global:
  image:
    tag: v3.3.3

configs:
  cm:
    url: https://argocd.dvirlabs.com
    admin.enabled: "true"
    exec.enabled: "true"
    application.instanceLabelKey: argocd.argoproj.io/instance
    application.sync.impersonation.enabled: "false"
    server.rbac.log.enforce.enable: "false"
    statusbadge.enabled: "false"
    timeout.hard.reconciliation: 0s
    timeout.reconciliation: 180s
    resource.customizations.health.networking.k8s.io_Ingress: |
      hs = {}
      hs.status = "Healthy"
      return hs
    oidc.config: |
      name: Keycloak
      issuer: https://keycloak.dvirlabs.com/realms/lab
      clientID: argocd
      clientSecret: TReJ5S8anDsrHoAudKLPAgk8ss9G7vzz
      requestedScopes: ["openid", "profile", "email", "groups", "offline_access"]
      requestedIDTokenClaims:
        groups:
          essential: true
  ssh:
    knownHosts: |
      [gitea-ssh.dev-tools.svc.cluster.local.]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCohlPtJdN8uC/ttf6bn7WMgcl1wcMOKDUUqOycOrbQ0FpnRSkurBfRvgAEOsRK4zlqkJ0jLNYgTKYPkXYZd76fWujJVRphIpaRnBAmaBc85fzrwEaVH6EVBvo8+fdPpxCeCMkGLhje6jC+a0eyuIEt0PWihSKlJDbcSjvm/0wK53hxxe9HLGSkbiICjzHeq3Nj4UMeXvV52+jMeKLGApQI1YazarnRLK+2UZ7JeBEyhaAVpij+g/GVeAr57U6KIDgs7bM6F6FIKODc1TdDPftkq2cnvqnLxkkaIXZ8sYeGV060+AxRZtyAjzUqN9iLu63hKq0i8L+QOWWxbShGmNSwI3zK8bJaAgIPtIF3QNLwp2H3hpHcl/iMFfxv5fMNIk3r36nyYwD4AfeA9+VYOPPPmgHrRwqdWvgYlVxe0HGgp2rlFno6SumAcWw43sEHuh1d6mVfc74TCi1M3eW3v+n6xZsRMhmdtTC1ML8qT7rDtJIARKx5M3T/sSaO8y97uK+SZgtnT2Y7tnM8KAsqwNxc7nK+lffryC3Fk2qeDpIcLhXdAVAU7rY7Yr6WniBw71NmMTAFTOLIMiIw5ur05lRW7FeJ2xs6uPm6AItGIJgZWlxjF9lQpbc2dlrlEFHzqizclh5fWkyhHoLhDAu38/Fw03CEVZ1GdEcteUyHguN1eQ==

  rbac:
    scopes: '[groups]'
    policy.csv: |
      g, gitea-users-argocd, role:observability-admin
      g, argocd-admins, role:admin
    policy.default: role:readonly
    roles: |
      p, role:observability-admin, projects, get, observability, allow
      p, role:observability-admin, projects, update, observability, allow
      p, role:observability-admin, applications, *, observability/*, allow
      p, role:observability-admin, repositories, *, *, allow

  params:
    server.insecure: "true"

dex:
  enabled: false

server:
  extraArgs:
    - --insecure
  ingress:
    enabled: true
    ingressClassName: traefik
    annotations:
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.tls: "true"
    hosts:
      - argocd.dvirlabs.com
  service:
    type: ClusterIP

controller:
  resources:
    limits:
      memory: 2Gi
    requests:
      cpu: 200m
      memory: 1Gi

repoServer:
  resources:
    limits:
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi