argo-cd: crds: install: true keep: true configs: cm: admin.enabled: true accounts.homepage: apiKey url: https://argocd.alexlebens.net statusbadge.url: https://argocd.alexlebens.net/ statusbadge.enabled: true dex.config: | connectors: - config: issuer: https://authentik.alexlebens.net/application/o/argocd/ clientID: $argocd-oidc-secret:client clientSecret: $argocd-oidc-secret:secret insecureEnableGroups: true scopes: - openid - profile - email name: authentik type: oidc id: authentik params: server.insecure: true controller.diff.server.side: true rbac: policy.csv: | g, ArgoCD Admins, role:admin g, homepage, role:readonly controller: replicas: 1 resources: requests: cpu: 15m memory: 1Gi readinessProbe: failureThreshold: 3 initialDelaySeconds: 60 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 metrics: enabled: true serviceMonitor: enabled: true rules: enabled: true spec: - alert: ArgoAppMissing expr: | absent(argocd_app_info) == 1 for: 15m labels: severity: critical annotations: summary: "[Argo CD] No reported applications" description: > Argo CD has not reported any applications data for the past 15 minutes which means that it must be down or not functioning properly. This needs to be resolved for this cloud to continue to maintain state. - alert: ArgoAppNotSynced expr: | argocd_app_info{sync_status!="Synced"} == 1 for: 12h labels: severity: warning annotations: summary: "[{{`{{$labels.name}}`}}] Application not synchronized" description: > The application [{{`{{$labels.name}}`}} has not been synchronized for over 12 hours which means that the state of this cloud has drifted away from the state inside Git. dex: enabled: true resources: requests: cpu: 10m memory: 64Mi metrics: enabled: true serviceMonitor: enabled: true livenessProbe: enabled: true readinessProbe: enabled: true redis-ha: enabled: true image: repository: redis tag: 8.6.1-alpine@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0 persistentVolume: enabled: true redis: resources: requests: cpu: 1000m memory: 64Mi haproxy: enabled: true image: repository: haproxy tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e resources: requests: cpu: 10m memory: 128Mi metrics: enabled: true serviceMonitor: enabled: true exporter: enabled: true image: ghcr.io/oliver006/redis_exporter tag: v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03 serviceMonitor: enabled: true prometheusRule: enabled: true interval: 30s rules: - alert: RedisPodDown expr: | redis_up{job="{{ include "redis-ha.fullname" . }}"} == 0 for: 5m labels: severity: critical annotations: description: Redis pod {{ "{{ $labels.pod }}" }} is down summary: Redis pod {{ "{{ $labels.pod }}" }} is down auth: false redisSecretInit: enabled: false server: replicas: 2 resources: requests: cpu: 10m memory: 64Mi metrics: enabled: true serviceMonitor: enabled: true httproute: enabled: true parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - argocd.alexlebens.net repoServer: replicas: 2 resources: requests: cpu: 10m memory: 64Mi readinessProbe: enabled: true failureThreshold: 3 initialDelaySeconds: 60 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 livenessProbe: enabled: true failureThreshold: 3 initialDelaySeconds: 60 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 metrics: enabled: true serviceMonitor: enabled: true applicationSet: replicas: 2 resources: requests: cpu: 10m memory: 64Mi metrics: enabled: true serviceMonitor: enabled: true readinessProbe: enabled: true failureThreshold: 3 initialDelaySeconds: 60 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 livenessProbe: enabled: true failureThreshold: 3 initialDelaySeconds: 60 periodSeconds: 30 successThreshold: 1 timeoutSeconds: 5 notifications: argocdUrl: https://argocd.alexlebens.net secret: create: false name: argocd-notifications-secret metrics: enabled: true serviceMonitor: enabled: true notifiers: service.webhook.ntfy: | url: http://ntfy.ntfy/ headers: - name: Authorization value: Bearer $ntfy-token resources: requests: cpu: 10m memory: 64Mi livenessProbe: enabled: true readinessProbe: enabled: true subscriptions: - recipients: - ntfy triggers: - on-created - on-deleted - on-deployed - on-health-degraded - on-sync-failed - on-sync-running - on-sync-status-unknown - on-sync-succeeded templates: template.app-created: | webhook: ntfy: method: POST body: | { "topic": "argocd", "message": "{{.app.metadata.name}} has been created.", "title": "Created: {{.app.metadata.name}}", "tags": ["building_construction"], "priority": 4, "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}" } template.app-deleted: | webhook: ntfy: method: POST body: | { "topic": "argocd", "message": "{{.app.metadata.name}} has been deleted", "title": "Deleted: {{.app.metadata.name}}", "tags": ["warning"], "priority": 4, "click": "{{.context.argocdUrl}}" } template.app-deployed: | webhook: ntfy: method: POST body: | { "topic": "argocd", "message": "{{.app.metadata.name}} is now running new version of deployments manifests", "title": "Deployed: {{.app.metadata.name}}", "tags": ["+1"], "priority": 3, "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}" } template.app-health-degraded: | webhook: ntfy: method: POST body: | { "topic": "argocd", "message": "{{.app.metadata.name}} health has degraded", "title": "Degraded: {{.app.metadata.name}}", "tags": ["rotating_light"], "priority": 4, "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}" } template.app-sync-failed: | webhook: ntfy: method: POST body: | { "topic": "argocd", "message": "{{.app.metadata.name}} sync has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}", "title": "Sync Failed: {{.app.metadata.name}}", "tags": ["rotating_light"], "priority": 4, "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" } template.app-sync-running: | webhook: ntfy: method: POST body: | { "topic": "argocd", "message": "{{.app.metadata.name}} sync has started at {{.app.status.operationState.startedAt}}", "title": "Sync Running: {{.app.metadata.name}}", "tags": ["runner"], "priority": 3, "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" } template.app-sync-status-unknown: | webhook: ntfy: method: POST body: | { "topic": "argocd", "message": "{{.app.metadata.name}} sync status is unknown", "title": "Sync Unknown: {{.app.metadata.name}}", "tags": ["question"], "priority": 3, "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}" } template.app-sync-succeeded: | webhook: ntfy: method: POST body: | { "topic": "argocd", "message": "{{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}", "title": "Sync Succeeded: {{.app.metadata.name}}", "tags": ["+1"], "priority": 3, "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true" } triggers: trigger.on-created: | - description: Application {{.app.metadata.name}} has been created. oncePer: app.metadata.name send: - app-created when: "true" trigger.on-deleted: | - description: Application {{.app.metadata.name}} has been deleted. oncePer: app.metadata.name send: - app-deleted when: app.metadata.deletionTimestamp != nil trigger.on-deployed: | - description: Application is synced and healthy. Triggered once per commit. oncePer: app.status.operationState.syncResult.revision send: - app-deployed when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy' trigger.on-health-degraded: | - description: Application has degraded send: - app-health-degraded when: app.status.health.status == 'Degraded' trigger.on-sync-failed: | - description: Application syncing has failed send: - app-sync-failed when: app.status.operationState.phase in ['Error', 'Failed'] trigger.on-sync-running: | - description: Application is being synced send: - app-sync-running when: app.status.operationState.phase in ['Running'] trigger.on-sync-status-unknown: | - description: Application status is 'Unknown' send: - app-sync-status-unknown when: app.status.sync.status == 'Unknown' trigger.on-sync-succeeded: | - description: Application syncing has succeeded send: - app-sync-succeeded when: app.status.operationState.phase in ['Succeeded']