mirror of
https://github.com/argoproj/argo-cd
synced 2026-05-02 06:17:18 +00:00
a80656d345
docs: Add missing documentation for repository secrets (#6540) Signed-off-by: Jan Gräfen <223234+jangraefen@users.noreply.github.com>
228 lines
8.9 KiB
YAML
228 lines
8.9 KiB
YAML
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: argocd-cm
|
|
namespace: argocd
|
|
labels:
|
|
app.kubernetes.io/name: argocd-cm
|
|
app.kubernetes.io/part-of: argocd
|
|
data:
|
|
# Argo CD's externally facing base URL (optional). Required when configuring SSO
|
|
url: https://argo-cd-demo.argoproj.io
|
|
|
|
# Enables application status badge feature
|
|
statusbadge.enabled: "true"
|
|
|
|
# Enables anonymous user access. The anonymous users get default role permissions specified argocd-rbac-cm.yaml.
|
|
users.anonymous.enabled: "true"
|
|
# Specifies token expiration duration
|
|
users.session.duration: "24h"
|
|
|
|
# Enables google analytics tracking is specified
|
|
ga.trackingid: "UA-12345-1"
|
|
# Unless set to 'false' then user ids are hashed before sending to google analytics
|
|
ga.anonymizeusers: "false"
|
|
|
|
# the URL for getting chat help, this will typically be your Slack channel for support
|
|
help.chatUrl: "https://mycorp.slack.com/argo-cd"
|
|
# the text for getting chat help, defaults to "Chat now!"
|
|
help.chatText: "Chat now!"
|
|
|
|
# A dex connector configuration (optional). See SSO configuration documentation:
|
|
# https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/sso
|
|
# https://dexidp.io/docs/connectors/
|
|
dex.config: |
|
|
connectors:
|
|
# GitHub example
|
|
- type: github
|
|
id: github
|
|
name: GitHub
|
|
config:
|
|
clientID: aabbccddeeff00112233
|
|
clientSecret: $dex.github.clientSecret
|
|
orgs:
|
|
- name: your-github-org
|
|
teams:
|
|
- red-team
|
|
# It is possible to provide custom static client for dex if you want to reuse it
|
|
# with other services
|
|
# staticClients:
|
|
# - id: argo-workflow
|
|
# name: Argo Workflow
|
|
# redirectURIs:
|
|
# - https://argo/oauth2/callback
|
|
# secret: $secretReference
|
|
|
|
# OIDC configuration as an alternative to dex (optional).
|
|
oidc.config: |
|
|
name: Okta
|
|
issuer: https://dev-123456.oktapreview.com
|
|
clientID: aaaabbbbccccddddeee
|
|
clientSecret: $oidc.okta.clientSecret
|
|
# Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
|
|
requestedScopes: ["openid", "profile", "email"]
|
|
# Optional set of OIDC claims to request on the ID token.
|
|
requestedIDTokenClaims: {"groups": {"essential": true}}
|
|
|
|
# Configuration to customize resource behavior (optional) can be configured via splitted sub keys.
|
|
# Keys are in the form: resource.customizations.ignoreDifferences.<group_kind>, resource.customizations.health.<group_kind>
|
|
# resource.customizations.actions.<group_kind>, resource.customizations.knownTypeFields.<group-kind>
|
|
resource.customizations.ignoreDifferences.admissionregistration.k8s.io_MutatingWebhookConfiguration: |
|
|
jsonPointers:
|
|
- /webhooks/0/clientConfig/caBundle
|
|
jqPathExpressions:
|
|
- .webhooks[0].clientConfig.caBundle
|
|
|
|
resource.customizations.health.certmanager.k8s.io-Certificate: |
|
|
hs = {}
|
|
if obj.status ~= nil then
|
|
if obj.status.conditions ~= nil then
|
|
for i, condition in ipairs(obj.status.conditions) do
|
|
if condition.type == "Ready" and condition.status == "False" then
|
|
hs.status = "Degraded"
|
|
hs.message = condition.message
|
|
return hs
|
|
end
|
|
if condition.type == "Ready" and condition.status == "True" then
|
|
hs.status = "Healthy"
|
|
hs.message = condition.message
|
|
return hs
|
|
end
|
|
end
|
|
end
|
|
end
|
|
hs.status = "Progressing"
|
|
hs.message = "Waiting for certificate"
|
|
return hs
|
|
|
|
resource.customizations.health.cert-manager.io_Certificate: |
|
|
hs = {}
|
|
if obj.status ~= nil then
|
|
if obj.status.conditions ~= nil then
|
|
for i, condition in ipairs(obj.status.conditions) do
|
|
if condition.type == "Ready" and condition.status == "False" then
|
|
hs.status = "Degraded"
|
|
hs.message = condition.message
|
|
return hs
|
|
end
|
|
if condition.type == "Ready" and condition.status == "True" then
|
|
hs.status = "Healthy"
|
|
hs.message = condition.message
|
|
return hs
|
|
end
|
|
end
|
|
end
|
|
end
|
|
hs.status = "Progressing"
|
|
hs.message = "Waiting for certificate"
|
|
return hs
|
|
|
|
# List of Lua Scripts to introduce custom actions
|
|
resource.customizations.actions.apps_Deployment: |
|
|
# Lua Script to indicate which custom actions are available on the resource
|
|
discovery.lua: |
|
|
actions = {}
|
|
actions["restart"] = {}
|
|
return actions
|
|
definitions:
|
|
- name: restart
|
|
# Lua Script to modify the obj
|
|
action.lua: |
|
|
local os = require("os")
|
|
if obj.spec.template.metadata == nil then
|
|
obj.spec.template.metadata = {}
|
|
end
|
|
if obj.spec.template.metadata.annotations == nil then
|
|
obj.spec.template.metadata.annotations = {}
|
|
end
|
|
obj.spec.template.metadata.annotations["kubectl.kubernetes.io/restartedAt"] = os.date("!%Y-%m-%dT%XZ")
|
|
return obj
|
|
|
|
# Configuration to completely ignore entire classes of resource group/kinds (optional).
|
|
# Excluding high-volume resources improves performance and memory usage, and reduces load and
|
|
# bandwidth to the Kubernetes API server.
|
|
# These are globs, so a "*" will match all values.
|
|
# If you omit groups/kinds/clusters then they will match all groups/kind/clusters.
|
|
# NOTE: events.k8s.io and metrics.k8s.io are excluded by default
|
|
resource.exclusions: |
|
|
- apiGroups:
|
|
- repositories.stash.appscode.com
|
|
kinds:
|
|
- Snapshot
|
|
clusters:
|
|
- "*.local"
|
|
|
|
# By default all resource group/kinds are included. The resource.inclusions setting allows customizing
|
|
# list of included group/kinds.
|
|
resource.inclusions: |
|
|
- apiGroups:
|
|
- repositories.stash.appscode.com
|
|
kinds:
|
|
- Snapshot
|
|
clusters:
|
|
- "*.local"
|
|
|
|
resource.compareoptions: |
|
|
# if ignoreAggregatedRoles set to true then differences caused by aggregated roles in RBAC resources are ignored.
|
|
ignoreAggregatedRoles: true
|
|
|
|
# disables status field diffing in specified resource types
|
|
# 'crd' - CustomResourceDefinitions (default)
|
|
# 'all' - all resources
|
|
# 'none' - disabled
|
|
ignoreResourceStatusField: crd
|
|
|
|
# Configuration to add a config management plugin.
|
|
configManagementPlugins: |
|
|
- name: kasane
|
|
init:
|
|
command: [kasane, update]
|
|
generate:
|
|
command: [kasane, show]
|
|
|
|
# Build options/parameters to use with `kustomize build` (optional)
|
|
kustomize.buildOptions: --load_restrictor none
|
|
|
|
# Per-version build options and binary paths
|
|
kustomize.path.v3.9.1: /custom-tools/kustomize_3_9
|
|
kustomize.buildOptions.v3.9.1: --enable_kyaml true
|
|
|
|
# Additional Kustomize versions and corresponding binary paths (deprecated)
|
|
kustomize.version.v3.5.1: /custom-tools/kustomize_3_5_1
|
|
kustomize.version.v3.5.4: /custom-tools/kustomize_3_5_4
|
|
|
|
# The metadata.label key name where Argo CD injects the app name as a tracking label (optional).
|
|
# Tracking labels are used to determine which resources need to be deleted when pruning.
|
|
# If omitted, Argo CD injects the app name into the label: 'app.kubernetes.io/instance'
|
|
application.instanceLabelKey: mycompany.com/appname
|
|
|
|
# disables admin user. Admin is enabled by default
|
|
admin.enabled: "false"
|
|
# add an additional local user with apiKey and login capabilities
|
|
# apiKey - allows generating API keys
|
|
# login - allows to login using UI
|
|
accounts.alice: apiKey, login
|
|
# disables user. User is enabled by default
|
|
accounts.alice.enabled: "false"
|
|
|
|
# The location of optional user-defined CSS that is loaded at runtime.
|
|
# Local CSS Files:
|
|
# - If the supplied path is to a file mounted on the argocd-server container, that file should be mounted
|
|
# within a subdirectory of the existing "/shared/app" directory (e.g. "/shared/app/custom"). Otherwise,
|
|
# the file will likely fail to be imported by the browser with an "incorrect MIME type" error.
|
|
# - The path should be specified relative to the "/shared/app" directory; not as an absolute path.
|
|
# Remote CSS Files:
|
|
# - Files may also be loaded from remote locations via fully qualified URLs.
|
|
ui.cssurl: "./custom/my-styles.css"
|
|
|
|
# An optional user-defined banner message that's displayed at the top of every UI page.
|
|
# Every time this is updated, it will clear a user's localStorage telling the UI to hide the banner forever.
|
|
ui.bannercontent: "Hello there!"
|
|
# Optional link for banner. If set, the entire banner text will become a link.
|
|
# You can have bannercontent without a bannerurl, but not the other way around.
|
|
ui.bannerurl: "https://argoproj.github.io"
|
|
|
|
# Application reconciliation timeout is the max amount of time required to discover if a new manifests version got
|
|
# published to the repository. Reconciliation by timeout is disabled if timeout is set to 0. Three minutes by default.
|
|
# > Note: argocd-repo-server deployment must be manually restarted after changing the setting.
|
|
timeout.reconciliation: 180s
|