Argo CD instance


Red Hat OpenShift GitOps 1.15

Installing and deploying Argo CD instances, enabling notifications with an Argo CD instance, and configuring the NotificationsConfiguration CR

Red Hat OpenShift Documentation Team

Abstract

This document provides instructions for installing and deploying Argo CD instances to manage cluster configurations or deploy applications. It also discusses about how to enable notifications for an Argo CD instance and configure the NotificationsConfiguration custom resource (CR).

Chapter 1. Setting up an Argo CD instance

By default, Red Hat OpenShift GitOps installs an instance of Argo CD in the openshift-gitops namespace with additional permissions for managing certain cluster-scoped resources. This default Argo CD instance is also called as the default cluster-scoped instance.

To prevent the default Argo CD instance from starting in the openshift-gitops namespace, you can use the openshift-gitops-operator subscription and configure the DISABLE_DEFAULT_ARGOCD_INSTANCE environment variable in it by setting the string value to "true".

Note

For GitOps version 1.13 and later:

  • Route TLS termination is set as default to the reencrypt mode for both the default and user-defined Argo CD instances. TLS connections to the Argo CD instances now receive the default ingress certificate that is set in OpenShift Container Platform, instead of the self-signed Argo CD certificate. You can modify the route TLS termination policy by configuring the .spec.server.route.tls field of the Argo CD CR.
  • Restricted pod security admission (PSA) labels are applied to the openshift-gitops namespace to ensure compliance with OpenShift Container Platform standards. If you are running additional workloads in this namespace, such as monitoring or logging, ensure that they comply with the restricted PSA requirements. If compliance is not feasible, consider using a user-defined, cluster-scoped Argo CD instance, where PSA labels are not applied or controlled by the GitOps Operator.

To manage cluster configurations or deploy applications, you can install and deploy a new user-defined Argo CD instance. By default, any new user-defined instance has permissions to manage resources only in the namespace where it is deployed.

Warning
  • A Kubernetes user with access to the Argo CD namespace is an Argo CD administrator and can bypass any role-based access control (RBAC) restrictions configured in Argo CD. Never grant non-administrator users any read or write access to the Argo CD namespace.
  • If non-administrator users create applications, do not allow them to be bound to the default AppProject custom resource (CR) because it has no restrictions. Otherwise, the Kubernetes permissions of the Argo CD instances and the default AppProject CR allow deployment of everything everywhere. To prevent this situation, lock down the default AppProject CR so that no one can use it accidentally, even if someone misconfigures the Argo CD RBAC.

You can create a user-defined Argo CD instance in any namespace, other than the openshift-gitops namespace.

Important

If you want to create a user-defined Argo CD instance within the openshift-gitops namespace, set the DISABLE_DEFAULT_ARGOCD_INSTANCE flag value in the openshift-gitops-operator subscription to "true" and do not name the instance as openshift-gitops.

1.1. Installing a user-defined Argo CD instance

To manage cluster configurations or deploy applications, you can install and deploy a new user-defined Argo CD instance.

Prerequisites

  • You have access to the cluster with cluster-admin privileges.
  • You have installed the Red Hat OpenShift GitOps Operator on your OpenShift Container Platform cluster.

Procedure

  1. Log in to the OpenShift Container Platform web console.
  2. In the Administrator perspective of the web console, click OperatorsInstalled Operators.
  3. Create or select the project where you want to install the user-defined Argo CD instance from the Project list.
  4. Select Red Hat OpenShift GitOps from the installed Operators list and click the Argo CD tab.
  5. Click Create ArgoCD to configure the parameters:

    1. Enter the Name of the instance. By default, the Name is set to example.
    2. Create an external OS Route to access Argo CD server. Click ServerRoute and check Enabled.

      Tip

      You can alternatively configure YAML to create an external OS Route as shown in the following example:

      Example Argo CD with external OS route created

      apiVersion: argoproj.io/v1beta1
      kind: ArgoCD
      metadata:
        name: example
        namespace: openshift-gitops
      spec:
        server:
          route:
            enabled: true

    3. Optional: Modify the route TLS termination policy by configuring the .spec.server.route.tls field of the Argo CD CR.

      Note

      When configuring custom TLS certificates for Argo CD Server route, avoid using the .spec.server.route.tls.key and .spec.server.route.tls.certificate fields. Use the .spec.server.route.tls.externalCertificate field instead. For more information about configuring a route for custom TLS certificate, see examples in Custom TLS certificates for Routes.

  6. Click Create.
  7. Go to NetworkingRoutes<instance_name>-server in the project where the user-defined Argo CD instance is installed.
  8. On the Details tab, click the Argo CD web UI link under Route detailsLocation. The Argo CD web UI opens in a separate browser window.
  9. Optional: To log in with your OpenShift Container Platform credentials, ensure you are a user of the cluster-admins group and then select the LOG IN VIA OPENSHIFT option in the Argo CD user interface.

    Note

    To be a user of the cluster-admins group, use the oc adm groups new cluster-admins <user> command, where <user> is the default cluster role that you can bind to users and groups cluster-wide or locally.

  10. Obtain the password for the user-defined Argo CD instance:

    1. Use the navigation panel to go to the WorkloadsSecrets page.
    2. Use the Project list and select the namespace where the user-defined Argo CD instance is created.
    3. Select the <argo_CD_instance_name>-cluster instance to display the password.
    4. On the Details tab, copy the password under Dataadmin.password.
  11. Use admin as the Username and the copied password as the Password to log in to the Argo CD UI in the new window.

1.2. Configuring common cluster roles by specifying user-defined cluster roles for namespace-scoped instances

As a cluster administrator, when you give an Argo CD access to a namespace by using the argocd.argoproj.io/managed-by label, the Argo CD assumes namespace-admin privileges. The Red Hat OpenShift GitOps Operator then automatically creates role bindings for all managed namespaces of the following GitOps control plane components:

  • Argo CD Application Controller
  • Argo CD server
  • Argo CD ApplicationSet Controller

When you provide namespaces to non-administrator users, for example, development teams, they can use the namespace-admin privileges to modify objects such as network policies. Installing an Argo CD instance in these namespaces gives the development teams admin privileges and indirectly elevates their assigned privileges. These roles are highly privileged and can delete all resources. As a preventive action, you can define a specific set of reduced permissions to meet your security requirements by configuring common cluster roles for all managed namespaces in the role bindings that the Operator creates for the Argo CD Application Controller and Argo CD server components.

To configure common cluster roles for all managed namespaces, you can specify user-defined cluster roles for the CONTROLLER_CLUSTER_ROLE and SERVER_CLUSTER_ROLE environment variables in the Operator’s Subscription object YAML file. As a result, instead of creating the default admin role, the Operator uses the existing user-defined cluster roles and creates role bindings for all managed namespaces.

Prerequisites

  • You have logged in to the OpenShift Container Platform cluster as an administrator.
  • You have installed the Red Hat OpenShift GitOps Operator on your OpenShift Container Platform cluster.

Procedure

  1. In the Administrator perspective, navigate to AdministrationCustomResourceDefinitions.
  2. Find the Subscription CRD and click to open it.
  3. Select the Instances tab and click the openshift-gitops-operator subscription.
  4. Select the YAML tab and make your customization:

    • Specify the user-defined cluster roles for the CONTROLLER_CLUSTER_ROLE and SERVER_CLUSTER_ROLE environment variables:

      Example Subscription

      apiVersion: operators.coreos.com/v1alpha1
      kind: Subscription
      metadata:
        name: openshift-gitops-operator
        namespace: openshift-gitops-operator
      spec:
        config:
          env:
          - name: CONTROLLER_CLUSTER_ROLE
            value: gitops-controller-role 1
          - name: SERVER_CLUSTER_ROLE
            value: gitops-server-role 2

      1
      The name of the environment variable for the Argo CD Application Controller component.
      2
      The name of the environment variable for the Argo CD server component.
Tip

Alternatively, you can inject the preceding environment variables directly into the Operator’s Deployment object YAML file.

1.3. Enabling replicas for Argo CD server and repo server

Argo CD-server and Argo CD-repo-server workloads are stateless. To better distribute your workloads among pods, you can increase the number of Argo CD-server and Argo CD-repo-server replicas. However, if a horizontal autoscaler is enabled on the Argo CD-server, it overrides the number of replicas you set.

Procedure

  • Set the replicas parameters for the repo and server spec to the number of replicas you want to run:

    Example Argo CD custom resource

    apiVersion: argoproj.io/v1beta1
    kind: ArgoCD
    metadata:
      name: example-argocd
      labels:
        example: repo
    spec:
      repo:
        replicas: <number_of_replicas>
      server:
        replicas: <number_of_replicas>
        route:
          enabled: true
          path: /
          tls:
            insecureEdgeTerminationPolicy: Redirect
            termination: passthrough
          wildcardPolicy: None

1.4. Deploying resources to a different namespace

To allow Argo CD to manage resources in other namespaces apart from where it is installed, configure the target namespace with a argocd.argoproj.io/managed-by label.

Procedure

  • Configure the namespace:

    $ oc label namespace <namespace> \
    argocd.argoproj.io/managed-by=<namespace> 1
    1
    The namespace where Argo CD is installed.

Chapter 2. Argo CD custom resource and component properties

The ArgoCD custom resource is a Kubernetes Custom Resource (CRD) that describes the desired state for a given Argo CD cluster that allows you to configure the components which make up an Argo CD cluster.

2.1. Argo CD custom resource properties

The Argo CD Custom Resource consists of the following properties:

NameDescriptionDefaultProperties

applicationInstanceLabelKey

The metadata.label key name where Argo CD injects the app name as a tracking label.

app.kubernetes.io/instance

 

aggregatedClusterRoles

Use aggregated cluster roles for the Argo CD Application Controller component of a cluster-scoped instance.

false

 

applicationSet

The ApplicationSet Controller configuration options.

<object>

  • <image> - The container image for the ApplicationSet Controller. This property overrides the ARGOCD_APPLICATIONSET_IMAGE environment variable.
  • <version> - The tag to use with the applicationSet container image.
  • <enabled> - The flag to use to enable the ApplicationSet Controller during the Argo CD installation.
  • <env> - Specify the environment for ApplicationSet Controller pods.
  • <resources> - The container compute resources.
  • <logLevel> - The log level used by the Argo CD Application Controller component. Valid options are debug, info, error, and warn.
  • <logFormat> - The log format used by the Argo CD Application Controller component. Valid options are text and json.
  • <parallelismLimit> - The kubectl parallelism limit to set for the controller (the --kubectl-parallelism-limit flag).
  • sourceNamespaces - The list of non-control plane namespaces for creating and managing Argo CD ApplicationSet resources in target namespaces.
  • scmProviders - The URLs of the allowed Source Code Manager (SCM) providers.
  • <scmRootCAConfigMap> - The name of the config map that stores the Gitlab SCM Provider’s TLS certificate that will be mounted on the Application Set Controller at the "/app/tls/scm/cert" path.
  • <webhookServer> - Defines the available options for the ApplicationSet webhook server.
  • annotations - List of custom annotations to add to pods deployed by the Operator. This field is optional.
  • labels - List of custom labels to add to pods deployed by the Operator. This field is optional.
  • volumes - List of addition volumes configured for the Argo CD ApplicationSet Controller component. This field is optional.
  • volumeMounts - List of addition volume mounts configured for the Argo CD ApplicationSet Controller component. This field is optional.
  • extraCommandArgs - List of additional arguments added to the existing arguments set by the Operator for the ApplicationSet workload.

banner

Adds a UI banner message.

<object>

  • <banner.content> - The banner message content. This content is required if a banner is displayed.
  • <banner.url> - An optional banner message link URL.

configManagementPlugins

Adds a configuration management plugin.

<empty>

 

controller

Argo CD Application Controller options.

<object>

  • <processors.operation> - The number of operation processors.
  • <processors.status> - The number of status processors.
  • <resources> - The container compute resources.
  • <logLevel> - The log level used by the Argo CD Application Controller component. Valid options are debug, info, error, and warn.
  • <appSync> - AppSync is used to control the sync frequency of Argo CD applications.
  • <sharding.enabled> - Enable sharding on the Argo CD Application Controller component. Use this property to manage a large number of clusters and relieve memory pressure on the controller component.
  • <sharding.replicas> - The number of replicas that are used to support sharding of the Argo CD Application Controller.
  • <sharding.dynamicScalingEnabled> - Enables the dynamic scaling of the Argo CD Application Controller component. Use this property if you want the Operator to scale the number of replicas based on the number of clusters the controller component is managing. If you set this property to true, it overrides the configuration of the sharding.enabled and sharding.replicas properties.
  • <sharding.minShards> - The minimum number of Argo CD Application Controller replicas.
  • <sharding.maxShards> - The maximum number of Argo CD Application Controller replicas.
  • <sharding.clustersPerShard> - The number of clusters that need to be managed by each shard. When the replica count reaches the maxShards, the shards manage more than one cluster.
  • <env> - Environment to set for the application controller workloads.
  • <sourceNamespaces> - List of non-control plane namespaces for creating and managing Argo CD Application resources in target namespaces.
  • <extraCommandArgs> - List of arguments added to the existing arguments set by the Operator.
  • annotations - List of custom annotations to add to pods deployed by the Operator. This field is optional.
  • labels - List of custom labels to add to pods deployed by the Operator. This field is optional.
  • volumes - List of addition volumes configured for the Argo CD Application Controller component. This field is optional.
  • volumeMounts - List of addition volume mounts configured for the Argo CD Application Controller component. This field is optional.
  • initContainers - List of init containers for the ArgoCD Application Controller component. This field is optional.
  • sidecarContainers - List of sidecar containers for the ArgoCD Application Controller component. This field is optional.

disableAdmin

Disables the built-in admin user.

false

 

defaultClusterScopedRoleDisabled

Disables the creation of default cluster roles for a cluster-scoped instance.

false

 

extraConfig

Add any supplementary Argo CD settings to the argocd-cm config map that cannot be configured directly within the Argo CD custom resource.

<empty>

 

gaTrackingID

Use a Google Analytics tracking ID.

<empty>

 

gaAnonymizeUsers

Enable hashed usernames sent to Google Analytics.

false

 

ha

High-availability options.

<object>

  • <enabled> - Toggle high-availability support globally for Argo CD.
  • <redisProxyImage> - The Redis HAProxy container image. This property overrides the ARGOCD_REDIS_HA_PROXY_IMAGE environment variable.
  • <redisProxyVersion> - The tag to use for the Redis HAProxy container image.

helpChatURL

URL for getting chat help (this is typically your Slack channel for support).

https://mycorp.slack.com/argo-cd

 

helpChatText

The text that appears in a text box for getting chat help.

Chat now!

 

image

The container image for all Argo CD components. This overrides the ARGOCD_IMAGE environment variable.

argoproj/argocd

 

import

Import configuration options for Argo CD.

<object>

  • <name> - The name of an ArgoCDExport resource from which data can be imported.
  • <namespace> - The namespace for the ArgoCDExport resource referenced by name field. If this field is not set, the namespace of ArgoCDExport resource is set to the same namespace as Argo CD by default.

ingress

Ingress configuration options.

<object>

 

initialRepositories

Initial Git repositories to configure Argo CD to use upon creation of the cluster.

<empty>

 

initialSSHKnownHosts

Defines the initial SSH Known Hosts data for Argo CD to use at cluster creation to connect to Git repositories through SSH.

`<default_Argo_CD_Known_Hosts>

  • <Excludedefaulthosts> - Indicates whether you want to add the default list of SSH Known Hosts provided by Argo CD.
  • <keys> - Describes a custom set of SSH Known Hosts that you want to incorporate into your Argo CD server.

kustomizeBuildOptions

The build options and parameters to use with kustomize build.

<empty>

 

kustomizeVersions

Defines a list of Kustomize versions that are configured in the Argo CD repo server container image.

<empty>

  • <path> - The path of the Kustomize version in the file system of the Argo CD repo server container image.
  • <version> - The Kustomize version in the vX.Y.Z format configured in the Argo CD repo server container image.

monitoring

Defines the workload status monitoring configuration for your instance.

<object>

  • <disableMetrics> - Configure this field to enable or disable the collection of metrics for your instance.
  • <enabled> - Indicates whether the workload status monitoring is enabled for your instance.

notifications

Notifications Controller configuration options.

<object>

  • <enabled> - The toggle to start the Notifications Controller.
  • <env> - The environment to set for the Notifications Controller workloads.
  • <image> - The container image for all Argo CD components. This property overrides the ARGOCD_IMAGE environment variable.
  • <version> - The tag to use with the Notifications container image.
  • <replicas> - The number of replicas to be run for the Notifications Controller.
  • <resources> - The container compute resources.
  • <logLevel> - The log level used by the Argo CD Application Controller component. Valid options are debug, info, error, and warn.

nodePlacement

Defines NodeSelectors and Tolerations for Argo CD workloads.

<empty>

  • <nodeSelector> - A map of key-value pairs for node selection.
  • <tolerations> - Tolerations allow pods to create a schedule for nodes with matching taints.

oidcConfig

The OIDC configuration as an alternative to Dex.

<empty>

 

repositoryCredentials

Git repository credential templates to configure Argo CD to use at cluster creation.

<empty>

 

prometheus

Prometheus configuration options.

<object>

  • <enabled> - Toggle Prometheus support globally for Argo CD.
  • <host> - The hostname to use for Ingress or Route resources.
  • <ingress> - Toggles ingress for Prometheus.
  • <route> - Route configuration options.
  • <size> - The replica count for the Prometheus StatefulSet.

rbac

RBAC configuration options.

<object>

  • <defaultPolicy> - The policy.default property in the argocd-rbac-cm config map. The name of the default role that Argo CD falls back to when authorizing API requests.
  • <policy> - The policy.csv property in the argocd-rbac-cm config map. This property includes CSV data about user-defined RBAC policies and role definitions.
  • <policyMatcher> - The policy.matchMode property in the argocd-rbac-cm config map. This property has two options: 'glob' for glob matcher and 'regex' for regex matcher.
  • <scopes> - The scopes property in the argocd-rbac-cm config map. Controls which OIDC scopes to examine during RBAC enforcement, in addition to sub scope.

redis

Redis configuration options.

<object>

  • <autotls> - Use the provider to create the Redis server’s TLS certificate. Only the openshift value is currently available.
  • <disableTLSVerification> - Defines whether the Redis server should be accessed using strict TLS validation.
  • <image> - The container image for Redis. This overrides the ARGOCD_REDIS_IMAGE environment variable.
  • <resources> - The container compute resources.
  • <version> - The tag to use with the Redis container image.

resourceHealthChecks

Customize resource health check behavior.

<empty>

 

resourceIgnoreDifferences

Customize resource ignore difference behavior.

<empty>

 

resourceActions

Customize resource action behavior.

<empty>

 

resourceExclusions

Completely ignore entire classes of resource group.

<empty>

 

resourceInclusions

The configuration to identify which resource group/kinds are applied.

<empty>

 

resourceTrackingMethod

The field used by Argo CD to monitor its managed resources.

<label>

 

server

Argo CD Server configuration options.

<object>

  • <autoscale> - Server autoscale configuration options.
  • <extraCommandArgs> - List of arguments added to the existing arguments set by the Operator.
  • <grpc> - gRPC configuration options.
  • <host> - The hostname used for Ingress or Route resources.
  • <ingress> - Ingress configuration for the Argo CD server component.
  • <insecure> - Toggles the insecure flag for Argo CD server.
  • <resources> - The container compute resources.
  • <replicas> - The number of replicas for the Argo CD server. Must be greater than or equal to 0. If autoscale is enabled, replicas is ignored.
  • <route> - Route configuration options.
  • <service.Type> - The serviceType used for the service resource.
  • <logLevel> - The log level to be used by the Argo CD server component. Valid options are debug, info, error, and warn.
  • <logFormat> - The log format used by the Argo CD server component. Valid options are text and json.
  • <env> - Environment to set for the server workloads.
  • <enabled> - The flag to enable Argo CD server during the Argo CD installation.
  • volumes - List of addition volumes configured for the Argo CD Application Controller component. This field is optional.
  • volumeMounts - List of addition volume mounts configured for the Argo CD Application Controller component. This field is optional.
  • initContainers - List of init containers for the Argo CD Application Controller component. This field is optional.
  • sidecarContainers - List of sidecar containers for the Argo CD Application Controller component. This field is optional.
  • annotations - List of custom annotations to add to pods deployed by the Operator. This field is optional.
  • labels - List of custom labels to add to pods deployed by the Operator. This field is optional.
  • enableRolloutsUI - When the parameter is set to true, the parameter enables the Argo Rollouts UI extension in Argo CD. The default value is set to false.

sso

Single Sign-on options.

<object>

  • <keycloak> - Configuration options for Keycloak SSO provider.
  • <dex> - Configuration options for Dex SSO provider.
  • <provider> - The name of the provider used to configure Single Sign-on. Currently, the supported options are Dex and Keycloak.

statusBadgeEnabled

Enable application status badge.

true

 

tls

TLS configuration options.

<object>

  • <ca.configMapName> - The name of the ConfigMap which contains the CA certificate.
  • <ca.secretName> - The name of the secret which contains the CA certificate and key.
  • <initialCerts> - Initial set of certificates in the argocd-tls-certs-cm config map for connecting Git repositories through HTTPS.

usersAnonymousEnabled

Enables anonymous user access.

true

 

version

The tag to use with the container image for all Argo CD components.

 

Latest Argo CD version

2.2. Repo server properties

The following properties are available for configuring the repo server component:

NameDefaultDescription

resources

<empty>

The container compute resources.

mountsatoken

false

Defines whether the serviceaccount token should be mounted to the repo-server pod.

serviceaccount

""

The name of the serviceaccount to use with the repo-server pod.

verifytls

false

Defines whether to enforce strict TLS checking on all components when communicating with repo server.

autotls

""

Provider to use to set up TLS for the repo-server’s gRPC TLS certificate. Currently, only the openshift value is acceptable.

image

argoproj/argocd

The container image for Argo CD Repo server. This propery overrides the ARGOCD_REPOSERVER_IMAGE environment variable.

version

same as .spec.Version

The tag to use with the Argo CD Repo server.

logLevel

info

The log level used by the Argo CD Repo server. Valid options are debug, info, error, and warn.

logFormat

text

The log format to be used by the Argo CD repo server. Valid options are text and json.

execTimeout

180

Execution timeout in seconds for rendering tools, for example, Helm or Kustomize.

env

<empty>

The environment to set for the Repo server workloads.

enabled

<empty>

Flag that enables the Repo server during Argo CD installation.

extraRepoCommandArgs

<empty>

Passes command-line arguments to the Repo server workload. The command-line arguments are added to the list of arguments set by the Operator.

initContainers

<empty>

The number of init containers in the Argo CD Application Controller component. This field is optional.

sidecarContainers

<empty>

The number of sidecar containers in the Argo CD Application Controller component. This field is optional.

volumes

<empty>

Configures additional volumes used for the Repo server deployment. This field is optional.

volumeMounts

<empty>

Configures additional volume mounts used for the Repo server deployment. This field is optional.

replicas

<empty>

The number of replicas for the Argo CD Repo server. Must be greater than or equal to 0.

remote

<empty>

Specifies the remote URL of the Repo server container.

annotations

<empty>

List of custom annotations to add to pods deployed by the Operator. This field is optional.

labels

<empty>

List of custom labels to add to pods deployed by the Operator. This field is optional.

2.3. Enabling notifications with an Argo CD instance

Argo CD notifications allow you to send notifications to external services when events occur in your Argo CD instance. For example, you can send notifications to Slack or email when a sync operation fails. By default, notifications are disabled in Argo CD instances.

Prerequisites

  • You have access to an OpenShift Container Platform cluster with cluster-admin privileges and are logged in to the web console.
  • You have installed the Red Hat OpenShift GitOps Operator on your cluster.

Procedure

To enable notifications for an Argo CD instance using the OpenShift Container Platform web console, complete the following steps:

  1. Navigate to the OperatorsInstalled Operators page.
  2. From the list of Installed Operators, select the Red Hat OpenShift GitOps Operator, and then click on the ArgoCD tab.
  3. Select the Argo CD instance name you want to enable notifications. For example, openshift-gitops.
  4. Click on the YAML tab, and then edit and set the spec.notifications.enabled parameter to true:

    Example

    apiVersion: argoproj.io/v1beta1
    kind: ArgoCD
    metadata:
      name: openshift-gitops
    spec:
      notifications:
        enabled: true
    #....

  5. Click Save.
Tip

Alternatively, you can enable notifications by using the oc patch command in the Openshift CLI. For example:

oc patch argocd openshift-gitops -n openshift-gitops --type merge --patch '{"spec": {"notifications": {"enabled": true}}}'

Additional resources

2.4. NotificationsConfiguration custom resource properties

The NotificationsConfiguration resource is a Kubernetes custom resource (CR) that manages notifications in a Kubernetes cluster. In Red Hat OpenShift GitOps, you can add templates, triggers, services, and subscription resources to an Argo CD Notifications config map by using the NotificationsConfiguration CR.

When you create a cluster in Red Hat OpenShift GitOps with notifications enabled, a NotificationsConfiguration CR is created by default with the name default-notifications-configuration.

Any change made in the existing configuration of the NotificationsConfiguration CR is replicated in the Argo CD Notifications config map. For example, if the user adds trigger configuration in the NotificationsConfiguration resource, this configuration is read, processed, and updated in the Argo CD Notifications config map.

Important

Any configuration changes must be updated in the default-notifications-configuration CR. Custom resources created by the users for NotificationsConfiguration resource are not supported.

Any modification to the Argo CD argocd-notifications-cm config map is overridden by the changes made in the NotificationsConfiguration CR.

Table 2.1. NotificationsConfiguration custom resource properties
PropertiesDefaultDescription

Templates

<empty>

Templates are used to generate the notification template message.

Triggers

<empty>

Triggers are used to define the condition when a notification is sent to the user and the list of templates required to generate the message.

Services

<empty>

Services are used to deliver a message.

Subscriptions

<empty>

Subscriptions contain centrally-managed global application subscriptions.

The following examples define how to add templates, triggers, services, and subscription resources to the Argo CD argocd-notification-cm config map by using the default-notifications-configuration custom resource.

Example for templates

apiVersion: argoproj.io/v1alpha1
kind: NotificationsConfiguration
metadata:
 name: default-notifications-configuration 1
spec:
 templates:
  template.my-custom-template: | 2
    message: |
     Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.

1
Default name of the NotificationsConfiguration CR in a cluster.
2
An example custom template configuration for the NotificationsConfiguration CR.

Example for triggers

apiVersion: argoproj.io/v1alpha1
kind: NotificationsConfiguration
metadata:
 name: default-notifications-configuration 1
spec:
 triggers:
  trigger.on-sync-status-unknown: | 2
   - when: app.status.sync.status == 'Unknown'
   send: [my-custom-template]

1
Default name of the NotificationsConfiguration CR in a cluster.
2
An example custom trigger configuration for the NotificationsConfiguration CR.

Example for services

apiVersion: argoproj.io/v1alpha1
kind: NotificationsConfiguration
metadata:
 name: default-notifications-configuration 1
spec:
 Services:
  service.slack: |
    token: $slack-token 2
    username: <override-username> # optional username
    icon: <override-icon> # optional icon for the message (supports both emoji and url notation)

1
Default name of the NotificationsConfiguration CR in a cluster.
2
An example custom service configuration for the NotificationsConfiguration CR.

Example for subscriptions

apiVersion: argoproj.io/v1alpha1
kind: NotificationsConfiguration
metadata:
 name: default-notifications-configuration 1
spec:
 Subscriptions: |
  subscriptions: | 2
    # subscription for on-sync-status-unknown trigger notifications
    - recipients:
    - slack:test2
    - email:test@gmail.com
    triggers:
    - on-sync-status-unknown
    # subscription restricted to applications with matching labels only
    - recipients:
    - slack:test3
    selector: test=true
    triggers:
    - on-sync-status-unknown
icon: <override-icon> # optional icon for the message (supports both emoji and url notation)

1
Default name of the NotificationsConfiguration CR in a cluster.
2
An example custom subscription configuration for the NotificationsConfiguration CR.

You can configure the NotificationsConfiguration CR by using the OpenShift Container Platform web console or the CLI (oc).

2.4.1. Configuring the NotificationsConfiguration CR by using the web console

You can configure the NotificationsConfiguration custom resource (CR) by using the web console.

Prerequisites

  • You have access to an OpenShift Container Platform cluster with cluster-admin privileges and are logged in to the web console.
  • You have installed the Red Hat OpenShift GitOps Operator on your cluster.
  • You have enabled notifications for the Argo CD instance. For more information, see "Enabling notifications with an Argo CD instance".

Procedure

  1. In the Administrator perspective of the OpenShift Container Platform web console, expand OperatorsInstalled Operators.
  2. From the list of Installed Operators, select the Red Hat OpenShift GitOps Operator, and then click on the NotificationsConfiguration tab.
  3. On the NotificationsConfigurations page, click default-notifications-configuration.
  4. On the default-notifications-configuration page, click YAML and add the configuration for any supported resources such as templates, triggers, services, and subscriptions. For example, under templates in the code, add the following sample configuration:

    Example template configuration

      template.my-custom-template: |
        message: |
        Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.

  5. Click Save.
  6. Verify that the configuration changes made in the NotificationsConfiguration CR are reflected in the argocd-notifications-cm config map:

    1. Go to WorkloadsConfigMaps.
    2. Click argocd-notifications-cm and select the YAML tab.
    3. Scroll through the page in the YAML tab to verify the sample configuration added for the supported resources.

2.4.2. Configuring the NotificationsConfiguration CR by using the CLI

You can configure the NotificationsConfiguration custom resource (CR) by using the CLI (oc).

Prerequisites

  • You have access to an OpenShift Container Platform cluster with cluster-admin privileges.
  • You have installed the Red Hat OpenShift GitOps Operator on your cluster.
  • You have enabled notifications for the Argo CD instance. For more information, see "Enabling notifications with an Argo CD instance".

Procedure

  1. Edit the default NotificationsConfiguration CR in the cluster by running the following command:

    $ oc edit notificationsconfiguration default-notifications-configuration -n <namespace>

    where:

    default-notifications-configuration
    Specifies the name of the default NotificationsConfiguration CR.
    <namespace>
    Specifies the name of the namespace.
  2. Under the templates section of the CR, add a configuration similar to the following example:

    Example template configuration

      template.my-custom-template: |
        message: |
        Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.

  3. Verify the contents of the argocd-notifications-cm config map by running the following command:

    $ oc edit cm argocd-notifications-cm -n <namespace>

    The changes made in the existing configuration of the NotificationsConfiguration CR are reflected in the argocd-notifications-cm config map.

2.5. Additional resources

Legal Notice

Copyright © 2024 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubRedditYoutube

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.