--- bases: - envs/common.yaml --- releases: ################################################################################ ## ArgoCD ###################################################################### ################################################################################ # # References: # - https://github.com/argoproj/argo-helm/tree/master/charts/argo-cd # - name: "argo" namespace: "argocd" labels: chart: "argocd" repo: "argo" component: "argocd" namespace: "argocd" vendor: "argoproj" default: "true" chart: "argo/argo-cd" {{- if eq .Values.global.platform "openshift" }} hooks: - events: ["prepare"] showlogs: true command: "kubectl" args: ["apply", "-f", "../resources/argocd-scc.yaml"] - events: ["postuninstall"] showlogs: true command: "kubectl" args: ["delete", "-f", "../resources/argocd-scc.yaml"] {{- end }} disableValidation: true version: "5.33.1" wait: true installed: true values: - redis-ha: enabled: true server: replicas: 2 extraArgs: - "--insecure" env: - name: ARGOCD_API_SERVER_REPLICAS value: '2' {{- if eq .Values.global.platform "kubernetes" }} ingress: enabled: true hosts: - "argocd.{{ .Values.global.dnsWildCard }}" {{- end }} {{- if eq .Values.global.platform "openshift" }} route: enabled: true hostname: "argocd.{{ .Values.global.dnsWildCard }}" termination_type: edge termination_policy: Redirect {{- end }} config: # required when SSO is enabled url: "https://argocd.{{ .Values.global.dnsWildCard }}" application.instanceLabelKey: argocd.argoproj.io/instance-edp oidc.config: | name: Keycloak issuer: {{ .Values.global.keycloakEndpoint }}/auth/realms/{{ .Values.global.edpName }}-main clientID: argocd clientSecret: $oidc.keycloak.clientSecret requestedScopes: - openid - profile - email - groups rbacConfig: # users may be still be able to login, # but will see no apps, projects, etc... policy.default: '' scopes: '[groups]' policy.csv: | # default global admins g, ArgoCDAdmins, role:admin configs: params: application.namespaces: {{ .Values.global.edpName }} repoServer: replicas: 2 # we use Keycloak so no DEX is required dex: enabled: false # Disabled for multitenancy env with single instance deployment applicationSet: enabled: false