mirror of
https://github.com/argoproj/argo-cd
synced 2026-04-21 17:07:16 +00:00
2494657829
* chore: rename 'progressive rollouts' to 'progressive syncs' Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * rename docs file Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * Update cmd/argocd-applicationset-controller/commands/applicationset_controller.go Co-authored-by: Panagiotis Georgiadis <pgeorgia@redhat.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Panagiotis Georgiadis <pgeorgia@redhat.com>
168 lines
8.8 KiB
YAML
168 lines
8.8 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: argocd-cmd-params-cm
|
|
labels:
|
|
app.kubernetes.io/name: argocd-cmd-params-cm
|
|
app.kubernetes.io/part-of: argocd
|
|
data:
|
|
# Repo server address. (default "argocd-repo-server:8081")
|
|
repo.server: "argocd-repo-server:8081"
|
|
|
|
# Dex server address (default "http://argocd-dex-server:5556")
|
|
dex.server: "http://argocd-dex-server:5556"
|
|
|
|
# Redis server hostname and port (e.g. argocd-redis:6379)
|
|
redis.server: "argocd-redis:6379"
|
|
# Enable compression for data sent to Redis with the required compression algorithm. (default 'none')
|
|
redis.compression: none
|
|
# Redis database
|
|
redis.db:
|
|
|
|
# Open-Telemetry collector address: (e.g. "otel-collector:4317")
|
|
otlp.address:
|
|
|
|
# List of additional namespaces where applications may be created in and
|
|
# reconciled from. The namespace where Argo CD is installed to will always
|
|
# be allowed.
|
|
#
|
|
# Feature state: Beta
|
|
application.namespaces: ns1, ns2, ns3
|
|
|
|
## Controller Properties
|
|
# Repo server RPC call timeout seconds.
|
|
controller.repo.server.timeout.seconds: "60"
|
|
# Disable TLS on connections to repo server
|
|
controller.repo.server.plaintext: "false"
|
|
# Whether to use strict validation of the TLS cert presented by the repo server
|
|
controller.repo.server.strict.tls: "false"
|
|
# Number of application status processors (default 20)
|
|
controller.status.processors: "20"
|
|
# Number of application operation processors (default 10)
|
|
controller.operation.processors: "10"
|
|
# Set the logging format. One of: text|json (default "text")
|
|
controller.log.format: "text"
|
|
# Set the logging level. One of: debug|info|warn|error (default "info")
|
|
controller.log.level: "info"
|
|
# Prometheus metrics cache expiration (disabled by default. e.g. 24h0m0s)
|
|
controller.metrics.cache.expiration: "24h0m0s"
|
|
# Specifies timeout between application self heal attempts (default 5)
|
|
controller.self.heal.timeout.seconds: "5"
|
|
# Cache expiration for app state (default 1h0m0s)
|
|
controller.app.state.cache.expiration: "1h0m0s"
|
|
# Specifies if resource health should be persisted in app CRD (default true)
|
|
# Changing this to `false` significantly reduce number of Application CRD updates and improves controller performance.
|
|
# However, disabling resource health by default might affect applications that communicate with Applications CRD directly
|
|
# so we have to defer switching this to `false` by default till v3.0 release.
|
|
controller.resource.health.persist: "true"
|
|
# Cache expiration default (default 24h0m0s)
|
|
controller.default.cache.expiration: "24h0m0s"
|
|
|
|
## Server properties
|
|
# Run server without TLS
|
|
server.insecure: "false"
|
|
# Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/")
|
|
server.basehref: "/"
|
|
# Used if Argo CD is running behind reverse proxy under subpath different from /
|
|
server.rootpath: ""
|
|
# Directory path that contains additional static assets
|
|
server.staticassets: "/shared/app"
|
|
|
|
# Set the logging format. One of: text|json (default "text")
|
|
server.log.format: "text"
|
|
# Set the logging level. One of: debug|info|warn|error (default "info")
|
|
server.log.level: "info"
|
|
# Repo server RPC call timeout seconds. (default 60)
|
|
server.repo.server.timeout.seconds: "60"
|
|
# Use a plaintext client (non-TLS) to connect to repository server
|
|
server.repo.server.plaintext: "false"
|
|
# Perform strict validation of TLS certificates when connecting to repo server
|
|
server.repo.server.strict.tls: "false"
|
|
# Use a plaintext client (non-TLS) to connect to dex server
|
|
server.dex.server.plaintext: "false"
|
|
# Perform strict validation of TLS certificates when connecting to dex server
|
|
server.dex.server.strict.tls: "false"
|
|
# Disable client authentication
|
|
server.disable.auth: "false"
|
|
# Enable GZIP compression
|
|
server.enable.gzip: "false"
|
|
# Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin")
|
|
server.x.frame.options: "sameorigin"
|
|
# The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
|
|
server.tls.minversion: "1.2"
|
|
# The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
|
|
server.tls.maxversion: "1.3"
|
|
# The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
|
|
server.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384"
|
|
# Cache expiration for cluster/repo connection status (default 1h0m0s)
|
|
server.connection.status.cache.expiration: "1h0m0s"
|
|
# Cache expiration for OIDC state (default 3m0s)
|
|
server.oidc.cache.expiration: "3m0s"
|
|
# Cache expiration for failed login attempts (default 24h0m0s)
|
|
server.login.attempts.expiration: "24h0m0s"
|
|
# Cache expiration for app state (default 1h0m0s)
|
|
server.app.state.cache.expiration: "1h0m0s"
|
|
# Cache expiration default (default 24h0m0s)
|
|
server.default.cache.expiration: "24h0m0s"
|
|
# Enable the experimental proxy extension feature
|
|
server.enable.proxy.extension: "false"
|
|
|
|
## Repo-server properties
|
|
# Set the logging format. One of: text|json (default "text")
|
|
reposerver.log.format: "text"
|
|
# Set the logging level. One of: debug|info|warn|error (default "info")
|
|
reposerver.log.level: "info"
|
|
# Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit.
|
|
reposerver.parallelism.limit: "1"
|
|
# Disable TLS on the gRPC endpoint
|
|
reposerver.disable.tls: "false"
|
|
# The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
|
|
reposerver.tls.minversion: "1.2"
|
|
# The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
|
|
reposerver.tls.maxversion: "1.3"
|
|
# The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
|
|
reposerver.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384"
|
|
# Cache expiration for repo state, incl. app lists, app details, manifest generation, revision meta-data (default 24h0m0s)
|
|
reposerver.repo.cache.expiration: "24h0m0s"
|
|
# Cache expiration default (default 24h0m0s)
|
|
reposerver.default.cache.expiration: "24h0m0s"
|
|
# Max combined manifest file size for a single directory-type Application. In-memory manifest representation may be as
|
|
# much as 300x the manifest file size. Limit this to stay within the memory limits of the repo-server while allowing
|
|
# for 300x memory expansion and N Applications running at the same time.
|
|
# (example 10M max * 300 expansion * 10 Apps = 30G max theoretical memory usage).
|
|
reposerver.max.combined.directory.manifests.size: '10M'
|
|
# Paths to be excluded from the tarball streamed to plugins. Separate with ;
|
|
reposerver.plugin.tar.exclusions: ""
|
|
# Allow repositories to contain symlinks that leave the boundaries of the repository.
|
|
# Changing this to "true" will not allow _all_ out-of-bounds symlinks. Those will still be blocked for things like values
|
|
# files in Helm charts. But symlinks which are not explicitly blocked by other checks will be allowed.
|
|
reposerver.allow.oob.symlinks: "false"
|
|
# Maximum size of tarball when streaming manifests to the repo server for generation
|
|
reposerver.streamed.manifest.max.tar.size: "100M"
|
|
# Maximum size of extracted manifests when streaming manifests to the repo server for generation
|
|
reposerver.streamed.manifest.max.extracted.size: "1G"
|
|
# Enable git submodule support
|
|
reposerver.enable.git.submodule: "true"
|
|
|
|
# Disable TLS on the HTTP endpoint
|
|
dexserver.disable.tls: "false"
|
|
|
|
## ApplicationSet Controller Properties
|
|
# Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.
|
|
applicationsetcontroller.enable.leader.election: "false"
|
|
# Argo CD repo namespace (default: argocd)
|
|
applicationsetcontroller.namespace: ""
|
|
# "Modify how application is synced between the generator and the cluster. Default is 'sync' (create & update & delete), options: 'create-only', 'create-update' (no deletion), 'create-delete' (no update)"
|
|
applicationsetcontroller.policy: "sync"
|
|
# Print debug logs. Takes precedence over loglevel
|
|
applicationsetcontroller.debug: "false"
|
|
# Set the logging format. One of: text|json (default "text")
|
|
applicationsetcontroller.log.format: "text"
|
|
# Set the logging level. One of: debug|info|warn|error (default "info")
|
|
applicationsetcontroller.log.level: "info"
|
|
# Enable dry run mode
|
|
applicationsetcontroller.dryrun: "false"
|
|
# Enable git submodule support
|
|
applicationsetcontroller.enable.git.submodule: "true"
|
|
# Enables use of the Progressive Syncs capability
|
|
applicationsetcontroller.enable.progressive.syncs: "false"
|