303 lines
		
	
	
		
			9.5 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			303 lines
		
	
	
		
			9.5 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| argo-cd:
 | |
|   crds:
 | |
|     install: true
 | |
|   configs:
 | |
|     cm:
 | |
|       admin.enabled: true
 | |
|       timeout.reconciliation: 100s
 | |
|       timeout.reconciliation.jitter: 60s
 | |
|       url: https://argocd.alexlebens.net
 | |
|       statusbadge.url: https://argocd.alexlebens.net/
 | |
|       statusbadge.enabled: true
 | |
|       dex.config: |
 | |
|         connectors:
 | |
|         - config:
 | |
|             issuer: https://authentik.alexlebens.net/application/o/argocd/
 | |
|             clientID: $argocd-oidc-secret:client
 | |
|             clientSecret: $argocd-oidc-secret:secret
 | |
|             insecureEnableGroups: true
 | |
|             scopes:
 | |
|               - openid
 | |
|               - profile
 | |
|               - email
 | |
|           name: authentik
 | |
|           type: oidc
 | |
|           id: authentik
 | |
|     params:
 | |
|       server.insecure: true
 | |
|     rbac:
 | |
|       policy.csv: |
 | |
|         g, ArgoCD Admins, role:admin
 | |
|     cmp:
 | |
|       create: true
 | |
|       plugins:
 | |
|         cdk8s:
 | |
|           init:
 | |
|             command: [cdk8s]
 | |
|             args: [import]
 | |
|           generate:
 | |
|             command: [cdk8s, synth]
 | |
|             args: [--stdout]
 | |
|           discover:
 | |
|             fileName: "*.go"
 | |
|   controller:
 | |
|     replicas: 1
 | |
|     metrics:
 | |
|       enabled: true
 | |
|       serviceMonitor:
 | |
|         enabled: true
 | |
|   dex:
 | |
|     enabled: true
 | |
|     metrics:
 | |
|       enabled: true
 | |
|       serviceMonitor:
 | |
|         enabled: true
 | |
|     livenessProbe:
 | |
|       enabled: true
 | |
|     readinessProbe:
 | |
|       enabled: true
 | |
|   redis-ha:
 | |
|     enabled: true
 | |
|     auth: false
 | |
|   redisSecretInit:
 | |
|     enabled: true
 | |
|   server:
 | |
|     replicas: 2
 | |
|     extensions:
 | |
|       enabled: true
 | |
|       extensionList:
 | |
|         - name: extension-trivy
 | |
|           env:
 | |
|             - name: EXTENSION_URL
 | |
|               value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar
 | |
|             - name: EXTENSION_CHECKSUM_URL
 | |
|               value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt
 | |
|     metrics:
 | |
|       enabled: true
 | |
|       serviceMonitor:
 | |
|         enabled: true
 | |
|     ingress:
 | |
|       enabled: false
 | |
|   repoServer:
 | |
|     replicas: 2
 | |
|     extraContainers:
 | |
|       - name: cmp-cdk8s
 | |
|         command:
 | |
|           - /var/run/argocd/argocd-cmp-server
 | |
|         image: ghcr.io/akuity/cdk8s-cmp-typescript:1.0
 | |
|         securityContext:
 | |
|           runAsNonRoot: true
 | |
|           runAsUser: 999
 | |
|         volumeMounts:
 | |
|           - mountPath: /var/run/argocd
 | |
|             name: var-files
 | |
|           - mountPath: /home/argocd/cmp-server/plugins
 | |
|             name: plugins
 | |
|           - mountPath: /home/argocd/cmp-server/config/plugin.yaml
 | |
|             subPath: cdk8s.yaml
 | |
|             name: argocd-cmp-cm
 | |
|           - mountPath: /tmp
 | |
|             name: cmp-tmp
 | |
|     volumes:
 | |
|       - name: argocd-cmp-cm
 | |
|         configMap:
 | |
|           name: argocd-cmp-cm
 | |
|       - name: cmp-tmp
 | |
|         emptyDir: {}
 | |
|     metrics:
 | |
|       enabled: true
 | |
|       serviceMonitor:
 | |
|         enabled: true
 | |
|   applicationSet:
 | |
|     replicas: 2
 | |
|     metrics:
 | |
|       enabled: true
 | |
|       serviceMonitor:
 | |
|         enabled: true
 | |
|     livenessProbe:
 | |
|       enabled: true
 | |
|     readinessProbe:
 | |
|       enabled: true
 | |
|   notifications:
 | |
|     enabled: true
 | |
|     context:
 | |
|       argocdUrl: https://argocd.alexlebens.net
 | |
|     secret:
 | |
|       create: false
 | |
|       name: argocd-notifications-secret
 | |
|     metrics:
 | |
|       enabled: true
 | |
|       serviceMonitor:
 | |
|         enabled: true
 | |
|     notifiers:
 | |
|       service.webhook.ntfy: |
 | |
|         url: http://ntfy.ntfy/
 | |
|         headers:
 | |
|           - name: Authorization
 | |
|             value: Bearer $ntfy-token
 | |
|     livenessProbe:
 | |
|       enabled: true
 | |
|     readinessProbe:
 | |
|       enabled: true
 | |
|     subscriptions:
 | |
|       - recipients:
 | |
|           - ntfy
 | |
|         triggers:
 | |
|           - on-created
 | |
|           - on-deleted
 | |
|           - on-deployed
 | |
|           - on-health-degraded
 | |
|           - on-sync-failed
 | |
|           - on-sync-running
 | |
|           - on-sync-status-unknown
 | |
|           - on-sync-succeeded
 | |
|     templates:
 | |
|       template.app-created: |
 | |
|         webhook:
 | |
|           ntfy:
 | |
|             method: POST
 | |
|             body: |
 | |
|               {
 | |
|                 "topic": "argocd",
 | |
|                 "message": "{{.app.metadata.name}} has been created.",
 | |
|                 "title": "Created: {{.app.metadata.name}}",
 | |
|                 "tags": ["building_construction"],
 | |
|                 "priority": 4,
 | |
|                 "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}"
 | |
|               }
 | |
|       template.app-deleted: |
 | |
|         webhook:
 | |
|           ntfy:
 | |
|             method: POST
 | |
|             body: |
 | |
|               {
 | |
|                 "topic": "argocd",
 | |
|                 "message": "{{.app.metadata.name}} has been deleted",
 | |
|                 "title": "Deleted: {{.app.metadata.name}}",
 | |
|                 "tags": ["warning"],
 | |
|                 "priority": 4,
 | |
|                 "click": "{{.context.argocdUrl}}"
 | |
|               }
 | |
|       template.app-deployed: |
 | |
|         webhook:
 | |
|           ntfy:
 | |
|             method: POST
 | |
|             body: |
 | |
|               {
 | |
|                 "topic": "argocd",
 | |
|                 "message": "{{.app.metadata.name}} is now running new version of deployments manifests",
 | |
|                 "title": "Deployed: {{.app.metadata.name}}",
 | |
|                 "tags": ["+1"],
 | |
|                 "priority": 3,
 | |
|                 "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}"
 | |
|               }
 | |
|       template.app-health-degraded: |
 | |
|         webhook:
 | |
|           ntfy:
 | |
|             method: POST
 | |
|             body: |
 | |
|               {
 | |
|                 "topic": "argocd",
 | |
|                 "message": "{{.app.metadata.name}} health has degraded",
 | |
|                 "title": "Degraded: {{.app.metadata.name}}",
 | |
|                 "tags": ["rotating_light"],
 | |
|                 "priority": 4,
 | |
|                 "click": "{{.context.argocdUrl}}/applications/argocd/{{.app.metadata.name}}"
 | |
|               }
 | |
|       template.app-sync-failed: |
 | |
|         webhook:
 | |
|           ntfy:
 | |
|             method: POST
 | |
|             body: |
 | |
|               {
 | |
|                 "topic": "argocd",
 | |
|                 "message": "{{.app.metadata.name}} sync has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}",
 | |
|                 "title": "Sync Failed: {{.app.metadata.name}}",
 | |
|                 "tags": ["rotating_light"],
 | |
|                 "priority": 4,
 | |
|                 "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
 | |
|               }
 | |
|       template.app-sync-running: |
 | |
|         webhook:
 | |
|           ntfy:
 | |
|             method: POST
 | |
|             body: |
 | |
|               {
 | |
|                 "topic": "argocd",
 | |
|                 "message": "{{.app.metadata.name}} sync has started at {{.app.status.operationState.startedAt}}",
 | |
|                 "title": "Sync Running: {{.app.metadata.name}}",
 | |
|                 "tags": ["runner"],
 | |
|                 "priority": 3,
 | |
|                 "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
 | |
|               }
 | |
|       template.app-sync-status-unknown: |
 | |
|         webhook:
 | |
|           ntfy:
 | |
|             method: POST
 | |
|             body: |
 | |
|               {
 | |
|                 "topic": "argocd",
 | |
|                 "message": "{{.app.metadata.name}} sync status is unknown",
 | |
|                 "title": "Sync Unknown: {{.app.metadata.name}}",
 | |
|                 "tags": ["question"],
 | |
|                 "priority": 3,
 | |
|                 "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}"
 | |
|               }
 | |
|       template.app-sync-succeeded: |
 | |
|         webhook:
 | |
|           ntfy:
 | |
|             method: POST
 | |
|             body: |
 | |
|               {
 | |
|                 "topic": "argocd",
 | |
|                 "message": "{{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}",
 | |
|                 "title": "Sync Succeeded: {{.app.metadata.name}}",
 | |
|                 "tags": ["+1"],
 | |
|                 "priority": 3,
 | |
|                 "click": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
 | |
|               }
 | |
|     triggers:
 | |
|       trigger.on-created: |
 | |
|         - description: Application {{.app.metadata.name}} has been created.
 | |
|           oncePer: app.metadata.name
 | |
|           send:
 | |
|             - app-created
 | |
|           when: "true"
 | |
|       trigger.on-deleted: |
 | |
|         - description: Application {{.app.metadata.name}} has been deleted.
 | |
|           oncePer: app.metadata.name
 | |
|           send:
 | |
|             - app-deleted
 | |
|           when: app.metadata.deletionTimestamp != nil
 | |
|       trigger.on-deployed: |
 | |
|         - description: Application is synced and healthy. Triggered once per commit.
 | |
|           oncePer: app.status.operationState.syncResult.revision
 | |
|           send:
 | |
|             - app-deployed
 | |
|           when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
 | |
|       trigger.on-health-degraded: |
 | |
|         - description: Application has degraded
 | |
|           send:
 | |
|             - app-health-degraded
 | |
|           when: app.status.health.status == 'Degraded' and time.Now().Sub(time.Parse(app.status.health.lastTransitionTime).Minutes() >= 15
 | |
|       trigger.on-sync-failed: |
 | |
|         - description: Application syncing has failed
 | |
|           send:
 | |
|             - app-sync-failed
 | |
|           when: app.status.operationState.phase in ['Error', 'Failed']
 | |
|       trigger.on-sync-running: |
 | |
|         - description: Application is being synced
 | |
|           send:
 | |
|            - app-sync-running
 | |
|           when: app.status.operationState.phase in ['Running']
 | |
|       trigger.on-sync-status-unknown: |
 | |
|         - description: Application status is 'Unknown'
 | |
|           send:
 | |
|             - app-sync-status-unknown
 | |
|           when: app.status.sync.status == 'Unknown'
 | |
|       trigger.on-sync-succeeded: |
 | |
|         - description: Application syncing has succeeded
 | |
|           send:
 | |
|             - app-sync-succeeded
 | |
|           when: app.status.operationState.phase in ['Succeeded']
 |