Bump version to 2.2.16

docs: fix 'bellow' typos (#11038 )
2026-02-21 01:58:46 +01:00 · 2022-11-01 20:26:51 +00:00 · 2022-11-01 20:26:33 +00:00 · 2022-10-22 20:16:36 -04:00 · 2022-10-21 11:26:15 -04:00 · 2022-10-21 11:26:15 -04:00
604 changed files with 4343 additions and 55918 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -6,7 +6,7 @@ labels: 'bug'
 assignees: ''
 ---

-<!-- If you are trying to resolve an environment-specific issue or have a one-off question about the edge case that does not require a feature then please consider asking a question in argocd slack [channel](https://argoproj.github.io/community/join-slack). -->
+If you are trying to resolve an environment-specific issue or have a one-off question about the edge case that does not require a feature then please consider asking a question in argocd slack [channel](https://argoproj.github.io/community/join-slack).

 Checklist:

@@ -16,19 +16,19 @@ Checklist:

 **Describe the bug**

-<!-- A clear and concise description of what the bug is. -->
+A clear and concise description of what the bug is.

 **To Reproduce**

-<!-- A list of the steps required to reproduce the issue. Best of all, give us the URL to a repository that exhibits this issue. -->
+A list of the steps required to reproduce the issue. Best of all, give us the URL to a repository that exhibits this issue.

 **Expected behavior**

-<!-- A clear and concise description of what you expected to happen. -->
+A clear and concise description of what you expected to happen.

 **Screenshots**

-<!-- If applicable, add screenshots to help explain your problem. -->
+If applicable, add screenshots to help explain your problem.

 **Version**

--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -9,20 +9,38 @@ on:
  pull_request:
    branches:
      - 'master'
+      - 'release-*'

 env:
  # Golang version to use across CI steps
-  GOLANG_VERSION: '1.17'
+  GOLANG_VERSION: '1.16.11'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true

 jobs:
+  build-docker:
+    name: Build Docker image
+    runs-on: ubuntu-latest
+    if: github.head_ref != ''
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Build Docker image
+        run: |
+          make image
  check-go:
    name: Ensure Go modules synchronicity
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Setup Golang
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v3
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Download all Go modules
@@ -38,13 +56,13 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Setup Golang
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v3
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Restore go build cache
-        uses: actions/cache@v1
+        uses: actions/cache@v3
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -55,11 +73,14 @@ jobs:
        run: make build-local

  lint-go:
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
    name: Lint Go code
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Run golangci-lint
        uses: golangci/golangci-lint-action@v3
        with:
@@ -75,11 +96,11 @@ jobs:
      - name: Create checkout directory
        run: mkdir -p ~/go/src/github.com/argoproj
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Create symlink in GOPATH
        run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
      - name: Setup Golang
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v3
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Install required packages
@@ -99,7 +120,7 @@ jobs:
        run: |
          echo "/usr/local/bin" >> $GITHUB_PATH
      - name: Restore go build cache
-        uses: actions/cache@v1
+        uses: actions/cache@v3
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -135,11 +156,11 @@ jobs:
      - name: Create checkout directory
        run: mkdir -p ~/go/src/github.com/argoproj
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Create symlink in GOPATH
        run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
      - name: Setup Golang
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v3
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Install required packages
@@ -159,7 +180,7 @@ jobs:
        run: |
          echo "/usr/local/bin" >> $GITHUB_PATH
      - name: Restore go build cache
-        uses: actions/cache@v1
+        uses: actions/cache@v3
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -186,9 +207,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Setup Golang
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v3
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Create symlink in GOPATH
@@ -233,14 +254,14 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Setup NodeJS
        uses: actions/setup-node@v1
        with:
          node-version: '12.18.4'
      - name: Restore node dependency cache
        id: cache-dependencies
-        uses: actions/cache@v1
+        uses: actions/cache@v3
        with:
          path: ui/node_modules
          key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -254,7 +275,6 @@ jobs:
        env:
          NODE_ENV: production
          NODE_ONLINE_ENV: online
-          HOST_ARCH: amd64
        working-directory: ui/
      - name: Run ESLint
        run: yarn lint
@@ -270,12 +290,12 @@ jobs:
      sonar_secret: ${{ secrets.SONAR_TOKEN }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Restore node dependency cache
        id: cache-dependencies
-        uses: actions/cache@v1
+        uses: actions/cache@v3
        with:
          path: ui/node_modules
          key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -331,7 +351,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        k3s-version: [v1.23.3, v1.22.6, v1.21.2]
+        k3s-version: [v1.21.2, v1.20.2, v1.19.2]
    needs: 
      - build-go
    env:
@@ -346,9 +366,9 @@ jobs:
      ARGOCD_SERVER: "127.0.0.1:8088"
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Setup Golang
-        uses: actions/setup-go@v1
+        uses: actions/setup-go@v3
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: GH actions workaround - Kill XSP4 process
@@ -366,7 +386,7 @@ jobs:
          sudo chown runner $HOME/.kube/config
          kubectl version
      - name: Restore go build cache
-        uses: actions/cache@v1
+        uses: actions/cache@v3
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -376,13 +396,10 @@ jobs:
      - name: Add /usr/local/bin to PATH
        run: |
          echo "/usr/local/bin" >> $GITHUB_PATH
-      - name: Add ./dist to PATH
-        run: |
-          echo "$(pwd)/dist" >> $GITHUB_PATH
      - name: Download Go dependencies
        run: |
          go mod download
-          go install github.com/mattn/goreman@latest
+          go get github.com/mattn/goreman
      - name: Install all tools required for building & testing
        run: |
          make install-test-tools-local
@@ -392,7 +409,7 @@ jobs:
          git config --global user.email "john.doe@example.com"
      - name: Pull Docker image required for tests
        run: |
-          docker pull quay.io/dexidp/dex:v2.25.0
+          docker pull ghcr.io/dexidp/dex:v2.35.3-distroless
          docker pull argoproj/argo-cd-ci-builder:v1.0.0
          docker pull redis:6.2.7-alpine
      - name: Create target directory for binaries in the build-process
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -6,8 +6,19 @@ on:
  schedule:
    - cron: '0 19 * * 0'

+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
 jobs:
  CodeQL-Build:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
    if: github.repository == 'argoproj/argo-cd'

    # CodeQL runs on ubuntu-latest and windows-latest
@@ -15,7 +26,7 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
      with:
        # We must fetch at least the immediate parents so that if this is
        # a pull request then we can checkout the head.
@@ -25,7 +36,7 @@ jobs:
    # the head of the pull request instead of the merge commit.
    - run: git checkout HEAD^2
      if: ${{ github.event_name == 'pull_request' }}
-      
+
    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v1
--- a/.github/workflows/gh-pages.yaml
+++ b/.github/workflows/gh-pages.yaml
@@ -0,0 +1,23 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - 'master'
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Setup Python
+        uses: actions/setup-python@v1
+        with:
+          python-version: 3.9.8
+      - name: build
+        run: |
+          pip install -r docs/requirements.txt
+          mkdocs build
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -4,22 +4,27 @@ on:
  push:
    branches:
      - master
-  pull_request:
-    branches:
-      - master
-    types: [ labeled, unlabeled, opened, synchronize, reopened ]

 env:
-  GOLANG_VERSION: '1.17'
+  GOLANG_VERSION: '1.16.11'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true

 jobs:
  publish:
+    permissions:
+      contents: write  # for git to push upgrade commit if not already deployed
    if: github.repository == 'argoproj/argo-cd'
    runs-on: ubuntu-latest
    env:
      GOPATH: /home/runner/work/argo-cd/argo-cd
    steps:
-      - uses: actions/setup-go@v1
+      - uses: actions/setup-go@v3
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - uses: actions/checkout@master
@@ -31,36 +36,44 @@ jobs:
        working-directory: ./src/github.com/argoproj/argo-cd
        id: image

-      # login
+      # build
+      - run: |
+          docker images -a --format "{{.ID}}" | xargs -I {} docker rmi {}
+          make image DEV_IMAGE=true DOCKER_PUSH=false IMAGE_NAMESPACE=ghcr.io/argoproj IMAGE_TAG=${{ steps.image.outputs.tag }}
+        working-directory: ./src/github.com/argoproj/argo-cd
+
+      # publish
      - run: |
          docker login ghcr.io --username $USERNAME --password $PASSWORD
-          docker login quay.io --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
-        if: github.event_name == 'push'
+          docker push ghcr.io/argoproj/argocd:${{ steps.image.outputs.tag }}
+
+          docker login --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
+          docker tag ghcr.io/argoproj/argocd:${{ steps.image.outputs.tag }} argoproj/argocd:latest
+          docker push argoproj/argocd:latest
        env:
          USERNAME: ${{ secrets.USERNAME }}
          PASSWORD: ${{ secrets.TOKEN }}
-          DOCKER_USERNAME: ${{ secrets.RELEASE_QUAY_USERNAME }}
-          DOCKER_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }}
+          DOCKER_USERNAME: ${{ secrets.RELEASE_DOCKERHUB_USERNAME }}
+          DOCKER_TOKEN: ${{ secrets.RELEASE_DOCKERHUB_TOKEN }}

-      # build
-      - uses: docker/setup-qemu-action@v1
-      - uses: docker/setup-buildx-action@v1
-      - run: |
-          IMAGE_PLATFORMS=linux/amd64
-          if [[ "${{ github.event_name }}" == "push" || "${{ contains(github.event.pull_request.labels.*.name, 'test-arm-image') }}" == "true" ]]
-          then
-            IMAGE_PLATFORMS=linux/amd64,linux/arm64
-          fi
-          echo "Building image for platforms: $IMAGE_PLATFORMS"
-          docker buildx build --platform $IMAGE_PLATFORMS --push="${{ github.event_name == 'push' }}" \
-            -t ghcr.io/argoproj/argocd:${{ steps.image.outputs.tag }} \
-            -t quay.io/argoproj/argocd:latest .
-        working-directory: ./src/github.com/argoproj/argo-cd
+      # sign container images
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.13.0'

+      - name: Sign Argo CD latest image
+        run: |
+          cosign sign --key env://COSIGN_PRIVATE_KEY quay.io/argoproj/argocd:latest
+          # Displays the public key to share.
+          cosign public-key --key env://COSIGN_PRIVATE_KEY
+        env:
+          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+        if: ${{ github.event_name == 'push' }}

      # deploy
      - run: git clone "https://$TOKEN@github.com/argoproj/argoproj-deployments"
-        if: github.event_name == 'push'
        env:
          TOKEN: ${{ secrets.TOKEN }}
      - run: |
@@ -68,6 +81,5 @@ jobs:
          git config --global user.email 'ci@argoproj.com'
          git config --global user.name 'CI'
          git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ steps.image.outputs.tag }}' && git push)
-        if: github.event_name == 'push'
        working-directory: argoproj-deployments/argocd
      # TODO: clean up old images once github supports it: https://github.community/t5/How-to-use-Git-and-GitHub/Deleting-images-from-GitHub-Package-Registry/m-p/41202/thread-id/9811
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -12,12 +12,16 @@ on:
      - '!release-v0*'

 env:
-    GOLANG_VERSION: '1.17'
+    GOLANG_VERSION: '1.16.11'
+
+permissions:
+  contents: read

 jobs:
  prepare-release:
+    permissions:
+      contents: write # To push changes to release branch
    name: Perform automatic release on trigger ${{ github.ref }}
-    if: github.repository == 'argoproj/argo-cd'
    runs-on: ubuntu-latest
    env:
      # The name of the tag as supplied by the GitHub event
@@ -38,7 +42,7 @@ jobs:
      GIT_EMAIL: argoproj@gmail.com
    steps:
      - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}
@@ -142,7 +146,7 @@ jobs:
          echo "RELEASE_NOTES=${RELEASE_NOTES}" >> $GITHUB_ENV

      - name: Setup Golang
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
        with:
          go-version: ${{ env.GOLANG_VERSION }}

@@ -183,7 +187,18 @@ jobs:
          echo "Creating release ${RELEASE_TAG}"
          git tag ${RELEASE_TAG}

-      - name: Login to docker repositories
+      - name: Build Docker image for release
+        run: |
+          set -ue
+          git clean -fd
+          mkdir -p dist/
+          make image IMAGE_TAG="${TARGET_VERSION}" DOCKER_PUSH=false
+          make release-cli
+          chmod +x ./dist/argocd-linux-amd64
+          ./dist/argocd-linux-amd64 version --client
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Push docker image to repository
        env:
          DOCKER_USERNAME: ${{ secrets.RELEASE_DOCKERHUB_USERNAME }}
          DOCKER_TOKEN: ${{ secrets.RELEASE_DOCKERHUB_TOKEN }}
@@ -192,28 +207,37 @@ jobs:
        run: |
          set -ue
          docker login quay.io --username "${QUAY_USERNAME}" --password "${QUAY_TOKEN}"
+          docker push ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION}
          # Remove the following when Docker Hub is gone
          docker login --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
-        if: ${{ env.DRY_RUN != 'true' }}
-
-
-      - uses: docker/setup-qemu-action@v1
-      - uses: docker/setup-buildx-action@v1
-      - name: Build and push Docker image for release
-        run: |
-          set -ue
-          git clean -fd
-          mkdir -p dist/
-          docker buildx build --platform linux/amd64,linux/arm64 --push -t ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION} -t argoproj/argocd:v${TARGET_VERSION} .
+          docker tag ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION} argoproj/argocd:v${TARGET_VERSION}
+          docker push argoproj/argocd:v${TARGET_VERSION}
          make release-cli
+          make checksums
          chmod +x ./dist/argocd-linux-amd64
          ./dist/argocd-linux-amd64 version --client
        if: ${{ env.DRY_RUN != 'true' }}

+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.13.0'
+
+      - name: Sign Argo CD container images and assets
+        run: |
+          cosign sign --key env://COSIGN_PRIVATE_KEY ${IMAGE_NAMESPACE}/argocd:v${TARGET_VERSION}
+          cosign sign-blob --key env://COSIGN_PRIVATE_KEY ./dist/argocd-${TARGET_VERSION}-checksums.txt > ./dist/argocd-${TARGET_VERSION}-checksums.sig
+          # Retrieves the public key to release as an asset
+          cosign public-key --key env://COSIGN_PRIVATE_KEY > ./dist/argocd-cosign.pub
+        env:
+          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+        if: ${{ env.DRY_RUN != 'true' }}
+
      - name: Read release notes file
        id: release-notes
        uses: juliangruber/read-file-action@v1
-        with: 
+        with:
          path: ${{ env.RELEASE_NOTES }}

      - name: Push changes to release branch
@@ -222,7 +246,7 @@ jobs:
          git push origin ${TARGET_BRANCH}
          git push origin ${RELEASE_TAG}

-      - name: Create GitHub release
+      - name: Dry run GitHub release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -233,61 +257,7 @@ jobs:
          draft: ${{ env.DRAFT_RELEASE }}
          prerelease: ${{ env.PRE_RELEASE }}
          body: ${{ steps.release-notes.outputs.content }}
-
-      - name: Upload argocd-linux-amd64 binary to release assets
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./dist/argocd-linux-amd64
-          asset_name: argocd-linux-amd64
-          asset_content_type: application/octet-stream
-        if: ${{ env.DRY_RUN != 'true' }}
-
-      - name: Upload argocd-linux-arm64 binary to release assets
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./dist/argocd-linux-arm64
-          asset_name: argocd-linux-arm64
-          asset_content_type: application/octet-stream
-        if: ${{ env.DRY_RUN != 'true' }}
-
-      - name: Upload argocd-darwin-amd64 binary to release assets
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./dist/argocd-darwin-amd64
-          asset_name: argocd-darwin-amd64
-          asset_content_type: application/octet-stream
-        if: ${{ env.DRY_RUN != 'true' }}
-
-      - name: Upload argocd-darwin-arm64 binary to release assets
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./dist/argocd-darwin-arm64
-          asset_name: argocd-darwin-arm64
-          asset_content_type: application/octet-stream
-        if: ${{ env.DRY_RUN != 'true' }}
-
-      - name: Upload argocd-windows-amd64 binary to release assets
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ./dist/argocd-windows-amd64.exe
-          asset_name: argocd-windows-amd64.exe
-          asset_content_type: application/octet-stream
-        if: ${{ env.DRY_RUN != 'true' }}
+        if: ${{ env.DRY_RUN == 'true' }}

      - name: Generate SBOM (spdx)
        id: spdx-builder
@@ -298,7 +268,7 @@ jobs:
          SIGS_BOM_VERSION: v0.2.1
          # comma delimited list of project relative folders to inspect for package
          # managers (gomod, yarn, npm).
-          PROJECT_FOLDERS: ".,./ui" 
+          PROJECT_FOLDERS: ".,./ui"
          # full qualified name of the docker image to be inspected
          DOCKER_IMAGE: ${{env.IMAGE_NAMESPACE}}/argocd:v${{env.TARGET_VERSION}}
        run: |
@@ -320,15 +290,28 @@ jobs:
          cd /tmp && tar -zcf sbom.tar.gz *.spdx
        if: ${{ env.DRY_RUN != 'true' }}

-      - name: Upload SBOM to release assets
-        uses: actions/upload-release-asset@v1
+      - name: Sign sbom
+        run: |
+          cosign sign-blob --key env://COSIGN_PRIVATE_KEY /tmp/sbom.tar.gz > /tmp/sbom.tar.gz.sig
+        env:
+          COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}}
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+        if: ${{ env.DRY_RUN != 'true' }}
+
+      - name: Create GitHub release
+        uses: softprops/action-gh-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: /tmp/sbom.tar.gz
-          asset_name: sbom.tar.gz
-          asset_content_type: application/octet-stream
+          name: ${{ env.RELEASE_TAG }}
+          tag_name: ${{ env.RELEASE_TAG }}
+          draft: ${{ env.DRAFT_RELEASE }}
+          prerelease: ${{ env.PRE_RELEASE }}
+          body: ${{ steps.release-notes.outputs.content }}
+          files: |
+            dist/argocd-*
+            /tmp/sbom.tar.gz
+            /tmp/sbom.tar.gz.sig
        if: ${{ env.DRY_RUN != 'true' }}

      - name: Update homebrew formula
--- a/.gitpod.Dockerfile
+++ b/.gitpod.Dockerfile
@@ -9,7 +9,7 @@ RUN curl -L https://go.kubebuilder.io/dl/2.3.1/$(go env GOOS)/$(go env GOARCH) |
    tar -xz -C /tmp/ && mv /tmp/kubebuilder_2.3.1_$(go env GOOS)_$(go env GOARCH) /usr/local/kubebuilder

 RUN apt-get install redis-server -y
-RUN go install github.com/mattn/goreman@latest
+RUN go get github.com/mattn/goreman

 USER gitpod

--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -2,5 +2,5 @@ image:
  file: .gitpod.Dockerfile

 tasks:
-  - init: make mod-download-local dep-ui-local && GO111MODULE=off go install github.com/mattn/goreman@latest
+  - init: make mod-download-local dep-ui-local && GO111MODULE=off go get github.com/mattn/goreman
    command: make start-test-k8s
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,224 +1,5 @@
 # Changelog

-## v2.3.0 (Unreleased)
-
-### Argo CD ApplicationSet and Notifications are now part of Argo CD
-
-Two popular [Argoproj Labs](https://github.com/argoproj-labs) projects [Argo CD ApplicationSet](https://github.com/argoproj/applicationset) and
-[Argo CD Notifications](https://github.com/argoproj-labs/argocd-notifications) are now part of Argo CD! The default Argo CD installation manifests now
-bundle both projects out of the box. Going forward you can expect more tightened integration of these projects into Argo CD.
-
-### New sync and diff strategies
-
-Users can now configure the Application resource to instruct Argo CD to consider the ignore difference setup during the sync process.
-In order to do so, add the new sync option RespectIgnoreDifferences=true in the Application resource. Once the sync option is added,
-Argo CD won't change ignored fields during the syncing process.
-
-Configuring ignored fields is also easier now. Instead of listing fields one by one users can now leverage the 
-managedFields metadata to instruct Argo CD about trusted managers and automatically ignore any fields owned by them. A new diff customization
-(managedFieldsManagers) is now available allowing users to specify managers the application should trust and to ignore all fields owned by those managers.
-Read more about these changes at [New sync and diff strategies in ArgoCD](https://blog.argoproj.io/new-sync-and-diff-strategies-in-argocd-44195d3f8b8c) blog post.
-
-### ARM Images
-
-An officially supported ARM 64 image is now available. Enjoy running Argo CD on your Raspberry Pi! Additionally, the image size was reduced by nearly ~50%
-and is only 200MB now. The ARM version of `argocd` CLI is also available and published as a Github release artifact.
-
-### Compact Tree View And Click Application Navigation
-
-The application details page now supports compact application resources tree visualization. Using the "Group Nodes" button, you can collapse the similar resources
-into a single group node to remove the clutter and make it easier to understand the state of application resources. You still can get detailed information about the collapsed resources by clicking on the group node. The list of collapsed resources will be available in a sliding panel. Compact resource tree is still too big?
-You can use the zoom in and zoom out feature to make it smaller - or even larger!
-
-You no longer need to move back and forth between the application details page and the application list page. Instead you can navigate directly to the required application by clicking the search icon in the application details page title.
-
-### Upgraded Config Management Tools
-
-Both bundled Helm and Kustomize binaries have been upgraded to the latest versions. Kustomize has been upgraded from 4.2.0 to 4.4.1 and Helm has been upgraded from 3.7.1 to 3.8.0.
-
-### Bug Fixes and Performance Enhancements
-
-* Config management tools enhancements:
-* The skipCrds flag and ability to ignore missing values files for Helm (#8012, #8003)
-* Additional environment variables for Kustomize (#8096)
-* Argo CD CLI follows the XDG Base directory standard (#7638)
-* Redis is no longer used during SSO login (#8241)
-
-
-### Features
-
- feat: Add app list and details page views to navigation history (#7776) (#7937)
- feat: Add skipCrds flag for helm charts (#8012)
- feat: Add visual indicator for newly created pods (#8006)
- feat: Added a new Helm option ignoreMissingValueFiles (#7767) (#8003)
- feat: Allow configuring system wide ignore differences for all resources (#8224)
- feat: Allow escaping dollar in Envsubst (#7961)
- feat: Allow external links on Application (#3487) (#8231)
- feat: Allow selecting application on detail page (#8176)
- feat: Bundle applicationset-controller with argocd (#8148)
- feat: Enable specifying root ca for oidc (#6712)
- feat: Expose ARGOCD_APP_NAME to the `kustomize build` command (#8096)
- feat: Ignore differences owned by trusted managers from managedFields (#7869)
- feat: New sync option to use ignore diff configs during sync (#8078)
- feat: Provide address flag for admin dashboard command (#8095)
- feat: Store "Group Nodes" button state in application details preferences (#8036)
- feat: Support specifying cluster by name in addition to API server URL in Cluster API (#8077)
- feat: Support XDG Base directory standard (#7638) (#7791)
- feat: Use encrypted cookie to store OAuth2 state nonce (instead of redis) (#8241)
- feat: Build images on PR and conditionally build arm64 image on push (#8108)
-
-### Bug Fixes
-
- fix: Add "Restarting MinIO" status to MiniO Tenant health check (#8191)
- fix: Add all resources in list view (#7295)
- fix: Adding pagination to grouped nodes sliding panel#7837 (#7915)
- fix: Allow all resources to add external links (#7923)
- fix: Always call ValidateDestination (#7976)
- fix: Application exist panic when execute api call (#8188)
- fix: Application-icons-alignment (#8054)
- fix: Controller panics if resource manifest has incorrect annotation (#8022)
- fix: Correctly handle project field during partial cluster update (#7994)
- fix: Default value for retry validation #8055 (#8064)
- fix: Fix a possible crash when parsing RBAC (#8165)
- fix: Grouped node list missing resources on Compact resources view #8014 (#8018)
- fix: Issue with headless installation (#7958)
- fix: Issue with project scoped resources (#8048)
- fix: Kubernetes labels normalization for Prometheus  (#7925)
- fix: Nested Refresh dropdown does not work on Application Details page #1524 (#7950)
- fix: Network line colors and menu icon alignment (#8059)
- fix: Opening app details shows UI error on some apps (#8016) (#8019)
- fix: Parse to correct uint32 type (#8177)
- fix: Prevent possible nil-pointer deref in normalizer (#8185)
- fix: Prevent possible out-of-bounds access when loading policies (#8186)
- fix: Provide a semantic version parsed version for KUBE_VERSION (#8250)
- fix: Refreshing label toast (#7979)
- fix: Resource details page crashes when resource is not deployed and hide managed fields is selected (#7971)
- fix: Retry disabled text (#8004)
- fix: Route health check stuck in 'Progressing' (#8170)
- fix: Sync window panel is crashed if resource name not contain letters (#8053)
- fix: Targetervision compatible without prefix refs/heads or refs/tags (#7939)
- fix: Trailing line in Filter Dropdown Menus #7821 (#8001)
- fix: Webhook URL matching edge cases (#7981)
- fix(ui): Use consistent case for diff modes (#7945)
- fix: Use gRPC timeout for sidecar CMPs (#8131) (#8236)
-
-### Other
-
- chore: Bump go-jsonnet to v0.18.0 (#8011)
- chore: Escape proj in regex (#7985)
- chore: Exclude argocd-server rbac for core-install (#8234)
- chore: Log out the resource triggering reconciliation (#8192)
- chore: Migrate to use golang-jwt/jwt v4.2.0 (#8136)
- chore: Move resolveRevision from api-server to repo-server (#7966)
- chore: Update notifications version (#8267)
- chore: Update slack version (#8299)
- chore: Update to Redis 6.2.4 (#8157)
- chore: Upgrade awscli to 2.4.6 and remove python deps (#7947)
- chore: Upgrade base image to ubuntu:21.10 (#8230)
- chore: Upgrade dex to v2.30.2 (https://github.com/dexidp/dex/issues/2326) (#8237)
- chore: Upgrade gitops engine (#8288)
- chore: Upgrade golang to 1.17.6 (#8229)
- chore: Upgrade helm to most recent version (v3.7.2) (#8226)
- chore: Upgrade k8s client to v1.23 (#8213)
- chore: Upgrade kustomize to most recent version (v4.4.1) (#8227)
- refactor: Introduce 'byClusterName' secret index to speedup cluster server URL lookup (#8133)
- refactor: Move project filtering to server side (#8102)
-
-## v2.2.3 (2022-01-18)
-
- fix: Application exist panic when execute api call (#8188)
- fix: Route health check stuck in 'Progressing' (#8170)
- refactor: Introduce 'byClusterName' secret index to speedup cluster server URL lookup (#8133)
- chore: Update to Redis 6.2.4 (#8157) (#8158)
-
-## v2.2.2 (2021-12-31)
-
- fix: Issue with project scoped resources (#8048)
- fix: Escape proj in regex (#7985)
- fix: Default value for retry validation #8055 (#8064)
- fix: Sync window panel is crashed if resource name not contain letters (#8053)
- fix: Upgrade github.com/argoproj/gitops-engine to v0.5.2
- fix: Retry disabled text (#8004)
- fix: Opening app details shows UI error on some apps (#8016) (#8019)
- fix: Correctly handle project field during partial cluster update (#7994)
- fix: Cluster API does not support updating labels and annotations (#7901)
-
-## v2.2.1 (2021-12-16)
-
- fix: Resource details page crashes when resource is not deployed and hide managed fields is selected (#7971)
- fix: Issue with headless installation (#7958)
- fix: Nil pointer (#7905)
-
-## v2.2.0 (2021-12-14)
-
-> [Upgrade instructions](./docs/operator-manual/upgrading/2.1-2.2.md)
-
-### Project Scoped repositories and clusters
-
-The project scoped repositories and clusters is a feature that simplifies registering the repositories and cluster credentials.
-Instead of requiring operators to set up in advance all clusters and git repositories that can be used, developers can now do
-this on their own in a self-service manner.
-
-### Config Management Plugins V2
-
-The Config Management Plugins V2 is set of enhancement of the existing config management plugins feature.
-The list includes improved installation experience, ability to package plugin into a separate image and
-improved plugin manifests discovery.
-
-### Resource tracking
-
-Argo CD has traditionally tracked the resources it manages by the well-known "app.kubernetes.io/instance" property.
-While using this property works ok in simple scenarios, it also has several limitations. ArgoCD now allows you to use
-a new annotation (argocd.argoproj.io/tracking-id) for tracking your resources. Using this annotation is a much more flexible approach
-as there are no conflicts with other Kubernetes tools, and you can easily install multiple Argo CD instances on the same clusters.
-
-### Bug Fixes and Performance Enhancements
-
-* Argo CD API server caches RBAC checks that significantly improves the GET /api/v1/applications API performance (#7587)
-* Argo CD RBAC supports regex matches (#7165)
-* Health check support for KubeVirt (#7176), Cassandra (#7017), Openshift Route (#7112), DeploymentConfig (#7114), Confluent (#6957) and SparkApplication (#7434) CRDs.
-* Persistent banner (#7312) with custom positioning (#7462)
-* Cluster name support in project destinations (#7198)
-* around 30 more features and a total of 84 bug fixes
-
-## v2.1.7 (2021-12-14)
-
- fix: issue with keepalive (#7861)
- fix nil pointer dereference error (#7905)
- fix: env vars to tune cluster cache were broken (#7779)
- fix: upgraded gitops engine to v0.4.2 (fixes #7561)
-
-
-## v2.1.6 (2021-11-16)
-
- fix: don't use revision caching during app creation (#7508)
- fix: supporting OCI dependencies. Fixes #6062 (#6994)
-
-## v2.1.5 (2021-11-16)
-
- fix: Invalid memory address or nil pointer dereference in processRequestedAppOperation (#7501)
-
-## v2.1.4 (2021-11-15)
-
- fix: Operation has completed with phase: Running (#7482)
- fix: Application status panel shows Syncing instead of Deleting (#7486)
- fix(ui): Add Error Boundary around Extensions and comply with new Extensions API (#7215)
-
-
-## v2.1.3 (2021-10-29)
-
- fix: core-install.yaml always refers to latest argocd image (#7321)
- fix: handle applicationset backup forbidden error (#7306)
- fix: Argo CD should not use cached git/helm revision during app creation/update validation (#7244)
-
-## v2.1.2 (2021-10-02)
-
- fix: cluster filter popping out of box (#7135)
- fix: gracefully shutdown metrics server when dex config changes (#7138)
- fix: upgrade gitops engine version to v0.4.1 (#7088)
- fix: repository name already exists when multiple helm dependencies  (#7096)
-
-
 ## v2.1.1 (2021-08-25)

 ### Bug Fixes
@@ -972,7 +753,7 @@ More documentation and tools are coming in patch releases.
 The Argo CD deletes all **in-flight** hooks if you terminate running sync operation. The hook state assessment change implemented in this release the Argo CD enables detection of 
 an in-flight state for all Kubernetes resources including `Deployment`, `PVC`, `StatefulSet`, `ReplicaSet` etc. So if you terminate the sync operation that has, for example,
 `StatefulSet` hook that is `Progressing` it will be deleted. The long-running jobs are not supposed to be used as a sync hook and you should consider using
-[Sync Waves](https://argo-cd.readthedocs.io/en/stable/user-guide/sync-waves/) instead.
+[Sync Waves](https://argoproj.github.io/argo-cd/user-guide/sync-waves/) instead.

 #### Enhancements
 * feat: Add custom health checks for cert-manager v0.11.0 (#2689) 
--- a/24
+++ b/24
@@ -4,7 +4,7 @@ ARG BASE_IMAGE=docker.io/library/ubuntu:22.04
 # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image
 # Also used as the image in CI jobs so needs all dependencies
 ####################################################################################################
-FROM docker.io/library/golang:1.17 as builder
+FROM docker.io/library/golang:1.16.11 as builder

 RUN echo 'deb http://deb.debian.org/debian buster-backports main' >> /etc/apt/sources.list

@@ -32,7 +32,6 @@ RUN ./install.sh ksonnet-linux
 RUN ./install.sh helm2-linux
 RUN ./install.sh helm-linux
 RUN ./install.sh kustomize-linux
-RUN ./install.sh awscli-linux

 ####################################################################################################
 # Argo CD Base - used as the base for both the release and dev argocd images
@@ -50,26 +49,26 @@ RUN groupadd -g 999 argocd && \
    chmod g=u /home/argocd && \
    apt-get update && \
    apt-get dist-upgrade -y && \
-    apt-get install -y git git-lfs tini gpg tzdata && \
+    apt-get install -y git git-lfs python3-pip tini gpg tzdata && \
    apt-get clean && \
+    pip3 install awscli==1.18.80 && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

+COPY hack/git-ask-pass.sh /usr/local/bin/git-ask-pass.sh
 COPY hack/gpg-wrapper.sh /usr/local/bin/gpg-wrapper.sh
 COPY hack/git-verify-wrapper.sh /usr/local/bin/git-verify-wrapper.sh
 COPY --from=builder /usr/local/bin/ks /usr/local/bin/ks
 COPY --from=builder /usr/local/bin/helm2 /usr/local/bin/helm2
 COPY --from=builder /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=builder /usr/local/bin/kustomize /usr/local/bin/kustomize
-COPY --from=builder /usr/local/aws-cli/v2/current/dist /usr/local/aws-cli/v2/current/dist
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 # keep uid_entrypoint.sh for backward compatibility
 RUN ln -s /usr/local/bin/entrypoint.sh /usr/local/bin/uid_entrypoint.sh
-RUN ln -s /usr/local/aws-cli/v2/current/dist/aws /usr/local/bin/aws

 # support for mounting configuration from a configmap
 RUN mkdir -p /app/config/ssh && \
    touch /app/config/ssh/ssh_known_hosts && \
-    ln -s /app/config/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts
+    ln -s /app/config/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts 

 RUN mkdir -p /app/config/tls
 RUN mkdir -p /app/config/gpg/source && \
@@ -91,18 +90,18 @@ FROM docker.io/library/node:12.18.4 as argocd-ui
 WORKDIR /src
 ADD ["ui/package.json", "ui/yarn.lock", "./"]

-RUN yarn install --network-timeout 200000
+RUN yarn install

 ADD ["ui/", "."]

 ARG ARGO_VERSION=latest
 ENV ARGO_VERSION=$ARGO_VERSION
-RUN HOST_ARCH='amd64' NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OPTIONS=--max_old_space_size=8192 yarn build
+RUN NODE_ENV='production' NODE_ONLINE_ENV='online' yarn build

 ####################################################################################################
 # Argo CD Build stage which performs the actual build of Argo CD binaries
 ####################################################################################################
-FROM docker.io/library/golang:1.17 as argocd-build
+FROM docker.io/library/golang:1.16.11 as argocd-build

 WORKDIR /go/src/github.com/argoproj/argo-cd

@@ -116,6 +115,12 @@ COPY . .
 COPY --from=argocd-ui /src/dist/app /go/src/github.com/argoproj/argo-cd/ui/dist/app
 RUN make argocd-all

+ARG BUILD_ALL_CLIS=true
+RUN if [ "$BUILD_ALL_CLIS" = "true" ] ; then \
+    make BIN_NAME=argocd-darwin-amd64 GOOS=darwin argocd-all && \
+    make BIN_NAME=argocd-windows-amd64.exe GOOS=windows argocd-all \
+    ; fi
+
 ####################################################################################################
 # Final image
 ####################################################################################################
@@ -128,6 +133,5 @@ RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server
 RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-cmp-server
 RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller
 RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex
-RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-notifications

 USER 999
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -3,11 +3,12 @@
 ####################################################################################################
 FROM argocd-base
 COPY argocd /usr/local/bin/
+COPY argocd-darwin-amd64 /usr/local/bin/
+COPY argocd-windows-amd64.exe /usr/local/bin/

 USER root
 RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server
 RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server
 RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller
 RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex
-RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-notifications
 USER 999
--- a/71
+++ b/71
@@ -4,8 +4,6 @@ DIST_DIR=${CURRENT_DIR}/dist
 CLI_NAME=argocd
 BIN_NAME=argocd

-GEN_RESOURCES_CLI_NAME=argocd-resources-gen
-
 HOST_OS:=$(shell go env GOOS)
 HOST_ARCH:=$(shell go env GOARCH)

@@ -15,7 +13,7 @@ GIT_COMMIT=$(shell git rev-parse HEAD)
 GIT_TAG=$(shell if [ -z "`git status --porcelain`" ]; then git describe --exact-match --tags HEAD 2>/dev/null; fi)
 GIT_TREE_STATE=$(shell if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)
 VOLUME_MOUNT=$(shell if test "$(go env GOOS)" = "darwin"; then echo ":delegated"; elif test selinuxenabled; then echo ":delegated"; else echo ""; fi)
-KUBECTL_VERSION=$(shell go list -m k8s.io/client-go | head -n 1 | rev | cut -d' ' -f1 | rev)
+KUBECTL_VERSION=$(shell go list -m all | grep k8s.io/client-go | cut -d ' ' -f5)

 GOPATH?=$(shell if test -x `which go`; then go env GOPATH; else echo "$(HOME)/go"; fi)
 GOCACHE?=$(HOME)/.cache/go-build
@@ -25,7 +23,7 @@ DOCKER_WORKDIR?=/go/src/github.com/argoproj/argo-cd

 ARGOCD_PROCFILE?=Procfile

-# Strict mode has been disabled in latest versions of mkdocs-material. 
+# Strict mode has been disabled in latest versions of mkdocs-material.
 # Thus pointing to the older image of mkdocs-material matching the version used by argo-cd.
 MKDOCS_DOCKER_IMAGE?=squidfunk/mkdocs-material:4.1.1
 MKDOCS_RUN_ARGS?=
@@ -47,7 +45,7 @@ ARGOCD_E2E_DEX_PORT?=5556
 ARGOCD_E2E_YARN_HOST?=localhost
 ARGOCD_E2E_DISABLE_AUTH?=

-ARGOCD_E2E_TEST_TIMEOUT?=30m
+ARGOCD_E2E_TEST_TIMEOUT?=20m

 ARGOCD_IN_CI?=false
 ARGOCD_TEST_E2E?=true
@@ -113,7 +111,7 @@ define run-in-test-client
 		bash -c "$(1)"
 endef

-# 
+#
 define exec-in-test-server
 	docker exec -it -u $(shell id -u):$(shell id -g) -e ARGOCD_E2E_K3S=$(ARGOCD_E2E_K3S) argocd-test-server $(1)
 endef
@@ -179,7 +177,7 @@ gogen: ensure-gopath
 	go generate ./util/argo/...

 .PHONY: protogen
-protogen: ensure-gopath mod-vendor-local
+protogen: ensure-gopath
 	export GO111MODULE=off
 	./hack/generate-proto.sh

@@ -188,16 +186,6 @@ openapigen: ensure-gopath
 	export GO111MODULE=off
 	./hack/update-openapi.sh

-.PHONY: notification-catalog
-notification-catalog:
-	go run ./hack/gen-catalog catalog
-
-.PHONY: notification-docs
-notification-docs:
-	go run ./hack/gen-docs
-	go run ./hack/gen-catalog docs
-
-
 .PHONY: clientgen
 clientgen: ensure-gopath
 	export GO111MODULE=off
@@ -205,11 +193,10 @@ clientgen: ensure-gopath

 .PHONY: clidocsgen
 clidocsgen: ensure-gopath
-	go run tools/cmd-docs/main.go	
-
+	go run tools/cmd-docs/main.go

 .PHONY: codegen-local
-codegen-local: ensure-gopath mod-vendor-local notification-docs notification-catalog gogen protogen clientgen openapigen clidocsgen manifests-local
+codegen-local: ensure-gopath mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local
 	rm -rf vendor/

 .PHONY: codegen
@@ -224,17 +211,13 @@ cli: test-tools-image
 cli-local: clean-debug
 	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd

-.PHONY: gen-resources-cli-local
-gen-resources-cli-local: clean-debug
-	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${GEN_RESOURCES_CLI_NAME} ./hack/gen-resources/cmd
-
 .PHONY: release-cli
-release-cli: clean-debug build-ui
-	make BIN_NAME=argocd-darwin-amd64 GOOS=darwin argocd-all
-	make BIN_NAME=argocd-darwin-arm64 GOOS=darwin GOARCH=arm64 argocd-all
-	make BIN_NAME=argocd-linux-amd64 GOOS=linux argocd-all
-	make BIN_NAME=argocd-linux-arm64 GOOS=linux GOARCH=arm64 argocd-all
-	make BIN_NAME=argocd-windows-amd64.exe GOOS=windows argocd-all
+release-cli: clean-debug image
+	docker create --name tmp-argocd-linux $(IMAGE_PREFIX)argocd:$(IMAGE_TAG)
+	docker cp tmp-argocd-linux:/usr/local/bin/argocd ${DIST_DIR}/argocd-linux-amd64
+	docker cp tmp-argocd-linux:/usr/local/bin/argocd-darwin-amd64 ${DIST_DIR}/argocd-darwin-amd64
+	docker cp tmp-argocd-linux:/usr/local/bin/argocd-windows-amd64.exe ${DIST_DIR}/argocd-windows-amd64.exe
+	docker rm tmp-argocd-linux

 .PHONY: test-tools-image
 test-tools-image:
@@ -252,7 +235,7 @@ manifests: test-tools-image
 # consolidated binary for cli, util, server, repo-server, controller
 .PHONY: argocd-all
 argocd-all: clean-debug
-	CGO_ENABLED=0 GOOS=${GOOS} GOARCH=${GOARCH} go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${BIN_NAME} ./cmd
+	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${BIN_NAME} ./cmd

 .PHONY: server
 server: clean-debug
@@ -266,21 +249,20 @@ repo-server:
 controller:
 	CGO_ENABLED=0 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-application-controller ./cmd

-.PHONY: build-ui
-build-ui:
-	docker build -t argocd-ui --target argocd-ui .
-	find ./ui/dist -type f -not -name gitkeep -delete
-	docker run -v ${CURRENT_DIR}/ui/dist/app:/tmp/app --rm -t argocd-ui sh -c 'cp -r ./dist/app/* /tmp/app/'
-
 .PHONY: image
 ifeq ($(DEV_IMAGE), true)
 # The "dev" image builds the binaries from the users desktop environment (instead of in Docker)
 # which speeds up builds. Dockerfile.dev needs to be copied into dist to perform the build, since
 # the dist directory is under .dockerignore.
 IMAGE_TAG="dev-$(shell git describe --always --dirty)"
-image: build-ui
+image:
 	docker build -t argocd-base --target argocd-base .
+	docker build -t argocd-ui --target argocd-ui .
+	find ./ui/dist -type f -not -name gitkeep -delete
+	docker run -v ${CURRENT_DIR}/ui/dist/app:/tmp/app --rm -t argocd-ui sh -c 'cp -r ./dist/app/* /tmp/app/'
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd ./cmd
+	CGO_ENABLED=0 GOOS=darwin GOARCH=amd64 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-darwin-amd64 ./cmd
+	CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/argocd-windows-amd64.exe ./cmd
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-server
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-application-controller
 	ln -sfn ${DIST_DIR}/argocd ${DIST_DIR}/argocd-repo-server
@@ -295,8 +277,10 @@ endif
 	@if [ "$(DOCKER_PUSH)" = "true" ] ; then docker push $(IMAGE_PREFIX)argocd:$(IMAGE_TAG) ; fi

 .PHONY: armimage
+# The "BUILD_ALL_CLIS" argument is to skip building the CLIs for darwin and windows
+# which would take a really long time.
 armimage:
-	docker build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG)-arm .
+	docker build -t $(IMAGE_PREFIX)argocd:$(IMAGE_TAG)-arm . --build-arg BUILD_ALL_CLIS="false"

 .PHONY: builder-image
 builder-image:
@@ -509,6 +493,10 @@ serve-docs-local:
 serve-docs:
 	docker run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs ${MKDOCS_DOCKER_IMAGE} serve -a 0.0.0.0:8000

+.PHONY: lint-docs
+lint-docs:
+	#  https://github.com/dkhamsing/awesome_bot
+	find docs -name '*.md' -exec grep -l http {} + | xargs docker run --rm -v $(PWD):/mnt:ro dkhamsing/awesome_bot -t 3 --allow-dupe --allow-redirect --white-list `cat white-list | grep -v "#" | tr "\n" ','` --skip-save-results --

 # Verify that kubectl can connect to your K8s cluster from Docker
 .PHONY: verify-kube-connect
@@ -555,6 +543,5 @@ dep-ui-local:
 start-test-k8s:
 	go run ./hack/k8s

-.PHONY: list
-list:
-	@LC_ALL=C $(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | awk -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | sort | egrep -v -e '^[^[:alnum:]]' -e '^$@$$'
+checksums:
+	sha256sum ./dist/$(BIN_NAME)-* | awk -F './dist/' '{print $$1 $$2}' > ./dist/$(BIN_NAME)-$(TARGET_VERSION)-checksums.txt
--- a/6
+++ b/6
@@ -20,8 +20,4 @@ reviewers:
 - hblixt
 - chetan-rns
 - wanghong230
- pasha-codefresh
- ciiay
- leoluz
- crenshaw-dev
- saumeya
+- pasha-codefresh
--- a/6
+++ b/6
@@ -1,8 +1,8 @@
-controller: [ "$BIN_MODE" == 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}"
-api-server: [ "$BIN_MODE" == 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} "
+controller: sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller go run ./cmd/main.go --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}"
+api-server: sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server go run ./cmd/main.go --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} "
 dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v2/cmd gendexcfg -o `pwd`/dist/dex.yaml && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:v2.30.2 dex serve /dex.yaml"
 redis: bash -c "if [ \"$ARGOCD_REDIS_LOCAL\" == 'true' ]; then redis-server --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; else docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} redis:6.2.7-alpine --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; fi"
-repo-server: [ "$BIN_MODE" == 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-/tmp/argo-e2e/app/config/plugin}  ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379}"
+repo-server: sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-/tmp/argo-e2e/app/config/plugin}  ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} go run ./cmd/main.go --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379}"
 ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start'
 git-server: test/fixture/testrepos/start-git.sh
 helm-registry: test/fixture/testrepos/start-helm-registry.sh
--- a/README.md
+++ b/README.md
@@ -46,7 +46,6 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h
 ### Blogs and Presentations

 1. [Awesome-Argo: A Curated List of Awesome Projects and Resources Related to Argo](https://github.com/terrytangyuan/awesome-argo)
-1. [Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD](https://blog.akuity.io/unveil-the-secret-ingredients-of-continuous-delivery-at-enterprise-scale-with-argo-cd-7c5b4057ee49)
 1. [GitOps Without Pipelines With ArgoCD Image Updater](https://youtu.be/avPUQin9kzU)
 1. [Combining Argo CD (GitOps), Crossplane (Control Plane), And KubeVela (OAM)](https://youtu.be/eEcgn_gU3SM)
 1. [How to Apply GitOps to Everything - Combining Argo CD and Crossplane](https://youtu.be/yrj4lmScKHQ)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,6 +1,6 @@
 # Security Policy for Argo CD

-Version: **v1.4 (2022-01-23)**
+Version: **v1.2 (2020-08-07)**

 ## Preface

@@ -26,12 +26,8 @@ are well aware of the issues that may affect Argo CD and are constantly
 working on the remediation of those that affect Argo CD and our users.

 If you believe that we might have missed an issue that we should take a look
-at (that can happen), then please discuss it with us. If there is a CVE
-assigned to the issue, please do open an issue on our GitHub tracker instead
-of writing to the security contact e-mail, since things reported by scanners
-are public already and the discussion that might emerge is of benefit to the
-general community. However, please validate your scanner results and its
-impact on Argo CD before opening an issue at least roughly.
+at (that can happen), then please discuss it with us. But please, do validate
+that assumption before at least roughly.

 ## Supported Versions

@@ -68,9 +64,3 @@ findings (unless you prefer to stay anonymous, of course).
 Please report vulnerabilities by e-mail to the following address: 

 * cncf-argo-security@lists.cncf.io
-
-## Securing your Argo CD Instance
-
-See the [operator manual security page](docs/operator-manual/security.md) for 
-additional information about Argo CD's security features and how to make your 
-Argo CD production ready.
--- a/USERS.md
+++ b/USERS.md
@@ -11,7 +11,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Adventure](https://jp.adventurekk.com/)
 1. [Akuity](https://akuity.io/)
 1. [Alibaba Group](https://www.alibabagroup.com/)
-1. [Allianz Direct](https://www.allianzdirect.de/)
 1. [Ambassador Labs](https://www.getambassador.io/)
 1. [Ant Group](https://www.antgroup.com/)
 1. [ANSTO - Australian Synchrotron](https://www.synchrotron.org.au/)
@@ -31,7 +30,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [CARFAX](https://www.carfax.com)
 1. [Celonis](https://www.celonis.com/)
 1. [Chime](https://www.chime.com)
-1. [Cisco ET&I](https://eti.cisco.com/)
 1. [Codefresh](https://www.codefresh.io/)
 1. [Codility](https://www.codility.com/)
 1. [Commonbond](https://commonbond.co/)
@@ -41,7 +39,6 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Cybozu](https://cybozu-global.com)
 1. [Chargetrip](https://chargetrip.com)
 1. [D2iQ](https://www.d2iq.com)
-1. [Deloitte](https://www.deloitte.com/)
 1. [Devtron Labs](https://github.com/devtron-labs/devtron)
 1. [EDF Renewables](https://www.edf-re.com/)
 1. [edX](https://edx.org)
@@ -50,26 +47,21 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [END.](https://www.endclothing.com/)
 1. [Energisme](https://energisme.com/)
 1. [Fave](https://myfave.com)
-1. [Flip](https://flip.id)
-1. [Fonoa](https://www.fonoa.com/)
 1. [Future PLC](https://www.futureplc.com/)
 1. [Garner](https://www.garnercorp.com)
 1. [G DATA CyberDefense AG](https://www.gdata-software.com/)
 1. [Generali Deutschland AG](https://www.generali.de/)
 1. [Gitpod](https://www.gitpod.io)
 1. [Glovo](https://www.glovoapp.com)
-1. [Gllue](https://gllue.com)
 1. [GMETRI](https://gmetri.com/)
 1. [Gojek](https://www.gojek.io/)
 1. [Greenpass](https://www.greenpass.com.br/)
 1. [Handelsbanken](https://www.handelsbanken.se)
 1. [Healy](https://www.healyworld.net)
-1. [Helio](https://helio.exchange)
 1. [hipages](https://hipages.com.au/)
 1. [Hiya](https://hiya.com)
 1. [Honestbank](https://honestbank.com)
 1. [IBM](https://www.ibm.com/)
-1. [Ibotta](https://home.ibotta.com)
 1. [IITS-Consulting](https://iits-consulting.de)
 1. [Index Exchange](https://www.indexexchange.com/)
 1. [InsideBoard](https://www.insideboard.com)
@@ -101,9 +93,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [New Relic](https://newrelic.com/)
 1. [Nextdoor](https://nextdoor.com/)
 1. [Nikkei](https://www.nikkei.co.jp/nikkeiinfo/en/)
-1. [Nitro](https://gonitro.com)
 1. [Octadesk](https://octadesk.com)
-1. [omegaUp](https://omegaUp.com)
 1. [openEuler](https://openeuler.org)
 1. [openGauss](https://opengauss.org/)
 1. [openLooKeng](https://openlookeng.io)
@@ -129,13 +119,11 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Saildrone](https://www.saildrone.com/)
 1. [Saloodo! GmbH](https://www.saloodo.com)
 1. [Schwarz IT](https://jobs.schwarz/it-mission)
-1. [Skit](https://skit.ai/)
 1. [Snyk](https://snyk.io/)
 1. [Speee](https://speee.jp/)
 1. [Spendesk](https://spendesk.com/)
 1. [Sumo Logic](https://sumologic.com/)
 1. [Sutpc](http://www.sutpc.com/)
-1. [Swiss Post](https://github.com/swisspost)
 1. [Swisscom](https://www.swisscom.ch)
 1. [Swissquote](https://github.com/swissquote)
 1. [Syncier](https://syncier.com/)
@@ -190,8 +178,3 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [p3r](https://www.p3r.one/)
 1. [Faro](https://www.faro.com/)
 1. [Rise](https://www.risecard.eu/)
-1. [Devopsi - Poland Software/DevOps Consulting](https://devopsi.pl/)
-1. [Skyscanner](https://www.skyscanner.net/)
-1. [Casavo](https://casavo.com)
-1. [Majid Al Futtaim](https://www.majidalfuttaim.com/)
-1. [ZOZO](https://corp.zozo.com/)
--- a/2
+++ b/2
@@ -1 +1 @@
-2.3.7
+2.2.16
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -256,7 +256,7 @@
          },
          {
            "type": "string",
-            "description": "the selector to restrict returned list to applications only with matched labels.",
+            "description": "the selector to to restrict returned list to applications only with matched labels.",
            "name": "selector",
            "in": "query"
          },
@@ -520,7 +520,7 @@
          },
          {
            "type": "string",
-            "description": "the selector to restrict returned list to applications only with matched labels.",
+            "description": "the selector to to restrict returned list to applications only with matched labels.",
            "name": "selector",
            "in": "query"
          },
@@ -1605,18 +1605,6 @@
            "type": "string",
            "name": "name",
            "in": "query"
-          },
-          {
-            "type": "string",
-            "description": "type is the type of the specified cluster identifier ( \"server\" - default, \"name\" ).",
-            "name": "id.type",
-            "in": "query"
-          },
-          {
-            "type": "string",
-            "description": "value holds the cluster server URL or cluster name.",
-            "name": "id.value",
-            "in": "query"
          }
        ],
        "responses": {
@@ -1671,53 +1659,7 @@
        }
      }
    },
-    "/api/v1/clusters/{id.value}": {
-      "get": {
-        "tags": [
-          "ClusterService"
-        ],
-        "summary": "Get returns a cluster by server address",
-        "operationId": "ClusterService_Get",
-        "parameters": [
-          {
-            "type": "string",
-            "description": "value holds the cluster server URL or cluster name",
-            "name": "id.value",
-            "in": "path",
-            "required": true
-          },
-          {
-            "type": "string",
-            "name": "server",
-            "in": "query"
-          },
-          {
-            "type": "string",
-            "name": "name",
-            "in": "query"
-          },
-          {
-            "type": "string",
-            "description": "type is the type of the specified cluster identifier ( \"server\" - default, \"name\" ).",
-            "name": "id.type",
-            "in": "query"
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "A successful response.",
-            "schema": {
-              "$ref": "#/definitions/v1alpha1Cluster"
-            }
-          },
-          "default": {
-            "description": "An unexpected error response.",
-            "schema": {
-              "$ref": "#/definitions/runtimeError"
-            }
-          }
-        }
-      },
+    "/api/v1/clusters/{cluster.server}": {
      "put": {
        "tags": [
          "ClusterService"
@@ -1727,8 +1669,8 @@
        "parameters": [
          {
            "type": "string",
-            "description": "value holds the cluster server URL or cluster name",
-            "name": "id.value",
+            "description": "Server is the API server URL of the Kubernetes cluster",
+            "name": "cluster.server",
            "in": "path",
            "required": true
          },
@@ -1748,11 +1690,41 @@
            "collectionFormat": "multi",
            "name": "updatedFields",
            "in": "query"
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "A successful response.",
+            "schema": {
+              "$ref": "#/definitions/v1alpha1Cluster"
+            }
+          },
+          "default": {
+            "description": "An unexpected error response.",
+            "schema": {
+              "$ref": "#/definitions/runtimeError"
+            }
+          }
+        }
+      }
+    },
+    "/api/v1/clusters/{server}": {
+      "get": {
+        "tags": [
+          "ClusterService"
+        ],
+        "summary": "Get returns a cluster by server address",
+        "operationId": "ClusterService_Get",
+        "parameters": [
+          {
+            "type": "string",
+            "name": "server",
+            "in": "path",
+            "required": true
          },
          {
            "type": "string",
-            "description": "type is the type of the specified cluster identifier ( \"server\" - default, \"name\" ).",
-            "name": "id.type",
+            "name": "name",
            "in": "query"
          }
        ],
@@ -1780,26 +1752,14 @@
        "parameters": [
          {
            "type": "string",
-            "description": "value holds the cluster server URL or cluster name",
-            "name": "id.value",
+            "name": "server",
            "in": "path",
            "required": true
          },
-          {
-            "type": "string",
-            "name": "server",
-            "in": "query"
-          },
          {
            "type": "string",
            "name": "name",
            "in": "query"
-          },
-          {
-            "type": "string",
-            "description": "type is the type of the specified cluster identifier ( \"server\" - default, \"name\" ).",
-            "name": "id.type",
-            "in": "query"
          }
        ],
        "responses": {
@@ -1818,7 +1778,7 @@
        }
      }
    },
-    "/api/v1/clusters/{id.value}/invalidate-cache": {
+    "/api/v1/clusters/{server}/invalidate-cache": {
      "post": {
        "tags": [
          "ClusterService"
@@ -1828,8 +1788,7 @@
        "parameters": [
          {
            "type": "string",
-            "description": "value holds the cluster server URL or cluster name",
-            "name": "id.value",
+            "name": "server",
            "in": "path",
            "required": true
          }
@@ -1850,7 +1809,7 @@
        }
      }
    },
-    "/api/v1/clusters/{id.value}/rotate-auth": {
+    "/api/v1/clusters/{server}/rotate-auth": {
      "post": {
        "tags": [
          "ClusterService"
@@ -1860,8 +1819,7 @@
        "parameters": [
          {
            "type": "string",
-            "description": "value holds the cluster server URL or cluster name",
-            "name": "id.value",
+            "name": "server",
            "in": "path",
            "required": true
          }
@@ -3158,7 +3116,7 @@
          },
          {
            "type": "string",
-            "description": "the selector to restrict returned list to applications only with matched labels.",
+            "description": "the selector to to restrict returned list to applications only with matched labels.",
            "name": "selector",
            "in": "query"
          },
@@ -3582,20 +3540,6 @@
        }
      }
    },
-    "clusterClusterID": {
-      "type": "object",
-      "title": "ClusterID holds a cluster server URL or cluster name",
-      "properties": {
-        "type": {
-          "type": "string",
-          "title": "type is the type of the specified cluster identifier ( \"server\" - default, \"name\" )"
-        },
-        "value": {
-          "type": "string",
-          "title": "value holds the cluster server URL or cluster name"
-        }
-      }
-    },
    "clusterClusterResponse": {
      "type": "object"
    },
@@ -3636,13 +3580,6 @@
      "type": "object",
      "title": "Help settings",
      "properties": {
-        "binaryUrls": {
-          "type": "object",
-          "title": "the URLs for downloading argocd binaries",
-          "additionalProperties": {
-            "type": "string"
-          }
-        },
        "chatText": {
          "type": "string",
          "title": "the text for getting chat help, defaults to \"Chat now!\""
@@ -4968,10 +4905,6 @@
            "$ref": "#/definitions/v1alpha1HelmFileParameter"
          }
        },
-        "ignoreMissingValueFiles": {
-          "type": "boolean",
-          "title": "IgnoreMissingValueFiles prevents helm template from failing when valueFiles do not exist locally by not appending them to helm template --values"
-        },
        "parameters": {
          "type": "array",
          "title": "Parameters is a list of Helm parameters which are passed to the helm template command upon manifest generation",
@@ -4987,10 +4920,6 @@
          "type": "string",
          "title": "ReleaseName is the Helm release name to use. If omitted it will use the application name"
        },
-        "skipCrds": {
-          "type": "boolean",
-          "title": "SkipCrds skips custom resource definition installation step (Helm's --skip-crds)"
-        },
        "valueFiles": {
          "type": "array",
          "title": "ValuesFiles is a list of Helm value files to use when generating a template",
@@ -5869,25 +5798,16 @@
    },
    "v1alpha1OverrideIgnoreDiff": {
      "type": "object",
-      "title": "OverrideIgnoreDiff contains configurations about how fields should be ignored during diffs between\nthe desired state and live state",
+      "title": "TODO: describe this type",
      "properties": {
        "jSONPointers": {
          "type": "array",
-          "title": "JSONPointers is a JSON path list following the format defined in RFC4627 (https://datatracker.ietf.org/doc/html/rfc6902#section-3)",
          "items": {
            "type": "string"
          }
        },
        "jqPathExpressions": {
          "type": "array",
-          "title": "JQPathExpressions is a JQ path list that will be evaludated during the diff process",
-          "items": {
-            "type": "string"
-          }
-        },
-        "managedFieldsManagers": {
-          "type": "array",
-          "title": "ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the\ndesired state defined in the SCM and won't be displayed in diffs",
          "items": {
            "type": "string"
          }
@@ -6250,13 +6170,6 @@
        "kind": {
          "type": "string"
        },
-        "managedFieldsManagers": {
-          "type": "array",
-          "title": "ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the\ndesired state defined in the SCM and won't be displayed in diffs",
-          "items": {
-            "type": "string"
-          }
-        },
        "name": {
          "type": "string"
        },
--- a/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go
+++ b/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go
@@ -1,57 +0,0 @@
-package commands
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"strings"
-
-	"github.com/argoproj/argo-cd/v2/util/git"
-
-	"github.com/spf13/cobra"
-	"google.golang.org/grpc"
-
-	"github.com/argoproj/argo-cd/v2/reposerver/askpass"
-	"github.com/argoproj/argo-cd/v2/util/errors"
-	grpc_util "github.com/argoproj/argo-cd/v2/util/grpc"
-	"github.com/argoproj/argo-cd/v2/util/io"
-)
-
-const (
-	// cliName is the name of the CLI
-	cliName = "argocd-git-ask-pass"
-)
-
-func NewCommand() *cobra.Command {
-	var command = cobra.Command{
-		Use:               cliName,
-		Short:             "Argo CD git credential helper",
-		DisableAutoGenTag: true,
-		Run: func(c *cobra.Command, args []string) {
-			if len(os.Args) != 2 {
-				errors.CheckError(fmt.Errorf("expected 1 argument, got %d", len(os.Args)-1))
-			}
-			nonce := os.Getenv(git.ASKPASS_NONCE_ENV)
-			if nonce == "" {
-				errors.CheckError(fmt.Errorf("%s is not set", git.ASKPASS_NONCE_ENV))
-			}
-			conn, err := grpc_util.BlockingDial(context.Background(), "unix", askpass.SocketPath, nil, grpc.WithInsecure())
-			errors.CheckError(err)
-			defer io.Close(conn)
-			client := askpass.NewAskPassServiceClient(conn)
-
-			creds, err := client.GetCredentials(context.Background(), &askpass.CredentialsRequest{Nonce: nonce})
-			errors.CheckError(err)
-			switch {
-			case strings.HasPrefix(os.Args[1], "Username"):
-				fmt.Println(creds.Username)
-			case strings.HasPrefix(os.Args[1], "Password"):
-				fmt.Println(creds.Password)
-			default:
-				errors.CheckError(fmt.Errorf("unknown credential type '%s'", os.Args[1]))
-			}
-		},
-	}
-
-	return &command
-}
--- a/cmd/argocd-notification/commands/controller.go
+++ b/cmd/argocd-notification/commands/controller.go
@@ -1,132 +0,0 @@
-package commands
-
-import (
-	"context"
-	"fmt"
-	"net/http"
-	"os"
-	"strings"
-
-	service "github.com/argoproj/argo-cd/v2/util/notification/argocd"
-
-	notificationscontroller "github.com/argoproj/argo-cd/v2/notification_controller/controller"
-
-	controller "github.com/argoproj/notifications-engine/pkg/controller"
-	"github.com/prometheus/client_golang/prometheus"
-	"github.com/prometheus/client_golang/prometheus/promhttp"
-	log "github.com/sirupsen/logrus"
-	"github.com/spf13/cobra"
-	"k8s.io/client-go/dynamic"
-	"k8s.io/client-go/kubernetes"
-	_ "k8s.io/client-go/plugin/pkg/client/auth/gcp"
-	"k8s.io/client-go/tools/clientcmd"
-)
-
-const (
-	defaultMetricsPort = 9001
-)
-
-func addK8SFlagsToCmd(cmd *cobra.Command) clientcmd.ClientConfig {
-	loadingRules := clientcmd.NewDefaultClientConfigLoadingRules()
-	loadingRules.DefaultClientConfig = &clientcmd.DefaultClientConfig
-	overrides := clientcmd.ConfigOverrides{}
-	kflags := clientcmd.RecommendedConfigOverrideFlags("")
-	cmd.PersistentFlags().StringVar(&loadingRules.ExplicitPath, "kubeconfig", "", "Path to a kube config. Only required if out-of-cluster")
-	clientcmd.BindOverrideFlags(&overrides, cmd.PersistentFlags(), kflags)
-	return clientcmd.NewInteractiveDeferredLoadingClientConfig(loadingRules, &overrides, os.Stdin)
-}
-
-func NewCommand() *cobra.Command {
-	var (
-		clientConfig              clientcmd.ClientConfig
-		processorsCount           int
-		namespace                 string
-		appLabelSelector          string
-		logLevel                  string
-		logFormat                 string
-		metricsPort               int
-		argocdRepoServer          string
-		argocdRepoServerPlaintext bool
-		argocdRepoServerStrictTLS bool
-		configMapName             string
-		secretName                string
-	)
-	var command = cobra.Command{
-		Use:   "controller",
-		Short: "Starts Argo CD Notifications controller",
-		RunE: func(c *cobra.Command, args []string) error {
-			restConfig, err := clientConfig.ClientConfig()
-			if err != nil {
-				return err
-			}
-			dynamicClient, err := dynamic.NewForConfig(restConfig)
-			if err != nil {
-				return err
-			}
-			k8sClient, err := kubernetes.NewForConfig(restConfig)
-			if err != nil {
-				return err
-			}
-			if namespace == "" {
-				namespace, _, err = clientConfig.Namespace()
-				if err != nil {
-					return err
-				}
-			}
-			level, err := log.ParseLevel(logLevel)
-			if err != nil {
-				return err
-			}
-			log.SetLevel(level)
-
-			switch strings.ToLower(logFormat) {
-			case "json":
-				log.SetFormatter(&log.JSONFormatter{})
-			case "text":
-				if os.Getenv("FORCE_LOG_COLORS") == "1" {
-					log.SetFormatter(&log.TextFormatter{ForceColors: true})
-				}
-			default:
-				return fmt.Errorf("Unknown log format '%s'", logFormat)
-			}
-
-			argocdService, err := service.NewArgoCDService(k8sClient, namespace, argocdRepoServer, argocdRepoServerPlaintext, argocdRepoServerStrictTLS)
-			if err != nil {
-				return err
-			}
-			defer argocdService.Close()
-
-			registry := controller.NewMetricsRegistry("argocd")
-			http.Handle("/metrics", promhttp.HandlerFor(prometheus.Gatherers{registry, prometheus.DefaultGatherer}, promhttp.HandlerOpts{}))
-
-			go func() {
-				log.Fatal(http.ListenAndServe(fmt.Sprintf("0.0.0.0:%d", metricsPort), http.DefaultServeMux))
-			}()
-			log.Infof("serving metrics on port %d", metricsPort)
-			log.Infof("loading configuration %d", metricsPort)
-
-			ctrl := notificationscontroller.NewController(k8sClient, dynamicClient, argocdService, namespace, appLabelSelector, registry, secretName, configMapName)
-			err = ctrl.Init(context.Background())
-			if err != nil {
-				return err
-			}
-
-			go ctrl.Run(context.Background(), processorsCount)
-			<-context.Background().Done()
-			return nil
-		},
-	}
-	clientConfig = addK8SFlagsToCmd(&command)
-	command.Flags().IntVar(&processorsCount, "processors-count", 1, "Processors count.")
-	command.Flags().StringVar(&appLabelSelector, "app-label-selector", "", "App label selector.")
-	command.Flags().StringVar(&namespace, "namespace", "", "Namespace which controller handles. Current namespace if empty.")
-	command.Flags().StringVar(&logLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
-	command.Flags().StringVar(&logFormat, "logformat", "text", "Set the logging format. One of: text|json")
-	command.Flags().IntVar(&metricsPort, "metrics-port", defaultMetricsPort, "Metrics port")
-	command.Flags().StringVar(&argocdRepoServer, "argocd-repo-server", "argocd-repo-server:8081", "Argo CD repo server address")
-	command.Flags().BoolVar(&argocdRepoServerPlaintext, "argocd-repo-server-plaintext", false, "Use a plaintext client (non-TLS) to connect to repository server")
-	command.Flags().BoolVar(&argocdRepoServerStrictTLS, "argocd-repo-server-strict-tls", false, "Perform strict validation of TLS certificates when connecting to repo server")
-	command.Flags().StringVar(&configMapName, "config-map-name", "argocd-notifications-cm", "Set notifications ConfigMap name")
-	command.Flags().StringVar(&secretName, "secret-name", "argocd-notifications-secret", "Set notifications Secret name")
-	return &command
-}
--- a/cmd/argocd-repo-server/commands/argocd_repo_server.go
+++ b/cmd/argocd-repo-server/commands/argocd_repo_server.go
@@ -19,7 +19,6 @@ import (
 	"github.com/argoproj/argo-cd/v2/common"
 	"github.com/argoproj/argo-cd/v2/reposerver"
 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
-	"github.com/argoproj/argo-cd/v2/reposerver/askpass"
 	reposervercache "github.com/argoproj/argo-cd/v2/reposerver/cache"
 	"github.com/argoproj/argo-cd/v2/reposerver/metrics"
 	"github.com/argoproj/argo-cd/v2/reposerver/repository"
@@ -63,10 +62,6 @@ func getPauseGenerationOnFailureForRequests() int {
 	return env.ParseNumFromEnv(common.EnvPauseGenerationRequests, defaultPauseGenerationOnFailureForRequests, 0, math.MaxInt32)
 }

-func getSubmoduleEnabled() bool {
-	return env.ParseBoolFromEnv(common.EnvGitSubmoduleEnabled, true)
-}
-
 func NewCommand() *cobra.Command {
 	var (
 		parallelismLimit                  int64
@@ -100,7 +95,6 @@ func NewCommand() *cobra.Command {
 			maxCombinedDirectoryManifestsQuantity, err := resource.ParseQuantity(maxCombinedDirectoryManifestsSize)
 			errors.CheckError(err)

-			askPassServer := askpass.NewServer()
 			metricsServer := metrics.NewMetricsServer()
 			cacheutil.CollectMetrics(redisClient, metricsServer)
 			server, err := reposerver.NewServer(metricsServer, cache, tlsConfigCustomizer, repository.RepoServerInitConstants{
@@ -108,9 +102,8 @@ func NewCommand() *cobra.Command {
 				PauseGenerationAfterFailedGenerationAttempts: getPauseGenerationAfterFailedGenerationAttempts(),
 				PauseGenerationOnFailureForMinutes:           getPauseGenerationOnFailureForMinutes(),
 				PauseGenerationOnFailureForRequests:          getPauseGenerationOnFailureForRequests(),
-				SubmoduleEnabled:                             getSubmoduleEnabled(),
 				MaxCombinedDirectoryManifestsSize:            maxCombinedDirectoryManifestsQuantity,
-			}, askPassServer)
+			})
 			errors.CheckError(err)

 			grpc := server.CreateGRPC()
@@ -141,7 +134,6 @@ func NewCommand() *cobra.Command {
 			})
 			http.Handle("/metrics", metricsServer.GetHandler())
 			go func() { errors.CheckError(http.ListenAndServe(fmt.Sprintf(":%d", metricsPort), nil)) }()
-			go func() { errors.CheckError(askPassServer.Run(askpass.SocketPath)) }()

 			if gpg.IsGPGEnabled() {
 				log.Infof("Initializing GnuPG keyring at %s", common.GetGnuPGHomePath())
--- a/cmd/argocd/commands/admin/admin.go
+++ b/cmd/argocd/commands/admin/admin.go
@@ -55,7 +55,6 @@ func NewAdminCommand() *cobra.Command {
 	command.AddCommand(NewImportCommand())
 	command.AddCommand(NewExportCommand())
 	command.AddCommand(NewDashboardCommand())
-	command.AddCommand(NewNotificationsCommand())

 	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json")
 	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
--- a/cmd/argocd/commands/admin/backup.go
+++ b/cmd/argocd/commands/admin/backup.go
@@ -111,11 +111,10 @@ func NewExportCommand() *cobra.Command {
 // NewImportCommand defines a new command for exporting Kubernetes and Argo CD resources.
 func NewImportCommand() *cobra.Command {
 	var (
-		clientConfig  clientcmd.ClientConfig
-		prune         bool
-		dryRun        bool
-		verbose       bool
-		stopOperation bool
+		clientConfig clientcmd.ClientConfig
+		prune        bool
+		dryRun       bool
+		verbose      bool
 	)
 	var command = cobra.Command{
 		Use:   "import SOURCE",
@@ -229,14 +228,14 @@ func NewImportCommand() *cobra.Command {
 						fmt.Printf("%s/%s %s created%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), dryRunMsg)
 					}

-				} else if specsEqual(*bakObj, liveObj) && checkAppHasNoNeedToStopOperation(liveObj, stopOperation) {
+				} else if specsEqual(*bakObj, liveObj) {
 					if verbose {
 						fmt.Printf("%s/%s %s unchanged%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), dryRunMsg)
 					}
 				} else {
 					isForbidden := false
 					if !dryRun {
-						newLive := updateLive(bakObj, &liveObj, stopOperation)
+						newLive := updateLive(bakObj, &liveObj)
 						_, err = dynClient.Update(context.Background(), newLive, v1.UpdateOptions{})
 						if apierr.IsForbidden(err) || apierr.IsNotFound(err) {
 							isForbidden = true
@@ -301,23 +300,10 @@ func NewImportCommand() *cobra.Command {
 	command.Flags().BoolVar(&dryRun, "dry-run", false, "Print what will be performed")
 	command.Flags().BoolVar(&prune, "prune", false, "Prune secrets, applications and projects which do not appear in the backup")
 	command.Flags().BoolVar(&verbose, "verbose", false, "Verbose output (versus only changed output)")
-	command.Flags().BoolVar(&stopOperation, "stop-operation", false, "Stop any existing operations")

 	return &command
 }

-// check app has no need to stop operation.
-func checkAppHasNoNeedToStopOperation(liveObj unstructured.Unstructured, stopOperation bool) bool {
-	if !stopOperation {
-		return true
-	}
-	switch liveObj.GetKind() {
-	case "Application":
-		return liveObj.Object["operation"] == nil
-	}
-	return true
-}
-
 // export writes the unstructured object and removes extraneous cruft from output before writing
 func export(w io.Writer, un unstructured.Unstructured) {
 	name := un.GetName()
@@ -343,7 +329,7 @@ func export(w io.Writer, un unstructured.Unstructured) {

 // updateLive replaces the live object's finalizers, spec, annotations, labels, and data from the
 // backup object but leaves all other fields intact (status, other metadata, etc...)
-func updateLive(bak, live *unstructured.Unstructured, stopOperation bool) *unstructured.Unstructured {
+func updateLive(bak, live *unstructured.Unstructured) *unstructured.Unstructured {
 	newLive := live.DeepCopy()
 	newLive.SetAnnotations(bak.GetAnnotations())
 	newLive.SetLabels(bak.GetLabels())
@@ -358,10 +344,6 @@ func updateLive(bak, live *unstructured.Unstructured, stopOperation bool) *unstr
 		if _, ok := bak.Object["status"]; ok {
 			newLive.Object["status"] = bak.Object["status"]
 		}
-		if stopOperation {
-			newLive.Object["operation"] = nil
-		}
-
 	case "ApplicationSet":
 		newLive.Object["spec"] = bak.Object["spec"]
 	}
--- a/cmd/argocd/commands/admin/dashboard.go
+++ b/cmd/argocd/commands/admin/dashboard.go
@@ -13,20 +13,18 @@ import (

 func NewDashboardCommand() *cobra.Command {
 	var (
-		port    int
-		address string
+		port int
 	)
 	cmd := &cobra.Command{
 		Use:   "dashboard",
 		Short: "Starts Argo CD Web UI locally",
 		Run: func(cmd *cobra.Command, args []string) {
-			println(fmt.Sprintf("Argo CD UI is available at http://%s:%d", address, port))
+			println(fmt.Sprintf("Argo CD UI is available at http://localhost:%d", port))
 			<-context.Background().Done()
 		},
 	}
 	clientOpts := &apiclient.ClientOptions{Core: true}
-	headless.InitCommand(cmd, clientOpts, &port, &address)
+	headless.InitCommand(cmd, clientOpts, &port)
 	cmd.Flags().IntVar(&port, "port", common.DefaultPortAPIServer, "Listen on given port")
-	cmd.Flags().StringVar(&address, "address", common.DefaultAddressAPIServer, "Listen on given address")
 	return cmd
 }
--- a/cmd/argocd/commands/admin/notifications.go
+++ b/cmd/argocd/commands/admin/notifications.go
@@ -1,51 +0,0 @@
-package admin
-
-import (
-	"log"
-
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/kubernetes"
-	"k8s.io/client-go/tools/clientcmd"
-
-	service "github.com/argoproj/argo-cd/v2/util/notification/argocd"
-	settings "github.com/argoproj/argo-cd/v2/util/notification/settings"
-
-	"github.com/argoproj/notifications-engine/pkg/cmd"
-	"github.com/spf13/cobra"
-)
-
-var (
-	applications = schema.GroupVersionResource{Group: "argoproj.io", Version: "v1alpha1", Resource: "applications"}
-)
-
-func NewNotificationsCommand() *cobra.Command {
-	var (
-		argocdRepoServer          string
-		argocdRepoServerPlaintext bool
-		argocdRepoServerStrictTLS bool
-	)
-
-	var argocdService service.Service
-	toolsCommand := cmd.NewToolsCommand(
-		"notifications",
-		"notifications",
-		applications,
-		settings.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm"), func(clientConfig clientcmd.ClientConfig) {
-			k8sCfg, err := clientConfig.ClientConfig()
-			if err != nil {
-				log.Fatalf("Failed to parse k8s config: %v", err)
-			}
-			ns, _, err := clientConfig.Namespace()
-			if err != nil {
-				log.Fatalf("Failed to parse k8s config: %v", err)
-			}
-			argocdService, err = service.NewArgoCDService(kubernetes.NewForConfigOrDie(k8sCfg), ns, argocdRepoServer, argocdRepoServerPlaintext, argocdRepoServerStrictTLS)
-			if err != nil {
-				log.Fatalf("Failed to initalize Argo CD service: %v", err)
-			}
-		})
-	toolsCommand.PersistentFlags().StringVar(&argocdRepoServer, "argocd-repo-server", "argocd-repo-server:8081", "Argo CD repo server address")
-	toolsCommand.PersistentFlags().BoolVar(&argocdRepoServerPlaintext, "argocd-repo-server-plaintext", false, "Use a plaintext client (non-TLS) to connect to repository server")
-	toolsCommand.PersistentFlags().BoolVar(&argocdRepoServerStrictTLS, "argocd-repo-server-strict-tls", false, "Perform strict validation of TLS certificates when connecting to repo server")
-	return toolsCommand
-}
--- a/cmd/argocd/commands/admin/settings.go
+++ b/cmd/argocd/commands/admin/settings.go
@@ -406,10 +406,6 @@ argocd admin settings resource-overrides ignore-differences ./deploy.yaml --argo
 					return
 				}

-				// This normalizer won't verify 'managedFieldsManagers' ignore difference
-				// configurations. This requires access to live resources which is not the
-				// purpose of this command. This will just apply jsonPointers and
-				// jqPathExpressions configurations.
 				normalizer, err := normalizers.NewIgnoreNormalizer(nil, overrides)
 				errors.CheckError(err)

--- a/cmd/argocd/commands/app.go
+++ b/cmd/argocd/commands/app.go
@@ -16,6 +16,7 @@ import (

 	"github.com/argoproj/gitops-engine/pkg/sync/common"

+	"github.com/argoproj/gitops-engine/pkg/diff"
 	"github.com/argoproj/gitops-engine/pkg/health"
 	"github.com/argoproj/gitops-engine/pkg/sync/hook"
 	"github.com/argoproj/gitops-engine/pkg/sync/ignore"
@@ -46,7 +47,6 @@ import (
 	repoapiclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	"github.com/argoproj/argo-cd/v2/reposerver/repository"
 	"github.com/argoproj/argo-cd/v2/util/argo"
-	argodiff "github.com/argoproj/argo-cd/v2/util/argo/diff"
 	"github.com/argoproj/argo-cd/v2/util/cli"
 	"github.com/argoproj/argo-cd/v2/util/errors"
 	"github.com/argoproj/argo-cd/v2/util/git"
@@ -284,7 +284,6 @@ func NewApplicationLogsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 		untilTime    string
 		filter       string
 		container    string
-		previous     bool
 	)
 	var command = &cobra.Command{
 		Use:   "logs APPNAME",
@@ -314,7 +313,6 @@ func NewApplicationLogsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 					UntilTime:    &untilTime,
 					Filter:       &filter,
 					Container:    container,
-					Previous:     previous,
 				})
 				if err != nil {
 					log.Fatalf("failed to get pod logs: %v", err)
@@ -356,7 +354,6 @@ func NewApplicationLogsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 	command.Flags().StringVar(&untilTime, "until-time", "", "Show logs until this time")
 	command.Flags().StringVar(&filter, "filter", "", "Show logs contain this string")
 	command.Flags().StringVar(&container, "container", "", "Optional container name")
-	command.Flags().BoolVarP(&previous, "previous", "p", false, "Specify if the previously terminated container logs should be returned")

 	return command
 }
@@ -562,16 +559,15 @@ func NewApplicationSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com
 // NewApplicationUnsetCommand returns a new instance of an `argocd app unset` command
 func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command {
 	var (
-		parameters              []string
-		valuesLiteral           bool
-		valuesFiles             []string
-		ignoreMissingValueFiles bool
-		nameSuffix              bool
-		namePrefix              bool
-		kustomizeVersion        bool
-		kustomizeImages         []string
-		pluginEnvs              []string
-		appOpts                 cmdutil.AppOptions
+		parameters       []string
+		valuesLiteral    bool
+		valuesFiles      []string
+		nameSuffix       bool
+		namePrefix       bool
+		kustomizeVersion bool
+		kustomizeImages  []string
+		pluginEnvs       []string
+		appOpts          cmdutil.AppOptions
 	)
 	var command = &cobra.Command{
 		Use:   "unset APPNAME parameters",
@@ -648,7 +644,7 @@ func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.C
 				}
 			}
 			if app.Spec.Source.Helm != nil {
-				if len(parameters) == 0 && len(valuesFiles) == 0 && !valuesLiteral && !ignoreMissingValueFiles {
+				if len(parameters) == 0 && len(valuesFiles) == 0 && !valuesLiteral {
 					c.HelpFunc()(c, args)
 					os.Exit(1)
 				}
@@ -676,10 +672,6 @@ func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.C
 						}
 					}
 				}
-				if ignoreMissingValueFiles {
-					app.Spec.Source.Helm.IgnoreMissingValueFiles = false
-					updated = true
-				}
 				if app.Spec.Source.Helm.PassCredentials {
 					app.Spec.Source.Helm.PassCredentials = false
 					updated = true
@@ -715,7 +707,6 @@ func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.C
 	command.Flags().StringArrayVarP(&parameters, "parameter", "p", []string{}, "Unset a parameter override (e.g. -p guestbook=image)")
 	command.Flags().StringArrayVar(&valuesFiles, "values", []string{}, "Unset one or more Helm values files")
 	command.Flags().BoolVar(&valuesLiteral, "values-literal", false, "Unset literal Helm values block")
-	command.Flags().BoolVar(&ignoreMissingValueFiles, "ignore-missing-value-files", false, "Unset the helm ignore-missing-value-files option (revert to false)")
 	command.Flags().BoolVar(&nameSuffix, "namesuffix", false, "Kustomize namesuffix")
 	command.Flags().BoolVar(&namePrefix, "nameprefix", false, "Kustomize nameprefix")
 	command.Flags().BoolVar(&kustomizeVersion, "kustomize-version", false, "Kustomize version")
@@ -750,9 +741,9 @@ func liveObjects(resources []*argoappv1.ResourceDiff) ([]*unstructured.Unstructu
 	return objs, nil
 }

-func getLocalObjects(app *argoappv1.Application, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions,
+func getLocalObjects(app *argoappv1.Application, local, localRepoRoot, appLabelKey, kubeVersion string, kustomizeOptions *argoappv1.KustomizeOptions,
 	configManagementPlugins []*argoappv1.ConfigManagementPlugin, trackingMethod string) []*unstructured.Unstructured {
-	manifestStrings := getLocalObjectsString(app, local, localRepoRoot, appLabelKey, kubeVersion, apiVersions, kustomizeOptions, configManagementPlugins, trackingMethod)
+	manifestStrings := getLocalObjectsString(app, local, localRepoRoot, appLabelKey, kubeVersion, kustomizeOptions, configManagementPlugins, trackingMethod)
 	objs := make([]*unstructured.Unstructured, len(manifestStrings))
 	for i := range manifestStrings {
 		obj := unstructured.Unstructured{}
@@ -763,10 +754,10 @@ func getLocalObjects(app *argoappv1.Application, local, localRepoRoot, appLabelK
 	return objs
 }

-func getLocalObjectsString(app *argoappv1.Application, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions,
+func getLocalObjectsString(app *argoappv1.Application, local, localRepoRoot, appLabelKey, kubeVersion string, kustomizeOptions *argoappv1.KustomizeOptions,
 	configManagementPlugins []*argoappv1.ConfigManagementPlugin, trackingMethod string) []string {

-	res, err := repository.GenerateManifests(context.Background(), local, localRepoRoot, app.Spec.Source.TargetRevision, &repoapiclient.ManifestRequest{
+	res, err := repository.GenerateManifests(local, localRepoRoot, app.Spec.Source.TargetRevision, &repoapiclient.ManifestRequest{
 		Repo:              &argoappv1.Repository{Repo: app.Spec.Source.RepoURL},
 		AppLabelKey:       appLabelKey,
 		AppName:           app.Name,
@@ -774,10 +765,9 @@ func getLocalObjectsString(app *argoappv1.Application, local, localRepoRoot, app
 		ApplicationSource: &app.Spec.Source,
 		KustomizeOptions:  kustomizeOptions,
 		KubeVersion:       kubeVersion,
-		ApiVersions:       apiVersions,
 		Plugins:           configManagementPlugins,
 		TrackingMethod:    trackingMethod,
-	}, true, &git.NoopCredsStore{}, resource.MustParse("0"))
+	}, true, resource.MustParse("0"))
 	errors.CheckError(err)

 	return res.Manifests
@@ -862,7 +852,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 				defer argoio.Close(conn)
 				cluster, err := clusterIf.Get(context.Background(), &clusterpkg.ClusterQuery{Name: app.Spec.Destination.Name, Server: app.Spec.Destination.Server})
 				errors.CheckError(err)
-				localObjs := groupObjsByKey(getLocalObjects(app, local, localRepoRoot, argoSettings.AppLabelKey, cluster.Info.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace)
+				localObjs := groupObjsByKey(getLocalObjects(app, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod), liveObjs, app.Spec.Destination.Namespace)
 				items = groupObjsForDiff(resources, localObjs, items, argoSettings, appName)
 			} else if revision != "" {
 				var unstructureds []*unstructured.Unstructured
@@ -904,18 +894,10 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 					val := argoSettings.ResourceOverrides[k]
 					overrides[k] = *val
 				}
-
-				// TODO remove hardcoded IgnoreAggregatedRoles and retrieve the
-				// compareOptions in the protobuf
-				ignoreAggregatedRoles := false
-				diffConfig, err := argodiff.NewDiffConfigBuilder().
-					WithDiffSettings(app.Spec.IgnoreDifferences, overrides, ignoreAggregatedRoles).
-					WithTracking(argoSettings.AppLabelKey, argoSettings.TrackingMethod).
-					WithNoCache().
-					Build()
+				normalizer, err := argo.NewDiffNormalizer(app.Spec.IgnoreDifferences, overrides)
 				errors.CheckError(err)

-				diffRes, err := argodiff.StateDiff(item.live, item.target, diffConfig)
+				diffRes, err := diff.Diff(item.target, item.live, diff.WithNormalizer(normalizer))
 				errors.CheckError(err)

 				if diffRes.Modified || item.target == nil || item.live == nil {
@@ -1407,7 +1389,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co
 					cluster, err := clusterIf.Get(context.Background(), &clusterpkg.ClusterQuery{Name: app.Spec.Destination.Name, Server: app.Spec.Destination.Server})
 					errors.CheckError(err)
 					argoio.Close(conn)
-					localObjsStrings = getLocalObjectsString(app, local, localRepoRoot, argoSettings.AppLabelKey, cluster.Info.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod)
+					localObjsStrings = getLocalObjectsString(app, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, argoSettings.KustomizeOptions, argoSettings.ConfigManagementPlugins, argoSettings.TrackingMethod)
 				}

 				syncOptionsFactory := func() *applicationpkg.SyncOptions {
--- a/cmd/argocd/commands/cluster.go
+++ b/cmd/argocd/commands/cluster.go
@@ -85,6 +85,15 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie
 				log.Fatalf("Context %s does not exist in kubeconfig", contextName)
 			}

+			isTerminal := isatty.IsTerminal(os.Stdout.Fd()) || isatty.IsCygwinTerminal(os.Stdout.Fd())
+
+			if isTerminal && !skipConfirmation {
+				message := fmt.Sprintf("WARNING: This will create a service account `argocd-manager` on the cluster referenced by context `%s` with full cluster level admin privileges. Do you want to continue [y/N]? ", contextName)
+				if !cli.AskToProceed(message) {
+					os.Exit(1)
+				}
+			}
+
 			overrides := clientcmd.ConfigOverrides{
 				Context: *clstContext,
 			}
--- a/cmd/argocd/commands/headless/headless.go
+++ b/cmd/argocd/commands/headless/headless.go
@@ -16,7 +16,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/kubernetes"
 	"k8s.io/client-go/tools/cache"
-	"k8s.io/utils/pointer"

 	argoapi "github.com/argoproj/argo-cd/v2/pkg/apiclient"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
@@ -55,7 +54,7 @@ func retrieveContextIfChanged(contextFlag *flag.Flag) string {

 // InitCommand allows executing command in a headless mode: on the fly starts Argo CD API server and
 // changes provided client options to use started API server port
-func InitCommand(cmd *cobra.Command, clientOpts *argoapi.ClientOptions, port *int, address *string) *cobra.Command {
+func InitCommand(cmd *cobra.Command, clientOpts *argoapi.ClientOptions, port *int) *cobra.Command {
 	ctx, cancel := context.WithCancel(context.Background())
 	flags := pflag.NewFlagSet("tmp", pflag.ContinueOnError)
 	clientConfig := cli.AddKubectlFlagsToSet(flags)
@@ -91,12 +90,8 @@ func InitCommand(cmd *cobra.Command, clientOpts *argoapi.ClientOptions, port *in
 		cli.SetLogLevel(log.ErrorLevel.String())
 		log.SetLevel(log.ErrorLevel)
 		os.Setenv(v1alpha1.EnvVarFakeInClusterConfig, "true")
-		if address == nil {
-			address = pointer.String("localhost")
-		}
 		if port == nil || *port == 0 {
-			addr := fmt.Sprintf("%s:0", *address)
-			ln, err := net.Listen("tcp", addr)
+			ln, err := net.Listen("tcp", "localhost:0")
 			if err != nil {
 				return err
 			}
@@ -140,12 +135,12 @@ func InitCommand(cmd *cobra.Command, clientOpts *argoapi.ClientOptions, port *in
 			Cache:         servercache.NewCache(appstateCache, 0, 0, 0),
 			KubeClientset: kubeClientset,
 			Insecure:      true,
-			ListenHost:    *address,
+			ListenHost:    "localhost",
 			RepoClientset: &forwardRepoClientset{namespace: namespace, context: context},
 		})

 		go srv.Run(ctx, *port, 0)
-		clientOpts.ServerAddr = fmt.Sprintf("%s:%d", *address, *port)
+		clientOpts.ServerAddr = fmt.Sprintf("localhost:%d", *port)
 		clientOpts.PlainText = true
 		if !cache.WaitForCacheSync(ctx.Done(), srv.Initialized) {
 			log.Fatal("Timed out waiting for project cache to sync")
--- a/cmd/argocd/commands/login.go
+++ b/cmd/argocd/commands/login.go
@@ -13,7 +13,7 @@ import (
 	"time"

 	"github.com/coreos/go-oidc"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/dgrijalva/jwt-go/v4"
 	log "github.com/sirupsen/logrus"
 	"github.com/skratchdot/open-golang/open"
 	"github.com/spf13/cobra"
@@ -127,7 +127,9 @@ argocd login cd.argoproj.io --core`,
 					errors.CheckError(err)
 					tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider)
 				}
-				parser := jwt.NewParser(jwt.WithoutClaimsValidation())
+				parser := &jwt.Parser{
+					ValidationHelper: jwt.NewValidationHelper(jwt.WithoutClaimsValidation(), jwt.WithoutAudienceValidation()),
+				}
 				claims := jwt.MapClaims{}
 				_, _, err := parser.ParseUnverified(tokenString, &claims)
 				errors.CheckError(err)
--- a/cmd/argocd/commands/login_test.go
+++ b/cmd/argocd/commands/login_test.go
@@ -3,7 +3,7 @@ package commands
 import (
 	"testing"

-	"github.com/golang-jwt/jwt/v4"
+	"github.com/dgrijalva/jwt-go/v4"
 	"github.com/stretchr/testify/assert"
 )

--- a/cmd/argocd/commands/project_role.go
+++ b/cmd/argocd/commands/project_role.go
@@ -9,7 +9,7 @@ import (
 	"time"

 	timeutil "github.com/argoproj/pkg/time"
-	jwtgo "github.com/golang-jwt/jwt/v4"
+	jwtgo "github.com/dgrijalva/jwt-go/v4"
 	"github.com/spf13/cobra"

 	argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient"
--- a/cmd/argocd/commands/root.go
+++ b/cmd/argocd/commands/root.go
@@ -40,19 +40,19 @@ func NewCommand() *cobra.Command {
 	}

 	command.AddCommand(NewCompletionCommand())
-	command.AddCommand(headless.InitCommand(NewVersionCmd(&clientOpts), &clientOpts, nil, nil))
-	command.AddCommand(headless.InitCommand(NewClusterCommand(&clientOpts, pathOpts), &clientOpts, nil, nil))
-	command.AddCommand(headless.InitCommand(NewApplicationCommand(&clientOpts), &clientOpts, nil, nil))
+	command.AddCommand(headless.InitCommand(NewVersionCmd(&clientOpts), &clientOpts, nil))
+	command.AddCommand(headless.InitCommand(NewClusterCommand(&clientOpts, pathOpts), &clientOpts, nil))
+	command.AddCommand(headless.InitCommand(NewApplicationCommand(&clientOpts), &clientOpts, nil))
 	command.AddCommand(NewLoginCommand(&clientOpts))
 	command.AddCommand(NewReloginCommand(&clientOpts))
-	command.AddCommand(headless.InitCommand(NewRepoCommand(&clientOpts), &clientOpts, nil, nil))
-	command.AddCommand(headless.InitCommand(NewRepoCredsCommand(&clientOpts), &clientOpts, nil, nil))
+	command.AddCommand(headless.InitCommand(NewRepoCommand(&clientOpts), &clientOpts, nil))
+	command.AddCommand(headless.InitCommand(NewRepoCredsCommand(&clientOpts), &clientOpts, nil))
 	command.AddCommand(NewContextCommand(&clientOpts))
-	command.AddCommand(headless.InitCommand(NewProjectCommand(&clientOpts), &clientOpts, nil, nil))
-	command.AddCommand(headless.InitCommand(NewAccountCommand(&clientOpts), &clientOpts, nil, nil))
+	command.AddCommand(headless.InitCommand(NewProjectCommand(&clientOpts), &clientOpts, nil))
+	command.AddCommand(headless.InitCommand(NewAccountCommand(&clientOpts), &clientOpts, nil))
 	command.AddCommand(NewLogoutCommand(&clientOpts))
-	command.AddCommand(headless.InitCommand(NewCertCommand(&clientOpts), &clientOpts, nil, nil))
-	command.AddCommand(headless.InitCommand(NewGPGCommand(&clientOpts), &clientOpts, nil, nil))
+	command.AddCommand(headless.InitCommand(NewCertCommand(&clientOpts), &clientOpts, nil))
+	command.AddCommand(headless.InitCommand(NewGPGCommand(&clientOpts), &clientOpts, nil))
 	command.AddCommand(admin.NewAdminCommand())

 	defaultLocalConfigPath, err := localconfig.DefaultLocalConfigPath()
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -10,8 +10,6 @@ import (
 	appcontroller "github.com/argoproj/argo-cd/v2/cmd/argocd-application-controller/commands"
 	cmpserver "github.com/argoproj/argo-cd/v2/cmd/argocd-cmp-server/commands"
 	dex "github.com/argoproj/argo-cd/v2/cmd/argocd-dex/commands"
-	gitaskpass "github.com/argoproj/argo-cd/v2/cmd/argocd-git-ask-pass/commands"
-	notification "github.com/argoproj/argo-cd/v2/cmd/argocd-notification/commands"
 	reposerver "github.com/argoproj/argo-cd/v2/cmd/argocd-repo-server/commands"
 	apiserver "github.com/argoproj/argo-cd/v2/cmd/argocd-server/commands"
 	cli "github.com/argoproj/argo-cd/v2/cmd/argocd/commands"
@@ -41,10 +39,6 @@ func main() {
 		command = cmpserver.NewCommand()
 	case "argocd-dex":
 		command = dex.NewCommand()
-	case "argocd-notifications":
-		command = notification.NewCommand()
-	case "argocd-git-ask-pass":
-		command = gitaskpass.NewCommand()
 	default:
 		command = cli.NewCommand()
 	}
--- a/cmd/util/app.go
+++ b/cmd/util/app.go
@@ -36,7 +36,6 @@ type AppOptions struct {
 	destNamespace                   string
 	Parameters                      []string
 	valuesFiles                     []string
-	ignoreMissingValueFiles         bool
 	values                          string
 	releaseName                     string
 	helmSets                        []string
@@ -44,7 +43,6 @@ type AppOptions struct {
 	helmSetFiles                    []string
 	helmVersion                     string
 	helmPassCredentials             bool
-	helmSkipCrds                    bool
 	project                         string
 	syncPolicy                      string
 	syncOptions                     []string
@@ -88,7 +86,6 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) {
 	command.Flags().StringVar(&opts.destNamespace, "dest-namespace", "", "K8s target namespace (overrides the namespace specified in the ksonnet app.yaml)")
 	command.Flags().StringArrayVarP(&opts.Parameters, "parameter", "p", []string{}, "set a parameter override (e.g. -p guestbook=image=example/guestbook:latest)")
 	command.Flags().StringArrayVar(&opts.valuesFiles, "values", []string{}, "Helm values file(s) to use")
-	command.Flags().BoolVar(&opts.ignoreMissingValueFiles, "ignore-missing-value-files", false, "Ignore locally missing valueFiles when setting helm template --values")
 	command.Flags().StringVar(&opts.values, "values-literal-file", "", "Filename or URL to import as a literal Helm values block")
 	command.Flags().StringVar(&opts.releaseName, "release-name", "", "Helm release-name")
 	command.Flags().StringVar(&opts.helmVersion, "helm-version", "", "Helm version")
@@ -96,7 +93,6 @@ func AddAppFlags(command *cobra.Command, opts *AppOptions) {
 	command.Flags().StringArrayVar(&opts.helmSets, "helm-set", []string{}, "Helm set values on the command line (can be repeated to set several values: --helm-set key1=val1 --helm-set key2=val2)")
 	command.Flags().StringArrayVar(&opts.helmSetStrings, "helm-set-string", []string{}, "Helm set STRING values on the command line (can be repeated to set several values: --helm-set-string key1=val1 --helm-set-string key2=val2)")
 	command.Flags().StringArrayVar(&opts.helmSetFiles, "helm-set-file", []string{}, "Helm set values from respective files specified via the command line (can be repeated to set several values: --helm-set-file key1=path1 --helm-set-file key2=path2)")
-	command.Flags().BoolVar(&opts.helmSkipCrds, "helm-skip-crds", false, "Skip helm crd installation step")
 	command.Flags().StringVar(&opts.project, "project", "", "Application project name")
 	command.Flags().StringVar(&opts.syncPolicy, "sync-policy", "", "Set the sync policy (one of: none, automated (aliases of automated: auto, automatic))")
 	command.Flags().StringArrayVar(&opts.syncOptions, "sync-option", []string{}, "Add or remove a sync option, e.g add `Prune=false`. Remove using `!` prefix, e.g. `!Prune=false`")
@@ -151,8 +147,6 @@ func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, ap
 			spec.RevisionHistoryLimit = &i
 		case "values":
 			setHelmOpt(&spec.Source, helmOpts{valueFiles: appOpts.valuesFiles})
-		case "ignore-missing-value-files":
-			setHelmOpt(&spec.Source, helmOpts{ignoreMissingValueFiles: appOpts.ignoreMissingValueFiles})
 		case "values-literal-file":
 			var data []byte

@@ -177,8 +171,6 @@ func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, ap
 			setHelmOpt(&spec.Source, helmOpts{helmSetStrings: appOpts.helmSetStrings})
 		case "helm-set-file":
 			setHelmOpt(&spec.Source, helmOpts{helmSetFiles: appOpts.helmSetFiles})
-		case "helm-skip-crds":
-			setHelmOpt(&spec.Source, helmOpts{skipCrds: appOpts.helmSkipCrds})
 		case "directory-recurse":
 			if spec.Source.Directory != nil {
 				spec.Source.Directory.Recurse = appOpts.directoryRecurse
@@ -389,16 +381,14 @@ func setPluginOptEnvs(src *argoappv1.ApplicationSource, envs []string) {
 }

 type helmOpts struct {
-	valueFiles              []string
-	ignoreMissingValueFiles bool
-	values                  string
-	releaseName             string
-	version                 string
-	helmSets                []string
-	helmSetStrings          []string
-	helmSetFiles            []string
-	passCredentials         bool
-	skipCrds                bool
+	valueFiles      []string
+	values          string
+	releaseName     string
+	version         string
+	helmSets        []string
+	helmSetStrings  []string
+	helmSetFiles    []string
+	passCredentials bool
 }

 func setHelmOpt(src *argoappv1.ApplicationSource, opts helmOpts) {
@@ -408,9 +398,6 @@ func setHelmOpt(src *argoappv1.ApplicationSource, opts helmOpts) {
 	if len(opts.valueFiles) > 0 {
 		src.Helm.ValueFiles = opts.valueFiles
 	}
-	if opts.ignoreMissingValueFiles {
-		src.Helm.IgnoreMissingValueFiles = opts.ignoreMissingValueFiles
-	}
 	if len(opts.values) > 0 {
 		src.Helm.Values = opts.values
 	}
@@ -423,9 +410,6 @@ func setHelmOpt(src *argoappv1.ApplicationSource, opts helmOpts) {
 	if opts.passCredentials {
 		src.Helm.PassCredentials = opts.passCredentials
 	}
-	if opts.skipCrds {
-		src.Helm.SkipCrds = opts.skipCrds
-	}
 	for _, text := range opts.helmSets {
 		p, err := argoappv1.NewHelmParameter(text, false)
 		if err != nil {
--- a/cmd/util/app_test.go
+++ b/cmd/util/app_test.go
@@ -24,11 +24,6 @@ func Test_setHelmOpt(t *testing.T) {
 		setHelmOpt(&src, helmOpts{valueFiles: []string{"foo"}})
 		assert.Equal(t, []string{"foo"}, src.Helm.ValueFiles)
 	})
-	t.Run("IgnoreMissingValueFiles", func(t *testing.T) {
-		src := v1alpha1.ApplicationSource{}
-		setHelmOpt(&src, helmOpts{ignoreMissingValueFiles: true})
-		assert.Equal(t, true, src.Helm.IgnoreMissingValueFiles)
-	})
 	t.Run("ReleaseName", func(t *testing.T) {
 		src := v1alpha1.ApplicationSource{}
 		setHelmOpt(&src, helmOpts{releaseName: "foo"})
@@ -59,11 +54,6 @@ func Test_setHelmOpt(t *testing.T) {
 		setHelmOpt(&src, helmOpts{passCredentials: true})
 		assert.Equal(t, true, src.Helm.PassCredentials)
 	})
-	t.Run("HelmSkipCrds", func(t *testing.T) {
-		src := v1alpha1.ApplicationSource{}
-		setHelmOpt(&src, helmOpts{skipCrds: true})
-		assert.Equal(t, true, src.Helm.SkipCrds)
-	})
 }

 func Test_setKustomizeOpt(t *testing.T) {
--- a/cmpserver/apiclient/clientset.go
+++ b/cmpserver/apiclient/clientset.go
@@ -24,23 +24,27 @@ type Clientset interface {
 }

 type clientSet struct {
-	address string
+	address        string
+	timeoutSeconds int
 }

 func (c *clientSet) NewConfigManagementPluginClient() (io.Closer, ConfigManagementPluginServiceClient, error) {
-	conn, err := NewConnection(c.address)
+	conn, err := NewConnection(c.address, c.timeoutSeconds)
 	if err != nil {
 		return nil, nil, err
 	}
 	return conn, NewConfigManagementPluginServiceClient(conn), nil
 }

-func NewConnection(address string) (*grpc.ClientConn, error) {
+func NewConnection(address string, timeoutSeconds int) (*grpc.ClientConn, error) {
 	retryOpts := []grpc_retry.CallOption{
 		grpc_retry.WithMax(3),
 		grpc_retry.WithBackoff(grpc_retry.BackoffLinear(1000 * time.Millisecond)),
 	}
 	unaryInterceptors := []grpc.UnaryClientInterceptor{grpc_retry.UnaryClientInterceptor(retryOpts...)}
+	if timeoutSeconds > 0 {
+		unaryInterceptors = append(unaryInterceptors, grpc_util.WithTimeout(time.Duration(timeoutSeconds)*time.Second))
+	}
 	dialOpts := []grpc.DialOption{
 		grpc.WithStreamInterceptor(grpc_retry.StreamClientInterceptor(retryOpts...)),
 		grpc.WithUnaryInterceptor(grpc_middleware.ChainUnaryClient(unaryInterceptors...)),
@@ -56,7 +60,7 @@ func NewConnection(address string) (*grpc.ClientConn, error) {
 	return conn, nil
 }

-// NewConfigManagementPluginClientSet creates new instance of config management plugin server Clientset
-func NewConfigManagementPluginClientSet(address string) Clientset {
-	return &clientSet{address: address}
+// NewCMPServerClientset creates new instance of config management plugin server Clientset
+func NewConfigManagementPluginClientSet(address string, timeoutSeconds int) Clientset {
+	return &clientSet{address: address, timeoutSeconds: timeoutSeconds}
 }
--- a/cmpserver/plugin/plugin.go
+++ b/cmpserver/plugin/plugin.go
@@ -1,31 +1,21 @@
 package plugin

 import (
-	"bytes"
 	"context"
-	"errors"
 	"fmt"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
-	"time"
-
-	"github.com/argoproj/pkg/rand"
-
-	"github.com/argoproj/argo-cd/v2/util/buffered_context"

 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 	"github.com/mattn/go-zglob"
 	log "github.com/sirupsen/logrus"

 	"github.com/argoproj/argo-cd/v2/cmpserver/apiclient"
+	executil "github.com/argoproj/argo-cd/v2/util/exec"
 )

-// cmpTimeoutBuffer is the amount of time before the request deadline to timeout server-side work. It makes sure there's
-// enough time before the client times out to send a meaningful error message.
-const cmpTimeoutBuffer = 100 * time.Millisecond
-
 // Service implements ConfigManagementPluginService interface
 type Service struct {
 	initConstants CMPServerInitConstants
@@ -42,78 +32,14 @@ func NewService(initConstants CMPServerInitConstants) *Service {
 	}
 }

-func runCommand(ctx context.Context, command Command, path string, env []string) (string, error) {
+func runCommand(command Command, path string, env []string) (string, error) {
 	if len(command.Command) == 0 {
 		return "", fmt.Errorf("Command is empty")
 	}
-	cmd := exec.CommandContext(ctx, command.Command[0], append(command.Command[1:], command.Args...)...)
-
+	cmd := exec.Command(command.Command[0], append(command.Command[1:], command.Args...)...)
 	cmd.Env = env
 	cmd.Dir = path
-
-	execId, err := rand.RandString(5)
-	if err != nil {
-		return "", err
-	}
-	logCtx := log.WithFields(log.Fields{"execID": execId})
-
-	// log in a way we can copy-and-paste into a terminal
-	args := strings.Join(cmd.Args, " ")
-	logCtx.WithFields(log.Fields{"dir": cmd.Dir}).Info(args)
-
-	var stdout bytes.Buffer
-	var stderr bytes.Buffer
-	cmd.Stdout = &stdout
-	cmd.Stderr = &stderr
-
-	// Make sure the command is killed immediately on timeout. https://stackoverflow.com/a/38133948/684776
-	cmd.SysProcAttr = newSysProcAttr(true)
-
-	start := time.Now()
-	err = cmd.Start()
-	if err != nil {
-		return "", err
-	}
-
-	go func() {
-		<-ctx.Done()
-		// Kill by group ID to make sure child processes are killed. The - tells `kill` that it's a group ID.
-		// Since we didn't set Pgid in SysProcAttr, the group ID is the same as the process ID. https://pkg.go.dev/syscall#SysProcAttr
-		_ = sysCallKill(-cmd.Process.Pid)
-	}()
-
-	err = cmd.Wait()
-
-	duration := time.Since(start)
-	output := stdout.String()
-
-	logCtx.WithFields(log.Fields{"duration": duration}).Debug(output)
-
-	if err != nil {
-		err := newCmdError(args, errors.New(err.Error()), strings.TrimSpace(stderr.String()))
-		logCtx.Error(err.Error())
-		return strings.TrimSuffix(output, "\n"), err
-	}
-
-	return strings.TrimSuffix(output, "\n"), nil
-}
-
-type CmdError struct {
-	Args   string
-	Stderr string
-	Cause  error
-}
-
-func (ce *CmdError) Error() string {
-	res := fmt.Sprintf("`%v` failed %v", ce.Args, ce.Cause)
-	if ce.Stderr != "" {
-		res = fmt.Sprintf("%s: %s", res, ce.Stderr)
-	}
-	return res
-}
-
-func newCmdError(args string, cause error, stderr string) *CmdError {
-	return &CmdError{Args: args, Stderr: stderr, Cause: cause}
+	return executil.Run(cmd)
 }

 // Environ returns a list of environment variables in name=value format from a list of variables
@@ -129,26 +55,17 @@ func environ(envVars []*apiclient.EnvEntry) []string {

 // GenerateManifest runs generate command from plugin config file and returns generated manifest files
 func (s *Service) GenerateManifest(ctx context.Context, q *apiclient.ManifestRequest) (*apiclient.ManifestResponse, error) {
-	bufferedCtx, cancel := buffered_context.WithEarlierDeadline(ctx, cmpTimeoutBuffer)
-	defer cancel()
-
-	if deadline, ok := bufferedCtx.Deadline(); ok {
-		log.Infof("Generating manifests with deadline %v from now", time.Until(deadline))
-	} else {
-		log.Info("Generating manifests with no request-level timeout")
-	}
-
 	config := s.initConstants.PluginConfig

 	env := append(os.Environ(), environ(q.Env)...)
 	if len(config.Spec.Init.Command) > 0 {
-		_, err := runCommand(bufferedCtx, config.Spec.Init, q.AppPath, env)
+		_, err := runCommand(config.Spec.Init, q.AppPath, env)
 		if err != nil {
 			return &apiclient.ManifestResponse{}, err
 		}
 	}

-	out, err := runCommand(bufferedCtx, config.Spec.Generate, q.AppPath, env)
+	out, err := runCommand(config.Spec.Generate, q.AppPath, env)
 	if err != nil {
 		return &apiclient.ManifestResponse{}, err
 	}
@@ -165,9 +82,6 @@ func (s *Service) GenerateManifest(ctx context.Context, q *apiclient.ManifestReq

 // MatchRepository checks whether the application repository type is supported by config management plugin server
 func (s *Service) MatchRepository(ctx context.Context, q *apiclient.RepositoryRequest) (*apiclient.RepositoryResponse, error) {
-	bufferedCtx, cancel := buffered_context.WithEarlierDeadline(ctx, cmpTimeoutBuffer)
-	defer cancel()
-
 	var repoResponse apiclient.RepositoryResponse
 	config := s.initConstants.PluginConfig
 	if config.Spec.Discover.FileName != "" {
@@ -199,7 +113,7 @@ func (s *Service) MatchRepository(ctx context.Context, q *apiclient.RepositoryRe
 	}

 	log.Debugf("Going to try runCommand.")
-	find, err := runCommand(bufferedCtx, config.Spec.Discover.Find.Command, q.Path, os.Environ())
+	find, err := runCommand(config.Spec.Discover.Find.Command, q.Path, os.Environ())
 	if err != nil {
 		return &repoResponse, err
 	}
--- a/cmpserver/plugin/plugin_test.go
+++ b/cmpserver/plugin/plugin_test.go
@@ -4,9 +4,7 @@ import (
 	"context"
 	"os"
 	"testing"
-	"time"

-	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

 	"github.com/argoproj/argo-cd/v2/cmpserver/apiclient"
@@ -65,19 +63,3 @@ func TestGenerateManifest(t *testing.T) {
 		require.Equal(t, expectedOutput, res1.Manifests[0])
 	}
 }
-
-// TestRunCommandContextTimeout makes sure the command dies at timeout rather than sleeping past the timeout.
-func TestRunCommandContextTimeout(t *testing.T) {
-	ctx, cancel := context.WithTimeout(context.Background(), 990*time.Millisecond)
-	defer cancel()
-	// Use a subshell so there's a child command.
-	command := Command{
-		Command: []string{"sh", "-c"},
-		Args:    []string{"sleep 5"},
-	}
-	before := time.Now()
-	_, err := runCommand(ctx, command, "", []string{})
-	after := time.Now()
-	assert.Error(t, err) // The command should time out, causing an error.
-	assert.Less(t, after.Sub(before), 1*time.Second)
-}
--- a/cmpserver/plugin/plugin_unix.go
+++ b/cmpserver/plugin/plugin_unix.go
@@ -1,16 +0,0 @@
-//go:build !windows
-// +build !windows
-
-package plugin
-
-import (
-	"syscall"
-)
-
-func newSysProcAttr(setpgid bool) *syscall.SysProcAttr {
-	return &syscall.SysProcAttr{Setpgid: setpgid}
-}
-
-func sysCallKill(pid int) error {
-	return syscall.Kill(pid, syscall.SIGKILL)
-}
--- a/cmpserver/plugin/plugin_windows.go
+++ b/cmpserver/plugin/plugin_windows.go
@@ -1,16 +0,0 @@
-//go:build windows
-// +build windows
-
-package plugin
-
-import (
-	"syscall"
-)
-
-func newSysProcAttr(setpgid bool) *syscall.SysProcAttr {
-	return &syscall.SysProcAttr{}
-}
-
-func sysCallKill(pid int) error {
-	return nil
-}
--- a/common/common.go
+++ b/common/common.go
@@ -42,11 +42,6 @@ const (
 	DefaultPortRepoServerMetrics      = 8084
 )

-// Default listener address for ArgoCD components
-const (
-	DefaultAddressAPIServer = "localhost"
-)
-
 // Default paths on the pod's file system
 const (
 	// The default path where TLS certificates for repositories are located
@@ -76,10 +71,6 @@ const (
 	ArgoCDUserAgentName = "argocd-client"
 	// AuthCookieName is the HTTP cookie name where we store our auth token
 	AuthCookieName = "argocd.token"
-	// StateCookieName is the HTTP cookie name that holds temporary nonce tokens for CSRF protection
-	StateCookieName = "argocd.oauthstate"
-	// StateCookieMaxAge is the maximum age of the oauth state cookie
-	StateCookieMaxAge = time.Minute * 5

 	// ChangePasswordSSOTokenMaxAge is the max token age for password change operation
 	ChangePasswordSSOTokenMaxAge = time.Minute * 5
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -37,6 +37,9 @@ import (
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/util/workqueue"

+	// make sure to register workqueue prometheus metrics
+	_ "k8s.io/component-base/metrics/prometheus/workqueue"
+
 	statecache "github.com/argoproj/argo-cd/v2/controller/cache"
 	"github.com/argoproj/argo-cd/v2/controller/metrics"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application"
@@ -46,7 +49,6 @@ import (
 	applisters "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	"github.com/argoproj/argo-cd/v2/util/argo"
-	argodiff "github.com/argoproj/argo-cd/v2/util/argo/diff"
 	appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate"
 	"github.com/argoproj/argo-cd/v2/util/db"
 	"github.com/argoproj/argo-cd/v2/util/errors"
@@ -317,27 +319,12 @@ func (ctrl *ApplicationController) handleObjectUpdated(managedByApp map[string]b
 		if isManagedResource {
 			level = CompareWithRecent
 		}
-
-		// Additional check for debug level so we don't need to evaluate the
-		// format string in case of non-debug scenarios
-		if log.GetLevel() >= log.DebugLevel {
-			var resKey string
-			if ref.Namespace != "" {
-				resKey = ref.Namespace + "/" + ref.Name
-			} else {
-				resKey = "(cluster-scoped)/" + ref.Name
-			}
-			log.Debugf("Refreshing app %s for change in cluster of object %s of type %s/%s", appName, resKey, ref.APIVersion, ref.Kind)
-		}
-
 		ctrl.requestAppRefresh(appName, &level, nil)
 	}
 }

-// setAppManagedResources will build a list of ResourceDiff based on the provided comparisonResult
-// and persist app resources related data in the cache. Will return the persisted ApplicationTree.
 func (ctrl *ApplicationController) setAppManagedResources(a *appv1.Application, comparisonResult *comparisonResult) (*appv1.ApplicationTree, error) {
-	managedResources, err := ctrl.hideSecretData(a, comparisonResult)
+	managedResources, err := ctrl.managedResources(comparisonResult)
 	if err != nil {
 		return nil, fmt.Errorf("error getting managed resources: %s", err)
 	}
@@ -563,7 +550,7 @@ func (ctrl *ApplicationController) getAppHosts(a *appv1.Application, appNodes []
 	return hosts, nil
 }

-func (ctrl *ApplicationController) hideSecretData(app *appv1.Application, comparisonResult *comparisonResult) ([]*appv1.ResourceDiff, error) {
+func (ctrl *ApplicationController) managedResources(comparisonResult *comparisonResult) ([]*appv1.ResourceDiff, error) {
 	items := make([]*appv1.ResourceDiff, len(comparisonResult.managedResources))
 	for i := range comparisonResult.managedResources {
 		res := comparisonResult.managedResources[i]
@@ -589,34 +576,14 @@ func (ctrl *ApplicationController) hideSecretData(app *appv1.Application, compar
 			if err != nil {
 				return nil, fmt.Errorf("error getting resource compare options: %s", err)
 			}
-			resourceOverrides, err := ctrl.settingsMgr.GetResourceOverrides()
-			if err != nil {
-				return nil, fmt.Errorf("error getting resource overrides: %s", err)
-			}
-			appLabelKey, err := ctrl.settingsMgr.GetAppInstanceLabelKey()
-			if err != nil {
-				return nil, fmt.Errorf("error getting app instance label key: %s", err)
-			}
-			trackingMethod, err := ctrl.settingsMgr.GetTrackingMethod()
-			if err != nil {
-				return nil, fmt.Errorf("error getting tracking method: %s", err)
-			}
-
-			diffConfig, err := argodiff.NewDiffConfigBuilder().
-				WithDiffSettings(app.Spec.IgnoreDifferences, resourceOverrides, compareOptions.IgnoreAggregatedRoles).
-				WithTracking(appLabelKey, trackingMethod).
-				WithNoCache().
-				WithLogger(logutils.NewLogrusLogger(logutils.NewWithCurrentConfig())).
-				Build()
-			if err != nil {
-				return nil, fmt.Errorf("appcontroller error building diff config: %s", err)
-			}
-
-			diffResult, err := argodiff.StateDiff(live, target, diffConfig)
+			resDiffPtr, err := diff.Diff(target, live,
+				diff.WithNormalizer(comparisonResult.diffNormalizer),
+				diff.WithLogr(logutils.NewLogrusLogger(logutils.NewWithCurrentConfig())),
+				diff.IgnoreAggregatedRoles(compareOptions.IgnoreAggregatedRoles))
 			if err != nil {
 				return nil, fmt.Errorf("error applying diff: %s", err)
 			}
-			resDiff = diffResult
+			resDiff = *resDiffPtr
 		}

 		if live != nil {
--- a/controller/cache/cache.go
+++ b/controller/cache/cache.go
@@ -2,12 +2,10 @@ package cache

 import (
 	"context"
-	"errors"
 	"fmt"
 	"math"
 	"reflect"
 	"sync"
-	"syscall"
 	"time"

 	clustercache "github.com/argoproj/gitops-engine/pkg/cache"
@@ -16,7 +14,6 @@ import (
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/sync/semaphore"
 	v1 "k8s.io/api/core/v1"
-	kerrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime/schema"
@@ -40,9 +37,6 @@ const (
 	// EnvClusterCacheWatchResyncDuration is the env variable that holds cluster cache watch re-sync duration
 	EnvClusterCacheWatchResyncDuration = "ARGOCD_CLUSTER_CACHE_WATCH_RESYNC_DURATION"

-	// EnvClusterRetryTimeoutDuration is the env variable that holds cluster retry duration when sync error happens
-	EnvClusterSyncRetryTimeoutDuration = "ARGOCD_CLUSTER_SYNC_RETRY_TIMEOUT_DURATION"
-
 	// EnvClusterCacheListPageSize is the env variable to control size of the list page size when making K8s queries
 	EnvClusterCacheListPageSize = "ARGOCD_CLUSTER_CACHE_LIST_PAGE_SIZE"

@@ -50,12 +44,6 @@ const (
 	// This is used to limit the number of concurrent memory consuming operations on the
 	// k8s list queries results across all clusters to avoid memory spikes during cache initialization.
 	EnvClusterCacheListSemaphore = "ARGOCD_CLUSTER_CACHE_LIST_SEMAPHORE"
-
-	// EnvClusterCacheRetryLimit is the env variable to control the retry limit for listing resources during cluster cache sync
-	EnvClusterCacheAttemptLimit = "ARGOCD_CLUSTER_CACHE_ATTEMPT_LIMIT"
-
-	// EnvClusterCacheRetryUseBackoff is the env variable to control whether to use a backoff strategy with the retry during cluster cache sync
-	EnvClusterCacheRetryUseBackoff = "ARGOCD_CLUSTER_CACHE_RETRY_USE_BACKOFF"
 )

 // GitOps engine cluster cache tuning options
@@ -68,32 +56,19 @@ var (
 	// for before relisting & restarting the watch
 	clusterCacheWatchResyncDuration = 10 * time.Minute

-	// clusterSyncRetryTimeoutDuration controls the sync retry duration when cluster sync error happens
-	clusterSyncRetryTimeoutDuration = 10 * time.Second
-
 	// The default limit of 50 is chosen based on experiments.
 	clusterCacheListSemaphoreSize int64 = 50

 	// clusterCacheListPageSize is the page size when performing K8s list requests.
 	// 500 is equal to kubectl's size
 	clusterCacheListPageSize int64 = 500
-
-	// clusterCacheRetryLimit sets a retry limit for failed requests during cluster cache sync
-	// If set to 1, retries are disabled.
-	clusterCacheAttemptLimit int32 = 1
-
-	// clusterCacheRetryUseBackoff specifies whether to use a backoff strategy on cluster cache sync, if retry is enabled
-	clusterCacheRetryUseBackoff bool = false
 )

 func init() {
 	clusterCacheResyncDuration = env.ParseDurationFromEnv(EnvClusterCacheResyncDuration, clusterCacheResyncDuration, 0, math.MaxInt64)
 	clusterCacheWatchResyncDuration = env.ParseDurationFromEnv(EnvClusterCacheWatchResyncDuration, clusterCacheWatchResyncDuration, 0, math.MaxInt64)
-	clusterSyncRetryTimeoutDuration = env.ParseDurationFromEnv(EnvClusterSyncRetryTimeoutDuration, clusterSyncRetryTimeoutDuration, 0, math.MaxInt64)
 	clusterCacheListPageSize = env.ParseInt64FromEnv(EnvClusterCacheListPageSize, clusterCacheListPageSize, 0, math.MaxInt64)
 	clusterCacheListSemaphoreSize = env.ParseInt64FromEnv(EnvClusterCacheListSemaphore, clusterCacheListSemaphoreSize, 0, math.MaxInt64)
-	clusterCacheAttemptLimit = int32(env.ParseInt64FromEnv(EnvClusterCacheAttemptLimit, 1, 1, math.MaxInt32))
-	clusterCacheRetryUseBackoff = env.ParseBoolFromEnv(EnvClusterCacheRetryUseBackoff, false)
 }

 type LiveStateCache interface {
@@ -303,19 +278,6 @@ func skipAppRequeuing(key kube.ResourceKey) bool {
 	return ignoredRefreshResources[key.Group+"/"+key.Kind]
 }

-// isRetryableError is a helper method to see whether an error
-// returned from the dynamic client is potentially retryable.
-func isRetryableError(err error) bool {
-	return kerrors.IsInternalError(err) ||
-		kerrors.IsInvalid(err) ||
-		kerrors.IsServerTimeout(err) ||
-		kerrors.IsServiceUnavailable(err) ||
-		kerrors.IsTimeout(err) ||
-		kerrors.IsUnexpectedObjectError(err) ||
-		kerrors.IsUnexpectedServerError(err) ||
-		errors.Is(err, syscall.ECONNRESET)
-}
-
 func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, error) {
 	c.lock.RLock()
 	clusterCache, ok := c.clusters[server]
@@ -348,7 +310,6 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e
 		clustercache.SetListSemaphore(semaphore.NewWeighted(clusterCacheListSemaphoreSize)),
 		clustercache.SetListPageSize(clusterCacheListPageSize),
 		clustercache.SetWatchResyncTimeout(clusterCacheWatchResyncDuration),
-		clustercache.SetClusterSyncRetryTimeout(clusterSyncRetryTimeoutDuration),
 		clustercache.SetResyncTimeout(clusterCacheResyncDuration),
 		clustercache.SetSettings(cacheSettings.clusterSettings),
 		clustercache.SetNamespaces(cluster.Namespaces),
@@ -369,7 +330,6 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e
 			return res, res.AppName != "" || gvk.Kind == kube.CustomResourceDefinitionKind
 		}),
 		clustercache.SetLogr(logutils.NewLogrusLogger(log.WithField("server", cluster.Server))),
-		clustercache.SetRetryOptions(clusterCacheAttemptLimit, clusterCacheRetryUseBackoff, isRetryableError),
 	}

 	clusterCache = clustercache.NewClusterCache(cluster.RESTConfig(), clusterCacheOpts...)
--- a/controller/cache/info.go
+++ b/controller/cache/info.go
@@ -30,20 +30,25 @@ func populateNodeInfo(un *unstructured.Unstructured, res *ResourceInfo) {
 		switch gvk.Kind {
 		case kube.PodKind:
 			populatePodInfo(un, res)
+			return
 		case kube.ServiceKind:
 			populateServiceInfo(un, res)
+			return
 		case "Node":
 			populateHostNodeInfo(un, res)
+			return
 		}
 	case "extensions", "networking.k8s.io":
 		switch gvk.Kind {
 		case kube.IngressKind:
 			populateIngressInfo(un, res)
+			return
 		}
 	case "networking.istio.io":
 		switch gvk.Kind {
 		case "VirtualService":
 			populateIstioVirtualServiceInfo(un, res)
+			return
 		}
 	}

--- a/controller/cache/info_test.go
+++ b/controller/cache/info_test.go
@@ -43,25 +43,6 @@ var (
      ingress:
      - hostname: localhost`)

-	testLinkAnnotatedService = strToUnstructured(`
-  apiVersion: v1
-  kind: Service
-  metadata:
-    name: helm-guestbook
-    namespace: default
-    resourceVersion: "123"
-    uid: "4"
-    annotations:
-      link.argocd.argoproj.io/external-link: http://my-grafana.com/pre-generated-link
-  spec:
-    selector:
-      app: guestbook
-    type: LoadBalancer
-  status:
-    loadBalancer:
-      ingress:
-      - hostname: localhost`)
-
 	testIngress = strToUnstructured(`
  apiVersion: extensions/v1beta1
  kind: Ingress
@@ -93,39 +74,6 @@ var (
      ingress:
      - ip: 107.178.210.11`)

-	testLinkAnnotatedIngress = strToUnstructured(`
-  apiVersion: extensions/v1beta1
-  kind: Ingress
-  metadata:
-    name: helm-guestbook
-    namespace: default
-    uid: "4"
-    annotations:
-      link.argocd.argoproj.io/external-link: http://my-grafana.com/ingress-link
-  spec:
-    backend:
-      serviceName: not-found-service
-      servicePort: 443
-    rules:
-    - host: helm-guestbook.com
-      http:
-        paths:
-        - backend:
-            serviceName: helm-guestbook
-            servicePort: 443
-          path: /
-        - backend:
-            serviceName: helm-guestbook
-            servicePort: https
-          path: /
-    tls:
-    - host: helm-guestbook.com
-    secretName: my-tls-secret
-  status:
-    loadBalancer:
-      ingress:
-      - ip: 107.178.210.11`)
-
 	testIngressWildCardPath = strToUnstructured(`
  apiVersion: extensions/v1beta1
  kind: Ingress
@@ -320,17 +268,6 @@ func TestGetServiceInfo(t *testing.T) {
 	}, info.NetworkingInfo)
 }

-func TestGetLinkAnnotatedServiceInfo(t *testing.T) {
-	info := &ResourceInfo{}
-	populateNodeInfo(testLinkAnnotatedService, info)
-	assert.Equal(t, 0, len(info.Info))
-	assert.Equal(t, &v1alpha1.ResourceNetworkingInfo{
-		TargetLabels: map[string]string{"app": "guestbook"},
-		Ingress:      []v1.LoadBalancerIngress{{Hostname: "localhost"}},
-		ExternalURLs: []string{"http://my-grafana.com/pre-generated-link"},
-	}, info.NetworkingInfo)
-}
-
 func TestGetIstioVirtualServiceInfo(t *testing.T) {
 	info := &ResourceInfo{}
 	populateNodeInfo(testIstioVirtualService, info)
@@ -386,30 +323,6 @@ func TestGetIngressInfo(t *testing.T) {
 	}
 }

-func TestGetLinkAnnotatedIngressInfo(t *testing.T) {
-	info := &ResourceInfo{}
-	populateNodeInfo(testLinkAnnotatedIngress, info)
-	assert.Equal(t, 0, len(info.Info))
-	sort.Slice(info.NetworkingInfo.TargetRefs, func(i, j int) bool {
-		return strings.Compare(info.NetworkingInfo.TargetRefs[j].Name, info.NetworkingInfo.TargetRefs[i].Name) < 0
-	})
-	assert.Equal(t, &v1alpha1.ResourceNetworkingInfo{
-		Ingress: []v1.LoadBalancerIngress{{IP: "107.178.210.11"}},
-		TargetRefs: []v1alpha1.ResourceRef{{
-			Namespace: "default",
-			Group:     "",
-			Kind:      kube.ServiceKind,
-			Name:      "not-found-service",
-		}, {
-			Namespace: "default",
-			Group:     "",
-			Kind:      kube.ServiceKind,
-			Name:      "helm-guestbook",
-		}},
-		ExternalURLs: []string{"https://helm-guestbook.com/", "http://my-grafana.com/ingress-link"},
-	}, info.NetworkingInfo)
-}
-
 func TestGetIngressInfoWildCardPath(t *testing.T) {
 	info := &ResourceInfo{}
 	populateNodeInfo(testIngressWildCardPath, info)
--- a/controller/clusterinfoupdater.go
+++ b/controller/clusterinfoupdater.go
@@ -64,7 +64,6 @@ func (c *clusterInfoUpdater) updateClusters() {
 	clusters, err := c.db.ListClusters(context.Background())
 	if err != nil {
 		log.Warnf("Failed to save clusters info: %v", err)
-		return
 	}
 	var clustersFiltered []appv1.Cluster
 	if c.clusterFilter == nil {
--- a/controller/metrics/metrics.go
+++ b/controller/metrics/metrics.go
@@ -6,8 +6,8 @@ import (
 	"fmt"
 	"net/http"
 	"os"
-	"regexp"
 	"strconv"
+	"strings"
 	"time"

 	"github.com/argoproj/gitops-engine/pkg/health"
@@ -159,7 +159,6 @@ func NewMetricsServer(addr string, appLister applister.ApplicationLister, appFil

 	mux := http.NewServeMux()
 	registry := NewAppRegistry(appLister, appFilter, appLabels)
-	registry.MustRegister(depth, adds, latency, workDuration, unfinished, longestRunningProcessor, retries)
 	mux.Handle(MetricsPath, promhttp.HandlerFor(prometheus.Gatherers{
 		// contains app controller specific metrics
 		registry,
@@ -197,14 +196,11 @@ func NewMetricsServer(addr string, appLister applister.ApplicationLister, appFil
 	}, nil
 }

-// Prometheus invalid labels, more info: https://prometheus.io/docs/concepts/data_model/#metric-names-and-labels.
-var invalidPromLabelChars = regexp.MustCompile(`[^a-zA-Z0-9_]`)
-
 func normalizeLabels(prefix string, appLabels []string) []string {
 	results := []string{}
 	for _, label := range appLabels {
 		//prometheus labels don't accept dash in their name
-		curr := invalidPromLabelChars.ReplaceAllString(label, "_")
+		curr := strings.ReplaceAll(label, "-", "_")
 		result := fmt.Sprintf("%s_%s", prefix, curr)
 		results = append(results, result)
 	}
--- a/controller/metrics/metrics_test.go
+++ b/controller/metrics/metrics_test.go
@@ -33,7 +33,6 @@ metadata:
  labels:
    team-name: my-team
    team-bu: bu-id
-    argoproj.io/cluster: test-cluster
 spec:
  destination:
    namespace: dummy-namespace
@@ -58,7 +57,6 @@ metadata:
  labels:
    team-name: my-team
    team-bu: bu-id
-    argoproj.io/cluster: test-cluster
 spec:
  destination:
    namespace: dummy-namespace
@@ -89,7 +87,6 @@ metadata:
  labels:
    team-name: my-team
    team-bu: bu-id
-    argoproj.io/cluster: test-cluster
 spec:
  destination:
    namespace: dummy-namespace
@@ -257,14 +254,14 @@ func TestMetricLabels(t *testing.T) {
 	cases := []testCases{
 		{
 			description:  "will return the labels metrics successfully",
-			metricLabels: []string{"team-name", "team-bu", "argoproj.io/cluster"},
+			metricLabels: []string{"team-name", "team-bu"},
 			testCombination: testCombination{
 				applications: []string{fakeApp, fakeApp2, fakeApp3},
 				responseContains: `
 # TYPE argocd_app_labels gauge
-argocd_app_labels{label_argoproj_io_cluster="test-cluster",label_team_bu="bu-id",label_team_name="my-team",name="my-app",namespace="argocd",project="important-project"} 1
-argocd_app_labels{label_argoproj_io_cluster="test-cluster",label_team_bu="bu-id",label_team_name="my-team",name="my-app-2",namespace="argocd",project="important-project"} 1
-argocd_app_labels{label_argoproj_io_cluster="test-cluster",label_team_bu="bu-id",label_team_name="my-team",name="my-app-3",namespace="argocd",project="important-project"} 1
+argocd_app_labels{label_team_bu="bu-id",label_team_name="my-team",name="my-app",namespace="argocd",project="important-project"} 1
+argocd_app_labels{label_team_bu="bu-id",label_team_name="my-team",name="my-app-2",namespace="argocd",project="important-project"} 1
+argocd_app_labels{label_team_bu="bu-id",label_team_name="my-team",name="my-app-3",namespace="argocd",project="important-project"} 1
 `,
 			},
 		},
--- a/controller/metrics/workqueue.go
+++ b/controller/metrics/workqueue.go
@@ -1,101 +0,0 @@
-package metrics
-
-import (
-	"github.com/prometheus/client_golang/prometheus"
-	"k8s.io/client-go/util/workqueue"
-)
-
-const (
-	WorkQueueSubsystem         = "workqueue"
-	DepthKey                   = "depth"
-	AddsKey                    = "adds_total"
-	QueueLatencyKey            = "queue_duration_seconds"
-	WorkDurationKey            = "work_duration_seconds"
-	UnfinishedWorkKey          = "unfinished_work_seconds"
-	LongestRunningProcessorKey = "longest_running_processor_seconds"
-	RetriesKey                 = "retries_total"
-)
-
-var (
-	depth = prometheus.NewGaugeVec(prometheus.GaugeOpts{
-		Subsystem: WorkQueueSubsystem,
-		Name:      DepthKey,
-		Help:      "Current depth of workqueue",
-	}, []string{"name"})
-
-	adds = prometheus.NewCounterVec(prometheus.CounterOpts{
-		Subsystem: WorkQueueSubsystem,
-		Name:      AddsKey,
-		Help:      "Total number of adds handled by workqueue",
-	}, []string{"name"})
-
-	latency = prometheus.NewHistogramVec(prometheus.HistogramOpts{
-		Subsystem: WorkQueueSubsystem,
-		Name:      QueueLatencyKey,
-		Help:      "How long in seconds an item stays in workqueue before being requested",
-		Buckets:   []float64{1e-6, 1e-5, 1e-4, 1e-3, 1e-2, 1e-1, 1, 5, 10, 15, 30, 60, 120, 180},
-	}, []string{"name"})
-
-	workDuration = prometheus.NewHistogramVec(prometheus.HistogramOpts{
-		Subsystem: WorkQueueSubsystem,
-		Name:      WorkDurationKey,
-		Help:      "How long in seconds processing an item from workqueue takes.",
-		Buckets:   []float64{1e-6, 1e-5, 1e-4, 1e-3, 1e-2, 1e-1, 1, 5, 10, 15, 30, 60, 120, 180},
-	}, []string{"name"})
-
-	unfinished = prometheus.NewGaugeVec(prometheus.GaugeOpts{
-		Subsystem: WorkQueueSubsystem,
-		Name:      UnfinishedWorkKey,
-		Help: "How many seconds of work has been done that " +
-			"is in progress and hasn't been observed by work_duration. Large " +
-			"values indicate stuck threads. One can deduce the number of stuck " +
-			"threads by observing the rate at which this increases.",
-	}, []string{"name"})
-
-	longestRunningProcessor = prometheus.NewGaugeVec(prometheus.GaugeOpts{
-		Subsystem: WorkQueueSubsystem,
-		Name:      LongestRunningProcessorKey,
-		Help: "How many seconds has the longest running " +
-			"processor for workqueue been running.",
-	}, []string{"name"})
-
-	retries = prometheus.NewCounterVec(prometheus.CounterOpts{
-		Subsystem: WorkQueueSubsystem,
-		Name:      RetriesKey,
-		Help:      "Total number of retries handled by workqueue",
-	}, []string{"name"})
-)
-
-func init() {
-	workqueue.SetProvider(workqueueMetricsProvider{})
-}
-
-type workqueueMetricsProvider struct{}
-
-func (workqueueMetricsProvider) NewDepthMetric(name string) workqueue.GaugeMetric {
-	return depth.WithLabelValues(name)
-}
-
-func (workqueueMetricsProvider) NewAddsMetric(name string) workqueue.CounterMetric {
-	return adds.WithLabelValues(name)
-}
-
-func (workqueueMetricsProvider) NewLatencyMetric(name string) workqueue.HistogramMetric {
-	return latency.WithLabelValues(name)
-}
-
-func (workqueueMetricsProvider) NewWorkDurationMetric(name string) workqueue.HistogramMetric {
-	return workDuration.WithLabelValues(name)
-}
-
-func (workqueueMetricsProvider) NewUnfinishedWorkSecondsMetric(name string) workqueue.SettableGaugeMetric {
-	return unfinished.WithLabelValues(name)
-}
-
-func (workqueueMetricsProvider) NewLongestRunningProcessorSecondsMetric(name string) workqueue.SettableGaugeMetric {
-	return longestRunningProcessor.WithLabelValues(name)
-}
-
-func (workqueueMetricsProvider) NewRetriesMetric(name string) workqueue.CounterMetric {
-	return retries.WithLabelValues(name)
-}
--- a/controller/state.go
+++ b/controller/state.go
@@ -13,6 +13,7 @@ import (
 	hookutil "github.com/argoproj/gitops-engine/pkg/sync/hook"
 	"github.com/argoproj/gitops-engine/pkg/sync/ignore"
 	resourceutil "github.com/argoproj/gitops-engine/pkg/sync/resource"
+	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 	kubeutil "github.com/argoproj/gitops-engine/pkg/utils/kube"
 	log "github.com/sirupsen/logrus"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -29,7 +30,6 @@ import (
 	appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned"
 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	"github.com/argoproj/argo-cd/v2/util/argo"
-	argodiff "github.com/argoproj/argo-cd/v2/util/argo/diff"
 	appstatecache "github.com/argoproj/argo-cd/v2/util/cache/appstate"
 	"github.com/argoproj/argo-cd/v2/util/db"
 	"github.com/argoproj/argo-cd/v2/util/gpg"
@@ -71,7 +71,7 @@ type comparisonResult struct {
 	resources            []v1alpha1.ResourceStatus
 	managedResources     []managedResource
 	reconciliationResult sync.ReconciliationResult
-	diffConfig           argodiff.DiffConfig
+	diffNormalizer       diff.Normalizer
 	appSourceType        v1alpha1.ApplicationSourceType
 	// timings maps phases of comparison to the duration it took to complete (for statistical purposes)
 	timings        map[string]time.Duration
@@ -140,10 +140,6 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, source v1alpha1
 	if err != nil {
 		return nil, nil, err
 	}
-	enabledSourceTypes, err := m.settingsMgr.GetEnabledSourceTypes()
-	if err != nil {
-		return nil, nil, err
-	}
 	ts.AddCheckpoint("plugins_ms")
 	tools := make([]*appv1.ConfigManagementPlugin, len(plugins))
 	for i := range plugins {
@@ -171,24 +167,23 @@ func (m *appStateManager) getRepoObjs(app *v1alpha1.Application, source v1alpha1
 	}
 	ts.AddCheckpoint("version_ms")
 	manifestInfo, err := repoClient.GenerateManifest(context.Background(), &apiclient.ManifestRequest{
-		Repo:               repo,
-		Repos:              permittedHelmRepos,
-		Revision:           revision,
-		NoCache:            noCache,
-		NoRevisionCache:    noRevisionCache,
-		AppLabelKey:        appLabelKey,
-		AppName:            app.Name,
-		Namespace:          app.Spec.Destination.Namespace,
-		ApplicationSource:  &source,
-		Plugins:            tools,
-		KustomizeOptions:   kustomizeOptions,
-		KubeVersion:        serverVersion,
-		ApiVersions:        argo.APIResourcesToStrings(apiResources, true),
-		VerifySignature:    verifySignature,
-		HelmRepoCreds:      permittedHelmCredentials,
-		TrackingMethod:     string(argo.GetTrackingMethod(m.settingsMgr)),
-		EnabledSourceTypes: enabledSourceTypes,
-		HelmOptions:        helmOptions,
+		Repo:              repo,
+		Repos:             permittedHelmRepos,
+		Revision:          revision,
+		NoCache:           noCache,
+		NoRevisionCache:   noRevisionCache,
+		AppLabelKey:       appLabelKey,
+		AppName:           app.Name,
+		Namespace:         app.Spec.Destination.Namespace,
+		ApplicationSource: &source,
+		Plugins:           tools,
+		KustomizeOptions:  kustomizeOptions,
+		KubeVersion:       serverVersion,
+		ApiVersions:       argo.APIResourcesToStrings(apiResources, true),
+		VerifySignature:   verifySignature,
+		HelmRepoCreds:     permittedHelmCredentials,
+		TrackingMethod:    string(argo.GetTrackingMethod(m.settingsMgr)),
+		HelmOptions:       helmOptions,
 	})
 	if err != nil {
 		return nil, nil, err
@@ -262,22 +257,24 @@ func DeduplicateTargetObjects(
 	return result, conditions, nil
 }

-// getComparisonSettings will return the system level settings related to the
-// diff/normalization process.
-func (m *appStateManager) getComparisonSettings() (string, map[string]v1alpha1.ResourceOverride, *settings.ResourcesFilter, error) {
+func (m *appStateManager) getComparisonSettings(app *appv1.Application) (string, map[string]v1alpha1.ResourceOverride, diff.Normalizer, *settings.ResourcesFilter, error) {
 	resourceOverrides, err := m.settingsMgr.GetResourceOverrides()
 	if err != nil {
-		return "", nil, nil, err
+		return "", nil, nil, nil, err
 	}
 	appLabelKey, err := m.settingsMgr.GetAppInstanceLabelKey()
 	if err != nil {
-		return "", nil, nil, err
+		return "", nil, nil, nil, err
+	}
+	diffNormalizer, err := argo.NewDiffNormalizer(app.Spec.IgnoreDifferences, resourceOverrides)
+	if err != nil {
+		return "", nil, nil, nil, err
 	}
 	resFilter, err := m.settingsMgr.GetResourcesFilter()
 	if err != nil {
-		return "", nil, nil, err
+		return "", nil, nil, nil, err
 	}
-	return appLabelKey, resourceOverrides, resFilter, nil
+	return appLabelKey, resourceOverrides, diffNormalizer, resFilter, nil
 }

 // verifyGnuPGSignature verifies the result of a GnuPG operation for a given git
@@ -319,13 +316,64 @@ func verifyGnuPGSignature(revision string, project *appv1.AppProject, manifestIn
 	return conditions
 }

+func (m *appStateManager) diffArrayCached(configArray []*unstructured.Unstructured, liveArray []*unstructured.Unstructured, cachedDiff []*appv1.ResourceDiff, opts ...diff.Option) (*diff.DiffResultList, error) {
+	numItems := len(configArray)
+	if len(liveArray) != numItems {
+		return nil, fmt.Errorf("left and right arrays have mismatched lengths")
+	}
+
+	diffByKey := map[kube.ResourceKey]*appv1.ResourceDiff{}
+	for i := range cachedDiff {
+		res := cachedDiff[i]
+		diffByKey[kube.NewResourceKey(res.Group, res.Kind, res.Namespace, res.Name)] = cachedDiff[i]
+	}
+
+	diffResultList := diff.DiffResultList{
+		Diffs: make([]diff.DiffResult, numItems),
+	}
+
+	for i := 0; i < numItems; i++ {
+		config := configArray[i]
+		live := liveArray[i]
+		resourceVersion := ""
+		var key kube.ResourceKey
+		if live != nil {
+			key = kube.GetResourceKey(live)
+			resourceVersion = live.GetResourceVersion()
+		} else {
+			key = kube.GetResourceKey(config)
+		}
+		var dr *diff.DiffResult
+		if cachedDiff, ok := diffByKey[key]; ok && cachedDiff.ResourceVersion == resourceVersion {
+			dr = &diff.DiffResult{
+				NormalizedLive: []byte(cachedDiff.NormalizedLiveState),
+				PredictedLive:  []byte(cachedDiff.PredictedLiveState),
+				Modified:       cachedDiff.Modified,
+			}
+		} else {
+			res, err := diff.Diff(configArray[i], liveArray[i], opts...)
+			if err != nil {
+				return nil, err
+			}
+			dr = res
+		}
+		if dr != nil {
+			diffResultList.Diffs[i] = *dr
+			if dr.Modified {
+				diffResultList.Modified = true
+			}
+		}
+	}
+
+	return &diffResultList, nil
+}
+
 // CompareAppState compares application git state to the live app state, using the specified
 // revision and supplied source. If revision or overrides are empty, then compares against
 // revision and overrides in the app spec.
 func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *appv1.AppProject, revision string, source v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localManifests []string) *comparisonResult {
 	ts := stats.NewTimingStats()
-	appLabelKey, resourceOverrides, resFilter, err := m.getComparisonSettings()
-
+	appLabelKey, resourceOverrides, diffNormalizer, resFilter, err := m.getComparisonSettings(app)
 	ts.AddCheckpoint("settings_ms")

 	// return unknown comparison result if basic comparison settings cannot be loaded
@@ -446,26 +494,32 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 		compareOptions = settings.GetDefaultDiffOptions()
 	}

+	logCtx.Debugf("built managed objects list")
+	var diffResults *diff.DiffResultList
+
+	diffOpts := []diff.Option{
+		diff.WithNormalizer(diffNormalizer),
+		diff.IgnoreAggregatedRoles(compareOptions.IgnoreAggregatedRoles),
+	}
+	cachedDiff := make([]*appv1.ResourceDiff, 0)
 	// restore comparison using cached diff result if previous comparison was performed for the same revision
 	revisionChanged := manifestInfo == nil || app.Status.Sync.Revision != manifestInfo.Revision
 	specChanged := !reflect.DeepEqual(app.Status.Sync.ComparedTo, appv1.ComparedTo{Source: app.Spec.Source, Destination: app.Spec.Destination})
+
 	_, refreshRequested := app.IsRefreshRequested()
-	noCache = noCache || refreshRequested || app.Status.Expired(m.statusRefreshTimeout) || specChanged || revisionChanged
+	noCache = noCache || refreshRequested || app.Status.Expired(m.statusRefreshTimeout)

-	diffConfigBuilder := argodiff.NewDiffConfigBuilder().
-		WithDiffSettings(app.Spec.IgnoreDifferences, resourceOverrides, compareOptions.IgnoreAggregatedRoles).
-		WithTracking(appLabelKey, string(trackingMethod))
-
-	if noCache {
-		diffConfigBuilder.WithNoCache()
-	} else {
-		diffConfigBuilder.WithCache(m.cache, app.GetName())
+	for i := range reconciliation.Target {
+		_ = m.resourceTracking.Normalize(reconciliation.Target[i], reconciliation.Live[i], appLabelKey, string(trackingMethod))
+	}
+
+	if noCache || specChanged || revisionChanged || m.cache.GetAppManagedResources(app.Name, &cachedDiff) != nil {
+		// (rare) cache miss
+		diffResults, err = diff.DiffArray(reconciliation.Target, reconciliation.Live, diffOpts...)
+	} else {
+		diffResults, err = m.diffArrayCached(reconciliation.Target, reconciliation.Live, cachedDiff, diffOpts...)
 	}
-	// it necessary to ignore the error at this point to avoid creating duplicated
-	// application conditions as argo.StateDiffs will validate this diffConfig again.
-	diffConfig, _ := diffConfigBuilder.Build()

-	diffResults, err := argodiff.StateDiffs(reconciliation.Live, reconciliation.Target, diffConfig)
 	if err != nil {
 		diffResults = &diff.DiffResultList{}
 		failedToLoadObjs = true
@@ -586,7 +640,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 		resources:            resourceSummaries,
 		managedResources:     managedResources,
 		reconciliationResult: reconciliation,
-		diffConfig:           diffConfig,
+		diffNormalizer:       diffNormalizer,
 		diffResultList:       diffResults,
 	}
 	if manifestInfo != nil {
--- a/controller/sync.go
+++ b/controller/sync.go
@@ -2,7 +2,6 @@ package controller

 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"os"
 	"strconv"
@@ -12,7 +11,6 @@ import (
 	"github.com/argoproj/gitops-engine/pkg/sync"
 	"github.com/argoproj/gitops-engine/pkg/sync/common"
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
-	jsonpatch "github.com/evanphx/json-patch"
 	log "github.com/sirupsen/logrus"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -24,7 +22,6 @@ import (
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	listersv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v2/util/argo"
-	"github.com/argoproj/argo-cd/v2/util/argo/diff"
 	logutils "github.com/argoproj/argo-cd/v2/util/log"
 	"github.com/argoproj/argo-cd/v2/util/lua"
 	"github.com/argoproj/argo-cd/v2/util/rand"
@@ -181,24 +178,9 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		return
 	}

-	reconciliationResult := compareResult.reconciliationResult
-
-	// if RespectIgnoreDifferences is enabled, it should normalize the target
-	// resources which in this case applies the live values in the configured
-	// ignore differences fields.
-	if syncOp.SyncOptions.HasOption("RespectIgnoreDifferences=true") {
-		patchedTargets, err := normalizeTargetResources(compareResult)
-		if err != nil {
-			state.Phase = common.OperationError
-			state.Message = fmt.Sprintf("Failed to normalize target resources: %s", err)
-			return
-		}
-		reconciliationResult.Target = patchedTargets
-	}
-
 	syncCtx, cleanup, err := sync.NewSyncContext(
 		compareResult.syncStatus.Revision,
-		reconciliationResult,
+		compareResult.reconciliationResult,
 		restConfig,
 		rawConfig,
 		m.kubectl,
@@ -279,147 +261,6 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	}
 }

-// normalizeTargetResources will apply the diff normalization in all live and target resources.
-// Then it calculates the merge patch between the normalized live and the current live resources.
-// Finally it applies the merge patch in the normalized target resources. This is done to ensure
-// that target resources have the same ignored diff fields values from live ones to avoid them to
-// be applied in the cluster. Returns the list of normalized target resources.
-func normalizeTargetResources(cr *comparisonResult) ([]*unstructured.Unstructured, error) {
-	// normalize live and target resources
-	normalized, err := diff.Normalize(cr.reconciliationResult.Live, cr.reconciliationResult.Target, cr.diffConfig)
-	if err != nil {
-		return nil, err
-	}
-	patchedTargets := []*unstructured.Unstructured{}
-	for idx, live := range cr.reconciliationResult.Live {
-		normalizedTarget := normalized.Targets[idx]
-		if normalizedTarget == nil {
-			patchedTargets = append(patchedTargets, nil)
-			continue
-		}
-		originalTarget := cr.reconciliationResult.Target[idx]
-		if live == nil {
-			patchedTargets = append(patchedTargets, originalTarget)
-			continue
-		}
-		// calculate targetPatch between normalized and target resource
-		targetPatch, err := getMergePatch(normalizedTarget, originalTarget)
-		if err != nil {
-			return nil, err
-		}
-
-		// check if there is a patch to apply. An empty patch is identified by a '{}' string.
-		if len(targetPatch) > 2 {
-			livePatch, err := getMergePatch(normalized.Lives[idx], live)
-			if err != nil {
-				return nil, err
-			}
-			// generate a minimal patch that uses the fields from targetPatch (template)
-			// with livePatch values
-			patch, err := compilePatch(targetPatch, livePatch)
-			if err != nil {
-				return nil, err
-			}
-			normalizedTarget, err = applyMergePatch(normalizedTarget, patch)
-			if err != nil {
-				return nil, err
-			}
-		} else {
-			// if there is no patch just use the original target
-			normalizedTarget = originalTarget
-		}
-		patchedTargets = append(patchedTargets, normalizedTarget)
-	}
-	return patchedTargets, nil
-}
-
-// compilePatch will generate a patch using the fields from templatePatch with
-// the values from valuePatch.
-func compilePatch(templatePatch, valuePatch []byte) ([]byte, error) {
-	templateMap := make(map[string]interface{})
-	err := json.Unmarshal(templatePatch, &templateMap)
-	if err != nil {
-		return nil, err
-	}
-	valueMap := make(map[string]interface{})
-	err = json.Unmarshal(valuePatch, &valueMap)
-	if err != nil {
-		return nil, err
-	}
-	resultMap := intersectMap(templateMap, valueMap)
-	return json.Marshal(resultMap)
-}
-
-// intersectMap will return map with the fields intersection from the 2 provided
-// maps populated with the valueMap values.
-func intersectMap(templateMap, valueMap map[string]interface{}) map[string]interface{} {
-	result := make(map[string]interface{})
-	for k, v := range templateMap {
-		if innerTMap, ok := v.(map[string]interface{}); ok {
-			if innerVMap, ok := valueMap[k].(map[string]interface{}); ok {
-				result[k] = intersectMap(innerTMap, innerVMap)
-			}
-		} else if innerTSlice, ok := v.([]interface{}); ok {
-			if innerVSlice, ok := valueMap[k].([]interface{}); ok {
-				items := []interface{}{}
-				for idx, innerTSliceValue := range innerTSlice {
-					if idx < len(innerVSlice) {
-						if tSliceValueMap, ok := innerTSliceValue.(map[string]interface{}); ok {
-							if vSliceValueMap, ok := innerVSlice[idx].(map[string]interface{}); ok {
-								item := intersectMap(tSliceValueMap, vSliceValueMap)
-								items = append(items, item)
-							}
-						} else {
-							items = append(items, innerVSlice[idx])
-						}
-					}
-				}
-				if len(items) > 0 {
-					result[k] = items
-				}
-			}
-		} else {
-			if _, ok := valueMap[k]; ok {
-				result[k] = valueMap[k]
-			}
-		}
-	}
-	return result
-}
-
-// getMergePatch calculates and returns the patch between the original and the
-// modified unstructures.
-func getMergePatch(original, modified *unstructured.Unstructured) ([]byte, error) {
-	originalJSON, err := original.MarshalJSON()
-	if err != nil {
-		return nil, err
-	}
-	modifiedJSON, err := modified.MarshalJSON()
-	if err != nil {
-		return nil, err
-	}
-	return jsonpatch.CreateMergePatch(originalJSON, modifiedJSON)
-}
-
-// applyMergePatch will apply the given patch in the obj and return the patched
-// unstructure.
-func applyMergePatch(obj *unstructured.Unstructured, patch []byte) (*unstructured.Unstructured, error) {
-	originalJSON, err := obj.MarshalJSON()
-	if err != nil {
-		return nil, err
-	}
-	patchedJSON, err := jsonpatch.MergePatch(originalJSON, patch)
-	if err != nil {
-		return nil, err
-	}
-	patchedObj := &unstructured.Unstructured{}
-	_, _, err = unstructured.UnstructuredJSONScheme.Decode(patchedJSON, nil, patchedObj)
-	if err != nil {
-		return nil, err
-	}
-	return patchedObj, nil
-}
-
 // hasSharedResourceCondition will check if the Application has any resource that has already
 // been synced by another Application. If the resource is found in another Application it returns
 // true along with a human readable message of which specific resource has this condition.
--- a/controller/sync_test.go
+++ b/controller/sync_test.go
@@ -5,20 +5,16 @@ import (
 	"os"
 	"testing"

-	"github.com/argoproj/gitops-engine/pkg/sync"
 	"github.com/argoproj/gitops-engine/pkg/sync/common"
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"

-	"github.com/argoproj/argo-cd/v2/controller/testdata"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	"github.com/argoproj/argo-cd/v2/test"
-	"github.com/argoproj/argo-cd/v2/util/argo/diff"
 )

 func TestPersistRevisionHistory(t *testing.T) {
@@ -215,136 +211,3 @@ func TestAppStateManager_SyncAppState(t *testing.T) {
 		assert.Contains(t, opState.Message, syncErrorMsg)
 	})
 }
-
-func TestNormalizeTargetResources(t *testing.T) {
-	type fixture struct {
-		comparisonResult *comparisonResult
-	}
-	setup := func(t *testing.T, ignores []v1alpha1.ResourceIgnoreDifferences) *fixture {
-		t.Helper()
-		dc, err := diff.NewDiffConfigBuilder().
-			WithDiffSettings(ignores, nil, true).
-			WithNoCache().
-			Build()
-		require.NoError(t, err)
-		live := test.YamlToUnstructured(testdata.LiveDeploymentYaml)
-		target := test.YamlToUnstructured(testdata.TargetDeploymentYaml)
-		return &fixture{
-			&comparisonResult{
-				reconciliationResult: sync.ReconciliationResult{
-					Live:   []*unstructured.Unstructured{live},
-					Target: []*unstructured.Unstructured{target},
-				},
-				diffConfig: dc,
-			},
-		}
-	}
-	t.Run("will modify target resource adding live state in fields it should ignore", func(t *testing.T) {
-		// given
-		ignore := v1alpha1.ResourceIgnoreDifferences{
-			Group:                 "*",
-			Kind:                  "*",
-			ManagedFieldsManagers: []string{"janitor"},
-		}
-		ignores := []v1alpha1.ResourceIgnoreDifferences{ignore}
-		f := setup(t, ignores)
-
-		// when
-		targets, err := normalizeTargetResources(f.comparisonResult)
-
-		// then
-		require.NoError(t, err)
-		require.Equal(t, 1, len(targets))
-		iksmVersion := targets[0].GetAnnotations()["iksm-version"]
-		assert.Equal(t, "2.0", iksmVersion)
-	})
-	t.Run("will not modify target resource if ignore difference is not configured", func(t *testing.T) {
-		// given
-		f := setup(t, []v1alpha1.ResourceIgnoreDifferences{})
-
-		// when
-		targets, err := normalizeTargetResources(f.comparisonResult)
-
-		// then
-		require.NoError(t, err)
-		require.Equal(t, 1, len(targets))
-		iksmVersion := targets[0].GetAnnotations()["iksm-version"]
-		assert.Equal(t, "1.0", iksmVersion)
-	})
-	t.Run("will remove fields from target if not present in live", func(t *testing.T) {
-		ignore := v1alpha1.ResourceIgnoreDifferences{
-			Group:        "apps",
-			Kind:         "Deployment",
-			JSONPointers: []string{"/metadata/annotations/iksm-version"},
-		}
-		ignores := []v1alpha1.ResourceIgnoreDifferences{ignore}
-		f := setup(t, ignores)
-		live := f.comparisonResult.reconciliationResult.Live[0]
-		unstructured.RemoveNestedField(live.Object, "metadata", "annotations", "iksm-version")
-
-		// when
-		targets, err := normalizeTargetResources(f.comparisonResult)
-
-		// then
-		require.NoError(t, err)
-		require.Equal(t, 1, len(targets))
-		_, ok := targets[0].GetAnnotations()["iksm-version"]
-		assert.False(t, ok)
-	})
-	t.Run("will correctly normalize with multiple ignore configurations", func(t *testing.T) {
-		// given
-		ignores := []v1alpha1.ResourceIgnoreDifferences{
-			{
-				Group:        "apps",
-				Kind:         "Deployment",
-				JSONPointers: []string{"/spec/replicas"},
-			},
-			{
-				Group:                 "*",
-				Kind:                  "*",
-				ManagedFieldsManagers: []string{"janitor"},
-			},
-		}
-		f := setup(t, ignores)
-
-		// when
-		targets, err := normalizeTargetResources(f.comparisonResult)
-
-		// then
-		require.NoError(t, err)
-		require.Equal(t, 1, len(targets))
-		normalized := targets[0]
-		iksmVersion, ok := normalized.GetAnnotations()["iksm-version"]
-		require.True(t, ok)
-		assert.Equal(t, "2.0", iksmVersion)
-		replicas, ok, err := unstructured.NestedInt64(normalized.Object, "spec", "replicas")
-		require.NoError(t, err)
-		require.True(t, ok)
-		assert.Equal(t, int64(4), replicas)
-	})
-	t.Run("will keep new array entries not found in live state if not ignored", func(t *testing.T) {
-		t.Skip("limitation in the current implementation")
-		// given
-		ignores := []v1alpha1.ResourceIgnoreDifferences{
-			{
-				Group:             "apps",
-				Kind:              "Deployment",
-				JQPathExpressions: []string{".spec.template.spec.containers[] | select(.name == \"guestbook-ui\")"},
-			},
-		}
-		f := setup(t, ignores)
-		target := test.YamlToUnstructured(testdata.TargetDeploymentNewEntries)
-		f.comparisonResult.reconciliationResult.Target = []*unstructured.Unstructured{target}
-
-		// when
-		targets, err := normalizeTargetResources(f.comparisonResult)
-
-		// then
-		require.NoError(t, err)
-		require.Equal(t, 1, len(targets))
-		containers, ok, err := unstructured.NestedSlice(targets[0].Object, "spec", "template", "spec", "containers")
-		require.NoError(t, err)
-		require.True(t, ok)
-		assert.Equal(t, 2, len(containers))
-	})
-}
--- a/controller/testdata/data.go
+++ b/controller/testdata/data.go
@@ -1,14 +0,0 @@
-package testdata
-
-import _ "embed"
-
-var (
-	//go:embed live-deployment.yaml
-	LiveDeploymentYaml string
-
-	//go:embed target-deployment.yaml
-	TargetDeploymentYaml string
-
-	//go:embed target-deployment-new-entries.yaml
-	TargetDeploymentNewEntries string
-)
--- a/controller/testdata/live-deployment.yaml
+++ b/controller/testdata/live-deployment.yaml
@@ -1,177 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  annotations:
-    argocd.argoproj.io/tracking-id: 'guestbook:apps/Deployment:default/kustomize-guestbook-ui'
-    deployment.kubernetes.io/revision: '9'
-    iksm-version: '2.0'
-    kubectl.kubernetes.io/last-applied-configuration: >
-      {"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{"argocd.argoproj.io/tracking-id":"guestbook:apps/Deployment:default/kustomize-guestbook-ui","iksm-version":"2.0"},"name":"kustomize-guestbook-ui","namespace":"default"},"spec":{"replicas":4,"revisionHistoryLimit":3,"selector":{"matchLabels":{"app":"guestbook-ui"}},"template":{"metadata":{"labels":{"app":"guestbook-ui"}},"spec":{"containers":[{"env":[{"name":"SOME_ENV_VAR","value":"some_value"}],"image":"gcr.io/heptio-images/ks-guestbook-demo:0.1","name":"guestbook-ui","ports":[{"containerPort":80}],"resources":{"requests":{"cpu":"50m","memory":"100Mi"}}}]}}}}
-  creationTimestamp: '2022-01-05T15:45:21Z'
-  generation: 119
-  managedFields:
-    - apiVersion: apps/v1
-      fieldsType: FieldsV1
-      fieldsV1:
-        'f:metadata':
-          'f:annotations':
-            'f:iksm-version': {}
-      manager: janitor
-      operation: Apply
-      time: '2022-01-06T18:21:04Z'
-    - apiVersion: apps/v1
-      fieldsType: FieldsV1
-      fieldsV1:
-        'f:metadata':
-          'f:annotations':
-            .: {}
-            'f:argocd.argoproj.io/tracking-id': {}
-            'f:kubectl.kubernetes.io/last-applied-configuration': {}
-        'f:spec':
-          'f:progressDeadlineSeconds': {}
-          'f:replicas': {}
-          'f:revisionHistoryLimit': {}
-          'f:selector': {}
-          'f:strategy':
-            'f:rollingUpdate':
-              .: {}
-              'f:maxSurge': {}
-              'f:maxUnavailable': {}
-            'f:type': {}
-          'f:template':
-            'f:metadata':
-              'f:labels':
-                .: {}
-                'f:app': {}
-            'f:spec':
-              'f:containers':
-                'k:{"name":"guestbook-ui"}':
-                  .: {}
-                  'f:env':
-                    .: {}
-                    'k:{"name":"SOME_ENV_VAR"}':
-                      .: {}
-                      'f:name': {}
-                      'f:value': {}
-                  'f:image': {}
-                  'f:imagePullPolicy': {}
-                  'f:name': {}
-                  'f:ports':
-                    .: {}
-                    'k:{"containerPort":80,"protocol":"TCP"}':
-                      .: {}
-                      'f:containerPort': {}
-                      'f:protocol': {}
-                  'f:resources':
-                    .: {}
-                    'f:requests':
-                      .: {}
-                      'f:cpu': {}
-                      'f:memory': {}
-                  'f:terminationMessagePath': {}
-                  'f:terminationMessagePolicy': {}
-              'f:dnsPolicy': {}
-              'f:restartPolicy': {}
-              'f:schedulerName': {}
-              'f:securityContext': {}
-              'f:terminationGracePeriodSeconds': {}
-      manager: argocd
-      operation: Update
-      time: '2022-01-06T15:04:15Z'
-    - apiVersion: apps/v1
-      fieldsType: FieldsV1
-      fieldsV1:
-        'f:metadata':
-          'f:annotations':
-            'f:deployment.kubernetes.io/revision': {}
-        'f:status':
-          'f:availableReplicas': {}
-          'f:conditions':
-            .: {}
-            'k:{"type":"Available"}':
-              .: {}
-              'f:lastTransitionTime': {}
-              'f:lastUpdateTime': {}
-              'f:message': {}
-              'f:reason': {}
-              'f:status': {}
-              'f:type': {}
-            'k:{"type":"Progressing"}':
-              .: {}
-              'f:lastTransitionTime': {}
-              'f:lastUpdateTime': {}
-              'f:message': {}
-              'f:reason': {}
-              'f:status': {}
-              'f:type': {}
-          'f:observedGeneration': {}
-          'f:readyReplicas': {}
-          'f:replicas': {}
-          'f:updatedReplicas': {}
-      manager: kube-controller-manager
-      operation: Update
-      time: '2022-01-06T18:15:14Z'
-  name: kustomize-guestbook-ui
-  namespace: default
-  resourceVersion: '8289211'
-  uid: ef253575-ce44-4c5e-84ad-16e81d0df6eb
-spec:
-  progressDeadlineSeconds: 600
-  replicas: 4
-  revisionHistoryLimit: 3
-  selector:
-    matchLabels:
-      app: guestbook-ui
-  strategy:
-    rollingUpdate:
-      maxSurge: 25%
-      maxUnavailable: 25%
-    type: RollingUpdate
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        app: guestbook-ui
-    spec:
-      containers:
-        - env:
-            - name: SOME_ENV_VAR
-              value: some_value
-          image: 'gcr.io/heptio-images/ks-guestbook-demo:0.1'
-          imagePullPolicy: IfNotPresent
-          name: guestbook-ui
-          ports:
-            - containerPort: 80
-              protocol: TCP
-          resources:
-            requests:
-              cpu: 50m
-              memory: 100Mi
-          terminationMessagePath: /dev/termination-log
-          terminationMessagePolicy: File
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
-      schedulerName: default-scheduler
-      securityContext: {}
-      terminationGracePeriodSeconds: 30
-status:
-  availableReplicas: 4
-  conditions:
-    - lastTransitionTime: '2022-01-05T22:20:37Z'
-      lastUpdateTime: '2022-01-05T22:43:47Z'
-      message: >-
-        ReplicaSet "kustomize-guestbook-ui-6549d54677" has successfully
-        progressed.
-      reason: NewReplicaSetAvailable
-      status: 'True'
-      type: Progressing
-    - lastTransitionTime: '2022-01-06T18:15:14Z'
-      lastUpdateTime: '2022-01-06T18:15:14Z'
-      message: Deployment has minimum availability.
-      reason: MinimumReplicasAvailable
-      status: 'True'
-      type: Available
-  observedGeneration: 119
-  readyReplicas: 4
-  replicas: 4
-  updatedReplicas: 4
--- a/controller/testdata/target-deployment-new-entries.yaml
+++ b/controller/testdata/target-deployment-new-entries.yaml
@@ -1,36 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  annotations:
-    argocd.argoproj.io/tracking-id: 'guestbook:apps/Deployment:default/kustomize-guestbook-ui'
-    iksm-version: '1.0'
-  name: kustomize-guestbook-ui
-  namespace: default
-spec:
-  replicas: 1
-  revisionHistoryLimit: 3
-  selector:
-    matchLabels:
-      app: guestbook-ui
-  template:
-    metadata:
-      labels:
-        app: guestbook-ui
-    spec:
-      containers:
-        - name: guestbook-ui
-          image: 'gcr.io/heptio-images/ks-guestbook-demo:0.1'
-          env:
-            - name: SOME_ENV_VAR
-              value: some_value
-            - name: NEW_ENV_VAR
-              value: new_value
-          ports:
-            - containerPort: 80
-            - grpcPort: 8081
-          resources:
-            requests:
-              cpu: 50m
-              memory: 100Mi
-        - name: new-container
-          image: 'new-image:1.0'
--- a/controller/testdata/target-deployment.yaml
+++ b/controller/testdata/target-deployment.yaml
@@ -1,31 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  annotations:
-    argocd.argoproj.io/tracking-id: 'guestbook:apps/Deployment:default/kustomize-guestbook-ui'
-    iksm-version: '1.0'
-  name: kustomize-guestbook-ui
-  namespace: default
-spec:
-  replicas: 1
-  revisionHistoryLimit: 3
-  selector:
-    matchLabels:
-      app: guestbook-ui
-  template:
-    metadata:
-      labels:
-        app: guestbook-ui
-    spec:
-      containers:
-        - env:
-            - name: SOME_ENV_VAR
-              value: some_value
-          image: 'gcr.io/heptio-images/ks-guestbook-demo:0.1'
-          name: guestbook-ui
-          ports:
-            - containerPort: 80
-          resources:
-            requests:
-              cpu: 50m
-              memory: 100Mi
--- a/docs/cli_installation.md
+++ b/docs/cli_installation.md
@@ -4,12 +4,6 @@ You can download the latest Argo CD version from [the latest release page of thi

 ## Linux and WSL

-### ArchLinux User Repository ([AUR](https://aur.archlinux.org/packages/))
-
-```bash
-yay -Sy argocd-bin
-```
-
 ### Homebrew

 ```bash
--- a/docs/developer-guide/toolchain-guide.md
+++ b/docs/developer-guide/toolchain-guide.md
@@ -28,7 +28,7 @@ You will need at least the following things in your toolchain in order to develo

 * Obviously, you will need a `git` client for pulling source code and pushing back your changes.

-* Last but not least, you will need a Go SDK and related tools (such as GNU `make`) installed and working on your development environment. The minimum required Go version for building and testing Argo CD is **v1.17**.
+* Last but not least, you will need a Go SDK and related tools (such as GNU `make`) installed and working on your development environment. The minimum required Go version for building and testing Argo CD is **v1.16**.

 * We will assume that your Go workspace is at `~/go`.

--- a/docs/faq.md
+++ b/docs/faq.md
@@ -86,18 +86,6 @@ data:
      name: stable
 ```

-## After deploying my Helm application with Argo CD I cannot see it with `helm ls` and other Helm commands
-
-When deploying a Helm application Argo CD is using Helm 
-only as a template mechanism. It runs `helm template` and
-then deploys the resulting manifests on the cluster instead of doing `helm install`. This means that you cannot use any Helm command
-to view/verify the application. It is fully managed by Argo CD.
-Note that Argo CD supports natively some capabilities that you might miss in Helm (such as the history and rollback commands).
-
-This decision was made so that Argo CD is neutral
-to all manifest generators.
-
-
 ## I've configured [cluster secret](./operator-manual/declarative-setup.md#clusters) but it does not show up in CLI/UI, how do I fix it?

 Check if cluster secret has `argocd.argoproj.io/secret-type: cluster` label. If secret has the label but the cluster is
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -18,7 +18,7 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/st
 This will create a new namespace, `argocd`, where Argo CD services and application resources will live.

 !!! warning
-    The installation manifests include `ClusterRoleBinding` resources that reference `argocd` namespace. If you are installing Argo CD into a different
+    The installation manifests include `ClusterRoleBinding` resources that reference `argocd` namespace. If you installing Argo CD into a different
    namespace then make sure to update the namespace reference.

 If you are not interested in UI, SSO, multi-cluster features then you can install [core](operator-manual/installation.md#core) Argo CD components only:
@@ -133,7 +133,7 @@ An example repository containing a guestbook application is available at
 Create the example guestbook application with the following command:

 ```bash
-argocd app create guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path guestbook --dest-server https://kubernetes.default.svc --dest-namespace default
+argocd app create guestbook --repo https://github.com/argoproj/argocd-example-apps.git --path guestbook --dest-server https://kubernetes.default.svc --dest-namespace default`
 ```

 ### Creating Apps Via UI
--- a/docs/operator-manual/application.yaml
+++ b/docs/operator-manual/application.yaml
@@ -4,7 +4,7 @@ metadata:
  name: guestbook
  # You'll usually want to add your resources to the argocd namespace.
  namespace: argocd
-  # Add this finalizer ONLY if you want these to cascade delete.
+  # Add a this finalizer ONLY if you want these to cascade delete.
  finalizers:
    - resources-finalizer.argocd.argoproj.io
 spec:
@@ -13,12 +13,11 @@ spec:

  # Source of the application manifests
  source:
-    repoURL: https://github.com/argoproj/argocd-example-apps.git  # Can point to either a Helm chart repo or a git repo.
-    targetRevision: HEAD  # For Helm, this refers to the chart version.
-    path: guestbook  # This has no meaning for Helm charts pulled directly from a Helm repo instead of git.
+    repoURL: https://github.com/argoproj/argocd-example-apps.git
+    targetRevision: HEAD
+    path: guestbook

    # helm specific config
-    chart: chart-name  # Set this when pulling directly from a Helm repo. DO NOT set for git-hosted Helm charts.
    helm:
      # Extra parameters to set (same as setting through values.yaml, but these take precedence)
      parameters:
@@ -28,11 +27,6 @@ spec:
        value: "true"
        forceString: true # ensures that value is treated as a string

-      # Use the contents of files as parameters (uses Helm's --set-file)
-      fileParameters:
-      - name: config
-        path: files/config.json
-
      # Release name override (defaults to application name)
      releaseName: guestbook

@@ -88,12 +82,17 @@ spec:
        - code: false
          name: foo
          value: bar
+      # Exclude contains a glob pattern to match paths against that should be explicitly excluded from being used during
+      # manifest generation. This takes precedence over the `include` field.
+      # To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{config.yaml,env-use2/*}'
+      exclude: 'config.yaml'
+      # Include contains a glob pattern to match paths against that should be explicitly included during manifest
+      # generation. If this field is set, only matching manifests will be included.
+      # To match multiple patterns, wrap the patterns in {} and separate them with commas. For example: '{*.yml,*.yaml}'
+      include: '*.yaml'

    # plugin specific config
    plugin:
-      # Only set the plugin name if the plugin is defined in argocd-cm.
-      # If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the
-      # Application according to the plugin's discovery rules.
      name: mypluginname
      # environment variables passed to the plugin
      env:
@@ -124,16 +123,9 @@ spec:
        factor: 2 # a factor to multiply the base duration after each failed retry
        maxDuration: 3m # the maximum amount of time allowed for the backoff strategy

-  # Will ignore differences between live and desired states during the diff. Note that these configurations are not
-  # used during the sync process.
+  # Ignore differences at the specified json pointers
  ignoreDifferences:
-  # for the specified json pointers
  - group: apps
    kind: Deployment
    jsonPointers:
    - /spec/replicas
-  # for the specified managedFields managers
-  - group: "*"
-    kind: "*"
-    managedFieldsManagers:
-    - kube-controller-manager
--- a/docs/operator-manual/architecture.md
+++ b/docs/operator-manual/architecture.md
@@ -31,3 +31,4 @@ The application controller is a Kubernetes controller which continuously monitor
 applications and compares the current, live state against the desired target state (as specified in
 the repo). It detects `OutOfSync` application state and optionally takes corrective action. It
 is responsible for invoking any user-defined hooks for lifecycle events (PreSync, Sync, PostSync)
+
--- a/docs/operator-manual/argocd-cm.yaml
+++ b/docs/operator-manual/argocd-cm.yaml
@@ -30,12 +30,6 @@ data:
  help.chatUrl: "https://mycorp.slack.com/argo-cd"
  # the text for getting chat help, defaults to "Chat now!"
  help.chatText: "Chat now!"
-  # The URLs to download additional ArgoCD binaries (besides the Linux amd64 binary included by default)
-  # for different OS architectures. If provided, additional download buttons will be displayed on the help page.
-  help.download.linux-arm64: "path-or-url-to-download"
-  help.download.darwin-amd64: "path-or-url-to-download"
-  help.download.darwin-arm64: "path-or-url-to-download"
-  help.download.windows-amd64: "path-or-url-to-download"

  # A dex connector configuration (optional). See SSO configuration documentation:
  # https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/sso
@@ -81,16 +75,6 @@ data:
    - /webhooks/0/clientConfig/caBundle
    jqPathExpressions:
    - .webhooks[0].clientConfig.caBundle
-    managedFieldsManagers:
-    - kube-controller-manager
-
-  # Configuration to define customizations ignoring differences between live and desired states for
-  # all resources (GK).
-  resource.customizations.ignoreDifferences.all: |
-    managedFieldsManagers:
-    - kube-controller-manager
-    jsonPointers:
-    - /spec/replicas

  resource.customizations.health.certmanager.k8s.io-Certificate: |
    hs = {}
@@ -199,13 +183,6 @@ data:
      generate:
        command: [kasane, show]

-  # A set of settings that allow enabling or disabling the config management tool.
-  # If unset, each defaults to "true".
-  kustomize.enabled: true
-  jsonnet.enabled: true
-  helm.enabled: true
-  ksonnet.enabled: true
-
  # Build options/parameters to use with `kustomize build` (optional)
  kustomize.buildOptions: --load_restrictor none

--- a/docs/operator-manual/cluster-bootstrapping.md
+++ b/docs/operator-manual/cluster-bootstrapping.md
@@ -93,21 +93,3 @@ argocd app sync -l app.kubernetes.io/instance=apps
 ```

 View [the example on GitHub](https://github.com/argoproj/argocd-example-apps/tree/master/apps).
-
-
-
-### Cascading deletion
-
-If you want to ensure that child-apps and all of their resources are deleted when the parent-app is deleted make sure to add the appropriate [finalizer](https://argo-cd-docs.readthedocs.io/en/latest/user-guide/app_deletion/#about-the-deletion-finalizer) to your `Application` definition
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: guestbook
-  namespace: argocd
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
- ...
-``` 
--- a/docs/operator-manual/custom_tools.md
+++ b/docs/operator-manual/custom_tools.md
@@ -5,9 +5,9 @@ as part of its container images. Sometimes, it may be desired to use a specific
 other than what Argo CD bundles. Some reasons to do this might be:

 * To upgrade/downgrade to a specific version of a tool due to bugs or bug fixes.
-* To install additional dependencies to be used by kustomize's configmap/secret generators.
+* To install additional dependencies which to be used by kustomize's configmap/secret generators
  (e.g. curl, vault, gpg, AWS CLI)
-* To install a [config management plugin](../user-guide/config-management-plugins.md).
+* To install a [config management plugin](../user-guide/application_sources.md#config-management-plugins)

 As the Argo CD repo-server is the single service responsible for generating Kubernetes manifests, it
 can be customized to use alternative toolchain required by your environment.
@@ -46,7 +46,7 @@ the helm binary with a different version than what is bundled in Argo CD:

 ## BYOI (Build Your Own Image)

-Sometimes replacing a binary isn't sufficient, and you need to install other dependencies. The
+Sometimes replacing a binary isn't sufficient and you need to install other dependencies. The
 following example builds an entirely customized repo-server from a Dockerfile, installing extra
 dependencies that may be needed for generating manifests.

--- a/docs/operator-manual/declarative-setup.md
+++ b/docs/operator-manual/declarative-setup.md
@@ -213,7 +213,6 @@ stringData:
 Example for GitHub App:

 ```yaml
-apiVersion: v1
 kind: Secret
 metadata:
  name: github-repo
@@ -225,7 +224,7 @@ stringData:
  repo: https://github.com/argoproj/my-private-repository
  githubAppID: 1
  githubAppInstallationID: 2
-  githubAppPrivateKey: |
+  githubAppPrivateKeySecret: |
    -----BEGIN OPENSSH PRIVATE KEY-----
    ...
    -----END OPENSSH PRIVATE KEY-----
@@ -483,6 +482,7 @@ The secret data must include following fields:
 * `name` - cluster name
 * `server` - cluster api server url
 * `namespaces` - optional comma-separated list of namespaces which are accessible in that cluster. Cluster level resources would be ignored if namespace list is not empty.
+* `clusterResources` - optional boolean string (`"true"` or `"false"`) determining whether Argo CD can manage cluster-level resources on this cluster. This setting is used only if the list of managed namespaces is not empty.
 * `config` - JSON representation of following data structure:

 ```yaml
--- a/docs/operator-manual/high_availability.md
+++ b/docs/operator-manual/high_availability.md
@@ -32,7 +32,7 @@ and might fail. To avoid failed syncs use `ARGOCD_GIT_ATTEMPTS_COUNT` environmen

 * `argocd-repo-server` Every 3m (by default) Argo CD checks for changes to the app manifests. Argo CD assumes by default that manifests only change when the repo changes, so it caches generated manifests (for 24h by default). With Kustomize remote bases, or Helm patch releases, the manifests can change even though the repo has not changed. By reducing the cache time, you can get the changes without waiting for 24h. Use `--repo-cache-expiration duration`, and we'd suggest in low volume environments you try '1h'. Bear in mind this will negate the benefit of caching if set too low. 

-* `argocd-repo-server` fork exec config management tools such as `helm` or `kustomize` and enforces 90 seconds timeout. The timeout can be increased using `ARGOCD_EXEC_TIMEOUT` env variable. The value should be in Go time duration string format, for example, `2m30s`.
+* `argocd-repo-server` fork exec config management tools such as `helm` or `kustomize` and enforces 90 seconds timeout. The timeout can be increased using `ARGOCD_EXEC_TIMEOUT` env variable.

 **metrics:**

@@ -61,7 +61,7 @@ number of allowed concurrent kubectl fork/execs.
 * The controller uses Kubernetes watch APIs to maintain lightweight Kubernetes cluster cache. This allows to avoid querying Kubernetes during app reconciliation and significantly improve
 performance. For performance reasons controller monitors and caches only preferred the version of a resource. During reconciliation, the controller might have to convert cached resource from
 preferred version into a version of the resource stored in Git. If `kubectl convert` fails because conversion is not supported then controller falls back to Kubernetes API query which slows down
-reconciliation. In this case advice user-preferred resource version in Git.
+reconciliation. In this case, we advise you to use the preferred resource version in Git.

 * The controller polls Git every 3m by default. You can increase this duration using `timeout.reconciliation` setting in the `argocd-cm` ConfigMap.

@@ -126,19 +126,17 @@ If the manifest generation has no side effects then requests are processed in pa

 ### Webhook and Manifest Paths Annotation

-Argo CD aggressively caches generated manifests and uses repository commit SHA as a cache key. A new commit to the Git repository invalidates cache for all applications configured in the repository
-that again negatively affect mono repositories with multiple applications. You might use [webhooks ⧉](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/webhook.md) and `argocd.argoproj.io/manifest-generate-paths` Application
-CRD annotation to solve this problem and improve performance.
+Argo CD aggressively caches generated manifests and uses the repository commit SHA as a cache key. A new commit to the Git repository invalidates the cache for all applications configured in the repository.
+This can negatively affect repositories with multiple applications. You can use [webhooks](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/webhook.md) and the `argocd.argoproj.io/manifest-generate-paths` Application CRD annotation to solve this problem and improve performance.

-The `argocd.argoproj.io/manifest-generate-paths` contains a semicolon-separated list of paths within the Git repository that are used during manifest generation. The webhook compares paths specified in the annotation
-with the changed files specified in the webhook payload. If non of the changed files are located in the paths then webhook don't trigger application reconciliation and re-uses previously generated manifests cache for a new commit.
+The `argocd.argoproj.io/manifest-generate-paths` annotation contains a semicolon-separated list of paths within the Git repository that are used during manifest generation. The webhook compares paths specified in the annotation with the changed files specified in the webhook payload. If no modified files match the paths specified in `argocd.argoproj.io/manifest-generate-paths`, then the webhook will not trigger application reconciliation and the existing cache will be considered valid for the new commit.

-Installations that use a different repo for each app are **not** subject to this behavior and will likely get no benefit from using these annotations.
+Installations that use a different repository for each application are **not** subject to this behavior and will likely get no benefit from using these annotations.

 !!! note
-    Application manifest paths annotation support depends on the git provider used for the Application. It is currently only supported for GitHub, GitLab, and Gogs based repos
-I'm using `.Second()` modifier to avoid distracting users who already rely on `--app-resync` flag.
-* **Relative path** The annotation might contains relative path. In this case the path is considered relative to the path specified in the application source:
+    Application manifest paths annotation support depends on the git provider used for the Application. It is currently only supported for GitHub, GitLab, and Gogs based repos.
+
+* **Relative path** The annotation might contain a relative path. In this case the path is considered relative to the path specified in the application source:

 ```yaml
 apiVersion: argoproj.io/v1alpha1
@@ -156,7 +154,8 @@ spec:
    path: guestbook
 # ...
 ```
-* **Absolute path** The annotation value might be an absolute path started from '/'. In this case path is considered as an absolute path within the Git repository:
+
+* **Absolute path** The annotation value might be an absolute path starting with '/'. In this case path is considered as an absolute path within the Git repository:

 ```yaml
 apiVersion: argoproj.io/v1alpha1
--- a/docs/operator-manual/ingress.md
+++ b/docs/operator-manual/ingress.md
@@ -32,19 +32,15 @@ metadata:
  name: argocd-server-cli
  namespace: argocd
 spec:
-  # NOTE: the port must be ignored if you have strip_matching_host_port enabled on envoy
  host: argocd.example.com:443
  prefix: /
-  service: argocd-server:80
-  regex_headers:
-    Content-Type: "^application/grpc.*$"
-  grpc: true
+  service: argocd-server:443
 ```

-Login with the `argocd` CLI:
+Login with the `argocd` CLI using the extra `--grpc-web-root-path` flag for gRPC-web.

 ```shell
-argocd login <host>
+argocd login <host>:<port> --grpc-web-root-path /
 ```

 ### Option 2: Mapping CRD for Path-based Routing
@@ -450,7 +446,7 @@ To:

 ### Creating a service

-Now you need an externally accesible service. This is practically the same as the internal service Argo CD has, but with Google Cloud annotations. Note that this service is annotated to use a [Network Endpoint Group](https://cloud.google.com/load-balancing/docs/negs) (NEG) to allow your load balancer to send traffic directly to your pods without using kube-proxy, so remove the `neg` annotation it that's not what you want.
+Now you need an externally accesible service. This is practically the same as the internal service Argo CD has, but as a NodePort and with Google Cloud annotations. Note that this service is annotated to use a [Network Endpoint Group](https://cloud.google.com/load-balancing/docs/negs) (NEG) to allow your load balancer to send traffic directly to your pods without using kube-proxy, so remove the `neg` annotation it that's not what you want.

 The service:

@@ -458,13 +454,13 @@ The service:
 apiVersion: v1
 kind: Service
 metadata:
-  name: argocd-server
+  name: argocd-server-external
  namespace: argocd
  annotations:
    cloud.google.com/neg: '{"ingress": true}'
    cloud.google.com/backend-config: '{"ports": {"http":"argocd-backend-config"}}'
 spec:
-  type: ClusterIP
+  type: NodePort
  ports:
  - name: http
    port: 80
@@ -532,7 +528,7 @@ kubectl -n argocd create secret tls secret-yourdomain-com \

 And finally, to top it all, our Ingress. Note the reference to our frontend config, the service, and to the certificate secret:
 ```yaml
-apiVersion: networking.k8s.io/v1
+apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
  name: argocd
@@ -544,16 +540,19 @@ spec:
    - secretName: secret-yourdomain-com
  rules:
    - host: argocd.yourdomain.com
-    http:
-      paths:
-      - pathType: Prefix
-        path: "/"
-        backend:
-          service:
-            name: argocd-server
-            port:
-              number: 80
+      http:
+        paths:
+          - path: /*
+            backend:
+              serviceName: argocd-server-external
+              servicePort: http
 ```
+---
+!!! warning "Deprecation Warning"
+
+    Note that, according to this [deprecation guide](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122), if you're using Kubernetes 1.22+, instead of `networking.k8s.io/v1beta1`, you should use `networking.k8s.io/v1`.
+
+---

 As you may know already, it can take some minutes to deploy the load balancer and become ready to accept connections. Once it's ready, get the public IP address for your Load Balancer, go to your DNS server (Google or third party) and point your domain or subdomain (i.e. argocd.yourdomain.com) to that IP address.

--- a/docs/operator-manual/metrics.md
+++ b/docs/operator-manual/metrics.md
@@ -9,7 +9,7 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin
 |--------|:----:|-------------|
 | `argocd_app_info` | gauge | Information about Applications. It contains labels such as `sync_status` and `health_status` that reflect the application state in ArgoCD. |
 | `argocd_app_k8s_request_total` | counter | Number of kubernetes requests executed during application reconciliation |
-| `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section bellow about how to enable it. |
+| `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section below about how to enable it. |
 | `argocd_app_reconcile` | histogram | Application reconciliation performance. |
 | `argocd_app_sync_total` | counter | Counter for application sync history |
 | `argocd_cluster_api_resource_objects` | gauge | Number of k8s resource objects in the cache. |
@@ -41,7 +41,7 @@ Some examples are:
 As the Application labels are specific to each company, this feature is disabled by default. To enable it, add the
 `--metrics-application-labels` flag to the ArgoCD application controller.

-The example bellow will expose the ArgoCD Application labels `team-name` and `business-unit` to Prometheus:
+The example below will expose the ArgoCD Application labels `team-name` and `business-unit` to Prometheus:

    containers:
    - command:
--- a/docs/operator-manual/notifications.md
+++ b/docs/operator-manual/notifications.md
@@ -0,0 +1,14 @@
+# Notifications
+
+The notifications support is not bundled into the Argo CD itself. Instead of reinventing the wheel and implementing opinionated notifications system Argo CD leverages integrations
+with the third-party notification system. Following integrations are recommended:
+
+* To monitor Argo CD performance or health state of managed applications use [Prometheus Metrics](./metrics.md) in combination with [Grafana](https://grafana.com/),
+[Alertmanager](https://prometheus.io/docs/alerting/alertmanager/).
+* To notify the end-users of  Argo CD about events like application upgrades, user errors in application definition, etc use one of the following projects:
+    * [ArgoCD Notifications](https://github.com/argoproj-labs/argocd-notifications) - Argo CD specific notification system that continuously monitors Argo CD applications 
+    and aims to integrate with various notification services such as Slack, SMTP, Telegram, Discord, etc.
+    * [Argo Kube Notifier](https://github.com/argoproj-labs/argo-kube-notifier) - generic Kubernetes resource controller that allows monitoring any Kubernetes resource and sends a
+    notification when the configured rule is met.
+    * [Kube Watch](https://github.com/bitnami-labs/kubewatch) - a Kubernetes watcher that could publishes notification to Slack/hipchat/mattermost/flock channels. It watches the
+    cluster for resource changes and notifies them through webhooks.
--- a/docs/operator-manual/notifications/argocd-notifications-cm.yaml
+++ b/docs/operator-manual/notifications/argocd-notifications-cm.yaml
@@ -1,95 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-notifications-cm
-data:
-  # Triggers define the condition when the notification should be sent and list of templates required to generate the message
-  # Recipients can subscribe to the trigger and specify the required message template and destination notification service.
-  trigger.on-sync-status-unknown: |
-    - when: app.status.sync.status == 'Unknown'
-      send: [my-custom-template]
-
-  # Optional 'oncePer' property ensure that notification is sent only once per specified field value
-  # E.g. following is triggered once per sync revision
-  trigger.on-deployed: |
-    - when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
-      oncePer: app.status.sync.revision
-      send: [app-sync-succeeded]
-
-  # Templates are used to generate the notification template message
-  template.my-custom-template: |
-    message: |
-      Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
-
-  # Templates might have notification service specific fields. E.g. slack message might include annotations
-  template.my-custom-template-slack-template: |
-    message: |
-      Application {{.app.metadata.name}} sync is {{.app.status.sync.status}}.
-      Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
-    email:
-      subject: Application {{.app.metadata.name}} sync status is {{.app.status.sync.status}}
-    slack:
-      attachments: |
-        [{
-          "title": "{{.app.metadata.name}}",
-          "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-          "color": "#18be52"
-        }]
-
-  # Holds list of triggers that are used by default if trigger is not specified explicitly in the subscription
-  defaultTriggers: |
-    - on-sync-status-unknown
-
-  # Notification services are used to deliver message.
-  # Service definition might reference values from argocd-notifications-secret Secret using $my-key format
-  # Service format key is: service.<type>.<optional-custom-name>
-  #  Slack
-  service.slack: |
-    token: $slack-token
-    username: <override-username> # optional username
-    icon: <override-icon> # optional icon for the message (supports both emoij and url notation)
-
-  #  Slack based notifier with name mattermost
-  service.slack.mattermost: |
-    apiURL: https://my-mattermost-url.com/api
-    token: $slack-token
-    username: <override-username> # optional username
-    icon: <override-icon> # optional icon for the message (supports both emoij and url notation)
-
-  #  Email
-  service.email: |
-    host: smtp.gmail.com
-    port: 587
-    from: <myemail>@gmail.com
-    username: $email-username
-    password: $email-password
-
-  #  Opsgenie
-  service.opsgenie: |
-    apiUrl: api.opsgenie.com
-    apiKeys:
-      $opsgenie-team-id: $opsgenie-team-api-key
-      ...
-
-  #  Telegram
-  service.telegram: |
-    token: $telegram-token
-
-  # Context holds list of variables that can be referenced in templates
-  context: |
-    argocdUrl: https://cd.apps.argoproj.io/
-
-  # Contains centrally managed global application subscriptions
-  subscriptions: |
-    # subscription for on-sync-status-unknown trigger notifications
-    - recipients:
-      - slack:test2
-      - email:test@gmail.com
-      triggers:
-      - on-sync-status-unknown
-    # subscription restricted to applications with matching labels only
-    - recipients:
-      - slack:test3
-      selector: test=true
-      triggers:
-      - on-sync-status-unknown
--- a/docs/operator-manual/notifications/argocd-notifications-secret.yaml
+++ b/docs/operator-manual/notifications/argocd-notifications-secret.yaml
@@ -1,10 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
-  name: argocd-notifications-secret
-stringData:
-  slack-token: <my-slack-token>
-  email-username: <myemail>@gmail.com
-  email-password: <mypassword>
-
-type: Opaque
--- a/docs/operator-manual/notifications/catalog.md
+++ b/docs/operator-manual/notifications/catalog.md
@@ -1,531 +0,0 @@
-# Triggers and Templates Catalog
-## Triggers
-|          NAME          |                          DESCRIPTION                          |                      TEMPLATE                       |
-|------------------------|---------------------------------------------------------------|-----------------------------------------------------|
-| on-created             | Application is created.                                       | [app-created](#app-created)                         |
-| on-deleted             | Application is deleted.                                       | [app-deleted](#app-deleted)                         |
-| on-deployed            | Application is synced and healthy. Triggered once per commit. | [app-deployed](#app-deployed)                       |
-| on-health-degraded     | Application has degraded                                      | [app-health-degraded](#app-health-degraded)         |
-| on-sync-failed         | Application syncing has failed                                | [app-sync-failed](#app-sync-failed)                 |
-| on-sync-running        | Application is being synced                                   | [app-sync-running](#app-sync-running)               |
-| on-sync-status-unknown | Application status is 'Unknown'                               | [app-sync-status-unknown](#app-sync-status-unknown) |
-| on-sync-succeeded      | Application syncing has succeeded                             | [app-sync-succeeded](#app-sync-succeeded)           |
-
-## Templates
-### app-created
-**definition**:
-```yaml
-email:
-  subject: Application {{.app.metadata.name}} has been created.
-message: Application {{.app.metadata.name}} has been created.
-teams:
-  title: Application {{.app.metadata.name}} has been created.
-
-```
-### app-deleted
-**definition**:
-```yaml
-email:
-  subject: Application {{.app.metadata.name}} has been deleted.
-message: Application {{.app.metadata.name}} has been deleted.
-teams:
-  title: Application {{.app.metadata.name}} has been deleted.
-
-```
-### app-deployed
-**definition**:
-```yaml
-email:
-  subject: New version of an application {{.app.metadata.name}} is up and running.
-message: |
-  {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} is now running new version of deployments manifests.
-slack:
-  attachments: |
-    [{
-      "title": "{{ .app.metadata.name}}",
-      "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-      "color": "#18be52",
-      "fields": [
-      {
-        "title": "Sync Status",
-        "value": "{{.app.status.sync.status}}",
-        "short": true
-      },
-      {
-        "title": "Repository",
-        "value": "{{.app.spec.source.repoURL}}",
-        "short": true
-      },
-      {
-        "title": "Revision",
-        "value": "{{.app.status.sync.revision}}",
-        "short": true
-      }
-      {{range $index, $c := .app.status.conditions}}
-      {{if not $index}},{{end}}
-      {{if $index}},{{end}}
-      {
-        "title": "{{$c.type}}",
-        "value": "{{$c.message}}",
-        "short": true
-      }
-      {{end}}
-      ]
-    }]
-  deliveryPolicy: Post
-  groupingKey: ""
-  notifyBroadcast: false
-teams:
-  facts: |
-    [{
-      "name": "Sync Status",
-      "value": "{{.app.status.sync.status}}"
-    },
-    {
-      "name": "Repository",
-      "value": "{{.app.spec.source.repoURL}}"
-    },
-    {
-      "name": "Revision",
-      "value": "{{.app.status.sync.revision}}"
-    }
-    {{range $index, $c := .app.status.conditions}}
-      {{if not $index}},{{end}}
-      {{if $index}},{{end}}
-      {
-        "name": "{{$c.type}}",
-        "value": "{{$c.message}}"
-      }
-    {{end}}
-    ]
-  potentialAction: |-
-    [{
-      "@type":"OpenUri",
-      "name":"Operation Application",
-      "targets":[{
-        "os":"default",
-        "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}"
-      }]
-    },
-    {
-      "@type":"OpenUri",
-      "name":"Open Repository",
-      "targets":[{
-        "os":"default",
-        "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}"
-      }]
-    }]
-  themeColor: '#000080'
-  title: New version of an application {{.app.metadata.name}} is up and running.
-
-```
-### app-health-degraded
-**definition**:
-```yaml
-email:
-  subject: Application {{.app.metadata.name}} has degraded.
-message: |
-  {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} has degraded.
-  Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
-slack:
-  attachments: |
-    [{
-      "title": "{{ .app.metadata.name}}",
-      "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-      "color": "#f4c030",
-      "fields": [
-      {
-        "title": "Health Status",
-        "value": "{{.app.status.health.status}}",
-        "short": true
-      },
-      {
-        "title": "Repository",
-        "value": "{{.app.spec.source.repoURL}}",
-        "short": true
-      }
-      {{range $index, $c := .app.status.conditions}}
-      {{if not $index}},{{end}}
-      {{if $index}},{{end}}
-      {
-        "title": "{{$c.type}}",
-        "value": "{{$c.message}}",
-        "short": true
-      }
-      {{end}}
-      ]
-    }]
-  deliveryPolicy: Post
-  groupingKey: ""
-  notifyBroadcast: false
-teams:
-  facts: |
-    [{
-      "name": "Health Status",
-      "value": "{{.app.status.health.status}}"
-    },
-    {
-      "name": "Repository",
-      "value": "{{.app.spec.source.repoURL}}"
-    }
-    {{range $index, $c := .app.status.conditions}}
-      {{if not $index}},{{end}}
-      {{if $index}},{{end}}
-      {
-        "name": "{{$c.type}}",
-        "value": "{{$c.message}}"
-      }
-    {{end}}
-    ]
-  potentialAction: |
-    [{
-      "@type":"OpenUri",
-      "name":"Open Application",
-      "targets":[{
-        "os":"default",
-        "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}"
-      }]
-    },
-    {
-      "@type":"OpenUri",
-      "name":"Open Repository",
-      "targets":[{
-        "os":"default",
-        "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}"
-      }]
-    }]
-  themeColor: '#FF0000'
-  title: Application {{.app.metadata.name}} has degraded.
-
-```
-### app-sync-failed
-**definition**:
-```yaml
-email:
-  subject: Failed to sync application {{.app.metadata.name}}.
-message: |
-  {{if eq .serviceType "slack"}}:exclamation:{{end}}  The sync operation of application {{.app.metadata.name}} has failed at {{.app.status.operationState.finishedAt}} with the following error: {{.app.status.operationState.message}}
-  Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
-slack:
-  attachments: |
-    [{
-      "title": "{{ .app.metadata.name}}",
-      "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-      "color": "#E96D76",
-      "fields": [
-      {
-        "title": "Sync Status",
-        "value": "{{.app.status.sync.status}}",
-        "short": true
-      },
-      {
-        "title": "Repository",
-        "value": "{{.app.spec.source.repoURL}}",
-        "short": true
-      }
-      {{range $index, $c := .app.status.conditions}}
-      {{if not $index}},{{end}}
-      {{if $index}},{{end}}
-      {
-        "title": "{{$c.type}}",
-        "value": "{{$c.message}}",
-        "short": true
-      }
-      {{end}}
-      ]
-    }]
-  deliveryPolicy: Post
-  groupingKey: ""
-  notifyBroadcast: false
-teams:
-  facts: |
-    [{
-      "name": "Sync Status",
-      "value": "{{.app.status.sync.status}}"
-    },
-    {
-      "name": "Failed at",
-      "value": "{{.app.status.operationState.finishedAt}}"
-    },
-    {
-      "name": "Repository",
-      "value": "{{.app.spec.source.repoURL}}"
-    }
-    {{range $index, $c := .app.status.conditions}}
-      {{if not $index}},{{end}}
-      {{if $index}},{{end}}
-      {
-        "name": "{{$c.type}}",
-        "value": "{{$c.message}}"
-      }
-    {{end}}
-    ]
-  potentialAction: |-
-    [{
-      "@type":"OpenUri",
-      "name":"Open Operation",
-      "targets":[{
-        "os":"default",
-        "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
-      }]
-    },
-    {
-      "@type":"OpenUri",
-      "name":"Open Repository",
-      "targets":[{
-        "os":"default",
-        "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}"
-      }]
-    }]
-  themeColor: '#FF0000'
-  title: Failed to sync application {{.app.metadata.name}}.
-
-```
-### app-sync-running
-**definition**:
-```yaml
-email:
-  subject: Start syncing application {{.app.metadata.name}}.
-message: |
-  The sync operation of application {{.app.metadata.name}} has started at {{.app.status.operationState.startedAt}}.
-  Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
-slack:
-  attachments: |
-    [{
-      "title": "{{ .app.metadata.name}}",
-      "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-      "color": "#0DADEA",
-      "fields": [
-      {
-        "title": "Sync Status",
-        "value": "{{.app.status.sync.status}}",
-        "short": true
-      },
-      {
-        "title": "Repository",
-        "value": "{{.app.spec.source.repoURL}}",
-        "short": true
-      }
-      {{range $index, $c := .app.status.conditions}}
-      {{if not $index}},{{end}}
-      {{if $index}},{{end}}
-      {
-        "title": "{{$c.type}}",
-        "value": "{{$c.message}}",
-        "short": true
-      }
-      {{end}}
-      ]
-    }]
-  deliveryPolicy: Post
-  groupingKey: ""
-  notifyBroadcast: false
-teams:
-  facts: |
-    [{
-      "name": "Sync Status",
-      "value": "{{.app.status.sync.status}}"
-    },
-    {
-      "name": "Started at",
-      "value": "{{.app.status.operationState.startedAt}}"
-    },
-    {
-      "name": "Repository",
-      "value": "{{.app.spec.source.repoURL}}"
-    }
-    {{range $index, $c := .app.status.conditions}}
-      {{if not $index}},{{end}}
-      {{if $index}},{{end}}
-      {
-        "name": "{{$c.type}}",
-        "value": "{{$c.message}}"
-      }
-    {{end}}
-    ]
-  potentialAction: |-
-    [{
-      "@type":"OpenUri",
-      "name":"Open Operation",
-      "targets":[{
-        "os":"default",
-        "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
-      }]
-    },
-    {
-      "@type":"OpenUri",
-      "name":"Open Repository",
-      "targets":[{
-        "os":"default",
-        "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}"
-      }]
-    }]
-  title: Start syncing application {{.app.metadata.name}}.
-
-```
-### app-sync-status-unknown
-**definition**:
-```yaml
-email:
-  subject: Application {{.app.metadata.name}} sync status is 'Unknown'
-message: |
-  {{if eq .serviceType "slack"}}:exclamation:{{end}} Application {{.app.metadata.name}} sync is 'Unknown'.
-  Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
-  {{if ne .serviceType "slack"}}
-  {{range $c := .app.status.conditions}}
-      * {{$c.message}}
-  {{end}}
-  {{end}}
-slack:
-  attachments: |
-    [{
-      "title": "{{ .app.metadata.name}}",
-      "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-      "color": "#E96D76",
-      "fields": [
-      {
-        "title": "Sync Status",
-        "value": "{{.app.status.sync.status}}",
-        "short": true
-      },
-      {
-        "title": "Repository",
-        "value": "{{.app.spec.source.repoURL}}",
-        "short": true
-      }
-      {{range $index, $c := .app.status.conditions}}
-      {{if not $index}},{{end}}
-      {{if $index}},{{end}}
-      {
-        "title": "{{$c.type}}",
-        "value": "{{$c.message}}",
-        "short": true
-      }
-      {{end}}
-      ]
-    }]
-  deliveryPolicy: Post
-  groupingKey: ""
-  notifyBroadcast: false
-teams:
-  facts: |
-    [{
-      "name": "Sync Status",
-      "value": "{{.app.status.sync.status}}"
-    },
-    {
-      "name": "Repository",
-      "value": "{{.app.spec.source.repoURL}}"
-    }
-    {{range $index, $c := .app.status.conditions}}
-      {{if not $index}},{{end}}
-      {{if $index}},{{end}}
-      {
-        "name": "{{$c.type}}",
-        "value": "{{$c.message}}"
-      }
-    {{end}}
-    ]
-  potentialAction: |-
-    [{
-      "@type":"OpenUri",
-      "name":"Open Application",
-      "targets":[{
-        "os":"default",
-        "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}"
-      }]
-    },
-    {
-      "@type":"OpenUri",
-      "name":"Open Repository",
-      "targets":[{
-        "os":"default",
-        "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}"
-      }]
-    }]
-  title: Application {{.app.metadata.name}} sync status is 'Unknown'
-
-```
-### app-sync-succeeded
-**definition**:
-```yaml
-email:
-  subject: Application {{.app.metadata.name}} has been successfully synced.
-message: |
-  {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
-  Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
-slack:
-  attachments: |
-    [{
-      "title": "{{ .app.metadata.name}}",
-      "title_link":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-      "color": "#18be52",
-      "fields": [
-      {
-        "title": "Sync Status",
-        "value": "{{.app.status.sync.status}}",
-        "short": true
-      },
-      {
-        "title": "Repository",
-        "value": "{{.app.spec.source.repoURL}}",
-        "short": true
-      }
-      {{range $index, $c := .app.status.conditions}}
-      {{if not $index}},{{end}}
-      {{if $index}},{{end}}
-      {
-        "title": "{{$c.type}}",
-        "value": "{{$c.message}}",
-        "short": true
-      }
-      {{end}}
-      ]
-    }]
-  deliveryPolicy: Post
-  groupingKey: ""
-  notifyBroadcast: false
-teams:
-  facts: |
-    [{
-      "name": "Sync Status",
-      "value": "{{.app.status.sync.status}}"
-    },
-    {
-      "name": "Synced at",
-      "value": "{{.app.status.operationState.finishedAt}}"
-    },
-    {
-      "name": "Repository",
-      "value": "{{.app.spec.source.repoURL}}"
-    }
-    {{range $index, $c := .app.status.conditions}}
-      {{if not $index}},{{end}}
-      {{if $index}},{{end}}
-      {
-        "name": "{{$c.type}}",
-        "value": "{{$c.message}}"
-      }
-    {{end}}
-    ]
-  potentialAction: |-
-    [{
-      "@type":"OpenUri",
-      "name":"Operation Details",
-      "targets":[{
-        "os":"default",
-        "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
-      }]
-    },
-    {
-      "@type":"OpenUri",
-      "name":"Open Repository",
-      "targets":[{
-        "os":"default",
-        "uri":"{{.app.spec.source.repoURL | call .repo.RepoURLToHTTPS}}"
-      }]
-    }]
-  themeColor: '#000080'
-  title: Application {{.app.metadata.name}} has been successfully synced
-
-```
--- a/docs/operator-manual/notifications/functions.md
+++ b/docs/operator-manual/notifications/functions.md
@@ -1,79 +0,0 @@
-### **time**
-Time related functions.
-
-<hr>
-**`time.Now() Time`**
-
-Executes function built-in Golang [time.Now](https://golang.org/pkg/time/#Now) function. Returns an instance of
-Golang [Time](https://golang.org/pkg/time/#Time).
-
-<hr>
-**`time.Parse(val string) Time`**
-
-Parses specified string using RFC3339 layout. Returns an instance of Golang [Time](https://golang.org/pkg/time/#Time).
-
-### **strings**
-String related functions.
-
-<hr>
-**`strings.ReplaceAll() string`**
-
-Executes function built-in Golang [strings.ReplaceAll](https://pkg.go.dev/strings#ReplaceAll) function.
-
-<hr>
-**`strings.ToUpper() string`**
-
-Executes function built-in Golang [strings.ToUpper](https://pkg.go.dev/strings#ToUpper) function.
-
-<hr>
-**`strings.ToLower() string`**
-
-Executes function built-in Golang [strings.ToLower](https://pkg.go.dev/strings#ToLower) function.
-
-### **sync**
-
-<hr>
-**`sync.GetInfoItem(app map, name string) string`**
-Returns the `info` item value by given name stored in the Argo CD App sync operation.
-
-### **repo**
-Functions that provide additional information about Application source repository.
-<hr>
-**`repo.RepoURLToHTTPS(url string) string`**
-
-Transforms given GIT URL into HTTPs format.
-
-<hr>
-**`repo.FullNameByRepoURL(url string) string`**
-
-Returns repository URL full name `(<owner>/<repoName>)`. Currently supports only Github, Gitlab and Bitbucket.
-
-<hr>
-**`repo.GetCommitMetadata(sha string) CommitMetadata`**
-
-Returns commit metadata. The commit must belong to the application source repository. `CommitMetadata` fields:
-
-* `Message string` commit message
-* `Author string` - commit author
-* `Date time.Time` - commit creation date  
-* `Tags []string` - Associated tags
-
-<hr>
-**`repo.GetAppDetails() AppDetail`**
-
-Returns application details. `AppDetail` fields:
-
-* `Type string` - AppDetail type
-* `Helm HelmAppSpec` - Helm details
-  * Fields :
-    * `Name string`
-    * `ValueFiles []string`
-    * `Parameters []*v1alpha1.HelmParameter`
-    * `Values string`
-    * `FileParameters []*v1alpha1.HelmFileParameter`
-  * Methods :
-    * `GetParameterValueByName(Name string)` Retrieve value by name in Parameters field
-    * `GetFileParameterPathByName(Name string)` Retrieve path by name in FileParameters field
-* `Ksonnet *apiclient.KsonnetAppSpec` - Ksonnet details
-* `Kustomize *apiclient.KustomizeAppSpec` - Kustomize details
-* `Directory *apiclient.DirectoryAppSpec` - Directory details
--- a/docs/operator-manual/notifications/grafana-dashboard.json
+++ b/docs/operator-manual/notifications/grafana-dashboard.json
@@ -1,305 +0,0 @@
-{
-  "annotations": {
-    "list": [
-      {
-        "builtIn": 1,
-        "datasource": "-- Grafana --",
-        "enable": true,
-        "hide": true,
-        "iconColor": "rgba(0, 211, 255, 1)",
-        "name": "Annotations & Alerts",
-        "type": "dashboard"
-      }
-    ]
-  },
-  "editable": true,
-  "gnetId": null,
-  "graphTooltip": 0,
-  "id": 4,
-  "iteration": 1589141097815,
-  "links": [],
-  "panels": [
-    {
-      "aliasColors": {},
-      "bars": false,
-      "dashLength": 10,
-      "dashes": false,
-      "datasource": "$datasource",
-      "fill": 1,
-      "fillGradient": 0,
-      "gridPos": {
-        "h": 8,
-        "w": 12,
-        "x": 0,
-        "y": 0
-      },
-      "hiddenSeries": false,
-      "id": 4,
-      "legend": {
-        "avg": false,
-        "current": false,
-        "max": false,
-        "min": false,
-        "show": true,
-        "total": false,
-        "values": false
-      },
-      "lines": true,
-      "linewidth": 1,
-      "nullPointMode": "null",
-      "options": {
-        "dataLinks": []
-      },
-      "percentage": false,
-      "pointradius": 2,
-      "points": false,
-      "renderer": "flot",
-      "seriesOverrides": [],
-      "spaceLength": 10,
-      "stack": false,
-      "steppedLine": false,
-      "targets": [
-        {
-          "expr": "sum(increase(argocd_notifications_trigger_eval_total[$interval])) by (notifier)",
-          "refId": "A"
-        }
-      ],
-      "thresholds": [],
-      "timeFrom": null,
-      "timeRegions": [],
-      "timeShift": null,
-      "title": "Trigger Evaluations",
-      "tooltip": {
-        "shared": true,
-        "sort": 0,
-        "value_type": "individual"
-      },
-      "type": "graph",
-      "xaxis": {
-        "buckets": null,
-        "mode": "time",
-        "name": null,
-        "show": true,
-        "values": []
-      },
-      "yaxes": [
-        {
-          "format": "short",
-          "label": null,
-          "logBase": 1,
-          "max": null,
-          "min": null,
-          "show": true
-        },
-        {
-          "format": "short",
-          "label": null,
-          "logBase": 1,
-          "max": null,
-          "min": null,
-          "show": true
-        }
-      ],
-      "yaxis": {
-        "align": false,
-        "alignLevel": null
-      }
-    },
-    {
-      "aliasColors": {},
-      "bars": false,
-      "dashLength": 10,
-      "dashes": false,
-      "datasource": "$datasource",
-      "fill": 1,
-      "fillGradient": 0,
-      "gridPos": {
-        "h": 8,
-        "w": 12,
-        "x": 12,
-        "y": 0
-      },
-      "hiddenSeries": false,
-      "id": 2,
-      "legend": {
-        "avg": false,
-        "current": false,
-        "max": false,
-        "min": false,
-        "show": true,
-        "total": false,
-        "values": false
-      },
-      "lines": true,
-      "linewidth": 1,
-      "nullPointMode": "null",
-      "options": {
-        "dataLinks": []
-      },
-      "percentage": false,
-      "pointradius": 2,
-      "points": false,
-      "renderer": "flot",
-      "seriesOverrides": [],
-      "spaceLength": 10,
-      "stack": false,
-      "steppedLine": false,
-      "targets": [
-        {
-          "expr": "sum(increase(argocd_notifications_deliveries_total[$interval])) by (notifier)",
-          "refId": "A"
-        }
-      ],
-      "thresholds": [],
-      "timeFrom": null,
-      "timeRegions": [],
-      "timeShift": null,
-      "title": "Notification deliveries",
-      "tooltip": {
-        "shared": true,
-        "sort": 0,
-        "value_type": "individual"
-      },
-      "type": "graph",
-      "xaxis": {
-        "buckets": null,
-        "mode": "time",
-        "name": null,
-        "show": true,
-        "values": []
-      },
-      "yaxes": [
-        {
-          "format": "short",
-          "label": null,
-          "logBase": 1,
-          "max": null,
-          "min": null,
-          "show": true
-        },
-        {
-          "format": "short",
-          "label": null,
-          "logBase": 1,
-          "max": null,
-          "min": null,
-          "show": true
-        }
-      ],
-      "yaxis": {
-        "align": false,
-        "alignLevel": null
-      }
-    }
-  ],
-  "schemaVersion": 21,
-  "style": "dark",
-  "tags": [],
-  "templating": {
-    "list": [
-      {
-        "current": {
-          "text": "Prometheus",
-          "value": "Prometheus"
-        },
-        "hide": 0,
-        "includeAll": false,
-        "label": null,
-        "multi": false,
-        "name": "datasource",
-        "options": [],
-        "query": "prometheus",
-        "refresh": 1,
-        "regex": "",
-        "skipUrlSync": false,
-        "type": "datasource"
-      },
-      {
-        "auto": true,
-        "auto_count": 30,
-        "auto_min": "10s",
-        "current": {
-          "selected": false,
-          "text": "1m",
-          "value": "1m"
-        },
-        "hide": 0,
-        "label": null,
-        "name": "interval",
-        "options": [
-          {
-            "selected": false,
-            "text": "auto",
-            "value": "$__auto_interval_interval"
-          },
-          {
-            "selected": true,
-            "text": "1m",
-            "value": "1m"
-          },
-          {
-            "selected": false,
-            "text": "5m",
-            "value": "5m"
-          },
-          {
-            "selected": false,
-            "text": "10m",
-            "value": "10m"
-          },
-          {
-            "selected": false,
-            "text": "30m",
-            "value": "30m"
-          },
-          {
-            "selected": false,
-            "text": "1h",
-            "value": "1h"
-          },
-          {
-            "selected": false,
-            "text": "2h",
-            "value": "2h"
-          },
-          {
-            "selected": false,
-            "text": "4h",
-            "value": "4h"
-          },
-          {
-            "selected": false,
-            "text": "8h",
-            "value": "8h"
-          }
-        ],
-        "query": "1m,5m,10m,30m,1h,2h,4h,8h",
-        "refresh": 2,
-        "skipUrlSync": false,
-        "type": "interval"
-      }
-    ]
-  },
-  "time": {
-    "from": "now-15m",
-    "to": "now"
-  },
-  "timepicker": {
-    "refresh_intervals": [
-      "5s",
-      "10s",
-      "30s",
-      "1m",
-      "5m",
-      "15m",
-      "30m",
-      "1h",
-      "2h",
-      "1d"
-    ]
-  },
-  "timezone": "",
-  "title": "Argo CD Notifications",
-  "uid": "3qXvXigMz",
-  "version": 1
-}
--- a/docs/operator-manual/notifications/index.md
+++ b/docs/operator-manual/notifications/index.md
@@ -1,46 +0,0 @@
-# Overview
-
-Argo CD Notifications continuously monitors Argo CD applications and provides a flexible way to notify
-users about important changes in the application state. Using a flexible mechanism of
-[triggers](triggers.md) and [templates](templates.md) you can configure when the notification should be sent as
-well as notification content. Argo CD Notifications includes the [catalog](catalog.md) of useful triggers and templates.
-So you can just use them instead of reinventing new ones.
-
-## Getting Started
-
-* Install Triggers and Templates from the catalog
-
-```
-kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/notifications_catalog/install.yaml
-```
-
-* Add Email username and password token to `argocd-notifications-secret` secret
-
-```bash
-export EMAIL_USER=<your-username>
-export PASSWORD=<your-password>
-kubectl apply -n argocd -f - << EOF
-apiVersion: v1
-kind: Secret
-metadata:
-  name: argocd-notifications-secret
-stringData:
-  email-username: $EMAIL_USER
-  email-password: $PASSWORD
-type: Opaque
-EOF
-```
-
-* Register Email notification service
-
-```bash
-kubectl patch cm argocd-notifications-cm -n argocd --type merge -p '{"data": {"service.email.gmail": "{ username: $email-username, password: $email-password, host: smtp.gmail.com, port: 465, from: $email-username }" }}'
-```
-
-* Subscribe to notifications by adding the `notifications.argoproj.io/subscribe.on-sync-succeeded.slack` annotation to the Argo CD application or project:
-
-```bash
-kubectl patch app <my-app> -n argocd -p '{"metadata": {"annotations": {"notifications.argoproj.io/subscribe.on-sync-succeeded.slack":"<my-channel>"}}}' --type merge
-```
-
-Try syncing and application and get the notification once sync is completed.
--- a/docs/operator-manual/notifications/monitoring.md
+++ b/docs/operator-manual/notifications/monitoring.md
@@ -1,30 +0,0 @@
-# Monitoring
-
-The Argo CD Notification controller serves Prometheus metrics on port 9001.
-
-!!! note
-    Metrics port might be changed using the `--metrics-port` flag in `argocd-notifications-controller` deployment.
-
-## Metrics 
-The following metrics are available:
- 
-### `argocd_notifications_deliveries_total`
-  
- Number of delivered notifications.
- Labels:
-
-* `template` - notification template name 
-* `notifier` - notification service name
-* `succeeded` - flag that indicates if notification was successfully sent or failed.
-
-### `argocd_notifications_trigger_eval_total`
-  
- Number of trigger evaluations.
- Labels:
-
-* `name` - trigger name 
-* `triggered` - flag that indicates if trigger condition returned true of false.
-
-# Examples:
-
-* Grafana Dashboard: [grafana-dashboard.json](grafana-dashboard.json)
--- a/docs/operator-manual/notifications/services/alertmanager.md
+++ b/docs/operator-manual/notifications/services/alertmanager.md
@@ -1,164 +0,0 @@
-# Alertmanager
-
-## Parameters
-
-The notification service is used to push events to [Alertmanager](https://github.com/prometheus/alertmanager), and the following settings need to be specified:
-
-* `targets` - the alertmanager service address, array type
-* `scheme` - optional, default is "http", e.g. http or https
-* `apiPath` - optional, default is "/api/v2/alerts"
-* `insecureSkipVerify` - optional, default is "false", when scheme is https whether to skip the verification of ca
-* `basicAuth` - optional, server auth
-* `bearerToken` - optional, server auth
-* `timeout` - optional, the timeout in seconds used when sending alerts, default is "3 seconds"
-
-`basicAuth` or `bearerToken` is used for authentication, you can choose one. If the two are set at the same time, `basicAuth` takes precedence over `bearerToken`.
-
-## Example
-
-### Prometheus Alertmanager config
-
-```yaml
-global:
-  resolve_timeout: 5m
-
-route:
-  group_by: ['alertname']
-  group_wait: 10s
-  group_interval: 10s
-  repeat_interval: 1h
-  receiver: 'default'
-receivers:
- name: 'default'
-  webhook_configs:
-  - send_resolved: false
-    url: 'http://10.5.39.39:10080/api/alerts/webhook'
-```
-
-You should turn off "send_resolved" or you will receive unnecessary recovery notifications after "resolve_timeout".
-
-### Send one alertmanager without auth
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.alertmanager: |
-    targets:
-    - 10.5.39.39:9093
-```
-
-### Send alertmanager cluster with custom api path
-
-If your alertmanager has changed the default api, you can customize "apiPath".
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.alertmanager: |
-    targets:
-    - 10.5.39.39:443
-    scheme: https
-    apiPath: /api/events
-    insecureSkipVerify: true
-```
-
-### Send high availability alertmanager with auth
-
-Store auth token in `argocd-notifications-secret` Secret and use configure in `argocd-notifications-cm` ConfigMap.
-
-```yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <secret-name>
-stringData:
-  alertmanager-username: <username>
-  alertmanager-password: <password>
-  alertmanager-bearer-token: <token>
-```
-
- with basicAuth
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.alertmanager: |
-    targets:
-    - 10.5.39.39:19093
-    - 10.5.39.39:29093
-    - 10.5.39.39:39093
-    scheme: https
-    apiPath: /api/v2/alerts
-    insecureSkipVerify: true
-    basicAuth:
-      username: $alertmanager-username
-      password: $alertmanager-password   
-```
-
- with bearerToken
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.alertmanager: |
-    targets:
-    - 10.5.39.39:19093
-    - 10.5.39.39:29093
-    - 10.5.39.39:39093
-    scheme: https
-    apiPath: /api/v2/alerts
-    insecureSkipVerify: true
-    bearerToken: $alertmanager-bearer-token
-```
-
-## Templates
-
-* `labels` - at least one label pair required, implement different notification strategies according to alertmanager routing
-* `annotations` - optional, specifies a set of information labels, which can be used to store longer additional information, but only for display
-* `generatorURL` - optional, default is '{{.app.spec.source.repoURL}}', backlink used to identify the entity that caused this alert in the client
-
-the `label` or `annotations` or `generatorURL` values can be templated.
-
-```yaml
-context: |
-  argocdUrl: https://example.com/argocd
-
-template.app-deployed: |
-  message: Application {{.app.metadata.name}} has been healthy.
-  alertmanager:
-    labels:
-      fault_priority: "P5"
-      event_bucket: "deploy"
-      event_status: "succeed"
-      recipient: "{{.recipient}}"
-    annotations:
-      application: '<a href="{{.context.argocdUrl}}/applications/{{.app.metadata.name}}">{{.app.metadata.name}}</a>'
-      author: "{{(call .repo.GetCommitMetadata .app.status.sync.revision).Author}}"
-      message: "{{(call .repo.GetCommitMetadata .app.status.sync.revision).Message}}"
-```
-
-You can do targeted push on [Alertmanager](https://github.com/prometheus/alertmanager) according to labels.
-
-```yaml
-template.app-deployed: |
-  message: Application {{.app.metadata.name}} has been healthy.
-  alertmanager:
-    labels:
-      alertname: app-deployed
-      fault_priority: "P5"
-      event_bucket: "deploy"
-```
-
-There is a special label `alertname`. If you don’t set its value, it will be equal to the template name by default.
--- a/docs/operator-manual/notifications/services/email.md
+++ b/docs/operator-manual/notifications/services/email.md
@@ -1,63 +0,0 @@
-# Email
-
-## Parameters
-
-The Email notification service sends email notifications using SMTP protocol and requires specifying the following settings:
-
-* `host` - the SMTP server host name
-* `port` - the SMTP server port
-* `username` - username
-* `password` - password
-* `from` - from email address
-* `html` - optional bool, true or false
-* `insecure_skip_verify` - optional bool, true or false
-
-## Example
-
-The following snippet contains sample Gmail service configuration:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.email.gmail: |
-    username: $email-username
-    password: $email-password
-    host: smtp.gmail.com
-    port: 465
-    from: $email-username
-```
-
-Without authentication:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.email.example: |
-    host: smtp.example.com
-    port: 587
-    from: $email-username
-```
-
-## Template
-
-Notification templates support specifying subject for email notifications:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  template.app-sync-succeeded: |
-    email:
-      subject: Application {{.app.metadata.name}} has been successfully synced.
-    message: |
-      {{if eq .serviceType "slack"}}:white_check_mark:{{end}} Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
-      Sync operation details are available at: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true .
-```
--- a/docs/operator-manual/notifications/services/github.md
+++ b/docs/operator-manual/notifications/services/github.md
@@ -1,72 +0,0 @@
-# GitHub
-
-## Parameters
-
-The GitHub notification service changes commit status using [GitHub Apps](https://docs.github.com/en/developers/apps) and requires specifying the following settings:
-
-* `appID` - the app id
-* `installationID` - the app installation id
-* `privateKey` - the app private key
-* `enterpriseBaseURL` - optional URL, e.g. https://git.example.com/
-
-## Configuration
-
-1. Create a GitHub Apps using https://github.com/settings/apps/new
-2. Change repository permissions to enable write commit statuses
-![2](https://user-images.githubusercontent.com/18019529/108397381-3ca57980-725b-11eb-8d17-5b8992dc009e.png)
-3. Generate a private key, and download it automatically
-![3](https://user-images.githubusercontent.com/18019529/108397926-d4a36300-725b-11eb-83fe-74795c8c3e03.png)
-4. Install app to account
-5. Store privateKey in `argocd-notifications-secret` Secret and configure GitHub integration
-in `argocd-notifications-cm` ConfigMap
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.github: |
-    appID: <app-id>
-    installationID: <installation-id>
-    privateKey: $github-privateKey
-```
-
-```yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <secret-name>
-stringData:
-  github-privateKey: |
-    -----BEGIN RSA PRIVATE KEY-----
-    (snip)
-    -----END RSA PRIVATE KEY-----
-```
-
-6. Create subscription for your GitHub integration
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.<trigger-name>.github: ""
-```
-
-## Templates
-
-![](https://user-images.githubusercontent.com/18019529/108520497-168ce180-730e-11eb-93cb-b0b91f99bdc5.png)
-
-If the message is set to 140 characters or more, it will be truncate.
-
-```yaml
-template.app-deployed: |
-  message: |
-    Application {{.app.metadata.name}} is now running new version of deployments manifests.
-  github:
-    status:
-      state: success
-      label: "continuous-delivery/{{.app.metadata.name}}"
-      targetURL: "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
-```
--- a/docs/operator-manual/notifications/services/googlechat.md
+++ b/docs/operator-manual/notifications/services/googlechat.md
@@ -1,81 +0,0 @@
-# Google Chat
-
-## Parameters
-
-The Google Chat notification service send message notifications to a google chat webhook. This service uses the following settings:
-
-* `webhooks` - a map of the form `webhookName: webhookUrl`
-
-## Configuration
-
-1. Open `Google chat` and go to the space to which you want to send messages
-2. From the menu at the top of the page, select **Configure Webhooks**
-3. Under **Incoming Webhooks**, click **Add Webhook**
-4. Give a name to the webhook, optionally add an image and click **Save**
-5. Copy the URL next to your webhook
-6. Store the URL in `argocd-notification-secret` and declare it in `argocd-notifications-cm`
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.googlechat: |
-    webhooks:
-      spaceName: $space-webhook-url
-```
-
-```yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <secret-name>
-stringData:
-  space-webhook-url: https://chat.googleapis.com/v1/spaces/<space_id>/messages?key=<key>&token=<token>  
-```
-
-6. Create a subscription for your space
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.on-sync-succeeded.googlechat: spaceName
-```
-
-## Templates
-
-You can send [simple text](https://developers.google.com/chat/reference/message-formats/basic) or [card messages](https://developers.google.com/chat/reference/message-formats/cards) to a Google Chat space. A simple text message template can be defined as follows:
-
-```yaml
-template.app-sync-succeeded: |
-  message: The app {{ .app.metadata.name }} has succesfully synced!
-```
-
-A card message can be defined as follows:
-
-```yaml
-template.app-sync-succeeded: |
-  googlechat:
-    cards: |
-      - header:
-          title: ArgoCD Bot Notification
-        sections:
-          - widgets:
-              - textParagraph:
-                  text: The app {{ .app.metadata.name }} has succesfully synced!
-          - widgets:
-              - keyValue:
-                  topLabel: Repository
-                  content: {{ call .repo.RepoURLToHTTPS .app.spec.source.repoURL }}
-              - keyValue:
-                  topLabel: Revision
-                  content: {{ .app.spec.source.targetRevision }}
-              - keyValue:
-                  topLabel: Author
-                  content: {{ (call .repo.GetCommitMetadata .app.status.sync.revision).Author }}
-```
-
-The card message can be written in JSON too.
--- a/docs/operator-manual/notifications/services/grafana.md
+++ b/docs/operator-manual/notifications/services/grafana.md
@@ -1,45 +0,0 @@
-# Grafana
-
-To be able to create Grafana annotation with argocd-notifications you have to create an [API Key](https://grafana.com/docs/grafana/latest/http_api/auth/#create-api-key) inside your [Grafana](https://grafana.com).
-
-![sample](https://user-images.githubusercontent.com/18019529/112024976-0f106080-8b78-11eb-9658-7663305899be.png)
-
-1. Login to your Grafana instance as `admin`
-2. On the left menu, go to Configuration / API Keys
-3. Click "Add API Key" 
-4. Fill the Key with name `ArgoCD Notification`, role `Editor` and Time to Live `10y` (for example)
-5. Click on Add button
-6. Store apiKey in `argocd-notifications-secret` Secret and Copy your API Key and define it in `argocd-notifications-cm` ConfigMap
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.grafana: |
-    apiUrl: https://grafana.example.com/api
-    apiKey: $grafana-api-key
-```
-
-```yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <secret-name>
-stringData:
-  grafana-api-key: api-key
-```
-
-7. Create subscription for your Grafana integration
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.<trigger-name>.grafana: tag1|tag2 # list of tags separated with |
-```
-
-8. Change the annotations settings
-![8](https://user-images.githubusercontent.com/18019529/112022083-47fb0600-8b75-11eb-849b-d25d41925909.png)
--- a/docs/operator-manual/notifications/services/mattermost.md
+++ b/docs/operator-manual/notifications/services/mattermost.md
@@ -1,78 +0,0 @@
-# Mattermost
-
-## Parameters
-
-* `apiURL` - the server url, e.g. https://mattermost.example.com
-* `token` - the bot token
-* `insecureSkipVerify` - optional bool, true or false
-
-## Configuration
-
-1. Create a bot account and copy token after creating it
-![1](https://user-images.githubusercontent.com/18019529/111499520-62ed0500-8786-11eb-88b0-d0aade61fed4.png)
-2. Invite team
-![2](https://user-images.githubusercontent.com/18019529/111500197-1229dc00-8787-11eb-98e5-587ee36c94a9.png)
-3. Store token in `argocd-notifications-secret` Secret and configure Mattermost integration
-in `argocd-notifications-cm` ConfigMap
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.mattermost: |
-    apiURL: <api-url>
-    token: $mattermost-token
-```
-
-```yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <secret-name>
-stringData:
-  mattermost-token: token
-```
-
-4. Copy channel id
-![4](https://user-images.githubusercontent.com/18019529/111501289-333efc80-8788-11eb-9731-8353170cd73a.png)
-
-5. Create subscription for your Mattermost integration
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.<trigger-name>.mattermost: <channel-id>
-```
-
-## Templates
-
-![](https://user-images.githubusercontent.com/18019529/111502636-5fa74880-8789-11eb-97c5-5eac22c00a37.png)
-
-You can reuse the template of slack.  
-Mattermost is compatible with attachments of Slack. See [Mattermost Integration Guide](https://docs.mattermost.com/developer/message-attachments.html).
-
-```yaml
-template.app-deployed: |
-  message: |
-    Application {{.app.metadata.name}} is now running new version of deployments manifests.
-  mattermost:
-    attachments: |
-      [{
-        "title": "{{.app.metadata.name}}",
-        "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-        "color": "#18be52",
-        "fields": [{
-          "title": "Sync Status",
-          "value": "{{.app.status.sync.status}}",
-          "short": true
-        }, {
-          "title": "Repository",
-          "value": "{{.app.spec.source.repoURL}}",
-          "short": true
-        }]
-      }]
-```
--- a/docs/operator-manual/notifications/services/opsgenie.md
+++ b/docs/operator-manual/notifications/services/opsgenie.md
@@ -1,28 +0,0 @@
-# Opsgenie
-
-To be able to send notifications with argocd-notifications you have to create an [API Integration](https://docs.opsgenie.com/docs/integrations-overview) inside your [Opsgenie Team](https://docs.opsgenie.com/docs/teams).
-
-1. Login to Opsgenie at https://app.opsgenie.com or https://app.eu.opsgenie.com (if you have an account in the european union)
-2. Make sure you already have a team, if not follow this guide https://docs.opsgenie.com/docs/teams
-3. Click "Teams" in the Menu on the left
-4. Select the team that you want to notify
-5. In the teams configuration menu select "Integrations"
-6. click "Add Integration" in the top right corner
-7. Select "API" integration
-8. Give your integration a name, copy the "API key" and safe it somewhere for later
-9. Make sure the checkboxes for "Create and Update Access" and "enable" are selected, disable the other checkboxes to remove unnecessary permissions
-10. Click "Safe Integration" at the bottom
-11. Check your browser for the correct server apiURL. If it is "app.opsgenie.com" then use the us/international api url `api.opsgenie.com` in the next step, otherwise use `api.eu.opsgenie.com` (european api). 
-12. You are finished with configuring opsgenie. Now you need to configure argocd-notifications. Use the apiUrl, the team name and the apiKey to configure the opsgenie integration in the `argocd-notifications-secret` secret. 
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.opsgenie: |
-    apiUrl: <api-url>
-    apiKeys:
-      <your-team>: <integration-api-key>
-```
--- a/docs/operator-manual/notifications/services/overview.md
+++ b/docs/operator-manual/notifications/services/overview.md
@@ -1,53 +0,0 @@
-The notification services represent integration with services such as slack, email or custom webhook. Services are configured in `argocd-notifications-cm` ConfigMap
-using `service.<type>.(<custom-name>)` keys and might reference sensitive data from `argocd-notifications-secret` Secret. Following example demonstrates slack
-service configuration:
-
-```yaml
-  service.slack: |
-    token: $slack-token
-```
-
-
-The `slack` indicates that service sends slack notification; name is missing and defaults to `slack`.
-
-## Sensitive Data
-
-Sensitive data like authentication tokens should be stored in `<secret-name>` Secret and can be referenced in
-service configuration using `$<secret-key>` format. For example `$slack-token` referencing value of key `slack-token` in
-`<secret-name>` Secret.
-
-## Custom Names
-
-Service custom names allow configuring two instances of the same service type.
-
-```yaml
-  service.slack.workspace1: |
-    token: $slack-token-workspace1
-  service.slack.workspace2: |
-    token: $slack-token-workspace2
-```
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.on-sync-succeeded.workspace1: my-channel
-    notifications.argoproj.io/subscribe.on-sync-succeeded.workspace2: my-channel
-```
-
-## Service Types
-
-* [Email](./email.md)
-* [GitHub](./github.md)
-* [Slack](./slack.md)
-* [Mattermost](./mattermost.md)
-* [Opsgenie](./opsgenie.md)
-* [Grafana](./grafana.md)
-* [Webhook](./webhook.md)
-* [Telegram](./telegram.md)
-* [Teams](./teams.md)
-* [Google Chat](./googlechat.md)
-* [Rocket.Chat](./rocketchat.md)
-* [Pushover](./pushover.md)
-* [Alertmanager](./alertmanager.md)
--- a/docs/operator-manual/notifications/services/pushover.md
+++ b/docs/operator-manual/notifications/services/pushover.md
@@ -1,33 +0,0 @@
-# Pushover
-
-1. Create an app at [pushover.net](https://pushover.net/apps/build).
-2. Store the API key in `<secret-name>` Secret and define the secret name in `<config-map-name>` ConfigMap:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.pushover: |
-    token: $pushover-token
-```
-
-```yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <secret-name>
-stringData:
-  pushover-token: avtc41pn13asmra6zaiyf7dh6cgx97
-```
-
-3. Add your user key to your Application resource:
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.on-sync-succeeded.pushover: uumy8u4owy7bgkapp6mc5mvhfsvpcd
-```
--- a/docs/operator-manual/notifications/services/rocketchat.md
+++ b/docs/operator-manual/notifications/services/rocketchat.md
@@ -1,96 +0,0 @@
-# Rocket.Chat
-
-## Parameters
-
-The Rocket.Chat notification service configuration includes following settings:
-
-* `email` - the Rocker.Chat user's email
-* `password` - the Rocker.Chat user's password
-* `alias` - optional alias that should be used to post message
-* `icon` - optional message icon
-* `avatar` - optional message avatar
-* `serverUrl` - optional Rocket.Chat server url
-
-## Configuration
-
-1. Login to your RocketChat instance
-2. Go to user management
-
-![2](https://user-images.githubusercontent.com/15252187/115824993-7ccad900-a411-11eb-89de-6a0c4438ffdf.png)
-
-3. Add new user with `bot` role. Also note that `Require password change` checkbox mus be not checked
-
-![3](https://user-images.githubusercontent.com/15252187/115825174-b4d21c00-a411-11eb-8f20-cda48cea9fad.png)
-
-4. Copy username and password that you was created for bot user
-5. Create a public or private channel, or a team, for this example `my_channel`
-6. Add your bot to this channel **otherwise it won't work**
-7. Store email and password in argocd_notifications-secret Secret
- 
-```yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <secret-name>
-stringData:
-  rocketchat-email: <email>
-  rocketchat-password: <password>
-```
-
-8. Finally, use these credentials to configure the RocketChat integration in the `argocd-configmap` config map: 
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.rocketchat: |
-    email: $rocketchat-email
-    password: $rocketchat-password
-```
-
-9. Create a subscription for your Rocket.Chat integration:
-
-*Note: channel, team or user must be prefixed with # or @ elsewhere we will be interpretative destination as a room ID*
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.on-sync-succeeded.rocketchat: #my_channel
-```
-
-## Templates
-
-Notification templates can be customized with RocketChat [attachments](https://developer.rocket.chat/api/rest-api/methods/chat/postmessage#attachments-detail).
-
-*Note: Attachments structure in Rocketchat is same with Slack attachments [feature](https://api.slack.com/messaging/composing/layouts).*
-
-<!-- TODO: @sergeyshevch Need to add screenshot with RocketChat attachments -->
-
-The message attachments can be specified in `attachments` string fields under `rocketchat` field:
-
-```yaml
-template.app-sync-status: |
-  message: |
-    Application {{.app.metadata.name}} sync is {{.app.status.sync.status}}.
-    Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
-  rocketchat:
-    attachments: |
-      [{
-        "title": "{{.app.metadata.name}}",
-        "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-        "color": "#18be52",
-        "fields": [{
-          "title": "Sync Status",
-          "value": "{{.app.status.sync.status}}",
-          "short": true
-        }, {
-          "title": "Repository",
-          "value": "{{.app.spec.source.repoURL}}",
-          "short": true
-        }]
-      }]
-```
--- a/docs/operator-manual/notifications/services/slack.md
+++ b/docs/operator-manual/notifications/services/slack.md
@@ -1,149 +0,0 @@
-# Slack
-
-If you want to send message using incoming webhook, you can use [webhook](./webhook.md#send-slack).
-
-## Parameters
-
-The Slack notification service configuration includes following settings:
-
-* `token` - the app token
-* `apiURL` - optional, the server url, e.g. https://example.com/api
-* `username` - optional, the app username
-* `icon` - optional, the app icon, e.g. :robot_face: or https://example.com/image.png
-* `insecureSkipVerify` - optional bool, true or false
-
-## Configuration
-
-1. Create Slack Application using https://api.slack.com/apps?new_app=1
-![1](https://user-images.githubusercontent.com/426437/73604308-4cb0c500-4543-11ea-9092-6ca6bae21cbb.png)
-1. Once application is created navigate to `Enter OAuth & Permissions`
-![2](https://user-images.githubusercontent.com/426437/73604309-4d495b80-4543-11ea-9908-4dea403d3399.png)
-1. Click `Permissions` under `Add features and functionality` section and add `chat:write` scope. To use the optional username and icon overrides in the Slack notification service also add the `chat:write.customize` scope.
-![3](https://user-images.githubusercontent.com/426437/73604310-4d495b80-4543-11ea-8576-09cd91aea0e5.png)
-1. Scroll back to the top, click 'Install App to Workspace' button and confirm the installation.
-![4](https://user-images.githubusercontent.com/426437/73604311-4d495b80-4543-11ea-9155-9d216b20ec86.png)
-1. Once installation is completed copy the OAuth token.
-![5](https://user-images.githubusercontent.com/426437/73604312-4d495b80-4543-11ea-832b-a9d9d5e4bc29.png)
-
-1. Create a public or private channel, for this example `my_channel`
-1. Invite your slack bot to this channel **otherwise slack bot won't be able to deliver notifications to this channel**
-1. Store Oauth access token in `argocd-notifications-secret` secret
-
-    ```yaml
-    apiVersion: v1
-    kind: Secret
-    metadata:
-      name: <secret-name>
-    stringData:
-      slack-token: <Oauth-access-token>
-    ```
-
-1. Define service type slack in data section of `argocd-notifications-cm` configmap:
-service
-    ```yaml
-    apiVersion: v1
-    kind: ConfigMap
-    metadata:
-      name: <config-map-name>
-    data:
-      service.slack: |
-        token: $slack-token
-    ```
-
-1. Add annotation in application yaml file to enable notifications for specific argocd app
-
-    ```yaml
-    apiVersion: argoproj.io/v1alpha1
-    kind: Application
-    metadata:
-      annotations:
-        notifications.argoproj.io/subscribe.on-sync-succeeded.slack: my_channel
-    ```
-
-## Templates
-
-Notification templates can be customized to leverage slack message blocks and attachments
-[feature](https://api.slack.com/messaging/composing/layouts).
-
-![](https://user-images.githubusercontent.com/426437/72776856-6dcef880-3bc8-11ea-8e3b-c72df16ee8e6.png)
-
-The message blocks and attachments can be specified in `blocks` and `attachments` string fields under `slack` field:
-
-```yaml
-template.app-sync-status: |
-  message: |
-    Application {{.app.metadata.name}} sync is {{.app.status.sync.status}}.
-    Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
-  slack:
-    attachments: |
-      [{
-        "title": "{{.app.metadata.name}}",
-        "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-        "color": "#18be52",
-        "fields": [{
-          "title": "Sync Status",
-          "value": "{{.app.status.sync.status}}",
-          "short": true
-        }, {
-          "title": "Repository",
-          "value": "{{.app.spec.source.repoURL}}",
-          "short": true
-        }]
-      }]
-```
-
-The messages can be aggregated to the slack threads by grouping key which can be specified in a `groupingKey` string field under `slack` field.
-`groupingKey` is used across each template and works independently on each slack channel.
-When multiple applications will be updated at the same time or frequently, the messages in slack channel can be easily read by aggregating with git commit hash, application name, etc.
-Furthermore, the messages can be broadcast to the channel at the specific template by `notifyBroadcast` field.
-
-```yaml
-template.app-sync-status: |
-  message: |
-    Application {{.app.metadata.name}} sync is {{.app.status.sync.status}}.
-    Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
-  slack:
-    attachments: |
-      [{
-        "title": "{{.app.metadata.name}}",
-        "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-        "color": "#18be52",
-        "fields": [{
-          "title": "Sync Status",
-          "value": "{{.app.status.sync.status}}",
-          "short": true
-        }, {
-          "title": "Repository",
-          "value": "{{.app.spec.source.repoURL}}",
-          "short": true
-        }]
-      }]
-    # Aggregate the messages to the thread by git commit hash
-    groupingKey: "{{.app.status.sync.revision}}"
-    notifyBroadcast: false
-template.app-sync-failed: |
-  message: |
-    Application {{.app.metadata.name}} sync is {{.app.status.sync.status}}.
-    Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
-  slack:
-    attachments: |
-      [{
-        "title": "{{.app.metadata.name}}",
-        "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-        "color": "#ff0000",
-        "fields": [{
-          "title": "Sync Status",
-          "value": "{{.app.status.sync.status}}",
-          "short": true
-        }, {
-          "title": "Repository",
-          "value": "{{.app.spec.source.repoURL}}",
-          "short": true
-        }]
-      }]
-    # Aggregate the messages to the thread by git commit hash
-    groupingKey: "{{.app.status.sync.revision}}"
-    notifyBroadcast: true
-```
-
-The message is sent according to the `deliveryPolicy` string field under the `slack` field. The available modes are `Post` (default), `PostAndUpdate`, and `Update`. The `PostAndUpdate` and `Update` settings require `groupingKey` to be set.
--- a/docs/operator-manual/notifications/services/teams.md
+++ b/docs/operator-manual/notifications/services/teams.md
@@ -1,126 +0,0 @@
-# Teams
-
-## Parameters
-
-The Teams notification service send message notifications using Teams bot and requires specifying the following settings:
-
-* `recipientUrls` - the webhook url map, e.g. `channelName: https://example.com`
-
-## Configuration
-
-1. Open `Teams` and goto `Apps`
-2. Find `Incoming Webhook` microsoft app and click on it
-3. Press `Add to a team` -> select team and channel -> press `Set up a connector`
-4. Enter webhook name and upload image (optional)
-5. Press `Create` then copy webhook url and store it in `argocd-notifications-secret` and define it in `argocd-notifications-cm`
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.teams: |
-    recipientUrls:
-      channelName: $channel-teams-url
-```
-
-```yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: <secret-name>
-stringData:
-  channel-teams-url: https://example.com
-```
-
-6. Create subscription for your Teams integration:
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.on-sync-succeeded.teams: channelName
-```
-
-## Templates
-
-![](https://user-images.githubusercontent.com/18019529/114271500-9d2b8880-9a4c-11eb-85c1-f6935f0431d5.png)
-
-Notification templates can be customized to leverage teams message sections, facts, themeColor, summary and potentialAction [feature](https://docs.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/connectors-using).
-
-```yaml
-template.app-sync-succeeded: |
-  teams:
-    themeColor: "#000080"
-    sections: |
-      [{
-        "facts": [
-          {
-            "name": "Sync Status",
-            "value": "{{.app.status.sync.status}}"
-          },
-          {
-            "name": "Repository",
-            "value": "{{.app.spec.source.repoURL}}"
-          }
-        ]
-      }]
-    potentialAction: |-
-      [{
-        "@type":"OpenUri",
-        "name":"Operation Details",
-        "targets":[{
-          "os":"default",
-          "uri":"{{.context.argocdUrl}}/applications/{{.app.metadata.name}}?operation=true"
-        }]
-      }]
-    title: Application {{.app.metadata.name}} has been successfully synced
-    text: Application {{.app.metadata.name}} has been successfully synced at {{.app.status.operationState.finishedAt}}.
-    summary: "{{.app.metadata.name}} sync succeeded"
-```
-
-### facts field
-
-You can use `facts` field instead of `sections` field.
-
-```yaml
-template.app-sync-succeeded: |
-  teams:
-    facts: |
-      [{
-        "name": "Sync Status",
-        "value": "{{.app.status.sync.status}}"
-      },
-      {
-        "name": "Repository",
-        "value": "{{.app.spec.source.repoURL}}"
-      }]
-```
-
-### theme color field
-
-You can set theme color as hex string for the message.
-
-![](https://user-images.githubusercontent.com/1164159/114864810-0718a900-9e24-11eb-8127-8d95da9544c1.png)
-
-```yaml
-template.app-sync-succeeded: |
-  teams:
-    themeColor: "#000080"
-```
-
-### summary field
-
-You can set a summary of the message that will be shown on Notifcation & Activity Feed 
-
-![](https://user-images.githubusercontent.com/6957724/116587921-84c4d480-a94d-11eb-9da4-f365151a12e7.jpg)
-
-![](https://user-images.githubusercontent.com/6957724/116588002-99a16800-a94d-11eb-807f-8626eb53b980.jpg)
-
-```yaml
-template.app-sync-succeeded: |
-  teams:
-    summary: "Sync Succeeded"
-```
--- a/docs/operator-manual/notifications/services/telegram.md
+++ b/docs/operator-manual/notifications/services/telegram.md
@@ -1,35 +0,0 @@
-# Telegram
-
-1. Get an API token using [@Botfather](https://t.me/Botfather).
-2. Store token in `<secret-name>` Secret and configure telegram integration
-in `<config-map-name>` ConfigMap:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.telegram: |
-    token: $telegram-token
-```
-
-3. Create new Telegram [channel](https://telegram.org/blog/channels).
-4. Add your bot as an administrator.
-5. Use this channel `username` (public channel) or `chatID` (private channel) in the subscription for your Telegram integration:
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: username
-```
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.on-sync-succeeded.telegram: -1000000000000
-```
--- a/docs/operator-manual/notifications/services/webhook.md
+++ b/docs/operator-manual/notifications/services/webhook.md
@@ -1,177 +0,0 @@
-## Configuration
-
-The webhook notification service allows sending a generic HTTP request using the templatized request body and URL.
-Using Webhook you might trigger a Jenkins job, update Github commit status.
-
-Use the following steps to configure webhook:
-
-1 Register webhook in `argocd-notifications-cm` ConfigMap:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.webhook.<webhook-name>: |
-    url: https://<hostname>/<optional-path>
-    headers: #optional headers
-    - name: <header-name>
-      value: <header-value>
-    basicAuth: #optional username password
-      username: <username>
-      password: <api-key>
-```
-
-2 Define template that customizes webhook request method, path and body:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  template.github-commit-status: |
-    webhook:
-      <webhook-name>:
-        method: POST # one of: GET, POST, PUT, PATCH. Default value: GET 
-        path: <optional-path-template>
-        body: |
-          <optional-body-template>
-  trigger.<trigger-name>: |
-    - when: app.status.operationState.phase in ['Succeeded']
-      send: [github-commit-status]
-```
-
-3 Create subscription for webhook integration:
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.<trigger-name>.<webhook-name>: ""
-```
-
-## Examples
-
-### Set Github commit status
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.webhook.github: |
-    url: https://api.github.com
-    headers: #optional headers
-    - name: Authorization
-      value: token $github-token
-```
-
-2 Define template that customizes webhook request method, path and body:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.webhook.github: |
-    url: https://api.github.com
-    headers: #optional headers
-    - name: Authorization
-      value: token $github-token
-
-  template.github-commit-status: |
-    webhook:
-      github:
-        method: POST
-        path: /repos/{{call .repo.FullNameByRepoURL .app.spec.source.repoURL}}/statuses/{{.app.status.operationState.operation.sync.revision}}
-        body: |
-          {
-            {{if eq .app.status.operationState.phase "Running"}} "state": "pending"{{end}}
-            {{if eq .app.status.operationState.phase "Succeeded"}} "state": "success"{{end}}
-            {{if eq .app.status.operationState.phase "Error"}} "state": "error"{{end}}
-            {{if eq .app.status.operationState.phase "Failed"}} "state": "error"{{end}},
-            "description": "ArgoCD",
-            "target_url": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-            "context": "continuous-delivery/{{.app.metadata.name}}"
-          }
-```
-
-### Start Jenkins Job
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.webhook.jenkins: |
-    url: http://<jenkins-host>/job/<job-name>/build?token=<job-secret>
-    basicAuth:
-      username: <username>
-      password: <api-key>
-
-type: Opaque
-```
-
-### Send form-data
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.webhook.form: |
-    url: https://form.example.com
-    headers:
-    - name: Content-Type
-      value: application/x-www-form-urlencoded
-
-  template.form-data: |
-    webhook:
-      form:
-        method: POST
-        body: key1=value1&key2=value2
-```
-
-### Send Slack
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: <config-map-name>
-data:
-  service.webhook.slack_webhook: |
-    url: https://hooks.slack.com/services/xxxxx
-    headers:
-    - name: Content-Type
-      value: application/json
-
-  template.send-slack: |
-    webhook:
-      slack_webhook:
-        method: POST
-        body: |
-          {
-            "attachments": [{
-              "title": "{{.app.metadata.name}}",
-              "title_link": "{{.context.argocdUrl}}/applications/{{.app.metadata.name}}",
-              "color": "#18be52",
-              "fields": [{
-                "title": "Sync Status",
-                "value": "{{.app.status.sync.status}}",
-                "short": true
-              }, {
-                "title": "Repository",
-                "value": "{{.app.spec.source.repoURL}}",
-                "short": true
-              }]
-            }]
-          }
-```
--- a/docs/operator-manual/notifications/subscriptions.md
+++ b/docs/operator-manual/notifications/subscriptions.md
@@ -1,71 +0,0 @@
-The subscription to Argo CD application events can be defined using `notifications.argoproj.io/subscribe.<trigger>.<service>: <recipient>` annotation.
-For example, the following annotation subscribes two Slack channels to notifications about every successful synchronization of the Argo CD application:
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: my-channel1;my-channel2
-```
-
-Annotation key consists of following parts:
-
-* `on-sync-succeeded` - trigger name
-* `slack` - notification service name
-* `my-channel1;my-channel2` - a semicolon separated list of recipients
-
-You can create subscriptions for all applications of the Argo CD project by adding the same annotation to AppProject CRD:
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: AppProject
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: my-channel1;my-channel2
-```
-
-## Default Subscriptions
-
-The subscriptions might be configured globally in the `argocd-notifications-cm` ConfigMap using `subscriptions` field. The default subscriptions
-are applied to all applications. The trigger and applications might be configured using the
-`triggers` and `selector` fields:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-notifications-cm
-data:
-  # Contains centrally managed global application subscriptions
-  subscriptions: |
-    # subscription for on-sync-status-unknown trigger notifications
-    - recipients:
-      - slack:test2
-      - email:test@gmail.com
-      triggers:
-      - on-sync-status-unknown
-    # subscription restricted to applications with matching labels only
-    - recipients:
-      - slack:test3
-      selector: test=true
-      triggers:
-      - on-sync-status-unknown
-```
-
-If you want to use webhook in subscriptions, you need to store the custom name to recipients.
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-notifications-cm
-data:
-  service.webhook.<webhook-name>: |
-    (snip)
-  subscriptions: |
-    - recipients:
-      - <webhook-name>
-      triggers:
-      - on-sync-status-unknown
-```
--- a/docs/operator-manual/notifications/templates.md
+++ b/docs/operator-manual/notifications/templates.md
@@ -1,93 +0,0 @@
-The notification template is used to generate the notification content and configured in `argocd-notifications-cm` ConfigMap. The template is leveraging
-[html/template](https://golang.org/pkg/html/template/) golang package and allow to customize notification message.
-Templates are meant to be reusable and can be referenced by multiple triggers.
-
-The following template is used to notify the user about application sync status.
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-notifications-cm
-data:
-  template.my-custom-template-slack-template: |
-    message: |
-      Application {{.app.metadata.name}} sync is {{.app.status.sync.status}}.
-      Application details: {{.context.argocdUrl}}/applications/{{.app.metadata.name}}.
-```
-
-Each template has access to the following fields:
-
- `app` holds the application object.
- `context` is user defined string map and might include any string keys and values.
- `serviceType` holds the notification service type name. The field can be used to conditionally
-render service specific fields.
- `recipient` holds the recipient name.
-
-## Defining user-defined `context`
-
-It is possible to define some shared context between all notification templates by setting a top-level
-YAML document of key-value pairs, which can then be used within templates, like so:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-notifications-cm
-data:
-  context: |
-    region: east
-    environmentName: staging
-
-  template.a-slack-template-with-context: |
-    message: "Something happened in {{ .context.environmentName }} in the {{ .context.region }} data center!"
-```
-
-## Notification Service Specific Fields
-
-The `message` field of the template definition allows creating a basic notification for any notification service. You can leverage notification service-specific
-fields to create complex notifications. For example using service-specific you can add blocks and attachments for Slack, subject for Email or URL path, and body for Webhook.
-See corresponding service [documentation](services/overview.md) for more information.
-
-## Change the timezone
-
-You can change the timezone to show it as follows.
-
-1. Call time functions.
-
-```
-{{ (call .time.Parse .app.status.operationState.startedAt).Local.Format "2006-01-02T15:04:05Z07:00" }}
-```
-
-2. Set environment to container.
-
-```yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: argocd-notifications-controller
-spec:
-(snip)
-    spec:
-      containers:
-      - name: argocd-notifications-controller
-        env:
-        - name: TZ
-          value: Asia/Tokyo
-```
-
-## Functions
-
-Templates have access to the set of built-in functions:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-notifications-cm
-data:
-  template.my-custom-template-slack-template: |
-    message: "Author: {{(call .repo.GetCommitMetadata .app.status.sync.revision).Author}}"
-```
-
-{!functions.md!}
--- a/docs/operator-manual/notifications/triggers.md
+++ b/docs/operator-manual/notifications/triggers.md
@@ -1,125 +0,0 @@
-The trigger defines the condition when the notification should be sent. The definition includes name, condition
-and notification templates reference. The condition is a predicate expression that returns true if the notification
-should be sent. The trigger condition evaluation is powered by [antonmedv/expr](https://github.com/antonmedv/expr).
-The condition language syntax is described at [Language-Definition.md](https://github.com/antonmedv/expr/blob/master/docs/Language-Definition.md).
-
-The trigger is configured in `argocd-notifications-cm` ConfigMap. For example the following trigger sends a notification
-when application sync status changes to `Unknown` using the `app-sync-status` template:
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-notifications-cm
-data:
-  trigger.on-sync-status-unknown: |
-    - when: app.status.sync.status == 'Unknown'     # trigger condition
-      send: [app-sync-status, github-commit-status] # template names
-```
-
-Each condition might use several templates. Typically each template is responsible for generating a service-specific notification part.
-In the example above `app-sync-status` template "knows" how to create email and slack notification and `github-commit-status` knows how to
-generate payload for Github webhook.
-
-## Conditions Bundles
-
-Triggers are typically managed by administrators and encapsulate information about when and which notification should be sent.
-The end users just need to subscribe to the trigger and specify the notification destination. In order to improve user experience
-triggers might include multiple conditions with a different set of templates for each condition. For example, the following trigger
-covers all stages of sync status operation and use a different template for different cases:
-
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-notifications-cm
-data:
-  trigger.sync-operation-change: |
-    - when: app.status.operationState.phase in ['Succeeded']
-      send: [github-commit-status]
-    - when: app.status.operationState.phase in ['Running']
-      send: [github-commit-status]
-    - when: app.status.operationState.phase in ['Error', 'Failed']
-      send: [app-sync-failed, github-commit-status]
-```
-
-## Avoid Sending Same Notification Too Often
-
-In some cases, the trigger condition might be "flapping". The example below illustrates the problem.
-The trigger is supposed to generate a notification once when Argo CD application is successfully synchronized and healthy.
-However, the application health status might intermittently switch to `Progressing` and then back to `Healthy` so the trigger might unnecessarily generate
-multiple notifications. The `oncePer` field configures triggers to generate the notification only when the corresponding application field changes.
-The `on-deployed` trigger from the example below sends the notification only once per observed Git revision of the deployment repository.
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-notifications-cm
-data:
-  # Optional 'oncePer' property ensure that notification is sent only once per specified field value
-  # E.g. following is triggered once per sync revision
-  trigger.on-deployed: |
-    when: app.status.operationState.phase in ['Succeeded'] and app.status.health.status == 'Healthy'
-    oncePer: app.status.sync.revision
-    send: [app-sync-succeeded]
-```
-
-### oncePer
-
-The `oncePer` filed is supported like as follows.
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    example.com/version: v0.1
-```
-
-```yaml
-oncePer: app.metadata.annotations["example.com/version"]
-```
-
-## Default Triggers
-
-You can use `defaultTriggers` field instead of specifying individual triggers to the annotations.
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-notifications-cm
-data:
-  # Holds list of triggers that are used by default if trigger is not specified explicitly in the subscription
-  defaultTriggers: |
-    - on-sync-status-unknown
-
-  defaultTriggers.mattermost: |
-    - on-sync-running
-    - on-sync-succeeded
-```
-
-Specify the annotations as follows to use `defaultTriggers`. In this example, `slack` sends when `on-sync-status-unknown`, and `mattermost` sends when `on-sync-running` and `on-sync-succeeded`.
-
-```yaml
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  annotations:
-    notifications.argoproj.io/subscribe.slack: my-channel
-    notifications.argoproj.io/subscribe.mattermost: my-mattermost-channel
-```
-
-## Functions
-
-Triggers have access to the set of built-in functions.
-
-Example:
-
-```yaml
-when: time.Now().Sub(time.Parse(app.status.operationState.startedAt)).Minutes() >= 5
-```
-
-{!functions.md!}
--- a/docs/operator-manual/notifications/troubleshooting-commands.md
+++ b/docs/operator-manual/notifications/troubleshooting-commands.md
@@ -1,217 +0,0 @@
-## notifications template get
-
-Prints information about configured templates
-
-```
-notifications template get [flags]
-```
-
-### Examples
-
-```
-
-# prints all templates
-notifications template get
-# print YAML formatted app-sync-succeeded template definition
-notifications template get app-sync-succeeded -o=yaml
-
-```
-
-### Options
-
-```
-  -h, --help            help for get
-  -o, --output string   Output format. One of:json|yaml|wide|name (default "wide")
-```
-
-### Options inherited from parent commands
-
-```
-      --argocd-repo-server string       Argo CD repo server address (default "argocd-repo-server:8081")
-      --argocd-repo-server-plaintext    Use a plaintext client (non-TLS) to connect to repository server
-      --argocd-repo-server-strict-tls   Perform strict validation of TLS certificates when connecting to repo server
-      --as string                       Username to impersonate for the operation
-      --as-group stringArray            Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
-      --as-uid string                   UID to impersonate for the operation
-      --certificate-authority string    Path to a cert file for the certificate authority
-      --client-certificate string       Path to a client certificate file for TLS
-      --client-key string               Path to a client key file for TLS
-      --cluster string                  The name of the kubeconfig cluster to use
-      --config-map string               argocd-notifications-cm.yaml file path
-      --context string                  The name of the kubeconfig context to use
-      --insecure-skip-tls-verify        If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
-      --kubeconfig string               Path to a kube config. Only required if out-of-cluster
-  -n, --namespace string                If present, the namespace scope for this CLI request
-      --password string                 Password for basic authentication to the API server
-      --request-timeout string          The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-      --secret string                   argocd-notifications-secret.yaml file path. Use empty secret if provided value is ':empty'
-      --server string                   The address and port of the Kubernetes API server
-      --tls-server-name string          If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
-      --token string                    Bearer token for authentication to the API server
-      --user string                     The name of the kubeconfig user to use
-      --username string                 Username for basic authentication to the API server
-```
-
-## notifications template notify
-
-Generates notification using the specified template and send it to specified recipients
-
-```
-notifications template notify NAME RESOURCE_NAME [flags]
-```
-
-### Examples
-
-```
-
-# Trigger notification using in-cluster config map and secret
-notifications template notify app-sync-succeeded guestbook --recipient slack:my-slack-channel
-
-# Render notification render generated notification in console
-notifications template notify app-sync-succeeded guestbook
-
-```
-
-### Options
-
-```
-  -h, --help                    help for notify
-      --recipient stringArray   List of recipients (default [console:stdout])
-```
-
-### Options inherited from parent commands
-
-```
-      --argocd-repo-server string       Argo CD repo server address (default "argocd-repo-server:8081")
-      --argocd-repo-server-plaintext    Use a plaintext client (non-TLS) to connect to repository server
-      --argocd-repo-server-strict-tls   Perform strict validation of TLS certificates when connecting to repo server
-      --as string                       Username to impersonate for the operation
-      --as-group stringArray            Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
-      --as-uid string                   UID to impersonate for the operation
-      --certificate-authority string    Path to a cert file for the certificate authority
-      --client-certificate string       Path to a client certificate file for TLS
-      --client-key string               Path to a client key file for TLS
-      --cluster string                  The name of the kubeconfig cluster to use
-      --config-map string               argocd-notifications-cm.yaml file path
-      --context string                  The name of the kubeconfig context to use
-      --insecure-skip-tls-verify        If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
-      --kubeconfig string               Path to a kube config. Only required if out-of-cluster
-  -n, --namespace string                If present, the namespace scope for this CLI request
-      --password string                 Password for basic authentication to the API server
-      --request-timeout string          The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-      --secret string                   argocd-notifications-secret.yaml file path. Use empty secret if provided value is ':empty'
-      --server string                   The address and port of the Kubernetes API server
-      --tls-server-name string          If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
-      --token string                    Bearer token for authentication to the API server
-      --user string                     The name of the kubeconfig user to use
-      --username string                 Username for basic authentication to the API server
-```
-
-## notifications trigger get
-
-Prints information about configured triggers
-
-```
-notifications trigger get [flags]
-```
-
-### Examples
-
-```
-
-# prints all triggers
-notifications trigger get
-# print YAML formatted on-sync-failed trigger definition
-notifications trigger get on-sync-failed -o=yaml
-
-```
-
-### Options
-
-```
-  -h, --help            help for get
-  -o, --output string   Output format. One of:json|yaml|wide|name (default "wide")
-```
-
-### Options inherited from parent commands
-
-```
-      --argocd-repo-server string       Argo CD repo server address (default "argocd-repo-server:8081")
-      --argocd-repo-server-plaintext    Use a plaintext client (non-TLS) to connect to repository server
-      --argocd-repo-server-strict-tls   Perform strict validation of TLS certificates when connecting to repo server
-      --as string                       Username to impersonate for the operation
-      --as-group stringArray            Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
-      --as-uid string                   UID to impersonate for the operation
-      --certificate-authority string    Path to a cert file for the certificate authority
-      --client-certificate string       Path to a client certificate file for TLS
-      --client-key string               Path to a client key file for TLS
-      --cluster string                  The name of the kubeconfig cluster to use
-      --config-map string               argocd-notifications-cm.yaml file path
-      --context string                  The name of the kubeconfig context to use
-      --insecure-skip-tls-verify        If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
-      --kubeconfig string               Path to a kube config. Only required if out-of-cluster
-  -n, --namespace string                If present, the namespace scope for this CLI request
-      --password string                 Password for basic authentication to the API server
-      --request-timeout string          The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-      --secret string                   argocd-notifications-secret.yaml file path. Use empty secret if provided value is ':empty'
-      --server string                   The address and port of the Kubernetes API server
-      --tls-server-name string          If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
-      --token string                    Bearer token for authentication to the API server
-      --user string                     The name of the kubeconfig user to use
-      --username string                 Username for basic authentication to the API server
-```
-
-## notifications trigger run
-
-Evaluates specified trigger condition and prints the result
-
-```
-notifications trigger run NAME RESOURCE_NAME [flags]
-```
-
-### Examples
-
-```
-
-# Execute trigger configured in 'argocd-notification-cm' ConfigMap
-notifications trigger run on-sync-status-unknown ./sample-app.yaml
-
-# Execute trigger using my-config-map.yaml instead of 'argocd-notifications-cm' ConfigMap
-notifications trigger run on-sync-status-unknown ./sample-app.yaml \
-    --config-map ./my-config-map.yaml
-```
-
-### Options
-
-```
-  -h, --help   help for run
-```
-
-### Options inherited from parent commands
-
-```
-      --argocd-repo-server string       Argo CD repo server address (default "argocd-repo-server:8081")
-      --argocd-repo-server-plaintext    Use a plaintext client (non-TLS) to connect to repository server
-      --argocd-repo-server-strict-tls   Perform strict validation of TLS certificates when connecting to repo server
-      --as string                       Username to impersonate for the operation
-      --as-group stringArray            Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
-      --as-uid string                   UID to impersonate for the operation
-      --certificate-authority string    Path to a cert file for the certificate authority
-      --client-certificate string       Path to a client certificate file for TLS
-      --client-key string               Path to a client key file for TLS
-      --cluster string                  The name of the kubeconfig cluster to use
-      --config-map string               argocd-notifications-cm.yaml file path
-      --context string                  The name of the kubeconfig context to use
-      --insecure-skip-tls-verify        If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
-      --kubeconfig string               Path to a kube config. Only required if out-of-cluster
-  -n, --namespace string                If present, the namespace scope for this CLI request
-      --password string                 Password for basic authentication to the API server
-      --request-timeout string          The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-      --secret string                   argocd-notifications-secret.yaml file path. Use empty secret if provided value is ':empty'
-      --server string                   The address and port of the Kubernetes API server
-      --tls-server-name string          If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
-      --token string                    Bearer token for authentication to the API server
-      --user string                     The name of the kubeconfig user to use
-      --username string                 Username for basic authentication to the API server
-```
-
--- a/docs/operator-manual/notifications/troubleshooting-errors.md
+++ b/docs/operator-manual/notifications/troubleshooting-errors.md
@@ -1,41 +0,0 @@
-## Failed to parse new settings
-
-### error converting YAML to JSON
-
-YAML syntax is incorrect.
-
-**incorrect:**
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-notifications-cm
-data:
-  service.slack: |
-    token: $slack-token
-    icon: :rocket:
-```
-
-**correct:**
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: argocd-notifications-cm
-data:
-  service.slack: |
-    token: $slack-token
-    icon: ":rocket:"
-```
-
-### service type 'xxxx' is not supported
-
-You need to check your argocd-notifications controller version. For instance, the teams integration is to support `v1.1.0` and more.
-
-## Failed to notify recipient
-
-### notification service 'xxxx' is not supported"
-
-You have not defined `xxxx` in `argocd-notifications-cm` or to fail to parse settings.
--- a/docs/operator-manual/notifications/troubleshooting.md
+++ b/docs/operator-manual/notifications/troubleshooting.md
@@ -1,79 +0,0 @@
-## Troubleshooting
-
-The `argocd-notifications` binary includes a set of CLI commands that helps to configure the controller
-settings and troubleshoot issues.
-
-## Global flags
-Following global flags are available for all sub-commands:
-
-* `config-map` - path to the file containing `argocd-notifications-cm` ConfigMap. If not specified
-then the command loads `argocd-notification-cm` ConfigMap using the local Kubernetes config file.
-* `secret` - path to the file containing `argocd-notifications-secret` ConfigMap. If not
-specified then the command loads `argocd-notification-secret` Secret using the local Kubernetes config file.
-Additionally, you can specify `:empty` value to use empty secret with no notification service settings. 
-
-**Examples:**
-
-* Get list of triggers configured in the local config map:
-
-```bash
-argocd-notifications trigger get \
-  --config-map ./argocd-notifications-cm.yaml --secret :empty
-```
-
-* Trigger notification using in-cluster config map and secret:
-
-```bash
-argocd-notifications template notify \
-  app-sync-succeeded guestbook --recipient slack:argocd-notifications
-```
-
-## Kustomize
-
-If you are managing `argocd-notifications` config using Kustomize you can pipe whole `kustomize build` output
-into stdin using `--config-map -` flag:
-
-```bash
-kustomize build ./argocd-notifications | \
-  argocd-notifications \
-  template notify app-sync-succeeded guestbook --recipient grafana:argocd \
-  --config-map -
-```
-
-## How to get it
-
-### On your laptop
-
-You can download `argocd-notifications` from the github [release](https://github.com/argoproj-labs/argocd-notifications/releases)
-attachments.
-
-The binary is available in `argoprojlabs/argocd-notifications` image. Use the `docker run` and volume mount
-to execute binary on any platform. 
-
-**Example:**
-
-```bash
-docker run --rm -it -w /src -v $(pwd):/src \
-  argoprojlabs/argocd-notifications:<version> \
-  /app/argocd-notifications trigger get \
-  --config-map ./argocd-notifications-cm.yaml --secret :empty
-```
-
-### In your cluster
-
-SSH into the running `argocd-notifications-controller` pod and use `kubectl exec` command to validate in-cluster
-configuration.
-
-**Example**
-```bash
-kubectl exec -it argocd-notifications-controller-<pod-hash> \
-  /app/argocd-notifications trigger get
-```
-
-## Commands
-
-{!troubleshooting-commands.md!}
-
-## Errors
-
-{!troubleshooting-errors.md!}
--- a/docs/operator-manual/rbac.md
+++ b/docs/operator-manual/rbac.md
@@ -39,6 +39,10 @@ configures a custom role, named `org-admin`. The role is assigned to any user wh
 `your-github-org:your-team` group. All other users get the default policy of `role:readonly`,
 which cannot modify Argo CD settings.

+!!! warning
+    All authenticated users get _at least_ the permissions granted by the default policy. This access cannot be blocked 
+    by a `deny` rule. Instead, restrict the default policy and then grant permissions to individual roles as needed.
+
 *ArgoCD ConfigMap `argocd-rbac-cm` Example:*

 ```yaml
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .3.7
 .2.16