home-cluster-ops/scripts/argocd-values.yaml

crds:
  # -- Install and upgrade CRDs
  install: false

global:
  domain: argocd.cluster.edward.sydney

configs:
  cm:
    kustomize.buildOptions: "--enable-helm"
    configManagementPlugins: |
        - name: kustomized-helm
          init:
            command: ["/bin/sh", "-c"]
            args: ["helm dependency build"]
          generate:
            command: [sh, -c]
            args: ["helm template --release-name release-name . > all.yaml && kustomize build"]
    helm.valuesFileSchemes: >-
        secrets+gpg-import, secrets+gpg-import-kubernetes,
        secrets+age-import, secrets+age-import-kubernetes,
        secrets, secrets+literal,
        https

  params:
    server.insecure: true

controller:
  replicas: 1

redis-ha:
  enabled: true

server:
  config:

  env:
    - name: HELM_PLUGINS
      value: /gitops-tools/helm-plugins/
    - name: HELM_SECRETS_CURL_PATH
      value: /gitops-tools/curl
    - name: HELM_SECRETS_SOPS_PATH
      value: /gitops-tools/sops
    - name: HELM_SECRETS_VALS_PATH
      value: /gitops-tools/vals
    - name: HELM_SECRETS_KUBECTL_PATH
      value: /gitops-tools/kubectl
    - name: HELM_SECRETS_BACKEND
      value: sops
    - name: HELM_SECRETS_VALUES_ALLOW_SYMLINKS
      value: "false"
    - name: HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH
      value: "true"
    - name: HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL
      value: "false"
    - name: HELM_SECRETS_WRAPPER_ENABLED
      value: "true"
    - name: HELM_SECRETS_DECRYPT_SECRETS_IN_TMP_DIR
      value: "true"
    - name: HELM_SECRETS_HELM_PATH
      value: /usr/local/bin/helm
    - name: SOPS_AGE_KEY_FILE
      # Multiple keys can be separated by space
      value: /helm-secrets-private-keys/age.agekey
  initContainers:
    - name: download-tools
      image: alpine:latest
      imagePullPolicy: IfNotPresent
      command: [ sh, -ec ]
      env:
        - name: HELM_SECRETS_VERSION
          value: "4.6.0"
        - name: KUBECTL_VERSION
          value: "1.30.2"
        - name: VALS_VERSION
          value: "0.37.3"
        - name: SOPS_VERSION
          value: "3.9.0"
      args:
        - |
          mkdir -p /gitops-tools/helm-plugins
          
          GO_ARCH=$(uname -m | sed -e 's/x86_64/amd64/')
          wget -qO /gitops-tools/curl https://github.com/moparisthebest/static-curl/releases/latest/download/curl-${GO_ARCH}
          
          GO_ARCH=$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/') && \
          wget -qO /gitops-tools/kubectl https://dl.k8s.io/release/v${KUBECTL_VERSION}/bin/linux/${GO_ARCH}/kubectl
          wget -qO /gitops-tools/sops https://github.com/getsops/sops/releases/download/v${SOPS_VERSION}/sops-v${SOPS_VERSION}.linux.${GO_ARCH}
          wget -qO- https://github.com/helmfile/vals/releases/download/v${VALS_VERSION}/vals_${VALS_VERSION}_linux_${GO_ARCH}.tar.gz | tar zxv -C /gitops-tools vals
          wget -qO- https://github.com/jkroepke/helm-secrets/releases/download/v${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C /gitops-tools/helm-plugins -xzf-
          
          chmod +x /gitops-tools/*
          cp /gitops-tools/helm-plugins/helm-secrets/scripts/wrapper/helm.sh /gitops-tools/helm
      volumeMounts:
        - mountPath: /gitops-tools
          name: gitops-tools
  volumes:
    - name: gitops-tools
      emptyDir: { }
    # kubectl create secret generic helm-secrets-private-keys --from-file=key.asc=assets/gpg/private2.gpg
    - name: helm-secrets-private-keys
      secret:
        secretName: sops-age
  volumeMounts:
    - mountPath: /gitops-tools
      name: gitops-tools
    - mountPath: /usr/local/sbin/helm
      subPath: helm
      name: gitops-tools
    - mountPath: /helm-secrets-private-keys/
      name: helm-secrets-private-keys
  autoscaling:
    enabled: true
    minReplicas: 2
  # -- Resource limits and requests for the argocd-extensions container
  resources:
    limits:
      cpu: 100m
      memory: 256Mi
    requests:
      cpu: 20m
      memory: 138Mi
  service:
    type: NodePort
  ingress:
#    enabled: true
    annotations:
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/ssl-passthrough: "true"
      nginx.ingress.kubernetes.io/ssl-redirect: "false"
      nginx.ingress.kubernetes.io/use-regex: "true"
    ingressClassName: nginx
    hostname: argocd.cluster.edward.sydney
    extraTls:
      - hosts:
          - argocd.cluster.edward.sydney
        # Based on the ingress controller used secret might be optional
        secretName: wildcard-tls
  ingressGrpc:
    enabled: true
    ingressClassName: contour-internal
    extraTls:
      - hosts:
          - grpc.argocd.cluster.edward.sydney
        secretName: wildcard-tls

repoServer:
  autoscaling:
    enabled: true
    minReplicas: 2
  # -- Resource limits and requests for the repo server pods
  resources:
    limits:
      cpu: 100m
      memory: 258Mi
    requests:
      cpu: 20m
      memory: 128Mi
  rbac:
    - apiGroups:
        - ""
      resources:
        - secrets
      verbs:
        - get

applicationSet:
  replicas: 2