global: image: tag: v3.3.3 configs: cm: url: https://argocd.dvirlabs.com admin.enabled: "true" exec.enabled: "true" application.instanceLabelKey: argocd.argoproj.io/instance application.sync.impersonation.enabled: "false" server.rbac.log.enforce.enable: "false" statusbadge.enabled: "false" timeout.hard.reconciliation: 0s timeout.reconciliation: 180s resource.customizations.health.networking.k8s.io_Ingress: | hs = {} hs.status = "Healthy" return hs oidc.config: | name: Keycloak issuer: https://keycloak.dvirlabs.com/realms/lab clientID: argocd clientSecret: $oidc.keycloak.clientSecret requestedScopes: ["openid", "profile", "email", "groups", "offline_access"] requestedIDTokenClaims: groups: essential: true ssh: knownHosts: | [gitea-ssh.dev-tools.svc.cluster.local]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2zbaUZ4jUfc6Z/e47AJUiOVv9p9OgRRwwCvDi5tDpntMWbl18NDI9jCVS27sGIxZ+wJmZFWR/gRIQahsmPPkjXHDcd16SxADC58OOa+DJDlr/iE4UyOSX1Gpa/uVtiBDIJF8G/wTMtsnHrbOFkONvIKqdnCOIVmQ9rJd6lqlgBQSzInSYa7ovZMXYeUDeiaGutHqVKW1OWF9toVlifnbGvn/WFJw0V5mjsXqOnRXWbn4amHc84GHw98wUATUv5uTYtmUdbfIAene3L4SlZetlNXRYTxcPieK0mx5iTZNuo4i782OP1PkJxKvW00bnpqFYlRsshOFcvQ0ioQM2ARUBADIiXe5cpHvvk2e24oqzGAVKRn0rS+ARKHgWzQif0sC4qS4KCdnGXgpR3ijJKSAwWWvNi2D6zLi39g7gaX8zjqMVSAMp7UcOC40QxNs0gxqwUUSUY7XYqxpKRvDS7b2aeeUgKGTAQmumXzgtUqzQ0kruCEHbVoNJmQsRgT4FYcDCDQQ/9HGlxkvzLqPT7DGPk0v3/7u184p8qzWmiOnERdflegp9BkQ008jps6wN75ohrEZJlFxKv+0+IE6OcyE9FgM8edejHcVE81tKHzM2nO795Ixl3UWAEHdUpZKZlvp0L6raOd0eGjR/jZO3D+fOX55OLKW+o4T7wodp/fey8w== rbac: scopes: '[groups]' policy.csv: | g, gitea-users-argocd, role:observability-admin g, argocd-admins, role:admin policy.default: role:readonly roles: | p, role:observability-admin, projects, get, observability, allow p, role:observability-admin, projects, update, observability, allow p, role:observability-admin, applications, *, observability/*, allow p, role:observability-admin, repositories, *, *, allow params: server.insecure: "true" dex: enabled: false server: extraArgs: - --insecure ingress: enabled: true ingressClassName: traefik annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" hosts: - argocd.dvirlabs.com service: type: ClusterIP metrics: enabled: true serviceMonitor: enabled: true interval: 30s namespace: observability-stack additionalLabels: release: kube-prometheus-stack controller: replicas: 2 resources: limits: memory: 2Gi requests: cpu: 200m memory: 1Gi metrics: enabled: true serviceMonitor: enabled: true interval: 30s namespace: observability-stack additionalLabels: release: kube-prometheus-stack rules: enabled: true namespace: observability-stack additionalLabels: release: kube-prometheus-stack spec: - alert: ArgoAppMissing expr: | absent(argocd_app_info) == 1 for: 15m labels: severity: critical annotations: summary: "[Argo CD] No reported applications" description: > Argo CD has not reported any applications data for the past 15 minutes which means that it must be down or not functioning properly. This needs to be resolved for this cloud to continue to maintain state. - alert: ArgoAppNotSynced expr: | argocd_app_info{sync_status!="Synced"} == 1 for: 12h labels: severity: warning annotations: summary: "[{{$labels.name}}] Application not synchronized" description: > The application [{{$labels.name}}] has not been synchronized for over 12 hours which means that the state of this cloud has drifted away from the state inside Git. repoServer: resources: limits: memory: 512Mi requests: cpu: 100m memory: 256Mi metrics: enabled: true serviceMonitor: enabled: true interval: 30s namespace: observability-stack additionalLabels: release: kube-prometheus-stack applicationSet: metrics: enabled: true serviceMonitor: enabled: true interval: 30s namespace: observability-stack additionalLabels: release: kube-prometheus-stack notifications: metrics: enabled: true serviceMonitor: enabled: true interval: 30s namespace: observability-stack additionalLabels: release: kube-prometheus-stack