sibling of 8932036d53

2026-02-23 11:08:47 +01:00 · 2024-01-24 19:45:14 +00:00
116 changed files with 968 additions and 2906 deletions
--- a/7
+++ b/7
@@ -2,10 +2,9 @@
 ** @argoproj/argocd-approvers

 # Docs
-/docs/**     @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/USERS.md    @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/README.md   @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
-/mkdocs.yml  @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
+/docs/**    @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
+/USERS.md   @argoproj/argocd-approvers @argoproj/argocd-approvers-docs
+/mkdocs.yml @argoproj/argocd-approvers @argoproj/argocd-approvers-docs

 # CI
 /.github/**       @argoproj/argocd-approvers @argoproj/argocd-approvers-ci
--- a/2
+++ b/2
@@ -51,7 +51,7 @@ RUN groupadd -g $ARGOCD_USER_ID argocd && \
    apt-get update && \
    apt-get dist-upgrade -y && \
    apt-get install -y \
-    git git-lfs tini gpg tzdata connect-proxy && \
+    git git-lfs tini gpg tzdata && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

--- a/29
+++ b/29
@@ -175,21 +175,29 @@ endif
 .PHONY: all
 all: cli image

+# We have some legacy requirements for being checked out within $GOPATH.
+# The ensure-gopath target can be used as dependency to ensure we are running
+# within these boundaries.
+.PHONY: ensure-gopath
+ensure-gopath:
+ifneq ("$(PWD)","$(LEGACY_PATH)")
+	@echo "Due to legacy requirements for codegen, repository needs to be checked out within \$$GOPATH"
+	@echo "Location of this repo should be '$(LEGACY_PATH)' but is '$(PWD)'"
+	@exit 1
+endif
+
 .PHONY: gogen
-gogen:
+gogen: ensure-gopath
 	export GO111MODULE=off
 	go generate ./util/argo/...

 .PHONY: protogen
-protogen: mod-vendor-local protogen-fast
-
-.PHONY: protogen-fast
-protogen-fast:
+protogen: ensure-gopath mod-vendor-local
 	export GO111MODULE=off
 	./hack/generate-proto.sh

 .PHONY: openapigen
-openapigen:
+openapigen: ensure-gopath
 	export GO111MODULE=off
 	./hack/update-openapi.sh

@@ -204,22 +212,19 @@ notification-docs:


 .PHONY: clientgen
-clientgen:
+clientgen: ensure-gopath
 	export GO111MODULE=off
 	./hack/update-codegen.sh

 .PHONY: clidocsgen
-clidocsgen:
+clidocsgen: ensure-gopath
 	go run tools/cmd-docs/main.go


 .PHONY: codegen-local
-codegen-local: mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog
+codegen-local: ensure-gopath mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog
 	rm -rf vendor/

-.PHONY: codegen-local-fast
-codegen-local-fast: gogen protogen-fast clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog
-
 .PHONY: codegen
 codegen: test-tools-image
 	$(call run-in-test-client,make codegen-local)
--- a/README.md
+++ b/README.md
@@ -13,7 +13,6 @@
 **Social:**
 [![Twitter Follow](https://img.shields.io/twitter/follow/argoproj?style=social)](https://twitter.com/argoproj)
 [![Slack](https://img.shields.io/badge/slack-argoproj-brightgreen.svg?logo=slack)](https://argoproj.github.io/community/join-slack)
-[![LinkedIn](https://img.shields.io/badge/LinkedIn-argoproj-blue.svg?logo=linkedin)](https://www.linkedin.com/company/argoproj/)

 # Argo CD - Declarative Continuous Delivery for Kubernetes

@@ -86,5 +85,4 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h
 1. [Getting Started with ArgoCD for GitOps Deployments](https://youtu.be/AvLuplh1skA)
 1. [Using Argo CD & Datree for Stable Kubernetes CI/CD Deployments](https://youtu.be/17894DTru2Y)
 1. [How to create Argo CD Applications Automatically using ApplicationSet? "Automation of GitOps"](https://amralaayassen.medium.com/how-to-create-argocd-applications-automatically-using-applicationset-automation-of-the-gitops-59455eaf4f72)
-1. [Progressive Delivery with Service Mesh – Argo Rollouts with Istio](https://www.cncf.io/blog/2022/12/16/progressive-delivery-with-service-mesh-argo-rollouts-with-istio/)

--- a/USERS.md
+++ b/USERS.md
@@ -40,7 +40,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Boozt](https://www.booztgroup.com/)
 1. [Boticario](https://www.boticario.com.br/)
 1. [Bulder Bank](https://bulderbank.no)
-1. [CAM](https://cam-inc.co.jp)
 1. [Camptocamp](https://camptocamp.com)
 1. [Candis](https://www.candis.io)
 1. [Capital One](https://www.capitalone.com)
@@ -129,7 +128,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [IBM](https://www.ibm.com/)
 1. [Ibotta](https://home.ibotta.com)
 1. [IITS-Consulting](https://iits-consulting.de)
-1. [IllumiDesk](https://www.illumidesk.com)
 1. [imaware](https://imaware.health)
 1. [Indeed](https://indeed.com)
 1. [Index Exchange](https://www.indexexchange.com/)
@@ -220,7 +218,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Pigment](https://www.gopigment.com/)
 1. [Pipefy](https://www.pipefy.com/)
 1. [Pismo](https://pismo.io/)
-1. [PITS Globale Datenrettungsdienste](https://www.pitsdatenrettung.de/)
 1. [Platform9 Systems](https://platform9.com/)
 1. [Polarpoint.io](https://polarpoint.io)
 1. [PostFinance](https://github.com/postfinance)
--- a/2
+++ b/2
@@ -1 +1 @@
-2.9.0
+2.10.0-rc3
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -5664,10 +5664,6 @@
          "type": "string",
          "title": "ClusterName contains AWS cluster name"
        },
-        "profile": {
-          "description": "Profile contains optional role ARN. If set then AWS IAM Authenticator uses the profile to perform cluster operations instead of the default AWS credential provider chain.",
-          "type": "string"
-        },
        "roleARN": {
          "description": "RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.",
          "type": "string"
@@ -8503,9 +8499,6 @@
          "format": "int64",
          "title": "ID is an auto incrementing identifier of the RevisionHistory"
        },
-        "initiatedBy": {
-          "$ref": "#/definitions/v1alpha1OperationInitiator"
-        },
        "revision": {
          "type": "string",
          "title": "Revision holds the revision the sync was performed against"
--- a/cmd/argocd-application-controller/commands/argocd_application_controller.go
+++ b/cmd/argocd-application-controller/commands/argocd_application_controller.go
@@ -6,12 +6,11 @@ import (
 	"math"
 	"time"

+	"github.com/argoproj/argo-cd/v2/pkg/ratelimiter"
 	"github.com/argoproj/pkg/stats"
 	"github.com/redis/go-redis/v9"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
-	kubeerrors "k8s.io/apimachinery/pkg/api/errors"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/clientcmd"

@@ -21,7 +20,6 @@ import (
 	"github.com/argoproj/argo-cd/v2/controller/sharding"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
-	"github.com/argoproj/argo-cd/v2/pkg/ratelimiter"
 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	cacheutil "github.com/argoproj/argo-cd/v2/util/cache"
 	appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate"
@@ -33,6 +31,8 @@ import (
 	"github.com/argoproj/argo-cd/v2/util/settings"
 	"github.com/argoproj/argo-cd/v2/util/tls"
 	"github.com/argoproj/argo-cd/v2/util/trace"
+	kubeerrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

 const (
@@ -230,10 +230,8 @@ func NewCommand() *cobra.Command {
 	command.Flags().Float64Var(&workqueueRateLimit.BackoffFactor, "wq-backoff-factor", env.ParseFloat64FromEnv("WORKQUEUE_BACKOFF_FACTOR", 1.5, 0, math.MaxFloat64), "Set Workqueue Per Item Rate Limiter Backoff Factor, default is 1.5")
 	command.Flags().BoolVar(&enableDynamicClusterDistribution, "dynamic-cluster-distribution-enabled", env.ParseBoolFromEnv(common.EnvEnableDynamicClusterDistribution, false), "Enables dynamic cluster distribution.")
 	command.Flags().BoolVar(&serverSideDiff, "server-side-diff-enabled", env.ParseBoolFromEnv(common.EnvServerSideDiff, false), "Feature flag to enable ServerSide diff. Default (\"false\")")
-	cacheSource = appstatecache.AddCacheFlagsToCmd(&command, cacheutil.Options{
-		OnClientCreated: func(client *redis.Client) {
-			redisClient = client
-		},
+	cacheSource = appstatecache.AddCacheFlagsToCmd(&command, func(client *redis.Client) {
+		redisClient = client
 	})
 	return &command
 }
--- a/cmd/argocd-k8s-auth/commands/aws.go
+++ b/cmd/argocd-k8s-auth/commands/aws.go
@@ -37,14 +37,13 @@ func newAWSCommand() *cobra.Command {
 	var (
 		clusterName string
 		roleARN     string
-		profile     string
 	)
 	var command = &cobra.Command{
 		Use: "aws",
 		Run: func(c *cobra.Command, args []string) {
 			ctx := c.Context()

-			presignedURLString, err := getSignedRequestWithRetry(ctx, time.Minute, 5*time.Second, clusterName, roleARN, profile, getSignedRequest)
+			presignedURLString, err := getSignedRequestWithRetry(ctx, time.Minute, 5*time.Second, clusterName, roleARN, getSignedRequest)
 			errors.CheckError(err)
 			token := v1Prefix + base64.RawURLEncoding.EncodeToString([]byte(presignedURLString))
 			// Set token expiration to 1 minute before the presigned URL expires for some cushion
@@ -54,17 +53,16 @@ func newAWSCommand() *cobra.Command {
 	}
 	command.Flags().StringVar(&clusterName, "cluster-name", "", "AWS Cluster name")
 	command.Flags().StringVar(&roleARN, "role-arn", "", "AWS Role ARN")
-	command.Flags().StringVar(&profile, "profile", "", "AWS Profile")
 	return command
 }

-type getSignedRequestFunc func(clusterName, roleARN string, profile string) (string, error)
+type getSignedRequestFunc func(clusterName, roleARN string) (string, error)

-func getSignedRequestWithRetry(ctx context.Context, timeout, interval time.Duration, clusterName, roleARN string, profile string, fn getSignedRequestFunc) (string, error) {
+func getSignedRequestWithRetry(ctx context.Context, timeout, interval time.Duration, clusterName, roleARN string, fn getSignedRequestFunc) (string, error) {
 	ctx, cancel := context.WithTimeout(ctx, timeout)
 	defer cancel()
 	for {
-		signed, err := fn(clusterName, roleARN, profile)
+		signed, err := fn(clusterName, roleARN)
 		if err == nil {
 			return signed, nil
 		}
@@ -76,10 +74,8 @@ func getSignedRequestWithRetry(ctx context.Context, timeout, interval time.Durat
 	}
 }

-func getSignedRequest(clusterName, roleARN string, profile string) (string, error) {
-	sess, err := session.NewSessionWithOptions(session.Options{
-		Profile: profile,
-	})
+func getSignedRequest(clusterName, roleARN string) (string, error) {
+	sess, err := session.NewSession()
 	if err != nil {
 		return "", fmt.Errorf("error creating new AWS session: %s", err)
 	}
--- a/cmd/argocd-k8s-auth/commands/aws_test.go
+++ b/cmd/argocd-k8s-auth/commands/aws_test.go
@@ -22,7 +22,7 @@ func TestGetSignedRequestWithRetry(t *testing.T) {
 		}

 		// when
-		signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", "", mock.getSignedRequestMock)
+		signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", mock.getSignedRequestMock)

 		// then
 		assert.NoError(t, err)
@@ -41,7 +41,7 @@ func TestGetSignedRequestWithRetry(t *testing.T) {
 		}

 		// when
-		signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", "", mock.getSignedRequestMock)
+		signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", mock.getSignedRequestMock)

 		// then
 		assert.NoError(t, err)
@@ -57,7 +57,7 @@ func TestGetSignedRequestWithRetry(t *testing.T) {
 		}

 		// when
-		signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", "", mock.getSignedRequestMock)
+		signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", mock.getSignedRequestMock)

 		// then
 		assert.Error(t, err)
@@ -70,7 +70,7 @@ type signedRequestMock struct {
 	returnFunc            func(m *signedRequestMock) (string, error)
 }

-func (m *signedRequestMock) getSignedRequestMock(clusterName, roleARN string, profile string) (string, error) {
+func (m *signedRequestMock) getSignedRequestMock(clusterName, roleARN string) (string, error) {
 	m.getSignedRequestCalls++
 	return m.returnFunc(m)
 }
--- a/cmd/argocd-repo-server/commands/argocd_repo_server.go
+++ b/cmd/argocd-repo-server/commands/argocd_repo_server.go
@@ -210,10 +210,8 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&helmManifestMaxExtractedSize, "helm-manifest-max-extracted-size", env.StringFromEnv("ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE", "1G"), "Maximum size of helm manifest archives when extracted")
 	command.Flags().BoolVar(&disableManifestMaxExtractedSize, "disable-helm-manifest-max-extracted-size", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE", false), "Disable maximum size of helm manifest archives when extracted")
 	tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(&command)
-	cacheSrc = reposervercache.AddCacheFlagsToCmd(&command, cacheutil.Options{
-		OnClientCreated: func(client *redis.Client) {
-			redisClient = client
-		},
+	cacheSrc = reposervercache.AddCacheFlagsToCmd(&command, func(client *redis.Client) {
+		redisClient = client
 	})
 	return &command
 }
--- a/cmd/argocd-server/commands/argocd_server.go
+++ b/cmd/argocd-server/commands/argocd_server.go
@@ -19,10 +19,8 @@ import (
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
-	reposervercache "github.com/argoproj/argo-cd/v2/reposerver/cache"
 	"github.com/argoproj/argo-cd/v2/server"
 	servercache "github.com/argoproj/argo-cd/v2/server/cache"
-	cacheutil "github.com/argoproj/argo-cd/v2/util/cache"
 	"github.com/argoproj/argo-cd/v2/util/cli"
 	"github.com/argoproj/argo-cd/v2/util/dex"
 	"github.com/argoproj/argo-cd/v2/util/env"
@@ -68,7 +66,6 @@ func NewCommand() *cobra.Command {
 		enableGZip               bool
 		tlsConfigCustomizerSrc   func() (tls.ConfigCustomizer, error)
 		cacheSrc                 func() (*servercache.Cache, error)
-		repoServerCacheSrc       func() (*reposervercache.Cache, error)
 		frameOptions             string
 		contentSecurityPolicy    string
 		repoServerPlaintext      bool
@@ -110,8 +107,6 @@ func NewCommand() *cobra.Command {
 			errors.CheckError(err)
 			cache, err := cacheSrc()
 			errors.CheckError(err)
-			repoServerCache, err := repoServerCacheSrc()
-			errors.CheckError(err)

 			kubeclientset := kubernetes.NewForConfigOrDie(config)

@@ -191,7 +186,6 @@ func NewCommand() *cobra.Command {
 				EnableGZip:            enableGZip,
 				TLSConfigCustomizer:   tlsConfigCustomizer,
 				Cache:                 cache,
-				RepoServerCache:       repoServerCache,
 				XFrameOptions:         frameOptions,
 				ContentSecurityPolicy: contentSecurityPolicy,
 				RedisClient:           redisClient,
@@ -264,11 +258,8 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces where application resources can be managed in")
 	command.Flags().BoolVar(&enableProxyExtension, "enable-proxy-extension", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_PROXY_EXTENSION", false), "Enable Proxy Extension feature")
 	tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(command)
-	cacheSrc = servercache.AddCacheFlagsToCmd(command, cacheutil.Options{
-		OnClientCreated: func(client *redis.Client) {
-			redisClient = client
-		},
+	cacheSrc = servercache.AddCacheFlagsToCmd(command, func(client *redis.Client) {
+		redisClient = client
 	})
-	repoServerCacheSrc = reposervercache.AddCacheFlagsToCmd(command, cacheutil.Options{FlagPrefix: "repo-server-"})
 	return command
 }
--- a/cmd/argocd/commands/admin/cluster.go
+++ b/cmd/argocd/commands/admin/cluster.go
@@ -632,7 +632,6 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command
 				awsAuthConf = &argoappv1.AWSAuthConfig{
 					ClusterName: clusterOpts.AwsClusterName,
 					RoleARN:     clusterOpts.AwsRoleArn,
-					Profile:     clusterOpts.AwsProfile,
 				}
 			} else if clusterOpts.ExecProviderCommand != "" {
 				execProviderConf = &argoappv1.ExecProviderConfig{
--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@@ -1624,7 +1624,7 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 				list, err := appIf.List(ctx, &application.ApplicationQuery{Selector: pointer.String(selector)})
 				errors.CheckError(err)
 				for _, i := range list.Items {
-					appNames = append(appNames, i.QualifiedName())
+					appNames = append(appNames, i.Name)
 				}
 			}
 			for _, appName := range appNames {
@@ -1995,7 +1995,7 @@ func getAppNamesBySelector(ctx context.Context, appIf application.ApplicationSer
 			return []string{}, fmt.Errorf("no apps match selector %v", selector)
 		}
 		for _, i := range list.Items {
-			appNames = append(appNames, i.QualifiedName())
+			appNames = append(appNames, i.Name)
 		}
 	}
 	return appNames, nil
--- a/cmd/argocd/commands/cluster.go
+++ b/cmd/argocd/commands/cluster.go
@@ -111,7 +111,6 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 				awsAuthConf = &argoappv1.AWSAuthConfig{
 					ClusterName: clusterOpts.AwsClusterName,
 					RoleARN:     clusterOpts.AwsRoleArn,
-					Profile:     clusterOpts.AwsProfile,
 				}
 			} else if clusterOpts.ExecProviderCommand != "" {
 				execProviderConf = &argoappv1.ExecProviderConfig{
--- a/cmd/argocd/commands/headless/headless.go
+++ b/cmd/argocd/commands/headless/headless.go
@@ -78,12 +78,6 @@ func (c *forwardCacheClient) Set(item *cache.Item) error {
 	})
 }

-func (c *forwardCacheClient) Rename(oldKey string, newKey string, expiration time.Duration) error {
-	return c.doLazy(func(client cache.CacheClient) error {
-		return client.Rename(oldKey, newKey, expiration)
-	})
-}
-
 func (c *forwardCacheClient) Get(key string, obj interface{}) error {
 	return c.doLazy(func(client cache.CacheClient) error {
 		return client.Get(key, obj)
--- a/cmd/argocd/commands/repo.go
+++ b/cmd/argocd/commands/repo.go
@@ -64,12 +64,6 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
  # Add a Git repository via SSH on a non-default port - need to use ssh:// style URLs here
  argocd repo add ssh://git@git.example.com:2222/repos/repo --ssh-private-key-path ~/id_rsa

-  # Add a Git repository via SSH using socks5 proxy with no proxy credentials
-  argocd repo add ssh://git@github.com/argoproj/argocd-example-apps --ssh-private-key-path ~/id_rsa --proxy socks5://your.proxy.server.ip:1080
-
-  # Add a Git repository via SSH using socks5 proxy with proxy credentials
-  argocd repo add ssh://git@github.com/argoproj/argocd-example-apps --ssh-private-key-path ~/id_rsa --proxy socks5://username:password@your.proxy.server.ip:1080
-
  # Add a private Git repository via HTTPS using username/password and TLS client certificates:
  argocd repo add https://git.example.com/repos/repo --username git --password secret --tls-client-cert-path ~/mycert.crt --tls-client-cert-key-path ~/mycert.key

--- a/cmd/util/cluster.go
+++ b/cmd/util/cluster.go
@@ -144,7 +144,6 @@ type ClusterOptions struct {
 	Upsert                  bool
 	ServiceAccount          string
 	AwsRoleArn              string
-	AwsProfile              string
 	AwsClusterName          string
 	SystemNamespace         string
 	Namespaces              []string
@@ -170,7 +169,6 @@ func AddClusterFlags(command *cobra.Command, opts *ClusterOptions) {
 	command.Flags().BoolVar(&opts.InCluster, "in-cluster", false, "Indicates Argo CD resides inside this cluster and should connect using the internal k8s hostname (kubernetes.default.svc)")
 	command.Flags().StringVar(&opts.AwsClusterName, "aws-cluster-name", "", "AWS Cluster name if set then aws cli eks token command will be used to access cluster")
 	command.Flags().StringVar(&opts.AwsRoleArn, "aws-role-arn", "", "Optional AWS role arn. If set then AWS IAM Authenticator assumes a role to perform cluster operations instead of the default AWS credential provider chain.")
-	command.Flags().StringVar(&opts.AwsProfile, "aws-profile", "", "Optional AWS profile. If set then AWS IAM Authenticator uses this profile to perform cluster operations instead of the default AWS credential provider chain.")
 	command.Flags().StringArrayVar(&opts.Namespaces, "namespace", nil, "List of namespaces which are allowed to manage")
 	command.Flags().BoolVar(&opts.ClusterResources, "cluster-resources", false, "Indicates if cluster level resources should be managed. The setting is used only if list of managed namespaces is not empty.")
 	command.Flags().StringVar(&opts.Name, "name", "", "Overwrite the cluster name")
--- a/controller/state.go
+++ b/controller/state.go
@@ -880,16 +880,7 @@ func useDiffCache(noCache bool, manifestInfos []*apiclient.ManifestResponse, sou
 	return true
 }

-func (m *appStateManager) persistRevisionHistory(
-	app *v1alpha1.Application,
-	revision string,
-	source v1alpha1.ApplicationSource,
-	revisions []string,
-	sources []v1alpha1.ApplicationSource,
-	hasMultipleSources bool,
-	startedAt metav1.Time,
-	initiatedBy v1alpha1.OperationInitiator,
-) error {
+func (m *appStateManager) persistRevisionHistory(app *v1alpha1.Application, revision string, source v1alpha1.ApplicationSource, revisions []string, sources []v1alpha1.ApplicationSource, hasMultipleSources bool, startedAt metav1.Time) error {
 	var nextID int64
 	if len(app.Status.History) > 0 {
 		nextID = app.Status.History.LastRevisionHistory().ID + 1
@@ -902,7 +893,6 @@ func (m *appStateManager) persistRevisionHistory(
 			ID:              nextID,
 			Sources:         sources,
 			Revisions:       revisions,
-			InitiatedBy:     initiatedBy,
 		})
 	} else {
 		app.Status.History = append(app.Status.History, v1alpha1.RevisionHistory{
@@ -911,7 +901,6 @@ func (m *appStateManager) persistRevisionHistory(
 			DeployStartedAt: &startedAt,
 			ID:              nextID,
 			Source:          source,
-			InitiatedBy:     initiatedBy,
 		})
 	}

--- a/controller/state_test.go
+++ b/controller/state_test.go
@@ -23,7 +23,6 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"

 	"github.com/argoproj/argo-cd/v2/common"
-	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	"github.com/argoproj/argo-cd/v2/test"
@@ -839,7 +838,7 @@ func Test_appStateManager_persistRevisionHistory(t *testing.T) {
 		app.Spec.RevisionHistoryLimit = &i
 	}
 	addHistory := func() {
-		err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{}, []string{}, []argoappv1.ApplicationSource{}, false, metav1.Time{}, v1alpha1.OperationInitiator{})
+		err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{}, []string{}, []argoappv1.ApplicationSource{}, false, metav1.Time{})
 		assert.NoError(t, err)
 	}
 	addHistory()
@@ -875,7 +874,7 @@ func Test_appStateManager_persistRevisionHistory(t *testing.T) {
 	assert.Len(t, app.Status.History, 9)

 	metav1NowTime := metav1.NewTime(time.Now())
-	err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{}, []string{}, []argoappv1.ApplicationSource{}, false, metav1NowTime, v1alpha1.OperationInitiator{})
+	err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{}, []string{}, []argoappv1.ApplicationSource{}, false, metav1NowTime)
 	assert.NoError(t, err)
 	assert.Equal(t, app.Status.History.LastRevisionHistory().DeployStartedAt, &metav1NowTime)
 }
--- a/controller/sync.go
+++ b/controller/sync.go
@@ -391,7 +391,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	logEntry.WithField("duration", time.Since(start)).Info("sync/terminate complete")

 	if !syncOp.DryRun && len(syncOp.Resources) == 0 && state.Phase.Successful() {
-		err := m.persistRevisionHistory(app, compareResult.syncStatus.Revision, source, compareResult.syncStatus.Revisions, compareResult.syncStatus.ComparedTo.Sources, app.Spec.HasMultipleSources(), state.StartedAt, state.Operation.InitiatedBy)
+		err := m.persistRevisionHistory(app, compareResult.syncStatus.Revision, source, compareResult.syncStatus.Revisions, compareResult.syncStatus.ComparedTo.Sources, app.Spec.HasMultipleSources(), state.StartedAt)
 		if err != nil {
 			state.Phase = common.OperationError
 			state.Message = fmt.Sprintf("failed to record sync to history: %v", err)
--- a/docs/cli_installation.md
+++ b/docs/cli_installation.md
@@ -37,17 +37,6 @@ sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
 rm argocd-linux-amd64
 ```

-#### Download latest stable version
-
-You can download the latest stable release by executing below steps:
-
-```bash
-VERSION=$(curl -L -s https://raw.githubusercontent.com/argoproj/argo-cd/stable/VERSION)
-curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/v$VERSION/argocd-linux-amd64
-sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
-rm argocd-linux-amd64
-```
-
 You should now be able to run `argocd` commands.


--- a/docs/developer-guide/architecture/components.md
+++ b/docs/developer-guide/architecture/components.md
@@ -71,7 +71,7 @@ and the CLI functionalities.
 ### Application Controller

 The Application Controller is responsible for reconciling the
-Application resource in Kubernetes synchronizing the desired
+Application resource in Kubernetes syncronizing the desired
 application state (provided in Git) with the live state (in
 Kubernetes). The Application Controller is also responsible for
 reconciling the Project resource.
--- a/docs/developer-guide/contributors-quickstart.md
+++ b/docs/developer-guide/contributors-quickstart.md
@@ -9,8 +9,6 @@ and the [toolchain guide](toolchain-guide.md).

 ### Install Go

-<https://go.dev/doc/install/>
-
 Install version 1.18 or newer (Verify version by running `go version`)

 ### Clone the Argo CD repo
@@ -25,29 +23,16 @@ git clone https://github.com/argoproj/argo-cd.git

 <https://docs.docker.com/engine/install/>

-### Install or Upgrade a Tool for Running Local Clusters (e.g. kind or minikube)
-
-#### Installation guide for kind:
+### Install or Upgrade `kind` (Optional - Should work with any local cluster)

 <https://kind.sigs.k8s.io/docs/user/quick-start/>

-#### Installation guide for minikube:
-
-<https://minikube.sigs.k8s.io/docs/start/>
-
 ### Start Your Local Cluster

-For example, if you are using kind:
 ```shell
 kind create cluster
 ```

-Or, if you are using minikube:
-
-```shell
-minikube start
-```
-
 ### Install Argo CD

 ```shell
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -22,8 +22,12 @@ This will create a new namespace, `argocd`, where Argo CD services and applicati
    The installation manifests include `ClusterRoleBinding` resources that reference `argocd` namespace. If you are installing Argo CD into a different
    namespace then make sure to update the namespace reference.

-!!! tip
-    If you are not interested in UI, SSO, and multi-cluster features, then you can install only the [core](operator-manual/core/#installing) Argo CD components.
+If you are not interested in UI, SSO, multi-cluster features then you can install [core](operator-manual/installation.md#core) Argo CD components only:
+
+```bash
+kubectl create namespace argocd
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/core-install.yaml
+```

 This default installation will have a self-signed certificate and cannot be accessed without a bit of extra work.
 Do one of:
--- a/docs/operator-manual/application.yaml
+++ b/docs/operator-manual/application.yaml
@@ -119,7 +119,7 @@ spec:
        extVars:
        - name: foo
          value: bar
-          # You can use "code" to determine if the value is either string (false, the default) or Jsonnet code (if code is true).
+          # You can use "code to determine if the value is either string (false, the default) or Jsonnet code (if code is true).
        - code: true
          name: baz
          value: "true"
--- a/docs/operator-manual/applicationset/GoTemplate.md
+++ b/docs/operator-manual/applicationset/GoTemplate.md
@@ -12,7 +12,7 @@ An additional `normalize` function makes any string parameter usable as a valid
 with hyphens and truncating at 253 characters. This is useful when making parameters safe for things like Application
 names.

-Another `slugify` function has been added which, by default, sanitizes and smart truncates (it doesn't cut a word into 2). This function accepts a couple of arguments:
+Another function has `slugify` function has been added which, by default, sanitizes and smart truncate (means doesn't cut a word into 2). This function accepts a couple of arguments:
 - The first argument (if provided) is an integer specifying the maximum length of the slug.
 - The second argument (if provided) is a boolean indicating whether smart truncation is enabled.
 - The last argument (if provided) is the input name that needs to be slugified.
@@ -206,8 +206,6 @@ ApplicationSet controller provides:
  1. contains no more than 253 characters
  2. contains only lowercase alphanumeric characters, '-' or '.'
  3. starts and ends with an alphanumeric character
-
- `slugify`: sanitizes like `normalize` and smart truncates (it doesn't cut a word into 2) like described in the [introduction](#introduction) section.
 - `toYaml` / `fromYaml` / `fromYamlArray` helm like functions


--- a/docs/operator-manual/argocd-cm.yaml
+++ b/docs/operator-manual/argocd-cm.yaml
@@ -308,10 +308,8 @@ data:
  # have either a permanent banner or a regular closeable banner, and NOT both. eg. A user can't dismiss a
  # notification message (closeable) banner, to then immediately see a permanent banner.
  # ui.bannerpermanent: "true"
-  # An option to specify the position of the banner, either the top or bottom of the page, or both. The valid values 
-  # are: "top", "bottom" and "both".  The default (if the option is not provided), is "top". If "both" is specified, then 
-  # the content appears both at the top and the bottom of the page. Uncomment the following line to make the banner appear 
-  # at the bottom of the page. Change the value as needed.
+  # An option to specify the position of the banner, either the top or bottom of the page. The default is at the top.
+  # Uncomment to make the banner appear at the bottom of the page. Any value other than "bottom" will make the banner appear at the top.
  # ui.bannerposition: "bottom"

  # Application reconciliation timeout is the max amount of time required to discover if a new manifests version got
--- a/docs/operator-manual/declarative-setup.md
+++ b/docs/operator-manual/declarative-setup.md
@@ -549,7 +549,6 @@ bearerToken: string
 awsAuthConfig:
    clusterName: string
    roleARN: string
-    profile: string
 # Configure external command to supply client credentials
 # See https://godoc.org/k8s.io/client-go/tools/clientcmd/api#ExecConfig
 execProviderConfig:
--- a/docs/operator-manual/notifications/triggers.md
+++ b/docs/operator-manual/notifications/triggers.md
@@ -1,7 +1,7 @@
 The trigger defines the condition when the notification should be sent. The definition includes name, condition
 and notification templates reference. The condition is a predicate expression that returns true if the notification
 should be sent. The trigger condition evaluation is powered by [antonmedv/expr](https://github.com/antonmedv/expr).
-The condition language syntax is described at [language-definition.md](https://github.com/antonmedv/expr/blob/master/docs/language-definition.md).
+The condition language syntax is described at [Language-Definition.md](https://github.com/antonmedv/expr/blob/master/docs/Language-Definition.md).

 The trigger is configured in the `argocd-notifications-cm` ConfigMap. For example the following trigger sends a notification
 when application sync status changes to `Unknown` using the `app-sync-status` template:
--- a/docs/operator-manual/server-commands/argocd-server.md
+++ b/docs/operator-manual/server-commands/argocd-server.md
@@ -25,87 +25,74 @@ argocd-server [flags]
 ### Options

 ```
-      --address string                                  Listen on given address (default "0.0.0.0")
-      --api-content-types string                        Semicolon separated list of allowed content types for non GET api requests. Any content type is allowed if empty. (default "application/json")
-      --app-state-cache-expiration duration             Cache expiration for app state (default 1h0m0s)
-      --application-namespaces strings                  List of additional namespaces where application resources can be managed in
-      --as string                                       Username to impersonate for the operation
-      --as-group stringArray                            Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
-      --as-uid string                                   UID to impersonate for the operation
-      --basehref string                                 Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/")
-      --certificate-authority string                    Path to a cert file for the certificate authority
-      --client-certificate string                       Path to a client certificate file for TLS
-      --client-key string                               Path to a client key file for TLS
-      --cluster string                                  The name of the kubeconfig cluster to use
-      --connection-status-cache-expiration duration     Cache expiration for cluster/repo connection status (default 1h0m0s)
-      --content-security-policy value                   Set Content-Security-Policy header in HTTP responses to value. To disable, set to "". (default "frame-ancestors 'self';")
-      --context string                                  The name of the kubeconfig context to use
-      --default-cache-expiration duration               Cache expiration default (default 24h0m0s)
-      --dex-server string                               Dex server address (default "argocd-dex-server:5556")
-      --dex-server-plaintext                            Use a plaintext client (non-TLS) to connect to dex server
-      --dex-server-strict-tls                           Perform strict validation of TLS certificates when connecting to dex server
-      --disable-auth                                    Disable client authentication
-      --disable-compression                             If true, opt-out of response compression for all requests to the server
-      --enable-gzip                                     Enable GZIP compression (default true)
-      --enable-proxy-extension                          Enable Proxy Extension feature
-      --gloglevel int                                   Set the glog logging level
-  -h, --help                                            help for argocd-server
-      --insecure                                        Run server without TLS
-      --insecure-skip-tls-verify                        If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
-      --kubeconfig string                               Path to a kube config. Only required if out-of-cluster
-      --logformat string                                Set the logging format. One of: text|json (default "text")
-      --login-attempts-expiration duration              Cache expiration for failed login attempts (default 24h0m0s)
-      --loglevel string                                 Set the logging level. One of: debug|info|warn|error (default "info")
-      --metrics-address string                          Listen for metrics on given address (default "0.0.0.0")
-      --metrics-port int                                Start metrics on given port (default 8083)
-  -n, --namespace string                                If present, the namespace scope for this CLI request
-      --oidc-cache-expiration duration                  Cache expiration for OIDC state (default 3m0s)
-      --otlp-address string                             OpenTelemetry collector address to send traces to
-      --otlp-attrs strings                              List of OpenTelemetry collector extra attrs when send traces, each attribute is separated by a colon(e.g. key:value)
-      --otlp-headers stringToString                     List of OpenTelemetry collector extra headers sent with traces, headers are comma-separated key-value pairs(e.g. key1=value1,key2=value2) (default [])
-      --otlp-insecure                                   OpenTelemetry collector insecure mode (default true)
-      --password string                                 Password for basic authentication to the API server
-      --port int                                        Listen on given port (default 8080)
-      --proxy-url string                                If provided, this URL will be used to connect via proxy
-      --redis string                                    Redis server hostname and port (e.g. argocd-redis:6379). 
-      --redis-ca-certificate string                     Path to Redis server CA certificate (e.g. /etc/certs/redis/ca.crt). If not specified, system trusted CAs will be used for server certificate validation.
-      --redis-client-certificate string                 Path to Redis client certificate (e.g. /etc/certs/redis/client.crt).
-      --redis-client-key string                         Path to Redis client key (e.g. /etc/certs/redis/client.crt).
-      --redis-compress string                           Enable compression for data sent to Redis with the required compression algorithm. (possible values: gzip, none) (default "gzip")
-      --redis-insecure-skip-tls-verify                  Skip Redis server certificate validation.
-      --redis-use-tls                                   Use TLS when connecting to Redis. 
-      --redisdb int                                     Redis database.
-      --repo-cache-expiration duration                  Cache expiration for repo state, incl. app lists, app details, manifest generation, revision meta-data (default 24h0m0s)
-      --repo-server string                              Repo server address (default "argocd-repo-server:8081")
-      --repo-server-default-cache-expiration duration   Cache expiration default (default 24h0m0s)
-      --repo-server-plaintext                           Use a plaintext client (non-TLS) to connect to repository server
-      --repo-server-redis string                        Redis server hostname and port (e.g. argocd-redis:6379). 
-      --repo-server-redis-ca-certificate string         Path to Redis server CA certificate (e.g. /etc/certs/redis/ca.crt). If not specified, system trusted CAs will be used for server certificate validation.
-      --repo-server-redis-client-certificate string     Path to Redis client certificate (e.g. /etc/certs/redis/client.crt).
-      --repo-server-redis-client-key string             Path to Redis client key (e.g. /etc/certs/redis/client.crt).
-      --repo-server-redis-compress string               Enable compression for data sent to Redis with the required compression algorithm. (possible values: gzip, none) (default "gzip")
-      --repo-server-redis-insecure-skip-tls-verify      Skip Redis server certificate validation.
-      --repo-server-redis-use-tls                       Use TLS when connecting to Redis. 
-      --repo-server-redisdb int                         Redis database.
-      --repo-server-sentinel stringArray                Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). 
-      --repo-server-sentinelmaster string               Redis sentinel master group name. (default "master")
-      --repo-server-strict-tls                          Perform strict validation of TLS certificates when connecting to repo server
-      --repo-server-timeout-seconds int                 Repo server RPC call timeout seconds. (default 60)
-      --request-timeout string                          The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-      --revision-cache-expiration duration              Cache expiration for cached revision (default 3m0s)
-      --rootpath string                                 Used if Argo CD is running behind reverse proxy under subpath different from /
-      --sentinel stringArray                            Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). 
-      --sentinelmaster string                           Redis sentinel master group name. (default "master")
-      --server string                                   The address and port of the Kubernetes API server
-      --staticassets string                             Directory path that contains additional static assets (default "/shared/app")
-      --tls-server-name string                          If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
-      --tlsciphers string                               The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
-      --tlsmaxversion string                            The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
-      --tlsminversion string                            The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
-      --token string                                    Bearer token for authentication to the API server
-      --user string                                     The name of the kubeconfig user to use
-      --username string                                 Username for basic authentication to the API server
-      --x-frame-options value                           Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin")
+      --address string                                Listen on given address (default "0.0.0.0")
+      --api-content-types string                      Semicolon separated list of allowed content types for non GET api requests. Any content type is allowed if empty. (default "application/json")
+      --app-state-cache-expiration duration           Cache expiration for app state (default 1h0m0s)
+      --application-namespaces strings                List of additional namespaces where application resources can be managed in
+      --as string                                     Username to impersonate for the operation
+      --as-group stringArray                          Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --as-uid string                                 UID to impersonate for the operation
+      --basehref string                               Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/")
+      --certificate-authority string                  Path to a cert file for the certificate authority
+      --client-certificate string                     Path to a client certificate file for TLS
+      --client-key string                             Path to a client key file for TLS
+      --cluster string                                The name of the kubeconfig cluster to use
+      --connection-status-cache-expiration duration   Cache expiration for cluster/repo connection status (default 1h0m0s)
+      --content-security-policy value                 Set Content-Security-Policy header in HTTP responses to value. To disable, set to "". (default "frame-ancestors 'self';")
+      --context string                                The name of the kubeconfig context to use
+      --default-cache-expiration duration             Cache expiration default (default 24h0m0s)
+      --dex-server string                             Dex server address (default "argocd-dex-server:5556")
+      --dex-server-plaintext                          Use a plaintext client (non-TLS) to connect to dex server
+      --dex-server-strict-tls                         Perform strict validation of TLS certificates when connecting to dex server
+      --disable-auth                                  Disable client authentication
+      --disable-compression                           If true, opt-out of response compression for all requests to the server
+      --enable-gzip                                   Enable GZIP compression (default true)
+      --enable-proxy-extension                        Enable Proxy Extension feature
+      --gloglevel int                                 Set the glog logging level
+  -h, --help                                          help for argocd-server
+      --insecure                                      Run server without TLS
+      --insecure-skip-tls-verify                      If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --kubeconfig string                             Path to a kube config. Only required if out-of-cluster
+      --logformat string                              Set the logging format. One of: text|json (default "text")
+      --login-attempts-expiration duration            Cache expiration for failed login attempts (default 24h0m0s)
+      --loglevel string                               Set the logging level. One of: debug|info|warn|error (default "info")
+      --metrics-address string                        Listen for metrics on given address (default "0.0.0.0")
+      --metrics-port int                              Start metrics on given port (default 8083)
+  -n, --namespace string                              If present, the namespace scope for this CLI request
+      --oidc-cache-expiration duration                Cache expiration for OIDC state (default 3m0s)
+      --otlp-address string                           OpenTelemetry collector address to send traces to
+      --otlp-attrs strings                            List of OpenTelemetry collector extra attrs when send traces, each attribute is separated by a colon(e.g. key:value)
+      --otlp-headers stringToString                   List of OpenTelemetry collector extra headers sent with traces, headers are comma-separated key-value pairs(e.g. key1=value1,key2=value2) (default [])
+      --otlp-insecure                                 OpenTelemetry collector insecure mode (default true)
+      --password string                               Password for basic authentication to the API server
+      --port int                                      Listen on given port (default 8080)
+      --proxy-url string                              If provided, this URL will be used to connect via proxy
+      --redis string                                  Redis server hostname and port (e.g. argocd-redis:6379). 
+      --redis-ca-certificate string                   Path to Redis server CA certificate (e.g. /etc/certs/redis/ca.crt). If not specified, system trusted CAs will be used for server certificate validation.
+      --redis-client-certificate string               Path to Redis client certificate (e.g. /etc/certs/redis/client.crt).
+      --redis-client-key string                       Path to Redis client key (e.g. /etc/certs/redis/client.crt).
+      --redis-compress string                         Enable compression for data sent to Redis with the required compression algorithm. (possible values: gzip, none) (default "gzip")
+      --redis-insecure-skip-tls-verify                Skip Redis server certificate validation.
+      --redis-use-tls                                 Use TLS when connecting to Redis. 
+      --redisdb int                                   Redis database.
+      --repo-server string                            Repo server address (default "argocd-repo-server:8081")
+      --repo-server-plaintext                         Use a plaintext client (non-TLS) to connect to repository server
+      --repo-server-strict-tls                        Perform strict validation of TLS certificates when connecting to repo server
+      --repo-server-timeout-seconds int               Repo server RPC call timeout seconds. (default 60)
+      --request-timeout string                        The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+      --rootpath string                               Used if Argo CD is running behind reverse proxy under subpath different from /
+      --sentinel stringArray                          Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). 
+      --sentinelmaster string                         Redis sentinel master group name. (default "master")
+      --server string                                 The address and port of the Kubernetes API server
+      --staticassets string                           Directory path that contains additional static assets (default "/shared/app")
+      --tls-server-name string                        If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
+      --tlsciphers string                             The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384")
+      --tlsmaxversion string                          The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3")
+      --tlsminversion string                          The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2")
+      --token string                                  Bearer token for authentication to the API server
+      --user string                                   The name of the kubeconfig user to use
+      --username string                               Username for basic authentication to the API server
+      --x-frame-options value                         Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin")
 ```

 ### SEE ALSO
--- a/docs/operator-manual/signed-release-assets.md
+++ b/docs/operator-manual/signed-release-assets.md
@@ -92,7 +92,7 @@ The attestation payload contains a non-forgeable provenance which is base64 enco
 ```bash
 slsa-verifier verify-image "$IMAGE" \
    --source-uri github.com/argoproj/argo-cd \
-    --source-tag v2.7.0 \
+    --source-tag v2.7.0
    --print-provenance | jq
 ```

--- a/docs/operator-manual/tested-kubernetes-versions.md
+++ b/docs/operator-manual/tested-kubernetes-versions.md
@@ -1,6 +1,5 @@
 | Argo CD version | Kubernetes versions |
 |-----------------|---------------------|
-| 2.7 | v1.26, v1.25, v1.24, v1.23 |
-| 2.6 | v1.24, v1.23, v1.22 |
-| 2.5 | v1.24, v1.23, v1.22 |
-
+| 2.10 | v1.28, v1.27, v1.26, v1.25 |
+| 2.9 | v1.28, v1.27, v1.26, v1.25 |
+| 2.8 | v1.27, v1.26, v1.25, v1.24 |
--- a/docs/operator-manual/upgrading/2.10-2.11.md
+++ b/docs/operator-manual/upgrading/2.10-2.11.md
@@ -1,5 +0,0 @@
-# v2.10 to 2.11
-
-## initiatedBy added in Application CRD
-
-In order to address [argoproj/argo-cd#16612](https://github.com/argoproj/argo-cd/issues/16612), initiatedBy has been added in the Application CRD.
--- a/docs/operator-manual/user-management/microsoft.md
+++ b/docs/operator-manual/user-management/microsoft.md
@@ -1,16 +1,13 @@
 # Microsoft

-!!! note ""
-    Entra ID was formerly known as Azure AD.
+* [Azure AD SAML Enterprise App Auth using Dex](#azure-ad-saml-enterprise-app-auth-using-dex)
+* [Azure AD App Registration Auth using OIDC](#azure-ad-app-registration-auth-using-oidc)
+* [Azure AD App Registration Auth using Dex](#azure-ad-app-registration-auth-using-dex)

-* [Entra ID SAML Enterprise App Auth using Dex](#entra-id-saml-enterprise-app-auth-using-dex)
-* [Entra ID App Registration Auth using OIDC](#entra-id-app-registration-auth-using-oidc)
-* [Entra ID App Registration Auth using Dex](#entra-id-app-registration-auth-using-dex)
+## Azure AD SAML Enterprise App Auth using Dex
+### Configure a new Azure AD Enterprise App

-## Entra ID SAML Enterprise App Auth using Dex
-### Configure a new Entra ID Enterprise App
-
-1. From the `Microsoft Entra ID` > `Enterprise applications` menu, choose `+ New application`
+1. From the `Azure Active Directory` > `Enterprise applications` menu, choose `+ New application`
 2. Select `Non-gallery application`
 3. Enter a `Name` for the application (e.g. `Argo CD`), then choose `Add`
 4. Once the application is created, open it from the `Enterprise applications` menu.
@@ -34,9 +31,9 @@
      - *Keep a copy of the encoded output to be used in the next section.*
 9. From the `Single sign-on` menu, copy the `Login URL` parameter, to be used in the next section.

-### Configure Argo to use the new Entra ID Enterprise App
+### Configure Argo to use the new Azure AD Enterprise App

-1. Edit `argocd-cm` and add the following `dex.config` to the data section, replacing the `caData`, `my-argo-cd-url` and `my-login-url` your values from the Entra ID App:
+1. Edit `argocd-cm` and add the following `dex.config` to the data section, replacing the `caData`, `my-argo-cd-url` and `my-login-url` your values from the Azure AD App:

            data:
              url: https://my-argo-cd-url
@@ -59,7 +56,7 @@
                    groupsAttr: Group

 2. Edit `argocd-rbac-cm` to configure permissions, similar to example below.
-      - Use Entra ID `Group IDs` for assigning roles.
+      - Use Azure AD `Group IDs` for assigning roles.
      - See [RBAC Configurations](../rbac.md) for more detailed scenarios.

            # example policy
@@ -73,11 +70,11 @@
               p, role:org-admin, repositories, delete, *, allow
               g, "84ce98d1-e359-4f3b-85af-985b458de3c6", role:org-admin # (azure group assigned to role)

-## Entra ID App Registration Auth using OIDC
-### Configure a new Entra ID App registration
-#### Add a new Entra ID App registration
+## Azure AD App Registration Auth using OIDC
+### Configure a new Azure AD App registration
+#### Add a new Azure AD App registration

-1. From the `Microsoft Entra ID` > `App registrations` menu, choose `+ New registration`
+1. From the `Azure Active Directory` > `App registrations` menu, choose `+ New registration`
 2. Enter a `Name` for the application (e.g. `Argo CD`).
 3. Specify who can use the application (e.g. `Accounts in this organizational directory only`).
 4. Enter Redirect URI (optional) as follows (replacing `my-argo-cd-url` with your Argo URL), then choose `Add`.
@@ -95,29 +92,29 @@
      - **Redirect URI:** `http://localhost:8085/auth/callback`
      ![Azure App registration's Authentication](../../assets/azure-app-registration-authentication.png "Azure App registration's Authentication")

-#### Add credentials a new Entra ID App registration
+#### Add credentials a new Azure AD App registration

 1. From the `Certificates & secrets` menu, choose `+ New client secret`
 2. Enter a `Name` for the secret (e.g. `ArgoCD-SSO`).
      - Make sure to copy and save generated value. This is a value for the `client_secret`.
      ![Azure App registration's Secret](../../assets/azure-app-registration-secret.png "Azure App registration's Secret")

-#### Setup permissions for Entra ID Application
+#### Setup permissions for Azure AD Application

 1. From the `API permissions` menu, choose `+ Add a permission`
 2. Find `User.Read` permission (under `Microsoft Graph`) and grant it to the created application:
-   ![Entra ID API permissions](../../assets/azure-api-permissions.png "Entra ID API permissions")
+   ![Azure AD API permissions](../../assets/azure-api-permissions.png "Azure AD API permissions")
 3. From the `Token Configuration` menu, choose `+ Add groups claim`
-   ![Entra ID token configuration](../../assets/azure-token-configuration.png "Entra ID token configuration")
+   ![Azure AD token configuration](../../assets/azure-token-configuration.png "Azure AD token configuration")

-### Associate an Entra ID group to your Entra ID App registration
+### Associate an Azure AD group to your Azure AD App registration

-1. From the `Microsoft Entra ID` > `Enterprise applications` menu, search the App that you created (e.g. `Argo CD`).
-      - An Enterprise application with the same name of the Entra ID App registration is created when you add a new Entra ID App registration.
+1. From the `Azure Active Directory` > `Enterprise applications` menu, search the App that you created (e.g. `Argo CD`).
+      - An Enterprise application with the same name of the Azure AD App registration is created when you add a new Azure AD App registration.
 2. From the `Users and groups` menu of the app, add any users or groups requiring access to the service.
   ![Azure Enterprise SAML Users](../../assets/azure-enterprise-users.png "Azure Enterprise SAML Users")

-### Configure Argo to use the new Entra ID App registration
+### Configure Argo to use the new Azure AD App registration

 1. Edit `argocd-cm` and configure the `data.oidc.config` and `data.url` section:

@@ -176,7 +173,7 @@

   Refer to [operator-manual/argocd-rbac-cm.yaml](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-rbac-cm.yaml) for all of the available variables.

-## Entra ID App Registration Auth using Dex
+## Azure AD App Registration Auth using Dex

 Configure a new AD App Registration, as above.
 Then, add the `dex.config` to `argocd-cm`:
@@ -203,9 +200,9 @@ data:

 1. Open a new browser tab and enter your ArgoCD URI: https://`<my-argo-cd-url>`
   ![Azure SSO Web Log In](../../assets/azure-sso-web-log-in-via-azure.png "Azure SSO Web Log In")
-3. Click `LOGIN VIA AZURE` button to log in with your Microsoft Entra ID account. You’ll see the ArgoCD applications screen.
+3. Click `LOGIN VIA AZURE` button to log in with your Azure Active Directory account. You’ll see the ArgoCD applications screen.
   ![Azure SSO Web Application](../../assets/azure-sso-web-application.png "Azure SSO Web Application")
-4. Navigate to User Info and verify Group ID. Groups will have your group’s Object ID that you added in the `Setup permissions for Entra ID Application` step.
+4. Navigate to User Info and verify Group ID. Groups will have your group’s Object ID that you added in the `Setup permissions for Azure AD Application` step.
   ![Azure SSO Web User Info](../../assets/azure-sso-web-user-info.png "Azure SSO Web User Info")

 ### Log in to ArgoCD using CLI
--- a/docs/user-guide/commands/argocd_admin_cluster_generate-spec.md
+++ b/docs/user-guide/commands/argocd_admin_cluster_generate-spec.md
@@ -13,7 +13,6 @@ argocd admin cluster generate-spec CONTEXT [flags]
 ```
      --annotation stringArray             Set metadata annotations (e.g. --annotation key=value)
      --aws-cluster-name string            AWS Cluster name if set then aws cli eks token command will be used to access cluster
-      --aws-profile string                 Optional AWS profile. If set then AWS IAM Authenticator uses this profile to perform cluster operations instead of the default AWS credential provider chain.
      --aws-role-arn string                Optional AWS role arn. If set then AWS IAM Authenticator assumes a role to perform cluster operations instead of the default AWS credential provider chain.
      --bearer-token string                Authentication token that should be used to access K8S API server
      --cluster-endpoint string            Cluster endpoint to use. Can be one of the following: 'kubeconfig', 'kube-public', or 'internal'.
--- a/docs/user-guide/commands/argocd_cluster_add.md
+++ b/docs/user-guide/commands/argocd_cluster_add.md
@@ -13,7 +13,6 @@ argocd cluster add CONTEXT [flags]
 ```
      --annotation stringArray             Set metadata annotations (e.g. --annotation key=value)
      --aws-cluster-name string            AWS Cluster name if set then aws cli eks token command will be used to access cluster
-      --aws-profile string                 Optional AWS profile. If set then AWS IAM Authenticator uses this profile to perform cluster operations instead of the default AWS credential provider chain.
      --aws-role-arn string                Optional AWS role arn. If set then AWS IAM Authenticator assumes a role to perform cluster operations instead of the default AWS credential provider chain.
      --cluster-endpoint string            Cluster endpoint to use. Can be one of the following: 'kubeconfig', 'kube-public', or 'internal'.
      --cluster-resources                  Indicates if cluster level resources should be managed. The setting is used only if list of managed namespaces is not empty.
--- a/docs/user-guide/commands/argocd_repo_add.md
+++ b/docs/user-guide/commands/argocd_repo_add.md
@@ -17,12 +17,6 @@ argocd repo add REPOURL [flags]
  # Add a Git repository via SSH on a non-default port - need to use ssh:// style URLs here
  argocd repo add ssh://git@git.example.com:2222/repos/repo --ssh-private-key-path ~/id_rsa

-  # Add a Git repository via SSH using socks5 proxy with no proxy credentials
-  argocd repo add ssh://git@github.com/argoproj/argocd-example-apps --ssh-private-key-path ~/id_rsa --proxy socks5://your.proxy.server.ip:1080
-
-  # Add a Git repository via SSH using socks5 proxy with proxy credentials
-  argocd repo add ssh://git@github.com/argoproj/argocd-example-apps --ssh-private-key-path ~/id_rsa --proxy socks5://username:password@your.proxy.server.ip:1080
-
  # Add a private Git repository via HTTPS using username/password and TLS client certificates:
  argocd repo add https://git.example.com/repos/repo --username git --password secret --tls-client-cert-path ~/mycert.crt --tls-client-cert-key-path ~/mycert.key

--- a/docs/user-guide/kustomize.md
+++ b/docs/user-guide/kustomize.md
@@ -131,9 +131,6 @@ data:
    kustomize.buildOptions: --load-restrictor LoadRestrictionsNone
    kustomize.buildOptions.v4.4.0: --output /tmp
 ```
-
-After modifying `kustomize.buildOptions`, you may need to restart ArgoCD for the changes to take effect.
-
 ## Custom Kustomize versions

 Argo CD supports using multiple Kustomize versions simultaneously and specifies required version per application.
--- a/docs/user-guide/resource_hooks.md
+++ b/docs/user-guide/resource_hooks.md
@@ -62,7 +62,6 @@ metadata:
    argocd.argoproj.io/hook: PostSync
    argocd.argoproj.io/hook-delete-policy: HookSucceeded
 ```
-Multiple hook delete policies can be specified as a comma separated list.

 The following policies define when the hook will be deleted.

--- a/go.mod
+++ b/go.mod
@@ -81,7 +81,7 @@ require (
 	go.opentelemetry.io/otel v1.21.0
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0
 	go.opentelemetry.io/otel/sdk v1.21.0
-	golang.org/x/crypto v0.17.0
+	golang.org/x/crypto v0.16.0
 	golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1
 	golang.org/x/oauth2 v0.11.0
 	golang.org/x/sync v0.3.0
--- a/go.sum
+++ b/go.sum
@@ -1813,8 +1813,8 @@ golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45
 golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
--- a/hack/generate-proto.sh
+++ b/hack/generate-proto.sh
@@ -10,13 +10,9 @@ set -o nounset
 set -o pipefail

 # shellcheck disable=SC2128
-PROJECT_ROOT=$(
-    cd "$(dirname "${BASH_SOURCE}")"/..
-    pwd
-)
+PROJECT_ROOT=$(cd "$(dirname "${BASH_SOURCE}")"/..; pwd)
 PATH="${PROJECT_ROOT}/dist:${PATH}"
 GOPATH=$(go env GOPATH)
-GOPATH_PROJECT_ROOT="${GOPATH}/src/github.com/argoproj/argo-cd"

 # output tool versions
 go version
@@ -45,7 +41,6 @@ APIMACHINERY_PKGS=(

 export GO111MODULE=on
 [ -e ./v2 ] || ln -s . v2
-[ -e "${GOPATH_PROJECT_ROOT}" ] || (mkdir -p "$(dirname "${GOPATH_PROJECT_ROOT}")" && ln -s "${PROJECT_ROOT}" "${GOPATH_PROJECT_ROOT}")

 # protoc_include is the include directory containing the .proto files distributed with protoc binary
 if [ -d /dist/protoc-include ]; then
@@ -58,17 +53,10 @@ fi

 go-to-protobuf \
    --go-header-file="${PROJECT_ROOT}"/hack/custom-boilerplate.go.txt \
-    --packages="$(
-        IFS=,
-        echo "${PACKAGES[*]}"
-    )" \
-    --apimachinery-packages="$(
-        IFS=,
-        echo "${APIMACHINERY_PKGS[*]}"
-    )" \
-    --proto-import="${PROJECT_ROOT}"/vendor \
-    --proto-import="${protoc_include}" \
-    --output-base="${GOPATH}/src/"
+    --packages="$(IFS=, ; echo "${PACKAGES[*]}")" \
+    --apimachinery-packages="$(IFS=, ; echo "${APIMACHINERY_PKGS[*]}")" \
+    --proto-import=./vendor \
+    --proto-import="${protoc_include}"

 # Either protoc-gen-go, protoc-gen-gofast, or protoc-gen-gogofast can be used to build
 # server/*/<service>.pb.go from .proto files. golang/protobuf and gogo/protobuf can be used
@@ -98,11 +86,9 @@ for i in ${PROTO_FILES}; do
        --${GOPROTOBINARY}_out=plugins=grpc:"$GOPATH"/src \
        --grpc-gateway_out=logtostderr=true:"$GOPATH"/src \
        --swagger_out=logtostderr=true:. \
-        "$i"
+        $i
 done
-
-[ -L "${GOPATH_PROJECT_ROOT}" ] && rm -rf "${GOPATH_PROJECT_ROOT}"
-[ -L ./v2 ] && rm -rf v2
+[ -e ./v2 ] && rm -rf v2

 # collect_swagger gathers swagger files into a subdirectory
 collect_swagger() {
@@ -111,7 +97,7 @@ collect_swagger() {
    PRIMARY_SWAGGER=$(mktemp)
    COMBINED_SWAGGER=$(mktemp)

-    cat <<EOF >"${PRIMARY_SWAGGER}"
+    cat <<EOF > "${PRIMARY_SWAGGER}"
 {
  "swagger": "2.0",
  "info": {
@@ -125,7 +111,7 @@ EOF

    rm -f "${SWAGGER_OUT}"

-    find "${SWAGGER_ROOT}" -name '*.swagger.json' -exec swagger mixin --ignore-conflicts "${PRIMARY_SWAGGER}" '{}' \+ >"${COMBINED_SWAGGER}"
+    find "${SWAGGER_ROOT}" -name '*.swagger.json' -exec swagger mixin --ignore-conflicts "${PRIMARY_SWAGGER}" '{}' \+ > "${COMBINED_SWAGGER}"
    jq -r 'del(.definitions[].properties[]? | select(."$ref"!=null and .description!=null).description) | del(.definitions[].properties[]? | select(."$ref"!=null and .title!=null).title) |
      # The "array" and "map" fields have custom unmarshaling. Modify the swagger to reflect this.
      .definitions.v1alpha1ApplicationSourcePluginParameter.properties.array = {"description":"Array is the value of an array type parameter.","type":"array","items":{"type":"string"}} |
@@ -134,10 +120,10 @@ EOF
      del(.definitions.v1alpha1OptionalMap) |
      # Output for int64 is incorrect, because it is based on proto definitions, where int64 is a string. In our JSON API, we expect int64 to be an integer. https://github.com/grpc-ecosystem/grpc-gateway/issues/219
      (.definitions[]?.properties[]? | select(.type == "string" and .format == "int64")) |= (.type = "integer")
-    ' "${COMBINED_SWAGGER}" |
-        jq '.definitions.v1Time.type = "string" | .definitions.v1Time.format = "date-time" | del(.definitions.v1Time.properties)' |
-        jq '.definitions.v1alpha1ResourceNode.allOf = [{"$ref": "#/definitions/v1alpha1ResourceRef"}] | del(.definitions.v1alpha1ResourceNode.properties.resourceRef) ' \
-            >"${SWAGGER_OUT}"
+    ' "${COMBINED_SWAGGER}" | \
+    jq '.definitions.v1Time.type = "string" | .definitions.v1Time.format = "date-time" | del(.definitions.v1Time.properties)' | \
+    jq '.definitions.v1alpha1ResourceNode.allOf = [{"$ref": "#/definitions/v1alpha1ResourceRef"}] | del(.definitions.v1alpha1ResourceNode.properties.resourceRef) ' \
+    > "${SWAGGER_OUT}"

    /bin/rm "${PRIMARY_SWAGGER}" "${COMBINED_SWAGGER}"
 }
@@ -153,3 +139,4 @@ clean_swagger server
 clean_swagger reposerver
 clean_swagger controller
 clean_swagger cmpserver
+
--- a/hack/update-codegen.sh
+++ b/hack/update-codegen.sh
@@ -19,31 +19,21 @@ set -o errexit
 set -o nounset
 set -o pipefail

-PROJECT_ROOT=$(
-  cd $(dirname ${BASH_SOURCE})/..
-  pwd
-)
+PROJECT_ROOT=$(cd $(dirname ${BASH_SOURCE})/..; pwd)
 PATH="${PROJECT_ROOT}/dist:${PATH}"
-GOPATH=$(go env GOPATH)
-GOPATH_PROJECT_ROOT="${GOPATH}/src/github.com/argoproj/argo-cd"

 TARGET_SCRIPT=/tmp/generate-groups.sh

 # codegen utilities are installed outside of generate-groups.sh so remove the `go install` step in the script.
-sed -e '/go install/d' ${PROJECT_ROOT}/vendor/k8s.io/code-generator/generate-groups.sh >${TARGET_SCRIPT}
+sed -e '/go install/d' ${PROJECT_ROOT}/vendor/k8s.io/code-generator/generate-groups.sh > ${TARGET_SCRIPT}

 # generate-groups.sh assumes codegen utilities are installed to GOBIN, but we just ensure the CLIs
 # are in the path and invoke them without assumption of their location
 sed -i.bak -e 's#${gobin}/##g' ${TARGET_SCRIPT}

 [ -e ./v2 ] || ln -s . v2
-[ -e "${GOPATH_PROJECT_ROOT}" ] || (mkdir -p "$(dirname "${GOPATH_PROJECT_ROOT}")" && ln -s "${PROJECT_ROOT}" "${GOPATH_PROJECT_ROOT}")
-
 bash -x ${TARGET_SCRIPT} "deepcopy,client,informer,lister" \
  github.com/argoproj/argo-cd/v2/pkg/client github.com/argoproj/argo-cd/v2/pkg/apis \
  "application:v1alpha1" \
-  --go-header-file "${PROJECT_ROOT}/hack/custom-boilerplate.go.txt" \
-  --output-base "${GOPATH}/src"
-
-[ -L "${GOPATH_PROJECT_ROOT}" ] && rm -rf "${GOPATH_PROJECT_ROOT}"
-[ -L ./v2 ] && rm -rf v2
+  --go-header-file ${PROJECT_ROOT}/hack/custom-boilerplate.go.txt
+[ -e ./v2 ] && rm -rf v2
--- a/hack/update-openapi.sh
+++ b/hack/update-openapi.sh
@@ -5,30 +5,20 @@ set -o errexit
 set -o nounset
 set -o pipefail

-PROJECT_ROOT=$(
-  cd $(dirname "$0")/..
-  pwd
-)
+PROJECT_ROOT=$(cd $(dirname "$0")/.. ; pwd)
 PATH="${PROJECT_ROOT}/dist:${PATH}"
-GOPATH=$(go env GOPATH)
-GOPATH_PROJECT_ROOT="${GOPATH}/src/github.com/argoproj/argo-cd"
-
 VERSION="v1alpha1"
-
+ 
 [ -e ./v2 ] || ln -s . v2
-[ -e "${GOPATH_PROJECT_ROOT}" ] || (mkdir -p "$(dirname "${GOPATH_PROJECT_ROOT}")" && ln -s "${PROJECT_ROOT}" "${GOPATH_PROJECT_ROOT}")
-
 openapi-gen \
  --go-header-file ${PROJECT_ROOT}/hack/custom-boilerplate.go.txt \
  --input-dirs github.com/argoproj/argo-cd/v2/pkg/apis/application/${VERSION} \
  --output-package github.com/argoproj/argo-cd/v2/pkg/apis/application/${VERSION} \
  --report-filename pkg/apis/api-rules/violation_exceptions.list \
-  --output-base "${GOPATH}/src" \
  $@
-
-[ -L "${GOPATH_PROJECT_ROOT}" ] && rm -rf "${GOPATH_PROJECT_ROOT}"
-[ -L ./v2 ] && rm -rf v2
+[ -e ./v2 ] && rm -rf v2

 export GO111MODULE=on
-go build -o ./dist/gen-crd-spec "${PROJECT_ROOT}/hack/gen-crd-spec"
+go build -o ./dist/gen-crd-spec ${PROJECT_ROOT}/hack/gen-crd-spec
 ./dist/gen-crd-spec
+
--- a/manifests/base/application-controller-deployment/argocd-application-controller-service.yaml
+++ b/manifests/base/application-controller-deployment/argocd-application-controller-service.yaml
@@ -14,7 +14,7 @@ spec:
    targetPort: 8082
  - name: metrics
    protocol: TCP
-    port: 8082
-    targetPort: 8082
+    port: 8084
+    targetPort: 8084
  selector:
    app.kubernetes.io/name: argocd-application-controller
--- a/manifests/base/application-controller-deployment/argocd-application-controller-statefulset.yaml
+++ b/manifests/base/application-controller-deployment/argocd-application-controller-statefulset.yaml
@@ -1,15 +0,0 @@
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
-  name: argocd-application-controller
-spec:
-  replicas: 0
-  template:
-    spec:
-      containers:
-      - name: argocd-application-controller
-        args:
-        - /usr/local/bin/argocd-application-controller
-        env:
-        - name: ARGOCD_CONTROLLER_REPLICAS
-          value: "0"
--- a/manifests/base/application-controller-deployment/kustomization.yaml
+++ b/manifests/base/application-controller-deployment/kustomization.yaml
@@ -2,8 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

 resources:
- ../application-controller-roles
 - argocd-application-controller-service.yaml
- argocd-application-controller-statefulset.yaml
 - argocd-application-controller-deployment.yaml
-
--- a/manifests/base/application-controller-roles/kustomization.yaml
+++ b/manifests/base/application-controller-roles/kustomization.yaml
@@ -1,7 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
- argocd-application-controller-sa.yaml
- argocd-application-controller-role.yaml
- argocd-application-controller-rolebinding.yaml
--- a/manifests/base/application-controller-roles/argocd-application-controller-role.yaml
+++ b/manifests/base/application-controller-roles/argocd-application-controller-role.yaml
--- a/manifests/base/application-controller-roles/argocd-application-controller-rolebinding.yaml
+++ b/manifests/base/application-controller-roles/argocd-application-controller-rolebinding.yaml
--- a/manifests/base/application-controller-roles/argocd-application-controller-sa.yaml
+++ b/manifests/base/application-controller-roles/argocd-application-controller-sa.yaml
--- a/manifests/base/application-controller/kustomization.yaml
+++ b/manifests/base/application-controller/kustomization.yaml
@@ -2,7 +2,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

 resources:
- ../application-controller-roles
+- argocd-application-controller-sa.yaml
+- argocd-application-controller-role.yaml
+- argocd-application-controller-rolebinding.yaml
 - argocd-application-controller-statefulset.yaml
 - argocd-metrics.yaml
 - argocd-application-controller-network-policy.yaml
--- a/manifests/base/kustomization.yaml
+++ b/manifests/base/kustomization.yaml
@@ -5,7 +5,7 @@ kind: Kustomization
 images:
 - name: quay.io/argoproj/argocd
  newName: quay.io/argoproj/argocd
-  newTag: latest
+  newTag: v2.10.0-rc3
 resources:
 - ./application-controller
 - ./dex
--- a/manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrole.yaml
+++ b/manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrole.yaml
@@ -1,88 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/name: argocd-applicationset-controller
-    app.kubernetes.io/part-of: argocd
-    app.kubernetes.io/component: applicationset-controller
-  name: argocd-applicationset-controller
-rules:
- apiGroups:
-  - argoproj.io
-  resources:
-  - applications
-  - applicationsets
-  - applicationsets/finalizers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
- apiGroups:
-  - argoproj.io
-  resources:
-  - applicationsets/status
-  verbs:
-  - get
-  - patch
-  - update
- apiGroups:
-  - argoproj.io
-  resources:
-  - appprojects
-  verbs:
-  - get
- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - watch
- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-  - update
-  - delete
-  - get
-  - list
-  - patch
-  - watch
- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
- apiGroups:
-  - apps
-  - extensions
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
--- a/manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrolebinding.yaml
+++ b/manifests/cluster-rbac/applicationset-controller/argocd-applicationset-controller-clusterrolebinding.yaml
@@ -1,16 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/name: argocd-applicationset-controller
-    app.kubernetes.io/part-of: argocd
-    app.kubernetes.io/component: applicationset-controller
-  name: argocd-applicationset-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argocd-applicationset-controller
-subjects:
- kind: ServiceAccount
-  name: argocd-applicationset-controller
-  namespace: argocd
--- a/manifests/cluster-rbac/applicationset-controller/kustomization.yaml
+++ b/manifests/cluster-rbac/applicationset-controller/kustomization.yaml
@@ -1,6 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
- argocd-applicationset-controller-clusterrole.yaml
- argocd-applicationset-controller-clusterrolebinding.yaml
--- a/manifests/cluster-rbac/kustomization.yaml
+++ b/manifests/cluster-rbac/kustomization.yaml
@@ -3,5 +3,4 @@ kind: Kustomization

 resources:
 - ./application-controller
- ./applicationset-controller
 - ./server
--- a/manifests/core-install.yaml
+++ b/manifests/core-install.yaml
@@ -1726,19 +1726,6 @@ spec:
                      description: ID is an auto incrementing identifier of the RevisionHistory
                      format: int64
                      type: integer
-                    initiatedBy:
-                      description: InitiatedBy contains information about who initiated
-                        the operations
-                      properties:
-                        automated:
-                          description: Automated is set to true if operation was initiated
-                            automatically by the application controller.
-                          type: boolean
-                        username:
-                          description: Username contains the name of a user who started
-                            operation
-                          type: string
-                      type: object
                    revision:
                      description: Revision holds the revision the sync was performed
                        against
@@ -21039,7 +21026,7 @@ spec:
              key: applicationsetcontroller.enable.scm.providers
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -21363,7 +21350,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -21415,7 +21402,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -21676,7 +21663,7 @@ spec:
              key: controller.diff.server.side
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: argocd-application-controller
        ports:
--- a/manifests/core-install/kustomization.yaml
+++ b/manifests/core-install/kustomization.yaml
@@ -12,4 +12,4 @@ resources:
 images:
 - name: quay.io/argoproj/argocd
  newName: quay.io/argoproj/argocd
-  newTag: latest
+  newTag: v2.10.0-rc3
--- a/manifests/crds/application-crd.yaml
+++ b/manifests/crds/application-crd.yaml
@@ -1725,19 +1725,6 @@ spec:
                      description: ID is an auto incrementing identifier of the RevisionHistory
                      format: int64
                      type: integer
-                    initiatedBy:
-                      description: InitiatedBy contains information about who initiated
-                        the operations
-                      properties:
-                        automated:
-                          description: Automated is set to true if operation was initiated
-                            automatically by the application controller.
-                          type: boolean
-                        username:
-                          description: Username contains the name of a user who started
-                            operation
-                          type: string
-                      type: object
                    revision:
                      description: Revision holds the revision the sync was performed
                        against
--- a/manifests/ha/base/controller-deployment/kustomization.yaml
+++ b/manifests/ha/base/controller-deployment/kustomization.yaml
@@ -1,17 +1,20 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization

+
 patches:
- path: argocd-application-controller-statefulset.yaml
 - path: argocd-repo-server-deployment.yaml
 - path: argocd-server-deployment.yaml
+- path: argocd-application-controller-statefulset.yaml
 - path: argocd-cmd-params-cm.yaml

+
 images:
 - name: quay.io/argoproj/argocd
  newName: quay.io/argoproj/argocd
  newTag: latest
 resources:
+- ../../../base/application-controller
 - ../../../base/application-controller-deployment
 - ../../../base/applicationset-controller
 - ../../../base/dex
--- a/manifests/ha/base/kustomization.yaml
+++ b/manifests/ha/base/kustomization.yaml
@@ -12,7 +12,7 @@ patches:
 images:
 - name: quay.io/argoproj/argocd
  newName: quay.io/argoproj/argocd
-  newTag: latest
+  newTag: v2.10.0-rc3
 resources:
 - ../../base/application-controller
 - ../../base/applicationset-controller
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -1726,19 +1726,6 @@ spec:
                      description: ID is an auto incrementing identifier of the RevisionHistory
                      format: int64
                      type: integer
-                    initiatedBy:
-                      description: InitiatedBy contains information about who initiated
-                        the operations
-                      properties:
-                        automated:
-                          description: Automated is set to true if operation was initiated
-                            automatically by the application controller.
-                          type: boolean
-                        username:
-                          description: Username contains the name of a user who started
-                            operation
-                          type: string
-                      type: object
                    revision:
                      description: Revision holds the revision the sync was performed
                        against
@@ -20868,95 +20855,6 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/component: applicationset-controller
-    app.kubernetes.io/name: argocd-applicationset-controller
-    app.kubernetes.io/part-of: argocd
-  name: argocd-applicationset-controller
-rules:
- apiGroups:
-  - argoproj.io
-  resources:
-  - applications
-  - applicationsets
-  - applicationsets/finalizers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
- apiGroups:
-  - argoproj.io
-  resources:
-  - applicationsets/status
-  verbs:
-  - get
-  - patch
-  - update
- apiGroups:
-  - argoproj.io
-  resources:
-  - appprojects
-  verbs:
-  - get
- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - watch
- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-  - update
-  - delete
-  - get
-  - list
-  - patch
-  - watch
- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
- apiGroups:
-  - apps
-  - extensions
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
 metadata:
  labels:
    app.kubernetes.io/component: server
@@ -21138,23 +21036,6 @@ subjects:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/component: applicationset-controller
-    app.kubernetes.io/name: argocd-applicationset-controller
-    app.kubernetes.io/part-of: argocd
-  name: argocd-applicationset-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argocd-applicationset-controller
-subjects:
- kind: ServiceAccount
-  name: argocd-applicationset-controller
-  namespace: argocd
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
 metadata:
  labels:
    app.kubernetes.io/component: server
@@ -22402,7 +22283,7 @@ spec:
              key: applicationsetcontroller.enable.scm.providers
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -22525,7 +22406,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: copyutil
        securityContext:
@@ -22607,7 +22488,7 @@ spec:
              key: notificationscontroller.selfservice.enabled
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          tcpSocket:
@@ -22962,7 +22843,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -23014,7 +22895,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -23327,7 +23208,7 @@ spec:
              key: server.k8sclient.retry.base.backoff
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
@@ -23615,7 +23496,7 @@ spec:
              key: controller.diff.server.side
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: argocd-application-controller
        ports:
--- a/manifests/ha/namespace-install.yaml
+++ b/manifests/ha/namespace-install.yaml
@@ -1668,7 +1668,7 @@ spec:
              key: applicationsetcontroller.enable.scm.providers
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -1791,7 +1791,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: copyutil
        securityContext:
@@ -1873,7 +1873,7 @@ spec:
              key: notificationscontroller.selfservice.enabled
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          tcpSocket:
@@ -2228,7 +2228,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -2280,7 +2280,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -2593,7 +2593,7 @@ spec:
              key: server.k8sclient.retry.base.backoff
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
@@ -2881,7 +2881,7 @@ spec:
              key: controller.diff.server.side
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: argocd-application-controller
        ports:
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -1726,19 +1726,6 @@ spec:
                      description: ID is an auto incrementing identifier of the RevisionHistory
                      format: int64
                      type: integer
-                    initiatedBy:
-                      description: InitiatedBy contains information about who initiated
-                        the operations
-                      properties:
-                        automated:
-                          description: Automated is set to true if operation was initiated
-                            automatically by the application controller.
-                          type: boolean
-                        username:
-                          description: Username contains the name of a user who started
-                            operation
-                          type: string
-                      type: object
                    revision:
                      description: Revision holds the revision the sync was performed
                        against
@@ -20827,95 +20814,6 @@ rules:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/component: applicationset-controller
-    app.kubernetes.io/name: argocd-applicationset-controller
-    app.kubernetes.io/part-of: argocd
-  name: argocd-applicationset-controller
-rules:
- apiGroups:
-  - argoproj.io
-  resources:
-  - applications
-  - applicationsets
-  - applicationsets/finalizers
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
- apiGroups:
-  - argoproj.io
-  resources:
-  - applicationsets/status
-  verbs:
-  - get
-  - patch
-  - update
- apiGroups:
-  - argoproj.io
-  resources:
-  - appprojects
-  verbs:
-  - get
- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - get
-  - list
-  - patch
-  - watch
- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - create
-  - update
-  - delete
-  - get
-  - list
-  - patch
-  - watch
- apiGroups:
-  - ""
-  resources:
-  - secrets
-  verbs:
-  - get
-  - list
-  - watch
- apiGroups:
-  - apps
-  - extensions
-  resources:
-  - deployments
-  verbs:
-  - get
-  - list
-  - watch
- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
 metadata:
  labels:
    app.kubernetes.io/component: server
@@ -21065,23 +20963,6 @@ subjects:
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/component: applicationset-controller
-    app.kubernetes.io/name: argocd-applicationset-controller
-    app.kubernetes.io/part-of: argocd
-  name: argocd-applicationset-controller
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: argocd-applicationset-controller
-subjects:
- kind: ServiceAccount
-  name: argocd-applicationset-controller
-  namespace: argocd
---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
 metadata:
  labels:
    app.kubernetes.io/component: server
@@ -21497,7 +21378,7 @@ spec:
              key: applicationsetcontroller.enable.scm.providers
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -21620,7 +21501,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: copyutil
        securityContext:
@@ -21702,7 +21583,7 @@ spec:
              key: notificationscontroller.selfservice.enabled
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          tcpSocket:
@@ -22008,7 +21889,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -22060,7 +21941,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -22371,7 +22252,7 @@ spec:
              key: server.k8sclient.retry.base.backoff
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
@@ -22659,7 +22540,7 @@ spec:
              key: controller.diff.server.side
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: argocd-application-controller
        ports:
--- a/manifests/namespace-install.yaml
+++ b/manifests/namespace-install.yaml
@@ -763,7 +763,7 @@ spec:
              key: applicationsetcontroller.enable.scm.providers
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: argocd-applicationset-controller
        ports:
@@ -886,7 +886,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /shared/argocd-dex
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: copyutil
        securityContext:
@@ -968,7 +968,7 @@ spec:
              key: notificationscontroller.selfservice.enabled
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          tcpSocket:
@@ -1274,7 +1274,7 @@ spec:
          value: /helm-working-dir
        - name: HELM_DATA_HOME
          value: /helm-working-dir
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          failureThreshold: 3
@@ -1326,7 +1326,7 @@ spec:
        - -n
        - /usr/local/bin/argocd
        - /var/run/argocd/argocd-cmp-server
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        name: copyutil
        securityContext:
          allowPrivilegeEscalation: false
@@ -1637,7 +1637,7 @@ spec:
              key: server.k8sclient.retry.base.backoff
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        livenessProbe:
          httpGet:
@@ -1925,7 +1925,7 @@ spec:
              key: controller.diff.server.side
              name: argocd-cmd-params-cm
              optional: true
-        image: quay.io/argoproj/argocd:latest
+        image: quay.io/argoproj/argocd:v2.10.0-rc3
        imagePullPolicy: Always
        name: argocd-application-controller
        ports:
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -128,7 +128,6 @@ nav:
    - operator-manual/server-commands/additional-configuration-method.md
  - Upgrading:
    - operator-manual/upgrading/overview.md
-    - operator-manual/upgrading/2.10-2.11.md
    - operator-manual/upgrading/2.9-2.10.md
    - operator-manual/upgrading/2.8-2.9.md
    - operator-manual/upgrading/2.7-2.8.md
--- a/pkg/apis/application/v1alpha1/generated.pb.go
+++ b/pkg/apis/application/v1alpha1/generated.pb.go
--- a/pkg/apis/application/v1alpha1/generated.proto
+++ b/pkg/apis/application/v1alpha1/generated.proto
@@ -22,9 +22,6 @@ message AWSAuthConfig {

  // RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.
  optional string roleARN = 2;
-
-  // Profile contains optional role ARN. If set then AWS IAM Authenticator uses the profile to perform cluster operations instead of the default AWS credential provider chain.
-  optional string profile = 3;
 }

 // AppProject provides a logical grouping of applications, providing controls for:
@@ -1898,9 +1895,6 @@ message RevisionHistory {

  // Revisions holds the revision of each source in sources field the sync was performed against
  repeated string revisions = 9;
-
-  // InitiatedBy contains information about who initiated the operations
-  optional OperationInitiator initiatedBy = 10;
 }

 // RevisionMetadata contains metadata for a specific revision in a Git repository
--- a/pkg/apis/application/v1alpha1/openapi_generated.go
+++ b/pkg/apis/application/v1alpha1/openapi_generated.go
@@ -191,13 +191,6 @@ func schema_pkg_apis_application_v1alpha1_AWSAuthConfig(ref common.ReferenceCall
 							Format:      "",
 						},
 					},
-					"profile": {
-						SchemaProps: spec.SchemaProps{
-							Description: "Profile contains optional role ARN. If set then AWS IAM Authenticator uses the profile to perform cluster operations instead of the default AWS credential provider chain.",
-							Type:        []string{"string"},
-							Format:      "",
-						},
-					},
 				},
 			},
 		},
@@ -6669,19 +6662,12 @@ func schema_pkg_apis_application_v1alpha1_RevisionHistory(ref common.ReferenceCa
 							},
 						},
 					},
-					"initiatedBy": {
-						SchemaProps: spec.SchemaProps{
-							Description: "InitiatedBy contains information about who initiated the operations",
-							Default:     map[string]interface{}{},
-							Ref:         ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OperationInitiator"),
-						},
-					},
 				},
 				Required: []string{"deployedAt", "id"},
 			},
 		},
 		Dependencies: []string{
-			"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSource", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.OperationInitiator", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
+			"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSource", "k8s.io/apimachinery/pkg/apis/meta/v1.Time"},
 	}
 }

--- a/pkg/apis/application/v1alpha1/repository_types.go
+++ b/pkg/apis/application/v1alpha1/repository_types.go
@@ -196,7 +196,7 @@ func (repo *Repository) GetGitCreds(store git.CredsStore) git.Creds {
 		return git.NewHTTPSCreds(repo.Username, repo.Password, repo.TLSClientCertData, repo.TLSClientCertKey, repo.IsInsecure(), repo.Proxy, store, repo.ForceHttpBasicAuth)
 	}
 	if repo.SSHPrivateKey != "" {
-		return git.NewSSHCreds(repo.SSHPrivateKey, getCAPath(repo.Repo), repo.IsInsecure(), store, repo.Proxy)
+		return git.NewSSHCreds(repo.SSHPrivateKey, getCAPath(repo.Repo), repo.IsInsecure(), store)
 	}
 	if repo.GithubAppPrivateKey != "" && repo.GithubAppId != 0 && repo.GithubAppInstallationId != 0 {
 		return git.NewGitHubAppCreds(repo.GithubAppId, repo.GithubAppInstallationId, repo.GithubAppPrivateKey, repo.GitHubAppEnterpriseBaseURL, repo.Repo, repo.TLSClientCertData, repo.TLSClientCertKey, repo.IsInsecure(), repo.Proxy, store)
--- a/pkg/apis/application/v1alpha1/types.go
+++ b/pkg/apis/application/v1alpha1/types.go
@@ -1401,8 +1401,6 @@ type RevisionHistory struct {
 	Sources ApplicationSources `json:"sources,omitempty" protobuf:"bytes,8,opt,name=sources"`
 	// Revisions holds the revision of each source in sources field the sync was performed against
 	Revisions []string `json:"revisions,omitempty" protobuf:"bytes,9,opt,name=revisions"`
-	// InitiatedBy contains information about who initiated the operations
-	InitiatedBy OperationInitiator `json:"initiatedBy,omitempty" protobuf:"bytes,10,opt,name=initiatedBy"`
 }

 // ApplicationWatchEvent contains information about application change.
@@ -1856,9 +1854,6 @@ type AWSAuthConfig struct {

 	// RoleARN contains optional role ARN. If set then AWS IAM Authenticator assume a role to perform cluster operations instead of the default AWS credential provider chain.
 	RoleARN string `json:"roleARN,omitempty" protobuf:"bytes,2,opt,name=roleARN"`
-
-	// Profile contains optional role ARN. If set then AWS IAM Authenticator uses the profile to perform cluster operations instead of the default AWS credential provider chain.
-	Profile string `json:"profile,omitempty" protobuf:"bytes,3,opt,name=profile"`
 }

 // ExecProviderConfig is config used to call an external command to perform cluster authentication
@@ -2990,9 +2985,6 @@ func (c *Cluster) RawRestConfig() *rest.Config {
 			if c.Config.AWSAuthConfig.RoleARN != "" {
 				args = append(args, "--role-arn", c.Config.AWSAuthConfig.RoleARN)
 			}
-			if c.Config.AWSAuthConfig.Profile != "" {
-				args = append(args, "--profile", c.Config.AWSAuthConfig.Profile)
-			}
 			config = &rest.Config{
 				Host:            c.Server,
 				TLSClientConfig: tlsClientConfig,
--- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
+++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go
@@ -3689,7 +3689,6 @@ func (in *RevisionHistory) DeepCopyInto(out *RevisionHistory) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	out.InitiatedBy = in.InitiatedBy
 	return
 }

--- a/reposerver/cache/cache.go
+++ b/reposerver/cache/cache.go
@@ -12,6 +12,7 @@ import (

 	"github.com/argoproj/gitops-engine/pkg/utils/text"
 	"github.com/go-git/go-git/v5/plumbing"
+	"github.com/redis/go-redis/v9"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"

@@ -43,7 +44,7 @@ func NewCache(cache *cacheutil.Cache, repoCacheExpiration time.Duration, revisio
 	return &Cache{cache, repoCacheExpiration, revisionCacheExpiration}
 }

-func AddCacheFlagsToCmd(cmd *cobra.Command, opts ...cacheutil.Options) func() (*Cache, error) {
+func AddCacheFlagsToCmd(cmd *cobra.Command, opts ...func(client *redis.Client)) func() (*Cache, error) {
 	var repoCacheExpiration time.Duration
 	var revisionCacheExpiration time.Duration

@@ -224,12 +225,6 @@ func LogDebugManifestCacheKeyFields(message string, reason string, revision stri
 	}
 }

-func (c *Cache) SetNewRevisionManifests(newRevision string, revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace string, trackingMethod string, appLabelKey string, appName string, refSourceCommitSHAs ResolvedRevisions) error {
-	oldKey := manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs)
-	newKey := manifestCacheKey(newRevision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs)
-	return c.cache.RenameItem(oldKey, newKey, c.repoCacheExpiration)
-}
-
 func (c *Cache) GetManifests(revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace string, trackingMethod string, appLabelKey string, appName string, res *CachedManifestResponse, refSourceCommitSHAs ResolvedRevisions) error {
 	err := c.cache.GetItem(manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs), res)

--- a/reposerver/metrics/githandlers_test.go
+++ b/reposerver/metrics/githandlers_test.go
@@ -1,122 +0,0 @@
-package metrics
-
-import (
-	"os"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-	"golang.org/x/sync/semaphore"
-)
-
-func TestMain(m *testing.M) {
-	os.Exit(m.Run())
-}
-
-func TestEdgeCasesAndErrorHandling(t *testing.T) {
-	tests := []struct {
-		name     string
-		setup    func()
-		teardown func()
-		testFunc func(t *testing.T)
-	}{
-		{
-			name: "lsRemoteParallelismLimitSemaphore is nil",
-			testFunc: func(t *testing.T) {
-				lsRemoteParallelismLimitSemaphore = nil
-				assert.NotPanics(t, func() {
-					NewGitClientEventHandlers(&MetricsServer{})
-				})
-			},
-		},
-		{
-			name: "lsRemoteParallelismLimitSemaphore is not nil",
-			setup: func() {
-				lsRemoteParallelismLimitSemaphore = semaphore.NewWeighted(1)
-			},
-			teardown: func() {
-				lsRemoteParallelismLimitSemaphore = nil
-			},
-			testFunc: func(t *testing.T) {
-				assert.NotPanics(t, func() {
-					NewGitClientEventHandlers(&MetricsServer{})
-				})
-			},
-		},
-		{
-			name: "lsRemoteParallelismLimitSemaphore is not nil and Acquire returns error",
-			setup: func() {
-				lsRemoteParallelismLimitSemaphore = semaphore.NewWeighted(1)
-			},
-			teardown: func() {
-				lsRemoteParallelismLimitSemaphore = nil
-			},
-			testFunc: func(t *testing.T) {
-				assert.NotPanics(t, func() {
-					NewGitClientEventHandlers(&MetricsServer{})
-				})
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.setup != nil {
-				tt.setup()
-			}
-			if tt.teardown != nil {
-				defer tt.teardown()
-			}
-			tt.testFunc(t)
-		})
-	}
-}
-
-func TestSemaphoreFunctionality(t *testing.T) {
-	os.Setenv("ARGOCD_GIT_LSREMOTE_PARALLELISM_LIMIT", "1")
-
-	tests := []struct {
-		name     string
-		setup    func()
-		teardown func()
-		testFunc func(t *testing.T)
-	}{
-		{
-			name: "lsRemoteParallelismLimitSemaphore is not nil",
-			setup: func() {
-				lsRemoteParallelismLimitSemaphore = semaphore.NewWeighted(1)
-			},
-			teardown: func() {
-				lsRemoteParallelismLimitSemaphore = nil
-			},
-			testFunc: func(t *testing.T) {
-				assert.NotPanics(t, func() {
-					NewGitClientEventHandlers(&MetricsServer{})
-				})
-			},
-		},
-		{
-			name: "lsRemoteParallelismLimitSemaphore is not nil and Acquire returns error",
-			setup: func() {
-				lsRemoteParallelismLimitSemaphore = semaphore.NewWeighted(1)
-			},
-			teardown: func() {
-				lsRemoteParallelismLimitSemaphore = nil
-			},
-			testFunc: func(t *testing.T) {
-				assert.NotPanics(t, func() {
-					NewGitClientEventHandlers(&MetricsServer{})
-				})
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			if tt.setup != nil {
-				tt.setup()
-			}
-			if tt.teardown != nil {
-				defer tt.teardown()
-			}
-			tt.testFunc(t)
-		})
-	}
-}
--- a/resource_customizations/cloudfront.aws.crossplane.io/Distribution/health.lua
+++ b/resource_customizations/cloudfront.aws.crossplane.io/Distribution/health.lua
@@ -1,42 +0,0 @@
-local hs = {}
-if obj.status ~= nil then
-  if obj.status.conditions ~= nil then
-    local ready = false
-    local synced = false
-    local suspended = false
-
-    for i, condition in ipairs(obj.status.conditions) do
-
-      if condition.type == "Ready" then
-        ready = condition.status == "True"
-        ready_message = condition.reason
-      elseif condition.type == "Synced" then
-        synced = condition.status == "True"
-        if condition.reason == "ReconcileError" then
-          synced_message = condition.message
-        elseif condition.reason == "ReconcilePaused" then
-          suspended = true
-          suspended_message = condition.reason
-        end
-      end
-    end
-    if ready and synced then
-      hs.status = "Healthy"
-      hs.message = ready_message
-    elseif synced == false and suspended == true then
-      hs.status = "Suspended"
-      hs.message = suspended_message
-    elseif ready == false and synced == true and suspended == false then
-      hs.status = "Progressing"
-      hs.message = "Waiting for distribution to be available"
-    else
-      hs.status = "Degraded"
-      hs.message = synced_message
-    end
-    return hs
-  end
-end
-
-hs.status = "Progressing"
-hs.message = "Waiting for distribution to be created"
-return hs
--- a/resource_customizations/cloudfront.aws.crossplane.io/Distribution/health_test.yaml
+++ b/resource_customizations/cloudfront.aws.crossplane.io/Distribution/health_test.yaml
@@ -1,37 +0,0 @@
-tests:
- healthStatus:
-    status: Progressing
-    message: Waiting for distribution to be available
-  inputPath: testdata/progressing_creating.yaml
- healthStatus:
-    status: Progressing
-    message: Waiting for distribution to be available
-  inputPath: testdata/progressing_noavailable.yaml
- healthStatus:
-    status: Progressing
-    message: Waiting for distribution to be available
-  inputPath: testdata/progressing.yaml
- healthStatus:
-    status: Progressing
-    message: Waiting for distribution to be created
-  inputPath: testdata/progressing_noStatus.yaml
- healthStatus:
-    status: Degraded
-    message: >
-      update failed: cannot update Distribution in AWS: InvalidParameter: 2
-      validation error(s) found.
-
-      - missing required field,
-      UpdateDistributionInput.DistributionConfig.Origins.Items[0].DomainName.
-
-      - missing required field,
-      UpdateDistributionInput.DistributionConfig.Origins.Items[0].Id.
-  inputPath: testdata/degraded_reconcileError.yaml
- healthStatus:
-    status: Suspended
-    message: ReconcilePaused
-  inputPath: testdata/suspended.yaml
- healthStatus:
-    status: Healthy
-    message: Available
-  inputPath: testdata/healthy.yaml
--- a/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/degraded_reconcileError.yaml
+++ b/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/degraded_reconcileError.yaml
@@ -1,96 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  creationTimestamp: '2024-01-17T07:26:02Z'
-  generation: 2
-  name: crossplane.io
-  resourceVersion: '261942288'
-  uid: 4b50c88b-165c-4176-be8e-aa28fdec0a94
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - HEAD
-            - GET
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ''
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ''
-        enabled: false
-        includeCookies: false
-        prefix: ''
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
-status:
-  conditions:
-    - lastTransitionTime: '2024-01-17T07:26:02Z'
-      message: >
-        update failed: cannot update Distribution in AWS: InvalidParameter: 2
-        validation error(s) found.
-
-        - missing required field,
-        UpdateDistributionInput.DistributionConfig.Origins.Items[0].DomainName.
-
-        - missing required field,
-        UpdateDistributionInput.DistributionConfig.Origins.Items[0].Id.
-      reason: ReconcileError
-      status: 'False'
-      type: Synced
-    - lastTransitionTime: '2024-01-17T07:26:03Z'
-      reason: Available
-      status: 'True'
-      type: Ready
--- a/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/healthy.yaml
+++ b/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/healthy.yaml
@@ -1,92 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  creationTimestamp: "2023-09-07T01:01:16Z"
-  generation: 121
-  name: crossplane.io
-  resourceVersion: "254225966"
-  uid: 531d989c-a3d2-4ab4-841d-ab380cce0bdb
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - HEAD
-            - GET
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ''
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ''
-        enabled: false
-        includeCookies: false
-        prefix: ''
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customHeaders: {}
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-            domainName: crossplane.io
-            id: crossplane.io
-            originShield:
-              enabled: false
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
-status:
-  conditions:
-    - lastTransitionTime: "2024-01-11T06:23:18Z"
-      reason: ReconcileSuccess
-      status: "True"
-      type: Synced
-    - lastTransitionTime: "2024-01-10T03:23:02Z"
-      reason: Available
-      status: "True"
-      type: Ready
--- a/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/progressing.yaml
+++ b/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/progressing.yaml
@@ -1,92 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  creationTimestamp: '2023-06-16T04:42:04Z'
-  generation: 37
-  name: crossplane.io
-  resourceVersion: '254326453'
-  uid: fd357670-b762-4285-ae83-00859c40dd6b
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - GET
-            - HEAD
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ""
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ""
-        enabled: false
-        includeCookies: false
-        prefix: ""
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customHeaders: {}
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-            domainName: crossplane.io
-            id: crossplane.io
-            originShield:
-              enabled: false
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
-status:
-  conditions:
-    - lastTransitionTime: '2024-01-11T08:11:27Z'
-      reason: Unavailable
-      status: 'False'
-      type: Ready
-    - lastTransitionTime: '2024-01-11T08:11:02Z'
-      reason: ReconcileSuccess
-      status: 'True'
-      type: Synced
--- a/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/progressing_creating.yaml
+++ b/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/progressing_creating.yaml
@@ -1,92 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  creationTimestamp: "2023-09-07T01:01:16Z"
-  generation: 121
-  name: crossplane.io
-  resourceVersion: "254225966"
-  uid: 531d989c-a3d2-4ab4-841d-ab380cce0bdb
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - GET
-            - HEAD
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ""
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ""
-        enabled: false
-        includeCookies: false
-        prefix: ""
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customHeaders: {}
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-            domainName: crossplane.io
-            id: crossplane.io
-            originShield:
-              enabled: false
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
-status:
-  conditions:
-    - lastTransitionTime: "2023-11-16T04:44:27Z"
-      reason: Creating
-      status: "False"
-      type: Ready
-    - lastTransitionTime: "2023-11-16T04:44:25Z"
-      reason: ReconcileSuccess
-      status: "True"
-      type: Synced
--- a/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/progressing_noStatus.yaml
+++ b/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/progressing_noStatus.yaml
@@ -1,82 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  creationTimestamp: "2023-09-07T01:01:16Z"
-  generation: 121
-  name: crossplane.io
-  resourceVersion: "254225966"
-  uid: 531d989c-a3d2-4ab4-841d-ab380cce0bdb
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - GET
-            - HEAD
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ""
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ""
-        enabled: false
-        includeCookies: false
-        prefix: ""
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customHeaders: {}
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-            domainName: crossplane.io
-            id: crossplane.io
-            originShield:
-              enabled: false
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
--- a/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/progressing_noavailable.yaml
+++ b/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/progressing_noavailable.yaml
@@ -1,88 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  generation: 1
-  name: crossplane.io
-  resourceVersion: "261937039"
-  uid: a52c105f-b0e1-4027-aa19-7e93f269f2a6
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - GET
-            - HEAD
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ""
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ""
-        enabled: false
-        includeCookies: false
-        prefix: ""
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customHeaders: {}
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-            domainName: crossplane.io
-            id: crossplane.io
-            originShield:
-              enabled: false
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
-status:
-  atProvider: {}
-  conditions:
-    - lastTransitionTime: "2024-01-17T07:20:35Z"
-      reason: ReconcileSuccess
-      status: "True"
-      type: Synced
--- a/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/suspended.yaml
+++ b/resource_customizations/cloudfront.aws.crossplane.io/Distribution/testdata/suspended.yaml
@@ -1,94 +0,0 @@
-apiVersion: cloudfront.aws.crossplane.io/v1alpha1
-kind: Distribution
-metadata:
-  annotations:
-    crossplane.io/paused: "true"
-  creationTimestamp: "2023-06-16T04:42:04Z"
-  generation: 34
-  name: crossplane.io
-  resourceVersion: "254259056"
-  uid: fd357670-b762-4285-ae83-00859c40dd6b
-spec:
-  deletionPolicy: Orphan
-  forProvider:
-    distributionConfig:
-      comment: 'crossplane'
-      customErrorResponses:
-        items: []
-      defaultCacheBehavior:
-        allowedMethods:
-          cachedMethods:
-            items:
-              - HEAD
-              - GET
-          items:
-            - GET
-            - HEAD
-        compress: false
-        defaultTTL: 600
-        fieldLevelEncryptionID: ""
-        forwardedValues:
-          cookies:
-            forward: none
-          headers:
-            items: []
-          queryString: false
-          queryStringCacheKeys: {}
-        functionAssociations: {}
-        lambdaFunctionAssociations: {}
-        maxTTL: 600
-        minTTL: 0
-        smoothStreaming: false
-        targetOriginID: crossplane.io
-        trustedKeyGroups:
-          enabled: false
-        trustedSigners:
-          enabled: false
-        viewerProtocolPolicy: allow-all
-      defaultRootObject: index.html
-      enabled: true
-      httpVersion: http2
-      isIPV6Enabled: true
-      logging:
-        bucket: ""
-        enabled: false
-        includeCookies: false
-        prefix: ""
-      originGroups: {}
-      origins:
-        items:
-          - connectionAttempts: 3
-            connectionTimeout: 10
-            customHeaders: {}
-            customOriginConfig:
-              httpPort: 8080
-              httpSPort: 443
-              originKeepaliveTimeout: 5
-              originProtocolPolicy: http-only
-              originReadTimeout: 10
-              originSSLProtocols:
-                items:
-                  - TLSv1
-                  - TLSv1.1
-                  - TLSv1.2
-            domainName: crossplane.io
-            id: crossplane.io
-            originShield:
-              enabled: false
-      priceClass: PriceClass_200
-      restrictions:
-        geoRestriction:
-          restrictionType: none
-    region: ap-northeast-2
-  providerConfigRef:
-    name: crossplane
-status:
-  conditions:
-    - lastTransitionTime: "2023-10-16T07:40:47Z"
-      reason: Available
-      status: "True"
-      type: Ready
-    - lastTransitionTime: "2024-01-11T06:59:47Z"
-      reason: ReconcilePaused
-      status: "False"
-      type: Synced
--- a/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/health_test.yaml
+++ b/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/health_test.yaml
@@ -1,25 +0,0 @@
-tests:
- healthStatus:
-    status: Progressing
-    message: Waiting for resourcrecordset to be available
-  inputPath: testdata/progressing_creating.yaml
- healthStatus:
-    status: Progressing
-    message: Waiting for resourcrecordset to be created
-  inputPath: testdata/progressing_noStatus.yaml
- healthStatus:
-    status: Degraded
-    message: >-
-      create failed: failed to create the ResourceRecordSet resource:
-      InvalidChangeBatch: [RRSet of type CNAME with DNS name
-      www.crossplane.io. is not permitted as it conflicts with other
-      records with the same DNS name in zone crossplane.io.]
-  inputPath: testdata/degraded_reconcileError.yaml
- healthStatus:
-    status: Suspended
-    message: ReconcilePaused
-  inputPath: testdata/suspended_reconcilePaused.yaml
- healthStatus:
-    status: Healthy
-    message: Available
-  inputPath: testdata/healthy.yaml
--- a/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/heatlh.lua
+++ b/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/heatlh.lua
@@ -1,41 +0,0 @@
-local hs = {}
-if obj.status ~= nil then
-  if obj.status.conditions ~= nil then
-    local ready = false
-    local synced = false
-    local suspended = false
-    for i, condition in ipairs(obj.status.conditions) do
-
-      if condition.type == "Ready" then
-        ready = condition.status == "True"
-        ready_message = condition.reason
-      elseif condition.type == "Synced" then
-        synced = condition.status == "True"
-        if condition.reason == "ReconcileError" then
-          synced_message = condition.message
-        elseif condition.reason == "ReconcilePaused" then
-          suspended = true
-          suspended_message = condition.reason
-        end
-      end
-    end
-    if ready and synced then
-      hs.status = "Healthy"
-      hs.message = ready_message
-    elseif synced == false and suspended == true then
-      hs.status = "Suspended"
-      hs.message = suspended_message
-    elseif ready == false and synced == true and suspended == false then
-      hs.status = "Progressing"
-      hs.message = "Waiting for resourcrecordset to be available"
-    else
-      hs.status = "Degraded"
-      hs.message = synced_message
-    end
-    return hs
-  end
-end
-
-hs.status = "Progressing"
-hs.message = "Waiting for resourcrecordset to be created"
-return hs
--- a/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/degraded_reconcileError.yaml
+++ b/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/degraded_reconcileError.yaml
@@ -1,35 +0,0 @@
-apiVersion: route53.aws.crossplane.io/v1alpha1
-kind: ResourceRecordSet
-metadata:
-  creationTimestamp: '2024-01-11T03:48:32Z'
-  generation: 1
-  name: www-domain
-  resourceVersion: '187731157'
-  selfLink: /apis/route53.aws.crossplane.io/v1alpha1/resourcerecordsets/www-domain
-  uid: c9c85395-0830-4549-b255-e9e426663547
-spec:
-  providerConfigRef:
-    name: crossplane
-  forProvider:
-    resourceRecords:
-      - value: www.crossplane.io
-    setIdentifier: www
-    ttl: 60
-    type: CNAME
-    weight: 0
-    zoneId: ABCDEFGAB07CD
-status:
-  conditions:
-    - lastTransitionTime: '2024-01-11T03:48:57Z'
-      message: >-
-        create failed: failed to create the ResourceRecordSet resource:
-        InvalidChangeBatch: [RRSet of type CNAME with DNS name
-        www.crossplane.io. is not permitted as it conflicts with other
-        records with the same DNS name in zone crossplane.io.]
-      reason: ReconcileError
-      status: 'False'
-      type: Synced
-    - lastTransitionTime: '2024-01-11T03:48:34Z'
-      reason: Creating
-      status: 'False'
-      type: Ready
--- a/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/healthy.yaml
+++ b/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/healthy.yaml
@@ -1,29 +0,0 @@
-apiVersion: route53.aws.crossplane.io/v1alpha1
-kind: ResourceRecordSet
-metadata:
-  creationTimestamp: "2023-11-16T04:44:19Z"
-  generation: 4
-  name: www-domain
-  resourceVersion: "140397563"
-  selfLink: /apis/route53.aws.crossplane.io/v1alpha1/resourcerecordsets/www-domain
-  uid: 11f0d48d-134f-471b-9340-b6d45d953fcb
-spec:
-  providerConfigRef:
-    name: crossplane
-  forProvider:
-    zoneId: A1B2C3D4
-    type: A
-    aliasTarget:
-      dnsName: abcdefg.cloudfront.net.
-      evaluateTargetHealth: false
-      hostedZoneId: AZBZCZDEFG
-status:
-  conditions:
-  - lastTransitionTime: "2023-11-16T04:44:27Z"
-    reason: Available
-    status: "True"
-    type: Ready
-  - lastTransitionTime: "2023-11-16T04:44:25Z"
-    reason: ReconcileSuccess
-    status: "True"
-    type: Synced
--- a/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/progressing_creating.yaml
+++ b/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/progressing_creating.yaml
@@ -1,29 +0,0 @@
-apiVersion: route53.aws.crossplane.io/v1alpha1
-kind: ResourceRecordSet
-metadata:
-  creationTimestamp: "2023-11-16T04:44:19Z"
-  generation: 4
-  name: www-domain
-  resourceVersion: "140397563"
-  selfLink: /apis/route53.aws.crossplane.io/v1alpha1/resourcerecordsets/www-domain
-  uid: 11f0d48d-134f-471b-9340-b6d45d953fcb
-spec:
-  providerConfigRef:
-    name: crossplane
-  forProvider:
-    zoneId: A1B2C3D4
-    type: A
-    aliasTarget:
-      dnsName: abcdefg.cloudfront.net.
-      evaluateTargetHealth: false
-      hostedZoneId: AZBZCZDEFG
-status:
-  conditions:
-  - lastTransitionTime: "2023-11-16T04:44:27Z"
-    reason: Creating
-    status: "False"
-    type: Ready
-  - lastTransitionTime: "2023-11-16T04:44:25Z"
-    reason: ReconcileSuccess
-    status: "True"
-    type: Synced
--- a/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/progressing_noStatus.yaml
+++ b/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/progressing_noStatus.yaml
@@ -1,19 +0,0 @@
-apiVersion: route53.aws.crossplane.io/v1alpha1
-kind: ResourceRecordSet
-metadata:
-  creationTimestamp: "2023-11-16T04:44:19Z"
-  generation: 4
-  name: www-domain
-  resourceVersion: "140397563"
-  selfLink: /apis/route53.aws.crossplane.io/v1alpha1/resourcerecordsets/www-domain
-  uid: 11f0d48d-134f-471b-9340-b6d45d953fcb
-spec:
-  providerConfigRef:
-    name: crossplane
-  forProvider:
-    zoneId: A1B2C3D4
-    type: A
-    aliasTarget:
-      dnsName: abcdefg.cloudfront.net.
-      evaluateTargetHealth: false
-      hostedZoneId: AZBZCZDEFG
--- a/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/suspended_reconcilePaused.yaml
+++ b/resource_customizations/route53.aws.crossplane.io/ResourceRecordSet/testdata/suspended_reconcilePaused.yaml
@@ -1,27 +0,0 @@
-apiVersion: route53.aws.crossplane.io/v1alpha1
-kind: ResourceRecordSet
-metadata:
-  annotations:
-    crossplane.io/paused: "true"
-  creationTimestamp: "2024-01-11T04:16:15Z"
-  generation: 1
-  name: www-domain
-  resourceVersion: "187746011"
-  uid: 5517b419-5052-43d9-941e-c32f60d8c7e5
-spec:
-  providerConfigRef:
-    name: crossplane
-  forProvider:
-    resourceRecords:
-      - value: www.crossplane.io
-    setIdentifier: www
-    ttl: 60
-    type: CNAME
-    weight: 0
-    zoneId: ABCDEFGAB07CD
-status:
-  conditions:
-    - lastTransitionTime: "2024-01-11T04:16:16Z"
-      reason: ReconcilePaused
-      status: "False"
-      type: Synced
--- a/server/cache/cache.go
+++ b/server/cache/cache.go
@@ -6,6 +6,7 @@ import (
 	"math"
 	"time"

+	"github.com/redis/go-redis/v9"
 	"github.com/spf13/cobra"

 	appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
@@ -32,7 +33,7 @@ func NewCache(
 	return &Cache{cache, connectionStatusCacheExpiration, oidcCacheExpiration, loginAttemptsExpiration}
 }

-func AddCacheFlagsToCmd(cmd *cobra.Command, opts ...cacheutil.Options) func() (*Cache, error) {
+func AddCacheFlagsToCmd(cmd *cobra.Command, opts ...func(client *redis.Client)) func() (*Cache, error) {
 	var connectionStatusCacheExpiration time.Duration
 	var oidcCacheExpiration time.Duration
 	var loginAttemptsExpiration time.Duration
--- a/server/server.go
+++ b/server/server.go
@@ -214,7 +214,6 @@ type ArgoCDServerOpts struct {
 	AppClientset          appclientset.Interface
 	RepoClientset         repoapiclient.Clientset
 	Cache                 *servercache.Cache
-	RepoServerCache       *repocache.Cache
 	RedisClient           *redis.Client
 	TLSConfigCustomizer   tlsutil.ConfigCustomizer
 	XFrameOptions         string
@@ -1033,7 +1032,7 @@ func (a *ArgoCDServer) newHTTPServer(ctx context.Context, port int, grpcWebHandl

 	// Webhook handler for git events (Note: cache timeouts are hardcoded because API server does not write to cache and not really using them)
 	argoDB := db.NewDB(a.Namespace, a.settingsMgr, a.KubeClientset)
-	acdWebhookHandler := webhook.NewHandler(a.Namespace, a.ArgoCDServerOpts.ApplicationNamespaces, a.AppClientset, a.settings, a.settingsMgr, a.RepoServerCache, a.Cache, argoDB)
+	acdWebhookHandler := webhook.NewHandler(a.Namespace, a.ArgoCDServerOpts.ApplicationNamespaces, a.AppClientset, a.settings, a.settingsMgr, repocache.NewCache(a.Cache.GetCache(), 24*time.Hour, 3*time.Minute), a.Cache, argoDB)

 	mux.HandleFunc("/api/webhook", acdWebhookHandler.Handler)

--- a/ui-test/yarn.lock
+++ b/ui-test/yarn.lock
@@ -540,9 +540,9 @@ flat@^5.0.2:
  integrity sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==

 follow-redirects@^1.14.0:
-  version "1.15.5"
-  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.5.tgz#54d4d6d062c0fa7d9d17feb008461550e3ba8020"
-  integrity sha512-vSFWUON1B+yAw1VN4xMfxgn5fTUiaOzAJCKBwIIgT/+7CuGy9+r+5gITvP62j3RmaD5Ph65UaERdOSRGUzZtgw==
+  version "1.14.9"
+  resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.14.9.tgz#dd4ea157de7bfaf9ea9b3fbd85aa16951f78d8d7"
+  integrity sha512-MQDfihBQYMcyy5dhRDJUHcw7lb2Pv/TuE6xP1vyraLukNDHKbDxDNaOE3NbCAdKQApno+GPRyo1YAp89yCjK4w==

 foreach@^2.0.5:
  version "2.0.5"
--- a/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx
+++ b/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx
@@ -1,5 +1,4 @@
 import {DataLoader, DropDownMenu, Duration} from 'argo-ui';
-import {InitiatedBy} from './initiated-by';
 import * as moment from 'moment';
 import * as React from 'react';
 import {Revision, Timestamp} from '../../../shared/components';
@@ -43,12 +42,6 @@ export const ApplicationDeploymentHistory = ({
                            <br />
                            {(info.deployStartedAt && <Duration durationMs={moment(info.deployedAt).diff(moment(info.deployStartedAt)) / 1000} />) || 'Unknown'}
                        </div>
-                        <div>
-                            <br />
-                            Initiated by:
-                            <br />
-                            <InitiatedBy username={info.initiatedBy.username} automated={info.initiatedBy.automated} />
-                        </div>
                        <div>
                            <br />
                            Active for:
--- a/ui/src/app/applications/components/application-deployment-history/initiated-by.tsx
+++ b/ui/src/app/applications/components/application-deployment-history/initiated-by.tsx
@@ -1,6 +0,0 @@
-import * as React from 'react';
-
-export const InitiatedBy = (props: {username: string; automated: boolean}) => {
-    const initiator = props.automated ? 'automated sync policy' : props.username || 'Unknown';
-    return <span>{initiator}</span>;
-};
--- a/ui/src/app/settings/components/repo-details/repo-details.tsx
+++ b/ui/src/app/settings/components/repo-details/repo-details.tsx
@@ -65,8 +65,7 @@ export const RepoDetails = (props: {repo: models.Repository; save?: (params: New
        enableLfs: repo.enableLfs || false,
        proxy: repo.proxy || '',
        project: repo.project || '',
-        enableOCI: repo.enableOCI || false,
-        forceHttpBasicAuth: repo.forceHttpBasicAuth || false
+        enableOCI: repo.enableOCI || false
    };

    return (
--- a/ui/src/app/shared/models.ts
+++ b/ui/src/app/shared/models.ts
@@ -297,7 +297,6 @@ export interface RevisionHistory {
    sources: ApplicationSource[];
    deployStartedAt: models.Time;
    deployedAt: models.Time;
-    initiatedBy: OperationInitiator;
 }

 export type SyncStatusCode = 'Unknown' | 'Synced' | 'OutOfSync';
--- a/ui/src/app/shared/services/repo-service.ts
+++ b/ui/src/app/shared/services/repo-service.ts
@@ -62,9 +62,7 @@ export class RepositoriesService {
        insecure,
        enableLfs,
        proxy,
-        project,
-        forceHttpBasicAuth,
-        enableOCI
+        project
    }: {
        type: string;
        name: string;
@@ -77,12 +75,10 @@ export class RepositoriesService {
        enableLfs: boolean;
        proxy: string;
        project?: string;
-        forceHttpBasicAuth?: boolean;
-        enableOCI: boolean;
    }): Promise<models.Repository> {
        return requests
            .put(`/repositories/${encodeURIComponent(url)}`)
-            .send({type, name, repo: url, username, password, tlsClientCertData, tlsClientCertKey, insecure, enableLfs, proxy, project, forceHttpBasicAuth, enableOCI})
+            .send({type, name, repo: url, username, password, tlsClientCertData, tlsClientCertKey, insecure, enableLfs, proxy, project})
            .then(res => res.body as models.Repository);
    }

--- a/Show More
+++ b/Show More