303 lines
9.4 KiB
YAML
303 lines
9.4 KiB
YAML
argo-cd:
|
|
crds:
|
|
install: true
|
|
configs:
|
|
cm:
|
|
admin.enabled: true
|
|
timeout.reconciliation: 100s
|
|
timeout.reconciliation.jitter: 60s
|
|
url: https://argocd.alexlebens.net
|
|
statusbadge.url: https://argocd.alexlebens.net/
|
|
statusbadge.enabled: true
|
|
dex.config: |
|
|
connectors:
|
|
- config:
|
|
issuer: https://authentik.alexlebens.net/application/o/argocd/
|
|
clientID: $argocd-oidc-secret:client
|
|
clientSecret: $argocd-oidc-secret:secret
|
|
insecureEnableGroups: true
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
name: authentik
|
|
type: oidc
|
|
id: authentik
|
|
params:
|
|
server.insecure: true
|
|
rbac:
|
|
policy.csv: |
|
|
g, ArgoCD Admins, role:admin
|
|
cmp:
|
|
create: true
|
|
plugins:
|
|
cdk8s:
|
|
init:
|
|
command: [cdk8s]
|
|
args: [import]
|
|
generate:
|
|
command: [cdk8s, synth]
|
|
args: [--stdout]
|
|
discover:
|
|
fileName: "*.go"
|
|
controller:
|
|
replicas: 1
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
dex:
|
|
enabled: true
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
livenessProbe:
|
|
enabled: true
|
|
readinessProbe:
|
|
enabled: true
|
|
redis-ha:
|
|
enabled: true
|
|
auth: false
|
|
redisSecretInit:
|
|
enabled: true
|
|
server:
|
|
replicas: 2
|
|
extensions:
|
|
enabled: true
|
|
extensionList:
|
|
- name: extension-trivy
|
|
env:
|
|
- name: EXTENSION_URL
|
|
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar
|
|
- name: EXTENSION_CHECKSUM_URL
|
|
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
ingress:
|
|
enabled: false
|
|
repoServer:
|
|
replicas: 2
|
|
extraContainers:
|
|
- name: cmp-cdk8s
|
|
command:
|
|
- /var/run/argocd/argocd-cmp-server
|
|
image: ghcr.io/akuity/cdk8s-cmp-typescript:1.0
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 999
|
|
volumeMounts:
|
|
- mountPath: /var/run/argocd
|
|
name: var-files
|
|
- mountPath: /home/argocd/cmp-server/plugins
|
|
name: plugins
|
|
- mountPath: /home/argocd/cmp-server/config/plugin.yaml
|
|
subPath: cdk8s.yaml
|
|
name: argocd-cmp-cm
|
|
- mountPath: /tmp
|
|
name: cmp-tmp
|
|
volumes:
|
|
- name: argocd-cmp-cm
|
|
configMap:
|
|
name: argocd-cmp-cm
|
|
- name: cmp-tmp
|
|
emptyDir: {}
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
applicationSet:
|
|
replicas: 2
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
livenessProbe:
|
|
enabled: true
|
|
readinessProbe:
|
|
enabled: true
|
|
notifications:
|
|
enabled: true
|
|
context:
|
|
argocdUrl: https://argocd.alexlebens.net
|
|
secret:
|
|
create: false
|
|
name: argocd-notifications-secret
|
|
metrics:
|
|
enabled: true
|
|
serviceMonitor:
|
|
enabled: true
|
|
notifiers:
|
|
service.webhook.ntfy: |
|
|
url: http://ntfy.ntfy/
|
|
headers:
|
|
- name: Authorization
|
|
value: Bearer $ntfy-token
|
|
livenessProbe:
|
|
enabled: true
|
|
readinessProbe:
|
|
enabled: true
|
|
subscriptions:
|
|
- recipients:
|
|
- ntfy
|
|
triggers:
|
|
- on-created
|
|
- on-deleted
|
|
- on-deployed
|
|
- on-health-degraded
|
|
- on-sync-failed
|
|
- on-sync-running
|
|
- on-sync-status-unknown
|
|
- on-sync-succeeded
|
|
templates:
|
|
template.app-created: |
|
|
webhook:
|
|
ntfy:
|
|
method: POST
|
|
body: |
|
|
{
|
|
"topic": "argocd",
|
|
"message": "{{.app.metadata.name}} has been created.",
|
|
"title": "Created: {{.app.metadata.name}}",
|
|
"tags": ["building_construction"],
|
|
"priority": 4,
|
|
"click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}"
|
|
}
|
|
template.app-deleted: |
|
|
webhook:
|
|
ntfy:
|
|
method: POST
|
|
body: |
|
|
{
|
|
"topic": "argocd",
|
|
"message": "{{.app.metadata.name}} has been deleted",
|
|
"title": "Deleted: {{.app.metadata.name}}",
|
|
"tags": ["warning"],
|
|
"priority": 4,
|
|
"click": "{{.context.argocdUrl}}"
|
|
}
|
|
template.app-deployed: |
|
|
webhook:
|
|
ntfy:
|
|
method: POST
|
|
body: |
|
|
{
|
|
"topic": "argocd",
|
|
"message": "{{.app.metadata.name}} is now running new version of deployments manifests",
|
|
"title": "Deployed: {{.app.metadata.name}}",
|
|
"tags": ["+1"],
|
|
"priority": 3,
|
|
"click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}"
|
|
}
|
|
template.app-health-degraded: |
|
|
webhook:
|
|
ntfy:
|
|
method: POST
|
|
body: |
|
|
{
|
|
"topic": "argocd",
|
|
"message": "{{.app.metadata.name}} health has degraded",
|
|
"title": "Degraded: {{.app.metadata.name}}",
|
|
"tags": ["rotating_light"],
|
|
"priority": 5,
|
|
"click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}"
|
|
}
|
|
template.app-sync-failed: |
|
|
webhook:
|
|
ntfy:
|
|
method: POST
|
|
body: |
|
|
{
|
|
"topic": "argocd",
|
|
"message": "{{.app.metadata.name}} sync has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}",
|
|
"title": "Sync Failed: {{.app.metadata.name}}",
|
|
"tags": ["rotating_light"],
|
|
"priority": 5,
|
|
"click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
|
|
}
|
|
template.app-sync-running: |
|
|
webhook:
|
|
ntfy:
|
|
method: POST
|
|
body: |
|
|
{
|
|
"topic": "argocd",
|
|
"message": "{{.app.metadata.name}} sync has started at {{.app.status.operationState.startedAt}}",
|
|
"title": "Sync Running: {{.app.metadata.name}}",
|
|
"tags": ["runner"],
|
|
"priority": 3,
|
|
"click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
|
|
}
|
|
template.app-sync-status-unknown: |
|
|
webhook:
|
|
ntfy:
|
|
method: POST
|
|
body: |
|
|
{
|
|
"topic": "argocd",
|
|
"message": "{{.app.metadata.name}} sync status is unknown",
|
|
"title": "Sync Unknown: {{.app.metadata.name}}",
|
|
"tags": ["question"],
|
|
"priority": 5,
|
|
"click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}"
|
|
}
|
|
template.app-sync-succeeded: |
|
|
webhook:
|
|
ntfy:
|
|
method: POST
|
|
body: |
|
|
{
|
|
"topic": "argocd",
|
|
"message": "{{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}",
|
|
"title": "Sync Succeeded: {{.app.metadata.name}}",
|
|
"tags": ["+1"],
|
|
"priority": 3,
|
|
"click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
|
|
}
|
|
triggers:
|
|
trigger.on-created: |
|
|
- description: Application {{.app.metadata.name}} has been created.
|
|
oncePer: app.metadata.name
|
|
send:
|
|
- app-created
|
|
when: "true"
|
|
trigger.on-deleted: |
|
|
- description: Application {{.app.metadata.name}} has been deleted.
|
|
oncePer: app.metadata.name
|
|
send:
|
|
- app-deleted
|
|
when: app.metadata.deletionTimestamp != nil
|
|
trigger.on-deployed: |
|
|
- description: Application is synced and healthy. Triggered once per commit.
|
|
oncePer: app.status.operationState.syncResult.revision
|
|
send:
|
|
- app-deployed
|
|
when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
|
|
trigger.on-health-degraded: |
|
|
- description: Application has degraded
|
|
send:
|
|
- app-health-degraded
|
|
when: app.status.health.status == 'Degraded'
|
|
trigger.on-sync-failed: |
|
|
- description: Application syncing has failed
|
|
send:
|
|
- app-sync-failed
|
|
when: app.status.operationState.phase in ['Error', 'Failed']
|
|
trigger.on-sync-running: |
|
|
- description: Application is being synced
|
|
send:
|
|
- app-sync-running
|
|
when: app.status.operationState.phase in ['Running']
|
|
trigger.on-sync-status-unknown: |
|
|
- description: Application status is 'Unknown'
|
|
send:
|
|
- app-sync-status-unknown
|
|
when: app.status.sync.status == 'Unknown'
|
|
trigger.on-sync-succeeded: |
|
|
- description: Application syncing has succeeded
|
|
send:
|
|
- app-sync-succeeded
|
|
when: app.status.operationState.phase in ['Succeeded']
|