github.com/argoproj/argo-cd/v3@v3.2.1/manifests/namespace-install-with-hydrator.yaml (about) 1 # This is an auto-generated file. DO NOT EDIT 2 apiVersion: v1 3 kind: ServiceAccount 4 metadata: 5 labels: 6 app.kubernetes.io/component: application-controller 7 app.kubernetes.io/name: argocd-application-controller 8 app.kubernetes.io/part-of: argocd 9 name: argocd-application-controller 10 --- 11 apiVersion: v1 12 kind: ServiceAccount 13 metadata: 14 labels: 15 app.kubernetes.io/component: applicationset-controller 16 app.kubernetes.io/name: argocd-applicationset-controller 17 app.kubernetes.io/part-of: argocd 18 name: argocd-applicationset-controller 19 --- 20 apiVersion: v1 21 kind: ServiceAccount 22 metadata: 23 labels: 24 app.kubernetes.io/component: commit-server 25 app.kubernetes.io/name: argocd-commit-server 26 app.kubernetes.io/part-of: argocd 27 name: argocd-commit-server 28 --- 29 apiVersion: v1 30 kind: ServiceAccount 31 metadata: 32 labels: 33 app.kubernetes.io/component: dex-server 34 app.kubernetes.io/name: argocd-dex-server 35 app.kubernetes.io/part-of: argocd 36 name: argocd-dex-server 37 --- 38 apiVersion: v1 39 kind: ServiceAccount 40 metadata: 41 labels: 42 app.kubernetes.io/component: notifications-controller 43 app.kubernetes.io/name: argocd-notifications-controller 44 app.kubernetes.io/part-of: argocd 45 name: argocd-notifications-controller 46 --- 47 apiVersion: v1 48 kind: ServiceAccount 49 metadata: 50 labels: 51 app.kubernetes.io/component: redis 52 app.kubernetes.io/name: argocd-redis 53 app.kubernetes.io/part-of: argocd 54 name: argocd-redis 55 --- 56 apiVersion: v1 57 kind: ServiceAccount 58 metadata: 59 labels: 60 app.kubernetes.io/component: repo-server 61 app.kubernetes.io/name: argocd-repo-server 62 app.kubernetes.io/part-of: argocd 63 name: argocd-repo-server 64 --- 65 apiVersion: v1 66 kind: ServiceAccount 67 metadata: 68 labels: 69 app.kubernetes.io/component: server 70 app.kubernetes.io/name: argocd-server 71 app.kubernetes.io/part-of: argocd 72 name: argocd-server 73 --- 74 apiVersion: rbac.authorization.k8s.io/v1 75 kind: Role 76 metadata: 77 labels: 78 app.kubernetes.io/component: application-controller 79 app.kubernetes.io/name: argocd-application-controller 80 app.kubernetes.io/part-of: argocd 81 name: argocd-application-controller 82 rules: 83 - apiGroups: 84 - "" 85 resources: 86 - secrets 87 - configmaps 88 verbs: 89 - get 90 - list 91 - watch 92 - apiGroups: 93 - argoproj.io 94 resources: 95 - applications 96 - applicationsets 97 - appprojects 98 verbs: 99 - create 100 - get 101 - list 102 - watch 103 - update 104 - patch 105 - delete 106 - apiGroups: 107 - "" 108 resources: 109 - events 110 verbs: 111 - create 112 - list 113 - apiGroups: 114 - apps 115 resources: 116 - deployments 117 verbs: 118 - get 119 - list 120 - watch 121 --- 122 apiVersion: rbac.authorization.k8s.io/v1 123 kind: Role 124 metadata: 125 labels: 126 app.kubernetes.io/component: applicationset-controller 127 app.kubernetes.io/name: argocd-applicationset-controller 128 app.kubernetes.io/part-of: argocd 129 name: argocd-applicationset-controller 130 rules: 131 - apiGroups: 132 - argoproj.io 133 resources: 134 - applications 135 - applicationsets 136 - applicationsets/finalizers 137 verbs: 138 - create 139 - delete 140 - get 141 - list 142 - patch 143 - update 144 - watch 145 - apiGroups: 146 - argoproj.io 147 resources: 148 - appprojects 149 verbs: 150 - get 151 - list 152 - watch 153 - apiGroups: 154 - argoproj.io 155 resources: 156 - applicationsets/status 157 verbs: 158 - get 159 - patch 160 - update 161 - apiGroups: 162 - "" 163 resources: 164 - events 165 verbs: 166 - create 167 - get 168 - list 169 - patch 170 - watch 171 - apiGroups: 172 - "" 173 resources: 174 - secrets 175 - configmaps 176 verbs: 177 - get 178 - list 179 - watch 180 - apiGroups: 181 - coordination.k8s.io 182 resources: 183 - leases 184 verbs: 185 - create 186 - apiGroups: 187 - coordination.k8s.io 188 resourceNames: 189 - 58ac56fa.applicationsets.argoproj.io 190 resources: 191 - leases 192 verbs: 193 - get 194 - update 195 - create 196 --- 197 apiVersion: rbac.authorization.k8s.io/v1 198 kind: Role 199 metadata: 200 labels: 201 app.kubernetes.io/component: dex-server 202 app.kubernetes.io/name: argocd-dex-server 203 app.kubernetes.io/part-of: argocd 204 name: argocd-dex-server 205 rules: 206 - apiGroups: 207 - "" 208 resources: 209 - secrets 210 - configmaps 211 verbs: 212 - get 213 - list 214 - watch 215 --- 216 apiVersion: rbac.authorization.k8s.io/v1 217 kind: Role 218 metadata: 219 labels: 220 app.kubernetes.io/component: notifications-controller 221 app.kubernetes.io/name: argocd-notifications-controller 222 app.kubernetes.io/part-of: argocd 223 name: argocd-notifications-controller 224 rules: 225 - apiGroups: 226 - argoproj.io 227 resources: 228 - applications 229 - appprojects 230 verbs: 231 - get 232 - list 233 - watch 234 - update 235 - patch 236 - apiGroups: 237 - "" 238 resources: 239 - configmaps 240 - secrets 241 verbs: 242 - list 243 - watch 244 - apiGroups: 245 - "" 246 resourceNames: 247 - argocd-notifications-cm 248 resources: 249 - configmaps 250 verbs: 251 - get 252 - apiGroups: 253 - "" 254 resourceNames: 255 - argocd-notifications-secret 256 resources: 257 - secrets 258 verbs: 259 - get 260 --- 261 apiVersion: rbac.authorization.k8s.io/v1 262 kind: Role 263 metadata: 264 labels: 265 app.kubernetes.io/component: redis 266 app.kubernetes.io/name: argocd-redis 267 app.kubernetes.io/part-of: argocd 268 name: argocd-redis 269 rules: 270 - apiGroups: 271 - "" 272 resourceNames: 273 - argocd-redis 274 resources: 275 - secrets 276 verbs: 277 - get 278 - apiGroups: 279 - "" 280 resources: 281 - secrets 282 verbs: 283 - create 284 --- 285 apiVersion: rbac.authorization.k8s.io/v1 286 kind: Role 287 metadata: 288 labels: 289 app.kubernetes.io/component: server 290 app.kubernetes.io/name: argocd-server 291 app.kubernetes.io/part-of: argocd 292 name: argocd-server 293 rules: 294 - apiGroups: 295 - "" 296 resources: 297 - secrets 298 - configmaps 299 verbs: 300 - create 301 - get 302 - list 303 - watch 304 - update 305 - patch 306 - delete 307 - apiGroups: 308 - argoproj.io 309 resources: 310 - applications 311 - appprojects 312 - applicationsets 313 verbs: 314 - create 315 - get 316 - list 317 - watch 318 - update 319 - delete 320 - patch 321 - apiGroups: 322 - "" 323 resources: 324 - events 325 verbs: 326 - create 327 - list 328 --- 329 apiVersion: rbac.authorization.k8s.io/v1 330 kind: RoleBinding 331 metadata: 332 labels: 333 app.kubernetes.io/component: application-controller 334 app.kubernetes.io/name: argocd-application-controller 335 app.kubernetes.io/part-of: argocd 336 name: argocd-application-controller 337 roleRef: 338 apiGroup: rbac.authorization.k8s.io 339 kind: Role 340 name: argocd-application-controller 341 subjects: 342 - kind: ServiceAccount 343 name: argocd-application-controller 344 --- 345 apiVersion: rbac.authorization.k8s.io/v1 346 kind: RoleBinding 347 metadata: 348 labels: 349 app.kubernetes.io/component: applicationset-controller 350 app.kubernetes.io/name: argocd-applicationset-controller 351 app.kubernetes.io/part-of: argocd 352 name: argocd-applicationset-controller 353 roleRef: 354 apiGroup: rbac.authorization.k8s.io 355 kind: Role 356 name: argocd-applicationset-controller 357 subjects: 358 - kind: ServiceAccount 359 name: argocd-applicationset-controller 360 --- 361 apiVersion: rbac.authorization.k8s.io/v1 362 kind: RoleBinding 363 metadata: 364 labels: 365 app.kubernetes.io/component: dex-server 366 app.kubernetes.io/name: argocd-dex-server 367 app.kubernetes.io/part-of: argocd 368 name: argocd-dex-server 369 roleRef: 370 apiGroup: rbac.authorization.k8s.io 371 kind: Role 372 name: argocd-dex-server 373 subjects: 374 - kind: ServiceAccount 375 name: argocd-dex-server 376 --- 377 apiVersion: rbac.authorization.k8s.io/v1 378 kind: RoleBinding 379 metadata: 380 labels: 381 app.kubernetes.io/component: notifications-controller 382 app.kubernetes.io/name: argocd-notifications-controller 383 app.kubernetes.io/part-of: argocd 384 name: argocd-notifications-controller 385 roleRef: 386 apiGroup: rbac.authorization.k8s.io 387 kind: Role 388 name: argocd-notifications-controller 389 subjects: 390 - kind: ServiceAccount 391 name: argocd-notifications-controller 392 --- 393 apiVersion: rbac.authorization.k8s.io/v1 394 kind: RoleBinding 395 metadata: 396 labels: 397 app.kubernetes.io/component: redis 398 app.kubernetes.io/name: argocd-redis 399 app.kubernetes.io/part-of: argocd 400 name: argocd-redis 401 roleRef: 402 apiGroup: rbac.authorization.k8s.io 403 kind: Role 404 name: argocd-redis 405 subjects: 406 - kind: ServiceAccount 407 name: argocd-redis 408 --- 409 apiVersion: rbac.authorization.k8s.io/v1 410 kind: RoleBinding 411 metadata: 412 labels: 413 app.kubernetes.io/component: server 414 app.kubernetes.io/name: argocd-server 415 app.kubernetes.io/part-of: argocd 416 name: argocd-server 417 roleRef: 418 apiGroup: rbac.authorization.k8s.io 419 kind: Role 420 name: argocd-server 421 subjects: 422 - kind: ServiceAccount 423 name: argocd-server 424 --- 425 apiVersion: v1 426 data: 427 resource.customizations.ignoreResourceUpdates.ConfigMap: | 428 jqPathExpressions: 429 # Ignore the cluster-autoscaler status 430 - '.metadata.annotations."cluster-autoscaler.kubernetes.io/last-updated"' 431 # Ignore the annotation of the legacy Leases election 432 - '.metadata.annotations."control-plane.alpha.kubernetes.io/leader"' 433 resource.customizations.ignoreResourceUpdates.Endpoints: | 434 jsonPointers: 435 - /metadata 436 - /subsets 437 resource.customizations.ignoreResourceUpdates.all: | 438 jsonPointers: 439 - /status 440 resource.customizations.ignoreResourceUpdates.apps_ReplicaSet: | 441 jqPathExpressions: 442 - '.metadata.annotations."deployment.kubernetes.io/desired-replicas"' 443 - '.metadata.annotations."deployment.kubernetes.io/max-replicas"' 444 - '.metadata.annotations."rollout.argoproj.io/desired-replicas"' 445 resource.customizations.ignoreResourceUpdates.argoproj.io_Application: | 446 jqPathExpressions: 447 - '.metadata.annotations."notified.notifications.argoproj.io"' 448 - '.metadata.annotations."argocd.argoproj.io/refresh"' 449 - '.metadata.annotations."argocd.argoproj.io/hydrate"' 450 - '.operation' 451 resource.customizations.ignoreResourceUpdates.argoproj.io_Rollout: | 452 jqPathExpressions: 453 - '.metadata.annotations."notified.notifications.argoproj.io"' 454 resource.customizations.ignoreResourceUpdates.autoscaling_HorizontalPodAutoscaler: | 455 jqPathExpressions: 456 - '.metadata.annotations."autoscaling.alpha.kubernetes.io/behavior"' 457 - '.metadata.annotations."autoscaling.alpha.kubernetes.io/conditions"' 458 - '.metadata.annotations."autoscaling.alpha.kubernetes.io/metrics"' 459 - '.metadata.annotations."autoscaling.alpha.kubernetes.io/current-metrics"' 460 resource.customizations.ignoreResourceUpdates.discovery.k8s.io_EndpointSlice: | 461 jsonPointers: 462 - /metadata 463 - /endpoints 464 - /ports 465 resource.exclusions: | 466 ### Network resources created by the Kubernetes control plane and excluded to reduce the number of watched events and UI clutter 467 - apiGroups: 468 - '' 469 - discovery.k8s.io 470 kinds: 471 - Endpoints 472 - EndpointSlice 473 ### Internal Kubernetes resources excluded reduce the number of watched events 474 - apiGroups: 475 - coordination.k8s.io 476 kinds: 477 - Lease 478 ### Internal Kubernetes Authz/Authn resources excluded reduce the number of watched events 479 - apiGroups: 480 - authentication.k8s.io 481 - authorization.k8s.io 482 kinds: 483 - SelfSubjectReview 484 - TokenReview 485 - LocalSubjectAccessReview 486 - SelfSubjectAccessReview 487 - SelfSubjectRulesReview 488 - SubjectAccessReview 489 ### Intermediate Certificate Request excluded reduce the number of watched events 490 - apiGroups: 491 - certificates.k8s.io 492 kinds: 493 - CertificateSigningRequest 494 - apiGroups: 495 - cert-manager.io 496 kinds: 497 - CertificateRequest 498 ### Cilium internal resources excluded reduce the number of watched events and UI Clutter 499 - apiGroups: 500 - cilium.io 501 kinds: 502 - CiliumIdentity 503 - CiliumEndpoint 504 - CiliumEndpointSlice 505 ### Kyverno intermediate and reporting resources excluded reduce the number of watched events and improve performance 506 - apiGroups: 507 - kyverno.io 508 - reports.kyverno.io 509 - wgpolicyk8s.io 510 kinds: 511 - PolicyReport 512 - ClusterPolicyReport 513 - EphemeralReport 514 - ClusterEphemeralReport 515 - AdmissionReport 516 - ClusterAdmissionReport 517 - BackgroundScanReport 518 - ClusterBackgroundScanReport 519 - UpdateRequest 520 kind: ConfigMap 521 metadata: 522 labels: 523 app.kubernetes.io/name: argocd-cm 524 app.kubernetes.io/part-of: argocd 525 name: argocd-cm 526 --- 527 apiVersion: v1 528 data: 529 hydrator.enabled: "true" 530 kind: ConfigMap 531 metadata: 532 labels: 533 app.kubernetes.io/name: argocd-cmd-params-cm 534 app.kubernetes.io/part-of: argocd 535 name: argocd-cmd-params-cm 536 --- 537 apiVersion: v1 538 kind: ConfigMap 539 metadata: 540 labels: 541 app.kubernetes.io/name: argocd-gpg-keys-cm 542 app.kubernetes.io/part-of: argocd 543 name: argocd-gpg-keys-cm 544 --- 545 apiVersion: v1 546 kind: ConfigMap 547 metadata: 548 labels: 549 app.kubernetes.io/component: notifications-controller 550 app.kubernetes.io/name: argocd-notifications-controller 551 app.kubernetes.io/part-of: argocd 552 name: argocd-notifications-cm 553 --- 554 apiVersion: v1 555 kind: ConfigMap 556 metadata: 557 labels: 558 app.kubernetes.io/name: argocd-rbac-cm 559 app.kubernetes.io/part-of: argocd 560 name: argocd-rbac-cm 561 --- 562 apiVersion: v1 563 data: 564 ssh_known_hosts: | 565 # This file was automatically generated by hack/update-ssh-known-hosts.sh. DO NOT EDIT 566 [ssh.github.com]:443 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= 567 [ssh.github.com]:443 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl 568 [ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= 569 bitbucket.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPIQmuzMBuKdWeF4+a2sjSSpBK0iqitSQ+5BM9KhpexuGt20JpTVM7u5BDZngncgrqDMbWdxMWWOGtZ9UgbqgZE= 570 bitbucket.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIazEu89wgQZ4bqs3d63QSMzYVa0MuJ2e2gKTKqu+UUO 571 bitbucket.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQeJzhupRu0u0cdegZIa8e86EG2qOCsIsD1Xw0xSeiPDlCr7kq97NLmMbpKTX6Esc30NuoqEEHCuc7yWtwp8dI76EEEB1VqY9QJq6vk+aySyboD5QF61I/1WeTwu+deCbgKMGbUijeXhtfbxSxm6JwGrXrhBdofTsbKRUsrN1WoNgUa8uqN1Vx6WAJw1JHPhglEGGHea6QICwJOAr/6mrui/oB7pkaWKHj3z7d1IC4KWLtY47elvjbaTlkN04Kc/5LFEirorGYVbt15kAUlqGM65pk6ZBxtaO3+30LVlORZkxOh+LKL/BvbZ/iRNhItLqNyieoQj/uh/7Iv4uyH/cV/0b4WDSd3DptigWq84lJubb9t/DnZlrJazxyDCulTmKdOR7vs9gMTo+uoIrPSb8ScTtvw65+odKAlBj59dhnVp9zd7QUojOpXlL62Aw56U4oO+FALuevvMjiWeavKhJqlR7i5n9srYcrNV7ttmDw7kf/97P5zauIhxcjX+xHv4M= 572 github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= 573 github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl 574 github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= 575 gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= 576 gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf 577 gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 578 ssh.dev.azure.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H 579 vs-ssh.visualstudio.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Hr1oTWqNqOlzGJOfGJ4NakVyIzf1rXYd4d7wo6jBlkLvCA4odBlL0mDUyZ0/QUfTTqeu+tm22gOsv+VrVTMk6vwRU75gY/y9ut5Mb3bR5BV58dKXyq9A9UeB5Cakehn5Zgm6x1mKoVyf+FFn26iYqXJRgzIZZcZ5V6hrE0Qg39kZm4az48o0AUbf6Sp4SLdvnuMa2sVNwHBboS7EJkm57XQPVU3/QpyNLHbWDdzwtrlS+ez30S3AdYhLKEOxAG8weOnyrtLJAUen9mTkol8oII1edf7mWWbWVf0nBmly21+nZcmCTISQBtdcyPaEno7fFQMDD26/s0lfKob4Kw8H 580 kind: ConfigMap 581 metadata: 582 labels: 583 app.kubernetes.io/name: argocd-ssh-known-hosts-cm 584 app.kubernetes.io/part-of: argocd 585 name: argocd-ssh-known-hosts-cm 586 --- 587 apiVersion: v1 588 kind: ConfigMap 589 metadata: 590 labels: 591 app.kubernetes.io/name: argocd-tls-certs-cm 592 app.kubernetes.io/part-of: argocd 593 name: argocd-tls-certs-cm 594 --- 595 apiVersion: v1 596 kind: Secret 597 metadata: 598 labels: 599 app.kubernetes.io/component: notifications-controller 600 app.kubernetes.io/name: argocd-notifications-controller 601 app.kubernetes.io/part-of: argocd 602 name: argocd-notifications-secret 603 type: Opaque 604 --- 605 apiVersion: v1 606 kind: Secret 607 metadata: 608 labels: 609 app.kubernetes.io/name: argocd-secret 610 app.kubernetes.io/part-of: argocd 611 name: argocd-secret 612 type: Opaque 613 --- 614 apiVersion: v1 615 kind: Service 616 metadata: 617 labels: 618 app.kubernetes.io/component: applicationset-controller 619 app.kubernetes.io/name: argocd-applicationset-controller 620 app.kubernetes.io/part-of: argocd 621 name: argocd-applicationset-controller 622 spec: 623 ports: 624 - name: webhook 625 port: 7000 626 protocol: TCP 627 targetPort: webhook 628 - name: metrics 629 port: 8080 630 protocol: TCP 631 targetPort: metrics 632 selector: 633 app.kubernetes.io/name: argocd-applicationset-controller 634 --- 635 apiVersion: v1 636 kind: Service 637 metadata: 638 labels: 639 app.kubernetes.io/component: commit-server 640 app.kubernetes.io/name: argocd-commit-server 641 app.kubernetes.io/part-of: argocd 642 name: argocd-commit-server 643 spec: 644 ports: 645 - name: server 646 port: 8086 647 protocol: TCP 648 targetPort: 8086 649 - name: metrics 650 port: 8087 651 protocol: TCP 652 targetPort: 8087 653 selector: 654 app.kubernetes.io/name: argocd-commit-server 655 --- 656 apiVersion: v1 657 kind: Service 658 metadata: 659 labels: 660 app.kubernetes.io/component: dex-server 661 app.kubernetes.io/name: argocd-dex-server 662 app.kubernetes.io/part-of: argocd 663 name: argocd-dex-server 664 spec: 665 ports: 666 - appProtocol: TCP 667 name: http 668 port: 5556 669 protocol: TCP 670 targetPort: 5556 671 - name: grpc 672 port: 5557 673 protocol: TCP 674 targetPort: 5557 675 - name: metrics 676 port: 5558 677 protocol: TCP 678 targetPort: 5558 679 selector: 680 app.kubernetes.io/name: argocd-dex-server 681 --- 682 apiVersion: v1 683 kind: Service 684 metadata: 685 labels: 686 app.kubernetes.io/component: metrics 687 app.kubernetes.io/name: argocd-metrics 688 app.kubernetes.io/part-of: argocd 689 name: argocd-metrics 690 spec: 691 ports: 692 - name: metrics 693 port: 8082 694 protocol: TCP 695 targetPort: 8082 696 selector: 697 app.kubernetes.io/name: argocd-application-controller 698 --- 699 apiVersion: v1 700 kind: Service 701 metadata: 702 labels: 703 app.kubernetes.io/component: notifications-controller 704 app.kubernetes.io/name: argocd-notifications-controller-metrics 705 app.kubernetes.io/part-of: argocd 706 name: argocd-notifications-controller-metrics 707 spec: 708 ports: 709 - name: metrics 710 port: 9001 711 protocol: TCP 712 targetPort: 9001 713 selector: 714 app.kubernetes.io/name: argocd-notifications-controller 715 --- 716 apiVersion: v1 717 kind: Service 718 metadata: 719 labels: 720 app.kubernetes.io/component: redis 721 app.kubernetes.io/name: argocd-redis 722 app.kubernetes.io/part-of: argocd 723 name: argocd-redis 724 spec: 725 ports: 726 - name: tcp-redis 727 port: 6379 728 targetPort: 6379 729 selector: 730 app.kubernetes.io/name: argocd-redis 731 --- 732 apiVersion: v1 733 kind: Service 734 metadata: 735 labels: 736 app.kubernetes.io/component: repo-server 737 app.kubernetes.io/name: argocd-repo-server 738 app.kubernetes.io/part-of: argocd 739 name: argocd-repo-server 740 spec: 741 ports: 742 - name: server 743 port: 8081 744 protocol: TCP 745 targetPort: 8081 746 - name: metrics 747 port: 8084 748 protocol: TCP 749 targetPort: 8084 750 selector: 751 app.kubernetes.io/name: argocd-repo-server 752 --- 753 apiVersion: v1 754 kind: Service 755 metadata: 756 labels: 757 app.kubernetes.io/component: server 758 app.kubernetes.io/name: argocd-server 759 app.kubernetes.io/part-of: argocd 760 name: argocd-server 761 spec: 762 ports: 763 - name: http 764 port: 80 765 protocol: TCP 766 targetPort: 8080 767 - name: https 768 port: 443 769 protocol: TCP 770 targetPort: 8080 771 selector: 772 app.kubernetes.io/name: argocd-server 773 --- 774 apiVersion: v1 775 kind: Service 776 metadata: 777 labels: 778 app.kubernetes.io/component: server 779 app.kubernetes.io/name: argocd-server-metrics 780 app.kubernetes.io/part-of: argocd 781 name: argocd-server-metrics 782 spec: 783 ports: 784 - name: metrics 785 port: 8083 786 protocol: TCP 787 targetPort: 8083 788 selector: 789 app.kubernetes.io/name: argocd-server 790 --- 791 apiVersion: apps/v1 792 kind: Deployment 793 metadata: 794 labels: 795 app.kubernetes.io/component: applicationset-controller 796 app.kubernetes.io/name: argocd-applicationset-controller 797 app.kubernetes.io/part-of: argocd 798 name: argocd-applicationset-controller 799 spec: 800 selector: 801 matchLabels: 802 app.kubernetes.io/name: argocd-applicationset-controller 803 template: 804 metadata: 805 labels: 806 app.kubernetes.io/name: argocd-applicationset-controller 807 spec: 808 containers: 809 - args: 810 - /usr/local/bin/argocd-applicationset-controller 811 env: 812 - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS 813 valueFrom: 814 configMapKeyRef: 815 key: applicationsetcontroller.global.preserved.annotations 816 name: argocd-cmd-params-cm 817 optional: true 818 - name: ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS 819 valueFrom: 820 configMapKeyRef: 821 key: applicationsetcontroller.global.preserved.labels 822 name: argocd-cmd-params-cm 823 optional: true 824 - name: NAMESPACE 825 valueFrom: 826 fieldRef: 827 fieldPath: metadata.namespace 828 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION 829 valueFrom: 830 configMapKeyRef: 831 key: applicationsetcontroller.enable.leader.election 832 name: argocd-cmd-params-cm 833 optional: true 834 - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER 835 valueFrom: 836 configMapKeyRef: 837 key: repo.server 838 name: argocd-cmd-params-cm 839 optional: true 840 - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY 841 valueFrom: 842 configMapKeyRef: 843 key: applicationsetcontroller.policy 844 name: argocd-cmd-params-cm 845 optional: true 846 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE 847 valueFrom: 848 configMapKeyRef: 849 key: applicationsetcontroller.enable.policy.override 850 name: argocd-cmd-params-cm 851 optional: true 852 - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG 853 valueFrom: 854 configMapKeyRef: 855 key: applicationsetcontroller.debug 856 name: argocd-cmd-params-cm 857 optional: true 858 - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT 859 valueFrom: 860 configMapKeyRef: 861 key: applicationsetcontroller.log.format 862 name: argocd-cmd-params-cm 863 optional: true 864 - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL 865 valueFrom: 866 configMapKeyRef: 867 key: applicationsetcontroller.log.level 868 name: argocd-cmd-params-cm 869 optional: true 870 - name: ARGOCD_LOG_FORMAT_TIMESTAMP 871 valueFrom: 872 configMapKeyRef: 873 key: log.format.timestamp 874 name: argocd-cmd-params-cm 875 optional: true 876 - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN 877 valueFrom: 878 configMapKeyRef: 879 key: applicationsetcontroller.dryrun 880 name: argocd-cmd-params-cm 881 optional: true 882 - name: ARGOCD_GIT_MODULES_ENABLED 883 valueFrom: 884 configMapKeyRef: 885 key: applicationsetcontroller.enable.git.submodule 886 name: argocd-cmd-params-cm 887 optional: true 888 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS 889 valueFrom: 890 configMapKeyRef: 891 key: applicationsetcontroller.enable.progressive.syncs 892 name: argocd-cmd-params-cm 893 optional: true 894 - name: ARGOCD_APPLICATIONSET_CONTROLLER_TOKENREF_STRICT_MODE 895 valueFrom: 896 configMapKeyRef: 897 key: applicationsetcontroller.enable.tokenref.strict.mode 898 name: argocd-cmd-params-cm 899 optional: true 900 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING 901 valueFrom: 902 configMapKeyRef: 903 key: applicationsetcontroller.enable.new.git.file.globbing 904 name: argocd-cmd-params-cm 905 optional: true 906 - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_PLAINTEXT 907 valueFrom: 908 configMapKeyRef: 909 key: applicationsetcontroller.repo.server.plaintext 910 name: argocd-cmd-params-cm 911 optional: true 912 - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_STRICT_TLS 913 valueFrom: 914 configMapKeyRef: 915 key: applicationsetcontroller.repo.server.strict.tls 916 name: argocd-cmd-params-cm 917 optional: true 918 - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS 919 valueFrom: 920 configMapKeyRef: 921 key: applicationsetcontroller.repo.server.timeout.seconds 922 name: argocd-cmd-params-cm 923 optional: true 924 - name: ARGOCD_APPLICATIONSET_CONTROLLER_CONCURRENT_RECONCILIATIONS 925 valueFrom: 926 configMapKeyRef: 927 key: applicationsetcontroller.concurrent.reconciliations.max 928 name: argocd-cmd-params-cm 929 optional: true 930 - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACES 931 valueFrom: 932 configMapKeyRef: 933 key: applicationsetcontroller.namespaces 934 name: argocd-cmd-params-cm 935 optional: true 936 - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH 937 valueFrom: 938 configMapKeyRef: 939 key: applicationsetcontroller.scm.root.ca.path 940 name: argocd-cmd-params-cm 941 optional: true 942 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS 943 valueFrom: 944 configMapKeyRef: 945 key: applicationsetcontroller.allowed.scm.providers 946 name: argocd-cmd-params-cm 947 optional: true 948 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS 949 valueFrom: 950 configMapKeyRef: 951 key: applicationsetcontroller.enable.scm.providers 952 name: argocd-cmd-params-cm 953 optional: true 954 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS 955 valueFrom: 956 configMapKeyRef: 957 key: applicationsetcontroller.enable.github.api.metrics 958 name: argocd-cmd-params-cm 959 optional: true 960 - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT 961 valueFrom: 962 configMapKeyRef: 963 key: applicationsetcontroller.webhook.parallelism.limit 964 name: argocd-cmd-params-cm 965 optional: true 966 - name: ARGOCD_APPLICATIONSET_CONTROLLER_REQUEUE_AFTER 967 valueFrom: 968 configMapKeyRef: 969 key: applicationsetcontroller.requeue.after 970 name: argocd-cmd-params-cm 971 optional: true 972 - name: ARGOCD_APPLICATIONSET_CONTROLLER_MAX_RESOURCES_STATUS_COUNT 973 valueFrom: 974 configMapKeyRef: 975 key: applicationsetcontroller.status.max.resources.count 976 name: argocd-cmd-params-cm 977 optional: true 978 image: quay.io/argoproj/argocd:v3.2.1 979 imagePullPolicy: Always 980 name: argocd-applicationset-controller 981 ports: 982 - containerPort: 7000 983 name: webhook 984 - containerPort: 8080 985 name: metrics 986 securityContext: 987 allowPrivilegeEscalation: false 988 capabilities: 989 drop: 990 - ALL 991 readOnlyRootFilesystem: true 992 runAsNonRoot: true 993 seccompProfile: 994 type: RuntimeDefault 995 volumeMounts: 996 - mountPath: /app/config/ssh 997 name: ssh-known-hosts 998 - mountPath: /app/config/tls 999 name: tls-certs 1000 - mountPath: /app/config/gpg/source 1001 name: gpg-keys 1002 - mountPath: /app/config/gpg/keys 1003 name: gpg-keyring 1004 - mountPath: /tmp 1005 name: tmp 1006 - mountPath: /app/config/reposerver/tls 1007 name: argocd-repo-server-tls 1008 - mountPath: /home/argocd/params 1009 name: argocd-cmd-params-cm 1010 nodeSelector: 1011 kubernetes.io/os: linux 1012 serviceAccountName: argocd-applicationset-controller 1013 volumes: 1014 - configMap: 1015 name: argocd-ssh-known-hosts-cm 1016 name: ssh-known-hosts 1017 - configMap: 1018 name: argocd-tls-certs-cm 1019 name: tls-certs 1020 - configMap: 1021 name: argocd-gpg-keys-cm 1022 name: gpg-keys 1023 - emptyDir: {} 1024 name: gpg-keyring 1025 - emptyDir: {} 1026 name: tmp 1027 - name: argocd-repo-server-tls 1028 secret: 1029 items: 1030 - key: tls.crt 1031 path: tls.crt 1032 - key: tls.key 1033 path: tls.key 1034 - key: ca.crt 1035 path: ca.crt 1036 optional: true 1037 secretName: argocd-repo-server-tls 1038 - configMap: 1039 items: 1040 - key: applicationsetcontroller.profile.enabled 1041 path: profiler.enabled 1042 name: argocd-cmd-params-cm 1043 optional: true 1044 name: argocd-cmd-params-cm 1045 --- 1046 apiVersion: apps/v1 1047 kind: Deployment 1048 metadata: 1049 labels: 1050 app.kubernetes.io/component: commit-server 1051 app.kubernetes.io/name: argocd-commit-server 1052 app.kubernetes.io/part-of: argocd 1053 name: argocd-commit-server 1054 spec: 1055 selector: 1056 matchLabels: 1057 app.kubernetes.io/name: argocd-commit-server 1058 template: 1059 metadata: 1060 labels: 1061 app.kubernetes.io/name: argocd-commit-server 1062 spec: 1063 affinity: 1064 podAntiAffinity: 1065 preferredDuringSchedulingIgnoredDuringExecution: 1066 - podAffinityTerm: 1067 labelSelector: 1068 matchLabels: 1069 app.kubernetes.io/name: argocd-commit-server 1070 topologyKey: kubernetes.io/hostname 1071 weight: 100 1072 - podAffinityTerm: 1073 labelSelector: 1074 matchLabels: 1075 app.kubernetes.io/part-of: argocd 1076 topologyKey: kubernetes.io/hostname 1077 weight: 5 1078 automountServiceAccountToken: false 1079 containers: 1080 - args: 1081 - /usr/local/bin/argocd-commit-server 1082 env: 1083 - name: ARGOCD_COMMIT_SERVER_LISTEN_ADDRESS 1084 valueFrom: 1085 configMapKeyRef: 1086 key: commitserver.listen.address 1087 name: argocd-cmd-params-cm 1088 optional: true 1089 - name: ARGOCD_COMMIT_SERVER_METRICS_LISTEN_ADDRESS 1090 valueFrom: 1091 configMapKeyRef: 1092 key: commitserver.metrics.listen.address 1093 name: argocd-cmd-params-cm 1094 optional: true 1095 - name: ARGOCD_COMMIT_SERVER_LOGFORMAT 1096 valueFrom: 1097 configMapKeyRef: 1098 key: commitserver.log.format 1099 name: argocd-cmd-params-cm 1100 optional: true 1101 - name: ARGOCD_COMMIT_SERVER_LOGLEVEL 1102 valueFrom: 1103 configMapKeyRef: 1104 key: commitserver.log.level 1105 name: argocd-cmd-params-cm 1106 optional: true 1107 - name: ARGOCD_LOG_FORMAT_TIMESTAMP 1108 valueFrom: 1109 configMapKeyRef: 1110 key: log.format.timestamp 1111 name: argocd-cmd-params-cm 1112 optional: true 1113 image: quay.io/argoproj/argocd:v3.2.1 1114 imagePullPolicy: Always 1115 livenessProbe: 1116 failureThreshold: 3 1117 httpGet: 1118 path: /healthz?full=true 1119 port: 8087 1120 initialDelaySeconds: 30 1121 periodSeconds: 30 1122 timeoutSeconds: 5 1123 name: argocd-commit-server 1124 ports: 1125 - containerPort: 8086 1126 - containerPort: 8087 1127 readinessProbe: 1128 httpGet: 1129 path: /healthz 1130 port: 8087 1131 initialDelaySeconds: 5 1132 periodSeconds: 10 1133 securityContext: 1134 allowPrivilegeEscalation: false 1135 capabilities: 1136 drop: 1137 - ALL 1138 readOnlyRootFilesystem: true 1139 runAsNonRoot: true 1140 seccompProfile: 1141 type: RuntimeDefault 1142 volumeMounts: 1143 - mountPath: /app/config/ssh 1144 name: ssh-known-hosts 1145 - mountPath: /app/config/tls 1146 name: tls-certs 1147 - mountPath: /app/config/gpg/source 1148 name: gpg-keys 1149 - mountPath: /app/config/gpg/keys 1150 name: gpg-keyring 1151 - mountPath: /tmp 1152 name: tmp 1153 serviceAccountName: argocd-commit-server 1154 volumes: 1155 - configMap: 1156 name: argocd-ssh-known-hosts-cm 1157 name: ssh-known-hosts 1158 - configMap: 1159 name: argocd-tls-certs-cm 1160 name: tls-certs 1161 - configMap: 1162 name: argocd-gpg-keys-cm 1163 name: gpg-keys 1164 - emptyDir: {} 1165 name: gpg-keyring 1166 - emptyDir: {} 1167 name: tmp 1168 - name: argocd-commit-server-tls 1169 secret: 1170 items: 1171 - key: tls.crt 1172 path: tls.crt 1173 - key: tls.key 1174 path: tls.key 1175 - key: ca.crt 1176 path: ca.crt 1177 optional: true 1178 secretName: argocd-commit-server-tls 1179 --- 1180 apiVersion: apps/v1 1181 kind: Deployment 1182 metadata: 1183 labels: 1184 app.kubernetes.io/component: dex-server 1185 app.kubernetes.io/name: argocd-dex-server 1186 app.kubernetes.io/part-of: argocd 1187 name: argocd-dex-server 1188 spec: 1189 selector: 1190 matchLabels: 1191 app.kubernetes.io/name: argocd-dex-server 1192 template: 1193 metadata: 1194 labels: 1195 app.kubernetes.io/name: argocd-dex-server 1196 spec: 1197 affinity: 1198 podAntiAffinity: 1199 preferredDuringSchedulingIgnoredDuringExecution: 1200 - podAffinityTerm: 1201 labelSelector: 1202 matchLabels: 1203 app.kubernetes.io/part-of: argocd 1204 topologyKey: kubernetes.io/hostname 1205 weight: 5 1206 containers: 1207 - command: 1208 - /shared/argocd-dex 1209 - rundex 1210 env: 1211 - name: ARGOCD_DEX_SERVER_LOGFORMAT 1212 valueFrom: 1213 configMapKeyRef: 1214 key: dexserver.log.format 1215 name: argocd-cmd-params-cm 1216 optional: true 1217 - name: ARGOCD_DEX_SERVER_LOGLEVEL 1218 valueFrom: 1219 configMapKeyRef: 1220 key: dexserver.log.level 1221 name: argocd-cmd-params-cm 1222 optional: true 1223 - name: ARGOCD_LOG_FORMAT_TIMESTAMP 1224 valueFrom: 1225 configMapKeyRef: 1226 key: log.format.timestamp 1227 name: argocd-cmd-params-cm 1228 optional: true 1229 - name: ARGOCD_DEX_SERVER_DISABLE_TLS 1230 valueFrom: 1231 configMapKeyRef: 1232 key: dexserver.disable.tls 1233 name: argocd-cmd-params-cm 1234 optional: true 1235 image: ghcr.io/dexidp/dex:v2.43.0 1236 imagePullPolicy: Always 1237 name: dex 1238 ports: 1239 - containerPort: 5556 1240 - containerPort: 5557 1241 - containerPort: 5558 1242 securityContext: 1243 allowPrivilegeEscalation: false 1244 capabilities: 1245 drop: 1246 - ALL 1247 readOnlyRootFilesystem: true 1248 runAsNonRoot: true 1249 seccompProfile: 1250 type: RuntimeDefault 1251 volumeMounts: 1252 - mountPath: /shared 1253 name: static-files 1254 - mountPath: /tmp 1255 name: dexconfig 1256 - mountPath: /tls 1257 name: argocd-dex-server-tls 1258 initContainers: 1259 - command: 1260 - /bin/cp 1261 - -n 1262 - /usr/local/bin/argocd 1263 - /shared/argocd-dex 1264 image: quay.io/argoproj/argocd:v3.2.1 1265 imagePullPolicy: Always 1266 name: copyutil 1267 securityContext: 1268 allowPrivilegeEscalation: false 1269 capabilities: 1270 drop: 1271 - ALL 1272 readOnlyRootFilesystem: true 1273 runAsNonRoot: true 1274 seccompProfile: 1275 type: RuntimeDefault 1276 volumeMounts: 1277 - mountPath: /shared 1278 name: static-files 1279 - mountPath: /tmp 1280 name: dexconfig 1281 nodeSelector: 1282 kubernetes.io/os: linux 1283 serviceAccountName: argocd-dex-server 1284 volumes: 1285 - emptyDir: {} 1286 name: static-files 1287 - emptyDir: {} 1288 name: dexconfig 1289 - name: argocd-dex-server-tls 1290 secret: 1291 items: 1292 - key: tls.crt 1293 path: tls.crt 1294 - key: tls.key 1295 path: tls.key 1296 - key: ca.crt 1297 path: ca.crt 1298 optional: true 1299 secretName: argocd-dex-server-tls 1300 --- 1301 apiVersion: apps/v1 1302 kind: Deployment 1303 metadata: 1304 labels: 1305 app.kubernetes.io/component: notifications-controller 1306 app.kubernetes.io/name: argocd-notifications-controller 1307 app.kubernetes.io/part-of: argocd 1308 name: argocd-notifications-controller 1309 spec: 1310 selector: 1311 matchLabels: 1312 app.kubernetes.io/name: argocd-notifications-controller 1313 strategy: 1314 type: Recreate 1315 template: 1316 metadata: 1317 labels: 1318 app.kubernetes.io/name: argocd-notifications-controller 1319 spec: 1320 containers: 1321 - args: 1322 - /usr/local/bin/argocd-notifications 1323 env: 1324 - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGFORMAT 1325 valueFrom: 1326 configMapKeyRef: 1327 key: notificationscontroller.log.format 1328 name: argocd-cmd-params-cm 1329 optional: true 1330 - name: ARGOCD_NOTIFICATIONS_CONTROLLER_LOGLEVEL 1331 valueFrom: 1332 configMapKeyRef: 1333 key: notificationscontroller.log.level 1334 name: argocd-cmd-params-cm 1335 optional: true 1336 - name: ARGOCD_LOG_FORMAT_TIMESTAMP 1337 valueFrom: 1338 configMapKeyRef: 1339 key: log.format.timestamp 1340 name: argocd-cmd-params-cm 1341 optional: true 1342 - name: ARGOCD_APPLICATION_NAMESPACES 1343 valueFrom: 1344 configMapKeyRef: 1345 key: application.namespaces 1346 name: argocd-cmd-params-cm 1347 optional: true 1348 - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED 1349 valueFrom: 1350 configMapKeyRef: 1351 key: notificationscontroller.selfservice.enabled 1352 name: argocd-cmd-params-cm 1353 optional: true 1354 - name: ARGOCD_NOTIFICATION_CONTROLLER_REPO_SERVER_PLAINTEXT 1355 valueFrom: 1356 configMapKeyRef: 1357 key: notificationscontroller.repo.server.plaintext 1358 name: argocd-cmd-params-cm 1359 optional: true 1360 image: quay.io/argoproj/argocd:v3.2.1 1361 imagePullPolicy: Always 1362 livenessProbe: 1363 tcpSocket: 1364 port: 9001 1365 name: argocd-notifications-controller 1366 securityContext: 1367 allowPrivilegeEscalation: false 1368 capabilities: 1369 drop: 1370 - ALL 1371 readOnlyRootFilesystem: true 1372 volumeMounts: 1373 - mountPath: /app/config/tls 1374 name: tls-certs 1375 - mountPath: /app/config/reposerver/tls 1376 name: argocd-repo-server-tls 1377 workingDir: /app 1378 nodeSelector: 1379 kubernetes.io/os: linux 1380 securityContext: 1381 runAsNonRoot: true 1382 seccompProfile: 1383 type: RuntimeDefault 1384 serviceAccountName: argocd-notifications-controller 1385 volumes: 1386 - configMap: 1387 name: argocd-tls-certs-cm 1388 name: tls-certs 1389 - name: argocd-repo-server-tls 1390 secret: 1391 items: 1392 - key: tls.crt 1393 path: tls.crt 1394 - key: tls.key 1395 path: tls.key 1396 - key: ca.crt 1397 path: ca.crt 1398 optional: true 1399 secretName: argocd-repo-server-tls 1400 --- 1401 apiVersion: apps/v1 1402 kind: Deployment 1403 metadata: 1404 labels: 1405 app.kubernetes.io/component: redis 1406 app.kubernetes.io/name: argocd-redis 1407 app.kubernetes.io/part-of: argocd 1408 name: argocd-redis 1409 spec: 1410 selector: 1411 matchLabels: 1412 app.kubernetes.io/name: argocd-redis 1413 template: 1414 metadata: 1415 labels: 1416 app.kubernetes.io/name: argocd-redis 1417 spec: 1418 affinity: 1419 podAntiAffinity: 1420 preferredDuringSchedulingIgnoredDuringExecution: 1421 - podAffinityTerm: 1422 labelSelector: 1423 matchLabels: 1424 app.kubernetes.io/name: argocd-redis 1425 topologyKey: kubernetes.io/hostname 1426 weight: 100 1427 - podAffinityTerm: 1428 labelSelector: 1429 matchLabels: 1430 app.kubernetes.io/part-of: argocd 1431 topologyKey: kubernetes.io/hostname 1432 weight: 5 1433 containers: 1434 - args: 1435 - --save 1436 - "" 1437 - --appendonly 1438 - "no" 1439 - --requirepass $(REDIS_PASSWORD) 1440 env: 1441 - name: REDIS_PASSWORD 1442 valueFrom: 1443 secretKeyRef: 1444 key: auth 1445 name: argocd-redis 1446 image: public.ecr.aws/docker/library/redis:8.2.2-alpine 1447 imagePullPolicy: Always 1448 name: redis 1449 ports: 1450 - containerPort: 6379 1451 securityContext: 1452 allowPrivilegeEscalation: false 1453 capabilities: 1454 drop: 1455 - ALL 1456 readOnlyRootFilesystem: true 1457 initContainers: 1458 - command: 1459 - argocd 1460 - admin 1461 - redis-initial-password 1462 image: quay.io/argoproj/argocd:v3.2.1 1463 imagePullPolicy: IfNotPresent 1464 name: secret-init 1465 securityContext: 1466 allowPrivilegeEscalation: false 1467 capabilities: 1468 drop: 1469 - ALL 1470 readOnlyRootFilesystem: true 1471 runAsNonRoot: true 1472 seccompProfile: 1473 type: RuntimeDefault 1474 nodeSelector: 1475 kubernetes.io/os: linux 1476 securityContext: 1477 runAsNonRoot: true 1478 runAsUser: 999 1479 seccompProfile: 1480 type: RuntimeDefault 1481 serviceAccountName: argocd-redis 1482 --- 1483 apiVersion: apps/v1 1484 kind: Deployment 1485 metadata: 1486 labels: 1487 app.kubernetes.io/component: repo-server 1488 app.kubernetes.io/name: argocd-repo-server 1489 app.kubernetes.io/part-of: argocd 1490 name: argocd-repo-server 1491 spec: 1492 selector: 1493 matchLabels: 1494 app.kubernetes.io/name: argocd-repo-server 1495 template: 1496 metadata: 1497 labels: 1498 app.kubernetes.io/name: argocd-repo-server 1499 spec: 1500 affinity: 1501 podAntiAffinity: 1502 preferredDuringSchedulingIgnoredDuringExecution: 1503 - podAffinityTerm: 1504 labelSelector: 1505 matchLabels: 1506 app.kubernetes.io/name: argocd-repo-server 1507 topologyKey: kubernetes.io/hostname 1508 weight: 100 1509 - podAffinityTerm: 1510 labelSelector: 1511 matchLabels: 1512 app.kubernetes.io/part-of: argocd 1513 topologyKey: kubernetes.io/hostname 1514 weight: 5 1515 automountServiceAccountToken: false 1516 containers: 1517 - args: 1518 - /usr/local/bin/argocd-repo-server 1519 env: 1520 - name: REDIS_PASSWORD 1521 valueFrom: 1522 secretKeyRef: 1523 key: auth 1524 name: argocd-redis 1525 - name: ARGOCD_RECONCILIATION_TIMEOUT 1526 valueFrom: 1527 configMapKeyRef: 1528 key: timeout.reconciliation 1529 name: argocd-cm 1530 optional: true 1531 - name: ARGOCD_REPO_SERVER_LOGFORMAT 1532 valueFrom: 1533 configMapKeyRef: 1534 key: reposerver.log.format 1535 name: argocd-cmd-params-cm 1536 optional: true 1537 - name: ARGOCD_REPO_SERVER_LOGLEVEL 1538 valueFrom: 1539 configMapKeyRef: 1540 key: reposerver.log.level 1541 name: argocd-cmd-params-cm 1542 optional: true 1543 - name: ARGOCD_LOG_FORMAT_TIMESTAMP 1544 valueFrom: 1545 configMapKeyRef: 1546 key: log.format.timestamp 1547 name: argocd-cmd-params-cm 1548 optional: true 1549 - name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT 1550 valueFrom: 1551 configMapKeyRef: 1552 key: reposerver.parallelism.limit 1553 name: argocd-cmd-params-cm 1554 optional: true 1555 - name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS 1556 valueFrom: 1557 configMapKeyRef: 1558 key: reposerver.listen.address 1559 name: argocd-cmd-params-cm 1560 optional: true 1561 - name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS 1562 valueFrom: 1563 configMapKeyRef: 1564 key: reposerver.metrics.listen.address 1565 name: argocd-cmd-params-cm 1566 optional: true 1567 - name: ARGOCD_REPO_SERVER_DISABLE_TLS 1568 valueFrom: 1569 configMapKeyRef: 1570 key: reposerver.disable.tls 1571 name: argocd-cmd-params-cm 1572 optional: true 1573 - name: ARGOCD_TLS_MIN_VERSION 1574 valueFrom: 1575 configMapKeyRef: 1576 key: reposerver.tls.minversion 1577 name: argocd-cmd-params-cm 1578 optional: true 1579 - name: ARGOCD_TLS_MAX_VERSION 1580 valueFrom: 1581 configMapKeyRef: 1582 key: reposerver.tls.maxversion 1583 name: argocd-cmd-params-cm 1584 optional: true 1585 - name: ARGOCD_TLS_CIPHERS 1586 valueFrom: 1587 configMapKeyRef: 1588 key: reposerver.tls.ciphers 1589 name: argocd-cmd-params-cm 1590 optional: true 1591 - name: ARGOCD_REPO_CACHE_EXPIRATION 1592 valueFrom: 1593 configMapKeyRef: 1594 key: reposerver.repo.cache.expiration 1595 name: argocd-cmd-params-cm 1596 optional: true 1597 - name: REDIS_SERVER 1598 valueFrom: 1599 configMapKeyRef: 1600 key: redis.server 1601 name: argocd-cmd-params-cm 1602 optional: true 1603 - name: REDIS_COMPRESSION 1604 valueFrom: 1605 configMapKeyRef: 1606 key: redis.compression 1607 name: argocd-cmd-params-cm 1608 optional: true 1609 - name: REDISDB 1610 valueFrom: 1611 configMapKeyRef: 1612 key: redis.db 1613 name: argocd-cmd-params-cm 1614 optional: true 1615 - name: ARGOCD_DEFAULT_CACHE_EXPIRATION 1616 valueFrom: 1617 configMapKeyRef: 1618 key: reposerver.default.cache.expiration 1619 name: argocd-cmd-params-cm 1620 optional: true 1621 - name: ARGOCD_REPO_SERVER_OTLP_ADDRESS 1622 valueFrom: 1623 configMapKeyRef: 1624 key: otlp.address 1625 name: argocd-cmd-params-cm 1626 optional: true 1627 - name: ARGOCD_REPO_SERVER_OTLP_INSECURE 1628 valueFrom: 1629 configMapKeyRef: 1630 key: otlp.insecure 1631 name: argocd-cmd-params-cm 1632 optional: true 1633 - name: ARGOCD_REPO_SERVER_OTLP_HEADERS 1634 valueFrom: 1635 configMapKeyRef: 1636 key: otlp.headers 1637 name: argocd-cmd-params-cm 1638 optional: true 1639 - name: ARGOCD_REPO_SERVER_OTLP_ATTRS 1640 valueFrom: 1641 configMapKeyRef: 1642 key: otlp.attrs 1643 name: argocd-cmd-params-cm 1644 optional: true 1645 - name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE 1646 valueFrom: 1647 configMapKeyRef: 1648 key: reposerver.max.combined.directory.manifests.size 1649 name: argocd-cmd-params-cm 1650 optional: true 1651 - name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS 1652 valueFrom: 1653 configMapKeyRef: 1654 key: reposerver.plugin.tar.exclusions 1655 name: argocd-cmd-params-cm 1656 optional: true 1657 - name: ARGOCD_REPO_SERVER_PLUGIN_USE_MANIFEST_GENERATE_PATHS 1658 valueFrom: 1659 configMapKeyRef: 1660 key: reposerver.plugin.use.manifest.generate.paths 1661 name: argocd-cmd-params-cm 1662 optional: true 1663 - name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS 1664 valueFrom: 1665 configMapKeyRef: 1666 key: reposerver.allow.oob.symlinks 1667 name: argocd-cmd-params-cm 1668 optional: true 1669 - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE 1670 valueFrom: 1671 configMapKeyRef: 1672 key: reposerver.streamed.manifest.max.tar.size 1673 name: argocd-cmd-params-cm 1674 optional: true 1675 - name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE 1676 valueFrom: 1677 configMapKeyRef: 1678 key: reposerver.streamed.manifest.max.extracted.size 1679 name: argocd-cmd-params-cm 1680 optional: true 1681 - name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE 1682 valueFrom: 1683 configMapKeyRef: 1684 key: reposerver.helm.manifest.max.extracted.size 1685 name: argocd-cmd-params-cm 1686 optional: true 1687 - name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE 1688 valueFrom: 1689 configMapKeyRef: 1690 key: reposerver.disable.helm.manifest.max.extracted.size 1691 name: argocd-cmd-params-cm 1692 optional: true 1693 - name: ARGOCD_REPO_SERVER_OCI_MANIFEST_MAX_EXTRACTED_SIZE 1694 valueFrom: 1695 configMapKeyRef: 1696 key: reposerver.oci.manifest.max.extracted.size 1697 name: argocd-cmd-params-cm 1698 optional: true 1699 - name: ARGOCD_REPO_SERVER_DISABLE_OCI_MANIFEST_MAX_EXTRACTED_SIZE 1700 valueFrom: 1701 configMapKeyRef: 1702 key: reposerver.disable.oci.manifest.max.extracted.size 1703 name: argocd-cmd-params-cm 1704 optional: true 1705 - name: ARGOCD_REPO_SERVER_OCI_LAYER_MEDIA_TYPES 1706 valueFrom: 1707 configMapKeyRef: 1708 key: reposerver.oci.layer.media.types 1709 name: argocd-cmd-params-cm 1710 optional: true 1711 - name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT 1712 valueFrom: 1713 configMapKeyRef: 1714 key: reposerver.revision.cache.lock.timeout 1715 name: argocd-cmd-params-cm 1716 optional: true 1717 - name: ARGOCD_GIT_MODULES_ENABLED 1718 valueFrom: 1719 configMapKeyRef: 1720 key: reposerver.enable.git.submodule 1721 name: argocd-cmd-params-cm 1722 optional: true 1723 - name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT 1724 valueFrom: 1725 configMapKeyRef: 1726 key: reposerver.git.lsremote.parallelism.limit 1727 name: argocd-cmd-params-cm 1728 optional: true 1729 - name: ARGOCD_GIT_REQUEST_TIMEOUT 1730 valueFrom: 1731 configMapKeyRef: 1732 key: reposerver.git.request.timeout 1733 name: argocd-cmd-params-cm 1734 optional: true 1735 - name: ARGOCD_REPO_SERVER_ENABLE_BUILTIN_GIT_CONFIG 1736 valueFrom: 1737 configMapKeyRef: 1738 key: reposerver.enable.builtin.git.config 1739 name: argocd-cmd-params-cm 1740 optional: true 1741 - name: ARGOCD_GRPC_MAX_SIZE_MB 1742 valueFrom: 1743 configMapKeyRef: 1744 key: reposerver.grpc.max.size 1745 name: argocd-cmd-params-cm 1746 optional: true 1747 - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES 1748 valueFrom: 1749 configMapKeyRef: 1750 key: reposerver.include.hidden.directories 1751 name: argocd-cmd-params-cm 1752 optional: true 1753 - name: HELM_CACHE_HOME 1754 value: /helm-working-dir 1755 - name: HELM_CONFIG_HOME 1756 value: /helm-working-dir 1757 - name: HELM_DATA_HOME 1758 value: /helm-working-dir 1759 image: quay.io/argoproj/argocd:v3.2.1 1760 imagePullPolicy: Always 1761 livenessProbe: 1762 failureThreshold: 3 1763 httpGet: 1764 path: /healthz?full=true 1765 port: 8084 1766 initialDelaySeconds: 30 1767 periodSeconds: 30 1768 timeoutSeconds: 5 1769 name: argocd-repo-server 1770 ports: 1771 - containerPort: 8081 1772 - containerPort: 8084 1773 readinessProbe: 1774 httpGet: 1775 path: /healthz 1776 port: 8084 1777 initialDelaySeconds: 5 1778 periodSeconds: 10 1779 securityContext: 1780 allowPrivilegeEscalation: false 1781 capabilities: 1782 drop: 1783 - ALL 1784 readOnlyRootFilesystem: true 1785 runAsNonRoot: true 1786 seccompProfile: 1787 type: RuntimeDefault 1788 volumeMounts: 1789 - mountPath: /app/config/ssh 1790 name: ssh-known-hosts 1791 - mountPath: /app/config/tls 1792 name: tls-certs 1793 - mountPath: /app/config/gpg/source 1794 name: gpg-keys 1795 - mountPath: /app/config/gpg/keys 1796 name: gpg-keyring 1797 - mountPath: /app/config/reposerver/tls 1798 name: argocd-repo-server-tls 1799 - mountPath: /tmp 1800 name: tmp 1801 - mountPath: /helm-working-dir 1802 name: helm-working-dir 1803 - mountPath: /home/argocd/cmp-server/plugins 1804 name: plugins 1805 initContainers: 1806 - command: 1807 - /bin/cp 1808 - -n 1809 - /usr/local/bin/argocd 1810 - /var/run/argocd/argocd-cmp-server 1811 image: quay.io/argoproj/argocd:v3.2.1 1812 name: copyutil 1813 securityContext: 1814 allowPrivilegeEscalation: false 1815 capabilities: 1816 drop: 1817 - ALL 1818 readOnlyRootFilesystem: true 1819 runAsNonRoot: true 1820 seccompProfile: 1821 type: RuntimeDefault 1822 volumeMounts: 1823 - mountPath: /var/run/argocd 1824 name: var-files 1825 nodeSelector: 1826 kubernetes.io/os: linux 1827 serviceAccountName: argocd-repo-server 1828 volumes: 1829 - configMap: 1830 name: argocd-ssh-known-hosts-cm 1831 name: ssh-known-hosts 1832 - configMap: 1833 name: argocd-tls-certs-cm 1834 name: tls-certs 1835 - configMap: 1836 name: argocd-gpg-keys-cm 1837 name: gpg-keys 1838 - emptyDir: {} 1839 name: gpg-keyring 1840 - emptyDir: {} 1841 name: tmp 1842 - emptyDir: {} 1843 name: helm-working-dir 1844 - name: argocd-repo-server-tls 1845 secret: 1846 items: 1847 - key: tls.crt 1848 path: tls.crt 1849 - key: tls.key 1850 path: tls.key 1851 - key: ca.crt 1852 path: ca.crt 1853 optional: true 1854 secretName: argocd-repo-server-tls 1855 - emptyDir: {} 1856 name: var-files 1857 - emptyDir: {} 1858 name: plugins 1859 --- 1860 apiVersion: apps/v1 1861 kind: Deployment 1862 metadata: 1863 labels: 1864 app.kubernetes.io/component: server 1865 app.kubernetes.io/name: argocd-server 1866 app.kubernetes.io/part-of: argocd 1867 name: argocd-server 1868 spec: 1869 selector: 1870 matchLabels: 1871 app.kubernetes.io/name: argocd-server 1872 template: 1873 metadata: 1874 labels: 1875 app.kubernetes.io/name: argocd-server 1876 spec: 1877 affinity: 1878 podAntiAffinity: 1879 preferredDuringSchedulingIgnoredDuringExecution: 1880 - podAffinityTerm: 1881 labelSelector: 1882 matchLabels: 1883 app.kubernetes.io/name: argocd-server 1884 topologyKey: kubernetes.io/hostname 1885 weight: 100 1886 - podAffinityTerm: 1887 labelSelector: 1888 matchLabels: 1889 app.kubernetes.io/part-of: argocd 1890 topologyKey: kubernetes.io/hostname 1891 weight: 5 1892 containers: 1893 - args: 1894 - /usr/local/bin/argocd-server 1895 env: 1896 - name: REDIS_PASSWORD 1897 valueFrom: 1898 secretKeyRef: 1899 key: auth 1900 name: argocd-redis 1901 - name: ARGOCD_SERVER_INSECURE 1902 valueFrom: 1903 configMapKeyRef: 1904 key: server.insecure 1905 name: argocd-cmd-params-cm 1906 optional: true 1907 - name: ARGOCD_SERVER_BASEHREF 1908 valueFrom: 1909 configMapKeyRef: 1910 key: server.basehref 1911 name: argocd-cmd-params-cm 1912 optional: true 1913 - name: ARGOCD_SERVER_ROOTPATH 1914 valueFrom: 1915 configMapKeyRef: 1916 key: server.rootpath 1917 name: argocd-cmd-params-cm 1918 optional: true 1919 - name: ARGOCD_SERVER_LOGFORMAT 1920 valueFrom: 1921 configMapKeyRef: 1922 key: server.log.format 1923 name: argocd-cmd-params-cm 1924 optional: true 1925 - name: ARGOCD_SERVER_LOG_LEVEL 1926 valueFrom: 1927 configMapKeyRef: 1928 key: server.log.level 1929 name: argocd-cmd-params-cm 1930 optional: true 1931 - name: ARGOCD_SERVER_REPO_SERVER 1932 valueFrom: 1933 configMapKeyRef: 1934 key: repo.server 1935 name: argocd-cmd-params-cm 1936 optional: true 1937 - name: ARGOCD_SERVER_DEX_SERVER 1938 valueFrom: 1939 configMapKeyRef: 1940 key: server.dex.server 1941 name: argocd-cmd-params-cm 1942 optional: true 1943 - name: ARGOCD_SERVER_DISABLE_AUTH 1944 valueFrom: 1945 configMapKeyRef: 1946 key: server.disable.auth 1947 name: argocd-cmd-params-cm 1948 optional: true 1949 - name: ARGOCD_SERVER_ENABLE_GZIP 1950 valueFrom: 1951 configMapKeyRef: 1952 key: server.enable.gzip 1953 name: argocd-cmd-params-cm 1954 optional: true 1955 - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS 1956 valueFrom: 1957 configMapKeyRef: 1958 key: server.repo.server.timeout.seconds 1959 name: argocd-cmd-params-cm 1960 optional: true 1961 - name: ARGOCD_SERVER_X_FRAME_OPTIONS 1962 valueFrom: 1963 configMapKeyRef: 1964 key: server.x.frame.options 1965 name: argocd-cmd-params-cm 1966 optional: true 1967 - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY 1968 valueFrom: 1969 configMapKeyRef: 1970 key: server.content.security.policy 1971 name: argocd-cmd-params-cm 1972 optional: true 1973 - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT 1974 valueFrom: 1975 configMapKeyRef: 1976 key: server.repo.server.plaintext 1977 name: argocd-cmd-params-cm 1978 optional: true 1979 - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS 1980 valueFrom: 1981 configMapKeyRef: 1982 key: server.repo.server.strict.tls 1983 name: argocd-cmd-params-cm 1984 optional: true 1985 - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT 1986 valueFrom: 1987 configMapKeyRef: 1988 key: server.dex.server.plaintext 1989 name: argocd-cmd-params-cm 1990 optional: true 1991 - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS 1992 valueFrom: 1993 configMapKeyRef: 1994 key: server.dex.server.strict.tls 1995 name: argocd-cmd-params-cm 1996 optional: true 1997 - name: ARGOCD_TLS_MIN_VERSION 1998 valueFrom: 1999 configMapKeyRef: 2000 key: server.tls.minversion 2001 name: argocd-cmd-params-cm 2002 optional: true 2003 - name: ARGOCD_TLS_MAX_VERSION 2004 valueFrom: 2005 configMapKeyRef: 2006 key: server.tls.maxversion 2007 name: argocd-cmd-params-cm 2008 optional: true 2009 - name: ARGOCD_TLS_CIPHERS 2010 valueFrom: 2011 configMapKeyRef: 2012 key: server.tls.ciphers 2013 name: argocd-cmd-params-cm 2014 optional: true 2015 - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION 2016 valueFrom: 2017 configMapKeyRef: 2018 key: server.connection.status.cache.expiration 2019 name: argocd-cmd-params-cm 2020 optional: true 2021 - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION 2022 valueFrom: 2023 configMapKeyRef: 2024 key: server.oidc.cache.expiration 2025 name: argocd-cmd-params-cm 2026 optional: true 2027 - name: ARGOCD_SERVER_STATIC_ASSETS 2028 valueFrom: 2029 configMapKeyRef: 2030 key: server.staticassets 2031 name: argocd-cmd-params-cm 2032 optional: true 2033 - name: ARGOCD_APP_STATE_CACHE_EXPIRATION 2034 valueFrom: 2035 configMapKeyRef: 2036 key: server.app.state.cache.expiration 2037 name: argocd-cmd-params-cm 2038 optional: true 2039 - name: REDIS_SERVER 2040 valueFrom: 2041 configMapKeyRef: 2042 key: redis.server 2043 name: argocd-cmd-params-cm 2044 optional: true 2045 - name: REDIS_COMPRESSION 2046 valueFrom: 2047 configMapKeyRef: 2048 key: redis.compression 2049 name: argocd-cmd-params-cm 2050 optional: true 2051 - name: REDISDB 2052 valueFrom: 2053 configMapKeyRef: 2054 key: redis.db 2055 name: argocd-cmd-params-cm 2056 optional: true 2057 - name: ARGOCD_DEFAULT_CACHE_EXPIRATION 2058 valueFrom: 2059 configMapKeyRef: 2060 key: server.default.cache.expiration 2061 name: argocd-cmd-params-cm 2062 optional: true 2063 - name: ARGOCD_MAX_COOKIE_NUMBER 2064 valueFrom: 2065 configMapKeyRef: 2066 key: server.http.cookie.maxnumber 2067 name: argocd-cmd-params-cm 2068 optional: true 2069 - name: ARGOCD_SERVER_LISTEN_ADDRESS 2070 valueFrom: 2071 configMapKeyRef: 2072 key: server.listen.address 2073 name: argocd-cmd-params-cm 2074 optional: true 2075 - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS 2076 valueFrom: 2077 configMapKeyRef: 2078 key: server.metrics.listen.address 2079 name: argocd-cmd-params-cm 2080 optional: true 2081 - name: ARGOCD_SERVER_OTLP_ADDRESS 2082 valueFrom: 2083 configMapKeyRef: 2084 key: otlp.address 2085 name: argocd-cmd-params-cm 2086 optional: true 2087 - name: ARGOCD_SERVER_OTLP_INSECURE 2088 valueFrom: 2089 configMapKeyRef: 2090 key: otlp.insecure 2091 name: argocd-cmd-params-cm 2092 optional: true 2093 - name: ARGOCD_SERVER_OTLP_HEADERS 2094 valueFrom: 2095 configMapKeyRef: 2096 key: otlp.headers 2097 name: argocd-cmd-params-cm 2098 optional: true 2099 - name: ARGOCD_SERVER_OTLP_ATTRS 2100 valueFrom: 2101 configMapKeyRef: 2102 key: otlp.attrs 2103 name: argocd-cmd-params-cm 2104 optional: true 2105 - name: ARGOCD_APPLICATION_NAMESPACES 2106 valueFrom: 2107 configMapKeyRef: 2108 key: application.namespaces 2109 name: argocd-cmd-params-cm 2110 optional: true 2111 - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION 2112 valueFrom: 2113 configMapKeyRef: 2114 key: server.enable.proxy.extension 2115 name: argocd-cmd-params-cm 2116 optional: true 2117 - name: ARGOCD_K8SCLIENT_RETRY_MAX 2118 valueFrom: 2119 configMapKeyRef: 2120 key: server.k8sclient.retry.max 2121 name: argocd-cmd-params-cm 2122 optional: true 2123 - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF 2124 valueFrom: 2125 configMapKeyRef: 2126 key: server.k8sclient.retry.base.backoff 2127 name: argocd-cmd-params-cm 2128 optional: true 2129 - name: ARGOCD_API_CONTENT_TYPES 2130 valueFrom: 2131 configMapKeyRef: 2132 key: server.api.content.types 2133 name: argocd-cmd-params-cm 2134 optional: true 2135 - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT 2136 valueFrom: 2137 configMapKeyRef: 2138 key: server.webhook.parallelism.limit 2139 name: argocd-cmd-params-cm 2140 optional: true 2141 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING 2142 valueFrom: 2143 configMapKeyRef: 2144 key: applicationsetcontroller.enable.new.git.file.globbing 2145 name: argocd-cmd-params-cm 2146 optional: true 2147 - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH 2148 valueFrom: 2149 configMapKeyRef: 2150 key: applicationsetcontroller.scm.root.ca.path 2151 name: argocd-cmd-params-cm 2152 optional: true 2153 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS 2154 valueFrom: 2155 configMapKeyRef: 2156 key: applicationsetcontroller.allowed.scm.providers 2157 name: argocd-cmd-params-cm 2158 optional: true 2159 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS 2160 valueFrom: 2161 configMapKeyRef: 2162 key: applicationsetcontroller.enable.scm.providers 2163 name: argocd-cmd-params-cm 2164 optional: true 2165 - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_GITHUB_API_METRICS 2166 valueFrom: 2167 configMapKeyRef: 2168 key: applicationsetcontroller.enable.github.api.metrics 2169 name: argocd-cmd-params-cm 2170 optional: true 2171 - name: ARGOCD_HYDRATOR_ENABLED 2172 valueFrom: 2173 configMapKeyRef: 2174 key: hydrator.enabled 2175 name: argocd-cmd-params-cm 2176 optional: true 2177 - name: ARGOCD_SYNC_WITH_REPLACE_ALLOWED 2178 valueFrom: 2179 configMapKeyRef: 2180 key: server.sync.replace.allowed 2181 name: argocd-cmd-params-cm 2182 optional: true 2183 image: quay.io/argoproj/argocd:v3.2.1 2184 imagePullPolicy: Always 2185 livenessProbe: 2186 httpGet: 2187 path: /healthz?full=true 2188 port: 8080 2189 initialDelaySeconds: 3 2190 periodSeconds: 30 2191 timeoutSeconds: 5 2192 name: argocd-server 2193 ports: 2194 - containerPort: 8080 2195 - containerPort: 8083 2196 readinessProbe: 2197 httpGet: 2198 path: /healthz 2199 port: 8080 2200 initialDelaySeconds: 3 2201 periodSeconds: 30 2202 securityContext: 2203 allowPrivilegeEscalation: false 2204 capabilities: 2205 drop: 2206 - ALL 2207 readOnlyRootFilesystem: true 2208 runAsNonRoot: true 2209 seccompProfile: 2210 type: RuntimeDefault 2211 volumeMounts: 2212 - mountPath: /app/config/ssh 2213 name: ssh-known-hosts 2214 - mountPath: /app/config/tls 2215 name: tls-certs 2216 - mountPath: /app/config/server/tls 2217 name: argocd-repo-server-tls 2218 - mountPath: /app/config/dex/tls 2219 name: argocd-dex-server-tls 2220 - mountPath: /home/argocd 2221 name: plugins-home 2222 - mountPath: /tmp 2223 name: tmp 2224 - mountPath: /home/argocd/params 2225 name: argocd-cmd-params-cm 2226 nodeSelector: 2227 kubernetes.io/os: linux 2228 serviceAccountName: argocd-server 2229 volumes: 2230 - emptyDir: {} 2231 name: plugins-home 2232 - emptyDir: {} 2233 name: tmp 2234 - configMap: 2235 name: argocd-ssh-known-hosts-cm 2236 name: ssh-known-hosts 2237 - configMap: 2238 name: argocd-tls-certs-cm 2239 name: tls-certs 2240 - name: argocd-repo-server-tls 2241 secret: 2242 items: 2243 - key: tls.crt 2244 path: tls.crt 2245 - key: tls.key 2246 path: tls.key 2247 - key: ca.crt 2248 path: ca.crt 2249 optional: true 2250 secretName: argocd-repo-server-tls 2251 - name: argocd-dex-server-tls 2252 secret: 2253 items: 2254 - key: tls.crt 2255 path: tls.crt 2256 - key: ca.crt 2257 path: ca.crt 2258 optional: true 2259 secretName: argocd-dex-server-tls 2260 - configMap: 2261 items: 2262 - key: server.profile.enabled 2263 path: profiler.enabled 2264 name: argocd-cmd-params-cm 2265 optional: true 2266 name: argocd-cmd-params-cm 2267 --- 2268 apiVersion: apps/v1 2269 kind: StatefulSet 2270 metadata: 2271 labels: 2272 app.kubernetes.io/component: application-controller 2273 app.kubernetes.io/name: argocd-application-controller 2274 app.kubernetes.io/part-of: argocd 2275 name: argocd-application-controller 2276 spec: 2277 replicas: 1 2278 selector: 2279 matchLabels: 2280 app.kubernetes.io/name: argocd-application-controller 2281 serviceName: argocd-application-controller 2282 template: 2283 metadata: 2284 labels: 2285 app.kubernetes.io/name: argocd-application-controller 2286 spec: 2287 affinity: 2288 podAntiAffinity: 2289 preferredDuringSchedulingIgnoredDuringExecution: 2290 - podAffinityTerm: 2291 labelSelector: 2292 matchLabels: 2293 app.kubernetes.io/name: argocd-application-controller 2294 topologyKey: kubernetes.io/hostname 2295 weight: 100 2296 - podAffinityTerm: 2297 labelSelector: 2298 matchLabels: 2299 app.kubernetes.io/part-of: argocd 2300 topologyKey: kubernetes.io/hostname 2301 weight: 5 2302 containers: 2303 - args: 2304 - /usr/local/bin/argocd-application-controller 2305 env: 2306 - name: REDIS_PASSWORD 2307 valueFrom: 2308 secretKeyRef: 2309 key: auth 2310 name: argocd-redis 2311 - name: ARGOCD_CONTROLLER_REPLICAS 2312 value: "1" 2313 - name: ARGOCD_RECONCILIATION_TIMEOUT 2314 valueFrom: 2315 configMapKeyRef: 2316 key: timeout.reconciliation 2317 name: argocd-cm 2318 optional: true 2319 - name: ARGOCD_HARD_RECONCILIATION_TIMEOUT 2320 valueFrom: 2321 configMapKeyRef: 2322 key: timeout.hard.reconciliation 2323 name: argocd-cm 2324 optional: true 2325 - name: ARGOCD_RECONCILIATION_JITTER 2326 valueFrom: 2327 configMapKeyRef: 2328 key: timeout.reconciliation.jitter 2329 name: argocd-cm 2330 optional: true 2331 - name: ARGOCD_REPO_ERROR_GRACE_PERIOD_SECONDS 2332 valueFrom: 2333 configMapKeyRef: 2334 key: controller.repo.error.grace.period.seconds 2335 name: argocd-cmd-params-cm 2336 optional: true 2337 - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER 2338 valueFrom: 2339 configMapKeyRef: 2340 key: repo.server 2341 name: argocd-cmd-params-cm 2342 optional: true 2343 - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_TIMEOUT_SECONDS 2344 valueFrom: 2345 configMapKeyRef: 2346 key: controller.repo.server.timeout.seconds 2347 name: argocd-cmd-params-cm 2348 optional: true 2349 - name: ARGOCD_APPLICATION_CONTROLLER_STATUS_PROCESSORS 2350 valueFrom: 2351 configMapKeyRef: 2352 key: controller.status.processors 2353 name: argocd-cmd-params-cm 2354 optional: true 2355 - name: ARGOCD_APPLICATION_CONTROLLER_OPERATION_PROCESSORS 2356 valueFrom: 2357 configMapKeyRef: 2358 key: controller.operation.processors 2359 name: argocd-cmd-params-cm 2360 optional: true 2361 - name: ARGOCD_APPLICATION_CONTROLLER_LOGFORMAT 2362 valueFrom: 2363 configMapKeyRef: 2364 key: controller.log.format 2365 name: argocd-cmd-params-cm 2366 optional: true 2367 - name: ARGOCD_APPLICATION_CONTROLLER_LOGLEVEL 2368 valueFrom: 2369 configMapKeyRef: 2370 key: controller.log.level 2371 name: argocd-cmd-params-cm 2372 optional: true 2373 - name: ARGOCD_LOG_FORMAT_TIMESTAMP 2374 valueFrom: 2375 configMapKeyRef: 2376 key: log.format.timestamp 2377 name: argocd-cmd-params-cm 2378 optional: true 2379 - name: ARGOCD_APPLICATION_CONTROLLER_METRICS_CACHE_EXPIRATION 2380 valueFrom: 2381 configMapKeyRef: 2382 key: controller.metrics.cache.expiration 2383 name: argocd-cmd-params-cm 2384 optional: true 2385 - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_TIMEOUT_SECONDS 2386 valueFrom: 2387 configMapKeyRef: 2388 key: controller.self.heal.timeout.seconds 2389 name: argocd-cmd-params-cm 2390 optional: true 2391 - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_TIMEOUT_SECONDS 2392 valueFrom: 2393 configMapKeyRef: 2394 key: controller.self.heal.backoff.timeout.seconds 2395 name: argocd-cmd-params-cm 2396 optional: true 2397 - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_FACTOR 2398 valueFrom: 2399 configMapKeyRef: 2400 key: controller.self.heal.backoff.factor 2401 name: argocd-cmd-params-cm 2402 optional: true 2403 - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_CAP_SECONDS 2404 valueFrom: 2405 configMapKeyRef: 2406 key: controller.self.heal.backoff.cap.seconds 2407 name: argocd-cmd-params-cm 2408 optional: true 2409 - name: ARGOCD_APPLICATION_CONTROLLER_SELF_HEAL_BACKOFF_COOLDOWN_SECONDS 2410 valueFrom: 2411 configMapKeyRef: 2412 key: controller.self.heal.backoff.cooldown.seconds 2413 name: argocd-cmd-params-cm 2414 optional: true 2415 - name: ARGOCD_SYNC_WAVE_DELAY 2416 valueFrom: 2417 configMapKeyRef: 2418 key: controller.sync.wave.delay.seconds 2419 name: argocd-cmd-params-cm 2420 optional: true 2421 - name: ARGOCD_APPLICATION_CONTROLLER_SYNC_TIMEOUT 2422 valueFrom: 2423 configMapKeyRef: 2424 key: controller.sync.timeout.seconds 2425 name: argocd-cmd-params-cm 2426 optional: true 2427 - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_PLAINTEXT 2428 valueFrom: 2429 configMapKeyRef: 2430 key: controller.repo.server.plaintext 2431 name: argocd-cmd-params-cm 2432 optional: true 2433 - name: ARGOCD_APPLICATION_CONTROLLER_REPO_SERVER_STRICT_TLS 2434 valueFrom: 2435 configMapKeyRef: 2436 key: controller.repo.server.strict.tls 2437 name: argocd-cmd-params-cm 2438 optional: true 2439 - name: ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH 2440 valueFrom: 2441 configMapKeyRef: 2442 key: controller.resource.health.persist 2443 name: argocd-cmd-params-cm 2444 optional: true 2445 - name: ARGOCD_APP_STATE_CACHE_EXPIRATION 2446 valueFrom: 2447 configMapKeyRef: 2448 key: controller.app.state.cache.expiration 2449 name: argocd-cmd-params-cm 2450 optional: true 2451 - name: REDIS_SERVER 2452 valueFrom: 2453 configMapKeyRef: 2454 key: redis.server 2455 name: argocd-cmd-params-cm 2456 optional: true 2457 - name: REDIS_COMPRESSION 2458 valueFrom: 2459 configMapKeyRef: 2460 key: redis.compression 2461 name: argocd-cmd-params-cm 2462 optional: true 2463 - name: REDISDB 2464 valueFrom: 2465 configMapKeyRef: 2466 key: redis.db 2467 name: argocd-cmd-params-cm 2468 optional: true 2469 - name: ARGOCD_DEFAULT_CACHE_EXPIRATION 2470 valueFrom: 2471 configMapKeyRef: 2472 key: controller.default.cache.expiration 2473 name: argocd-cmd-params-cm 2474 optional: true 2475 - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ADDRESS 2476 valueFrom: 2477 configMapKeyRef: 2478 key: otlp.address 2479 name: argocd-cmd-params-cm 2480 optional: true 2481 - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_INSECURE 2482 valueFrom: 2483 configMapKeyRef: 2484 key: otlp.insecure 2485 name: argocd-cmd-params-cm 2486 optional: true 2487 - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_HEADERS 2488 valueFrom: 2489 configMapKeyRef: 2490 key: otlp.headers 2491 name: argocd-cmd-params-cm 2492 optional: true 2493 - name: ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS 2494 valueFrom: 2495 configMapKeyRef: 2496 key: otlp.attrs 2497 name: argocd-cmd-params-cm 2498 optional: true 2499 - name: ARGOCD_APPLICATION_NAMESPACES 2500 valueFrom: 2501 configMapKeyRef: 2502 key: application.namespaces 2503 name: argocd-cmd-params-cm 2504 optional: true 2505 - name: ARGOCD_CONTROLLER_SHARDING_ALGORITHM 2506 valueFrom: 2507 configMapKeyRef: 2508 key: controller.sharding.algorithm 2509 name: argocd-cmd-params-cm 2510 optional: true 2511 - name: ARGOCD_APPLICATION_CONTROLLER_KUBECTL_PARALLELISM_LIMIT 2512 valueFrom: 2513 configMapKeyRef: 2514 key: controller.kubectl.parallelism.limit 2515 name: argocd-cmd-params-cm 2516 optional: true 2517 - name: ARGOCD_K8SCLIENT_RETRY_MAX 2518 valueFrom: 2519 configMapKeyRef: 2520 key: controller.k8sclient.retry.max 2521 name: argocd-cmd-params-cm 2522 optional: true 2523 - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF 2524 valueFrom: 2525 configMapKeyRef: 2526 key: controller.k8sclient.retry.base.backoff 2527 name: argocd-cmd-params-cm 2528 optional: true 2529 - name: ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF 2530 valueFrom: 2531 configMapKeyRef: 2532 key: controller.diff.server.side 2533 name: argocd-cmd-params-cm 2534 optional: true 2535 - name: ARGOCD_IGNORE_NORMALIZER_JQ_TIMEOUT 2536 valueFrom: 2537 configMapKeyRef: 2538 key: controller.ignore.normalizer.jq.timeout 2539 name: argocd-cmd-params-cm 2540 optional: true 2541 - name: ARGOCD_HYDRATOR_ENABLED 2542 valueFrom: 2543 configMapKeyRef: 2544 key: hydrator.enabled 2545 name: argocd-cmd-params-cm 2546 optional: true 2547 - name: ARGOCD_CLUSTER_CACHE_BATCH_EVENTS_PROCESSING 2548 valueFrom: 2549 configMapKeyRef: 2550 key: controller.cluster.cache.batch.events.processing 2551 name: argocd-cmd-params-cm 2552 optional: true 2553 - name: ARGOCD_CLUSTER_CACHE_EVENTS_PROCESSING_INTERVAL 2554 valueFrom: 2555 configMapKeyRef: 2556 key: controller.cluster.cache.events.processing.interval 2557 name: argocd-cmd-params-cm 2558 optional: true 2559 - name: ARGOCD_APPLICATION_CONTROLLER_COMMIT_SERVER 2560 valueFrom: 2561 configMapKeyRef: 2562 key: commit.server 2563 name: argocd-cmd-params-cm 2564 optional: true 2565 - name: KUBECACHEDIR 2566 value: /tmp/kubecache 2567 image: quay.io/argoproj/argocd:v3.2.1 2568 imagePullPolicy: Always 2569 name: argocd-application-controller 2570 ports: 2571 - containerPort: 8082 2572 readinessProbe: 2573 httpGet: 2574 path: /healthz 2575 port: 8082 2576 initialDelaySeconds: 5 2577 periodSeconds: 10 2578 securityContext: 2579 allowPrivilegeEscalation: false 2580 capabilities: 2581 drop: 2582 - ALL 2583 readOnlyRootFilesystem: true 2584 runAsNonRoot: true 2585 seccompProfile: 2586 type: RuntimeDefault 2587 volumeMounts: 2588 - mountPath: /app/config/controller/tls 2589 name: argocd-repo-server-tls 2590 - mountPath: /home/argocd 2591 name: argocd-home 2592 - mountPath: /home/argocd/params 2593 name: argocd-cmd-params-cm 2594 - mountPath: /tmp 2595 name: argocd-application-controller-tmp 2596 workingDir: /home/argocd 2597 nodeSelector: 2598 kubernetes.io/os: linux 2599 serviceAccountName: argocd-application-controller 2600 volumes: 2601 - emptyDir: {} 2602 name: argocd-home 2603 - emptyDir: {} 2604 name: argocd-application-controller-tmp 2605 - name: argocd-repo-server-tls 2606 secret: 2607 items: 2608 - key: tls.crt 2609 path: tls.crt 2610 - key: tls.key 2611 path: tls.key 2612 - key: ca.crt 2613 path: ca.crt 2614 optional: true 2615 secretName: argocd-repo-server-tls 2616 - configMap: 2617 items: 2618 - key: controller.profile.enabled 2619 path: profiler.enabled 2620 name: argocd-cmd-params-cm 2621 optional: true 2622 name: argocd-cmd-params-cm 2623 --- 2624 apiVersion: networking.k8s.io/v1 2625 kind: NetworkPolicy 2626 metadata: 2627 labels: 2628 app.kubernetes.io/component: application-controller 2629 app.kubernetes.io/name: argocd-application-controller 2630 app.kubernetes.io/part-of: argocd 2631 name: argocd-application-controller-network-policy 2632 spec: 2633 ingress: 2634 - from: 2635 - namespaceSelector: {} 2636 ports: 2637 - port: 8082 2638 podSelector: 2639 matchLabels: 2640 app.kubernetes.io/name: argocd-application-controller 2641 policyTypes: 2642 - Ingress 2643 --- 2644 apiVersion: networking.k8s.io/v1 2645 kind: NetworkPolicy 2646 metadata: 2647 labels: 2648 app.kubernetes.io/component: applicationset-controller 2649 app.kubernetes.io/name: argocd-applicationset-controller 2650 app.kubernetes.io/part-of: argocd 2651 name: argocd-applicationset-controller-network-policy 2652 spec: 2653 ingress: 2654 - from: 2655 - namespaceSelector: {} 2656 ports: 2657 - port: 7000 2658 protocol: TCP 2659 - port: 8080 2660 protocol: TCP 2661 podSelector: 2662 matchLabels: 2663 app.kubernetes.io/name: argocd-applicationset-controller 2664 policyTypes: 2665 - Ingress 2666 --- 2667 apiVersion: networking.k8s.io/v1 2668 kind: NetworkPolicy 2669 metadata: 2670 labels: 2671 app.kubernetes.io/component: commit-server 2672 app.kubernetes.io/name: argocd-commit-server 2673 app.kubernetes.io/part-of: argocd 2674 name: argocd-commit-server-network-policy 2675 spec: 2676 ingress: 2677 - from: 2678 - podSelector: 2679 matchLabels: 2680 app.kubernetes.io/name: argocd-application-controller 2681 ports: 2682 - port: 8086 2683 protocol: TCP 2684 - from: 2685 - namespaceSelector: {} 2686 ports: 2687 - port: 8087 2688 podSelector: 2689 matchLabels: 2690 app.kubernetes.io/name: argocd-commit-server 2691 policyTypes: 2692 - Ingress 2693 --- 2694 apiVersion: networking.k8s.io/v1 2695 kind: NetworkPolicy 2696 metadata: 2697 labels: 2698 app.kubernetes.io/component: dex-server 2699 app.kubernetes.io/name: argocd-dex-server 2700 app.kubernetes.io/part-of: argocd 2701 name: argocd-dex-server-network-policy 2702 spec: 2703 ingress: 2704 - from: 2705 - podSelector: 2706 matchLabels: 2707 app.kubernetes.io/name: argocd-server 2708 ports: 2709 - port: 5556 2710 protocol: TCP 2711 - port: 5557 2712 protocol: TCP 2713 - from: 2714 - namespaceSelector: {} 2715 ports: 2716 - port: 5558 2717 protocol: TCP 2718 podSelector: 2719 matchLabels: 2720 app.kubernetes.io/name: argocd-dex-server 2721 policyTypes: 2722 - Ingress 2723 --- 2724 apiVersion: networking.k8s.io/v1 2725 kind: NetworkPolicy 2726 metadata: 2727 labels: 2728 app.kubernetes.io/component: notifications-controller 2729 app.kubernetes.io/name: argocd-notifications-controller 2730 app.kubernetes.io/part-of: argocd 2731 name: argocd-notifications-controller-network-policy 2732 spec: 2733 ingress: 2734 - from: 2735 - namespaceSelector: {} 2736 ports: 2737 - port: 9001 2738 protocol: TCP 2739 podSelector: 2740 matchLabels: 2741 app.kubernetes.io/name: argocd-notifications-controller 2742 policyTypes: 2743 - Ingress 2744 --- 2745 apiVersion: networking.k8s.io/v1 2746 kind: NetworkPolicy 2747 metadata: 2748 labels: 2749 app.kubernetes.io/component: redis 2750 app.kubernetes.io/name: argocd-redis 2751 app.kubernetes.io/part-of: argocd 2752 name: argocd-redis-network-policy 2753 spec: 2754 ingress: 2755 - from: 2756 - podSelector: 2757 matchLabels: 2758 app.kubernetes.io/name: argocd-server 2759 - podSelector: 2760 matchLabels: 2761 app.kubernetes.io/name: argocd-repo-server 2762 - podSelector: 2763 matchLabels: 2764 app.kubernetes.io/name: argocd-application-controller 2765 ports: 2766 - port: 6379 2767 protocol: TCP 2768 podSelector: 2769 matchLabels: 2770 app.kubernetes.io/name: argocd-redis 2771 policyTypes: 2772 - Ingress 2773 --- 2774 apiVersion: networking.k8s.io/v1 2775 kind: NetworkPolicy 2776 metadata: 2777 labels: 2778 app.kubernetes.io/component: repo-server 2779 app.kubernetes.io/name: argocd-repo-server 2780 app.kubernetes.io/part-of: argocd 2781 name: argocd-repo-server-network-policy 2782 spec: 2783 ingress: 2784 - from: 2785 - podSelector: 2786 matchLabels: 2787 app.kubernetes.io/name: argocd-server 2788 - podSelector: 2789 matchLabels: 2790 app.kubernetes.io/name: argocd-application-controller 2791 - podSelector: 2792 matchLabels: 2793 app.kubernetes.io/name: argocd-notifications-controller 2794 - podSelector: 2795 matchLabels: 2796 app.kubernetes.io/name: argocd-applicationset-controller 2797 ports: 2798 - port: 8081 2799 protocol: TCP 2800 - from: 2801 - namespaceSelector: {} 2802 ports: 2803 - port: 8084 2804 podSelector: 2805 matchLabels: 2806 app.kubernetes.io/name: argocd-repo-server 2807 policyTypes: 2808 - Ingress 2809 --- 2810 apiVersion: networking.k8s.io/v1 2811 kind: NetworkPolicy 2812 metadata: 2813 labels: 2814 app.kubernetes.io/component: server 2815 app.kubernetes.io/name: argocd-server 2816 app.kubernetes.io/part-of: argocd 2817 name: argocd-server-network-policy 2818 spec: 2819 ingress: 2820 - {} 2821 podSelector: 2822 matchLabels: 2823 app.kubernetes.io/name: argocd-server 2824 policyTypes: 2825 - Ingress