configs: secret: createSecret: true argocdServerAdminPassword: "$2b$12$Tmb1jH7ADvwWoUoNPXXsfOf6JqEluqhq8mL06a8DGT2AP1GzbNsCm" # oidc.clientSecret managed by argocd-oidc-sync CronJob # (reads from argocd-oidc-credentials, patches argocd-secret) ssh: knownHosts: | [git.forteapps.net]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTwi40de8yTGUuRT0i/XGicQ672BLhYR6D/lDquJrp/tdrWoZhVVPy0wxSkWsq1V92iiAUuQnXagOGsLBGZT9uDLWKvEmNDnCfjzTMq3J1iA3vk2rQ8WBlCzhvmeCV/r0ufl6vsgfwxSRomLZeqa2UkLHx69gy2Njb1S2/aZK1Q53f466hCUfDULZrTn2Nn5Sj8cEbJ8EyvVN2YG9HYBxQdzKRPZEmS1vyzmn8YrYIkZseIRQElabzWGh86owuaaqnwJhTJj1j2sEUeIet04sGKJcnxx2UL4H90N66LKMldmMiuli+ve/CjJmMwDl0zGkjIniT3XR8CyEXYHli7B1hR8Z+dbK6DBgjz+28lFgMIRY70KkZJNsJcBNZLZ5fHwCI13a9U3Uhg3Pu/6s0zlosM4CrAQNQCRe95ZPtCpdFhlGrOl4m1rdSK2meL6rND0TBBuZbaFF6Py7TawLCAiO2KRaVqhu9OFVjwJ/nifgLzFGwWj+WcYmpuR+DwozrF/Hl7QYsz1x4GO1SONY07KbIFkUCHOMAh0AELY5YE4eGI4mtG6SecdPaAdLREGZYK4IcyP5i1QW9g0wmfRSsV9jy+r0ivBxixxh4yJiNpkg6NXak40gQtGIme9EJ+DxrRLruNsfDILWcdSuH/wvuorv56NpQFGB0FzB6LXMloSYptQ== cm: application.resourceTrackingMethod: annotation timeout.reconciliation: 60s admin.enabled: "true" url: https://argocd.forteapps.net oidc.config: | name: Forte SSO issuer: https://id.forteapps.net/realms/forte clientID: argocd clientSecret: $oidc.clientSecret requestedScopes: ["openid", "email", "profile"] rbacConfig: policy.csv: | g, ArgoCD Admins, role:admin g, ArgoCD Viewers, role:readonly policy.default: role:readonly scopes: '[groups]' params: "server.insecure": true repoServer: # Disable git submodule checkout - submodules (e.g. shared-prompts) # are not needed for K8s manifest generation extraEnv: - name: ARGOCD_GIT_MODULES_ENABLED value: "false" server: ingress: enabled: true ingressClassName: traefik annotations: cert-manager.io/cluster-issuer: letsencrypt-prod tls: true extraArgs: - --insecure notifications: # Don't create secret via Helm - using SealedSecret instead secret: create: false # Define notification templates templates: template.app-syncing: | webhook: slack: method: POST body: | { "payload": "🖥️ {{ .context.clusterName }}: 🔄 *{{ .app.metadata.name }}* is syncing...\n📦 Revision: {{ .app.status.sync.revision | default `n/a` | substr 0 7 }}" } template.app-sync-succeeded: | webhook: slack: method: POST body: | { "payload": "🖥️ {{ .context.clusterName }}: ✅ *{{ .app.metadata.name }}* sync succeeded\n📦 Revision: {{ .app.status.sync.revision | default `n/a` | substr 0 7 }}{{ range .app.status.summary.images }}\n🏷️ Image: {{ . }}{{ end }}" } template.app-sync-failed: | webhook: slack: method: POST body: | { "payload": "🖥️ {{ .context.clusterName }}: ❌ *{{ .app.metadata.name }}* sync failed\n📦 Revision: {{ .app.status.sync.revision | default `n/a` | substr 0 7 }}\n⚠️ Message: {{ .app.status.operationState.message }}" } template.app-degraded: | webhook: slack: method: POST body: | { "payload": "🖥️ {{ .context.clusterName }}: ⚠️ *{{ .app.metadata.name }}* is degraded\n🏥 Health: {{ .app.status.health.status }}\n📦 Revision: {{ .app.status.sync.revision | default `n/a` | substr 0 7 }}{{ range .app.status.summary.images }}\n🏷️ Image: {{ . }}{{ end }}" } # Define notification triggers triggers: trigger.on-sync-running: | - when: app.status.operationState.phase in ['Running'] send: [app-syncing] trigger.on-sync-succeeded: | - when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy' send: [app-sync-succeeded] trigger.on-sync-failed: | - when: app.status.operationState.phase in ['Failed'] send: [app-sync-failed] trigger.on-degraded: | - when: app.status.health.status == 'Degraded' send: [app-degraded] # Define notification services (webhook for Slack) notifiers: service.webhook.slack: | url: $slack-webhook-url headers: - name: Content-Type value: application/json