Argo Workflows 재구성

helm/argo-workflows/values.yaml

@@ -26,6 +26,9 @@ nameOverride:
 # -- String to fully override "argo-workflows.fullname" template
 fullnameOverride:
 
+# -- Labels to set on all resources
+commonLabels: {}
+
 # -- Override the Kubernetes version, which is used to evaluate certain manifests
 kubeVersionOverride: ""
 
@@ -88,6 +91,12 @@ controller:
     # -- Allows controller to create and update ConfigMaps. Enables memoization feature
     writeConfigMaps: false
 
+  configMap:
+    # -- Create a ConfigMap for the controller
+    create: true
+    # -- ConfigMap name
+    name: ""
+
   # -- Limits the maximum number of incomplete workflows in a namespace
   namespaceParallelism:
   # -- Resolves ongoing, uncommon AWS EKS bug: https://github.com/argoproj/argo-workflows/pull/4224
@@ -121,7 +130,7 @@ controller:
     # -- Service metrics port name
     servicePortName: metrics
     # -- ServiceMonitor relabel configs to apply to samples before scraping
-    ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/api.md#relabelconfig
+    ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#relabelconfig
     relabelings: []
     # -- ServiceMonitor metric relabel configs to apply to samples before ingestion
     ## Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#endpoint
@@ -158,6 +167,10 @@ controller:
   #   passwordSecret:
   #     name: argo-postgres-config
   #     key: password
+  #   ssl: true
+  #   # sslMode must be one of: disable, require, verify-ca, verify-full
+  #   # you can find more information about those ssl options here: https://godoc.org/github.com/lib/pq
+  #   sslMode: require
 
   # -- Default values that will apply to all Workflows from this controller, unless overridden on the Workflow-level.
   # Only valid for 2.7+
@@ -173,6 +186,13 @@ controller:
 
   # -- Number of workflow workers
   workflowWorkers: # 32
+  # -- Number of workflow TTL workers
+  workflowTTLWorkers: # 4
+  # -- Number of pod cleanup workers
+  podCleanupWorkers: # 4
+  # -- Number of cron workflow workers
+  # Only valid for 3.5+
+  cronWorkflowWorkers: # 8
   # -- Restricts the Workflows that the controller will process.
   # Only valid for 2.9+
   workflowRestrictions: {}
@@ -281,6 +301,8 @@ controller:
   volumes: []
   # -- The number of controller pods to run
   replicas: 1
+  # -- The number of revisions to keep.
+  revisionHistoryLimit: 10
 
   pdb:
     # -- Configure [Pod Disruption Budget] for the controller pods
@@ -436,6 +458,12 @@ server:
   # -- Service port name
   servicePortName: "" # http
 
+  # -- Mapping between IP and hostnames that will be injected as entries in the pod's hosts files
+  hostAliases: []
+  # - ip: 10.20.30.40
+  #   hostnames:
+  #   - git.myhostname
+
   serviceAccount:
     # -- Create a service account for the server
     create: true
@@ -458,6 +486,8 @@ server:
   resources: {}
   # -- The number of server pods to run
   replicas: 1
+  # -- The number of revisions to keep.
+  revisionHistoryLimit: 10
   ## Argo Server Horizontal Pod Autoscaler
   autoscaling:
     # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Argo Server
@@ -522,14 +552,16 @@ server:
     # - name: FOO
     #   value: "bar"
 
-  # -- Extra arguments to provide to the Argo server binary, such as for disabling authentication.
+  # -- Deprecated; use server.authModes instead.
+  authMode: ""
+
+  # -- A list of supported authentication modes. Available values are `server`, `client`, or `sso`. If you provide sso, please configure `.Values.server.sso` as well.
+  ## Ref: https://argoproj.github.io/argo-workflows/argo-server-auth-mode/
+  authModes: []
+
+  # -- Extra arguments to provide to the Argo server binary.
+  ## Ref: https://argoproj.github.io/argo-workflows/argo-server/#options
   extraArgs: []
-  # If you want to disable authentication for purposes such as:
-  #   - local dev-mode without authentication
-  #   - gateway authentication through some other service such as KeyCloak
-  # uncomment the lines below and comment out the default empty list `extraArgs: []` above:
-  # extraArgs:
-  # - --auth-mode=server
 
   logging:
     # -- Set the logging level (one of: `debug`, `info`, `warn`, `error`)
@@ -539,6 +571,9 @@ server:
     # -- Set the logging format (one of: `text`, `json`)
     format: "text"
 
+  # -- Volume to be mounted in Pods for temporary files.
+  tmpVolume:
+    emptyDir: {}
   # -- Additional volume mounts to the server main container.
   volumeMounts: []
   # -- Additional volumes to the server pod.
@@ -631,8 +666,7 @@ server:
 
   # SSO configuration when SSO is specified as a server auth mode.
   sso:
-    # -- Create SSO configuration
-    ## SSO is activated by adding --auth-mode=sso to the server command line.
+    # -- Create SSO configuration. If you set `true` , please also set `.Values.server.authMode` as `sso`.
     enabled: false
     # -- The root URL of the OIDC identity provider
     issuer: https://accounts.google.com
@@ -647,7 +681,7 @@ server:
       # -- Key of a secret to retrieve the app OIDC client secret
       key: client-secret
     # - The OIDC redirect URL. Should be in the form <argo-root-url>/oauth2/callback.
-    redirectUrl: https://argo/oauth2/callback
+    redirectUrl: ""
     rbac:
       # -- Adds ServiceAccount Policy to server (Cluster)Role.
       enabled: true
@@ -673,6 +707,11 @@ server:
     userInfoPath: ""
     # -- Skip TLS verification for the HTTP client
     insecureSkipVerify: false
+    # -- Filter the groups returned by the OIDC provider
+    ## A logical "OR" is used between each regex in the list
+    filterGroupsRegex: []
+      # - ".*argo-wf.*"
+      # - ".*argo-workflow.*"
 
   # -- Extra containers to be added to the server deployment
   extraContainers: []