feat: simplify parametrization of Argo CD server processes (#6328)

feat: simplify parametrization of Argo CD server processes  (#6328)

Signed-off-by: Ishita Sequeira <[email protected]>

cmd/argocd-application-controller/commands/argocd_application_controller.go

@@ -145,19 +145,19 @@ func NewCommand() *cobra.Command {
 
 	clientConfig = cli.AddKubectlFlagsToCmd(&command)
 	command.Flags().Int64Var(&appResyncPeriod, "app-resync", int64(env.ParseDurationFromEnv("ARGOCD_RECONCILIATION_TIMEOUT", defaultAppResyncPeriod*time.Second, 0, math.MaxInt32).Seconds()), "Time period in seconds for application resync.")
-	command.Flags().StringVar(&repoServerAddress, "repo-server", common.DefaultRepoServerAddr, "Repo server address.")
-	command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", 60, "Repo server RPC call timeout seconds.")
-	command.Flags().IntVar(&statusProcessors, "status-processors", 1, "Number of application status processors")
-	command.Flags().IntVar(&operationProcessors, "operation-processors", 1, "Number of application operation processors")
-	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json")
-	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
+	command.Flags().StringVar(&repoServerAddress, "repo-server", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER", common.DefaultRepoServerAddr), "Repo server address.")
+	command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", int(env.ParseDurationFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS", 60*time.Second, 0, math.MaxInt32).Seconds()), "Repo server RPC call timeout seconds.")
+	command.Flags().IntVar(&statusProcessors, "status-processors", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS", 20, 0, math.MaxInt32), "Number of application status processors")
+	command.Flags().IntVar(&operationProcessors, "operation-processors", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS", 10, 0, math.MaxInt32), "Number of application operation processors")
+	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")
+	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error")
 	command.Flags().IntVar(&glogLevel, "gloglevel", 0, "Set the glog logging level")
 	command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortArgoCDMetrics, "Start metrics server on given port")
-	command.Flags().DurationVar(&metricsCacheExpiration, "metrics-cache-expiration", 0*time.Second, "Prometheus metrics cache expiration (disabled  by default. e.g. 24h0m0s)")
-	command.Flags().IntVar(&selfHealTimeoutSeconds, "self-heal-timeout-seconds", 5, "Specifies timeout between application self heal attempts")
+	command.Flags().DurationVar(&metricsCacheExpiration, "metrics-cache-expiration", env.ParseDurationFromEnv("ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION", 0*time.Second, 0, math.MaxInt32), "Prometheus metrics cache expiration (disabled  by default. e.g. 24h0m0s)")
+	command.Flags().IntVar(&selfHealTimeoutSeconds, "self-heal-timeout-seconds", env.ParseNumFromEnv("ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS", 5, 0, math.MaxInt32), "Specifies timeout between application self heal attempts")
 	command.Flags().Int64Var(&kubectlParallelismLimit, "kubectl-parallelism-limit", 20, "Number of allowed concurrent kubectl fork/execs. Any value less the 1 means no limit.")
-	command.Flags().BoolVar(&repoServerPlaintext, "repo-server-plaintext", false, "Disable TLS on connections to repo server")
-	command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", false, "Whether to use strict validation of the TLS cert presented by the repo server")
+	command.Flags().BoolVar(&repoServerPlaintext, "repo-server-plaintext", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT", false), "Disable TLS on connections to repo server")
+	command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS", false), "Whether to use strict validation of the TLS cert presented by the repo server")
 	cacheSrc = appstatecache.AddCacheFlagsToCmd(&command, func(client *redis.Client) {
 		redisClient = client
 	})

cmd/argocd-repo-server/commands/argocd_repo_server.go

@@ -151,13 +151,15 @@ func NewCommand() *cobra.Command {
 			return nil
 		},
 	}
-
-	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json")
-	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
-	command.Flags().Int64Var(&parallelismLimit, "parallelismlimit", 0, "Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit.")
+	if cmdutil.LogFormat == "" {
+		cmdutil.LogFormat = os.Getenv("ARGOCD_REPO_SERVER_LOGLEVEL")
+	}
+	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_REPO_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")
+	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_REPO_SERVER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error")
+	command.Flags().Int64Var(&parallelismLimit, "parallelismlimit", int64(env.ParseNumFromEnv("ARGOCD_REPO_SERVER_PARALLELISM_LIMIT", 0, 0, math.MaxInt32)), "Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit.")
 	command.Flags().IntVar(&listenPort, "port", common.DefaultPortRepoServer, "Listen on given port for incoming connections")
 	command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortRepoServerMetrics, "Start metrics server on given port")
-	command.Flags().BoolVar(&disableTLS, "disable-tls", false, "Disable TLS on the gRPC endpoint")
+	command.Flags().BoolVar(&disableTLS, "disable-tls", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_DISABLE_TLS", false), "Disable TLS on the gRPC endpoint")
 
 	tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(&command)
 	cacheSrc = reposervercache.AddCacheFlagsToCmd(&command, func(client *redis.Client) {

cmd/argocd-server/commands/argocd_server.go

@@ -3,6 +3,7 @@ package commands
 import (
 	"context"
 	"fmt"
+	"math"
 	"time"
 
 	"github.com/argoproj/pkg/stats"
@@ -157,24 +158,24 @@ func NewCommand() *cobra.Command {
 	}
 
 	clientConfig = cli.AddKubectlFlagsToCmd(command)
-	command.Flags().BoolVar(&insecure, "insecure", false, "Run server without TLS")
+	command.Flags().BoolVar(&insecure, "insecure", env.ParseBoolFromEnv("ARGOCD_SERVER_INSECURE", false), "Run server without TLS")
 	command.Flags().StringVar(&staticAssetsDir, "staticassets", "", "Static assets directory path")
-	command.Flags().StringVar(&baseHRef, "basehref", "/", "Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from /")
-	command.Flags().StringVar(&rootPath, "rootpath", "", "Used if Argo CD is running behind reverse proxy under subpath different from /")
-	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json")
-	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
+	command.Flags().StringVar(&baseHRef, "basehref", env.StringFromEnv("ARGOCD_SERVER_BASEHREF", "/"), "Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from /")
+	command.Flags().StringVar(&rootPath, "rootpath", env.StringFromEnv("ARGOCD_SERVER_ROOTPATH", ""), "Used if Argo CD is running behind reverse proxy under subpath different from /")
+	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json")
+	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_REPO_SERVER_LOGLEVEL", "info"), "Set the logging level. One of: debug|info|warn|error")
 	command.Flags().IntVar(&glogLevel, "gloglevel", 0, "Set the glog logging level")
-	command.Flags().StringVar(&repoServerAddress, "repo-server", common.DefaultRepoServerAddr, "Repo server address")
-	command.Flags().StringVar(&dexServerAddress, "dex-server", common.DefaultDexServerAddr, "Dex server address")
-	command.Flags().BoolVar(&disableAuth, "disable-auth", false, "Disable client authentication")
-	command.Flags().BoolVar(&enableGZip, "enable-gzip", false, "Enable GZIP compression")
+	command.Flags().StringVar(&repoServerAddress, "repo-server", env.StringFromEnv("ARGOCD_SERVER_REPO_SERVER", common.DefaultRepoServerAddr), "Repo server address")
+	command.Flags().StringVar(&dexServerAddress, "dex-server", env.StringFromEnv("ARGOCD_SERVER_DEX_SERVER", common.DefaultDexServerAddr), "Dex server address")
+	command.Flags().BoolVar(&disableAuth, "disable-auth", env.ParseBoolFromEnv("ARGOCD_SERVER_DISABLE_AUTH", false), "Disable client authentication")
+	command.Flags().BoolVar(&enableGZip, "enable-gzip", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_GZIP", false), "Enable GZIP compression")
 	command.AddCommand(cli.NewVersionCmd(cliName))
 	command.Flags().IntVar(&listenPort, "port", common.DefaultPortAPIServer, "Listen on given port")
 	command.Flags().IntVar(&metricsPort, "metrics-port", common.DefaultPortArgoCDAPIServerMetrics, "Start metrics on given port")
-	command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", 60, "Repo server RPC call timeout seconds.")
-	command.Flags().StringVar(&frameOptions, "x-frame-options", "sameorigin", "Set X-Frame-Options header in HTTP responses to `value`. To disable, set to \"\".")
-	command.Flags().BoolVar(&repoServerPlaintext, "repo-server-plaintext", false, "Use a plaintext client (non-TLS) to connect to repository server")
-	command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", false, "Perform strict validation of TLS certificates when connecting to repo server")
+	command.Flags().IntVar(&repoServerTimeoutSeconds, "repo-server-timeout-seconds", int(env.ParseDurationFromEnv("ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS", 60*time.Second, 0, math.MaxInt32).Seconds()), "Repo server RPC call timeout seconds.")
+	command.Flags().StringVar(&frameOptions, "x-frame-options", env.StringFromEnv("ARGOCD_SERVER_X_FRAME_OPTIONS", "sameorigin"), "Set X-Frame-Options header in HTTP responses to `value`. To disable, set to \"\".")
+	command.Flags().BoolVar(&repoServerPlaintext, "repo-server-plaintext", env.ParseBoolFromEnv("ARGOCD_SERVER_REPO_SERVER_PLAINTEXT", false), "Use a plaintext client (non-TLS) to connect to repository server")
+	command.Flags().BoolVar(&repoServerStrictTLS, "repo-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_SERVER_REPO_SERVER_STRICT_TLS", false), "Perform strict validation of TLS certificates when connecting to repo server")
 	tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(command)
 	cacheSrc = servercache.AddCacheFlagsToCmd(command, func(client *redis.Client) {
 		redisClient = client

docs/operator-manual/argocd-cmd-params-cm.yaml

@@ -0,0 +1,104 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cmd-params-cm
+  labels:
+    app.kubernetes.io/name: argocd-cmd-params-cm
+    app.kubernetes.io/part-of: argocd
+data:
+  # Repo server address. (default "argocd-repo-server:8081")
+  repo.server: "argocd-repo-server:8081"
+
+  # Dex server address (default "http://argocd-dex-server:5556")
+  dex.server: "http://argocd-dex-server:5556"
+
+  # Redis server hostname and port (e.g. argocd-redis:6379)
+  redis.server: "argocd-redis:6379"
+  # Redis database
+  redis.db:
+
+  ## Controller Properties
+  # Repo server RPC call timeout seconds.
+  controller.repo.server.timeout.seconds: "60"
+  # Disable TLS on connections to repo server
+  controller.repo.server.plaintext: "false"
+  # Whether to use strict validation of the TLS cert presented by the repo server
+  controller.repo.server.strict.tls: "false"
+  # Number of application status processors (default 20)
+  controller.status.processors: "20"
+  # Number of application operation processors (default 10)
+  controller.operation.processors: "10"
+  # Set the logging format. One of: text|json (default "text")
+  controller.log.format: "text"
+  # Set the logging level. One of: debug|info|warn|error (default "info")
+  controller.log.level: "info"
+  # Prometheus metrics cache expiration (disabled  by default. e.g. 24h0m0s)
+  controller.metrics.cache.expiration: "24h0m0s"
+  # Specifies timeout between application self heal attempts (default 5)
+  controller.self.heal.timeout.seconds: "5"
+  # Cache expiration for app state (default 1h0m0s)
+  controller.app.state.cache.expiration: "1h0m0s"
+  # Cache expiration default (default 24h0m0s)
+  controller.default.cache.expiration: "24h0m0s"
+
+  ## Server properties
+  # Run server without TLS
+  server.insecure: "false"
+  # Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/")
+  server.basehref: "/"
+  # Used if Argo CD is running behind reverse proxy under subpath different from /
+  server.rootpath: "/"
+
+  # Set the logging format. One of: text|json (default "text")
+  server.log.format: "text"
+  # Set the logging level. One of: debug|info|warn|error (default "info")
+  server.log.level: "info"
+  # Repo server RPC call timeout seconds. (default 60)
+  server.repo.server.timeout.seconds: "60"
+  # Use a plaintext client (non-TLS) to connect to repository server
+  server.repo.server.plaintext: "false"
+  # Perform strict validation of TLS certificates when connecting to repo server
+  server.repo.server.strict.tls: "false"
+  # Disable client authentication
+  server.disable.auth: "false"
+  # Enable GZIP compression
+  server.enable.gzip: "false"
+  # Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin")
+  server.x.frame.options: "sameorigin"
+  # The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
+  server.tls.minversion: "1.2"
+  # The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
+  server.tls.maxversion: "1.3"
+  # The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
+  server.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384"
+  # Cache expiration for cluster/repo connection status (default 1h0m0s)
+  server.connection.status.cache.expiration: "1h0m0s"
+  # Cache expiration for OIDC state (default 3m0s)
+  server.oidc.cache.expiration: "3m0s"
+  # Cache expiration for failed login attempts (default 24h0m0s)
+  server.login.attempts.expiration: "24h0m0s"
+  # Cache expiration for app state (default 1h0m0s)
+  server.app.state.cache.expiration: "1h0m0s"
+  # Cache expiration default (default 24h0m0s)
+  server.default.cache.expiration: "24h0m0s"
+
+  ## Repo-server properties
+  # Set the logging format. One of: text|json (default "text")
+  reposerver.log.format: "text"
+  # Set the logging level. One of: debug|info|warn|error (default "info")
+  reposerver.log.level: "info"
+  # Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit.
+  reposerver.parallelism.limit: "1"
+  # Disable TLS on the gRPC endpoint
+  reposerver.disable.tls: "false"
+  # The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
+  reposerver.tls.minversion: "1.2"
+  # The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
+  reposerver.tls.maxversion: "1.3"
+  # The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
+  reposerver.tls.ciphers: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384"
+  # Cache expiration for repo state, incl. app lists, app details, manifest generation, revision meta-data (default 24h0m0s)
+  reposerver.repo.cache.expiration: "24h0m0s"
+  # Cache expiration default (default 24h0m0s)
+  reposerver.default.cache.expiration: "24h0m0s"
+

docs/operator-manual/declarative-setup.md

@@ -7,6 +7,7 @@ Argo CD applications, projects and settings can be defined declaratively using K
 | File Name | Resource Name | Kind | Description |
 |-----------|---------------|------|-------------|
 | [`argocd-cm.yaml`](argocd-cm.yaml) | argocd-cm | ConfigMap | General Argo CD configuration |
+| [`argocd-cmd-params-cm.yaml`](argocd-cmd-params-cm.yaml) | argocd-cmd-params-cm | ConfigMap | Argo CD env variables configuration |
 | [`argocd-secret.yaml`](argocd-secret.yaml) | argocd-secret | Secret | Password, Certificates, Signing Key |
 | [`argocd-rbac-cm.yaml`](argocd-rbac-cm.yaml) | argocd-rbac-cm | ConfigMap | RBAC Configuration |
 | [`argocd-tls-certs-cm.yaml`](argocd-tls-certs-cm.yaml) | argocd-tls-certs-cm | ConfigMap | Custom TLS certificates for connecting Git repositories via HTTPS (v1.2 and later) |

docs/operator-manual/server-commands/additional-configuration-method.md

@@ -0,0 +1,28 @@
+## Additional configuration methods
+
+Additional configuration methods for configuring commands `argocd-server`, `argocd-repo-server` and `argocd-application-controller`.
+
+
+### Synopsis
+
+The commands can also be configured by setting the respective flag of the available options in `argocd-cmd-params-cm.yaml`. Each component has a specific prefix associated with it.
+
+```
+argocd-server                 --> server
+argocd-repo-server            --> reposerver
+argocd-application-controller --> controller
+```
+
+The flags that do not have a prefix are shared across multiple components. One such flag is `repo.server`
+The list of flags that are available can be found in [argocd-cmd-params-cm.yaml](../argocd-cmd-params-cm.yaml) 
+
+
+### Example
+
+To set `logformat` of `argocd-application-controller`, add below entry to the config map `argocd-cmd-params-cm.yaml`.
+
+```
+data:
+    controller.log.format: "text"
+```
+

docs/operator-manual/server-commands/argocd-application-controller.md

@@ -33,7 +33,7 @@ argocd-application-controller [flags]
       --metrics-cache-expiration duration     Prometheus metrics cache expiration (disabled  by default. e.g. 24h0m0s)
       --metrics-port int                      Start metrics server on given port (default 8082)
   -n, --namespace string                      If present, the namespace scope for this CLI request
-      --operation-processors int              Number of application operation processors (default 1)
+      --operation-processors int              Number of application operation processors (default 10)
       --password string                       Password for basic authentication to the API server
       --redis string                          Redis server hostname and port (e.g. argocd-redis:6379). 
       --redisdb int                           Redis database.
@@ -46,7 +46,7 @@ argocd-application-controller [flags]
       --sentinel stringArray                  Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). 
       --sentinelmaster string                 Redis sentinel master group name. (default "master")
       --server string                         The address and port of the Kubernetes API server
-      --status-processors int                 Number of application status processors (default 1)
+      --status-processors int                 Number of application status processors (default 20)
       --tls-server-name string                If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
       --token string                          Bearer token for authentication to the API server
       --user string                           The name of the kubeconfig user to use