Mayne0213
1bc778bb11
- Previous 168m limit caused liveness probe failures due to throttling - Increase to 500m to ensure stable operation during manifest generation
173 lines
4.7 KiB
YAML
173 lines
4.7 KiB
YAML
# ArgoCD Helm Chart Values
|
|
# Chart: https://argoproj.github.io/argo-helm (argo-cd)
|
|
# All custom settings from current cluster deployment
|
|
|
|
# =============================================================================
|
|
# GLOBAL SETTINGS
|
|
# =============================================================================
|
|
global:
|
|
# High priority for critical GitOps infrastructure
|
|
priorityClassName: high-priority
|
|
|
|
# =============================================================================
|
|
# CONFIGS (ConfigMaps)
|
|
# =============================================================================
|
|
configs:
|
|
# argocd-cm
|
|
cm:
|
|
# Authelia handles authentication, so allow anonymous access
|
|
users.anonymous.enabled: "true"
|
|
# Disable polling - webhook only
|
|
timeout.reconciliation: "0"
|
|
# Ignore resource status field differences
|
|
resource.compareoptions: |
|
|
ignoreResourceStatusField: all
|
|
|
|
# argocd-cmd-params-cm
|
|
params:
|
|
# Ingress handles TLS, so run in insecure mode
|
|
server.insecure: "true"
|
|
# Disable periodic app resync (webhook + self-heal only)
|
|
controller.self.heal.timeout.seconds: "5"
|
|
|
|
# argocd-rbac-cm
|
|
rbac:
|
|
# Anonymous users get admin role (Authelia handles authentication)
|
|
policy.csv: |
|
|
g, , role:admin
|
|
policy.default: role:admin
|
|
|
|
# =============================================================================
|
|
# APPLICATION CONTROLLER (StatefulSet)
|
|
# =============================================================================
|
|
controller:
|
|
# Metrics for Prometheus
|
|
metrics:
|
|
enabled: true
|
|
service:
|
|
enabled: true
|
|
servicePort: 8082
|
|
serviceMonitor:
|
|
enabled: true
|
|
|
|
# Memory optimization environment variables
|
|
env:
|
|
- name: GOMEMLIMIT
|
|
value: "800MiB"
|
|
- name: GOGC
|
|
value: "50"
|
|
|
|
# Disable periodic app resync
|
|
args:
|
|
appResyncPeriod: "0"
|
|
|
|
# Resource settings (VPA lowerBound/upperBound)
|
|
resources:
|
|
requests:
|
|
cpu: 22m
|
|
memory: 1388Mi
|
|
limits:
|
|
cpu: 839m
|
|
memory: 1861Mi
|
|
|
|
# Schedule on master node
|
|
nodeSelector:
|
|
node-role.kubernetes.io/control-plane: "true"
|
|
|
|
tolerations:
|
|
- key: node-role.kubernetes.io/control-plane
|
|
operator: Exists
|
|
effect: NoSchedule
|
|
|
|
# =============================================================================
|
|
# API SERVER (Deployment)
|
|
# =============================================================================
|
|
server:
|
|
# Metrics for Prometheus
|
|
metrics:
|
|
enabled: true
|
|
service:
|
|
enabled: true
|
|
servicePort: 8083
|
|
serviceMonitor:
|
|
enabled: true
|
|
|
|
# Main Ingress with Authelia middleware
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
hostname: argocd0213.kro.kr
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
|
|
tls: true
|
|
|
|
# Resource settings (VPA lowerBound/upperBound)
|
|
resources:
|
|
requests:
|
|
cpu: 15m
|
|
memory: 163Mi
|
|
limits:
|
|
cpu: 15m
|
|
memory: 218Mi
|
|
|
|
# =============================================================================
|
|
# REPO SERVER (Deployment)
|
|
# =============================================================================
|
|
repoServer:
|
|
# Metrics for Prometheus
|
|
metrics:
|
|
enabled: true
|
|
service:
|
|
enabled: true
|
|
servicePort: 8084
|
|
serviceMonitor:
|
|
enabled: true
|
|
|
|
# Resource settings (VPA lowerBound/upperBound)
|
|
resources:
|
|
requests:
|
|
cpu: 15m
|
|
memory: 225Mi
|
|
limits:
|
|
cpu: 500m
|
|
memory: 1310Mi
|
|
|
|
# =============================================================================
|
|
# REDIS (Deployment)
|
|
# =============================================================================
|
|
redis:
|
|
# Resource settings (VPA lowerBound/upperBound)
|
|
resources:
|
|
requests:
|
|
cpu: 15m
|
|
memory: 100Mi
|
|
limits:
|
|
cpu: 15m
|
|
memory: 100Mi
|
|
|
|
# =============================================================================
|
|
# DEX (OIDC) - Disabled (using Authelia instead)
|
|
# =============================================================================
|
|
dex:
|
|
enabled: false
|
|
|
|
# =============================================================================
|
|
# APPLICATIONSET CONTROLLER - Disabled (not used)
|
|
# =============================================================================
|
|
applicationSet:
|
|
enabled: false
|
|
|
|
# =============================================================================
|
|
# NOTIFICATIONS CONTROLLER - Disabled (not used)
|
|
# =============================================================================
|
|
notifications:
|
|
enabled: false
|
|
|
|
# =============================================================================
|
|
# CRDs
|
|
# =============================================================================
|
|
crds:
|
|
install: true
|
|
keep: true
|