github.com/argoproj/argo-cd@v1.8.7/docs/operator-manual/argocd-cm.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: argocd-cm
  namespace: argocd
  labels:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
data:
  # Argo CD's externally facing base URL (optional). Required when configuring SSO
  url: https://argo-cd-demo.argoproj.io

  # Enables application status badge feature
  statusbadge.enabled: 'true'

  # Enables anonymous user access. The anonymous users get default role permissions specified argocd-rbac-cm.yaml.
  users.anonymous.enabled: "true"

  # Enables google analytics tracking is specified
  ga.trackingid: 'UA-12345-1'
  # Unless set to 'false' then user ids are hashed before sending to google analytics
  ga.anonymizeusers: 'false'

  # the URL for getting chat help, this will typically be your Slack channel for support
  help.chatUrl: 'https://mycorp.slack.com/argo-cd'
  # the text for getting chat help, defaults to "Chat now!"
  help.chatText: 'Chat now!'

  # A dex connector configuration (optional). See SSO configuration documentation:
  # https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/sso
  # https://github.com/dexidp/dex/tree/master/Documentation/connectors
  dex.config: |
    connectors:
      # GitHub example
      - type: github
        id: github
        name: GitHub
        config:
          clientID: aabbccddeeff00112233
          clientSecret: $dex.github.clientSecret
          orgs:
          - name: your-github-org
            teams:
            - red-team
    # It is possible to provide custom static client for dex if you want to reuse it
    # with other services
    # staticClients:
    # - id: argo-workflow
    #   name: Argo Workflow
    #   redirectURIs:
    #     - https://argo/oauth2/callback
    #   secret: $secretReference

  # OIDC configuration as an alternative to dex (optional).
  oidc.config: |
    name: Okta
    issuer: https://dev-123456.oktapreview.com
    clientID: aaaabbbbccccddddeee
    clientSecret: $oidc.okta.clientSecret
    # Optional set of OIDC scopes to request. If omitted, defaults to: ["openid", "profile", "email", "groups"]
    requestedScopes: ["openid", "profile", "email"]
    # Optional set of OIDC claims to request on the ID token.
    requestedIDTokenClaims: {"groups": {"essential": true}}

  # Git repositories configure Argo CD with (optional).
  # This list is updated when configuring/removing repos from the UI/CLI
  # Note: 'type: helm' field is supported in v1.3+. Use 'helm.repositories' for older versions.
  repositories: |
    - url: https://github.com/argoproj/my-private-repository
      passwordSecret:
        name: my-secret
        key: password
      usernameSecret:
        name: my-secret
        key: username
      sshPrivateKeySecret:
        name: my-secret
        key: sshPrivateKey
    - type: helm
      url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
      name: istio.io
    - type: helm
      url: https://my-private-chart-repo.internal
      name: private-repo
      usernameSecret:
        name: my-secret
        key: username
      passwordSecret:
        name: my-secret
        key: password

  # Non-standard and private Helm repositories (deprecated in 1.3).
  helm.repositories: |
    - url: https://storage.googleapis.com/istio-prerelease/daily-build/master-latest-daily/charts
      name: istio.io
    - url: https://my-private-chart-repo.internal
      name: private-repo
      usernameSecret:
        name: my-secret
        key: username
      passwordSecret:
        name: my-secret
        key: password

  # Configuration to customize resource behavior (optional). Keys are in the form: group/Kind.
  resource.customizations: |
    admissionregistration.k8s.io/MutatingWebhookConfiguration:
      # List of json pointers in the object to ignore differences
      ignoreDifferences: |
        jsonPointers:
        - /webhooks/0/clientConfig/caBundle
    certmanager.k8s.io/Certificate:
      # Lua script for customizing the health status assessment
      health.lua: |
        hs = {}
        if obj.status ~= nil then
          if obj.status.conditions ~= nil then
            for i, condition in ipairs(obj.status.conditions) do
              if condition.type == "Ready" and condition.status == "False" then
                hs.status = "Degraded"
                hs.message = condition.message
                return hs
              end
              if condition.type == "Ready" and condition.status == "True" then
                hs.status = "Healthy"
                hs.message = condition.message
                return hs
              end
            end
          end
        end
        hs.status = "Progressing"
        hs.message = "Waiting for certificate"
        return hs
    cert-manager.io/Certificate:
      # Lua script for customizing the health status assessment
      health.lua: |
        hs = {}
        if obj.status ~= nil then
          if obj.status.conditions ~= nil then
            for i, condition in ipairs(obj.status.conditions) do
              if condition.type == "Ready" and condition.status == "False" then
                hs.status = "Degraded"
                hs.message = condition.message
                return hs
              end
              if condition.type == "Ready" and condition.status == "True" then
                hs.status = "Healthy"
                hs.message = condition.message
                return hs
              end
            end
          end
        end
        hs.status = "Progressing"
        hs.message = "Waiting for certificate"
        return hs
    apps/Deployment:
      # List of Lua Scripts to introduce custom actions
      actions: |
        # Lua Script to indicate which custom actions are available on the resource
        discovery.lua: |
          actions = {}
          actions["restart"] = {}
          return actions
        definitions:
          - name: restart
            # Lua Script to modify the obj
            action.lua: |
              local os = require("os")
              if obj.spec.template.metadata == nil then
                  obj.spec.template.metadata = {}
              end
              if obj.spec.template.metadata.annotations == nil then
                  obj.spec.template.metadata.annotations = {}
              end
              obj.spec.template.metadata.annotations["kubectl.kubernetes.io/restartedAt"] = os.date("!%Y-%m-%dT%XZ")
              return obj

  # Configuration to completely ignore entire classes of resource group/kinds (optional).
  # Excluding high-volume resources improves performance and memory usage, and reduces load and
  # bandwidth to the Kubernetes API server.
  # These are globs, so a "*" will match all values.
  # If you omit groups/kinds/clusters then they will match all groups/kind/clusters.
  # NOTE: events.k8s.io and metrics.k8s.io are excluded by default
  resource.exclusions: |
    - apiGroups:
      - repositories.stash.appscode.com
      kinds:
      - Snapshot
      clusters:
      - "*.local"

  # By default all resource group/kinds are included. The resource.inclusions setting allows customizing
  # list of included group/kinds.
  resource.inclusions: |
    - apiGroups:
      - repositories.stash.appscode.com
      kinds:
      - Snapshot
      clusters:
      - "*.local"

  resource.compareoptions: |
    # if ignoreAggregatedRoles set to true then differences caused by aggregated roles in RBAC resources are ignored.
    ignoreAggregatedRoles: true

    # disables status field diffing in specified resource types
    # 'crd' - CustomResourceDefinitions (default)
    # 'all' - all resources
    # 'none' - disabled
    ignoreResourceStatusField: crd

  # Configuration to add a config management plugin.
  configManagementPlugins: |
    - name: kasane
      init:
        command: [kasane, update]
      generate:
        command: [kasane, show]

  # Build options/parameters to use with `kustomize build` (optional)
  kustomize.buildOptions: --load_restrictor none

  # Additional Kustomize versions and corresponding binary paths
  kustomize.version.v3.5.1: /custom-tools/kustomize_3_5_1
  kustomize.version.v3.5.4: /custom-tools/kustomize_3_5_4

  # The metadata.label key name where Argo CD injects the app name as a tracking label (optional).
  # Tracking labels are used to determine which resources need to be deleted when pruning.
  # If omitted, Argo CD injects the app name into the label: 'app.kubernetes.io/instance'
  application.instanceLabelKey: mycompany.com/appname

  # disables admin user. Admin is enabled by default
  admin.enabled: "false"
  # add an additional local user with apiKey and login capabilities
  #   apiKey - allows generating API keys
  #   login - allows to login using UI
  accounts.alice: apiKey, login
  # disables user. User is enabled by default
  accounts.alice.enabled: "false"

  # The location of optional user-defined CSS that is loaded at runtime.
  # Local CSS Files:
  # - If the supplied path is to a file mounted on the argocd-server container, that file should be mounted 
  #   within a subdirectory of the existing "/shared/app" directory (e.g. "/shared/app/custom").  Otherwise,
  #   the file will likely fail to be imported by the browser with an "incorrect MIME type" error.
  # - The path should be specified relative to the "/shared/app" directory; not as an absolute path.
  # Remote CSS Files:
  # - Files may also be loaded from remote locations via fully qualified URLs.
  ui.cssurl: "./custom/my-styles.css"