diff --git a/.gitignore b/.gitignore index 2125f1c..3f096ef 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ .idea/workspace.xml -output.yaml diff --git a/Chart.yaml b/Chart.yaml index 2370835..899bbd6 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,8 +1,9 @@ apiVersion: v2 -name: harness-gitops +name: gitops-helm description: A Helm chart for Harness GitOps Agent - for more information, please visit https://developer.harness.io/docs/category/gitops. version: 1.0.0 dependencies: - name: argo-cd version: 5.51.6 repository: https://argoproj.github.io/argo-helm + condition: argo-cd.enabled diff --git a/templates/_common.tpl b/templates/_common.tpl index c849a87..d495427 100644 --- a/templates/_common.tpl +++ b/templates/_common.tpl @@ -27,7 +27,7 @@ Common labels helm.sh/chart: {{ include "harness.chart" .context }} {{ include "harness.selectorLabels" (dict "context" .context "component" .component "name" .name) }} app.kubernetes.io/managed-by: {{ .context.Release.Service }} -app.kubernetes.io/part-of: argocd +app.kubernetes.io/part-of: harness-gitops app.kubernetes.io/version: {{ include "harness.versionLabelValue" .context }} {{- with .context.Values.global.additionalLabels }} {{ toYaml . }} @@ -41,7 +41,7 @@ Selector labels {{- if .name -}} app.kubernetes.io/name: {{ include "harness.name" .context }}-{{ .name }} {{ end -}} -app.kubernetes.io/instance: {{ .context.Release.Name }} +app.kubernetes.io/instance: gitops {{- if .component }} app.kubernetes.io/component: {{ .component }} {{- end }} diff --git a/templates/argocd-application-controller/networkpolicy.yaml b/templates/argocd-application-controller/networkpolicy.yaml index 537e15b..826a397 100644 --- a/templates/argocd-application-controller/networkpolicy.yaml +++ b/templates/argocd-application-controller/networkpolicy.yaml @@ -3,18 +3,18 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} + {{- include "harness.labels" (dict "context" . "component" .Values.controller.name "name" .Values.controller.name) | nindent 4 }} name: {{ template "argo-cd.controller.fullname" . }} namespace: {{ .Release.Namespace | quote }} spec: ingress: - - from: - - namespaceSelector: {} - ports: - - port: metrics + - from: + - namespaceSelector: {} + ports: + - port: metrics podSelector: matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} + {{- include "harness.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 6 }} policyTypes: - - Ingress + - Ingress {{- end }} diff --git a/templates/argocd-applicationset/networkpolicy.yaml b/templates/argocd-applicationset/networkpolicy.yaml index 7d11416..c7b036d 100644 --- a/templates/argocd-applicationset/networkpolicy.yaml +++ b/templates/argocd-applicationset/networkpolicy.yaml @@ -6,22 +6,22 @@ metadata: name: {{ template "argo-cd.applicationSet.fullname" . }} namespace: {{ .Release.Namespace | quote }} labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} + {{- include "harness.labels" (dict "context" . "component" .Values.applicationSet.name "name" .Values.applicationSet.name) | nindent 4 }} spec: ingress: {{- if $argo.applicationSet.webhook.ingress.enabled }} - - ports: - - port: webhook + - ports: + - port: webhook {{- end }} {{- if $argo.applicationSet.metrics.enabled }} - - from: - - namespaceSelector: {} - ports: - - port: metrics + - from: + - namespaceSelector: {} + ports: + - port: metrics {{- end }} podSelector: matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} + {{- include "harness.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 6 }} policyTypes: - - Ingress + - Ingress {{- end }} diff --git a/templates/argocd-configs/argocd-cmd-params-cm.yaml b/templates/argocd-configs/argocd-cmd-params-cm.yaml deleted file mode 100644 index 1619de5..0000000 --- a/templates/argocd-configs/argocd-cmd-params-cm.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $argo := (index .Values "argo-cd") -}} -{{- if $argo.configs.params.create }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: argocd-cmd-params-cm - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "harness.labels" (dict "context" . "component" $argo.server.name "name" "cmd-params-cm") | nindent 4 }} - {{- if $argo.configs.params.annotations }} - annotations: - {{- range $key, $value := $argo.configs.params.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} - {{- end }} -data: - {{- include "argo-cd.config.params" . | trim | nindent 2 }} -{{- end }} diff --git a/templates/argocd-repo-server/networkpolicy.yaml b/templates/argocd-repo-server/networkpolicy.yaml index d40b878..7d5cad4 100644 --- a/templates/argocd-repo-server/networkpolicy.yaml +++ b/templates/argocd-repo-server/networkpolicy.yaml @@ -4,40 +4,35 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} + {{- include "harness.labels" (dict "context" . "component" .Values.repoServer.name "name" .Values.repoServer.name) | nindent 4 }} name: {{ template "argo-cd.repoServer.fullname" . }} namespace: {{ .Release.Namespace | quote }} spec: ingress: - - from: - - podSelector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.agent.name) | nindent 10 }} - - podSelector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} - {{- if $argo.notifications.enabled }} - - podSelector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" $argo.notifications.name) | nindent 10 }} - {{- end }} + - from: + - podSelector: + matchLabels: + {{- include "harness.selectorLabels" (dict "context" . "name" .Values.agent.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "harness.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} {{- if $argo.applicationSet.enabled }} - - podSelector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "harness.selectorLabels" (dict "context" . "name" .Values.applicationSet.name) | nindent 10 }} {{- end }} - ports: - - port: repo-server - protocol: TCP + ports: + - port: repo-server + protocol: TCP {{- if $argo.repoServer.metrics.enabled }} - - from: - - namespaceSelector: {} - ports: - - port: metrics + - from: + - namespaceSelector: {} + ports: + - port: metrics {{- end }} podSelector: matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} + {{- include "harness.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 6 }} policyTypes: - - Ingress + - Ingress {{- end }} diff --git a/templates/gitops-agent/clusterrole.yaml b/templates/gitops-agent/clusterrole.yaml index faaa173..8c506f6 100644 --- a/templates/gitops-agent/clusterrole.yaml +++ b/templates/gitops-agent/clusterrole.yaml @@ -3,9 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: .Values.agent.name + name: {{ .Values.agent.name }} labels: - {{- include "harness.labels" (dict "context" . "component" $argo.server.name "name" .Values.agent.name) | nindent 4 }} + {{- include "harness.labels" (dict "context" . "component" .Values.agent.name "name" .Values.agent.name) | nindent 4 }} rules: - apiGroups: - '*' @@ -46,6 +46,7 @@ rules: resources: - applications - applicationsets + - appprojects verbs: - get - list diff --git a/templates/gitops-agent/clusterrolebinding.yaml b/templates/gitops-agent/clusterrolebinding.yaml index ac2c9ab..9b07dd1 100644 --- a/templates/gitops-agent/clusterrolebinding.yaml +++ b/templates/gitops-agent/clusterrolebinding.yaml @@ -3,13 +3,13 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: .Values.agent.name + name: {{ .Values.agent.name }} labels: - {{- include "harness.labels" (dict "context" . "component" $argo.server.name "name" .Values.agent.name) | nindent 4 }} + {{- include "harness.labels" (dict "context" . "component" .Values.agent.name "name" .Values.agent.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: .Values.agent.name + name: {{ .Values.agent.name }} subjects: - kind: ServiceAccount name: {{ include "harness.agentServiceAccountName" . }} diff --git a/templates/gitops-agent/configmap.yaml b/templates/gitops-agent/configmap.yaml new file mode 100644 index 0000000..7fff84f --- /dev/null +++ b/templates/gitops-agent/configmap.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +data: + GITOPS_ACCOUNT_IDENTIFIER: {{ .Values.harness.identity.accountId }} + GITOPS_AGENT_IDENTIFIER: {{ .Values.harness.identity.agentId }} + {{- if ne .Values.harness.identity.orgId "" }} + GITOPS_ORG_IDENTIFIER: {{ .Values.harness.identity.orgId }} + {{- end }} + {{- if ne .Values.harness.identity.projectId "" }} + GITOPS_PROJECT_IDENTIFIER: {{ .Values.harness.identity.projectId }} + {{- end }} + {{- if .Values.harness.disasterRecovery.enabled }} + GITOPS_DISASTER_RECOVERY_IDENTIFIER: {{ .Values.harness.disasterRecovery.identifier }} + {{- end }} + GITOPS_SERVICE_HTTP_TLS_ENABLED: "{{ .Values.harness.configMap.http.tlsEnabled }}" + GITOPS_SERVICE_HTTP_CERT_FILES: {{ .Values.harness.configMap.http.certPath }} + AGENT_HTTP_TARGET: {{ .Values.harness.configMap.http.agentHttpTarget }} + AGENT_GRPC_TARGET: {{ .Values.harness.configMap.grpc.agentGrpcTarget }} + AGENT_GRPC_AUTHORITY: {{ .Values.harness.configMap.grpc.agentGrpcAuthority }} + GITOPS_SERVICE_GRPC_INSECURE: "{{ .Values.harness.configMap.grpc.serviceGrpcInsecure }}" + GITOPS_SERVICE_PROTOCOL: {{ .Values.harness.configMap.agentProtocol }} + GITOPS_AGENT_ENABLE_RECONCILE: "{{ .Values.harness.configMap.reconcile.enabled }}" + GITOPS_AGENT_RECONCILE_INTERVAL: "{{ .Values.harness.configMap.reconcile.interval }}" + GITOPS_AGENT_DISCOVER_APPLICATION_PODS_DURATION_IN_SECS: "{{ .Values.harness.configMap.reconcile.podsDiscovery }}" + LOG_LEVEL: {{ .Values.harness.configMap.logLevel }} + GITOPS_AGENT_FETCH_TYPE: "{{ .Values.harness.configMap.agentFetchType }}" + REDIS_COMPRESSION: "{{ .Values.harness.configMap.redisCompression }}" + {{- if .Values.agent.proxy.enabled }} + HTTPS_PROXY: {{ .Values.agent.proxy.httpsProxy }} + HTTP_PROXY: {{ .Values.agent.proxy.httpProxy }} + NO_PROXY: localhost,argocd-repo-server,argocd-redis,127.0.0.1,argocd-redis-ha-haproxy,$(KUBERNETES_SERVICE_HOST),kubernetes.default.svc,{{ .Values.agent.name }} + {{- end }} +kind: ConfigMap +metadata: + labels: + {{- include "harness.labels" (dict "context" . "component" .Values.agent.name "name" (printf "%s-cm" .Values.agent.name)) | nindent 4 }} + name: {{ .Values.agent.name }} + namespace: {{ .Release.Namespace }} diff --git a/templates/gitops-agent/deployment.yaml b/templates/gitops-agent/deployment.yaml index 66805c3..876c314 100755 --- a/templates/gitops-agent/deployment.yaml +++ b/templates/gitops-agent/deployment.yaml @@ -8,10 +8,10 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} - name: .Values.agent.name + name: {{ .Values.agent.name }} namespace: {{ .Release.Namespace | quote }} labels: - {{- include "harness.labels" (dict "context" . "component" $argo.server.name "name" .Values.agent.name) | nindent 4 }} + {{- include "harness.labels" (dict "context" . "component" .Values.agent.name "name" .Values.agent.name) | nindent 4 }} spec: {{- with include "argo-cd.strategy" (mergeOverwrite .Values.agent.deploymentStrategy) }} strategy: @@ -27,7 +27,6 @@ spec: template: metadata: annotations: - checksum/cmd-params: {{ include (print $.Template.BasePath "/argocd-configs/argocd-cmd-params-cm.yaml") . | sha256sum }} {{- with (mergeOverwrite (deepCopy $argo.global.podAnnotations) .Values.agent.podAnnotations) }} {{- range $key, $value := . }} {{ $key }}: {{ $value | quote }} @@ -59,13 +58,11 @@ spec: {{- end }} serviceAccountName: {{ .Values.agent.serviceAccount.name }} containers: - - name: {{ .Values.agent.name }} + - command: + - /app/agent + name: {{ .Values.agent.name }} image: {{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }} imagePullPolicy: {{ .Values.agent.image.imagePullPolicy }} - args: - - /usr/local/bin/argocd-server - - --port={{ .Values.agent.containerPorts.server }} - - --metrics-port={{ .Values.agent.containerPorts.metrics }} {{- with .Values.agent.logFormat }} - --logformat - {{ . | quote }} @@ -77,230 +74,11 @@ spec: {{- with .Values.agent.extraArgs }} {{- toYaml . | nindent 8 }} {{- end }} - env: - {{- with (concat $argo.global.env .Values.agent.env) }} - {{- toYaml . | nindent 10 }} - {{- end }} - - name: ARGOCD_SERVER_INSECURE - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.insecure - optional: true - - name: ARGOCD_SERVER_BASEHREF - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.basehref - optional: true - - name: ARGOCD_SERVER_ROOTPATH - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.rootpath - optional: true - - name: ARGOCD_SERVER_LOGFORMAT - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.log.format - optional: true - - name: ARGOCD_SERVER_LOG_LEVEL - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.log.level - optional: true - - name: ARGOCD_SERVER_REPO_SERVER - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: repo.server - optional: true - - name: ARGOCD_SERVER_DEX_SERVER - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.dex.server - optional: true - - name: ARGOCD_SERVER_DISABLE_AUTH - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.disable.auth - optional: true - - name: ARGOCD_SERVER_ENABLE_GZIP - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.enable.gzip - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.repo.agent.timeout.seconds - optional: true - - name: ARGOCD_SERVER_X_FRAME_OPTIONS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.x.frame.options - optional: true - - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.content.security.policy - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.repo.agent.plaintext - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.repo.agent.strict.tls - optional: true - - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.dex.agent.plaintext - optional: true - - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.dex.agent.strict.tls - optional: true - - name: ARGOCD_TLS_MIN_VERSION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.tls.minversion - optional: true - - name: ARGOCD_TLS_MAX_VERSION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.tls.maxversion - optional: true - - name: ARGOCD_TLS_CIPHERS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.tls.ciphers - optional: true - - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.connection.status.cache.expiration - optional: true - - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.oidc.cache.expiration - optional: true - - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.login.attempts.expiration - optional: true - - name: ARGOCD_SERVER_STATIC_ASSETS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.staticassets - optional: true - - name: ARGOCD_APP_STATE_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.app.state.cache.expiration - optional: true - - name: REDIS_SERVER - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.server - optional: true - - name: REDIS_COMPRESSION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.compression - optional: true - - name: REDISDB - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.db - optional: true - - name: REDIS_USERNAME - valueFrom: - secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) $argo.externalRedis.existingSecret }} - key: redis-username - optional: true - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default (include "argo-cd.redis.fullname" .) $argo.externalRedis.existingSecret }} - key: redis-password - optional: true - - name: ARGOCD_DEFAULT_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.default.cache.expiration - optional: true - - name: ARGOCD_MAX_COOKIE_NUMBER - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.http.cookie.maxnumber - optional: true - - name: ARGOCD_SERVER_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.listen.address - optional: true - - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.metrics.listen.address - optional: true - - name: ARGOCD_SERVER_OTLP_ADDRESS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: otlp.address - optional: true - - name: ARGOCD_APPLICATION_NAMESPACES - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: application.namespaces - optional: true - - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: agent.enable.proxy.extension - optional: true - {{- with .Values.agent.envFrom }} envFrom: - {{- toYaml . | nindent 10 }} - {{- end }} + - configMapRef: + name: {{ .Values.agent.name }} + - secretRef: + name: {{ .Values.agent.name }} volumeMounts: {{- with .Values.agent.volumeMounts }} {{- toYaml . | nindent 8 }} @@ -311,28 +89,19 @@ spec: name: tls-certs - mountPath: /app/config/server/tls name: argocd-repo-server-tls - - mountPath: /app/config/dex/tls - name: argocd-dex-server-tls - mountPath: /home/argocd name: plugins-home - - mountPath: /shared/app/custom - name: styles - mountPath: /tmp name: tmp + {{- if .Values.harness.secrets.caData.enabled }} - mountPath: /tmp/ca.bundle name: certvol subPath: ca.bundle + {{- end }} {{- if .Values.agent.openshift.enabled }} - mountPath: /app/logs name: log-volume {{- end }} - ports: - - name: server - containerPort: {{ .Values.agent.containerPorts.server }} - protocol: TCP - - name: metrics - containerPort: {{ .Values.agent.containerPorts.metrics }} - protocol: TCP startupProbe: exec: command: @@ -345,7 +114,7 @@ spec: livenessProbe: httpGet: path: /healthz?full=true - port: server + port: 8090 initialDelaySeconds: {{ .Values.agent.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.agent.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.agent.livenessProbe.timeoutSeconds }} @@ -354,7 +123,7 @@ spec: readinessProbe: httpGet: path: /healthz - port: server + port: 8090 initialDelaySeconds: {{ .Values.agent.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.agent.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.agent.readinessProbe.timeoutSeconds }} @@ -377,10 +146,6 @@ spec: initContainers: {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} - {{- with include "argo-cd.affinity" (dict "context" . "component" $argo.server) }} - affinity: - {{- trim . | nindent 8 }} - {{- end }} {{- with .Values.agent.nodeSelector | default .Values.global.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -416,10 +181,6 @@ spec: configMap: name: argocd-tls-certs-cm defaultMode: 420 - - name: styles - configMap: - name: argocd-styles-cm - optional: true - name: argocd-repo-server-tls secret: secretName: argocd-repo-server-tls @@ -431,22 +192,15 @@ spec: path: tls.key - key: ca.crt path: ca.crt - - name: argocd-dex-server-tls - secret: - secretName: argocd-dex-server-tls - optional: true - items: - - key: tls.crt - path: tls.crt - - key: ca.crt - path: ca.crt + {{ if .Values.harness.secrets.caData.enabled }} - name: certvol secret: - secretName: {{ .Values.agent.name }}-agent-ca + secretName: {{ .Values.agent.name }}-ca optional: true items: - key: ca.bundle path: ca.bundle + {{- end }} {{- if .Values.agent.openshift.enabled }} - name: log-volume emptyDir: { } diff --git a/templates/gitops-agent/hpa.yaml b/templates/gitops-agent/hpa.yaml index 07c0d0b..540d2be 100644 --- a/templates/gitops-agent/hpa.yaml +++ b/templates/gitops-agent/hpa.yaml @@ -3,15 +3,15 @@ apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: - name: .Values.agent.name + name: {{ .Values.agent.name }} namespace: {{ .Release.Namespace | quote }} labels: - {{- include "harness.labels" (dict "context" . "component" $argo.server.name "name" .Values.agent.name) | nindent 4 }} + {{- include "harness.labels" (dict "context" . "component" .Values.agent.name "name" .Values.agent.name) | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: .Values.agent.name + name: {{ .Values.agent.name }} minReplicas: {{ .Values.agent.autoscaling.minReplicas }} maxReplicas: {{ .Values.agent.autoscaling.maxReplicas }} metrics: diff --git a/templates/gitops-agent/networkpolicy.yaml b/templates/gitops-agent/networkpolicy.yaml deleted file mode 100644 index 904335c..0000000 --- a/templates/gitops-agent/networkpolicy.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- $argo := (index .Values "argo-cd") -}} -{{- if .Values.harness.networkPolicy.create }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - {{- include "harness.labels" (dict "context" . "component" $argo.server.name "name" .Values.agent.name) | nindent 4 }} - name: .Values.agent.name - namespace: {{ .Release.Namespace | quote }} -spec: - ingress: - - {} - podSelector: - matchLabels: - {{- include "harness.selectorLabels" (dict "context" . "name" .Values.agent.name) | nindent 6 }} - policyTypes: - - Ingress -{{- end }} diff --git a/templates/gitops-agent/pdb.yaml b/templates/gitops-agent/pdb.yaml index ace03cb..9da6356 100644 --- a/templates/gitops-agent/pdb.yaml +++ b/templates/gitops-agent/pdb.yaml @@ -3,10 +3,10 @@ apiVersion: policy/v1 kind: PodDisruptionBudget metadata: - name: .Values.agent.name + name: {{ .Values.agent.name }} namespace: {{ .Release.Namespace | quote }} labels: - {{- include "harness.labels" (dict "context" . "component" $argo.server.name "name" .Values.agent.name) | nindent 4 }} + {{- include "harness.labels" (dict "context" . "component" .Values.agent.name "name" .Values.agent.name) | nindent 4 }} {{- with .Values.agent.pdb.labels }} {{- toYaml . | nindent 4 }} {{- end }} diff --git a/templates/gitops-agent/role.yaml b/templates/gitops-agent/role.yaml index e48641e..1adac95 100644 --- a/templates/gitops-agent/role.yaml +++ b/templates/gitops-agent/role.yaml @@ -2,10 +2,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: .Values.agent.name + name: {{ .Values.agent.name }} namespace: {{ .Release.Namespace | quote }} labels: - {{- include "harness.labels" (dict "context" . "component" $argo.server.name "name" .Values.agent.name) | nindent 4 }} + {{- include "harness.labels" (dict "context" . "component" .Values.agent.name "name" .Values.agent.name) | nindent 4 }} rules: - apiGroups: - "" diff --git a/templates/gitops-agent/rolebinding.yaml b/templates/gitops-agent/rolebinding.yaml index b4ae504..460e146 100644 --- a/templates/gitops-agent/rolebinding.yaml +++ b/templates/gitops-agent/rolebinding.yaml @@ -2,14 +2,14 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: .Values.agent.name + name: {{ .Values.agent.name }} namespace: {{ .Release.Namespace | quote }} labels: - {{- include "harness.labels" (dict "context" . "component" $argo.server.name "name" .Values.agent.name) | nindent 4 }} + {{- include "harness.labels" (dict "context" . "component" .Values.agent.name "name" .Values.agent.name) | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: .Values.agent.name + name: {{ .Values.agent.name }} subjects: - kind: ServiceAccount name: {{ template "harness.agentServiceAccountName" . }} diff --git a/templates/gitops-agent/secret.yaml b/templates/gitops-agent/secret.yaml new file mode 100644 index 0000000..cfd9556 --- /dev/null +++ b/templates/gitops-agent/secret.yaml @@ -0,0 +1,26 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + {{- include "harness.labels" (dict "context" . "component" .Values.agent.name "name" "agent-secret") | nindent 4 }} + name: {{ .Values.agent.name }} + namespace: {{ .Release.Namespace }} +type: Opaque +stringData: + GITOPS_AGENT_TOKEN: | + {{ .Values.harness.secrets.agentSecret }} +--- +{{ if .Values.harness.secrets.caData.enabled }} +apiVersion: v1 +kind: Secret +metadata: + labels: + {{- include "harness.labels" (dict "context" . "component" .Values.agent.name "name" "agent-ca") | nindent 4 }} + name: {{ .Values.agent.name }}-ca + namespace: {{ .Release.Namespace }} + stringData: + ca.bundle: | +{{ .Values.harness.secrets.caData.secret }} +--- +{{- end }} + diff --git a/templates/gitops-agent/service.yaml b/templates/gitops-agent/service.yaml deleted file mode 100644 index 5223a6d..0000000 --- a/templates/gitops-agent/service.yaml +++ /dev/null @@ -1,57 +0,0 @@ -{{- $argo := (index .Values "argo-cd") -}} -apiVersion: v1 -kind: Service -metadata: -{{- if .Values.agent.service.annotations }} - annotations: - {{- range $key, $value := .Values.agent.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} -{{- end }} - name: .Values.agent.name - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "harness.labels" (dict "context" . "component" $argo.server.name "name" .Values.agent.name) | nindent 4 }} -{{- if .Values.agent.service.labels }} -{{- toYaml .Values.agent.service.labels | nindent 4 }} -{{- end }} -spec: - type: {{ .Values.agent.service.type }} - ports: - - name: {{ .Values.agent.service.servicePortHttpName }} - protocol: TCP - port: {{ .Values.agent.service.servicePortHttp }} - targetPort: {{ .Values.agent.containerPorts.server }} - {{- if eq .Values.agent.service.type "NodePort" }} - nodePort: {{ .Values.agent.service.nodePortHttp }} - {{- end }} - - name: {{ .Values.agent.service.servicePortHttpsName }} - protocol: TCP - port: {{ .Values.agent.service.servicePortHttps }} - targetPort: {{ .Values.agent.containerPorts.server }} - {{- if eq .Values.agent.service.type "NodePort" }} - nodePort: {{ .Values.agent.service.nodePortHttps }} - {{- end }} - {{- with .Values.agent.service.servicePortHttpsAppProtocol }} - appProtocol: {{ . }} - {{- end }} - selector: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.agent.name) | nindent 4 }} -{{- if eq .Values.agent.service.type "LoadBalancer" }} -{{- if .Values.agent.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.agent.service.loadBalancerIP | quote }} -{{- end }} -{{- if .Values.agent.service.externalIPs }} - externalIPs: {{ .Values.agent.service.externalIPs }} -{{- end }} -{{- if .Values.agent.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.agent.service.loadBalancerSourceRanges | indent 4 }} -{{- end }} -{{- end -}} -{{- with .Values.agent.service.externalTrafficPolicy }} - externalTrafficPolicy: {{ . }} -{{- end }} -{{- with .Values.agent.service.sessionAffinity }} - sessionAffinity: {{ . }} -{{- end }} diff --git a/templates/gitops-agent/servicemonitor.yaml b/templates/gitops-agent/servicemonitor.yaml index 80fdb3a..4199627 100644 --- a/templates/gitops-agent/servicemonitor.yaml +++ b/templates/gitops-agent/servicemonitor.yaml @@ -3,10 +3,10 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: .Values.agent.name + name: {{ .Values.agent.name }} namespace: {{ default .Release.Namespace .Values.agent.metrics.serviceMonitor.namespace | quote }} labels: - {{- include "harness.labels" (dict "context" . "component" $argo.server.name "name" .Values.agent.name) | nindent 4 }} + {{- include "harness.labels" (dict "context" . "component" .Values.agent.name "name" .Values.agent.name) | nindent 4 }} {{- with .Values.agent.metrics.serviceMonitor.selector }} {{- toYaml . | nindent 4 }} {{- end }} @@ -44,5 +44,5 @@ spec: - {{ .Release.Namespace }} selector: matchLabels: - {{- include "harness.selectorLabels" (dict "context" . "component" $argo.server.name "name" (printf "%s-metrics" .Values.agent.name)) | nindent 6 }} + {{- include "harness.selectorLabels" (dict "context" . "component" .Values.agent.name "name" (printf "%s-metrics" .Values.agent.name)) | nindent 6 }} {{- end }} diff --git a/templates/redis/networkpolicy.yaml b/templates/redis/networkpolicy.yaml index 6f305ee..d288152 100644 --- a/templates/redis/networkpolicy.yaml +++ b/templates/redis/networkpolicy.yaml @@ -5,30 +5,24 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: labels: - {{- include "argo-cd.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} + {{- include "harness.labels" (dict "context" . "component" .Values.redis.name "name" .Values.redis.name) | nindent 4 }} name: {{ template "argo-cd.redis.fullname" . }} namespace: {{ .Release.Namespace | quote }} spec: ingress: - - from: - - podSelector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.agent.name) | nindent 10 }} - - podSelector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 10 }} - - podSelector: - matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} - ports: - - port: redis - protocol: TCP - egress: - - ports: - - port: 53 - protocol: UDP - - port: 53 - protocol: TCP + - from: + - podSelector: + matchLabels: + {{- include "harness.selectorLabels" (dict "context" . "name" .Values.agent.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "harness.selectorLabels" (dict "context" . "name" .Values.repoServer.name) | nindent 10 }} + - podSelector: + matchLabels: + {{- include "harness.selectorLabels" (dict "context" . "name" .Values.controller.name) | nindent 10 }} + ports: + - port: redis + protocol: TCP {{- if $argo.redis.metrics.enabled }} - from: - namespaceSelector: {} @@ -36,10 +30,16 @@ spec: - port: metrics protocol: TCP {{- end }} + egress: + - ports: + - port: 53 + protocol: UDP + - port: 53 + protocol: TCP podSelector: matchLabels: - {{- include "argo-cd.selectorLabels" (dict "context" . "name" $argo.redis.name) | nindent 6 }} + {{- include "harness.selectorLabels" (dict "context" . "name" $argo.redis.name) | nindent 6 }} policyTypes: - - Ingress - - Egress + - Ingress + - Egress {{- end }} diff --git a/templates/upgrader/cronjob.yaml b/templates/upgrader/cronjob.yaml index 6c3165a..8cd2fdc 100644 --- a/templates/upgrader/cronjob.yaml +++ b/templates/upgrader/cronjob.yaml @@ -2,10 +2,12 @@ apiVersion: batch/v1 kind: CronJob metadata: - name: {{ .Values.agent.name }}-agent-upgrader + name: {{ .Values.agent.name }}-upgrader namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "harness.labels" (dict "context" . "component" .Values.upgrader.name "name" .Values.upgrader.name) | nindent 4 }} spec: - schedule: {{ .Values.upgrader.cron }} + schedule: "{{ .Values.upgrader.cron }}" concurrencyPolicy: Forbid startingDeadlineSeconds: {{ .Values.upgrader.startDeadline }} jobTemplate: @@ -14,39 +16,43 @@ spec: spec: serviceAccountName: {{ .Values.upgrader.name }} containers: - - name: upgrader - image: {{ .Values.upgrader.image }} - imagePullPolicy: Always - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace + - name: upgrader + image: {{ .Values.upgrader.image }} + imagePullPolicy: Always + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace {{- if .Values.agent.proxy.enabled }} - name: HTTPS_PROXY value: {{ .Values.agent.proxy.httpsProxy }} - name: HTTP_PROXY value: {{ .Values.agent.proxy.httpProxy }} - name: NO_PROXY - value: localhost,argocd-repo-server,argocd-redis,127.0.0.1,argocd-redis-ha-haproxy,kubernetes.default.svc,{{ .Values.agent.name }}-agent + value: localhost,argocd-repo-server,argocd-redis,127.0.0.1,argocd-redis-ha-haproxy,kubernetes.default.svc,{{ .Values.agent.name }} {{- end }} - volumeMounts: - - name: config-volume - mountPath: /etc/config - - name: certvol - mountPath: /tmp/ca.bundle - subPath: ca.bundle + volumeMounts: + - name: config-volume + mountPath: /etc/config + {{- if .Values.harness.secrets.caData.enabled }} + - name: certvol + mountPath: /tmp/ca.bundle + subPath: ca.bundle + {{- end }} volumes: - name: config-volume configMap: - name: {{ .Values.agent.name }}-agent-upgrader + name: {{ .Values.agent.name }}-upgrader + {{- if .Values.harness.secrets.caData.enabled }} - name: certvol secret: - secretName: {{ .Values.agent.name }}-agent-ca + secretName: {{ .Values.agent.name }}-ca optional: true items: - key: ca.bundle path: ca.bundle + {{- end }} restartPolicy: Never --- {{- end }} \ No newline at end of file diff --git a/templates/upgrader/harness-upgrader-cm.yaml b/templates/upgrader/harness-upgrader-cm.yaml index 42fd3d2..72b0949 100644 --- a/templates/upgrader/harness-upgrader-cm.yaml +++ b/templates/upgrader/harness-upgrader-cm.yaml @@ -4,15 +4,17 @@ data: config.yaml: | mode: GitopsAgent dryRun: false - workloadName: {{ .Values.agent.name }}-agent + workloadName: {{ .Values.agent.name }} namespace: {{ .Release.Namespace }} containerName: gitops-agent gitopsAgentConfig: gitopsServerHost: {{ .Values.harness.gitopsServerHost }} + {{- if .Values.harness.secrets.caData.enabled }} caData: /tmp/ca.bundle + {{- end }} kind: ConfigMap metadata: - name: {{ .Values.agent.name }}-agent-upgrader + name: {{ .Values.agent.name }}-upgrader namespace: {{ .Release.Namespace | quote }} --- {{- end }} \ No newline at end of file diff --git a/templates/upgrader/role.yaml b/templates/upgrader/role.yaml index d4bc863..84aa0ed 100644 --- a/templates/upgrader/role.yaml +++ b/templates/upgrader/role.yaml @@ -4,6 +4,8 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.upgrader.name }} namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "harness.labels" (dict "context" . "component" .Values.upgrader.name "name" .Values.upgrader.name) | nindent 4 }} rules: - apiGroups: - batch diff --git a/templates/upgrader/rolebinding.yaml b/templates/upgrader/rolebinding.yaml index 8f6d377..6cc6b16 100644 --- a/templates/upgrader/rolebinding.yaml +++ b/templates/upgrader/rolebinding.yaml @@ -4,6 +4,8 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ .Values.upgrader.name }} namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "harness.labels" (dict "context" . "component" .Values.upgrader.name "name" .Values.upgrader.name) | nindent 4 }} roleRef: kind: Role name: {{ .Values.upgrader.name }} diff --git a/templates/upgrader/serviceaccount.yaml b/templates/upgrader/serviceaccount.yaml index 037d3d9..5a1b997 100644 --- a/templates/upgrader/serviceaccount.yaml +++ b/templates/upgrader/serviceaccount.yaml @@ -4,4 +4,6 @@ kind: ServiceAccount metadata: name: {{ .Values.upgrader.name }} namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "harness.labels" (dict "context" . "component" .Values.upgrader.name "name" .Values.upgrader.name) | nindent 4 }} {{- end }} diff --git a/values.yaml b/values.yaml index 652cee2..50d668e 100644 --- a/values.yaml +++ b/values.yaml @@ -4,6 +4,9 @@ ## Variable Overrides for Argo CD configuration argo-cd: + # -- Disable this for BYOA flows, when Argo CD is already installed + enabled: true + # -- Provide a name in place of `harness` nameOverride: harness # -- String to fully override `"argo-cd.fullname"` @@ -39,6 +42,10 @@ argo-cd: # It should be false for Namespaced Agent installations cluster.inClusterEnabled: "true" + params: + # Setting default Redis Compression as "gzip" (options: "none", "gzip") + redis.compression: gzip + ## Custom resource configuration crds: # -- Keep CRDs on chart uninstall @@ -157,6 +164,13 @@ argo-cd: cpu: "1" memory: 512Mi + serviceAccount: + create: true + + image: + repository: redis + tag: 7.0.11-alpine + ## ArgoCD Server, Dex and Notifications Controller are not required for Harness GitOps Agent server: replicas: 0 @@ -175,12 +189,47 @@ argo-cd: # <---Harness specific overrides---> -# -- Provide a name in place of `harness-gitops` -nameOverride: harness-gitops - ## Variable Overrides for Harness configuration harness: + ## Harness specific identity data + identity: + # -- Account Identifier + accountId: "" + + # -- Organization Identifier + orgId: "" + + # -- Project Identifier + projectId: "" + + # -- Agent Identifier + agentId: "" + + configMap: + agentProtocol : "HTTP1" + http: + tlsEnabled: false + certPath: "/tmp/ca.bundle" + agentHttpTarget: "" + grpc: + agentGrpcTarget: "" + agentGrpcAuthority: "" + serviceGrpcInsecure: false + reconcile: + enabled: true + interval: 100 + podsDiscovery: 120 + logLevel: "debug" + agentFetchType: "POLLER" + redisCompression: "gzip" + + secrets: + agentSecret: "" + caData: + enabled: false + secret: "" + # Default Harness network policy rules used by all components networkPolicy: # -- Create NetworkPolicy objects for all components @@ -189,6 +238,14 @@ harness: # -- Host for GitOps Service gitopsServerHost: "" + ## Disaster Recovery configuration + disasterRecovery: + # -- Enable Disaster Recovery Agent + enabled: false + + # -- DR Agent Identifier + identifier: "" + ## Harness GitOps Agent agent: # -- GitOps Agent name @@ -209,6 +266,21 @@ agent: # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: Always + ## Proxy config for GitOps Agent + proxy: + # -- Enable Proxy + enabled: false + + # -- Add HTTP proxy + httpProxy: {} + + # -- Add HTTPS proxy + httpsProxy: {} + + ## Create an OpenShift agent + openshift: + enabled: false + serviceAccount: # -- Create agent service account create: true @@ -219,7 +291,7 @@ agent: # -- Labels applied to created service account labels: {} # -- Automount API credentials for the Service Account - automountServiceAccountToken: false + automountServiceAccountToken: true ## GitOps Agent Horizontal Pod Autoscaler autoscaling: @@ -308,13 +380,6 @@ agent: # -- Prometheus ServiceMonitor annotations annotations: {} - # Agent container ports - containerPorts: - # -- Agent container port - server: 8080 - # -- Metrics container port - metrics: 8083 - # -- Host Network for Server pods hostNetwork: false @@ -323,39 +388,6 @@ agent: # -- Alternative DNS policy for Server pods dnsPolicy: "ClusterFirst" - ## Agent service configuration - service: - # -- Agent service annotations - annotations: {} - # -- Agent service labels - labels: {} - # -- Agent service type - type: ClusterIP - # -- Agent service http port for NodePort service type (only if `server.service.type` is set to "NodePort") - nodePortHttp: 30080 - # -- Agent service https port for NodePort service type (only if `server.service.type` is set to "NodePort") - nodePortHttps: 30443 - # -- Agent service http port - servicePortHttp: 80 - # -- Agent service https port - servicePortHttps: 443 - # -- Agent service http port name, can be used to route traffic via istio - servicePortHttpName: http - # -- Agent service https port name, can be used to route traffic via istio - servicePortHttpsName: https - # -- Agent service https port appProtocol. (should be upper case - i.e. HTTPS) - # servicePortHttpsAppProtocol: HTTPS - # -- LoadBalancer will get created with the IP specified in this field - loadBalancerIP: "" - # -- Source IP ranges to allow access to service from - loadBalancerSourceRanges: [] - # -- Agent service external IPs - externalIPs: [] - # -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints - externalTrafficPolicy: "" - # -- Used to maintain session affinity. Supports `ClientIP` and `None` - sessionAffinity: "" - # -- Annotations to be added to agent Deployment deploymentAnnotations: {} @@ -437,6 +469,7 @@ agent: # -- Additional command line arguments to pass to GitOps Agent extraArgs: [] + # -- Resource limits and requests for the GitOps Agent pods resources: requests: memory: 512Mi @@ -456,17 +489,6 @@ agent: drop: - ALL - # -- Environment variables to pass to GitOps Agent - env: [] - - # -- envFrom to pass to GitOps Agent - # @default -- `[]` (See [values.yaml]) - envFrom: [] - # - configMapRef: - # name: config-map-name - # - secretRef: - # name: secret-name - # -- Additional containers to be added to the agent pod ## Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/ ## Note: Supports use of custom Helm templates @@ -484,21 +506,6 @@ agent: # name: custom-tools # subPath: kubelogin - ## Proxy config for GitOps Agent - proxy: - # -- Enable Proxy - enabled: false - - # -- Add HTTP proxy - httpProxy: {} - - # -- Add HTTPS proxy - httpsProxy: {} - - ## Create an OpenShift agent - openshift: - enabled: false - ## Harness GitOps Agent upgrader upgrader: # -- Agent upgrader name @@ -518,18 +525,20 @@ upgrader: # <---Duplicated Argo CD overrides for overridden templates---> +fullnameOverride: harness-gitops + +nameOverride: harness + global: image: + repository: docker.io/harness/argocd tag: v2.9.3 + imagePullPolicy: Always logging: format: text repoServer: name: repo-server - service: - port: 8081 - certificateSecret: - enabled: false applicationSet: name: applicationset-controller @@ -539,64 +548,3 @@ controller: redis: name: redis - -dex: - enabled: false - -externalRedis: - host: "" - -configs: - params: - # -- Create the argocd-cmd-params-cm configmap - # If false, it is expected the configmap will be created by something else. - create: true - - # -- Annotations to be added to the argocd-cmd-params-cm ConfigMap - annotations: { } - - ## Generic parameters - # -- Open-Telemetry collector address: (e.g. "otel-collector:4317") - otlp.address: '' - - ## Controller Properties - # -- Number of application status processors - controller.status.processors: 20 - # -- Number of application operation processors - controller.operation.processors: 10 - # -- Specifies timeout between application self heal attempts - controller.self.heal.timeout.seconds: 5 - # -- Repo server RPC call timeout seconds. - controller.repo.server.timeout.seconds: 60 - - ## Server properties - # -- Run server without TLS - server.insecure: false - # -- Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / - server.basehref: / - # -- Used if Argo CD is running behind reverse proxy under subpath different from / - server.rootpath: '' - # -- Directory path that contains additional static assets - server.staticassets: /shared/app - # -- Disable Argo CD RBAC for user authentication - server.disable.auth: false - # -- Enable GZIP compression - server.enable.gzip: true - # -- Set X-Frame-Options header in HTTP responses to value. To disable, set to "". - server.x.frame.options: sameorigin - - ## Repo-server properties - # -- Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. - reposerver.parallelism.limit: 0 - - ## ApplicationSet Properties - # -- Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` - applicationsetcontroller.policy: sync - # -- Enables use of the Progressive Syncs capability - applicationsetcontroller.enable.progressive.syncs: false - - # -- Enables [Applications in any namespace] - ## List of additional namespaces where applications may be created in and reconciled from. - ## The namespace where Argo CD is installed to will always be allowed. - ## Set comma-separated list. (e.g. app-team-one, app-team-two) - application.namespaces: ""