marcel/argo-cd
1
0
Fork 0
mirror of https://github.com/argoproj/argo-cd.git synced 2026-02-20 01:28:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
argo-cd/manifests/namespace-install-with-hydrator.yaml
S Kevin Joe Harris b0b9658e04 chore(deps): Bump dex from v2.43.0 to v2.44.0 (#26448) 
Signed-off-by: Kevin Joe Harris <kevinjoeharris1@gmail.com>
2026-02-15 11:00:45 +02:00

2996 lines
91 KiB
YAML
Generated
Raw Permalink Blame History

# This is an auto-generated file. DO NOT EDIT
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: applicationset-controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd
name: argocd-applicationset-controller
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: commit-server
app.kubernetes.io/name: argocd-commit-server
app.kubernetes.io/part-of: argocd
name: argocd-commit-server
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/part-of: argocd
name: argocd-notifications-controller
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis
app.kubernetes.io/part-of: argocd
name: argocd-redis
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
name: argocd-repo-server
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- appprojects
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- list
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: applicationset-controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd
name: argocd-applicationset-controller
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- applicationsets
- applicationsets/finalizers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- argoproj.io
resources:
- appprojects
verbs:
- get
- list
- watch
- apiGroups:
- argoproj.io
resources:
- applicationsets/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- 58ac56fa.applicationsets.argoproj.io
resources:
- leases
verbs:
- get
- update
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/part-of: argocd
name: argocd-notifications-controller
rules:
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
verbs:
- get
- list
- watch
- update
- patch
- apiGroups:
- ""
resources:
- configmaps
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resourceNames:
- argocd-notifications-cm
resources:
- configmaps
verbs:
- get
- apiGroups:
- ""
resourceNames:
- argocd-notifications-secret
resources:
- secrets
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis
app.kubernetes.io/part-of: argocd
name: argocd-redis
rules:
- apiGroups:
- ""
resourceNames:
- argocd-redis
resources:
- secrets
verbs:
- get
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- create
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- argoproj.io
resources:
- applications
- appprojects
- applicationsets
verbs:
- create
- get
- list
- watch
- update
- delete
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-application-controller
subjects:
- kind: ServiceAccount
name: argocd-application-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: applicationset-controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd
name: argocd-applicationset-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-applicationset-controller
subjects:
- kind: ServiceAccount
name: argocd-applicationset-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-dex-server
subjects:
- kind: ServiceAccount
name: argocd-dex-server
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/part-of: argocd
name: argocd-notifications-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-notifications-controller
subjects:
- kind: ServiceAccount
name: argocd-notifications-controller
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis
app.kubernetes.io/part-of: argocd
name: argocd-redis
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-redis
subjects:
- kind: ServiceAccount
name: argocd-redis
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: argocd-server
subjects:
- kind: ServiceAccount
name: argocd-server
---
apiVersion: v1
data:
resource.customizations.ignoreResourceUpdates.ConfigMap: |
jqPathExpressions:
# Ignore the cluster-autoscaler status
- '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"'
# Ignore the annotation of the legacy Leases election
- '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"'
resource.customizations.ignoreResourceUpdates.Endpoints: |
jsonPointers:
- /metadata
- /subsets
resource.customizations.ignoreResourceUpdates.all: |
jsonPointers:
- /status
resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: |
jqPathExpressions:
- '.metadata.annotations."deployment.kubernetes.io/desired-replicas"'
- '.metadata.annotations."deployment.kubernetes.io/max-replicas"'
- '.metadata.annotations."rollout.argoproj.io/desired-replicas"'
resource.customizations.ignoreResourceUpdates.argoproj.io_Application: |
jqPathExpressions:
- '.metadata.annotations."notified.notifications.argoproj.io"'
- '.metadata.annotations."argocd.argoproj.io/refresh"'
- '.metadata.annotations."argocd.argoproj.io/hydrate"'
- '.operation'
resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: |
jqPathExpressions:
- '.metadata.annotations."notified.notifications.argoproj.io"'
resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: |
jqPathExpressions:
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"'
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"'
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"'
- '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"'
resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: |
jsonPointers:
- /metadata
- /endpoints
- /ports
resource.exclusions: |
### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter
- apiGroups:
- ''
- discovery.k8s.io
kinds:
- Endpoints
- EndpointSlice
### Internal Kubernetes resources excluded reduce the number of watched events
- apiGroups:
- coordination.k8s.io
kinds:
- Lease
### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events
- apiGroups:
- authentication.k8s.io
- authorization.k8s.io
kinds:
- SelfSubjectReview
- TokenReview
- LocalSubjectAccessReview
- SelfSubjectAccessReview
- SelfSubjectRulesReview
- SubjectAccessReview
### Intermediate Certificate Request excluded reduce the number of watched events
- apiGroups:
- certificates.k8s.io
kinds:
- CertificateSigningRequest
- apiGroups:
- cert-manager.io
kinds:
- CertificateRequest
### Cilium internal resources excluded reduce the number of watched events and UI Clutter
- apiGroups:
- cilium.io
kinds:
- CiliumIdentity
- CiliumEndpoint
- CiliumEndpointSlice
### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance
- apiGroups:
- kyverno.io
- reports.kyverno.io
- wgpolicyk8s.io
kinds:
- PolicyReport
- ClusterPolicyReport
- EphemeralReport
- ClusterEphemeralReport
- AdmissionReport
- ClusterAdmissionReport
- BackgroundScanReport
- ClusterBackgroundScanReport
- UpdateRequest
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-cm
app.kubernetes.io/part-of: argocd
name: argocd-cm
---
apiVersion: v1
data:
hydrator.enabled: "true"
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-cmd-params-cm
app.kubernetes.io/part-of: argocd
name: argocd-cmd-params-cm
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-gpg-keys-cm
app.kubernetes.io/part-of: argocd
name: argocd-gpg-keys-cm
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/part-of: argocd
name: argocd-notifications-cm
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-rbac-cm
app.kubernetes.io/part-of: argocd
name: argocd-rbac-cm
---
apiVersion: v1
data:
ssh_known_hosts: |
# This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT
[ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
[ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE=
bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO
bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M=
github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=
gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-ssh-known-hosts-cm
app.kubernetes.io/part-of: argocd
name: argocd-ssh-known-hosts-cm
---
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: argocd-tls-certs-cm
app.kubernetes.io/part-of: argocd
name: argocd-tls-certs-cm
---
apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/part-of: argocd
name: argocd-notifications-secret
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
labels:
app.kubernetes.io/name: argocd-secret
app.kubernetes.io/part-of: argocd
name: argocd-secret
type: Opaque
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: applicationset-controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd
name: argocd-applicationset-controller
spec:
ports:
- name: webhook
port: 7000
protocol: TCP
targetPort: webhook
- name: metrics
port: 8080
protocol: TCP
targetPort: metrics
selector:
app.kubernetes.io/name: argocd-applicationset-controller
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: commit-server
app.kubernetes.io/name: argocd-commit-server
app.kubernetes.io/part-of: argocd
name: argocd-commit-server
spec:
ports:
- name: server
port: 8086
protocol: TCP
targetPort: 8086
- name: metrics
port: 8087
protocol: TCP
targetPort: 8087
selector:
app.kubernetes.io/name: argocd-commit-server
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
spec:
ports:
- appProtocol: TCP
name: http
port: 5556
protocol: TCP
targetPort: 5556
- name: grpc
port: 5557
protocol: TCP
targetPort: 5557
- name: metrics
port: 5558
protocol: TCP
targetPort: 5558
selector:
app.kubernetes.io/name: argocd-dex-server
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: metrics
app.kubernetes.io/name: argocd-metrics
app.kubernetes.io/part-of: argocd
name: argocd-metrics
spec:
ports:
- name: metrics
port: 8082
protocol: TCP
targetPort: 8082
selector:
app.kubernetes.io/name: argocd-application-controller
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller-metrics
app.kubernetes.io/part-of: argocd
name: argocd-notifications-controller-metrics
spec:
ports:
- name: metrics
port: 9001
protocol: TCP
targetPort: 9001
selector:
app.kubernetes.io/name: argocd-notifications-controller
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis
app.kubernetes.io/part-of: argocd
name: argocd-redis
spec:
ports:
- name: tcp-redis
port: 6379
targetPort: 6379
selector:
app.kubernetes.io/name: argocd-redis
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
name: argocd-repo-server
spec:
ports:
- name: server
port: 8081
protocol: TCP
targetPort: 8081
- name: metrics
port: 8084
protocol: TCP
targetPort: 8084
selector:
app.kubernetes.io/name: argocd-repo-server
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
spec:
ports:
- name: http
port: 80
protocol: TCP
targetPort: 8080
- name: https
port: 443
protocol: TCP
targetPort: 8080
selector:
app.kubernetes.io/name: argocd-server
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server-metrics
app.kubernetes.io/part-of: argocd
name: argocd-server-metrics
spec:
ports:
- name: metrics
port: 8083
protocol: TCP
targetPort: 8083
selector:
app.kubernetes.io/name: argocd-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: applicationset-controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd
name: argocd-applicationset-controller
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-applicationset-controller
template:
metadata:
labels:
app.kubernetes.io/name: argocd-applicationset-controller
spec:
containers:
- args:
- /usr/local/bin/argocd-applicationset-controller
env:
- name: GRPC_ENABLE_TXT_SERVICE_CONFIG
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.grpc.enable.txt.service.config
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.global.preserved.annotations
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.global.preserved.labels
name: argocd-cmd-params-cm
optional: true
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.leader.election
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER
valueFrom:
configMapKeyRef:
key: repo.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.policy
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.policy.override
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.debug
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
key: log.format.timestamp
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_CLIENT_QPS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.k8s.client.qps
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_CLIENT_BURST
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.k8s.client.burst
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_CLIENT_MAX_IDLE_CONNECTIONS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.k8s.client.max.idle.connections
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_TCP_TIMEOUT
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.k8s.tcp.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_TCP_KEEPALIVE
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.k8s.tcp.keepalive
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_TLS_HANDSHAKE_TIMEOUT
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.k8s.tls.handshake.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_TCP_IDLE_TIMEOUT
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.k8s.tcp.idle.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.dryrun
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.progressive.syncs
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.tokenref.strict.mode
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.new.git.file.globbing
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.repo.server.strict.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.repo.server.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.concurrent.reconciliations.max
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.namespaces
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.scm.root.ca.path
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.allowed.scm.providers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.scm.providers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.github.api.metrics
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.webhook.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.requeue.after
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_MAX_RESOURCES_STATUS_COUNT
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.status.max.resources.count
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
name: argocd-applicationset-controller
ports:
- containerPort: 7000
name: webhook
- containerPort: 8080
name: metrics
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /tmp
name: tmp
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /home/argocd/params
name: argocd-cmd-params-cm
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: argocd-applicationset-controller
volumes:
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- configMap:
name: argocd-gpg-keys-cm
name: gpg-keys
- emptyDir: {}
name: gpg-keyring
- emptyDir: {}
name: tmp
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- configMap:
items:
- key: applicationsetcontroller.profile.enabled
path: profiler.enabled
name: argocd-cmd-params-cm
optional: true
name: argocd-cmd-params-cm
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: commit-server
app.kubernetes.io/name: argocd-commit-server
app.kubernetes.io/part-of: argocd
name: argocd-commit-server
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-commit-server
template:
metadata:
labels:
app.kubernetes.io/name: argocd-commit-server
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-commit-server
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
automountServiceAccountToken: false
containers:
- args:
- /usr/local/bin/argocd-commit-server
env:
- name: GRPC_ENABLE_TXT_SERVICE_CONFIG
valueFrom:
configMapKeyRef:
key: commitserver.grpc.enable.txt.service.config
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
key: commitserver.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
key: commitserver.metrics.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_COMMIT_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: commitserver.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_COMMIT_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: commitserver.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
key: log.format.timestamp
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz?full=true
port: 8087
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 5
name: argocd-commit-server
ports:
- containerPort: 8086
- containerPort: 8087
readinessProbe:
httpGet:
path: /healthz
port: 8087
initialDelaySeconds: 5
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /tmp
name: tmp
serviceAccountName: argocd-commit-server
volumes:
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- configMap:
name: argocd-gpg-keys-cm
name: gpg-keys
- emptyDir: {}
name: gpg-keyring
- emptyDir: {}
name: tmp
- name: argocd-commit-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-commit-server-tls
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-dex-server
template:
metadata:
labels:
app.kubernetes.io/name: argocd-dex-server
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
containers:
- command:
- /shared/argocd-dex
- rundex
env:
- name: ARGOCD_DEX_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: dexserver.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEX_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: dexserver.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
key: log.format.timestamp
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEX_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
key: dexserver.disable.tls
name: argocd-cmd-params-cm
optional: true
image: ghcr.io/dexidp/dex:v2.44.0
imagePullPolicy: Always
name: dex
ports:
- containerPort: 5556
- containerPort: 5557
- containerPort: 5558
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /shared
name: static-files
- mountPath: /tmp
name: dexconfig
- mountPath: /tls
name: argocd-dex-server-tls
initContainers:
- command:
- /bin/cp
- -n
- /usr/local/bin/argocd
- /shared/argocd-dex
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
name: copyutil
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /shared
name: static-files
- mountPath: /tmp
name: dexconfig
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: argocd-dex-server
volumes:
- emptyDir: {}
name: static-files
- emptyDir: {}
name: dexconfig
- name: argocd-dex-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-dex-server-tls
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/part-of: argocd
name: argocd-notifications-controller
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-notifications-controller
strategy:
type: Recreate
template:
metadata:
labels:
app.kubernetes.io/name: argocd-notifications-controller
spec:
containers:
- args:
- /usr/local/bin/argocd-notifications
env:
- name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: notificationscontroller.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: notificationscontroller.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
key: log.format.timestamp
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED
valueFrom:
configMapKeyRef:
key: notificationscontroller.selfservice.enabled
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
key: notificationscontroller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
livenessProbe:
tcpSocket:
port: 9001
name: argocd-notifications-controller
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
volumeMounts:
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
workingDir: /app
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: argocd-notifications-controller
volumes:
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis
app.kubernetes.io/part-of: argocd
name: argocd-redis
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-redis
template:
metadata:
labels:
app.kubernetes.io/name: argocd-redis
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
containers:
- args:
- --save
- ""
- --appendonly
- "no"
- --requirepass $(REDIS_PASSWORD)
env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: auth
name: argocd-redis
image: public.ecr.aws/docker/library/redis:8.2.3-alpine
imagePullPolicy: Always
name: redis
ports:
- containerPort: 6379
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
initContainers:
- command:
- argocd
- admin
- redis-initial-password
image: quay.io/argoproj/argocd:latest
imagePullPolicy: IfNotPresent
name: secret-init
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsNonRoot: true
runAsUser: 999
seccompProfile:
type: RuntimeDefault
serviceAccountName: argocd-redis
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
name: argocd-repo-server
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
template:
metadata:
labels:
app.kubernetes.io/name: argocd-repo-server
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
automountServiceAccountToken: false
containers:
- args:
- /usr/local/bin/argocd-repo-server
env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: auth
name: argocd-redis
- name: GRPC_ENABLE_TXT_SERVICE_CONFIG
valueFrom:
configMapKeyRef:
key: reposerver.grpc.enable.txt.service.config
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.reconciliation
name: argocd-cm
optional: true
- name: ARGOCD_REPO_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: reposerver.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: reposerver.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
key: log.format.timestamp
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: reposerver.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
key: reposerver.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS
valueFrom:
configMapKeyRef:
key: reposerver.metrics.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
key: reposerver.disable.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
key: reposerver.tls.minversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MAX_VERSION
valueFrom:
configMapKeyRef:
key: reposerver.tls.maxversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_CIPHERS
valueFrom:
configMapKeyRef:
key: reposerver.tls.ciphers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: reposerver.repo.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
key: redis.server
name: argocd-cmd-params-cm
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
key: redis.compression
name: argocd-cmd-params-cm
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
key: redis.db
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: reposerver.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_INSECURE
valueFrom:
configMapKeyRef:
key: otlp.insecure
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_HEADERS
valueFrom:
configMapKeyRef:
key: otlp.headers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_ATTRS
valueFrom:
configMapKeyRef:
key: otlp.attrs
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.max.combined.directory.manifests.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
valueFrom:
configMapKeyRef:
key: reposerver.plugin.tar.exclusions
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS
valueFrom:
configMapKeyRef:
key: reposerver.plugin.use.manifest.generate.paths
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
valueFrom:
configMapKeyRef:
key: reposerver.allow.oob.symlinks
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.tar.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.disable.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.oci.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.disable.oci.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES
valueFrom:
configMapKeyRef:
key: reposerver.oci.layer.media.types
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
valueFrom:
configMapKeyRef:
key: reposerver.revision.cache.lock.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: reposerver.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: reposerver.git.lsremote.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_REQUEST_TIMEOUT
valueFrom:
configMapKeyRef:
key: reposerver.git.request.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_ENABLE_BUILTIN_GIT_CONFIG
valueFrom:
configMapKeyRef:
key: reposerver.enable.builtin.git.config
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GRPC_MAX_SIZE_MB
valueFrom:
configMapKeyRef:
key: reposerver.grpc.max.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES
valueFrom:
configMapKeyRef:
key: reposerver.include.hidden.directories
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_HELM_USER_AGENT
valueFrom:
configMapKeyRef:
key: reposerver.helm.user.agent
name: argocd-cmd-params-cm
optional: true
- name: HELM_CACHE_HOME
value: /helm-working-dir
- name: HELM_CONFIG_HOME
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz?full=true
port: 8084
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 5
name: argocd-repo-server
ports:
- containerPort: 8081
- containerPort: 8084
readinessProbe:
httpGet:
path: /healthz
port: 8084
initialDelaySeconds: 5
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /tmp
name: tmp
- mountPath: /helm-working-dir
name: helm-working-dir
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
initContainers:
- args:
- /bin/cp --update=none /usr/local/bin/argocd /var/run/argocd/argocd && /bin/ln
-s /var/run/argocd/argocd /var/run/argocd/argocd-cmp-server
command:
- sh
- -c
image: quay.io/argoproj/argocd:latest
name: copyutil
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: argocd-repo-server
volumes:
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- configMap:
name: argocd-gpg-keys-cm
name: gpg-keys
- emptyDir: {}
name: gpg-keyring
- emptyDir: {}
name: tmp
- emptyDir: {}
name: helm-working-dir
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- emptyDir: {}
name: var-files
- emptyDir: {}
name: plugins
- configMap:
items:
- key: reposerver.profile.enabled
path: profiler.enabled
name: argocd-cmd-params-cm
optional: true
name: argocd-cmd-params-cm
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server
spec:
selector:
matchLabels:
app.kubernetes.io/name: argocd-server
template:
metadata:
labels:
app.kubernetes.io/name: argocd-server
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
containers:
- args:
- /usr/local/bin/argocd-server
env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: auth
name: argocd-redis
- name: GRPC_ENABLE_TXT_SERVICE_CONFIG
valueFrom:
configMapKeyRef:
key: server.grpc.enable.txt.service.config
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_INSECURE
valueFrom:
configMapKeyRef:
key: server.insecure
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_BASEHREF
valueFrom:
configMapKeyRef:
key: server.basehref
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_ROOTPATH
valueFrom:
configMapKeyRef:
key: server.rootpath
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: server.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_LOG_LEVEL
valueFrom:
configMapKeyRef:
key: server.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_CLIENT_QPS
valueFrom:
configMapKeyRef:
key: server.k8s.client.qps
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_CLIENT_BURST
valueFrom:
configMapKeyRef:
key: server.k8s.client.burst
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_CLIENT_MAX_IDLE_CONNECTIONS
valueFrom:
configMapKeyRef:
key: server.k8s.client.max.idle.connections
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_TCP_TIMEOUT
valueFrom:
configMapKeyRef:
key: server.k8s.tcp.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_TCP_KEEPALIVE
valueFrom:
configMapKeyRef:
key: server.k8s.tcp.keepalive
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_TLS_HANDSHAKE_TIMEOUT
valueFrom:
configMapKeyRef:
key: server.k8s.tls.handshake.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_TCP_IDLE_TIMEOUT
valueFrom:
configMapKeyRef:
key: server.k8s.tcp.idle.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_REPO_SERVER
valueFrom:
configMapKeyRef:
key: repo.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_DEX_SERVER
valueFrom:
configMapKeyRef:
key: server.dex.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_DISABLE_AUTH
valueFrom:
configMapKeyRef:
key: server.disable.auth
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_ENABLE_GZIP
valueFrom:
configMapKeyRef:
key: server.enable.gzip
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
key: server.repo.server.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_X_FRAME_OPTIONS
valueFrom:
configMapKeyRef:
key: server.x.frame.options
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY
valueFrom:
configMapKeyRef:
key: server.content.security.policy
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
key: server.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
key: server.repo.server.strict.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
key: server.dex.server.plaintext
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
key: server.dex.server.strict.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
key: server.tls.minversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MAX_VERSION
valueFrom:
configMapKeyRef:
key: server.tls.maxversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_CIPHERS
valueFrom:
configMapKeyRef:
key: server.tls.ciphers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: server.connection.status.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: server.oidc.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_STATIC_ASSETS
valueFrom:
configMapKeyRef:
key: server.staticassets
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: server.app.state.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
key: redis.server
name: argocd-cmd-params-cm
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
key: redis.compression
name: argocd-cmd-params-cm
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
key: redis.db
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: server.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_MAX_COOKIE_NUMBER
valueFrom:
configMapKeyRef:
key: server.http.cookie.maxnumber
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
key: server.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
key: server.metrics.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_OTLP_INSECURE
valueFrom:
configMapKeyRef:
key: otlp.insecure
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_OTLP_HEADERS
valueFrom:
configMapKeyRef:
key: otlp.headers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_OTLP_ATTRS
valueFrom:
configMapKeyRef:
key: otlp.attrs
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION
valueFrom:
configMapKeyRef:
key: server.enable.proxy.extension
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8SCLIENT_RETRY_MAX
valueFrom:
configMapKeyRef:
key: server.k8sclient.retry.max
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
valueFrom:
configMapKeyRef:
key: server.k8sclient.retry.base.backoff
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_API_CONTENT_TYPES
valueFrom:
configMapKeyRef:
key: server.api.content.types
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: server.webhook.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.new.git.file.globbing
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.scm.root.ca.path
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.allowed.scm.providers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.scm.providers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS
valueFrom:
configMapKeyRef:
key: applicationsetcontroller.enable.github.api.metrics
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_HYDRATOR_ENABLED
valueFrom:
configMapKeyRef:
key: hydrator.enabled
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SYNC_WITH_REPLACE_ALLOWED
valueFrom:
configMapKeyRef:
key: server.sync.replace.allowed
name: argocd-cmd-params-cm
optional: true
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz?full=true
port: 8080
initialDelaySeconds: 3
periodSeconds: 30
timeoutSeconds: 5
name: argocd-server
ports:
- containerPort: 8080
- containerPort: 8083
readinessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 3
periodSeconds: 30
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/server/tls
name: argocd-repo-server-tls
- mountPath: /app/config/dex/tls
name: argocd-dex-server-tls
- mountPath: /home/argocd
name: plugins-home
- mountPath: /tmp
name: tmp
- mountPath: /home/argocd/params
name: argocd-cmd-params-cm
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: argocd-server
volumes:
- emptyDir: {}
name: plugins-home
- emptyDir: {}
name: tmp
- configMap:
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
name: argocd-tls-certs-cm
name: tls-certs
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- name: argocd-dex-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-dex-server-tls
- configMap:
items:
- key: server.profile.enabled
path: profiler.enabled
name: argocd-cmd-params-cm
optional: true
name: argocd-cmd-params-cm
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
serviceName: argocd-application-controller
template:
metadata:
labels:
app.kubernetes.io/name: argocd-application-controller
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
topologyKey: kubernetes.io/hostname
weight: 100
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/part-of: argocd
topologyKey: kubernetes.io/hostname
weight: 5
containers:
- args:
- /usr/local/bin/argocd-application-controller
env:
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: auth
name: argocd-redis
- name: GRPC_ENABLE_TXT_SERVICE_CONFIG
valueFrom:
configMapKeyRef:
key: controller.grpc.enable.txt.service.config
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_CONTROLLER_REPLICAS
value: "1"
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.reconciliation
name: argocd-cm
optional: true
- name: ARGOCD_HARD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.hard.reconciliation
name: argocd-cm
optional: true
- name: ARGOCD_RECONCILIATION_JITTER
valueFrom:
configMapKeyRef:
key: timeout.reconciliation.jitter
name: argocd-cm
optional: true
- name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS
valueFrom:
configMapKeyRef:
key: controller.repo.error.grace.period.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER
valueFrom:
configMapKeyRef:
key: repo.server
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
key: controller.repo.server.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS
valueFrom:
configMapKeyRef:
key: controller.status.processors
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS
valueFrom:
configMapKeyRef:
key: controller.operation.processors
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: controller.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: controller.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_LOG_FORMAT_TIMESTAMP
valueFrom:
configMapKeyRef:
key: log.format.timestamp
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_CLIENT_QPS
valueFrom:
configMapKeyRef:
key: controller.k8s.client.qps
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_CLIENT_BURST
valueFrom:
configMapKeyRef:
key: controller.k8s.client.burst
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_CLIENT_MAX_IDLE_CONNECTIONS
valueFrom:
configMapKeyRef:
key: controller.k8s.client.max.idle.connections
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_TCP_TIMEOUT
valueFrom:
configMapKeyRef:
key: controller.k8s.tcp.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_TCP_KEEPALIVE
valueFrom:
configMapKeyRef:
key: controller.k8s.tcp.keepalive
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_TLS_HANDSHAKE_TIMEOUT
valueFrom:
configMapKeyRef:
key: controller.k8s.tls.handshake.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8S_TCP_IDLE_TIMEOUT
valueFrom:
configMapKeyRef:
key: controller.k8s.tcp.idle.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: controller.metrics.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
key: controller.self.heal.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS
valueFrom:
configMapKeyRef:
key: controller.self.heal.backoff.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR
valueFrom:
configMapKeyRef:
key: controller.self.heal.backoff.factor
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS
valueFrom:
configMapKeyRef:
key: controller.self.heal.backoff.cap.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS
valueFrom:
configMapKeyRef:
key: controller.self.heal.backoff.cooldown.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_SYNC_WAVE_DELAY
valueFrom:
configMapKeyRef:
key: controller.sync.wave.delay.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT
valueFrom:
configMapKeyRef:
key: controller.sync.timeout.seconds
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT
valueFrom:
configMapKeyRef:
key: controller.repo.server.plaintext
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS
valueFrom:
configMapKeyRef:
key: controller.repo.server.strict.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH
valueFrom:
configMapKeyRef:
key: controller.resource.health.persist
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APP_STATE_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: controller.app.state.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
key: redis.server
name: argocd-cmd-params-cm
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
key: redis.compression
name: argocd-cmd-params-cm
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
key: redis.db
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: controller.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE
valueFrom:
configMapKeyRef:
key: otlp.insecure
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS
valueFrom:
configMapKeyRef:
key: otlp.headers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS
valueFrom:
configMapKeyRef:
key: otlp.attrs
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_NAMESPACES
valueFrom:
configMapKeyRef:
key: application.namespaces
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM
valueFrom:
configMapKeyRef:
key: controller.sharding.algorithm
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: controller.kubectl.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8SCLIENT_RETRY_MAX
valueFrom:
configMapKeyRef:
key: controller.k8sclient.retry.max
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF
valueFrom:
configMapKeyRef:
key: controller.k8sclient.retry.base.backoff
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF
valueFrom:
configMapKeyRef:
key: controller.diff.server.side
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT
valueFrom:
configMapKeyRef:
key: controller.ignore.normalizer.jq.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_HYDRATOR_ENABLED
valueFrom:
configMapKeyRef:
key: hydrator.enabled
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING
valueFrom:
configMapKeyRef:
key: controller.cluster.cache.batch.events.processing
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL
valueFrom:
configMapKeyRef:
key: controller.cluster.cache.events.processing.interval
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER
valueFrom:
configMapKeyRef:
key: commit.server
name: argocd-cmd-params-cm
optional: true
- name: KUBECACHEDIR
value: /tmp/kubecache
image: quay.io/argoproj/argocd:latest
imagePullPolicy: Always
name: argocd-application-controller
ports:
- containerPort: 8082
readinessProbe:
httpGet:
path: /healthz
port: 8082
initialDelaySeconds: 5
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /app/config/controller/tls
name: argocd-repo-server-tls
- mountPath: /home/argocd
name: argocd-home
- mountPath: /home/argocd/params
name: argocd-cmd-params-cm
- mountPath: /tmp
name: argocd-application-controller-tmp
workingDir: /home/argocd
nodeSelector:
kubernetes.io/os: linux
serviceAccountName: argocd-application-controller
volumes:
- emptyDir: {}
name: argocd-home
- emptyDir: {}
name: argocd-application-controller-tmp
- name: argocd-repo-server-tls
secret:
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
- configMap:
items:
- key: controller.profile.enabled
path: profiler.enabled
name: argocd-cmd-params-cm
optional: true
name: argocd-cmd-params-cm
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/component: application-controller
app.kubernetes.io/name: argocd-application-controller
app.kubernetes.io/part-of: argocd
name: argocd-application-controller-network-policy
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: 8082
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/component: applicationset-controller
app.kubernetes.io/name: argocd-applicationset-controller
app.kubernetes.io/part-of: argocd
name: argocd-applicationset-controller-network-policy
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: 7000
protocol: TCP
- port: 8080
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-applicationset-controller
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/component: commit-server
app.kubernetes.io/name: argocd-commit-server
app.kubernetes.io/part-of: argocd
name: argocd-commit-server-network-policy
spec:
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
ports:
- port: 8086
protocol: TCP
- from:
- namespaceSelector: {}
ports:
- port: 8087
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-commit-server
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/component: dex-server
app.kubernetes.io/name: argocd-dex-server
app.kubernetes.io/part-of: argocd
name: argocd-dex-server-network-policy
spec:
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
ports:
- port: 5556
protocol: TCP
- port: 5557
protocol: TCP
- from:
- namespaceSelector: {}
ports:
- port: 5558
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-dex-server
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/component: notifications-controller
app.kubernetes.io/name: argocd-notifications-controller
app.kubernetes.io/part-of: argocd
name: argocd-notifications-controller-network-policy
spec:
ingress:
- from:
- namespaceSelector: {}
ports:
- port: 9001
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-notifications-controller
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/component: redis
app.kubernetes.io/name: argocd-redis
app.kubernetes.io/part-of: argocd
name: argocd-redis-network-policy
spec:
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
ports:
- port: 6379
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-redis
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
name: argocd-repo-server-network-policy
spec:
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-application-controller
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-notifications-controller
- podSelector:
matchLabels:
app.kubernetes.io/name: argocd-applicationset-controller
ports:
- port: 8081
protocol: TCP
- from:
- namespaceSelector: {}
ports:
- port: 8084
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
policyTypes:
- Ingress
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/component: server
app.kubernetes.io/name: argocd-server
app.kubernetes.io/part-of: argocd
name: argocd-server-network-policy
spec:
ingress:
- {}
podSelector:
matchLabels:
app.kubernetes.io/name: argocd-server
policyTypes:
- Ingress
Reference in New Issue View Git Blame Copy Permalink