forked from argoproj/argo-cd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
argocd-cmd-params-cm.yaml
208 lines (198 loc) · 11.4 KB
/
argocd-cmd-params-cm.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
apiVersion: v1
kind: ConfigMap
metadata:
name: argocd-cmd-params-cm
labels:
app.kubernetes.io/name: argocd-cmd-params-cm
app.kubernetes.io/part-of: argocd
data:
# Repo server address. (default "argocd-repo-server:8081")
repo.server: "argocd-repo-server:8081"
# Redis server hostname and port (e.g. argocd-redis:6379)
redis.server: "argocd-redis:6379"
# Enable compression for data sent to Redis with the required compression algorithm. (default 'gzip')
redis.compression: gzip
# Redis database
redis.db:
# Open-Telemetry collector address: (e.g. "otel-collector:4317")
otlp.address:
# List of additional namespaces where applications may be created in and
# reconciled from. The namespace where Argo CD is installed to will always
# be allowed.
#
# Feature state: Beta
application.namespaces: ns1, ns2, ns3
## Controller Properties
# Repo server RPC call timeout seconds.
controller.repo.server.timeout.seconds: "60"
# Disable TLS on connections to repo server
controller.repo.server.plaintext: "false"
# Whether to use strict validation of the TLS cert presented by the repo server
controller.repo.server.strict.tls: "false"
# Number of application status processors (default 20)
controller.status.processors: "20"
# Number of application operation processors (default 10)
controller.operation.processors: "10"
# Set the logging format. One of: text|json (default "text")
controller.log.format: "text"
# Set the logging level. One of: debug|info|warn|error (default "info")
controller.log.level: "info"
# Prometheus metrics cache expiration (disabled by default. e.g. 24h0m0s)
controller.metrics.cache.expiration: "24h0m0s"
# Specifies timeout between application self heal attempts (default 5)
controller.self.heal.timeout.seconds: "5"
# Cache expiration for app state (default 1h0m0s)
controller.app.state.cache.expiration: "1h0m0s"
# Specifies if resource health should be persisted in app CRD (default true)
# Changing this to `false` significantly reduce number of Application CRD updates and improves controller performance.
# However, disabling resource health by default might affect applications that communicate with Applications CRD directly
# so we have to defer switching this to `false` by default till v3.0 release.
controller.resource.health.persist: "true"
# Cache expiration default (default 24h0m0s)
controller.default.cache.expiration: "24h0m0s"
# Sharding algorithm used to balance clusters accross application controller shards (default "legacy")
controller.sharding.algorithm: legacy
# Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit.
controller.kubectl.parallelism.limit: "20"
# The maximum number of retries for each request
controller.k8sclient.retry.max: "0"
# The initial backoff delay on the first retry attempt in ms. Subsequent retries will double this backoff time up to a maximum threshold
controller.k8sclient.retry.base.backoff: "100"
# Grace period in seconds for ignoring consecutive errors while communicating with repo server.
controller.repo.error.grace.period.seconds: "180"
## Server properties
# Listen on given address for incoming connections (default "0.0.0.0")
server.listen.address: "0.0.0.0"
# Listen on given address for metrics (default "0.0.0.0")
server.metrics.listen.address: "0.0.0.0"
# Run server without TLS
server.insecure: "false"
# Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/")
server.basehref: "/"
# Used if Argo CD is running behind reverse proxy under subpath different from /
server.rootpath: ""
# Directory path that contains additional static assets
server.staticassets: "/shared/app"
# The maximum number of retries for each request
server.k8sclient.retry.max: "0"
# The initial backoff delay on the first retry attempt in ms. Subsequent retries will double this backoff time up to a maximum threshold
server.k8sclient.retry.base.backoff: "100"
# Set the logging format. One of: text|json (default "text")
server.log.format: "text"
# Set the logging level. One of: debug|info|warn|error (default "info")
server.log.level: "info"
# Repo server RPC call timeout seconds. (default 60)
server.repo.server.timeout.seconds: "60"
# Use a plaintext client (non-TLS) to connect to repository server
server.repo.server.plaintext: "false"
# Perform strict validation of TLS certificates when connecting to repo server
server.repo.server.strict.tls: "false"
# Dex server address (default "http://argocd-dex-server:5556")
server.dex.server: "http://argocd-dex-server:5556"
# Use a plaintext client (non-TLS) to connect to dex server
server.dex.server.plaintext: "false"
# Perform strict validation of TLS certificates when connecting to dex server
server.dex.server.strict.tls: "false"
# Disable client authentication
server.disable.auth: "false"
# Toggle GZIP compression
server.enable.gzip: "true"
# Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin")
server.x.frame.options: "sameorigin"
# The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
server.tls.minversion: "1.2"
# The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
server.tls.maxversion: "1.3"
# The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
server.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384"
# Cache expiration for cluster/repo connection status (default 1h0m0s)
server.connection.status.cache.expiration: "1h0m0s"
# Cache expiration for OIDC state (default 3m0s)
server.oidc.cache.expiration: "3m0s"
# Cache expiration for failed login attempts (default 24h0m0s)
server.login.attempts.expiration: "24h0m0s"
# Cache expiration for app state (default 1h0m0s)
server.app.state.cache.expiration: "1h0m0s"
# Cache expiration default (default 24h0m0s)
server.default.cache.expiration: "24h0m0s"
# Enable the experimental proxy extension feature
server.enable.proxy.extension: "false"
## Repo-server properties
# Listen on given address for incoming connections (default "0.0.0.0")
reposerver.listen.address: "0.0.0.0"
# Listen on given address for metrics (default "0.0.0.0")
reposerver.metrics.listen.address: "0.0.0.0"
# Set the logging format. One of: text|json (default "text")
reposerver.log.format: "text"
# Set the logging level. One of: debug|info|warn|error (default "info")
reposerver.log.level: "info"
# Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit.
reposerver.parallelism.limit: "1"
# Disable TLS on the gRPC endpoint
reposerver.disable.tls: "false"
# The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
reposerver.tls.minversion: "1.2"
# The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
reposerver.tls.maxversion: "1.3"
# The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
reposerver.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384"
# Cache expiration for repo state, incl. app lists, app details, manifest generation, revision meta-data (default 24h0m0s)
reposerver.repo.cache.expiration: "24h0m0s"
# Cache expiration default (default 24h0m0s)
reposerver.default.cache.expiration: "24h0m0s"
# Max combined manifest file size for a single directory-type Application. In-memory manifest representation may be as
# much as 300x the manifest file size. Limit this to stay within the memory limits of the repo-server while allowing
# for 300x memory expansion and N Applications running at the same time.
# (example 10M max * 300 expansion * 10 Apps = 30G max theoretical memory usage).
reposerver.max.combined.directory.manifests.size: '10M'
# Paths to be excluded from the tarball streamed to plugins. Separate with ;
reposerver.plugin.tar.exclusions: ""
# Allow repositories to contain symlinks that leave the boundaries of the repository.
# Changing this to "true" will not allow _all_ out-of-bounds symlinks. Those will still be blocked for things like values
# files in Helm charts. But symlinks which are not explicitly blocked by other checks will be allowed.
reposerver.allow.oob.symlinks: "false"
# Maximum size of tarball when streaming manifests to the repo server for generation
reposerver.streamed.manifest.max.tar.size: "100M"
# Maximum size of extracted manifests when streaming manifests to the repo server for generation
reposerver.streamed.manifest.max.extracted.size: "1G"
# Enable git submodule support
reposerver.enable.git.submodule: "true"
# Number of concurrent git ls-remote requests. Any value less than 1 means no limit.
reposerver.git.lsremote.parallelism.limit: "0"
# Git requests timeout.
reposerver.git.request.timeout: "15s"
# Disable TLS on the HTTP endpoint
dexserver.disable.tls: "false"
## ApplicationSet Controller Properties
# Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.
applicationsetcontroller.enable.leader.election: "false"
# "Modify how application is synced between the generator and the cluster. Default is 'sync' (create & update & delete), options: 'create-only', 'create-update' (no deletion), 'create-delete' (no update)"
applicationsetcontroller.policy: "sync"
# Print debug logs. Takes precedence over loglevel
applicationsetcontroller.debug: "false"
# Set the logging format. One of: text|json (default "text")
applicationsetcontroller.log.format: "text"
# Set the logging level. One of: debug|info|warn|error (default "info")
applicationsetcontroller.log.level: "info"
# Enable dry run mode
applicationsetcontroller.dryrun: "false"
# Enable git submodule support
applicationsetcontroller.enable.git.submodule: "true"
# Enables use of the Progressive Syncs capability
applicationsetcontroller.enable.progressive.syncs: "false"
# A list of glob patterns specifying where to look for ApplicationSet resources. (default is only the ns where the controller is installed)
applicationsetcontroller.namespaces: "argocd,argocd-appsets-*"
# Path of the self-signed TLS certificate for SCM/PR Gitlab Generator
applicationsetcontroller.scm.root.ca.path: ""
# A comma separated list of allowed SCM providers (default "" is all SCM providers).
# Setting this field is required when using ApplicationSets-in-any-namespace, to prevent users from
# sending secrets from `tokenRef`s to disallowed `api` domains.
# The url used in the scm generator must exactly match one in the list
applicationsetcontroller.allowed.scm.providers: "https://git.example.com/,https://gitlab.example.com/"
# To disable SCM providers entirely (i.e. disable the SCM and PR generators), set this to "false". Default is "true".
applicationsetcontroller.enable.scm.providers: "false"
## Argo CD Notifications Controller Properties
# Set the logging level. One of: debug|info|warn|error (default "info")
notificationscontroller.log.level: "info"
# Set the logging format. One of: text|json (default "text")
notificationscontroller.log.format: "text"