infra/manifests/argocd/values.yaml

global:
  image:
    tag: v3.3.3

configs:
  cm:
    url: https://argocd.dvirlabs.com
    admin.enabled: "true"
    exec.enabled: "true"
    application.instanceLabelKey: argocd.argoproj.io/instance
    application.sync.impersonation.enabled: "false"
    server.rbac.log.enforce.enable: "false"
    statusbadge.enabled: "false"
    timeout.hard.reconciliation: 0s
    timeout.reconciliation: 180s
    resource.customizations.health.networking.k8s.io_Ingress: |
      hs = {}
      hs.status = "Healthy"
      return hs
    oidc.config: |
      name: Keycloak
      issuer: https://keycloak.dvirlabs.com/realms/lab
      clientID: argocd
      clientSecret: TReJ5S8anDsrHoAudKLPAgk8ss9G7vzz
      requestedScopes: ["openid", "profile", "email", "groups", "offline_access"]
      requestedIDTokenClaims:
        groups:
          essential: true
  ssh:
    knownHosts: |
      [gitea-ssh.dev-tools.svc.cluster.local]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2zbaUZ4jUfc6Z/e47AJUiOVv9p9OgRRwwCvDi5tDpntMWbl18NDI9jCVS27sGIxZ+wJmZFWR/gRIQahsmPPkjXHDcd16SxADC58OOa+DJDlr/iE4UyOSX1Gpa/uVtiBDIJF8G/wTMtsnHrbOFkONvIKqdnCOIVmQ9rJd6lqlgBQSzInSYa7ovZMXYeUDeiaGutHqVKW1OWF9toVlifnbGvn/WFJw0V5mjsXqOnRXWbn4amHc84GHw98wUATUv5uTYtmUdbfIAene3L4SlZetlNXRYTxcPieK0mx5iTZNuo4i782OP1PkJxKvW00bnpqFYlRsshOFcvQ0ioQM2ARUBADIiXe5cpHvvk2e24oqzGAVKRn0rS+ARKHgWzQif0sC4qS4KCdnGXgpR3ijJKSAwWWvNi2D6zLi39g7gaX8zjqMVSAMp7UcOC40QxNs0gxqwUUSUY7XYqxpKRvDS7b2aeeUgKGTAQmumXzgtUqzQ0kruCEHbVoNJmQsRgT4FYcDCDQQ/9HGlxkvzLqPT7DGPk0v3/7u184p8qzWmiOnERdflegp9BkQ008jps6wN75ohrEZJlFxKv+0+IE6OcyE9FgM8edejHcVE81tKHzM2nO795Ixl3UWAEHdUpZKZlvp0L6raOd0eGjR/jZO3D+fOX55OLKW+o4T7wodp/fey8w==

  rbac:
    scopes: '[groups]'
    policy.csv: |
      g, gitea-users-argocd, role:observability-admin
      g, argocd-admins, role:admin
    policy.default: role:readonly
    roles: |
      p, role:observability-admin, projects, get, observability, allow
      p, role:observability-admin, projects, update, observability, allow
      p, role:observability-admin, applications, *, observability/*, allow
      p, role:observability-admin, repositories, *, *, allow

  params:
    server.insecure: "true"

dex:
  enabled: false

server:
  extraArgs:
    - --insecure
  ingress:
    enabled: true
    ingressClassName: traefik
    annotations:
      traefik.ingress.kubernetes.io/router.entrypoints: websecure
      traefik.ingress.kubernetes.io/router.tls: "true"
    hosts:
      - argocd.dvirlabs.com
  service:
    type: ClusterIP
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
      interval: 30s
      namespace: observability-stack

controller:
  replicas: 2
  resources:
    limits:
      memory: 2Gi
    requests:
      cpu: 200m
      memory: 1Gi
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
      interval: 30s
      namespace: observability-stack
    rules:
      enabled: true
      namespace: observability-stack
      spec:
        - alert: ArgoAppMissing
          expr: |
            absent(argocd_app_info) == 1
          for: 15m
          labels:
            severity: critical
          annotations:
            summary: "[Argo CD] No reported applications"
            description: >
              Argo CD has not reported any applications data for the past 15 minutes which
              means that it must be down or not functioning properly. This needs to be
              resolved for this cloud to continue to maintain state.
        - alert: ArgoAppNotSynced
          expr: |
            argocd_app_info{sync_status!="Synced"} == 1
          for: 12h
          labels:
            severity: warning
          annotations:
            summary: "[{{$labels.name}}] Application not synchronized"
            description: >
              The application [{{$labels.name}}] has not been synchronized for over
              12 hours which means that the state of this cloud has drifted away from the
              state inside Git.

repoServer:
  resources:
    limits:
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 256Mi
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
      interval: 30s
      namespace: observability-stack

applicationSet:
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
      interval: 30s
      namespace: observability-stack

notifications:
  metrics:
    enabled: true
    serviceMonitor:
      enabled: true
      interval: 30s
      namespace: observability-stack