Skip to content

ArgoCD

The ArgoCD resource is a Kubernetes Custom Resource (CRD) that describes the desired state for a given Argo CD cluster and allows for the configuration of the components that make up an Argo CD cluster.

When the Argo CD Operator sees a new ArgoCD resource, the components are provisioned using Kubernetes resources and managed by the operator. When something changes on an existing ArgoCD resource, the operator works to reconfigure the cluster to ensure the actual state of the cluster matches the desired state.

The ArgoCD Custom Resource consists of the following properties.

Name Default Description
ApplicationInstanceLabelKey mycompany.com/appname The metadata.label key name where Argo CD injects the app name as a tracking label.
ApplicationSet [Object] ApplicationSet controller configuration options.
ConfigManagementPlugins [Empty] Configuration to add a config management plugin.
Controller [Object] Argo CD Application Controller options.
Dex [Object] Dex configuration options.
DisableAdmin false Disable the admin user.
GATrackingID [Empty] The google analytics tracking ID to use.
GAAnonymizeUsers false Enable hashed usernames sent to google analytics.
Grafana [Object] Grafana configuration options.
HA [Object] High Availability options.
HelpChatURL https://mycorp.slack.com/argo-cd URL for getting chat help, this will typically be your Slack channel for support.
HelpChatText Chat now! The text for getting chat help.
Image argoproj/argocd The container image for all Argo CD components. This overrides the ARGOCD_IMAGE environment variable.
Import [Object] Import configuration options.
Ingress [Object] Ingress configuration options.
InitialRepositories [Empty] Initial git repositories to configure Argo CD to use upon creation of the cluster.
RepositoryCredentials [Empty] Git repository credential templates to configure Argo CD to use upon creation of the cluster.
InitialSSHKnownHosts [Default Argo CD Known Hosts] Initial SSH Known Hosts for Argo CD to use upon creation of the cluster.
KustomizeBuildOptions [Empty] The build options/parameters to use with kustomize build.
OIDCConfig [Empty] The OIDC configuration as an alternative to Dex.
NodePlacement [Empty] The NodePlacement configuration can be used to add nodeSelector and tolerations.
Prometheus [Object] Prometheus configuration options.
RBAC [Object] RBAC configuration options.
Redis [Object] Redis configuration options.
ResourceCustomizations [Empty] Customize resource behavior.
ResourceExclusions [Empty] The configuration to completely ignore entire classes of resource group/kinds.
ResourceInclusions [Empty] The configuration to configure which resource group/kinds are applied.
Server [Object] Argo CD Server configuration options.
SSO [Object] Single sign-on options.
StatusBadgeEnabled true Enable application status badge feature.
TLS [Object] TLS configuration options.
UsersAnonymousEnabled true Enable anonymous user access.
Version v2.1.2 (SHA) The tag to use with the container image for all Argo CD components.

Application Instance Label Key

The metadata.label key name where Argo CD injects the app name as a tracking label (optional). Tracking labels are used to determine which resources need to be deleted when pruning. If omitted, Argo CD injects the app name into the label: 'app.kubernetes.io/instance'

This property maps directly to the application.instanceLabelKey field in the argocd-cm ConfigMap.

Application Instance Label Key Example

The following example sets the default value in the argocd-cm ConfigMap using the ApplicationInstanceLabelKey property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: application-instance-label-key
spec:
  applicationInstanceLabelKey: mycompany.com/appname

ApplicationSet Controller Options

The following properties are available for configuring the ApplicationSet controller component.

Name Default Description
Image quay.io/argocdapplicationset/argocd-applicationset The container image for the ApplicationSet controller. This overrides the ARGOCD_APPLICATIONSET_IMAGE environment variable.
Version (recent ApplicationSet version) The tag to use with the ApplicationSet container image.
Resources [Empty] The container compute resources.
LogLevel info The log level to be used by the ArgoCD Application Controller component. Valid options are debug, info, error, and warn.
LogFormat text The log format to be used by the ArgoCD Application Controller component. Valid options are text or json.
ParallelismLimit 10 The kubectl parallelism limit to set for the controller (--kubectl-parallelism-limit flag)

ApplicationSet Controller Example

The following example shows all properties set to the default values.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: applicationset
spec:
  applicationSet: {}

Config Management Plugins

Configuration to add a config management plugin. This property maps directly to the configManagementPlugins field in the argocd-cm ConfigMap.

Config Management Plugins Example

The following example sets a value in the argocd-cm ConfigMap using the ConfigManagementPlugins property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: config-management-plugins
spec:
  configManagementPlugins: |
    - name: kasane
      init:
        command: [kasane, update]
      generate:
        command: [kasane, show]

Controller Options

The following properties are available for configuring the Argo CD Application Controller component.

Name Default Description
Processors.Operation 10 The number of operation processors.
Processors.Status 20 The number of status processors.
Resources [Empty] The container compute resources.
LogLevel info The log level to be used by the ArgoCD Application Controller component. Valid options are debug, info, error, and warn.
AppSync 3m AppSync is used to control the sync frequency of ArgoCD Applications
Sharding.enabled false Whether to enable sharding on the ArgoCD Application Controller component. Useful when managing a large number of clusters to relieve memory pressure on the controller component.
Sharding.replicas 1 The number of replicas that will be used to support sharding of the ArgoCD Application Controller.
Env [Empty] Environment to set for the application controller workloads

Controller Example

The following example shows all properties set to the default values.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: controller
spec:
  controller:
    processors:
      operation: 10
      status: 20
    resources: {}

Dex Options

The following properties are available for configuring the Dex component.

Name Default Description
Config [Empty] The dex.config property in the argocd-cm ConfigMap.
Groups [Empty] Optional list of required groups a user must be a member of
Image quay.io/dexidp/dex The container image for Dex. This overrides the ARGOCD_DEX_IMAGE environment variable.
OpenShiftOAuth false Enable automatic configuration of OpenShift OAuth authentication for the Dex server. This is ignored if a value is presnt for Dex.Config.
Resources [Empty] The container compute resources.
Version v2.21.0 (SHA) The tag to use with the Dex container image.

Dex Example

The following example shows all properties set to the default values.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: dex
spec:
  dex:
    config: ""
    groups:
      - default
    image: quay.io/dexidp/dex
    openShiftOAuth: false
    resources: {}
    version: v2.21.0

Dex OpenShift OAuth Example

The following example configures Dex to use the OAuth server built into OpenShift.

The OpenShiftOAuth property can be used to trigger the operator to auto configure the built-in OpenShift OAuth server. The RBAC Policy property is used to give the admin role in the Argo CD cluster to users in the OpenShift cluster-admins group.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: openshift-oauth
spec:
  dex:
    openShiftOAuth: true
  rbac:
    defaultPolicy: 'role:readonly'
    policy: |
      g, cluster-admins, role:admin
    scopes: '[groups]'

Important Note regarding Role Mappings:

To have a specific user be properly atrributed with the role:admin upon SSO through Openshift, the user needs to be in a group with the cluster-admin role added. If the user only has a direct ClusterRoleBinding to the Openshift role for cluster-admin, the ArgoCD role will not map.

A quick fix will be to create an cluster-admins group, add the user to the group and then apply the cluster-admin ClusterRole to the group.

oc adm groups new cluster-admins
oc adm groups add-users cluster-admins USER
oc adm policy add-cluster-role-to-group cluster-admin cluster-admins

Disable Admin

Disable the admin user. This property maps directly to the admin.enabled field in the argocd-cm ConfigMap.

Disable Admin Example

The following example disables the admin user using the DisableAdmin property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: disable-admin
spec:
  disableAdmin: true

GA Tracking ID

The google analytics tracking ID to use. This property maps directly to the ga.trackingid field in the argocd-cm ConfigMap.

GA Tracking ID Example

The following example sets a value in the argocd-cm ConfigMap using the GATrackingID property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: ga-tracking-id
spec:
  gaTrackingID: UA-12345-1

GA Anonymize Users

Enable hashed usernames sent to google analytics. This property maps directly to the ga.anonymizeusers field in the argocd-cm ConfigMap.

GA Anonymize Users Example

The following example sets a value in the argocd-cm ConfigMap using the GAAnonymizeUsers property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: ga-anonymize-users
spec:
  gaAnonymizeUsers: true

Grafana Options

The following properties are available for configuring the Grafana component.

Name Default Description
Enabled false Toggle Grafana support globally for ArgoCD.
Host example-argocd-grafana The hostname to use for Ingress/Route resources.
Image grafana/grafana The container image for Grafana. This overrides the ARGOCD_GRAFANA_IMAGE environment variable.
Ingress [Object] Ingress configuration for Grafana.
Resources [Empty] The container compute resources.
Route [Object] Route configuration options.
Size 1 The replica count for the Grafana Deployment.
Version 6.7.1 (SHA) The tag to use with the Grafana container image.

Grafana Ingress Options

The following properties are available for configuring the Grafana Ingress.

Name Default Description
Annotations [Empty] The map of annotations to use for the Ingress resource.
Enabled false Toggle creation of an Ingress resource.
Path / Path to use for Ingress resources.
TLS [Empty] TLS configuration for the Ingress.

Grafana Route Options

The following properties are available to configure the Route for the Grafana component.

Name Default Description
Annotations [Empty] The map of annotations to add to the Route.
Enabled false Toggles the creation of a Route for the Grafana component.
Labels [Empty] The map of labels to add to the Route.
Path / The path for the Route.
TLS [Object] The TLSConfig for the Route.
WildcardPolicy None The wildcard policy for the Route. Can be one of Subdomain or None.

Grafana Example

The following example shows all properties set to the default values.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: insights
spec:
  grafana:
    enabled: false
    host: example-argocd-grafana
    image: grafana/grafana
    ingress:
      enabled: false
    resources: {}
    route: false
    size: 1
    version: 6.7.1

HA Options

The following properties are available for configuring High Availability for the Argo CD cluster.

Name Default Description
Enabled false Toggle High Availability support globally for Argo CD.
RedisProxyImage haproxy The Redis HAProxy container image. This overrides the ARGOCD_REDIS_HA_PROXY_IMAGEenvironment variable.
RedisProxyVersion 2.0.4 The tag to use for the Redis HAProxy container image.

HA Example

The following example shows how to enable HA mode globally.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: ha
spec:
  ha:
    enabled: true
    redisProxyImage: haproxy
    redisProxyVersion: "2.0.4"

Help Chat URL

URL for getting chat help, this will typically be your Slack channel for support. This property maps directly to the help.chatUrl field in the argocd-cm ConfigMap.

Help Chat URL Example

The following example sets the default value in the argocd-cm ConfigMap using the HelpChatURL property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: help-chat-url
spec:
  helpChatURL: https://mycorp.slack.com/argo-cd

Help Chat Text

The text for getting chat help. This property maps directly to the help.chatText field in the argocd-cm ConfigMap.

Help Chat Text Example

The following example sets the default value in the argocd-cm ConfigMap using the HelpChatText property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: help-chat-text
spec:
  helpChatText: "Chat now!"

Image

The container image for all Argo CD components.

Image Example

The following example sets the default value using the Image property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: image
spec:
  image: argoproj/argocd

Import Options

The Import property allows for the import of an existing ArgoCDExport resource. An ArgoCDExport object represents an Argo CD cluster at a point in time that was exported using the argocd-util export capability.

The following properties are available for configuring the import process.

Name Default Description
Name [Empty] The name of an ArgoCDExport from which to import data.
Namespace [ArgoCD Namepspace] The Namespace for the ArgoCDExport, defaults to the same namespace as the ArgoCD.

Import Example

The following example shows the use of the Import properties to specify the name of an existing ArgoCDExport resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: import
spec:
  import:
    name: example-argocdexport
    namespace: argocd

When Import properties are specified on the ArgoCD resource, the operator will create an init-container on the Argo CD Application Controller Pod that will use the built-in Argo CD import command to create the resources defined in an export YAML file that was generated by the referenced ArgoCDExport resource.

To aid in troubleshooting, view the logs from the init-container. Output similar to what is show below indicates a successful import.

importing argo-cd
decrypting argo-cd backup
loading argo-cd backup
/ConfigMap argocd-cm updated
/ConfigMap argocd-rbac-cm updated
/ConfigMap argocd-ssh-known-hosts-cm updated
/ConfigMap argocd-tls-certs-cm updated
/Secret argocd-secret updated
argoproj.io/AppProject default unchanged
argo-cd import complete

Initial Repositories

Initial git repositories to configure Argo CD to use upon creation of the cluster.

This property maps directly to the repositories field in the argocd-cm ConfigMap. Updating this property after the cluster has been created has no affect and should be used only as a means to initialize the cluster with the value provided. Modifications to the repositories field should then be made through the Argo CD web UI or CLI.

Initial Repositories Example

The following example sets a value in the argocd-cm ConfigMap using the InitialRepositories property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: initial-repositories
spec:
  initialRepositories: |
    - url: https://github.com/argoproj/my-private-repository
      passwordSecret:
        name: my-secret
        key: password
      usernameSecret:
        name: my-secret
        key: username
      sshPrivateKeySecret:
        name: my-secret
        key: sshPrivateKey
    - type: helm
      url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
      name: istio.io
    - type: helm
      url: https://my-private-chart-repo.internal
      name: private-repo
      usernameSecret:
        name: my-secret
        key: username
      passwordSecret:
        name: my-secret
        key: password
    - type: git
      url: https://github.com/argoproj/argocd-example-apps.git

Repository Credentials

Git repository credential templates to configure Argo CD to use upon creation of the cluster.

This property maps directly to the repository.credentials field in the argocd-cm ConfigMap.

Repository Credentials Example

The following example sets a value in the argocd-cm ConfigMap using the RepositoryCredentials property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: repository-credentials
spec:
  repositoryCredentials: |
    - sshPrivateKeySecret:
        key: sshPrivateKey
        name: my-ssh-secret
      type: git
      url: ssh://git@gitlab.com/my-org/

Initial SSH Known Hosts

Initial SSH Known Hosts for Argo CD to use upon creation of the cluster.

This property maps directly to the ssh_known_hosts field in the argocd-ssh-known-hosts-cm ConfigMap. Updating this property after the cluster has been created has no affect and should be used only as a means to initialize the cluster with the value provided. Modifications to the ssh_known_hosts field should then be made through the Argo CD web UI or CLI.

The following properties are available for configuring the import process.

Name Default Description
ExcludeDefaultHosts false Whether you would like to exclude the default SSH Hosts entries that ArgoCD provides
Keys "" Additional SSH Hosts entries that you would like to include with ArgoCD

Initial SSH Known Hosts Example

The following example sets a value in the argocd-ssh-known-hosts-cm ConfigMap using the InitialSSHKnownHosts property on the ArgoCD resource. The example values have been truncated for clarity.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: initial-ssh-known-hosts
spec:
  initialSSHKnownHosts:
    excludedefaulthosts: false
    keys: |
      my-git.org ssh-rsa AAAAB3NzaC...
      my-git.com ssh-rsa AAAAB3NzaC...

Kustomize Build Options

Build options/parameters to use with kustomize build (optional). This property maps directly to the kustomize.buildOptions field in the argocd-cm ConfigMap.

Kustomize Build Options Example

The following example sets a value in the argocd-cm ConfigMap using the KustomizeBuildOptions property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: kustomize-build-options
spec:
  kustomizeBuildOptions: --load_restrictor none

KustomizeVersions Options

A list of configured Kustomize versions within your ArgoCD Repo Server Container Image. For each version, this generates the kustomize.version.vX.Y.Z field in the argocd-cm ConfigMap.

The following properties are available for each item in the KustomizeVersions list.

Name Default Description
Version "" The Kustomize version in the format vX.Y.Z that is configured in your ArgoCD Repo Server container image.
Path "" The path to the specified kustomize version on the file system within your ArgoCD Repo Server container image.

KustomizeVersions Example

The following example configures additional Kustomize versions that are available within the ArgoCD Repo Server container image. These versions already need to be made available via a custom image. Only setting these properties in your ConfigMap does not automatically make them available if they are already not there.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: kustomize-versions
spec:
  kustomizeVersions:
    - version: v4.1.0
      path: /path/to/kustomize-4.1
    - version: v3.5.4
      path: /path/to/kustomize-3.5.4

OIDC Config

OIDC configuration as an alternative to dex (optional). This property maps directly to the oidc.config field in the argocd-cm ConfigMap.

OIDC Config Example

The following example sets a value in the argocd-cm ConfigMap using the oidcConfig property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: oidc-config
spec:
  oidcConfig: |
    name: Okta
    issuer: https://dev-123456.oktapreview.com
    clientID: aaaabbbbccccddddeee
    clientSecret: $oidc.okta.clientSecret
    # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
    requestedScopes: ["openid", "profile", "email"]
    # Optional set of OIDC claims to request on the ID token.
    requestedIDTokenClaims: {"groups": {"essential": true}}

NodePlacement Option

The following properties are available for configuring the NodePlacement component.

Name Default Description
NodeSelector [Empty] A map of key value pairs for node selection.
Tolerations [Empty] Tolerations allow pods to schedule on nodes with matching taints.

NodePlacement Example

The following example sets a NodeSelector and tolerations using NodePlacement property in the ArgoCD CR

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: nodeplacement-example
spec:
  nodePlacement: 
    nodeSelector: 
      key1: value1
    tolerations: 
    - key: key1
      operator: Equal
      value: value1
      effect: NoSchedule
    - key: key1
      operator: Equal
      value: value1
      effect: NoExecute   

Prometheus Options

The following properties are available for configuring the Prometheus component.

Name Default Description
Enabled false Toggle Prometheus support globally for ArgoCD.
Host example-argocd-prometheus The hostname to use for Ingress/Route resources.
Ingress false Toggles Ingress for Prometheus.
Route [Object] Route configuration options.
Size 1 The replica count for the Prometheus StatefulSet.

Prometheus Ingress Options

The following properties are available for configuring the Prometheus Ingress.

Name Default Description
Annotations [Empty] The map of annotations to use for the Ingress resource.
Enabled false Toggle creation of an Ingress resource.
Path / Path to use for Ingress resources.
TLS [Empty] TLS configuration for the Ingress.

Prometheus Route Options

The following properties are available to configure the Route for the Prometheus component.

Name Default Description
Annotations [Empty] The map of annotations to add to the Route.
Enabled false Toggles the creation of a Route for the Prometheus component.
Labels [Empty] The map of labels to add to the Route.
Path / The path for the Route.
TLS [Object] The TLSConfig for the Route.
WildcardPolicy None The wildcard policy for the Route. Can be one of Subdomain or None.

Prometheus Example

The following example shows all properties set to the default values.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: insights
spec:
  prometheus:
    enabled: false
    host: example-argocd-prometheus
    ingress:
      enabled: false
    route: false
    size: 1

RBAC Options

The following properties are available for configuring RBAC for the Argo CD cluster.

Name Default Description
DefaultPolicy role:readonly The policy.default property in the argocd-rbac-cm ConfigMap. The name of the default role which Argo CD will falls back to, when authorizing API requests.
Policy [Empty] The policy.csv property in the argocd-rbac-cm ConfigMap. CSV data containing user-defined RBAC policies and role definitions.
Scopes [groups] The scopes property in the argocd-rbac-cm ConfigMap. Controls which OIDC scopes to examine during rbac enforcement (in addition to sub scope).

RBAC Example

The following example shows all properties set to the default values.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: rbac
spec:
  rbac:
    defaultPolicy: 'role:readonly'
    policy: |
      g, system:cluster-admins, role:admin
    scopes: '[groups]'

Redis Options

The following properties are available for configuring the Redis component.

Name Default Description
Image redis The container image for Redis. This overrides the ARGOCD_REDIS_IMAGE environment variable.
Resources [Empty] The container compute resources.
Version 5.0.3 (SHA) The tag to use with the Redis container image.

Redis Example

The following example shows all properties set to the default values.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: redis
spec:
  redis:
    image: redis
    resources: {}
    version: "5.0.3"

Repo Options

The following properties are available for configuring the Repo server component.

Name Default Description
Resources [Empty] The container compute resources.
MountSAToken false Whether the ServiceAccount token should be mounted to the repo-server pod.
ServiceAccount "" The name of the ServiceAccount to use with the repo-server pod.
VerifyTLS false Whether to enforce strict TLS checking on all components when communicating with repo server
AutoTLS "" Provider to use for setting up TLS the repo-server's gRPC TLS certificate (one of: openshift). Currently only available for OpenShift.
Image argoproj/argocd The container image for ArgoCD Repo Server. This overrides the ARGOCD_REPOSERVER_IMAGE environment variable.
Version same as .spec.Version The tag to use with the ArgoCD Repo Server.
LogLevel info The log level to be used by the ArgoCD Repo Server. Valid options are debug, info, error, and warn.
LogFormat text The log format to be used by the ArgoCD Repo Server. Valid options are text or json.
ExecTimeout 180 Execution timeout in seconds for rendering tools (e.g. Helm, Kustomize)
Env [Empty] Environment to set for the repository server workloads

Repo Example

The following example shows all properties set to the default values.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: repo
spec:
  repo:
    resources: {}
    mountsatoken: false
    serviceaccount: ""
    verifytls: false
    autotls: ""

Resource Customizations

The configuration to customize resource behavior. This property maps directly to the resource.customizations field in the argocd-cm ConfigMap.

Resource Customizations Example

The following example defines a custom PV health check in the argocd-cm ConfigMap using the ResourceCustomizations property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: resource-customizations
spec:
  resourceCustomizations: |
    PersistentVolumeClaim:
      health.lua: |
        hs = {}
        if obj.status ~= nil then
          if obj.status.phase ~= nil then
            if obj.status.phase == "Pending" then
              hs.status = "Healthy"
              hs.message = obj.status.phase
              return hs
            end
            if obj.status.phase == "Bound" then
              hs.status = "Healthy"
              hs.message = obj.status.phase
              return hs
            end
          end
        end
        hs.status = "Progressing"
        hs.message = "Waiting for certificate"
        return hs

Resource Exclusions

Configuration to completely ignore entire classes of resource group/kinds (optional). Excluding high-volume resources improves performance and memory usage, and reduces load and bandwidth to the Kubernetes API server.

These are globs, so a "*" will match all values. If you omit groups/kinds/clusters then they will match all groups/kind/clusters.

NOTE: events.k8s.io and metrics.k8s.io are excluded by default.

This property maps directly to the resource.exclusions field in the argocd-cm ConfigMap.

Resource Exclusions Example

The following example sets a value in the argocd-cm ConfigMap using the ResourceExclusions property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: resource-exclusions
spec:
  resourceExclusions: |
    - apiGroups:
      - repositories.stash.appscode.com
      kinds:
      - Snapshot
      clusters:
      - "*.local"

Resource Exclusions Example

The following example sets a value in the argocd-cm ConfigMap using the ResourceExclusions property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: resource-exclusions
spec:
  resourceExclusions: |
    - apiGroups:
      - repositories.stash.appscode.com
      kinds:
      - Snapshot
      clusters:
      - "*.local"

Resource Inclusions

In addition to exclusions, you might configure the list of included resources using the resourceInclusions setting.

By default, all resource group/kinds are included. The resourceInclusions setting allows customizing the list of included group/kinds.

Resource Inclusions Example

The following example sets a value in the argocd-cm ConfigMap using the ResourceInclusions property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: resource-inclusion
spec:
  resourceInclusions: |
    - apiGroups:
      - "*"
      kinds:
      - Deployment
      clusters:
      - https://192.168.0.20

Server Options

The following properties are available for configuring the Argo CD Server component.

Name Default Description
Autoscale [Object] Server autoscale configuration options.
GRPC [Object] GRPC configuration options.
Host example-argocd The hostname to use for Ingress/Route resources.
Ingress [Object] Ingress configuration for the Argo CD Server component.
Insecure false Toggles the insecure flag for Argo CD Server.
Resources [Empty] The container compute resources.
Route [Object] Route configuration options.
Service.Type ClusterIP The ServiceType to use for the Service resource.
LogLevel info The log level to be used by the ArgoCD Server component. Valid options are debug, info, error, and warn.
LogFormat text The log format to be used by the ArgoCD Server component. Valid options are text or json.
Env [Empty] Environment to set for the server workloads

Server Autoscale Options

The following properties are available to configure austoscaling for the Argo CD Server component.

Name Default Description
Enabled false Toggle Autoscaling support globally for the Argo CD server component.
HPA [Object] HorizontalPodAutoscaler options for the Argo CD Server component.

Server GRPC Options

The following properties are available to configure GRPC for the Argo CD Server component.

Name Default Description
Host example-argocd-grpc The hostname to use for Ingress GRPC resources.
Ingress [Object] Ingress configuration for the Argo CD GRPC Server component.

Server GRPC Ingress Options

The following properties are available for configuring the Argo CD server GRP Ingress.

Name Default Description
Annotations [Empty] The map of annotations to use for the Ingress resource.
Enabled false Toggle creation of an Ingress resource.
Path / Path to use for Ingress resources.
TLS [Empty] TLS configuration for the Ingress.

Server Ingress Options

The following properties are available for configuring the Argo CD server Ingress.

Name Default Description
Annotations [Empty] The map of annotations to use for the Ingress resource.
Enabled false Toggle creation of an Ingress resource.
Path / Path to use for Ingress resources.
TLS [Empty] TLS configuration for the Ingress.

Server Route Options

The following properties are available to configure the Route for the Argo CD Server component.

Name Default Description
Annotations [Empty] The map of annotations to add to the Route.
Enabled false Toggles the creation of a Route for the Argo CD Server component.
Labels [Empty] The map of labels to add to the Route.
Path / The path for the Route.
TLS [Object] The TLSConfig for the Route.
WildcardPolicy None The wildcard policy for the Route. Can be one of Subdomain or None.

Server Example

The following example shows all properties set to the default values.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: server
spec:
  server:
    autoscale:
      enabled: false
      hpa:
        maxReplicas: 3
        minReplicas: 1
        scaleTargetRef:
          apiVersion: extensions/v1beta1
          kind: Deployment
          name: example-argocd-server
        targetCPUUtilizationPercentage: 50
    grpc:
      host: example-argocd-grpc
      ingress: false
    host: example-argocd
    ingress:
      enabled: false
    insecure: false
    resources: {}
    route:
      annotations: {}
      enabled: false
      path: /
      tls:
        insecureEdgeTerminationPolicy: Redirect
        termination: passthrough
      wildcardPolicy: None
    service:
      type: ClusterIP

Status Badge Enabled

Enable application status badge feature. This property maps directly to the statusbadge.enabled field in the argocd-cm ConfigMap.

Status Badge Enabled Example

The following example sets the default value in the argocd-cm ConfigMap using the StatusBadgeEnabled property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: status-badge-enabled
spec:
  statusBadgeEnabled: true

Single sign-on Options

The following properties are available for configuring the Single sign-on component.

Name Default Description
Image registry.redhat.io/rh-sso-7/sso74-openshift-rhel8 The container image for keycloak. This overrides the ARGOCD_KEYCLOAK_IMAGE environment variable.
Provider [Empty] The name of the provider used to configure Single sign-on. For now the only supported option is keycloak.
Resources Requests: CPU=500m, Mem=512Mi, Limits: CPU=1000m, Mem=1024Mi The container compute resources.
VerifyTLS true Whether to enforce strict TLS checking when communicating with Keycloak service.
Version sha256:39d752173fc97c29373cd44477b48bcb078531def0a897ee81a60e8d1d0212cc The tag to use with the keycloak container image.

Single sign-on Example

The following example uses keycloak as Single sign-on option for Argo CD.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: status-badge-enabled
spec:
  sso:
    provider: keycloak

Please refer to the keycloak user guide to learn more about configuring keycloak as a Single sign-on provider.

TLS Options

The following properties are available for configuring the TLS settings.

Name Default Description
CA.ConfigMapName example-argocd-ca The name of the ConfigMap containing the CA Certificate.
CA.SecretName example-argocd-ca The name of the Secret containing the CA Certificate and Key.
InitialCerts [Empty] Initial set of certificates in the argocd-tls-certs-cm ConfigMap for connecting Git repositories via HTTPS.

TLS Example

The following example shows all properties set to the default values.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: tls
spec:
  tls:
    ca:
      configMapName: example-argocd-ca
      secretName: example-argocd-ca
    initialCerts: []

Users Anonymous Enabled

Enables anonymous user access. The anonymous users get default role permissions specified argocd-rbac-cm.

This property maps directly to the users.anonymous.enabled field in the argocd-cm ConfigMap.

Users Anonymous Enabled Example

The following example sets the default value in the argocd-cm ConfigMap using the UsersAnonymousEnabled property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: users-anonymous-enabled
spec:
  usersAnonymousEnabled: false

Version

The tag to use with the container image for all Argo CD components.

Version Example

The following example sets the default value using the Version property on the ArgoCD resource.

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  labels:
    example: version
spec:
  version: v1.7.7