# Argo CD Helm Chart Values

global:
  domain: ag.hexor.cy
  logging:
    format: text
    level: info

crds:
  install: true
  keep: true # Recommended to keep true so CRDs are not deleted on uninstall

configs:
  params:
    server.insecure: "true"
  cm:
    create: true
    kustomize.buildOptions: --enable-helm
    application.instanceLabelKey: argocd.argoproj.io/instance
    admin.enabled: true
    timeout.reconciliation: 60s
    dex.config: |
      connectors:
        - type: oidc
          id: authentik
          name: Authentik
          config:
            issuer: https://auth.hexor.cy/application/o/argocd/
            clientID: $dex.authentik.clientID
            clientSecret: $dex.authentik.clientSecret
            redirectURI: https://ag.hexor.cy/api/dex/callback
  rbac:
    create: true
    policy.default: ""
    policy.csv: |
      g, k8s_dashboard, role:admin

  secret:
    createSecret: false
    argocdServerAdminPassword: "" # <--- SET BCRYPT HASH HERE OR MANAGE EXTERNALLY
    extra:
      dex.authentik.clientID:
        valueFrom:
          secretKeyRef:
            name: oidc-creds
            key: client-id
      dex.authentik.clientSecret:
        valueFrom:
          secretKeyRef:
            name: oidc-creds
            key: client-secret

controller:
  replicas: 1
  # Add resources (requests/limits), PDB etc. if needed

# Dex OIDC provider
dex:
  enabled: true # Keep enabled unless using external OIDC/SAML directly
  # Add resources, PDB etc. if needed

# Standard Redis disabled because Redis HA is enabled
redis:
  enabled: false

# Redis HA (replaces standard Redis)
redis-ha:
  enabled: true
  # Default settings usually work, including auth via 'argocd-redis' secret.
  # Assumes 'redisSecretInit' job is enabled (default) to create the secret.
  haproxy:
    enabled: true
  redis:
    config:
      # Disable Redis disk persistence for cache performance (Argo CD uses it as a cache)
      save: '""'

# Argo CD Server (API and UI)
server:
  replicas: 1
  ingress:
    enabled: false

  certificate:
    enabled: false 

  certificateSecret:
    enabled: false

# Repository Server
repoServer:
  replicas: 1
  # Add resources (requests/limits), PDB etc. if needed

# ApplicationSet Controller
applicationSet:
  enabled: true # Enabled by default
  replicas: 1
  # Add resources (requests/limits), PDB etc. if needed

# Notifications Controller
notifications:
  enabled: true # Enabled by default
  # Add notifiers, triggers, templates configurations if needed