argocd values.yaml📜
awsCredentials.awsAccessKeyId📜
Type: string
""
awsCredentials.awsSecretAccessKey📜
Type: string
""
awsCredentials.awsDefaultRegion📜
Type: string
"us-gov-west-1"
domain📜
Type: string
"dev.bigbang.mil"
istio.enabled📜
Type: bool
false
Description: Toggle BigBang istio integration
istio.injection📜
Type: string
"disabled"
Description: Toggle BigBang istio injection
istio.mtls📜
Type: object
mode: STRICT
Description: Default argocd peer authentication
istio.mtls.mode📜
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
istio.sidecar📜
Type: object
enabled: false
outboundTrafficPolicyMode: REGISTRY_ONLY
Description: Sidecar configuration for hardened mode
istio.serviceEntries📜
Type: object
custom: []
Description: Custom ServiceEntries for hardened mode
istio.authorizationPolicies📜
Type: object
custom: []
enabled: false
generateFromNetpol: false
Description: Authorization policies for hardened mode
istio.authorizationPolicies.generateFromNetpol📜
Type: bool
false
Description: Generate AuthorizationPolicies from NetworkPolicy rules
routes📜
Type: object
inbound:
argocd:
annotations: {}
containerPort: 8080
enabled: true
gateways:
- istio-gateway/public-ingressgateway
hosts:
- argocd.{{ .Values.domain }}
labels: {}
port: 80
selector:
app.kubernetes.io/name: argocd-server
service: argocd-argocd-server
Description: Inbound routes for VirtualService generation
monitoring.enabled📜
Type: bool
false
Description: Toggle BigBang monitoring integration
networkPolicies.enabled📜
Type: bool
true
Description: Toggle BigBang networkPolicies integration
networkPolicies.ingress.to.argocd-server:8083📜
Type: object
from:
k8s:
monitoring-monitoring-kube-prometheus@monitoring/prometheus: true
Description: Ingress to argocd-server for metrics from prometheus
networkPolicies.ingress.to.argocd-repo-server:8084📜
Type: object
from:
k8s:
monitoring-monitoring-kube-prometheus@monitoring/prometheus: true
Description: Ingress to argocd-repo-server for metrics from prometheus
networkPolicies.ingress.to.argocd-application-controller:8082📜
Type: object
from:
k8s:
monitoring-monitoring-kube-prometheus@monitoring/prometheus: true
Description: Ingress to argocd-application-controller for metrics from prometheus
networkPolicies.ingress.to.redis-bb:6379📜
Type: object
from:
k8s:
monitoring/grafana: true
Description: Ingress to redis from grafana for dashboards
networkPolicies.ingress.to.redis-bb:9121📜
Type: object
from:
k8s:
monitoring-monitoring-kube-prometheus@monitoring/prometheus: true
Description: Ingress to redis-exporter for metrics from prometheus
networkPolicies.egress.from.*📜
Type: object
to:
k8s:
tempo/tempo:9411: false
Description: Egress to tempo for tracing from all pods
networkPolicies.egress.from.argocd-application-controller📜
Type: object
to:
definition:
kubeAPI: true
Description: Egress to kube API for application-controller (needed for reconciling resources)
networkPolicies.egress.from.argocd-server📜
Type: object
to:
definition:
kubeAPI: true
Description: Egress to kube API for server (needed for secrets/configmaps)
networkPolicies.egress.from.argocd-applicationset-controller📜
Type: object
to:
definition:
kubeAPI: true
Description: Egress to kube API for applicationset-controller
networkPolicies.egress.from.argocd-dex-server📜
Type: object
to:
definition:
kubeAPI: true
Description: Egress to kube API for dex-server
networkPolicies.egress.from.argocd-notifications-controller📜
Type: object
to:
definition:
kubeAPI: true
Description: Egress to kube API for notifications-controller
networkPolicies.egress.from.argocd-upgrade-job📜
Type: object
to:
definition:
kubeAPI: true
Description: Egress to kube API for upgrade job (needed for labeling CRDs)
networkPolicies.egress.from.argocd-repo-server📜
Type: object
to:
cidr:
0.0.0.0/0:443: true
Description: Egress to external git repos for repo-server
networkPolicies.additionalPolicies📜
Type: list
[]
upgradeJob.enabled📜
Type: bool
true
upgradeJob.image.repository📜
Type: string
"registry1.dso.mil/ironbank/big-bang/base"
upgradeJob.image.tag📜
Type: string
"2.1.0"
upgradeJob.image.imagePullPolicy📜
Type: string
"IfNotPresent"
bbtests.enabled📜
Type: bool
false
bbtests.cypress.artifacts📜
Type: bool
true
bbtests.cypress.envs.cypress_url📜
Type: string
"http://argocd-server"
bbtests.cypress.envs.cypress_user📜
Type: string
"admin"
bbtests.cypress.envs.cypress_password📜
Type: string
"Password123"
bbtests.cypress.envs.cypress_timeout📜
Type: string
"120000"
bbtests.cypress.resources.requests.cpu📜
Type: int
4
bbtests.cypress.resources.requests.memory📜
Type: string
"4Gi"
bbtests.cypress.resources.limits.cpu📜
Type: int
4
bbtests.cypress.resources.limits.memory📜
Type: string
"8Gi"
bbtests.scripts.image📜
Type: string
"registry1.dso.mil/ironbank/big-bang/devops-tester:1.1"
bbtests.scripts.envs.ARGOCD_SERVER📜
Type: string
"http://argocd-server"
bbtests.scripts.envs.ARGOCD_USER📜
Type: string
"admin"
bbtests.scripts.envs.ARGOCD_PASSWORD📜
Type: string
"Password123"
redis-bb📜
Type: object
cleanUpgrade:
enabled: true
enabled: true
networkPolicies:
enabled: true
upstream:
auth:
enabled: false
commonConfiguration: 'maxmemory 200mb
save ""'
image:
pullSecrets:
- private-registry
istio:
redis:
enabled: false
master:
containerSecurityContext:
capabilities:
drop:
- ALL
enabled: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 100m
memory: 256Mi
metrics:
containerSecurityContext:
enabled: true
runAsGroup: 1001
runAsUser: 1001
enabled: true
image:
tag: v1.81.0
labels:
app.kubernetes.io/name: argocd-redis-ha-haproxy
metrics: null
replica:
containerSecurityContext:
capabilities:
drop:
- ALL
enabled: true
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 6379
timeoutSeconds: 30
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 100m
memory: 256Mi
Description: BigBang HA Redis Passthrough
redis-bb.upstream.metrics.labels📜
Type: object
app.kubernetes.io/name: argocd-redis-ha-haproxy
Description: Custom labels for the haproxy pod. This is relevant for Argo CD CLI.
redis-bb.upstream.metrics.containerSecurityContext📜
Type: object
enabled: true
runAsGroup: 1001
runAsUser: 1001
Description: HAProxy enable prometheus metric scraping
global.image.repository📜
Type: string
"registry1.dso.mil/ironbank/big-bang/argocd"
global.image.tag📜
Type: string
"v3.3.0"
global.image.imagePullPolicy📜
Type: string
"IfNotPresent"
global.imagePullSecrets[0].name📜
Type: string
"private-registry"
argocd-apps.applications📜
Type: object
{}
argocd-apps.projects📜
Type: object
{}
argocd-apps.applicationsets📜
Type: object
{}
argocd-apps.itemTemplates📜
Type: list
[]
argocd-apps.exports📜
Type: object
{}
upstream📜
Type: object
applicationSet:
containerSecurityContext:
runAsGroup: 1000
runAsUser: 1000
enabled: true
livenessProbe:
failureThreshold: 5
timeoutSeconds: 30
readinessProbe:
failureThreshold: 5
timeoutSeconds: 30
configs:
params:
server.insecure: true
controller:
containerSecurityContext:
runAsGroup: 1000
runAsUser: 1000
readinessProbe:
timeoutSeconds: 30
resources:
limits:
cpu: 500m
memory: 3Gi
requests:
cpu: 500m
memory: 3Gi
dex:
containerSecurityContext:
runAsGroup: 1000
runAsUser: 1000
image:
repository: registry1.dso.mil/ironbank/opensource/dexidp/dex
tag: v2.44.0
livenessProbe:
timeoutSeconds: 30
readinessProbe:
timeoutSeconds: 30
resources:
limits:
cpu: 20m
memory: 256Mi
requests:
cpu: 10m
memory: 128Mi
externalRedis:
host: redis-bb-headless.argocd.svc.cluster.local
notifications:
containerSecurityContext:
runAsGroup: 1000
runAsUser: 1000
openshift:
enabled: false
redis:
enabled: false
redisSecretInit:
enabled: false
repoServer:
containerSecurityContext:
runAsGroup: 1000
runAsUser: 1000
livenessProbe:
failureThreshold: 5
timeoutSeconds: 30
readinessProbe:
failureThreshold: 5
timeoutSeconds: 30
resources:
limits:
cpu: 100m
memory: 1Gi
requests:
cpu: 100m
memory: 1Gi
server:
containerSecurityContext:
runAsGroup: 1000
runAsUser: 1000
livenessProbe:
failureThreshold: 5
timeoutSeconds: 30
readinessProbe:
failureThreshold: 5
timeoutSeconds: 30
resources:
limits:
cpu: 20m
memory: 128Mi
requests:
cpu: 20m
memory: 128Mi
Description: We are exposing only the keys that BigBang overrides from the upstream chart. Please refer to the upstream chart for other value configs.
upstream.openshift.enabled📜
Type: bool
false
Description: enables using arbitrary uid for argo repo server