-
Notifications
You must be signed in to change notification settings - Fork 5.4k
/
argocd-cmd-params-cm.yaml
260 lines (248 loc) · 14.7 KB
/
argocd-cmd-params-cm.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cmd-params-cm
labels:
app.kubernetes.io/name: argocd-cmd-params-cm
app.kubernetes.io/part-of: argocd
data:
# Repo server address. (default "argocd-repo-server:8081")
repo.server: "argocd-repo-server:8081"
# Redis server hostname and port (e.g. argocd-redis:6379)
redis.server: "argocd-redis:6379"
# Enable compression for data sent to Redis with the required compression algorithm. (default 'gzip')
redis.compression: gzip
# Redis database
redis.db:
# Open-Telemetry collector address: (e.g. "otel-collector:4317")
otlp.address: ""
# Open-Telemetry collector insecure: (e.g. "true")
otlp.insecure: "true"
# Open-Telemetry collector headers: (e.g. "key1=value1,key2=value2")
otlp.headers: ""
# List of additional namespaces where applications may be created in and
# reconciled from. The namespace where Argo CD is installed to will always
# be allowed.
#
# Feature state: Beta
application.namespaces: ns1, ns2, ns3
## Controller Properties
# Repo server RPC call timeout seconds.
controller.repo.server.timeout.seconds: "60"
# Disable TLS on connections to repo server
controller.repo.server.plaintext: "false"
# Whether to use strict validation of the TLS cert presented by the repo server
controller.repo.server.strict.tls: "false"
# Number of application status processors (default 20)
controller.status.processors: "20"
# Number of application operation processors (default 10)
controller.operation.processors: "10"
# Set the logging format. One of: text|json (default "text")
controller.log.format: "text"
# Set the logging level. One of: debug|info|warn|error (default "info")
controller.log.level: "info"
# Prometheus metrics cache expiration (disabled by default. e.g. 24h0m0s)
controller.metrics.cache.expiration: "24h0m0s"
# Specifies exponential backoff timeout parameters between application self heal attempts
controller.self.heal.timeout.seconds: "2"
controller.self.heal.backoff.factor: "3"
controller.self.heal.backoff.cap.seconds: "300"
# Cache expiration for app state (default 1h0m0s)
controller.app.state.cache.expiration: "1h0m0s"
# Specifies if resource health should be persisted in app CRD (default true)
# Changing this to `false` significantly reduce number of Application CRD updates and improves controller performance.
# However, disabling resource health by default might affect applications that communicate with Applications CRD directly
# so we have to defer switching this to `false` by default till v3.0 release.
controller.resource.health.persist: "true"
# Cache expiration default (default 24h0m0s)
controller.default.cache.expiration: "24h0m0s"
# Sharding algorithm used to balance clusters across application controller shards (default "legacy")
controller.sharding.algorithm: legacy
# Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit.
controller.kubectl.parallelism.limit: "20"
# The maximum number of retries for each request
controller.k8sclient.retry.max: "0"
# The initial backoff delay on the first retry attempt in ms. Subsequent retries will double this backoff time up to a maximum threshold
controller.k8sclient.retry.base.backoff: "100"
# Grace period in seconds for ignoring consecutive errors while communicating with repo server.
controller.repo.error.grace.period.seconds: "180"
# Enables the server side diff feature at the application controller level.
# Diff calculation will be done by running a server side apply dryrun (when
# diff cache is unavailable).
controller.diff.server.side: "false"
# Enables profile endpoint on the internal metrics port
controller.profile.enabled: "false"
## Server properties
# Listen on given address for incoming connections (default "0.0.0.0")
server.listen.address: "0.0.0.0"
# Listen on given address for metrics (default "0.0.0.0")
server.metrics.listen.address: "0.0.0.0"
# Run server without TLS
server.insecure: "false"
# Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/")
server.basehref: "/"
# Used if Argo CD is running behind reverse proxy under subpath different from /
server.rootpath: ""
# Directory path that contains additional static assets
server.staticassets: "/shared/app"
# The maximum number of retries for each request
server.k8sclient.retry.max: "0"
# The initial backoff delay on the first retry attempt in ms. Subsequent retries will double this backoff time up to a maximum threshold
server.k8sclient.retry.base.backoff: "100"
# Semicolon-separated list of content types allowed on non-GET requests. Set an empty string to allow all. Be aware
# that allowing content types besides application/json may make your API more vulnerable to CSRF attacks.
server.api.content.types: "application/json"
# Number of webhook requests processed concurrently (default 50)
server.webhook.parallelism.limit: "50"
# Set the logging format. One of: text|json (default "text")
server.log.format: "text"
# Set the logging level. One of: debug|info|warn|error (default "info")
server.log.level: "info"
# Repo server RPC call timeout seconds. (default 60)
server.repo.server.timeout.seconds: "60"
# Use a plaintext client (non-TLS) to connect to repository server
server.repo.server.plaintext: "false"
# Perform strict validation of TLS certificates when connecting to repo server
server.repo.server.strict.tls: "false"
# Dex server address (default "http://argocd-dex-server:5556")
server.dex.server: "http://argocd-dex-server:5556"
# Use a plaintext client (non-TLS) to connect to dex server
server.dex.server.plaintext: "false"
# Perform strict validation of TLS certificates when connecting to dex server
server.dex.server.strict.tls: "false"
# Disable client authentication
server.disable.auth: "false"
# Toggle GZIP compression
server.enable.gzip: "true"
# Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin")
server.x.frame.options: "sameorigin"
# The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
server.tls.minversion: "1.2"
# The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
server.tls.maxversion: "1.3"
# The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
server.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384"
# Cache expiration for cluster/repo connection status (default 1h0m0s)
server.connection.status.cache.expiration: "1h0m0s"
# Cache expiration for OIDC state (default 3m0s)
server.oidc.cache.expiration: "3m0s"
# Cache expiration for failed login attempts (default 24h0m0s)
server.login.attempts.expiration: "24h0m0s"
# Cache expiration for app state (default 1h0m0s)
server.app.state.cache.expiration: "1h0m0s"
# Cache expiration default (default 24h0m0s)
server.default.cache.expiration: "24h0m0s"
# Enable the experimental proxy extension feature
server.enable.proxy.extension: "false"
# Enables profile endpoint on the internal metrics port
server.profile.enabled: "false"
## Repo-server properties
# Listen on given address for incoming connections (default "0.0.0.0")
reposerver.listen.address: "0.0.0.0"
# Listen on given address for metrics (default "0.0.0.0")
reposerver.metrics.listen.address: "0.0.0.0"
# Set the logging format. One of: text|json (default "text")
reposerver.log.format: "text"
# Set the logging level. One of: debug|info|warn|error (default "info")
reposerver.log.level: "info"
# Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit.
reposerver.parallelism.limit: "1"
# Disable TLS on the gRPC endpoint
reposerver.disable.tls: "false"
# The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
reposerver.tls.minversion: "1.2"
# The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
reposerver.tls.maxversion: "1.3"
# The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
reposerver.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384"
# Cache expiration for repo state, incl. app lists, app details, manifest generation, revision meta-data (default 24h0m0s)
reposerver.repo.cache.expiration: "24h0m0s"
# Cache expiration default (default 24h0m0s)
reposerver.default.cache.expiration: "24h0m0s"
# Max combined manifest file size for a single directory-type Application. In-memory manifest representation may be as
# much as 300x the manifest file size. Limit this to stay within the memory limits of the repo-server while allowing
# for 300x memory expansion and N Applications running at the same time.
# (example 10M max * 300 expansion * 10 Apps = 30G max theoretical memory usage).
reposerver.max.combined.directory.manifests.size: '10M'
# Paths to be excluded from the tarball streamed to plugins. Separate with ;
reposerver.plugin.tar.exclusions: ""
# Enable the repo server to use the 'argocd.argoproj.io/manifest-generate-paths' annotation to guide manifest generation.
reposerver.plugin.use.manifest.generate.paths: "false"
# Allow repositories to contain symlinks that leave the boundaries of the repository.
# Changing this to "true" will not allow _all_ out-of-bounds symlinks. Those will still be blocked for things like values
# files in Helm charts. But symlinks which are not explicitly blocked by other checks will be allowed.
reposerver.allow.oob.symlinks: "false"
# Maximum size of tarball when streaming manifests to the repo server for generation
reposerver.streamed.manifest.max.tar.size: "100M"
# Maximum size of extracted manifests when streaming manifests to the repo server for generation
reposerver.streamed.manifest.max.extracted.size: "1G"
# Enable git submodule support
reposerver.enable.git.submodule: "true"
# Number of concurrent git ls-remote requests. Any value less than 1 means no limit.
reposerver.git.lsremote.parallelism.limit: "0"
# Git requests timeout.
reposerver.git.request.timeout: "15s"
# Include hidden directories from Git
reposerver.include.hidden.directories: "false"
# Set the logging format. One of: text|json (default "text")
dexserver.log.format: "text"
# Set the logging level. One of: debug|info|warn|error (default "info")
dexserver.log.level: "info"
# Disable TLS on the HTTP endpoint
dexserver.disable.tls: "false"
## ApplicationSet Controller Properties
# Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.
applicationsetcontroller.enable.leader.election: "false"
# "Modify how application is synced between the generator and the cluster. Default is '' (empty), which means AppSets
# will default to the 'sync' policy (create & update & delete). Explicitly setting the value prevents AppSet-level
# policy overrides unless overrides are explicitly enabled (see option below). Explicit options are:
# 'create-only', 'create-update' (no deletion), 'create-delete' (no update)"
applicationsetcontroller.policy: ""
# If applicationsetcontroller.policy is empty, this flag has no effect. If applicationsetcontroller.policy is set,
# this flag controls whether the policy set in the controller can be overridden by the ApplicationSet resource
# (i.e. the spec.syncPlicy.applicationSync field). Set it to "true" to allow overrides. "" or "false" will disable
# overrides. (default "")
applicationsetcontroller.enable.policy.override: ""
# Max concurrent reconciliation limit for the controller (default 10)
applicationsetcontroller.concurrent.reconciliations.max: "10"
# Enable new globbing in Git files generator (default "false")
# See https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/Generators-Git-File-Globbing/
applicationsetcontroller.enable.new.git.file.globbing: "false"
# Print debug logs. Takes precedence over loglevel
applicationsetcontroller.debug: "false"
# Set the logging format. One of: text|json (default "text")
applicationsetcontroller.log.format: "text"
# Set the logging level. One of: debug|info|warn|error (default "info")
applicationsetcontroller.log.level: "info"
# Enable dry run mode
applicationsetcontroller.dryrun: "false"
# Enable git submodule support
applicationsetcontroller.enable.git.submodule: "true"
# Enables use of the Progressive Syncs capability
applicationsetcontroller.enable.progressive.syncs: "false"
# A list of glob patterns specifying where to look for ApplicationSet resources. (default is only the ns where the controller is installed)
applicationsetcontroller.namespaces: "argocd,argocd-appsets-*"
# Path of the self-signed TLS certificate for SCM/PR Gitlab Generator
applicationsetcontroller.scm.root.ca.path: ""
# A comma separated list of allowed SCM providers (default "" is all SCM providers).
# Setting this field is required when using ApplicationSets-in-any-namespace, to prevent users from
# sending secrets from `tokenRef`s to disallowed `api` domains.
# The url used in the scm generator must exactly match one in the list
applicationsetcontroller.allowed.scm.providers: "https://git.example.com/,https://gitlab.example.com/"
# To disable SCM providers entirely (i.e. disable the SCM and PR generators), set this to "false". Default is "true".
applicationsetcontroller.enable.scm.providers: "false"
# Number of webhook requests processed concurrently (default 50)
applicationsetcontroller.webhook.parallelism.limit: "50"
# Override the default requeue time for the controller. (default 3m)
applicationsetcontroller.requeue.after: "3m"
# Enable strict mode for tokenRef in ApplicationSet resources. When enabled, the referenced secret must have a label `argocd.argoproj.io/secret-type` with value `scm-creds`.
applicationsetcontroller.enable.tokenref.strict.mode: "false"
## Argo CD Notifications Controller Properties
# Set the logging level. One of: debug|info|warn|error (default "info")
notificationscontroller.log.level: "info"
# Set the logging format. One of: text|json (default "text")
notificationscontroller.log.format: "text"
# Enable self-service notifications config. Used in conjunction with apps-in-any-namespace. (default "false")
notificationscontroller.selfservice.enabled: "false"
# Disable TLS on connections to repo server
notificationscontroller.repo.server.plaintext: "false"