argo-cd/docs/operator-manual/argocd-cm.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
data:
  # Argo CD's externally facing base URL (optional). Required when configuring SSO
  url: https://argo-cd-demo.argoproj.io

  # Enables application status badge feature
  statusbadge.enabled: 'true'

  # Enables anonymous user access. The anonymous users get default role permissions specified argocd-rbac-cm.yaml.
  users.anonymous.enabled: "true"

  # Enables google analytics tracking is specified
  ga.trackingid: 'UA-12345-1'
  # Unless set to 'false' then user ids are hashed before sending to google analytics
  ga.anonymizeusers: 'false'

  # A dex connector configuration (optional). See SSO configuration documentation:
  # https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/sso.md
  # https://github.com/dexidp/dex/tree/master/Documentation/connectors
  dex.config: |
    connectors:
      # GitHub example
      - type: github
        id: github
        name: GitHub
        config:
          clientID: aabbccddeeff00112233
          clientSecret: $dex.github.clientSecret
          orgs:
          - name: your-github-org
            teams:
            - red-team    

  # OIDC configuration as an alternative to dex (optional).
  oidc.config: |
    name: Okta
    issuer: https://dev-123456.oktapreview.com
    clientID: aaaabbbbccccddddeee
    clientSecret: $oidc.okta.clientSecret
    # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
    requestedScopes: ["openid", "profile", "email"]    

  # Git repositories configure Argo CD with (optional).
  # This list is updated when configuring/removing repos from the UI/CLI
  repositories: |
    - url: https://github.com/argoproj/my-private-repository
      passwordSecret:
        name: my-secret
        key: password
      usernameSecret:
        name: my-secret
        key: username
      sshPrivateKeySecret:
        name: my-secret
        key: sshPrivateKey    

  # Non-standard and private Helm repositories (optional).
  helm.repositories: |
    - url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
      name: istio.io
    - url: https://my-private-chart-repo.internal
      name: private-repo
      usernameSecret:
        name: my-secret
        key: username
      passwordSecret:
        name: my-secret
        key: password    

  # Configuration to customize resource behavior (optional). Keys are in the form: group/Kind.
  resource.customizations: |
    admissionregistration.k8s.io/MutatingWebhookConfiguration:
      # List of json pointers in the object to ignore differences
      ignoreDifferences: |
        jsonPointers:
        - webhooks/0/clientConfig/caBundle
    certmanager.k8s.io/Certificate:
      # Lua script for customizing the health status assessment
      health.lua: |
        hs = {}
        if obj.status ~= nil then
          if obj.status.conditions ~= nil then
            for i, condition in ipairs(obj.status.conditions) do
              if condition.type == "Ready" and condition.status == "False" then
                hs.status = "Degraded"
                hs.message = condition.message
                return hs
              end
              if condition.type == "Ready" and condition.status == "True" then
                hs.status = "Healthy"
                hs.message = condition.message
                return hs
              end
            end
          end
        end
        hs.status = "Progressing"
        hs.message = "Waiting for certificate"
        return hs    

  # Configuration to completely ignore entire classes of resource group/kinds (optional).
  # Excluding high-volume resources improves performance and memory usage, and reduces load and 
  # bandwidth to the Kubernetes API server.
  # These are globs, so a "*" will match all values.
  # If you omit groups/kinds/clusters then they will match all groups/kind/clusters.
  # NOTE: events.k8s.io and metrics.k8s.io are excluded by default
  resource.exclusions: |
    - apiGroups:
      - repositories.stash.appscode.com
      kinds:
      - Snapshot
      clusters:
      - "*.local"    

  # Configuration to add a config management plugin.
  configManagementPlugins: |
    - name: kasane
      init:
        command: [kasane, update]
      generate:
        command: [kasane, show]    

  # Build options/parameters to use with `kustomize build` (optional)
  kustomize.buildOptions: --load_restrictor none

  # The metadata.label key name where Argo CD injects the app name as a tracking label (optional).
  # Tracking labels are used to determine which resources need to be deleted when pruning.
  # If omitted, Argo CD injects the app name into the label: 'app.kubernetes.io/instance'
  application.instanceLabelKey: mycompany.com/appname