2024-02-28 20:55:00 +00:00
|
|
|
argo-events:
|
|
|
|
enabled: false
|
2024-03-04 12:58:33 +00:00
|
|
|
configs:
|
|
|
|
jetstream:
|
|
|
|
# Default JetStream settings, could be overridden by EventBus JetStream spec
|
|
|
|
# Ref: https://docs.nats.io/running-a-nats-service/configuration#jetstream
|
|
|
|
settings:
|
|
|
|
# -- Maximum size of the memory storage (e.g. 1G)
|
|
|
|
maxMemoryStore: -1
|
|
|
|
# -- Maximum size of the file storage (e.g. 20G)
|
|
|
|
maxFileStore: -1
|
|
|
|
streamConfig:
|
|
|
|
# -- Maximum number of messages before expiring oldest message
|
|
|
|
maxMsgs: 1000000
|
|
|
|
# -- Maximum age of existing messages, i.e. “72h”, “4h35m”
|
|
|
|
maxAge: 72h
|
|
|
|
# Total size of messages before expiring oldest message, 0 means unlimited.
|
|
|
|
maxBytes: 1GB
|
|
|
|
# -- Number of replicas, defaults to 3 and requires minimal 3
|
|
|
|
replicas: 1
|
|
|
|
# -- Not documented at the moment
|
|
|
|
duplicates: 300s
|
|
|
|
# Supported versions of JetStream eventbus
|
|
|
|
# see: https://github.com/nats-io/k8s/blob/main/helm/charts/nats/values.yaml
|
|
|
|
# do NOT use -alpine tag as the entrypoint differs
|
|
|
|
versions:
|
|
|
|
- version: 2.10.11
|
2024-12-18 03:02:45 +00:00
|
|
|
natsImage: nats:2.10.24-scratch
|
2024-03-04 12:58:33 +00:00
|
|
|
metricsExporterImage: natsio/prometheus-nats-exporter:0.14.0
|
|
|
|
configReloaderImage: natsio/nats-server-config-reloader:0.14.1
|
|
|
|
startCommand: /nats-server
|
|
|
|
|
2024-03-27 22:48:02 +00:00
|
|
|
|
|
|
|
argocd-apps:
|
|
|
|
enabled: false
|
|
|
|
projects: {}
|
|
|
|
applications: {}
|
|
|
|
|
2024-05-23 21:21:34 +00:00
|
|
|
|
2024-03-27 22:48:02 +00:00
|
|
|
argo-cd:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
global:
|
|
|
|
logging:
|
|
|
|
format: json
|
2024-05-23 21:21:34 +00:00
|
|
|
image:
|
|
|
|
repository: public.ecr.aws/zero-downtime/zdt-argocd
|
2024-12-09 12:39:33 +00:00
|
|
|
tag: v2.13.1
|
|
|
|
networkPolicy:
|
|
|
|
create: true
|
2024-03-27 22:48:02 +00:00
|
|
|
|
|
|
|
configs:
|
|
|
|
styles: |
|
|
|
|
.sidebar__logo img { content: url(https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png); }
|
|
|
|
.sidebar__logo__text-logo { height: 0em; }
|
|
|
|
.sidebar { background: linear-gradient(to bottom, #6A4D79, #493558, #2D1B30, #0D0711); }
|
|
|
|
|
|
|
|
cm:
|
2024-12-09 12:39:33 +00:00
|
|
|
ui.bannercontent: "KubeZero v1.31 - Release notes"
|
|
|
|
ui.bannerurl: "https://kubezero.com/releases/v1.31"
|
2024-03-27 22:48:02 +00:00
|
|
|
ui.bannerpermanent: "true"
|
|
|
|
ui.bannerposition: "bottom"
|
|
|
|
|
|
|
|
# argo-cd.server.config.url -- ArgoCD URL being exposed via Istio
|
|
|
|
url: https://argocd.example.com
|
|
|
|
|
|
|
|
timeout.reconciliation: 300s
|
|
|
|
|
|
|
|
resource.customizations: |
|
|
|
|
cert-manager.io/Certificate:
|
|
|
|
# Lua script for customizing the health status assessment
|
|
|
|
health.lua: |
|
|
|
|
hs = {}
|
|
|
|
if obj.status ~= nil then
|
|
|
|
if obj.status.conditions ~= nil then
|
|
|
|
for i, condition in ipairs(obj.status.conditions) do
|
|
|
|
if condition.type == "Ready" and condition.status == "False" then
|
|
|
|
hs.status = "Degraded"
|
|
|
|
hs.message = condition.message
|
|
|
|
return hs
|
|
|
|
end
|
|
|
|
if condition.type == "Ready" and condition.status == "True" then
|
|
|
|
hs.status = "Healthy"
|
|
|
|
hs.message = condition.message
|
|
|
|
return hs
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
hs.status = "Progressing"
|
|
|
|
hs.message = "Waiting for certificate"
|
|
|
|
return hs
|
|
|
|
|
|
|
|
secret:
|
|
|
|
createSecret: false
|
2024-08-09 10:41:24 +00:00
|
|
|
# `htpasswd -nbBC 10 "" $ARGO_PWD | tr -d ':\n' | sed 's/$2y/$2a/' | base64 -w0`
|
2024-05-23 21:21:34 +00:00
|
|
|
# argocdServerAdminPassword: "$2a$10$ivKzaXVxMqdeDSfS3nqi1Od3iDbnL7oXrixzDfZFRHlXHnAG6LydG"
|
|
|
|
# argocdServerAdminPassword: "ref+file://secrets.yaml#/test"
|
|
|
|
# argocdServerAdminPasswordMtime: "2020-04-24T15:33:09BST"
|
2024-03-27 22:48:02 +00:00
|
|
|
|
|
|
|
ssh:
|
2024-11-04 13:41:40 +00:00
|
|
|
extraHosts: "git.zero-downtime.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7UgK7Z4dDcuIW1uMOsuwhrqdkJCvYG/ZjHtLM7WaKFxVRnzNnNkQJNncWIGNDUQ1xxrbsoSNRZDtk0NlOjNtx2aApSWl4iWghkpXELvsZtOZ7I9FSC/E6ImLC3KWfK7P0mhZaF6kHPfpu8Y6pjUyLBTpV1AaVwr0I8onyqGazJOVotTFaBFEi/sT0O2FUk7agwZYfj61w3JGOy3c+fmBcK3lXf/QM90tosOpJNuJ7n5Vk5FDDLkl9rO4XR/+mXHFvITiWb8F5C50YAwjYcy36yWSSryUAAHAuqpgotwh65vSG6fZvFhmEwO2BrCkOV5+k8iRfhy/yZODJzZ5V/5cbMbdZrY6lm/p5/S1wv8BEyPekBGdseqQjEO0IQiQHcMrfgTrrQ7ndbZzVZRByZI+wbGFkBCzNSJcNsoiHjs2EblxYyuW0qUvvrBxLnySvaxyPm4BOukSAZAOEaUrajpQlnHdnY1CGcgbwxw0LNv3euKQ3tDJSUlKO0Wd8d85PRv1THW4Ui9Lhsmv+BPA2vJZDOkx/n0oyPFAB0oyd5JNM38eFxLCmPC2OE63gDP+WmzVO61YCVTnvhpQjEOLawEWVFsk0y25R5z5BboDqJaOFnZF6i517O96cn17z3Ls4hxw3+0rlKczYRoyfUHs7KQENa4mY8YlJweNTBgld//RMUQ=="
|
2024-03-27 22:48:02 +00:00
|
|
|
|
|
|
|
params:
|
|
|
|
controller.status.processors: "10"
|
|
|
|
controller.operation.processors: "5"
|
2024-11-13 13:57:48 +00:00
|
|
|
controller.diff.server.side: "true"
|
2024-03-27 22:48:02 +00:00
|
|
|
|
|
|
|
server.insecure: true
|
|
|
|
server.enable.gzip: true
|
|
|
|
|
|
|
|
controller:
|
|
|
|
metrics:
|
|
|
|
enabled: false
|
|
|
|
serviceMonitor:
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
resources:
|
|
|
|
limits:
|
|
|
|
# cpu: 500m
|
|
|
|
memory: 2048Mi
|
|
|
|
requests:
|
|
|
|
cpu: 100m
|
|
|
|
memory: 512Mi
|
|
|
|
|
|
|
|
repoServer:
|
|
|
|
metrics:
|
|
|
|
enabled: false
|
|
|
|
serviceMonitor:
|
|
|
|
enabled: true
|
|
|
|
|
2024-05-23 21:21:34 +00:00
|
|
|
volumes:
|
|
|
|
- name: kubeconfigs
|
|
|
|
emptyDir: {}
|
|
|
|
volumeMounts:
|
|
|
|
- mountPath: /home/argocd/.kube
|
|
|
|
name: kubeconfigs
|
|
|
|
|
|
|
|
# Allow vals to read internal secrets across all namespaces
|
|
|
|
clusterRoleRules:
|
|
|
|
enabled: true
|
|
|
|
rules:
|
|
|
|
- apiGroups: [""]
|
|
|
|
resources: ["secrets"]
|
|
|
|
verbs: ["get", "watch", "list"]
|
|
|
|
|
|
|
|
initContainers:
|
|
|
|
- name: create-kubeconfig
|
2024-07-21 19:24:45 +00:00
|
|
|
image: '{{ default .Values.global.image.repository .Values.repoServer.image.repository }}:{{ default (include "argo-cd.defaultTag" .) .Values.repoServer.image.tag }}'
|
|
|
|
imagePullPolicy: '{{ default .Values.global.image.imagePullPolicy .Values.repoServer.image.imagePullPolicy }}'
|
2024-05-23 21:21:34 +00:00
|
|
|
command:
|
|
|
|
- /usr/local/bin/sa2kubeconfig.sh
|
|
|
|
- /home/argocd/.kube/config
|
|
|
|
volumeMounts:
|
|
|
|
- mountPath: /home/argocd/.kube
|
|
|
|
name: kubeconfigs
|
|
|
|
securityContext:
|
2024-07-22 11:02:52 +00:00
|
|
|
runAsNonRoot: true
|
|
|
|
readOnlyRootFilesystem: true
|
|
|
|
allowPrivilegeEscalation: false
|
|
|
|
seccompProfile:
|
|
|
|
type: RuntimeDefault
|
|
|
|
capabilities:
|
|
|
|
drop:
|
|
|
|
- ALL
|
2024-05-23 21:21:34 +00:00
|
|
|
|
2024-03-27 22:48:02 +00:00
|
|
|
server:
|
|
|
|
# Rename former https port to grpc, works with istio + insecure
|
|
|
|
service:
|
|
|
|
servicePortHttpsName: grpc
|
|
|
|
metrics:
|
|
|
|
enabled: false
|
|
|
|
serviceMonitor:
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
# redis:
|
|
|
|
# We might want to try to keep redis close to the controller
|
|
|
|
# affinity:
|
|
|
|
|
|
|
|
dex:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
notifications:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
# Support for Istio Ingress for ArgoCD
|
|
|
|
istio:
|
|
|
|
# istio.enabled -- Deploy Istio VirtualService to expose ArgoCD
|
|
|
|
enabled: false
|
|
|
|
# istio.gateway -- Name of the Istio gateway to add the VirtualService to
|
|
|
|
gateway: istio-ingress/ingressgateway
|
|
|
|
ipBlocks: []
|
|
|
|
|
|
|
|
argocd-image-updater:
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
# Unify all ArgoCD pieces under the same argocd namespace
|
|
|
|
fullnameOverride: argocd-image-updater
|
|
|
|
|
|
|
|
config:
|
|
|
|
argocd:
|
|
|
|
plaintext: true
|
|
|
|
|
|
|
|
metrics:
|
|
|
|
enabled: false
|
|
|
|
serviceMonitor:
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
authScripts:
|
|
|
|
enabled: true
|
|
|
|
scripts:
|
|
|
|
ecr-login.sh: |
|
|
|
|
#!/bin/sh
|
|
|
|
aws ecr --region $AWS_REGION get-authorization-token --output text --query 'authorizationData[].authorizationToken' | base64 -d
|
|
|
|
ecr-public-login.sh: |
|
|
|
|
#!/bin/sh
|
|
|
|
aws ecr-public --region us-east-1 get-authorization-token --output text --query 'authorizationData.authorizationToken' | base64 -d
|
|
|
|
sshConfig:
|
|
|
|
config: |
|
|
|
|
Host *
|
|
|
|
PubkeyAcceptedAlgorithms +ssh-rsa
|
|
|
|
HostkeyAlgorithms +ssh-rsa
|