apiVersion: v1 kind: ConfigMap metadata: name: argocd-cmd-params-cm labels: app.kubernetes.io/name: argocd-cmd-params-cm app.kubernetes.io/part-of: argocd data: # Repo server address. (default "argocd-repo-server:8081") repo.server: "argocd-repo-server:8081" # Redis server hostname and port (e.g. argocd-redis:6379) redis.server: "argocd-redis:6379" # Enable compression for data sent to Redis with the required compression algorithm. (default 'gzip') redis.compression: gzip # Redis database redis.db: # Open-Telemetry collector address: (e.g. "otel-collector:4317") otlp.address: "" # Open-Telemetry collector insecure: (e.g. "true") otlp.insecure: "true" # Open-Telemetry collector headers: (e.g. "key1=value1,key2=value2") otlp.headers: "" # List of additional namespaces where applications may be created in and # reconciled from. The namespace where Argo CD is installed to will always # be allowed. # # Feature state: Beta application.namespaces: ns1, ns2, ns3 ## Controller Properties # Repo server RPC call timeout seconds. controller.repo.server.timeout.seconds: "60" # Disable TLS on connections to repo server controller.repo.server.plaintext: "false" # Whether to use strict validation of the TLS cert presented by the repo server controller.repo.server.strict.tls: "false" # Number of application status processors (default 20) controller.status.processors: "20" # Number of application operation processors (default 10) controller.operation.processors: "10" # Set the logging format. One of: text|json (default "text") controller.log.format: "text" # Set the logging level. One of: debug|info|warn|error (default "info") controller.log.level: "info" # Prometheus metrics cache expiration (disabled by default. e.g. 24h0m0s) controller.metrics.cache.expiration: "24h0m0s" # Specifies timeout between application self heal attempts (default 5) controller.self.heal.timeout.seconds: "5" # Cache expiration for app state (default 1h0m0s) controller.app.state.cache.expiration: "1h0m0s" # Specifies if resource health should be persisted in app CRD (default true) # Changing this to `false` significantly reduce number of Application CRD updates and improves controller performance. # However, disabling resource health by default might affect applications that communicate with Applications CRD directly # so we have to defer switching this to `false` by default till v3.0 release. controller.resource.health.persist: "true" # Cache expiration default (default 24h0m0s) controller.default.cache.expiration: "24h0m0s" # Sharding algorithm used to balance clusters accross application controller shards (default "legacy") controller.sharding.algorithm: legacy # Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit. controller.kubectl.parallelism.limit: "20" # The maximum number of retries for each request controller.k8sclient.retry.max: "0" # The initial backoff delay on the first retry attempt in ms. Subsequent retries will double this backoff time up to a maximum threshold controller.k8sclient.retry.base.backoff: "100" # Grace period in seconds for ignoring consecutive errors while communicating with repo server. controller.repo.error.grace.period.seconds: "180" # Enables the server side diff feature at the application controller level. # Diff calculation will be done by running a server side apply dryrun (when # diff cache is unavailable). controller.diff.server.side: "false" ## Server properties # Listen on given address for incoming connections (default "0.0.0.0") server.listen.address: "0.0.0.0" # Listen on given address for metrics (default "0.0.0.0") server.metrics.listen.address: "0.0.0.0" # Run server without TLS server.insecure: "false" # Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/") server.basehref: "/" # Used if Argo CD is running behind reverse proxy under subpath different from / server.rootpath: "" # Directory path that contains additional static assets server.staticassets: "/shared/app" # The maximum number of retries for each request server.k8sclient.retry.max: "0" # The initial backoff delay on the first retry attempt in ms. Subsequent retries will double this backoff time up to a maximum threshold server.k8sclient.retry.base.backoff: "100" # Semicolon-separated list of content types allowed on non-GET requests. Set an empty string to allow all. Be aware # that allowing content types besides application/json may make your API more vulnerable to CSRF attacks. server.api.content.types: "application/json" # Set the logging format. One of: text|json (default "text") server.log.format: "text" # Set the logging level. One of: debug|info|warn|error (default "info") server.log.level: "info" # Repo server RPC call timeout seconds. (default 60) server.repo.server.timeout.seconds: "60" # Use a plaintext client (non-TLS) to connect to repository server server.repo.server.plaintext: "false" # Perform strict validation of TLS certificates when connecting to repo server server.repo.server.strict.tls: "false" # Dex server address (default "http://argocd-dex-server:5556") server.dex.server: "http://argocd-dex-server:5556" # Use a plaintext client (non-TLS) to connect to dex server server.dex.server.plaintext: "false" # Perform strict validation of TLS certificates when connecting to dex server server.dex.server.strict.tls: "false" # Disable client authentication server.disable.auth: "false" # Toggle GZIP compression server.enable.gzip: "true" # Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin") server.x.frame.options: "sameorigin" # The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") server.tls.minversion: "1.2" # The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") server.tls.maxversion: "1.3" # The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") server.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384" # Cache expiration for cluster/repo connection status (default 1h0m0s) server.connection.status.cache.expiration: "1h0m0s" # Cache expiration for OIDC state (default 3m0s) server.oidc.cache.expiration: "3m0s" # Cache expiration for failed login attempts (default 24h0m0s) server.login.attempts.expiration: "24h0m0s" # Cache expiration for app state (default 1h0m0s) server.app.state.cache.expiration: "1h0m0s" # Cache expiration default (default 24h0m0s) server.default.cache.expiration: "24h0m0s" # Enable the experimental proxy extension feature server.enable.proxy.extension: "false" ## Repo-server properties # Listen on given address for incoming connections (default "0.0.0.0") reposerver.listen.address: "0.0.0.0" # Listen on given address for metrics (default "0.0.0.0") reposerver.metrics.listen.address: "0.0.0.0" # Set the logging format. One of: text|json (default "text") reposerver.log.format: "text" # Set the logging level. One of: debug|info|warn|error (default "info") reposerver.log.level: "info" # Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. reposerver.parallelism.limit: "1" # Disable TLS on the gRPC endpoint reposerver.disable.tls: "false" # The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") reposerver.tls.minversion: "1.2" # The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") reposerver.tls.maxversion: "1.3" # The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") reposerver.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384" # Cache expiration for repo state, incl. app lists, app details, manifest generation, revision meta-data (default 24h0m0s) reposerver.repo.cache.expiration: "24h0m0s" # Cache expiration default (default 24h0m0s) reposerver.default.cache.expiration: "24h0m0s" # Max combined manifest file size for a single directory-type Application. In-memory manifest representation may be as # much as 300x the manifest file size. Limit this to stay within the memory limits of the repo-server while allowing # for 300x memory expansion and N Applications running at the same time. # (example 10M max * 300 expansion * 10 Apps = 30G max theoretical memory usage). reposerver.max.combined.directory.manifests.size: '10M' # Paths to be excluded from the tarball streamed to plugins. Separate with ; reposerver.plugin.tar.exclusions: "" # Allow repositories to contain symlinks that leave the boundaries of the repository. # Changing this to "true" will not allow _all_ out-of-bounds symlinks. Those will still be blocked for things like values # files in Helm charts. But symlinks which are not explicitly blocked by other checks will be allowed. reposerver.allow.oob.symlinks: "false" # Maximum size of tarball when streaming manifests to the repo server for generation reposerver.streamed.manifest.max.tar.size: "100M" # Maximum size of extracted manifests when streaming manifests to the repo server for generation reposerver.streamed.manifest.max.extracted.size: "1G" # Enable git submodule support reposerver.enable.git.submodule: "true" # Number of concurrent git ls-remote requests. Any value less than 1 means no limit. reposerver.git.lsremote.parallelism.limit: "0" # Git requests timeout. reposerver.git.request.timeout: "15s" # Disable TLS on the HTTP endpoint dexserver.disable.tls: "false" ## ApplicationSet Controller Properties # Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. applicationsetcontroller.enable.leader.election: "false" # "Modify how application is synced between the generator and the cluster. Default is 'sync' (create & update & delete), options: 'create-only', 'create-update' (no deletion), 'create-delete' (no update)" applicationsetcontroller.policy: "sync" # Print debug logs. Takes precedence over loglevel applicationsetcontroller.debug: "false" # Set the logging format. One of: text|json (default "text") applicationsetcontroller.log.format: "text" # Set the logging level. One of: debug|info|warn|error (default "info") applicationsetcontroller.log.level: "info" # Enable dry run mode applicationsetcontroller.dryrun: "false" # Enable git submodule support applicationsetcontroller.enable.git.submodule: "true" # Enables use of the Progressive Syncs capability applicationsetcontroller.enable.progressive.syncs: "false" # A list of glob patterns specifying where to look for ApplicationSet resources. (default is only the ns where the controller is installed) applicationsetcontroller.namespaces: "argocd,argocd-appsets-*" # Path of the self-signed TLS certificate for SCM/PR Gitlab Generator applicationsetcontroller.scm.root.ca.path: "" # A comma separated list of allowed SCM providers (default "" is all SCM providers). # Setting this field is required when using ApplicationSets-in-any-namespace, to prevent users from # sending secrets from `tokenRef`s to disallowed `api` domains. # The url used in the scm generator must exactly match one in the list applicationsetcontroller.allowed.scm.providers: "https://git.example.com/,https://gitlab.example.com/" # To disable SCM providers entirely (i.e. disable the SCM and PR generators), set this to "false". Default is "true". applicationsetcontroller.enable.scm.providers: "false" ## Argo CD Notifications Controller Properties # Set the logging level. One of: debug|info|warn|error (default "info") notificationscontroller.log.level: "info" # Set the logging format. One of: text|json (default "text") notificationscontroller.log.format: "text" # Enable self-service notifications config. Used in conjunction with apps-in-any-namespace. (default "false") notificationscontroller.selfservice.enabled: "false"