gitops-template/azure-github/templates/mgmt/components/argo-workflows/application.yaml at 48f9c57a3fab3ebe201d0070e93715f5abf6a65b · konstructio/gitops-template · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: argo
  namespace: argocd
  annotations:
    argocd.argoproj.io/sync-wave: '10'
spec:
  project: default
  source:
    repoURL: https://argoproj.github.io/argo-helm
    targetRevision: 0.42.7
    helm:
      values: |-
        nameOverride: argo
        executor:
          resources:
            requests:
              cpu: 200m
              memory: 256Mi
            limits:
              cpu: 1
              memory: 1024Mi
        controller:
          deploymentAnnotations:
            configmap.reloader.stakater.com/reload: argo-workflow-controller-configmap
            secret.reloader.stakater.com/reload: azure-storage-credentials
        server:
          deploymentAnnotations:
            configmap.reloader.stakater.com/reload: argo-workflow-controller-configmap
            secret.reloader.stakater.com/reload: azure-storage-credentials
          secure: false
          extraArgs:
          - --auth-mode=client
          - --auth-mode=sso
          ingress:
            enabled: true
            ingressClassName: nginx
            annotations:
              <CERT_MANAGER_ISSUER_ANNOTATION_1>
              <CERT_MANAGER_ISSUER_ANNOTATION_2>
              <CERT_MANAGER_ISSUER_ANNOTATION_3>
              <CERT_MANAGER_ISSUER_ANNOTATION_4>
            hosts:
              - argo.<DOMAIN_NAME>
            paths:
              - /
            pathType: Prefix
            tls:
              - secretName: argo-tls
                hosts:
                  - argo.<DOMAIN_NAME>
          authModes:
            - sso
          sso:
            enabled: true
            issuer: https://vault.<DOMAIN_NAME>/v1/identity/oidc/provider/kubefirst
            clientId:
              name: argo-secrets
              key: client-id
            clientSecret:
              name: argo-secrets
              key: client-secret
            redirectUrl: https://argo.<DOMAIN_NAME>/oauth2/callback
            scopes:
              - email
              - openid
              - groups
              - user
              - profile
            # RBAC Config. >= v2.12
            rbac:
              enabled: true
        useDefaultArtifactRepo: true
        useStaticCredentials: true
        artifactRepository:
          archiveLogs: false
          azure:
            endpoint: https://<KUBEFIRST_STATE_STORE_BUCKET>.blob.core.windows.net
            blobNameFormat: "argo-workflows/artifacts/{{workflow.creationTimestamp.Y}}/{{workflow.creationTimestamp.m}}/{{workflow.creationTimestamp.d}}/{{workflow.uid}}/{{workflow.name}}/{{pod.name}}"
            container: <KUBEFIRST_STATE_STORE_CONTAINER_NAME>
            useSDKCreds: false
            accountKeySecret:
              name: azure-storage-credentials
              key: account-access-key
    chart: argo-workflows
  destination:
    name: in-cluster
    namespace: argo
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true