Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Wiki Activity
Files
feat/subdomain-drop-wildcard-cert
launchpad/infra/values/base/argocd-values.yaml
T
danijel.simeunovic 1c6f18b67c homepage
2026-04-28 20:38:59 +02:00

110 lines
4.6 KiB
YAML
Raw Permalink Blame History

configs:
secret:
createSecret: true
argocdServerAdminPassword: "$2b$12$Tmb1jH7ADvwWoUoNPXXsfOf6JqEluqhq8mL06a8DGT2AP1GzbNsCm"
# oidc.clientSecret managed by argocd-oidc-sync CronJob
# (reads from argocd-oidc-credentials, patches argocd-secret)
ssh:
knownHosts: |
[git.forteapps.net]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTwi40de8yTGUuRT0i/XGicQ672BLhYR6D/lDquJrp/tdrWoZhVVPy0wxSkWsq1V92iiAUuQnXagOGsLBGZT9uDLWKvEmNDnCfjzTMq3J1iA3vk2rQ8WBlCzhvmeCV/r0ufl6vsgfwxSRomLZeqa2UkLHx69gy2Njb1S2/aZK1Q53f466hCUfDULZrTn2Nn5Sj8cEbJ8EyvVN2YG9HYBxQdzKRPZEmS1vyzmn8YrYIkZseIRQElabzWGh86owuaaqnwJhTJj1j2sEUeIet04sGKJcnxx2UL4H90N66LKMldmMiuli+ve/CjJmMwDl0zGkjIniT3XR8CyEXYHli7B1hR8Z+dbK6DBgjz+28lFgMIRY70KkZJNsJcBNZLZ5fHwCI13a9U3Uhg3Pu/6s0zlosM4CrAQNQCRe95ZPtCpdFhlGrOl4m1rdSK2meL6rND0TBBuZbaFF6Py7TawLCAiO2KRaVqhu9OFVjwJ/nifgLzFGwWj+WcYmpuR+DwozrF/Hl7QYsz1x4GO1SONY07KbIFkUCHOMAh0AELY5YE4eGI4mtG6SecdPaAdLREGZYK4IcyP5i1QW9g0wmfRSsV9jy+r0ivBxixxh4yJiNpkg6NXak40gQtGIme9EJ+DxrRLruNsfDILWcdSuH/wvuorv56NpQFGB0FzB6LXMloSYptQ==
cm:
application.resourceTrackingMethod: annotation
timeout.reconciliation: 60s
# Admin login disabled — SSO only. Break-glass: kubectl patch cm argocd-cm -n argocd -p '{"data":{"admin.enabled":"true"}}'
admin.enabled: "false"
url: https://argocd.forteapps.net
oidc.config: |
name: Forte SSO
issuer: https://id.forteapps.net/realms/forte
clientID: argocd
clientSecret: $oidc.clientSecret
requestedScopes: ["openid", "email", "profile"]
rbac:
policy.csv: |
g, ArgoCD Admins, role:admin
g, ArgoCD Viewers, role:readonly
# Deny users not in any declared KC group (ArgoCD Admins / ArgoCD Viewers)
policy.default: ""
scopes: '[groups]'
params:
"server.insecure": true
"reposerver.enable.git.submodule": "false"
server:
ingress:
enabled: true
ingressClassName: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
gethomepage.dev/enabled: "true"
gethomepage.dev/name: "ArgoCD"
gethomepage.dev/description: "GitOps continuous delivery"
gethomepage.dev/group: "DevOps"
gethomepage.dev/icon: "argo-cd"
gethomepage.dev/href: "https://argocd.forteapps.net"
tls: true
extraArgs:
- --insecure
notifications:
# Don't create secret via Helm - using SealedSecret instead
secret:
create: false
# Define notification templates
templates:
template.app-syncing: |
webhook:
slack:
method: POST
body: |
{
"payload": "🖥️ {{ .context.clusterName }}: 🔄 *{{ .app.metadata.name }}* is syncing...\n📦 Revision: {{ .app.status.sync.revision | default `n/a` | substr 0 7 }}"
}
template.app-sync-succeeded: |
webhook:
slack:
method: POST
body: |
{
"payload": "🖥️ {{ .context.clusterName }}: ✅ *{{ .app.metadata.name }}* sync succeeded\n📦 Revision: {{ .app.status.sync.revision | default `n/a` | substr 0 7 }}{{ range .app.status.summary.images }}\n🏷️ Image: {{ . }}{{ end }}"
}
template.app-sync-failed: |
webhook:
slack:
method: POST
body: |
{
"payload": "🖥️ {{ .context.clusterName }}: ❌ *{{ .app.metadata.name }}* sync failed\n📦 Revision: {{ .app.status.sync.revision | default `n/a` | substr 0 7 }}\n⚠️ Message: {{ .app.status.operationState.message }}"
}
template.app-degraded: |
webhook:
slack:
method: POST
body: |
{
"payload": "🖥️ {{ .context.clusterName }}: ⚠️ *{{ .app.metadata.name }}* is degraded\n🏥 Health: {{ .app.status.health.status }}\n📦 Revision: {{ .app.status.sync.revision | default `n/a` | substr 0 7 }}{{ range .app.status.summary.images }}\n🏷️ Image: {{ . }}{{ end }}"
}
# Define notification triggers
triggers:
trigger.on-sync-running: |
- when: app.status.operationState.phase in ['Running']
send: [app-syncing]
trigger.on-sync-succeeded: |
- when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
send: [app-sync-succeeded]
trigger.on-sync-failed: |
- when: app.status.operationState.phase in ['Failed']
send: [app-sync-failed]
trigger.on-degraded: |
- when: app.status.health.status == 'Degraded'
send: [app-degraded]
# Define notification services (webhook for Slack)
notifiers:
service.webhook.slack: |
url: $slack-webhook-url
headers:
- name: Content-Type
value: application/json
Reference in New Issue View Git Blame Copy Permalink