mirror of
https://github.com/argoproj/argo-cd.git
synced 2026-03-06 16:38:46 +01:00
c2e594c5f5
Signed-off-by: Valentin Stoican <vstoican@ripe.net> Co-authored-by: Valentin Stoican <vstoican@ripe.net>
141 lines
4.3 KiB
YAML
141 lines
4.3 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: argocd-commit-server
|
|
app.kubernetes.io/part-of: argocd
|
|
app.kubernetes.io/component: commit-server
|
|
name: argocd-commit-server
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: argocd-commit-server
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: argocd-commit-server
|
|
spec:
|
|
serviceAccountName: argocd-commit-server
|
|
automountServiceAccountToken: false
|
|
containers:
|
|
- name: argocd-commit-server
|
|
image: quay.io/argoproj/argocd:latest
|
|
imagePullPolicy: Always
|
|
args:
|
|
- /usr/local/bin/argocd-commit-server
|
|
env:
|
|
- name: GRPC_ENABLE_TXT_SERVICE_CONFIG
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: commitserver.grpc.enable.txt.service.config
|
|
optional: true
|
|
- name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: commitserver.listen.address
|
|
optional: true
|
|
- name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: commitserver.metrics.listen.address
|
|
optional: true
|
|
- name: ARGOCD_COMMIT_SERVER_LOGFORMAT
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: commitserver.log.format
|
|
optional: true
|
|
- name: ARGOCD_COMMIT_SERVER_LOGLEVEL
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: commitserver.log.level
|
|
optional: true
|
|
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: argocd-cmd-params-cm
|
|
key: log.format.timestamp
|
|
optional: true
|
|
ports:
|
|
- containerPort: 8086
|
|
- containerPort: 8087
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz?full=true
|
|
port: 8087
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 30
|
|
failureThreshold: 3
|
|
timeoutSeconds: 5
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8087
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
readOnlyRootFilesystem: true
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
seccompProfile:
|
|
type: RuntimeDefault
|
|
volumeMounts:
|
|
- name: ssh-known-hosts
|
|
mountPath: /app/config/ssh
|
|
- name: tls-certs
|
|
mountPath: /app/config/tls
|
|
- name: gpg-keys
|
|
mountPath: /app/config/gpg/source
|
|
- name: gpg-keyring
|
|
mountPath: /app/config/gpg/keys
|
|
# We need a writeable temp directory for the askpass socket file.
|
|
- name: tmp
|
|
mountPath: /tmp
|
|
volumes:
|
|
- name: ssh-known-hosts
|
|
configMap:
|
|
name: argocd-ssh-known-hosts-cm
|
|
- name: tls-certs
|
|
configMap:
|
|
name: argocd-tls-certs-cm
|
|
- name: gpg-keys
|
|
configMap:
|
|
name: argocd-gpg-keys-cm
|
|
- name: gpg-keyring
|
|
emptyDir: {}
|
|
- name: tmp
|
|
emptyDir: {}
|
|
- name: argocd-commit-server-tls
|
|
secret:
|
|
secretName: argocd-commit-server-tls
|
|
optional: true
|
|
items:
|
|
- key: tls.crt
|
|
path: tls.crt
|
|
- key: tls.key
|
|
path: tls.key
|
|
- key: ca.crt
|
|
path: ca.crt
|
|
affinity:
|
|
podAntiAffinity:
|
|
preferredDuringSchedulingIgnoredDuringExecution:
|
|
- weight: 100
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: argocd-commit-server
|
|
topologyKey: kubernetes.io/hostname
|
|
- weight: 5
|
|
podAffinityTerm:
|
|
labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/part-of: argocd
|
|
topologyKey: kubernetes.io/hostname
|