values.yaml

global:
  # -- Codefresh platform and account-related settings
  codefresh:
    # -- URL of Codefresh platform.
    url: "https://g.codefresh.io"
    # -- Events API endpoint URL suffix.
    apiEventsPath: "/2.0/api/events"
    # -- Codefresh Account ID.
    accountId: ""
    # -- User token. Used for runtime registration against the patform. One of token (for plain text value) or secretKeyRef must be provided.
    userToken:
      # -- User token in plain text. The chart creates and manages the secret for this token.
      token: ""
      # -- User token that references an existing secret containing the token.
      secretKeyRef: {}
    tls:
      # --  Custom CA certificates bundle for platform access with ssl
      caCerts:
        # -- Reference to existing secret
        secretKeyRef: {}
        # -- Chart managed secret for custom platform CA certificates
        secret:
          # -- Whether to create the secret.
          create: false
          # -- The secret key that holds the ca bundle
          key: 'ca-bundle.crt'
          # Annotations
          annotations: {}
          # Certificate content
          content: ""
          # -----BEGIN CERTIFICATE-----
          # ... encoded certificate data here ...
          # -----END CERTIFICATE-----
      # -- Certificates to be used in argo workflows pipelines created in Codefresh UI.
      # -- Those will be merged with the certificats defined in argo-cd.configs.tls.certificates - so if the certificates are already provided for ArgoCD, there is no need to provide them again.
      workflowPipelinesGitWebhooks:
        # Annotations on the secret resource
        annotations: {}
        certificates: {}
        # server.example.com: |
        #   -----BEGIN CERTIFICATE-----
        #   ...
        #   -----END CERTIFICATE-----
  # -- Runtime level settings
  runtime:
    # -- Runtime name. Must be unique per platform account.
    name:
    # -- Runtime cluster. Should not be changed.
    cluster: https://kubernetes.default.svc
    # -- Defines whether this is a Codefresh hosted runtime. Should not be changed.
    codefreshHosted: false
    # -- Runtime single namespace mode. When true, runtime operates in single namespace scope.
    singleNamespace: false
    # -- Ingress settings
    ingress:
      # -- if set to true, the pre-install hook will validate the existance of appropriate values, but *will not* attempt to make a web request to the ingress host
      skipValidation: false
      # -- The protocol that Codefresh platform will use to access the runtime ingress. Can be http or https.
      protocol: https
      # -- Defines if ingress-based access mode is enabled for runtime. To use tunnel-based (ingressless) access mode, set to false.
      enabled: false
      className: nginx
      tls: []
      annotations: {}
      labels: {}
      # -- Hosts for runtime ingress. Note that Codefresh platform will always use the first host in the list to access the runtime.
      hosts: []
    # -- Explicit url for runtime ingress. Provide this value only if you don't want the chart to create and ingress (global.runtime.ingress.enabled=false) and tunnel-client is not used (tunnel-client.enabled=false)
    ingressUrl: ""
    # -- is the runtime set as a "configuration runtime".
    isConfigurationRuntime: false
    # -- Git credentials runtime. Runtime is not fully functional without those credentials.
    # If not provided through the installation, they must be provided through the Codefresh UI.
    gitCredentials:
      # -- Username. Optional when using token in password.
      username: "username"
      # -- Password. If using GitHub token, please provide it here.
      password:
        # -- Plain text password
        value:
        # -- secretKeyReference for Git credentials password. Provide name and key fields.
        secretKeyRef: {}
  integrations:
    argo-cd:
      server:
        # -- How GitOps Runtime should authenticate with ArgoCD server
        auth:
          # -- Authentication type. Can be password or token
          type: password
          # If `auth.type=password` is set
          # -- ArgoCD username in plain text
          username: "admin"
          # -- ArgoCD password in plain text
          password: ""
          # -- ArgoCD password referenced by an existing secret
          passwordSecretKeyRef:
            name: argocd-initial-admin-secret
            key: password
          # If `auth.type=token` is set
          # -- ArgoCD token in plain text
          token: ""
          # -- ArgoCD token referenced by an existing secret
          tokenSecretKeyRef: {}
          # e.g:
          # tokenSecretKeyRef:
          #   name: argocd-token
          #   key: token
        # -- Service name of the ArgoCD server
        svc: argo-cd-server
        # -- Port of the ArgoCD server
        port: 80
        # -- Set if Argo CD is running behind reverse proxy under subpath different from /
        # e.g.
        # rootpath: '/argocd'
        rootpath: ''
      repoServer:
        # -- Service name of the ArgoCD repo server
        svc: argo-cd-repo-server
        # -- Port of the ArgoCD repo server
        port: 8081
  # -- Global nodeSelector for all components
  nodeSelector: {}
  # -- Global tolerations for all components
  tolerations: []
  # -- global HTTP_PROXY for all components
  httpProxy: ''
  # -- global HTTPS_PROXY for all components
  httpsProxy: ''
  # -- global NO_PROXY for all components
  noProxy: ''
  imageRegistry: ""
  # -- Global settings for event reporters
  # Event reporters are used for reporting runtime and cluster resources to Codefresh platform
  event-reporters:
    replicaCount: 2
    image:
      registry: quay.io
      repository: codefresh/cf-argocd-extras
      tag: 7b43e16
    nodeSelector: {}
    tolerations: []
    affinity: {}
    resources:
      requests:
        memory: "128Mi"
        cpu: "100m"
    pdb:
      enabled: true
      minAvailable: "50%"
      maxUnavailable: ""
    service:
      type: ClusterIP
      ports:
        http:
          port: 8088
          targetPort: 8088
        metrics:
          port: 8087
          targetPort: 8087
    serviceAccount:
      create: true
    readinessProbe:
      failureThreshold: 3
      initialDelaySeconds: 10
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 10
    livenessProbe:
      failureThreshold: 3
      initialDelaySeconds: 10
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 10
    serviceMonitor:
      enabled: false
      interval: 30s
      scrapeTimeout: 10s
      labels: {}
    config: {}
anchors:
  common-envs:
    - &otel-config
      # -- Telemetry configuration
      # -- Base endpoint URL for all OpenTelemetry signals.
      # Ref: https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/
      OTEL_EXPORTER_OTLP_ENDPOINT: 'http://localhost:4317'
      # -- Specifies the OTLP transport protocol to be used for all telemetry data.
      # Ref: https://opentelemetry.io/docs/languages/sdk-configuration/otlp-exporter/
      OTEL_EXPORTER_OTLP_PROTOCOL: 'grpc'
      # -- Specifies the compression algorithm to be used for all telemetry data.
      # Ref: https://opentelemetry.io/docs/specs/otel/protocol/exporter/
      OTEL_EXPORTER_OTLP_COMPRESSION: 'gzip'
      # -- OTel Logs exporter to be used.
      # Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/
      OTEL_LOGS_EXPORTER: 'none'
      # -- OTel traces exporter to be used.
      # Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/
      OTEL_TRACES_EXPORTER: 'none'
      # -- OTel sampler to be used for traces.
      # Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/
      OTEL_TRACES_SAMPLER: 'parentbased_always_on'
      # -- OTel metrics exporter to be used. Set to "prometheus" to export metrics in Prometheus format. If set to "prometheus", it's recommended to set METRICS_SCRAPE_TIMEOUT_MS=4×scrape_interval.
      # Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/
      OTEL_METRICS_EXPORTER: 'none'
      # -- The time interval (in milliseconds) between the start of two export attempts for push metric exporters, such as "otlp".
      # Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/
      OTEL_METRIC_EXPORT_INTERVAL: '10000'
      # -- Maximum allowed time (in milliseconds) to export data for push metric exporters, such as "otlp".
      # Ref: https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/
      OTEL_METRIC_EXPORT_TIMEOUT: '5000'
      # -- Host used by the Prometheus OTel metrics exporter if OTEL_METRICS_EXPORTER=prometheus
      OTEL_EXPORTER_PROMETHEUS_HOST: '0.0.0.0'
      # -- Port used by the Prometheus OTel metrics exporter if OTEL_METRICS_EXPORTER=prometheus
      OTEL_EXPORTER_PROMETHEUS_PORT: '9464'
      # -- Emit the stable HTTP and networking OTel conventions if CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION=true.
      OTEL_SEMCONV_STABILITY_OPT_IN: 'http'
# -------------------------------------------------------------------------------------------------------------------------
# Installer
# -------------------------------------------------------------------------------------------------------------------------
# -- Runtime installer used for running hooks and checks on the release
installer:
  # -- if set to true, pre-install hook will *not* run
  skipValidation: false
  # -- if set to true, pre-install hook will *not* run
  skipUsageValidation: false
  image:
    repository: quay.io/codefresh/gitops-runtime-installer
    tag: ""
    pullPolicy: IfNotPresent
  argoCdVersionCheck:
    # Labels to find the Argo CD API server service
    argoServerLabels:
      app.kubernetes.io/component: server
      app.kubernetes.io/part-of: argocd
  nodeSelector: {}
  tolerations: []
  affinity: {}
# -----------------------------------------------------------------------------------------------------------------------
# Sealed secrets
# -----------------------------------------------------------------------------------------------------------------------
sealed-secrets:
  fullnameOverride: sealed-secrets-controller
  keyrenewperiod: "720h"
  image:
    registry: 'quay.io'
    repository: 'codefresh/sealed-secrets-controller'
    tag: '0.36.0'
  resources:
    limits:
      cpu: 500m
      memory: 1Gi
    requests:
      cpu: 200m
      memory: 512Mi
#-----------------------------------------------------------------------------------------------------------------------
# ArgoCD
#-----------------------------------------------------------------------------------------------------------------------
argo-cd:
  enabled: true
  fullnameOverride: argo-cd
  notifications:
    enabled: false
  redis:
    ## Redis image
    image:
      # -- Redis repository
      repository: ecr-public.aws.com/docker/library/redis
      # -- Redis tag
      tag: 8.2.2-alpine
  redis-ha:
    ## Redis-ha image
    image:
      # -- Redis repository
      repository: ecr-public.aws.com/docker/library/redis
      # -- Redis tag
      tag: 8.2.2-alpine
  configs:
    cm:
      timeout.reconciliation: 20s
      accounts.admin: apiKey,login
      application.resourceTrackingMethod: annotation+label
      application.instanceLabelKey: ""
    params:
      server.insecure: true
      application.namespaces: 'cf-*'
  controller:
    statefulsetAnnotations:
      argocd.argoproj.io/sync-options: "Delete=false"
#-----------------------------------------------------------------------------------------------------------------------
# Argo Workflows
#-----------------------------------------------------------------------------------------------------------------------
argo-workflows:
  fullnameOverride: argo
  enabled: true
  # -- Restrict Argo Workflows to operate only in a single namespace (the namespace of the Helm release).
  # This ensures it does not interfere with any other instances of Argo Workflows installed on your cluster.
  singleNamespace: true
  server:
    # -- auth-mode needs to be set to client to be able to see workflow logs from Codefresh UI
    authModes:
      - client
    # -- Do not change. Workflows UI is only accessed through internal router, changing this values will break routing to workflows native UI from Codefresh.
    baseHref: /workflows/
  crds:
    # -- Install and upgrade CRDs
    install: true
  # executor controls how the init and wait container should be customized
  executor:
    resources:
      requests:
        ephemeral-storage: 10Mi
  # mainContainer adds default config for main container that could be overriden in workflows template
  mainContainer:
    resources:
      requests:
        ephemeral-storage: 10Mi
# -- Argo workflows logs storage on Codefresh platform settings. Don't change unless instructed by Codefresh support.
codefreshWorkflowLogStoreCM:
  enabled: true
  endpoint: gitops-workflow-logs.codefresh.io
  insecure: false
#-----------------------------------------------------------------------------------------------------------------------
# Internal router
#-----------------------------------------------------------------------------------------------------------------------
internal-router:
  replicaCount: 1
  image:
    repository: docker.io/nginxinc/nginx-unprivileged
    pullPolicy: IfNotPresent
    tag: 1.29-alpine3.23
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: "internal-router"
  # -- For ipv6 enabled clusters switch ipv6 enabled to true
  ipv6:
    enabled: false
  serviceAccount:
    create: true
    annotations: {}
    name: ""
  podAnnotations: {}
  podLabels: {}
  podSecurityContext: {}
  # -- Environment variables - see values.yaml inside the chart for usage
  env: {}
  #  NAMESPACE:
  #    valueFrom:
  #     fieldRef:
  #       fieldPath: metadata.namespace
  #  VAR_NAME:
  #    valueFrom:
  #      secretKeyRef:
  #       name: my-secret
  #       key: my-secret-key
  #       optional: true
  #  VAR_NAME:
  #   valueFrom:
  #     configMapKeyRef:
  #       name: my-config-map
  #       key: my-config-map-key
  #       optional: true
  #  VAR_NANE: string-value
  securityContext: {}
  service:
    type: ClusterIP
    port: 80
  resources:
    limits:
      memory: 256Mi
      cpu: "1"
    requests:
      memory: 128Mi
      cpu: "0.2"
  nodeSelector: {}
  tolerations: []
  affinity: {}
  # -- Internal routing settings. Do not change this unless you are absolutely certain - the values are determined by chart's logic.
  routing: {}
  #  Example of values:
  # workflows:
  #   enabled: true
  #   internalUrl: "https://argo-server1:2746/"
  # app-proxy:
  #   internalUrl: "http://cap-app-proxy:3017"

  dnsService: kube-dns
  dnsNamespace: kube-system
  clusterDomain: cluster.local
  ## Internal-Router Pod Disruption Budget
  pdb:
    # -- Enable PDB
    enabled: false
    # -- Set number of pods that are available after eviction as number or percentage
    minAvailable: 1
    # -- Set number of pods that are unavailable after eviction as number or percentage
    maxUnavailable: ""
#-----------------------------------------------------------------------------------------------------------------------
# tunnel client
#-----------------------------------------------------------------------------------------------------------------------
# -- Tunnel based runtime. Not supported for on-prem platform. In on-prem use ingress based runtimes.
tunnel-client:
  # -- Will only be used if global.runtime.ingress.enabled = false
  enabled: true
  # -- Do not change this value! Breaks chart logic
  libraryMode: true
  tunnelServer:
    host: "register-tunnels.cf-cd.com"
    subdomainHost: "tunnels.cf-cd.com"
  nodeSelector: {}
  tolerations: []
  affinity: {}
#-----------------------------------------------------------------------------------------------------------------------
# app-proxy
#-----------------------------------------------------------------------------------------------------------------------
app-proxy:
  replicaCount: 1
  # -- Image enrichment process configuration
  image-enrichment:
    # -- Enable or disable enrichment process. Please note that for enrichemnt, argo-workflows has to be enabled as well.
    enabled: true
    # -- Service account that will be used for enrichemnt process
    serviceAccount:
      # -- Whether to create the service account or use an existing one
      create: true
      # -- Name of the service account to create or the name of the existing one to use
      name: codefresh-image-enrichment-sa
      # -- Annotations on the service account
      annotations:
    # -- Configurations for image enrichment workflow
    config:
      # -- The name of the configmap to use as synchronization semaphore, see https://argoproj.github.io/argo-workflows/synchronization/
      concurrencyCmName: 'workflow-synchronization-semaphores'
      # -- The name of the key in the configmap to use as synchronization semaphore
      concurrencyCmKey: 'imageReportExecutor'
      # -- Pod grabage collection strategy. By default all pods will be deleted when the enrichment workflow completes.
      podGcStrategy: 'OnWorkflowCompletion'
      # -- Number of seconds to live after completion
      ttlAfterCompletionInSeconds: 86400
      # -- Maximum allowed runtime for the enrichment workflow
      ttlActiveInSeconds: 900
      # -- Client heartbeat interval in seconds for image enrichemnt workflow
      clientHeartbeatIntervalInSeconds: 5
      # -- Enrichemnt images
      images:
        # -- Report image enrichment task image
        reportImage:
          registry: quay.io
          repository: codefreshplugins/argo-hub-codefresh-csdp-report-image-info
          tag: 1.1.25-main
        # Git enrichment task image
        gitEnrichment:
          registry: quay.io
          repository: codefreshplugins/argo-hub-codefresh-csdp-image-enricher-git-info
          tag: 1.1.25-main
        # Jira enrichment task image
        jiraEnrichment:
          registry: quay.io
          repository: codefreshplugins/argo-hub-codefresh-csdp-image-enricher-jira-info
          tag: 1.1.25-main
  image:
    repository: quay.io/codefresh/cap-app-proxy
    tag: 1.4074.0
    pullPolicy: IfNotPresent
  # -- Extra volume mounts for main container
  extraVolumeMounts: []
  initContainer:
    image:
      repository: quay.io/codefresh/cap-app-proxy-init
      tag: 1.4074.0
      pullPolicy: IfNotPresent
    command:
      - ./init.sh
    env: {}
    resources:
      limits: {}
      requests:
        memory: 256Mi
        cpu: '0.2'
    # -- Extra volume mounts for init container
    extraVolumeMounts: []
  leader-elector:
    image:
      registry: quay.io
      repository: codefresh/leader-elector
      tag: 0.0.1
    containerSecurityContext:
      allowPrivilegeEscalation: false
    readinessProbe:
      failureThreshold: 3
      initialDelaySeconds: 10
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 10
    livenessProbe:
      failureThreshold: 10
      initialDelaySeconds: 10
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 10
    resources:
      limits:
        cpu: 200m
        memory: 200Mi
      requests:
        cpu: 100m
        memory: 100Mi
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: "cap-app-proxy"
  config:
    # -- deprecated. use `global.external-argo-cd.auth.username` instead
    argoCdUsername: ""
    # -- ArgoCD Url. determined by chart logic. Do not change unless you are certain you need to
    argoCdUrl:
    # -- Workflows server url. Determined by chart logic. Do not change unless you are certain you need to
    argoWorkflowsUrl:
    argoWorkflowsInsecure: "true"
    env: "production"
    # -- Skit git permissions validation
    skipGitPermissionValidation: "false"
    # -- Log Level
    logLevel: "info"
    # -- define cluster list size per request to report the cluster state to platform, e.g.
    # if you have 90 clusters and set clusterChunkSize: 40, it means cron job will report cluster state to platform in 3 iterations (40,40,10)
    # - reduce this value if you have a lot of clusters and the cron job is failing with payload too large error
    # - use 0 to sync all clusters at once
    clusterChunkSize: 50
    # -- Cors settings for app-proxy. This is the list of allowed domains for platform (comma separated).
    cors: "https://g.codefresh.io"
  env:
    !!merge <<:
      - *otel-config
    # -- Level of logging for app-proxy
    CF_TELEMETRY_LOGS_LEVEL: 'info'
    # -- Level for logging HTTP requests
    CF_TELEMETRY_LOGS_LEVEL_HTTP: 'debug'
    # -- Enable OpenTelemetry signals (logs, metrics, traces)
    CF_TELEMETRY_OTEL_ENABLE: 'false'
    # -- Enable OTel HTTP instrumentation.
    # Make sure to sanitize `url.full` and `url.query` span attributes on collector before enabling this flag, as it may contain sensitive information.
    CF_TELEMETRY_OTEL_ALLOW_HTTP_INSTRUMENTATION: 'false'
    # -- Enable Prometheus server
    CF_TELEMETRY_PROMETHEUS_ENABLE: 'false'
    # -- Enable collecting process metrics
    CF_TELEMETRY_PROMETHEUS_ENABLE_PROCESS_METRICS: 'false'
    # -- Host for Prometheus metrics server
    CF_TELEMETRY_PROMETHEUS_HOST: '0.0.0.0'
    # -- Port for Prometheus metrics server
    CF_TELEMETRY_PROMETHEUS_PORT: '9100'
    # -- Enable Pyroscope profiling. If enabled, the Pyroscope server address must be set in PYROSCOPE_SERVER_ADDRESS.
    CF_TELEMETRY_PYROSCOPE_ENABLE: 'false'
    # -- Pyroscope server address
    PYROSCOPE_SERVER_ADDRESS: ''
  serviceAccount:
    create: true
    annotations: {}
    name: "cap-app-proxy"
  serviceMonitor:
    enabled: false
    name: ''
    labels: {}
  podAnnotations: {}
  podLabels: {}
  podSecurityContext: {}
  # fsGroup: 2000

  securityContext:
    allowPrivilegeEscalation: false
  readinessProbe:
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded.
    failureThreshold: 3
    # -- Number of seconds after the container has started before [probe] is initiated.
    initialDelaySeconds: 10
    # -- How often (in seconds) to perform the [probe].
    periodSeconds: 10
    # -- Minimum consecutive successes for the [probe] to be considered successful after having failed.
    successThreshold: 1
    # -- Number of seconds after which the [probe] times out.
    timeoutSeconds: 10
  livenessProbe:
    # -- Minimum consecutive failures for the [probe] to be considered failed after having succeeded.
    failureThreshold: 10
    # -- Number of seconds after the container has started before [probe] is initiated.
    initialDelaySeconds: 10
    # -- How often (in seconds) to perform the [probe].
    periodSeconds: 10
    # -- Minimum consecutive successes for the [probe] to be considered successful after having failed.
    successThreshold: 1
    # -- Number of seconds after which the [probe] times out.
    timeoutSeconds: 10
  service:
    type: ClusterIP
    port: 3017
  resources:
    requests:
      memory: '512Mi'
      ephemeral-storage: '2Gi'
      cpu: '100m'
    limits:
      memory: '1Gi'
      ephemeral-storage: '6Gi'
      cpu: '1500m'
  nodeSelector: {}
  tolerations: []
  affinity: {}
  # -- extra volumes
  extraVolumes: []
  ## App-Proxy Pod Disruption Budget
  pdb:
    # -- Enable PDB
    enabled: false
    # -- Set number of pods that are available after eviction as number or percentage
    minAvailable: 1
    # -- Set number of pods that are unavailable after eviction as number or percentage
    maxUnavailable: ""
#-----------------------------------------------------------------------------------------------------------------------
# gitops-operator
#-----------------------------------------------------------------------------------------------------------------------
gitops-operator:
  enabled: true
  replicaCount: 1
  # -- Codefresh gitops operator crds
  crds:
    # -- Whether or not to install CRDs
    install: true
    # -- Keep CRDs if gitops runtime release is uninstalled
    keep: false
    # -- Annotations on gitops operator CRDs
    annotations: {}
    # -- Additional labels for gitops operator CRDs
    additionalLabels: {}
  # -- GitOps operator configuration
  config:
    # -- Task polling interval
    taskPollingInterval: 10s
    # -- Commit status polling interval
    commitStatusPollingInterval: 10s
    # -- Workflow monitor polling interval
    workflowMonitorPollingInterval: 10s
    # -- Maximum number of concurrent releases being processed by the operator (this will not affect the number of releases being processed by the gitops runtime)
    maxConcurrentReleases: 100
    # -- Maximum number of reconcile retries on promotion-related resources before failing a promotion task
    maxReconcileRetries: 10
    # -- An optional template for the promotion wrapper (empty default will use the embedded one)
    promotionWrapperTemplate: ''
  # -- GitOps operator image
  image:
    registry: quay.io
    repository: codefresh/codefresh-gitops-operator
    tag: main-78571af
  env:
    !!merge <<:
      - *otel-config
    GITOPS_OPERATOR_VERSION: 0.11.1
  serviceAccount:
    create: true
    annotations: {}
    name: "gitops-operator-controller-manager"
  imagePullSecrets: []
  nameOverride: ""
  fullnameOverride: ""
  podAnnotations: {}
  podLabels: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}
  resources:
    limits: {}
    requests:
      cpu: 100m
      memory: 128Mi
  pdb:
    enabled: false
    minAvailable: 1
    maxUnavailable: ""
# -- Argo Gateway
# Argo Gateway is used to perform operations on ArgoCD from Codefresh platform
argo-gateway:
  image:
    registry: quay.io
    repository: codefresh/cf-argocd-extras
    tag: 7b43e16
  nodeSelector: {}
  tolerations: []
  affinity: {}
  resources:
    requests:
      memory: "128Mi"
      cpu: "100m"
  hpa:
    enabled: true
    minReplicas: 1
    maxReplicas: 10
    targetCPUUtilizationPercentage: 70
  pdb:
    enabled: true
    minAvailable: "50%"
    maxUnavailable: ""
  service:
    type: ClusterIP
  serviceAccount:
    create: true
  readinessProbe:
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 10
  livenessProbe:
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 10
  serviceMonitor:
    enabled: false
    interval: 30s
    scrapeTimeout: 10s
    labels: {}
# -- Enable hook job to create redis secret
redis-secret-init:
  image:
    registry: docker.io
    repository: alpine/kubectl
    tag: 1.35.3
  nodeSelector: {}
  tolerations: []
  affinity: {}
# -- Standalone redis deployment
# Will be replaced by redis-ha subchart when `redis-ha.enabled=true`
redis:
  enabled: false
  fullnameOverride: "runtime-redis"
  # -- Redis image
  image:
    registry: public.ecr.aws
    repository: docker/library/redis
    tag: 8.2.1-alpine
  podAnnotations: {}
  podLabels: {}
  imagePullSecrets: []
  podSecurityContext: {}
  securityContext: {}
  env: {}
  envFrom: []
  extraArgs: []
  # -- Probes configuration
  readinessProbe:
    enabled: true
    initialDelaySeconds: 30
    periodSeconds: 15
    timeoutSeconds: 15
    successThreshold: 1
    failureThreshold: 5
  livenessProbe:
    enabled: true
    initialDelaySeconds: 30
    periodSeconds: 15
    timeoutSeconds: 15
    successThreshold: 1
    failureThreshold: 5
  # -- Service configuration
  service:
    type: ClusterIP
    labels: {}
    annotations: {}
    ports:
      redis:
        port: 6379
        targetPort: 6379
      metrics:
        port: 9121
        targetPort: 9121
  resources: {}
  # -- Enable metrics sidecar
  metrics:
    enabled: true
    image:
      registry: ghcr.io
      repository: oliver006/redis_exporter
      tag: v1.72.1
    env: {}
    envFrom: []
    resources: {}
    readinessProbe:
      enabled: true
      initialDelaySeconds: 30
      periodSeconds: 15
      timeoutSeconds: 15
      successThreshold: 1
      failureThreshold: 5
    livenessProbe:
      enabled: true
      initialDelaySeconds: 30
      periodSeconds: 15
      timeoutSeconds: 15
      successThreshold: 1
      failureThreshold: 5
    # -- Enable a prometheus ServiceMonitor
    serviceMonitor:
      enabled: false
  nodeSelector: {}
  tolerations: []
  affinity: {}
  topologySpreadConstraints: []
  # -- Enabled Pod Disruption Budget for redis
  pdb:
    enabled: false
    labels: {}
    annotations: {}
    minAvailable: 1
    maxUnavailable: ""
  # -- Create ServiceAccount for redis
  serviceAccount:
    create: true
    name: ""
    annotations: {}
event-reporters:
  cluster-event-reporter:
    env:
      !!merge <<:
        - *otel-config
  runtime-event-reporter:
    env:
      !!merge <<:
        - *otel-config
# -- Redis-HA subchart replaces custom redis deployment when `redis-ha.enabled=true`
# Ref: https://github.com/DandyDeveloper/charts/blob/master/charts/redis-ha/values.yaml
redis-ha:
  # -- Enables the Redis HA subchart and disables the custom Redis single node deployment
  enabled: false
  # -- Full name of the Redis HA Resources
  fullnameOverride: "runtime-redis-ha"
  ## Redis image
  image:
    # -- Redis repository
    repository: public.ecr.aws/docker/library/redis
    # -- Redis tag
    tag: 8.2.1-alpine
  ## Prometheus redis-exporter sidecar
  exporter:
    # -- Enable Prometheus redis-exporter sidecar
    enabled: false
    # -- Repository to use for the redis-exporter
    image: ghcr.io/oliver006/redis_exporter
    # -- Tag to use for the redis-exporter
    tag: v1.69.0
  persistentVolume:
    # -- Configures persistence on Redis nodes
    enabled: false
  ## Redis specific configuration options
  redis:
    # -- Redis convention for naming the cluster group: must match `^[\\w-\\.]+$` and can be templated
    masterGroupName: gitops-runtime
    # -- Any valid redis config options in this section will be applied to each server (see `redis-ha` chart)
    # @default -- See [values.yaml]
    config:
      # -- Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""`  is disabled
      # @default -- `'""'`
      save: '""'
  ## Enables a HA Proxy for better LoadBalancing / Sentinel Master support. Automatically proxies to Redis master.
  haproxy:
    # -- Enabled HAProxy LoadBalancing/Proxy
    enabled: true
    metrics:
      # -- HAProxy enable prometheus metric scraping
      enabled: true
    # -- Whether the haproxy pods should be forced to run on separate nodes.
    hardAntiAffinity: true
    # -- Additional affinities to add to the haproxy pods.
    additionalAffinities: {}
    # -- Assign custom [affinity] rules to the haproxy pods.
    affinity: ""
    # -- [Tolerations] for use with node taints for haproxy pods.
    tolerations: []
    # -- HAProxy container-level security context
    # @default -- See [values.yaml]
    containerSecurityContext:
      readOnlyRootFilesystem: true
  # -- Configures redis-ha with AUTH
  auth: true
  # -- Existing Secret to use for redis-ha authentication.
  # By default the redis-secret-init Job is generating this Secret.
  existingSecret: gitops-runtime-redis
  # -- Whether the Redis server pods should be forced to run on separate nodes.
  hardAntiAffinity: true
  # -- Additional affinities to add to the Redis server pods.
  additionalAffinities: {}
  # -- Assign custom [affinity] rules to the Redis pods.
  affinity: ""
  # -- [Tolerations] for use with node taints for Redis pods.
  tolerations: []
  # -- Assign custom [TopologySpreadConstraints] rules to the Redis pods.
  ## https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/
  topologySpreadConstraints:
    # -- Enable Redis HA topology spread constraints
    enabled: false
    # -- Max skew of pods tolerated
    # @default -- `""` (defaults to `1`)
    maxSkew: ""
    # -- Topology key for spread
    # @default -- `""` (defaults to `topology.kubernetes.io/zone`)
    topologyKey: ""
    # -- Enforcement policy, hard or soft
    # @default -- `""` (defaults to `ScheduleAnyway`)
    whenUnsatisfiable: ""
  # -- Redis HA statefulset container-level security context
  # @default -- See [values.yaml]
  containerSecurityContext:
    readOnlyRootFilesystem: true