Dex image registry | REGISTRY_NAME |
dex.image.repository |
Dex image repository | REPOSITORY_NAME/dex |
dex.image.digest |
Dex image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag | "" |
dex.image.pullPolicy |
Dex image pull policy | IfNotPresent |
dex.image.pullSecrets |
Dex image pull secrets | [] |
dex.image.debug |
Enable Dex image debug mode | false |
dex.enabled |
Enable the creation of a Dex deployment for SSO | false |
dex.replicaCount |
Number of Dex replicas to deploy | 1 |
dex.startupProbe.enabled |
Enable startupProbe on Dex nodes | false |
dex.startupProbe.initialDelaySeconds |
Initial delay seconds for startupProbe | 10 |
dex.startupProbe.periodSeconds |
Period seconds for startupProbe | 10 |
dex.startupProbe.timeoutSeconds |
Timeout seconds for startupProbe | 1 |
dex.startupProbe.failureThreshold |
Failure threshold for startupProbe | 3 |
dex.startupProbe.successThreshold |
Success threshold for startupProbe | 1 |
dex.livenessProbe.enabled |
Enable livenessProbe on Dex nodes | true |
dex.livenessProbe.initialDelaySeconds |
Initial delay seconds for livenessProbe | 10 |
dex.livenessProbe.periodSeconds |
Period seconds for livenessProbe | 10 |
dex.livenessProbe.timeoutSeconds |
Timeout seconds for livenessProbe | 1 |
dex.livenessProbe.failureThreshold |
Failure threshold for livenessProbe | 3 |
dex.livenessProbe.successThreshold |
Success threshold for livenessProbe | 1 |
dex.readinessProbe.enabled |
Enable readinessProbe on Dex nodes | true |
dex.readinessProbe.initialDelaySeconds |
Initial delay seconds for readinessProbe | 10 |
dex.readinessProbe.periodSeconds |
Period seconds for readinessProbe | 10 |
dex.readinessProbe.timeoutSeconds |
Timeout seconds for readinessProbe | 1 |
dex.readinessProbe.failureThreshold |
Failure threshold for readinessProbe | 3 |
dex.readinessProbe.successThreshold |
Success threshold for readinessProbe | 1 |
dex.customStartupProbe |
Custom startupProbe that overrides the default one | {} |
dex.customLivenessProbe |
Custom livenessProbe that overrides the default one | {} |
dex.customReadinessProbe |
Custom readinessProbe that overrides the default one | {} |
dex.resourcesPreset |
Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if dex.resources is set (dex.resources is recommended for production). | nano |
dex.resources |
Set container requests and limits for different resources like CPU or memory (essential for production workloads) | {} |
dex.podSecurityContext.enabled |
Enabled Dex pods’ Security Context | true |
dex.podSecurityContext.fsGroupChangePolicy |
Set filesystem group change policy | Always |
dex.podSecurityContext.sysctls |
Set kernel settings using the sysctl interface | [] |
dex.podSecurityContext.supplementalGroups |
Set filesystem extra groups | [] |
dex.podSecurityContext.fsGroup |
Set Dex pod’s Security Context fsGroup | 1001 |
dex.containerSecurityContext.enabled |
Enabled Dex containers’ Security Context | true |
dex.containerSecurityContext.seLinuxOptions |
Set SELinux options in container | {} |
dex.containerSecurityContext.runAsUser |
Set Dex containers’ Security Context runAsUser | 1001 |
dex.containerSecurityContext.runAsGroup |
Set Dex containers’ Security Context runAsGroup | 1001 |
dex.containerSecurityContext.allowPrivilegeEscalation |
Set Dex containers’ Security Context allowPrivilegeEscalation | false |
dex.containerSecurityContext.readOnlyRootFilesystem |
Set Dex containers’ server Security Context readOnlyRootFilesystem | true |
dex.containerSecurityContext.runAsNonRoot |
Set Dex containers’ Security Context runAsNonRoot | true |
dex.containerSecurityContext.capabilities.drop |
Set Argo CD containers’ repo server Security Context capabilities to be dropped | ["ALL"] |
dex.containerSecurityContext.privileged |
Set dex container’s Security Context privileged | false |
dex.containerSecurityContext.seccompProfile.type |
Set container’s Security Context seccomp profile | RuntimeDefault |
dex.service.type |
Dex service type | ClusterIP |
dex.service.ports.http |
Dex HTTP service port | 5556 |
dex.service.ports.grpc |
Dex grpc service port | 5557 |
dex.service.nodePorts.http |
HTTP node port for the Dex service | "" |
dex.service.nodePorts.grpc |
gRPC node port for the Dex service | "" |
dex.service.clusterIP |
Dex service Cluster IP | "" |
dex.service.loadBalancerIP |
Dex service Load Balancer IP | "" |
dex.service.loadBalancerSourceRanges |
Dex service Load Balancer sources | [] |
dex.service.externalTrafficPolicy |
Dex service external traffic policy | Cluster |
dex.service.annotations |
Additional custom annotations for Dex service | {} |
dex.service.extraPorts |
Extra ports to expose (normally used with the sidecar value) |
[] |
dex.service.sessionAffinity |
Session Affinity for Kubernetes service, can be “None” or “ClientIP” | None |
dex.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
dex.networkPolicy.enabled |
Specifies whether a NetworkPolicy should be created | true |
dex.networkPolicy.allowExternal |
Don’t require server label for connections | true |
dex.networkPolicy.allowExternalEgress |
Allow the pod to access any range of port and all destinations. | true |
dex.networkPolicy.kubeAPIServerPorts |
List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | [] |
dex.networkPolicy.extraIngress |
Add extra ingress rules to the NetworkPolicy | [] |
dex.networkPolicy.extraEgress |
Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | [] |
dex.networkPolicy.ingressNSMatchLabels |
Labels to match to allow traffic from other namespaces | {} |
dex.networkPolicy.ingressNSPodMatchLabels |
Pod labels to match to allow traffic from other namespaces | {} |
dex.containerPorts.http |
Dex container HTTP port | 5556 |
dex.containerPorts.grpc |
Dex gRPC port | 5557 |
dex.containerPorts.metrics |
Dex metrics port | 5558 |
dex.metrics.enabled |
Enable metrics service for Dex | false |
dex.metrics.service.type |
Dex service type | ClusterIP |
dex.metrics.service.ports.metrics |
Dex metrics service port | 5558 |
dex.metrics.service.nodePorts.metrics |
Node port for the Dex service | "" |
dex.metrics.service.clusterIP |
Dex service metrics service Cluster IP | "" |
dex.metrics.service.loadBalancerIP |
Dex service Load Balancer IP | "" |
dex.metrics.service.loadBalancerSourceRanges |
Dex service Load Balancer sources | [] |
dex.metrics.service.externalTrafficPolicy |
Dex service external traffic policy | Cluster |
dex.metrics.service.annotations |
Additional custom annotations for Dex service | {} |
dex.metrics.service.sessionAffinity |
Session Affinity for Kubernetes service, can be “None” or “ClientIP” | None |
dex.metrics.service.sessionAffinityConfig |
Additional settings for the sessionAffinity | {} |
dex.metrics.serviceMonitor.enabled |
Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | false |
dex.metrics.serviceMonitor.namespace |
Namespace which Prometheus is running in | "" |
dex.metrics.serviceMonitor.jobLabel |
The name of the label on the target service to use as the job name in prometheus. | "" |
dex.metrics.serviceMonitor.interval |
Interval at which metrics should be scraped | 30s |
dex.metrics.serviceMonitor.scrapeTimeout |
Timeout after which the scrape is ended | 10s |
dex.metrics.serviceMonitor.relabelings |
RelabelConfigs to apply to samples before scraping | [] |
dex.metrics.serviceMonitor.metricRelabelings |
MetricRelabelConfigs to apply to samples before ingestion | [] |
dex.metrics.serviceMonitor.selector |
ServiceMonitor selector labels | {} |
dex.metrics.serviceMonitor.honorLabels |
honorLabels chooses the metric’s labels on collisions with target labels | false |
dex.serviceAccount.create |
Specifies whether a ServiceAccount should be created for Dex | true |
dex.serviceAccount.name |
The name of the ServiceAccount to use. | "" |
dex.serviceAccount.automountServiceAccountToken |
Automount service account token for the Dex service account | false |
dex.serviceAccount.annotations |
Annotations for service account. Evaluated as a template. Only used if create is true. |
{} |
dex.command |
Override default container command (useful when using custom images) | [] |
dex.args |
Override default container args (useful when using custom images) | [] |
dex.extraArgs |
Add extra args to the default args for Dex | [] |
dex.automountServiceAccountToken |
Mount Service Account token in pod | true |
dex.hostAliases |
Dex pods host aliases | [] |
dex.podLabels |
Extra labels for Dex pods | {} |
dex.podAnnotations |
Annotations for Dex pods | {} |
dex.podAffinityPreset |
Pod affinity preset. Ignored if dex.affinity is set. Allowed values: soft or hard |
"" |
dex.podAntiAffinityPreset |
Pod anti-affinity preset. Ignored if dex.affinity is set. Allowed values: soft or hard |
soft |
dex.nodeAffinityPreset.type |
Node affinity preset type. Ignored if dex.affinity is set. Allowed values: soft or hard |
"" |
dex.nodeAffinityPreset.key |
Node label key to match. Ignored if dex.affinity is set |
"" |
dex.nodeAffinityPreset.values |
Node label values to match. Ignored if dex.affinity is set |
[] |
dex.affinity |
Affinity for Dex pods assignment | {} |
dex.nodeSelector |
Node labels for Dex pods assignment | {} |
dex.tolerations |
Tolerations for Dex pods assignment | [] |
dex.schedulerName |
Name of the k8s scheduler (other than default) | "" |
dex.shareProcessNamespace |
Enable shared process namespace in a pod. | false |
dex.topologySpreadConstraints |
Topology Spread Constraints for pod assignment | [] |
dex.updateStrategy.type |
Dex statefulset strategy type | RollingUpdate |
dex.priorityClassName |
Dex pods’ priorityClassName | "" |
dex.runtimeClassName |
Name of the runtime class to be used by pod(s) | "" |
dex.lifecycleHooks |
for the Dex container(s) to automate configuration before or after startup | {} |
dex.extraEnvVars |
Array with extra environment variables to add to Dex nodes | [] |
dex.extraEnvVarsCM |
Name of existing ConfigMap containing extra env vars for Dex nodes | "" |
dex.extraEnvVarsSecret |
Name of existing Secret containing extra env vars for Dex nodes | "" |
dex.extraVolumes |
Optionally specify extra list of additional volumes for the Dex pod(s) | [] |
dex.extraVolumeMounts |
Optionally specify extra list of additional volumeMounts for the Dex container(s) | [] |
dex.sidecars |
Add additional sidecar containers to the Dex pod(s) | [] |
dex.initContainers |
Add additional init containers to the Dex pod(s) | [] |
dex.pdb.create |
Enable/disable a Pod Disruption Budget creation | true |
dex.pdb.minAvailable |
Minimum number/percentage of pods that should remain scheduled | "" |
dex.pdb.maxUnavailable |
Maximum number/percentage of pods that may be made unavailable. Defaults to 1 if both dex.pdb.minAvailable and dex.pdb.maxUnavailable are empty. |
"" |
Shared config for Argo CD components
| Name | Description | Value |
|---|---|---|
config.knownHosts |
Known hosts to be added to the known hosts list by default. Check the values to see the default value | "" |
config.extraKnownHosts |
Add extra known hosts to the known hosts list | "" |
config.createExtraKnownHosts |
Whether to create or not the extra known hosts configmap | true |
config.styles |
Custom CSS styles | "" |
config.existingStylesConfigmap |
Use an existing styles configmap | "" |
config.tlsCerts |
TLS certificates used to verify the authenticity of the repository servers | {} |
config.gpgKeys |
GnuPG public keys to add to the keyring | {} |
config.rbac |
Role-based authentication configuration | {} |
config.secret.create |
Whether to create or not the secret | true |
config.secret.annotations |
General secret extra annotations | {} |
config.secret.githubSecret |
GitHub secret to configure webhooks | "" |
config.secret.gitlabSecret |
GitLab secret to configure webhooks | "" |
config.secret.bitbucketServerSecret |
BitBucket secret to configure webhooks | "" |
config.secret.bitbucketUUID |
BitBucket UUID to configure webhooks | "" |
config.secret.gogsSecret |
Gogs secret to configure webhooks | "" |
config.secret.extra |
Extra keys to add to the configuration secret. | {} |
config.secret.argocdServerTlsConfig.key |
TLS key for the Argo CD config secret | "" |
config.secret.argocdServerTlsConfig.crt |
TLS certificate for the Argo CD config secret | "" |
config.secret.argocdServerAdminPassword |
Argo CD server admin password. Autogenerated by default. | "" |
config.secret.argocdServerAdminPasswordMtime |
Argo CD server password modification time | "" |
config.secret.repositoryCredentials |
Repository credentials to add to the Argo CD server confgi secret | {} |
config.clusterCredentials |
Configure external cluster credentials | [] |
Init Container Parameters
| Name | Description | Value |
|---|---|---|
volumePermissions.enabled |
Enable init container that changes the owner/group of the PV mount point to runAsUser:fsGroup |
false |
volumePermissions.image.registry |
OS Shell + Utility image registry | REGISTRY_NAME |
volumePermissions.image.repository |
OS Shell + Utility image repository | REPOSITORY_NAME/os-shell |
volumePermissions.image.digest |
OS Shell + Utility image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag | "" |
volumePermissions.image.pullPolicy |
OS Shell + Utility image pull policy | IfNotPresent |
volumePermissions.image.pullSecrets |
OS Shell + Utility image pull secrets | [] |
volumePermissions.resourcesPreset |
Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | nano |
volumePermissions.resources |
Set container requests and limits for different resources like CPU or memory (essential for production workloads) | {} |
volumePermissions.containerSecurityContext.seLinuxOptions |
Set SELinux options in container | {} |
volumePermissions.containerSecurityContext.runAsUser |
Set init container’s Security Context runAsUser | 0 |
Other Parameters
| Name | Description | Value |
|---|---|---|
rbac.create |
Specifies whether RBAC resources should be created | true |
redis.image.registry |
Redis image registry | REGISTRY_NAME |
redis.image.repository |
Redis image repository | REPOSITORY_NAME/redis |
redis.image.digest |
Redis image digest in the way sha256:aa…. Please note this parameter, if set, will override the tag | "" |
redis.image.pullPolicy |
Redis image pull policy | IfNotPresent |
redis.image.pullSecrets |
Redis image pull secrets | [] |
redis.enabled |
Enable Redis dependency | true |
redis.nameOverride |
Name override for the Redis dependency | "" |
redis.service.ports.redis |
Service port for Redis dependency | 6379 |
redis.auth.enabled |
Enable Redis dependency authentication | true |
redis.auth.existingSecret |
Existing secret to load redis dependency password | "" |
redis.auth.existingSecretPasswordKey |
Pasword key name inside the existing secret | redis-password |
redis.architecture |
Redis® architecture. Allowed values: standalone or replication |
standalone |
externalRedis.enabled |
Enables External Redis | false |
externalRedis.host |
External Redis host | "" |
externalRedis.port |
External Redis port | 6379 |
externalRedis.password |
External Redis password | "" |
externalRedis.existingSecret |
Existing secret for the external redis | "" |
externalRedis.existingSecretPasswordKey |
Password key for the existing secret containing the external redis password | redis-password |
externalRedis.selector |
External Redis selector labels | {} |
redisWait.enabled |
Enables waiting for redis | true |
redisWait.extraArgs |
Additional arguments for the redis-cli call, such as TLS | "" |
redisWait.containerSecurityContext.enabled |
Enabled Argo CD repo server containers’ Security Context | true |
redisWait.containerSecurityContext.seLinuxOptions |
Set SELinux options in container | {} |
redisWait.containerSecurityContext.runAsUser |
Set Argo CD repo server containers’ Security Context runAsUser | 1001 |
redisWait.containerSecurityContext.runAsGroup |
Set Argo CD repo server containers’ Security Context runAsGroup | 1001 |
redisWait.containerSecurityContext.allowPrivilegeEscalation |
Set Argo CD repo server containers’ Security Context allowPrivilegeEscalation | false |
redisWait.containerSecurityContext.capabilities.drop |
Set Argo CD containers’ repo server Security Context capabilities to be dropped | ["ALL"] |
redisWait.containerSecurityContext.readOnlyRootFilesystem |
Set Argo CD containers’ repo server Security Context readOnlyRootFilesystem | true |
redisWait.containerSecurityContext.runAsNonRoot |
Set Argo CD repo server containers’ Security Context runAsNonRoot | true |
redisWait.containerSecurityContext.privileged |
Set redisWait container’s Security Context privileged | false |
redisWait.containerSecurityContext.seccompProfile.type |
Set container’s Security Context seccomp profile | RuntimeDefault |
The above parameters map to the env variables defined in bitnami/argo-cd. For more information please refer to the bitnami/argo-cd image documentation.
Specify each parameter using the --set key=value[,key=value] argument to helm install. For example,
helm install my-release \
--set controller.replicaCount=2 \
--set server.metrics.enabled=true \
oci://REGISTRY_NAME/REPOSITORY_NAME/argo-cd
Note: You need to substitute the placeholders
REGISTRY_NAMEandREPOSITORY_NAMEwith a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to useREGISTRY_NAME=registry-1.docker.ioandREPOSITORY_NAME=bitnamicharts.
The above command sets the argo-cd controller replicas to 2, and enabled argo-cd server metrics.
NOTE: Once this chart is deployed, it is not possible to change the application’s access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application’s built-in administrative tools if available.
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/argo-cd
Note: You need to substitute the placeholders
REGISTRY_NAMEandREPOSITORY_NAMEwith a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to useREGISTRY_NAME=registry-1.docker.ioandREPOSITORY_NAME=bitnamicharts. Tip: You can use the default values.yaml
Troubleshooting
Find more information about how to deal with common errors related to Bitnami’s Helm charts in this troubleshooting guide.
Upgrading
To 6.0.0
This major bump changes the following security defaults:
runAsGroupis changed from0to1001readOnlyRootFilesystemis set totrueresourcesPresetis changed fromnoneto the minimum size working in our test suites (NOTE:resourcesPresetis not meant for production usage, butresourcesadapted to your use case).global.compatibility.openshift.adaptSecurityContextis changed fromdisabledtoauto.
This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.
To 5.0.0
This major updates the Redis® subchart to its newest major, 18.0.0. Here you can find more information about the changes introduced in that version.
NOTE: Due to an error in our release process, Redis®’ chart versions higher or equal than 17.15.4 already use Redis® 7.2 by default.
To 4.0.0
This major update the Redis® subchart to its newest major, 17.0.0, which updates Redis® from its version 6.2 to the latest 7.0.
To 3.0.0
This major update the Redis® subchart to its newest major, 16.0.0. Here you can find more info about the specific changes.
Additionally, this chart has been standardised adding features from other charts.
To 2.0.0
This major update the Redis® subchart to its newest major, 15.0.0. Here you can find more info about the specific changes.
To 1.0.0
In this version, the image block is defined once and is used in the different templates, while in the previous version, the image block was duplicated for every component
image:
registry: docker.io
repository: bitnami/argo-cd
tag: 2.0.5
VS
controller:
image:
registry: docker.io
repository: bitnami/argo-cd
tag: 2.0.5
...
server:
image:
registry: docker.io
repository: bitnami/argo-cd
tag: 2.0.5
...
repoServer:
image:
registry: docker.io
repository: bitnami/argo-cd
tag: 2.0.5
See PR#7113 for more info about the implemented changes
License
Copyright © 2024 Broadcom. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
Licensed under the Apache License, Version 2.0 (the “License”); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
