infrastructure/clusters/cl01tl/helm/argocd/values.yaml

argo-cd:
  crds:
    install: true
    keep: true
  configs:
    cm:
      admin.enabled: true
      accounts.homepage: apiKey
      url: https://argocd.alexlebens.net
      statusbadge.url: https://argocd.alexlebens.net/
      statusbadge.enabled: true
      dex.config: |
        connectors:
        - config:
            issuer: https://authentik.alexlebens.net/application/o/argocd/
            clientID: $argocd-oidc-secret:client
            clientSecret: $argocd-oidc-secret:secret
            insecureEnableGroups: true
            scopes:
              - openid
              - profile
              - email
          name: authentik
          type: oidc
          id: authentik
    params:
      server.insecure: true
      controller.diff.server.side: true
    rbac:
      policy.csv: |
        g, ArgoCD Admins, role:admin
        g, homepage, role:readonly
  controller:
    replicas: 1
    resources:
      requests:
        cpu: 15m
        memory: 1Gi
    readinessProbe:
      failureThreshold: 3
      initialDelaySeconds: 60
      periodSeconds: 30
      successThreshold: 1
      timeoutSeconds: 5
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
      rules:
        enabled: true
      spec:
        - alert: ArgoAppMissing
          expr: |
            absent(argocd_app_info) == 1
          for: 15m
          labels:
            severity: critical
          annotations:
            summary: "[Argo CD] No reported applications"
            description: >
              Argo CD has not reported any applications data for the past 15 minutes which
              means that it must be down or not functioning properly.  This needs to be
              resolved for this cloud to continue to maintain state.
        - alert: ArgoAppNotSynced
          expr: |
            argocd_app_info{sync_status!="Synced"} == 1
          for: 12h
          labels:
            severity: warning
          annotations:
            summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
            description: >
              The application [{{`{{$labels.name}}`}} has not been synchronized for over
              12 hours which means that the state of this cloud has drifted away from the
              state inside Git.
  dex:
    enabled: true
    resources:
      requests:
        cpu: 10m
        memory: 64Mi
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
    livenessProbe:
      enabled: true
    readinessProbe:
      enabled: true
  redis-ha:
    enabled: true
    image:
      repository: redis
      tag: 8.6.1-alpine@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
    persistentVolume:
      enabled: true
    redis:
      resources:
        requests:
          cpu: 1000m
          memory: 64Mi
    haproxy:
      enabled: true
      image:
        repository: haproxy
        tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e
      resources:
        requests:
          cpu: 10m
          memory: 128Mi
      metrics:
        enabled: true
        serviceMonitor:
          enabled: true
    exporter:
      enabled: true
      image: ghcr.io/oliver006/redis_exporter
      tag: v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03
      serviceMonitor:
        enabled: true
    prometheusRule:
      enabled: true
      interval: 30s
      rules:
        - alert: RedisPodDown
          expr: |
            redis_up{job="{{ include "redis-ha.fullname" . }}"} == 0
          for: 5m
          labels:
            severity: critical
          annotations:
            description: Redis pod {{ "{{ $labels.pod }}" }} is down
            summary: Redis pod {{ "{{ $labels.pod }}" }} is down
    auth: false
  redisSecretInit:
    enabled: false
  server:
    replicas: 2
    resources:
     requests:
       cpu: 10m
       memory: 64Mi
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
    httproute:
      enabled: true
      parentRefs:
        - group: gateway.networking.k8s.io
          kind: Gateway
          name: traefik-gateway
          namespace: traefik
      hostnames:
        - argocd.alexlebens.net
  repoServer:
    replicas: 2
    resources:
      requests:
        cpu: 10m
        memory: 64Mi
    readinessProbe:
      enabled: true
      failureThreshold: 3
      initialDelaySeconds: 60
      periodSeconds: 30
      successThreshold: 1
      timeoutSeconds: 5
    livenessProbe:
      enabled: true
      failureThreshold: 3
      initialDelaySeconds: 60
      periodSeconds: 30
      successThreshold: 1
      timeoutSeconds: 5
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
  applicationSet:
    replicas: 2
    resources:
      requests:
        cpu: 10m
        memory: 64Mi
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
    readinessProbe:
      enabled: true
      failureThreshold: 3
      initialDelaySeconds: 60
      periodSeconds: 30
      successThreshold: 1
      timeoutSeconds: 5
    livenessProbe:
      enabled: true
      failureThreshold: 3
      initialDelaySeconds: 60
      periodSeconds: 30
      successThreshold: 1
      timeoutSeconds: 5
  notifications:
    argocdUrl: https://argocd.alexlebens.net
    secret:
      create: false
      name: argocd-notifications-secret
    metrics:
      enabled: true
      serviceMonitor:
        enabled: true
    notifiers:
      service.webhook.ntfy: |
        url: http://ntfy.ntfy/
        headers:
          - name: Authorization
            value: Bearer $ntfy-token
    resources:
      requests:
        cpu: 10m
        memory: 64Mi
    livenessProbe:
      enabled: true
    readinessProbe:
      enabled: true
    subscriptions:
      - recipients:
          - ntfy
        triggers:
          - on-created
          - on-deleted
          - on-deployed
          - on-health-degraded
          - on-sync-failed
          - on-sync-running
          - on-sync-status-unknown
          - on-sync-succeeded
    templates:
      template.app-created: |
        webhook:
          ntfy:
            method: POST
            body: |
              {
                "topic": "argocd",
                "message": "{{.app.metadata.name}} has been created.",
                "title": "Created: {{.app.metadata.name}}",
                "tags": ["building_construction"],
                "priority": 4,
                "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}"
              }
      template.app-deleted: |
        webhook:
          ntfy:
            method: POST
            body: |
              {
                "topic": "argocd",
                "message": "{{.app.metadata.name}} has been deleted",
                "title": "Deleted: {{.app.metadata.name}}",
                "tags": ["warning"],
                "priority": 4,
                "click": "{{.context.argocdUrl}}"
              }
      template.app-deployed: |
        webhook:
          ntfy:
            method: POST
            body: |
              {
                "topic": "argocd",
                "message": "{{.app.metadata.name}} is now running new version of deployments manifests",
                "title": "Deployed: {{.app.metadata.name}}",
                "tags": ["+1"],
                "priority": 3,
                "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}"
              }
      template.app-health-degraded: |
        webhook:
          ntfy:
            method: POST
            body: |
              {
                "topic": "argocd",
                "message": "{{.app.metadata.name}} health has degraded",
                "title": "Degraded: {{.app.metadata.name}}",
                "tags": ["rotating_light"],
                "priority": 4,
                "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}"
              }
      template.app-sync-failed: |
        webhook:
          ntfy:
            method: POST
            body: |
              {
                "topic": "argocd",
                "message": "{{.app.metadata.name}} sync has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}",
                "title": "Sync Failed: {{.app.metadata.name}}",
                "tags": ["rotating_light"],
                "priority": 4,
                "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
              }
      template.app-sync-running: |
        webhook:
          ntfy:
            method: POST
            body: |
              {
                "topic": "argocd",
                "message": "{{.app.metadata.name}} sync has started at {{.app.status.operationState.startedAt}}",
                "title": "Sync Running: {{.app.metadata.name}}",
                "tags": ["runner"],
                "priority": 3,
                "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
              }
      template.app-sync-status-unknown: |
        webhook:
          ntfy:
            method: POST
            body: |
              {
                "topic": "argocd",
                "message": "{{.app.metadata.name}} sync status is unknown",
                "title": "Sync Unknown: {{.app.metadata.name}}",
                "tags": ["question"],
                "priority": 3,
                "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}"
              }
      template.app-sync-succeeded: |
        webhook:
          ntfy:
            method: POST
            body: |
              {
                "topic": "argocd",
                "message": "{{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}",
                "title": "Sync Succeeded: {{.app.metadata.name}}",
                "tags": ["+1"],
                "priority": 3,
                "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
              }
    triggers:
      trigger.on-created: |
        - description: Application {{.app.metadata.name}} has been created.
          oncePer: app.metadata.name
          send:
            - app-created
          when: "true"
      trigger.on-deleted: |
        - description: Application {{.app.metadata.name}} has been deleted.
          oncePer: app.metadata.name
          send:
            - app-deleted
          when: app.metadata.deletionTimestamp != nil
      trigger.on-deployed: |
        - description: Application is synced and healthy. Triggered once per commit.
          oncePer: app.status.operationState.syncResult.revision
          send:
            - app-deployed
          when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
      trigger.on-health-degraded: |
        - description: Application has degraded
          send:
            - app-health-degraded
          when: app.status.health.status == 'Degraded'
      trigger.on-sync-failed: |
        - description: Application syncing has failed
          send:
            - app-sync-failed
          when: app.status.operationState.phase in ['Error', 'Failed']
      trigger.on-sync-running: |
        - description: Application is being synced
          send:
           - app-sync-running
          when: app.status.operationState.phase in ['Running']
      trigger.on-sync-status-unknown: |
        - description: Application status is 'Unknown'
          send:
            - app-sync-status-unknown
          when: app.status.sync.status == 'Unknown'
      trigger.on-sync-succeeded: |
        - description: Application syncing has succeeded
          send:
            - app-sync-succeeded
          when: app.status.operationState.phase in ['Succeeded']