github.com/argoproj/argo-cd/v2@v2.10.9/docs/operator-manual/argocd-cmd-params-cm.yaml (about) 1 apiVersion: v1 2 kind: ConfigMap 3 metadata: 4 name: argocd-cmd-params-cm 5 labels: 6 app.kubernetes.io/name: argocd-cmd-params-cm 7 app.kubernetes.io/part-of: argocd 8 data: 9 # Repo server address. (default "argocd-repo-server:8081") 10 repo.server: "argocd-repo-server:8081" 11 12 # Redis server hostname and port (e.g. argocd-redis:6379) 13 redis.server: "argocd-redis:6379" 14 # Enable compression for data sent to Redis with the required compression algorithm. (default 'gzip') 15 redis.compression: gzip 16 # Redis database 17 redis.db: 18 19 # Open-Telemetry collector address: (e.g. "otel-collector:4317") 20 otlp.address: "" 21 # Open-Telemetry collector insecure: (e.g. "true") 22 otlp.insecure: "true" 23 # Open-Telemetry collector headers: (e.g. "key1=value1,key2=value2") 24 otlp.headers: "" 25 26 # List of additional namespaces where applications may be created in and 27 # reconciled from. The namespace where Argo CD is installed to will always 28 # be allowed. 29 # 30 # Feature state: Beta 31 application.namespaces: ns1, ns2, ns3 32 33 ## Controller Properties 34 # Repo server RPC call timeout seconds. 35 controller.repo.server.timeout.seconds: "60" 36 # Disable TLS on connections to repo server 37 controller.repo.server.plaintext: "false" 38 # Whether to use strict validation of the TLS cert presented by the repo server 39 controller.repo.server.strict.tls: "false" 40 # Number of application status processors (default 20) 41 controller.status.processors: "20" 42 # Number of application operation processors (default 10) 43 controller.operation.processors: "10" 44 # Set the logging format. One of: text|json (default "text") 45 controller.log.format: "text" 46 # Set the logging level. One of: debug|info|warn|error (default "info") 47 controller.log.level: "info" 48 # Prometheus metrics cache expiration (disabled by default. e.g. 24h0m0s) 49 controller.metrics.cache.expiration: "24h0m0s" 50 # Specifies timeout between application self heal attempts (default 5) 51 controller.self.heal.timeout.seconds: "5" 52 # Cache expiration for app state (default 1h0m0s) 53 controller.app.state.cache.expiration: "1h0m0s" 54 # Specifies if resource health should be persisted in app CRD (default true) 55 # Changing this to `false` significantly reduce number of Application CRD updates and improves controller performance. 56 # However, disabling resource health by default might affect applications that communicate with Applications CRD directly 57 # so we have to defer switching this to `false` by default till v3.0 release. 58 controller.resource.health.persist: "true" 59 # Cache expiration default (default 24h0m0s) 60 controller.default.cache.expiration: "24h0m0s" 61 # Sharding algorithm used to balance clusters accross application controller shards (default "legacy") 62 controller.sharding.algorithm: legacy 63 # Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit. 64 controller.kubectl.parallelism.limit: "20" 65 # The maximum number of retries for each request 66 controller.k8sclient.retry.max: "0" 67 # The initial backoff delay on the first retry attempt in ms. Subsequent retries will double this backoff time up to a maximum threshold 68 controller.k8sclient.retry.base.backoff: "100" 69 # Grace period in seconds for ignoring consecutive errors while communicating with repo server. 70 controller.repo.error.grace.period.seconds: "180" 71 # Enables the server side diff feature at the application controller level. 72 # Diff calculation will be done by running a server side apply dryrun (when 73 # diff cache is unavailable). 74 controller.diff.server.side: "false" 75 76 ## Server properties 77 # Listen on given address for incoming connections (default "0.0.0.0") 78 server.listen.address: "0.0.0.0" 79 # Listen on given address for metrics (default "0.0.0.0") 80 server.metrics.listen.address: "0.0.0.0" 81 # Run server without TLS 82 server.insecure: "false" 83 # Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/") 84 server.basehref: "/" 85 # Used if Argo CD is running behind reverse proxy under subpath different from / 86 server.rootpath: "" 87 # Directory path that contains additional static assets 88 server.staticassets: "/shared/app" 89 # The maximum number of retries for each request 90 server.k8sclient.retry.max: "0" 91 # The initial backoff delay on the first retry attempt in ms. Subsequent retries will double this backoff time up to a maximum threshold 92 server.k8sclient.retry.base.backoff: "100" 93 # Semicolon-separated list of content types allowed on non-GET requests. Set an empty string to allow all. Be aware 94 # that allowing content types besides application/json may make your API more vulnerable to CSRF attacks. 95 server.api.content.types: "application/json" 96 97 # Set the logging format. One of: text|json (default "text") 98 server.log.format: "text" 99 # Set the logging level. One of: debug|info|warn|error (default "info") 100 server.log.level: "info" 101 # Repo server RPC call timeout seconds. (default 60) 102 server.repo.server.timeout.seconds: "60" 103 # Use a plaintext client (non-TLS) to connect to repository server 104 server.repo.server.plaintext: "false" 105 # Perform strict validation of TLS certificates when connecting to repo server 106 server.repo.server.strict.tls: "false" 107 # Dex server address (default "http://argocd-dex-server:5556") 108 server.dex.server: "http://argocd-dex-server:5556" 109 # Use a plaintext client (non-TLS) to connect to dex server 110 server.dex.server.plaintext: "false" 111 # Perform strict validation of TLS certificates when connecting to dex server 112 server.dex.server.strict.tls: "false" 113 # Disable client authentication 114 server.disable.auth: "false" 115 # Toggle GZIP compression 116 server.enable.gzip: "true" 117 # Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin") 118 server.x.frame.options: "sameorigin" 119 # The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") 120 server.tls.minversion: "1.2" 121 # The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") 122 server.tls.maxversion: "1.3" 123 # The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") 124 server.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384" 125 # Cache expiration for cluster/repo connection status (default 1h0m0s) 126 server.connection.status.cache.expiration: "1h0m0s" 127 # Cache expiration for OIDC state (default 3m0s) 128 server.oidc.cache.expiration: "3m0s" 129 # Cache expiration for failed login attempts (default 24h0m0s) 130 server.login.attempts.expiration: "24h0m0s" 131 # Cache expiration for app state (default 1h0m0s) 132 server.app.state.cache.expiration: "1h0m0s" 133 # Cache expiration default (default 24h0m0s) 134 server.default.cache.expiration: "24h0m0s" 135 # Enable the experimental proxy extension feature 136 server.enable.proxy.extension: "false" 137 138 ## Repo-server properties 139 # Listen on given address for incoming connections (default "0.0.0.0") 140 reposerver.listen.address: "0.0.0.0" 141 # Listen on given address for metrics (default "0.0.0.0") 142 reposerver.metrics.listen.address: "0.0.0.0" 143 # Set the logging format. One of: text|json (default "text") 144 reposerver.log.format: "text" 145 # Set the logging level. One of: debug|info|warn|error (default "info") 146 reposerver.log.level: "info" 147 # Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. 148 reposerver.parallelism.limit: "1" 149 # Disable TLS on the gRPC endpoint 150 reposerver.disable.tls: "false" 151 # The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") 152 reposerver.tls.minversion: "1.2" 153 # The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") 154 reposerver.tls.maxversion: "1.3" 155 # The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") 156 reposerver.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384" 157 # Cache expiration for repo state, incl. app lists, app details, manifest generation, revision meta-data (default 24h0m0s) 158 reposerver.repo.cache.expiration: "24h0m0s" 159 # Cache expiration default (default 24h0m0s) 160 reposerver.default.cache.expiration: "24h0m0s" 161 # Max combined manifest file size for a single directory-type Application. In-memory manifest representation may be as 162 # much as 300x the manifest file size. Limit this to stay within the memory limits of the repo-server while allowing 163 # for 300x memory expansion and N Applications running at the same time. 164 # (example 10M max * 300 expansion * 10 Apps = 30G max theoretical memory usage). 165 reposerver.max.combined.directory.manifests.size: '10M' 166 # Paths to be excluded from the tarball streamed to plugins. Separate with ; 167 reposerver.plugin.tar.exclusions: "" 168 # Allow repositories to contain symlinks that leave the boundaries of the repository. 169 # Changing this to "true" will not allow _all_ out-of-bounds symlinks. Those will still be blocked for things like values 170 # files in Helm charts. But symlinks which are not explicitly blocked by other checks will be allowed. 171 reposerver.allow.oob.symlinks: "false" 172 # Maximum size of tarball when streaming manifests to the repo server for generation 173 reposerver.streamed.manifest.max.tar.size: "100M" 174 # Maximum size of extracted manifests when streaming manifests to the repo server for generation 175 reposerver.streamed.manifest.max.extracted.size: "1G" 176 # Enable git submodule support 177 reposerver.enable.git.submodule: "true" 178 # Number of concurrent git ls-remote requests. Any value less than 1 means no limit. 179 reposerver.git.lsremote.parallelism.limit: "0" 180 # Git requests timeout. 181 reposerver.git.request.timeout: "15s" 182 183 # Disable TLS on the HTTP endpoint 184 dexserver.disable.tls: "false" 185 186 ## ApplicationSet Controller Properties 187 # Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. 188 applicationsetcontroller.enable.leader.election: "false" 189 # "Modify how application is synced between the generator and the cluster. Default is 'sync' (create & update & delete), options: 'create-only', 'create-update' (no deletion), 'create-delete' (no update)" 190 applicationsetcontroller.policy: "sync" 191 # Print debug logs. Takes precedence over loglevel 192 applicationsetcontroller.debug: "false" 193 # Set the logging format. One of: text|json (default "text") 194 applicationsetcontroller.log.format: "text" 195 # Set the logging level. One of: debug|info|warn|error (default "info") 196 applicationsetcontroller.log.level: "info" 197 # Enable dry run mode 198 applicationsetcontroller.dryrun: "false" 199 # Enable git submodule support 200 applicationsetcontroller.enable.git.submodule: "true" 201 # Enables use of the Progressive Syncs capability 202 applicationsetcontroller.enable.progressive.syncs: "false" 203 # A list of glob patterns specifying where to look for ApplicationSet resources. (default is only the ns where the controller is installed) 204 applicationsetcontroller.namespaces: "argocd,argocd-appsets-*" 205 # Path of the self-signed TLS certificate for SCM/PR Gitlab Generator 206 applicationsetcontroller.scm.root.ca.path: "" 207 # A comma separated list of allowed SCM providers (default "" is all SCM providers). 208 # Setting this field is required when using ApplicationSets-in-any-namespace, to prevent users from 209 # sending secrets from `tokenRef`s to disallowed `api` domains. 210 # The url used in the scm generator must exactly match one in the list 211 applicationsetcontroller.allowed.scm.providers: "https://git.example.com/,https://gitlab.example.com/" 212 # To disable SCM providers entirely (i.e. disable the SCM and PR generators), set this to "false". Default is "true". 213 applicationsetcontroller.enable.scm.providers: "false" 214 215 ## Argo CD Notifications Controller Properties 216 # Set the logging level. One of: debug|info|warn|error (default "info") 217 notificationscontroller.log.level: "info" 218 # Set the logging format. One of: text|json (default "text") 219 notificationscontroller.log.format: "text" 220 # Enable self-service notifications config. Used in conjunction with apps-in-any-namespace. (default "false") 221 notificationscontroller.selfservice.enabled: "false"